@axa-fr/oidc-client 7.13.0 → 7.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +348 -347
- package/dist/index.umd.cjs +2 -2
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/oidc.ts +1 -6
- package/src/renewTokens.ts +29 -18
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
const
|
|
1
|
+
const $ = console;
|
|
2
2
|
class Ee {
|
|
3
3
|
constructor(e, n, t, o = 2e3, i = !0) {
|
|
4
4
|
this._callback = e, this._client_id = n, this._url = t, this._interval = o || 2e3, this._stopOnError = i;
|
|
@@ -13,17 +13,17 @@ class Ee {
|
|
|
13
13
|
});
|
|
14
14
|
}
|
|
15
15
|
_message(e) {
|
|
16
|
-
e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (
|
|
16
|
+
e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? ($.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? ($.debug(e), $.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : $.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
|
|
17
17
|
}
|
|
18
18
|
start(e) {
|
|
19
|
-
|
|
19
|
+
$.debug("CheckSessionIFrame.start :" + e), this.stop();
|
|
20
20
|
const n = () => {
|
|
21
21
|
this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
|
|
22
22
|
};
|
|
23
23
|
n(), this._timer = window.setInterval(n, this._interval);
|
|
24
24
|
}
|
|
25
25
|
stop() {
|
|
26
|
-
this._timer && (
|
|
26
|
+
this._timer && ($.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
29
|
const m = {
|
|
@@ -53,7 +53,7 @@ const m = {
|
|
|
53
53
|
syncTokensAsync_begin: "syncTokensAsync_begin",
|
|
54
54
|
syncTokensAsync_end: "syncTokensAsync_end",
|
|
55
55
|
syncTokensAsync_error: "syncTokensAsync_error"
|
|
56
|
-
},
|
|
56
|
+
}, I = (s, e = sessionStorage) => {
|
|
57
57
|
const n = (p) => (e[`oidc.${s}`] = JSON.stringify({ tokens: null, status: p }), Promise.resolve()), t = async () => {
|
|
58
58
|
if (!e[`oidc.${s}`])
|
|
59
59
|
return e[`oidc.${s}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
|
|
@@ -67,9 +67,9 @@ const m = {
|
|
|
67
67
|
e[`oidc.nonce.${s}`] = p.nonce;
|
|
68
68
|
}, a = (p) => {
|
|
69
69
|
e[`oidc.jwk.${s}`] = JSON.stringify(p);
|
|
70
|
-
},
|
|
70
|
+
}, u = () => JSON.parse(e[`oidc.jwk.${s}`]), f = async () => ({ nonce: e[`oidc.nonce.${s}`] }), d = async (p) => {
|
|
71
71
|
e[`oidc.dpop_nonce.${s}`] = p;
|
|
72
|
-
},
|
|
72
|
+
}, l = () => e[`oidc.dpop_nonce.${s}`], h = () => e[`oidc.${s}`] ? JSON.stringify({ tokens: JSON.parse(e[`oidc.${s}`]).tokens }) : null;
|
|
73
73
|
let y = {};
|
|
74
74
|
return {
|
|
75
75
|
clearAsync: n,
|
|
@@ -79,7 +79,7 @@ const m = {
|
|
|
79
79
|
setSessionStateAsync: i,
|
|
80
80
|
getSessionStateAsync: r,
|
|
81
81
|
setNonceAsync: c,
|
|
82
|
-
getNonceAsync:
|
|
82
|
+
getNonceAsync: f,
|
|
83
83
|
setLoginParams: (p) => {
|
|
84
84
|
y[s] = p, e[`oidc.login.${s}`] = JSON.stringify(p);
|
|
85
85
|
},
|
|
@@ -95,10 +95,10 @@ const m = {
|
|
|
95
95
|
setCodeVerifierAsync: async (p) => {
|
|
96
96
|
e[`oidc.code_verifier.${s}`] = p;
|
|
97
97
|
},
|
|
98
|
-
setDemonstratingProofOfPossessionNonce:
|
|
99
|
-
getDemonstratingProofOfPossessionNonce:
|
|
98
|
+
setDemonstratingProofOfPossessionNonce: d,
|
|
99
|
+
getDemonstratingProofOfPossessionNonce: l,
|
|
100
100
|
setDemonstratingProofOfPossessionJwkAsync: a,
|
|
101
|
-
getDemonstratingProofOfPossessionJwkAsync:
|
|
101
|
+
getDemonstratingProofOfPossessionJwkAsync: u
|
|
102
102
|
};
|
|
103
103
|
}, Ie = (s) => decodeURIComponent(Array.prototype.map.call(atob(s), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), Ce = (s) => JSON.parse(Ie(s.split(".")[1].replace("-", "+").replace("_", "/"))), re = (s) => {
|
|
104
104
|
try {
|
|
@@ -120,7 +120,7 @@ function Ne(s, e, n) {
|
|
|
120
120
|
return e && e.iat ? e.iat : n && n.iat ? n.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
|
|
121
121
|
return s.issuedAt;
|
|
122
122
|
}
|
|
123
|
-
const
|
|
123
|
+
const ye = (s, e = null, n) => {
|
|
124
124
|
if (!s)
|
|
125
125
|
return null;
|
|
126
126
|
let t;
|
|
@@ -130,12 +130,12 @@ const _e = (s, e = null, n) => {
|
|
|
130
130
|
s.issuedAt = Ne(s, t, i);
|
|
131
131
|
let a;
|
|
132
132
|
s.expiresAt ? a = s.expiresAt : n === Y.access_token_invalid ? a = c : n === Y.id_token_invalid ? a = r : a = r < c ? r : c;
|
|
133
|
-
const
|
|
133
|
+
const u = { ...s, idTokenPayload: i, accessTokenPayload: t, expiresAt: a };
|
|
134
134
|
if (e != null && "refreshToken" in e && !("refreshToken" in s)) {
|
|
135
|
-
const
|
|
136
|
-
return { ...
|
|
135
|
+
const f = e.refreshToken;
|
|
136
|
+
return { ...u, refreshToken: f };
|
|
137
137
|
}
|
|
138
|
-
return
|
|
138
|
+
return u;
|
|
139
139
|
}, ne = (s, e, n) => {
|
|
140
140
|
if (!s)
|
|
141
141
|
return null;
|
|
@@ -151,22 +151,22 @@ const _e = (s, e = null, n) => {
|
|
|
151
151
|
tokenType: s.token_type,
|
|
152
152
|
issuedAt: s.issued_at
|
|
153
153
|
};
|
|
154
|
-
return "refresh_token" in s && (t.refreshToken = s.refresh_token), s.accessTokenPayload !== void 0 && (t.accessTokenPayload = s.accessTokenPayload), s.idTokenPayload !== void 0 && (t.idTokenPayload = s.idTokenPayload),
|
|
155
|
-
},
|
|
154
|
+
return "refresh_token" in s && (t.refreshToken = s.refresh_token), s.accessTokenPayload !== void 0 && (t.accessTokenPayload = s.accessTokenPayload), s.idTokenPayload !== void 0 && (t.idTokenPayload = s.idTokenPayload), ye(t, e, n);
|
|
155
|
+
}, K = (s, e) => {
|
|
156
156
|
const n = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = e - n;
|
|
157
157
|
return Math.round(t - s);
|
|
158
|
-
}, z = (s) => s ?
|
|
158
|
+
}, z = (s) => s ? K(0, s.expiresAt) > 0 : !1, We = async (s, e = 200, n = 50) => {
|
|
159
159
|
let t = n;
|
|
160
160
|
if (!s.tokens)
|
|
161
161
|
return null;
|
|
162
162
|
for (; !z(s.tokens) && t > 0; )
|
|
163
|
-
await
|
|
163
|
+
await U({ milliseconds: e }), t = t - 1;
|
|
164
164
|
return {
|
|
165
165
|
isTokensValid: z(s.tokens),
|
|
166
166
|
tokens: s.tokens,
|
|
167
167
|
numberWaited: t - n
|
|
168
168
|
};
|
|
169
|
-
},
|
|
169
|
+
}, ge = (s, e, n) => {
|
|
170
170
|
if (s.idTokenPayload) {
|
|
171
171
|
const t = s.idTokenPayload;
|
|
172
172
|
if (n.issuer !== t.iss)
|
|
@@ -183,57 +183,57 @@ const _e = (s, e = null, n) => {
|
|
|
183
183
|
return { isValid: !0, reason: "" };
|
|
184
184
|
}, J = function() {
|
|
185
185
|
const s = function() {
|
|
186
|
-
let a,
|
|
187
|
-
const
|
|
188
|
-
const
|
|
189
|
-
setTimeout: function(_, g,
|
|
190
|
-
|
|
191
|
-
_.postMessage(g),
|
|
192
|
-
},
|
|
186
|
+
let a, u;
|
|
187
|
+
const f = (function() {
|
|
188
|
+
const l = {}, h = {
|
|
189
|
+
setTimeout: function(_, g, w) {
|
|
190
|
+
l[g] = setTimeout(function() {
|
|
191
|
+
_.postMessage(g), l[g] = null;
|
|
192
|
+
}, w);
|
|
193
193
|
},
|
|
194
|
-
setInterval: function(_, g,
|
|
195
|
-
|
|
194
|
+
setInterval: function(_, g, w) {
|
|
195
|
+
l[g] = setInterval(function() {
|
|
196
196
|
_.postMessage(g);
|
|
197
|
-
},
|
|
197
|
+
}, w);
|
|
198
198
|
},
|
|
199
199
|
clearTimeout: function(_, g) {
|
|
200
|
-
clearTimeout(
|
|
200
|
+
clearTimeout(l[g]), l[g] = null;
|
|
201
201
|
},
|
|
202
202
|
clearInterval: function(_, g) {
|
|
203
|
-
clearInterval(
|
|
203
|
+
clearInterval(l[g]), l[g] = null;
|
|
204
204
|
}
|
|
205
205
|
};
|
|
206
206
|
function y(_, g) {
|
|
207
|
-
const
|
|
208
|
-
h[
|
|
207
|
+
const w = g.data[0], S = g.data[1], T = g.data[2];
|
|
208
|
+
h[w] && h[w](_, S, T);
|
|
209
209
|
}
|
|
210
210
|
this.onmessage = function(_) {
|
|
211
211
|
y(self, _);
|
|
212
212
|
}, this.onconnect = function(_) {
|
|
213
213
|
const g = _.ports[0];
|
|
214
|
-
g.onmessage = function(
|
|
215
|
-
y(g,
|
|
214
|
+
g.onmessage = function(w) {
|
|
215
|
+
y(g, w);
|
|
216
216
|
};
|
|
217
217
|
};
|
|
218
218
|
}).toString();
|
|
219
219
|
try {
|
|
220
|
-
const
|
|
221
|
-
|
|
220
|
+
const l = new Blob(["(", f, ")()"], { type: "application/javascript" });
|
|
221
|
+
u = URL.createObjectURL(l);
|
|
222
222
|
} catch {
|
|
223
223
|
return null;
|
|
224
224
|
}
|
|
225
|
-
const
|
|
225
|
+
const d = typeof process > "u";
|
|
226
226
|
try {
|
|
227
227
|
if (SharedWorker)
|
|
228
|
-
return a = new SharedWorker(
|
|
228
|
+
return a = new SharedWorker(u), a.port;
|
|
229
229
|
} catch {
|
|
230
|
-
|
|
230
|
+
d && console.warn("SharedWorker not available");
|
|
231
231
|
}
|
|
232
232
|
try {
|
|
233
233
|
if (Worker)
|
|
234
|
-
return a = new Worker(
|
|
234
|
+
return a = new Worker(u), a;
|
|
235
235
|
} catch {
|
|
236
|
-
|
|
236
|
+
d && console.warn("Worker not available");
|
|
237
237
|
}
|
|
238
238
|
return null;
|
|
239
239
|
}();
|
|
@@ -253,24 +253,24 @@ const _e = (s, e = null, n) => {
|
|
|
253
253
|
};
|
|
254
254
|
}(), n = {}, t = {};
|
|
255
255
|
s.onmessage = function(a) {
|
|
256
|
-
const
|
|
257
|
-
if (
|
|
258
|
-
|
|
256
|
+
const u = a.data, f = n[u];
|
|
257
|
+
if (f) {
|
|
258
|
+
f(), n[u] = null;
|
|
259
259
|
return;
|
|
260
260
|
}
|
|
261
|
-
const
|
|
262
|
-
|
|
261
|
+
const d = t[u];
|
|
262
|
+
d && d();
|
|
263
263
|
};
|
|
264
|
-
function o(a,
|
|
265
|
-
const
|
|
266
|
-
return s.postMessage(["setTimeout",
|
|
264
|
+
function o(a, u) {
|
|
265
|
+
const f = e();
|
|
266
|
+
return s.postMessage(["setTimeout", f, u]), n[f] = a, f;
|
|
267
267
|
}
|
|
268
268
|
function i(a) {
|
|
269
269
|
s.postMessage(["clearTimeout", a]), n[a] = null;
|
|
270
270
|
}
|
|
271
|
-
function r(a,
|
|
272
|
-
const
|
|
273
|
-
return s.postMessage(["setInterval",
|
|
271
|
+
function r(a, u) {
|
|
272
|
+
const f = e();
|
|
273
|
+
return s.postMessage(["setInterval", f, u]), t[f] = a, f;
|
|
274
274
|
}
|
|
275
275
|
function c(a) {
|
|
276
276
|
s.postMessage(["clearInterval", a]), t[a] = null;
|
|
@@ -281,13 +281,13 @@ const _e = (s, e = null, n) => {
|
|
|
281
281
|
setInterval: r,
|
|
282
282
|
clearInterval: c
|
|
283
283
|
};
|
|
284
|
-
}(), ae = "7.13.
|
|
284
|
+
}(), ae = "7.13.1";
|
|
285
285
|
let ce = null, j;
|
|
286
|
-
const
|
|
286
|
+
const U = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ke = (s = "/") => {
|
|
287
287
|
try {
|
|
288
288
|
j = new AbortController(), fetch(`${s}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: j.signal }).catch((t) => {
|
|
289
289
|
console.log(t);
|
|
290
|
-
}),
|
|
290
|
+
}), U({ milliseconds: 150 * 1e3 }).then(ke);
|
|
291
291
|
} catch (e) {
|
|
292
292
|
console.log(e);
|
|
293
293
|
}
|
|
@@ -302,7 +302,7 @@ const D = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ge =
|
|
|
302
302
|
}), $e = (s) => async (e, n) => {
|
|
303
303
|
n(), await e.update();
|
|
304
304
|
const t = await e.unregister();
|
|
305
|
-
console.log(`Service worker unregistering ${t}`), await
|
|
305
|
+
console.log(`Service worker unregistering ${t}`), await U({ milliseconds: 2e3 }), s.reload();
|
|
306
306
|
}, b = (s) => (e) => new Promise(function(n, t) {
|
|
307
307
|
const o = new MessageChannel();
|
|
308
308
|
o.port1.onmessage = function(i) {
|
|
@@ -319,27 +319,27 @@ const D = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ge =
|
|
|
319
319
|
} catch {
|
|
320
320
|
return null;
|
|
321
321
|
}
|
|
322
|
-
const o = async (k) => b(t)({ type: "clear", data: { status: k }, configurationName: e }), i = async (k,
|
|
323
|
-
const
|
|
322
|
+
const o = async (k) => b(t)({ type: "clear", data: { status: k }, configurationName: e }), i = async (k, A, O) => {
|
|
323
|
+
const x = await b(t)({
|
|
324
324
|
type: "init",
|
|
325
325
|
data: {
|
|
326
326
|
oidcServerConfiguration: k,
|
|
327
|
-
where:
|
|
327
|
+
where: A,
|
|
328
328
|
oidcConfiguration: {
|
|
329
|
-
token_renew_mode:
|
|
330
|
-
service_worker_convert_all_requests_to_cors:
|
|
329
|
+
token_renew_mode: O.token_renew_mode,
|
|
330
|
+
service_worker_convert_all_requests_to_cors: O.service_worker_convert_all_requests_to_cors
|
|
331
331
|
}
|
|
332
332
|
},
|
|
333
333
|
configurationName: e
|
|
334
|
-
}),
|
|
335
|
-
return
|
|
334
|
+
}), P = x.version;
|
|
335
|
+
return P !== ae && (console.warn(`Service worker ${P} version mismatch with js client version ${ae}, unregistering and reloading`), await O.service_worker_update_require_callback(t, Le)), { tokens: ne(x.tokens, null, O.token_renew_mode), status: x.status };
|
|
336
336
|
}, r = (k = "/") => {
|
|
337
|
-
ce == null && (ce = "not_null",
|
|
338
|
-
}, c = (k) => b(t)({ type: "setSessionState", data: { sessionState: k }, configurationName: e }), a = async () => (await b(t)({ type: "getSessionState", data: null, configurationName: e })).sessionState,
|
|
339
|
-
let
|
|
340
|
-
return
|
|
337
|
+
ce == null && (ce = "not_null", ke(k));
|
|
338
|
+
}, c = (k) => b(t)({ type: "setSessionState", data: { sessionState: k }, configurationName: e }), a = async () => (await b(t)({ type: "getSessionState", data: null, configurationName: e })).sessionState, u = (k) => (sessionStorage[`oidc.nonce.${e}`] = k.nonce, b(t)({ type: "setNonce", data: { nonce: k }, configurationName: e })), f = async () => {
|
|
339
|
+
let A = (await b(t)({ type: "getNonce", data: null, configurationName: e })).nonce;
|
|
340
|
+
return A || (A = sessionStorage[`oidc.nonce.${e}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: A };
|
|
341
341
|
};
|
|
342
|
-
let
|
|
342
|
+
let d = {};
|
|
343
343
|
return {
|
|
344
344
|
clearAsync: o,
|
|
345
345
|
initAsync: i,
|
|
@@ -347,23 +347,23 @@ const D = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ge =
|
|
|
347
347
|
isServiceWorkerProxyActiveAsync: () => De(s.service_worker_keep_alive_path),
|
|
348
348
|
setSessionStateAsync: c,
|
|
349
349
|
getSessionStateAsync: a,
|
|
350
|
-
setNonceAsync:
|
|
351
|
-
getNonceAsync:
|
|
350
|
+
setNonceAsync: u,
|
|
351
|
+
getNonceAsync: f,
|
|
352
352
|
setLoginParams: (k) => {
|
|
353
|
-
|
|
353
|
+
d[e] = k, localStorage[`oidc.login.${e}`] = JSON.stringify(k);
|
|
354
354
|
},
|
|
355
355
|
getLoginParams: () => {
|
|
356
356
|
const k = localStorage[`oidc.login.${e}`];
|
|
357
|
-
return
|
|
357
|
+
return d[e] || (d[e] = JSON.parse(k)), d[e];
|
|
358
358
|
},
|
|
359
359
|
getStateAsync: async () => {
|
|
360
|
-
let
|
|
361
|
-
return
|
|
360
|
+
let A = (await b(t)({ type: "getState", data: null, configurationName: e })).state;
|
|
361
|
+
return A || (A = sessionStorage[`oidc.state.${e}`], console.warn("state not found in service worker, using sessionStorage")), A;
|
|
362
362
|
},
|
|
363
363
|
setStateAsync: async (k) => (sessionStorage[`oidc.state.${e}`] = k, b(t)({ type: "setState", data: { state: k }, configurationName: e })),
|
|
364
364
|
getCodeVerifierAsync: async () => {
|
|
365
|
-
let
|
|
366
|
-
return
|
|
365
|
+
let A = (await b(t)({ type: "getCodeVerifier", data: null, configurationName: e })).codeVerifier;
|
|
366
|
+
return A || (A = sessionStorage[`oidc.code_verifier.${e}`], console.warn("codeVerifier not found in service worker, using sessionStorage")), A;
|
|
367
367
|
},
|
|
368
368
|
setCodeVerifierAsync: async (k) => (sessionStorage[`oidc.code_verifier.${e}`] = k, b(t)({ type: "setCodeVerifier", data: { codeVerifier: k }, configurationName: e })),
|
|
369
369
|
setDemonstratingProofOfPossessionNonce: async (k) => {
|
|
@@ -371,8 +371,8 @@ const D = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ge =
|
|
|
371
371
|
},
|
|
372
372
|
getDemonstratingProofOfPossessionNonce: async () => (await b(t)({ type: "getDemonstratingProofOfPossessionNonce", data: null, configurationName: e })).demonstratingProofOfPossessionNonce,
|
|
373
373
|
setDemonstratingProofOfPossessionJwkAsync: async (k) => {
|
|
374
|
-
const
|
|
375
|
-
b(t)({ type: "setDemonstratingProofOfPossessionJwk", data: { demonstratingProofOfPossessionJwkJson:
|
|
374
|
+
const A = JSON.stringify(k);
|
|
375
|
+
b(t)({ type: "setDemonstratingProofOfPossessionJwk", data: { demonstratingProofOfPossessionJwkJson: A }, configurationName: e });
|
|
376
376
|
},
|
|
377
377
|
getDemonstratingProofOfPossessionJwkAsync: async () => {
|
|
378
378
|
const k = await b(t)({ type: "getDemonstratingProofOfPossessionJwk", data: null, configurationName: e });
|
|
@@ -380,20 +380,23 @@ const D = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ge =
|
|
|
380
380
|
}
|
|
381
381
|
};
|
|
382
382
|
};
|
|
383
|
-
async function
|
|
384
|
-
const o =
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
383
|
+
async function le(s, e, n, t) {
|
|
384
|
+
const o = (a) => {
|
|
385
|
+
s.tokens = a;
|
|
386
|
+
}, { tokens: i, status: r } = await s.synchroniseTokensAsync(e, 0, n, t, o);
|
|
387
|
+
return await E(s.configuration, s.configurationName) || await I(s.configurationName, s.configuration.storage).setTokens(s.tokens), s.tokens ? i : (await s.destroyAsync(r), null);
|
|
388
|
+
}
|
|
389
|
+
async function me(s, e, n = !1, t = null) {
|
|
390
|
+
const o = s.configuration, i = `${o.client_id}_${s.configurationName}_${o.authority}`;
|
|
391
|
+
let r = null;
|
|
392
|
+
const c = await E(s.configuration, s.configurationName);
|
|
393
|
+
return o.storage === window.sessionStorage && !c ? r = await le(s, e, n, t) : r = await navigator.locks.request(i, async (a) => await le(s, e, n, t)), r ? (s.timeoutId && (s.timeoutId = M(s, r.refreshToken, s.tokens.expiresAt, t)), s.tokens) : null;
|
|
391
394
|
}
|
|
392
|
-
const
|
|
395
|
+
const M = (s, e, n, t = null) => {
|
|
393
396
|
const o = s.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
394
397
|
return J.setTimeout(async () => {
|
|
395
|
-
const r = { timeLeft:
|
|
396
|
-
s.publishEvent(
|
|
398
|
+
const r = { timeLeft: K(o, n) };
|
|
399
|
+
s.publishEvent(L.eventNames.token_timer, r), await me(s, e, !1, t);
|
|
397
400
|
}, 1e3);
|
|
398
401
|
}, te = (s, e, n) => (t = null, o = null, i = null) => {
|
|
399
402
|
if (!e.silent_redirect_uri || !e.silent_login_uri)
|
|
@@ -402,32 +405,32 @@ const K = (s, e, n, t = null) => {
|
|
|
402
405
|
n(m.silentLoginAsync_begin, {});
|
|
403
406
|
let r = "";
|
|
404
407
|
if (o && (t == null && (t = {}), t.state = o), i && (t == null && (t = {}), t.scope = i), t != null)
|
|
405
|
-
for (const [
|
|
406
|
-
r === "" ? r = `?${encodeURIComponent(
|
|
407
|
-
const c = e.silent_login_uri + r, a = c.indexOf("/", c.indexOf("//") + 2),
|
|
408
|
-
return
|
|
408
|
+
for (const [d, l] of Object.entries(t))
|
|
409
|
+
r === "" ? r = `?${encodeURIComponent(d)}=${encodeURIComponent(l)}` : r += `&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;
|
|
410
|
+
const c = e.silent_login_uri + r, a = c.indexOf("/", c.indexOf("//") + 2), u = c.substr(0, a), f = document.createElement("iframe");
|
|
411
|
+
return f.width = "0px", f.height = "0px", f.id = `${s}_oidc_iframe`, f.setAttribute("src", c), document.body.appendChild(f), new Promise((d, l) => {
|
|
409
412
|
try {
|
|
410
413
|
let h = !1;
|
|
411
414
|
window.onmessage = (_) => {
|
|
412
|
-
if (_.origin ===
|
|
413
|
-
const g = `${s}_oidc_tokens:`,
|
|
415
|
+
if (_.origin === u && _.source === f.contentWindow) {
|
|
416
|
+
const g = `${s}_oidc_tokens:`, w = `${s}_oidc_error:`, S = _.data;
|
|
414
417
|
if (S && typeof S == "string" && !h) {
|
|
415
418
|
if (S.startsWith(g)) {
|
|
416
419
|
const T = JSON.parse(_.data.replace(g, ""));
|
|
417
|
-
n(m.silentLoginAsync_end, {}),
|
|
418
|
-
} else if (S.startsWith(
|
|
419
|
-
const T = JSON.parse(_.data.replace(
|
|
420
|
-
n(m.silentLoginAsync_error, T),
|
|
420
|
+
n(m.silentLoginAsync_end, {}), f.remove(), h = !0, d(T);
|
|
421
|
+
} else if (S.startsWith(w)) {
|
|
422
|
+
const T = JSON.parse(_.data.replace(w, ""));
|
|
423
|
+
n(m.silentLoginAsync_error, T), f.remove(), h = !0, l(new Error("oidc_" + T.error));
|
|
421
424
|
}
|
|
422
425
|
}
|
|
423
426
|
}
|
|
424
427
|
};
|
|
425
428
|
const y = e.silent_login_timeout;
|
|
426
429
|
setTimeout(() => {
|
|
427
|
-
h || (n(m.silentLoginAsync_error, { reason: "timeout" }),
|
|
430
|
+
h || (n(m.silentLoginAsync_error, { reason: "timeout" }), f.remove(), h = !0, l(new Error("timeout")));
|
|
428
431
|
}, y);
|
|
429
432
|
} catch (h) {
|
|
430
|
-
|
|
433
|
+
f.remove(), n(m.silentLoginAsync_error, h), l(h);
|
|
431
434
|
}
|
|
432
435
|
});
|
|
433
436
|
} catch (r) {
|
|
@@ -435,35 +438,35 @@ const K = (s, e, n, t = null) => {
|
|
|
435
438
|
}
|
|
436
439
|
}, Re = (s, e, n, t, o) => (i = null, r = void 0) => {
|
|
437
440
|
i = { ...i };
|
|
438
|
-
const c = (
|
|
441
|
+
const c = (u, f, d) => te(e, n, t.bind(o))(u, f, d);
|
|
439
442
|
return (async () => {
|
|
440
443
|
o.timeoutId && J.clearTimeout(o.timeoutId);
|
|
441
|
-
let
|
|
442
|
-
i && "state" in i && (
|
|
444
|
+
let u;
|
|
445
|
+
i && "state" in i && (u = i.state, delete i.state);
|
|
443
446
|
try {
|
|
444
|
-
const
|
|
445
|
-
...
|
|
447
|
+
const f = n.extras ? { ...n.extras, ...i } : i, d = await c({
|
|
448
|
+
...f,
|
|
446
449
|
prompt: "none"
|
|
447
|
-
},
|
|
448
|
-
if (
|
|
449
|
-
return o.tokens =
|
|
450
|
-
} catch (
|
|
451
|
-
return
|
|
450
|
+
}, u, r);
|
|
451
|
+
if (d)
|
|
452
|
+
return o.tokens = d.tokens, t(m.token_aquired, {}), o.timeoutId = M(o, o.tokens.refreshToken, o.tokens.expiresAt, i), {};
|
|
453
|
+
} catch (f) {
|
|
454
|
+
return f;
|
|
452
455
|
}
|
|
453
456
|
})();
|
|
454
457
|
}, Fe = (s, e, n) => (t, o, i, r = !1) => {
|
|
455
|
-
const c = (a,
|
|
456
|
-
return new Promise((a,
|
|
458
|
+
const c = (a, u = void 0, f = void 0) => te(s.configurationName, n, s.publishEvent.bind(s))(a, u, f);
|
|
459
|
+
return new Promise((a, u) => {
|
|
457
460
|
if (n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && t && i && !r) {
|
|
458
|
-
const
|
|
461
|
+
const f = () => {
|
|
459
462
|
s.checkSessionIFrame.stop();
|
|
460
|
-
const
|
|
461
|
-
if (
|
|
463
|
+
const d = s.tokens;
|
|
464
|
+
if (d === null)
|
|
462
465
|
return;
|
|
463
|
-
const
|
|
466
|
+
const l = d.idToken, h = d.idTokenPayload;
|
|
464
467
|
return c({
|
|
465
468
|
prompt: "none",
|
|
466
|
-
id_token_hint:
|
|
469
|
+
id_token_hint: l,
|
|
467
470
|
scope: n.scope || "openid"
|
|
468
471
|
}).then((y) => {
|
|
469
472
|
const _ = y.tokens.idTokenPayload;
|
|
@@ -478,36 +481,36 @@ const K = (s, e, n, t = null) => {
|
|
|
478
481
|
await g.logoutOtherTabAsync(n.client_id, h.sub);
|
|
479
482
|
});
|
|
480
483
|
};
|
|
481
|
-
s.checkSessionIFrame = new Ee(
|
|
484
|
+
s.checkSessionIFrame = new Ee(f, o, t), s.checkSessionIFrame.load().then(() => {
|
|
482
485
|
s.checkSessionIFrame.start(i), a(s.checkSessionIFrame);
|
|
483
|
-
}).catch((
|
|
484
|
-
|
|
486
|
+
}).catch((d) => {
|
|
487
|
+
u(d);
|
|
485
488
|
});
|
|
486
489
|
} else
|
|
487
490
|
a(null);
|
|
488
491
|
});
|
|
489
492
|
};
|
|
490
|
-
var Ue = Je,
|
|
491
|
-
for (var q = 0, Ve =
|
|
492
|
-
|
|
493
|
-
function
|
|
494
|
-
return
|
|
493
|
+
var Ue = Je, C = [], ue = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
|
494
|
+
for (var q = 0, Ve = ue.length; q < Ve; ++q)
|
|
495
|
+
C[q] = ue[q];
|
|
496
|
+
function Ke(s) {
|
|
497
|
+
return C[s >> 18 & 63] + C[s >> 12 & 63] + C[s >> 6 & 63] + C[s & 63];
|
|
495
498
|
}
|
|
496
|
-
function
|
|
499
|
+
function Me(s, e, n) {
|
|
497
500
|
for (var t, o = [], i = e; i < n; i += 3)
|
|
498
|
-
t = (s[i] << 16 & 16711680) + (s[i + 1] << 8 & 65280) + (s[i + 2] & 255), o.push(
|
|
501
|
+
t = (s[i] << 16 & 16711680) + (s[i + 1] << 8 & 65280) + (s[i + 2] & 255), o.push(Ke(t));
|
|
499
502
|
return o.join("");
|
|
500
503
|
}
|
|
501
504
|
function Je(s) {
|
|
502
505
|
for (var e, n = s.length, t = n % 3, o = [], i = 16383, r = 0, c = n - t; r < c; r += i)
|
|
503
|
-
o.push(
|
|
506
|
+
o.push(Me(s, r, r + i > c ? c : r + i));
|
|
504
507
|
return t === 1 ? (e = s[n - 1], o.push(
|
|
505
|
-
|
|
508
|
+
C[e >> 2] + C[e << 4 & 63] + "=="
|
|
506
509
|
)) : t === 2 && (e = (s[n - 2] << 8) + s[n - 1], o.push(
|
|
507
|
-
|
|
510
|
+
C[e >> 10] + C[e >> 4 & 63] + C[e << 2 & 63] + "="
|
|
508
511
|
)), o.join("");
|
|
509
512
|
}
|
|
510
|
-
const
|
|
513
|
+
const pe = () => {
|
|
511
514
|
const s = typeof window < "u" && !!window.crypto, e = s && !!window.crypto.subtle;
|
|
512
515
|
return { hasCrypto: s, hasSubtleCrypto: e };
|
|
513
516
|
}, Q = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", Be = (s) => {
|
|
@@ -518,7 +521,7 @@ const me = () => {
|
|
|
518
521
|
}
|
|
519
522
|
return e.join("");
|
|
520
523
|
}, qe = (s) => Ue(new Uint8Array(s)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, ""), Z = (s) => {
|
|
521
|
-
const e = new Uint8Array(s), { hasCrypto: n } =
|
|
524
|
+
const e = new Uint8Array(s), { hasCrypto: n } = pe();
|
|
522
525
|
if (n)
|
|
523
526
|
window.crypto.getRandomValues(e);
|
|
524
527
|
else
|
|
@@ -532,7 +535,7 @@ function je(s) {
|
|
|
532
535
|
n[t] = s.charCodeAt(t);
|
|
533
536
|
return n;
|
|
534
537
|
}
|
|
535
|
-
function
|
|
538
|
+
function we(s) {
|
|
536
539
|
return new Promise((e, n) => {
|
|
537
540
|
crypto.subtle.digest("SHA-256", je(s)).then((t) => e(qe(new Uint8Array(t))), (t) => n(t));
|
|
538
541
|
});
|
|
@@ -540,18 +543,18 @@ function pe(s) {
|
|
|
540
543
|
const He = (s) => {
|
|
541
544
|
if (s.length < 43 || s.length > 128)
|
|
542
545
|
return Promise.reject(new Error("Invalid code length."));
|
|
543
|
-
const { hasSubtleCrypto: e } =
|
|
544
|
-
return e ?
|
|
545
|
-
},
|
|
546
|
-
if (!
|
|
546
|
+
const { hasSubtleCrypto: e } = pe();
|
|
547
|
+
return e ? we(s) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
|
|
548
|
+
}, R = {}, Ge = (s, e = window.sessionStorage, n) => {
|
|
549
|
+
if (!R[s] && e) {
|
|
547
550
|
const o = e.getItem(s);
|
|
548
|
-
o && (
|
|
551
|
+
o && (R[s] = JSON.parse(o));
|
|
549
552
|
}
|
|
550
553
|
const t = 1e3 * n;
|
|
551
|
-
return
|
|
554
|
+
return R[s] && R[s].timestamp + t > Date.now() ? R[s].result : null;
|
|
552
555
|
}, Xe = (s, e, n = window.sessionStorage) => {
|
|
553
556
|
const t = Date.now();
|
|
554
|
-
|
|
557
|
+
R[s] = { result: e, timestamp: t }, n && n.setItem(s, JSON.stringify({ result: e, timestamp: t }));
|
|
555
558
|
}, Ye = 60 * 60, ze = (s) => async (e, n = Ye, t = window.sessionStorage, o = 1e4) => {
|
|
556
559
|
const i = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, c = Ge(r, t, n);
|
|
557
560
|
if (c)
|
|
@@ -559,8 +562,8 @@ const He = (s) => {
|
|
|
559
562
|
const a = await B(s)(i, {}, o);
|
|
560
563
|
if (a.status !== 200)
|
|
561
564
|
return null;
|
|
562
|
-
const
|
|
563
|
-
return Xe(r,
|
|
565
|
+
const u = await a.json();
|
|
566
|
+
return Xe(r, u, t), new se(u);
|
|
564
567
|
}, B = (s) => async (e, n = {}, t = 1e4, o = 0) => {
|
|
565
568
|
let i;
|
|
566
569
|
try {
|
|
@@ -578,15 +581,15 @@ const He = (s) => {
|
|
|
578
581
|
}, ee = {
|
|
579
582
|
refresh_token: "refresh_token",
|
|
580
583
|
access_token: "access_token"
|
|
581
|
-
},
|
|
584
|
+
}, de = (s) => async (e, n, t = ee.refresh_token, o, i = 1e4) => {
|
|
582
585
|
const r = {
|
|
583
586
|
token: n,
|
|
584
587
|
token_type_hint: t,
|
|
585
588
|
client_id: o
|
|
586
589
|
}, c = [];
|
|
587
|
-
for (const
|
|
588
|
-
const
|
|
589
|
-
c.push(`${
|
|
590
|
+
for (const f in r) {
|
|
591
|
+
const d = encodeURIComponent(f), l = encodeURIComponent(r[f]);
|
|
592
|
+
c.push(`${d}=${l}`);
|
|
590
593
|
}
|
|
591
594
|
const a = c.join("&");
|
|
592
595
|
return (await B(s)(e, {
|
|
@@ -606,22 +609,22 @@ const He = (s) => {
|
|
|
606
609
|
const y = encodeURIComponent(h), _ = encodeURIComponent(n[h]);
|
|
607
610
|
a.push(`${y}=${_}`);
|
|
608
611
|
}
|
|
609
|
-
const
|
|
612
|
+
const u = a.join("&"), f = await B(s)(e, {
|
|
610
613
|
method: "POST",
|
|
611
614
|
headers: {
|
|
612
615
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
613
616
|
...i
|
|
614
617
|
},
|
|
615
|
-
body:
|
|
618
|
+
body: u
|
|
616
619
|
}, c);
|
|
617
|
-
if (
|
|
618
|
-
return { success: !1, status:
|
|
619
|
-
const
|
|
620
|
-
let
|
|
621
|
-
return
|
|
620
|
+
if (f.status !== 200)
|
|
621
|
+
return { success: !1, status: f.status, demonstratingProofOfPossessionNonce: null };
|
|
622
|
+
const d = await f.json();
|
|
623
|
+
let l = null;
|
|
624
|
+
return f.headers.has(H) && (l = f.headers.get(H)), {
|
|
622
625
|
success: !0,
|
|
623
|
-
data: ne(
|
|
624
|
-
demonstratingProofOfPossessionNonce:
|
|
626
|
+
data: ne(d, o, r),
|
|
627
|
+
demonstratingProofOfPossessionNonce: l
|
|
625
628
|
};
|
|
626
629
|
}, Ze = (s, e) => async (n, t) => {
|
|
627
630
|
t = t ? { ...t } : {};
|
|
@@ -635,9 +638,9 @@ const He = (s) => {
|
|
|
635
638
|
}, H = "DPoP-Nonce", es = (s) => async (e, n, t, o, i = 1e4) => {
|
|
636
639
|
n = n ? { ...n } : {}, n.code_verifier = await s.getCodeVerifierAsync();
|
|
637
640
|
const r = [];
|
|
638
|
-
for (const
|
|
639
|
-
const
|
|
640
|
-
r.push(`${
|
|
641
|
+
for (const d in n) {
|
|
642
|
+
const l = encodeURIComponent(d), h = encodeURIComponent(n[d]);
|
|
643
|
+
r.push(`${l}=${h}`);
|
|
641
644
|
}
|
|
642
645
|
const c = r.join("&"), a = await B(fetch)(e, {
|
|
643
646
|
method: "POST",
|
|
@@ -649,18 +652,18 @@ const He = (s) => {
|
|
|
649
652
|
}, i);
|
|
650
653
|
if (await Promise.all([s.setCodeVerifierAsync(null), s.setStateAsync(null)]), a.status !== 200)
|
|
651
654
|
return { success: !1, status: a.status };
|
|
652
|
-
let
|
|
653
|
-
a.headers.has(H) && (
|
|
654
|
-
const
|
|
655
|
+
let u = null;
|
|
656
|
+
a.headers.has(H) && (u = a.headers.get(H));
|
|
657
|
+
const f = await a.json();
|
|
655
658
|
return {
|
|
656
659
|
success: !0,
|
|
657
660
|
data: {
|
|
658
661
|
state: n.state,
|
|
659
|
-
tokens: ne(
|
|
660
|
-
demonstratingProofOfPossessionNonce:
|
|
662
|
+
tokens: ne(f, null, o),
|
|
663
|
+
demonstratingProofOfPossessionNonce: u
|
|
661
664
|
}
|
|
662
665
|
};
|
|
663
|
-
},
|
|
666
|
+
}, Ae = (s) => {
|
|
664
667
|
const e = s.match(
|
|
665
668
|
// eslint-disable-next-line no-useless-escape
|
|
666
669
|
/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
|
|
@@ -683,13 +686,13 @@ const He = (s) => {
|
|
|
683
686
|
hash: t
|
|
684
687
|
};
|
|
685
688
|
}, ws = (s) => {
|
|
686
|
-
const e =
|
|
689
|
+
const e = Ae(s);
|
|
687
690
|
let { path: n } = e;
|
|
688
691
|
n.endsWith("/") && (n = n.slice(0, -1));
|
|
689
692
|
let { hash: t } = e;
|
|
690
693
|
return t === "#_=_" && (t = ""), t && (n += t), n;
|
|
691
694
|
}, G = (s) => {
|
|
692
|
-
const e =
|
|
695
|
+
const e = Ae(s), { search: n } = e;
|
|
693
696
|
return ss(n);
|
|
694
697
|
}, ss = (s) => {
|
|
695
698
|
const e = {};
|
|
@@ -699,7 +702,7 @@ const He = (s) => {
|
|
|
699
702
|
n = i[t].split("="), e[decodeURIComponent(n[0])] = decodeURIComponent(n[1]);
|
|
700
703
|
return e;
|
|
701
704
|
};
|
|
702
|
-
function
|
|
705
|
+
function Se(s) {
|
|
703
706
|
return new TextEncoder().encode(s);
|
|
704
707
|
}
|
|
705
708
|
function ve(s) {
|
|
@@ -710,34 +713,34 @@ function ns(s) {
|
|
|
710
713
|
return String.fromCharCode(parseInt(o, 16));
|
|
711
714
|
});
|
|
712
715
|
}
|
|
713
|
-
function
|
|
716
|
+
function Te(s) {
|
|
714
717
|
let e = "";
|
|
715
718
|
return s.forEach(function(n) {
|
|
716
719
|
e += String.fromCharCode(n);
|
|
717
720
|
}), ve(e);
|
|
718
721
|
}
|
|
719
|
-
function
|
|
722
|
+
function fe(s) {
|
|
720
723
|
return ve(ns(s));
|
|
721
724
|
}
|
|
722
|
-
var
|
|
723
|
-
|
|
725
|
+
var be = {};
|
|
726
|
+
be.sign = (s, e, n, t = "dpop+jwt") => {
|
|
724
727
|
s = Object.assign({}, s), e.typ = t, e.alg = "ES256", e.kid || (e.jwk = { kty: s.kty, crv: s.crv, x: s.x, y: s.y });
|
|
725
728
|
const o = {
|
|
726
729
|
// @ts-ignore
|
|
727
730
|
// JWT "headers" really means JWS "protected headers"
|
|
728
|
-
protected:
|
|
731
|
+
protected: fe(JSON.stringify(e)),
|
|
729
732
|
// @ts-ignore
|
|
730
733
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
731
|
-
payload:
|
|
734
|
+
payload: fe(JSON.stringify(n))
|
|
732
735
|
}, i = {
|
|
733
736
|
name: "ECDSA",
|
|
734
737
|
namedCurve: "P-256",
|
|
735
738
|
hash: { name: "ES256" }
|
|
736
739
|
}, r = !0, c = ["sign"];
|
|
737
740
|
return window.crypto.subtle.importKey("jwk", s, i, r, c).then(function(a) {
|
|
738
|
-
const
|
|
739
|
-
return window.crypto.subtle.sign(
|
|
740
|
-
return o.signature =
|
|
741
|
+
const u = Se(o.protected + "." + o.payload), f = { name: "ECDSA", hash: { name: "SHA-256" } };
|
|
742
|
+
return window.crypto.subtle.sign(f, a, u).then(function(d) {
|
|
743
|
+
return o.signature = Te(new Uint8Array(d)), o.protected + "." + o.payload + "." + o.signature;
|
|
741
744
|
});
|
|
742
745
|
});
|
|
743
746
|
};
|
|
@@ -755,11 +758,11 @@ oe.neuter = function(s) {
|
|
|
755
758
|
const e = Object.assign({}, s);
|
|
756
759
|
return delete e.d, e.key_ops = ["verify"], e;
|
|
757
760
|
};
|
|
758
|
-
var
|
|
759
|
-
|
|
761
|
+
var Pe = {};
|
|
762
|
+
Pe.thumbprint = function(s) {
|
|
760
763
|
const e = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", s.crv).replace("X", s.x).replace("Y", s.y);
|
|
761
|
-
return window.crypto.subtle.digest({ name: "SHA-256" },
|
|
762
|
-
return
|
|
764
|
+
return window.crypto.subtle.digest({ name: "SHA-256" }, Se(e)).then(function(n) {
|
|
765
|
+
return Te(new Uint8Array(n));
|
|
763
766
|
});
|
|
764
767
|
};
|
|
765
768
|
const ts = function() {
|
|
@@ -770,7 +773,7 @@ const ts = function() {
|
|
|
770
773
|
return t;
|
|
771
774
|
}, os = () => oe.generate().then(function(s) {
|
|
772
775
|
return s;
|
|
773
|
-
}),
|
|
776
|
+
}), Oe = (s, e = "POST", n, t = {}) => {
|
|
774
777
|
const o = {
|
|
775
778
|
// https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
|
|
776
779
|
jit: btoa(ts()),
|
|
@@ -779,139 +782,139 @@ const ts = function() {
|
|
|
779
782
|
iat: Math.round(Date.now() / 1e3),
|
|
780
783
|
...t
|
|
781
784
|
};
|
|
782
|
-
return
|
|
783
|
-
return
|
|
785
|
+
return Pe.thumbprint(s).then(function(i) {
|
|
786
|
+
return be.sign(s, {
|
|
784
787
|
/*kid: kid*/
|
|
785
788
|
}, o).then(function(r) {
|
|
786
789
|
return r;
|
|
787
790
|
});
|
|
788
791
|
});
|
|
789
792
|
}, is = (s, e, n, t, o) => (i = void 0, r = null, c = !1, a = void 0) => {
|
|
790
|
-
const
|
|
793
|
+
const u = r;
|
|
791
794
|
return r = { ...r }, (async () => {
|
|
792
|
-
const
|
|
795
|
+
const d = i || o.getPath();
|
|
793
796
|
if ("state" in r || (r.state = Z(16)), n(m.loginAsync_begin, {}), r)
|
|
794
|
-
for (const
|
|
795
|
-
|
|
797
|
+
for (const l of Object.keys(r))
|
|
798
|
+
l.endsWith(":token_request") && delete r[l];
|
|
796
799
|
try {
|
|
797
|
-
const
|
|
800
|
+
const l = c ? e.silent_redirect_uri : e.redirect_uri;
|
|
798
801
|
a || (a = e.scope);
|
|
799
802
|
const h = e.extras ? { ...e.extras, ...r } : r;
|
|
800
803
|
h.nonce || (h.nonce = Z(12));
|
|
801
804
|
const y = { nonce: h.nonce }, _ = await E(e, s), g = await t(e.authority, e.authority_configuration);
|
|
802
|
-
let
|
|
805
|
+
let w;
|
|
803
806
|
if (_)
|
|
804
|
-
_.setLoginParams({ callbackPath:
|
|
807
|
+
_.setLoginParams({ callbackPath: d, extras: u }), await _.initAsync(g, "loginAsync", e), await _.setNonceAsync(y), _.startKeepAliveServiceWorker(), w = _;
|
|
805
808
|
else {
|
|
806
|
-
const T =
|
|
807
|
-
T.setLoginParams({ callbackPath:
|
|
809
|
+
const T = I(s, e.storage ?? sessionStorage);
|
|
810
|
+
T.setLoginParams({ callbackPath: d, extras: u }), await T.setNonceAsync(y), w = T;
|
|
808
811
|
}
|
|
809
812
|
const S = {
|
|
810
813
|
client_id: e.client_id,
|
|
811
|
-
redirect_uri:
|
|
814
|
+
redirect_uri: l,
|
|
812
815
|
scope: a,
|
|
813
816
|
response_type: "code",
|
|
814
817
|
...h
|
|
815
818
|
};
|
|
816
|
-
await Ze(
|
|
817
|
-
} catch (
|
|
818
|
-
throw n(m.loginAsync_error,
|
|
819
|
+
await Ze(w, o)(g.authorizationEndpoint, S);
|
|
820
|
+
} catch (l) {
|
|
821
|
+
throw n(m.loginAsync_error, l), l;
|
|
819
822
|
}
|
|
820
823
|
})();
|
|
821
824
|
}, rs = (s) => async (e = !1) => {
|
|
822
825
|
try {
|
|
823
826
|
s.publishEvent(m.loginCallbackAsync_begin, {});
|
|
824
|
-
const n = s.configuration, t = n.client_id, o = e ? n.silent_redirect_uri : n.redirect_uri, i = n.authority, r = n.token_request_timeout, c = await s.initAsync(i, n.authority_configuration), a = s.location.getCurrentHref(),
|
|
825
|
-
let
|
|
826
|
-
if (
|
|
827
|
-
await
|
|
827
|
+
const n = s.configuration, t = n.client_id, o = e ? n.silent_redirect_uri : n.redirect_uri, i = n.authority, r = n.token_request_timeout, c = await s.initAsync(i, n.authority_configuration), a = s.location.getCurrentHref(), f = G(a).session_state, d = await E(n, s.configurationName);
|
|
828
|
+
let l, h, y, _;
|
|
829
|
+
if (d)
|
|
830
|
+
await d.initAsync(c, "loginCallbackAsync", n), await d.setSessionStateAsync(f), h = await d.getNonceAsync(), y = d.getLoginParams(), _ = await d.getStateAsync(), d.startKeepAliveServiceWorker(), l = d;
|
|
828
831
|
else {
|
|
829
|
-
const
|
|
830
|
-
await
|
|
832
|
+
const v = I(s.configurationName, n.storage ?? sessionStorage);
|
|
833
|
+
await v.setSessionStateAsync(f), h = await v.getNonceAsync(), y = v.getLoginParams(), _ = await v.getStateAsync(), l = v;
|
|
831
834
|
}
|
|
832
835
|
const g = G(a);
|
|
833
836
|
if (g.iss && g.iss !== c.issuer)
|
|
834
837
|
throw console.error(), new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);
|
|
835
838
|
if (g.state && g.state !== _)
|
|
836
839
|
throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);
|
|
837
|
-
const
|
|
840
|
+
const w = {
|
|
838
841
|
code: g.code,
|
|
839
842
|
grant_type: "authorization_code",
|
|
840
843
|
client_id: n.client_id,
|
|
841
844
|
redirect_uri: o
|
|
842
845
|
}, S = {};
|
|
843
846
|
if (n.token_request_extras)
|
|
844
|
-
for (const [
|
|
845
|
-
S[
|
|
847
|
+
for (const [v, D] of Object.entries(n.token_request_extras))
|
|
848
|
+
S[v] = D;
|
|
846
849
|
if (y && y.extras)
|
|
847
|
-
for (const [
|
|
848
|
-
|
|
849
|
-
const T = c.tokenEndpoint,
|
|
850
|
+
for (const [v, D] of Object.entries(y.extras))
|
|
851
|
+
v.endsWith(":token_request") && (S[v.replace(":token_request", "")] = D);
|
|
852
|
+
const T = c.tokenEndpoint, V = {};
|
|
850
853
|
if (n.demonstrating_proof_of_possession) {
|
|
851
|
-
const
|
|
852
|
-
|
|
854
|
+
const v = await os();
|
|
855
|
+
d ? await d.setDemonstratingProofOfPossessionJwkAsync(v) : await I(s.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(v), V.DPoP = await Oe(v, "POST", T);
|
|
853
856
|
}
|
|
854
|
-
const p = await es(
|
|
857
|
+
const p = await es(l)(
|
|
855
858
|
T,
|
|
856
|
-
{ ...
|
|
857
|
-
|
|
859
|
+
{ ...w, ...S },
|
|
860
|
+
V,
|
|
858
861
|
s.configuration.token_renew_mode,
|
|
859
862
|
r
|
|
860
863
|
);
|
|
861
864
|
if (!p.success)
|
|
862
865
|
throw new Error("Token request failed");
|
|
863
866
|
let k;
|
|
864
|
-
const
|
|
867
|
+
const A = p.data.tokens, O = p.data.demonstratingProofOfPossessionNonce;
|
|
865
868
|
if (p.data.state !== S.state)
|
|
866
869
|
throw new Error("state is not valid");
|
|
867
|
-
const { isValid:
|
|
868
|
-
if (!
|
|
869
|
-
throw new Error(`Tokens are not OpenID valid, reason: ${
|
|
870
|
-
if (
|
|
871
|
-
if (
|
|
870
|
+
const { isValid: x, reason: P } = ge(A, h.nonce, c);
|
|
871
|
+
if (!x)
|
|
872
|
+
throw new Error(`Tokens are not OpenID valid, reason: ${P}`);
|
|
873
|
+
if (d) {
|
|
874
|
+
if (A.refreshToken && !A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
872
875
|
throw new Error("Refresh token should be hidden by service worker");
|
|
873
|
-
if (
|
|
876
|
+
if (O && A.accessToken && A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
874
877
|
throw new Error("Demonstration of proof of possession require Access token not hidden by service worker");
|
|
875
878
|
}
|
|
876
|
-
if (
|
|
877
|
-
await
|
|
879
|
+
if (d)
|
|
880
|
+
await d.initAsync(o, "syncTokensAsync", n), k = d.getLoginParams(), O && await d.setDemonstratingProofOfPossessionNonce(O);
|
|
878
881
|
else {
|
|
879
|
-
const
|
|
880
|
-
k =
|
|
882
|
+
const v = I(s.configurationName, n.storage);
|
|
883
|
+
k = v.getLoginParams(), O && await v.setDemonstratingProofOfPossessionNonce(O);
|
|
881
884
|
}
|
|
882
|
-
return await s.startCheckSessionAsync(c.checkSessionIframe, t,
|
|
883
|
-
tokens:
|
|
885
|
+
return await s.startCheckSessionAsync(c.checkSessionIframe, t, f, e), s.publishEvent(m.loginCallbackAsync_end, {}), {
|
|
886
|
+
tokens: A,
|
|
884
887
|
state: "request.state",
|
|
885
888
|
callbackPath: k.callbackPath
|
|
886
889
|
};
|
|
887
890
|
} catch (n) {
|
|
888
891
|
throw console.error(n), s.publishEvent(m.loginCallbackAsync_error, n), n;
|
|
889
892
|
}
|
|
890
|
-
},
|
|
893
|
+
}, he = {
|
|
891
894
|
access_token: "access_token",
|
|
892
895
|
refresh_token: "refresh_token"
|
|
893
896
|
}, as = (s) => async (e) => {
|
|
894
897
|
J.clearTimeout(s.timeoutId), s.timeoutId = null, s.checkSessionIFrame && s.checkSessionIFrame.stop();
|
|
895
898
|
const n = await E(s.configuration, s.configurationName);
|
|
896
|
-
n ? await n.clearAsync(e) : await
|
|
899
|
+
n ? await n.clearAsync(e) : await I(s.configurationName, s.configuration.storage).clearAsync(e), s.tokens = null, s.userInfo = null;
|
|
897
900
|
}, cs = (s, e, n, t, o) => async (i = void 0, r = null) => {
|
|
898
901
|
const c = s.configuration, a = await s.initAsync(c.authority, c.authority_configuration);
|
|
899
902
|
i && typeof i != "string" && (i = void 0, t.warn("callbackPathOrUrl path is not a string"));
|
|
900
|
-
const
|
|
901
|
-
let
|
|
902
|
-
i && (
|
|
903
|
-
const
|
|
903
|
+
const u = i ?? o.getPath();
|
|
904
|
+
let f = !1;
|
|
905
|
+
i && (f = i.includes("https://") || i.includes("http://"));
|
|
906
|
+
const d = f ? i : o.getOrigin() + u, l = s.tokens ? s.tokens.idToken : "";
|
|
904
907
|
try {
|
|
905
908
|
const y = a.revocationEndpoint;
|
|
906
909
|
if (y) {
|
|
907
910
|
const _ = [], g = s.tokens ? s.tokens.accessToken : null;
|
|
908
|
-
if (g && c.logout_tokens_to_invalidate.includes(
|
|
909
|
-
const S =
|
|
911
|
+
if (g && c.logout_tokens_to_invalidate.includes(he.access_token)) {
|
|
912
|
+
const S = de(n)(y, g, ee.access_token, c.client_id);
|
|
910
913
|
_.push(S);
|
|
911
914
|
}
|
|
912
|
-
const
|
|
913
|
-
if (
|
|
914
|
-
const S =
|
|
915
|
+
const w = s.tokens ? s.tokens.refreshToken : null;
|
|
916
|
+
if (w && c.logout_tokens_to_invalidate.includes(he.refresh_token)) {
|
|
917
|
+
const S = de(n)(y, w, ee.refresh_token, c.client_id);
|
|
915
918
|
_.push(S);
|
|
916
919
|
}
|
|
917
920
|
_.length > 0 && await Promise.all(_);
|
|
@@ -925,8 +928,8 @@ const ts = function() {
|
|
|
925
928
|
_ !== s && await s.logoutSameTabAsync(s.configuration.client_id, h);
|
|
926
929
|
if (a.endSessionEndpoint) {
|
|
927
930
|
r || (r = {
|
|
928
|
-
id_token_hint:
|
|
929
|
-
}, i !== null && (r.post_logout_redirect_uri =
|
|
931
|
+
id_token_hint: l
|
|
932
|
+
}, i !== null && (r.post_logout_redirect_uri = d));
|
|
930
933
|
let y = "";
|
|
931
934
|
if (r)
|
|
932
935
|
for (const [_, g] of Object.entries(r))
|
|
@@ -938,19 +941,19 @@ const ts = function() {
|
|
|
938
941
|
if (s.userInfo != null && !e)
|
|
939
942
|
return s.userInfo;
|
|
940
943
|
for (; s.tokens && !z(s.tokens); )
|
|
941
|
-
await
|
|
944
|
+
await U({ milliseconds: 200 });
|
|
942
945
|
if (!s.tokens)
|
|
943
946
|
return null;
|
|
944
947
|
const n = s.tokens.accessToken;
|
|
945
948
|
if (!n)
|
|
946
949
|
return null;
|
|
947
950
|
const t = s.configuration, i = (await s.initAsync(t.authority, t.authority_configuration)).userInfoEndpoint, c = await (async (a) => {
|
|
948
|
-
const
|
|
951
|
+
const u = await fetch(i, {
|
|
949
952
|
headers: {
|
|
950
953
|
authorization: `Bearer ${a}`
|
|
951
954
|
}
|
|
952
955
|
});
|
|
953
|
-
return
|
|
956
|
+
return u.status !== 200 ? null : u.json();
|
|
954
957
|
})(n);
|
|
955
958
|
return s.userInfo = c, c;
|
|
956
959
|
};
|
|
@@ -1059,10 +1062,10 @@ class se {
|
|
|
1059
1062
|
this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
|
|
1060
1063
|
}
|
|
1061
1064
|
}
|
|
1062
|
-
const
|
|
1065
|
+
const W = {}, ys = (s, e = new X()) => (n, t = "default") => (W[t] || (W[t] = new L(n, t, s, e)), W[t]), gs = async (s) => {
|
|
1063
1066
|
const { parsedTokens: e, callbackPath: n } = await s.loginCallbackAsync();
|
|
1064
|
-
return s.timeoutId =
|
|
1065
|
-
}, ks = (s) => Math.floor(Math.random() * s),
|
|
1067
|
+
return s.timeoutId = M(s, e.refreshToken, e.expiresAt), { callbackPath: n };
|
|
1068
|
+
}, ks = (s) => Math.floor(Math.random() * s), N = class N {
|
|
1066
1069
|
constructor(e, n = "default", t, o = new X()) {
|
|
1067
1070
|
this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
|
|
1068
1071
|
let i = e.silent_login_uri;
|
|
@@ -1081,7 +1084,8 @@ const N = {}, ys = (s, e = new X()) => (n, t = "default") => (N[t] || (N[t] = ne
|
|
|
1081
1084
|
authority_timeout_wellknowurl_in_millisecond: e.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
|
|
1082
1085
|
logout_tokens_to_invalidate: e.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"],
|
|
1083
1086
|
service_worker_update_require_callback: c,
|
|
1084
|
-
service_worker_activate: e.service_worker_activate ?? hs
|
|
1087
|
+
service_worker_activate: e.service_worker_activate ?? hs,
|
|
1088
|
+
storage: e.storage ?? sessionStorage
|
|
1085
1089
|
}, this.getFetch = t ?? _s, this.configurationName = n, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.synchroniseTokensAsync.bind(this), this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
|
|
1086
1090
|
}
|
|
1087
1091
|
subscribeEvents(e) {
|
|
@@ -1099,10 +1103,10 @@ const N = {}, ys = (s, e = new X()) => (n, t = "default") => (N[t] || (N[t] = ne
|
|
|
1099
1103
|
}
|
|
1100
1104
|
static get(e = "default") {
|
|
1101
1105
|
const n = typeof process > "u";
|
|
1102
|
-
if (!Object.prototype.hasOwnProperty.call(
|
|
1106
|
+
if (!Object.prototype.hasOwnProperty.call(W, e) && n)
|
|
1103
1107
|
throw Error(`OIDC library does seem initialized.
|
|
1104
1108
|
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);
|
|
1105
|
-
return
|
|
1109
|
+
return W[e];
|
|
1106
1110
|
}
|
|
1107
1111
|
_silentLoginCallbackFromIFrame() {
|
|
1108
1112
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
@@ -1157,7 +1161,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1157
1161
|
if (i) {
|
|
1158
1162
|
n.startKeepAliveServiceWorker(), this.tokens = i;
|
|
1159
1163
|
const r = n.getLoginParams(this.configurationName);
|
|
1160
|
-
this.timeoutId =
|
|
1164
|
+
this.timeoutId = M(this, this.tokens.refreshToken, this.tokens.expiresAt, r.extras);
|
|
1161
1165
|
const c = await n.getSessionStateAsync();
|
|
1162
1166
|
return await this.startCheckSessionAsync(o.check_session_iframe, t.client_id, c), this.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1163
1167
|
success: !0,
|
|
@@ -1172,11 +1176,11 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1172
1176
|
t.service_worker_relative_url && this.publishEvent(m.service_worker_not_supported_by_browser, {
|
|
1173
1177
|
message: "service worker is not supported by this browser"
|
|
1174
1178
|
});
|
|
1175
|
-
const i =
|
|
1179
|
+
const i = I(this.configurationName, t.storage ?? sessionStorage), { tokens: r } = await i.initAsync();
|
|
1176
1180
|
if (r) {
|
|
1177
|
-
this.tokens =
|
|
1181
|
+
this.tokens = ye(r, null, t.token_renew_mode);
|
|
1178
1182
|
const c = i.getLoginParams();
|
|
1179
|
-
this.timeoutId =
|
|
1183
|
+
this.timeoutId = M(this, r.refreshToken, this.tokens.expiresAt, c.extras);
|
|
1180
1184
|
const a = await i.getSessionStateAsync();
|
|
1181
1185
|
return await this.startCheckSessionAsync(o.check_session_iframe, t.client_id, a), this.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1182
1186
|
success: !0,
|
|
@@ -1195,7 +1199,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1195
1199
|
return this.tryKeepExistingSessionPromise = e(), this.tryKeepExistingSessionPromise.then((n) => (this.tryKeepExistingSessionPromise = null, n));
|
|
1196
1200
|
}
|
|
1197
1201
|
async startCheckSessionAsync(e, n, t, o = !1) {
|
|
1198
|
-
await Fe(this,
|
|
1202
|
+
await Fe(this, W, this.configuration)(e, n, t, o);
|
|
1199
1203
|
}
|
|
1200
1204
|
async loginAsync(e = void 0, n = null, t = !1, o = void 0, i = !1) {
|
|
1201
1205
|
return this.loginPromise !== null ? this.loginPromise : i ? Re(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(n, o) : (this.loginPromise = is(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, n, t, o), this.loginPromise.then((r) => (this.loginPromise = null, r)));
|
|
@@ -1205,110 +1209,107 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1205
1209
|
return this.loginCallbackPromise;
|
|
1206
1210
|
const n = async () => {
|
|
1207
1211
|
const t = await rs(this)(e), o = t.tokens;
|
|
1208
|
-
return this.tokens = o, await E(this.configuration, this.configurationName) ||
|
|
1212
|
+
return this.tokens = o, await E(this.configuration, this.configurationName) || I(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(N.eventNames.token_aquired, o), { parsedTokens: o, state: t.state, callbackPath: t.callbackPath };
|
|
1209
1213
|
};
|
|
1210
1214
|
return this.loginCallbackPromise = n(), this.loginCallbackPromise.then((t) => (this.loginCallbackPromise = null, t));
|
|
1211
1215
|
}
|
|
1212
1216
|
async synchroniseTokensAsync(e, n = 0, t = !1, o = null, i) {
|
|
1213
1217
|
for (; !navigator.onLine && document.hidden; )
|
|
1214
|
-
await
|
|
1218
|
+
await U({ milliseconds: 1e3 }), this.publishEvent(m.refreshTokensAsync, { message: "wait because navigator is offline and hidden" });
|
|
1215
1219
|
let r = 6;
|
|
1216
1220
|
for (; !navigator.onLine && r > 0; )
|
|
1217
|
-
await
|
|
1218
|
-
|
|
1219
|
-
for (; document.hidden && c > 0; )
|
|
1220
|
-
await D({ milliseconds: 1e3 }), c--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is hidden try ${c}` });
|
|
1221
|
-
const f = document.hidden ? n : n + 1;
|
|
1221
|
+
await U({ milliseconds: 1e3 }), r--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
|
|
1222
|
+
const a = document.hidden ? n : n + 1;
|
|
1222
1223
|
o || (o = {});
|
|
1223
|
-
const
|
|
1224
|
+
const u = this.configuration, f = (l, h, y = null) => te(this.configurationName, this.configuration, this.publishEvent.bind(this))(l, h, y), d = async () => {
|
|
1224
1225
|
try {
|
|
1225
|
-
let
|
|
1226
|
-
const
|
|
1227
|
-
|
|
1228
|
-
const
|
|
1229
|
-
...
|
|
1226
|
+
let l;
|
|
1227
|
+
const h = await E(u, this.configurationName);
|
|
1228
|
+
h ? l = h.getLoginParams() : l = I(this.configurationName, u.storage).getLoginParams();
|
|
1229
|
+
const y = await f({
|
|
1230
|
+
...l.extras,
|
|
1230
1231
|
...o,
|
|
1231
1232
|
prompt: "none"
|
|
1232
|
-
},
|
|
1233
|
-
if (
|
|
1234
|
-
return i(
|
|
1235
|
-
} catch (
|
|
1236
|
-
if (console.error(
|
|
1233
|
+
}, l.state);
|
|
1234
|
+
if (y)
|
|
1235
|
+
return i(y.tokens), this.publishEvent(N.eventNames.token_renewed, {}), { tokens: y.tokens, status: "LOGGED" };
|
|
1236
|
+
} catch (l) {
|
|
1237
|
+
if (console.error(l), this.publishEvent(m.refreshTokensAsync_silent_error, { message: "exceptionSilent", exception: l.message }), l && l.message && l.message.startsWith("oidc"))
|
|
1237
1238
|
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent" }), { tokens: null, status: "SESSION_LOST" };
|
|
1238
1239
|
}
|
|
1239
|
-
return this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent return" }), await this.synchroniseTokensAsync(null,
|
|
1240
|
+
return this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent return" }), await this.synchroniseTokensAsync(null, a, t, o, i);
|
|
1240
1241
|
};
|
|
1241
1242
|
if (n > 4)
|
|
1242
1243
|
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
|
|
1243
1244
|
try {
|
|
1244
|
-
const { status:
|
|
1245
|
-
switch (
|
|
1245
|
+
const { status: l, tokens: h, nonce: y } = await this.syncTokensInfoAsync(u, this.configurationName, this.tokens, t);
|
|
1246
|
+
switch (l) {
|
|
1246
1247
|
case "SESSION_LOST":
|
|
1247
1248
|
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token session lost" }), { tokens: null, status: "SESSION_LOST" };
|
|
1248
1249
|
case "NOT_CONNECTED":
|
|
1249
1250
|
return i(null), { tokens: null, status: null };
|
|
1250
1251
|
case "TOKENS_VALID":
|
|
1251
|
-
return i(
|
|
1252
|
+
return i(h), { tokens: h, status: "LOGGED_IN" };
|
|
1252
1253
|
case "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":
|
|
1253
|
-
return i(
|
|
1254
|
+
return i(h), this.publishEvent(N.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), { tokens: h, status: "LOGGED_IN" };
|
|
1254
1255
|
case "LOGOUT_FROM_ANOTHER_TAB":
|
|
1255
1256
|
return i(null), this.publishEvent(m.logout_from_another_tab, { status: "session syncTokensAsync" }), { tokens: null, status: "LOGGED_OUT" };
|
|
1256
1257
|
case "REQUIRE_SYNC_TOKENS":
|
|
1257
|
-
return this.publishEvent(m.refreshTokensAsync_begin, { refreshToken: e, status:
|
|
1258
|
+
return this.publishEvent(m.refreshTokensAsync_begin, { refreshToken: e, status: l, tryNumber: n }), await d();
|
|
1258
1259
|
default: {
|
|
1259
|
-
if (this.publishEvent(m.refreshTokensAsync_begin, { refreshToken: e, status:
|
|
1260
|
+
if (this.publishEvent(m.refreshTokensAsync_begin, { refreshToken: e, status: l, tryNumber: n }), !e)
|
|
1260
1261
|
return await d();
|
|
1261
|
-
const
|
|
1262
|
-
for (const [
|
|
1263
|
-
|
|
1262
|
+
const _ = u.client_id, g = u.redirect_uri, w = u.authority, T = { ...u.token_request_extras ? u.token_request_extras : {} };
|
|
1263
|
+
for (const [p, k] of Object.entries(o))
|
|
1264
|
+
p.endsWith(":token_request") && (T[p.replace(":token_request", "")] = k);
|
|
1264
1265
|
return await (async () => {
|
|
1265
|
-
const
|
|
1266
|
-
client_id:
|
|
1267
|
-
redirect_uri:
|
|
1266
|
+
const p = {
|
|
1267
|
+
client_id: _,
|
|
1268
|
+
redirect_uri: g,
|
|
1268
1269
|
grant_type: "refresh_token",
|
|
1269
|
-
refresh_token:
|
|
1270
|
-
},
|
|
1271
|
-
|
|
1272
|
-
const
|
|
1273
|
-
|
|
1274
|
-
|
|
1275
|
-
|
|
1276
|
-
|
|
1277
|
-
|
|
1278
|
-
|
|
1279
|
-
|
|
1270
|
+
refresh_token: h.refreshToken
|
|
1271
|
+
}, k = await this.initAsync(w, u.authority_configuration), A = document.hidden ? 1e4 : 3e4 * 10, O = k.tokenEndpoint, x = {};
|
|
1272
|
+
u.demonstrating_proof_of_possession && (x.DPoP = await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken, O, "POST"));
|
|
1273
|
+
const P = await Qe(this.getFetch())(
|
|
1274
|
+
O,
|
|
1275
|
+
p,
|
|
1276
|
+
T,
|
|
1277
|
+
h,
|
|
1278
|
+
x,
|
|
1279
|
+
u.token_renew_mode,
|
|
1280
|
+
A
|
|
1280
1281
|
);
|
|
1281
|
-
if (
|
|
1282
|
-
const { isValid:
|
|
1283
|
-
if (!
|
|
1284
|
-
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${
|
|
1285
|
-
if (i(
|
|
1286
|
-
const ie = await E(
|
|
1287
|
-
ie ? await ie.setDemonstratingProofOfPossessionNonce(
|
|
1282
|
+
if (P.success) {
|
|
1283
|
+
const { isValid: v, reason: D } = ge(P.data, y.nonce, k);
|
|
1284
|
+
if (!v)
|
|
1285
|
+
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${D}` }), { tokens: null, status: "SESSION_LOST" };
|
|
1286
|
+
if (i(P.data), P.demonstratingProofOfPossessionNonce) {
|
|
1287
|
+
const ie = await E(u, this.configurationName);
|
|
1288
|
+
ie ? await ie.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce) : await I(this.configurationName, u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce);
|
|
1288
1289
|
}
|
|
1289
|
-
return this.publishEvent(m.refreshTokensAsync_end, { success:
|
|
1290
|
+
return this.publishEvent(m.refreshTokensAsync_end, { success: P.success }), this.publishEvent(N.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: P.data, status: "LOGGED_IN" };
|
|
1290
1291
|
} else
|
|
1291
1292
|
return this.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
1292
1293
|
message: "bad request",
|
|
1293
|
-
tokenResponse:
|
|
1294
|
-
}), await this.synchroniseTokensAsync(e,
|
|
1294
|
+
tokenResponse: P
|
|
1295
|
+
}), await this.synchroniseTokensAsync(e, a, t, o, i);
|
|
1295
1296
|
})();
|
|
1296
1297
|
}
|
|
1297
1298
|
}
|
|
1298
|
-
} catch (
|
|
1299
|
-
return console.error(
|
|
1299
|
+
} catch (l) {
|
|
1300
|
+
return console.error(l), this.publishEvent(m.refreshTokensAsync_silent_error, { message: "exception", exception: l.message }), this.synchroniseTokensAsync(e, a, t, o, i);
|
|
1300
1301
|
}
|
|
1301
1302
|
}
|
|
1302
1303
|
async generateDemonstrationOfProofOfPossessionAsync(e, n, t) {
|
|
1303
|
-
const o = this.configuration, i = { ath: await
|
|
1304
|
+
const o = this.configuration, i = { ath: await we(e) }, r = await E(o, this.configurationName);
|
|
1304
1305
|
let c = null, a;
|
|
1305
1306
|
if (r)
|
|
1306
1307
|
c = await r.getDemonstratingProofOfPossessionNonce(), a = await r.getDemonstratingProofOfPossessionJwkAsync();
|
|
1307
1308
|
else {
|
|
1308
|
-
const
|
|
1309
|
-
a = await
|
|
1309
|
+
const u = I(this.configurationName, o.storage);
|
|
1310
|
+
a = await u.getDemonstratingProofOfPossessionJwkAsync(), c = await u.getDemonstratingProofOfPossessionNonce();
|
|
1310
1311
|
}
|
|
1311
|
-
return c && (i.nonce = c), await
|
|
1312
|
+
return c && (i.nonce = c), await Oe(a, t, n, i);
|
|
1312
1313
|
}
|
|
1313
1314
|
async syncTokensInfoAsync(e, n, t, o = !1) {
|
|
1314
1315
|
const i = { nonce: null };
|
|
@@ -1317,33 +1318,33 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1317
1318
|
let r = i;
|
|
1318
1319
|
const c = await this.initAsync(e.authority, e.authority_configuration), a = await E(e, n);
|
|
1319
1320
|
if (a) {
|
|
1320
|
-
const { status:
|
|
1321
|
-
if (
|
|
1321
|
+
const { status: d, tokens: l } = await a.initAsync(c, "syncTokensAsync", e);
|
|
1322
|
+
if (d === "LOGGED_OUT")
|
|
1322
1323
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
1323
|
-
if (
|
|
1324
|
+
if (d === "SESSIONS_LOST")
|
|
1324
1325
|
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
|
|
1325
|
-
if (!
|
|
1326
|
+
if (!d || !l)
|
|
1326
1327
|
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: i };
|
|
1327
|
-
if (
|
|
1328
|
-
const y =
|
|
1329
|
-
return { tokens:
|
|
1328
|
+
if (l.issuedAt !== t.issuedAt) {
|
|
1329
|
+
const y = K(e.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", _ = await a.getNonceAsync();
|
|
1330
|
+
return { tokens: l, status: y, nonce: _ };
|
|
1330
1331
|
}
|
|
1331
1332
|
r = await a.getNonceAsync();
|
|
1332
1333
|
} else {
|
|
1333
|
-
const
|
|
1334
|
-
if (
|
|
1334
|
+
const d = I(n, e.storage ?? sessionStorage), { tokens: l, status: h } = await d.initAsync();
|
|
1335
|
+
if (l) {
|
|
1335
1336
|
if (h === "SESSIONS_LOST")
|
|
1336
1337
|
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
|
|
1337
|
-
if (
|
|
1338
|
-
const _ =
|
|
1339
|
-
return { tokens:
|
|
1338
|
+
if (l.issuedAt !== t.issuedAt) {
|
|
1339
|
+
const _ = K(e.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", g = await d.getNonceAsync();
|
|
1340
|
+
return { tokens: l, status: _, nonce: g };
|
|
1340
1341
|
}
|
|
1341
1342
|
} else
|
|
1342
1343
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
1343
|
-
r = await
|
|
1344
|
+
r = await d.getNonceAsync();
|
|
1344
1345
|
}
|
|
1345
|
-
const
|
|
1346
|
-
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status:
|
|
1346
|
+
const f = K(e.refresh_time_before_tokens_expiration_in_second, t.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
|
|
1347
|
+
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status: f, nonce: r };
|
|
1347
1348
|
}
|
|
1348
1349
|
loginCallbackWithAutoTokensRenewAsync() {
|
|
1349
1350
|
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = gs(this), this.loginCallbackWithAutoTokensRenewPromise.then((e) => (this.loginCallbackWithAutoTokensRenewPromise = null, e)));
|
|
@@ -1355,7 +1356,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1355
1356
|
if (this.renewTokensPromise !== null)
|
|
1356
1357
|
return this.renewTokensPromise;
|
|
1357
1358
|
if (this.timeoutId)
|
|
1358
|
-
return J.clearTimeout(this.timeoutId), this.renewTokensPromise =
|
|
1359
|
+
return J.clearTimeout(this.timeoutId), this.renewTokensPromise = me(this, this.tokens.refreshToken, !0, e), this.renewTokensPromise.then((n) => (this.renewTokensPromise = null, n));
|
|
1359
1360
|
}
|
|
1360
1361
|
async destroyAsync(e) {
|
|
1361
1362
|
return await as(this)(e);
|
|
@@ -1367,28 +1368,28 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1367
1368
|
this.configuration.monitor_session && this.configuration.client_id === e && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_another_tab, { message: "SessionMonitor", sub: n }));
|
|
1368
1369
|
}
|
|
1369
1370
|
async logoutAsync(e = void 0, n = null) {
|
|
1370
|
-
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = cs(this,
|
|
1371
|
+
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = cs(this, W, this.getFetch(), console, this.location)(e, n), this.logoutPromise.then((t) => (this.logoutPromise = null, t)));
|
|
1371
1372
|
}
|
|
1372
1373
|
};
|
|
1373
|
-
|
|
1374
|
-
let
|
|
1374
|
+
N.getOrCreate = (e, n) => (t, o = "default") => ys(e, n)(t, o), N.eventNames = m;
|
|
1375
|
+
let L = N;
|
|
1375
1376
|
const ms = (s, e) => async (...n) => {
|
|
1376
|
-
var
|
|
1377
|
+
var l;
|
|
1377
1378
|
const [t, o, ...i] = n, r = o ? { ...o } : { method: "GET" };
|
|
1378
1379
|
let c = new Headers();
|
|
1379
1380
|
r.headers && (c = r.headers instanceof Headers ? r.headers : new Headers(r.headers));
|
|
1380
|
-
const a = e,
|
|
1381
|
-
if (c.has("Accept") || c.set("Accept", "application/json"),
|
|
1381
|
+
const a = e, u = await a.getValidTokenAsync(), f = (l = u == null ? void 0 : u.tokens) == null ? void 0 : l.accessToken;
|
|
1382
|
+
if (c.has("Accept") || c.set("Accept", "application/json"), f) {
|
|
1382
1383
|
if (a.configuration.demonstrating_proof_of_possession) {
|
|
1383
|
-
const h = await a.generateDemonstrationOfProofOfPossessionAsync(
|
|
1384
|
-
c.set("Authorization", `PoP ${
|
|
1384
|
+
const h = await a.generateDemonstrationOfProofOfPossessionAsync(f, t.toString(), r.method);
|
|
1385
|
+
c.set("Authorization", `PoP ${f}`), c.set("DPoP", h);
|
|
1385
1386
|
} else
|
|
1386
|
-
c.set("Authorization", `Bearer ${
|
|
1387
|
+
c.set("Authorization", `Bearer ${f}`);
|
|
1387
1388
|
r.credentials || (r.credentials = "same-origin");
|
|
1388
1389
|
}
|
|
1389
|
-
const
|
|
1390
|
-
return await s(t,
|
|
1391
|
-
},
|
|
1390
|
+
const d = { ...r, headers: c };
|
|
1391
|
+
return await s(t, d, ...i);
|
|
1392
|
+
}, F = class F {
|
|
1392
1393
|
constructor(e) {
|
|
1393
1394
|
this._oidc = e;
|
|
1394
1395
|
}
|
|
@@ -1402,7 +1403,7 @@ const ms = (s, e) => async (...n) => {
|
|
|
1402
1403
|
this._oidc.publishEvent(e, n);
|
|
1403
1404
|
}
|
|
1404
1405
|
static get(e = "default") {
|
|
1405
|
-
return new
|
|
1406
|
+
return new F(L.get(e));
|
|
1406
1407
|
}
|
|
1407
1408
|
tryKeepExistingSessionAsync() {
|
|
1408
1409
|
return this._oidc.tryKeepExistingSessionAsync();
|
|
@@ -1441,10 +1442,10 @@ const ms = (s, e) => async (...n) => {
|
|
|
1441
1442
|
return this._oidc.userInfoAsync(e);
|
|
1442
1443
|
}
|
|
1443
1444
|
};
|
|
1444
|
-
|
|
1445
|
-
let
|
|
1445
|
+
F.getOrCreate = (e, n = new X()) => (t, o = "default") => new F(L.getOrCreate(e, n)(t, o)), F.eventNames = L.eventNames;
|
|
1446
|
+
let _e = F;
|
|
1446
1447
|
export {
|
|
1447
|
-
|
|
1448
|
+
_e as OidcClient,
|
|
1448
1449
|
X as OidcLocation,
|
|
1449
1450
|
Y as TokenRenewMode,
|
|
1450
1451
|
_s as getFetchDefault,
|