@axa-fr/oidc-client 7.13.1 → 7.13.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +174 -172
- package/dist/index.umd.cjs +2 -2
- package/dist/version.d.ts +1 -1
- package/package.json +3 -3
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
const
|
|
2
|
-
class
|
|
1
|
+
const L = console;
|
|
2
|
+
class Ie {
|
|
3
3
|
constructor(e, n, t, o = 2e3, i = !0) {
|
|
4
4
|
this._callback = e, this._client_id = n, this._url = t, this._interval = o || 2e3, this._stopOnError = i;
|
|
5
5
|
const r = t.indexOf("/", t.indexOf("//") + 2);
|
|
@@ -13,17 +13,17 @@ class Ee {
|
|
|
13
13
|
});
|
|
14
14
|
}
|
|
15
15
|
_message(e) {
|
|
16
|
-
e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (
|
|
16
|
+
e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (L.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? (L.debug(e), L.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : L.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
|
|
17
17
|
}
|
|
18
18
|
start(e) {
|
|
19
|
-
|
|
19
|
+
L.debug("CheckSessionIFrame.start :" + e), this.stop();
|
|
20
20
|
const n = () => {
|
|
21
21
|
this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
|
|
22
22
|
};
|
|
23
23
|
n(), this._timer = window.setInterval(n, this._interval);
|
|
24
24
|
}
|
|
25
25
|
stop() {
|
|
26
|
-
this._timer && (
|
|
26
|
+
this._timer && (L.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
29
|
const m = {
|
|
@@ -100,19 +100,19 @@ const m = {
|
|
|
100
100
|
setDemonstratingProofOfPossessionJwkAsync: a,
|
|
101
101
|
getDemonstratingProofOfPossessionJwkAsync: u
|
|
102
102
|
};
|
|
103
|
-
},
|
|
103
|
+
}, Ce = (s) => decodeURIComponent(Array.prototype.map.call(atob(s), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), xe = (s) => JSON.parse(Ce(s.split(".")[1].replace("-", "+").replace("_", "/"))), ae = (s) => {
|
|
104
104
|
try {
|
|
105
|
-
return s &&
|
|
105
|
+
return s && Ne(s, ".") === 2 ? xe(s) : null;
|
|
106
106
|
} catch (e) {
|
|
107
107
|
console.warn(e);
|
|
108
108
|
}
|
|
109
109
|
return null;
|
|
110
|
-
},
|
|
110
|
+
}, Ne = (s, e) => s.split(e).length - 1, Y = {
|
|
111
111
|
access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
|
|
112
112
|
access_token_invalid: "access_token_invalid",
|
|
113
113
|
id_token_invalid: "id_token_invalid"
|
|
114
114
|
};
|
|
115
|
-
function
|
|
115
|
+
function We(s, e, n) {
|
|
116
116
|
if (s.issuedAt) {
|
|
117
117
|
if (typeof s.issuedAt == "string")
|
|
118
118
|
return parseInt(s.issuedAt, 10);
|
|
@@ -125,9 +125,9 @@ const ye = (s, e = null, n) => {
|
|
|
125
125
|
return null;
|
|
126
126
|
let t;
|
|
127
127
|
const o = typeof s.expiresIn == "string" ? parseInt(s.expiresIn, 10) : s.expiresIn;
|
|
128
|
-
s.accessTokenPayload !== void 0 ? t = s.accessTokenPayload : t =
|
|
129
|
-
const i = s.idTokenPayload ? s.idTokenPayload :
|
|
130
|
-
s.issuedAt =
|
|
128
|
+
s.accessTokenPayload !== void 0 ? t = s.accessTokenPayload : t = ae(s.accessToken);
|
|
129
|
+
const i = s.idTokenPayload ? s.idTokenPayload : ae(s.idToken), r = i && i.exp ? i.exp : Number.MAX_VALUE, c = t && t.exp ? t.exp : s.issuedAt + o;
|
|
130
|
+
s.issuedAt = We(s, t, i);
|
|
131
131
|
let a;
|
|
132
132
|
s.expiresAt ? a = s.expiresAt : n === Y.access_token_invalid ? a = c : n === Y.id_token_invalid ? a = r : a = r < c ? r : c;
|
|
133
133
|
const u = { ...s, idTokenPayload: i, accessTokenPayload: t, expiresAt: a };
|
|
@@ -152,15 +152,15 @@ const ye = (s, e = null, n) => {
|
|
|
152
152
|
issuedAt: s.issued_at
|
|
153
153
|
};
|
|
154
154
|
return "refresh_token" in s && (t.refreshToken = s.refresh_token), s.accessTokenPayload !== void 0 && (t.accessTokenPayload = s.accessTokenPayload), s.idTokenPayload !== void 0 && (t.idTokenPayload = s.idTokenPayload), ye(t, e, n);
|
|
155
|
-
},
|
|
155
|
+
}, U = (s, e) => {
|
|
156
156
|
const n = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = e - n;
|
|
157
157
|
return Math.round(t - s);
|
|
158
|
-
}, z = (s) => s ?
|
|
158
|
+
}, z = (s) => s ? U(0, s.expiresAt) > 0 : !1, Le = async (s, e = 200, n = 50) => {
|
|
159
159
|
let t = n;
|
|
160
160
|
if (!s.tokens)
|
|
161
161
|
return null;
|
|
162
162
|
for (; !z(s.tokens) && t > 0; )
|
|
163
|
-
await
|
|
163
|
+
await $({ milliseconds: e }), t = t - 1;
|
|
164
164
|
return {
|
|
165
165
|
isTokensValid: z(s.tokens),
|
|
166
166
|
tokens: s.tokens,
|
|
@@ -181,7 +181,7 @@ const ye = (s, e = null, n) => {
|
|
|
181
181
|
return { isValid: !1, reason: `Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}` };
|
|
182
182
|
}
|
|
183
183
|
return { isValid: !0, reason: "" };
|
|
184
|
-
},
|
|
184
|
+
}, K = function() {
|
|
185
185
|
const s = function() {
|
|
186
186
|
let a, u;
|
|
187
187
|
const f = (function() {
|
|
@@ -281,28 +281,28 @@ const ye = (s, e = null, n) => {
|
|
|
281
281
|
setInterval: r,
|
|
282
282
|
clearInterval: c
|
|
283
283
|
};
|
|
284
|
-
}(),
|
|
285
|
-
let
|
|
286
|
-
const
|
|
284
|
+
}(), ce = "7.13.2";
|
|
285
|
+
let le = null, q;
|
|
286
|
+
const $ = ({ milliseconds: s }) => new Promise((e) => K.setTimeout(e, s)), ke = (s = "/") => {
|
|
287
287
|
try {
|
|
288
|
-
|
|
288
|
+
q = new AbortController(), fetch(`${s}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: q.signal }).catch((t) => {
|
|
289
289
|
console.log(t);
|
|
290
|
-
}),
|
|
290
|
+
}), $({ milliseconds: 150 * 1e3 }).then(ke);
|
|
291
291
|
} catch (e) {
|
|
292
292
|
console.log(e);
|
|
293
293
|
}
|
|
294
|
-
},
|
|
295
|
-
|
|
296
|
-
},
|
|
294
|
+
}, De = () => {
|
|
295
|
+
q && q.abort();
|
|
296
|
+
}, $e = (s = "/") => fetch(`${s}OidcKeepAliveServiceWorker.json`, {
|
|
297
297
|
headers: {
|
|
298
298
|
"oidc-vanilla": "true"
|
|
299
299
|
}
|
|
300
300
|
}).then((e) => e.statusText === "oidc-service-worker").catch((e) => {
|
|
301
301
|
console.log(e);
|
|
302
|
-
}),
|
|
302
|
+
}), Re = (s) => async (e, n) => {
|
|
303
303
|
n(), await e.update();
|
|
304
304
|
const t = await e.unregister();
|
|
305
|
-
console.log(`Service worker unregistering ${t}`), await
|
|
305
|
+
console.log(`Service worker unregistering ${t}`), await $({ milliseconds: 2e3 }), s.reload();
|
|
306
306
|
}, b = (s) => (e) => new Promise(function(n, t) {
|
|
307
307
|
const o = new MessageChannel();
|
|
308
308
|
o.port1.onmessage = function(i) {
|
|
@@ -332,9 +332,9 @@ const U = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ke =
|
|
|
332
332
|
},
|
|
333
333
|
configurationName: e
|
|
334
334
|
}), P = x.version;
|
|
335
|
-
return P !==
|
|
335
|
+
return P !== ce && (console.warn(`Service worker ${P} version mismatch with js client version ${ce}, unregistering and reloading`), await O.service_worker_update_require_callback(t, De)), { tokens: ne(x.tokens, null, O.token_renew_mode), status: x.status };
|
|
336
336
|
}, r = (k = "/") => {
|
|
337
|
-
|
|
337
|
+
le == null && (le = "not_null", ke(k));
|
|
338
338
|
}, c = (k) => b(t)({ type: "setSessionState", data: { sessionState: k }, configurationName: e }), a = async () => (await b(t)({ type: "getSessionState", data: null, configurationName: e })).sessionState, u = (k) => (sessionStorage[`oidc.nonce.${e}`] = k.nonce, b(t)({ type: "setNonce", data: { nonce: k }, configurationName: e })), f = async () => {
|
|
339
339
|
let A = (await b(t)({ type: "getNonce", data: null, configurationName: e })).nonce;
|
|
340
340
|
return A || (A = sessionStorage[`oidc.nonce.${e}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: A };
|
|
@@ -344,7 +344,7 @@ const U = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ke =
|
|
|
344
344
|
clearAsync: o,
|
|
345
345
|
initAsync: i,
|
|
346
346
|
startKeepAliveServiceWorker: () => r(s.service_worker_keep_alive_path),
|
|
347
|
-
isServiceWorkerProxyActiveAsync: () =>
|
|
347
|
+
isServiceWorkerProxyActiveAsync: () => $e(s.service_worker_keep_alive_path),
|
|
348
348
|
setSessionStateAsync: c,
|
|
349
349
|
getSessionStateAsync: a,
|
|
350
350
|
setNonceAsync: u,
|
|
@@ -380,7 +380,7 @@ const U = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), ke =
|
|
|
380
380
|
}
|
|
381
381
|
};
|
|
382
382
|
};
|
|
383
|
-
async function
|
|
383
|
+
async function ue(s, e, n, t) {
|
|
384
384
|
const o = (a) => {
|
|
385
385
|
s.tokens = a;
|
|
386
386
|
}, { tokens: i, status: r } = await s.synchroniseTokensAsync(e, 0, n, t, o);
|
|
@@ -390,13 +390,13 @@ async function me(s, e, n = !1, t = null) {
|
|
|
390
390
|
const o = s.configuration, i = `${o.client_id}_${s.configurationName}_${o.authority}`;
|
|
391
391
|
let r = null;
|
|
392
392
|
const c = await E(s.configuration, s.configurationName);
|
|
393
|
-
return o.storage === window.sessionStorage && !c ? r = await
|
|
393
|
+
return o.storage === window.sessionStorage && !c ? r = await ue(s, e, n, t) : r = await navigator.locks.request(i, async (a) => await ue(s, e, n, t)), r ? (s.timeoutId && (s.timeoutId = V(s, r.refreshToken, s.tokens.expiresAt, t)), s.tokens) : null;
|
|
394
394
|
}
|
|
395
|
-
const
|
|
395
|
+
const V = (s, e, n, t = null) => {
|
|
396
396
|
const o = s.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
397
|
-
return
|
|
398
|
-
const r = { timeLeft:
|
|
399
|
-
s.publishEvent(
|
|
397
|
+
return K.setTimeout(async () => {
|
|
398
|
+
const r = { timeLeft: U(o, n) };
|
|
399
|
+
s.publishEvent(J.eventNames.token_timer, r), await me(s, e, !1, t);
|
|
400
400
|
}, 1e3);
|
|
401
401
|
}, te = (s, e, n) => (t = null, o = null, i = null) => {
|
|
402
402
|
if (!e.silent_redirect_uri || !e.silent_login_uri)
|
|
@@ -436,11 +436,11 @@ const M = (s, e, n, t = null) => {
|
|
|
436
436
|
} catch (r) {
|
|
437
437
|
throw n(m.silentLoginAsync_error, r), r;
|
|
438
438
|
}
|
|
439
|
-
},
|
|
439
|
+
}, Fe = (s, e, n, t, o) => (i = null, r = void 0) => {
|
|
440
440
|
i = { ...i };
|
|
441
441
|
const c = (u, f, d) => te(e, n, t.bind(o))(u, f, d);
|
|
442
442
|
return (async () => {
|
|
443
|
-
o.timeoutId &&
|
|
443
|
+
o.timeoutId && K.clearTimeout(o.timeoutId);
|
|
444
444
|
let u;
|
|
445
445
|
i && "state" in i && (u = i.state, delete i.state);
|
|
446
446
|
try {
|
|
@@ -449,12 +449,12 @@ const M = (s, e, n, t = null) => {
|
|
|
449
449
|
prompt: "none"
|
|
450
450
|
}, u, r);
|
|
451
451
|
if (d)
|
|
452
|
-
return o.tokens = d.tokens, t(m.token_aquired, {}), o.timeoutId =
|
|
452
|
+
return o.tokens = d.tokens, t(m.token_aquired, {}), o.timeoutId = V(o, o.tokens.refreshToken, o.tokens.expiresAt, i), {};
|
|
453
453
|
} catch (f) {
|
|
454
454
|
return f;
|
|
455
455
|
}
|
|
456
456
|
})();
|
|
457
|
-
},
|
|
457
|
+
}, Ue = (s, e, n) => (t, o, i, r = !1) => {
|
|
458
458
|
const c = (a, u = void 0, f = void 0) => te(s.configurationName, n, s.publishEvent.bind(s))(a, u, f);
|
|
459
459
|
return new Promise((a, u) => {
|
|
460
460
|
if (n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && t && i && !r) {
|
|
@@ -481,7 +481,7 @@ const M = (s, e, n, t = null) => {
|
|
|
481
481
|
await g.logoutOtherTabAsync(n.client_id, h.sub);
|
|
482
482
|
});
|
|
483
483
|
};
|
|
484
|
-
s.checkSessionIFrame = new
|
|
484
|
+
s.checkSessionIFrame = new Ie(f, o, t), s.checkSessionIFrame.load().then(() => {
|
|
485
485
|
s.checkSessionIFrame.start(i), a(s.checkSessionIFrame);
|
|
486
486
|
}).catch((d) => {
|
|
487
487
|
u(d);
|
|
@@ -490,20 +490,20 @@ const M = (s, e, n, t = null) => {
|
|
|
490
490
|
a(null);
|
|
491
491
|
});
|
|
492
492
|
};
|
|
493
|
-
var
|
|
494
|
-
for (var
|
|
495
|
-
C[
|
|
496
|
-
function
|
|
493
|
+
var Ve = Be, C = [], de = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
|
494
|
+
for (var B = 0, Ke = de.length; B < Ke; ++B)
|
|
495
|
+
C[B] = de[B];
|
|
496
|
+
function Me(s) {
|
|
497
497
|
return C[s >> 18 & 63] + C[s >> 12 & 63] + C[s >> 6 & 63] + C[s & 63];
|
|
498
498
|
}
|
|
499
|
-
function
|
|
499
|
+
function Je(s, e, n) {
|
|
500
500
|
for (var t, o = [], i = e; i < n; i += 3)
|
|
501
|
-
t = (s[i] << 16 & 16711680) + (s[i + 1] << 8 & 65280) + (s[i + 2] & 255), o.push(
|
|
501
|
+
t = (s[i] << 16 & 16711680) + (s[i + 1] << 8 & 65280) + (s[i + 2] & 255), o.push(Me(t));
|
|
502
502
|
return o.join("");
|
|
503
503
|
}
|
|
504
|
-
function
|
|
504
|
+
function Be(s) {
|
|
505
505
|
for (var e, n = s.length, t = n % 3, o = [], i = 16383, r = 0, c = n - t; r < c; r += i)
|
|
506
|
-
o.push(
|
|
506
|
+
o.push(Je(s, r, r + i > c ? c : r + i));
|
|
507
507
|
return t === 1 ? (e = s[n - 1], o.push(
|
|
508
508
|
C[e >> 2] + C[e << 4 & 63] + "=="
|
|
509
509
|
)) : t === 2 && (e = (s[n - 2] << 8) + s[n - 1], o.push(
|
|
@@ -513,23 +513,23 @@ function Je(s) {
|
|
|
513
513
|
const pe = () => {
|
|
514
514
|
const s = typeof window < "u" && !!window.crypto, e = s && !!window.crypto.subtle;
|
|
515
515
|
return { hasCrypto: s, hasSubtleCrypto: e };
|
|
516
|
-
}, Q = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
|
|
516
|
+
}, Q = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", qe = (s) => {
|
|
517
517
|
const e = [];
|
|
518
518
|
for (let n = 0; n < s.byteLength; n += 1) {
|
|
519
519
|
const t = s[n] % Q.length;
|
|
520
520
|
e.push(Q[t]);
|
|
521
521
|
}
|
|
522
522
|
return e.join("");
|
|
523
|
-
},
|
|
523
|
+
}, je = (s) => Ve(new Uint8Array(s)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, ""), Z = (s) => {
|
|
524
524
|
const e = new Uint8Array(s), { hasCrypto: n } = pe();
|
|
525
525
|
if (n)
|
|
526
526
|
window.crypto.getRandomValues(e);
|
|
527
527
|
else
|
|
528
528
|
for (let t = 0; t < s; t += 1)
|
|
529
529
|
e[t] = Math.random() * Q.length | 0;
|
|
530
|
-
return
|
|
530
|
+
return qe(e);
|
|
531
531
|
};
|
|
532
|
-
function
|
|
532
|
+
function He(s) {
|
|
533
533
|
const e = new ArrayBuffer(s.length), n = new Uint8Array(e);
|
|
534
534
|
for (let t = 0; t < s.length; t++)
|
|
535
535
|
n[t] = s.charCodeAt(t);
|
|
@@ -537,34 +537,34 @@ function je(s) {
|
|
|
537
537
|
}
|
|
538
538
|
function we(s) {
|
|
539
539
|
return new Promise((e, n) => {
|
|
540
|
-
crypto.subtle.digest("SHA-256",
|
|
540
|
+
crypto.subtle.digest("SHA-256", He(s)).then((t) => e(je(new Uint8Array(t))), (t) => n(t));
|
|
541
541
|
});
|
|
542
542
|
}
|
|
543
|
-
const
|
|
543
|
+
const Ge = (s) => {
|
|
544
544
|
if (s.length < 43 || s.length > 128)
|
|
545
545
|
return Promise.reject(new Error("Invalid code length."));
|
|
546
546
|
const { hasSubtleCrypto: e } = pe();
|
|
547
547
|
return e ? we(s) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
|
|
548
|
-
},
|
|
549
|
-
if (!
|
|
548
|
+
}, D = {}, Xe = (s, e = window.sessionStorage, n) => {
|
|
549
|
+
if (!D[s] && e) {
|
|
550
550
|
const o = e.getItem(s);
|
|
551
|
-
o && (
|
|
551
|
+
o && (D[s] = JSON.parse(o));
|
|
552
552
|
}
|
|
553
553
|
const t = 1e3 * n;
|
|
554
|
-
return
|
|
555
|
-
},
|
|
554
|
+
return D[s] && D[s].timestamp + t > Date.now() ? D[s].result : null;
|
|
555
|
+
}, Ye = (s, e, n = window.sessionStorage) => {
|
|
556
556
|
const t = Date.now();
|
|
557
|
-
|
|
558
|
-
},
|
|
559
|
-
const i = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, c =
|
|
557
|
+
D[s] = { result: e, timestamp: t }, n && n.setItem(s, JSON.stringify({ result: e, timestamp: t }));
|
|
558
|
+
}, ze = 60 * 60, Qe = (s) => async (e, n = ze, t = window.sessionStorage, o = 1e4) => {
|
|
559
|
+
const i = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, c = Xe(r, t, n);
|
|
560
560
|
if (c)
|
|
561
561
|
return new se(c);
|
|
562
|
-
const a = await
|
|
562
|
+
const a = await M(s)(i, {}, o);
|
|
563
563
|
if (a.status !== 200)
|
|
564
564
|
return null;
|
|
565
565
|
const u = await a.json();
|
|
566
|
-
return
|
|
567
|
-
},
|
|
566
|
+
return Ye(r, u, t), new se(u);
|
|
567
|
+
}, M = (s) => async (e, n = {}, t = 1e4, o = 0) => {
|
|
568
568
|
let i;
|
|
569
569
|
try {
|
|
570
570
|
const r = new AbortController();
|
|
@@ -572,7 +572,7 @@ const He = (s) => {
|
|
|
572
572
|
} catch (r) {
|
|
573
573
|
if (r.name === "AbortError" || r.message === "Network request failed") {
|
|
574
574
|
if (o <= 1)
|
|
575
|
-
return await
|
|
575
|
+
return await M(s)(e, n, t, o + 1);
|
|
576
576
|
throw r;
|
|
577
577
|
} else
|
|
578
578
|
throw console.error(r.message), r;
|
|
@@ -581,7 +581,7 @@ const He = (s) => {
|
|
|
581
581
|
}, ee = {
|
|
582
582
|
refresh_token: "refresh_token",
|
|
583
583
|
access_token: "access_token"
|
|
584
|
-
},
|
|
584
|
+
}, fe = (s) => async (e, n, t = ee.refresh_token, o, i = 1e4) => {
|
|
585
585
|
const r = {
|
|
586
586
|
token: n,
|
|
587
587
|
token_type_hint: t,
|
|
@@ -592,7 +592,7 @@ const He = (s) => {
|
|
|
592
592
|
c.push(`${d}=${l}`);
|
|
593
593
|
}
|
|
594
594
|
const a = c.join("&");
|
|
595
|
-
return (await
|
|
595
|
+
return (await M(s)(e, {
|
|
596
596
|
method: "POST",
|
|
597
597
|
headers: {
|
|
598
598
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
|
|
@@ -601,7 +601,7 @@ const He = (s) => {
|
|
|
601
601
|
}, i)).status !== 200 ? { success: !1 } : {
|
|
602
602
|
success: !0
|
|
603
603
|
};
|
|
604
|
-
},
|
|
604
|
+
}, Ze = (s) => async (e, n, t, o, i = {}, r, c = 1e4) => {
|
|
605
605
|
for (const [h, y] of Object.entries(t))
|
|
606
606
|
n[h] === void 0 && (n[h] = y);
|
|
607
607
|
const a = [];
|
|
@@ -609,7 +609,7 @@ const He = (s) => {
|
|
|
609
609
|
const y = encodeURIComponent(h), _ = encodeURIComponent(n[h]);
|
|
610
610
|
a.push(`${y}=${_}`);
|
|
611
611
|
}
|
|
612
|
-
const u = a.join("&"), f = await
|
|
612
|
+
const u = a.join("&"), f = await M(s)(e, {
|
|
613
613
|
method: "POST",
|
|
614
614
|
headers: {
|
|
615
615
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
@@ -621,28 +621,28 @@ const He = (s) => {
|
|
|
621
621
|
return { success: !1, status: f.status, demonstratingProofOfPossessionNonce: null };
|
|
622
622
|
const d = await f.json();
|
|
623
623
|
let l = null;
|
|
624
|
-
return f.headers.has(
|
|
624
|
+
return f.headers.has(j) && (l = f.headers.get(j)), {
|
|
625
625
|
success: !0,
|
|
626
626
|
data: ne(d, o, r),
|
|
627
627
|
demonstratingProofOfPossessionNonce: l
|
|
628
628
|
};
|
|
629
|
-
},
|
|
629
|
+
}, es = (s, e) => async (n, t) => {
|
|
630
630
|
t = t ? { ...t } : {};
|
|
631
|
-
const o = Z(128), i = await
|
|
631
|
+
const o = Z(128), i = await Ge(o);
|
|
632
632
|
await s.setCodeVerifierAsync(o), await s.setStateAsync(t.state), t.code_challenge = i, t.code_challenge_method = "S256";
|
|
633
633
|
let r = "";
|
|
634
634
|
if (t)
|
|
635
635
|
for (const [c, a] of Object.entries(t))
|
|
636
636
|
r === "" ? r += "?" : r += "&", r += `${c}=${encodeURIComponent(a)}`;
|
|
637
637
|
e.open(`${n}${r}`);
|
|
638
|
-
},
|
|
638
|
+
}, j = "DPoP-Nonce", ss = (s) => async (e, n, t, o, i = 1e4) => {
|
|
639
639
|
n = n ? { ...n } : {}, n.code_verifier = await s.getCodeVerifierAsync();
|
|
640
640
|
const r = [];
|
|
641
641
|
for (const d in n) {
|
|
642
642
|
const l = encodeURIComponent(d), h = encodeURIComponent(n[d]);
|
|
643
643
|
r.push(`${l}=${h}`);
|
|
644
644
|
}
|
|
645
|
-
const c = r.join("&"), a = await
|
|
645
|
+
const c = r.join("&"), a = await M(fetch)(e, {
|
|
646
646
|
method: "POST",
|
|
647
647
|
headers: {
|
|
648
648
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
@@ -653,7 +653,7 @@ const He = (s) => {
|
|
|
653
653
|
if (await Promise.all([s.setCodeVerifierAsync(null), s.setStateAsync(null)]), a.status !== 200)
|
|
654
654
|
return { success: !1, status: a.status };
|
|
655
655
|
let u = null;
|
|
656
|
-
a.headers.has(
|
|
656
|
+
a.headers.has(j) && (u = a.headers.get(j));
|
|
657
657
|
const f = await a.json();
|
|
658
658
|
return {
|
|
659
659
|
success: !0,
|
|
@@ -685,16 +685,16 @@ const He = (s) => {
|
|
|
685
685
|
search: n,
|
|
686
686
|
hash: t
|
|
687
687
|
};
|
|
688
|
-
},
|
|
688
|
+
}, As = (s) => {
|
|
689
689
|
const e = Ae(s);
|
|
690
690
|
let { path: n } = e;
|
|
691
691
|
n.endsWith("/") && (n = n.slice(0, -1));
|
|
692
692
|
let { hash: t } = e;
|
|
693
693
|
return t === "#_=_" && (t = ""), t && (n += t), n;
|
|
694
|
-
},
|
|
694
|
+
}, H = (s) => {
|
|
695
695
|
const e = Ae(s), { search: n } = e;
|
|
696
|
-
return
|
|
697
|
-
},
|
|
696
|
+
return ns(n);
|
|
697
|
+
}, ns = (s) => {
|
|
698
698
|
const e = {};
|
|
699
699
|
let n, t, o;
|
|
700
700
|
const i = s.split("&");
|
|
@@ -708,7 +708,7 @@ function Se(s) {
|
|
|
708
708
|
function ve(s) {
|
|
709
709
|
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
|
|
710
710
|
}
|
|
711
|
-
function
|
|
711
|
+
function ts(s) {
|
|
712
712
|
return encodeURIComponent(s).replace(/%([0-9A-F]{2})/g, function(t, o) {
|
|
713
713
|
return String.fromCharCode(parseInt(o, 16));
|
|
714
714
|
});
|
|
@@ -719,8 +719,8 @@ function Te(s) {
|
|
|
719
719
|
e += String.fromCharCode(n);
|
|
720
720
|
}), ve(e);
|
|
721
721
|
}
|
|
722
|
-
function
|
|
723
|
-
return ve(
|
|
722
|
+
function he(s) {
|
|
723
|
+
return ve(ts(s));
|
|
724
724
|
}
|
|
725
725
|
var be = {};
|
|
726
726
|
be.sign = (s, e, n, t = "dpop+jwt") => {
|
|
@@ -728,10 +728,10 @@ be.sign = (s, e, n, t = "dpop+jwt") => {
|
|
|
728
728
|
const o = {
|
|
729
729
|
// @ts-ignore
|
|
730
730
|
// JWT "headers" really means JWS "protected headers"
|
|
731
|
-
protected:
|
|
731
|
+
protected: he(JSON.stringify(e)),
|
|
732
732
|
// @ts-ignore
|
|
733
733
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
734
|
-
payload:
|
|
734
|
+
payload: he(JSON.stringify(n))
|
|
735
735
|
}, i = {
|
|
736
736
|
name: "ECDSA",
|
|
737
737
|
namedCurve: "P-256",
|
|
@@ -765,18 +765,18 @@ Pe.thumbprint = function(s) {
|
|
|
765
765
|
return Te(new Uint8Array(n));
|
|
766
766
|
});
|
|
767
767
|
};
|
|
768
|
-
const
|
|
768
|
+
const os = function() {
|
|
769
769
|
const s = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", e = "0123456789abcdef";
|
|
770
770
|
let n = 0, t = "";
|
|
771
771
|
for (let o = 0; o < 36; o++)
|
|
772
772
|
s[o] !== "-" && s[o] !== "4" && (n = Math.random() * 16 | 0), s[o] === "x" ? t += e[n] : s[o] === "y" ? (n &= 3, n |= 8, t += e[n]) : t += s[o];
|
|
773
773
|
return t;
|
|
774
|
-
},
|
|
774
|
+
}, is = () => oe.generate().then(function(s) {
|
|
775
775
|
return s;
|
|
776
776
|
}), Oe = (s, e = "POST", n, t = {}) => {
|
|
777
777
|
const o = {
|
|
778
778
|
// https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
|
|
779
|
-
jit: btoa(
|
|
779
|
+
jit: btoa(os()),
|
|
780
780
|
htm: e,
|
|
781
781
|
htu: n,
|
|
782
782
|
iat: Math.round(Date.now() / 1e3),
|
|
@@ -789,7 +789,7 @@ const ts = function() {
|
|
|
789
789
|
return r;
|
|
790
790
|
});
|
|
791
791
|
});
|
|
792
|
-
},
|
|
792
|
+
}, rs = (s, e, n, t, o) => (i = void 0, r = null, c = !1, a = void 0) => {
|
|
793
793
|
const u = r;
|
|
794
794
|
return r = { ...r }, (async () => {
|
|
795
795
|
const d = i || o.getPath();
|
|
@@ -816,15 +816,15 @@ const ts = function() {
|
|
|
816
816
|
response_type: "code",
|
|
817
817
|
...h
|
|
818
818
|
};
|
|
819
|
-
await
|
|
819
|
+
await es(w, o)(g.authorizationEndpoint, S);
|
|
820
820
|
} catch (l) {
|
|
821
821
|
throw n(m.loginAsync_error, l), l;
|
|
822
822
|
}
|
|
823
823
|
})();
|
|
824
|
-
},
|
|
824
|
+
}, as = (s) => async (e = !1) => {
|
|
825
825
|
try {
|
|
826
826
|
s.publishEvent(m.loginCallbackAsync_begin, {});
|
|
827
|
-
const n = s.configuration, t = n.client_id, o = e ? n.silent_redirect_uri : n.redirect_uri, i = n.authority, r = n.token_request_timeout, c = await s.initAsync(i, n.authority_configuration), a = s.location.getCurrentHref(), f =
|
|
827
|
+
const n = s.configuration, t = n.client_id, o = e ? n.silent_redirect_uri : n.redirect_uri, i = n.authority, r = n.token_request_timeout, c = await s.initAsync(i, n.authority_configuration), a = s.location.getCurrentHref(), f = H(a).session_state, d = await E(n, s.configurationName);
|
|
828
828
|
let l, h, y, _;
|
|
829
829
|
if (d)
|
|
830
830
|
await d.initAsync(c, "loginCallbackAsync", n), await d.setSessionStateAsync(f), h = await d.getNonceAsync(), y = d.getLoginParams(), _ = await d.getStateAsync(), d.startKeepAliveServiceWorker(), l = d;
|
|
@@ -832,7 +832,7 @@ const ts = function() {
|
|
|
832
832
|
const v = I(s.configurationName, n.storage ?? sessionStorage);
|
|
833
833
|
await v.setSessionStateAsync(f), h = await v.getNonceAsync(), y = v.getLoginParams(), _ = await v.getStateAsync(), l = v;
|
|
834
834
|
}
|
|
835
|
-
const g =
|
|
835
|
+
const g = H(a);
|
|
836
836
|
if (g.iss && g.iss !== c.issuer)
|
|
837
837
|
throw console.error(), new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);
|
|
838
838
|
if (g.state && g.state !== _)
|
|
@@ -844,20 +844,20 @@ const ts = function() {
|
|
|
844
844
|
redirect_uri: o
|
|
845
845
|
}, S = {};
|
|
846
846
|
if (n.token_request_extras)
|
|
847
|
-
for (const [v,
|
|
848
|
-
S[v] =
|
|
847
|
+
for (const [v, W] of Object.entries(n.token_request_extras))
|
|
848
|
+
S[v] = W;
|
|
849
849
|
if (y && y.extras)
|
|
850
|
-
for (const [v,
|
|
851
|
-
v.endsWith(":token_request") && (S[v.replace(":token_request", "")] =
|
|
852
|
-
const T = c.tokenEndpoint,
|
|
850
|
+
for (const [v, W] of Object.entries(y.extras))
|
|
851
|
+
v.endsWith(":token_request") && (S[v.replace(":token_request", "")] = W);
|
|
852
|
+
const T = c.tokenEndpoint, R = {};
|
|
853
853
|
if (n.demonstrating_proof_of_possession) {
|
|
854
|
-
const v = await
|
|
855
|
-
d ? await d.setDemonstratingProofOfPossessionJwkAsync(v) : await I(s.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(v),
|
|
854
|
+
const v = await is();
|
|
855
|
+
d ? await d.setDemonstratingProofOfPossessionJwkAsync(v) : await I(s.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(v), R.DPoP = await Oe(v, "POST", T);
|
|
856
856
|
}
|
|
857
|
-
const p = await
|
|
857
|
+
const p = await ss(l)(
|
|
858
858
|
T,
|
|
859
859
|
{ ...w, ...S },
|
|
860
|
-
|
|
860
|
+
R,
|
|
861
861
|
s.configuration.token_renew_mode,
|
|
862
862
|
r
|
|
863
863
|
);
|
|
@@ -890,14 +890,14 @@ const ts = function() {
|
|
|
890
890
|
} catch (n) {
|
|
891
891
|
throw console.error(n), s.publishEvent(m.loginCallbackAsync_error, n), n;
|
|
892
892
|
}
|
|
893
|
-
},
|
|
893
|
+
}, _e = {
|
|
894
894
|
access_token: "access_token",
|
|
895
895
|
refresh_token: "refresh_token"
|
|
896
|
-
},
|
|
897
|
-
|
|
896
|
+
}, cs = (s) => async (e) => {
|
|
897
|
+
K.clearTimeout(s.timeoutId), s.timeoutId = null, s.checkSessionIFrame && s.checkSessionIFrame.stop();
|
|
898
898
|
const n = await E(s.configuration, s.configurationName);
|
|
899
899
|
n ? await n.clearAsync(e) : await I(s.configurationName, s.configuration.storage).clearAsync(e), s.tokens = null, s.userInfo = null;
|
|
900
|
-
},
|
|
900
|
+
}, ls = (s, e, n, t, o) => async (i = void 0, r = null) => {
|
|
901
901
|
const c = s.configuration, a = await s.initAsync(c.authority, c.authority_configuration);
|
|
902
902
|
i && typeof i != "string" && (i = void 0, t.warn("callbackPathOrUrl path is not a string"));
|
|
903
903
|
const u = i ?? o.getPath();
|
|
@@ -908,13 +908,13 @@ const ts = function() {
|
|
|
908
908
|
const y = a.revocationEndpoint;
|
|
909
909
|
if (y) {
|
|
910
910
|
const _ = [], g = s.tokens ? s.tokens.accessToken : null;
|
|
911
|
-
if (g && c.logout_tokens_to_invalidate.includes(
|
|
912
|
-
const S =
|
|
911
|
+
if (g && c.logout_tokens_to_invalidate.includes(_e.access_token)) {
|
|
912
|
+
const S = fe(n)(y, g, ee.access_token, c.client_id);
|
|
913
913
|
_.push(S);
|
|
914
914
|
}
|
|
915
915
|
const w = s.tokens ? s.tokens.refreshToken : null;
|
|
916
|
-
if (w && c.logout_tokens_to_invalidate.includes(
|
|
917
|
-
const S =
|
|
916
|
+
if (w && c.logout_tokens_to_invalidate.includes(_e.refresh_token)) {
|
|
917
|
+
const S = fe(n)(y, w, ee.refresh_token, c.client_id);
|
|
918
918
|
_.push(S);
|
|
919
919
|
}
|
|
920
920
|
_.length > 0 && await Promise.all(_);
|
|
@@ -937,11 +937,11 @@ const ts = function() {
|
|
|
937
937
|
o.open(`${a.endSessionEndpoint}${y}`);
|
|
938
938
|
} else
|
|
939
939
|
o.reload();
|
|
940
|
-
},
|
|
940
|
+
}, us = (s) => async (e = !1) => {
|
|
941
941
|
if (s.userInfo != null && !e)
|
|
942
942
|
return s.userInfo;
|
|
943
943
|
for (; s.tokens && !z(s.tokens); )
|
|
944
|
-
await
|
|
944
|
+
await $({ milliseconds: 200 });
|
|
945
945
|
if (!s.tokens)
|
|
946
946
|
return null;
|
|
947
947
|
const n = s.tokens.accessToken;
|
|
@@ -957,7 +957,7 @@ const ts = function() {
|
|
|
957
957
|
})(n);
|
|
958
958
|
return s.userInfo = c, c;
|
|
959
959
|
};
|
|
960
|
-
class
|
|
960
|
+
class G {
|
|
961
961
|
open(e) {
|
|
962
962
|
window.open(e, "_self");
|
|
963
963
|
}
|
|
@@ -975,7 +975,7 @@ class X {
|
|
|
975
975
|
return window.origin;
|
|
976
976
|
}
|
|
977
977
|
}
|
|
978
|
-
const
|
|
978
|
+
const ds = (s) => !!(s.os === "iOS" && s.osVersion.startsWith("12") || s.os === "Mac OS X" && s.osVersion.startsWith("10_15_6")), fs = (s) => {
|
|
979
979
|
const e = s.appVersion, n = s.userAgent, t = "-";
|
|
980
980
|
let o = t;
|
|
981
981
|
const i = [
|
|
@@ -1032,7 +1032,7 @@ const us = (s) => !!(s.os === "iOS" && s.osVersion.startsWith("12") || s.os ===
|
|
|
1032
1032
|
osVersion: r
|
|
1033
1033
|
};
|
|
1034
1034
|
};
|
|
1035
|
-
function
|
|
1035
|
+
function hs() {
|
|
1036
1036
|
const s = navigator.userAgent;
|
|
1037
1037
|
let e, n = s.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
|
|
1038
1038
|
if (/trident/i.test(n[1]))
|
|
@@ -1050,29 +1050,29 @@ function fs() {
|
|
|
1050
1050
|
version: n[1]
|
|
1051
1051
|
};
|
|
1052
1052
|
}
|
|
1053
|
-
const
|
|
1054
|
-
const { name: s, version: e } =
|
|
1053
|
+
const _s = () => {
|
|
1054
|
+
const { name: s, version: e } = hs();
|
|
1055
1055
|
if (s === "chrome" && parseInt(e) <= 70 || s === "opera" && (!e || parseInt(e.split(".")[0]) < 80) || s === "ie")
|
|
1056
1056
|
return !1;
|
|
1057
|
-
const n =
|
|
1058
|
-
return !
|
|
1059
|
-
},
|
|
1057
|
+
const n = fs(navigator);
|
|
1058
|
+
return !ds(n);
|
|
1059
|
+
}, ys = () => fetch;
|
|
1060
1060
|
class se {
|
|
1061
1061
|
constructor(e) {
|
|
1062
1062
|
this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
|
|
1063
1063
|
}
|
|
1064
1064
|
}
|
|
1065
|
-
const
|
|
1065
|
+
const N = {}, gs = (s, e = new G()) => (n, t = "default") => (N[t] || (N[t] = new J(n, t, s, e)), N[t]), ks = async (s) => {
|
|
1066
1066
|
const { parsedTokens: e, callbackPath: n } = await s.loginCallbackAsync();
|
|
1067
|
-
return s.timeoutId =
|
|
1068
|
-
},
|
|
1069
|
-
constructor(e, n = "default", t, o = new
|
|
1067
|
+
return s.timeoutId = V(s, e.refreshToken, e.expiresAt), { callbackPath: n };
|
|
1068
|
+
}, ms = (s) => Math.floor(Math.random() * s), ie = class F {
|
|
1069
|
+
constructor(e, n = "default", t, o = new G()) {
|
|
1070
1070
|
this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
|
|
1071
1071
|
let i = e.silent_login_uri;
|
|
1072
1072
|
e.silent_redirect_uri && !e.silent_login_uri && (i = `${e.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
|
|
1073
1073
|
let r = e.refresh_time_before_tokens_expiration_in_second ?? 120;
|
|
1074
|
-
r > 60 && (r = r - Math.floor(Math.random() * 40)), this.location = o ?? new
|
|
1075
|
-
const c = e.service_worker_update_require_callback ??
|
|
1074
|
+
r > 60 && (r = r - Math.floor(Math.random() * 40)), this.location = o ?? new G();
|
|
1075
|
+
const c = e.service_worker_update_require_callback ?? Re(this.location);
|
|
1076
1076
|
this.configuration = {
|
|
1077
1077
|
...e,
|
|
1078
1078
|
silent_login_uri: i,
|
|
@@ -1084,12 +1084,12 @@ const W = {}, ys = (s, e = new X()) => (n, t = "default") => (W[t] || (W[t] = ne
|
|
|
1084
1084
|
authority_timeout_wellknowurl_in_millisecond: e.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
|
|
1085
1085
|
logout_tokens_to_invalidate: e.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"],
|
|
1086
1086
|
service_worker_update_require_callback: c,
|
|
1087
|
-
service_worker_activate: e.service_worker_activate ??
|
|
1087
|
+
service_worker_activate: e.service_worker_activate ?? _s,
|
|
1088
1088
|
storage: e.storage ?? sessionStorage
|
|
1089
|
-
}, this.getFetch = t ??
|
|
1089
|
+
}, this.getFetch = t ?? ys, this.configurationName = n, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.synchroniseTokensAsync.bind(this), this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
|
|
1090
1090
|
}
|
|
1091
1091
|
subscribeEvents(e) {
|
|
1092
|
-
const n =
|
|
1092
|
+
const n = ms(9999999999999).toString();
|
|
1093
1093
|
return this.events.push({ id: n, func: e }), n;
|
|
1094
1094
|
}
|
|
1095
1095
|
removeEventSubscription(e) {
|
|
@@ -1103,20 +1103,20 @@ const W = {}, ys = (s, e = new X()) => (n, t = "default") => (W[t] || (W[t] = ne
|
|
|
1103
1103
|
}
|
|
1104
1104
|
static get(e = "default") {
|
|
1105
1105
|
const n = typeof process > "u";
|
|
1106
|
-
if (!Object.prototype.hasOwnProperty.call(
|
|
1106
|
+
if (!Object.prototype.hasOwnProperty.call(N, e) && n)
|
|
1107
1107
|
throw Error(`OIDC library does seem initialized.
|
|
1108
1108
|
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);
|
|
1109
|
-
return
|
|
1109
|
+
return N[e];
|
|
1110
1110
|
}
|
|
1111
1111
|
_silentLoginCallbackFromIFrame() {
|
|
1112
1112
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
1113
|
-
const e = this.location, n =
|
|
1113
|
+
const e = this.location, n = H(e.getCurrentHref());
|
|
1114
1114
|
window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({ tokens: this.tokens, sessionState: n.session_state })}`, e.getOrigin());
|
|
1115
1115
|
}
|
|
1116
1116
|
}
|
|
1117
1117
|
_silentLoginErrorCallbackFromIFrame() {
|
|
1118
1118
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
1119
|
-
const e = this.location, n =
|
|
1119
|
+
const e = this.location, n = H(e.getCurrentHref());
|
|
1120
1120
|
window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({ error: n.error })}`, e.getOrigin());
|
|
1121
1121
|
}
|
|
1122
1122
|
}
|
|
@@ -1142,7 +1142,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1142
1142
|
issuer: n.issuer
|
|
1143
1143
|
});
|
|
1144
1144
|
const i = await E(this.configuration, this.configurationName) ? window.localStorage : null;
|
|
1145
|
-
return await
|
|
1145
|
+
return await Qe(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60, i, this.configuration.authority_timeout_wellknowurl_in_millisecond);
|
|
1146
1146
|
};
|
|
1147
1147
|
return this.initPromise = t(), this.initPromise.then((o) => (this.initPromise = null, o));
|
|
1148
1148
|
}
|
|
@@ -1161,7 +1161,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1161
1161
|
if (i) {
|
|
1162
1162
|
n.startKeepAliveServiceWorker(), this.tokens = i;
|
|
1163
1163
|
const r = n.getLoginParams(this.configurationName);
|
|
1164
|
-
this.timeoutId =
|
|
1164
|
+
this.timeoutId = V(this, this.tokens.refreshToken, this.tokens.expiresAt, r.extras);
|
|
1165
1165
|
const c = await n.getSessionStateAsync();
|
|
1166
1166
|
return await this.startCheckSessionAsync(o.check_session_iframe, t.client_id, c), this.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1167
1167
|
success: !0,
|
|
@@ -1180,7 +1180,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1180
1180
|
if (r) {
|
|
1181
1181
|
this.tokens = ye(r, null, t.token_renew_mode);
|
|
1182
1182
|
const c = i.getLoginParams();
|
|
1183
|
-
this.timeoutId =
|
|
1183
|
+
this.timeoutId = V(this, r.refreshToken, this.tokens.expiresAt, c.extras);
|
|
1184
1184
|
const a = await i.getSessionStateAsync();
|
|
1185
1185
|
return await this.startCheckSessionAsync(o.check_session_iframe, t.client_id, a), this.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1186
1186
|
success: !0,
|
|
@@ -1199,26 +1199,26 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1199
1199
|
return this.tryKeepExistingSessionPromise = e(), this.tryKeepExistingSessionPromise.then((n) => (this.tryKeepExistingSessionPromise = null, n));
|
|
1200
1200
|
}
|
|
1201
1201
|
async startCheckSessionAsync(e, n, t, o = !1) {
|
|
1202
|
-
await
|
|
1202
|
+
await Ue(this, N, this.configuration)(e, n, t, o);
|
|
1203
1203
|
}
|
|
1204
1204
|
async loginAsync(e = void 0, n = null, t = !1, o = void 0, i = !1) {
|
|
1205
|
-
return this.loginPromise !== null ? this.loginPromise : i ?
|
|
1205
|
+
return this.loginPromise !== null ? this.loginPromise : i ? Fe(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(n, o) : (this.loginPromise = rs(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, n, t, o), this.loginPromise.then((r) => (this.loginPromise = null, r)));
|
|
1206
1206
|
}
|
|
1207
1207
|
async loginCallbackAsync(e = !1) {
|
|
1208
1208
|
if (this.loginCallbackPromise !== null)
|
|
1209
1209
|
return this.loginCallbackPromise;
|
|
1210
1210
|
const n = async () => {
|
|
1211
|
-
const t = await
|
|
1212
|
-
return this.tokens = o, await E(this.configuration, this.configurationName) || I(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(
|
|
1211
|
+
const t = await as(this)(e), o = t.tokens;
|
|
1212
|
+
return this.tokens = o, await E(this.configuration, this.configurationName) || I(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(F.eventNames.token_aquired, o), { parsedTokens: o, state: t.state, callbackPath: t.callbackPath };
|
|
1213
1213
|
};
|
|
1214
1214
|
return this.loginCallbackPromise = n(), this.loginCallbackPromise.then((t) => (this.loginCallbackPromise = null, t));
|
|
1215
1215
|
}
|
|
1216
1216
|
async synchroniseTokensAsync(e, n = 0, t = !1, o = null, i) {
|
|
1217
1217
|
for (; !navigator.onLine && document.hidden; )
|
|
1218
|
-
await
|
|
1218
|
+
await $({ milliseconds: 1e3 }), this.publishEvent(m.refreshTokensAsync, { message: "wait because navigator is offline and hidden" });
|
|
1219
1219
|
let r = 6;
|
|
1220
1220
|
for (; !navigator.onLine && r > 0; )
|
|
1221
|
-
await
|
|
1221
|
+
await $({ milliseconds: 1e3 }), r--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
|
|
1222
1222
|
const a = document.hidden ? n : n + 1;
|
|
1223
1223
|
o || (o = {});
|
|
1224
1224
|
const u = this.configuration, f = (l, h, y = null) => te(this.configurationName, this.configuration, this.publishEvent.bind(this))(l, h, y), d = async () => {
|
|
@@ -1232,7 +1232,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1232
1232
|
prompt: "none"
|
|
1233
1233
|
}, l.state);
|
|
1234
1234
|
if (y)
|
|
1235
|
-
return i(y.tokens), this.publishEvent(
|
|
1235
|
+
return i(y.tokens), this.publishEvent(F.eventNames.token_renewed, {}), { tokens: y.tokens, status: "LOGGED" };
|
|
1236
1236
|
} catch (l) {
|
|
1237
1237
|
if (console.error(l), this.publishEvent(m.refreshTokensAsync_silent_error, { message: "exceptionSilent", exception: l.message }), l && l.message && l.message.startsWith("oidc"))
|
|
1238
1238
|
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent" }), { tokens: null, status: "SESSION_LOST" };
|
|
@@ -1251,7 +1251,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1251
1251
|
case "TOKENS_VALID":
|
|
1252
1252
|
return i(h), { tokens: h, status: "LOGGED_IN" };
|
|
1253
1253
|
case "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":
|
|
1254
|
-
return i(h), this.publishEvent(
|
|
1254
|
+
return i(h), this.publishEvent(F.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), { tokens: h, status: "LOGGED_IN" };
|
|
1255
1255
|
case "LOGOUT_FROM_ANOTHER_TAB":
|
|
1256
1256
|
return i(null), this.publishEvent(m.logout_from_another_tab, { status: "session syncTokensAsync" }), { tokens: null, status: "LOGGED_OUT" };
|
|
1257
1257
|
case "REQUIRE_SYNC_TOKENS":
|
|
@@ -1270,7 +1270,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1270
1270
|
refresh_token: h.refreshToken
|
|
1271
1271
|
}, k = await this.initAsync(w, u.authority_configuration), A = document.hidden ? 1e4 : 3e4 * 10, O = k.tokenEndpoint, x = {};
|
|
1272
1272
|
u.demonstrating_proof_of_possession && (x.DPoP = await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken, O, "POST"));
|
|
1273
|
-
const P = await
|
|
1273
|
+
const P = await Ze(this.getFetch())(
|
|
1274
1274
|
O,
|
|
1275
1275
|
p,
|
|
1276
1276
|
T,
|
|
@@ -1280,14 +1280,14 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1280
1280
|
A
|
|
1281
1281
|
);
|
|
1282
1282
|
if (P.success) {
|
|
1283
|
-
const { isValid: v, reason:
|
|
1283
|
+
const { isValid: v, reason: W } = ge(P.data, y.nonce, k);
|
|
1284
1284
|
if (!v)
|
|
1285
|
-
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${
|
|
1285
|
+
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${W}` }), { tokens: null, status: "SESSION_LOST" };
|
|
1286
1286
|
if (i(P.data), P.demonstratingProofOfPossessionNonce) {
|
|
1287
|
-
const
|
|
1288
|
-
|
|
1287
|
+
const re = await E(u, this.configurationName);
|
|
1288
|
+
re ? await re.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce) : await I(this.configurationName, u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce);
|
|
1289
1289
|
}
|
|
1290
|
-
return this.publishEvent(m.refreshTokensAsync_end, { success: P.success }), this.publishEvent(
|
|
1290
|
+
return this.publishEvent(m.refreshTokensAsync_end, { success: P.success }), this.publishEvent(F.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: P.data, status: "LOGGED_IN" };
|
|
1291
1291
|
} else
|
|
1292
1292
|
return this.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
1293
1293
|
message: "bad request",
|
|
@@ -1326,7 +1326,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1326
1326
|
if (!d || !l)
|
|
1327
1327
|
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: i };
|
|
1328
1328
|
if (l.issuedAt !== t.issuedAt) {
|
|
1329
|
-
const y =
|
|
1329
|
+
const y = U(e.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", _ = await a.getNonceAsync();
|
|
1330
1330
|
return { tokens: l, status: y, nonce: _ };
|
|
1331
1331
|
}
|
|
1332
1332
|
r = await a.getNonceAsync();
|
|
@@ -1336,30 +1336,30 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1336
1336
|
if (h === "SESSIONS_LOST")
|
|
1337
1337
|
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
|
|
1338
1338
|
if (l.issuedAt !== t.issuedAt) {
|
|
1339
|
-
const _ =
|
|
1339
|
+
const _ = U(e.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", g = await d.getNonceAsync();
|
|
1340
1340
|
return { tokens: l, status: _, nonce: g };
|
|
1341
1341
|
}
|
|
1342
1342
|
} else
|
|
1343
1343
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
1344
1344
|
r = await d.getNonceAsync();
|
|
1345
1345
|
}
|
|
1346
|
-
const f =
|
|
1346
|
+
const f = U(e.refresh_time_before_tokens_expiration_in_second, t.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
|
|
1347
1347
|
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status: f, nonce: r };
|
|
1348
1348
|
}
|
|
1349
1349
|
loginCallbackWithAutoTokensRenewAsync() {
|
|
1350
|
-
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise =
|
|
1350
|
+
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = ks(this), this.loginCallbackWithAutoTokensRenewPromise.then((e) => (this.loginCallbackWithAutoTokensRenewPromise = null, e)));
|
|
1351
1351
|
}
|
|
1352
1352
|
userInfoAsync(e = !1) {
|
|
1353
|
-
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise =
|
|
1353
|
+
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = us(this)(e), this.userInfoPromise.then((n) => (this.userInfoPromise = null, n)));
|
|
1354
1354
|
}
|
|
1355
1355
|
async renewTokensAsync(e = null) {
|
|
1356
1356
|
if (this.renewTokensPromise !== null)
|
|
1357
1357
|
return this.renewTokensPromise;
|
|
1358
1358
|
if (this.timeoutId)
|
|
1359
|
-
return
|
|
1359
|
+
return K.clearTimeout(this.timeoutId), this.renewTokensPromise = me(this, this.tokens.refreshToken, !0, e), this.renewTokensPromise.then((n) => (this.renewTokensPromise = null, n));
|
|
1360
1360
|
}
|
|
1361
1361
|
async destroyAsync(e) {
|
|
1362
|
-
return await
|
|
1362
|
+
return await cs(this)(e);
|
|
1363
1363
|
}
|
|
1364
1364
|
async logoutSameTabAsync(e, n) {
|
|
1365
1365
|
this.configuration.monitor_session && this.configuration.client_id === e && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (this.publishEvent(m.logout_from_same_tab, { message: n }), await this.destroyAsync("LOGGED_OUT"));
|
|
@@ -1368,12 +1368,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1368
1368
|
this.configuration.monitor_session && this.configuration.client_id === e && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_another_tab, { message: "SessionMonitor", sub: n }));
|
|
1369
1369
|
}
|
|
1370
1370
|
async logoutAsync(e = void 0, n = null) {
|
|
1371
|
-
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise =
|
|
1371
|
+
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = ls(this, N, this.getFetch(), console, this.location)(e, n), this.logoutPromise.then((t) => (this.logoutPromise = null, t)));
|
|
1372
1372
|
}
|
|
1373
1373
|
};
|
|
1374
|
-
|
|
1375
|
-
|
|
1376
|
-
|
|
1374
|
+
ie.getOrCreate = (s, e) => (n, t = "default") => gs(s, e)(n, t);
|
|
1375
|
+
ie.eventNames = m;
|
|
1376
|
+
let J = ie;
|
|
1377
|
+
const ps = (s, e) => async (...n) => {
|
|
1377
1378
|
var l;
|
|
1378
1379
|
const [t, o, ...i] = n, r = o ? { ...o } : { method: "GET" };
|
|
1379
1380
|
let c = new Headers();
|
|
@@ -1389,7 +1390,7 @@ const ms = (s, e) => async (...n) => {
|
|
|
1389
1390
|
}
|
|
1390
1391
|
const d = { ...r, headers: c };
|
|
1391
1392
|
return await s(t, d, ...i);
|
|
1392
|
-
},
|
|
1393
|
+
}, X = class Ee {
|
|
1393
1394
|
constructor(e) {
|
|
1394
1395
|
this._oidc = e;
|
|
1395
1396
|
}
|
|
@@ -1403,7 +1404,7 @@ const ms = (s, e) => async (...n) => {
|
|
|
1403
1404
|
this._oidc.publishEvent(e, n);
|
|
1404
1405
|
}
|
|
1405
1406
|
static get(e = "default") {
|
|
1406
|
-
return new
|
|
1407
|
+
return new Ee(J.get(e));
|
|
1407
1408
|
}
|
|
1408
1409
|
tryKeepExistingSessionAsync() {
|
|
1409
1410
|
return this._oidc.tryKeepExistingSessionAsync();
|
|
@@ -1433,22 +1434,23 @@ const ms = (s, e) => async (...n) => {
|
|
|
1433
1434
|
return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e, n, t);
|
|
1434
1435
|
}
|
|
1435
1436
|
async getValidTokenAsync(e = 200, n = 50) {
|
|
1436
|
-
return
|
|
1437
|
+
return Le(this._oidc, e, n);
|
|
1437
1438
|
}
|
|
1438
1439
|
fetchWithTokens(e) {
|
|
1439
|
-
return
|
|
1440
|
+
return ps(e, this);
|
|
1440
1441
|
}
|
|
1441
1442
|
async userInfoAsync(e = !1) {
|
|
1442
1443
|
return this._oidc.userInfoAsync(e);
|
|
1443
1444
|
}
|
|
1444
1445
|
};
|
|
1445
|
-
|
|
1446
|
-
|
|
1446
|
+
X.getOrCreate = (s, e = new G()) => (n, t = "default") => new X(J.getOrCreate(s, e)(n, t));
|
|
1447
|
+
X.eventNames = J.eventNames;
|
|
1448
|
+
let Ss = X;
|
|
1447
1449
|
export {
|
|
1448
|
-
|
|
1449
|
-
|
|
1450
|
+
Ss as OidcClient,
|
|
1451
|
+
G as OidcLocation,
|
|
1450
1452
|
Y as TokenRenewMode,
|
|
1451
|
-
|
|
1452
|
-
|
|
1453
|
-
|
|
1453
|
+
ys as getFetchDefault,
|
|
1454
|
+
H as getParseQueryStringFromLocation,
|
|
1455
|
+
As as getPath
|
|
1454
1456
|
};
|
package/dist/index.umd.cjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(C,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(C=typeof globalThis<"u"?globalThis:C||self,G(C["oidc-client"]={}))})(this,function(C){"use strict";const $=console;class xe{constructor(e,n,t,o=2e3,i=!0){this._callback=e,this._client_id=n,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?($.debug(e),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){$.debug("CheckSessionIFrame.start :"+e),this.stop();const n=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};n(),this._timer=window.setInterval(n,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},E=(s,e=sessionStorage)=>{const n=p=>(e[`oidc.${s}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${s}`])return e[`oidc.${s}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${s}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${s}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${s}`]=p},r=async()=>e[`oidc.session_state.${s}`],c=p=>{e[`oidc.nonce.${s}`]=p.nonce},a=p=>{e[`oidc.jwk.${s}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${s}`]),f=async()=>({nonce:e[`oidc.nonce.${s}`]}),d=async p=>{e[`oidc.dpop_nonce.${s}`]=p},l=()=>e[`oidc.dpop_nonce.${s}`],h=()=>e[`oidc.${s}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${s}`]).tokens}):null;let y={};return{clearAsync:n,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[s]=p,e[`oidc.login.${s}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${s}`];return y[s]||(y[s]=JSON.parse(p)),y[s]},getStateAsync:async()=>e[`oidc.state.${s}`],setStateAsync:async p=>{e[`oidc.state.${s}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${s}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${s}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},Ne=s=>decodeURIComponent(Array.prototype.map.call(atob(s),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),We=s=>JSON.parse(Ne(s.split(".")[1].replace("-","+").replace("_","/"))),ce=s=>{try{return s&&Le(s,".")===2?We(s):null}catch(e){console.warn(e)}return null},Le=(s,e)=>s.split(e).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function De(s,e,n){if(s.issuedAt){if(typeof s.issuedAt=="string")return parseInt(s.issuedAt,10)}else return e&&e.iat?e.iat:n&&n.iat?n.iat:new Date().getTime()/1e3;return s.issuedAt}const le=(s,e=null,n)=>{if(!s)return null;let t;const o=typeof s.expiresIn=="string"?parseInt(s.expiresIn,10):s.expiresIn;s.accessTokenPayload!==void 0?t=s.accessTokenPayload:t=ce(s.accessToken);const i=s.idTokenPayload?s.idTokenPayload:ce(s.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:s.issuedAt+o;s.issuedAt=De(s,t,i);let a;s.expiresAt?a=s.expiresAt:n===X.access_token_invalid?a=c:n===X.id_token_invalid?a=r:a=r<c?r:c;const u={...s,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in s)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},Z=(s,e,n)=>{if(!s)return null;if(!s.issued_at){const o=new Date().getTime()/1e3;s.issued_at=o}const t={accessToken:s.access_token,expiresIn:s.expires_in,idToken:s.id_token,scope:s.scope,tokenType:s.token_type,issuedAt:s.issued_at};return"refresh_token"in s&&(t.refreshToken=s.refresh_token),s.accessTokenPayload!==void 0&&(t.accessTokenPayload=s.accessTokenPayload),s.idTokenPayload!==void 0&&(t.idTokenPayload=s.idTokenPayload),le(t,e,n)},M=(s,e)=>{const n=new Date().getTime()/1e3,t=e-n;return Math.round(t-s)},ee=s=>s?M(0,s.expiresAt)>0:!1,$e=async(s,e=200,n=50)=>{let t=n;if(!s.tokens)return null;for(;!ee(s.tokens)&&t>0;)await R({milliseconds:e}),t=t-1;return{isTokensValid:ee(s.tokens),tokens:s.tokens,numberWaited:t-n}},ue=(s,e,n)=>{if(s.idTokenPayload){const t=s.idTokenPayload;if(n.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},K=function(){const s=function(){let a,u;const f=(function(){const l={},h={setTimeout:function(_,g,w){l[g]=setTimeout(function(){_.postMessage(g),l[g]=null},w)},setInterval:function(_,g,w){l[g]=setInterval(function(){_.postMessage(g)},w)},clearTimeout:function(_,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(_,g){clearInterval(l[g]),l[g]=null}};function y(_,g){const w=g.data[0],S=g.data[1],T=g.data[2];h[w]&&h[w](_,S,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!s){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),n={},t={};s.onmessage=function(a){const u=a.data,f=n[u];if(f){f(),n[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return s.postMessage(["setTimeout",f,u]),n[f]=a,f}function i(a){s.postMessage(["clearTimeout",a]),n[a]=null}function r(a,u){const f=e();return s.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){s.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.13.1";let fe=null,Y;const R=({milliseconds:s})=>new Promise(e=>K.setTimeout(e,s)),he=(s="/")=>{try{Y=new AbortController,fetch(`${s}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Y.signal}).catch(t=>{console.log(t)}),R({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},Re=()=>{Y&&Y.abort()},Fe=(s="/")=>fetch(`${s}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Ue=s=>async(e,n)=>{n(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await R({milliseconds:2e3}),s.reload()},b=s=>e=>new Promise(function(n,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):n(i.data)},s.active.postMessage(e,[o.port2])}),I=async(s,e)=>{const n=s.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!n||s.service_worker_activate()===!1)return null;let t=null;s.register?t=await s.service_worker_register(n):t=await navigator.serviceWorker.register(n);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,O)=>{const L=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:O.token_renew_mode,service_worker_convert_all_requests_to_cors:O.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=L.version;return P!==de&&(console.warn(`Service worker ${P} version mismatch with js client version ${de}, unregistering and reloading`),await O.service_worker_update_require_callback(t,Re)),{tokens:Z(L.tokens,null,O.token_renew_mode),status:L.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(s.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Fe(s.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(s,e,n,t){const o=a=>{s.tokens=a},{tokens:i,status:r}=await s.synchroniseTokensAsync(e,0,n,t,o);return await I(s.configuration,s.configurationName)||await E(s.configurationName,s.configuration.storage).setTokens(s.tokens),s.tokens?i:(await s.destroyAsync(r),null)}async function ye(s,e,n=!1,t=null){const o=s.configuration,i=`${o.client_id}_${s.configurationName}_${o.authority}`;let r=null;const c=await I(s.configuration,s.configurationName);return o.storage===window.sessionStorage&&!c?r=await _e(s,e,n,t):r=await navigator.locks.request(i,async a=>await _e(s,e,n,t)),r?(s.timeoutId&&(s.timeoutId=J(s,r.refreshToken,s.tokens.expiresAt,t)),s.tokens):null}const J=(s,e,n,t=null)=>{const o=s.configuration.refresh_time_before_tokens_expiration_in_second;return K.setTimeout(async()=>{const r={timeLeft:M(o,n)};s.publishEvent(D.eventNames.token_timer,r),await ye(s,e,!1,t)},1e3)},se=(s,e,n)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{n(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${s}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===u&&_.source===f.contentWindow){const g=`${s}_oidc_tokens:`,w=`${s}_oidc_error:`,S=_.data;if(S&&typeof S=="string"&&!h){if(S.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));n(m.silentLoginAsync_end,{}),f.remove(),h=!0,d(T)}else if(S.startsWith(w)){const T=JSON.parse(_.data.replace(w,""));n(m.silentLoginAsync_error,T),f.remove(),h=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(n(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),h=!0,l(new Error("timeout")))},y)}catch(h){f.remove(),n(m.silentLoginAsync_error,h),l(h)}})}catch(r){throw n(m.silentLoginAsync_error,r),r}},Ve=(s,e,n,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>se(e,n,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&K.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=n.extras?{...n.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=J(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Me=(s,e,n)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>se(s.configurationName,n,s.publishEvent.bind(s))(a,u,f);return new Promise((a,u)=>{if(n.silent_login_uri&&n.silent_redirect_uri&&n.monitor_session&&t&&i&&!r){const f=()=>{s.checkSessionIFrame.stop();const d=s.tokens;if(d===null)return;const l=d.idToken,h=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:n.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;s.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(n.client_id,h.sub)})};s.checkSessionIFrame=new xe(f,o,t),s.checkSessionIFrame.load().then(()=>{s.checkSessionIFrame.start(i),a(s.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Ke=qe,x=[],ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",z=0,Je=ge.length;z<Je;++z)x[z]=ge[z];function Be(s){return x[s>>18&63]+x[s>>12&63]+x[s>>6&63]+x[s&63]}function je(s,e,n){for(var t,o=[],i=e;i<n;i+=3)t=(s[i]<<16&16711680)+(s[i+1]<<8&65280)+(s[i+2]&255),o.push(Be(t));return o.join("")}function qe(s){for(var e,n=s.length,t=n%3,o=[],i=16383,r=0,c=n-t;r<c;r+=i)o.push(je(s,r,r+i>c?c:r+i));return t===1?(e=s[n-1],o.push(x[e>>2]+x[e<<4&63]+"==")):t===2&&(e=(s[n-2]<<8)+s[n-1],o.push(x[e>>10]+x[e>>4&63]+x[e<<2&63]+"=")),o.join("")}const ke=()=>{const s=typeof window<"u"&&!!window.crypto,e=s&&!!window.crypto.subtle;return{hasCrypto:s,hasSubtleCrypto:e}},ne="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",He=s=>{const e=[];for(let n=0;n<s.byteLength;n+=1){const t=s[n]%ne.length;e.push(ne[t])}return e.join("")},Ge=s=>Ke(new Uint8Array(s)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),te=s=>{const e=new Uint8Array(s),{hasCrypto:n}=ke();if(n)window.crypto.getRandomValues(e);else for(let t=0;t<s;t+=1)e[t]=Math.random()*ne.length|0;return He(e)};function Xe(s){const e=new ArrayBuffer(s.length),n=new Uint8Array(e);for(let t=0;t<s.length;t++)n[t]=s.charCodeAt(t);return n}function me(s){return new Promise((e,n)=>{crypto.subtle.digest("SHA-256",Xe(s)).then(t=>e(Ge(new Uint8Array(t))),t=>n(t))})}const Ye=s=>{if(s.length<43||s.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ke();return e?me(s):Promise.reject(new Error("window.crypto.subtle is unavailable."))},F={},ze=(s,e=window.sessionStorage,n)=>{if(!F[s]&&e){const o=e.getItem(s);o&&(F[s]=JSON.parse(o))}const t=1e3*n;return F[s]&&F[s].timestamp+t>Date.now()?F[s].result:null},Qe=(s,e,n=window.sessionStorage)=>{const t=Date.now();F[s]={result:e,timestamp:t},n&&n.setItem(s,JSON.stringify({result:e,timestamp:t}))},Ze=60*60,es=s=>async(e,n=Ze,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=ze(r,t,n);if(c)return new re(c);const a=await B(s)(i,{},o);if(a.status!==200)return null;const u=await a.json();return Qe(r,u,t),new re(u)},B=s=>async(e,n={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await s(e,{...n,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await B(s)(e,n,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},pe=s=>async(e,n,t=oe.refresh_token,o,i=1e4)=>{const r={token:n,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await B(s)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},ss=s=>async(e,n,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))n[h]===void 0&&(n[h]=y);const a=[];for(const h in n){const y=encodeURIComponent(h),_=encodeURIComponent(n[h]);a.push(`${y}=${_}`)}const u=a.join("&"),f=await B(s)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(Q)&&(l=f.headers.get(Q)),{success:!0,data:Z(d,o,r),demonstratingProofOfPossessionNonce:l}},ns=(s,e)=>async(n,t)=>{t=t?{...t}:{};const o=te(128),i=await Ye(o);await s.setCodeVerifierAsync(o),await s.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${n}${r}`)},Q="DPoP-Nonce",ts=s=>async(e,n,t,o,i=1e4)=>{n=n?{...n}:{},n.code_verifier=await s.getCodeVerifierAsync();const r=[];for(const d in n){const l=encodeURIComponent(d),h=encodeURIComponent(n[d]);r.push(`${l}=${h}`)}const c=r.join("&"),a=await B(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([s.setCodeVerifierAsync(null),s.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(Q)&&(u=a.headers.get(Q));const f=await a.json();return{success:!0,data:{state:n.state,tokens:Z(f,null,o),demonstratingProofOfPossessionNonce:u}}},we=s=>{const e=s.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let n=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],n=o[1])}return n.startsWith("?")&&(n=n.slice(1)),e&&{href:s,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:n,hash:t}},os=s=>{const e=we(s);let{path:n}=e;n.endsWith("/")&&(n=n.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(n+=t),n},j=s=>{const e=we(s),{search:n}=e;return is(n)},is=s=>{const e={};let n,t,o;const i=s.split("&");for(t=0,o=i.length;t<o;t++)n=i[t].split("="),e[decodeURIComponent(n[0])]=decodeURIComponent(n[1]);return e};function Ae(s){return new TextEncoder().encode(s)}function Se(s){return btoa(s).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function rs(s){return encodeURIComponent(s).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function ve(s){let e="";return s.forEach(function(n){e+=String.fromCharCode(n)}),Se(e)}function Te(s){return Se(rs(s))}var be={};be.sign=(s,e,n,t="dpop+jwt")=>{s=Object.assign({},s),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:s.kty,crv:s.crv,x:s.x,y:s.y});const o={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(n))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",s,i,r,c).then(function(a){const u=Ae(o.protected+"."+o.payload),f={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(f,a,u).then(function(d){return o.signature=ve(new Uint8Array(d)),o.protected+"."+o.payload+"."+o.signature})})};const ie={};ie.generate=function(){const s={name:"ECDSA",namedCurve:"P-256"},e=!0,n=["sign","verify"];return window.crypto.subtle.generateKey(s,e,n).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},ie.neuter=function(s){const e=Object.assign({},s);return delete e.d,e.key_ops=["verify"],e};var Pe={};Pe.thumbprint=function(s){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",s.crv).replace("X",s.x).replace("Y",s.y);return window.crypto.subtle.digest({name:"SHA-256"},Ae(e)).then(function(n){return ve(new Uint8Array(n))})};const as=function(){const s="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let n=0,t="";for(let o=0;o<36;o++)s[o]!=="-"&&s[o]!=="4"&&(n=Math.random()*16|0),s[o]==="x"?t+=e[n]:s[o]==="y"?(n&=3,n|=8,t+=e[n]):t+=s[o];return t},cs=()=>ie.generate().then(function(s){return s}),Oe=(s,e="POST",n,t={})=>{const o={jit:btoa(as()),htm:e,htu:n,iat:Math.round(Date.now()/1e3),...t};return Pe.thumbprint(s).then(function(i){return be.sign(s,{},o).then(function(r){return r})})},ls=(s,e,n,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=te(16)),n(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=te(12));const y={nonce:h.nonce},_=await I(e,s),g=await t(e.authority,e.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:d,extras:u}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),w=_;else{const T=E(s,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const S={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",...h};await ns(w,o)(g.authorizationEndpoint,S)}catch(l){throw n(m.loginAsync_error,l),l}})()},us=s=>async(e=!1)=>{try{s.publishEvent(m.loginCallbackAsync_begin,{});const n=s.configuration,t=n.client_id,o=e?n.silent_redirect_uri:n.redirect_uri,i=n.authority,r=n.token_request_timeout,c=await s.initAsync(i,n.authority_configuration),a=s.location.getCurrentHref(),f=j(a).session_state,d=await I(n,s.configurationName);let l,h,y,_;if(d)await d.initAsync(c,"loginCallbackAsync",n),await d.setSessionStateAsync(f),h=await d.getNonceAsync(),y=d.getLoginParams(),_=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const v=E(s.configurationName,n.storage??sessionStorage);await v.setSessionStateAsync(f),h=await v.getNonceAsync(),y=v.getLoginParams(),_=await v.getStateAsync(),l=v}const g=j(a);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:n.client_id,redirect_uri:o},S={};if(n.token_request_extras)for(const[v,V]of Object.entries(n.token_request_extras))S[v]=V;if(y&&y.extras)for(const[v,V]of Object.entries(y.extras))v.endsWith(":token_request")&&(S[v.replace(":token_request","")]=V);const T=c.tokenEndpoint,H={};if(n.demonstrating_proof_of_possession){const v=await cs();d?await d.setDemonstratingProofOfPossessionJwkAsync(v):await E(s.configurationName,n.storage).setDemonstratingProofOfPossessionJwkAsync(v),H.DPoP=await Oe(v,"POST",T)}const p=await ts(l)(T,{...w,...S},H,s.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,O=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==S.state)throw new Error("state is not valid");const{isValid:L,reason:P}=ue(A,h.nonce,c);if(!L)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(O&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",n),k=d.getLoginParams(),O&&await d.setDemonstratingProofOfPossessionNonce(O);else{const v=E(s.configurationName,n.storage);k=v.getLoginParams(),O&&await v.setDemonstratingProofOfPossessionNonce(O)}return await s.startCheckSessionAsync(c.checkSessionIframe,t,f,e),s.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(n){throw console.error(n),s.publishEvent(m.loginCallbackAsync_error,n),n}},Ee={access_token:"access_token",refresh_token:"refresh_token"},ds=s=>async e=>{K.clearTimeout(s.timeoutId),s.timeoutId=null,s.checkSessionIFrame&&s.checkSessionIFrame.stop();const n=await I(s.configuration,s.configurationName);n?await n.clearAsync(e):await E(s.configurationName,s.configuration.storage).clearAsync(e),s.tokens=null,s.userInfo=null},fs=(s,e,n,t,o)=>async(i=void 0,r=null)=>{const c=s.configuration,a=await s.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=s.tokens?s.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=s.tokens?s.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Ee.access_token)){const S=pe(n)(y,g,oe.access_token,c.client_id);_.push(S)}const w=s.tokens?s.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Ee.refresh_token)){const S=pe(n)(y,w,oe.refresh_token,c.client_id);_.push(S)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=s.tokens&&s.tokens.idTokenPayload?s.tokens.idTokenPayload.sub:null;await s.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==s&&await s.logoutSameTabAsync(s.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},hs=s=>async(e=!1)=>{if(s.userInfo!=null&&!e)return s.userInfo;for(;s.tokens&&!ee(s.tokens);)await R({milliseconds:200});if(!s.tokens)return null;const n=s.tokens.accessToken;if(!n)return null;const t=s.configuration,i=(await s.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(n);return s.userInfo=c,c};class q{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const _s=s=>!!(s.os==="iOS"&&s.osVersion.startsWith("12")||s.os==="Mac OS X"&&s.osVersion.startsWith("10_15_6")),ys=s=>{const e=s.appVersion,n=s.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(n)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0);break}}return{os:o,osVersion:r}};function gs(){const s=navigator.userAgent;let e,n=s.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(n[1]))return e=/\brv[ :]+(\d+)/g.exec(s)||[],{name:"ie",version:e[1]||""};if(n[1]==="Chrome"&&(e=s.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=s.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return n=n[2]?[n[1],n[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=s.match(/version\/(\d+)/i))!=null&&n.splice(1,1,e[1]),{name:n[0].toLowerCase(),version:n[1]}}const ks=()=>{const{name:s,version:e}=gs();if(s==="chrome"&&parseInt(e)<=70||s==="opera"&&(!e||parseInt(e.split(".")[0])<80)||s==="ie")return!1;const n=ys(navigator);return!_s(n)},Ie=()=>fetch;class re{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const N={},ms=(s,e=new q)=>(n,t="default")=>(N[t]||(N[t]=new D(n,t,s,e)),N[t]),ps=async s=>{const{parsedTokens:e,callbackPath:n}=await s.loginCallbackAsync();return s.timeoutId=J(s,e.refreshToken,e.expiresAt),{callbackPath:n}},ws=s=>Math.floor(Math.random()*s),W=class W{constructor(e,n="default",t,o=new q){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new q;const c=e.service_worker_update_require_callback??Ue(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??ks,storage:e.storage??sessionStorage},this.getFetch=t??Ie,this.configurationName=n,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const n=ws(9999999999999).toString();return this.events.push({id:n,func:e}),n}removeEventSubscription(e){const n=this.events.filter(t=>t.id!==e);this.events=n}publishEvent(e,n){this.events.forEach(t=>{t.func(e,n)})}static get(e="default"){const n=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(N,e)&&n)throw Error(`OIDC library does seem initialized.
|
|
2
|
-
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return N[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,n=j(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:n.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,n=j(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:n.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,n){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(n!=null)return new re({authorization_endpoint:n.authorization_endpoint,end_session_endpoint:n.end_session_endpoint,revocation_endpoint:n.revocation_endpoint,token_endpoint:n.token_endpoint,userinfo_endpoint:n.userinfo_endpoint,check_session_iframe:n.check_session_iframe,issuer:n.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await es(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let n;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(n=await I(t,this.configurationName),n){const{tokens:i}=await n.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){n.startKeepAliveServiceWorker(),this.tokens=i;const r=n.getLoginParams(this.configurationName);this.timeoutId=J(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await n.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=E(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=le(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=J(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n))}async startCheckSessionAsync(e,n,t,o=!1){await Me(this,N,this.configuration)(e,n,t,o)}async loginAsync(e=void 0,n=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ve(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(n,o):(this.loginPromise=ls(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,n,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const n=async()=>{const t=await us(this)(e),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||E(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(W.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=n(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,n=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await R({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await R({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?n:n+1;o||(o={});const u=this.configuration,f=(l,h,y=null)=>se(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,h,y),d=async()=>{try{let l;const h=await I(u,this.configurationName);h?l=h.getLoginParams():l=E(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(W.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(n>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:h,nonce:y}=await this.syncTokensInfoAsync(u,this.configurationName,this.tokens,t);switch(l){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(h),{tokens:h,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(h),this.publishEvent(W.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:h,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:n}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:n}),!e)return await d();const _=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:_,redirect_uri:g,grant_type:"refresh_token",refresh_token:h.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,O=k.tokenEndpoint,L={};u.demonstrating_proof_of_possession&&(L.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken,O,"POST"));const P=await ss(this.getFetch())(O,p,T,h,L,u.token_renew_mode,A);if(P.success){const{isValid:v,reason:V}=ue(P.data,y.nonce,k);if(!v)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${V}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ce=await I(u,this.configurationName);Ce?await Ce.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await E(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(W.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,n,t){const o=this.configuration,i={ath:await me(e)},r=await I(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=E(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Oe(a,t,n,i)}async syncTokensInfoAsync(e,n,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await I(e,n);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=M(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:l,status:y,nonce:_}}r=await a.getNonceAsync()}else{const d=E(n,e.storage??sessionStorage),{tokens:l,status:h}=await d.initAsync();if(l){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const _=M(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=M(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=ps(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=hs(this)(e),this.userInfoPromise.then(n=>(this.userInfoPromise=null,n)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return K.clearTimeout(this.timeoutId),this.renewTokensPromise=ye(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(n=>(this.renewTokensPromise=null,n))}async destroyAsync(e){return await ds(this)(e)}async logoutSameTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(this.publishEvent(m.logout_from_same_tab,{message:n}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:n}))}async logoutAsync(e=void 0,n=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=fs(this,N,this.getFetch(),console,this.location)(e,n),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};W.getOrCreate=(e,n)=>(t,o="default")=>ms(e,n)(t,o),W.eventNames=m;let D=W;const As=(s,e)=>async(...n)=>{var l;const[t,o,...i]=n,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await s(t,d,...i)},U=class U{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,n){this._oidc.publishEvent(e,n)}static get(e="default"){return new U(D.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,n=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,n,t,o,i)}logoutAsync(e=void 0,n=null){return this._oidc.logoutAsync(e,n)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,n,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,n,t)}async getValidTokenAsync(e=200,n=50){return $e(this._oidc,e,n)}fetchWithTokens(e){return As(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};U.getOrCreate=(e,n=new q)=>(t,o="default")=>new U(D.getOrCreate(e,n)(t,o)),U.eventNames=D.eventNames;let ae=U;C.OidcClient=ae,C.OidcLocation=q,C.TokenRenewMode=X,C.getFetchDefault=Ie,C.getParseQueryStringFromLocation=j,C.getPath=os,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})});
|
|
1
|
+
(function(C,H){typeof exports=="object"&&typeof module<"u"?H(exports):typeof define=="function"&&define.amd?define(["exports"],H):(C=typeof globalThis<"u"?globalThis:C||self,H(C["oidc-client"]={}))})(this,function(C){"use strict";const L=console;class Ne{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(L.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(L.debug(e),L.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):L.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){L.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(L.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},E=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${n}`]),f=async()=>({nonce:e[`oidc.nonce.${n}`]}),d=async p=>{e[`oidc.dpop_nonce.${n}`]=p},l=()=>e[`oidc.dpop_nonce.${n}`],h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},We=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=n=>JSON.parse(We(n.split(".")[1].replace("-","+").replace("_","/"))),ce=n=>{try{return n&&De(n,".")===2?Le(n):null}catch(e){console.warn(e)}return null},De=(n,e)=>n.split(e).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function $e(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const le=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=ce(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:ce(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=$e(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===G.access_token_invalid?a=c:s===G.id_token_invalid?a=r:a=r<c?r:c;const u={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},Z=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),le(t,e,s)},F=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ee=n=>n?F(0,n.expiresAt)>0:!1,Re=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ee(n.tokens)&&t>0;)await D({milliseconds:e}),t=t-1;return{isTokensValid:ee(n.tokens),tokens:n.tokens,numberWaited:t-s}},ue=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},U=function(){const n=function(){let a,u;const f=(function(){const l={},h={setTimeout:function(_,g,w){l[g]=setTimeout(function(){_.postMessage(g),l[g]=null},w)},setInterval:function(_,g,w){l[g]=setInterval(function(){_.postMessage(g)},w)},clearTimeout:function(_,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(_,g){clearInterval(l[g]),l[g]=null}};function y(_,g){const w=g.data[0],S=g.data[1],T=g.data[2];h[w]&&h[w](_,S,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const u=a.data,f=s[u];if(f){f(),s[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return n.postMessage(["setTimeout",f,u]),s[f]=a,f}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,u){const f=e();return n.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.13.2";let fe=null,X;const D=({milliseconds:n})=>new Promise(e=>U.setTimeout(e,n)),he=(n="/")=>{try{X=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),D({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},Fe=()=>{X&&X.abort()},Ue=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Ve=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await D({milliseconds:2e3}),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),I=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;let t=null;n.register?t=await n.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,O)=>{const W=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:O.token_renew_mode,service_worker_convert_all_requests_to_cors:O.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=W.version;return P!==de&&(console.warn(`Service worker ${P} version mismatch with js client version ${de}, unregistering and reloading`),await O.service_worker_update_require_callback(t,Fe)),{tokens:Z(W.tokens,null,O.token_renew_mode),status:W.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ue(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(n,e,s,t){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);return await I(n.configuration,n.configurationName)||await E(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?i:(await n.destroyAsync(r),null)}async function ye(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`;let r=null;const c=await I(n.configuration,n.configurationName);return o.storage===window.sessionStorage&&!c?r=await _e(n,e,s,t):r=await navigator.locks.request(i,async a=>await _e(n,e,s,t)),r?(n.timeoutId&&(n.timeoutId=V(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const V=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return U.setTimeout(async()=>{const r={timeLeft:F(o,s)};n.publishEvent(B.eventNames.token_timer,r),await ye(n,e,!1,t)},1e3)},ne=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${n}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===u&&_.source===f.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,S=_.data;if(S&&typeof S=="string"&&!h){if(S.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));s(m.silentLoginAsync_end,{}),f.remove(),h=!0,d(T)}else if(S.startsWith(w)){const T=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),h=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),h=!0,l(new Error("timeout")))},y)}catch(h){f.remove(),s(m.silentLoginAsync_error,h),l(h)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Me=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>ne(e,s,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&U.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=V(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Ke=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>ne(n.configurationName,s,n.publishEvent.bind(n))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{n.checkSessionIFrame.stop();const d=n.tokens;if(d===null)return;const l=d.idToken,h=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:s.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,h.sub)})};n.checkSessionIFrame=new Ne(f,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Je=He,x=[],ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Y=0,Be=ge.length;Y<Be;++Y)x[Y]=ge[Y];function je(n){return x[n>>18&63]+x[n>>12&63]+x[n>>6&63]+x[n&63]}function qe(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(je(t));return o.join("")}function He(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(qe(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(x[e>>2]+x[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(x[e>>10]+x[e>>4&63]+x[e<<2&63]+"=")),o.join("")}const ke=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ge=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%se.length;e.push(se[t])}return e.join("")},Xe=n=>Je(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),te=n=>{const e=new Uint8Array(n),{hasCrypto:s}=ke();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*se.length|0;return Ge(e)};function Ye(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function me(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",Ye(n)).then(t=>e(Xe(new Uint8Array(t))),t=>s(t))})}const ze=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ke();return e?me(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},$={},Qe=(n,e=window.sessionStorage,s)=>{if(!$[n]&&e){const o=e.getItem(n);o&&($[n]=JSON.parse(o))}const t=1e3*s;return $[n]&&$[n].timestamp+t>Date.now()?$[n].result:null},Ze=(n,e,s=window.sessionStorage)=>{const t=Date.now();$[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},en=60*60,nn=n=>async(e,s=en,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Qe(r,t,s);if(c)return new re(c);const a=await M(n)(i,{},o);if(a.status!==200)return null;const u=await a.json();return Ze(r,u,t),new re(u)},M=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await M(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},pe=n=>async(e,s,t=oe.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await M(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},sn=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))s[h]===void 0&&(s[h]=y);const a=[];for(const h in s){const y=encodeURIComponent(h),_=encodeURIComponent(s[h]);a.push(`${y}=${_}`)}const u=a.join("&"),f=await M(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(z)&&(l=f.headers.get(z)),{success:!0,data:Z(d,o,r),demonstratingProofOfPossessionNonce:l}},tn=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await ze(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},z="DPoP-Nonce",on=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const d in s){const l=encodeURIComponent(d),h=encodeURIComponent(s[d]);r.push(`${l}=${h}`)}const c=r.join("&"),a=await M(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(z)&&(u=a.headers.get(z));const f=await a.json();return{success:!0,data:{state:s.state,tokens:Z(f,null,o),demonstratingProofOfPossessionNonce:u}}},we=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},rn=n=>{const e=we(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},K=n=>{const e=we(n),{search:s}=e;return an(s)},an=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function Ae(n){return new TextEncoder().encode(n)}function Se(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function cn(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function ve(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),Se(e)}function Te(n){return Se(cn(n))}var be={};be.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,c).then(function(a){const u=Ae(o.protected+"."+o.payload),f={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(f,a,u).then(function(d){return o.signature=ve(new Uint8Array(d)),o.protected+"."+o.payload+"."+o.signature})})};const ie={};ie.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},ie.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var Pe={};Pe.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},Ae(e)).then(function(s){return ve(new Uint8Array(s))})};const ln=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},un=()=>ie.generate().then(function(n){return n}),Oe=(n,e="POST",s,t={})=>{const o={jit:btoa(ln()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return Pe.thumbprint(n).then(function(i){return be.sign(n,{},o).then(function(r){return r})})},dn=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=te(16)),s(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=te(12));const y={nonce:h.nonce},_=await I(e,n),g=await t(e.authority,e.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:d,extras:u}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),w=_;else{const T=E(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const S={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",...h};await tn(w,o)(g.authorizationEndpoint,S)}catch(l){throw s(m.loginAsync_error,l),l}})()},fn=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),f=K(a).session_state,d=await I(s,n.configurationName);let l,h,y,_;if(d)await d.initAsync(c,"loginCallbackAsync",s),await d.setSessionStateAsync(f),h=await d.getNonceAsync(),y=d.getLoginParams(),_=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const v=E(n.configurationName,s.storage??sessionStorage);await v.setSessionStateAsync(f),h=await v.getNonceAsync(),y=v.getLoginParams(),_=await v.getStateAsync(),l=v}const g=K(a);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},S={};if(s.token_request_extras)for(const[v,R]of Object.entries(s.token_request_extras))S[v]=R;if(y&&y.extras)for(const[v,R]of Object.entries(y.extras))v.endsWith(":token_request")&&(S[v.replace(":token_request","")]=R);const T=c.tokenEndpoint,j={};if(s.demonstrating_proof_of_possession){const v=await un();d?await d.setDemonstratingProofOfPossessionJwkAsync(v):await E(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(v),j.DPoP=await Oe(v,"POST",T)}const p=await on(l)(T,{...w,...S},j,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,O=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==S.state)throw new Error("state is not valid");const{isValid:W,reason:P}=ue(A,h.nonce,c);if(!W)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(O&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",s),k=d.getLoginParams(),O&&await d.setDemonstratingProofOfPossessionNonce(O);else{const v=E(n.configurationName,s.storage);k=v.getLoginParams(),O&&await v.setDemonstratingProofOfPossessionNonce(O)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,f,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Ee={access_token:"access_token",refresh_token:"refresh_token"},hn=n=>async e=>{U.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await I(n.configuration,n.configurationName);s?await s.clearAsync(e):await E(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},_n=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Ee.access_token)){const S=pe(s)(y,g,oe.access_token,c.client_id);_.push(S)}const w=n.tokens?n.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Ee.refresh_token)){const S=pe(s)(y,w,oe.refresh_token,c.client_id);_.push(S)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},yn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ee(n.tokens);)await D({milliseconds:200});if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(s);return n.userInfo=c,c};class J{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const gn=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),kn=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0);break}}return{os:o,osVersion:r}};function mn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const pn=()=>{const{name:n,version:e}=mn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=kn(navigator);return!gn(s)},Ie=()=>fetch;class re{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const N={},wn=(n,e=new J)=>(s,t="default")=>(N[t]||(N[t]=new B(s,t,n,e)),N[t]),An=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=V(n,e.refreshToken,e.expiresAt),{callbackPath:s}},Sn=n=>Math.floor(Math.random()*n),ae=class q{constructor(e,s="default",t,o=new J){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new J;const c=e.service_worker_update_require_callback??Ve(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??pn,storage:e.storage??sessionStorage},this.getFetch=t??Ie,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(N,e)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
+
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return N[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=K(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=K(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new re({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await nn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await I(t,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=V(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=E(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=le(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=V(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Ke(this,N,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Me(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=dn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await fn(this)(e),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||E(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await D({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await D({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?s:s+1;o||(o={});const u=this.configuration,f=(l,h,y=null)=>ne(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,h,y),d=async()=>{try{let l;const h=await I(u,this.configurationName);h?l=h.getLoginParams():l=E(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(q.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:h,nonce:y}=await this.syncTokensInfoAsync(u,this.configurationName,this.tokens,t);switch(l){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(h),{tokens:h,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(h),this.publishEvent(q.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:h,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),!e)return await d();const _=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:_,redirect_uri:g,grant_type:"refresh_token",refresh_token:h.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,O=k.tokenEndpoint,W={};u.demonstrating_proof_of_possession&&(W.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken,O,"POST"));const P=await sn(this.getFetch())(O,p,T,h,W,u.token_renew_mode,A);if(P.success){const{isValid:v,reason:R}=ue(P.data,y.nonce,k);if(!v)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${R}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ce=await I(u,this.configurationName);Ce?await Ce.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await E(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(q.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await me(e)},r=await I(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=E(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Oe(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await I(e,s);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=F(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:l,status:y,nonce:_}}r=await a.getNonceAsync()}else{const d=E(s,e.storage??sessionStorage),{tokens:l,status:h}=await d.initAsync();if(l){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const _=F(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=F(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=An(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=yn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return U.clearTimeout(this.timeoutId),this.renewTokensPromise=ye(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await hn(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=_n(this,N,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};ae.getOrCreate=(n,e)=>(s,t="default")=>wn(n,e)(s,t),ae.eventNames=m;let B=ae;const vn=(n,e)=>async(...s)=>{var l;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await n(t,d,...i)},Q=class xe{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new xe(B.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return Re(this._oidc,e,s)}fetchWithTokens(e){return vn(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};Q.getOrCreate=(n,e=new J)=>(s,t="default")=>new Q(B.getOrCreate(n,e)(s,t)),Q.eventNames=B.eventNames;let Tn=Q;C.OidcClient=Tn,C.OidcLocation=J,C.TokenRenewMode=G,C.getFetchDefault=Ie,C.getParseQueryStringFromLocation=K,C.getPath=rn,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})});
|
package/dist/version.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
declare const _default: "7.13.
|
|
1
|
+
declare const _default: "7.13.2";
|
|
2
2
|
export default _default;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axa-fr/oidc-client",
|
|
3
|
-
"version": "7.13.
|
|
3
|
+
"version": "7.13.2",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.umd.cjs",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"url": "https://github.com/AxaFrance/oidc-client.git"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@axa-fr/oidc-client-service-worker": "7.13.
|
|
23
|
+
"@axa-fr/oidc-client-service-worker": "7.13.2"
|
|
24
24
|
},
|
|
25
25
|
"devDependencies": {
|
|
26
26
|
"@testing-library/dom": "^9.3.3",
|
|
@@ -32,7 +32,7 @@
|
|
|
32
32
|
"cpy-cli": "^5.0.0",
|
|
33
33
|
"rimraf": "5.0.1",
|
|
34
34
|
"typescript": "5.1.6",
|
|
35
|
-
"vite": "^4.4.
|
|
35
|
+
"vite": "^4.4.12",
|
|
36
36
|
"vite-plugin-dts": "^3.3.0",
|
|
37
37
|
"vitest": "^0.33.0"
|
|
38
38
|
},
|
package/src/version.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export default '7.13.
|
|
1
|
+
export default '7.13.2';
|