@axa-fr/oidc-client-service-worker 7.2.1 → 7.3.0-alpha.1020

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/OidcServiceWorker.js +38 -33
  2. package/dist/OidcServiceWorker.js.map +1 -1
  3. package/dist/OidcTrustedDomains.js +6 -1
  4. package/dist/src/types.d.ts +4 -1
  5. package/dist/src/types.d.ts.map +1 -1
  6. package/dist/src/utils/__tests__/testHelper.d.ts.map +1 -1
  7. package/dist/src/version.d.ts +1 -1
  8. package/package.json +1 -1
  9. package/src/OidcServiceWorker.ts +39 -47
  10. package/src/OidcTrustedDomains.js +6 -1
  11. package/src/types.ts +4 -1
  12. package/src/utils/__tests__/domains.spec.ts +2 -0
  13. package/src/utils/__tests__/testHelper.ts +3 -10
  14. package/src/utils/tokens.ts +4 -4
  15. package/src/version.ts +1 -1
package/dist/OidcServiceWorker.js CHANGED
@@ -12,7 +12,7 @@ const TokenRenewMode = {
12
12
  id_token_invalid: "id_token_invalid"
13
13
  };
14
14
  const openidWellknownUrlEndWith = "/.well-known/openid-configuration";
15
- const version = "7.2.1";
15
+ const version = "7.3.0-alpha.1020";
16
16
  function checkDomain(domains, endpoint) {
17
17
  if (!endpoint) {
18
18
  return;
@@ -139,18 +139,18 @@ const isTokensOidcValid = (tokens, nonce, oidcServerConfiguration) => {
139
139
  if (tokens.idTokenPayload) {
140
140
  const idTokenPayload = tokens.idTokenPayload;
141
141
  if (oidcServerConfiguration.issuer !== idTokenPayload.iss) {
142
- return { isValid: false, reason: "Issuer does not match" };
142
+ return { isValid: false, reason: `Issuer does not match (oidcServerConfiguration issuer) ${oidcServerConfiguration.issuer} !== (idTokenPayload issuer) ${idTokenPayload.iss}` };
143
143
  }
144
144
  const currentTimeUnixSecond = (/* @__PURE__ */ new Date()).getTime() / 1e3;
145
145
  if (idTokenPayload.exp && idTokenPayload.exp < currentTimeUnixSecond) {
146
- return { isValid: false, reason: "Token expired" };
146
+ return { isValid: false, reason: `Token expired at (idTokenPayload exp) ${idTokenPayload.exp} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };
147
147
  }
148
148
  const timeInSevenDays = 60 * 60 * 24 * 7;
149
149
  if (idTokenPayload.iat && idTokenPayload.iat + timeInSevenDays < currentTimeUnixSecond) {
150
- return { isValid: false, reason: "Token is used from too long time" };
150
+ return { isValid: false, reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${idTokenPayload.iat + timeInSevenDays} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };
151
151
  }
152
152
  if (nonce && idTokenPayload.nonce && idTokenPayload.nonce !== nonce) {
153
- return { isValid: false, reason: "Nonce does not match" };
153
+ return { isValid: false, reason: `Nonce does not match (nonce) ${nonce} !== (idTokenPayload nonce) ${idTokenPayload.nonce}` };
154
154
  }
155
155
  }
156
156
  return { isValid: true, reason: "" };
@@ -249,18 +249,7 @@ const handleActivate = (event) => {
249
249
  event.waitUntil(_self.clients.claim());
250
250
  };
251
251
  let currentLoginCallbackConfigurationName = null;
252
- const database = {
253
- default: {
254
- configurationName: "default",
255
- tokens: null,
256
- status: null,
257
- state: null,
258
- codeVerifier: null,
259
- nonce: null,
260
- oidcServerConfiguration: null,
261
- hideAccessToken: true
262
- }
263
- };
252
+ const database = {};
264
253
  const getCurrentDatabasesTokenEndpoint = (database2, url) => {
265
254
  const databases = [];
266
255
  for (const [, value] of Object.entries(database2)) {
@@ -304,18 +293,33 @@ const handleFetch = async (event) => {
304
293
  while (currentDatabaseForRequestAccessToken.tokens && !isTokensValid(currentDatabaseForRequestAccessToken.tokens)) {
305
294
  await sleep(200);
306
295
  }
307
- const newRequest = originalRequest.mode === "navigate" ? new Request(originalRequest, {
308
- headers: {
309
- ...serializeHeaders(originalRequest.headers),
310
- authorization: "Bearer " + currentDatabaseForRequestAccessToken.tokens.access_token
311
- }
312
- }) : new Request(originalRequest, {
313
- headers: {
296
+ let requestMode = originalRequest.mode;
297
+ if (originalRequest.mode !== "navigate" && currentDatabaseForRequestAccessToken.convertAllRequestsToCorsExceptNavigate) {
298
+ requestMode = "cors";
299
+ }
300
+ let headers;
301
+ if (originalRequest.mode == "navigate" && !currentDatabaseForRequestAccessToken.setAccessTokenToNavigateRequests) {
302
+ headers = {
314
303
  ...serializeHeaders(originalRequest.headers),
315
304
  authorization: "Bearer " + currentDatabaseForRequestAccessToken.tokens.access_token
316
- },
317
- mode: currentDatabaseForRequestAccessToken.oidcConfiguration.service_worker_convert_all_requests_to_cors ? "cors" : originalRequest.mode
318
- });
305
+ };
306
+ } else {
307
+ headers = {
308
+ ...serializeHeaders(originalRequest.headers)
309
+ };
310
+ }
311
+ let init;
312
+ if (originalRequest.mode === "navigate") {
313
+ init = {
314
+ headers
315
+ };
316
+ } else {
317
+ init = {
318
+ headers,
319
+ mode: requestMode
320
+ };
321
+ }
322
+ const newRequest = new Request(originalRequest, init);
319
323
  event.waitUntil(event.respondWith(fetch(newRequest)));
320
324
  return;
321
325
  }
@@ -423,7 +427,6 @@ const handleFetch = async (event) => {
423
427
  event.waitUntil(event.respondWith(maPromesse));
424
428
  }
425
429
  };
426
- const trustedDomainsShowAccessToken = {};
427
430
  const handleMessage = (event) => {
428
431
  const port = event.ports[0];
429
432
  const data = event.data;
@@ -433,10 +436,10 @@ const handleMessage = (event) => {
433
436
  trustedDomains = {};
434
437
  }
435
438
  if (!currentDatabase) {
436
- if (trustedDomainsShowAccessToken[configurationName] === void 0) {
437
- const trustedDomain = trustedDomains[configurationName];
438
- trustedDomainsShowAccessToken[configurationName] = Array.isArray(trustedDomain) ? false : trustedDomain.showAccessToken;
439
- }
439
+ const trustedDomain = trustedDomains[configurationName];
440
+ const showAccessToken = Array.isArray(trustedDomain) ? false : trustedDomain.showAccessToken;
441
+ const doNotSetAccessTokenToNavigateRequests = Array.isArray(trustedDomain) ? true : trustedDomain.setAccessTokenToNavigateRequests;
442
+ const convertAllRequestsToCorsExceptNavigate = Array.isArray(trustedDomain) ? false : trustedDomain.convertAllRequestsToCorsExceptNavigate;
440
443
  database[configurationName] = {
441
444
  tokens: null,
442
445
  state: null,
@@ -446,7 +449,9 @@ const handleMessage = (event) => {
446
449
  nonce: null,
447
450
  status: null,
448
451
  configurationName,
449
- hideAccessToken: !trustedDomainsShowAccessToken[configurationName]
452
+ hideAccessToken: !showAccessToken,
453
+ setAccessTokenToNavigateRequests: doNotSetAccessTokenToNavigateRequests || true,
454
+ convertAllRequestsToCorsExceptNavigate: convertAllRequestsToCorsExceptNavigate || false
450
455
  };
451
456
  currentDatabase = database[configurationName];
452
457
  if (!trustedDomains[configurationName]) {
package/dist/OidcServiceWorker.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OidcServiceWorker.js","sources":["../src/constants.ts","../src/version.ts","../src/utils/domains.ts","../src/utils/serializeHeaders.ts","../src/utils/sleep.ts","../src/utils/strings.ts","../src/utils/tokens.ts","../src/utils/codeVerifier.ts","../src/OidcServiceWorker.ts"],"sourcesContent":["const scriptFilename = 'OidcTrustedDomains.js';\nconst acceptAnyDomainToken = '*';\n\ntype TokenType = {\n readonly REFRESH_TOKEN: string;\n readonly ACCESS_TOKEN: string;\n readonly NONCE_TOKEN: string;\n readonly CODE_VERIFIER: string;\n};\n\nconst TOKEN: TokenType = {\n REFRESH_TOKEN: 'REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER',\n ACCESS_TOKEN: 'ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER',\n NONCE_TOKEN: 'NONCE_SECURED_BY_OIDC_SERVICE_WORKER',\n CODE_VERIFIER: 'CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER',\n};\n\ntype TokenRenewModeType = {\n readonly access_token_or_id_token_invalid: string;\n readonly access_token_invalid: string;\n readonly id_token_invalid: string;\n};\n\nconst TokenRenewMode: TokenRenewModeType = {\n access_token_or_id_token_invalid: 'access_token_or_id_token_invalid',\n access_token_invalid: 'access_token_invalid',\n id_token_invalid: 'id_token_invalid',\n};\n\nconst openidWellknownUrlEndWith = '/.well-known/openid-configuration';\n\nexport { acceptAnyDomainToken, openidWellknownUrlEndWith, scriptFilename, TOKEN, TokenRenewMode };\n","export default '7.2.1';\n","import {\n acceptAnyDomainToken,\n openidWellknownUrlEndWith,\n scriptFilename,\n} from '../constants';\nimport { Database, Domain, DomainDetails, OidcConfig, TrustedDomains } from '../types';\n\nfunction checkDomain(domains: Domain[], endpoint: string) {\n if (!endpoint) {\n return;\n }\n\n const domain = domains.find((domain) => {\n let testable: RegExp;\n\n if (typeof domain === 'string') {\n testable = new RegExp(`^${domain}`);\n } else {\n testable = domain;\n }\n\n return testable.test?.(endpoint);\n });\n if (!domain) {\n throw new Error(\n 'Domain ' +\n endpoint +\n ' is not trusted, please add domain in ' +\n scriptFilename,\n );\n }\n}\n\nexport const getDomains = (trustedDomain: Domain[] | DomainDetails, type: 'oidc' | 'accessToken') => {\n if (Array.isArray(trustedDomain)) {\n return trustedDomain;\n }\n\n return trustedDomain[`${type}Domains`] ?? trustedDomain.domains ?? [];\n};\n\nconst getCurrentDatabaseDomain = (\n database: Database,\n url: string,\n trustedDomains: TrustedDomains,\n) => {\n if (url.endsWith(openidWellknownUrlEndWith)) {\n return null;\n }\n for (const [key, currentDatabase] of Object.entries<OidcConfig>(database)) {\n const oidcServerConfiguration = currentDatabase.oidcServerConfiguration;\n\n if (!oidcServerConfiguration) {\n continue;\n }\n\n if (\n oidcServerConfiguration.tokenEndpoint &&\n url === oidcServerConfiguration.tokenEndpoint\n ) {\n continue;\n }\n if (\n oidcServerConfiguration.revocationEndpoint &&\n url === oidcServerConfiguration.revocationEndpoint\n ) {\n continue;\n }\n const trustedDomain = trustedDomains == null ? [] : trustedDomains[key];\n\n const domains = getDomains(trustedDomain, 'accessToken');\n const domainsToSendTokens = oidcServerConfiguration.userInfoEndpoint\n ? [oidcServerConfiguration.userInfoEndpoint, ...domains]\n : [...domains];\n\n let hasToSendToken = false;\n if (domainsToSendTokens.find((f) => f === acceptAnyDomainToken)) {\n hasToSendToken = true;\n } else {\n for (let i = 0; i < domainsToSendTokens.length; i++) {\n let domain = domainsToSendTokens[i];\n\n if (typeof domain === 'string') {\n domain = new RegExp(`^${domain}`);\n }\n\n if (domain.test?.(url)) {\n hasToSendToken = true;\n break;\n }\n }\n }\n\n if (hasToSendToken) {\n if (!currentDatabase.tokens) {\n return null;\n }\n return currentDatabase;\n }\n }\n return null;\n};\n\nexport { checkDomain, getCurrentDatabaseDomain };\n","import { FetchHeaders } from '../types';\n\nfunction serializeHeaders(headers: Headers) {\n const headersObj: Record<string, string> = {};\n for (const key of (headers as FetchHeaders).keys()) {\n if (headers.has(key)) {\n headersObj[key] = headers.get(key) as string;\n }\n }\n return headersObj;\n}\nexport { serializeHeaders };\n","const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));\nexport { sleep };\n","/**\n * Count occurances of letter in string\n * @param str\n * @param find\n * @returns\n */\nexport function countLetter(str: string, find: string) {\n return str.split(find).length - 1;\n}\n","/* eslint-disable simple-import-sort/exports */\nimport { TOKEN, TokenRenewMode } from '../constants';\nimport { OidcConfig, OidcConfiguration, OidcServerConfiguration, Tokens } from '../types';\nimport { countLetter } from './strings';\n\nfunction parseJwt(token: string) {\n return JSON.parse(\n b64DecodeUnicode(token.split('.')[1].replace('-', '+').replace('_', '/')),\n );\n}\nfunction b64DecodeUnicode(str: string) {\n return decodeURIComponent(\n Array.prototype.map\n .call(\n atob(str),\n (c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2),\n )\n .join(''),\n );\n}\n\nfunction computeTimeLeft(\n refreshTimeBeforeTokensExpirationInSecond: number,\n expiresAt: number,\n) {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n return Math.round(\n expiresAt -\n refreshTimeBeforeTokensExpirationInSecond -\n currentTimeUnixSecond,\n );\n}\n\nfunction isTokensValid(tokens: Tokens | null) {\n if (!tokens) {\n return false;\n }\n return computeTimeLeft(0, tokens.expiresAt) > 0;\n}\n\nconst extractTokenPayload = (token?: string) => {\n try {\n if (!token) {\n return null;\n }\n if (countLetter(token, '.') === 2) {\n return parseJwt(token);\n } else {\n return null;\n }\n } catch (e) {\n console.warn(e);\n }\n return null;\n};\n\n// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation (excluding rules #1, #4, #5, #7, #8, #12, and #13 which did not apply).\n// https://github.com/openid/AppAuth-JS/issues/65\nconst isTokensOidcValid = (\n tokens: Tokens,\n nonce: string | null,\n oidcServerConfiguration: OidcServerConfiguration,\n): { isValid: boolean; reason: string } => {\n if (tokens.idTokenPayload) {\n const idTokenPayload = tokens.idTokenPayload;\n // 2: The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.\n if (oidcServerConfiguration.issuer !== idTokenPayload.iss) {\n return { isValid: false, reason: 'Issuer does not match' };\n }\n // 3: The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.\n\n // 6: If the ID Token is received via direct communication between the Client and the Token Endpoint (which it is in this flow), the TLS server validation MAY be used to validate the issuer in place of checking the token signature. The Client MUST validate the signature of all other ID Tokens according to JWS [JWS] using the algorithm specified in the JWT alg Header Parameter. The Client MUST use the keys provided by the Issuer.\n\n // 9: The current time MUST be before the time represented by the exp Claim.\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n if (idTokenPayload.exp && idTokenPayload.exp < currentTimeUnixSecond) {\n return { isValid: false, reason: 'Token expired' };\n }\n // 10: The iat Claim can be used to reject tokens that were issued too far away from the current time, limiting the amount of time that nonces need to be stored to prevent attacks. The acceptable range is Client specific.\n const timeInSevenDays = 60 * 60 * 24 * 7;\n if (\n idTokenPayload.iat &&\n idTokenPayload.iat + timeInSevenDays < currentTimeUnixSecond\n ) {\n return { isValid: false, reason: 'Token is used from too long time' };\n }\n // 11: If a nonce value was sent in the Authentication Request, a nonce Claim MUST be present and its value checked to verify that it is the same value as the one that was sent in the Authentication Request. The Client SHOULD check the nonce value for replay attacks. The precise method for detecting replay attacks is Client specific.\n if (nonce && idTokenPayload.nonce && idTokenPayload.nonce !== nonce) {\n return { isValid: false, reason: 'Nonce does not match' };\n }\n }\n return { isValid: true, reason: '' };\n};\n\nfunction _hideTokens(tokens: Tokens, currentDatabaseElement: OidcConfig, configurationName: string) {\n if (!tokens.issued_at) {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n tokens.issued_at = currentTimeUnixSecond;\n } else if (typeof tokens.issued_at == \"string\") {\n tokens.issued_at = parseInt(tokens.issued_at, 10);\n }\n\n const accessTokenPayload = extractTokenPayload(tokens.access_token);\n const secureTokens = {\n ...tokens,\n accessTokenPayload,\n };\n if (currentDatabaseElement.hideAccessToken) {\n secureTokens.access_token = TOKEN.ACCESS_TOKEN + '_' + configurationName;\n }\n tokens.accessTokenPayload = accessTokenPayload;\n\n let _idTokenPayload = null;\n if (tokens.id_token) {\n _idTokenPayload = extractTokenPayload(tokens.id_token);\n tokens.idTokenPayload = { ..._idTokenPayload };\n if (_idTokenPayload.nonce && currentDatabaseElement.nonce != null) {\n const keyNonce =\n TOKEN.NONCE_TOKEN + '_' + currentDatabaseElement.configurationName;\n _idTokenPayload.nonce = keyNonce;\n }\n secureTokens.idTokenPayload = _idTokenPayload;\n }\n if (tokens.refresh_token) {\n secureTokens.refresh_token =\n TOKEN.REFRESH_TOKEN + '_' + configurationName;\n }\n\n const expireIn = typeof tokens.expires_in == \"string\" ? parseInt(tokens.expires_in, 10) : tokens.expires_in;\n\n const idTokenExpiresAt =\n _idTokenPayload && _idTokenPayload.exp\n ? _idTokenPayload.exp\n : Number.MAX_VALUE;\n const accessTokenExpiresAt =\n accessTokenPayload && accessTokenPayload.exp\n ? accessTokenPayload.exp\n : tokens.issued_at + expireIn;\n\n let expiresAt: number;\n const tokenRenewMode = (\n currentDatabaseElement.oidcConfiguration as OidcConfiguration\n ).token_renew_mode;\n if (tokenRenewMode === TokenRenewMode.access_token_invalid) {\n expiresAt = accessTokenExpiresAt;\n } else if (tokenRenewMode === TokenRenewMode.id_token_invalid) {\n expiresAt = idTokenExpiresAt;\n } else {\n expiresAt =\n idTokenExpiresAt < accessTokenExpiresAt\n ? idTokenExpiresAt\n : accessTokenExpiresAt;\n }\n secureTokens.expiresAt = expiresAt;\n\n tokens.expiresAt = expiresAt;\n const nonce = currentDatabaseElement.nonce\n ? currentDatabaseElement.nonce.nonce\n : null;\n const { isValid, reason } = isTokensOidcValid(\n tokens,\n nonce,\n currentDatabaseElement.oidcServerConfiguration as OidcServerConfiguration,\n ); // TODO: Type assertion, could be null.\n if (!isValid) {\n throw Error(`Tokens are not OpenID valid, reason: ${reason}`);\n }\n\n // When refresh_token is not rotated we reuse ald refresh_token\n if (\n currentDatabaseElement.tokens != null &&\n 'refresh_token' in currentDatabaseElement.tokens &&\n !('refresh_token' in tokens)\n ) {\n const refreshToken = currentDatabaseElement.tokens.refresh_token;\n\n currentDatabaseElement.tokens = {\n ...tokens,\n refresh_token: refreshToken,\n };\n } else {\n currentDatabaseElement.tokens = tokens;\n }\n\n currentDatabaseElement.status = 'LOGGED_IN';\n return secureTokens;\n}\n\nfunction hideTokens(currentDatabaseElement: OidcConfig) {\n const configurationName = currentDatabaseElement.configurationName;\n return (response: Response) => {\n if (response.status !== 200) {\n return response;\n }\n return response.json().then<Response>((tokens: Tokens) => {\n const secureTokens = _hideTokens(tokens, currentDatabaseElement, configurationName);\n const body = JSON.stringify(secureTokens);\n return new Response(body, response);\n });\n };\n}\n\nexport {\n b64DecodeUnicode,\n computeTimeLeft,\n isTokensValid,\n extractTokenPayload,\n isTokensOidcValid,\n hideTokens,\n _hideTokens,\n};\n","export function replaceCodeVerifier(codeVerifier:string, newCodeVerifier:string):string {\n const regex = /code_verifier=[A-Za-z0-9_-]+/i;\n return codeVerifier.replace(regex, `code_verifier=${newCodeVerifier}`);\n}\n","import { acceptAnyDomainToken, scriptFilename, TOKEN } from './constants';\nimport version from './version';\nimport {\n Database,\n MessageEventData,\n OidcConfig,\n OidcConfiguration,\n TrustedDomains,\n // TrustedDomainsShowAccessToken,\n} from './types';\nimport {\n checkDomain,\n getCurrentDatabaseDomain,\n getDomains,\n hideTokens,\n isTokensValid,\n serializeHeaders,\n sleep,\n} from './utils';\nimport { replaceCodeVerifier } from './utils/codeVerifier';\n\nconst _self = self as ServiceWorkerGlobalScope & typeof globalThis;\n\ndeclare let trustedDomains: TrustedDomains;\n\n_self.importScripts(scriptFilename);\n\nconst id = Math.round(new Date().getTime() / 1000).toString();\n\nconst keepAliveJsonFilename = 'OidcKeepAliveServiceWorker.json';\nconst handleInstall = (event: ExtendableEvent) => {\n console.log('[OidcServiceWorker] service worker installed ' + id);\n event.waitUntil(_self.skipWaiting());\n};\n\nconst handleActivate = (event: ExtendableEvent) => {\n console.log('[OidcServiceWorker] service worker activated ' + id);\n event.waitUntil(_self.clients.claim());\n};\n\nlet currentLoginCallbackConfigurationName: string | null = null;\nconst database: Database = {\n default: {\n configurationName: 'default',\n tokens: null,\n status: null,\n state: null,\n codeVerifier: null,\n nonce: null,\n oidcServerConfiguration: null,\n hideAccessToken: true,\n },\n};\n\nconst getCurrentDatabasesTokenEndpoint = (database: Database, url: string) => {\n const databases: OidcConfig[] = [];\n for (const [, value] of Object.entries<OidcConfig>(database)) {\n if (\n value.oidcServerConfiguration != null &&\n url.startsWith(value.oidcServerConfiguration.tokenEndpoint)\n ) {\n databases.push(value);\n } else if (\n value.oidcServerConfiguration != null &&\n value.oidcServerConfiguration.revocationEndpoint &&\n url.startsWith(value.oidcServerConfiguration.revocationEndpoint)\n ) {\n databases.push(value);\n }\n }\n return databases;\n};\n\nconst keepAliveAsync = async (event: FetchEvent) => {\n const originalRequest = event.request;\n const isFromVanilla = originalRequest.headers.has('oidc-vanilla');\n const init = { status: 200, statusText: 'oidc-service-worker' };\n const response = new Response('{}', init);\n if (!isFromVanilla) {\n const originalRequestUrl = new URL(originalRequest.url);\n const minSleepSeconds = Number(originalRequestUrl.searchParams.get('minSleepSeconds')) || 240;\n for (let i = 0; i < minSleepSeconds; i++) {\n await sleep(1000 + Math.floor(Math.random() * 1000));\n const cache = await caches.open('oidc_dummy_cache');\n await cache.put(event.request, response.clone());\n }\n }\n return response;\n};\n\nconst handleFetch = async (event: FetchEvent) => {\n const originalRequest = event.request;\n const url = originalRequest.url;\n if (originalRequest.url.includes(keepAliveJsonFilename)) {\n event.respondWith(keepAliveAsync(event));\n return;\n }\n\n const currentDatabaseForRequestAccessToken = getCurrentDatabaseDomain(\n database,\n originalRequest.url,\n trustedDomains,\n );\n if (\n currentDatabaseForRequestAccessToken &&\n currentDatabaseForRequestAccessToken.tokens &&\n currentDatabaseForRequestAccessToken.tokens.access_token\n ) {\n while (\n currentDatabaseForRequestAccessToken.tokens &&\n !isTokensValid(currentDatabaseForRequestAccessToken.tokens)\n ) {\n await sleep(200);\n }\n const newRequest =\n originalRequest.mode === 'navigate'\n ? new Request(originalRequest, {\n headers: {\n ...serializeHeaders(originalRequest.headers),\n authorization:\n 'Bearer ' +\n currentDatabaseForRequestAccessToken.tokens.access_token,\n },\n })\n : new Request(originalRequest, {\n headers: {\n ...serializeHeaders(originalRequest.headers),\n authorization:\n 'Bearer ' +\n currentDatabaseForRequestAccessToken.tokens.access_token,\n },\n mode: (\n currentDatabaseForRequestAccessToken.oidcConfiguration as OidcConfiguration\n ).service_worker_convert_all_requests_to_cors\n ? 'cors'\n : originalRequest.mode,\n });\n\n // @ts-ignore -- TODO: review, waitUntil takes a promise, this returns a void\n event.waitUntil(event.respondWith(fetch(newRequest)));\n\n return;\n }\n\n if (event.request.method !== 'POST') {\n return;\n }\n\n let currentDatabase: OidcConfig | null = null;\n const currentDatabases = getCurrentDatabasesTokenEndpoint(\n database,\n originalRequest.url,\n );\n const numberDatabase = currentDatabases.length;\n if (numberDatabase > 0) {\n const maPromesse = new Promise<Response>((resolve, reject) => {\n const clonedRequest = originalRequest.clone();\n const response = clonedRequest.text().then((actualBody) => {\n if (\n actualBody.includes(TOKEN.REFRESH_TOKEN) ||\n actualBody.includes(TOKEN.ACCESS_TOKEN)\n ) {\n let newBody = actualBody;\n for (let i = 0; i < numberDatabase; i++) {\n const currentDb = currentDatabases[i];\n\n if (currentDb && currentDb.tokens != null) {\n const keyRefreshToken =\n TOKEN.REFRESH_TOKEN + '_' + currentDb.configurationName;\n if (actualBody.includes(keyRefreshToken)) {\n newBody = newBody.replace(\n keyRefreshToken,\n encodeURIComponent(currentDb.tokens.refresh_token as string),\n );\n currentDatabase = currentDb;\n break;\n }\n const keyAccessToken =\n TOKEN.ACCESS_TOKEN + '_' + currentDb.configurationName;\n if (actualBody.includes(keyAccessToken)) {\n newBody = newBody.replace(\n keyAccessToken,\n encodeURIComponent(currentDb.tokens.access_token),\n );\n currentDatabase = currentDb;\n break;\n }\n }\n }\n const fetchPromise = fetch(originalRequest, {\n body: newBody,\n method: clonedRequest.method,\n headers: {\n ...serializeHeaders(originalRequest.headers),\n },\n mode: clonedRequest.mode,\n cache: clonedRequest.cache,\n redirect: clonedRequest.redirect,\n referrer: clonedRequest.referrer,\n credentials: clonedRequest.credentials,\n integrity: clonedRequest.integrity,\n });\n\n if (\n currentDatabase &&\n currentDatabase.oidcServerConfiguration != null &&\n currentDatabase.oidcServerConfiguration.revocationEndpoint &&\n url.startsWith(\n currentDatabase.oidcServerConfiguration.revocationEndpoint,\n )\n ) {\n return fetchPromise.then(async (response) => {\n const text = await response.text();\n return new Response(text, response);\n });\n }\n return fetchPromise.then(hideTokens(currentDatabase as OidcConfig)); // todo type assertion to OidcConfig but could be null, NEEDS REVIEW\n } else if (\n actualBody.includes('code_verifier=') &&\n currentLoginCallbackConfigurationName\n ) {\n currentDatabase = database[currentLoginCallbackConfigurationName];\n currentLoginCallbackConfigurationName = null;\n let newBody = actualBody;\n if (currentDatabase && currentDatabase.codeVerifier != null) {\n newBody = replaceCodeVerifier(newBody, currentDatabase.codeVerifier);\n }\n\n return fetch(originalRequest, {\n body: newBody,\n method: clonedRequest.method,\n headers: {\n ...serializeHeaders(originalRequest.headers),\n },\n mode: clonedRequest.mode,\n cache: clonedRequest.cache,\n redirect: clonedRequest.redirect,\n referrer: clonedRequest.referrer,\n credentials: clonedRequest.credentials,\n integrity: clonedRequest.integrity,\n }).then(hideTokens(currentDatabase));\n }\n\n // if showAccessToken=true, the token is already in the body\n // of the request, and it does not need to be injected\n // and we can simply clone the request\n return fetch(originalRequest, {\n body: actualBody,\n method: clonedRequest.method,\n headers: {\n ...serializeHeaders(originalRequest.headers),\n },\n mode: clonedRequest.mode,\n cache: clonedRequest.cache,\n redirect: clonedRequest.redirect,\n referrer: clonedRequest.referrer,\n credentials: clonedRequest.credentials,\n integrity: clonedRequest.integrity,\n });\n });\n response\n .then((r) => {\n resolve(r);\n })\n .catch((err) => {\n reject(err);\n });\n });\n\n // @ts-ignore -- TODO: review, waitUntil takes a promise, this returns a void\n event.waitUntil(event.respondWith(maPromesse));\n }\n};\n\ntype TrustedDomainsShowAccessToken = {\n [key: string]: boolean;\n}\n\nconst trustedDomainsShowAccessToken: TrustedDomainsShowAccessToken = {};\n\nconst handleMessage = (event: ExtendableMessageEvent) => {\n const port = event.ports[0];\n const data = event.data as MessageEventData;\n const configurationName = data.configurationName;\n let currentDatabase = database[configurationName];\n if (trustedDomains == null) {\n trustedDomains = {};\n }\n if (!currentDatabase) {\n if (trustedDomainsShowAccessToken[configurationName] === undefined) {\n const trustedDomain = trustedDomains[configurationName];\n trustedDomainsShowAccessToken[configurationName] = Array.isArray(trustedDomain) ? false : trustedDomain.showAccessToken;\n }\n database[configurationName] = {\n tokens: null,\n state: null,\n codeVerifier: null,\n oidcServerConfiguration: null,\n oidcConfiguration: undefined,\n nonce: null,\n status: null,\n configurationName,\n hideAccessToken: !trustedDomainsShowAccessToken[configurationName],\n };\n currentDatabase = database[configurationName];\n\n if (!trustedDomains[configurationName]) {\n trustedDomains[configurationName] = [];\n }\n }\n\n switch (data.type) {\n case 'clear':\n currentDatabase.tokens = null;\n currentDatabase.state = null;\n currentDatabase.codeVerifier = null;\n currentDatabase.status = data.data.status;\n port.postMessage({ configurationName });\n return;\n case 'init': {\n const oidcServerConfiguration = data.data.oidcServerConfiguration;\n const trustedDomain = trustedDomains[configurationName];\n const domains = getDomains(trustedDomain, 'oidc');\n if (!domains.find((f) => f === acceptAnyDomainToken)) {\n [\n oidcServerConfiguration.tokenEndpoint,\n oidcServerConfiguration.revocationEndpoint,\n oidcServerConfiguration.userInfoEndpoint,\n oidcServerConfiguration.issuer,\n ].forEach((url) => {\n checkDomain(domains, url);\n });\n }\n currentDatabase.oidcServerConfiguration = oidcServerConfiguration;\n currentDatabase.oidcConfiguration = data.data.oidcConfiguration;\n const where = data.data.where;\n if (\n where === 'loginCallbackAsync' ||\n where === 'tryKeepExistingSessionAsync'\n ) {\n currentLoginCallbackConfigurationName = configurationName;\n } else {\n currentLoginCallbackConfigurationName = null;\n }\n\n if (!currentDatabase.tokens) {\n port.postMessage({\n tokens: null,\n status: currentDatabase.status,\n configurationName,\n version\n });\n } else {\n const tokens = {\n ...currentDatabase.tokens,\n };\n if (currentDatabase.hideAccessToken) {\n tokens.access_token = TOKEN.ACCESS_TOKEN + '_' + configurationName;\n }\n if (tokens.refresh_token) {\n tokens.refresh_token = TOKEN.REFRESH_TOKEN + '_' + configurationName;\n }\n if (\n tokens.idTokenPayload &&\n tokens.idTokenPayload.nonce &&\n currentDatabase.nonce != null\n ) {\n tokens.idTokenPayload.nonce =\n TOKEN.NONCE_TOKEN + '_' + configurationName;\n }\n port.postMessage({\n tokens,\n status: currentDatabase.status,\n configurationName,\n version\n });\n }\n return;\n }\n case 'setState':\n currentDatabase.state = data.data.state;\n port.postMessage({ configurationName });\n return;\n case 'getState': {\n const state = currentDatabase.state;\n port.postMessage({ configurationName, state });\n return;\n }\n case 'setCodeVerifier':\n currentDatabase.codeVerifier = data.data.codeVerifier;\n port.postMessage({ configurationName });\n return;\n case 'getCodeVerifier': {\n port.postMessage({\n configurationName,\n codeVerifier: currentDatabase.codeVerifier != null ? TOKEN.CODE_VERIFIER + '_' + configurationName : null,\n });\n return;\n }\n case 'setSessionState':\n currentDatabase.sessionState = data.data.sessionState;\n port.postMessage({ configurationName });\n return;\n case 'getSessionState': {\n const sessionState = currentDatabase.sessionState;\n port.postMessage({ configurationName, sessionState });\n return;\n }\n case 'setNonce': {\n const nonce = data.data.nonce;\n if (nonce) {\n currentDatabase.nonce = nonce;\n }\n port.postMessage({ configurationName });\n return;\n }\n case 'getNonce': {\n const keyNonce = TOKEN.NONCE_TOKEN + '_' + configurationName;\n const nonce = currentDatabase.nonce ? keyNonce : null;\n port.postMessage({ configurationName, nonce });\n return;\n }\n default:\n currentDatabase.items = { ...data.data };\n port.postMessage({ configurationName });\n }\n};\n\n_self.addEventListener('install', handleInstall);\n_self.addEventListener('activate', handleActivate);\n_self.addEventListener('fetch', handleFetch);\n_self.addEventListener('message', handleMessage);\n"],"names":["domain","database","trustedDomains","response"],"mappings":"AAAA,MAAM,iBAAiB;AACvB,MAAM,uBAAuB;AAS7B,MAAM,QAAmB;AAAA,EACvB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,aAAa;AAAA,EACb,eAAe;AACjB;AAQA,MAAM,iBAAqC;AAAA,EACzC,kCAAkC;AAAA,EAClC,sBAAsB;AAAA,EACtB,kBAAkB;AACpB;AAEA,MAAM,4BAA4B;AC7BlC,MAAA,UAAe;ACOf,SAAS,YAAY,SAAmB,UAAkB;AACxD,MAAI,CAAC,UAAU;AACb;AAAA,EACF;AAEA,QAAM,SAAS,QAAQ,KAAK,CAACA,YAAW;AFZ1C;AEaQ,QAAA;AAEA,QAAA,OAAOA,YAAW,UAAU;AAC9B,iBAAW,IAAI,OAAO,IAAIA,OAAM,EAAE;AAAA,IAAA,OAC7B;AACMA,iBAAAA;AAAAA,IACb;AAEO,YAAA,cAAS,SAAT,kCAAgB;AAAA,EAAQ,CAChC;AACD,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR,YACE,WACA,2CACA;AAAA,IAAA;AAAA,EAEN;AACF;AAEa,MAAA,aAAa,CAAC,eAAyC,SAAiC;AAC/F,MAAA,MAAM,QAAQ,aAAa,GAAG;AACzB,WAAA;AAAA,EACT;AAEA,SAAO,cAAc,GAAG,IAAI,SAAS,KAAK,cAAc,WAAW;AACrE;AAEA,MAAM,2BAA2B,CAC/BC,WACA,KACAC,oBACG;AF7CL;AE8CM,MAAA,IAAI,SAAS,yBAAyB,GAAG;AACpC,WAAA;AAAA,EACT;AACA,aAAW,CAAC,KAAK,eAAe,KAAK,OAAO,QAAoBD,SAAQ,GAAG;AACzE,UAAM,0BAA0B,gBAAgB;AAEhD,QAAI,CAAC,yBAAyB;AAC5B;AAAA,IACF;AAEA,QACE,wBAAwB,iBACxB,QAAQ,wBAAwB,eAChC;AACA;AAAA,IACF;AACA,QACE,wBAAwB,sBACxB,QAAQ,wBAAwB,oBAChC;AACA;AAAA,IACF;AACA,UAAM,gBAAgBC,mBAAkB,OAAO,CAAA,IAAKA,gBAAe,GAAG;AAEhE,UAAA,UAAU,WAAW,eAAe,aAAa;AACjD,UAAA,sBAAsB,wBAAwB,mBAChD,CAAC,wBAAwB,kBAAkB,GAAG,OAAO,IACrD,CAAC,GAAG,OAAO;AAEf,QAAI,iBAAiB;AACrB,QAAI,oBAAoB,KAAK,CAAC,MAAM,MAAM,oBAAoB,GAAG;AAC9C,uBAAA;AAAA,IAAA,OACZ;AACL,eAAS,IAAI,GAAG,IAAI,oBAAoB,QAAQ,KAAK;AAC/C,YAAA,SAAS,oBAAoB,CAAC;AAE9B,YAAA,OAAO,WAAW,UAAU;AAC9B,mBAAS,IAAI,OAAO,IAAI,MAAM,EAAE;AAAA,QAClC;AAEI,aAAA,YAAO,SAAP,gCAAc,MAAM;AACL,2BAAA;AACjB;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,gBAAgB;AACd,UAAA,CAAC,gBAAgB,QAAQ;AACpB,eAAA;AAAA,MACT;AACO,aAAA;AAAA,IACT;AAAA,EACF;AACO,SAAA;AACT;ACnGA,SAAS,iBAAiB,SAAkB;AAC1C,QAAM,aAAqC,CAAA;AAChC,aAAA,OAAQ,QAAyB,QAAQ;AAC9C,QAAA,QAAQ,IAAI,GAAG,GAAG;AACpB,iBAAW,GAAG,IAAI,QAAQ,IAAI,GAAG;AAAA,IACnC;AAAA,EACF;AACO,SAAA;AACT;ACVA,MAAM,QAAQ,CAAC,OAAe,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;ACM9D,SAAA,YAAY,KAAa,MAAc;AACrD,SAAO,IAAI,MAAM,IAAI,EAAE,SAAS;AAClC;ACHA,SAAS,SAAS,OAAe;AAC/B,SAAO,KAAK;AAAA,IACV,iBAAiB,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,QAAQ,KAAK,GAAG,EAAE,QAAQ,KAAK,GAAG,CAAC;AAAA,EAAA;AAE5E;AACA,SAAS,iBAAiB,KAAa;AAC9B,SAAA;AAAA,IACL,MAAM,UAAU,IACb;AAAA,MACC,KAAK,GAAG;AAAA,MACR,CAAC,MAAM,OAAO,OAAO,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE;AAAA,IAAA,EAE5D,KAAK,EAAE;AAAA,EAAA;AAEd;AAEA,SAAS,gBACP,2CACA,WACA;AACA,QAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,SAAO,KAAK;AAAA,IACV,YACE,4CACA;AAAA,EAAA;AAEN;AAEA,SAAS,cAAc,QAAuB;AAC5C,MAAI,CAAC,QAAQ;AACJ,WAAA;AAAA,EACT;AACA,SAAO,gBAAgB,GAAG,OAAO,SAAS,IAAI;AAChD;AAEA,MAAM,sBAAsB,CAAC,UAAmB;AAC1C,MAAA;AACF,QAAI,CAAC,OAAO;AACH,aAAA;AAAA,IACT;AACA,QAAI,YAAY,OAAO,GAAG,MAAM,GAAG;AACjC,aAAO,SAAS,KAAK;AAAA,IAAA,OAChB;AACE,aAAA;AAAA,IACT;AAAA,WACO,GAAG;AACV,YAAQ,KAAK,CAAC;AAAA,EAChB;AACO,SAAA;AACT;AAIA,MAAM,oBAAoB,CACxB,QACA,OACA,4BACyC;AACzC,MAAI,OAAO,gBAAgB;AACzB,UAAM,iBAAiB,OAAO;AAE1B,QAAA,wBAAwB,WAAW,eAAe,KAAK;AACzD,aAAO,EAAE,SAAS,OAAO,QAAQ,wBAAwB;AAAA,IAC3D;AAMA,UAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,QAAI,eAAe,OAAO,eAAe,MAAM,uBAAuB;AACpE,aAAO,EAAE,SAAS,OAAO,QAAQ,gBAAgB;AAAA,IACnD;AAEM,UAAA,kBAAkB,KAAK,KAAK,KAAK;AACvC,QACE,eAAe,OACf,eAAe,MAAM,kBAAkB,uBACvC;AACA,aAAO,EAAE,SAAS,OAAO,QAAQ,mCAAmC;AAAA,IACtE;AAEA,QAAI,SAAS,eAAe,SAAS,eAAe,UAAU,OAAO;AACnE,aAAO,EAAE,SAAS,OAAO,QAAQ,uBAAuB;AAAA,IAC1D;AAAA,EACF;AACA,SAAO,EAAE,SAAS,MAAM,QAAQ,GAAG;AACrC;AAEA,SAAS,YAAY,QAAgB,wBAAoC,mBAA2B;AAC9F,MAAA,CAAC,OAAO,WAAW;AACrB,UAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,WAAO,YAAY;AAAA,EACV,WAAA,OAAO,OAAO,aAAa,UAAU;AAC9C,WAAO,YAAY,SAAS,OAAO,WAAW,EAAE;AAAA,EAClD;AAEM,QAAA,qBAAqB,oBAAoB,OAAO,YAAY;AAClE,QAAM,eAAe;AAAA,IACnB,GAAG;AAAA,IACH;AAAA,EAAA;AAEF,MAAI,uBAAuB,iBAAiB;AAC7B,iBAAA,eAAe,MAAM,eAAe,MAAM;AAAA,EACzD;AACA,SAAO,qBAAqB;AAE5B,MAAI,kBAAkB;AACtB,MAAI,OAAO,UAAU;AACD,sBAAA,oBAAoB,OAAO,QAAQ;AAC9C,WAAA,iBAAiB,EAAE,GAAG;AAC7B,QAAI,gBAAgB,SAAS,uBAAuB,SAAS,MAAM;AACjE,YAAM,WACF,MAAM,cAAc,MAAM,uBAAuB;AACrD,sBAAgB,QAAQ;AAAA,IAC1B;AACA,iBAAa,iBAAiB;AAAA,EAChC;AACA,MAAI,OAAO,eAAe;AACX,iBAAA,gBACT,MAAM,gBAAgB,MAAM;AAAA,EAClC;AAEM,QAAA,WAAW,OAAO,OAAO,cAAc,WAAW,SAAS,OAAO,YAAY,EAAE,IAAI,OAAO;AAEjG,QAAM,mBACF,mBAAmB,gBAAgB,MAC7B,gBAAgB,MAChB,OAAO;AACjB,QAAM,uBACF,sBAAsB,mBAAmB,MACnC,mBAAmB,MACnB,OAAO,YAAY;AAEzB,MAAA;AACE,QAAA,iBACF,uBAAuB,kBACzB;AACE,MAAA,mBAAmB,eAAe,sBAAsB;AAC9C,gBAAA;AAAA,EAAA,WACH,mBAAmB,eAAe,kBAAkB;AACjD,gBAAA;AAAA,EAAA,OACP;AAED,gBAAA,mBAAmB,uBACb,mBACA;AAAA,EACZ;AACA,eAAa,YAAY;AAEzB,SAAO,YAAY;AACnB,QAAM,QAAQ,uBAAuB,QAC/B,uBAAuB,MAAM,QAC7B;AACA,QAAA,EAAE,SAAS,OAAA,IAAW;AAAA,IACxB;AAAA,IACA;AAAA,IACA,uBAAuB;AAAA,EAAA;AAE3B,MAAI,CAAC,SAAS;AACN,UAAA,MAAM,wCAAwC,MAAM,EAAE;AAAA,EAC9D;AAII,MAAA,uBAAuB,UAAU,QACjC,mBAAmB,uBAAuB,UAC1C,EAAE,mBAAmB,SACvB;AACM,UAAA,eAAe,uBAAuB,OAAO;AAEnD,2BAAuB,SAAS;AAAA,MAC9B,GAAG;AAAA,MACH,eAAe;AAAA,IAAA;AAAA,EACjB,OACK;AACL,2BAAuB,SAAS;AAAA,EAClC;AAEA,yBAAuB,SAAS;AACzB,SAAA;AACT;AAEA,SAAS,WAAW,wBAAoC;AACtD,QAAM,oBAAoB,uBAAuB;AACjD,SAAO,CAAC,aAAuB;AACzB,QAAA,SAAS,WAAW,KAAK;AACpB,aAAA;AAAA,IACT;AACA,WAAO,SAAS,KAAA,EAAO,KAAe,CAAC,WAAmB;AACxD,YAAM,eAAe,YAAY,QAAQ,wBAAwB,iBAAiB;AAC5E,YAAA,OAAO,KAAK,UAAU,YAAY;AACjC,aAAA,IAAI,SAAS,MAAM,QAAQ;AAAA,IAAA,CACnC;AAAA,EAAA;AAEL;ACxMgB,SAAA,oBAAoB,cAAqB,iBAA+B;AACpF,QAAM,QAAQ;AACd,SAAO,aAAa,QAAQ,OAAO,iBAAiB,eAAe,EAAE;AACzE;ACkBA,MAAM,QAAQ;AAId,MAAM,cAAc,cAAc;AAElC,MAAM,KAAK,KAAK,OAAU,oBAAA,QAAO,YAAY,GAAI,EAAE;AAEnD,MAAM,wBAAwB;AAC9B,MAAM,gBAAgB,CAAC,UAA2B;AACxC,UAAA,IAAI,kDAAkD,EAAE;AAC1D,QAAA,UAAU,MAAM,YAAa,CAAA;AACrC;AAEA,MAAM,iBAAiB,CAAC,UAA2B;AACzC,UAAA,IAAI,kDAAkD,EAAE;AAChE,QAAM,UAAU,MAAM,QAAQ,MAAO,CAAA;AACvC;AAEA,IAAI,wCAAuD;AAC3D,MAAM,WAAqB;AAAA,EACzB,SAAS;AAAA,IACP,mBAAmB;AAAA,IACnB,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,cAAc;AAAA,IACd,OAAO;AAAA,IACP,yBAAyB;AAAA,IACzB,iBAAiB;AAAA,EACnB;AACF;AAEA,MAAM,mCAAmC,CAACD,WAAoB,QAAgB;AAC5E,QAAM,YAA0B,CAAA;AAChC,aAAW,CAAG,EAAA,KAAK,KAAK,OAAO,QAAoBA,SAAQ,GAAG;AAE1D,QAAA,MAAM,2BAA2B,QACjC,IAAI,WAAW,MAAM,wBAAwB,aAAa,GAC1D;AACA,gBAAU,KAAK,KAAK;AAAA,IAEpB,WAAA,MAAM,2BAA2B,QACjC,MAAM,wBAAwB,sBAC9B,IAAI,WAAW,MAAM,wBAAwB,kBAAkB,GAC/D;AACA,gBAAU,KAAK,KAAK;AAAA,IACtB;AAAA,EACF;AACO,SAAA;AACT;AAEA,MAAM,iBAAiB,OAAO,UAAsB;AAClD,QAAM,kBAAkB,MAAM;AAC9B,QAAM,gBAAgB,gBAAgB,QAAQ,IAAI,cAAc;AAChE,QAAM,OAAO,EAAE,QAAQ,KAAK,YAAY,sBAAsB;AAC9D,QAAM,WAAW,IAAI,SAAS,MAAM,IAAI;AACxC,MAAI,CAAC,eAAe;AAClB,UAAM,qBAAqB,IAAI,IAAI,gBAAgB,GAAG;AACtD,UAAM,kBAAkB,OAAO,mBAAmB,aAAa,IAAI,iBAAiB,CAAC,KAAK;AAC1F,aAAS,IAAI,GAAG,IAAI,iBAAiB,KAAK;AAClC,YAAA,MAAM,MAAO,KAAK,MAAM,KAAK,OAAO,IAAI,GAAI,CAAC;AACnD,YAAM,QAAQ,MAAM,OAAO,KAAK,kBAAkB;AAClD,YAAM,MAAM,IAAI,MAAM,SAAS,SAAS,OAAO;AAAA,IACjD;AAAA,EACF;AACO,SAAA;AACT;AAEA,MAAM,cAAc,OAAO,UAAsB;AAC/C,QAAM,kBAAkB,MAAM;AAC9B,QAAM,MAAM,gBAAgB;AAC5B,MAAI,gBAAgB,IAAI,SAAS,qBAAqB,GAAG;AACjD,UAAA,YAAY,eAAe,KAAK,CAAC;AACvC;AAAA,EACF;AAEA,QAAM,uCAAuC;AAAA,IAC3C;AAAA,IACA,gBAAgB;AAAA,IAChB;AAAA,EAAA;AAEF,MACE,wCACA,qCAAqC,UACrC,qCAAqC,OAAO,cAC5C;AACA,WACE,qCAAqC,UACrC,CAAC,cAAc,qCAAqC,MAAM,GAC1D;AACA,YAAM,MAAM,GAAG;AAAA,IACjB;AACA,UAAM,aACJ,gBAAgB,SAAS,aACrB,IAAI,QAAQ,iBAAiB;AAAA,MAC3B,SAAS;AAAA,QACP,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,QAC3C,eACE,YACA,qCAAqC,OAAO;AAAA,MAChD;AAAA,IAAA,CACD,IACD,IAAI,QAAQ,iBAAiB;AAAA,MAC3B,SAAS;AAAA,QACP,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,QAC3C,eACE,YACA,qCAAqC,OAAO;AAAA,MAChD;AAAA,MACA,MACE,qCAAqC,kBACrC,8CACE,SACA,gBAAgB;AAAA,IAAA,CACrB;AAGP,UAAM,UAAU,MAAM,YAAY,MAAM,UAAU,CAAC,CAAC;AAEpD;AAAA,EACF;AAEI,MAAA,MAAM,QAAQ,WAAW,QAAQ;AACnC;AAAA,EACF;AAEA,MAAI,kBAAqC;AACzC,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA,gBAAgB;AAAA,EAAA;AAElB,QAAM,iBAAiB,iBAAiB;AACxC,MAAI,iBAAiB,GAAG;AACtB,UAAM,aAAa,IAAI,QAAkB,CAAC,SAAS,WAAW;AACtD,YAAA,gBAAgB,gBAAgB;AACtC,YAAM,WAAW,cAAc,KAAO,EAAA,KAAK,CAAC,eAAe;AAEvD,YAAA,WAAW,SAAS,MAAM,aAAa,KACvC,WAAW,SAAS,MAAM,YAAY,GACtC;AACA,cAAI,UAAU;AACd,mBAAS,IAAI,GAAG,IAAI,gBAAgB,KAAK;AACjC,kBAAA,YAAY,iBAAiB,CAAC;AAEhC,gBAAA,aAAa,UAAU,UAAU,MAAM;AACzC,oBAAM,kBACJ,MAAM,gBAAgB,MAAM,UAAU;AACpC,kBAAA,WAAW,SAAS,eAAe,GAAG;AACxC,0BAAU,QAAQ;AAAA,kBAChB;AAAA,kBACA,mBAAmB,UAAU,OAAO,aAAuB;AAAA,gBAAA;AAE3C,kCAAA;AAClB;AAAA,cACF;AACA,oBAAM,iBACJ,MAAM,eAAe,MAAM,UAAU;AACnC,kBAAA,WAAW,SAAS,cAAc,GAAG;AACvC,0BAAU,QAAQ;AAAA,kBAChB;AAAA,kBACA,mBAAmB,UAAU,OAAO,YAAY;AAAA,gBAAA;AAEhC,kCAAA;AAClB;AAAA,cACF;AAAA,YACF;AAAA,UACF;AACM,gBAAA,eAAe,MAAM,iBAAiB;AAAA,YAC1C,MAAM;AAAA,YACN,QAAQ,cAAc;AAAA,YACtB,SAAS;AAAA,cACP,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,YAC7C;AAAA,YACA,MAAM,cAAc;AAAA,YACpB,OAAO,cAAc;AAAA,YACrB,UAAU,cAAc;AAAA,YACxB,UAAU,cAAc;AAAA,YACxB,aAAa,cAAc;AAAA,YAC3B,WAAW,cAAc;AAAA,UAAA,CAC1B;AAED,cACE,mBACA,gBAAgB,2BAA2B,QAC3C,gBAAgB,wBAAwB,sBACxC,IAAI;AAAA,YACF,gBAAgB,wBAAwB;AAAA,UAAA,GAE1C;AACO,mBAAA,aAAa,KAAK,OAAOE,cAAa;AACrC,oBAAA,OAAO,MAAMA,UAAS;AACrB,qBAAA,IAAI,SAAS,MAAMA,SAAQ;AAAA,YAAA,CACnC;AAAA,UACH;AACA,iBAAO,aAAa,KAAK,WAAW,eAA6B,CAAC;AAAA,QAElE,WAAA,WAAW,SAAS,gBAAgB,KACpC,uCACA;AACA,4BAAkB,SAAS,qCAAqC;AACxB,kDAAA;AACxC,cAAI,UAAU;AACV,cAAA,mBAAmB,gBAAgB,gBAAgB,MAAM;AACjD,sBAAA,oBAAoB,SAAS,gBAAgB,YAAY;AAAA,UACrE;AAEA,iBAAO,MAAM,iBAAiB;AAAA,YAC5B,MAAM;AAAA,YACN,QAAQ,cAAc;AAAA,YACtB,SAAS;AAAA,cACP,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,YAC7C;AAAA,YACA,MAAM,cAAc;AAAA,YACpB,OAAO,cAAc;AAAA,YACrB,UAAU,cAAc;AAAA,YACxB,UAAU,cAAc;AAAA,YACxB,aAAa,cAAc;AAAA,YAC3B,WAAW,cAAc;AAAA,UAC1B,CAAA,EAAE,KAAK,WAAW,eAAe,CAAC;AAAA,QACrC;AAKA,eAAO,MAAM,iBAAiB;AAAA,UAC5B,MAAM;AAAA,UACN,QAAQ,cAAc;AAAA,UACtB,SAAS;AAAA,YACP,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,UAC7C;AAAA,UACA,MAAM,cAAc;AAAA,UACpB,OAAO,cAAc;AAAA,UACrB,UAAU,cAAc;AAAA,UACxB,UAAU,cAAc;AAAA,UACxB,aAAa,cAAc;AAAA,UAC3B,WAAW,cAAc;AAAA,QAAA,CAC1B;AAAA,MAAA,CACF;AAEE,eAAA,KAAK,CAAC,MAAM;AACX,gBAAQ,CAAC;AAAA,MAAA,CACV,EACA,MAAM,CAAC,QAAQ;AACd,eAAO,GAAG;AAAA,MAAA,CACX;AAAA,IAAA,CACJ;AAGD,UAAM,UAAU,MAAM,YAAY,UAAU,CAAC;AAAA,EAC/C;AACF;AAMA,MAAM,gCAA+D,CAAA;AAErE,MAAM,gBAAgB,CAAC,UAAkC;AACjD,QAAA,OAAO,MAAM,MAAM,CAAC;AAC1B,QAAM,OAAO,MAAM;AACnB,QAAM,oBAAoB,KAAK;AAC3B,MAAA,kBAAkB,SAAS,iBAAiB;AAChD,MAAI,kBAAkB,MAAM;AAC1B,qBAAiB,CAAA;AAAA,EACnB;AACA,MAAI,CAAC,iBAAiB;AAChB,QAAA,8BAA8B,iBAAiB,MAAM,QAAW;AAC5D,YAAA,gBAAgB,eAAe,iBAAiB;AACtD,oCAA8B,iBAAiB,IAAI,MAAM,QAAQ,aAAa,IAAI,QAAQ,cAAc;AAAA,IAC1G;AACA,aAAS,iBAAiB,IAAI;AAAA,MAC5B,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,cAAc;AAAA,MACd,yBAAyB;AAAA,MACzB,mBAAmB;AAAA,MACnB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR;AAAA,MACA,iBAAiB,CAAC,8BAA8B,iBAAiB;AAAA,IAAA;AAEnE,sBAAkB,SAAS,iBAAiB;AAExC,QAAA,CAAC,eAAe,iBAAiB,GAAG;AACvB,qBAAA,iBAAiB,IAAI;IACtC;AAAA,EACF;AAEA,UAAQ,KAAK,MAAM;AAAA,IACjB,KAAK;AACH,sBAAgB,SAAS;AACzB,sBAAgB,QAAQ;AACxB,sBAAgB,eAAe;AACf,sBAAA,SAAS,KAAK,KAAK;AAC9B,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF,KAAK,QAAQ;AACL,YAAA,0BAA0B,KAAK,KAAK;AACpC,YAAA,gBAAgB,eAAe,iBAAiB;AAChD,YAAA,UAAU,WAAW,eAAe,MAAM;AAChD,UAAI,CAAC,QAAQ,KAAK,CAAC,MAAM,MAAM,oBAAoB,GAAG;AACpD;AAAA,UACE,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,QAAA,EACxB,QAAQ,CAAC,QAAQ;AACjB,sBAAY,SAAS,GAAG;AAAA,QAAA,CACzB;AAAA,MACH;AACF,sBAAgB,0BAA0B;AACxB,sBAAA,oBAAoB,KAAK,KAAK;AACxC,YAAA,QAAQ,KAAK,KAAK;AAEtB,UAAA,UAAU,wBACV,UAAU,+BACV;AACwC,gDAAA;AAAA,MAAA,OACnC;AACmC,gDAAA;AAAA,MAC1C;AAEI,UAAA,CAAC,gBAAgB,QAAQ;AAC3B,aAAK,YAAY;AAAA,UACf,QAAQ;AAAA,UACR,QAAQ,gBAAgB;AAAA,UACxB;AAAA,UACA;AAAA,QAAA,CACD;AAAA,MAAA,OACI;AACL,cAAM,SAAS;AAAA,UACb,GAAG,gBAAgB;AAAA,QAAA;AAErB,YAAI,gBAAgB,iBAAiB;AAC5B,iBAAA,eAAe,MAAM,eAAe,MAAM;AAAA,QACnD;AACA,YAAI,OAAO,eAAe;AACjB,iBAAA,gBAAgB,MAAM,gBAAgB,MAAM;AAAA,QACrD;AACA,YACE,OAAO,kBACP,OAAO,eAAe,SACtB,gBAAgB,SAAS,MACzB;AACA,iBAAO,eAAe,QACpB,MAAM,cAAc,MAAM;AAAA,QAC9B;AACA,aAAK,YAAY;AAAA,UACf;AAAA,UACA,QAAQ,gBAAgB;AAAA,UACxB;AAAA,UACA;AAAA,QAAA,CACD;AAAA,MACH;AACA;AAAA,IACF;AAAA,IACA,KAAK;AACa,sBAAA,QAAQ,KAAK,KAAK;AAC7B,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF,KAAK,YAAY;AACf,YAAM,QAAQ,gBAAgB;AAC9B,WAAK,YAAY,EAAE,mBAAmB,MAAO,CAAA;AAC7C;AAAA,IACF;AAAA,IACA,KAAK;AACa,sBAAA,eAAe,KAAK,KAAK;AACpC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF,KAAK,mBAAmB;AACtB,WAAK,YAAY;AAAA,QACf;AAAA,QACA,cAAc,gBAAgB,gBAAgB,OAAO,MAAM,gBAAgB,MAAM,oBAAoB;AAAA,MAAA,CACtG;AACD;AAAA,IACF;AAAA,IACA,KAAK;AACa,sBAAA,eAAe,KAAK,KAAK;AACpC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF,KAAK,mBAAmB;AACtB,YAAM,eAAe,gBAAgB;AACrC,WAAK,YAAY,EAAE,mBAAmB,aAAc,CAAA;AACpD;AAAA,IACF;AAAA,IACA,KAAK,YAAY;AACT,YAAA,QAAQ,KAAK,KAAK;AACxB,UAAI,OAAO;AACT,wBAAgB,QAAQ;AAAA,MAC1B;AACK,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF;AAAA,IACA,KAAK,YAAY;AACT,YAAA,WAAW,MAAM,cAAc,MAAM;AACrC,YAAA,QAAQ,gBAAgB,QAAQ,WAAW;AACjD,WAAK,YAAY,EAAE,mBAAmB,MAAO,CAAA;AAC7C;AAAA,IACF;AAAA,IACA;AACE,sBAAgB,QAAQ,EAAE,GAAG,KAAK,KAAK;AAClC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AAAA,EAC1C;AACF;AAEA,MAAM,iBAAiB,WAAW,aAAa;AAC/C,MAAM,iBAAiB,YAAY,cAAc;AACjD,MAAM,iBAAiB,SAAS,WAAW;AAC3C,MAAM,iBAAiB,WAAW,aAAa;"}
1
+ {"version":3,"file":"OidcServiceWorker.js","sources":["../src/constants.ts","../src/version.ts","../src/utils/domains.ts","../src/utils/serializeHeaders.ts","../src/utils/sleep.ts","../src/utils/strings.ts","../src/utils/tokens.ts","../src/utils/codeVerifier.ts","../src/OidcServiceWorker.ts"],"sourcesContent":["const scriptFilename = 'OidcTrustedDomains.js';\nconst acceptAnyDomainToken = '*';\n\ntype TokenType = {\n readonly REFRESH_TOKEN: string;\n readonly ACCESS_TOKEN: string;\n readonly NONCE_TOKEN: string;\n readonly CODE_VERIFIER: string;\n};\n\nconst TOKEN: TokenType = {\n REFRESH_TOKEN: 'REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER',\n ACCESS_TOKEN: 'ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER',\n NONCE_TOKEN: 'NONCE_SECURED_BY_OIDC_SERVICE_WORKER',\n CODE_VERIFIER: 'CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER',\n};\n\ntype TokenRenewModeType = {\n readonly access_token_or_id_token_invalid: string;\n readonly access_token_invalid: string;\n readonly id_token_invalid: string;\n};\n\nconst TokenRenewMode: TokenRenewModeType = {\n access_token_or_id_token_invalid: 'access_token_or_id_token_invalid',\n access_token_invalid: 'access_token_invalid',\n id_token_invalid: 'id_token_invalid',\n};\n\nconst openidWellknownUrlEndWith = '/.well-known/openid-configuration';\n\nexport { acceptAnyDomainToken, openidWellknownUrlEndWith, scriptFilename, TOKEN, TokenRenewMode };\n","export default '7.3.0-alpha.1020';\n","import {\n acceptAnyDomainToken,\n openidWellknownUrlEndWith,\n scriptFilename,\n} from '../constants';\nimport { Database, Domain, DomainDetails, OidcConfig, TrustedDomains } from '../types';\n\nfunction checkDomain(domains: Domain[], endpoint: string) {\n if (!endpoint) {\n return;\n }\n\n const domain = domains.find((domain) => {\n let testable: RegExp;\n\n if (typeof domain === 'string') {\n testable = new RegExp(`^${domain}`);\n } else {\n testable = domain;\n }\n\n return testable.test?.(endpoint);\n });\n if (!domain) {\n throw new Error(\n 'Domain ' +\n endpoint +\n ' is not trusted, please add domain in ' +\n scriptFilename,\n );\n }\n}\n\nexport const getDomains = (trustedDomain: Domain[] | DomainDetails, type: 'oidc' | 'accessToken') => {\n if (Array.isArray(trustedDomain)) {\n return trustedDomain;\n }\n\n return trustedDomain[`${type}Domains`] ?? trustedDomain.domains ?? [];\n};\n\nconst getCurrentDatabaseDomain = (\n database: Database,\n url: string,\n trustedDomains: TrustedDomains,\n) => {\n if (url.endsWith(openidWellknownUrlEndWith)) {\n return null;\n }\n for (const [key, currentDatabase] of Object.entries<OidcConfig>(database)) {\n const oidcServerConfiguration = currentDatabase.oidcServerConfiguration;\n\n if (!oidcServerConfiguration) {\n continue;\n }\n\n if (\n oidcServerConfiguration.tokenEndpoint &&\n url === oidcServerConfiguration.tokenEndpoint\n ) {\n continue;\n }\n if (\n oidcServerConfiguration.revocationEndpoint &&\n url === oidcServerConfiguration.revocationEndpoint\n ) {\n continue;\n }\n const trustedDomain = trustedDomains == null ? [] : trustedDomains[key];\n\n const domains = getDomains(trustedDomain, 'accessToken');\n const domainsToSendTokens = oidcServerConfiguration.userInfoEndpoint\n ? [oidcServerConfiguration.userInfoEndpoint, ...domains]\n : [...domains];\n\n let hasToSendToken = false;\n if (domainsToSendTokens.find((f) => f === acceptAnyDomainToken)) {\n hasToSendToken = true;\n } else {\n for (let i = 0; i < domainsToSendTokens.length; i++) {\n let domain = domainsToSendTokens[i];\n\n if (typeof domain === 'string') {\n domain = new RegExp(`^${domain}`);\n }\n\n if (domain.test?.(url)) {\n hasToSendToken = true;\n break;\n }\n }\n }\n\n if (hasToSendToken) {\n if (!currentDatabase.tokens) {\n return null;\n }\n return currentDatabase;\n }\n }\n return null;\n};\n\nexport { checkDomain, getCurrentDatabaseDomain };\n","import { FetchHeaders } from '../types';\n\nfunction serializeHeaders(headers: Headers) {\n const headersObj: Record<string, string> = {};\n for (const key of (headers as FetchHeaders).keys()) {\n if (headers.has(key)) {\n headersObj[key] = headers.get(key) as string;\n }\n }\n return headersObj;\n}\nexport { serializeHeaders };\n","const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));\nexport { sleep };\n","/**\n * Count occurances of letter in string\n * @param str\n * @param find\n * @returns\n */\nexport function countLetter(str: string, find: string) {\n return str.split(find).length - 1;\n}\n","/* eslint-disable simple-import-sort/exports */\nimport { TOKEN, TokenRenewMode } from '../constants';\nimport { OidcConfig, OidcConfiguration, OidcServerConfiguration, Tokens } from '../types';\nimport { countLetter } from './strings';\n\nfunction parseJwt(token: string) {\n return JSON.parse(\n b64DecodeUnicode(token.split('.')[1].replace('-', '+').replace('_', '/')),\n );\n}\nfunction b64DecodeUnicode(str: string) {\n return decodeURIComponent(\n Array.prototype.map\n .call(\n atob(str),\n (c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2),\n )\n .join(''),\n );\n}\n\nfunction computeTimeLeft(\n refreshTimeBeforeTokensExpirationInSecond: number,\n expiresAt: number,\n) {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n return Math.round(\n expiresAt -\n refreshTimeBeforeTokensExpirationInSecond -\n currentTimeUnixSecond,\n );\n}\n\nfunction isTokensValid(tokens: Tokens | null) {\n if (!tokens) {\n return false;\n }\n return computeTimeLeft(0, tokens.expiresAt) > 0;\n}\n\nconst extractTokenPayload = (token?: string) => {\n try {\n if (!token) {\n return null;\n }\n if (countLetter(token, '.') === 2) {\n return parseJwt(token);\n } else {\n return null;\n }\n } catch (e) {\n console.warn(e);\n }\n return null;\n};\n\n// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation (excluding rules #1, #4, #5, #7, #8, #12, and #13 which did not apply).\n// https://github.com/openid/AppAuth-JS/issues/65\nconst isTokensOidcValid = (\n tokens: Tokens,\n nonce: string | null,\n oidcServerConfiguration: OidcServerConfiguration,\n): { isValid: boolean; reason: string } => {\n if (tokens.idTokenPayload) {\n const idTokenPayload = tokens.idTokenPayload;\n // 2: The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.\n if (oidcServerConfiguration.issuer !== idTokenPayload.iss) {\n return { isValid: false, reason: `Issuer does not match (oidcServerConfiguration issuer) ${oidcServerConfiguration.issuer} !== (idTokenPayload issuer) ${idTokenPayload.iss}` };\n }\n // 3: The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.\n\n // 6: If the ID Token is received via direct communication between the Client and the Token Endpoint (which it is in this flow), the TLS server validation MAY be used to validate the issuer in place of checking the token signature. The Client MUST validate the signature of all other ID Tokens according to JWS [JWS] using the algorithm specified in the JWT alg Header Parameter. The Client MUST use the keys provided by the Issuer.\n\n // 9: The current time MUST be before the time represented by the exp Claim.\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n if (idTokenPayload.exp && idTokenPayload.exp < currentTimeUnixSecond) {\n return { isValid: false, reason: `Token expired at (idTokenPayload exp) ${idTokenPayload.exp} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };\n }\n // 10: The iat Claim can be used to reject tokens that were issued too far away from the current time, limiting the amount of time that nonces need to be stored to prevent attacks. The acceptable range is Client specific.\n const timeInSevenDays = 60 * 60 * 24 * 7;\n if (\n idTokenPayload.iat &&\n idTokenPayload.iat + timeInSevenDays < currentTimeUnixSecond\n ) {\n return { isValid: false, reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${idTokenPayload.iat + timeInSevenDays} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };\n }\n // 11: If a nonce value was sent in the Authentication Request, a nonce Claim MUST be present and its value checked to verify that it is the same value as the one that was sent in the Authentication Request. The Client SHOULD check the nonce value for replay attacks. The precise method for detecting replay attacks is Client specific.\n if (nonce && idTokenPayload.nonce && idTokenPayload.nonce !== nonce) {\n return { isValid: false, reason: `Nonce does not match (nonce) ${nonce} !== (idTokenPayload nonce) ${idTokenPayload.nonce}` };\n }\n }\n return { isValid: true, reason: '' };\n};\n\nfunction _hideTokens(tokens: Tokens, currentDatabaseElement: OidcConfig, configurationName: string) {\n if (!tokens.issued_at) {\n const currentTimeUnixSecond = new Date().getTime() / 1000;\n tokens.issued_at = currentTimeUnixSecond;\n } else if (typeof tokens.issued_at == \"string\") {\n tokens.issued_at = parseInt(tokens.issued_at, 10);\n }\n\n const accessTokenPayload = extractTokenPayload(tokens.access_token);\n const secureTokens = {\n ...tokens,\n accessTokenPayload,\n };\n if (currentDatabaseElement.hideAccessToken) {\n secureTokens.access_token = TOKEN.ACCESS_TOKEN + '_' + configurationName;\n }\n tokens.accessTokenPayload = accessTokenPayload;\n\n let _idTokenPayload = null;\n if (tokens.id_token) {\n _idTokenPayload = extractTokenPayload(tokens.id_token);\n tokens.idTokenPayload = { ..._idTokenPayload };\n if (_idTokenPayload.nonce && currentDatabaseElement.nonce != null) {\n const keyNonce =\n TOKEN.NONCE_TOKEN + '_' + currentDatabaseElement.configurationName;\n _idTokenPayload.nonce = keyNonce;\n }\n secureTokens.idTokenPayload = _idTokenPayload;\n }\n if (tokens.refresh_token) {\n secureTokens.refresh_token =\n TOKEN.REFRESH_TOKEN + '_' + configurationName;\n }\n\n const expireIn = typeof tokens.expires_in == \"string\" ? parseInt(tokens.expires_in, 10) : tokens.expires_in;\n\n const idTokenExpiresAt =\n _idTokenPayload && _idTokenPayload.exp\n ? _idTokenPayload.exp\n : Number.MAX_VALUE;\n const accessTokenExpiresAt =\n accessTokenPayload && accessTokenPayload.exp\n ? accessTokenPayload.exp\n : tokens.issued_at + expireIn;\n\n let expiresAt: number;\n const tokenRenewMode = (\n currentDatabaseElement.oidcConfiguration as OidcConfiguration\n ).token_renew_mode;\n if (tokenRenewMode === TokenRenewMode.access_token_invalid) {\n expiresAt = accessTokenExpiresAt;\n } else if (tokenRenewMode === TokenRenewMode.id_token_invalid) {\n expiresAt = idTokenExpiresAt;\n } else {\n expiresAt =\n idTokenExpiresAt < accessTokenExpiresAt\n ? idTokenExpiresAt\n : accessTokenExpiresAt;\n }\n secureTokens.expiresAt = expiresAt;\n\n tokens.expiresAt = expiresAt;\n const nonce = currentDatabaseElement.nonce\n ? currentDatabaseElement.nonce.nonce\n : null;\n const { isValid, reason } = isTokensOidcValid(\n tokens,\n nonce,\n currentDatabaseElement.oidcServerConfiguration as OidcServerConfiguration,\n ); // TODO: Type assertion, could be null.\n if (!isValid) {\n throw Error(`Tokens are not OpenID valid, reason: ${reason}`);\n }\n\n // When refresh_token is not rotated we reuse ald refresh_token\n if (\n currentDatabaseElement.tokens != null &&\n 'refresh_token' in currentDatabaseElement.tokens &&\n !('refresh_token' in tokens)\n ) {\n const refreshToken = currentDatabaseElement.tokens.refresh_token;\n\n currentDatabaseElement.tokens = {\n ...tokens,\n refresh_token: refreshToken,\n };\n } else {\n currentDatabaseElement.tokens = tokens;\n }\n\n currentDatabaseElement.status = 'LOGGED_IN';\n return secureTokens;\n}\n\nfunction hideTokens(currentDatabaseElement: OidcConfig) {\n const configurationName = currentDatabaseElement.configurationName;\n return (response: Response) => {\n if (response.status !== 200) {\n return response;\n }\n return response.json().then<Response>((tokens: Tokens) => {\n const secureTokens = _hideTokens(tokens, currentDatabaseElement, configurationName);\n const body = JSON.stringify(secureTokens);\n return new Response(body, response);\n });\n };\n}\n\nexport {\n b64DecodeUnicode,\n computeTimeLeft,\n isTokensValid,\n extractTokenPayload,\n isTokensOidcValid,\n hideTokens,\n _hideTokens,\n};\n","export function replaceCodeVerifier(codeVerifier:string, newCodeVerifier:string):string {\n const regex = /code_verifier=[A-Za-z0-9_-]+/i;\n return codeVerifier.replace(regex, `code_verifier=${newCodeVerifier}`);\n}\n","import { acceptAnyDomainToken, scriptFilename, TOKEN } from './constants';\nimport version from './version';\nimport {\n Database,\n MessageEventData,\n OidcConfig,\n TrustedDomains,\n} from './types';\nimport {\n checkDomain,\n getCurrentDatabaseDomain,\n getDomains,\n hideTokens,\n isTokensValid,\n serializeHeaders,\n sleep,\n} from './utils';\nimport { replaceCodeVerifier } from './utils/codeVerifier';\n\nconst _self = self as ServiceWorkerGlobalScope & typeof globalThis;\n\ndeclare let trustedDomains: TrustedDomains;\n\n_self.importScripts(scriptFilename);\n\nconst id = Math.round(new Date().getTime() / 1000).toString();\n\nconst keepAliveJsonFilename = 'OidcKeepAliveServiceWorker.json';\nconst handleInstall = (event: ExtendableEvent) => {\n console.log('[OidcServiceWorker] service worker installed ' + id);\n event.waitUntil(_self.skipWaiting());\n};\n\nconst handleActivate = (event: ExtendableEvent) => {\n console.log('[OidcServiceWorker] service worker activated ' + id);\n event.waitUntil(_self.clients.claim());\n};\n\nlet currentLoginCallbackConfigurationName: string | null = null;\nconst database: Database = {};\n\nconst getCurrentDatabasesTokenEndpoint = (database: Database, url: string) => {\n const databases: OidcConfig[] = [];\n for (const [, value] of Object.entries<OidcConfig>(database)) {\n if (\n value.oidcServerConfiguration != null &&\n url.startsWith(value.oidcServerConfiguration.tokenEndpoint)\n ) {\n databases.push(value);\n } else if (\n value.oidcServerConfiguration != null &&\n value.oidcServerConfiguration.revocationEndpoint &&\n url.startsWith(value.oidcServerConfiguration.revocationEndpoint)\n ) {\n databases.push(value);\n }\n }\n return databases;\n};\n\nconst keepAliveAsync = async (event: FetchEvent) => {\n const originalRequest = event.request;\n const isFromVanilla = originalRequest.headers.has('oidc-vanilla');\n const init = { status: 200, statusText: 'oidc-service-worker' };\n const response = new Response('{}', init);\n if (!isFromVanilla) {\n const originalRequestUrl = new URL(originalRequest.url);\n const minSleepSeconds = Number(originalRequestUrl.searchParams.get('minSleepSeconds')) || 240;\n for (let i = 0; i < minSleepSeconds; i++) {\n await sleep(1000 + Math.floor(Math.random() * 1000));\n const cache = await caches.open('oidc_dummy_cache');\n await cache.put(event.request, response.clone());\n }\n }\n return response;\n};\n\nconst handleFetch = async (event: FetchEvent) => {\n const originalRequest = event.request;\n const url = originalRequest.url;\n if (originalRequest.url.includes(keepAliveJsonFilename)) {\n event.respondWith(keepAliveAsync(event));\n return;\n }\n\n const currentDatabaseForRequestAccessToken = getCurrentDatabaseDomain(\n database,\n originalRequest.url,\n trustedDomains,\n );\n if (\n currentDatabaseForRequestAccessToken &&\n currentDatabaseForRequestAccessToken.tokens &&\n currentDatabaseForRequestAccessToken.tokens.access_token\n ) {\n while (\n currentDatabaseForRequestAccessToken.tokens &&\n !isTokensValid(currentDatabaseForRequestAccessToken.tokens)\n ) {\n await sleep(200);\n }\n \n let requestMode = originalRequest.mode;\n \n if(originalRequest.mode !== \"navigate\" && currentDatabaseForRequestAccessToken.convertAllRequestsToCorsExceptNavigate) {\n requestMode = \"cors\";\n } \n \n let headers: { [p: string]: string };\n if(originalRequest.mode == \"navigate\" && !currentDatabaseForRequestAccessToken.setAccessTokenToNavigateRequests ) {\n headers = {\n ...serializeHeaders(originalRequest.headers),\n authorization: 'Bearer ' + currentDatabaseForRequestAccessToken.tokens.access_token,\n }\n } else{\n headers = {\n ...serializeHeaders(originalRequest.headers),\n }\n }\n let init: RequestInit;\n if(originalRequest.mode === \"navigate\"){\n init = {\n headers: headers,\n }\n } else{\n init = {\n headers: headers,\n mode: requestMode,\n }\n }\n \n const newRequest = new Request(originalRequest, init);\n\n // @ts-ignore -- TODO: review, waitUntil takes a promise, this returns a void\n event.waitUntil(event.respondWith(fetch(newRequest)));\n\n return;\n }\n\n if (event.request.method !== 'POST') {\n return;\n }\n\n let currentDatabase: OidcConfig | null = null;\n const currentDatabases = getCurrentDatabasesTokenEndpoint(\n database,\n originalRequest.url,\n );\n const numberDatabase = currentDatabases.length;\n if (numberDatabase > 0) {\n const maPromesse = new Promise<Response>((resolve, reject) => {\n const clonedRequest = originalRequest.clone();\n const response = clonedRequest.text().then((actualBody) => {\n if (\n actualBody.includes(TOKEN.REFRESH_TOKEN) ||\n actualBody.includes(TOKEN.ACCESS_TOKEN)\n ) {\n let newBody = actualBody;\n for (let i = 0; i < numberDatabase; i++) {\n const currentDb = currentDatabases[i];\n\n if (currentDb && currentDb.tokens != null) {\n const keyRefreshToken =\n TOKEN.REFRESH_TOKEN + '_' + currentDb.configurationName;\n if (actualBody.includes(keyRefreshToken)) {\n newBody = newBody.replace(\n keyRefreshToken,\n encodeURIComponent(currentDb.tokens.refresh_token as string),\n );\n currentDatabase = currentDb;\n break;\n }\n const keyAccessToken =\n TOKEN.ACCESS_TOKEN + '_' + currentDb.configurationName;\n if (actualBody.includes(keyAccessToken)) {\n newBody = newBody.replace(\n keyAccessToken,\n encodeURIComponent(currentDb.tokens.access_token),\n );\n currentDatabase = currentDb;\n break;\n }\n }\n }\n const fetchPromise = fetch(originalRequest, {\n body: newBody,\n method: clonedRequest.method,\n headers: {\n ...serializeHeaders(originalRequest.headers),\n },\n mode: clonedRequest.mode,\n cache: clonedRequest.cache,\n redirect: clonedRequest.redirect,\n referrer: clonedRequest.referrer,\n credentials: clonedRequest.credentials,\n integrity: clonedRequest.integrity,\n });\n\n if (\n currentDatabase &&\n currentDatabase.oidcServerConfiguration != null &&\n currentDatabase.oidcServerConfiguration.revocationEndpoint &&\n url.startsWith(\n currentDatabase.oidcServerConfiguration.revocationEndpoint,\n )\n ) {\n return fetchPromise.then(async (response) => {\n const text = await response.text();\n return new Response(text, response);\n });\n }\n return fetchPromise.then(hideTokens(currentDatabase as OidcConfig)); // todo type assertion to OidcConfig but could be null, NEEDS REVIEW\n } else if (\n actualBody.includes('code_verifier=') &&\n currentLoginCallbackConfigurationName\n ) {\n currentDatabase = database[currentLoginCallbackConfigurationName];\n currentLoginCallbackConfigurationName = null;\n let newBody = actualBody;\n if (currentDatabase && currentDatabase.codeVerifier != null) {\n newBody = replaceCodeVerifier(newBody, currentDatabase.codeVerifier);\n }\n\n return fetch(originalRequest, {\n body: newBody,\n method: clonedRequest.method,\n headers: {\n ...serializeHeaders(originalRequest.headers),\n },\n mode: clonedRequest.mode,\n cache: clonedRequest.cache,\n redirect: clonedRequest.redirect,\n referrer: clonedRequest.referrer,\n credentials: clonedRequest.credentials,\n integrity: clonedRequest.integrity,\n }).then(hideTokens(currentDatabase));\n }\n\n // if showAccessToken=true, the token is already in the body\n // of the request, and it does not need to be injected\n // and we can simply clone the request\n return fetch(originalRequest, {\n body: actualBody,\n method: clonedRequest.method,\n headers: {\n ...serializeHeaders(originalRequest.headers),\n },\n mode: clonedRequest.mode,\n cache: clonedRequest.cache,\n redirect: clonedRequest.redirect,\n referrer: clonedRequest.referrer,\n credentials: clonedRequest.credentials,\n integrity: clonedRequest.integrity,\n });\n });\n response\n .then((r) => {\n resolve(r);\n })\n .catch((err) => {\n reject(err);\n });\n });\n\n // @ts-ignore -- TODO: review, waitUntil takes a promise, this returns a void\n event.waitUntil(event.respondWith(maPromesse));\n }\n};\n\n\nconst handleMessage = (event: ExtendableMessageEvent) => {\n const port = event.ports[0];\n const data = event.data as MessageEventData;\n const configurationName = data.configurationName;\n let currentDatabase = database[configurationName];\n if (trustedDomains == null) {\n trustedDomains = {};\n }\n if (!currentDatabase) {\n const trustedDomain = trustedDomains[configurationName];\n const showAccessToken = Array.isArray(trustedDomain) ? false : trustedDomain.showAccessToken;\n const doNotSetAccessTokenToNavigateRequests = Array.isArray(trustedDomain) ? true : trustedDomain.setAccessTokenToNavigateRequests;\n const convertAllRequestsToCorsExceptNavigate = Array.isArray(trustedDomain) ? false : trustedDomain.convertAllRequestsToCorsExceptNavigate;\n database[configurationName] = {\n tokens: null,\n state: null,\n codeVerifier: null,\n oidcServerConfiguration: null,\n oidcConfiguration: undefined,\n nonce: null,\n status: null,\n configurationName,\n hideAccessToken: !showAccessToken,\n setAccessTokenToNavigateRequests: doNotSetAccessTokenToNavigateRequests || true,\n convertAllRequestsToCorsExceptNavigate: convertAllRequestsToCorsExceptNavigate || false,\n };\n currentDatabase = database[configurationName];\n\n if (!trustedDomains[configurationName]) {\n trustedDomains[configurationName] = [];\n }\n }\n\n switch (data.type) {\n case 'clear':\n currentDatabase.tokens = null;\n currentDatabase.state = null;\n currentDatabase.codeVerifier = null;\n currentDatabase.status = data.data.status;\n port.postMessage({ configurationName });\n return;\n case 'init': {\n const oidcServerConfiguration = data.data.oidcServerConfiguration;\n const trustedDomain = trustedDomains[configurationName];\n const domains = getDomains(trustedDomain, 'oidc');\n if (!domains.find((f) => f === acceptAnyDomainToken)) {\n [\n oidcServerConfiguration.tokenEndpoint,\n oidcServerConfiguration.revocationEndpoint,\n oidcServerConfiguration.userInfoEndpoint,\n oidcServerConfiguration.issuer,\n ].forEach((url) => {\n checkDomain(domains, url);\n });\n }\n currentDatabase.oidcServerConfiguration = oidcServerConfiguration;\n currentDatabase.oidcConfiguration = data.data.oidcConfiguration;\n const where = data.data.where;\n if (\n where === 'loginCallbackAsync' ||\n where === 'tryKeepExistingSessionAsync'\n ) {\n currentLoginCallbackConfigurationName = configurationName;\n } else {\n currentLoginCallbackConfigurationName = null;\n }\n\n if (!currentDatabase.tokens) {\n port.postMessage({\n tokens: null,\n status: currentDatabase.status,\n configurationName,\n version\n });\n } else {\n const tokens = {\n ...currentDatabase.tokens,\n };\n if (currentDatabase.hideAccessToken) {\n tokens.access_token = TOKEN.ACCESS_TOKEN + '_' + configurationName;\n }\n if (tokens.refresh_token) {\n tokens.refresh_token = TOKEN.REFRESH_TOKEN + '_' + configurationName;\n }\n if (\n tokens.idTokenPayload &&\n tokens.idTokenPayload.nonce &&\n currentDatabase.nonce != null\n ) {\n tokens.idTokenPayload.nonce =\n TOKEN.NONCE_TOKEN + '_' + configurationName;\n }\n port.postMessage({\n tokens,\n status: currentDatabase.status,\n configurationName,\n version\n });\n }\n return;\n }\n case 'setState':\n currentDatabase.state = data.data.state;\n port.postMessage({ configurationName });\n return;\n case 'getState': {\n const state = currentDatabase.state;\n port.postMessage({ configurationName, state });\n return;\n }\n case 'setCodeVerifier':\n currentDatabase.codeVerifier = data.data.codeVerifier;\n port.postMessage({ configurationName });\n return;\n case 'getCodeVerifier': {\n port.postMessage({\n configurationName,\n codeVerifier: currentDatabase.codeVerifier != null ? TOKEN.CODE_VERIFIER + '_' + configurationName : null,\n });\n return;\n }\n case 'setSessionState':\n currentDatabase.sessionState = data.data.sessionState;\n port.postMessage({ configurationName });\n return;\n case 'getSessionState': {\n const sessionState = currentDatabase.sessionState;\n port.postMessage({ configurationName, sessionState });\n return;\n }\n case 'setNonce': {\n const nonce = data.data.nonce;\n if (nonce) {\n currentDatabase.nonce = nonce;\n }\n port.postMessage({ configurationName });\n return;\n }\n case 'getNonce': {\n const keyNonce = TOKEN.NONCE_TOKEN + '_' + configurationName;\n const nonce = currentDatabase.nonce ? keyNonce : null;\n port.postMessage({ configurationName, nonce });\n return;\n }\n default:\n currentDatabase.items = { ...data.data };\n port.postMessage({ configurationName });\n }\n};\n\n_self.addEventListener('install', handleInstall);\n_self.addEventListener('activate', handleActivate);\n_self.addEventListener('fetch', handleFetch);\n_self.addEventListener('message', handleMessage);\n"],"names":["domain","database","trustedDomains","response"],"mappings":"AAAA,MAAM,iBAAiB;AACvB,MAAM,uBAAuB;AAS7B,MAAM,QAAmB;AAAA,EACvB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,aAAa;AAAA,EACb,eAAe;AACjB;AAQA,MAAM,iBAAqC;AAAA,EACzC,kCAAkC;AAAA,EAClC,sBAAsB;AAAA,EACtB,kBAAkB;AACpB;AAEA,MAAM,4BAA4B;AC7BlC,MAAA,UAAe;ACOf,SAAS,YAAY,SAAmB,UAAkB;AACxD,MAAI,CAAC,UAAU;AACb;AAAA,EACF;AAEA,QAAM,SAAS,QAAQ,KAAK,CAACA,YAAW;AFZ1C;AEaQ,QAAA;AAEA,QAAA,OAAOA,YAAW,UAAU;AAC9B,iBAAW,IAAI,OAAO,IAAIA,OAAM,EAAE;AAAA,IAAA,OAC7B;AACMA,iBAAAA;AAAAA,IACb;AAEO,YAAA,cAAS,SAAT,kCAAgB;AAAA,EAAQ,CAChC;AACD,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR,YACE,WACA,2CACA;AAAA,IAAA;AAAA,EAEN;AACF;AAEa,MAAA,aAAa,CAAC,eAAyC,SAAiC;AAC/F,MAAA,MAAM,QAAQ,aAAa,GAAG;AACzB,WAAA;AAAA,EACT;AAEA,SAAO,cAAc,GAAG,IAAI,SAAS,KAAK,cAAc,WAAW;AACrE;AAEA,MAAM,2BAA2B,CAC/BC,WACA,KACAC,oBACG;AF7CL;AE8CM,MAAA,IAAI,SAAS,yBAAyB,GAAG;AACpC,WAAA;AAAA,EACT;AACA,aAAW,CAAC,KAAK,eAAe,KAAK,OAAO,QAAoBD,SAAQ,GAAG;AACzE,UAAM,0BAA0B,gBAAgB;AAEhD,QAAI,CAAC,yBAAyB;AAC5B;AAAA,IACF;AAEA,QACE,wBAAwB,iBACxB,QAAQ,wBAAwB,eAChC;AACA;AAAA,IACF;AACA,QACE,wBAAwB,sBACxB,QAAQ,wBAAwB,oBAChC;AACA;AAAA,IACF;AACA,UAAM,gBAAgBC,mBAAkB,OAAO,CAAA,IAAKA,gBAAe,GAAG;AAEhE,UAAA,UAAU,WAAW,eAAe,aAAa;AACjD,UAAA,sBAAsB,wBAAwB,mBAChD,CAAC,wBAAwB,kBAAkB,GAAG,OAAO,IACrD,CAAC,GAAG,OAAO;AAEf,QAAI,iBAAiB;AACrB,QAAI,oBAAoB,KAAK,CAAC,MAAM,MAAM,oBAAoB,GAAG;AAC9C,uBAAA;AAAA,IAAA,OACZ;AACL,eAAS,IAAI,GAAG,IAAI,oBAAoB,QAAQ,KAAK;AAC/C,YAAA,SAAS,oBAAoB,CAAC;AAE9B,YAAA,OAAO,WAAW,UAAU;AAC9B,mBAAS,IAAI,OAAO,IAAI,MAAM,EAAE;AAAA,QAClC;AAEI,aAAA,YAAO,SAAP,gCAAc,MAAM;AACL,2BAAA;AACjB;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,gBAAgB;AACd,UAAA,CAAC,gBAAgB,QAAQ;AACpB,eAAA;AAAA,MACT;AACO,aAAA;AAAA,IACT;AAAA,EACF;AACO,SAAA;AACT;ACnGA,SAAS,iBAAiB,SAAkB;AAC1C,QAAM,aAAqC,CAAA;AAChC,aAAA,OAAQ,QAAyB,QAAQ;AAC9C,QAAA,QAAQ,IAAI,GAAG,GAAG;AACpB,iBAAW,GAAG,IAAI,QAAQ,IAAI,GAAG;AAAA,IACnC;AAAA,EACF;AACO,SAAA;AACT;ACVA,MAAM,QAAQ,CAAC,OAAe,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;ACM9D,SAAA,YAAY,KAAa,MAAc;AACrD,SAAO,IAAI,MAAM,IAAI,EAAE,SAAS;AAClC;ACHA,SAAS,SAAS,OAAe;AAC/B,SAAO,KAAK;AAAA,IACV,iBAAiB,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,QAAQ,KAAK,GAAG,EAAE,QAAQ,KAAK,GAAG,CAAC;AAAA,EAAA;AAE5E;AACA,SAAS,iBAAiB,KAAa;AAC9B,SAAA;AAAA,IACL,MAAM,UAAU,IACb;AAAA,MACC,KAAK,GAAG;AAAA,MACR,CAAC,MAAM,OAAO,OAAO,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE;AAAA,IAAA,EAE5D,KAAK,EAAE;AAAA,EAAA;AAEd;AAEA,SAAS,gBACP,2CACA,WACA;AACA,QAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,SAAO,KAAK;AAAA,IACV,YACE,4CACA;AAAA,EAAA;AAEN;AAEA,SAAS,cAAc,QAAuB;AAC5C,MAAI,CAAC,QAAQ;AACJ,WAAA;AAAA,EACT;AACA,SAAO,gBAAgB,GAAG,OAAO,SAAS,IAAI;AAChD;AAEA,MAAM,sBAAsB,CAAC,UAAmB;AAC1C,MAAA;AACF,QAAI,CAAC,OAAO;AACH,aAAA;AAAA,IACT;AACA,QAAI,YAAY,OAAO,GAAG,MAAM,GAAG;AACjC,aAAO,SAAS,KAAK;AAAA,IAAA,OAChB;AACE,aAAA;AAAA,IACT;AAAA,WACO,GAAG;AACV,YAAQ,KAAK,CAAC;AAAA,EAChB;AACO,SAAA;AACT;AAIA,MAAM,oBAAoB,CACxB,QACA,OACA,4BACyC;AACzC,MAAI,OAAO,gBAAgB;AACzB,UAAM,iBAAiB,OAAO;AAE1B,QAAA,wBAAwB,WAAW,eAAe,KAAK;AAClD,aAAA,EAAE,SAAS,OAAO,QAAQ,0DAA0D,wBAAwB,MAAM,gCAAgC,eAAe,GAAG,GAAG;AAAA,IAChL;AAMA,UAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,QAAI,eAAe,OAAO,eAAe,MAAM,uBAAuB;AAC7D,aAAA,EAAE,SAAS,OAAO,QAAQ,yCAAyC,eAAe,GAAG,8BAA8B,qBAAqB,GAAG;AAAA,IACpJ;AAEM,UAAA,kBAAkB,KAAK,KAAK,KAAK;AACvC,QACE,eAAe,OACf,eAAe,MAAM,kBAAkB,uBACvC;AACO,aAAA,EAAE,SAAS,OAAO,QAAQ,2EAA2E,eAAe,MAAM,eAAe,8BAA8B,qBAAqB,GAAG;AAAA,IACxM;AAEA,QAAI,SAAS,eAAe,SAAS,eAAe,UAAU,OAAO;AAC5D,aAAA,EAAE,SAAS,OAAO,QAAQ,gCAAgC,KAAK,+BAA+B,eAAe,KAAK,GAAG;AAAA,IAC9H;AAAA,EACF;AACA,SAAO,EAAE,SAAS,MAAM,QAAQ,GAAG;AACrC;AAEA,SAAS,YAAY,QAAgB,wBAAoC,mBAA2B;AAC9F,MAAA,CAAC,OAAO,WAAW;AACrB,UAAM,yBAAwB,oBAAI,KAAK,GAAE,YAAY;AACrD,WAAO,YAAY;AAAA,EACV,WAAA,OAAO,OAAO,aAAa,UAAU;AAC9C,WAAO,YAAY,SAAS,OAAO,WAAW,EAAE;AAAA,EAClD;AAEM,QAAA,qBAAqB,oBAAoB,OAAO,YAAY;AAClE,QAAM,eAAe;AAAA,IACnB,GAAG;AAAA,IACH;AAAA,EAAA;AAEF,MAAI,uBAAuB,iBAAiB;AAC7B,iBAAA,eAAe,MAAM,eAAe,MAAM;AAAA,EACzD;AACA,SAAO,qBAAqB;AAE5B,MAAI,kBAAkB;AACtB,MAAI,OAAO,UAAU;AACD,sBAAA,oBAAoB,OAAO,QAAQ;AAC9C,WAAA,iBAAiB,EAAE,GAAG;AAC7B,QAAI,gBAAgB,SAAS,uBAAuB,SAAS,MAAM;AACjE,YAAM,WACF,MAAM,cAAc,MAAM,uBAAuB;AACrD,sBAAgB,QAAQ;AAAA,IAC1B;AACA,iBAAa,iBAAiB;AAAA,EAChC;AACA,MAAI,OAAO,eAAe;AACX,iBAAA,gBACT,MAAM,gBAAgB,MAAM;AAAA,EAClC;AAEM,QAAA,WAAW,OAAO,OAAO,cAAc,WAAW,SAAS,OAAO,YAAY,EAAE,IAAI,OAAO;AAEjG,QAAM,mBACF,mBAAmB,gBAAgB,MAC7B,gBAAgB,MAChB,OAAO;AACjB,QAAM,uBACF,sBAAsB,mBAAmB,MACnC,mBAAmB,MACnB,OAAO,YAAY;AAEzB,MAAA;AACE,QAAA,iBACF,uBAAuB,kBACzB;AACE,MAAA,mBAAmB,eAAe,sBAAsB;AAC9C,gBAAA;AAAA,EAAA,WACH,mBAAmB,eAAe,kBAAkB;AACjD,gBAAA;AAAA,EAAA,OACP;AAED,gBAAA,mBAAmB,uBACb,mBACA;AAAA,EACZ;AACA,eAAa,YAAY;AAEzB,SAAO,YAAY;AACnB,QAAM,QAAQ,uBAAuB,QAC/B,uBAAuB,MAAM,QAC7B;AACA,QAAA,EAAE,SAAS,OAAA,IAAW;AAAA,IACxB;AAAA,IACA;AAAA,IACA,uBAAuB;AAAA,EAAA;AAE3B,MAAI,CAAC,SAAS;AACN,UAAA,MAAM,wCAAwC,MAAM,EAAE;AAAA,EAC9D;AAII,MAAA,uBAAuB,UAAU,QACjC,mBAAmB,uBAAuB,UAC1C,EAAE,mBAAmB,SACvB;AACM,UAAA,eAAe,uBAAuB,OAAO;AAEnD,2BAAuB,SAAS;AAAA,MAC9B,GAAG;AAAA,MACH,eAAe;AAAA,IAAA;AAAA,EACjB,OACK;AACL,2BAAuB,SAAS;AAAA,EAClC;AAEA,yBAAuB,SAAS;AACzB,SAAA;AACT;AAEA,SAAS,WAAW,wBAAoC;AACtD,QAAM,oBAAoB,uBAAuB;AACjD,SAAO,CAAC,aAAuB;AACzB,QAAA,SAAS,WAAW,KAAK;AACpB,aAAA;AAAA,IACT;AACA,WAAO,SAAS,KAAA,EAAO,KAAe,CAAC,WAAmB;AACxD,YAAM,eAAe,YAAY,QAAQ,wBAAwB,iBAAiB;AAC5E,YAAA,OAAO,KAAK,UAAU,YAAY;AACjC,aAAA,IAAI,SAAS,MAAM,QAAQ;AAAA,IAAA,CACnC;AAAA,EAAA;AAEL;ACxMgB,SAAA,oBAAoB,cAAqB,iBAA+B;AACpF,QAAM,QAAQ;AACd,SAAO,aAAa,QAAQ,OAAO,iBAAiB,eAAe,EAAE;AACzE;ACgBA,MAAM,QAAQ;AAId,MAAM,cAAc,cAAc;AAElC,MAAM,KAAK,KAAK,OAAU,oBAAA,QAAO,YAAY,GAAI,EAAE;AAEnD,MAAM,wBAAwB;AAC9B,MAAM,gBAAgB,CAAC,UAA2B;AACxC,UAAA,IAAI,kDAAkD,EAAE;AAC1D,QAAA,UAAU,MAAM,YAAa,CAAA;AACrC;AAEA,MAAM,iBAAiB,CAAC,UAA2B;AACzC,UAAA,IAAI,kDAAkD,EAAE;AAChE,QAAM,UAAU,MAAM,QAAQ,MAAO,CAAA;AACvC;AAEA,IAAI,wCAAuD;AAC3D,MAAM,WAAqB,CAAA;AAE3B,MAAM,mCAAmC,CAACD,WAAoB,QAAgB;AAC5E,QAAM,YAA0B,CAAA;AAChC,aAAW,CAAG,EAAA,KAAK,KAAK,OAAO,QAAoBA,SAAQ,GAAG;AAE1D,QAAA,MAAM,2BAA2B,QACjC,IAAI,WAAW,MAAM,wBAAwB,aAAa,GAC1D;AACA,gBAAU,KAAK,KAAK;AAAA,IAEpB,WAAA,MAAM,2BAA2B,QACjC,MAAM,wBAAwB,sBAC9B,IAAI,WAAW,MAAM,wBAAwB,kBAAkB,GAC/D;AACA,gBAAU,KAAK,KAAK;AAAA,IACtB;AAAA,EACF;AACO,SAAA;AACT;AAEA,MAAM,iBAAiB,OAAO,UAAsB;AAClD,QAAM,kBAAkB,MAAM;AAC9B,QAAM,gBAAgB,gBAAgB,QAAQ,IAAI,cAAc;AAChE,QAAM,OAAO,EAAE,QAAQ,KAAK,YAAY,sBAAsB;AAC9D,QAAM,WAAW,IAAI,SAAS,MAAM,IAAI;AACxC,MAAI,CAAC,eAAe;AAClB,UAAM,qBAAqB,IAAI,IAAI,gBAAgB,GAAG;AACtD,UAAM,kBAAkB,OAAO,mBAAmB,aAAa,IAAI,iBAAiB,CAAC,KAAK;AAC1F,aAAS,IAAI,GAAG,IAAI,iBAAiB,KAAK;AAClC,YAAA,MAAM,MAAO,KAAK,MAAM,KAAK,OAAO,IAAI,GAAI,CAAC;AACnD,YAAM,QAAQ,MAAM,OAAO,KAAK,kBAAkB;AAClD,YAAM,MAAM,IAAI,MAAM,SAAS,SAAS,OAAO;AAAA,IACjD;AAAA,EACF;AACO,SAAA;AACT;AAEA,MAAM,cAAc,OAAO,UAAsB;AAC/C,QAAM,kBAAkB,MAAM;AAC9B,QAAM,MAAM,gBAAgB;AAC5B,MAAI,gBAAgB,IAAI,SAAS,qBAAqB,GAAG;AACjD,UAAA,YAAY,eAAe,KAAK,CAAC;AACvC;AAAA,EACF;AAEA,QAAM,uCAAuC;AAAA,IAC3C;AAAA,IACA,gBAAgB;AAAA,IAChB;AAAA,EAAA;AAEF,MACE,wCACA,qCAAqC,UACrC,qCAAqC,OAAO,cAC5C;AACA,WACE,qCAAqC,UACrC,CAAC,cAAc,qCAAqC,MAAM,GAC1D;AACA,YAAM,MAAM,GAAG;AAAA,IACjB;AAEA,QAAI,cAAc,gBAAgB;AAElC,QAAG,gBAAgB,SAAS,cAAc,qCAAqC,wCAAwC;AACvG,oBAAA;AAAA,IAChB;AAEI,QAAA;AACJ,QAAG,gBAAgB,QAAQ,cAAe,CAAC,qCAAqC,kCAAmC;AACvG,gBAAA;AAAA,QACR,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,QAC3C,eAAe,YAAY,qCAAqC,OAAO;AAAA,MAAA;AAAA,IACzE,OACI;AACM,gBAAA;AAAA,QACR,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,MAAA;AAAA,IAE/C;AACI,QAAA;AACD,QAAA,gBAAgB,SAAS,YAAW;AAC9B,aAAA;AAAA,QACL;AAAA,MAAA;AAAA,IACF,OACI;AACK,aAAA;AAAA,QACH;AAAA,QACA,MAAM;AAAA,MAAA;AAAA,IAEd;AAEA,UAAM,aAAa,IAAI,QAAQ,iBAAiB,IAAI;AAGpD,UAAM,UAAU,MAAM,YAAY,MAAM,UAAU,CAAC,CAAC;AAEpD;AAAA,EACF;AAEI,MAAA,MAAM,QAAQ,WAAW,QAAQ;AACnC;AAAA,EACF;AAEA,MAAI,kBAAqC;AACzC,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA,gBAAgB;AAAA,EAAA;AAElB,QAAM,iBAAiB,iBAAiB;AACxC,MAAI,iBAAiB,GAAG;AACtB,UAAM,aAAa,IAAI,QAAkB,CAAC,SAAS,WAAW;AACtD,YAAA,gBAAgB,gBAAgB;AACtC,YAAM,WAAW,cAAc,KAAO,EAAA,KAAK,CAAC,eAAe;AAEvD,YAAA,WAAW,SAAS,MAAM,aAAa,KACvC,WAAW,SAAS,MAAM,YAAY,GACtC;AACA,cAAI,UAAU;AACd,mBAAS,IAAI,GAAG,IAAI,gBAAgB,KAAK;AACjC,kBAAA,YAAY,iBAAiB,CAAC;AAEhC,gBAAA,aAAa,UAAU,UAAU,MAAM;AACzC,oBAAM,kBACJ,MAAM,gBAAgB,MAAM,UAAU;AACpC,kBAAA,WAAW,SAAS,eAAe,GAAG;AACxC,0BAAU,QAAQ;AAAA,kBAChB;AAAA,kBACA,mBAAmB,UAAU,OAAO,aAAuB;AAAA,gBAAA;AAE3C,kCAAA;AAClB;AAAA,cACF;AACA,oBAAM,iBACJ,MAAM,eAAe,MAAM,UAAU;AACnC,kBAAA,WAAW,SAAS,cAAc,GAAG;AACvC,0BAAU,QAAQ;AAAA,kBAChB;AAAA,kBACA,mBAAmB,UAAU,OAAO,YAAY;AAAA,gBAAA;AAEhC,kCAAA;AAClB;AAAA,cACF;AAAA,YACF;AAAA,UACF;AACM,gBAAA,eAAe,MAAM,iBAAiB;AAAA,YAC1C,MAAM;AAAA,YACN,QAAQ,cAAc;AAAA,YACtB,SAAS;AAAA,cACP,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,YAC7C;AAAA,YACA,MAAM,cAAc;AAAA,YACpB,OAAO,cAAc;AAAA,YACrB,UAAU,cAAc;AAAA,YACxB,UAAU,cAAc;AAAA,YACxB,aAAa,cAAc;AAAA,YAC3B,WAAW,cAAc;AAAA,UAAA,CAC1B;AAED,cACE,mBACA,gBAAgB,2BAA2B,QAC3C,gBAAgB,wBAAwB,sBACxC,IAAI;AAAA,YACF,gBAAgB,wBAAwB;AAAA,UAAA,GAE1C;AACO,mBAAA,aAAa,KAAK,OAAOE,cAAa;AACrC,oBAAA,OAAO,MAAMA,UAAS;AACrB,qBAAA,IAAI,SAAS,MAAMA,SAAQ;AAAA,YAAA,CACnC;AAAA,UACH;AACA,iBAAO,aAAa,KAAK,WAAW,eAA6B,CAAC;AAAA,QAElE,WAAA,WAAW,SAAS,gBAAgB,KACpC,uCACA;AACA,4BAAkB,SAAS,qCAAqC;AACxB,kDAAA;AACxC,cAAI,UAAU;AACV,cAAA,mBAAmB,gBAAgB,gBAAgB,MAAM;AACjD,sBAAA,oBAAoB,SAAS,gBAAgB,YAAY;AAAA,UACrE;AAEA,iBAAO,MAAM,iBAAiB;AAAA,YAC5B,MAAM;AAAA,YACN,QAAQ,cAAc;AAAA,YACtB,SAAS;AAAA,cACP,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,YAC7C;AAAA,YACA,MAAM,cAAc;AAAA,YACpB,OAAO,cAAc;AAAA,YACrB,UAAU,cAAc;AAAA,YACxB,UAAU,cAAc;AAAA,YACxB,aAAa,cAAc;AAAA,YAC3B,WAAW,cAAc;AAAA,UAC1B,CAAA,EAAE,KAAK,WAAW,eAAe,CAAC;AAAA,QACrC;AAKA,eAAO,MAAM,iBAAiB;AAAA,UAC5B,MAAM;AAAA,UACN,QAAQ,cAAc;AAAA,UACtB,SAAS;AAAA,YACP,GAAG,iBAAiB,gBAAgB,OAAO;AAAA,UAC7C;AAAA,UACA,MAAM,cAAc;AAAA,UACpB,OAAO,cAAc;AAAA,UACrB,UAAU,cAAc;AAAA,UACxB,UAAU,cAAc;AAAA,UACxB,aAAa,cAAc;AAAA,UAC3B,WAAW,cAAc;AAAA,QAAA,CAC1B;AAAA,MAAA,CACF;AAEE,eAAA,KAAK,CAAC,MAAM;AACX,gBAAQ,CAAC;AAAA,MAAA,CACV,EACA,MAAM,CAAC,QAAQ;AACd,eAAO,GAAG;AAAA,MAAA,CACX;AAAA,IAAA,CACJ;AAGD,UAAM,UAAU,MAAM,YAAY,UAAU,CAAC;AAAA,EAC/C;AACF;AAGA,MAAM,gBAAgB,CAAC,UAAkC;AACjD,QAAA,OAAO,MAAM,MAAM,CAAC;AAC1B,QAAM,OAAO,MAAM;AACnB,QAAM,oBAAoB,KAAK;AAC3B,MAAA,kBAAkB,SAAS,iBAAiB;AAChD,MAAI,kBAAkB,MAAM;AAC1B,qBAAiB,CAAA;AAAA,EACnB;AACA,MAAI,CAAC,iBAAiB;AACd,UAAA,gBAAgB,eAAe,iBAAiB;AACtD,UAAM,kBAAkB,MAAM,QAAQ,aAAa,IAAI,QAAQ,cAAc;AAC7E,UAAM,wCAAwC,MAAM,QAAQ,aAAa,IAAI,OAAO,cAAc;AAClG,UAAM,yCAAyC,MAAM,QAAQ,aAAa,IAAI,QAAQ,cAAc;AACpG,aAAS,iBAAiB,IAAI;AAAA,MAC5B,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,cAAc;AAAA,MACd,yBAAyB;AAAA,MACzB,mBAAmB;AAAA,MACnB,OAAO;AAAA,MACP,QAAQ;AAAA,MACR;AAAA,MACA,iBAAiB,CAAC;AAAA,MAClB,kCAAkC,yCAAyC;AAAA,MAC3E,wCAAwC,0CAA0C;AAAA,IAAA;AAEpF,sBAAkB,SAAS,iBAAiB;AAExC,QAAA,CAAC,eAAe,iBAAiB,GAAG;AACvB,qBAAA,iBAAiB,IAAI;IACtC;AAAA,EACF;AAEA,UAAQ,KAAK,MAAM;AAAA,IACjB,KAAK;AACH,sBAAgB,SAAS;AACzB,sBAAgB,QAAQ;AACxB,sBAAgB,eAAe;AACf,sBAAA,SAAS,KAAK,KAAK;AAC9B,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF,KAAK,QAAQ;AACL,YAAA,0BAA0B,KAAK,KAAK;AACpC,YAAA,gBAAgB,eAAe,iBAAiB;AAChD,YAAA,UAAU,WAAW,eAAe,MAAM;AAChD,UAAI,CAAC,QAAQ,KAAK,CAAC,MAAM,MAAM,oBAAoB,GAAG;AACpD;AAAA,UACE,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,UACxB,wBAAwB;AAAA,QAAA,EACxB,QAAQ,CAAC,QAAQ;AACjB,sBAAY,SAAS,GAAG;AAAA,QAAA,CACzB;AAAA,MACH;AACF,sBAAgB,0BAA0B;AACxB,sBAAA,oBAAoB,KAAK,KAAK;AACxC,YAAA,QAAQ,KAAK,KAAK;AAEtB,UAAA,UAAU,wBACV,UAAU,+BACV;AACwC,gDAAA;AAAA,MAAA,OACnC;AACmC,gDAAA;AAAA,MAC1C;AAEI,UAAA,CAAC,gBAAgB,QAAQ;AAC3B,aAAK,YAAY;AAAA,UACf,QAAQ;AAAA,UACR,QAAQ,gBAAgB;AAAA,UACxB;AAAA,UACA;AAAA,QAAA,CACD;AAAA,MAAA,OACI;AACL,cAAM,SAAS;AAAA,UACb,GAAG,gBAAgB;AAAA,QAAA;AAErB,YAAI,gBAAgB,iBAAiB;AAC5B,iBAAA,eAAe,MAAM,eAAe,MAAM;AAAA,QACnD;AACA,YAAI,OAAO,eAAe;AACjB,iBAAA,gBAAgB,MAAM,gBAAgB,MAAM;AAAA,QACrD;AACA,YACE,OAAO,kBACP,OAAO,eAAe,SACtB,gBAAgB,SAAS,MACzB;AACA,iBAAO,eAAe,QACpB,MAAM,cAAc,MAAM;AAAA,QAC9B;AACA,aAAK,YAAY;AAAA,UACf;AAAA,UACA,QAAQ,gBAAgB;AAAA,UACxB;AAAA,UACA;AAAA,QAAA,CACD;AAAA,MACH;AACA;AAAA,IACF;AAAA,IACA,KAAK;AACa,sBAAA,QAAQ,KAAK,KAAK;AAC7B,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF,KAAK,YAAY;AACf,YAAM,QAAQ,gBAAgB;AAC9B,WAAK,YAAY,EAAE,mBAAmB,MAAO,CAAA;AAC7C;AAAA,IACF;AAAA,IACA,KAAK;AACa,sBAAA,eAAe,KAAK,KAAK;AACpC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF,KAAK,mBAAmB;AACtB,WAAK,YAAY;AAAA,QACf;AAAA,QACA,cAAc,gBAAgB,gBAAgB,OAAO,MAAM,gBAAgB,MAAM,oBAAoB;AAAA,MAAA,CACtG;AACD;AAAA,IACF;AAAA,IACA,KAAK;AACa,sBAAA,eAAe,KAAK,KAAK;AACpC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF,KAAK,mBAAmB;AACtB,YAAM,eAAe,gBAAgB;AACrC,WAAK,YAAY,EAAE,mBAAmB,aAAc,CAAA;AACpD;AAAA,IACF;AAAA,IACA,KAAK,YAAY;AACT,YAAA,QAAQ,KAAK,KAAK;AACxB,UAAI,OAAO;AACT,wBAAgB,QAAQ;AAAA,MAC1B;AACK,WAAA,YAAY,EAAE,kBAAA,CAAmB;AACtC;AAAA,IACF;AAAA,IACA,KAAK,YAAY;AACT,YAAA,WAAW,MAAM,cAAc,MAAM;AACrC,YAAA,QAAQ,gBAAgB,QAAQ,WAAW;AACjD,WAAK,YAAY,EAAE,mBAAmB,MAAO,CAAA;AAC7C;AAAA,IACF;AAAA,IACA;AACE,sBAAgB,QAAQ,EAAE,GAAG,KAAK,KAAK;AAClC,WAAA,YAAY,EAAE,kBAAA,CAAmB;AAAA,EAC1C;AACF;AAEA,MAAM,iBAAiB,WAAW,aAAa;AAC/C,MAAM,iBAAiB,YAAY,cAAc;AACjD,MAAM,iBAAiB,SAAS,WAAW;AAC3C,MAAM,iBAAiB,WAAW,aAAa;"}
package/dist/OidcTrustedDomains.js CHANGED
@@ -17,7 +17,12 @@ const trustedDomains = {
17
17
  // Service worker will continue to give access token to the JavaScript client
18
18
  // Ideal to hide refresh token from client JavaScript, but to retrieve access_token for some
19
19
  // scenarios which require it. For example, to send it via websocket connection.
20
- trustedDomains.config_show_access_token = { domains: ['https://demo.duendesoftware.com'], showAccessToken: true };
20
+ trustedDomains.config_show_access_token = {
21
+ domains: ['https://demo.duendesoftware.com'],
22
+ showAccessToken: true,
23
+ // convertAllRequestsToCorsExceptNavigate: false,
24
+ // doNotSetAccessTokenToNavigateRequests: true,
25
+ };
21
26
 
22
27
  // This example defines domains used by OIDC server separately from domains to which access tokens will be injected.
23
28
  trustedDomains.config_separate_oidc_access_token_domains = {
package/dist/src/types.d.ts CHANGED
@@ -3,6 +3,8 @@ export type DomainDetails = {
3
3
  oidcDomains?: Domain[];
4
4
  accessTokenDomains?: Domain[];
5
5
  showAccessToken: boolean;
6
+ convertAllRequestsToCorsExceptNavigate?: boolean;
7
+ setAccessTokenToNavigateRequests?: boolean;
6
8
  };
7
9
  export type Domain = string | RegExp;
8
10
  export type TrustedDomains = {
@@ -17,7 +19,6 @@ export type OidcServerConfiguration = {
17
19
  };
18
20
  export type OidcConfiguration = {
19
21
  token_renew_mode: string;
20
- service_worker_convert_all_requests_to_cors: boolean;
21
22
  };
22
23
  export interface FetchHeaders extends Headers {
23
24
  keys(): string[];
@@ -54,6 +55,8 @@ export type OidcConfig = {
54
55
  sessionState?: string | null;
55
56
  items?: MessageData;
56
57
  hideAccessToken: boolean;
58
+ convertAllRequestsToCorsExceptNavigate: boolean;
59
+ setAccessTokenToNavigateRequests: boolean;
57
60
  };
58
61
  export type IdTokenPayload = {
59
62
  iss: string;
package/dist/src/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,eAAe,EAAE,OAAO,CAAC;CAC5B,CAAA;AAED,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAErC,MAAM,MAAM,cAAc,GAAG;IACzB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,aAAa,CAAC;CAC3C,GAAG,IAAI,CAAC;AAET,MAAM,MAAM,uBAAuB,GAAG;IAClC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,qBAAqB,EAAE,MAAM,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;CAC5B,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,2CAA2C,EAAE,OAAO,CAAC;CACxD,CAAA;AAGD,MAAM,WAAW,YAAa,SAAQ,OAAO;IACzC,IAAI,IAAI,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,MAAM,MAAM,GAAG,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,eAAe,GAAG,yBAAyB,GAAG,cAAc,GAAG,qBAAqB,GAAG,eAAe,GAAG,IAAI,CAAC;AAC3K,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,UAAU,GAAG,UAAU,CAAC;AAEpL,MAAM,MAAM,WAAW,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB,EAAE,uBAAuB,CAAC;IACjD,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,KAAK,CAAC;CAChB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,WAAW,CAAC;CACrB,CAAA;AAED,MAAM,MAAM,KAAK,GAAG;IAChB,KAAK,EAAE,MAAM,CAAC;CACjB,GAAG,IAAI,CAAC;AAET,MAAM,MAAM,UAAU,GAAG;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE,KAAK,CAAC;IACb,uBAAuB,EAAE,uBAAuB,GAAG,IAAI,CAAC;IACxD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,eAAe,EAAE,OAAO,CAAC;CAC5B,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACf,CAAA;AAED,MAAM,MAAM,MAAM,GAAG;IACjB,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAC9C,QAAQ,EAAE,IAAI,GAAG,MAAM,CAAC;IACxB,cAAc,EAAE,cAAc,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAAC;CAC7B,CAAA"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG;IACxB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,eAAe,EAAE,OAAO,CAAC;IACzB,sCAAsC,CAAC,EAAE,OAAO,CAAC;IACjD,gCAAgC,CAAC,EAAE,OAAO,CAAC;CAC9C,CAAA;AAED,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAErC,MAAM,MAAM,cAAc,GAAG;IACzB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,aAAa,CAAC;CAC3C,GAAG,IAAI,CAAC;AAET,MAAM,MAAM,uBAAuB,GAAG;IAClC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,qBAAqB,EAAE,MAAM,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;CAC5B,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC5B,gBAAgB,EAAE,MAAM,CAAC;CAC5B,CAAA;AAGD,MAAM,WAAW,YAAa,SAAQ,OAAO;IACzC,IAAI,IAAI,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,MAAM,MAAM,GAAG,QAAQ,GAAG,WAAW,GAAG,YAAY,GAAG,eAAe,GAAG,yBAAyB,GAAG,cAAc,GAAG,qBAAqB,GAAG,eAAe,GAAG,IAAI,CAAC;AAC3K,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,UAAU,GAAG,UAAU,CAAC;AAEpL,MAAM,MAAM,WAAW,GAAG;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB,EAAE,uBAAuB,CAAC;IACjD,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,KAAK,CAAC;CAChB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,WAAW,CAAC;CACrB,CAAA;AAED,MAAM,MAAM,KAAK,GAAG;IAChB,KAAK,EAAE,MAAM,CAAC;CACjB,GAAG,IAAI,CAAC;AAET,MAAM,MAAM,UAAU,GAAG;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE,KAAK,CAAC;IACb,uBAAuB,EAAE,uBAAuB,GAAG,IAAI,CAAC;IACxD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,eAAe,EAAE,OAAO,CAAC;IACzB,sCAAsC,EAAE,OAAO,CAAC;IAChD,gCAAgC,EAAE,OAAO,CAAC;CAC7C,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACf,CAAA;AAED,MAAM,MAAM,MAAM,GAAG;IACjB,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAC9C,QAAQ,EAAE,IAAI,GAAG,MAAM,CAAC;IACxB,cAAc,EAAE,cAAc,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAAC;CAC7B,CAAA"}
package/dist/src/utils/__tests__/testHelper.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"testHelper.d.ts","sourceRoot":"","sources":["../../../../src/utils/__tests__/testHelper.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,KAAK,EACL,UAAU,EAEV,uBAAuB,EACvB,MAAM,EACN,MAAM,EACP,MAAM,aAAa,CAAC;AAErB,QAAA,MAAM,sBAAsB,QAAO,MAElC,CAAC;AAEF,QAAA,MAAM,WAAW,YAAa,MAAM,aAAa,MAAM,KAAG,MAUzD,CAAC;AAEF,cAAM,YAAY;IAChB,OAAO,CAAC,MAAM,CAQZ;IAEK,gBAAgB,IAAI,YAAY;IAMhC,mBAAmB,IAAI,YAAY;IAOnC,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,YAAY;IAK9C,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,YAAY;IAKtD,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,YAAY;IAKxD,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY;IAK3C,sBAAsB,CAC3B,kBAAkB,EAAE,kBAAkB,GACrC,YAAY;IAKR,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,YAAY;IAKnD,kBAAkB,CAAC,cAAc,EAAE,cAAc,GAAG,YAAY;IAKhE,KAAK,IAAI,MAAM;CAGvB;AA4BD,cAAM,iBAAiB;IACrB,OAAO,CAAC,UAAU,CAYhB;IAEK,kBAAkB,IAAI,iBAAiB;IAiBvC,mBAAmB,CAAC,eAAe,EAAE,OAAO,GAAG,iBAAiB;IAKhE,qBAAqB,CAAC,iBAAiB,EAAE,MAAM,GAAG,iBAAiB;IAKnE,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,iBAAiB;IAK7C,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,iBAAiB;IAK7C,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,iBAAiB;IAK3C,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,iBAAiB;IAKzD,SAAS,CAAC,KAAK,EAAE,KAAK,GAAG,iBAAiB;IAK1C,2BAA2B,CAChC,uBAAuB,EAAE,uBAAuB,GAC/C,iBAAiB;IAKb,KAAK;CAGb;AAED,cAAM,uBAAuB;IAC3B,OAAO,CAAC,gBAAgB,CAMtB;IAEK,kBAAkB,IAAI,uBAAuB;IAW7C,sBAAsB,CAC3B,kBAAkB,EAAE,MAAM,GACzB,uBAAuB;IAKnB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,uBAAuB;IAKnD,yBAAyB,CAC9B,qBAAqB,EAAE,MAAM,GAC5B,uBAAuB;IAKnB,iBAAiB,CAAC,aAAa,EAAE,MAAM,GAAG,uBAAuB;IAKjE,oBAAoB,CACzB,gBAAgB,EAAE,MAAM,GACvB,uBAAuB;IAKnB,KAAK,IAAI,uBAAuB;CAGxC;AAED,UAAU,eAAgB,SAAQ,QAAQ;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;CACnB;AAED,cAAM,eAAe;IACnB,OAAO,CAAC,QAAQ,CAKd;IAEK,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe;IAK3C,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe;IAKvC,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,eAAe;IAKrD;;;;OAIG;IACI,eAAe,CAAC,IAAI,EAAE,GAAG,GAAG,eAAe;IAK3C,KAAK,IAAI,eAAe;CA2ChC;AAED,OAAO,EACL,WAAW,EACX,sBAAsB,EACtB,iBAAiB,EACjB,uBAAuB,EACvB,eAAe,EACf,YAAY,GACb,CAAC"}
1
+ {"version":3,"file":"testHelper.d.ts","sourceRoot":"","sources":["../../../../src/utils/__tests__/testHelper.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,KAAK,EACL,UAAU,EAEV,uBAAuB,EACvB,MAAM,EACN,MAAM,EACP,MAAM,aAAa,CAAC;AAErB,QAAA,MAAM,sBAAsB,QAAO,MAElC,CAAC;AAEF,QAAA,MAAM,WAAW,YAAa,MAAM,aAAa,MAAM,KAAG,MAUzD,CAAC;AAEF,cAAM,YAAY;IAChB,OAAO,CAAC,MAAM,CAQZ;IAEK,gBAAgB,IAAI,YAAY;IAMhC,mBAAmB,IAAI,YAAY;IAOnC,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,YAAY;IAK9C,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,YAAY;IAKtD,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,YAAY;IAKxD,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY;IAK3C,sBAAsB,CAC3B,kBAAkB,EAAE,kBAAkB,GACrC,YAAY;IAKR,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,YAAY;IAKnD,kBAAkB,CAAC,cAAc,EAAE,cAAc,GAAG,YAAY;IAKhE,KAAK,IAAI,MAAM;CAGvB;AAmBD,cAAM,iBAAiB;IACrB,OAAO,CAAC,UAAU,CAchB;IAEK,kBAAkB,IAAI,iBAAiB;IAiBvC,mBAAmB,CAAC,eAAe,EAAE,OAAO,GAAG,iBAAiB;IAKhE,qBAAqB,CAAC,iBAAiB,EAAE,MAAM,GAAG,iBAAiB;IAKnE,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,iBAAiB;IAK7C,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,iBAAiB;IAK7C,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,iBAAiB;IAK3C,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,iBAAiB;IAKzD,SAAS,CAAC,KAAK,EAAE,KAAK,GAAG,iBAAiB;IAK1C,2BAA2B,CAChC,uBAAuB,EAAE,uBAAuB,GAC/C,iBAAiB;IAKb,KAAK;CAGb;AAED,cAAM,uBAAuB;IAC3B,OAAO,CAAC,gBAAgB,CAMtB;IAEK,kBAAkB,IAAI,uBAAuB;IAW7C,sBAAsB,CAC3B,kBAAkB,EAAE,MAAM,GACzB,uBAAuB;IAKnB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,uBAAuB;IAKnD,yBAAyB,CAC9B,qBAAqB,EAAE,MAAM,GAC5B,uBAAuB;IAKnB,iBAAiB,CAAC,aAAa,EAAE,MAAM,GAAG,uBAAuB;IAKjE,oBAAoB,CACzB,gBAAgB,EAAE,MAAM,GACvB,uBAAuB;IAKnB,KAAK,IAAI,uBAAuB;CAGxC;AAED,UAAU,eAAgB,SAAQ,QAAQ;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;CACnB;AAED,cAAM,eAAe;IACnB,OAAO,CAAC,QAAQ,CAKd;IAEK,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe;IAK3C,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe;IAKvC,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,eAAe;IAKrD;;;;OAIG;IACI,eAAe,CAAC,IAAI,EAAE,GAAG,GAAG,eAAe;IAK3C,KAAK,IAAI,eAAe;CA2ChC;AAED,OAAO,EACL,WAAW,EACX,sBAAsB,EACtB,iBAAiB,EACjB,uBAAuB,EACvB,eAAe,EACf,YAAY,GACb,CAAC"}
package/dist/src/version.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- declare const _default: "7.2.1";
1
+ declare const _default: "7.3.0-alpha.1020";
2
2
  export default _default;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client-service-worker",
3
- "version": "7.2.1",
3
+ "version": "7.3.0-alpha.1020",
4
4
  "type": "module",
5
5
  "private": false,
6
6
  "main": "dist/OidcServiceWorker.js",
package/src/OidcServiceWorker.ts CHANGED
@@ -4,9 +4,7 @@ import {
4
4
  Database,
5
5
  MessageEventData,
6
6
  OidcConfig,
7
- OidcConfiguration,
8
7
  TrustedDomains,
9
- // TrustedDomainsShowAccessToken,
10
8
  } from './types';
11
9
  import {
12
10
  checkDomain,
@@ -39,18 +37,7 @@ const handleActivate = (event: ExtendableEvent) => {
39
37
  };
40
38
 
41
39
  let currentLoginCallbackConfigurationName: string | null = null;
42
- const database: Database = {
43
- default: {
44
- configurationName: 'default',
45
- tokens: null,
46
- status: null,
47
- state: null,
48
- codeVerifier: null,
49
- nonce: null,
50
- oidcServerConfiguration: null,
51
- hideAccessToken: true,
52
- },
53
- };
40
+ const database: Database = {};
54
41
 
55
42
  const getCurrentDatabasesTokenEndpoint = (database: Database, url: string) => {
56
43
  const databases: OidcConfig[] = [];
@@ -112,29 +99,37 @@ const handleFetch = async (event: FetchEvent) => {
112
99
  ) {
113
100
  await sleep(200);
114
101
  }
115
- const newRequest =
116
- originalRequest.mode === 'navigate'
117
- ? new Request(originalRequest, {
118
- headers: {
119
- ...serializeHeaders(originalRequest.headers),
120
- authorization:
121
- 'Bearer ' +
122
- currentDatabaseForRequestAccessToken.tokens.access_token,
123
- },
124
- })
125
- : new Request(originalRequest, {
126
- headers: {
127
- ...serializeHeaders(originalRequest.headers),
128
- authorization:
129
- 'Bearer ' +
130
- currentDatabaseForRequestAccessToken.tokens.access_token,
131
- },
132
- mode: (
133
- currentDatabaseForRequestAccessToken.oidcConfiguration as OidcConfiguration
134
- ).service_worker_convert_all_requests_to_cors
135
- ? 'cors'
136
- : originalRequest.mode,
137
- });
102
+
103
+ let requestMode = originalRequest.mode;
104
+
105
+ if(originalRequest.mode !== "navigate" && currentDatabaseForRequestAccessToken.convertAllRequestsToCorsExceptNavigate) {
106
+ requestMode = "cors";
107
+ }
108
+
109
+ let headers: { [p: string]: string };
110
+ if(originalRequest.mode == "navigate" && !currentDatabaseForRequestAccessToken.setAccessTokenToNavigateRequests ) {
111
+ headers = {
112
+ ...serializeHeaders(originalRequest.headers),
113
+ authorization: 'Bearer ' + currentDatabaseForRequestAccessToken.tokens.access_token,
114
+ }
115
+ } else{
116
+ headers = {
117
+ ...serializeHeaders(originalRequest.headers),
118
+ }
119
+ }
120
+ let init: RequestInit;
121
+ if(originalRequest.mode === "navigate"){
122
+ init = {
123
+ headers: headers,
124
+ }
125
+ } else{
126
+ init = {
127
+ headers: headers,
128
+ mode: requestMode,
129
+ }
130
+ }
131
+
132
+ const newRequest = new Request(originalRequest, init);
138
133
 
139
134
  // @ts-ignore -- TODO: review, waitUntil takes a promise, this returns a void
140
135
  event.waitUntil(event.respondWith(fetch(newRequest)));
@@ -272,11 +267,6 @@ const handleFetch = async (event: FetchEvent) => {
272
267
  }
273
268
  };
274
269
 
275
- type TrustedDomainsShowAccessToken = {
276
- [key: string]: boolean;
277
- }
278
-
279
- const trustedDomainsShowAccessToken: TrustedDomainsShowAccessToken = {};
280
270
 
281
271
  const handleMessage = (event: ExtendableMessageEvent) => {
282
272
  const port = event.ports[0];
@@ -287,10 +277,10 @@ const handleMessage = (event: ExtendableMessageEvent) => {
287
277
  trustedDomains = {};
288
278
  }
289
279
  if (!currentDatabase) {
290
- if (trustedDomainsShowAccessToken[configurationName] === undefined) {
291
- const trustedDomain = trustedDomains[configurationName];
292
- trustedDomainsShowAccessToken[configurationName] = Array.isArray(trustedDomain) ? false : trustedDomain.showAccessToken;
293
- }
280
+ const trustedDomain = trustedDomains[configurationName];
281
+ const showAccessToken = Array.isArray(trustedDomain) ? false : trustedDomain.showAccessToken;
282
+ const doNotSetAccessTokenToNavigateRequests = Array.isArray(trustedDomain) ? true : trustedDomain.setAccessTokenToNavigateRequests;
283
+ const convertAllRequestsToCorsExceptNavigate = Array.isArray(trustedDomain) ? false : trustedDomain.convertAllRequestsToCorsExceptNavigate;
294
284
  database[configurationName] = {
295
285
  tokens: null,
296
286
  state: null,
@@ -300,7 +290,9 @@ const handleMessage = (event: ExtendableMessageEvent) => {
300
290
  nonce: null,
301
291
  status: null,
302
292
  configurationName,
303
- hideAccessToken: !trustedDomainsShowAccessToken[configurationName],
293
+ hideAccessToken: !showAccessToken,
294
+ setAccessTokenToNavigateRequests: doNotSetAccessTokenToNavigateRequests || true,
295
+ convertAllRequestsToCorsExceptNavigate: convertAllRequestsToCorsExceptNavigate || false,
304
296
  };
305
297
  currentDatabase = database[configurationName];
306
298
 
package/src/OidcTrustedDomains.js CHANGED
@@ -17,7 +17,12 @@ const trustedDomains = {
17
17
  // Service worker will continue to give access token to the JavaScript client
18
18
  // Ideal to hide refresh token from client JavaScript, but to retrieve access_token for some
19
19
  // scenarios which require it. For example, to send it via websocket connection.
20
- trustedDomains.config_show_access_token = { domains: ['https://demo.duendesoftware.com'], showAccessToken: true };
20
+ trustedDomains.config_show_access_token = {
21
+ domains: ['https://demo.duendesoftware.com'],
22
+ showAccessToken: true,
23
+ // convertAllRequestsToCorsExceptNavigate: false,
24
+ // doNotSetAccessTokenToNavigateRequests: true,
25
+ };
21
26
 
22
27
  // This example defines domains used by OIDC server separately from domains to which access tokens will be injected.
23
28
  trustedDomains.config_separate_oidc_access_token_domains = {
package/src/types.ts CHANGED
@@ -3,6 +3,8 @@ export type DomainDetails = {
3
3
  oidcDomains?: Domain[];
4
4
  accessTokenDomains?: Domain[];
5
5
  showAccessToken: boolean;
6
+ convertAllRequestsToCorsExceptNavigate?: boolean,
7
+ setAccessTokenToNavigateRequests?: boolean,
6
8
  }
7
9
 
8
10
  export type Domain = string | RegExp;
@@ -21,7 +23,6 @@ export type OidcServerConfiguration = {
21
23
 
22
24
  export type OidcConfiguration = {
23
25
  token_renew_mode: string;
24
- service_worker_convert_all_requests_to_cors: boolean;
25
26
  }
26
27
 
27
28
  // Uncertain why the Headers interface in lib.webworker.d.ts does not have a keys() function, so extending
@@ -65,6 +66,8 @@ export type OidcConfig = {
65
66
  sessionState?: string | null;
66
67
  items?: MessageData;
67
68
  hideAccessToken: boolean;
69
+ convertAllRequestsToCorsExceptNavigate: boolean,
70
+ setAccessTokenToNavigateRequests: boolean,
68
71
  }
69
72
 
70
73
  export type IdTokenPayload = {
package/src/utils/__tests__/domains.spec.ts CHANGED
@@ -49,6 +49,8 @@ describe('domains', () => {
49
49
  nonce: null,
50
50
  oidcServerConfiguration: {} as OidcServerConfiguration,
51
51
  hideAccessToken: true,
52
+ convertAllRequestsToCorsExceptNavigate: false,
53
+ setAccessTokenToNavigateRequests: true,
52
54
  },
53
55
  };
54
56
 
package/src/utils/__tests__/testHelper.ts CHANGED
@@ -96,7 +96,6 @@ class TokenBuilder {
96
96
  class OidcConfigurationBuilder {
97
97
  private oidcConfiguration: OidcConfiguration = {
98
98
  token_renew_mode: 'offline',
99
- service_worker_convert_all_requests_to_cors: true,
100
99
  };
101
100
 
102
101
  public withTokenRenewMode(
@@ -105,15 +104,7 @@ class OidcConfigurationBuilder {
105
104
  this.oidcConfiguration.token_renew_mode = token_renew_mode;
106
105
  return this;
107
106
  }
108
-
109
- public withServiceWorkerConvertAllRequestsToCors(
110
- service_worker_convert_all_requests_to_cors: boolean,
111
- ): OidcConfigurationBuilder {
112
- this.oidcConfiguration.service_worker_convert_all_requests_to_cors =
113
- service_worker_convert_all_requests_to_cors;
114
- return this;
115
- }
116
-
107
+
117
108
  public build(): OidcConfiguration {
118
109
  return this.oidcConfiguration;
119
110
  }
@@ -132,6 +123,8 @@ class OidcConfigBuilder {
132
123
  sessionState: null,
133
124
  items: undefined,
134
125
  hideAccessToken: true,
126
+ convertAllRequestsToCorsExceptNavigate: false,
127
+ setAccessTokenToNavigateRequests: true,
135
128
  };
136
129
 
137
130
  public withTestingDefault(): OidcConfigBuilder {
package/src/utils/tokens.ts CHANGED
@@ -65,7 +65,7 @@ const isTokensOidcValid = (
65
65
  const idTokenPayload = tokens.idTokenPayload;
66
66
  // 2: The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.
67
67
  if (oidcServerConfiguration.issuer !== idTokenPayload.iss) {
68
- return { isValid: false, reason: 'Issuer does not match' };
68
+ return { isValid: false, reason: `Issuer does not match (oidcServerConfiguration issuer) ${oidcServerConfiguration.issuer} !== (idTokenPayload issuer) ${idTokenPayload.iss}` };
69
69
  }
70
70
  // 3: The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.
71
71
 
@@ -74,7 +74,7 @@ const isTokensOidcValid = (
74
74
  // 9: The current time MUST be before the time represented by the exp Claim.
75
75
  const currentTimeUnixSecond = new Date().getTime() / 1000;
76
76
  if (idTokenPayload.exp && idTokenPayload.exp < currentTimeUnixSecond) {
77
- return { isValid: false, reason: 'Token expired' };
77
+ return { isValid: false, reason: `Token expired at (idTokenPayload exp) ${idTokenPayload.exp} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };
78
78
  }
79
79
  // 10: The iat Claim can be used to reject tokens that were issued too far away from the current time, limiting the amount of time that nonces need to be stored to prevent attacks. The acceptable range is Client specific.
80
80
  const timeInSevenDays = 60 * 60 * 24 * 7;
@@ -82,11 +82,11 @@ const isTokensOidcValid = (
82
82
  idTokenPayload.iat &&
83
83
  idTokenPayload.iat + timeInSevenDays < currentTimeUnixSecond
84
84
  ) {
85
- return { isValid: false, reason: 'Token is used from too long time' };
85
+ return { isValid: false, reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${idTokenPayload.iat + timeInSevenDays} < (currentTimeUnixSecond) ${currentTimeUnixSecond}` };
86
86
  }
87
87
  // 11: If a nonce value was sent in the Authentication Request, a nonce Claim MUST be present and its value checked to verify that it is the same value as the one that was sent in the Authentication Request. The Client SHOULD check the nonce value for replay attacks. The precise method for detecting replay attacks is Client specific.
88
88
  if (nonce && idTokenPayload.nonce && idTokenPayload.nonce !== nonce) {
89
- return { isValid: false, reason: 'Nonce does not match' };
89
+ return { isValid: false, reason: `Nonce does not match (nonce) ${nonce} !== (idTokenPayload nonce) ${idTokenPayload.nonce}` };
90
90
  }
91
91
  }
92
92
  return { isValid: true, reason: '' };
package/src/version.ts CHANGED
@@ -1 +1 @@
1
- export default '7.2.1';
1
+ export default '7.3.0-alpha.1020';