@axa-fr/oidc-client 7.19.5 → 7.20.0-alpha.1393
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +212 -209
- package/dist/index.umd.cjs +2 -2
- package/dist/oidc.d.ts +1 -1
- package/dist/oidc.d.ts.map +1 -1
- package/dist/oidcClient.d.ts +1 -1
- package/dist/oidcClient.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/oidc.ts +5 -2
- package/src/oidcClient.ts +2 -2
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -64,11 +64,11 @@ const p = {
|
|
|
64
64
|
n[`oidc.${e}`] = JSON.stringify({ tokens: y });
|
|
65
65
|
}, r = async (y) => {
|
|
66
66
|
n[`oidc.session_state.${e}`] = y;
|
|
67
|
-
}, i = async () => n[`oidc.session_state.${e}`],
|
|
67
|
+
}, i = async () => n[`oidc.session_state.${e}`], l = (y) => {
|
|
68
68
|
n[`oidc.nonce.${e}`] = y.nonce;
|
|
69
69
|
}, a = (y) => {
|
|
70
70
|
n[`oidc.jwk.${e}`] = JSON.stringify(y);
|
|
71
|
-
},
|
|
71
|
+
}, _ = () => JSON.parse(n[`oidc.jwk.${e}`]), f = async () => ({ nonce: n[`oidc.nonce.${e}`] }), c = async (y) => {
|
|
72
72
|
n[`oidc.dpop_nonce.${e}`] = y;
|
|
73
73
|
}, u = () => n[`oidc.dpop_nonce.${e}`], h = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null;
|
|
74
74
|
let g = {};
|
|
@@ -79,7 +79,7 @@ const p = {
|
|
|
79
79
|
getTokens: h,
|
|
80
80
|
setSessionStateAsync: r,
|
|
81
81
|
getSessionStateAsync: i,
|
|
82
|
-
setNonceAsync:
|
|
82
|
+
setNonceAsync: l,
|
|
83
83
|
getNonceAsync: f,
|
|
84
84
|
setLoginParams: (y) => {
|
|
85
85
|
g[e] = y, n[`oidc.login.${e}`] = JSON.stringify(y);
|
|
@@ -96,10 +96,10 @@ const p = {
|
|
|
96
96
|
setCodeVerifierAsync: async (y) => {
|
|
97
97
|
n[`oidc.code_verifier.${e}`] = y;
|
|
98
98
|
},
|
|
99
|
-
setDemonstratingProofOfPossessionNonce:
|
|
99
|
+
setDemonstratingProofOfPossessionNonce: c,
|
|
100
100
|
getDemonstratingProofOfPossessionNonce: u,
|
|
101
101
|
setDemonstratingProofOfPossessionJwkAsync: a,
|
|
102
|
-
getDemonstratingProofOfPossessionJwkAsync:
|
|
102
|
+
getDemonstratingProofOfPossessionJwkAsync: _
|
|
103
103
|
};
|
|
104
104
|
}, be = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (n) => "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2)).join("")), Pe = (e) => JSON.parse(be(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), ae = (e) => {
|
|
105
105
|
try {
|
|
@@ -129,14 +129,14 @@ const X = (e, n = null, s) => {
|
|
|
129
129
|
e.accessTokenPayload !== void 0 ? t = e.accessTokenPayload : t = ae(e.accessToken);
|
|
130
130
|
let r;
|
|
131
131
|
n != null && "idToken" in n && !("idToken" in e) ? r = n.idToken : r = e.idToken;
|
|
132
|
-
const i = e.idTokenPayload ? e.idTokenPayload : ae(r),
|
|
132
|
+
const i = e.idTokenPayload ? e.idTokenPayload : ae(r), l = i && i.exp ? i.exp : Number.MAX_VALUE, a = t && t.exp ? t.exp : e.issuedAt + o;
|
|
133
133
|
e.issuedAt = Ee(e, t, i);
|
|
134
|
-
let
|
|
135
|
-
e.expiresAt ?
|
|
136
|
-
const f = { ...e, idTokenPayload: i, accessTokenPayload: t, expiresAt:
|
|
134
|
+
let _;
|
|
135
|
+
e.expiresAt ? _ = e.expiresAt : s === Q.access_token_invalid ? _ = a : s === Q.id_token_invalid ? _ = l : _ = l < a ? l : a;
|
|
136
|
+
const f = { ...e, idTokenPayload: i, accessTokenPayload: t, expiresAt: _, idToken: r };
|
|
137
137
|
if (n != null && "refreshToken" in n && !("refreshToken" in e)) {
|
|
138
|
-
const
|
|
139
|
-
return { ...f, refreshToken:
|
|
138
|
+
const c = n.refreshToken;
|
|
139
|
+
return { ...f, refreshToken: c };
|
|
140
140
|
}
|
|
141
141
|
return f;
|
|
142
142
|
}, oe = (e, n, s) => {
|
|
@@ -186,57 +186,57 @@ const X = (e, n = null, s) => {
|
|
|
186
186
|
return { isValid: !0, reason: "" };
|
|
187
187
|
}, J = function() {
|
|
188
188
|
const e = function() {
|
|
189
|
-
let a,
|
|
189
|
+
let a, _;
|
|
190
190
|
const f = (function() {
|
|
191
191
|
const u = {}, h = {
|
|
192
|
-
setTimeout: function(m,
|
|
193
|
-
u[
|
|
194
|
-
m.postMessage(
|
|
192
|
+
setTimeout: function(m, d, w) {
|
|
193
|
+
u[d] = setTimeout(function() {
|
|
194
|
+
m.postMessage(d), u[d] = null;
|
|
195
195
|
}, w);
|
|
196
196
|
},
|
|
197
|
-
setInterval: function(m,
|
|
198
|
-
u[
|
|
199
|
-
m.postMessage(
|
|
197
|
+
setInterval: function(m, d, w) {
|
|
198
|
+
u[d] = setInterval(function() {
|
|
199
|
+
m.postMessage(d);
|
|
200
200
|
}, w);
|
|
201
201
|
},
|
|
202
|
-
clearTimeout: function(m,
|
|
203
|
-
clearTimeout(u[
|
|
202
|
+
clearTimeout: function(m, d) {
|
|
203
|
+
clearTimeout(u[d]), u[d] = null;
|
|
204
204
|
},
|
|
205
|
-
clearInterval: function(m,
|
|
206
|
-
clearInterval(u[
|
|
205
|
+
clearInterval: function(m, d) {
|
|
206
|
+
clearInterval(u[d]), u[d] = null;
|
|
207
207
|
}
|
|
208
208
|
};
|
|
209
|
-
function g(m,
|
|
210
|
-
const w =
|
|
209
|
+
function g(m, d) {
|
|
210
|
+
const w = d.data[0], A = d.data[1], v = d.data[2];
|
|
211
211
|
h[w] && h[w](m, A, v);
|
|
212
212
|
}
|
|
213
213
|
this.onmessage = function(m) {
|
|
214
214
|
g(self, m);
|
|
215
215
|
}, this.onconnect = function(m) {
|
|
216
|
-
const
|
|
217
|
-
|
|
218
|
-
g(
|
|
216
|
+
const d = m.ports[0];
|
|
217
|
+
d.onmessage = function(w) {
|
|
218
|
+
g(d, w);
|
|
219
219
|
};
|
|
220
220
|
};
|
|
221
221
|
}).toString();
|
|
222
222
|
try {
|
|
223
223
|
const u = new Blob(["(", f, ")()"], { type: "application/javascript" });
|
|
224
|
-
|
|
224
|
+
_ = URL.createObjectURL(u);
|
|
225
225
|
} catch {
|
|
226
226
|
return null;
|
|
227
227
|
}
|
|
228
|
-
const
|
|
228
|
+
const c = typeof process > "u";
|
|
229
229
|
try {
|
|
230
230
|
if (SharedWorker)
|
|
231
|
-
return a = new SharedWorker(
|
|
231
|
+
return a = new SharedWorker(_), a.port;
|
|
232
232
|
} catch {
|
|
233
|
-
|
|
233
|
+
c && console.warn("SharedWorker not available");
|
|
234
234
|
}
|
|
235
235
|
try {
|
|
236
236
|
if (Worker)
|
|
237
|
-
return a = new Worker(
|
|
237
|
+
return a = new Worker(_), a;
|
|
238
238
|
} catch {
|
|
239
|
-
|
|
239
|
+
c && console.warn("Worker not available");
|
|
240
240
|
}
|
|
241
241
|
return null;
|
|
242
242
|
}();
|
|
@@ -256,35 +256,35 @@ const X = (e, n = null, s) => {
|
|
|
256
256
|
};
|
|
257
257
|
}(), s = {}, t = {};
|
|
258
258
|
e.onmessage = function(a) {
|
|
259
|
-
const
|
|
259
|
+
const _ = a.data, f = s[_];
|
|
260
260
|
if (f) {
|
|
261
|
-
f(), s[
|
|
261
|
+
f(), s[_] = null;
|
|
262
262
|
return;
|
|
263
263
|
}
|
|
264
|
-
const
|
|
265
|
-
|
|
264
|
+
const c = t[_];
|
|
265
|
+
c && c();
|
|
266
266
|
};
|
|
267
|
-
function o(a,
|
|
267
|
+
function o(a, _) {
|
|
268
268
|
const f = n();
|
|
269
|
-
return e.postMessage(["setTimeout", f,
|
|
269
|
+
return e.postMessage(["setTimeout", f, _]), s[f] = a, f;
|
|
270
270
|
}
|
|
271
271
|
function r(a) {
|
|
272
272
|
e.postMessage(["clearTimeout", a]), s[a] = null;
|
|
273
273
|
}
|
|
274
|
-
function i(a,
|
|
274
|
+
function i(a, _) {
|
|
275
275
|
const f = n();
|
|
276
|
-
return e.postMessage(["setInterval", f,
|
|
276
|
+
return e.postMessage(["setInterval", f, _]), t[f] = a, f;
|
|
277
277
|
}
|
|
278
|
-
function
|
|
278
|
+
function l(a) {
|
|
279
279
|
e.postMessage(["clearInterval", a]), t[a] = null;
|
|
280
280
|
}
|
|
281
281
|
return {
|
|
282
282
|
setTimeout: o,
|
|
283
283
|
clearTimeout: r,
|
|
284
284
|
setInterval: i,
|
|
285
|
-
clearInterval:
|
|
285
|
+
clearInterval: l
|
|
286
286
|
};
|
|
287
|
-
}(), ce = "7.
|
|
287
|
+
}(), ce = "7.20.0-alpha.1393";
|
|
288
288
|
let le = null, q;
|
|
289
289
|
const U = ({ milliseconds: e }) => new Promise((n) => J.setTimeout(n, e)), ge = (e = "/") => {
|
|
290
290
|
try {
|
|
@@ -338,26 +338,26 @@ const U = ({ milliseconds: e }) => new Promise((n) => J.setTimeout(n, e)), ge =
|
|
|
338
338
|
return L !== ce && (console.warn(`Service worker ${L} version mismatch with js client version ${ce}, unregistering and reloading`), await E.service_worker_update_require_callback(t, Ce)), { tokens: oe(b.tokens, null, E.token_renew_mode), status: b.status };
|
|
339
339
|
}, i = (k = "/") => {
|
|
340
340
|
le == null && (le = "not_null", ge(k));
|
|
341
|
-
},
|
|
341
|
+
}, l = (k) => O(t)({ type: "setSessionState", data: { sessionState: k }, configurationName: n }), a = async () => (await O(t)({ type: "getSessionState", data: null, configurationName: n })).sessionState, _ = (k) => (sessionStorage[`oidc.nonce.${n}`] = k.nonce, O(t)({ type: "setNonce", data: { nonce: k }, configurationName: n })), f = async () => {
|
|
342
342
|
let S = (await O(t)({ type: "getNonce", data: null, configurationName: n })).nonce;
|
|
343
343
|
return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: S };
|
|
344
344
|
};
|
|
345
|
-
let
|
|
345
|
+
let c = {};
|
|
346
346
|
return {
|
|
347
347
|
clearAsync: o,
|
|
348
348
|
initAsync: r,
|
|
349
349
|
startKeepAliveServiceWorker: () => i(e.service_worker_keep_alive_path),
|
|
350
350
|
isServiceWorkerProxyActiveAsync: () => Ne(e.service_worker_keep_alive_path),
|
|
351
|
-
setSessionStateAsync:
|
|
351
|
+
setSessionStateAsync: l,
|
|
352
352
|
getSessionStateAsync: a,
|
|
353
|
-
setNonceAsync:
|
|
353
|
+
setNonceAsync: _,
|
|
354
354
|
getNonceAsync: f,
|
|
355
355
|
setLoginParams: (k) => {
|
|
356
|
-
|
|
356
|
+
c[n] = k, localStorage[`oidc.login.${n}`] = JSON.stringify(k);
|
|
357
357
|
},
|
|
358
358
|
getLoginParams: () => {
|
|
359
359
|
const k = localStorage[`oidc.login.${n}`];
|
|
360
|
-
return
|
|
360
|
+
return c[n] || (c[n] = JSON.parse(k)), c[n];
|
|
361
361
|
},
|
|
362
362
|
getStateAsync: async () => {
|
|
363
363
|
let S = (await O(t)({ type: "getState", data: null, configurationName: n })).state;
|
|
@@ -444,7 +444,7 @@ const $e = {
|
|
|
444
444
|
// @ts-ignore
|
|
445
445
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
446
446
|
payload: ue(JSON.stringify(t))
|
|
447
|
-
},
|
|
447
|
+
}, l = o.importKeyAlgorithm, a = !0, _ = ["sign"], f = await e.crypto.subtle.importKey("jwk", n, l, a, _), c = ke(`${i.protected}.${i.payload}`), u = o.signAlgorithm, h = await e.crypto.subtle.sign(u, f, c);
|
|
448
448
|
return i.signature = re(new Uint8Array(h)), `${i.protected}.${i.payload}.${i.signature}`;
|
|
449
449
|
};
|
|
450
450
|
var Ke = { sign: Re };
|
|
@@ -481,8 +481,8 @@ const Be = (e) => async (n) => await Me.generate(e)(n), pe = (e) => (n) => async
|
|
|
481
481
|
htu: o,
|
|
482
482
|
iat: Math.round(Date.now() / 1e3),
|
|
483
483
|
...r
|
|
484
|
-
},
|
|
485
|
-
return await Ke.sign(e)(s, { kid:
|
|
484
|
+
}, l = await Je.thumbprint(e)(s, n.digestAlgorithm);
|
|
485
|
+
return await Ke.sign(e)(s, { kid: l }, i, n);
|
|
486
486
|
}, je = () => {
|
|
487
487
|
const e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", n = "0123456789abcdef";
|
|
488
488
|
let s = 0, t = "";
|
|
@@ -525,14 +525,14 @@ const Ge = (e) => {
|
|
|
525
525
|
const { hasSubtleCrypto: n } = we();
|
|
526
526
|
return n ? Ae(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
|
|
527
527
|
}, Ye = 60 * 60, Xe = (e) => async (n, s = Ye, t = window.sessionStorage, o = 1e4) => {
|
|
528
|
-
const r = `${n}/.well-known/openid-configuration`, i = `oidc.server:${n}`,
|
|
529
|
-
if (
|
|
530
|
-
return new te(
|
|
528
|
+
const r = `${n}/.well-known/openid-configuration`, i = `oidc.server:${n}`, l = We(i, t, s);
|
|
529
|
+
if (l)
|
|
530
|
+
return new te(l);
|
|
531
531
|
const a = await B(e)(r, {}, o);
|
|
532
532
|
if (a.status !== 200)
|
|
533
533
|
return null;
|
|
534
|
-
const
|
|
535
|
-
return Le(i,
|
|
534
|
+
const _ = await a.json();
|
|
535
|
+
return Le(i, _, t), new te(_);
|
|
536
536
|
}, B = (e) => async (n, s = {}, t = 1e4, o = 0) => {
|
|
537
537
|
let r;
|
|
538
538
|
try {
|
|
@@ -551,29 +551,29 @@ const Ge = (e) => {
|
|
|
551
551
|
refresh_token: "refresh_token",
|
|
552
552
|
access_token: "access_token"
|
|
553
553
|
}, fe = (e) => async (n, s, t = se.refresh_token, o, r = {}, i = 1e4) => {
|
|
554
|
-
const
|
|
554
|
+
const l = {
|
|
555
555
|
token: s,
|
|
556
556
|
token_type_hint: t,
|
|
557
557
|
client_id: o
|
|
558
558
|
};
|
|
559
|
-
for (const [
|
|
560
|
-
c
|
|
559
|
+
for (const [c, u] of Object.entries(r))
|
|
560
|
+
l[c] === void 0 && (l[c] = u);
|
|
561
561
|
const a = [];
|
|
562
|
-
for (const
|
|
563
|
-
const u = encodeURIComponent(
|
|
562
|
+
for (const c in l) {
|
|
563
|
+
const u = encodeURIComponent(c), h = encodeURIComponent(l[c]);
|
|
564
564
|
a.push(`${u}=${h}`);
|
|
565
565
|
}
|
|
566
|
-
const
|
|
566
|
+
const _ = a.join("&");
|
|
567
567
|
return (await B(e)(n, {
|
|
568
568
|
method: "POST",
|
|
569
569
|
headers: {
|
|
570
570
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
|
|
571
571
|
},
|
|
572
|
-
body:
|
|
572
|
+
body: _
|
|
573
573
|
}, i)).status !== 200 ? { success: !1 } : {
|
|
574
574
|
success: !0
|
|
575
575
|
};
|
|
576
|
-
}, ze = (e) => async (n, s, t, o, r = {}, i,
|
|
576
|
+
}, ze = (e) => async (n, s, t, o, r = {}, i, l = 1e4) => {
|
|
577
577
|
for (const [h, g] of Object.entries(t))
|
|
578
578
|
s[h] === void 0 && (s[h] = g);
|
|
579
579
|
const a = [];
|
|
@@ -581,26 +581,26 @@ const Ge = (e) => {
|
|
|
581
581
|
const g = encodeURIComponent(h), m = encodeURIComponent(s[h]);
|
|
582
582
|
a.push(`${g}=${m}`);
|
|
583
583
|
}
|
|
584
|
-
const
|
|
584
|
+
const _ = a.join("&"), f = await B(e)(n, {
|
|
585
585
|
method: "POST",
|
|
586
586
|
headers: {
|
|
587
587
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
588
588
|
...r
|
|
589
589
|
},
|
|
590
|
-
body:
|
|
591
|
-
},
|
|
590
|
+
body: _
|
|
591
|
+
}, l);
|
|
592
592
|
if (f.status !== 200)
|
|
593
593
|
return {
|
|
594
594
|
success: !1,
|
|
595
595
|
status: f.status,
|
|
596
596
|
demonstratingProofOfPossessionNonce: null
|
|
597
597
|
};
|
|
598
|
-
const
|
|
598
|
+
const c = await f.json();
|
|
599
599
|
let u = null;
|
|
600
600
|
return f.headers.has(H) && (u = f.headers.get(H)), {
|
|
601
601
|
success: !0,
|
|
602
602
|
status: f.status,
|
|
603
|
-
data: oe(
|
|
603
|
+
data: oe(c, o, i),
|
|
604
604
|
demonstratingProofOfPossessionNonce: u
|
|
605
605
|
};
|
|
606
606
|
}, Qe = (e, n) => async (s, t) => {
|
|
@@ -609,41 +609,41 @@ const Ge = (e) => {
|
|
|
609
609
|
await e.setCodeVerifierAsync(o), await e.setStateAsync(t.state), t.code_challenge = r, t.code_challenge_method = "S256";
|
|
610
610
|
let i = "";
|
|
611
611
|
if (t)
|
|
612
|
-
for (const [
|
|
613
|
-
i === "" ? i += "?" : i += "&", i += `${
|
|
612
|
+
for (const [l, a] of Object.entries(t))
|
|
613
|
+
i === "" ? i += "?" : i += "&", i += `${l}=${encodeURIComponent(a)}`;
|
|
614
614
|
n.open(`${s}${i}`);
|
|
615
615
|
}, H = "DPoP-Nonce", Ze = (e) => async (n, s, t, o, r = 1e4) => {
|
|
616
616
|
s = s ? { ...s } : {}, s.code_verifier = await e.getCodeVerifierAsync();
|
|
617
617
|
const i = [];
|
|
618
|
-
for (const
|
|
619
|
-
const u = encodeURIComponent(
|
|
618
|
+
for (const c in s) {
|
|
619
|
+
const u = encodeURIComponent(c), h = encodeURIComponent(s[c]);
|
|
620
620
|
i.push(`${u}=${h}`);
|
|
621
621
|
}
|
|
622
|
-
const
|
|
622
|
+
const l = i.join("&"), a = await B(fetch)(n, {
|
|
623
623
|
method: "POST",
|
|
624
624
|
headers: {
|
|
625
625
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
626
626
|
...t
|
|
627
627
|
},
|
|
628
|
-
body:
|
|
628
|
+
body: l
|
|
629
629
|
}, r);
|
|
630
630
|
if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), a.status !== 200)
|
|
631
631
|
return { success: !1, status: a.status };
|
|
632
|
-
let
|
|
633
|
-
a.headers.has(H) && (
|
|
632
|
+
let _ = null;
|
|
633
|
+
a.headers.has(H) && (_ = a.headers.get(H));
|
|
634
634
|
const f = await a.json();
|
|
635
635
|
return {
|
|
636
636
|
success: !0,
|
|
637
637
|
data: {
|
|
638
638
|
state: s.state,
|
|
639
639
|
tokens: oe(f, null, o),
|
|
640
|
-
demonstratingProofOfPossessionNonce:
|
|
640
|
+
demonstratingProofOfPossessionNonce: _
|
|
641
641
|
}
|
|
642
642
|
};
|
|
643
643
|
};
|
|
644
644
|
async function _e(e, n, s) {
|
|
645
|
-
const t = (
|
|
646
|
-
e.tokens =
|
|
645
|
+
const t = (l) => {
|
|
646
|
+
e.tokens = l;
|
|
647
647
|
}, { tokens: o, status: r } = await j(e)(0, n, s, t);
|
|
648
648
|
return await C(e.configuration, e.configurationName) || await I(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? o : (await e.destroyAsync(r), null);
|
|
649
649
|
}
|
|
@@ -662,7 +662,7 @@ async function Se(e, n = !1, s = null) {
|
|
|
662
662
|
const t = e.configuration, o = `${t.client_id}_${e.configurationName}_${t.authority}`;
|
|
663
663
|
let r;
|
|
664
664
|
const i = await C(e.configuration, e.configurationName);
|
|
665
|
-
return (t == null ? void 0 : t.storage) === (window == null ? void 0 : window.sessionStorage) && !i ? r = await _e(e, n, s) : r = await navigator.locks.request(o, { ifAvailable: !0 }, async (
|
|
665
|
+
return (t == null ? void 0 : t.storage) === (window == null ? void 0 : window.sessionStorage) && !i ? r = await _e(e, n, s) : r = await navigator.locks.request(o, { ifAvailable: !0 }, async (l) => l ? await _e(e, n, s) : (e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), await en(e, t))), r ? (e.timeoutId && (e.timeoutId = F(e, e.tokens.expiresAt, s)), e.tokens) : null;
|
|
666
666
|
}
|
|
667
667
|
const F = (e, n, s = null) => {
|
|
668
668
|
const t = e.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
@@ -682,14 +682,14 @@ const F = (e, n, s = null) => {
|
|
|
682
682
|
if (!t)
|
|
683
683
|
return { tokens: null, status: "NOT_CONNECTED", nonce: r };
|
|
684
684
|
let i = r;
|
|
685
|
-
const
|
|
685
|
+
const l = await e.initAsync(n.authority, n.authority_configuration), a = await C(n, s);
|
|
686
686
|
if (a) {
|
|
687
|
-
const { status:
|
|
688
|
-
if (
|
|
687
|
+
const { status: c, tokens: u } = await a.initAsync(l, "syncTokensAsync", n);
|
|
688
|
+
if (c === "LOGGED_OUT")
|
|
689
689
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: r };
|
|
690
|
-
if (
|
|
690
|
+
if (c === "SESSIONS_LOST")
|
|
691
691
|
return { tokens: null, status: "SESSIONS_LOST", nonce: r };
|
|
692
|
-
if (!
|
|
692
|
+
if (!c || !u)
|
|
693
693
|
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: r };
|
|
694
694
|
if (u.issuedAt !== t.issuedAt) {
|
|
695
695
|
const g = V(n.refresh_time_before_tokens_expiration_in_second, u.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", m = await a.getNonceAsync();
|
|
@@ -697,18 +697,18 @@ const F = (e, n, s = null) => {
|
|
|
697
697
|
}
|
|
698
698
|
i = await a.getNonceAsync();
|
|
699
699
|
} else {
|
|
700
|
-
const
|
|
701
|
-
let { tokens: u, status: h } = await
|
|
700
|
+
const c = I(s, n.storage ?? sessionStorage);
|
|
701
|
+
let { tokens: u, status: h } = await c.initAsync();
|
|
702
702
|
if (u && (u = X(u, e.tokens, n.token_renew_mode)), u) {
|
|
703
703
|
if (h === "SESSIONS_LOST")
|
|
704
704
|
return { tokens: null, status: "SESSIONS_LOST", nonce: r };
|
|
705
705
|
if (u.issuedAt !== t.issuedAt) {
|
|
706
|
-
const m = V(n.refresh_time_before_tokens_expiration_in_second, u.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
|
|
707
|
-
return { tokens: u, status: m, nonce:
|
|
706
|
+
const m = V(n.refresh_time_before_tokens_expiration_in_second, u.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", d = await c.getNonceAsync();
|
|
707
|
+
return { tokens: u, status: m, nonce: d };
|
|
708
708
|
}
|
|
709
709
|
} else
|
|
710
710
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: r };
|
|
711
|
-
i = await
|
|
711
|
+
i = await c.getNonceAsync();
|
|
712
712
|
}
|
|
713
713
|
const f = V(n.refresh_time_before_tokens_expiration_in_second, t.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
|
|
714
714
|
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: i } : { tokens: t, status: f, nonce: i };
|
|
@@ -718,28 +718,28 @@ const F = (e, n, s = null) => {
|
|
|
718
718
|
let r = 6;
|
|
719
719
|
for (; !navigator.onLine && r > 0; )
|
|
720
720
|
await U({ milliseconds: 1e3 }), r--, e.publishEvent(p.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
|
|
721
|
-
const i = document.hidden,
|
|
721
|
+
const i = document.hidden, l = n + 1;
|
|
722
722
|
t || (t = {});
|
|
723
|
-
const a = e.configuration,
|
|
723
|
+
const a = e.configuration, _ = (c, u = null, h = null) => ie(e.configurationName, e.configuration, e.publishEvent.bind(e))(c, u, h), f = async () => {
|
|
724
724
|
try {
|
|
725
|
-
let
|
|
725
|
+
let c;
|
|
726
726
|
const u = await C(a, e.configurationName);
|
|
727
|
-
u ?
|
|
728
|
-
const h = await
|
|
729
|
-
...
|
|
727
|
+
u ? c = u.getLoginParams() : c = I(e.configurationName, a.storage).getLoginParams();
|
|
728
|
+
const h = await _({
|
|
729
|
+
...c.extras,
|
|
730
730
|
...t,
|
|
731
731
|
prompt: "none"
|
|
732
732
|
});
|
|
733
733
|
return h ? h.error ? (o(null), e.publishEvent(p.refreshTokensAsync_error, { message: "refresh token silent" }), { tokens: null, status: "SESSION_LOST" }) : (o(h.tokens), e.publishEvent(N.eventNames.token_renewed, {}), { tokens: h.tokens, status: "LOGGED" }) : (o(null), e.publishEvent(p.refreshTokensAsync_error, { message: "refresh token silent not active" }), { tokens: null, status: "SESSION_LOST" });
|
|
734
|
-
} catch (
|
|
735
|
-
return console.error(
|
|
734
|
+
} catch (c) {
|
|
735
|
+
return console.error(c), e.publishEvent(p.refreshTokensAsync_silent_error, { message: "exceptionSilent", exception: c.message }), await j(e)(l, s, t, o);
|
|
736
736
|
}
|
|
737
737
|
};
|
|
738
738
|
if (n > 4)
|
|
739
739
|
return i ? { tokens: e.tokens, status: "GIVE_UP" } : (o(null), e.publishEvent(p.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" });
|
|
740
740
|
try {
|
|
741
|
-
const { status:
|
|
742
|
-
switch (
|
|
741
|
+
const { status: c, tokens: u, nonce: h } = await nn(e)(a, e.configurationName, e.tokens, s);
|
|
742
|
+
switch (c) {
|
|
743
743
|
case $.SESSION_LOST:
|
|
744
744
|
return o(null), e.publishEvent(p.refreshTokensAsync_error, { message: "refresh token session lost" }), { tokens: null, status: "SESSION_LOST" };
|
|
745
745
|
case $.NOT_CONNECTED:
|
|
@@ -753,9 +753,9 @@ const F = (e, n, s = null) => {
|
|
|
753
753
|
case $.REQUIRE_SYNC_TOKENS:
|
|
754
754
|
return e.publishEvent(p.refreshTokensAsync_begin, { tryNumber: n }), await f();
|
|
755
755
|
default: {
|
|
756
|
-
if (e.publishEvent(p.refreshTokensAsync_begin, { refreshToken: u.refreshToken, status:
|
|
756
|
+
if (e.publishEvent(p.refreshTokensAsync_begin, { refreshToken: u.refreshToken, status: c, tryNumber: n }), !u.refreshToken)
|
|
757
757
|
return await f();
|
|
758
|
-
const g = a.client_id, m = a.redirect_uri,
|
|
758
|
+
const g = a.client_id, m = a.redirect_uri, d = a.authority, A = { ...a.token_request_extras ? a.token_request_extras : {} };
|
|
759
759
|
for (const [T, y] of Object.entries(t))
|
|
760
760
|
T.endsWith(":token_request") && (A[T.replace(":token_request", "")] = y);
|
|
761
761
|
return await (async () => {
|
|
@@ -764,7 +764,7 @@ const F = (e, n, s = null) => {
|
|
|
764
764
|
redirect_uri: m,
|
|
765
765
|
grant_type: "refresh_token",
|
|
766
766
|
refresh_token: u.refreshToken
|
|
767
|
-
}, y = await e.initAsync(
|
|
767
|
+
}, y = await e.initAsync(d, a.authority_configuration), k = document.hidden ? 1e4 : 3e4 * 10, S = y.tokenEndpoint, E = {};
|
|
768
768
|
a.demonstrating_proof_of_possession && (E.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken, S, "POST"));
|
|
769
769
|
const b = await ze(e.getFetch())(
|
|
770
770
|
S,
|
|
@@ -788,12 +788,12 @@ const F = (e, n, s = null) => {
|
|
|
788
788
|
return e.publishEvent(p.refreshTokensAsync_silent_error, {
|
|
789
789
|
message: "bad request",
|
|
790
790
|
tokenResponse: b
|
|
791
|
-
}), b.status >= 400 && b.status < 500 ? (o(null), e.publishEvent(p.refreshTokensAsync_error, { message: `session lost: ${b.status}` }), { tokens: null, status: "SESSION_LOST" }) : await j(e)(
|
|
791
|
+
}), b.status >= 400 && b.status < 500 ? (o(null), e.publishEvent(p.refreshTokensAsync_error, { message: `session lost: ${b.status}` }), { tokens: null, status: "SESSION_LOST" }) : await j(e)(l, s, t, o);
|
|
792
792
|
})();
|
|
793
793
|
}
|
|
794
794
|
}
|
|
795
|
-
} catch (
|
|
796
|
-
return console.error(
|
|
795
|
+
} catch (c) {
|
|
796
|
+
return console.error(c), e.publishEvent(p.refreshTokensAsync_silent_error, { message: "exception", exception: c.message }), j(e)(l, s, t, o);
|
|
797
797
|
}
|
|
798
798
|
}, ie = (e, n, s) => (t = null, o = null, r = null) => {
|
|
799
799
|
if (!n.silent_redirect_uri || !n.silent_login_uri)
|
|
@@ -802,25 +802,25 @@ const F = (e, n, s = null) => {
|
|
|
802
802
|
s(p.silentLoginAsync_begin, {});
|
|
803
803
|
let i = "";
|
|
804
804
|
if (o && (t == null && (t = {}), t.state = o), r && (t == null && (t = {}), t.scope = r), t != null)
|
|
805
|
-
for (const [
|
|
806
|
-
i === "" ? i = `?${encodeURIComponent(
|
|
807
|
-
const
|
|
808
|
-
return f.width = "0px", f.height = "0px", f.id = `${e}_oidc_iframe`, f.setAttribute("src",
|
|
805
|
+
for (const [c, u] of Object.entries(t))
|
|
806
|
+
i === "" ? i = `?${encodeURIComponent(c)}=${encodeURIComponent(u)}` : i += `&${encodeURIComponent(c)}=${encodeURIComponent(u)}`;
|
|
807
|
+
const l = n.silent_login_uri + i, a = l.indexOf("/", l.indexOf("//") + 2), _ = l.substring(0, a), f = document.createElement("iframe");
|
|
808
|
+
return f.width = "0px", f.height = "0px", f.id = `${e}_oidc_iframe`, f.setAttribute("src", l), document.body.appendChild(f), new Promise((c, u) => {
|
|
809
809
|
let h = !1;
|
|
810
810
|
const g = () => {
|
|
811
811
|
window.removeEventListener("message", m), f.remove(), h = !0;
|
|
812
|
-
}, m = (
|
|
813
|
-
if (
|
|
814
|
-
const w = `${e}_oidc_tokens:`, A = `${e}_oidc_error:`, v = `${e}_oidc_exception:`, T =
|
|
812
|
+
}, m = (d) => {
|
|
813
|
+
if (d.origin === _ && d.source === f.contentWindow) {
|
|
814
|
+
const w = `${e}_oidc_tokens:`, A = `${e}_oidc_error:`, v = `${e}_oidc_exception:`, T = d.data;
|
|
815
815
|
if (T && typeof T == "string" && !h) {
|
|
816
816
|
if (T.startsWith(w)) {
|
|
817
|
-
const y = JSON.parse(
|
|
818
|
-
s(p.silentLoginAsync_end, {}),
|
|
817
|
+
const y = JSON.parse(d.data.replace(w, ""));
|
|
818
|
+
s(p.silentLoginAsync_end, {}), c(y), g();
|
|
819
819
|
} else if (T.startsWith(A)) {
|
|
820
|
-
const y = JSON.parse(
|
|
821
|
-
s(p.silentLoginAsync_error, y),
|
|
820
|
+
const y = JSON.parse(d.data.replace(A, ""));
|
|
821
|
+
s(p.silentLoginAsync_error, y), c({ error: "oidc_" + y.error, tokens: null, sessionState: null }), g();
|
|
822
822
|
} else if (T.startsWith(v)) {
|
|
823
|
-
const y = JSON.parse(
|
|
823
|
+
const y = JSON.parse(d.data.replace(v, ""));
|
|
824
824
|
s(p.silentLoginAsync_error, y), u(new Error(y.error)), g();
|
|
825
825
|
}
|
|
826
826
|
}
|
|
@@ -828,12 +828,12 @@ const F = (e, n, s = null) => {
|
|
|
828
828
|
};
|
|
829
829
|
try {
|
|
830
830
|
window.addEventListener("message", m);
|
|
831
|
-
const
|
|
831
|
+
const d = n.silent_login_timeout;
|
|
832
832
|
setTimeout(() => {
|
|
833
833
|
h || (g(), s(p.silentLoginAsync_error, { reason: "timeout" }), u(new Error("timeout")));
|
|
834
|
-
},
|
|
835
|
-
} catch (
|
|
836
|
-
g(), s(p.silentLoginAsync_error,
|
|
834
|
+
}, d);
|
|
835
|
+
} catch (d) {
|
|
836
|
+
g(), s(p.silentLoginAsync_error, d), u(d);
|
|
837
837
|
}
|
|
838
838
|
});
|
|
839
839
|
} catch (i) {
|
|
@@ -841,33 +841,33 @@ const F = (e, n, s = null) => {
|
|
|
841
841
|
}
|
|
842
842
|
}, sn = (e, n, s, t, o) => (r = null, i = void 0) => {
|
|
843
843
|
r = { ...r };
|
|
844
|
-
const
|
|
844
|
+
const l = (_, f, c) => ie(n, s, t.bind(o))(_, f, c);
|
|
845
845
|
return (async () => {
|
|
846
846
|
o.timeoutId && J.clearTimeout(o.timeoutId);
|
|
847
|
-
let
|
|
848
|
-
r && "state" in r && (
|
|
847
|
+
let _;
|
|
848
|
+
r && "state" in r && (_ = r.state, delete r.state);
|
|
849
849
|
try {
|
|
850
|
-
const f = s.extras ? { ...s.extras, ...r } : r,
|
|
850
|
+
const f = s.extras ? { ...s.extras, ...r } : r, c = await l({
|
|
851
851
|
...f,
|
|
852
852
|
prompt: "none"
|
|
853
|
-
},
|
|
854
|
-
if (
|
|
855
|
-
return o.tokens =
|
|
853
|
+
}, _, i);
|
|
854
|
+
if (c)
|
|
855
|
+
return o.tokens = c.tokens, t(p.token_aquired, {}), o.timeoutId = F(o, o.tokens.expiresAt, r), {};
|
|
856
856
|
} catch (f) {
|
|
857
857
|
return f;
|
|
858
858
|
}
|
|
859
859
|
})();
|
|
860
860
|
}, tn = (e, n, s) => (t, o, r, i = !1) => {
|
|
861
|
-
const
|
|
862
|
-
return new Promise((a,
|
|
861
|
+
const l = (a, _ = void 0, f = void 0) => ie(e.configurationName, s, e.publishEvent.bind(e))(a, _, f);
|
|
862
|
+
return new Promise((a, _) => {
|
|
863
863
|
if (s.silent_login_uri && s.silent_redirect_uri && s.monitor_session && t && r && !i) {
|
|
864
864
|
const f = () => {
|
|
865
865
|
e.checkSessionIFrame.stop();
|
|
866
|
-
const
|
|
867
|
-
if (
|
|
866
|
+
const c = e.tokens;
|
|
867
|
+
if (c === null)
|
|
868
868
|
return;
|
|
869
|
-
const u =
|
|
870
|
-
return
|
|
869
|
+
const u = c.idToken, h = c.idTokenPayload;
|
|
870
|
+
return l({
|
|
871
871
|
prompt: "none",
|
|
872
872
|
id_token_hint: u,
|
|
873
873
|
scope: s.scope || "openid"
|
|
@@ -876,20 +876,20 @@ const F = (e, n, s = null) => {
|
|
|
876
876
|
throw new Error(g.error);
|
|
877
877
|
const m = g.tokens.idTokenPayload;
|
|
878
878
|
if (h.sub === m.sub) {
|
|
879
|
-
const
|
|
880
|
-
e.checkSessionIFrame.start(g.sessionState), h.sid === m.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
|
|
879
|
+
const d = g.sessionState;
|
|
880
|
+
e.checkSessionIFrame.start(g.sessionState), h.sid === m.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", d) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", d);
|
|
881
881
|
} else
|
|
882
882
|
console.debug("SessionMonitor._callback: Different subject signed into OP:", m.sub);
|
|
883
883
|
}).catch(async (g) => {
|
|
884
884
|
console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", g);
|
|
885
|
-
for (const [m,
|
|
886
|
-
await
|
|
885
|
+
for (const [m, d] of Object.entries(n))
|
|
886
|
+
await d.logoutOtherTabAsync(s.client_id, h.sub);
|
|
887
887
|
});
|
|
888
888
|
};
|
|
889
889
|
e.checkSessionIFrame = new Te(f, o, t), e.checkSessionIFrame.load().then(() => {
|
|
890
890
|
e.checkSessionIFrame.start(r), a(e.checkSessionIFrame);
|
|
891
|
-
}).catch((
|
|
892
|
-
|
|
891
|
+
}).catch((c) => {
|
|
892
|
+
_(c);
|
|
893
893
|
});
|
|
894
894
|
} else
|
|
895
895
|
a(null);
|
|
@@ -932,25 +932,25 @@ const F = (e, n, s = null) => {
|
|
|
932
932
|
for (t = 0, o = r.length; t < o; t++)
|
|
933
933
|
s = r[t].split("="), n[decodeURIComponent(s[0])] = decodeURIComponent(s[1]);
|
|
934
934
|
return n;
|
|
935
|
-
}, rn = (e, n, s, t, o) => (r = void 0, i = null,
|
|
936
|
-
const
|
|
935
|
+
}, rn = (e, n, s, t, o) => (r = void 0, i = null, l = !1, a = void 0) => {
|
|
936
|
+
const _ = i;
|
|
937
937
|
return i = { ...i }, (async () => {
|
|
938
|
-
const
|
|
938
|
+
const c = r || o.getPath();
|
|
939
939
|
if ("state" in i || (i.state = ne(16)), s(p.loginAsync_begin, {}), i)
|
|
940
940
|
for (const u of Object.keys(i))
|
|
941
941
|
u.endsWith(":token_request") && delete i[u];
|
|
942
942
|
try {
|
|
943
|
-
const u =
|
|
943
|
+
const u = l ? n.silent_redirect_uri : n.redirect_uri;
|
|
944
944
|
a || (a = n.scope);
|
|
945
945
|
const h = n.extras ? { ...n.extras, ...i } : i;
|
|
946
946
|
h.nonce || (h.nonce = ne(12));
|
|
947
|
-
const g = { nonce: h.nonce }, m = await C(n, e),
|
|
947
|
+
const g = { nonce: h.nonce }, m = await C(n, e), d = await t(n.authority, n.authority_configuration);
|
|
948
948
|
let w;
|
|
949
949
|
if (m)
|
|
950
|
-
m.setLoginParams({ callbackPath:
|
|
950
|
+
m.setLoginParams({ callbackPath: c, extras: _ }), await m.initAsync(d, "loginAsync", n), await m.setNonceAsync(g), m.startKeepAliveServiceWorker(), w = m;
|
|
951
951
|
else {
|
|
952
952
|
const v = I(e, n.storage ?? sessionStorage);
|
|
953
|
-
v.setLoginParams({ callbackPath:
|
|
953
|
+
v.setLoginParams({ callbackPath: c, extras: _ }), await v.setNonceAsync(g), w = v;
|
|
954
954
|
}
|
|
955
955
|
const A = {
|
|
956
956
|
client_id: n.client_id,
|
|
@@ -959,7 +959,7 @@ const F = (e, n, s = null) => {
|
|
|
959
959
|
response_type: "code",
|
|
960
960
|
...h
|
|
961
961
|
};
|
|
962
|
-
await Qe(w, o)(
|
|
962
|
+
await Qe(w, o)(d.authorizationEndpoint, A);
|
|
963
963
|
} catch (u) {
|
|
964
964
|
throw s(p.loginAsync_error, u), u;
|
|
965
965
|
}
|
|
@@ -967,23 +967,23 @@ const F = (e, n, s = null) => {
|
|
|
967
967
|
}, an = (e) => async (n = !1) => {
|
|
968
968
|
try {
|
|
969
969
|
e.publishEvent(p.loginCallbackAsync_begin, {});
|
|
970
|
-
const s = e.configuration, t = s.client_id, o = n ? s.silent_redirect_uri : s.redirect_uri, r = s.authority, i = s.token_request_timeout,
|
|
970
|
+
const s = e.configuration, t = s.client_id, o = n ? s.silent_redirect_uri : s.redirect_uri, r = s.authority, i = s.token_request_timeout, l = await e.initAsync(r, s.authority_configuration), a = e.location.getCurrentHref(), f = G(a).session_state, c = await C(s, e.configurationName);
|
|
971
971
|
let u, h, g, m;
|
|
972
|
-
if (
|
|
973
|
-
await
|
|
972
|
+
if (c)
|
|
973
|
+
await c.initAsync(l, "loginCallbackAsync", s), await c.setSessionStateAsync(f), h = await c.getNonceAsync(), g = c.getLoginParams(), m = await c.getStateAsync(), c.startKeepAliveServiceWorker(), u = c;
|
|
974
974
|
else {
|
|
975
975
|
const P = I(e.configurationName, s.storage ?? sessionStorage);
|
|
976
976
|
await P.setSessionStateAsync(f), h = await P.getNonceAsync(), g = P.getLoginParams(), m = await P.getStateAsync(), u = P;
|
|
977
977
|
}
|
|
978
|
-
const
|
|
979
|
-
if (
|
|
980
|
-
throw new Error(`Error from OIDC server: ${
|
|
981
|
-
if (
|
|
982
|
-
throw console.error(), new Error(`Issuer not valid (expected: ${
|
|
983
|
-
if (
|
|
984
|
-
throw new Error(`State not valid (expected: ${m}, received: ${
|
|
978
|
+
const d = G(a);
|
|
979
|
+
if (d.error || d.error_description)
|
|
980
|
+
throw new Error(`Error from OIDC server: ${d.error} - ${d.error_description}`);
|
|
981
|
+
if (d.iss && d.iss !== l.issuer)
|
|
982
|
+
throw console.error(), new Error(`Issuer not valid (expected: ${l.issuer}, received: ${d.iss})`);
|
|
983
|
+
if (d.state && d.state !== m)
|
|
984
|
+
throw new Error(`State not valid (expected: ${m}, received: ${d.state})`);
|
|
985
985
|
const w = {
|
|
986
|
-
code:
|
|
986
|
+
code: d.code,
|
|
987
987
|
grant_type: "authorization_code",
|
|
988
988
|
client_id: s.client_id,
|
|
989
989
|
redirect_uri: o
|
|
@@ -994,9 +994,9 @@ const F = (e, n, s = null) => {
|
|
|
994
994
|
if (g && g.extras)
|
|
995
995
|
for (const [P, W] of Object.entries(g.extras))
|
|
996
996
|
P.endsWith(":token_request") && (A[P.replace(":token_request", "")] = W);
|
|
997
|
-
const v =
|
|
997
|
+
const v = l.tokenEndpoint, T = {};
|
|
998
998
|
if (s.demonstrating_proof_of_possession)
|
|
999
|
-
if (
|
|
999
|
+
if (c)
|
|
1000
1000
|
T.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
|
|
1001
1001
|
else {
|
|
1002
1002
|
const P = await Be(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
|
|
@@ -1015,22 +1015,22 @@ const F = (e, n, s = null) => {
|
|
|
1015
1015
|
const S = y.data.tokens, E = y.data.demonstratingProofOfPossessionNonce;
|
|
1016
1016
|
if (y.data.state !== A.state)
|
|
1017
1017
|
throw new Error("state is not valid");
|
|
1018
|
-
const { isValid: b, reason: L } = ye(S, h.nonce,
|
|
1018
|
+
const { isValid: b, reason: L } = ye(S, h.nonce, l);
|
|
1019
1019
|
if (!b)
|
|
1020
1020
|
throw new Error(`Tokens are not OpenID valid, reason: ${L}`);
|
|
1021
|
-
if (
|
|
1021
|
+
if (c) {
|
|
1022
1022
|
if (S.refreshToken && !S.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1023
1023
|
throw new Error("Refresh token should be hidden by service worker");
|
|
1024
1024
|
if (E && S.accessToken && S.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1025
1025
|
throw new Error("Demonstration of proof of possession require Access token not hidden by service worker");
|
|
1026
1026
|
}
|
|
1027
|
-
if (
|
|
1028
|
-
await
|
|
1027
|
+
if (c)
|
|
1028
|
+
await c.initAsync(o, "syncTokensAsync", s), k = c.getLoginParams(), E && await c.setDemonstratingProofOfPossessionNonce(E);
|
|
1029
1029
|
else {
|
|
1030
1030
|
const P = I(e.configurationName, s.storage);
|
|
1031
1031
|
k = P.getLoginParams(), E && await P.setDemonstratingProofOfPossessionNonce(E);
|
|
1032
1032
|
}
|
|
1033
|
-
return await e.startCheckSessionAsync(
|
|
1033
|
+
return await e.startCheckSessionAsync(l.checkSessionIframe, t, f, n), e.publishEvent(p.loginCallbackAsync_end, {}), {
|
|
1034
1034
|
tokens: S,
|
|
1035
1035
|
state: "request.state",
|
|
1036
1036
|
callbackPath: k.callbackPath
|
|
@@ -1065,33 +1065,33 @@ const F = (e, n, s = null) => {
|
|
|
1065
1065
|
const s = await C(e.configuration, e.configurationName);
|
|
1066
1066
|
s ? await s.clearAsync(n) : await I(e.configurationName, e.configuration.storage).clearAsync(n), e.tokens = null, e.userInfo = null;
|
|
1067
1067
|
}, un = (e, n, s, t, o) => async (r = void 0, i = null) => {
|
|
1068
|
-
const
|
|
1068
|
+
const l = e.configuration, a = await e.initAsync(l.authority, l.authority_configuration);
|
|
1069
1069
|
r && typeof r != "string" && (r = void 0, t.warn("callbackPathOrUrl path is not a string"));
|
|
1070
|
-
const
|
|
1070
|
+
const _ = r ?? o.getPath();
|
|
1071
1071
|
let f = !1;
|
|
1072
1072
|
r && (f = r.includes("https://") || r.includes("http://"));
|
|
1073
|
-
const
|
|
1073
|
+
const c = f ? r : o.getOrigin() + _, u = e.tokens ? e.tokens.idToken : "";
|
|
1074
1074
|
try {
|
|
1075
1075
|
const w = a.revocationEndpoint;
|
|
1076
1076
|
if (w) {
|
|
1077
1077
|
const A = [], v = e.tokens ? e.tokens.accessToken : null;
|
|
1078
|
-
if (v &&
|
|
1078
|
+
if (v && l.logout_tokens_to_invalidate.includes(de.access_token)) {
|
|
1079
1079
|
const y = z(i, ":revoke_access_token"), k = fe(s)(
|
|
1080
1080
|
w,
|
|
1081
1081
|
v,
|
|
1082
1082
|
se.access_token,
|
|
1083
|
-
|
|
1083
|
+
l.client_id,
|
|
1084
1084
|
y
|
|
1085
1085
|
);
|
|
1086
1086
|
A.push(k);
|
|
1087
1087
|
}
|
|
1088
1088
|
const T = e.tokens ? e.tokens.refreshToken : null;
|
|
1089
|
-
if (T &&
|
|
1089
|
+
if (T && l.logout_tokens_to_invalidate.includes(de.refresh_token)) {
|
|
1090
1090
|
const y = z(i, ":revoke_refresh_token"), k = fe(s)(
|
|
1091
1091
|
w,
|
|
1092
1092
|
T,
|
|
1093
1093
|
se.refresh_token,
|
|
1094
|
-
|
|
1094
|
+
l.client_id,
|
|
1095
1095
|
y
|
|
1096
1096
|
);
|
|
1097
1097
|
A.push(k);
|
|
@@ -1108,11 +1108,11 @@ const F = (e, n, s = null) => {
|
|
|
1108
1108
|
const g = z(i, ":oidc");
|
|
1109
1109
|
if (g && g.no_reload === "true")
|
|
1110
1110
|
return;
|
|
1111
|
-
const
|
|
1111
|
+
const d = cn(i);
|
|
1112
1112
|
if (a.endSessionEndpoint) {
|
|
1113
|
-
"id_token_hint" in
|
|
1113
|
+
"id_token_hint" in d || (d.id_token_hint = u), !("post_logout_redirect_uri" in d) && r !== null && (d.post_logout_redirect_uri = c);
|
|
1114
1114
|
let w = "";
|
|
1115
|
-
for (const [A, v] of Object.entries(
|
|
1115
|
+
for (const [A, v] of Object.entries(d))
|
|
1116
1116
|
v != null && (w === "" ? w += "?" : w += "&", w += `${A}=${encodeURIComponent(v)}`);
|
|
1117
1117
|
o.open(`${a.endSessionEndpoint}${w}`);
|
|
1118
1118
|
} else
|
|
@@ -1127,15 +1127,15 @@ const F = (e, n, s = null) => {
|
|
|
1127
1127
|
const s = e.tokens.accessToken;
|
|
1128
1128
|
if (!s)
|
|
1129
1129
|
return null;
|
|
1130
|
-
const t = e.configuration, r = (await e.initAsync(t.authority, t.authority_configuration)).userInfoEndpoint,
|
|
1131
|
-
const
|
|
1130
|
+
const t = e.configuration, r = (await e.initAsync(t.authority, t.authority_configuration)).userInfoEndpoint, l = await (async (a) => {
|
|
1131
|
+
const _ = await fetch(r, {
|
|
1132
1132
|
headers: {
|
|
1133
1133
|
authorization: `Bearer ${a}`
|
|
1134
1134
|
}
|
|
1135
1135
|
});
|
|
1136
|
-
return
|
|
1136
|
+
return _.status !== 200 ? null : _.json();
|
|
1137
1137
|
})(s);
|
|
1138
|
-
return e.userInfo =
|
|
1138
|
+
return e.userInfo = l, l;
|
|
1139
1139
|
};
|
|
1140
1140
|
class Y {
|
|
1141
1141
|
open(n) {
|
|
@@ -1187,8 +1187,8 @@ const _n = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os ===
|
|
|
1187
1187
|
{ s: "OS/2", r: /OS\/2/ },
|
|
1188
1188
|
{ s: "Search Bot", r: /(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/ }
|
|
1189
1189
|
];
|
|
1190
|
-
for (const
|
|
1191
|
-
const a = r[
|
|
1190
|
+
for (const l in r) {
|
|
1191
|
+
const a = r[l];
|
|
1192
1192
|
if (a.r.test(s)) {
|
|
1193
1193
|
o = a.s;
|
|
1194
1194
|
break;
|
|
@@ -1202,8 +1202,8 @@ const _n = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os ===
|
|
|
1202
1202
|
i = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];
|
|
1203
1203
|
break;
|
|
1204
1204
|
case "iOS": {
|
|
1205
|
-
const
|
|
1206
|
-
|
|
1205
|
+
const l = /OS (\d+)_(\d+)_?(\d+)?/.exec(n);
|
|
1206
|
+
l != null && l.length > 2 && (i = l[1] + "." + l[2] + "." + (parseInt(l[3]) | 0));
|
|
1207
1207
|
break;
|
|
1208
1208
|
}
|
|
1209
1209
|
}
|
|
@@ -1268,8 +1268,8 @@ const yn = () => {
|
|
|
1268
1268
|
e.tokens = X(r, null, s.token_renew_mode);
|
|
1269
1269
|
const i = o.getLoginParams();
|
|
1270
1270
|
e.timeoutId = F(e, e.tokens.expiresAt, i.extras);
|
|
1271
|
-
const
|
|
1272
|
-
return await e.startCheckSessionAsync(t.check_session_iframe, s.client_id,
|
|
1271
|
+
const l = await o.getSessionStateAsync();
|
|
1272
|
+
return await e.startCheckSessionAsync(t.check_session_iframe, s.client_id, l), e.publishEvent(p.tryKeepExistingSessionAsync_end, {
|
|
1273
1273
|
success: !0,
|
|
1274
1274
|
message: "tokens inside storage are valid"
|
|
1275
1275
|
}), !0;
|
|
@@ -1298,7 +1298,7 @@ const x = {}, mn = (e, n = new Y()) => (s, t = "default") => (x[t] || (x[t] = ne
|
|
|
1298
1298
|
n.silent_redirect_uri && !n.silent_login_uri && (r = `${n.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
|
|
1299
1299
|
let i = n.refresh_time_before_tokens_expiration_in_second ?? 120;
|
|
1300
1300
|
i > 60 && (i = i - Math.floor(Math.random() * 40)), this.location = o ?? new Y();
|
|
1301
|
-
const
|
|
1301
|
+
const l = n.service_worker_update_require_callback ?? xe(this.location);
|
|
1302
1302
|
this.configuration = {
|
|
1303
1303
|
...n,
|
|
1304
1304
|
silent_login_uri: r,
|
|
@@ -1309,7 +1309,7 @@ const x = {}, mn = (e, n = new Y()) => (s, t = "default") => (x[t] || (x[t] = ne
|
|
|
1309
1309
|
demonstrating_proof_of_possession: n.demonstrating_proof_of_possession ?? !1,
|
|
1310
1310
|
authority_timeout_wellknowurl_in_millisecond: n.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
|
|
1311
1311
|
logout_tokens_to_invalidate: n.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"],
|
|
1312
|
-
service_worker_update_require_callback:
|
|
1312
|
+
service_worker_update_require_callback: l,
|
|
1313
1313
|
service_worker_activate: n.service_worker_activate ?? yn,
|
|
1314
1314
|
demonstrating_proof_of_possession_configuration: n.demonstrating_proof_of_possession_configuration ?? $e
|
|
1315
1315
|
}, this.getFetch = t ?? kn, this.configurationName = s, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
|
|
@@ -1390,14 +1390,17 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1390
1390
|
};
|
|
1391
1391
|
return this.loginCallbackPromise = s(), this.loginCallbackPromise.then((t) => (this.loginCallbackPromise = null, t));
|
|
1392
1392
|
}
|
|
1393
|
-
async generateDemonstrationOfProofOfPossessionAsync(n, s, t) {
|
|
1394
|
-
const
|
|
1395
|
-
|
|
1396
|
-
|
|
1393
|
+
async generateDemonstrationOfProofOfPossessionAsync(n, s, t, o = {}) {
|
|
1394
|
+
const r = this.configuration, i = {
|
|
1395
|
+
ath: await Ae(n),
|
|
1396
|
+
...o
|
|
1397
|
+
}, l = await C(r, this.configurationName);
|
|
1398
|
+
let a;
|
|
1399
|
+
if (l)
|
|
1397
1400
|
return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
|
|
1398
|
-
const
|
|
1399
|
-
let
|
|
1400
|
-
return
|
|
1401
|
+
const _ = I(this.configurationName, r.storage);
|
|
1402
|
+
let f = await _.getDemonstratingProofOfPossessionJwkAsync();
|
|
1403
|
+
return a = await _.getDemonstratingProofOfPossessionNonce(), a && (i.nonce = a), await pe(window)(r.demonstrating_proof_of_possession_configuration)(f, t, s, i);
|
|
1401
1404
|
}
|
|
1402
1405
|
loginCallbackWithAutoTokensRenewAsync() {
|
|
1403
1406
|
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = pn(this), this.loginCallbackWithAutoTokensRenewPromise.then((n) => (this.loginCallbackWithAutoTokensRenewPromise = null, n)));
|
|
@@ -1429,19 +1432,19 @@ let N = M;
|
|
|
1429
1432
|
const An = (e, n) => async (...s) => {
|
|
1430
1433
|
var u;
|
|
1431
1434
|
const [t, o, ...r] = s, i = o ? { ...o } : { method: "GET" };
|
|
1432
|
-
let
|
|
1433
|
-
i.headers && (
|
|
1434
|
-
const a = n,
|
|
1435
|
-
if (
|
|
1435
|
+
let l = new Headers();
|
|
1436
|
+
i.headers && (l = i.headers instanceof Headers ? i.headers : new Headers(i.headers));
|
|
1437
|
+
const a = n, _ = await a.getValidTokenAsync(), f = (u = _ == null ? void 0 : _.tokens) == null ? void 0 : u.accessToken;
|
|
1438
|
+
if (l.has("Accept") || l.set("Accept", "application/json"), f) {
|
|
1436
1439
|
if (a.configuration.demonstrating_proof_of_possession) {
|
|
1437
1440
|
const h = await a.generateDemonstrationOfProofOfPossessionAsync(f, t.toString(), i.method);
|
|
1438
|
-
|
|
1441
|
+
l.set("Authorization", `PoP ${f}`), l.set("DPoP", h);
|
|
1439
1442
|
} else
|
|
1440
|
-
|
|
1443
|
+
l.set("Authorization", `Bearer ${f}`);
|
|
1441
1444
|
i.credentials || (i.credentials = "same-origin");
|
|
1442
1445
|
}
|
|
1443
|
-
const
|
|
1444
|
-
return await e(t,
|
|
1446
|
+
const c = { ...i, headers: l };
|
|
1447
|
+
return await e(t, c, ...r);
|
|
1445
1448
|
}, K = class K {
|
|
1446
1449
|
constructor(n) {
|
|
1447
1450
|
this._oidc = n;
|
|
@@ -1482,8 +1485,8 @@ const An = (e, n) => async (...s) => {
|
|
|
1482
1485
|
get configuration() {
|
|
1483
1486
|
return this._oidc.configuration;
|
|
1484
1487
|
}
|
|
1485
|
-
async generateDemonstrationOfProofOfPossessionAsync(n, s, t) {
|
|
1486
|
-
return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n, s, t);
|
|
1488
|
+
async generateDemonstrationOfProofOfPossessionAsync(n, s, t, o = {}) {
|
|
1489
|
+
return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n, s, t, o);
|
|
1487
1490
|
}
|
|
1488
1491
|
async getValidTokenAsync(n = 200, s = 50) {
|
|
1489
1492
|
return Ie(this._oidc, n, s);
|