@axa-fr/oidc-client 7.13.11 → 7.13.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.js +5 -3
  2. package/dist/index.umd.cjs +2 -2
  3. package/dist/login.d.ts.map +1 -1
  4. package/dist/version.d.ts +1 -1
  5. package/package.json +2 -2
  6. package/src/login.ts +6 -2
  7. package/src/version.ts +1 -1
package/dist/index.js CHANGED
@@ -282,7 +282,7 @@ const se = (n, e = null, s) => {
282
282
  setInterval: r,
283
283
  clearInterval: c
284
284
  };
285
- }(), le = "7.13.11";
285
+ }(), le = "7.13.12";
286
286
  let ue = null, q;
287
287
  const $ = ({ milliseconds: n }) => new Promise((e) => M.setTimeout(e, n)), ke = (n = "/") => {
288
288
  try {
@@ -845,10 +845,12 @@ const rn = function() {
845
845
  await S.setSessionStateAsync(f), h = await S.getNonceAsync(), y = S.getLoginParams(), _ = await S.getStateAsync(), l = S;
846
846
  }
847
847
  const g = H(a);
848
+ if (g.error || g.error_description)
849
+ throw new Error(`Error from OIDC server: ${g.error} - ${g.error_description}`);
848
850
  if (g.iss && g.iss !== c.issuer)
849
- throw console.error(), new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);
851
+ throw console.error(), new Error(`Issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);
850
852
  if (g.state && g.state !== _)
851
- throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);
853
+ throw new Error(`State not valid (expected: ${_}, received: ${g.state})`);
852
854
  const w = {
853
855
  code: g.code,
854
856
  grant_type: "authorization_code",
package/dist/index.umd.cjs CHANGED
@@ -1,2 +1,2 @@
1
- (function(I,H){typeof exports=="object"&&typeof module<"u"?H(exports):typeof define=="function"&&define.amd?define(["exports"],H):(I=typeof globalThis<"u"?globalThis:I||self,H(I["oidc-client"]={}))})(this,function(I){"use strict";const L=console;class Ne{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(L.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(L.debug(e),L.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):L.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){L.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(L.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},O=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${n}`]),f=async()=>({nonce:e[`oidc.nonce.${n}`]}),d=async p=>{e[`oidc.dpop_nonce.${n}`]=p},l=()=>e[`oidc.dpop_nonce.${n}`],h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},We=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=n=>JSON.parse(We(n.split(".")[1].replace("-","+").replace("_","/"))),le=n=>{try{return n&&De(n,".")===2?Le(n):null}catch(e){console.warn(e)}return null},De=(n,e)=>n.split(e).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function $e(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const Z=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=le(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:le(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=$e(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===G.access_token_invalid?a=c:s===G.id_token_invalid?a=r:a=r<c?r:c;const u={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},ee=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),Z(t,e,s)},U=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ne=n=>n?U(0,n.expiresAt)>0:!1,Re=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ne(n.tokens)&&t>0;)await D({milliseconds:e}),t=t-1;return{isTokensValid:ne(n.tokens),tokens:n.tokens,numberWaited:t-s}},ue=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},V=function(){const n=function(){let a,u;const f=(function(){const l={},h={setTimeout:function(_,g,w){l[g]=setTimeout(function(){_.postMessage(g),l[g]=null},w)},setInterval:function(_,g,w){l[g]=setInterval(function(){_.postMessage(g)},w)},clearTimeout:function(_,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(_,g){clearInterval(l[g]),l[g]=null}};function y(_,g){const w=g.data[0],v=g.data[1],T=g.data[2];h[w]&&h[w](_,v,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const u=a.data,f=s[u];if(f){f(),s[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return n.postMessage(["setTimeout",f,u]),s[f]=a,f}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,u){const f=e();return n.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.13.11";let fe=null,X;const D=({milliseconds:n})=>new Promise(e=>V.setTimeout(e,n)),he=(n="/")=>{try{X=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),D({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},Fe=()=>{X&&X.abort()},Ue=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Ve=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await D({milliseconds:2e3}),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),E=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;let t=null;n.register?t=await n.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,C)=>{const W=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=W.version;return P!==de&&(console.warn(`Service worker ${P} version mismatch with js client version ${de}, unregistering and reloading`),await C.service_worker_update_require_callback(t,Fe)),{tokens:ee(W.tokens,null,C.token_renew_mode),status:W.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ue(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(n,e,s,t){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);return await E(n.configuration,n.configurationName)||await O(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?i:(await n.destroyAsync(r),null)}async function Me(n,e){const s=await E(e,n.configurationName);if(s){const t=await n.initAsync(e.authority,e.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",e);return o}else{const t=O(n.configurationName,e.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=Z(o,n.tokens,e.token_renew_mode),o}}async function ye(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`;let r;const c=await E(n.configuration,n.configurationName);return(o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!c?r=await _e(n,e,s,t):r=await navigator.locks.request(i,{ifAvailable:!0},async a=>a?await _e(n,e,s,t):(n.publishEvent(R.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Me(n,o))),r?(n.timeoutId&&(n.timeoutId=M(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const M=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const r={timeLeft:U(o,s)};n.publishEvent(R.eventNames.token_timer,r),await ye(n,e,!1,t)},1e3)},se=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${n}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===u&&_.source===f.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,v=_.data;if(v&&typeof v=="string"&&!h){if(v.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));s(m.silentLoginAsync_end,{}),f.remove(),h=!0,d(T)}else if(v.startsWith(w)){const T=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),h=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),h=!0,l(new Error("timeout")))},y)}catch(h){f.remove(),s(m.silentLoginAsync_error,h),l(h)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Ke=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>se(e,s,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=M(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Je=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>se(n.configurationName,s,n.publishEvent.bind(n))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{n.checkSessionIFrame.stop();const d=n.tokens;if(d===null)return;const l=d.idToken,h=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:s.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,h.sub)})};n.checkSessionIFrame=new Ne(f,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Be=Ge,x=[],ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Y=0,je=ge.length;Y<je;++Y)x[Y]=ge[Y];function qe(n){return x[n>>18&63]+x[n>>12&63]+x[n>>6&63]+x[n&63]}function He(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(qe(t));return o.join("")}function Ge(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(He(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(x[e>>2]+x[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(x[e>>10]+x[e>>4&63]+x[e<<2&63]+"=")),o.join("")}const ke=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},te="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Xe=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%te.length;e.push(te[t])}return e.join("")},Ye=n=>Be(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),oe=n=>{const e=new Uint8Array(n),{hasCrypto:s}=ke();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*te.length|0;return Xe(e)};function ze(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function me(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",ze(n)).then(t=>e(Ye(new Uint8Array(t))),t=>s(t))})}const Qe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ke();return e?me(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},$={},Ze=(n,e=window.sessionStorage,s)=>{if(!$[n]&&e){const o=e.getItem(n);o&&($[n]=JSON.parse(o))}const t=1e3*s;return $[n]&&$[n].timestamp+t>Date.now()?$[n].result:null},en=(n,e,s=window.sessionStorage)=>{const t=Date.now();$[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},nn=60*60,sn=n=>async(e,s=nn,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Ze(r,t,s);if(c)return new ae(c);const a=await K(n)(i,{},o);if(a.status!==200)return null;const u=await a.json();return en(r,u,t),new ae(u)},K=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await K(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},ie={refresh_token:"refresh_token",access_token:"access_token"},pe=n=>async(e,s,t=ie.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},tn=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))s[h]===void 0&&(s[h]=y);const a=[];for(const h in s){const y=encodeURIComponent(h),_=encodeURIComponent(s[h]);a.push(`${y}=${_}`)}const u=a.join("&"),f=await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(z)&&(l=f.headers.get(z)),{success:!0,data:ee(d,o,r),demonstratingProofOfPossessionNonce:l}},on=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=oe(128),i=await Qe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},z="DPoP-Nonce",rn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const d in s){const l=encodeURIComponent(d),h=encodeURIComponent(s[d]);r.push(`${l}=${h}`)}const c=r.join("&"),a=await K(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(z)&&(u=a.headers.get(z));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ee(f,null,o),demonstratingProofOfPossessionNonce:u}}},we=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},an=n=>{const e=we(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},J=n=>{const e=we(n),{search:s}=e;return cn(s)},cn=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function Ae(n){return new TextEncoder().encode(n)}function ve(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function ln(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Se(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),ve(e)}function Te(n){return ve(ln(n))}var be={};be.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,c).then(function(a){const u=Ae(o.protected+"."+o.payload),f={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(f,a,u).then(function(d){return o.signature=Se(new Uint8Array(d)),o.protected+"."+o.payload+"."+o.signature})})};const re={};re.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},re.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var Pe={};Pe.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},Ae(e)).then(function(s){return Se(new Uint8Array(s))})};const un=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},dn=()=>re.generate().then(function(n){return n}),Oe=(n,e="POST",s,t={})=>{const o={jti:btoa(un()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return Pe.thumbprint(n).then(function(i){return be.sign(n,{},o).then(function(r){return r})})},fn=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=oe(16)),s(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=oe(12));const y={nonce:h.nonce},_=await E(e,n),g=await t(e.authority,e.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:d,extras:u}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),w=_;else{const T=O(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const v={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",...h};await on(w,o)(g.authorizationEndpoint,v)}catch(l){throw s(m.loginAsync_error,l),l}})()},hn=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),f=J(a).session_state,d=await E(s,n.configurationName);let l,h,y,_;if(d)await d.initAsync(c,"loginCallbackAsync",s),await d.setSessionStateAsync(f),h=await d.getNonceAsync(),y=d.getLoginParams(),_=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const S=O(n.configurationName,s.storage??sessionStorage);await S.setSessionStateAsync(f),h=await S.getNonceAsync(),y=S.getLoginParams(),_=await S.getStateAsync(),l=S}const g=J(a);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},v={};if(s.token_request_extras)for(const[S,F]of Object.entries(s.token_request_extras))v[S]=F;if(y&&y.extras)for(const[S,F]of Object.entries(y.extras))S.endsWith(":token_request")&&(v[S.replace(":token_request","")]=F);const T=c.tokenEndpoint,j={};if(s.demonstrating_proof_of_possession){const S=await dn();d?await d.setDemonstratingProofOfPossessionJwkAsync(S):await O(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(S),j.DPoP=await Oe(S,"POST",T)}const p=await rn(l)(T,{...w,...v},j,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:W,reason:P}=ue(A,h.nonce,c);if(!W)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",s),k=d.getLoginParams(),C&&await d.setDemonstratingProofOfPossessionNonce(C);else{const S=O(n.configurationName,s.storage);k=S.getLoginParams(),C&&await S.setDemonstratingProofOfPossessionNonce(C)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,f,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Ee={access_token:"access_token",refresh_token:"refresh_token"},_n=n=>async e=>{V.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await E(n.configuration,n.configurationName);s?await s.clearAsync(e):await O(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},yn=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Ee.access_token)){const v=pe(s)(y,g,ie.access_token,c.client_id);_.push(v)}const w=n.tokens?n.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Ee.refresh_token)){const v=pe(s)(y,w,ie.refresh_token,c.client_id);_.push(v)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},gn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ne(n.tokens);)await D({milliseconds:200});if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(s);return n.userInfo=c,c};class B{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const kn=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),mn=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);c!=null&&c.length>2&&(r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:r}};function pn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const wn=()=>{const{name:n,version:e}=pn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=mn(navigator);return!kn(s)},Ce=()=>fetch;class ae{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const N={},An=(n,e=new B)=>(s,t="default")=>(N[t]||(N[t]=new R(s,t,n,e)),N[t]),vn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=M(n,e.refreshToken,e.expiresAt),{callbackPath:s}},Sn=n=>Math.floor(Math.random()*n),ce=class q{constructor(e,s="default",t,o=new B){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new B;const c=e.service_worker_update_require_callback??Ve(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??wn},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(N,e)&&s)throw Error(`OIDC library does seem initialized.
2
- Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return N[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await E(this.configuration,this.configurationName)?window.localStorage:null;return await sn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await E(t,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=M(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=O(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=Z(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=M(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Je(this,N,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ke(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=fn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(e),o=t.tokens;return this.tokens=o,await E(this.configuration,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await D({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await D({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?s:s+1;o||(o={});const u=this.configuration,f=(l,h,y=null)=>se(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,h,y),d=async()=>{try{let l;const h=await E(u,this.configurationName);h?l=h.getLoginParams():l=O(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(q.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:h,nonce:y}=await this.syncTokensInfoAsync(u,this.configurationName,this.tokens,t);switch(l){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(h),{tokens:h,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(h),this.publishEvent(q.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:h,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),!e)return await d();const _=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:_,redirect_uri:g,grant_type:"refresh_token",refresh_token:h.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,C=k.tokenEndpoint,W={};u.demonstrating_proof_of_possession&&(W.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken,C,"POST"));const P=await tn(this.getFetch())(C,p,T,h,W,u.token_renew_mode,A);if(P.success){const{isValid:S,reason:F}=ue(P.data,y.nonce,k);if(!S)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ie=await E(u,this.configurationName);Ie?await Ie.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await O(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(q.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await me(e)},r=await E(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=O(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Oe(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await E(e,s);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:l,status:y,nonce:_}}r=await a.getNonceAsync()}else{const d=O(s,e.storage??sessionStorage),{tokens:l,status:h}=await d.initAsync();if(l){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const _=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=U(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=vn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=gn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=ye(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await _n(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=yn(this,N,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};ce.getOrCreate=(n,e)=>(s,t="default")=>An(n,e)(s,t),ce.eventNames=m;let R=ce;const Tn=(n,e)=>async(...s)=>{var l;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await n(t,d,...i)},Q=class xe{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new xe(R.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return Re(this._oidc,e,s)}fetchWithTokens(e){return Tn(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};Q.getOrCreate=(n,e=new B)=>(s,t="default")=>new Q(R.getOrCreate(n,e)(s,t)),Q.eventNames=R.eventNames;let bn=Q;I.OidcClient=bn,I.OidcLocation=B,I.TokenRenewMode=G,I.getFetchDefault=Ce,I.getParseQueryStringFromLocation=J,I.getPath=an,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});
1
+ (function(C,H){typeof exports=="object"&&typeof module<"u"?H(exports):typeof define=="function"&&define.amd?define(["exports"],H):(C=typeof globalThis<"u"?globalThis:C||self,H(C["oidc-client"]={}))})(this,function(C){"use strict";const L=console;class Ne{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(L.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(L.debug(e),L.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):L.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){L.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(L.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},O=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${n}`]),f=async()=>({nonce:e[`oidc.nonce.${n}`]}),d=async p=>{e[`oidc.dpop_nonce.${n}`]=p},l=()=>e[`oidc.dpop_nonce.${n}`],h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},We=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=n=>JSON.parse(We(n.split(".")[1].replace("-","+").replace("_","/"))),le=n=>{try{return n&&De(n,".")===2?Le(n):null}catch(e){console.warn(e)}return null},De=(n,e)=>n.split(e).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function $e(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const Z=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=le(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:le(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=$e(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===G.access_token_invalid?a=c:s===G.id_token_invalid?a=r:a=r<c?r:c;const u={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},ee=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),Z(t,e,s)},U=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ne=n=>n?U(0,n.expiresAt)>0:!1,Re=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ne(n.tokens)&&t>0;)await D({milliseconds:e}),t=t-1;return{isTokensValid:ne(n.tokens),tokens:n.tokens,numberWaited:t-s}},ue=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},V=function(){const n=function(){let a,u;const f=(function(){const l={},h={setTimeout:function(_,g,w){l[g]=setTimeout(function(){_.postMessage(g),l[g]=null},w)},setInterval:function(_,g,w){l[g]=setInterval(function(){_.postMessage(g)},w)},clearTimeout:function(_,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(_,g){clearInterval(l[g]),l[g]=null}};function y(_,g){const w=g.data[0],v=g.data[1],T=g.data[2];h[w]&&h[w](_,v,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const u=a.data,f=s[u];if(f){f(),s[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return n.postMessage(["setTimeout",f,u]),s[f]=a,f}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,u){const f=e();return n.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.13.12";let fe=null,X;const D=({milliseconds:n})=>new Promise(e=>V.setTimeout(e,n)),he=(n="/")=>{try{X=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),D({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},Fe=()=>{X&&X.abort()},Ue=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Ve=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await D({milliseconds:2e3}),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),E=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;let t=null;n.register?t=await n.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,I)=>{const W=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:I.token_renew_mode,service_worker_convert_all_requests_to_cors:I.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=W.version;return P!==de&&(console.warn(`Service worker ${P} version mismatch with js client version ${de}, unregistering and reloading`),await I.service_worker_update_require_callback(t,Fe)),{tokens:ee(W.tokens,null,I.token_renew_mode),status:W.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ue(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(n,e,s,t){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);return await E(n.configuration,n.configurationName)||await O(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?i:(await n.destroyAsync(r),null)}async function Me(n,e){const s=await E(e,n.configurationName);if(s){const t=await n.initAsync(e.authority,e.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",e);return o}else{const t=O(n.configurationName,e.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=Z(o,n.tokens,e.token_renew_mode),o}}async function ye(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`;let r;const c=await E(n.configuration,n.configurationName);return(o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!c?r=await _e(n,e,s,t):r=await navigator.locks.request(i,{ifAvailable:!0},async a=>a?await _e(n,e,s,t):(n.publishEvent(R.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Me(n,o))),r?(n.timeoutId&&(n.timeoutId=M(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const M=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const r={timeLeft:U(o,s)};n.publishEvent(R.eventNames.token_timer,r),await ye(n,e,!1,t)},1e3)},se=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${n}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===u&&_.source===f.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,v=_.data;if(v&&typeof v=="string"&&!h){if(v.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));s(m.silentLoginAsync_end,{}),f.remove(),h=!0,d(T)}else if(v.startsWith(w)){const T=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),h=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),h=!0,l(new Error("timeout")))},y)}catch(h){f.remove(),s(m.silentLoginAsync_error,h),l(h)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Ke=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>se(e,s,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=M(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Je=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>se(n.configurationName,s,n.publishEvent.bind(n))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{n.checkSessionIFrame.stop();const d=n.tokens;if(d===null)return;const l=d.idToken,h=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:s.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,h.sub)})};n.checkSessionIFrame=new Ne(f,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Be=Ge,x=[],ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Y=0,je=ge.length;Y<je;++Y)x[Y]=ge[Y];function qe(n){return x[n>>18&63]+x[n>>12&63]+x[n>>6&63]+x[n&63]}function He(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(qe(t));return o.join("")}function Ge(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(He(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(x[e>>2]+x[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(x[e>>10]+x[e>>4&63]+x[e<<2&63]+"=")),o.join("")}const ke=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},te="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Xe=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%te.length;e.push(te[t])}return e.join("")},Ye=n=>Be(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),oe=n=>{const e=new Uint8Array(n),{hasCrypto:s}=ke();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*te.length|0;return Xe(e)};function ze(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function me(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",ze(n)).then(t=>e(Ye(new Uint8Array(t))),t=>s(t))})}const Qe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ke();return e?me(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},$={},Ze=(n,e=window.sessionStorage,s)=>{if(!$[n]&&e){const o=e.getItem(n);o&&($[n]=JSON.parse(o))}const t=1e3*s;return $[n]&&$[n].timestamp+t>Date.now()?$[n].result:null},en=(n,e,s=window.sessionStorage)=>{const t=Date.now();$[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},nn=60*60,sn=n=>async(e,s=nn,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Ze(r,t,s);if(c)return new ae(c);const a=await K(n)(i,{},o);if(a.status!==200)return null;const u=await a.json();return en(r,u,t),new ae(u)},K=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await K(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},ie={refresh_token:"refresh_token",access_token:"access_token"},pe=n=>async(e,s,t=ie.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},tn=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))s[h]===void 0&&(s[h]=y);const a=[];for(const h in s){const y=encodeURIComponent(h),_=encodeURIComponent(s[h]);a.push(`${y}=${_}`)}const u=a.join("&"),f=await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(z)&&(l=f.headers.get(z)),{success:!0,data:ee(d,o,r),demonstratingProofOfPossessionNonce:l}},on=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=oe(128),i=await Qe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},z="DPoP-Nonce",rn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const d in s){const l=encodeURIComponent(d),h=encodeURIComponent(s[d]);r.push(`${l}=${h}`)}const c=r.join("&"),a=await K(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(z)&&(u=a.headers.get(z));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ee(f,null,o),demonstratingProofOfPossessionNonce:u}}},we=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},an=n=>{const e=we(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},J=n=>{const e=we(n),{search:s}=e;return cn(s)},cn=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function Ae(n){return new TextEncoder().encode(n)}function ve(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function ln(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Se(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),ve(e)}function Te(n){return ve(ln(n))}var be={};be.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,c).then(function(a){const u=Ae(o.protected+"."+o.payload),f={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(f,a,u).then(function(d){return o.signature=Se(new Uint8Array(d)),o.protected+"."+o.payload+"."+o.signature})})};const re={};re.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},re.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var Pe={};Pe.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},Ae(e)).then(function(s){return Se(new Uint8Array(s))})};const un=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},dn=()=>re.generate().then(function(n){return n}),Oe=(n,e="POST",s,t={})=>{const o={jti:btoa(un()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return Pe.thumbprint(n).then(function(i){return be.sign(n,{},o).then(function(r){return r})})},fn=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=oe(16)),s(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=oe(12));const y={nonce:h.nonce},_=await E(e,n),g=await t(e.authority,e.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:d,extras:u}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),w=_;else{const T=O(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const v={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",...h};await on(w,o)(g.authorizationEndpoint,v)}catch(l){throw s(m.loginAsync_error,l),l}})()},hn=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),f=J(a).session_state,d=await E(s,n.configurationName);let l,h,y,_;if(d)await d.initAsync(c,"loginCallbackAsync",s),await d.setSessionStateAsync(f),h=await d.getNonceAsync(),y=d.getLoginParams(),_=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const S=O(n.configurationName,s.storage??sessionStorage);await S.setSessionStateAsync(f),h=await S.getNonceAsync(),y=S.getLoginParams(),_=await S.getStateAsync(),l=S}const g=J(a);if(g.error||g.error_description)throw new Error(`Error from OIDC server: ${g.error} - ${g.error_description}`);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`State not valid (expected: ${_}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},v={};if(s.token_request_extras)for(const[S,F]of Object.entries(s.token_request_extras))v[S]=F;if(y&&y.extras)for(const[S,F]of Object.entries(y.extras))S.endsWith(":token_request")&&(v[S.replace(":token_request","")]=F);const T=c.tokenEndpoint,j={};if(s.demonstrating_proof_of_possession){const S=await dn();d?await d.setDemonstratingProofOfPossessionJwkAsync(S):await O(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(S),j.DPoP=await Oe(S,"POST",T)}const p=await rn(l)(T,{...w,...v},j,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,I=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:W,reason:P}=ue(A,h.nonce,c);if(!W)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(I&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",s),k=d.getLoginParams(),I&&await d.setDemonstratingProofOfPossessionNonce(I);else{const S=O(n.configurationName,s.storage);k=S.getLoginParams(),I&&await S.setDemonstratingProofOfPossessionNonce(I)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,f,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Ee={access_token:"access_token",refresh_token:"refresh_token"},_n=n=>async e=>{V.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await E(n.configuration,n.configurationName);s?await s.clearAsync(e):await O(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},yn=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Ee.access_token)){const v=pe(s)(y,g,ie.access_token,c.client_id);_.push(v)}const w=n.tokens?n.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Ee.refresh_token)){const v=pe(s)(y,w,ie.refresh_token,c.client_id);_.push(v)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},gn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ne(n.tokens);)await D({milliseconds:200});if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(s);return n.userInfo=c,c};class B{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const kn=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),mn=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);c!=null&&c.length>2&&(r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:r}};function pn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const wn=()=>{const{name:n,version:e}=pn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=mn(navigator);return!kn(s)},Ie=()=>fetch;class ae{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const N={},An=(n,e=new B)=>(s,t="default")=>(N[t]||(N[t]=new R(s,t,n,e)),N[t]),vn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=M(n,e.refreshToken,e.expiresAt),{callbackPath:s}},Sn=n=>Math.floor(Math.random()*n),ce=class q{constructor(e,s="default",t,o=new B){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new B;const c=e.service_worker_update_require_callback??Ve(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??wn},this.getFetch=t??Ie,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(N,e)&&s)throw Error(`OIDC library does seem initialized.
2
+ Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return N[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await E(this.configuration,this.configurationName)?window.localStorage:null;return await sn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await E(t,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=M(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=O(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=Z(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=M(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Je(this,N,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ke(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=fn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(e),o=t.tokens;return this.tokens=o,await E(this.configuration,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await D({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await D({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?s:s+1;o||(o={});const u=this.configuration,f=(l,h,y=null)=>se(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,h,y),d=async()=>{try{let l;const h=await E(u,this.configurationName);h?l=h.getLoginParams():l=O(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(q.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:h,nonce:y}=await this.syncTokensInfoAsync(u,this.configurationName,this.tokens,t);switch(l){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(h),{tokens:h,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(h),this.publishEvent(q.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:h,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),!e)return await d();const _=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:_,redirect_uri:g,grant_type:"refresh_token",refresh_token:h.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,I=k.tokenEndpoint,W={};u.demonstrating_proof_of_possession&&(W.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken,I,"POST"));const P=await tn(this.getFetch())(I,p,T,h,W,u.token_renew_mode,A);if(P.success){const{isValid:S,reason:F}=ue(P.data,y.nonce,k);if(!S)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ce=await E(u,this.configurationName);Ce?await Ce.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await O(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(q.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await me(e)},r=await E(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=O(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Oe(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await E(e,s);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:l,status:y,nonce:_}}r=await a.getNonceAsync()}else{const d=O(s,e.storage??sessionStorage),{tokens:l,status:h}=await d.initAsync();if(l){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const _=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=U(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=vn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=gn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=ye(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await _n(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=yn(this,N,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};ce.getOrCreate=(n,e)=>(s,t="default")=>An(n,e)(s,t),ce.eventNames=m;let R=ce;const Tn=(n,e)=>async(...s)=>{var l;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await n(t,d,...i)},Q=class xe{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new xe(R.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return Re(this._oidc,e,s)}fetchWithTokens(e){return Tn(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};Q.getOrCreate=(n,e=new B)=>(s,t="default")=>new Q(R.getOrCreate(n,e)(s,t)),Q.eventNames=R.eventNames;let bn=Q;C.OidcClient=bn,C.OidcLocation=B,C.TokenRenewMode=G,C.getFetchDefault=Ie,C.getParseQueryStringFromLocation=J,C.getPath=an,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})});
package/dist/login.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../src/login.ts"],"names":[],"mappings":"AAUA,OAAO,EAAC,iBAAiB,EAAE,SAAS,EAAC,MAAM,YAAY,CAAC;AAExD,OAAO,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAG1C,eAAO,MAAM,iBAAiB,sBAAsB,MAAM,iBAAgB,iBAAiB,2CAA+B,IAAI,aAAY,QAAQ,gBAAgB,cAAc,qBAAmB,MAAM,WAAqB,SAAS,oCAAuC,MAAM,kBA4DnR,CAAC;AAEF,eAAO,MAAM,kBAAkB;;;;EA0I9B,CAAC"}
1
+ {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../src/login.ts"],"names":[],"mappings":"AAUA,OAAO,EAAC,iBAAiB,EAAE,SAAS,EAAC,MAAM,YAAY,CAAC;AAExD,OAAO,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAG1C,eAAO,MAAM,iBAAiB,sBAAsB,MAAM,iBAAgB,iBAAiB,2CAA+B,IAAI,aAAY,QAAQ,gBAAgB,cAAc,qBAAmB,MAAM,WAAqB,SAAS,oCAAuC,MAAM,kBA4DnR,CAAC;AAEF,eAAO,MAAM,kBAAkB;;;;EA8I9B,CAAC"}
package/dist/version.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- declare const _default: "7.13.11";
1
+ declare const _default: "7.13.12";
2
2
  export default _default;
3
3
  //# sourceMappingURL=version.d.ts.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client",
3
- "version": "7.13.11",
3
+ "version": "7.13.12",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
20
20
  "url": "https://github.com/AxaFrance/oidc-client.git"
21
21
  },
22
22
  "dependencies": {
23
- "@axa-fr/oidc-client-service-worker": "7.13.11"
23
+ "@axa-fr/oidc-client-service-worker": "7.13.12"
24
24
  },
25
25
  "devDependencies": {
26
26
  "@testing-library/dom": "^9.3.3",
package/src/login.ts CHANGED
@@ -110,13 +110,17 @@ export const loginCallbackAsync = (oidc) => async (isSilentSignin = false) => {
110
110
  }
111
111
 
112
112
  const params = getParseQueryStringFromLocation(href);
113
+
114
+ if(params.error || params.error_description) {
115
+ throw new Error(`Error from OIDC server: ${params.error} - ${params.error_description}`);
116
+ }
113
117
 
114
118
  if (params.iss && params.iss !== oidcServerConfiguration.issuer) {
115
119
  console.error();
116
- throw new Error(`issuer not valid (expected: ${oidcServerConfiguration.issuer}, received: ${params.iss})`);
120
+ throw new Error(`Issuer not valid (expected: ${oidcServerConfiguration.issuer}, received: ${params.iss})`);
117
121
  }
118
122
  if (params.state && params.state !== state) {
119
- throw new Error(`state not valid (expected: ${state}, received: ${params.state})`);
123
+ throw new Error(`State not valid (expected: ${state}, received: ${params.state})`);
120
124
  }
121
125
 
122
126
  const data = {
package/src/version.ts CHANGED
@@ -1 +1 @@
1
- export default '7.13.11';
1
+ export default '7.13.12';