@axa-fr/oidc-client 7.22.16 → 7.22.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -0
- package/dist/index.js +185 -152
- package/dist/index.umd.cjs +2 -2
- package/dist/initWorker.d.ts.map +1 -1
- package/dist/oidc.d.ts.map +1 -1
- package/dist/oidcClient.d.ts +1 -1
- package/dist/oidcClient.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/initWorker.ts +26 -8
- package/src/oidc.ts +7 -14
- package/src/oidcClient.ts +1 -1
- package/src/version.ts +1 -1
package/README.md
CHANGED
|
@@ -121,6 +121,12 @@ trustedDomains.config_with_dpop = {
|
|
|
121
121
|
}*/
|
|
122
122
|
};
|
|
123
123
|
|
|
124
|
+
// Setting allowMultiTabLogin to true will enable storing login-specific parameters (state, nonce, code verifier)
|
|
125
|
+
// separately for each tab. This will prevent errors when logins are initiated from multiple tabs.
|
|
126
|
+
trustedDomains.config_multi_tab_login = {
|
|
127
|
+
domains: ["https://demo.duendesoftware.com"],
|
|
128
|
+
allowMultiTabLogin: true
|
|
129
|
+
};
|
|
124
130
|
```
|
|
125
131
|
|
|
126
132
|
The code of the demo :
|
package/dist/index.js
CHANGED
|
@@ -201,7 +201,7 @@ const X = (e, s = null, n) => {
|
|
|
201
201
|
setInterval: setInterval.bind(e),
|
|
202
202
|
clearInterval: clearInterval.bind(e)
|
|
203
203
|
};
|
|
204
|
-
}(), le = "7.22.
|
|
204
|
+
}(), le = "7.22.18";
|
|
205
205
|
let ue = null, q;
|
|
206
206
|
const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), me = (e = "/") => {
|
|
207
207
|
try {
|
|
@@ -229,73 +229,92 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), me =
|
|
|
229
229
|
i.data && i.data.error ? t(i.data.error) : n(i.data), o.port1.close(), o.port2.close();
|
|
230
230
|
}, e.active.postMessage(s, [o.port2]);
|
|
231
231
|
}), I = async (e, s) => {
|
|
232
|
-
const n =
|
|
233
|
-
|
|
232
|
+
const n = () => {
|
|
233
|
+
const d = sessionStorage.getItem(`oidc.tabId.${s}`);
|
|
234
|
+
if (d)
|
|
235
|
+
return d;
|
|
236
|
+
const p = globalThis.crypto.randomUUID();
|
|
237
|
+
return sessionStorage.setItem(`oidc.tabId.${s}`, p), p;
|
|
238
|
+
}, t = e.service_worker_relative_url;
|
|
239
|
+
if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !t || e.service_worker_activate() === !1)
|
|
234
240
|
return null;
|
|
235
|
-
let
|
|
236
|
-
e.register ?
|
|
241
|
+
let o = null;
|
|
242
|
+
e.register ? o = await e.service_worker_register(t) : o = await navigator.serviceWorker.register(t);
|
|
237
243
|
try {
|
|
238
|
-
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await P(
|
|
244
|
+
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await P(o)({ type: "claim" });
|
|
239
245
|
} catch {
|
|
240
246
|
return null;
|
|
241
247
|
}
|
|
242
|
-
const
|
|
243
|
-
const
|
|
248
|
+
const i = async (d) => P(o)({ type: "clear", data: { status: d }, configurationName: s }), r = async (d, p, b) => {
|
|
249
|
+
const L = await P(o)({
|
|
244
250
|
type: "init",
|
|
245
251
|
data: {
|
|
246
252
|
oidcServerConfiguration: d,
|
|
247
|
-
where:
|
|
253
|
+
where: p,
|
|
248
254
|
oidcConfiguration: {
|
|
249
|
-
token_renew_mode:
|
|
250
|
-
service_worker_convert_all_requests_to_cors:
|
|
255
|
+
token_renew_mode: b.token_renew_mode,
|
|
256
|
+
service_worker_convert_all_requests_to_cors: b.service_worker_convert_all_requests_to_cors
|
|
251
257
|
}
|
|
252
258
|
},
|
|
253
|
-
configurationName: s
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
259
|
+
configurationName: s,
|
|
260
|
+
tabId: n()
|
|
261
|
+
}), v = L.version;
|
|
262
|
+
return v !== le && (console.warn(`Service worker ${v} version mismatch with js client version ${le}, unregistering and reloading`), await b.service_worker_update_require_callback(o, xe)), { tokens: oe(L.tokens, null, b.token_renew_mode), status: L.status };
|
|
263
|
+
}, a = (d = "/") => {
|
|
257
264
|
ue == null && (ue = "not_null", me(d));
|
|
258
|
-
},
|
|
259
|
-
|
|
260
|
-
return
|
|
265
|
+
}, l = (d) => P(o)({ type: "setSessionState", data: { sessionState: d }, configurationName: s }), f = async () => (await P(o)({ type: "getSessionState", data: null, configurationName: s })).sessionState, u = (d) => {
|
|
266
|
+
const p = n();
|
|
267
|
+
return sessionStorage[`oidc.nonce.${s}`] = d.nonce, P(o)({ type: "setNonce", data: { nonce: d }, configurationName: s, tabId: p });
|
|
268
|
+
}, c = async () => {
|
|
269
|
+
const d = n();
|
|
270
|
+
let b = (await P(o)({ type: "getNonce", data: null, configurationName: s, tabId: d })).nonce;
|
|
271
|
+
return b || (b = sessionStorage[`oidc.nonce.${s}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: b };
|
|
261
272
|
};
|
|
262
|
-
let
|
|
273
|
+
let _ = {};
|
|
263
274
|
return {
|
|
264
|
-
clearAsync:
|
|
265
|
-
initAsync:
|
|
266
|
-
startKeepAliveServiceWorker: () =>
|
|
275
|
+
clearAsync: i,
|
|
276
|
+
initAsync: r,
|
|
277
|
+
startKeepAliveServiceWorker: () => a(e.service_worker_keep_alive_path),
|
|
267
278
|
isServiceWorkerProxyActiveAsync: () => We(e.service_worker_keep_alive_path),
|
|
268
|
-
setSessionStateAsync:
|
|
269
|
-
getSessionStateAsync:
|
|
270
|
-
setNonceAsync:
|
|
271
|
-
getNonceAsync:
|
|
279
|
+
setSessionStateAsync: l,
|
|
280
|
+
getSessionStateAsync: f,
|
|
281
|
+
setNonceAsync: u,
|
|
282
|
+
getNonceAsync: c,
|
|
272
283
|
setLoginParams: (d) => {
|
|
273
|
-
|
|
284
|
+
_[s] = d, localStorage[`oidc.login.${s}`] = JSON.stringify(d);
|
|
274
285
|
},
|
|
275
286
|
getLoginParams: () => {
|
|
276
287
|
const d = localStorage[`oidc.login.${s}`];
|
|
277
|
-
return
|
|
288
|
+
return _[s] || (_[s] = JSON.parse(d)), _[s];
|
|
278
289
|
},
|
|
279
290
|
getStateAsync: async () => {
|
|
280
|
-
|
|
281
|
-
|
|
291
|
+
const d = n();
|
|
292
|
+
let b = (await P(o)({ type: "getState", data: null, configurationName: s, tabId: d })).state;
|
|
293
|
+
return b || (b = sessionStorage[`oidc.state.${s}`], console.warn("state not found in service worker, using sessionStorage")), b;
|
|
294
|
+
},
|
|
295
|
+
setStateAsync: async (d) => {
|
|
296
|
+
const p = n();
|
|
297
|
+
return sessionStorage[`oidc.state.${s}`] = d, P(o)({ type: "setState", data: { state: d }, configurationName: s, tabId: p });
|
|
282
298
|
},
|
|
283
|
-
setStateAsync: async (d) => (sessionStorage[`oidc.state.${s}`] = d, P(t)({ type: "setState", data: { state: d }, configurationName: s })),
|
|
284
299
|
getCodeVerifierAsync: async () => {
|
|
285
|
-
|
|
286
|
-
|
|
300
|
+
const d = n();
|
|
301
|
+
let b = (await P(o)({ type: "getCodeVerifier", data: null, configurationName: s, tabId: d })).codeVerifier;
|
|
302
|
+
return b || (b = sessionStorage[`oidc.code_verifier.${s}`], console.warn("codeVerifier not found in service worker, using sessionStorage")), b;
|
|
303
|
+
},
|
|
304
|
+
setCodeVerifierAsync: async (d) => {
|
|
305
|
+
const p = n();
|
|
306
|
+
return sessionStorage[`oidc.code_verifier.${s}`] = d, P(o)({ type: "setCodeVerifier", data: { codeVerifier: d }, configurationName: s, tabId: p });
|
|
287
307
|
},
|
|
288
|
-
setCodeVerifierAsync: async (d) => (sessionStorage[`oidc.code_verifier.${s}`] = d, P(t)({ type: "setCodeVerifier", data: { codeVerifier: d }, configurationName: s })),
|
|
289
308
|
setDemonstratingProofOfPossessionNonce: async (d) => {
|
|
290
|
-
await P(
|
|
309
|
+
await P(o)({ type: "setDemonstratingProofOfPossessionNonce", data: { demonstratingProofOfPossessionNonce: d }, configurationName: s });
|
|
291
310
|
},
|
|
292
|
-
getDemonstratingProofOfPossessionNonce: async () => (await P(
|
|
311
|
+
getDemonstratingProofOfPossessionNonce: async () => (await P(o)({ type: "getDemonstratingProofOfPossessionNonce", data: null, configurationName: s })).demonstratingProofOfPossessionNonce,
|
|
293
312
|
setDemonstratingProofOfPossessionJwkAsync: async (d) => {
|
|
294
|
-
const
|
|
295
|
-
await P(
|
|
313
|
+
const p = JSON.stringify(d);
|
|
314
|
+
await P(o)({ type: "setDemonstratingProofOfPossessionJwk", data: { demonstratingProofOfPossessionJwkJson: p }, configurationName: s });
|
|
296
315
|
},
|
|
297
316
|
getDemonstratingProofOfPossessionJwkAsync: async () => {
|
|
298
|
-
const d = await P(
|
|
317
|
+
const d = await P(o)({ type: "getDemonstratingProofOfPossessionJwk", data: null, configurationName: s });
|
|
299
318
|
return d.demonstratingProofOfPossessionJwkJson ? JSON.parse(d.demonstratingProofOfPossessionJwkJson) : null;
|
|
300
319
|
}
|
|
301
320
|
};
|
|
@@ -495,8 +514,8 @@ const Xe = (e) => {
|
|
|
495
514
|
n[y] === void 0 && (n[y] = g);
|
|
496
515
|
const l = [];
|
|
497
516
|
for (const y in n) {
|
|
498
|
-
const g = encodeURIComponent(y),
|
|
499
|
-
l.push(`${g}=${
|
|
517
|
+
const g = encodeURIComponent(y), w = encodeURIComponent(n[y]);
|
|
518
|
+
l.push(`${g}=${w}`);
|
|
500
519
|
}
|
|
501
520
|
const f = l.join("&"), u = await B(e)(s, {
|
|
502
521
|
method: "POST",
|
|
@@ -579,15 +598,15 @@ async function Te(e, s = !1, n = null) {
|
|
|
579
598
|
const t = e.configuration, o = `${t.client_id}_${e.configurationName}_${t.authority}`;
|
|
580
599
|
let i;
|
|
581
600
|
const r = await I(e.configuration, e.configurationName);
|
|
582
|
-
return (t == null ? void 0 : t.storage) === (window == null ? void 0 : window.sessionStorage) && !r ? i = await de(e, s, n) : i = await navigator.locks.request(o, { ifAvailable: !0 }, async (a) => a ? await de(e, s, n) : (e.publishEvent(
|
|
601
|
+
return (t == null ? void 0 : t.storage) === (window == null ? void 0 : window.sessionStorage) && !r ? i = await de(e, s, n) : i = await navigator.locks.request(o, { ifAvailable: !0 }, async (a) => a ? await de(e, s, n) : (e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), await ns(e, t))), i ? (e.timeoutId && (e.timeoutId = J(e, e.tokens.expiresAt, n)), e.tokens) : null;
|
|
583
602
|
}
|
|
584
603
|
const J = (e, s, n = null) => {
|
|
585
604
|
const t = e.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
586
605
|
return M.setTimeout(async () => {
|
|
587
606
|
const i = { timeLeft: U(t, s) };
|
|
588
|
-
e.publishEvent(
|
|
607
|
+
e.publishEvent(N.eventNames.token_timer, i), await Te(e, !1, n);
|
|
589
608
|
}, 1e3);
|
|
590
|
-
},
|
|
609
|
+
}, x = {
|
|
591
610
|
FORCE_REFRESH: "FORCE_REFRESH",
|
|
592
611
|
SESSION_LOST: "SESSION_LOST",
|
|
593
612
|
NOT_CONNECTED: "NOT_CONNECTED",
|
|
@@ -610,8 +629,8 @@ const J = (e, s, n = null) => {
|
|
|
610
629
|
if (!c || !_)
|
|
611
630
|
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: i };
|
|
612
631
|
if (_.issuedAt !== t.issuedAt) {
|
|
613
|
-
const g = U(s.refresh_time_before_tokens_expiration_in_second, _.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
|
|
614
|
-
return { tokens: _, status: g, nonce:
|
|
632
|
+
const g = U(s.refresh_time_before_tokens_expiration_in_second, _.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", w = await l.getNonceAsync();
|
|
633
|
+
return { tokens: _, status: g, nonce: w };
|
|
615
634
|
}
|
|
616
635
|
r = await l.getNonceAsync();
|
|
617
636
|
} else {
|
|
@@ -621,8 +640,8 @@ const J = (e, s, n = null) => {
|
|
|
621
640
|
if (y === "SESSIONS_LOST")
|
|
622
641
|
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
|
|
623
642
|
if (_.issuedAt !== t.issuedAt) {
|
|
624
|
-
const
|
|
625
|
-
return { tokens: _, status:
|
|
643
|
+
const w = U(s.refresh_time_before_tokens_expiration_in_second, _.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", k = await c.getNonceAsync();
|
|
644
|
+
return { tokens: _, status: w, nonce: k };
|
|
626
645
|
}
|
|
627
646
|
} else
|
|
628
647
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
@@ -648,7 +667,7 @@ const J = (e, s, n = null) => {
|
|
|
648
667
|
...t,
|
|
649
668
|
prompt: "none"
|
|
650
669
|
});
|
|
651
|
-
return _ ? _.error ? (o(null), e.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent" }), { tokens: null, status: "SESSION_LOST" }) : (o(_.tokens), e.publishEvent(
|
|
670
|
+
return _ ? _.error ? (o(null), e.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent" }), { tokens: null, status: "SESSION_LOST" }) : (o(_.tokens), e.publishEvent(N.eventNames.token_renewed, {}), { tokens: _.tokens, status: "LOGGED" }) : (o(null), e.publishEvent(m.refreshTokensAsync_error, { message: "refresh token silent not active" }), { tokens: null, status: "SESSION_LOST" });
|
|
652
671
|
} catch (u) {
|
|
653
672
|
return console.error(u), e.publishEvent(m.refreshTokensAsync_silent_error, { message: "exceptionSilent", exception: u.message }), await H(e)(r, n, t, o);
|
|
654
673
|
}
|
|
@@ -656,57 +675,57 @@ const J = (e, s, n = null) => {
|
|
|
656
675
|
try {
|
|
657
676
|
const { status: u, tokens: c, nonce: _ } = await ts(e)(a, e.configurationName, e.tokens, n);
|
|
658
677
|
switch (u) {
|
|
659
|
-
case
|
|
678
|
+
case x.SESSION_LOST:
|
|
660
679
|
return o(null), e.publishEvent(m.refreshTokensAsync_error, { message: "refresh token session lost" }), { tokens: null, status: "SESSION_LOST" };
|
|
661
|
-
case
|
|
680
|
+
case x.NOT_CONNECTED:
|
|
662
681
|
return o(null), { tokens: null, status: null };
|
|
663
|
-
case
|
|
682
|
+
case x.TOKENS_VALID:
|
|
664
683
|
return o(c), { tokens: c, status: "LOGGED_IN" };
|
|
665
|
-
case
|
|
666
|
-
return o(c), e.publishEvent(
|
|
667
|
-
case
|
|
684
|
+
case x.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
|
|
685
|
+
return o(c), e.publishEvent(N.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), { tokens: c, status: "LOGGED_IN" };
|
|
686
|
+
case x.LOGOUT_FROM_ANOTHER_TAB:
|
|
668
687
|
return o(null), e.publishEvent(m.logout_from_another_tab, { status: "session syncTokensAsync" }), { tokens: null, status: "LOGGED_OUT" };
|
|
669
|
-
case
|
|
670
|
-
return a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted &&
|
|
688
|
+
case x.REQUIRE_SYNC_TOKENS:
|
|
689
|
+
return a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== u ? (e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(m.refreshTokensAsync_begin, { tryNumber: s }), await f());
|
|
671
690
|
default: {
|
|
672
|
-
if (a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted &&
|
|
691
|
+
if (a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== u)
|
|
673
692
|
return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
|
|
674
693
|
if (e.publishEvent(m.refreshTokensAsync_begin, { refreshToken: c.refreshToken, status: u, tryNumber: s }), !c.refreshToken)
|
|
675
694
|
return await f();
|
|
676
|
-
const y = a.client_id, g = a.redirect_uri,
|
|
695
|
+
const y = a.client_id, g = a.redirect_uri, w = a.authority, A = { ...a.token_request_extras ? a.token_request_extras : {} };
|
|
677
696
|
for (const [S, E] of Object.entries(t))
|
|
678
|
-
S.endsWith(":token_request") && (
|
|
697
|
+
S.endsWith(":token_request") && (A[S.replace(":token_request", "")] = E);
|
|
679
698
|
return await (async () => {
|
|
680
699
|
const S = {
|
|
681
700
|
client_id: y,
|
|
682
701
|
redirect_uri: g,
|
|
683
702
|
grant_type: "refresh_token",
|
|
684
703
|
refresh_token: c.refreshToken
|
|
685
|
-
}, E = await e.initAsync(
|
|
686
|
-
a.demonstrating_proof_of_possession && (
|
|
687
|
-
const
|
|
688
|
-
|
|
704
|
+
}, E = await e.initAsync(w, a.authority_configuration), h = document.hidden ? 1e4 : 3e4 * 10, C = E.tokenEndpoint, d = {};
|
|
705
|
+
a.demonstrating_proof_of_possession && (d.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(c.accessToken, C, "POST"));
|
|
706
|
+
const p = await Ze(e.getFetch())(
|
|
707
|
+
C,
|
|
689
708
|
S,
|
|
690
|
-
w,
|
|
691
|
-
c,
|
|
692
709
|
A,
|
|
710
|
+
c,
|
|
711
|
+
d,
|
|
693
712
|
a.token_renew_mode,
|
|
694
713
|
h
|
|
695
714
|
);
|
|
696
|
-
if (
|
|
697
|
-
const { isValid:
|
|
698
|
-
if (!
|
|
715
|
+
if (p.success) {
|
|
716
|
+
const { isValid: b, reason: L } = ke(p.data, _.nonce, E);
|
|
717
|
+
if (!b)
|
|
699
718
|
return o(null), e.publishEvent(m.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${L}` }), { tokens: null, status: "SESSION_LOST" };
|
|
700
|
-
if (o(
|
|
701
|
-
const
|
|
702
|
-
|
|
719
|
+
if (o(p.data), p.demonstratingProofOfPossessionNonce) {
|
|
720
|
+
const v = await I(a, e.configurationName);
|
|
721
|
+
v ? await v.setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce) : await O(e.configurationName, a.storage).setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce);
|
|
703
722
|
}
|
|
704
|
-
return e.publishEvent(m.refreshTokensAsync_end, { success:
|
|
723
|
+
return e.publishEvent(m.refreshTokensAsync_end, { success: p.success }), e.publishEvent(N.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: p.data, status: "LOGGED_IN" };
|
|
705
724
|
} else
|
|
706
725
|
return e.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
707
726
|
message: "bad request",
|
|
708
|
-
tokenResponse:
|
|
709
|
-
}),
|
|
727
|
+
tokenResponse: p
|
|
728
|
+
}), p.status >= 400 && p.status < 500 ? (o(null), e.publishEvent(m.refreshTokensAsync_error, { message: `session lost: ${p.status}` }), { tokens: null, status: "SESSION_LOST" }) : await H(e)(r, n, t, o);
|
|
710
729
|
})();
|
|
711
730
|
}
|
|
712
731
|
}
|
|
@@ -733,13 +752,13 @@ const J = (e, s, n = null) => {
|
|
|
733
752
|
return u.width = "0px", u.height = "0px", u.id = `${e}_oidc_iframe`, u.setAttribute("src", a), document.body.appendChild(u), new Promise((c, _) => {
|
|
734
753
|
let y = !1;
|
|
735
754
|
const g = () => {
|
|
736
|
-
window.removeEventListener("message",
|
|
737
|
-
},
|
|
755
|
+
window.removeEventListener("message", w), u.remove(), y = !0;
|
|
756
|
+
}, w = (k) => {
|
|
738
757
|
if (k.origin === f && k.source === u.contentWindow) {
|
|
739
|
-
const
|
|
758
|
+
const A = `${e}_oidc_tokens:`, T = `${e}_oidc_error:`, S = `${e}_oidc_exception:`, E = k.data;
|
|
740
759
|
if (E && typeof E == "string" && !y) {
|
|
741
|
-
if (E.startsWith(
|
|
742
|
-
const h = JSON.parse(k.data.replace(
|
|
760
|
+
if (E.startsWith(A)) {
|
|
761
|
+
const h = JSON.parse(k.data.replace(A, ""));
|
|
743
762
|
n(m.silentLoginAsync_end, {}), c(h), g();
|
|
744
763
|
} else if (E.startsWith(T)) {
|
|
745
764
|
const h = JSON.parse(k.data.replace(T, ""));
|
|
@@ -752,7 +771,7 @@ const J = (e, s, n = null) => {
|
|
|
752
771
|
}
|
|
753
772
|
};
|
|
754
773
|
try {
|
|
755
|
-
window.addEventListener("message",
|
|
774
|
+
window.addEventListener("message", w);
|
|
756
775
|
const k = s.silent_login_timeout;
|
|
757
776
|
setTimeout(() => {
|
|
758
777
|
y || (g(), n(m.silentLoginAsync_error, { reason: "timeout" }), _(new Error("timeout")));
|
|
@@ -799,15 +818,15 @@ const J = (e, s, n = null) => {
|
|
|
799
818
|
}).then((g) => {
|
|
800
819
|
if (g.error)
|
|
801
820
|
throw new Error(g.error);
|
|
802
|
-
const
|
|
803
|
-
if (y.sub ===
|
|
821
|
+
const w = g.tokens.idTokenPayload;
|
|
822
|
+
if (y.sub === w.sub) {
|
|
804
823
|
const k = g.sessionState;
|
|
805
|
-
e.checkSessionIFrame.start(g.sessionState), y.sid ===
|
|
824
|
+
e.checkSessionIFrame.start(g.sessionState), y.sid === w.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", k) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", k);
|
|
806
825
|
} else
|
|
807
|
-
console.debug("SessionMonitor._callback: Different subject signed into OP:",
|
|
826
|
+
console.debug("SessionMonitor._callback: Different subject signed into OP:", w.sub);
|
|
808
827
|
}).catch(async (g) => {
|
|
809
828
|
console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", g);
|
|
810
|
-
for (const [
|
|
829
|
+
for (const [w, k] of Object.entries(s))
|
|
811
830
|
await k.logoutOtherTabAsync(n.client_id, y.sub);
|
|
812
831
|
});
|
|
813
832
|
};
|
|
@@ -819,7 +838,7 @@ const J = (e, s, n = null) => {
|
|
|
819
838
|
} else
|
|
820
839
|
l(null);
|
|
821
840
|
});
|
|
822
|
-
},
|
|
841
|
+
}, be = (e) => {
|
|
823
842
|
const s = e.match(
|
|
824
843
|
// eslint-disable-next-line no-useless-escape
|
|
825
844
|
/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
|
|
@@ -842,13 +861,13 @@ const J = (e, s, n = null) => {
|
|
|
842
861
|
hash: t
|
|
843
862
|
};
|
|
844
863
|
}, Ss = (e) => {
|
|
845
|
-
const s =
|
|
864
|
+
const s = be(e);
|
|
846
865
|
let { path: n } = s;
|
|
847
866
|
n.endsWith("/") && (n = n.slice(0, -1));
|
|
848
867
|
let { hash: t } = s;
|
|
849
868
|
return t === "#_=_" && (t = ""), t && (n += t), n;
|
|
850
869
|
}, G = (e) => {
|
|
851
|
-
const s =
|
|
870
|
+
const s = be(e), { search: n } = s;
|
|
852
871
|
return rs(n);
|
|
853
872
|
}, rs = (e) => {
|
|
854
873
|
const s = {};
|
|
@@ -869,13 +888,13 @@ const J = (e, s, n = null) => {
|
|
|
869
888
|
l || (l = s.scope);
|
|
870
889
|
const y = s.extras ? { ...s.extras, ...r } : r;
|
|
871
890
|
y.nonce || (y.nonce = se(12));
|
|
872
|
-
const g = { nonce: y.nonce },
|
|
873
|
-
let
|
|
874
|
-
if (
|
|
875
|
-
|
|
891
|
+
const g = { nonce: y.nonce }, w = await I(s, e), k = await t(s.authority, s.authority_configuration);
|
|
892
|
+
let A;
|
|
893
|
+
if (w)
|
|
894
|
+
w.setLoginParams({ callbackPath: c, extras: f }), await w.initAsync(k, "loginAsync", s), await w.setNonceAsync(g), w.startKeepAliveServiceWorker(), A = w;
|
|
876
895
|
else {
|
|
877
896
|
const S = O(e, s.storage ?? sessionStorage);
|
|
878
|
-
S.setLoginParams({ callbackPath: c, extras: f }), await S.setNonceAsync(g),
|
|
897
|
+
S.setLoginParams({ callbackPath: c, extras: f }), await S.setNonceAsync(g), A = S;
|
|
879
898
|
}
|
|
880
899
|
const T = {
|
|
881
900
|
client_id: s.client_id,
|
|
@@ -884,7 +903,7 @@ const J = (e, s, n = null) => {
|
|
|
884
903
|
response_type: "code",
|
|
885
904
|
...y
|
|
886
905
|
};
|
|
887
|
-
await es(
|
|
906
|
+
await es(A, o)(k.authorizationEndpoint, T);
|
|
888
907
|
} catch (_) {
|
|
889
908
|
throw n(m.loginAsync_error, _), _;
|
|
890
909
|
}
|
|
@@ -893,72 +912,72 @@ const J = (e, s, n = null) => {
|
|
|
893
912
|
try {
|
|
894
913
|
e.publishEvent(m.loginCallbackAsync_begin, {});
|
|
895
914
|
const n = e.configuration, t = n.client_id, o = s ? n.silent_redirect_uri : n.redirect_uri, i = n.authority, r = n.token_request_timeout, a = await e.initAsync(i, n.authority_configuration), l = e.location.getCurrentHref(), u = G(l).session_state, c = await I(n, e.configurationName);
|
|
896
|
-
let _, y, g,
|
|
915
|
+
let _, y, g, w;
|
|
897
916
|
if (c)
|
|
898
|
-
await c.initAsync(a, "loginCallbackAsync", n), await c.setSessionStateAsync(u), y = await c.getNonceAsync(), g = c.getLoginParams(),
|
|
917
|
+
await c.initAsync(a, "loginCallbackAsync", n), await c.setSessionStateAsync(u), y = await c.getNonceAsync(), g = c.getLoginParams(), w = await c.getStateAsync(), c.startKeepAliveServiceWorker(), _ = c;
|
|
899
918
|
else {
|
|
900
|
-
const
|
|
901
|
-
await
|
|
919
|
+
const v = O(e.configurationName, n.storage ?? sessionStorage);
|
|
920
|
+
await v.setSessionStateAsync(u), y = await v.getNonceAsync(), g = v.getLoginParams(), w = await v.getStateAsync(), _ = v;
|
|
902
921
|
}
|
|
903
922
|
const k = G(l);
|
|
904
923
|
if (k.error || k.error_description)
|
|
905
924
|
throw new Error(`Error from OIDC server: ${k.error} - ${k.error_description}`);
|
|
906
925
|
if (k.iss && k.iss !== a.issuer)
|
|
907
926
|
throw console.error(), new Error(`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`);
|
|
908
|
-
if (k.state && k.state !==
|
|
909
|
-
throw new Error(`State not valid (expected: ${
|
|
910
|
-
const
|
|
927
|
+
if (k.state && k.state !== w)
|
|
928
|
+
throw new Error(`State not valid (expected: ${w}, received: ${k.state})`);
|
|
929
|
+
const A = {
|
|
911
930
|
code: k.code,
|
|
912
931
|
grant_type: "authorization_code",
|
|
913
932
|
client_id: n.client_id,
|
|
914
933
|
redirect_uri: o
|
|
915
934
|
}, T = {};
|
|
916
935
|
if (n.token_request_extras)
|
|
917
|
-
for (const [
|
|
918
|
-
T[
|
|
936
|
+
for (const [v, K] of Object.entries(n.token_request_extras))
|
|
937
|
+
T[v] = K;
|
|
919
938
|
if (g && g.extras)
|
|
920
|
-
for (const [
|
|
921
|
-
|
|
939
|
+
for (const [v, K] of Object.entries(g.extras))
|
|
940
|
+
v.endsWith(":token_request") && (T[v.replace(":token_request", "")] = K);
|
|
922
941
|
const S = a.tokenEndpoint, E = {};
|
|
923
942
|
if (n.demonstrating_proof_of_possession)
|
|
924
943
|
if (c)
|
|
925
944
|
E.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
|
|
926
945
|
else {
|
|
927
|
-
const
|
|
928
|
-
await O(e.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(
|
|
946
|
+
const v = await qe(window)(n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
|
|
947
|
+
await O(e.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(v), E.DPoP = await Ae(window)(n.demonstrating_proof_of_possession_configuration)(v, "POST", S);
|
|
929
948
|
}
|
|
930
949
|
const h = await ss(_)(
|
|
931
950
|
S,
|
|
932
|
-
{ ...
|
|
951
|
+
{ ...A, ...T },
|
|
933
952
|
E,
|
|
934
953
|
e.configuration.token_renew_mode,
|
|
935
954
|
r
|
|
936
955
|
);
|
|
937
956
|
if (!h.success)
|
|
938
957
|
throw new Error("Token request failed");
|
|
939
|
-
let
|
|
940
|
-
const
|
|
958
|
+
let C;
|
|
959
|
+
const d = h.data.tokens, p = h.data.demonstratingProofOfPossessionNonce;
|
|
941
960
|
if (h.data.state !== T.state)
|
|
942
961
|
throw new Error("state is not valid");
|
|
943
|
-
const { isValid:
|
|
944
|
-
if (!
|
|
962
|
+
const { isValid: b, reason: L } = ke(d, y.nonce, a);
|
|
963
|
+
if (!b)
|
|
945
964
|
throw new Error(`Tokens are not OpenID valid, reason: ${L}`);
|
|
946
965
|
if (c) {
|
|
947
|
-
if (
|
|
966
|
+
if (d.refreshToken && !d.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
948
967
|
throw new Error("Refresh token should be hidden by service worker");
|
|
949
|
-
if (
|
|
968
|
+
if (p && d.accessToken && d.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
950
969
|
throw new Error("Demonstration of proof of possession require Access token not hidden by service worker");
|
|
951
970
|
}
|
|
952
971
|
if (c)
|
|
953
|
-
await c.initAsync(a, "syncTokensAsync", n),
|
|
972
|
+
await c.initAsync(a, "syncTokensAsync", n), C = c.getLoginParams(), p && await c.setDemonstratingProofOfPossessionNonce(p);
|
|
954
973
|
else {
|
|
955
|
-
const
|
|
956
|
-
|
|
974
|
+
const v = O(e.configurationName, n.storage);
|
|
975
|
+
C = v.getLoginParams(), p && await v.setDemonstratingProofOfPossessionNonce(p);
|
|
957
976
|
}
|
|
958
977
|
return await e.startCheckSessionAsync(a.checkSessionIframe, t, u, s), e.publishEvent(m.loginCallbackAsync_end, {}), {
|
|
959
|
-
tokens:
|
|
978
|
+
tokens: d,
|
|
960
979
|
state: "request.state",
|
|
961
|
-
callbackPath:
|
|
980
|
+
callbackPath: C.callbackPath
|
|
962
981
|
};
|
|
963
982
|
} catch (n) {
|
|
964
983
|
throw console.error(n), e.publishEvent(m.loginCallbackAsync_error, n), n;
|
|
@@ -997,38 +1016,38 @@ const J = (e, s, n = null) => {
|
|
|
997
1016
|
i && (u = i.includes("https://") || i.includes("http://"));
|
|
998
1017
|
const c = u ? i : o.getOrigin() + f, _ = e.tokens ? e.tokens.idToken : "";
|
|
999
1018
|
try {
|
|
1000
|
-
const
|
|
1001
|
-
if (
|
|
1019
|
+
const A = l.revocationEndpoint;
|
|
1020
|
+
if (A) {
|
|
1002
1021
|
const T = [], S = e.tokens ? e.tokens.accessToken : null;
|
|
1003
1022
|
if (S && a.logout_tokens_to_invalidate.includes(he.access_token)) {
|
|
1004
|
-
const h = Q(r, ":revoke_access_token"),
|
|
1005
|
-
|
|
1023
|
+
const h = Q(r, ":revoke_access_token"), C = fe(n)(
|
|
1024
|
+
A,
|
|
1006
1025
|
S,
|
|
1007
1026
|
ne.access_token,
|
|
1008
1027
|
a.client_id,
|
|
1009
1028
|
h
|
|
1010
1029
|
);
|
|
1011
|
-
T.push(
|
|
1030
|
+
T.push(C);
|
|
1012
1031
|
}
|
|
1013
1032
|
const E = e.tokens ? e.tokens.refreshToken : null;
|
|
1014
1033
|
if (E && a.logout_tokens_to_invalidate.includes(he.refresh_token)) {
|
|
1015
|
-
const h = Q(r, ":revoke_refresh_token"),
|
|
1016
|
-
|
|
1034
|
+
const h = Q(r, ":revoke_refresh_token"), C = fe(n)(
|
|
1035
|
+
A,
|
|
1017
1036
|
E,
|
|
1018
1037
|
ne.refresh_token,
|
|
1019
1038
|
a.client_id,
|
|
1020
1039
|
h
|
|
1021
1040
|
);
|
|
1022
|
-
T.push(
|
|
1041
|
+
T.push(C);
|
|
1023
1042
|
}
|
|
1024
1043
|
T.length > 0 && await Promise.all(T);
|
|
1025
1044
|
}
|
|
1026
|
-
} catch (
|
|
1027
|
-
t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), t.warn(
|
|
1045
|
+
} catch (A) {
|
|
1046
|
+
t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), t.warn(A);
|
|
1028
1047
|
}
|
|
1029
1048
|
const y = e.tokens && e.tokens.idTokenPayload ? e.tokens.idTokenPayload.sub : null;
|
|
1030
1049
|
await e.destroyAsync("LOGGED_OUT");
|
|
1031
|
-
for (const [
|
|
1050
|
+
for (const [A, T] of Object.entries(s))
|
|
1032
1051
|
T !== e ? await e.logoutSameTabAsync(e.configuration.client_id, y) : e.publishEvent(m.logout_from_same_tab, {});
|
|
1033
1052
|
const g = Q(r, ":oidc");
|
|
1034
1053
|
if (g && g.no_reload === "true")
|
|
@@ -1036,13 +1055,13 @@ const J = (e, s, n = null) => {
|
|
|
1036
1055
|
const k = ls(r);
|
|
1037
1056
|
if (l.endSessionEndpoint) {
|
|
1038
1057
|
"id_token_hint" in k || (k.id_token_hint = _), !("post_logout_redirect_uri" in k) && i !== null && (k.post_logout_redirect_uri = c);
|
|
1039
|
-
let
|
|
1058
|
+
let A = "";
|
|
1040
1059
|
for (const [T, S] of Object.entries(k))
|
|
1041
|
-
S != null && (
|
|
1042
|
-
o.open(`${l.endSessionEndpoint}${
|
|
1060
|
+
S != null && (A === "" ? A += "?" : A += "&", A += `${T}=${encodeURIComponent(S)}`);
|
|
1061
|
+
o.open(`${l.endSessionEndpoint}${A}`);
|
|
1043
1062
|
} else
|
|
1044
1063
|
o.reload();
|
|
1045
|
-
},
|
|
1064
|
+
}, Ee = (e, s, n = !1) => async (...t) => {
|
|
1046
1065
|
var y;
|
|
1047
1066
|
const [o, i, ...r] = t, a = i ? { ...i } : { method: "GET" };
|
|
1048
1067
|
let l = new Headers();
|
|
@@ -1062,7 +1081,7 @@ const J = (e, s, n = null) => {
|
|
|
1062
1081
|
if (e.userInfo != null && !s)
|
|
1063
1082
|
return e.userInfo;
|
|
1064
1083
|
const t = e.configuration, i = (await e.initAsync(t.authority, t.authority_configuration)).userInfoEndpoint, a = await (async () => {
|
|
1065
|
-
const f = await
|
|
1084
|
+
const f = await Ee(fetch, e, n)(i);
|
|
1066
1085
|
return f.status !== 200 ? null : f.json();
|
|
1067
1086
|
})();
|
|
1068
1087
|
return e.userInfo = a, a;
|
|
@@ -1218,7 +1237,7 @@ class te {
|
|
|
1218
1237
|
this.authorizationEndpoint = s.authorization_endpoint, this.tokenEndpoint = s.token_endpoint, this.revocationEndpoint = s.revocation_endpoint, this.userInfoEndpoint = s.userinfo_endpoint, this.checkSessionIframe = s.check_session_iframe, this.issuer = s.issuer, this.endSessionEndpoint = s.end_session_endpoint;
|
|
1219
1238
|
}
|
|
1220
1239
|
}
|
|
1221
|
-
const
|
|
1240
|
+
const W = {}, ps = (e, s = new Y()) => (n, t = "default") => (W[t] || (W[t] = new N(n, t, e, s)), W[t]), ws = async (e) => {
|
|
1222
1241
|
const { parsedTokens: s, callbackPath: n } = await e.loginCallbackAsync();
|
|
1223
1242
|
return e.timeoutId = J(e, s.expiresAt), { callbackPath: n };
|
|
1224
1243
|
}, As = (e) => Math.floor(Math.random() * e), F = class F {
|
|
@@ -1261,10 +1280,10 @@ const x = {}, ps = (e, s = new Y()) => (n, t = "default") => (x[t] || (x[t] = ne
|
|
|
1261
1280
|
}
|
|
1262
1281
|
static get(s = "default") {
|
|
1263
1282
|
const n = typeof process > "u";
|
|
1264
|
-
if (!Object.prototype.hasOwnProperty.call(
|
|
1283
|
+
if (!Object.prototype.hasOwnProperty.call(W, s) && n)
|
|
1265
1284
|
throw Error(`OIDC library does seem initialized.
|
|
1266
1285
|
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${s}"></OidcProvider> component.`);
|
|
1267
|
-
return
|
|
1286
|
+
return W[s];
|
|
1268
1287
|
}
|
|
1269
1288
|
_silentLoginCallbackFromIFrame() {
|
|
1270
1289
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
@@ -1307,13 +1326,17 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1307
1326
|
});
|
|
1308
1327
|
}
|
|
1309
1328
|
async tryKeepExistingSessionAsync() {
|
|
1310
|
-
return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise = ks(this), this.tryKeepExistingSessionPromise.
|
|
1329
|
+
return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise = ks(this), this.tryKeepExistingSessionPromise.finally(() => {
|
|
1330
|
+
this.tryKeepExistingSessionPromise = null;
|
|
1331
|
+
}));
|
|
1311
1332
|
}
|
|
1312
1333
|
async startCheckSessionAsync(s, n, t, o = !1) {
|
|
1313
|
-
await is(this,
|
|
1334
|
+
await is(this, W, this.configuration)(s, n, t, o);
|
|
1314
1335
|
}
|
|
1315
1336
|
async loginAsync(s = void 0, n = null, t = !1, o = void 0, i = !1) {
|
|
1316
|
-
return this.logoutPromise && await this.logoutPromise, this.loginPromise !== null ? this.loginPromise : i ? os(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(n, o) : (this.loginPromise = as(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(s, n, t, o), this.loginPromise.
|
|
1337
|
+
return this.logoutPromise && await this.logoutPromise, this.loginPromise !== null ? this.loginPromise : i ? os(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(n, o) : (this.loginPromise = as(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(s, n, t, o), this.loginPromise.finally(() => {
|
|
1338
|
+
this.loginPromise = null;
|
|
1339
|
+
}));
|
|
1317
1340
|
}
|
|
1318
1341
|
async loginCallbackAsync(s = !1) {
|
|
1319
1342
|
if (this.loginCallbackPromise !== null)
|
|
@@ -1322,7 +1345,9 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1322
1345
|
const t = await cs(this)(s), o = t.tokens;
|
|
1323
1346
|
return this.tokens = o, await I(this.configuration, this.configurationName) || O(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(F.eventNames.token_aquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), { parsedTokens: o, state: t.state, callbackPath: t.callbackPath };
|
|
1324
1347
|
};
|
|
1325
|
-
return this.loginCallbackPromise = n(), this.loginCallbackPromise.
|
|
1348
|
+
return this.loginCallbackPromise = n(), this.loginCallbackPromise.finally(() => {
|
|
1349
|
+
this.loginCallbackPromise = null;
|
|
1350
|
+
});
|
|
1326
1351
|
}
|
|
1327
1352
|
async generateDemonstrationOfProofOfPossessionAsync(s, n, t, o = {}) {
|
|
1328
1353
|
const i = this.configuration, r = {
|
|
@@ -1337,16 +1362,22 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1337
1362
|
return l = await f.getDemonstratingProofOfPossessionNonce(), l && (r.nonce = l), await Ae(window)(i.demonstrating_proof_of_possession_configuration)(u, t, n, r);
|
|
1338
1363
|
}
|
|
1339
1364
|
loginCallbackWithAutoTokensRenewAsync() {
|
|
1340
|
-
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = ws(this), this.loginCallbackWithAutoTokensRenewPromise.
|
|
1365
|
+
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = ws(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
|
|
1366
|
+
this.loginCallbackWithAutoTokensRenewPromise = null;
|
|
1367
|
+
}));
|
|
1341
1368
|
}
|
|
1342
1369
|
userInfoAsync(s = !1, n = !1) {
|
|
1343
|
-
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = fs(this)(s, n), this.userInfoPromise.
|
|
1370
|
+
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = fs(this)(s, n), this.userInfoPromise.finally(() => {
|
|
1371
|
+
this.userInfoPromise = null;
|
|
1372
|
+
}));
|
|
1344
1373
|
}
|
|
1345
1374
|
async renewTokensAsync(s = null) {
|
|
1346
1375
|
if (this.renewTokensPromise !== null)
|
|
1347
1376
|
return this.renewTokensPromise;
|
|
1348
1377
|
if (this.timeoutId)
|
|
1349
|
-
return M.clearTimeout(this.timeoutId), this.renewTokensPromise = Te(this, !0, s), this.renewTokensPromise.
|
|
1378
|
+
return M.clearTimeout(this.timeoutId), this.renewTokensPromise = Te(this, !0, s), this.renewTokensPromise.finally(() => {
|
|
1379
|
+
this.renewTokensPromise = null;
|
|
1380
|
+
});
|
|
1350
1381
|
}
|
|
1351
1382
|
async destroyAsync(s) {
|
|
1352
1383
|
return await us(this)(s);
|
|
@@ -1358,11 +1389,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1358
1389
|
this.configuration.monitor_session && this.configuration.client_id === s && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_another_tab, { message: "SessionMonitor", sub: n }));
|
|
1359
1390
|
}
|
|
1360
1391
|
async logoutAsync(s = void 0, n = null) {
|
|
1361
|
-
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = _s(this,
|
|
1392
|
+
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = _s(this, W, this.getFetch(), console, this.location)(s, n), this.logoutPromise.finally(() => {
|
|
1393
|
+
this.logoutPromise = null;
|
|
1394
|
+
}));
|
|
1362
1395
|
}
|
|
1363
1396
|
};
|
|
1364
1397
|
F.getOrCreate = (s, n) => (t, o = "default") => ps(s, n)(t, o), F.eventNames = m;
|
|
1365
|
-
let
|
|
1398
|
+
let N = F;
|
|
1366
1399
|
const $ = class $ {
|
|
1367
1400
|
constructor(s) {
|
|
1368
1401
|
this._oidc = s;
|
|
@@ -1377,7 +1410,7 @@ const $ = class $ {
|
|
|
1377
1410
|
this._oidc.publishEvent(s, n);
|
|
1378
1411
|
}
|
|
1379
1412
|
static get(s = "default") {
|
|
1380
|
-
return new $(
|
|
1413
|
+
return new $(N.get(s));
|
|
1381
1414
|
}
|
|
1382
1415
|
tryKeepExistingSessionAsync() {
|
|
1383
1416
|
return this._oidc.tryKeepExistingSessionAsync();
|
|
@@ -1409,8 +1442,8 @@ const $ = class $ {
|
|
|
1409
1442
|
async getValidTokenAsync(s = 200, n = 50) {
|
|
1410
1443
|
return ge(this._oidc, s, n);
|
|
1411
1444
|
}
|
|
1412
|
-
fetchWithTokens(s, n) {
|
|
1413
|
-
return
|
|
1445
|
+
fetchWithTokens(s, n = !1) {
|
|
1446
|
+
return Ee(s, this, n);
|
|
1414
1447
|
}
|
|
1415
1448
|
async userInfoAsync(s = !1, n = !1) {
|
|
1416
1449
|
return this._oidc.userInfoAsync(s, n);
|
|
@@ -1419,7 +1452,7 @@ const $ = class $ {
|
|
|
1419
1452
|
return this._oidc.userInfo;
|
|
1420
1453
|
}
|
|
1421
1454
|
};
|
|
1422
|
-
$.getOrCreate = (s, n = new Y()) => (t, o = "default") => new $(
|
|
1455
|
+
$.getOrCreate = (s, n = new Y()) => (t, o = "default") => new $(N.getOrCreate(s, n)(t, o)), $.eventNames = N.eventNames;
|
|
1423
1456
|
let ye = $;
|
|
1424
1457
|
export {
|
|
1425
1458
|
ye as OidcClient,
|
package/dist/index.umd.cjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(C,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(C=typeof globalThis<"u"?globalThis:C||self,G(C["oidc-client"]={}))})(this,function(C){"use strict";const D=console;class Ce{constructor(n,s,t,o=2e3,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(D.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(D.debug(n),D.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):D.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){D.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(D.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},O=(e,n=sessionStorage)=>{const s=h=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:h}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const h=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:h.tokens,status:h.status})},o=h=>{n[`oidc.${e}`]=JSON.stringify({tokens:h})},i=async h=>{n[`oidc.session_state.${e}`]=h},r=async()=>n[`oidc.session_state.${e}`],a=h=>{n[`oidc.nonce.${e}`]=h.nonce},l=h=>{n[`oidc.jwk.${e}`]=JSON.stringify(h)},f=()=>JSON.parse(n[`oidc.jwk.${e}`]),u=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async h=>{n[`oidc.dpop_nonce.${e}`]=h},_=()=>n[`oidc.dpop_nonce.${e}`],y=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:y,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:u,setLoginParams:h=>{g[e]=h,n[`oidc.login.${e}`]=JSON.stringify(h)},getLoginParams:()=>{const h=n[`oidc.login.${e}`];return h?(g[e]||(g[e]=JSON.parse(h)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async h=>{n[`oidc.state.${e}`]=h},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async h=>{n[`oidc.code_verifier.${e}`]=h},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:l,getDemonstratingProofOfPossessionJwkAsync:f}};var R=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(R||{});const Ne=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),xe=e=>JSON.parse(Ne(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&We(e,".")===2?xe(e.split(".")[1]):null}catch(n){console.warn(n)}return null},We=(e,n)=>e.split(n).length-1,Y={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const X=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,l=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Le(e,t,r);let f;e.expiresAt?f=e.expiresAt:s===Y.access_token_invalid?f=l:s===Y.id_token_invalid?f=a:f=a<l?a:l;const u={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:f,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...u,refreshToken:c}}return u},ne=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),X(t,n,s)},U=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=e=>e?U(0,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!_e(e.tokens)&&t>0;){if(e.configuration.token_automatic_renew_mode==R.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await Q({milliseconds:n});t=t-1}return{isTokensValid:_e(e.tokens),tokens:e.tokens,numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},V=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.22.16";let ye=null,z;const Q=({milliseconds:e})=>new Promise(n=>V.setTimeout(n,e)),ge=(e="/")=>{try{z=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:z.signal}).catch(t=>{console.log(t)}),Q({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},De=()=>{z&&z.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistering ${t}`),await Q({milliseconds:2e3}),e.reload()},P=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.register?t=await e.service_worker_register(s):t=await navigator.serviceWorker.register(s);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await P(t)({type:"claim"})}catch{return null}const o=async d=>P(t)({type:"clear",data:{status:d},configurationName:n}),i=async(d,A,v)=>{const L=await P(t)({type:"init",data:{oidcServerConfiguration:d,where:A,oidcConfiguration:{token_renew_mode:v.token_renew_mode,service_worker_convert_all_requests_to_cors:v.service_worker_convert_all_requests_to_cors}},configurationName:n}),F=L.version;return F!==he&&(console.warn(`Service worker ${F} version mismatch with js client version ${he}, unregistering and reloading`),await v.service_worker_update_require_callback(t,De)),{tokens:ne(L.tokens,null,v.token_renew_mode),status:L.status}},r=(d="/")=>{ye==null&&(ye="not_null",ge(d))},a=d=>P(t)({type:"setSessionState",data:{sessionState:d},configurationName:n}),l=async()=>(await P(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,f=d=>(sessionStorage[`oidc.nonce.${n}`]=d.nonce,P(t)({type:"setNonce",data:{nonce:d},configurationName:n})),u=async()=>{let A=(await P(t)({type:"getNonce",data:null,configurationName:n})).nonce;return A||(A=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:A}};let c={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:a,getSessionStateAsync:l,setNonceAsync:f,getNonceAsync:u,setLoginParams:d=>{c[n]=d,localStorage[`oidc.login.${n}`]=JSON.stringify(d)},getLoginParams:()=>{const d=localStorage[`oidc.login.${n}`];return c[n]||(c[n]=JSON.parse(d)),c[n]},getStateAsync:async()=>{let A=(await P(t)({type:"getState",data:null,configurationName:n})).state;return A||(A=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),A},setStateAsync:async d=>(sessionStorage[`oidc.state.${n}`]=d,P(t)({type:"setState",data:{state:d},configurationName:n})),getCodeVerifierAsync:async()=>{let A=(await P(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return A||(A=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),A},setCodeVerifierAsync:async d=>(sessionStorage[`oidc.code_verifier.${n}`]=d,P(t)({type:"setCodeVerifier",data:{codeVerifier:d},configurationName:n})),setDemonstratingProofOfPossessionNonce:async d=>{await P(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:d},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await P(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async d=>{const A=JSON.stringify(d);await P(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:A},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const d=await P(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return d.demonstratingProofOfPossessionJwkJson?JSON.parse(d.demonstratingProofOfPossessionJwkJson):null}}},$={},Ke=(e,n=window.sessionStorage,s)=>{if(!$[e]&&n){const o=n.getItem(e);o&&($[e]=JSON.parse(o))}const t=1e3*s;return $[e]&&$[e].timestamp+t>Date.now()?$[e].result:null},Fe=(e,n,s=window.sessionStorage)=>{const t=Date.now();$[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function ke(e){return new TextEncoder().encode(e)}function me(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Ue(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const se=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),me(n)};function pe(e){return me(Ue(e))}const Ve={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var Me={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:pe(JSON.stringify(s)),payload:pe(JSON.stringify(t))},a=o.importKeyAlgorithm,l=!0,f=["sign"],u=await e.crypto.subtle.importKey("jwk",n,a,l,f),c=ke(`${r.protected}.${r.payload}`),_=o.signAlgorithm,y=await e.crypto.subtle.sign(_,u,c);return r.signature=se(new Uint8Array(y)),`${r.protected}.${r.payload}.${r.signature}`}};const Je={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var Be={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,ke(t));return se(new Uint8Array(o))}};const He=e=>async n=>await Je.generate(e)(n),we=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(je()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await Be.thumbprint(e)(s,n.digestAlgorithm);return await Me.sign(e)(s,{kid:a},r,n)},je=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Ae=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},te="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%te.length;n.push(te[t])}return n.join("")},oe=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Ae();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*te.length|0;return qe(n)};function Ge(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function Se(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Ge(e)).then(t=>n(se(new Uint8Array(t))),t=>s(t))})}const Ye=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Ae();return n?Se(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Xe=60*60,ze=e=>async(n,s=Xe,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Ke(r,t,s);if(a)return new ce(a);const l=await M(e)(i,{},o);if(l.status!==200)return null;const f=await l.json();return Fe(r,f,t),new ce(f)},M=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await M(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},ie={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,s,t=ie.refresh_token,o,i={},r=1e4)=>{const a={token:s,token_type_hint:t,client_id:o};for(const[c,_]of Object.entries(i))a[c]===void 0&&(a[c]=_);const l=[];for(const c in a){const _=encodeURIComponent(c),y=encodeURIComponent(a[c]);l.push(`${_}=${y}`)}const f=l.join("&");return(await M(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:f},r)).status!==200?{success:!1}:{success:!0}},Qe=e=>async(n,s,t,o,i={},r,a=1e4)=>{for(const[y,g]of Object.entries(t))s[y]===void 0&&(s[y]=g);const l=[];for(const y in s){const g=encodeURIComponent(y),p=encodeURIComponent(s[y]);l.push(`${g}=${p}`)}const f=l.join("&"),u=await M(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},a);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};const c=await u.json();let _=null;return u.headers.has(Z)&&(_=u.headers.get(Z)),{success:!0,status:u.status,data:ne(c,o,r),demonstratingProofOfPossessionNonce:_}},Ze=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=oe(128),i=await Ye(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[a,l]of Object.entries(t))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(l)}`;n.open(`${s}${r}`)},Z="DPoP-Nonce",en=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const c in s){const _=encodeURIComponent(c),y=encodeURIComponent(s[c]);r.push(`${_}=${y}`)}const a=r.join("&"),l=await M(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),l.status!==200)return{success:!1,status:l.status};let f=null;l.headers.has(Z)&&(f=l.headers.get(Z));const u=await l.json();return{success:!0,data:{state:s.state,tokens:ne(u,null,o),demonstratingProofOfPossessionNonce:f}}};async function Te(e,n,s){const t=a=>{e.tokens=a},{tokens:o,status:i}=await ee(e)(0,n,s,t);return await I(e.configuration,e.configurationName)||await O(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(i),null)}const nn=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=O(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=X(o,e.tokens,n.token_renew_mode),o}};async function Ee(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let i;const r=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!r?i=await Te(e,n,s):i=await navigator.locks.request(o,{ifAvailable:!0},async a=>a?await Te(e,n,s):(e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await nn(e,t))),i?(e.timeoutId&&(e.timeoutId=J(e,e.tokens.expiresAt,s)),e.tokens):null}const J=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const i={timeLeft:U(t,n)};e.publishEvent(N.eventNames.token_timer,i),await Ee(e,!1,s)},1e3)},x={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),l=await I(n,s);if(l){const{status:c,tokens:_}=await l.initAsync(a,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!c||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const g=U(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",p=await l.getNonceAsync();return{tokens:_,status:g,nonce:p}}r=await l.getNonceAsync()}else{const c=O(s,n.storage??sessionStorage);let{tokens:_,status:y}=await c.initAsync();if(_&&(_=X(_,e.tokens,n.token_renew_mode)),_){if(y==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(_.issuedAt!==t.issuedAt){const p=U(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",k=await c.getNonceAsync();return{tokens:_,status:p,nonce:k}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await c.getNonceAsync()}const u=U(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:u,nonce:r}},ee=e=>async(n=0,s=!1,t=null,o)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let i=6;for(;!navigator.onLine&&i>0;)await Q({milliseconds:1e3}),i--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${i}`});const r=n+1;t||(t={});const a=e.configuration,l=(u,c=null,_=null)=>re(e.configurationName,e.configuration,e.publishEvent.bind(e))(u,c,_),f=async()=>{try{let u;const c=await I(a,e.configurationName);c?u=c.getLoginParams():u=O(e.configurationName,a.storage).getLoginParams();const _=await l({...u.extras,...t,prompt:"none"});return _?_.error?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(_.tokens),e.publishEvent(N.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}):(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(u){return console.error(u),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:u.message}),await ee(e)(r,s,t,o)}};try{const{status:u,tokens:c,nonce:_}=await sn(e)(a,e.configurationName,e.tokens,s);switch(u){case x.SESSION_LOST:return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case x.NOT_CONNECTED:return o(null),{tokens:null,status:null};case x.TOKENS_VALID:return o(c),{tokens:c,status:"LOGGED_IN"};case x.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(c),e.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:c,status:"LOGGED_IN"};case x.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case x.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==R.AutomaticOnlyWhenFetchExecuted&&x.FORCE_REFRESH!==u?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:n}),await f());default:{if(a.token_automatic_renew_mode==R.AutomaticOnlyWhenFetchExecuted&&x.FORCE_REFRESH!==u)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:c.refreshToken,status:u,tryNumber:n}),!c.refreshToken)return await f();const y=a.client_id,g=a.redirect_uri,p=a.authority,w={...a.token_request_extras?a.token_request_extras:{}};for(const[S,E]of Object.entries(t))S.endsWith(":token_request")&&(w[S.replace(":token_request","")]=E);return await(async()=>{const S={client_id:y,redirect_uri:g,grant_type:"refresh_token",refresh_token:c.refreshToken},E=await e.initAsync(p,a.authority_configuration),h=document.hidden?1e4:3e4*10,d=E.tokenEndpoint,A={};a.demonstrating_proof_of_possession&&(A.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(c.accessToken,d,"POST"));const v=await Qe(e.getFetch())(d,S,w,c,A,a.token_renew_mode,h);if(v.success){const{isValid:L,reason:F}=de(v.data,_.nonce,E);if(!L)return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(o(v.data),v.demonstratingProofOfPossessionNonce){const b=await I(a,e.configurationName);b?await b.setDemonstratingProofOfPossessionNonce(v.demonstratingProofOfPossessionNonce):await O(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(v.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:v.success}),e.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:v.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:v}),v.status>=400&&v.status<500?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${v.status}`}),{tokens:null,status:"SESSION_LOST"}):await ee(e)(r,s,t,o)})()}}}catch(u){return console.error(u),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:u.message}),new Promise((c,_)=>{setTimeout(()=>{ee(e)(r,s,t,o).then(c).catch(_)},1e3)})}},re=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[c,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(c)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;const a=n.silent_login_uri+r,l=a.indexOf("/",a.indexOf("//")+2),f=a.substring(0,l),u=document.createElement("iframe");return u.width="0px",u.height="0px",u.id=`${e}_oidc_iframe`,u.setAttribute("src",a),document.body.appendChild(u),new Promise((c,_)=>{let y=!1;const g=()=>{window.removeEventListener("message",p),u.remove(),y=!0},p=k=>{if(k.origin===f&&k.source===u.contentWindow){const w=`${e}_oidc_tokens:`,T=`${e}_oidc_error:`,S=`${e}_oidc_exception:`,E=k.data;if(E&&typeof E=="string"&&!y){if(E.startsWith(w)){const h=JSON.parse(k.data.replace(w,""));s(m.silentLoginAsync_end,{}),c(h),g()}else if(E.startsWith(T)){const h=JSON.parse(k.data.replace(T,""));s(m.silentLoginAsync_error,h),c({error:"oidc_"+h.error,tokens:null,sessionState:null}),g()}else if(E.startsWith(S)){const h=JSON.parse(k.data.replace(S,""));s(m.silentLoginAsync_error,h),_(new Error(h.error)),g()}}}};try{window.addEventListener("message",p);const k=n.silent_login_timeout;setTimeout(()=>{y||(g(),s(m.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},k)}catch(k){g(),s(m.silentLoginAsync_error,k),_(k)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},tn=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const a=(f,u,c)=>re(n,s,t.bind(o))(f,u,c);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const u=s.extras?{...s.extras,...i}:i,c=await a({...u,prompt:"none"},f,r);if(c)return o.tokens=c.tokens,t(m.token_aquired,{}),o.timeoutId=J(o,o.tokens.expiresAt,i),{}}catch(u){return u}})()},on=(e,n,s)=>(t,o,i,r=!1)=>{const a=(l,f=void 0,u=void 0)=>re(e.configurationName,s,e.publishEvent.bind(e))(l,f,u);return new Promise((l,f)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const u=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const _=c.idToken,y=c.idTokenPayload;return a({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const p=g.tokens.idTokenPayload;if(y.sub===p.sub){const k=g.sessionState;e.checkSessionIFrame.start(g.sessionState),y.sid===p.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",k):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",k)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",p.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[p,k]of Object.entries(n))await k.logoutOtherTabAsync(s.client_id,y.sub)})};e.checkSessionIFrame=new Ce(u,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),l(e.checkSessionIFrame)}).catch(c=>{f(c)})}else l(null)})},be=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},rn=e=>{const n=be(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},B=e=>{const n=be(e),{search:s}=n;return an(s)},an=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},cn=(e,n,s,t,o)=>(i=void 0,r=null,a=!1,l=void 0)=>{const f=r;return r={...r},(async()=>{const c=i||o.getPath();if("state"in r||(r.state=oe(16)),s(m.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=a?n.silent_redirect_uri:n.redirect_uri;l||(l=n.scope);const y=n.extras?{...n.extras,...r}:r;y.nonce||(y.nonce=oe(12));const g={nonce:y.nonce},p=await I(n,e),k=await t(n.authority,n.authority_configuration);let w;if(p)p.setLoginParams({callbackPath:c,extras:f}),await p.initAsync(k,"loginAsync",n),await p.setNonceAsync(g),p.startKeepAliveServiceWorker(),w=p;else{const S=O(e,n.storage??sessionStorage);S.setLoginParams({callbackPath:c,extras:f}),await S.setNonceAsync(g),w=S}const T={client_id:n.client_id,redirect_uri:_,scope:l,response_type:"code",...y};await Ze(w,o)(k.authorizationEndpoint,T)}catch(_){throw s(m.loginAsync_error,_),_}})()},ln=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,a=await e.initAsync(i,s.authority_configuration),l=e.location.getCurrentHref(),u=B(l).session_state,c=await I(s,e.configurationName);let _,y,g,p;if(c)await c.initAsync(a,"loginCallbackAsync",s),await c.setSessionStateAsync(u),y=await c.getNonceAsync(),g=c.getLoginParams(),p=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const b=O(e.configurationName,s.storage??sessionStorage);await b.setSessionStateAsync(u),y=await b.getNonceAsync(),g=b.getLoginParams(),p=await b.getStateAsync(),_=b}const k=B(l);if(k.error||k.error_description)throw new Error(`Error from OIDC server: ${k.error} - ${k.error_description}`);if(k.iss&&k.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`);if(k.state&&k.state!==p)throw new Error(`State not valid (expected: ${p}, received: ${k.state})`);const w={code:k.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},T={};if(s.token_request_extras)for(const[b,q]of Object.entries(s.token_request_extras))T[b]=q;if(g&&g.extras)for(const[b,q]of Object.entries(g.extras))b.endsWith(":token_request")&&(T[b.replace(":token_request","")]=q);const S=a.tokenEndpoint,E={};if(s.demonstrating_proof_of_possession)if(c)E.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const b=await He(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await O(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(b),E.DPoP=await we(window)(s.demonstrating_proof_of_possession_configuration)(b,"POST",S)}const h=await en(_)(S,{...w,...T},E,e.configuration.token_renew_mode,r);if(!h.success)throw new Error("Token request failed");let d;const A=h.data.tokens,v=h.data.demonstratingProofOfPossessionNonce;if(h.data.state!==T.state)throw new Error("state is not valid");const{isValid:L,reason:F}=de(A,y.nonce,a);if(!L)throw new Error(`Tokens are not OpenID valid, reason: ${F}`);if(c){if(A.refreshToken&&!A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(v&&A.accessToken&&A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(a,"syncTokensAsync",s),d=c.getLoginParams(),v&&await c.setDemonstratingProofOfPossessionNonce(v);else{const b=O(e.configurationName,s.storage);d=b.getLoginParams(),v&&await b.setDemonstratingProofOfPossessionNonce(v)}return await e.startCheckSessionAsync(a.checkSessionIframe,t,u,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:A,state:"request.state",callbackPath:d.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Pe={access_token:"access_token",refresh_token:"refresh_token"},ae=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},un=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},_n=e=>async n=>{V.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await O(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},fn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{const a=e.configuration,l=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let u=!1;i&&(u=i.includes("https://")||i.includes("http://"));const c=u?i:o.getOrigin()+f,_=e.tokens?e.tokens.idToken:"";try{const w=l.revocationEndpoint;if(w){const T=[],S=e.tokens?e.tokens.accessToken:null;if(S&&a.logout_tokens_to_invalidate.includes(Pe.access_token)){const h=ae(r,":revoke_access_token"),d=ve(s)(w,S,ie.access_token,a.client_id,h);T.push(d)}const E=e.tokens?e.tokens.refreshToken:null;if(E&&a.logout_tokens_to_invalidate.includes(Pe.refresh_token)){const h=ae(r,":revoke_refresh_token"),d=ve(s)(w,E,ie.refresh_token,a.client_id,h);T.push(d)}T.length>0&&await Promise.all(T)}}catch(w){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(w)}const y=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[w,T]of Object.entries(n))T!==e?await e.logoutSameTabAsync(e.configuration.client_id,y):e.publishEvent(m.logout_from_same_tab,{});const g=ae(r,":oidc");if(g&&g.no_reload==="true")return;const k=un(r);if(l.endSessionEndpoint){"id_token_hint"in k||(k.id_token_hint=_),!("post_logout_redirect_uri"in k)&&i!==null&&(k.post_logout_redirect_uri=c);let w="";for(const[T,S]of Object.entries(k))S!=null&&(w===""?w+="?":w+="&",w+=`${T}=${encodeURIComponent(S)}`);o.open(`${l.endSessionEndpoint}${w}`)}else o.reload()},Oe=(e,n,s=!1)=>async(...t)=>{var y;const[o,i,...r]=t,a=i?{...i}:{method:"GET"};let l=new Headers;a.headers&&(l=a.headers instanceof Headers?a.headers:new Headers(a.headers));const f=n,u=await fe(f),c=(y=u==null?void 0:u.tokens)==null?void 0:y.accessToken;if(l.has("Accept")||l.set("Accept","application/json"),c){if(f.configuration.demonstrating_proof_of_possession&&s){const g=await f.generateDemonstrationOfProofOfPossessionAsync(c,o.toString(),a.method);l.set("Authorization",`PoP ${c}`),l.set("DPoP",g)}else l.set("Authorization",`Bearer ${c}`);a.credentials||(a.credentials="same-origin")}const _={...a,headers:l};return await e(o,_,...r)},dn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,a=await(async()=>{const f=await Oe(fetch,e,s)(i);return f.status!==200?null:f.json()})();return e.userInfo=a,a};class H{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const hn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),yn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const l=i[a];if(l.r.test(s)){o=l.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function gn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const kn=()=>{const{name:e,version:n}=gn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=yn(navigator);return!hn(s)},mn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=J(e,e.tokens.expiresAt,i.extras);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=O(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=X(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=J(e,e.tokens.expiresAt,r.extras);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,a),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ie=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const W={},pn=(e,n=new H)=>(s,t="default")=>(W[t]||(W[t]=new N(s,t,e,n)),W[t]),wn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=J(e,n.expiresAt),{callbackPath:s}},An=e=>Math.floor(Math.random()*e),j=class j{constructor(n,s="default",t,o=new H){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new H;const a=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??R.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??Y.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:a,service_worker_activate:n.service_worker_activate??kn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ve,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ie,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=An(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(W,n)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
-
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return
|
|
1
|
+
(function(C,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(C=typeof globalThis<"u"?globalThis:C||self,G(C["oidc-client"]={}))})(this,function(C){"use strict";const R=console;class Ce{constructor(n,s,t,o=2e3,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(R.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(R.debug(n),R.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):R.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){R.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(R.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},O=(e,n=sessionStorage)=>{const s=h=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:h}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const h=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:h.tokens,status:h.status})},o=h=>{n[`oidc.${e}`]=JSON.stringify({tokens:h})},i=async h=>{n[`oidc.session_state.${e}`]=h},r=async()=>n[`oidc.session_state.${e}`],a=h=>{n[`oidc.nonce.${e}`]=h.nonce},l=h=>{n[`oidc.jwk.${e}`]=JSON.stringify(h)},f=()=>JSON.parse(n[`oidc.jwk.${e}`]),u=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async h=>{n[`oidc.dpop_nonce.${e}`]=h},_=()=>n[`oidc.dpop_nonce.${e}`],y=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null;let g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:y,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:u,setLoginParams:h=>{g[e]=h,n[`oidc.login.${e}`]=JSON.stringify(h)},getLoginParams:()=>{const h=n[`oidc.login.${e}`];return h?(g[e]||(g[e]=JSON.parse(h)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async h=>{n[`oidc.state.${e}`]=h},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async h=>{n[`oidc.code_verifier.${e}`]=h},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:l,getDemonstratingProofOfPossessionJwkAsync:f}};var $=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))($||{});const Ne=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),xe=e=>JSON.parse(Ne(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&We(e,".")===2?xe(e.split(".")[1]):null}catch(n){console.warn(n)}return null},We=(e,n)=>e.split(n).length-1,Y={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const X=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,l=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Le(e,t,r);let f;e.expiresAt?f=e.expiresAt:s===Y.access_token_invalid?f=l:s===Y.id_token_invalid?f=a:f=a<l?a:l;const u={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:f,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...u,refreshToken:c}}return u},ne=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),X(t,n,s)},F=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=e=>e?F(0,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!_e(e.tokens)&&t>0;){if(e.configuration.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await Q({milliseconds:n});t=t-1}return{isTokensValid:_e(e.tokens),tokens:e.tokens,numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},V=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.22.18";let ye=null,z;const Q=({milliseconds:e})=>new Promise(n=>V.setTimeout(n,e)),ge=(e="/")=>{try{z=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:z.signal}).catch(t=>{console.log(t)}),Q({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},De=()=>{z&&z.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistering ${t}`),await Q({milliseconds:2e3}),e.reload()},P=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=()=>{const d=sessionStorage.getItem(`oidc.tabId.${n}`);if(d)return d;const p=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${n}`,p),p},t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;let o=null;e.register?o=await e.service_worker_register(t):o=await navigator.serviceWorker.register(t);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await P(o)({type:"claim"})}catch{return null}const i=async d=>P(o)({type:"clear",data:{status:d},configurationName:n}),r=async(d,p,b)=>{const D=await P(o)({type:"init",data:{oidcServerConfiguration:d,where:p,oidcConfiguration:{token_renew_mode:b.token_renew_mode,service_worker_convert_all_requests_to_cors:b.service_worker_convert_all_requests_to_cors}},configurationName:n,tabId:s()}),v=D.version;return v!==he&&(console.warn(`Service worker ${v} version mismatch with js client version ${he}, unregistering and reloading`),await b.service_worker_update_require_callback(o,De)),{tokens:ne(D.tokens,null,b.token_renew_mode),status:D.status}},a=(d="/")=>{ye==null&&(ye="not_null",ge(d))},l=d=>P(o)({type:"setSessionState",data:{sessionState:d},configurationName:n}),f=async()=>(await P(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,u=d=>{const p=s();return sessionStorage[`oidc.nonce.${n}`]=d.nonce,P(o)({type:"setNonce",data:{nonce:d},configurationName:n,tabId:p})},c=async()=>{const d=s();let b=(await P(o)({type:"getNonce",data:null,configurationName:n,tabId:d})).nonce;return b||(b=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:b}};let _={};return{clearAsync:i,initAsync:r,startKeepAliveServiceWorker:()=>a(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:l,getSessionStateAsync:f,setNonceAsync:u,getNonceAsync:c,setLoginParams:d=>{_[n]=d,localStorage[`oidc.login.${n}`]=JSON.stringify(d)},getLoginParams:()=>{const d=localStorage[`oidc.login.${n}`];return _[n]||(_[n]=JSON.parse(d)),_[n]},getStateAsync:async()=>{const d=s();let b=(await P(o)({type:"getState",data:null,configurationName:n,tabId:d})).state;return b||(b=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),b},setStateAsync:async d=>{const p=s();return sessionStorage[`oidc.state.${n}`]=d,P(o)({type:"setState",data:{state:d},configurationName:n,tabId:p})},getCodeVerifierAsync:async()=>{const d=s();let b=(await P(o)({type:"getCodeVerifier",data:null,configurationName:n,tabId:d})).codeVerifier;return b||(b=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),b},setCodeVerifierAsync:async d=>{const p=s();return sessionStorage[`oidc.code_verifier.${n}`]=d,P(o)({type:"setCodeVerifier",data:{codeVerifier:d},configurationName:n,tabId:p})},setDemonstratingProofOfPossessionNonce:async d=>{await P(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:d},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await P(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async d=>{const p=JSON.stringify(d);await P(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:p},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const d=await P(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return d.demonstratingProofOfPossessionJwkJson?JSON.parse(d.demonstratingProofOfPossessionJwkJson):null}}},K={},Ke=(e,n=window.sessionStorage,s)=>{if(!K[e]&&n){const o=n.getItem(e);o&&(K[e]=JSON.parse(o))}const t=1e3*s;return K[e]&&K[e].timestamp+t>Date.now()?K[e].result:null},Ue=(e,n,s=window.sessionStorage)=>{const t=Date.now();K[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function ke(e){return new TextEncoder().encode(e)}function me(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Fe(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const se=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),me(n)};function pe(e){return me(Fe(e))}const Ve={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"};var Me={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:pe(JSON.stringify(s)),payload:pe(JSON.stringify(t))},a=o.importKeyAlgorithm,l=!0,f=["sign"],u=await e.crypto.subtle.importKey("jwk",n,a,l,f),c=ke(`${r.protected}.${r.payload}`),_=o.signAlgorithm,y=await e.crypto.subtle.sign(_,u,c);return r.signature=se(new Uint8Array(y)),`${r.protected}.${r.payload}.${r.signature}`}};const Je={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}};var Be={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,ke(t));return se(new Uint8Array(o))}};const He=e=>async n=>await Je.generate(e)(n),we=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(je()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await Be.thumbprint(e)(s,n.digestAlgorithm);return await Me.sign(e)(s,{kid:a},r,n)},je=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Ae=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},te="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%te.length;n.push(te[t])}return n.join("")},oe=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Ae();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*te.length|0;return qe(n)};function Ge(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function Se(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Ge(e)).then(t=>n(se(new Uint8Array(t))),t=>s(t))})}const Ye=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Ae();return n?Se(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Xe=60*60,ze=e=>async(n,s=Xe,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Ke(r,t,s);if(a)return new ce(a);const l=await M(e)(i,{},o);if(l.status!==200)return null;const f=await l.json();return Ue(r,f,t),new ce(f)},M=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await M(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},ie={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,s,t=ie.refresh_token,o,i={},r=1e4)=>{const a={token:s,token_type_hint:t,client_id:o};for(const[c,_]of Object.entries(i))a[c]===void 0&&(a[c]=_);const l=[];for(const c in a){const _=encodeURIComponent(c),y=encodeURIComponent(a[c]);l.push(`${_}=${y}`)}const f=l.join("&");return(await M(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:f},r)).status!==200?{success:!1}:{success:!0}},Qe=e=>async(n,s,t,o,i={},r,a=1e4)=>{for(const[y,g]of Object.entries(t))s[y]===void 0&&(s[y]=g);const l=[];for(const y in s){const g=encodeURIComponent(y),w=encodeURIComponent(s[y]);l.push(`${g}=${w}`)}const f=l.join("&"),u=await M(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},a);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};const c=await u.json();let _=null;return u.headers.has(Z)&&(_=u.headers.get(Z)),{success:!0,status:u.status,data:ne(c,o,r),demonstratingProofOfPossessionNonce:_}},Ze=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=oe(128),i=await Ye(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[a,l]of Object.entries(t))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(l)}`;n.open(`${s}${r}`)},Z="DPoP-Nonce",en=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const c in s){const _=encodeURIComponent(c),y=encodeURIComponent(s[c]);r.push(`${_}=${y}`)}const a=r.join("&"),l=await M(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),l.status!==200)return{success:!1,status:l.status};let f=null;l.headers.has(Z)&&(f=l.headers.get(Z));const u=await l.json();return{success:!0,data:{state:s.state,tokens:ne(u,null,o),demonstratingProofOfPossessionNonce:f}}};async function Te(e,n,s){const t=a=>{e.tokens=a},{tokens:o,status:i}=await ee(e)(0,n,s,t);return await I(e.configuration,e.configurationName)||await O(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(i),null)}const nn=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=O(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=X(o,e.tokens,n.token_renew_mode),o}};async function be(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let i;const r=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!r?i=await Te(e,n,s):i=await navigator.locks.request(o,{ifAvailable:!0},async a=>a?await Te(e,n,s):(e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await nn(e,t))),i?(e.timeoutId&&(e.timeoutId=J(e,e.tokens.expiresAt,s)),e.tokens):null}const J=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return V.setTimeout(async()=>{const i={timeLeft:F(t,n)};e.publishEvent(N.eventNames.token_timer,i),await be(e,!1,s)},1e3)},W={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),l=await I(n,s);if(l){const{status:c,tokens:_}=await l.initAsync(a,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!c||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const g=F(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",w=await l.getNonceAsync();return{tokens:_,status:g,nonce:w}}r=await l.getNonceAsync()}else{const c=O(s,n.storage??sessionStorage);let{tokens:_,status:y}=await c.initAsync();if(_&&(_=X(_,e.tokens,n.token_renew_mode)),_){if(y==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(_.issuedAt!==t.issuedAt){const w=F(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",k=await c.getNonceAsync();return{tokens:_,status:w,nonce:k}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await c.getNonceAsync()}const u=F(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:u,nonce:r}},ee=e=>async(n=0,s=!1,t=null,o)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let i=6;for(;!navigator.onLine&&i>0;)await Q({milliseconds:1e3}),i--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${i}`});const r=n+1;t||(t={});const a=e.configuration,l=(u,c=null,_=null)=>re(e.configurationName,e.configuration,e.publishEvent.bind(e))(u,c,_),f=async()=>{try{let u;const c=await I(a,e.configurationName);c?u=c.getLoginParams():u=O(e.configurationName,a.storage).getLoginParams();const _=await l({...u.extras,...t,prompt:"none"});return _?_.error?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(_.tokens),e.publishEvent(N.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}):(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(u){return console.error(u),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:u.message}),await ee(e)(r,s,t,o)}};try{const{status:u,tokens:c,nonce:_}=await sn(e)(a,e.configurationName,e.tokens,s);switch(u){case W.SESSION_LOST:return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case W.NOT_CONNECTED:return o(null),{tokens:null,status:null};case W.TOKENS_VALID:return o(c),{tokens:c,status:"LOGGED_IN"};case W.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(c),e.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:c,status:"LOGGED_IN"};case W.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case W.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==u?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:n}),await f());default:{if(a.token_automatic_renew_mode==$.AutomaticOnlyWhenFetchExecuted&&W.FORCE_REFRESH!==u)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:c.refreshToken,status:u,tryNumber:n}),!c.refreshToken)return await f();const y=a.client_id,g=a.redirect_uri,w=a.authority,A={...a.token_request_extras?a.token_request_extras:{}};for(const[S,E]of Object.entries(t))S.endsWith(":token_request")&&(A[S.replace(":token_request","")]=E);return await(async()=>{const S={client_id:y,redirect_uri:g,grant_type:"refresh_token",refresh_token:c.refreshToken},E=await e.initAsync(w,a.authority_configuration),h=document.hidden?1e4:3e4*10,x=E.tokenEndpoint,d={};a.demonstrating_proof_of_possession&&(d.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(c.accessToken,x,"POST"));const p=await Qe(e.getFetch())(x,S,A,c,d,a.token_renew_mode,h);if(p.success){const{isValid:b,reason:D}=de(p.data,_.nonce,E);if(!b)return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${D}`}),{tokens:null,status:"SESSION_LOST"};if(o(p.data),p.demonstratingProofOfPossessionNonce){const v=await I(a,e.configurationName);v?await v.setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce):await O(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:p.success}),e.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:p.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:p}),p.status>=400&&p.status<500?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${p.status}`}),{tokens:null,status:"SESSION_LOST"}):await ee(e)(r,s,t,o)})()}}}catch(u){return console.error(u),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:u.message}),new Promise((c,_)=>{setTimeout(()=>{ee(e)(r,s,t,o).then(c).catch(_)},1e3)})}},re=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[c,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(c)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;const a=n.silent_login_uri+r,l=a.indexOf("/",a.indexOf("//")+2),f=a.substring(0,l),u=document.createElement("iframe");return u.width="0px",u.height="0px",u.id=`${e}_oidc_iframe`,u.setAttribute("src",a),document.body.appendChild(u),new Promise((c,_)=>{let y=!1;const g=()=>{window.removeEventListener("message",w),u.remove(),y=!0},w=k=>{if(k.origin===f&&k.source===u.contentWindow){const A=`${e}_oidc_tokens:`,T=`${e}_oidc_error:`,S=`${e}_oidc_exception:`,E=k.data;if(E&&typeof E=="string"&&!y){if(E.startsWith(A)){const h=JSON.parse(k.data.replace(A,""));s(m.silentLoginAsync_end,{}),c(h),g()}else if(E.startsWith(T)){const h=JSON.parse(k.data.replace(T,""));s(m.silentLoginAsync_error,h),c({error:"oidc_"+h.error,tokens:null,sessionState:null}),g()}else if(E.startsWith(S)){const h=JSON.parse(k.data.replace(S,""));s(m.silentLoginAsync_error,h),_(new Error(h.error)),g()}}}};try{window.addEventListener("message",w);const k=n.silent_login_timeout;setTimeout(()=>{y||(g(),s(m.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},k)}catch(k){g(),s(m.silentLoginAsync_error,k),_(k)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},tn=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const a=(f,u,c)=>re(n,s,t.bind(o))(f,u,c);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const u=s.extras?{...s.extras,...i}:i,c=await a({...u,prompt:"none"},f,r);if(c)return o.tokens=c.tokens,t(m.token_aquired,{}),o.timeoutId=J(o,o.tokens.expiresAt,i),{}}catch(u){return u}})()},on=(e,n,s)=>(t,o,i,r=!1)=>{const a=(l,f=void 0,u=void 0)=>re(e.configurationName,s,e.publishEvent.bind(e))(l,f,u);return new Promise((l,f)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const u=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const _=c.idToken,y=c.idTokenPayload;return a({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const w=g.tokens.idTokenPayload;if(y.sub===w.sub){const k=g.sessionState;e.checkSessionIFrame.start(g.sessionState),y.sid===w.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",k):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",k)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",w.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[w,k]of Object.entries(n))await k.logoutOtherTabAsync(s.client_id,y.sub)})};e.checkSessionIFrame=new Ce(u,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),l(e.checkSessionIFrame)}).catch(c=>{f(c)})}else l(null)})},Ee=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},rn=e=>{const n=Ee(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},B=e=>{const n=Ee(e),{search:s}=n;return an(s)},an=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},cn=(e,n,s,t,o)=>(i=void 0,r=null,a=!1,l=void 0)=>{const f=r;return r={...r},(async()=>{const c=i||o.getPath();if("state"in r||(r.state=oe(16)),s(m.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=a?n.silent_redirect_uri:n.redirect_uri;l||(l=n.scope);const y=n.extras?{...n.extras,...r}:r;y.nonce||(y.nonce=oe(12));const g={nonce:y.nonce},w=await I(n,e),k=await t(n.authority,n.authority_configuration);let A;if(w)w.setLoginParams({callbackPath:c,extras:f}),await w.initAsync(k,"loginAsync",n),await w.setNonceAsync(g),w.startKeepAliveServiceWorker(),A=w;else{const S=O(e,n.storage??sessionStorage);S.setLoginParams({callbackPath:c,extras:f}),await S.setNonceAsync(g),A=S}const T={client_id:n.client_id,redirect_uri:_,scope:l,response_type:"code",...y};await Ze(A,o)(k.authorizationEndpoint,T)}catch(_){throw s(m.loginAsync_error,_),_}})()},ln=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,a=await e.initAsync(i,s.authority_configuration),l=e.location.getCurrentHref(),u=B(l).session_state,c=await I(s,e.configurationName);let _,y,g,w;if(c)await c.initAsync(a,"loginCallbackAsync",s),await c.setSessionStateAsync(u),y=await c.getNonceAsync(),g=c.getLoginParams(),w=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const v=O(e.configurationName,s.storage??sessionStorage);await v.setSessionStateAsync(u),y=await v.getNonceAsync(),g=v.getLoginParams(),w=await v.getStateAsync(),_=v}const k=B(l);if(k.error||k.error_description)throw new Error(`Error from OIDC server: ${k.error} - ${k.error_description}`);if(k.iss&&k.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`);if(k.state&&k.state!==w)throw new Error(`State not valid (expected: ${w}, received: ${k.state})`);const A={code:k.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},T={};if(s.token_request_extras)for(const[v,q]of Object.entries(s.token_request_extras))T[v]=q;if(g&&g.extras)for(const[v,q]of Object.entries(g.extras))v.endsWith(":token_request")&&(T[v.replace(":token_request","")]=q);const S=a.tokenEndpoint,E={};if(s.demonstrating_proof_of_possession)if(c)E.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const v=await He(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await O(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(v),E.DPoP=await we(window)(s.demonstrating_proof_of_possession_configuration)(v,"POST",S)}const h=await en(_)(S,{...A,...T},E,e.configuration.token_renew_mode,r);if(!h.success)throw new Error("Token request failed");let x;const d=h.data.tokens,p=h.data.demonstratingProofOfPossessionNonce;if(h.data.state!==T.state)throw new Error("state is not valid");const{isValid:b,reason:D}=de(d,y.nonce,a);if(!b)throw new Error(`Tokens are not OpenID valid, reason: ${D}`);if(c){if(d.refreshToken&&!d.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(p&&d.accessToken&&d.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(a,"syncTokensAsync",s),x=c.getLoginParams(),p&&await c.setDemonstratingProofOfPossessionNonce(p);else{const v=O(e.configurationName,s.storage);x=v.getLoginParams(),p&&await v.setDemonstratingProofOfPossessionNonce(p)}return await e.startCheckSessionAsync(a.checkSessionIframe,t,u,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:d,state:"request.state",callbackPath:x.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Pe={access_token:"access_token",refresh_token:"refresh_token"},ae=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},un=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},_n=e=>async n=>{V.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await O(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},fn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{const a=e.configuration,l=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let u=!1;i&&(u=i.includes("https://")||i.includes("http://"));const c=u?i:o.getOrigin()+f,_=e.tokens?e.tokens.idToken:"";try{const A=l.revocationEndpoint;if(A){const T=[],S=e.tokens?e.tokens.accessToken:null;if(S&&a.logout_tokens_to_invalidate.includes(Pe.access_token)){const h=ae(r,":revoke_access_token"),x=ve(s)(A,S,ie.access_token,a.client_id,h);T.push(x)}const E=e.tokens?e.tokens.refreshToken:null;if(E&&a.logout_tokens_to_invalidate.includes(Pe.refresh_token)){const h=ae(r,":revoke_refresh_token"),x=ve(s)(A,E,ie.refresh_token,a.client_id,h);T.push(x)}T.length>0&&await Promise.all(T)}}catch(A){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(A)}const y=e.tokens&&e.tokens.idTokenPayload?e.tokens.idTokenPayload.sub:null;await e.destroyAsync("LOGGED_OUT");for(const[A,T]of Object.entries(n))T!==e?await e.logoutSameTabAsync(e.configuration.client_id,y):e.publishEvent(m.logout_from_same_tab,{});const g=ae(r,":oidc");if(g&&g.no_reload==="true")return;const k=un(r);if(l.endSessionEndpoint){"id_token_hint"in k||(k.id_token_hint=_),!("post_logout_redirect_uri"in k)&&i!==null&&(k.post_logout_redirect_uri=c);let A="";for(const[T,S]of Object.entries(k))S!=null&&(A===""?A+="?":A+="&",A+=`${T}=${encodeURIComponent(S)}`);o.open(`${l.endSessionEndpoint}${A}`)}else o.reload()},Oe=(e,n,s=!1)=>async(...t)=>{var y;const[o,i,...r]=t,a=i?{...i}:{method:"GET"};let l=new Headers;a.headers&&(l=a.headers instanceof Headers?a.headers:new Headers(a.headers));const f=n,u=await fe(f),c=(y=u==null?void 0:u.tokens)==null?void 0:y.accessToken;if(l.has("Accept")||l.set("Accept","application/json"),c){if(f.configuration.demonstrating_proof_of_possession&&s){const g=await f.generateDemonstrationOfProofOfPossessionAsync(c,o.toString(),a.method);l.set("Authorization",`PoP ${c}`),l.set("DPoP",g)}else l.set("Authorization",`Bearer ${c}`);a.credentials||(a.credentials="same-origin")}const _={...a,headers:l};return await e(o,_,...r)},dn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,a=await(async()=>{const f=await Oe(fetch,e,s)(i);return f.status!==200?null:f.json()})();return e.userInfo=a,a};class H{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const hn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),yn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const l=i[a];if(l.r.test(s)){o=l.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function gn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const kn=()=>{const{name:e,version:n}=gn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=yn(navigator);return!hn(s)},mn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=J(e,e.tokens.expiresAt,i.extras);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=O(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=X(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=J(e,e.tokens.expiresAt,r.extras);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,a),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ie=()=>fetch;class ce{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const L={},pn=(e,n=new H)=>(s,t="default")=>(L[t]||(L[t]=new N(s,t,e,n)),L[t]),wn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=J(e,n.expiresAt),{callbackPath:s}},An=e=>Math.floor(Math.random()*e),j=class j{constructor(n,s="default",t,o=new H){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new H;const a=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??$.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??Y.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:a,service_worker_activate:n.service_worker_activate??kn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ve,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ie,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=An(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(L,n)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
+
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return L[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=B(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=B(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ce({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=mn(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await on(this,L,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:i?tn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=cn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await ln(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(j.eventNames.token_aquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await Se(n),...o},a=await I(i,this.configurationName);let l;if(a)return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const f=O(this.configurationName,i.storage);let u=await f.getDemonstratingProofOfPossessionJwkAsync();return l=await f.getDemonstratingProofOfPossessionNonce(),l&&(r.nonce=l),await we(window)(i.demonstrating_proof_of_possession_configuration)(u,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=wn(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,s=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=dn(this)(n,s),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=be(this,!0,n),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await _n(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=fn(this,L,this.getFetch(),console,this.location)(n,s),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};j.getOrCreate=(n,s)=>(t,o="default")=>pn(n,s)(t,o),j.eventNames=m;let N=j;const U=class U{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new U(N.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t,o)}async getValidTokenAsync(n=200,s=50){return fe(this._oidc,n,s)}fetchWithTokens(n,s=!1){return Oe(n,this,s)}async userInfoAsync(n=!1,s=!1){return this._oidc.userInfoAsync(n,s)}userInfo(){return this._oidc.userInfo}};U.getOrCreate=(n,s=new H)=>(t,o="default")=>new U(N.getOrCreate(n,s)(t,o)),U.eventNames=N.eventNames;let le=U;C.OidcClient=le,C.OidcLocation=H,C.TokenAutomaticRenewMode=$,C.TokenRenewMode=Y,C.getFetchDefault=Ie,C.getParseQueryStringFromLocation=B,C.getPath=rn,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})});
|
package/dist/initWorker.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../src/initWorker.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,OAAO,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAI1C,eAAO,MAAM,UAAU,qBAAoB;IAAE,YAAY,EAAE,GAAG,CAAA;CAAE,qBAE/D,CAAC;AA4BF,eAAO,MAAM,yCAAyC,aAAa,cAAc,oBAA0B,GAAG,iBAAiB,QAAQ,kBAOtI,CAAA;AAqBD,eAAO,MAAM,eAAe;;
|
|
1
|
+
{"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../src/initWorker.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,OAAO,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAI1C,eAAO,MAAM,UAAU,qBAAoB;IAAE,YAAY,EAAE,GAAG,CAAA;CAAE,qBAE/D,CAAC;AA4BF,eAAO,MAAM,yCAAyC,aAAa,cAAc,oBAA0B,GAAG,iBAAiB,QAAQ,kBAOtI,CAAA;AAqBD,eAAO,MAAM,eAAe;;6EAwCmD,iBAAiB;;;;;;yCAiCjD,MAAM;;;;;;;;;2BA4Ed,MAAM;;yCAkBQ,MAAM;kFApDoC,MAAM;;mFASN,UAAU;;EAqExG,CAAC"}
|
package/dist/oidc.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";AACA,OAAO,EAAC,kBAAkB,EAAC,MAAM,yBAAyB,CAAC;AAM3D,OAAO,EAAiB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AASzD,OAAO,EAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAA0B,MAAM,YAAY,CAAC;AAOhH,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAMxD,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACtD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAC,MAAM,CAAC;CACjB;AAID,qBAAa,qCAAqC;IAC9C,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CAS3B;AAUD,MAAM,MAAM,aAAa,GAAG;IACxB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG;IAChC,YAAY,EAAC,MAAM,CAAC;IACpB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAYD,qBAAa,IAAI;IACN,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBACpB,aAAa,EAAC,iBAAiB,EAAE,iBAAiB,QAAY,EAAE,QAAQ,EAAG,MAAM,KAAK,EAAE,QAAQ,GAAE,cAAmC;IA+CjJ,eAAe,CAAC,IAAI,KAAA,GAAE,MAAM;IAM5B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,YAAW,cAAc,gDAEnE;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAQ9B,mCAAmC,CAAC,SAAS,MAAK;IAa5C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAC,MAAM,EAAE,sBAAsB,EAAC,sBAAsB;IA+B/E,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";AACA,OAAO,EAAC,kBAAkB,EAAC,MAAM,yBAAyB,CAAC;AAM3D,OAAO,EAAiB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AASzD,OAAO,EAAC,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAA0B,MAAM,YAAY,CAAC;AAOhH,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAMxD,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACtD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAC,MAAM,CAAC;CACjB;AAID,qBAAa,qCAAqC;IAC9C,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CAS3B;AAUD,MAAM,MAAM,aAAa,GAAG;IACxB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG;IAChC,YAAY,EAAC,MAAM,CAAC;IACpB,YAAY,EAAC,MAAM,CAAC;CACvB,CAAA;AAYD,qBAAa,IAAI;IACN,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBACpB,aAAa,EAAC,iBAAiB,EAAE,iBAAiB,QAAY,EAAE,QAAQ,EAAG,MAAM,KAAK,EAAE,QAAQ,GAAE,cAAmC;IA+CjJ,eAAe,CAAC,IAAI,KAAA,GAAE,MAAM;IAM5B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,YAAW,cAAc,gDAEnE;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAQ9B,mCAAmC,CAAC,SAAS,MAAK;IAa5C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAC,MAAM,EAAE,sBAAsB,EAAC,sBAAsB;IA+B/E,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/C,sBAAsB,CAAC,qBAAqB,KAAA,EAAE,QAAQ,KAAA,EAAE,YAAY,KAAA,EAAE,cAAc,UAAQ;IAIlG,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC7B,UAAU,CAAC,YAAY,GAAC,MAAkB,EAAE,MAAM,GAAC,SAAgB,EAAE,cAAc,UAAQ,EAAE,KAAK,GAAC,MAAkB,EAAE,eAAe,UAAQ;IAiBpJ,oBAAoB,EAAG,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,kBAAkB,CAAC,aAAa,UAAQ;IA6BxC,6CAA6C,CAAC,WAAW,EAAC,MAAM,EAAE,GAAG,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM,EAAE,MAAM,GAAC,SAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IA2BzI,uCAAuC,EAAC,OAAO,CAAC,aAAa,CAAC,CAAQ;IACrE,qCAAqC,IAAG,OAAO,CAAC,aAAa,CAAC;IAU/D,eAAe,EAAC,OAAO,CAAC,GAAG,CAAC,CAAQ;IACnC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAM;IAUvE,kBAAkB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAQ;IAEhC,gBAAgB,CAAE,MAAM,GAAC,SAAgB;IAezC,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAQ9C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAQpD,aAAa,EAAC,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC7B,WAAW,CAAC,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,MAAM,GAAE,SAAgB;CASrG;AAED,eAAe,IAAI,CAAC"}
|
package/dist/oidcClient.d.ts
CHANGED
|
@@ -54,7 +54,7 @@ export declare class OidcClient {
|
|
|
54
54
|
get configuration(): OidcConfiguration;
|
|
55
55
|
generateDemonstrationOfProofOfPossessionAsync(accessToken: string, url: string, method: string, extras?: StringMap): Promise<string>;
|
|
56
56
|
getValidTokenAsync(waitMs?: number, numberWait?: number): Promise<ValidToken>;
|
|
57
|
-
fetchWithTokens(fetch: Fetch, demonstrating_proof_of_possession
|
|
57
|
+
fetchWithTokens(fetch: Fetch, demonstrating_proof_of_possession?: boolean): Fetch;
|
|
58
58
|
userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache?: boolean, demonstrating_proof_of_possession?: boolean): Promise<T>;
|
|
59
59
|
userInfo<T extends OidcUserInfo = OidcUserInfo>(): T;
|
|
60
60
|
}
|
package/dist/oidcClient.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAGxD,MAAM,WAAW,eAAe;IAC5B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAC,GAAG,OAAE;CAC5B;AAED,qBAAa,UAAU;IACnB,OAAO,CAAC,KAAK,CAAO;gBACR,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAC,eAAe,GAAE,MAAM;IAI5C,uBAAuB,CAAC,EAAE,EAAC,MAAM,GAAE,IAAI;IAIvC,YAAY,CAAC,SAAS,EAAC,MAAM,EAAE,IAAI,EAAC,GAAG,GAAI,IAAI;IAI/C,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,aAAW,cAAc,qBAAwC,iBAAiB,oBAAqB,UAAU,CAE3J;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAE,UAAU;IAIvC,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAmB;IACpC,2BAA2B,IAAG,OAAO,CAAC,OAAO,CAAC;IAI9C,UAAU,CAAC,YAAY,GAAC,MAAkB,EAAE,MAAM,GAAC,SAAgB,EAAE,cAAc,UAAQ,EAAE,KAAK,GAAC,MAAkB,EAAE,eAAe,UAAQ,GAAE,OAAO,CAAC,OAAO,CAAC;IAIhK,WAAW,CAAC,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,MAAM,GAAE,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAI7G,wBAAwB,IAAG,OAAO,CAAC,IAAI,CAAC;IAIxC,gBAAgB,CAAC,MAAM,GAAC,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAIvD,kBAAkB,IAAG,OAAO,CAAC,aAAa,CAAC;IAI3C,IAAI,MAAM,IAAG,MAAM,CAElB;IAED,IAAI,aAAa,IAAG,iBAAiB,CAEpC;IAEK,6CAA6C,CAAC,WAAW,EAAC,MAAM,EAAE,GAAG,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM,EAAE,MAAM,GAAC,SAAa,GAAI,OAAO,CAAC,MAAM,CAAC;IAIpI,kBAAkB,CAAC,MAAM,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,UAAU,CAAC;IAI5E,eAAe,CAAC,KAAK,EAAE,KAAK,EAAE,iCAAiC,
|
|
1
|
+
{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EAAC,cAAc,EAAe,MAAM,YAAY,CAAC;AAGxD,MAAM,WAAW,eAAe;IAC5B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAC,GAAG,OAAE;CAC5B;AAED,qBAAa,UAAU;IACnB,OAAO,CAAC,KAAK,CAAO;gBACR,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAC,eAAe,GAAE,MAAM;IAI5C,uBAAuB,CAAC,EAAE,EAAC,MAAM,GAAE,IAAI;IAIvC,YAAY,CAAC,SAAS,EAAC,MAAM,EAAE,IAAI,EAAC,GAAG,GAAI,IAAI;IAI/C,MAAM,CAAC,WAAW,aAAe,MAAM,KAAK,aAAW,cAAc,qBAAwC,iBAAiB,oBAAqB,UAAU,CAE3J;IAEF,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAE,UAAU;IAIvC,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAmB;IACpC,2BAA2B,IAAG,OAAO,CAAC,OAAO,CAAC;IAI9C,UAAU,CAAC,YAAY,GAAC,MAAkB,EAAE,MAAM,GAAC,SAAgB,EAAE,cAAc,UAAQ,EAAE,KAAK,GAAC,MAAkB,EAAE,eAAe,UAAQ,GAAE,OAAO,CAAC,OAAO,CAAC;IAIhK,WAAW,CAAC,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,MAAM,GAAE,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAI7G,wBAAwB,IAAG,OAAO,CAAC,IAAI,CAAC;IAIxC,gBAAgB,CAAC,MAAM,GAAC,SAAgB,GAAE,OAAO,CAAC,IAAI,CAAC;IAIvD,kBAAkB,IAAG,OAAO,CAAC,aAAa,CAAC;IAI3C,IAAI,MAAM,IAAG,MAAM,CAElB;IAED,IAAI,aAAa,IAAG,iBAAiB,CAEpC;IAEK,6CAA6C,CAAC,WAAW,EAAC,MAAM,EAAE,GAAG,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM,EAAE,MAAM,GAAC,SAAa,GAAI,OAAO,CAAC,MAAM,CAAC;IAIpI,kBAAkB,CAAC,MAAM,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,UAAU,CAAC;IAI5E,eAAe,CAAC,KAAK,EAAE,KAAK,EAAE,iCAAiC,GAAC,OAAe,GAAG,KAAK;IAIjF,aAAa,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,EAAE,OAAO,UAAQ,EAAE,iCAAiC,GAAC,OAAa,GAAE,OAAO,CAAC,CAAC,CAAC;IAIvI,QAAQ,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,KAAI,CAAC;CAGtD;AAED,MAAM,WAAW,YAAY;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB"}
|
package/dist/version.d.ts
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axa-fr/oidc-client",
|
|
3
|
-
"version": "7.22.
|
|
3
|
+
"version": "7.22.18",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.umd.cjs",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"url": "https://github.com/AxaFrance/oidc-client.git"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@axa-fr/oidc-client-service-worker": "7.22.
|
|
23
|
+
"@axa-fr/oidc-client-service-worker": "7.22.18"
|
|
24
24
|
},
|
|
25
25
|
"devDependencies": {
|
|
26
26
|
"@testing-library/dom": "10.1.0",
|
package/src/initWorker.ts
CHANGED
|
@@ -65,7 +65,18 @@ const sendMessageAsync = (registration) => (data) : Promise<any> => {
|
|
|
65
65
|
};
|
|
66
66
|
|
|
67
67
|
export const initWorkerAsync = async(configuration, configurationName) => {
|
|
68
|
-
|
|
68
|
+
const getTabId = () => {
|
|
69
|
+
const tabId = sessionStorage.getItem(`oidc.tabId.${configurationName}`);
|
|
70
|
+
|
|
71
|
+
if (tabId) {
|
|
72
|
+
return tabId;
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
const newTabId = globalThis.crypto.randomUUID();
|
|
76
|
+
sessionStorage.setItem(`oidc.tabId.${configurationName}`, newTabId);
|
|
77
|
+
return newTabId;
|
|
78
|
+
}
|
|
79
|
+
|
|
69
80
|
const serviceWorkerRelativeUrl = configuration.service_worker_relative_url;
|
|
70
81
|
if (typeof window === 'undefined' || typeof navigator === 'undefined' || !navigator.serviceWorker || !serviceWorkerRelativeUrl) {
|
|
71
82
|
return null;
|
|
@@ -89,7 +100,7 @@ export const initWorkerAsync = async(configuration, configurationName) => {
|
|
|
89
100
|
} catch (err) {
|
|
90
101
|
return null;
|
|
91
102
|
}
|
|
92
|
-
|
|
103
|
+
|
|
93
104
|
const clearAsync = async (status) => {
|
|
94
105
|
return sendMessageAsync(registration)({ type: 'clear', data: { status }, configurationName });
|
|
95
106
|
};
|
|
@@ -105,6 +116,7 @@ export const initWorkerAsync = async(configuration, configurationName) => {
|
|
|
105
116
|
},
|
|
106
117
|
},
|
|
107
118
|
configurationName,
|
|
119
|
+
tabId: getTabId()
|
|
108
120
|
});
|
|
109
121
|
|
|
110
122
|
// @ts-ignore
|
|
@@ -136,12 +148,14 @@ export const initWorkerAsync = async(configuration, configurationName) => {
|
|
|
136
148
|
};
|
|
137
149
|
|
|
138
150
|
const setNonceAsync = (nonce) => {
|
|
151
|
+
const tabId = getTabId();
|
|
139
152
|
sessionStorage[`oidc.nonce.${configurationName}`] = nonce.nonce;
|
|
140
|
-
return sendMessageAsync(registration)({ type: 'setNonce', data: { nonce }, configurationName });
|
|
153
|
+
return sendMessageAsync(registration)({ type: 'setNonce', data: { nonce }, configurationName, tabId });
|
|
141
154
|
};
|
|
142
155
|
const getNonceAsync = async () => {
|
|
156
|
+
const tabId = getTabId();
|
|
143
157
|
// @ts-ignore
|
|
144
|
-
const result = await sendMessageAsync(registration)({ type: 'getNonce', data: null, configurationName });
|
|
158
|
+
const result = await sendMessageAsync(registration)({ type: 'getNonce', data: null, configurationName, tabId });
|
|
145
159
|
// @ts-ignore
|
|
146
160
|
let nonce = result.nonce;
|
|
147
161
|
if (!nonce) {
|
|
@@ -188,7 +202,8 @@ export const initWorkerAsync = async(configuration, configurationName) => {
|
|
|
188
202
|
};
|
|
189
203
|
|
|
190
204
|
const getStateAsync = async () => {
|
|
191
|
-
const
|
|
205
|
+
const tabId = getTabId();
|
|
206
|
+
const result = await sendMessageAsync(registration)({ type: 'getState', data: null, configurationName, tabId });
|
|
192
207
|
// @ts-ignore
|
|
193
208
|
let state = result.state;
|
|
194
209
|
if (!state) {
|
|
@@ -199,12 +214,14 @@ export const initWorkerAsync = async(configuration, configurationName) => {
|
|
|
199
214
|
};
|
|
200
215
|
|
|
201
216
|
const setStateAsync = async (state:string) => {
|
|
217
|
+
const tabId = getTabId();
|
|
202
218
|
sessionStorage[`oidc.state.${configurationName}`] = state;
|
|
203
|
-
return sendMessageAsync(registration)({ type: 'setState', data: { state }, configurationName });
|
|
219
|
+
return sendMessageAsync(registration)({ type: 'setState', data: { state }, configurationName, tabId });
|
|
204
220
|
};
|
|
205
221
|
|
|
206
222
|
const getCodeVerifierAsync = async () => {
|
|
207
|
-
const
|
|
223
|
+
const tabId = getTabId();
|
|
224
|
+
const result = await sendMessageAsync(registration)({ type: 'getCodeVerifier', data: null, configurationName, tabId });
|
|
208
225
|
// @ts-ignore
|
|
209
226
|
let codeVerifier = result.codeVerifier;
|
|
210
227
|
if (!codeVerifier) {
|
|
@@ -215,8 +232,9 @@ export const initWorkerAsync = async(configuration, configurationName) => {
|
|
|
215
232
|
};
|
|
216
233
|
|
|
217
234
|
const setCodeVerifierAsync = async (codeVerifier:string) => {
|
|
235
|
+
const tabId = getTabId();
|
|
218
236
|
sessionStorage[`oidc.code_verifier.${configurationName}`] = codeVerifier;
|
|
219
|
-
return sendMessageAsync(registration)({ type: 'setCodeVerifier', data: { codeVerifier }, configurationName });
|
|
237
|
+
return sendMessageAsync(registration)({ type: 'setCodeVerifier', data: { codeVerifier }, configurationName, tabId });
|
|
220
238
|
};
|
|
221
239
|
|
|
222
240
|
return {
|
package/src/oidc.ts
CHANGED
|
@@ -243,9 +243,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
243
243
|
return this.tryKeepExistingSessionPromise;
|
|
244
244
|
}
|
|
245
245
|
this.tryKeepExistingSessionPromise = tryKeepSessionAsync(this);
|
|
246
|
-
return this.tryKeepExistingSessionPromise.
|
|
246
|
+
return this.tryKeepExistingSessionPromise.finally(() => {
|
|
247
247
|
this.tryKeepExistingSessionPromise = null;
|
|
248
|
-
return result;
|
|
249
248
|
});
|
|
250
249
|
}
|
|
251
250
|
|
|
@@ -266,9 +265,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
266
265
|
return defaultSilentLoginAsync(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(extras, scope);
|
|
267
266
|
}
|
|
268
267
|
this.loginPromise = defaultLoginAsync(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(callbackPath, extras, isSilentSignin, scope);
|
|
269
|
-
return this.loginPromise.
|
|
268
|
+
return this.loginPromise.finally(() => {
|
|
270
269
|
this.loginPromise = null;
|
|
271
|
-
return result;
|
|
272
270
|
});
|
|
273
271
|
}
|
|
274
272
|
|
|
@@ -297,9 +295,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
297
295
|
return { parsedTokens, state: response.state, callbackPath: response.callbackPath };
|
|
298
296
|
};
|
|
299
297
|
this.loginCallbackPromise = loginCallbackLocalAsync();
|
|
300
|
-
return this.loginCallbackPromise.
|
|
298
|
+
return this.loginCallbackPromise.finally(() => {
|
|
301
299
|
this.loginCallbackPromise = null;
|
|
302
|
-
return result;
|
|
303
300
|
});
|
|
304
301
|
}
|
|
305
302
|
|
|
@@ -336,9 +333,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
336
333
|
return this.loginCallbackWithAutoTokensRenewPromise;
|
|
337
334
|
}
|
|
338
335
|
this.loginCallbackWithAutoTokensRenewPromise = loginCallbackWithAutoTokensRenewAsync(this);
|
|
339
|
-
return this.loginCallbackWithAutoTokensRenewPromise.
|
|
336
|
+
return this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
|
|
340
337
|
this.loginCallbackWithAutoTokensRenewPromise = null;
|
|
341
|
-
return result;
|
|
342
338
|
});
|
|
343
339
|
}
|
|
344
340
|
|
|
@@ -348,9 +344,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
348
344
|
return this.userInfoPromise;
|
|
349
345
|
}
|
|
350
346
|
this.userInfoPromise = userInfoAsync(this)(noCache, demonstrating_proof_of_possession);
|
|
351
|
-
return this.userInfoPromise.
|
|
347
|
+
return this.userInfoPromise.finally(() => {
|
|
352
348
|
this.userInfoPromise = null;
|
|
353
|
-
return result;
|
|
354
349
|
});
|
|
355
350
|
}
|
|
356
351
|
|
|
@@ -366,9 +361,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
366
361
|
timer.clearTimeout(this.timeoutId);
|
|
367
362
|
// @ts-ignore
|
|
368
363
|
this.renewTokensPromise = renewTokensAndStartTimerAsync(this, true, extras);
|
|
369
|
-
return this.renewTokensPromise.
|
|
364
|
+
return this.renewTokensPromise.finally(() => {
|
|
370
365
|
this.renewTokensPromise = null;
|
|
371
|
-
return result;
|
|
372
366
|
});
|
|
373
367
|
}
|
|
374
368
|
|
|
@@ -398,9 +392,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
398
392
|
return this.logoutPromise;
|
|
399
393
|
}
|
|
400
394
|
this.logoutPromise = logoutAsync(this, oidcDatabase, this.getFetch(), console, this.location)(callbackPathOrUrl, extras);
|
|
401
|
-
return this.logoutPromise.
|
|
395
|
+
return this.logoutPromise.finally(() => {
|
|
402
396
|
this.logoutPromise = null;
|
|
403
|
-
return result;
|
|
404
397
|
});
|
|
405
398
|
}
|
|
406
399
|
}
|
package/src/oidcClient.ts
CHANGED
|
@@ -75,7 +75,7 @@ export class OidcClient {
|
|
|
75
75
|
return getValidTokenAsync(this._oidc, waitMs, numberWait);
|
|
76
76
|
}
|
|
77
77
|
|
|
78
|
-
fetchWithTokens(fetch: Fetch, demonstrating_proof_of_possession:false): Fetch {
|
|
78
|
+
fetchWithTokens(fetch: Fetch, demonstrating_proof_of_possession:boolean = false): Fetch {
|
|
79
79
|
return fetchWithTokens(fetch, this, demonstrating_proof_of_possession);
|
|
80
80
|
}
|
|
81
81
|
|
package/src/version.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export default '7.22.
|
|
1
|
+
export default '7.22.18';
|