npm - @axa-fr/oidc-client - Versions diffs - 7.22.18 → 7.22.19 - Mend

@axa-fr/oidc-client 7.22.18 → 7.22.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

package/README.md +31 -39
package/bin/copy-service-worker-files.mjs +24 -17
package/dist/OidcTrustedDomains.js +14 -12
package/dist/cache.d.ts.map +1 -1
package/dist/checkSession.d.ts +1 -1
package/dist/checkSession.d.ts.map +1 -1
package/dist/checkSessionIFrame.d.ts.map +1 -1
package/dist/crypto.d.ts.map +1 -1
package/dist/fetch.d.ts +2 -1
package/dist/fetch.d.ts.map +1 -1
package/dist/index.d.ts +5 -5
package/dist/index.d.ts.map +1 -1
package/dist/index.js +935 -601
package/dist/index.umd.cjs +2 -2
package/dist/initSession.d.ts +1 -1
package/dist/initSession.d.ts.map +1 -1
package/dist/initWorker.d.ts +2 -2
package/dist/initWorker.d.ts.map +1 -1
package/dist/initWorkerOption.d.ts.map +1 -1
package/dist/jwt.d.ts +2 -2
package/dist/jwt.d.ts.map +1 -1
package/dist/keepSession.d.ts.map +1 -1
package/dist/location.d.ts.map +1 -1
package/dist/login.d.ts +1 -1
package/dist/login.d.ts.map +1 -1
package/dist/logout.d.ts +1 -1
package/dist/logout.d.ts.map +1 -1
package/dist/oidc.d.ts +1 -1
package/dist/oidc.d.ts.map +1 -1
package/dist/oidcClient.d.ts +2 -2
package/dist/oidcClient.d.ts.map +1 -1
package/dist/parseTokens.d.ts.map +1 -1
package/dist/renewTokens.d.ts.map +1 -1
package/dist/requests.d.ts +1 -1
package/dist/requests.d.ts.map +1 -1
package/dist/silentLogin.d.ts.map +1 -1
package/dist/timer.d.ts.map +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.d.ts.map +1 -1
package/dist/user.d.ts.map +1 -1
package/dist/version.d.ts +1 -1
package/package.json +2 -2
package/src/cache.ts +21 -18
package/src/checkSession.ts +89 -54
package/src/checkSessionIFrame.ts +70 -69
package/src/crypto.ts +27 -25
package/src/events.ts +28 -28
package/src/fetch.ts +40 -21
package/src/index.ts +6 -17
package/src/iniWorker.spec.ts +26 -16
package/src/initSession.ts +115 -113
package/src/initWorker.ts +299 -212
package/src/initWorkerOption.ts +121 -114
package/src/jwt.ts +150 -136
package/src/keepSession.ts +100 -81
package/src/location.ts +24 -26
package/src/login.ts +246 -189
package/src/logout.spec.ts +131 -76
package/src/logout.ts +130 -115
package/src/oidc.ts +426 -337
package/src/oidcClient.ts +129 -105
package/src/parseTokens.spec.ts +198 -179
package/src/parseTokens.ts +221 -186
package/src/renewTokens.ts +397 -284
package/src/requests.spec.ts +5 -7
package/src/requests.ts +142 -114
package/src/route-utils.spec.ts +17 -19
package/src/route-utils.ts +29 -26
package/src/silentLogin.ts +145 -127
package/src/timer.ts +10 -11
package/src/types.ts +56 -46
package/src/user.ts +17 -12
package/src/version.ts +1 -1

package/src/oidcClient.ts CHANGED Viewed

@@ -1,122 +1,146 @@
+import { fetchWithTokens } from './fetch';
+import { ILOidcLocation, OidcLocation } from './location';
 import { LoginCallback, Oidc } from './oidc.js';
 import { getValidTokenAsync, Tokens, ValidToken } from './parseTokens.js';
 import { Fetch, OidcConfiguration, StringMap } from './types.js';
-import {ILOidcLocation, OidcLocation} from "./location";
-import {fetchWithTokens} from "./fetch";
 export interface EventSubscriber {
-    (name: string, data:any);
+  (name: string, data: any);
 }
 export class OidcClient {
-    private _oidc: Oidc;
-    constructor(oidc: Oidc) {
-        this._oidc = oidc;
-    }
-    subscribeEvents(func:EventSubscriber):string {
-        return this._oidc.subscribeEvents(func);
-    }
-    removeEventSubscription(id:string):void {
-        this._oidc.removeEventSubscription(id);
-    }
-    publishEvent(eventName:string, data:any) : void {
-        this._oidc.publishEvent(eventName, data);
-    }
-    static getOrCreate = (getFetch : () => Fetch, location:ILOidcLocation= new OidcLocation()) => (configuration:OidcConfiguration, name = 'default'): OidcClient => {
-        return new OidcClient(Oidc.getOrCreate(getFetch, location)(configuration, name));
+  private readonly _oidc: Oidc;
+  constructor(oidc: Oidc) {
+    this._oidc = oidc;
+  }
+  subscribeEvents(func: EventSubscriber): string {
+    return this._oidc.subscribeEvents(func);
+  }
+  removeEventSubscription(id: string): void {
+    this._oidc.removeEventSubscription(id);
+  }
+  publishEvent(eventName: string, data: any): void {
+    this._oidc.publishEvent(eventName, data);
+  }
+  static getOrCreate =
+    (getFetch: () => Fetch, location: ILOidcLocation = new OidcLocation()) =>
+    (configuration: OidcConfiguration, name = 'default'): OidcClient => {
+      return new OidcClient(Oidc.getOrCreate(getFetch, location)(configuration, name));
     };
-    static get(name = 'default'):OidcClient {
-        return new OidcClient(Oidc.get(name));
-    }
-    static eventNames = Oidc.eventNames;
-    tryKeepExistingSessionAsync():Promise<boolean> {
-        return this._oidc.tryKeepExistingSessionAsync();
-    }
-    loginAsync(callbackPath:string = undefined, extras:StringMap = null, isSilentSignin = false, scope:string = undefined, silentLoginOnly = false):Promise<unknown> {
-        return this._oidc.loginAsync(callbackPath, extras, isSilentSignin, scope, silentLoginOnly);
-    }
-    logoutAsync(callbackPathOrUrl: string | null | undefined = undefined, extras: StringMap = null):Promise<void> {
-        return this._oidc.logoutAsync(callbackPathOrUrl, extras);
-    }
-    silentLoginCallbackAsync():Promise<void> {
-        return this._oidc.silentLoginCallbackAsync();
-    }
-    renewTokensAsync(extras:StringMap = null):Promise<void> {
-        return this._oidc.renewTokensAsync(extras);
-    }
-    loginCallbackAsync():Promise<LoginCallback> {
-        return this._oidc.loginCallbackWithAutoTokensRenewAsync();
-    }
-    get tokens():Tokens {
-        return this._oidc.tokens;
-    }
-    get configuration():OidcConfiguration {
-        return this._oidc.configuration;
-    }
-    async generateDemonstrationOfProofOfPossessionAsync(accessToken:string, url:string, method:string, extras:StringMap= {}) : Promise<string> {
-        return this._oidc.generateDemonstrationOfProofOfPossessionAsync(accessToken, url, method, extras);
-    }
-    async getValidTokenAsync(waitMs = 200, numberWait = 50): Promise<ValidToken> {
-        return getValidTokenAsync(this._oidc, waitMs, numberWait);
-    }
-    fetchWithTokens(fetch: Fetch, demonstrating_proof_of_possession:boolean = false): Fetch {
-        return fetchWithTokens(fetch, this, demonstrating_proof_of_possession);
-    }
-    async userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache = false, demonstrating_proof_of_possession:boolean=false):Promise<T> {
-        return this._oidc.userInfoAsync(noCache, demonstrating_proof_of_possession);
-    }
-    userInfo<T extends OidcUserInfo = OidcUserInfo>():T {
-        return this._oidc.userInfo;
-    }
+  static get(name = 'default'): OidcClient {
+    return new OidcClient(Oidc.get(name));
+  }
+  static eventNames = Oidc.eventNames;
+  tryKeepExistingSessionAsync(): Promise<boolean> {
+    return this._oidc.tryKeepExistingSessionAsync();
+  }
+  loginAsync(
+    callbackPath: string = undefined,
+    extras: StringMap = null,
+    isSilentSignin = false,
+    scope: string = undefined,
+    silentLoginOnly = false,
+  ): Promise<unknown> {
+    return this._oidc.loginAsync(callbackPath, extras, isSilentSignin, scope, silentLoginOnly);
+  }
+  logoutAsync(
+    callbackPathOrUrl: string | null | undefined = undefined,
+    extras: StringMap = null,
+  ): Promise<void> {
+    return this._oidc.logoutAsync(callbackPathOrUrl, extras);
+  }
+  silentLoginCallbackAsync(): Promise<void> {
+    return this._oidc.silentLoginCallbackAsync();
+  }
+  renewTokensAsync(extras: StringMap = null): Promise<void> {
+    return this._oidc.renewTokensAsync(extras);
+  }
+  loginCallbackAsync(): Promise<LoginCallback> {
+    return this._oidc.loginCallbackWithAutoTokensRenewAsync();
+  }
+  get tokens(): Tokens {
+    return this._oidc.tokens;
+  }
+  get configuration(): OidcConfiguration {
+    return this._oidc.configuration;
+  }
+  async generateDemonstrationOfProofOfPossessionAsync(
+    accessToken: string,
+    url: string,
+    method: string,
+    extras: StringMap = {},
+  ): Promise<string> {
+    return this._oidc.generateDemonstrationOfProofOfPossessionAsync(
+      accessToken,
+      url,
+      method,
+      extras,
+    );
+  }
+  async getValidTokenAsync(waitMs = 200, numberWait = 50): Promise<ValidToken> {
+    return getValidTokenAsync(this._oidc, waitMs, numberWait);
+  }
+  fetchWithTokens(fetch: Fetch, demonstrating_proof_of_possession: boolean = false): Fetch {
+    return fetchWithTokens(fetch, this._oidc, demonstrating_proof_of_possession);
+  }
+  async userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(
+    noCache = false,
+    demonstrating_proof_of_possession: boolean = false,
+  ): Promise<T> {
+    return this._oidc.userInfoAsync(noCache, demonstrating_proof_of_possession);
+  }
+  userInfo<T extends OidcUserInfo = OidcUserInfo>(): T {
+    return this._oidc.userInfo;
+  }
 }
 export interface OidcUserInfo {
-    sub: string;
-    name?: string;
-    given_name?: string;
-    family_name?: string;
-    middle_name?: string;
-    nickname?: string;
-    preferred_username?: string;
-    profile?: string;
-    picture?: string;
-    website?: string;
-    email?: string;
-    email_verified?: boolean;
-    gender?: string;
-    birthdate?: string;
-    zoneinfo?: string;
-    locale?: string;
-    phone_number?: string;
-    phone_number_verified?: boolean;
-    address?: OidcAddressClaim;
-    updated_at?: number;
-    groups?: string[];
+  sub: string;
+  name?: string;
+  given_name?: string;
+  family_name?: string;
+  middle_name?: string;
+  nickname?: string;
+  preferred_username?: string;
+  profile?: string;
+  picture?: string;
+  website?: string;
+  email?: string;
+  email_verified?: boolean;
+  gender?: string;
+  birthdate?: string;
+  zoneinfo?: string;
+  locale?: string;
+  phone_number?: string;
+  phone_number_verified?: boolean;
+  address?: OidcAddressClaim;
+  updated_at?: number;
+  groups?: string[];
 }
 export interface OidcAddressClaim {
-    formatted?: string;
-    street_address?: string;
-    locality?: string;
-    region?: string;
-    postal_code?: string;
-    country?: string;
+  formatted?: string;
+  street_address?: string;
+  locality?: string;
+  region?: string;
+  postal_code?: string;
+  country?: string;
 }

package/src/parseTokens.spec.ts CHANGED Viewed

@@ -1,193 +1,212 @@
-import { describe, expect,it } from 'vitest';
+import { describe, expect, it } from 'vitest';
+import { sleepAsync } from './initWorker';
 import {
-    getValidTokenAsync,
-    isTokensOidcValid,
-    parseJwt,
-    parseOriginalTokens,
-    setTokens,
-    TokenRenewMode
-} from "./parseTokens";
-import {StringMap, TokenAutomaticRenewMode} from "./types";
-import {sleepAsync} from "./initWorker";
+  getValidTokenAsync,
+  isTokensOidcValid,
+  parseJwt,
+  parseOriginalTokens,
+  setTokens,
+  TokenRenewMode,
+} from './parseTokens';
+import { StringMap, TokenAutomaticRenewMode } from './types';
 describe('ParseTokens test Suite', () => {
-    const currentTimeUnixSecond = new Date().getTime() / 1000;
-    describe.each([
-        [currentTimeUnixSecond + 120, currentTimeUnixSecond - 10, true],
-        [currentTimeUnixSecond - 20, currentTimeUnixSecond - 50, false],
-    ])('getValidTokenAsync', (expiresAt, issuedAt, expectIsValidToken) => {
-        it('should getValidTokenAsync wait and return value', async () => {
-            const oidc = {
-                tokens: {
-                    refreshToken: 'youhou',
-                    idTokenPayload: null,
-                    idToken: 'youhou',
-                    accessTokenPayload: null,
-                    accessToken: 'youhou',
-                    expiresAt,
-                    issuedAt,
-                },
-                configuration: { token_automatic_renew_mode: TokenAutomaticRenewMode.AutomaticBeforeTokenExpiration},
-                renewTokensAsync: async (extras: StringMap) => {
-                    await sleepAsync({milliseconds:10});
-                }
-            };
-            const result = await getValidTokenAsync(oidc, 1, 1);
-            expect(result.isTokensValid).toEqual(expectIsValidToken);
-        });
+  const currentTimeUnixSecond = new Date().getTime() / 1000;
+  describe.each([
+    [currentTimeUnixSecond + 120, currentTimeUnixSecond - 10, true],
+    [currentTimeUnixSecond - 20, currentTimeUnixSecond - 50, false],
+  ])('getValidTokenAsync', (expiresAt, issuedAt, expectIsValidToken) => {
+    it('should getValidTokenAsync wait and return value', async () => {
+      const oidc = {
+        tokens: {
+          refreshToken: 'youhou',
+          idTokenPayload: null,
+          idToken: 'youhou',
+          accessTokenPayload: null,
+          accessToken: 'youhou',
+          expiresAt,
+          issuedAt,
+        },
+        configuration: {
+          token_automatic_renew_mode: TokenAutomaticRenewMode.AutomaticBeforeTokenExpiration,
+        },
+        renewTokensAsync: async (_extras: StringMap) => {
+          await sleepAsync({ milliseconds: 10 });
+        },
+      };
+      const result = await getValidTokenAsync(oidc, 1, 1);
+      expect(result.isTokensValid).toEqual(expectIsValidToken);
     });
+  });
-    describe.each([
-        ["eyJzZXNzaW9uX3N0YXRlIjoiNzVjYzVlZDItZGYyZC00NTY5LWJmYzUtMThhOThlNjhiZTExIiwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoixrTHosOBw6zDhyDlsI_lkI0t44Ob44Or44OYIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdGluZ2NoYXJhY3RlcnNAaW52ZW50ZWRtYWlsLmNvbSIsImdpdmVuX25hbWUiOiLGtMeiw4HDrMOHIiwiZmFtaWx5X25hbWUiOiLlsI_lkI0t44Ob44Or44OYIn0",
-            {
-                "session_state": "75cc5ed2-df2d-4569-bfc5-18a98e68be11",
-                "scope": "openid email profile",
-                "email_verified": true,
-                "name": "ƴǢÁìÇ 小名-ホルヘ",
-                "preferred_username": "testingcharacters@inventedmail.com",
-                "given_name": "ƴǢÁìÇ",
-                "family_name": "小名-ホルヘ"
-            }],
-        [
-            "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCI_IjoiYWE_In0",
-            {
-                "?": "aa?",
-                "iat": 1516239022,
-                "name": "John Doe",
-                "sub": "1234567890",
-            }
-        ]
-    ])('parseJwtShouldExtractData', (claimsPart, expectedResult) => {
-        it('should parseJwtShouldExtractData ', async () => {
-            const result = parseJwt(claimsPart);
-            expect(expectedResult).toStrictEqual(result);
-        });
+  describe.each([
+    [
+      'eyJzZXNzaW9uX3N0YXRlIjoiNzVjYzVlZDItZGYyZC00NTY5LWJmYzUtMThhOThlNjhiZTExIiwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoixrTHosOBw6zDhyDlsI_lkI0t44Ob44Or44OYIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidGVzdGluZ2NoYXJhY3RlcnNAaW52ZW50ZWRtYWlsLmNvbSIsImdpdmVuX25hbWUiOiLGtMeiw4HDrMOHIiwiZmFtaWx5X25hbWUiOiLlsI_lkI0t44Ob44Or44OYIn0',
+      {
+        session_state: '75cc5ed2-df2d-4569-bfc5-18a98e68be11',
+        scope: 'openid email profile',
+        email_verified: true,
+        name: 'ƴǢÁìÇ 小名-ホルヘ',
+        preferred_username: 'testingcharacters@inventedmail.com',
+        given_name: 'ƴǢÁìÇ',
+        family_name: '小名-ホルヘ',
+      },
+    ],
+    [
+      'eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCI_IjoiYWE_In0',
+      {
+        '?': 'aa?',
+        iat: 1516239022,
+        name: 'John Doe',
+        sub: '1234567890',
+      },
+    ],
+  ])('parseJwtShouldExtractData', (claimsPart, expectedResult) => {
+    it('should parseJwtShouldExtractData ', async () => {
+      const result = parseJwt(claimsPart);
+      expect(expectedResult).toStrictEqual(result);
     });
+  });
-        const id_token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjUwNWZkODljLTM4YzktNGI2Mi04ZjQ3LWI4MGQ0ZTNhYjYxNSJ9.eyJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3Q6ODA4MCIsInN1YiI6ImFkbWluIiwiYXVkIjoiM2FTbk5XUGxZQWQwOGVES3c1UUNpSWVMcWpIdHkxTTVzSGFzcDJDZWREcWYzbmJkZm8xUFo1cXhmbWoyaFhkUyIsImV4cCI6MTY5MDk4NzQ1NCwiYXV0aF90aW1lIjoxNjkwOTg2NTUxLCJpYXQiOjE2OTA5ODY1NTQsImFjciI6IjAiLCJhenAiOiIzYVNuTldQbFlBZDA4ZURLdzVRQ2lJZUxxakh0eTFNNXNIYXNwMkNlZERxZjNuYmRmbzFQWjVxeGZtajJoWGRTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGdyb3VwcyBvZmZsaW5lX2FjY2VzcyIsIm5iZiI6MTY5MDk4NjU1NCwianRpIjoiNjMiLCJub25jZSI6ImNpQkVVOTdaVmRWVSIsImdyb3VwcyI6WyJhZG1pbiJdLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsInVwZGF0ZWRfYXQiOjE2OTA5ODY1NDV9.2MUdtQR_QtzDY9BTMctG8C4uvg92DgMIUUoJed2cI7WTd5_VEPFW87esDQLw4snVdAJM1_Wf3wB88B2MXFDMCnMTNn0TMnzetRDiG3xlr2LL-geL5SNgwD0Y6RPK_aITjrC9uiQCTj3LPEENrBulNRZPURwaVon9WUVNuuBmMTKd7QKEuFN0zYDoRs0HnXo6WKnFy1rldLGh_JpA3PBUuXt4VMjfGQ7yYEuNn7MkFVDX6OnTffR8jTQp74hREvuRLFjYxfgfgu547X7yIcboOl81D0ZQlP-gfvBOeypZolRLScuqAA3fHBYvE0vCtOM6ObekfeeTDfms75csMLUuZtTR07x32xYC8vdoFsY0sRpMByTqlhsae9VX_rETJ7PIWEfruojzcj47WN9dG0K3pdPiJHEwZ1CKgZfU_cY0gtuAGaIcIjKL0txXCevaiIiIsrgSU_HTjNVybp4WHSAs3h6x0XLz4_91luCylsaoMQbwKOQNwAfr2L74jF6DOg-8DIPb-WClRQzaQtrkx_iv6FtqCB3ogFoZwi6xljdYUc2EHUmoAo-LXal-QAgUXGGzfFU2YOpxV3RyAbMGPm7PfkMVzDsDJwORJNhh38QQ6o88GgNnV28BT-d2G0n7okc0QC6o2IW0jpyCrI6v0hWOBUX2EqiJ5Wao-4LYZfCaRgU";
-        const refresh_token = "DEsqDca7nDGSgT6tJPkCwbPy98B8VOC4AA55lOPs03G3hqhZ8WH08REBcwTZg1s0jZyVoA3iCXzm4PPJ096gjV7ZKYyN8vnFKw6P6KLV3tUI6mWFaSROoh1LipThFrkS";
-        const access_token = "opqavdgHEYx8nhCdc3iByd1HD0jiYN30LevhJy4f5wIavINXKdh4lQ9C3kA49QF0OH0XeA02";
-        describe.each([
-            [{
-                "access_token": access_token,
-                "token_type": "Bearer",
-                "expires_in": "900", // Here a string instead of a number
-                "refresh_token": refresh_token,
-                "id_token": id_token
-            }],
-            [{
-                "access_token": access_token,
-                "token_type": "Bearer",
-                "expires_in": 900,
-                "refresh_token": refresh_token,
-                "id_token": id_token
-            }],
-            [{
-                "access_token": access_token,
-                "token_type": "Bearer",
-                "expires_in": 900,
-                "expiresAt": 1609987454, // Here expiresAt that come from Service Worker
-                "refresh_token": refresh_token,
-                "id_token": id_token
-            }],
-        ])('getValidTokenAsync', (tokens) => {
-            it('should parseOriginalTokens', async () => {
-                // @ts-ignore
-                const result = parseOriginalTokens(tokens);
-                expect(typeof result.issuedAt).toEqual("number");
-            });
-        });
-    const idTokenPayload = {iss: "toto", exp: currentTimeUnixSecond +900, iat: currentTimeUnixSecond -900, nonce: "nonce"};
-    const oidcServerConfiguration = {issuer:"toto"};
-    const idTokenPayloadExpired = {...idTokenPayload, exp: currentTimeUnixSecond-20};
-    const idTokenPayloadIssuedTooLongTimeAgo = {...idTokenPayload, iat: currentTimeUnixSecond-20000000};
-    describe.each([
-        [idTokenPayload, "nonce", oidcServerConfiguration, true, "success"],
-        [idTokenPayload, "other_nonce", oidcServerConfiguration, false, "bad nonce"],
-        [idTokenPayload, "nonce", {issuer:"tutu"}, false, "different issuer"],
-        [idTokenPayloadExpired, "nonce", oidcServerConfiguration, false, "id token expired issuer"],
-        [idTokenPayloadIssuedTooLongTimeAgo, "nonce", oidcServerConfiguration, false, "id token expired issuer"],
-    ])('isTokensOidcValid', (idTokenPayload, nonce, oidcServerConfiguration, expectIsValidToken, status) => {
-        it('should isTokensOidcValid return ' + status, async () => {
-            const oidc = {
-                idTokenPayload,
-            };
-            const {isValid} = isTokensOidcValid(oidc, nonce, oidcServerConfiguration);
-            expect(isValid).toEqual(expectIsValidToken);
-        });
+  const id_token =
+    'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjUwNWZkODljLTM4YzktNGI2Mi04ZjQ3LWI4MGQ0ZTNhYjYxNSJ9.eyJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3Q6ODA4MCIsInN1YiI6ImFkbWluIiwiYXVkIjoiM2FTbk5XUGxZQWQwOGVES3c1UUNpSWVMcWpIdHkxTTVzSGFzcDJDZWREcWYzbmJkZm8xUFo1cXhmbWoyaFhkUyIsImV4cCI6MTY5MDk4NzQ1NCwiYXV0aF90aW1lIjoxNjkwOTg2NTUxLCJpYXQiOjE2OTA5ODY1NTQsImFjciI6IjAiLCJhenAiOiIzYVNuTldQbFlBZDA4ZURLdzVRQ2lJZUxxakh0eTFNNXNIYXNwMkNlZERxZjNuYmRmbzFQWjVxeGZtajJoWGRTIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGdyb3VwcyBvZmZsaW5lX2FjY2VzcyIsIm5iZiI6MTY5MDk4NjU1NCwianRpIjoiNjMiLCJub25jZSI6ImNpQkVVOTdaVmRWVSIsImdyb3VwcyI6WyJhZG1pbiJdLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsInVwZGF0ZWRfYXQiOjE2OTA5ODY1NDV9.2MUdtQR_QtzDY9BTMctG8C4uvg92DgMIUUoJed2cI7WTd5_VEPFW87esDQLw4snVdAJM1_Wf3wB88B2MXFDMCnMTNn0TMnzetRDiG3xlr2LL-geL5SNgwD0Y6RPK_aITjrC9uiQCTj3LPEENrBulNRZPURwaVon9WUVNuuBmMTKd7QKEuFN0zYDoRs0HnXo6WKnFy1rldLGh_JpA3PBUuXt4VMjfGQ7yYEuNn7MkFVDX6OnTffR8jTQp74hREvuRLFjYxfgfgu547X7yIcboOl81D0ZQlP-gfvBOeypZolRLScuqAA3fHBYvE0vCtOM6ObekfeeTDfms75csMLUuZtTR07x32xYC8vdoFsY0sRpMByTqlhsae9VX_rETJ7PIWEfruojzcj47WN9dG0K3pdPiJHEwZ1CKgZfU_cY0gtuAGaIcIjKL0txXCevaiIiIsrgSU_HTjNVybp4WHSAs3h6x0XLz4_91luCylsaoMQbwKOQNwAfr2L74jF6DOg-8DIPb-WClRQzaQtrkx_iv6FtqCB3ogFoZwi6xljdYUc2EHUmoAo-LXal-QAgUXGGzfFU2YOpxV3RyAbMGPm7PfkMVzDsDJwORJNhh38QQ6o88GgNnV28BT-d2G0n7okc0QC6o2IW0jpyCrI6v0hWOBUX2EqiJ5Wao-4LYZfCaRgU';
+  const refresh_token =
+    'DEsqDca7nDGSgT6tJPkCwbPy98B8VOC4AA55lOPs03G3hqhZ8WH08REBcwTZg1s0jZyVoA3iCXzm4PPJ096gjV7ZKYyN8vnFKw6P6KLV3tUI6mWFaSROoh1LipThFrkS';
+  const access_token = 'opqavdgHEYx8nhCdc3iByd1HD0jiYN30LevhJy4f5wIavINXKdh4lQ9C3kA49QF0OH0XeA02';
+  describe.each([
+    [
+      {
+        access_token: access_token,
+        token_type: 'Bearer',
+        expires_in: '900', // Here a string instead of a number
+        refresh_token: refresh_token,
+        id_token: id_token,
+      },
+    ],
+    [
+      {
+        access_token: access_token,
+        token_type: 'Bearer',
+        expires_in: 900,
+        refresh_token: refresh_token,
+        id_token: id_token,
+      },
+    ],
+    [
+      {
+        access_token: access_token,
+        token_type: 'Bearer',
+        expires_in: 900,
+        expiresAt: 1609987454, // Here expiresAt that come from Service Worker
+        refresh_token: refresh_token,
+        id_token: id_token,
+      },
+    ],
+  ])('getValidTokenAsync', tokens => {
+    it('should parseOriginalTokens', async () => {
+      // @ts-ignore
+      const result = parseOriginalTokens(tokens);
+      expect(typeof result.issuedAt).toEqual('number');
     });
+  });
+  const idTokenPayload = {
+    iss: 'toto',
+    exp: currentTimeUnixSecond + 900,
+    iat: currentTimeUnixSecond - 900,
+    nonce: 'nonce',
+  };
+  const oidcServerConfiguration = { issuer: 'toto' };
+  const idTokenPayloadExpired = { ...idTokenPayload, exp: currentTimeUnixSecond - 20 };
+  const idTokenPayloadIssuedTooLongTimeAgo = {
+    ...idTokenPayload,
+    iat: currentTimeUnixSecond - 20000000,
+  };
-    const testTokens = {
-        "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkMyNTJGOUNBQjc3Q0MxNTQwNTBFMTg1NTk5MjJCMTJGIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2RlbW8uZHVlbmRlc29mdHdhcmUuY29tIiwibmJmIjoxNzA2NTQwMjU4LCJpYXQiOjE3MDY1NDAyNTgsImV4cCI6MTcwNjU0MDU1OCwiYXVkIjoiaW50ZXJhY3RpdmUucHVibGljLnNob3J0IiwiYW1yIjpbInB3ZCJdLCJub25jZSI6IlA5dEo5eGxHZE05NiIsImF0X2hhc2giOiJOWnZhR0dZYlhoelRNWlVxUjlNYk5nIiwic2lkIjoiMzQ1QUJDODhFNkU1MEFGMTI3M0VENDE1QTdGRDZBMjMiLCJzdWIiOiIyIiwiYXV0aF90aW1lIjoxNzA2NTMxNjY1LCJpZHAiOiJsb2NhbCJ9.MVtXrCkshJFBplbOw7az3fdWB1Ewqixb2fuHXpx7KbGWUY6qgT9ijlldeD-ZV7JGA958AKqmGwfNjovAJE89pQsCFKkNft6fRO8eM9qKif6eRUqMMPiQrawARpuJOs1NvJ-SyeRs_jSNLwPVzI8NlZyFWHoyQ4DZnFoQLSQMy5UaHaCtWhC_FrWMFLQvbE3RuMlnJGzrsoMewFyVAZctMCTE1MOI3Akvhe1IGc1hmxzwNg3OkxwzHLinsDlDw8UVn8vX5iNI18GFuyTuJlawOq5OHHJH3LdKQD_RbwRF-9BFjKRZfWzGpdpxTD2lIPf1Irc3U_R6xCNuXYUwzrHp6Q",
-        "access_token": "ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER_default",
-        "expires_in": 75,
-        "token_type": "Bearer",
-        "refresh_token": "REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER_default",
-        "scope": "openid profile email api offline_access",
-        "issued_at": 1706540256.465,
-        "accessTokenPayload": {
-            "iss": "https://demo.duendesoftware.com",
-            "nbf": 1706540258,
-            "iat": 1706540258,
-            "exp": 1706540333,
-            "aud": "api",
-            "scope": [
-                "openid",
-                "profile",
-                "email",
-                "api",
-                "offline_access"
-            ],
-            "amr": [
-                "pwd"
-            ],
-            "client_id": "interactive.public.short",
-            "sub": "2",
-            "auth_time": 1706531665,
-            "idp": "local",
-            "name": "Bob Smith",
-            "email": "BobSmith@email.com",
-            "sid": "345ABC88E6E50AF1273ED415A7FD6A23",
-            "jti": "E3CF3853D77AC90ABC774266CD381C43"
-        },
-        "idTokenPayload": {
-            "iss": "https://demo.duendesoftware.com",
-            "nbf": 1706540258,
-            "iat": 1706540258,
-            "exp": 1706540558,
-            "aud": "interactive.public.short",
-            "amr": [
-                "pwd"
-            ],
-            "nonce": "NONCE_SECURED_BY_OIDC_SERVICE_WORKER_default",
-            "at_hash": "NZvaGGYbXhzTMZUqR9MbNg",
-            "sid": "345ABC88E6E50AF1273ED415A7FD6A23",
-            "sub": "2",
-            "auth_time": 1706531665,
-            "idp": "local"
-        },
-        "expiresAt": 1706540333
-    }
+  describe.each([
+    [idTokenPayload, 'nonce', oidcServerConfiguration, true, 'success'],
+    [idTokenPayload, 'other_nonce', oidcServerConfiguration, false, 'bad nonce'],
+    [idTokenPayload, 'nonce', { issuer: 'tutu' }, false, 'different issuer'],
+    [idTokenPayloadExpired, 'nonce', oidcServerConfiguration, false, 'id token expired issuer'],
+    [
+      idTokenPayloadIssuedTooLongTimeAgo,
+      'nonce',
+      oidcServerConfiguration,
+      false,
+      'id token expired issuer',
+    ],
+  ])(
+    'isTokensOidcValid',
+    (idTokenPayload, nonce, oidcServerConfiguration, expectIsValidToken, status) => {
+      it('should isTokensOidcValid return ' + status, async () => {
+        const oidc = {
+          idTokenPayload,
+        };
+        const { isValid } = isTokensOidcValid(oidc, nonce, oidcServerConfiguration);
+        expect(isValid).toEqual(expectIsValidToken);
+      });
+    },
+  );
+  const testTokens = {
+    id_token:
+      'eyJhbGciOiJSUzI1NiIsImtpZCI6IkMyNTJGOUNBQjc3Q0MxNTQwNTBFMTg1NTk5MjJCMTJGIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2RlbW8uZHVlbmRlc29mdHdhcmUuY29tIiwibmJmIjoxNzA2NTQwMjU4LCJpYXQiOjE3MDY1NDAyNTgsImV4cCI6MTcwNjU0MDU1OCwiYXVkIjoiaW50ZXJhY3RpdmUucHVibGljLnNob3J0IiwiYW1yIjpbInB3ZCJdLCJub25jZSI6IlA5dEo5eGxHZE05NiIsImF0X2hhc2giOiJOWnZhR0dZYlhoelRNWlVxUjlNYk5nIiwic2lkIjoiMzQ1QUJDODhFNkU1MEFGMTI3M0VENDE1QTdGRDZBMjMiLCJzdWIiOiIyIiwiYXV0aF90aW1lIjoxNzA2NTMxNjY1LCJpZHAiOiJsb2NhbCJ9.MVtXrCkshJFBplbOw7az3fdWB1Ewqixb2fuHXpx7KbGWUY6qgT9ijlldeD-ZV7JGA958AKqmGwfNjovAJE89pQsCFKkNft6fRO8eM9qKif6eRUqMMPiQrawARpuJOs1NvJ-SyeRs_jSNLwPVzI8NlZyFWHoyQ4DZnFoQLSQMy5UaHaCtWhC_FrWMFLQvbE3RuMlnJGzrsoMewFyVAZctMCTE1MOI3Akvhe1IGc1hmxzwNg3OkxwzHLinsDlDw8UVn8vX5iNI18GFuyTuJlawOq5OHHJH3LdKQD_RbwRF-9BFjKRZfWzGpdpxTD2lIPf1Irc3U_R6xCNuXYUwzrHp6Q',
+    access_token: 'ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER_default',
+    expires_in: 75,
+    token_type: 'Bearer',
+    refresh_token: 'REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER_default',
+    scope: 'openid profile email api offline_access',
+    issued_at: 1706540256.465,
+    accessTokenPayload: {
+      iss: 'https://demo.duendesoftware.com',
+      nbf: 1706540258,
+      iat: 1706540258,
+      exp: 1706540333,
+      aud: 'api',
+      scope: ['openid', 'profile', 'email', 'api', 'offline_access'],
+      amr: ['pwd'],
+      client_id: 'interactive.public.short',
+      sub: '2',
+      auth_time: 1706531665,
+      idp: 'local',
+      name: 'Bob Smith',
+      email: 'BobSmith@email.com',
+      sid: '345ABC88E6E50AF1273ED415A7FD6A23',
+      jti: 'E3CF3853D77AC90ABC774266CD381C43',
+    },
+    idTokenPayload: {
+      iss: 'https://demo.duendesoftware.com',
+      nbf: 1706540258,
+      iat: 1706540258,
+      exp: 1706540558,
+      aud: 'interactive.public.short',
+      amr: ['pwd'],
+      nonce: 'NONCE_SECURED_BY_OIDC_SERVICE_WORKER_default',
+      at_hash: 'NZvaGGYbXhzTMZUqR9MbNg',
+      sid: '345ABC88E6E50AF1273ED415A7FD6A23',
+      sub: '2',
+      auth_time: 1706531665,
+      idp: 'local',
+    },
+    expiresAt: 1706540333,
+  };
-    describe.each([
-        [testTokens, null, TokenRenewMode.access_token_invalid, () => {}],
-        [testTokens, {testTokens, idTokenPayload: undefined, id_token: undefined}, TokenRenewMode.access_token_invalid, (newTokens:any) => {
-            expect(newTokens.idTokenPayload).toBeDefined();
-            expect(newTokens.id_token).toBeDefined();
-        }],
-    ])('setTokens', (tokens,  oldTokens, tokenRenewMode, validationFunction) => {
-        it('should setTokens return updatedTokens' , async () => {
-            const oidc = {
-                idTokenPayload,
-            };
-            const newTokens = setTokens(tokens, oldTokens, tokenRenewMode);
-            validationFunction(newTokens)
-        });
+  describe.each([
+    [testTokens, null, TokenRenewMode.access_token_invalid, () => {}],
+    [
+      testTokens,
+      { testTokens, idTokenPayload: undefined, id_token: undefined },
+      TokenRenewMode.access_token_invalid,
+      (newTokens: any) => {
+        expect(newTokens.idTokenPayload).toBeDefined();
+        expect(newTokens.id_token).toBeDefined();
+      },
+    ],
+  ])('setTokens', (tokens, oldTokens, tokenRenewMode, validationFunction) => {
+    it('should setTokens return updatedTokens', async () => {
+      const newTokens = setTokens(tokens, oldTokens, tokenRenewMode);
+      validationFunction(newTokens);
     });
+  });
 });