@axa-fr/oidc-client 7.12.12 → 7.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -2
- package/dist/index.js +50 -49
- package/dist/index.umd.cjs +2 -2
- package/dist/initWorker.d.ts +3 -1
- package/dist/types.d.ts +2 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/initWorker.ts +9 -4
- package/src/oidc.ts +3 -3
- package/src/parseTokens.ts +1 -1
- package/src/types.ts +2 -0
- package/src/user.ts +1 -1
- package/src/version.ts +1 -1
package/README.md
CHANGED
|
@@ -194,9 +194,10 @@ const configuration = {
|
|
|
194
194
|
refresh_time_before_tokens_expiration_in_second: Number, // default is 120 seconds
|
|
195
195
|
service_worker_relative_url: String,
|
|
196
196
|
service_worker_keep_alive_path: String, // default is "/"
|
|
197
|
-
service_worker_only: Boolean, // default false
|
|
198
|
-
service_worker_activate: () => boolean, // you can take the control of the service worker default activation which use user agent string
|
|
197
|
+
service_worker_only: Boolean, // default false, if true, the user will not be able to login if the service worker is not available on its browser
|
|
198
|
+
service_worker_activate: () => boolean, // you can take the control of the service worker default activation which use user agent string, if return false, the service worker mode will not be used
|
|
199
199
|
service_worker_update_require_callback: (registration:any, stopKeepAlive:Function) => Promise<void>, // callback called when service worker need to be updated, you can take the control of the update process
|
|
200
|
+
service_worker_register: (url: string) => Promise<ServiceWorkerRegistration>, // Optional, you can take the control of the service worker registration
|
|
200
201
|
extras: StringMap | undefined, // ex: {'prompt': 'consent', 'access_type': 'offline'} list of key/value that is sent to the OIDC server (more info: https://github.com/openid/AppAuth-JS)
|
|
201
202
|
token_request_extras: StringMap | undefined, // ex: {'prompt': 'consent', 'access_type': 'offline'} list of key/value that is sent to the OIDC server during token request (more info: https://github.com/openid/AppAuth-JS)
|
|
202
203
|
authority_time_cache_wellknowurl_in_second: 60 * 60, // Time to cache in seconds of the openid well-known URL, default is 1 hour
|
package/dist/index.js
CHANGED
|
@@ -160,7 +160,7 @@ const _e = (s, e = null, n) => {
|
|
|
160
160
|
if (!s.tokens)
|
|
161
161
|
return null;
|
|
162
162
|
for (; !z(s.tokens) && t > 0; )
|
|
163
|
-
await D(e), t = t - 1;
|
|
163
|
+
await D({ milliseconds: e }), t = t - 1;
|
|
164
164
|
return {
|
|
165
165
|
isTokensValid: z(s.tokens),
|
|
166
166
|
tokens: s.tokens,
|
|
@@ -186,15 +186,15 @@ const _e = (s, e = null, n) => {
|
|
|
186
186
|
let a, f;
|
|
187
187
|
const l = (function() {
|
|
188
188
|
const d = {}, h = {
|
|
189
|
-
setTimeout: function(_, g,
|
|
189
|
+
setTimeout: function(_, g, v) {
|
|
190
190
|
d[g] = setTimeout(function() {
|
|
191
191
|
_.postMessage(g), d[g] = null;
|
|
192
|
-
},
|
|
192
|
+
}, v);
|
|
193
193
|
},
|
|
194
|
-
setInterval: function(_, g,
|
|
194
|
+
setInterval: function(_, g, v) {
|
|
195
195
|
d[g] = setInterval(function() {
|
|
196
196
|
_.postMessage(g);
|
|
197
|
-
},
|
|
197
|
+
}, v);
|
|
198
198
|
},
|
|
199
199
|
clearTimeout: function(_, g) {
|
|
200
200
|
clearTimeout(d[g]), d[g] = null;
|
|
@@ -204,15 +204,15 @@ const _e = (s, e = null, n) => {
|
|
|
204
204
|
}
|
|
205
205
|
};
|
|
206
206
|
function y(_, g) {
|
|
207
|
-
const
|
|
208
|
-
h[
|
|
207
|
+
const v = g.data[0], S = g.data[1], T = g.data[2];
|
|
208
|
+
h[v] && h[v](_, S, T);
|
|
209
209
|
}
|
|
210
210
|
this.onmessage = function(_) {
|
|
211
211
|
y(self, _);
|
|
212
212
|
}, this.onconnect = function(_) {
|
|
213
213
|
const g = _.ports[0];
|
|
214
|
-
g.onmessage = function(
|
|
215
|
-
y(g,
|
|
214
|
+
g.onmessage = function(v) {
|
|
215
|
+
y(g, v);
|
|
216
216
|
};
|
|
217
217
|
};
|
|
218
218
|
}).toString();
|
|
@@ -281,13 +281,13 @@ const _e = (s, e = null, n) => {
|
|
|
281
281
|
setInterval: r,
|
|
282
282
|
clearInterval: c
|
|
283
283
|
};
|
|
284
|
-
}(), ae = "7.
|
|
284
|
+
}(), ae = "7.13.0";
|
|
285
285
|
let ce = null, j;
|
|
286
|
-
const D = (s) => new Promise((e) => J.setTimeout(e, s)), ge = (s = "/") => {
|
|
286
|
+
const D = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ge = (s = "/") => {
|
|
287
287
|
try {
|
|
288
288
|
j = new AbortController(), fetch(`${s}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: j.signal }).catch((t) => {
|
|
289
289
|
console.log(t);
|
|
290
|
-
}), D(150 * 1e3).then(ge);
|
|
290
|
+
}), D({ milliseconds: 150 * 1e3 }).then(ge);
|
|
291
291
|
} catch (e) {
|
|
292
292
|
console.log(e);
|
|
293
293
|
}
|
|
@@ -302,7 +302,7 @@ const D = (s) => new Promise((e) => J.setTimeout(e, s)), ge = (s = "/") => {
|
|
|
302
302
|
}), $e = (s) => async (e, n) => {
|
|
303
303
|
n(), await e.update();
|
|
304
304
|
const t = await e.unregister();
|
|
305
|
-
console.log(`Service worker unregistering ${t}`), await D(2e3), s.reload();
|
|
305
|
+
console.log(`Service worker unregistering ${t}`), await D({ milliseconds: 2e3 }), s.reload();
|
|
306
306
|
}, b = (s) => (e) => new Promise(function(n, t) {
|
|
307
307
|
const o = new MessageChannel();
|
|
308
308
|
o.port1.onmessage = function(i) {
|
|
@@ -312,7 +312,8 @@ const D = (s) => new Promise((e) => J.setTimeout(e, s)), ge = (s = "/") => {
|
|
|
312
312
|
const n = s.service_worker_relative_url;
|
|
313
313
|
if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n || s.service_worker_activate() === !1)
|
|
314
314
|
return null;
|
|
315
|
-
|
|
315
|
+
let t = null;
|
|
316
|
+
s.register ? t = await s.service_worker_register(n) : t = await navigator.serviceWorker.register(n);
|
|
316
317
|
try {
|
|
317
318
|
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await b(t)({ type: "claim" });
|
|
318
319
|
} catch {
|
|
@@ -409,13 +410,13 @@ const K = (s, e, n, t = null) => {
|
|
|
409
410
|
let h = !1;
|
|
410
411
|
window.onmessage = (_) => {
|
|
411
412
|
if (_.origin === f && _.source === l.contentWindow) {
|
|
412
|
-
const g = `${s}_oidc_tokens:`,
|
|
413
|
-
if (
|
|
414
|
-
if (
|
|
413
|
+
const g = `${s}_oidc_tokens:`, v = `${s}_oidc_error:`, S = _.data;
|
|
414
|
+
if (S && typeof S == "string" && !h) {
|
|
415
|
+
if (S.startsWith(g)) {
|
|
415
416
|
const T = JSON.parse(_.data.replace(g, ""));
|
|
416
417
|
n(m.silentLoginAsync_end, {}), l.remove(), h = !0, u(T);
|
|
417
|
-
} else if (
|
|
418
|
-
const T = JSON.parse(_.data.replace(
|
|
418
|
+
} else if (S.startsWith(v)) {
|
|
419
|
+
const T = JSON.parse(_.data.replace(v, ""));
|
|
419
420
|
n(m.silentLoginAsync_error, T), l.remove(), h = !0, d(new Error("oidc_" + T.error));
|
|
420
421
|
}
|
|
421
422
|
}
|
|
@@ -701,7 +702,7 @@ const He = (s) => {
|
|
|
701
702
|
function Ae(s) {
|
|
702
703
|
return new TextEncoder().encode(s);
|
|
703
704
|
}
|
|
704
|
-
function
|
|
705
|
+
function ve(s) {
|
|
705
706
|
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
|
|
706
707
|
}
|
|
707
708
|
function ns(s) {
|
|
@@ -709,14 +710,14 @@ function ns(s) {
|
|
|
709
710
|
return String.fromCharCode(parseInt(o, 16));
|
|
710
711
|
});
|
|
711
712
|
}
|
|
712
|
-
function
|
|
713
|
+
function Se(s) {
|
|
713
714
|
let e = "";
|
|
714
715
|
return s.forEach(function(n) {
|
|
715
716
|
e += String.fromCharCode(n);
|
|
716
|
-
}),
|
|
717
|
+
}), ve(e);
|
|
717
718
|
}
|
|
718
719
|
function de(s) {
|
|
719
|
-
return
|
|
720
|
+
return ve(ns(s));
|
|
720
721
|
}
|
|
721
722
|
var Te = {};
|
|
722
723
|
Te.sign = (s, e, n, t = "dpop+jwt") => {
|
|
@@ -736,7 +737,7 @@ Te.sign = (s, e, n, t = "dpop+jwt") => {
|
|
|
736
737
|
return window.crypto.subtle.importKey("jwk", s, i, r, c).then(function(a) {
|
|
737
738
|
const f = Ae(o.protected + "." + o.payload), l = { name: "ECDSA", hash: { name: "SHA-256" } };
|
|
738
739
|
return window.crypto.subtle.sign(l, a, f).then(function(u) {
|
|
739
|
-
return o.signature =
|
|
740
|
+
return o.signature = Se(new Uint8Array(u)), o.protected + "." + o.payload + "." + o.signature;
|
|
740
741
|
});
|
|
741
742
|
});
|
|
742
743
|
};
|
|
@@ -758,7 +759,7 @@ var be = {};
|
|
|
758
759
|
be.thumbprint = function(s) {
|
|
759
760
|
const e = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", s.crv).replace("X", s.x).replace("Y", s.y);
|
|
760
761
|
return window.crypto.subtle.digest({ name: "SHA-256" }, Ae(e)).then(function(n) {
|
|
761
|
-
return
|
|
762
|
+
return Se(new Uint8Array(n));
|
|
762
763
|
});
|
|
763
764
|
};
|
|
764
765
|
const ts = function() {
|
|
@@ -798,21 +799,21 @@ const ts = function() {
|
|
|
798
799
|
const h = e.extras ? { ...e.extras, ...r } : r;
|
|
799
800
|
h.nonce || (h.nonce = Z(12));
|
|
800
801
|
const y = { nonce: h.nonce }, _ = await E(e, s), g = await t(e.authority, e.authority_configuration);
|
|
801
|
-
let
|
|
802
|
+
let v;
|
|
802
803
|
if (_)
|
|
803
|
-
_.setLoginParams({ callbackPath: u, extras: f }), await _.initAsync(g, "loginAsync", e), await _.setNonceAsync(y), _.startKeepAliveServiceWorker(),
|
|
804
|
+
_.setLoginParams({ callbackPath: u, extras: f }), await _.initAsync(g, "loginAsync", e), await _.setNonceAsync(y), _.startKeepAliveServiceWorker(), v = _;
|
|
804
805
|
else {
|
|
805
806
|
const T = O(s, e.storage ?? sessionStorage);
|
|
806
|
-
T.setLoginParams({ callbackPath: u, extras: f }), await T.setNonceAsync(y),
|
|
807
|
+
T.setLoginParams({ callbackPath: u, extras: f }), await T.setNonceAsync(y), v = T;
|
|
807
808
|
}
|
|
808
|
-
const
|
|
809
|
+
const S = {
|
|
809
810
|
client_id: e.client_id,
|
|
810
811
|
redirect_uri: d,
|
|
811
812
|
scope: a,
|
|
812
813
|
response_type: "code",
|
|
813
814
|
...h
|
|
814
815
|
};
|
|
815
|
-
await Ze(
|
|
816
|
+
await Ze(v, o)(g.authorizationEndpoint, S);
|
|
816
817
|
} catch (d) {
|
|
817
818
|
throw n(m.loginAsync_error, d), d;
|
|
818
819
|
}
|
|
@@ -833,18 +834,18 @@ const ts = function() {
|
|
|
833
834
|
throw console.error(), new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);
|
|
834
835
|
if (g.state && g.state !== _)
|
|
835
836
|
throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);
|
|
836
|
-
const
|
|
837
|
+
const v = {
|
|
837
838
|
code: g.code,
|
|
838
839
|
grant_type: "authorization_code",
|
|
839
840
|
client_id: n.client_id,
|
|
840
841
|
redirect_uri: o
|
|
841
|
-
},
|
|
842
|
+
}, S = {};
|
|
842
843
|
if (n.token_request_extras)
|
|
843
844
|
for (const [A, R] of Object.entries(n.token_request_extras))
|
|
844
|
-
|
|
845
|
+
S[A] = R;
|
|
845
846
|
if (y && y.extras)
|
|
846
847
|
for (const [A, R] of Object.entries(y.extras))
|
|
847
|
-
A.endsWith(":token_request") && (
|
|
848
|
+
A.endsWith(":token_request") && (S[A.replace(":token_request", "")] = R);
|
|
848
849
|
const T = c.tokenEndpoint, W = {};
|
|
849
850
|
if (n.demonstrating_proof_of_possession) {
|
|
850
851
|
const A = await os();
|
|
@@ -852,7 +853,7 @@ const ts = function() {
|
|
|
852
853
|
}
|
|
853
854
|
const p = await es(d)(
|
|
854
855
|
T,
|
|
855
|
-
{ ...
|
|
856
|
+
{ ...v, ...S },
|
|
856
857
|
W,
|
|
857
858
|
s.configuration.token_renew_mode,
|
|
858
859
|
r
|
|
@@ -861,7 +862,7 @@ const ts = function() {
|
|
|
861
862
|
throw new Error("Token request failed");
|
|
862
863
|
let k;
|
|
863
864
|
const w = p.data.tokens, P = p.data.demonstratingProofOfPossessionNonce;
|
|
864
|
-
if (p.data.state !==
|
|
865
|
+
if (p.data.state !== S.state)
|
|
865
866
|
throw new Error("state is not valid");
|
|
866
867
|
const { isValid: C, reason: L } = ye(w, h.nonce, c);
|
|
867
868
|
if (!C)
|
|
@@ -905,13 +906,13 @@ const ts = function() {
|
|
|
905
906
|
if (y) {
|
|
906
907
|
const _ = [], g = s.tokens ? s.tokens.accessToken : null;
|
|
907
908
|
if (g && c.logout_tokens_to_invalidate.includes(fe.access_token)) {
|
|
908
|
-
const
|
|
909
|
-
_.push(
|
|
909
|
+
const S = ue(n)(y, g, ee.access_token, c.client_id);
|
|
910
|
+
_.push(S);
|
|
910
911
|
}
|
|
911
|
-
const
|
|
912
|
-
if (
|
|
913
|
-
const
|
|
914
|
-
_.push(
|
|
912
|
+
const v = s.tokens ? s.tokens.refreshToken : null;
|
|
913
|
+
if (v && c.logout_tokens_to_invalidate.includes(fe.refresh_token)) {
|
|
914
|
+
const S = ue(n)(y, v, ee.refresh_token, c.client_id);
|
|
915
|
+
_.push(S);
|
|
915
916
|
}
|
|
916
917
|
_.length > 0 && await Promise.all(_);
|
|
917
918
|
}
|
|
@@ -937,7 +938,7 @@ const ts = function() {
|
|
|
937
938
|
if (s.userInfo != null && !e)
|
|
938
939
|
return s.userInfo;
|
|
939
940
|
for (; s.tokens && !z(s.tokens); )
|
|
940
|
-
await D(200);
|
|
941
|
+
await D({ milliseconds: 200 });
|
|
941
942
|
if (!s.tokens)
|
|
942
943
|
return null;
|
|
943
944
|
const n = s.tokens.accessToken;
|
|
@@ -1210,13 +1211,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1210
1211
|
}
|
|
1211
1212
|
async synchroniseTokensAsync(e, n = 0, t = !1, o = null, i) {
|
|
1212
1213
|
for (; !navigator.onLine && document.hidden; )
|
|
1213
|
-
await D(1e3), this.publishEvent(m.refreshTokensAsync, { message: "wait because navigator is offline and hidden" });
|
|
1214
|
+
await D({ milliseconds: 1e3 }), this.publishEvent(m.refreshTokensAsync, { message: "wait because navigator is offline and hidden" });
|
|
1214
1215
|
let r = 6;
|
|
1215
1216
|
for (; !navigator.onLine && r > 0; )
|
|
1216
|
-
await D(1e3), r--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
|
|
1217
|
+
await D({ milliseconds: 1e3 }), r--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
|
|
1217
1218
|
let c = Math.floor(Math.random() * 15) + 10;
|
|
1218
1219
|
for (; document.hidden && c > 0; )
|
|
1219
|
-
await D(1e3), c--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is hidden try ${c}` });
|
|
1220
|
+
await D({ milliseconds: 1e3 }), c--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is hidden try ${c}` });
|
|
1220
1221
|
const f = document.hidden ? n : n + 1;
|
|
1221
1222
|
o || (o = {});
|
|
1222
1223
|
const l = this.configuration, u = (h, y, _ = null) => te(this.configurationName, this.configuration, this.publishEvent.bind(this))(h, y, _), d = async () => {
|
|
@@ -1257,16 +1258,16 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1257
1258
|
default: {
|
|
1258
1259
|
if (this.publishEvent(m.refreshTokensAsync_begin, { refreshToken: e, status: h, tryNumber: n }), !e)
|
|
1259
1260
|
return await d();
|
|
1260
|
-
const g = l.client_id,
|
|
1261
|
+
const g = l.client_id, v = l.redirect_uri, S = l.authority, W = { ...l.token_request_extras ? l.token_request_extras : {} };
|
|
1261
1262
|
for (const [k, w] of Object.entries(o))
|
|
1262
1263
|
k.endsWith(":token_request") && (W[k.replace(":token_request", "")] = w);
|
|
1263
1264
|
return await (async () => {
|
|
1264
1265
|
const k = {
|
|
1265
1266
|
client_id: g,
|
|
1266
|
-
redirect_uri:
|
|
1267
|
+
redirect_uri: v,
|
|
1267
1268
|
grant_type: "refresh_token",
|
|
1268
1269
|
refresh_token: y.refreshToken
|
|
1269
|
-
}, w = await this.initAsync(
|
|
1270
|
+
}, w = await this.initAsync(S, l.authority_configuration), P = document.hidden ? 1e4 : 3e4 * 10, C = w.tokenEndpoint, L = {};
|
|
1270
1271
|
l.demonstrating_proof_of_possession && (L.DPoP = await this.generateDemonstrationOfProofOfPossessionAsync(y.accessToken, C, "POST"));
|
|
1271
1272
|
const A = await Qe(this.getFetch())(
|
|
1272
1273
|
C,
|
package/dist/index.umd.cjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(E,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(E=typeof globalThis<"u"?globalThis:E||self,G(E["oidc-client"]={}))})(this,function(E){"use strict";const F=console;class Ce{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(F.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(F.debug(e),F.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):F.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){F.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(F.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},P=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},f=()=>JSON.parse(e[`oidc.jwk.${n}`]),l=async()=>({nonce:e[`oidc.nonce.${n}`]}),u=async p=>{e[`oidc.dpop_nonce.${n}`]=p},d=()=>e[`oidc.dpop_nonce.${n}`],h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:l,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:u,getDemonstratingProofOfPossessionNonce:d,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:f}},xe=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Ne=n=>JSON.parse(xe(n.split(".")[1].replace("-","+").replace("_","/"))),ce=n=>{try{return n&&We(n,".")===2?Ne(n):null}catch(e){console.warn(e)}return null},We=(n,e)=>n.split(e).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const le=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=ce(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:ce(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=Le(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===X.access_token_invalid?a=c:s===X.id_token_invalid?a=r:a=r<c?r:c;const f={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const l=e.refreshToken;return{...f,refreshToken:l}}return f},Z=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),le(t,e,s)},K=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ee=n=>n?K(0,n.expiresAt)>0:!1,De=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ee(n.tokens)&&t>0;)await L(e),t=t-1;return{isTokensValid:ee(n.tokens),tokens:n.tokens,numberWaited:t-s}},ue=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},J=function(){const n=function(){let a,f;const l=(function(){const d={},h={setTimeout:function(_,g,S){d[g]=setTimeout(function(){_.postMessage(g),d[g]=null},S)},setInterval:function(_,g,S){d[g]=setInterval(function(){_.postMessage(g)},S)},clearTimeout:function(_,g){clearTimeout(d[g]),d[g]=null},clearInterval:function(_,g){clearInterval(d[g]),d[g]=null}};function y(_,g){const S=g.data[0],v=g.data[1],T=g.data[2];h[S]&&h[S](_,v,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(S){y(g,S)}}}).toString();try{const d=new Blob(["(",l,")()"],{type:"application/javascript"});f=URL.createObjectURL(d)}catch{return null}const u=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(f),a.port}catch{u&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(f),a}catch{u&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const f=a.data,l=s[f];if(l){l(),s[f]=null;return}const u=t[f];u&&u()};function o(a,f){const l=e();return n.postMessage(["setTimeout",l,f]),s[l]=a,l}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,f){const l=e();return n.postMessage(["setInterval",l,f]),t[l]=a,l}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.12.12";let fe=null,Y;const L=n=>new Promise(e=>J.setTimeout(e,n)),he=(n="/")=>{try{Y=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Y.signal}).catch(t=>{console.log(t)}),L(150*1e3).then(he)}catch(e){console.log(e)}},$e=()=>{Y&&Y.abort()},Re=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Fe=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await L(2e3),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),I=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;const t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,w,O)=>{const W=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:w,oidcConfiguration:{token_renew_mode:O.token_renew_mode,service_worker_convert_all_requests_to_cors:O.service_worker_convert_all_requests_to_cors}},configurationName:e}),R=W.version;return R!==de&&(console.warn(`Service worker ${R} version mismatch with js client version ${de}, unregistering and reloading`),await O.service_worker_update_require_callback(t,$e)),{tokens:Z(W.tokens,null,O.token_renew_mode),status:W.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,f=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),l=async()=>{let w=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return w||(w=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:w}};let u={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:f,getNonceAsync:l,setLoginParams:k=>{u[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return u[e]||(u[e]=JSON.parse(k)),u[e]},getStateAsync:async()=>{let w=(await b(t)({type:"getState",data:null,configurationName:e})).state;return w||(w=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),w},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let w=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return w||(w=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),w},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const w=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:w},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`,r=await navigator.locks.request(i,async c=>{const a=d=>{n.tokens=d},{tokens:f,status:l}=await n.synchroniseTokensAsync(e,0,s,t,a);return await I(n.configuration,n.configurationName)||await P(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?f:(await n.destroyAsync(l),null)});return r?(n.timeoutId&&(n.timeoutId=B(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const B=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return J.setTimeout(async()=>{const r={timeLeft:K(o,s)};n.publishEvent(D.eventNames.token_timer,r),await _e(n,e,!1,t)},1e3)},ne=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[u,d]of Object.entries(t))r===""?r=`?${encodeURIComponent(u)}=${encodeURIComponent(d)}`:r+=`&${encodeURIComponent(u)}=${encodeURIComponent(d)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),f=c.substr(0,a),l=document.createElement("iframe");return l.width="0px",l.height="0px",l.id=`${n}_oidc_iframe`,l.setAttribute("src",c),document.body.appendChild(l),new Promise((u,d)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===f&&_.source===l.contentWindow){const g=`${n}_oidc_tokens:`,S=`${n}_oidc_error:`,v=_.data;if(v&&typeof v=="string"&&!h){if(v.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));s(m.silentLoginAsync_end,{}),l.remove(),h=!0,u(T)}else if(v.startsWith(S)){const T=JSON.parse(_.data.replace(S,""));s(m.silentLoginAsync_error,T),l.remove(),h=!0,d(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(s(m.silentLoginAsync_error,{reason:"timeout"}),l.remove(),h=!0,d(new Error("timeout")))},y)}catch(h){l.remove(),s(m.silentLoginAsync_error,h),d(h)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Ue=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(f,l,u)=>ne(e,s,t.bind(o))(f,l,u);return(async()=>{o.timeoutId&&J.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const l=s.extras?{...s.extras,...i}:i,u=await c({...l,prompt:"none"},f,r);if(u)return o.tokens=u.tokens,t(m.token_aquired,{}),o.timeoutId=B(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(l){return l}})()},Ve=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,f=void 0,l=void 0)=>ne(n.configurationName,s,n.publishEvent.bind(n))(a,f,l);return new Promise((a,f)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const l=()=>{n.checkSessionIFrame.stop();const u=n.tokens;if(u===null)return;const d=u.idToken,h=u.idTokenPayload;return c({prompt:"none",id_token_hint:d,scope:s.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,h.sub)})};n.checkSessionIFrame=new Ce(l,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(u=>{f(u)})}else a(null)})};for(var Me=je,C=[],ye="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",z=0,Ke=ye.length;z<Ke;++z)C[z]=ye[z];function Je(n){return C[n>>18&63]+C[n>>12&63]+C[n>>6&63]+C[n&63]}function Be(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(Je(t));return o.join("")}function je(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(Be(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(C[e>>2]+C[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(C[e>>10]+C[e>>4&63]+C[e<<2&63]+"=")),o.join("")}const ge=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%se.length;e.push(se[t])}return e.join("")},He=n=>Me(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),te=n=>{const e=new Uint8Array(n),{hasCrypto:s}=ge();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*se.length|0;return qe(e)};function Ge(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function ke(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",Ge(n)).then(t=>e(He(new Uint8Array(t))),t=>s(t))})}const Xe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ge();return e?ke(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},U={},Ye=(n,e=window.sessionStorage,s)=>{if(!U[n]&&e){const o=e.getItem(n);o&&(U[n]=JSON.parse(o))}const t=1e3*s;return U[n]&&U[n].timestamp+t>Date.now()?U[n].result:null},ze=(n,e,s=window.sessionStorage)=>{const t=Date.now();U[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},Qe=60*60,Ze=n=>async(e,s=Qe,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Ye(r,t,s);if(c)return new re(c);const a=await j(n)(i,{},o);if(a.status!==200)return null;const f=await a.json();return ze(r,f,t),new re(f)},j=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await j(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},me=n=>async(e,s,t=oe.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const l in r){const u=encodeURIComponent(l),d=encodeURIComponent(r[l]);c.push(`${u}=${d}`)}const a=c.join("&");return(await j(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},en=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))s[h]===void 0&&(s[h]=y);const a=[];for(const h in s){const y=encodeURIComponent(h),_=encodeURIComponent(s[h]);a.push(`${y}=${_}`)}const f=a.join("&"),l=await j(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},c);if(l.status!==200)return{success:!1,status:l.status,demonstratingProofOfPossessionNonce:null};const u=await l.json();let d=null;return l.headers.has(Q)&&(d=l.headers.get(Q)),{success:!0,data:Z(u,o,r),demonstratingProofOfPossessionNonce:d}},nn=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Xe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},Q="DPoP-Nonce",sn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const u in s){const d=encodeURIComponent(u),h=encodeURIComponent(s[u]);r.push(`${d}=${h}`)}const c=r.join("&"),a=await j(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let f=null;a.headers.has(Q)&&(f=a.headers.get(Q));const l=await a.json();return{success:!0,data:{state:s.state,tokens:Z(l,null,o),demonstratingProofOfPossessionNonce:f}}},pe=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},tn=n=>{const e=pe(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},q=n=>{const e=pe(n),{search:s}=e;return on(s)},on=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function we(n){return new TextEncoder().encode(n)}function Ae(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function rn(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Se(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),Ae(e)}function ve(n){return Ae(rn(n))}var Te={};Te.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:ve(JSON.stringify(e)),payload:ve(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,c).then(function(a){const f=we(o.protected+"."+o.payload),l={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(l,a,f).then(function(u){return o.signature=Se(new Uint8Array(u)),o.protected+"."+o.payload+"."+o.signature})})};const ie={};ie.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},ie.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var be={};be.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},we(e)).then(function(s){return Se(new Uint8Array(s))})};const an=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},cn=()=>ie.generate().then(function(n){return n}),Pe=(n,e="POST",s,t={})=>{const o={jit:btoa(an()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return be.thumbprint(n).then(function(i){return Te.sign(n,{},o).then(function(r){return r})})},ln=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const f=r;return r={...r},(async()=>{const u=i||o.getPath();if("state"in r||(r.state=te(16)),s(m.loginAsync_begin,{}),r)for(const d of Object.keys(r))d.endsWith(":token_request")&&delete r[d];try{const d=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=te(12));const y={nonce:h.nonce},_=await I(e,n),g=await t(e.authority,e.authority_configuration);let S;if(_)_.setLoginParams({callbackPath:u,extras:f}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),S=_;else{const T=P(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:u,extras:f}),await T.setNonceAsync(y),S=T}const v={client_id:e.client_id,redirect_uri:d,scope:a,response_type:"code",...h};await nn(S,o)(g.authorizationEndpoint,v)}catch(d){throw s(m.loginAsync_error,d),d}})()},un=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),l=q(a).session_state,u=await I(s,n.configurationName);let d,h,y,_;if(u)await u.initAsync(c,"loginCallbackAsync",s),await u.setSessionStateAsync(l),h=await u.getNonceAsync(),y=u.getLoginParams(),_=await u.getStateAsync(),u.startKeepAliveServiceWorker(),d=u;else{const A=P(n.configurationName,s.storage??sessionStorage);await A.setSessionStateAsync(l),h=await A.getNonceAsync(),y=A.getLoginParams(),_=await A.getStateAsync(),d=A}const g=q(a);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);const S={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},v={};if(s.token_request_extras)for(const[A,M]of Object.entries(s.token_request_extras))v[A]=M;if(y&&y.extras)for(const[A,M]of Object.entries(y.extras))A.endsWith(":token_request")&&(v[A.replace(":token_request","")]=M);const T=c.tokenEndpoint,$={};if(s.demonstrating_proof_of_possession){const A=await cn();u?await u.setDemonstratingProofOfPossessionJwkAsync(A):await P(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(A),$.DPoP=await Pe(A,"POST",T)}const p=await sn(d)(T,{...S,...v},$,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const w=p.data.tokens,O=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:W,reason:R}=ue(w,h.nonce,c);if(!W)throw new Error(`Tokens are not OpenID valid, reason: ${R}`);if(u){if(w.refreshToken&&!w.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(O&&w.accessToken&&w.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(u)await u.initAsync(o,"syncTokensAsync",s),k=u.getLoginParams(),O&&await u.setDemonstratingProofOfPossessionNonce(O);else{const A=P(n.configurationName,s.storage);k=A.getLoginParams(),O&&await A.setDemonstratingProofOfPossessionNonce(O)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,l,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:w,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Oe={access_token:"access_token",refresh_token:"refresh_token"},dn=n=>async e=>{J.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await I(n.configuration,n.configurationName);s?await s.clearAsync(e):await P(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},fn=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let l=!1;i&&(l=i.includes("https://")||i.includes("http://"));const u=l?i:o.getOrigin()+f,d=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Oe.access_token)){const v=me(s)(y,g,oe.access_token,c.client_id);_.push(v)}const S=n.tokens?n.tokens.refreshToken:null;if(S&&c.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const v=me(s)(y,S,oe.refresh_token,c.client_id);_.push(v)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:d},i!==null&&(r.post_logout_redirect_uri=u));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},hn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ee(n.tokens);)await L(200);if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const f=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return f.status!==200?null:f.json()})(s);return n.userInfo=c,c};class H{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const _n=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),yn=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0);break}}return{os:o,osVersion:r}};function gn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const kn=()=>{const{name:n,version:e}=gn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=yn(navigator);return!_n(s)},Ee=()=>fetch;class re{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const x={},mn=(n,e=new H)=>(s,t="default")=>(x[t]||(x[t]=new D(s,t,n,e)),x[t]),pn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=B(n,e.refreshToken,e.expiresAt),{callbackPath:s}},wn=n=>Math.floor(Math.random()*n),N=class N{constructor(e,s="default",t,o=new H){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new H;const c=e.service_worker_update_require_callback??Fe(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??kn},this.getFetch=t??Ee,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=wn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(x,e)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
-
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return x[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=q(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=q(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new re({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Ze(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await I(t,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=B(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=P(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=le(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=B(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Ve(this,x,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ue(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=ln(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await un(this)(e),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(N.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await L(1e3),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await L(1e3),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});let c=Math.floor(Math.random()*15)+10;for(;document.hidden&&c>0;)await L(1e3),c--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is hidden try ${c}`});const f=document.hidden?s:s+1;o||(o={});const l=this.configuration,u=(h,y,_=null)=>ne(this.configurationName,this.configuration,this.publishEvent.bind(this))(h,y,_),d=async()=>{try{let h;const y=await I(l,this.configurationName);y?h=y.getLoginParams():h=P(this.configurationName,l.storage).getLoginParams();const _=await u({...h.extras,...o,prompt:"none"},h.state);if(_)return i(_.tokens),this.publishEvent(N.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}}catch(h){if(console.error(h),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:h.message}),h&&h.message&&h.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,f,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:h,tokens:y,nonce:_}=await this.syncTokensInfoAsync(l,this.configurationName,this.tokens,t);switch(h){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(y),{tokens:y,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(y),this.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:y,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:h,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:h,tryNumber:s}),!e)return await d();const g=l.client_id,S=l.redirect_uri,v=l.authority,$={...l.token_request_extras?l.token_request_extras:{}};for(const[k,w]of Object.entries(o))k.endsWith(":token_request")&&($[k.replace(":token_request","")]=w);return await(async()=>{const k={client_id:g,redirect_uri:S,grant_type:"refresh_token",refresh_token:y.refreshToken},w=await this.initAsync(v,l.authority_configuration),O=document.hidden?1e4:3e4*10,W=w.tokenEndpoint,R={};l.demonstrating_proof_of_possession&&(R.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(y.accessToken,W,"POST"));const A=await en(this.getFetch())(W,k,$,y,R,l.token_renew_mode,O);if(A.success){const{isValid:M,reason:Sn}=ue(A.data,_.nonce,w);if(!M)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${Sn}`}),{tokens:null,status:"SESSION_LOST"};if(i(A.data),A.demonstratingProofOfPossessionNonce){const Ie=await I(l,this.configurationName);Ie?await Ie.setDemonstratingProofOfPossessionNonce(A.demonstratingProofOfPossessionNonce):await P(this.configurationName,l.storage).setDemonstratingProofOfPossessionNonce(A.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:A.success}),this.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:A.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:A}),await this.synchroniseTokensAsync(e,f,t,o,i)})()}}}catch(h){return console.error(h),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:h.message}),this.synchroniseTokensAsync(e,f,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await ke(e)},r=await I(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const f=P(this.configurationName,o.storage);a=await f.getDemonstratingProofOfPossessionJwkAsync(),c=await f.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Pe(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await I(e,s);if(a){const{status:u,tokens:d}=await a.initAsync(c,"syncTokensAsync",e);if(u==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(u==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!u||!d)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(d.issuedAt!==t.issuedAt){const y=K(e.refresh_time_before_tokens_expiration_in_second,d.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:d,status:y,nonce:_}}r=await a.getNonceAsync()}else{const u=P(s,e.storage??sessionStorage),{tokens:d,status:h}=await u.initAsync();if(d){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(d.issuedAt!==t.issuedAt){const _=K(e.refresh_time_before_tokens_expiration_in_second,d.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await u.getNonceAsync();return{tokens:d,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await u.getNonceAsync()}const l=K(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:l,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=pn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=hn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return J.clearTimeout(this.timeoutId),this.renewTokensPromise=_e(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await dn(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=fn(this,x,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};N.getOrCreate=(e,s)=>(t,o="default")=>mn(e,s)(t,o),N.eventNames=m;let D=N;const An=(n,e)=>async(...s)=>{var d;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,f=await a.getValidTokenAsync(),l=(d=f==null?void 0:f.tokens)==null?void 0:d.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(l,t.toString(),r.method);c.set("Authorization",`PoP ${l}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${l}`);r.credentials||(r.credentials="same-origin")}const u={...r,headers:c};return await n(t,u,...i)},V=class V{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new V(D.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return De(this._oidc,e,s)}fetchWithTokens(e){return An(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};V.getOrCreate=(e,s=new H)=>(t,o="default")=>new V(D.getOrCreate(e,s)(t,o)),V.eventNames=D.eventNames;let ae=V;E.OidcClient=ae,E.OidcLocation=H,E.TokenRenewMode=X,E.getFetchDefault=Ee,E.getParseQueryStringFromLocation=q,E.getPath=tn,Object.defineProperty(E,Symbol.toStringTag,{value:"Module"})});
|
|
1
|
+
(function(E,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(E=typeof globalThis<"u"?globalThis:E||self,G(E["oidc-client"]={}))})(this,function(E){"use strict";const F=console;class Ce{constructor(e,n,t,o=2e3,i=!0){this._callback=e,this._client_id=n,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(F.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(F.debug(e),F.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):F.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){F.debug("CheckSessionIFrame.start :"+e),this.stop();const n=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};n(),this._timer=window.setInterval(n,this._interval)}stop(){this._timer&&(F.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},P=(s,e=sessionStorage)=>{const n=p=>(e[`oidc.${s}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${s}`])return e[`oidc.${s}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${s}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${s}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${s}`]=p},r=async()=>e[`oidc.session_state.${s}`],c=p=>{e[`oidc.nonce.${s}`]=p.nonce},a=p=>{e[`oidc.jwk.${s}`]=JSON.stringify(p)},f=()=>JSON.parse(e[`oidc.jwk.${s}`]),l=async()=>({nonce:e[`oidc.nonce.${s}`]}),u=async p=>{e[`oidc.dpop_nonce.${s}`]=p},d=()=>e[`oidc.dpop_nonce.${s}`],h=()=>e[`oidc.${s}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${s}`]).tokens}):null;let y={};return{clearAsync:n,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:l,setLoginParams:p=>{y[s]=p,e[`oidc.login.${s}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${s}`];return y[s]||(y[s]=JSON.parse(p)),y[s]},getStateAsync:async()=>e[`oidc.state.${s}`],setStateAsync:async p=>{e[`oidc.state.${s}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${s}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${s}`]=p},setDemonstratingProofOfPossessionNonce:u,getDemonstratingProofOfPossessionNonce:d,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:f}},xe=s=>decodeURIComponent(Array.prototype.map.call(atob(s),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Ne=s=>JSON.parse(xe(s.split(".")[1].replace("-","+").replace("_","/"))),ce=s=>{try{return s&&We(s,".")===2?Ne(s):null}catch(e){console.warn(e)}return null},We=(s,e)=>s.split(e).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(s,e,n){if(s.issuedAt){if(typeof s.issuedAt=="string")return parseInt(s.issuedAt,10)}else return e&&e.iat?e.iat:n&&n.iat?n.iat:new Date().getTime()/1e3;return s.issuedAt}const le=(s,e=null,n)=>{if(!s)return null;let t;const o=typeof s.expiresIn=="string"?parseInt(s.expiresIn,10):s.expiresIn;s.accessTokenPayload!==void 0?t=s.accessTokenPayload:t=ce(s.accessToken);const i=s.idTokenPayload?s.idTokenPayload:ce(s.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:s.issuedAt+o;s.issuedAt=Le(s,t,i);let a;s.expiresAt?a=s.expiresAt:n===X.access_token_invalid?a=c:n===X.id_token_invalid?a=r:a=r<c?r:c;const f={...s,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in s)){const l=e.refreshToken;return{...f,refreshToken:l}}return f},Z=(s,e,n)=>{if(!s)return null;if(!s.issued_at){const o=new Date().getTime()/1e3;s.issued_at=o}const t={accessToken:s.access_token,expiresIn:s.expires_in,idToken:s.id_token,scope:s.scope,tokenType:s.token_type,issuedAt:s.issued_at};return"refresh_token"in s&&(t.refreshToken=s.refresh_token),s.accessTokenPayload!==void 0&&(t.accessTokenPayload=s.accessTokenPayload),s.idTokenPayload!==void 0&&(t.idTokenPayload=s.idTokenPayload),le(t,e,n)},K=(s,e)=>{const n=new Date().getTime()/1e3,t=e-n;return Math.round(t-s)},ee=s=>s?K(0,s.expiresAt)>0:!1,De=async(s,e=200,n=50)=>{let t=n;if(!s.tokens)return null;for(;!ee(s.tokens)&&t>0;)await L({milliseconds:e}),t=t-1;return{isTokensValid:ee(s.tokens),tokens:s.tokens,numberWaited:t-n}},ue=(s,e,n)=>{if(s.idTokenPayload){const t=s.idTokenPayload;if(n.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},J=function(){const s=function(){let a,f;const l=(function(){const d={},h={setTimeout:function(_,g,S){d[g]=setTimeout(function(){_.postMessage(g),d[g]=null},S)},setInterval:function(_,g,S){d[g]=setInterval(function(){_.postMessage(g)},S)},clearTimeout:function(_,g){clearTimeout(d[g]),d[g]=null},clearInterval:function(_,g){clearInterval(d[g]),d[g]=null}};function y(_,g){const S=g.data[0],v=g.data[1],T=g.data[2];h[S]&&h[S](_,v,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(S){y(g,S)}}}).toString();try{const d=new Blob(["(",l,")()"],{type:"application/javascript"});f=URL.createObjectURL(d)}catch{return null}const u=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(f),a.port}catch{u&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(f),a}catch{u&&console.warn("Worker not available")}return null}();if(!s){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),n={},t={};s.onmessage=function(a){const f=a.data,l=n[f];if(l){l(),n[f]=null;return}const u=t[f];u&&u()};function o(a,f){const l=e();return s.postMessage(["setTimeout",l,f]),n[l]=a,l}function i(a){s.postMessage(["clearTimeout",a]),n[a]=null}function r(a,f){const l=e();return s.postMessage(["setInterval",l,f]),t[l]=a,l}function c(a){s.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.13.0";let fe=null,Y;const L=({milliseconds:s})=>new Promise(e=>J.setTimeout(e,s)),he=(s="/")=>{try{Y=new AbortController,fetch(`${s}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Y.signal}).catch(t=>{console.log(t)}),L({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},$e=()=>{Y&&Y.abort()},Re=(s="/")=>fetch(`${s}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Fe=s=>async(e,n)=>{n(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await L({milliseconds:2e3}),s.reload()},b=s=>e=>new Promise(function(n,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):n(i.data)},s.active.postMessage(e,[o.port2])}),I=async(s,e)=>{const n=s.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!n||s.service_worker_activate()===!1)return null;let t=null;s.register?t=await s.service_worker_register(n):t=await navigator.serviceWorker.register(n);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,w,O)=>{const W=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:w,oidcConfiguration:{token_renew_mode:O.token_renew_mode,service_worker_convert_all_requests_to_cors:O.service_worker_convert_all_requests_to_cors}},configurationName:e}),R=W.version;return R!==de&&(console.warn(`Service worker ${R} version mismatch with js client version ${de}, unregistering and reloading`),await O.service_worker_update_require_callback(t,$e)),{tokens:Z(W.tokens,null,O.token_renew_mode),status:W.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,f=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),l=async()=>{let w=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return w||(w=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:w}};let u={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(s.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(s.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:f,getNonceAsync:l,setLoginParams:k=>{u[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return u[e]||(u[e]=JSON.parse(k)),u[e]},getStateAsync:async()=>{let w=(await b(t)({type:"getState",data:null,configurationName:e})).state;return w||(w=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),w},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let w=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return w||(w=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),w},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const w=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:w},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(s,e,n=!1,t=null){const o=s.configuration,i=`${o.client_id}_${s.configurationName}_${o.authority}`,r=await navigator.locks.request(i,async c=>{const a=d=>{s.tokens=d},{tokens:f,status:l}=await s.synchroniseTokensAsync(e,0,n,t,a);return await I(s.configuration,s.configurationName)||await P(s.configurationName,s.configuration.storage).setTokens(s.tokens),s.tokens?f:(await s.destroyAsync(l),null)});return r?(s.timeoutId&&(s.timeoutId=B(s,r.refreshToken,s.tokens.expiresAt,t)),s.tokens):null}const B=(s,e,n,t=null)=>{const o=s.configuration.refresh_time_before_tokens_expiration_in_second;return J.setTimeout(async()=>{const r={timeLeft:K(o,n)};s.publishEvent(D.eventNames.token_timer,r),await _e(s,e,!1,t)},1e3)},se=(s,e,n)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{n(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[u,d]of Object.entries(t))r===""?r=`?${encodeURIComponent(u)}=${encodeURIComponent(d)}`:r+=`&${encodeURIComponent(u)}=${encodeURIComponent(d)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),f=c.substr(0,a),l=document.createElement("iframe");return l.width="0px",l.height="0px",l.id=`${s}_oidc_iframe`,l.setAttribute("src",c),document.body.appendChild(l),new Promise((u,d)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===f&&_.source===l.contentWindow){const g=`${s}_oidc_tokens:`,S=`${s}_oidc_error:`,v=_.data;if(v&&typeof v=="string"&&!h){if(v.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));n(m.silentLoginAsync_end,{}),l.remove(),h=!0,u(T)}else if(v.startsWith(S)){const T=JSON.parse(_.data.replace(S,""));n(m.silentLoginAsync_error,T),l.remove(),h=!0,d(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(n(m.silentLoginAsync_error,{reason:"timeout"}),l.remove(),h=!0,d(new Error("timeout")))},y)}catch(h){l.remove(),n(m.silentLoginAsync_error,h),d(h)}})}catch(r){throw n(m.silentLoginAsync_error,r),r}},Ue=(s,e,n,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(f,l,u)=>se(e,n,t.bind(o))(f,l,u);return(async()=>{o.timeoutId&&J.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const l=n.extras?{...n.extras,...i}:i,u=await c({...l,prompt:"none"},f,r);if(u)return o.tokens=u.tokens,t(m.token_aquired,{}),o.timeoutId=B(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(l){return l}})()},Ve=(s,e,n)=>(t,o,i,r=!1)=>{const c=(a,f=void 0,l=void 0)=>se(s.configurationName,n,s.publishEvent.bind(s))(a,f,l);return new Promise((a,f)=>{if(n.silent_login_uri&&n.silent_redirect_uri&&n.monitor_session&&t&&i&&!r){const l=()=>{s.checkSessionIFrame.stop();const u=s.tokens;if(u===null)return;const d=u.idToken,h=u.idTokenPayload;return c({prompt:"none",id_token_hint:d,scope:n.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;s.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(n.client_id,h.sub)})};s.checkSessionIFrame=new Ce(l,o,t),s.checkSessionIFrame.load().then(()=>{s.checkSessionIFrame.start(i),a(s.checkSessionIFrame)}).catch(u=>{f(u)})}else a(null)})};for(var Me=je,C=[],ye="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",z=0,Ke=ye.length;z<Ke;++z)C[z]=ye[z];function Je(s){return C[s>>18&63]+C[s>>12&63]+C[s>>6&63]+C[s&63]}function Be(s,e,n){for(var t,o=[],i=e;i<n;i+=3)t=(s[i]<<16&16711680)+(s[i+1]<<8&65280)+(s[i+2]&255),o.push(Je(t));return o.join("")}function je(s){for(var e,n=s.length,t=n%3,o=[],i=16383,r=0,c=n-t;r<c;r+=i)o.push(Be(s,r,r+i>c?c:r+i));return t===1?(e=s[n-1],o.push(C[e>>2]+C[e<<4&63]+"==")):t===2&&(e=(s[n-2]<<8)+s[n-1],o.push(C[e>>10]+C[e>>4&63]+C[e<<2&63]+"=")),o.join("")}const ge=()=>{const s=typeof window<"u"&&!!window.crypto,e=s&&!!window.crypto.subtle;return{hasCrypto:s,hasSubtleCrypto:e}},ne="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=s=>{const e=[];for(let n=0;n<s.byteLength;n+=1){const t=s[n]%ne.length;e.push(ne[t])}return e.join("")},He=s=>Me(new Uint8Array(s)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),te=s=>{const e=new Uint8Array(s),{hasCrypto:n}=ge();if(n)window.crypto.getRandomValues(e);else for(let t=0;t<s;t+=1)e[t]=Math.random()*ne.length|0;return qe(e)};function Ge(s){const e=new ArrayBuffer(s.length),n=new Uint8Array(e);for(let t=0;t<s.length;t++)n[t]=s.charCodeAt(t);return n}function ke(s){return new Promise((e,n)=>{crypto.subtle.digest("SHA-256",Ge(s)).then(t=>e(He(new Uint8Array(t))),t=>n(t))})}const Xe=s=>{if(s.length<43||s.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ge();return e?ke(s):Promise.reject(new Error("window.crypto.subtle is unavailable."))},U={},Ye=(s,e=window.sessionStorage,n)=>{if(!U[s]&&e){const o=e.getItem(s);o&&(U[s]=JSON.parse(o))}const t=1e3*n;return U[s]&&U[s].timestamp+t>Date.now()?U[s].result:null},ze=(s,e,n=window.sessionStorage)=>{const t=Date.now();U[s]={result:e,timestamp:t},n&&n.setItem(s,JSON.stringify({result:e,timestamp:t}))},Qe=60*60,Ze=s=>async(e,n=Qe,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Ye(r,t,n);if(c)return new re(c);const a=await j(s)(i,{},o);if(a.status!==200)return null;const f=await a.json();return ze(r,f,t),new re(f)},j=s=>async(e,n={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await s(e,{...n,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await j(s)(e,n,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},me=s=>async(e,n,t=oe.refresh_token,o,i=1e4)=>{const r={token:n,token_type_hint:t,client_id:o},c=[];for(const l in r){const u=encodeURIComponent(l),d=encodeURIComponent(r[l]);c.push(`${u}=${d}`)}const a=c.join("&");return(await j(s)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},es=s=>async(e,n,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))n[h]===void 0&&(n[h]=y);const a=[];for(const h in n){const y=encodeURIComponent(h),_=encodeURIComponent(n[h]);a.push(`${y}=${_}`)}const f=a.join("&"),l=await j(s)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},c);if(l.status!==200)return{success:!1,status:l.status,demonstratingProofOfPossessionNonce:null};const u=await l.json();let d=null;return l.headers.has(Q)&&(d=l.headers.get(Q)),{success:!0,data:Z(u,o,r),demonstratingProofOfPossessionNonce:d}},ss=(s,e)=>async(n,t)=>{t=t?{...t}:{};const o=te(128),i=await Xe(o);await s.setCodeVerifierAsync(o),await s.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${n}${r}`)},Q="DPoP-Nonce",ns=s=>async(e,n,t,o,i=1e4)=>{n=n?{...n}:{},n.code_verifier=await s.getCodeVerifierAsync();const r=[];for(const u in n){const d=encodeURIComponent(u),h=encodeURIComponent(n[u]);r.push(`${d}=${h}`)}const c=r.join("&"),a=await j(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([s.setCodeVerifierAsync(null),s.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let f=null;a.headers.has(Q)&&(f=a.headers.get(Q));const l=await a.json();return{success:!0,data:{state:n.state,tokens:Z(l,null,o),demonstratingProofOfPossessionNonce:f}}},pe=s=>{const e=s.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let n=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],n=o[1])}return n.startsWith("?")&&(n=n.slice(1)),e&&{href:s,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:n,hash:t}},ts=s=>{const e=pe(s);let{path:n}=e;n.endsWith("/")&&(n=n.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(n+=t),n},q=s=>{const e=pe(s),{search:n}=e;return os(n)},os=s=>{const e={};let n,t,o;const i=s.split("&");for(t=0,o=i.length;t<o;t++)n=i[t].split("="),e[decodeURIComponent(n[0])]=decodeURIComponent(n[1]);return e};function we(s){return new TextEncoder().encode(s)}function Ae(s){return btoa(s).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function is(s){return encodeURIComponent(s).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Se(s){let e="";return s.forEach(function(n){e+=String.fromCharCode(n)}),Ae(e)}function ve(s){return Ae(is(s))}var Te={};Te.sign=(s,e,n,t="dpop+jwt")=>{s=Object.assign({},s),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:s.kty,crv:s.crv,x:s.x,y:s.y});const o={protected:ve(JSON.stringify(e)),payload:ve(JSON.stringify(n))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",s,i,r,c).then(function(a){const f=we(o.protected+"."+o.payload),l={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(l,a,f).then(function(u){return o.signature=Se(new Uint8Array(u)),o.protected+"."+o.payload+"."+o.signature})})};const ie={};ie.generate=function(){const s={name:"ECDSA",namedCurve:"P-256"},e=!0,n=["sign","verify"];return window.crypto.subtle.generateKey(s,e,n).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},ie.neuter=function(s){const e=Object.assign({},s);return delete e.d,e.key_ops=["verify"],e};var be={};be.thumbprint=function(s){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",s.crv).replace("X",s.x).replace("Y",s.y);return window.crypto.subtle.digest({name:"SHA-256"},we(e)).then(function(n){return Se(new Uint8Array(n))})};const rs=function(){const s="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let n=0,t="";for(let o=0;o<36;o++)s[o]!=="-"&&s[o]!=="4"&&(n=Math.random()*16|0),s[o]==="x"?t+=e[n]:s[o]==="y"?(n&=3,n|=8,t+=e[n]):t+=s[o];return t},as=()=>ie.generate().then(function(s){return s}),Pe=(s,e="POST",n,t={})=>{const o={jit:btoa(rs()),htm:e,htu:n,iat:Math.round(Date.now()/1e3),...t};return be.thumbprint(s).then(function(i){return Te.sign(s,{},o).then(function(r){return r})})},cs=(s,e,n,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const f=r;return r={...r},(async()=>{const u=i||o.getPath();if("state"in r||(r.state=te(16)),n(m.loginAsync_begin,{}),r)for(const d of Object.keys(r))d.endsWith(":token_request")&&delete r[d];try{const d=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=te(12));const y={nonce:h.nonce},_=await I(e,s),g=await t(e.authority,e.authority_configuration);let S;if(_)_.setLoginParams({callbackPath:u,extras:f}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),S=_;else{const T=P(s,e.storage??sessionStorage);T.setLoginParams({callbackPath:u,extras:f}),await T.setNonceAsync(y),S=T}const v={client_id:e.client_id,redirect_uri:d,scope:a,response_type:"code",...h};await ss(S,o)(g.authorizationEndpoint,v)}catch(d){throw n(m.loginAsync_error,d),d}})()},ls=s=>async(e=!1)=>{try{s.publishEvent(m.loginCallbackAsync_begin,{});const n=s.configuration,t=n.client_id,o=e?n.silent_redirect_uri:n.redirect_uri,i=n.authority,r=n.token_request_timeout,c=await s.initAsync(i,n.authority_configuration),a=s.location.getCurrentHref(),l=q(a).session_state,u=await I(n,s.configurationName);let d,h,y,_;if(u)await u.initAsync(c,"loginCallbackAsync",n),await u.setSessionStateAsync(l),h=await u.getNonceAsync(),y=u.getLoginParams(),_=await u.getStateAsync(),u.startKeepAliveServiceWorker(),d=u;else{const A=P(s.configurationName,n.storage??sessionStorage);await A.setSessionStateAsync(l),h=await A.getNonceAsync(),y=A.getLoginParams(),_=await A.getStateAsync(),d=A}const g=q(a);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);const S={code:g.code,grant_type:"authorization_code",client_id:n.client_id,redirect_uri:o},v={};if(n.token_request_extras)for(const[A,M]of Object.entries(n.token_request_extras))v[A]=M;if(y&&y.extras)for(const[A,M]of Object.entries(y.extras))A.endsWith(":token_request")&&(v[A.replace(":token_request","")]=M);const T=c.tokenEndpoint,$={};if(n.demonstrating_proof_of_possession){const A=await as();u?await u.setDemonstratingProofOfPossessionJwkAsync(A):await P(s.configurationName,n.storage).setDemonstratingProofOfPossessionJwkAsync(A),$.DPoP=await Pe(A,"POST",T)}const p=await ns(d)(T,{...S,...v},$,s.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const w=p.data.tokens,O=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:W,reason:R}=ue(w,h.nonce,c);if(!W)throw new Error(`Tokens are not OpenID valid, reason: ${R}`);if(u){if(w.refreshToken&&!w.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(O&&w.accessToken&&w.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(u)await u.initAsync(o,"syncTokensAsync",n),k=u.getLoginParams(),O&&await u.setDemonstratingProofOfPossessionNonce(O);else{const A=P(s.configurationName,n.storage);k=A.getLoginParams(),O&&await A.setDemonstratingProofOfPossessionNonce(O)}return await s.startCheckSessionAsync(c.checkSessionIframe,t,l,e),s.publishEvent(m.loginCallbackAsync_end,{}),{tokens:w,state:"request.state",callbackPath:k.callbackPath}}catch(n){throw console.error(n),s.publishEvent(m.loginCallbackAsync_error,n),n}},Oe={access_token:"access_token",refresh_token:"refresh_token"},us=s=>async e=>{J.clearTimeout(s.timeoutId),s.timeoutId=null,s.checkSessionIFrame&&s.checkSessionIFrame.stop();const n=await I(s.configuration,s.configurationName);n?await n.clearAsync(e):await P(s.configurationName,s.configuration.storage).clearAsync(e),s.tokens=null,s.userInfo=null},ds=(s,e,n,t,o)=>async(i=void 0,r=null)=>{const c=s.configuration,a=await s.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let l=!1;i&&(l=i.includes("https://")||i.includes("http://"));const u=l?i:o.getOrigin()+f,d=s.tokens?s.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=s.tokens?s.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Oe.access_token)){const v=me(n)(y,g,oe.access_token,c.client_id);_.push(v)}const S=s.tokens?s.tokens.refreshToken:null;if(S&&c.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const v=me(n)(y,S,oe.refresh_token,c.client_id);_.push(v)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=s.tokens&&s.tokens.idTokenPayload?s.tokens.idTokenPayload.sub:null;await s.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==s&&await s.logoutSameTabAsync(s.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:d},i!==null&&(r.post_logout_redirect_uri=u));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},fs=s=>async(e=!1)=>{if(s.userInfo!=null&&!e)return s.userInfo;for(;s.tokens&&!ee(s.tokens);)await L({milliseconds:200});if(!s.tokens)return null;const n=s.tokens.accessToken;if(!n)return null;const t=s.configuration,i=(await s.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const f=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return f.status!==200?null:f.json()})(n);return s.userInfo=c,c};class H{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const hs=s=>!!(s.os==="iOS"&&s.osVersion.startsWith("12")||s.os==="Mac OS X"&&s.osVersion.startsWith("10_15_6")),_s=s=>{const e=s.appVersion,n=s.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(n)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0);break}}return{os:o,osVersion:r}};function ys(){const s=navigator.userAgent;let e,n=s.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(n[1]))return e=/\brv[ :]+(\d+)/g.exec(s)||[],{name:"ie",version:e[1]||""};if(n[1]==="Chrome"&&(e=s.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=s.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return n=n[2]?[n[1],n[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=s.match(/version\/(\d+)/i))!=null&&n.splice(1,1,e[1]),{name:n[0].toLowerCase(),version:n[1]}}const gs=()=>{const{name:s,version:e}=ys();if(s==="chrome"&&parseInt(e)<=70||s==="opera"&&(!e||parseInt(e.split(".")[0])<80)||s==="ie")return!1;const n=_s(navigator);return!hs(n)},Ee=()=>fetch;class re{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const x={},ks=(s,e=new H)=>(n,t="default")=>(x[t]||(x[t]=new D(n,t,s,e)),x[t]),ms=async s=>{const{parsedTokens:e,callbackPath:n}=await s.loginCallbackAsync();return s.timeoutId=B(s,e.refreshToken,e.expiresAt),{callbackPath:n}},ps=s=>Math.floor(Math.random()*s),N=class N{constructor(e,n="default",t,o=new H){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new H;const c=e.service_worker_update_require_callback??Fe(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??gs},this.getFetch=t??Ee,this.configurationName=n,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const n=ps(9999999999999).toString();return this.events.push({id:n,func:e}),n}removeEventSubscription(e){const n=this.events.filter(t=>t.id!==e);this.events=n}publishEvent(e,n){this.events.forEach(t=>{t.func(e,n)})}static get(e="default"){const n=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(x,e)&&n)throw Error(`OIDC library does seem initialized.
|
|
2
|
+
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return x[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,n=q(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:n.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,n=q(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:n.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,n){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(n!=null)return new re({authorization_endpoint:n.authorization_endpoint,end_session_endpoint:n.end_session_endpoint,revocation_endpoint:n.revocation_endpoint,token_endpoint:n.token_endpoint,userinfo_endpoint:n.userinfo_endpoint,check_session_iframe:n.check_session_iframe,issuer:n.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Ze(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let n;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(n=await I(t,this.configurationName),n){const{tokens:i}=await n.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){n.startKeepAliveServiceWorker(),this.tokens=i;const r=n.getLoginParams(this.configurationName);this.timeoutId=B(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await n.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=P(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=le(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=B(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n))}async startCheckSessionAsync(e,n,t,o=!1){await Ve(this,x,this.configuration)(e,n,t,o)}async loginAsync(e=void 0,n=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ue(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(n,o):(this.loginPromise=cs(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,n,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const n=async()=>{const t=await ls(this)(e),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(N.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=n(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,n=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await L({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await L({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});let c=Math.floor(Math.random()*15)+10;for(;document.hidden&&c>0;)await L({milliseconds:1e3}),c--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is hidden try ${c}`});const f=document.hidden?n:n+1;o||(o={});const l=this.configuration,u=(h,y,_=null)=>se(this.configurationName,this.configuration,this.publishEvent.bind(this))(h,y,_),d=async()=>{try{let h;const y=await I(l,this.configurationName);y?h=y.getLoginParams():h=P(this.configurationName,l.storage).getLoginParams();const _=await u({...h.extras,...o,prompt:"none"},h.state);if(_)return i(_.tokens),this.publishEvent(N.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}}catch(h){if(console.error(h),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:h.message}),h&&h.message&&h.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,f,t,o,i)};if(n>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:h,tokens:y,nonce:_}=await this.syncTokensInfoAsync(l,this.configurationName,this.tokens,t);switch(h){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(y),{tokens:y,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(y),this.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:y,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:h,tryNumber:n}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:h,tryNumber:n}),!e)return await d();const g=l.client_id,S=l.redirect_uri,v=l.authority,$={...l.token_request_extras?l.token_request_extras:{}};for(const[k,w]of Object.entries(o))k.endsWith(":token_request")&&($[k.replace(":token_request","")]=w);return await(async()=>{const k={client_id:g,redirect_uri:S,grant_type:"refresh_token",refresh_token:y.refreshToken},w=await this.initAsync(v,l.authority_configuration),O=document.hidden?1e4:3e4*10,W=w.tokenEndpoint,R={};l.demonstrating_proof_of_possession&&(R.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(y.accessToken,W,"POST"));const A=await es(this.getFetch())(W,k,$,y,R,l.token_renew_mode,O);if(A.success){const{isValid:M,reason:As}=ue(A.data,_.nonce,w);if(!M)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${As}`}),{tokens:null,status:"SESSION_LOST"};if(i(A.data),A.demonstratingProofOfPossessionNonce){const Ie=await I(l,this.configurationName);Ie?await Ie.setDemonstratingProofOfPossessionNonce(A.demonstratingProofOfPossessionNonce):await P(this.configurationName,l.storage).setDemonstratingProofOfPossessionNonce(A.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:A.success}),this.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:A.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:A}),await this.synchroniseTokensAsync(e,f,t,o,i)})()}}}catch(h){return console.error(h),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:h.message}),this.synchroniseTokensAsync(e,f,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,n,t){const o=this.configuration,i={ath:await ke(e)},r=await I(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const f=P(this.configurationName,o.storage);a=await f.getDemonstratingProofOfPossessionJwkAsync(),c=await f.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Pe(a,t,n,i)}async syncTokensInfoAsync(e,n,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await I(e,n);if(a){const{status:u,tokens:d}=await a.initAsync(c,"syncTokensAsync",e);if(u==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(u==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!u||!d)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(d.issuedAt!==t.issuedAt){const y=K(e.refresh_time_before_tokens_expiration_in_second,d.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:d,status:y,nonce:_}}r=await a.getNonceAsync()}else{const u=P(n,e.storage??sessionStorage),{tokens:d,status:h}=await u.initAsync();if(d){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(d.issuedAt!==t.issuedAt){const _=K(e.refresh_time_before_tokens_expiration_in_second,d.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await u.getNonceAsync();return{tokens:d,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await u.getNonceAsync()}const l=K(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:l,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=ms(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=fs(this)(e),this.userInfoPromise.then(n=>(this.userInfoPromise=null,n)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return J.clearTimeout(this.timeoutId),this.renewTokensPromise=_e(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(n=>(this.renewTokensPromise=null,n))}async destroyAsync(e){return await us(this)(e)}async logoutSameTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(this.publishEvent(m.logout_from_same_tab,{message:n}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:n}))}async logoutAsync(e=void 0,n=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=ds(this,x,this.getFetch(),console,this.location)(e,n),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};N.getOrCreate=(e,n)=>(t,o="default")=>ks(e,n)(t,o),N.eventNames=m;let D=N;const ws=(s,e)=>async(...n)=>{var d;const[t,o,...i]=n,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,f=await a.getValidTokenAsync(),l=(d=f==null?void 0:f.tokens)==null?void 0:d.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(l,t.toString(),r.method);c.set("Authorization",`PoP ${l}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${l}`);r.credentials||(r.credentials="same-origin")}const u={...r,headers:c};return await s(t,u,...i)},V=class V{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,n){this._oidc.publishEvent(e,n)}static get(e="default"){return new V(D.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,n=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,n,t,o,i)}logoutAsync(e=void 0,n=null){return this._oidc.logoutAsync(e,n)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,n,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,n,t)}async getValidTokenAsync(e=200,n=50){return De(this._oidc,e,n)}fetchWithTokens(e){return ws(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};V.getOrCreate=(e,n=new H)=>(t,o="default")=>new V(D.getOrCreate(e,n)(t,o)),V.eventNames=D.eventNames;let ae=V;E.OidcClient=ae,E.OidcLocation=H,E.TokenRenewMode=X,E.getFetchDefault=Ee,E.getParseQueryStringFromLocation=q,E.getPath=ts,Object.defineProperty(E,Symbol.toStringTag,{value:"Module"})});
|
package/dist/initWorker.d.ts
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { OidcConfiguration } from './types.js';
|
|
2
2
|
import { ILOidcLocation } from "./location";
|
|
3
|
-
export declare const sleepAsync: (milliseconds:
|
|
3
|
+
export declare const sleepAsync: ({ milliseconds }: {
|
|
4
|
+
milliseconds: any;
|
|
5
|
+
}) => Promise<unknown>;
|
|
4
6
|
export declare const defaultServiceWorkerUpdateRequireCallback: (location: ILOidcLocation) => (registration: any, stopKeepAlive: Function) => Promise<void>;
|
|
5
7
|
export declare const initWorkerAsync: (configuration: any, configurationName: any) => Promise<{
|
|
6
8
|
clearAsync: (status: any) => Promise<any>;
|
package/dist/types.d.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
export type Fetch = typeof window.fetch;
|
|
2
2
|
export type LogoutToken = 'access_token' | 'refresh_token';
|
|
3
3
|
export type ServiceWorkerUpdateRequireCallback = (registration: any, stopKeepAlive: Function) => Promise<void>;
|
|
4
|
+
export type ServiceWorkerRegister = (serviceWorkerRelativeUrl: string) => Promise<ServiceWorkerRegistration>;
|
|
4
5
|
export type ServiceWorkerActivate = () => boolean;
|
|
5
6
|
export type OidcConfiguration = {
|
|
6
7
|
client_id: string;
|
|
@@ -16,6 +17,7 @@ export type OidcConfiguration = {
|
|
|
16
17
|
refresh_time_before_tokens_expiration_in_second?: number;
|
|
17
18
|
token_request_timeout?: number;
|
|
18
19
|
service_worker_relative_url?: string;
|
|
20
|
+
service_worker_register?: ServiceWorkerRegister;
|
|
19
21
|
service_worker_keep_alive_path?: string;
|
|
20
22
|
service_worker_activate?: ServiceWorkerActivate;
|
|
21
23
|
service_worker_only?: boolean;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,KAAK,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC;AAExC,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,eAAe,CAAC;AAE3D,MAAM,MAAM,kCAAkC,GAAG,CAAC,YAAY,EAAC,GAAG,EAAE,aAAa,EAAC,QAAQ,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAC7G,MAAM,MAAM,qBAAqB,GAAG,MAAM,OAAO,CAAC;AAElD,MAAM,MAAM,iBAAiB,GAAG;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAC,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAC,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAC,MAAM,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C,CAAC,EAAE,MAAM,CAAC;IACpD,4CAA4C,CAAC,EAAE,MAAM,CAAC;IACtD,uBAAuB,CAAC,EAAE,sBAAsB,CAAC;IACjD,+CAA+C,CAAC,EAAE,MAAM,CAAC;IACzD,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,2BAA2B,CAAC,EAAC,MAAM,CAAC;IACpC,8BAA8B,CAAC,EAAC,MAAM,CAAC;IACvC,uBAAuB,CAAC,EAAC,qBAAqB,CAAC;IAC/C,mBAAmB,CAAC,EAAC,OAAO,CAAC;IAC7B,2CAA2C,CAAC,EAAC,OAAO,CAAC;IACrD,sCAAsC,CAAC,EAAC,kCAAkC,CAAC;IAC3E,MAAM,CAAC,EAAC,SAAS,CAAC;IAClB,oBAAoB,CAAC,EAAC,SAAS,CAAC;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,2BAA2B,CAAC,EAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAChD,iCAAiC,CAAC,EAAC,OAAO,CAAC;CAC9C,CAAC;AAEF,MAAM,WAAW,SAAS;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,sBAAsB;IACnC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oBAAoB,CAAC,EAAC,MAAM,CAAC;IAC7B,MAAM,EAAC,MAAM,CAAC;CACjB"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,KAAK,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC;AAExC,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,eAAe,CAAC;AAE3D,MAAM,MAAM,kCAAkC,GAAG,CAAC,YAAY,EAAC,GAAG,EAAE,aAAa,EAAC,QAAQ,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAC7G,MAAM,MAAM,qBAAqB,GAAG,CAAC,wBAAwB,EAAC,MAAM,KAAK,OAAO,CAAC,yBAAyB,CAAC,CAAC;AAC5G,MAAM,MAAM,qBAAqB,GAAG,MAAM,OAAO,CAAC;AAElD,MAAM,MAAM,iBAAiB,GAAG;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAC,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAC,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAC,MAAM,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C,CAAC,EAAE,MAAM,CAAC;IACpD,4CAA4C,CAAC,EAAE,MAAM,CAAC;IACtD,uBAAuB,CAAC,EAAE,sBAAsB,CAAC;IACjD,+CAA+C,CAAC,EAAE,MAAM,CAAC;IACzD,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,2BAA2B,CAAC,EAAC,MAAM,CAAC;IACpC,uBAAuB,CAAC,EAAC,qBAAqB,CAAC;IAC/C,8BAA8B,CAAC,EAAC,MAAM,CAAC;IACvC,uBAAuB,CAAC,EAAC,qBAAqB,CAAC;IAC/C,mBAAmB,CAAC,EAAC,OAAO,CAAC;IAC7B,2CAA2C,CAAC,EAAC,OAAO,CAAC;IACrD,sCAAsC,CAAC,EAAC,kCAAkC,CAAC;IAC3E,MAAM,CAAC,EAAC,SAAS,CAAC;IAClB,oBAAoB,CAAC,EAAC,SAAS,CAAC;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,2BAA2B,CAAC,EAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAChD,iCAAiC,CAAC,EAAC,OAAO,CAAC;CAC9C,CAAC;AAEF,MAAM,WAAW,SAAS;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,sBAAsB;IACnC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oBAAoB,CAAC,EAAC,MAAM,CAAC;IAC7B,MAAM,EAAC,MAAM,CAAC;CACjB"}
|
package/dist/version.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
declare const _default: "7.
|
|
1
|
+
declare const _default: "7.13.0";
|
|
2
2
|
export default _default;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axa-fr/oidc-client",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.13.0",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.umd.cjs",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"url": "https://github.com/AxaFrance/oidc-client.git"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@axa-fr/oidc-client-service-worker": "7.
|
|
23
|
+
"@axa-fr/oidc-client-service-worker": "7.13.0"
|
|
24
24
|
},
|
|
25
25
|
"devDependencies": {
|
|
26
26
|
"@testing-library/dom": "^9.3.3",
|
package/src/initWorker.ts
CHANGED
|
@@ -6,7 +6,7 @@ import {ILOidcLocation} from "./location";
|
|
|
6
6
|
|
|
7
7
|
let keepAliveServiceWorkerTimeoutId = null;
|
|
8
8
|
let keepAliveController;
|
|
9
|
-
export const sleepAsync = (milliseconds) => {
|
|
9
|
+
export const sleepAsync = ({milliseconds}: { milliseconds: any }) => {
|
|
10
10
|
return new Promise(resolve => timer.setTimeout(resolve, milliseconds));
|
|
11
11
|
};
|
|
12
12
|
|
|
@@ -16,7 +16,7 @@ const keepAlive = (service_worker_keep_alive_path='/') => {
|
|
|
16
16
|
keepAliveController = new AbortController();
|
|
17
17
|
const promise = fetch(`${service_worker_keep_alive_path}OidcKeepAliveServiceWorker.json?minSleepSeconds=${minSleepSeconds}`, { signal: keepAliveController.signal });
|
|
18
18
|
promise.catch(error => { console.log(error); });
|
|
19
|
-
sleepAsync(minSleepSeconds * 1000).then(keepAlive);
|
|
19
|
+
sleepAsync({milliseconds: minSleepSeconds * 1000}).then(keepAlive);
|
|
20
20
|
} catch (error) { console.log(error); }
|
|
21
21
|
};
|
|
22
22
|
|
|
@@ -41,7 +41,7 @@ export const defaultServiceWorkerUpdateRequireCallback = (location:ILOidcLocatio
|
|
|
41
41
|
await registration.update();
|
|
42
42
|
const isSuccess = await registration.unregister();
|
|
43
43
|
console.log(`Service worker unregistering ${isSuccess}`)
|
|
44
|
-
await sleepAsync(2000);
|
|
44
|
+
await sleepAsync({milliseconds: 2000});
|
|
45
45
|
location.reload();
|
|
46
46
|
}
|
|
47
47
|
|
|
@@ -72,7 +72,12 @@ export const initWorkerAsync = async(configuration, configurationName) => {
|
|
|
72
72
|
return null;
|
|
73
73
|
}
|
|
74
74
|
|
|
75
|
-
|
|
75
|
+
let registration = null;
|
|
76
|
+
if(configuration.register) {
|
|
77
|
+
registration = await configuration.service_worker_register(serviceWorkerRelativeUrl);
|
|
78
|
+
} else {
|
|
79
|
+
registration = await navigator.serviceWorker.register(serviceWorkerRelativeUrl);
|
|
80
|
+
}
|
|
76
81
|
|
|
77
82
|
try {
|
|
78
83
|
await navigator.serviceWorker.ready;
|
package/src/oidc.ts
CHANGED
|
@@ -352,18 +352,18 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
352
352
|
|
|
353
353
|
async synchroniseTokensAsync(refreshToken, index = 0, forceRefresh = false, extras:StringMap = null, updateTokens) {
|
|
354
354
|
while (!navigator.onLine && document.hidden) {
|
|
355
|
-
await sleepAsync(1000);
|
|
355
|
+
await sleepAsync({milliseconds: 1000});
|
|
356
356
|
this.publishEvent(eventNames.refreshTokensAsync, { message: 'wait because navigator is offline and hidden' });
|
|
357
357
|
}
|
|
358
358
|
let numberTryOnline = 6;
|
|
359
359
|
while (!navigator.onLine && numberTryOnline > 0) {
|
|
360
|
-
await sleepAsync(1000);
|
|
360
|
+
await sleepAsync({milliseconds: 1000});
|
|
361
361
|
numberTryOnline--;
|
|
362
362
|
this.publishEvent(eventNames.refreshTokensAsync, { message: `wait because navigator is offline try ${numberTryOnline}` });
|
|
363
363
|
}
|
|
364
364
|
let numberTryHidden = Math.floor(Math.random() * 15) + 10;
|
|
365
365
|
while (document.hidden && numberTryHidden > 0) {
|
|
366
|
-
await sleepAsync(1000);
|
|
366
|
+
await sleepAsync({milliseconds: 1000});
|
|
367
367
|
numberTryHidden--;
|
|
368
368
|
this.publishEvent(eventNames.refreshTokensAsync, { message: `wait because navigator is hidden try ${numberTryHidden}` });
|
|
369
369
|
}
|
package/src/parseTokens.ts
CHANGED
|
@@ -173,7 +173,7 @@ export const getValidTokenAsync = async (oidc: OidcToken, waitMs = 200, numberWa
|
|
|
173
173
|
return null;
|
|
174
174
|
}
|
|
175
175
|
while (!isTokensValid(oidc.tokens) && numberWaitTemp > 0) {
|
|
176
|
-
await sleepAsync(waitMs);
|
|
176
|
+
await sleepAsync({milliseconds: waitMs});
|
|
177
177
|
numberWaitTemp = numberWaitTemp - 1;
|
|
178
178
|
}
|
|
179
179
|
const isValid = isTokensValid(oidc.tokens);
|
package/src/types.ts
CHANGED
|
@@ -3,6 +3,7 @@ export type Fetch = typeof window.fetch;
|
|
|
3
3
|
export type LogoutToken = 'access_token' | 'refresh_token';
|
|
4
4
|
|
|
5
5
|
export type ServiceWorkerUpdateRequireCallback = (registration:any, stopKeepAlive:Function) => Promise<void>;
|
|
6
|
+
export type ServiceWorkerRegister = (serviceWorkerRelativeUrl:string) => Promise<ServiceWorkerRegistration>;
|
|
6
7
|
export type ServiceWorkerActivate = () => boolean;
|
|
7
8
|
|
|
8
9
|
export type OidcConfiguration = {
|
|
@@ -19,6 +20,7 @@ export type OidcConfiguration = {
|
|
|
19
20
|
refresh_time_before_tokens_expiration_in_second?: number;
|
|
20
21
|
token_request_timeout?: number;
|
|
21
22
|
service_worker_relative_url?:string;
|
|
23
|
+
service_worker_register?:ServiceWorkerRegister;
|
|
22
24
|
service_worker_keep_alive_path?:string;
|
|
23
25
|
service_worker_activate?:ServiceWorkerActivate;
|
|
24
26
|
service_worker_only?:boolean;
|
package/src/user.ts
CHANGED
|
@@ -8,7 +8,7 @@ export const userInfoAsync = (oidc) => async (noCache = false) => {
|
|
|
8
8
|
|
|
9
9
|
// We wait the synchronisation before making a request
|
|
10
10
|
while (oidc.tokens && !isTokensValid(oidc.tokens)) {
|
|
11
|
-
await sleepAsync(200);
|
|
11
|
+
await sleepAsync({milliseconds: 200});
|
|
12
12
|
}
|
|
13
13
|
|
|
14
14
|
if (!oidc.tokens) {
|
package/src/version.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export default '7.
|
|
1
|
+
export default '7.13.0';
|