@axa-fr/oidc-client 7.13.7 → 7.13.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/events.d.ts +1 -0
- package/dist/events.d.ts.map +1 -1
- package/dist/index.js +146 -146
- package/dist/index.umd.cjs +2 -2
- package/dist/oidc.d.ts +1 -0
- package/dist/oidc.d.ts.map +1 -1
- package/dist/oidcClient.d.ts +1 -0
- package/dist/oidcClient.d.ts.map +1 -1
- package/dist/renewTokens.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/events.ts +1 -0
- package/src/renewTokens.ts +27 -14
- package/src/version.ts +1 -1
package/dist/events.d.ts
CHANGED
package/dist/events.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../src/events.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,UAAU
|
|
1
|
+
{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../src/events.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4BtB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
const
|
|
1
|
+
const L = console;
|
|
2
2
|
class Ie {
|
|
3
3
|
constructor(e, n, t, o = 2e3, i = !0) {
|
|
4
4
|
this._callback = e, this._client_id = n, this._url = t, this._interval = o || 2e3, this._stopOnError = i;
|
|
@@ -13,17 +13,17 @@ class Ie {
|
|
|
13
13
|
});
|
|
14
14
|
}
|
|
15
15
|
_message(e) {
|
|
16
|
-
e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (
|
|
16
|
+
e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (L.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? (L.debug(e), L.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : L.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
|
|
17
17
|
}
|
|
18
18
|
start(e) {
|
|
19
|
-
|
|
19
|
+
L.debug("CheckSessionIFrame.start :" + e), this.stop();
|
|
20
20
|
const n = () => {
|
|
21
21
|
this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
|
|
22
22
|
};
|
|
23
23
|
n(), this._timer = window.setInterval(n, this._interval);
|
|
24
24
|
}
|
|
25
25
|
stop() {
|
|
26
|
-
this._timer && (
|
|
26
|
+
this._timer && (L.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
29
|
const m = {
|
|
@@ -51,6 +51,7 @@ const m = {
|
|
|
51
51
|
silentLoginAsync_end: "silentLoginAsync_end",
|
|
52
52
|
silentLoginAsync_error: "silentLoginAsync_error",
|
|
53
53
|
syncTokensAsync_begin: "syncTokensAsync_begin",
|
|
54
|
+
syncTokensAsync_lock_not_available: "syncTokensAsync_lock_not_available",
|
|
54
55
|
syncTokensAsync_end: "syncTokensAsync_end",
|
|
55
56
|
syncTokensAsync_error: "syncTokensAsync_error"
|
|
56
57
|
}, I = (s, e = sessionStorage) => {
|
|
@@ -160,7 +161,7 @@ const ye = (s, e = null, n) => {
|
|
|
160
161
|
if (!s.tokens)
|
|
161
162
|
return null;
|
|
162
163
|
for (; !z(s.tokens) && t > 0; )
|
|
163
|
-
await
|
|
164
|
+
await $({ milliseconds: e }), t = t - 1;
|
|
164
165
|
return {
|
|
165
166
|
isTokensValid: z(s.tokens),
|
|
166
167
|
tokens: s.tokens,
|
|
@@ -181,7 +182,7 @@ const ye = (s, e = null, n) => {
|
|
|
181
182
|
return { isValid: !1, reason: `Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}` };
|
|
182
183
|
}
|
|
183
184
|
return { isValid: !0, reason: "" };
|
|
184
|
-
},
|
|
185
|
+
}, M = function() {
|
|
185
186
|
const s = function() {
|
|
186
187
|
let a, u;
|
|
187
188
|
const f = (function() {
|
|
@@ -204,8 +205,8 @@ const ye = (s, e = null, n) => {
|
|
|
204
205
|
}
|
|
205
206
|
};
|
|
206
207
|
function y(_, g) {
|
|
207
|
-
const w = g.data[0],
|
|
208
|
-
h[w] && h[w](_,
|
|
208
|
+
const w = g.data[0], v = g.data[1], T = g.data[2];
|
|
209
|
+
h[w] && h[w](_, v, T);
|
|
209
210
|
}
|
|
210
211
|
this.onmessage = function(_) {
|
|
211
212
|
y(self, _);
|
|
@@ -281,13 +282,13 @@ const ye = (s, e = null, n) => {
|
|
|
281
282
|
setInterval: r,
|
|
282
283
|
clearInterval: c
|
|
283
284
|
};
|
|
284
|
-
}(), ce = "7.13.
|
|
285
|
+
}(), ce = "7.13.8";
|
|
285
286
|
let le = null, q;
|
|
286
|
-
const
|
|
287
|
+
const $ = ({ milliseconds: s }) => new Promise((e) => M.setTimeout(e, s)), ke = (s = "/") => {
|
|
287
288
|
try {
|
|
288
289
|
q = new AbortController(), fetch(`${s}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: q.signal }).catch((t) => {
|
|
289
290
|
console.log(t);
|
|
290
|
-
}),
|
|
291
|
+
}), $({ milliseconds: 150 * 1e3 }).then(ke);
|
|
291
292
|
} catch (e) {
|
|
292
293
|
console.log(e);
|
|
293
294
|
}
|
|
@@ -302,7 +303,7 @@ const R = ({ milliseconds: s }) => new Promise((e) => W.setTimeout(e, s)), ke =
|
|
|
302
303
|
}), Re = (s) => async (e, n) => {
|
|
303
304
|
n(), await e.update();
|
|
304
305
|
const t = await e.unregister();
|
|
305
|
-
console.log(`Service worker unregistering ${t}`), await
|
|
306
|
+
console.log(`Service worker unregistering ${t}`), await $({ milliseconds: 2e3 }), s.reload();
|
|
306
307
|
}, b = (s) => (e) => new Promise(function(n, t) {
|
|
307
308
|
const o = new MessageChannel();
|
|
308
309
|
o.port1.onmessage = function(i) {
|
|
@@ -386,28 +387,27 @@ async function ue(s, e, n, t) {
|
|
|
386
387
|
}, { tokens: i, status: r } = await s.synchroniseTokensAsync(e, 0, n, t, o);
|
|
387
388
|
return await E(s.configuration, s.configurationName) || await I(s.configurationName, s.configuration.storage).setTokens(s.tokens), s.tokens ? i : (await s.destroyAsync(r), null);
|
|
388
389
|
}
|
|
390
|
+
async function Fe(s, e) {
|
|
391
|
+
const n = await E(e, s.configurationName);
|
|
392
|
+
if (n) {
|
|
393
|
+
const t = await s.initAsync(e.authority, e.authority_configuration), { tokens: o } = await n.initAsync(t, "tryKeepExistingSessionAsync", e);
|
|
394
|
+
return o;
|
|
395
|
+
} else {
|
|
396
|
+
const t = I(s.configurationName, e.storage ?? sessionStorage), { tokens: o } = await t.initAsync();
|
|
397
|
+
return o;
|
|
398
|
+
}
|
|
399
|
+
}
|
|
389
400
|
async function me(s, e, n = !1, t = null) {
|
|
390
401
|
const o = s.configuration, i = `${o.client_id}_${s.configurationName}_${o.authority}`;
|
|
391
|
-
let r
|
|
402
|
+
let r;
|
|
392
403
|
const c = await E(s.configuration, s.configurationName);
|
|
393
|
-
|
|
394
|
-
r = await ue(s, e, n, t);
|
|
395
|
-
else {
|
|
396
|
-
const a = new AbortController(), u = Math.max(o.token_request_timeout ?? 0, o.silent_login_timeout ?? 0, 2e4), f = W.setTimeout(() => {
|
|
397
|
-
a.abort();
|
|
398
|
-
}, u);
|
|
399
|
-
r = await navigator.locks.request(i, { signal: a.signal }, async () => {
|
|
400
|
-
const d = await ue(s, e, n, t);
|
|
401
|
-
return W.clearTimeout(f), d;
|
|
402
|
-
});
|
|
403
|
-
}
|
|
404
|
-
return r ? (s.timeoutId && (s.timeoutId = M(s, r.refreshToken, s.tokens.expiresAt, t)), s.tokens) : null;
|
|
404
|
+
return (o == null ? void 0 : o.storage) === (window == null ? void 0 : window.sessionStorage) && !c ? r = await ue(s, e, n, t) : r = await navigator.locks.request(i, { ifAvailable: !0 }, async (a) => a ? await ue(s, e, n, t) : (s.publishEvent(R.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), await Fe(s, o))), r ? (s.timeoutId && (s.timeoutId = K(s, r.refreshToken, s.tokens.expiresAt, t)), s.tokens) : null;
|
|
405
405
|
}
|
|
406
|
-
const
|
|
406
|
+
const K = (s, e, n, t = null) => {
|
|
407
407
|
const o = s.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
408
|
-
return
|
|
408
|
+
return M.setTimeout(async () => {
|
|
409
409
|
const r = { timeLeft: V(o, n) };
|
|
410
|
-
s.publishEvent(
|
|
410
|
+
s.publishEvent(R.eventNames.token_timer, r), await me(s, e, !1, t);
|
|
411
411
|
}, 1e3);
|
|
412
412
|
}, te = (s, e, n) => (t = null, o = null, i = null) => {
|
|
413
413
|
if (!e.silent_redirect_uri || !e.silent_login_uri)
|
|
@@ -424,12 +424,12 @@ const M = (s, e, n, t = null) => {
|
|
|
424
424
|
let h = !1;
|
|
425
425
|
window.onmessage = (_) => {
|
|
426
426
|
if (_.origin === u && _.source === f.contentWindow) {
|
|
427
|
-
const g = `${s}_oidc_tokens:`, w = `${s}_oidc_error:`,
|
|
428
|
-
if (
|
|
429
|
-
if (
|
|
427
|
+
const g = `${s}_oidc_tokens:`, w = `${s}_oidc_error:`, v = _.data;
|
|
428
|
+
if (v && typeof v == "string" && !h) {
|
|
429
|
+
if (v.startsWith(g)) {
|
|
430
430
|
const T = JSON.parse(_.data.replace(g, ""));
|
|
431
431
|
n(m.silentLoginAsync_end, {}), f.remove(), h = !0, d(T);
|
|
432
|
-
} else if (
|
|
432
|
+
} else if (v.startsWith(w)) {
|
|
433
433
|
const T = JSON.parse(_.data.replace(w, ""));
|
|
434
434
|
n(m.silentLoginAsync_error, T), f.remove(), h = !0, l(new Error("oidc_" + T.error));
|
|
435
435
|
}
|
|
@@ -447,11 +447,11 @@ const M = (s, e, n, t = null) => {
|
|
|
447
447
|
} catch (r) {
|
|
448
448
|
throw n(m.silentLoginAsync_error, r), r;
|
|
449
449
|
}
|
|
450
|
-
},
|
|
450
|
+
}, Ue = (s, e, n, t, o) => (i = null, r = void 0) => {
|
|
451
451
|
i = { ...i };
|
|
452
452
|
const c = (u, f, d) => te(e, n, t.bind(o))(u, f, d);
|
|
453
453
|
return (async () => {
|
|
454
|
-
o.timeoutId &&
|
|
454
|
+
o.timeoutId && M.clearTimeout(o.timeoutId);
|
|
455
455
|
let u;
|
|
456
456
|
i && "state" in i && (u = i.state, delete i.state);
|
|
457
457
|
try {
|
|
@@ -460,12 +460,12 @@ const M = (s, e, n, t = null) => {
|
|
|
460
460
|
prompt: "none"
|
|
461
461
|
}, u, r);
|
|
462
462
|
if (d)
|
|
463
|
-
return o.tokens = d.tokens, t(m.token_aquired, {}), o.timeoutId =
|
|
463
|
+
return o.tokens = d.tokens, t(m.token_aquired, {}), o.timeoutId = K(o, o.tokens.refreshToken, o.tokens.expiresAt, i), {};
|
|
464
464
|
} catch (f) {
|
|
465
465
|
return f;
|
|
466
466
|
}
|
|
467
467
|
})();
|
|
468
|
-
},
|
|
468
|
+
}, Ve = (s, e, n) => (t, o, i, r = !1) => {
|
|
469
469
|
const c = (a, u = void 0, f = void 0) => te(s.configurationName, n, s.publishEvent.bind(s))(a, u, f);
|
|
470
470
|
return new Promise((a, u) => {
|
|
471
471
|
if (n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && t && i && !r) {
|
|
@@ -501,20 +501,20 @@ const M = (s, e, n, t = null) => {
|
|
|
501
501
|
a(null);
|
|
502
502
|
});
|
|
503
503
|
};
|
|
504
|
-
var
|
|
504
|
+
var Ke = qe, C = [], de = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
|
505
505
|
for (var B = 0, Me = de.length; B < Me; ++B)
|
|
506
506
|
C[B] = de[B];
|
|
507
|
-
function
|
|
507
|
+
function Je(s) {
|
|
508
508
|
return C[s >> 18 & 63] + C[s >> 12 & 63] + C[s >> 6 & 63] + C[s & 63];
|
|
509
509
|
}
|
|
510
|
-
function
|
|
510
|
+
function Be(s, e, n) {
|
|
511
511
|
for (var t, o = [], i = e; i < n; i += 3)
|
|
512
|
-
t = (s[i] << 16 & 16711680) + (s[i + 1] << 8 & 65280) + (s[i + 2] & 255), o.push(
|
|
512
|
+
t = (s[i] << 16 & 16711680) + (s[i + 1] << 8 & 65280) + (s[i + 2] & 255), o.push(Je(t));
|
|
513
513
|
return o.join("");
|
|
514
514
|
}
|
|
515
|
-
function
|
|
515
|
+
function qe(s) {
|
|
516
516
|
for (var e, n = s.length, t = n % 3, o = [], i = 16383, r = 0, c = n - t; r < c; r += i)
|
|
517
|
-
o.push(
|
|
517
|
+
o.push(Be(s, r, r + i > c ? c : r + i));
|
|
518
518
|
return t === 1 ? (e = s[n - 1], o.push(
|
|
519
519
|
C[e >> 2] + C[e << 4 & 63] + "=="
|
|
520
520
|
)) : t === 2 && (e = (s[n - 2] << 8) + s[n - 1], o.push(
|
|
@@ -524,23 +524,23 @@ function Be(s) {
|
|
|
524
524
|
const pe = () => {
|
|
525
525
|
const s = typeof window < "u" && !!window.crypto, e = s && !!window.crypto.subtle;
|
|
526
526
|
return { hasCrypto: s, hasSubtleCrypto: e };
|
|
527
|
-
}, Q = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
|
|
527
|
+
}, Q = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", je = (s) => {
|
|
528
528
|
const e = [];
|
|
529
529
|
for (let n = 0; n < s.byteLength; n += 1) {
|
|
530
530
|
const t = s[n] % Q.length;
|
|
531
531
|
e.push(Q[t]);
|
|
532
532
|
}
|
|
533
533
|
return e.join("");
|
|
534
|
-
},
|
|
534
|
+
}, He = (s) => Ke(new Uint8Array(s)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, ""), Z = (s) => {
|
|
535
535
|
const e = new Uint8Array(s), { hasCrypto: n } = pe();
|
|
536
536
|
if (n)
|
|
537
537
|
window.crypto.getRandomValues(e);
|
|
538
538
|
else
|
|
539
539
|
for (let t = 0; t < s; t += 1)
|
|
540
540
|
e[t] = Math.random() * Q.length | 0;
|
|
541
|
-
return
|
|
541
|
+
return je(e);
|
|
542
542
|
};
|
|
543
|
-
function
|
|
543
|
+
function Ge(s) {
|
|
544
544
|
const e = new ArrayBuffer(s.length), n = new Uint8Array(e);
|
|
545
545
|
for (let t = 0; t < s.length; t++)
|
|
546
546
|
n[t] = s.charCodeAt(t);
|
|
@@ -548,34 +548,34 @@ function He(s) {
|
|
|
548
548
|
}
|
|
549
549
|
function we(s) {
|
|
550
550
|
return new Promise((e, n) => {
|
|
551
|
-
crypto.subtle.digest("SHA-256",
|
|
551
|
+
crypto.subtle.digest("SHA-256", Ge(s)).then((t) => e(He(new Uint8Array(t))), (t) => n(t));
|
|
552
552
|
});
|
|
553
553
|
}
|
|
554
|
-
const
|
|
554
|
+
const Xe = (s) => {
|
|
555
555
|
if (s.length < 43 || s.length > 128)
|
|
556
556
|
return Promise.reject(new Error("Invalid code length."));
|
|
557
557
|
const { hasSubtleCrypto: e } = pe();
|
|
558
558
|
return e ? we(s) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
|
|
559
|
-
},
|
|
560
|
-
if (
|
|
559
|
+
}, D = {}, Ye = (s, e = window.sessionStorage, n) => {
|
|
560
|
+
if (!D[s] && e) {
|
|
561
561
|
const o = e.getItem(s);
|
|
562
|
-
o && (
|
|
562
|
+
o && (D[s] = JSON.parse(o));
|
|
563
563
|
}
|
|
564
564
|
const t = 1e3 * n;
|
|
565
|
-
return
|
|
566
|
-
},
|
|
565
|
+
return D[s] && D[s].timestamp + t > Date.now() ? D[s].result : null;
|
|
566
|
+
}, ze = (s, e, n = window.sessionStorage) => {
|
|
567
567
|
const t = Date.now();
|
|
568
|
-
|
|
569
|
-
},
|
|
570
|
-
const i = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, c =
|
|
568
|
+
D[s] = { result: e, timestamp: t }, n && n.setItem(s, JSON.stringify({ result: e, timestamp: t }));
|
|
569
|
+
}, Qe = 60 * 60, Ze = (s) => async (e, n = Qe, t = window.sessionStorage, o = 1e4) => {
|
|
570
|
+
const i = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, c = Ye(r, t, n);
|
|
571
571
|
if (c)
|
|
572
572
|
return new se(c);
|
|
573
|
-
const a = await
|
|
573
|
+
const a = await J(s)(i, {}, o);
|
|
574
574
|
if (a.status !== 200)
|
|
575
575
|
return null;
|
|
576
576
|
const u = await a.json();
|
|
577
|
-
return
|
|
578
|
-
},
|
|
577
|
+
return ze(r, u, t), new se(u);
|
|
578
|
+
}, J = (s) => async (e, n = {}, t = 1e4, o = 0) => {
|
|
579
579
|
let i;
|
|
580
580
|
try {
|
|
581
581
|
const r = new AbortController();
|
|
@@ -583,7 +583,7 @@ const Ge = (s) => {
|
|
|
583
583
|
} catch (r) {
|
|
584
584
|
if (r.name === "AbortError" || r.message === "Network request failed") {
|
|
585
585
|
if (o <= 1)
|
|
586
|
-
return await
|
|
586
|
+
return await J(s)(e, n, t, o + 1);
|
|
587
587
|
throw r;
|
|
588
588
|
} else
|
|
589
589
|
throw console.error(r.message), r;
|
|
@@ -603,7 +603,7 @@ const Ge = (s) => {
|
|
|
603
603
|
c.push(`${d}=${l}`);
|
|
604
604
|
}
|
|
605
605
|
const a = c.join("&");
|
|
606
|
-
return (await
|
|
606
|
+
return (await J(s)(e, {
|
|
607
607
|
method: "POST",
|
|
608
608
|
headers: {
|
|
609
609
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
|
|
@@ -612,7 +612,7 @@ const Ge = (s) => {
|
|
|
612
612
|
}, i)).status !== 200 ? { success: !1 } : {
|
|
613
613
|
success: !0
|
|
614
614
|
};
|
|
615
|
-
},
|
|
615
|
+
}, es = (s) => async (e, n, t, o, i = {}, r, c = 1e4) => {
|
|
616
616
|
for (const [h, y] of Object.entries(t))
|
|
617
617
|
n[h] === void 0 && (n[h] = y);
|
|
618
618
|
const a = [];
|
|
@@ -620,7 +620,7 @@ const Ge = (s) => {
|
|
|
620
620
|
const y = encodeURIComponent(h), _ = encodeURIComponent(n[h]);
|
|
621
621
|
a.push(`${y}=${_}`);
|
|
622
622
|
}
|
|
623
|
-
const u = a.join("&"), f = await
|
|
623
|
+
const u = a.join("&"), f = await J(s)(e, {
|
|
624
624
|
method: "POST",
|
|
625
625
|
headers: {
|
|
626
626
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
@@ -637,23 +637,23 @@ const Ge = (s) => {
|
|
|
637
637
|
data: ne(d, o, r),
|
|
638
638
|
demonstratingProofOfPossessionNonce: l
|
|
639
639
|
};
|
|
640
|
-
},
|
|
640
|
+
}, ss = (s, e) => async (n, t) => {
|
|
641
641
|
t = t ? { ...t } : {};
|
|
642
|
-
const o = Z(128), i = await
|
|
642
|
+
const o = Z(128), i = await Xe(o);
|
|
643
643
|
await s.setCodeVerifierAsync(o), await s.setStateAsync(t.state), t.code_challenge = i, t.code_challenge_method = "S256";
|
|
644
644
|
let r = "";
|
|
645
645
|
if (t)
|
|
646
646
|
for (const [c, a] of Object.entries(t))
|
|
647
647
|
r === "" ? r += "?" : r += "&", r += `${c}=${encodeURIComponent(a)}`;
|
|
648
648
|
e.open(`${n}${r}`);
|
|
649
|
-
}, j = "DPoP-Nonce",
|
|
649
|
+
}, j = "DPoP-Nonce", ns = (s) => async (e, n, t, o, i = 1e4) => {
|
|
650
650
|
n = n ? { ...n } : {}, n.code_verifier = await s.getCodeVerifierAsync();
|
|
651
651
|
const r = [];
|
|
652
652
|
for (const d in n) {
|
|
653
653
|
const l = encodeURIComponent(d), h = encodeURIComponent(n[d]);
|
|
654
654
|
r.push(`${l}=${h}`);
|
|
655
655
|
}
|
|
656
|
-
const c = r.join("&"), a = await
|
|
656
|
+
const c = r.join("&"), a = await J(fetch)(e, {
|
|
657
657
|
method: "POST",
|
|
658
658
|
headers: {
|
|
659
659
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
@@ -696,7 +696,7 @@ const Ge = (s) => {
|
|
|
696
696
|
search: n,
|
|
697
697
|
hash: t
|
|
698
698
|
};
|
|
699
|
-
},
|
|
699
|
+
}, vs = (s) => {
|
|
700
700
|
const e = Ae(s);
|
|
701
701
|
let { path: n } = e;
|
|
702
702
|
n.endsWith("/") && (n = n.slice(0, -1));
|
|
@@ -704,8 +704,8 @@ const Ge = (s) => {
|
|
|
704
704
|
return t === "#_=_" && (t = ""), t && (n += t), n;
|
|
705
705
|
}, H = (s) => {
|
|
706
706
|
const e = Ae(s), { search: n } = e;
|
|
707
|
-
return
|
|
708
|
-
},
|
|
707
|
+
return ts(n);
|
|
708
|
+
}, ts = (s) => {
|
|
709
709
|
const e = {};
|
|
710
710
|
let n, t, o;
|
|
711
711
|
const i = s.split("&");
|
|
@@ -713,13 +713,13 @@ const Ge = (s) => {
|
|
|
713
713
|
n = i[t].split("="), e[decodeURIComponent(n[0])] = decodeURIComponent(n[1]);
|
|
714
714
|
return e;
|
|
715
715
|
};
|
|
716
|
-
function
|
|
716
|
+
function ve(s) {
|
|
717
717
|
return new TextEncoder().encode(s);
|
|
718
718
|
}
|
|
719
|
-
function
|
|
719
|
+
function Se(s) {
|
|
720
720
|
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
|
|
721
721
|
}
|
|
722
|
-
function
|
|
722
|
+
function os(s) {
|
|
723
723
|
return encodeURIComponent(s).replace(/%([0-9A-F]{2})/g, function(t, o) {
|
|
724
724
|
return String.fromCharCode(parseInt(o, 16));
|
|
725
725
|
});
|
|
@@ -728,10 +728,10 @@ function Te(s) {
|
|
|
728
728
|
let e = "";
|
|
729
729
|
return s.forEach(function(n) {
|
|
730
730
|
e += String.fromCharCode(n);
|
|
731
|
-
}),
|
|
731
|
+
}), Se(e);
|
|
732
732
|
}
|
|
733
733
|
function he(s) {
|
|
734
|
-
return
|
|
734
|
+
return Se(os(s));
|
|
735
735
|
}
|
|
736
736
|
var be = {};
|
|
737
737
|
be.sign = (s, e, n, t = "dpop+jwt") => {
|
|
@@ -749,7 +749,7 @@ be.sign = (s, e, n, t = "dpop+jwt") => {
|
|
|
749
749
|
hash: { name: "ES256" }
|
|
750
750
|
}, r = !0, c = ["sign"];
|
|
751
751
|
return window.crypto.subtle.importKey("jwk", s, i, r, c).then(function(a) {
|
|
752
|
-
const u =
|
|
752
|
+
const u = ve(o.protected + "." + o.payload), f = { name: "ECDSA", hash: { name: "SHA-256" } };
|
|
753
753
|
return window.crypto.subtle.sign(f, a, u).then(function(d) {
|
|
754
754
|
return o.signature = Te(new Uint8Array(d)), o.protected + "." + o.payload + "." + o.signature;
|
|
755
755
|
});
|
|
@@ -772,22 +772,22 @@ oe.neuter = function(s) {
|
|
|
772
772
|
var Pe = {};
|
|
773
773
|
Pe.thumbprint = function(s) {
|
|
774
774
|
const e = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", s.crv).replace("X", s.x).replace("Y", s.y);
|
|
775
|
-
return window.crypto.subtle.digest({ name: "SHA-256" },
|
|
775
|
+
return window.crypto.subtle.digest({ name: "SHA-256" }, ve(e)).then(function(n) {
|
|
776
776
|
return Te(new Uint8Array(n));
|
|
777
777
|
});
|
|
778
778
|
};
|
|
779
|
-
const
|
|
779
|
+
const is = function() {
|
|
780
780
|
const s = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", e = "0123456789abcdef";
|
|
781
781
|
let n = 0, t = "";
|
|
782
782
|
for (let o = 0; o < 36; o++)
|
|
783
783
|
s[o] !== "-" && s[o] !== "4" && (n = Math.random() * 16 | 0), s[o] === "x" ? t += e[n] : s[o] === "y" ? (n &= 3, n |= 8, t += e[n]) : t += s[o];
|
|
784
784
|
return t;
|
|
785
|
-
},
|
|
785
|
+
}, rs = () => oe.generate().then(function(s) {
|
|
786
786
|
return s;
|
|
787
787
|
}), Oe = (s, e = "POST", n, t = {}) => {
|
|
788
788
|
const o = {
|
|
789
789
|
// https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
|
|
790
|
-
jit: btoa(
|
|
790
|
+
jit: btoa(is()),
|
|
791
791
|
htm: e,
|
|
792
792
|
htu: n,
|
|
793
793
|
iat: Math.round(Date.now() / 1e3),
|
|
@@ -800,7 +800,7 @@ const os = function() {
|
|
|
800
800
|
return r;
|
|
801
801
|
});
|
|
802
802
|
});
|
|
803
|
-
},
|
|
803
|
+
}, as = (s, e, n, t, o) => (i = void 0, r = null, c = !1, a = void 0) => {
|
|
804
804
|
const u = r;
|
|
805
805
|
return r = { ...r }, (async () => {
|
|
806
806
|
const d = i || o.getPath();
|
|
@@ -820,19 +820,19 @@ const os = function() {
|
|
|
820
820
|
const T = I(s, e.storage ?? sessionStorage);
|
|
821
821
|
T.setLoginParams({ callbackPath: d, extras: u }), await T.setNonceAsync(y), w = T;
|
|
822
822
|
}
|
|
823
|
-
const
|
|
823
|
+
const v = {
|
|
824
824
|
client_id: e.client_id,
|
|
825
825
|
redirect_uri: l,
|
|
826
826
|
scope: a,
|
|
827
827
|
response_type: "code",
|
|
828
828
|
...h
|
|
829
829
|
};
|
|
830
|
-
await
|
|
830
|
+
await ss(w, o)(g.authorizationEndpoint, v);
|
|
831
831
|
} catch (l) {
|
|
832
832
|
throw n(m.loginAsync_error, l), l;
|
|
833
833
|
}
|
|
834
834
|
})();
|
|
835
|
-
},
|
|
835
|
+
}, cs = (s) => async (e = !1) => {
|
|
836
836
|
try {
|
|
837
837
|
s.publishEvent(m.loginCallbackAsync_begin, {});
|
|
838
838
|
const n = s.configuration, t = n.client_id, o = e ? n.silent_redirect_uri : n.redirect_uri, i = n.authority, r = n.token_request_timeout, c = await s.initAsync(i, n.authority_configuration), a = s.location.getCurrentHref(), f = H(a).session_state, d = await E(n, s.configurationName);
|
|
@@ -840,8 +840,8 @@ const os = function() {
|
|
|
840
840
|
if (d)
|
|
841
841
|
await d.initAsync(c, "loginCallbackAsync", n), await d.setSessionStateAsync(f), h = await d.getNonceAsync(), y = d.getLoginParams(), _ = await d.getStateAsync(), d.startKeepAliveServiceWorker(), l = d;
|
|
842
842
|
else {
|
|
843
|
-
const
|
|
844
|
-
await
|
|
843
|
+
const S = I(s.configurationName, n.storage ?? sessionStorage);
|
|
844
|
+
await S.setSessionStateAsync(f), h = await S.getNonceAsync(), y = S.getLoginParams(), _ = await S.getStateAsync(), l = S;
|
|
845
845
|
}
|
|
846
846
|
const g = H(a);
|
|
847
847
|
if (g.iss && g.iss !== c.issuer)
|
|
@@ -853,21 +853,21 @@ const os = function() {
|
|
|
853
853
|
grant_type: "authorization_code",
|
|
854
854
|
client_id: n.client_id,
|
|
855
855
|
redirect_uri: o
|
|
856
|
-
},
|
|
856
|
+
}, v = {};
|
|
857
857
|
if (n.token_request_extras)
|
|
858
|
-
for (const [
|
|
859
|
-
S
|
|
858
|
+
for (const [S, W] of Object.entries(n.token_request_extras))
|
|
859
|
+
v[S] = W;
|
|
860
860
|
if (y && y.extras)
|
|
861
|
-
for (const [
|
|
862
|
-
|
|
861
|
+
for (const [S, W] of Object.entries(y.extras))
|
|
862
|
+
S.endsWith(":token_request") && (v[S.replace(":token_request", "")] = W);
|
|
863
863
|
const T = c.tokenEndpoint, F = {};
|
|
864
864
|
if (n.demonstrating_proof_of_possession) {
|
|
865
|
-
const
|
|
866
|
-
d ? await d.setDemonstratingProofOfPossessionJwkAsync(
|
|
865
|
+
const S = await rs();
|
|
866
|
+
d ? await d.setDemonstratingProofOfPossessionJwkAsync(S) : await I(s.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(S), F.DPoP = await Oe(S, "POST", T);
|
|
867
867
|
}
|
|
868
|
-
const p = await
|
|
868
|
+
const p = await ns(l)(
|
|
869
869
|
T,
|
|
870
|
-
{ ...w, ...
|
|
870
|
+
{ ...w, ...v },
|
|
871
871
|
F,
|
|
872
872
|
s.configuration.token_renew_mode,
|
|
873
873
|
r
|
|
@@ -876,7 +876,7 @@ const os = function() {
|
|
|
876
876
|
throw new Error("Token request failed");
|
|
877
877
|
let k;
|
|
878
878
|
const A = p.data.tokens, O = p.data.demonstratingProofOfPossessionNonce;
|
|
879
|
-
if (p.data.state !==
|
|
879
|
+
if (p.data.state !== v.state)
|
|
880
880
|
throw new Error("state is not valid");
|
|
881
881
|
const { isValid: x, reason: P } = ge(A, h.nonce, c);
|
|
882
882
|
if (!x)
|
|
@@ -890,8 +890,8 @@ const os = function() {
|
|
|
890
890
|
if (d)
|
|
891
891
|
await d.initAsync(o, "syncTokensAsync", n), k = d.getLoginParams(), O && await d.setDemonstratingProofOfPossessionNonce(O);
|
|
892
892
|
else {
|
|
893
|
-
const
|
|
894
|
-
k =
|
|
893
|
+
const S = I(s.configurationName, n.storage);
|
|
894
|
+
k = S.getLoginParams(), O && await S.setDemonstratingProofOfPossessionNonce(O);
|
|
895
895
|
}
|
|
896
896
|
return await s.startCheckSessionAsync(c.checkSessionIframe, t, f, e), s.publishEvent(m.loginCallbackAsync_end, {}), {
|
|
897
897
|
tokens: A,
|
|
@@ -904,11 +904,11 @@ const os = function() {
|
|
|
904
904
|
}, _e = {
|
|
905
905
|
access_token: "access_token",
|
|
906
906
|
refresh_token: "refresh_token"
|
|
907
|
-
},
|
|
908
|
-
|
|
907
|
+
}, ls = (s) => async (e) => {
|
|
908
|
+
M.clearTimeout(s.timeoutId), s.timeoutId = null, s.checkSessionIFrame && s.checkSessionIFrame.stop();
|
|
909
909
|
const n = await E(s.configuration, s.configurationName);
|
|
910
910
|
n ? await n.clearAsync(e) : await I(s.configurationName, s.configuration.storage).clearAsync(e), s.tokens = null, s.userInfo = null;
|
|
911
|
-
},
|
|
911
|
+
}, us = (s, e, n, t, o) => async (i = void 0, r = null) => {
|
|
912
912
|
const c = s.configuration, a = await s.initAsync(c.authority, c.authority_configuration);
|
|
913
913
|
i && typeof i != "string" && (i = void 0, t.warn("callbackPathOrUrl path is not a string"));
|
|
914
914
|
const u = i ?? o.getPath();
|
|
@@ -920,13 +920,13 @@ const os = function() {
|
|
|
920
920
|
if (y) {
|
|
921
921
|
const _ = [], g = s.tokens ? s.tokens.accessToken : null;
|
|
922
922
|
if (g && c.logout_tokens_to_invalidate.includes(_e.access_token)) {
|
|
923
|
-
const
|
|
924
|
-
_.push(
|
|
923
|
+
const v = fe(n)(y, g, ee.access_token, c.client_id);
|
|
924
|
+
_.push(v);
|
|
925
925
|
}
|
|
926
926
|
const w = s.tokens ? s.tokens.refreshToken : null;
|
|
927
927
|
if (w && c.logout_tokens_to_invalidate.includes(_e.refresh_token)) {
|
|
928
|
-
const
|
|
929
|
-
_.push(
|
|
928
|
+
const v = fe(n)(y, w, ee.refresh_token, c.client_id);
|
|
929
|
+
_.push(v);
|
|
930
930
|
}
|
|
931
931
|
_.length > 0 && await Promise.all(_);
|
|
932
932
|
}
|
|
@@ -948,11 +948,11 @@ const os = function() {
|
|
|
948
948
|
o.open(`${a.endSessionEndpoint}${y}`);
|
|
949
949
|
} else
|
|
950
950
|
o.reload();
|
|
951
|
-
},
|
|
951
|
+
}, ds = (s) => async (e = !1) => {
|
|
952
952
|
if (s.userInfo != null && !e)
|
|
953
953
|
return s.userInfo;
|
|
954
954
|
for (; s.tokens && !z(s.tokens); )
|
|
955
|
-
await
|
|
955
|
+
await $({ milliseconds: 200 });
|
|
956
956
|
if (!s.tokens)
|
|
957
957
|
return null;
|
|
958
958
|
const n = s.tokens.accessToken;
|
|
@@ -986,7 +986,7 @@ class G {
|
|
|
986
986
|
return window.origin;
|
|
987
987
|
}
|
|
988
988
|
}
|
|
989
|
-
const
|
|
989
|
+
const fs = (s) => !!(s.os === "iOS" && s.osVersion.startsWith("12") || s.os === "Mac OS X" && s.osVersion.startsWith("10_15_6")), hs = (s) => {
|
|
990
990
|
const e = s.appVersion, n = s.userAgent, t = "-";
|
|
991
991
|
let o = t;
|
|
992
992
|
const i = [
|
|
@@ -1043,7 +1043,7 @@ const ds = (s) => !!(s.os === "iOS" && s.osVersion.startsWith("12") || s.os ===
|
|
|
1043
1043
|
osVersion: r
|
|
1044
1044
|
};
|
|
1045
1045
|
};
|
|
1046
|
-
function
|
|
1046
|
+
function _s() {
|
|
1047
1047
|
const s = navigator.userAgent;
|
|
1048
1048
|
let e, n = s.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
|
|
1049
1049
|
if (/trident/i.test(n[1]))
|
|
@@ -1061,22 +1061,22 @@ function hs() {
|
|
|
1061
1061
|
version: n[1]
|
|
1062
1062
|
};
|
|
1063
1063
|
}
|
|
1064
|
-
const
|
|
1065
|
-
const { name: s, version: e } =
|
|
1064
|
+
const ys = () => {
|
|
1065
|
+
const { name: s, version: e } = _s();
|
|
1066
1066
|
if (s === "chrome" && parseInt(e) <= 70 || s === "opera" && (!e || parseInt(e.split(".")[0]) < 80) || s === "ie")
|
|
1067
1067
|
return !1;
|
|
1068
|
-
const n =
|
|
1069
|
-
return !
|
|
1070
|
-
},
|
|
1068
|
+
const n = hs(navigator);
|
|
1069
|
+
return !fs(n);
|
|
1070
|
+
}, gs = () => fetch;
|
|
1071
1071
|
class se {
|
|
1072
1072
|
constructor(e) {
|
|
1073
1073
|
this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
|
|
1074
1074
|
}
|
|
1075
1075
|
}
|
|
1076
|
-
const N = {},
|
|
1076
|
+
const N = {}, ks = (s, e = new G()) => (n, t = "default") => (N[t] || (N[t] = new R(n, t, s, e)), N[t]), ms = async (s) => {
|
|
1077
1077
|
const { parsedTokens: e, callbackPath: n } = await s.loginCallbackAsync();
|
|
1078
|
-
return s.timeoutId =
|
|
1079
|
-
},
|
|
1078
|
+
return s.timeoutId = K(s, e.refreshToken, e.expiresAt), { callbackPath: n };
|
|
1079
|
+
}, ps = (s) => Math.floor(Math.random() * s), ie = class U {
|
|
1080
1080
|
constructor(e, n = "default", t, o = new G()) {
|
|
1081
1081
|
this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
|
|
1082
1082
|
let i = e.silent_login_uri;
|
|
@@ -1095,11 +1095,11 @@ const N = {}, gs = (s, e = new G()) => (n, t = "default") => (N[t] || (N[t] = ne
|
|
|
1095
1095
|
authority_timeout_wellknowurl_in_millisecond: e.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
|
|
1096
1096
|
logout_tokens_to_invalidate: e.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"],
|
|
1097
1097
|
service_worker_update_require_callback: c,
|
|
1098
|
-
service_worker_activate: e.service_worker_activate ??
|
|
1099
|
-
}, this.getFetch = t ??
|
|
1098
|
+
service_worker_activate: e.service_worker_activate ?? ys
|
|
1099
|
+
}, this.getFetch = t ?? gs, this.configurationName = n, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.synchroniseTokensAsync.bind(this), this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
|
|
1100
1100
|
}
|
|
1101
1101
|
subscribeEvents(e) {
|
|
1102
|
-
const n =
|
|
1102
|
+
const n = ps(9999999999999).toString();
|
|
1103
1103
|
return this.events.push({ id: n, func: e }), n;
|
|
1104
1104
|
}
|
|
1105
1105
|
removeEventSubscription(e) {
|
|
@@ -1152,7 +1152,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1152
1152
|
issuer: n.issuer
|
|
1153
1153
|
});
|
|
1154
1154
|
const i = await E(this.configuration, this.configurationName) ? window.localStorage : null;
|
|
1155
|
-
return await
|
|
1155
|
+
return await Ze(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60, i, this.configuration.authority_timeout_wellknowurl_in_millisecond);
|
|
1156
1156
|
};
|
|
1157
1157
|
return this.initPromise = t(), this.initPromise.then((o) => (this.initPromise = null, o));
|
|
1158
1158
|
}
|
|
@@ -1171,7 +1171,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1171
1171
|
if (i) {
|
|
1172
1172
|
n.startKeepAliveServiceWorker(), this.tokens = i;
|
|
1173
1173
|
const r = n.getLoginParams(this.configurationName);
|
|
1174
|
-
this.timeoutId =
|
|
1174
|
+
this.timeoutId = K(this, this.tokens.refreshToken, this.tokens.expiresAt, r.extras);
|
|
1175
1175
|
const c = await n.getSessionStateAsync();
|
|
1176
1176
|
return await this.startCheckSessionAsync(o.check_session_iframe, t.client_id, c), this.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1177
1177
|
success: !0,
|
|
@@ -1190,7 +1190,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1190
1190
|
if (r) {
|
|
1191
1191
|
this.tokens = ye(r, null, t.token_renew_mode);
|
|
1192
1192
|
const c = i.getLoginParams();
|
|
1193
|
-
this.timeoutId =
|
|
1193
|
+
this.timeoutId = K(this, r.refreshToken, this.tokens.expiresAt, c.extras);
|
|
1194
1194
|
const a = await i.getSessionStateAsync();
|
|
1195
1195
|
return await this.startCheckSessionAsync(o.check_session_iframe, t.client_id, a), this.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1196
1196
|
success: !0,
|
|
@@ -1209,26 +1209,26 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1209
1209
|
return this.tryKeepExistingSessionPromise = e(), this.tryKeepExistingSessionPromise.then((n) => (this.tryKeepExistingSessionPromise = null, n));
|
|
1210
1210
|
}
|
|
1211
1211
|
async startCheckSessionAsync(e, n, t, o = !1) {
|
|
1212
|
-
await
|
|
1212
|
+
await Ve(this, N, this.configuration)(e, n, t, o);
|
|
1213
1213
|
}
|
|
1214
1214
|
async loginAsync(e = void 0, n = null, t = !1, o = void 0, i = !1) {
|
|
1215
|
-
return this.loginPromise !== null ? this.loginPromise : i ?
|
|
1215
|
+
return this.loginPromise !== null ? this.loginPromise : i ? Ue(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(n, o) : (this.loginPromise = as(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, n, t, o), this.loginPromise.then((r) => (this.loginPromise = null, r)));
|
|
1216
1216
|
}
|
|
1217
1217
|
async loginCallbackAsync(e = !1) {
|
|
1218
1218
|
if (this.loginCallbackPromise !== null)
|
|
1219
1219
|
return this.loginCallbackPromise;
|
|
1220
1220
|
const n = async () => {
|
|
1221
|
-
const t = await
|
|
1221
|
+
const t = await cs(this)(e), o = t.tokens;
|
|
1222
1222
|
return this.tokens = o, await E(this.configuration, this.configurationName) || I(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(U.eventNames.token_aquired, o), { parsedTokens: o, state: t.state, callbackPath: t.callbackPath };
|
|
1223
1223
|
};
|
|
1224
1224
|
return this.loginCallbackPromise = n(), this.loginCallbackPromise.then((t) => (this.loginCallbackPromise = null, t));
|
|
1225
1225
|
}
|
|
1226
1226
|
async synchroniseTokensAsync(e, n = 0, t = !1, o = null, i) {
|
|
1227
1227
|
for (; !navigator.onLine && document.hidden; )
|
|
1228
|
-
await
|
|
1228
|
+
await $({ milliseconds: 1e3 }), this.publishEvent(m.refreshTokensAsync, { message: "wait because navigator is offline and hidden" });
|
|
1229
1229
|
let r = 6;
|
|
1230
1230
|
for (; !navigator.onLine && r > 0; )
|
|
1231
|
-
await
|
|
1231
|
+
await $({ milliseconds: 1e3 }), r--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
|
|
1232
1232
|
const a = document.hidden ? n : n + 1;
|
|
1233
1233
|
o || (o = {});
|
|
1234
1234
|
const u = this.configuration, f = (l, h, y = null) => te(this.configurationName, this.configuration, this.publishEvent.bind(this))(l, h, y), d = async () => {
|
|
@@ -1280,7 +1280,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1280
1280
|
refresh_token: h.refreshToken
|
|
1281
1281
|
}, k = await this.initAsync(w, u.authority_configuration), A = document.hidden ? 1e4 : 3e4 * 10, O = k.tokenEndpoint, x = {};
|
|
1282
1282
|
u.demonstrating_proof_of_possession && (x.DPoP = await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken, O, "POST"));
|
|
1283
|
-
const P = await
|
|
1283
|
+
const P = await es(this.getFetch())(
|
|
1284
1284
|
O,
|
|
1285
1285
|
p,
|
|
1286
1286
|
T,
|
|
@@ -1290,9 +1290,9 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1290
1290
|
A
|
|
1291
1291
|
);
|
|
1292
1292
|
if (P.success) {
|
|
1293
|
-
const { isValid:
|
|
1294
|
-
if (!
|
|
1295
|
-
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${
|
|
1293
|
+
const { isValid: S, reason: W } = ge(P.data, y.nonce, k);
|
|
1294
|
+
if (!S)
|
|
1295
|
+
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${W}` }), { tokens: null, status: "SESSION_LOST" };
|
|
1296
1296
|
if (i(P.data), P.demonstratingProofOfPossessionNonce) {
|
|
1297
1297
|
const re = await E(u, this.configurationName);
|
|
1298
1298
|
re ? await re.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce) : await I(this.configurationName, u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce);
|
|
@@ -1357,19 +1357,19 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1357
1357
|
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status: f, nonce: r };
|
|
1358
1358
|
}
|
|
1359
1359
|
loginCallbackWithAutoTokensRenewAsync() {
|
|
1360
|
-
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise =
|
|
1360
|
+
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = ms(this), this.loginCallbackWithAutoTokensRenewPromise.then((e) => (this.loginCallbackWithAutoTokensRenewPromise = null, e)));
|
|
1361
1361
|
}
|
|
1362
1362
|
userInfoAsync(e = !1) {
|
|
1363
|
-
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise =
|
|
1363
|
+
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = ds(this)(e), this.userInfoPromise.then((n) => (this.userInfoPromise = null, n)));
|
|
1364
1364
|
}
|
|
1365
1365
|
async renewTokensAsync(e = null) {
|
|
1366
1366
|
if (this.renewTokensPromise !== null)
|
|
1367
1367
|
return this.renewTokensPromise;
|
|
1368
1368
|
if (this.timeoutId)
|
|
1369
|
-
return
|
|
1369
|
+
return M.clearTimeout(this.timeoutId), this.renewTokensPromise = me(this, this.tokens.refreshToken, !0, e), this.renewTokensPromise.then((n) => (this.renewTokensPromise = null, n));
|
|
1370
1370
|
}
|
|
1371
1371
|
async destroyAsync(e) {
|
|
1372
|
-
return await
|
|
1372
|
+
return await ls(this)(e);
|
|
1373
1373
|
}
|
|
1374
1374
|
async logoutSameTabAsync(e, n) {
|
|
1375
1375
|
this.configuration.monitor_session && this.configuration.client_id === e && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (this.publishEvent(m.logout_from_same_tab, { message: n }), await this.destroyAsync("LOGGED_OUT"));
|
|
@@ -1378,13 +1378,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1378
1378
|
this.configuration.monitor_session && this.configuration.client_id === e && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_another_tab, { message: "SessionMonitor", sub: n }));
|
|
1379
1379
|
}
|
|
1380
1380
|
async logoutAsync(e = void 0, n = null) {
|
|
1381
|
-
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise =
|
|
1381
|
+
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = us(this, N, this.getFetch(), console, this.location)(e, n), this.logoutPromise.then((t) => (this.logoutPromise = null, t)));
|
|
1382
1382
|
}
|
|
1383
1383
|
};
|
|
1384
|
-
ie.getOrCreate = (s, e) => (n, t = "default") =>
|
|
1384
|
+
ie.getOrCreate = (s, e) => (n, t = "default") => ks(s, e)(n, t);
|
|
1385
1385
|
ie.eventNames = m;
|
|
1386
|
-
let
|
|
1387
|
-
const
|
|
1386
|
+
let R = ie;
|
|
1387
|
+
const ws = (s, e) => async (...n) => {
|
|
1388
1388
|
var l;
|
|
1389
1389
|
const [t, o, ...i] = n, r = o ? { ...o } : { method: "GET" };
|
|
1390
1390
|
let c = new Headers();
|
|
@@ -1414,7 +1414,7 @@ const ps = (s, e) => async (...n) => {
|
|
|
1414
1414
|
this._oidc.publishEvent(e, n);
|
|
1415
1415
|
}
|
|
1416
1416
|
static get(e = "default") {
|
|
1417
|
-
return new Ee(
|
|
1417
|
+
return new Ee(R.get(e));
|
|
1418
1418
|
}
|
|
1419
1419
|
tryKeepExistingSessionAsync() {
|
|
1420
1420
|
return this._oidc.tryKeepExistingSessionAsync();
|
|
@@ -1447,20 +1447,20 @@ const ps = (s, e) => async (...n) => {
|
|
|
1447
1447
|
return Le(this._oidc, e, n);
|
|
1448
1448
|
}
|
|
1449
1449
|
fetchWithTokens(e) {
|
|
1450
|
-
return
|
|
1450
|
+
return ws(e, this);
|
|
1451
1451
|
}
|
|
1452
1452
|
async userInfoAsync(e = !1) {
|
|
1453
1453
|
return this._oidc.userInfoAsync(e);
|
|
1454
1454
|
}
|
|
1455
1455
|
};
|
|
1456
|
-
X.getOrCreate = (s, e = new G()) => (n, t = "default") => new X(
|
|
1457
|
-
X.eventNames =
|
|
1456
|
+
X.getOrCreate = (s, e = new G()) => (n, t = "default") => new X(R.getOrCreate(s, e)(n, t));
|
|
1457
|
+
X.eventNames = R.eventNames;
|
|
1458
1458
|
let Ss = X;
|
|
1459
1459
|
export {
|
|
1460
1460
|
Ss as OidcClient,
|
|
1461
1461
|
G as OidcLocation,
|
|
1462
1462
|
Y as TokenRenewMode,
|
|
1463
|
-
|
|
1463
|
+
gs as getFetchDefault,
|
|
1464
1464
|
H as getParseQueryStringFromLocation,
|
|
1465
|
-
|
|
1465
|
+
vs as getPath
|
|
1466
1466
|
};
|
package/dist/index.umd.cjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(C,H){typeof exports=="object"&&typeof module<"u"?H(exports):typeof define=="function"&&define.amd?define(["exports"],H):(C=typeof globalThis<"u"?globalThis:C||self,H(C["oidc-client"]={}))})(this,function(C){"use strict";const D=console;class Ne{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(D.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(D.debug(e),D.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):D.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){D.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(D.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},E=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${n}`]),f=async()=>({nonce:e[`oidc.nonce.${n}`]}),d=async p=>{e[`oidc.dpop_nonce.${n}`]=p},l=()=>e[`oidc.dpop_nonce.${n}`],h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},We=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=n=>JSON.parse(We(n.split(".")[1].replace("-","+").replace("_","/"))),ce=n=>{try{return n&&De(n,".")===2?Le(n):null}catch(e){console.warn(e)}return null},De=(n,e)=>n.split(e).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function $e(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const le=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=ce(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:ce(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=$e(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===G.access_token_invalid?a=c:s===G.id_token_invalid?a=r:a=r<c?r:c;const u={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},Z=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),le(t,e,s)},U=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ee=n=>n?U(0,n.expiresAt)>0:!1,Re=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ee(n.tokens)&&t>0;)await $({milliseconds:e}),t=t-1;return{isTokensValid:ee(n.tokens),tokens:n.tokens,numberWaited:t-s}},ue=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},L=function(){const n=function(){let a,u;const f=(function(){const l={},h={setTimeout:function(_,g,w){l[g]=setTimeout(function(){_.postMessage(g),l[g]=null},w)},setInterval:function(_,g,w){l[g]=setInterval(function(){_.postMessage(g)},w)},clearTimeout:function(_,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(_,g){clearInterval(l[g]),l[g]=null}};function y(_,g){const w=g.data[0],S=g.data[1],T=g.data[2];h[w]&&h[w](_,S,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const u=a.data,f=s[u];if(f){f(),s[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return n.postMessage(["setTimeout",f,u]),s[f]=a,f}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,u){const f=e();return n.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.13.7";let fe=null,X;const $=({milliseconds:n})=>new Promise(e=>L.setTimeout(e,n)),he=(n="/")=>{try{X=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),$({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},Fe=()=>{X&&X.abort()},Ue=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Ve=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await $({milliseconds:2e3}),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),I=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;let t=null;n.register?t=await n.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,O)=>{const W=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:O.token_renew_mode,service_worker_convert_all_requests_to_cors:O.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=W.version;return P!==de&&(console.warn(`Service worker ${P} version mismatch with js client version ${de}, unregistering and reloading`),await O.service_worker_update_require_callback(t,Fe)),{tokens:Z(W.tokens,null,O.token_renew_mode),status:W.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ue(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(n,e,s,t){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);return await I(n.configuration,n.configurationName)||await E(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?i:(await n.destroyAsync(r),null)}async function ye(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`;let r=null;const c=await I(n.configuration,n.configurationName);if((o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!c)r=await _e(n,e,s,t);else{const a=new AbortController,u=Math.max(o.token_request_timeout??0,o.silent_login_timeout??0,2e4),f=L.setTimeout(()=>{a.abort()},u);r=await navigator.locks.request(i,{signal:a.signal},async()=>{const d=await _e(n,e,s,t);return L.clearTimeout(f),d})}return r?(n.timeoutId&&(n.timeoutId=V(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const V=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return L.setTimeout(async()=>{const r={timeLeft:U(o,s)};n.publishEvent(B.eventNames.token_timer,r),await ye(n,e,!1,t)},1e3)},ne=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${n}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===u&&_.source===f.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,S=_.data;if(S&&typeof S=="string"&&!h){if(S.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));s(m.silentLoginAsync_end,{}),f.remove(),h=!0,d(T)}else if(S.startsWith(w)){const T=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),h=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),h=!0,l(new Error("timeout")))},y)}catch(h){f.remove(),s(m.silentLoginAsync_error,h),l(h)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Me=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>ne(e,s,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&L.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=V(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Ke=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>ne(n.configurationName,s,n.publishEvent.bind(n))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{n.checkSessionIFrame.stop();const d=n.tokens;if(d===null)return;const l=d.idToken,h=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:s.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,h.sub)})};n.checkSessionIFrame=new Ne(f,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Je=He,x=[],ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Y=0,Be=ge.length;Y<Be;++Y)x[Y]=ge[Y];function je(n){return x[n>>18&63]+x[n>>12&63]+x[n>>6&63]+x[n&63]}function qe(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(je(t));return o.join("")}function He(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(qe(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(x[e>>2]+x[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(x[e>>10]+x[e>>4&63]+x[e<<2&63]+"=")),o.join("")}const ke=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ge=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%se.length;e.push(se[t])}return e.join("")},Xe=n=>Je(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),te=n=>{const e=new Uint8Array(n),{hasCrypto:s}=ke();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*se.length|0;return Ge(e)};function Ye(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function me(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",Ye(n)).then(t=>e(Xe(new Uint8Array(t))),t=>s(t))})}const ze=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ke();return e?me(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},R={},Qe=(n,e=window.sessionStorage,s)=>{if(!R[n]&&e){const o=e.getItem(n);o&&(R[n]=JSON.parse(o))}const t=1e3*s;return R[n]&&R[n].timestamp+t>Date.now()?R[n].result:null},Ze=(n,e,s=window.sessionStorage)=>{const t=Date.now();R[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},en=60*60,nn=n=>async(e,s=en,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Qe(r,t,s);if(c)return new re(c);const a=await M(n)(i,{},o);if(a.status!==200)return null;const u=await a.json();return Ze(r,u,t),new re(u)},M=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await M(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},pe=n=>async(e,s,t=oe.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await M(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},sn=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))s[h]===void 0&&(s[h]=y);const a=[];for(const h in s){const y=encodeURIComponent(h),_=encodeURIComponent(s[h]);a.push(`${y}=${_}`)}const u=a.join("&"),f=await M(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(z)&&(l=f.headers.get(z)),{success:!0,data:Z(d,o,r),demonstratingProofOfPossessionNonce:l}},tn=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await ze(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},z="DPoP-Nonce",on=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const d in s){const l=encodeURIComponent(d),h=encodeURIComponent(s[d]);r.push(`${l}=${h}`)}const c=r.join("&"),a=await M(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(z)&&(u=a.headers.get(z));const f=await a.json();return{success:!0,data:{state:s.state,tokens:Z(f,null,o),demonstratingProofOfPossessionNonce:u}}},we=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},rn=n=>{const e=we(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},K=n=>{const e=we(n),{search:s}=e;return an(s)},an=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function Ae(n){return new TextEncoder().encode(n)}function Se(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function cn(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function ve(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),Se(e)}function Te(n){return Se(cn(n))}var be={};be.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,c).then(function(a){const u=Ae(o.protected+"."+o.payload),f={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(f,a,u).then(function(d){return o.signature=ve(new Uint8Array(d)),o.protected+"."+o.payload+"."+o.signature})})};const ie={};ie.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},ie.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var Pe={};Pe.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},Ae(e)).then(function(s){return ve(new Uint8Array(s))})};const ln=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},un=()=>ie.generate().then(function(n){return n}),Oe=(n,e="POST",s,t={})=>{const o={jit:btoa(ln()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return Pe.thumbprint(n).then(function(i){return be.sign(n,{},o).then(function(r){return r})})},dn=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=te(16)),s(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=te(12));const y={nonce:h.nonce},_=await I(e,n),g=await t(e.authority,e.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:d,extras:u}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),w=_;else{const T=E(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const S={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",...h};await tn(w,o)(g.authorizationEndpoint,S)}catch(l){throw s(m.loginAsync_error,l),l}})()},fn=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),f=K(a).session_state,d=await I(s,n.configurationName);let l,h,y,_;if(d)await d.initAsync(c,"loginCallbackAsync",s),await d.setSessionStateAsync(f),h=await d.getNonceAsync(),y=d.getLoginParams(),_=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const v=E(n.configurationName,s.storage??sessionStorage);await v.setSessionStateAsync(f),h=await v.getNonceAsync(),y=v.getLoginParams(),_=await v.getStateAsync(),l=v}const g=K(a);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},S={};if(s.token_request_extras)for(const[v,F]of Object.entries(s.token_request_extras))S[v]=F;if(y&&y.extras)for(const[v,F]of Object.entries(y.extras))v.endsWith(":token_request")&&(S[v.replace(":token_request","")]=F);const T=c.tokenEndpoint,j={};if(s.demonstrating_proof_of_possession){const v=await un();d?await d.setDemonstratingProofOfPossessionJwkAsync(v):await E(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(v),j.DPoP=await Oe(v,"POST",T)}const p=await on(l)(T,{...w,...S},j,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,O=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==S.state)throw new Error("state is not valid");const{isValid:W,reason:P}=ue(A,h.nonce,c);if(!W)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(O&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",s),k=d.getLoginParams(),O&&await d.setDemonstratingProofOfPossessionNonce(O);else{const v=E(n.configurationName,s.storage);k=v.getLoginParams(),O&&await v.setDemonstratingProofOfPossessionNonce(O)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,f,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Ee={access_token:"access_token",refresh_token:"refresh_token"},hn=n=>async e=>{L.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await I(n.configuration,n.configurationName);s?await s.clearAsync(e):await E(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},_n=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Ee.access_token)){const S=pe(s)(y,g,oe.access_token,c.client_id);_.push(S)}const w=n.tokens?n.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Ee.refresh_token)){const S=pe(s)(y,w,oe.refresh_token,c.client_id);_.push(S)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},yn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ee(n.tokens);)await $({milliseconds:200});if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(s);return n.userInfo=c,c};class J{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const gn=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),kn=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0);break}}return{os:o,osVersion:r}};function mn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const pn=()=>{const{name:n,version:e}=mn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=kn(navigator);return!gn(s)},Ie=()=>fetch;class re{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const N={},wn=(n,e=new J)=>(s,t="default")=>(N[t]||(N[t]=new B(s,t,n,e)),N[t]),An=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=V(n,e.refreshToken,e.expiresAt),{callbackPath:s}},Sn=n=>Math.floor(Math.random()*n),ae=class q{constructor(e,s="default",t,o=new J){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new J;const c=e.service_worker_update_require_callback??Ve(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??pn},this.getFetch=t??Ie,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(N,e)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
-
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return N[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=K(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=K(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new re({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await nn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await I(t,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=V(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=E(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=le(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=V(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Ke(this,N,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Me(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=dn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await fn(this)(e),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||E(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await $({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await $({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?s:s+1;o||(o={});const u=this.configuration,f=(l,h,y=null)=>ne(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,h,y),d=async()=>{try{let l;const h=await I(u,this.configurationName);h?l=h.getLoginParams():l=E(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(q.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:h,nonce:y}=await this.syncTokensInfoAsync(u,this.configurationName,this.tokens,t);switch(l){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(h),{tokens:h,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(h),this.publishEvent(q.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:h,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),!e)return await d();const _=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:_,redirect_uri:g,grant_type:"refresh_token",refresh_token:h.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,O=k.tokenEndpoint,W={};u.demonstrating_proof_of_possession&&(W.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken,O,"POST"));const P=await sn(this.getFetch())(O,p,T,h,W,u.token_renew_mode,A);if(P.success){const{isValid:v,reason:F}=ue(P.data,y.nonce,k);if(!v)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ce=await I(u,this.configurationName);Ce?await Ce.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await E(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(q.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await me(e)},r=await I(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=E(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Oe(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await I(e,s);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:l,status:y,nonce:_}}r=await a.getNonceAsync()}else{const d=E(s,e.storage??sessionStorage),{tokens:l,status:h}=await d.initAsync();if(l){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const _=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=U(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=An(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=yn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return L.clearTimeout(this.timeoutId),this.renewTokensPromise=ye(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await hn(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=_n(this,N,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};ae.getOrCreate=(n,e)=>(s,t="default")=>wn(n,e)(s,t),ae.eventNames=m;let B=ae;const vn=(n,e)=>async(...s)=>{var l;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await n(t,d,...i)},Q=class xe{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new xe(B.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return Re(this._oidc,e,s)}fetchWithTokens(e){return vn(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};Q.getOrCreate=(n,e=new J)=>(s,t="default")=>new Q(B.getOrCreate(n,e)(s,t)),Q.eventNames=B.eventNames;let Tn=Q;C.OidcClient=Tn,C.OidcLocation=J,C.TokenRenewMode=G,C.getFetchDefault=Ie,C.getParseQueryStringFromLocation=K,C.getPath=rn,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})});
|
|
1
|
+
(function(I,H){typeof exports=="object"&&typeof module<"u"?H(exports):typeof define=="function"&&define.amd?define(["exports"],H):(I=typeof globalThis<"u"?globalThis:I||self,H(I["oidc-client"]={}))})(this,function(I){"use strict";const L=console;class Ne{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(L.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(L.debug(e),L.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):L.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){L.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(L.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},O=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${n}`]),f=async()=>({nonce:e[`oidc.nonce.${n}`]}),d=async p=>{e[`oidc.dpop_nonce.${n}`]=p},l=()=>e[`oidc.dpop_nonce.${n}`],h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},We=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=n=>JSON.parse(We(n.split(".")[1].replace("-","+").replace("_","/"))),ce=n=>{try{return n&&De(n,".")===2?Le(n):null}catch(e){console.warn(e)}return null},De=(n,e)=>n.split(e).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function $e(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const le=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=ce(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:ce(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=$e(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===G.access_token_invalid?a=c:s===G.id_token_invalid?a=r:a=r<c?r:c;const u={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},Z=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),le(t,e,s)},U=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ee=n=>n?U(0,n.expiresAt)>0:!1,Re=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ee(n.tokens)&&t>0;)await D({milliseconds:e}),t=t-1;return{isTokensValid:ee(n.tokens),tokens:n.tokens,numberWaited:t-s}},ue=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},V=function(){const n=function(){let a,u;const f=(function(){const l={},h={setTimeout:function(_,g,w){l[g]=setTimeout(function(){_.postMessage(g),l[g]=null},w)},setInterval:function(_,g,w){l[g]=setInterval(function(){_.postMessage(g)},w)},clearTimeout:function(_,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(_,g){clearInterval(l[g]),l[g]=null}};function y(_,g){const w=g.data[0],v=g.data[1],T=g.data[2];h[w]&&h[w](_,v,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const u=a.data,f=s[u];if(f){f(),s[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return n.postMessage(["setTimeout",f,u]),s[f]=a,f}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,u){const f=e();return n.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.13.8";let fe=null,X;const D=({milliseconds:n})=>new Promise(e=>V.setTimeout(e,n)),he=(n="/")=>{try{X=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),D({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},Fe=()=>{X&&X.abort()},Ue=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Ve=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await D({milliseconds:2e3}),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),E=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;let t=null;n.register?t=await n.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,C)=>{const W=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=W.version;return P!==de&&(console.warn(`Service worker ${P} version mismatch with js client version ${de}, unregistering and reloading`),await C.service_worker_update_require_callback(t,Fe)),{tokens:Z(W.tokens,null,C.token_renew_mode),status:W.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ue(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(n,e,s,t){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);return await E(n.configuration,n.configurationName)||await O(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?i:(await n.destroyAsync(r),null)}async function Me(n,e){const s=await E(e,n.configurationName);if(s){const t=await n.initAsync(e.authority,e.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",e);return o}else{const t=O(n.configurationName,e.storage??sessionStorage),{tokens:o}=await t.initAsync();return o}}async function ye(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`;let r;const c=await E(n.configuration,n.configurationName);return(o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!c?r=await _e(n,e,s,t):r=await navigator.locks.request(i,{ifAvailable:!0},async a=>a?await _e(n,e,s,t):(n.publishEvent(R.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Me(n,o))),r?(n.timeoutId&&(n.timeoutId=M(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const M=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const r={timeLeft:U(o,s)};n.publishEvent(R.eventNames.token_timer,r),await ye(n,e,!1,t)},1e3)},ne=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${n}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===u&&_.source===f.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,v=_.data;if(v&&typeof v=="string"&&!h){if(v.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));s(m.silentLoginAsync_end,{}),f.remove(),h=!0,d(T)}else if(v.startsWith(w)){const T=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),h=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),h=!0,l(new Error("timeout")))},y)}catch(h){f.remove(),s(m.silentLoginAsync_error,h),l(h)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Ke=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>ne(e,s,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=M(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Je=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>ne(n.configurationName,s,n.publishEvent.bind(n))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{n.checkSessionIFrame.stop();const d=n.tokens;if(d===null)return;const l=d.idToken,h=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:s.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,h.sub)})};n.checkSessionIFrame=new Ne(f,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Be=Ge,x=[],ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Y=0,je=ge.length;Y<je;++Y)x[Y]=ge[Y];function qe(n){return x[n>>18&63]+x[n>>12&63]+x[n>>6&63]+x[n&63]}function He(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(qe(t));return o.join("")}function Ge(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(He(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(x[e>>2]+x[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(x[e>>10]+x[e>>4&63]+x[e<<2&63]+"=")),o.join("")}const ke=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Xe=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%se.length;e.push(se[t])}return e.join("")},Ye=n=>Be(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),te=n=>{const e=new Uint8Array(n),{hasCrypto:s}=ke();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*se.length|0;return Xe(e)};function ze(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function me(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",ze(n)).then(t=>e(Ye(new Uint8Array(t))),t=>s(t))})}const Qe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ke();return e?me(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},$={},Ze=(n,e=window.sessionStorage,s)=>{if(!$[n]&&e){const o=e.getItem(n);o&&($[n]=JSON.parse(o))}const t=1e3*s;return $[n]&&$[n].timestamp+t>Date.now()?$[n].result:null},en=(n,e,s=window.sessionStorage)=>{const t=Date.now();$[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},nn=60*60,sn=n=>async(e,s=nn,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Ze(r,t,s);if(c)return new re(c);const a=await K(n)(i,{},o);if(a.status!==200)return null;const u=await a.json();return en(r,u,t),new re(u)},K=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await K(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},pe=n=>async(e,s,t=oe.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},tn=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))s[h]===void 0&&(s[h]=y);const a=[];for(const h in s){const y=encodeURIComponent(h),_=encodeURIComponent(s[h]);a.push(`${y}=${_}`)}const u=a.join("&"),f=await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(z)&&(l=f.headers.get(z)),{success:!0,data:Z(d,o,r),demonstratingProofOfPossessionNonce:l}},on=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Qe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},z="DPoP-Nonce",rn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const d in s){const l=encodeURIComponent(d),h=encodeURIComponent(s[d]);r.push(`${l}=${h}`)}const c=r.join("&"),a=await K(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(z)&&(u=a.headers.get(z));const f=await a.json();return{success:!0,data:{state:s.state,tokens:Z(f,null,o),demonstratingProofOfPossessionNonce:u}}},we=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},an=n=>{const e=we(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},J=n=>{const e=we(n),{search:s}=e;return cn(s)},cn=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function Ae(n){return new TextEncoder().encode(n)}function ve(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function ln(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Se(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),ve(e)}function Te(n){return ve(ln(n))}var be={};be.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,c).then(function(a){const u=Ae(o.protected+"."+o.payload),f={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(f,a,u).then(function(d){return o.signature=Se(new Uint8Array(d)),o.protected+"."+o.payload+"."+o.signature})})};const ie={};ie.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},ie.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var Pe={};Pe.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},Ae(e)).then(function(s){return Se(new Uint8Array(s))})};const un=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},dn=()=>ie.generate().then(function(n){return n}),Oe=(n,e="POST",s,t={})=>{const o={jit:btoa(un()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return Pe.thumbprint(n).then(function(i){return be.sign(n,{},o).then(function(r){return r})})},fn=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=te(16)),s(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=te(12));const y={nonce:h.nonce},_=await E(e,n),g=await t(e.authority,e.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:d,extras:u}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),w=_;else{const T=O(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const v={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",...h};await on(w,o)(g.authorizationEndpoint,v)}catch(l){throw s(m.loginAsync_error,l),l}})()},hn=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),f=J(a).session_state,d=await E(s,n.configurationName);let l,h,y,_;if(d)await d.initAsync(c,"loginCallbackAsync",s),await d.setSessionStateAsync(f),h=await d.getNonceAsync(),y=d.getLoginParams(),_=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const S=O(n.configurationName,s.storage??sessionStorage);await S.setSessionStateAsync(f),h=await S.getNonceAsync(),y=S.getLoginParams(),_=await S.getStateAsync(),l=S}const g=J(a);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},v={};if(s.token_request_extras)for(const[S,F]of Object.entries(s.token_request_extras))v[S]=F;if(y&&y.extras)for(const[S,F]of Object.entries(y.extras))S.endsWith(":token_request")&&(v[S.replace(":token_request","")]=F);const T=c.tokenEndpoint,j={};if(s.demonstrating_proof_of_possession){const S=await dn();d?await d.setDemonstratingProofOfPossessionJwkAsync(S):await O(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(S),j.DPoP=await Oe(S,"POST",T)}const p=await rn(l)(T,{...w,...v},j,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:W,reason:P}=ue(A,h.nonce,c);if(!W)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",s),k=d.getLoginParams(),C&&await d.setDemonstratingProofOfPossessionNonce(C);else{const S=O(n.configurationName,s.storage);k=S.getLoginParams(),C&&await S.setDemonstratingProofOfPossessionNonce(C)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,f,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Ee={access_token:"access_token",refresh_token:"refresh_token"},_n=n=>async e=>{V.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await E(n.configuration,n.configurationName);s?await s.clearAsync(e):await O(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},yn=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Ee.access_token)){const v=pe(s)(y,g,oe.access_token,c.client_id);_.push(v)}const w=n.tokens?n.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Ee.refresh_token)){const v=pe(s)(y,w,oe.refresh_token,c.client_id);_.push(v)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},gn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ee(n.tokens);)await D({milliseconds:200});if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(s);return n.userInfo=c,c};class B{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const kn=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),mn=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0);break}}return{os:o,osVersion:r}};function pn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const wn=()=>{const{name:n,version:e}=pn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=mn(navigator);return!kn(s)},Ce=()=>fetch;class re{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const N={},An=(n,e=new B)=>(s,t="default")=>(N[t]||(N[t]=new R(s,t,n,e)),N[t]),vn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=M(n,e.refreshToken,e.expiresAt),{callbackPath:s}},Sn=n=>Math.floor(Math.random()*n),ae=class q{constructor(e,s="default",t,o=new B){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new B;const c=e.service_worker_update_require_callback??Ve(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??wn},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(N,e)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
+
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return N[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new re({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await E(this.configuration,this.configurationName)?window.localStorage:null;return await sn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await E(t,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=M(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=O(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=le(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=M(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Je(this,N,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ke(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=fn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(e),o=t.tokens;return this.tokens=o,await E(this.configuration,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await D({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await D({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?s:s+1;o||(o={});const u=this.configuration,f=(l,h,y=null)=>ne(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,h,y),d=async()=>{try{let l;const h=await E(u,this.configurationName);h?l=h.getLoginParams():l=O(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(q.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:h,nonce:y}=await this.syncTokensInfoAsync(u,this.configurationName,this.tokens,t);switch(l){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(h),{tokens:h,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(h),this.publishEvent(q.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:h,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),!e)return await d();const _=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:_,redirect_uri:g,grant_type:"refresh_token",refresh_token:h.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,C=k.tokenEndpoint,W={};u.demonstrating_proof_of_possession&&(W.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken,C,"POST"));const P=await tn(this.getFetch())(C,p,T,h,W,u.token_renew_mode,A);if(P.success){const{isValid:S,reason:F}=ue(P.data,y.nonce,k);if(!S)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ie=await E(u,this.configurationName);Ie?await Ie.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await O(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(q.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await me(e)},r=await E(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=O(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Oe(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await E(e,s);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:l,status:y,nonce:_}}r=await a.getNonceAsync()}else{const d=O(s,e.storage??sessionStorage),{tokens:l,status:h}=await d.initAsync();if(l){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const _=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=U(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=vn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=gn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=ye(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await _n(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=yn(this,N,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};ae.getOrCreate=(n,e)=>(s,t="default")=>An(n,e)(s,t),ae.eventNames=m;let R=ae;const Tn=(n,e)=>async(...s)=>{var l;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await n(t,d,...i)},Q=class xe{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new xe(R.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return Re(this._oidc,e,s)}fetchWithTokens(e){return Tn(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};Q.getOrCreate=(n,e=new B)=>(s,t="default")=>new Q(R.getOrCreate(n,e)(s,t)),Q.eventNames=R.eventNames;let bn=Q;I.OidcClient=bn,I.OidcLocation=B,I.TokenRenewMode=G,I.getFetchDefault=Ce,I.getParseQueryStringFromLocation=J,I.getPath=an,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});
|
package/dist/oidc.d.ts
CHANGED
package/dist/oidc.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AAOA,OAAO,EAAgE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAMxG,OAAO,EAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAC,MAAM,YAAY,CAAC;AAIvF,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAKxD,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACtD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAC,MAAM,CAAC;CACjB;AAID,qBAAa,qCAAqC;IAC9C,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CAS3B;AAUD,MAAM,MAAM,aAAa,GAAG;IACxB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG;IAChC,YAAY,EAAC,MAAM,CAAC;IACpB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAYD,qBAAa,IAAI;IACN,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,CAAC,SAAS,CAAiB;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IACjC,OAAO,CAAC,kBAAkB,CAAqB;IAC/C,OAAO,CAAC,QAAQ,CAAc;IAC9B,OAAO,CAAC,QAAQ,CAAiB;gBACrB,aAAa,EAAC,iBAAiB,EAAE,iBAAiB,QAAY,EAAE,QAAQ,EAAG,MAAM,KAAK,EAAE,QAAQ,GAAE,cAAmC;IA6CjJ,eAAe,CAAC,IAAI,KAAA,GAAE,MAAM;IAM5B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,YAAW,cAAc,gDAEnE;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU
|
|
1
|
+
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AAOA,OAAO,EAAgE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAMxG,OAAO,EAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAC,MAAM,YAAY,CAAC;AAIvF,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAKxD,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACtD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAC,MAAM,CAAC;CACjB;AAID,qBAAa,qCAAqC;IAC9C,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CAS3B;AAUD,MAAM,MAAM,aAAa,GAAG;IACxB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG;IAChC,YAAY,EAAC,MAAM,CAAC;IACpB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAYD,qBAAa,IAAI;IACN,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,CAAC,SAAS,CAAiB;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IACjC,OAAO,CAAC,kBAAkB,CAAqB;IAC/C,OAAO,CAAC,QAAQ,CAAc;IAC9B,OAAO,CAAC,QAAQ,CAAiB;gBACrB,aAAa,EAAC,iBAAiB,EAAE,iBAAiB,QAAY,EAAE,QAAQ,EAAG,MAAM,KAAK,EAAE,QAAQ,GAAE,cAAmC;IA6CjJ,eAAe,CAAC,IAAI,KAAA,GAAE,MAAM;IAM5B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,YAAW,cAAc,gDAEnE;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAQ9B,mCAAmC;IAQ7B,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAC,MAAM,EAAE,sBAAsB,EAAC,sBAAsB;IA4B/E,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAkF/C,sBAAsB,CAAC,qBAAqB,KAAA,EAAE,QAAQ,KAAA,EAAE,YAAY,KAAA,EAAE,cAAc,UAAQ;IAIlG,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC7B,UAAU,CAAC,YAAY,GAAC,MAAkB,EAAE,MAAM,GAAC,SAAgB,EAAE,cAAc,UAAQ,EAAE,KAAK,GAAC,MAAkB,EAAE,eAAe,UAAQ;IAcpJ,oBAAoB,EAAG,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,kBAAkB,CAAC,aAAa,UAAQ;IA2BxC,sBAAsB,CAAC,YAAY,KAAA,EAAE,KAAK,QAAI,EAAE,YAAY,SAAQ,EAAE,MAAM,EAAC,SAAgB,EAAE,YAAY,KAAA;IAgK3G,6CAA6C,CAAC,WAAW,EAAC,MAAM,EAAE,GAAG,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwB7G,mBAAmB,CAAC,aAAa,KAAA,EAAE,iBAAiB,KAAA,EAAE,aAAa,KAAA,EAAE,YAAY,UAAQ;;;;;;;IAiD/F,uCAAuC,EAAC,OAAO,CAAC,aAAa,CAAC,CAAQ;IACrE,qCAAqC,IAAG,OAAO,CAAC,aAAa,CAAC;IAW/D,eAAe,EAAC,OAAO,CAAC,GAAG,CAAC,CAAQ;IACnC,aAAa,CAAC,OAAO,UAAQ;IAW9B,kBAAkB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAQ;IAEhC,gBAAgB,CAAE,MAAM,GAAC,SAAgB;IAgBzC,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAQ9C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAQpD,aAAa,EAAC,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC7B,WAAW,CAAC,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,MAAM,GAAE,SAAgB;CAUrG;AAED,eAAe,IAAI,CAAC"}
|
package/dist/oidcClient.d.ts
CHANGED
package/dist/oidcClient.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAGxD,MAAM,WAAW,eAAe;IAC5B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAC,GAAG,OAAE;CAC5B;AAED,qBAAa,UAAU;IACnB,OAAO,CAAC,KAAK,CAAO;gBACR,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAC,eAAe,GAAE,MAAM;IAI5C,uBAAuB,CAAC,EAAE,EAAC,MAAM,GAAE,IAAI;IAIvC,YAAY,CAAC,SAAS,EAAC,MAAM,EAAE,IAAI,EAAC,GAAG,GAAI,IAAI;IAI/C,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,aAAW,cAAc,qBAAwC,iBAAiB,oBAAqB,UAAU,CAE3J;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAE,UAAU;IAIvC,MAAM,CAAC,UAAU
|
|
1
|
+
{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAGxD,MAAM,WAAW,eAAe;IAC5B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAC,GAAG,OAAE;CAC5B;AAED,qBAAa,UAAU;IACnB,OAAO,CAAC,KAAK,CAAO;gBACR,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAC,eAAe,GAAE,MAAM;IAI5C,uBAAuB,CAAC,EAAE,EAAC,MAAM,GAAE,IAAI;IAIvC,YAAY,CAAC,SAAS,EAAC,MAAM,EAAE,IAAI,EAAC,GAAG,GAAI,IAAI;IAI/C,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,aAAW,cAAc,qBAAwC,iBAAiB,oBAAqB,UAAU,CAE3J;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAE,UAAU;IAIvC,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAmB;IACpC,2BAA2B,IAAG,OAAO,CAAC,OAAO,CAAC;IAI9C,UAAU,CAAC,YAAY,GAAC,MAAkB,EAAE,MAAM,GAAC,SAAgB,EAAE,cAAc,UAAQ,EAAE,KAAK,GAAC,MAAkB,EAAE,eAAe,UAAQ,GAAE,OAAO,CAAC,OAAO,CAAC;IAIhK,WAAW,CAAC,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,MAAM,GAAE,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAI7G,wBAAwB,IAAG,OAAO,CAAC,IAAI,CAAC;IAIxC,gBAAgB,CAAC,MAAM,GAAC,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAIvD,kBAAkB,IAAG,OAAO,CAAC,aAAa,CAAC;IAI3C,IAAI,MAAM,IAAG,MAAM,CAElB;IAED,IAAI,aAAa,IAAG,iBAAiB,CAEpC;IAEK,6CAA6C,CAAC,WAAW,EAAC,MAAM,EAAE,GAAG,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM,GAAI,OAAO,CAAC,MAAM,CAAC;IAI9G,kBAAkB,CAAC,MAAM,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,UAAU,CAAC;IAI5E,eAAe,CAAC,KAAK,EAAE,KAAK,GAAG,KAAK;IAI9B,aAAa,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,EAAE,OAAO,UAAQ,GAAE,OAAO,CAAC,CAAC,CAAC;CAGzF;AAED,MAAM,WAAW,YAAY;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"renewTokens.d.ts","sourceRoot":"","sources":["../src/renewTokens.ts"],"names":[],"mappings":";AAKA,OAAO,
|
|
1
|
+
{"version":3,"file":"renewTokens.d.ts","sourceRoot":"","sources":["../src/renewTokens.ts"],"names":[],"mappings":";AAKA,OAAO,EAAC,SAAS,EAAC,MAAM,YAAY,CAAC;AAkCrC,wBAAsB,6BAA6B,CAAC,IAAI,KAAA,EAAE,YAAY,KAAA,EAAE,YAAY,UAAQ,EAAE,MAAM,GAAC,SAAgB,gBA+BpH;AAED,eAAO,MAAM,eAAe,0DAA0C,SAAS,4BAQ9E,CAAC"}
|
package/dist/version.d.ts
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axa-fr/oidc-client",
|
|
3
|
-
"version": "7.13.
|
|
3
|
+
"version": "7.13.8",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.umd.cjs",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"url": "https://github.com/AxaFrance/oidc-client.git"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@axa-fr/oidc-client-service-worker": "7.13.
|
|
23
|
+
"@axa-fr/oidc-client-service-worker": "7.13.8"
|
|
24
24
|
},
|
|
25
25
|
"devDependencies": {
|
|
26
26
|
"@testing-library/dom": "^9.3.3",
|
package/src/events.ts
CHANGED
|
@@ -23,6 +23,7 @@ export const eventNames = {
|
|
|
23
23
|
silentLoginAsync_end: 'silentLoginAsync_end',
|
|
24
24
|
silentLoginAsync_error: 'silentLoginAsync_error',
|
|
25
25
|
syncTokensAsync_begin: 'syncTokensAsync_begin',
|
|
26
|
+
syncTokensAsync_lock_not_available: 'syncTokensAsync_lock_not_available',
|
|
26
27
|
syncTokensAsync_end: 'syncTokensAsync_end',
|
|
27
28
|
syncTokensAsync_error: 'syncTokensAsync_error',
|
|
28
29
|
};
|
package/src/renewTokens.ts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
1
|
+
import {initSession} from './initSession.js';
|
|
2
|
+
import {initWorkerAsync} from './initWorker.js';
|
|
3
3
|
import Oidc from './oidc.js';
|
|
4
|
-
import {
|
|
4
|
+
import {computeTimeLeft} from './parseTokens.js';
|
|
5
5
|
import timer from './timer.js';
|
|
6
|
-
import {
|
|
6
|
+
import {StringMap} from './types.js';
|
|
7
7
|
|
|
8
8
|
async function syncTokens(oidc, refreshToken, forceRefresh: boolean, extras: StringMap) {
|
|
9
9
|
const updateTokens = (tokens) => {
|
|
@@ -24,26 +24,38 @@ async function syncTokens(oidc, refreshToken, forceRefresh: boolean, extras: Str
|
|
|
24
24
|
return tokens;
|
|
25
25
|
}
|
|
26
26
|
|
|
27
|
+
async function loadLatestTokensAsync(oidc, configuration) {
|
|
28
|
+
const serviceWorker = await initWorkerAsync(configuration, oidc.configurationName);
|
|
29
|
+
if (serviceWorker) {
|
|
30
|
+
const oidcServerConfiguration = await oidc.initAsync(configuration.authority, configuration.authority_configuration);
|
|
31
|
+
const {tokens} = await serviceWorker.initAsync(oidcServerConfiguration, 'tryKeepExistingSessionAsync', configuration);
|
|
32
|
+
return tokens;
|
|
33
|
+
} else {
|
|
34
|
+
const session = initSession(oidc.configurationName, configuration.storage ?? sessionStorage);
|
|
35
|
+
const {tokens} = await session.initAsync();
|
|
36
|
+
return tokens;
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
|
|
27
40
|
export async function renewTokensAndStartTimerAsync(oidc, refreshToken, forceRefresh = false, extras:StringMap = null) {
|
|
28
41
|
|
|
29
42
|
const configuration = oidc.configuration;
|
|
30
43
|
const lockResourcesName = `${configuration.client_id}_${oidc.configurationName}_${configuration.authority}`;
|
|
31
44
|
|
|
32
|
-
let tokens
|
|
45
|
+
let tokens: null;
|
|
33
46
|
const serviceWorker = await initWorkerAsync(oidc.configuration, oidc.configurationName);
|
|
47
|
+
|
|
34
48
|
if(configuration?.storage === window?.sessionStorage && !serviceWorker) {
|
|
35
49
|
tokens = await syncTokens(oidc, refreshToken, forceRefresh, extras);
|
|
36
50
|
} else {
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
const tokens = await syncTokens(oidc, refreshToken, forceRefresh, extras);
|
|
44
|
-
timer.clearTimeout(timeoutId);
|
|
45
|
-
return tokens;
|
|
51
|
+
tokens = await navigator.locks.request(lockResourcesName, { ifAvailable: true }, async (lock) => {
|
|
52
|
+
if(!lock){
|
|
53
|
+
oidc.publishEvent(Oidc.eventNames.syncTokensAsync_lock_not_available, { lock: 'lock not available' });
|
|
54
|
+
return await loadLatestTokensAsync(oidc, configuration);
|
|
55
|
+
}
|
|
56
|
+
return await syncTokens(oidc, refreshToken, forceRefresh, extras);
|
|
46
57
|
});
|
|
58
|
+
|
|
47
59
|
}
|
|
48
60
|
|
|
49
61
|
if(!tokens){
|
|
@@ -51,6 +63,7 @@ export async function renewTokensAndStartTimerAsync(oidc, refreshToken, forceRef
|
|
|
51
63
|
}
|
|
52
64
|
|
|
53
65
|
if (oidc.timeoutId) {
|
|
66
|
+
// @ts-ignore
|
|
54
67
|
oidc.timeoutId = autoRenewTokens(oidc, tokens.refreshToken, oidc.tokens.expiresAt, extras);
|
|
55
68
|
}
|
|
56
69
|
|
package/src/version.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export default '7.13.
|
|
1
|
+
export default '7.13.8';
|