@axa-fr/oidc-client 7.1.0 → 7.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +11 -0
  2. package/bin/{post-install.mjs → copy-service-worker-files.mjs} +8 -4
  3. package/dist/index.js +139 -139
  4. package/dist/index.umd.cjs +2 -2
  5. package/dist/version.d.ts +1 -1
  6. package/package.json +4 -4
  7. package/src/login.ts +3 -2
  8. package/src/version.ts +1 -1
package/README.md CHANGED
@@ -42,11 +42,22 @@ The service worker catch **access_token** and **refresh_token** that will never
42
42
  ```sh
43
43
  npm install @axa-fr/oidc-client --save
44
44
 
45
+ # To install or update OidcServiceWorker.js file, you can run
46
+ node .\node_modules\@axa-fr\react-oidc\bin\copy-service-worker-files.mjs
47
+
45
48
  # If you have a "public" folder, the 2 files will be created :
46
49
  # ./public/OidcServiceWorker.js <-- will be updated at each "npm install"
47
50
  # ./public/OidcTrustedDomains.js <-- won't be updated if already exist
48
51
  ```
49
52
 
53
+ WARNING : If you use Service Worker mode, the OidcServiceWorker.js file should always be up to date with the version of the library. You may setup a postinstall script in your package.json file to update it at each npm install. For example :
54
+ ```sh
55
+ "scripts": {
56
+ ...
57
+ "postinstall": "node .\\node_modules\\@axa-fr\\oidc-client\\bin\\copy-service-worker-files.mjs public"
58
+ },
59
+ ```
60
+
50
61
  If you need a very secure mode where refresh_token and access_token will be hide behind a service worker that will proxify requests.
51
62
  The only file you should edit is "OidcTrustedDomains.js".
52
63
 
package/bin/{post-install.mjs → copy-service-worker-files.mjs} RENAMED
@@ -1,5 +1,6 @@
1
1
  import path from 'path';
2
2
  import fs from 'fs';
3
+ import { fileURLToPath } from 'url';
3
4
 
4
5
  try {
5
6
 
@@ -28,11 +29,14 @@ try {
28
29
  const fileExists = (path) => {
29
30
  return !!fs.existsSync(path);
30
31
  };
32
+
33
+ const initPath = process.cwd();
31
34
 
32
- const initPath = process.env.INIT_CWD;
33
-
34
- const srcDir = '../oidc-client-service-worker/dist/';
35
- const destinationDir = path.join(initPath, 'public');
35
+ const __dirname = path.dirname(fileURLToPath(import.meta.url));
36
+ const srcDir = path.join(__dirname, "..", 'node_modules', '@axa-fr' ,'oidc-client-service-worker', 'dist') ;
37
+
38
+ const destinationFolder = process.argv.length >= 3 ? process.argv[2] : 'public';
39
+ const destinationDir = path.join(initPath, destinationFolder);
36
40
 
37
41
  const files = [
38
42
  {
package/dist/index.js CHANGED
@@ -1,4 +1,4 @@
1
- const F = console;
1
+ const $ = console;
2
2
  class ge {
3
3
  constructor(e, t, s, i = 2e3, o = !0) {
4
4
  this._callback = e, this._client_id = t, this._url = s, this._interval = i || 2e3, this._stopOnError = o;
@@ -13,17 +13,17 @@ class ge {
13
13
  });
14
14
  }
15
15
  _message(e) {
16
- e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (F.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? (F.debug(e), F.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : F.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
16
+ e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? ($.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? ($.debug(e), $.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : $.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
17
17
  }
18
18
  start(e) {
19
- F.debug("CheckSessionIFrame.start :" + e), this.stop();
19
+ $.debug("CheckSessionIFrame.start :" + e), this.stop();
20
20
  const t = () => {
21
21
  this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
22
22
  };
23
23
  t(), this._timer = window.setInterval(t, this._interval);
24
24
  }
25
25
  stop() {
26
- this._timer && (F.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
26
+ this._timer && ($.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
27
27
  }
28
28
  }
29
29
  const m = {
@@ -65,13 +65,13 @@ const m = {
65
65
  e[`oidc.session_state.${n}`] = k;
66
66
  }, r = async () => e[`oidc.session_state.${n}`], l = (k) => {
67
67
  localStorage[`oidc.nonce.${n}`] = k.nonce;
68
- }, c = async () => ({ nonce: localStorage[`oidc.nonce.${n}`] }), d = () => e[`oidc.${n}`] ? JSON.stringify({ tokens: JSON.parse(e[`oidc.${n}`]).tokens }) : null;
68
+ }, c = async () => ({ nonce: localStorage[`oidc.nonce.${n}`] }), h = () => e[`oidc.${n}`] ? JSON.stringify({ tokens: JSON.parse(e[`oidc.${n}`]).tokens }) : null;
69
69
  let a = null;
70
70
  return {
71
71
  clearAsync: t,
72
72
  initAsync: s,
73
73
  setTokens: i,
74
- getTokens: d,
74
+ getTokens: h,
75
75
  setSessionStateAsync: o,
76
76
  getSessionStateAsync: r,
77
77
  setNonceAsync: l,
@@ -118,12 +118,12 @@ const m = {
118
118
  const o = n.idTokenPayload ? n.idTokenPayload : Z(n.idToken), r = o && o.exp ? o.exp : Number.MAX_VALUE, l = s && s.exp ? s.exp : n.issuedAt + i;
119
119
  let c;
120
120
  n.expiresAt ? c = n.expiresAt : t === j.access_token_invalid ? c = l : t === j.id_token_invalid ? c = r : c = r < l ? r : l;
121
- const d = { ...n, idTokenPayload: o, accessTokenPayload: s, expiresAt: c };
121
+ const h = { ...n, idTokenPayload: o, accessTokenPayload: s, expiresAt: c };
122
122
  if (e != null && "refreshToken" in e && !("refreshToken" in n)) {
123
123
  const a = e.refreshToken;
124
- return { ...d, refreshToken: a };
124
+ return { ...h, refreshToken: a };
125
125
  }
126
- return d;
126
+ return h;
127
127
  }, Y = (n, e, t) => {
128
128
  if (!n)
129
129
  return null;
@@ -171,34 +171,34 @@ const m = {
171
171
  return { isValid: !0, reason: "" };
172
172
  }, M = function() {
173
173
  const n = function() {
174
- let c, d;
174
+ let c, h;
175
175
  const a = (function() {
176
176
  const f = {}, u = {
177
- setTimeout: function(_, g, k) {
177
+ setTimeout: function(d, g, k) {
178
178
  f[g] = setTimeout(function() {
179
- _.postMessage(g), f[g] = null;
179
+ d.postMessage(g), f[g] = null;
180
180
  }, k);
181
181
  },
182
- setInterval: function(_, g, k) {
182
+ setInterval: function(d, g, k) {
183
183
  f[g] = setInterval(function() {
184
- _.postMessage(g);
184
+ d.postMessage(g);
185
185
  }, k);
186
186
  },
187
- clearTimeout: function(_, g) {
187
+ clearTimeout: function(d, g) {
188
188
  clearTimeout(f[g]), f[g] = null;
189
189
  },
190
- clearInterval: function(_, g) {
190
+ clearInterval: function(d, g) {
191
191
  clearInterval(f[g]), f[g] = null;
192
192
  }
193
193
  };
194
- function y(_, g) {
194
+ function y(d, g) {
195
195
  const k = g.data[0], w = g.data[1], S = g.data[2];
196
- u[k] && u[k](_, w, S);
196
+ u[k] && u[k](d, w, S);
197
197
  }
198
- this.onmessage = function(_) {
199
- y(self, _);
200
- }, this.onconnect = function(_) {
201
- const g = _.ports[0];
198
+ this.onmessage = function(d) {
199
+ y(self, d);
200
+ }, this.onconnect = function(d) {
201
+ const g = d.ports[0];
202
202
  g.onmessage = function(k) {
203
203
  y(g, k);
204
204
  };
@@ -206,22 +206,22 @@ const m = {
206
206
  }).toString();
207
207
  try {
208
208
  const f = new Blob(["(", a, ")()"], { type: "application/javascript" });
209
- d = URL.createObjectURL(f);
209
+ h = URL.createObjectURL(f);
210
210
  } catch {
211
211
  return null;
212
212
  }
213
- const h = typeof process > "u";
213
+ const _ = typeof process > "u";
214
214
  try {
215
215
  if (SharedWorker)
216
- return c = new SharedWorker(d), c.port;
216
+ return c = new SharedWorker(h), c.port;
217
217
  } catch {
218
- h && console.warn("SharedWorker not available");
218
+ _ && console.warn("SharedWorker not available");
219
219
  }
220
220
  try {
221
221
  if (Worker)
222
- return c = new Worker(d), c;
222
+ return c = new Worker(h), c;
223
223
  } catch {
224
- h && console.warn("Worker not available");
224
+ _ && console.warn("Worker not available");
225
225
  }
226
226
  return null;
227
227
  }();
@@ -241,24 +241,24 @@ const m = {
241
241
  };
242
242
  }(), t = {}, s = {};
243
243
  n.onmessage = function(c) {
244
- const d = c.data, a = t[d];
244
+ const h = c.data, a = t[h];
245
245
  if (a) {
246
- a(), t[d] = null;
246
+ a(), t[h] = null;
247
247
  return;
248
248
  }
249
- const h = s[d];
250
- h && h();
249
+ const _ = s[h];
250
+ _ && _();
251
251
  };
252
- function i(c, d) {
252
+ function i(c, h) {
253
253
  const a = e();
254
- return n.postMessage(["setTimeout", a, d]), t[a] = c, a;
254
+ return n.postMessage(["setTimeout", a, h]), t[a] = c, a;
255
255
  }
256
256
  function o(c) {
257
257
  n.postMessage(["clearTimeout", c]), t[c] = null;
258
258
  }
259
- function r(c, d) {
259
+ function r(c, h) {
260
260
  const a = e();
261
- return n.postMessage(["setInterval", a, d]), s[a] = c, a;
261
+ return n.postMessage(["setInterval", a, h]), s[a] = c, a;
262
262
  }
263
263
  function l(c) {
264
264
  n.postMessage(["clearInterval", c]), s[c] = null;
@@ -269,7 +269,7 @@ const m = {
269
269
  setInterval: r,
270
270
  clearInterval: l
271
271
  };
272
- }(), ee = "7.1.0", le = (n) => {
272
+ }(), ee = "7.2.1", le = (n) => {
273
273
  const e = n.appVersion, t = n.userAgent, s = "-";
274
274
  let i = s;
275
275
  const o = [
@@ -408,7 +408,7 @@ const ue = () => {
408
408
  return { tokens: Y(v.tokens, null, T.token_renew_mode), status: v.status };
409
409
  }, c = () => {
410
410
  ne == null && (ne = "not_null", ue());
411
- }, d = (p) => b(o)({ type: "setSessionState", data: { sessionState: p }, configurationName: e }), a = async () => (await b(o)({ type: "getSessionState", data: null, configurationName: e })).sessionState, h = (p) => (sessionStorage["oidc.nonce"] = p.nonce, b(o)({ type: "setNonce", data: { nonce: p }, configurationName: e })), f = async () => {
411
+ }, h = (p) => b(o)({ type: "setSessionState", data: { sessionState: p }, configurationName: e }), a = async () => (await b(o)({ type: "getSessionState", data: null, configurationName: e })).sessionState, _ = (p) => (sessionStorage["oidc.nonce"] = p.nonce, b(o)({ type: "setNonce", data: { nonce: p }, configurationName: e })), f = async () => {
412
412
  let A = (await b(o)({ type: "getNonce", data: null, configurationName: e })).nonce;
413
413
  return A || (A = sessionStorage["oidc.nonce"], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: A };
414
414
  };
@@ -418,9 +418,9 @@ const ue = () => {
418
418
  initAsync: l,
419
419
  startKeepAliveServiceWorker: c,
420
420
  isServiceWorkerProxyActiveAsync: ve,
421
- setSessionStateAsync: d,
421
+ setSessionStateAsync: h,
422
422
  getSessionStateAsync: a,
423
- setNonceAsync: h,
423
+ setNonceAsync: _,
424
424
  getNonceAsync: f,
425
425
  setLoginParams: (p, A) => {
426
426
  u = A, localStorage[`oidc.login.${p}`] = JSON.stringify(A);
@@ -464,21 +464,21 @@ const D = (n, e, t, s = null) => {
464
464
  t(m.silentLoginAsync_begin, {});
465
465
  let r = "";
466
466
  if (i && (s == null && (s = {}), s.state = i), o && (s == null && (s = {}), s.scope = o), s != null)
467
- for (const [h, f] of Object.entries(s))
468
- r === "" ? r = `?${encodeURIComponent(h)}=${encodeURIComponent(f)}` : r += `&${encodeURIComponent(h)}=${encodeURIComponent(f)}`;
469
- const l = e.silent_login_uri + r, c = l.indexOf("/", l.indexOf("//") + 2), d = l.substr(0, c), a = document.createElement("iframe");
470
- return a.width = "0px", a.height = "0px", a.id = `${n}_oidc_iframe`, a.setAttribute("src", l), document.body.appendChild(a), new Promise((h, f) => {
467
+ for (const [_, f] of Object.entries(s))
468
+ r === "" ? r = `?${encodeURIComponent(_)}=${encodeURIComponent(f)}` : r += `&${encodeURIComponent(_)}=${encodeURIComponent(f)}`;
469
+ const l = e.silent_login_uri + r, c = l.indexOf("/", l.indexOf("//") + 2), h = l.substr(0, c), a = document.createElement("iframe");
470
+ return a.width = "0px", a.height = "0px", a.id = `${n}_oidc_iframe`, a.setAttribute("src", l), document.body.appendChild(a), new Promise((_, f) => {
471
471
  try {
472
472
  let u = !1;
473
- window.onmessage = (_) => {
474
- if (_.origin === d && _.source === a.contentWindow) {
475
- const g = `${n}_oidc_tokens:`, k = `${n}_oidc_error:`, w = _.data;
473
+ window.onmessage = (d) => {
474
+ if (d.origin === h && d.source === a.contentWindow) {
475
+ const g = `${n}_oidc_tokens:`, k = `${n}_oidc_error:`, w = d.data;
476
476
  if (w && typeof w == "string" && !u) {
477
477
  if (w.startsWith(g)) {
478
- const S = JSON.parse(_.data.replace(g, ""));
479
- t(m.silentLoginAsync_end, {}), a.remove(), u = !0, h(S);
478
+ const S = JSON.parse(d.data.replace(g, ""));
479
+ t(m.silentLoginAsync_end, {}), a.remove(), u = !0, _(S);
480
480
  } else if (w.startsWith(k)) {
481
- const S = JSON.parse(_.data.replace(k, ""));
481
+ const S = JSON.parse(d.data.replace(k, ""));
482
482
  t(m.silentLoginAsync_error, S), a.remove(), u = !0, f(new Error("oidc_" + S.error));
483
483
  }
484
484
  }
@@ -497,53 +497,53 @@ const D = (n, e, t, s = null) => {
497
497
  }
498
498
  }, Te = (n, e, t, s, i) => (o = null, r = void 0) => {
499
499
  o = { ...o };
500
- const l = (d, a, h) => Q(e, t, s.bind(i))(d, a, h);
500
+ const l = (h, a, _) => Q(e, t, s.bind(i))(h, a, _);
501
501
  return (async () => {
502
502
  i.timeoutId && M.clearTimeout(i.timeoutId);
503
- let d;
504
- o && "state" in o && (d = o.state, delete o.state);
503
+ let h;
504
+ o && "state" in o && (h = o.state, delete o.state);
505
505
  try {
506
- const a = t.extras ? { ...t.extras, ...o } : o, h = await l({
506
+ const a = t.extras ? { ...t.extras, ...o } : o, _ = await l({
507
507
  ...a,
508
508
  prompt: "none"
509
- }, d, r);
510
- if (h)
511
- return i.tokens = h.tokens, s(m.token_aquired, {}), i.timeoutId = D(i, i.tokens.refreshToken, i.tokens.expiresAt, o), {};
509
+ }, h, r);
510
+ if (_)
511
+ return i.tokens = _.tokens, s(m.token_aquired, {}), i.timeoutId = D(i, i.tokens.refreshToken, i.tokens.expiresAt, o), {};
512
512
  } catch (a) {
513
513
  return a;
514
514
  }
515
515
  })();
516
516
  }, be = (n, e, t) => (s, i, o, r = !1) => {
517
- const l = (c, d = void 0, a = void 0) => Q(n.configurationName, t, n.publishEvent.bind(n))(c, d, a);
518
- return new Promise((c, d) => {
517
+ const l = (c, h = void 0, a = void 0) => Q(n.configurationName, t, n.publishEvent.bind(n))(c, h, a);
518
+ return new Promise((c, h) => {
519
519
  if (t.silent_login_uri && t.silent_redirect_uri && t.monitor_session && s && o && !r) {
520
520
  const a = () => {
521
521
  n.checkSessionIFrame.stop();
522
- const h = n.tokens;
523
- if (h === null)
522
+ const _ = n.tokens;
523
+ if (_ === null)
524
524
  return;
525
- const f = h.idToken, u = h.idTokenPayload;
525
+ const f = _.idToken, u = _.idTokenPayload;
526
526
  return l({
527
527
  prompt: "none",
528
528
  id_token_hint: f,
529
529
  scope: t.scope || "openid"
530
530
  }).then((y) => {
531
- const _ = y.tokens.idTokenPayload;
532
- if (u.sub === _.sub) {
531
+ const d = y.tokens.idTokenPayload;
532
+ if (u.sub === d.sub) {
533
533
  const g = y.sessionState;
534
- n.checkSessionIFrame.start(y.sessionState), u.sid === _.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", g) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", g);
534
+ n.checkSessionIFrame.start(y.sessionState), u.sid === d.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", g) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", g);
535
535
  } else
536
- console.debug("SessionMonitor._callback: Different subject signed into OP:", _.sub);
536
+ console.debug("SessionMonitor._callback: Different subject signed into OP:", d.sub);
537
537
  }).catch(async (y) => {
538
538
  console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", y);
539
- for (const [_, g] of Object.entries(e))
539
+ for (const [d, g] of Object.entries(e))
540
540
  await g.logoutOtherTabAsync(t.client_id, u.sub);
541
541
  });
542
542
  };
543
543
  n.checkSessionIFrame = new ge(a, i, s), n.checkSessionIFrame.load().then(() => {
544
544
  n.checkSessionIFrame.start(o), c(n.checkSessionIFrame);
545
- }).catch((h) => {
546
- d(h);
545
+ }).catch((_) => {
546
+ h(_);
547
547
  });
548
548
  } else
549
549
  c(null);
@@ -601,25 +601,25 @@ const xe = (n) => {
601
601
  return e ? new Promise((t, s) => {
602
602
  crypto.subtle.digest("SHA-256", We(n)).then((i) => t(Ne(new Uint8Array(i))), (i) => s(i));
603
603
  }) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
604
- }, $ = {}, Fe = (n, e = window.sessionStorage, t) => {
605
- if (!$[n] && e) {
604
+ }, F = {}, $e = (n, e = window.sessionStorage, t) => {
605
+ if (!F[n] && e) {
606
606
  const i = e.getItem(n);
607
- i && ($[n] = JSON.parse(i));
607
+ i && (F[n] = JSON.parse(i));
608
608
  }
609
609
  const s = 1e3 * t;
610
- return $[n] && $[n].timestamp + s > Date.now() ? $[n].result : null;
611
- }, $e = (n, e, t = window.sessionStorage) => {
610
+ return F[n] && F[n].timestamp + s > Date.now() ? F[n].result : null;
611
+ }, Fe = (n, e, t = window.sessionStorage) => {
612
612
  const s = Date.now();
613
- $[n] = { result: e, timestamp: s }, t && t.setItem(n, JSON.stringify({ result: e, timestamp: s }));
613
+ F[n] = { result: e, timestamp: s }, t && t.setItem(n, JSON.stringify({ result: e, timestamp: s }));
614
614
  }, Re = 60 * 60, Ve = (n) => async (e, t = Re, s = window.sessionStorage, i = 1e4) => {
615
- const o = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, l = Fe(r, s, t);
615
+ const o = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, l = $e(r, s, t);
616
616
  if (l)
617
617
  return new z(l);
618
618
  const c = await K(n)(o, {}, i);
619
619
  if (c.status !== 200)
620
620
  return null;
621
- const d = await c.json();
622
- return $e(r, d, s), new z(d);
621
+ const h = await c.json();
622
+ return Fe(r, h, s), new z(h);
623
623
  }, K = (n) => async (e, t = {}, s = 1e4, i = 0) => {
624
624
  let o;
625
625
  try {
@@ -644,8 +644,8 @@ const xe = (n) => {
644
644
  client_id: i
645
645
  }, l = [];
646
646
  for (const a in r) {
647
- const h = encodeURIComponent(a), f = encodeURIComponent(r[a]);
648
- l.push(`${h}=${f}`);
647
+ const _ = encodeURIComponent(a), f = encodeURIComponent(r[a]);
648
+ l.push(`${_}=${f}`);
649
649
  }
650
650
  const c = l.join("&");
651
651
  return (await K(n)(e, {
@@ -658,23 +658,23 @@ const xe = (n) => {
658
658
  success: !0
659
659
  };
660
660
  }, De = (n) => async (e, t, s, i, o, r = 1e4) => {
661
- for (const [h, f] of Object.entries(s))
662
- t[h] === void 0 && (t[h] = f);
661
+ for (const [_, f] of Object.entries(s))
662
+ t[_] === void 0 && (t[_] = f);
663
663
  const l = [];
664
- for (const h in t) {
665
- const f = encodeURIComponent(h), u = encodeURIComponent(t[h]);
664
+ for (const _ in t) {
665
+ const f = encodeURIComponent(_), u = encodeURIComponent(t[_]);
666
666
  l.push(`${f}=${u}`);
667
667
  }
668
- const c = l.join("&"), d = await K(n)(e, {
668
+ const c = l.join("&"), h = await K(n)(e, {
669
669
  method: "POST",
670
670
  headers: {
671
671
  "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
672
672
  },
673
673
  body: c
674
674
  }, r);
675
- if (d.status !== 200)
676
- return { success: !1, status: d.status };
677
- const a = await d.json();
675
+ if (h.status !== 200)
676
+ return { success: !1, status: h.status };
677
+ const a = await h.json();
678
678
  return {
679
679
  success: !0,
680
680
  data: Y(a, i, o)
@@ -691,9 +691,9 @@ const xe = (n) => {
691
691
  }, Ke = (n) => async (e, t, s, i = 1e4) => {
692
692
  t = t ? { ...t } : {}, t.code_verifier = await n.getCodeVerifierAsync();
693
693
  const o = [];
694
- for (const d in t) {
695
- const a = encodeURIComponent(d), h = encodeURIComponent(t[d]);
696
- o.push(`${a}=${h}`);
694
+ for (const h in t) {
695
+ const a = encodeURIComponent(h), _ = encodeURIComponent(t[h]);
696
+ o.push(`${a}=${_}`);
697
697
  }
698
698
  const r = o.join("&"), l = await K(fetch)(e, {
699
699
  method: "POST",
@@ -751,9 +751,9 @@ const xe = (n) => {
751
751
  t = o[s].split("="), e[decodeURIComponent(t[0])] = decodeURIComponent(t[1]);
752
752
  return e;
753
753
  }, Be = (n, e, t, s, i) => (o = void 0, r = null, l = !1, c = void 0) => {
754
- const d = r;
754
+ const h = r;
755
755
  return r = { ...r }, (async () => {
756
- const h = n.location, f = o || h.pathname + (h.search || "") + (h.hash || "");
756
+ const _ = n.location, f = o || _.pathname + (_.search || "") + (_.hash || "");
757
757
  if ("state" in r || (r.state = H(16)), s(m.loginAsync_begin, {}), r)
758
758
  for (const u of Object.keys(r))
759
759
  u.endsWith(":token_request") && delete r[u];
@@ -762,13 +762,13 @@ const xe = (n) => {
762
762
  c || (c = t.scope);
763
763
  const y = t.extras ? { ...t.extras, ...r } : r;
764
764
  y.nonce || (y.nonce = H(12));
765
- const _ = { nonce: y.nonce }, g = await I(t.service_worker_relative_url, e), k = await i(t.authority, t.authority_configuration);
765
+ const d = { nonce: y.nonce }, g = await I(t.service_worker_relative_url, e), k = await i(t.authority, t.authority_configuration);
766
766
  let w;
767
767
  if (g)
768
- g.setLoginParams(e, { callbackPath: f, extras: d }), await g.initAsync(k, "loginAsync", t), await g.setNonceAsync(_), g.startKeepAliveServiceWorker(), w = g;
768
+ g.setLoginParams(e, { callbackPath: f, extras: h }), await g.initAsync(k, "loginAsync", t), await g.setNonceAsync(d), g.startKeepAliveServiceWorker(), w = g;
769
769
  else {
770
770
  const p = P(e, t.storage ?? sessionStorage);
771
- p.setLoginParams(e, { callbackPath: f, extras: d }), await p.setNonceAsync(_), w = p;
771
+ p.setLoginParams(e, { callbackPath: f, extras: h }), await p.setNonceAsync(d), w = p;
772
772
  }
773
773
  const S = {
774
774
  client_id: t.client_id,
@@ -785,21 +785,21 @@ const xe = (n) => {
785
785
  }, qe = (n) => async (e = !1) => {
786
786
  try {
787
787
  n.publishEvent(m.loginCallbackAsync_begin, {});
788
- const t = n.configuration, s = t.client_id, i = e ? t.silent_redirect_uri : t.redirect_uri, o = t.authority, r = t.token_request_timeout, l = await n.initAsync(o, t.authority_configuration), d = q(window.location.href).session_state, a = await I(t.service_worker_relative_url, n.configurationName);
789
- let h, f, u, y;
788
+ const t = n.configuration, s = t.client_id, i = e ? t.silent_redirect_uri : t.redirect_uri, o = t.authority, r = t.token_request_timeout, l = await n.initAsync(o, t.authority_configuration), h = q(window.location.href).session_state, a = await I(t.service_worker_relative_url, n.configurationName);
789
+ let _, f, u, y;
790
790
  if (a)
791
- await a.initAsync(l, "loginCallbackAsync", t), await a.setSessionStateAsync(d), f = await a.getNonceAsync(), u = a.getLoginParams(n.configurationName), y = await a.getStateAsync(), a.startKeepAliveServiceWorker(), h = a;
791
+ await a.initAsync(l, "loginCallbackAsync", t), await a.setSessionStateAsync(h), f = await a.getNonceAsync(), u = a.getLoginParams(n.configurationName), y = await a.getStateAsync(), a.startKeepAliveServiceWorker(), _ = a;
792
792
  else {
793
793
  const v = P(n.configurationName, t.storage ?? sessionStorage);
794
- await v.setSessionStateAsync(d), f = await v.getNonceAsync(), u = v.getLoginParams(n.configurationName), y = await v.getStateAsync(), h = v;
794
+ await v.setSessionStateAsync(h), f = await v.getNonceAsync(), u = v.getLoginParams(n.configurationName), y = await v.getStateAsync(), _ = v;
795
795
  }
796
- const _ = q(window.location.toString());
797
- if (_.iss && _.iss !== l.issuer)
798
- throw new Error("issuer not valid");
799
- if (_.state && _.state !== y)
800
- throw new Error("state not valid");
796
+ const d = q(window.location.toString());
797
+ if (d.iss && d.iss !== l.issuer)
798
+ throw console.error(), new Error(`issuer not valid (expected: ${l.issuer}, received: ${d.iss})`);
799
+ if (d.state && d.state !== y)
800
+ throw new Error(`state not valid (expected: ${y}, received: ${d.state})`);
801
801
  const g = {
802
- code: _.code,
802
+ code: d.code,
803
803
  grant_type: "authorization_code",
804
804
  client_id: t.client_id,
805
805
  redirect_uri: i
@@ -810,7 +810,7 @@ const xe = (n) => {
810
810
  if (u && u.extras)
811
811
  for (const [v, O] of Object.entries(u.extras))
812
812
  v.endsWith(":token_request") && (k[v.replace(":token_request", "")] = O);
813
- const w = await Ke(h)(l.tokenEndpoint, { ...g, ...k }, n.configuration.token_renew_mode, r);
813
+ const w = await Ke(_)(l.tokenEndpoint, { ...g, ...k }, n.configuration.token_renew_mode, r);
814
814
  if (!w.success)
815
815
  throw new Error("Token request failed");
816
816
  let S;
@@ -820,7 +820,7 @@ const xe = (n) => {
820
820
  const { isValid: A, reason: T } = ce(p, f.nonce, l);
821
821
  if (!A)
822
822
  throw new Error(`Tokens are not OpenID valid, reason: ${T}`);
823
- return await n.startCheckSessionAsync(l.checkSessionIframe, s, d, e), n.publishEvent(m.loginCallbackAsync_end, {}), {
823
+ return await n.startCheckSessionAsync(l.checkSessionIframe, s, h, e), n.publishEvent(m.loginCallbackAsync_end, {}), {
824
824
  tokens: p,
825
825
  state: "request.state",
826
826
  callbackPath: S.callbackPath
@@ -838,40 +838,40 @@ const xe = (n) => {
838
838
  }, Ge = (n, e, t, s, i) => async (o = void 0, r = null) => {
839
839
  const l = n.configuration, c = await n.initAsync(l.authority, l.authority_configuration);
840
840
  o && typeof o != "string" && (o = void 0, i.warn("callbackPathOrUrl path is not a string"));
841
- const d = o ?? location.pathname + (location.search || "") + (location.hash || "");
841
+ const h = o ?? location.pathname + (location.search || "") + (location.hash || "");
842
842
  let a = !1;
843
843
  o && (a = o.includes("https://") || o.includes("http://"));
844
- const h = a ? o : s.location.origin + d, f = n.tokens ? n.tokens.idToken : "";
844
+ const _ = a ? o : s.location.origin + h, f = n.tokens ? n.tokens.idToken : "";
845
845
  try {
846
846
  const y = c.revocationEndpoint;
847
847
  if (y) {
848
- const _ = [], g = n.tokens.accessToken;
848
+ const d = [], g = n.tokens.accessToken;
849
849
  if (g && l.logout_tokens_to_invalidate.includes(ie.access_token)) {
850
850
  const w = oe(t)(y, g, X.access_token, l.client_id);
851
- _.push(w);
851
+ d.push(w);
852
852
  }
853
853
  const k = n.tokens.refreshToken;
854
854
  if (k && l.logout_tokens_to_invalidate.includes(ie.refresh_token)) {
855
855
  const w = oe(t)(y, k, X.refresh_token, l.client_id);
856
- _.push(w);
856
+ d.push(w);
857
857
  }
858
- _.length > 0 && await Promise.all(_);
858
+ d.length > 0 && await Promise.all(d);
859
859
  }
860
860
  } catch (y) {
861
861
  i.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), i.warn(y);
862
862
  }
863
863
  const u = n.tokens && n.tokens.idTokenPayload ? n.tokens.idTokenPayload.sub : null;
864
864
  await n.destroyAsync("LOGGED_OUT");
865
- for (const [y, _] of Object.entries(e))
866
- _ !== n && await n.logoutSameTabAsync(n.configuration.client_id, u);
865
+ for (const [y, d] of Object.entries(e))
866
+ d !== n && await n.logoutSameTabAsync(n.configuration.client_id, u);
867
867
  if (c.endSessionEndpoint) {
868
868
  r || (r = {
869
869
  id_token_hint: f
870
- }, o !== null && (r.post_logout_redirect_uri = h));
870
+ }, o !== null && (r.post_logout_redirect_uri = _));
871
871
  let y = "";
872
872
  if (r)
873
- for (const [_, g] of Object.entries(r))
874
- y === "" ? y += "?" : y += "&", y += `${_}=${encodeURIComponent(g)}`;
873
+ for (const [d, g] of Object.entries(r))
874
+ y === "" ? y += "?" : y += "&", y += `${d}=${encodeURIComponent(g)}`;
875
875
  s.location.href = `${c.endSessionEndpoint}${y}`;
876
876
  } else
877
877
  s.location.reload();
@@ -1052,30 +1052,30 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1052
1052
  let l = Math.floor(Math.random() * 15) + 10;
1053
1053
  for (; document.hidden && l > 0; )
1054
1054
  await W(1e3), l--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is hidden try ${l}` });
1055
- const d = document.hidden ? t : t + 1;
1055
+ const h = document.hidden ? t : t + 1;
1056
1056
  i || (i = {});
1057
- const a = this.configuration, h = (u, y, _ = null) => Q(this.configurationName, this.configuration, this.publishEvent.bind(this))(u, y, _), f = async () => {
1057
+ const a = this.configuration, _ = (u, y, d = null) => Q(this.configurationName, this.configuration, this.publishEvent.bind(this))(u, y, d), f = async () => {
1058
1058
  try {
1059
1059
  let u;
1060
1060
  const y = await I(a.service_worker_relative_url, this.configurationName);
1061
1061
  y ? u = y.getLoginParams(this.configurationName) : u = P(this.configurationName, a.storage).getLoginParams(this.configurationName);
1062
- const _ = await h({
1062
+ const d = await _({
1063
1063
  ...u.extras,
1064
1064
  ...i,
1065
1065
  prompt: "none"
1066
1066
  }, u.state);
1067
- if (_)
1068
- return o(_.tokens), this.publishEvent(L.eventNames.token_renewed, {}), { tokens: _.tokens, status: "LOGGED" };
1067
+ if (d)
1068
+ return o(d.tokens), this.publishEvent(L.eventNames.token_renewed, {}), { tokens: d.tokens, status: "LOGGED" };
1069
1069
  } catch (u) {
1070
1070
  if (console.error(u), this.publishEvent(m.refreshTokensAsync_silent_error, { message: "exceptionSilent", exception: u.message }), u && u.message && u.message.startsWith("oidc"))
1071
1071
  return o(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent" }), { tokens: null, status: "SESSION_LOST" };
1072
1072
  }
1073
- return this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent return" }), await this.synchroniseTokensAsync(null, d, s, i, o);
1073
+ return this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent return" }), await this.synchroniseTokensAsync(null, h, s, i, o);
1074
1074
  };
1075
1075
  if (t > 4)
1076
1076
  return o(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
1077
1077
  try {
1078
- const { status: u, tokens: y, nonce: _ } = await this.syncTokensInfoAsync(a, this.configurationName, this.tokens, s);
1078
+ const { status: u, tokens: y, nonce: d } = await this.syncTokensInfoAsync(a, this.configurationName, this.tokens, s);
1079
1079
  switch (u) {
1080
1080
  case "SESSION_LOST":
1081
1081
  return o(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token session lost" }), { tokens: null, status: "SESSION_LOST" };
@@ -1103,18 +1103,18 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1103
1103
  refresh_token: y.refreshToken
1104
1104
  }, v = await this.initAsync(w, a.authority_configuration), O = document.hidden ? 1e4 : 3e4 * 10, C = await De(this.getFetch())(v.tokenEndpoint, T, p, y, a.token_renew_mode, O);
1105
1105
  if (C.success) {
1106
- const { isValid: fe, reason: ye } = ce(C.data, _.nonce, v);
1106
+ const { isValid: fe, reason: ye } = ce(C.data, d.nonce, v);
1107
1107
  return fe ? (o(C.data), this.publishEvent(m.refreshTokensAsync_end, { success: C.success }), this.publishEvent(L.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: C.data, status: "LOGGED_IN" }) : (o(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${ye}` }), { tokens: null, status: "SESSION_LOST" });
1108
1108
  } else
1109
1109
  return this.publishEvent(m.refreshTokensAsync_silent_error, {
1110
1110
  message: "bad request",
1111
1111
  tokenResponse: C
1112
- }), await this.synchroniseTokensAsync(e, d, s, i, o);
1112
+ }), await this.synchroniseTokensAsync(e, h, s, i, o);
1113
1113
  })();
1114
1114
  }
1115
1115
  }
1116
1116
  } catch (u) {
1117
- return console.error(u), this.publishEvent(m.refreshTokensAsync_silent_error, { message: "exception", exception: u.message }), this.synchroniseTokensAsync(e, d, s, i, o);
1117
+ return console.error(u), this.publishEvent(m.refreshTokensAsync_silent_error, { message: "exception", exception: u.message }), this.synchroniseTokensAsync(e, h, s, i, o);
1118
1118
  }
1119
1119
  }
1120
1120
  async syncTokensInfoAsync(e, t, s, i = !1) {
@@ -1124,30 +1124,30 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1124
1124
  let r = o;
1125
1125
  const l = await this.initAsync(e.authority, e.authority_configuration), c = await I(e.service_worker_relative_url, t);
1126
1126
  if (c) {
1127
- const { status: h, tokens: f } = await c.initAsync(l, "syncTokensAsync", e);
1128
- if (h === "LOGGED_OUT")
1127
+ const { status: _, tokens: f } = await c.initAsync(l, "syncTokensAsync", e);
1128
+ if (_ === "LOGGED_OUT")
1129
1129
  return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: o };
1130
- if (h === "SESSIONS_LOST")
1130
+ if (_ === "SESSIONS_LOST")
1131
1131
  return { tokens: null, status: "SESSIONS_LOST", nonce: o };
1132
- if (!h || !f)
1132
+ if (!_ || !f)
1133
1133
  return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: o };
1134
1134
  if (f.issuedAt !== s.issuedAt) {
1135
- const y = V(e.refresh_time_before_tokens_expiration_in_second, f.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", _ = await c.getNonceAsync();
1136
- return { tokens: f, status: y, nonce: _ };
1135
+ const y = V(e.refresh_time_before_tokens_expiration_in_second, f.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", d = await c.getNonceAsync();
1136
+ return { tokens: f, status: y, nonce: d };
1137
1137
  }
1138
1138
  r = await c.getNonceAsync();
1139
1139
  } else {
1140
- const h = P(t, e.storage ?? sessionStorage), { tokens: f, status: u } = await h.initAsync();
1140
+ const _ = P(t, e.storage ?? sessionStorage), { tokens: f, status: u } = await _.initAsync();
1141
1141
  if (f) {
1142
1142
  if (u === "SESSIONS_LOST")
1143
1143
  return { tokens: null, status: "SESSIONS_LOST", nonce: o };
1144
1144
  if (f.issuedAt !== s.issuedAt) {
1145
- const _ = V(e.refresh_time_before_tokens_expiration_in_second, f.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", g = await h.getNonceAsync();
1146
- return { tokens: f, status: _, nonce: g };
1145
+ const d = V(e.refresh_time_before_tokens_expiration_in_second, f.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", g = await _.getNonceAsync();
1146
+ return { tokens: f, status: d, nonce: g };
1147
1147
  }
1148
1148
  } else
1149
1149
  return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: o };
1150
- r = await h.getNonceAsync();
1150
+ r = await _.getNonceAsync();
1151
1151
  }
1152
1152
  const a = V(e.refresh_time_before_tokens_expiration_in_second, s.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
1153
1153
  return i ? { tokens: s, status: "FORCE_REFRESH", nonce: r } : { tokens: s, status: a, nonce: r };
package/dist/index.umd.cjs CHANGED
@@ -1,2 +1,2 @@
1
- (function(b,j){typeof exports=="object"&&typeof module<"u"?j(exports):typeof define=="function"&&define.amd?define(["exports"],j):(b=typeof globalThis<"u"?globalThis:b||self,j(b["oidc-client"]={}))})(this,function(b){"use strict";const R=console;class ke{constructor(e,t,s,i=2e3,o=!0){this._callback=e,this._client_id=t,this._url=s,this._interval=i||2e3,this._stopOnError=o;const r=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(R.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(R.debug(e),R.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):R.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){R.debug("CheckSessionIFrame.start :"+e),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(R.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},P=(n,e=sessionStorage)=>{const t=k=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:k}),Promise.resolve()),s=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const k=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:k.tokens,status:k.status})},i=k=>{e[`oidc.${n}`]=JSON.stringify({tokens:k})},o=async k=>{e[`oidc.session_state.${n}`]=k},r=async()=>e[`oidc.session_state.${n}`],l=k=>{localStorage[`oidc.nonce.${n}`]=k.nonce},c=async()=>({nonce:localStorage[`oidc.nonce.${n}`]}),d=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let a=null;return{clearAsync:t,initAsync:s,setTokens:i,getTokens:d,setSessionStateAsync:o,getSessionStateAsync:r,setNonceAsync:l,getNonceAsync:c,setLoginParams:(k,w)=>{a=w,e[`oidc.login.${k}`]=JSON.stringify(w)},getLoginParams:k=>{const w=e[`oidc.login.${k}`];return a||(a=JSON.parse(w)),a},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async k=>{e[`oidc.state.${n}`]=k},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async k=>{e[`oidc.code_verifier.${n}`]=k}}},me=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),pe=n=>JSON.parse(me(n.split(".")[1].replace("-","+").replace("_","/"))),te=n=>{try{return n&&we(n,".")===2?pe(n):null}catch(e){console.warn(e)}return null},we=(n,e)=>n.split(e).length-1,q={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"},se=(n,e=null,t)=>{if(!n)return null;let s;const i=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;if(n.issuedAt)typeof n.issuedAt=="string"&&(n.issuedAt=parseInt(n.issuedAt,10));else{const a=new Date().getTime()/1e3;n.issuedAt=a}n.accessTokenPayload!==void 0?s=n.accessTokenPayload:s=te(n.accessToken);const o=n.idTokenPayload?n.idTokenPayload:te(n.idToken),r=o&&o.exp?o.exp:Number.MAX_VALUE,l=s&&s.exp?s.exp:n.issuedAt+i;let c;n.expiresAt?c=n.expiresAt:t===q.access_token_invalid?c=l:t===q.id_token_invalid?c=r:c=r<l?r:l;const d={...n,idTokenPayload:o,accessTokenPayload:s,expiresAt:c};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const a=e.refreshToken;return{...d,refreshToken:a}}return d},H=(n,e,t)=>{if(!n)return null;if(!n.issued_at){const i=new Date().getTime()/1e3;n.issued_at=i}const s={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(s.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(s.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(s.idTokenPayload=n.idTokenPayload),se(s,e,t)},D=(n,e)=>{const t=new Date().getTime()/1e3;return Math.round(e-n-t)},X=n=>n?D(0,n.expiresAt)>0:!1,Ae=async(n,e=200,t=50)=>{let s=t;if(!n.tokens)return null;for(;!X(n.tokens)&&s>0;)await x(e),s=s-1;return{isTokensValid:X(n.tokens),tokens:n.tokens,numberWaited:s-t}},oe=(n,e,t)=>{if(n.idTokenPayload){const s=n.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:"Issuer does not match"};const i=new Date().getTime()/1e3;if(s.exp&&s.exp<i)return{isValid:!1,reason:"Token expired"};const o=60*60*24*7;if(s.iat&&s.iat+o<i)return{isValid:!1,reason:"Token is used from too long time"};if(s.nonce&&s.nonce!==e)return{isValid:!1,reason:"Nonce does not match"}}return{isValid:!0,reason:""}},V=function(){const n=function(){let c,d;const a=(function(){const f={},u={setTimeout:function(_,g,k){f[g]=setTimeout(function(){_.postMessage(g),f[g]=null},k)},setInterval:function(_,g,k){f[g]=setInterval(function(){_.postMessage(g)},k)},clearTimeout:function(_,g){clearTimeout(f[g]),f[g]=null},clearInterval:function(_,g){clearInterval(f[g]),f[g]=null}};function y(_,g){const k=g.data[0],w=g.data[1],S=g.data[2];u[k]&&u[k](_,w,S)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(k){y(g,k)}}}).toString();try{const f=new Blob(["(",a,")()"],{type:"application/javascript"});d=URL.createObjectURL(f)}catch{return null}const h=typeof process>"u";try{if(SharedWorker)return c=new SharedWorker(d),c.port}catch{h&&console.warn("SharedWorker not available")}try{if(Worker)return c=new Worker(d),c}catch{h&&console.warn("Worker not available")}return null}();if(!n){const c=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(c),clearTimeout:clearTimeout.bind(c),setInterval:setInterval.bind(c),clearInterval:clearInterval.bind(c)}}const e=function(){let c=0;return function(){return c++,c}}(),t={},s={};n.onmessage=function(c){const d=c.data,a=t[d];if(a){a(),t[d]=null;return}const h=s[d];h&&h()};function i(c,d){const a=e();return n.postMessage(["setTimeout",a,d]),t[a]=c,a}function o(c){n.postMessage(["clearTimeout",c]),t[c]=null}function r(c,d){const a=e();return n.postMessage(["setInterval",a,d]),s[a]=c,a}function l(c){n.postMessage(["clearInterval",c]),s[c]=null}return{setTimeout:i,clearTimeout:o,setInterval:r,clearInterval:l}}(),ie="7.1.0",re=n=>{const e=n.appVersion,t=n.userAgent,s="-";let i=s;const o=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in o){const c=o[l];if(c.r.test(t)){i=c.s;break}}let r=s;switch(/Windows/.test(i)&&(r=/Windows (.*)/.exec(i)[1],i="Windows"),i){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=l[1]+"."+l[2]+"."+(parseInt(l[3])|0);break}}return{os:i,osVersion:r}};function ve(){const n=navigator.userAgent;let e,t=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(t[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let s=e[1];if(!s){const i=n.split(e[0]+"/");i.length>1&&(s=i[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&t.splice(1,1,e[1]),{name:t[0].toLowerCase(),version:t[1]}}let ae=null;const x=n=>new Promise(e=>V.setTimeout(e,n));let G;const ce=()=>{try{const e=re(navigator).os==="Android"?240:150;G=new AbortController,fetch(`/OidcKeepAliveServiceWorker.json?minSleepSeconds=${e}`,{signal:G.signal}).catch(s=>{console.log(s)}),x(e*1e3).then(ce)}catch(n){console.log(n)}},le=()=>{G&&G.abort()},Se=()=>fetch("/OidcKeepAliveServiceWorker.json",{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),Te=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),E=n=>e=>new Promise(function(t,s){const i=new MessageChannel;i.port1.onmessage=function(o){o.data&&o.data.error?s(o.data.error):t(o.data)},n.active.postMessage(e,[i.port2])}),O=async(n,e)=>{if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!n)return null;const{name:t,version:s}=ve();if(t==="chrome"&&parseInt(s)<90||t==="opera"&&(!s||parseInt(s.split(".")[0])<80)||t==="ie")return null;const i=re(navigator);if(Te(i))return null;const o=await navigator.serviceWorker.register(n);try{await navigator.serviceWorker.ready}catch{return null}const r=async p=>E(o)({type:"clear",data:{status:p},configurationName:e}),l=async(p,A,T)=>{const v=await E(o)({type:"init",data:{oidcServerConfiguration:p,where:A,oidcConfiguration:{token_renew_mode:T.token_renew_mode,service_worker_convert_all_requests_to_cors:T.service_worker_convert_all_requests_to_cors}},configurationName:e}),N=v.version;if(N!==ie)if(console.warn(`Service worker ${N} version mismatch with js client version ${ie}, unregistering and reloading`),T.service_worker_update_require_callback)await T.service_worker_update_require_callback(o,le);else{le(),await o.update();const W=await o.unregister();console.log(`Service worker unregistering ${W}`),await x(2e3),window.location.reload()}return{tokens:H(v.tokens,null,T.token_renew_mode),status:v.status}},c=()=>{ae==null&&(ae="not_null",ce())},d=p=>E(o)({type:"setSessionState",data:{sessionState:p},configurationName:e}),a=async()=>(await E(o)({type:"getSessionState",data:null,configurationName:e})).sessionState,h=p=>(sessionStorage["oidc.nonce"]=p.nonce,E(o)({type:"setNonce",data:{nonce:p},configurationName:e})),f=async()=>{let A=(await E(o)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage["oidc.nonce"],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let u=null;return{clearAsync:r,initAsync:l,startKeepAliveServiceWorker:c,isServiceWorkerProxyActiveAsync:Se,setSessionStateAsync:d,getSessionStateAsync:a,setNonceAsync:h,getNonceAsync:f,setLoginParams:(p,A)=>{u=A,localStorage[`oidc.login.${p}`]=JSON.stringify(A)},getLoginParams:p=>{const A=localStorage[`oidc.login.${p}`];return u||(u=JSON.parse(A)),u},getStateAsync:async()=>{let A=(await E(o)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async p=>(sessionStorage[`oidc.state.${e}`]=p,E(o)({type:"setState",data:{state:p},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await E(o)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async p=>(sessionStorage[`oidc.code_verifier.${e}`]=p,E(o)({type:"setCodeVerifier",data:{codeVerifier:p},configurationName:e}))}};async function ue(n,e,t=!1,s=null){const i=c=>{n.tokens=c},{tokens:o,status:r}=await n.synchroniseTokensAsync(e,0,t,s,i);if(await O(n.configuration.service_worker_relative_url,n.configurationName)||await P(n.configurationName,n.configuration.storage).setTokens(n.tokens),!n.tokens){await n.destroyAsync(r);return}return n.timeoutId&&(n.timeoutId=K(n,o.refreshToken,n.tokens.expiresAt,s)),n.tokens}const K=(n,e,t,s=null)=>{const i=n.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const r={timeLeft:D(i,t)};n.publishEvent(F.eventNames.token_timer,r),await ue(n,e,!1,s)},1e3)},z=(n,e,t)=>(s=null,i=null,o=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{t(m.silentLoginAsync_begin,{});let r="";if(i&&(s==null&&(s={}),s.state=i),o&&(s==null&&(s={}),s.scope=o),s!=null)for(const[h,f]of Object.entries(s))r===""?r=`?${encodeURIComponent(h)}=${encodeURIComponent(f)}`:r+=`&${encodeURIComponent(h)}=${encodeURIComponent(f)}`;const l=e.silent_login_uri+r,c=l.indexOf("/",l.indexOf("//")+2),d=l.substr(0,c),a=document.createElement("iframe");return a.width="0px",a.height="0px",a.id=`${n}_oidc_iframe`,a.setAttribute("src",l),document.body.appendChild(a),new Promise((h,f)=>{try{let u=!1;window.onmessage=_=>{if(_.origin===d&&_.source===a.contentWindow){const g=`${n}_oidc_tokens:`,k=`${n}_oidc_error:`,w=_.data;if(w&&typeof w=="string"&&!u){if(w.startsWith(g)){const S=JSON.parse(_.data.replace(g,""));t(m.silentLoginAsync_end,{}),a.remove(),u=!0,h(S)}else if(w.startsWith(k)){const S=JSON.parse(_.data.replace(k,""));t(m.silentLoginAsync_error,S),a.remove(),u=!0,f(new Error("oidc_"+S.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{u||(t(m.silentLoginAsync_error,{reason:"timeout"}),a.remove(),u=!0,f(new Error("timeout")))},y)}catch(u){a.remove(),t(m.silentLoginAsync_error,u),f(u)}})}catch(r){throw t(m.silentLoginAsync_error,r),r}},be=(n,e,t,s,i)=>(o=null,r=void 0)=>{o={...o};const l=(d,a,h)=>z(e,t,s.bind(i))(d,a,h);return(async()=>{i.timeoutId&&V.clearTimeout(i.timeoutId);let d;o&&"state"in o&&(d=o.state,delete o.state);try{const a=t.extras?{...t.extras,...o}:o,h=await l({...a,prompt:"none"},d,r);if(h)return i.tokens=h.tokens,s(m.token_aquired,{}),i.timeoutId=K(i,i.tokens.refreshToken,i.tokens.expiresAt,o),{}}catch(a){return a}})()},Ee=(n,e,t)=>(s,i,o,r=!1)=>{const l=(c,d=void 0,a=void 0)=>z(n.configurationName,t,n.publishEvent.bind(n))(c,d,a);return new Promise((c,d)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&o&&!r){const a=()=>{n.checkSessionIFrame.stop();const h=n.tokens;if(h===null)return;const f=h.idToken,u=h.idTokenPayload;return l({prompt:"none",id_token_hint:f,scope:t.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(u.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),u.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(t.client_id,u.sub)})};n.checkSessionIFrame=new ke(a,i,s),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(o),c(n.checkSessionIFrame)}).catch(h=>{d(h)})}else c(null)})};for(var Ie=Le,I=[],de="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",J=0,Pe=de.length;J<Pe;++J)I[J]=de[J];function Oe(n){return I[n>>18&63]+I[n>>12&63]+I[n>>6&63]+I[n&63]}function Ce(n,e,t){for(var s,i=[],o=e;o<t;o+=3)s=(n[o]<<16&16711680)+(n[o+1]<<8&65280)+(n[o+2]&255),i.push(Oe(s));return i.join("")}function Le(n){for(var e,t=n.length,s=t%3,i=[],o=16383,r=0,l=t-s;r<l;r+=o)i.push(Ce(n,r,r+o>l?l:r+o));return s===1?(e=n[t-1],i.push(I[e>>2]+I[e<<4&63]+"==")):s===2&&(e=(n[t-2]<<8)+n[t-1],i.push(I[e>>10]+I[e>>4&63]+I[e<<2&63]+"=")),i.join("")}const he=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},Y="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ne=n=>{const e=[];for(let t=0;t<n.byteLength;t+=1){const s=n[t]%Y.length;e.push(Y[s])}return e.join("")},We=n=>Ie(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),Q=n=>{const e=new Uint8Array(n),{hasCrypto:t}=he();if(t)window.crypto.getRandomValues(e);else for(let s=0;s<n;s+=1)e[s]=Math.random()*Y.length|0;return Ne(e)};function xe(n){const e=new ArrayBuffer(n.length),t=new Uint8Array(e);for(let s=0;s<n.length;s++)t[s]=n.charCodeAt(s);return t}const Fe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=he();return e?new Promise((t,s)=>{crypto.subtle.digest("SHA-256",xe(n)).then(i=>t(We(new Uint8Array(i))),i=>s(i))}):Promise.reject(new Error("window.crypto.subtle is unavailable."))},$={},Re=(n,e=window.sessionStorage,t)=>{if(!$[n]&&e){const i=e.getItem(n);i&&($[n]=JSON.parse(i))}const s=1e3*t;return $[n]&&$[n].timestamp+s>Date.now()?$[n].result:null},$e=(n,e,t=window.sessionStorage)=>{const s=Date.now();$[n]={result:e,timestamp:s},t&&t.setItem(n,JSON.stringify({result:e,timestamp:s}))},Me=60*60,De=n=>async(e,t=Me,s=window.sessionStorage,i=1e4)=>{const o=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,l=Re(r,s,t);if(l)return new ee(l);const c=await U(n)(o,{},i);if(c.status!==200)return null;const d=await c.json();return $e(r,d,s),new ee(d)},U=n=>async(e,t={},s=1e4,i=0)=>{let o;try{const r=new AbortController;setTimeout(()=>r.abort(),s),o=await n(e,{...t,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(i<=1)return await U(n)(e,t,s,i+1);throw r}else throw console.error(r.message),r}return o},Z={refresh_token:"refresh_token",access_token:"access_token"},_e=n=>async(e,t,s=Z.refresh_token,i,o=1e4)=>{const r={token:t,token_type_hint:s,client_id:i},l=[];for(const a in r){const h=encodeURIComponent(a),f=encodeURIComponent(r[a]);l.push(`${h}=${f}`)}const c=l.join("&");return(await U(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:c},o)).status!==200?{success:!1}:{success:!0}},Ve=n=>async(e,t,s,i,o,r=1e4)=>{for(const[h,f]of Object.entries(s))t[h]===void 0&&(t[h]=f);const l=[];for(const h in t){const f=encodeURIComponent(h),u=encodeURIComponent(t[h]);l.push(`${f}=${u}`)}const c=l.join("&"),d=await U(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:c},r);if(d.status!==200)return{success:!1,status:d.status};const a=await d.json();return{success:!0,data:H(a,i,o)}},Ke=n=>async(e,t)=>{t=t?{...t}:{};const s=Q(128),i=await Fe(s);await n.setCodeVerifierAsync(s),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let o="";if(t)for(const[r,l]of Object.entries(t))o===""?o+="?":o+="&",o+=`${r}=${encodeURIComponent(l)}`;window.location.href=`${e}${o}`},Ue=n=>async(e,t,s,i=1e4)=>{t=t?{...t}:{},t.code_verifier=await n.getCodeVerifierAsync();const o=[];for(const d in t){const a=encodeURIComponent(d),h=encodeURIComponent(t[d]);o.push(`${a}=${h}`)}const r=o.join("&"),l=await U(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:r},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),l.status!==200)return{success:!1,status:l.status};const c=await l.json();return{success:!0,data:{state:t.state,tokens:H(c,null,s)}}},fe=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let t=e[6],s=e[7];if(s){const i=s.split("?");i.length===2&&(s=i[0],t=i[1])}return t.startsWith("?")&&(t=t.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:t,hash:s}},Be=n=>{const e=fe(n);let{path:t}=e;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=e;return s==="#_=_"&&(s=""),s&&(t+=s),t},B=n=>{const e=fe(n),{search:t}=e;return je(t)},je=n=>{const e={};let t,s,i;const o=n.split("&");for(s=0,i=o.length;s<i;s++)t=o[s].split("="),e[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return e},qe=(n,e,t,s,i)=>(o=void 0,r=null,l=!1,c=void 0)=>{const d=r;return r={...r},(async()=>{const h=n.location,f=o||h.pathname+(h.search||"")+(h.hash||"");if("state"in r||(r.state=Q(16)),s(m.loginAsync_begin,{}),r)for(const u of Object.keys(r))u.endsWith(":token_request")&&delete r[u];try{const u=l?t.silent_redirect_uri:t.redirect_uri;c||(c=t.scope);const y=t.extras?{...t.extras,...r}:r;y.nonce||(y.nonce=Q(12));const _={nonce:y.nonce},g=await O(t.service_worker_relative_url,e),k=await i(t.authority,t.authority_configuration);let w;if(g)g.setLoginParams(e,{callbackPath:f,extras:d}),await g.initAsync(k,"loginAsync",t),await g.setNonceAsync(_),g.startKeepAliveServiceWorker(),w=g;else{const p=P(e,t.storage??sessionStorage);p.setLoginParams(e,{callbackPath:f,extras:d}),await p.setNonceAsync(_),w=p}const S={client_id:t.client_id,redirect_uri:u,scope:c,response_type:"code",...y};await Ke(w)(k.authorizationEndpoint,S)}catch(u){throw s(m.loginAsync_error,u),u}})()},Ge=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const t=n.configuration,s=t.client_id,i=e?t.silent_redirect_uri:t.redirect_uri,o=t.authority,r=t.token_request_timeout,l=await n.initAsync(o,t.authority_configuration),d=B(window.location.href).session_state,a=await O(t.service_worker_relative_url,n.configurationName);let h,f,u,y;if(a)await a.initAsync(l,"loginCallbackAsync",t),await a.setSessionStateAsync(d),f=await a.getNonceAsync(),u=a.getLoginParams(n.configurationName),y=await a.getStateAsync(),a.startKeepAliveServiceWorker(),h=a;else{const v=P(n.configurationName,t.storage??sessionStorage);await v.setSessionStateAsync(d),f=await v.getNonceAsync(),u=v.getLoginParams(n.configurationName),y=await v.getStateAsync(),h=v}const _=B(window.location.toString());if(_.iss&&_.iss!==l.issuer)throw new Error("issuer not valid");if(_.state&&_.state!==y)throw new Error("state not valid");const g={code:_.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:i},k={};if(t.token_request_extras)for(const[v,N]of Object.entries(t.token_request_extras))k[v]=N;if(u&&u.extras)for(const[v,N]of Object.entries(u.extras))v.endsWith(":token_request")&&(k[v.replace(":token_request","")]=N);const w=await Ue(h)(l.tokenEndpoint,{...g,...k},n.configuration.token_renew_mode,r);if(!w.success)throw new Error("Token request failed");let S;const p=w.data.tokens;if(a?(await a.initAsync(i,"syncTokensAsync",t),S=a.getLoginParams(n.configurationName)):S=P(n.configurationName,t.storage).getLoginParams(n.configurationName),w.data.state!==k.state)throw new Error("state is not valid");const{isValid:A,reason:T}=oe(p,f.nonce,l);if(!A)throw new Error(`Tokens are not OpenID valid, reason: ${T}`);return await n.startCheckSessionAsync(l.checkSessionIframe,s,d,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:p,state:"request.state",callbackPath:S.callbackPath}}catch(t){throw console.error(t),n.publishEvent(m.loginCallbackAsync_error,t),t}},ye={access_token:"access_token",refresh_token:"refresh_token"},Je=n=>async e=>{V.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const t=await O(n.configuration.service_worker_relative_url,n.configurationName);t?await t.clearAsync(e):await P(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},He=(n,e,t,s,i)=>async(o=void 0,r=null)=>{const l=n.configuration,c=await n.initAsync(l.authority,l.authority_configuration);o&&typeof o!="string"&&(o=void 0,i.warn("callbackPathOrUrl path is not a string"));const d=o??location.pathname+(location.search||"")+(location.hash||"");let a=!1;o&&(a=o.includes("https://")||o.includes("http://"));const h=a?o:s.location.origin+d,f=n.tokens?n.tokens.idToken:"";try{const y=c.revocationEndpoint;if(y){const _=[],g=n.tokens.accessToken;if(g&&l.logout_tokens_to_invalidate.includes(ye.access_token)){const w=_e(t)(y,g,Z.access_token,l.client_id);_.push(w)}const k=n.tokens.refreshToken;if(k&&l.logout_tokens_to_invalidate.includes(ye.refresh_token)){const w=_e(t)(y,k,Z.refresh_token,l.client_id);_.push(w)}_.length>0&&await Promise.all(_)}}catch(y){i.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),i.warn(y)}const u=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,u);if(c.endSessionEndpoint){r||(r={id_token_hint:f},o!==null&&(r.post_logout_redirect_uri=h));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;s.location.href=`${c.endSessionEndpoint}${y}`}else s.location.reload()},Xe=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!X(n.tokens);)await x(200);if(!n.tokens)return null;const t=n.tokens.accessToken;if(!t)return null;const i=(await n.initAsync(n.configuration.authority,n.configuration.authority_configuration)).userInfoEndpoint,r=await(async l=>{const c=await fetch(i,{headers:{authorization:`Bearer ${l}`}});return c.status!==200?null:c.json()})(t);return n.userInfo=r,r},ge=()=>fetch;class ee{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const C={},ze=n=>(e,t="default")=>(C[t]||(C[t]=new F(e,t,n)),C[t]),Ye=async n=>{const{parsedTokens:e,callbackPath:t}=await n.loginCallbackAsync();return n.timeoutId=K(n,e.refreshToken,e.expiresAt),{callbackPath:t}},Qe=n=>Math.floor(Math.random()*n),L=class L{constructor(e,t="default",s){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let o=e.refresh_time_before_tokens_expiration_in_second??120;o>60&&(o=o-Math.floor(Math.random()*40)),e.logout_tokens_to_invalidate||(e.logout_tokens_to_invalidate=["access_token","refresh_token"]),e.authority_timeout_wellknowurl_in_millisecond||(e.authority_timeout_wellknowurl_in_millisecond=1e4),this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:o,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??q.access_token_or_id_token_invalid},this.getFetch=s??ge,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const t=Qe(9999999999999).toString();return this.events.push({id:t,func:e}),t}removeEventSubscription(e){const t=this.events.filter(s=>s.id!==e);this.events=t}publishEvent(e,t){this.events.forEach(s=>{s.func(e,t)})}static get(e="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(C,e)&&t)throw Error(`OIDC library does seem initialized.
2
- Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return C[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=B(window.location.href);window.top.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:e.session_state})}`,window.location.origin)}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=B(window.location.href);window.top.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:e.error})}`,window.location.origin)}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new ee({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const o=await O(this.configuration.service_worker_relative_url,this.configurationName)?window.localStorage:null;return await De(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,o,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.then(i=>(this.initPromise=null,i))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let t;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=this.configuration,i=await this.initAsync(s.authority,s.authority_configuration);if(t=await O(s.service_worker_relative_url,this.configurationName),t){const{tokens:o}=await t.initAsync(i,"tryKeepExistingSessionAsync",s);if(o){t.startKeepAliveServiceWorker(),this.tokens=o;const r=t.getLoginParams(this.configurationName);this.timeoutId=K(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const l=await t.getSessionStateAsync();return await this.startCheckSessionAsync(i.check_session_iframe,s.client_id,l),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=P(this.configurationName,s.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){this.tokens=se(r,null,s.token_renew_mode);const l=o.getLoginParams(this.configurationName);this.timeoutId=K(this,r.refreshToken,this.tokens.expiresAt,l.extras);const c=await o.getSessionStateAsync();return await this.startCheckSessionAsync(i.check_session_iframe,s.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:t?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),t&&await t.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(t=>(this.tryKeepExistingSessionPromise=null,t))}async startCheckSessionAsync(e,t,s,i=!1){await Ee(this,C,this.configuration)(e,t,s,i)}async loginAsync(e=void 0,t=null,s=!1,i=void 0,o=!1){return this.loginPromise!==null?this.loginPromise:o?be(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,i):(this.loginPromise=qe(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this))(e,t,s,i),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await Ge(this)(e),i=s.tokens;return this.tokens=i,await O(this.configuration.service_worker_relative_url,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(i),this.publishEvent(L.eventNames.token_aquired,i),{parsedTokens:i,state:s.state,callbackPath:s.callbackPath}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.then(s=>(this.loginCallbackPromise=null,s))}async synchroniseTokensAsync(e,t=0,s=!1,i=null,o){for(;!navigator.onLine&&document.hidden;)await x(1e3),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await x(1e3),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});let l=Math.floor(Math.random()*15)+10;for(;document.hidden&&l>0;)await x(1e3),l--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is hidden try ${l}`});const d=document.hidden?t:t+1;i||(i={});const a=this.configuration,h=(u,y,_=null)=>z(this.configurationName,this.configuration,this.publishEvent.bind(this))(u,y,_),f=async()=>{try{let u;const y=await O(a.service_worker_relative_url,this.configurationName);y?u=y.getLoginParams(this.configurationName):u=P(this.configurationName,a.storage).getLoginParams(this.configurationName);const _=await h({...u.extras,...i,prompt:"none"},u.state);if(_)return o(_.tokens),this.publishEvent(L.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}}catch(u){if(console.error(u),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:u.message}),u&&u.message&&u.message.startsWith("oidc"))return o(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,d,s,i,o)};if(t>4)return o(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:u,tokens:y,nonce:_}=await this.syncTokensInfoAsync(a,this.configurationName,this.tokens,s);switch(u){case"SESSION_LOST":return o(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return o(null),{tokens:null,status:null};case"TOKENS_VALID":return o(y),{tokens:y,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return o(y),this.publishEvent(L.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:y,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return o(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:u,tryNumber:t}),await f();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:u,tryNumber:t}),!e)return await f();const g=a.client_id,k=a.redirect_uri,w=a.authority,p={...a.token_request_extras?a.token_request_extras:{}};for(const[T,v]of Object.entries(i))T.endsWith(":token_request")&&(p[T.replace(":token_request","")]=v);return await(async()=>{const T={client_id:g,redirect_uri:k,grant_type:"refresh_token",refresh_token:y.refreshToken},v=await this.initAsync(w,a.authority_configuration),N=document.hidden?1e4:3e4*10,W=await Ve(this.getFetch())(v.tokenEndpoint,T,p,y,a.token_renew_mode,N);if(W.success){const{isValid:Ze,reason:en}=oe(W.data,_.nonce,v);return Ze?(o(W.data),this.publishEvent(m.refreshTokensAsync_end,{success:W.success}),this.publishEvent(L.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:W.data,status:"LOGGED_IN"}):(o(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${en}`}),{tokens:null,status:"SESSION_LOST"})}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:W}),await this.synchroniseTokensAsync(e,d,s,i,o)})()}}}catch(u){return console.error(u),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:u.message}),this.synchroniseTokensAsync(e,d,s,i,o)}}async syncTokensInfoAsync(e,t,s,i=!1){const o={nonce:null};if(!s)return{tokens:null,status:"NOT_CONNECTED",nonce:o};let r=o;const l=await this.initAsync(e.authority,e.authority_configuration),c=await O(e.service_worker_relative_url,t);if(c){const{status:h,tokens:f}=await c.initAsync(l,"syncTokensAsync",e);if(h==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:o};if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:o};if(!h||!f)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:o};if(f.issuedAt!==s.issuedAt){const y=D(e.refresh_time_before_tokens_expiration_in_second,f.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await c.getNonceAsync();return{tokens:f,status:y,nonce:_}}r=await c.getNonceAsync()}else{const h=P(t,e.storage??sessionStorage),{tokens:f,status:u}=await h.initAsync();if(f){if(u==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:o};if(f.issuedAt!==s.issuedAt){const _=D(e.refresh_time_before_tokens_expiration_in_second,f.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await h.getNonceAsync();return{tokens:f,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:o};r=await h.getNonceAsync()}const a=D(e.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return i?{tokens:s,status:"FORCE_REFRESH",nonce:r}:{tokens:s,status:a,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=Ye(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=Xe(this)(e),this.userInfoPromise.then(t=>(this.userInfoPromise=null,t)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=ue(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(t=>(this.renewTokensPromise=null,t))}async destroyAsync(e){return await Je(this)(e)}async logoutSameTabAsync(e,t){this.configuration.monitor_session&&this.configuration.client_id===e&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(this.publishEvent(m.logout_from_same_tab,{message:t}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,t){this.configuration.monitor_session&&this.configuration.client_id===e&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(e=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=He(this,C,this.getFetch(),window,console)(e,t),this.logoutPromise.then(s=>(this.logoutPromise=null,s)))}};L.getOrCreate=e=>(t,s="default")=>ze(e)(t,s),L.eventNames=m;let F=L;const M=class M{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,t){this._oidc.publishEvent(e,t)}static get(e="default"){return new M(F.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,t=null,s=!1,i=void 0,o=!1){return this._oidc.loginAsync(e,t,s,i,o)}logoutAsync(e=void 0,t=null){return this._oidc.logoutAsync(e,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async getValidTokenAsync(e=200,t=50){return Ae(this._oidc,e,t)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};M.getOrCreate=e=>(t,s="default")=>new M(F.getOrCreate(e)(t,s)),M.eventNames=F.eventNames;let ne=M;b.OidcClient=ne,b.TokenRenewMode=q,b.getFetchDefault=ge,b.getParseQueryStringFromLocation=B,b.getPath=Be,Object.defineProperty(b,Symbol.toStringTag,{value:"Module"})});
1
+ (function(b,j){typeof exports=="object"&&typeof module<"u"?j(exports):typeof define=="function"&&define.amd?define(["exports"],j):(b=typeof globalThis<"u"?globalThis:b||self,j(b["oidc-client"]={}))})(this,function(b){"use strict";const $=console;class ke{constructor(e,t,s,i=2e3,o=!0){this._callback=e,this._client_id=t,this._url=s,this._interval=i||2e3,this._stopOnError=o;const r=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?($.debug(e),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){$.debug("CheckSessionIFrame.start :"+e),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},P=(n,e=sessionStorage)=>{const t=k=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:k}),Promise.resolve()),s=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const k=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:k.tokens,status:k.status})},i=k=>{e[`oidc.${n}`]=JSON.stringify({tokens:k})},o=async k=>{e[`oidc.session_state.${n}`]=k},r=async()=>e[`oidc.session_state.${n}`],l=k=>{localStorage[`oidc.nonce.${n}`]=k.nonce},c=async()=>({nonce:localStorage[`oidc.nonce.${n}`]}),h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let a=null;return{clearAsync:t,initAsync:s,setTokens:i,getTokens:h,setSessionStateAsync:o,getSessionStateAsync:r,setNonceAsync:l,getNonceAsync:c,setLoginParams:(k,w)=>{a=w,e[`oidc.login.${k}`]=JSON.stringify(w)},getLoginParams:k=>{const w=e[`oidc.login.${k}`];return a||(a=JSON.parse(w)),a},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async k=>{e[`oidc.state.${n}`]=k},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async k=>{e[`oidc.code_verifier.${n}`]=k}}},me=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),pe=n=>JSON.parse(me(n.split(".")[1].replace("-","+").replace("_","/"))),te=n=>{try{return n&&we(n,".")===2?pe(n):null}catch(e){console.warn(e)}return null},we=(n,e)=>n.split(e).length-1,q={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"},se=(n,e=null,t)=>{if(!n)return null;let s;const i=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;if(n.issuedAt)typeof n.issuedAt=="string"&&(n.issuedAt=parseInt(n.issuedAt,10));else{const a=new Date().getTime()/1e3;n.issuedAt=a}n.accessTokenPayload!==void 0?s=n.accessTokenPayload:s=te(n.accessToken);const o=n.idTokenPayload?n.idTokenPayload:te(n.idToken),r=o&&o.exp?o.exp:Number.MAX_VALUE,l=s&&s.exp?s.exp:n.issuedAt+i;let c;n.expiresAt?c=n.expiresAt:t===q.access_token_invalid?c=l:t===q.id_token_invalid?c=r:c=r<l?r:l;const h={...n,idTokenPayload:o,accessTokenPayload:s,expiresAt:c};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const a=e.refreshToken;return{...h,refreshToken:a}}return h},H=(n,e,t)=>{if(!n)return null;if(!n.issued_at){const i=new Date().getTime()/1e3;n.issued_at=i}const s={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(s.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(s.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(s.idTokenPayload=n.idTokenPayload),se(s,e,t)},D=(n,e)=>{const t=new Date().getTime()/1e3;return Math.round(e-n-t)},X=n=>n?D(0,n.expiresAt)>0:!1,Ae=async(n,e=200,t=50)=>{let s=t;if(!n.tokens)return null;for(;!X(n.tokens)&&s>0;)await x(e),s=s-1;return{isTokensValid:X(n.tokens),tokens:n.tokens,numberWaited:s-t}},oe=(n,e,t)=>{if(n.idTokenPayload){const s=n.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:"Issuer does not match"};const i=new Date().getTime()/1e3;if(s.exp&&s.exp<i)return{isValid:!1,reason:"Token expired"};const o=60*60*24*7;if(s.iat&&s.iat+o<i)return{isValid:!1,reason:"Token is used from too long time"};if(s.nonce&&s.nonce!==e)return{isValid:!1,reason:"Nonce does not match"}}return{isValid:!0,reason:""}},V=function(){const n=function(){let c,h;const a=(function(){const f={},u={setTimeout:function(d,g,k){f[g]=setTimeout(function(){d.postMessage(g),f[g]=null},k)},setInterval:function(d,g,k){f[g]=setInterval(function(){d.postMessage(g)},k)},clearTimeout:function(d,g){clearTimeout(f[g]),f[g]=null},clearInterval:function(d,g){clearInterval(f[g]),f[g]=null}};function y(d,g){const k=g.data[0],w=g.data[1],S=g.data[2];u[k]&&u[k](d,w,S)}this.onmessage=function(d){y(self,d)},this.onconnect=function(d){const g=d.ports[0];g.onmessage=function(k){y(g,k)}}}).toString();try{const f=new Blob(["(",a,")()"],{type:"application/javascript"});h=URL.createObjectURL(f)}catch{return null}const _=typeof process>"u";try{if(SharedWorker)return c=new SharedWorker(h),c.port}catch{_&&console.warn("SharedWorker not available")}try{if(Worker)return c=new Worker(h),c}catch{_&&console.warn("Worker not available")}return null}();if(!n){const c=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(c),clearTimeout:clearTimeout.bind(c),setInterval:setInterval.bind(c),clearInterval:clearInterval.bind(c)}}const e=function(){let c=0;return function(){return c++,c}}(),t={},s={};n.onmessage=function(c){const h=c.data,a=t[h];if(a){a(),t[h]=null;return}const _=s[h];_&&_()};function i(c,h){const a=e();return n.postMessage(["setTimeout",a,h]),t[a]=c,a}function o(c){n.postMessage(["clearTimeout",c]),t[c]=null}function r(c,h){const a=e();return n.postMessage(["setInterval",a,h]),s[a]=c,a}function l(c){n.postMessage(["clearInterval",c]),s[c]=null}return{setTimeout:i,clearTimeout:o,setInterval:r,clearInterval:l}}(),ie="7.2.1",re=n=>{const e=n.appVersion,t=n.userAgent,s="-";let i=s;const o=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in o){const c=o[l];if(c.r.test(t)){i=c.s;break}}let r=s;switch(/Windows/.test(i)&&(r=/Windows (.*)/.exec(i)[1],i="Windows"),i){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=l[1]+"."+l[2]+"."+(parseInt(l[3])|0);break}}return{os:i,osVersion:r}};function ve(){const n=navigator.userAgent;let e,t=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(t[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let s=e[1];if(!s){const i=n.split(e[0]+"/");i.length>1&&(s=i[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&t.splice(1,1,e[1]),{name:t[0].toLowerCase(),version:t[1]}}let ae=null;const x=n=>new Promise(e=>V.setTimeout(e,n));let G;const ce=()=>{try{const e=re(navigator).os==="Android"?240:150;G=new AbortController,fetch(`/OidcKeepAliveServiceWorker.json?minSleepSeconds=${e}`,{signal:G.signal}).catch(s=>{console.log(s)}),x(e*1e3).then(ce)}catch(n){console.log(n)}},le=()=>{G&&G.abort()},Se=()=>fetch("/OidcKeepAliveServiceWorker.json",{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),Te=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),E=n=>e=>new Promise(function(t,s){const i=new MessageChannel;i.port1.onmessage=function(o){o.data&&o.data.error?s(o.data.error):t(o.data)},n.active.postMessage(e,[i.port2])}),O=async(n,e)=>{if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!n)return null;const{name:t,version:s}=ve();if(t==="chrome"&&parseInt(s)<90||t==="opera"&&(!s||parseInt(s.split(".")[0])<80)||t==="ie")return null;const i=re(navigator);if(Te(i))return null;const o=await navigator.serviceWorker.register(n);try{await navigator.serviceWorker.ready}catch{return null}const r=async p=>E(o)({type:"clear",data:{status:p},configurationName:e}),l=async(p,A,T)=>{const v=await E(o)({type:"init",data:{oidcServerConfiguration:p,where:A,oidcConfiguration:{token_renew_mode:T.token_renew_mode,service_worker_convert_all_requests_to_cors:T.service_worker_convert_all_requests_to_cors}},configurationName:e}),N=v.version;if(N!==ie)if(console.warn(`Service worker ${N} version mismatch with js client version ${ie}, unregistering and reloading`),T.service_worker_update_require_callback)await T.service_worker_update_require_callback(o,le);else{le(),await o.update();const W=await o.unregister();console.log(`Service worker unregistering ${W}`),await x(2e3),window.location.reload()}return{tokens:H(v.tokens,null,T.token_renew_mode),status:v.status}},c=()=>{ae==null&&(ae="not_null",ce())},h=p=>E(o)({type:"setSessionState",data:{sessionState:p},configurationName:e}),a=async()=>(await E(o)({type:"getSessionState",data:null,configurationName:e})).sessionState,_=p=>(sessionStorage["oidc.nonce"]=p.nonce,E(o)({type:"setNonce",data:{nonce:p},configurationName:e})),f=async()=>{let A=(await E(o)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage["oidc.nonce"],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let u=null;return{clearAsync:r,initAsync:l,startKeepAliveServiceWorker:c,isServiceWorkerProxyActiveAsync:Se,setSessionStateAsync:h,getSessionStateAsync:a,setNonceAsync:_,getNonceAsync:f,setLoginParams:(p,A)=>{u=A,localStorage[`oidc.login.${p}`]=JSON.stringify(A)},getLoginParams:p=>{const A=localStorage[`oidc.login.${p}`];return u||(u=JSON.parse(A)),u},getStateAsync:async()=>{let A=(await E(o)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async p=>(sessionStorage[`oidc.state.${e}`]=p,E(o)({type:"setState",data:{state:p},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await E(o)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async p=>(sessionStorage[`oidc.code_verifier.${e}`]=p,E(o)({type:"setCodeVerifier",data:{codeVerifier:p},configurationName:e}))}};async function ue(n,e,t=!1,s=null){const i=c=>{n.tokens=c},{tokens:o,status:r}=await n.synchroniseTokensAsync(e,0,t,s,i);if(await O(n.configuration.service_worker_relative_url,n.configurationName)||await P(n.configurationName,n.configuration.storage).setTokens(n.tokens),!n.tokens){await n.destroyAsync(r);return}return n.timeoutId&&(n.timeoutId=K(n,o.refreshToken,n.tokens.expiresAt,s)),n.tokens}const K=(n,e,t,s=null)=>{const i=n.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const r={timeLeft:D(i,t)};n.publishEvent(F.eventNames.token_timer,r),await ue(n,e,!1,s)},1e3)},z=(n,e,t)=>(s=null,i=null,o=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{t(m.silentLoginAsync_begin,{});let r="";if(i&&(s==null&&(s={}),s.state=i),o&&(s==null&&(s={}),s.scope=o),s!=null)for(const[_,f]of Object.entries(s))r===""?r=`?${encodeURIComponent(_)}=${encodeURIComponent(f)}`:r+=`&${encodeURIComponent(_)}=${encodeURIComponent(f)}`;const l=e.silent_login_uri+r,c=l.indexOf("/",l.indexOf("//")+2),h=l.substr(0,c),a=document.createElement("iframe");return a.width="0px",a.height="0px",a.id=`${n}_oidc_iframe`,a.setAttribute("src",l),document.body.appendChild(a),new Promise((_,f)=>{try{let u=!1;window.onmessage=d=>{if(d.origin===h&&d.source===a.contentWindow){const g=`${n}_oidc_tokens:`,k=`${n}_oidc_error:`,w=d.data;if(w&&typeof w=="string"&&!u){if(w.startsWith(g)){const S=JSON.parse(d.data.replace(g,""));t(m.silentLoginAsync_end,{}),a.remove(),u=!0,_(S)}else if(w.startsWith(k)){const S=JSON.parse(d.data.replace(k,""));t(m.silentLoginAsync_error,S),a.remove(),u=!0,f(new Error("oidc_"+S.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{u||(t(m.silentLoginAsync_error,{reason:"timeout"}),a.remove(),u=!0,f(new Error("timeout")))},y)}catch(u){a.remove(),t(m.silentLoginAsync_error,u),f(u)}})}catch(r){throw t(m.silentLoginAsync_error,r),r}},be=(n,e,t,s,i)=>(o=null,r=void 0)=>{o={...o};const l=(h,a,_)=>z(e,t,s.bind(i))(h,a,_);return(async()=>{i.timeoutId&&V.clearTimeout(i.timeoutId);let h;o&&"state"in o&&(h=o.state,delete o.state);try{const a=t.extras?{...t.extras,...o}:o,_=await l({...a,prompt:"none"},h,r);if(_)return i.tokens=_.tokens,s(m.token_aquired,{}),i.timeoutId=K(i,i.tokens.refreshToken,i.tokens.expiresAt,o),{}}catch(a){return a}})()},Ee=(n,e,t)=>(s,i,o,r=!1)=>{const l=(c,h=void 0,a=void 0)=>z(n.configurationName,t,n.publishEvent.bind(n))(c,h,a);return new Promise((c,h)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&o&&!r){const a=()=>{n.checkSessionIFrame.stop();const _=n.tokens;if(_===null)return;const f=_.idToken,u=_.idTokenPayload;return l({prompt:"none",id_token_hint:f,scope:t.scope||"openid"}).then(y=>{const d=y.tokens.idTokenPayload;if(u.sub===d.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),u.sid===d.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",d.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[d,g]of Object.entries(e))await g.logoutOtherTabAsync(t.client_id,u.sub)})};n.checkSessionIFrame=new ke(a,i,s),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(o),c(n.checkSessionIFrame)}).catch(_=>{h(_)})}else c(null)})};for(var Ie=Le,I=[],de="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",J=0,Pe=de.length;J<Pe;++J)I[J]=de[J];function Oe(n){return I[n>>18&63]+I[n>>12&63]+I[n>>6&63]+I[n&63]}function Ce(n,e,t){for(var s,i=[],o=e;o<t;o+=3)s=(n[o]<<16&16711680)+(n[o+1]<<8&65280)+(n[o+2]&255),i.push(Oe(s));return i.join("")}function Le(n){for(var e,t=n.length,s=t%3,i=[],o=16383,r=0,l=t-s;r<l;r+=o)i.push(Ce(n,r,r+o>l?l:r+o));return s===1?(e=n[t-1],i.push(I[e>>2]+I[e<<4&63]+"==")):s===2&&(e=(n[t-2]<<8)+n[t-1],i.push(I[e>>10]+I[e>>4&63]+I[e<<2&63]+"=")),i.join("")}const he=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},Y="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ne=n=>{const e=[];for(let t=0;t<n.byteLength;t+=1){const s=n[t]%Y.length;e.push(Y[s])}return e.join("")},We=n=>Ie(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),Q=n=>{const e=new Uint8Array(n),{hasCrypto:t}=he();if(t)window.crypto.getRandomValues(e);else for(let s=0;s<n;s+=1)e[s]=Math.random()*Y.length|0;return Ne(e)};function xe(n){const e=new ArrayBuffer(n.length),t=new Uint8Array(e);for(let s=0;s<n.length;s++)t[s]=n.charCodeAt(s);return t}const Fe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=he();return e?new Promise((t,s)=>{crypto.subtle.digest("SHA-256",xe(n)).then(i=>t(We(new Uint8Array(i))),i=>s(i))}):Promise.reject(new Error("window.crypto.subtle is unavailable."))},R={},$e=(n,e=window.sessionStorage,t)=>{if(!R[n]&&e){const i=e.getItem(n);i&&(R[n]=JSON.parse(i))}const s=1e3*t;return R[n]&&R[n].timestamp+s>Date.now()?R[n].result:null},Re=(n,e,t=window.sessionStorage)=>{const s=Date.now();R[n]={result:e,timestamp:s},t&&t.setItem(n,JSON.stringify({result:e,timestamp:s}))},Me=60*60,De=n=>async(e,t=Me,s=window.sessionStorage,i=1e4)=>{const o=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,l=$e(r,s,t);if(l)return new ee(l);const c=await U(n)(o,{},i);if(c.status!==200)return null;const h=await c.json();return Re(r,h,s),new ee(h)},U=n=>async(e,t={},s=1e4,i=0)=>{let o;try{const r=new AbortController;setTimeout(()=>r.abort(),s),o=await n(e,{...t,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(i<=1)return await U(n)(e,t,s,i+1);throw r}else throw console.error(r.message),r}return o},Z={refresh_token:"refresh_token",access_token:"access_token"},_e=n=>async(e,t,s=Z.refresh_token,i,o=1e4)=>{const r={token:t,token_type_hint:s,client_id:i},l=[];for(const a in r){const _=encodeURIComponent(a),f=encodeURIComponent(r[a]);l.push(`${_}=${f}`)}const c=l.join("&");return(await U(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:c},o)).status!==200?{success:!1}:{success:!0}},Ve=n=>async(e,t,s,i,o,r=1e4)=>{for(const[_,f]of Object.entries(s))t[_]===void 0&&(t[_]=f);const l=[];for(const _ in t){const f=encodeURIComponent(_),u=encodeURIComponent(t[_]);l.push(`${f}=${u}`)}const c=l.join("&"),h=await U(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:c},r);if(h.status!==200)return{success:!1,status:h.status};const a=await h.json();return{success:!0,data:H(a,i,o)}},Ke=n=>async(e,t)=>{t=t?{...t}:{};const s=Q(128),i=await Fe(s);await n.setCodeVerifierAsync(s),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let o="";if(t)for(const[r,l]of Object.entries(t))o===""?o+="?":o+="&",o+=`${r}=${encodeURIComponent(l)}`;window.location.href=`${e}${o}`},Ue=n=>async(e,t,s,i=1e4)=>{t=t?{...t}:{},t.code_verifier=await n.getCodeVerifierAsync();const o=[];for(const h in t){const a=encodeURIComponent(h),_=encodeURIComponent(t[h]);o.push(`${a}=${_}`)}const r=o.join("&"),l=await U(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:r},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),l.status!==200)return{success:!1,status:l.status};const c=await l.json();return{success:!0,data:{state:t.state,tokens:H(c,null,s)}}},fe=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let t=e[6],s=e[7];if(s){const i=s.split("?");i.length===2&&(s=i[0],t=i[1])}return t.startsWith("?")&&(t=t.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:t,hash:s}},Be=n=>{const e=fe(n);let{path:t}=e;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=e;return s==="#_=_"&&(s=""),s&&(t+=s),t},B=n=>{const e=fe(n),{search:t}=e;return je(t)},je=n=>{const e={};let t,s,i;const o=n.split("&");for(s=0,i=o.length;s<i;s++)t=o[s].split("="),e[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return e},qe=(n,e,t,s,i)=>(o=void 0,r=null,l=!1,c=void 0)=>{const h=r;return r={...r},(async()=>{const _=n.location,f=o||_.pathname+(_.search||"")+(_.hash||"");if("state"in r||(r.state=Q(16)),s(m.loginAsync_begin,{}),r)for(const u of Object.keys(r))u.endsWith(":token_request")&&delete r[u];try{const u=l?t.silent_redirect_uri:t.redirect_uri;c||(c=t.scope);const y=t.extras?{...t.extras,...r}:r;y.nonce||(y.nonce=Q(12));const d={nonce:y.nonce},g=await O(t.service_worker_relative_url,e),k=await i(t.authority,t.authority_configuration);let w;if(g)g.setLoginParams(e,{callbackPath:f,extras:h}),await g.initAsync(k,"loginAsync",t),await g.setNonceAsync(d),g.startKeepAliveServiceWorker(),w=g;else{const p=P(e,t.storage??sessionStorage);p.setLoginParams(e,{callbackPath:f,extras:h}),await p.setNonceAsync(d),w=p}const S={client_id:t.client_id,redirect_uri:u,scope:c,response_type:"code",...y};await Ke(w)(k.authorizationEndpoint,S)}catch(u){throw s(m.loginAsync_error,u),u}})()},Ge=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const t=n.configuration,s=t.client_id,i=e?t.silent_redirect_uri:t.redirect_uri,o=t.authority,r=t.token_request_timeout,l=await n.initAsync(o,t.authority_configuration),h=B(window.location.href).session_state,a=await O(t.service_worker_relative_url,n.configurationName);let _,f,u,y;if(a)await a.initAsync(l,"loginCallbackAsync",t),await a.setSessionStateAsync(h),f=await a.getNonceAsync(),u=a.getLoginParams(n.configurationName),y=await a.getStateAsync(),a.startKeepAliveServiceWorker(),_=a;else{const v=P(n.configurationName,t.storage??sessionStorage);await v.setSessionStateAsync(h),f=await v.getNonceAsync(),u=v.getLoginParams(n.configurationName),y=await v.getStateAsync(),_=v}const d=B(window.location.toString());if(d.iss&&d.iss!==l.issuer)throw console.error(),new Error(`issuer not valid (expected: ${l.issuer}, received: ${d.iss})`);if(d.state&&d.state!==y)throw new Error(`state not valid (expected: ${y}, received: ${d.state})`);const g={code:d.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:i},k={};if(t.token_request_extras)for(const[v,N]of Object.entries(t.token_request_extras))k[v]=N;if(u&&u.extras)for(const[v,N]of Object.entries(u.extras))v.endsWith(":token_request")&&(k[v.replace(":token_request","")]=N);const w=await Ue(_)(l.tokenEndpoint,{...g,...k},n.configuration.token_renew_mode,r);if(!w.success)throw new Error("Token request failed");let S;const p=w.data.tokens;if(a?(await a.initAsync(i,"syncTokensAsync",t),S=a.getLoginParams(n.configurationName)):S=P(n.configurationName,t.storage).getLoginParams(n.configurationName),w.data.state!==k.state)throw new Error("state is not valid");const{isValid:A,reason:T}=oe(p,f.nonce,l);if(!A)throw new Error(`Tokens are not OpenID valid, reason: ${T}`);return await n.startCheckSessionAsync(l.checkSessionIframe,s,h,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:p,state:"request.state",callbackPath:S.callbackPath}}catch(t){throw console.error(t),n.publishEvent(m.loginCallbackAsync_error,t),t}},ye={access_token:"access_token",refresh_token:"refresh_token"},Je=n=>async e=>{V.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const t=await O(n.configuration.service_worker_relative_url,n.configurationName);t?await t.clearAsync(e):await P(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},He=(n,e,t,s,i)=>async(o=void 0,r=null)=>{const l=n.configuration,c=await n.initAsync(l.authority,l.authority_configuration);o&&typeof o!="string"&&(o=void 0,i.warn("callbackPathOrUrl path is not a string"));const h=o??location.pathname+(location.search||"")+(location.hash||"");let a=!1;o&&(a=o.includes("https://")||o.includes("http://"));const _=a?o:s.location.origin+h,f=n.tokens?n.tokens.idToken:"";try{const y=c.revocationEndpoint;if(y){const d=[],g=n.tokens.accessToken;if(g&&l.logout_tokens_to_invalidate.includes(ye.access_token)){const w=_e(t)(y,g,Z.access_token,l.client_id);d.push(w)}const k=n.tokens.refreshToken;if(k&&l.logout_tokens_to_invalidate.includes(ye.refresh_token)){const w=_e(t)(y,k,Z.refresh_token,l.client_id);d.push(w)}d.length>0&&await Promise.all(d)}}catch(y){i.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),i.warn(y)}const u=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,d]of Object.entries(e))d!==n&&await n.logoutSameTabAsync(n.configuration.client_id,u);if(c.endSessionEndpoint){r||(r={id_token_hint:f},o!==null&&(r.post_logout_redirect_uri=_));let y="";if(r)for(const[d,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${d}=${encodeURIComponent(g)}`;s.location.href=`${c.endSessionEndpoint}${y}`}else s.location.reload()},Xe=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!X(n.tokens);)await x(200);if(!n.tokens)return null;const t=n.tokens.accessToken;if(!t)return null;const i=(await n.initAsync(n.configuration.authority,n.configuration.authority_configuration)).userInfoEndpoint,r=await(async l=>{const c=await fetch(i,{headers:{authorization:`Bearer ${l}`}});return c.status!==200?null:c.json()})(t);return n.userInfo=r,r},ge=()=>fetch;class ee{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const C={},ze=n=>(e,t="default")=>(C[t]||(C[t]=new F(e,t,n)),C[t]),Ye=async n=>{const{parsedTokens:e,callbackPath:t}=await n.loginCallbackAsync();return n.timeoutId=K(n,e.refreshToken,e.expiresAt),{callbackPath:t}},Qe=n=>Math.floor(Math.random()*n),L=class L{constructor(e,t="default",s){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let o=e.refresh_time_before_tokens_expiration_in_second??120;o>60&&(o=o-Math.floor(Math.random()*40)),e.logout_tokens_to_invalidate||(e.logout_tokens_to_invalidate=["access_token","refresh_token"]),e.authority_timeout_wellknowurl_in_millisecond||(e.authority_timeout_wellknowurl_in_millisecond=1e4),this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:o,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??q.access_token_or_id_token_invalid},this.getFetch=s??ge,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const t=Qe(9999999999999).toString();return this.events.push({id:t,func:e}),t}removeEventSubscription(e){const t=this.events.filter(s=>s.id!==e);this.events=t}publishEvent(e,t){this.events.forEach(s=>{s.func(e,t)})}static get(e="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(C,e)&&t)throw Error(`OIDC library does seem initialized.
2
+ Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return C[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=B(window.location.href);window.top.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:e.session_state})}`,window.location.origin)}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=B(window.location.href);window.top.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:e.error})}`,window.location.origin)}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new ee({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const o=await O(this.configuration.service_worker_relative_url,this.configurationName)?window.localStorage:null;return await De(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,o,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.then(i=>(this.initPromise=null,i))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let t;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=this.configuration,i=await this.initAsync(s.authority,s.authority_configuration);if(t=await O(s.service_worker_relative_url,this.configurationName),t){const{tokens:o}=await t.initAsync(i,"tryKeepExistingSessionAsync",s);if(o){t.startKeepAliveServiceWorker(),this.tokens=o;const r=t.getLoginParams(this.configurationName);this.timeoutId=K(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const l=await t.getSessionStateAsync();return await this.startCheckSessionAsync(i.check_session_iframe,s.client_id,l),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=P(this.configurationName,s.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){this.tokens=se(r,null,s.token_renew_mode);const l=o.getLoginParams(this.configurationName);this.timeoutId=K(this,r.refreshToken,this.tokens.expiresAt,l.extras);const c=await o.getSessionStateAsync();return await this.startCheckSessionAsync(i.check_session_iframe,s.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:t?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),t&&await t.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(t=>(this.tryKeepExistingSessionPromise=null,t))}async startCheckSessionAsync(e,t,s,i=!1){await Ee(this,C,this.configuration)(e,t,s,i)}async loginAsync(e=void 0,t=null,s=!1,i=void 0,o=!1){return this.loginPromise!==null?this.loginPromise:o?be(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,i):(this.loginPromise=qe(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this))(e,t,s,i),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await Ge(this)(e),i=s.tokens;return this.tokens=i,await O(this.configuration.service_worker_relative_url,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(i),this.publishEvent(L.eventNames.token_aquired,i),{parsedTokens:i,state:s.state,callbackPath:s.callbackPath}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.then(s=>(this.loginCallbackPromise=null,s))}async synchroniseTokensAsync(e,t=0,s=!1,i=null,o){for(;!navigator.onLine&&document.hidden;)await x(1e3),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await x(1e3),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});let l=Math.floor(Math.random()*15)+10;for(;document.hidden&&l>0;)await x(1e3),l--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is hidden try ${l}`});const h=document.hidden?t:t+1;i||(i={});const a=this.configuration,_=(u,y,d=null)=>z(this.configurationName,this.configuration,this.publishEvent.bind(this))(u,y,d),f=async()=>{try{let u;const y=await O(a.service_worker_relative_url,this.configurationName);y?u=y.getLoginParams(this.configurationName):u=P(this.configurationName,a.storage).getLoginParams(this.configurationName);const d=await _({...u.extras,...i,prompt:"none"},u.state);if(d)return o(d.tokens),this.publishEvent(L.eventNames.token_renewed,{}),{tokens:d.tokens,status:"LOGGED"}}catch(u){if(console.error(u),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:u.message}),u&&u.message&&u.message.startsWith("oidc"))return o(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,h,s,i,o)};if(t>4)return o(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:u,tokens:y,nonce:d}=await this.syncTokensInfoAsync(a,this.configurationName,this.tokens,s);switch(u){case"SESSION_LOST":return o(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return o(null),{tokens:null,status:null};case"TOKENS_VALID":return o(y),{tokens:y,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return o(y),this.publishEvent(L.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:y,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return o(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:u,tryNumber:t}),await f();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:u,tryNumber:t}),!e)return await f();const g=a.client_id,k=a.redirect_uri,w=a.authority,p={...a.token_request_extras?a.token_request_extras:{}};for(const[T,v]of Object.entries(i))T.endsWith(":token_request")&&(p[T.replace(":token_request","")]=v);return await(async()=>{const T={client_id:g,redirect_uri:k,grant_type:"refresh_token",refresh_token:y.refreshToken},v=await this.initAsync(w,a.authority_configuration),N=document.hidden?1e4:3e4*10,W=await Ve(this.getFetch())(v.tokenEndpoint,T,p,y,a.token_renew_mode,N);if(W.success){const{isValid:Ze,reason:en}=oe(W.data,d.nonce,v);return Ze?(o(W.data),this.publishEvent(m.refreshTokensAsync_end,{success:W.success}),this.publishEvent(L.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:W.data,status:"LOGGED_IN"}):(o(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${en}`}),{tokens:null,status:"SESSION_LOST"})}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:W}),await this.synchroniseTokensAsync(e,h,s,i,o)})()}}}catch(u){return console.error(u),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:u.message}),this.synchroniseTokensAsync(e,h,s,i,o)}}async syncTokensInfoAsync(e,t,s,i=!1){const o={nonce:null};if(!s)return{tokens:null,status:"NOT_CONNECTED",nonce:o};let r=o;const l=await this.initAsync(e.authority,e.authority_configuration),c=await O(e.service_worker_relative_url,t);if(c){const{status:_,tokens:f}=await c.initAsync(l,"syncTokensAsync",e);if(_==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:o};if(_==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:o};if(!_||!f)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:o};if(f.issuedAt!==s.issuedAt){const y=D(e.refresh_time_before_tokens_expiration_in_second,f.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",d=await c.getNonceAsync();return{tokens:f,status:y,nonce:d}}r=await c.getNonceAsync()}else{const _=P(t,e.storage??sessionStorage),{tokens:f,status:u}=await _.initAsync();if(f){if(u==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:o};if(f.issuedAt!==s.issuedAt){const d=D(e.refresh_time_before_tokens_expiration_in_second,f.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await _.getNonceAsync();return{tokens:f,status:d,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:o};r=await _.getNonceAsync()}const a=D(e.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return i?{tokens:s,status:"FORCE_REFRESH",nonce:r}:{tokens:s,status:a,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=Ye(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=Xe(this)(e),this.userInfoPromise.then(t=>(this.userInfoPromise=null,t)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=ue(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(t=>(this.renewTokensPromise=null,t))}async destroyAsync(e){return await Je(this)(e)}async logoutSameTabAsync(e,t){this.configuration.monitor_session&&this.configuration.client_id===e&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(this.publishEvent(m.logout_from_same_tab,{message:t}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,t){this.configuration.monitor_session&&this.configuration.client_id===e&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(e=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=He(this,C,this.getFetch(),window,console)(e,t),this.logoutPromise.then(s=>(this.logoutPromise=null,s)))}};L.getOrCreate=e=>(t,s="default")=>ze(e)(t,s),L.eventNames=m;let F=L;const M=class M{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,t){this._oidc.publishEvent(e,t)}static get(e="default"){return new M(F.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,t=null,s=!1,i=void 0,o=!1){return this._oidc.loginAsync(e,t,s,i,o)}logoutAsync(e=void 0,t=null){return this._oidc.logoutAsync(e,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async getValidTokenAsync(e=200,t=50){return Ae(this._oidc,e,t)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};M.getOrCreate=e=>(t,s="default")=>new M(F.getOrCreate(e)(t,s)),M.eventNames=F.eventNames;let ne=M;b.OidcClient=ne,b.TokenRenewMode=q,b.getFetchDefault=ge,b.getParseQueryStringFromLocation=B,b.getPath=Be,Object.defineProperty(b,Symbol.toStringTag,{value:"Module"})});
package/dist/version.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- declare const _default: "7.1.0";
1
+ declare const _default: "7.2.1";
2
2
  export default _default;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client",
3
- "version": "7.1.0",
3
+ "version": "7.2.1",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "main": "./dist/index.umd.cjs",
@@ -17,10 +17,10 @@
17
17
  ],
18
18
  "repository": {
19
19
  "type": "git",
20
- "url": "https://github.com/AxaGuilDEv/react-oidc.git"
20
+ "url": "https://github.com/AxaFrance/oidc-client.git"
21
21
  },
22
22
  "dependencies": {
23
- "@axa-fr/oidc-client-service-worker": "7.1.0"
23
+ "@axa-fr/oidc-client-service-worker": "7.2.1"
24
24
  },
25
25
  "devDependencies": {
26
26
  "@testing-library/dom": "^9.3.1",
@@ -50,7 +50,7 @@
50
50
  "build": "tsc && vite build",
51
51
  "test": "vitest --root . --coverage",
52
52
  "prepare": "pnpm run clean && pnpm run copy-service-worker && pnpm run build",
53
- "postinstall": "node ./bin/post-install.mjs"
53
+ "postinstall": "echo 'WARNING keep sink OidcServiceWorker.js version file'"
54
54
  },
55
55
  "license": "MIT",
56
56
  "publishConfig": {
package/src/login.ts CHANGED
@@ -107,10 +107,11 @@ export const loginCallbackAsync = (oidc) => async (isSilentSignin = false) => {
107
107
  const params = getParseQueryStringFromLocation(window.location.toString());
108
108
 
109
109
  if (params.iss && params.iss !== oidcServerConfiguration.issuer) {
110
- throw new Error('issuer not valid');
110
+ console.error();
111
+ throw new Error(`issuer not valid (expected: ${oidcServerConfiguration.issuer}, received: ${params.iss})`);
111
112
  }
112
113
  if (params.state && params.state !== state) {
113
- throw new Error('state not valid');
114
+ throw new Error(`state not valid (expected: ${state}, received: ${params.state})`);
114
115
  }
115
116
 
116
117
  const data = {
package/src/version.ts CHANGED
@@ -1 +1 @@
1
- export default '7.1.0';
1
+ export default '7.2.1';