npm - @axa-fr/oidc-client - Versions diffs - 7.22.18 → 7.22.19 - Mend

@axa-fr/oidc-client 7.22.18 → 7.22.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

package/README.md +31 -39
package/bin/copy-service-worker-files.mjs +24 -17
package/dist/OidcTrustedDomains.js +14 -12
package/dist/cache.d.ts.map +1 -1
package/dist/checkSession.d.ts +1 -1
package/dist/checkSession.d.ts.map +1 -1
package/dist/checkSessionIFrame.d.ts.map +1 -1
package/dist/crypto.d.ts.map +1 -1
package/dist/fetch.d.ts +2 -1
package/dist/fetch.d.ts.map +1 -1
package/dist/index.d.ts +5 -5
package/dist/index.d.ts.map +1 -1
package/dist/index.js +935 -601
package/dist/index.umd.cjs +2 -2
package/dist/initSession.d.ts +1 -1
package/dist/initSession.d.ts.map +1 -1
package/dist/initWorker.d.ts +2 -2
package/dist/initWorker.d.ts.map +1 -1
package/dist/initWorkerOption.d.ts.map +1 -1
package/dist/jwt.d.ts +2 -2
package/dist/jwt.d.ts.map +1 -1
package/dist/keepSession.d.ts.map +1 -1
package/dist/location.d.ts.map +1 -1
package/dist/login.d.ts +1 -1
package/dist/login.d.ts.map +1 -1
package/dist/logout.d.ts +1 -1
package/dist/logout.d.ts.map +1 -1
package/dist/oidc.d.ts +1 -1
package/dist/oidc.d.ts.map +1 -1
package/dist/oidcClient.d.ts +2 -2
package/dist/oidcClient.d.ts.map +1 -1
package/dist/parseTokens.d.ts.map +1 -1
package/dist/renewTokens.d.ts.map +1 -1
package/dist/requests.d.ts +1 -1
package/dist/requests.d.ts.map +1 -1
package/dist/silentLogin.d.ts.map +1 -1
package/dist/timer.d.ts.map +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.d.ts.map +1 -1
package/dist/user.d.ts.map +1 -1
package/dist/version.d.ts +1 -1
package/package.json +2 -2
package/src/cache.ts +21 -18
package/src/checkSession.ts +89 -54
package/src/checkSessionIFrame.ts +70 -69
package/src/crypto.ts +27 -25
package/src/events.ts +28 -28
package/src/fetch.ts +40 -21
package/src/index.ts +6 -17
package/src/iniWorker.spec.ts +26 -16
package/src/initSession.ts +115 -113
package/src/initWorker.ts +299 -212
package/src/initWorkerOption.ts +121 -114
package/src/jwt.ts +150 -136
package/src/keepSession.ts +100 -81
package/src/location.ts +24 -26
package/src/login.ts +246 -189
package/src/logout.spec.ts +131 -76
package/src/logout.ts +130 -115
package/src/oidc.ts +426 -337
package/src/oidcClient.ts +129 -105
package/src/parseTokens.spec.ts +198 -179
package/src/parseTokens.ts +221 -186
package/src/renewTokens.ts +397 -284
package/src/requests.spec.ts +5 -7
package/src/requests.ts +142 -114
package/src/route-utils.spec.ts +17 -19
package/src/route-utils.ts +29 -26
package/src/silentLogin.ts +145 -127
package/src/timer.ts +10 -11
package/src/types.ts +56 -46
package/src/user.ts +17 -12
package/src/version.ts +1 -1

package/src/login.ts CHANGED Viewed

@@ -1,221 +1,278 @@
-import {generateRandom} from './crypto.js';
-import {eventNames} from './events.js';
-import {initSession} from './initSession.js';
-import {initWorkerAsync} from './initWorker.js';
-import {isTokensOidcValid} from './parseTokens.js';
-import {
-    performAuthorizationRequestAsync,
-    performFirstTokenRequestAsync
-} from './requests.js';
-import {getParseQueryStringFromLocation} from './route-utils.js';
-import {OidcConfiguration, StringMap} from './types.js';
-import {generateJwkAsync, generateJwtDemonstratingProofOfPossessionAsync} from "./jwt";
-import {ILOidcLocation} from "./location";
-import Oidc from "./oidc";
+import { generateRandom } from './crypto.js';
+import { eventNames } from './events.js';
+import { initSession } from './initSession.js';
+import { initWorkerAsync } from './initWorker.js';
+import { generateJwkAsync, generateJwtDemonstratingProofOfPossessionAsync } from './jwt';
+import { ILOidcLocation } from './location';
+import Oidc from './oidc';
+import { isTokensOidcValid } from './parseTokens.js';
+import { performAuthorizationRequestAsync, performFirstTokenRequestAsync } from './requests.js';
+import { getParseQueryStringFromLocation } from './route-utils.js';
+import { OidcConfiguration, StringMap } from './types.js';
 // eslint-disable-next-line @typescript-eslint/ban-types
-export const defaultLoginAsync = (configurationName:string, configuration:OidcConfiguration, publishEvent :(string, any)=>void, initAsync:Function, oidcLocation: ILOidcLocation) => (callbackPath:string = undefined, extras:StringMap = null, isSilentSignin = false, scope:string = undefined) => {
+export const defaultLoginAsync =
+  (
+    configurationName: string,
+    configuration: OidcConfiguration,
+    publishEvent: (string, any) => void,
+    initAsync: Function,
+    oidcLocation: ILOidcLocation,
+  ) =>
+  (
+    callbackPath: string = undefined,
+    extras: StringMap = null,
+    isSilentSignin = false,
+    scope: string = undefined,
+  ) => {
     const originExtras = extras;
     extras = { ...extras };
     const loginLocalAsync = async () => {
-        const url = callbackPath || oidcLocation.getPath();
+      const url = callbackPath || oidcLocation.getPath();
-        if (!('state' in extras)) {
-            extras.state = generateRandom(16);
-        }
+      if (!('state' in extras)) {
+        extras.state = generateRandom(16);
+      }
-        publishEvent(eventNames.loginAsync_begin, {});
-        if (extras) {
-            for (const key of Object.keys(extras)) {
-                if (key.endsWith(':token_request')) {
-                    delete extras[key];
-                }
-            }
+      publishEvent(eventNames.loginAsync_begin, {});
+      if (extras) {
+        for (const key of Object.keys(extras)) {
+          if (key.endsWith(':token_request')) {
+            delete extras[key];
+          }
         }
-        try {
-            const redirectUri = isSilentSignin ? configuration.silent_redirect_uri : configuration.redirect_uri;
-            if (!scope) {
-                scope = configuration.scope;
-            }
-            const extraFinal = !configuration.extras ? extras : { ...configuration.extras, ...extras };
-            if (!extraFinal.nonce) {
-                extraFinal.nonce = generateRandom(12);
-            }
-            const nonce = { nonce: extraFinal.nonce };
-            const serviceWorker = await initWorkerAsync(configuration, configurationName);
-            const oidcServerConfiguration = await initAsync(configuration.authority, configuration.authority_configuration);
-            let storage;
-            if (serviceWorker) {
-                serviceWorker.setLoginParams({ callbackPath: url, extras: originExtras });
-                await serviceWorker.initAsync(oidcServerConfiguration, 'loginAsync', configuration);
-                await serviceWorker.setNonceAsync(nonce);
-                serviceWorker.startKeepAliveServiceWorker();
-                storage = serviceWorker;
-            } else {
-                const session = initSession(configurationName, configuration.storage ?? sessionStorage);
-                session.setLoginParams({ callbackPath: url, extras: originExtras });
-                await session.setNonceAsync(nonce);
-                storage = session;
-            }
-            // @ts-ignore
-            const extraInternal = {
-                client_id: configuration.client_id,
-                redirect_uri: redirectUri,
-                scope,
-                response_type: 'code',
-                ...extraFinal,
-            };
-            await performAuthorizationRequestAsync(storage, oidcLocation)(oidcServerConfiguration.authorizationEndpoint, extraInternal);
-        } catch (exception) {
-            publishEvent(eventNames.loginAsync_error, exception);
-            throw exception;
+      }
+      try {
+        const redirectUri = isSilentSignin
+          ? configuration.silent_redirect_uri
+          : configuration.redirect_uri;
+        if (!scope) {
+          scope = configuration.scope;
         }
-    };
-    return loginLocalAsync();
-};
-export const loginCallbackAsync = (oidc:Oidc) => async (isSilentSignin = false) => {
-    try {
-        oidc.publishEvent(eventNames.loginCallbackAsync_begin, {});
-        const configuration = oidc.configuration;
-        const clientId = configuration.client_id;
-        const redirectUri = isSilentSignin ? configuration.silent_redirect_uri : configuration.redirect_uri;
-        const authority = configuration.authority;
-        const tokenRequestTimeout = configuration.token_request_timeout;
-        const oidcServerConfiguration = await oidc.initAsync(authority, configuration.authority_configuration);
-        const href = oidc.location.getCurrentHref();
-        const queryParams = getParseQueryStringFromLocation(href);
-        const sessionState = queryParams.session_state;
-        const serviceWorker = await initWorkerAsync(configuration, oidc.configurationName);
+        const extraFinal = !configuration.extras ? extras : { ...configuration.extras, ...extras };
+        if (!extraFinal.nonce) {
+          extraFinal.nonce = generateRandom(12);
+        }
+        const nonce = { nonce: extraFinal.nonce };
+        const serviceWorker = await initWorkerAsync(configuration, configurationName);
+        const oidcServerConfiguration = await initAsync(
+          configuration.authority,
+          configuration.authority_configuration,
+        );
         let storage;
-        let nonceData;
-        let getLoginParams;
-        let state;
         if (serviceWorker) {
-            await serviceWorker.initAsync(oidcServerConfiguration, 'loginCallbackAsync', configuration);
-            await serviceWorker.setSessionStateAsync(sessionState);
-            nonceData = await serviceWorker.getNonceAsync();
-            getLoginParams = serviceWorker.getLoginParams();
-            state = await serviceWorker.getStateAsync();
-            serviceWorker.startKeepAliveServiceWorker();
-            storage = serviceWorker;
+          serviceWorker.setLoginParams({ callbackPath: url, extras: originExtras });
+          await serviceWorker.initAsync(oidcServerConfiguration, 'loginAsync', configuration);
+          await serviceWorker.setNonceAsync(nonce);
+          serviceWorker.startKeepAliveServiceWorker();
+          storage = serviceWorker;
         } else {
-            const session = initSession(oidc.configurationName, configuration.storage ?? sessionStorage);
-            await session.setSessionStateAsync(sessionState);
-            nonceData = await session.getNonceAsync();
-            getLoginParams = session.getLoginParams();
-            state = await session.getStateAsync();
-            storage = session;
+          const session = initSession(configurationName, configuration.storage ?? sessionStorage);
+          session.setLoginParams({ callbackPath: url, extras: originExtras });
+          await session.setNonceAsync(nonce);
+          storage = session;
         }
-        const params = getParseQueryStringFromLocation(href);
-        if(params.error || params.error_description) {
-            throw new Error(`Error from OIDC server: ${params.error} - ${params.error_description}`);
-        }
+        // @ts-ignore
+        const extraInternal = {
+          client_id: configuration.client_id,
+          redirect_uri: redirectUri,
+          scope,
+          response_type: 'code',
+          ...extraFinal,
+        };
+        await performAuthorizationRequestAsync(storage, oidcLocation)(
+          oidcServerConfiguration.authorizationEndpoint,
+          extraInternal,
+        );
+      } catch (exception) {
+        publishEvent(eventNames.loginAsync_error, exception);
+        throw exception;
+      }
+    };
+    return loginLocalAsync();
+  };
-        if (params.iss && params.iss !== oidcServerConfiguration.issuer) {
-            console.error();
-            throw new Error(`Issuer not valid (expected: ${oidcServerConfiguration.issuer}, received: ${params.iss})`);
-        }
-        if (params.state && params.state !== state) {
-            throw new Error(`State not valid (expected: ${state}, received: ${params.state})`);
-        }
+export const loginCallbackAsync =
+  (oidc: Oidc) =>
+  async (isSilentSignin = false) => {
+    try {
+      oidc.publishEvent(eventNames.loginCallbackAsync_begin, {});
+      const configuration = oidc.configuration;
+      const clientId = configuration.client_id;
+      const redirectUri = isSilentSignin
+        ? configuration.silent_redirect_uri
+        : configuration.redirect_uri;
+      const authority = configuration.authority;
+      const tokenRequestTimeout = configuration.token_request_timeout;
+      const oidcServerConfiguration = await oidc.initAsync(
+        authority,
+        configuration.authority_configuration,
+      );
+      const href = oidc.location.getCurrentHref();
+      const queryParams = getParseQueryStringFromLocation(href);
+      const sessionState = queryParams.session_state;
+      const serviceWorker = await initWorkerAsync(configuration, oidc.configurationName);
+      let storage;
+      let nonceData;
+      let getLoginParams;
+      let state;
+      if (serviceWorker) {
+        await serviceWorker.initAsync(oidcServerConfiguration, 'loginCallbackAsync', configuration);
+        await serviceWorker.setSessionStateAsync(sessionState);
+        nonceData = await serviceWorker.getNonceAsync();
+        getLoginParams = serviceWorker.getLoginParams();
+        state = await serviceWorker.getStateAsync();
+        serviceWorker.startKeepAliveServiceWorker();
+        storage = serviceWorker;
+      } else {
+        const session = initSession(
+          oidc.configurationName,
+          configuration.storage ?? sessionStorage,
+        );
+        await session.setSessionStateAsync(sessionState);
+        nonceData = await session.getNonceAsync();
+        getLoginParams = session.getLoginParams();
+        state = await session.getStateAsync();
+        storage = session;
+      }
-        const data = {
-            code: params.code,
-            grant_type: 'authorization_code',
-            client_id: configuration.client_id,
-            redirect_uri: redirectUri,
-        };
+      const params = getParseQueryStringFromLocation(href);
-        const extras = {};
-        // @ts-ignore
-        if (configuration.token_request_extras) {
-            for (const [key, value] of Object.entries(configuration.token_request_extras)) {
-                extras[key] = value;
-            }
+      if (params.error || params.error_description) {
+        throw new Error(`Error from OIDC server: ${params.error} - ${params.error_description}`);
+      }
+      if (params.iss && params.iss !== oidcServerConfiguration.issuer) {
+        console.error();
+        throw new Error(
+          `Issuer not valid (expected: ${oidcServerConfiguration.issuer}, received: ${params.iss})`,
+        );
+      }
+      if (params.state && params.state !== state) {
+        throw new Error(`State not valid (expected: ${state}, received: ${params.state})`);
+      }
+      const data = {
+        code: params.code,
+        grant_type: 'authorization_code',
+        client_id: configuration.client_id,
+        redirect_uri: redirectUri,
+      };
+      const extras = {};
+      // @ts-ignore
+      if (configuration.token_request_extras) {
+        for (const [key, value] of Object.entries(configuration.token_request_extras)) {
+          extras[key] = value;
         }
-        if (getLoginParams && getLoginParams.extras) {
-            for (const [key, value] of Object.entries(getLoginParams.extras)) {
-                if (key.endsWith(':token_request')) {
-                    extras[key.replace(':token_request', '')] = value;
-                }
-            }
+      }
+      if (getLoginParams && getLoginParams.extras) {
+        for (const [key, value] of Object.entries(getLoginParams.extras)) {
+          if (key.endsWith(':token_request')) {
+            extras[key.replace(':token_request', '')] = value;
+          }
         }
-        const url = oidcServerConfiguration.tokenEndpoint;
-        const headersExtras = {};
-        if(configuration.demonstrating_proof_of_possession) {
-            if (serviceWorker) {
-                headersExtras['DPoP'] = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${oidc.configurationName}`;
-            } else {
-                const jwk = await generateJwkAsync(window)(configuration.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
-                const session = initSession(oidc.configurationName, configuration.storage);
-                await session.setDemonstratingProofOfPossessionJwkAsync(jwk);
-                headersExtras['DPoP'] = await generateJwtDemonstratingProofOfPossessionAsync(window)(configuration.demonstrating_proof_of_possession_configuration)(jwk, 'POST', url);
-            }
+      }
+      const url = oidcServerConfiguration.tokenEndpoint;
+      const headersExtras = {};
+      if (configuration.demonstrating_proof_of_possession) {
+        if (serviceWorker) {
+          headersExtras['DPoP'] = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${oidc.configurationName}`;
+        } else {
+          const jwk = await generateJwkAsync(window)(
+            configuration.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm,
+          );
+          const session = initSession(oidc.configurationName, configuration.storage);
+          await session.setDemonstratingProofOfPossessionJwkAsync(jwk);
+          headersExtras['DPoP'] = await generateJwtDemonstratingProofOfPossessionAsync(window)(
+            configuration.demonstrating_proof_of_possession_configuration,
+          )(jwk, 'POST', url);
         }
+      }
-        const tokenResponse = await performFirstTokenRequestAsync(storage)(url,
-            { ...data, ...extras },
-            headersExtras,
-            oidc.configuration.token_renew_mode,
-            tokenRequestTimeout);
+      const tokenResponse = await performFirstTokenRequestAsync(storage)(
+        url,
+        { ...data, ...extras },
+        headersExtras,
+        oidc.configuration.token_renew_mode,
+        tokenRequestTimeout,
+      );
-        if (!tokenResponse.success) {
-            throw new Error('Token request failed');
-        }
+      if (!tokenResponse.success) {
+        throw new Error('Token request failed');
+      }
-        let loginParams;
-        const formattedTokens = tokenResponse.data.tokens;
-        const demonstratingProofOfPossessionNonce = tokenResponse.data.demonstratingProofOfPossessionNonce;
+      let loginParams;
+      const formattedTokens = tokenResponse.data.tokens;
+      const demonstratingProofOfPossessionNonce =
+        tokenResponse.data.demonstratingProofOfPossessionNonce;
-        // @ts-ignore
-        if (tokenResponse.data.state !== extras.state) {
-            throw new Error('state is not valid');
+      // @ts-ignore
+      if (tokenResponse.data.state !== extras.state) {
+        throw new Error('state is not valid');
+      }
+      const { isValid, reason } = isTokensOidcValid(
+        formattedTokens,
+        nonceData.nonce,
+        oidcServerConfiguration,
+      );
+      if (!isValid) {
+        throw new Error(`Tokens are not OpenID valid, reason: ${reason}`);
+      }
+      if (serviceWorker) {
+        if (
+          formattedTokens.refreshToken &&
+          !formattedTokens.refreshToken.includes('SECURED_BY_OIDC_SERVICE_WORKER')
+        ) {
+          throw new Error('Refresh token should be hidden by service worker');
         }
-        const { isValid, reason } = isTokensOidcValid(formattedTokens, nonceData.nonce, oidcServerConfiguration);
-        if (!isValid) {
-            throw new Error(`Tokens are not OpenID valid, reason: ${reason}`);
+        if (
+          demonstratingProofOfPossessionNonce &&
+          formattedTokens.accessToken &&
+          formattedTokens.accessToken.includes('SECURED_BY_OIDC_SERVICE_WORKER')
+        ) {
+          throw new Error(
+            'Demonstration of proof of possession require Access token not hidden by service worker',
+          );
         }
-        if(serviceWorker){
-            if(formattedTokens.refreshToken && !formattedTokens.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) {
-                throw new Error("Refresh token should be hidden by service worker");
-            }
-            if(demonstratingProofOfPossessionNonce && formattedTokens.accessToken && formattedTokens.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) {
-                throw new Error("Demonstration of proof of possession require Access token not hidden by service worker");
-            }
+      }
+      if (serviceWorker) {
+        await serviceWorker.initAsync(oidcServerConfiguration, 'syncTokensAsync', configuration);
+        loginParams = serviceWorker.getLoginParams();
+        if (demonstratingProofOfPossessionNonce) {
+          await serviceWorker.setDemonstratingProofOfPossessionNonce(
+            demonstratingProofOfPossessionNonce,
+          );
         }
-        if (serviceWorker) {
-            await serviceWorker.initAsync(oidcServerConfiguration, 'syncTokensAsync', configuration);
-            loginParams = serviceWorker.getLoginParams();
-            if(demonstratingProofOfPossessionNonce) {
-                await serviceWorker.setDemonstratingProofOfPossessionNonce(demonstratingProofOfPossessionNonce);
-            }
-        } else {
-            const session = initSession(oidc.configurationName, configuration.storage);
-            loginParams = session.getLoginParams();
-            if(demonstratingProofOfPossessionNonce) {
-                await session.setDemonstratingProofOfPossessionNonce(demonstratingProofOfPossessionNonce);
-            }
+      } else {
+        const session = initSession(oidc.configurationName, configuration.storage);
+        loginParams = session.getLoginParams();
+        if (demonstratingProofOfPossessionNonce) {
+          await session.setDemonstratingProofOfPossessionNonce(demonstratingProofOfPossessionNonce);
         }
+      }
-        await oidc.startCheckSessionAsync(oidcServerConfiguration.checkSessionIframe, clientId, sessionState, isSilentSignin);
-        oidc.publishEvent(eventNames.loginCallbackAsync_end, {});
-        return {
-            tokens: formattedTokens,
-            state: 'request.state',
-            callbackPath: loginParams.callbackPath,
-        };
+      await oidc.startCheckSessionAsync(
+        oidcServerConfiguration.checkSessionIframe,
+        clientId,
+        sessionState,
+        isSilentSignin,
+      );
+      oidc.publishEvent(eventNames.loginCallbackAsync_end, {});
+      return {
+        tokens: formattedTokens,
+        state: 'request.state',
+        callbackPath: loginParams.callbackPath,
+      };
     } catch (exception) {
-        console.error(exception);
-        oidc.publishEvent(eventNames.loginCallbackAsync_error, exception);
-        throw exception;
+      console.error(exception);
+      oidc.publishEvent(eventNames.loginCallbackAsync_error, exception);
+      throw exception;
     }
-};
+  };