@asgardeo/auth-spa 0.2.18 → 0.2.21

package/src/clients/main-thread-client.ts

@@ -20,17 +20,21 @@ import {
     AUTHORIZATION_CODE,
     AsgardeoAuthClient,
     AuthClientConfig,
+    AuthenticationUtils,
     BasicUserInfo,
     CustomGrantConfig,
     DecodedIDTokenPayload,
+    FetchResponse,
     GetAuthURLConfig,
     OIDCEndpoints,
     ResponseMode,
     SESSION_STATE,
+    STATE,
     Store,
     TokenResponse
 } from "@asgardeo/auth-js";
 import {
+    ACCESS_TOKEN_INVALID,
     CHECK_SESSION_SIGNED_IN,
     CHECK_SESSION_SIGNED_OUT,
     CUSTOM_GRANT_CONFIG,
@@ -53,8 +57,10 @@ import {
     MainThreadClientInterface,
     Message
 } from "../models";
+import { SPACustomGrantConfig } from "../models/request-custom-grant";
 import { LocalStore, MemoryStore, SessionStore } from "../stores";
 import { SPAUtils } from "../utils";
+import { SPACryptoUtils } from "../utils/crypto-utils";
 
 const initiateStore = (store: Storage | undefined): Store => {
     switch (store) {
@@ -73,12 +79,13 @@ export const MainThreadClient = async (
     config: AuthClientConfig<MainThreadClientConfig>
 ): Promise<MainThreadClientInterface> => {
     const _store: Store = initiateStore(config.storage);
-    const _authenticationClient = new AsgardeoAuthClient<MainThreadClientConfig>(_store);
+    const _cryptoUtils: SPACryptoUtils = new SPACryptoUtils();
+    const _authenticationClient = new AsgardeoAuthClient<MainThreadClientConfig>(_store, _cryptoUtils);
     await _authenticationClient.initialize(config);
 
     const _spaHelper = new SPAHelper<MainThreadClientConfig>(_authenticationClient);
     const _dataLayer = _authenticationClient.getDataLayer();
-    const _sessionManagementHelper = SessionManagementHelper(
+    const _sessionManagementHelper = await SessionManagementHelper(
         async () => {
             return _authenticationClient.signOut();
         },
@@ -86,6 +93,8 @@ export const MainThreadClient = async (
         (sessionState: string) => _dataLayer.setSessionDataParameter(SESSION_STATE, sessionState ?? "")
     );
 
+    let _getSignOutURLFromSessionStorage: boolean = false;
+
     const _httpClient: HttpClientInstance = HttpClient.getInstance();
     let _isHttpHandlerEnabled: boolean = true;
     let _httpErrorCallback: (error: HttpError) => void | Promise<void>;
@@ -147,7 +156,7 @@ export const MainThreadClient = async (
                         } catch (refreshError: any) {
                             if (_isHttpHandlerEnabled) {
                                 if (typeof _httpErrorCallback === "function") {
-                                    await _httpErrorCallback(error);
+                                    await _httpErrorCallback({ ...error, code: ACCESS_TOKEN_INVALID });
                                 }
                                 if (typeof _httpFinishCallback === "function") {
                                     _httpFinishCallback();
@@ -256,7 +265,7 @@ export const MainThreadClient = async (
                             } catch (refreshError: any) {
                                 if (_isHttpHandlerEnabled) {
                                     if (typeof _httpErrorCallback === "function") {
-                                        await _httpErrorCallback(error);
+                                        await _httpErrorCallback({ ...error, code: ACCESS_TOKEN_INVALID });
                                     }
                                     if (typeof _httpFinishCallback === "function") {
                                         _httpFinishCallback();
@@ -353,15 +362,15 @@ export const MainThreadClient = async (
             config.checkSessionInterval ?? 3,
             config.sessionRefreshInterval ?? 300,
             config.signInRedirectURL,
-            oidcEndpoints.authorizationEndpoint ?? "",
-            config.enablePKCE
+            async (params?: GetAuthURLConfig): Promise<string> =>  _authenticationClient.getAuthorizationURL(params)
         );
     };
 
     const signIn = async (
         signInConfig?: GetAuthURLConfig,
         authorizationCode?: string,
-        sessionState?: string
+        sessionState?: string,
+        state?: string
     ): Promise<BasicUserInfo> => {
         const config = await _dataLayer.getConfigData();
 
@@ -398,18 +407,22 @@ export const MainThreadClient = async (
 
         let resolvedAuthorizationCode: string;
         let resolvedSessionState: string;
+        let resolvedState: string;
 
         if (config?.responseMode === ResponseMode.formPost && authorizationCode) {
             resolvedAuthorizationCode = authorizationCode;
             resolvedSessionState = sessionState ?? "";
+            resolvedState = state ?? "";
         } else {
             resolvedAuthorizationCode = new URL(window.location.href).searchParams.get(AUTHORIZATION_CODE) ?? "";
             resolvedSessionState = new URL(window.location.href).searchParams.get(SESSION_STATE) ?? "";
+            resolvedState = new URL(window.location.href).searchParams.get(STATE) ?? "";
+
             SPAUtils.removeAuthorizationCode();
         }
 
         if (resolvedAuthorizationCode) {
-            return requestAccessToken(resolvedAuthorizationCode, resolvedSessionState);
+            return requestAccessToken(resolvedAuthorizationCode, resolvedSessionState, resolvedState);
         }
 
         const error = new URL(window.location.href).searchParams.get(ERROR);
@@ -435,7 +448,9 @@ export const MainThreadClient = async (
 
         return _authenticationClient.getAuthorizationURL(signInConfig).then(async (url: string) => {
             if (config.storage === Storage.BrowserMemory && config.enablePKCE) {
-                SPAUtils.setPKCE((await _authenticationClient.getPKCECode()) as string);
+                const pkceKey: string = AuthenticationUtils.extractPKCEKeyFromStateParam(resolvedState);
+
+                SPAUtils.setPKCE(pkceKey, (await _authenticationClient.getPKCECode(resolvedState)) as string);
             }
 
             location.href = url;
@@ -455,10 +470,13 @@ export const MainThreadClient = async (
     };
 
     const signOut = async (): Promise<boolean> => {
-        if (await _authenticationClient.isAuthenticated()) {
+        if (await _authenticationClient.isAuthenticated() && !_getSignOutURLFromSessionStorage) {
             location.href = await _authenticationClient.signOut();
         } else {
             location.href = SPAUtils.getSignOutURL();
+            await _dataLayer.removeOIDCProviderMetaData();
+            await _dataLayer.removeTemporaryData();
+            await _dataLayer.removeSessionData();
         }
 
         _spaHelper.clearRefreshTokenTimeout();
@@ -468,7 +486,7 @@ export const MainThreadClient = async (
         return true;
     };
 
-    const requestCustomGrant = async (config: CustomGrantConfig): Promise<BasicUserInfo | HttpResponse> => {
+    const requestCustomGrant = async (config: SPACustomGrantConfig): Promise<BasicUserInfo | FetchResponse> => {
         let useDefaultEndpoint = true;
         let matches = false;
         const clientConfig = await _dataLayer.getConfigData();
@@ -492,13 +510,17 @@ export const MainThreadClient = async (
         if (useDefaultEndpoint || matches) {
             return _authenticationClient
                 .requestCustomGrant(config)
-                .then(async (response: HttpResponse | TokenResponse) => {
+                .then(async (response: FetchResponse | TokenResponse) => {
+                    if (config.preventSignOutURLUpdate) {
+                        _getSignOutURLFromSessionStorage = true;
+                    }
+
                     if (config.returnsSession) {
                         _spaHelper.refreshAccessTokenAutomatically();
 
                         return _authenticationClient.getBasicUserInfo();
                     } else {
-                        return response as HttpResponse;
+                        return response as FetchResponse;
                     }
                 })
                 .catch((error) => {
@@ -548,22 +570,27 @@ export const MainThreadClient = async (
 
     const requestAccessToken = async (
         resolvedAuthorizationCode: string,
-        resolvedSessionState: string
+        resolvedSessionState: string,
+        resolvedState: string
     ): Promise<BasicUserInfo> => {
         const config = await _dataLayer.getConfigData();
 
         if (config.storage === Storage.BrowserMemory && config.enablePKCE) {
-            const pkce = SPAUtils.getPKCE();
+            const pkce = SPAUtils.getPKCE(AuthenticationUtils.extractPKCEKeyFromStateParam(resolvedState));
 
-            await _authenticationClient.setPKCECode(pkce);
+            await _authenticationClient.setPKCECode(
+                AuthenticationUtils.extractPKCEKeyFromStateParam(resolvedState),
+                pkce);
         }
 
         return _authenticationClient
-            .requestAccessToken(resolvedAuthorizationCode, resolvedSessionState)
+            .requestAccessToken(resolvedAuthorizationCode, resolvedSessionState, resolvedState)
             .then(async () => {
-                if (config.storage === Storage.BrowserMemory) {
+                // Disable this temporarily
+                /* if (config.storage === Storage.BrowserMemory) {
                     SPAUtils.setSignOutURL(await _authenticationClient.getSignOutURL());
-                }
+                } */
+                SPAUtils.setSignOutURL(await _authenticationClient.getSignOutURL());
 
                 _spaHelper.clearRefreshTokenTimeout();
                 _spaHelper.refreshAccessTokenAutomatically();
@@ -622,7 +649,11 @@ export const MainThreadClient = async (
             const url: string = urlObject.toString();
 
             if (config.storage === Storage.BrowserMemory && config.enablePKCE) {
-                SPAUtils.setPKCE((await _authenticationClient.getPKCECode()) as string);
+                const state = urlObject.searchParams.get(STATE);
+
+                SPAUtils.setPKCE(
+                    AuthenticationUtils.extractPKCEKeyFromStateParam( state ?? ""),
+                    (await _authenticationClient.getPKCECode(state ?? "")) as string);
             }
 
             promptNoneIFrame.src = url;
@@ -645,7 +676,7 @@ export const MainThreadClient = async (
                 }
 
                 if (data?.type == CHECK_SESSION_SIGNED_IN && data?.data?.code) {
-                    requestAccessToken(data.data.code, data?.data?.sessionState)
+                    requestAccessToken(data.data.code, data?.data?.sessionState, data?.data?.state)
                         .then((response: BasicUserInfo) => {
                             window.removeEventListener("message", listenToPromptNoneIFrame);
                             resolve(response);

package/src/clients/web-worker-client.ts

@@ -19,14 +19,17 @@
 import {
     AUTHORIZATION_CODE,
     AuthClientConfig,
+    AuthenticationUtils,
     BasicUserInfo,
     CustomGrantConfig,
     DecodedIDTokenPayload,
+    FetchResponse,
     GetAuthURLConfig,
     OIDCEndpoints,
     OIDCProviderMetaData,
     ResponseMode,
-    SESSION_STATE
+    SESSION_STATE,
+    STATE
 } from "@asgardeo/auth-js";
 import WorkerFile from "web-worker:../worker/client.worker.ts";
 import {
@@ -76,9 +79,11 @@ import {
     WebWorkerClientConfig,
     WebWorkerClientInterface
 } from "../models";
+import { SPACustomGrantConfig } from "../models/request-custom-grant";
 import { SPAUtils } from "../utils";
 
-export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>): WebWorkerClientInterface => {
+export const WebWorkerClient = async (
+    config: AuthClientConfig<WebWorkerClientConfig>): Promise<WebWorkerClientInterface> => {
     /**
      * HttpClient handlers
      */
@@ -88,8 +93,9 @@ export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>)
      */
     const _requestTimeout: number = config?.requestTimeout ?? 60000;
     let _isHttpHandlerEnabled: boolean = true;
+    let _getSignOutURLFromSessionStorage: boolean = false;
 
-    const _sessionManagementHelper = SessionManagementHelper(
+    const _sessionManagementHelper = await SessionManagementHelper(
         async () => {
             const message: Message<string> = {
                 type: SIGN_OUT
@@ -154,14 +160,18 @@ export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>)
      * @returns {Promise<HttpResponse|boolean>} A promise that resolves with a boolean value or the request
      * response if the the `returnResponse` attribute in the `requestParams` object is set to `true`.
      */
-    const requestCustomGrant = (requestParams: CustomGrantConfig): Promise<HttpResponse | BasicUserInfo> => {
+    const requestCustomGrant = (requestParams: SPACustomGrantConfig): Promise<FetchResponse | BasicUserInfo> => {
         const message: Message<CustomGrantConfig> = {
             data: requestParams,
             type: REQUEST_CUSTOM_GRANT
         };
 
-        return communicate<CustomGrantConfig, HttpResponse | BasicUserInfo>(message)
+        return communicate<CustomGrantConfig, FetchResponse | BasicUserInfo>(message)
             .then((response) => {
+                if (requestParams.preventSignOutURLUpdate) {
+                    _getSignOutURLFromSessionStorage = true;
+                }
+
                 return Promise.resolve(response);
             })
             .catch((error) => {
@@ -339,8 +349,7 @@ export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>)
             config.checkSessionInterval ?? 3,
             config.sessionRefreshInterval ?? 300,
             config.signInRedirectURL,
-            oidcEndpoints.authorizationEndpoint ?? "",
-            config.enablePKCE
+            async (params?: GetAuthURLConfig): Promise<string> => (await getAuthorizationURL(params)).authorizationURL
         );
     };
 
@@ -387,7 +396,11 @@ export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>)
         try {
             const response: AuthorizationResponse = await communicate<GetAuthURLConfig, AuthorizationResponse>(message);
 
-            response.pkce && config.enablePKCE && SPAUtils.setPKCE(response.pkce);
+            const pkceKey: string = AuthenticationUtils.extractPKCEKeyFromStateParam(
+                new URL(response.authorizationURL).searchParams.get(STATE) ?? ""
+            );
+
+            response.pkce && config.enablePKCE && SPAUtils.setPKCE(pkceKey, response.pkce);
 
             const urlString: string = response.authorizationURL;
 
@@ -416,7 +429,7 @@ export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>)
                 }
 
                 if (data?.type == CHECK_SESSION_SIGNED_IN && data?.data?.code) {
-                    requestAccessToken(data?.data?.code, data?.data?.sessionState)
+                    requestAccessToken(data?.data?.code, data?.data?.sessionState, data?.data?.state)
                         .then((response: BasicUserInfo) => {
                             window.removeEventListener("message", listenToPromptNoneIFrame);
                             resolve(response);
@@ -435,22 +448,54 @@ export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>)
         });
     };
 
+    /**
+     * Generates an authorization URL.
+     *
+     * @param {GetAuthURLConfig} params Authorization URL params.
+     * @returns {Promise<string>} Authorization URL.
+     */
+    const getAuthorizationURL = async (params?: GetAuthURLConfig): Promise<AuthorizationResponse> => {
+        const config: AuthClientConfig<WebWorkerClientConfig> = await getConfigData();
+
+        const message: Message<GetAuthURLConfig> = {
+            data: params,
+            type: GET_AUTH_URL
+        };
+
+        return communicate<GetAuthURLConfig, AuthorizationResponse>(message).then(
+            async (response: AuthorizationResponse) => {
+                if (response.pkce && config.enablePKCE) {
+                    const pkceKey: string = AuthenticationUtils.extractPKCEKeyFromStateParam(
+                        new URL(response.authorizationURL).searchParams.get(STATE) ?? "");
+
+                    SPAUtils.setPKCE(pkceKey, response.pkce);
+                }
+
+                return Promise.resolve(response);
+        });
+    };
+
     const requestAccessToken = async (
         resolvedAuthorizationCode: string,
-        resolvedSessionState: string
+        resolvedSessionState: string,
+        resolvedState: string
     ): Promise<BasicUserInfo> => {
         const config: AuthClientConfig<WebWorkerClientConfig> = await getConfigData();
+        const pkceKey: string = AuthenticationUtils.extractPKCEKeyFromStateParam(resolvedState);
 
         const message: Message<AuthorizationInfo> = {
             data: {
                 code: resolvedAuthorizationCode,
-                pkce: config.enablePKCE ? SPAUtils.getPKCE() : undefined,
-                sessionState: resolvedSessionState
+                pkce: config.enablePKCE
+                    ? SPAUtils.getPKCE(pkceKey)
+                    : undefined,
+                sessionState: resolvedSessionState,
+                state: resolvedState
             },
             type: REQUEST_ACCESS_TOKEN
         };
 
-        config.enablePKCE && SPAUtils.removePKCE();
+        config.enablePKCE && SPAUtils.removePKCE(pkceKey);
 
         return communicate<AuthorizationInfo, BasicUserInfo>(message)
             .then((response) => {
@@ -488,7 +533,8 @@ export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>)
     const signIn = async (
         params?: GetAuthURLConfig,
         authorizationCode?: string,
-        sessionState?: string
+        sessionState?: string,
+        state?: string
     ): Promise<BasicUserInfo> => {
         const config: AuthClientConfig<WebWorkerClientConfig> = await getConfigData();
 
@@ -544,30 +590,25 @@ export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>)
 
         let resolvedAuthorizationCode: string;
         let resolvedSessionState: string;
+        let resolvedState: string;
 
         if (config?.responseMode === ResponseMode.formPost && authorizationCode) {
             resolvedAuthorizationCode = authorizationCode;
             resolvedSessionState = sessionState ?? "";
+            resolvedState = state ?? "";
         } else {
             resolvedAuthorizationCode = new URL(window.location.href).searchParams.get(AUTHORIZATION_CODE) ?? "";
             resolvedSessionState = new URL(window.location.href).searchParams.get(SESSION_STATE) ?? "";
+            resolvedState = new URL(window.location.href).searchParams.get(STATE) ?? "";
+
             SPAUtils.removeAuthorizationCode();
         }
 
         if (resolvedAuthorizationCode) {
-            return requestAccessToken(resolvedAuthorizationCode, resolvedSessionState);
+            return requestAccessToken(resolvedAuthorizationCode, resolvedSessionState, resolvedState);
         }
 
-        const message: Message<GetAuthURLConfig> = {
-            data: params,
-            type: GET_AUTH_URL
-        };
-
-        return communicate<GetAuthURLConfig, AuthorizationResponse>(message)
-            .then(async (response) => {
-                if (response.pkce && config.enablePKCE) {
-                    SPAUtils.setPKCE(response.pkce);
-                }
+        return getAuthorizationURL(params).then(async (response: AuthorizationResponse)=>{
 
                 location.href = response.authorizationURL;
 
@@ -596,7 +637,7 @@ export const WebWorkerClient = (config: AuthClientConfig<WebWorkerClientConfig>)
     const signOut = (): Promise<boolean> => {
         return isAuthenticated()
             .then(async (response: boolean) => {
-                if (response) {
+                if (response && !_getSignOutURLFromSessionStorage) {
                     const message: Message<null> = {
                         type: SIGN_OUT
                     };

package/src/constants/errors.ts

@@ -0,0 +1,19 @@
+/**
+ * Copyright (c) 2021, WSO2 Inc. (http://www.wso2.com) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export const ACCESS_TOKEN_INVALID = "Access token is invalid";

package/src/constants/hooks.ts

@@ -25,5 +25,6 @@ export enum Hooks {
     HttpRequestError = "http-request-error",
     HttpRequestSuccess = "http-request-success",
     RevokeAccessToken = "revoke-access-token",
-    CustomGrant = "custom-grant"
+    CustomGrant = "custom-grant",
+    SignOutFailed = "sign-out-failed"
 }

package/src/constants/index.ts

@@ -21,3 +21,4 @@ export * from "./storage";
 export * from "./hooks";
 export * from "./session-management";
 export * from "./parameters";
+export * from "./errors";

package/src/constants/parameters.ts

@@ -19,3 +19,4 @@
 export const ERROR = "error";
 export const ERROR_DESCRIPTION = "error_description";
 export const CUSTOM_GRANT_CONFIG = "custom_grant_config";
+export const STATE_QUERY = "state";

package/src/helpers/session-management-helper.ts

@@ -16,7 +16,7 @@
  * under the License.
  */
 
-import { SESSION_STATE } from "@asgardeo/auth-js";
+import { GetAuthURLConfig, SESSION_STATE } from "@asgardeo/auth-js";
 import {
     CHECK_SESSION_SIGNED_IN,
     CHECK_SESSION_SIGNED_OUT,
@@ -27,6 +27,7 @@ import {
     SET_SESSION_STATE_FROM_IFRAME,
     SILENT_SIGN_IN_STATE,
     STATE,
+    STATE_QUERY,
     Storage
 } from "../constants";
 import { AuthorizationInfo, Message, SessionManagementHelperInterface } from "../models";
@@ -38,14 +39,13 @@ export const SessionManagementHelper = (() => {
     let _sessionState: () => Promise<string>;
     let _interval: number;
     let _redirectURL: string;
-    let _authorizationEndpoint: string;
     let _sessionRefreshInterval: number;
     let _signOut: () => Promise<string>;
     let _sessionRefreshIntervalTimeout: number;
     let _checkSessionIntervalTimeout: number;
     let _storage: Storage;
     let _setSessionState: (sessionState: string) => void;
-    let _isPKCEEnabled: boolean;
+    let _getAuthorizationURL: (params?: GetAuthURLConfig) => Promise<string>;
 
     const initialize = (
         clientID: string,
@@ -54,17 +54,15 @@ export const SessionManagementHelper = (() => {
         interval: number,
         sessionRefreshInterval: number,
         redirectURL: string,
-        authorizationEndpoint: string,
-        isPKCEEnabled: boolean
+        getAuthorizationURL: (params?: GetAuthURLConfig) => Promise<string>
     ): void => {
         _clientID = clientID;
         _checkSessionEndpoint = checkSessionEndpoint;
         _sessionState = getSessionState;
         _interval = interval;
         _redirectURL = redirectURL;
-        _authorizationEndpoint = authorizationEndpoint;
         _sessionRefreshInterval = sessionRefreshInterval;
-        _isPKCEEnabled = isPKCEEnabled;
+        _getAuthorizationURL = getAuthorizationURL;
 
         if (_interval > -1) {
             initiateCheckSession();
@@ -115,17 +113,6 @@ export const SessionManagementHelper = (() => {
         clearInterval(_sessionRefreshIntervalTimeout);
     }
 
-    const getRandomPKCEChallenge = (): string => {
-        const chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz-_";
-        const stringLength = 43;
-        let randomString = "";
-        for (let i = 0; i < stringLength; i++) {
-            const rnum = Math.floor(Math.random() * chars.length);
-            randomString += chars.substring(rnum, rnum + 1);
-        }
-        return randomString;
-    };
-
     const listenToResponseFromOPIFrame = (): void => {
         async function receiveMessage(e: MessageEvent) {
             const targetOrigin = _checkSessionEndpoint;
@@ -149,7 +136,7 @@ export const SessionManagementHelper = (() => {
         window?.addEventListener("message", receiveMessage, false);
     };
 
-    const sendPromptNoneRequest = () => {
+    const sendPromptNoneRequest = async () => {
         const rpIFrame = document.getElementById(RP_IFRAME) as HTMLIFrameElement;
 
         const promptNoneIFrame: HTMLIFrameElement = rpIFrame?.contentDocument?.getElementById(
@@ -170,20 +157,12 @@ export const SessionManagementHelper = (() => {
                 window?.addEventListener("message", receiveMessageListener);
             }
 
-            const promptNoneURL = new URL(_authorizationEndpoint);
-            promptNoneURL.searchParams.set("response_type", "code");
-            promptNoneURL.searchParams.set("client_id", _clientID);
-            promptNoneURL.searchParams.set("scope", "openid");
-            promptNoneURL.searchParams.set("redirect_uri", _redirectURL);
-            promptNoneURL.searchParams.set("state", STATE);
-            promptNoneURL.searchParams.set("prompt", "none");
-
-            if(_isPKCEEnabled){
-                promptNoneURL.searchParams.set("code_challenge_method", "S256");
-                promptNoneURL.searchParams.set("code_challenge", getRandomPKCEChallenge());
-            }
+            const promptNoneURL: string = await _getAuthorizationURL({
+                prompt: "none",
+                state: STATE
+            });
 
-            promptNoneIFrame.src = promptNoneURL.toString();
+            promptNoneIFrame.src = promptNoneURL;
         }
     };
 
@@ -196,20 +175,21 @@ export const SessionManagementHelper = (() => {
     const receivePromptNoneResponse = async (
         setSessionState?: (sessionState: string | null) => Promise<void>
     ): Promise<boolean> => {
-        const state = new URL(window.location.href).searchParams.get("state");
+        const state = new URL(window.location.href).searchParams.get(STATE_QUERY);
         const sessionState = new URL(window.location.href).searchParams.get(SESSION_STATE);
         const parent = window.parent.parent;
 
-        if (state !== null && (state === STATE || state === SILENT_SIGN_IN_STATE)) {
+        if (state !== null && (state.includes(STATE) || state.includes(SILENT_SIGN_IN_STATE))) {
             // Prompt none response.
             const code = new URL(window.location.href).searchParams.get("code");
 
             if (code !== null && code.length !== 0) {
-                if (state === SILENT_SIGN_IN_STATE) {
+                if (state.includes(SILENT_SIGN_IN_STATE)) {
                     const message: Message<AuthorizationInfo> = {
                         data: {
                             code,
-                            sessionState: sessionState ?? ""
+                            sessionState: sessionState ?? "",
+                            state
                         },
                         type: CHECK_SESSION_SIGNED_IN
                     };
@@ -228,7 +208,7 @@ export const SessionManagementHelper = (() => {
                 const newSessionState = new URL(window.location.href).searchParams.get("session_state");
 
                 if (_storage === Storage.LocalStorage || _storage === Storage.SessionStorage) {
-                    setSessionState && await setSessionState(newSessionState);
+                    setSessionState && (await setSessionState(newSessionState));
                 } else {
                     const message: Message<string> = {
                         data: newSessionState ?? "",
@@ -246,7 +226,7 @@ export const SessionManagementHelper = (() => {
 
                 return true;
             } else {
-                if (state === SILENT_SIGN_IN_STATE) {
+                if (state.includes(SILENT_SIGN_IN_STATE)) {
                     const message: Message<null> = {
                         type: CHECK_SESSION_SIGNED_OUT
                     };
@@ -275,15 +255,16 @@ export const SessionManagementHelper = (() => {
         return false;
     };
 
-    return (
+    return async (
         signOut: () => Promise<string>,
         storage: Storage,
         setSessionState: (sessionState: string) => void
-    ): SessionManagementHelperInterface => {
+    ): Promise<SessionManagementHelperInterface> => {
         let rpIFrame = document.createElement("iframe");
         rpIFrame.setAttribute("id", RP_IFRAME);
         rpIFrame.style.display = "none";
 
+        let rpIframeLoaded: boolean = false;
         rpIFrame.onload = () => {
             rpIFrame = document.getElementById(RP_IFRAME) as HTMLIFrameElement;
 
@@ -303,6 +284,8 @@ export const SessionManagementHelper = (() => {
 
             opIFrame && rpIFrame?.contentDocument?.body?.appendChild(opIFrame);
             promptNoneIFrame && rpIFrame?.contentDocument?.body?.appendChild(promptNoneIFrame);
+
+            rpIframeLoaded = true;
         }
 
         document?.body?.appendChild(rpIFrame);
@@ -312,6 +295,14 @@ export const SessionManagementHelper = (() => {
         _storage = storage;
         _setSessionState = setSessionState;
 
+        const sleep = (): Promise<any> => {
+            return new Promise((resolve) => setTimeout(resolve, 1));
+        };
+
+        while (rpIframeLoaded === false) {
+            await sleep();
+        }
+
         return {
             initialize,
             receivePromptNoneResponse,

package/src/index-polyfill.ts

@@ -17,7 +17,6 @@
  */
 
 import "core-js/stable";
-import "regenerator-runtime/runtime";
 
 // Export the public API.
 export * from "./public-api";