@axa-fr/oidc-client 7.21.0 → 7.22.0-alpha.1416
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -3
- package/dist/fetch.d.ts +1 -1
- package/dist/fetch.d.ts.map +1 -1
- package/dist/index.js +117 -117
- package/dist/index.umd.cjs +2 -2
- package/dist/oidc.d.ts +1 -1
- package/dist/oidc.d.ts.map +1 -1
- package/dist/oidcClient.d.ts +2 -2
- package/dist/oidcClient.d.ts.map +1 -1
- package/dist/user.d.ts +1 -1
- package/dist/user.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/fetch.ts +2 -2
- package/src/oidc.ts +2 -2
- package/src/oidcClient.ts +3 -3
- package/src/user.ts +2 -2
- package/src/version.ts +1 -1
package/README.md
CHANGED
|
@@ -102,7 +102,8 @@ trustedDomains.config_show_access_token = {
|
|
|
102
102
|
// DPoP (Demonstrating Proof of Possession) will be activated for the following domains
|
|
103
103
|
trustedDomains.config_with_dpop = {
|
|
104
104
|
domains: ["https://demo.duendesoftware.com"],
|
|
105
|
-
demonstratingProofOfPossession: true
|
|
105
|
+
demonstratingProofOfPossession: true,
|
|
106
|
+
demonstratingProofOfPossessionOnlyWhenDpopHeaderPresent: true, // default value is false, inject DPOP token only when DPOP header is present
|
|
106
107
|
// Optional, more details bellow
|
|
107
108
|
/*demonstratingProofOfPossessionConfiguration: {
|
|
108
109
|
importKeyAlgorithm: {
|
|
@@ -386,16 +387,18 @@ export class OidcClient {
|
|
|
386
387
|
/**
|
|
387
388
|
* Retrieves a new fetch function that inject bearer tokens (also DPOP tokens).
|
|
388
389
|
* @param fetch The current fetch function to use
|
|
390
|
+
* @param demonstrating_proof_of_possession Indicates whether the demonstration of proof of possession should be used.
|
|
389
391
|
* @returns Fetch A new fectch function that inject bearer tokens (also DPOP tokens).
|
|
390
392
|
*/
|
|
391
|
-
fetchWithTokens(fetch: Fetch): Fetch;
|
|
393
|
+
fetchWithTokens(fetch: Fetch, demonstrating_proof_of_possession=false): Fetch;
|
|
392
394
|
|
|
393
395
|
/**
|
|
394
396
|
* Retrieves OIDC user information.
|
|
395
397
|
* @param noCache Indicates whether user information should be retrieved bypassing the cache.
|
|
398
|
+
* @param demonstrating_proof_of_possession Indicates whether the demonstration of proof of possession should be used.
|
|
396
399
|
* @returns A promise resolved with the user information, or rejected with an error.
|
|
397
400
|
*/
|
|
398
|
-
async userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache = false): Promise<T>;
|
|
401
|
+
async userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache = false, demonstrating_proof_of_possession=false): Promise<T>;
|
|
399
402
|
|
|
400
403
|
/**
|
|
401
404
|
* Generate Demonstration of proof of possession.
|
package/dist/fetch.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import { Fetch } from "./types";
|
|
2
|
-
export declare const fetchWithTokens: (fetch: Fetch, oidcClient: Oidc | null) => Fetch;
|
|
2
|
+
export declare const fetchWithTokens: (fetch: Fetch, oidcClient: Oidc | null, demonstrating_proof_of_possession?: boolean) => Fetch;
|
|
3
3
|
//# sourceMappingURL=fetch.d.ts.map
|
package/dist/fetch.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,KAAK,EAAC,MAAM,SAAS,CAAC;AAK9B,eAAO,MAAM,eAAe,UAAW,KAAK,cAAc,IAAI,GAAG,IAAI,
|
|
1
|
+
{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,KAAK,EAAC,MAAM,SAAS,CAAC;AAK9B,eAAO,MAAM,eAAe,UAAW,KAAK,cAAc,IAAI,GAAG,IAAI,sCAAoC,OAAO,KAAU,KA+BzH,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -69,7 +69,7 @@ const p = {
|
|
|
69
69
|
n[`oidc.nonce.${e}`] = y.nonce;
|
|
70
70
|
}, a = (y) => {
|
|
71
71
|
n[`oidc.jwk.${e}`] = JSON.stringify(y);
|
|
72
|
-
},
|
|
72
|
+
}, f = () => JSON.parse(n[`oidc.jwk.${e}`]), _ = async () => ({ nonce: n[`oidc.nonce.${e}`] }), c = async (y) => {
|
|
73
73
|
n[`oidc.dpop_nonce.${e}`] = y;
|
|
74
74
|
}, u = () => n[`oidc.dpop_nonce.${e}`], h = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null;
|
|
75
75
|
let g = {};
|
|
@@ -100,7 +100,7 @@ const p = {
|
|
|
100
100
|
setDemonstratingProofOfPossessionNonce: c,
|
|
101
101
|
getDemonstratingProofOfPossessionNonce: u,
|
|
102
102
|
setDemonstratingProofOfPossessionJwkAsync: a,
|
|
103
|
-
getDemonstratingProofOfPossessionJwkAsync:
|
|
103
|
+
getDemonstratingProofOfPossessionJwkAsync: f
|
|
104
104
|
};
|
|
105
105
|
};
|
|
106
106
|
var V = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(V || {});
|
|
@@ -134,9 +134,9 @@ const z = (e, n = null, t) => {
|
|
|
134
134
|
n != null && "idToken" in n && !("idToken" in e) ? r = n.idToken : r = e.idToken;
|
|
135
135
|
const i = e.idTokenPayload ? e.idTokenPayload : ae(r), l = i && i.exp ? i.exp : Number.MAX_VALUE, a = s && s.exp ? s.exp : e.issuedAt + o;
|
|
136
136
|
e.issuedAt = Ne(e, s, i);
|
|
137
|
-
let
|
|
138
|
-
e.expiresAt ?
|
|
139
|
-
const _ = { ...e, idTokenPayload: i, accessTokenPayload: s, expiresAt:
|
|
137
|
+
let f;
|
|
138
|
+
e.expiresAt ? f = e.expiresAt : t === Z.access_token_invalid ? f = a : t === Z.id_token_invalid ? f = l : f = l < a ? l : a;
|
|
139
|
+
const _ = { ...e, idTokenPayload: i, accessTokenPayload: s, expiresAt: f, idToken: r };
|
|
140
140
|
if (n != null && "refreshToken" in n && !("refreshToken" in e)) {
|
|
141
141
|
const c = n.refreshToken;
|
|
142
142
|
return { ..._, refreshToken: c };
|
|
@@ -195,55 +195,55 @@ const z = (e, n = null, t) => {
|
|
|
195
195
|
return { isValid: !0, reason: "" };
|
|
196
196
|
}, B = function() {
|
|
197
197
|
const e = function() {
|
|
198
|
-
let a,
|
|
198
|
+
let a, f;
|
|
199
199
|
const _ = (function() {
|
|
200
200
|
const u = {}, h = {
|
|
201
|
-
setTimeout: function(m,
|
|
202
|
-
u[
|
|
203
|
-
m.postMessage(
|
|
201
|
+
setTimeout: function(m, d, w) {
|
|
202
|
+
u[d] = setTimeout(function() {
|
|
203
|
+
m.postMessage(d), u[d] = null;
|
|
204
204
|
}, w);
|
|
205
205
|
},
|
|
206
|
-
setInterval: function(m,
|
|
207
|
-
u[
|
|
208
|
-
m.postMessage(
|
|
206
|
+
setInterval: function(m, d, w) {
|
|
207
|
+
u[d] = setInterval(function() {
|
|
208
|
+
m.postMessage(d);
|
|
209
209
|
}, w);
|
|
210
210
|
},
|
|
211
|
-
clearTimeout: function(m,
|
|
212
|
-
clearTimeout(u[
|
|
211
|
+
clearTimeout: function(m, d) {
|
|
212
|
+
clearTimeout(u[d]), u[d] = null;
|
|
213
213
|
},
|
|
214
|
-
clearInterval: function(m,
|
|
215
|
-
clearInterval(u[
|
|
214
|
+
clearInterval: function(m, d) {
|
|
215
|
+
clearInterval(u[d]), u[d] = null;
|
|
216
216
|
}
|
|
217
217
|
};
|
|
218
|
-
function g(m,
|
|
219
|
-
const w =
|
|
218
|
+
function g(m, d) {
|
|
219
|
+
const w = d.data[0], A = d.data[1], v = d.data[2];
|
|
220
220
|
h[w] && h[w](m, A, v);
|
|
221
221
|
}
|
|
222
222
|
this.onmessage = function(m) {
|
|
223
223
|
g(self, m);
|
|
224
224
|
}, this.onconnect = function(m) {
|
|
225
|
-
const
|
|
226
|
-
|
|
227
|
-
g(
|
|
225
|
+
const d = m.ports[0];
|
|
226
|
+
d.onmessage = function(w) {
|
|
227
|
+
g(d, w);
|
|
228
228
|
};
|
|
229
229
|
};
|
|
230
230
|
}).toString();
|
|
231
231
|
try {
|
|
232
232
|
const u = new Blob(["(", _, ")()"], { type: "application/javascript" });
|
|
233
|
-
|
|
233
|
+
f = URL.createObjectURL(u);
|
|
234
234
|
} catch {
|
|
235
235
|
return null;
|
|
236
236
|
}
|
|
237
237
|
const c = typeof process > "u";
|
|
238
238
|
try {
|
|
239
239
|
if (SharedWorker)
|
|
240
|
-
return a = new SharedWorker(
|
|
240
|
+
return a = new SharedWorker(f), a.port;
|
|
241
241
|
} catch {
|
|
242
242
|
c && console.warn("SharedWorker not available");
|
|
243
243
|
}
|
|
244
244
|
try {
|
|
245
245
|
if (Worker)
|
|
246
|
-
return a = new Worker(
|
|
246
|
+
return a = new Worker(f), a;
|
|
247
247
|
} catch {
|
|
248
248
|
c && console.warn("Worker not available");
|
|
249
249
|
}
|
|
@@ -265,24 +265,24 @@ const z = (e, n = null, t) => {
|
|
|
265
265
|
};
|
|
266
266
|
}(), t = {}, s = {};
|
|
267
267
|
e.onmessage = function(a) {
|
|
268
|
-
const
|
|
268
|
+
const f = a.data, _ = t[f];
|
|
269
269
|
if (_) {
|
|
270
|
-
_(), t[
|
|
270
|
+
_(), t[f] = null;
|
|
271
271
|
return;
|
|
272
272
|
}
|
|
273
|
-
const c = s[
|
|
273
|
+
const c = s[f];
|
|
274
274
|
c && c();
|
|
275
275
|
};
|
|
276
|
-
function o(a,
|
|
276
|
+
function o(a, f) {
|
|
277
277
|
const _ = n();
|
|
278
|
-
return e.postMessage(["setTimeout", _,
|
|
278
|
+
return e.postMessage(["setTimeout", _, f]), t[_] = a, _;
|
|
279
279
|
}
|
|
280
280
|
function r(a) {
|
|
281
281
|
e.postMessage(["clearTimeout", a]), t[a] = null;
|
|
282
282
|
}
|
|
283
|
-
function i(a,
|
|
283
|
+
function i(a, f) {
|
|
284
284
|
const _ = n();
|
|
285
|
-
return e.postMessage(["setInterval", _,
|
|
285
|
+
return e.postMessage(["setInterval", _, f]), s[_] = a, _;
|
|
286
286
|
}
|
|
287
287
|
function l(a) {
|
|
288
288
|
e.postMessage(["clearInterval", a]), s[a] = null;
|
|
@@ -293,7 +293,7 @@ const z = (e, n = null, t) => {
|
|
|
293
293
|
setInterval: i,
|
|
294
294
|
clearInterval: l
|
|
295
295
|
};
|
|
296
|
-
}(), le = "7.
|
|
296
|
+
}(), le = "7.22.0-alpha.1416";
|
|
297
297
|
let ue = null, q;
|
|
298
298
|
const M = ({ milliseconds: e }) => new Promise((n) => B.setTimeout(n, e)), me = (e = "/") => {
|
|
299
299
|
try {
|
|
@@ -347,7 +347,7 @@ const M = ({ milliseconds: e }) => new Promise((n) => B.setTimeout(n, e)), me =
|
|
|
347
347
|
return D !== le && (console.warn(`Service worker ${D} version mismatch with js client version ${le}, unregistering and reloading`), await P.service_worker_update_require_callback(s, xe)), { tokens: oe(b.tokens, null, P.token_renew_mode), status: b.status };
|
|
348
348
|
}, i = (k = "/") => {
|
|
349
349
|
ue == null && (ue = "not_null", me(k));
|
|
350
|
-
}, l = (k) => O(s)({ type: "setSessionState", data: { sessionState: k }, configurationName: n }), a = async () => (await O(s)({ type: "getSessionState", data: null, configurationName: n })).sessionState,
|
|
350
|
+
}, l = (k) => O(s)({ type: "setSessionState", data: { sessionState: k }, configurationName: n }), a = async () => (await O(s)({ type: "getSessionState", data: null, configurationName: n })).sessionState, f = (k) => (sessionStorage[`oidc.nonce.${n}`] = k.nonce, O(s)({ type: "setNonce", data: { nonce: k }, configurationName: n })), _ = async () => {
|
|
351
351
|
let S = (await O(s)({ type: "getNonce", data: null, configurationName: n })).nonce;
|
|
352
352
|
return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: S };
|
|
353
353
|
};
|
|
@@ -359,7 +359,7 @@ const M = ({ milliseconds: e }) => new Promise((n) => B.setTimeout(n, e)), me =
|
|
|
359
359
|
isServiceWorkerProxyActiveAsync: () => We(e.service_worker_keep_alive_path),
|
|
360
360
|
setSessionStateAsync: l,
|
|
361
361
|
getSessionStateAsync: a,
|
|
362
|
-
setNonceAsync:
|
|
362
|
+
setNonceAsync: f,
|
|
363
363
|
getNonceAsync: _,
|
|
364
364
|
setLoginParams: (k) => {
|
|
365
365
|
c[n] = k, localStorage[`oidc.login.${n}`] = JSON.stringify(k);
|
|
@@ -453,7 +453,7 @@ const Ke = {
|
|
|
453
453
|
// @ts-ignore
|
|
454
454
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
455
455
|
payload: _e(JSON.stringify(s))
|
|
456
|
-
}, l = o.importKeyAlgorithm, a = !0,
|
|
456
|
+
}, l = o.importKeyAlgorithm, a = !0, f = ["sign"], _ = await e.crypto.subtle.importKey("jwk", n, l, a, f), c = pe(`${i.protected}.${i.payload}`), u = o.signAlgorithm, h = await e.crypto.subtle.sign(u, _, c);
|
|
457
457
|
return i.signature = re(new Uint8Array(h)), `${i.protected}.${i.payload}.${i.signature}`;
|
|
458
458
|
};
|
|
459
459
|
var Fe = { sign: Ue };
|
|
@@ -540,8 +540,8 @@ const Xe = (e) => {
|
|
|
540
540
|
const a = await H(e)(r, {}, o);
|
|
541
541
|
if (a.status !== 200)
|
|
542
542
|
return null;
|
|
543
|
-
const
|
|
544
|
-
return Re(i,
|
|
543
|
+
const f = await a.json();
|
|
544
|
+
return Re(i, f, s), new se(f);
|
|
545
545
|
}, H = (e) => async (n, t = {}, s = 1e4, o = 0) => {
|
|
546
546
|
let r;
|
|
547
547
|
try {
|
|
@@ -572,13 +572,13 @@ const Xe = (e) => {
|
|
|
572
572
|
const u = encodeURIComponent(c), h = encodeURIComponent(l[c]);
|
|
573
573
|
a.push(`${u}=${h}`);
|
|
574
574
|
}
|
|
575
|
-
const
|
|
575
|
+
const f = a.join("&");
|
|
576
576
|
return (await H(e)(n, {
|
|
577
577
|
method: "POST",
|
|
578
578
|
headers: {
|
|
579
579
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
|
|
580
580
|
},
|
|
581
|
-
body:
|
|
581
|
+
body: f
|
|
582
582
|
}, i)).status !== 200 ? { success: !1 } : {
|
|
583
583
|
success: !0
|
|
584
584
|
};
|
|
@@ -590,13 +590,13 @@ const Xe = (e) => {
|
|
|
590
590
|
const g = encodeURIComponent(h), m = encodeURIComponent(t[h]);
|
|
591
591
|
a.push(`${g}=${m}`);
|
|
592
592
|
}
|
|
593
|
-
const
|
|
593
|
+
const f = a.join("&"), _ = await H(e)(n, {
|
|
594
594
|
method: "POST",
|
|
595
595
|
headers: {
|
|
596
596
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
597
597
|
...r
|
|
598
598
|
},
|
|
599
|
-
body:
|
|
599
|
+
body: f
|
|
600
600
|
}, l);
|
|
601
601
|
if (_.status !== 200)
|
|
602
602
|
return {
|
|
@@ -638,15 +638,15 @@ const Xe = (e) => {
|
|
|
638
638
|
}, r);
|
|
639
639
|
if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), a.status !== 200)
|
|
640
640
|
return { success: !1, status: a.status };
|
|
641
|
-
let
|
|
642
|
-
a.headers.has(G) && (
|
|
641
|
+
let f = null;
|
|
642
|
+
a.headers.has(G) && (f = a.headers.get(G));
|
|
643
643
|
const _ = await a.json();
|
|
644
644
|
return {
|
|
645
645
|
success: !0,
|
|
646
646
|
data: {
|
|
647
647
|
state: t.state,
|
|
648
648
|
tokens: oe(_, null, o),
|
|
649
|
-
demonstratingProofOfPossessionNonce:
|
|
649
|
+
demonstratingProofOfPossessionNonce: f
|
|
650
650
|
}
|
|
651
651
|
};
|
|
652
652
|
};
|
|
@@ -713,8 +713,8 @@ const J = (e, n, t = null) => {
|
|
|
713
713
|
if (h === "SESSIONS_LOST")
|
|
714
714
|
return { tokens: null, status: "SESSIONS_LOST", nonce: r };
|
|
715
715
|
if (u.issuedAt !== s.issuedAt) {
|
|
716
|
-
const m = U(n.refresh_time_before_tokens_expiration_in_second, u.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
|
|
717
|
-
return { tokens: u, status: m, nonce:
|
|
716
|
+
const m = U(n.refresh_time_before_tokens_expiration_in_second, u.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", d = await c.getNonceAsync();
|
|
717
|
+
return { tokens: u, status: m, nonce: d };
|
|
718
718
|
}
|
|
719
719
|
} else
|
|
720
720
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: r };
|
|
@@ -730,12 +730,12 @@ const J = (e, n, t = null) => {
|
|
|
730
730
|
await M({ milliseconds: 1e3 }), r--, e.publishEvent(p.refreshTokensAsync, { message: `wait because navigator is offline try ${r}` });
|
|
731
731
|
const i = document.hidden, l = n + 1;
|
|
732
732
|
s || (s = {});
|
|
733
|
-
const a = e.configuration,
|
|
733
|
+
const a = e.configuration, f = (c, u = null, h = null) => ie(e.configurationName, e.configuration, e.publishEvent.bind(e))(c, u, h), _ = async () => {
|
|
734
734
|
try {
|
|
735
735
|
let c;
|
|
736
736
|
const u = await C(a, e.configurationName);
|
|
737
737
|
u ? c = u.getLoginParams() : c = I(e.configurationName, a.storage).getLoginParams();
|
|
738
|
-
const h = await
|
|
738
|
+
const h = await f({
|
|
739
739
|
...c.extras,
|
|
740
740
|
...s,
|
|
741
741
|
prompt: "none"
|
|
@@ -767,7 +767,7 @@ const J = (e, n, t = null) => {
|
|
|
767
767
|
return e.publishEvent(p.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
|
|
768
768
|
if (e.publishEvent(p.refreshTokensAsync_begin, { refreshToken: u.refreshToken, status: c, tryNumber: n }), !u.refreshToken)
|
|
769
769
|
return await _();
|
|
770
|
-
const g = a.client_id, m = a.redirect_uri,
|
|
770
|
+
const g = a.client_id, m = a.redirect_uri, d = a.authority, A = { ...a.token_request_extras ? a.token_request_extras : {} };
|
|
771
771
|
for (const [T, y] of Object.entries(s))
|
|
772
772
|
T.endsWith(":token_request") && (A[T.replace(":token_request", "")] = y);
|
|
773
773
|
return await (async () => {
|
|
@@ -776,7 +776,7 @@ const J = (e, n, t = null) => {
|
|
|
776
776
|
redirect_uri: m,
|
|
777
777
|
grant_type: "refresh_token",
|
|
778
778
|
refresh_token: u.refreshToken
|
|
779
|
-
}, y = await e.initAsync(
|
|
779
|
+
}, y = await e.initAsync(d, a.authority_configuration), k = document.hidden ? 1e4 : 3e4 * 10, S = y.tokenEndpoint, P = {};
|
|
780
780
|
a.demonstrating_proof_of_possession && (P.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken, S, "POST"));
|
|
781
781
|
const b = await Ze(e.getFetch())(
|
|
782
782
|
S,
|
|
@@ -816,23 +816,23 @@ const J = (e, n, t = null) => {
|
|
|
816
816
|
if (o && (s == null && (s = {}), s.state = o), r && (s == null && (s = {}), s.scope = r), s != null)
|
|
817
817
|
for (const [c, u] of Object.entries(s))
|
|
818
818
|
i === "" ? i = `?${encodeURIComponent(c)}=${encodeURIComponent(u)}` : i += `&${encodeURIComponent(c)}=${encodeURIComponent(u)}`;
|
|
819
|
-
const l = n.silent_login_uri + i, a = l.indexOf("/", l.indexOf("//") + 2),
|
|
819
|
+
const l = n.silent_login_uri + i, a = l.indexOf("/", l.indexOf("//") + 2), f = l.substring(0, a), _ = document.createElement("iframe");
|
|
820
820
|
return _.width = "0px", _.height = "0px", _.id = `${e}_oidc_iframe`, _.setAttribute("src", l), document.body.appendChild(_), new Promise((c, u) => {
|
|
821
821
|
let h = !1;
|
|
822
822
|
const g = () => {
|
|
823
823
|
window.removeEventListener("message", m), _.remove(), h = !0;
|
|
824
|
-
}, m = (
|
|
825
|
-
if (
|
|
826
|
-
const w = `${e}_oidc_tokens:`, A = `${e}_oidc_error:`, v = `${e}_oidc_exception:`, T =
|
|
824
|
+
}, m = (d) => {
|
|
825
|
+
if (d.origin === f && d.source === _.contentWindow) {
|
|
826
|
+
const w = `${e}_oidc_tokens:`, A = `${e}_oidc_error:`, v = `${e}_oidc_exception:`, T = d.data;
|
|
827
827
|
if (T && typeof T == "string" && !h) {
|
|
828
828
|
if (T.startsWith(w)) {
|
|
829
|
-
const y = JSON.parse(
|
|
829
|
+
const y = JSON.parse(d.data.replace(w, ""));
|
|
830
830
|
t(p.silentLoginAsync_end, {}), c(y), g();
|
|
831
831
|
} else if (T.startsWith(A)) {
|
|
832
|
-
const y = JSON.parse(
|
|
832
|
+
const y = JSON.parse(d.data.replace(A, ""));
|
|
833
833
|
t(p.silentLoginAsync_error, y), c({ error: "oidc_" + y.error, tokens: null, sessionState: null }), g();
|
|
834
834
|
} else if (T.startsWith(v)) {
|
|
835
|
-
const y = JSON.parse(
|
|
835
|
+
const y = JSON.parse(d.data.replace(v, ""));
|
|
836
836
|
t(p.silentLoginAsync_error, y), u(new Error(y.error)), g();
|
|
837
837
|
}
|
|
838
838
|
}
|
|
@@ -840,12 +840,12 @@ const J = (e, n, t = null) => {
|
|
|
840
840
|
};
|
|
841
841
|
try {
|
|
842
842
|
window.addEventListener("message", m);
|
|
843
|
-
const
|
|
843
|
+
const d = n.silent_login_timeout;
|
|
844
844
|
setTimeout(() => {
|
|
845
845
|
h || (g(), t(p.silentLoginAsync_error, { reason: "timeout" }), u(new Error("timeout")));
|
|
846
|
-
},
|
|
847
|
-
} catch (
|
|
848
|
-
g(), t(p.silentLoginAsync_error,
|
|
846
|
+
}, d);
|
|
847
|
+
} catch (d) {
|
|
848
|
+
g(), t(p.silentLoginAsync_error, d), u(d);
|
|
849
849
|
}
|
|
850
850
|
});
|
|
851
851
|
} catch (i) {
|
|
@@ -853,16 +853,16 @@ const J = (e, n, t = null) => {
|
|
|
853
853
|
}
|
|
854
854
|
}, on = (e, n, t, s, o) => (r = null, i = void 0) => {
|
|
855
855
|
r = { ...r };
|
|
856
|
-
const l = (
|
|
856
|
+
const l = (f, _, c) => ie(n, t, s.bind(o))(f, _, c);
|
|
857
857
|
return (async () => {
|
|
858
858
|
o.timeoutId && B.clearTimeout(o.timeoutId);
|
|
859
|
-
let
|
|
860
|
-
r && "state" in r && (
|
|
859
|
+
let f;
|
|
860
|
+
r && "state" in r && (f = r.state, delete r.state);
|
|
861
861
|
try {
|
|
862
862
|
const _ = t.extras ? { ...t.extras, ...r } : r, c = await l({
|
|
863
863
|
..._,
|
|
864
864
|
prompt: "none"
|
|
865
|
-
},
|
|
865
|
+
}, f, i);
|
|
866
866
|
if (c)
|
|
867
867
|
return o.tokens = c.tokens, s(p.token_aquired, {}), o.timeoutId = J(o, o.tokens.expiresAt, r), {};
|
|
868
868
|
} catch (_) {
|
|
@@ -870,8 +870,8 @@ const J = (e, n, t = null) => {
|
|
|
870
870
|
}
|
|
871
871
|
})();
|
|
872
872
|
}, rn = (e, n, t) => (s, o, r, i = !1) => {
|
|
873
|
-
const l = (a,
|
|
874
|
-
return new Promise((a,
|
|
873
|
+
const l = (a, f = void 0, _ = void 0) => ie(e.configurationName, t, e.publishEvent.bind(e))(a, f, _);
|
|
874
|
+
return new Promise((a, f) => {
|
|
875
875
|
if (t.silent_login_uri && t.silent_redirect_uri && t.monitor_session && s && r && !i) {
|
|
876
876
|
const _ = () => {
|
|
877
877
|
e.checkSessionIFrame.stop();
|
|
@@ -888,20 +888,20 @@ const J = (e, n, t = null) => {
|
|
|
888
888
|
throw new Error(g.error);
|
|
889
889
|
const m = g.tokens.idTokenPayload;
|
|
890
890
|
if (h.sub === m.sub) {
|
|
891
|
-
const
|
|
892
|
-
e.checkSessionIFrame.start(g.sessionState), h.sid === m.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
|
|
891
|
+
const d = g.sessionState;
|
|
892
|
+
e.checkSessionIFrame.start(g.sessionState), h.sid === m.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", d) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", d);
|
|
893
893
|
} else
|
|
894
894
|
console.debug("SessionMonitor._callback: Different subject signed into OP:", m.sub);
|
|
895
895
|
}).catch(async (g) => {
|
|
896
896
|
console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", g);
|
|
897
|
-
for (const [m,
|
|
898
|
-
await
|
|
897
|
+
for (const [m, d] of Object.entries(n))
|
|
898
|
+
await d.logoutOtherTabAsync(t.client_id, h.sub);
|
|
899
899
|
});
|
|
900
900
|
};
|
|
901
901
|
e.checkSessionIFrame = new Oe(_, o, s), e.checkSessionIFrame.load().then(() => {
|
|
902
902
|
e.checkSessionIFrame.start(r), a(e.checkSessionIFrame);
|
|
903
903
|
}).catch((c) => {
|
|
904
|
-
|
|
904
|
+
f(c);
|
|
905
905
|
});
|
|
906
906
|
} else
|
|
907
907
|
a(null);
|
|
@@ -945,7 +945,7 @@ const J = (e, n, t = null) => {
|
|
|
945
945
|
t = r[s].split("="), n[decodeURIComponent(t[0])] = decodeURIComponent(t[1]);
|
|
946
946
|
return n;
|
|
947
947
|
}, cn = (e, n, t, s, o) => (r = void 0, i = null, l = !1, a = void 0) => {
|
|
948
|
-
const
|
|
948
|
+
const f = i;
|
|
949
949
|
return i = { ...i }, (async () => {
|
|
950
950
|
const c = r || o.getPath();
|
|
951
951
|
if ("state" in i || (i.state = ne(16)), t(p.loginAsync_begin, {}), i)
|
|
@@ -956,13 +956,13 @@ const J = (e, n, t = null) => {
|
|
|
956
956
|
a || (a = n.scope);
|
|
957
957
|
const h = n.extras ? { ...n.extras, ...i } : i;
|
|
958
958
|
h.nonce || (h.nonce = ne(12));
|
|
959
|
-
const g = { nonce: h.nonce }, m = await C(n, e),
|
|
959
|
+
const g = { nonce: h.nonce }, m = await C(n, e), d = await s(n.authority, n.authority_configuration);
|
|
960
960
|
let w;
|
|
961
961
|
if (m)
|
|
962
|
-
m.setLoginParams({ callbackPath: c, extras:
|
|
962
|
+
m.setLoginParams({ callbackPath: c, extras: f }), await m.initAsync(d, "loginAsync", n), await m.setNonceAsync(g), m.startKeepAliveServiceWorker(), w = m;
|
|
963
963
|
else {
|
|
964
964
|
const v = I(e, n.storage ?? sessionStorage);
|
|
965
|
-
v.setLoginParams({ callbackPath: c, extras:
|
|
965
|
+
v.setLoginParams({ callbackPath: c, extras: f }), await v.setNonceAsync(g), w = v;
|
|
966
966
|
}
|
|
967
967
|
const A = {
|
|
968
968
|
client_id: n.client_id,
|
|
@@ -971,7 +971,7 @@ const J = (e, n, t = null) => {
|
|
|
971
971
|
response_type: "code",
|
|
972
972
|
...h
|
|
973
973
|
};
|
|
974
|
-
await en(w, o)(
|
|
974
|
+
await en(w, o)(d.authorizationEndpoint, A);
|
|
975
975
|
} catch (u) {
|
|
976
976
|
throw t(p.loginAsync_error, u), u;
|
|
977
977
|
}
|
|
@@ -987,15 +987,15 @@ const J = (e, n, t = null) => {
|
|
|
987
987
|
const E = I(e.configurationName, t.storage ?? sessionStorage);
|
|
988
988
|
await E.setSessionStateAsync(_), h = await E.getNonceAsync(), g = E.getLoginParams(), m = await E.getStateAsync(), u = E;
|
|
989
989
|
}
|
|
990
|
-
const
|
|
991
|
-
if (
|
|
992
|
-
throw new Error(`Error from OIDC server: ${
|
|
993
|
-
if (
|
|
994
|
-
throw console.error(), new Error(`Issuer not valid (expected: ${l.issuer}, received: ${
|
|
995
|
-
if (
|
|
996
|
-
throw new Error(`State not valid (expected: ${m}, received: ${
|
|
990
|
+
const d = Y(a);
|
|
991
|
+
if (d.error || d.error_description)
|
|
992
|
+
throw new Error(`Error from OIDC server: ${d.error} - ${d.error_description}`);
|
|
993
|
+
if (d.iss && d.iss !== l.issuer)
|
|
994
|
+
throw console.error(), new Error(`Issuer not valid (expected: ${l.issuer}, received: ${d.iss})`);
|
|
995
|
+
if (d.state && d.state !== m)
|
|
996
|
+
throw new Error(`State not valid (expected: ${m}, received: ${d.state})`);
|
|
997
997
|
const w = {
|
|
998
|
-
code:
|
|
998
|
+
code: d.code,
|
|
999
999
|
grant_type: "authorization_code",
|
|
1000
1000
|
client_id: t.client_id,
|
|
1001
1001
|
redirect_uri: o
|
|
@@ -1079,10 +1079,10 @@ const J = (e, n, t = null) => {
|
|
|
1079
1079
|
}, fn = (e, n, t, s, o) => async (r = void 0, i = null) => {
|
|
1080
1080
|
const l = e.configuration, a = await e.initAsync(l.authority, l.authority_configuration);
|
|
1081
1081
|
r && typeof r != "string" && (r = void 0, s.warn("callbackPathOrUrl path is not a string"));
|
|
1082
|
-
const
|
|
1082
|
+
const f = r ?? o.getPath();
|
|
1083
1083
|
let _ = !1;
|
|
1084
1084
|
r && (_ = r.includes("https://") || r.includes("http://"));
|
|
1085
|
-
const c = _ ? r : o.getOrigin() +
|
|
1085
|
+
const c = _ ? r : o.getOrigin() + f, u = e.tokens ? e.tokens.idToken : "";
|
|
1086
1086
|
try {
|
|
1087
1087
|
const w = a.revocationEndpoint;
|
|
1088
1088
|
if (w) {
|
|
@@ -1120,39 +1120,39 @@ const J = (e, n, t = null) => {
|
|
|
1120
1120
|
const g = Q(i, ":oidc");
|
|
1121
1121
|
if (g && g.no_reload === "true")
|
|
1122
1122
|
return;
|
|
1123
|
-
const
|
|
1123
|
+
const d = un(i);
|
|
1124
1124
|
if (a.endSessionEndpoint) {
|
|
1125
|
-
"id_token_hint" in
|
|
1125
|
+
"id_token_hint" in d || (d.id_token_hint = u), !("post_logout_redirect_uri" in d) && r !== null && (d.post_logout_redirect_uri = c);
|
|
1126
1126
|
let w = "";
|
|
1127
|
-
for (const [A, v] of Object.entries(
|
|
1127
|
+
for (const [A, v] of Object.entries(d))
|
|
1128
1128
|
v != null && (w === "" ? w += "?" : w += "&", w += `${A}=${encodeURIComponent(v)}`);
|
|
1129
1129
|
o.open(`${a.endSessionEndpoint}${w}`);
|
|
1130
1130
|
} else
|
|
1131
1131
|
o.reload();
|
|
1132
|
-
}, Ee = (e, n) => async (...
|
|
1133
|
-
var
|
|
1134
|
-
const [
|
|
1135
|
-
let
|
|
1136
|
-
|
|
1137
|
-
const
|
|
1138
|
-
if (
|
|
1139
|
-
if (
|
|
1140
|
-
const
|
|
1141
|
-
|
|
1132
|
+
}, Ee = (e, n, t = !1) => async (...s) => {
|
|
1133
|
+
var h;
|
|
1134
|
+
const [o, r, ...i] = s, l = r ? { ...r } : { method: "GET" };
|
|
1135
|
+
let a = new Headers();
|
|
1136
|
+
l.headers && (a = l.headers instanceof Headers ? l.headers : new Headers(l.headers));
|
|
1137
|
+
const f = n, _ = await ge(f), c = (h = _ == null ? void 0 : _.tokens) == null ? void 0 : h.accessToken;
|
|
1138
|
+
if (a.has("Accept") || a.set("Accept", "application/json"), c) {
|
|
1139
|
+
if (f.configuration.demonstrating_proof_of_possession && t) {
|
|
1140
|
+
const g = await f.generateDemonstrationOfProofOfPossessionAsync(c, o.toString(), l.method);
|
|
1141
|
+
a.set("Authorization", `PoP ${c}`), a.set("DPoP", g);
|
|
1142
1142
|
} else
|
|
1143
|
-
|
|
1144
|
-
|
|
1143
|
+
a.set("Authorization", `Bearer ${c}`);
|
|
1144
|
+
l.credentials || (l.credentials = "same-origin");
|
|
1145
1145
|
}
|
|
1146
|
-
const
|
|
1147
|
-
return await e(
|
|
1148
|
-
}, dn = (e) => async (n = !1) => {
|
|
1146
|
+
const u = { ...l, headers: a };
|
|
1147
|
+
return await e(o, u, ...i);
|
|
1148
|
+
}, dn = (e) => async (n = !1, t = !1) => {
|
|
1149
1149
|
if (e.userInfo != null && !n)
|
|
1150
1150
|
return e.userInfo;
|
|
1151
|
-
const
|
|
1152
|
-
const
|
|
1153
|
-
return
|
|
1151
|
+
const s = e.configuration, r = (await e.initAsync(s.authority, s.authority_configuration)).userInfoEndpoint, l = await (async () => {
|
|
1152
|
+
const f = await Ee(fetch, e, t)(r);
|
|
1153
|
+
return f.status !== 200 ? null : f.json();
|
|
1154
1154
|
})();
|
|
1155
|
-
return e.userInfo =
|
|
1155
|
+
return e.userInfo = l, l;
|
|
1156
1156
|
};
|
|
1157
1157
|
class X {
|
|
1158
1158
|
open(n) {
|
|
@@ -1416,15 +1416,15 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1416
1416
|
let a;
|
|
1417
1417
|
if (l)
|
|
1418
1418
|
return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
|
|
1419
|
-
const
|
|
1420
|
-
let _ = await
|
|
1421
|
-
return a = await
|
|
1419
|
+
const f = I(this.configurationName, r.storage);
|
|
1420
|
+
let _ = await f.getDemonstratingProofOfPossessionJwkAsync();
|
|
1421
|
+
return a = await f.getDemonstratingProofOfPossessionNonce(), a && (i.nonce = a), await Ae(window)(r.demonstrating_proof_of_possession_configuration)(_, s, t, i);
|
|
1422
1422
|
}
|
|
1423
1423
|
loginCallbackWithAutoTokensRenewAsync() {
|
|
1424
1424
|
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = An(this), this.loginCallbackWithAutoTokensRenewPromise.then((n) => (this.loginCallbackWithAutoTokensRenewPromise = null, n)));
|
|
1425
1425
|
}
|
|
1426
|
-
userInfoAsync(n = !1) {
|
|
1427
|
-
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = dn(this)(n), this.userInfoPromise.then((
|
|
1426
|
+
userInfoAsync(n = !1, t = !1) {
|
|
1427
|
+
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = dn(this)(n, t), this.userInfoPromise.then((s) => (this.userInfoPromise = null, s)));
|
|
1428
1428
|
}
|
|
1429
1429
|
async renewTokensAsync(n = null) {
|
|
1430
1430
|
if (this.renewTokensPromise !== null)
|
|
@@ -1493,10 +1493,10 @@ const K = class K {
|
|
|
1493
1493
|
async getValidTokenAsync(n = 200, t = 50) {
|
|
1494
1494
|
return ge(this._oidc, n, t);
|
|
1495
1495
|
}
|
|
1496
|
-
fetchWithTokens(n) {
|
|
1497
|
-
return Ee(n, this);
|
|
1496
|
+
fetchWithTokens(n, t) {
|
|
1497
|
+
return Ee(n, this, t);
|
|
1498
1498
|
}
|
|
1499
|
-
async userInfoAsync(n = !1) {
|
|
1499
|
+
async userInfoAsync(n = !1, t = !1) {
|
|
1500
1500
|
return this._oidc.userInfoAsync(n);
|
|
1501
1501
|
}
|
|
1502
1502
|
};
|
package/dist/index.umd.cjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(N,Y){typeof exports=="object"&&typeof module<"u"?Y(exports):typeof define=="function"&&define.amd?define(["exports"],Y):(N=typeof globalThis<"u"?globalThis:N||self,Y(N["oidc-client"]={}))})(this,function(N){"use strict";const R=console;class Ce{constructor(n,t,s,o=2e3,r=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||2e3,this._stopOnError=r;const i=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substr(0,i),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(R.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(R.debug(n),R.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):R.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){R.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(R.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const p={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},P=(e,n=sessionStorage)=>{const t=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),s=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},r=async y=>{n[`oidc.session_state.${e}`]=y},i=async()=>n[`oidc.session_state.${e}`],l=y=>{n[`oidc.nonce.${e}`]=y.nonce},a=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async y=>{n[`oidc.dpop_nonce.${e}`]=y},u=()=>n[`oidc.dpop_nonce.${e}`],h=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:t,initAsync:s,setTokens:o,getTokens:h,setSessionStateAsync:r,getSessionStateAsync:i,setNonceAsync:l,getNonceAsync:f,setLoginParams:y=>{g[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(g[e]||(g[e]=JSON.parse(y)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:d}};var $=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))($||{});const Ne=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),xe=e=>JSON.parse(Ne(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&We(e,".")===2?xe(e.split(".")[1]):null}catch(n){console.warn(n)}return null},We=(e,n)=>e.split(n).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const z=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=ue(e.accessToken);let r;n!=null&&"idToken"in n&&!("idToken"in e)?r=n.idToken:r=e.idToken;const i=e.idTokenPayload?e.idTokenPayload:ue(r),l=i&&i.exp?i.exp:Number.MAX_VALUE,a=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=Le(e,s,i);let d;e.expiresAt?d=e.expiresAt:t===X.access_token_invalid?d=a:t===X.id_token_invalid?d=l:d=l<a?l:a;const f={...e,idTokenPayload:i,accessTokenPayload:s,expiresAt:d,idToken:r};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...f,refreshToken:c}}return f},ne=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),z(s,n,t)},V=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},fe=e=>e?V(0,e.expiresAt)>0:!1,_e=async(e,n=200,t=50)=>{let s=t;if(!e.tokens)return null;for(;!fe(e.tokens)&&s>0;){if(e.configuration.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await J({milliseconds:n});s=s-1}return{isTokensValid:fe(e.tokens),tokens:e.tokens,numberWaited:s-t}},de=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const r=60*60*24*7;if(s.iat&&s.iat+r<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+r} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},M=function(){const e=function(){let a,d;const f=(function(){const u={},h={setTimeout:function(m,_,w){u[_]=setTimeout(function(){m.postMessage(_),u[_]=null},w)},setInterval:function(m,_,w){u[_]=setInterval(function(){m.postMessage(_)},w)},clearTimeout:function(m,_){clearTimeout(u[_]),u[_]=null},clearInterval:function(m,_){clearInterval(u[_]),u[_]=null}};function g(m,_){const w=_.data[0],A=_.data[1],v=_.data[2];h[w]&&h[w](m,A,v)}this.onmessage=function(m){g(self,m)},this.onconnect=function(m){const _=m.ports[0];_.onmessage=function(w){g(_,w)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});d=URL.createObjectURL(u)}catch{return null}const c=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(d),a.port}catch{c&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(d),a}catch{c&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),t={},s={};e.onmessage=function(a){const d=a.data,f=t[d];if(f){f(),t[d]=null;return}const c=s[d];c&&c()};function o(a,d){const f=n();return e.postMessage(["setTimeout",f,d]),t[f]=a,f}function r(a){e.postMessage(["clearTimeout",a]),t[a]=null}function i(a,d){const f=n();return e.postMessage(["setInterval",f,d]),s[f]=a,f}function l(a){e.postMessage(["clearInterval",a]),s[a]=null}return{setTimeout:o,clearTimeout:r,setInterval:i,clearInterval:l}}(),he="7.21.0";let ye=null,Q;const J=({milliseconds:e})=>new Promise(n=>M.setTimeout(n,e)),ge=(e="/")=>{try{Q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Q.signal}).catch(s=>{console.log(s)}),J({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},De=()=>{Q&&Q.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,t)=>{t(),await n.update();const s=await n.unregister();console.log(`Service worker unregistering ${s}`),await J({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(t,s){const o=new MessageChannel;o.port1.onmessage=function(r){r.data&&r.data.error?s(r.data.error):t(r.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;let s=null;e.register?s=await e.service_worker_register(t):s=await navigator.serviceWorker.register(t);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(s)({type:"claim"})}catch{return null}const o=async k=>O(s)({type:"clear",data:{status:k},configurationName:n}),r=async(k,S,C)=>{const b=await O(s)({type:"init",data:{oidcServerConfiguration:k,where:S,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),F=b.version;return F!==he&&(console.warn(`Service worker ${F} version mismatch with js client version ${he}, unregistering and reloading`),await C.service_worker_update_require_callback(s,De)),{tokens:ne(b.tokens,null,C.token_renew_mode),status:b.status}},i=(k="/")=>{ye==null&&(ye="not_null",ge(k))},l=k=>O(s)({type:"setSessionState",data:{sessionState:k},configurationName:n}),a=async()=>(await O(s)({type:"getSessionState",data:null,configurationName:n})).sessionState,d=k=>(sessionStorage[`oidc.nonce.${n}`]=k.nonce,O(s)({type:"setNonce",data:{nonce:k},configurationName:n})),f=async()=>{let S=(await O(s)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}};let c={};return{clearAsync:o,initAsync:r,startKeepAliveServiceWorker:()=>i(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:l,getSessionStateAsync:a,setNonceAsync:d,getNonceAsync:f,setLoginParams:k=>{c[n]=k,localStorage[`oidc.login.${n}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${n}`];return c[n]||(c[n]=JSON.parse(k)),c[n]},getStateAsync:async()=>{let S=(await O(s)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async k=>(sessionStorage[`oidc.state.${n}`]=k,O(s)({type:"setState",data:{state:k},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await O(s)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${n}`]=k,O(s)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:n})),setDemonstratingProofOfPossessionNonce:async k=>{await O(s)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(s)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const S=JSON.stringify(k);await O(s)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await O(s)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}},K={},Ke=(e,n=window.sessionStorage,t)=>{if(!K[e]&&n){const o=n.getItem(e);o&&(K[e]=JSON.parse(o))}const s=1e3*t;return K[e]&&K[e].timestamp+s>Date.now()?K[e].result:null},Ue=(e,n,t=window.sessionStorage)=>{const s=Date.now();K[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function ke(e){return new TextEncoder().encode(e)}function me(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Fe(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const te=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),me(n)};function pe(e){return me(Fe(e))}const Ve={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var Me={sign:e=>async(n,t,s,o,r="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=r,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const i={protected:pe(JSON.stringify(t)),payload:pe(JSON.stringify(s))},l=o.importKeyAlgorithm,a=!0,d=["sign"],f=await e.crypto.subtle.importKey("jwk",n,l,a,d),c=ke(`${i.protected}.${i.payload}`),u=o.signAlgorithm,h=await e.crypto.subtle.sign(u,f,c);return i.signature=te(new Uint8Array(h)),`${i.protected}.${i.payload}.${i.signature}`}};const Je={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],r=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",r.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var Be={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,ke(s));return te(new Uint8Array(o))}};const He=e=>async n=>await Je.generate(e)(n),we=e=>n=>async(t,s="POST",o,r={})=>{const i={jti:btoa(je()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...r},l=await Be.thumbprint(e)(t,n.digestAlgorithm);return await Me.sign(e)(t,{kid:l},i,n)},je=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Ae=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%se.length;n.push(se[s])}return n.join("")},oe=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Ae();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*se.length|0;return qe(n)};function Ge(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function Se(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",Ge(e)).then(s=>n(te(new Uint8Array(s))),s=>t(s))})}const Ye=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Ae();return n?Se(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Xe=60*60,ze=e=>async(n,t=Xe,s=window.sessionStorage,o=1e4)=>{const r=`${n}/.well-known/openid-configuration`,i=`oidc.server:${n}`,l=Ke(i,s,t);if(l)return new ce(l);const a=await B(e)(r,{},o);if(a.status!==200)return null;const d=await a.json();return Ue(i,d,s),new ce(d)},B=e=>async(n,t={},s=1e4,o=0)=>{let r;try{const i=new AbortController;setTimeout(()=>i.abort(),s),r=await e(n,{...t,signal:i.signal})}catch(i){if(i.name==="AbortError"||i.message==="Network request failed"){if(o<=1)return await B(e)(n,t,s,o+1);throw i}else throw console.error(i.message),i}return r},re={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,t,s=re.refresh_token,o,r={},i=1e4)=>{const l={token:t,token_type_hint:s,client_id:o};for(const[c,u]of Object.entries(r))l[c]===void 0&&(l[c]=u);const a=[];for(const c in l){const u=encodeURIComponent(c),h=encodeURIComponent(l[c]);a.push(`${u}=${h}`)}const d=a.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:d},i)).status!==200?{success:!1}:{success:!0}},Qe=e=>async(n,t,s,o,r={},i,l=1e4)=>{for(const[h,g]of Object.entries(s))t[h]===void 0&&(t[h]=g);const a=[];for(const h in t){const g=encodeURIComponent(h),m=encodeURIComponent(t[h]);a.push(`${g}=${m}`)}const d=a.join("&"),f=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...r},body:d},l);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const c=await f.json();let u=null;return f.headers.has(Z)&&(u=f.headers.get(Z)),{success:!0,status:f.status,data:ne(c,o,i),demonstratingProofOfPossessionNonce:u}},Ze=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=oe(128),r=await Ye(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=r,s.code_challenge_method="S256";let i="";if(s)for(const[l,a]of Object.entries(s))i===""?i+="?":i+="&",i+=`${l}=${encodeURIComponent(a)}`;n.open(`${t}${i}`)},Z="DPoP-Nonce",en=e=>async(n,t,s,o,r=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const i=[];for(const c in t){const u=encodeURIComponent(c),h=encodeURIComponent(t[c]);i.push(`${u}=${h}`)}const l=i.join("&"),a=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:l},r);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let d=null;a.headers.has(Z)&&(d=a.headers.get(Z));const f=await a.json();return{success:!0,data:{state:t.state,tokens:ne(f,null,o),demonstratingProofOfPossessionNonce:d}}};async function Te(e,n,t){const s=l=>{e.tokens=l},{tokens:o,status:r}=await ee(e)(0,n,t,s);return await I(e.configuration,e.configurationName)||await P(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(r),null)}const nn=async(e,n)=>{const t=await I(n,e.configurationName);if(t){const s=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await t.initAsync(s,"tryKeepExistingSessionAsync",n);return o}else{const s=P(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await s.initAsync();return o=z(o,e.tokens,n.token_renew_mode),o}};async function be(e,n=!1,t=null){const s=e.configuration,o=`${s.client_id}_${e.configurationName}_${s.authority}`;let r;const i=await I(e.configuration,e.configurationName);return(s==null?void 0:s.storage)===(window==null?void 0:window.sessionStorage)&&!i?r=await Te(e,n,t):r=await navigator.locks.request(o,{ifAvailable:!0},async l=>l?await Te(e,n,t):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await nn(e,s))),r?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,t)),e.tokens):null}const H=(e,n,t=null)=>{const s=e.configuration.refresh_time_before_tokens_expiration_in_second;return M.setTimeout(async()=>{const r={timeLeft:V(s,n)};e.publishEvent(x.eventNames.token_timer,r),await be(e,!1,t)},1e3)},W={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},tn=e=>async(n,t,s,o=!1)=>{const r={nonce:null};if(!s)return{tokens:null,status:"NOT_CONNECTED",nonce:r};let i=r;const l=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,t);if(a){const{status:c,tokens:u}=await a.initAsync(l,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(!c||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:r};if(u.issuedAt!==s.issuedAt){const g=V(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",m=await a.getNonceAsync();return{tokens:u,status:g,nonce:m}}i=await a.getNonceAsync()}else{const c=P(t,n.storage??sessionStorage);let{tokens:u,status:h}=await c.initAsync();if(u&&(u=z(u,e.tokens,n.token_renew_mode)),u){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(u.issuedAt!==s.issuedAt){const m=V(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",_=await c.getNonceAsync();return{tokens:u,status:m,nonce:_}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};i=await c.getNonceAsync()}const f=V(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:i}:{tokens:s,status:f,nonce:i}},ee=e=>async(n=0,t=!1,s=null,o)=>{for(;!navigator.onLine&&document.hidden;)await J({milliseconds:1e3}),e.publishEvent(p.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await J({milliseconds:1e3}),r--,e.publishEvent(p.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const i=document.hidden,l=n+1;s||(s={});const a=e.configuration,d=(c,u=null,h=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(c,u,h),f=async()=>{try{let c;const u=await I(a,e.configurationName);u?c=u.getLoginParams():c=P(e.configurationName,a.storage).getLoginParams();const h=await d({...c.extras,...s,prompt:"none"});return h?h.error?(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(h.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:h.tokens,status:"LOGGED"}):(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(c){return console.error(c),e.publishEvent(p.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:c.message}),await ee(e)(l,t,s,o)}};if(n>4)return i?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:c,tokens:u,nonce:h}=await tn(e)(a,e.configurationName,e.tokens,t);switch(c){case W.SESSION_LOST:return o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case W.NOT_CONNECTED:return o(null),{tokens:null,status:null};case W.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case W.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case W.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(p.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case W.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==c?(e.publishEvent(p.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(p.refreshTokensAsync_begin,{tryNumber:n}),await f());default:{if(a.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==c)return e.publishEvent(p.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(p.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:c,tryNumber:n}),!u.refreshToken)return await f();const g=a.client_id,m=a.redirect_uri,_=a.authority,A={...a.token_request_extras?a.token_request_extras:{}};for(const[T,y]of Object.entries(s))T.endsWith(":token_request")&&(A[T.replace(":token_request","")]=y);return await(async()=>{const T={client_id:g,redirect_uri:m,grant_type:"refresh_token",refresh_token:u.refreshToken},y=await e.initAsync(_,a.authority_configuration),k=document.hidden?1e4:3e4*10,S=y.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,S,"POST"));const b=await Qe(e.getFetch())(S,T,A,u,C,a.token_renew_mode,k);if(b.success){const{isValid:F,reason:E}=de(b.data,h.nonce,y);if(!F)return o(null),e.publishEvent(p.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${E}`}),{tokens:null,status:"SESSION_LOST"};if(o(b.data),b.demonstratingProofOfPossessionNonce){const D=await I(a,e.configurationName);D?await D.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await P(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(p.refreshTokensAsync_end,{success:b.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(p.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await ee(e)(l,t,s,o)})()}}}catch(c){return console.error(c),e.publishEvent(p.refreshTokensAsync_silent_error,{message:"exception",exception:c.message}),ee(e)(l,t,s,o)}},ie=(e,n,t)=>(s=null,o=null,r=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(p.silentLoginAsync_begin,{});let i="";if(o&&(s==null&&(s={}),s.state=o),r&&(s==null&&(s={}),s.scope=r),s!=null)for(const[c,u]of Object.entries(s))i===""?i=`?${encodeURIComponent(c)}=${encodeURIComponent(u)}`:i+=`&${encodeURIComponent(c)}=${encodeURIComponent(u)}`;const l=n.silent_login_uri+i,a=l.indexOf("/",l.indexOf("//")+2),d=l.substring(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",l),document.body.appendChild(f),new Promise((c,u)=>{let h=!1;const g=()=>{window.removeEventListener("message",m),f.remove(),h=!0},m=_=>{if(_.origin===d&&_.source===f.contentWindow){const w=`${e}_oidc_tokens:`,A=`${e}_oidc_error:`,v=`${e}_oidc_exception:`,T=_.data;if(T&&typeof T=="string"&&!h){if(T.startsWith(w)){const y=JSON.parse(_.data.replace(w,""));t(p.silentLoginAsync_end,{}),c(y),g()}else if(T.startsWith(A)){const y=JSON.parse(_.data.replace(A,""));t(p.silentLoginAsync_error,y),c({error:"oidc_"+y.error,tokens:null,sessionState:null}),g()}else if(T.startsWith(v)){const y=JSON.parse(_.data.replace(v,""));t(p.silentLoginAsync_error,y),u(new Error(y.error)),g()}}}};try{window.addEventListener("message",m);const _=n.silent_login_timeout;setTimeout(()=>{h||(g(),t(p.silentLoginAsync_error,{reason:"timeout"}),u(new Error("timeout")))},_)}catch(_){g(),t(p.silentLoginAsync_error,_),u(_)}})}catch(i){throw t(p.silentLoginAsync_error,i),i}},sn=(e,n,t,s,o)=>(r=null,i=void 0)=>{r={...r};const l=(d,f,c)=>ie(n,t,s.bind(o))(d,f,c);return(async()=>{o.timeoutId&&M.clearTimeout(o.timeoutId);let d;r&&"state"in r&&(d=r.state,delete r.state);try{const f=t.extras?{...t.extras,...r}:r,c=await l({...f,prompt:"none"},d,i);if(c)return o.tokens=c.tokens,s(p.token_aquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,r),{}}catch(f){return f}})()},on=(e,n,t)=>(s,o,r,i=!1)=>{const l=(a,d=void 0,f=void 0)=>ie(e.configurationName,t,e.publishEvent.bind(e))(a,d,f);return new Promise((a,d)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&r&&!i){const f=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const u=c.idToken,h=c.idTokenPayload;return l({prompt:"none",id_token_hint:u,scope:t.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const m=g.tokens.idTokenPayload;if(h.sub===m.sub){const _=g.sessionState;e.checkSessionIFrame.start(g.sessionState),h.sid===m.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",_):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",_)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",m.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[m,_]of Object.entries(n))await _.logoutOtherTabAsync(t.client_id,h.sub)})};e.checkSessionIFrame=new Ce(f,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(r),a(e.checkSessionIFrame)}).catch(c=>{d(c)})}else a(null)})},Ee=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},rn=e=>{const n=Ee(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},j=e=>{const n=Ee(e),{search:t}=n;return an(t)},an=e=>{const n={};let t,s,o;const r=e.split("&");for(s=0,o=r.length;s<o;s++)t=r[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},cn=(e,n,t,s,o)=>(r=void 0,i=null,l=!1,a=void 0)=>{const d=i;return i={...i},(async()=>{const c=r||o.getPath();if("state"in i||(i.state=oe(16)),t(p.loginAsync_begin,{}),i)for(const u of Object.keys(i))u.endsWith(":token_request")&&delete i[u];try{const u=l?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const h=n.extras?{...n.extras,...i}:i;h.nonce||(h.nonce=oe(12));const g={nonce:h.nonce},m=await I(n,e),_=await s(n.authority,n.authority_configuration);let w;if(m)m.setLoginParams({callbackPath:c,extras:d}),await m.initAsync(_,"loginAsync",n),await m.setNonceAsync(g),m.startKeepAliveServiceWorker(),w=m;else{const v=P(e,n.storage??sessionStorage);v.setLoginParams({callbackPath:c,extras:d}),await v.setNonceAsync(g),w=v}const A={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",...h};await Ze(w,o)(_.authorizationEndpoint,A)}catch(u){throw t(p.loginAsync_error,u),u}})()},ln=e=>async(n=!1)=>{try{e.publishEvent(p.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,r=t.authority,i=t.token_request_timeout,l=await e.initAsync(r,t.authority_configuration),a=e.location.getCurrentHref(),f=j(a).session_state,c=await I(t,e.configurationName);let u,h,g,m;if(c)await c.initAsync(l,"loginCallbackAsync",t),await c.setSessionStateAsync(f),h=await c.getNonceAsync(),g=c.getLoginParams(),m=await c.getStateAsync(),c.startKeepAliveServiceWorker(),u=c;else{const E=P(e.configurationName,t.storage??sessionStorage);await E.setSessionStateAsync(f),h=await E.getNonceAsync(),g=E.getLoginParams(),m=await E.getStateAsync(),u=E}const _=j(a);if(_.error||_.error_description)throw new Error(`Error from OIDC server: ${_.error} - ${_.error_description}`);if(_.iss&&_.iss!==l.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${l.issuer}, received: ${_.iss})`);if(_.state&&_.state!==m)throw new Error(`State not valid (expected: ${m}, received: ${_.state})`);const w={code:_.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},A={};if(t.token_request_extras)for(const[E,D]of Object.entries(t.token_request_extras))A[E]=D;if(g&&g.extras)for(const[E,D]of Object.entries(g.extras))E.endsWith(":token_request")&&(A[E.replace(":token_request","")]=D);const v=l.tokenEndpoint,T={};if(t.demonstrating_proof_of_possession)if(c)T.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const E=await He(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await P(e.configurationName,t.storage).setDemonstratingProofOfPossessionJwkAsync(E),T.DPoP=await we(window)(t.demonstrating_proof_of_possession_configuration)(E,"POST",v)}const y=await en(u)(v,{...w,...A},T,e.configuration.token_renew_mode,i);if(!y.success)throw new Error("Token request failed");let k;const S=y.data.tokens,C=y.data.demonstratingProofOfPossessionNonce;if(y.data.state!==A.state)throw new Error("state is not valid");const{isValid:b,reason:F}=de(S,h.nonce,l);if(!b)throw new Error(`Tokens are not OpenID valid, reason: ${F}`);if(c){if(S.refreshToken&&!S.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&S.accessToken&&S.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(l,"syncTokensAsync",t),k=c.getLoginParams(),C&&await c.setDemonstratingProofOfPossessionNonce(C);else{const E=P(e.configurationName,t.storage);k=E.getLoginParams(),C&&await E.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(l.checkSessionIframe,s,f,n),e.publishEvent(p.loginCallbackAsync_end,{}),{tokens:S,state:"request.state",callbackPath:k.callbackPath}}catch(t){throw console.error(t),e.publishEvent(p.loginCallbackAsync_error,t),t}},Oe={access_token:"access_token",refresh_token:"refresh_token"},ae=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const r=s.replace(n,"");t[r]=o}return t}return t},un=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},fn=e=>async n=>{M.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await I(e.configuration,e.configurationName);t?await t.clearAsync(n):await P(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},_n=(e,n,t,s,o)=>async(r=void 0,i=null)=>{const l=e.configuration,a=await e.initAsync(l.authority,l.authority_configuration);r&&typeof r!="string"&&(r=void 0,s.warn("callbackPathOrUrl path is not a string"));const d=r??o.getPath();let f=!1;r&&(f=r.includes("https://")||r.includes("http://"));const c=f?r:o.getOrigin()+d,u=e.tokens?e.tokens.idToken:"";try{const w=a.revocationEndpoint;if(w){const A=[],v=e.tokens?e.tokens.accessToken:null;if(v&&l.logout_tokens_to_invalidate.includes(Oe.access_token)){const y=ae(i,":revoke_access_token"),k=ve(t)(w,v,re.access_token,l.client_id,y);A.push(k)}const T=e.tokens?e.tokens.refreshToken:null;if(T&&l.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const y=ae(i,":revoke_refresh_token"),k=ve(t)(w,T,re.refresh_token,l.client_id,y);A.push(k)}A.length>0&&await Promise.all(A)}}catch(w){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(w)}const h=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[w,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,h):e.publishEvent(p.logout_from_same_tab,{});const g=ae(i,":oidc");if(g&&g.no_reload==="true")return;const _=un(i);if(a.endSessionEndpoint){"id_token_hint"in _||(_.id_token_hint=u),!("post_logout_redirect_uri"in _)&&r!==null&&(_.post_logout_redirect_uri=c);let w="";for(const[A,v]of Object.entries(_))v!=null&&(w===""?w+="?":w+="&",w+=`${A}=${encodeURIComponent(v)}`);o.open(`${a.endSessionEndpoint}${w}`)}else o.reload()},Pe=(e,n)=>async(...t)=>{var u;const[s,o,...r]=t,i=o?{...o}:{method:"GET"};let l=new Headers;i.headers&&(l=i.headers instanceof Headers?i.headers:new Headers(i.headers));const a=n,d=await _e(a),f=(u=d==null?void 0:d.tokens)==null?void 0:u.accessToken;if(l.has("Accept")||l.set("Accept","application/json"),f){if(a.configuration.demonstrating_proof_of_possession){const h=await a.generateDemonstrationOfProofOfPossessionAsync(f,s.toString(),i.method);l.set("Authorization",`PoP ${f}`),l.set("DPoP",h)}else l.set("Authorization",`Bearer ${f}`);i.credentials||(i.credentials="same-origin")}const c={...i,headers:l};return await e(s,c,...r)},dn=e=>async(n=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,o=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,i=await(async()=>{const a=await Pe(fetch,e)(o);return a.status!==200?null:a.json()})();return e.userInfo=i,i};class q{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const hn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),yn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const r=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in r){const a=r[l];if(a.r.test(t)){o=a.s;break}}let i=s;switch(/Windows/.test(o)&&(i=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":i=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);l!=null&&l.length>2&&(i=l[1]+"."+l[2]+"."+(parseInt(l[3])|0));break}}return{os:o,osVersion:i}};function gn(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const kn=()=>{const{name:e,version:n}=gn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=yn(navigator);return!hn(t)},mn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(p.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await I(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const r=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,r.extras);const i=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.check_session_iframe,t.client_id,i),e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(p.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=P(e.configurationName,t.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){e.tokens=z(r,null,t.token_renew_mode);const i=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,i.extras);const l=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.check_session_iframe,t.client_id,l),e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(p.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ie=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const L={},pn=(e,n=new q)=>(t,s="default")=>(L[s]||(L[s]=new x(t,s,e,n)),L[s]),wn=async e=>{const{parsedTokens:n,callbackPath:t}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt),{callbackPath:t}},An=e=>Math.floor(Math.random()*e),G=class G{constructor(n,t="default",s,o=new q){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let r=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(r=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let i=n.refresh_time_before_tokens_expiration_in_second??120;i>60&&(i=i-Math.floor(Math.random()*40)),this.location=o??new q;const l=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:r,token_automatic_renew_mode:n.token_automatic_renew_mode??$.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:i,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:l,service_worker_activate:n.service_worker_activate??kn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ve},this.getFetch=s??Ie,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=An(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(L,n)&&t)throw Error(`OIDC library does seem initialized.
|
|
2
|
-
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return L[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=j(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=j(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new ce({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const r=await I(this.configuration,this.configurationName)?window.localStorage:null;return await ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,r,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=mn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,t,s,o=!1){await on(this,L,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,r=!1){return this.loginPromise!==null?this.loginPromise:r?sn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):(this.loginPromise=cn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.then(i=>(this.loginPromise=null,i)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await ln(this)(n),o=s.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(G.eventNames.token_aquired,o),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.then(s=>(this.loginCallbackPromise=null,s))}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const r=this.configuration,i={ath:await Se(n),...o},l=await I(r,this.configurationName);let a;if(l)return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const
|
|
1
|
+
(function(N,Y){typeof exports=="object"&&typeof module<"u"?Y(exports):typeof define=="function"&&define.amd?define(["exports"],Y):(N=typeof globalThis<"u"?globalThis:N||self,Y(N["oidc-client"]={}))})(this,function(N){"use strict";const R=console;class Ce{constructor(n,t,s,o=2e3,r=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||2e3,this._stopOnError=r;const i=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substr(0,i),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(R.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(R.debug(n),R.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):R.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){R.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(R.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const p={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},P=(e,n=sessionStorage)=>{const t=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),s=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},r=async y=>{n[`oidc.session_state.${e}`]=y},i=async()=>n[`oidc.session_state.${e}`],l=y=>{n[`oidc.nonce.${e}`]=y.nonce},a=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},_=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async y=>{n[`oidc.dpop_nonce.${e}`]=y},u=()=>n[`oidc.dpop_nonce.${e}`],h=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:t,initAsync:s,setTokens:o,getTokens:h,setSessionStateAsync:r,getSessionStateAsync:i,setNonceAsync:l,getNonceAsync:f,setLoginParams:y=>{g[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(g[e]||(g[e]=JSON.parse(y)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:u,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:_}};var $=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))($||{});const Ne=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),xe=e=>JSON.parse(Ne(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&We(e,".")===2?xe(e.split(".")[1]):null}catch(n){console.warn(n)}return null},We=(e,n)=>e.split(n).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const z=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=ue(e.accessToken);let r;n!=null&&"idToken"in n&&!("idToken"in e)?r=n.idToken:r=e.idToken;const i=e.idTokenPayload?e.idTokenPayload:ue(r),l=i&&i.exp?i.exp:Number.MAX_VALUE,a=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=Le(e,s,i);let _;e.expiresAt?_=e.expiresAt:t===X.access_token_invalid?_=a:t===X.id_token_invalid?_=l:_=l<a?l:a;const f={...e,idTokenPayload:i,accessTokenPayload:s,expiresAt:_,idToken:r};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...f,refreshToken:c}}return f},ne=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),z(s,n,t)},V=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},fe=e=>e?V(0,e.expiresAt)>0:!1,_e=async(e,n=200,t=50)=>{let s=t;if(!e.tokens)return null;for(;!fe(e.tokens)&&s>0;){if(e.configuration.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await J({milliseconds:n});s=s-1}return{isTokensValid:fe(e.tokens),tokens:e.tokens,numberWaited:s-t}},de=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const r=60*60*24*7;if(s.iat&&s.iat+r<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+r} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},M=function(){const e=function(){let a,_;const f=(function(){const u={},h={setTimeout:function(m,d,w){u[d]=setTimeout(function(){m.postMessage(d),u[d]=null},w)},setInterval:function(m,d,w){u[d]=setInterval(function(){m.postMessage(d)},w)},clearTimeout:function(m,d){clearTimeout(u[d]),u[d]=null},clearInterval:function(m,d){clearInterval(u[d]),u[d]=null}};function g(m,d){const w=d.data[0],A=d.data[1],v=d.data[2];h[w]&&h[w](m,A,v)}this.onmessage=function(m){g(self,m)},this.onconnect=function(m){const d=m.ports[0];d.onmessage=function(w){g(d,w)}}}).toString();try{const u=new Blob(["(",f,")()"],{type:"application/javascript"});_=URL.createObjectURL(u)}catch{return null}const c=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(_),a.port}catch{c&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(_),a}catch{c&&console.warn("Worker not available")}return null}();if(!e){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const n=function(){let a=0;return function(){return a++,a}}(),t={},s={};e.onmessage=function(a){const _=a.data,f=t[_];if(f){f(),t[_]=null;return}const c=s[_];c&&c()};function o(a,_){const f=n();return e.postMessage(["setTimeout",f,_]),t[f]=a,f}function r(a){e.postMessage(["clearTimeout",a]),t[a]=null}function i(a,_){const f=n();return e.postMessage(["setInterval",f,_]),s[f]=a,f}function l(a){e.postMessage(["clearInterval",a]),s[a]=null}return{setTimeout:o,clearTimeout:r,setInterval:i,clearInterval:l}}(),he="7.22.0-alpha.1416";let ye=null,Q;const J=({milliseconds:e})=>new Promise(n=>M.setTimeout(n,e)),ge=(e="/")=>{try{Q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Q.signal}).catch(s=>{console.log(s)}),J({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},De=()=>{Q&&Q.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,t)=>{t(),await n.update();const s=await n.unregister();console.log(`Service worker unregistering ${s}`),await J({milliseconds:2e3}),e.reload()},O=e=>n=>new Promise(function(t,s){const o=new MessageChannel;o.port1.onmessage=function(r){r.data&&r.data.error?s(r.data.error):t(r.data)},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;let s=null;e.register?s=await e.service_worker_register(t):s=await navigator.serviceWorker.register(t);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await O(s)({type:"claim"})}catch{return null}const o=async k=>O(s)({type:"clear",data:{status:k},configurationName:n}),r=async(k,S,C)=>{const b=await O(s)({type:"init",data:{oidcServerConfiguration:k,where:S,oidcConfiguration:{token_renew_mode:C.token_renew_mode,service_worker_convert_all_requests_to_cors:C.service_worker_convert_all_requests_to_cors}},configurationName:n}),F=b.version;return F!==he&&(console.warn(`Service worker ${F} version mismatch with js client version ${he}, unregistering and reloading`),await C.service_worker_update_require_callback(s,De)),{tokens:ne(b.tokens,null,C.token_renew_mode),status:b.status}},i=(k="/")=>{ye==null&&(ye="not_null",ge(k))},l=k=>O(s)({type:"setSessionState",data:{sessionState:k},configurationName:n}),a=async()=>(await O(s)({type:"getSessionState",data:null,configurationName:n})).sessionState,_=k=>(sessionStorage[`oidc.nonce.${n}`]=k.nonce,O(s)({type:"setNonce",data:{nonce:k},configurationName:n})),f=async()=>{let S=(await O(s)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}};let c={};return{clearAsync:o,initAsync:r,startKeepAliveServiceWorker:()=>i(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:l,getSessionStateAsync:a,setNonceAsync:_,getNonceAsync:f,setLoginParams:k=>{c[n]=k,localStorage[`oidc.login.${n}`]=JSON.stringify(k)},getLoginParams:()=>{const k=localStorage[`oidc.login.${n}`];return c[n]||(c[n]=JSON.parse(k)),c[n]},getStateAsync:async()=>{let S=(await O(s)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async k=>(sessionStorage[`oidc.state.${n}`]=k,O(s)({type:"setState",data:{state:k},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await O(s)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async k=>(sessionStorage[`oidc.code_verifier.${n}`]=k,O(s)({type:"setCodeVerifier",data:{codeVerifier:k},configurationName:n})),setDemonstratingProofOfPossessionNonce:async k=>{await O(s)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:k},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await O(s)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async k=>{const S=JSON.stringify(k);await O(s)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const k=await O(s)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return k.demonstratingProofOfPossessionJwkJson?JSON.parse(k.demonstratingProofOfPossessionJwkJson):null}}},K={},Ke=(e,n=window.sessionStorage,t)=>{if(!K[e]&&n){const o=n.getItem(e);o&&(K[e]=JSON.parse(o))}const s=1e3*t;return K[e]&&K[e].timestamp+s>Date.now()?K[e].result:null},Ue=(e,n,t=window.sessionStorage)=>{const s=Date.now();K[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function ke(e){return new TextEncoder().encode(e)}function me(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Fe(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const te=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),me(n)};function pe(e){return me(Fe(e))}const Ve={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var Me={sign:e=>async(n,t,s,o,r="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=r,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const i={protected:pe(JSON.stringify(t)),payload:pe(JSON.stringify(s))},l=o.importKeyAlgorithm,a=!0,_=["sign"],f=await e.crypto.subtle.importKey("jwk",n,l,a,_),c=ke(`${i.protected}.${i.payload}`),u=o.signAlgorithm,h=await e.crypto.subtle.sign(u,f,c);return i.signature=te(new Uint8Array(h)),`${i.protected}.${i.payload}.${i.signature}`}};const Je={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],r=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",r.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var Be={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,ke(s));return te(new Uint8Array(o))}};const He=e=>async n=>await Je.generate(e)(n),we=e=>n=>async(t,s="POST",o,r={})=>{const i={jti:btoa(je()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...r},l=await Be.thumbprint(e)(t,n.digestAlgorithm);return await Me.sign(e)(t,{kid:l},i,n)},je=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Ae=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%se.length;n.push(se[s])}return n.join("")},oe=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Ae();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*se.length|0;return qe(n)};function Ge(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function Se(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",Ge(e)).then(s=>n(te(new Uint8Array(s))),s=>t(s))})}const Ye=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Ae();return n?Se(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Xe=60*60,ze=e=>async(n,t=Xe,s=window.sessionStorage,o=1e4)=>{const r=`${n}/.well-known/openid-configuration`,i=`oidc.server:${n}`,l=Ke(i,s,t);if(l)return new ce(l);const a=await B(e)(r,{},o);if(a.status!==200)return null;const _=await a.json();return Ue(i,_,s),new ce(_)},B=e=>async(n,t={},s=1e4,o=0)=>{let r;try{const i=new AbortController;setTimeout(()=>i.abort(),s),r=await e(n,{...t,signal:i.signal})}catch(i){if(i.name==="AbortError"||i.message==="Network request failed"){if(o<=1)return await B(e)(n,t,s,o+1);throw i}else throw console.error(i.message),i}return r},re={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,t,s=re.refresh_token,o,r={},i=1e4)=>{const l={token:t,token_type_hint:s,client_id:o};for(const[c,u]of Object.entries(r))l[c]===void 0&&(l[c]=u);const a=[];for(const c in l){const u=encodeURIComponent(c),h=encodeURIComponent(l[c]);a.push(`${u}=${h}`)}const _=a.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:_},i)).status!==200?{success:!1}:{success:!0}},Qe=e=>async(n,t,s,o,r={},i,l=1e4)=>{for(const[h,g]of Object.entries(s))t[h]===void 0&&(t[h]=g);const a=[];for(const h in t){const g=encodeURIComponent(h),m=encodeURIComponent(t[h]);a.push(`${g}=${m}`)}const _=a.join("&"),f=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...r},body:_},l);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const c=await f.json();let u=null;return f.headers.has(Z)&&(u=f.headers.get(Z)),{success:!0,status:f.status,data:ne(c,o,i),demonstratingProofOfPossessionNonce:u}},Ze=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=oe(128),r=await Ye(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=r,s.code_challenge_method="S256";let i="";if(s)for(const[l,a]of Object.entries(s))i===""?i+="?":i+="&",i+=`${l}=${encodeURIComponent(a)}`;n.open(`${t}${i}`)},Z="DPoP-Nonce",en=e=>async(n,t,s,o,r=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const i=[];for(const c in t){const u=encodeURIComponent(c),h=encodeURIComponent(t[c]);i.push(`${u}=${h}`)}const l=i.join("&"),a=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:l},r);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let _=null;a.headers.has(Z)&&(_=a.headers.get(Z));const f=await a.json();return{success:!0,data:{state:t.state,tokens:ne(f,null,o),demonstratingProofOfPossessionNonce:_}}};async function Te(e,n,t){const s=l=>{e.tokens=l},{tokens:o,status:r}=await ee(e)(0,n,t,s);return await I(e.configuration,e.configurationName)||await P(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(r),null)}const nn=async(e,n)=>{const t=await I(n,e.configurationName);if(t){const s=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await t.initAsync(s,"tryKeepExistingSessionAsync",n);return o}else{const s=P(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await s.initAsync();return o=z(o,e.tokens,n.token_renew_mode),o}};async function be(e,n=!1,t=null){const s=e.configuration,o=`${s.client_id}_${e.configurationName}_${s.authority}`;let r;const i=await I(e.configuration,e.configurationName);return(s==null?void 0:s.storage)===(window==null?void 0:window.sessionStorage)&&!i?r=await Te(e,n,t):r=await navigator.locks.request(o,{ifAvailable:!0},async l=>l?await Te(e,n,t):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await nn(e,s))),r?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,t)),e.tokens):null}const H=(e,n,t=null)=>{const s=e.configuration.refresh_time_before_tokens_expiration_in_second;return M.setTimeout(async()=>{const r={timeLeft:V(s,n)};e.publishEvent(x.eventNames.token_timer,r),await be(e,!1,t)},1e3)},W={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},tn=e=>async(n,t,s,o=!1)=>{const r={nonce:null};if(!s)return{tokens:null,status:"NOT_CONNECTED",nonce:r};let i=r;const l=await e.initAsync(n.authority,n.authority_configuration),a=await I(n,t);if(a){const{status:c,tokens:u}=await a.initAsync(l,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(!c||!u)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:r};if(u.issuedAt!==s.issuedAt){const g=V(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",m=await a.getNonceAsync();return{tokens:u,status:g,nonce:m}}i=await a.getNonceAsync()}else{const c=P(t,n.storage??sessionStorage);let{tokens:u,status:h}=await c.initAsync();if(u&&(u=z(u,e.tokens,n.token_renew_mode)),u){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:r};if(u.issuedAt!==s.issuedAt){const m=V(n.refresh_time_before_tokens_expiration_in_second,u.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",d=await c.getNonceAsync();return{tokens:u,status:m,nonce:d}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:r};i=await c.getNonceAsync()}const f=V(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:i}:{tokens:s,status:f,nonce:i}},ee=e=>async(n=0,t=!1,s=null,o)=>{for(;!navigator.onLine&&document.hidden;)await J({milliseconds:1e3}),e.publishEvent(p.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await J({milliseconds:1e3}),r--,e.publishEvent(p.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const i=document.hidden,l=n+1;s||(s={});const a=e.configuration,_=(c,u=null,h=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(c,u,h),f=async()=>{try{let c;const u=await I(a,e.configurationName);u?c=u.getLoginParams():c=P(e.configurationName,a.storage).getLoginParams();const h=await _({...c.extras,...s,prompt:"none"});return h?h.error?(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(h.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:h.tokens,status:"LOGGED"}):(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(c){return console.error(c),e.publishEvent(p.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:c.message}),await ee(e)(l,t,s,o)}};if(n>4)return i?{tokens:e.tokens,status:"GIVE_UP"}:(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});try{const{status:c,tokens:u,nonce:h}=await tn(e)(a,e.configurationName,e.tokens,t);switch(c){case W.SESSION_LOST:return o(null),e.publishEvent(p.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case W.NOT_CONNECTED:return o(null),{tokens:null,status:null};case W.TOKENS_VALID:return o(u),{tokens:u,status:"LOGGED_IN"};case W.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(u),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:u,status:"LOGGED_IN"};case W.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(p.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case W.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==c?(e.publishEvent(p.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(p.refreshTokensAsync_begin,{tryNumber:n}),await f());default:{if(a.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==c)return e.publishEvent(p.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(p.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:c,tryNumber:n}),!u.refreshToken)return await f();const g=a.client_id,m=a.redirect_uri,d=a.authority,A={...a.token_request_extras?a.token_request_extras:{}};for(const[T,y]of Object.entries(s))T.endsWith(":token_request")&&(A[T.replace(":token_request","")]=y);return await(async()=>{const T={client_id:g,redirect_uri:m,grant_type:"refresh_token",refresh_token:u.refreshToken},y=await e.initAsync(d,a.authority_configuration),k=document.hidden?1e4:3e4*10,S=y.tokenEndpoint,C={};a.demonstrating_proof_of_possession&&(C.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,S,"POST"));const b=await Qe(e.getFetch())(S,T,A,u,C,a.token_renew_mode,k);if(b.success){const{isValid:F,reason:E}=de(b.data,h.nonce,y);if(!F)return o(null),e.publishEvent(p.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${E}`}),{tokens:null,status:"SESSION_LOST"};if(o(b.data),b.demonstratingProofOfPossessionNonce){const D=await I(a,e.configurationName);D?await D.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await P(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(p.refreshTokensAsync_end,{success:b.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(p.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(o(null),e.publishEvent(p.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await ee(e)(l,t,s,o)})()}}}catch(c){return console.error(c),e.publishEvent(p.refreshTokensAsync_silent_error,{message:"exception",exception:c.message}),ee(e)(l,t,s,o)}},ie=(e,n,t)=>(s=null,o=null,r=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(p.silentLoginAsync_begin,{});let i="";if(o&&(s==null&&(s={}),s.state=o),r&&(s==null&&(s={}),s.scope=r),s!=null)for(const[c,u]of Object.entries(s))i===""?i=`?${encodeURIComponent(c)}=${encodeURIComponent(u)}`:i+=`&${encodeURIComponent(c)}=${encodeURIComponent(u)}`;const l=n.silent_login_uri+i,a=l.indexOf("/",l.indexOf("//")+2),_=l.substring(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",l),document.body.appendChild(f),new Promise((c,u)=>{let h=!1;const g=()=>{window.removeEventListener("message",m),f.remove(),h=!0},m=d=>{if(d.origin===_&&d.source===f.contentWindow){const w=`${e}_oidc_tokens:`,A=`${e}_oidc_error:`,v=`${e}_oidc_exception:`,T=d.data;if(T&&typeof T=="string"&&!h){if(T.startsWith(w)){const y=JSON.parse(d.data.replace(w,""));t(p.silentLoginAsync_end,{}),c(y),g()}else if(T.startsWith(A)){const y=JSON.parse(d.data.replace(A,""));t(p.silentLoginAsync_error,y),c({error:"oidc_"+y.error,tokens:null,sessionState:null}),g()}else if(T.startsWith(v)){const y=JSON.parse(d.data.replace(v,""));t(p.silentLoginAsync_error,y),u(new Error(y.error)),g()}}}};try{window.addEventListener("message",m);const d=n.silent_login_timeout;setTimeout(()=>{h||(g(),t(p.silentLoginAsync_error,{reason:"timeout"}),u(new Error("timeout")))},d)}catch(d){g(),t(p.silentLoginAsync_error,d),u(d)}})}catch(i){throw t(p.silentLoginAsync_error,i),i}},sn=(e,n,t,s,o)=>(r=null,i=void 0)=>{r={...r};const l=(_,f,c)=>ie(n,t,s.bind(o))(_,f,c);return(async()=>{o.timeoutId&&M.clearTimeout(o.timeoutId);let _;r&&"state"in r&&(_=r.state,delete r.state);try{const f=t.extras?{...t.extras,...r}:r,c=await l({...f,prompt:"none"},_,i);if(c)return o.tokens=c.tokens,s(p.token_aquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,r),{}}catch(f){return f}})()},on=(e,n,t)=>(s,o,r,i=!1)=>{const l=(a,_=void 0,f=void 0)=>ie(e.configurationName,t,e.publishEvent.bind(e))(a,_,f);return new Promise((a,_)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&r&&!i){const f=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const u=c.idToken,h=c.idTokenPayload;return l({prompt:"none",id_token_hint:u,scope:t.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const m=g.tokens.idTokenPayload;if(h.sub===m.sub){const d=g.sessionState;e.checkSessionIFrame.start(g.sessionState),h.sid===m.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",d):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",d)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",m.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[m,d]of Object.entries(n))await d.logoutOtherTabAsync(t.client_id,h.sub)})};e.checkSessionIFrame=new Ce(f,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(r),a(e.checkSessionIFrame)}).catch(c=>{_(c)})}else a(null)})},Ee=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},rn=e=>{const n=Ee(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},j=e=>{const n=Ee(e),{search:t}=n;return an(t)},an=e=>{const n={};let t,s,o;const r=e.split("&");for(s=0,o=r.length;s<o;s++)t=r[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},cn=(e,n,t,s,o)=>(r=void 0,i=null,l=!1,a=void 0)=>{const _=i;return i={...i},(async()=>{const c=r||o.getPath();if("state"in i||(i.state=oe(16)),t(p.loginAsync_begin,{}),i)for(const u of Object.keys(i))u.endsWith(":token_request")&&delete i[u];try{const u=l?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const h=n.extras?{...n.extras,...i}:i;h.nonce||(h.nonce=oe(12));const g={nonce:h.nonce},m=await I(n,e),d=await s(n.authority,n.authority_configuration);let w;if(m)m.setLoginParams({callbackPath:c,extras:_}),await m.initAsync(d,"loginAsync",n),await m.setNonceAsync(g),m.startKeepAliveServiceWorker(),w=m;else{const v=P(e,n.storage??sessionStorage);v.setLoginParams({callbackPath:c,extras:_}),await v.setNonceAsync(g),w=v}const A={client_id:n.client_id,redirect_uri:u,scope:a,response_type:"code",...h};await Ze(w,o)(d.authorizationEndpoint,A)}catch(u){throw t(p.loginAsync_error,u),u}})()},ln=e=>async(n=!1)=>{try{e.publishEvent(p.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,r=t.authority,i=t.token_request_timeout,l=await e.initAsync(r,t.authority_configuration),a=e.location.getCurrentHref(),f=j(a).session_state,c=await I(t,e.configurationName);let u,h,g,m;if(c)await c.initAsync(l,"loginCallbackAsync",t),await c.setSessionStateAsync(f),h=await c.getNonceAsync(),g=c.getLoginParams(),m=await c.getStateAsync(),c.startKeepAliveServiceWorker(),u=c;else{const E=P(e.configurationName,t.storage??sessionStorage);await E.setSessionStateAsync(f),h=await E.getNonceAsync(),g=E.getLoginParams(),m=await E.getStateAsync(),u=E}const d=j(a);if(d.error||d.error_description)throw new Error(`Error from OIDC server: ${d.error} - ${d.error_description}`);if(d.iss&&d.iss!==l.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${l.issuer}, received: ${d.iss})`);if(d.state&&d.state!==m)throw new Error(`State not valid (expected: ${m}, received: ${d.state})`);const w={code:d.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},A={};if(t.token_request_extras)for(const[E,D]of Object.entries(t.token_request_extras))A[E]=D;if(g&&g.extras)for(const[E,D]of Object.entries(g.extras))E.endsWith(":token_request")&&(A[E.replace(":token_request","")]=D);const v=l.tokenEndpoint,T={};if(t.demonstrating_proof_of_possession)if(c)T.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const E=await He(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await P(e.configurationName,t.storage).setDemonstratingProofOfPossessionJwkAsync(E),T.DPoP=await we(window)(t.demonstrating_proof_of_possession_configuration)(E,"POST",v)}const y=await en(u)(v,{...w,...A},T,e.configuration.token_renew_mode,i);if(!y.success)throw new Error("Token request failed");let k;const S=y.data.tokens,C=y.data.demonstratingProofOfPossessionNonce;if(y.data.state!==A.state)throw new Error("state is not valid");const{isValid:b,reason:F}=de(S,h.nonce,l);if(!b)throw new Error(`Tokens are not OpenID valid, reason: ${F}`);if(c){if(S.refreshToken&&!S.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(C&&S.accessToken&&S.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(l,"syncTokensAsync",t),k=c.getLoginParams(),C&&await c.setDemonstratingProofOfPossessionNonce(C);else{const E=P(e.configurationName,t.storage);k=E.getLoginParams(),C&&await E.setDemonstratingProofOfPossessionNonce(C)}return await e.startCheckSessionAsync(l.checkSessionIframe,s,f,n),e.publishEvent(p.loginCallbackAsync_end,{}),{tokens:S,state:"request.state",callbackPath:k.callbackPath}}catch(t){throw console.error(t),e.publishEvent(p.loginCallbackAsync_error,t),t}},Oe={access_token:"access_token",refresh_token:"refresh_token"},ae=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const r=s.replace(n,"");t[r]=o}return t}return t},un=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},fn=e=>async n=>{M.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await I(e.configuration,e.configurationName);t?await t.clearAsync(n):await P(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},_n=(e,n,t,s,o)=>async(r=void 0,i=null)=>{const l=e.configuration,a=await e.initAsync(l.authority,l.authority_configuration);r&&typeof r!="string"&&(r=void 0,s.warn("callbackPathOrUrl path is not a string"));const _=r??o.getPath();let f=!1;r&&(f=r.includes("https://")||r.includes("http://"));const c=f?r:o.getOrigin()+_,u=e.tokens?e.tokens.idToken:"";try{const w=a.revocationEndpoint;if(w){const A=[],v=e.tokens?e.tokens.accessToken:null;if(v&&l.logout_tokens_to_invalidate.includes(Oe.access_token)){const y=ae(i,":revoke_access_token"),k=ve(t)(w,v,re.access_token,l.client_id,y);A.push(k)}const T=e.tokens?e.tokens.refreshToken:null;if(T&&l.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const y=ae(i,":revoke_refresh_token"),k=ve(t)(w,T,re.refresh_token,l.client_id,y);A.push(k)}A.length>0&&await Promise.all(A)}}catch(w){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(w)}const h=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[w,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,h):e.publishEvent(p.logout_from_same_tab,{});const g=ae(i,":oidc");if(g&&g.no_reload==="true")return;const d=un(i);if(a.endSessionEndpoint){"id_token_hint"in d||(d.id_token_hint=u),!("post_logout_redirect_uri"in d)&&r!==null&&(d.post_logout_redirect_uri=c);let w="";for(const[A,v]of Object.entries(d))v!=null&&(w===""?w+="?":w+="&",w+=`${A}=${encodeURIComponent(v)}`);o.open(`${a.endSessionEndpoint}${w}`)}else o.reload()},Pe=(e,n,t=!1)=>async(...s)=>{var h;const[o,r,...i]=s,l=r?{...r}:{method:"GET"};let a=new Headers;l.headers&&(a=l.headers instanceof Headers?l.headers:new Headers(l.headers));const _=n,f=await _e(_),c=(h=f==null?void 0:f.tokens)==null?void 0:h.accessToken;if(a.has("Accept")||a.set("Accept","application/json"),c){if(_.configuration.demonstrating_proof_of_possession&&t){const g=await _.generateDemonstrationOfProofOfPossessionAsync(c,o.toString(),l.method);a.set("Authorization",`PoP ${c}`),a.set("DPoP",g)}else a.set("Authorization",`Bearer ${c}`);l.credentials||(l.credentials="same-origin")}const u={...l,headers:a};return await e(o,u,...i)},dn=e=>async(n=!1,t=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const s=e.configuration,r=(await e.initAsync(s.authority,s.authority_configuration)).userInfoEndpoint,l=await(async()=>{const _=await Pe(fetch,e,t)(r);return _.status!==200?null:_.json()})();return e.userInfo=l,l};class q{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const hn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),yn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const r=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in r){const a=r[l];if(a.r.test(t)){o=a.s;break}}let i=s;switch(/Windows/.test(o)&&(i=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":i=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);l!=null&&l.length>2&&(i=l[1]+"."+l[2]+"."+(parseInt(l[3])|0));break}}return{os:o,osVersion:i}};function gn(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const kn=()=>{const{name:e,version:n}=gn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=yn(navigator);return!hn(t)},mn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(p.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await I(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const r=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,r.extras);const i=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.check_session_iframe,t.client_id,i),e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(p.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=P(e.configurationName,t.storage??sessionStorage),{tokens:r}=await o.initAsync();if(r){e.tokens=z(r,null,t.token_renew_mode);const i=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,i.extras);const l=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.check_session_iframe,t.client_id,l),e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(p.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(p.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ie=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const L={},pn=(e,n=new q)=>(t,s="default")=>(L[s]||(L[s]=new x(t,s,e,n)),L[s]),wn=async e=>{const{parsedTokens:n,callbackPath:t}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt),{callbackPath:t}},An=e=>Math.floor(Math.random()*e),G=class G{constructor(n,t="default",s,o=new q){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let r=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(r=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let i=n.refresh_time_before_tokens_expiration_in_second??120;i>60&&(i=i-Math.floor(Math.random()*40)),this.location=o??new q;const l=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:r,token_automatic_renew_mode:n.token_automatic_renew_mode??$.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:i,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:l,service_worker_activate:n.service_worker_activate??kn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ve},this.getFetch=s??Ie,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=An(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(L,n)&&t)throw Error(`OIDC library does seem initialized.
|
|
2
|
+
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return L[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=j(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=j(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new ce({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const r=await I(this.configuration,this.configurationName)?window.localStorage:null;return await ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,r,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=mn(this),this.tryKeepExistingSessionPromise.then(n=>(this.tryKeepExistingSessionPromise=null,n)))}async startCheckSessionAsync(n,t,s,o=!1){await on(this,L,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,r=!1){return this.loginPromise!==null?this.loginPromise:r?sn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):(this.loginPromise=cn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.then(i=>(this.loginPromise=null,i)))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await ln(this)(n),o=s.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(G.eventNames.token_aquired,o),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.then(s=>(this.loginCallbackPromise=null,s))}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const r=this.configuration,i={ath:await Se(n),...o},l=await I(r,this.configurationName);let a;if(l)return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const _=P(this.configurationName,r.storage);let f=await _.getDemonstratingProofOfPossessionJwkAsync();return a=await _.getDemonstratingProofOfPossessionNonce(),a&&(i.nonce=a),await we(window)(r.demonstrating_proof_of_possession_configuration)(f,s,t,i)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=wn(this),this.loginCallbackWithAutoTokensRenewPromise.then(n=>(this.loginCallbackWithAutoTokensRenewPromise=null,n)))}userInfoAsync(n=!1,t=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=dn(this)(n,t),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return M.clearTimeout(this.timeoutId),this.renewTokensPromise=be(this,!0,n),this.renewTokensPromise.then(t=>(this.renewTokensPromise=null,t))}async destroyAsync(n){return await fn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(p.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(p.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=_n(this,L,this.getFetch(),console,this.location)(n,t),this.logoutPromise.then(s=>(this.logoutPromise=null,s)))}};G.getOrCreate=(n,t)=>(s,o="default")=>pn(n,t)(s,o),G.eventNames=p;let x=G;const U=class U{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new U(x.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,r=!1){return this._oidc.loginAsync(n,t,s,o,r)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){return _e(this._oidc,n,t)}fetchWithTokens(n,t){return Pe(n,this,t)}async userInfoAsync(n=!1,t=!1){return this._oidc.userInfoAsync(n)}};U.getOrCreate=(n,t=new q)=>(s,o="default")=>new U(x.getOrCreate(n,t)(s,o)),U.eventNames=x.eventNames;let le=U;N.OidcClient=le,N.OidcLocation=q,N.TokenAutomaticRenewMode=$,N.TokenRenewMode=X,N.getFetchDefault=Ie,N.getParseQueryStringFromLocation=j,N.getPath=rn,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});
|
package/dist/oidc.d.ts
CHANGED
|
@@ -87,7 +87,7 @@ export declare class Oidc {
|
|
|
87
87
|
loginCallbackWithAutoTokensRenewPromise: Promise<LoginCallback>;
|
|
88
88
|
loginCallbackWithAutoTokensRenewAsync(): Promise<LoginCallback>;
|
|
89
89
|
userInfoPromise: Promise<any>;
|
|
90
|
-
userInfoAsync(noCache?: boolean): Promise<any>;
|
|
90
|
+
userInfoAsync(noCache?: boolean, demonstrating_proof_of_possession?: boolean): Promise<any>;
|
|
91
91
|
renewTokensPromise: Promise<any>;
|
|
92
92
|
renewTokensAsync(extras?: StringMap): Promise<any>;
|
|
93
93
|
destroyAsync(status: any): Promise<void>;
|
package/dist/oidc.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";AACA,OAAO,EAAC,kBAAkB,EAAC,MAAM,yBAAyB,CAAC;AAM3D,OAAO,EAAiB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AASzD,OAAO,EAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAA0B,MAAM,YAAY,CAAC;AAOhH,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAMxD,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACtD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAC,MAAM,CAAC;CACjB;AAID,qBAAa,qCAAqC;IAC9C,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CAS3B;AAUD,MAAM,MAAM,aAAa,GAAG;IACxB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG;IAChC,YAAY,EAAC,MAAM,CAAC;IACpB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAYD,qBAAa,IAAI;IACN,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBACpB,aAAa,EAAC,iBAAiB,EAAE,iBAAiB,QAAY,EAAE,QAAQ,EAAG,MAAM,KAAK,EAAE,QAAQ,GAAE,cAAmC;IA8CjJ,eAAe,CAAC,IAAI,KAAA,GAAE,MAAM;IAM5B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,YAAW,cAAc,gDAEnE;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAQ9B,mCAAmC,CAAC,SAAS,MAAK;IAa5C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAC,MAAM,EAAE,sBAAsB,EAAC,sBAAsB;IA4B/E,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAW/C,sBAAsB,CAAC,qBAAqB,KAAA,EAAE,QAAQ,KAAA,EAAE,YAAY,KAAA,EAAE,cAAc,UAAQ;IAIlG,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC7B,UAAU,CAAC,YAAY,GAAC,MAAkB,EAAE,MAAM,GAAC,SAAgB,EAAE,cAAc,UAAQ,EAAE,KAAK,GAAC,MAAkB,EAAE,eAAe,UAAQ;IAcpJ,oBAAoB,EAAG,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,kBAAkB,CAAC,aAAa,UAAQ;IA2BxC,6CAA6C,CAAC,WAAW,EAAC,MAAM,EAAE,GAAG,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM,EAAE,MAAM,GAAC,SAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IA2BzI,uCAAuC,EAAC,OAAO,CAAC,aAAa,CAAC,CAAQ;IACrE,qCAAqC,IAAG,OAAO,CAAC,aAAa,CAAC;IAW/D,eAAe,EAAC,OAAO,CAAC,GAAG,CAAC,CAAQ;IACnC,aAAa,CAAC,OAAO,UAAQ;
|
|
1
|
+
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";AACA,OAAO,EAAC,kBAAkB,EAAC,MAAM,yBAAyB,CAAC;AAM3D,OAAO,EAAiB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AASzD,OAAO,EAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAA0B,MAAM,YAAY,CAAC;AAOhH,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAMxD,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACtD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAC,MAAM,CAAC;CACjB;AAID,qBAAa,qCAAqC;IAC9C,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CAS3B;AAUD,MAAM,MAAM,aAAa,GAAG;IACxB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG;IAChC,YAAY,EAAC,MAAM,CAAC;IACpB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAYD,qBAAa,IAAI;IACN,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBACpB,aAAa,EAAC,iBAAiB,EAAE,iBAAiB,QAAY,EAAE,QAAQ,EAAG,MAAM,KAAK,EAAE,QAAQ,GAAE,cAAmC;IA8CjJ,eAAe,CAAC,IAAI,KAAA,GAAE,MAAM;IAM5B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,YAAW,cAAc,gDAEnE;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAQ9B,mCAAmC,CAAC,SAAS,MAAK;IAa5C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAC,MAAM,EAAE,sBAAsB,EAAC,sBAAsB;IA4B/E,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAW/C,sBAAsB,CAAC,qBAAqB,KAAA,EAAE,QAAQ,KAAA,EAAE,YAAY,KAAA,EAAE,cAAc,UAAQ;IAIlG,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC7B,UAAU,CAAC,YAAY,GAAC,MAAkB,EAAE,MAAM,GAAC,SAAgB,EAAE,cAAc,UAAQ,EAAE,KAAK,GAAC,MAAkB,EAAE,eAAe,UAAQ;IAcpJ,oBAAoB,EAAG,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,kBAAkB,CAAC,aAAa,UAAQ;IA2BxC,6CAA6C,CAAC,WAAW,EAAC,MAAM,EAAE,GAAG,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM,EAAE,MAAM,GAAC,SAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IA2BzI,uCAAuC,EAAC,OAAO,CAAC,aAAa,CAAC,CAAQ;IACrE,qCAAqC,IAAG,OAAO,CAAC,aAAa,CAAC;IAW/D,eAAe,EAAC,OAAO,CAAC,GAAG,CAAC,CAAQ;IACnC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAM;IAWvE,kBAAkB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAQ;IAEhC,gBAAgB,CAAE,MAAM,GAAC,SAAgB;IAgBzC,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAQ9C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAQpD,aAAa,EAAC,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC7B,WAAW,CAAC,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,MAAM,GAAE,SAAgB;CAUrG;AAED,eAAe,IAAI,CAAC"}
|
package/dist/oidcClient.d.ts
CHANGED
|
@@ -53,8 +53,8 @@ export declare class OidcClient {
|
|
|
53
53
|
get configuration(): OidcConfiguration;
|
|
54
54
|
generateDemonstrationOfProofOfPossessionAsync(accessToken: string, url: string, method: string, extras?: StringMap): Promise<string>;
|
|
55
55
|
getValidTokenAsync(waitMs?: number, numberWait?: number): Promise<ValidToken>;
|
|
56
|
-
fetchWithTokens(fetch: Fetch): Fetch;
|
|
57
|
-
userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache?: boolean): Promise<T>;
|
|
56
|
+
fetchWithTokens(fetch: Fetch, demonstrating_proof_of_possession: false): Fetch;
|
|
57
|
+
userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache?: boolean, demonstrating_proof_of_possession?: boolean): Promise<T>;
|
|
58
58
|
}
|
|
59
59
|
export interface OidcUserInfo {
|
|
60
60
|
sub: string;
|
package/dist/oidcClient.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAGxD,MAAM,WAAW,eAAe;IAC5B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAC,GAAG,OAAE;CAC5B;AAED,qBAAa,UAAU;IACnB,OAAO,CAAC,KAAK,CAAO;gBACR,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAC,eAAe,GAAE,MAAM;IAI5C,uBAAuB,CAAC,EAAE,EAAC,MAAM,GAAE,IAAI;IAIvC,YAAY,CAAC,SAAS,EAAC,MAAM,EAAE,IAAI,EAAC,GAAG,GAAI,IAAI;IAI/C,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,aAAW,cAAc,qBAAwC,iBAAiB,oBAAqB,UAAU,CAE3J;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAE,UAAU;IAIvC,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAmB;IACpC,2BAA2B,IAAG,OAAO,CAAC,OAAO,CAAC;IAI9C,UAAU,CAAC,YAAY,GAAC,MAAkB,EAAE,MAAM,GAAC,SAAgB,EAAE,cAAc,UAAQ,EAAE,KAAK,GAAC,MAAkB,EAAE,eAAe,UAAQ,GAAE,OAAO,CAAC,OAAO,CAAC;IAIhK,WAAW,CAAC,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,MAAM,GAAE,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAI7G,wBAAwB,IAAG,OAAO,CAAC,IAAI,CAAC;IAIxC,gBAAgB,CAAC,MAAM,GAAC,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAIvD,kBAAkB,IAAG,OAAO,CAAC,aAAa,CAAC;IAI3C,IAAI,MAAM,IAAG,MAAM,CAElB;IAED,IAAI,aAAa,IAAG,iBAAiB,CAEpC;IAEK,6CAA6C,CAAC,WAAW,EAAC,MAAM,EAAE,GAAG,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM,EAAE,MAAM,GAAC,SAAa,GAAI,OAAO,CAAC,MAAM,CAAC;IAIpI,kBAAkB,CAAC,MAAM,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,UAAU,CAAC;IAI5E,eAAe,CAAC,KAAK,EAAE,KAAK,GAAG,KAAK;
|
|
1
|
+
{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAGxD,MAAM,WAAW,eAAe;IAC5B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAC,GAAG,OAAE;CAC5B;AAED,qBAAa,UAAU;IACnB,OAAO,CAAC,KAAK,CAAO;gBACR,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAC,eAAe,GAAE,MAAM;IAI5C,uBAAuB,CAAC,EAAE,EAAC,MAAM,GAAE,IAAI;IAIvC,YAAY,CAAC,SAAS,EAAC,MAAM,EAAE,IAAI,EAAC,GAAG,GAAI,IAAI;IAI/C,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,aAAW,cAAc,qBAAwC,iBAAiB,oBAAqB,UAAU,CAE3J;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAE,UAAU;IAIvC,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAmB;IACpC,2BAA2B,IAAG,OAAO,CAAC,OAAO,CAAC;IAI9C,UAAU,CAAC,YAAY,GAAC,MAAkB,EAAE,MAAM,GAAC,SAAgB,EAAE,cAAc,UAAQ,EAAE,KAAK,GAAC,MAAkB,EAAE,eAAe,UAAQ,GAAE,OAAO,CAAC,OAAO,CAAC;IAIhK,WAAW,CAAC,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,MAAM,GAAE,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAI7G,wBAAwB,IAAG,OAAO,CAAC,IAAI,CAAC;IAIxC,gBAAgB,CAAC,MAAM,GAAC,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAIvD,kBAAkB,IAAG,OAAO,CAAC,aAAa,CAAC;IAI3C,IAAI,MAAM,IAAG,MAAM,CAElB;IAED,IAAI,aAAa,IAAG,iBAAiB,CAEpC;IAEK,6CAA6C,CAAC,WAAW,EAAC,MAAM,EAAE,GAAG,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM,EAAE,MAAM,GAAC,SAAa,GAAI,OAAO,CAAC,MAAM,CAAC;IAIpI,kBAAkB,CAAC,MAAM,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,UAAU,CAAC;IAI5E,eAAe,CAAC,KAAK,EAAE,KAAK,EAAE,iCAAiC,EAAC,KAAK,GAAG,KAAK;IAIvE,aAAa,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,EAAE,OAAO,UAAQ,EAAE,iCAAiC,GAAC,OAAa,GAAE,OAAO,CAAC,CAAC,CAAC;CAG1I;AAED,MAAM,WAAW,YAAY;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB"}
|
package/dist/user.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import Oidc from "./oidc";
|
|
2
|
-
export declare const userInfoAsync: (oidc: Oidc) => (noCache?: boolean) => Promise<any>;
|
|
2
|
+
export declare const userInfoAsync: (oidc: Oidc) => (noCache?: boolean, demonstrating_proof_of_possession?: boolean) => Promise<any>;
|
|
3
3
|
//# sourceMappingURL=user.d.ts.map
|
package/dist/user.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../src/user.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAG1B,eAAO,MAAM,aAAa,SAAS,IAAI,
|
|
1
|
+
{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../src/user.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAG1B,eAAO,MAAM,aAAa,SAAS,IAAI,qFAkBtC,CAAC"}
|
package/dist/version.d.ts
CHANGED
package/dist/version.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":";AAAA,
|
|
1
|
+
{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":";AAAA,wBAAmC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axa-fr/oidc-client",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.22.0-alpha.1416",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.umd.cjs",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"url": "https://github.com/AxaFrance/oidc-client.git"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@axa-fr/oidc-client-service-worker": "7.
|
|
23
|
+
"@axa-fr/oidc-client-service-worker": "7.22.0-alpha.1416"
|
|
24
24
|
},
|
|
25
25
|
"devDependencies": {
|
|
26
26
|
"@testing-library/dom": "9.3.4",
|
package/src/fetch.ts
CHANGED
|
@@ -3,7 +3,7 @@ import {OidcClient} from "./oidcClient";
|
|
|
3
3
|
import {getValidTokenAsync} from "./parseTokens";
|
|
4
4
|
|
|
5
5
|
// @ts-ignore
|
|
6
|
-
export const fetchWithTokens = (fetch: Fetch, oidcClient: Oidc | null) : Fetch => async (...params: Parameters<Fetch>) :Promise<Response> => {
|
|
6
|
+
export const fetchWithTokens = (fetch: Fetch, oidcClient: Oidc | null, demonstrating_proof_of_possession:boolean=false) : Fetch => async (...params: Parameters<Fetch>) :Promise<Response> => {
|
|
7
7
|
const [url, options, ...rest] = params;
|
|
8
8
|
const optionTmp = options ? { ...options } : { method: 'GET' };
|
|
9
9
|
let headers = new Headers();
|
|
@@ -21,7 +21,7 @@ export const fetchWithTokens = (fetch: Fetch, oidcClient: Oidc | null) : Fetch =
|
|
|
21
21
|
headers.set('Accept', 'application/json');
|
|
22
22
|
}
|
|
23
23
|
if (accessToken) {
|
|
24
|
-
if(oidc.configuration.demonstrating_proof_of_possession) {
|
|
24
|
+
if(oidc.configuration.demonstrating_proof_of_possession && demonstrating_proof_of_possession) {
|
|
25
25
|
const demonstrationOdProofOfPossession = await oidc.generateDemonstrationOfProofOfPossessionAsync(accessToken, url.toString(), optionTmp.method);
|
|
26
26
|
headers.set('Authorization', `PoP ${accessToken}`);
|
|
27
27
|
headers.set('DPoP', demonstrationOdProofOfPossession);
|
package/src/oidc.ts
CHANGED
|
@@ -332,11 +332,11 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
332
332
|
}
|
|
333
333
|
|
|
334
334
|
userInfoPromise:Promise<any> = null;
|
|
335
|
-
userInfoAsync(noCache = false) {
|
|
335
|
+
userInfoAsync(noCache = false, demonstrating_proof_of_possession=false) {
|
|
336
336
|
if (this.userInfoPromise !== null) {
|
|
337
337
|
return this.userInfoPromise;
|
|
338
338
|
}
|
|
339
|
-
this.userInfoPromise = userInfoAsync(this)(noCache);
|
|
339
|
+
this.userInfoPromise = userInfoAsync(this)(noCache, demonstrating_proof_of_possession);
|
|
340
340
|
return this.userInfoPromise.then(result => {
|
|
341
341
|
this.userInfoPromise = null;
|
|
342
342
|
return result;
|
package/src/oidcClient.ts
CHANGED
|
@@ -75,11 +75,11 @@ export class OidcClient {
|
|
|
75
75
|
return getValidTokenAsync(this._oidc, waitMs, numberWait);
|
|
76
76
|
}
|
|
77
77
|
|
|
78
|
-
fetchWithTokens(fetch: Fetch): Fetch {
|
|
79
|
-
return fetchWithTokens(fetch, this);
|
|
78
|
+
fetchWithTokens(fetch: Fetch, demonstrating_proof_of_possession:false): Fetch {
|
|
79
|
+
return fetchWithTokens(fetch, this, demonstrating_proof_of_possession);
|
|
80
80
|
}
|
|
81
81
|
|
|
82
|
-
async userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache = false):Promise<T> {
|
|
82
|
+
async userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache = false, demonstrating_proof_of_possession:boolean=false):Promise<T> {
|
|
83
83
|
return this._oidc.userInfoAsync(noCache);
|
|
84
84
|
}
|
|
85
85
|
}
|
package/src/user.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import Oidc from "./oidc";
|
|
2
2
|
import {fetchWithTokens} from "./fetch";
|
|
3
3
|
|
|
4
|
-
export const userInfoAsync = (oidc:Oidc) => async (noCache = false) => {
|
|
4
|
+
export const userInfoAsync = (oidc:Oidc) => async (noCache = false, demonstrating_proof_of_possession=false) => {
|
|
5
5
|
if (oidc.userInfo != null && !noCache) {
|
|
6
6
|
return oidc.userInfo;
|
|
7
7
|
}
|
|
@@ -9,7 +9,7 @@ export const userInfoAsync = (oidc:Oidc) => async (noCache = false) => {
|
|
|
9
9
|
const oidcServerConfiguration = await oidc.initAsync(configuration.authority, configuration.authority_configuration);
|
|
10
10
|
const url = oidcServerConfiguration.userInfoEndpoint;
|
|
11
11
|
const fetchUserInfo = async () => {
|
|
12
|
-
const oidcFetch = fetchWithTokens(fetch, oidc);
|
|
12
|
+
const oidcFetch = fetchWithTokens(fetch, oidc, demonstrating_proof_of_possession);
|
|
13
13
|
const response = await oidcFetch(url);
|
|
14
14
|
if (response.status !== 200) {
|
|
15
15
|
return null;
|
package/src/version.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export default '7.
|
|
1
|
+
export default '7.22.0-alpha.1416';
|