@axa-fr/oidc-client 7.17.0 → 7.17.1

package/dist/index.umd.cjs

@@ -1,2 +1,2 @@
-(function(N,Y){typeof exports=="object"&&typeof module<"u"?Y(exports):typeof define=="function"&&define.amd?define(["exports"],Y):(N=typeof globalThis<"u"?globalThis:N||self,Y(N["oidc-client"]={}))})(this,function(N){"use strict";const $=console;class Ie{constructor(n,s,t,o=2e3,r=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=r;const i=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,i),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?($.debug(n),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){$.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},E=(e,n=sessionStorage)=>{const s=p=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{n[`oidc.${e}`]=JSON.stringify({tokens:p})},r=async p=>{n[`oidc.session_state.${e}`]=p},i=async()=>n[`oidc.session_state.${e}`],c=p=>{n[`oidc.nonce.${e}`]=p.nonce},a=p=>{n[`oidc.jwk.${e}`]=JSON.stringify(p)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async p=>{n[`oidc.dpop_nonce.${e}`]=p},u=()=>n[`oidc.dpop_nonce.${e}`],y=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:y,setSessionStateAsync:r,getSessionStateAsync:i,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{g[e]=p,n[`oidc.login.${e}`]=JSON.stringify(p)},getLoginParams:()=>{const p=n[`oidc.login.${e}`];return p?(g[e]||(g[e]=JSON.parse(p)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async p=>{n[`oidc.state.${e}`]=p},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async p=>{n[`oidc.code_verifier.${e}`]=p},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:d}},Ce=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Ne=e=>JSON.parse(Ce(e.replace(/-/g,"+").replace(/_/g,"/"))),ue=e=>{try{return e&&xe(e,".")===2?Ne(e.split(".")[1]):null}catch(n){console.warn(n)}return null},xe=(e,n)=>e.split(n).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const z=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let r;n!=null&&"idToken"in n&&!("idToken"in e)?r=n.idToken:r=e.idToken;const i=e.idTokenPayload?e.idTokenPayload:ue(r),c=i&&i.exp?i.exp:Number.MAX_VALUE,a=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Le(e,t,i);let d;e.expiresAt?d=e.expiresAt:s===X.access_token_invalid?d=a:s===X.id_token_invalid?d=c:d=c<a?c:a;const f={...e,idTokenPayload:i,accessTokenPayload:t,expiresAt:d,idToken:r};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},se=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),z(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},te=e=>e?M(0,e.expiresAt)>0:!1,We=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!te(e.tokens)&&t>0;)await R({milliseconds:n}),t=t-1;return{isTokensValid:te(e.tokens),tokens:e.tokens,numberWaited:t-s}},fe=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const r=60*60*24*7;if(t.iat&&t.iat+r<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+r} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},J=function(){const e=function(){let a,d;const f=(function(){const u={},y={setTimeout:function(_,h,w){u[h]=setTimeout(function(){_.postMessage(h),u[h]=null},w)},setInterval:function(_,h,w){u[h]=setInterval(function(){_.postMessage(h)},w)},clearTimeout:function(_,h){clearTimeout(u[h]),u[h]=null},clearInterval:function(_,h){clearInterval(u[h]),u[h]=null}};function g(_,h){const w=h.data[0],v=h.data[1],S=h.data[2];y[w]&&y[w](_,v,S)}this.onmessage=function(_){g(self,_)},this.onconnect=function(_){const h=_.ports[0];h.onmessage=function(w){g(h,w)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});d=URL.createObjectURL(u)}catch{return null}const l=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(d),a.port}catch{l&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(d),a}catch{l&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),s={},t={};e.onmessage=function(a){const d=a.data,f=s[d];if(f){f(),s[d]=null;return}const l=t[d];l&&l()};function o(a,d){const f=n();return e.postMessage(["setTimeout",f,d]),s[f]=a,f}function r(a){e.postMessage(["clearTimeout",a]),s[a]=null}function i(a,d){const f=n();return e.postMessage(["setInterval",f,d]),t[f]=a,f}function c(a){e.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:r,setInterval:i,clearInterval:c}}(),de="7.17.0";let _e=null,Q;const R=({milliseconds:e})=>new Promise(n=>J.setTimeout(n,e)),he=(e="/")=>{try{Q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Q.signal}).catch(t=>{console.log(t)}),R({milliseconds:150*1e3}).then(he)}catch(n){console.log(n)}},De=()=>{Q&&Q.abort()},$e=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),Re=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistering ${t}`),await R({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(r){r.data&&r.data.error?t(r.data.error):s(r.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.register?t=await e.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(t)({type:"claim"})}catch{return null}const o=async k=>O(t)({type:"clear",data:{status:k},configurationName:n}),r=async(k,A,C)=>{const b=await O(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),V=b.version;return V!==de&&(console.warn(`Service worker ${V} version mismatch with js client version ${de}, unregistering and reloading`),await C.service_worker_update_require_callback(t,De)),{tokens:se(b.tokens,null,C.token_renew_mode),status:b.status}},i=(k="/")=>{_e==null&&(_e="not_null",he(k))},c=k=>O(t)({type:"setSessionState",data:{sessionState:k},configurationName:n}),a=async()=>(await O(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,d=k=>(sessionStorage[`oidc.nonce.${n}`]=k.nonce,O(t)({type:"setNonce",data:{nonce:k},configurationName:n})),f=async()=>{let A=(await O(t)({type:"getNonce",data:null,configurationName:n})).nonce;return A||(A=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let l={};return{clearAsync:o,initAsync:r,startKeepAliveServiceWorker:()=>i(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>$e(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:d,getNonceAsync:f,setLoginParams:k=>{l[n]=k,localStorage[`oidc.login.${n}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${n}`];return l[n]||(l[n]=JSON.parse(k)),l[n]},getStateAsync:async()=>{let A=(await O(t)({type:"getState",data:null,configurationName:n})).state;return A||(A=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${n}`]=k,O(t)({type:"setState",data:{state:k},configurationName:n})),getCodeVerifierAsync:async()=>{let A=(await O(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${n}`]=k,O(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:n})),setDemonstratingProofOfPossessionNonce:async k=>{await O(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);O(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await O(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}},K={},Ke=(e,n=window.sessionStorage,s)=>{if(!K[e]&&n){const o=n.getItem(e);o&&(K[e]=JSON.parse(o))}const t=1e3*s;return K[e]&&K[e].timestamp+t>Date.now()?K[e].result:null},Ue=(e,n,s=window.sessionStorage)=>{const t=Date.now();K[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};for(var Fe=Be,L=[],ye="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Z=0,Ve=ye.length;Z<Ve;++Z)L[Z]=ye[Z];function Me(e){return L[e>>18&63]+L[e>>12&63]+L[e>>6&63]+L[e&63]}function Je(e,n,s){for(var t,o=[],r=n;r<s;r+=3)t=(e[r]<<16&16711680)+(e[r+1]<<8&65280)+(e[r+2]&255),o.push(Me(t));return o.join("")}function Be(e){for(var n,s=e.length,t=s%3,o=[],r=16383,i=0,c=s-t;i<c;i+=r)o.push(Je(e,i,i+r>c?c:i+r));return t===1?(n=e[s-1],o.push(L[n>>2]+L[n<<4&63]+"==")):t===2&&(n=(e[s-2]<<8)+e[s-1],o.push(L[n>>10]+L[n>>4&63]+L[n<<2&63]+"=")),o.join("")}const ge=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",je=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%oe.length;n.push(oe[t])}return n.join("")},qe=e=>Fe(new Uint8Array(e)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),re=e=>{const n=new Uint8Array(e),{hasCrypto:s}=ge();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*oe.length|0;return je(n)};function He(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function ke(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",He(e)).then(t=>n(qe(new Uint8Array(t))),t=>s(t))})}const Ge=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=ge();return n?ke(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Ye=60*60,Xe=e=>async(n,s=Ye,t=window.sessionStorage,o=1e4)=>{const r=`${n}/.well-known/openid-configuration`,i=`oidc.server:${n}`,c=Ke(i,t,s);if(c)return new ce(c);const a=await B(e)(r,{},o);if(a.status!==200)return null;const d=await a.json();return Ue(i,d,t),new ce(d)},B=e=>async(n,s={},t=1e4,o=0)=>{let r;try{const i=new AbortController;setTimeout(()=>i.abort(),t),r=await e(n,{...s,signal:i.signal})}catch(i){if(i.name==="AbortError"||i.message==="Network request failed"){if(o<=1)return await B(e)(n,s,t,o+1);throw i}else throw console.error(i.message),i}return r},ie={refresh_token:"refresh_token",access_token:"access_token"},me=e=>async(n,s,t=ie.refresh_token,o,r=1e4)=>{const i={token:s,token_type_hint:t,client_id:o},c=[];for(const f in i){const l=encodeURIComponent(f),u=encodeURIComponent(i[f]);c.push(`${l}=${u}`)}const a=c.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},r)).status!==200?{success:!1}:{success:!0}},ze=e=>async(n,s,t,o,r={},i,c=1e4)=>{for(const[y,g]of Object.entries(t))s[y]===void 0&&(s[y]=g);const a=[];for(const y in s){const g=encodeURIComponent(y),_=encodeURIComponent(s[y]);a.push(`${g}=${_}`)}const d=a.join("&"),f=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...r},body:d},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let u=null;return f.headers.has(ee)&&(u=f.headers.get(ee)),{success:!0,status:f.status,data:se(l,o,i),demonstratingProofOfPossessionNonce:u}},Qe=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=re(128),r=await Ge(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=r,t.code_challenge_method="S256";let i="";if(t)for(const[c,a]of Object.entries(t))i===""?i+="?":i+="&",i+=`${c}=${encodeURIComponent(a)}`;n.open(`${s}${i}`)},ee="DPoP-Nonce",Ze=e=>async(n,s,t,o,r=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const i=[];for(const l in s){const u=encodeURIComponent(l),y=encodeURIComponent(s[l]);i.push(`${u}=${y}`)}const c=i.join("&"),a=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},r);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let d=null;a.headers.has(ee)&&(d=a.headers.get(ee));const f=await a.json();return{success:!0,data:{state:s.state,tokens:se(f,null,o),demonstratingProofOfPossessionNonce:d}}};async function pe(e,n,s){const t=c=>{e.tokens=c},{tokens:o,status:r}=await ne(e)(0,n,s,t);return await I(e.configuration,e.configurationName)||await E(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(r),null)}const en=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=E(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=z(o,e.tokens,n.token_renew_mode),o}};async function we(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let r;const i=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!i?r=await pe(e,n,s):r=await navigator.locks.request(o,{ifAvailable:!0},async c=>c?await pe(e,n,s):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await en(e,t))),r?(e.timeoutId&&(e.timeoutId=j(e,e.tokens.expiresAt,s)),e.tokens):null}const j=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return J.setTimeout(async()=>{const r={timeLeft:M(t,n)};e.publishEvent(x.eventNames.token_timer,r),await we(e,!1,s)},1e3)},U={SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},nn=e=>async(n,s,t,o=!1)=>{const r={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:r};let i=r;const c=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,s);if(a){const{status:l,tokens:u}=await a.initAsync(c,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};if(l==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(!l||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:r};if(u.issuedAt!==t.issuedAt){const g=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:u,status:g,nonce:_}}i=await a.getNonceAsync()}else{const l=E(s,n.storage??sessionStorage);let{tokens:u,status:y}=await l.initAsync();if(u&&(u=z(u,e.tokens,n.token_renew_mode)),u){if(y==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(u.issuedAt!==t.issuedAt){const _=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",h=await l.getNonceAsync();return{tokens:u,status:_,nonce:h}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};i=await l.getNonceAsync()}const f=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:i}:{tokens:t,status:f,nonce:i}},ne=e=>async(n=0,s=!1,t=null,o)=>{for(;!navigator.onLine&&document.hidden;)await R({milliseconds:1e3}),e.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await R({milliseconds:1e3}),r--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const i=document.hidden,c=n+1;t||(t={});const a=e.configuration,d=(l,u=null,y=null)=>ae(e.configurationName,e.configuration,e.publishEvent.bind(e))(l,u,y),f=async()=>{try{let l;const u=await I(a,e.configurationName);u?l=u.getLoginParams():l=E(e.configurationName,a.storage).getLoginParams();const y=await d({...l.extras,...t,prompt:"none"});if(y)return y.error?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(y.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"})}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),await ne(e)(c,s,t,o)}};if(n>4)return i?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:l,tokens:u,nonce:y}=await nn(e)(a,e.configurationName,e.tokens,s);switch(l){case U.SESSION_LOST:return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case U.NOT_CONNECTED:return o(null),{tokens:null,status:null};case U.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case U.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case U.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case U.REQUIRE_SYNC_TOKENS:return e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:n}),await f();default:{if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:n}),!u.refreshToken)return await f();const g=a.client_id,_=a.redirect_uri,h=a.authority,v={...a.token_request_extras?a.token_request_extras:{}};for(const[P,p]of Object.entries(t))P.endsWith(":token_request")&&(v[P.replace(":token_request","")]=p);return await(async()=>{const P={client_id:g,redirect_uri:_,grant_type:"refresh_token",refresh_token:u.refreshToken},p=await e.initAsync(h,a.authority_configuration),k=document.hidden?1e4:3e4*10,A=p.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,A,"POST"));const b=await ze(e.getFetch())(A,P,v,u,C,a.token_renew_mode,k);if(b.success){const{isValid:V,reason:T}=fe(b.data,y.nonce,p);if(!V)return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${T}`}),{tokens:null,status:"SESSION_LOST"};if(o(b.data),b.demonstratingProofOfPossessionNonce){const D=await I(a,e.configurationName);D?await D.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await E(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:b.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await ne(e)(c,s,t,o)})()}}}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),ne(e)(c,s,t,o)}},ae=(e,n,s)=>(t=null,o=null,r=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let i="";if(o&&(t==null&&(t={}),t.state=o),r&&(t==null&&(t={}),t.scope=r),t!=null)for(const[l,u]of Object.entries(t))i===""?i=`?${encodeURIComponent(l)}=${encodeURIComponent(u)}`:i+=`&${encodeURIComponent(l)}=${encodeURIComponent(u)}`;const c=n.silent_login_uri+i,a=c.indexOf("/",c.indexOf("//")+2),d=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((l,u)=>{try{let y=!1;window.onmessage=_=>{if(_.origin===d&&_.source===f.contentWindow){const h=`${e}_oidc_tokens:`,w=`${e}_oidc_error:`,v=`${e}_oidc_exception:`,S=_.data;if(S&&typeof S=="string"&&!y){if(S.startsWith(h)){const P=JSON.parse(_.data.replace(h,""));s(m.silentLoginAsync_end,{}),f.remove(),y=!0,l(P)}else if(S.startsWith(w)){const P=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,P),f.remove(),y=!0,l({error:"oidc_"+P.error,tokens:null,sessionState:null})}else if(S.startsWith(v)){const P=JSON.parse(_.data.replace(v,""));s(m.silentLoginAsync_error,P),f.remove(),y=!0,u(new Error(P.error))}}}};const g=n.silent_login_timeout;setTimeout(()=>{y||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),y=!0,u(new Error("timeout")))},g)}catch(y){f.remove(),s(m.silentLoginAsync_error,y),u(y)}})}catch(i){throw s(m.silentLoginAsync_error,i),i}},sn=(e,n,s,t,o)=>(r=null,i=void 0)=>{r={...r};const c=(d,f,l)=>ae(n,s,t.bind(o))(d,f,l);return(async()=>{o.timeoutId&&J.clearTimeout(o.timeoutId);let d;r&&"state"in r&&(d=r.state,delete r.state);try{const f=s.extras?{...s.extras,...r}:r,l=await c({...f,prompt:"none"},d,i);if(l)return o.tokens=l.tokens,t(m.token_aquired,{}),o.timeoutId=j(o,o.tokens.expiresAt,r),{}}catch(f){return f}})()},tn=(e,n,s)=>(t,o,r,i=!1)=>{const c=(a,d=void 0,f=void 0)=>ae(e.configurationName,s,e.publishEvent.bind(e))(a,d,f);return new Promise((a,d)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&r&&!i){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const u=l.idToken,y=l.idTokenPayload;return c({prompt:"none",id_token_hint:u,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const _=g.tokens.idTokenPayload;if(y.sub===_.sub){const h=g.sessionState;e.checkSessionIFrame.start(g.sessionState),y.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",h):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",h)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[_,h]of Object.entries(n))await h.logoutOtherTabAsync(s.client_id,y.sub)})};e.checkSessionIFrame=new Ie(f,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(r),a(e.checkSessionIFrame)}).catch(l=>{d(l)})}else a(null)})},Ae=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},on=e=>{const n=Ae(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},q=e=>{const n=Ae(e),{search:s}=n;return rn(s)},rn=e=>{const n={};let s,t,o;const r=e.split("&");for(t=0,o=r.length;t<o;t++)s=r[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n};function Se(e){return new TextEncoder().encode(e)}function ve(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function an(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function Te(e){let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),ve(n)}function be(e){return ve(an(e))}const cn={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var ln={sign:async(e,n,s,t,o="dpop+jwt")=>{switch(e=Object.assign({},e),n.typ=o,n.alg=t.jwtHeaderAlgorithm,n.alg){case"ES256":n.jwk={kty:e.kty,crv:e.crv,x:e.x,y:e.y};break;case"RS256":n.jwk={kty:e.kty,n:e.n,e:e.e,kid:n.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:be(JSON.stringify(n)),payload:be(JSON.stringify(s))},i=t.importKeyAlgorithm,c=!0,a=["sign"],d=await window.crypto.subtle.importKey("jwk",e,i,c,a),f=Se(`${r.protected}.${r.payload}`),l=t.signAlgorithm,u=await window.crypto.subtle.sign(l,d,f);return r.signature=Te(new Uint8Array(u)),`${r.protected}.${r.payload}.${r.signature}`}};const un={generate:async e=>{const n=e,s=!0,t=["sign","verify"],o=await window.crypto.subtle.generateKey(n,s,t);return await window.crypto.subtle.exportKey("jwk",o.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var fn={thumbprint:async(e,n)=>{let s;switch(e.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",e.crv).replace("X",e.x).replace("Y",e.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",e.e).replace("N",e.n);break;default:throw new Error("Unknown or not implemented JWK type")}const t=await window.crypto.subtle.digest(n,Se(s));return Te(new Uint8Array(t))}};const dn=async e=>await un.generate(e),Pe=e=>async(n,s="POST",t,o={})=>{const r={jti:btoa(_n()),htm:s,htu:t,iat:Math.round(Date.now()/1e3),...o},i=await fn.thumbprint(n,e.digestAlgorithm);return await ln.sign(n,{kid:i},r,e)},_n=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},hn=(e,n,s,t,o)=>(r=void 0,i=null,c=!1,a=void 0)=>{const d=i;return i={...i},(async()=>{const l=r||o.getPath();if("state"in i||(i.state=re(16)),s(m.loginAsync_begin,{}),i)for(const u of Object.keys(i))u.endsWith(":token_request")&&delete i[u];try{const u=c?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const y=n.extras?{...n.extras,...i}:i;y.nonce||(y.nonce=re(12));const g={nonce:y.nonce},_=await I(n,e),h=await t(n.authority,n.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:l,extras:d}),await _.initAsync(h,"loginAsync",n),await _.setNonceAsync(g),_.startKeepAliveServiceWorker(),w=_;else{const S=E(e,n.storage??sessionStorage);S.setLoginParams({callbackPath:l,extras:d}),await S.setNonceAsync(g),w=S}const v={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",...y};await Qe(w,o)(h.authorizationEndpoint,v)}catch(u){throw s(m.loginAsync_error,u),u}})()},yn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,r=s.authority,i=s.token_request_timeout,c=await e.initAsync(r,s.authority_configuration),a=e.location.getCurrentHref(),f=q(a).session_state,l=await I(s,e.configurationName);let u,y,g,_;if(l)await l.initAsync(c,"loginCallbackAsync",s),await l.setSessionStateAsync(f),y=await l.getNonceAsync(),g=l.getLoginParams(),_=await l.getStateAsync(),l.startKeepAliveServiceWorker(),u=l;else{const T=E(e.configurationName,s.storage??sessionStorage);await T.setSessionStateAsync(f),y=await T.getNonceAsync(),g=T.getLoginParams(),_=await T.getStateAsync(),u=T}const h=q(a);if(h.error||h.error_description)throw new Error(`Error from OIDC server: ${h.error} - ${h.error_description}`);if(h.iss&&h.iss!==c.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${c.issuer}, received: ${h.iss})`);if(h.state&&h.state!==_)throw new Error(`State not valid (expected: ${_}, received: ${h.state})`);const w={code:h.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},v={};if(s.token_request_extras)for(const[T,D]of Object.entries(s.token_request_extras))v[T]=D;if(g&&g.extras)for(const[T,D]of Object.entries(g.extras))T.endsWith(":token_request")&&(v[T.replace(":token_request","")]=D);const S=c.tokenEndpoint,P={};if(s.demonstrating_proof_of_possession){const T=await dn(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);l?await l.setDemonstratingProofOfPossessionJwkAsync(T):await E(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(T),P.DPoP=await Pe(s.demonstrating_proof_of_possession_configuration)(T,"POST",S)}const p=await Ze(u)(S,{...w,...v},P,e.configuration.token_renew_mode,i);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:b,reason:V}=fe(A,y.nonce,c);if(!b)throw new Error(`Tokens are not OpenID valid, reason: ${V}`);if(l){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(o,"syncTokensAsync",s),k=l.getLoginParams(),C&&await l.setDemonstratingProofOfPossessionNonce(C);else{const T=E(e.configurationName,s.storage);k=T.getLoginParams(),C&&await T.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(c.checkSessionIframe,t,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Oe={access_token:"access_token",refresh_token:"refresh_token"},gn=e=>async n=>{J.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await E(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},kn=(e,n,s,t,o)=>async(r=void 0,i=null)=>{const c=e.configuration,a=await e.initAsync(c.authority,c.authority_configuration);r&&typeof r!="string"&&(r=void 0,t.warn("callbackPathOrUrl path is not a string"));const d=r??o.getPath();let f=!1;r&&(f=r.includes("https://")||r.includes("http://"));const l=f?r:o.getOrigin()+d,u=e.tokens?e.tokens.idToken:"";try{const _=a.revocationEndpoint;if(_){const h=[],w=e.tokens?e.tokens.accessToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Oe.access_token)){const S=me(s)(_,w,ie.access_token,c.client_id);h.push(S)}const v=e.tokens?e.tokens.refreshToken:null;if(v&&c.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const S=me(s)(_,v,ie.refresh_token,c.client_id);h.push(S)}h.length>0&&await Promise.all(h)}}catch(_){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(_)}const y=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[_,h]of Object.entries(n))h!==e?await e.logoutSameTabAsync(e.configuration.client_id,y):e.publishEvent(m.logout_from_same_tab,{});let g=!1;if(i){i={...i};for(const[_,h]of Object.entries(i))_.endsWith("no_reload:oidc")&&(g=i[_]=="true",delete i[_])}if(!g)if(a.endSessionEndpoint){i||(i={id_token_hint:u},r!==null&&(i.post_logout_redirect_uri=l));let _="";if(i)for(const[h,w]of Object.entries(i))_===""?_+="?":_+="&",_+=`${h}=${encodeURIComponent(w)}`;o.open(`${a.endSessionEndpoint}${_}`)}else o.reload()},mn=e=>async(n=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;for(;e.tokens&&!te(e.tokens);)await R({milliseconds:200});if(!e.tokens)return null;const s=e.tokens.accessToken;if(!s)return null;const t=e.configuration,r=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const d=await fetch(r,{headers:{authorization:`Bearer ${a}`}});return d.status!==200?null:d.json()})(s);return e.userInfo=c,c};class H{open(n){window.open(n,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const pn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),wn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const r=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in r){const a=r[c];if(a.r.test(s)){o=a.s;break}}let i=t;switch(/Windows/.test(o)&&(i=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":i=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);c!=null&&c.length>2&&(i=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:i}};function An(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const Sn=()=>{const{name:e,version:n}=An();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=wn(navigator);return!pn(s)},vn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const r=n.getLoginParams(e.configurationName);e.timeoutId=j(e,e.tokens.expiresAt,r.extras);const i=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,i),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=E(e.configurationName,s.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){e.tokens=z(r,null,s.token_renew_mode);const i=o.getLoginParams();e.timeoutId=j(e,e.tokens.expiresAt,i.extras);const c=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,c),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ee=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const W={},Tn=(e,n=new H)=>(s,t="default")=>(W[t]||(W[t]=new x(s,t,e,n)),W[t]),bn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=j(e,n.expiresAt),{callbackPath:s}},Pn=e=>Math.floor(Math.random()*e),G=class G{constructor(n,s="default",t,o=new H){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let r=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(r=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let i=n.refresh_time_before_tokens_expiration_in_second??120;i>60&&(i=i-Math.floor(Math.random()*40)),this.location=o??new H;const c=n.service_worker_update_require_callback??Re(this.location);this.configuration={...n,silent_login_uri:r,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:i,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:n.service_worker_activate??Sn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??cn},this.getFetch=t??Ee,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=Pn(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(W,n)&&s)throw Error(`OIDC library does seem initialized.
-Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> compoment.`);return W[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=q(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=q(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ce({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const r=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Xe(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,r,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=vn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,s,t,o=!1){await tn(this,W,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,r=!1){return this.loginPromise!==null?this.loginPromise:r?sn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=hn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.then(i=>(this.loginPromise=null,i)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await yn(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||E(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(G.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){const o=this.configuration,r={ath:await ke(n)},i=await I(o,this.configurationName);let c,a;if(i)c=await i.getDemonstratingProofOfPossessionNonce(),a=await i.getDemonstratingProofOfPossessionJwkAsync();else{const d=E(this.configurationName,o.storage);a=await d.getDemonstratingProofOfPossessionJwkAsync(),c=await d.getDemonstratingProofOfPossessionNonce()}return c&&(r.nonce=c),await Pe(o.demonstrating_proof_of_possession_configuration)(a,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=bn(this),this.loginCallbackWithAutoTokensRenewPromise.then(n=>(this.loginCallbackWithAutoTokensRenewPromise=null,n)))}userInfoAsync(n=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=mn(this)(n),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return J.clearTimeout(this.timeoutId),this.renewTokensPromise=we(this,!0,n),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(n){return await gn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=kn(this,W,this.getFetch(),console,this.location)(n,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};G.getOrCreate=(n,s)=>(t,o="default")=>Tn(n,s)(t,o),G.eventNames=m;let x=G;const On=(e,n)=>async(...s)=>{var u;const[t,o,...r]=s,i=o?{...o}:{method:"GET"};let c=new Headers;i.headers&&(c=i.headers instanceof Headers?i.headers:new Headers(i.headers));const a=n,d=await a.getValidTokenAsync(),f=(u=d==null?void 0:d.tokens)==null?void 0:u.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const y=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),i.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",y)}else c.set("Authorization",`Bearer ${f}`);i.credentials||(i.credentials="same-origin")}const l={...i,headers:c};return await e(t,l,...r)},F=class F{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new F(x.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,r=!1){return this._oidc.loginAsync(n,s,t,o,r)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t)}async getValidTokenAsync(n=200,s=50){return We(this._oidc,n,s)}fetchWithTokens(n){return On(n,this)}async userInfoAsync(n=!1){return this._oidc.userInfoAsync(n)}};F.getOrCreate=(n,s=new H)=>(t,o="default")=>new F(x.getOrCreate(n,s)(t,o)),F.eventNames=x.eventNames;let le=F;N.OidcClient=le,N.OidcLocation=H,N.TokenRenewMode=X,N.getFetchDefault=Ee,N.getParseQueryStringFromLocation=q,N.getPath=on,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});
+(function(N,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(N=typeof globalThis<"u"?globalThis:N||self,G(N["oidc-client"]={}))})(this,function(N){"use strict";const D=console;class Pe{constructor(n,s,t,o=2e3,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(D.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(D.debug(n),D.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):D.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){D.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(D.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},E=(e,n=sessionStorage)=>{const s=p=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{n[`oidc.${e}`]=JSON.stringify({tokens:p})},i=async p=>{n[`oidc.session_state.${e}`]=p},r=async()=>n[`oidc.session_state.${e}`],c=p=>{n[`oidc.nonce.${e}`]=p.nonce},a=p=>{n[`oidc.jwk.${e}`]=JSON.stringify(p)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async p=>{n[`oidc.dpop_nonce.${e}`]=p},u=()=>n[`oidc.dpop_nonce.${e}`],y=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:y,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{g[e]=p,n[`oidc.login.${e}`]=JSON.stringify(p)},getLoginParams:()=>{const p=n[`oidc.login.${e}`];return p?(g[e]||(g[e]=JSON.parse(p)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async p=>{n[`oidc.state.${e}`]=p},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async p=>{n[`oidc.code_verifier.${e}`]=p},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:d}},Oe=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Ee=e=>JSON.parse(Oe(e.replace(/-/g,"+").replace(/_/g,"/"))),le=e=>{try{return e&&Ie(e,".")===2?Ee(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Ie=(e,n)=>e.split(n).length-1,Y={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Ce(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const X=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=le(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:le(i),c=r&&r.exp?r.exp:Number.MAX_VALUE,a=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Ce(e,t,r);let d;e.expiresAt?d=e.expiresAt:s===Y.access_token_invalid?d=a:s===Y.id_token_invalid?d=c:d=c<a?c:a;const f={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:d,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),X(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},ne=e=>e?M(0,e.expiresAt)>0:!1,Ne=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!ne(e.tokens)&&t>0;)await $({milliseconds:n}),t=t-1;return{isTokensValid:ne(e.tokens),tokens:e.tokens,numberWaited:t-s}},ue=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},F=function(){const e=function(){let a,d;const f=(function(){const u={},y={setTimeout:function(_,h,w){u[h]=setTimeout(function(){_.postMessage(h),u[h]=null},w)},setInterval:function(_,h,w){u[h]=setInterval(function(){_.postMessage(h)},w)},clearTimeout:function(_,h){clearTimeout(u[h]),u[h]=null},clearInterval:function(_,h){clearInterval(u[h]),u[h]=null}};function g(_,h){const w=h.data[0],v=h.data[1],S=h.data[2];y[w]&&y[w](_,v,S)}this.onmessage=function(_){g(self,_)},this.onconnect=function(_){const h=_.ports[0];h.onmessage=function(w){g(h,w)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});d=URL.createObjectURL(u)}catch{return null}const l=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(d),a.port}catch{l&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(d),a}catch{l&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),s={},t={};e.onmessage=function(a){const d=a.data,f=s[d];if(f){f(),s[d]=null;return}const l=t[d];l&&l()};function o(a,d){const f=n();return e.postMessage(["setTimeout",f,d]),s[f]=a,f}function i(a){e.postMessage(["clearTimeout",a]),s[a]=null}function r(a,d){const f=n();return e.postMessage(["setInterval",f,d]),t[f]=a,f}function c(a){e.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:c}}(),fe="7.17.1";let de=null,z;const $=({milliseconds:e})=>new Promise(n=>F.setTimeout(n,e)),_e=(e="/")=>{try{z=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:z.signal}).catch(t=>{console.log(t)}),$({milliseconds:150*1e3}).then(_e)}catch(n){console.log(n)}},Le=()=>{z&&z.abort()},We=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),xe=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistering ${t}`),await $({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.register?t=await e.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(t)({type:"claim"})}catch{return null}const o=async k=>O(t)({type:"clear",data:{status:k},configurationName:n}),i=async(k,A,C)=>{const b=await O(t)({type:"init",data:{oidcServerConfiguration:k,where:A,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),V=b.version;return V!==fe&&(console.warn(`Service worker ${V} version mismatch with js client version ${fe}, unregistering and reloading`),await C.service_worker_update_require_callback(t,Le)),{tokens:ee(b.tokens,null,C.token_renew_mode),status:b.status}},r=(k="/")=>{de==null&&(de="not_null",_e(k))},c=k=>O(t)({type:"setSessionState",data:{sessionState:k},configurationName:n}),a=async()=>(await O(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,d=k=>(sessionStorage[`oidc.nonce.${n}`]=k.nonce,O(t)({type:"setNonce",data:{nonce:k},configurationName:n})),f=async()=>{let A=(await O(t)({type:"getNonce",data:null,configurationName:n})).nonce;return A||(A=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let l={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>We(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:d,getNonceAsync:f,setLoginParams:k=>{l[n]=k,localStorage[`oidc.login.${n}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${n}`];return l[n]||(l[n]=JSON.parse(k)),l[n]},getStateAsync:async()=>{let A=(await O(t)({type:"getState",data:null,configurationName:n})).state;return A||(A=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async k=>(sessionStorage[`oidc.state.${n}`]=k,O(t)({type:"setState",data:{state:k},configurationName:n})),getCodeVerifierAsync:async()=>{let A=(await O(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${n}`]=k,O(t)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:n})),setDemonstratingProofOfPossessionNonce:async k=>{await O(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const A=JSON.stringify(k);O(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await O(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}},R={},De=(e,n=window.sessionStorage,s)=>{if(!R[e]&&n){const o=n.getItem(e);o&&(R[e]=JSON.parse(o))}const t=1e3*s;return R[e]&&R[e].timestamp+t>Date.now()?R[e].result:null},$e=(e,n,s=window.sessionStorage)=>{const t=Date.now();R[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function he(e){return new TextEncoder().encode(e)}function ye(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Re(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const se=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),ye(n)};function ge(e){return ye(Re(e))}const Ke={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var Ue={sign:async(e,n,s,t,o="dpop+jwt")=>{switch(e=Object.assign({},e),n.typ=o,n.alg=t.jwtHeaderAlgorithm,n.alg){case"ES256":n.jwk={kty:e.kty,crv:e.crv,x:e.x,y:e.y};break;case"RS256":n.jwk={kty:e.kty,n:e.n,e:e.e,kid:n.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const i={protected:ge(JSON.stringify(n)),payload:ge(JSON.stringify(s))},r=t.importKeyAlgorithm,c=!0,a=["sign"],d=await window.crypto.subtle.importKey("jwk",e,r,c,a),f=he(`${i.protected}.${i.payload}`),l=t.signAlgorithm,u=await window.crypto.subtle.sign(l,d,f);return i.signature=se(new Uint8Array(u)),`${i.protected}.${i.payload}.${i.signature}`}};const Ve={generate:async e=>{const n=e,s=!0,t=["sign","verify"],o=await window.crypto.subtle.generateKey(n,s,t);return await window.crypto.subtle.exportKey("jwk",o.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var Me={thumbprint:async(e,n)=>{let s;switch(e.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",e.crv).replace("X",e.x).replace("Y",e.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",e.e).replace("N",e.n);break;default:throw new Error("Unknown or not implemented JWK type")}const t=await window.crypto.subtle.digest(n,he(s));return se(new Uint8Array(t))}};const Fe=async e=>await Ve.generate(e),ke=e=>async(n,s="POST",t,o={})=>{const i={jti:btoa(Je()),htm:s,htu:t,iat:Math.round(Date.now()/1e3),...o},r=await Me.thumbprint(n,e.digestAlgorithm);return await Ue.sign(n,{kid:r},i,e)},Je=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},me=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},te="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Be=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%te.length;n.push(te[t])}return n.join("")},oe=e=>{const n=new Uint8Array(e),{hasCrypto:s}=me();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*te.length|0;return Be(n)};function je(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function pe(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",je(e)).then(t=>n(se(new Uint8Array(t))),t=>s(t))})}const qe=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=me();return n?pe(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},He=60*60,Ge=e=>async(n,s=He,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,c=De(r,t,s);if(c)return new ae(c);const a=await J(e)(i,{},o);if(a.status!==200)return null;const d=await a.json();return $e(r,d,t),new ae(d)},J=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},ie={refresh_token:"refresh_token",access_token:"access_token"},we=e=>async(n,s,t=ie.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},c=[];for(const f in r){const l=encodeURIComponent(f),u=encodeURIComponent(r[f]);c.push(`${l}=${u}`)}const a=c.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},Ye=e=>async(n,s,t,o,i={},r,c=1e4)=>{for(const[y,g]of Object.entries(t))s[y]===void 0&&(s[y]=g);const a=[];for(const y in s){const g=encodeURIComponent(y),_=encodeURIComponent(s[y]);a.push(`${g}=${_}`)}const d=a.join("&"),f=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:d},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let u=null;return f.headers.has(Q)&&(u=f.headers.get(Q)),{success:!0,status:f.status,data:ee(l,o,r),demonstratingProofOfPossessionNonce:u}},Xe=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=oe(128),i=await qe(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[c,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${c}=${encodeURIComponent(a)}`;n.open(`${s}${r}`)},Q="DPoP-Nonce",ze=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const l in s){const u=encodeURIComponent(l),y=encodeURIComponent(s[l]);r.push(`${u}=${y}`)}const c=r.join("&"),a=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let d=null;a.headers.has(Q)&&(d=a.headers.get(Q));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ee(f,null,o),demonstratingProofOfPossessionNonce:d}}};async function Ae(e,n,s){const t=c=>{e.tokens=c},{tokens:o,status:i}=await Z(e)(0,n,s,t);return await I(e.configuration,e.configurationName)||await E(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(i),null)}const Qe=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=E(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=X(o,e.tokens,n.token_renew_mode),o}};async function Se(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let i;const r=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!r?i=await Ae(e,n,s):i=await navigator.locks.request(o,{ifAvailable:!0},async c=>c?await Ae(e,n,s):(e.publishEvent(L.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Qe(e,t))),i?(e.timeoutId&&(e.timeoutId=B(e,e.tokens.expiresAt,s)),e.tokens):null}const B=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return F.setTimeout(async()=>{const i={timeLeft:M(t,n)};e.publishEvent(L.eventNames.token_timer,i),await Se(e,!1,s)},1e3)},K={SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},Ze=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const c=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,s);if(a){const{status:l,tokens:u}=await a.initAsync(c,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(l==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!l||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(u.issuedAt!==t.issuedAt){const g=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await a.getNonceAsync();return{tokens:u,status:g,nonce:_}}r=await a.getNonceAsync()}else{const l=E(s,n.storage??sessionStorage);let{tokens:u,status:y}=await l.initAsync();if(u&&(u=X(u,e.tokens,n.token_renew_mode)),u){if(y==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(u.issuedAt!==t.issuedAt){const _=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",h=await l.getNonceAsync();return{tokens:u,status:_,nonce:h}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await l.getNonceAsync()}const f=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}},Z=e=>async(n=0,s=!1,t=null,o)=>{for(;!navigator.onLine&&document.hidden;)await $({milliseconds:1e3}),e.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let i=6;for(;!navigator.onLine&&i>0;)await $({milliseconds:1e3}),i--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${i}`});const r=document.hidden,c=n+1;t||(t={});const a=e.configuration,d=(l,u=null,y=null)=>re(e.configurationName,e.configuration,e.publishEvent.bind(e))(l,u,y),f=async()=>{try{let l;const u=await I(a,e.configurationName);u?l=u.getLoginParams():l=E(e.configurationName,a.storage).getLoginParams();const y=await d({...l.extras,...t,prompt:"none"});if(y)return y.error?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(y.tokens),e.publishEvent(L.eventNames.token_renewed,{}),{tokens:y.tokens,status:"LOGGED"})}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),await Z(e)(c,s,t,o)}};if(n>4)return r?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:l,tokens:u,nonce:y}=await Ze(e)(a,e.configurationName,e.tokens,s);switch(l){case K.SESSION_LOST:return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case K.NOT_CONNECTED:return o(null),{tokens:null,status:null};case K.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case K.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(L.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case K.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case K.REQUIRE_SYNC_TOKENS:return e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:n}),await f();default:{if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:n}),!u.refreshToken)return await f();const g=a.client_id,_=a.redirect_uri,h=a.authority,v={...a.token_request_extras?a.token_request_extras:{}};for(const[P,p]of Object.entries(t))P.endsWith(":token_request")&&(v[P.replace(":token_request","")]=p);return await(async()=>{const P={client_id:g,redirect_uri:_,grant_type:"refresh_token",refresh_token:u.refreshToken},p=await e.initAsync(h,a.authority_configuration),k=document.hidden?1e4:3e4*10,A=p.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,A,"POST"));const b=await Ye(e.getFetch())(A,P,v,u,C,a.token_renew_mode,k);if(b.success){const{isValid:V,reason:T}=ue(b.data,y.nonce,p);if(!V)return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${T}`}),{tokens:null,status:"SESSION_LOST"};if(o(b.data),b.demonstratingProofOfPossessionNonce){const x=await I(a,e.configurationName);x?await x.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await E(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:b.success}),e.publishEvent(L.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await Z(e)(c,s,t,o)})()}}}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),Z(e)(c,s,t,o)}},re=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[l,u]of Object.entries(t))r===""?r=`?${encodeURIComponent(l)}=${encodeURIComponent(u)}`:r+=`&${encodeURIComponent(l)}=${encodeURIComponent(u)}`;const c=n.silent_login_uri+r,a=c.indexOf("/",c.indexOf("//")+2),d=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((l,u)=>{try{let y=!1;window.onmessage=_=>{if(_.origin===d&&_.source===f.contentWindow){const h=`${e}_oidc_tokens:`,w=`${e}_oidc_error:`,v=`${e}_oidc_exception:`,S=_.data;if(S&&typeof S=="string"&&!y){if(S.startsWith(h)){const P=JSON.parse(_.data.replace(h,""));s(m.silentLoginAsync_end,{}),f.remove(),y=!0,l(P)}else if(S.startsWith(w)){const P=JSON.parse(_.data.replace(w,""));s(m.silentLoginAsync_error,P),f.remove(),y=!0,l({error:"oidc_"+P.error,tokens:null,sessionState:null})}else if(S.startsWith(v)){const P=JSON.parse(_.data.replace(v,""));s(m.silentLoginAsync_error,P),f.remove(),y=!0,u(new Error(P.error))}}}};const g=n.silent_login_timeout;setTimeout(()=>{y||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),y=!0,u(new Error("timeout")))},g)}catch(y){f.remove(),s(m.silentLoginAsync_error,y),u(y)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},en=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const c=(d,f,l)=>re(n,s,t.bind(o))(d,f,l);return(async()=>{o.timeoutId&&F.clearTimeout(o.timeoutId);let d;i&&"state"in i&&(d=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,l=await c({...f,prompt:"none"},d,r);if(l)return o.tokens=l.tokens,t(m.token_aquired,{}),o.timeoutId=B(o,o.tokens.expiresAt,i),{}}catch(f){return f}})()},nn=(e,n,s)=>(t,o,i,r=!1)=>{const c=(a,d=void 0,f=void 0)=>re(e.configurationName,s,e.publishEvent.bind(e))(a,d,f);return new Promise((a,d)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const u=l.idToken,y=l.idTokenPayload;return c({prompt:"none",id_token_hint:u,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const _=g.tokens.idTokenPayload;if(y.sub===_.sub){const h=g.sessionState;e.checkSessionIFrame.start(g.sessionState),y.sid===_.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",h):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",h)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",_.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[_,h]of Object.entries(n))await h.logoutOtherTabAsync(s.client_id,y.sub)})};e.checkSessionIFrame=new Pe(f,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),a(e.checkSessionIFrame)}).catch(l=>{d(l)})}else a(null)})},ve=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},sn=e=>{const n=ve(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},j=e=>{const n=ve(e),{search:s}=n;return tn(s)},tn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},on=(e,n,s,t,o)=>(i=void 0,r=null,c=!1,a=void 0)=>{const d=r;return r={...r},(async()=>{const l=i||o.getPath();if("state"in r||(r.state=oe(16)),s(m.loginAsync_begin,{}),r)for(const u of Object.keys(r))u.endsWith(":token_request")&&delete r[u];try{const u=c?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const y=n.extras?{...n.extras,...r}:r;y.nonce||(y.nonce=oe(12));const g={nonce:y.nonce},_=await I(n,e),h=await t(n.authority,n.authority_configuration);let w;if(_)_.setLoginParams({callbackPath:l,extras:d}),await _.initAsync(h,"loginAsync",n),await _.setNonceAsync(g),_.startKeepAliveServiceWorker(),w=_;else{const S=E(e,n.storage??sessionStorage);S.setLoginParams({callbackPath:l,extras:d}),await S.setNonceAsync(g),w=S}const v={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",...y};await Xe(w,o)(h.authorizationEndpoint,v)}catch(u){throw s(m.loginAsync_error,u),u}})()},rn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,c=await e.initAsync(i,s.authority_configuration),a=e.location.getCurrentHref(),f=j(a).session_state,l=await I(s,e.configurationName);let u,y,g,_;if(l)await l.initAsync(c,"loginCallbackAsync",s),await l.setSessionStateAsync(f),y=await l.getNonceAsync(),g=l.getLoginParams(),_=await l.getStateAsync(),l.startKeepAliveServiceWorker(),u=l;else{const T=E(e.configurationName,s.storage??sessionStorage);await T.setSessionStateAsync(f),y=await T.getNonceAsync(),g=T.getLoginParams(),_=await T.getStateAsync(),u=T}const h=j(a);if(h.error||h.error_description)throw new Error(`Error from OIDC server: ${h.error} - ${h.error_description}`);if(h.iss&&h.iss!==c.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${c.issuer}, received: ${h.iss})`);if(h.state&&h.state!==_)throw new Error(`State not valid (expected: ${_}, received: ${h.state})`);const w={code:h.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},v={};if(s.token_request_extras)for(const[T,x]of Object.entries(s.token_request_extras))v[T]=x;if(g&&g.extras)for(const[T,x]of Object.entries(g.extras))T.endsWith(":token_request")&&(v[T.replace(":token_request","")]=x);const S=c.tokenEndpoint,P={};if(s.demonstrating_proof_of_possession){const T=await Fe(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);l?await l.setDemonstratingProofOfPossessionJwkAsync(T):await E(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(T),P.DPoP=await ke(s.demonstrating_proof_of_possession_configuration)(T,"POST",S)}const p=await ze(u)(S,{...w,...v},P,e.configuration.token_renew_mode,r);if(!p.success)throw new Error("Token request failed");let k;const A=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==v.state)throw new Error("state is not valid");const{isValid:b,reason:V}=ue(A,y.nonce,c);if(!b)throw new Error(`Tokens are not OpenID valid, reason: ${V}`);if(l){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(o,"syncTokensAsync",s),k=l.getLoginParams(),C&&await l.setDemonstratingProofOfPossessionNonce(C);else{const T=E(e.configurationName,s.storage);k=T.getLoginParams(),C&&await T.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(c.checkSessionIframe,t,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:k.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Te={access_token:"access_token",refresh_token:"refresh_token"},an=e=>async n=>{F.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await E(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},cn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{const c=e.configuration,a=await e.initAsync(c.authority,c.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const d=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const l=f?i:o.getOrigin()+d,u=e.tokens?e.tokens.idToken:"";try{const _=a.revocationEndpoint;if(_){const h=[],w=e.tokens?e.tokens.accessToken:null;if(w&&c.logout_tokens_to_invalidate.includes(Te.access_token)){const S=we(s)(_,w,ie.access_token,c.client_id);h.push(S)}const v=e.tokens?e.tokens.refreshToken:null;if(v&&c.logout_tokens_to_invalidate.includes(Te.refresh_token)){const S=we(s)(_,v,ie.refresh_token,c.client_id);h.push(S)}h.length>0&&await Promise.all(h)}}catch(_){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(_)}const y=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[_,h]of Object.entries(n))h!==e?await e.logoutSameTabAsync(e.configuration.client_id,y):e.publishEvent(m.logout_from_same_tab,{});let g=!1;if(r){r={...r};for(const[_,h]of Object.entries(r))_.endsWith("no_reload:oidc")&&(g=r[_]=="true",delete r[_])}if(!g)if(a.endSessionEndpoint){r||(r={id_token_hint:u},i!==null&&(r.post_logout_redirect_uri=l));let _="";if(r)for(const[h,w]of Object.entries(r))_===""?_+="?":_+="&",_+=`${h}=${encodeURIComponent(w)}`;o.open(`${a.endSessionEndpoint}${_}`)}else o.reload()},ln=e=>async(n=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;for(;e.tokens&&!ne(e.tokens);)await $({milliseconds:200});if(!e.tokens)return null;const s=e.tokens.accessToken;if(!s)return null;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const d=await fetch(i,{headers:{authorization:`Bearer ${a}`}});return d.status!==200?null:d.json()})(s);return e.userInfo=c,c};class q{open(n){window.open(n,"_self")}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const un=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),fn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in i){const a=i[c];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);c!=null&&c.length>2&&(r=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:r}};function dn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const _n=()=>{const{name:e,version:n}=dn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=fn(navigator);return!un(s)},hn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=B(e,e.tokens.expiresAt,i.extras);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=E(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=X(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=B(e,e.tokens.expiresAt,r.extras);const c=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,c),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},be=()=>fetch;class ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const W={},yn=(e,n=new q)=>(s,t="default")=>(W[t]||(W[t]=new L(s,t,e,n)),W[t]),gn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=B(e,n.expiresAt),{callbackPath:s}},kn=e=>Math.floor(Math.random()*e),H=class H{constructor(n,s="default",t,o=new q){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new q;const c=n.service_worker_update_require_callback??xe(this.location);this.configuration={...n,silent_login_uri:i,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??Y.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:n.service_worker_activate??_n,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ke},this.getFetch=t??be,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=kn(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(W,n)&&s)throw Error(`OIDC library does seem initialized.
+Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> compoment.`);return W[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=j(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=j(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Ge(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=hn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,s,t,o=!1){await nn(this,W,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?en(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=on(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await rn(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||E(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(H.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){const o=this.configuration,i={ath:await pe(n)},r=await I(o,this.configurationName);let c,a;if(r)c=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const d=E(this.configurationName,o.storage);a=await d.getDemonstratingProofOfPossessionJwkAsync(),c=await d.getDemonstratingProofOfPossessionNonce()}return c&&(i.nonce=c),await ke(o.demonstrating_proof_of_possession_configuration)(a,t,s,i)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=gn(this),this.loginCallbackWithAutoTokensRenewPromise.then(n=>(this.loginCallbackWithAutoTokensRenewPromise=null,n)))}userInfoAsync(n=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=ln(this)(n),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return F.clearTimeout(this.timeoutId),this.renewTokensPromise=Se(this,!0,n),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(n){return await an(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=cn(this,W,this.getFetch(),console,this.location)(n,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};H.getOrCreate=(n,s)=>(t,o="default")=>yn(n,s)(t,o),H.eventNames=m;let L=H;const mn=(e,n)=>async(...s)=>{var u;const[t,o,...i]=s,r=o?{...o}:{method:"GET"};let c=new Headers;r.headers&&(c=r.headers instanceof Headers?r.headers:new Headers(r.headers));const a=n,d=await a.getValidTokenAsync(),f=(u=d==null?void 0:d.tokens)==null?void 0:u.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const y=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),r.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",y)}else c.set("Authorization",`Bearer ${f}`);r.credentials||(r.credentials="same-origin")}const l={...r,headers:c};return await e(t,l,...i)},U=class U{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new U(L.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t)}async getValidTokenAsync(n=200,s=50){return Ne(this._oidc,n,s)}fetchWithTokens(n){return mn(n,this)}async userInfoAsync(n=!1){return this._oidc.userInfoAsync(n)}};U.getOrCreate=(n,s=new q)=>(t,o="default")=>new U(L.getOrCreate(n,s)(t,o)),U.eventNames=L.eventNames;let ce=U;N.OidcClient=ce,N.OidcLocation=q,N.TokenRenewMode=Y,N.getFetchDefault=be,N.getParseQueryStringFromLocation=j,N.getPath=sn,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});

package/dist/jwt.d.ts

@@ -1,4 +1,5 @@
 import { DemonstratingProofOfPossessionConfiguration } from "./types";
+export declare const uint8ToUrlBase64: (uint8: Uint8Array) => string;
 export declare const defaultDemonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration;
 export declare var JWT: {
     sign: (jwk: any, headers: any, claims: any, demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration, jwtHeaderType?: string) => Promise<string>;

package/dist/jwt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAMA,OAAO,EAAC,2CAA2C,EAAC,MAAM,SAAS,CAAC;AAsDpE,eAAO,MAAM,kDAAkD,EAAE,2CAahE,CAAA;AAgED,eAAO,IAAI,GAAG;6FA5DyE,2CAA2C;CA4D3G,CAAC;AAuDxB,eAAO,IAAI,GAAG;4CAxBkC,mBAAmB;CAwBtC,CAAC;AAE9B,eAAO,MAAM,gBAAgB,yBAAgC,qBAAqB,GAAG,cAAc,wBAOlG,CAAA;AAED,eAAO,MAAM,8CAA8C,gDAAiD,2CAA2C,qCAAuC,MAAM,uCAgBnM,CAAA"}
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAMA,OAAO,EAAC,2CAA2C,EAAC,MAAM,SAAS,CAAC;AAmCpE,eAAO,MAAM,gBAAgB,UAAU,UAAU,WAOhD,CAAA;AAUD,eAAO,MAAM,kDAAkD,EAAE,2CAahE,CAAA;AAgED,eAAO,IAAI,GAAG;6FA5DyE,2CAA2C;CA4D3G,CAAC;AAuDxB,eAAO,IAAI,GAAG;4CAxBkC,mBAAmB;CAwBtC,CAAC;AAE9B,eAAO,MAAM,gBAAgB,yBAAgC,qBAAqB,GAAG,cAAc,wBAOlG,CAAA;AAED,eAAO,MAAM,8CAA8C,gDAAiD,2CAA2C,qCAAuC,MAAM,uCAgBnM,CAAA"}

package/dist/version.d.ts

@@ -1,3 +1,3 @@
-declare const _default: "7.17.0";
+declare const _default: "7.17.1";
 export default _default;
 //# sourceMappingURL=version.d.ts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axa-fr/oidc-client",
-  "version": "7.17.0",
+  "version": "7.17.1",
   "private": false,
   "type": "module",
   "main": "./dist/index.umd.cjs",
@@ -20,14 +20,13 @@
     "url": "https://github.com/AxaFrance/oidc-client.git"
   },
   "dependencies": {
-    "@axa-fr/oidc-client-service-worker": "7.17.0"
+    "@axa-fr/oidc-client-service-worker": "7.17.1"
   },
   "devDependencies": {
     "@testing-library/dom": "9.3.4",
     "@testing-library/jest-dom": "6.4.2",
     "@testing-library/react": "14.2.1",
     "@vitest/coverage-v8": "1.2.2",
-    "base64-js": "^1.5.1",
     "cpy": "11.0.0",
     "cpy-cli": "^5.0.0",
     "rimraf": "5.0.5",

package/src/crypto.ts

@@ -1,4 +1,5 @@
-import * as base64 from 'base64-js';
+import {uint8ToUrlBase64} from "./jwt";
+
 
 const cryptoInfo = () => {
   const hasCrypto = typeof window !== 'undefined' && !!(window.crypto as any);
@@ -16,11 +17,6 @@ const bufferToString = (buffer: Uint8Array) => {
   return state.join('');
 };
 
-const urlSafe = (buffer: Uint8Array): string => {
-  const encoded = base64.fromByteArray(new Uint8Array(buffer));
-  return encoded.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-};
-
 export const generateRandom = (size: number) => {
     const buffer = new Uint8Array(size);
     const { hasCrypto } = cryptoInfo();
@@ -48,7 +44,7 @@ export function textEncodeLite(str: string) {
 export function base64urlOfHashOfASCIIEncodingAsync(code: string):Promise<string> {
   return new Promise((resolve, reject) => {
     crypto.subtle.digest('SHA-256', textEncodeLite(code)).then(buffer => {
-      return resolve(urlSafe(new Uint8Array(buffer)));
+      return resolve(uint8ToUrlBase64(new Uint8Array(buffer)));
     }, error => reject(error));
   });
 }

package/src/jwt.ts

@@ -30,18 +30,16 @@ function utf8ToBinaryString(str) {
     const escstr = encodeURIComponent(str);
     // replaces any uri escape sequence, such as %0A,
     // with binary escape, such as 0x0A
-    const binstr = escstr.replace(/%([0-9A-F]{2})/g, function (match, p1) {
+    return escstr.replace(/%([0-9A-F]{2})/g, function (match, p1) {
         return String.fromCharCode(parseInt(p1, 16));
     });
-
-    return binstr;
 }
 
 // Uint8Array to URL Safe Base64
 //
 // the shortest distant between two encodings... binary string
 // @ts-ignore
-function uint8ToUrlBase64(uint8) {
+export const uint8ToUrlBase64 =(uint8: Uint8Array) => {
     let bin = '';
     // @ts-ignore
     uint8.forEach(function(code) {

package/src/version.ts

@@ -1 +1 @@
-export default '7.17.0';
+export default '7.17.1';