refactor(oidc-client): move Micro helpers into micros.ts; utils.ts holds only pure utilities

Establish the convention: any function returning a Micro lives in
authorize.request.micros.ts and ends in µ. authorize.request.utils.ts now
contains only pure stateless utilities (type guards, error converters, URL
builders) with no dependency on the Effect library.

Author: ryanbas21

packages/oidc-client/src/lib/authorize.request.micros.test.ts

@@ -11,18 +11,16 @@ import * as sdkOidc from '@forgerock/sdk-oidc';
 import * as sdkUtilities from '@forgerock/sdk-utilities';
 
 import {
-  buildParBody,
-  validateParResponse,
-  handleDispatchError,
-  createAuthorizeUrlMicro,
-} from './authorize.request.utils.js';
-import {
+  buildParBodyµ,
   buildParSlimUrlµ,
+  createAuthorizeUrlµ,
   dispatchAuthorizeFetchµ,
   dispatchAuthorizeIframeµ,
   generateAuthValuesµ,
   generatePkceChallengeµ,
+  handleDispatchErrorµ,
   storeAuthOptionsµ,
+  validateParResponseµ,
 } from './authorize.request.micros.js';
 
 import type { OidcConfig } from './config.types.js';
@@ -114,11 +112,11 @@ it.effect('generatePkceChallengeµ fails with auth_error when createChallenge th
   }),
 );
 
-// ─── buildParBody ─────────────────────────────────────────────────────────────
+// ─── buildParBodyµ ─────────────────────────────────────────────────────────────
 
-it.effect('buildParBody returns URLSearchParams with expected fields', () =>
+it.effect('buildParBodyµ returns URLSearchParams with expected fields', () =>
   Micro.gen(function* () {
-    const params = yield* buildParBody(config, {}, 'challenge-abc', 'state-xyz');
+    const params = yield* buildParBodyµ(config, {}, 'challenge-abc', 'state-xyz');
     expect(params.get('client_id')).toBe(clientId);
     expect(params.get('code_challenge')).toBe('challenge-abc');
     expect(params.get('state')).toBe('state-xyz');
@@ -127,19 +125,19 @@ it.effect('buildParBody returns URLSearchParams with expected fields', () =>
   }),
 );
 
-it.effect('buildParBody includes prompt when provided', () =>
+it.effect('buildParBodyµ includes prompt when provided', () =>
   Micro.gen(function* () {
-    const params = yield* buildParBody(config, {}, 'challenge-abc', 'state-xyz', 'login');
+    const params = yield* buildParBodyµ(config, {}, 'challenge-abc', 'state-xyz', 'login');
     expect(params.get('prompt')).toBe('login');
   }),
 );
 
-it.effect('buildParBody fails with auth_error when buildAuthorizeParams throws', () =>
+it.effect('buildParBodyµ fails with auth_error when buildAuthorizeParams throws', () =>
   Micro.gen(function* () {
     vi.spyOn(sdkOidc, 'buildAuthorizeParams').mockImplementation(() => {
       throw new Error('build failed');
     });
-    const exit = yield* Micro.exit(buildParBody(config, {}, 'ch', 'st'));
+    const exit = yield* Micro.exit(buildParBodyµ(config, {}, 'ch', 'st'));
     expect(Micro.exitIsFailure(exit)).toBe(true);
     if (!Micro.exitIsFailure(exit) || !Micro.causeIsFail(exit.cause)) return;
     expect(exit.cause.error.type).toBe('auth_error');
@@ -199,21 +197,21 @@ it.effect('storeAuthOptionsµ fails with unknown_error when store function throw
   }),
 );
 
-// ─── validateParResponse ──────────────────────────────────────────────────────
+// ─── validateParResponseµ ──────────────────────────────────────────────────────
 
-it.effect('validateParResponse succeeds when request_uri is present', () =>
+it.effect('validateParResponseµ succeeds when request_uri is present', () =>
   Micro.gen(function* () {
-    const result = yield* validateParResponse({
+    const result = yield* validateParResponseµ({
       data: { request_uri: 'urn:ietf:params:oauth:request_uri:xyz', expires_in: 60 },
     });
     expect(result.request_uri).toBe('urn:ietf:params:oauth:request_uri:xyz');
   }),
 );
 
-it.effect('validateParResponse fails with network_error on RTK error', () =>
+it.effect('validateParResponseµ fails with network_error on RTK error', () =>
   Micro.gen(function* () {
     const exit = yield* Micro.exit(
-      validateParResponse({
+      validateParResponseµ({
         error: {
           status: 400,
           data: { error: 'invalid_client', error_description: 'bad creds', type: 'auth_error' },
@@ -226,19 +224,19 @@ it.effect('validateParResponse fails with network_error on RTK error', () =>
   }),
 );
 
-it.effect('validateParResponse fails with network_error when request_uri is absent', () =>
+it.effect('validateParResponseµ fails with network_error when request_uri is absent', () =>
   Micro.gen(function* () {
-    const exit = yield* Micro.exit(validateParResponse({ data: { expires_in: 60 } }));
+    const exit = yield* Micro.exit(validateParResponseµ({ data: { expires_in: 60 } }));
     expect(Micro.exitIsFailure(exit)).toBe(true);
     if (!Micro.exitIsFailure(exit) || !Micro.causeIsFail(exit.cause)) return;
     expect(exit.cause.error.type).toBe('network_error');
     expect(exit.cause.error.error_description).toContain('request_uri');
   }),
 );
 
-// ─── createAuthorizeUrlMicro ──────────────────────────────────────────────────
+// ─── createAuthorizeUrlµ ──────────────────────────────────────────────────
 
-it.effect('createAuthorizeUrlMicro returns [url, options] tuple', () =>
+it.effect('createAuthorizeUrlµ returns [url, options] tuple', () =>
   Micro.gen(function* () {
     vi.stubGlobal('sessionStorage', sessionStorageStub);
     const opts = {
@@ -252,20 +250,17 @@ it.effect('createAuthorizeUrlMicro returns [url, options] tuple', () =>
     vi.spyOn(sdkOidc, 'createAuthorizeUrl').mockResolvedValue(
       'https://example.com/authorize?foo=bar',
     );
-    const [url, returnedOpts] = yield* createAuthorizeUrlMicro(
-      wellknown.authorization_endpoint,
-      opts,
-    );
+    const [url, returnedOpts] = yield* createAuthorizeUrlµ(wellknown.authorization_endpoint, opts);
     expect(url).toBe('https://example.com/authorize?foo=bar');
     expect(returnedOpts).toBe(opts);
   }),
 );
 
-it.effect('createAuthorizeUrlMicro fails with auth_error when createAuthorizeUrl rejects', () =>
+it.effect('createAuthorizeUrlµ fails with auth_error when createAuthorizeUrl rejects', () =>
   Micro.gen(function* () {
     vi.spyOn(sdkOidc, 'createAuthorizeUrl').mockRejectedValue(new Error('url build failed'));
     const exit = yield* Micro.exit(
-      createAuthorizeUrlMicro(wellknown.authorization_endpoint, {
+      createAuthorizeUrlµ(wellknown.authorization_endpoint, {
         clientId,
         redirectUri,
         scope,
@@ -279,12 +274,12 @@ it.effect('createAuthorizeUrlMicro fails with auth_error when createAuthorizeUrl
   }),
 );
 
-// ─── handleDispatchError ──────────────────────────────────────────────────────
+// ─── handleDispatchErrorµ ──────────────────────────────────────────────────────
 
-it.effect('handleDispatchError fails immediately for CONFIGURATION_ERROR', () =>
+it.effect('handleDispatchErrorµ fails immediately for CONFIGURATION_ERROR', () =>
   Micro.gen(function* () {
     const exit = yield* Micro.exit(
-      handleDispatchError(
+      handleDispatchErrorµ(
         {
           status: 'CUSTOM_ERROR',
           statusText: 'CONFIGURATION_ERROR',
@@ -301,13 +296,13 @@ it.effect('handleDispatchError fails immediately for CONFIGURATION_ERROR', () =>
   }),
 );
 
-it.effect('handleDispatchError builds redirect URL for non-config errors', () =>
+it.effect('handleDispatchErrorµ builds redirect URL for non-config errors', () =>
   Micro.gen(function* () {
     vi.spyOn(sdkOidc, 'createAuthorizeUrl').mockResolvedValue(
       'https://example.com/authorize?error=login_required',
     );
     const exit = yield* Micro.exit(
-      handleDispatchError(
+      handleDispatchErrorµ(
         {
           status: 400,
           data: {

packages/oidc-client/src/lib/authorize.request.micros.ts

@@ -4,13 +4,19 @@
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
  */
-import { generateAndStoreAuthUrlValues } from '@forgerock/sdk-oidc';
+import {
+  buildAuthorizeParams,
+  createAuthorizeUrl,
+  generateAndStoreAuthUrlValues,
+} from '@forgerock/sdk-oidc';
 import { createChallenge } from '@forgerock/sdk-utilities';
 import { Micro } from 'effect';
 
 import {
   buildParAuthorizeUrl,
-  handleDispatchError,
+  hasPushRequestUri,
+  isFetchBaseQueryError,
+  toDispatchError,
   type PromptValue,
 } from './authorize.request.utils.js';
 
@@ -78,6 +84,113 @@ export const storeAuthOptionsµ = (
   });
 };
 
+// ─── PAR body / URL builders ─────────────────────────────────────────────────
+
+export const buildParBodyµ = (
+  config: OidcConfig,
+  parBodyOptions: OptionalAuthorizeOptions,
+  challenge: string,
+  state: string,
+  prompt?: PromptValue,
+): Micro.Micro<URLSearchParams, AuthorizationError, never> => {
+  return Micro.try({
+    try: () =>
+      buildAuthorizeParams({
+        clientId: config.clientId,
+        redirectUri: config.redirectUri,
+        scope: config.scope || 'openid',
+        responseType: config.responseType || 'code',
+        ...parBodyOptions,
+        challenge,
+        state,
+        ...(prompt && { prompt }),
+      }),
+    catch: (err): AuthorizationError => ({
+      error: 'PAR_PARAM_BUILD_ERROR',
+      error_description: err instanceof Error ? err.message : 'Failed to build PAR parameters',
+      type: 'auth_error',
+    }),
+  });
+};
+
+export const createAuthorizeUrlµ = (
+  path: string,
+  options: GetAuthorizationUrlOptions,
+): Micro.Micro<[string, GetAuthorizationUrlOptions], AuthorizationError, never> => {
+  return Micro.tryPromise({
+    try: async () =>
+      [await createAuthorizeUrl(path, { ...options, prompt: 'none' }), options] as [
+        string,
+        GetAuthorizationUrlOptions,
+      ],
+    catch: (error): AuthorizationError => ({
+      error: 'AuthorizationUrlError',
+      error_description:
+        error instanceof Error ? error.message : 'Error creating authorization URL',
+      type: 'auth_error',
+    }),
+  });
+};
+
+export const buildAuthorizeRedirectUrlµ = (
+  res: { error: string; error_description: string },
+  wellknown: WellknownResponse,
+  options: GetAuthorizationUrlOptions,
+): Micro.Micro<never, AuthorizationError, never> => {
+  return Micro.tryPromise({
+    try: () => createAuthorizeUrl(wellknown.authorization_endpoint, { ...options }),
+    catch: (error): AuthorizationError => ({
+      error: 'AuthorizationUrlError',
+      error_description:
+        error instanceof Error ? error.message : 'Error creating authorization URL',
+      type: 'auth_error',
+    }),
+  }).pipe(
+    Micro.flatMap((url) =>
+      Micro.fail({
+        error: res.error,
+        error_description: res.error_description,
+        type: 'auth_error',
+        redirectUrl: url,
+      } as const),
+    ),
+  );
+};
+
+export const validateParResponseµ = (result: {
+  error?: FetchBaseQueryError | SerializedError;
+  data?: unknown;
+}): Micro.Micro<{ request_uri: string; expires_in: number }, AuthorizationError, never> => {
+  if (result.error) {
+    return Micro.fail(toDispatchError(result.error));
+  }
+  if (!hasPushRequestUri(result.data)) {
+    return Micro.fail({
+      error: 'PAR_ERROR',
+      error_description: "PAR response missing required 'request_uri' field",
+      type: 'network_error',
+    } as const);
+  }
+  const d = result.data as { request_uri: string; expires_in?: number };
+  return Micro.succeed({ request_uri: d.request_uri, expires_in: d.expires_in ?? 60 });
+};
+
+export const handleDispatchErrorµ = (
+  error: FetchBaseQueryError | SerializedError,
+  wellknown: WellknownResponse,
+  options: GetAuthorizationUrlOptions,
+): Micro.Micro<never, AuthorizationError, never> => {
+  const errorDetails = toDispatchError(error);
+  const isConfigError =
+    isFetchBaseQueryError(error) &&
+    'statusText' in error &&
+    error.statusText === 'CONFIGURATION_ERROR';
+
+  return isConfigError
+    ? Micro.fail(errorDetails)
+    : buildAuthorizeRedirectUrlµ(errorDetails, wellknown, options);
+};
+
 // ─── PAR POST ────────────────────────────────────────────────────────────────
 
 export const dispatchParRequestµ = (
@@ -134,7 +247,7 @@ export const dispatchAuthorizeFetchµ = (
   }).pipe(
     Micro.flatMap(({ error, data }) => {
       if (error) {
-        return handleDispatchError(error, wellknown, options);
+        return handleDispatchErrorµ(error, wellknown, options);
       }
       if (data?.authorizeResponse) {
         return Micro.succeed(data.authorizeResponse);
@@ -165,7 +278,7 @@ export const dispatchAuthorizeIframeµ = (
   }).pipe(
     Micro.flatMap(({ error, data }) => {
       if (error) {
-        return handleDispatchError(error, wellknown, options);
+        return handleDispatchErrorµ(error, wellknown, options);
       }
       const d = data as { code?: unknown; state?: unknown } | undefined;
       if (d !== undefined && typeof d.code === 'string' && typeof d.state === 'string') {

packages/oidc-client/src/lib/authorize.request.ts

@@ -7,20 +7,18 @@
 import { CustomLogger } from '@forgerock/sdk-logger';
 import { Micro } from 'effect';
 
+import { buildAuthorizeOptions } from './authorize.request.utils.js';
 import {
-  buildAuthorizeOptions,
-  buildParBody,
-  createAuthorizeUrlMicro,
-  validateParResponse,
-} from './authorize.request.utils.js';
-import {
+  buildParBodyµ,
   buildParSlimUrlµ,
+  createAuthorizeUrlµ,
   dispatchAuthorizeFetchµ,
   dispatchAuthorizeIframeµ,
   dispatchParRequestµ,
   generateAuthValuesµ,
   generatePkceChallengeµ,
   storeAuthOptionsµ,
+  validateParResponseµ,
 } from './authorize.request.micros.js';
 
 import type { GetAuthorizationUrlOptions, WellknownResponse } from '@forgerock/sdk-types';
@@ -99,15 +97,15 @@ export function parAuthorizeµ(
   return Micro.gen(function* () {
     const [authUrlOptions, storeOptions] = yield* generateAuthValuesµ(config, wellknown, options);
     const challenge = yield* generatePkceChallengeµ(authUrlOptions.verifier);
-    const body = yield* buildParBody(
+    const body = yield* buildParBodyµ(
       config,
       parBodyOptions,
       challenge,
       authUrlOptions.state,
       prompt,
     );
     const parResult = yield* dispatchParRequestµ(store, parEndpoint, body);
-    const { request_uri, expires_in } = yield* validateParResponse(parResult);
+    const { request_uri, expires_in } = yield* validateParResponseµ(parResult);
     if (expires_in < 30) {
       yield* Micro.sync(() =>
         log.warn(
@@ -177,7 +175,7 @@ export function authorizeµ(
   );
 
   const [path, opts] = buildAuthorizeOptions(wellknown, config, options);
-  const standardFlow = createAuthorizeUrlMicro(path, opts).pipe(
+  const standardFlow = createAuthorizeUrlµ(path, opts).pipe(
     Micro.tap(([url]) => log.debug('Authorize URL created', url)),
     Micro.tapError((err) => Micro.sync(() => log.error('Error creating authorize URL', err))),
     Micro.flatMap(([url, dispatchOpts]) =>

packages/oidc-client/src/lib/authorize.request.utils.test.ts

@@ -273,14 +273,14 @@ it('hasPushRequestUri returns false when request_uri is missing', () => {
   expect(hasPushRequestUri('string')).toBe(false);
 });
 
-// ─── validateParResponse ─────────────────────────────────────────────────────
+// ─── validateParResponseµ ────────────────────────────────────────────────────
 
-import { validateParResponse } from './authorize.request.utils.js';
+import { validateParResponseµ } from './authorize.request.micros.js';
 
-it.effect('validateParResponse with SerializedError preserves error message', () =>
+it.effect('validateParResponseµ with SerializedError preserves error message', () =>
   Micro.gen(function* () {
     const serializedError = { name: 'Error', message: 'network timeout', code: 'FETCH_ERROR' };
-    const exit = yield* Micro.exit(validateParResponse({ error: serializedError }));
+    const exit = yield* Micro.exit(validateParResponseµ({ error: serializedError }));
     expect(Micro.exitIsFailure(exit)).toBe(true);
     if (!Micro.exitIsFailure(exit) || !Micro.causeIsFail(exit.cause)) return;
     // Should surface the actual message, not generic "Unknown_Error"