Add DefaultCacheStore and DefaultCrypto Services

Author: lashinijay

packages/javascript/package.json

@@ -54,7 +54,9 @@
   },
   "dependencies": {
     "@asgardeo/i18n": "workspace:*",
-    "tslib": "2.8.1"
+    "tslib": "2.8.1",
+    "base64url": "^3.0.1",
+    "jose": "^5.2.0"
   },
   "publishConfig": {
     "access": "public"

packages/javascript/src/AsgardeoJavaScriptClient.ts

@@ -33,6 +33,8 @@ import {Storage} from './models/store';
 import {TokenExchangeRequestConfig, TokenResponse} from './models/token';
 import {User, UserProfile} from './models/user';
 import initializeEmbeddedSignInFlow from './api/initializeEmbeddedSignInFlow';
+import {DefaultCacheStore} from './DefaultCacheStore';
+import {DefaultCrypto} from './DefaultCrypto';
 
 interface AgentConfig {
   agentID: string;
@@ -61,8 +63,8 @@ class AsgardeoJavaScriptClient<T = Config> implements AsgardeoClient<T> {
   void: void;
 
   constructor(config?: AuthClientConfig<T>, cacheStore?: Storage, cryptoUtils?: Crypto) {
-    this.cacheStore = cacheStore;
-    this.cryptoUtils = cryptoUtils;
+    this.cacheStore = cacheStore ?? new DefaultCacheStore();
+    this.cryptoUtils =  cryptoUtils ?? new DefaultCrypto();
     this.auth = new AsgardeoAuthClient();
     this.auth.initialize(config, this.cacheStore, this.cryptoUtils);
     this.storageManager = this.auth.getStorageManager();

packages/javascript/src/DefaultCacheStore.ts

@@ -0,0 +1,63 @@
+/**
+ * Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export class DefaultCacheStore implements Storage {
+
+    private cache: Map<string, string>;
+
+    constructor() {
+        this.cache = new Map<string, string>();
+    }
+
+    public get length(): number {
+        return this.cache.size;
+    }
+
+    public getItem(key: string): string | null {
+        return this.cache.get(key) ?? null;
+    }
+
+    public setItem(key: string, value: string): void {
+        this.cache.set(key, value);
+    }
+
+    public removeItem(key: string): void {
+        this.cache.delete(key);
+    }
+
+    public clear(): void {
+        this.cache.clear();
+    }
+
+    public key(index: number): string | null {
+        const keys = Array.from(this.cache.keys());
+        return keys[index] ?? null;
+    }
+
+    public async setData(key: string, value: string): Promise<void> {
+        this.cache.set(key, value);
+    }
+
+    public async getData(key: string): Promise<string> {
+        return this.cache.get(key) ?? "{}";
+    }
+
+    public async removeData(key: string): Promise<void> {
+        this.cache.delete(key);
+    }
+}

packages/javascript/src/DefaultCrypto.ts

@@ -0,0 +1,99 @@
+/**
+ * Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import * as jose from "jose";
+import { JWKInterface } from "./models/crypto";
+
+interface CryptoInterface<T> {
+    base64URLEncode(value: T): string;
+    base64URLDecode(value: string): string;
+    hashSha256(data: string): Promise<Uint8Array>; // Changed to Promise to match implementation
+    generateRandomBytes(length: number): Uint8Array;
+    verifyJwt(
+        idToken: string,
+        jwk: Partial<any>,
+        algorithms: string[],
+        clientId: string,
+        issuer: string,
+        subject: string,
+        clockTolerance?: number,
+    ): Promise<boolean>;
+}
+
+export class DefaultCrypto implements CryptoInterface<Uint8Array | string> {
+
+    constructor() {}
+
+    /**
+     * Cross-platform Base64URL encoding using 'jose' utilities
+     */
+    public base64URLEncode(value: Uint8Array | string): string {
+        const uint8Array = typeof value === "string" 
+            ? new TextEncoder().encode(value) 
+            : value;
+        
+        return jose.base64url.encode(uint8Array);
+    }
+
+    /**
+     * Cross-platform Base64URL decoding
+     */
+    public base64URLDecode(value: string): string {
+        const decodedArray = jose.base64url.decode(value);
+        return new TextDecoder().decode(decodedArray);
+    }
+
+    public async hashSha256(data: string): Promise<Uint8Array> {
+        const encoder = new TextEncoder();
+        const dataBuffer = encoder.encode(data);
+
+        // Using native web crypto (available in modern Node and Browsers)
+        const hashBuffer = await crypto.subtle.digest("SHA-256", dataBuffer);
+        return new Uint8Array(hashBuffer);
+    }
+
+    public generateRandomBytes(length: number): Uint8Array {
+        // globalThis.crypto works in Browsers and Node.js 19+
+        const array = new Uint8Array(length);
+        crypto.getRandomValues(array);
+        return array;
+    }
+
+    public async verifyJwt(
+        idToken: string,
+        jwk: Partial<JWKInterface>,
+        algorithms: string[],
+        clientId: string,
+        issuer: string,
+        subject: string,
+        clockTolerance?: number,
+    ): Promise<boolean> {
+
+        const key = await jose.importJWK(jwk as any);
+
+        await jose.jwtVerify(idToken, key, {
+            algorithms,
+            audience: clientId,
+            issuer,
+            subject,
+            clockTolerance,
+        });
+
+        return true;
+    }
+}

packages/javascript/src/IsomorphicCrypto.ts

@@ -43,8 +43,9 @@ export class IsomorphicCrypto<T = any> {
    *
    * @returns - code challenge.
    */
-  public getCodeChallenge(verifier: string): string {
-    return this.cryptoUtils.base64URLEncode(this.cryptoUtils.hashSha256(verifier));
+  public async getCodeChallenge(verifier: string): Promise<string> {
+    const hashed = await this.cryptoUtils.hashSha256(verifier);
+    return this.cryptoUtils.base64URLEncode(hashed);
   }
 
   /**

packages/javascript/src/__legacy__/client.ts

@@ -242,7 +242,7 @@ export class AsgardeoAuthClient<T> {
 
       if (configData.enablePKCE) {
         codeVerifier = this.cryptoHelper?.getCodeVerifier();
-        codeChallenge = this.cryptoHelper?.getCodeChallenge(codeVerifier);
+        codeChallenge = await this.cryptoHelper?.getCodeChallenge(codeVerifier);
         await this.storageManager.setTemporaryDataParameter(pkceKey, codeVerifier, userId);
       }