@axa-fr/oidc-client 7.15.5 → 7.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/index.js +118 -110
- package/dist/index.umd.cjs +2 -2
- package/dist/logout.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/logout.spec.ts +9 -8
- package/src/logout.ts +16 -1
- package/src/oidc.ts +2 -2
- package/src/version.ts +1 -1
package/README.md
CHANGED
|
@@ -312,7 +312,7 @@ export class OidcClient {
|
|
|
312
312
|
/**
|
|
313
313
|
* Starts the OIDC logout process with specified options.
|
|
314
314
|
* @param callbackPathOrUrl The callback path or URL to use after logout.
|
|
315
|
-
* @param extras Additional parameters to send to the OIDC server during the logout request.
|
|
315
|
+
* @param extras Additional parameters to send to the OIDC server during the logout request. {"no_reload:oidc":"true"} to avoid the page reload after logout.
|
|
316
316
|
* @returns A promise resolved when the logout is completed.
|
|
317
317
|
*/
|
|
318
318
|
logoutAsync(callbackPathOrUrl?: string | null | undefined, extras?: StringMap): Promise<void>;
|
package/dist/index.js
CHANGED
|
@@ -189,15 +189,15 @@ const Q = (e, n = null, s) => {
|
|
|
189
189
|
let a, d;
|
|
190
190
|
const f = (function() {
|
|
191
191
|
const u = {}, y = {
|
|
192
|
-
setTimeout: function(_, h,
|
|
192
|
+
setTimeout: function(_, h, w) {
|
|
193
193
|
u[h] = setTimeout(function() {
|
|
194
194
|
_.postMessage(h), u[h] = null;
|
|
195
|
-
},
|
|
195
|
+
}, w);
|
|
196
196
|
},
|
|
197
|
-
setInterval: function(_, h,
|
|
197
|
+
setInterval: function(_, h, w) {
|
|
198
198
|
u[h] = setInterval(function() {
|
|
199
199
|
_.postMessage(h);
|
|
200
|
-
},
|
|
200
|
+
}, w);
|
|
201
201
|
},
|
|
202
202
|
clearTimeout: function(_, h) {
|
|
203
203
|
clearTimeout(u[h]), u[h] = null;
|
|
@@ -207,15 +207,15 @@ const Q = (e, n = null, s) => {
|
|
|
207
207
|
}
|
|
208
208
|
};
|
|
209
209
|
function g(_, h) {
|
|
210
|
-
const
|
|
211
|
-
y[
|
|
210
|
+
const w = h.data[0], v = h.data[1], S = h.data[2];
|
|
211
|
+
y[w] && y[w](_, v, S);
|
|
212
212
|
}
|
|
213
213
|
this.onmessage = function(_) {
|
|
214
214
|
g(self, _);
|
|
215
215
|
}, this.onconnect = function(_) {
|
|
216
216
|
const h = _.ports[0];
|
|
217
|
-
h.onmessage = function(
|
|
218
|
-
g(h,
|
|
217
|
+
h.onmessage = function(w) {
|
|
218
|
+
g(h, w);
|
|
219
219
|
};
|
|
220
220
|
};
|
|
221
221
|
}).toString();
|
|
@@ -284,7 +284,7 @@ const Q = (e, n = null, s) => {
|
|
|
284
284
|
setInterval: i,
|
|
285
285
|
clearInterval: c
|
|
286
286
|
};
|
|
287
|
-
}(), ce = "7.
|
|
287
|
+
}(), ce = "7.17.0";
|
|
288
288
|
let le = null, G;
|
|
289
289
|
const F = ({ milliseconds: e }) => new Promise((n) => B.setTimeout(n, e)), ke = (e = "/") => {
|
|
290
290
|
try {
|
|
@@ -296,13 +296,13 @@ const F = ({ milliseconds: e }) => new Promise((n) => B.setTimeout(n, e)), ke =
|
|
|
296
296
|
}
|
|
297
297
|
}, xe = () => {
|
|
298
298
|
G && G.abort();
|
|
299
|
-
},
|
|
299
|
+
}, We = (e = "/") => fetch(`${e}OidcKeepAliveServiceWorker.json`, {
|
|
300
300
|
headers: {
|
|
301
301
|
"oidc-vanilla": "true"
|
|
302
302
|
}
|
|
303
303
|
}).then((n) => n.statusText === "oidc-service-worker").catch((n) => {
|
|
304
304
|
console.log(n);
|
|
305
|
-
}),
|
|
305
|
+
}), Le = (e) => async (n, s) => {
|
|
306
306
|
s(), await n.update();
|
|
307
307
|
const t = await n.unregister();
|
|
308
308
|
console.log(`Service worker unregistering ${t}`), await F({ milliseconds: 2e3 }), e.reload();
|
|
@@ -322,32 +322,32 @@ const F = ({ milliseconds: e }) => new Promise((n) => B.setTimeout(n, e)), ke =
|
|
|
322
322
|
} catch {
|
|
323
323
|
return null;
|
|
324
324
|
}
|
|
325
|
-
const o = async (k) => O(t)({ type: "clear", data: { status: k }, configurationName: n }), r = async (k,
|
|
326
|
-
const
|
|
325
|
+
const o = async (k) => O(t)({ type: "clear", data: { status: k }, configurationName: n }), r = async (k, A, E) => {
|
|
326
|
+
const b = await O(t)({
|
|
327
327
|
type: "init",
|
|
328
328
|
data: {
|
|
329
329
|
oidcServerConfiguration: k,
|
|
330
|
-
where:
|
|
330
|
+
where: A,
|
|
331
331
|
oidcConfiguration: {
|
|
332
332
|
token_renew_mode: E.token_renew_mode,
|
|
333
333
|
service_worker_convert_all_requests_to_cors: E.service_worker_convert_all_requests_to_cors
|
|
334
334
|
}
|
|
335
335
|
},
|
|
336
336
|
configurationName: n
|
|
337
|
-
}), D =
|
|
338
|
-
return D !== ce && (console.warn(`Service worker ${D} version mismatch with js client version ${ce}, unregistering and reloading`), await E.service_worker_update_require_callback(t, xe)), { tokens: re(
|
|
337
|
+
}), D = b.version;
|
|
338
|
+
return D !== ce && (console.warn(`Service worker ${D} version mismatch with js client version ${ce}, unregistering and reloading`), await E.service_worker_update_require_callback(t, xe)), { tokens: re(b.tokens, null, E.token_renew_mode), status: b.status };
|
|
339
339
|
}, i = (k = "/") => {
|
|
340
340
|
le == null && (le = "not_null", ke(k));
|
|
341
341
|
}, c = (k) => O(t)({ type: "setSessionState", data: { sessionState: k }, configurationName: n }), a = async () => (await O(t)({ type: "getSessionState", data: null, configurationName: n })).sessionState, d = (k) => (sessionStorage[`oidc.nonce.${n}`] = k.nonce, O(t)({ type: "setNonce", data: { nonce: k }, configurationName: n })), f = async () => {
|
|
342
|
-
let
|
|
343
|
-
return
|
|
342
|
+
let A = (await O(t)({ type: "getNonce", data: null, configurationName: n })).nonce;
|
|
343
|
+
return A || (A = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: A };
|
|
344
344
|
};
|
|
345
345
|
let l = {};
|
|
346
346
|
return {
|
|
347
347
|
clearAsync: o,
|
|
348
348
|
initAsync: r,
|
|
349
349
|
startKeepAliveServiceWorker: () => i(e.service_worker_keep_alive_path),
|
|
350
|
-
isServiceWorkerProxyActiveAsync: () =>
|
|
350
|
+
isServiceWorkerProxyActiveAsync: () => We(e.service_worker_keep_alive_path),
|
|
351
351
|
setSessionStateAsync: c,
|
|
352
352
|
getSessionStateAsync: a,
|
|
353
353
|
setNonceAsync: d,
|
|
@@ -360,13 +360,13 @@ const F = ({ milliseconds: e }) => new Promise((n) => B.setTimeout(n, e)), ke =
|
|
|
360
360
|
return l[n] || (l[n] = JSON.parse(k)), l[n];
|
|
361
361
|
},
|
|
362
362
|
getStateAsync: async () => {
|
|
363
|
-
let
|
|
364
|
-
return
|
|
363
|
+
let A = (await O(t)({ type: "getState", data: null, configurationName: n })).state;
|
|
364
|
+
return A || (A = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage")), A;
|
|
365
365
|
},
|
|
366
366
|
setStateAsync: async (k) => (sessionStorage[`oidc.state.${n}`] = k, O(t)({ type: "setState", data: { state: k }, configurationName: n })),
|
|
367
367
|
getCodeVerifierAsync: async () => {
|
|
368
|
-
let
|
|
369
|
-
return
|
|
368
|
+
let A = (await O(t)({ type: "getCodeVerifier", data: null, configurationName: n })).codeVerifier;
|
|
369
|
+
return A || (A = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage")), A;
|
|
370
370
|
},
|
|
371
371
|
setCodeVerifierAsync: async (k) => (sessionStorage[`oidc.code_verifier.${n}`] = k, O(t)({ type: "setCodeVerifier", data: { codeVerifier: k }, configurationName: n })),
|
|
372
372
|
setDemonstratingProofOfPossessionNonce: async (k) => {
|
|
@@ -374,8 +374,8 @@ const F = ({ milliseconds: e }) => new Promise((n) => B.setTimeout(n, e)), ke =
|
|
|
374
374
|
},
|
|
375
375
|
getDemonstratingProofOfPossessionNonce: async () => (await O(t)({ type: "getDemonstratingProofOfPossessionNonce", data: null, configurationName: n })).demonstratingProofOfPossessionNonce,
|
|
376
376
|
setDemonstratingProofOfPossessionJwkAsync: async (k) => {
|
|
377
|
-
const
|
|
378
|
-
O(t)({ type: "setDemonstratingProofOfPossessionJwk", data: { demonstratingProofOfPossessionJwkJson:
|
|
377
|
+
const A = JSON.stringify(k);
|
|
378
|
+
O(t)({ type: "setDemonstratingProofOfPossessionJwk", data: { demonstratingProofOfPossessionJwkJson: A }, configurationName: n });
|
|
379
379
|
},
|
|
380
380
|
getDemonstratingProofOfPossessionJwkAsync: async () => {
|
|
381
381
|
const k = await O(t)({ type: "getDemonstratingProofOfPossessionJwk", data: null, configurationName: n });
|
|
@@ -677,40 +677,40 @@ const J = (e, n, s = null) => {
|
|
|
677
677
|
default: {
|
|
678
678
|
if (e.publishEvent(m.refreshTokensAsync_begin, { refreshToken: u.refreshToken, status: l, tryNumber: n }), !u.refreshToken)
|
|
679
679
|
return await f();
|
|
680
|
-
const g = a.client_id, _ = a.redirect_uri, h = a.authority,
|
|
680
|
+
const g = a.client_id, _ = a.redirect_uri, h = a.authority, v = { ...a.token_request_extras ? a.token_request_extras : {} };
|
|
681
681
|
for (const [P, p] of Object.entries(t))
|
|
682
|
-
P.endsWith(":token_request") && (
|
|
682
|
+
P.endsWith(":token_request") && (v[P.replace(":token_request", "")] = p);
|
|
683
683
|
return await (async () => {
|
|
684
684
|
const P = {
|
|
685
685
|
client_id: g,
|
|
686
686
|
redirect_uri: _,
|
|
687
687
|
grant_type: "refresh_token",
|
|
688
688
|
refresh_token: u.refreshToken
|
|
689
|
-
}, p = await e.initAsync(h, a.authority_configuration), k = document.hidden ? 1e4 : 3e4 * 10,
|
|
690
|
-
a.demonstrating_proof_of_possession && (E.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,
|
|
691
|
-
const
|
|
692
|
-
|
|
689
|
+
}, p = await e.initAsync(h, a.authority_configuration), k = document.hidden ? 1e4 : 3e4 * 10, A = p.tokenEndpoint, E = {};
|
|
690
|
+
a.demonstrating_proof_of_possession && (E.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken, A, "POST"));
|
|
691
|
+
const b = await Ge(e.getFetch())(
|
|
692
|
+
A,
|
|
693
693
|
P,
|
|
694
|
-
|
|
694
|
+
v,
|
|
695
695
|
u,
|
|
696
696
|
E,
|
|
697
697
|
a.token_renew_mode,
|
|
698
698
|
k
|
|
699
699
|
);
|
|
700
|
-
if (
|
|
701
|
-
const { isValid: D, reason:
|
|
700
|
+
if (b.success) {
|
|
701
|
+
const { isValid: D, reason: T } = ge(b.data, y.nonce, p);
|
|
702
702
|
if (!D)
|
|
703
|
-
return o(null), e.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${
|
|
704
|
-
if (o(
|
|
705
|
-
const
|
|
706
|
-
|
|
703
|
+
return o(null), e.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${T}` }), { tokens: null, status: "SESSION_LOST" };
|
|
704
|
+
if (o(b.data), b.demonstratingProofOfPossessionNonce) {
|
|
705
|
+
const L = await C(a, e.configurationName);
|
|
706
|
+
L ? await L.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce) : await I(e.configurationName, a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce);
|
|
707
707
|
}
|
|
708
|
-
return e.publishEvent(m.refreshTokensAsync_end, { success:
|
|
708
|
+
return e.publishEvent(m.refreshTokensAsync_end, { success: b.success }), e.publishEvent(N.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: b.data, status: "LOGGED_IN" };
|
|
709
709
|
} else
|
|
710
710
|
return e.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
711
711
|
message: "bad request",
|
|
712
|
-
tokenResponse:
|
|
713
|
-
}),
|
|
712
|
+
tokenResponse: b
|
|
713
|
+
}), b.status >= 400 && b.status < 500 ? (o(null), e.publishEvent(m.refreshTokensAsync_error, { message: `session lost: ${b.status}` }), { tokens: null, status: "SESSION_LOST" }) : await H(e)(c, s, t, o);
|
|
714
714
|
})();
|
|
715
715
|
}
|
|
716
716
|
}
|
|
@@ -732,16 +732,16 @@ const J = (e, n, s = null) => {
|
|
|
732
732
|
let y = !1;
|
|
733
733
|
window.onmessage = (_) => {
|
|
734
734
|
if (_.origin === d && _.source === f.contentWindow) {
|
|
735
|
-
const h = `${e}_oidc_tokens:`,
|
|
736
|
-
if (
|
|
737
|
-
if (
|
|
735
|
+
const h = `${e}_oidc_tokens:`, w = `${e}_oidc_error:`, v = `${e}_oidc_exception:`, S = _.data;
|
|
736
|
+
if (S && typeof S == "string" && !y) {
|
|
737
|
+
if (S.startsWith(h)) {
|
|
738
738
|
const P = JSON.parse(_.data.replace(h, ""));
|
|
739
739
|
s(m.silentLoginAsync_end, {}), f.remove(), y = !0, l(P);
|
|
740
|
-
} else if (
|
|
741
|
-
const P = JSON.parse(_.data.replace(
|
|
740
|
+
} else if (S.startsWith(w)) {
|
|
741
|
+
const P = JSON.parse(_.data.replace(w, ""));
|
|
742
742
|
s(m.silentLoginAsync_error, P), f.remove(), y = !0, l({ error: "oidc_" + P.error, tokens: null, sessionState: null });
|
|
743
|
-
} else if (
|
|
744
|
-
const P = JSON.parse(_.data.replace(
|
|
743
|
+
} else if (S.startsWith(v)) {
|
|
744
|
+
const P = JSON.parse(_.data.replace(v, ""));
|
|
745
745
|
s(m.silentLoginAsync_error, P), f.remove(), y = !0, u(new Error(P.error));
|
|
746
746
|
}
|
|
747
747
|
}
|
|
@@ -961,21 +961,21 @@ const dn = async (e) => await ln.generate(e), be = (e) => async (n, s = "POST",
|
|
|
961
961
|
const y = n.extras ? { ...n.extras, ...i } : i;
|
|
962
962
|
y.nonce || (y.nonce = se(12));
|
|
963
963
|
const g = { nonce: y.nonce }, _ = await C(n, e), h = await t(n.authority, n.authority_configuration);
|
|
964
|
-
let
|
|
964
|
+
let w;
|
|
965
965
|
if (_)
|
|
966
|
-
_.setLoginParams({ callbackPath: l, extras: d }), await _.initAsync(h, "loginAsync", n), await _.setNonceAsync(g), _.startKeepAliveServiceWorker(),
|
|
966
|
+
_.setLoginParams({ callbackPath: l, extras: d }), await _.initAsync(h, "loginAsync", n), await _.setNonceAsync(g), _.startKeepAliveServiceWorker(), w = _;
|
|
967
967
|
else {
|
|
968
|
-
const
|
|
969
|
-
|
|
968
|
+
const S = I(e, n.storage ?? sessionStorage);
|
|
969
|
+
S.setLoginParams({ callbackPath: l, extras: d }), await S.setNonceAsync(g), w = S;
|
|
970
970
|
}
|
|
971
|
-
const
|
|
971
|
+
const v = {
|
|
972
972
|
client_id: n.client_id,
|
|
973
973
|
redirect_uri: u,
|
|
974
974
|
scope: a,
|
|
975
975
|
response_type: "code",
|
|
976
976
|
...y
|
|
977
977
|
};
|
|
978
|
-
await Ye(
|
|
978
|
+
await Ye(w, o)(h.authorizationEndpoint, v);
|
|
979
979
|
} catch (u) {
|
|
980
980
|
throw s(m.loginAsync_error, u), u;
|
|
981
981
|
}
|
|
@@ -988,8 +988,8 @@ const dn = async (e) => await ln.generate(e), be = (e) => async (n, s = "POST",
|
|
|
988
988
|
if (l)
|
|
989
989
|
await l.initAsync(c, "loginCallbackAsync", s), await l.setSessionStateAsync(f), y = await l.getNonceAsync(), g = l.getLoginParams(), _ = await l.getStateAsync(), l.startKeepAliveServiceWorker(), u = l;
|
|
990
990
|
else {
|
|
991
|
-
const
|
|
992
|
-
await
|
|
991
|
+
const T = I(e.configurationName, s.storage ?? sessionStorage);
|
|
992
|
+
await T.setSessionStateAsync(f), y = await T.getNonceAsync(), g = T.getLoginParams(), _ = await T.getStateAsync(), u = T;
|
|
993
993
|
}
|
|
994
994
|
const h = X(a);
|
|
995
995
|
if (h.error || h.error_description)
|
|
@@ -998,26 +998,26 @@ const dn = async (e) => await ln.generate(e), be = (e) => async (n, s = "POST",
|
|
|
998
998
|
throw console.error(), new Error(`Issuer not valid (expected: ${c.issuer}, received: ${h.iss})`);
|
|
999
999
|
if (h.state && h.state !== _)
|
|
1000
1000
|
throw new Error(`State not valid (expected: ${_}, received: ${h.state})`);
|
|
1001
|
-
const
|
|
1001
|
+
const w = {
|
|
1002
1002
|
code: h.code,
|
|
1003
1003
|
grant_type: "authorization_code",
|
|
1004
1004
|
client_id: s.client_id,
|
|
1005
1005
|
redirect_uri: o
|
|
1006
|
-
},
|
|
1006
|
+
}, v = {};
|
|
1007
1007
|
if (s.token_request_extras)
|
|
1008
|
-
for (const [
|
|
1009
|
-
|
|
1008
|
+
for (const [T, L] of Object.entries(s.token_request_extras))
|
|
1009
|
+
v[T] = L;
|
|
1010
1010
|
if (g && g.extras)
|
|
1011
|
-
for (const [
|
|
1012
|
-
|
|
1013
|
-
const
|
|
1011
|
+
for (const [T, L] of Object.entries(g.extras))
|
|
1012
|
+
T.endsWith(":token_request") && (v[T.replace(":token_request", "")] = L);
|
|
1013
|
+
const S = c.tokenEndpoint, P = {};
|
|
1014
1014
|
if (s.demonstrating_proof_of_possession) {
|
|
1015
|
-
const
|
|
1016
|
-
l ? await l.setDemonstratingProofOfPossessionJwkAsync(
|
|
1015
|
+
const T = await dn(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
|
|
1016
|
+
l ? await l.setDemonstratingProofOfPossessionJwkAsync(T) : await I(e.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(T), P.DPoP = await be(s.demonstrating_proof_of_possession_configuration)(T, "POST", S);
|
|
1017
1017
|
}
|
|
1018
1018
|
const p = await Xe(u)(
|
|
1019
|
-
|
|
1020
|
-
{ ...
|
|
1019
|
+
S,
|
|
1020
|
+
{ ...w, ...v },
|
|
1021
1021
|
P,
|
|
1022
1022
|
e.configuration.token_renew_mode,
|
|
1023
1023
|
i
|
|
@@ -1025,26 +1025,26 @@ const dn = async (e) => await ln.generate(e), be = (e) => async (n, s = "POST",
|
|
|
1025
1025
|
if (!p.success)
|
|
1026
1026
|
throw new Error("Token request failed");
|
|
1027
1027
|
let k;
|
|
1028
|
-
const
|
|
1029
|
-
if (p.data.state !==
|
|
1028
|
+
const A = p.data.tokens, E = p.data.demonstratingProofOfPossessionNonce;
|
|
1029
|
+
if (p.data.state !== v.state)
|
|
1030
1030
|
throw new Error("state is not valid");
|
|
1031
|
-
const { isValid:
|
|
1032
|
-
if (!
|
|
1031
|
+
const { isValid: b, reason: D } = ge(A, y.nonce, c);
|
|
1032
|
+
if (!b)
|
|
1033
1033
|
throw new Error(`Tokens are not OpenID valid, reason: ${D}`);
|
|
1034
1034
|
if (l) {
|
|
1035
|
-
if (
|
|
1035
|
+
if (A.refreshToken && !A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1036
1036
|
throw new Error("Refresh token should be hidden by service worker");
|
|
1037
|
-
if (E &&
|
|
1037
|
+
if (E && A.accessToken && A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1038
1038
|
throw new Error("Demonstration of proof of possession require Access token not hidden by service worker");
|
|
1039
1039
|
}
|
|
1040
1040
|
if (l)
|
|
1041
1041
|
await l.initAsync(o, "syncTokensAsync", s), k = l.getLoginParams(), E && await l.setDemonstratingProofOfPossessionNonce(E);
|
|
1042
1042
|
else {
|
|
1043
|
-
const
|
|
1044
|
-
k =
|
|
1043
|
+
const T = I(e.configurationName, s.storage);
|
|
1044
|
+
k = T.getLoginParams(), E && await T.setDemonstratingProofOfPossessionNonce(E);
|
|
1045
1045
|
}
|
|
1046
1046
|
return await e.startCheckSessionAsync(c.checkSessionIframe, t, f, n), e.publishEvent(m.loginCallbackAsync_end, {}), {
|
|
1047
|
-
tokens:
|
|
1047
|
+
tokens: A,
|
|
1048
1048
|
state: "request.state",
|
|
1049
1049
|
callbackPath: k.callbackPath
|
|
1050
1050
|
};
|
|
@@ -1066,37 +1066,45 @@ const dn = async (e) => await ln.generate(e), be = (e) => async (n, s = "POST",
|
|
|
1066
1066
|
r && (f = r.includes("https://") || r.includes("http://"));
|
|
1067
1067
|
const l = f ? r : o.getOrigin() + d, u = e.tokens ? e.tokens.idToken : "";
|
|
1068
1068
|
try {
|
|
1069
|
-
const
|
|
1070
|
-
if (
|
|
1071
|
-
const
|
|
1072
|
-
if (
|
|
1073
|
-
const S = fe(s)(
|
|
1074
|
-
|
|
1069
|
+
const _ = a.revocationEndpoint;
|
|
1070
|
+
if (_) {
|
|
1071
|
+
const h = [], w = e.tokens ? e.tokens.accessToken : null;
|
|
1072
|
+
if (w && c.logout_tokens_to_invalidate.includes(he.access_token)) {
|
|
1073
|
+
const S = fe(s)(_, w, te.access_token, c.client_id);
|
|
1074
|
+
h.push(S);
|
|
1075
1075
|
}
|
|
1076
|
-
const
|
|
1077
|
-
if (
|
|
1078
|
-
const S = fe(s)(
|
|
1079
|
-
|
|
1076
|
+
const v = e.tokens ? e.tokens.refreshToken : null;
|
|
1077
|
+
if (v && c.logout_tokens_to_invalidate.includes(he.refresh_token)) {
|
|
1078
|
+
const S = fe(s)(_, v, te.refresh_token, c.client_id);
|
|
1079
|
+
h.push(S);
|
|
1080
1080
|
}
|
|
1081
|
-
|
|
1081
|
+
h.length > 0 && await Promise.all(h);
|
|
1082
1082
|
}
|
|
1083
|
-
} catch (
|
|
1084
|
-
t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), t.warn(
|
|
1083
|
+
} catch (_) {
|
|
1084
|
+
t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), t.warn(_);
|
|
1085
1085
|
}
|
|
1086
1086
|
const y = e.tokens && e.tokens.idTokenPayload ? e.tokens.idTokenPayload.sub : null;
|
|
1087
|
-
|
|
1088
|
-
|
|
1089
|
-
|
|
1090
|
-
|
|
1091
|
-
|
|
1092
|
-
|
|
1093
|
-
|
|
1094
|
-
|
|
1095
|
-
|
|
1096
|
-
|
|
1097
|
-
|
|
1098
|
-
|
|
1099
|
-
|
|
1087
|
+
await e.destroyAsync("LOGGED_OUT");
|
|
1088
|
+
for (const [_, h] of Object.entries(n))
|
|
1089
|
+
h !== e ? await e.logoutSameTabAsync(e.configuration.client_id, y) : e.publishEvent(m.logout_from_same_tab, {});
|
|
1090
|
+
let g = !1;
|
|
1091
|
+
if (i) {
|
|
1092
|
+
i = { ...i };
|
|
1093
|
+
for (const [_, h] of Object.entries(i))
|
|
1094
|
+
_.endsWith("no_reload:oidc") && (g = i[_] == "true", delete i[_]);
|
|
1095
|
+
}
|
|
1096
|
+
if (!g)
|
|
1097
|
+
if (a.endSessionEndpoint) {
|
|
1098
|
+
i || (i = {
|
|
1099
|
+
id_token_hint: u
|
|
1100
|
+
}, r !== null && (i.post_logout_redirect_uri = l));
|
|
1101
|
+
let _ = "";
|
|
1102
|
+
if (i)
|
|
1103
|
+
for (const [h, w] of Object.entries(i))
|
|
1104
|
+
_ === "" ? _ += "?" : _ += "&", _ += `${h}=${encodeURIComponent(w)}`;
|
|
1105
|
+
o.open(`${a.endSessionEndpoint}${_}`);
|
|
1106
|
+
} else
|
|
1107
|
+
o.reload();
|
|
1100
1108
|
}, mn = (e) => async (n = !1) => {
|
|
1101
1109
|
if (e.userInfo != null && !n)
|
|
1102
1110
|
return e.userInfo;
|
|
@@ -1268,7 +1276,7 @@ class oe {
|
|
|
1268
1276
|
this.authorizationEndpoint = n.authorization_endpoint, this.tokenEndpoint = n.token_endpoint, this.revocationEndpoint = n.revocation_endpoint, this.userInfoEndpoint = n.userinfo_endpoint, this.checkSessionIframe = n.check_session_iframe, this.issuer = n.issuer, this.endSessionEndpoint = n.end_session_endpoint;
|
|
1269
1277
|
}
|
|
1270
1278
|
}
|
|
1271
|
-
const
|
|
1279
|
+
const W = {}, bn = (e, n = new z()) => (s, t = "default") => (W[t] || (W[t] = new N(s, t, e, n)), W[t]), Pn = async (e) => {
|
|
1272
1280
|
const { parsedTokens: n, callbackPath: s } = await e.loginCallbackAsync();
|
|
1273
1281
|
return e.timeoutId = J(e, n.expiresAt), { callbackPath: s };
|
|
1274
1282
|
}, On = (e) => Math.floor(Math.random() * e), M = class M {
|
|
@@ -1278,7 +1286,7 @@ const L = {}, bn = (e, n = new z()) => (s, t = "default") => (L[t] || (L[t] = ne
|
|
|
1278
1286
|
n.silent_redirect_uri && !n.silent_login_uri && (r = `${n.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
|
|
1279
1287
|
let i = n.refresh_time_before_tokens_expiration_in_second ?? 120;
|
|
1280
1288
|
i > 60 && (i = i - Math.floor(Math.random() * 40)), this.location = o ?? new z();
|
|
1281
|
-
const c = n.service_worker_update_require_callback ??
|
|
1289
|
+
const c = n.service_worker_update_require_callback ?? Le(this.location);
|
|
1282
1290
|
this.configuration = {
|
|
1283
1291
|
...n,
|
|
1284
1292
|
silent_login_uri: r,
|
|
@@ -1309,10 +1317,10 @@ const L = {}, bn = (e, n = new z()) => (s, t = "default") => (L[t] || (L[t] = ne
|
|
|
1309
1317
|
}
|
|
1310
1318
|
static get(n = "default") {
|
|
1311
1319
|
const s = typeof process > "u";
|
|
1312
|
-
if (!Object.prototype.hasOwnProperty.call(
|
|
1320
|
+
if (!Object.prototype.hasOwnProperty.call(W, n) && s)
|
|
1313
1321
|
throw Error(`OIDC library does seem initialized.
|
|
1314
1322
|
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> compoment.`);
|
|
1315
|
-
return
|
|
1323
|
+
return W[n];
|
|
1316
1324
|
}
|
|
1317
1325
|
_silentLoginCallbackFromIFrame() {
|
|
1318
1326
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
@@ -1356,7 +1364,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1356
1364
|
return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise = vn(this), this.tryKeepExistingSessionPromise.then((n) => (this.tryKeepExistingSessionPromise = null, n)));
|
|
1357
1365
|
}
|
|
1358
1366
|
async startCheckSessionAsync(n, s, t, o = !1) {
|
|
1359
|
-
await en(this,
|
|
1367
|
+
await en(this, W, this.configuration)(n, s, t, o);
|
|
1360
1368
|
}
|
|
1361
1369
|
async loginAsync(n = void 0, s = null, t = !1, o = void 0, r = !1) {
|
|
1362
1370
|
return this.loginPromise !== null ? this.loginPromise : r ? Ze(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(s, o) : (this.loginPromise = hn(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(n, s, t, o), this.loginPromise.then((i) => (this.loginPromise = null, i)));
|
|
@@ -1397,13 +1405,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1397
1405
|
return await gn(this)(n);
|
|
1398
1406
|
}
|
|
1399
1407
|
async logoutSameTabAsync(n, s) {
|
|
1400
|
-
this.configuration.monitor_session && this.configuration.client_id === n && s && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === s && (this.publishEvent(m.logout_from_same_tab, { mmessage: "SessionMonitor", sub: s })
|
|
1408
|
+
this.configuration.monitor_session && this.configuration.client_id === n && s && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === s && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_same_tab, { mmessage: "SessionMonitor", sub: s }));
|
|
1401
1409
|
}
|
|
1402
1410
|
async logoutOtherTabAsync(n, s) {
|
|
1403
|
-
this.configuration.monitor_session && this.configuration.client_id === n && s && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === s && (this.publishEvent(m.logout_from_another_tab, { message: "SessionMonitor", sub: s })
|
|
1411
|
+
this.configuration.monitor_session && this.configuration.client_id === n && s && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === s && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_another_tab, { message: "SessionMonitor", sub: s }));
|
|
1404
1412
|
}
|
|
1405
1413
|
async logoutAsync(n = void 0, s = null) {
|
|
1406
|
-
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = kn(this,
|
|
1414
|
+
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = kn(this, W, this.getFetch(), console, this.location)(n, s), this.logoutPromise.then((t) => (this.logoutPromise = null, t)));
|
|
1407
1415
|
}
|
|
1408
1416
|
};
|
|
1409
1417
|
M.getOrCreate = (n, s) => (t, o = "default") => bn(n, s)(t, o), M.eventNames = m;
|
package/dist/index.umd.cjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(N,Y){typeof exports=="object"&&typeof module<"u"?Y(exports):typeof define=="function"&&define.amd?define(["exports"],Y):(N=typeof globalThis<"u"?globalThis:N||self,Y(N["oidc-client"]={}))})(this,function(N){"use strict";const $=console;class Ie{constructor(n,s,t,o=2e3,r=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=r;const i=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,i),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?($.debug(n),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){$.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},E=(e,n=sessionStorage)=>{const s=p=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{n[`oidc.${e}`]=JSON.stringify({tokens:p})},r=async p=>{n[`oidc.session_state.${e}`]=p},i=async()=>n[`oidc.session_state.${e}`],c=p=>{n[`oidc.nonce.${e}`]=p.nonce},a=p=>{n[`oidc.jwk.${e}`]=JSON.stringify(p)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async p=>{n[`oidc.dpop_nonce.${e}`]=p},u=()=>n[`oidc.dpop_nonce.${e}`],y=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:y,setSessionStateAsync:r,getSessionStateAsync:i,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{g[e]=p,n[`oidc.login.${e}`]=JSON.stringify(p)},getLoginParams:()=>{const p=n[`oidc.login.${e}`];return p?(g[e]||(g[e]=JSON.parse(p)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async p=>{n[`oidc.state.${e}`]=p},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async p=>{n[`oidc.code_verifier.${e}`]=p},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:d}},Ce=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Ne=e=>JSON.parse(Ce(e.replace(/-/g,"+").replace(/_/g,"/"))),ue=e=>{try{return e&&xe(e,".")===2?Ne(e.split(".")[1]):null}catch(n){console.warn(n)}return null},xe=(e,n)=>e.split(n).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const z=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let r;n!=null&&"idToken"in n&&!("idToken"in e)?r=n.idToken:r=e.idToken;const i=e.idTokenPayload?e.idTokenPayload:ue(r),c=i&&i.exp?i.exp:Number.MAX_VALUE,a=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Le(e,t,i);let d;e.expiresAt?d=e.expiresAt:s===X.access_token_invalid?d=a:s===X.id_token_invalid?d=c:d=c<a?c:a;const f={...e,idTokenPayload:i,accessTokenPayload:t,expiresAt:d,idToken:r};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},se=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),z(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},te=e=>e?M(0,e.expiresAt)>0:!1,We=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!te(e.tokens)&&t>0;)await R({milliseconds:n}),t=t-1;return{isTokensValid:te(e.tokens),tokens:e.tokens,numberWaited:t-s}},fe=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const r=60*60*24*7;if(t.iat&&t.iat+r<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+r} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},J=function(){const e=function(){let a,d;const f=(function(){const u={},y={setTimeout:function(_,h,A){u[h]=setTimeout(function(){_.postMessage(h),u[h]=null},A)},setInterval:function(_,h,A){u[h]=setInterval(function(){_.postMessage(h)},A)},clearTimeout:function(_,h){clearTimeout(u[h]),u[h]=null},clearInterval:function(_,h){clearInterval(u[h]),u[h]=null}};function g(_,h){const A=h.data[0],S=h.data[1],b=h.data[2];y[A]&&y[A](_,S,b)}this.onmessage=function(_){g(self,_)},this.onconnect=function(_){const h=_.ports[0];h.onmessage=function(A){g(h,A)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});d=URL.createObjectURL(u)}catch{return null}const l=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(d),a.port}catch{l&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(d),a}catch{l&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),s={},t={};e.onmessage=function(a){const d=a.data,f=s[d];if(f){f(),s[d]=null;return}const l=t[d];l&&l()};function o(a,d){const f=n();return e.postMessage(["setTimeout",f,d]),s[f]=a,f}function r(a){e.postMessage(["clearTimeout",a]),s[a]=null}function i(a,d){const f=n();return e.postMessage(["setInterval",f,d]),t[f]=a,f}function c(a){e.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:r,setInterval:i,clearInterval:c}}(),de="7.15.5";let _e=null,Q;const R=({milliseconds:e})=>new Promise(n=>J.setTimeout(n,e)),he=(e="/")=>{try{Q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Q.signal}).catch(t=>{console.log(t)}),R({milliseconds:150*1e3}).then(he)}catch(n){console.log(n)}},De=()=>{Q&&Q.abort()},$e=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),Re=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistering ${t}`),await R({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(r){r.data&&r.data.error?t(r.data.error):s(r.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.register?t=await e.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(t)({type:"claim"})}catch{return null}const o=async k=>O(t)({type:"clear",data:{status:k},configurationName:n}),r=async(k,w,C)=>{const T=await O(t)({type:"init",data:{oidcServerConfiguration:k,where:w,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),V=T.version;return V!==de&&(console.warn(`Service worker ${V} version mismatch with js client version ${de}, unregistering and reloading`),await C.service_worker_update_require_callback(t,De)),{tokens:se(T.tokens,null,C.token_renew_mode),status:T.status}},i=(k="/")=>{_e==null&&(_e="not_null",he(k))},c=k=>O(t)({type:"setSessionState",data:{sessionState:k},configurationName:n}),a=async()=>(await O(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,d=k=>(sessionStorage[`oidc.nonce.${n}`]=k.nonce,O(t)({type:"setNonce",data:{nonce:k},configurationName:n})),f=async()=>{let w=(await O(t)({type:"getNonce",data:null,configurationName:n})).nonce;return w||(w=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:w}};let l={};return{clearAsync:o,initAsync:r,startKeepAliveServiceWorker:()=>i(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>$e(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:d,getNonceAsync:f,setLoginParams:k=>{l[n]=k,localStorage[`oidc.login.${n}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${n}`];return l[n]||(l[n]=JSON.parse(k)),l[n]},getStateAsync:async()=>{let w=(await O(t)({type:"getState",data:null,configurationName:n})).state;return w||(w=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),w},setStateAsync:async k=>(sessionStorage[`oidc.state.${n}`]=k,O(t)({type:"setState",data:{state:k},configurationName:n})),getCodeVerifierAsync:async()=>{let w=(await O(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return w||(w=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),w},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${n}`]=k,O(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:n})),setDemonstratingProofOfPossessionNonce:async k=>{await O(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const w=JSON.stringify(k);O(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:w},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await O(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}},K={},Ke=(e,n=window.sessionStorage,s)=>{if(!K[e]&&n){const o=n.getItem(e);o&&(K[e]=JSON.parse(o))}const t=1e3*s;return K[e]&&K[e].timestamp+t>Date.now()?K[e].result:null},Ue=(e,n,s=window.sessionStorage)=>{const t=Date.now();K[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};for(var Fe=Be,L=[],ye="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Z=0,Ve=ye.length;Z<Ve;++Z)L[Z]=ye[Z];function Me(e){return L[e>>18&63]+L[e>>12&63]+L[e>>6&63]+L[e&63]}function Je(e,n,s){for(var t,o=[],r=n;r<s;r+=3)t=(e[r]<<16&16711680)+(e[r+1]<<8&65280)+(e[r+2]&255),o.push(Me(t));return o.join("")}function Be(e){for(var n,s=e.length,t=s%3,o=[],r=16383,i=0,c=s-t;i<c;i+=r)o.push(Je(e,i,i+r>c?c:i+r));return t===1?(n=e[s-1],o.push(L[n>>2]+L[n<<4&63]+"==")):t===2&&(n=(e[s-2]<<8)+e[s-1],o.push(L[n>>10]+L[n>>4&63]+L[n<<2&63]+"=")),o.join("")}const ge=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",je=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%oe.length;n.push(oe[t])}return n.join("")},qe=e=>Fe(new Uint8Array(e)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),re=e=>{const n=new Uint8Array(e),{hasCrypto:s}=ge();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*oe.length|0;return je(n)};function He(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function ke(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",He(e)).then(t=>n(qe(new Uint8Array(t))),t=>s(t))})}const Ge=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=ge();return n?ke(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Ye=60*60,Xe=e=>async(n,s=Ye,t=window.sessionStorage,o=1e4)=>{const r=`${n}/.well-known/openid-configuration`,i=`oidc.server:${n}`,c=Ke(i,t,s);if(c)return new ce(c);const a=await B(e)(r,{},o);if(a.status!==200)return null;const d=await a.json();return Ue(i,d,t),new ce(d)},B=e=>async(n,s={},t=1e4,o=0)=>{let r;try{const i=new AbortController;setTimeout(()=>i.abort(),t),r=await e(n,{...s,signal:i.signal})}catch(i){if(i.name==="AbortError"||i.message==="Network request failed"){if(o<=1)return await B(e)(n,s,t,o+1);throw i}else throw console.error(i.message),i}return r},ie={refresh_token:"refresh_token",access_token:"access_token"},me=e=>async(n,s,t=ie.refresh_token,o,r=1e4)=>{const i={token:s,token_type_hint:t,client_id:o},c=[];for(const f in i){const l=encodeURIComponent(f),u=encodeURIComponent(i[f]);c.push(`${l}=${u}`)}const a=c.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},r)).status!==200?{success:!1}:{success:!0}},ze=e=>async(n,s,t,o,r={},i,c=1e4)=>{for(const[y,g]of Object.entries(t))s[y]===void 0&&(s[y]=g);const a=[];for(const y in s){const g=encodeURIComponent(y),_=encodeURIComponent(s[y]);a.push(`${g}=${_}`)}const d=a.join("&"),f=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...r},body:d},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let u=null;return f.headers.has(ee)&&(u=f.headers.get(ee)),{success:!0,status:f.status,data:se(l,o,i),demonstratingProofOfPossessionNonce:u}},Qe=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=re(128),r=await Ge(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=r,t.code_challenge_method="S256";let i="";if(t)for(const[c,a]of Object.entries(t))i===""?i+="?":i+="&",i+=`${c}=${encodeURIComponent(a)}`;n.open(`${s}${i}`)},ee="DPoP-Nonce",Ze=e=>async(n,s,t,o,r=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const i=[];for(const l in s){const u=encodeURIComponent(l),y=encodeURIComponent(s[l]);i.push(`${u}=${y}`)}const c=i.join("&"),a=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},r);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let d=null;a.headers.has(ee)&&(d=a.headers.get(ee));const f=await a.json();return{success:!0,data:{state:s.state,tokens:se(f,null,o),demonstratingProofOfPossessionNonce:d}}};async function pe(e,n,s){const t=c=>{e.tokens=c},{tokens:o,status:r}=await ne(e)(0,n,s,t);return await I(e.configuration,e.configurationName)||await E(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(r),null)}const en=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=E(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=z(o,e.tokens,n.token_renew_mode),o}};async function we(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let r;const i=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!i?r=await pe(e,n,s):r=await navigator.locks.request(o,{ifAvailable:!0},async c=>c?await pe(e,n,s):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await en(e,t))),r?(e.timeoutId&&(e.timeoutId=j(e,e.tokens.expiresAt,s)),e.tokens):null}const j=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return J.setTimeout(async()=>{const r={timeLeft:M(t,n)};e.publishEvent(x.eventNames.token_timer,r),await we(e,!1,s)},1e3)},U={SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},nn=e=>async(n,s,t,o=!1)=>{const r={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:r};let i=r;const c=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,s);if(a){const{status:l,tokens:u}=await a.initAsync(c,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};if(l==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(!l||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:r};if(u.issuedAt!==t.issuedAt){const g=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:u,status:g,nonce:_}}i=await a.getNonceAsync()}else{const l=E(s,n.storage??sessionStorage);let{tokens:u,status:y}=await l.initAsync();if(u&&(u=z(u,e.tokens,n.token_renew_mode)),u){if(y==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(u.issuedAt!==t.issuedAt){const _=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",h=await l.getNonceAsync();return{tokens:u,status:_,nonce:h}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};i=await l.getNonceAsync()}const f=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:i}:{tokens:t,status:f,nonce:i}},ne=e=>async(n=0,s=!1,t=null,o)=>{for(;!navigator.onLine&&document.hidden;)await R({milliseconds:1e3}),e.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await R({milliseconds:1e3}),r--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const i=document.hidden,c=n+1;t||(t={});const a=e.configuration,d=(l,u=null,y=null)=>ae(e.configurationName,e.configuration,e.publishEvent.bind(e))(l,u,y),f=async()=>{try{let l;const u=await I(a,e.configurationName);u?l=u.getLoginParams():l=E(e.configurationName,a.storage).getLoginParams();const y=await d({...l.extras,...t,prompt:"none"});if(y)return y.error?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(y.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"})}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),await ne(e)(c,s,t,o)}};if(n>4)return i?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:l,tokens:u,nonce:y}=await nn(e)(a,e.configurationName,e.tokens,s);switch(l){case U.SESSION_LOST:return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case U.NOT_CONNECTED:return o(null),{tokens:null,status:null};case U.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case U.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case U.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case U.REQUIRE_SYNC_TOKENS:return e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:n}),await f();default:{if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:n}),!u.refreshToken)return await f();const g=a.client_id,_=a.redirect_uri,h=a.authority,S={...a.token_request_extras?a.token_request_extras:{}};for(const[P,p]of Object.entries(t))P.endsWith(":token_request")&&(S[P.replace(":token_request","")]=p);return await(async()=>{const P={client_id:g,redirect_uri:_,grant_type:"refresh_token",refresh_token:u.refreshToken},p=await e.initAsync(h,a.authority_configuration),k=document.hidden?1e4:3e4*10,w=p.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,w,"POST"));const T=await ze(e.getFetch())(w,P,S,u,C,a.token_renew_mode,k);if(T.success){const{isValid:V,reason:v}=fe(T.data,y.nonce,p);if(!V)return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${v}`}),{tokens:null,status:"SESSION_LOST"};if(o(T.data),T.demonstratingProofOfPossessionNonce){const D=await I(a,e.configurationName);D?await D.setDemonstratingProofOfPossessionNonce(T.demonstratingProofOfPossessionNonce):await E(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(T.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:T.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:T.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:T}),T.status>=400&&T.status<500?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${T.status}`}),{tokens:null,status:"SESSION_LOST"}):await ne(e)(c,s,t,o)})()}}}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),ne(e)(c,s,t,o)}},ae=(e,n,s)=>(t=null,o=null,r=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let i="";if(o&&(t==null&&(t={}),t.state=o),r&&(t==null&&(t={}),t.scope=r),t!=null)for(const[l,u]of Object.entries(t))i===""?i=`?${encodeURIComponent(l)}=${encodeURIComponent(u)}`:i+=`&${encodeURIComponent(l)}=${encodeURIComponent(u)}`;const c=n.silent_login_uri+i,a=c.indexOf("/",c.indexOf("//")+2),d=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((l,u)=>{try{let y=!1;window.onmessage=_=>{if(_.origin===d&&_.source===f.contentWindow){const h=`${e}_oidc_tokens:`,A=`${e}_oidc_error:`,S=`${e}_oidc_exception:`,b=_.data;if(b&&typeof b=="string"&&!y){if(b.startsWith(h)){const P=JSON.parse(_.data.replace(h,""));s(m.silentLoginAsync_end,{}),f.remove(),y=!0,l(P)}else if(b.startsWith(A)){const P=JSON.parse(_.data.replace(A,""));s(m.silentLoginAsync_error,P),f.remove(),y=!0,l({error:"oidc_"+P.error,tokens:null,sessionState:null})}else if(b.startsWith(S)){const P=JSON.parse(_.data.replace(S,""));s(m.silentLoginAsync_error,P),f.remove(),y=!0,u(new Error(P.error))}}}};const g=n.silent_login_timeout;setTimeout(()=>{y||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),y=!0,u(new Error("timeout")))},g)}catch(y){f.remove(),s(m.silentLoginAsync_error,y),u(y)}})}catch(i){throw s(m.silentLoginAsync_error,i),i}},sn=(e,n,s,t,o)=>(r=null,i=void 0)=>{r={...r};const c=(d,f,l)=>ae(n,s,t.bind(o))(d,f,l);return(async()=>{o.timeoutId&&J.clearTimeout(o.timeoutId);let d;r&&"state"in r&&(d=r.state,delete r.state);try{const f=s.extras?{...s.extras,...r}:r,l=await c({...f,prompt:"none"},d,i);if(l)return o.tokens=l.tokens,t(m.token_aquired,{}),o.timeoutId=j(o,o.tokens.expiresAt,r),{}}catch(f){return f}})()},tn=(e,n,s)=>(t,o,r,i=!1)=>{const c=(a,d=void 0,f=void 0)=>ae(e.configurationName,s,e.publishEvent.bind(e))(a,d,f);return new Promise((a,d)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&r&&!i){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const u=l.idToken,y=l.idTokenPayload;return c({prompt:"none",id_token_hint:u,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const _=g.tokens.idTokenPayload;if(y.sub===_.sub){const h=g.sessionState;e.checkSessionIFrame.start(g.sessionState),y.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",h):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",h)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[_,h]of Object.entries(n))await h.logoutOtherTabAsync(s.client_id,y.sub)})};e.checkSessionIFrame=new Ie(f,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(r),a(e.checkSessionIFrame)}).catch(l=>{d(l)})}else a(null)})},Ae=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},on=e=>{const n=Ae(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},q=e=>{const n=Ae(e),{search:s}=n;return rn(s)},rn=e=>{const n={};let s,t,o;const r=e.split("&");for(t=0,o=r.length;t<o;t++)s=r[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n};function Se(e){return new TextEncoder().encode(e)}function ve(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function an(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Te(e){let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),ve(n)}function be(e){return ve(an(e))}const cn={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var ln={sign:async(e,n,s,t,o="dpop+jwt")=>{switch(e=Object.assign({},e),n.typ=o,n.alg=t.jwtHeaderAlgorithm,n.alg){case"ES256":n.jwk={kty:e.kty,crv:e.crv,x:e.x,y:e.y};break;case"RS256":n.jwk={kty:e.kty,n:e.n,e:e.e,kid:n.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:be(JSON.stringify(n)),payload:be(JSON.stringify(s))},i=t.importKeyAlgorithm,c=!0,a=["sign"],d=await window.crypto.subtle.importKey("jwk",e,i,c,a),f=Se(`${r.protected}.${r.payload}`),l=t.signAlgorithm,u=await window.crypto.subtle.sign(l,d,f);return r.signature=Te(new Uint8Array(u)),`${r.protected}.${r.payload}.${r.signature}`}};const un={generate:async e=>{const n=e,s=!0,t=["sign","verify"],o=await window.crypto.subtle.generateKey(n,s,t);return await window.crypto.subtle.exportKey("jwk",o.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var fn={thumbprint:async(e,n)=>{let s;switch(e.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",e.crv).replace("X",e.x).replace("Y",e.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",e.e).replace("N",e.n);break;default:throw new Error("Unknown or not implemented JWK type")}const t=await window.crypto.subtle.digest(n,Se(s));return Te(new Uint8Array(t))}};const dn=async e=>await un.generate(e),Pe=e=>async(n,s="POST",t,o={})=>{const r={jti:btoa(_n()),htm:s,htu:t,iat:Math.round(Date.now()/1e3),...o},i=await fn.thumbprint(n,e.digestAlgorithm);return await ln.sign(n,{kid:i},r,e)},_n=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},hn=(e,n,s,t,o)=>(r=void 0,i=null,c=!1,a=void 0)=>{const d=i;return i={...i},(async()=>{const l=r||o.getPath();if("state"in i||(i.state=re(16)),s(m.loginAsync_begin,{}),i)for(const u of Object.keys(i))u.endsWith(":token_request")&&delete i[u];try{const u=c?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const y=n.extras?{...n.extras,...i}:i;y.nonce||(y.nonce=re(12));const g={nonce:y.nonce},_=await I(n,e),h=await t(n.authority,n.authority_configuration);let A;if(_)_.setLoginParams({callbackPath:l,extras:d}),await _.initAsync(h,"loginAsync",n),await _.setNonceAsync(g),_.startKeepAliveServiceWorker(),A=_;else{const b=E(e,n.storage??sessionStorage);b.setLoginParams({callbackPath:l,extras:d}),await b.setNonceAsync(g),A=b}const S={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",...y};await Qe(A,o)(h.authorizationEndpoint,S)}catch(u){throw s(m.loginAsync_error,u),u}})()},yn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,r=s.authority,i=s.token_request_timeout,c=await e.initAsync(r,s.authority_configuration),a=e.location.getCurrentHref(),f=q(a).session_state,l=await I(s,e.configurationName);let u,y,g,_;if(l)await l.initAsync(c,"loginCallbackAsync",s),await l.setSessionStateAsync(f),y=await l.getNonceAsync(),g=l.getLoginParams(),_=await l.getStateAsync(),l.startKeepAliveServiceWorker(),u=l;else{const v=E(e.configurationName,s.storage??sessionStorage);await v.setSessionStateAsync(f),y=await v.getNonceAsync(),g=v.getLoginParams(),_=await v.getStateAsync(),u=v}const h=q(a);if(h.error||h.error_description)throw new Error(`Error from OIDC server: ${h.error} - ${h.error_description}`);if(h.iss&&h.iss!==c.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${c.issuer}, received: ${h.iss})`);if(h.state&&h.state!==_)throw new Error(`State not valid (expected: ${_}, received: ${h.state})`);const A={code:h.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},S={};if(s.token_request_extras)for(const[v,D]of Object.entries(s.token_request_extras))S[v]=D;if(g&&g.extras)for(const[v,D]of Object.entries(g.extras))v.endsWith(":token_request")&&(S[v.replace(":token_request","")]=D);const b=c.tokenEndpoint,P={};if(s.demonstrating_proof_of_possession){const v=await dn(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);l?await l.setDemonstratingProofOfPossessionJwkAsync(v):await E(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(v),P.DPoP=await Pe(s.demonstrating_proof_of_possession_configuration)(v,"POST",b)}const p=await Ze(u)(b,{...A,...S},P,e.configuration.token_renew_mode,i);if(!p.success)throw new Error("Token request failed");let k;const w=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==S.state)throw new Error("state is not valid");const{isValid:T,reason:V}=fe(w,y.nonce,c);if(!T)throw new Error(`Tokens are not OpenID valid, reason: ${V}`);if(l){if(w.refreshToken&&!w.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&w.accessToken&&w.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(o,"syncTokensAsync",s),k=l.getLoginParams(),C&&await l.setDemonstratingProofOfPossessionNonce(C);else{const v=E(e.configurationName,s.storage);k=v.getLoginParams(),C&&await v.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(c.checkSessionIframe,t,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:w,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Oe={access_token:"access_token",refresh_token:"refresh_token"},gn=e=>async n=>{J.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await E(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},kn=(e,n,s,t,o)=>async(r=void 0,i=null)=>{const c=e.configuration,a=await e.initAsync(c.authority,c.authority_configuration);r&&typeof r!="string"&&(r=void 0,t.warn("callbackPathOrUrl path is not a string"));const d=r??o.getPath();let f=!1;r&&(f=r.includes("https://")||r.includes("http://"));const l=f?r:o.getOrigin()+d,u=e.tokens?e.tokens.idToken:"";try{const g=a.revocationEndpoint;if(g){const _=[],h=e.tokens?e.tokens.accessToken:null;if(h&&c.logout_tokens_to_invalidate.includes(Oe.access_token)){const S=me(s)(g,h,ie.access_token,c.client_id);_.push(S)}const A=e.tokens?e.tokens.refreshToken:null;if(A&&c.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const S=me(s)(g,A,ie.refresh_token,c.client_id);_.push(S)}_.length>0&&await Promise.all(_)}}catch(g){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(g)}const y=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;for(const[g,_]of Object.entries(n))_!==e?await e.logoutSameTabAsync(e.configuration.client_id,y):e.publishEvent(m.logout_from_same_tab,{});if(await e.destroyAsync("LOGGED_OUT"),a.endSessionEndpoint){i||(i={id_token_hint:u},r!==null&&(i.post_logout_redirect_uri=l));let g="";if(i)for(const[_,h]of Object.entries(i))g===""?g+="?":g+="&",g+=`${_}=${encodeURIComponent(h)}`;o.open(`${a.endSessionEndpoint}${g}`)}else o.reload()},mn=e=>async(n=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;for(;e.tokens&&!te(e.tokens);)await R({milliseconds:200});if(!e.tokens)return null;const s=e.tokens.accessToken;if(!s)return null;const t=e.configuration,r=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const d=await fetch(r,{headers:{authorization:`Bearer ${a}`}});return d.status!==200?null:d.json()})(s);return e.userInfo=c,c};class H{open(n){window.open(n,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const pn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),wn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const r=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in r){const a=r[c];if(a.r.test(s)){o=a.s;break}}let i=t;switch(/Windows/.test(o)&&(i=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":i=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);c!=null&&c.length>2&&(i=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:i}};function An(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const Sn=()=>{const{name:e,version:n}=An();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=wn(navigator);return!pn(s)},vn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const r=n.getLoginParams(e.configurationName);e.timeoutId=j(e,e.tokens.expiresAt,r.extras);const i=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,i),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=E(e.configurationName,s.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){e.tokens=z(r,null,s.token_renew_mode);const i=o.getLoginParams();e.timeoutId=j(e,e.tokens.expiresAt,i.extras);const c=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,c),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ee=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const W={},Tn=(e,n=new H)=>(s,t="default")=>(W[t]||(W[t]=new x(s,t,e,n)),W[t]),bn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=j(e,n.expiresAt),{callbackPath:s}},Pn=e=>Math.floor(Math.random()*e),G=class G{constructor(n,s="default",t,o=new H){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let r=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(r=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let i=n.refresh_time_before_tokens_expiration_in_second??120;i>60&&(i=i-Math.floor(Math.random()*40)),this.location=o??new H;const c=n.service_worker_update_require_callback??Re(this.location);this.configuration={...n,silent_login_uri:r,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:i,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:n.service_worker_activate??Sn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??cn},this.getFetch=t??Ee,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=Pn(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(W,n)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
-
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> compoment.`);return W[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=q(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=q(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ce({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const r=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Xe(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,r,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=vn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,s,t,o=!1){await tn(this,W,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,r=!1){return this.loginPromise!==null?this.loginPromise:r?sn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=hn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.then(i=>(this.loginPromise=null,i)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await yn(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||E(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(G.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){const o=this.configuration,r={ath:await ke(n)},i=await I(o,this.configurationName);let c,a;if(i)c=await i.getDemonstratingProofOfPossessionNonce(),a=await i.getDemonstratingProofOfPossessionJwkAsync();else{const d=E(this.configurationName,o.storage);a=await d.getDemonstratingProofOfPossessionJwkAsync(),c=await d.getDemonstratingProofOfPossessionNonce()}return c&&(r.nonce=c),await Pe(o.demonstrating_proof_of_possession_configuration)(a,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=bn(this),this.loginCallbackWithAutoTokensRenewPromise.then(n=>(this.loginCallbackWithAutoTokensRenewPromise=null,n)))}userInfoAsync(n=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=mn(this)(n),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return J.clearTimeout(this.timeoutId),this.renewTokensPromise=we(this,!0,n),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(n){return await gn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s})
|
|
1
|
+
(function(N,Y){typeof exports=="object"&&typeof module<"u"?Y(exports):typeof define=="function"&&define.amd?define(["exports"],Y):(N=typeof globalThis<"u"?globalThis:N||self,Y(N["oidc-client"]={}))})(this,function(N){"use strict";const $=console;class Ie{constructor(n,s,t,o=2e3,r=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=r;const i=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,i),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?($.debug(n),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){$.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},E=(e,n=sessionStorage)=>{const s=p=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{n[`oidc.${e}`]=JSON.stringify({tokens:p})},r=async p=>{n[`oidc.session_state.${e}`]=p},i=async()=>n[`oidc.session_state.${e}`],c=p=>{n[`oidc.nonce.${e}`]=p.nonce},a=p=>{n[`oidc.jwk.${e}`]=JSON.stringify(p)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async p=>{n[`oidc.dpop_nonce.${e}`]=p},u=()=>n[`oidc.dpop_nonce.${e}`],y=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:y,setSessionStateAsync:r,getSessionStateAsync:i,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{g[e]=p,n[`oidc.login.${e}`]=JSON.stringify(p)},getLoginParams:()=>{const p=n[`oidc.login.${e}`];return p?(g[e]||(g[e]=JSON.parse(p)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async p=>{n[`oidc.state.${e}`]=p},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async p=>{n[`oidc.code_verifier.${e}`]=p},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:d}},Ce=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Ne=e=>JSON.parse(Ce(e.replace(/-/g,"+").replace(/_/g,"/"))),ue=e=>{try{return e&&xe(e,".")===2?Ne(e.split(".")[1]):null}catch(n){console.warn(n)}return null},xe=(e,n)=>e.split(n).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const z=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let r;n!=null&&"idToken"in n&&!("idToken"in e)?r=n.idToken:r=e.idToken;const i=e.idTokenPayload?e.idTokenPayload:ue(r),c=i&&i.exp?i.exp:Number.MAX_VALUE,a=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Le(e,t,i);let d;e.expiresAt?d=e.expiresAt:s===X.access_token_invalid?d=a:s===X.id_token_invalid?d=c:d=c<a?c:a;const f={...e,idTokenPayload:i,accessTokenPayload:t,expiresAt:d,idToken:r};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},se=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),z(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},te=e=>e?M(0,e.expiresAt)>0:!1,We=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!te(e.tokens)&&t>0;)await R({milliseconds:n}),t=t-1;return{isTokensValid:te(e.tokens),tokens:e.tokens,numberWaited:t-s}},fe=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const r=60*60*24*7;if(t.iat&&t.iat+r<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+r} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},J=function(){const e=function(){let a,d;const f=(function(){const u={},y={setTimeout:function(_,h,w){u[h]=setTimeout(function(){_.postMessage(h),u[h]=null},w)},setInterval:function(_,h,w){u[h]=setInterval(function(){_.postMessage(h)},w)},clearTimeout:function(_,h){clearTimeout(u[h]),u[h]=null},clearInterval:function(_,h){clearInterval(u[h]),u[h]=null}};function g(_,h){const w=h.data[0],v=h.data[1],S=h.data[2];y[w]&&y[w](_,v,S)}this.onmessage=function(_){g(self,_)},this.onconnect=function(_){const h=_.ports[0];h.onmessage=function(w){g(h,w)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});d=URL.createObjectURL(u)}catch{return null}const l=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(d),a.port}catch{l&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(d),a}catch{l&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),s={},t={};e.onmessage=function(a){const d=a.data,f=s[d];if(f){f(),s[d]=null;return}const l=t[d];l&&l()};function o(a,d){const f=n();return e.postMessage(["setTimeout",f,d]),s[f]=a,f}function r(a){e.postMessage(["clearTimeout",a]),s[a]=null}function i(a,d){const f=n();return e.postMessage(["setInterval",f,d]),t[f]=a,f}function c(a){e.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:r,setInterval:i,clearInterval:c}}(),de="7.17.0";let _e=null,Q;const R=({milliseconds:e})=>new Promise(n=>J.setTimeout(n,e)),he=(e="/")=>{try{Q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Q.signal}).catch(t=>{console.log(t)}),R({milliseconds:150*1e3}).then(he)}catch(n){console.log(n)}},De=()=>{Q&&Q.abort()},$e=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),Re=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistering ${t}`),await R({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(r){r.data&&r.data.error?t(r.data.error):s(r.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.register?t=await e.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(t)({type:"claim"})}catch{return null}const o=async k=>O(t)({type:"clear",data:{status:k},configurationName:n}),r=async(k,A,C)=>{const b=await O(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),V=b.version;return V!==de&&(console.warn(`Service worker ${V} version mismatch with js client version ${de}, unregistering and reloading`),await C.service_worker_update_require_callback(t,De)),{tokens:se(b.tokens,null,C.token_renew_mode),status:b.status}},i=(k="/")=>{_e==null&&(_e="not_null",he(k))},c=k=>O(t)({type:"setSessionState",data:{sessionState:k},configurationName:n}),a=async()=>(await O(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,d=k=>(sessionStorage[`oidc.nonce.${n}`]=k.nonce,O(t)({type:"setNonce",data:{nonce:k},configurationName:n})),f=async()=>{let A=(await O(t)({type:"getNonce",data:null,configurationName:n})).nonce;return A||(A=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let l={};return{clearAsync:o,initAsync:r,startKeepAliveServiceWorker:()=>i(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>$e(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:d,getNonceAsync:f,setLoginParams:k=>{l[n]=k,localStorage[`oidc.login.${n}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${n}`];return l[n]||(l[n]=JSON.parse(k)),l[n]},getStateAsync:async()=>{let A=(await O(t)({type:"getState",data:null,configurationName:n})).state;return A||(A=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${n}`]=k,O(t)({type:"setState",data:{state:k},configurationName:n})),getCodeVerifierAsync:async()=>{let A=(await O(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${n}`]=k,O(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:n})),setDemonstratingProofOfPossessionNonce:async k=>{await O(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);O(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await O(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}},K={},Ke=(e,n=window.sessionStorage,s)=>{if(!K[e]&&n){const o=n.getItem(e);o&&(K[e]=JSON.parse(o))}const t=1e3*s;return K[e]&&K[e].timestamp+t>Date.now()?K[e].result:null},Ue=(e,n,s=window.sessionStorage)=>{const t=Date.now();K[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};for(var Fe=Be,L=[],ye="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Z=0,Ve=ye.length;Z<Ve;++Z)L[Z]=ye[Z];function Me(e){return L[e>>18&63]+L[e>>12&63]+L[e>>6&63]+L[e&63]}function Je(e,n,s){for(var t,o=[],r=n;r<s;r+=3)t=(e[r]<<16&16711680)+(e[r+1]<<8&65280)+(e[r+2]&255),o.push(Me(t));return o.join("")}function Be(e){for(var n,s=e.length,t=s%3,o=[],r=16383,i=0,c=s-t;i<c;i+=r)o.push(Je(e,i,i+r>c?c:i+r));return t===1?(n=e[s-1],o.push(L[n>>2]+L[n<<4&63]+"==")):t===2&&(n=(e[s-2]<<8)+e[s-1],o.push(L[n>>10]+L[n>>4&63]+L[n<<2&63]+"=")),o.join("")}const ge=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",je=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%oe.length;n.push(oe[t])}return n.join("")},qe=e=>Fe(new Uint8Array(e)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),re=e=>{const n=new Uint8Array(e),{hasCrypto:s}=ge();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*oe.length|0;return je(n)};function He(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function ke(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",He(e)).then(t=>n(qe(new Uint8Array(t))),t=>s(t))})}const Ge=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=ge();return n?ke(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Ye=60*60,Xe=e=>async(n,s=Ye,t=window.sessionStorage,o=1e4)=>{const r=`${n}/.well-known/openid-configuration`,i=`oidc.server:${n}`,c=Ke(i,t,s);if(c)return new ce(c);const a=await B(e)(r,{},o);if(a.status!==200)return null;const d=await a.json();return Ue(i,d,t),new ce(d)},B=e=>async(n,s={},t=1e4,o=0)=>{let r;try{const i=new AbortController;setTimeout(()=>i.abort(),t),r=await e(n,{...s,signal:i.signal})}catch(i){if(i.name==="AbortError"||i.message==="Network request failed"){if(o<=1)return await B(e)(n,s,t,o+1);throw i}else throw console.error(i.message),i}return r},ie={refresh_token:"refresh_token",access_token:"access_token"},me=e=>async(n,s,t=ie.refresh_token,o,r=1e4)=>{const i={token:s,token_type_hint:t,client_id:o},c=[];for(const f in i){const l=encodeURIComponent(f),u=encodeURIComponent(i[f]);c.push(`${l}=${u}`)}const a=c.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},r)).status!==200?{success:!1}:{success:!0}},ze=e=>async(n,s,t,o,r={},i,c=1e4)=>{for(const[y,g]of Object.entries(t))s[y]===void 0&&(s[y]=g);const a=[];for(const y in s){const g=encodeURIComponent(y),_=encodeURIComponent(s[y]);a.push(`${g}=${_}`)}const d=a.join("&"),f=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...r},body:d},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let u=null;return f.headers.has(ee)&&(u=f.headers.get(ee)),{success:!0,status:f.status,data:se(l,o,i),demonstratingProofOfPossessionNonce:u}},Qe=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=re(128),r=await Ge(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=r,t.code_challenge_method="S256";let i="";if(t)for(const[c,a]of Object.entries(t))i===""?i+="?":i+="&",i+=`${c}=${encodeURIComponent(a)}`;n.open(`${s}${i}`)},ee="DPoP-Nonce",Ze=e=>async(n,s,t,o,r=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const i=[];for(const l in s){const u=encodeURIComponent(l),y=encodeURIComponent(s[l]);i.push(`${u}=${y}`)}const c=i.join("&"),a=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},r);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let d=null;a.headers.has(ee)&&(d=a.headers.get(ee));const f=await a.json();return{success:!0,data:{state:s.state,tokens:se(f,null,o),demonstratingProofOfPossessionNonce:d}}};async function pe(e,n,s){const t=c=>{e.tokens=c},{tokens:o,status:r}=await ne(e)(0,n,s,t);return await I(e.configuration,e.configurationName)||await E(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(r),null)}const en=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=E(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=z(o,e.tokens,n.token_renew_mode),o}};async function we(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let r;const i=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!i?r=await pe(e,n,s):r=await navigator.locks.request(o,{ifAvailable:!0},async c=>c?await pe(e,n,s):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await en(e,t))),r?(e.timeoutId&&(e.timeoutId=j(e,e.tokens.expiresAt,s)),e.tokens):null}const j=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return J.setTimeout(async()=>{const r={timeLeft:M(t,n)};e.publishEvent(x.eventNames.token_timer,r),await we(e,!1,s)},1e3)},U={SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},nn=e=>async(n,s,t,o=!1)=>{const r={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:r};let i=r;const c=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,s);if(a){const{status:l,tokens:u}=await a.initAsync(c,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};if(l==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(!l||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:r};if(u.issuedAt!==t.issuedAt){const g=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:u,status:g,nonce:_}}i=await a.getNonceAsync()}else{const l=E(s,n.storage??sessionStorage);let{tokens:u,status:y}=await l.initAsync();if(u&&(u=z(u,e.tokens,n.token_renew_mode)),u){if(y==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(u.issuedAt!==t.issuedAt){const _=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",h=await l.getNonceAsync();return{tokens:u,status:_,nonce:h}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};i=await l.getNonceAsync()}const f=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:i}:{tokens:t,status:f,nonce:i}},ne=e=>async(n=0,s=!1,t=null,o)=>{for(;!navigator.onLine&&document.hidden;)await R({milliseconds:1e3}),e.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await R({milliseconds:1e3}),r--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const i=document.hidden,c=n+1;t||(t={});const a=e.configuration,d=(l,u=null,y=null)=>ae(e.configurationName,e.configuration,e.publishEvent.bind(e))(l,u,y),f=async()=>{try{let l;const u=await I(a,e.configurationName);u?l=u.getLoginParams():l=E(e.configurationName,a.storage).getLoginParams();const y=await d({...l.extras,...t,prompt:"none"});if(y)return y.error?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(y.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"})}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),await ne(e)(c,s,t,o)}};if(n>4)return i?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:l,tokens:u,nonce:y}=await nn(e)(a,e.configurationName,e.tokens,s);switch(l){case U.SESSION_LOST:return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case U.NOT_CONNECTED:return o(null),{tokens:null,status:null};case U.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case U.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case U.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case U.REQUIRE_SYNC_TOKENS:return e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:n}),await f();default:{if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:n}),!u.refreshToken)return await f();const g=a.client_id,_=a.redirect_uri,h=a.authority,v={...a.token_request_extras?a.token_request_extras:{}};for(const[P,p]of Object.entries(t))P.endsWith(":token_request")&&(v[P.replace(":token_request","")]=p);return await(async()=>{const P={client_id:g,redirect_uri:_,grant_type:"refresh_token",refresh_token:u.refreshToken},p=await e.initAsync(h,a.authority_configuration),k=document.hidden?1e4:3e4*10,A=p.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,A,"POST"));const b=await ze(e.getFetch())(A,P,v,u,C,a.token_renew_mode,k);if(b.success){const{isValid:V,reason:T}=fe(b.data,y.nonce,p);if(!V)return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${T}`}),{tokens:null,status:"SESSION_LOST"};if(o(b.data),b.demonstratingProofOfPossessionNonce){const D=await I(a,e.configurationName);D?await D.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await E(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:b.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await ne(e)(c,s,t,o)})()}}}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),ne(e)(c,s,t,o)}},ae=(e,n,s)=>(t=null,o=null,r=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let i="";if(o&&(t==null&&(t={}),t.state=o),r&&(t==null&&(t={}),t.scope=r),t!=null)for(const[l,u]of Object.entries(t))i===""?i=`?${encodeURIComponent(l)}=${encodeURIComponent(u)}`:i+=`&${encodeURIComponent(l)}=${encodeURIComponent(u)}`;const c=n.silent_login_uri+i,a=c.indexOf("/",c.indexOf("//")+2),d=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((l,u)=>{try{let y=!1;window.onmessage=_=>{if(_.origin===d&&_.source===f.contentWindow){const h=`${e}_oidc_tokens:`,w=`${e}_oidc_error:`,v=`${e}_oidc_exception:`,S=_.data;if(S&&typeof S=="string"&&!y){if(S.startsWith(h)){const P=JSON.parse(_.data.replace(h,""));s(m.silentLoginAsync_end,{}),f.remove(),y=!0,l(P)}else if(S.startsWith(w)){const P=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,P),f.remove(),y=!0,l({error:"oidc_"+P.error,tokens:null,sessionState:null})}else if(S.startsWith(v)){const P=JSON.parse(_.data.replace(v,""));s(m.silentLoginAsync_error,P),f.remove(),y=!0,u(new Error(P.error))}}}};const g=n.silent_login_timeout;setTimeout(()=>{y||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),y=!0,u(new Error("timeout")))},g)}catch(y){f.remove(),s(m.silentLoginAsync_error,y),u(y)}})}catch(i){throw s(m.silentLoginAsync_error,i),i}},sn=(e,n,s,t,o)=>(r=null,i=void 0)=>{r={...r};const c=(d,f,l)=>ae(n,s,t.bind(o))(d,f,l);return(async()=>{o.timeoutId&&J.clearTimeout(o.timeoutId);let d;r&&"state"in r&&(d=r.state,delete r.state);try{const f=s.extras?{...s.extras,...r}:r,l=await c({...f,prompt:"none"},d,i);if(l)return o.tokens=l.tokens,t(m.token_aquired,{}),o.timeoutId=j(o,o.tokens.expiresAt,r),{}}catch(f){return f}})()},tn=(e,n,s)=>(t,o,r,i=!1)=>{const c=(a,d=void 0,f=void 0)=>ae(e.configurationName,s,e.publishEvent.bind(e))(a,d,f);return new Promise((a,d)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&r&&!i){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const u=l.idToken,y=l.idTokenPayload;return c({prompt:"none",id_token_hint:u,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const _=g.tokens.idTokenPayload;if(y.sub===_.sub){const h=g.sessionState;e.checkSessionIFrame.start(g.sessionState),y.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",h):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",h)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[_,h]of Object.entries(n))await h.logoutOtherTabAsync(s.client_id,y.sub)})};e.checkSessionIFrame=new Ie(f,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(r),a(e.checkSessionIFrame)}).catch(l=>{d(l)})}else a(null)})},Ae=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},on=e=>{const n=Ae(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},q=e=>{const n=Ae(e),{search:s}=n;return rn(s)},rn=e=>{const n={};let s,t,o;const r=e.split("&");for(t=0,o=r.length;t<o;t++)s=r[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n};function Se(e){return new TextEncoder().encode(e)}function ve(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function an(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Te(e){let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),ve(n)}function be(e){return ve(an(e))}const cn={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var ln={sign:async(e,n,s,t,o="dpop+jwt")=>{switch(e=Object.assign({},e),n.typ=o,n.alg=t.jwtHeaderAlgorithm,n.alg){case"ES256":n.jwk={kty:e.kty,crv:e.crv,x:e.x,y:e.y};break;case"RS256":n.jwk={kty:e.kty,n:e.n,e:e.e,kid:n.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:be(JSON.stringify(n)),payload:be(JSON.stringify(s))},i=t.importKeyAlgorithm,c=!0,a=["sign"],d=await window.crypto.subtle.importKey("jwk",e,i,c,a),f=Se(`${r.protected}.${r.payload}`),l=t.signAlgorithm,u=await window.crypto.subtle.sign(l,d,f);return r.signature=Te(new Uint8Array(u)),`${r.protected}.${r.payload}.${r.signature}`}};const un={generate:async e=>{const n=e,s=!0,t=["sign","verify"],o=await window.crypto.subtle.generateKey(n,s,t);return await window.crypto.subtle.exportKey("jwk",o.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var fn={thumbprint:async(e,n)=>{let s;switch(e.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",e.crv).replace("X",e.x).replace("Y",e.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",e.e).replace("N",e.n);break;default:throw new Error("Unknown or not implemented JWK type")}const t=await window.crypto.subtle.digest(n,Se(s));return Te(new Uint8Array(t))}};const dn=async e=>await un.generate(e),Pe=e=>async(n,s="POST",t,o={})=>{const r={jti:btoa(_n()),htm:s,htu:t,iat:Math.round(Date.now()/1e3),...o},i=await fn.thumbprint(n,e.digestAlgorithm);return await ln.sign(n,{kid:i},r,e)},_n=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},hn=(e,n,s,t,o)=>(r=void 0,i=null,c=!1,a=void 0)=>{const d=i;return i={...i},(async()=>{const l=r||o.getPath();if("state"in i||(i.state=re(16)),s(m.loginAsync_begin,{}),i)for(const u of Object.keys(i))u.endsWith(":token_request")&&delete i[u];try{const u=c?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const y=n.extras?{...n.extras,...i}:i;y.nonce||(y.nonce=re(12));const g={nonce:y.nonce},_=await I(n,e),h=await t(n.authority,n.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:l,extras:d}),await _.initAsync(h,"loginAsync",n),await _.setNonceAsync(g),_.startKeepAliveServiceWorker(),w=_;else{const S=E(e,n.storage??sessionStorage);S.setLoginParams({callbackPath:l,extras:d}),await S.setNonceAsync(g),w=S}const v={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",...y};await Qe(w,o)(h.authorizationEndpoint,v)}catch(u){throw s(m.loginAsync_error,u),u}})()},yn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,r=s.authority,i=s.token_request_timeout,c=await e.initAsync(r,s.authority_configuration),a=e.location.getCurrentHref(),f=q(a).session_state,l=await I(s,e.configurationName);let u,y,g,_;if(l)await l.initAsync(c,"loginCallbackAsync",s),await l.setSessionStateAsync(f),y=await l.getNonceAsync(),g=l.getLoginParams(),_=await l.getStateAsync(),l.startKeepAliveServiceWorker(),u=l;else{const T=E(e.configurationName,s.storage??sessionStorage);await T.setSessionStateAsync(f),y=await T.getNonceAsync(),g=T.getLoginParams(),_=await T.getStateAsync(),u=T}const h=q(a);if(h.error||h.error_description)throw new Error(`Error from OIDC server: ${h.error} - ${h.error_description}`);if(h.iss&&h.iss!==c.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${c.issuer}, received: ${h.iss})`);if(h.state&&h.state!==_)throw new Error(`State not valid (expected: ${_}, received: ${h.state})`);const w={code:h.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},v={};if(s.token_request_extras)for(const[T,D]of Object.entries(s.token_request_extras))v[T]=D;if(g&&g.extras)for(const[T,D]of Object.entries(g.extras))T.endsWith(":token_request")&&(v[T.replace(":token_request","")]=D);const S=c.tokenEndpoint,P={};if(s.demonstrating_proof_of_possession){const T=await dn(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);l?await l.setDemonstratingProofOfPossessionJwkAsync(T):await E(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(T),P.DPoP=await Pe(s.demonstrating_proof_of_possession_configuration)(T,"POST",S)}const p=await Ze(u)(S,{...w,...v},P,e.configuration.token_renew_mode,i);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:b,reason:V}=fe(A,y.nonce,c);if(!b)throw new Error(`Tokens are not OpenID valid, reason: ${V}`);if(l){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(o,"syncTokensAsync",s),k=l.getLoginParams(),C&&await l.setDemonstratingProofOfPossessionNonce(C);else{const T=E(e.configurationName,s.storage);k=T.getLoginParams(),C&&await T.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(c.checkSessionIframe,t,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Oe={access_token:"access_token",refresh_token:"refresh_token"},gn=e=>async n=>{J.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await E(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},kn=(e,n,s,t,o)=>async(r=void 0,i=null)=>{const c=e.configuration,a=await e.initAsync(c.authority,c.authority_configuration);r&&typeof r!="string"&&(r=void 0,t.warn("callbackPathOrUrl path is not a string"));const d=r??o.getPath();let f=!1;r&&(f=r.includes("https://")||r.includes("http://"));const l=f?r:o.getOrigin()+d,u=e.tokens?e.tokens.idToken:"";try{const _=a.revocationEndpoint;if(_){const h=[],w=e.tokens?e.tokens.accessToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Oe.access_token)){const S=me(s)(_,w,ie.access_token,c.client_id);h.push(S)}const v=e.tokens?e.tokens.refreshToken:null;if(v&&c.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const S=me(s)(_,v,ie.refresh_token,c.client_id);h.push(S)}h.length>0&&await Promise.all(h)}}catch(_){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(_)}const y=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[_,h]of Object.entries(n))h!==e?await e.logoutSameTabAsync(e.configuration.client_id,y):e.publishEvent(m.logout_from_same_tab,{});let g=!1;if(i){i={...i};for(const[_,h]of Object.entries(i))_.endsWith("no_reload:oidc")&&(g=i[_]=="true",delete i[_])}if(!g)if(a.endSessionEndpoint){i||(i={id_token_hint:u},r!==null&&(i.post_logout_redirect_uri=l));let _="";if(i)for(const[h,w]of Object.entries(i))_===""?_+="?":_+="&",_+=`${h}=${encodeURIComponent(w)}`;o.open(`${a.endSessionEndpoint}${_}`)}else o.reload()},mn=e=>async(n=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;for(;e.tokens&&!te(e.tokens);)await R({milliseconds:200});if(!e.tokens)return null;const s=e.tokens.accessToken;if(!s)return null;const t=e.configuration,r=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const d=await fetch(r,{headers:{authorization:`Bearer ${a}`}});return d.status!==200?null:d.json()})(s);return e.userInfo=c,c};class H{open(n){window.open(n,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const pn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),wn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const r=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in r){const a=r[c];if(a.r.test(s)){o=a.s;break}}let i=t;switch(/Windows/.test(o)&&(i=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":i=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);c!=null&&c.length>2&&(i=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:i}};function An(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const Sn=()=>{const{name:e,version:n}=An();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=wn(navigator);return!pn(s)},vn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const r=n.getLoginParams(e.configurationName);e.timeoutId=j(e,e.tokens.expiresAt,r.extras);const i=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,i),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=E(e.configurationName,s.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){e.tokens=z(r,null,s.token_renew_mode);const i=o.getLoginParams();e.timeoutId=j(e,e.tokens.expiresAt,i.extras);const c=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,c),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ee=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const W={},Tn=(e,n=new H)=>(s,t="default")=>(W[t]||(W[t]=new x(s,t,e,n)),W[t]),bn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=j(e,n.expiresAt),{callbackPath:s}},Pn=e=>Math.floor(Math.random()*e),G=class G{constructor(n,s="default",t,o=new H){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let r=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(r=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let i=n.refresh_time_before_tokens_expiration_in_second??120;i>60&&(i=i-Math.floor(Math.random()*40)),this.location=o??new H;const c=n.service_worker_update_require_callback??Re(this.location);this.configuration={...n,silent_login_uri:r,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:i,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:n.service_worker_activate??Sn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??cn},this.getFetch=t??Ee,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=Pn(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(W,n)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
+
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> compoment.`);return W[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=q(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=q(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ce({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const r=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Xe(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,r,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=vn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,s,t,o=!1){await tn(this,W,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,r=!1){return this.loginPromise!==null?this.loginPromise:r?sn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=hn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.then(i=>(this.loginPromise=null,i)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await yn(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||E(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(G.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){const o=this.configuration,r={ath:await ke(n)},i=await I(o,this.configurationName);let c,a;if(i)c=await i.getDemonstratingProofOfPossessionNonce(),a=await i.getDemonstratingProofOfPossessionJwkAsync();else{const d=E(this.configurationName,o.storage);a=await d.getDemonstratingProofOfPossessionJwkAsync(),c=await d.getDemonstratingProofOfPossessionNonce()}return c&&(r.nonce=c),await Pe(o.demonstrating_proof_of_possession_configuration)(a,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=bn(this),this.loginCallbackWithAutoTokensRenewPromise.then(n=>(this.loginCallbackWithAutoTokensRenewPromise=null,n)))}userInfoAsync(n=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=mn(this)(n),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return J.clearTimeout(this.timeoutId),this.renewTokensPromise=we(this,!0,n),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(n){return await gn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=kn(this,W,this.getFetch(),console,this.location)(n,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};G.getOrCreate=(n,s)=>(t,o="default")=>Tn(n,s)(t,o),G.eventNames=m;let x=G;const On=(e,n)=>async(...s)=>{var u;const[t,o,...r]=s,i=o?{...o}:{method:"GET"};let c=new Headers;i.headers&&(c=i.headers instanceof Headers?i.headers:new Headers(i.headers));const a=n,d=await a.getValidTokenAsync(),f=(u=d==null?void 0:d.tokens)==null?void 0:u.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const y=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),i.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",y)}else c.set("Authorization",`Bearer ${f}`);i.credentials||(i.credentials="same-origin")}const l={...i,headers:c};return await e(t,l,...r)},F=class F{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new F(x.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,r=!1){return this._oidc.loginAsync(n,s,t,o,r)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t)}async getValidTokenAsync(n=200,s=50){return We(this._oidc,n,s)}fetchWithTokens(n){return On(n,this)}async userInfoAsync(n=!1){return this._oidc.userInfoAsync(n)}};F.getOrCreate=(n,s=new H)=>(t,o="default")=>new F(x.getOrCreate(n,s)(t,o)),F.eventNames=x.eventNames;let le=F;N.OidcClient=le,N.OidcLocation=H,N.TokenRenewMode=X,N.getFetchDefault=Ee,N.getParseQueryStringFromLocation=q,N.getPath=on,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});
|
package/dist/logout.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../src/logout.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAG1C,eAAO,MAAM,gBAAgB;;;CAG5B,CAAC;AAEF,eAAO,MAAM,YAAY,+CAexB,CAAC;AAEF,eAAO,MAAM,WAAW,wEAAoD,cAAc,0BAA+B,MAAM,GAAG,IAAI,GAAG,SAAS,WAAsB,SAAS,
|
|
1
|
+
{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../src/logout.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAG1C,eAAO,MAAM,gBAAgB;;;CAG5B,CAAC;AAEF,eAAO,MAAM,YAAY,+CAexB,CAAC;AAEF,eAAO,MAAM,WAAW,wEAAoD,cAAc,0BAA+B,MAAM,GAAG,IAAI,GAAG,SAAS,WAAsB,SAAS,kBA0FhL,CAAC"}
|
package/dist/version.d.ts
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axa-fr/oidc-client",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.17.0",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.umd.cjs",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"url": "https://github.com/AxaFrance/oidc-client.git"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@axa-fr/oidc-client-service-worker": "7.
|
|
23
|
+
"@axa-fr/oidc-client-service-worker": "7.17.0"
|
|
24
24
|
},
|
|
25
25
|
"devDependencies": {
|
|
26
26
|
"@testing-library/dom": "9.3.4",
|
package/src/logout.spec.ts
CHANGED
|
@@ -6,13 +6,14 @@ import { logoutAsync } from "./logout";
|
|
|
6
6
|
import {ILOidcLocation, OidcLocation} from "./location";
|
|
7
7
|
|
|
8
8
|
describe('Logout test suite', () => {
|
|
9
|
-
|
|
9
|
+
const expectedFinalUrl = "http://api/connect/endsession?id_token_hint=abcd&post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Flogged_out";
|
|
10
10
|
it.each([
|
|
11
|
-
{logout_tokens_to_invalidate:['access_token', 'refresh_token'], expectedResults: ["token=abcd&token_type_hint=access_token&client_id=interactive.public.short","token=abdc&token_type_hint=refresh_token&client_id=interactive.public.short"]},
|
|
12
|
-
{logout_tokens_to_invalidate:['refresh_token'], expectedResults: ["token=abdc&token_type_hint=refresh_token&client_id=interactive.public.short"]},
|
|
13
|
-
{logout_tokens_to_invalidate:['access_token'], expectedResults: ["token=abcd&token_type_hint=access_token&client_id=interactive.public.short"]},
|
|
14
|
-
{logout_tokens_to_invalidate:[], expectedResults: []},
|
|
15
|
-
|
|
11
|
+
{logout_tokens_to_invalidate:['access_token', 'refresh_token'], extras:null, expectedResults: ["token=abcd&token_type_hint=access_token&client_id=interactive.public.short","token=abdc&token_type_hint=refresh_token&client_id=interactive.public.short"], expectedFinalUrl},
|
|
12
|
+
{logout_tokens_to_invalidate:['refresh_token'],extras:null, expectedResults: ["token=abdc&token_type_hint=refresh_token&client_id=interactive.public.short"], expectedFinalUrl},
|
|
13
|
+
{logout_tokens_to_invalidate:['access_token'],extras:null, expectedResults: ["token=abcd&token_type_hint=access_token&client_id=interactive.public.short"], expectedFinalUrl},
|
|
14
|
+
{logout_tokens_to_invalidate:[],extras:null, expectedResults: [], expectedFinalUrl},
|
|
15
|
+
{logout_tokens_to_invalidate:[],extras: {"no_reload:oidc":"true"}, expectedResults: [], expectedFinalUrl:""},
|
|
16
|
+
])('Logout should revoke tokens $logout_tokens_to_invalidate', async ({ logout_tokens_to_invalidate, extras =null, expectedResults, expectedFinalUrl}) => {
|
|
16
17
|
|
|
17
18
|
const configuration = {
|
|
18
19
|
client_id: 'interactive.public.short',
|
|
@@ -70,13 +71,13 @@ describe('Logout test suite', () => {
|
|
|
70
71
|
|
|
71
72
|
}
|
|
72
73
|
|
|
73
|
-
await logoutAsync(oidc, oidcDatabase, mockFetchFn, console, new OidcLocationMock())("/logged_out");
|
|
74
|
+
await logoutAsync(oidc, oidcDatabase, mockFetchFn, console, new OidcLocationMock())("/logged_out", extras);
|
|
74
75
|
|
|
75
76
|
// @ts-ignore
|
|
76
77
|
|
|
77
78
|
const results = mockFetchFn.mock.calls.map((call, index) => call[1].body);
|
|
78
79
|
|
|
79
80
|
expect(results).toEqual(expectedResults);
|
|
80
|
-
expect(finalUrl).toBe(
|
|
81
|
+
expect(finalUrl).toBe(expectedFinalUrl);
|
|
81
82
|
});
|
|
82
83
|
});
|
package/src/logout.ts
CHANGED
|
@@ -69,6 +69,7 @@ export const logoutAsync = (oidc, oidcDatabase, fetch, console, oicLocation:ILOi
|
|
|
69
69
|
const sub = oidc.tokens && oidc.tokens.idTokenPayload ? oidc.tokens.idTokenPayload.sub : null;
|
|
70
70
|
|
|
71
71
|
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
72
|
+
await oidc.destroyAsync('LOGGED_OUT');
|
|
72
73
|
for (const [key, itemOidc] of Object.entries(oidcDatabase)) {
|
|
73
74
|
if (itemOidc !== oidc) {
|
|
74
75
|
// @ts-ignore
|
|
@@ -77,7 +78,21 @@ export const logoutAsync = (oidc, oidcDatabase, fetch, console, oicLocation:ILOi
|
|
|
77
78
|
oidc.publishEvent(eventNames.logout_from_same_tab, {} );
|
|
78
79
|
}
|
|
79
80
|
}
|
|
80
|
-
|
|
81
|
+
|
|
82
|
+
let noReload = false;
|
|
83
|
+
if(extras) {
|
|
84
|
+
extras = {...extras};
|
|
85
|
+
for (const [key, value] of Object.entries(extras)) {
|
|
86
|
+
if (key.endsWith('no_reload:oidc')) {
|
|
87
|
+
noReload = extras[key] == "true";
|
|
88
|
+
delete extras[key];
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
if(noReload) {
|
|
94
|
+
return;
|
|
95
|
+
}
|
|
81
96
|
|
|
82
97
|
if (oidcServerConfiguration.endSessionEndpoint) {
|
|
83
98
|
if (!extras) {
|
package/src/oidc.ts
CHANGED
|
@@ -366,16 +366,16 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
366
366
|
async logoutSameTabAsync(clientId: string, sub: any) {
|
|
367
367
|
// @ts-ignore
|
|
368
368
|
if (this.configuration.monitor_session && this.configuration.client_id === clientId && sub && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === sub) {
|
|
369
|
-
this.publishEvent(eventNames.logout_from_same_tab, { mmessage: 'SessionMonitor', sub });
|
|
370
369
|
await this.destroyAsync('LOGGED_OUT');
|
|
370
|
+
this.publishEvent(eventNames.logout_from_same_tab, { mmessage: 'SessionMonitor', sub });
|
|
371
371
|
}
|
|
372
372
|
}
|
|
373
373
|
|
|
374
374
|
async logoutOtherTabAsync(clientId: string, sub: any) {
|
|
375
375
|
// @ts-ignore
|
|
376
376
|
if (this.configuration.monitor_session && this.configuration.client_id === clientId && sub && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === sub) {
|
|
377
|
-
this.publishEvent(eventNames.logout_from_another_tab, { message: 'SessionMonitor', sub });
|
|
378
377
|
await this.destroyAsync('LOGGED_OUT');
|
|
378
|
+
this.publishEvent(eventNames.logout_from_another_tab, { message: 'SessionMonitor', sub });
|
|
379
379
|
}
|
|
380
380
|
}
|
|
381
381
|
|
package/src/version.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export default '7.
|
|
1
|
+
export default '7.17.0';
|