@axa-fr/oidc-client 7.13.16 → 7.14.1

package/src/jwt.ts

@@ -4,6 +4,8 @@
 //
 // because... JavaScript, Strings, and Buffers
 // @ts-ignore
+import {DemonstratingProofOfPossessionConfiguration} from "./types";
+
 function strToUint8(str) {
     return new TextEncoder().encode(str);
 }
@@ -56,19 +58,42 @@ function strToUrlBase64(str) {
     return binToUrlBase64(utf8ToBinaryString(str));
 }
 
-export var JWT = {};
+export const defaultDemonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration ={
+    importKeyAlgorithm: {
+        name: 'ECDSA',
+        namedCurve: 'P-256',
+        hash: {name: 'ES256'}
+    },
+    signAlgorithm: {name: 'ECDSA', hash: {name: 'SHA-256'}},
+    generateKeyAlgorithm: {
+        name: 'ECDSA',
+        namedCurve: 'P-256'
+    },
+    digestAlgorithm: { name: 'SHA-256' },
+    jwtHeaderAlgorithm : 'ES256' 
+}
+
+
 // @ts-ignore
-JWT.sign = (jwk, headers, claims, jwtHeaderType= 'dpop+jwt') => {
+const sign = async (jwk, headers, claims, demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration, jwtHeaderType= 'dpop+jwt') => {
     // Make a shallow copy of the key
     // (to set ext if it wasn't already set)
     jwk = Object.assign({}, jwk);
 
     // The headers should probably be empty
     headers.typ = jwtHeaderType;
-    headers.alg = 'ES256';
-    if (!headers.kid) {
-        // alternate: see thumbprint function below
-        headers.jwk = { kty: jwk.kty, crv: jwk.crv, x: jwk.x, y: jwk.y };
+    headers.alg = demonstratingProofOfPossessionConfiguration.jwtHeaderAlgorithm;
+    switch (headers.alg) {
+        case 'ES256': //if (!headers.kid) {
+            // alternate: see thumbprint function below
+            headers.jwk = {kty: jwk.kty, crv: jwk.crv, x: jwk.x, y: jwk.y};
+            //}
+            break;
+        case 'RS256':
+            headers.jwk = {kty: jwk.kty, n: jwk.n, e: jwk.e, kid: headers.kid};
+            break;
+        default:
+            throw new Error('Unknown or not implemented JWS algorithm');
     }
 
     const jws = {
@@ -81,11 +106,7 @@ JWT.sign = (jwk, headers, claims, jwtHeaderType= 'dpop+jwt') => {
     };
 
     // To import as EC (ECDSA, P-256, SHA-256, ES256)
-    const keyType = {
-        name: 'ECDSA',
-        namedCurve: 'P-256',
-        hash: {name: 'ES256'}
-    };
+    const keyType = demonstratingProofOfPossessionConfiguration.importKeyAlgorithm;
 
     // To make re-exportable as JSON (or DER/PEM)
     const exportable = true;
@@ -95,80 +116,110 @@ JWT.sign = (jwk, headers, claims, jwtHeaderType= 'dpop+jwt') => {
 
     // Actually do the import, which comes out as an abstract key type
     // @ts-ignore
-    return window.crypto.subtle
-        // @ts-ignore
-        .importKey('jwk', jwk, keyType, exportable, privileges)
-        .then(function(privateKey) {
-            // Convert UTF-8 to Uint8Array ArrayBuffer
-            // @ts-ignore
-            const data = strToUint8(jws.protected + '.' + jws.payload);
-
-            // The signature and hash should match the bit-entropy of the key
-            // https://tools.ietf.org/html/rfc7518#section-3
-            const signatureType = {name: 'ECDSA', hash: {name: 'SHA-256'}};
-
-            return window.crypto.subtle.sign(signatureType, privateKey, data).then(function(signature) {
-                // returns an ArrayBuffer containing a JOSE (not X509) signature,
-                // which must be converted to Uint8 to be useful
-                // @ts-ignore
-                jws.signature = uint8ToUrlBase64(new Uint8Array(signature));
-
-                // JWT is just a "compressed", "protected" JWS
-                // @ts-ignore
-                return jws.protected + '.' + jws.payload + '.' + jws.signature;
-            });
-        });
+    const privateKey = await window.crypto.subtle.importKey('jwk', jwk, keyType, exportable, privileges);
+    // Convert UTF-8 to Uint8Array ArrayBuffer
+    // @ts-ignore
+    const data = strToUint8(`${jws.protected}.${jws.payload}`);
+
+    // The signature and hash should match the bit-entropy of the key
+    // https://tools.ietf.org/html/rfc7518#section-3
+    const signatureType = demonstratingProofOfPossessionConfiguration.signAlgorithm;
+
+    const signature = await window.crypto.subtle.sign(signatureType, privateKey, data);
+    // returns an ArrayBuffer containing a JOSE (not X509) signature,
+    // which must be converted to Uint8 to be useful
+    // @ts-ignore
+    jws.signature = uint8ToUrlBase64(new Uint8Array(signature));
+    // JWT is just a "compressed", "protected" JWS
+    // @ts-ignore
+    return `${jws.protected}.${jws.payload}.${jws.signature}`;
 };
 
+export var JWT = {sign};
+
 
-const EC = {};
 // @ts-ignore
-EC.generate = function() {
-    const keyType = {
-        name: 'ECDSA',
-        namedCurve: 'P-256'
-    };
+const generate = async (generateKeyAlgorithm: RsaHashedKeyGenParams | EcKeyGenParams) => {
+    const keyType = generateKeyAlgorithm;
     const exportable = true;
     const privileges = ['sign', 'verify'];
     // @ts-ignore
-    return window.crypto.subtle.generateKey(keyType, exportable, privileges).then(function(key) {
-        // returns an abstract and opaque WebCrypto object,
-        // which in most cases you'll want to export as JSON to be able to save
-        return window.crypto.subtle.exportKey('jwk', key.privateKey);
-    });
+    const key = await window.crypto.subtle.generateKey(keyType, exportable, privileges);
+    // returns an abstract and opaque WebCrypto object,
+    // which in most cases you'll want to export as JSON to be able to save
+    return await window.crypto.subtle.exportKey('jwk', key.privateKey);
 };
 
 // Create a Public Key from a Private Key
 //
 // chops off the private parts
 // @ts-ignore
-EC.neuter = function(jwk) {
+const neuter = jwk => {
     const copy = Object.assign({}, jwk);
     delete copy.d;
     copy.key_ops = ['verify'];
     return copy;
 };
 
-export var JWK = {};
+const EC = {
+    generate,
+    neuter
+};
 // @ts-ignore
-JWK.thumbprint = function(jwk) {
+const thumbprint = async (jwk, digestAlgorithm: AlgorithmIdentifier) => {
+    let sortedPub;
     // lexigraphically sorted, no spaces
-    const sortedPub = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'
-        .replace('CRV', jwk.crv)
-        .replace('X', jwk.x)
-        .replace('Y', jwk.y);
-
+    switch (jwk.kty) {
+        case 'EC':
+            sortedPub = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'
+                .replace('CRV', jwk.crv)
+                .replace('X', jwk.x)
+                .replace('Y', jwk.y);
+            break;
+        case 'RSA':
+            sortedPub = '{"e":"E","kty":"RSA","n":"N"}'
+                .replace('E', jwk.e)
+                .replace('N', jwk.n);
+            break;
+        default:
+            throw new Error('Unknown or not implemented JWK type');
+    }
     // The hash should match the size of the key,
     // but we're only dealing with P-256
-    return window.crypto.subtle
-        .digest({ name: 'SHA-256' }, strToUint8(sortedPub))
-        .then(function(hash) {
-            return uint8ToUrlBase64(new Uint8Array(hash));
-        });
-};
+    const hash = await window.crypto.subtle.digest(digestAlgorithm, strToUint8(sortedPub));
+    return uint8ToUrlBase64(new Uint8Array(hash));
+}
+
+export var JWK = {thumbprint};
+
+export const generateJwkAsync = async (generateKeyAlgorithm: RsaHashedKeyGenParams | EcKeyGenParams) => {
+    // @ts-ignore
+    const jwk = await EC.generate(generateKeyAlgorithm);
+    // console.info('Private Key:', JSON.stringify(jwk));
+    // @ts-ignore
+    // console.info('Public Key:', JSON.stringify(EC.neuter(jwk)));
+    return jwk;
+}
 
+export const generateJwtDemonstratingProofOfPossessionAsync = (demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration) => async (jwk, method = 'POST', url: string, extrasClaims={}) => {
 
-const guid = function () {
+    const claims = {
+        // https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
+        jti: btoa(guid()),
+        htm: method,
+        htu: url,
+        iat: Math.round(Date.now() / 1000),
+        ...extrasClaims,
+    };
+    // @ts-ignore
+    const kid = await JWK.thumbprint(jwk, demonstratingProofOfPossessionConfiguration.digestAlgorithm);
+    // @ts-ignore
+    const jwt = await JWT.sign(jwk, { kid: kid }, claims, demonstratingProofOfPossessionConfiguration)
+    // console.info('JWT:', jwt);
+    return jwt;
+}
+
+const guid = () => {
     // RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or
     // pseudo-random numbers.
     // The algorithm is as follows:
@@ -213,36 +264,3 @@ const guid = function () {
 
     return guidResponse;
 };
-
-
-export const generateJwkAsync = () => {
-    // @ts-ignore
-    return EC.generate().then(function(jwk) {
-        // console.info('Private Key:', JSON.stringify(jwk));
-        // @ts-ignore
-        // console.info('Public Key:', JSON.stringify(EC.neuter(jwk)));
-        return jwk;
-    });
-}
-
-export const generateJwtDemonstratingProofOfPossessionAsync = (jwk, method = 'POST', url: string, extrasClaims={}) => {
-
-    const claims = {
-        // https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
-        jti: btoa(guid()),
-        htm: method,
-        htu: url,
-        iat: Math.round(Date.now() / 1000),
-        ...extrasClaims,
-    };
-    // @ts-ignore
-    return JWK.thumbprint(jwk).then(function(kid) {
-        // @ts-ignore
-        return JWT.sign(jwk, { /*kid: kid*/ }, claims).then(function(jwt) {
-            // console.info('JWT:', jwt);
-            return jwt;
-        });
-    });
-}
-
-export default EC;

package/src/keepSession.ts

@@ -0,0 +1,78 @@
+import {initWorkerAsync} from "./initWorker";
+import {autoRenewTokens} from "./renewTokens";
+import {initSession} from "./initSession";
+import {setTokens} from "./parseTokens";
+import {eventNames} from "./events";
+import Oidc from "./oidc";
+
+export const tryKeepSessionAsync = async (oidc: Oidc) =>{
+    
+        let serviceWorker;
+        if (oidc.tokens != null) {
+            return false;
+        }
+        oidc.publishEvent(eventNames.tryKeepExistingSessionAsync_begin, {});
+        try {
+            const configuration = oidc.configuration;
+            const oidcServerConfiguration = await oidc.initAsync(configuration.authority, configuration.authority_configuration);
+            serviceWorker = await initWorkerAsync(configuration, oidc.configurationName);
+            if (serviceWorker) {
+                const { tokens } = await serviceWorker.initAsync(oidcServerConfiguration, 'tryKeepExistingSessionAsync', configuration);
+                if (tokens) {
+                    serviceWorker.startKeepAliveServiceWorker();
+                    // @ts-ignore
+                    oidc.tokens = tokens;
+                    const getLoginParams = serviceWorker.getLoginParams(oidc.configurationName);
+                    // @ts-ignore
+                    oidc.timeoutId = autoRenewTokens(oidc, oidc.tokens.refreshToken, oidc.tokens.expiresAt, getLoginParams.extras);
+                    const sessionState = await serviceWorker.getSessionStateAsync();
+                    // @ts-ignore
+                    await oidc.startCheckSessionAsync(oidcServerConfiguration.check_session_iframe, configuration.client_id, sessionState);
+                    oidc.publishEvent(eventNames.tryKeepExistingSessionAsync_end, {
+                        success: true,
+                        message: 'tokens inside ServiceWorker are valid',
+                    });
+                    return true;
+                }
+                oidc.publishEvent(eventNames.tryKeepExistingSessionAsync_end, {
+                    success: false,
+                    message: 'no exiting session found',
+                });
+            } else {
+                if (configuration.service_worker_relative_url) {
+                    oidc.publishEvent(eventNames.service_worker_not_supported_by_browser, {
+                        message: 'service worker is not supported by this browser',
+                    });
+                }
+                const session = initSession(oidc.configurationName, configuration.storage ?? sessionStorage);
+                const { tokens } = await session.initAsync();
+                if (tokens) {
+                    // @ts-ignore
+                    oidc.tokens = setTokens(tokens, null, configuration.token_renew_mode);
+                    const getLoginParams = session.getLoginParams();
+                    // @ts-ignore
+                    oidc.timeoutId = autoRenewTokens(oidc, tokens.refreshToken, oidc.tokens.expiresAt, getLoginParams.extras);
+                    const sessionState = await session.getSessionStateAsync();
+                    // @ts-ignore
+                    await oidc.startCheckSessionAsync(oidcServerConfiguration.check_session_iframe, configuration.client_id, sessionState);
+                    oidc.publishEvent(eventNames.tryKeepExistingSessionAsync_end, {
+                        success: true,
+                        message: 'tokens inside storage are valid',
+                    });
+                    return true;
+                }
+            }
+            oidc.publishEvent(eventNames.tryKeepExistingSessionAsync_end, {
+                success: false,
+                message: serviceWorker ? 'service worker sessions not retrieved' : 'session storage sessions not retrieved',
+            });
+            return false;
+        } catch (exception) {
+            console.error(exception);
+            if (serviceWorker) {
+                await serviceWorker.clearAsync();
+            }
+            oidc.publishEvent(eventNames.tryKeepExistingSessionAsync_error, 'tokens inside ServiceWorker are invalid');
+            return false;
+        }
+} 

package/src/login.ts

@@ -11,6 +11,7 @@ import {getParseQueryStringFromLocation} from './route-utils.js';
 import {OidcConfiguration, StringMap} from './types.js';
 import {generateJwkAsync, generateJwtDemonstratingProofOfPossessionAsync} from "./jwt";
 import {ILOidcLocation} from "./location";
+import Oidc from "./oidc";
 
 // eslint-disable-next-line @typescript-eslint/ban-types
 export const defaultLoginAsync = (configurationName:string, configuration:OidcConfiguration, publishEvent :(string, any)=>void, initAsync:Function, oidcLocation: ILOidcLocation) => (callbackPath:string = undefined, extras:StringMap = null, isSilentSignin = false, scope:string = undefined) => {
@@ -75,7 +76,7 @@ export const defaultLoginAsync = (configurationName:string, configuration:OidcCo
     return loginLocalAsync();
 };
 
-export const loginCallbackAsync = (oidc) => async (isSilentSignin = false) => {
+export const loginCallbackAsync = (oidc:Oidc) => async (isSilentSignin = false) => {
     try {
         oidc.publishEvent(eventNames.loginCallbackAsync_begin, {});
         const configuration = oidc.configuration;
@@ -148,14 +149,14 @@ export const loginCallbackAsync = (oidc) => async (isSilentSignin = false) => {
         const url = oidcServerConfiguration.tokenEndpoint;
         const headersExtras = {};
         if(configuration.demonstrating_proof_of_possession) {
-            const jwk = await generateJwkAsync();
+            const jwk = await generateJwkAsync(configuration.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
             if (serviceWorker) {
                 await serviceWorker.setDemonstratingProofOfPossessionJwkAsync(jwk);
             } else {
                 const session = initSession(oidc.configurationName, configuration.storage);
                 await session.setDemonstratingProofOfPossessionJwkAsync(jwk);
             }
-            headersExtras['DPoP'] = await generateJwtDemonstratingProofOfPossessionAsync(jwk, 'POST', url);
+            headersExtras['DPoP'] = await generateJwtDemonstratingProofOfPossessionAsync(configuration.demonstrating_proof_of_possession_configuration)(jwk, 'POST', url);
         }
 
         const tokenResponse = await performFirstTokenRequestAsync(storage)(url, 

package/src/logout.ts

@@ -4,6 +4,7 @@ import { performRevocationRequestAsync, TOKEN_TYPE } from './requests.js';
 import timer from './timer.js';
 import { StringMap } from './types.js';
 import {ILOidcLocation} from "./location";
+import Oidc from "./oidc";
 
 export const oidcLogoutTokens = {
     access_token: 'access_token',

package/src/oidc.ts

@@ -5,8 +5,13 @@ import {initSession} from './initSession.js';
 import {defaultServiceWorkerUpdateRequireCallback, initWorkerAsync, sleepAsync} from './initWorker.js';
 import {defaultLoginAsync, loginCallbackAsync} from './login.js';
 import {destroyAsync, logoutAsync} from './logout.js';
-import {computeTimeLeft, isTokensOidcValid, setTokens, TokenRenewMode, Tokens,} from './parseTokens.js';
-import {autoRenewTokens, renewTokensAndStartTimerAsync} from './renewTokens.js';
+import {isTokensOidcValid, TokenRenewMode, Tokens,} from './parseTokens.js';
+import {
+    autoRenewTokens,
+    renewTokensAndStartTimerAsync,
+    synchroniseTokensStatus,
+    syncTokensInfoAsync
+} from './renewTokens.js';
 import {fetchFromIssuer, performTokenRequestAsync} from './requests.js';
 import {getParseQueryStringFromLocation} from './route-utils.js';
 import defaultSilentLoginAsync, {_silentLoginAsync} from './silentLogin.js';
@@ -14,9 +19,13 @@ import timer from './timer.js';
 import {AuthorityConfiguration, Fetch, OidcConfiguration, StringMap} from './types.js';
 import {userInfoAsync} from './user.js';
 import {base64urlOfHashOfASCIIEncodingAsync} from "./crypto";
-import {generateJwtDemonstratingProofOfPossessionAsync} from "./jwt";
+import {
+    defaultDemonstratingProofOfPossessionConfiguration,
+    generateJwtDemonstratingProofOfPossessionAsync
+} from "./jwt";
 import {ILOidcLocation, OidcLocation} from "./location";
 import {activateServiceWorker} from "./initWorkerOption";
+import {tryKeepSessionAsync} from "./keepSession";
 
 
 
@@ -83,11 +92,11 @@ export class Oidc {
     public userInfo: null;
     public tokens?: Tokens;
     public events: Array<any>;
-    private timeoutId: NodeJS.Timeout;
+    public timeoutId: NodeJS.Timeout | number;
     public configurationName: string;
-    private checkSessionIFrame: CheckSessionIFrame;
+    public checkSessionIFrame: CheckSessionIFrame;
     private getFetch: () => Fetch;
-    private location: ILOidcLocation;
+    public location: ILOidcLocation;
     constructor(configuration:OidcConfiguration, configurationName = 'default', getFetch : () => Fetch, location: ILOidcLocation = new OidcLocation()) {
       let silent_login_uri = configuration.silent_login_uri;
       if (configuration.silent_redirect_uri && !configuration.silent_login_uri) {
@@ -112,6 +121,7 @@ export class Oidc {
           logout_tokens_to_invalidate: configuration.logout_tokens_to_invalidate ?? ['access_token', 'refresh_token'],
           service_worker_update_require_callback,
           service_worker_activate: configuration.service_worker_activate ?? activateServiceWorker,
+          demonstrating_proof_of_possession_configuration: configuration.demonstrating_proof_of_possession_configuration ?? defaultDemonstratingProofOfPossessionConfiguration,
       };
       
       this.getFetch = getFetch ?? getFetchDefault;
@@ -225,78 +235,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
         if (this.tryKeepExistingSessionPromise !== null) {
             return this.tryKeepExistingSessionPromise;
         }
-        const funcAsync = async () => {
-            let serviceWorker;
-            if (this.tokens != null) {
-                return false;
-            }
-            this.publishEvent(eventNames.tryKeepExistingSessionAsync_begin, {});
-            try {
-                const configuration = this.configuration;
-                const oidcServerConfiguration = await this.initAsync(configuration.authority, configuration.authority_configuration);
-                serviceWorker = await initWorkerAsync(configuration, this.configurationName);
-                if (serviceWorker) {
-                    const { tokens } = await serviceWorker.initAsync(oidcServerConfiguration, 'tryKeepExistingSessionAsync', configuration);
-                    if (tokens) {
-                        serviceWorker.startKeepAliveServiceWorker();
-                        // @ts-ignore
-                        this.tokens = tokens;
-                        const getLoginParams = serviceWorker.getLoginParams(this.configurationName);
-                        // @ts-ignore
-                        this.timeoutId = autoRenewTokens(this, this.tokens.refreshToken, this.tokens.expiresAt, getLoginParams.extras);
-                        const sessionState = await serviceWorker.getSessionStateAsync();
-                        // @ts-ignore
-                        await this.startCheckSessionAsync(oidcServerConfiguration.check_session_iframe, configuration.client_id, sessionState);
-                        this.publishEvent(eventNames.tryKeepExistingSessionAsync_end, {
-                            success: true,
-                            message: 'tokens inside ServiceWorker are valid',
-                        });
-                        return true;
-                    }
-                    this.publishEvent(eventNames.tryKeepExistingSessionAsync_end, {
-                        success: false,
-                        message: 'no exiting session found',
-                    });
-                } else {
-                    if (configuration.service_worker_relative_url) {
-                        this.publishEvent(eventNames.service_worker_not_supported_by_browser, {
-                            message: 'service worker is not supported by this browser',
-                        });
-                    }
-                    const session = initSession(this.configurationName, configuration.storage ?? sessionStorage);
-                    const { tokens } = await session.initAsync();
-                    if (tokens) {
-                        // @ts-ignore
-                        this.tokens = setTokens(tokens, null, configuration.token_renew_mode);
-                        const getLoginParams = session.getLoginParams();
-                        // @ts-ignore
-                        this.timeoutId = autoRenewTokens(this, tokens.refreshToken, this.tokens.expiresAt, getLoginParams.extras);
-                        const sessionState = await session.getSessionStateAsync();
-                        // @ts-ignore
-                        await this.startCheckSessionAsync(oidcServerConfiguration.check_session_iframe, configuration.client_id, sessionState);
-                        this.publishEvent(eventNames.tryKeepExistingSessionAsync_end, {
-                            success: true,
-                            message: 'tokens inside storage are valid',
-                        });
-                        return true;
-                    }
-                }
-                this.publishEvent(eventNames.tryKeepExistingSessionAsync_end, {
-                    success: false,
-                    message: serviceWorker ? 'service worker sessions not retrieved' : 'session storage sessions not retrieved',
-                });
-                return false;
-            } catch (exception) {
-                console.error(exception);
-                if (serviceWorker) {
-                    await serviceWorker.clearAsync();
-                }
-                this.publishEvent(eventNames.tryKeepExistingSessionAsync_error, 'tokens inside ServiceWorker are invalid');
-                return false;
-            }
-        };
-
-        this.tryKeepExistingSessionPromise = funcAsync();
+        
+        this.tryKeepExistingSessionPromise = tryKeepSessionAsync(this);
         return this.tryKeepExistingSessionPromise.then((result) => {
             this.tryKeepExistingSessionPromise = null;
             return result;
@@ -349,8 +289,11 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
             return result;
         });
     }
+    
+    
 
     async synchroniseTokensAsync(refreshToken, index = 0, forceRefresh = false, extras:StringMap = null, updateTokens) {
+        
         while (!navigator.onLine && document.hidden) {
             await sleepAsync({milliseconds: 1000});
             this.publishEvent(eventNames.refreshTokensAsync, { message: 'wait because navigator is offline and hidden' });
@@ -410,27 +353,27 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
             return { tokens: null, status: 'SESSION_LOST' };
         }
         try {
-            const { status, tokens, nonce } = await this.syncTokensInfoAsync(configuration, this.configurationName, this.tokens, forceRefresh);
+            const { status, tokens, nonce } = await syncTokensInfoAsync(this)(configuration, this.configurationName, this.tokens, forceRefresh);
             switch (status) {
-                case 'SESSION_LOST':
+                case synchroniseTokensStatus.SESSION_LOST:
                     updateTokens(null);
                     this.publishEvent(eventNames.refreshTokensAsync_error, { message: 'refresh token session lost' });
                     return { tokens: null, status: 'SESSION_LOST' };
-                case 'NOT_CONNECTED':
+                case synchroniseTokensStatus.NOT_CONNECTED:
                     updateTokens(null);
                     return { tokens: null, status: null };
-                case 'TOKENS_VALID':
+                case synchroniseTokensStatus.TOKENS_VALID:
                     updateTokens(tokens);
                     return { tokens, status: 'LOGGED_IN' };
-                case 'TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID':
+                case synchroniseTokensStatus.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
                     updateTokens(tokens);
                     this.publishEvent(Oidc.eventNames.token_renewed, { reason: 'TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID' });
                     return { tokens, status: 'LOGGED_IN' };
-                case 'LOGOUT_FROM_ANOTHER_TAB':
+                case synchroniseTokensStatus.LOGOUT_FROM_ANOTHER_TAB:
                     updateTokens(null);
                     this.publishEvent(eventNames.logout_from_another_tab, { status: 'session syncTokensAsync' });
                     return { tokens: null, status: 'LOGGED_OUT' };
-                case 'REQUIRE_SYNC_TOKENS':
+                case synchroniseTokensStatus.REQUIRE_SYNC_TOKENS:
                     this.publishEvent(eventNames.refreshTokensAsync_begin, { refreshToken, status, tryNumber: index });
                     return await localsilentLoginAsync();
                 default: {
@@ -516,7 +459,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
         const claimsExtras = {ath: await base64urlOfHashOfASCIIEncodingAsync(accessToken),};
 
         const serviceWorker = await initWorkerAsync(configuration, this.configurationName);
-        let demonstratingProofOfPossessionNonce:string = null;
+        let demonstratingProofOfPossessionNonce:string;
         let jwk;
         if (serviceWorker) {
             demonstratingProofOfPossessionNonce = await serviceWorker.getDemonstratingProofOfPossessionNonce();
@@ -531,56 +474,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
             claimsExtras['nonce'] = demonstratingProofOfPossessionNonce;
         }
 
-        return await generateJwtDemonstratingProofOfPossessionAsync(jwk, method, url, claimsExtras);
-    }
-
-    async syncTokensInfoAsync(configuration, configurationName, currentTokens, forceRefresh = false) {
-        // Service Worker can be killed by the browser (when it wants,for example after 10 seconds of inactivity, so we retreieve the session if it happen)
-        // const configuration = this.configuration;
-        const nullNonce = { nonce: null };
-        if (!currentTokens) {
-            return { tokens: null, status: 'NOT_CONNECTED', nonce: nullNonce };
-        }
-        let nonce = nullNonce;
-        const oidcServerConfiguration = await this.initAsync(configuration.authority, configuration.authority_configuration);
-        const serviceWorker = await initWorkerAsync(configuration, configurationName);
-        if (serviceWorker) {
-            const { status, tokens } = await serviceWorker.initAsync(oidcServerConfiguration, 'syncTokensAsync', configuration);
-            if (status === 'LOGGED_OUT') {
-                return { tokens: null, status: 'LOGOUT_FROM_ANOTHER_TAB', nonce: nullNonce };
-            } else if (status === 'SESSIONS_LOST') {
-                    return { tokens: null, status: 'SESSIONS_LOST', nonce: nullNonce };
-            } else if (!status || !tokens) {
-                return { tokens: null, status: 'REQUIRE_SYNC_TOKENS', nonce: nullNonce };
-            } else if (tokens.issuedAt !== currentTokens.issuedAt) {
-                const timeLeft = computeTimeLeft(configuration.refresh_time_before_tokens_expiration_in_second, tokens.expiresAt);
-                const status = (timeLeft > 0) ? 'TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID' : 'TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID';
-                const nonce = await serviceWorker.getNonceAsync();
-                return { tokens, status, nonce };
-            }
-            nonce = await serviceWorker.getNonceAsync();
-        } else {
-            const session = initSession(configurationName, configuration.storage ?? sessionStorage);
-            const { tokens, status } = await session.initAsync();
-            if (!tokens) {
-                return { tokens: null, status: 'LOGOUT_FROM_ANOTHER_TAB', nonce: nullNonce };
-            } else if (status === 'SESSIONS_LOST') {
-                    return { tokens: null, status: 'SESSIONS_LOST', nonce: nullNonce };
-                } else if (tokens.issuedAt !== currentTokens.issuedAt) {
-                const timeLeft = computeTimeLeft(configuration.refresh_time_before_tokens_expiration_in_second, tokens.expiresAt);
-                const status = (timeLeft > 0) ? 'TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID' : 'TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID';
-                const nonce = await session.getNonceAsync();
-                return { tokens, status, nonce };
-            }
-            nonce = await session.getNonceAsync();
-        }
-
-        const timeLeft = computeTimeLeft(configuration.refresh_time_before_tokens_expiration_in_second, currentTokens.expiresAt);
-        const status = (timeLeft > 0) ? 'TOKENS_VALID' : 'TOKENS_INVALID';
-        if (forceRefresh) {
-            return { tokens: currentTokens, status: 'FORCE_REFRESH', nonce };
-        }
-        return { tokens: currentTokens, status, nonce };
+        return await generateJwtDemonstratingProofOfPossessionAsync(configuration.demonstrating_proof_of_possession_configuration)(jwk, method, url, claimsExtras);
     }
 
     loginCallbackWithAutoTokensRenewPromise:Promise<LoginCallback> = null;

package/src/parseTokens.ts

@@ -20,7 +20,7 @@ const extractTokenPayload = (token:string) => {
     return null;
 };
 
-const countLetter = (str, find) => {
+const countLetter = (str : string, find) => {
     return (str.split(find)).length - 1;
 };