@axa-fr/oidc-client 7.22.18 → 7.22.19

package/README.md

@@ -24,15 +24,14 @@ We provide a wrapper **@axa-fr/react-oidc** for **React** (compatible next.js) a
 - [Hash route](#Hash-route)
 - [Service Worker Support](#service-worker-support)
 
-
 ## About
 
 @axa-fr/oidc-client is:
 
 - **Secure** :
-    - With Demonstrating Proof of Possession (DPoP), your access_token and refresh_token are not usable outside your browser context (big protection) 
-    - With the use of Service Worker, your tokens (refresh_token and/or access_token) are not accessible to the JavaScript client code (if you follow good practices from [`FAQ`](https://github.com/AxaFrance/oidc-client/blob/main/FAQ.md) section)
-    - OIDC using client side Code Credential Grant with pkce only
+  - With Demonstrating Proof of Possession (DPoP), your access_token and refresh_token are not usable outside your browser context (big protection)
+  - With the use of Service Worker, your tokens (refresh_token and/or access_token) are not accessible to the JavaScript client code (if you follow good practices from [`FAQ`](https://github.com/AxaFrance/oidc-client/blob/main/FAQ.md) section)
+  - OIDC using client side Code Credential Grant with pkce only
 - **Lightweight** : Unpacked Size on npm is **274 kB**
 - **Simple**
   - refresh_token and access_token are auto refreshed in background
@@ -48,7 +47,6 @@ We provide a wrapper **@axa-fr/react-oidc** for **React** (compatible next.js) a
 
 The service worker catch **access_token** and **refresh_token** that will never be accessible to the client.
 
-
 ### Getting Started
 
 ```sh
@@ -63,6 +61,7 @@ node ./node_modules/@axa-fr/oidc-client/bin/copy-service-worker-files.mjs public
 ```
 
 WARNING : If you use Service Worker mode, the OidcServiceWorker.js file should always be up to date with the version of the library. You may setup a postinstall script in your package.json file to update it at each npm install. For example :
+
 ```sh
   "scripts": {
     ...
@@ -83,8 +82,8 @@ The only file you should edit is "OidcTrustedDomains.js".
 // Domains used by OIDC server must be also declared here
 const trustedDomains = {
   default: {
-    oidcDomains :["https://demo.duendesoftware.com"], 
-    accessTokenDomains : ["https://www.myapi.com/users"]
+    oidcDomains: ['https://demo.duendesoftware.com'],
+    accessTokenDomains: ['https://www.myapi.com/users'],
   },
 };
 
@@ -92,20 +91,20 @@ const trustedDomains = {
 // Ideal to hide refresh token from client JavaScript, but to retrieve access_token for some
 // scenarios which require it. For example, to send it via websocket connection.
 trustedDomains.config_show_access_token = {
-  oidcDomains :["https://demo.duendesoftware.com"],
-  accessTokenDomains : ["https://www.myapi.com/users"],
+  oidcDomains: ['https://demo.duendesoftware.com'],
+  accessTokenDomains: ['https://www.myapi.com/users'],
   showAccessToken: false,
   // convertAllRequestsToCorsExceptNavigate: false, // default value is false
   // setAccessTokenToNavigateRequests: true, // default value is true
 };
 
 // DPoP (Demonstrating Proof of Possession) will be activated for the following domains
-trustedDomains.config_with_dpop = { 
-     domains: ["https://demo.duendesoftware.com"], 
-     demonstratingProofOfPossession: true,
-     demonstratingProofOfPossessionOnlyWhenDpopHeaderPresent: true, // default value is false, inject DPOP token only when DPOP header is present
-     // Optional, more details bellow
-     /*demonstratingProofOfPossessionConfiguration: {  
+trustedDomains.config_with_dpop = {
+  domains: ['https://demo.duendesoftware.com'],
+  demonstratingProofOfPossession: true,
+  demonstratingProofOfPossessionOnlyWhenDpopHeaderPresent: true, // default value is false, inject DPOP token only when DPOP header is present
+  // Optional, more details bellow
+  /*demonstratingProofOfPossessionConfiguration: {  
       importKeyAlgorithm: {
         name: 'ECDSA',
         namedCurve: 'P-256',
@@ -123,16 +122,16 @@ trustedDomains.config_with_dpop = {
 
 // Setting allowMultiTabLogin to true will enable storing login-specific parameters (state, nonce, code verifier)
 // separately for each tab. This will prevent errors when logins are initiated from multiple tabs.
-trustedDomains.config_multi_tab_login = { 
-    domains: ["https://demo.duendesoftware.com"], 
-    allowMultiTabLogin: true 
+trustedDomains.config_multi_tab_login = {
+  domains: ['https://demo.duendesoftware.com'],
+  allowMultiTabLogin: true,
 };
 ```
 
 The code of the demo :
 
 ```js
-import {OidcClient} from '@axa-fr/oidc-client'
+import { OidcClient } from '@axa-fr/oidc-client';
 
 export const configuration = {
   client_id: 'interactive.public.short',
@@ -142,7 +141,7 @@ export const configuration = {
   authority: 'https://demo.duendesoftware.com',
   service_worker_relative_url: '/OidcServiceWorker.js', // just comment that line to disable service worker mode
   service_worker_only: false,
-  demonstrating_proof_of_possession: false, 
+  demonstrating_proof_of_possession: false,
 };
 
 const href = window.location.href;
@@ -155,14 +154,12 @@ const oidcFetch = oidcClient.fetchWithTokens(fetch);
 // import {OidcLocation} from '@axa-fr/oidc-client'
 // const oidcClient = OidcClient.getOrCreate(() => fetch, new OidcLocation())(configuration);
 
-
-
 console.log(href);
 
 oidcClient.tryKeepExistingSessionAsync().then(() => {
   if (href.includes(configuration.redirect_uri)) {
     oidcClient.loginCallbackAsync().then(() => {
-      window.location.href = "/";
+      window.location.href = '/';
     });
     document.body.innerHTML = `<div>
             <h1>@axa-fr/oidc-client demo</h1>
@@ -174,7 +171,6 @@ oidcClient.tryKeepExistingSessionAsync().then(() => {
   let tokens = oidcClient.tokens;
 
   if (tokens) {
-
     // @ts-ignore
     window.logout = () => oidcClient.logoutAsync();
     document.body.innerHTML = `<div>
@@ -182,19 +178,16 @@ oidcClient.tryKeepExistingSessionAsync().then(() => {
             <button onclick="window.logout()">Logout</button>
             <h2>Authenticated</h2>
             <pre>${JSON.stringify(tokens, null, '\t')}</pre>
-        </div>`
-
+        </div>`;
   } else {
     // @ts-ignore
-    window.login = () => oidcClient.loginAsync("/");
+    window.login = () => oidcClient.loginAsync('/');
     document.body.innerHTML = `<div>
             <h1>@axa-fr/oidc-client demo</h1>
             <button onclick="window.login()">Login</button>
-        </div>`
+        </div>`;
   }
-})
-
-
+});
 ```
 
 ## Configuration
@@ -345,7 +338,7 @@ export class OidcClient {
   /**
    * Starts the OIDC logout process with specified options.
    * @param callbackPathOrUrl The callback path or URL to use after logout.
-   * @param extras Additional parameters to send to the OIDC server during the logout request. 
+   * @param extras Additional parameters to send to the OIDC server during the logout request.
    * {"no_reload:oidc":"true"} to avoid the page reload after logout.
    * you can add extras like {"client_secret:revoke_refresh_token":"secret"} to revoke the refresh token with extra client secret. Any key ending with ":revoke_refresh_token" will be used to revoke the refresh token.
    * you can add extras like {"client_secret:revoke_access_token":"secret"} to revoke the access token with extra client secret. Any key ending with ":revoke_access_token" will be used to revoke the access token.
@@ -451,14 +444,13 @@ More information about OIDC
 
 ```javascript
 export const configurationIdentityServerWithHash = {
-  client_id: "interactive.public.short",
-  redirect_uri: window.location.origin + "#authentication-callback",
-  silent_redirect_uri:
-    window.location.origin + "#authentication-silent-callback",
-  scope: "openid profile email api offline_access",
-  authority: "https://demo.duendesoftware.com",
+  client_id: 'interactive.public.short',
+  redirect_uri: window.location.origin + '#authentication-callback',
+  silent_redirect_uri: window.location.origin + '#authentication-silent-callback',
+  scope: 'openid profile email api offline_access',
+  authority: 'https://demo.duendesoftware.com',
   refresh_time_before_tokens_expiration_in_second: 70,
-  service_worker_relative_url: "/OidcServiceWorker.js",
+  service_worker_relative_url: '/OidcServiceWorker.js',
   service_worker_only: false,
 };
 ```

package/bin/copy-service-worker-files.mjs

@@ -1,18 +1,19 @@
-import path from 'path';
+/* global console, process */
+/* eslint no-console: "off" */
 import fs from 'fs';
+import path from 'path';
 import { fileURLToPath } from 'url';
 
 try {
-
   /**
    * Script to run after npm install
    *
    * Copy selected files to user's directory
    */
-  const script_prefix= 'oidc-client';
+  const script_prefix = 'oidc-client';
 
   const copyFile = async (src, dest, overwrite) => {
-    if(!fileExists(src)) {
+    if (!fileExists(src)) {
       console.log(`[${script_prefix}:skip] file does not exist ${src}`);
       return false;
     }
@@ -24,17 +25,24 @@ try {
     }
     await fs.promises.copyFile(src, dest);
     console.log(`[${script_prefix}:copy] ${dest}`);
-    return true
+    return true;
   };
 
-  const fileExists = (path) => {
+  const fileExists = path => {
     return !!fs.existsSync(path);
   };
 
   const initPath = process.cwd();
   const __dirname = path.dirname(fileURLToPath(import.meta.url));
-  const srcDir = path.join(__dirname, ".." , ".." ,'oidc-client-service-worker', 'dist');
-  const srcDirFallback = path.join(__dirname, "..", 'node_modules', '@axa-fr' ,'oidc-client-service-worker', 'dist');
+  const srcDir = path.join(__dirname, '..', '..', 'oidc-client-service-worker', 'dist');
+  const srcDirFallback = path.join(
+    __dirname,
+    '..',
+    'node_modules',
+    '@axa-fr',
+    'oidc-client-service-worker',
+    'dist',
+  );
   const destinationFolder = process.argv.length >= 3 ? process.argv[2] : 'public';
   const destinationDir = path.join(initPath, destinationFolder);
 
@@ -51,19 +59,18 @@ try {
 
   for await (const file of files) {
     const success = await copyFile(
-        path.join(srcDir, file.fileName),
-        path.join(destinationDir, file.fileName),
-        file.overwrite
+      path.join(srcDir, file.fileName),
+      path.join(destinationDir, file.fileName),
+      file.overwrite,
     );
-    if(!success){
+    if (!success) {
       await copyFile(
-          path.join(srcDirFallback, file.fileName),
-          path.join(destinationDir, file.fileName),
-          file.overwrite
+        path.join(srcDirFallback, file.fileName),
+        path.join(destinationDir, file.fileName),
+        file.overwrite,
       );
     }
   }
-
 } catch (err) {
   console.warn(err);
-}
+}

package/dist/OidcTrustedDomains.js

@@ -5,23 +5,25 @@
 // Domains used by OIDC server must be also declared here
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
 const trustedDomains = {
-    default: ['https://demo.duendesoftware.com', 'https://kdhttps.auth0.com'],
-    config_classic: ['https://demo.duendesoftware.com'],
-    config_without_silent_login: ['https://demo.duendesoftware.com'],
-    config_without_refresh_token: ['https://demo.duendesoftware.com'],
-    config_without_refresh_token_silent_login: ['https://demo.duendesoftware.com'],
-    config_google: ['https://oauth2.googleapis.com', 'https://openidconnect.googleapis.com'],
-    config_with_hash: ['https://demo.duendesoftware.com'],
+  default: ['https://demo.duendesoftware.com', 'https://kdhttps.auth0.com'],
+  config_classic: ['https://demo.duendesoftware.com'],
+  config_without_silent_login: ['https://demo.duendesoftware.com'],
+  config_without_refresh_token: ['https://demo.duendesoftware.com'],
+  config_without_refresh_token_silent_login: ['https://demo.duendesoftware.com'],
+  config_google: ['https://oauth2.googleapis.com', 'https://openidconnect.googleapis.com'],
+  config_with_hash: ['https://demo.duendesoftware.com'],
 };
 
 // Service worker will continue to give access token to the JavaScript client
 // Ideal to hide refresh token from client JavaScript, but to retrieve access_token for some
 // scenarios which require it. For example, to send it via websocket connection.
-trustedDomains.config_show_access_token = { domains : ["https://demo.duendesoftware.com"], showAccessToken: true };
-
+trustedDomains.config_show_access_token = {
+  domains: ['https://demo.duendesoftware.com'],
+  showAccessToken: true,
+};
 
 // This example defines domains used by OIDC server separately from domains to which access tokens will be injected.
 trustedDomains.config_separate_oidc_access_token_domains = {
-    oidcDomains: ["https://demo.duendesoftware.com"],
-    accessTokenDomains: ["https://myapi"]
-};
+  oidcDomains: ['https://demo.duendesoftware.com'],
+  accessTokenDomains: ['https://myapi'],
+};

package/dist/cache.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../src/cache.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,YAAY,uEAexB,CAAC;AAEF,eAAO,MAAM,QAAQ,gEAMpB,CAAC"}
+{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../src/cache.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,YAAY,uEAkBxB,CAAC;AAEF,eAAO,MAAM,QAAQ,gEAMpB,CAAC"}

package/dist/checkSession.d.ts

@@ -1,6 +1,6 @@
 import { CheckSessionIFrame } from './checkSessionIFrame.js';
-import { OidcConfiguration } from './types.js';
 import { default as Oidc } from './oidc';
+import { OidcConfiguration } from './types.js';
 
 export declare const startCheckSessionAsync: (oidc: Oidc, oidcDatabase: any, configuration: OidcConfiguration) => (checkSessionIFrameUri: any, clientId: any, sessionState: any, isSilentSignin?: boolean) => Promise<CheckSessionIFrame>;
 //# sourceMappingURL=checkSession.d.ts.map

package/dist/checkSession.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"checkSession.d.ts","sourceRoot":"","sources":["../src/checkSession.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,IAAI,MAAM,QAAQ,CAAC;AAG1B,eAAO,MAAM,sBAAsB,SAAS,IAAI,gBAAe,GAAG,iBAAiB,iBAAiB,4HAyDnG,CAAC"}
+{"version":3,"file":"checkSession.d.ts","sourceRoot":"","sources":["../src/checkSession.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,IAAI,MAAM,QAAQ,CAAC;AAE1B,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,eAAO,MAAM,sBAAsB,SAC1B,IAAI,gBAAgB,GAAG,iBAAiB,iBAAiB,4HA4F/D,CAAC"}

package/dist/checkSessionIFrame.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"checkSessionIFrame.d.ts","sourceRoot":"","sources":["../src/checkSessionIFrame.ts"],"names":[],"mappings":"AAIA,qBAAa,kBAAkB;IAC3B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAM;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAM;IAChC,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAU;IACvC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoB;IAC3C,OAAO,CAAC,kBAAkB,CAAM;IAChC,OAAO,CAAC,MAAM,CAAS;gBACX,QAAQ,KAAA,EAAE,SAAS,KAAA,EAAE,GAAG,KAAA,EAAE,QAAQ,SAAkB,EAAE,WAAW,UAAO;IAoBpF,IAAI;IAWJ,QAAQ,CAAC,CAAC,KAAA;IAoBV,KAAK,CAAC,aAAa,KAAA;IAUnB,IAAI;CAOP"}
+{"version":3,"file":"checkSessionIFrame.d.ts","sourceRoot":"","sources":["../src/checkSessionIFrame.ts"],"names":[],"mappings":"AAIA,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAM;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAM;IAChC,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAU;IACvC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoB;IAC3C,OAAO,CAAC,kBAAkB,CAAM;IAChC,OAAO,CAAC,MAAM,CAAS;gBACX,QAAQ,KAAA,EAAE,SAAS,KAAA,EAAE,GAAG,KAAA,EAAE,QAAQ,SAAkB,EAAE,WAAW,UAAO;IAoBpF,IAAI;IAWJ,QAAQ,CAAC,CAAC,KAAA;IAkBV,KAAK,CAAC,aAAa,KAAA;IAanB,IAAI;CAOL"}

package/dist/crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAmBA,eAAO,MAAM,cAAc,SAAU,MAAM,WAYxC,CAAC;AAEJ,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,cAQzC;AAED,wBAAgB,mCAAmC,CAAC,IAAI,EAAE,MAAM,GAAE,OAAO,CAAC,MAAM,CAAC,CAMhF;AAED,eAAO,MAAM,oBAAoB,SAAU,MAAM,KAAG,QAAQ,MAAM,CAUjE,CAAC"}
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAkBA,eAAO,MAAM,cAAc,SAAU,MAAM,WAY1C,CAAC;AAEF,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,cAQzC;AAED,wBAAgB,mCAAmC,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CASjF;AAED,eAAO,MAAM,oBAAoB,SAAU,MAAM,KAAG,QAAQ,MAAM,CAUjE,CAAC"}

package/dist/fetch.d.ts

@@ -1,4 +1,5 @@
+import { default as Oidc } from './oidc';
 import { Fetch } from './types';
 
-export declare const fetchWithTokens: (fetch: Fetch, oidcClient: Oidc | null, demonstrating_proof_of_possession?: boolean) => Fetch;
+export declare const fetchWithTokens: (fetch: Fetch, oidc: Oidc | null, demonstrating_proof_of_possession?: boolean) => Fetch;
 //# sourceMappingURL=fetch.d.ts.map

package/dist/fetch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,KAAK,EAAC,MAAM,SAAS,CAAC;AAK9B,eAAO,MAAM,eAAe,UAAW,KAAK,cAAc,IAAI,GAAG,IAAI,sCAAoC,OAAO,KAAU,KA+BzH,CAAC"}
+{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAE1B,OAAO,EAAC,KAAK,EAAqC,MAAM,SAAS,CAAC;AAGlE,eAAO,MAAM,eAAe,UAEjB,KAAK,QACN,IAAI,GAAG,IAAI,sCACkB,OAAO,KACzC,KA6CF,CAAC"}

package/dist/index.d.ts

@@ -1,11 +1,11 @@
+export type { ILOidcLocation } from './location.js';
+export { OidcLocation } from './location.js';
 export { getFetchDefault } from './oidc.js';
+export type { OidcUserInfo } from './oidcClient.js';
+export { OidcClient } from './oidcClient.js';
+export type { Tokens } from './parseTokens.js';
 export { TokenRenewMode } from './parseTokens.js';
 export { getParseQueryStringFromLocation, getPath } from './route-utils';
-export type { Tokens } from './parseTokens.js';
 export type { AuthorityConfiguration, Fetch, OidcConfiguration, StringMap } from './types.js';
-export { OidcLocation } from './location.js';
-export type { ILOidcLocation } from './location.js';
 export { TokenAutomaticRenewMode } from './types.js';
-export { OidcClient } from './oidcClient.js';
-export type { OidcUserInfo } from './oidcClient.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,+BAA+B,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAEzE,YAAY,EACV,MAAM,EACP,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EACV,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EACV,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,YAAY,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,+BAA+B,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACzE,YAAY,EAAE,sBAAsB,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC9F,OAAO,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC"}