@axa-fr/oidc-client-service-worker 7.12.2 → 7.12.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/OidcServiceWorker.js +1 -1
  2. package/dist/OidcServiceWorker.js.map +1 -1
  3. package/dist/src/version.d.ts +1 -1
  4. package/package.json +1 -1
  5. package/src/version.ts +1 -1
package/dist/OidcServiceWorker.js CHANGED
@@ -259,7 +259,7 @@ function replaceCodeVerifier(codeVerifier, newCodeVerifier) {
259
259
  const regex = /code_verifier=[A-Za-z0-9_-]+/i;
260
260
  return codeVerifier.replace(regex, `code_verifier=${newCodeVerifier}`);
261
261
  }
262
- const version = "7.12.2";
262
+ const version = "7.12.3";
263
263
  if (typeof trustedTypes !== "undefined" && typeof trustedTypes.createPolicy == "function") {
264
264
  trustedTypes.createPolicy("default", {
265
265
  createScriptURL: function(url) {
package/dist/OidcServiceWorker.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OidcServiceWorker.js","sources":["../src/constants.ts","../src/utils/normalizeUrl.ts","../src/utils/domains.ts","../src/utils/serializeHeaders.ts","../src/utils/sleep.ts","../src/utils/strings.ts","../src/utils/tokens.ts","../src/utils/codeVerifier.ts","../src/version.ts","../src/OidcServiceWorker.ts"],"sourcesContent":["const scriptFilename = 'OidcTrustedDomains.js';\nconst acceptAnyDomainToken = '*';\n\ntype TokenType = {\n readonly REFRESH_TOKEN: string;\n readonly ACCESS_TOKEN: string;\n readonly NONCE_TOKEN: string;\n readonly CODE_VERIFIER: string;\n};\n\nconst TOKEN: TokenType = {\n REFRESH_TOKEN: 'REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER',\n ACCESS_TOKEN: 'ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER',\n NONCE_TOKEN: 'NONCE_SECURED_BY_OIDC_SERVICE_WORKER',\n CODE_VERIFIER: 'CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER',\n};\n\ntype TokenRenewModeType = {\n readonly access_token_or_id_token_invalid: string;\n readonly access_token_invalid: string;\n readonly id_token_invalid: string;\n};\n\nconst TokenRenewMode: TokenRenewModeType = {\n access_token_or_id_token_invalid: 'access_token_or_id_token_invalid',\n access_token_invalid: 'access_token_invalid',\n id_token_invalid: 'id_token_invalid',\n};\n\nconst openidWellknownUrlEndWith = '/.well-known/openid-configuration';\n\nexport { acceptAnyDomainToken, openidWellknownUrlEndWith, scriptFilename, TOKEN, TokenRenewMode };\n","export function normalizeUrl(url: string) {\n\ttry {\n\t\treturn new URL(url).toString();\n\t} catch (error) {\n\t\tconsole.error(`Failed to normalize url: ${url}`);\n\t\treturn url;\n\t}\n}\n\n","import { acceptAnyDomainToken, openidWellknownUrlEndWith, scriptFilename } from '../constants';\nimport { Database, Domain, DomainDetails, OidcConfig, TrustedDomains } from '../types';\nimport { normalizeUrl } from './normalizeUrl';\n\nexport function checkDomain(domains: Domain[], endpoint: string) {\n\tif (!endpoint) {\n\t\treturn;\n\t}\n\n\tconst domain = domains.find((domain) => {\n\t\tlet testable: RegExp;\n\n\t\tif (typeof domain === 'string') {\n\t\t\ttestable = new RegExp(`^${domain}`);\n\t\t} else {\n\t\t\ttestable = domain;\n\t\t}\n\n\t\treturn testable.test?.(endpoint);\n\t});\n\tif (!domain) {\n\t\tthrow new Error(\n\t\t\t'Domain ' + endpoint + ' is not trusted, please add domain in ' + scriptFilename,\n\t\t);\n\t}\n}\n\nexport const getDomains = (\n\ttrustedDomain: Domain[] | DomainDetails,\n\ttype: 'oidc' | 'accessToken',\n) => {\n\tif (Array.isArray(trustedDomain)) {\n\t\treturn trustedDomain;\n\t}\n\n\treturn trustedDomain[`${type}Domains`] ?? trustedDomain.domains ?? [];\n};\n\nexport const getCurrentDatabaseDomain = (\n\tdatabase: Database,\n\turl: string,\n\ttrustedDomains: TrustedDomains,\n) => {\n\tif (url.endsWith(openidWellknownUrlEndWith)) {\n\t\treturn null;\n\t}\n\tfor (const [key, currentDatabase] of Object.entries<OidcConfig>(database)) {\n\t\tconst oidcServerConfiguration = currentDatabase.oidcServerConfiguration;\n\n\t\tif (!oidcServerConfiguration) {\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (\n\t\t\toidcServerConfiguration.tokenEndpoint &&\n\t\t\turl === normalizeUrl(oidcServerConfiguration.tokenEndpoint)\n\t\t) {\n\t\t\tcontinue;\n\t\t}\n\t\tif (\n\t\t\toidcServerConfiguration.revocationEndpoint &&\n\t\t\turl === normalizeUrl(oidcServerConfiguration.revocationEndpoint)\n\t\t) {\n\t\t\tcontinue;\n\t\t}\n\t\tconst trustedDomain = trustedDomains == null ? [] : trustedDomains[key];\n\n\t\tconst domains = getDomains(trustedDomain, 'accessToken');\n\t\tconst domainsToSendTokens = oidcServerConfiguration.userInfoEndpoint\n\t\t\t? [oidcServerConfiguration.userInfoEndpoint, ...domains]\n\t\t\t: [...domains];\n\n\t\tlet hasToSendToken = false;\n\t\tif (domainsToSendTokens.find((f) => f === acceptAnyDomainToken)) {\n\t\t\thasToSendToken = true;\n\t\t} else {\n\t\t\tfor (let i = 0; i < domainsToSendTokens.length; i++) {\n\t\t\t\tlet domain = domainsToSendTokens[i];\n\n\t\t\t\tif (typeof domain === 'string') {\n\t\t\t\t\tdomain = new RegExp(`^${domain}`);\n\t\t\t\t}\n\n\t\t\t\tif (domain.test?.(url)) {\n\t\t\t\t\thasToSendToken = true;\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif (hasToSendToken) {\n\t\t\tif (!currentDatabase.tokens) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn currentDatabase;\n\t\t}\n\t}\n\treturn null;\n};\n","import { FetchHeaders } from '../types';\n\nfunction serializeHeaders(headers: Headers) {\n const headersObj: Record<string, string> = {};\n for (const key of (headers as FetchHeaders).keys()) {\n if (headers.has(key)) {\n headersObj[key] = headers.get(key) as string;\n }\n }\n return headersObj;\n}\nexport { serializeHeaders };\n","const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));\nexport { sleep };\n","/**\n * Count occurances of letter in string\n * @param str\n * @param find\n * @returns\n */\nexport function countLetter(str: string, find: string) {\n return str.split(find).length - 1;\n}\n","/* eslint-disable simple-import-sort/exports */\nimport { TOKEN, TokenRenewMode } from '../constants';\nimport {\n AccessTokenPayload,\n IdTokenPayload,\n OidcConfig,\n OidcConfiguration,\n OidcServerConfiguration,\n Tokens\n} from '../types';\nimport { countLetter } from './strings';\n\nfunction parseJwt(token: string) {\n return JSON.parse(\n b64DecodeUnicode(token.split('.')[1].replace('-', '+').replace('_', '/')),\n );\n}\nfunction b64DecodeUnicode(str: string) {\n return decodeURIComponent(\n Array.prototype.map\n .call(\n atob(str),\n (c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2),\n )\n .join(''),\n );\n}\n\nfunction computeTimeLeft(\n refreshTimeBeforeTokensExpirationInSecond: number,\n expiresAt: number,\n) {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n return Math.round(\n expiresAt -\n refreshTimeBeforeTokensExpirationInSecond -\n currentTimeUnixSecond,\n );\n}\n\nfunction isTokensValid(tokens: Tokens | null) {\n if (!tokens) {\n return false;\n }\n return computeTimeLeft(0, tokens.expiresAt) > 0;\n}\n\nconst extractTokenPayload = (token?: string) => {\n try {\n if (!token) {\n return null;\n }\n if (countLetter(token, '.') === 2) {\n return parseJwt(token);\n } else {\n return null;\n }\n } catch (e) {\n console.warn(e);\n }\n return null;\n};\n\n// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation (excluding rules #1, #4, #5, #7, #8, #12, and #13 which did not apply).\n// https://github.com/openid/AppAuth-JS/issues/65\nconst isTokensOidcValid = (\n tokens: Tokens,\n nonce: string | null,\n oidcServerConfiguration: OidcServerConfiguration,\n): { isValid: boolean; reason: string } => {\n if (tokens.idTokenPayload) {\n const idTokenPayload = tokens.idTokenPayload;\n // 2: The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.\n if (oidcServerConfiguration.issuer !== idTokenPayload.iss) {\n return { isValid: false, reason: `Issuer does not match (oidcServerConfiguration issuer) ${oidcServerConfiguration.issuer} !== (idTokenPayload issuer) ${idTokenPayload.iss}` };\n }\n // 3: The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.\n\n // 6: If the ID Token is received via direct communication between the Client and the Token Endpoint (which it is in this flow), the TLS server validation MAY be used to validate the issuer in place of checking the token signature. The Client MUST validate the signature of all other ID Tokens according to JWS [JWS] using the algorithm specified in the JWT alg Header Parameter. The Client MUST use the keys provided by the Issuer.\n\n // 9: The current time MUST be before the time represented by the exp Claim.\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n if (idTokenPayload.exp && idTokenPayload.exp < currentTimeUnixSecond) {\n return { isValid: false, reason: `Token expired at (idTokenPayload exp) ${idTokenPayload.exp} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };\n }\n // 10: The iat Claim can be used to reject tokens that were issued too far away from the current time, limiting the amount of time that nonces need to be stored to prevent attacks. The acceptable range is Client specific.\n const timeInSevenDays = 60 * 60 * 24 * 7;\n if (\n idTokenPayload.iat &&\n idTokenPayload.iat + timeInSevenDays < currentTimeUnixSecond\n ) {\n return { isValid: false, reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${idTokenPayload.iat + timeInSevenDays} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };\n }\n // 11: If a nonce value was sent in the Authentication Request, a nonce Claim MUST be present and its value checked to verify that it is the same value as the one that was sent in the Authentication Request. The Client SHOULD check the nonce value for replay attacks. The precise method for detecting replay attacks is Client specific.\n if (nonce && idTokenPayload.nonce && idTokenPayload.nonce !== nonce) {\n return { isValid: false, reason: `Nonce does not match (nonce) ${nonce} !== (idTokenPayload nonce) ${idTokenPayload.nonce}` };\n }\n }\n return { isValid: true, reason: '' };\n};\n\nfunction extractedIssueAt(tokens: Tokens, accessTokenPayload: AccessTokenPayload | null, _idTokenPayload : IdTokenPayload) {\n if (!tokens.issued_at) {\n if (accessTokenPayload && accessTokenPayload.iat) {\n return accessTokenPayload.iat;\n } else if (_idTokenPayload && _idTokenPayload.iat) {\n return _idTokenPayload.iat;\n } else {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n return currentTimeUnixSecond;\n }\n } else if (typeof tokens.issued_at == \"string\") {\n return parseInt(tokens.issued_at, 10);\n }\n return tokens.issued_at;\n}\n\nfunction _hideTokens(tokens: Tokens, currentDatabaseElement: OidcConfig, configurationName: string) {\n if (!tokens.issued_at) {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n tokens.issued_at = currentTimeUnixSecond;\n } else if (typeof tokens.issued_at == \"string\") {\n tokens.issued_at = parseInt(tokens.issued_at, 10);\n }\n\n const accessTokenPayload = extractTokenPayload(tokens.access_token);\n const secureTokens = {\n ...tokens,\n accessTokenPayload,\n };\n if (currentDatabaseElement.hideAccessToken) {\n secureTokens.access_token = TOKEN.ACCESS_TOKEN + '_' + configurationName;\n }\n tokens.accessTokenPayload = accessTokenPayload;\n\n let _idTokenPayload = null;\n if (tokens.id_token) {\n _idTokenPayload = extractTokenPayload(tokens.id_token);\n tokens.idTokenPayload = { ..._idTokenPayload };\n if (_idTokenPayload.nonce && currentDatabaseElement.nonce != null) {\n const keyNonce =\n TOKEN.NONCE_TOKEN + '_' + currentDatabaseElement.configurationName;\n _idTokenPayload.nonce = keyNonce;\n }\n secureTokens.idTokenPayload = _idTokenPayload;\n }\n if (tokens.refresh_token) {\n secureTokens.refresh_token =\n TOKEN.REFRESH_TOKEN + '_' + configurationName;\n }\n\n tokens.issued_at = extractedIssueAt(tokens, accessTokenPayload, _idTokenPayload);\n\n const expireIn = typeof tokens.expires_in == \"string\" ? parseInt(tokens.expires_in, 10) : tokens.expires_in;\n\n const idTokenExpiresAt =\n _idTokenPayload && _idTokenPayload.exp\n ? _idTokenPayload.exp\n : Number.MAX_VALUE;\n const accessTokenExpiresAt =\n accessTokenPayload && accessTokenPayload.exp\n ? accessTokenPayload.exp\n : tokens.issued_at + expireIn;\n\n let expiresAt: number;\n const tokenRenewMode = (\n currentDatabaseElement.oidcConfiguration as OidcConfiguration\n ).token_renew_mode;\n if (tokenRenewMode === TokenRenewMode.access_token_invalid) {\n expiresAt = accessTokenExpiresAt;\n } else if (tokenRenewMode === TokenRenewMode.id_token_invalid) {\n expiresAt = idTokenExpiresAt;\n } else {\n expiresAt =\n idTokenExpiresAt < accessTokenExpiresAt\n ? idTokenExpiresAt\n : accessTokenExpiresAt;\n }\n secureTokens.expiresAt = expiresAt;\n\n tokens.expiresAt = expiresAt;\n const nonce = currentDatabaseElement.nonce\n ? currentDatabaseElement.nonce.nonce\n : null;\n const { isValid, reason } = isTokensOidcValid(\n tokens,\n nonce,\n currentDatabaseElement.oidcServerConfiguration as OidcServerConfiguration,\n ); // TODO: Type assertion, could be null.\n if (!isValid) {\n throw Error(`Tokens are not OpenID valid, reason: ${reason}`);\n }\n\n // When refresh_token is not rotated we reuse ald refresh_token\n if (\n currentDatabaseElement.tokens != null &&\n 'refresh_token' in currentDatabaseElement.tokens &&\n !('refresh_token' in tokens)\n ) {\n const refreshToken = currentDatabaseElement.tokens.refresh_token;\n\n currentDatabaseElement.tokens = {\n ...tokens,\n refresh_token: refreshToken,\n };\n } else {\n currentDatabaseElement.tokens = tokens;\n }\n\n currentDatabaseElement.status = 'LOGGED_IN';\n return secureTokens;\n}\n\nfunction hideTokens(currentDatabaseElement: OidcConfig) {\n const configurationName = currentDatabaseElement.configurationName;\n return (response: Response) => {\n if (response.status !== 200) {\n return response;\n }\n return response.json().then<Response>((tokens: Tokens) => {\n const secureTokens = _hideTokens(tokens, currentDatabaseElement, configurationName);\n const body = JSON.stringify(secureTokens);\n return new Response(body, response);\n });\n };\n}\n\nexport {\n b64DecodeUnicode,\n computeTimeLeft,\n isTokensValid,\n extractTokenPayload,\n isTokensOidcValid,\n hideTokens,\n _hideTokens,\n};\n","export function replaceCodeVerifier(codeVerifier:string, newCodeVerifier:string):string {\n const regex = /code_verifier=[A-Za-z0-9_-]+/i;\n return codeVerifier.replace(regex, `code_verifier=${newCodeVerifier}`);\n}\n","export default '7.12.2';\n","import { acceptAnyDomainToken, scriptFilename, TOKEN } from './constants';\nimport {\n\tDatabase,\n\tMessageEventData,\n\tOidcConfig,\n\tTrustedDomains,\n} from './types';\nimport {\n\tcheckDomain,\n\tgetCurrentDatabaseDomain,\n\tgetDomains,\n\thideTokens,\n\tisTokensValid,\n\tserializeHeaders,\n\tsleep,\n} from './utils';\nimport { replaceCodeVerifier } from './utils/codeVerifier';\nimport { normalizeUrl } from './utils/normalizeUrl';\nimport version from './version';\n\n// @ts-ignore\nif (typeof trustedTypes !== 'undefined' && typeof trustedTypes.createPolicy == 'function') {\n\t// @ts-ignore\n\ttrustedTypes.createPolicy('default', {\n\t\tcreateScriptURL: function (url: string) {\n\t\t\tif (url == scriptFilename) {\n\t\t\t\treturn url;\n\t\t\t} else {\n\t\t\t\tthrow new Error('Untrusted script URL blocked: ' + url);\n\t\t\t}\n\t\t},\n\t});\n}\n\nconst _self = self as ServiceWorkerGlobalScope & typeof globalThis;\n\ndeclare let trustedDomains: TrustedDomains;\n\n_self.importScripts(scriptFilename);\n\nconst id = Math.round(new Date().getTime() / 1000).toString();\n\nconst keepAliveJsonFilename = 'OidcKeepAliveServiceWorker.json';\nconst handleInstall = (event: ExtendableEvent) => {\n\tconsole.log('[OidcServiceWorker] service worker installed ' + id);\n\tevent.waitUntil(_self.skipWaiting());\n};\n\nconst handleActivate = (event: ExtendableEvent) => {\n\tconsole.log('[OidcServiceWorker] service worker activated ' + id);\n\tevent.waitUntil(_self.clients.claim());\n};\n\nlet currentLoginCallbackConfigurationName: string | null = null;\nconst database: Database = {};\n\nconst getCurrentDatabasesTokenEndpoint = (database: Database, url: string) => {\n\tconst databases: OidcConfig[] = [];\n\tfor (const [, value] of Object.entries<OidcConfig>(database)) {\n\t\tif (\n\t\t\tvalue.oidcServerConfiguration != null &&\n\t\t\turl.startsWith(normalizeUrl(value.oidcServerConfiguration.tokenEndpoint))\n\t\t) {\n\t\t\tdatabases.push(value);\n\t\t} else if (\n\t\t\tvalue.oidcServerConfiguration != null &&\n\t\t\tvalue.oidcServerConfiguration.revocationEndpoint &&\n\t\t\turl.startsWith(\n\t\t\t\tnormalizeUrl(value.oidcServerConfiguration.revocationEndpoint),\n\t\t\t)\n\t\t) {\n\t\t\tdatabases.push(value);\n\t\t}\n\t}\n\treturn databases;\n};\n\nconst keepAliveAsync = async (event: FetchEvent) => {\n\tconst originalRequest = event.request;\n\tconst isFromVanilla = originalRequest.headers.has('oidc-vanilla');\n\tconst init = { status: 200, statusText: 'oidc-service-worker' };\n\tconst response = new Response('{}', init);\n\tif (!isFromVanilla) {\n\t\tconst originalRequestUrl = new URL(originalRequest.url);\n\t\tconst minSleepSeconds =\n\t\t\tNumber(originalRequestUrl.searchParams.get('minSleepSeconds')) || 240;\n\t\tfor (let i = 0; i < minSleepSeconds; i++) {\n\t\t\tawait sleep(1000 + Math.floor(Math.random() * 1000));\n\t\t\tconst cache = await caches.open('oidc_dummy_cache');\n\t\t\tawait cache.put(event.request, response.clone());\n\t\t}\n\t}\n\treturn response;\n};\n\nconst handleFetch = async (event: FetchEvent) => {\n\tconst originalRequest = event.request;\n\tconst url = normalizeUrl(originalRequest.url);\n\tif (url.includes(keepAliveJsonFilename)) {\n\t\tevent.respondWith(keepAliveAsync(event));\n\t\treturn;\n\t}\n\n\tconst currentDatabaseForRequestAccessToken = getCurrentDatabaseDomain(\n\t\tdatabase,\n\t\turl,\n\t\ttrustedDomains,\n\t);\n\tif (\n\t\tcurrentDatabaseForRequestAccessToken &&\n\t\tcurrentDatabaseForRequestAccessToken.tokens &&\n\t\tcurrentDatabaseForRequestAccessToken.tokens.access_token\n\t) {\n\t\twhile (\n\t\t\tcurrentDatabaseForRequestAccessToken.tokens &&\n\t\t\t!isTokensValid(currentDatabaseForRequestAccessToken.tokens)\n\t\t) {\n\t\t\tawait sleep(200);\n\t\t}\n\n\t\tlet requestMode = originalRequest.mode;\n\n\t\tif (\n\t\t\toriginalRequest.mode !== 'navigate' &&\n\t\t\tcurrentDatabaseForRequestAccessToken.convertAllRequestsToCorsExceptNavigate\n\t\t) {\n\t\t\trequestMode = 'cors';\n\t\t}\n\n\t\tlet headers: { [p: string]: string };\n\t\tif (\n\t\t\toriginalRequest.mode == 'navigate' &&\n\t\t\t!currentDatabaseForRequestAccessToken.setAccessTokenToNavigateRequests\n\t\t) {\n\t\t\theaders = {\n\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t};\n\t\t} else {\n\t\t\theaders = {\n\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t\tauthorization:\n\t\t\t\t\t'Bearer ' + currentDatabaseForRequestAccessToken.tokens.access_token,\n\t\t\t};\n\t\t}\n\t\tlet init: RequestInit;\n\t\tif (originalRequest.mode === 'navigate') {\n\t\t\tinit = {\n\t\t\t\theaders: headers,\n\t\t\t};\n\t\t} else {\n\t\t\tinit = {\n\t\t\t\theaders: headers,\n\t\t\t\tmode: requestMode,\n\t\t\t};\n\t\t}\n\n\t\tconst newRequest = new Request(originalRequest, init);\n\n\t\tevent.respondWith(fetch(newRequest));\n\n\t\treturn;\n\t}\n\n\tif (event.request.method !== 'POST') {\n\t\treturn;\n\t}\n\n\tlet currentDatabase: OidcConfig | null = null;\n\tconst currentDatabases = getCurrentDatabasesTokenEndpoint(database, url);\n\tconst numberDatabase = currentDatabases.length;\n\tif (numberDatabase > 0) {\n\t\tconst maPromesse = new Promise<Response>((resolve, reject) => {\n\t\t\tconst clonedRequest = originalRequest.clone();\n\t\t\tconst response = clonedRequest.text().then((actualBody) => {\n\t\t\t\tif (\n\t\t\t\t\tactualBody.includes(TOKEN.REFRESH_TOKEN) ||\n\t\t\t\t\tactualBody.includes(TOKEN.ACCESS_TOKEN)\n\t\t\t\t) {\n\t\t\t\t\tlet newBody = actualBody;\n\t\t\t\t\tfor (let i = 0; i < numberDatabase; i++) {\n\t\t\t\t\t\tconst currentDb = currentDatabases[i];\n\n\t\t\t\t\t\tif (currentDb && currentDb.tokens != null) {\n\t\t\t\t\t\t\tconst keyRefreshToken =\n\t\t\t\t\t\t\t\tTOKEN.REFRESH_TOKEN + '_' + currentDb.configurationName;\n\t\t\t\t\t\t\tif (actualBody.includes(keyRefreshToken)) {\n\t\t\t\t\t\t\t\tnewBody = newBody.replace(\n\t\t\t\t\t\t\t\t\tkeyRefreshToken,\n\t\t\t\t\t\t\t\t\tencodeURIComponent(currentDb.tokens.refresh_token as string),\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\tcurrentDatabase = currentDb;\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tconst keyAccessToken =\n\t\t\t\t\t\t\t\tTOKEN.ACCESS_TOKEN + '_' + currentDb.configurationName;\n\t\t\t\t\t\t\tif (actualBody.includes(keyAccessToken)) {\n\t\t\t\t\t\t\t\tnewBody = newBody.replace(\n\t\t\t\t\t\t\t\t\tkeyAccessToken,\n\t\t\t\t\t\t\t\t\tencodeURIComponent(currentDb.tokens.access_token),\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\tcurrentDatabase = currentDb;\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tconst fetchPromise = fetch(originalRequest, {\n\t\t\t\t\t\tbody: newBody,\n\t\t\t\t\t\tmethod: clonedRequest.method,\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tmode: clonedRequest.mode,\n\t\t\t\t\t\tcache: clonedRequest.cache,\n\t\t\t\t\t\tredirect: clonedRequest.redirect,\n\t\t\t\t\t\treferrer: clonedRequest.referrer,\n\t\t\t\t\t\tcredentials: clonedRequest.credentials,\n\t\t\t\t\t\tintegrity: clonedRequest.integrity,\n\t\t\t\t\t});\n\n\t\t\t\t\tif (\n\t\t\t\t\t\tcurrentDatabase &&\n\t\t\t\t\t\tcurrentDatabase.oidcServerConfiguration != null &&\n\t\t\t\t\t\tcurrentDatabase.oidcServerConfiguration.revocationEndpoint &&\n\t\t\t\t\t\turl.startsWith(\n\t\t\t\t\t\t\tnormalizeUrl(\n\t\t\t\t\t\t\t\tcurrentDatabase.oidcServerConfiguration.revocationEndpoint,\n\t\t\t\t\t\t\t),\n\t\t\t\t\t\t)\n\t\t\t\t\t) {\n\t\t\t\t\t\treturn fetchPromise.then(async (response) => {\n\t\t\t\t\t\t\tconst text = await response.text();\n\t\t\t\t\t\t\treturn new Response(text, response);\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn fetchPromise.then(hideTokens(currentDatabase as OidcConfig)); // todo type assertion to OidcConfig but could be null, NEEDS REVIEW\n\t\t\t\t} else if (\n\t\t\t\t\tactualBody.includes('code_verifier=') &&\n\t\t\t\t\tcurrentLoginCallbackConfigurationName\n\t\t\t\t) {\n\t\t\t\t\tcurrentDatabase = database[currentLoginCallbackConfigurationName];\n\t\t\t\t\tcurrentLoginCallbackConfigurationName = null;\n\t\t\t\t\tlet newBody = actualBody;\n\t\t\t\t\tif (currentDatabase && currentDatabase.codeVerifier != null) {\n\t\t\t\t\t\tnewBody = replaceCodeVerifier(\n\t\t\t\t\t\t\tnewBody,\n\t\t\t\t\t\t\tcurrentDatabase.codeVerifier,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\treturn fetch(originalRequest, {\n\t\t\t\t\t\tbody: newBody,\n\t\t\t\t\t\tmethod: clonedRequest.method,\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tmode: clonedRequest.mode,\n\t\t\t\t\t\tcache: clonedRequest.cache,\n\t\t\t\t\t\tredirect: clonedRequest.redirect,\n\t\t\t\t\t\treferrer: clonedRequest.referrer,\n\t\t\t\t\t\tcredentials: clonedRequest.credentials,\n\t\t\t\t\t\tintegrity: clonedRequest.integrity,\n\t\t\t\t\t}).then(hideTokens(currentDatabase));\n\t\t\t\t}\n\n\t\t\t\t// if showAccessToken=true, the token is already in the body\n\t\t\t\t// of the request, and it does not need to be injected\n\t\t\t\t// and we can simply clone the request\n\t\t\t\treturn fetch(originalRequest, {\n\t\t\t\t\tbody: actualBody,\n\t\t\t\t\tmethod: clonedRequest.method,\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t\t\t},\n\t\t\t\t\tmode: clonedRequest.mode,\n\t\t\t\t\tcache: clonedRequest.cache,\n\t\t\t\t\tredirect: clonedRequest.redirect,\n\t\t\t\t\treferrer: clonedRequest.referrer,\n\t\t\t\t\tcredentials: clonedRequest.credentials,\n\t\t\t\t\tintegrity: clonedRequest.integrity,\n\t\t\t\t});\n\t\t\t});\n\t\t\tresponse\n\t\t\t\t.then((r) => {\n\t\t\t\t\tresolve(r);\n\t\t\t\t})\n\t\t\t\t.catch((err) => {\n\t\t\t\t\treject(err);\n\t\t\t\t});\n\t\t});\n\n\t\tevent.respondWith(maPromesse);\n\t}\n};\n\nconst handleMessage = (event: ExtendableMessageEvent) => {\n\tconst port = event.ports[0];\n\tconst data = event.data as MessageEventData;\n\tif (event.data.type === 'claim') {\n\t\t_self.clients.claim().then(() => port.postMessage({}));\n\t\treturn;\n\t}\n\tconst configurationName = data.configurationName;\n\tlet currentDatabase = database[configurationName];\n\tif (trustedDomains == null) {\n\t\ttrustedDomains = {};\n\t}\n\tif (!currentDatabase) {\n\t\tconst trustedDomain = trustedDomains[configurationName];\n\t\tconst showAccessToken = Array.isArray(trustedDomain)\n\t\t\t? false\n\t\t\t: trustedDomain.showAccessToken;\n\t\tconst doNotSetAccessTokenToNavigateRequests = Array.isArray(trustedDomain)\n\t\t\t? true\n\t\t\t: trustedDomain.setAccessTokenToNavigateRequests;\n\t\tconst convertAllRequestsToCorsExceptNavigate = Array.isArray(trustedDomain)\n\t\t\t? false\n\t\t\t: trustedDomain.convertAllRequestsToCorsExceptNavigate;\n\t\tdatabase[configurationName] = {\n\t\t\ttokens: null,\n\t\t\tstate: null,\n\t\t\tcodeVerifier: null,\n\t\t\toidcServerConfiguration: null,\n\t\t\toidcConfiguration: undefined,\n\t\t\tnonce: null,\n\t\t\tstatus: null,\n\t\t\tconfigurationName,\n\t\t\thideAccessToken: !showAccessToken,\n\t\t\tsetAccessTokenToNavigateRequests:\n\t\t\t\tdoNotSetAccessTokenToNavigateRequests ?? true,\n\t\t\tconvertAllRequestsToCorsExceptNavigate:\n\t\t\t\tconvertAllRequestsToCorsExceptNavigate ?? false,\n\t\t\tdemonstratingProofOfPossessionNonce: null,\n\t\t\tdemonstratingProofOfPossessionJwkJson: null,\n\t\t};\n\t\tcurrentDatabase = database[configurationName];\n\n\t\tif (!trustedDomains[configurationName]) {\n\t\t\ttrustedDomains[configurationName] = [];\n\t\t}\n\t}\n\n\tswitch (data.type) {\n\t\tcase 'clear':\n\t\t\tcurrentDatabase.tokens = null;\n\t\t\tcurrentDatabase.state = null;\n\t\t\tcurrentDatabase.codeVerifier = null;\n\t\t\tcurrentDatabase.status = data.data.status;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\tcase 'init': {\n\t\t\tconst oidcServerConfiguration = data.data.oidcServerConfiguration;\n\t\t\tconst trustedDomain = trustedDomains[configurationName];\n\t\t\tconst domains = getDomains(trustedDomain, 'oidc');\n\t\t\tif (!domains.some((domain) => domain === acceptAnyDomainToken)) {\n\t\t\t\t[\n\t\t\t\t\toidcServerConfiguration.tokenEndpoint,\n\t\t\t\t\toidcServerConfiguration.revocationEndpoint,\n\t\t\t\t\toidcServerConfiguration.userInfoEndpoint,\n\t\t\t\t\toidcServerConfiguration.issuer,\n\t\t\t\t].forEach((url) => {\n\t\t\t\t\tcheckDomain(domains, url);\n\t\t\t\t});\n\t\t\t}\n\t\t\tcurrentDatabase.oidcServerConfiguration = oidcServerConfiguration;\n\t\t\tcurrentDatabase.oidcConfiguration = data.data.oidcConfiguration;\n\t\t\tconst where = data.data.where;\n\t\t\tif (\n\t\t\t\twhere === 'loginCallbackAsync' ||\n\t\t\t\twhere === 'tryKeepExistingSessionAsync'\n\t\t\t) {\n\t\t\t\tcurrentLoginCallbackConfigurationName = configurationName;\n\t\t\t} else {\n\t\t\t\tcurrentLoginCallbackConfigurationName = null;\n\t\t\t}\n\n\t\t\tif (!currentDatabase.tokens) {\n\t\t\t\tport.postMessage({\n\t\t\t\t\ttokens: null,\n\t\t\t\t\tstatus: currentDatabase.status,\n\t\t\t\t\tconfigurationName,\n\t\t\t\t\tversion,\n\t\t\t\t});\n\t\t\t} else {\n\t\t\t\tconst tokens = {\n\t\t\t\t\t...currentDatabase.tokens,\n\t\t\t\t};\n\t\t\t\tif (currentDatabase.hideAccessToken) {\n\t\t\t\t\ttokens.access_token = TOKEN.ACCESS_TOKEN + '_' + configurationName;\n\t\t\t\t}\n\t\t\t\tif (tokens.refresh_token) {\n\t\t\t\t\ttokens.refresh_token = TOKEN.REFRESH_TOKEN + '_' + configurationName;\n\t\t\t\t}\n\t\t\t\tif (\n\t\t\t\t\ttokens.idTokenPayload &&\n\t\t\t\t\ttokens.idTokenPayload.nonce &&\n\t\t\t\t\tcurrentDatabase.nonce != null\n\t\t\t\t) {\n\t\t\t\t\ttokens.idTokenPayload.nonce =\n\t\t\t\t\t\tTOKEN.NONCE_TOKEN + '_' + configurationName;\n\t\t\t\t}\n\t\t\t\tport.postMessage({\n\t\t\t\t\ttokens,\n\t\t\t\t\tstatus: currentDatabase.status,\n\t\t\t\t\tconfigurationName,\n\t\t\t\t\tversion,\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn;\n\t\t}\n\t\tcase 'setDemonstratingProofOfPossessionNonce': {\n\t\t\tcurrentDatabase.demonstratingProofOfPossessionNonce =\n\t\t\t\tdata.data.demonstratingProofOfPossessionNonce;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getDemonstratingProofOfPossessionNonce': {\n\t\t\tconst demonstratingProofOfPossessionNonce =\n\t\t\t\tcurrentDatabase.demonstratingProofOfPossessionNonce;\n\t\t\tport.postMessage({\n\t\t\t\tconfigurationName,\n\t\t\t\tdemonstratingProofOfPossessionNonce,\n\t\t\t});\n\t\t\treturn;\n\t\t}\n\t\tcase 'setDemonstratingProofOfPossessionJwk': {\n\t\t\tcurrentDatabase.demonstratingProofOfPossessionJwkJson =\n\t\t\t\tdata.data.demonstratingProofOfPossessionJwkJson;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getDemonstratingProofOfPossessionJwk': {\n\t\t\tconst demonstratingProofOfPossessionJwkJson =\n\t\t\t\tcurrentDatabase.demonstratingProofOfPossessionJwkJson;\n\t\t\tport.postMessage({\n\t\t\t\tconfigurationName,\n\t\t\t\tdemonstratingProofOfPossessionJwkJson,\n\t\t\t});\n\t\t\treturn;\n\t\t}\n\t\tcase 'setState': {\n\t\t\tcurrentDatabase.state = data.data.state;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getState': {\n\t\t\tconst state = currentDatabase.state;\n\t\t\tport.postMessage({ configurationName, state });\n\t\t\treturn;\n\t\t}\n\t\tcase 'setCodeVerifier': {\n\t\t\tcurrentDatabase.codeVerifier = data.data.codeVerifier;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getCodeVerifier': {\n\t\t\tport.postMessage({\n\t\t\t\tconfigurationName,\n\t\t\t\tcodeVerifier:\n\t\t\t\t\tcurrentDatabase.codeVerifier != null\n\t\t\t\t\t\t? TOKEN.CODE_VERIFIER + '_' + configurationName\n\t\t\t\t\t\t: null,\n\t\t\t});\n\t\t\treturn;\n\t\t}\n\t\tcase 'setSessionState': {\n\t\t\tcurrentDatabase.sessionState = data.data.sessionState;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getSessionState': {\n\t\t\tconst sessionState = currentDatabase.sessionState;\n\t\t\tport.postMessage({ configurationName, sessionState });\n\t\t\treturn;\n\t\t}\n\t\tcase 'setNonce': {\n\t\t\tconst nonce = data.data.nonce;\n\t\t\tif (nonce) {\n\t\t\t\tcurrentDatabase.nonce = nonce;\n\t\t\t}\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getNonce': {\n\t\t\tconst keyNonce = TOKEN.NONCE_TOKEN + '_' + configurationName;\n\t\t\tconst nonce = currentDatabase.nonce ? keyNonce : null;\n\t\t\tport.postMessage({ configurationName, nonce });\n\t\t\treturn;\n\t\t}\n\t\tdefault: {\n\t\t\tcurrentDatabase.items = { ...data.data };\n\t\t\tport.postMessage({ configurationName });\n\t\t}\n\t}\n};\n\n_self.addEventListener('install', handleInstall);\n_self.addEventListener('activate', handleActivate);\n_self.addEventListener('fetch', handleFetch);\n_self.addEventListener('message', handleMessage);\n"],"names":["domain","database","trustedDomains","response"],"mappings":"AAAA,MAAM,iBAAiB;AACvB,MAAM,uBAAuB;AAS7B,MAAM,QAAmB;AAAA,EACvB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,aAAa;AAAA,EACb,eAAe;AACjB;AAQA,MAAM,iBAAqC;AAAA,EACzC,kCAAkC;AAAA,EAClC,sBAAsB;AAAA,EACtB,kBAAkB;AACpB;AAEA,MAAM,4BAA4B;AC7B3B,SAAS,aAAa,KAAa;AACrC,MAAA;AACH,WAAO,IAAI,IAAI,GAAG,EAAE,SAAS;AAAA,WACrB,OAAO;AACP,YAAA,MAAM,4BAA4B,GAAG,EAAE;AACxC,WAAA;AAAA,EACR;AACD;ACHgB,SAAA,YAAY,SAAmB,UAAkB;AAChE,MAAI,CAAC,UAAU;AACd;AAAA,EACD;AAEA,QAAM,SAAS,QAAQ,KAAK,CAACA,YAAW;AFTzC;AEUM,QAAA;AAEA,QAAA,OAAOA,YAAW,UAAU;AAC/B,iBAAW,IAAI,OAAO,IAAIA,OAAM,EAAE;AAAA,IAAA,OAC5B;AACKA,iBAAAA;AAAAA,IACZ;AAEO,YAAA,cAAS,SAAT,kCAAgB;AAAA,EAAQ,CAC/B;AACD,MAAI,CAAC,QAAQ;AACZ,UAAM,IAAI;AAAA,MACT,YAAY,WAAW,2CAA2C;AAAA,IAAA;AAAA,EAEpE;AACD;AAEa,MAAA,aAAa,CACzB,eACA,SACI;AACA,MAAA,MAAM,QAAQ,aAAa,GAAG;AAC1B,WAAA;AAAA,EACR;AAEA,SAAO,cAAc,GAAG,IAAI,SAAS,KAAK,cAAc,WAAW;AACpE;AAEO,MAAM,2BAA2B,CACvCC,WACA,KACAC,oBACI;AF1CL;AE2CK,MAAA,IAAI,SAAS,yBAAyB,GAAG;AACrC,WAAA;AAAA,EACR;AACA,aAAW,CAAC,KAAK,eAAe,KAAK,OAAO,QAAoBD,SAAQ,GAAG;AAC1E,UAAM,0BAA0B,gBAAgB;AAEhD,QAAI,CAAC,yBAAyB;AAC7B;AAAA,IACD;AAEA,QACC,wBAAwB,iBACxB,QAAQ,aAAa,wBAAwB,aAAa,GACzD;AACD;AAAA,IACD;AACA,QACC,wBAAwB,sBACxB,QAAQ,aAAa,wBAAwB,kBAAkB,GAC9D;AACD;AAAA,IACD;AACA,UAAM,gBAAgBC,mBAAkB,OAAO,CAAA,IAAKA,gBAAe,GAAG;AAEhE,UAAA,UAAU,WAAW,eAAe,aAAa;AACjD,UAAA,sBAAsB,wBAAwB,mBACjD,CAAC,wBAAwB,kBAAkB,GAAG,OAAO,IACrD,CAAC,GAAG,OAAO;AAEd,QAAI,iBAAiB;AACrB,QAAI,oBAAoB,KAAK,CAAC,MAAM,MAAM,oBAAoB,GAAG;AAC/C,uBAAA;AAAA,IAAA,OACX;AACN,eAAS,IAAI,GAAG,IAAI,oBAAoB,QAAQ,KAAK;AAChD,YAAA,SAAS,oBAAoB,CAAC;AAE9B,YAAA,OAAO,WAAW,UAAU;AAC/B,mBAAS,IAAI,OAAO,IAAI,MAAM,EAAE;AAAA,QACjC;AAEI,aAAA,YAAO,SAAP,gCAAc,MAAM;AACN,2BAAA;AACjB;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAEA,QAAI,gBAAgB;AACf,UAAA,CAAC,gBAAgB,QAAQ;AACrB,eAAA;AAAA,MACR;AACO,aAAA;AAAA,IACR;AAAA,EACD;AACO,SAAA;AACR;AChGA,SAAS,iBAAiB,SAAkB;AAC1C,QAAM,aAAqC,CAAA;AAChC,aAAA,OAAQ,QAAyB,QAAQ;AAC9C,QAAA,QAAQ,IAAI,GAAG,GAAG;AACpB,iBAAW,GAAG,IAAI,QAAQ,IAAI,GAAG;AAAA,IACnC;AAAA,EACF;AACO,SAAA;AACT;ACVA,MAAM,QAAQ,CAAC,OAAe,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;ACM9D,SAAA,YAAY,KAAa,MAAc;AACrD,SAAO,IAAI,MAAM,IAAI,EAAE,SAAS;AAClC;ACIA,SAAS,SAAS,OAAe;AAC/B,SAAO,KAAK;AAAA,IACV,iBAAiB,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,QAAQ,KAAK,GAAG,EAAE,QAAQ,KAAK,GAAG,CAAC;AAAA,EAAA;AAE5E;AACA,SAAS,iBAAiB,KAAa;AAC9B,SAAA;AAAA,IACL,MAAM,UAAU,IACb;AAAA,MACC,KAAK,GAAG;AAAA,MACR,CAAC,MAAM,OAAO,OAAO,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE;AAAA,IAAA,EAE5D,KAAK,EAAE;AAAA,EAAA;AAEd;AAEA,SAAS,gBACP,2CACA,WACA;AACA,QAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,SAAO,KAAK;AAAA,IACV,YACE,4CACA;AAAA,EAAA;AAEN;AAEA,SAAS,cAAc,QAAuB;AAC5C,MAAI,CAAC,QAAQ;AACJ,WAAA;AAAA,EACT;AACA,SAAO,gBAAgB,GAAG,OAAO,SAAS,IAAI;AAChD;AAEA,MAAM,sBAAsB,CAAC,UAAmB;AAC1C,MAAA;AACF,QAAI,CAAC,OAAO;AACH,aAAA;AAAA,IACT;AACA,QAAI,YAAY,OAAO,GAAG,MAAM,GAAG;AACjC,aAAO,SAAS,KAAK;AAAA,IAAA,OAChB;AACE,aAAA;AAAA,IACT;AAAA,WACO,GAAG;AACV,YAAQ,KAAK,CAAC;AAAA,EAChB;AACO,SAAA;AACT;AAIA,MAAM,oBAAoB,CACxB,QACA,OACA,4BACyC;AACzC,MAAI,OAAO,gBAAgB;AACzB,UAAM,iBAAiB,OAAO;AAE1B,QAAA,wBAAwB,WAAW,eAAe,KAAK;AAClD,aAAA,EAAE,SAAS,OAAO,QAAQ,0DAA0D,wBAAwB,MAAM,gCAAgC,eAAe,GAAG,GAAG;AAAA,IAChL;AAMA,UAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,QAAI,eAAe,OAAO,eAAe,MAAM,uBAAuB;AAC7D,aAAA,EAAE,SAAS,OAAO,QAAQ,yCAAyC,eAAe,GAAG,8BAA8B,qBAAqB,GAAG;AAAA,IACpJ;AAEM,UAAA,kBAAkB,KAAK,KAAK,KAAK;AACvC,QACE,eAAe,OACf,eAAe,MAAM,kBAAkB,uBACvC;AACO,aAAA,EAAE,SAAS,OAAO,QAAQ,2EAA2E,eAAe,MAAM,eAAe,8BAA8B,qBAAqB,GAAG;AAAA,IACxM;AAEA,QAAI,SAAS,eAAe,SAAS,eAAe,UAAU,OAAO;AAC5D,aAAA,EAAE,SAAS,OAAO,QAAQ,gCAAgC,KAAK,+BAA+B,eAAe,KAAK,GAAG;AAAA,IAC9H;AAAA,EACF;AACA,SAAO,EAAE,SAAS,MAAM,QAAQ,GAAG;AACrC;AAEA,SAAS,iBAAiB,QAAgB,oBAA+C,iBAAmC;AACtH,MAAA,CAAC,OAAO,WAAW;AACjB,QAAA,sBAAsB,mBAAmB,KAAK;AAChD,aAAO,mBAAmB;AAAA,IAAA,WACjB,mBAAmB,gBAAgB,KAAK;AACjD,aAAO,gBAAgB;AAAA,IAAA,OAClB;AACL,YAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AAC9C,aAAA;AAAA,IACT;AAAA,EACS,WAAA,OAAO,OAAO,aAAa,UAAU;AACvC,WAAA,SAAS,OAAO,WAAW,EAAE;AAAA,EACtC;AACA,SAAO,OAAO;AAChB;AAEA,SAAS,YAAY,QAAgB,wBAAoC,mBAA2B;AAC9F,MAAA,CAAC,OAAO,WAAW;AACrB,UAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,WAAO,YAAY;AAAA,EACV,WAAA,OAAO,OAAO,aAAa,UAAU;AAC9C,WAAO,YAAY,SAAS,OAAO,WAAW,EAAE;AAAA,EAClD;AAEM,QAAA,qBAAqB,oBAAoB,OAAO,YAAY;AAClE,QAAM,eAAe;AAAA,IACnB,GAAG;AAAA,IACH;AAAA,EAAA;AAEF,MAAI,uBAAuB,iBAAiB;AAC7B,iBAAA,eAAe,MAAM,eAAe,MAAM;AAAA,EACzD;AACA,SAAO,qBAAqB;AAE5B,MAAI,kBAAkB;AACtB,MAAI,OAAO,UAAU;AACD,sBAAA,oBAAoB,OAAO,QAAQ;AAC9C,WAAA,iBAAiB,EAAE,GAAG;AAC7B,QAAI,gBAAgB,SAAS,uBAAuB,SAAS,MAAM;AACjE,YAAM,WACF,MAAM,cAAc,MAAM,uBAAuB;AACrD,sBAAgB,QAAQ;AAAA,IAC1B;AACA,iBAAa,iBAAiB;AAAA,EAChC;AACA,MAAI,OAAO,eAAe;AACX,iBAAA,gBACT,MAAM,gBAAgB,MAAM;AAAA,EAClC;AAEA,SAAO,YAAY,iBAAiB,QAAQ,oBAAoB,eAAe;AAEzE,QAAA,WAAW,OAAO,OAAO,cAAc,WAAW,SAAS,OAAO,YAAY,EAAE,IAAI,OAAO;AAEjG,QAAM,mBACF,mBAAmB,gBAAgB,MAC7B,gBAAgB,MAChB,OAAO;AACjB,QAAM,uBACF,sBAAsB,mBAAmB,MACnC,mBAAmB,MACnB,OAAO,YAAY;AAEzB,MAAA;AACE,QAAA,iBACF,uBAAuB,kBACzB;AACE,MAAA,mBAAmB,eAAe,sBAAsB;AAC9C,gBAAA;AAAA,EAAA,WACH,mBAAmB,eAAe,kBAAkB;AACjD,gBAAA;AAAA,EAAA,OACP;AAED,gBAAA,mBAAmB,uBACb,mBACA;AAAA,EACZ;AACA,eAAa,YAAY;AAEzB,SAAO,YAAY;AACnB,QAAM,QAAQ,uBAAuB,QAC/B,uBAAuB,MAAM,QAC7B;AACA,QAAA,EAAE,SAAS,OAAA,IAAW;AAAA,IACxB;AAAA,IACA;AAAA,IACA,uBAAuB;AAAA,EAAA;AAE3B,MAAI,CAAC,SAAS;AACN,UAAA,MAAM,wCAAwC,MAAM,EAAE;AAAA,EAC9D;AAII,MAAA,uBAAuB,UAAU,QACjC,mBAAmB,uBAAuB,UAC1C,EAAE,mBAAmB,SACvB;AACM,UAAA,eAAe,uBAAuB,OAAO;AAEnD,2BAAuB,SAAS;AAAA,MAC9B,GAAG;AAAA,MACH,eAAe;AAAA,IAAA;AAAA,EACjB,OACK;AACL,2BAAuB,SAAS;AAAA,EAClC;AAEA,yBAAuB,SAAS;AACzB,SAAA;AACT;AAEA,SAAS,WAAW,wBAAoC;AACtD,QAAM,oBAAoB,uBAAuB;AACjD,SAAO,CAAC,aAAuB;AACzB,QAAA,SAAS,WAAW,KAAK;AACpB,aAAA;AAAA,IACT;AACA,WAAO,SAAS,KAAA,EAAO,KAAe,CAAC,WAAmB;AACxD,YAAM,eAAe,YAAY,QAAQ,wBAAwB,iBAAiB;AAC5E,YAAA,OAAO,KAAK,UAAU,YAAY;AACjC,aAAA,IAAI,SAAS,MAAM,QAAQ;AAAA,IAAA,CACnC;AAAA,EAAA;AAEL;ACjOgB,SAAA,oBAAoB,cAAqB,iBAA+B;AACpF,QAAM,QAAQ;AACd,SAAO,aAAa,QAAQ,OAAO,iBAAiB,eAAe,EAAE;AACzE;ACHA,MAAA,UAAe;ACqBf,IAAI,OAAO,iBAAiB,eAAe,OAAO,aAAa,gBAAgB,YAAY;AAE1F,eAAa,aAAa,WAAW;AAAA,IACpC,iBAAiB,SAAU,KAAa;AACvC,UAAI,OAAO,gBAAgB;AACnB,eAAA;AAAA,MAAA,OACD;AACA,cAAA,IAAI,MAAM,mCAAmC,GAAG;AAAA,MACvD;AAAA,IACD;AAAA,EAAA,CACA;AACF;AAEA,MAAM,QAAQ;AAId,MAAM,cAAc,cAAc;AAElC,MAAM,KAAK,KAAK,OAAU,oBAAA,QAAO,YAAY,GAAI,EAAE;AAEnD,MAAM,wBAAwB;AAC9B,MAAM,gBAAgB,CAAC,UAA2B;AACzC,UAAA,IAAI,kDAAkD,EAAE;AAC1D,QAAA,UAAU,MAAM,YAAa,CAAA;AACpC;AAEA,MAAM,iBAAiB,CAAC,UAA2B;AAC1C,UAAA,IAAI,kDAAkD,EAAE;AAChE,QAAM,UAAU,MAAM,QAAQ,MAAO,CAAA;AACtC;AAEA,IAAI,wCAAuD;AAC3D,MAAM,WAAqB,CAAA;AAE3B,MAAM,mCAAmC,CAACD,WAAoB,QAAgB;AAC7E,QAAM,YAA0B,CAAA;AAChC,aAAW,CAAG,EAAA,KAAK,KAAK,OAAO,QAAoBA,SAAQ,GAAG;AAE5D,QAAA,MAAM,2BAA2B,QACjC,IAAI,WAAW,aAAa,MAAM,wBAAwB,aAAa,CAAC,GACvE;AACD,gBAAU,KAAK,KAAK;AAAA,IAAA,WAEpB,MAAM,2BAA2B,QACjC,MAAM,wBAAwB,sBAC9B,IAAI;AAAA,MACH,aAAa,MAAM,wBAAwB,kBAAkB;AAAA,IAAA,GAE7D;AACD,gBAAU,KAAK,KAAK;AAAA,IACrB;AAAA,EACD;AACO,SAAA;AACR;AAEA,MAAM,iBAAiB,OAAO,UAAsB;AACnD,QAAM,kBAAkB,MAAM;AAC9B,QAAM,gBAAgB,gBAAgB,QAAQ,IAAI,cAAc;AAChE,QAAM,OAAO,EAAE,QAAQ,KAAK,YAAY,sBAAsB;AAC9D,QAAM,WAAW,IAAI,SAAS,MAAM,IAAI;AACxC,MAAI,CAAC,eAAe;AACnB,UAAM,qBAAqB,IAAI,IAAI,gBAAgB,GAAG;AACtD,UAAM,kBACL,OAAO,mBAAmB,aAAa,IAAI,iBAAiB,CAAC,KAAK;AACnE,aAAS,IAAI,GAAG,IAAI,iBAAiB,KAAK;AACnC,YAAA,MAAM,MAAO,KAAK,MAAM,KAAK,OAAO,IAAI,GAAI,CAAC;AACnD,YAAM,QAAQ,MAAM,OAAO,KAAK,kBAAkB;AAClD,YAAM,MAAM,IAAI,MAAM,SAAS,SAAS,OAAO;AAAA,IAChD;AAAA,EACD;AACO,SAAA;AACR;AAEA,MAAM,cAAc,OAAO,UAAsB;AAChD,QAAM,kBAAkB,MAAM;AACxB,QAAA,MAAM,aAAa,gBAAgB,GAAG;AACxC,MAAA,IAAI,SAAS,qBAAqB,GAAG;AAClC,UAAA,YAAY,eAAe,KAAK,CAAC;AACvC;AAAA,EACD;AAEA,QAAM,uCAAuC;AAAA,IAC5C;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAED,MACC,wCACA,qCAAqC,UACrC,qCAAqC,OAAO,cAC3C;AACD,WACC,qCAAqC,UACrC,CAAC,cAAc,qCAAqC,MAAM,GACzD;AACD,YAAM,MAAM,GAAG;AAAA,IAChB;AAEA,QAAI,cAAc,gBAAgB;AAElC,QACC,gBAAgB,SAAS,cACzB,qCAAqC,wCACpC;AACa,oBAAA;AAAA,IACf;AAEI,QAAA;AACJ,QACC,gBAAgB,QAAQ,cACxB,CAAC,qCAAqC,kCACrC;AACS,gBAAA;AAAA,QACT,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,MAAA;AAAA,IAC5C,OACM;AACI,gBAAA;AAAA,QACT,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,QAC3C,eACC,YAAY,qCAAqC,OAAO;AAAA,MAAA;AAAA,IAE3D;AACI,QAAA;AACA,QAAA,gBAAgB,SAAS,YAAY;AACjC,aAAA;AAAA,QACN;AAAA,MAAA;AAAA,IACD,OACM;AACC,aAAA;AAAA,QACN;AAAA,QACA,MAAM;AAAA,MAAA;AAAA,IAER;AAEA,UAAM,aAAa,IAAI,QAAQ,iBAAiB,IAAI;AAE9C,UAAA,YAAY,MAAM,UAAU,CAAC;AAEnC;AAAA,EACD;AAEI,MAAA,MAAM,QAAQ,WAAW,QAAQ;AACpC;AAAA,EACD;AAEA,MAAI,kBAAqC;AACnC,QAAA,mBAAmB,iCAAiC,UAAU,GAAG;AACvE,QAAM,iBAAiB,iBAAiB;AACxC,MAAI,iBAAiB,GAAG;AACvB,UAAM,aAAa,IAAI,QAAkB,CAAC,SAAS,WAAW;AACvD,YAAA,gBAAgB,gBAAgB;AACtC,YAAM,WAAW,cAAc,KAAO,EAAA,KAAK,CAAC,eAAe;AAEzD,YAAA,WAAW,SAAS,MAAM,aAAa,KACvC,WAAW,SAAS,MAAM,YAAY,GACrC;AACD,cAAI,UAAU;AACd,mBAAS,IAAI,GAAG,IAAI,gBAAgB,KAAK;AAClC,kBAAA,YAAY,iBAAiB,CAAC;AAEhC,gBAAA,aAAa,UAAU,UAAU,MAAM;AAC1C,oBAAM,kBACL,MAAM,gBAAgB,MAAM,UAAU;AACnC,kBAAA,WAAW,SAAS,eAAe,GAAG;AACzC,0BAAU,QAAQ;AAAA,kBACjB;AAAA,kBACA,mBAAmB,UAAU,OAAO,aAAuB;AAAA,gBAAA;AAE1C,kCAAA;AAClB;AAAA,cACD;AACA,oBAAM,iBACL,MAAM,eAAe,MAAM,UAAU;AAClC,kBAAA,WAAW,SAAS,cAAc,GAAG;AACxC,0BAAU,QAAQ;AAAA,kBACjB;AAAA,kBACA,mBAAmB,UAAU,OAAO,YAAY;AAAA,gBAAA;AAE/B,kCAAA;AAClB;AAAA,cACD;AAAA,YACD;AAAA,UACD;AACM,gBAAA,eAAe,MAAM,iBAAiB;AAAA,YAC3C,MAAM;AAAA,YACN,QAAQ,cAAc;AAAA,YACtB,SAAS;AAAA,cACR,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,YAC5C;AAAA,YACA,MAAM,cAAc;AAAA,YACpB,OAAO,cAAc;AAAA,YACrB,UAAU,cAAc;AAAA,YACxB,UAAU,cAAc;AAAA,YACxB,aAAa,cAAc;AAAA,YAC3B,WAAW,cAAc;AAAA,UAAA,CACzB;AAED,cACC,mBACA,gBAAgB,2BAA2B,QAC3C,gBAAgB,wBAAwB,sBACxC,IAAI;AAAA,YACH;AAAA,cACC,gBAAgB,wBAAwB;AAAA,YACzC;AAAA,UAAA,GAEA;AACM,mBAAA,aAAa,KAAK,OAAOE,cAAa;AACtC,oBAAA,OAAO,MAAMA,UAAS;AACrB,qBAAA,IAAI,SAAS,MAAMA,SAAQ;AAAA,YAAA,CAClC;AAAA,UACF;AACA,iBAAO,aAAa,KAAK,WAAW,eAA6B,CAAC;AAAA,QAElE,WAAA,WAAW,SAAS,gBAAgB,KACpC,uCACC;AACD,4BAAkB,SAAS,qCAAqC;AACxB,kDAAA;AACxC,cAAI,UAAU;AACV,cAAA,mBAAmB,gBAAgB,gBAAgB,MAAM;AAClD,sBAAA;AAAA,cACT;AAAA,cACA,gBAAgB;AAAA,YAAA;AAAA,UAElB;AAEA,iBAAO,MAAM,iBAAiB;AAAA,YAC7B,MAAM;AAAA,YACN,QAAQ,cAAc;AAAA,YACtB,SAAS;AAAA,cACR,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,YAC5C;AAAA,YACA,MAAM,cAAc;AAAA,YACpB,OAAO,cAAc;AAAA,YACrB,UAAU,cAAc;AAAA,YACxB,UAAU,cAAc;AAAA,YACxB,aAAa,cAAc;AAAA,YAC3B,WAAW,cAAc;AAAA,UACzB,CAAA,EAAE,KAAK,WAAW,eAAe,CAAC;AAAA,QACpC;AAKA,eAAO,MAAM,iBAAiB;AAAA,UAC7B,MAAM;AAAA,UACN,QAAQ,cAAc;AAAA,UACtB,SAAS;AAAA,YACR,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,UAC5C;AAAA,UACA,MAAM,cAAc;AAAA,UACpB,OAAO,cAAc;AAAA,UACrB,UAAU,cAAc;AAAA,UACxB,UAAU,cAAc;AAAA,UACxB,aAAa,cAAc;AAAA,UAC3B,WAAW,cAAc;AAAA,QAAA,CACzB;AAAA,MAAA,CACD;AAEC,eAAA,KAAK,CAAC,MAAM;AACZ,gBAAQ,CAAC;AAAA,MAAA,CACT,EACA,MAAM,CAAC,QAAQ;AACf,eAAO,GAAG;AAAA,MAAA,CACV;AAAA,IAAA,CACF;AAED,UAAM,YAAY,UAAU;AAAA,EAC7B;AACD;AAEA,MAAM,gBAAgB,CAAC,UAAkC;AAClD,QAAA,OAAO,MAAM,MAAM,CAAC;AAC1B,QAAM,OAAO,MAAM;AACf,MAAA,MAAM,KAAK,SAAS,SAAS;AAC1B,UAAA,QAAQ,QAAQ,KAAK,MAAM,KAAK,YAAY,CAAE,CAAA,CAAC;AACrD;AAAA,EACD;AACA,QAAM,oBAAoB,KAAK;AAC3B,MAAA,kBAAkB,SAAS,iBAAiB;AAChD,MAAI,kBAAkB,MAAM;AAC3B,qBAAiB,CAAA;AAAA,EAClB;AACA,MAAI,CAAC,iBAAiB;AACf,UAAA,gBAAgB,eAAe,iBAAiB;AACtD,UAAM,kBAAkB,MAAM,QAAQ,aAAa,IAChD,QACA,cAAc;AACjB,UAAM,wCAAwC,MAAM,QAAQ,aAAa,IACtE,OACA,cAAc;AACjB,UAAM,yCAAyC,MAAM,QAAQ,aAAa,IACvE,QACA,cAAc;AACjB,aAAS,iBAAiB,IAAI;AAAA,MAC7B,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,cAAc;AAAA,MACd,yBAAyB;AAAA,MACzB,mBAAmB;AAAA,MACnB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR;AAAA,MACA,iBAAiB,CAAC;AAAA,MAClB,kCACC,yCAAyC;AAAA,MAC1C,wCACC,0CAA0C;AAAA,MAC3C,qCAAqC;AAAA,MACrC,uCAAuC;AAAA,IAAA;AAExC,sBAAkB,SAAS,iBAAiB;AAExC,QAAA,CAAC,eAAe,iBAAiB,GAAG;AACxB,qBAAA,iBAAiB,IAAI;IACrC;AAAA,EACD;AAEA,UAAQ,KAAK,MAAM;AAAA,IAClB,KAAK;AACJ,sBAAgB,SAAS;AACzB,sBAAgB,QAAQ;AACxB,sBAAgB,eAAe;AACf,sBAAA,SAAS,KAAK,KAAK;AAC9B,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD,KAAK,QAAQ;AACN,YAAA,0BAA0B,KAAK,KAAK;AACpC,YAAA,gBAAgB,eAAe,iBAAiB;AAChD,YAAA,UAAU,WAAW,eAAe,MAAM;AAChD,UAAI,CAAC,QAAQ,KAAK,CAAC,WAAW,WAAW,oBAAoB,GAAG;AAC/D;AAAA,UACC,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,QAAA,EACvB,QAAQ,CAAC,QAAQ;AAClB,sBAAY,SAAS,GAAG;AAAA,QAAA,CACxB;AAAA,MACF;AACA,sBAAgB,0BAA0B;AAC1B,sBAAA,oBAAoB,KAAK,KAAK;AACxC,YAAA,QAAQ,KAAK,KAAK;AAEvB,UAAA,UAAU,wBACV,UAAU,+BACT;AACuC,gDAAA;AAAA,MAAA,OAClC;AACkC,gDAAA;AAAA,MACzC;AAEI,UAAA,CAAC,gBAAgB,QAAQ;AAC5B,aAAK,YAAY;AAAA,UAChB,QAAQ;AAAA,UACR,QAAQ,gBAAgB;AAAA,UACxB;AAAA,UACA;AAAA,QAAA,CACA;AAAA,MAAA,OACK;AACN,cAAM,SAAS;AAAA,UACd,GAAG,gBAAgB;AAAA,QAAA;AAEpB,YAAI,gBAAgB,iBAAiB;AAC7B,iBAAA,eAAe,MAAM,eAAe,MAAM;AAAA,QAClD;AACA,YAAI,OAAO,eAAe;AAClB,iBAAA,gBAAgB,MAAM,gBAAgB,MAAM;AAAA,QACpD;AACA,YACC,OAAO,kBACP,OAAO,eAAe,SACtB,gBAAgB,SAAS,MACxB;AACD,iBAAO,eAAe,QACrB,MAAM,cAAc,MAAM;AAAA,QAC5B;AACA,aAAK,YAAY;AAAA,UAChB;AAAA,UACA,QAAQ,gBAAgB;AAAA,UACxB;AAAA,UACA;AAAA,QAAA,CACA;AAAA,MACF;AACA;AAAA,IACD;AAAA,IACA,KAAK,0CAA0C;AAC9B,sBAAA,sCACf,KAAK,KAAK;AACN,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,0CAA0C;AAC9C,YAAM,sCACL,gBAAgB;AACjB,WAAK,YAAY;AAAA,QAChB;AAAA,QACA;AAAA,MAAA,CACA;AACD;AAAA,IACD;AAAA,IACA,KAAK,wCAAwC;AAC5B,sBAAA,wCACf,KAAK,KAAK;AACN,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,wCAAwC;AAC5C,YAAM,wCACL,gBAAgB;AACjB,WAAK,YAAY;AAAA,QAChB;AAAA,QACA;AAAA,MAAA,CACA;AACD;AAAA,IACD;AAAA,IACA,KAAK,YAAY;AACA,sBAAA,QAAQ,KAAK,KAAK;AAC7B,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,YAAY;AAChB,YAAM,QAAQ,gBAAgB;AAC9B,WAAK,YAAY,EAAE,mBAAmB,MAAO,CAAA;AAC7C;AAAA,IACD;AAAA,IACA,KAAK,mBAAmB;AACP,sBAAA,eAAe,KAAK,KAAK;AACpC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,mBAAmB;AACvB,WAAK,YAAY;AAAA,QAChB;AAAA,QACA,cACC,gBAAgB,gBAAgB,OAC7B,MAAM,gBAAgB,MAAM,oBAC5B;AAAA,MAAA,CACJ;AACD;AAAA,IACD;AAAA,IACA,KAAK,mBAAmB;AACP,sBAAA,eAAe,KAAK,KAAK;AACpC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,mBAAmB;AACvB,YAAM,eAAe,gBAAgB;AACrC,WAAK,YAAY,EAAE,mBAAmB,aAAc,CAAA;AACpD;AAAA,IACD;AAAA,IACA,KAAK,YAAY;AACV,YAAA,QAAQ,KAAK,KAAK;AACxB,UAAI,OAAO;AACV,wBAAgB,QAAQ;AAAA,MACzB;AACK,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,YAAY;AACV,YAAA,WAAW,MAAM,cAAc,MAAM;AACrC,YAAA,QAAQ,gBAAgB,QAAQ,WAAW;AACjD,WAAK,YAAY,EAAE,mBAAmB,MAAO,CAAA;AAC7C;AAAA,IACD;AAAA,IACA,SAAS;AACR,sBAAgB,QAAQ,EAAE,GAAG,KAAK,KAAK;AAClC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AAAA,IACvC;AAAA,EACD;AACD;AAEA,MAAM,iBAAiB,WAAW,aAAa;AAC/C,MAAM,iBAAiB,YAAY,cAAc;AACjD,MAAM,iBAAiB,SAAS,WAAW;AAC3C,MAAM,iBAAiB,WAAW,aAAa;"}
1
+ {"version":3,"file":"OidcServiceWorker.js","sources":["../src/constants.ts","../src/utils/normalizeUrl.ts","../src/utils/domains.ts","../src/utils/serializeHeaders.ts","../src/utils/sleep.ts","../src/utils/strings.ts","../src/utils/tokens.ts","../src/utils/codeVerifier.ts","../src/version.ts","../src/OidcServiceWorker.ts"],"sourcesContent":["const scriptFilename = 'OidcTrustedDomains.js';\nconst acceptAnyDomainToken = '*';\n\ntype TokenType = {\n readonly REFRESH_TOKEN: string;\n readonly ACCESS_TOKEN: string;\n readonly NONCE_TOKEN: string;\n readonly CODE_VERIFIER: string;\n};\n\nconst TOKEN: TokenType = {\n REFRESH_TOKEN: 'REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER',\n ACCESS_TOKEN: 'ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER',\n NONCE_TOKEN: 'NONCE_SECURED_BY_OIDC_SERVICE_WORKER',\n CODE_VERIFIER: 'CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER',\n};\n\ntype TokenRenewModeType = {\n readonly access_token_or_id_token_invalid: string;\n readonly access_token_invalid: string;\n readonly id_token_invalid: string;\n};\n\nconst TokenRenewMode: TokenRenewModeType = {\n access_token_or_id_token_invalid: 'access_token_or_id_token_invalid',\n access_token_invalid: 'access_token_invalid',\n id_token_invalid: 'id_token_invalid',\n};\n\nconst openidWellknownUrlEndWith = '/.well-known/openid-configuration';\n\nexport { acceptAnyDomainToken, openidWellknownUrlEndWith, scriptFilename, TOKEN, TokenRenewMode };\n","export function normalizeUrl(url: string) {\n\ttry {\n\t\treturn new URL(url).toString();\n\t} catch (error) {\n\t\tconsole.error(`Failed to normalize url: ${url}`);\n\t\treturn url;\n\t}\n}\n\n","import { acceptAnyDomainToken, openidWellknownUrlEndWith, scriptFilename } from '../constants';\nimport { Database, Domain, DomainDetails, OidcConfig, TrustedDomains } from '../types';\nimport { normalizeUrl } from './normalizeUrl';\n\nexport function checkDomain(domains: Domain[], endpoint: string) {\n\tif (!endpoint) {\n\t\treturn;\n\t}\n\n\tconst domain = domains.find((domain) => {\n\t\tlet testable: RegExp;\n\n\t\tif (typeof domain === 'string') {\n\t\t\ttestable = new RegExp(`^${domain}`);\n\t\t} else {\n\t\t\ttestable = domain;\n\t\t}\n\n\t\treturn testable.test?.(endpoint);\n\t});\n\tif (!domain) {\n\t\tthrow new Error(\n\t\t\t'Domain ' + endpoint + ' is not trusted, please add domain in ' + scriptFilename,\n\t\t);\n\t}\n}\n\nexport const getDomains = (\n\ttrustedDomain: Domain[] | DomainDetails,\n\ttype: 'oidc' | 'accessToken',\n) => {\n\tif (Array.isArray(trustedDomain)) {\n\t\treturn trustedDomain;\n\t}\n\n\treturn trustedDomain[`${type}Domains`] ?? trustedDomain.domains ?? [];\n};\n\nexport const getCurrentDatabaseDomain = (\n\tdatabase: Database,\n\turl: string,\n\ttrustedDomains: TrustedDomains,\n) => {\n\tif (url.endsWith(openidWellknownUrlEndWith)) {\n\t\treturn null;\n\t}\n\tfor (const [key, currentDatabase] of Object.entries<OidcConfig>(database)) {\n\t\tconst oidcServerConfiguration = currentDatabase.oidcServerConfiguration;\n\n\t\tif (!oidcServerConfiguration) {\n\t\t\tcontinue;\n\t\t}\n\n\t\tif (\n\t\t\toidcServerConfiguration.tokenEndpoint &&\n\t\t\turl === normalizeUrl(oidcServerConfiguration.tokenEndpoint)\n\t\t) {\n\t\t\tcontinue;\n\t\t}\n\t\tif (\n\t\t\toidcServerConfiguration.revocationEndpoint &&\n\t\t\turl === normalizeUrl(oidcServerConfiguration.revocationEndpoint)\n\t\t) {\n\t\t\tcontinue;\n\t\t}\n\t\tconst trustedDomain = trustedDomains == null ? [] : trustedDomains[key];\n\n\t\tconst domains = getDomains(trustedDomain, 'accessToken');\n\t\tconst domainsToSendTokens = oidcServerConfiguration.userInfoEndpoint\n\t\t\t? [oidcServerConfiguration.userInfoEndpoint, ...domains]\n\t\t\t: [...domains];\n\n\t\tlet hasToSendToken = false;\n\t\tif (domainsToSendTokens.find((f) => f === acceptAnyDomainToken)) {\n\t\t\thasToSendToken = true;\n\t\t} else {\n\t\t\tfor (let i = 0; i < domainsToSendTokens.length; i++) {\n\t\t\t\tlet domain = domainsToSendTokens[i];\n\n\t\t\t\tif (typeof domain === 'string') {\n\t\t\t\t\tdomain = new RegExp(`^${domain}`);\n\t\t\t\t}\n\n\t\t\t\tif (domain.test?.(url)) {\n\t\t\t\t\thasToSendToken = true;\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif (hasToSendToken) {\n\t\t\tif (!currentDatabase.tokens) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn currentDatabase;\n\t\t}\n\t}\n\treturn null;\n};\n","import { FetchHeaders } from '../types';\n\nfunction serializeHeaders(headers: Headers) {\n const headersObj: Record<string, string> = {};\n for (const key of (headers as FetchHeaders).keys()) {\n if (headers.has(key)) {\n headersObj[key] = headers.get(key) as string;\n }\n }\n return headersObj;\n}\nexport { serializeHeaders };\n","const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));\nexport { sleep };\n","/**\n * Count occurances of letter in string\n * @param str\n * @param find\n * @returns\n */\nexport function countLetter(str: string, find: string) {\n return str.split(find).length - 1;\n}\n","/* eslint-disable simple-import-sort/exports */\nimport { TOKEN, TokenRenewMode } from '../constants';\nimport {\n AccessTokenPayload,\n IdTokenPayload,\n OidcConfig,\n OidcConfiguration,\n OidcServerConfiguration,\n Tokens\n} from '../types';\nimport { countLetter } from './strings';\n\nfunction parseJwt(token: string) {\n return JSON.parse(\n b64DecodeUnicode(token.split('.')[1].replace('-', '+').replace('_', '/')),\n );\n}\nfunction b64DecodeUnicode(str: string) {\n return decodeURIComponent(\n Array.prototype.map\n .call(\n atob(str),\n (c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2),\n )\n .join(''),\n );\n}\n\nfunction computeTimeLeft(\n refreshTimeBeforeTokensExpirationInSecond: number,\n expiresAt: number,\n) {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n return Math.round(\n expiresAt -\n refreshTimeBeforeTokensExpirationInSecond -\n currentTimeUnixSecond,\n );\n}\n\nfunction isTokensValid(tokens: Tokens | null) {\n if (!tokens) {\n return false;\n }\n return computeTimeLeft(0, tokens.expiresAt) > 0;\n}\n\nconst extractTokenPayload = (token?: string) => {\n try {\n if (!token) {\n return null;\n }\n if (countLetter(token, '.') === 2) {\n return parseJwt(token);\n } else {\n return null;\n }\n } catch (e) {\n console.warn(e);\n }\n return null;\n};\n\n// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation (excluding rules #1, #4, #5, #7, #8, #12, and #13 which did not apply).\n// https://github.com/openid/AppAuth-JS/issues/65\nconst isTokensOidcValid = (\n tokens: Tokens,\n nonce: string | null,\n oidcServerConfiguration: OidcServerConfiguration,\n): { isValid: boolean; reason: string } => {\n if (tokens.idTokenPayload) {\n const idTokenPayload = tokens.idTokenPayload;\n // 2: The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.\n if (oidcServerConfiguration.issuer !== idTokenPayload.iss) {\n return { isValid: false, reason: `Issuer does not match (oidcServerConfiguration issuer) ${oidcServerConfiguration.issuer} !== (idTokenPayload issuer) ${idTokenPayload.iss}` };\n }\n // 3: The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.\n\n // 6: If the ID Token is received via direct communication between the Client and the Token Endpoint (which it is in this flow), the TLS server validation MAY be used to validate the issuer in place of checking the token signature. The Client MUST validate the signature of all other ID Tokens according to JWS [JWS] using the algorithm specified in the JWT alg Header Parameter. The Client MUST use the keys provided by the Issuer.\n\n // 9: The current time MUST be before the time represented by the exp Claim.\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n if (idTokenPayload.exp && idTokenPayload.exp < currentTimeUnixSecond) {\n return { isValid: false, reason: `Token expired at (idTokenPayload exp) ${idTokenPayload.exp} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };\n }\n // 10: The iat Claim can be used to reject tokens that were issued too far away from the current time, limiting the amount of time that nonces need to be stored to prevent attacks. The acceptable range is Client specific.\n const timeInSevenDays = 60 * 60 * 24 * 7;\n if (\n idTokenPayload.iat &&\n idTokenPayload.iat + timeInSevenDays < currentTimeUnixSecond\n ) {\n return { isValid: false, reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${idTokenPayload.iat + timeInSevenDays} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };\n }\n // 11: If a nonce value was sent in the Authentication Request, a nonce Claim MUST be present and its value checked to verify that it is the same value as the one that was sent in the Authentication Request. The Client SHOULD check the nonce value for replay attacks. The precise method for detecting replay attacks is Client specific.\n if (nonce && idTokenPayload.nonce && idTokenPayload.nonce !== nonce) {\n return { isValid: false, reason: `Nonce does not match (nonce) ${nonce} !== (idTokenPayload nonce) ${idTokenPayload.nonce}` };\n }\n }\n return { isValid: true, reason: '' };\n};\n\nfunction extractedIssueAt(tokens: Tokens, accessTokenPayload: AccessTokenPayload | null, _idTokenPayload : IdTokenPayload) {\n if (!tokens.issued_at) {\n if (accessTokenPayload && accessTokenPayload.iat) {\n return accessTokenPayload.iat;\n } else if (_idTokenPayload && _idTokenPayload.iat) {\n return _idTokenPayload.iat;\n } else {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n return currentTimeUnixSecond;\n }\n } else if (typeof tokens.issued_at == \"string\") {\n return parseInt(tokens.issued_at, 10);\n }\n return tokens.issued_at;\n}\n\nfunction _hideTokens(tokens: Tokens, currentDatabaseElement: OidcConfig, configurationName: string) {\n if (!tokens.issued_at) {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n tokens.issued_at = currentTimeUnixSecond;\n } else if (typeof tokens.issued_at == \"string\") {\n tokens.issued_at = parseInt(tokens.issued_at, 10);\n }\n\n const accessTokenPayload = extractTokenPayload(tokens.access_token);\n const secureTokens = {\n ...tokens,\n accessTokenPayload,\n };\n if (currentDatabaseElement.hideAccessToken) {\n secureTokens.access_token = TOKEN.ACCESS_TOKEN + '_' + configurationName;\n }\n tokens.accessTokenPayload = accessTokenPayload;\n\n let _idTokenPayload = null;\n if (tokens.id_token) {\n _idTokenPayload = extractTokenPayload(tokens.id_token);\n tokens.idTokenPayload = { ..._idTokenPayload };\n if (_idTokenPayload.nonce && currentDatabaseElement.nonce != null) {\n const keyNonce =\n TOKEN.NONCE_TOKEN + '_' + currentDatabaseElement.configurationName;\n _idTokenPayload.nonce = keyNonce;\n }\n secureTokens.idTokenPayload = _idTokenPayload;\n }\n if (tokens.refresh_token) {\n secureTokens.refresh_token =\n TOKEN.REFRESH_TOKEN + '_' + configurationName;\n }\n\n tokens.issued_at = extractedIssueAt(tokens, accessTokenPayload, _idTokenPayload);\n\n const expireIn = typeof tokens.expires_in == \"string\" ? parseInt(tokens.expires_in, 10) : tokens.expires_in;\n\n const idTokenExpiresAt =\n _idTokenPayload && _idTokenPayload.exp\n ? _idTokenPayload.exp\n : Number.MAX_VALUE;\n const accessTokenExpiresAt =\n accessTokenPayload && accessTokenPayload.exp\n ? accessTokenPayload.exp\n : tokens.issued_at + expireIn;\n\n let expiresAt: number;\n const tokenRenewMode = (\n currentDatabaseElement.oidcConfiguration as OidcConfiguration\n ).token_renew_mode;\n if (tokenRenewMode === TokenRenewMode.access_token_invalid) {\n expiresAt = accessTokenExpiresAt;\n } else if (tokenRenewMode === TokenRenewMode.id_token_invalid) {\n expiresAt = idTokenExpiresAt;\n } else {\n expiresAt =\n idTokenExpiresAt < accessTokenExpiresAt\n ? idTokenExpiresAt\n : accessTokenExpiresAt;\n }\n secureTokens.expiresAt = expiresAt;\n\n tokens.expiresAt = expiresAt;\n const nonce = currentDatabaseElement.nonce\n ? currentDatabaseElement.nonce.nonce\n : null;\n const { isValid, reason } = isTokensOidcValid(\n tokens,\n nonce,\n currentDatabaseElement.oidcServerConfiguration as OidcServerConfiguration,\n ); // TODO: Type assertion, could be null.\n if (!isValid) {\n throw Error(`Tokens are not OpenID valid, reason: ${reason}`);\n }\n\n // When refresh_token is not rotated we reuse ald refresh_token\n if (\n currentDatabaseElement.tokens != null &&\n 'refresh_token' in currentDatabaseElement.tokens &&\n !('refresh_token' in tokens)\n ) {\n const refreshToken = currentDatabaseElement.tokens.refresh_token;\n\n currentDatabaseElement.tokens = {\n ...tokens,\n refresh_token: refreshToken,\n };\n } else {\n currentDatabaseElement.tokens = tokens;\n }\n\n currentDatabaseElement.status = 'LOGGED_IN';\n return secureTokens;\n}\n\nfunction hideTokens(currentDatabaseElement: OidcConfig) {\n const configurationName = currentDatabaseElement.configurationName;\n return (response: Response) => {\n if (response.status !== 200) {\n return response;\n }\n return response.json().then<Response>((tokens: Tokens) => {\n const secureTokens = _hideTokens(tokens, currentDatabaseElement, configurationName);\n const body = JSON.stringify(secureTokens);\n return new Response(body, response);\n });\n };\n}\n\nexport {\n b64DecodeUnicode,\n computeTimeLeft,\n isTokensValid,\n extractTokenPayload,\n isTokensOidcValid,\n hideTokens,\n _hideTokens,\n};\n","export function replaceCodeVerifier(codeVerifier:string, newCodeVerifier:string):string {\n const regex = /code_verifier=[A-Za-z0-9_-]+/i;\n return codeVerifier.replace(regex, `code_verifier=${newCodeVerifier}`);\n}\n","export default '7.12.3';\n","import { acceptAnyDomainToken, scriptFilename, TOKEN } from './constants';\nimport {\n\tDatabase,\n\tMessageEventData,\n\tOidcConfig,\n\tTrustedDomains,\n} from './types';\nimport {\n\tcheckDomain,\n\tgetCurrentDatabaseDomain,\n\tgetDomains,\n\thideTokens,\n\tisTokensValid,\n\tserializeHeaders,\n\tsleep,\n} from './utils';\nimport { replaceCodeVerifier } from './utils/codeVerifier';\nimport { normalizeUrl } from './utils/normalizeUrl';\nimport version from './version';\n\n// @ts-ignore\nif (typeof trustedTypes !== 'undefined' && typeof trustedTypes.createPolicy == 'function') {\n\t// @ts-ignore\n\ttrustedTypes.createPolicy('default', {\n\t\tcreateScriptURL: function (url: string) {\n\t\t\tif (url == scriptFilename) {\n\t\t\t\treturn url;\n\t\t\t} else {\n\t\t\t\tthrow new Error('Untrusted script URL blocked: ' + url);\n\t\t\t}\n\t\t},\n\t});\n}\n\nconst _self = self as ServiceWorkerGlobalScope & typeof globalThis;\n\ndeclare let trustedDomains: TrustedDomains;\n\n_self.importScripts(scriptFilename);\n\nconst id = Math.round(new Date().getTime() / 1000).toString();\n\nconst keepAliveJsonFilename = 'OidcKeepAliveServiceWorker.json';\nconst handleInstall = (event: ExtendableEvent) => {\n\tconsole.log('[OidcServiceWorker] service worker installed ' + id);\n\tevent.waitUntil(_self.skipWaiting());\n};\n\nconst handleActivate = (event: ExtendableEvent) => {\n\tconsole.log('[OidcServiceWorker] service worker activated ' + id);\n\tevent.waitUntil(_self.clients.claim());\n};\n\nlet currentLoginCallbackConfigurationName: string | null = null;\nconst database: Database = {};\n\nconst getCurrentDatabasesTokenEndpoint = (database: Database, url: string) => {\n\tconst databases: OidcConfig[] = [];\n\tfor (const [, value] of Object.entries<OidcConfig>(database)) {\n\t\tif (\n\t\t\tvalue.oidcServerConfiguration != null &&\n\t\t\turl.startsWith(normalizeUrl(value.oidcServerConfiguration.tokenEndpoint))\n\t\t) {\n\t\t\tdatabases.push(value);\n\t\t} else if (\n\t\t\tvalue.oidcServerConfiguration != null &&\n\t\t\tvalue.oidcServerConfiguration.revocationEndpoint &&\n\t\t\turl.startsWith(\n\t\t\t\tnormalizeUrl(value.oidcServerConfiguration.revocationEndpoint),\n\t\t\t)\n\t\t) {\n\t\t\tdatabases.push(value);\n\t\t}\n\t}\n\treturn databases;\n};\n\nconst keepAliveAsync = async (event: FetchEvent) => {\n\tconst originalRequest = event.request;\n\tconst isFromVanilla = originalRequest.headers.has('oidc-vanilla');\n\tconst init = { status: 200, statusText: 'oidc-service-worker' };\n\tconst response = new Response('{}', init);\n\tif (!isFromVanilla) {\n\t\tconst originalRequestUrl = new URL(originalRequest.url);\n\t\tconst minSleepSeconds =\n\t\t\tNumber(originalRequestUrl.searchParams.get('minSleepSeconds')) || 240;\n\t\tfor (let i = 0; i < minSleepSeconds; i++) {\n\t\t\tawait sleep(1000 + Math.floor(Math.random() * 1000));\n\t\t\tconst cache = await caches.open('oidc_dummy_cache');\n\t\t\tawait cache.put(event.request, response.clone());\n\t\t}\n\t}\n\treturn response;\n};\n\nconst handleFetch = async (event: FetchEvent) => {\n\tconst originalRequest = event.request;\n\tconst url = normalizeUrl(originalRequest.url);\n\tif (url.includes(keepAliveJsonFilename)) {\n\t\tevent.respondWith(keepAliveAsync(event));\n\t\treturn;\n\t}\n\n\tconst currentDatabaseForRequestAccessToken = getCurrentDatabaseDomain(\n\t\tdatabase,\n\t\turl,\n\t\ttrustedDomains,\n\t);\n\tif (\n\t\tcurrentDatabaseForRequestAccessToken &&\n\t\tcurrentDatabaseForRequestAccessToken.tokens &&\n\t\tcurrentDatabaseForRequestAccessToken.tokens.access_token\n\t) {\n\t\twhile (\n\t\t\tcurrentDatabaseForRequestAccessToken.tokens &&\n\t\t\t!isTokensValid(currentDatabaseForRequestAccessToken.tokens)\n\t\t) {\n\t\t\tawait sleep(200);\n\t\t}\n\n\t\tlet requestMode = originalRequest.mode;\n\n\t\tif (\n\t\t\toriginalRequest.mode !== 'navigate' &&\n\t\t\tcurrentDatabaseForRequestAccessToken.convertAllRequestsToCorsExceptNavigate\n\t\t) {\n\t\t\trequestMode = 'cors';\n\t\t}\n\n\t\tlet headers: { [p: string]: string };\n\t\tif (\n\t\t\toriginalRequest.mode == 'navigate' &&\n\t\t\t!currentDatabaseForRequestAccessToken.setAccessTokenToNavigateRequests\n\t\t) {\n\t\t\theaders = {\n\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t};\n\t\t} else {\n\t\t\theaders = {\n\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t\tauthorization:\n\t\t\t\t\t'Bearer ' + currentDatabaseForRequestAccessToken.tokens.access_token,\n\t\t\t};\n\t\t}\n\t\tlet init: RequestInit;\n\t\tif (originalRequest.mode === 'navigate') {\n\t\t\tinit = {\n\t\t\t\theaders: headers,\n\t\t\t};\n\t\t} else {\n\t\t\tinit = {\n\t\t\t\theaders: headers,\n\t\t\t\tmode: requestMode,\n\t\t\t};\n\t\t}\n\n\t\tconst newRequest = new Request(originalRequest, init);\n\n\t\tevent.respondWith(fetch(newRequest));\n\n\t\treturn;\n\t}\n\n\tif (event.request.method !== 'POST') {\n\t\treturn;\n\t}\n\n\tlet currentDatabase: OidcConfig | null = null;\n\tconst currentDatabases = getCurrentDatabasesTokenEndpoint(database, url);\n\tconst numberDatabase = currentDatabases.length;\n\tif (numberDatabase > 0) {\n\t\tconst maPromesse = new Promise<Response>((resolve, reject) => {\n\t\t\tconst clonedRequest = originalRequest.clone();\n\t\t\tconst response = clonedRequest.text().then((actualBody) => {\n\t\t\t\tif (\n\t\t\t\t\tactualBody.includes(TOKEN.REFRESH_TOKEN) ||\n\t\t\t\t\tactualBody.includes(TOKEN.ACCESS_TOKEN)\n\t\t\t\t) {\n\t\t\t\t\tlet newBody = actualBody;\n\t\t\t\t\tfor (let i = 0; i < numberDatabase; i++) {\n\t\t\t\t\t\tconst currentDb = currentDatabases[i];\n\n\t\t\t\t\t\tif (currentDb && currentDb.tokens != null) {\n\t\t\t\t\t\t\tconst keyRefreshToken =\n\t\t\t\t\t\t\t\tTOKEN.REFRESH_TOKEN + '_' + currentDb.configurationName;\n\t\t\t\t\t\t\tif (actualBody.includes(keyRefreshToken)) {\n\t\t\t\t\t\t\t\tnewBody = newBody.replace(\n\t\t\t\t\t\t\t\t\tkeyRefreshToken,\n\t\t\t\t\t\t\t\t\tencodeURIComponent(currentDb.tokens.refresh_token as string),\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\tcurrentDatabase = currentDb;\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tconst keyAccessToken =\n\t\t\t\t\t\t\t\tTOKEN.ACCESS_TOKEN + '_' + currentDb.configurationName;\n\t\t\t\t\t\t\tif (actualBody.includes(keyAccessToken)) {\n\t\t\t\t\t\t\t\tnewBody = newBody.replace(\n\t\t\t\t\t\t\t\t\tkeyAccessToken,\n\t\t\t\t\t\t\t\t\tencodeURIComponent(currentDb.tokens.access_token),\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t\tcurrentDatabase = currentDb;\n\t\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tconst fetchPromise = fetch(originalRequest, {\n\t\t\t\t\t\tbody: newBody,\n\t\t\t\t\t\tmethod: clonedRequest.method,\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tmode: clonedRequest.mode,\n\t\t\t\t\t\tcache: clonedRequest.cache,\n\t\t\t\t\t\tredirect: clonedRequest.redirect,\n\t\t\t\t\t\treferrer: clonedRequest.referrer,\n\t\t\t\t\t\tcredentials: clonedRequest.credentials,\n\t\t\t\t\t\tintegrity: clonedRequest.integrity,\n\t\t\t\t\t});\n\n\t\t\t\t\tif (\n\t\t\t\t\t\tcurrentDatabase &&\n\t\t\t\t\t\tcurrentDatabase.oidcServerConfiguration != null &&\n\t\t\t\t\t\tcurrentDatabase.oidcServerConfiguration.revocationEndpoint &&\n\t\t\t\t\t\turl.startsWith(\n\t\t\t\t\t\t\tnormalizeUrl(\n\t\t\t\t\t\t\t\tcurrentDatabase.oidcServerConfiguration.revocationEndpoint,\n\t\t\t\t\t\t\t),\n\t\t\t\t\t\t)\n\t\t\t\t\t) {\n\t\t\t\t\t\treturn fetchPromise.then(async (response) => {\n\t\t\t\t\t\t\tconst text = await response.text();\n\t\t\t\t\t\t\treturn new Response(text, response);\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn fetchPromise.then(hideTokens(currentDatabase as OidcConfig)); // todo type assertion to OidcConfig but could be null, NEEDS REVIEW\n\t\t\t\t} else if (\n\t\t\t\t\tactualBody.includes('code_verifier=') &&\n\t\t\t\t\tcurrentLoginCallbackConfigurationName\n\t\t\t\t) {\n\t\t\t\t\tcurrentDatabase = database[currentLoginCallbackConfigurationName];\n\t\t\t\t\tcurrentLoginCallbackConfigurationName = null;\n\t\t\t\t\tlet newBody = actualBody;\n\t\t\t\t\tif (currentDatabase && currentDatabase.codeVerifier != null) {\n\t\t\t\t\t\tnewBody = replaceCodeVerifier(\n\t\t\t\t\t\t\tnewBody,\n\t\t\t\t\t\t\tcurrentDatabase.codeVerifier,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\treturn fetch(originalRequest, {\n\t\t\t\t\t\tbody: newBody,\n\t\t\t\t\t\tmethod: clonedRequest.method,\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tmode: clonedRequest.mode,\n\t\t\t\t\t\tcache: clonedRequest.cache,\n\t\t\t\t\t\tredirect: clonedRequest.redirect,\n\t\t\t\t\t\treferrer: clonedRequest.referrer,\n\t\t\t\t\t\tcredentials: clonedRequest.credentials,\n\t\t\t\t\t\tintegrity: clonedRequest.integrity,\n\t\t\t\t\t}).then(hideTokens(currentDatabase));\n\t\t\t\t}\n\n\t\t\t\t// if showAccessToken=true, the token is already in the body\n\t\t\t\t// of the request, and it does not need to be injected\n\t\t\t\t// and we can simply clone the request\n\t\t\t\treturn fetch(originalRequest, {\n\t\t\t\t\tbody: actualBody,\n\t\t\t\t\tmethod: clonedRequest.method,\n\t\t\t\t\theaders: {\n\t\t\t\t\t\t...serializeHeaders(originalRequest.headers),\n\t\t\t\t\t},\n\t\t\t\t\tmode: clonedRequest.mode,\n\t\t\t\t\tcache: clonedRequest.cache,\n\t\t\t\t\tredirect: clonedRequest.redirect,\n\t\t\t\t\treferrer: clonedRequest.referrer,\n\t\t\t\t\tcredentials: clonedRequest.credentials,\n\t\t\t\t\tintegrity: clonedRequest.integrity,\n\t\t\t\t});\n\t\t\t});\n\t\t\tresponse\n\t\t\t\t.then((r) => {\n\t\t\t\t\tresolve(r);\n\t\t\t\t})\n\t\t\t\t.catch((err) => {\n\t\t\t\t\treject(err);\n\t\t\t\t});\n\t\t});\n\n\t\tevent.respondWith(maPromesse);\n\t}\n};\n\nconst handleMessage = (event: ExtendableMessageEvent) => {\n\tconst port = event.ports[0];\n\tconst data = event.data as MessageEventData;\n\tif (event.data.type === 'claim') {\n\t\t_self.clients.claim().then(() => port.postMessage({}));\n\t\treturn;\n\t}\n\tconst configurationName = data.configurationName;\n\tlet currentDatabase = database[configurationName];\n\tif (trustedDomains == null) {\n\t\ttrustedDomains = {};\n\t}\n\tif (!currentDatabase) {\n\t\tconst trustedDomain = trustedDomains[configurationName];\n\t\tconst showAccessToken = Array.isArray(trustedDomain)\n\t\t\t? false\n\t\t\t: trustedDomain.showAccessToken;\n\t\tconst doNotSetAccessTokenToNavigateRequests = Array.isArray(trustedDomain)\n\t\t\t? true\n\t\t\t: trustedDomain.setAccessTokenToNavigateRequests;\n\t\tconst convertAllRequestsToCorsExceptNavigate = Array.isArray(trustedDomain)\n\t\t\t? false\n\t\t\t: trustedDomain.convertAllRequestsToCorsExceptNavigate;\n\t\tdatabase[configurationName] = {\n\t\t\ttokens: null,\n\t\t\tstate: null,\n\t\t\tcodeVerifier: null,\n\t\t\toidcServerConfiguration: null,\n\t\t\toidcConfiguration: undefined,\n\t\t\tnonce: null,\n\t\t\tstatus: null,\n\t\t\tconfigurationName,\n\t\t\thideAccessToken: !showAccessToken,\n\t\t\tsetAccessTokenToNavigateRequests:\n\t\t\t\tdoNotSetAccessTokenToNavigateRequests ?? true,\n\t\t\tconvertAllRequestsToCorsExceptNavigate:\n\t\t\t\tconvertAllRequestsToCorsExceptNavigate ?? false,\n\t\t\tdemonstratingProofOfPossessionNonce: null,\n\t\t\tdemonstratingProofOfPossessionJwkJson: null,\n\t\t};\n\t\tcurrentDatabase = database[configurationName];\n\n\t\tif (!trustedDomains[configurationName]) {\n\t\t\ttrustedDomains[configurationName] = [];\n\t\t}\n\t}\n\n\tswitch (data.type) {\n\t\tcase 'clear':\n\t\t\tcurrentDatabase.tokens = null;\n\t\t\tcurrentDatabase.state = null;\n\t\t\tcurrentDatabase.codeVerifier = null;\n\t\t\tcurrentDatabase.status = data.data.status;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\tcase 'init': {\n\t\t\tconst oidcServerConfiguration = data.data.oidcServerConfiguration;\n\t\t\tconst trustedDomain = trustedDomains[configurationName];\n\t\t\tconst domains = getDomains(trustedDomain, 'oidc');\n\t\t\tif (!domains.some((domain) => domain === acceptAnyDomainToken)) {\n\t\t\t\t[\n\t\t\t\t\toidcServerConfiguration.tokenEndpoint,\n\t\t\t\t\toidcServerConfiguration.revocationEndpoint,\n\t\t\t\t\toidcServerConfiguration.userInfoEndpoint,\n\t\t\t\t\toidcServerConfiguration.issuer,\n\t\t\t\t].forEach((url) => {\n\t\t\t\t\tcheckDomain(domains, url);\n\t\t\t\t});\n\t\t\t}\n\t\t\tcurrentDatabase.oidcServerConfiguration = oidcServerConfiguration;\n\t\t\tcurrentDatabase.oidcConfiguration = data.data.oidcConfiguration;\n\t\t\tconst where = data.data.where;\n\t\t\tif (\n\t\t\t\twhere === 'loginCallbackAsync' ||\n\t\t\t\twhere === 'tryKeepExistingSessionAsync'\n\t\t\t) {\n\t\t\t\tcurrentLoginCallbackConfigurationName = configurationName;\n\t\t\t} else {\n\t\t\t\tcurrentLoginCallbackConfigurationName = null;\n\t\t\t}\n\n\t\t\tif (!currentDatabase.tokens) {\n\t\t\t\tport.postMessage({\n\t\t\t\t\ttokens: null,\n\t\t\t\t\tstatus: currentDatabase.status,\n\t\t\t\t\tconfigurationName,\n\t\t\t\t\tversion,\n\t\t\t\t});\n\t\t\t} else {\n\t\t\t\tconst tokens = {\n\t\t\t\t\t...currentDatabase.tokens,\n\t\t\t\t};\n\t\t\t\tif (currentDatabase.hideAccessToken) {\n\t\t\t\t\ttokens.access_token = TOKEN.ACCESS_TOKEN + '_' + configurationName;\n\t\t\t\t}\n\t\t\t\tif (tokens.refresh_token) {\n\t\t\t\t\ttokens.refresh_token = TOKEN.REFRESH_TOKEN + '_' + configurationName;\n\t\t\t\t}\n\t\t\t\tif (\n\t\t\t\t\ttokens.idTokenPayload &&\n\t\t\t\t\ttokens.idTokenPayload.nonce &&\n\t\t\t\t\tcurrentDatabase.nonce != null\n\t\t\t\t) {\n\t\t\t\t\ttokens.idTokenPayload.nonce =\n\t\t\t\t\t\tTOKEN.NONCE_TOKEN + '_' + configurationName;\n\t\t\t\t}\n\t\t\t\tport.postMessage({\n\t\t\t\t\ttokens,\n\t\t\t\t\tstatus: currentDatabase.status,\n\t\t\t\t\tconfigurationName,\n\t\t\t\t\tversion,\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn;\n\t\t}\n\t\tcase 'setDemonstratingProofOfPossessionNonce': {\n\t\t\tcurrentDatabase.demonstratingProofOfPossessionNonce =\n\t\t\t\tdata.data.demonstratingProofOfPossessionNonce;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getDemonstratingProofOfPossessionNonce': {\n\t\t\tconst demonstratingProofOfPossessionNonce =\n\t\t\t\tcurrentDatabase.demonstratingProofOfPossessionNonce;\n\t\t\tport.postMessage({\n\t\t\t\tconfigurationName,\n\t\t\t\tdemonstratingProofOfPossessionNonce,\n\t\t\t});\n\t\t\treturn;\n\t\t}\n\t\tcase 'setDemonstratingProofOfPossessionJwk': {\n\t\t\tcurrentDatabase.demonstratingProofOfPossessionJwkJson =\n\t\t\t\tdata.data.demonstratingProofOfPossessionJwkJson;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getDemonstratingProofOfPossessionJwk': {\n\t\t\tconst demonstratingProofOfPossessionJwkJson =\n\t\t\t\tcurrentDatabase.demonstratingProofOfPossessionJwkJson;\n\t\t\tport.postMessage({\n\t\t\t\tconfigurationName,\n\t\t\t\tdemonstratingProofOfPossessionJwkJson,\n\t\t\t});\n\t\t\treturn;\n\t\t}\n\t\tcase 'setState': {\n\t\t\tcurrentDatabase.state = data.data.state;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getState': {\n\t\t\tconst state = currentDatabase.state;\n\t\t\tport.postMessage({ configurationName, state });\n\t\t\treturn;\n\t\t}\n\t\tcase 'setCodeVerifier': {\n\t\t\tcurrentDatabase.codeVerifier = data.data.codeVerifier;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getCodeVerifier': {\n\t\t\tport.postMessage({\n\t\t\t\tconfigurationName,\n\t\t\t\tcodeVerifier:\n\t\t\t\t\tcurrentDatabase.codeVerifier != null\n\t\t\t\t\t\t? TOKEN.CODE_VERIFIER + '_' + configurationName\n\t\t\t\t\t\t: null,\n\t\t\t});\n\t\t\treturn;\n\t\t}\n\t\tcase 'setSessionState': {\n\t\t\tcurrentDatabase.sessionState = data.data.sessionState;\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getSessionState': {\n\t\t\tconst sessionState = currentDatabase.sessionState;\n\t\t\tport.postMessage({ configurationName, sessionState });\n\t\t\treturn;\n\t\t}\n\t\tcase 'setNonce': {\n\t\t\tconst nonce = data.data.nonce;\n\t\t\tif (nonce) {\n\t\t\t\tcurrentDatabase.nonce = nonce;\n\t\t\t}\n\t\t\tport.postMessage({ configurationName });\n\t\t\treturn;\n\t\t}\n\t\tcase 'getNonce': {\n\t\t\tconst keyNonce = TOKEN.NONCE_TOKEN + '_' + configurationName;\n\t\t\tconst nonce = currentDatabase.nonce ? keyNonce : null;\n\t\t\tport.postMessage({ configurationName, nonce });\n\t\t\treturn;\n\t\t}\n\t\tdefault: {\n\t\t\tcurrentDatabase.items = { ...data.data };\n\t\t\tport.postMessage({ configurationName });\n\t\t}\n\t}\n};\n\n_self.addEventListener('install', handleInstall);\n_self.addEventListener('activate', handleActivate);\n_self.addEventListener('fetch', handleFetch);\n_self.addEventListener('message', handleMessage);\n"],"names":["domain","database","trustedDomains","response"],"mappings":"AAAA,MAAM,iBAAiB;AACvB,MAAM,uBAAuB;AAS7B,MAAM,QAAmB;AAAA,EACvB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,aAAa;AAAA,EACb,eAAe;AACjB;AAQA,MAAM,iBAAqC;AAAA,EACzC,kCAAkC;AAAA,EAClC,sBAAsB;AAAA,EACtB,kBAAkB;AACpB;AAEA,MAAM,4BAA4B;AC7B3B,SAAS,aAAa,KAAa;AACrC,MAAA;AACH,WAAO,IAAI,IAAI,GAAG,EAAE,SAAS;AAAA,WACrB,OAAO;AACP,YAAA,MAAM,4BAA4B,GAAG,EAAE;AACxC,WAAA;AAAA,EACR;AACD;ACHgB,SAAA,YAAY,SAAmB,UAAkB;AAChE,MAAI,CAAC,UAAU;AACd;AAAA,EACD;AAEA,QAAM,SAAS,QAAQ,KAAK,CAACA,YAAW;AFTzC;AEUM,QAAA;AAEA,QAAA,OAAOA,YAAW,UAAU;AAC/B,iBAAW,IAAI,OAAO,IAAIA,OAAM,EAAE;AAAA,IAAA,OAC5B;AACKA,iBAAAA;AAAAA,IACZ;AAEO,YAAA,cAAS,SAAT,kCAAgB;AAAA,EAAQ,CAC/B;AACD,MAAI,CAAC,QAAQ;AACZ,UAAM,IAAI;AAAA,MACT,YAAY,WAAW,2CAA2C;AAAA,IAAA;AAAA,EAEpE;AACD;AAEa,MAAA,aAAa,CACzB,eACA,SACI;AACA,MAAA,MAAM,QAAQ,aAAa,GAAG;AAC1B,WAAA;AAAA,EACR;AAEA,SAAO,cAAc,GAAG,IAAI,SAAS,KAAK,cAAc,WAAW;AACpE;AAEO,MAAM,2BAA2B,CACvCC,WACA,KACAC,oBACI;AF1CL;AE2CK,MAAA,IAAI,SAAS,yBAAyB,GAAG;AACrC,WAAA;AAAA,EACR;AACA,aAAW,CAAC,KAAK,eAAe,KAAK,OAAO,QAAoBD,SAAQ,GAAG;AAC1E,UAAM,0BAA0B,gBAAgB;AAEhD,QAAI,CAAC,yBAAyB;AAC7B;AAAA,IACD;AAEA,QACC,wBAAwB,iBACxB,QAAQ,aAAa,wBAAwB,aAAa,GACzD;AACD;AAAA,IACD;AACA,QACC,wBAAwB,sBACxB,QAAQ,aAAa,wBAAwB,kBAAkB,GAC9D;AACD;AAAA,IACD;AACA,UAAM,gBAAgBC,mBAAkB,OAAO,CAAA,IAAKA,gBAAe,GAAG;AAEhE,UAAA,UAAU,WAAW,eAAe,aAAa;AACjD,UAAA,sBAAsB,wBAAwB,mBACjD,CAAC,wBAAwB,kBAAkB,GAAG,OAAO,IACrD,CAAC,GAAG,OAAO;AAEd,QAAI,iBAAiB;AACrB,QAAI,oBAAoB,KAAK,CAAC,MAAM,MAAM,oBAAoB,GAAG;AAC/C,uBAAA;AAAA,IAAA,OACX;AACN,eAAS,IAAI,GAAG,IAAI,oBAAoB,QAAQ,KAAK;AAChD,YAAA,SAAS,oBAAoB,CAAC;AAE9B,YAAA,OAAO,WAAW,UAAU;AAC/B,mBAAS,IAAI,OAAO,IAAI,MAAM,EAAE;AAAA,QACjC;AAEI,aAAA,YAAO,SAAP,gCAAc,MAAM;AACN,2BAAA;AACjB;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAEA,QAAI,gBAAgB;AACf,UAAA,CAAC,gBAAgB,QAAQ;AACrB,eAAA;AAAA,MACR;AACO,aAAA;AAAA,IACR;AAAA,EACD;AACO,SAAA;AACR;AChGA,SAAS,iBAAiB,SAAkB;AAC1C,QAAM,aAAqC,CAAA;AAChC,aAAA,OAAQ,QAAyB,QAAQ;AAC9C,QAAA,QAAQ,IAAI,GAAG,GAAG;AACpB,iBAAW,GAAG,IAAI,QAAQ,IAAI,GAAG;AAAA,IACnC;AAAA,EACF;AACO,SAAA;AACT;ACVA,MAAM,QAAQ,CAAC,OAAe,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;ACM9D,SAAA,YAAY,KAAa,MAAc;AACrD,SAAO,IAAI,MAAM,IAAI,EAAE,SAAS;AAClC;ACIA,SAAS,SAAS,OAAe;AAC/B,SAAO,KAAK;AAAA,IACV,iBAAiB,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,QAAQ,KAAK,GAAG,EAAE,QAAQ,KAAK,GAAG,CAAC;AAAA,EAAA;AAE5E;AACA,SAAS,iBAAiB,KAAa;AAC9B,SAAA;AAAA,IACL,MAAM,UAAU,IACb;AAAA,MACC,KAAK,GAAG;AAAA,MACR,CAAC,MAAM,OAAO,OAAO,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE;AAAA,IAAA,EAE5D,KAAK,EAAE;AAAA,EAAA;AAEd;AAEA,SAAS,gBACP,2CACA,WACA;AACA,QAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,SAAO,KAAK;AAAA,IACV,YACE,4CACA;AAAA,EAAA;AAEN;AAEA,SAAS,cAAc,QAAuB;AAC5C,MAAI,CAAC,QAAQ;AACJ,WAAA;AAAA,EACT;AACA,SAAO,gBAAgB,GAAG,OAAO,SAAS,IAAI;AAChD;AAEA,MAAM,sBAAsB,CAAC,UAAmB;AAC1C,MAAA;AACF,QAAI,CAAC,OAAO;AACH,aAAA;AAAA,IACT;AACA,QAAI,YAAY,OAAO,GAAG,MAAM,GAAG;AACjC,aAAO,SAAS,KAAK;AAAA,IAAA,OAChB;AACE,aAAA;AAAA,IACT;AAAA,WACO,GAAG;AACV,YAAQ,KAAK,CAAC;AAAA,EAChB;AACO,SAAA;AACT;AAIA,MAAM,oBAAoB,CACxB,QACA,OACA,4BACyC;AACzC,MAAI,OAAO,gBAAgB;AACzB,UAAM,iBAAiB,OAAO;AAE1B,QAAA,wBAAwB,WAAW,eAAe,KAAK;AAClD,aAAA,EAAE,SAAS,OAAO,QAAQ,0DAA0D,wBAAwB,MAAM,gCAAgC,eAAe,GAAG,GAAG;AAAA,IAChL;AAMA,UAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,QAAI,eAAe,OAAO,eAAe,MAAM,uBAAuB;AAC7D,aAAA,EAAE,SAAS,OAAO,QAAQ,yCAAyC,eAAe,GAAG,8BAA8B,qBAAqB,GAAG;AAAA,IACpJ;AAEM,UAAA,kBAAkB,KAAK,KAAK,KAAK;AACvC,QACE,eAAe,OACf,eAAe,MAAM,kBAAkB,uBACvC;AACO,aAAA,EAAE,SAAS,OAAO,QAAQ,2EAA2E,eAAe,MAAM,eAAe,8BAA8B,qBAAqB,GAAG;AAAA,IACxM;AAEA,QAAI,SAAS,eAAe,SAAS,eAAe,UAAU,OAAO;AAC5D,aAAA,EAAE,SAAS,OAAO,QAAQ,gCAAgC,KAAK,+BAA+B,eAAe,KAAK,GAAG;AAAA,IAC9H;AAAA,EACF;AACA,SAAO,EAAE,SAAS,MAAM,QAAQ,GAAG;AACrC;AAEA,SAAS,iBAAiB,QAAgB,oBAA+C,iBAAmC;AACtH,MAAA,CAAC,OAAO,WAAW;AACjB,QAAA,sBAAsB,mBAAmB,KAAK;AAChD,aAAO,mBAAmB;AAAA,IAAA,WACjB,mBAAmB,gBAAgB,KAAK;AACjD,aAAO,gBAAgB;AAAA,IAAA,OAClB;AACL,YAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AAC9C,aAAA;AAAA,IACT;AAAA,EACS,WAAA,OAAO,OAAO,aAAa,UAAU;AACvC,WAAA,SAAS,OAAO,WAAW,EAAE;AAAA,EACtC;AACA,SAAO,OAAO;AAChB;AAEA,SAAS,YAAY,QAAgB,wBAAoC,mBAA2B;AAC9F,MAAA,CAAC,OAAO,WAAW;AACrB,UAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,WAAO,YAAY;AAAA,EACV,WAAA,OAAO,OAAO,aAAa,UAAU;AAC9C,WAAO,YAAY,SAAS,OAAO,WAAW,EAAE;AAAA,EAClD;AAEM,QAAA,qBAAqB,oBAAoB,OAAO,YAAY;AAClE,QAAM,eAAe;AAAA,IACnB,GAAG;AAAA,IACH;AAAA,EAAA;AAEF,MAAI,uBAAuB,iBAAiB;AAC7B,iBAAA,eAAe,MAAM,eAAe,MAAM;AAAA,EACzD;AACA,SAAO,qBAAqB;AAE5B,MAAI,kBAAkB;AACtB,MAAI,OAAO,UAAU;AACD,sBAAA,oBAAoB,OAAO,QAAQ;AAC9C,WAAA,iBAAiB,EAAE,GAAG;AAC7B,QAAI,gBAAgB,SAAS,uBAAuB,SAAS,MAAM;AACjE,YAAM,WACF,MAAM,cAAc,MAAM,uBAAuB;AACrD,sBAAgB,QAAQ;AAAA,IAC1B;AACA,iBAAa,iBAAiB;AAAA,EAChC;AACA,MAAI,OAAO,eAAe;AACX,iBAAA,gBACT,MAAM,gBAAgB,MAAM;AAAA,EAClC;AAEA,SAAO,YAAY,iBAAiB,QAAQ,oBAAoB,eAAe;AAEzE,QAAA,WAAW,OAAO,OAAO,cAAc,WAAW,SAAS,OAAO,YAAY,EAAE,IAAI,OAAO;AAEjG,QAAM,mBACF,mBAAmB,gBAAgB,MAC7B,gBAAgB,MAChB,OAAO;AACjB,QAAM,uBACF,sBAAsB,mBAAmB,MACnC,mBAAmB,MACnB,OAAO,YAAY;AAEzB,MAAA;AACE,QAAA,iBACF,uBAAuB,kBACzB;AACE,MAAA,mBAAmB,eAAe,sBAAsB;AAC9C,gBAAA;AAAA,EAAA,WACH,mBAAmB,eAAe,kBAAkB;AACjD,gBAAA;AAAA,EAAA,OACP;AAED,gBAAA,mBAAmB,uBACb,mBACA;AAAA,EACZ;AACA,eAAa,YAAY;AAEzB,SAAO,YAAY;AACnB,QAAM,QAAQ,uBAAuB,QAC/B,uBAAuB,MAAM,QAC7B;AACA,QAAA,EAAE,SAAS,OAAA,IAAW;AAAA,IACxB;AAAA,IACA;AAAA,IACA,uBAAuB;AAAA,EAAA;AAE3B,MAAI,CAAC,SAAS;AACN,UAAA,MAAM,wCAAwC,MAAM,EAAE;AAAA,EAC9D;AAII,MAAA,uBAAuB,UAAU,QACjC,mBAAmB,uBAAuB,UAC1C,EAAE,mBAAmB,SACvB;AACM,UAAA,eAAe,uBAAuB,OAAO;AAEnD,2BAAuB,SAAS;AAAA,MAC9B,GAAG;AAAA,MACH,eAAe;AAAA,IAAA;AAAA,EACjB,OACK;AACL,2BAAuB,SAAS;AAAA,EAClC;AAEA,yBAAuB,SAAS;AACzB,SAAA;AACT;AAEA,SAAS,WAAW,wBAAoC;AACtD,QAAM,oBAAoB,uBAAuB;AACjD,SAAO,CAAC,aAAuB;AACzB,QAAA,SAAS,WAAW,KAAK;AACpB,aAAA;AAAA,IACT;AACA,WAAO,SAAS,KAAA,EAAO,KAAe,CAAC,WAAmB;AACxD,YAAM,eAAe,YAAY,QAAQ,wBAAwB,iBAAiB;AAC5E,YAAA,OAAO,KAAK,UAAU,YAAY;AACjC,aAAA,IAAI,SAAS,MAAM,QAAQ;AAAA,IAAA,CACnC;AAAA,EAAA;AAEL;ACjOgB,SAAA,oBAAoB,cAAqB,iBAA+B;AACpF,QAAM,QAAQ;AACd,SAAO,aAAa,QAAQ,OAAO,iBAAiB,eAAe,EAAE;AACzE;ACHA,MAAA,UAAe;ACqBf,IAAI,OAAO,iBAAiB,eAAe,OAAO,aAAa,gBAAgB,YAAY;AAE1F,eAAa,aAAa,WAAW;AAAA,IACpC,iBAAiB,SAAU,KAAa;AACvC,UAAI,OAAO,gBAAgB;AACnB,eAAA;AAAA,MAAA,OACD;AACA,cAAA,IAAI,MAAM,mCAAmC,GAAG;AAAA,MACvD;AAAA,IACD;AAAA,EAAA,CACA;AACF;AAEA,MAAM,QAAQ;AAId,MAAM,cAAc,cAAc;AAElC,MAAM,KAAK,KAAK,OAAU,oBAAA,QAAO,YAAY,GAAI,EAAE;AAEnD,MAAM,wBAAwB;AAC9B,MAAM,gBAAgB,CAAC,UAA2B;AACzC,UAAA,IAAI,kDAAkD,EAAE;AAC1D,QAAA,UAAU,MAAM,YAAa,CAAA;AACpC;AAEA,MAAM,iBAAiB,CAAC,UAA2B;AAC1C,UAAA,IAAI,kDAAkD,EAAE;AAChE,QAAM,UAAU,MAAM,QAAQ,MAAO,CAAA;AACtC;AAEA,IAAI,wCAAuD;AAC3D,MAAM,WAAqB,CAAA;AAE3B,MAAM,mCAAmC,CAACD,WAAoB,QAAgB;AAC7E,QAAM,YAA0B,CAAA;AAChC,aAAW,CAAG,EAAA,KAAK,KAAK,OAAO,QAAoBA,SAAQ,GAAG;AAE5D,QAAA,MAAM,2BAA2B,QACjC,IAAI,WAAW,aAAa,MAAM,wBAAwB,aAAa,CAAC,GACvE;AACD,gBAAU,KAAK,KAAK;AAAA,IAAA,WAEpB,MAAM,2BAA2B,QACjC,MAAM,wBAAwB,sBAC9B,IAAI;AAAA,MACH,aAAa,MAAM,wBAAwB,kBAAkB;AAAA,IAAA,GAE7D;AACD,gBAAU,KAAK,KAAK;AAAA,IACrB;AAAA,EACD;AACO,SAAA;AACR;AAEA,MAAM,iBAAiB,OAAO,UAAsB;AACnD,QAAM,kBAAkB,MAAM;AAC9B,QAAM,gBAAgB,gBAAgB,QAAQ,IAAI,cAAc;AAChE,QAAM,OAAO,EAAE,QAAQ,KAAK,YAAY,sBAAsB;AAC9D,QAAM,WAAW,IAAI,SAAS,MAAM,IAAI;AACxC,MAAI,CAAC,eAAe;AACnB,UAAM,qBAAqB,IAAI,IAAI,gBAAgB,GAAG;AACtD,UAAM,kBACL,OAAO,mBAAmB,aAAa,IAAI,iBAAiB,CAAC,KAAK;AACnE,aAAS,IAAI,GAAG,IAAI,iBAAiB,KAAK;AACnC,YAAA,MAAM,MAAO,KAAK,MAAM,KAAK,OAAO,IAAI,GAAI,CAAC;AACnD,YAAM,QAAQ,MAAM,OAAO,KAAK,kBAAkB;AAClD,YAAM,MAAM,IAAI,MAAM,SAAS,SAAS,OAAO;AAAA,IAChD;AAAA,EACD;AACO,SAAA;AACR;AAEA,MAAM,cAAc,OAAO,UAAsB;AAChD,QAAM,kBAAkB,MAAM;AACxB,QAAA,MAAM,aAAa,gBAAgB,GAAG;AACxC,MAAA,IAAI,SAAS,qBAAqB,GAAG;AAClC,UAAA,YAAY,eAAe,KAAK,CAAC;AACvC;AAAA,EACD;AAEA,QAAM,uCAAuC;AAAA,IAC5C;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAED,MACC,wCACA,qCAAqC,UACrC,qCAAqC,OAAO,cAC3C;AACD,WACC,qCAAqC,UACrC,CAAC,cAAc,qCAAqC,MAAM,GACzD;AACD,YAAM,MAAM,GAAG;AAAA,IAChB;AAEA,QAAI,cAAc,gBAAgB;AAElC,QACC,gBAAgB,SAAS,cACzB,qCAAqC,wCACpC;AACa,oBAAA;AAAA,IACf;AAEI,QAAA;AACJ,QACC,gBAAgB,QAAQ,cACxB,CAAC,qCAAqC,kCACrC;AACS,gBAAA;AAAA,QACT,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,MAAA;AAAA,IAC5C,OACM;AACI,gBAAA;AAAA,QACT,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,QAC3C,eACC,YAAY,qCAAqC,OAAO;AAAA,MAAA;AAAA,IAE3D;AACI,QAAA;AACA,QAAA,gBAAgB,SAAS,YAAY;AACjC,aAAA;AAAA,QACN;AAAA,MAAA;AAAA,IACD,OACM;AACC,aAAA;AAAA,QACN;AAAA,QACA,MAAM;AAAA,MAAA;AAAA,IAER;AAEA,UAAM,aAAa,IAAI,QAAQ,iBAAiB,IAAI;AAE9C,UAAA,YAAY,MAAM,UAAU,CAAC;AAEnC;AAAA,EACD;AAEI,MAAA,MAAM,QAAQ,WAAW,QAAQ;AACpC;AAAA,EACD;AAEA,MAAI,kBAAqC;AACnC,QAAA,mBAAmB,iCAAiC,UAAU,GAAG;AACvE,QAAM,iBAAiB,iBAAiB;AACxC,MAAI,iBAAiB,GAAG;AACvB,UAAM,aAAa,IAAI,QAAkB,CAAC,SAAS,WAAW;AACvD,YAAA,gBAAgB,gBAAgB;AACtC,YAAM,WAAW,cAAc,KAAO,EAAA,KAAK,CAAC,eAAe;AAEzD,YAAA,WAAW,SAAS,MAAM,aAAa,KACvC,WAAW,SAAS,MAAM,YAAY,GACrC;AACD,cAAI,UAAU;AACd,mBAAS,IAAI,GAAG,IAAI,gBAAgB,KAAK;AAClC,kBAAA,YAAY,iBAAiB,CAAC;AAEhC,gBAAA,aAAa,UAAU,UAAU,MAAM;AAC1C,oBAAM,kBACL,MAAM,gBAAgB,MAAM,UAAU;AACnC,kBAAA,WAAW,SAAS,eAAe,GAAG;AACzC,0BAAU,QAAQ;AAAA,kBACjB;AAAA,kBACA,mBAAmB,UAAU,OAAO,aAAuB;AAAA,gBAAA;AAE1C,kCAAA;AAClB;AAAA,cACD;AACA,oBAAM,iBACL,MAAM,eAAe,MAAM,UAAU;AAClC,kBAAA,WAAW,SAAS,cAAc,GAAG;AACxC,0BAAU,QAAQ;AAAA,kBACjB;AAAA,kBACA,mBAAmB,UAAU,OAAO,YAAY;AAAA,gBAAA;AAE/B,kCAAA;AAClB;AAAA,cACD;AAAA,YACD;AAAA,UACD;AACM,gBAAA,eAAe,MAAM,iBAAiB;AAAA,YAC3C,MAAM;AAAA,YACN,QAAQ,cAAc;AAAA,YACtB,SAAS;AAAA,cACR,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,YAC5C;AAAA,YACA,MAAM,cAAc;AAAA,YACpB,OAAO,cAAc;AAAA,YACrB,UAAU,cAAc;AAAA,YACxB,UAAU,cAAc;AAAA,YACxB,aAAa,cAAc;AAAA,YAC3B,WAAW,cAAc;AAAA,UAAA,CACzB;AAED,cACC,mBACA,gBAAgB,2BAA2B,QAC3C,gBAAgB,wBAAwB,sBACxC,IAAI;AAAA,YACH;AAAA,cACC,gBAAgB,wBAAwB;AAAA,YACzC;AAAA,UAAA,GAEA;AACM,mBAAA,aAAa,KAAK,OAAOE,cAAa;AACtC,oBAAA,OAAO,MAAMA,UAAS;AACrB,qBAAA,IAAI,SAAS,MAAMA,SAAQ;AAAA,YAAA,CAClC;AAAA,UACF;AACA,iBAAO,aAAa,KAAK,WAAW,eAA6B,CAAC;AAAA,QAElE,WAAA,WAAW,SAAS,gBAAgB,KACpC,uCACC;AACD,4BAAkB,SAAS,qCAAqC;AACxB,kDAAA;AACxC,cAAI,UAAU;AACV,cAAA,mBAAmB,gBAAgB,gBAAgB,MAAM;AAClD,sBAAA;AAAA,cACT;AAAA,cACA,gBAAgB;AAAA,YAAA;AAAA,UAElB;AAEA,iBAAO,MAAM,iBAAiB;AAAA,YAC7B,MAAM;AAAA,YACN,QAAQ,cAAc;AAAA,YACtB,SAAS;AAAA,cACR,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,YAC5C;AAAA,YACA,MAAM,cAAc;AAAA,YACpB,OAAO,cAAc;AAAA,YACrB,UAAU,cAAc;AAAA,YACxB,UAAU,cAAc;AAAA,YACxB,aAAa,cAAc;AAAA,YAC3B,WAAW,cAAc;AAAA,UACzB,CAAA,EAAE,KAAK,WAAW,eAAe,CAAC;AAAA,QACpC;AAKA,eAAO,MAAM,iBAAiB;AAAA,UAC7B,MAAM;AAAA,UACN,QAAQ,cAAc;AAAA,UACtB,SAAS;AAAA,YACR,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,UAC5C;AAAA,UACA,MAAM,cAAc;AAAA,UACpB,OAAO,cAAc;AAAA,UACrB,UAAU,cAAc;AAAA,UACxB,UAAU,cAAc;AAAA,UACxB,aAAa,cAAc;AAAA,UAC3B,WAAW,cAAc;AAAA,QAAA,CACzB;AAAA,MAAA,CACD;AAEC,eAAA,KAAK,CAAC,MAAM;AACZ,gBAAQ,CAAC;AAAA,MAAA,CACT,EACA,MAAM,CAAC,QAAQ;AACf,eAAO,GAAG;AAAA,MAAA,CACV;AAAA,IAAA,CACF;AAED,UAAM,YAAY,UAAU;AAAA,EAC7B;AACD;AAEA,MAAM,gBAAgB,CAAC,UAAkC;AAClD,QAAA,OAAO,MAAM,MAAM,CAAC;AAC1B,QAAM,OAAO,MAAM;AACf,MAAA,MAAM,KAAK,SAAS,SAAS;AAC1B,UAAA,QAAQ,QAAQ,KAAK,MAAM,KAAK,YAAY,CAAE,CAAA,CAAC;AACrD;AAAA,EACD;AACA,QAAM,oBAAoB,KAAK;AAC3B,MAAA,kBAAkB,SAAS,iBAAiB;AAChD,MAAI,kBAAkB,MAAM;AAC3B,qBAAiB,CAAA;AAAA,EAClB;AACA,MAAI,CAAC,iBAAiB;AACf,UAAA,gBAAgB,eAAe,iBAAiB;AACtD,UAAM,kBAAkB,MAAM,QAAQ,aAAa,IAChD,QACA,cAAc;AACjB,UAAM,wCAAwC,MAAM,QAAQ,aAAa,IACtE,OACA,cAAc;AACjB,UAAM,yCAAyC,MAAM,QAAQ,aAAa,IACvE,QACA,cAAc;AACjB,aAAS,iBAAiB,IAAI;AAAA,MAC7B,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,cAAc;AAAA,MACd,yBAAyB;AAAA,MACzB,mBAAmB;AAAA,MACnB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR;AAAA,MACA,iBAAiB,CAAC;AAAA,MAClB,kCACC,yCAAyC;AAAA,MAC1C,wCACC,0CAA0C;AAAA,MAC3C,qCAAqC;AAAA,MACrC,uCAAuC;AAAA,IAAA;AAExC,sBAAkB,SAAS,iBAAiB;AAExC,QAAA,CAAC,eAAe,iBAAiB,GAAG;AACxB,qBAAA,iBAAiB,IAAI;IACrC;AAAA,EACD;AAEA,UAAQ,KAAK,MAAM;AAAA,IAClB,KAAK;AACJ,sBAAgB,SAAS;AACzB,sBAAgB,QAAQ;AACxB,sBAAgB,eAAe;AACf,sBAAA,SAAS,KAAK,KAAK;AAC9B,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD,KAAK,QAAQ;AACN,YAAA,0BAA0B,KAAK,KAAK;AACpC,YAAA,gBAAgB,eAAe,iBAAiB;AAChD,YAAA,UAAU,WAAW,eAAe,MAAM;AAChD,UAAI,CAAC,QAAQ,KAAK,CAAC,WAAW,WAAW,oBAAoB,GAAG;AAC/D;AAAA,UACC,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,QAAA,EACvB,QAAQ,CAAC,QAAQ;AAClB,sBAAY,SAAS,GAAG;AAAA,QAAA,CACxB;AAAA,MACF;AACA,sBAAgB,0BAA0B;AAC1B,sBAAA,oBAAoB,KAAK,KAAK;AACxC,YAAA,QAAQ,KAAK,KAAK;AAEvB,UAAA,UAAU,wBACV,UAAU,+BACT;AACuC,gDAAA;AAAA,MAAA,OAClC;AACkC,gDAAA;AAAA,MACzC;AAEI,UAAA,CAAC,gBAAgB,QAAQ;AAC5B,aAAK,YAAY;AAAA,UAChB,QAAQ;AAAA,UACR,QAAQ,gBAAgB;AAAA,UACxB;AAAA,UACA;AAAA,QAAA,CACA;AAAA,MAAA,OACK;AACN,cAAM,SAAS;AAAA,UACd,GAAG,gBAAgB;AAAA,QAAA;AAEpB,YAAI,gBAAgB,iBAAiB;AAC7B,iBAAA,eAAe,MAAM,eAAe,MAAM;AAAA,QAClD;AACA,YAAI,OAAO,eAAe;AAClB,iBAAA,gBAAgB,MAAM,gBAAgB,MAAM;AAAA,QACpD;AACA,YACC,OAAO,kBACP,OAAO,eAAe,SACtB,gBAAgB,SAAS,MACxB;AACD,iBAAO,eAAe,QACrB,MAAM,cAAc,MAAM;AAAA,QAC5B;AACA,aAAK,YAAY;AAAA,UAChB;AAAA,UACA,QAAQ,gBAAgB;AAAA,UACxB;AAAA,UACA;AAAA,QAAA,CACA;AAAA,MACF;AACA;AAAA,IACD;AAAA,IACA,KAAK,0CAA0C;AAC9B,sBAAA,sCACf,KAAK,KAAK;AACN,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,0CAA0C;AAC9C,YAAM,sCACL,gBAAgB;AACjB,WAAK,YAAY;AAAA,QAChB;AAAA,QACA;AAAA,MAAA,CACA;AACD;AAAA,IACD;AAAA,IACA,KAAK,wCAAwC;AAC5B,sBAAA,wCACf,KAAK,KAAK;AACN,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,wCAAwC;AAC5C,YAAM,wCACL,gBAAgB;AACjB,WAAK,YAAY;AAAA,QAChB;AAAA,QACA;AAAA,MAAA,CACA;AACD;AAAA,IACD;AAAA,IACA,KAAK,YAAY;AACA,sBAAA,QAAQ,KAAK,KAAK;AAC7B,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,YAAY;AAChB,YAAM,QAAQ,gBAAgB;AAC9B,WAAK,YAAY,EAAE,mBAAmB,MAAO,CAAA;AAC7C;AAAA,IACD;AAAA,IACA,KAAK,mBAAmB;AACP,sBAAA,eAAe,KAAK,KAAK;AACpC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,mBAAmB;AACvB,WAAK,YAAY;AAAA,QAChB;AAAA,QACA,cACC,gBAAgB,gBAAgB,OAC7B,MAAM,gBAAgB,MAAM,oBAC5B;AAAA,MAAA,CACJ;AACD;AAAA,IACD;AAAA,IACA,KAAK,mBAAmB;AACP,sBAAA,eAAe,KAAK,KAAK;AACpC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,mBAAmB;AACvB,YAAM,eAAe,gBAAgB;AACrC,WAAK,YAAY,EAAE,mBAAmB,aAAc,CAAA;AACpD;AAAA,IACD;AAAA,IACA,KAAK,YAAY;AACV,YAAA,QAAQ,KAAK,KAAK;AACxB,UAAI,OAAO;AACV,wBAAgB,QAAQ;AAAA,MACzB;AACK,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACD;AAAA,IACA,KAAK,YAAY;AACV,YAAA,WAAW,MAAM,cAAc,MAAM;AACrC,YAAA,QAAQ,gBAAgB,QAAQ,WAAW;AACjD,WAAK,YAAY,EAAE,mBAAmB,MAAO,CAAA;AAC7C;AAAA,IACD;AAAA,IACA,SAAS;AACR,sBAAgB,QAAQ,EAAE,GAAG,KAAK,KAAK;AAClC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AAAA,IACvC;AAAA,EACD;AACD;AAEA,MAAM,iBAAiB,WAAW,aAAa;AAC/C,MAAM,iBAAiB,YAAY,cAAc;AACjD,MAAM,iBAAiB,SAAS,WAAW;AAC3C,MAAM,iBAAiB,WAAW,aAAa;"}
package/dist/src/version.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- declare const _default: "7.12.2";
1
+ declare const _default: "7.12.3";
2
2
  export default _default;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client-service-worker",
3
- "version": "7.12.2",
3
+ "version": "7.12.3",
4
4
  "type": "module",
5
5
  "private": false,
6
6
  "main": "dist/OidcServiceWorker.js",
package/src/version.ts CHANGED
@@ -1 +1 @@
1
- export default '7.12.2';
1
+ export default '7.12.3';