@axa-fr/oidc-client 7.13.16-beta.1276 → 7.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +104 -89
- package/dist/index.umd.cjs +2 -2
- package/dist/jwt.d.ts.map +1 -1
- package/dist/parseTokens.d.ts +1 -0
- package/dist/parseTokens.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/jwt.ts +28 -25
- package/src/parseTokens.spec.ts +15 -1
- package/src/parseTokens.ts +3 -3
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
const
|
|
1
|
+
const L = console;
|
|
2
2
|
class Ee {
|
|
3
3
|
constructor(e, n, t, o = 2e3, i = !0) {
|
|
4
4
|
this._callback = e, this._client_id = n, this._url = t, this._interval = o || 2e3, this._stopOnError = i;
|
|
@@ -13,17 +13,17 @@ class Ee {
|
|
|
13
13
|
});
|
|
14
14
|
}
|
|
15
15
|
_message(e) {
|
|
16
|
-
e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (
|
|
16
|
+
e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (L.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? (L.debug(e), L.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : L.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
|
|
17
17
|
}
|
|
18
18
|
start(e) {
|
|
19
|
-
|
|
19
|
+
L.debug("CheckSessionIFrame.start :" + e), this.stop();
|
|
20
20
|
const n = () => {
|
|
21
21
|
this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
|
|
22
22
|
};
|
|
23
23
|
n(), this._timer = window.setInterval(n, this._interval);
|
|
24
24
|
}
|
|
25
25
|
stop() {
|
|
26
|
-
this._timer && (
|
|
26
|
+
this._timer && (L.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
29
|
const m = {
|
|
@@ -101,9 +101,9 @@ const m = {
|
|
|
101
101
|
setDemonstratingProofOfPossessionJwkAsync: a,
|
|
102
102
|
getDemonstratingProofOfPossessionJwkAsync: u
|
|
103
103
|
};
|
|
104
|
-
}, Ie = (s) => decodeURIComponent(Array.prototype.map.call(atob(s), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), Ce = (s) => JSON.parse(Ie(s.
|
|
104
|
+
}, Ie = (s) => decodeURIComponent(Array.prototype.map.call(atob(s), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), Ce = (s) => JSON.parse(Ie(s.replace(/-/g, "+").replace(/_/g, "/"))), ce = (s) => {
|
|
105
105
|
try {
|
|
106
|
-
return s && Ne(s, ".") === 2 ? Ce(s) : null;
|
|
106
|
+
return s && Ne(s, ".") === 2 ? Ce(s.split(".")[1]) : null;
|
|
107
107
|
} catch (e) {
|
|
108
108
|
console.warn(e);
|
|
109
109
|
}
|
|
@@ -121,13 +121,13 @@ function xe(s, e, n) {
|
|
|
121
121
|
return e && e.iat ? e.iat : n && n.iat ? n.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
|
|
122
122
|
return s.issuedAt;
|
|
123
123
|
}
|
|
124
|
-
const
|
|
124
|
+
const te = (s, e = null, n) => {
|
|
125
125
|
if (!s)
|
|
126
126
|
return null;
|
|
127
127
|
let t;
|
|
128
128
|
const o = typeof s.expiresIn == "string" ? parseInt(s.expiresIn, 10) : s.expiresIn;
|
|
129
|
-
s.accessTokenPayload !== void 0 ? t = s.accessTokenPayload : t =
|
|
130
|
-
const i = s.idTokenPayload ? s.idTokenPayload :
|
|
129
|
+
s.accessTokenPayload !== void 0 ? t = s.accessTokenPayload : t = ce(s.accessToken);
|
|
130
|
+
const i = s.idTokenPayload ? s.idTokenPayload : ce(s.idToken), r = i && i.exp ? i.exp : Number.MAX_VALUE, c = t && t.exp ? t.exp : s.issuedAt + o;
|
|
131
131
|
s.issuedAt = xe(s, t, i);
|
|
132
132
|
let a;
|
|
133
133
|
s.expiresAt ? a = s.expiresAt : n === z.access_token_invalid ? a = c : n === z.id_token_invalid ? a = r : a = r < c ? r : c;
|
|
@@ -137,7 +137,7 @@ const ie = (s, e = null, n) => {
|
|
|
137
137
|
return { ...u, refreshToken: f };
|
|
138
138
|
}
|
|
139
139
|
return u;
|
|
140
|
-
},
|
|
140
|
+
}, oe = (s, e, n) => {
|
|
141
141
|
if (!s)
|
|
142
142
|
return null;
|
|
143
143
|
if (!s.issued_at) {
|
|
@@ -152,11 +152,11 @@ const ie = (s, e = null, n) => {
|
|
|
152
152
|
tokenType: s.token_type,
|
|
153
153
|
issuedAt: s.issued_at
|
|
154
154
|
};
|
|
155
|
-
return "refresh_token" in s && (t.refreshToken = s.refresh_token), s.accessTokenPayload !== void 0 && (t.accessTokenPayload = s.accessTokenPayload), s.idTokenPayload !== void 0 && (t.idTokenPayload = s.idTokenPayload),
|
|
155
|
+
return "refresh_token" in s && (t.refreshToken = s.refresh_token), s.accessTokenPayload !== void 0 && (t.accessTokenPayload = s.accessTokenPayload), s.idTokenPayload !== void 0 && (t.idTokenPayload = s.idTokenPayload), te(t, e, n);
|
|
156
156
|
}, V = (s, e) => {
|
|
157
157
|
const n = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = e - n;
|
|
158
158
|
return Math.round(t - s);
|
|
159
|
-
}, Q = (s) => s ? V(0, s.expiresAt) > 0 : !1,
|
|
159
|
+
}, Q = (s) => s ? V(0, s.expiresAt) > 0 : !1, We = async (s, e = 200, n = 50) => {
|
|
160
160
|
let t = n;
|
|
161
161
|
if (!s.tokens)
|
|
162
162
|
return null;
|
|
@@ -167,7 +167,7 @@ const ie = (s, e = null, n) => {
|
|
|
167
167
|
tokens: s.tokens,
|
|
168
168
|
numberWaited: t - n
|
|
169
169
|
};
|
|
170
|
-
},
|
|
170
|
+
}, ke = (s, e, n) => {
|
|
171
171
|
if (s.idTokenPayload) {
|
|
172
172
|
const t = s.idTokenPayload;
|
|
173
173
|
if (n.issuer !== t.iss)
|
|
@@ -282,17 +282,17 @@ const ie = (s, e = null, n) => {
|
|
|
282
282
|
setInterval: r,
|
|
283
283
|
clearInterval: c
|
|
284
284
|
};
|
|
285
|
-
}(),
|
|
286
|
-
let
|
|
287
|
-
const R = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)),
|
|
285
|
+
}(), le = "7.14.0";
|
|
286
|
+
let ue = null, q;
|
|
287
|
+
const R = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), me = (s = "/") => {
|
|
288
288
|
try {
|
|
289
289
|
q = new AbortController(), fetch(`${s}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: q.signal }).catch((t) => {
|
|
290
290
|
console.log(t);
|
|
291
|
-
}), R({ milliseconds: 150 * 1e3 }).then(
|
|
291
|
+
}), R({ milliseconds: 150 * 1e3 }).then(me);
|
|
292
292
|
} catch (e) {
|
|
293
293
|
console.log(e);
|
|
294
294
|
}
|
|
295
|
-
},
|
|
295
|
+
}, Le = () => {
|
|
296
296
|
q && q.abort();
|
|
297
297
|
}, De = (s = "/") => fetch(`${s}OidcKeepAliveServiceWorker.json`, {
|
|
298
298
|
headers: {
|
|
@@ -333,9 +333,9 @@ const R = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), we =
|
|
|
333
333
|
},
|
|
334
334
|
configurationName: e
|
|
335
335
|
}), P = N.version;
|
|
336
|
-
return P !==
|
|
336
|
+
return P !== le && (console.warn(`Service worker ${P} version mismatch with js client version ${le}, unregistering and reloading`), await O.service_worker_update_require_callback(t, Le)), { tokens: oe(N.tokens, null, O.token_renew_mode), status: N.status };
|
|
337
337
|
}, r = (k = "/") => {
|
|
338
|
-
|
|
338
|
+
ue == null && (ue = "not_null", me(k));
|
|
339
339
|
}, c = (k) => b(t)({ type: "setSessionState", data: { sessionState: k }, configurationName: e }), a = async () => (await b(t)({ type: "getSessionState", data: null, configurationName: e })).sessionState, u = (k) => (sessionStorage[`oidc.nonce.${e}`] = k.nonce, b(t)({ type: "setNonce", data: { nonce: k }, configurationName: e })), f = async () => {
|
|
340
340
|
let A = (await b(t)({ type: "getNonce", data: null, configurationName: e })).nonce;
|
|
341
341
|
return A || (A = sessionStorage[`oidc.nonce.${e}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: A };
|
|
@@ -381,7 +381,7 @@ const R = ({ milliseconds: s }) => new Promise((e) => J.setTimeout(e, s)), we =
|
|
|
381
381
|
}
|
|
382
382
|
};
|
|
383
383
|
};
|
|
384
|
-
async function
|
|
384
|
+
async function de(s, e, n, t) {
|
|
385
385
|
const o = (a) => {
|
|
386
386
|
s.tokens = a;
|
|
387
387
|
}, { tokens: i, status: r } = await s.synchroniseTokensAsync(e, 0, n, t, o);
|
|
@@ -395,20 +395,20 @@ async function Re(s, e) {
|
|
|
395
395
|
} else {
|
|
396
396
|
const t = I(s.configurationName, e.storage ?? sessionStorage);
|
|
397
397
|
let { tokens: o } = await t.initAsync();
|
|
398
|
-
return o =
|
|
398
|
+
return o = te(o, s.tokens, e.token_renew_mode), o;
|
|
399
399
|
}
|
|
400
400
|
}
|
|
401
|
-
async function
|
|
401
|
+
async function pe(s, e, n = !1, t = null) {
|
|
402
402
|
const o = s.configuration, i = `${o.client_id}_${s.configurationName}_${o.authority}`;
|
|
403
403
|
let r;
|
|
404
404
|
const c = await E(s.configuration, s.configurationName);
|
|
405
|
-
return (o == null ? void 0 : o.storage) === (window == null ? void 0 : window.sessionStorage) && !c ? r = await
|
|
405
|
+
return (o == null ? void 0 : o.storage) === (window == null ? void 0 : window.sessionStorage) && !c ? r = await de(s, e, n, t) : r = await navigator.locks.request(i, { ifAvailable: !0 }, async (a) => a ? await de(s, e, n, t) : (s.publishEvent(K.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), await Re(s, o))), r ? (s.timeoutId && (s.timeoutId = M(s, r.refreshToken, s.tokens.expiresAt, t)), s.tokens) : null;
|
|
406
406
|
}
|
|
407
407
|
const M = (s, e, n, t = null) => {
|
|
408
408
|
const o = s.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
409
409
|
return J.setTimeout(async () => {
|
|
410
410
|
const r = { timeLeft: V(o, n) };
|
|
411
|
-
s.publishEvent(K.eventNames.token_timer, r), await
|
|
411
|
+
s.publishEvent(K.eventNames.token_timer, r), await pe(s, e, !1, t);
|
|
412
412
|
}, 1e3);
|
|
413
413
|
}, D = {
|
|
414
414
|
SESSION_LOST: "SESSION_LOST",
|
|
@@ -451,7 +451,7 @@ const M = (s, e, n, t = null) => {
|
|
|
451
451
|
}
|
|
452
452
|
const f = V(e.refresh_time_before_tokens_expiration_in_second, t.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
|
|
453
453
|
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status: f, nonce: r };
|
|
454
|
-
},
|
|
454
|
+
}, ie = (s, e, n) => (t = null, o = null, i = null) => {
|
|
455
455
|
if (!e.silent_redirect_uri || !e.silent_login_uri)
|
|
456
456
|
return Promise.resolve(null);
|
|
457
457
|
try {
|
|
@@ -491,7 +491,7 @@ const M = (s, e, n, t = null) => {
|
|
|
491
491
|
}
|
|
492
492
|
}, Ue = (s, e, n, t, o) => (i = null, r = void 0) => {
|
|
493
493
|
i = { ...i };
|
|
494
|
-
const c = (u, f, d) =>
|
|
494
|
+
const c = (u, f, d) => ie(e, n, t.bind(o))(u, f, d);
|
|
495
495
|
return (async () => {
|
|
496
496
|
o.timeoutId && J.clearTimeout(o.timeoutId);
|
|
497
497
|
let u;
|
|
@@ -508,7 +508,7 @@ const M = (s, e, n, t = null) => {
|
|
|
508
508
|
}
|
|
509
509
|
})();
|
|
510
510
|
}, Fe = (s, e, n) => (t, o, i, r = !1) => {
|
|
511
|
-
const c = (a, u = void 0, f = void 0) =>
|
|
511
|
+
const c = (a, u = void 0, f = void 0) => ie(s.configurationName, n, s.publishEvent.bind(s))(a, u, f);
|
|
512
512
|
return new Promise((a, u) => {
|
|
513
513
|
if (n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && t && i && !r) {
|
|
514
514
|
const f = () => {
|
|
@@ -543,9 +543,9 @@ const M = (s, e, n, t = null) => {
|
|
|
543
543
|
a(null);
|
|
544
544
|
});
|
|
545
545
|
};
|
|
546
|
-
var Ve = He, C = [],
|
|
547
|
-
for (var H = 0, Me =
|
|
548
|
-
C[H] =
|
|
546
|
+
var Ve = He, C = [], fe = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
|
547
|
+
for (var H = 0, Me = fe.length; H < Me; ++H)
|
|
548
|
+
C[H] = fe[H];
|
|
549
549
|
function Je(s) {
|
|
550
550
|
return C[s >> 18 & 63] + C[s >> 12 & 63] + C[s >> 6 & 63] + C[s & 63];
|
|
551
551
|
}
|
|
@@ -563,7 +563,7 @@ function He(s) {
|
|
|
563
563
|
C[e >> 10] + C[e >> 4 & 63] + C[e << 2 & 63] + "="
|
|
564
564
|
)), o.join("");
|
|
565
565
|
}
|
|
566
|
-
const
|
|
566
|
+
const we = () => {
|
|
567
567
|
const s = typeof window < "u" && !!window.crypto, e = s && !!window.crypto.subtle;
|
|
568
568
|
return { hasCrypto: s, hasSubtleCrypto: e };
|
|
569
569
|
}, Z = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", qe = (s) => {
|
|
@@ -574,7 +574,7 @@ const Se = () => {
|
|
|
574
574
|
}
|
|
575
575
|
return e.join("");
|
|
576
576
|
}, je = (s) => Ve(new Uint8Array(s)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, ""), ee = (s) => {
|
|
577
|
-
const e = new Uint8Array(s), { hasCrypto: n } =
|
|
577
|
+
const e = new Uint8Array(s), { hasCrypto: n } = we();
|
|
578
578
|
if (n)
|
|
579
579
|
window.crypto.getRandomValues(e);
|
|
580
580
|
else
|
|
@@ -588,7 +588,7 @@ function Ge(s) {
|
|
|
588
588
|
n[t] = s.charCodeAt(t);
|
|
589
589
|
return n;
|
|
590
590
|
}
|
|
591
|
-
function
|
|
591
|
+
function Ae(s) {
|
|
592
592
|
return new Promise((e, n) => {
|
|
593
593
|
crypto.subtle.digest("SHA-256", Ge(s)).then((t) => e(je(new Uint8Array(t))), (t) => n(t));
|
|
594
594
|
});
|
|
@@ -596,8 +596,8 @@ function ve(s) {
|
|
|
596
596
|
const Ye = (s) => {
|
|
597
597
|
if (s.length < 43 || s.length > 128)
|
|
598
598
|
return Promise.reject(new Error("Invalid code length."));
|
|
599
|
-
const { hasSubtleCrypto: e } =
|
|
600
|
-
return e ?
|
|
599
|
+
const { hasSubtleCrypto: e } = we();
|
|
600
|
+
return e ? Ae(s) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
|
|
601
601
|
}, $ = {}, Xe = (s, e = window.sessionStorage, n) => {
|
|
602
602
|
if (!$[s] && e) {
|
|
603
603
|
const o = e.getItem(s);
|
|
@@ -611,12 +611,12 @@ const Ye = (s) => {
|
|
|
611
611
|
}, Qe = 60 * 60, Ze = (s) => async (e, n = Qe, t = window.sessionStorage, o = 1e4) => {
|
|
612
612
|
const i = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, c = Xe(r, t, n);
|
|
613
613
|
if (c)
|
|
614
|
-
return new
|
|
614
|
+
return new ne(c);
|
|
615
615
|
const a = await B(s)(i, {}, o);
|
|
616
616
|
if (a.status !== 200)
|
|
617
617
|
return null;
|
|
618
618
|
const u = await a.json();
|
|
619
|
-
return ze(r, u, t), new
|
|
619
|
+
return ze(r, u, t), new ne(u);
|
|
620
620
|
}, B = (s) => async (e, n = {}, t = 1e4, o = 0) => {
|
|
621
621
|
let i;
|
|
622
622
|
try {
|
|
@@ -634,7 +634,7 @@ const Ye = (s) => {
|
|
|
634
634
|
}, se = {
|
|
635
635
|
refresh_token: "refresh_token",
|
|
636
636
|
access_token: "access_token"
|
|
637
|
-
},
|
|
637
|
+
}, _e = (s) => async (e, n, t = se.refresh_token, o, i = 1e4) => {
|
|
638
638
|
const r = {
|
|
639
639
|
token: n,
|
|
640
640
|
token_type_hint: t,
|
|
@@ -676,7 +676,7 @@ const Ye = (s) => {
|
|
|
676
676
|
let l = null;
|
|
677
677
|
return f.headers.has(j) && (l = f.headers.get(j)), {
|
|
678
678
|
success: !0,
|
|
679
|
-
data:
|
|
679
|
+
data: oe(d, o, r),
|
|
680
680
|
demonstratingProofOfPossessionNonce: l
|
|
681
681
|
};
|
|
682
682
|
}, ss = (s, e) => async (n, t) => {
|
|
@@ -712,11 +712,11 @@ const Ye = (s) => {
|
|
|
712
712
|
success: !0,
|
|
713
713
|
data: {
|
|
714
714
|
state: n.state,
|
|
715
|
-
tokens:
|
|
715
|
+
tokens: oe(f, null, o),
|
|
716
716
|
demonstratingProofOfPossessionNonce: u
|
|
717
717
|
}
|
|
718
718
|
};
|
|
719
|
-
},
|
|
719
|
+
}, Se = (s) => {
|
|
720
720
|
const e = s.match(
|
|
721
721
|
// eslint-disable-next-line no-useless-escape
|
|
722
722
|
/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
|
|
@@ -739,13 +739,13 @@ const Ye = (s) => {
|
|
|
739
739
|
hash: t
|
|
740
740
|
};
|
|
741
741
|
}, Cs = (s) => {
|
|
742
|
-
const e =
|
|
742
|
+
const e = Se(s);
|
|
743
743
|
let { path: n } = e;
|
|
744
744
|
n.endsWith("/") && (n = n.slice(0, -1));
|
|
745
745
|
let { hash: t } = e;
|
|
746
746
|
return t === "#_=_" && (t = ""), t && (n += t), n;
|
|
747
747
|
}, G = (s) => {
|
|
748
|
-
const e =
|
|
748
|
+
const e = Se(s), { search: n } = e;
|
|
749
749
|
return ts(n);
|
|
750
750
|
}, ts = (s) => {
|
|
751
751
|
const e = {};
|
|
@@ -755,10 +755,10 @@ const Ye = (s) => {
|
|
|
755
755
|
n = i[t].split("="), e[decodeURIComponent(n[0])] = decodeURIComponent(n[1]);
|
|
756
756
|
return e;
|
|
757
757
|
};
|
|
758
|
-
function
|
|
758
|
+
function ve(s) {
|
|
759
759
|
return new TextEncoder().encode(s);
|
|
760
760
|
}
|
|
761
|
-
function
|
|
761
|
+
function Te(s) {
|
|
762
762
|
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
|
|
763
763
|
}
|
|
764
764
|
function os(s) {
|
|
@@ -766,14 +766,14 @@ function os(s) {
|
|
|
766
766
|
return String.fromCharCode(parseInt(o, 16));
|
|
767
767
|
});
|
|
768
768
|
}
|
|
769
|
-
function
|
|
769
|
+
function be(s) {
|
|
770
770
|
let e = "";
|
|
771
771
|
return s.forEach(function(n) {
|
|
772
772
|
e += String.fromCharCode(n);
|
|
773
|
-
}),
|
|
773
|
+
}), Te(e);
|
|
774
774
|
}
|
|
775
|
-
function
|
|
776
|
-
return
|
|
775
|
+
function he(s) {
|
|
776
|
+
return Te(os(s));
|
|
777
777
|
}
|
|
778
778
|
const is = {
|
|
779
779
|
importKeyAlgorithm: {
|
|
@@ -789,16 +789,25 @@ const is = {
|
|
|
789
789
|
digestAlgorithm: { name: "SHA-256" },
|
|
790
790
|
jwtHeaderAlgorithm: "ES256"
|
|
791
791
|
}, rs = async (s, e, n, t, o = "dpop+jwt") => {
|
|
792
|
-
s = Object.assign({}, s), e.typ = o, e.alg = t.jwtHeaderAlgorithm, e.alg
|
|
792
|
+
switch (s = Object.assign({}, s), e.typ = o, e.alg = t.jwtHeaderAlgorithm, e.alg) {
|
|
793
|
+
case "ES256":
|
|
794
|
+
e.jwk = { kty: s.kty, crv: s.crv, x: s.x, y: s.y };
|
|
795
|
+
break;
|
|
796
|
+
case "RS256":
|
|
797
|
+
e.jwk = { kty: s.kty, n: s.n, e: s.e, kid: e.kid };
|
|
798
|
+
break;
|
|
799
|
+
default:
|
|
800
|
+
throw new Error("Unknown or not implemented JWS algorithm");
|
|
801
|
+
}
|
|
793
802
|
const i = {
|
|
794
803
|
// @ts-ignore
|
|
795
804
|
// JWT "headers" really means JWS "protected headers"
|
|
796
|
-
protected:
|
|
805
|
+
protected: he(JSON.stringify(e)),
|
|
797
806
|
// @ts-ignore
|
|
798
807
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
799
|
-
payload:
|
|
800
|
-
}, r = t.importKeyAlgorithm, c = !0, a = ["sign"], u = await window.crypto.subtle.importKey("jwk", s, r, c, a), f =
|
|
801
|
-
return i.signature =
|
|
808
|
+
payload: he(JSON.stringify(n))
|
|
809
|
+
}, r = t.importKeyAlgorithm, c = !0, a = ["sign"], u = await window.crypto.subtle.importKey("jwk", s, r, c, a), f = ve(`${i.protected}.${i.payload}`), d = t.signAlgorithm, l = await window.crypto.subtle.sign(d, u, f);
|
|
810
|
+
return i.signature = be(new Uint8Array(l)), `${i.protected}.${i.payload}.${i.signature}`;
|
|
802
811
|
};
|
|
803
812
|
var as = { sign: rs };
|
|
804
813
|
const cs = async (s) => {
|
|
@@ -807,22 +816,28 @@ const cs = async (s) => {
|
|
|
807
816
|
}, ls = (s) => {
|
|
808
817
|
const e = Object.assign({}, s);
|
|
809
818
|
return delete e.d, e.key_ops = ["verify"], e;
|
|
810
|
-
},
|
|
819
|
+
}, ye = {
|
|
811
820
|
generate: cs,
|
|
812
821
|
neuter: ls
|
|
813
822
|
}, us = async (s, e) => {
|
|
814
|
-
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
819
|
-
|
|
823
|
+
let n;
|
|
824
|
+
switch (s.kty) {
|
|
825
|
+
case "EC":
|
|
826
|
+
n = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", s.crv).replace("X", s.x).replace("Y", s.y);
|
|
827
|
+
break;
|
|
828
|
+
case "RSA":
|
|
829
|
+
n = '{"e":"E","kty":"RSA","n":"N"}'.replace("E", s.e).replace("N", s.n);
|
|
830
|
+
break;
|
|
831
|
+
default:
|
|
832
|
+
throw new Error("Unknown or not implemented JWK type");
|
|
820
833
|
}
|
|
834
|
+
const t = await window.crypto.subtle.digest(e, ve(n));
|
|
835
|
+
return be(new Uint8Array(t));
|
|
821
836
|
};
|
|
822
837
|
var ds = { thumbprint: us };
|
|
823
838
|
const fs = async (s) => {
|
|
824
|
-
const e = await
|
|
825
|
-
return console.info("Private Key:", JSON.stringify(e)), console.info("Public Key:", JSON.stringify(
|
|
839
|
+
const e = await ye.generate(s);
|
|
840
|
+
return console.info("Private Key:", JSON.stringify(e)), console.info("Public Key:", JSON.stringify(ye.neuter(e))), e;
|
|
826
841
|
}, Pe = (s) => async (e, n = "POST", t, o = {}) => {
|
|
827
842
|
const i = {
|
|
828
843
|
// https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
|
|
@@ -896,11 +911,11 @@ const fs = async (s) => {
|
|
|
896
911
|
redirect_uri: o
|
|
897
912
|
}, S = {};
|
|
898
913
|
if (n.token_request_extras)
|
|
899
|
-
for (const [v,
|
|
900
|
-
S[v] =
|
|
914
|
+
for (const [v, W] of Object.entries(n.token_request_extras))
|
|
915
|
+
S[v] = W;
|
|
901
916
|
if (y && y.extras)
|
|
902
|
-
for (const [v,
|
|
903
|
-
v.endsWith(":token_request") && (S[v.replace(":token_request", "")] =
|
|
917
|
+
for (const [v, W] of Object.entries(y.extras))
|
|
918
|
+
v.endsWith(":token_request") && (S[v.replace(":token_request", "")] = W);
|
|
904
919
|
const T = c.tokenEndpoint, U = {};
|
|
905
920
|
if (n.demonstrating_proof_of_possession) {
|
|
906
921
|
const v = await fs(n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
|
|
@@ -919,7 +934,7 @@ const fs = async (s) => {
|
|
|
919
934
|
const A = p.data.tokens, O = p.data.demonstratingProofOfPossessionNonce;
|
|
920
935
|
if (p.data.state !== S.state)
|
|
921
936
|
throw new Error("state is not valid");
|
|
922
|
-
const { isValid: N, reason: P } =
|
|
937
|
+
const { isValid: N, reason: P } = ke(A, _.nonce, c);
|
|
923
938
|
if (!N)
|
|
924
939
|
throw new Error(`Tokens are not OpenID valid, reason: ${P}`);
|
|
925
940
|
if (d) {
|
|
@@ -942,7 +957,7 @@ const fs = async (s) => {
|
|
|
942
957
|
} catch (n) {
|
|
943
958
|
throw console.error(n), s.publishEvent(m.loginCallbackAsync_error, n), n;
|
|
944
959
|
}
|
|
945
|
-
},
|
|
960
|
+
}, ge = {
|
|
946
961
|
access_token: "access_token",
|
|
947
962
|
refresh_token: "refresh_token"
|
|
948
963
|
}, gs = (s) => async (e) => {
|
|
@@ -960,13 +975,13 @@ const fs = async (s) => {
|
|
|
960
975
|
const y = a.revocationEndpoint;
|
|
961
976
|
if (y) {
|
|
962
977
|
const h = [], g = s.tokens ? s.tokens.accessToken : null;
|
|
963
|
-
if (g && c.logout_tokens_to_invalidate.includes(
|
|
964
|
-
const S =
|
|
978
|
+
if (g && c.logout_tokens_to_invalidate.includes(ge.access_token)) {
|
|
979
|
+
const S = _e(n)(y, g, se.access_token, c.client_id);
|
|
965
980
|
h.push(S);
|
|
966
981
|
}
|
|
967
982
|
const w = s.tokens ? s.tokens.refreshToken : null;
|
|
968
|
-
if (w && c.logout_tokens_to_invalidate.includes(
|
|
969
|
-
const S =
|
|
983
|
+
if (w && c.logout_tokens_to_invalidate.includes(ge.refresh_token)) {
|
|
984
|
+
const S = _e(n)(y, w, se.refresh_token, c.client_id);
|
|
970
985
|
h.push(S);
|
|
971
986
|
}
|
|
972
987
|
h.length > 0 && await Promise.all(h);
|
|
@@ -1137,7 +1152,7 @@ const Ss = () => {
|
|
|
1137
1152
|
});
|
|
1138
1153
|
const o = I(s.configurationName, n.storage ?? sessionStorage), { tokens: i } = await o.initAsync();
|
|
1139
1154
|
if (i) {
|
|
1140
|
-
s.tokens =
|
|
1155
|
+
s.tokens = te(i, null, n.token_renew_mode);
|
|
1141
1156
|
const r = o.getLoginParams();
|
|
1142
1157
|
s.timeoutId = M(s, i.refreshToken, s.tokens.expiresAt, r.extras);
|
|
1143
1158
|
const c = await o.getSessionStateAsync();
|
|
@@ -1155,7 +1170,7 @@ const Ss = () => {
|
|
|
1155
1170
|
return console.error(n), e && await e.clearAsync(), s.publishEvent(m.tryKeepExistingSessionAsync_error, "tokens inside ServiceWorker are invalid"), !1;
|
|
1156
1171
|
}
|
|
1157
1172
|
}, Ts = () => fetch;
|
|
1158
|
-
class
|
|
1173
|
+
class ne {
|
|
1159
1174
|
constructor(e) {
|
|
1160
1175
|
this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
|
|
1161
1176
|
}
|
|
@@ -1163,7 +1178,7 @@ class oe {
|
|
|
1163
1178
|
const x = {}, bs = (s, e = new Y()) => (n, t = "default") => (x[t] || (x[t] = new K(n, t, s, e)), x[t]), Ps = async (s) => {
|
|
1164
1179
|
const { parsedTokens: e, callbackPath: n } = await s.loginCallbackAsync();
|
|
1165
1180
|
return s.timeoutId = M(s, e.refreshToken, e.expiresAt), { callbackPath: n };
|
|
1166
|
-
}, Os = (s) => Math.floor(Math.random() * s),
|
|
1181
|
+
}, Os = (s) => Math.floor(Math.random() * s), re = class F {
|
|
1167
1182
|
constructor(e, n = "default", t, o = new Y()) {
|
|
1168
1183
|
this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
|
|
1169
1184
|
let i = e.silent_login_uri;
|
|
@@ -1230,7 +1245,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1230
1245
|
return this.initPromise;
|
|
1231
1246
|
const t = async () => {
|
|
1232
1247
|
if (n != null)
|
|
1233
|
-
return new
|
|
1248
|
+
return new ne({
|
|
1234
1249
|
authorization_endpoint: n.authorization_endpoint,
|
|
1235
1250
|
end_session_endpoint: n.end_session_endpoint,
|
|
1236
1251
|
revocation_endpoint: n.revocation_endpoint,
|
|
@@ -1270,7 +1285,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1270
1285
|
await R({ milliseconds: 1e3 }), r--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
|
|
1271
1286
|
const a = document.hidden ? n : n + 1;
|
|
1272
1287
|
o || (o = {});
|
|
1273
|
-
const u = this.configuration, f = (l, _, y = null) =>
|
|
1288
|
+
const u = this.configuration, f = (l, _, y = null) => ie(this.configurationName, this.configuration, this.publishEvent.bind(this))(l, _, y), d = async () => {
|
|
1274
1289
|
try {
|
|
1275
1290
|
let l;
|
|
1276
1291
|
const _ = await E(u, this.configurationName);
|
|
@@ -1329,12 +1344,12 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1329
1344
|
A
|
|
1330
1345
|
);
|
|
1331
1346
|
if (P.success) {
|
|
1332
|
-
const { isValid: v, reason:
|
|
1347
|
+
const { isValid: v, reason: W } = ke(P.data, y.nonce, k);
|
|
1333
1348
|
if (!v)
|
|
1334
|
-
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${
|
|
1349
|
+
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${W}` }), { tokens: null, status: "SESSION_LOST" };
|
|
1335
1350
|
if (i(P.data), P.demonstratingProofOfPossessionNonce) {
|
|
1336
|
-
const
|
|
1337
|
-
|
|
1351
|
+
const ae = await E(u, this.configurationName);
|
|
1352
|
+
ae ? await ae.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce) : await I(this.configurationName, u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce);
|
|
1338
1353
|
}
|
|
1339
1354
|
return this.publishEvent(m.refreshTokensAsync_end, { success: P.success }), this.publishEvent(F.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: P.data, status: "LOGGED_IN" };
|
|
1340
1355
|
} else
|
|
@@ -1350,7 +1365,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1350
1365
|
}
|
|
1351
1366
|
}
|
|
1352
1367
|
async generateDemonstrationOfProofOfPossessionAsync(e, n, t) {
|
|
1353
|
-
const o = this.configuration, i = { ath: await
|
|
1368
|
+
const o = this.configuration, i = { ath: await Ae(e) }, r = await E(o, this.configurationName);
|
|
1354
1369
|
let c, a;
|
|
1355
1370
|
if (r)
|
|
1356
1371
|
c = await r.getDemonstratingProofOfPossessionNonce(), a = await r.getDemonstratingProofOfPossessionJwkAsync();
|
|
@@ -1370,7 +1385,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1370
1385
|
if (this.renewTokensPromise !== null)
|
|
1371
1386
|
return this.renewTokensPromise;
|
|
1372
1387
|
if (this.timeoutId)
|
|
1373
|
-
return J.clearTimeout(this.timeoutId), this.renewTokensPromise =
|
|
1388
|
+
return J.clearTimeout(this.timeoutId), this.renewTokensPromise = pe(this, this.tokens.refreshToken, !0, e), this.renewTokensPromise.then((n) => (this.renewTokensPromise = null, n));
|
|
1374
1389
|
}
|
|
1375
1390
|
async destroyAsync(e) {
|
|
1376
1391
|
return await gs(this)(e);
|
|
@@ -1385,9 +1400,9 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1385
1400
|
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = ks(this, x, this.getFetch(), console, this.location)(e, n), this.logoutPromise.then((t) => (this.logoutPromise = null, t)));
|
|
1386
1401
|
}
|
|
1387
1402
|
};
|
|
1388
|
-
|
|
1389
|
-
|
|
1390
|
-
let K =
|
|
1403
|
+
re.getOrCreate = (s, e) => (n, t = "default") => bs(s, e)(n, t);
|
|
1404
|
+
re.eventNames = m;
|
|
1405
|
+
let K = re;
|
|
1391
1406
|
const Es = (s, e) => async (...n) => {
|
|
1392
1407
|
var l;
|
|
1393
1408
|
const [t, o, ...i] = n, r = o ? { ...o } : { method: "GET" };
|
|
@@ -1448,7 +1463,7 @@ const Es = (s, e) => async (...n) => {
|
|
|
1448
1463
|
return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e, n, t);
|
|
1449
1464
|
}
|
|
1450
1465
|
async getValidTokenAsync(e = 200, n = 50) {
|
|
1451
|
-
return
|
|
1466
|
+
return We(this._oidc, e, n);
|
|
1452
1467
|
}
|
|
1453
1468
|
fetchWithTokens(e) {
|
|
1454
1469
|
return Es(e, this);
|
package/dist/index.umd.cjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(C,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(C=typeof globalThis<"u"?globalThis:C||self,G(C["oidc-client"]={}))})(this,function(C){"use strict";const W=console;class Ne{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(W.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(W.debug(e),W.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):W.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){W.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(W.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},O=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${n}`]),f=async()=>({nonce:e[`oidc.nonce.${n}`]}),d=async p=>{e[`oidc.dpop_nonce.${n}`]=p},l=()=>e[`oidc.dpop_nonce.${n}`],_=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:_,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},xe=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=n=>JSON.parse(xe(n.split(".")[1].replace("-","+").replace("_","/"))),de=n=>{try{return n&&We(n,".")===2?Le(n):null}catch(e){console.warn(e)}return null},We=(n,e)=>n.split(e).length-1,Y={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function De(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const ee=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=de(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:de(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=De(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===Y.access_token_invalid?a=c:s===Y.id_token_invalid?a=r:a=r<c?r:c;const u={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},ne=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),ee(t,e,s)},U=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},se=n=>n?U(0,n.expiresAt)>0:!1,$e=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!se(n.tokens)&&t>0;)await D({milliseconds:e}),t=t-1;return{isTokensValid:se(n.tokens),tokens:n.tokens,numberWaited:t-s}},fe=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},V=function(){const n=function(){let a,u;const f=(function(){const l={},_={setTimeout:function(h,g,w){l[g]=setTimeout(function(){h.postMessage(g),l[g]=null},w)},setInterval:function(h,g,w){l[g]=setInterval(function(){h.postMessage(g)},w)},clearTimeout:function(h,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(h,g){clearInterval(l[g]),l[g]=null}};function y(h,g){const w=g.data[0],S=g.data[1],T=g.data[2];_[w]&&_[w](h,S,T)}this.onmessage=function(h){y(self,h)},this.onconnect=function(h){const g=h.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const u=a.data,f=s[u];if(f){f(),s[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return n.postMessage(["setTimeout",f,u]),s[f]=a,f}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,u){const f=e();return n.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),_e="7.13.16-beta.1276";let he=null,X;const D=({milliseconds:n})=>new Promise(e=>V.setTimeout(e,n)),ye=(n="/")=>{try{X=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),D({milliseconds:150*1e3}).then(ye)}catch(e){console.log(e)}},Re=()=>{X&&X.abort()},Ke=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Fe=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await D({milliseconds:2e3}),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),E=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;let t=null;n.register?t=await n.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,I)=>{const L=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:I.token_renew_mode,service_worker_convert_all_requests_to_cors:I.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=L.version;return P!==_e&&(console.warn(`Service worker ${P} version mismatch with js client version ${_e}, unregistering and reloading`),await I.service_worker_update_require_callback(t,Re)),{tokens:ne(L.tokens,null,I.token_renew_mode),status:L.status}},r=(k="/")=>{he==null&&(he="not_null",ye(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ke(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function ge(n,e,s,t){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);return await E(n.configuration,n.configurationName)||await O(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?i:(await n.destroyAsync(r),null)}async function Ue(n,e){const s=await E(e,n.configurationName);if(s){const t=await n.initAsync(e.authority,e.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",e);return o}else{const t=O(n.configurationName,e.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=ee(o,n.tokens,e.token_renew_mode),o}}async function ke(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`;let r;const c=await E(n.configuration,n.configurationName);return(o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!c?r=await ge(n,e,s,t):r=await navigator.locks.request(i,{ifAvailable:!0},async a=>a?await ge(n,e,s,t):(n.publishEvent(K.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Ue(n,o))),r?(n.timeoutId&&(n.timeoutId=M(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const M=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const r={timeLeft:U(o,s)};n.publishEvent(K.eventNames.token_timer,r),await ke(n,e,!1,t)},1e3)},$={SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},Ve=n=>async(e,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await n.initAsync(e.authority,e.authority_configuration),a=await E(e,s);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",h=await a.getNonceAsync();return{tokens:l,status:y,nonce:h}}r=await a.getNonceAsync()}else{const d=O(s,e.storage??sessionStorage),{tokens:l,status:_}=await d.initAsync();if(l){if(_==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const h=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:h,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=U(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}},te=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${n}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let _=!1;window.onmessage=h=>{if(h.origin===u&&h.source===f.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,S=h.data;if(S&&typeof S=="string"&&!_){if(S.startsWith(g)){const T=JSON.parse(h.data.replace(g,""));s(m.silentLoginAsync_end,{}),f.remove(),_=!0,d(T)}else if(S.startsWith(w)){const T=JSON.parse(h.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),_=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{_||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),_=!0,l(new Error("timeout")))},y)}catch(_){f.remove(),s(m.silentLoginAsync_error,_),l(_)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Me=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>te(e,s,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=M(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Je=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>te(n.configurationName,s,n.publishEvent.bind(n))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{n.checkSessionIFrame.stop();const d=n.tokens;if(d===null)return;const l=d.idToken,_=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:s.scope||"openid"}).then(y=>{const h=y.tokens.idTokenPayload;if(_.sub===h.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),_.sid===h.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",h.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[h,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,_.sub)})};n.checkSessionIFrame=new Ne(f,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Be=Ge,N=[],me="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",z=0,He=me.length;z<He;++z)N[z]=me[z];function je(n){return N[n>>18&63]+N[n>>12&63]+N[n>>6&63]+N[n&63]}function qe(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(je(t));return o.join("")}function Ge(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(qe(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(N[e>>2]+N[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(N[e>>10]+N[e>>4&63]+N[e<<2&63]+"=")),o.join("")}const pe=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ye=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%oe.length;e.push(oe[t])}return e.join("")},Xe=n=>Be(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),ie=n=>{const e=new Uint8Array(n),{hasCrypto:s}=pe();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*oe.length|0;return Ye(e)};function ze(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function we(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",ze(n)).then(t=>e(Xe(new Uint8Array(t))),t=>s(t))})}const Qe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=pe();return e?we(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},R={},Ze=(n,e=window.sessionStorage,s)=>{if(!R[n]&&e){const o=e.getItem(n);o&&(R[n]=JSON.parse(o))}const t=1e3*s;return R[n]&&R[n].timestamp+t>Date.now()?R[n].result:null},en=(n,e,s=window.sessionStorage)=>{const t=Date.now();R[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},nn=60*60,sn=n=>async(e,s=nn,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Ze(r,t,s);if(c)return new le(c);const a=await J(n)(i,{},o);if(a.status!==200)return null;const u=await a.json();return en(r,u,t),new le(u)},J=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},re={refresh_token:"refresh_token",access_token:"access_token"},Ae=n=>async(e,s,t=re.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await J(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},tn=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[_,y]of Object.entries(t))s[_]===void 0&&(s[_]=y);const a=[];for(const _ in s){const y=encodeURIComponent(_),h=encodeURIComponent(s[_]);a.push(`${y}=${h}`)}const u=a.join("&"),f=await J(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(Q)&&(l=f.headers.get(Q)),{success:!0,data:ne(d,o,r),demonstratingProofOfPossessionNonce:l}},on=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=ie(128),i=await Qe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},Q="DPoP-Nonce",rn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const d in s){const l=encodeURIComponent(d),_=encodeURIComponent(s[d]);r.push(`${l}=${_}`)}const c=r.join("&"),a=await J(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(Q)&&(u=a.headers.get(Q));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ne(f,null,o),demonstratingProofOfPossessionNonce:u}}},Se=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},an=n=>{const e=Se(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},B=n=>{const e=Se(n),{search:s}=e;return cn(s)},cn=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function ae(n){return new TextEncoder().encode(n)}function ve(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function ln(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function ce(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),ve(e)}function Te(n){return ve(ln(n))}const un={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var dn={sign:async(n,e,s,t,o="dpop+jwt")=>{n=Object.assign({},n),e.typ=o,e.alg=t.jwtHeaderAlgorithm,e.alg==="ES256"?e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y}:e.alg==="RS256"&&(e.jwk={kty:n.kty,n:n.n,e:n.e,kid:e.kid});const i={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(s))},r=t.importKeyAlgorithm,c=!0,a=["sign"],u=await window.crypto.subtle.importKey("jwk",n,r,c,a),f=ae(`${i.protected}.${i.payload}`),d=t.signAlgorithm,l=await window.crypto.subtle.sign(d,u,f);return i.signature=ce(new Uint8Array(l)),`${i.protected}.${i.payload}.${i.signature}`}};const be={generate:async n=>{const e=n,s=!0,t=["sign","verify"],o=await window.crypto.subtle.generateKey(e,s,t);return await window.crypto.subtle.exportKey("jwk",o.privateKey)},neuter:n=>{const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e}};var fn={thumbprint:async(n,e)=>{if(n.kty=="EC"){const s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y),t=await window.crypto.subtle.digest(e,ae(s));return ce(new Uint8Array(t))}else if(n.kty=="RSA"){const s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n),t=await window.crypto.subtle.digest(e,ae(s));return ce(new Uint8Array(t))}}};const _n=async n=>{const e=await be.generate(n);return console.info("Private Key:",JSON.stringify(e)),console.info("Public Key:",JSON.stringify(be.neuter(e))),e},Pe=n=>async(e,s="POST",t,o={})=>{const i={jti:btoa(hn()),htm:s,htu:t,iat:Math.round(Date.now()/1e3),...o},r=await fn.thumbprint(e,n.digestAlgorithm);return await dn.sign(e,{kid:r},i,n)},hn=()=>{const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},yn=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=ie(16)),s(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const _=e.extras?{...e.extras,...r}:r;_.nonce||(_.nonce=ie(12));const y={nonce:_.nonce},h=await E(e,n),g=await t(e.authority,e.authority_configuration);let w;if(h)h.setLoginParams({callbackPath:d,extras:u}),await h.initAsync(g,"loginAsync",e),await h.setNonceAsync(y),h.startKeepAliveServiceWorker(),w=h;else{const T=O(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const S={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",..._};await on(w,o)(g.authorizationEndpoint,S)}catch(l){throw s(m.loginAsync_error,l),l}})()},gn=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),f=B(a).session_state,d=await E(s,n.configurationName);let l,_,y,h;if(d)await d.initAsync(c,"loginCallbackAsync",s),await d.setSessionStateAsync(f),_=await d.getNonceAsync(),y=d.getLoginParams(),h=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const v=O(n.configurationName,s.storage??sessionStorage);await v.setSessionStateAsync(f),_=await v.getNonceAsync(),y=v.getLoginParams(),h=await v.getStateAsync(),l=v}const g=B(a);if(g.error||g.error_description)throw new Error(`Error from OIDC server: ${g.error} - ${g.error_description}`);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==h)throw new Error(`State not valid (expected: ${h}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},S={};if(s.token_request_extras)for(const[v,F]of Object.entries(s.token_request_extras))S[v]=F;if(y&&y.extras)for(const[v,F]of Object.entries(y.extras))v.endsWith(":token_request")&&(S[v.replace(":token_request","")]=F);const T=c.tokenEndpoint,j={};if(s.demonstrating_proof_of_possession){const v=await _n(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);d?await d.setDemonstratingProofOfPossessionJwkAsync(v):await O(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(v),j.DPoP=await Pe(s.demonstrating_proof_of_possession_configuration)(v,"POST",T)}const p=await rn(l)(T,{...w,...S},j,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,I=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==S.state)throw new Error("state is not valid");const{isValid:L,reason:P}=fe(A,_.nonce,c);if(!L)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(I&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",s),k=d.getLoginParams(),I&&await d.setDemonstratingProofOfPossessionNonce(I);else{const v=O(n.configurationName,s.storage);k=v.getLoginParams(),I&&await v.setDemonstratingProofOfPossessionNonce(I)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,f,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Oe={access_token:"access_token",refresh_token:"refresh_token"},kn=n=>async e=>{V.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await E(n.configuration,n.configurationName);s?await s.clearAsync(e):await O(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},mn=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const h=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Oe.access_token)){const S=Ae(s)(y,g,re.access_token,c.client_id);h.push(S)}const w=n.tokens?n.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const S=Ae(s)(y,w,re.refresh_token,c.client_id);h.push(S)}h.length>0&&await Promise.all(h)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const _=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,h]of Object.entries(e))h!==n&&await n.logoutSameTabAsync(n.configuration.client_id,_);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[h,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${h}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},pn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!se(n.tokens);)await D({milliseconds:200});if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(s);return n.userInfo=c,c};class H{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const wn=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),An=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);c!=null&&c.length>2&&(r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:r}};function Sn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const vn=()=>{const{name:n,version:e}=Sn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=An(navigator);return!wn(s)},Tn=async n=>{let e;if(n.tokens!=null)return!1;n.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=n.configuration,t=await n.initAsync(s.authority,s.authority_configuration);if(e=await E(s,n.configurationName),e){const{tokens:o}=await e.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){e.startKeepAliveServiceWorker(),n.tokens=o;const i=e.getLoginParams(n.configurationName);n.timeoutId=M(n,n.tokens.refreshToken,n.tokens.expiresAt,i.extras);const r=await e.getSessionStateAsync();return await n.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),n.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}n.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&n.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=O(n.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){n.tokens=ee(i,null,s.token_renew_mode);const r=o.getLoginParams();n.timeoutId=M(n,i.refreshToken,n.tokens.expiresAt,r.extras);const c=await o.getSessionStateAsync();return await n.startCheckSessionAsync(t.check_session_iframe,s.client_id,c),n.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return n.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:e?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),e&&await e.clearAsync(),n.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ee=()=>fetch;class le{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const x={},bn=(n,e=new H)=>(s,t="default")=>(x[t]||(x[t]=new K(s,t,n,e)),x[t]),Pn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=M(n,e.refreshToken,e.expiresAt),{callbackPath:s}},On=n=>Math.floor(Math.random()*n),ue=class q{constructor(e,s="default",t,o=new H){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new H;const c=e.service_worker_update_require_callback??Fe(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??Y.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??vn,demonstrating_proof_of_possession_configuration:e.demonstrating_proof_of_possession_configuration??un},this.getFetch=t??Ee,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=On(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(x,e)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
-
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return x[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=B(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=B(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new le({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await E(this.configuration,this.configurationName)?window.localStorage:null;return await sn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=Tn(this),this.tryKeepExistingSessionPromise.then(e=>(this.tryKeepExistingSessionPromise=null,e)))}async startCheckSessionAsync(e,s,t,o=!1){await Je(this,x,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Me(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=yn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await gn(this)(e),o=t.tokens;return this.tokens=o,await E(this.configuration,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await D({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await D({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?s:s+1;o||(o={});const u=this.configuration,f=(l,_,y=null)=>te(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,_,y),d=async()=>{try{let l;const _=await E(u,this.configurationName);_?l=_.getLoginParams():l=O(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(q.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:_,nonce:y}=await Ve(this)(u,this.configurationName,this.tokens,t);switch(l){case $.SESSION_LOST:return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case $.NOT_CONNECTED:return i(null),{tokens:null,status:null};case $.TOKENS_VALID:return i(_),{tokens:_,status:"LOGGED_IN"};case $.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return i(_),this.publishEvent(q.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:_,status:"LOGGED_IN"};case $.LOGOUT_FROM_ANOTHER_TAB:return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case $.REQUIRE_SYNC_TOKENS:return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),!e)return await d();const h=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:h,redirect_uri:g,grant_type:"refresh_token",refresh_token:_.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,I=k.tokenEndpoint,L={};u.demonstrating_proof_of_possession&&(L.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(_.accessToken,I,"POST"));const P=await tn(this.getFetch())(I,p,T,_,L,u.token_renew_mode,A);if(P.success){const{isValid:v,reason:F}=fe(P.data,y.nonce,k);if(!v)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ie=await E(u,this.configurationName);Ie?await Ie.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await O(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(q.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await we(e)},r=await E(o,this.configurationName);let c,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=O(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Pe(o.demonstrating_proof_of_possession_configuration)(a,t,s,i)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=Pn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=pn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=ke(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await kn(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=mn(this,x,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};ue.getOrCreate=(n,e)=>(s,t="default")=>bn(n,e)(s,t),ue.eventNames=m;let K=ue;const En=(n,e)=>async(...s)=>{var l;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const _=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",_)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await n(t,d,...i)},Z=class Ce{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new Ce(K.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return $e(this._oidc,e,s)}fetchWithTokens(e){return En(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};Z.getOrCreate=(n,e=new H)=>(s,t="default")=>new Z(K.getOrCreate(n,e)(s,t)),Z.eventNames=K.eventNames;let In=Z;C.OidcClient=In,C.OidcLocation=H,C.TokenRenewMode=Y,C.getFetchDefault=Ee,C.getParseQueryStringFromLocation=B,C.getPath=an,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})});
|
|
1
|
+
(function(C,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(C=typeof globalThis<"u"?globalThis:C||self,G(C["oidc-client"]={}))})(this,function(C){"use strict";const W=console;class Ne{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(W.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(W.debug(e),W.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):W.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){W.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(W.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},O=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${n}`]),f=async()=>({nonce:e[`oidc.nonce.${n}`]}),d=async p=>{e[`oidc.dpop_nonce.${n}`]=p},l=()=>e[`oidc.dpop_nonce.${n}`],h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},xe=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=n=>JSON.parse(xe(n.replace(/-/g,"+").replace(/_/g,"/"))),le=n=>{try{return n&&We(n,".")===2?Le(n.split(".")[1]):null}catch(e){console.warn(e)}return null},We=(n,e)=>n.split(e).length-1,Y={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function De(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const ee=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=le(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:le(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=De(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===Y.access_token_invalid?a=c:s===Y.id_token_invalid?a=r:a=r<c?r:c;const u={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},ne=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),ee(t,e,s)},F=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},se=n=>n?F(0,n.expiresAt)>0:!1,$e=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!se(n.tokens)&&t>0;)await D({milliseconds:e}),t=t-1;return{isTokensValid:se(n.tokens),tokens:n.tokens,numberWaited:t-s}},ue=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},V=function(){const n=function(){let a,u;const f=(function(){const l={},h={setTimeout:function(_,g,w){l[g]=setTimeout(function(){_.postMessage(g),l[g]=null},w)},setInterval:function(_,g,w){l[g]=setInterval(function(){_.postMessage(g)},w)},clearTimeout:function(_,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(_,g){clearInterval(l[g]),l[g]=null}};function y(_,g){const w=g.data[0],S=g.data[1],T=g.data[2];h[w]&&h[w](_,S,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const u=a.data,f=s[u];if(f){f(),s[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return n.postMessage(["setTimeout",f,u]),s[f]=a,f}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,u){const f=e();return n.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.14.0";let fe=null,X;const D=({milliseconds:n})=>new Promise(e=>V.setTimeout(e,n)),he=(n="/")=>{try{X=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),D({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},Re=()=>{X&&X.abort()},Ke=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Ue=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await D({milliseconds:2e3}),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),E=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;let t=null;n.register?t=await n.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,I)=>{const L=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:I.token_renew_mode,service_worker_convert_all_requests_to_cors:I.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=L.version;return P!==de&&(console.warn(`Service worker ${P} version mismatch with js client version ${de}, unregistering and reloading`),await I.service_worker_update_require_callback(t,Re)),{tokens:ne(L.tokens,null,I.token_renew_mode),status:L.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ke(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(n,e,s,t){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);return await E(n.configuration,n.configurationName)||await O(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?i:(await n.destroyAsync(r),null)}async function Fe(n,e){const s=await E(e,n.configurationName);if(s){const t=await n.initAsync(e.authority,e.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",e);return o}else{const t=O(n.configurationName,e.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=ee(o,n.tokens,e.token_renew_mode),o}}async function ye(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`;let r;const c=await E(n.configuration,n.configurationName);return(o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!c?r=await _e(n,e,s,t):r=await navigator.locks.request(i,{ifAvailable:!0},async a=>a?await _e(n,e,s,t):(n.publishEvent(K.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Fe(n,o))),r?(n.timeoutId&&(n.timeoutId=M(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const M=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const r={timeLeft:F(o,s)};n.publishEvent(K.eventNames.token_timer,r),await ye(n,e,!1,t)},1e3)},$={SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},Ve=n=>async(e,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await n.initAsync(e.authority,e.authority_configuration),a=await E(e,s);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=F(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:l,status:y,nonce:_}}r=await a.getNonceAsync()}else{const d=O(s,e.storage??sessionStorage),{tokens:l,status:h}=await d.initAsync();if(l){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const _=F(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=F(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}},te=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${n}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===u&&_.source===f.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,S=_.data;if(S&&typeof S=="string"&&!h){if(S.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));s(m.silentLoginAsync_end,{}),f.remove(),h=!0,d(T)}else if(S.startsWith(w)){const T=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),h=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),h=!0,l(new Error("timeout")))},y)}catch(h){f.remove(),s(m.silentLoginAsync_error,h),l(h)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Me=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>te(e,s,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=M(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Je=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>te(n.configurationName,s,n.publishEvent.bind(n))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{n.checkSessionIFrame.stop();const d=n.tokens;if(d===null)return;const l=d.idToken,h=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:s.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,h.sub)})};n.checkSessionIFrame=new Ne(f,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Be=Ge,N=[],ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",z=0,je=ge.length;z<je;++z)N[z]=ge[z];function He(n){return N[n>>18&63]+N[n>>12&63]+N[n>>6&63]+N[n&63]}function qe(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(He(t));return o.join("")}function Ge(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(qe(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(N[e>>2]+N[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(N[e>>10]+N[e>>4&63]+N[e<<2&63]+"=")),o.join("")}const ke=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ye=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%oe.length;e.push(oe[t])}return e.join("")},Xe=n=>Be(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),ie=n=>{const e=new Uint8Array(n),{hasCrypto:s}=ke();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*oe.length|0;return Ye(e)};function ze(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function me(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",ze(n)).then(t=>e(Xe(new Uint8Array(t))),t=>s(t))})}const Qe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ke();return e?me(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},R={},Ze=(n,e=window.sessionStorage,s)=>{if(!R[n]&&e){const o=e.getItem(n);o&&(R[n]=JSON.parse(o))}const t=1e3*s;return R[n]&&R[n].timestamp+t>Date.now()?R[n].result:null},en=(n,e,s=window.sessionStorage)=>{const t=Date.now();R[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},nn=60*60,sn=n=>async(e,s=nn,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Ze(r,t,s);if(c)return new ae(c);const a=await J(n)(i,{},o);if(a.status!==200)return null;const u=await a.json();return en(r,u,t),new ae(u)},J=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},re={refresh_token:"refresh_token",access_token:"access_token"},pe=n=>async(e,s,t=re.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await J(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},tn=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))s[h]===void 0&&(s[h]=y);const a=[];for(const h in s){const y=encodeURIComponent(h),_=encodeURIComponent(s[h]);a.push(`${y}=${_}`)}const u=a.join("&"),f=await J(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(Q)&&(l=f.headers.get(Q)),{success:!0,data:ne(d,o,r),demonstratingProofOfPossessionNonce:l}},on=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=ie(128),i=await Qe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},Q="DPoP-Nonce",rn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const d in s){const l=encodeURIComponent(d),h=encodeURIComponent(s[d]);r.push(`${l}=${h}`)}const c=r.join("&"),a=await J(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(Q)&&(u=a.headers.get(Q));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ne(f,null,o),demonstratingProofOfPossessionNonce:u}}},we=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},an=n=>{const e=we(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},B=n=>{const e=we(n),{search:s}=e;return cn(s)},cn=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function Ae(n){return new TextEncoder().encode(n)}function Se(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function ln(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function ve(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),Se(e)}function Te(n){return Se(ln(n))}const un={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var dn={sign:async(n,e,s,t,o="dpop+jwt")=>{switch(n=Object.assign({},n),e.typ=o,e.alg=t.jwtHeaderAlgorithm,e.alg){case"ES256":e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":e.jwk={kty:n.kty,n:n.n,e:n.e,kid:e.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const i={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(s))},r=t.importKeyAlgorithm,c=!0,a=["sign"],u=await window.crypto.subtle.importKey("jwk",n,r,c,a),f=Ae(`${i.protected}.${i.payload}`),d=t.signAlgorithm,l=await window.crypto.subtle.sign(d,u,f);return i.signature=ve(new Uint8Array(l)),`${i.protected}.${i.payload}.${i.signature}`}};const be={generate:async n=>{const e=n,s=!0,t=["sign","verify"],o=await window.crypto.subtle.generateKey(e,s,t);return await window.crypto.subtle.exportKey("jwk",o.privateKey)},neuter:n=>{const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e}};var fn={thumbprint:async(n,e)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const t=await window.crypto.subtle.digest(e,Ae(s));return ve(new Uint8Array(t))}};const hn=async n=>{const e=await be.generate(n);return console.info("Private Key:",JSON.stringify(e)),console.info("Public Key:",JSON.stringify(be.neuter(e))),e},Pe=n=>async(e,s="POST",t,o={})=>{const i={jti:btoa(_n()),htm:s,htu:t,iat:Math.round(Date.now()/1e3),...o},r=await fn.thumbprint(e,n.digestAlgorithm);return await dn.sign(e,{kid:r},i,n)},_n=()=>{const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},yn=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=ie(16)),s(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=ie(12));const y={nonce:h.nonce},_=await E(e,n),g=await t(e.authority,e.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:d,extras:u}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),w=_;else{const T=O(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const S={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",...h};await on(w,o)(g.authorizationEndpoint,S)}catch(l){throw s(m.loginAsync_error,l),l}})()},gn=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),f=B(a).session_state,d=await E(s,n.configurationName);let l,h,y,_;if(d)await d.initAsync(c,"loginCallbackAsync",s),await d.setSessionStateAsync(f),h=await d.getNonceAsync(),y=d.getLoginParams(),_=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const v=O(n.configurationName,s.storage??sessionStorage);await v.setSessionStateAsync(f),h=await v.getNonceAsync(),y=v.getLoginParams(),_=await v.getStateAsync(),l=v}const g=B(a);if(g.error||g.error_description)throw new Error(`Error from OIDC server: ${g.error} - ${g.error_description}`);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`State not valid (expected: ${_}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},S={};if(s.token_request_extras)for(const[v,U]of Object.entries(s.token_request_extras))S[v]=U;if(y&&y.extras)for(const[v,U]of Object.entries(y.extras))v.endsWith(":token_request")&&(S[v.replace(":token_request","")]=U);const T=c.tokenEndpoint,H={};if(s.demonstrating_proof_of_possession){const v=await hn(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);d?await d.setDemonstratingProofOfPossessionJwkAsync(v):await O(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(v),H.DPoP=await Pe(s.demonstrating_proof_of_possession_configuration)(v,"POST",T)}const p=await rn(l)(T,{...w,...S},H,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,I=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==S.state)throw new Error("state is not valid");const{isValid:L,reason:P}=ue(A,h.nonce,c);if(!L)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(I&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",s),k=d.getLoginParams(),I&&await d.setDemonstratingProofOfPossessionNonce(I);else{const v=O(n.configurationName,s.storage);k=v.getLoginParams(),I&&await v.setDemonstratingProofOfPossessionNonce(I)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,f,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Oe={access_token:"access_token",refresh_token:"refresh_token"},kn=n=>async e=>{V.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await E(n.configuration,n.configurationName);s?await s.clearAsync(e):await O(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},mn=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Oe.access_token)){const S=pe(s)(y,g,re.access_token,c.client_id);_.push(S)}const w=n.tokens?n.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const S=pe(s)(y,w,re.refresh_token,c.client_id);_.push(S)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},pn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!se(n.tokens);)await D({milliseconds:200});if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(s);return n.userInfo=c,c};class j{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const wn=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),An=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);c!=null&&c.length>2&&(r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:r}};function Sn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const vn=()=>{const{name:n,version:e}=Sn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=An(navigator);return!wn(s)},Tn=async n=>{let e;if(n.tokens!=null)return!1;n.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=n.configuration,t=await n.initAsync(s.authority,s.authority_configuration);if(e=await E(s,n.configurationName),e){const{tokens:o}=await e.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){e.startKeepAliveServiceWorker(),n.tokens=o;const i=e.getLoginParams(n.configurationName);n.timeoutId=M(n,n.tokens.refreshToken,n.tokens.expiresAt,i.extras);const r=await e.getSessionStateAsync();return await n.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),n.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}n.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&n.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=O(n.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){n.tokens=ee(i,null,s.token_renew_mode);const r=o.getLoginParams();n.timeoutId=M(n,i.refreshToken,n.tokens.expiresAt,r.extras);const c=await o.getSessionStateAsync();return await n.startCheckSessionAsync(t.check_session_iframe,s.client_id,c),n.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return n.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:e?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),e&&await e.clearAsync(),n.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ee=()=>fetch;class ae{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const x={},bn=(n,e=new j)=>(s,t="default")=>(x[t]||(x[t]=new K(s,t,n,e)),x[t]),Pn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=M(n,e.refreshToken,e.expiresAt),{callbackPath:s}},On=n=>Math.floor(Math.random()*n),ce=class q{constructor(e,s="default",t,o=new j){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new j;const c=e.service_worker_update_require_callback??Ue(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??Y.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??vn,demonstrating_proof_of_possession_configuration:e.demonstrating_proof_of_possession_configuration??un},this.getFetch=t??Ee,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=On(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(x,e)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
+
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return x[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=B(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=B(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await E(this.configuration,this.configurationName)?window.localStorage:null;return await sn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=Tn(this),this.tryKeepExistingSessionPromise.then(e=>(this.tryKeepExistingSessionPromise=null,e)))}async startCheckSessionAsync(e,s,t,o=!1){await Je(this,x,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Me(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=yn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await gn(this)(e),o=t.tokens;return this.tokens=o,await E(this.configuration,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await D({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await D({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?s:s+1;o||(o={});const u=this.configuration,f=(l,h,y=null)=>te(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,h,y),d=async()=>{try{let l;const h=await E(u,this.configurationName);h?l=h.getLoginParams():l=O(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(q.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:h,nonce:y}=await Ve(this)(u,this.configurationName,this.tokens,t);switch(l){case $.SESSION_LOST:return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case $.NOT_CONNECTED:return i(null),{tokens:null,status:null};case $.TOKENS_VALID:return i(h),{tokens:h,status:"LOGGED_IN"};case $.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return i(h),this.publishEvent(q.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:h,status:"LOGGED_IN"};case $.LOGOUT_FROM_ANOTHER_TAB:return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case $.REQUIRE_SYNC_TOKENS:return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),!e)return await d();const _=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:_,redirect_uri:g,grant_type:"refresh_token",refresh_token:h.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,I=k.tokenEndpoint,L={};u.demonstrating_proof_of_possession&&(L.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken,I,"POST"));const P=await tn(this.getFetch())(I,p,T,h,L,u.token_renew_mode,A);if(P.success){const{isValid:v,reason:U}=ue(P.data,y.nonce,k);if(!v)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${U}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ie=await E(u,this.configurationName);Ie?await Ie.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await O(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(q.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await me(e)},r=await E(o,this.configurationName);let c,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=O(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Pe(o.demonstrating_proof_of_possession_configuration)(a,t,s,i)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=Pn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=pn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=ye(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await kn(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=mn(this,x,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};ce.getOrCreate=(n,e)=>(s,t="default")=>bn(n,e)(s,t),ce.eventNames=m;let K=ce;const En=(n,e)=>async(...s)=>{var l;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await n(t,d,...i)},Z=class Ce{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new Ce(K.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return $e(this._oidc,e,s)}fetchWithTokens(e){return En(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};Z.getOrCreate=(n,e=new j)=>(s,t="default")=>new Z(K.getOrCreate(n,e)(s,t)),Z.eventNames=K.eventNames;let In=Z;C.OidcClient=In,C.OidcLocation=j,C.TokenRenewMode=Y,C.getFetchDefault=Ee,C.getParseQueryStringFromLocation=B,C.getPath=an,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})});
|
package/dist/jwt.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAMA,OAAO,EAAC,2CAA2C,EAAC,MAAM,SAAS,CAAC;AAsDpE,eAAO,MAAM,kDAAkD,EAAE,2CAahE,CAAA;
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAMA,OAAO,EAAC,2CAA2C,EAAC,MAAM,SAAS,CAAC;AAsDpE,eAAO,MAAM,kDAAkD,EAAE,2CAahE,CAAA;AAgED,eAAO,IAAI,GAAG;6FA5DyE,2CAA2C;CA4D3G,CAAC;AAuDxB,eAAO,IAAI,GAAG;4CAxBkC,mBAAmB;CAwBtC,CAAC;AAE9B,eAAO,MAAM,gBAAgB,yBAAgC,qBAAqB,GAAG,cAAc,wBAOlG,CAAA;AAED,eAAO,MAAM,8CAA8C,gDAAiD,2CAA2C,qCAAuC,MAAM,uCAgBnM,CAAA"}
|
package/dist/parseTokens.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseTokens.d.ts","sourceRoot":"","sources":["../src/parseTokens.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"parseTokens.d.ts","sourceRoot":"","sources":["../src/parseTokens.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,QAAQ,YAAY,MAAM,QAAgF,CAAC;AAsBxH,MAAM,MAAM,MAAM,GAAG;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAC,GAAG,CAAC;IACnB,OAAO,EAAC,MAAM,CAAC;IACf,kBAAkB,EAAC,GAAG,CAAC;IACvB,WAAW,EAAC,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC7B,gCAAgC,EAAE,MAAM,CAAC;IACzC,oBAAoB,EAAC,MAAM,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;CAC5B,CAAA;AAED,eAAO,MAAM,cAAc;;;;CAI1B,CAAC;AAkBF,eAAO,MAAM,SAAS,gDAA8C,MAAM,KAAE,MA0C3E,CAAC;AAEF,eAAO,MAAM,mBAAmB,gDAAuC,MAAM,WAkC5E,CAAC;AAEF,eAAO,MAAM,eAAe,4EAM3B,CAAC;AAEF,eAAO,MAAM,aAAa,0BAKzB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACrB,aAAa,EAAE,OAAO,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;CACxB,CAAA;AAED,MAAM,WAAW,SAAS;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,kBAAkB,SAAgB,SAAS,2CAAkC,QAAQ,UAAU,CAe3G,CAAC;AAIF,eAAO,MAAM,iBAAiB;;;CA2B7B,CAAC"}
|
package/dist/version.d.ts
CHANGED
package/dist/version.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":";AAAA,
|
|
1
|
+
{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":";AAAA,wBAAwB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axa-fr/oidc-client",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.14.0",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.umd.cjs",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"url": "https://github.com/AxaFrance/oidc-client.git"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@axa-fr/oidc-client-service-worker": "7.
|
|
23
|
+
"@axa-fr/oidc-client-service-worker": "7.14.0"
|
|
24
24
|
},
|
|
25
25
|
"devDependencies": {
|
|
26
26
|
"@testing-library/dom": "^9.3.3",
|
package/src/jwt.ts
CHANGED
|
@@ -83,13 +83,17 @@ const sign = async (jwk, headers, claims, demonstratingProofOfPossessionConfigur
|
|
|
83
83
|
// The headers should probably be empty
|
|
84
84
|
headers.typ = jwtHeaderType;
|
|
85
85
|
headers.alg = demonstratingProofOfPossessionConfiguration.jwtHeaderAlgorithm;
|
|
86
|
-
|
|
87
|
-
//if (!headers.kid) {
|
|
86
|
+
switch (headers.alg) {
|
|
87
|
+
case 'ES256': //if (!headers.kid) {
|
|
88
88
|
// alternate: see thumbprint function below
|
|
89
89
|
headers.jwk = {kty: jwk.kty, crv: jwk.crv, x: jwk.x, y: jwk.y};
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
90
|
+
//}
|
|
91
|
+
break;
|
|
92
|
+
case 'RS256':
|
|
93
|
+
headers.jwk = {kty: jwk.kty, n: jwk.n, e: jwk.e, kid: headers.kid};
|
|
94
|
+
break;
|
|
95
|
+
default:
|
|
96
|
+
throw new Error('Unknown or not implemented JWS algorithm');
|
|
93
97
|
}
|
|
94
98
|
|
|
95
99
|
const jws = {
|
|
@@ -163,28 +167,27 @@ const EC = {
|
|
|
163
167
|
};
|
|
164
168
|
// @ts-ignore
|
|
165
169
|
const thumbprint = async (jwk, digestAlgorithm: AlgorithmIdentifier) => {
|
|
170
|
+
let sortedPub;
|
|
166
171
|
// lexigraphically sorted, no spaces
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
// but we're only dealing with P-256
|
|
182
|
-
const hash = await window.crypto.subtle.digest(digestAlgorithm, strToUint8(sortedPub));
|
|
183
|
-
return uint8ToUrlBase64(new Uint8Array(hash));
|
|
172
|
+
switch (jwk.kty) {
|
|
173
|
+
case 'EC':
|
|
174
|
+
sortedPub = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'
|
|
175
|
+
.replace('CRV', jwk.crv)
|
|
176
|
+
.replace('X', jwk.x)
|
|
177
|
+
.replace('Y', jwk.y);
|
|
178
|
+
break;
|
|
179
|
+
case 'RSA':
|
|
180
|
+
sortedPub = '{"e":"E","kty":"RSA","n":"N"}'
|
|
181
|
+
.replace('E', jwk.e)
|
|
182
|
+
.replace('N', jwk.n);
|
|
183
|
+
break;
|
|
184
|
+
default:
|
|
185
|
+
throw new Error('Unknown or not implemented JWK type');
|
|
184
186
|
}
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
187
|
+
// The hash should match the size of the key,
|
|
188
|
+
// but we're only dealing with P-256
|
|
189
|
+
const hash = await window.crypto.subtle.digest(digestAlgorithm, strToUint8(sortedPub));
|
|
190
|
+
return uint8ToUrlBase64(new Uint8Array(hash));
|
|
188
191
|
}
|
|
189
192
|
|
|
190
193
|
export var JWK = {thumbprint};
|
package/src/parseTokens.spec.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { describe, expect,it } from 'vitest';
|
|
2
2
|
|
|
3
|
-
import {getValidTokenAsync, isTokensOidcValid, parseOriginalTokens} from "./parseTokens";
|
|
3
|
+
import { getValidTokenAsync, isTokensOidcValid, parseJwt, parseOriginalTokens} from "./parseTokens";
|
|
4
4
|
|
|
5
5
|
describe('ParseTokens test Suite', () => {
|
|
6
6
|
const currentTimeUnixSecond = new Date().getTime() / 1000;
|
|
@@ -25,6 +25,20 @@ describe('ParseTokens test Suite', () => {
|
|
|
25
25
|
});
|
|
26
26
|
});
|
|
27
27
|
|
|
28
|
+
it('parseJwtShouldExtractData', async () => {
|
|
29
|
+
const claimsPart = "eyJzZXNzaW9uX3N0YXRlIjoiNzVjYzVlZDItZGYyZC00NTY5LWJmYzUtMThhOThlNjhiZTExIiwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoixrTHosOBw6zDhyDlsI_lkI0t44Ob44Or44OYIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdGluZ2NoYXJhY3RlcnNAaW52ZW50ZWRtYWlsLmNvbSIsImdpdmVuX25hbWUiOiLGtMeiw4HDrMOHIiwiZmFtaWx5X25hbWUiOiLlsI_lkI0t44Ob44Or44OYIn0"
|
|
30
|
+
const result = parseJwt(claimsPart);
|
|
31
|
+
expect(result).toStrictEqual({
|
|
32
|
+
"session_state": "75cc5ed2-df2d-4569-bfc5-18a98e68be11",
|
|
33
|
+
"scope": "openid email profile",
|
|
34
|
+
"email_verified": true,
|
|
35
|
+
"name": "ƴǢÁìÇ 小名-ホルヘ",
|
|
36
|
+
"preferred_username": "testingcharacters@inventedmail.com",
|
|
37
|
+
"given_name": "ƴǢÁìÇ",
|
|
38
|
+
"family_name": "小名-ホルヘ"
|
|
39
|
+
});
|
|
40
|
+
});
|
|
41
|
+
|
|
28
42
|
|
|
29
43
|
const id_token ="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjUwNWZkODljLTM4YzktNGI2Mi04ZjQ3LWI4MGQ0ZTNhYjYxNSJ9.eyJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3Q6ODA4MCIsInN1YiI6ImFkbWluIiwiYXVkIjoiM2FTbk5XUGxZQWQwOGVES3c1UUNpSWVMcWpIdHkxTTVzSGFzcDJDZWREcWYzbmJkZm8xUFo1cXhmbWoyaFhkUyIsImV4cCI6MTY5MDk4NzQ1NCwiYXV0aF90aW1lIjoxNjkwOTg2NTUxLCJpYXQiOjE2OTA5ODY1NTQsImFjciI6IjAiLCJhenAiOiIzYVNuTldQbFlBZDA4ZURLdzVRQ2lJZUxxakh0eTFNNXNIYXNwMkNlZERxZjNuYmRmbzFQWjVxeGZtajJoWGRTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGdyb3VwcyBvZmZsaW5lX2FjY2VzcyIsIm5iZiI6MTY5MDk4NjU1NCwianRpIjoiNjMiLCJub25jZSI6ImNpQkVVOTdaVmRWVSIsImdyb3VwcyI6WyJhZG1pbiJdLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsInVwZGF0ZWRfYXQiOjE2OTA5ODY1NDV9.2MUdtQR_QtzDY9BTMctG8C4uvg92DgMIUUoJed2cI7WTd5_VEPFW87esDQLw4snVdAJM1_Wf3wB88B2MXFDMCnMTNn0TMnzetRDiG3xlr2LL-geL5SNgwD0Y6RPK_aITjrC9uiQCTj3LPEENrBulNRZPURwaVon9WUVNuuBmMTKd7QKEuFN0zYDoRs0HnXo6WKnFy1rldLGh_JpA3PBUuXt4VMjfGQ7yYEuNn7MkFVDX6OnTffR8jTQp74hREvuRLFjYxfgfgu547X7yIcboOl81D0ZQlP-gfvBOeypZolRLScuqAA3fHBYvE0vCtOM6ObekfeeTDfms75csMLUuZtTR07x32xYC8vdoFsY0sRpMByTqlhsae9VX_rETJ7PIWEfruojzcj47WN9dG0K3pdPiJHEwZ1CKgZfU_cY0gtuAGaIcIjKL0txXCevaiIiIsrgSU_HTjNVybp4WHSAs3h6x0XLz4_91luCylsaoMQbwKOQNwAfr2L74jF6DOg-8DIPb-WClRQzaQtrkx_iv6FtqCB3ogFoZwi6xljdYUc2EHUmoAo-LXal-QAgUXGGzfFU2YOpxV3RyAbMGPm7PfkMVzDsDJwORJNhh38QQ6o88GgNnV28BT-d2G0n7okc0QC6o2IW0jpyCrI6v0hWOBUX2EqiJ5Wao-4LYZfCaRgU";
|
|
30
44
|
const refresh_token ="DEsqDca7nDGSgT6tJPkCwbPy98B8VOC4AA55lOPs03G3hqhZ8WH08REBcwTZg1s0jZyVoA3iCXzm4PPJ096gjV7ZKYyN8vnFKw6P6KLV3tUI6mWFaSROoh1LipThFrkS";
|
package/src/parseTokens.ts
CHANGED
|
@@ -2,15 +2,15 @@ import {sleepAsync} from './initWorker.js';
|
|
|
2
2
|
|
|
3
3
|
const b64DecodeUnicode = (str) =>
|
|
4
4
|
decodeURIComponent(Array.prototype.map.call(atob(str), (c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)).join(''));
|
|
5
|
-
const parseJwt = (
|
|
5
|
+
export const parseJwt = (payload:string) => JSON.parse(b64DecodeUnicode(payload.replace(/-/g, '+').replace(/_/g, '/')));
|
|
6
6
|
|
|
7
|
-
const extractTokenPayload = (token) => {
|
|
7
|
+
const extractTokenPayload = (token:string) => {
|
|
8
8
|
try {
|
|
9
9
|
if (!token) {
|
|
10
10
|
return null;
|
|
11
11
|
}
|
|
12
12
|
if (countLetter(token, '.') === 2) {
|
|
13
|
-
return parseJwt(token);
|
|
13
|
+
return parseJwt(token.split('.')[1]);
|
|
14
14
|
} else {
|
|
15
15
|
return null;
|
|
16
16
|
}
|
package/src/version.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export default '7.
|
|
1
|
+
export default '7.14.0';
|