npm - @axa-fr/oidc-client - Versions diffs - 7.18.5 → 7.19.0 - Mend

@axa-fr/oidc-client 7.18.5 → 7.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md CHANGED Viewed

@@ -94,10 +94,32 @@ const trustedDomains = {
 trustedDomains.config_show_access_token = {
   oidcDomains :["https://demo.duendesoftware.com"],
   accessTokenDomains : ["https://www.myapi.com/users"],
-  showAccessToken: true,
+  showAccessToken: false,
   // convertAllRequestsToCorsExceptNavigate: false, // default value is false
   // setAccessTokenToNavigateRequests: true, // default value is true
 };
+// DPoP (Demonstrating Proof of Possession) will be activated for the following domains
+trustedDomains.config_with_dpop = {
+     domains: ["https://demo.duendesoftware.com"],
+     demonstratingProofOfPossession: true
+     // Optional, more details bellow
+     /*demonstratingProofOfPossessionConfiguration: {
+      importKeyAlgorithm: {
+        name: 'ECDSA',
+        namedCurve: 'P-256',
+        hash: {name: 'ES256'}
+      },
+      signAlgorithm: {name: 'ECDSA', hash: {name: 'SHA-256'}},
+      generateKeyAlgorithm: {
+        name: 'ECDSA',
+        namedCurve: 'P-256'
+      },
+      digestAlgorithm: { name: 'SHA-256' },
+      jwtHeaderAlgorithm : 'ES256'
+    }*/
+};
 ```
 The code of the demo :
@@ -113,7 +135,7 @@ export const configuration = {
   authority: 'https://demo.duendesoftware.com',
   service_worker_relative_url: '/OidcServiceWorker.js', // just comment that line to disable service worker mode
   service_worker_only: false,
-  demonstrating_proof_of_possession: false, // demonstrating proof of possession will work only if access_token is accessible from the client (This is because WebCrypto API is not available inside a Service Worker)
+  demonstrating_proof_of_possession: false,
 };
 const href = window.location.href;

package/dist/index.js CHANGED Viewed

@@ -284,7 +284,7 @@ const X = (e, n = null, s) => {
     setInterval: i,
     clearInterval: c
   };
-}(), ce = "7.18.5";
+}(), ce = "7.19.0";
 let le = null, q;
 const U = ({ milliseconds: e }) => new Promise((n) => J.setTimeout(n, e)), ge = (e = "/") => {
   try {
@@ -323,7 +323,7 @@ const U = ({ milliseconds: e }) => new Promise((n) => J.setTimeout(n, e)), ge =
     return null;
   }
   const o = async (g) => O(t)({ type: "clear", data: { status: g }, configurationName: n }), r = async (g, S, E) => {
-    const P = await O(t)({
+    const b = await O(t)({
       type: "init",
       data: {
         oidcServerConfiguration: g,
@@ -334,8 +334,8 @@ const U = ({ milliseconds: e }) => new Promise((n) => J.setTimeout(n, e)), ge =
         }
       },
       configurationName: n
-    }), L = P.version;
-    return L !== ce && (console.warn(`Service worker ${L} version mismatch with js client version ${ce}, unregistering and reloading`), await E.service_worker_update_require_callback(t, Ce)), { tokens: oe(P.tokens, null, E.token_renew_mode), status: P.status };
+    }), L = b.version;
+    return L !== ce && (console.warn(`Service worker ${L} version mismatch with js client version ${ce}, unregistering and reloading`), await E.service_worker_update_require_callback(t, Ce)), { tokens: oe(b.tokens, null, E.token_renew_mode), status: b.status };
   }, i = (g = "/") => {
     le == null && (le = "not_null", ge(g));
   }, c = (g) => O(t)({ type: "setSessionState", data: { sessionState: g }, configurationName: n }), a = async () => (await O(t)({ type: "getSessionState", data: null, configurationName: n })).sessionState, _ = (g) => (sessionStorage[`oidc.nonce.${n}`] = g.nonce, O(t)({ type: "setNonce", data: { nonce: g }, configurationName: n })), f = async () => {
@@ -375,7 +375,7 @@ const U = ({ milliseconds: e }) => new Promise((n) => J.setTimeout(n, e)), ge =
     getDemonstratingProofOfPossessionNonce: async () => (await O(t)({ type: "getDemonstratingProofOfPossessionNonce", data: null, configurationName: n })).demonstratingProofOfPossessionNonce,
     setDemonstratingProofOfPossessionJwkAsync: async (g) => {
       const S = JSON.stringify(g);
-      O(t)({ type: "setDemonstratingProofOfPossessionJwk", data: { demonstratingProofOfPossessionJwkJson: S }, configurationName: n });
+      await O(t)({ type: "setDemonstratingProofOfPossessionJwk", data: { demonstratingProofOfPossessionJwkJson: S }, configurationName: n });
     },
     getDemonstratingProofOfPossessionJwkAsync: async () => {
       const g = await O(t)({ type: "getDemonstratingProofOfPossessionJwk", data: null, configurationName: n });
@@ -426,63 +426,63 @@ const $e = {
   },
   digestAlgorithm: { name: "SHA-256" },
   jwtHeaderAlgorithm: "ES256"
-}, Re = async (e, n, s, t, o = "dpop+jwt") => {
-  switch (e = Object.assign({}, e), n.typ = o, n.alg = t.jwtHeaderAlgorithm, n.alg) {
+}, Re = (e) => async (n, s, t, o, r = "dpop+jwt") => {
+  switch (n = Object.assign({}, n), s.typ = r, s.alg = o.jwtHeaderAlgorithm, s.alg) {
     case "ES256":
-      n.jwk = { kty: e.kty, crv: e.crv, x: e.x, y: e.y };
+      s.jwk = { kty: n.kty, crv: n.crv, x: n.x, y: n.y };
       break;
     case "RS256":
-      n.jwk = { kty: e.kty, n: e.n, e: e.e, kid: n.kid };
+      s.jwk = { kty: n.kty, n: n.n, e: n.e, kid: s.kid };
       break;
     default:
       throw new Error("Unknown or not implemented JWS algorithm");
   }
-  const r = {
+  const i = {
     // @ts-ignore
     // JWT "headers" really means JWS "protected headers"
-    protected: ue(JSON.stringify(n)),
+    protected: ue(JSON.stringify(s)),
     // @ts-ignore
     // JWT "claims" are really a JSON-defined JWS "payload"
-    payload: ue(JSON.stringify(s))
-  }, i = t.importKeyAlgorithm, c = !0, a = ["sign"], _ = await window.crypto.subtle.importKey("jwk", e, i, c, a), f = ke(`${r.protected}.${r.payload}`), l = t.signAlgorithm, u = await window.crypto.subtle.sign(l, _, f);
-  return r.signature = re(new Uint8Array(u)), `${r.protected}.${r.payload}.${r.signature}`;
+    payload: ue(JSON.stringify(t))
+  }, c = o.importKeyAlgorithm, a = !0, _ = ["sign"], f = await e.crypto.subtle.importKey("jwk", n, c, a, _), l = ke(`${i.protected}.${i.payload}`), u = o.signAlgorithm, d = await e.crypto.subtle.sign(u, f, l);
+  return i.signature = re(new Uint8Array(d)), `${i.protected}.${i.payload}.${i.signature}`;
 };
 var Ke = { sign: Re };
-const Ue = async (e) => {
-  const n = e, s = !0, t = ["sign", "verify"], o = await window.crypto.subtle.generateKey(n, s, t);
-  return await window.crypto.subtle.exportKey("jwk", o.privateKey);
+const Ue = (e) => async (n) => {
+  const s = n, t = !0, o = ["sign", "verify"], r = await e.crypto.subtle.generateKey(s, t, o);
+  return await e.crypto.subtle.exportKey("jwk", r.privateKey);
 }, Ve = (e) => {
   const n = Object.assign({}, e);
   return delete n.d, n.key_ops = ["verify"], n;
 }, Me = {
   generate: Ue,
   neuter: Ve
-}, Fe = async (e, n) => {
-  let s;
-  switch (e.kty) {
+}, Fe = (e) => async (n, s) => {
+  let t;
+  switch (n.kty) {
     case "EC":
-      s = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", e.crv).replace("X", e.x).replace("Y", e.y);
+      t = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", n.crv).replace("X", n.x).replace("Y", n.y);
       break;
     case "RSA":
-      s = '{"e":"E","kty":"RSA","n":"N"}'.replace("E", e.e).replace("N", e.n);
+      t = '{"e":"E","kty":"RSA","n":"N"}'.replace("E", n.e).replace("N", n.n);
       break;
     default:
       throw new Error("Unknown or not implemented JWK type");
   }
-  const t = await window.crypto.subtle.digest(n, ke(s));
-  return re(new Uint8Array(t));
+  const o = await e.crypto.subtle.digest(s, ke(t));
+  return re(new Uint8Array(o));
 };
 var Je = { thumbprint: Fe };
-const Be = async (e) => await Me.generate(e), pe = (e) => async (n, s = "POST", t, o = {}) => {
-  const r = {
+const Be = (e) => async (n) => await Me.generate(e)(n), pe = (e) => (n) => async (s, t = "POST", o, r = {}) => {
+  const i = {
     // https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
     jti: btoa(je()),
-    htm: s,
-    htu: t,
+    htm: t,
+    htu: o,
     iat: Math.round(Date.now() / 1e3),
-    ...o
-  }, i = await Je.thumbprint(n, e.digestAlgorithm);
-  return await Ke.sign(n, { kid: i }, r, e);
+    ...r
+  }, c = await Je.thumbprint(e)(s, n.digestAlgorithm);
+  return await Ke.sign(e)(s, { kid: c }, i, n);
 }, je = () => {
   const e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", n = "0123456789abcdef";
   let s = 0, t = "";
@@ -766,7 +766,7 @@ const F = (e, n, s = null) => {
             refresh_token: u.refreshToken
           }, m = await e.initAsync(h, a.authority_configuration), g = document.hidden ? 1e4 : 3e4 * 10, S = m.tokenEndpoint, E = {};
           a.demonstrating_proof_of_possession && (E.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken, S, "POST"));
-          const P = await ze(e.getFetch())(
+          const b = await ze(e.getFetch())(
             S,
             T,
             A,
@@ -775,20 +775,20 @@ const F = (e, n, s = null) => {
             a.token_renew_mode,
             g
           );
-          if (P.success) {
-            const { isValid: L, reason: b } = ye(P.data, d.nonce, m);
+          if (b.success) {
+            const { isValid: L, reason: P } = ye(b.data, d.nonce, m);
             if (!L)
-              return o(null), e.publishEvent(p.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${b}` }), { tokens: null, status: "SESSION_LOST" };
-            if (o(P.data), P.demonstratingProofOfPossessionNonce) {
+              return o(null), e.publishEvent(p.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${P}` }), { tokens: null, status: "SESSION_LOST" };
+            if (o(b.data), b.demonstratingProofOfPossessionNonce) {
               const W = await C(a, e.configurationName);
-              W ? await W.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce) : await I(e.configurationName, a.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce);
+              W ? await W.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce) : await I(e.configurationName, a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce);
             }
-            return e.publishEvent(p.refreshTokensAsync_end, { success: P.success }), e.publishEvent(N.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: P.data, status: "LOGGED_IN" };
+            return e.publishEvent(p.refreshTokensAsync_end, { success: b.success }), e.publishEvent(N.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: b.data, status: "LOGGED_IN" };
           } else
             return e.publishEvent(p.refreshTokensAsync_silent_error, {
               message: "bad request",
-              tokenResponse: P
-            }), P.status >= 400 && P.status < 500 ? (o(null), e.publishEvent(p.refreshTokensAsync_error, { message: `session lost: ${P.status}` }), { tokens: null, status: "SESSION_LOST" }) : await j(e)(c, s, t, o);
+              tokenResponse: b
+            }), b.status >= 400 && b.status < 500 ? (o(null), e.publishEvent(p.refreshTokensAsync_error, { message: `session lost: ${b.status}` }), { tokens: null, status: "SESSION_LOST" }) : await j(e)(c, s, t, o);
         })();
       }
     }
@@ -969,8 +969,8 @@ const F = (e, n, s = null) => {
     if (l)
       await l.initAsync(c, "loginCallbackAsync", s), await l.setSessionStateAsync(f), d = await l.getNonceAsync(), k = l.getLoginParams(), y = await l.getStateAsync(), l.startKeepAliveServiceWorker(), u = l;
     else {
-      const b = I(e.configurationName, s.storage ?? sessionStorage);
-      await b.setSessionStateAsync(f), d = await b.getNonceAsync(), k = b.getLoginParams(), y = await b.getStateAsync(), u = b;
+      const P = I(e.configurationName, s.storage ?? sessionStorage);
+      await P.setSessionStateAsync(f), d = await P.getNonceAsync(), k = P.getLoginParams(), y = await P.getStateAsync(), u = P;
     }
     const h = G(a);
     if (h.error || h.error_description)
@@ -986,16 +986,19 @@ const F = (e, n, s = null) => {
       redirect_uri: o
     }, A = {};
     if (s.token_request_extras)
-      for (const [b, W] of Object.entries(s.token_request_extras))
-        A[b] = W;
+      for (const [P, W] of Object.entries(s.token_request_extras))
+        A[P] = W;
     if (k && k.extras)
-      for (const [b, W] of Object.entries(k.extras))
-        b.endsWith(":token_request") && (A[b.replace(":token_request", "")] = W);
+      for (const [P, W] of Object.entries(k.extras))
+        P.endsWith(":token_request") && (A[P.replace(":token_request", "")] = W);
     const v = c.tokenEndpoint, T = {};
-    if (s.demonstrating_proof_of_possession) {
-      const b = await Be(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
-      l ? await l.setDemonstratingProofOfPossessionJwkAsync(b) : await I(e.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(b), T.DPoP = await pe(s.demonstrating_proof_of_possession_configuration)(b, "POST", v);
-    }
+    if (s.demonstrating_proof_of_possession)
+      if (l)
+        T.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
+      else {
+        const P = await Be(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
+        await I(e.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(P), T.DPoP = await pe(window)(s.demonstrating_proof_of_possession_configuration)(P, "POST", v);
+      }
     const m = await Ze(u)(
       v,
       { ...w, ...A },
@@ -1009,8 +1012,8 @@ const F = (e, n, s = null) => {
     const S = m.data.tokens, E = m.data.demonstratingProofOfPossessionNonce;
     if (m.data.state !== A.state)
       throw new Error("state is not valid");
-    const { isValid: P, reason: L } = ye(S, d.nonce, c);
-    if (!P)
+    const { isValid: b, reason: L } = ye(S, d.nonce, c);
+    if (!b)
       throw new Error(`Tokens are not OpenID valid, reason: ${L}`);
     if (l) {
       if (S.refreshToken && !S.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
@@ -1021,8 +1024,8 @@ const F = (e, n, s = null) => {
     if (l)
       await l.initAsync(o, "syncTokensAsync", s), g = l.getLoginParams(), E && await l.setDemonstratingProofOfPossessionNonce(E);
     else {
-      const b = I(e.configurationName, s.storage);
-      g = b.getLoginParams(), E && await b.setDemonstratingProofOfPossessionNonce(E);
+      const P = I(e.configurationName, s.storage);
+      g = P.getLoginParams(), E && await P.setDemonstratingProofOfPossessionNonce(E);
     }
     return await e.startCheckSessionAsync(c.checkSessionIframe, t, f, n), e.publishEvent(p.loginCallbackAsync_end, {}), {
       tokens: S,
@@ -1386,14 +1389,12 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
   }
   async generateDemonstrationOfProofOfPossessionAsync(n, s, t) {
     const o = this.configuration, r = { ath: await Ae(n) }, i = await C(o, this.configurationName);
-    let c, a;
+    let c;
     if (i)
-      c = await i.getDemonstratingProofOfPossessionNonce(), a = await i.getDemonstratingProofOfPossessionJwkAsync();
-    else {
-      const _ = I(this.configurationName, o.storage);
-      a = await _.getDemonstratingProofOfPossessionJwkAsync(), c = await _.getDemonstratingProofOfPossessionNonce();
-    }
-    return c && (r.nonce = c), await pe(o.demonstrating_proof_of_possession_configuration)(a, t, s, r);
+      return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
+    const a = I(this.configurationName, o.storage);
+    let _ = await a.getDemonstratingProofOfPossessionJwkAsync();
+    return c = await a.getDemonstratingProofOfPossessionNonce(), c && (r.nonce = c), await pe(window)(o.demonstrating_proof_of_possession_configuration)(_, t, s, r);
   }
   loginCallbackWithAutoTokensRenewAsync() {
     return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = pn(this), this.loginCallbackWithAutoTokensRenewPromise.then((n) => (this.loginCallbackWithAutoTokensRenewPromise = null, n)));

package/dist/index.umd.cjs CHANGED Viewed

@@ -1,2 +1,2 @@
-(function(N,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(N=typeof globalThis<"u"?globalThis:N||self,G(N["oidc-client"]={}))})(this,function(N){"use strict";const D=console;class Oe{constructor(n,s,t,o=2e3,r=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=r;const i=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,i),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(D.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(D.debug(n),D.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):D.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){D.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(D.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},E=(e,n=sessionStorage)=>{const s=p=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{n[`oidc.${e}`]=JSON.stringify({tokens:p})},r=async p=>{n[`oidc.session_state.${e}`]=p},i=async()=>n[`oidc.session_state.${e}`],c=p=>{n[`oidc.nonce.${e}`]=p.nonce},a=p=>{n[`oidc.jwk.${e}`]=JSON.stringify(p)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async p=>{n[`oidc.dpop_nonce.${e}`]=p},u=()=>n[`oidc.dpop_nonce.${e}`],_=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let k={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:_,setSessionStateAsync:r,getSessionStateAsync:i,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{k[e]=p,n[`oidc.login.${e}`]=JSON.stringify(p)},getLoginParams:()=>{const p=n[`oidc.login.${e}`];return p?(k[e]||(k[e]=JSON.parse(p)),k[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async p=>{n[`oidc.state.${e}`]=p},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async p=>{n[`oidc.code_verifier.${e}`]=p},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:d}},Ee=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Ie=e=>JSON.parse(Ee(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&Ce(e,".")===2?Ie(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Ce=(e,n)=>e.split(n).length-1,Y={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Ne(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const X=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let r;n!=null&&"idToken"in n&&!("idToken"in e)?r=n.idToken:r=e.idToken;const i=e.idTokenPayload?e.idTokenPayload:ue(r),c=i&&i.exp?i.exp:Number.MAX_VALUE,a=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Ne(e,t,i);let d;e.expiresAt?d=e.expiresAt:s===Y.access_token_invalid?d=a:s===Y.id_token_invalid?d=c:d=c<a?c:a;const f={...e,idTokenPayload:i,accessTokenPayload:t,expiresAt:d,idToken:r};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),X(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},ne=e=>e?M(0,e.expiresAt)>0:!1,xe=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!ne(e.tokens)&&t>0;)await $({milliseconds:n}),t=t-1;return{isTokensValid:ne(e.tokens),tokens:e.tokens,numberWaited:t-s}},fe=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const r=60*60*24*7;if(t.iat&&t.iat+r<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+r} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},F=function(){const e=function(){let a,d;const f=(function(){const u={},_={setTimeout:function(y,h,w){u[h]=setTimeout(function(){y.postMessage(h),u[h]=null},w)},setInterval:function(y,h,w){u[h]=setInterval(function(){y.postMessage(h)},w)},clearTimeout:function(y,h){clearTimeout(u[h]),u[h]=null},clearInterval:function(y,h){clearInterval(u[h]),u[h]=null}};function k(y,h){const w=h.data[0],A=h.data[1],v=h.data[2];_[w]&&_[w](y,A,v)}this.onmessage=function(y){k(self,y)},this.onconnect=function(y){const h=y.ports[0];h.onmessage=function(w){k(h,w)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});d=URL.createObjectURL(u)}catch{return null}const l=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(d),a.port}catch{l&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(d),a}catch{l&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),s={},t={};e.onmessage=function(a){const d=a.data,f=s[d];if(f){f(),s[d]=null;return}const l=t[d];l&&l()};function o(a,d){const f=n();return e.postMessage(["setTimeout",f,d]),s[f]=a,f}function r(a){e.postMessage(["clearTimeout",a]),s[a]=null}function i(a,d){const f=n();return e.postMessage(["setInterval",f,d]),t[f]=a,f}function c(a){e.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:r,setInterval:i,clearInterval:c}}(),de="7.18.5";let _e=null,z;const $=({milliseconds:e})=>new Promise(n=>F.setTimeout(n,e)),he=(e="/")=>{try{z=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:z.signal}).catch(t=>{console.log(t)}),$({milliseconds:150*1e3}).then(he)}catch(n){console.log(n)}},Le=()=>{z&&z.abort()},We=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),De=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistering ${t}`),await $({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(r){r.data&&r.data.error?t(r.data.error):s(r.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.register?t=await e.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(t)({type:"claim"})}catch{return null}const o=async g=>O(t)({type:"clear",data:{status:g},configurationName:n}),r=async(g,S,C)=>{const P=await O(t)({type:"init",data:{oidcServerConfiguration:g,where:S,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),V=P.version;return V!==de&&(console.warn(`Service worker ${V} version mismatch with js client version ${de}, unregistering and reloading`),await C.service_worker_update_require_callback(t,Le)),{tokens:ee(P.tokens,null,C.token_renew_mode),status:P.status}},i=(g="/")=>{_e==null&&(_e="not_null",he(g))},c=g=>O(t)({type:"setSessionState",data:{sessionState:g},configurationName:n}),a=async()=>(await O(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,d=g=>(sessionStorage[`oidc.nonce.${n}`]=g.nonce,O(t)({type:"setNonce",data:{nonce:g},configurationName:n})),f=async()=>{let S=(await O(t)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}};let l={};return{clearAsync:o,initAsync:r,startKeepAliveServiceWorker:()=>i(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>We(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:d,getNonceAsync:f,setLoginParams:g=>{l[n]=g,localStorage[`oidc.login.${n}`]=JSON.stringify(g)},getLoginParams:()=>{const g=localStorage[`oidc.login.${n}`];return l[n]||(l[n]=JSON.parse(g)),l[n]},getStateAsync:async()=>{let S=(await O(t)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async g=>(sessionStorage[`oidc.state.${n}`]=g,O(t)({type:"setState",data:{state:g},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await O(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async g=>(sessionStorage[`oidc.code_verifier.${n}`]=g,O(t)({type:"setCodeVerifier",data:{codeVerifier:g},configurationName:n})),setDemonstratingProofOfPossessionNonce:async g=>{await O(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:g},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async g=>{const S=JSON.stringify(g);O(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const g=await O(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return g.demonstratingProofOfPossessionJwkJson?JSON.parse(g.demonstratingProofOfPossessionJwkJson):null}}},R={},$e=(e,n=window.sessionStorage,s)=>{if(!R[e]&&n){const o=n.getItem(e);o&&(R[e]=JSON.parse(o))}const t=1e3*s;return R[e]&&R[e].timestamp+t>Date.now()?R[e].result:null},Re=(e,n,s=window.sessionStorage)=>{const t=Date.now();R[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function ye(e){return new TextEncoder().encode(e)}function ge(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Ke(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const se=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),ge(n)};function ke(e){return ge(Ke(e))}const Ue={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var Ve={sign:async(e,n,s,t,o="dpop+jwt")=>{switch(e=Object.assign({},e),n.typ=o,n.alg=t.jwtHeaderAlgorithm,n.alg){case"ES256":n.jwk={kty:e.kty,crv:e.crv,x:e.x,y:e.y};break;case"RS256":n.jwk={kty:e.kty,n:e.n,e:e.e,kid:n.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:ke(JSON.stringify(n)),payload:ke(JSON.stringify(s))},i=t.importKeyAlgorithm,c=!0,a=["sign"],d=await window.crypto.subtle.importKey("jwk",e,i,c,a),f=ye(`${r.protected}.${r.payload}`),l=t.signAlgorithm,u=await window.crypto.subtle.sign(l,d,f);return r.signature=se(new Uint8Array(u)),`${r.protected}.${r.payload}.${r.signature}`}};const Me={generate:async e=>{const n=e,s=!0,t=["sign","verify"],o=await window.crypto.subtle.generateKey(n,s,t);return await window.crypto.subtle.exportKey("jwk",o.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var Fe={thumbprint:async(e,n)=>{let s;switch(e.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",e.crv).replace("X",e.x).replace("Y",e.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",e.e).replace("N",e.n);break;default:throw new Error("Unknown or not implemented JWK type")}const t=await window.crypto.subtle.digest(n,ye(s));return se(new Uint8Array(t))}};const Je=async e=>await Me.generate(e),me=e=>async(n,s="POST",t,o={})=>{const r={jti:btoa(Be()),htm:s,htu:t,iat:Math.round(Date.now()/1e3),...o},i=await Fe.thumbprint(n,e.digestAlgorithm);return await Ve.sign(n,{kid:i},r,e)},Be=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},pe=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},te="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",je=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%te.length;n.push(te[t])}return n.join("")},oe=e=>{const n=new Uint8Array(e),{hasCrypto:s}=pe();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*te.length|0;return je(n)};function qe(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function we(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",qe(e)).then(t=>n(se(new Uint8Array(t))),t=>s(t))})}const He=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=pe();return n?we(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Ge=60*60,Ye=e=>async(n,s=Ge,t=window.sessionStorage,o=1e4)=>{const r=`${n}/.well-known/openid-configuration`,i=`oidc.server:${n}`,c=$e(i,t,s);if(c)return new ce(c);const a=await J(e)(r,{},o);if(a.status!==200)return null;const d=await a.json();return Re(i,d,t),new ce(d)},J=e=>async(n,s={},t=1e4,o=0)=>{let r;try{const i=new AbortController;setTimeout(()=>i.abort(),t),r=await e(n,{...s,signal:i.signal})}catch(i){if(i.name==="AbortError"||i.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw i}else throw console.error(i.message),i}return r},re={refresh_token:"refresh_token",access_token:"access_token"},Ae=e=>async(n,s,t=re.refresh_token,o,r={},i=1e4)=>{const c={token:s,token_type_hint:t,client_id:o};for(const[l,u]of Object.entries(r))c[l]===void 0&&(c[l]=u);const a=[];for(const l in c){const u=encodeURIComponent(l),_=encodeURIComponent(c[l]);a.push(`${u}=${_}`)}const d=a.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:d},i)).status!==200?{success:!1}:{success:!0}},Xe=e=>async(n,s,t,o,r={},i,c=1e4)=>{for(const[_,k]of Object.entries(t))s[_]===void 0&&(s[_]=k);const a=[];for(const _ in s){const k=encodeURIComponent(_),y=encodeURIComponent(s[_]);a.push(`${k}=${y}`)}const d=a.join("&"),f=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...r},body:d},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let u=null;return f.headers.has(Q)&&(u=f.headers.get(Q)),{success:!0,status:f.status,data:ee(l,o,i),demonstratingProofOfPossessionNonce:u}},ze=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=oe(128),r=await He(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=r,t.code_challenge_method="S256";let i="";if(t)for(const[c,a]of Object.entries(t))i===""?i+="?":i+="&",i+=`${c}=${encodeURIComponent(a)}`;n.open(`${s}${i}`)},Q="DPoP-Nonce",Qe=e=>async(n,s,t,o,r=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const i=[];for(const l in s){const u=encodeURIComponent(l),_=encodeURIComponent(s[l]);i.push(`${u}=${_}`)}const c=i.join("&"),a=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},r);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let d=null;a.headers.has(Q)&&(d=a.headers.get(Q));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ee(f,null,o),demonstratingProofOfPossessionNonce:d}}};async function Se(e,n,s){const t=c=>{e.tokens=c},{tokens:o,status:r}=await Z(e)(0,n,s,t);return await I(e.configuration,e.configurationName)||await E(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(r),null)}const Ze=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=E(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=X(o,e.tokens,n.token_renew_mode),o}};async function ve(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let r;const i=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!i?r=await Se(e,n,s):r=await navigator.locks.request(o,{ifAvailable:!0},async c=>c?await Se(e,n,s):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Ze(e,t))),r?(e.timeoutId&&(e.timeoutId=B(e,e.tokens.expiresAt,s)),e.tokens):null}const B=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return F.setTimeout(async()=>{const r={timeLeft:M(t,n)};e.publishEvent(x.eventNames.token_timer,r),await ve(e,!1,s)},1e3)},K={SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},en=e=>async(n,s,t,o=!1)=>{const r={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:r};let i=r;const c=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,s);if(a){const{status:l,tokens:u}=await a.initAsync(c,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};if(l==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(!l||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:r};if(u.issuedAt!==t.issuedAt){const k=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",y=await a.getNonceAsync();return{tokens:u,status:k,nonce:y}}i=await a.getNonceAsync()}else{const l=E(s,n.storage??sessionStorage);let{tokens:u,status:_}=await l.initAsync();if(u&&(u=X(u,e.tokens,n.token_renew_mode)),u){if(_==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(u.issuedAt!==t.issuedAt){const y=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",h=await l.getNonceAsync();return{tokens:u,status:y,nonce:h}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};i=await l.getNonceAsync()}const f=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:i}:{tokens:t,status:f,nonce:i}},Z=e=>async(n=0,s=!1,t=null,o)=>{for(;!navigator.onLine&&document.hidden;)await $({milliseconds:1e3}),e.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await $({milliseconds:1e3}),r--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const i=document.hidden,c=n+1;t||(t={});const a=e.configuration,d=(l,u=null,_=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(l,u,_),f=async()=>{try{let l;const u=await I(a,e.configurationName);u?l=u.getLoginParams():l=E(e.configurationName,a.storage).getLoginParams();const _=await d({...l.extras,...t,prompt:"none"});return _?_.error?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(_.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}):(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),await Z(e)(c,s,t,o)}};if(n>4)return i?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:l,tokens:u,nonce:_}=await en(e)(a,e.configurationName,e.tokens,s);switch(l){case K.SESSION_LOST:return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case K.NOT_CONNECTED:return o(null),{tokens:null,status:null};case K.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case K.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case K.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case K.REQUIRE_SYNC_TOKENS:return e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:n}),await f();default:{if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:n}),!u.refreshToken)return await f();const k=a.client_id,y=a.redirect_uri,h=a.authority,A={...a.token_request_extras?a.token_request_extras:{}};for(const[T,p]of Object.entries(t))T.endsWith(":token_request")&&(A[T.replace(":token_request","")]=p);return await(async()=>{const T={client_id:k,redirect_uri:y,grant_type:"refresh_token",refresh_token:u.refreshToken},p=await e.initAsync(h,a.authority_configuration),g=document.hidden?1e4:3e4*10,S=p.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,S,"POST"));const P=await Xe(e.getFetch())(S,T,A,u,C,a.token_renew_mode,g);if(P.success){const{isValid:V,reason:b}=fe(P.data,_.nonce,p);if(!V)return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${b}`}),{tokens:null,status:"SESSION_LOST"};if(o(P.data),P.demonstratingProofOfPossessionNonce){const W=await I(a,e.configurationName);W?await W.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await E(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:P.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),P.status>=400&&P.status<500?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${P.status}`}),{tokens:null,status:"SESSION_LOST"}):await Z(e)(c,s,t,o)})()}}}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),Z(e)(c,s,t,o)}},ie=(e,n,s)=>(t=null,o=null,r=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let i="";if(o&&(t==null&&(t={}),t.state=o),r&&(t==null&&(t={}),t.scope=r),t!=null)for(const[l,u]of Object.entries(t))i===""?i=`?${encodeURIComponent(l)}=${encodeURIComponent(u)}`:i+=`&${encodeURIComponent(l)}=${encodeURIComponent(u)}`;const c=n.silent_login_uri+i,a=c.indexOf("/",c.indexOf("//")+2),d=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((l,u)=>{try{let _=!1;window.onmessage=y=>{if(y.origin===d&&y.source===f.contentWindow){const h=`${e}_oidc_tokens:`,w=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,v=y.data;if(v&&typeof v=="string"&&!_){if(v.startsWith(h)){const T=JSON.parse(y.data.replace(h,""));s(m.silentLoginAsync_end,{}),f.remove(),_=!0,l(T)}else if(v.startsWith(w)){const T=JSON.parse(y.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),_=!0,l({error:"oidc_"+T.error,tokens:null,sessionState:null})}else if(v.startsWith(A)){const T=JSON.parse(y.data.replace(A,""));s(m.silentLoginAsync_error,T),f.remove(),_=!0,u(new Error(T.error))}}}};const k=n.silent_login_timeout;setTimeout(()=>{_||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),_=!0,u(new Error("timeout")))},k)}catch(_){f.remove(),s(m.silentLoginAsync_error,_),u(_)}})}catch(i){throw s(m.silentLoginAsync_error,i),i}},nn=(e,n,s,t,o)=>(r=null,i=void 0)=>{r={...r};const c=(d,f,l)=>ie(n,s,t.bind(o))(d,f,l);return(async()=>{o.timeoutId&&F.clearTimeout(o.timeoutId);let d;r&&"state"in r&&(d=r.state,delete r.state);try{const f=s.extras?{...s.extras,...r}:r,l=await c({...f,prompt:"none"},d,i);if(l)return o.tokens=l.tokens,t(m.token_aquired,{}),o.timeoutId=B(o,o.tokens.expiresAt,r),{}}catch(f){return f}})()},sn=(e,n,s)=>(t,o,r,i=!1)=>{const c=(a,d=void 0,f=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(a,d,f);return new Promise((a,d)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&r&&!i){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const u=l.idToken,_=l.idTokenPayload;return c({prompt:"none",id_token_hint:u,scope:s.scope||"openid"}).then(k=>{if(k.error)throw new Error(k.error);const y=k.tokens.idTokenPayload;if(_.sub===y.sub){const h=k.sessionState;e.checkSessionIFrame.start(k.sessionState),_.sid===y.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",h):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",h)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",y.sub)}).catch(async k=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",k);for(const[y,h]of Object.entries(n))await h.logoutOtherTabAsync(s.client_id,_.sub)})};e.checkSessionIFrame=new Oe(f,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(r),a(e.checkSessionIFrame)}).catch(l=>{d(l)})}else a(null)})},Te=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},tn=e=>{const n=Te(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},j=e=>{const n=Te(e),{search:s}=n;return on(s)},on=e=>{const n={};let s,t,o;const r=e.split("&");for(t=0,o=r.length;t<o;t++)s=r[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},rn=(e,n,s,t,o)=>(r=void 0,i=null,c=!1,a=void 0)=>{const d=i;return i={...i},(async()=>{const l=r||o.getPath();if("state"in i||(i.state=oe(16)),s(m.loginAsync_begin,{}),i)for(const u of Object.keys(i))u.endsWith(":token_request")&&delete i[u];try{const u=c?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const _=n.extras?{...n.extras,...i}:i;_.nonce||(_.nonce=oe(12));const k={nonce:_.nonce},y=await I(n,e),h=await t(n.authority,n.authority_configuration);let w;if(y)y.setLoginParams({callbackPath:l,extras:d}),await y.initAsync(h,"loginAsync",n),await y.setNonceAsync(k),y.startKeepAliveServiceWorker(),w=y;else{const v=E(e,n.storage??sessionStorage);v.setLoginParams({callbackPath:l,extras:d}),await v.setNonceAsync(k),w=v}const A={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",..._};await ze(w,o)(h.authorizationEndpoint,A)}catch(u){throw s(m.loginAsync_error,u),u}})()},an=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,r=s.authority,i=s.token_request_timeout,c=await e.initAsync(r,s.authority_configuration),a=e.location.getCurrentHref(),f=j(a).session_state,l=await I(s,e.configurationName);let u,_,k,y;if(l)await l.initAsync(c,"loginCallbackAsync",s),await l.setSessionStateAsync(f),_=await l.getNonceAsync(),k=l.getLoginParams(),y=await l.getStateAsync(),l.startKeepAliveServiceWorker(),u=l;else{const b=E(e.configurationName,s.storage??sessionStorage);await b.setSessionStateAsync(f),_=await b.getNonceAsync(),k=b.getLoginParams(),y=await b.getStateAsync(),u=b}const h=j(a);if(h.error||h.error_description)throw new Error(`Error from OIDC server: ${h.error} - ${h.error_description}`);if(h.iss&&h.iss!==c.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${c.issuer}, received: ${h.iss})`);if(h.state&&h.state!==y)throw new Error(`State not valid (expected: ${y}, received: ${h.state})`);const w={code:h.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},A={};if(s.token_request_extras)for(const[b,W]of Object.entries(s.token_request_extras))A[b]=W;if(k&&k.extras)for(const[b,W]of Object.entries(k.extras))b.endsWith(":token_request")&&(A[b.replace(":token_request","")]=W);const v=c.tokenEndpoint,T={};if(s.demonstrating_proof_of_possession){const b=await Je(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);l?await l.setDemonstratingProofOfPossessionJwkAsync(b):await E(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(b),T.DPoP=await me(s.demonstrating_proof_of_possession_configuration)(b,"POST",v)}const p=await Qe(u)(v,{...w,...A},T,e.configuration.token_renew_mode,i);if(!p.success)throw new Error("Token request failed");let g;const S=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==A.state)throw new Error("state is not valid");const{isValid:P,reason:V}=fe(S,_.nonce,c);if(!P)throw new Error(`Tokens are not OpenID valid, reason: ${V}`);if(l){if(S.refreshToken&&!S.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&S.accessToken&&S.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(o,"syncTokensAsync",s),g=l.getLoginParams(),C&&await l.setDemonstratingProofOfPossessionNonce(C);else{const b=E(e.configurationName,s.storage);g=b.getLoginParams(),C&&await b.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(c.checkSessionIframe,t,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:S,state:"request.state",callbackPath:g.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},be={access_token:"access_token",refresh_token:"refresh_token"},ae=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const r=t.replace(n,"");s[r]=o}return s}return s},cn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},ln=e=>async n=>{F.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await E(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},un=(e,n,s,t,o)=>async(r=void 0,i=null)=>{const c=e.configuration,a=await e.initAsync(c.authority,c.authority_configuration);r&&typeof r!="string"&&(r=void 0,t.warn("callbackPathOrUrl path is not a string"));const d=r??o.getPath();let f=!1;r&&(f=r.includes("https://")||r.includes("http://"));const l=f?r:o.getOrigin()+d,u=e.tokens?e.tokens.idToken:"";try{const w=a.revocationEndpoint;if(w){const A=[],v=e.tokens?e.tokens.accessToken:null;if(v&&c.logout_tokens_to_invalidate.includes(be.access_token)){const p=ae(i,":revoke_access_token"),g=Ae(s)(w,v,re.access_token,c.client_id,p);A.push(g)}const T=e.tokens?e.tokens.refreshToken:null;if(T&&c.logout_tokens_to_invalidate.includes(be.refresh_token)){const p=ae(i,":revoke_refresh_token"),g=Ae(s)(w,T,re.refresh_token,c.client_id,p);A.push(g)}A.length>0&&await Promise.all(A)}}catch(w){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(w)}const _=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[w,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,_):e.publishEvent(m.logout_from_same_tab,{});const k=ae(i,":oidc");if(k&&k.no_reload==="true")return;const h=cn(i);if(a.endSessionEndpoint){"id_token_hint"in h||(h.id_token_hint=u),!("post_logout_redirect_uri"in h)&&r!==null&&(h.post_logout_redirect_uri=l);let w="";for(const[A,v]of Object.entries(h))v!=null&&(w===""?w+="?":w+="&",w+=`${A}=${encodeURIComponent(v)}`);o.open(`${a.endSessionEndpoint}${w}`)}else o.reload()},fn=e=>async(n=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;for(;e.tokens&&!ne(e.tokens);)await $({milliseconds:200});if(!e.tokens)return null;const s=e.tokens.accessToken;if(!s)return null;const t=e.configuration,r=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const d=await fetch(r,{headers:{authorization:`Bearer ${a}`}});return d.status!==200?null:d.json()})(s);return e.userInfo=c,c};class q{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const dn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),_n=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const r=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in r){const a=r[c];if(a.r.test(s)){o=a.s;break}}let i=t;switch(/Windows/.test(o)&&(i=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":i=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);c!=null&&c.length>2&&(i=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:i}};function hn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const yn=()=>{const{name:e,version:n}=hn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=_n(navigator);return!dn(s)},gn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const r=n.getLoginParams(e.configurationName);e.timeoutId=B(e,e.tokens.expiresAt,r.extras);const i=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,i),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=E(e.configurationName,s.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){e.tokens=X(r,null,s.token_renew_mode);const i=o.getLoginParams();e.timeoutId=B(e,e.tokens.expiresAt,i.extras);const c=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,c),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Pe=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const L={},kn=(e,n=new q)=>(s,t="default")=>(L[t]||(L[t]=new x(s,t,e,n)),L[t]),mn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=B(e,n.expiresAt),{callbackPath:s}},pn=e=>Math.floor(Math.random()*e),H=class H{constructor(n,s="default",t,o=new q){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let r=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(r=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let i=n.refresh_time_before_tokens_expiration_in_second??120;i>60&&(i=i-Math.floor(Math.random()*40)),this.location=o??new q;const c=n.service_worker_update_require_callback??De(this.location);this.configuration={...n,silent_login_uri:r,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:i,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??Y.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:n.service_worker_activate??yn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ue},this.getFetch=t??Pe,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=pn(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(L,n)&&s)throw Error(`OIDC library does seem initialized.
-Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return L[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=j(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=j(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ce({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const r=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Ye(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,r,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=gn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,s,t,o=!1){await sn(this,L,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,r=!1){return this.loginPromise!==null?this.loginPromise:r?nn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=rn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.then(i=>(this.loginPromise=null,i)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await an(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||E(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(H.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){const o=this.configuration,r={ath:await we(n)},i=await I(o,this.configurationName);let c,a;if(i)c=await i.getDemonstratingProofOfPossessionNonce(),a=await i.getDemonstratingProofOfPossessionJwkAsync();else{const d=E(this.configurationName,o.storage);a=await d.getDemonstratingProofOfPossessionJwkAsync(),c=await d.getDemonstratingProofOfPossessionNonce()}return c&&(r.nonce=c),await me(o.demonstrating_proof_of_possession_configuration)(a,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=mn(this),this.loginCallbackWithAutoTokensRenewPromise.then(n=>(this.loginCallbackWithAutoTokensRenewPromise=null,n)))}userInfoAsync(n=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=fn(this)(n),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return F.clearTimeout(this.timeoutId),this.renewTokensPromise=ve(this,!0,n),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(n){return await ln(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=un(this,L,this.getFetch(),console,this.location)(n,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};H.getOrCreate=(n,s)=>(t,o="default")=>kn(n,s)(t,o),H.eventNames=m;let x=H;const wn=(e,n)=>async(...s)=>{var u;const[t,o,...r]=s,i=o?{...o}:{method:"GET"};let c=new Headers;i.headers&&(c=i.headers instanceof Headers?i.headers:new Headers(i.headers));const a=n,d=await a.getValidTokenAsync(),f=(u=d==null?void 0:d.tokens)==null?void 0:u.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const _=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),i.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",_)}else c.set("Authorization",`Bearer ${f}`);i.credentials||(i.credentials="same-origin")}const l={...i,headers:c};return await e(t,l,...r)},U=class U{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new U(x.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,r=!1){return this._oidc.loginAsync(n,s,t,o,r)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t)}async getValidTokenAsync(n=200,s=50){return xe(this._oidc,n,s)}fetchWithTokens(n){return wn(n,this)}async userInfoAsync(n=!1){return this._oidc.userInfoAsync(n)}};U.getOrCreate=(n,s=new q)=>(t,o="default")=>new U(x.getOrCreate(n,s)(t,o)),U.eventNames=x.eventNames;let le=U;N.OidcClient=le,N.OidcLocation=q,N.TokenRenewMode=Y,N.getFetchDefault=Pe,N.getParseQueryStringFromLocation=j,N.getPath=tn,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});
+(function(N,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(N=typeof globalThis<"u"?globalThis:N||self,G(N["oidc-client"]={}))})(this,function(N){"use strict";const D=console;class Oe{constructor(n,s,t,o=2e3,r=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=r;const i=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,i),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(D.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(D.debug(n),D.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):D.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){D.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(D.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},E=(e,n=sessionStorage)=>{const s=p=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{n[`oidc.${e}`]=JSON.stringify({tokens:p})},r=async p=>{n[`oidc.session_state.${e}`]=p},i=async()=>n[`oidc.session_state.${e}`],c=p=>{n[`oidc.nonce.${e}`]=p.nonce},a=p=>{n[`oidc.jwk.${e}`]=JSON.stringify(p)},_=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async p=>{n[`oidc.dpop_nonce.${e}`]=p},u=()=>n[`oidc.dpop_nonce.${e}`],d=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let k={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:d,setSessionStateAsync:r,getSessionStateAsync:i,setNonceAsync:c,getNonceAsync:f,setLoginParams:p=>{k[e]=p,n[`oidc.login.${e}`]=JSON.stringify(p)},getLoginParams:()=>{const p=n[`oidc.login.${e}`];return p?(k[e]||(k[e]=JSON.parse(p)),k[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async p=>{n[`oidc.state.${e}`]=p},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async p=>{n[`oidc.code_verifier.${e}`]=p},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:_}},Ee=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Ie=e=>JSON.parse(Ee(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&Ce(e,".")===2?Ie(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Ce=(e,n)=>e.split(n).length-1,Y={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Ne(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const X=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let r;n!=null&&"idToken"in n&&!("idToken"in e)?r=n.idToken:r=e.idToken;const i=e.idTokenPayload?e.idTokenPayload:ue(r),c=i&&i.exp?i.exp:Number.MAX_VALUE,a=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Ne(e,t,i);let _;e.expiresAt?_=e.expiresAt:s===Y.access_token_invalid?_=a:s===Y.id_token_invalid?_=c:_=c<a?c:a;const f={...e,idTokenPayload:i,accessTokenPayload:t,expiresAt:_,idToken:r};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),X(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},ne=e=>e?M(0,e.expiresAt)>0:!1,xe=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!ne(e.tokens)&&t>0;)await $({milliseconds:n}),t=t-1;return{isTokensValid:ne(e.tokens),tokens:e.tokens,numberWaited:t-s}},fe=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const r=60*60*24*7;if(t.iat&&t.iat+r<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+r} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},F=function(){const e=function(){let a,_;const f=(function(){const u={},d={setTimeout:function(y,h,w){u[h]=setTimeout(function(){y.postMessage(h),u[h]=null},w)},setInterval:function(y,h,w){u[h]=setInterval(function(){y.postMessage(h)},w)},clearTimeout:function(y,h){clearTimeout(u[h]),u[h]=null},clearInterval:function(y,h){clearInterval(u[h]),u[h]=null}};function k(y,h){const w=h.data[0],A=h.data[1],v=h.data[2];d[w]&&d[w](y,A,v)}this.onmessage=function(y){k(self,y)},this.onconnect=function(y){const h=y.ports[0];h.onmessage=function(w){k(h,w)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});_=URL.createObjectURL(u)}catch{return null}const l=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(_),a.port}catch{l&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(_),a}catch{l&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),s={},t={};e.onmessage=function(a){const _=a.data,f=s[_];if(f){f(),s[_]=null;return}const l=t[_];l&&l()};function o(a,_){const f=n();return e.postMessage(["setTimeout",f,_]),s[f]=a,f}function r(a){e.postMessage(["clearTimeout",a]),s[a]=null}function i(a,_){const f=n();return e.postMessage(["setInterval",f,_]),t[f]=a,f}function c(a){e.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:r,setInterval:i,clearInterval:c}}(),_e="7.19.0";let de=null,z;const $=({milliseconds:e})=>new Promise(n=>F.setTimeout(n,e)),he=(e="/")=>{try{z=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:z.signal}).catch(t=>{console.log(t)}),$({milliseconds:150*1e3}).then(he)}catch(n){console.log(n)}},We=()=>{z&&z.abort()},Le=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),De=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistering ${t}`),await $({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(r){r.data&&r.data.error?t(r.data.error):s(r.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.register?t=await e.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(t)({type:"claim"})}catch{return null}const o=async g=>O(t)({type:"clear",data:{status:g},configurationName:n}),r=async(g,S,C)=>{const b=await O(t)({type:"init",data:{oidcServerConfiguration:g,where:S,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),V=b.version;return V!==_e&&(console.warn(`Service worker ${V} version mismatch with js client version ${_e}, unregistering and reloading`),await C.service_worker_update_require_callback(t,We)),{tokens:ee(b.tokens,null,C.token_renew_mode),status:b.status}},i=(g="/")=>{de==null&&(de="not_null",he(g))},c=g=>O(t)({type:"setSessionState",data:{sessionState:g},configurationName:n}),a=async()=>(await O(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,_=g=>(sessionStorage[`oidc.nonce.${n}`]=g.nonce,O(t)({type:"setNonce",data:{nonce:g},configurationName:n})),f=async()=>{let S=(await O(t)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}};let l={};return{clearAsync:o,initAsync:r,startKeepAliveServiceWorker:()=>i(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Le(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:a,setNonceAsync:_,getNonceAsync:f,setLoginParams:g=>{l[n]=g,localStorage[`oidc.login.${n}`]=JSON.stringify(g)},getLoginParams:()=>{const g=localStorage[`oidc.login.${n}`];return l[n]||(l[n]=JSON.parse(g)),l[n]},getStateAsync:async()=>{let S=(await O(t)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async g=>(sessionStorage[`oidc.state.${n}`]=g,O(t)({type:"setState",data:{state:g},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await O(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async g=>(sessionStorage[`oidc.code_verifier.${n}`]=g,O(t)({type:"setCodeVerifier",data:{codeVerifier:g},configurationName:n})),setDemonstratingProofOfPossessionNonce:async g=>{await O(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:g},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async g=>{const S=JSON.stringify(g);await O(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const g=await O(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return g.demonstratingProofOfPossessionJwkJson?JSON.parse(g.demonstratingProofOfPossessionJwkJson):null}}},R={},$e=(e,n=window.sessionStorage,s)=>{if(!R[e]&&n){const o=n.getItem(e);o&&(R[e]=JSON.parse(o))}const t=1e3*s;return R[e]&&R[e].timestamp+t>Date.now()?R[e].result:null},Re=(e,n,s=window.sessionStorage)=>{const t=Date.now();R[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function ye(e){return new TextEncoder().encode(e)}function ge(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Ke(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const se=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),ge(n)};function ke(e){return ge(Ke(e))}const Ue={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var Ve={sign:e=>async(n,s,t,o,r="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=r,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const i={protected:ke(JSON.stringify(s)),payload:ke(JSON.stringify(t))},c=o.importKeyAlgorithm,a=!0,_=["sign"],f=await e.crypto.subtle.importKey("jwk",n,c,a,_),l=ye(`${i.protected}.${i.payload}`),u=o.signAlgorithm,d=await e.crypto.subtle.sign(u,f,l);return i.signature=se(new Uint8Array(d)),`${i.protected}.${i.payload}.${i.signature}`}};const Me={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],r=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",r.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var Fe={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,ye(t));return se(new Uint8Array(o))}};const Je=e=>async n=>await Me.generate(e)(n),me=e=>n=>async(s,t="POST",o,r={})=>{const i={jti:btoa(Be()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...r},c=await Fe.thumbprint(e)(s,n.digestAlgorithm);return await Ve.sign(e)(s,{kid:c},i,n)},Be=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},pe=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},te="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",je=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%te.length;n.push(te[t])}return n.join("")},oe=e=>{const n=new Uint8Array(e),{hasCrypto:s}=pe();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*te.length|0;return je(n)};function qe(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function we(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",qe(e)).then(t=>n(se(new Uint8Array(t))),t=>s(t))})}const He=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=pe();return n?we(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Ge=60*60,Ye=e=>async(n,s=Ge,t=window.sessionStorage,o=1e4)=>{const r=`${n}/.well-known/openid-configuration`,i=`oidc.server:${n}`,c=$e(i,t,s);if(c)return new ce(c);const a=await J(e)(r,{},o);if(a.status!==200)return null;const _=await a.json();return Re(i,_,t),new ce(_)},J=e=>async(n,s={},t=1e4,o=0)=>{let r;try{const i=new AbortController;setTimeout(()=>i.abort(),t),r=await e(n,{...s,signal:i.signal})}catch(i){if(i.name==="AbortError"||i.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw i}else throw console.error(i.message),i}return r},re={refresh_token:"refresh_token",access_token:"access_token"},Ae=e=>async(n,s,t=re.refresh_token,o,r={},i=1e4)=>{const c={token:s,token_type_hint:t,client_id:o};for(const[l,u]of Object.entries(r))c[l]===void 0&&(c[l]=u);const a=[];for(const l in c){const u=encodeURIComponent(l),d=encodeURIComponent(c[l]);a.push(`${u}=${d}`)}const _=a.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:_},i)).status!==200?{success:!1}:{success:!0}},Xe=e=>async(n,s,t,o,r={},i,c=1e4)=>{for(const[d,k]of Object.entries(t))s[d]===void 0&&(s[d]=k);const a=[];for(const d in s){const k=encodeURIComponent(d),y=encodeURIComponent(s[d]);a.push(`${k}=${y}`)}const _=a.join("&"),f=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...r},body:_},c);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let u=null;return f.headers.has(Q)&&(u=f.headers.get(Q)),{success:!0,status:f.status,data:ee(l,o,i),demonstratingProofOfPossessionNonce:u}},ze=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=oe(128),r=await He(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=r,t.code_challenge_method="S256";let i="";if(t)for(const[c,a]of Object.entries(t))i===""?i+="?":i+="&",i+=`${c}=${encodeURIComponent(a)}`;n.open(`${s}${i}`)},Q="DPoP-Nonce",Qe=e=>async(n,s,t,o,r=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const i=[];for(const l in s){const u=encodeURIComponent(l),d=encodeURIComponent(s[l]);i.push(`${u}=${d}`)}const c=i.join("&"),a=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:c},r);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let _=null;a.headers.has(Q)&&(_=a.headers.get(Q));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ee(f,null,o),demonstratingProofOfPossessionNonce:_}}};async function Se(e,n,s){const t=c=>{e.tokens=c},{tokens:o,status:r}=await Z(e)(0,n,s,t);return await I(e.configuration,e.configurationName)||await E(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(r),null)}const Ze=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=E(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=X(o,e.tokens,n.token_renew_mode),o}};async function ve(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let r;const i=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!i?r=await Se(e,n,s):r=await navigator.locks.request(o,{ifAvailable:!0},async c=>c?await Se(e,n,s):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await Ze(e,t))),r?(e.timeoutId&&(e.timeoutId=B(e,e.tokens.expiresAt,s)),e.tokens):null}const B=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return F.setTimeout(async()=>{const r={timeLeft:M(t,n)};e.publishEvent(x.eventNames.token_timer,r),await ve(e,!1,s)},1e3)},K={SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},en=e=>async(n,s,t,o=!1)=>{const r={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:r};let i=r;const c=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,s);if(a){const{status:l,tokens:u}=await a.initAsync(c,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};if(l==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(!l||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:r};if(u.issuedAt!==t.issuedAt){const k=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",y=await a.getNonceAsync();return{tokens:u,status:k,nonce:y}}i=await a.getNonceAsync()}else{const l=E(s,n.storage??sessionStorage);let{tokens:u,status:d}=await l.initAsync();if(u&&(u=X(u,e.tokens,n.token_renew_mode)),u){if(d==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(u.issuedAt!==t.issuedAt){const y=M(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",h=await l.getNonceAsync();return{tokens:u,status:y,nonce:h}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};i=await l.getNonceAsync()}const f=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:i}:{tokens:t,status:f,nonce:i}},Z=e=>async(n=0,s=!1,t=null,o)=>{for(;!navigator.onLine&&document.hidden;)await $({milliseconds:1e3}),e.publishEvent(m.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await $({milliseconds:1e3}),r--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const i=document.hidden,c=n+1;t||(t={});const a=e.configuration,_=(l,u=null,d=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(l,u,d),f=async()=>{try{let l;const u=await I(a,e.configurationName);u?l=u.getLoginParams():l=E(e.configurationName,a.storage).getLoginParams();const d=await _({...l.extras,...t,prompt:"none"});return d?d.error?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(d.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:d.tokens,status:"LOGGED"}):(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),await Z(e)(c,s,t,o)}};if(n>4)return i?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:l,tokens:u,nonce:d}=await en(e)(a,e.configurationName,e.tokens,s);switch(l){case K.SESSION_LOST:return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case K.NOT_CONNECTED:return o(null),{tokens:null,status:null};case K.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case K.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case K.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case K.REQUIRE_SYNC_TOKENS:return e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:n}),await f();default:{if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:n}),!u.refreshToken)return await f();const k=a.client_id,y=a.redirect_uri,h=a.authority,A={...a.token_request_extras?a.token_request_extras:{}};for(const[T,p]of Object.entries(t))T.endsWith(":token_request")&&(A[T.replace(":token_request","")]=p);return await(async()=>{const T={client_id:k,redirect_uri:y,grant_type:"refresh_token",refresh_token:u.refreshToken},p=await e.initAsync(h,a.authority_configuration),g=document.hidden?1e4:3e4*10,S=p.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,S,"POST"));const b=await Xe(e.getFetch())(S,T,A,u,C,a.token_renew_mode,g);if(b.success){const{isValid:V,reason:P}=fe(b.data,d.nonce,p);if(!V)return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${P}`}),{tokens:null,status:"SESSION_LOST"};if(o(b.data),b.demonstratingProofOfPossessionNonce){const L=await I(a,e.configurationName);L?await L.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await E(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:b.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await Z(e)(c,s,t,o)})()}}}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),Z(e)(c,s,t,o)}},ie=(e,n,s)=>(t=null,o=null,r=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let i="";if(o&&(t==null&&(t={}),t.state=o),r&&(t==null&&(t={}),t.scope=r),t!=null)for(const[l,u]of Object.entries(t))i===""?i=`?${encodeURIComponent(l)}=${encodeURIComponent(u)}`:i+=`&${encodeURIComponent(l)}=${encodeURIComponent(u)}`;const c=n.silent_login_uri+i,a=c.indexOf("/",c.indexOf("//")+2),_=c.substr(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",c),document.body.appendChild(f),new Promise((l,u)=>{try{let d=!1;window.onmessage=y=>{if(y.origin===_&&y.source===f.contentWindow){const h=`${e}_oidc_tokens:`,w=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,v=y.data;if(v&&typeof v=="string"&&!d){if(v.startsWith(h)){const T=JSON.parse(y.data.replace(h,""));s(m.silentLoginAsync_end,{}),f.remove(),d=!0,l(T)}else if(v.startsWith(w)){const T=JSON.parse(y.data.replace(w,""));s(m.silentLoginAsync_error,T),f.remove(),d=!0,l({error:"oidc_"+T.error,tokens:null,sessionState:null})}else if(v.startsWith(A)){const T=JSON.parse(y.data.replace(A,""));s(m.silentLoginAsync_error,T),f.remove(),d=!0,u(new Error(T.error))}}}};const k=n.silent_login_timeout;setTimeout(()=>{d||(s(m.silentLoginAsync_error,{reason:"timeout"}),f.remove(),d=!0,u(new Error("timeout")))},k)}catch(d){f.remove(),s(m.silentLoginAsync_error,d),u(d)}})}catch(i){throw s(m.silentLoginAsync_error,i),i}},nn=(e,n,s,t,o)=>(r=null,i=void 0)=>{r={...r};const c=(_,f,l)=>ie(n,s,t.bind(o))(_,f,l);return(async()=>{o.timeoutId&&F.clearTimeout(o.timeoutId);let _;r&&"state"in r&&(_=r.state,delete r.state);try{const f=s.extras?{...s.extras,...r}:r,l=await c({...f,prompt:"none"},_,i);if(l)return o.tokens=l.tokens,t(m.token_aquired,{}),o.timeoutId=B(o,o.tokens.expiresAt,r),{}}catch(f){return f}})()},sn=(e,n,s)=>(t,o,r,i=!1)=>{const c=(a,_=void 0,f=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(a,_,f);return new Promise((a,_)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&r&&!i){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const u=l.idToken,d=l.idTokenPayload;return c({prompt:"none",id_token_hint:u,scope:s.scope||"openid"}).then(k=>{if(k.error)throw new Error(k.error);const y=k.tokens.idTokenPayload;if(d.sub===y.sub){const h=k.sessionState;e.checkSessionIFrame.start(k.sessionState),d.sid===y.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",h):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",h)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",y.sub)}).catch(async k=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",k);for(const[y,h]of Object.entries(n))await h.logoutOtherTabAsync(s.client_id,d.sub)})};e.checkSessionIFrame=new Oe(f,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(r),a(e.checkSessionIFrame)}).catch(l=>{_(l)})}else a(null)})},Te=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},tn=e=>{const n=Te(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},j=e=>{const n=Te(e),{search:s}=n;return on(s)},on=e=>{const n={};let s,t,o;const r=e.split("&");for(t=0,o=r.length;t<o;t++)s=r[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},rn=(e,n,s,t,o)=>(r=void 0,i=null,c=!1,a=void 0)=>{const _=i;return i={...i},(async()=>{const l=r||o.getPath();if("state"in i||(i.state=oe(16)),s(m.loginAsync_begin,{}),i)for(const u of Object.keys(i))u.endsWith(":token_request")&&delete i[u];try{const u=c?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const d=n.extras?{...n.extras,...i}:i;d.nonce||(d.nonce=oe(12));const k={nonce:d.nonce},y=await I(n,e),h=await t(n.authority,n.authority_configuration);let w;if(y)y.setLoginParams({callbackPath:l,extras:_}),await y.initAsync(h,"loginAsync",n),await y.setNonceAsync(k),y.startKeepAliveServiceWorker(),w=y;else{const v=E(e,n.storage??sessionStorage);v.setLoginParams({callbackPath:l,extras:_}),await v.setNonceAsync(k),w=v}const A={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",...d};await ze(w,o)(h.authorizationEndpoint,A)}catch(u){throw s(m.loginAsync_error,u),u}})()},an=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,r=s.authority,i=s.token_request_timeout,c=await e.initAsync(r,s.authority_configuration),a=e.location.getCurrentHref(),f=j(a).session_state,l=await I(s,e.configurationName);let u,d,k,y;if(l)await l.initAsync(c,"loginCallbackAsync",s),await l.setSessionStateAsync(f),d=await l.getNonceAsync(),k=l.getLoginParams(),y=await l.getStateAsync(),l.startKeepAliveServiceWorker(),u=l;else{const P=E(e.configurationName,s.storage??sessionStorage);await P.setSessionStateAsync(f),d=await P.getNonceAsync(),k=P.getLoginParams(),y=await P.getStateAsync(),u=P}const h=j(a);if(h.error||h.error_description)throw new Error(`Error from OIDC server: ${h.error} - ${h.error_description}`);if(h.iss&&h.iss!==c.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${c.issuer}, received: ${h.iss})`);if(h.state&&h.state!==y)throw new Error(`State not valid (expected: ${y}, received: ${h.state})`);const w={code:h.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},A={};if(s.token_request_extras)for(const[P,L]of Object.entries(s.token_request_extras))A[P]=L;if(k&&k.extras)for(const[P,L]of Object.entries(k.extras))P.endsWith(":token_request")&&(A[P.replace(":token_request","")]=L);const v=c.tokenEndpoint,T={};if(s.demonstrating_proof_of_possession)if(l)T.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const P=await Je(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await E(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(P),T.DPoP=await me(window)(s.demonstrating_proof_of_possession_configuration)(P,"POST",v)}const p=await Qe(u)(v,{...w,...A},T,e.configuration.token_renew_mode,i);if(!p.success)throw new Error("Token request failed");let g;const S=p.data.tokens,C=p.data.demonstratingProofOfPossessionNonce;if(p.data.state!==A.state)throw new Error("state is not valid");const{isValid:b,reason:V}=fe(S,d.nonce,c);if(!b)throw new Error(`Tokens are not OpenID valid, reason: ${V}`);if(l){if(S.refreshToken&&!S.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&S.accessToken&&S.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(o,"syncTokensAsync",s),g=l.getLoginParams(),C&&await l.setDemonstratingProofOfPossessionNonce(C);else{const P=E(e.configurationName,s.storage);g=P.getLoginParams(),C&&await P.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(c.checkSessionIframe,t,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:S,state:"request.state",callbackPath:g.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},be={access_token:"access_token",refresh_token:"refresh_token"},ae=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const r=t.replace(n,"");s[r]=o}return s}return s},cn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},ln=e=>async n=>{F.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await E(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},un=(e,n,s,t,o)=>async(r=void 0,i=null)=>{const c=e.configuration,a=await e.initAsync(c.authority,c.authority_configuration);r&&typeof r!="string"&&(r=void 0,t.warn("callbackPathOrUrl path is not a string"));const _=r??o.getPath();let f=!1;r&&(f=r.includes("https://")||r.includes("http://"));const l=f?r:o.getOrigin()+_,u=e.tokens?e.tokens.idToken:"";try{const w=a.revocationEndpoint;if(w){const A=[],v=e.tokens?e.tokens.accessToken:null;if(v&&c.logout_tokens_to_invalidate.includes(be.access_token)){const p=ae(i,":revoke_access_token"),g=Ae(s)(w,v,re.access_token,c.client_id,p);A.push(g)}const T=e.tokens?e.tokens.refreshToken:null;if(T&&c.logout_tokens_to_invalidate.includes(be.refresh_token)){const p=ae(i,":revoke_refresh_token"),g=Ae(s)(w,T,re.refresh_token,c.client_id,p);A.push(g)}A.length>0&&await Promise.all(A)}}catch(w){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(w)}const d=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[w,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,d):e.publishEvent(m.logout_from_same_tab,{});const k=ae(i,":oidc");if(k&&k.no_reload==="true")return;const h=cn(i);if(a.endSessionEndpoint){"id_token_hint"in h||(h.id_token_hint=u),!("post_logout_redirect_uri"in h)&&r!==null&&(h.post_logout_redirect_uri=l);let w="";for(const[A,v]of Object.entries(h))v!=null&&(w===""?w+="?":w+="&",w+=`${A}=${encodeURIComponent(v)}`);o.open(`${a.endSessionEndpoint}${w}`)}else o.reload()},fn=e=>async(n=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;for(;e.tokens&&!ne(e.tokens);)await $({milliseconds:200});if(!e.tokens)return null;const s=e.tokens.accessToken;if(!s)return null;const t=e.configuration,r=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,c=await(async a=>{const _=await fetch(r,{headers:{authorization:`Bearer ${a}`}});return _.status!==200?null:_.json()})(s);return e.userInfo=c,c};class q{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const _n=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),dn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const r=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const c in r){const a=r[c];if(a.r.test(s)){o=a.s;break}}let i=t;switch(/Windows/.test(o)&&(i=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":i=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const c=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);c!=null&&c.length>2&&(i=c[1]+"."+c[2]+"."+(parseInt(c[3])|0));break}}return{os:o,osVersion:i}};function hn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const yn=()=>{const{name:e,version:n}=hn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=dn(navigator);return!_n(s)},gn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const r=n.getLoginParams(e.configurationName);e.timeoutId=B(e,e.tokens.expiresAt,r.extras);const i=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,i),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=E(e.configurationName,s.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){e.tokens=X(r,null,s.token_renew_mode);const i=o.getLoginParams();e.timeoutId=B(e,e.tokens.expiresAt,i.extras);const c=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,c),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Pe=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const W={},kn=(e,n=new q)=>(s,t="default")=>(W[t]||(W[t]=new x(s,t,e,n)),W[t]),mn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=B(e,n.expiresAt),{callbackPath:s}},pn=e=>Math.floor(Math.random()*e),H=class H{constructor(n,s="default",t,o=new q){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let r=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(r=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let i=n.refresh_time_before_tokens_expiration_in_second??120;i>60&&(i=i-Math.floor(Math.random()*40)),this.location=o??new q;const c=n.service_worker_update_require_callback??De(this.location);this.configuration={...n,silent_login_uri:r,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:i,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??Y.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:c,service_worker_activate:n.service_worker_activate??yn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ue},this.getFetch=t??Pe,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=pn(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(W,n)&&s)throw Error(`OIDC library does seem initialized.
+Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return W[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=j(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=j(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ce({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const r=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Ye(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,r,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=gn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,s,t,o=!1){await sn(this,W,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,r=!1){return this.loginPromise!==null?this.loginPromise:r?nn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=rn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.then(i=>(this.loginPromise=null,i)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await an(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||E(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(H.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){const o=this.configuration,r={ath:await we(n)},i=await I(o,this.configurationName);let c;if(i)return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const a=E(this.configurationName,o.storage);let _=await a.getDemonstratingProofOfPossessionJwkAsync();return c=await a.getDemonstratingProofOfPossessionNonce(),c&&(r.nonce=c),await me(window)(o.demonstrating_proof_of_possession_configuration)(_,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=mn(this),this.loginCallbackWithAutoTokensRenewPromise.then(n=>(this.loginCallbackWithAutoTokensRenewPromise=null,n)))}userInfoAsync(n=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=fn(this)(n),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return F.clearTimeout(this.timeoutId),this.renewTokensPromise=ve(this,!0,n),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(n){return await ln(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=un(this,W,this.getFetch(),console,this.location)(n,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};H.getOrCreate=(n,s)=>(t,o="default")=>kn(n,s)(t,o),H.eventNames=m;let x=H;const wn=(e,n)=>async(...s)=>{var u;const[t,o,...r]=s,i=o?{...o}:{method:"GET"};let c=new Headers;i.headers&&(c=i.headers instanceof Headers?i.headers:new Headers(i.headers));const a=n,_=await a.getValidTokenAsync(),f=(u=_==null?void 0:_.tokens)==null?void 0:u.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const d=await a.generateDemonstrationOfProofOfPossessionAsync(f,t.toString(),i.method);c.set("Authorization",`PoP ${f}`),c.set("DPoP",d)}else c.set("Authorization",`Bearer ${f}`);i.credentials||(i.credentials="same-origin")}const l={...i,headers:c};return await e(t,l,...r)},U=class U{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new U(x.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,r=!1){return this._oidc.loginAsync(n,s,t,o,r)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t)}async getValidTokenAsync(n=200,s=50){return xe(this._oidc,n,s)}fetchWithTokens(n){return wn(n,this)}async userInfoAsync(n=!1){return this._oidc.userInfoAsync(n)}};U.getOrCreate=(n,s=new q)=>(t,o="default")=>new U(x.getOrCreate(n,s)(t,o)),U.eventNames=x.eventNames;let le=U;N.OidcClient=le,N.OidcLocation=q,N.TokenRenewMode=Y,N.getFetchDefault=Pe,N.getParseQueryStringFromLocation=j,N.getPath=tn,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});

package/dist/jwt.d.ts CHANGED Viewed

@@ -2,11 +2,11 @@ import { DemonstratingProofOfPossessionConfiguration } from "./types";
 export declare const uint8ToUrlBase64: (uint8: Uint8Array) => string;
 export declare const defaultDemonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration;
 export declare var JWT: {
-    sign: (jwk: any, headers: any, claims: any, demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration, jwtHeaderType?: string) => Promise<string>;
+    sign: (w: any) => (jwk: any, headers: any, claims: any, demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration, jwtHeaderType?: string) => Promise<string>;
 };
 export declare var JWK: {
-    thumbprint: (jwk: any, digestAlgorithm: AlgorithmIdentifier) => Promise<string>;
+    thumbprint: (w: any) => (jwk: any, digestAlgorithm: AlgorithmIdentifier) => Promise<string>;
 };
-export declare const generateJwkAsync: (generateKeyAlgorithm: RsaHashedKeyGenParams | EcKeyGenParams) => Promise<JsonWebKey>;
-export declare const generateJwtDemonstratingProofOfPossessionAsync: (demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration) => (jwk: any, method: string, url: string, extrasClaims?: {}) => Promise<string>;
+export declare const generateJwkAsync: (w: any) => (generateKeyAlgorithm: RsaHashedKeyGenParams | EcKeyGenParams) => Promise<any>;
+export declare const generateJwtDemonstratingProofOfPossessionAsync: (w: any) => (demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration) => (jwk: any, method: string, url: string, extrasClaims?: {}) => Promise<string>;
 //# sourceMappingURL=jwt.d.ts.map

package/dist/jwt.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAMA,OAAO,EAAC,2CAA2C,EAAC,MAAM,SAAS,CAAC;AAmCpE,eAAO,MAAM,gBAAgB,UAAU,UAAU,WAOhD,CAAA;AAUD,eAAO,MAAM,kDAAkD,EAAE,2CAahE,CAAA;AAgED,eAAO,IAAI,GAAG;~~6FA5DyE~~,2CAA2C;~~CA4D3G~~,CAAC;AAuDxB,eAAO,IAAI,GAAG;~~4CAxBkC~~,mBAAmB;~~CAwBtC~~,CAAC;AAE9B,eAAO,MAAM,gBAAgB,~~yBAAgC~~,qBAAqB,GAAG,cAAc,~~wBAOlG~~,CAAA;AAED,eAAO,MAAM,8CAA8C,~~gDAAiD~~,2CAA2C,qCAAuC,MAAM,~~uCAgBnM~~,CAAA"}
1	+ {"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAMA,OAAO,EAAC,2CAA2C,EAAC,MAAM,SAAS,CAAC;AAmCpE,eAAO,MAAM,gBAAgB,UAAU,UAAU,WAOhD,CAAA;AAUD,eAAO,MAAM,kDAAkD,EAAE,2CAahE,CAAA;AAgED,eAAO,IAAI,GAAG;cA5DE,GAAG,wFAA+E,2CAA2C;CA4DtH,CAAC;AAuDxB,eAAO,IAAI,GAAG;oBAxBQ,GAAG,iCAAkC,mBAAmB;CAwBjD,CAAC;AAE9B,eAAO,MAAM,gBAAgB,MAAM,GAAG,4BAAkC,qBAAqB,GAAG,cAAc,iBAO7G,CAAA;AAED,eAAO,MAAM,8CAA8C,MAAM,GAAG,mDAAmD,2CAA2C,qCAAuC,MAAM,uCAgB9M,CAAA"}

package/dist/version.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-declare const _default: "7.18.5";
+declare const _default: "7.19.0";
 export default _default;
 //# sourceMappingURL=version.d.ts.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@axa-fr/oidc-client",
-  "version": "7.18.5",
+  "version": "7.19.0",
   "private": false,
   "type": "module",
   "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
     "url": "https://github.com/AxaFrance/oidc-client.git"
   },
   "dependencies": {
-    "@axa-fr/oidc-client-service-worker": "7.18.5"
+    "@axa-fr/oidc-client-service-worker": "7.19.0"
   },
   "devDependencies": {
     "@testing-library/dom": "9.3.4",

package/src/initWorker.ts CHANGED Viewed

@@ -173,7 +173,7 @@ export const initWorkerAsync = async(configuration, configurationName) => {
     const setDemonstratingProofOfPossessionJwkAsync = async (demonstratingProofOfPossessionJwk:JsonWebKey) => {
         const demonstratingProofOfPossessionJwkJson = JSON.stringify(demonstratingProofOfPossessionJwk);
-        sendMessageAsync(registration)({ type: 'setDemonstratingProofOfPossessionJwk', data: { demonstratingProofOfPossessionJwkJson }, configurationName });
+        await sendMessageAsync(registration)({ type: 'setDemonstratingProofOfPossessionJwk', data: { demonstratingProofOfPossessionJwkJson }, configurationName });
     };
     const getDemonstratingProofOfPossessionJwkAsync = async () => {

package/src/jwt.ts CHANGED Viewed

@@ -73,7 +73,7 @@ export const defaultDemonstratingProofOfPossessionConfiguration: DemonstratingPr
 // @ts-ignore
-const sign = async (jwk, headers, claims, demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration, jwtHeaderType= 'dpop+jwt') => {
+const sign = (w:any) => async (jwk, headers, claims, demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration, jwtHeaderType= 'dpop+jwt') => {
     // Make a shallow copy of the key
     // (to set ext if it wasn't already set)
     jwk = Object.assign({}, jwk);
@@ -114,7 +114,7 @@ const sign = async (jwk, headers, claims, demonstratingProofOfPossessionConfigur
     // Actually do the import, which comes out as an abstract key type
     // @ts-ignore
-    const privateKey = await window.crypto.subtle.importKey('jwk', jwk, keyType, exportable, privileges);
+    const privateKey = await w.crypto.subtle.importKey('jwk', jwk, keyType, exportable, privileges);
     // Convert UTF-8 to Uint8Array ArrayBuffer
     // @ts-ignore
     const data = strToUint8(`${jws.protected}.${jws.payload}`);
@@ -123,7 +123,7 @@ const sign = async (jwk, headers, claims, demonstratingProofOfPossessionConfigur
     // https://tools.ietf.org/html/rfc7518#section-3
     const signatureType = demonstratingProofOfPossessionConfiguration.signAlgorithm;
-    const signature = await window.crypto.subtle.sign(signatureType, privateKey, data);
+    const signature = await w.crypto.subtle.sign(signatureType, privateKey, data);
     // returns an ArrayBuffer containing a JOSE (not X509) signature,
     // which must be converted to Uint8 to be useful
     // @ts-ignore
@@ -137,15 +137,15 @@ export var JWT = {sign};
 // @ts-ignore
-const generate = async (generateKeyAlgorithm: RsaHashedKeyGenParams | EcKeyGenParams) => {
+const generate = (w:any) => async (generateKeyAlgorithm: RsaHashedKeyGenParams | EcKeyGenParams) => {
     const keyType = generateKeyAlgorithm;
     const exportable = true;
     const privileges = ['sign', 'verify'];
     // @ts-ignore
-    const key = await window.crypto.subtle.generateKey(keyType, exportable, privileges);
+    const key = await w.crypto.subtle.generateKey(keyType, exportable, privileges);
     // returns an abstract and opaque WebCrypto object,
     // which in most cases you'll want to export as JSON to be able to save
-    return await window.crypto.subtle.exportKey('jwk', key.privateKey);
+    return await w.crypto.subtle.exportKey('jwk', key.privateKey);
 };
 // Create a Public Key from a Private Key
@@ -164,7 +164,7 @@ const EC = {
     neuter
 };
 // @ts-ignore
-const thumbprint = async (jwk, digestAlgorithm: AlgorithmIdentifier) => {
+const thumbprint = (w:any) => async (jwk, digestAlgorithm: AlgorithmIdentifier) => {
     let sortedPub;
     // lexigraphically sorted, no spaces
     switch (jwk.kty) {
@@ -184,22 +184,22 @@ const thumbprint = async (jwk, digestAlgorithm: AlgorithmIdentifier) => {
     }
     // The hash should match the size of the key,
     // but we're only dealing with P-256
-    const hash = await window.crypto.subtle.digest(digestAlgorithm, strToUint8(sortedPub));
+    const hash = await w.crypto.subtle.digest(digestAlgorithm, strToUint8(sortedPub));
     return uint8ToUrlBase64(new Uint8Array(hash));
 }
 export var JWK = {thumbprint};
-export const generateJwkAsync = async (generateKeyAlgorithm: RsaHashedKeyGenParams | EcKeyGenParams) => {
+export const generateJwkAsync = (w:any) => async (generateKeyAlgorithm: RsaHashedKeyGenParams | EcKeyGenParams) => {
     // @ts-ignore
-    const jwk = await EC.generate(generateKeyAlgorithm);
+    const jwk = await EC.generate(w)(generateKeyAlgorithm);
     // console.info('Private Key:', JSON.stringify(jwk));
     // @ts-ignore
     // console.info('Public Key:', JSON.stringify(EC.neuter(jwk)));
     return jwk;
 }
-export const generateJwtDemonstratingProofOfPossessionAsync = (demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration) => async (jwk, method = 'POST', url: string, extrasClaims={}) => {
+export const generateJwtDemonstratingProofOfPossessionAsync = (w:any) => (demonstratingProofOfPossessionConfiguration: DemonstratingProofOfPossessionConfiguration) => async (jwk, method = 'POST', url: string, extrasClaims={}) => {
     const claims = {
         // https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
@@ -210,9 +210,9 @@ export const generateJwtDemonstratingProofOfPossessionAsync = (demonstratingProo
         ...extrasClaims,
     };
     // @ts-ignore
-    const kid = await JWK.thumbprint(jwk, demonstratingProofOfPossessionConfiguration.digestAlgorithm);
+    const kid = await JWK.thumbprint(w)(jwk, demonstratingProofOfPossessionConfiguration.digestAlgorithm);
     // @ts-ignore
-    const jwt = await JWT.sign(jwk, { kid: kid }, claims, demonstratingProofOfPossessionConfiguration)
+    const jwt = await JWT.sign(w)(jwk, { kid: kid }, claims, demonstratingProofOfPossessionConfiguration)
     // console.info('JWT:', jwt);
     return jwt;
 }

package/src/login.ts CHANGED Viewed

@@ -149,14 +149,14 @@ export const loginCallbackAsync = (oidc:Oidc) => async (isSilentSignin = false)
         const url = oidcServerConfiguration.tokenEndpoint;
         const headersExtras = {};
         if(configuration.demonstrating_proof_of_possession) {
-            const jwk = await generateJwkAsync(configuration.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
             if (serviceWorker) {
-                await serviceWorker.setDemonstratingProofOfPossessionJwkAsync(jwk);
+                headersExtras['DPoP'] = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${oidc.configurationName}`;
             } else {
+                const jwk = await generateJwkAsync(window)(configuration.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
                 const session = initSession(oidc.configurationName, configuration.storage);
                 await session.setDemonstratingProofOfPossessionJwkAsync(jwk);
+                headersExtras['DPoP'] = await generateJwtDemonstratingProofOfPossessionAsync(window)(configuration.demonstrating_proof_of_possession_configuration)(jwk, 'POST', url);
             }
-            headersExtras['DPoP'] = await generateJwtDemonstratingProofOfPossessionAsync(configuration.demonstrating_proof_of_possession_configuration)(jwk, 'POST', url);
         }
         const tokenResponse = await performFirstTokenRequestAsync(storage)(url,

package/src/oidc.ts CHANGED Viewed

@@ -300,21 +300,21 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
         const serviceWorker = await initWorkerAsync(configuration, this.configurationName);
         let demonstratingProofOfPossessionNonce:string;
-        let jwk;
         if (serviceWorker) {
-            demonstratingProofOfPossessionNonce = await serviceWorker.getDemonstratingProofOfPossessionNonce();
-            jwk = await serviceWorker.getDemonstratingProofOfPossessionJwkAsync();
-        } else {
-            const session = initSession(this.configurationName, configuration.storage);
-            jwk = await session.getDemonstratingProofOfPossessionJwkAsync();
-            demonstratingProofOfPossessionNonce = await session.getDemonstratingProofOfPossessionNonce();
+            return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
         }
+        const session = initSession(this.configurationName, configuration.storage);
+        let jwk = await session.getDemonstratingProofOfPossessionJwkAsync();
+        demonstratingProofOfPossessionNonce = await session.getDemonstratingProofOfPossessionNonce();
         if (demonstratingProofOfPossessionNonce) {
             claimsExtras['nonce'] = demonstratingProofOfPossessionNonce;
         }
-        return await generateJwtDemonstratingProofOfPossessionAsync(configuration.demonstrating_proof_of_possession_configuration)(jwk, method, url, claimsExtras);
+        return await generateJwtDemonstratingProofOfPossessionAsync(window)(configuration.demonstrating_proof_of_possession_configuration)(jwk, method, url, claimsExtras);
     }
     loginCallbackWithAutoTokensRenewPromise:Promise<LoginCallback> = null;

package/src/version.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export default '7.18.5';
1	+ export default '7.19.0';