@axa-fr/oidc-client 7.22.18 → 7.22.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +31 -39
- package/bin/copy-service-worker-files.mjs +24 -17
- package/dist/OidcTrustedDomains.js +14 -12
- package/dist/cache.d.ts.map +1 -1
- package/dist/checkSession.d.ts +1 -1
- package/dist/checkSession.d.ts.map +1 -1
- package/dist/checkSessionIFrame.d.ts.map +1 -1
- package/dist/crypto.d.ts.map +1 -1
- package/dist/fetch.d.ts +2 -1
- package/dist/fetch.d.ts.map +1 -1
- package/dist/index.d.ts +5 -5
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +935 -601
- package/dist/index.umd.cjs +2 -2
- package/dist/initSession.d.ts +1 -1
- package/dist/initSession.d.ts.map +1 -1
- package/dist/initWorker.d.ts +2 -2
- package/dist/initWorker.d.ts.map +1 -1
- package/dist/initWorkerOption.d.ts.map +1 -1
- package/dist/jwt.d.ts +2 -2
- package/dist/jwt.d.ts.map +1 -1
- package/dist/keepSession.d.ts.map +1 -1
- package/dist/location.d.ts.map +1 -1
- package/dist/login.d.ts +1 -1
- package/dist/login.d.ts.map +1 -1
- package/dist/logout.d.ts +1 -1
- package/dist/logout.d.ts.map +1 -1
- package/dist/oidc.d.ts +1 -1
- package/dist/oidc.d.ts.map +1 -1
- package/dist/oidcClient.d.ts +2 -2
- package/dist/oidcClient.d.ts.map +1 -1
- package/dist/parseTokens.d.ts.map +1 -1
- package/dist/renewTokens.d.ts.map +1 -1
- package/dist/requests.d.ts +1 -1
- package/dist/requests.d.ts.map +1 -1
- package/dist/silentLogin.d.ts.map +1 -1
- package/dist/timer.d.ts.map +1 -1
- package/dist/types.d.ts +1 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/user.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/cache.ts +21 -18
- package/src/checkSession.ts +89 -54
- package/src/checkSessionIFrame.ts +70 -69
- package/src/crypto.ts +27 -25
- package/src/events.ts +28 -28
- package/src/fetch.ts +40 -21
- package/src/index.ts +6 -17
- package/src/iniWorker.spec.ts +26 -16
- package/src/initSession.ts +115 -113
- package/src/initWorker.ts +299 -212
- package/src/initWorkerOption.ts +121 -114
- package/src/jwt.ts +150 -136
- package/src/keepSession.ts +100 -81
- package/src/location.ts +24 -26
- package/src/login.ts +246 -189
- package/src/logout.spec.ts +131 -76
- package/src/logout.ts +130 -115
- package/src/oidc.ts +426 -337
- package/src/oidcClient.ts +129 -105
- package/src/parseTokens.spec.ts +198 -179
- package/src/parseTokens.ts +221 -186
- package/src/renewTokens.ts +397 -284
- package/src/requests.spec.ts +5 -7
- package/src/requests.ts +142 -114
- package/src/route-utils.spec.ts +17 -19
- package/src/route-utils.ts +29 -26
- package/src/silentLogin.ts +145 -127
- package/src/timer.ts +10 -11
- package/src/types.ts +56 -46
- package/src/user.ts +17 -12
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -1,9 +1,27 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
1
|
+
class q {
|
|
2
|
+
open(s) {
|
|
3
|
+
window.location.href = s;
|
|
4
|
+
}
|
|
5
|
+
reload() {
|
|
6
|
+
window.location.reload();
|
|
7
|
+
}
|
|
8
|
+
getCurrentHref() {
|
|
9
|
+
return window.location.href;
|
|
10
|
+
}
|
|
11
|
+
getPath() {
|
|
12
|
+
const s = window.location;
|
|
13
|
+
return s.pathname + (s.search || "") + (s.hash || "");
|
|
14
|
+
}
|
|
15
|
+
getOrigin() {
|
|
16
|
+
return window.origin;
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
const ae = 2e3, D = console;
|
|
20
|
+
class Oe {
|
|
21
|
+
constructor(s, n, t, o = ae, i = !0) {
|
|
22
|
+
this._callback = s, this._client_id = n, this._url = t, this._interval = o || ae, this._stopOnError = i;
|
|
5
23
|
const r = t.indexOf("/", t.indexOf("//") + 2);
|
|
6
|
-
this._frame_origin = t.
|
|
24
|
+
this._frame_origin = t.substring(0, r), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = t;
|
|
7
25
|
}
|
|
8
26
|
load() {
|
|
9
27
|
return new Promise((s) => {
|
|
@@ -18,7 +36,10 @@ class Pe {
|
|
|
18
36
|
start(s) {
|
|
19
37
|
D.debug("CheckSessionIFrame.start :" + s), this.stop();
|
|
20
38
|
const n = () => {
|
|
21
|
-
this._frame.contentWindow.postMessage(
|
|
39
|
+
this._frame.contentWindow.postMessage(
|
|
40
|
+
this._client_id + " " + s,
|
|
41
|
+
this._frame_origin
|
|
42
|
+
);
|
|
22
43
|
};
|
|
23
44
|
n(), this._timer = window.setInterval(n, this._interval);
|
|
24
45
|
}
|
|
@@ -56,67 +77,70 @@ const m = {
|
|
|
56
77
|
syncTokensAsync_error: "syncTokensAsync_error",
|
|
57
78
|
tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
|
|
58
79
|
}, O = (e, s = sessionStorage) => {
|
|
59
|
-
const n = (
|
|
80
|
+
const n = (y) => (s[`oidc.${e}`] = JSON.stringify({ tokens: null, status: y }), Promise.resolve()), t = async () => {
|
|
60
81
|
if (!s[`oidc.${e}`])
|
|
61
82
|
return s[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
|
|
62
|
-
const
|
|
63
|
-
return Promise.resolve({ tokens:
|
|
64
|
-
}, o = (
|
|
65
|
-
s[`oidc.${e}`] = JSON.stringify({ tokens:
|
|
66
|
-
}, i = async (
|
|
67
|
-
s[`oidc.session_state.${e}`] =
|
|
68
|
-
}, r = async () => s[`oidc.session_state.${e}`], a = (
|
|
69
|
-
s[`oidc.nonce.${e}`] =
|
|
70
|
-
},
|
|
71
|
-
s[`oidc.jwk.${e}`] = JSON.stringify(
|
|
72
|
-
},
|
|
73
|
-
s[`oidc.dpop_nonce.${e}`] =
|
|
74
|
-
}, _ = () => s[`oidc.dpop_nonce.${e}`],
|
|
75
|
-
let g = {};
|
|
83
|
+
const y = JSON.parse(s[`oidc.${e}`]);
|
|
84
|
+
return Promise.resolve({ tokens: y.tokens, status: y.status });
|
|
85
|
+
}, o = (y) => {
|
|
86
|
+
s[`oidc.${e}`] = JSON.stringify({ tokens: y });
|
|
87
|
+
}, i = async (y) => {
|
|
88
|
+
s[`oidc.session_state.${e}`] = y;
|
|
89
|
+
}, r = async () => s[`oidc.session_state.${e}`], a = (y) => {
|
|
90
|
+
s[`oidc.nonce.${e}`] = y.nonce;
|
|
91
|
+
}, u = (y) => {
|
|
92
|
+
s[`oidc.jwk.${e}`] = JSON.stringify(y);
|
|
93
|
+
}, d = () => JSON.parse(s[`oidc.jwk.${e}`]), l = async () => ({ nonce: s[`oidc.nonce.${e}`] }), c = async (y) => {
|
|
94
|
+
s[`oidc.dpop_nonce.${e}`] = y;
|
|
95
|
+
}, _ = () => s[`oidc.dpop_nonce.${e}`], h = () => s[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(s[`oidc.${e}`]).tokens }) : null, g = {};
|
|
76
96
|
return {
|
|
77
97
|
clearAsync: n,
|
|
78
98
|
initAsync: t,
|
|
79
99
|
setTokens: o,
|
|
80
|
-
getTokens:
|
|
100
|
+
getTokens: h,
|
|
81
101
|
setSessionStateAsync: i,
|
|
82
102
|
getSessionStateAsync: r,
|
|
83
103
|
setNonceAsync: a,
|
|
84
|
-
getNonceAsync:
|
|
85
|
-
setLoginParams: (
|
|
86
|
-
g[e] =
|
|
104
|
+
getNonceAsync: l,
|
|
105
|
+
setLoginParams: (y) => {
|
|
106
|
+
g[e] = y, s[`oidc.login.${e}`] = JSON.stringify(y);
|
|
87
107
|
},
|
|
88
108
|
getLoginParams: () => {
|
|
89
|
-
const
|
|
90
|
-
return
|
|
109
|
+
const y = s[`oidc.login.${e}`];
|
|
110
|
+
return y ? (g[e] || (g[e] = JSON.parse(y)), g[e]) : (console.warn(
|
|
111
|
+
`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`
|
|
112
|
+
), null);
|
|
91
113
|
},
|
|
92
114
|
getStateAsync: async () => s[`oidc.state.${e}`],
|
|
93
|
-
setStateAsync: async (
|
|
94
|
-
s[`oidc.state.${e}`] =
|
|
115
|
+
setStateAsync: async (y) => {
|
|
116
|
+
s[`oidc.state.${e}`] = y;
|
|
95
117
|
},
|
|
96
118
|
getCodeVerifierAsync: async () => s[`oidc.code_verifier.${e}`],
|
|
97
|
-
setCodeVerifierAsync: async (
|
|
98
|
-
s[`oidc.code_verifier.${e}`] =
|
|
119
|
+
setCodeVerifierAsync: async (y) => {
|
|
120
|
+
s[`oidc.code_verifier.${e}`] = y;
|
|
99
121
|
},
|
|
100
122
|
setDemonstratingProofOfPossessionNonce: c,
|
|
101
123
|
getDemonstratingProofOfPossessionNonce: _,
|
|
102
|
-
setDemonstratingProofOfPossessionJwkAsync:
|
|
103
|
-
getDemonstratingProofOfPossessionJwkAsync:
|
|
124
|
+
setDemonstratingProofOfPossessionJwkAsync: u,
|
|
125
|
+
getDemonstratingProofOfPossessionJwkAsync: d
|
|
104
126
|
};
|
|
105
127
|
};
|
|
106
128
|
var V = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(V || {});
|
|
107
|
-
const
|
|
129
|
+
const Ie = (e) => decodeURIComponent(
|
|
130
|
+
Array.prototype.map.call(atob(e), (s) => "%" + ("00" + s.charCodeAt(0).toString(16)).slice(-2)).join("")
|
|
131
|
+
), Ce = (e) => JSON.parse(Ie(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), ce = (e) => {
|
|
108
132
|
try {
|
|
109
|
-
return e &&
|
|
133
|
+
return e && Ne(e, ".") === 2 ? Ce(e.split(".")[1]) : null;
|
|
110
134
|
} catch (s) {
|
|
111
135
|
console.warn(s);
|
|
112
136
|
}
|
|
113
137
|
return null;
|
|
114
|
-
},
|
|
138
|
+
}, Ne = (e, s) => e.split(s).length - 1, Z = {
|
|
115
139
|
access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
|
|
116
140
|
access_token_invalid: "access_token_invalid",
|
|
117
141
|
id_token_invalid: "id_token_invalid"
|
|
118
142
|
};
|
|
119
|
-
function
|
|
143
|
+
function xe(e, s, n) {
|
|
120
144
|
if (e.issuedAt) {
|
|
121
145
|
if (typeof e.issuedAt == "string")
|
|
122
146
|
return parseInt(e.issuedAt, 10);
|
|
@@ -129,19 +153,25 @@ const X = (e, s = null, n) => {
|
|
|
129
153
|
return null;
|
|
130
154
|
let t;
|
|
131
155
|
const o = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
|
|
132
|
-
e.accessTokenPayload !== void 0 ? t = e.accessTokenPayload : t =
|
|
156
|
+
e.accessTokenPayload !== void 0 ? t = e.accessTokenPayload : t = ce(e.accessToken);
|
|
133
157
|
let i;
|
|
134
158
|
s != null && "idToken" in s && !("idToken" in e) ? i = s.idToken : i = e.idToken;
|
|
135
|
-
const r = e.idTokenPayload ? e.idTokenPayload :
|
|
136
|
-
e.issuedAt =
|
|
137
|
-
let
|
|
138
|
-
e.expiresAt ?
|
|
139
|
-
const
|
|
159
|
+
const r = e.idTokenPayload ? e.idTokenPayload : ce(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, u = t && t.exp ? t.exp : e.issuedAt + o;
|
|
160
|
+
e.issuedAt = xe(e, t, r);
|
|
161
|
+
let d;
|
|
162
|
+
e.expiresAt ? d = e.expiresAt : n === Z.access_token_invalid ? d = u : n === Z.id_token_invalid ? d = a : d = a < u ? a : u;
|
|
163
|
+
const l = {
|
|
164
|
+
...e,
|
|
165
|
+
idTokenPayload: r,
|
|
166
|
+
accessTokenPayload: t,
|
|
167
|
+
expiresAt: d,
|
|
168
|
+
idToken: i
|
|
169
|
+
};
|
|
140
170
|
if (s != null && "refreshToken" in s && !("refreshToken" in e)) {
|
|
141
171
|
const c = s.refreshToken;
|
|
142
|
-
return { ...
|
|
172
|
+
return { ...l, refreshToken: c };
|
|
143
173
|
}
|
|
144
|
-
return
|
|
174
|
+
return l;
|
|
145
175
|
}, oe = (e, s, n) => {
|
|
146
176
|
if (!e)
|
|
147
177
|
return null;
|
|
@@ -161,11 +191,11 @@ const X = (e, s = null, n) => {
|
|
|
161
191
|
}, U = (e, s) => {
|
|
162
192
|
const n = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = s - n;
|
|
163
193
|
return Math.round(t - e);
|
|
164
|
-
},
|
|
194
|
+
}, le = (e) => e ? U(0, e.expiresAt) > 0 : !1, ke = async (e, s = 200, n = 50) => {
|
|
165
195
|
let t = n;
|
|
166
196
|
if (!e.tokens)
|
|
167
197
|
return null;
|
|
168
|
-
for (; !
|
|
198
|
+
for (; !le(e.tokens) && t > 0; ) {
|
|
169
199
|
if (e.configuration.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted) {
|
|
170
200
|
await e.renewTokensAsync({});
|
|
171
201
|
break;
|
|
@@ -174,23 +204,35 @@ const X = (e, s = null, n) => {
|
|
|
174
204
|
t = t - 1;
|
|
175
205
|
}
|
|
176
206
|
return {
|
|
177
|
-
isTokensValid:
|
|
207
|
+
isTokensValid: le(e.tokens),
|
|
178
208
|
tokens: e.tokens,
|
|
179
209
|
numberWaited: t - n
|
|
180
210
|
};
|
|
181
|
-
},
|
|
211
|
+
}, me = (e, s, n) => {
|
|
182
212
|
if (e.idTokenPayload) {
|
|
183
213
|
const t = e.idTokenPayload;
|
|
184
214
|
if (n.issuer !== t.iss)
|
|
185
|
-
return {
|
|
215
|
+
return {
|
|
216
|
+
isValid: !1,
|
|
217
|
+
reason: `Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${t.iss}`
|
|
218
|
+
};
|
|
186
219
|
const o = (/* @__PURE__ */ new Date()).getTime() / 1e3;
|
|
187
220
|
if (t.exp && t.exp < o)
|
|
188
|
-
return {
|
|
221
|
+
return {
|
|
222
|
+
isValid: !1,
|
|
223
|
+
reason: `Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`
|
|
224
|
+
};
|
|
189
225
|
const i = 60 * 60 * 24 * 7;
|
|
190
226
|
if (t.iat && t.iat + i < o)
|
|
191
|
-
return {
|
|
227
|
+
return {
|
|
228
|
+
isValid: !1,
|
|
229
|
+
reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat + i} < (currentTimeUnixSecond) ${o}`
|
|
230
|
+
};
|
|
192
231
|
if (t.nonce && t.nonce !== s)
|
|
193
|
-
return {
|
|
232
|
+
return {
|
|
233
|
+
isValid: !1,
|
|
234
|
+
reason: `Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${s}`
|
|
235
|
+
};
|
|
194
236
|
}
|
|
195
237
|
return { isValid: !0, reason: "" };
|
|
196
238
|
}, M = function() {
|
|
@@ -201,28 +243,31 @@ const X = (e, s = null, n) => {
|
|
|
201
243
|
setInterval: setInterval.bind(e),
|
|
202
244
|
clearInterval: clearInterval.bind(e)
|
|
203
245
|
};
|
|
204
|
-
}(),
|
|
205
|
-
let
|
|
206
|
-
const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)),
|
|
246
|
+
}(), ue = "7.22.19";
|
|
247
|
+
let _e = null, j;
|
|
248
|
+
const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe = (e = "/") => {
|
|
207
249
|
try {
|
|
208
|
-
|
|
250
|
+
j = new AbortController(), fetch(
|
|
251
|
+
`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,
|
|
252
|
+
{ signal: j.signal }
|
|
253
|
+
).catch((t) => {
|
|
209
254
|
console.log(t);
|
|
210
|
-
}), z({ milliseconds: 150 * 1e3 }).then(
|
|
255
|
+
}), z({ milliseconds: 150 * 1e3 }).then(pe);
|
|
211
256
|
} catch (s) {
|
|
212
257
|
console.log(s);
|
|
213
258
|
}
|
|
214
|
-
},
|
|
215
|
-
|
|
216
|
-
},
|
|
259
|
+
}, We = () => {
|
|
260
|
+
j && j.abort();
|
|
261
|
+
}, Le = (e = "/") => fetch(`${e}OidcKeepAliveServiceWorker.json`, {
|
|
217
262
|
headers: {
|
|
218
263
|
"oidc-vanilla": "true"
|
|
219
264
|
}
|
|
220
265
|
}).then((s) => s.statusText === "oidc-service-worker").catch((s) => {
|
|
221
266
|
console.log(s);
|
|
222
|
-
}),
|
|
267
|
+
}), De = (e) => async (s, n) => {
|
|
223
268
|
n(), await s.update();
|
|
224
269
|
const t = await s.unregister();
|
|
225
|
-
console.log(`Service worker
|
|
270
|
+
console.log(`Service worker unregistration ${t ? "successful" : "failed"}`), await z({ milliseconds: 2e3 }), e.reload();
|
|
226
271
|
}, P = (e) => (s) => new Promise(function(n, t) {
|
|
227
272
|
const o = new MessageChannel();
|
|
228
273
|
o.port1.onmessage = function(i) {
|
|
@@ -230,9 +275,9 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), me =
|
|
|
230
275
|
}, e.active.postMessage(s, [o.port2]);
|
|
231
276
|
}), I = async (e, s) => {
|
|
232
277
|
const n = () => {
|
|
233
|
-
const
|
|
234
|
-
if (
|
|
235
|
-
return
|
|
278
|
+
const f = sessionStorage.getItem(`oidc.tabId.${s}`);
|
|
279
|
+
if (f)
|
|
280
|
+
return f;
|
|
236
281
|
const p = globalThis.crypto.randomUUID();
|
|
237
282
|
return sessionStorage.setItem(`oidc.tabId.${s}`, p), p;
|
|
238
283
|
}, t = e.service_worker_relative_url;
|
|
@@ -245,97 +290,155 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), me =
|
|
|
245
290
|
} catch {
|
|
246
291
|
return null;
|
|
247
292
|
}
|
|
248
|
-
const i = async (
|
|
293
|
+
const i = async (f) => P(o)({ type: "clear", data: { status: f }, configurationName: s }), r = async (f, p, T) => {
|
|
249
294
|
const L = await P(o)({
|
|
250
295
|
type: "init",
|
|
251
296
|
data: {
|
|
252
|
-
oidcServerConfiguration:
|
|
297
|
+
oidcServerConfiguration: f,
|
|
253
298
|
where: p,
|
|
254
299
|
oidcConfiguration: {
|
|
255
|
-
token_renew_mode:
|
|
256
|
-
service_worker_convert_all_requests_to_cors:
|
|
300
|
+
token_renew_mode: T.token_renew_mode,
|
|
301
|
+
service_worker_convert_all_requests_to_cors: T.service_worker_convert_all_requests_to_cors
|
|
257
302
|
}
|
|
258
303
|
},
|
|
259
304
|
configurationName: s,
|
|
260
305
|
tabId: n()
|
|
261
306
|
}), v = L.version;
|
|
262
|
-
return v !==
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
307
|
+
return v !== ue && (console.warn(
|
|
308
|
+
`Service worker ${v} version mismatch with js client version ${ue}, unregistering and reloading`
|
|
309
|
+
), await T.service_worker_update_require_callback(o, We)), {
|
|
310
|
+
tokens: oe(L.tokens, null, T.token_renew_mode),
|
|
311
|
+
status: L.status
|
|
312
|
+
};
|
|
313
|
+
}, a = (f = "/") => {
|
|
314
|
+
_e == null && (_e = "not_null", pe(f));
|
|
315
|
+
}, u = (f) => P(o)({
|
|
316
|
+
type: "setSessionState",
|
|
317
|
+
data: { sessionState: f },
|
|
318
|
+
configurationName: s
|
|
319
|
+
}), d = async () => (await P(o)({
|
|
320
|
+
type: "getSessionState",
|
|
321
|
+
data: null,
|
|
322
|
+
configurationName: s
|
|
323
|
+
})).sessionState, l = (f) => {
|
|
266
324
|
const p = n();
|
|
267
|
-
return sessionStorage[`oidc.nonce.${s}`] =
|
|
325
|
+
return sessionStorage[`oidc.nonce.${s}`] = f.nonce, P(o)({
|
|
326
|
+
type: "setNonce",
|
|
327
|
+
data: { nonce: f },
|
|
328
|
+
configurationName: s,
|
|
329
|
+
tabId: p
|
|
330
|
+
});
|
|
268
331
|
}, c = async () => {
|
|
269
|
-
const
|
|
270
|
-
let
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
332
|
+
const f = n();
|
|
333
|
+
let T = (await P(o)({
|
|
334
|
+
type: "getNonce",
|
|
335
|
+
data: null,
|
|
336
|
+
configurationName: s,
|
|
337
|
+
tabId: f
|
|
338
|
+
})).nonce;
|
|
339
|
+
return T || (T = sessionStorage[`oidc.nonce.${s}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: T };
|
|
340
|
+
}, _ = {};
|
|
274
341
|
return {
|
|
275
342
|
clearAsync: i,
|
|
276
343
|
initAsync: r,
|
|
277
344
|
startKeepAliveServiceWorker: () => a(e.service_worker_keep_alive_path),
|
|
278
|
-
isServiceWorkerProxyActiveAsync: () =>
|
|
279
|
-
setSessionStateAsync:
|
|
280
|
-
getSessionStateAsync:
|
|
281
|
-
setNonceAsync:
|
|
345
|
+
isServiceWorkerProxyActiveAsync: () => Le(e.service_worker_keep_alive_path),
|
|
346
|
+
setSessionStateAsync: u,
|
|
347
|
+
getSessionStateAsync: d,
|
|
348
|
+
setNonceAsync: l,
|
|
282
349
|
getNonceAsync: c,
|
|
283
|
-
setLoginParams: (
|
|
284
|
-
_[s] =
|
|
350
|
+
setLoginParams: (f) => {
|
|
351
|
+
_[s] = f, localStorage[`oidc.login.${s}`] = JSON.stringify(f);
|
|
285
352
|
},
|
|
286
353
|
getLoginParams: () => {
|
|
287
|
-
const
|
|
288
|
-
return _[s] || (_[s] = JSON.parse(
|
|
354
|
+
const f = localStorage[`oidc.login.${s}`];
|
|
355
|
+
return _[s] || (_[s] = JSON.parse(f)), _[s];
|
|
289
356
|
},
|
|
290
357
|
getStateAsync: async () => {
|
|
291
|
-
const
|
|
292
|
-
let
|
|
293
|
-
|
|
358
|
+
const f = n();
|
|
359
|
+
let T = (await P(o)({
|
|
360
|
+
type: "getState",
|
|
361
|
+
data: null,
|
|
362
|
+
configurationName: s,
|
|
363
|
+
tabId: f
|
|
364
|
+
})).state;
|
|
365
|
+
return T || (T = sessionStorage[`oidc.state.${s}`], console.warn("state not found in service worker, using sessionStorage")), T;
|
|
294
366
|
},
|
|
295
|
-
setStateAsync: async (
|
|
367
|
+
setStateAsync: async (f) => {
|
|
296
368
|
const p = n();
|
|
297
|
-
return sessionStorage[`oidc.state.${s}`] =
|
|
369
|
+
return sessionStorage[`oidc.state.${s}`] = f, P(o)({
|
|
370
|
+
type: "setState",
|
|
371
|
+
data: { state: f },
|
|
372
|
+
configurationName: s,
|
|
373
|
+
tabId: p
|
|
374
|
+
});
|
|
298
375
|
},
|
|
299
376
|
getCodeVerifierAsync: async () => {
|
|
300
|
-
const
|
|
301
|
-
let
|
|
302
|
-
|
|
377
|
+
const f = n();
|
|
378
|
+
let T = (await P(o)({
|
|
379
|
+
type: "getCodeVerifier",
|
|
380
|
+
data: null,
|
|
381
|
+
configurationName: s,
|
|
382
|
+
tabId: f
|
|
383
|
+
})).codeVerifier;
|
|
384
|
+
return T || (T = sessionStorage[`oidc.code_verifier.${s}`], console.warn("codeVerifier not found in service worker, using sessionStorage")), T;
|
|
303
385
|
},
|
|
304
|
-
setCodeVerifierAsync: async (
|
|
386
|
+
setCodeVerifierAsync: async (f) => {
|
|
305
387
|
const p = n();
|
|
306
|
-
return sessionStorage[`oidc.code_verifier.${s}`] =
|
|
388
|
+
return sessionStorage[`oidc.code_verifier.${s}`] = f, P(o)({
|
|
389
|
+
type: "setCodeVerifier",
|
|
390
|
+
data: { codeVerifier: f },
|
|
391
|
+
configurationName: s,
|
|
392
|
+
tabId: p
|
|
393
|
+
});
|
|
307
394
|
},
|
|
308
|
-
setDemonstratingProofOfPossessionNonce: async (
|
|
309
|
-
await P(o)({
|
|
395
|
+
setDemonstratingProofOfPossessionNonce: async (f) => {
|
|
396
|
+
await P(o)({
|
|
397
|
+
type: "setDemonstratingProofOfPossessionNonce",
|
|
398
|
+
data: { demonstratingProofOfPossessionNonce: f },
|
|
399
|
+
configurationName: s
|
|
400
|
+
});
|
|
310
401
|
},
|
|
311
|
-
getDemonstratingProofOfPossessionNonce: async () => (await P(o)({
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
402
|
+
getDemonstratingProofOfPossessionNonce: async () => (await P(o)({
|
|
403
|
+
type: "getDemonstratingProofOfPossessionNonce",
|
|
404
|
+
data: null,
|
|
405
|
+
configurationName: s
|
|
406
|
+
})).demonstratingProofOfPossessionNonce,
|
|
407
|
+
setDemonstratingProofOfPossessionJwkAsync: async (f) => {
|
|
408
|
+
const p = JSON.stringify(f);
|
|
409
|
+
await P(o)({
|
|
410
|
+
type: "setDemonstratingProofOfPossessionJwk",
|
|
411
|
+
data: { demonstratingProofOfPossessionJwkJson: p },
|
|
412
|
+
configurationName: s
|
|
413
|
+
});
|
|
315
414
|
},
|
|
316
415
|
getDemonstratingProofOfPossessionJwkAsync: async () => {
|
|
317
|
-
const
|
|
318
|
-
|
|
416
|
+
const f = await P(o)({
|
|
417
|
+
type: "getDemonstratingProofOfPossessionJwk",
|
|
418
|
+
data: null,
|
|
419
|
+
configurationName: s
|
|
420
|
+
});
|
|
421
|
+
return f.demonstratingProofOfPossessionJwkJson ? JSON.parse(f.demonstratingProofOfPossessionJwkJson) : null;
|
|
319
422
|
}
|
|
320
423
|
};
|
|
321
|
-
}, R = {},
|
|
424
|
+
}, R = {}, Re = (e, s = window.sessionStorage, n) => {
|
|
322
425
|
if (!R[e] && s) {
|
|
323
426
|
const o = s.getItem(e);
|
|
324
427
|
o && (R[e] = JSON.parse(o));
|
|
325
428
|
}
|
|
326
429
|
const t = 1e3 * n;
|
|
327
430
|
return R[e] && R[e].timestamp + t > Date.now() ? R[e].result : null;
|
|
328
|
-
},
|
|
431
|
+
}, $e = (e, s, n = window.sessionStorage) => {
|
|
329
432
|
const t = Date.now();
|
|
330
433
|
R[e] = { result: s, timestamp: t }, n && n.setItem(e, JSON.stringify({ result: s, timestamp: t }));
|
|
331
434
|
};
|
|
332
|
-
function
|
|
435
|
+
function we(e) {
|
|
333
436
|
return new TextEncoder().encode(e);
|
|
334
437
|
}
|
|
335
|
-
function
|
|
438
|
+
function Ae(e) {
|
|
336
439
|
return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
|
|
337
440
|
}
|
|
338
|
-
function
|
|
441
|
+
function Ke(e) {
|
|
339
442
|
return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g, function(n, t) {
|
|
340
443
|
return String.fromCharCode(parseInt(t, 16));
|
|
341
444
|
});
|
|
@@ -344,12 +447,12 @@ const ie = (e) => {
|
|
|
344
447
|
let s = "";
|
|
345
448
|
return e.forEach(function(n) {
|
|
346
449
|
s += String.fromCharCode(n);
|
|
347
|
-
}),
|
|
450
|
+
}), Ae(s);
|
|
348
451
|
};
|
|
349
|
-
function
|
|
350
|
-
return
|
|
452
|
+
function fe(e) {
|
|
453
|
+
return Ae(Ke(e));
|
|
351
454
|
}
|
|
352
|
-
const
|
|
455
|
+
const Ue = {
|
|
353
456
|
importKeyAlgorithm: {
|
|
354
457
|
name: "ECDSA",
|
|
355
458
|
namedCurve: "P-256",
|
|
@@ -362,7 +465,7 @@ const Ke = {
|
|
|
362
465
|
},
|
|
363
466
|
digestAlgorithm: { name: "SHA-256" },
|
|
364
467
|
jwtHeaderAlgorithm: "ES256"
|
|
365
|
-
},
|
|
468
|
+
}, Fe = (e) => async (s, n, t, o, i = "dpop+jwt") => {
|
|
366
469
|
switch (s = Object.assign({}, s), n.typ = i, n.alg = o.jwtHeaderAlgorithm, n.alg) {
|
|
367
470
|
case "ES256":
|
|
368
471
|
n.jwk = { kty: s.kty, crv: s.crv, x: s.x, y: s.y };
|
|
@@ -376,24 +479,22 @@ const Ke = {
|
|
|
376
479
|
const r = {
|
|
377
480
|
// @ts-ignore
|
|
378
481
|
// JWT "headers" really means JWS "protected headers"
|
|
379
|
-
protected:
|
|
482
|
+
protected: fe(JSON.stringify(n)),
|
|
380
483
|
// @ts-ignore
|
|
381
484
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
382
|
-
payload:
|
|
383
|
-
}, a = o.importKeyAlgorithm,
|
|
384
|
-
return r.signature = ie(new Uint8Array(
|
|
385
|
-
}
|
|
386
|
-
var Fe = { sign: Ue };
|
|
387
|
-
const Ve = (e) => async (s) => {
|
|
485
|
+
payload: fe(JSON.stringify(t))
|
|
486
|
+
}, a = o.importKeyAlgorithm, u = !0, d = ["sign"], l = await e.crypto.subtle.importKey("jwk", s, a, u, d), c = we(`${r.protected}.${r.payload}`), _ = o.signAlgorithm, h = await e.crypto.subtle.sign(_, l, c);
|
|
487
|
+
return r.signature = ie(new Uint8Array(h)), `${r.protected}.${r.payload}.${r.signature}`;
|
|
488
|
+
}, Ve = { sign: Fe }, Je = (e) => async (s) => {
|
|
388
489
|
const n = s, t = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(n, t, o);
|
|
389
490
|
return await e.crypto.subtle.exportKey("jwk", i.privateKey);
|
|
390
|
-
},
|
|
491
|
+
}, Me = (e) => {
|
|
391
492
|
const s = Object.assign({}, e);
|
|
392
493
|
return delete s.d, s.key_ops = ["verify"], s;
|
|
393
|
-
},
|
|
394
|
-
generate:
|
|
395
|
-
neuter:
|
|
396
|
-
},
|
|
494
|
+
}, Be = {
|
|
495
|
+
generate: Je,
|
|
496
|
+
neuter: Me
|
|
497
|
+
}, He = (e) => async (s, n) => {
|
|
397
498
|
let t;
|
|
398
499
|
switch (s.kty) {
|
|
399
500
|
case "EC":
|
|
@@ -405,30 +506,36 @@ const Ve = (e) => async (s) => {
|
|
|
405
506
|
default:
|
|
406
507
|
throw new Error("Unknown or not implemented JWK type");
|
|
407
508
|
}
|
|
408
|
-
const o = await e.crypto.subtle.digest(n,
|
|
509
|
+
const o = await e.crypto.subtle.digest(n, we(t));
|
|
409
510
|
return ie(new Uint8Array(o));
|
|
410
|
-
}
|
|
411
|
-
var He = { thumbprint: Be };
|
|
412
|
-
const qe = (e) => async (s) => await Me.generate(e)(s), Ae = (e) => (s) => async (n, t = "POST", o, i = {}) => {
|
|
511
|
+
}, qe = { thumbprint: He }, je = (e) => async (s) => await Be.generate(e)(s), Se = (e) => (s) => async (n, t = "POST", o, i = {}) => {
|
|
413
512
|
const r = {
|
|
414
513
|
// https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
|
|
415
|
-
jti: btoa(
|
|
514
|
+
jti: btoa(Ge()),
|
|
416
515
|
htm: t,
|
|
417
516
|
htu: o,
|
|
418
517
|
iat: Math.round(Date.now() / 1e3),
|
|
419
518
|
...i
|
|
420
|
-
}, a = await
|
|
421
|
-
|
|
422
|
-
|
|
519
|
+
}, a = await qe.thumbprint(e)(
|
|
520
|
+
n,
|
|
521
|
+
s.digestAlgorithm
|
|
522
|
+
);
|
|
523
|
+
return await Ve.sign(e)(
|
|
524
|
+
n,
|
|
525
|
+
{ kid: a },
|
|
526
|
+
r,
|
|
527
|
+
s
|
|
528
|
+
);
|
|
529
|
+
}, Ge = () => {
|
|
423
530
|
const e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", s = "0123456789abcdef";
|
|
424
531
|
let n = 0, t = "";
|
|
425
532
|
for (let o = 0; o < 36; o++)
|
|
426
533
|
e[o] !== "-" && e[o] !== "4" && (n = Math.random() * 16 | 0), e[o] === "x" ? t += s[n] : e[o] === "y" ? (n &= 3, n |= 8, t += s[n]) : t += e[o];
|
|
427
534
|
return t;
|
|
428
|
-
},
|
|
535
|
+
}, ve = () => {
|
|
429
536
|
const e = typeof window < "u" && !!window.crypto, s = e && !!window.crypto.subtle;
|
|
430
537
|
return { hasCrypto: e, hasSubtleCrypto: s };
|
|
431
|
-
}, ee = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
|
|
538
|
+
}, ee = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", Ye = (e) => {
|
|
432
539
|
const s = [];
|
|
433
540
|
for (let n = 0; n < e.byteLength; n += 1) {
|
|
434
541
|
const t = e[n] % ee.length;
|
|
@@ -436,39 +543,42 @@ const qe = (e) => async (s) => await Me.generate(e)(s), Ae = (e) => (s) => async
|
|
|
436
543
|
}
|
|
437
544
|
return s.join("");
|
|
438
545
|
}, se = (e) => {
|
|
439
|
-
const s = new Uint8Array(e), { hasCrypto: n } =
|
|
546
|
+
const s = new Uint8Array(e), { hasCrypto: n } = ve();
|
|
440
547
|
if (n)
|
|
441
548
|
window.crypto.getRandomValues(s);
|
|
442
549
|
else
|
|
443
550
|
for (let t = 0; t < e; t += 1)
|
|
444
551
|
s[t] = Math.random() * ee.length | 0;
|
|
445
|
-
return
|
|
552
|
+
return Ye(s);
|
|
446
553
|
};
|
|
447
|
-
function
|
|
554
|
+
function Xe(e) {
|
|
448
555
|
const s = new ArrayBuffer(e.length), n = new Uint8Array(s);
|
|
449
556
|
for (let t = 0; t < e.length; t++)
|
|
450
557
|
n[t] = e.charCodeAt(t);
|
|
451
558
|
return n;
|
|
452
559
|
}
|
|
453
|
-
function
|
|
560
|
+
function Te(e) {
|
|
454
561
|
return new Promise((s, n) => {
|
|
455
|
-
crypto.subtle.digest("SHA-256",
|
|
562
|
+
crypto.subtle.digest("SHA-256", Xe(e)).then(
|
|
563
|
+
(t) => s(ie(new Uint8Array(t))),
|
|
564
|
+
(t) => n(t)
|
|
565
|
+
);
|
|
456
566
|
});
|
|
457
567
|
}
|
|
458
|
-
const
|
|
568
|
+
const ze = (e) => {
|
|
459
569
|
if (e.length < 43 || e.length > 128)
|
|
460
570
|
return Promise.reject(new Error("Invalid code length."));
|
|
461
|
-
const { hasSubtleCrypto: s } =
|
|
462
|
-
return s ?
|
|
463
|
-
},
|
|
464
|
-
const i = `${s}/.well-known/openid-configuration`, r = `oidc.server:${s}`, a =
|
|
571
|
+
const { hasSubtleCrypto: s } = ve();
|
|
572
|
+
return s ? Te(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
|
|
573
|
+
}, Qe = 60 * 60, Ze = (e) => async (s, n = Qe, t = window.sessionStorage, o = 1e4) => {
|
|
574
|
+
const i = `${s}/.well-known/openid-configuration`, r = `oidc.server:${s}`, a = Re(r, t, n);
|
|
465
575
|
if (a)
|
|
466
576
|
return new te(a);
|
|
467
|
-
const
|
|
468
|
-
if (
|
|
577
|
+
const u = await B(e)(i, {}, o);
|
|
578
|
+
if (u.status !== 200)
|
|
469
579
|
return null;
|
|
470
|
-
const
|
|
471
|
-
return
|
|
580
|
+
const d = await u.json();
|
|
581
|
+
return $e(r, d, t), new te(d);
|
|
472
582
|
}, B = (e) => async (s, n = {}, t = 1e4, o = 0) => {
|
|
473
583
|
let i;
|
|
474
584
|
try {
|
|
@@ -486,7 +596,7 @@ const Xe = (e) => {
|
|
|
486
596
|
}, ne = {
|
|
487
597
|
refresh_token: "refresh_token",
|
|
488
598
|
access_token: "access_token"
|
|
489
|
-
},
|
|
599
|
+
}, de = (e) => async (s, n, t = ne.refresh_token, o, i = {}, r = 1e4) => {
|
|
490
600
|
const a = {
|
|
491
601
|
token: n,
|
|
492
602
|
token_type_hint: t,
|
|
@@ -494,99 +604,127 @@ const Xe = (e) => {
|
|
|
494
604
|
};
|
|
495
605
|
for (const [c, _] of Object.entries(i))
|
|
496
606
|
a[c] === void 0 && (a[c] = _);
|
|
497
|
-
const
|
|
607
|
+
const u = [];
|
|
498
608
|
for (const c in a) {
|
|
499
|
-
const _ = encodeURIComponent(c),
|
|
500
|
-
|
|
501
|
-
}
|
|
502
|
-
const
|
|
503
|
-
return (await B(e)(
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
609
|
+
const _ = encodeURIComponent(c), h = encodeURIComponent(a[c]);
|
|
610
|
+
u.push(`${_}=${h}`);
|
|
611
|
+
}
|
|
612
|
+
const d = u.join("&");
|
|
613
|
+
return (await B(e)(
|
|
614
|
+
s,
|
|
615
|
+
{
|
|
616
|
+
method: "POST",
|
|
617
|
+
headers: {
|
|
618
|
+
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
|
|
619
|
+
},
|
|
620
|
+
body: d
|
|
507
621
|
},
|
|
508
|
-
|
|
509
|
-
|
|
622
|
+
r
|
|
623
|
+
)).status !== 200 ? { success: !1 } : {
|
|
510
624
|
success: !0
|
|
511
625
|
};
|
|
512
|
-
},
|
|
513
|
-
for (const [
|
|
514
|
-
n[
|
|
515
|
-
const
|
|
516
|
-
for (const
|
|
517
|
-
const g = encodeURIComponent(
|
|
518
|
-
|
|
519
|
-
}
|
|
520
|
-
const
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
626
|
+
}, es = (e) => async (s, n, t, o, i = {}, r, a = 1e4) => {
|
|
627
|
+
for (const [h, g] of Object.entries(t))
|
|
628
|
+
n[h] === void 0 && (n[h] = g);
|
|
629
|
+
const u = [];
|
|
630
|
+
for (const h in n) {
|
|
631
|
+
const g = encodeURIComponent(h), w = encodeURIComponent(n[h]);
|
|
632
|
+
u.push(`${g}=${w}`);
|
|
633
|
+
}
|
|
634
|
+
const d = u.join("&"), l = await B(e)(
|
|
635
|
+
s,
|
|
636
|
+
{
|
|
637
|
+
method: "POST",
|
|
638
|
+
headers: {
|
|
639
|
+
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
640
|
+
...i
|
|
641
|
+
},
|
|
642
|
+
body: d
|
|
525
643
|
},
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
if (
|
|
644
|
+
a
|
|
645
|
+
);
|
|
646
|
+
if (l.status !== 200)
|
|
529
647
|
return {
|
|
530
648
|
success: !1,
|
|
531
|
-
status:
|
|
649
|
+
status: l.status,
|
|
532
650
|
demonstratingProofOfPossessionNonce: null
|
|
533
651
|
};
|
|
534
|
-
const c = await
|
|
652
|
+
const c = await l.json();
|
|
535
653
|
let _ = null;
|
|
536
|
-
return
|
|
654
|
+
return l.headers.has(G) && (_ = l.headers.get(
|
|
655
|
+
G
|
|
656
|
+
)), {
|
|
537
657
|
success: !0,
|
|
538
|
-
status:
|
|
658
|
+
status: l.status,
|
|
539
659
|
data: oe(c, o, r),
|
|
540
660
|
demonstratingProofOfPossessionNonce: _
|
|
541
661
|
};
|
|
542
|
-
},
|
|
662
|
+
}, ss = (e, s) => async (n, t) => {
|
|
543
663
|
t = t ? { ...t } : {};
|
|
544
|
-
const o = se(128), i = await
|
|
664
|
+
const o = se(128), i = await ze(o);
|
|
545
665
|
await e.setCodeVerifierAsync(o), await e.setStateAsync(t.state), t.code_challenge = i, t.code_challenge_method = "S256";
|
|
546
666
|
let r = "";
|
|
547
667
|
if (t)
|
|
548
|
-
for (const [a,
|
|
549
|
-
r === "" ? r += "?" : r += "&", r += `${a}=${encodeURIComponent(
|
|
668
|
+
for (const [a, u] of Object.entries(t))
|
|
669
|
+
r === "" ? r += "?" : r += "&", r += `${a}=${encodeURIComponent(u)}`;
|
|
550
670
|
s.open(`${n}${r}`);
|
|
551
|
-
},
|
|
671
|
+
}, G = "DPoP-Nonce", ns = (e) => async (s, n, t, o, i = 1e4) => {
|
|
552
672
|
n = n ? { ...n } : {}, n.code_verifier = await e.getCodeVerifierAsync();
|
|
553
673
|
const r = [];
|
|
554
674
|
for (const c in n) {
|
|
555
|
-
const _ = encodeURIComponent(c),
|
|
556
|
-
r.push(`${_}=${
|
|
557
|
-
}
|
|
558
|
-
const a = r.join("&"),
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
675
|
+
const _ = encodeURIComponent(c), h = encodeURIComponent(n[c]);
|
|
676
|
+
r.push(`${_}=${h}`);
|
|
677
|
+
}
|
|
678
|
+
const a = r.join("&"), u = await B(fetch)(
|
|
679
|
+
s,
|
|
680
|
+
{
|
|
681
|
+
method: "POST",
|
|
682
|
+
headers: {
|
|
683
|
+
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
684
|
+
...t
|
|
685
|
+
},
|
|
686
|
+
body: a
|
|
563
687
|
},
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]),
|
|
567
|
-
return { success: !1, status:
|
|
568
|
-
let
|
|
569
|
-
|
|
570
|
-
|
|
688
|
+
i
|
|
689
|
+
);
|
|
690
|
+
if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), u.status !== 200)
|
|
691
|
+
return { success: !1, status: u.status };
|
|
692
|
+
let d = null;
|
|
693
|
+
u.headers.has(G) && (d = u.headers.get(
|
|
694
|
+
G
|
|
695
|
+
));
|
|
696
|
+
const l = await u.json();
|
|
571
697
|
return {
|
|
572
698
|
success: !0,
|
|
573
699
|
data: {
|
|
574
700
|
state: n.state,
|
|
575
|
-
tokens: oe(
|
|
576
|
-
demonstratingProofOfPossessionNonce:
|
|
701
|
+
tokens: oe(l, null, o),
|
|
702
|
+
demonstratingProofOfPossessionNonce: d
|
|
577
703
|
}
|
|
578
704
|
};
|
|
579
705
|
};
|
|
580
|
-
async function
|
|
706
|
+
async function he(e, s, n) {
|
|
581
707
|
const t = (a) => {
|
|
582
708
|
e.tokens = a;
|
|
583
|
-
}, { tokens: o, status: i } = await H(e)(
|
|
709
|
+
}, { tokens: o, status: i } = await H(e)(
|
|
710
|
+
0,
|
|
711
|
+
s,
|
|
712
|
+
n,
|
|
713
|
+
t
|
|
714
|
+
);
|
|
584
715
|
return await I(e.configuration, e.configurationName) || await O(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? o : (await e.destroyAsync(i), null);
|
|
585
716
|
}
|
|
586
|
-
const
|
|
717
|
+
const ts = async (e, s) => {
|
|
587
718
|
const n = await I(s, e.configurationName);
|
|
588
719
|
if (n) {
|
|
589
|
-
const t = await e.initAsync(
|
|
720
|
+
const t = await e.initAsync(
|
|
721
|
+
s.authority,
|
|
722
|
+
s.authority_configuration
|
|
723
|
+
), { tokens: o } = await n.initAsync(
|
|
724
|
+
t,
|
|
725
|
+
"tryKeepExistingSessionAsync",
|
|
726
|
+
s
|
|
727
|
+
);
|
|
590
728
|
return o;
|
|
591
729
|
} else {
|
|
592
730
|
const t = O(e.configurationName, s.storage ?? sessionStorage);
|
|
@@ -594,17 +732,19 @@ const ns = async (e, s) => {
|
|
|
594
732
|
return o = X(o, e.tokens, s.token_renew_mode), o;
|
|
595
733
|
}
|
|
596
734
|
};
|
|
597
|
-
async function
|
|
735
|
+
async function be(e, s = !1, n = null) {
|
|
598
736
|
const t = e.configuration, o = `${t.client_id}_${e.configurationName}_${t.authority}`;
|
|
599
737
|
let i;
|
|
600
738
|
const r = await I(e.configuration, e.configurationName);
|
|
601
|
-
return (t == null ? void 0 : t.storage) === (window == null ? void 0 : window.sessionStorage) && !r ? i = await
|
|
739
|
+
return (t == null ? void 0 : t.storage) === (window == null ? void 0 : window.sessionStorage) && !r ? i = await he(e, s, n) : i = await navigator.locks.request(o, { ifAvailable: !0 }, async (a) => a ? await he(e, s, n) : (e.publishEvent(C.eventNames.syncTokensAsync_lock_not_available, {
|
|
740
|
+
lock: "lock not available"
|
|
741
|
+
}), await ts(e, t))), i ? (e.timeoutId && (e.timeoutId = J(e, e.tokens.expiresAt, n)), e.tokens) : null;
|
|
602
742
|
}
|
|
603
743
|
const J = (e, s, n = null) => {
|
|
604
744
|
const t = e.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
605
745
|
return M.setTimeout(async () => {
|
|
606
746
|
const i = { timeLeft: U(t, s) };
|
|
607
|
-
e.publishEvent(
|
|
747
|
+
e.publishEvent(C.eventNames.token_timer, i), await be(e, !1, n);
|
|
608
748
|
}, 1e3);
|
|
609
749
|
}, x = {
|
|
610
750
|
FORCE_REFRESH: "FORCE_REFRESH",
|
|
@@ -614,14 +754,21 @@ const J = (e, s, n = null) => {
|
|
|
614
754
|
TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",
|
|
615
755
|
LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
|
|
616
756
|
REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS"
|
|
617
|
-
},
|
|
757
|
+
}, os = (e) => async (s, n, t, o = !1) => {
|
|
618
758
|
const i = { nonce: null };
|
|
619
759
|
if (!t)
|
|
620
760
|
return { tokens: null, status: "NOT_CONNECTED", nonce: i };
|
|
621
761
|
let r = i;
|
|
622
|
-
const a = await e.initAsync(
|
|
623
|
-
|
|
624
|
-
|
|
762
|
+
const a = await e.initAsync(
|
|
763
|
+
s.authority,
|
|
764
|
+
s.authority_configuration
|
|
765
|
+
), u = await I(s, n);
|
|
766
|
+
if (u) {
|
|
767
|
+
const { status: c, tokens: _ } = await u.initAsync(
|
|
768
|
+
a,
|
|
769
|
+
"syncTokensAsync",
|
|
770
|
+
s
|
|
771
|
+
);
|
|
625
772
|
if (c === "LOGGED_OUT")
|
|
626
773
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
627
774
|
if (c === "SESSIONS_LOST")
|
|
@@ -629,110 +776,174 @@ const J = (e, s, n = null) => {
|
|
|
629
776
|
if (!c || !_)
|
|
630
777
|
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: i };
|
|
631
778
|
if (_.issuedAt !== t.issuedAt) {
|
|
632
|
-
const g = U(
|
|
779
|
+
const g = U(
|
|
780
|
+
s.refresh_time_before_tokens_expiration_in_second,
|
|
781
|
+
_.expiresAt
|
|
782
|
+
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", w = await u.getNonceAsync();
|
|
633
783
|
return { tokens: _, status: g, nonce: w };
|
|
634
784
|
}
|
|
635
|
-
r = await
|
|
785
|
+
r = await u.getNonceAsync();
|
|
636
786
|
} else {
|
|
637
|
-
const c = O(n, s.storage ?? sessionStorage);
|
|
638
|
-
let { tokens:
|
|
639
|
-
|
|
640
|
-
|
|
787
|
+
const c = O(n, s.storage ?? sessionStorage), _ = await c.initAsync();
|
|
788
|
+
let { tokens: h } = _;
|
|
789
|
+
const { status: g } = _;
|
|
790
|
+
if (h && (h = X(h, e.tokens, s.token_renew_mode)), h) {
|
|
791
|
+
if (g === "SESSIONS_LOST")
|
|
641
792
|
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
|
|
642
|
-
if (
|
|
643
|
-
const
|
|
644
|
-
|
|
793
|
+
if (h.issuedAt !== t.issuedAt) {
|
|
794
|
+
const k = U(
|
|
795
|
+
s.refresh_time_before_tokens_expiration_in_second,
|
|
796
|
+
h.expiresAt
|
|
797
|
+
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", b = await c.getNonceAsync();
|
|
798
|
+
return { tokens: h, status: k, nonce: b };
|
|
645
799
|
}
|
|
646
800
|
} else
|
|
647
801
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
648
802
|
r = await c.getNonceAsync();
|
|
649
803
|
}
|
|
650
|
-
const
|
|
651
|
-
|
|
804
|
+
const l = U(
|
|
805
|
+
s.refresh_time_before_tokens_expiration_in_second,
|
|
806
|
+
t.expiresAt
|
|
807
|
+
) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
|
|
808
|
+
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status: l, nonce: r };
|
|
652
809
|
}, H = (e) => async (s = 0, n = !1, t = null, o) => {
|
|
653
810
|
if (!navigator.onLine && document.hidden)
|
|
654
811
|
return { tokens: e.tokens, status: "GIVE_UP" };
|
|
655
812
|
let i = 6;
|
|
656
813
|
for (; !navigator.onLine && i > 0; )
|
|
657
|
-
await z({ milliseconds: 1e3 }), i--, e.publishEvent(m.refreshTokensAsync, {
|
|
814
|
+
await z({ milliseconds: 1e3 }), i--, e.publishEvent(m.refreshTokensAsync, {
|
|
815
|
+
message: `wait because navigator is offline try ${i}`
|
|
816
|
+
});
|
|
658
817
|
const r = s + 1;
|
|
659
818
|
t || (t = {});
|
|
660
|
-
const a = e.configuration,
|
|
819
|
+
const a = e.configuration, u = (l, c = null, _ = null) => re(
|
|
820
|
+
e.configurationName,
|
|
821
|
+
e.configuration,
|
|
822
|
+
e.publishEvent.bind(e)
|
|
823
|
+
)(l, c, _), d = async () => {
|
|
661
824
|
try {
|
|
662
|
-
let
|
|
825
|
+
let l;
|
|
663
826
|
const c = await I(a, e.configurationName);
|
|
664
|
-
c ?
|
|
665
|
-
const _ = await
|
|
666
|
-
...
|
|
827
|
+
c ? l = c.getLoginParams() : l = O(e.configurationName, a.storage).getLoginParams();
|
|
828
|
+
const _ = await u({
|
|
829
|
+
...l.extras,
|
|
667
830
|
...t,
|
|
668
831
|
prompt: "none"
|
|
669
832
|
});
|
|
670
|
-
return _ ? _.error ? (o(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
671
|
-
|
|
672
|
-
|
|
833
|
+
return _ ? _.error ? (o(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
834
|
+
message: "refresh token silent"
|
|
835
|
+
}), { tokens: null, status: "SESSION_LOST" }) : (o(_.tokens), e.publishEvent(C.eventNames.token_renewed, {}), { tokens: _.tokens, status: "LOGGED" }) : (o(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
836
|
+
message: "refresh token silent not active"
|
|
837
|
+
}), { tokens: null, status: "SESSION_LOST" });
|
|
838
|
+
} catch (l) {
|
|
839
|
+
return console.error(l), e.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
840
|
+
message: "exceptionSilent",
|
|
841
|
+
exception: l.message
|
|
842
|
+
}), await H(e)(r, n, t, o);
|
|
673
843
|
}
|
|
674
844
|
};
|
|
675
845
|
try {
|
|
676
|
-
const { status:
|
|
677
|
-
|
|
846
|
+
const { status: l, tokens: c, nonce: _ } = await os(e)(
|
|
847
|
+
a,
|
|
848
|
+
e.configurationName,
|
|
849
|
+
e.tokens,
|
|
850
|
+
n
|
|
851
|
+
);
|
|
852
|
+
switch (l) {
|
|
678
853
|
case x.SESSION_LOST:
|
|
679
|
-
return o(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
854
|
+
return o(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
855
|
+
message: "refresh token session lost"
|
|
856
|
+
}), { tokens: null, status: "SESSION_LOST" };
|
|
680
857
|
case x.NOT_CONNECTED:
|
|
681
858
|
return o(null), { tokens: null, status: null };
|
|
682
859
|
case x.TOKENS_VALID:
|
|
683
860
|
return o(c), { tokens: c, status: "LOGGED_IN" };
|
|
684
861
|
case x.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
|
|
685
|
-
return o(c), e.publishEvent(
|
|
862
|
+
return o(c), e.publishEvent(C.eventNames.token_renewed, {
|
|
863
|
+
reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"
|
|
864
|
+
}), { tokens: c, status: "LOGGED_IN" };
|
|
686
865
|
case x.LOGOUT_FROM_ANOTHER_TAB:
|
|
687
|
-
return o(null), e.publishEvent(m.logout_from_another_tab, {
|
|
866
|
+
return o(null), e.publishEvent(m.logout_from_another_tab, {
|
|
867
|
+
status: "session syncTokensAsync"
|
|
868
|
+
}), { tokens: null, status: "LOGGED_OUT" };
|
|
688
869
|
case x.REQUIRE_SYNC_TOKENS:
|
|
689
|
-
return a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !==
|
|
870
|
+
return a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== l ? (e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(m.refreshTokensAsync_begin, { tryNumber: s }), await d());
|
|
690
871
|
default: {
|
|
691
|
-
if (a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !==
|
|
872
|
+
if (a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== l)
|
|
692
873
|
return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
|
|
693
|
-
if (e.publishEvent(m.refreshTokensAsync_begin, {
|
|
694
|
-
|
|
695
|
-
|
|
696
|
-
|
|
697
|
-
|
|
874
|
+
if (e.publishEvent(m.refreshTokensAsync_begin, {
|
|
875
|
+
refreshToken: c.refreshToken,
|
|
876
|
+
status: l,
|
|
877
|
+
tryNumber: s
|
|
878
|
+
}), !c.refreshToken)
|
|
879
|
+
return await d();
|
|
880
|
+
const h = a.client_id, g = a.redirect_uri, w = a.authority, b = { ...a.token_request_extras ? a.token_request_extras : {} };
|
|
881
|
+
for (const [A, S] of Object.entries(t))
|
|
882
|
+
A.endsWith(":token_request") && (b[A.replace(":token_request", "")] = S);
|
|
698
883
|
return await (async () => {
|
|
699
|
-
const
|
|
700
|
-
client_id:
|
|
884
|
+
const A = {
|
|
885
|
+
client_id: h,
|
|
701
886
|
redirect_uri: g,
|
|
702
887
|
grant_type: "refresh_token",
|
|
703
888
|
refresh_token: c.refreshToken
|
|
704
|
-
},
|
|
705
|
-
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
889
|
+
}, S = await e.initAsync(
|
|
890
|
+
w,
|
|
891
|
+
a.authority_configuration
|
|
892
|
+
), y = document.hidden ? 1e4 : 3e4 * 10, N = S.tokenEndpoint, f = {};
|
|
893
|
+
a.demonstrating_proof_of_possession && (f.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(
|
|
894
|
+
c.accessToken,
|
|
895
|
+
N,
|
|
896
|
+
"POST"
|
|
897
|
+
));
|
|
898
|
+
const p = await es(e.getFetch())(
|
|
899
|
+
N,
|
|
709
900
|
A,
|
|
901
|
+
b,
|
|
710
902
|
c,
|
|
711
|
-
|
|
903
|
+
f,
|
|
712
904
|
a.token_renew_mode,
|
|
713
|
-
|
|
905
|
+
y
|
|
714
906
|
);
|
|
715
907
|
if (p.success) {
|
|
716
|
-
const { isValid:
|
|
717
|
-
|
|
718
|
-
|
|
908
|
+
const { isValid: T, reason: L } = me(
|
|
909
|
+
p.data,
|
|
910
|
+
_.nonce,
|
|
911
|
+
S
|
|
912
|
+
);
|
|
913
|
+
if (!T)
|
|
914
|
+
return o(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
915
|
+
message: `refresh token return not valid tokens, reason: ${L}`
|
|
916
|
+
}), { tokens: null, status: "SESSION_LOST" };
|
|
719
917
|
if (o(p.data), p.demonstratingProofOfPossessionNonce) {
|
|
720
918
|
const v = await I(a, e.configurationName);
|
|
721
|
-
v ? await v.setDemonstratingProofOfPossessionNonce(
|
|
919
|
+
v ? await v.setDemonstratingProofOfPossessionNonce(
|
|
920
|
+
p.demonstratingProofOfPossessionNonce
|
|
921
|
+
) : await O(e.configurationName, a.storage).setDemonstratingProofOfPossessionNonce(
|
|
922
|
+
p.demonstratingProofOfPossessionNonce
|
|
923
|
+
);
|
|
722
924
|
}
|
|
723
|
-
return e.publishEvent(m.refreshTokensAsync_end, {
|
|
925
|
+
return e.publishEvent(m.refreshTokensAsync_end, {
|
|
926
|
+
success: p.success
|
|
927
|
+
}), e.publishEvent(C.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: p.data, status: "LOGGED_IN" };
|
|
724
928
|
} else
|
|
725
929
|
return e.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
726
930
|
message: "bad request",
|
|
727
931
|
tokenResponse: p
|
|
728
|
-
}), p.status >= 400 && p.status < 500 ? (o(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
932
|
+
}), p.status >= 400 && p.status < 500 ? (o(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
933
|
+
message: `session lost: ${p.status}`
|
|
934
|
+
}), { tokens: null, status: "SESSION_LOST" }) : await H(e)(
|
|
935
|
+
r,
|
|
936
|
+
n,
|
|
937
|
+
t,
|
|
938
|
+
o
|
|
939
|
+
);
|
|
729
940
|
})();
|
|
730
941
|
}
|
|
731
942
|
}
|
|
732
|
-
} catch (
|
|
733
|
-
return console.error(
|
|
943
|
+
} catch (l) {
|
|
944
|
+
return console.error(l), e.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
734
945
|
message: "exception",
|
|
735
|
-
exception:
|
|
946
|
+
exception: l.message
|
|
736
947
|
}), new Promise((c, _) => {
|
|
737
948
|
setTimeout(() => {
|
|
738
949
|
H(e)(r, n, t, o).then(c).catch(_);
|
|
@@ -748,24 +959,24 @@ const J = (e, s, n = null) => {
|
|
|
748
959
|
if (o && (t == null && (t = {}), t.state = o), i && (t == null && (t = {}), t.scope = i), t != null)
|
|
749
960
|
for (const [c, _] of Object.entries(t))
|
|
750
961
|
r === "" ? r = `?${encodeURIComponent(c)}=${encodeURIComponent(_)}` : r += `&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;
|
|
751
|
-
const a = s.silent_login_uri + r,
|
|
752
|
-
return
|
|
753
|
-
let
|
|
962
|
+
const a = s.silent_login_uri + r, u = a.indexOf("/", a.indexOf("//") + 2), d = a.substring(0, u), l = document.createElement("iframe");
|
|
963
|
+
return l.width = "0px", l.height = "0px", l.id = `${e}_oidc_iframe`, l.setAttribute("src", a), document.body.appendChild(l), new Promise((c, _) => {
|
|
964
|
+
let h = !1;
|
|
754
965
|
const g = () => {
|
|
755
|
-
window.removeEventListener("message", w),
|
|
966
|
+
window.removeEventListener("message", w), l.remove(), h = !0;
|
|
756
967
|
}, w = (k) => {
|
|
757
|
-
if (k.origin ===
|
|
758
|
-
const
|
|
759
|
-
if (
|
|
760
|
-
if (
|
|
761
|
-
const
|
|
762
|
-
n(m.silentLoginAsync_end, {}), c(
|
|
763
|
-
} else if (
|
|
764
|
-
const
|
|
765
|
-
n(m.silentLoginAsync_error,
|
|
766
|
-
} else if (
|
|
767
|
-
const
|
|
768
|
-
n(m.silentLoginAsync_error,
|
|
968
|
+
if (k.origin === d && k.source === l.contentWindow) {
|
|
969
|
+
const b = `${e}_oidc_tokens:`, E = `${e}_oidc_error:`, A = `${e}_oidc_exception:`, S = k.data;
|
|
970
|
+
if (S && typeof S == "string" && !h) {
|
|
971
|
+
if (S.startsWith(b)) {
|
|
972
|
+
const y = JSON.parse(k.data.replace(b, ""));
|
|
973
|
+
n(m.silentLoginAsync_end, {}), c(y), g();
|
|
974
|
+
} else if (S.startsWith(E)) {
|
|
975
|
+
const y = JSON.parse(k.data.replace(E, ""));
|
|
976
|
+
n(m.silentLoginAsync_error, y), c({ error: "oidc_" + y.error, tokens: null, sessionState: null }), g();
|
|
977
|
+
} else if (S.startsWith(A)) {
|
|
978
|
+
const y = JSON.parse(k.data.replace(A, ""));
|
|
979
|
+
n(m.silentLoginAsync_error, y), _(new Error(y.error)), g();
|
|
769
980
|
}
|
|
770
981
|
}
|
|
771
982
|
}
|
|
@@ -774,7 +985,7 @@ const J = (e, s, n = null) => {
|
|
|
774
985
|
window.addEventListener("message", w);
|
|
775
986
|
const k = s.silent_login_timeout;
|
|
776
987
|
setTimeout(() => {
|
|
777
|
-
|
|
988
|
+
h || (g(), n(m.silentLoginAsync_error, { reason: "timeout" }), _(new Error("timeout")));
|
|
778
989
|
}, k);
|
|
779
990
|
} catch (k) {
|
|
780
991
|
g(), n(m.silentLoginAsync_error, k), _(k);
|
|
@@ -783,34 +994,46 @@ const J = (e, s, n = null) => {
|
|
|
783
994
|
} catch (r) {
|
|
784
995
|
throw n(m.silentLoginAsync_error, r), r;
|
|
785
996
|
}
|
|
786
|
-
},
|
|
997
|
+
}, is = (e, s, n, t, o) => (i = null, r = void 0) => {
|
|
787
998
|
i = { ...i };
|
|
788
|
-
const a = (
|
|
999
|
+
const a = (d, l, c) => re(s, n, t.bind(o))(
|
|
1000
|
+
d,
|
|
1001
|
+
l,
|
|
1002
|
+
c
|
|
1003
|
+
);
|
|
789
1004
|
return (async () => {
|
|
790
1005
|
o.timeoutId && M.clearTimeout(o.timeoutId);
|
|
791
|
-
let
|
|
792
|
-
i && "state" in i && (
|
|
1006
|
+
let d;
|
|
1007
|
+
i && "state" in i && (d = i.state, delete i.state);
|
|
793
1008
|
try {
|
|
794
|
-
const
|
|
795
|
-
|
|
796
|
-
|
|
797
|
-
|
|
1009
|
+
const l = n.extras ? { ...n.extras, ...i } : i, c = await a(
|
|
1010
|
+
{
|
|
1011
|
+
...l,
|
|
1012
|
+
prompt: "none"
|
|
1013
|
+
},
|
|
1014
|
+
d,
|
|
1015
|
+
r
|
|
1016
|
+
);
|
|
798
1017
|
if (c)
|
|
799
1018
|
return o.tokens = c.tokens, t(m.token_aquired, {}), o.timeoutId = J(o, o.tokens.expiresAt, i), {};
|
|
800
|
-
} catch (
|
|
801
|
-
return
|
|
1019
|
+
} catch (l) {
|
|
1020
|
+
return l;
|
|
802
1021
|
}
|
|
803
1022
|
})();
|
|
804
|
-
},
|
|
805
|
-
const a = (
|
|
806
|
-
|
|
1023
|
+
}, rs = (e, s, n) => (t, o, i, r = !1) => {
|
|
1024
|
+
const a = (u, d = void 0, l = void 0) => re(e.configurationName, n, e.publishEvent.bind(e))(
|
|
1025
|
+
u,
|
|
1026
|
+
d,
|
|
1027
|
+
l
|
|
1028
|
+
);
|
|
1029
|
+
return new Promise((u, d) => {
|
|
807
1030
|
if (n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && t && i && !r) {
|
|
808
|
-
const
|
|
1031
|
+
const l = () => {
|
|
809
1032
|
e.checkSessionIFrame.stop();
|
|
810
1033
|
const c = e.tokens;
|
|
811
1034
|
if (c === null)
|
|
812
1035
|
return;
|
|
813
|
-
const _ = c.idToken,
|
|
1036
|
+
const _ = c.idToken, h = c.idTokenPayload;
|
|
814
1037
|
return a({
|
|
815
1038
|
prompt: "none",
|
|
816
1039
|
id_token_hint: _,
|
|
@@ -819,26 +1042,190 @@ const J = (e, s, n = null) => {
|
|
|
819
1042
|
if (g.error)
|
|
820
1043
|
throw new Error(g.error);
|
|
821
1044
|
const w = g.tokens.idTokenPayload;
|
|
822
|
-
if (
|
|
1045
|
+
if (h.sub === w.sub) {
|
|
823
1046
|
const k = g.sessionState;
|
|
824
|
-
e.checkSessionIFrame.start(g.sessionState),
|
|
1047
|
+
e.checkSessionIFrame.start(g.sessionState), h.sid === w.sid ? console.debug(
|
|
1048
|
+
"SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
|
|
1049
|
+
k
|
|
1050
|
+
) : console.debug(
|
|
1051
|
+
"SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",
|
|
1052
|
+
k
|
|
1053
|
+
);
|
|
825
1054
|
} else
|
|
826
|
-
console.debug(
|
|
1055
|
+
console.debug(
|
|
1056
|
+
"SessionMonitor._callback: Different subject signed into OP:",
|
|
1057
|
+
w.sub
|
|
1058
|
+
);
|
|
827
1059
|
}).catch(async (g) => {
|
|
828
|
-
console.warn(
|
|
829
|
-
|
|
830
|
-
|
|
1060
|
+
console.warn(
|
|
1061
|
+
"SessionMonitor._callback: Silent login failed, logging out other tabs:",
|
|
1062
|
+
g
|
|
1063
|
+
);
|
|
1064
|
+
for (const [, w] of Object.entries(s))
|
|
1065
|
+
await w.logoutOtherTabAsync(n.client_id, h.sub);
|
|
831
1066
|
});
|
|
832
1067
|
};
|
|
833
|
-
e.checkSessionIFrame = new
|
|
834
|
-
|
|
1068
|
+
e.checkSessionIFrame = new Oe(
|
|
1069
|
+
l,
|
|
1070
|
+
o,
|
|
1071
|
+
t
|
|
1072
|
+
), e.checkSessionIFrame.load().then(() => {
|
|
1073
|
+
e.checkSessionIFrame.start(i), u(e.checkSessionIFrame);
|
|
835
1074
|
}).catch((c) => {
|
|
836
|
-
|
|
1075
|
+
d(c);
|
|
837
1076
|
});
|
|
838
1077
|
} else
|
|
839
|
-
|
|
1078
|
+
u(null);
|
|
840
1079
|
});
|
|
841
|
-
},
|
|
1080
|
+
}, as = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), cs = (e) => {
|
|
1081
|
+
const s = e.appVersion, n = e.userAgent, t = "-";
|
|
1082
|
+
let o = t;
|
|
1083
|
+
const i = [
|
|
1084
|
+
{ s: "Windows 10", r: /(Windows 10.0|Windows NT 10.0)/ },
|
|
1085
|
+
{ s: "Windows 8.1", r: /(Windows 8.1|Windows NT 6.3)/ },
|
|
1086
|
+
{ s: "Windows 8", r: /(Windows 8|Windows NT 6.2)/ },
|
|
1087
|
+
{ s: "Windows 7", r: /(Windows 7|Windows NT 6.1)/ },
|
|
1088
|
+
{ s: "Windows Vista", r: /Windows NT 6.0/ },
|
|
1089
|
+
{ s: "Windows Server 2003", r: /Windows NT 5.2/ },
|
|
1090
|
+
{ s: "Windows XP", r: /(Windows NT 5.1|Windows XP)/ },
|
|
1091
|
+
{ s: "Windows 2000", r: /(Windows NT 5.0|Windows 2000)/ },
|
|
1092
|
+
{ s: "Windows ME", r: /(Win 9x 4.90|Windows ME)/ },
|
|
1093
|
+
{ s: "Windows 98", r: /(Windows 98|Win98)/ },
|
|
1094
|
+
{ s: "Windows 95", r: /(Windows 95|Win95|Windows_95)/ },
|
|
1095
|
+
{ s: "Windows NT 4.0", r: /(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/ },
|
|
1096
|
+
{ s: "Windows CE", r: /Windows CE/ },
|
|
1097
|
+
{ s: "Windows 3.11", r: /Win16/ },
|
|
1098
|
+
{ s: "Android", r: /Android/ },
|
|
1099
|
+
{ s: "Open BSD", r: /OpenBSD/ },
|
|
1100
|
+
{ s: "Sun OS", r: /SunOS/ },
|
|
1101
|
+
{ s: "Chrome OS", r: /CrOS/ },
|
|
1102
|
+
{ s: "Linux", r: /(Linux|X11(?!.*CrOS))/ },
|
|
1103
|
+
{ s: "iOS", r: /(iPhone|iPad|iPod)/ },
|
|
1104
|
+
{ s: "Mac OS X", r: /Mac OS X/ },
|
|
1105
|
+
{ s: "Mac OS", r: /(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/ },
|
|
1106
|
+
{ s: "QNX", r: /QNX/ },
|
|
1107
|
+
{ s: "UNIX", r: /UNIX/ },
|
|
1108
|
+
{ s: "BeOS", r: /BeOS/ },
|
|
1109
|
+
{ s: "OS/2", r: /OS\/2/ },
|
|
1110
|
+
{
|
|
1111
|
+
s: "Search Bot",
|
|
1112
|
+
r: /(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/
|
|
1113
|
+
}
|
|
1114
|
+
];
|
|
1115
|
+
for (const a in i) {
|
|
1116
|
+
const u = i[a];
|
|
1117
|
+
if (u.r.test(n)) {
|
|
1118
|
+
o = u.s;
|
|
1119
|
+
break;
|
|
1120
|
+
}
|
|
1121
|
+
}
|
|
1122
|
+
let r = t;
|
|
1123
|
+
switch (/Windows/.test(o) && (r = /Windows (.*)/.exec(o)[1], o = "Windows"), o) {
|
|
1124
|
+
case "Mac OS":
|
|
1125
|
+
case "Mac OS X":
|
|
1126
|
+
case "Android":
|
|
1127
|
+
r = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];
|
|
1128
|
+
break;
|
|
1129
|
+
case "iOS": {
|
|
1130
|
+
const a = /OS (\d+)_(\d+)_?(\d+)?/.exec(s);
|
|
1131
|
+
a != null && a.length > 2 && (r = a[1] + "." + a[2] + "." + (parseInt(a[3]) | 0));
|
|
1132
|
+
break;
|
|
1133
|
+
}
|
|
1134
|
+
}
|
|
1135
|
+
return {
|
|
1136
|
+
os: o,
|
|
1137
|
+
osVersion: r
|
|
1138
|
+
};
|
|
1139
|
+
};
|
|
1140
|
+
function ls() {
|
|
1141
|
+
const e = navigator.userAgent;
|
|
1142
|
+
let s, n = e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
|
|
1143
|
+
if (/trident/i.test(n[1]))
|
|
1144
|
+
return s = /\brv[ :]+(\d+)/g.exec(e) || [], { name: "ie", version: s[1] || "" };
|
|
1145
|
+
if (n[1] === "Chrome" && (s = e.match(/\bOPR|Edge\/(\d+)/), s != null)) {
|
|
1146
|
+
let t = s[1];
|
|
1147
|
+
if (!t) {
|
|
1148
|
+
const o = e.split(s[0] + "/");
|
|
1149
|
+
o.length > 1 && (t = o[1]);
|
|
1150
|
+
}
|
|
1151
|
+
return { name: "opera", version: t };
|
|
1152
|
+
}
|
|
1153
|
+
return n = n[2] ? [n[1], n[2]] : [navigator.appName, navigator.appVersion, "-?"], (s = e.match(/version\/(\d+)/i)) != null && n.splice(1, 1, s[1]), {
|
|
1154
|
+
name: n[0].toLowerCase(),
|
|
1155
|
+
version: n[1]
|
|
1156
|
+
};
|
|
1157
|
+
}
|
|
1158
|
+
const us = () => {
|
|
1159
|
+
const { name: e, version: s } = ls();
|
|
1160
|
+
if (e === "chrome" && parseInt(s) <= 70 || e === "opera" && (!s || parseInt(s.split(".")[0]) < 80) || e === "ie")
|
|
1161
|
+
return !1;
|
|
1162
|
+
const n = cs(navigator);
|
|
1163
|
+
return !as(n);
|
|
1164
|
+
}, _s = async (e) => {
|
|
1165
|
+
let s;
|
|
1166
|
+
if (e.tokens != null)
|
|
1167
|
+
return !1;
|
|
1168
|
+
e.publishEvent(m.tryKeepExistingSessionAsync_begin, {});
|
|
1169
|
+
try {
|
|
1170
|
+
const n = e.configuration, t = await e.initAsync(
|
|
1171
|
+
n.authority,
|
|
1172
|
+
n.authority_configuration
|
|
1173
|
+
);
|
|
1174
|
+
if (s = await I(n, e.configurationName), s) {
|
|
1175
|
+
const { tokens: o } = await s.initAsync(
|
|
1176
|
+
t,
|
|
1177
|
+
"tryKeepExistingSessionAsync",
|
|
1178
|
+
n
|
|
1179
|
+
);
|
|
1180
|
+
if (o) {
|
|
1181
|
+
s.startKeepAliveServiceWorker(), e.tokens = o;
|
|
1182
|
+
const i = s.getLoginParams(e.configurationName);
|
|
1183
|
+
e.timeoutId = J(e, e.tokens.expiresAt, i.extras);
|
|
1184
|
+
const r = await s.getSessionStateAsync();
|
|
1185
|
+
return await e.startCheckSessionAsync(
|
|
1186
|
+
t.check_session_iframe,
|
|
1187
|
+
n.client_id,
|
|
1188
|
+
r
|
|
1189
|
+
), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1190
|
+
success: !0,
|
|
1191
|
+
message: "tokens inside ServiceWorker are valid"
|
|
1192
|
+
}), !0;
|
|
1193
|
+
}
|
|
1194
|
+
e.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1195
|
+
success: !1,
|
|
1196
|
+
message: "no exiting session found"
|
|
1197
|
+
});
|
|
1198
|
+
} else {
|
|
1199
|
+
n.service_worker_relative_url && e.publishEvent(m.service_worker_not_supported_by_browser, {
|
|
1200
|
+
message: "service worker is not supported by this browser"
|
|
1201
|
+
});
|
|
1202
|
+
const o = O(e.configurationName, n.storage ?? sessionStorage), { tokens: i } = await o.initAsync();
|
|
1203
|
+
if (i) {
|
|
1204
|
+
e.tokens = X(i, null, n.token_renew_mode);
|
|
1205
|
+
const r = o.getLoginParams();
|
|
1206
|
+
e.timeoutId = J(e, e.tokens.expiresAt, r.extras);
|
|
1207
|
+
const a = await o.getSessionStateAsync();
|
|
1208
|
+
return await e.startCheckSessionAsync(
|
|
1209
|
+
t.check_session_iframe,
|
|
1210
|
+
n.client_id,
|
|
1211
|
+
a
|
|
1212
|
+
), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1213
|
+
success: !0,
|
|
1214
|
+
message: "tokens inside storage are valid"
|
|
1215
|
+
}), !0;
|
|
1216
|
+
}
|
|
1217
|
+
}
|
|
1218
|
+
return e.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1219
|
+
success: !1,
|
|
1220
|
+
message: s ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
|
|
1221
|
+
}), !1;
|
|
1222
|
+
} catch (n) {
|
|
1223
|
+
return console.error(n), s && await s.clearAsync(), e.publishEvent(
|
|
1224
|
+
m.tryKeepExistingSessionAsync_error,
|
|
1225
|
+
"tokens inside ServiceWorker are invalid"
|
|
1226
|
+
), !1;
|
|
1227
|
+
}
|
|
1228
|
+
}, Ee = (e) => {
|
|
842
1229
|
const s = e.match(
|
|
843
1230
|
// eslint-disable-next-line no-useless-escape
|
|
844
1231
|
/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
|
|
@@ -860,24 +1247,24 @@ const J = (e, s, n = null) => {
|
|
|
860
1247
|
search: n,
|
|
861
1248
|
hash: t
|
|
862
1249
|
};
|
|
863
|
-
},
|
|
864
|
-
const s =
|
|
1250
|
+
}, vs = (e) => {
|
|
1251
|
+
const s = Ee(e);
|
|
865
1252
|
let { path: n } = s;
|
|
866
1253
|
n.endsWith("/") && (n = n.slice(0, -1));
|
|
867
1254
|
let { hash: t } = s;
|
|
868
1255
|
return t === "#_=_" && (t = ""), t && (n += t), n;
|
|
869
|
-
},
|
|
870
|
-
const s =
|
|
871
|
-
return
|
|
872
|
-
},
|
|
1256
|
+
}, Y = (e) => {
|
|
1257
|
+
const s = Ee(e), { search: n } = s;
|
|
1258
|
+
return fs(n);
|
|
1259
|
+
}, fs = (e) => {
|
|
873
1260
|
const s = {};
|
|
874
1261
|
let n, t, o;
|
|
875
1262
|
const i = e.split("&");
|
|
876
1263
|
for (t = 0, o = i.length; t < o; t++)
|
|
877
1264
|
n = i[t].split("="), s[decodeURIComponent(n[0])] = decodeURIComponent(n[1]);
|
|
878
1265
|
return s;
|
|
879
|
-
},
|
|
880
|
-
const
|
|
1266
|
+
}, ds = (e, s, n, t, o) => (i = void 0, r = null, a = !1, u = void 0) => {
|
|
1267
|
+
const d = r;
|
|
881
1268
|
return r = { ...r }, (async () => {
|
|
882
1269
|
const c = i || o.getPath();
|
|
883
1270
|
if ("state" in r || (r.state = se(16)), n(m.loginAsync_begin, {}), r)
|
|
@@ -885,104 +1272,135 @@ const J = (e, s, n = null) => {
|
|
|
885
1272
|
_.endsWith(":token_request") && delete r[_];
|
|
886
1273
|
try {
|
|
887
1274
|
const _ = a ? s.silent_redirect_uri : s.redirect_uri;
|
|
888
|
-
|
|
889
|
-
const
|
|
890
|
-
|
|
891
|
-
const g = { nonce:
|
|
892
|
-
|
|
1275
|
+
u || (u = s.scope);
|
|
1276
|
+
const h = s.extras ? { ...s.extras, ...r } : r;
|
|
1277
|
+
h.nonce || (h.nonce = se(12));
|
|
1278
|
+
const g = { nonce: h.nonce }, w = await I(s, e), k = await t(
|
|
1279
|
+
s.authority,
|
|
1280
|
+
s.authority_configuration
|
|
1281
|
+
);
|
|
1282
|
+
let b;
|
|
893
1283
|
if (w)
|
|
894
|
-
w.setLoginParams({ callbackPath: c, extras:
|
|
1284
|
+
w.setLoginParams({ callbackPath: c, extras: d }), await w.initAsync(k, "loginAsync", s), await w.setNonceAsync(g), w.startKeepAliveServiceWorker(), b = w;
|
|
895
1285
|
else {
|
|
896
|
-
const
|
|
897
|
-
|
|
1286
|
+
const A = O(e, s.storage ?? sessionStorage);
|
|
1287
|
+
A.setLoginParams({ callbackPath: c, extras: d }), await A.setNonceAsync(g), b = A;
|
|
898
1288
|
}
|
|
899
|
-
const
|
|
1289
|
+
const E = {
|
|
900
1290
|
client_id: s.client_id,
|
|
901
1291
|
redirect_uri: _,
|
|
902
|
-
scope:
|
|
1292
|
+
scope: u,
|
|
903
1293
|
response_type: "code",
|
|
904
|
-
...
|
|
1294
|
+
...h
|
|
905
1295
|
};
|
|
906
|
-
await
|
|
1296
|
+
await ss(b, o)(
|
|
1297
|
+
k.authorizationEndpoint,
|
|
1298
|
+
E
|
|
1299
|
+
);
|
|
907
1300
|
} catch (_) {
|
|
908
1301
|
throw n(m.loginAsync_error, _), _;
|
|
909
1302
|
}
|
|
910
1303
|
})();
|
|
911
|
-
},
|
|
1304
|
+
}, hs = (e) => async (s = !1) => {
|
|
912
1305
|
try {
|
|
913
1306
|
e.publishEvent(m.loginCallbackAsync_begin, {});
|
|
914
|
-
const n = e.configuration, t = n.client_id, o = s ? n.silent_redirect_uri : n.redirect_uri, i = n.authority, r = n.token_request_timeout, a = await e.initAsync(
|
|
915
|
-
|
|
1307
|
+
const n = e.configuration, t = n.client_id, o = s ? n.silent_redirect_uri : n.redirect_uri, i = n.authority, r = n.token_request_timeout, a = await e.initAsync(
|
|
1308
|
+
i,
|
|
1309
|
+
n.authority_configuration
|
|
1310
|
+
), u = e.location.getCurrentHref(), l = Y(u).session_state, c = await I(n, e.configurationName);
|
|
1311
|
+
let _, h, g, w;
|
|
916
1312
|
if (c)
|
|
917
|
-
await c.initAsync(a, "loginCallbackAsync", n), await c.setSessionStateAsync(
|
|
1313
|
+
await c.initAsync(a, "loginCallbackAsync", n), await c.setSessionStateAsync(l), h = await c.getNonceAsync(), g = c.getLoginParams(), w = await c.getStateAsync(), c.startKeepAliveServiceWorker(), _ = c;
|
|
918
1314
|
else {
|
|
919
|
-
const v = O(
|
|
920
|
-
|
|
1315
|
+
const v = O(
|
|
1316
|
+
e.configurationName,
|
|
1317
|
+
n.storage ?? sessionStorage
|
|
1318
|
+
);
|
|
1319
|
+
await v.setSessionStateAsync(l), h = await v.getNonceAsync(), g = v.getLoginParams(), w = await v.getStateAsync(), _ = v;
|
|
921
1320
|
}
|
|
922
|
-
const k =
|
|
1321
|
+
const k = Y(u);
|
|
923
1322
|
if (k.error || k.error_description)
|
|
924
1323
|
throw new Error(`Error from OIDC server: ${k.error} - ${k.error_description}`);
|
|
925
1324
|
if (k.iss && k.iss !== a.issuer)
|
|
926
|
-
throw console.error(), new Error(
|
|
1325
|
+
throw console.error(), new Error(
|
|
1326
|
+
`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`
|
|
1327
|
+
);
|
|
927
1328
|
if (k.state && k.state !== w)
|
|
928
1329
|
throw new Error(`State not valid (expected: ${w}, received: ${k.state})`);
|
|
929
|
-
const
|
|
1330
|
+
const b = {
|
|
930
1331
|
code: k.code,
|
|
931
1332
|
grant_type: "authorization_code",
|
|
932
1333
|
client_id: n.client_id,
|
|
933
1334
|
redirect_uri: o
|
|
934
|
-
},
|
|
1335
|
+
}, E = {};
|
|
935
1336
|
if (n.token_request_extras)
|
|
936
1337
|
for (const [v, K] of Object.entries(n.token_request_extras))
|
|
937
|
-
|
|
1338
|
+
E[v] = K;
|
|
938
1339
|
if (g && g.extras)
|
|
939
1340
|
for (const [v, K] of Object.entries(g.extras))
|
|
940
|
-
v.endsWith(":token_request") && (
|
|
941
|
-
const
|
|
1341
|
+
v.endsWith(":token_request") && (E[v.replace(":token_request", "")] = K);
|
|
1342
|
+
const A = a.tokenEndpoint, S = {};
|
|
942
1343
|
if (n.demonstrating_proof_of_possession)
|
|
943
1344
|
if (c)
|
|
944
|
-
|
|
1345
|
+
S.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
|
|
945
1346
|
else {
|
|
946
|
-
const v = await
|
|
947
|
-
|
|
1347
|
+
const v = await je(window)(
|
|
1348
|
+
n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
|
|
1349
|
+
);
|
|
1350
|
+
await O(e.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(v), S.DPoP = await Se(window)(
|
|
1351
|
+
n.demonstrating_proof_of_possession_configuration
|
|
1352
|
+
)(v, "POST", A);
|
|
948
1353
|
}
|
|
949
|
-
const
|
|
1354
|
+
const y = await ns(_)(
|
|
1355
|
+
A,
|
|
1356
|
+
{ ...b, ...E },
|
|
950
1357
|
S,
|
|
951
|
-
{ ...A, ...T },
|
|
952
|
-
E,
|
|
953
1358
|
e.configuration.token_renew_mode,
|
|
954
1359
|
r
|
|
955
1360
|
);
|
|
956
|
-
if (!
|
|
1361
|
+
if (!y.success)
|
|
957
1362
|
throw new Error("Token request failed");
|
|
958
|
-
let
|
|
959
|
-
const
|
|
960
|
-
if (
|
|
1363
|
+
let N;
|
|
1364
|
+
const f = y.data.tokens, p = y.data.demonstratingProofOfPossessionNonce;
|
|
1365
|
+
if (y.data.state !== E.state)
|
|
961
1366
|
throw new Error("state is not valid");
|
|
962
|
-
const { isValid:
|
|
963
|
-
|
|
1367
|
+
const { isValid: T, reason: L } = me(
|
|
1368
|
+
f,
|
|
1369
|
+
h.nonce,
|
|
1370
|
+
a
|
|
1371
|
+
);
|
|
1372
|
+
if (!T)
|
|
964
1373
|
throw new Error(`Tokens are not OpenID valid, reason: ${L}`);
|
|
965
1374
|
if (c) {
|
|
966
|
-
if (
|
|
1375
|
+
if (f.refreshToken && !f.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
967
1376
|
throw new Error("Refresh token should be hidden by service worker");
|
|
968
|
-
if (p &&
|
|
969
|
-
throw new Error(
|
|
1377
|
+
if (p && f.accessToken && f.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1378
|
+
throw new Error(
|
|
1379
|
+
"Demonstration of proof of possession require Access token not hidden by service worker"
|
|
1380
|
+
);
|
|
970
1381
|
}
|
|
971
1382
|
if (c)
|
|
972
|
-
await c.initAsync(a, "syncTokensAsync", n),
|
|
1383
|
+
await c.initAsync(a, "syncTokensAsync", n), N = c.getLoginParams(), p && await c.setDemonstratingProofOfPossessionNonce(
|
|
1384
|
+
p
|
|
1385
|
+
);
|
|
973
1386
|
else {
|
|
974
1387
|
const v = O(e.configurationName, n.storage);
|
|
975
|
-
|
|
1388
|
+
N = v.getLoginParams(), p && await v.setDemonstratingProofOfPossessionNonce(p);
|
|
976
1389
|
}
|
|
977
|
-
return await e.startCheckSessionAsync(
|
|
978
|
-
|
|
1390
|
+
return await e.startCheckSessionAsync(
|
|
1391
|
+
a.checkSessionIframe,
|
|
1392
|
+
t,
|
|
1393
|
+
l,
|
|
1394
|
+
s
|
|
1395
|
+
), e.publishEvent(m.loginCallbackAsync_end, {}), {
|
|
1396
|
+
tokens: f,
|
|
979
1397
|
state: "request.state",
|
|
980
|
-
callbackPath:
|
|
1398
|
+
callbackPath: N.callbackPath
|
|
981
1399
|
};
|
|
982
1400
|
} catch (n) {
|
|
983
1401
|
throw console.error(n), e.publishEvent(m.loginCallbackAsync_error, n), n;
|
|
984
1402
|
}
|
|
985
|
-
},
|
|
1403
|
+
}, ye = {
|
|
986
1404
|
access_token: "access_token",
|
|
987
1405
|
refresh_token: "refresh_token"
|
|
988
1406
|
}, Q = (e, s) => {
|
|
@@ -996,7 +1414,7 @@ const J = (e, s, n = null) => {
|
|
|
996
1414
|
return n;
|
|
997
1415
|
}
|
|
998
1416
|
return n;
|
|
999
|
-
},
|
|
1417
|
+
}, ys = (e) => {
|
|
1000
1418
|
const s = {};
|
|
1001
1419
|
if (e) {
|
|
1002
1420
|
for (const [n, t] of Object.entries(e))
|
|
@@ -1004,250 +1422,121 @@ const J = (e, s, n = null) => {
|
|
|
1004
1422
|
return s;
|
|
1005
1423
|
}
|
|
1006
1424
|
return s;
|
|
1007
|
-
},
|
|
1425
|
+
}, gs = (e) => async (s) => {
|
|
1008
1426
|
M.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
|
|
1009
1427
|
const n = await I(e.configuration, e.configurationName);
|
|
1010
1428
|
n ? await n.clearAsync(s) : await O(e.configurationName, e.configuration.storage).clearAsync(s), e.tokens = null, e.userInfo = null;
|
|
1011
|
-
},
|
|
1012
|
-
|
|
1429
|
+
}, ks = (e, s, n, t, o) => async (i = void 0, r = null) => {
|
|
1430
|
+
var b, E;
|
|
1431
|
+
const a = e.configuration, u = await e.initAsync(
|
|
1432
|
+
a.authority,
|
|
1433
|
+
a.authority_configuration
|
|
1434
|
+
);
|
|
1013
1435
|
i && typeof i != "string" && (i = void 0, t.warn("callbackPathOrUrl path is not a string"));
|
|
1014
|
-
const
|
|
1015
|
-
let
|
|
1016
|
-
i && (
|
|
1017
|
-
const c =
|
|
1436
|
+
const d = i ?? o.getPath();
|
|
1437
|
+
let l = !1;
|
|
1438
|
+
i && (l = i.includes("https://") || i.includes("http://"));
|
|
1439
|
+
const c = l ? i : o.getOrigin() + d, _ = e.tokens ? e.tokens.idToken : "";
|
|
1018
1440
|
try {
|
|
1019
|
-
const A =
|
|
1441
|
+
const A = u.revocationEndpoint;
|
|
1020
1442
|
if (A) {
|
|
1021
|
-
const
|
|
1022
|
-
if (
|
|
1023
|
-
const
|
|
1443
|
+
const S = [], y = e.tokens ? e.tokens.accessToken : null;
|
|
1444
|
+
if (y && a.logout_tokens_to_invalidate.includes(ye.access_token)) {
|
|
1445
|
+
const f = Q(r, ":revoke_access_token"), p = de(n)(
|
|
1024
1446
|
A,
|
|
1025
|
-
|
|
1447
|
+
y,
|
|
1026
1448
|
ne.access_token,
|
|
1027
1449
|
a.client_id,
|
|
1028
|
-
|
|
1450
|
+
f
|
|
1029
1451
|
);
|
|
1030
|
-
|
|
1452
|
+
S.push(p);
|
|
1031
1453
|
}
|
|
1032
|
-
const
|
|
1033
|
-
if (
|
|
1034
|
-
const
|
|
1454
|
+
const N = e.tokens ? e.tokens.refreshToken : null;
|
|
1455
|
+
if (N && a.logout_tokens_to_invalidate.includes(ye.refresh_token)) {
|
|
1456
|
+
const f = Q(r, ":revoke_refresh_token"), p = de(n)(
|
|
1035
1457
|
A,
|
|
1036
|
-
|
|
1458
|
+
N,
|
|
1037
1459
|
ne.refresh_token,
|
|
1038
1460
|
a.client_id,
|
|
1039
|
-
|
|
1461
|
+
f
|
|
1040
1462
|
);
|
|
1041
|
-
|
|
1463
|
+
S.push(p);
|
|
1042
1464
|
}
|
|
1043
|
-
|
|
1465
|
+
S.length > 0 && await Promise.all(S);
|
|
1044
1466
|
}
|
|
1045
1467
|
} catch (A) {
|
|
1046
|
-
t.warn(
|
|
1468
|
+
t.warn(
|
|
1469
|
+
"logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"
|
|
1470
|
+
), t.warn(A);
|
|
1047
1471
|
}
|
|
1048
|
-
const
|
|
1472
|
+
const h = ((E = (b = e.tokens) == null ? void 0 : b.idTokenPayload) == null ? void 0 : E.sub) ?? null;
|
|
1049
1473
|
await e.destroyAsync("LOGGED_OUT");
|
|
1050
|
-
for (const [
|
|
1051
|
-
|
|
1474
|
+
for (const [, A] of Object.entries(s))
|
|
1475
|
+
A !== e ? await e.logoutSameTabAsync(e.configuration.client_id, h) : e.publishEvent(m.logout_from_same_tab, {});
|
|
1052
1476
|
const g = Q(r, ":oidc");
|
|
1053
1477
|
if (g && g.no_reload === "true")
|
|
1054
1478
|
return;
|
|
1055
|
-
const k =
|
|
1056
|
-
if (
|
|
1479
|
+
const k = ys(r);
|
|
1480
|
+
if (u.endSessionEndpoint) {
|
|
1057
1481
|
"id_token_hint" in k || (k.id_token_hint = _), !("post_logout_redirect_uri" in k) && i !== null && (k.post_logout_redirect_uri = c);
|
|
1058
1482
|
let A = "";
|
|
1059
|
-
for (const [
|
|
1060
|
-
|
|
1061
|
-
o.open(`${
|
|
1483
|
+
for (const [S, y] of Object.entries(k))
|
|
1484
|
+
y != null && (A === "" ? A += "?" : A += "&", A += `${S}=${encodeURIComponent(y)}`);
|
|
1485
|
+
o.open(`${u.endSessionEndpoint}${A}`);
|
|
1062
1486
|
} else
|
|
1063
1487
|
o.reload();
|
|
1064
|
-
},
|
|
1065
|
-
var
|
|
1488
|
+
}, Pe = (e, s, n = !1) => async (...t) => {
|
|
1489
|
+
var h;
|
|
1066
1490
|
const [o, i, ...r] = t, a = i ? { ...i } : { method: "GET" };
|
|
1067
|
-
let
|
|
1068
|
-
a.headers && (
|
|
1069
|
-
const
|
|
1070
|
-
|
|
1071
|
-
|
|
1072
|
-
|
|
1073
|
-
|
|
1491
|
+
let u = new Headers();
|
|
1492
|
+
a.headers && (u = a.headers instanceof Headers ? a.headers : new Headers(a.headers));
|
|
1493
|
+
const d = {
|
|
1494
|
+
tokens: s.tokens,
|
|
1495
|
+
configuration: { token_automatic_renew_mode: s.configuration.token_automatic_renew_mode },
|
|
1496
|
+
renewTokensAsync: s.renewTokensAsync.bind(s)
|
|
1497
|
+
}, l = await ke(d), c = (h = l == null ? void 0 : l.tokens) == null ? void 0 : h.accessToken;
|
|
1498
|
+
if (u.has("Accept") || u.set("Accept", "application/json"), c) {
|
|
1499
|
+
if (s.configuration.demonstrating_proof_of_possession && n) {
|
|
1500
|
+
const g = await s.generateDemonstrationOfProofOfPossessionAsync(
|
|
1501
|
+
c,
|
|
1502
|
+
o.toString(),
|
|
1503
|
+
a.method
|
|
1504
|
+
);
|
|
1505
|
+
u.set("Authorization", `PoP ${c}`), u.set("DPoP", g);
|
|
1074
1506
|
} else
|
|
1075
|
-
|
|
1507
|
+
u.set("Authorization", `Bearer ${c}`);
|
|
1076
1508
|
a.credentials || (a.credentials = "same-origin");
|
|
1077
1509
|
}
|
|
1078
|
-
const _ = { ...a, headers:
|
|
1510
|
+
const _ = { ...a, headers: u };
|
|
1079
1511
|
return await e(o, _, ...r);
|
|
1080
|
-
},
|
|
1512
|
+
}, ms = (e) => async (s = !1, n = !1) => {
|
|
1081
1513
|
if (e.userInfo != null && !s)
|
|
1082
1514
|
return e.userInfo;
|
|
1083
|
-
const t = e.configuration, i = (await e.initAsync(
|
|
1084
|
-
|
|
1085
|
-
|
|
1515
|
+
const t = e.configuration, i = (await e.initAsync(
|
|
1516
|
+
t.authority,
|
|
1517
|
+
t.authority_configuration
|
|
1518
|
+
)).userInfoEndpoint, a = await (async () => {
|
|
1519
|
+
const d = await Pe(fetch, e, n)(i);
|
|
1520
|
+
return d.status !== 200 ? null : d.json();
|
|
1086
1521
|
})();
|
|
1087
1522
|
return e.userInfo = a, a;
|
|
1088
|
-
};
|
|
1089
|
-
class Y {
|
|
1090
|
-
open(s) {
|
|
1091
|
-
window.location.href = s;
|
|
1092
|
-
}
|
|
1093
|
-
reload() {
|
|
1094
|
-
window.location.reload();
|
|
1095
|
-
}
|
|
1096
|
-
getCurrentHref() {
|
|
1097
|
-
return window.location.href;
|
|
1098
|
-
}
|
|
1099
|
-
getPath() {
|
|
1100
|
-
const s = window.location;
|
|
1101
|
-
return s.pathname + (s.search || "") + (s.hash || "");
|
|
1102
|
-
}
|
|
1103
|
-
getOrigin() {
|
|
1104
|
-
return window.origin;
|
|
1105
|
-
}
|
|
1106
|
-
}
|
|
1107
|
-
const ds = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), hs = (e) => {
|
|
1108
|
-
const s = e.appVersion, n = e.userAgent, t = "-";
|
|
1109
|
-
let o = t;
|
|
1110
|
-
const i = [
|
|
1111
|
-
{ s: "Windows 10", r: /(Windows 10.0|Windows NT 10.0)/ },
|
|
1112
|
-
{ s: "Windows 8.1", r: /(Windows 8.1|Windows NT 6.3)/ },
|
|
1113
|
-
{ s: "Windows 8", r: /(Windows 8|Windows NT 6.2)/ },
|
|
1114
|
-
{ s: "Windows 7", r: /(Windows 7|Windows NT 6.1)/ },
|
|
1115
|
-
{ s: "Windows Vista", r: /Windows NT 6.0/ },
|
|
1116
|
-
{ s: "Windows Server 2003", r: /Windows NT 5.2/ },
|
|
1117
|
-
{ s: "Windows XP", r: /(Windows NT 5.1|Windows XP)/ },
|
|
1118
|
-
{ s: "Windows 2000", r: /(Windows NT 5.0|Windows 2000)/ },
|
|
1119
|
-
{ s: "Windows ME", r: /(Win 9x 4.90|Windows ME)/ },
|
|
1120
|
-
{ s: "Windows 98", r: /(Windows 98|Win98)/ },
|
|
1121
|
-
{ s: "Windows 95", r: /(Windows 95|Win95|Windows_95)/ },
|
|
1122
|
-
{ s: "Windows NT 4.0", r: /(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/ },
|
|
1123
|
-
{ s: "Windows CE", r: /Windows CE/ },
|
|
1124
|
-
{ s: "Windows 3.11", r: /Win16/ },
|
|
1125
|
-
{ s: "Android", r: /Android/ },
|
|
1126
|
-
{ s: "Open BSD", r: /OpenBSD/ },
|
|
1127
|
-
{ s: "Sun OS", r: /SunOS/ },
|
|
1128
|
-
{ s: "Chrome OS", r: /CrOS/ },
|
|
1129
|
-
{ s: "Linux", r: /(Linux|X11(?!.*CrOS))/ },
|
|
1130
|
-
{ s: "iOS", r: /(iPhone|iPad|iPod)/ },
|
|
1131
|
-
{ s: "Mac OS X", r: /Mac OS X/ },
|
|
1132
|
-
{ s: "Mac OS", r: /(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/ },
|
|
1133
|
-
{ s: "QNX", r: /QNX/ },
|
|
1134
|
-
{ s: "UNIX", r: /UNIX/ },
|
|
1135
|
-
{ s: "BeOS", r: /BeOS/ },
|
|
1136
|
-
{ s: "OS/2", r: /OS\/2/ },
|
|
1137
|
-
{ s: "Search Bot", r: /(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/ }
|
|
1138
|
-
];
|
|
1139
|
-
for (const a in i) {
|
|
1140
|
-
const l = i[a];
|
|
1141
|
-
if (l.r.test(n)) {
|
|
1142
|
-
o = l.s;
|
|
1143
|
-
break;
|
|
1144
|
-
}
|
|
1145
|
-
}
|
|
1146
|
-
let r = t;
|
|
1147
|
-
switch (/Windows/.test(o) && (r = /Windows (.*)/.exec(o)[1], o = "Windows"), o) {
|
|
1148
|
-
case "Mac OS":
|
|
1149
|
-
case "Mac OS X":
|
|
1150
|
-
case "Android":
|
|
1151
|
-
r = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];
|
|
1152
|
-
break;
|
|
1153
|
-
case "iOS": {
|
|
1154
|
-
const a = /OS (\d+)_(\d+)_?(\d+)?/.exec(s);
|
|
1155
|
-
a != null && a.length > 2 && (r = a[1] + "." + a[2] + "." + (parseInt(a[3]) | 0));
|
|
1156
|
-
break;
|
|
1157
|
-
}
|
|
1158
|
-
}
|
|
1159
|
-
return {
|
|
1160
|
-
os: o,
|
|
1161
|
-
osVersion: r
|
|
1162
|
-
};
|
|
1163
|
-
};
|
|
1164
|
-
function ys() {
|
|
1165
|
-
const e = navigator.userAgent;
|
|
1166
|
-
let s, n = e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
|
|
1167
|
-
if (/trident/i.test(n[1]))
|
|
1168
|
-
return s = /\brv[ :]+(\d+)/g.exec(e) || [], { name: "ie", version: s[1] || "" };
|
|
1169
|
-
if (n[1] === "Chrome" && (s = e.match(/\bOPR|Edge\/(\d+)/), s != null)) {
|
|
1170
|
-
let t = s[1];
|
|
1171
|
-
if (!t) {
|
|
1172
|
-
const o = e.split(s[0] + "/");
|
|
1173
|
-
o.length > 1 && (t = o[1]);
|
|
1174
|
-
}
|
|
1175
|
-
return { name: "opera", version: t };
|
|
1176
|
-
}
|
|
1177
|
-
return n = n[2] ? [n[1], n[2]] : [navigator.appName, navigator.appVersion, "-?"], (s = e.match(/version\/(\d+)/i)) != null && n.splice(1, 1, s[1]), {
|
|
1178
|
-
name: n[0].toLowerCase(),
|
|
1179
|
-
version: n[1]
|
|
1180
|
-
};
|
|
1181
|
-
}
|
|
1182
|
-
const gs = () => {
|
|
1183
|
-
const { name: e, version: s } = ys();
|
|
1184
|
-
if (e === "chrome" && parseInt(s) <= 70 || e === "opera" && (!s || parseInt(s.split(".")[0]) < 80) || e === "ie")
|
|
1185
|
-
return !1;
|
|
1186
|
-
const n = hs(navigator);
|
|
1187
|
-
return !ds(n);
|
|
1188
|
-
}, ks = async (e) => {
|
|
1189
|
-
let s;
|
|
1190
|
-
if (e.tokens != null)
|
|
1191
|
-
return !1;
|
|
1192
|
-
e.publishEvent(m.tryKeepExistingSessionAsync_begin, {});
|
|
1193
|
-
try {
|
|
1194
|
-
const n = e.configuration, t = await e.initAsync(n.authority, n.authority_configuration);
|
|
1195
|
-
if (s = await I(n, e.configurationName), s) {
|
|
1196
|
-
const { tokens: o } = await s.initAsync(t, "tryKeepExistingSessionAsync", n);
|
|
1197
|
-
if (o) {
|
|
1198
|
-
s.startKeepAliveServiceWorker(), e.tokens = o;
|
|
1199
|
-
const i = s.getLoginParams(e.configurationName);
|
|
1200
|
-
e.timeoutId = J(e, e.tokens.expiresAt, i.extras);
|
|
1201
|
-
const r = await s.getSessionStateAsync();
|
|
1202
|
-
return await e.startCheckSessionAsync(t.check_session_iframe, n.client_id, r), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1203
|
-
success: !0,
|
|
1204
|
-
message: "tokens inside ServiceWorker are valid"
|
|
1205
|
-
}), !0;
|
|
1206
|
-
}
|
|
1207
|
-
e.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1208
|
-
success: !1,
|
|
1209
|
-
message: "no exiting session found"
|
|
1210
|
-
});
|
|
1211
|
-
} else {
|
|
1212
|
-
n.service_worker_relative_url && e.publishEvent(m.service_worker_not_supported_by_browser, {
|
|
1213
|
-
message: "service worker is not supported by this browser"
|
|
1214
|
-
});
|
|
1215
|
-
const o = O(e.configurationName, n.storage ?? sessionStorage), { tokens: i } = await o.initAsync();
|
|
1216
|
-
if (i) {
|
|
1217
|
-
e.tokens = X(i, null, n.token_renew_mode);
|
|
1218
|
-
const r = o.getLoginParams();
|
|
1219
|
-
e.timeoutId = J(e, e.tokens.expiresAt, r.extras);
|
|
1220
|
-
const a = await o.getSessionStateAsync();
|
|
1221
|
-
return await e.startCheckSessionAsync(t.check_session_iframe, n.client_id, a), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1222
|
-
success: !0,
|
|
1223
|
-
message: "tokens inside storage are valid"
|
|
1224
|
-
}), !0;
|
|
1225
|
-
}
|
|
1226
|
-
}
|
|
1227
|
-
return e.publishEvent(m.tryKeepExistingSessionAsync_end, {
|
|
1228
|
-
success: !1,
|
|
1229
|
-
message: s ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
|
|
1230
|
-
}), !1;
|
|
1231
|
-
} catch (n) {
|
|
1232
|
-
return console.error(n), s && await s.clearAsync(), e.publishEvent(m.tryKeepExistingSessionAsync_error, "tokens inside ServiceWorker are invalid"), !1;
|
|
1233
|
-
}
|
|
1234
|
-
}, ms = () => fetch;
|
|
1523
|
+
}, ps = () => fetch;
|
|
1235
1524
|
class te {
|
|
1236
1525
|
constructor(s) {
|
|
1237
1526
|
this.authorizationEndpoint = s.authorization_endpoint, this.tokenEndpoint = s.token_endpoint, this.revocationEndpoint = s.revocation_endpoint, this.userInfoEndpoint = s.userinfo_endpoint, this.checkSessionIframe = s.check_session_iframe, this.issuer = s.issuer, this.endSessionEndpoint = s.end_session_endpoint;
|
|
1238
1527
|
}
|
|
1239
1528
|
}
|
|
1240
|
-
const W = {},
|
|
1529
|
+
const W = {}, ws = (e, s = new q()) => (n, t = "default") => (W[t] || (W[t] = new C(n, t, e, s)), W[t]), As = async (e) => {
|
|
1241
1530
|
const { parsedTokens: s, callbackPath: n } = await e.loginCallbackAsync();
|
|
1242
1531
|
return e.timeoutId = J(e, s.expiresAt), { callbackPath: n };
|
|
1243
|
-
},
|
|
1244
|
-
constructor(s, n = "default", t, o = new
|
|
1532
|
+
}, Ss = (e) => Math.floor(Math.random() * e), F = class F {
|
|
1533
|
+
constructor(s, n = "default", t, o = new q()) {
|
|
1245
1534
|
this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
|
|
1246
1535
|
let i = s.silent_login_uri;
|
|
1247
1536
|
s.silent_redirect_uri && !s.silent_login_uri && (i = `${s.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
|
|
1248
1537
|
let r = s.refresh_time_before_tokens_expiration_in_second ?? 120;
|
|
1249
|
-
r > 60 && (r = r - Math.floor(Math.random() * 40)), this.location = o ?? new
|
|
1250
|
-
const a = s.service_worker_update_require_callback ??
|
|
1538
|
+
r > 60 && (r = r - Math.floor(Math.random() * 40)), this.location = o ?? new q();
|
|
1539
|
+
const a = s.service_worker_update_require_callback ?? De(this.location);
|
|
1251
1540
|
this.configuration = {
|
|
1252
1541
|
...s,
|
|
1253
1542
|
silent_login_uri: i,
|
|
@@ -1258,15 +1547,18 @@ const W = {}, ps = (e, s = new Y()) => (n, t = "default") => (W[t] || (W[t] = ne
|
|
|
1258
1547
|
token_renew_mode: s.token_renew_mode ?? Z.access_token_or_id_token_invalid,
|
|
1259
1548
|
demonstrating_proof_of_possession: s.demonstrating_proof_of_possession ?? !1,
|
|
1260
1549
|
authority_timeout_wellknowurl_in_millisecond: s.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
|
|
1261
|
-
logout_tokens_to_invalidate: s.logout_tokens_to_invalidate ?? [
|
|
1550
|
+
logout_tokens_to_invalidate: s.logout_tokens_to_invalidate ?? [
|
|
1551
|
+
"access_token",
|
|
1552
|
+
"refresh_token"
|
|
1553
|
+
],
|
|
1262
1554
|
service_worker_update_require_callback: a,
|
|
1263
|
-
service_worker_activate: s.service_worker_activate ??
|
|
1264
|
-
demonstrating_proof_of_possession_configuration: s.demonstrating_proof_of_possession_configuration ??
|
|
1555
|
+
service_worker_activate: s.service_worker_activate ?? us,
|
|
1556
|
+
demonstrating_proof_of_possession_configuration: s.demonstrating_proof_of_possession_configuration ?? Ue,
|
|
1265
1557
|
preload_user_info: s.preload_user_info ?? !1
|
|
1266
|
-
}, this.getFetch = t ??
|
|
1558
|
+
}, this.getFetch = t ?? ps, this.configurationName = n, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
|
|
1267
1559
|
}
|
|
1268
1560
|
subscribeEvents(s) {
|
|
1269
|
-
const n =
|
|
1561
|
+
const n = Ss(9999999999999).toString();
|
|
1270
1562
|
return this.events.push({ id: n, func: s }), n;
|
|
1271
1563
|
}
|
|
1272
1564
|
removeEventSubscription(s) {
|
|
@@ -1287,14 +1579,23 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1287
1579
|
}
|
|
1288
1580
|
_silentLoginCallbackFromIFrame() {
|
|
1289
1581
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
1290
|
-
const s = this.location, n =
|
|
1291
|
-
window.parent.postMessage(
|
|
1582
|
+
const s = this.location, n = Y(s.getCurrentHref());
|
|
1583
|
+
window.parent.postMessage(
|
|
1584
|
+
`${this.configurationName}_oidc_tokens:${JSON.stringify({ tokens: this.tokens, sessionState: n.session_state })}`,
|
|
1585
|
+
s.getOrigin()
|
|
1586
|
+
);
|
|
1292
1587
|
}
|
|
1293
1588
|
}
|
|
1294
1589
|
_silentLoginErrorCallbackFromIFrame(s = null) {
|
|
1295
1590
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
1296
|
-
const n = this.location, t =
|
|
1297
|
-
t.error ? window.parent.postMessage(
|
|
1591
|
+
const n = this.location, t = Y(n.getCurrentHref());
|
|
1592
|
+
t.error ? window.parent.postMessage(
|
|
1593
|
+
`${this.configurationName}_oidc_error:${JSON.stringify({ error: t.error })}`,
|
|
1594
|
+
n.getOrigin()
|
|
1595
|
+
) : window.parent.postMessage(
|
|
1596
|
+
`${this.configurationName}_oidc_exception:${JSON.stringify({ error: s == null ? "" : s.toString() })}`,
|
|
1597
|
+
n.getOrigin()
|
|
1598
|
+
);
|
|
1298
1599
|
}
|
|
1299
1600
|
}
|
|
1300
1601
|
async silentLoginCallbackAsync() {
|
|
@@ -1319,22 +1620,44 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1319
1620
|
issuer: n.issuer
|
|
1320
1621
|
});
|
|
1321
1622
|
const i = await I(this.configuration, this.configurationName) ? window.localStorage : null;
|
|
1322
|
-
return await
|
|
1623
|
+
return await Ze(this.getFetch())(
|
|
1624
|
+
s,
|
|
1625
|
+
this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60,
|
|
1626
|
+
i,
|
|
1627
|
+
this.configuration.authority_timeout_wellknowurl_in_millisecond
|
|
1628
|
+
);
|
|
1323
1629
|
};
|
|
1324
1630
|
return this.initPromise = t(), this.initPromise.finally(() => {
|
|
1325
1631
|
this.initPromise = null;
|
|
1326
1632
|
});
|
|
1327
1633
|
}
|
|
1328
1634
|
async tryKeepExistingSessionAsync() {
|
|
1329
|
-
return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise =
|
|
1635
|
+
return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise = _s(this), this.tryKeepExistingSessionPromise.finally(() => {
|
|
1330
1636
|
this.tryKeepExistingSessionPromise = null;
|
|
1331
1637
|
}));
|
|
1332
1638
|
}
|
|
1333
1639
|
async startCheckSessionAsync(s, n, t, o = !1) {
|
|
1334
|
-
await
|
|
1640
|
+
await rs(this, W, this.configuration)(
|
|
1641
|
+
s,
|
|
1642
|
+
n,
|
|
1643
|
+
t,
|
|
1644
|
+
o
|
|
1645
|
+
);
|
|
1335
1646
|
}
|
|
1336
1647
|
async loginAsync(s = void 0, n = null, t = !1, o = void 0, i = !1) {
|
|
1337
|
-
return this.logoutPromise && await this.logoutPromise, this.loginPromise !== null ? this.loginPromise : i ?
|
|
1648
|
+
return this.logoutPromise && await this.logoutPromise, this.loginPromise !== null ? this.loginPromise : i ? is(
|
|
1649
|
+
window,
|
|
1650
|
+
this.configurationName,
|
|
1651
|
+
this.configuration,
|
|
1652
|
+
this.publishEvent.bind(this),
|
|
1653
|
+
this
|
|
1654
|
+
)(n, o) : (this.loginPromise = ds(
|
|
1655
|
+
this.configurationName,
|
|
1656
|
+
this.configuration,
|
|
1657
|
+
this.publishEvent.bind(this),
|
|
1658
|
+
this.initAsync.bind(this),
|
|
1659
|
+
this.location
|
|
1660
|
+
)(s, n, t, o), this.loginPromise.finally(() => {
|
|
1338
1661
|
this.loginPromise = null;
|
|
1339
1662
|
}));
|
|
1340
1663
|
}
|
|
@@ -1342,7 +1665,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1342
1665
|
if (this.loginCallbackPromise !== null)
|
|
1343
1666
|
return this.loginCallbackPromise;
|
|
1344
1667
|
const n = async () => {
|
|
1345
|
-
const t = await
|
|
1668
|
+
const t = await hs(this)(s), o = t.tokens;
|
|
1346
1669
|
return this.tokens = o, await I(this.configuration, this.configurationName) || O(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(F.eventNames.token_aquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), { parsedTokens: o, state: t.state, callbackPath: t.callbackPath };
|
|
1347
1670
|
};
|
|
1348
1671
|
return this.loginCallbackPromise = n(), this.loginCallbackPromise.finally(() => {
|
|
@@ -1351,23 +1674,23 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1351
1674
|
}
|
|
1352
1675
|
async generateDemonstrationOfProofOfPossessionAsync(s, n, t, o = {}) {
|
|
1353
1676
|
const i = this.configuration, r = {
|
|
1354
|
-
ath: await
|
|
1677
|
+
ath: await Te(s),
|
|
1355
1678
|
...o
|
|
1356
|
-
}
|
|
1357
|
-
|
|
1358
|
-
if (a)
|
|
1679
|
+
};
|
|
1680
|
+
if (await I(i, this.configurationName))
|
|
1359
1681
|
return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
|
|
1360
|
-
const
|
|
1361
|
-
|
|
1362
|
-
|
|
1682
|
+
const u = O(this.configurationName, i.storage), d = await u.getDemonstratingProofOfPossessionJwkAsync(), l = u.getDemonstratingProofOfPossessionNonce();
|
|
1683
|
+
return l && (r.nonce = l), await Se(window)(
|
|
1684
|
+
i.demonstrating_proof_of_possession_configuration
|
|
1685
|
+
)(d, t, n, r);
|
|
1363
1686
|
}
|
|
1364
1687
|
loginCallbackWithAutoTokensRenewAsync() {
|
|
1365
|
-
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise =
|
|
1688
|
+
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = As(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
|
|
1366
1689
|
this.loginCallbackWithAutoTokensRenewPromise = null;
|
|
1367
1690
|
}));
|
|
1368
1691
|
}
|
|
1369
1692
|
userInfoAsync(s = !1, n = !1) {
|
|
1370
|
-
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise =
|
|
1693
|
+
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = ms(this)(s, n), this.userInfoPromise.finally(() => {
|
|
1371
1694
|
this.userInfoPromise = null;
|
|
1372
1695
|
}));
|
|
1373
1696
|
}
|
|
@@ -1375,12 +1698,12 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1375
1698
|
if (this.renewTokensPromise !== null)
|
|
1376
1699
|
return this.renewTokensPromise;
|
|
1377
1700
|
if (this.timeoutId)
|
|
1378
|
-
return M.clearTimeout(this.timeoutId), this.renewTokensPromise =
|
|
1701
|
+
return M.clearTimeout(this.timeoutId), this.renewTokensPromise = be(this, !0, s), this.renewTokensPromise.finally(() => {
|
|
1379
1702
|
this.renewTokensPromise = null;
|
|
1380
1703
|
});
|
|
1381
1704
|
}
|
|
1382
1705
|
async destroyAsync(s) {
|
|
1383
|
-
return await
|
|
1706
|
+
return await gs(this)(s);
|
|
1384
1707
|
}
|
|
1385
1708
|
async logoutSameTabAsync(s, n) {
|
|
1386
1709
|
this.configuration.monitor_session && this.configuration.client_id === s && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_same_tab, { mmessage: "SessionMonitor", sub: n }));
|
|
@@ -1389,13 +1712,19 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1389
1712
|
this.configuration.monitor_session && this.configuration.client_id === s && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_another_tab, { message: "SessionMonitor", sub: n }));
|
|
1390
1713
|
}
|
|
1391
1714
|
async logoutAsync(s = void 0, n = null) {
|
|
1392
|
-
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise =
|
|
1715
|
+
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = ks(
|
|
1716
|
+
this,
|
|
1717
|
+
W,
|
|
1718
|
+
this.getFetch(),
|
|
1719
|
+
console,
|
|
1720
|
+
this.location
|
|
1721
|
+
)(s, n), this.logoutPromise.finally(() => {
|
|
1393
1722
|
this.logoutPromise = null;
|
|
1394
1723
|
}));
|
|
1395
1724
|
}
|
|
1396
1725
|
};
|
|
1397
|
-
F.getOrCreate = (s, n) => (t, o = "default") =>
|
|
1398
|
-
let
|
|
1726
|
+
F.getOrCreate = (s, n) => (t, o = "default") => ws(s, n)(t, o), F.eventNames = m;
|
|
1727
|
+
let C = F;
|
|
1399
1728
|
const $ = class $ {
|
|
1400
1729
|
constructor(s) {
|
|
1401
1730
|
this._oidc = s;
|
|
@@ -1410,7 +1739,7 @@ const $ = class $ {
|
|
|
1410
1739
|
this._oidc.publishEvent(s, n);
|
|
1411
1740
|
}
|
|
1412
1741
|
static get(s = "default") {
|
|
1413
|
-
return new $(
|
|
1742
|
+
return new $(C.get(s));
|
|
1414
1743
|
}
|
|
1415
1744
|
tryKeepExistingSessionAsync() {
|
|
1416
1745
|
return this._oidc.tryKeepExistingSessionAsync();
|
|
@@ -1437,13 +1766,18 @@ const $ = class $ {
|
|
|
1437
1766
|
return this._oidc.configuration;
|
|
1438
1767
|
}
|
|
1439
1768
|
async generateDemonstrationOfProofOfPossessionAsync(s, n, t, o = {}) {
|
|
1440
|
-
return this._oidc.generateDemonstrationOfProofOfPossessionAsync(
|
|
1769
|
+
return this._oidc.generateDemonstrationOfProofOfPossessionAsync(
|
|
1770
|
+
s,
|
|
1771
|
+
n,
|
|
1772
|
+
t,
|
|
1773
|
+
o
|
|
1774
|
+
);
|
|
1441
1775
|
}
|
|
1442
1776
|
async getValidTokenAsync(s = 200, n = 50) {
|
|
1443
|
-
return
|
|
1777
|
+
return ke(this._oidc, s, n);
|
|
1444
1778
|
}
|
|
1445
1779
|
fetchWithTokens(s, n = !1) {
|
|
1446
|
-
return
|
|
1780
|
+
return Pe(s, this._oidc, n);
|
|
1447
1781
|
}
|
|
1448
1782
|
async userInfoAsync(s = !1, n = !1) {
|
|
1449
1783
|
return this._oidc.userInfoAsync(s, n);
|
|
@@ -1452,14 +1786,14 @@ const $ = class $ {
|
|
|
1452
1786
|
return this._oidc.userInfo;
|
|
1453
1787
|
}
|
|
1454
1788
|
};
|
|
1455
|
-
$.getOrCreate = (s, n = new
|
|
1456
|
-
let
|
|
1789
|
+
$.getOrCreate = (s, n = new q()) => (t, o = "default") => new $(C.getOrCreate(s, n)(t, o)), $.eventNames = C.eventNames;
|
|
1790
|
+
let ge = $;
|
|
1457
1791
|
export {
|
|
1458
|
-
|
|
1459
|
-
|
|
1792
|
+
ge as OidcClient,
|
|
1793
|
+
q as OidcLocation,
|
|
1460
1794
|
V as TokenAutomaticRenewMode,
|
|
1461
1795
|
Z as TokenRenewMode,
|
|
1462
|
-
|
|
1463
|
-
|
|
1464
|
-
|
|
1796
|
+
ps as getFetchDefault,
|
|
1797
|
+
Y as getParseQueryStringFromLocation,
|
|
1798
|
+
vs as getPath
|
|
1465
1799
|
};
|