@axa-fr/oidc-client 7.13.8 → 7.13.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +44 -43
- package/dist/index.umd.cjs +2 -2
- package/dist/renewTokens.d.ts.map +1 -1
- package/dist/requests.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/renewTokens.ts +4 -2
- package/src/requests.ts +0 -1
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -101,7 +101,7 @@ const m = {
|
|
|
101
101
|
setDemonstratingProofOfPossessionJwkAsync: a,
|
|
102
102
|
getDemonstratingProofOfPossessionJwkAsync: u
|
|
103
103
|
};
|
|
104
|
-
}, Ce = (s) => decodeURIComponent(Array.prototype.map.call(atob(s), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), xe = (s) => JSON.parse(Ce(s.split(".")[1].replace("-", "+").replace("_", "/"))),
|
|
104
|
+
}, Ce = (s) => decodeURIComponent(Array.prototype.map.call(atob(s), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), xe = (s) => JSON.parse(Ce(s.split(".")[1].replace("-", "+").replace("_", "/"))), ce = (s) => {
|
|
105
105
|
try {
|
|
106
106
|
return s && Ne(s, ".") === 2 ? xe(s) : null;
|
|
107
107
|
} catch (e) {
|
|
@@ -121,13 +121,13 @@ function We(s, e, n) {
|
|
|
121
121
|
return e && e.iat ? e.iat : n && n.iat ? n.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
|
|
122
122
|
return s.issuedAt;
|
|
123
123
|
}
|
|
124
|
-
const
|
|
124
|
+
const ne = (s, e = null, n) => {
|
|
125
125
|
if (!s)
|
|
126
126
|
return null;
|
|
127
127
|
let t;
|
|
128
128
|
const o = typeof s.expiresIn == "string" ? parseInt(s.expiresIn, 10) : s.expiresIn;
|
|
129
|
-
s.accessTokenPayload !== void 0 ? t = s.accessTokenPayload : t =
|
|
130
|
-
const i = s.idTokenPayload ? s.idTokenPayload :
|
|
129
|
+
s.accessTokenPayload !== void 0 ? t = s.accessTokenPayload : t = ce(s.accessToken);
|
|
130
|
+
const i = s.idTokenPayload ? s.idTokenPayload : ce(s.idToken), r = i && i.exp ? i.exp : Number.MAX_VALUE, c = t && t.exp ? t.exp : s.issuedAt + o;
|
|
131
131
|
s.issuedAt = We(s, t, i);
|
|
132
132
|
let a;
|
|
133
133
|
s.expiresAt ? a = s.expiresAt : n === Y.access_token_invalid ? a = c : n === Y.id_token_invalid ? a = r : a = r < c ? r : c;
|
|
@@ -137,7 +137,7 @@ const ye = (s, e = null, n) => {
|
|
|
137
137
|
return { ...u, refreshToken: f };
|
|
138
138
|
}
|
|
139
139
|
return u;
|
|
140
|
-
},
|
|
140
|
+
}, te = (s, e, n) => {
|
|
141
141
|
if (!s)
|
|
142
142
|
return null;
|
|
143
143
|
if (!s.issued_at) {
|
|
@@ -152,7 +152,7 @@ const ye = (s, e = null, n) => {
|
|
|
152
152
|
tokenType: s.token_type,
|
|
153
153
|
issuedAt: s.issued_at
|
|
154
154
|
};
|
|
155
|
-
return "refresh_token" in s && (t.refreshToken = s.refresh_token), s.accessTokenPayload !== void 0 && (t.accessTokenPayload = s.accessTokenPayload), s.idTokenPayload !== void 0 && (t.idTokenPayload = s.idTokenPayload),
|
|
155
|
+
return "refresh_token" in s && (t.refreshToken = s.refresh_token), s.accessTokenPayload !== void 0 && (t.accessTokenPayload = s.accessTokenPayload), s.idTokenPayload !== void 0 && (t.idTokenPayload = s.idTokenPayload), ne(t, e, n);
|
|
156
156
|
}, V = (s, e) => {
|
|
157
157
|
const n = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = e - n;
|
|
158
158
|
return Math.round(t - s);
|
|
@@ -282,8 +282,8 @@ const ye = (s, e = null, n) => {
|
|
|
282
282
|
setInterval: r,
|
|
283
283
|
clearInterval: c
|
|
284
284
|
};
|
|
285
|
-
}(),
|
|
286
|
-
let
|
|
285
|
+
}(), le = "7.13.9";
|
|
286
|
+
let ue = null, q;
|
|
287
287
|
const $ = ({ milliseconds: s }) => new Promise((e) => M.setTimeout(e, s)), ke = (s = "/") => {
|
|
288
288
|
try {
|
|
289
289
|
q = new AbortController(), fetch(`${s}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: q.signal }).catch((t) => {
|
|
@@ -333,9 +333,9 @@ const $ = ({ milliseconds: s }) => new Promise((e) => M.setTimeout(e, s)), ke =
|
|
|
333
333
|
},
|
|
334
334
|
configurationName: e
|
|
335
335
|
}), P = x.version;
|
|
336
|
-
return P !==
|
|
336
|
+
return P !== le && (console.warn(`Service worker ${P} version mismatch with js client version ${le}, unregistering and reloading`), await O.service_worker_update_require_callback(t, De)), { tokens: te(x.tokens, null, O.token_renew_mode), status: x.status };
|
|
337
337
|
}, r = (k = "/") => {
|
|
338
|
-
|
|
338
|
+
ue == null && (ue = "not_null", ke(k));
|
|
339
339
|
}, c = (k) => b(t)({ type: "setSessionState", data: { sessionState: k }, configurationName: e }), a = async () => (await b(t)({ type: "getSessionState", data: null, configurationName: e })).sessionState, u = (k) => (sessionStorage[`oidc.nonce.${e}`] = k.nonce, b(t)({ type: "setNonce", data: { nonce: k }, configurationName: e })), f = async () => {
|
|
340
340
|
let A = (await b(t)({ type: "getNonce", data: null, configurationName: e })).nonce;
|
|
341
341
|
return A || (A = sessionStorage[`oidc.nonce.${e}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: A };
|
|
@@ -381,7 +381,7 @@ const $ = ({ milliseconds: s }) => new Promise((e) => M.setTimeout(e, s)), ke =
|
|
|
381
381
|
}
|
|
382
382
|
};
|
|
383
383
|
};
|
|
384
|
-
async function
|
|
384
|
+
async function de(s, e, n, t) {
|
|
385
385
|
const o = (a) => {
|
|
386
386
|
s.tokens = a;
|
|
387
387
|
}, { tokens: i, status: r } = await s.synchroniseTokensAsync(e, 0, n, t, o);
|
|
@@ -393,15 +393,16 @@ async function Fe(s, e) {
|
|
|
393
393
|
const t = await s.initAsync(e.authority, e.authority_configuration), { tokens: o } = await n.initAsync(t, "tryKeepExistingSessionAsync", e);
|
|
394
394
|
return o;
|
|
395
395
|
} else {
|
|
396
|
-
const t = I(s.configurationName, e.storage ?? sessionStorage)
|
|
397
|
-
|
|
396
|
+
const t = I(s.configurationName, e.storage ?? sessionStorage);
|
|
397
|
+
let { tokens: o } = await t.initAsync();
|
|
398
|
+
return o = ne(o, s.tokens, e.token_renew_mode), o;
|
|
398
399
|
}
|
|
399
400
|
}
|
|
400
401
|
async function me(s, e, n = !1, t = null) {
|
|
401
402
|
const o = s.configuration, i = `${o.client_id}_${s.configurationName}_${o.authority}`;
|
|
402
403
|
let r;
|
|
403
404
|
const c = await E(s.configuration, s.configurationName);
|
|
404
|
-
return (o == null ? void 0 : o.storage) === (window == null ? void 0 : window.sessionStorage) && !c ? r = await
|
|
405
|
+
return (o == null ? void 0 : o.storage) === (window == null ? void 0 : window.sessionStorage) && !c ? r = await de(s, e, n, t) : r = await navigator.locks.request(i, { ifAvailable: !0 }, async (a) => a ? await de(s, e, n, t) : (s.publishEvent(R.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), await Fe(s, o))), r ? (s.timeoutId && (s.timeoutId = K(s, r.refreshToken, s.tokens.expiresAt, t)), s.tokens) : null;
|
|
405
406
|
}
|
|
406
407
|
const K = (s, e, n, t = null) => {
|
|
407
408
|
const o = s.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
@@ -409,7 +410,7 @@ const K = (s, e, n, t = null) => {
|
|
|
409
410
|
const r = { timeLeft: V(o, n) };
|
|
410
411
|
s.publishEvent(R.eventNames.token_timer, r), await me(s, e, !1, t);
|
|
411
412
|
}, 1e3);
|
|
412
|
-
},
|
|
413
|
+
}, oe = (s, e, n) => (t = null, o = null, i = null) => {
|
|
413
414
|
if (!e.silent_redirect_uri || !e.silent_login_uri)
|
|
414
415
|
return Promise.resolve(null);
|
|
415
416
|
try {
|
|
@@ -449,7 +450,7 @@ const K = (s, e, n, t = null) => {
|
|
|
449
450
|
}
|
|
450
451
|
}, Ue = (s, e, n, t, o) => (i = null, r = void 0) => {
|
|
451
452
|
i = { ...i };
|
|
452
|
-
const c = (u, f, d) =>
|
|
453
|
+
const c = (u, f, d) => oe(e, n, t.bind(o))(u, f, d);
|
|
453
454
|
return (async () => {
|
|
454
455
|
o.timeoutId && M.clearTimeout(o.timeoutId);
|
|
455
456
|
let u;
|
|
@@ -466,7 +467,7 @@ const K = (s, e, n, t = null) => {
|
|
|
466
467
|
}
|
|
467
468
|
})();
|
|
468
469
|
}, Ve = (s, e, n) => (t, o, i, r = !1) => {
|
|
469
|
-
const c = (a, u = void 0, f = void 0) =>
|
|
470
|
+
const c = (a, u = void 0, f = void 0) => oe(s.configurationName, n, s.publishEvent.bind(s))(a, u, f);
|
|
470
471
|
return new Promise((a, u) => {
|
|
471
472
|
if (n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && t && i && !r) {
|
|
472
473
|
const f = () => {
|
|
@@ -501,9 +502,9 @@ const K = (s, e, n, t = null) => {
|
|
|
501
502
|
a(null);
|
|
502
503
|
});
|
|
503
504
|
};
|
|
504
|
-
var Ke = qe, C = [],
|
|
505
|
-
for (var B = 0, Me =
|
|
506
|
-
C[B] =
|
|
505
|
+
var Ke = qe, C = [], fe = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
|
506
|
+
for (var B = 0, Me = fe.length; B < Me; ++B)
|
|
507
|
+
C[B] = fe[B];
|
|
507
508
|
function Je(s) {
|
|
508
509
|
return C[s >> 18 & 63] + C[s >> 12 & 63] + C[s >> 6 & 63] + C[s & 63];
|
|
509
510
|
}
|
|
@@ -592,7 +593,7 @@ const Xe = (s) => {
|
|
|
592
593
|
}, ee = {
|
|
593
594
|
refresh_token: "refresh_token",
|
|
594
595
|
access_token: "access_token"
|
|
595
|
-
},
|
|
596
|
+
}, he = (s) => async (e, n, t = ee.refresh_token, o, i = 1e4) => {
|
|
596
597
|
const r = {
|
|
597
598
|
token: n,
|
|
598
599
|
token_type_hint: t,
|
|
@@ -634,7 +635,7 @@ const Xe = (s) => {
|
|
|
634
635
|
let l = null;
|
|
635
636
|
return f.headers.has(j) && (l = f.headers.get(j)), {
|
|
636
637
|
success: !0,
|
|
637
|
-
data:
|
|
638
|
+
data: te(d, o, r),
|
|
638
639
|
demonstratingProofOfPossessionNonce: l
|
|
639
640
|
};
|
|
640
641
|
}, ss = (s, e) => async (n, t) => {
|
|
@@ -670,7 +671,7 @@ const Xe = (s) => {
|
|
|
670
671
|
success: !0,
|
|
671
672
|
data: {
|
|
672
673
|
state: n.state,
|
|
673
|
-
tokens:
|
|
674
|
+
tokens: te(f, null, o),
|
|
674
675
|
demonstratingProofOfPossessionNonce: u
|
|
675
676
|
}
|
|
676
677
|
};
|
|
@@ -730,7 +731,7 @@ function Te(s) {
|
|
|
730
731
|
e += String.fromCharCode(n);
|
|
731
732
|
}), Se(e);
|
|
732
733
|
}
|
|
733
|
-
function
|
|
734
|
+
function _e(s) {
|
|
734
735
|
return Se(os(s));
|
|
735
736
|
}
|
|
736
737
|
var be = {};
|
|
@@ -739,10 +740,10 @@ be.sign = (s, e, n, t = "dpop+jwt") => {
|
|
|
739
740
|
const o = {
|
|
740
741
|
// @ts-ignore
|
|
741
742
|
// JWT "headers" really means JWS "protected headers"
|
|
742
|
-
protected:
|
|
743
|
+
protected: _e(JSON.stringify(e)),
|
|
743
744
|
// @ts-ignore
|
|
744
745
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
745
|
-
payload:
|
|
746
|
+
payload: _e(JSON.stringify(n))
|
|
746
747
|
}, i = {
|
|
747
748
|
name: "ECDSA",
|
|
748
749
|
namedCurve: "P-256",
|
|
@@ -755,8 +756,8 @@ be.sign = (s, e, n, t = "dpop+jwt") => {
|
|
|
755
756
|
});
|
|
756
757
|
});
|
|
757
758
|
};
|
|
758
|
-
const
|
|
759
|
-
|
|
759
|
+
const ie = {};
|
|
760
|
+
ie.generate = function() {
|
|
760
761
|
const s = {
|
|
761
762
|
name: "ECDSA",
|
|
762
763
|
namedCurve: "P-256"
|
|
@@ -765,7 +766,7 @@ oe.generate = function() {
|
|
|
765
766
|
return window.crypto.subtle.exportKey("jwk", t.privateKey);
|
|
766
767
|
});
|
|
767
768
|
};
|
|
768
|
-
|
|
769
|
+
ie.neuter = function(s) {
|
|
769
770
|
const e = Object.assign({}, s);
|
|
770
771
|
return delete e.d, e.key_ops = ["verify"], e;
|
|
771
772
|
};
|
|
@@ -782,7 +783,7 @@ const is = function() {
|
|
|
782
783
|
for (let o = 0; o < 36; o++)
|
|
783
784
|
s[o] !== "-" && s[o] !== "4" && (n = Math.random() * 16 | 0), s[o] === "x" ? t += e[n] : s[o] === "y" ? (n &= 3, n |= 8, t += e[n]) : t += s[o];
|
|
784
785
|
return t;
|
|
785
|
-
}, rs = () =>
|
|
786
|
+
}, rs = () => ie.generate().then(function(s) {
|
|
786
787
|
return s;
|
|
787
788
|
}), Oe = (s, e = "POST", n, t = {}) => {
|
|
788
789
|
const o = {
|
|
@@ -901,7 +902,7 @@ const is = function() {
|
|
|
901
902
|
} catch (n) {
|
|
902
903
|
throw console.error(n), s.publishEvent(m.loginCallbackAsync_error, n), n;
|
|
903
904
|
}
|
|
904
|
-
},
|
|
905
|
+
}, ye = {
|
|
905
906
|
access_token: "access_token",
|
|
906
907
|
refresh_token: "refresh_token"
|
|
907
908
|
}, ls = (s) => async (e) => {
|
|
@@ -919,13 +920,13 @@ const is = function() {
|
|
|
919
920
|
const y = a.revocationEndpoint;
|
|
920
921
|
if (y) {
|
|
921
922
|
const _ = [], g = s.tokens ? s.tokens.accessToken : null;
|
|
922
|
-
if (g && c.logout_tokens_to_invalidate.includes(
|
|
923
|
-
const v =
|
|
923
|
+
if (g && c.logout_tokens_to_invalidate.includes(ye.access_token)) {
|
|
924
|
+
const v = he(n)(y, g, ee.access_token, c.client_id);
|
|
924
925
|
_.push(v);
|
|
925
926
|
}
|
|
926
927
|
const w = s.tokens ? s.tokens.refreshToken : null;
|
|
927
|
-
if (w && c.logout_tokens_to_invalidate.includes(
|
|
928
|
-
const v =
|
|
928
|
+
if (w && c.logout_tokens_to_invalidate.includes(ye.refresh_token)) {
|
|
929
|
+
const v = he(n)(y, w, ee.refresh_token, c.client_id);
|
|
929
930
|
_.push(v);
|
|
930
931
|
}
|
|
931
932
|
_.length > 0 && await Promise.all(_);
|
|
@@ -1076,7 +1077,7 @@ class se {
|
|
|
1076
1077
|
const N = {}, ks = (s, e = new G()) => (n, t = "default") => (N[t] || (N[t] = new R(n, t, s, e)), N[t]), ms = async (s) => {
|
|
1077
1078
|
const { parsedTokens: e, callbackPath: n } = await s.loginCallbackAsync();
|
|
1078
1079
|
return s.timeoutId = K(s, e.refreshToken, e.expiresAt), { callbackPath: n };
|
|
1079
|
-
}, ps = (s) => Math.floor(Math.random() * s),
|
|
1080
|
+
}, ps = (s) => Math.floor(Math.random() * s), re = class U {
|
|
1080
1081
|
constructor(e, n = "default", t, o = new G()) {
|
|
1081
1082
|
this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
|
|
1082
1083
|
let i = e.silent_login_uri;
|
|
@@ -1188,7 +1189,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1188
1189
|
});
|
|
1189
1190
|
const i = I(this.configurationName, t.storage ?? sessionStorage), { tokens: r } = await i.initAsync();
|
|
1190
1191
|
if (r) {
|
|
1191
|
-
this.tokens =
|
|
1192
|
+
this.tokens = ne(r, null, t.token_renew_mode);
|
|
1192
1193
|
const c = i.getLoginParams();
|
|
1193
1194
|
this.timeoutId = K(this, r.refreshToken, this.tokens.expiresAt, c.extras);
|
|
1194
1195
|
const a = await i.getSessionStateAsync();
|
|
@@ -1231,7 +1232,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1231
1232
|
await $({ milliseconds: 1e3 }), r--, this.publishEvent(m.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
|
|
1232
1233
|
const a = document.hidden ? n : n + 1;
|
|
1233
1234
|
o || (o = {});
|
|
1234
|
-
const u = this.configuration, f = (l, h, y = null) =>
|
|
1235
|
+
const u = this.configuration, f = (l, h, y = null) => oe(this.configurationName, this.configuration, this.publishEvent.bind(this))(l, h, y), d = async () => {
|
|
1235
1236
|
try {
|
|
1236
1237
|
let l;
|
|
1237
1238
|
const h = await E(u, this.configurationName);
|
|
@@ -1294,8 +1295,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1294
1295
|
if (!S)
|
|
1295
1296
|
return i(null), this.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${W}` }), { tokens: null, status: "SESSION_LOST" };
|
|
1296
1297
|
if (i(P.data), P.demonstratingProofOfPossessionNonce) {
|
|
1297
|
-
const
|
|
1298
|
-
|
|
1298
|
+
const ae = await E(u, this.configurationName);
|
|
1299
|
+
ae ? await ae.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce) : await I(this.configurationName, u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce);
|
|
1299
1300
|
}
|
|
1300
1301
|
return this.publishEvent(m.refreshTokensAsync_end, { success: P.success }), this.publishEvent(U.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: P.data, status: "LOGGED_IN" };
|
|
1301
1302
|
} else
|
|
@@ -1381,9 +1382,9 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1381
1382
|
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = us(this, N, this.getFetch(), console, this.location)(e, n), this.logoutPromise.then((t) => (this.logoutPromise = null, t)));
|
|
1382
1383
|
}
|
|
1383
1384
|
};
|
|
1384
|
-
|
|
1385
|
-
|
|
1386
|
-
let R =
|
|
1385
|
+
re.getOrCreate = (s, e) => (n, t = "default") => ks(s, e)(n, t);
|
|
1386
|
+
re.eventNames = m;
|
|
1387
|
+
let R = re;
|
|
1387
1388
|
const ws = (s, e) => async (...n) => {
|
|
1388
1389
|
var l;
|
|
1389
1390
|
const [t, o, ...i] = n, r = o ? { ...o } : { method: "GET" };
|
package/dist/index.umd.cjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(I,H){typeof exports=="object"&&typeof module<"u"?H(exports):typeof define=="function"&&define.amd?define(["exports"],H):(I=typeof globalThis<"u"?globalThis:I||self,H(I["oidc-client"]={}))})(this,function(I){"use strict";const L=console;class Ne{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(L.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(L.debug(e),L.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):L.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){L.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(L.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},O=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${n}`]),f=async()=>({nonce:e[`oidc.nonce.${n}`]}),d=async p=>{e[`oidc.dpop_nonce.${n}`]=p},l=()=>e[`oidc.dpop_nonce.${n}`],h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},We=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=n=>JSON.parse(We(n.split(".")[1].replace("-","+").replace("_","/"))),ce=n=>{try{return n&&De(n,".")===2?Le(n):null}catch(e){console.warn(e)}return null},De=(n,e)=>n.split(e).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function $e(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const le=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=ce(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:ce(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=$e(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===G.access_token_invalid?a=c:s===G.id_token_invalid?a=r:a=r<c?r:c;const u={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},Z=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),le(t,e,s)},U=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ee=n=>n?U(0,n.expiresAt)>0:!1,Re=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ee(n.tokens)&&t>0;)await D({milliseconds:e}),t=t-1;return{isTokensValid:ee(n.tokens),tokens:n.tokens,numberWaited:t-s}},ue=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},V=function(){const n=function(){let a,u;const f=(function(){const l={},h={setTimeout:function(_,g,w){l[g]=setTimeout(function(){_.postMessage(g),l[g]=null},w)},setInterval:function(_,g,w){l[g]=setInterval(function(){_.postMessage(g)},w)},clearTimeout:function(_,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(_,g){clearInterval(l[g]),l[g]=null}};function y(_,g){const w=g.data[0],v=g.data[1],T=g.data[2];h[w]&&h[w](_,v,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const u=a.data,f=s[u];if(f){f(),s[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return n.postMessage(["setTimeout",f,u]),s[f]=a,f}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,u){const f=e();return n.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.13.8";let fe=null,X;const D=({milliseconds:n})=>new Promise(e=>V.setTimeout(e,n)),he=(n="/")=>{try{X=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),D({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},Fe=()=>{X&&X.abort()},Ue=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Ve=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await D({milliseconds:2e3}),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),E=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;let t=null;n.register?t=await n.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,C)=>{const W=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=W.version;return P!==de&&(console.warn(`Service worker ${P} version mismatch with js client version ${de}, unregistering and reloading`),await C.service_worker_update_require_callback(t,Fe)),{tokens:Z(W.tokens,null,C.token_renew_mode),status:W.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ue(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(n,e,s,t){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);return await E(n.configuration,n.configurationName)||await O(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?i:(await n.destroyAsync(r),null)}async function Me(n,e){const s=await E(e,n.configurationName);if(s){const t=await n.initAsync(e.authority,e.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",e);return o}else{const t=O(n.configurationName,e.storage??sessionStorage),{tokens:o}=await t.initAsync();return o}}async function ye(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`;let r;const c=await E(n.configuration,n.configurationName);return(o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!c?r=await _e(n,e,s,t):r=await navigator.locks.request(i,{ifAvailable:!0},async a=>a?await _e(n,e,s,t):(n.publishEvent(R.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Me(n,o))),r?(n.timeoutId&&(n.timeoutId=M(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const M=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const r={timeLeft:U(o,s)};n.publishEvent(R.eventNames.token_timer,r),await ye(n,e,!1,t)},1e3)},ne=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${n}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===u&&_.source===f.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,v=_.data;if(v&&typeof v=="string"&&!h){if(v.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));s(m.silentLoginAsync_end,{}),f.remove(),h=!0,d(T)}else if(v.startsWith(w)){const T=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),h=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),h=!0,l(new Error("timeout")))},y)}catch(h){f.remove(),s(m.silentLoginAsync_error,h),l(h)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Ke=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>ne(e,s,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=M(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Je=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>ne(n.configurationName,s,n.publishEvent.bind(n))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{n.checkSessionIFrame.stop();const d=n.tokens;if(d===null)return;const l=d.idToken,h=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:s.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,h.sub)})};n.checkSessionIFrame=new Ne(f,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Be=Ge,x=[],ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Y=0,je=ge.length;Y<je;++Y)x[Y]=ge[Y];function qe(n){return x[n>>18&63]+x[n>>12&63]+x[n>>6&63]+x[n&63]}function He(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(qe(t));return o.join("")}function Ge(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(He(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(x[e>>2]+x[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(x[e>>10]+x[e>>4&63]+x[e<<2&63]+"=")),o.join("")}const ke=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Xe=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%se.length;e.push(se[t])}return e.join("")},Ye=n=>Be(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),te=n=>{const e=new Uint8Array(n),{hasCrypto:s}=ke();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*se.length|0;return Xe(e)};function ze(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function me(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",ze(n)).then(t=>e(Ye(new Uint8Array(t))),t=>s(t))})}const Qe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ke();return e?me(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},$={},Ze=(n,e=window.sessionStorage,s)=>{if(!$[n]&&e){const o=e.getItem(n);o&&($[n]=JSON.parse(o))}const t=1e3*s;return $[n]&&$[n].timestamp+t>Date.now()?$[n].result:null},en=(n,e,s=window.sessionStorage)=>{const t=Date.now();$[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},nn=60*60,sn=n=>async(e,s=nn,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Ze(r,t,s);if(c)return new re(c);const a=await K(n)(i,{},o);if(a.status!==200)return null;const u=await a.json();return en(r,u,t),new re(u)},K=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await K(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},pe=n=>async(e,s,t=oe.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},tn=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))s[h]===void 0&&(s[h]=y);const a=[];for(const h in s){const y=encodeURIComponent(h),_=encodeURIComponent(s[h]);a.push(`${y}=${_}`)}const u=a.join("&"),f=await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(z)&&(l=f.headers.get(z)),{success:!0,data:Z(d,o,r),demonstratingProofOfPossessionNonce:l}},on=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Qe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},z="DPoP-Nonce",rn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const d in s){const l=encodeURIComponent(d),h=encodeURIComponent(s[d]);r.push(`${l}=${h}`)}const c=r.join("&"),a=await K(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(z)&&(u=a.headers.get(z));const f=await a.json();return{success:!0,data:{state:s.state,tokens:Z(f,null,o),demonstratingProofOfPossessionNonce:u}}},we=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},an=n=>{const e=we(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},J=n=>{const e=we(n),{search:s}=e;return cn(s)},cn=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function Ae(n){return new TextEncoder().encode(n)}function ve(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function ln(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Se(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),ve(e)}function Te(n){return ve(ln(n))}var be={};be.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,c).then(function(a){const u=Ae(o.protected+"."+o.payload),f={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(f,a,u).then(function(d){return o.signature=Se(new Uint8Array(d)),o.protected+"."+o.payload+"."+o.signature})})};const ie={};ie.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},ie.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var Pe={};Pe.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},Ae(e)).then(function(s){return Se(new Uint8Array(s))})};const un=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},dn=()=>ie.generate().then(function(n){return n}),Oe=(n,e="POST",s,t={})=>{const o={jit:btoa(un()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return Pe.thumbprint(n).then(function(i){return be.sign(n,{},o).then(function(r){return r})})},fn=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=te(16)),s(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=te(12));const y={nonce:h.nonce},_=await E(e,n),g=await t(e.authority,e.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:d,extras:u}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),w=_;else{const T=O(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const v={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",...h};await on(w,o)(g.authorizationEndpoint,v)}catch(l){throw s(m.loginAsync_error,l),l}})()},hn=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),f=J(a).session_state,d=await E(s,n.configurationName);let l,h,y,_;if(d)await d.initAsync(c,"loginCallbackAsync",s),await d.setSessionStateAsync(f),h=await d.getNonceAsync(),y=d.getLoginParams(),_=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const S=O(n.configurationName,s.storage??sessionStorage);await S.setSessionStateAsync(f),h=await S.getNonceAsync(),y=S.getLoginParams(),_=await S.getStateAsync(),l=S}const g=J(a);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},v={};if(s.token_request_extras)for(const[S,F]of Object.entries(s.token_request_extras))v[S]=F;if(y&&y.extras)for(const[S,F]of Object.entries(y.extras))S.endsWith(":token_request")&&(v[S.replace(":token_request","")]=F);const T=c.tokenEndpoint,j={};if(s.demonstrating_proof_of_possession){const S=await dn();d?await d.setDemonstratingProofOfPossessionJwkAsync(S):await O(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(S),j.DPoP=await Oe(S,"POST",T)}const p=await rn(l)(T,{...w,...v},j,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:W,reason:P}=ue(A,h.nonce,c);if(!W)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",s),k=d.getLoginParams(),C&&await d.setDemonstratingProofOfPossessionNonce(C);else{const S=O(n.configurationName,s.storage);k=S.getLoginParams(),C&&await S.setDemonstratingProofOfPossessionNonce(C)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,f,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Ee={access_token:"access_token",refresh_token:"refresh_token"},_n=n=>async e=>{V.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await E(n.configuration,n.configurationName);s?await s.clearAsync(e):await O(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},yn=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Ee.access_token)){const v=pe(s)(y,g,oe.access_token,c.client_id);_.push(v)}const w=n.tokens?n.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Ee.refresh_token)){const v=pe(s)(y,w,oe.refresh_token,c.client_id);_.push(v)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},gn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ee(n.tokens);)await D({milliseconds:200});if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(s);return n.userInfo=c,c};class B{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const kn=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),mn=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0);break}}return{os:o,osVersion:r}};function pn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const wn=()=>{const{name:n,version:e}=pn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=mn(navigator);return!kn(s)},Ce=()=>fetch;class re{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const N={},An=(n,e=new B)=>(s,t="default")=>(N[t]||(N[t]=new R(s,t,n,e)),N[t]),vn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=M(n,e.refreshToken,e.expiresAt),{callbackPath:s}},Sn=n=>Math.floor(Math.random()*n),ae=class q{constructor(e,s="default",t,o=new B){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new B;const c=e.service_worker_update_require_callback??Ve(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??wn},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(N,e)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
-
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return N[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new re({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await E(this.configuration,this.configurationName)?window.localStorage:null;return await sn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await E(t,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=M(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=O(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=le(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=M(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Je(this,N,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ke(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=fn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(e),o=t.tokens;return this.tokens=o,await E(this.configuration,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await D({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await D({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?s:s+1;o||(o={});const u=this.configuration,f=(l,h,y=null)=>ne(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,h,y),d=async()=>{try{let l;const h=await E(u,this.configurationName);h?l=h.getLoginParams():l=O(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(q.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:h,nonce:y}=await this.syncTokensInfoAsync(u,this.configurationName,this.tokens,t);switch(l){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(h),{tokens:h,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(h),this.publishEvent(q.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:h,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),!e)return await d();const _=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:_,redirect_uri:g,grant_type:"refresh_token",refresh_token:h.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,C=k.tokenEndpoint,W={};u.demonstrating_proof_of_possession&&(W.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken,C,"POST"));const P=await tn(this.getFetch())(C,p,T,h,W,u.token_renew_mode,A);if(P.success){const{isValid:S,reason:F}=ue(P.data,y.nonce,k);if(!S)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ie=await E(u,this.configurationName);Ie?await Ie.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await O(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(q.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await me(e)},r=await E(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=O(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Oe(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await E(e,s);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:l,status:y,nonce:_}}r=await a.getNonceAsync()}else{const d=O(s,e.storage??sessionStorage),{tokens:l,status:h}=await d.initAsync();if(l){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const _=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=U(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=vn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=gn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=ye(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await _n(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=yn(this,N,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};ae.getOrCreate=(n,e)=>(s,t="default")=>An(n,e)(s,t),ae.eventNames=m;let R=ae;const Tn=(n,e)=>async(...s)=>{var l;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await n(t,d,...i)},Q=class xe{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new xe(R.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return Re(this._oidc,e,s)}fetchWithTokens(e){return Tn(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};Q.getOrCreate=(n,e=new B)=>(s,t="default")=>new Q(R.getOrCreate(n,e)(s,t)),Q.eventNames=R.eventNames;let bn=Q;I.OidcClient=bn,I.OidcLocation=B,I.TokenRenewMode=G,I.getFetchDefault=Ce,I.getParseQueryStringFromLocation=J,I.getPath=an,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});
|
|
1
|
+
(function(I,H){typeof exports=="object"&&typeof module<"u"?H(exports):typeof define=="function"&&define.amd?define(["exports"],H):(I=typeof globalThis<"u"?globalThis:I||self,H(I["oidc-client"]={}))})(this,function(I){"use strict";const L=console;class Ne{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(L.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(L.debug(e),L.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):L.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){L.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(L.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},O=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],c=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},u=()=>JSON.parse(e[`oidc.jwk.${n}`]),f=async()=>({nonce:e[`oidc.nonce.${n}`]}),d=async p=>{e[`oidc.dpop_nonce.${n}`]=p},l=()=>e[`oidc.dpop_nonce.${n}`],h=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:d,getDemonstratingProofOfPossessionNonce:l,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}},We=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=n=>JSON.parse(We(n.split(".")[1].replace("-","+").replace("_","/"))),le=n=>{try{return n&&De(n,".")===2?Le(n):null}catch(e){console.warn(e)}return null},De=(n,e)=>n.split(e).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function $e(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const Z=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=le(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:le(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=$e(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===G.access_token_invalid?a=c:s===G.id_token_invalid?a=r:a=r<c?r:c;const u={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const f=e.refreshToken;return{...u,refreshToken:f}}return u},ee=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),Z(t,e,s)},U=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ne=n=>n?U(0,n.expiresAt)>0:!1,Re=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ne(n.tokens)&&t>0;)await D({milliseconds:e}),t=t-1;return{isTokensValid:ne(n.tokens),tokens:n.tokens,numberWaited:t-s}},ue=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},V=function(){const n=function(){let a,u;const f=(function(){const l={},h={setTimeout:function(_,g,w){l[g]=setTimeout(function(){_.postMessage(g),l[g]=null},w)},setInterval:function(_,g,w){l[g]=setInterval(function(){_.postMessage(g)},w)},clearTimeout:function(_,g){clearTimeout(l[g]),l[g]=null},clearInterval:function(_,g){clearInterval(l[g]),l[g]=null}};function y(_,g){const w=g.data[0],v=g.data[1],T=g.data[2];h[w]&&h[w](_,v,T)}this.onmessage=function(_){y(self,_)},this.onconnect=function(_){const g=_.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const l=new Blob(["(",f,")()"],{type:"application/javascript"});u=URL.createObjectURL(l)}catch{return null}const d=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(u),a.port}catch{d&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(u),a}catch{d&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const u=a.data,f=s[u];if(f){f(),s[u]=null;return}const d=t[u];d&&d()};function o(a,u){const f=e();return n.postMessage(["setTimeout",f,u]),s[f]=a,f}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,u){const f=e();return n.postMessage(["setInterval",f,u]),t[f]=a,f}function c(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),de="7.13.9";let fe=null,X;const D=({milliseconds:n})=>new Promise(e=>V.setTimeout(e,n)),he=(n="/")=>{try{X=new AbortController,fetch(`${n}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),D({milliseconds:150*1e3}).then(he)}catch(e){console.log(e)}},Fe=()=>{X&&X.abort()},Ue=(n="/")=>fetch(`${n}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(e=>e.statusText==="oidc-service-worker").catch(e=>{console.log(e)}),Ve=n=>async(e,s)=>{s(),await e.update();const t=await e.unregister();console.log(`Service worker unregistering ${t}`),await D({milliseconds:2e3}),n.reload()},b=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),E=async(n,e)=>{const s=n.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||n.service_worker_activate()===!1)return null;let t=null;n.register?t=await n.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async k=>b(t)({type:"clear",data:{status:k},configurationName:e}),i=async(k,A,C)=>{const W=await b(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:e}),P=W.version;return P!==de&&(console.warn(`Service worker ${P} version mismatch with js client version ${de}, unregistering and reloading`),await C.service_worker_update_require_callback(t,Fe)),{tokens:ee(W.tokens,null,C.token_renew_mode),status:W.status}},r=(k="/")=>{fe==null&&(fe="not_null",he(k))},c=k=>b(t)({type:"setSessionState",data:{sessionState:k},configurationName:e}),a=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:e})).sessionState,u=k=>(sessionStorage[`oidc.nonce.${e}`]=k.nonce,b(t)({type:"setNonce",data:{nonce:k},configurationName:e})),f=async()=>{let A=(await b(t)({type:"getNonce",data:null,configurationName:e})).nonce;return A||(A=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let d={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(n.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ue(n.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:k=>{d[e]=k,localStorage[`oidc.login.${e}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${e}`];return d[e]||(d[e]=JSON.parse(k)),d[e]},getStateAsync:async()=>{let A=(await b(t)({type:"getState",data:null,configurationName:e})).state;return A||(A=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${e}`]=k,b(t)({type:"setState",data:{state:k},configurationName:e})),getCodeVerifierAsync:async()=>{let A=(await b(t)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${e}`]=k,b(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:e})),setDemonstratingProofOfPossessionNonce:async k=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}};async function _e(n,e,s,t){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);return await E(n.configuration,n.configurationName)||await O(n.configurationName,n.configuration.storage).setTokens(n.tokens),n.tokens?i:(await n.destroyAsync(r),null)}async function Me(n,e){const s=await E(e,n.configurationName);if(s){const t=await n.initAsync(e.authority,e.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",e);return o}else{const t=O(n.configurationName,e.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=Z(o,n.tokens,e.token_renew_mode),o}}async function ye(n,e,s=!1,t=null){const o=n.configuration,i=`${o.client_id}_${n.configurationName}_${o.authority}`;let r;const c=await E(n.configuration,n.configurationName);return(o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!c?r=await _e(n,e,s,t):r=await navigator.locks.request(i,{ifAvailable:!0},async a=>a?await _e(n,e,s,t):(n.publishEvent(R.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Me(n,o))),r?(n.timeoutId&&(n.timeoutId=M(n,r.refreshToken,n.tokens.expiresAt,t)),n.tokens):null}const M=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const r={timeLeft:U(o,s)};n.publishEvent(R.eventNames.token_timer,r),await ye(n,e,!1,t)},1e3)},se=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[d,l]of Object.entries(t))r===""?r=`?${encodeURIComponent(d)}=${encodeURIComponent(l)}`:r+=`&${encodeURIComponent(d)}=${encodeURIComponent(l)}`;const c=e.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),u=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${n}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((d,l)=>{try{let h=!1;window.onmessage=_=>{if(_.origin===u&&_.source===f.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,v=_.data;if(v&&typeof v=="string"&&!h){if(v.startsWith(g)){const T=JSON.parse(_.data.replace(g,""));s(m.silentLoginAsync_end,{}),f.remove(),h=!0,d(T)}else if(v.startsWith(w)){const T=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),h=!0,l(new Error("oidc_"+T.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{h||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),h=!0,l(new Error("timeout")))},y)}catch(h){f.remove(),s(m.silentLoginAsync_error,h),l(h)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},Ke=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(u,f,d)=>se(e,s,t.bind(o))(u,f,d);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,d=await c({...f,prompt:"none"},u,r);if(d)return o.tokens=d.tokens,t(m.token_aquired,{}),o.timeoutId=M(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(f){return f}})()},Je=(n,e,s)=>(t,o,i,r=!1)=>{const c=(a,u=void 0,f=void 0)=>se(n.configurationName,s,n.publishEvent.bind(n))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{n.checkSessionIFrame.stop();const d=n.tokens;if(d===null)return;const l=d.idToken,h=d.idTokenPayload;return c({prompt:"none",id_token_hint:l,scope:s.scope||"openid"}).then(y=>{const _=y.tokens.idTokenPayload;if(h.sub===_.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),h.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[_,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,h.sub)})};n.checkSessionIFrame=new Ne(f,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(d=>{u(d)})}else a(null)})};for(var Be=Ge,x=[],ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Y=0,je=ge.length;Y<je;++Y)x[Y]=ge[Y];function qe(n){return x[n>>18&63]+x[n>>12&63]+x[n>>6&63]+x[n&63]}function He(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(qe(t));return o.join("")}function Ge(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,c=s-t;r<c;r+=i)o.push(He(n,r,r+i>c?c:r+i));return t===1?(e=n[s-1],o.push(x[e>>2]+x[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(x[e>>10]+x[e>>4&63]+x[e<<2&63]+"=")),o.join("")}const ke=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},te="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Xe=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%te.length;e.push(te[t])}return e.join("")},Ye=n=>Be(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),oe=n=>{const e=new Uint8Array(n),{hasCrypto:s}=ke();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*te.length|0;return Xe(e)};function ze(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function me(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",ze(n)).then(t=>e(Ye(new Uint8Array(t))),t=>s(t))})}const Qe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=ke();return e?me(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},$={},Ze=(n,e=window.sessionStorage,s)=>{if(!$[n]&&e){const o=e.getItem(n);o&&($[n]=JSON.parse(o))}const t=1e3*s;return $[n]&&$[n].timestamp+t>Date.now()?$[n].result:null},en=(n,e,s=window.sessionStorage)=>{const t=Date.now();$[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},nn=60*60,sn=n=>async(e,s=nn,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,c=Ze(r,t,s);if(c)return new ae(c);const a=await K(n)(i,{},o);if(a.status!==200)return null;const u=await a.json();return en(r,u,t),new ae(u)},K=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await K(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},ie={refresh_token:"refresh_token",access_token:"access_token"},pe=n=>async(e,s,t=ie.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const d=encodeURIComponent(f),l=encodeURIComponent(r[f]);c.push(`${d}=${l}`)}const a=c.join("&");return(await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},tn=n=>async(e,s,t,o,i={},r,c=1e4)=>{for(const[h,y]of Object.entries(t))s[h]===void 0&&(s[h]=y);const a=[];for(const h in s){const y=encodeURIComponent(h),_=encodeURIComponent(s[h]);a.push(`${y}=${_}`)}const u=a.join("&"),f=await K(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const d=await f.json();let l=null;return f.headers.has(z)&&(l=f.headers.get(z)),{success:!0,data:ee(d,o,r),demonstratingProofOfPossessionNonce:l}},on=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=oe(128),i=await Qe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},z="DPoP-Nonce",rn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const d in s){const l=encodeURIComponent(d),h=encodeURIComponent(s[d]);r.push(`${l}=${h}`)}const c=r.join("&"),a=await K(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(z)&&(u=a.headers.get(z));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ee(f,null,o),demonstratingProofOfPossessionNonce:u}}},we=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},an=n=>{const e=we(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},J=n=>{const e=we(n),{search:s}=e;return cn(s)},cn=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function Ae(n){return new TextEncoder().encode(n)}function ve(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function ln(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Se(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),ve(e)}function Te(n){return ve(ln(n))}var be={};be.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:Te(JSON.stringify(e)),payload:Te(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,c=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,c).then(function(a){const u=Ae(o.protected+"."+o.payload),f={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(f,a,u).then(function(d){return o.signature=Se(new Uint8Array(d)),o.protected+"."+o.payload+"."+o.signature})})};const re={};re.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},re.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var Pe={};Pe.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},Ae(e)).then(function(s){return Se(new Uint8Array(s))})};const un=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},dn=()=>re.generate().then(function(n){return n}),Oe=(n,e="POST",s,t={})=>{const o={jit:btoa(un()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return Pe.thumbprint(n).then(function(i){return be.sign(n,{},o).then(function(r){return r})})},fn=(n,e,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const d=i||o.getPath();if("state"in r||(r.state=oe(16)),s(m.loginAsync_begin,{}),r)for(const l of Object.keys(r))l.endsWith(":token_request")&&delete r[l];try{const l=c?e.silent_redirect_uri:e.redirect_uri;a||(a=e.scope);const h=e.extras?{...e.extras,...r}:r;h.nonce||(h.nonce=oe(12));const y={nonce:h.nonce},_=await E(e,n),g=await t(e.authority,e.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:d,extras:u}),await _.initAsync(g,"loginAsync",e),await _.setNonceAsync(y),_.startKeepAliveServiceWorker(),w=_;else{const T=O(n,e.storage??sessionStorage);T.setLoginParams({callbackPath:d,extras:u}),await T.setNonceAsync(y),w=T}const v={client_id:e.client_id,redirect_uri:l,scope:a,response_type:"code",...h};await on(w,o)(g.authorizationEndpoint,v)}catch(l){throw s(m.loginAsync_error,l),l}})()},hn=n=>async(e=!1)=>{try{n.publishEvent(m.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await n.initAsync(i,s.authority_configuration),a=n.location.getCurrentHref(),f=J(a).session_state,d=await E(s,n.configurationName);let l,h,y,_;if(d)await d.initAsync(c,"loginCallbackAsync",s),await d.setSessionStateAsync(f),h=await d.getNonceAsync(),y=d.getLoginParams(),_=await d.getStateAsync(),d.startKeepAliveServiceWorker(),l=d;else{const S=O(n.configurationName,s.storage??sessionStorage);await S.setSessionStateAsync(f),h=await S.getNonceAsync(),y=S.getLoginParams(),_=await S.getStateAsync(),l=S}const g=J(a);if(g.iss&&g.iss!==c.issuer)throw console.error(),new Error(`issuer not valid (expected: ${c.issuer}, received: ${g.iss})`);if(g.state&&g.state!==_)throw new Error(`state not valid (expected: ${_}, received: ${g.state})`);const w={code:g.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},v={};if(s.token_request_extras)for(const[S,F]of Object.entries(s.token_request_extras))v[S]=F;if(y&&y.extras)for(const[S,F]of Object.entries(y.extras))S.endsWith(":token_request")&&(v[S.replace(":token_request","")]=F);const T=c.tokenEndpoint,j={};if(s.demonstrating_proof_of_possession){const S=await dn();d?await d.setDemonstratingProofOfPossessionJwkAsync(S):await O(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(S),j.DPoP=await Oe(S,"POST",T)}const p=await rn(l)(T,{...w,...v},j,n.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:W,reason:P}=ue(A,h.nonce,c);if(!W)throw new Error(`Tokens are not OpenID valid, reason: ${P}`);if(d){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(d)await d.initAsync(o,"syncTokensAsync",s),k=d.getLoginParams(),C&&await d.setDemonstratingProofOfPossessionNonce(C);else{const S=O(n.configurationName,s.storage);k=S.getLoginParams(),C&&await S.setDemonstratingProofOfPossessionNonce(C)}return await n.startCheckSessionAsync(c.checkSessionIframe,t,f,e),n.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),n.publishEvent(m.loginCallbackAsync_error,s),s}},Ee={access_token:"access_token",refresh_token:"refresh_token"},_n=n=>async e=>{V.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await E(n.configuration,n.configurationName);s?await s.clearAsync(e):await O(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},yn=(n,e,s,t,o)=>async(i=void 0,r=null)=>{const c=n.configuration,a=await n.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const d=f?i:o.getOrigin()+u,l=n.tokens?n.tokens.idToken:"";try{const y=a.revocationEndpoint;if(y){const _=[],g=n.tokens?n.tokens.accessToken:null;if(g&&c.logout_tokens_to_invalidate.includes(Ee.access_token)){const v=pe(s)(y,g,ie.access_token,c.client_id);_.push(v)}const w=n.tokens?n.tokens.refreshToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Ee.refresh_token)){const v=pe(s)(y,w,ie.refresh_token,c.client_id);_.push(v)}_.length>0&&await Promise.all(_)}}catch(y){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(y)}const h=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[y,_]of Object.entries(e))_!==n&&await n.logoutSameTabAsync(n.configuration.client_id,h);if(a.endSessionEndpoint){r||(r={id_token_hint:l},i!==null&&(r.post_logout_redirect_uri=d));let y="";if(r)for(const[_,g]of Object.entries(r))y===""?y+="?":y+="&",y+=`${_}=${encodeURIComponent(g)}`;o.open(`${a.endSessionEndpoint}${y}`)}else o.reload()},gn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ne(n.tokens);)await D({milliseconds:200});if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const t=n.configuration,i=(await n.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const u=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return u.status!==200?null:u.json()})(s);return n.userInfo=c,c};class B{open(e){window.open(e,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const e=window.location;return e.pathname+(e.search||"")+(e.hash||"")}getOrigin(){return window.origin}}const kn=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),mn=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0);break}}return{os:o,osVersion:r}};function pn(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}const wn=()=>{const{name:n,version:e}=pn();if(n==="chrome"&&parseInt(e)<=70||n==="opera"&&(!e||parseInt(e.split(".")[0])<80)||n==="ie")return!1;const s=mn(navigator);return!kn(s)},Ce=()=>fetch;class ae{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const N={},An=(n,e=new B)=>(s,t="default")=>(N[t]||(N[t]=new R(s,t,n,e)),N[t]),vn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=M(n,e.refreshToken,e.expiresAt),{callbackPath:s}},Sn=n=>Math.floor(Math.random()*n),ce=class q{constructor(e,s="default",t,o=new B){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new B;const c=e.service_worker_update_require_callback??Ve(this.location);this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:e.service_worker_activate??wn},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(N,e)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
+
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return N[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=this.location,s=J(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,e.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await E(this.configuration,this.configurationName)?window.localStorage:null;return await sn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await E(t,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=M(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const c=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,c),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=O(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=Z(r,null,t.token_renew_mode);const c=i.getLoginParams();this.timeoutId=M(this,r.refreshToken,this.tokens.expiresAt,c.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Je(this,N,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ke(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=fn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(e),o=t.tokens;return this.tokens=o,await E(this.configuration,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await D({milliseconds:1e3}),this.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await D({milliseconds:1e3}),r--,this.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden?s:s+1;o||(o={});const u=this.configuration,f=(l,h,y=null)=>se(this.configurationName,this.configuration,this.publishEvent.bind(this))(l,h,y),d=async()=>{try{let l;const h=await E(u,this.configurationName);h?l=h.getLoginParams():l=O(this.configurationName,u.storage).getLoginParams();const y=await f({...l.extras,...o,prompt:"none"},l.state);if(y)return i(y.tokens),this.publishEvent(q.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"}}catch(l){if(console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),l&&l.message&&l.message.startsWith("oidc"))return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,a,t,o,i)};if(s>4)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:l,tokens:h,nonce:y}=await this.syncTokensInfoAsync(u,this.configurationName,this.tokens,t);switch(l){case"SESSION_LOST":return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(h),{tokens:h,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(h),this.publishEvent(q.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:h,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),await d();default:{if(this.publishEvent(m.refreshTokensAsync_begin,{refreshToken:e,status:l,tryNumber:s}),!e)return await d();const _=u.client_id,g=u.redirect_uri,w=u.authority,T={...u.token_request_extras?u.token_request_extras:{}};for(const[p,k]of Object.entries(o))p.endsWith(":token_request")&&(T[p.replace(":token_request","")]=k);return await(async()=>{const p={client_id:_,redirect_uri:g,grant_type:"refresh_token",refresh_token:h.refreshToken},k=await this.initAsync(w,u.authority_configuration),A=document.hidden?1e4:3e4*10,C=k.tokenEndpoint,W={};u.demonstrating_proof_of_possession&&(W.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(h.accessToken,C,"POST"));const P=await tn(this.getFetch())(C,p,T,h,W,u.token_renew_mode,A);if(P.success){const{isValid:S,reason:F}=ue(P.data,y.nonce,k);if(!S)return i(null),this.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(i(P.data),P.demonstratingProofOfPossessionNonce){const Ie=await E(u,this.configurationName);Ie?await Ie.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await O(this.configurationName,u.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return this.publishEvent(m.refreshTokensAsync_end,{success:P.success}),this.publishEvent(q.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return this.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),await this.synchroniseTokensAsync(e,a,t,o,i)})()}}}catch(l){return console.error(l),this.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),this.synchroniseTokensAsync(e,a,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await me(e)},r=await E(o,this.configurationName);let c=null,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const u=O(this.configurationName,o.storage);a=await u.getDemonstratingProofOfPossessionJwkAsync(),c=await u.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await Oe(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await this.initAsync(e.authority,e.authority_configuration),a=await E(e,s);if(a){const{status:d,tokens:l}=await a.initAsync(c,"syncTokensAsync",e);if(d==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!d||!l)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(l.issuedAt!==t.issuedAt){const y=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:l,status:y,nonce:_}}r=await a.getNonceAsync()}else{const d=O(s,e.storage??sessionStorage),{tokens:l,status:h}=await d.initAsync();if(l){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(l.issuedAt!==t.issuedAt){const _=U(e.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await d.getNonceAsync();return{tokens:l,status:_,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await d.getNonceAsync()}const f=U(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=vn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=gn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=ye(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await _n(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=yn(this,N,this.getFetch(),console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};ce.getOrCreate=(n,e)=>(s,t="default")=>An(n,e)(s,t),ce.eventNames=m;let R=ce;const Tn=(n,e)=>async(...s)=>{var l;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=e,u=await a.getValidTokenAsync(),f=(l=u==null?void 0:u.tokens)==null?void 0:l.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const d={...r,headers:c};return await n(t,d,...i)},Q=class xe{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new xe(R.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return Re(this._oidc,e,s)}fetchWithTokens(e){return Tn(e,this)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};Q.getOrCreate=(n,e=new B)=>(s,t="default")=>new Q(R.getOrCreate(n,e)(s,t)),Q.eventNames=R.eventNames;let bn=Q;I.OidcClient=bn,I.OidcLocation=B,I.TokenRenewMode=G,I.getFetchDefault=Ce,I.getParseQueryStringFromLocation=J,I.getPath=an,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"renewTokens.d.ts","sourceRoot":"","sources":["../src/renewTokens.ts"],"names":[],"mappings":";AAKA,OAAO,EAAC,SAAS,EAAC,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"renewTokens.d.ts","sourceRoot":"","sources":["../src/renewTokens.ts"],"names":[],"mappings":";AAKA,OAAO,EAAC,SAAS,EAAC,MAAM,YAAY,CAAC;AAoCrC,wBAAsB,6BAA6B,CAAC,IAAI,KAAA,EAAE,YAAY,KAAA,EAAE,YAAY,UAAQ,EAAE,MAAM,GAAC,SAAgB,gBA+BpH;AAED,eAAO,MAAM,eAAe,0DAA0C,SAAS,4BAQ9E,CAAC"}
|
package/dist/requests.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"requests.d.ts","sourceRoot":"","sources":["../src/requests.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qCAAqC,EAAE,MAAM,WAAW,CAAC;AAElE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"requests.d.ts","sourceRoot":"","sources":["../src/requests.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qCAAqC,EAAE,MAAM,WAAW,CAAC;AAElE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAG1C,eAAO,MAAM,eAAe,oCAAsC,MAAM,sEACpE,QAAQ,qCAAqC,CAkBhD,CAAC;AAwBF,eAAO,MAAM,UAAU;;;CAGtB,CAAC;AAEF,eAAO,MAAM,6BAA6B;;EA4BzC,CAAC;AAGF,KAAK,2BAA2B,GAAG;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,mCAAmC,CAAC,EAAE,MAAM,CAAC;CAChD,CAAA;AAED,eAAO,MAAM,wBAAwB,UAAU,KAAK,WAAgB,MAAM,gFAKM,MAAM,yBACH,QAAQ,2BAA2B,CAqCrH,CAAC;AAEF,eAAO,MAAM,gCAAgC,YAAa,GAAG,gBAAgB,cAAc,wBAAyB,SAAS,kBAoB5H,CAAC;AAGF,eAAO,MAAM,6BAA6B,YAAY,GAAG,yEAG4B,MAAM;;;;;;;;;;;;EAoC1F,CAAC"}
|
package/dist/version.d.ts
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axa-fr/oidc-client",
|
|
3
|
-
"version": "7.13.
|
|
3
|
+
"version": "7.13.9",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.umd.cjs",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"url": "https://github.com/AxaFrance/oidc-client.git"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@axa-fr/oidc-client-service-worker": "7.13.
|
|
23
|
+
"@axa-fr/oidc-client-service-worker": "7.13.9"
|
|
24
24
|
},
|
|
25
25
|
"devDependencies": {
|
|
26
26
|
"@testing-library/dom": "^9.3.3",
|
package/src/renewTokens.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import {initSession} from './initSession.js';
|
|
2
2
|
import {initWorkerAsync} from './initWorker.js';
|
|
3
3
|
import Oidc from './oidc.js';
|
|
4
|
-
import {computeTimeLeft} from './parseTokens.js';
|
|
4
|
+
import {computeTimeLeft, setTokens} from './parseTokens.js';
|
|
5
5
|
import timer from './timer.js';
|
|
6
6
|
import {StringMap} from './types.js';
|
|
7
7
|
|
|
@@ -32,7 +32,9 @@ async function loadLatestTokensAsync(oidc, configuration) {
|
|
|
32
32
|
return tokens;
|
|
33
33
|
} else {
|
|
34
34
|
const session = initSession(oidc.configurationName, configuration.storage ?? sessionStorage);
|
|
35
|
-
|
|
35
|
+
let {tokens} = await session.initAsync();
|
|
36
|
+
// @ts-ignore
|
|
37
|
+
tokens = setTokens(tokens, oidc.tokens, configuration.token_renew_mode);
|
|
36
38
|
return tokens;
|
|
37
39
|
}
|
|
38
40
|
}
|
package/src/requests.ts
CHANGED
|
@@ -3,7 +3,6 @@ import { deriveChallengeAsync, generateRandom } from './crypto.js';
|
|
|
3
3
|
import { OidcAuthorizationServiceConfiguration } from './oidc.js';
|
|
4
4
|
import { parseOriginalTokens } from './parseTokens.js';
|
|
5
5
|
import { Fetch, StringMap } from './types.js';
|
|
6
|
-
import EC, {JWK, JWT} from './jwt';
|
|
7
6
|
import {ILOidcLocation} from "./location";
|
|
8
7
|
|
|
9
8
|
const oneHourSecond = 60 * 60;
|
package/src/version.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export default '7.13.
|
|
1
|
+
export default '7.13.9';
|