@axa-fr/oidc-client 7.20.1-beta.1399 → 7.20.1

package/README.md

@@ -161,7 +161,7 @@ oidcClient.tryKeepExistingSessionAsync().then(() => {
             <h1>@axa-fr/oidc-client demo</h1>
             <h2>Loading</h2>
         </div>`;
-    return
+    return;
   }
 
   let tokens = oidcClient.tokens;
@@ -226,6 +226,10 @@ const configuration = {
     authority_timeout_wellknowurl_in_millisecond: 10000, // Timeout in milliseconds of the openid well-known URL, default is 10 seconds, then an error is thrown
     monitor_session: Boolean, // Add OpenID monitor session, default is false (more information https://openid.net/specs/openid-connect-session-1_0.html), if you need to set it to true consider https://infi.nl/nieuws/spa-necromancy/
     token_renew_mode: String, // Optional, update tokens based on the selected token(s) lifetime: "access_token_or_id_token_invalid" (default), "access_token_invalid", "id_token_invalid"
+    token_automatic_renew_mode: TokenAutomaticRenewMode.AutomaticOnlyWhenFetchExecuted, // Optional, default is TokenAutomaticRenewMode.AutomaticBeforeTokensExpiration
+    // TokenAutomaticRenewMode.AutomaticBeforeTokensExpiration: renew tokens automatically before they expire
+    // TokenAutomaticRenewMode.AutomaticOnlyWhenFetchExecuted: renew tokens automatically only when fetch is executed
+    // It requires you to use fetch given by oidcClient.fetchWithTokens(fetch) or to use oidcClient.getValidTokenAsync()
     logout_tokens_to_invalidate: Array<string>, // Optional tokens to invalidate during logout, default: ['access_token', 'refresh_token']
     location: ILOidcLocation, // Optional, default is window.location, you can inject your own location object respecting the ILOidcLocation interface
     demonstrating_proof_of_possession: Boolean, // Optional, default is false, if true, the the Demonstrating Proof of Possession will be activated //https://www.rfc-editor.org/rfc/rfc9449.html#name-protected-resource-access

package/dist/events.d.ts

@@ -26,6 +26,6 @@ export declare const eventNames: {
     syncTokensAsync_lock_not_available: string;
     syncTokensAsync_end: string;
     syncTokensAsync_error: string;
-    tokensInvalidButWaitingActionsToRefresh: string;
+    tokensInvalidAndWaitingActionsToRefresh: string;
 };
 //# sourceMappingURL=events.d.ts.map

package/dist/fetch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,KAAK,EAAC,MAAM,SAAS,CAAC;AAK9B,eAAO,MAAM,eAAe,UAAW,KAAK,cAAc,IAAI,GAAG,IAAI,KAAI,KAkCxE,CAAC"}
+{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,KAAK,EAAC,MAAM,SAAS,CAAC;AAK9B,eAAO,MAAM,eAAe,UAAW,KAAK,cAAc,IAAI,GAAG,IAAI,KAAI,KA+BxE,CAAC"}

package/dist/index.d.ts

@@ -1,7 +1,9 @@
 export { getFetchDefault } from './oidc.js';
 export { TokenRenewMode } from './parseTokens.js';
 export { getParseQueryStringFromLocation, getPath } from './route-utils';
-export type { AuthorityConfiguration, Fetch, OidcConfiguration, StringMap, TokenAutomaticRenewMode } from './types.js';
-export { type ILOidcLocation, OidcLocation } from './location.js';
+export type { AuthorityConfiguration, Fetch, OidcConfiguration, StringMap } from './types.js';
+export { OidcLocation } from './location.js';
+export type { ILOidcLocation } from './location.js';
+export { TokenAutomaticRenewMode } from './types.js';
 export { type OidcUserInfo, OidcClient } from './oidcClient.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,+BAA+B,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACzE,YAAY,EACV,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EACT,uBAAuB,EACxB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,KAAK,cAAc,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAClE,OAAO,EAAE,KAAK,YAAY,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,+BAA+B,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACzE,YAAY,EACV,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EACV,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAE,KAAK,YAAY,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/index.js

@@ -54,7 +54,7 @@ const p = {
   syncTokensAsync_lock_not_available: "syncTokensAsync_lock_not_available",
   syncTokensAsync_end: "syncTokensAsync_end",
   syncTokensAsync_error: "syncTokensAsync_error",
-  tokensInvalidButWaitingActionsToRefresh: "tokensInvalidButWaitingActionsToRefresh"
+  tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
 }, I = (e, n = sessionStorage) => {
   const t = (y) => (n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: y }), Promise.resolve()), s = async () => {
     if (!n[`oidc.${e}`])
@@ -103,8 +103,8 @@ const p = {
     getDemonstratingProofOfPossessionJwkAsync: d
   };
 };
-var F = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(F || {});
-const Pe = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (n) => "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2)).join("")), Ie = (e) => JSON.parse(Pe(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), ce = (e) => {
+var V = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(V || {});
+const Pe = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (n) => "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2)).join("")), Ie = (e) => JSON.parse(Pe(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), ae = (e) => {
   try {
     return e && Ce(e, ".") === 2 ? Ie(e.split(".")[1]) : null;
   } catch (n) {
@@ -129,10 +129,10 @@ const z = (e, n = null, t) => {
     return null;
   let s;
   const o = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
-  e.accessTokenPayload !== void 0 ? s = e.accessTokenPayload : s = ce(e.accessToken);
+  e.accessTokenPayload !== void 0 ? s = e.accessTokenPayload : s = ae(e.accessToken);
   let r;
   n != null && "idToken" in n && !("idToken" in e) ? r = n.idToken : r = e.idToken;
-  const i = e.idTokenPayload ? e.idTokenPayload : ce(r), l = i && i.exp ? i.exp : Number.MAX_VALUE, a = s && s.exp ? s.exp : e.issuedAt + o;
+  const i = e.idTokenPayload ? e.idTokenPayload : ae(r), l = i && i.exp ? i.exp : Number.MAX_VALUE, a = s && s.exp ? s.exp : e.issuedAt + o;
   e.issuedAt = Ne(e, s, i);
   let d;
   e.expiresAt ? d = e.expiresAt : t === Z.access_token_invalid ? d = a : t === Z.id_token_invalid ? d = l : d = l < a ? l : a;
@@ -142,7 +142,7 @@ const z = (e, n = null, t) => {
     return { ..._, refreshToken: c };
   }
   return _;
-}, re = (e, n, t) => {
+}, oe = (e, n, t) => {
   if (!e)
     return null;
   if (!e.issued_at) {
@@ -161,14 +161,20 @@ const z = (e, n = null, t) => {
 }, U = (e, n) => {
   const t = (/* @__PURE__ */ new Date()).getTime() / 1e3, s = n - t;
   return Math.round(s - e);
-}, le = (e) => e ? U(0, e.expiresAt) > 0 : !1, ee = async (e, n = 200, t = 50) => {
+}, ce = (e) => e ? U(0, e.expiresAt) > 0 : !1, ge = async (e, n = 200, t = 50) => {
   let s = t;
   if (!e.tokens)
     return null;
-  for (; !le(e.tokens) && s > 0; )
-    e.configuration.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted ? await e.renewTokensAsync({}) : await M({ milliseconds: n }), s = s - 1;
+  for (; !ce(e.tokens) && s > 0; ) {
+    if (e.configuration.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted) {
+      await e.renewTokensAsync({});
+      break;
+    } else
+      await M({ milliseconds: n });
+    s = s - 1;
+  }
   return {
-    isTokensValid: le(e.tokens),
+    isTokensValid: ce(e.tokens),
     tokens: e.tokens,
     numberWaited: s - t
   };
@@ -187,7 +193,7 @@ const z = (e, n = null, t) => {
       return { isValid: !1, reason: `Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}` };
   }
   return { isValid: !0, reason: "" };
-}, J = function() {
+}, B = function() {
   const e = function() {
     let a, d;
     const _ = (function() {
@@ -287,9 +293,9 @@ const z = (e, n = null, t) => {
     setInterval: i,
     clearInterval: l
   };
-}(), ue = "7.20.1-beta.1399";
-let _e = null, q;
-const M = ({ milliseconds: e }) => new Promise((n) => J.setTimeout(n, e)), me = (e = "/") => {
+}(), le = "7.20.1";
+let ue = null, q;
+const M = ({ milliseconds: e }) => new Promise((n) => B.setTimeout(n, e)), me = (e = "/") => {
   try {
     q = new AbortController(), fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: q.signal }).catch((s) => {
       console.log(s);
@@ -338,9 +344,9 @@ const M = ({ milliseconds: e }) => new Promise((n) => J.setTimeout(n, e)), me =
       },
       configurationName: n
     }), D = b.version;
-    return D !== ue && (console.warn(`Service worker ${D} version mismatch with js client version ${ue}, unregistering and reloading`), await P.service_worker_update_require_callback(s, xe)), { tokens: re(b.tokens, null, P.token_renew_mode), status: b.status };
+    return D !== le && (console.warn(`Service worker ${D} version mismatch with js client version ${le}, unregistering and reloading`), await P.service_worker_update_require_callback(s, xe)), { tokens: oe(b.tokens, null, P.token_renew_mode), status: b.status };
   }, i = (k = "/") => {
-    _e == null && (_e = "not_null", me(k));
+    ue == null && (ue = "not_null", me(k));
   }, l = (k) => O(s)({ type: "setSessionState", data: { sessionState: k }, configurationName: n }), a = async () => (await O(s)({ type: "getSessionState", data: null, configurationName: n })).sessionState, d = (k) => (sessionStorage[`oidc.nonce.${n}`] = k.nonce, O(s)({ type: "setNonce", data: { nonce: k }, configurationName: n })), _ = async () => {
     let S = (await O(s)({ type: "getNonce", data: null, configurationName: n })).nonce;
     return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: S };
@@ -407,13 +413,13 @@ function $e(e) {
     return String.fromCharCode(parseInt(s, 16));
   });
 }
-const ie = (e) => {
+const re = (e) => {
   let n = "";
   return e.forEach(function(t) {
     n += String.fromCharCode(t);
   }), we(n);
 };
-function fe(e) {
+function _e(e) {
   return we($e(e));
 }
 const Ke = {
@@ -443,24 +449,24 @@ const Ke = {
   const i = {
     // @ts-ignore
     // JWT "headers" really means JWS "protected headers"
-    protected: fe(JSON.stringify(t)),
+    protected: _e(JSON.stringify(t)),
     // @ts-ignore
     // JWT "claims" are really a JSON-defined JWS "payload"
-    payload: fe(JSON.stringify(s))
+    payload: _e(JSON.stringify(s))
   }, l = o.importKeyAlgorithm, a = !0, d = ["sign"], _ = await e.crypto.subtle.importKey("jwk", n, l, a, d), c = pe(`${i.protected}.${i.payload}`), u = o.signAlgorithm, h = await e.crypto.subtle.sign(u, _, c);
-  return i.signature = ie(new Uint8Array(h)), `${i.protected}.${i.payload}.${i.signature}`;
+  return i.signature = re(new Uint8Array(h)), `${i.protected}.${i.payload}.${i.signature}`;
 };
-var Ve = { sign: Ue };
-const Fe = (e) => async (n) => {
+var Fe = { sign: Ue };
+const Ve = (e) => async (n) => {
   const t = n, s = !0, o = ["sign", "verify"], r = await e.crypto.subtle.generateKey(t, s, o);
   return await e.crypto.subtle.exportKey("jwk", r.privateKey);
 }, Me = (e) => {
   const n = Object.assign({}, e);
   return delete n.d, n.key_ops = ["verify"], n;
-}, Be = {
-  generate: Fe,
+}, Je = {
+  generate: Ve,
   neuter: Me
-}, Je = (e) => async (n, t) => {
+}, Be = (e) => async (n, t) => {
   let s;
   switch (n.kty) {
     case "EC":
@@ -473,10 +479,10 @@ const Fe = (e) => async (n) => {
       throw new Error("Unknown or not implemented JWK type");
   }
   const o = await e.crypto.subtle.digest(t, pe(s));
-  return ie(new Uint8Array(o));
+  return re(new Uint8Array(o));
 };
-var He = { thumbprint: Je };
-const je = (e) => async (n) => await Be.generate(e)(n), Ae = (e) => (n) => async (t, s = "POST", o, r = {}) => {
+var He = { thumbprint: Be };
+const je = (e) => async (n) => await Je.generate(e)(n), Ae = (e) => (n) => async (t, s = "POST", o, r = {}) => {
   const i = {
     // https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
     jti: btoa(qe()),
@@ -485,7 +491,7 @@ const je = (e) => async (n) => await Be.generate(e)(n), Ae = (e) => (n) => async
     iat: Math.round(Date.now() / 1e3),
     ...r
   }, l = await He.thumbprint(e)(t, n.digestAlgorithm);
-  return await Ve.sign(e)(t, { kid: l }, i, n);
+  return await Fe.sign(e)(t, { kid: l }, i, n);
 }, qe = () => {
   const e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", n = "0123456789abcdef";
   let t = 0, s = "";
@@ -495,20 +501,20 @@ const je = (e) => async (n) => await Be.generate(e)(n), Ae = (e) => (n) => async
 }, Se = () => {
   const e = typeof window < "u" && !!window.crypto, n = e && !!window.crypto.subtle;
   return { hasCrypto: e, hasSubtleCrypto: n };
-}, ne = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", Ge = (e) => {
+}, ee = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", Ge = (e) => {
   const n = [];
   for (let t = 0; t < e.byteLength; t += 1) {
-    const s = e[t] % ne.length;
-    n.push(ne[s]);
+    const s = e[t] % ee.length;
+    n.push(ee[s]);
   }
   return n.join("");
-}, te = (e) => {
+}, ne = (e) => {
   const n = new Uint8Array(e), { hasCrypto: t } = Se();
   if (t)
     window.crypto.getRandomValues(n);
   else
     for (let s = 0; s < e; s += 1)
-      n[s] = Math.random() * ne.length | 0;
+      n[s] = Math.random() * ee.length | 0;
   return Ge(n);
 };
 function Ye(e) {
@@ -519,7 +525,7 @@ function Ye(e) {
 }
 function ve(e) {
   return new Promise((n, t) => {
-    crypto.subtle.digest("SHA-256", Ye(e)).then((s) => n(ie(new Uint8Array(s))), (s) => t(s));
+    crypto.subtle.digest("SHA-256", Ye(e)).then((s) => n(re(new Uint8Array(s))), (s) => t(s));
   });
 }
 const Xe = (e) => {
@@ -530,12 +536,12 @@ const Xe = (e) => {
 }, ze = 60 * 60, Qe = (e) => async (n, t = ze, s = window.sessionStorage, o = 1e4) => {
   const r = `${n}/.well-known/openid-configuration`, i = `oidc.server:${n}`, l = De(i, s, t);
   if (l)
-    return new oe(l);
+    return new se(l);
   const a = await H(e)(r, {}, o);
   if (a.status !== 200)
     return null;
   const d = await a.json();
-  return Re(i, d, s), new oe(d);
+  return Re(i, d, s), new se(d);
 }, H = (e) => async (n, t = {}, s = 1e4, o = 0) => {
   let r;
   try {
@@ -550,10 +556,10 @@ const Xe = (e) => {
       throw console.error(i.message), i;
   }
   return r;
-}, se = {
+}, te = {
   refresh_token: "refresh_token",
   access_token: "access_token"
-}, de = (e) => async (n, t, s = se.refresh_token, o, r = {}, i = 1e4) => {
+}, fe = (e) => async (n, t, s = te.refresh_token, o, r = {}, i = 1e4) => {
   const l = {
     token: t,
     token_type_hint: s,
@@ -603,12 +609,12 @@ const Xe = (e) => {
   return _.headers.has(G) && (u = _.headers.get(G)), {
     success: !0,
     status: _.status,
-    data: re(c, o, i),
+    data: oe(c, o, i),
     demonstratingProofOfPossessionNonce: u
   };
 }, en = (e, n) => async (t, s) => {
   s = s ? { ...s } : {};
-  const o = te(128), r = await Xe(o);
+  const o = ne(128), r = await Xe(o);
   await e.setCodeVerifierAsync(o), await e.setStateAsync(s.state), s.code_challenge = r, s.code_challenge_method = "S256";
   let i = "";
   if (s)
@@ -639,12 +645,12 @@ const Xe = (e) => {
     success: !0,
     data: {
       state: t.state,
-      tokens: re(_, null, o),
+      tokens: oe(_, null, o),
       demonstratingProofOfPossessionNonce: d
     }
   };
 };
-async function he(e, n, t) {
+async function de(e, n, t) {
   const s = (l) => {
     e.tokens = l;
   }, { tokens: o, status: r } = await j(e)(0, n, t, s);
@@ -665,11 +671,11 @@ async function Te(e, n = !1, t = null) {
   const s = e.configuration, o = `${s.client_id}_${e.configurationName}_${s.authority}`;
   let r;
   const i = await C(e.configuration, e.configurationName);
-  return (s == null ? void 0 : s.storage) === (window == null ? void 0 : window.sessionStorage) && !i ? r = await he(e, n, t) : r = await navigator.locks.request(o, { ifAvailable: !0 }, async (l) => l ? await he(e, n, t) : (e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), await tn(e, s))), r ? (e.timeoutId && (e.timeoutId = B(e, e.tokens.expiresAt, t)), e.tokens) : null;
+  return (s == null ? void 0 : s.storage) === (window == null ? void 0 : window.sessionStorage) && !i ? r = await de(e, n, t) : r = await navigator.locks.request(o, { ifAvailable: !0 }, async (l) => l ? await de(e, n, t) : (e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), await tn(e, s))), r ? (e.timeoutId && (e.timeoutId = J(e, e.tokens.expiresAt, t)), e.tokens) : null;
 }
-const B = (e, n, t = null) => {
+const J = (e, n, t = null) => {
   const s = e.configuration.refresh_time_before_tokens_expiration_in_second;
-  return J.setTimeout(async () => {
+  return B.setTimeout(async () => {
     const r = { timeLeft: U(s, n) };
     e.publishEvent(N.eventNames.token_timer, r), await Te(e, !1, t);
   }, 1e3);
@@ -724,7 +730,7 @@ const B = (e, n, t = null) => {
     await M({ milliseconds: 1e3 }), r--, e.publishEvent(p.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
   const i = document.hidden, l = n + 1;
   s || (s = {});
-  const a = e.configuration, d = (c, u = null, h = null) => ae(e.configurationName, e.configuration, e.publishEvent.bind(e))(c, u, h), _ = async () => {
+  const a = e.configuration, d = (c, u = null, h = null) => ie(e.configurationName, e.configuration, e.publishEvent.bind(e))(c, u, h), _ = async () => {
     try {
       let c;
       const u = await C(a, e.configurationName);
@@ -755,10 +761,10 @@ const B = (e, n, t = null) => {
       case x.LOGOUT_FROM_ANOTHER_TAB:
         return o(null), e.publishEvent(p.logout_from_another_tab, { status: "session syncTokensAsync" }), { tokens: null, status: "LOGGED_OUT" };
       case x.REQUIRE_SYNC_TOKENS:
-        return a.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== c ? (e.publishEvent(p.tokensInvalidButWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(p.refreshTokensAsync_begin, { tryNumber: n }), await _());
+        return a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== c ? (e.publishEvent(p.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(p.refreshTokensAsync_begin, { tryNumber: n }), await _());
       default: {
-        if (a.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== c)
-          return e.publishEvent(p.tokensInvalidButWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
+        if (a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== c)
+          return e.publishEvent(p.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
         if (e.publishEvent(p.refreshTokensAsync_begin, { refreshToken: u.refreshToken, status: c, tryNumber: n }), !u.refreshToken)
           return await _();
         const g = a.client_id, m = a.redirect_uri, f = a.authority, A = { ...a.token_request_extras ? a.token_request_extras : {} };
@@ -801,7 +807,7 @@ const B = (e, n, t = null) => {
   } catch (c) {
     return console.error(c), e.publishEvent(p.refreshTokensAsync_silent_error, { message: "exception", exception: c.message }), j(e)(l, t, s, o);
   }
-}, ae = (e, n, t) => (s = null, o = null, r = null) => {
+}, ie = (e, n, t) => (s = null, o = null, r = null) => {
   if (!n.silent_redirect_uri || !n.silent_login_uri)
     return Promise.resolve(null);
   try {
@@ -847,9 +853,9 @@ const B = (e, n, t = null) => {
   }
 }, on = (e, n, t, s, o) => (r = null, i = void 0) => {
   r = { ...r };
-  const l = (d, _, c) => ae(n, t, s.bind(o))(d, _, c);
+  const l = (d, _, c) => ie(n, t, s.bind(o))(d, _, c);
   return (async () => {
-    o.timeoutId && J.clearTimeout(o.timeoutId);
+    o.timeoutId && B.clearTimeout(o.timeoutId);
     let d;
     r && "state" in r && (d = r.state, delete r.state);
     try {
@@ -858,13 +864,13 @@ const B = (e, n, t = null) => {
         prompt: "none"
       }, d, i);
       if (c)
-        return o.tokens = c.tokens, s(p.token_aquired, {}), o.timeoutId = B(o, o.tokens.expiresAt, r), {};
+        return o.tokens = c.tokens, s(p.token_aquired, {}), o.timeoutId = J(o, o.tokens.expiresAt, r), {};
     } catch (_) {
       return _;
     }
   })();
 }, rn = (e, n, t) => (s, o, r, i = !1) => {
-  const l = (a, d = void 0, _ = void 0) => ae(e.configurationName, t, e.publishEvent.bind(e))(a, d, _);
+  const l = (a, d = void 0, _ = void 0) => ie(e.configurationName, t, e.publishEvent.bind(e))(a, d, _);
   return new Promise((a, d) => {
     if (t.silent_login_uri && t.silent_redirect_uri && t.monitor_session && s && r && !i) {
       const _ = () => {
@@ -942,14 +948,14 @@ const B = (e, n, t = null) => {
   const d = i;
   return i = { ...i }, (async () => {
     const c = r || o.getPath();
-    if ("state" in i || (i.state = te(16)), t(p.loginAsync_begin, {}), i)
+    if ("state" in i || (i.state = ne(16)), t(p.loginAsync_begin, {}), i)
       for (const u of Object.keys(i))
         u.endsWith(":token_request") && delete i[u];
     try {
       const u = l ? n.silent_redirect_uri : n.redirect_uri;
       a || (a = n.scope);
       const h = n.extras ? { ...n.extras, ...i } : i;
-      h.nonce || (h.nonce = te(12));
+      h.nonce || (h.nonce = ne(12));
       const g = { nonce: h.nonce }, m = await C(n, e), f = await s(n.authority, n.authority_configuration);
       let w;
       if (m)
@@ -1044,7 +1050,7 @@ const B = (e, n, t = null) => {
   } catch (t) {
     throw console.error(t), e.publishEvent(p.loginCallbackAsync_error, t), t;
   }
-}, ye = {
+}, he = {
   access_token: "access_token",
   refresh_token: "refresh_token"
 }, Q = (e, n) => {
@@ -1067,7 +1073,7 @@ const B = (e, n, t = null) => {
   }
   return n;
 }, _n = (e) => async (n) => {
-  J.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
+  B.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
   const t = await C(e.configuration, e.configurationName);
   t ? await t.clearAsync(n) : await I(e.configurationName, e.configuration.storage).clearAsync(n), e.tokens = null, e.userInfo = null;
 }, fn = (e, n, t, s, o) => async (r = void 0, i = null) => {
@@ -1081,22 +1087,22 @@ const B = (e, n, t = null) => {
     const w = a.revocationEndpoint;
     if (w) {
       const A = [], v = e.tokens ? e.tokens.accessToken : null;
-      if (v && l.logout_tokens_to_invalidate.includes(ye.access_token)) {
-        const y = Q(i, ":revoke_access_token"), k = de(t)(
+      if (v && l.logout_tokens_to_invalidate.includes(he.access_token)) {
+        const y = Q(i, ":revoke_access_token"), k = fe(t)(
           w,
           v,
-          se.access_token,
+          te.access_token,
           l.client_id,
           y
         );
         A.push(k);
       }
       const T = e.tokens ? e.tokens.refreshToken : null;
-      if (T && l.logout_tokens_to_invalidate.includes(ye.refresh_token)) {
-        const y = Q(i, ":revoke_refresh_token"), k = de(t)(
+      if (T && l.logout_tokens_to_invalidate.includes(he.refresh_token)) {
+        const y = Q(i, ":revoke_refresh_token"), k = fe(t)(
           w,
           T,
-          se.refresh_token,
+          te.refresh_token,
           l.client_id,
           y
         );
@@ -1128,11 +1134,7 @@ const B = (e, n, t = null) => {
   const [s, o, ...r] = t, i = o ? { ...o } : { method: "GET" };
   let l = new Headers();
   i.headers && (l = i.headers instanceof Headers ? i.headers : new Headers(i.headers));
-  const a = n;
-  console.log("before", ee);
-  const d = await ee(a);
-  console.log("getValidToken", d);
-  const _ = (u = d == null ? void 0 : d.tokens) == null ? void 0 : u.accessToken;
+  const a = n, d = await ge(a), _ = (u = d == null ? void 0 : d.tokens) == null ? void 0 : u.accessToken;
   if (l.has("Accept") || l.set("Accept", "application/json"), _) {
     if (a.configuration.demonstrating_proof_of_possession) {
       const h = await a.generateDemonstrationOfProofOfPossessionAsync(_, s.toString(), i.method);
@@ -1144,7 +1146,7 @@ const B = (e, n, t = null) => {
   const c = { ...i, headers: l };
   return await e(s, c, ...r);
 }, dn = (e) => async (n = !1) => {
-  if (console.log("oidc.userInfo", e.userInfo), e.userInfo != null && !n)
+  if (e.userInfo != null && !n)
     return e.userInfo;
   const t = e.configuration, o = (await e.initAsync(t.authority, t.authority_configuration)).userInfoEndpoint, i = await (async () => {
     const a = await Ee(fetch, e)(o);
@@ -1263,7 +1265,7 @@ const kn = () => {
       if (o) {
         n.startKeepAliveServiceWorker(), e.tokens = o;
         const r = n.getLoginParams(e.configurationName);
-        e.timeoutId = B(e, e.tokens.expiresAt, r.extras);
+        e.timeoutId = J(e, e.tokens.expiresAt, r.extras);
         const i = await n.getSessionStateAsync();
         return await e.startCheckSessionAsync(s.check_session_iframe, t.client_id, i), e.publishEvent(p.tryKeepExistingSessionAsync_end, {
           success: !0,
@@ -1282,7 +1284,7 @@ const kn = () => {
       if (r) {
         e.tokens = z(r, null, t.token_renew_mode);
         const i = o.getLoginParams();
-        e.timeoutId = B(e, e.tokens.expiresAt, i.extras);
+        e.timeoutId = J(e, e.tokens.expiresAt, i.extras);
         const l = await o.getSessionStateAsync();
         return await e.startCheckSessionAsync(s.check_session_iframe, t.client_id, l), e.publishEvent(p.tryKeepExistingSessionAsync_end, {
           success: !0,
@@ -1298,15 +1300,15 @@ const kn = () => {
     return console.error(t), n && await n.clearAsync(), e.publishEvent(p.tryKeepExistingSessionAsync_error, "tokens inside ServiceWorker are invalid"), !1;
   }
 }, pn = () => fetch;
-class oe {
+class se {
   constructor(n) {
     this.authorizationEndpoint = n.authorization_endpoint, this.tokenEndpoint = n.token_endpoint, this.revocationEndpoint = n.revocation_endpoint, this.userInfoEndpoint = n.userinfo_endpoint, this.checkSessionIframe = n.check_session_iframe, this.issuer = n.issuer, this.endSessionEndpoint = n.end_session_endpoint;
   }
 }
 const W = {}, wn = (e, n = new X()) => (t, s = "default") => (W[s] || (W[s] = new N(t, s, e, n)), W[s]), An = async (e) => {
   const { parsedTokens: n, callbackPath: t } = await e.loginCallbackAsync();
-  return e.timeoutId = B(e, n.expiresAt), { callbackPath: t };
-}, Sn = (e) => Math.floor(Math.random() * e), V = class V {
+  return e.timeoutId = J(e, n.expiresAt), { callbackPath: t };
+}, Sn = (e) => Math.floor(Math.random() * e), F = class F {
   constructor(n, t = "default", s, o = new X()) {
     this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
     let r = n.silent_login_uri;
@@ -1317,7 +1319,7 @@ const W = {}, wn = (e, n = new X()) => (t, s = "default") => (W[s] || (W[s] = ne
     this.configuration = {
       ...n,
       silent_login_uri: r,
-      token_automatic_renew_mode: n.token_automatic_renew_mode ?? F.AutomaticBeforeTokenExpiration,
+      token_automatic_renew_mode: n.token_automatic_renew_mode ?? V.AutomaticBeforeTokenExpiration,
       monitor_session: n.monitor_session ?? !1,
       refresh_time_before_tokens_expiration_in_second: i,
       silent_login_timeout: n.silent_login_timeout ?? 12e3,
@@ -1374,7 +1376,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
       return this.initPromise;
     const s = async () => {
       if (t != null)
-        return new oe({
+        return new se({
           authorization_endpoint: t.authorization_endpoint,
           end_session_endpoint: t.end_session_endpoint,
           revocation_endpoint: t.revocation_endpoint,
@@ -1402,7 +1404,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
       return this.loginCallbackPromise;
     const t = async () => {
       const s = await ln(this)(n), o = s.tokens;
-      return this.tokens = o, await C(this.configuration, this.configurationName) || I(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(V.eventNames.token_aquired, o), { parsedTokens: o, state: s.state, callbackPath: s.callbackPath };
+      return this.tokens = o, await C(this.configuration, this.configurationName) || I(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(F.eventNames.token_aquired, o), { parsedTokens: o, state: s.state, callbackPath: s.callbackPath };
     };
     return this.loginCallbackPromise = t(), this.loginCallbackPromise.then((s) => (this.loginCallbackPromise = null, s));
   }
@@ -1428,7 +1430,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
     if (this.renewTokensPromise !== null)
       return this.renewTokensPromise;
     if (this.timeoutId)
-      return J.clearTimeout(this.timeoutId), this.renewTokensPromise = Te(this, !0, n), this.renewTokensPromise.then((t) => (this.renewTokensPromise = null, t));
+      return B.clearTimeout(this.timeoutId), this.renewTokensPromise = Te(this, !0, n), this.renewTokensPromise.then((t) => (this.renewTokensPromise = null, t));
   }
   async destroyAsync(n) {
     return await _n(this)(n);
@@ -1443,8 +1445,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
     return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = fn(this, W, this.getFetch(), console, this.location)(n, t), this.logoutPromise.then((s) => (this.logoutPromise = null, s)));
   }
 };
-V.getOrCreate = (n, t) => (s, o = "default") => wn(n, t)(s, o), V.eventNames = p;
-let N = V;
+F.getOrCreate = (n, t) => (s, o = "default") => wn(n, t)(s, o), F.eventNames = p;
+let N = F;
 const K = class K {
   constructor(n) {
     this._oidc = n;
@@ -1489,7 +1491,7 @@ const K = class K {
     return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n, t, s, o);
   }
   async getValidTokenAsync(n = 200, t = 50) {
-    return ee(this._oidc, n, t);
+    return ge(this._oidc, n, t);
   }
   fetchWithTokens(n) {
     return Ee(n, this);
@@ -1499,10 +1501,11 @@ const K = class K {
   }
 };
 K.getOrCreate = (n, t = new X()) => (s, o = "default") => new K(N.getOrCreate(n, t)(s, o)), K.eventNames = N.eventNames;
-let ge = K;
+let ye = K;
 export {
-  ge as OidcClient,
+  ye as OidcClient,
   X as OidcLocation,
+  V as TokenAutomaticRenewMode,
   Z as TokenRenewMode,
   pn as getFetchDefault,
   Y as getParseQueryStringFromLocation,

package/dist/index.umd.cjs

@@ -1,2 +1,2 @@
-(function(N,Y){typeof exports=="object"&&typeof module<"u"?Y(exports):typeof define=="function"&&define.amd?define(["exports"],Y):(N=typeof globalThis<"u"?globalThis:N||self,Y(N["oidc-client"]={}))})(this,function(N){"use strict";const R=console;class Ce{constructor(n,t,s,o=2e3,r=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||2e3,this._stopOnError=r;const i=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substr(0,i),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(R.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(R.debug(n),R.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):R.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){R.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(R.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const p={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidButWaitingActionsToRefresh:"tokensInvalidButWaitingActionsToRefresh"},P=(e,n=sessionStorage)=>{const t=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),s=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},r=async y=>{n[`oidc.session_state.${e}`]=y},i=async()=>n[`oidc.session_state.${e}`],l=y=>{n[`oidc.nonce.${e}`]=y.nonce},a=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async y=>{n[`oidc.dpop_nonce.${e}`]=y},u=()=>n[`oidc.dpop_nonce.${e}`],h=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:t,initAsync:s,setTokens:o,getTokens:h,setSessionStateAsync:r,getSessionStateAsync:i,setNonceAsync:l,getNonceAsync:f,setLoginParams:y=>{g[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(g[e]||(g[e]=JSON.parse(y)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:d}};var F=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(F||{});const Ne=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),xe=e=>JSON.parse(Ne(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),fe=e=>{try{return e&&We(e,".")===2?xe(e.split(".")[1]):null}catch(n){console.warn(n)}return null},We=(e,n)=>e.split(n).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const z=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=fe(e.accessToken);let r;n!=null&&"idToken"in n&&!("idToken"in e)?r=n.idToken:r=e.idToken;const i=e.idTokenPayload?e.idTokenPayload:fe(r),l=i&&i.exp?i.exp:Number.MAX_VALUE,a=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=Le(e,s,i);let d;e.expiresAt?d=e.expiresAt:t===X.access_token_invalid?d=a:t===X.id_token_invalid?d=l:d=l<a?l:a;const f={...e,idTokenPayload:i,accessTokenPayload:s,expiresAt:d,idToken:r};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...f,refreshToken:c}}return f},ne=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),z(s,n,t)},V=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},_e=e=>e?V(0,e.expiresAt)>0:!1,te=async(e,n=200,t=50)=>{let s=t;if(!e.tokens)return null;for(;!_e(e.tokens)&&s>0;)e.configuration.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted?await e.renewTokensAsync({}):await B({milliseconds:n}),s=s-1;return{isTokensValid:_e(e.tokens),tokens:e.tokens,numberWaited:s-t}},de=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const r=60*60*24*7;if(s.iat&&s.iat+r<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+r} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},M=function(){const e=function(){let a,d;const f=(function(){const u={},h={setTimeout:function(m,_,w){u[_]=setTimeout(function(){m.postMessage(_),u[_]=null},w)},setInterval:function(m,_,w){u[_]=setInterval(function(){m.postMessage(_)},w)},clearTimeout:function(m,_){clearTimeout(u[_]),u[_]=null},clearInterval:function(m,_){clearInterval(u[_]),u[_]=null}};function g(m,_){const w=_.data[0],A=_.data[1],v=_.data[2];h[w]&&h[w](m,A,v)}this.onmessage=function(m){g(self,m)},this.onconnect=function(m){const _=m.ports[0];_.onmessage=function(w){g(_,w)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});d=URL.createObjectURL(u)}catch{return null}const c=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(d),a.port}catch{c&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(d),a}catch{c&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),t={},s={};e.onmessage=function(a){const d=a.data,f=t[d];if(f){f(),t[d]=null;return}const c=s[d];c&&c()};function o(a,d){const f=n();return e.postMessage(["setTimeout",f,d]),t[f]=a,f}function r(a){e.postMessage(["clearTimeout",a]),t[a]=null}function i(a,d){const f=n();return e.postMessage(["setInterval",f,d]),s[f]=a,f}function l(a){e.postMessage(["clearInterval",a]),s[a]=null}return{setTimeout:o,clearTimeout:r,setInterval:i,clearInterval:l}}(),he="7.20.1-beta.1399";let ye=null,Q;const B=({milliseconds:e})=>new Promise(n=>M.setTimeout(n,e)),ge=(e="/")=>{try{Q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Q.signal}).catch(s=>{console.log(s)}),B({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},De=()=>{Q&&Q.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,t)=>{t(),await n.update();const s=await n.unregister();console.log(`Service worker unregistering ${s}`),await B({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(t,s){const o=new MessageChannel;o.port1.onmessage=function(r){r.data&&r.data.error?s(r.data.error):t(r.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;let s=null;e.register?s=await e.service_worker_register(t):s=await navigator.serviceWorker.register(t);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(s)({type:"claim"})}catch{return null}const o=async k=>O(s)({type:"clear",data:{status:k},configurationName:n}),r=async(k,S,C)=>{const b=await O(s)({type:"init",data:{oidcServerConfiguration:k,where:S,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),U=b.version;return U!==he&&(console.warn(`Service worker ${U} version mismatch with js client version ${he}, unregistering and reloading`),await C.service_worker_update_require_callback(s,De)),{tokens:ne(b.tokens,null,C.token_renew_mode),status:b.status}},i=(k="/")=>{ye==null&&(ye="not_null",ge(k))},l=k=>O(s)({type:"setSessionState",data:{sessionState:k},configurationName:n}),a=async()=>(await O(s)({type:"getSessionState",data:null,configurationName:n})).sessionState,d=k=>(sessionStorage[`oidc.nonce.${n}`]=k.nonce,O(s)({type:"setNonce",data:{nonce:k},configurationName:n})),f=async()=>{let S=(await O(s)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}};let c={};return{clearAsync:o,initAsync:r,startKeepAliveServiceWorker:()=>i(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:l,getSessionStateAsync:a,setNonceAsync:d,getNonceAsync:f,setLoginParams:k=>{c[n]=k,localStorage[`oidc.login.${n}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${n}`];return c[n]||(c[n]=JSON.parse(k)),c[n]},getStateAsync:async()=>{let S=(await O(s)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async k=>(sessionStorage[`oidc.state.${n}`]=k,O(s)({type:"setState",data:{state:k},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await O(s)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${n}`]=k,O(s)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:n})),setDemonstratingProofOfPossessionNonce:async k=>{await O(s)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(s)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const S=JSON.stringify(k);await O(s)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await O(s)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}},$={},Ke=(e,n=window.sessionStorage,t)=>{if(!$[e]&&n){const o=n.getItem(e);o&&($[e]=JSON.parse(o))}const s=1e3*t;return $[e]&&$[e].timestamp+s>Date.now()?$[e].result:null},Ue=(e,n,t=window.sessionStorage)=>{const s=Date.now();$[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function ke(e){return new TextEncoder().encode(e)}function me(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Fe(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const se=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),me(n)};function pe(e){return me(Fe(e))}const Ve={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var Me={sign:e=>async(n,t,s,o,r="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=r,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const i={protected:pe(JSON.stringify(t)),payload:pe(JSON.stringify(s))},l=o.importKeyAlgorithm,a=!0,d=["sign"],f=await e.crypto.subtle.importKey("jwk",n,l,a,d),c=ke(`${i.protected}.${i.payload}`),u=o.signAlgorithm,h=await e.crypto.subtle.sign(u,f,c);return i.signature=se(new Uint8Array(h)),`${i.protected}.${i.payload}.${i.signature}`}};const Be={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],r=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",r.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var Je={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,ke(s));return se(new Uint8Array(o))}};const He=e=>async n=>await Be.generate(e)(n),we=e=>n=>async(t,s="POST",o,r={})=>{const i={jti:btoa(je()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...r},l=await Je.thumbprint(e)(t,n.digestAlgorithm);return await Me.sign(e)(t,{kid:l},i,n)},je=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Ae=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%oe.length;n.push(oe[s])}return n.join("")},re=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Ae();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*oe.length|0;return qe(n)};function Ge(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function Se(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",Ge(e)).then(s=>n(se(new Uint8Array(s))),s=>t(s))})}const Ye=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Ae();return n?Se(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Xe=60*60,ze=e=>async(n,t=Xe,s=window.sessionStorage,o=1e4)=>{const r=`${n}/.well-known/openid-configuration`,i=`oidc.server:${n}`,l=Ke(i,s,t);if(l)return new le(l);const a=await J(e)(r,{},o);if(a.status!==200)return null;const d=await a.json();return Ue(i,d,s),new le(d)},J=e=>async(n,t={},s=1e4,o=0)=>{let r;try{const i=new AbortController;setTimeout(()=>i.abort(),s),r=await e(n,{...t,signal:i.signal})}catch(i){if(i.name==="AbortError"||i.message==="Network request failed"){if(o<=1)return await J(e)(n,t,s,o+1);throw i}else throw console.error(i.message),i}return r},ie={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,t,s=ie.refresh_token,o,r={},i=1e4)=>{const l={token:t,token_type_hint:s,client_id:o};for(const[c,u]of Object.entries(r))l[c]===void 0&&(l[c]=u);const a=[];for(const c in l){const u=encodeURIComponent(c),h=encodeURIComponent(l[c]);a.push(`${u}=${h}`)}const d=a.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:d},i)).status!==200?{success:!1}:{success:!0}},Qe=e=>async(n,t,s,o,r={},i,l=1e4)=>{for(const[h,g]of Object.entries(s))t[h]===void 0&&(t[h]=g);const a=[];for(const h in t){const g=encodeURIComponent(h),m=encodeURIComponent(t[h]);a.push(`${g}=${m}`)}const d=a.join("&"),f=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...r},body:d},l);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const c=await f.json();let u=null;return f.headers.has(Z)&&(u=f.headers.get(Z)),{success:!0,status:f.status,data:ne(c,o,i),demonstratingProofOfPossessionNonce:u}},Ze=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=re(128),r=await Ye(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=r,s.code_challenge_method="S256";let i="";if(s)for(const[l,a]of Object.entries(s))i===""?i+="?":i+="&",i+=`${l}=${encodeURIComponent(a)}`;n.open(`${t}${i}`)},Z="DPoP-Nonce",en=e=>async(n,t,s,o,r=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const i=[];for(const c in t){const u=encodeURIComponent(c),h=encodeURIComponent(t[c]);i.push(`${u}=${h}`)}const l=i.join("&"),a=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:l},r);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let d=null;a.headers.has(Z)&&(d=a.headers.get(Z));const f=await a.json();return{success:!0,data:{state:t.state,tokens:ne(f,null,o),demonstratingProofOfPossessionNonce:d}}};async function Te(e,n,t){const s=l=>{e.tokens=l},{tokens:o,status:r}=await ee(e)(0,n,t,s);return await I(e.configuration,e.configurationName)||await P(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(r),null)}const nn=async(e,n)=>{const t=await I(n,e.configurationName);if(t){const s=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await t.initAsync(s,"tryKeepExistingSessionAsync",n);return o}else{const s=P(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await s.initAsync();return o=z(o,e.tokens,n.token_renew_mode),o}};async function be(e,n=!1,t=null){const s=e.configuration,o=`${s.client_id}_${e.configurationName}_${s.authority}`;let r;const i=await I(e.configuration,e.configurationName);return(s==null?void 0:s.storage)===(window==null?void 0:window.sessionStorage)&&!i?r=await Te(e,n,t):r=await navigator.locks.request(o,{ifAvailable:!0},async l=>l?await Te(e,n,t):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await nn(e,s))),r?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,t)),e.tokens):null}const H=(e,n,t=null)=>{const s=e.configuration.refresh_time_before_tokens_expiration_in_second;return M.setTimeout(async()=>{const r={timeLeft:V(s,n)};e.publishEvent(x.eventNames.token_timer,r),await be(e,!1,t)},1e3)},W={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},tn=e=>async(n,t,s,o=!1)=>{const r={nonce:null};if(!s)return{tokens:null,status:"NOT_CONNECTED",nonce:r};let i=r;const l=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,t);if(a){const{status:c,tokens:u}=await a.initAsync(l,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(!c||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:r};if(u.issuedAt!==s.issuedAt){const g=V(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",m=await a.getNonceAsync();return{tokens:u,status:g,nonce:m}}i=await a.getNonceAsync()}else{const c=P(t,n.storage??sessionStorage);let{tokens:u,status:h}=await c.initAsync();if(u&&(u=z(u,e.tokens,n.token_renew_mode)),u){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(u.issuedAt!==s.issuedAt){const m=V(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await c.getNonceAsync();return{tokens:u,status:m,nonce:_}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};i=await c.getNonceAsync()}const f=V(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:i}:{tokens:s,status:f,nonce:i}},ee=e=>async(n=0,t=!1,s=null,o)=>{for(;!navigator.onLine&&document.hidden;)await B({milliseconds:1e3}),e.publishEvent(p.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await B({milliseconds:1e3}),r--,e.publishEvent(p.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const i=document.hidden,l=n+1;s||(s={});const a=e.configuration,d=(c,u=null,h=null)=>ae(e.configurationName,e.configuration,e.publishEvent.bind(e))(c,u,h),f=async()=>{try{let c;const u=await I(a,e.configurationName);u?c=u.getLoginParams():c=P(e.configurationName,a.storage).getLoginParams();const h=await d({...c.extras,...s,prompt:"none"});return h?h.error?(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(h.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:h.tokens,status:"LOGGED"}):(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(c){return console.error(c),e.publishEvent(p.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:c.message}),await ee(e)(l,t,s,o)}};if(n>4)return i?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:c,tokens:u,nonce:h}=await tn(e)(a,e.configurationName,e.tokens,t);switch(c){case W.SESSION_LOST:return o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case W.NOT_CONNECTED:return o(null),{tokens:null,status:null};case W.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case W.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case W.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(p.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case W.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==c?(e.publishEvent(p.tokensInvalidButWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(p.refreshTokensAsync_begin,{tryNumber:n}),await f());default:{if(a.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==c)return e.publishEvent(p.tokensInvalidButWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(p.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:c,tryNumber:n}),!u.refreshToken)return await f();const g=a.client_id,m=a.redirect_uri,_=a.authority,A={...a.token_request_extras?a.token_request_extras:{}};for(const[T,y]of Object.entries(s))T.endsWith(":token_request")&&(A[T.replace(":token_request","")]=y);return await(async()=>{const T={client_id:g,redirect_uri:m,grant_type:"refresh_token",refresh_token:u.refreshToken},y=await e.initAsync(_,a.authority_configuration),k=document.hidden?1e4:3e4*10,S=y.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,S,"POST"));const b=await Qe(e.getFetch())(S,T,A,u,C,a.token_renew_mode,k);if(b.success){const{isValid:U,reason:E}=de(b.data,h.nonce,y);if(!U)return o(null),e.publishEvent(p.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${E}`}),{tokens:null,status:"SESSION_LOST"};if(o(b.data),b.demonstratingProofOfPossessionNonce){const D=await I(a,e.configurationName);D?await D.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await P(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(p.refreshTokensAsync_end,{success:b.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(p.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await ee(e)(l,t,s,o)})()}}}catch(c){return console.error(c),e.publishEvent(p.refreshTokensAsync_silent_error,{message:"exception",exception:c.message}),ee(e)(l,t,s,o)}},ae=(e,n,t)=>(s=null,o=null,r=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(p.silentLoginAsync_begin,{});let i="";if(o&&(s==null&&(s={}),s.state=o),r&&(s==null&&(s={}),s.scope=r),s!=null)for(const[c,u]of Object.entries(s))i===""?i=`?${encodeURIComponent(c)}=${encodeURIComponent(u)}`:i+=`&${encodeURIComponent(c)}=${encodeURIComponent(u)}`;const l=n.silent_login_uri+i,a=l.indexOf("/",l.indexOf("//")+2),d=l.substring(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",l),document.body.appendChild(f),new Promise((c,u)=>{let h=!1;const g=()=>{window.removeEventListener("message",m),f.remove(),h=!0},m=_=>{if(_.origin===d&&_.source===f.contentWindow){const w=`${e}_oidc_tokens:`,A=`${e}_oidc_error:`,v=`${e}_oidc_exception:`,T=_.data;if(T&&typeof T=="string"&&!h){if(T.startsWith(w)){const y=JSON.parse(_.data.replace(w,""));t(p.silentLoginAsync_end,{}),c(y),g()}else if(T.startsWith(A)){const y=JSON.parse(_.data.replace(A,""));t(p.silentLoginAsync_error,y),c({error:"oidc_"+y.error,tokens:null,sessionState:null}),g()}else if(T.startsWith(v)){const y=JSON.parse(_.data.replace(v,""));t(p.silentLoginAsync_error,y),u(new Error(y.error)),g()}}}};try{window.addEventListener("message",m);const _=n.silent_login_timeout;setTimeout(()=>{h||(g(),t(p.silentLoginAsync_error,{reason:"timeout"}),u(new Error("timeout")))},_)}catch(_){g(),t(p.silentLoginAsync_error,_),u(_)}})}catch(i){throw t(p.silentLoginAsync_error,i),i}},sn=(e,n,t,s,o)=>(r=null,i=void 0)=>{r={...r};const l=(d,f,c)=>ae(n,t,s.bind(o))(d,f,c);return(async()=>{o.timeoutId&&M.clearTimeout(o.timeoutId);let d;r&&"state"in r&&(d=r.state,delete r.state);try{const f=t.extras?{...t.extras,...r}:r,c=await l({...f,prompt:"none"},d,i);if(c)return o.tokens=c.tokens,s(p.token_aquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,r),{}}catch(f){return f}})()},on=(e,n,t)=>(s,o,r,i=!1)=>{const l=(a,d=void 0,f=void 0)=>ae(e.configurationName,t,e.publishEvent.bind(e))(a,d,f);return new Promise((a,d)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&r&&!i){const f=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const u=c.idToken,h=c.idTokenPayload;return l({prompt:"none",id_token_hint:u,scope:t.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const m=g.tokens.idTokenPayload;if(h.sub===m.sub){const _=g.sessionState;e.checkSessionIFrame.start(g.sessionState),h.sid===m.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",_):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",_)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",m.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[m,_]of Object.entries(n))await _.logoutOtherTabAsync(t.client_id,h.sub)})};e.checkSessionIFrame=new Ce(f,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(r),a(e.checkSessionIFrame)}).catch(c=>{d(c)})}else a(null)})},Ee=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},rn=e=>{const n=Ee(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},j=e=>{const n=Ee(e),{search:t}=n;return an(t)},an=e=>{const n={};let t,s,o;const r=e.split("&");for(s=0,o=r.length;s<o;s++)t=r[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},cn=(e,n,t,s,o)=>(r=void 0,i=null,l=!1,a=void 0)=>{const d=i;return i={...i},(async()=>{const c=r||o.getPath();if("state"in i||(i.state=re(16)),t(p.loginAsync_begin,{}),i)for(const u of Object.keys(i))u.endsWith(":token_request")&&delete i[u];try{const u=l?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const h=n.extras?{...n.extras,...i}:i;h.nonce||(h.nonce=re(12));const g={nonce:h.nonce},m=await I(n,e),_=await s(n.authority,n.authority_configuration);let w;if(m)m.setLoginParams({callbackPath:c,extras:d}),await m.initAsync(_,"loginAsync",n),await m.setNonceAsync(g),m.startKeepAliveServiceWorker(),w=m;else{const v=P(e,n.storage??sessionStorage);v.setLoginParams({callbackPath:c,extras:d}),await v.setNonceAsync(g),w=v}const A={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",...h};await Ze(w,o)(_.authorizationEndpoint,A)}catch(u){throw t(p.loginAsync_error,u),u}})()},ln=e=>async(n=!1)=>{try{e.publishEvent(p.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,r=t.authority,i=t.token_request_timeout,l=await e.initAsync(r,t.authority_configuration),a=e.location.getCurrentHref(),f=j(a).session_state,c=await I(t,e.configurationName);let u,h,g,m;if(c)await c.initAsync(l,"loginCallbackAsync",t),await c.setSessionStateAsync(f),h=await c.getNonceAsync(),g=c.getLoginParams(),m=await c.getStateAsync(),c.startKeepAliveServiceWorker(),u=c;else{const E=P(e.configurationName,t.storage??sessionStorage);await E.setSessionStateAsync(f),h=await E.getNonceAsync(),g=E.getLoginParams(),m=await E.getStateAsync(),u=E}const _=j(a);if(_.error||_.error_description)throw new Error(`Error from OIDC server: ${_.error} - ${_.error_description}`);if(_.iss&&_.iss!==l.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${l.issuer}, received: ${_.iss})`);if(_.state&&_.state!==m)throw new Error(`State not valid (expected: ${m}, received: ${_.state})`);const w={code:_.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},A={};if(t.token_request_extras)for(const[E,D]of Object.entries(t.token_request_extras))A[E]=D;if(g&&g.extras)for(const[E,D]of Object.entries(g.extras))E.endsWith(":token_request")&&(A[E.replace(":token_request","")]=D);const v=l.tokenEndpoint,T={};if(t.demonstrating_proof_of_possession)if(c)T.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const E=await He(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await P(e.configurationName,t.storage).setDemonstratingProofOfPossessionJwkAsync(E),T.DPoP=await we(window)(t.demonstrating_proof_of_possession_configuration)(E,"POST",v)}const y=await en(u)(v,{...w,...A},T,e.configuration.token_renew_mode,i);if(!y.success)throw new Error("Token request failed");let k;const S=y.data.tokens,C=y.data.demonstratingProofOfPossessionNonce;if(y.data.state!==A.state)throw new Error("state is not valid");const{isValid:b,reason:U}=de(S,h.nonce,l);if(!b)throw new Error(`Tokens are not OpenID valid, reason: ${U}`);if(c){if(S.refreshToken&&!S.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&S.accessToken&&S.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(l,"syncTokensAsync",t),k=c.getLoginParams(),C&&await c.setDemonstratingProofOfPossessionNonce(C);else{const E=P(e.configurationName,t.storage);k=E.getLoginParams(),C&&await E.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(l.checkSessionIframe,s,f,n),e.publishEvent(p.loginCallbackAsync_end,{}),{tokens:S,state:"request.state",callbackPath:k.callbackPath}}catch(t){throw console.error(t),e.publishEvent(p.loginCallbackAsync_error,t),t}},Oe={access_token:"access_token",refresh_token:"refresh_token"},ce=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const r=s.replace(n,"");t[r]=o}return t}return t},un=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},fn=e=>async n=>{M.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await I(e.configuration,e.configurationName);t?await t.clearAsync(n):await P(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},_n=(e,n,t,s,o)=>async(r=void 0,i=null)=>{const l=e.configuration,a=await e.initAsync(l.authority,l.authority_configuration);r&&typeof r!="string"&&(r=void 0,s.warn("callbackPathOrUrl path is not a string"));const d=r??o.getPath();let f=!1;r&&(f=r.includes("https://")||r.includes("http://"));const c=f?r:o.getOrigin()+d,u=e.tokens?e.tokens.idToken:"";try{const w=a.revocationEndpoint;if(w){const A=[],v=e.tokens?e.tokens.accessToken:null;if(v&&l.logout_tokens_to_invalidate.includes(Oe.access_token)){const y=ce(i,":revoke_access_token"),k=ve(t)(w,v,ie.access_token,l.client_id,y);A.push(k)}const T=e.tokens?e.tokens.refreshToken:null;if(T&&l.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const y=ce(i,":revoke_refresh_token"),k=ve(t)(w,T,ie.refresh_token,l.client_id,y);A.push(k)}A.length>0&&await Promise.all(A)}}catch(w){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(w)}const h=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[w,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,h):e.publishEvent(p.logout_from_same_tab,{});const g=ce(i,":oidc");if(g&&g.no_reload==="true")return;const _=un(i);if(a.endSessionEndpoint){"id_token_hint"in _||(_.id_token_hint=u),!("post_logout_redirect_uri"in _)&&r!==null&&(_.post_logout_redirect_uri=c);let w="";for(const[A,v]of Object.entries(_))v!=null&&(w===""?w+="?":w+="&",w+=`${A}=${encodeURIComponent(v)}`);o.open(`${a.endSessionEndpoint}${w}`)}else o.reload()},Pe=(e,n)=>async(...t)=>{var u;const[s,o,...r]=t,i=o?{...o}:{method:"GET"};let l=new Headers;i.headers&&(l=i.headers instanceof Headers?i.headers:new Headers(i.headers));const a=n;console.log("before",te);const d=await te(a);console.log("getValidToken",d);const f=(u=d==null?void 0:d.tokens)==null?void 0:u.accessToken;if(l.has("Accept")||l.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,s.toString(),i.method);l.set("Authorization",`PoP ${f}`),l.set("DPoP",h)}else l.set("Authorization",`Bearer ${f}`);i.credentials||(i.credentials="same-origin")}const c={...i,headers:l};return await e(s,c,...r)},dn=e=>async(n=!1)=>{if(console.log("oidc.userInfo",e.userInfo),e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,o=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,i=await(async()=>{const a=await Pe(fetch,e)(o);return a.status!==200?null:a.json()})();return e.userInfo=i,i};class q{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const hn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),yn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const r=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in r){const a=r[l];if(a.r.test(t)){o=a.s;break}}let i=s;switch(/Windows/.test(o)&&(i=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":i=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);l!=null&&l.length>2&&(i=l[1]+"."+l[2]+"."+(parseInt(l[3])|0));break}}return{os:o,osVersion:i}};function gn(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const kn=()=>{const{name:e,version:n}=gn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=yn(navigator);return!hn(t)},mn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(p.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await I(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const r=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,r.extras);const i=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.check_session_iframe,t.client_id,i),e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(p.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=P(e.configurationName,t.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){e.tokens=z(r,null,t.token_renew_mode);const i=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,i.extras);const l=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.check_session_iframe,t.client_id,l),e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(p.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ie=()=>fetch;class le{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const L={},pn=(e,n=new q)=>(t,s="default")=>(L[s]||(L[s]=new x(t,s,e,n)),L[s]),wn=async e=>{const{parsedTokens:n,callbackPath:t}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt),{callbackPath:t}},An=e=>Math.floor(Math.random()*e),G=class G{constructor(n,t="default",s,o=new q){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let r=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(r=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let i=n.refresh_time_before_tokens_expiration_in_second??120;i>60&&(i=i-Math.floor(Math.random()*40)),this.location=o??new q;const l=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:r,token_automatic_renew_mode:n.token_automatic_renew_mode??F.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:i,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:l,service_worker_activate:n.service_worker_activate??kn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ve},this.getFetch=s??Ie,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=An(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(L,n)&&t)throw Error(`OIDC library does seem initialized.
-Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return L[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=j(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=j(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new le({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const r=await I(this.configuration,this.configurationName)?window.localStorage:null;return await ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,r,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=mn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,t,s,o=!1){await on(this,L,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,r=!1){return this.loginPromise!==null?this.loginPromise:r?sn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):(this.loginPromise=cn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.then(i=>(this.loginPromise=null,i)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await ln(this)(n),o=s.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(G.eventNames.token_aquired,o),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.then(s=>(this.loginCallbackPromise=null,s))}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const r=this.configuration,i={ath:await Se(n),...o},l=await I(r,this.configurationName);let a;if(l)return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const d=P(this.configurationName,r.storage);let f=await d.getDemonstratingProofOfPossessionJwkAsync();return a=await d.getDemonstratingProofOfPossessionNonce(),a&&(i.nonce=a),await we(window)(r.demonstrating_proof_of_possession_configuration)(f,s,t,i)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=wn(this),this.loginCallbackWithAutoTokensRenewPromise.then(n=>(this.loginCallbackWithAutoTokensRenewPromise=null,n)))}userInfoAsync(n=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=dn(this)(n),this.userInfoPromise.then(t=>(this.userInfoPromise=null,t)))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return M.clearTimeout(this.timeoutId),this.renewTokensPromise=be(this,!0,n),this.renewTokensPromise.then(t=>(this.renewTokensPromise=null,t))}async destroyAsync(n){return await fn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(p.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(p.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=_n(this,L,this.getFetch(),console,this.location)(n,t),this.logoutPromise.then(s=>(this.logoutPromise=null,s)))}};G.getOrCreate=(n,t)=>(s,o="default")=>pn(n,t)(s,o),G.eventNames=p;let x=G;const K=class K{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new K(x.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,r=!1){return this._oidc.loginAsync(n,t,s,o,r)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){return te(this._oidc,n,t)}fetchWithTokens(n){return Pe(n,this)}async userInfoAsync(n=!1){return this._oidc.userInfoAsync(n)}};K.getOrCreate=(n,t=new q)=>(s,o="default")=>new K(x.getOrCreate(n,t)(s,o)),K.eventNames=x.eventNames;let ue=K;N.OidcClient=ue,N.OidcLocation=q,N.TokenRenewMode=X,N.getFetchDefault=Ie,N.getParseQueryStringFromLocation=j,N.getPath=rn,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});
+(function(N,Y){typeof exports=="object"&&typeof module<"u"?Y(exports):typeof define=="function"&&define.amd?define(["exports"],Y):(N=typeof globalThis<"u"?globalThis:N||self,Y(N["oidc-client"]={}))})(this,function(N){"use strict";const R=console;class Ce{constructor(n,t,s,o=2e3,r=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||2e3,this._stopOnError=r;const i=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substr(0,i),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(R.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(R.debug(n),R.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):R.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){R.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(R.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const p={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},P=(e,n=sessionStorage)=>{const t=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),s=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},r=async y=>{n[`oidc.session_state.${e}`]=y},i=async()=>n[`oidc.session_state.${e}`],l=y=>{n[`oidc.nonce.${e}`]=y.nonce},a=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async y=>{n[`oidc.dpop_nonce.${e}`]=y},u=()=>n[`oidc.dpop_nonce.${e}`],h=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:t,initAsync:s,setTokens:o,getTokens:h,setSessionStateAsync:r,getSessionStateAsync:i,setNonceAsync:l,getNonceAsync:f,setLoginParams:y=>{g[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(g[e]||(g[e]=JSON.parse(y)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:d}};var $=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))($||{});const Ne=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),xe=e=>JSON.parse(Ne(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&We(e,".")===2?xe(e.split(".")[1]):null}catch(n){console.warn(n)}return null},We=(e,n)=>e.split(n).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const z=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=ue(e.accessToken);let r;n!=null&&"idToken"in n&&!("idToken"in e)?r=n.idToken:r=e.idToken;const i=e.idTokenPayload?e.idTokenPayload:ue(r),l=i&&i.exp?i.exp:Number.MAX_VALUE,a=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=Le(e,s,i);let d;e.expiresAt?d=e.expiresAt:t===X.access_token_invalid?d=a:t===X.id_token_invalid?d=l:d=l<a?l:a;const f={...e,idTokenPayload:i,accessTokenPayload:s,expiresAt:d,idToken:r};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...f,refreshToken:c}}return f},ne=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),z(s,n,t)},V=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},fe=e=>e?V(0,e.expiresAt)>0:!1,_e=async(e,n=200,t=50)=>{let s=t;if(!e.tokens)return null;for(;!fe(e.tokens)&&s>0;){if(e.configuration.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await J({milliseconds:n});s=s-1}return{isTokensValid:fe(e.tokens),tokens:e.tokens,numberWaited:s-t}},de=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const r=60*60*24*7;if(s.iat&&s.iat+r<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+r} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},M=function(){const e=function(){let a,d;const f=(function(){const u={},h={setTimeout:function(m,_,w){u[_]=setTimeout(function(){m.postMessage(_),u[_]=null},w)},setInterval:function(m,_,w){u[_]=setInterval(function(){m.postMessage(_)},w)},clearTimeout:function(m,_){clearTimeout(u[_]),u[_]=null},clearInterval:function(m,_){clearInterval(u[_]),u[_]=null}};function g(m,_){const w=_.data[0],A=_.data[1],v=_.data[2];h[w]&&h[w](m,A,v)}this.onmessage=function(m){g(self,m)},this.onconnect=function(m){const _=m.ports[0];_.onmessage=function(w){g(_,w)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});d=URL.createObjectURL(u)}catch{return null}const c=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(d),a.port}catch{c&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(d),a}catch{c&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),t={},s={};e.onmessage=function(a){const d=a.data,f=t[d];if(f){f(),t[d]=null;return}const c=s[d];c&&c()};function o(a,d){const f=n();return e.postMessage(["setTimeout",f,d]),t[f]=a,f}function r(a){e.postMessage(["clearTimeout",a]),t[a]=null}function i(a,d){const f=n();return e.postMessage(["setInterval",f,d]),s[f]=a,f}function l(a){e.postMessage(["clearInterval",a]),s[a]=null}return{setTimeout:o,clearTimeout:r,setInterval:i,clearInterval:l}}(),he="7.20.1";let ye=null,Q;const J=({milliseconds:e})=>new Promise(n=>M.setTimeout(n,e)),ge=(e="/")=>{try{Q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Q.signal}).catch(s=>{console.log(s)}),J({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},De=()=>{Q&&Q.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,t)=>{t(),await n.update();const s=await n.unregister();console.log(`Service worker unregistering ${s}`),await J({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(t,s){const o=new MessageChannel;o.port1.onmessage=function(r){r.data&&r.data.error?s(r.data.error):t(r.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;let s=null;e.register?s=await e.service_worker_register(t):s=await navigator.serviceWorker.register(t);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(s)({type:"claim"})}catch{return null}const o=async k=>O(s)({type:"clear",data:{status:k},configurationName:n}),r=async(k,S,C)=>{const b=await O(s)({type:"init",data:{oidcServerConfiguration:k,where:S,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),F=b.version;return F!==he&&(console.warn(`Service worker ${F} version mismatch with js client version ${he}, unregistering and reloading`),await C.service_worker_update_require_callback(s,De)),{tokens:ne(b.tokens,null,C.token_renew_mode),status:b.status}},i=(k="/")=>{ye==null&&(ye="not_null",ge(k))},l=k=>O(s)({type:"setSessionState",data:{sessionState:k},configurationName:n}),a=async()=>(await O(s)({type:"getSessionState",data:null,configurationName:n})).sessionState,d=k=>(sessionStorage[`oidc.nonce.${n}`]=k.nonce,O(s)({type:"setNonce",data:{nonce:k},configurationName:n})),f=async()=>{let S=(await O(s)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}};let c={};return{clearAsync:o,initAsync:r,startKeepAliveServiceWorker:()=>i(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:l,getSessionStateAsync:a,setNonceAsync:d,getNonceAsync:f,setLoginParams:k=>{c[n]=k,localStorage[`oidc.login.${n}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${n}`];return c[n]||(c[n]=JSON.parse(k)),c[n]},getStateAsync:async()=>{let S=(await O(s)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async k=>(sessionStorage[`oidc.state.${n}`]=k,O(s)({type:"setState",data:{state:k},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await O(s)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${n}`]=k,O(s)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:n})),setDemonstratingProofOfPossessionNonce:async k=>{await O(s)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(s)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const S=JSON.stringify(k);await O(s)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await O(s)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}},K={},Ke=(e,n=window.sessionStorage,t)=>{if(!K[e]&&n){const o=n.getItem(e);o&&(K[e]=JSON.parse(o))}const s=1e3*t;return K[e]&&K[e].timestamp+s>Date.now()?K[e].result:null},Ue=(e,n,t=window.sessionStorage)=>{const s=Date.now();K[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function ke(e){return new TextEncoder().encode(e)}function me(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Fe(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const te=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),me(n)};function pe(e){return me(Fe(e))}const Ve={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var Me={sign:e=>async(n,t,s,o,r="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=r,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const i={protected:pe(JSON.stringify(t)),payload:pe(JSON.stringify(s))},l=o.importKeyAlgorithm,a=!0,d=["sign"],f=await e.crypto.subtle.importKey("jwk",n,l,a,d),c=ke(`${i.protected}.${i.payload}`),u=o.signAlgorithm,h=await e.crypto.subtle.sign(u,f,c);return i.signature=te(new Uint8Array(h)),`${i.protected}.${i.payload}.${i.signature}`}};const Je={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],r=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",r.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var Be={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,ke(s));return te(new Uint8Array(o))}};const He=e=>async n=>await Je.generate(e)(n),we=e=>n=>async(t,s="POST",o,r={})=>{const i={jti:btoa(je()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...r},l=await Be.thumbprint(e)(t,n.digestAlgorithm);return await Me.sign(e)(t,{kid:l},i,n)},je=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Ae=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%se.length;n.push(se[s])}return n.join("")},oe=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Ae();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*se.length|0;return qe(n)};function Ge(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function Se(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",Ge(e)).then(s=>n(te(new Uint8Array(s))),s=>t(s))})}const Ye=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Ae();return n?Se(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Xe=60*60,ze=e=>async(n,t=Xe,s=window.sessionStorage,o=1e4)=>{const r=`${n}/.well-known/openid-configuration`,i=`oidc.server:${n}`,l=Ke(i,s,t);if(l)return new ce(l);const a=await B(e)(r,{},o);if(a.status!==200)return null;const d=await a.json();return Ue(i,d,s),new ce(d)},B=e=>async(n,t={},s=1e4,o=0)=>{let r;try{const i=new AbortController;setTimeout(()=>i.abort(),s),r=await e(n,{...t,signal:i.signal})}catch(i){if(i.name==="AbortError"||i.message==="Network request failed"){if(o<=1)return await B(e)(n,t,s,o+1);throw i}else throw console.error(i.message),i}return r},re={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,t,s=re.refresh_token,o,r={},i=1e4)=>{const l={token:t,token_type_hint:s,client_id:o};for(const[c,u]of Object.entries(r))l[c]===void 0&&(l[c]=u);const a=[];for(const c in l){const u=encodeURIComponent(c),h=encodeURIComponent(l[c]);a.push(`${u}=${h}`)}const d=a.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:d},i)).status!==200?{success:!1}:{success:!0}},Qe=e=>async(n,t,s,o,r={},i,l=1e4)=>{for(const[h,g]of Object.entries(s))t[h]===void 0&&(t[h]=g);const a=[];for(const h in t){const g=encodeURIComponent(h),m=encodeURIComponent(t[h]);a.push(`${g}=${m}`)}const d=a.join("&"),f=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...r},body:d},l);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const c=await f.json();let u=null;return f.headers.has(Z)&&(u=f.headers.get(Z)),{success:!0,status:f.status,data:ne(c,o,i),demonstratingProofOfPossessionNonce:u}},Ze=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=oe(128),r=await Ye(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=r,s.code_challenge_method="S256";let i="";if(s)for(const[l,a]of Object.entries(s))i===""?i+="?":i+="&",i+=`${l}=${encodeURIComponent(a)}`;n.open(`${t}${i}`)},Z="DPoP-Nonce",en=e=>async(n,t,s,o,r=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const i=[];for(const c in t){const u=encodeURIComponent(c),h=encodeURIComponent(t[c]);i.push(`${u}=${h}`)}const l=i.join("&"),a=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:l},r);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let d=null;a.headers.has(Z)&&(d=a.headers.get(Z));const f=await a.json();return{success:!0,data:{state:t.state,tokens:ne(f,null,o),demonstratingProofOfPossessionNonce:d}}};async function Te(e,n,t){const s=l=>{e.tokens=l},{tokens:o,status:r}=await ee(e)(0,n,t,s);return await I(e.configuration,e.configurationName)||await P(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(r),null)}const nn=async(e,n)=>{const t=await I(n,e.configurationName);if(t){const s=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await t.initAsync(s,"tryKeepExistingSessionAsync",n);return o}else{const s=P(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await s.initAsync();return o=z(o,e.tokens,n.token_renew_mode),o}};async function be(e,n=!1,t=null){const s=e.configuration,o=`${s.client_id}_${e.configurationName}_${s.authority}`;let r;const i=await I(e.configuration,e.configurationName);return(s==null?void 0:s.storage)===(window==null?void 0:window.sessionStorage)&&!i?r=await Te(e,n,t):r=await navigator.locks.request(o,{ifAvailable:!0},async l=>l?await Te(e,n,t):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await nn(e,s))),r?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,t)),e.tokens):null}const H=(e,n,t=null)=>{const s=e.configuration.refresh_time_before_tokens_expiration_in_second;return M.setTimeout(async()=>{const r={timeLeft:V(s,n)};e.publishEvent(x.eventNames.token_timer,r),await be(e,!1,t)},1e3)},W={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},tn=e=>async(n,t,s,o=!1)=>{const r={nonce:null};if(!s)return{tokens:null,status:"NOT_CONNECTED",nonce:r};let i=r;const l=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,t);if(a){const{status:c,tokens:u}=await a.initAsync(l,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(!c||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:r};if(u.issuedAt!==s.issuedAt){const g=V(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",m=await a.getNonceAsync();return{tokens:u,status:g,nonce:m}}i=await a.getNonceAsync()}else{const c=P(t,n.storage??sessionStorage);let{tokens:u,status:h}=await c.initAsync();if(u&&(u=z(u,e.tokens,n.token_renew_mode)),u){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(u.issuedAt!==s.issuedAt){const m=V(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await c.getNonceAsync();return{tokens:u,status:m,nonce:_}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};i=await c.getNonceAsync()}const f=V(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:i}:{tokens:s,status:f,nonce:i}},ee=e=>async(n=0,t=!1,s=null,o)=>{for(;!navigator.onLine&&document.hidden;)await J({milliseconds:1e3}),e.publishEvent(p.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await J({milliseconds:1e3}),r--,e.publishEvent(p.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const i=document.hidden,l=n+1;s||(s={});const a=e.configuration,d=(c,u=null,h=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(c,u,h),f=async()=>{try{let c;const u=await I(a,e.configurationName);u?c=u.getLoginParams():c=P(e.configurationName,a.storage).getLoginParams();const h=await d({...c.extras,...s,prompt:"none"});return h?h.error?(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(h.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:h.tokens,status:"LOGGED"}):(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(c){return console.error(c),e.publishEvent(p.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:c.message}),await ee(e)(l,t,s,o)}};if(n>4)return i?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:c,tokens:u,nonce:h}=await tn(e)(a,e.configurationName,e.tokens,t);switch(c){case W.SESSION_LOST:return o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case W.NOT_CONNECTED:return o(null),{tokens:null,status:null};case W.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case W.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case W.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(p.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case W.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==c?(e.publishEvent(p.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(p.refreshTokensAsync_begin,{tryNumber:n}),await f());default:{if(a.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==c)return e.publishEvent(p.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(p.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:c,tryNumber:n}),!u.refreshToken)return await f();const g=a.client_id,m=a.redirect_uri,_=a.authority,A={...a.token_request_extras?a.token_request_extras:{}};for(const[T,y]of Object.entries(s))T.endsWith(":token_request")&&(A[T.replace(":token_request","")]=y);return await(async()=>{const T={client_id:g,redirect_uri:m,grant_type:"refresh_token",refresh_token:u.refreshToken},y=await e.initAsync(_,a.authority_configuration),k=document.hidden?1e4:3e4*10,S=y.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,S,"POST"));const b=await Qe(e.getFetch())(S,T,A,u,C,a.token_renew_mode,k);if(b.success){const{isValid:F,reason:E}=de(b.data,h.nonce,y);if(!F)return o(null),e.publishEvent(p.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${E}`}),{tokens:null,status:"SESSION_LOST"};if(o(b.data),b.demonstratingProofOfPossessionNonce){const D=await I(a,e.configurationName);D?await D.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await P(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(p.refreshTokensAsync_end,{success:b.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(p.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await ee(e)(l,t,s,o)})()}}}catch(c){return console.error(c),e.publishEvent(p.refreshTokensAsync_silent_error,{message:"exception",exception:c.message}),ee(e)(l,t,s,o)}},ie=(e,n,t)=>(s=null,o=null,r=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(p.silentLoginAsync_begin,{});let i="";if(o&&(s==null&&(s={}),s.state=o),r&&(s==null&&(s={}),s.scope=r),s!=null)for(const[c,u]of Object.entries(s))i===""?i=`?${encodeURIComponent(c)}=${encodeURIComponent(u)}`:i+=`&${encodeURIComponent(c)}=${encodeURIComponent(u)}`;const l=n.silent_login_uri+i,a=l.indexOf("/",l.indexOf("//")+2),d=l.substring(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",l),document.body.appendChild(f),new Promise((c,u)=>{let h=!1;const g=()=>{window.removeEventListener("message",m),f.remove(),h=!0},m=_=>{if(_.origin===d&&_.source===f.contentWindow){const w=`${e}_oidc_tokens:`,A=`${e}_oidc_error:`,v=`${e}_oidc_exception:`,T=_.data;if(T&&typeof T=="string"&&!h){if(T.startsWith(w)){const y=JSON.parse(_.data.replace(w,""));t(p.silentLoginAsync_end,{}),c(y),g()}else if(T.startsWith(A)){const y=JSON.parse(_.data.replace(A,""));t(p.silentLoginAsync_error,y),c({error:"oidc_"+y.error,tokens:null,sessionState:null}),g()}else if(T.startsWith(v)){const y=JSON.parse(_.data.replace(v,""));t(p.silentLoginAsync_error,y),u(new Error(y.error)),g()}}}};try{window.addEventListener("message",m);const _=n.silent_login_timeout;setTimeout(()=>{h||(g(),t(p.silentLoginAsync_error,{reason:"timeout"}),u(new Error("timeout")))},_)}catch(_){g(),t(p.silentLoginAsync_error,_),u(_)}})}catch(i){throw t(p.silentLoginAsync_error,i),i}},sn=(e,n,t,s,o)=>(r=null,i=void 0)=>{r={...r};const l=(d,f,c)=>ie(n,t,s.bind(o))(d,f,c);return(async()=>{o.timeoutId&&M.clearTimeout(o.timeoutId);let d;r&&"state"in r&&(d=r.state,delete r.state);try{const f=t.extras?{...t.extras,...r}:r,c=await l({...f,prompt:"none"},d,i);if(c)return o.tokens=c.tokens,s(p.token_aquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,r),{}}catch(f){return f}})()},on=(e,n,t)=>(s,o,r,i=!1)=>{const l=(a,d=void 0,f=void 0)=>ie(e.configurationName,t,e.publishEvent.bind(e))(a,d,f);return new Promise((a,d)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&r&&!i){const f=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const u=c.idToken,h=c.idTokenPayload;return l({prompt:"none",id_token_hint:u,scope:t.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const m=g.tokens.idTokenPayload;if(h.sub===m.sub){const _=g.sessionState;e.checkSessionIFrame.start(g.sessionState),h.sid===m.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",_):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",_)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",m.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[m,_]of Object.entries(n))await _.logoutOtherTabAsync(t.client_id,h.sub)})};e.checkSessionIFrame=new Ce(f,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(r),a(e.checkSessionIFrame)}).catch(c=>{d(c)})}else a(null)})},Ee=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},rn=e=>{const n=Ee(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},j=e=>{const n=Ee(e),{search:t}=n;return an(t)},an=e=>{const n={};let t,s,o;const r=e.split("&");for(s=0,o=r.length;s<o;s++)t=r[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},cn=(e,n,t,s,o)=>(r=void 0,i=null,l=!1,a=void 0)=>{const d=i;return i={...i},(async()=>{const c=r||o.getPath();if("state"in i||(i.state=oe(16)),t(p.loginAsync_begin,{}),i)for(const u of Object.keys(i))u.endsWith(":token_request")&&delete i[u];try{const u=l?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const h=n.extras?{...n.extras,...i}:i;h.nonce||(h.nonce=oe(12));const g={nonce:h.nonce},m=await I(n,e),_=await s(n.authority,n.authority_configuration);let w;if(m)m.setLoginParams({callbackPath:c,extras:d}),await m.initAsync(_,"loginAsync",n),await m.setNonceAsync(g),m.startKeepAliveServiceWorker(),w=m;else{const v=P(e,n.storage??sessionStorage);v.setLoginParams({callbackPath:c,extras:d}),await v.setNonceAsync(g),w=v}const A={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",...h};await Ze(w,o)(_.authorizationEndpoint,A)}catch(u){throw t(p.loginAsync_error,u),u}})()},ln=e=>async(n=!1)=>{try{e.publishEvent(p.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,r=t.authority,i=t.token_request_timeout,l=await e.initAsync(r,t.authority_configuration),a=e.location.getCurrentHref(),f=j(a).session_state,c=await I(t,e.configurationName);let u,h,g,m;if(c)await c.initAsync(l,"loginCallbackAsync",t),await c.setSessionStateAsync(f),h=await c.getNonceAsync(),g=c.getLoginParams(),m=await c.getStateAsync(),c.startKeepAliveServiceWorker(),u=c;else{const E=P(e.configurationName,t.storage??sessionStorage);await E.setSessionStateAsync(f),h=await E.getNonceAsync(),g=E.getLoginParams(),m=await E.getStateAsync(),u=E}const _=j(a);if(_.error||_.error_description)throw new Error(`Error from OIDC server: ${_.error} - ${_.error_description}`);if(_.iss&&_.iss!==l.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${l.issuer}, received: ${_.iss})`);if(_.state&&_.state!==m)throw new Error(`State not valid (expected: ${m}, received: ${_.state})`);const w={code:_.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},A={};if(t.token_request_extras)for(const[E,D]of Object.entries(t.token_request_extras))A[E]=D;if(g&&g.extras)for(const[E,D]of Object.entries(g.extras))E.endsWith(":token_request")&&(A[E.replace(":token_request","")]=D);const v=l.tokenEndpoint,T={};if(t.demonstrating_proof_of_possession)if(c)T.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const E=await He(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await P(e.configurationName,t.storage).setDemonstratingProofOfPossessionJwkAsync(E),T.DPoP=await we(window)(t.demonstrating_proof_of_possession_configuration)(E,"POST",v)}const y=await en(u)(v,{...w,...A},T,e.configuration.token_renew_mode,i);if(!y.success)throw new Error("Token request failed");let k;const S=y.data.tokens,C=y.data.demonstratingProofOfPossessionNonce;if(y.data.state!==A.state)throw new Error("state is not valid");const{isValid:b,reason:F}=de(S,h.nonce,l);if(!b)throw new Error(`Tokens are not OpenID valid, reason: ${F}`);if(c){if(S.refreshToken&&!S.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&S.accessToken&&S.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(l,"syncTokensAsync",t),k=c.getLoginParams(),C&&await c.setDemonstratingProofOfPossessionNonce(C);else{const E=P(e.configurationName,t.storage);k=E.getLoginParams(),C&&await E.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(l.checkSessionIframe,s,f,n),e.publishEvent(p.loginCallbackAsync_end,{}),{tokens:S,state:"request.state",callbackPath:k.callbackPath}}catch(t){throw console.error(t),e.publishEvent(p.loginCallbackAsync_error,t),t}},Oe={access_token:"access_token",refresh_token:"refresh_token"},ae=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const r=s.replace(n,"");t[r]=o}return t}return t},un=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},fn=e=>async n=>{M.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await I(e.configuration,e.configurationName);t?await t.clearAsync(n):await P(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},_n=(e,n,t,s,o)=>async(r=void 0,i=null)=>{const l=e.configuration,a=await e.initAsync(l.authority,l.authority_configuration);r&&typeof r!="string"&&(r=void 0,s.warn("callbackPathOrUrl path is not a string"));const d=r??o.getPath();let f=!1;r&&(f=r.includes("https://")||r.includes("http://"));const c=f?r:o.getOrigin()+d,u=e.tokens?e.tokens.idToken:"";try{const w=a.revocationEndpoint;if(w){const A=[],v=e.tokens?e.tokens.accessToken:null;if(v&&l.logout_tokens_to_invalidate.includes(Oe.access_token)){const y=ae(i,":revoke_access_token"),k=ve(t)(w,v,re.access_token,l.client_id,y);A.push(k)}const T=e.tokens?e.tokens.refreshToken:null;if(T&&l.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const y=ae(i,":revoke_refresh_token"),k=ve(t)(w,T,re.refresh_token,l.client_id,y);A.push(k)}A.length>0&&await Promise.all(A)}}catch(w){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(w)}const h=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[w,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,h):e.publishEvent(p.logout_from_same_tab,{});const g=ae(i,":oidc");if(g&&g.no_reload==="true")return;const _=un(i);if(a.endSessionEndpoint){"id_token_hint"in _||(_.id_token_hint=u),!("post_logout_redirect_uri"in _)&&r!==null&&(_.post_logout_redirect_uri=c);let w="";for(const[A,v]of Object.entries(_))v!=null&&(w===""?w+="?":w+="&",w+=`${A}=${encodeURIComponent(v)}`);o.open(`${a.endSessionEndpoint}${w}`)}else o.reload()},Pe=(e,n)=>async(...t)=>{var u;const[s,o,...r]=t,i=o?{...o}:{method:"GET"};let l=new Headers;i.headers&&(l=i.headers instanceof Headers?i.headers:new Headers(i.headers));const a=n,d=await _e(a),f=(u=d==null?void 0:d.tokens)==null?void 0:u.accessToken;if(l.has("Accept")||l.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,s.toString(),i.method);l.set("Authorization",`PoP ${f}`),l.set("DPoP",h)}else l.set("Authorization",`Bearer ${f}`);i.credentials||(i.credentials="same-origin")}const c={...i,headers:l};return await e(s,c,...r)},dn=e=>async(n=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,o=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,i=await(async()=>{const a=await Pe(fetch,e)(o);return a.status!==200?null:a.json()})();return e.userInfo=i,i};class q{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const hn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),yn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const r=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in r){const a=r[l];if(a.r.test(t)){o=a.s;break}}let i=s;switch(/Windows/.test(o)&&(i=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":i=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);l!=null&&l.length>2&&(i=l[1]+"."+l[2]+"."+(parseInt(l[3])|0));break}}return{os:o,osVersion:i}};function gn(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const kn=()=>{const{name:e,version:n}=gn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=yn(navigator);return!hn(t)},mn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(p.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await I(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const r=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,r.extras);const i=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.check_session_iframe,t.client_id,i),e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(p.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=P(e.configurationName,t.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){e.tokens=z(r,null,t.token_renew_mode);const i=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,i.extras);const l=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.check_session_iframe,t.client_id,l),e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(p.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ie=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const L={},pn=(e,n=new q)=>(t,s="default")=>(L[s]||(L[s]=new x(t,s,e,n)),L[s]),wn=async e=>{const{parsedTokens:n,callbackPath:t}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt),{callbackPath:t}},An=e=>Math.floor(Math.random()*e),G=class G{constructor(n,t="default",s,o=new q){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let r=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(r=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let i=n.refresh_time_before_tokens_expiration_in_second??120;i>60&&(i=i-Math.floor(Math.random()*40)),this.location=o??new q;const l=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:r,token_automatic_renew_mode:n.token_automatic_renew_mode??$.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:i,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:l,service_worker_activate:n.service_worker_activate??kn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ve},this.getFetch=s??Ie,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=An(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(L,n)&&t)throw Error(`OIDC library does seem initialized.
+Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return L[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=j(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=j(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new ce({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const r=await I(this.configuration,this.configurationName)?window.localStorage:null;return await ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,r,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=mn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,t,s,o=!1){await on(this,L,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,r=!1){return this.loginPromise!==null?this.loginPromise:r?sn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):(this.loginPromise=cn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.then(i=>(this.loginPromise=null,i)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await ln(this)(n),o=s.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(G.eventNames.token_aquired,o),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.then(s=>(this.loginCallbackPromise=null,s))}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const r=this.configuration,i={ath:await Se(n),...o},l=await I(r,this.configurationName);let a;if(l)return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const d=P(this.configurationName,r.storage);let f=await d.getDemonstratingProofOfPossessionJwkAsync();return a=await d.getDemonstratingProofOfPossessionNonce(),a&&(i.nonce=a),await we(window)(r.demonstrating_proof_of_possession_configuration)(f,s,t,i)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=wn(this),this.loginCallbackWithAutoTokensRenewPromise.then(n=>(this.loginCallbackWithAutoTokensRenewPromise=null,n)))}userInfoAsync(n=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=dn(this)(n),this.userInfoPromise.then(t=>(this.userInfoPromise=null,t)))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return M.clearTimeout(this.timeoutId),this.renewTokensPromise=be(this,!0,n),this.renewTokensPromise.then(t=>(this.renewTokensPromise=null,t))}async destroyAsync(n){return await fn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(p.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(p.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=_n(this,L,this.getFetch(),console,this.location)(n,t),this.logoutPromise.then(s=>(this.logoutPromise=null,s)))}};G.getOrCreate=(n,t)=>(s,o="default")=>pn(n,t)(s,o),G.eventNames=p;let x=G;const U=class U{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new U(x.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,r=!1){return this._oidc.loginAsync(n,t,s,o,r)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){return _e(this._oidc,n,t)}fetchWithTokens(n){return Pe(n,this)}async userInfoAsync(n=!1){return this._oidc.userInfoAsync(n)}};U.getOrCreate=(n,t=new q)=>(s,o="default")=>new U(x.getOrCreate(n,t)(s,o)),U.eventNames=x.eventNames;let le=U;N.OidcClient=le,N.OidcLocation=q,N.TokenAutomaticRenewMode=$,N.TokenRenewMode=X,N.getFetchDefault=Ie,N.getParseQueryStringFromLocation=j,N.getPath=rn,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});

package/dist/oidc.d.ts

@@ -69,7 +69,7 @@ export declare class Oidc {
         syncTokensAsync_lock_not_available: string;
         syncTokensAsync_end: string;
         syncTokensAsync_error: string;
-        tokensInvalidButWaitingActionsToRefresh: string;
+        tokensInvalidAndWaitingActionsToRefresh: string;
     };
     _silentLoginCallbackFromIFrame(): void;
     _silentLoginErrorCallbackFromIFrame(exception?: any): void;

package/dist/oidcClient.d.ts

@@ -41,7 +41,7 @@ export declare class OidcClient {
         syncTokensAsync_lock_not_available: string;
         syncTokensAsync_end: string;
         syncTokensAsync_error: string;
-        tokensInvalidButWaitingActionsToRefresh: string;
+        tokensInvalidAndWaitingActionsToRefresh: string;
     };
     tryKeepExistingSessionAsync(): Promise<boolean>;
     loginAsync(callbackPath?: string, extras?: StringMap, isSilentSignin?: boolean, scope?: string, silentLoginOnly?: boolean): Promise<unknown>;

package/dist/parseTokens.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"parseTokens.d.ts","sourceRoot":"","sources":["../src/parseTokens.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,SAAS,EAAE,uBAAuB,EAAC,MAAM,SAAS,CAAC;AAI9E,eAAO,MAAM,QAAQ,YAAY,MAAM,QAAsF,CAAC;AAsB9H,MAAM,MAAM,MAAM,GAAG;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAC,GAAG,CAAC;IACnB,OAAO,EAAC,MAAM,CAAC;IACf,kBAAkB,EAAC,GAAG,CAAC;IACvB,WAAW,EAAC,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC7B,gCAAgC,EAAE,MAAM,CAAC;IACzC,oBAAoB,EAAC,MAAM,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;CAC5B,CAAA;AAED,eAAO,MAAM,cAAc;;;;CAI1B,CAAC;AAkBF,eAAO,MAAM,SAAS,gDAA8C,MAAM,KAAE,MAmD3E,CAAC;AAEF,eAAO,MAAM,mBAAmB,gDAAuC,MAAM,WAkC5E,CAAC;AAEF,eAAO,MAAM,eAAe,4EAM3B,CAAC;AAEF,eAAO,MAAM,aAAa,0BAKzB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACrB,aAAa,EAAE,OAAO,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;CACxB,CAAA;AAED,MAAM,WAAW,SAAS;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE;QAAG,0BAA0B,CAAC,EAAE,uBAAuB,CAAC;KAAE,CAAC;IAC1E,gBAAgB,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1D;AAED,eAAO,MAAM,kBAAkB,SAAgB,SAAS,2CAAkC,QAAQ,UAAU,CAmB3G,CAAC;AAIF,eAAO,MAAM,iBAAiB;;;CA2B7B,CAAC"}
+{"version":3,"file":"parseTokens.d.ts","sourceRoot":"","sources":["../src/parseTokens.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,SAAS,EAAE,uBAAuB,EAAC,MAAM,SAAS,CAAC;AAI9E,eAAO,MAAM,QAAQ,YAAY,MAAM,QAAsF,CAAC;AAsB9H,MAAM,MAAM,MAAM,GAAG;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAC,GAAG,CAAC;IACnB,OAAO,EAAC,MAAM,CAAC;IACf,kBAAkB,EAAC,GAAG,CAAC;IACvB,WAAW,EAAC,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC7B,gCAAgC,EAAE,MAAM,CAAC;IACzC,oBAAoB,EAAC,MAAM,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;CAC5B,CAAA;AAED,eAAO,MAAM,cAAc;;;;CAI1B,CAAC;AAkBF,eAAO,MAAM,SAAS,gDAA8C,MAAM,KAAE,MAmD3E,CAAC;AAEF,eAAO,MAAM,mBAAmB,gDAAuC,MAAM,WAkC5E,CAAC;AAEF,eAAO,MAAM,eAAe,4EAM3B,CAAC;AAEF,eAAO,MAAM,aAAa,0BAKzB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACrB,aAAa,EAAE,OAAO,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;CACxB,CAAA;AAED,MAAM,WAAW,SAAS;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE;QAAG,0BAA0B,CAAC,EAAE,uBAAuB,CAAC;KAAE,CAAC;IAC1E,gBAAgB,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1D;AAED,eAAO,MAAM,kBAAkB,SAAgB,SAAS,2CAAkC,QAAQ,UAAU,CAoB3G,CAAC;AAIF,eAAO,MAAM,iBAAiB;;;CA2B7B,CAAC"}

package/dist/user.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../src/user.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAG1B,eAAO,MAAM,aAAa,SAAS,IAAI,wCAmBtC,CAAC"}
+{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../src/user.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAG1B,eAAO,MAAM,aAAa,SAAS,IAAI,wCAkBtC,CAAC"}

package/dist/version.d.ts

@@ -1,3 +1,3 @@
-declare const _default: "7.20.1-beta.1399";
+declare const _default: "7.20.1";
 export default _default;
 //# sourceMappingURL=version.d.ts.map

package/dist/version.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":";AAAA,wBAAkC"}
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":";AAAA,wBAAwB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axa-fr/oidc-client",
-  "version": "7.20.1-beta.1399",
+  "version": "7.20.1",
   "private": false,
   "type": "module",
   "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
     "url": "https://github.com/AxaFrance/oidc-client.git"
   },
   "dependencies": {
-    "@axa-fr/oidc-client-service-worker": "7.20.1-beta.1399"
+    "@axa-fr/oidc-client-service-worker": "7.20.1"
   },
   "devDependencies": {
     "@testing-library/dom": "9.3.4",

package/src/events.ts

@@ -26,5 +26,5 @@ export const eventNames = {
     syncTokensAsync_lock_not_available: 'syncTokensAsync_lock_not_available',
     syncTokensAsync_end: 'syncTokensAsync_end',
     syncTokensAsync_error: 'syncTokensAsync_error',
-    tokensInvalidButWaitingActionsToRefresh: 'tokensInvalidButWaitingActionsToRefresh',
+    tokensInvalidAndWaitingActionsToRefresh: 'tokensInvalidAndWaitingActionsToRefresh',
 };

package/src/fetch.ts

@@ -15,11 +15,8 @@ export const fetchWithTokens = (fetch: Fetch, oidcClient: Oidc | null) : Fetch =
     const oidc = oidcClient;
 
     // @ts-ignore
-    console.log('before', getValidTokenAsync);
     const getValidToken = await getValidTokenAsync(oidc);
-    console.log('getValidToken', getValidToken);
     const accessToken = getValidToken?.tokens?.accessToken;
-
     if (!headers.has('Accept')) {
         headers.set('Accept', 'application/json');
     }

package/src/index.ts

@@ -1,3 +1,5 @@
+import {ILOidcLocation} from "./location";
+
 export { getFetchDefault } from './oidc.js';
 export { TokenRenewMode } from './parseTokens.js';
 export { getParseQueryStringFromLocation, getPath } from './route-utils';
@@ -5,8 +7,10 @@ export type {
   AuthorityConfiguration,
   Fetch,
   OidcConfiguration,
-  StringMap,
-  TokenAutomaticRenewMode
+  StringMap
 } from './types.js';
-export { type ILOidcLocation, OidcLocation } from './location.js';
+
+export { OidcLocation } from './location.js';
+export type { ILOidcLocation } from './location.js';
+export { TokenAutomaticRenewMode } from './types.js';
 export { type OidcUserInfo, OidcClient } from './oidcClient.js';

package/src/parseTokens.ts

@@ -185,8 +185,9 @@ export const getValidTokenAsync = async (oidc: OidcToken, waitMs = 200, numberWa
         return null;
     }
     while (!isTokensValid(oidc.tokens) && numberWaitTemp > 0) {
-        if(oidc.configuration.token_automatic_renew_mode == TokenAutomaticRenewMode.AutomaticOnlyWhenFetchExecuted ){
+        if(oidc.configuration.token_automatic_renew_mode == TokenAutomaticRenewMode.AutomaticOnlyWhenFetchExecuted){
             await oidc.renewTokensAsync({});
+            break;
         } else {
             await sleepAsync({milliseconds: waitMs});
         }

package/src/renewTokens.ts

@@ -241,7 +241,7 @@ const synchroniseTokensAsync = (oidc:Oidc) => async (index = 0, forceRefresh = f
             case synchroniseTokensStatus.REQUIRE_SYNC_TOKENS:
 
                 if(configuration.token_automatic_renew_mode == TokenAutomaticRenewMode.AutomaticOnlyWhenFetchExecuted && synchroniseTokensStatus.FORCE_REFRESH !== status ){
-                    oidc.publishEvent(eventNames.tokensInvalidButWaitingActionsToRefresh, {});
+                    oidc.publishEvent(eventNames.tokensInvalidAndWaitingActionsToRefresh, {});
                     return { tokens: oidc.tokens, status: 'GIVE_UP' };
                 }
                 
@@ -250,7 +250,7 @@ const synchroniseTokensAsync = (oidc:Oidc) => async (index = 0, forceRefresh = f
             default: {
                 
                 if(configuration.token_automatic_renew_mode == TokenAutomaticRenewMode.AutomaticOnlyWhenFetchExecuted && synchroniseTokensStatus.FORCE_REFRESH !== status ){
-                    oidc.publishEvent(eventNames.tokensInvalidButWaitingActionsToRefresh, {});
+                    oidc.publishEvent(eventNames.tokensInvalidAndWaitingActionsToRefresh, {});
                     return { tokens: oidc.tokens, status: 'GIVE_UP' };
                 }
                 

package/src/user.ts

@@ -2,7 +2,6 @@ import Oidc from "./oidc";
 import {fetchWithTokens} from "./fetch";
 
 export const userInfoAsync = (oidc:Oidc) => async (noCache = false) => {
-    console.log("oidc.userInfo", oidc.userInfo);
     if (oidc.userInfo != null && !noCache) {
         return oidc.userInfo;
     }

package/src/version.ts

@@ -1 +1 @@
-export default '7.20.1-beta.1399';
+export default '7.20.1';