@axa-fr/oidc-client 7.18.5 → 7.19.1-alpha.1370

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/README.md +24 -2
  2. package/dist/index.js +267 -263
  3. package/dist/index.umd.cjs +2 -2
  4. package/dist/jwt.d.ts +4 -4
  5. package/dist/jwt.d.ts.map +1 -1
  6. package/dist/silentLogin.d.ts.map +1 -1
  7. package/dist/version.d.ts +1 -1
  8. package/dist/version.d.ts.map +1 -1
  9. package/package.json +2 -2
  10. package/src/initWorker.ts +1 -1
  11. package/src/jwt.ts +13 -13
  12. package/src/login.ts +3 -3
  13. package/src/oidc.ts +9 -9
  14. package/src/silentLogin.ts +44 -37
  15. package/src/version.ts +1 -1
package/README.md CHANGED
@@ -94,10 +94,32 @@ const trustedDomains = {
94
94
  trustedDomains.config_show_access_token = {
95
95
  oidcDomains :["https://demo.duendesoftware.com"],
96
96
  accessTokenDomains : ["https://www.myapi.com/users"],
97
- showAccessToken: true,
97
+ showAccessToken: false,
98
98
  // convertAllRequestsToCorsExceptNavigate: false, // default value is false
99
99
  // setAccessTokenToNavigateRequests: true, // default value is true
100
100
  };
101
+
102
+ // DPoP (Demonstrating Proof of Possession) will be activated for the following domains
103
+ trustedDomains.config_with_dpop = {
104
+ domains: ["https://demo.duendesoftware.com"],
105
+ demonstratingProofOfPossession: true
106
+ // Optional, more details bellow
107
+ /*demonstratingProofOfPossessionConfiguration: {
108
+ importKeyAlgorithm: {
109
+ name: 'ECDSA',
110
+ namedCurve: 'P-256',
111
+ hash: {name: 'ES256'}
112
+ },
113
+ signAlgorithm: {name: 'ECDSA', hash: {name: 'SHA-256'}},
114
+ generateKeyAlgorithm: {
115
+ name: 'ECDSA',
116
+ namedCurve: 'P-256'
117
+ },
118
+ digestAlgorithm: { name: 'SHA-256' },
119
+ jwtHeaderAlgorithm : 'ES256'
120
+ }*/
121
+ };
122
+
101
123
  ```
102
124
 
103
125
  The code of the demo :
@@ -113,7 +135,7 @@ export const configuration = {
113
135
  authority: 'https://demo.duendesoftware.com',
114
136
  service_worker_relative_url: '/OidcServiceWorker.js', // just comment that line to disable service worker mode
115
137
  service_worker_only: false,
116
- demonstrating_proof_of_possession: false, // demonstrating proof of possession will work only if access_token is accessible from the client (This is because WebCrypto API is not available inside a Service Worker)
138
+ demonstrating_proof_of_possession: false,
117
139
  };
118
140
 
119
141
  const href = window.location.href;