@axa-fr/oidc-client 7.22.19 → 7.22.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/dist/events.d.ts +1 -1
  2. package/dist/fetch.d.ts.map +1 -1
  3. package/dist/index.js +64 -64
  4. package/dist/index.umd.cjs +2 -2
  5. package/dist/login.d.ts +2 -1
  6. package/dist/login.d.ts.map +1 -1
  7. package/dist/oidc.d.ts +1 -1
  8. package/dist/oidcClient.d.ts +1 -1
  9. package/dist/silentLogin.d.ts +2 -1
  10. package/dist/silentLogin.d.ts.map +1 -1
  11. package/dist/version.d.ts +1 -1
  12. package/package.json +2 -2
  13. package/src/events.ts +1 -1
  14. package/src/fetch.ts +6 -10
  15. package/src/initWorker.ts +1 -1
  16. package/src/login.ts +5 -5
  17. package/src/oidc.ts +1 -1
  18. package/src/renewTokens.ts +5 -5
  19. package/src/silentLogin.ts +8 -3
  20. package/src/version.ts +1 -1
package/dist/events.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  export declare const eventNames: {
2
2
  service_worker_not_supported_by_browser: string;
3
- token_aquired: string;
3
+ token_acquired: string;
4
4
  logout_from_another_tab: string;
5
5
  logout_from_same_tab: string;
6
6
  token_renewed: string;
package/dist/fetch.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAE1B,OAAO,EAAC,KAAK,EAAqC,MAAM,SAAS,CAAC;AAGlE,eAAO,MAAM,eAAe,UAEjB,KAAK,QACN,IAAI,GAAG,IAAI,sCACkB,OAAO,KACzC,KA6CF,CAAC"}
1
+ {"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAE1B,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAGhC,eAAO,MAAM,eAAe,UAClB,KAAK,QAAQ,IAAI,GAAG,IAAI,sCAAqC,OAAO,KAAW,KA6CtF,CAAC"}
package/dist/index.js CHANGED
@@ -17,7 +17,7 @@ class q {
17
17
  }
18
18
  }
19
19
  const ae = 2e3, D = console;
20
- class Oe {
20
+ class Pe {
21
21
  constructor(s, n, t, o = ae, i = !0) {
22
22
  this._callback = s, this._client_id = n, this._url = t, this._interval = o || ae, this._stopOnError = i;
23
23
  const r = t.indexOf("/", t.indexOf("//") + 2);
@@ -49,7 +49,7 @@ class Oe {
49
49
  }
50
50
  const m = {
51
51
  service_worker_not_supported_by_browser: "service_worker_not_supported_by_browser",
52
- token_aquired: "token_aquired",
52
+ token_acquired: "token_acquired",
53
53
  logout_from_another_tab: "logout_from_another_tab",
54
54
  logout_from_same_tab: "logout_from_same_tab",
55
55
  token_renewed: "token_renewed",
@@ -76,7 +76,7 @@ const m = {
76
76
  syncTokensAsync_end: "syncTokensAsync_end",
77
77
  syncTokensAsync_error: "syncTokensAsync_error",
78
78
  tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
79
- }, O = (e, s = sessionStorage) => {
79
+ }, P = (e, s = sessionStorage) => {
80
80
  const n = (y) => (s[`oidc.${e}`] = JSON.stringify({ tokens: null, status: y }), Promise.resolve()), t = async () => {
81
81
  if (!s[`oidc.${e}`])
82
82
  return s[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
@@ -243,7 +243,7 @@ const X = (e, s = null, n) => {
243
243
  setInterval: setInterval.bind(e),
244
244
  clearInterval: clearInterval.bind(e)
245
245
  };
246
- }(), ue = "7.22.19";
246
+ }(), ue = "7.22.20";
247
247
  let _e = null, j;
248
248
  const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe = (e = "/") => {
249
249
  try {
@@ -268,10 +268,10 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
268
268
  n(), await s.update();
269
269
  const t = await s.unregister();
270
270
  console.log(`Service worker unregistration ${t ? "successful" : "failed"}`), await z({ milliseconds: 2e3 }), e.reload();
271
- }, P = (e) => (s) => new Promise(function(n, t) {
271
+ }, O = (e) => (s) => new Promise(function(n, t) {
272
272
  const o = new MessageChannel();
273
273
  o.port1.onmessage = function(i) {
274
- i.data && i.data.error ? t(i.data.error) : n(i.data), o.port1.close(), o.port2.close();
274
+ i != null && i.data.error ? t(i.data.error) : n(i.data), o.port1.close(), o.port2.close();
275
275
  }, e.active.postMessage(s, [o.port2]);
276
276
  }), I = async (e, s) => {
277
277
  const n = () => {
@@ -286,12 +286,12 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
286
286
  let o = null;
287
287
  e.register ? o = await e.service_worker_register(t) : o = await navigator.serviceWorker.register(t);
288
288
  try {
289
- await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await P(o)({ type: "claim" });
289
+ await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await O(o)({ type: "claim" });
290
290
  } catch {
291
291
  return null;
292
292
  }
293
- const i = async (f) => P(o)({ type: "clear", data: { status: f }, configurationName: s }), r = async (f, p, T) => {
294
- const L = await P(o)({
293
+ const i = async (f) => O(o)({ type: "clear", data: { status: f }, configurationName: s }), r = async (f, p, T) => {
294
+ const L = await O(o)({
295
295
  type: "init",
296
296
  data: {
297
297
  oidcServerConfiguration: f,
@@ -312,17 +312,17 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
312
312
  };
313
313
  }, a = (f = "/") => {
314
314
  _e == null && (_e = "not_null", pe(f));
315
- }, u = (f) => P(o)({
315
+ }, u = (f) => O(o)({
316
316
  type: "setSessionState",
317
317
  data: { sessionState: f },
318
318
  configurationName: s
319
- }), d = async () => (await P(o)({
319
+ }), d = async () => (await O(o)({
320
320
  type: "getSessionState",
321
321
  data: null,
322
322
  configurationName: s
323
323
  })).sessionState, l = (f) => {
324
324
  const p = n();
325
- return sessionStorage[`oidc.nonce.${s}`] = f.nonce, P(o)({
325
+ return sessionStorage[`oidc.nonce.${s}`] = f.nonce, O(o)({
326
326
  type: "setNonce",
327
327
  data: { nonce: f },
328
328
  configurationName: s,
@@ -330,7 +330,7 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
330
330
  });
331
331
  }, c = async () => {
332
332
  const f = n();
333
- let T = (await P(o)({
333
+ let T = (await O(o)({
334
334
  type: "getNonce",
335
335
  data: null,
336
336
  configurationName: s,
@@ -356,7 +356,7 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
356
356
  },
357
357
  getStateAsync: async () => {
358
358
  const f = n();
359
- let T = (await P(o)({
359
+ let T = (await O(o)({
360
360
  type: "getState",
361
361
  data: null,
362
362
  configurationName: s,
@@ -366,7 +366,7 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
366
366
  },
367
367
  setStateAsync: async (f) => {
368
368
  const p = n();
369
- return sessionStorage[`oidc.state.${s}`] = f, P(o)({
369
+ return sessionStorage[`oidc.state.${s}`] = f, O(o)({
370
370
  type: "setState",
371
371
  data: { state: f },
372
372
  configurationName: s,
@@ -375,7 +375,7 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
375
375
  },
376
376
  getCodeVerifierAsync: async () => {
377
377
  const f = n();
378
- let T = (await P(o)({
378
+ let T = (await O(o)({
379
379
  type: "getCodeVerifier",
380
380
  data: null,
381
381
  configurationName: s,
@@ -385,7 +385,7 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
385
385
  },
386
386
  setCodeVerifierAsync: async (f) => {
387
387
  const p = n();
388
- return sessionStorage[`oidc.code_verifier.${s}`] = f, P(o)({
388
+ return sessionStorage[`oidc.code_verifier.${s}`] = f, O(o)({
389
389
  type: "setCodeVerifier",
390
390
  data: { codeVerifier: f },
391
391
  configurationName: s,
@@ -393,27 +393,27 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
393
393
  });
394
394
  },
395
395
  setDemonstratingProofOfPossessionNonce: async (f) => {
396
- await P(o)({
396
+ await O(o)({
397
397
  type: "setDemonstratingProofOfPossessionNonce",
398
398
  data: { demonstratingProofOfPossessionNonce: f },
399
399
  configurationName: s
400
400
  });
401
401
  },
402
- getDemonstratingProofOfPossessionNonce: async () => (await P(o)({
402
+ getDemonstratingProofOfPossessionNonce: async () => (await O(o)({
403
403
  type: "getDemonstratingProofOfPossessionNonce",
404
404
  data: null,
405
405
  configurationName: s
406
406
  })).demonstratingProofOfPossessionNonce,
407
407
  setDemonstratingProofOfPossessionJwkAsync: async (f) => {
408
408
  const p = JSON.stringify(f);
409
- await P(o)({
409
+ await O(o)({
410
410
  type: "setDemonstratingProofOfPossessionJwk",
411
411
  data: { demonstratingProofOfPossessionJwkJson: p },
412
412
  configurationName: s
413
413
  });
414
414
  },
415
415
  getDemonstratingProofOfPossessionJwkAsync: async () => {
416
- const f = await P(o)({
416
+ const f = await O(o)({
417
417
  type: "getDemonstratingProofOfPossessionJwk",
418
418
  data: null,
419
419
  configurationName: s
@@ -707,12 +707,12 @@ async function he(e, s, n) {
707
707
  const t = (a) => {
708
708
  e.tokens = a;
709
709
  }, { tokens: o, status: i } = await H(e)(
710
+ t,
710
711
  0,
711
712
  s,
712
- n,
713
- t
713
+ n
714
714
  );
715
- return await I(e.configuration, e.configurationName) || await O(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? o : (await e.destroyAsync(i), null);
715
+ return await I(e.configuration, e.configurationName) || await P(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? o : (await e.destroyAsync(i), null);
716
716
  }
717
717
  const ts = async (e, s) => {
718
718
  const n = await I(s, e.configurationName);
@@ -727,7 +727,7 @@ const ts = async (e, s) => {
727
727
  );
728
728
  return o;
729
729
  } else {
730
- const t = O(e.configurationName, s.storage ?? sessionStorage);
730
+ const t = P(e.configurationName, s.storage ?? sessionStorage);
731
731
  let { tokens: o } = await t.initAsync();
732
732
  return o = X(o, e.tokens, s.token_renew_mode), o;
733
733
  }
@@ -784,7 +784,7 @@ const J = (e, s, n = null) => {
784
784
  }
785
785
  r = await u.getNonceAsync();
786
786
  } else {
787
- const c = O(n, s.storage ?? sessionStorage), _ = await c.initAsync();
787
+ const c = P(n, s.storage ?? sessionStorage), _ = await c.initAsync();
788
788
  let { tokens: h } = _;
789
789
  const { status: g } = _;
790
790
  if (h && (h = X(h, e.tokens, s.token_renew_mode)), h) {
@@ -806,7 +806,7 @@ const J = (e, s, n = null) => {
806
806
  t.expiresAt
807
807
  ) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
808
808
  return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status: l, nonce: r };
809
- }, H = (e) => async (s = 0, n = !1, t = null, o) => {
809
+ }, H = (e) => async (s, n = 0, t = !1, o = null) => {
810
810
  if (!navigator.onLine && document.hidden)
811
811
  return { tokens: e.tokens, status: "GIVE_UP" };
812
812
  let i = 6;
@@ -814,8 +814,8 @@ const J = (e, s, n = null) => {
814
814
  await z({ milliseconds: 1e3 }), i--, e.publishEvent(m.refreshTokensAsync, {
815
815
  message: `wait because navigator is offline try ${i}`
816
816
  });
817
- const r = s + 1;
818
- t || (t = {});
817
+ const r = n + 1;
818
+ o || (o = {});
819
819
  const a = e.configuration, u = (l, c = null, _ = null) => re(
820
820
  e.configurationName,
821
821
  e.configuration,
@@ -824,22 +824,22 @@ const J = (e, s, n = null) => {
824
824
  try {
825
825
  let l;
826
826
  const c = await I(a, e.configurationName);
827
- c ? l = c.getLoginParams() : l = O(e.configurationName, a.storage).getLoginParams();
827
+ c ? l = c.getLoginParams() : l = P(e.configurationName, a.storage).getLoginParams();
828
828
  const _ = await u({
829
829
  ...l.extras,
830
- ...t,
830
+ ...o,
831
831
  prompt: "none"
832
832
  });
833
- return _ ? _.error ? (o(null), e.publishEvent(m.refreshTokensAsync_error, {
833
+ return _ ? _.error ? (s(null), e.publishEvent(m.refreshTokensAsync_error, {
834
834
  message: "refresh token silent"
835
- }), { tokens: null, status: "SESSION_LOST" }) : (o(_.tokens), e.publishEvent(C.eventNames.token_renewed, {}), { tokens: _.tokens, status: "LOGGED" }) : (o(null), e.publishEvent(m.refreshTokensAsync_error, {
835
+ }), { tokens: null, status: "SESSION_LOST" }) : (s(_.tokens), e.publishEvent(C.eventNames.token_renewed, {}), { tokens: _.tokens, status: "LOGGED" }) : (s(null), e.publishEvent(m.refreshTokensAsync_error, {
836
836
  message: "refresh token silent not active"
837
837
  }), { tokens: null, status: "SESSION_LOST" });
838
838
  } catch (l) {
839
839
  return console.error(l), e.publishEvent(m.refreshTokensAsync_silent_error, {
840
840
  message: "exceptionSilent",
841
841
  exception: l.message
842
- }), await H(e)(r, n, t, o);
842
+ }), await H(e)(s, r, t, o);
843
843
  }
844
844
  };
845
845
  try {
@@ -847,38 +847,38 @@ const J = (e, s, n = null) => {
847
847
  a,
848
848
  e.configurationName,
849
849
  e.tokens,
850
- n
850
+ t
851
851
  );
852
852
  switch (l) {
853
853
  case x.SESSION_LOST:
854
- return o(null), e.publishEvent(m.refreshTokensAsync_error, {
854
+ return s(null), e.publishEvent(m.refreshTokensAsync_error, {
855
855
  message: "refresh token session lost"
856
856
  }), { tokens: null, status: "SESSION_LOST" };
857
857
  case x.NOT_CONNECTED:
858
- return o(null), { tokens: null, status: null };
858
+ return s(null), { tokens: null, status: null };
859
859
  case x.TOKENS_VALID:
860
- return o(c), { tokens: c, status: "LOGGED_IN" };
860
+ return s(c), { tokens: c, status: "LOGGED_IN" };
861
861
  case x.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
862
- return o(c), e.publishEvent(C.eventNames.token_renewed, {
862
+ return s(c), e.publishEvent(C.eventNames.token_renewed, {
863
863
  reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"
864
864
  }), { tokens: c, status: "LOGGED_IN" };
865
865
  case x.LOGOUT_FROM_ANOTHER_TAB:
866
- return o(null), e.publishEvent(m.logout_from_another_tab, {
866
+ return s(null), e.publishEvent(m.logout_from_another_tab, {
867
867
  status: "session syncTokensAsync"
868
868
  }), { tokens: null, status: "LOGGED_OUT" };
869
869
  case x.REQUIRE_SYNC_TOKENS:
870
- return a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== l ? (e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(m.refreshTokensAsync_begin, { tryNumber: s }), await d());
870
+ return a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== l ? (e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(m.refreshTokensAsync_begin, { tryNumber: n }), await d());
871
871
  default: {
872
872
  if (a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && x.FORCE_REFRESH !== l)
873
873
  return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
874
874
  if (e.publishEvent(m.refreshTokensAsync_begin, {
875
875
  refreshToken: c.refreshToken,
876
876
  status: l,
877
- tryNumber: s
877
+ tryNumber: n
878
878
  }), !c.refreshToken)
879
879
  return await d();
880
880
  const h = a.client_id, g = a.redirect_uri, w = a.authority, b = { ...a.token_request_extras ? a.token_request_extras : {} };
881
- for (const [A, S] of Object.entries(t))
881
+ for (const [A, S] of Object.entries(o))
882
882
  A.endsWith(":token_request") && (b[A.replace(":token_request", "")] = S);
883
883
  return await (async () => {
884
884
  const A = {
@@ -911,14 +911,14 @@ const J = (e, s, n = null) => {
911
911
  S
912
912
  );
913
913
  if (!T)
914
- return o(null), e.publishEvent(m.refreshTokensAsync_error, {
914
+ return s(null), e.publishEvent(m.refreshTokensAsync_error, {
915
915
  message: `refresh token return not valid tokens, reason: ${L}`
916
916
  }), { tokens: null, status: "SESSION_LOST" };
917
- if (o(p.data), p.demonstratingProofOfPossessionNonce) {
917
+ if (s(p.data), p.demonstratingProofOfPossessionNonce) {
918
918
  const v = await I(a, e.configurationName);
919
919
  v ? await v.setDemonstratingProofOfPossessionNonce(
920
920
  p.demonstratingProofOfPossessionNonce
921
- ) : await O(e.configurationName, a.storage).setDemonstratingProofOfPossessionNonce(
921
+ ) : await P(e.configurationName, a.storage).setDemonstratingProofOfPossessionNonce(
922
922
  p.demonstratingProofOfPossessionNonce
923
923
  );
924
924
  }
@@ -929,11 +929,11 @@ const J = (e, s, n = null) => {
929
929
  return e.publishEvent(m.refreshTokensAsync_silent_error, {
930
930
  message: "bad request",
931
931
  tokenResponse: p
932
- }), p.status >= 400 && p.status < 500 ? (o(null), e.publishEvent(m.refreshTokensAsync_error, {
932
+ }), p.status >= 400 && p.status < 500 ? (s(null), e.publishEvent(m.refreshTokensAsync_error, {
933
933
  message: `session lost: ${p.status}`
934
934
  }), { tokens: null, status: "SESSION_LOST" }) : await H(e)(
935
+ s,
935
936
  r,
936
- n,
937
937
  t,
938
938
  o
939
939
  );
@@ -946,7 +946,7 @@ const J = (e, s, n = null) => {
946
946
  exception: l.message
947
947
  }), new Promise((c, _) => {
948
948
  setTimeout(() => {
949
- H(e)(r, n, t, o).then(c).catch(_);
949
+ H(e)(s, r, t, o).then(c).catch(_);
950
950
  }, 1e3);
951
951
  });
952
952
  }
@@ -1015,7 +1015,7 @@ const J = (e, s, n = null) => {
1015
1015
  r
1016
1016
  );
1017
1017
  if (c)
1018
- return o.tokens = c.tokens, t(m.token_aquired, {}), o.timeoutId = J(o, o.tokens.expiresAt, i), {};
1018
+ return o.tokens = c.tokens, t(m.token_acquired, {}), o.timeoutId = J(o, o.tokens.expiresAt, i), {};
1019
1019
  } catch (l) {
1020
1020
  return l;
1021
1021
  }
@@ -1065,7 +1065,7 @@ const J = (e, s, n = null) => {
1065
1065
  await w.logoutOtherTabAsync(n.client_id, h.sub);
1066
1066
  });
1067
1067
  };
1068
- e.checkSessionIFrame = new Oe(
1068
+ e.checkSessionIFrame = new Pe(
1069
1069
  l,
1070
1070
  o,
1071
1071
  t
@@ -1199,7 +1199,7 @@ const us = () => {
1199
1199
  n.service_worker_relative_url && e.publishEvent(m.service_worker_not_supported_by_browser, {
1200
1200
  message: "service worker is not supported by this browser"
1201
1201
  });
1202
- const o = O(e.configurationName, n.storage ?? sessionStorage), { tokens: i } = await o.initAsync();
1202
+ const o = P(e.configurationName, n.storage ?? sessionStorage), { tokens: i } = await o.initAsync();
1203
1203
  if (i) {
1204
1204
  e.tokens = X(i, null, n.token_renew_mode);
1205
1205
  const r = o.getLoginParams();
@@ -1283,7 +1283,7 @@ const us = () => {
1283
1283
  if (w)
1284
1284
  w.setLoginParams({ callbackPath: c, extras: d }), await w.initAsync(k, "loginAsync", s), await w.setNonceAsync(g), w.startKeepAliveServiceWorker(), b = w;
1285
1285
  else {
1286
- const A = O(e, s.storage ?? sessionStorage);
1286
+ const A = P(e, s.storage ?? sessionStorage);
1287
1287
  A.setLoginParams({ callbackPath: c, extras: d }), await A.setNonceAsync(g), b = A;
1288
1288
  }
1289
1289
  const E = {
@@ -1312,7 +1312,7 @@ const us = () => {
1312
1312
  if (c)
1313
1313
  await c.initAsync(a, "loginCallbackAsync", n), await c.setSessionStateAsync(l), h = await c.getNonceAsync(), g = c.getLoginParams(), w = await c.getStateAsync(), c.startKeepAliveServiceWorker(), _ = c;
1314
1314
  else {
1315
- const v = O(
1315
+ const v = P(
1316
1316
  e.configurationName,
1317
1317
  n.storage ?? sessionStorage
1318
1318
  );
@@ -1336,7 +1336,7 @@ const us = () => {
1336
1336
  if (n.token_request_extras)
1337
1337
  for (const [v, K] of Object.entries(n.token_request_extras))
1338
1338
  E[v] = K;
1339
- if (g && g.extras)
1339
+ if (g != null && g.extras)
1340
1340
  for (const [v, K] of Object.entries(g.extras))
1341
1341
  v.endsWith(":token_request") && (E[v.replace(":token_request", "")] = K);
1342
1342
  const A = a.tokenEndpoint, S = {};
@@ -1347,7 +1347,7 @@ const us = () => {
1347
1347
  const v = await je(window)(
1348
1348
  n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
1349
1349
  );
1350
- await O(e.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(v), S.DPoP = await Se(window)(
1350
+ await P(e.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(v), S.DPoP = await Se(window)(
1351
1351
  n.demonstrating_proof_of_possession_configuration
1352
1352
  )(v, "POST", A);
1353
1353
  }
@@ -1374,7 +1374,7 @@ const us = () => {
1374
1374
  if (c) {
1375
1375
  if (f.refreshToken && !f.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
1376
1376
  throw new Error("Refresh token should be hidden by service worker");
1377
- if (p && f.accessToken && f.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
1377
+ if (p && (f != null && f.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))
1378
1378
  throw new Error(
1379
1379
  "Demonstration of proof of possession require Access token not hidden by service worker"
1380
1380
  );
@@ -1384,7 +1384,7 @@ const us = () => {
1384
1384
  p
1385
1385
  );
1386
1386
  else {
1387
- const v = O(e.configurationName, n.storage);
1387
+ const v = P(e.configurationName, n.storage);
1388
1388
  N = v.getLoginParams(), p && await v.setDemonstratingProofOfPossessionNonce(p);
1389
1389
  }
1390
1390
  return await e.startCheckSessionAsync(
@@ -1425,7 +1425,7 @@ const us = () => {
1425
1425
  }, gs = (e) => async (s) => {
1426
1426
  M.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
1427
1427
  const n = await I(e.configuration, e.configurationName);
1428
- n ? await n.clearAsync(s) : await O(e.configurationName, e.configuration.storage).clearAsync(s), e.tokens = null, e.userInfo = null;
1428
+ n ? await n.clearAsync(s) : await P(e.configurationName, e.configuration.storage).clearAsync(s), e.tokens = null, e.userInfo = null;
1429
1429
  }, ks = (e, s, n, t, o) => async (i = void 0, r = null) => {
1430
1430
  var b, E;
1431
1431
  const a = e.configuration, u = await e.initAsync(
@@ -1485,7 +1485,7 @@ const us = () => {
1485
1485
  o.open(`${u.endSessionEndpoint}${A}`);
1486
1486
  } else
1487
1487
  o.reload();
1488
- }, Pe = (e, s, n = !1) => async (...t) => {
1488
+ }, Oe = (e, s, n = !1) => async (...t) => {
1489
1489
  var h;
1490
1490
  const [o, i, ...r] = t, a = i ? { ...i } : { method: "GET" };
1491
1491
  let u = new Headers();
@@ -1516,7 +1516,7 @@ const us = () => {
1516
1516
  t.authority,
1517
1517
  t.authority_configuration
1518
1518
  )).userInfoEndpoint, a = await (async () => {
1519
- const d = await Pe(fetch, e, n)(i);
1519
+ const d = await Oe(fetch, e, n)(i);
1520
1520
  return d.status !== 200 ? null : d.json();
1521
1521
  })();
1522
1522
  return e.userInfo = a, a;
@@ -1666,7 +1666,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1666
1666
  return this.loginCallbackPromise;
1667
1667
  const n = async () => {
1668
1668
  const t = await hs(this)(s), o = t.tokens;
1669
- return this.tokens = o, await I(this.configuration, this.configurationName) || O(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(F.eventNames.token_aquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), { parsedTokens: o, state: t.state, callbackPath: t.callbackPath };
1669
+ return this.tokens = o, await I(this.configuration, this.configurationName) || P(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(F.eventNames.token_acquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), { parsedTokens: o, state: t.state, callbackPath: t.callbackPath };
1670
1670
  };
1671
1671
  return this.loginCallbackPromise = n(), this.loginCallbackPromise.finally(() => {
1672
1672
  this.loginCallbackPromise = null;
@@ -1679,7 +1679,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1679
1679
  };
1680
1680
  if (await I(i, this.configurationName))
1681
1681
  return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
1682
- const u = O(this.configurationName, i.storage), d = await u.getDemonstratingProofOfPossessionJwkAsync(), l = u.getDemonstratingProofOfPossessionNonce();
1682
+ const u = P(this.configurationName, i.storage), d = await u.getDemonstratingProofOfPossessionJwkAsync(), l = u.getDemonstratingProofOfPossessionNonce();
1683
1683
  return l && (r.nonce = l), await Se(window)(
1684
1684
  i.demonstrating_proof_of_possession_configuration
1685
1685
  )(d, t, n, r);
@@ -1777,7 +1777,7 @@ const $ = class $ {
1777
1777
  return ke(this._oidc, s, n);
1778
1778
  }
1779
1779
  fetchWithTokens(s, n = !1) {
1780
- return Pe(s, this._oidc, n);
1780
+ return Oe(s, this._oidc, n);
1781
1781
  }
1782
1782
  async userInfoAsync(s = !1, n = !1) {
1783
1783
  return this._oidc.userInfoAsync(s, n);
package/dist/index.umd.cjs CHANGED
@@ -1,2 +1,2 @@
1
- (function(C,W){typeof exports=="object"&&typeof module<"u"?W(exports):typeof define=="function"&&define.amd?define(["exports"],W):(C=typeof globalThis<"u"?globalThis:C||self,W(C["oidc-client"]={}))})(this,function(C){"use strict";class W{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const le=2e3,$=console;class Ce{constructor(n,s,t,o=le,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||le,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?($.debug(n),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){$.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},O=(e,n=sessionStorage)=>{const s=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},i=async y=>{n[`oidc.session_state.${e}`]=y},r=async()=>n[`oidc.session_state.${e}`],a=y=>{n[`oidc.nonce.${e}`]=y.nonce},u=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),l=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async y=>{n[`oidc.dpop_nonce.${e}`]=y},_=()=>n[`oidc.dpop_nonce.${e}`],h=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:l,setLoginParams:y=>{g[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(g[e]||(g[e]=JSON.parse(y)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:u,getDemonstratingProofOfPossessionJwkAsync:d}};var K=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(K||{});const Ne=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),xe=e=>JSON.parse(Ne(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&We(e,".")===2?xe(e.split(".")[1]):null}catch(n){console.warn(n)}return null},We=(e,n)=>e.split(n).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const Y=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,u=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Le(e,t,r);let d;e.expiresAt?d=e.expiresAt:s===G.access_token_invalid?d=u:s===G.id_token_invalid?d=a:d=a<u?a:u;const l={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:d,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...l,refreshToken:c}}return l},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),Y(t,n,s)},V=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=e=>e?V(0,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!_e(e.tokens)&&t>0;){if(e.configuration.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await z({milliseconds:n});t=t-1}return{isTokensValid:_e(e.tokens),tokens:e.tokens,numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},M=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.22.19";let ye=null,X;const z=({milliseconds:e})=>new Promise(n=>M.setTimeout(n,e)),ge=(e="/")=>{try{X=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),z({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},De=()=>{X&&X.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistration ${t?"successful":"failed"}`),await z({milliseconds:2e3}),e.reload()},E=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=()=>{const f=sessionStorage.getItem(`oidc.tabId.${n}`);if(f)return f;const p=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${n}`,p),p},t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;let o=null;e.register?o=await e.service_worker_register(t):o=await navigator.serviceWorker.register(t);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await E(o)({type:"claim"})}catch{return null}const i=async f=>E(o)({type:"clear",data:{status:f},configurationName:n}),r=async(f,p,v)=>{const R=await E(o)({type:"init",data:{oidcServerConfiguration:f,where:p,oidcConfiguration:{token_renew_mode:v.token_renew_mode,service_worker_convert_all_requests_to_cors:v.service_worker_convert_all_requests_to_cors}},configurationName:n,tabId:s()}),T=R.version;return T!==he&&(console.warn(`Service worker ${T} version mismatch with js client version ${he}, unregistering and reloading`),await v.service_worker_update_require_callback(o,De)),{tokens:ee(R.tokens,null,v.token_renew_mode),status:R.status}},a=(f="/")=>{ye==null&&(ye="not_null",ge(f))},u=f=>E(o)({type:"setSessionState",data:{sessionState:f},configurationName:n}),d=async()=>(await E(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,l=f=>{const p=s();return sessionStorage[`oidc.nonce.${n}`]=f.nonce,E(o)({type:"setNonce",data:{nonce:f},configurationName:n,tabId:p})},c=async()=>{const f=s();let v=(await E(o)({type:"getNonce",data:null,configurationName:n,tabId:f})).nonce;return v||(v=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:v}},_={};return{clearAsync:i,initAsync:r,startKeepAliveServiceWorker:()=>a(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:u,getSessionStateAsync:d,setNonceAsync:l,getNonceAsync:c,setLoginParams:f=>{_[n]=f,localStorage[`oidc.login.${n}`]=JSON.stringify(f)},getLoginParams:()=>{const f=localStorage[`oidc.login.${n}`];return _[n]||(_[n]=JSON.parse(f)),_[n]},getStateAsync:async()=>{const f=s();let v=(await E(o)({type:"getState",data:null,configurationName:n,tabId:f})).state;return v||(v=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),v},setStateAsync:async f=>{const p=s();return sessionStorage[`oidc.state.${n}`]=f,E(o)({type:"setState",data:{state:f},configurationName:n,tabId:p})},getCodeVerifierAsync:async()=>{const f=s();let v=(await E(o)({type:"getCodeVerifier",data:null,configurationName:n,tabId:f})).codeVerifier;return v||(v=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),v},setCodeVerifierAsync:async f=>{const p=s();return sessionStorage[`oidc.code_verifier.${n}`]=f,E(o)({type:"setCodeVerifier",data:{codeVerifier:f},configurationName:n,tabId:p})},setDemonstratingProofOfPossessionNonce:async f=>{await E(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:f},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await E(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async f=>{const p=JSON.stringify(f);await E(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:p},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const f=await E(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return f.demonstratingProofOfPossessionJwkJson?JSON.parse(f.demonstratingProofOfPossessionJwkJson):null}}},U={},Ke=(e,n=window.sessionStorage,s)=>{if(!U[e]&&n){const o=n.getItem(e);o&&(U[e]=JSON.parse(o))}const t=1e3*s;return U[e]&&U[e].timestamp+t>Date.now()?U[e].result:null},Ue=(e,n,s=window.sessionStorage)=>{const t=Date.now();U[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function ke(e){return new TextEncoder().encode(e)}function me(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Fe(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const ne=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),me(n)};function pe(e){return me(Fe(e))}const Ve={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Me={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:pe(JSON.stringify(s)),payload:pe(JSON.stringify(t))},a=o.importKeyAlgorithm,u=!0,d=["sign"],l=await e.crypto.subtle.importKey("jwk",n,a,u,d),c=ke(`${r.protected}.${r.payload}`),_=o.signAlgorithm,h=await e.crypto.subtle.sign(_,l,c);return r.signature=ne(new Uint8Array(h)),`${r.protected}.${r.payload}.${r.signature}`}},Je={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},Be={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,ke(t));return ne(new Uint8Array(o))}},He=e=>async n=>await Je.generate(e)(n),we=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(je()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await Be.thumbprint(e)(s,n.digestAlgorithm);return await Me.sign(e)(s,{kid:a},r,n)},je=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Ae=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%se.length;n.push(se[t])}return n.join("")},te=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Ae();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*se.length|0;return qe(n)};function Ge(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function Se(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Ge(e)).then(t=>n(ne(new Uint8Array(t))),t=>s(t))})}const Ye=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Ae();return n?Se(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Xe=60*60,ze=e=>async(n,s=Xe,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Ke(r,t,s);if(a)return new ae(a);const u=await J(e)(i,{},o);if(u.status!==200)return null;const d=await u.json();return Ue(r,d,t),new ae(d)},J=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},Te=e=>async(n,s,t=oe.refresh_token,o,i={},r=1e4)=>{const a={token:s,token_type_hint:t,client_id:o};for(const[c,_]of Object.entries(i))a[c]===void 0&&(a[c]=_);const u=[];for(const c in a){const _=encodeURIComponent(c),h=encodeURIComponent(a[c]);u.push(`${_}=${h}`)}const d=u.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:d},r)).status!==200?{success:!1}:{success:!0}},Qe=e=>async(n,s,t,o,i={},r,a=1e4)=>{for(const[h,g]of Object.entries(t))s[h]===void 0&&(s[h]=g);const u=[];for(const h in s){const g=encodeURIComponent(h),w=encodeURIComponent(s[h]);u.push(`${g}=${w}`)}const d=u.join("&"),l=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:d},a);if(l.status!==200)return{success:!1,status:l.status,demonstratingProofOfPossessionNonce:null};const c=await l.json();let _=null;return l.headers.has(Q)&&(_=l.headers.get(Q)),{success:!0,status:l.status,data:ee(c,o,r),demonstratingProofOfPossessionNonce:_}},Ze=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Ye(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[a,u]of Object.entries(t))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(u)}`;n.open(`${s}${r}`)},Q="DPoP-Nonce",en=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const c in s){const _=encodeURIComponent(c),h=encodeURIComponent(s[c]);r.push(`${_}=${h}`)}const a=r.join("&"),u=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),u.status!==200)return{success:!1,status:u.status};let d=null;u.headers.has(Q)&&(d=u.headers.get(Q));const l=await u.json();return{success:!0,data:{state:s.state,tokens:ee(l,null,o),demonstratingProofOfPossessionNonce:d}}};async function ve(e,n,s){const t=a=>{e.tokens=a},{tokens:o,status:i}=await Z(e)(0,n,s,t);return await I(e.configuration,e.configurationName)||await O(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(i),null)}const nn=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=O(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=Y(o,e.tokens,n.token_renew_mode),o}};async function be(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let i;const r=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!r?i=await ve(e,n,s):i=await navigator.locks.request(o,{ifAvailable:!0},async a=>a?await ve(e,n,s):(e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await nn(e,t))),i?(e.timeoutId&&(e.timeoutId=B(e,e.tokens.expiresAt,s)),e.tokens):null}const B=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return M.setTimeout(async()=>{const i={timeLeft:V(t,n)};e.publishEvent(N.eventNames.token_timer,i),await be(e,!1,s)},1e3)},L={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),u=await I(n,s);if(u){const{status:c,tokens:_}=await u.initAsync(a,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!c||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const g=V(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",w=await u.getNonceAsync();return{tokens:_,status:g,nonce:w}}r=await u.getNonceAsync()}else{const c=O(s,n.storage??sessionStorage),_=await c.initAsync();let{tokens:h}=_;const{status:g}=_;if(h&&(h=Y(h,e.tokens,n.token_renew_mode)),h){if(g==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(h.issuedAt!==t.issuedAt){const k=V(n.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",b=await c.getNonceAsync();return{tokens:h,status:k,nonce:b}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await c.getNonceAsync()}const l=V(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:l,nonce:r}},Z=e=>async(n=0,s=!1,t=null,o)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let i=6;for(;!navigator.onLine&&i>0;)await z({milliseconds:1e3}),i--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${i}`});const r=n+1;t||(t={});const a=e.configuration,u=(l,c=null,_=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(l,c,_),d=async()=>{try{let l;const c=await I(a,e.configurationName);c?l=c.getLoginParams():l=O(e.configurationName,a.storage).getLoginParams();const _=await u({...l.extras,...t,prompt:"none"});return _?_.error?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(o(_.tokens),e.publishEvent(N.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}):(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),await Z(e)(r,s,t,o)}};try{const{status:l,tokens:c,nonce:_}=await sn(e)(a,e.configurationName,e.tokens,s);switch(l){case L.SESSION_LOST:return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case L.NOT_CONNECTED:return o(null),{tokens:null,status:null};case L.TOKENS_VALID:return o(c),{tokens:c,status:"LOGGED_IN"};case L.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return o(c),e.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:c,status:"LOGGED_IN"};case L.LOGOUT_FROM_ANOTHER_TAB:return o(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case L.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted&&L.FORCE_REFRESH!==l?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:n}),await d());default:{if(a.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted&&L.FORCE_REFRESH!==l)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:c.refreshToken,status:l,tryNumber:n}),!c.refreshToken)return await d();const h=a.client_id,g=a.redirect_uri,w=a.authority,b={...a.token_request_extras?a.token_request_extras:{}};for(const[A,S]of Object.entries(t))A.endsWith(":token_request")&&(b[A.replace(":token_request","")]=S);return await(async()=>{const A={client_id:h,redirect_uri:g,grant_type:"refresh_token",refresh_token:c.refreshToken},S=await e.initAsync(w,a.authority_configuration),y=document.hidden?1e4:3e4*10,x=S.tokenEndpoint,f={};a.demonstrating_proof_of_possession&&(f.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(c.accessToken,x,"POST"));const p=await Qe(e.getFetch())(x,A,b,c,f,a.token_renew_mode,y);if(p.success){const{isValid:v,reason:R}=de(p.data,_.nonce,S);if(!v)return o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${R}`}),{tokens:null,status:"SESSION_LOST"};if(o(p.data),p.demonstratingProofOfPossessionNonce){const T=await I(a,e.configurationName);T?await T.setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce):await O(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:p.success}),e.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:p.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:p}),p.status>=400&&p.status<500?(o(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${p.status}`}),{tokens:null,status:"SESSION_LOST"}):await Z(e)(r,s,t,o)})()}}}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),new Promise((c,_)=>{setTimeout(()=>{Z(e)(r,s,t,o).then(c).catch(_)},1e3)})}},ie=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[c,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(c)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;const a=n.silent_login_uri+r,u=a.indexOf("/",a.indexOf("//")+2),d=a.substring(0,u),l=document.createElement("iframe");return l.width="0px",l.height="0px",l.id=`${e}_oidc_iframe`,l.setAttribute("src",a),document.body.appendChild(l),new Promise((c,_)=>{let h=!1;const g=()=>{window.removeEventListener("message",w),l.remove(),h=!0},w=k=>{if(k.origin===d&&k.source===l.contentWindow){const b=`${e}_oidc_tokens:`,P=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,S=k.data;if(S&&typeof S=="string"&&!h){if(S.startsWith(b)){const y=JSON.parse(k.data.replace(b,""));s(m.silentLoginAsync_end,{}),c(y),g()}else if(S.startsWith(P)){const y=JSON.parse(k.data.replace(P,""));s(m.silentLoginAsync_error,y),c({error:"oidc_"+y.error,tokens:null,sessionState:null}),g()}else if(S.startsWith(A)){const y=JSON.parse(k.data.replace(A,""));s(m.silentLoginAsync_error,y),_(new Error(y.error)),g()}}}};try{window.addEventListener("message",w);const k=n.silent_login_timeout;setTimeout(()=>{h||(g(),s(m.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},k)}catch(k){g(),s(m.silentLoginAsync_error,k),_(k)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},tn=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const a=(d,l,c)=>ie(n,s,t.bind(o))(d,l,c);return(async()=>{o.timeoutId&&M.clearTimeout(o.timeoutId);let d;i&&"state"in i&&(d=i.state,delete i.state);try{const l=s.extras?{...s.extras,...i}:i,c=await a({...l,prompt:"none"},d,r);if(c)return o.tokens=c.tokens,t(m.token_aquired,{}),o.timeoutId=B(o,o.tokens.expiresAt,i),{}}catch(l){return l}})()},on=(e,n,s)=>(t,o,i,r=!1)=>{const a=(u,d=void 0,l=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(u,d,l);return new Promise((u,d)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const l=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const _=c.idToken,h=c.idTokenPayload;return a({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const w=g.tokens.idTokenPayload;if(h.sub===w.sub){const k=g.sessionState;e.checkSessionIFrame.start(g.sessionState),h.sid===w.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",k):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",k)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",w.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[,w]of Object.entries(n))await w.logoutOtherTabAsync(s.client_id,h.sub)})};e.checkSessionIFrame=new Ce(l,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),u(e.checkSessionIFrame)}).catch(c=>{d(c)})}else u(null)})},rn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),an=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const u=i[a];if(u.r.test(s)){o=u.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function cn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const ln=()=>{const{name:e,version:n}=cn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=an(navigator);return!rn(s)},un=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=B(e,e.tokens.expiresAt,i.extras);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=O(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Y(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=B(e,e.tokens.expiresAt,r.extras);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,a),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ee=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},_n=e=>{const n=Ee(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},H=e=>{const n=Ee(e),{search:s}=n;return fn(s)},fn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},dn=(e,n,s,t,o)=>(i=void 0,r=null,a=!1,u=void 0)=>{const d=r;return r={...r},(async()=>{const c=i||o.getPath();if("state"in r||(r.state=te(16)),s(m.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=a?n.silent_redirect_uri:n.redirect_uri;u||(u=n.scope);const h=n.extras?{...n.extras,...r}:r;h.nonce||(h.nonce=te(12));const g={nonce:h.nonce},w=await I(n,e),k=await t(n.authority,n.authority_configuration);let b;if(w)w.setLoginParams({callbackPath:c,extras:d}),await w.initAsync(k,"loginAsync",n),await w.setNonceAsync(g),w.startKeepAliveServiceWorker(),b=w;else{const A=O(e,n.storage??sessionStorage);A.setLoginParams({callbackPath:c,extras:d}),await A.setNonceAsync(g),b=A}const P={client_id:n.client_id,redirect_uri:_,scope:u,response_type:"code",...h};await Ze(b,o)(k.authorizationEndpoint,P)}catch(_){throw s(m.loginAsync_error,_),_}})()},hn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,a=await e.initAsync(i,s.authority_configuration),u=e.location.getCurrentHref(),l=H(u).session_state,c=await I(s,e.configurationName);let _,h,g,w;if(c)await c.initAsync(a,"loginCallbackAsync",s),await c.setSessionStateAsync(l),h=await c.getNonceAsync(),g=c.getLoginParams(),w=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const T=O(e.configurationName,s.storage??sessionStorage);await T.setSessionStateAsync(l),h=await T.getNonceAsync(),g=T.getLoginParams(),w=await T.getStateAsync(),_=T}const k=H(u);if(k.error||k.error_description)throw new Error(`Error from OIDC server: ${k.error} - ${k.error_description}`);if(k.iss&&k.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`);if(k.state&&k.state!==w)throw new Error(`State not valid (expected: ${w}, received: ${k.state})`);const b={code:k.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},P={};if(s.token_request_extras)for(const[T,q]of Object.entries(s.token_request_extras))P[T]=q;if(g&&g.extras)for(const[T,q]of Object.entries(g.extras))T.endsWith(":token_request")&&(P[T.replace(":token_request","")]=q);const A=a.tokenEndpoint,S={};if(s.demonstrating_proof_of_possession)if(c)S.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const T=await He(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await O(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(T),S.DPoP=await we(window)(s.demonstrating_proof_of_possession_configuration)(T,"POST",A)}const y=await en(_)(A,{...b,...P},S,e.configuration.token_renew_mode,r);if(!y.success)throw new Error("Token request failed");let x;const f=y.data.tokens,p=y.data.demonstratingProofOfPossessionNonce;if(y.data.state!==P.state)throw new Error("state is not valid");const{isValid:v,reason:R}=de(f,h.nonce,a);if(!v)throw new Error(`Tokens are not OpenID valid, reason: ${R}`);if(c){if(f.refreshToken&&!f.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(p&&f.accessToken&&f.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(a,"syncTokensAsync",s),x=c.getLoginParams(),p&&await c.setDemonstratingProofOfPossessionNonce(p);else{const T=O(e.configurationName,s.storage);x=T.getLoginParams(),p&&await T.setDemonstratingProofOfPossessionNonce(p)}return await e.startCheckSessionAsync(a.checkSessionIframe,t,l,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:f,state:"request.state",callbackPath:x.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Pe={access_token:"access_token",refresh_token:"refresh_token"},re=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},yn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},gn=e=>async n=>{M.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await O(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},kn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{var b,P;const a=e.configuration,u=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const d=i??o.getPath();let l=!1;i&&(l=i.includes("https://")||i.includes("http://"));const c=l?i:o.getOrigin()+d,_=e.tokens?e.tokens.idToken:"";try{const A=u.revocationEndpoint;if(A){const S=[],y=e.tokens?e.tokens.accessToken:null;if(y&&a.logout_tokens_to_invalidate.includes(Pe.access_token)){const f=re(r,":revoke_access_token"),p=Te(s)(A,y,oe.access_token,a.client_id,f);S.push(p)}const x=e.tokens?e.tokens.refreshToken:null;if(x&&a.logout_tokens_to_invalidate.includes(Pe.refresh_token)){const f=re(r,":revoke_refresh_token"),p=Te(s)(A,x,oe.refresh_token,a.client_id,f);S.push(p)}S.length>0&&await Promise.all(S)}}catch(A){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(A)}const h=((P=(b=e.tokens)==null?void 0:b.idTokenPayload)==null?void 0:P.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,h):e.publishEvent(m.logout_from_same_tab,{});const g=re(r,":oidc");if(g&&g.no_reload==="true")return;const k=yn(r);if(u.endSessionEndpoint){"id_token_hint"in k||(k.id_token_hint=_),!("post_logout_redirect_uri"in k)&&i!==null&&(k.post_logout_redirect_uri=c);let A="";for(const[S,y]of Object.entries(k))y!=null&&(A===""?A+="?":A+="&",A+=`${S}=${encodeURIComponent(y)}`);o.open(`${u.endSessionEndpoint}${A}`)}else o.reload()},Oe=(e,n,s=!1)=>async(...t)=>{var h;const[o,i,...r]=t,a=i?{...i}:{method:"GET"};let u=new Headers;a.headers&&(u=a.headers instanceof Headers?a.headers:new Headers(a.headers));const d={tokens:n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode},renewTokensAsync:n.renewTokensAsync.bind(n)},l=await fe(d),c=(h=l==null?void 0:l.tokens)==null?void 0:h.accessToken;if(u.has("Accept")||u.set("Accept","application/json"),c){if(n.configuration.demonstrating_proof_of_possession&&s){const g=await n.generateDemonstrationOfProofOfPossessionAsync(c,o.toString(),a.method);u.set("Authorization",`PoP ${c}`),u.set("DPoP",g)}else u.set("Authorization",`Bearer ${c}`);a.credentials||(a.credentials="same-origin")}const _={...a,headers:u};return await e(o,_,...r)},mn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,a=await(async()=>{const d=await Oe(fetch,e,s)(i);return d.status!==200?null:d.json()})();return e.userInfo=a,a},Ie=()=>fetch;class ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const D={},pn=(e,n=new W)=>(s,t="default")=>(D[t]||(D[t]=new N(s,t,e,n)),D[t]),wn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=B(e,n.expiresAt),{callbackPath:s}},An=e=>Math.floor(Math.random()*e),j=class j{constructor(n,s="default",t,o=new W){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new W;const a=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??K.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:a,service_worker_activate:n.service_worker_activate??ln,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ve,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ie,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=An(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(D,n)&&s)throw Error(`OIDC library does seem initialized.
2
- Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return D[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=H(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=H(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=un(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await on(this,D,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:i?tn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=dn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(j.eventNames.token_aquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await Se(n),...o};if(await I(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const u=O(this.configurationName,i.storage),d=await u.getDemonstratingProofOfPossessionJwkAsync(),l=u.getDemonstratingProofOfPossessionNonce();return l&&(r.nonce=l),await we(window)(i.demonstrating_proof_of_possession_configuration)(d,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=wn(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,s=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=mn(this)(n,s),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return M.clearTimeout(this.timeoutId),this.renewTokensPromise=be(this,!0,n),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await gn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=kn(this,D,this.getFetch(),console,this.location)(n,s),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};j.getOrCreate=(n,s)=>(t,o="default")=>pn(n,s)(t,o),j.eventNames=m;let N=j;const F=class F{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new F(N.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t,o)}async getValidTokenAsync(n=200,s=50){return fe(this._oidc,n,s)}fetchWithTokens(n,s=!1){return Oe(n,this._oidc,s)}async userInfoAsync(n=!1,s=!1){return this._oidc.userInfoAsync(n,s)}userInfo(){return this._oidc.userInfo}};F.getOrCreate=(n,s=new W)=>(t,o="default")=>new F(N.getOrCreate(n,s)(t,o)),F.eventNames=N.eventNames;let ce=F;C.OidcClient=ce,C.OidcLocation=W,C.TokenAutomaticRenewMode=K,C.TokenRenewMode=G,C.getFetchDefault=Ie,C.getParseQueryStringFromLocation=H,C.getPath=_n,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})});
1
+ (function(C,W){typeof exports=="object"&&typeof module<"u"?W(exports):typeof define=="function"&&define.amd?define(["exports"],W):(C=typeof globalThis<"u"?globalThis:C||self,W(C["oidc-client"]={}))})(this,function(C){"use strict";class W{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const le=2e3,$=console;class Ce{constructor(n,s,t,o=le,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||le,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?($.debug(n),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){$.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},P=(e,n=sessionStorage)=>{const s=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},i=async y=>{n[`oidc.session_state.${e}`]=y},r=async()=>n[`oidc.session_state.${e}`],a=y=>{n[`oidc.nonce.${e}`]=y.nonce},u=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},d=()=>JSON.parse(n[`oidc.jwk.${e}`]),l=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async y=>{n[`oidc.dpop_nonce.${e}`]=y},_=()=>n[`oidc.dpop_nonce.${e}`],h=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:l,setLoginParams:y=>{g[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(g[e]||(g[e]=JSON.parse(y)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:u,getDemonstratingProofOfPossessionJwkAsync:d}};var K=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(K||{});const Ne=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),xe=e=>JSON.parse(Ne(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&We(e,".")===2?xe(e.split(".")[1]):null}catch(n){console.warn(n)}return null},We=(e,n)=>e.split(n).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Le(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const Y=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,u=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Le(e,t,r);let d;e.expiresAt?d=e.expiresAt:s===G.access_token_invalid?d=u:s===G.id_token_invalid?d=a:d=a<u?a:u;const l={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:d,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...l,refreshToken:c}}return l},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),Y(t,n,s)},V=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=e=>e?V(0,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.tokens)return null;for(;!_e(e.tokens)&&t>0;){if(e.configuration.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await z({milliseconds:n});t=t-1}return{isTokensValid:_e(e.tokens),tokens:e.tokens,numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},M=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.22.20";let ye=null,X;const z=({milliseconds:e})=>new Promise(n=>M.setTimeout(n,e)),ge=(e="/")=>{try{X=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:X.signal}).catch(t=>{console.log(t)}),z({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},De=()=>{X&&X.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistration ${t?"successful":"failed"}`),await z({milliseconds:2e3}),e.reload()},E=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage(n,[o.port2])}),I=async(e,n)=>{const s=()=>{const f=sessionStorage.getItem(`oidc.tabId.${n}`);if(f)return f;const p=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${n}`,p),p},t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;let o=null;e.register?o=await e.service_worker_register(t):o=await navigator.serviceWorker.register(t);try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await E(o)({type:"claim"})}catch{return null}const i=async f=>E(o)({type:"clear",data:{status:f},configurationName:n}),r=async(f,p,v)=>{const R=await E(o)({type:"init",data:{oidcServerConfiguration:f,where:p,oidcConfiguration:{token_renew_mode:v.token_renew_mode,service_worker_convert_all_requests_to_cors:v.service_worker_convert_all_requests_to_cors}},configurationName:n,tabId:s()}),T=R.version;return T!==he&&(console.warn(`Service worker ${T} version mismatch with js client version ${he}, unregistering and reloading`),await v.service_worker_update_require_callback(o,De)),{tokens:ee(R.tokens,null,v.token_renew_mode),status:R.status}},a=(f="/")=>{ye==null&&(ye="not_null",ge(f))},u=f=>E(o)({type:"setSessionState",data:{sessionState:f},configurationName:n}),d=async()=>(await E(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,l=f=>{const p=s();return sessionStorage[`oidc.nonce.${n}`]=f.nonce,E(o)({type:"setNonce",data:{nonce:f},configurationName:n,tabId:p})},c=async()=>{const f=s();let v=(await E(o)({type:"getNonce",data:null,configurationName:n,tabId:f})).nonce;return v||(v=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:v}},_={};return{clearAsync:i,initAsync:r,startKeepAliveServiceWorker:()=>a(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:u,getSessionStateAsync:d,setNonceAsync:l,getNonceAsync:c,setLoginParams:f=>{_[n]=f,localStorage[`oidc.login.${n}`]=JSON.stringify(f)},getLoginParams:()=>{const f=localStorage[`oidc.login.${n}`];return _[n]||(_[n]=JSON.parse(f)),_[n]},getStateAsync:async()=>{const f=s();let v=(await E(o)({type:"getState",data:null,configurationName:n,tabId:f})).state;return v||(v=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),v},setStateAsync:async f=>{const p=s();return sessionStorage[`oidc.state.${n}`]=f,E(o)({type:"setState",data:{state:f},configurationName:n,tabId:p})},getCodeVerifierAsync:async()=>{const f=s();let v=(await E(o)({type:"getCodeVerifier",data:null,configurationName:n,tabId:f})).codeVerifier;return v||(v=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),v},setCodeVerifierAsync:async f=>{const p=s();return sessionStorage[`oidc.code_verifier.${n}`]=f,E(o)({type:"setCodeVerifier",data:{codeVerifier:f},configurationName:n,tabId:p})},setDemonstratingProofOfPossessionNonce:async f=>{await E(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:f},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await E(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async f=>{const p=JSON.stringify(f);await E(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:p},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const f=await E(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return f.demonstratingProofOfPossessionJwkJson?JSON.parse(f.demonstratingProofOfPossessionJwkJson):null}}},U={},Ke=(e,n=window.sessionStorage,s)=>{if(!U[e]&&n){const o=n.getItem(e);o&&(U[e]=JSON.parse(o))}const t=1e3*s;return U[e]&&U[e].timestamp+t>Date.now()?U[e].result:null},Ue=(e,n,s=window.sessionStorage)=>{const t=Date.now();U[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function ke(e){return new TextEncoder().encode(e)}function me(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Fe(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const ne=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),me(n)};function pe(e){return me(Fe(e))}const Ve={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Me={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:pe(JSON.stringify(s)),payload:pe(JSON.stringify(t))},a=o.importKeyAlgorithm,u=!0,d=["sign"],l=await e.crypto.subtle.importKey("jwk",n,a,u,d),c=ke(`${r.protected}.${r.payload}`),_=o.signAlgorithm,h=await e.crypto.subtle.sign(_,l,c);return r.signature=ne(new Uint8Array(h)),`${r.protected}.${r.payload}.${r.signature}`}},Je={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},Be={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,ke(t));return ne(new Uint8Array(o))}},He=e=>async n=>await Je.generate(e)(n),we=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(je()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await Be.thumbprint(e)(s,n.digestAlgorithm);return await Me.sign(e)(s,{kid:a},r,n)},je=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Ae=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",qe=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%se.length;n.push(se[t])}return n.join("")},te=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Ae();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*se.length|0;return qe(n)};function Ge(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function Se(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Ge(e)).then(t=>n(ne(new Uint8Array(t))),t=>s(t))})}const Ye=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Ae();return n?Se(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Xe=60*60,ze=e=>async(n,s=Xe,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Ke(r,t,s);if(a)return new ae(a);const u=await J(e)(i,{},o);if(u.status!==200)return null;const d=await u.json();return Ue(r,d,t),new ae(d)},J=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},Te=e=>async(n,s,t=oe.refresh_token,o,i={},r=1e4)=>{const a={token:s,token_type_hint:t,client_id:o};for(const[c,_]of Object.entries(i))a[c]===void 0&&(a[c]=_);const u=[];for(const c in a){const _=encodeURIComponent(c),h=encodeURIComponent(a[c]);u.push(`${_}=${h}`)}const d=u.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:d},r)).status!==200?{success:!1}:{success:!0}},Qe=e=>async(n,s,t,o,i={},r,a=1e4)=>{for(const[h,g]of Object.entries(t))s[h]===void 0&&(s[h]=g);const u=[];for(const h in s){const g=encodeURIComponent(h),w=encodeURIComponent(s[h]);u.push(`${g}=${w}`)}const d=u.join("&"),l=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:d},a);if(l.status!==200)return{success:!1,status:l.status,demonstratingProofOfPossessionNonce:null};const c=await l.json();let _=null;return l.headers.has(Q)&&(_=l.headers.get(Q)),{success:!0,status:l.status,data:ee(c,o,r),demonstratingProofOfPossessionNonce:_}},Ze=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Ye(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[a,u]of Object.entries(t))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(u)}`;n.open(`${s}${r}`)},Q="DPoP-Nonce",en=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const c in s){const _=encodeURIComponent(c),h=encodeURIComponent(s[c]);r.push(`${_}=${h}`)}const a=r.join("&"),u=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),u.status!==200)return{success:!1,status:u.status};let d=null;u.headers.has(Q)&&(d=u.headers.get(Q));const l=await u.json();return{success:!0,data:{state:s.state,tokens:ee(l,null,o),demonstratingProofOfPossessionNonce:d}}};async function ve(e,n,s){const t=a=>{e.tokens=a},{tokens:o,status:i}=await Z(e)(t,0,n,s);return await I(e.configuration,e.configurationName)||await P(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(i),null)}const nn=async(e,n)=>{const s=await I(n,e.configurationName);if(s){const t=await e.initAsync(n.authority,n.authority_configuration),{tokens:o}=await s.initAsync(t,"tryKeepExistingSessionAsync",n);return o}else{const t=P(e.configurationName,n.storage??sessionStorage);let{tokens:o}=await t.initAsync();return o=Y(o,e.tokens,n.token_renew_mode),o}};async function be(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let i;const r=await I(e.configuration,e.configurationName);return(t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!r?i=await ve(e,n,s):i=await navigator.locks.request(o,{ifAvailable:!0},async a=>a?await ve(e,n,s):(e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),await nn(e,t))),i?(e.timeoutId&&(e.timeoutId=B(e,e.tokens.expiresAt,s)),e.tokens):null}const B=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return M.setTimeout(async()=>{const i={timeLeft:V(t,n)};e.publishEvent(N.eventNames.token_timer,i),await be(e,!1,s)},1e3)},L={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),u=await I(n,s);if(u){const{status:c,tokens:_}=await u.initAsync(a,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!c||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const g=V(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",w=await u.getNonceAsync();return{tokens:_,status:g,nonce:w}}r=await u.getNonceAsync()}else{const c=P(s,n.storage??sessionStorage),_=await c.initAsync();let{tokens:h}=_;const{status:g}=_;if(h&&(h=Y(h,e.tokens,n.token_renew_mode)),h){if(g==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(h.issuedAt!==t.issuedAt){const k=V(n.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",b=await c.getNonceAsync();return{tokens:h,status:k,nonce:b}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await c.getNonceAsync()}const l=V(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:l,nonce:r}},Z=e=>async(n,s=0,t=!1,o=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let i=6;for(;!navigator.onLine&&i>0;)await z({milliseconds:1e3}),i--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${i}`});const r=s+1;o||(o={});const a=e.configuration,u=(l,c=null,_=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(l,c,_),d=async()=>{try{let l;const c=await I(a,e.configurationName);c?l=c.getLoginParams():l=P(e.configurationName,a.storage).getLoginParams();const _=await u({...l.extras,...o,prompt:"none"});return _?_.error?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(_.tokens),e.publishEvent(N.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}):(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),await Z(e)(n,r,t,o)}};try{const{status:l,tokens:c,nonce:_}=await sn(e)(a,e.configurationName,e.tokens,t);switch(l){case L.SESSION_LOST:return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case L.NOT_CONNECTED:return n(null),{tokens:null,status:null};case L.TOKENS_VALID:return n(c),{tokens:c,status:"LOGGED_IN"};case L.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(c),e.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:c,status:"LOGGED_IN"};case L.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case L.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted&&L.FORCE_REFRESH!==l?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:s}),await d());default:{if(a.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted&&L.FORCE_REFRESH!==l)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:c.refreshToken,status:l,tryNumber:s}),!c.refreshToken)return await d();const h=a.client_id,g=a.redirect_uri,w=a.authority,b={...a.token_request_extras?a.token_request_extras:{}};for(const[A,S]of Object.entries(o))A.endsWith(":token_request")&&(b[A.replace(":token_request","")]=S);return await(async()=>{const A={client_id:h,redirect_uri:g,grant_type:"refresh_token",refresh_token:c.refreshToken},S=await e.initAsync(w,a.authority_configuration),y=document.hidden?1e4:3e4*10,x=S.tokenEndpoint,f={};a.demonstrating_proof_of_possession&&(f.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(c.accessToken,x,"POST"));const p=await Qe(e.getFetch())(x,A,b,c,f,a.token_renew_mode,y);if(p.success){const{isValid:v,reason:R}=de(p.data,_.nonce,S);if(!v)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${R}`}),{tokens:null,status:"SESSION_LOST"};if(n(p.data),p.demonstratingProofOfPossessionNonce){const T=await I(a,e.configurationName);T?await T.setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce):await P(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:p.success}),e.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:p.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:p}),p.status>=400&&p.status<500?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${p.status}`}),{tokens:null,status:"SESSION_LOST"}):await Z(e)(n,r,t,o)})()}}}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),new Promise((c,_)=>{setTimeout(()=>{Z(e)(n,r,t,o).then(c).catch(_)},1e3)})}},ie=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[c,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(c)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;const a=n.silent_login_uri+r,u=a.indexOf("/",a.indexOf("//")+2),d=a.substring(0,u),l=document.createElement("iframe");return l.width="0px",l.height="0px",l.id=`${e}_oidc_iframe`,l.setAttribute("src",a),document.body.appendChild(l),new Promise((c,_)=>{let h=!1;const g=()=>{window.removeEventListener("message",w),l.remove(),h=!0},w=k=>{if(k.origin===d&&k.source===l.contentWindow){const b=`${e}_oidc_tokens:`,O=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,S=k.data;if(S&&typeof S=="string"&&!h){if(S.startsWith(b)){const y=JSON.parse(k.data.replace(b,""));s(m.silentLoginAsync_end,{}),c(y),g()}else if(S.startsWith(O)){const y=JSON.parse(k.data.replace(O,""));s(m.silentLoginAsync_error,y),c({error:"oidc_"+y.error,tokens:null,sessionState:null}),g()}else if(S.startsWith(A)){const y=JSON.parse(k.data.replace(A,""));s(m.silentLoginAsync_error,y),_(new Error(y.error)),g()}}}};try{window.addEventListener("message",w);const k=n.silent_login_timeout;setTimeout(()=>{h||(g(),s(m.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},k)}catch(k){g(),s(m.silentLoginAsync_error,k),_(k)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},tn=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const a=(d,l,c)=>ie(n,s,t.bind(o))(d,l,c);return(async()=>{o.timeoutId&&M.clearTimeout(o.timeoutId);let d;i&&"state"in i&&(d=i.state,delete i.state);try{const l=s.extras?{...s.extras,...i}:i,c=await a({...l,prompt:"none"},d,r);if(c)return o.tokens=c.tokens,t(m.token_acquired,{}),o.timeoutId=B(o,o.tokens.expiresAt,i),{}}catch(l){return l}})()},on=(e,n,s)=>(t,o,i,r=!1)=>{const a=(u,d=void 0,l=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(u,d,l);return new Promise((u,d)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const l=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const _=c.idToken,h=c.idTokenPayload;return a({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const w=g.tokens.idTokenPayload;if(h.sub===w.sub){const k=g.sessionState;e.checkSessionIFrame.start(g.sessionState),h.sid===w.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",k):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",k)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",w.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[,w]of Object.entries(n))await w.logoutOtherTabAsync(s.client_id,h.sub)})};e.checkSessionIFrame=new Ce(l,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),u(e.checkSessionIFrame)}).catch(c=>{d(c)})}else u(null)})},rn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),an=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const u=i[a];if(u.r.test(s)){o=u.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function cn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const ln=()=>{const{name:e,version:n}=cn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=an(navigator);return!rn(s)},un=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=B(e,e.tokens.expiresAt,i.extras);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=P(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Y(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=B(e,e.tokens.expiresAt,r.extras);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,a),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ee=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},_n=e=>{const n=Ee(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},H=e=>{const n=Ee(e),{search:s}=n;return fn(s)},fn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},dn=(e,n,s,t,o)=>(i=void 0,r=null,a=!1,u=void 0)=>{const d=r;return r={...r},(async()=>{const c=i||o.getPath();if("state"in r||(r.state=te(16)),s(m.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=a?n.silent_redirect_uri:n.redirect_uri;u||(u=n.scope);const h=n.extras?{...n.extras,...r}:r;h.nonce||(h.nonce=te(12));const g={nonce:h.nonce},w=await I(n,e),k=await t(n.authority,n.authority_configuration);let b;if(w)w.setLoginParams({callbackPath:c,extras:d}),await w.initAsync(k,"loginAsync",n),await w.setNonceAsync(g),w.startKeepAliveServiceWorker(),b=w;else{const A=P(e,n.storage??sessionStorage);A.setLoginParams({callbackPath:c,extras:d}),await A.setNonceAsync(g),b=A}const O={client_id:n.client_id,redirect_uri:_,scope:u,response_type:"code",...h};await Ze(b,o)(k.authorizationEndpoint,O)}catch(_){throw s(m.loginAsync_error,_),_}})()},hn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,a=await e.initAsync(i,s.authority_configuration),u=e.location.getCurrentHref(),l=H(u).session_state,c=await I(s,e.configurationName);let _,h,g,w;if(c)await c.initAsync(a,"loginCallbackAsync",s),await c.setSessionStateAsync(l),h=await c.getNonceAsync(),g=c.getLoginParams(),w=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const T=P(e.configurationName,s.storage??sessionStorage);await T.setSessionStateAsync(l),h=await T.getNonceAsync(),g=T.getLoginParams(),w=await T.getStateAsync(),_=T}const k=H(u);if(k.error||k.error_description)throw new Error(`Error from OIDC server: ${k.error} - ${k.error_description}`);if(k.iss&&k.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`);if(k.state&&k.state!==w)throw new Error(`State not valid (expected: ${w}, received: ${k.state})`);const b={code:k.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},O={};if(s.token_request_extras)for(const[T,q]of Object.entries(s.token_request_extras))O[T]=q;if(g!=null&&g.extras)for(const[T,q]of Object.entries(g.extras))T.endsWith(":token_request")&&(O[T.replace(":token_request","")]=q);const A=a.tokenEndpoint,S={};if(s.demonstrating_proof_of_possession)if(c)S.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const T=await He(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await P(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(T),S.DPoP=await we(window)(s.demonstrating_proof_of_possession_configuration)(T,"POST",A)}const y=await en(_)(A,{...b,...O},S,e.configuration.token_renew_mode,r);if(!y.success)throw new Error("Token request failed");let x;const f=y.data.tokens,p=y.data.demonstratingProofOfPossessionNonce;if(y.data.state!==O.state)throw new Error("state is not valid");const{isValid:v,reason:R}=de(f,h.nonce,a);if(!v)throw new Error(`Tokens are not OpenID valid, reason: ${R}`);if(c){if(f.refreshToken&&!f.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(p&&(f!=null&&f.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(a,"syncTokensAsync",s),x=c.getLoginParams(),p&&await c.setDemonstratingProofOfPossessionNonce(p);else{const T=P(e.configurationName,s.storage);x=T.getLoginParams(),p&&await T.setDemonstratingProofOfPossessionNonce(p)}return await e.startCheckSessionAsync(a.checkSessionIframe,t,l,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:f,state:"request.state",callbackPath:x.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Oe={access_token:"access_token",refresh_token:"refresh_token"},re=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},yn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},gn=e=>async n=>{M.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await P(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},kn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{var b,O;const a=e.configuration,u=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const d=i??o.getPath();let l=!1;i&&(l=i.includes("https://")||i.includes("http://"));const c=l?i:o.getOrigin()+d,_=e.tokens?e.tokens.idToken:"";try{const A=u.revocationEndpoint;if(A){const S=[],y=e.tokens?e.tokens.accessToken:null;if(y&&a.logout_tokens_to_invalidate.includes(Oe.access_token)){const f=re(r,":revoke_access_token"),p=Te(s)(A,y,oe.access_token,a.client_id,f);S.push(p)}const x=e.tokens?e.tokens.refreshToken:null;if(x&&a.logout_tokens_to_invalidate.includes(Oe.refresh_token)){const f=re(r,":revoke_refresh_token"),p=Te(s)(A,x,oe.refresh_token,a.client_id,f);S.push(p)}S.length>0&&await Promise.all(S)}}catch(A){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(A)}const h=((O=(b=e.tokens)==null?void 0:b.idTokenPayload)==null?void 0:O.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,h):e.publishEvent(m.logout_from_same_tab,{});const g=re(r,":oidc");if(g&&g.no_reload==="true")return;const k=yn(r);if(u.endSessionEndpoint){"id_token_hint"in k||(k.id_token_hint=_),!("post_logout_redirect_uri"in k)&&i!==null&&(k.post_logout_redirect_uri=c);let A="";for(const[S,y]of Object.entries(k))y!=null&&(A===""?A+="?":A+="&",A+=`${S}=${encodeURIComponent(y)}`);o.open(`${u.endSessionEndpoint}${A}`)}else o.reload()},Pe=(e,n,s=!1)=>async(...t)=>{var h;const[o,i,...r]=t,a=i?{...i}:{method:"GET"};let u=new Headers;a.headers&&(u=a.headers instanceof Headers?a.headers:new Headers(a.headers));const d={tokens:n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode},renewTokensAsync:n.renewTokensAsync.bind(n)},l=await fe(d),c=(h=l==null?void 0:l.tokens)==null?void 0:h.accessToken;if(u.has("Accept")||u.set("Accept","application/json"),c){if(n.configuration.demonstrating_proof_of_possession&&s){const g=await n.generateDemonstrationOfProofOfPossessionAsync(c,o.toString(),a.method);u.set("Authorization",`PoP ${c}`),u.set("DPoP",g)}else u.set("Authorization",`Bearer ${c}`);a.credentials||(a.credentials="same-origin")}const _={...a,headers:u};return await e(o,_,...r)},mn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,a=await(async()=>{const d=await Pe(fetch,e,s)(i);return d.status!==200?null:d.json()})();return e.userInfo=a,a},Ie=()=>fetch;class ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const D={},pn=(e,n=new W)=>(s,t="default")=>(D[t]||(D[t]=new N(s,t,e,n)),D[t]),wn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=B(e,n.expiresAt),{callbackPath:s}},An=e=>Math.floor(Math.random()*e),j=class j{constructor(n,s="default",t,o=new W){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new W;const a=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??K.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:a,service_worker_activate:n.service_worker_activate??ln,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Ve,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ie,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=An(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(D,n)&&s)throw Error(`OIDC library does seem initialized.
2
+ Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return D[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=H(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=H(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=un(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await on(this,D,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:i?tn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=dn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(j.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await Se(n),...o};if(await I(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const u=P(this.configurationName,i.storage),d=await u.getDemonstratingProofOfPossessionJwkAsync(),l=u.getDemonstratingProofOfPossessionNonce();return l&&(r.nonce=l),await we(window)(i.demonstrating_proof_of_possession_configuration)(d,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=wn(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,s=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=mn(this)(n,s),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return M.clearTimeout(this.timeoutId),this.renewTokensPromise=be(this,!0,n),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await gn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=kn(this,D,this.getFetch(),console,this.location)(n,s),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};j.getOrCreate=(n,s)=>(t,o="default")=>pn(n,s)(t,o),j.eventNames=m;let N=j;const F=class F{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new F(N.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t,o)}async getValidTokenAsync(n=200,s=50){return fe(this._oidc,n,s)}fetchWithTokens(n,s=!1){return Pe(n,this._oidc,s)}async userInfoAsync(n=!1,s=!1){return this._oidc.userInfoAsync(n,s)}userInfo(){return this._oidc.userInfo}};F.getOrCreate=(n,s=new W)=>(t,o="default")=>new F(N.getOrCreate(n,s)(t,o)),F.eventNames=N.eventNames;let ce=F;C.OidcClient=ce,C.OidcLocation=W,C.TokenAutomaticRenewMode=K,C.TokenRenewMode=G,C.getFetchDefault=Ie,C.getParseQueryStringFromLocation=H,C.getPath=_n,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})});
package/dist/login.d.ts CHANGED
@@ -2,7 +2,8 @@ import { ILOidcLocation } from './location';
2
2
  import { default as Oidc } from './oidc';
3
3
  import { OidcConfiguration, StringMap } from './types.js';
4
4
 
5
- export declare const defaultLoginAsync: (configurationName: string, configuration: OidcConfiguration, publishEvent: (string, any) => void, initAsync: Function, oidcLocation: ILOidcLocation) => (callbackPath?: string, extras?: StringMap, isSilentSignin?: boolean, scope?: string) => Promise<void>;
5
+ export type InitAsyncFunction = (authority: string, authorityConfiguration: any) => Promise<any>;
6
+ export declare const defaultLoginAsync: (configurationName: string, configuration: OidcConfiguration, publishEvent: (string, any) => void, initAsync: InitAsyncFunction, oidcLocation: ILOidcLocation) => (callbackPath?: string, extras?: StringMap, isSilentSignin?: boolean, scope?: string) => Promise<void>;
6
7
  export declare const loginCallbackAsync: (oidc: Oidc) => (isSilentSignin?: boolean) => Promise<{
7
8
  tokens: import('./parseTokens.js').Tokens;
8
9
  state: string;
package/dist/login.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../src/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,IAAI,MAAM,QAAQ,CAAC;AAI1B,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAG1D,eAAO,MAAM,iBAAiB,sBAEP,MAAM,iBACV,iBAAiB,gBAClB,CAAC,MAAM,EAAE,GAAG,KAAK,IAAI,aACxB,QAAQ,gBACL,cAAc,qBAGd,MAAM,WACZ,SAAS,oCAEV,MAAM,kBAqEd,CAAC;AAEJ,eAAO,MAAM,kBAAkB,SACtB,IAAI;;;;EAoLV,CAAC"}
1
+ {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../src/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,IAAI,MAAM,QAAQ,CAAC;AAI1B,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,MAAM,iBAAiB,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;AAEjG,eAAO,MAAM,iBAAiB,sBAEP,MAAM,iBACV,iBAAiB,gBAClB,CAAC,MAAM,EAAE,GAAG,KAAK,IAAI,aACxB,iBAAiB,gBACd,cAAc,qBAGd,MAAM,WACZ,SAAS,oCAEV,MAAM,kBAqEd,CAAC;AAEJ,eAAO,MAAM,kBAAkB,SACtB,IAAI;;;;EAmLV,CAAC"}
package/dist/oidc.d.ts CHANGED
@@ -43,7 +43,7 @@ export declare class Oidc {
43
43
  static get(name?: string): any;
44
44
  static eventNames: {
45
45
  service_worker_not_supported_by_browser: string;
46
- token_aquired: string;
46
+ token_acquired: string;
47
47
  logout_from_another_tab: string;
48
48
  logout_from_same_tab: string;
49
49
  token_renewed: string;
package/dist/oidcClient.d.ts CHANGED
@@ -16,7 +16,7 @@ export declare class OidcClient {
16
16
  static get(name?: string): OidcClient;
17
17
  static eventNames: {
18
18
  service_worker_not_supported_by_browser: string;
19
- token_aquired: string;
19
+ token_acquired: string;
20
20
  logout_from_another_tab: string;
21
21
  logout_from_same_tab: string;
22
22
  token_renewed: string;
package/dist/silentLogin.d.ts CHANGED
@@ -6,7 +6,8 @@ export type SilentLoginResponse = {
6
6
  sessionState: string;
7
7
  error: string;
8
8
  };
9
- export declare const _silentLoginAsync: (configurationName: string, configuration: OidcConfiguration, publishEvent: Function) => (extras?: StringMap, state?: string, scope?: string) => Promise<SilentLoginResponse>;
9
+ export type PublishEventFunction = (eventName: string, eventData: any) => void;
10
+ export declare const _silentLoginAsync: (configurationName: string, configuration: OidcConfiguration, publishEvent: PublishEventFunction) => (extras?: StringMap, state?: string, scope?: string) => Promise<SilentLoginResponse>;
10
11
  export declare const defaultSilentLoginAsync: (window: any, configurationName: any, configuration: OidcConfiguration, publishEvent: (string, any) => void, oidc: any) => (extras?: StringMap, scope?: string) => Promise<unknown>;
11
12
  export default defaultSilentLoginAsync;
12
13
  //# sourceMappingURL=silentLogin.d.ts.map
package/dist/silentLogin.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"silentLogin.d.ts","sourceRoot":"","sources":["../src/silentLogin.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAG1C,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC1D,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAGF,eAAO,MAAM,iBAAiB,sBACR,MAAM,iBAAiB,iBAAiB,gBAAgB,QAAQ,eAE1E,SAAS,UACV,MAAM,UACN,MAAM,KACZ,QAAQ,mBAAmB,CAsG7B,CAAC;AAEJ,eAAO,MAAM,uBAAuB,uDAIjB,iBAAiB,gBAClB,CAAC,MAAM,EAAE,GAAG,KAAK,IAAI,QAC7B,GAAG,eAEF,SAAS,UAAgB,MAAM,qBA6CvC,CAAC;AAEJ,eAAe,uBAAuB,CAAC"}
1
+ {"version":3,"file":"silentLogin.d.ts","sourceRoot":"","sources":["../src/silentLogin.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAG1C,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC1D,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,KAAK,IAAI,CAAC;AAE/E,eAAO,MAAM,iBAAiB,sBAEP,MAAM,iBACV,iBAAiB,gBAClB,oBAAoB,eAG1B,SAAS,UACV,MAAM,UACN,MAAM,KACZ,QAAQ,mBAAmB,CAsG7B,CAAC;AAEJ,eAAO,MAAM,uBAAuB,uDAIjB,iBAAiB,gBAClB,CAAC,MAAM,EAAE,GAAG,KAAK,IAAI,QAC7B,GAAG,eAEF,SAAS,UAAgB,MAAM,qBA6CvC,CAAC;AAEJ,eAAe,uBAAuB,CAAC"}
package/dist/version.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- declare const _default: "7.22.19";
1
+ declare const _default: "7.22.20";
2
2
  export default _default;
3
3
  //# sourceMappingURL=version.d.ts.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client",
3
- "version": "7.22.19",
3
+ "version": "7.22.20",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
20
20
  "url": "https://github.com/AxaFrance/oidc-client.git"
21
21
  },
22
22
  "dependencies": {
23
- "@axa-fr/oidc-client-service-worker": "7.22.19"
23
+ "@axa-fr/oidc-client-service-worker": "7.22.20"
24
24
  },
25
25
  "devDependencies": {
26
26
  "@testing-library/dom": "10.1.0",
package/src/events.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  export const eventNames = {
2
2
  service_worker_not_supported_by_browser: 'service_worker_not_supported_by_browser',
3
- token_aquired: 'token_aquired',
3
+ token_acquired: 'token_acquired',
4
4
  logout_from_another_tab: 'logout_from_another_tab',
5
5
  logout_from_same_tab: 'logout_from_same_tab',
6
6
  token_renewed: 'token_renewed',
package/src/fetch.ts CHANGED
@@ -1,14 +1,10 @@
1
1
  import Oidc from './oidc';
2
- import {getValidTokenAsync, OidcToken, Tokens} from './parseTokens';
3
- import {Fetch, StringMap, TokenAutomaticRenewMode} from './types';
2
+ import { getValidTokenAsync, OidcToken } from './parseTokens';
3
+ import { Fetch } from './types';
4
4
 
5
5
  // @ts-ignore
6
6
  export const fetchWithTokens =
7
- (
8
- fetch: Fetch,
9
- oidc: Oidc | null,
10
- demonstrating_proof_of_possession: boolean = false,
11
- ): Fetch =>
7
+ (fetch: Fetch, oidc: Oidc | null, demonstrating_proof_of_possession: boolean = false): Fetch =>
12
8
  async (...params: Parameters<Fetch>): Promise<Response> => {
13
9
  const [url, options, ...rest] = params;
14
10
  const optionTmp = options ? { ...options } : { method: 'GET' };
@@ -18,12 +14,12 @@ export const fetchWithTokens =
18
14
  ? new Headers(optionTmp.headers)
19
15
  : optionTmp.headers;
20
16
  }
21
-
22
- const oidcToken : OidcToken = {
17
+
18
+ const oidcToken: OidcToken = {
23
19
  tokens: oidc.tokens,
24
20
  configuration: { token_automatic_renew_mode: oidc.configuration.token_automatic_renew_mode },
25
21
  renewTokensAsync: oidc.renewTokensAsync.bind(oidc),
26
- }
22
+ };
27
23
 
28
24
  // @ts-ignore
29
25
  const getValidToken = await getValidTokenAsync(oidcToken);
package/src/initWorker.ts CHANGED
@@ -63,7 +63,7 @@ const sendMessageAsync =
63
63
  return new Promise(function (resolve, reject) {
64
64
  const messageChannel = new MessageChannel();
65
65
  messageChannel.port1.onmessage = function (event) {
66
- if (event.data && event.data.error) {
66
+ if (event?.data.error) {
67
67
  reject(event.data.error);
68
68
  } else {
69
69
  resolve(event.data);
package/src/login.ts CHANGED
@@ -10,13 +10,14 @@ import { performAuthorizationRequestAsync, performFirstTokenRequestAsync } from
10
10
  import { getParseQueryStringFromLocation } from './route-utils.js';
11
11
  import { OidcConfiguration, StringMap } from './types.js';
12
12
 
13
- // eslint-disable-next-line @typescript-eslint/ban-types
13
+ export type InitAsyncFunction = (authority: string, authorityConfiguration: any) => Promise<any>;
14
+
14
15
  export const defaultLoginAsync =
15
16
  (
16
17
  configurationName: string,
17
18
  configuration: OidcConfiguration,
18
19
  publishEvent: (string, any) => void,
19
- initAsync: Function,
20
+ initAsync: InitAsyncFunction,
20
21
  oidcLocation: ILOidcLocation,
21
22
  ) =>
22
23
  (
@@ -168,7 +169,7 @@ export const loginCallbackAsync =
168
169
  extras[key] = value;
169
170
  }
170
171
  }
171
- if (getLoginParams && getLoginParams.extras) {
172
+ if (getLoginParams?.extras) {
172
173
  for (const [key, value] of Object.entries(getLoginParams.extras)) {
173
174
  if (key.endsWith(':token_request')) {
174
175
  extras[key.replace(':token_request', '')] = value;
@@ -233,8 +234,7 @@ export const loginCallbackAsync =
233
234
 
234
235
  if (
235
236
  demonstratingProofOfPossessionNonce &&
236
- formattedTokens.accessToken &&
237
- formattedTokens.accessToken.includes('SECURED_BY_OIDC_SERVICE_WORKER')
237
+ formattedTokens?.accessToken.includes('SECURED_BY_OIDC_SERVICE_WORKER')
238
238
  ) {
239
239
  throw new Error(
240
240
  'Demonstration of proof of possession require Access token not hidden by service worker',
package/src/oidc.ts CHANGED
@@ -349,7 +349,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
349
349
  const session = initSession(this.configurationName, this.configuration.storage);
350
350
  session.setTokens(parsedTokens);
351
351
  }
352
- this.publishEvent(Oidc.eventNames.token_aquired, parsedTokens);
352
+ this.publishEvent(Oidc.eventNames.token_acquired, parsedTokens);
353
353
  if (this.configuration.preload_user_info) {
354
354
  await this.userInfoAsync();
355
355
  }
package/src/renewTokens.ts CHANGED
@@ -13,10 +13,10 @@ async function syncTokens(oidc: Oidc, forceRefresh: boolean, extras: StringMap)
13
13
  oidc.tokens = tokens;
14
14
  };
15
15
  const { tokens, status } = await synchroniseTokensAsync(oidc)(
16
+ updateTokens,
16
17
  0,
17
18
  forceRefresh,
18
19
  extras,
19
- updateTokens,
20
20
  );
21
21
 
22
22
  const serviceWorker = await initWorkerAsync(oidc.configuration, oidc.configurationName);
@@ -200,7 +200,7 @@ export const syncTokensInfoAsync =
200
200
 
201
201
  const synchroniseTokensAsync =
202
202
  (oidc: Oidc) =>
203
- async (index = 0, forceRefresh = false, extras: StringMap = null, updateTokens) => {
203
+ async (updateTokens, index = 0, forceRefresh = false, extras: StringMap = null) => {
204
204
  if (!navigator.onLine && document.hidden) {
205
205
  return { tokens: oidc.tokens, status: 'GIVE_UP' };
206
206
  }
@@ -264,7 +264,7 @@ const synchroniseTokensAsync =
264
264
  message: 'exceptionSilent',
265
265
  exception: exceptionSilent.message,
266
266
  });
267
- return await synchroniseTokensAsync(oidc)(nextIndex, forceRefresh, extras, updateTokens);
267
+ return await synchroniseTokensAsync(oidc)(updateTokens, nextIndex, forceRefresh, extras);
268
268
  }
269
269
  };
270
270
 
@@ -422,10 +422,10 @@ const synchroniseTokensAsync =
422
422
  }
423
423
 
424
424
  return await synchroniseTokensAsync(oidc)(
425
+ updateTokens,
425
426
  nextIndex,
426
427
  forceRefresh,
427
428
  extras,
428
- updateTokens,
429
429
  );
430
430
  }
431
431
  };
@@ -443,7 +443,7 @@ const synchroniseTokensAsync =
443
443
  // so we need to brake calls chain and delay next call
444
444
  return new Promise((resolve, reject) => {
445
445
  setTimeout(() => {
446
- synchroniseTokensAsync(oidc)(nextIndex, forceRefresh, extras, updateTokens)
446
+ synchroniseTokensAsync(oidc)(updateTokens, nextIndex, forceRefresh, extras)
447
447
  .then(resolve)
448
448
  .catch(reject);
449
449
  }, 1000);
package/src/silentLogin.ts CHANGED
@@ -9,9 +9,14 @@ export type SilentLoginResponse = {
9
9
  error: string;
10
10
  };
11
11
 
12
- // eslint-disable-next-line @typescript-eslint/ban-types
12
+ export type PublishEventFunction = (eventName: string, eventData: any) => void;
13
+
13
14
  export const _silentLoginAsync =
14
- (configurationName: string, configuration: OidcConfiguration, publishEvent: Function) =>
15
+ (
16
+ configurationName: string,
17
+ configuration: OidcConfiguration,
18
+ publishEvent: PublishEventFunction,
19
+ ) =>
15
20
  (
16
21
  extras: StringMap = null,
17
22
  state: string = null,
@@ -163,7 +168,7 @@ export const defaultSilentLoginAsync =
163
168
 
164
169
  if (silentResult) {
165
170
  oidc.tokens = silentResult.tokens;
166
- publishEvent(eventNames.token_aquired, {});
171
+ publishEvent(eventNames.token_acquired, {});
167
172
  // @ts-ignore
168
173
  oidc.timeoutId = autoRenewTokens(oidc, oidc.tokens.expiresAt, extras);
169
174
  return {};
package/src/version.ts CHANGED
@@ -1 +1 @@
1
- export default '7.22.19';
1
+ export default '7.22.20';