@axa-fr/oidc-client 7.22.21 → 7.22.22-alpha.1539
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +378 -395
- package/dist/index.umd.cjs +2 -2
- package/dist/initWorker.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/initWorker.ts +15 -26
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -77,52 +77,52 @@ const m = {
|
|
|
77
77
|
syncTokensAsync_error: "syncTokensAsync_error",
|
|
78
78
|
tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
|
|
79
79
|
}, P = (e, s = sessionStorage) => {
|
|
80
|
-
const n = (
|
|
80
|
+
const n = (h) => (s[`oidc.${e}`] = JSON.stringify({ tokens: null, status: h }), Promise.resolve()), t = async () => {
|
|
81
81
|
if (!s[`oidc.${e}`])
|
|
82
82
|
return s[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
|
|
83
|
-
const
|
|
84
|
-
return Promise.resolve({ tokens:
|
|
85
|
-
}, o = (
|
|
86
|
-
s[`oidc.${e}`] = JSON.stringify({ tokens:
|
|
87
|
-
}, i = async (
|
|
88
|
-
s[`oidc.session_state.${e}`] =
|
|
89
|
-
}, r = async () => s[`oidc.session_state.${e}`], a = (
|
|
90
|
-
s[`oidc.nonce.${e}`] =
|
|
91
|
-
}, u = (
|
|
92
|
-
s[`oidc.jwk.${e}`] = JSON.stringify(
|
|
93
|
-
},
|
|
94
|
-
s[`oidc.dpop_nonce.${e}`] =
|
|
95
|
-
}, _ = () => s[`oidc.dpop_nonce.${e}`],
|
|
83
|
+
const h = JSON.parse(s[`oidc.${e}`]);
|
|
84
|
+
return Promise.resolve({ tokens: h.tokens, status: h.status });
|
|
85
|
+
}, o = (h) => {
|
|
86
|
+
s[`oidc.${e}`] = JSON.stringify({ tokens: h });
|
|
87
|
+
}, i = async (h) => {
|
|
88
|
+
s[`oidc.session_state.${e}`] = h;
|
|
89
|
+
}, r = async () => s[`oidc.session_state.${e}`], a = (h) => {
|
|
90
|
+
s[`oidc.nonce.${e}`] = h.nonce;
|
|
91
|
+
}, u = (h) => {
|
|
92
|
+
s[`oidc.jwk.${e}`] = JSON.stringify(h);
|
|
93
|
+
}, f = () => JSON.parse(s[`oidc.jwk.${e}`]), l = async () => ({ nonce: s[`oidc.nonce.${e}`] }), c = async (h) => {
|
|
94
|
+
s[`oidc.dpop_nonce.${e}`] = h;
|
|
95
|
+
}, _ = () => s[`oidc.dpop_nonce.${e}`], d = () => s[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(s[`oidc.${e}`]).tokens }) : null, y = {};
|
|
96
96
|
return {
|
|
97
97
|
clearAsync: n,
|
|
98
98
|
initAsync: t,
|
|
99
99
|
setTokens: o,
|
|
100
|
-
getTokens:
|
|
100
|
+
getTokens: d,
|
|
101
101
|
setSessionStateAsync: i,
|
|
102
102
|
getSessionStateAsync: r,
|
|
103
103
|
setNonceAsync: a,
|
|
104
104
|
getNonceAsync: l,
|
|
105
|
-
setLoginParams: (
|
|
106
|
-
|
|
105
|
+
setLoginParams: (h) => {
|
|
106
|
+
y[e] = h, s[`oidc.login.${e}`] = JSON.stringify(h);
|
|
107
107
|
},
|
|
108
108
|
getLoginParams: () => {
|
|
109
|
-
const
|
|
110
|
-
return
|
|
109
|
+
const h = s[`oidc.login.${e}`];
|
|
110
|
+
return h ? (y[e] || (y[e] = JSON.parse(h)), y[e]) : (console.warn(
|
|
111
111
|
`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`
|
|
112
112
|
), null);
|
|
113
113
|
},
|
|
114
114
|
getStateAsync: async () => s[`oidc.state.${e}`],
|
|
115
|
-
setStateAsync: async (
|
|
116
|
-
s[`oidc.state.${e}`] =
|
|
115
|
+
setStateAsync: async (h) => {
|
|
116
|
+
s[`oidc.state.${e}`] = h;
|
|
117
117
|
},
|
|
118
118
|
getCodeVerifierAsync: async () => s[`oidc.code_verifier.${e}`],
|
|
119
|
-
setCodeVerifierAsync: async (
|
|
120
|
-
s[`oidc.code_verifier.${e}`] =
|
|
119
|
+
setCodeVerifierAsync: async (h) => {
|
|
120
|
+
s[`oidc.code_verifier.${e}`] = h;
|
|
121
121
|
},
|
|
122
122
|
setDemonstratingProofOfPossessionNonce: c,
|
|
123
123
|
getDemonstratingProofOfPossessionNonce: _,
|
|
124
124
|
setDemonstratingProofOfPossessionJwkAsync: u,
|
|
125
|
-
getDemonstratingProofOfPossessionJwkAsync:
|
|
125
|
+
getDemonstratingProofOfPossessionJwkAsync: f
|
|
126
126
|
};
|
|
127
127
|
};
|
|
128
128
|
var V = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(V || {});
|
|
@@ -158,13 +158,13 @@ const X = (e, s = null, n) => {
|
|
|
158
158
|
s != null && "idToken" in s && !("idToken" in e) ? i = s.idToken : i = e.idToken;
|
|
159
159
|
const r = e.idTokenPayload ? e.idTokenPayload : ce(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, u = t && t.exp ? t.exp : e.issuedAt + o;
|
|
160
160
|
e.issuedAt = xe(e, t, r);
|
|
161
|
-
let
|
|
162
|
-
e.expiresAt ?
|
|
161
|
+
let f;
|
|
162
|
+
e.expiresAt ? f = e.expiresAt : n === Z.access_token_invalid ? f = u : n === Z.id_token_invalid ? f = a : f = a < u ? a : u;
|
|
163
163
|
const l = {
|
|
164
164
|
...e,
|
|
165
165
|
idTokenPayload: r,
|
|
166
166
|
accessTokenPayload: t,
|
|
167
|
-
expiresAt:
|
|
167
|
+
expiresAt: f,
|
|
168
168
|
idToken: i
|
|
169
169
|
};
|
|
170
170
|
if (s != null && "refreshToken" in s && !("refreshToken" in e)) {
|
|
@@ -243,7 +243,7 @@ const X = (e, s = null, n) => {
|
|
|
243
243
|
setInterval: setInterval.bind(e),
|
|
244
244
|
clearInterval: clearInterval.bind(e)
|
|
245
245
|
};
|
|
246
|
-
}(), ue = "7.22.
|
|
246
|
+
}(), ue = "7.22.22-alpha.1539";
|
|
247
247
|
let _e = null, j;
|
|
248
248
|
const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe = (e = "/") => {
|
|
249
249
|
try {
|
|
@@ -268,167 +268,150 @@ const z = ({ milliseconds: e }) => new Promise((s) => M.setTimeout(s, e)), pe =
|
|
|
268
268
|
n(), await s.update();
|
|
269
269
|
const t = await s.unregister();
|
|
270
270
|
console.log(`Service worker unregistration ${t ? "successful" : "failed"}`), await z({ milliseconds: 2e3 }), e.reload();
|
|
271
|
+
}, Re = (e) => {
|
|
272
|
+
const s = sessionStorage.getItem(`oidc.tabId.${e}`);
|
|
273
|
+
if (s)
|
|
274
|
+
return s;
|
|
275
|
+
const n = globalThis.crypto.randomUUID();
|
|
276
|
+
return sessionStorage.setItem(`oidc.tabId.${e}`, n), n;
|
|
271
277
|
}, O = (e) => (s) => new Promise(function(n, t) {
|
|
272
278
|
const o = new MessageChannel();
|
|
273
279
|
o.port1.onmessage = function(i) {
|
|
274
280
|
i != null && i.data.error ? t(i.data.error) : n(i.data), o.port1.close(), o.port2.close();
|
|
275
|
-
}, e.active.postMessage(s,
|
|
281
|
+
}, e.active.postMessage({ ...s, tabId: Re(s.configurationName) }, [
|
|
282
|
+
o.port2
|
|
283
|
+
]);
|
|
276
284
|
}), I = async (e, s) => {
|
|
277
|
-
const n =
|
|
278
|
-
|
|
279
|
-
if (f)
|
|
280
|
-
return f;
|
|
281
|
-
const p = globalThis.crypto.randomUUID();
|
|
282
|
-
return sessionStorage.setItem(`oidc.tabId.${s}`, p), p;
|
|
283
|
-
}, t = e.service_worker_relative_url;
|
|
284
|
-
if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !t || e.service_worker_activate() === !1)
|
|
285
|
+
const n = e.service_worker_relative_url;
|
|
286
|
+
if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n || e.service_worker_activate() === !1)
|
|
285
287
|
return null;
|
|
286
|
-
let
|
|
287
|
-
e.register ?
|
|
288
|
+
let t = null;
|
|
289
|
+
e.register ? t = await e.service_worker_register(n) : t = await navigator.serviceWorker.register(n);
|
|
288
290
|
try {
|
|
289
|
-
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await O(
|
|
291
|
+
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await O(t)({ type: "claim" });
|
|
290
292
|
} catch {
|
|
291
293
|
return null;
|
|
292
294
|
}
|
|
293
|
-
const
|
|
294
|
-
const
|
|
295
|
+
const o = async (g) => O(t)({ type: "clear", data: { status: g }, configurationName: s }), i = async (g, A, S) => {
|
|
296
|
+
const W = await O(t)({
|
|
295
297
|
type: "init",
|
|
296
298
|
data: {
|
|
297
|
-
oidcServerConfiguration:
|
|
298
|
-
where:
|
|
299
|
+
oidcServerConfiguration: g,
|
|
300
|
+
where: A,
|
|
299
301
|
oidcConfiguration: {
|
|
300
|
-
token_renew_mode:
|
|
301
|
-
service_worker_convert_all_requests_to_cors:
|
|
302
|
+
token_renew_mode: S.token_renew_mode,
|
|
303
|
+
service_worker_convert_all_requests_to_cors: S.service_worker_convert_all_requests_to_cors
|
|
302
304
|
}
|
|
303
305
|
},
|
|
304
|
-
configurationName: s
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
status: L.status
|
|
306
|
+
configurationName: s
|
|
307
|
+
}), L = W.version;
|
|
308
|
+
return L !== ue && (console.warn(
|
|
309
|
+
`Service worker ${L} version mismatch with js client version ${ue}, unregistering and reloading`
|
|
310
|
+
), await S.service_worker_update_require_callback(t, We)), {
|
|
311
|
+
tokens: oe(W.tokens, null, S.token_renew_mode),
|
|
312
|
+
status: W.status
|
|
312
313
|
};
|
|
313
|
-
},
|
|
314
|
-
_e == null && (_e = "not_null", pe(
|
|
315
|
-
},
|
|
314
|
+
}, r = (g = "/") => {
|
|
315
|
+
_e == null && (_e = "not_null", pe(g));
|
|
316
|
+
}, a = (g) => O(t)({
|
|
316
317
|
type: "setSessionState",
|
|
317
|
-
data: { sessionState:
|
|
318
|
+
data: { sessionState: g },
|
|
318
319
|
configurationName: s
|
|
319
|
-
}),
|
|
320
|
+
}), u = async () => (await O(t)({
|
|
320
321
|
type: "getSessionState",
|
|
321
322
|
data: null,
|
|
322
323
|
configurationName: s
|
|
323
|
-
})).sessionState,
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
tabId: p
|
|
330
|
-
});
|
|
331
|
-
}, c = async () => {
|
|
332
|
-
const f = n();
|
|
333
|
-
let T = (await O(o)({
|
|
324
|
+
})).sessionState, f = (g) => (sessionStorage[`oidc.nonce.${s}`] = g.nonce, O(t)({
|
|
325
|
+
type: "setNonce",
|
|
326
|
+
data: { nonce: g },
|
|
327
|
+
configurationName: s
|
|
328
|
+
})), l = async () => {
|
|
329
|
+
let A = (await O(t)({
|
|
334
330
|
type: "getNonce",
|
|
335
331
|
data: null,
|
|
336
|
-
configurationName: s
|
|
337
|
-
tabId: f
|
|
332
|
+
configurationName: s
|
|
338
333
|
})).nonce;
|
|
339
|
-
return
|
|
340
|
-
},
|
|
334
|
+
return A || (A = sessionStorage[`oidc.nonce.${s}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: A };
|
|
335
|
+
}, c = {};
|
|
341
336
|
return {
|
|
342
|
-
clearAsync:
|
|
343
|
-
initAsync:
|
|
344
|
-
startKeepAliveServiceWorker: () =>
|
|
337
|
+
clearAsync: o,
|
|
338
|
+
initAsync: i,
|
|
339
|
+
startKeepAliveServiceWorker: () => r(e.service_worker_keep_alive_path),
|
|
345
340
|
isServiceWorkerProxyActiveAsync: () => Le(e.service_worker_keep_alive_path),
|
|
346
|
-
setSessionStateAsync:
|
|
347
|
-
getSessionStateAsync:
|
|
348
|
-
setNonceAsync:
|
|
349
|
-
getNonceAsync:
|
|
350
|
-
setLoginParams: (
|
|
351
|
-
|
|
341
|
+
setSessionStateAsync: a,
|
|
342
|
+
getSessionStateAsync: u,
|
|
343
|
+
setNonceAsync: f,
|
|
344
|
+
getNonceAsync: l,
|
|
345
|
+
setLoginParams: (g) => {
|
|
346
|
+
c[s] = g, localStorage[`oidc.login.${s}`] = JSON.stringify(g);
|
|
352
347
|
},
|
|
353
348
|
getLoginParams: () => {
|
|
354
|
-
const
|
|
355
|
-
return
|
|
349
|
+
const g = localStorage[`oidc.login.${s}`];
|
|
350
|
+
return c[s] || (c[s] = JSON.parse(g)), c[s];
|
|
356
351
|
},
|
|
357
352
|
getStateAsync: async () => {
|
|
358
|
-
|
|
359
|
-
let T = (await O(o)({
|
|
353
|
+
let A = (await O(t)({
|
|
360
354
|
type: "getState",
|
|
361
355
|
data: null,
|
|
362
|
-
configurationName: s
|
|
363
|
-
tabId: f
|
|
356
|
+
configurationName: s
|
|
364
357
|
})).state;
|
|
365
|
-
return
|
|
366
|
-
},
|
|
367
|
-
setStateAsync: async (f) => {
|
|
368
|
-
const p = n();
|
|
369
|
-
return sessionStorage[`oidc.state.${s}`] = f, O(o)({
|
|
370
|
-
type: "setState",
|
|
371
|
-
data: { state: f },
|
|
372
|
-
configurationName: s,
|
|
373
|
-
tabId: p
|
|
374
|
-
});
|
|
358
|
+
return A || (A = sessionStorage[`oidc.state.${s}`], console.warn("state not found in service worker, using sessionStorage")), A;
|
|
375
359
|
},
|
|
360
|
+
setStateAsync: async (g) => (sessionStorage[`oidc.state.${s}`] = g, O(t)({
|
|
361
|
+
type: "setState",
|
|
362
|
+
data: { state: g },
|
|
363
|
+
configurationName: s
|
|
364
|
+
})),
|
|
376
365
|
getCodeVerifierAsync: async () => {
|
|
377
|
-
|
|
378
|
-
let T = (await O(o)({
|
|
366
|
+
let A = (await O(t)({
|
|
379
367
|
type: "getCodeVerifier",
|
|
380
368
|
data: null,
|
|
381
|
-
configurationName: s
|
|
382
|
-
tabId: f
|
|
369
|
+
configurationName: s
|
|
383
370
|
})).codeVerifier;
|
|
384
|
-
return
|
|
371
|
+
return A || (A = sessionStorage[`oidc.code_verifier.${s}`], console.warn("codeVerifier not found in service worker, using sessionStorage")), A;
|
|
385
372
|
},
|
|
386
|
-
setCodeVerifierAsync: async (
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
});
|
|
394
|
-
},
|
|
395
|
-
setDemonstratingProofOfPossessionNonce: async (f) => {
|
|
396
|
-
await O(o)({
|
|
373
|
+
setCodeVerifierAsync: async (g) => (sessionStorage[`oidc.code_verifier.${s}`] = g, O(t)({
|
|
374
|
+
type: "setCodeVerifier",
|
|
375
|
+
data: { codeVerifier: g },
|
|
376
|
+
configurationName: s
|
|
377
|
+
})),
|
|
378
|
+
setDemonstratingProofOfPossessionNonce: async (g) => {
|
|
379
|
+
await O(t)({
|
|
397
380
|
type: "setDemonstratingProofOfPossessionNonce",
|
|
398
|
-
data: { demonstratingProofOfPossessionNonce:
|
|
381
|
+
data: { demonstratingProofOfPossessionNonce: g },
|
|
399
382
|
configurationName: s
|
|
400
383
|
});
|
|
401
384
|
},
|
|
402
|
-
getDemonstratingProofOfPossessionNonce: async () => (await O(
|
|
385
|
+
getDemonstratingProofOfPossessionNonce: async () => (await O(t)({
|
|
403
386
|
type: "getDemonstratingProofOfPossessionNonce",
|
|
404
387
|
data: null,
|
|
405
388
|
configurationName: s
|
|
406
389
|
})).demonstratingProofOfPossessionNonce,
|
|
407
|
-
setDemonstratingProofOfPossessionJwkAsync: async (
|
|
408
|
-
const
|
|
409
|
-
await O(
|
|
390
|
+
setDemonstratingProofOfPossessionJwkAsync: async (g) => {
|
|
391
|
+
const A = JSON.stringify(g);
|
|
392
|
+
await O(t)({
|
|
410
393
|
type: "setDemonstratingProofOfPossessionJwk",
|
|
411
|
-
data: { demonstratingProofOfPossessionJwkJson:
|
|
394
|
+
data: { demonstratingProofOfPossessionJwkJson: A },
|
|
412
395
|
configurationName: s
|
|
413
396
|
});
|
|
414
397
|
},
|
|
415
398
|
getDemonstratingProofOfPossessionJwkAsync: async () => {
|
|
416
|
-
const
|
|
399
|
+
const g = await O(t)({
|
|
417
400
|
type: "getDemonstratingProofOfPossessionJwk",
|
|
418
401
|
data: null,
|
|
419
402
|
configurationName: s
|
|
420
403
|
});
|
|
421
|
-
return
|
|
404
|
+
return g.demonstratingProofOfPossessionJwkJson ? JSON.parse(g.demonstratingProofOfPossessionJwkJson) : null;
|
|
422
405
|
}
|
|
423
406
|
};
|
|
424
|
-
}, R = {},
|
|
407
|
+
}, R = {}, $e = (e, s = window.sessionStorage, n) => {
|
|
425
408
|
if (!R[e] && s) {
|
|
426
409
|
const o = s.getItem(e);
|
|
427
410
|
o && (R[e] = JSON.parse(o));
|
|
428
411
|
}
|
|
429
412
|
const t = 1e3 * n;
|
|
430
413
|
return R[e] && R[e].timestamp + t > Date.now() ? R[e].result : null;
|
|
431
|
-
},
|
|
414
|
+
}, Ke = (e, s, n = window.sessionStorage) => {
|
|
432
415
|
const t = Date.now();
|
|
433
416
|
R[e] = { result: s, timestamp: t }, n && n.setItem(e, JSON.stringify({ result: s, timestamp: t }));
|
|
434
417
|
};
|
|
@@ -438,7 +421,7 @@ function we(e) {
|
|
|
438
421
|
function Ae(e) {
|
|
439
422
|
return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
|
|
440
423
|
}
|
|
441
|
-
function
|
|
424
|
+
function Ue(e) {
|
|
442
425
|
return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g, function(n, t) {
|
|
443
426
|
return String.fromCharCode(parseInt(t, 16));
|
|
444
427
|
});
|
|
@@ -450,9 +433,9 @@ const ie = (e) => {
|
|
|
450
433
|
}), Ae(s);
|
|
451
434
|
};
|
|
452
435
|
function fe(e) {
|
|
453
|
-
return Ae(
|
|
436
|
+
return Ae(Ue(e));
|
|
454
437
|
}
|
|
455
|
-
const
|
|
438
|
+
const Fe = {
|
|
456
439
|
importKeyAlgorithm: {
|
|
457
440
|
name: "ECDSA",
|
|
458
441
|
namedCurve: "P-256",
|
|
@@ -465,7 +448,7 @@ const Ue = {
|
|
|
465
448
|
},
|
|
466
449
|
digestAlgorithm: { name: "SHA-256" },
|
|
467
450
|
jwtHeaderAlgorithm: "ES256"
|
|
468
|
-
},
|
|
451
|
+
}, Ve = (e) => async (s, n, t, o, i = "dpop+jwt") => {
|
|
469
452
|
switch (s = Object.assign({}, s), n.typ = i, n.alg = o.jwtHeaderAlgorithm, n.alg) {
|
|
470
453
|
case "ES256":
|
|
471
454
|
n.jwk = { kty: s.kty, crv: s.crv, x: s.x, y: s.y };
|
|
@@ -483,18 +466,18 @@ const Ue = {
|
|
|
483
466
|
// @ts-ignore
|
|
484
467
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
485
468
|
payload: fe(JSON.stringify(t))
|
|
486
|
-
}, a = o.importKeyAlgorithm, u = !0,
|
|
487
|
-
return r.signature = ie(new Uint8Array(
|
|
488
|
-
},
|
|
469
|
+
}, a = o.importKeyAlgorithm, u = !0, f = ["sign"], l = await e.crypto.subtle.importKey("jwk", s, a, u, f), c = we(`${r.protected}.${r.payload}`), _ = o.signAlgorithm, d = await e.crypto.subtle.sign(_, l, c);
|
|
470
|
+
return r.signature = ie(new Uint8Array(d)), `${r.protected}.${r.payload}.${r.signature}`;
|
|
471
|
+
}, Je = { sign: Ve }, Me = (e) => async (s) => {
|
|
489
472
|
const n = s, t = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(n, t, o);
|
|
490
473
|
return await e.crypto.subtle.exportKey("jwk", i.privateKey);
|
|
491
|
-
},
|
|
474
|
+
}, Be = (e) => {
|
|
492
475
|
const s = Object.assign({}, e);
|
|
493
476
|
return delete s.d, s.key_ops = ["verify"], s;
|
|
494
|
-
},
|
|
495
|
-
generate:
|
|
496
|
-
neuter:
|
|
497
|
-
},
|
|
477
|
+
}, He = {
|
|
478
|
+
generate: Me,
|
|
479
|
+
neuter: Be
|
|
480
|
+
}, qe = (e) => async (s, n) => {
|
|
498
481
|
let t;
|
|
499
482
|
switch (s.kty) {
|
|
500
483
|
case "EC":
|
|
@@ -508,25 +491,25 @@ const Ue = {
|
|
|
508
491
|
}
|
|
509
492
|
const o = await e.crypto.subtle.digest(n, we(t));
|
|
510
493
|
return ie(new Uint8Array(o));
|
|
511
|
-
},
|
|
494
|
+
}, je = { thumbprint: qe }, Ge = (e) => async (s) => await He.generate(e)(s), Se = (e) => (s) => async (n, t = "POST", o, i = {}) => {
|
|
512
495
|
const r = {
|
|
513
496
|
// https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
|
|
514
|
-
jti: btoa(
|
|
497
|
+
jti: btoa(Ye()),
|
|
515
498
|
htm: t,
|
|
516
499
|
htu: o,
|
|
517
500
|
iat: Math.round(Date.now() / 1e3),
|
|
518
501
|
...i
|
|
519
|
-
}, a = await
|
|
502
|
+
}, a = await je.thumbprint(e)(
|
|
520
503
|
n,
|
|
521
504
|
s.digestAlgorithm
|
|
522
505
|
);
|
|
523
|
-
return await
|
|
506
|
+
return await Je.sign(e)(
|
|
524
507
|
n,
|
|
525
508
|
{ kid: a },
|
|
526
509
|
r,
|
|
527
510
|
s
|
|
528
511
|
);
|
|
529
|
-
},
|
|
512
|
+
}, Ye = () => {
|
|
530
513
|
const e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", s = "0123456789abcdef";
|
|
531
514
|
let n = 0, t = "";
|
|
532
515
|
for (let o = 0; o < 36; o++)
|
|
@@ -535,7 +518,7 @@ const Ue = {
|
|
|
535
518
|
}, ve = () => {
|
|
536
519
|
const e = typeof window < "u" && !!window.crypto, s = e && !!window.crypto.subtle;
|
|
537
520
|
return { hasCrypto: e, hasSubtleCrypto: s };
|
|
538
|
-
}, ee = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
|
|
521
|
+
}, ee = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", Xe = (e) => {
|
|
539
522
|
const s = [];
|
|
540
523
|
for (let n = 0; n < e.byteLength; n += 1) {
|
|
541
524
|
const t = e[n] % ee.length;
|
|
@@ -549,9 +532,9 @@ const Ue = {
|
|
|
549
532
|
else
|
|
550
533
|
for (let t = 0; t < e; t += 1)
|
|
551
534
|
s[t] = Math.random() * ee.length | 0;
|
|
552
|
-
return
|
|
535
|
+
return Xe(s);
|
|
553
536
|
};
|
|
554
|
-
function
|
|
537
|
+
function ze(e) {
|
|
555
538
|
const s = new ArrayBuffer(e.length), n = new Uint8Array(s);
|
|
556
539
|
for (let t = 0; t < e.length; t++)
|
|
557
540
|
n[t] = e.charCodeAt(t);
|
|
@@ -559,26 +542,26 @@ function Xe(e) {
|
|
|
559
542
|
}
|
|
560
543
|
function Te(e) {
|
|
561
544
|
return new Promise((s, n) => {
|
|
562
|
-
crypto.subtle.digest("SHA-256",
|
|
545
|
+
crypto.subtle.digest("SHA-256", ze(e)).then(
|
|
563
546
|
(t) => s(ie(new Uint8Array(t))),
|
|
564
547
|
(t) => n(t)
|
|
565
548
|
);
|
|
566
549
|
});
|
|
567
550
|
}
|
|
568
|
-
const
|
|
551
|
+
const Qe = (e) => {
|
|
569
552
|
if (e.length < 43 || e.length > 128)
|
|
570
553
|
return Promise.reject(new Error("Invalid code length."));
|
|
571
554
|
const { hasSubtleCrypto: s } = ve();
|
|
572
555
|
return s ? Te(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
|
|
573
|
-
},
|
|
574
|
-
const i = `${s}/.well-known/openid-configuration`, r = `oidc.server:${s}`, a =
|
|
556
|
+
}, Ze = 60 * 60, es = (e) => async (s, n = Ze, t = window.sessionStorage, o = 1e4) => {
|
|
557
|
+
const i = `${s}/.well-known/openid-configuration`, r = `oidc.server:${s}`, a = $e(r, t, n);
|
|
575
558
|
if (a)
|
|
576
559
|
return new te(a);
|
|
577
560
|
const u = await B(e)(i, {}, o);
|
|
578
561
|
if (u.status !== 200)
|
|
579
562
|
return null;
|
|
580
|
-
const
|
|
581
|
-
return
|
|
563
|
+
const f = await u.json();
|
|
564
|
+
return Ke(r, f, t), new te(f);
|
|
582
565
|
}, B = (e) => async (s, n = {}, t = 1e4, o = 0) => {
|
|
583
566
|
let i;
|
|
584
567
|
try {
|
|
@@ -606,10 +589,10 @@ const ze = (e) => {
|
|
|
606
589
|
a[c] === void 0 && (a[c] = _);
|
|
607
590
|
const u = [];
|
|
608
591
|
for (const c in a) {
|
|
609
|
-
const _ = encodeURIComponent(c),
|
|
610
|
-
u.push(`${_}=${
|
|
592
|
+
const _ = encodeURIComponent(c), d = encodeURIComponent(a[c]);
|
|
593
|
+
u.push(`${_}=${d}`);
|
|
611
594
|
}
|
|
612
|
-
const
|
|
595
|
+
const f = u.join("&");
|
|
613
596
|
return (await B(e)(
|
|
614
597
|
s,
|
|
615
598
|
{
|
|
@@ -617,21 +600,21 @@ const ze = (e) => {
|
|
|
617
600
|
headers: {
|
|
618
601
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
|
|
619
602
|
},
|
|
620
|
-
body:
|
|
603
|
+
body: f
|
|
621
604
|
},
|
|
622
605
|
r
|
|
623
606
|
)).status !== 200 ? { success: !1 } : {
|
|
624
607
|
success: !0
|
|
625
608
|
};
|
|
626
|
-
},
|
|
627
|
-
for (const [
|
|
628
|
-
n[
|
|
609
|
+
}, ss = (e) => async (s, n, t, o, i = {}, r, a = 1e4) => {
|
|
610
|
+
for (const [d, y] of Object.entries(t))
|
|
611
|
+
n[d] === void 0 && (n[d] = y);
|
|
629
612
|
const u = [];
|
|
630
|
-
for (const
|
|
631
|
-
const
|
|
632
|
-
u.push(`${
|
|
613
|
+
for (const d in n) {
|
|
614
|
+
const y = encodeURIComponent(d), p = encodeURIComponent(n[d]);
|
|
615
|
+
u.push(`${y}=${p}`);
|
|
633
616
|
}
|
|
634
|
-
const
|
|
617
|
+
const f = u.join("&"), l = await B(e)(
|
|
635
618
|
s,
|
|
636
619
|
{
|
|
637
620
|
method: "POST",
|
|
@@ -639,7 +622,7 @@ const ze = (e) => {
|
|
|
639
622
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
640
623
|
...i
|
|
641
624
|
},
|
|
642
|
-
body:
|
|
625
|
+
body: f
|
|
643
626
|
},
|
|
644
627
|
a
|
|
645
628
|
);
|
|
@@ -659,21 +642,21 @@ const ze = (e) => {
|
|
|
659
642
|
data: oe(c, o, r),
|
|
660
643
|
demonstratingProofOfPossessionNonce: _
|
|
661
644
|
};
|
|
662
|
-
},
|
|
645
|
+
}, ns = (e, s) => async (n, t) => {
|
|
663
646
|
t = t ? { ...t } : {};
|
|
664
|
-
const o = se(128), i = await
|
|
647
|
+
const o = se(128), i = await Qe(o);
|
|
665
648
|
await e.setCodeVerifierAsync(o), await e.setStateAsync(t.state), t.code_challenge = i, t.code_challenge_method = "S256";
|
|
666
649
|
let r = "";
|
|
667
650
|
if (t)
|
|
668
651
|
for (const [a, u] of Object.entries(t))
|
|
669
652
|
r === "" ? r += "?" : r += "&", r += `${a}=${encodeURIComponent(u)}`;
|
|
670
653
|
s.open(`${n}${r}`);
|
|
671
|
-
}, G = "DPoP-Nonce",
|
|
654
|
+
}, G = "DPoP-Nonce", ts = (e) => async (s, n, t, o, i = 1e4) => {
|
|
672
655
|
n = n ? { ...n } : {}, n.code_verifier = await e.getCodeVerifierAsync();
|
|
673
656
|
const r = [];
|
|
674
657
|
for (const c in n) {
|
|
675
|
-
const _ = encodeURIComponent(c),
|
|
676
|
-
r.push(`${_}=${
|
|
658
|
+
const _ = encodeURIComponent(c), d = encodeURIComponent(n[c]);
|
|
659
|
+
r.push(`${_}=${d}`);
|
|
677
660
|
}
|
|
678
661
|
const a = r.join("&"), u = await B(fetch)(
|
|
679
662
|
s,
|
|
@@ -689,8 +672,8 @@ const ze = (e) => {
|
|
|
689
672
|
);
|
|
690
673
|
if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), u.status !== 200)
|
|
691
674
|
return { success: !1, status: u.status };
|
|
692
|
-
let
|
|
693
|
-
u.headers.has(G) && (
|
|
675
|
+
let f = null;
|
|
676
|
+
u.headers.has(G) && (f = u.headers.get(
|
|
694
677
|
G
|
|
695
678
|
));
|
|
696
679
|
const l = await u.json();
|
|
@@ -699,7 +682,7 @@ const ze = (e) => {
|
|
|
699
682
|
data: {
|
|
700
683
|
state: n.state,
|
|
701
684
|
tokens: oe(l, null, o),
|
|
702
|
-
demonstratingProofOfPossessionNonce:
|
|
685
|
+
demonstratingProofOfPossessionNonce: f
|
|
703
686
|
}
|
|
704
687
|
};
|
|
705
688
|
};
|
|
@@ -714,7 +697,7 @@ async function he(e, s, n) {
|
|
|
714
697
|
);
|
|
715
698
|
return await I(e.configuration, e.configurationName) || await P(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? o : (await e.destroyAsync(i), null);
|
|
716
699
|
}
|
|
717
|
-
const
|
|
700
|
+
const os = async (e, s) => {
|
|
718
701
|
const n = await I(s, e.configurationName);
|
|
719
702
|
if (n) {
|
|
720
703
|
const t = await e.initAsync(
|
|
@@ -738,7 +721,7 @@ async function be(e, s = !1, n = null) {
|
|
|
738
721
|
const r = await I(e.configuration, e.configurationName);
|
|
739
722
|
return (t == null ? void 0 : t.storage) === (window == null ? void 0 : window.sessionStorage) && !r ? i = await he(e, s, n) : i = await navigator.locks.request(o, { ifAvailable: !0 }, async (a) => a ? await he(e, s, n) : (e.publishEvent(C.eventNames.syncTokensAsync_lock_not_available, {
|
|
740
723
|
lock: "lock not available"
|
|
741
|
-
}), await
|
|
724
|
+
}), await os(e, t))), i ? (e.timeoutId && (e.timeoutId = J(e, e.tokens.expiresAt, n)), e.tokens) : null;
|
|
742
725
|
}
|
|
743
726
|
const J = (e, s, n = null) => {
|
|
744
727
|
const t = e.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
@@ -746,7 +729,7 @@ const J = (e, s, n = null) => {
|
|
|
746
729
|
const i = { timeLeft: U(t, s) };
|
|
747
730
|
e.publishEvent(C.eventNames.token_timer, i), await be(e, !1, n);
|
|
748
731
|
}, 1e3);
|
|
749
|
-
},
|
|
732
|
+
}, N = {
|
|
750
733
|
FORCE_REFRESH: "FORCE_REFRESH",
|
|
751
734
|
SESSION_LOST: "SESSION_LOST",
|
|
752
735
|
NOT_CONNECTED: "NOT_CONNECTED",
|
|
@@ -754,7 +737,7 @@ const J = (e, s, n = null) => {
|
|
|
754
737
|
TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",
|
|
755
738
|
LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
|
|
756
739
|
REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS"
|
|
757
|
-
},
|
|
740
|
+
}, is = (e) => async (s, n, t, o = !1) => {
|
|
758
741
|
const i = { nonce: null };
|
|
759
742
|
if (!t)
|
|
760
743
|
return { tokens: null, status: "NOT_CONNECTED", nonce: i };
|
|
@@ -776,26 +759,26 @@ const J = (e, s, n = null) => {
|
|
|
776
759
|
if (!c || !_)
|
|
777
760
|
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: i };
|
|
778
761
|
if (_.issuedAt !== t.issuedAt) {
|
|
779
|
-
const
|
|
762
|
+
const y = U(
|
|
780
763
|
s.refresh_time_before_tokens_expiration_in_second,
|
|
781
764
|
_.expiresAt
|
|
782
|
-
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
|
|
783
|
-
return { tokens: _, status:
|
|
765
|
+
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", p = await u.getNonceAsync();
|
|
766
|
+
return { tokens: _, status: y, nonce: p };
|
|
784
767
|
}
|
|
785
768
|
r = await u.getNonceAsync();
|
|
786
769
|
} else {
|
|
787
770
|
const c = P(n, s.storage ?? sessionStorage), _ = await c.initAsync();
|
|
788
|
-
let { tokens:
|
|
789
|
-
const { status:
|
|
790
|
-
if (
|
|
791
|
-
if (
|
|
771
|
+
let { tokens: d } = _;
|
|
772
|
+
const { status: y } = _;
|
|
773
|
+
if (d && (d = X(d, e.tokens, s.token_renew_mode)), d) {
|
|
774
|
+
if (y === "SESSIONS_LOST")
|
|
792
775
|
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
|
|
793
|
-
if (
|
|
776
|
+
if (d.issuedAt !== t.issuedAt) {
|
|
794
777
|
const k = U(
|
|
795
778
|
s.refresh_time_before_tokens_expiration_in_second,
|
|
796
|
-
|
|
779
|
+
d.expiresAt
|
|
797
780
|
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", b = await c.getNonceAsync();
|
|
798
|
-
return { tokens:
|
|
781
|
+
return { tokens: d, status: k, nonce: b };
|
|
799
782
|
}
|
|
800
783
|
} else
|
|
801
784
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
@@ -820,7 +803,7 @@ const J = (e, s, n = null) => {
|
|
|
820
803
|
e.configurationName,
|
|
821
804
|
e.configuration,
|
|
822
805
|
e.publishEvent.bind(e)
|
|
823
|
-
)(l, c, _),
|
|
806
|
+
)(l, c, _), f = async () => {
|
|
824
807
|
try {
|
|
825
808
|
let l;
|
|
826
809
|
const c = await I(a, e.configurationName);
|
|
@@ -843,94 +826,94 @@ const J = (e, s, n = null) => {
|
|
|
843
826
|
}
|
|
844
827
|
};
|
|
845
828
|
try {
|
|
846
|
-
const { status: l, tokens: c, nonce: _ } = await
|
|
829
|
+
const { status: l, tokens: c, nonce: _ } = await is(e)(
|
|
847
830
|
a,
|
|
848
831
|
e.configurationName,
|
|
849
832
|
e.tokens,
|
|
850
833
|
t
|
|
851
834
|
);
|
|
852
835
|
switch (l) {
|
|
853
|
-
case
|
|
836
|
+
case N.SESSION_LOST:
|
|
854
837
|
return s(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
855
838
|
message: "refresh token session lost"
|
|
856
839
|
}), { tokens: null, status: "SESSION_LOST" };
|
|
857
|
-
case
|
|
840
|
+
case N.NOT_CONNECTED:
|
|
858
841
|
return s(null), { tokens: null, status: null };
|
|
859
|
-
case
|
|
842
|
+
case N.TOKENS_VALID:
|
|
860
843
|
return s(c), { tokens: c, status: "LOGGED_IN" };
|
|
861
|
-
case
|
|
844
|
+
case N.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
|
|
862
845
|
return s(c), e.publishEvent(C.eventNames.token_renewed, {
|
|
863
846
|
reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"
|
|
864
847
|
}), { tokens: c, status: "LOGGED_IN" };
|
|
865
|
-
case
|
|
848
|
+
case N.LOGOUT_FROM_ANOTHER_TAB:
|
|
866
849
|
return s(null), e.publishEvent(m.logout_from_another_tab, {
|
|
867
850
|
status: "session syncTokensAsync"
|
|
868
851
|
}), { tokens: null, status: "LOGGED_OUT" };
|
|
869
|
-
case
|
|
870
|
-
return a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted &&
|
|
852
|
+
case N.REQUIRE_SYNC_TOKENS:
|
|
853
|
+
return a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && N.FORCE_REFRESH !== l ? (e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(m.refreshTokensAsync_begin, { tryNumber: n }), await f());
|
|
871
854
|
default: {
|
|
872
|
-
if (a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted &&
|
|
855
|
+
if (a.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && N.FORCE_REFRESH !== l)
|
|
873
856
|
return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
|
|
874
857
|
if (e.publishEvent(m.refreshTokensAsync_begin, {
|
|
875
858
|
refreshToken: c.refreshToken,
|
|
876
859
|
status: l,
|
|
877
860
|
tryNumber: n
|
|
878
861
|
}), !c.refreshToken)
|
|
879
|
-
return await
|
|
880
|
-
const
|
|
881
|
-
for (const [
|
|
882
|
-
|
|
862
|
+
return await f();
|
|
863
|
+
const d = a.client_id, y = a.redirect_uri, p = a.authority, b = { ...a.token_request_extras ? a.token_request_extras : {} };
|
|
864
|
+
for (const [w, v] of Object.entries(o))
|
|
865
|
+
w.endsWith(":token_request") && (b[w.replace(":token_request", "")] = v);
|
|
883
866
|
return await (async () => {
|
|
884
|
-
const
|
|
885
|
-
client_id:
|
|
886
|
-
redirect_uri:
|
|
867
|
+
const w = {
|
|
868
|
+
client_id: d,
|
|
869
|
+
redirect_uri: y,
|
|
887
870
|
grant_type: "refresh_token",
|
|
888
871
|
refresh_token: c.refreshToken
|
|
889
|
-
},
|
|
890
|
-
|
|
872
|
+
}, v = await e.initAsync(
|
|
873
|
+
p,
|
|
891
874
|
a.authority_configuration
|
|
892
|
-
),
|
|
893
|
-
a.demonstrating_proof_of_possession && (
|
|
875
|
+
), h = document.hidden ? 1e4 : 3e4 * 10, g = v.tokenEndpoint, A = {};
|
|
876
|
+
a.demonstrating_proof_of_possession && (A.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(
|
|
894
877
|
c.accessToken,
|
|
895
|
-
|
|
878
|
+
g,
|
|
896
879
|
"POST"
|
|
897
880
|
));
|
|
898
|
-
const
|
|
899
|
-
|
|
900
|
-
|
|
881
|
+
const S = await ss(e.getFetch())(
|
|
882
|
+
g,
|
|
883
|
+
w,
|
|
901
884
|
b,
|
|
902
885
|
c,
|
|
903
|
-
|
|
886
|
+
A,
|
|
904
887
|
a.token_renew_mode,
|
|
905
|
-
|
|
888
|
+
h
|
|
906
889
|
);
|
|
907
|
-
if (
|
|
908
|
-
const { isValid:
|
|
909
|
-
|
|
890
|
+
if (S.success) {
|
|
891
|
+
const { isValid: W, reason: L } = me(
|
|
892
|
+
S.data,
|
|
910
893
|
_.nonce,
|
|
911
|
-
|
|
894
|
+
v
|
|
912
895
|
);
|
|
913
|
-
if (!
|
|
896
|
+
if (!W)
|
|
914
897
|
return s(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
915
898
|
message: `refresh token return not valid tokens, reason: ${L}`
|
|
916
899
|
}), { tokens: null, status: "SESSION_LOST" };
|
|
917
|
-
if (s(
|
|
918
|
-
const
|
|
919
|
-
|
|
920
|
-
|
|
900
|
+
if (s(S.data), S.demonstratingProofOfPossessionNonce) {
|
|
901
|
+
const T = await I(a, e.configurationName);
|
|
902
|
+
T ? await T.setDemonstratingProofOfPossessionNonce(
|
|
903
|
+
S.demonstratingProofOfPossessionNonce
|
|
921
904
|
) : await P(e.configurationName, a.storage).setDemonstratingProofOfPossessionNonce(
|
|
922
|
-
|
|
905
|
+
S.demonstratingProofOfPossessionNonce
|
|
923
906
|
);
|
|
924
907
|
}
|
|
925
908
|
return e.publishEvent(m.refreshTokensAsync_end, {
|
|
926
|
-
success:
|
|
927
|
-
}), e.publishEvent(C.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens:
|
|
909
|
+
success: S.success
|
|
910
|
+
}), e.publishEvent(C.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: S.data, status: "LOGGED_IN" };
|
|
928
911
|
} else
|
|
929
912
|
return e.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
930
913
|
message: "bad request",
|
|
931
|
-
tokenResponse:
|
|
932
|
-
}),
|
|
933
|
-
message: `session lost: ${
|
|
914
|
+
tokenResponse: S
|
|
915
|
+
}), S.status >= 400 && S.status < 500 ? (s(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
916
|
+
message: `session lost: ${S.status}`
|
|
934
917
|
}), { tokens: null, status: "SESSION_LOST" }) : await H(e)(
|
|
935
918
|
s,
|
|
936
919
|
r,
|
|
@@ -959,59 +942,59 @@ const J = (e, s, n = null) => {
|
|
|
959
942
|
if (o && (t == null && (t = {}), t.state = o), i && (t == null && (t = {}), t.scope = i), t != null)
|
|
960
943
|
for (const [c, _] of Object.entries(t))
|
|
961
944
|
r === "" ? r = `?${encodeURIComponent(c)}=${encodeURIComponent(_)}` : r += `&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;
|
|
962
|
-
const a = s.silent_login_uri + r, u = a.indexOf("/", a.indexOf("//") + 2),
|
|
945
|
+
const a = s.silent_login_uri + r, u = a.indexOf("/", a.indexOf("//") + 2), f = a.substring(0, u), l = document.createElement("iframe");
|
|
963
946
|
return l.width = "0px", l.height = "0px", l.id = `${e}_oidc_iframe`, l.setAttribute("src", a), document.body.appendChild(l), new Promise((c, _) => {
|
|
964
|
-
let
|
|
965
|
-
const
|
|
966
|
-
window.removeEventListener("message",
|
|
967
|
-
},
|
|
968
|
-
if (k.origin ===
|
|
969
|
-
const b = `${e}_oidc_tokens:`, E = `${e}_oidc_error:`,
|
|
970
|
-
if (
|
|
971
|
-
if (
|
|
972
|
-
const
|
|
973
|
-
n(m.silentLoginAsync_end, {}), c(
|
|
974
|
-
} else if (
|
|
975
|
-
const
|
|
976
|
-
n(m.silentLoginAsync_error,
|
|
977
|
-
} else if (
|
|
978
|
-
const
|
|
979
|
-
n(m.silentLoginAsync_error,
|
|
947
|
+
let d = !1;
|
|
948
|
+
const y = () => {
|
|
949
|
+
window.removeEventListener("message", p), l.remove(), d = !0;
|
|
950
|
+
}, p = (k) => {
|
|
951
|
+
if (k.origin === f && k.source === l.contentWindow) {
|
|
952
|
+
const b = `${e}_oidc_tokens:`, E = `${e}_oidc_error:`, w = `${e}_oidc_exception:`, v = k.data;
|
|
953
|
+
if (v && typeof v == "string" && !d) {
|
|
954
|
+
if (v.startsWith(b)) {
|
|
955
|
+
const h = JSON.parse(k.data.replace(b, ""));
|
|
956
|
+
n(m.silentLoginAsync_end, {}), c(h), y();
|
|
957
|
+
} else if (v.startsWith(E)) {
|
|
958
|
+
const h = JSON.parse(k.data.replace(E, ""));
|
|
959
|
+
n(m.silentLoginAsync_error, h), c({ error: "oidc_" + h.error, tokens: null, sessionState: null }), y();
|
|
960
|
+
} else if (v.startsWith(w)) {
|
|
961
|
+
const h = JSON.parse(k.data.replace(w, ""));
|
|
962
|
+
n(m.silentLoginAsync_error, h), _(new Error(h.error)), y();
|
|
980
963
|
}
|
|
981
964
|
}
|
|
982
965
|
}
|
|
983
966
|
};
|
|
984
967
|
try {
|
|
985
|
-
window.addEventListener("message",
|
|
968
|
+
window.addEventListener("message", p);
|
|
986
969
|
const k = s.silent_login_timeout;
|
|
987
970
|
setTimeout(() => {
|
|
988
|
-
|
|
971
|
+
d || (y(), n(m.silentLoginAsync_error, { reason: "timeout" }), _(new Error("timeout")));
|
|
989
972
|
}, k);
|
|
990
973
|
} catch (k) {
|
|
991
|
-
|
|
974
|
+
y(), n(m.silentLoginAsync_error, k), _(k);
|
|
992
975
|
}
|
|
993
976
|
});
|
|
994
977
|
} catch (r) {
|
|
995
978
|
throw n(m.silentLoginAsync_error, r), r;
|
|
996
979
|
}
|
|
997
|
-
},
|
|
980
|
+
}, rs = (e, s, n, t, o) => (i = null, r = void 0) => {
|
|
998
981
|
i = { ...i };
|
|
999
|
-
const a = (
|
|
1000
|
-
|
|
982
|
+
const a = (f, l, c) => re(s, n, t.bind(o))(
|
|
983
|
+
f,
|
|
1001
984
|
l,
|
|
1002
985
|
c
|
|
1003
986
|
);
|
|
1004
987
|
return (async () => {
|
|
1005
988
|
o.timeoutId && M.clearTimeout(o.timeoutId);
|
|
1006
|
-
let
|
|
1007
|
-
i && "state" in i && (
|
|
989
|
+
let f;
|
|
990
|
+
i && "state" in i && (f = i.state, delete i.state);
|
|
1008
991
|
try {
|
|
1009
992
|
const l = n.extras ? { ...n.extras, ...i } : i, c = await a(
|
|
1010
993
|
{
|
|
1011
994
|
...l,
|
|
1012
995
|
prompt: "none"
|
|
1013
996
|
},
|
|
1014
|
-
|
|
997
|
+
f,
|
|
1015
998
|
r
|
|
1016
999
|
);
|
|
1017
1000
|
if (c)
|
|
@@ -1020,31 +1003,31 @@ const J = (e, s, n = null) => {
|
|
|
1020
1003
|
return l;
|
|
1021
1004
|
}
|
|
1022
1005
|
})();
|
|
1023
|
-
},
|
|
1024
|
-
const a = (u,
|
|
1006
|
+
}, as = (e, s, n) => (t, o, i, r = !1) => {
|
|
1007
|
+
const a = (u, f = void 0, l = void 0) => re(e.configurationName, n, e.publishEvent.bind(e))(
|
|
1025
1008
|
u,
|
|
1026
|
-
|
|
1009
|
+
f,
|
|
1027
1010
|
l
|
|
1028
1011
|
);
|
|
1029
|
-
return new Promise((u,
|
|
1012
|
+
return new Promise((u, f) => {
|
|
1030
1013
|
if (n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && t && i && !r) {
|
|
1031
1014
|
const l = () => {
|
|
1032
1015
|
e.checkSessionIFrame.stop();
|
|
1033
1016
|
const c = e.tokens;
|
|
1034
1017
|
if (c === null)
|
|
1035
1018
|
return;
|
|
1036
|
-
const _ = c.idToken,
|
|
1019
|
+
const _ = c.idToken, d = c.idTokenPayload;
|
|
1037
1020
|
return a({
|
|
1038
1021
|
prompt: "none",
|
|
1039
1022
|
id_token_hint: _,
|
|
1040
1023
|
scope: n.scope || "openid"
|
|
1041
|
-
}).then((
|
|
1042
|
-
if (
|
|
1043
|
-
throw new Error(
|
|
1044
|
-
const
|
|
1045
|
-
if (
|
|
1046
|
-
const k =
|
|
1047
|
-
e.checkSessionIFrame.start(
|
|
1024
|
+
}).then((y) => {
|
|
1025
|
+
if (y.error)
|
|
1026
|
+
throw new Error(y.error);
|
|
1027
|
+
const p = y.tokens.idTokenPayload;
|
|
1028
|
+
if (d.sub === p.sub) {
|
|
1029
|
+
const k = y.sessionState;
|
|
1030
|
+
e.checkSessionIFrame.start(y.sessionState), d.sid === p.sid ? console.debug(
|
|
1048
1031
|
"SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
|
|
1049
1032
|
k
|
|
1050
1033
|
) : console.debug(
|
|
@@ -1054,15 +1037,15 @@ const J = (e, s, n = null) => {
|
|
|
1054
1037
|
} else
|
|
1055
1038
|
console.debug(
|
|
1056
1039
|
"SessionMonitor._callback: Different subject signed into OP:",
|
|
1057
|
-
|
|
1040
|
+
p.sub
|
|
1058
1041
|
);
|
|
1059
|
-
}).catch(async (
|
|
1042
|
+
}).catch(async (y) => {
|
|
1060
1043
|
console.warn(
|
|
1061
1044
|
"SessionMonitor._callback: Silent login failed, logging out other tabs:",
|
|
1062
|
-
|
|
1045
|
+
y
|
|
1063
1046
|
);
|
|
1064
|
-
for (const [,
|
|
1065
|
-
await
|
|
1047
|
+
for (const [, p] of Object.entries(s))
|
|
1048
|
+
await p.logoutOtherTabAsync(n.client_id, d.sub);
|
|
1066
1049
|
});
|
|
1067
1050
|
};
|
|
1068
1051
|
e.checkSessionIFrame = new Pe(
|
|
@@ -1072,12 +1055,12 @@ const J = (e, s, n = null) => {
|
|
|
1072
1055
|
), e.checkSessionIFrame.load().then(() => {
|
|
1073
1056
|
e.checkSessionIFrame.start(i), u(e.checkSessionIFrame);
|
|
1074
1057
|
}).catch((c) => {
|
|
1075
|
-
|
|
1058
|
+
f(c);
|
|
1076
1059
|
});
|
|
1077
1060
|
} else
|
|
1078
1061
|
u(null);
|
|
1079
1062
|
});
|
|
1080
|
-
},
|
|
1063
|
+
}, cs = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), ls = (e) => {
|
|
1081
1064
|
const s = e.appVersion, n = e.userAgent, t = "-";
|
|
1082
1065
|
let o = t;
|
|
1083
1066
|
const i = [
|
|
@@ -1137,7 +1120,7 @@ const J = (e, s, n = null) => {
|
|
|
1137
1120
|
osVersion: r
|
|
1138
1121
|
};
|
|
1139
1122
|
};
|
|
1140
|
-
function
|
|
1123
|
+
function us() {
|
|
1141
1124
|
const e = navigator.userAgent;
|
|
1142
1125
|
let s, n = e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
|
|
1143
1126
|
if (/trident/i.test(n[1]))
|
|
@@ -1155,13 +1138,13 @@ function ls() {
|
|
|
1155
1138
|
version: n[1]
|
|
1156
1139
|
};
|
|
1157
1140
|
}
|
|
1158
|
-
const
|
|
1159
|
-
const { name: e, version: s } =
|
|
1141
|
+
const _s = () => {
|
|
1142
|
+
const { name: e, version: s } = us();
|
|
1160
1143
|
if (e === "chrome" && parseInt(s) <= 70 || e === "opera" && (!s || parseInt(s.split(".")[0]) < 80) || e === "ie")
|
|
1161
1144
|
return !1;
|
|
1162
|
-
const n =
|
|
1163
|
-
return !
|
|
1164
|
-
},
|
|
1145
|
+
const n = ls(navigator);
|
|
1146
|
+
return !cs(n);
|
|
1147
|
+
}, fs = async (e) => {
|
|
1165
1148
|
let s;
|
|
1166
1149
|
if (e.tokens != null)
|
|
1167
1150
|
return !1;
|
|
@@ -1247,7 +1230,7 @@ const us = () => {
|
|
|
1247
1230
|
search: n,
|
|
1248
1231
|
hash: t
|
|
1249
1232
|
};
|
|
1250
|
-
},
|
|
1233
|
+
}, Ts = (e) => {
|
|
1251
1234
|
const s = Ee(e);
|
|
1252
1235
|
let { path: n } = s;
|
|
1253
1236
|
n.endsWith("/") && (n = n.slice(0, -1));
|
|
@@ -1255,16 +1238,16 @@ const us = () => {
|
|
|
1255
1238
|
return t === "#_=_" && (t = ""), t && (n += t), n;
|
|
1256
1239
|
}, Y = (e) => {
|
|
1257
1240
|
const s = Ee(e), { search: n } = s;
|
|
1258
|
-
return
|
|
1259
|
-
},
|
|
1241
|
+
return ds(n);
|
|
1242
|
+
}, ds = (e) => {
|
|
1260
1243
|
const s = {};
|
|
1261
1244
|
let n, t, o;
|
|
1262
1245
|
const i = e.split("&");
|
|
1263
1246
|
for (t = 0, o = i.length; t < o; t++)
|
|
1264
1247
|
n = i[t].split("="), s[decodeURIComponent(n[0])] = decodeURIComponent(n[1]);
|
|
1265
1248
|
return s;
|
|
1266
|
-
},
|
|
1267
|
-
const
|
|
1249
|
+
}, hs = (e, s, n, t, o) => (i = void 0, r = null, a = !1, u = void 0) => {
|
|
1250
|
+
const f = r;
|
|
1268
1251
|
return r = { ...r }, (async () => {
|
|
1269
1252
|
const c = i || o.getPath();
|
|
1270
1253
|
if ("state" in r || (r.state = se(16)), n(m.loginAsync_begin, {}), r)
|
|
@@ -1273,27 +1256,27 @@ const us = () => {
|
|
|
1273
1256
|
try {
|
|
1274
1257
|
const _ = a ? s.silent_redirect_uri : s.redirect_uri;
|
|
1275
1258
|
u || (u = s.scope);
|
|
1276
|
-
const
|
|
1277
|
-
|
|
1278
|
-
const
|
|
1259
|
+
const d = s.extras ? { ...s.extras, ...r } : r;
|
|
1260
|
+
d.nonce || (d.nonce = se(12));
|
|
1261
|
+
const y = { nonce: d.nonce }, p = await I(s, e), k = await t(
|
|
1279
1262
|
s.authority,
|
|
1280
1263
|
s.authority_configuration
|
|
1281
1264
|
);
|
|
1282
1265
|
let b;
|
|
1283
|
-
if (
|
|
1284
|
-
|
|
1266
|
+
if (p)
|
|
1267
|
+
p.setLoginParams({ callbackPath: c, extras: f }), await p.initAsync(k, "loginAsync", s), await p.setNonceAsync(y), p.startKeepAliveServiceWorker(), b = p;
|
|
1285
1268
|
else {
|
|
1286
|
-
const
|
|
1287
|
-
|
|
1269
|
+
const w = P(e, s.storage ?? sessionStorage);
|
|
1270
|
+
w.setLoginParams({ callbackPath: c, extras: f }), await w.setNonceAsync(y), b = w;
|
|
1288
1271
|
}
|
|
1289
1272
|
const E = {
|
|
1290
1273
|
client_id: s.client_id,
|
|
1291
1274
|
redirect_uri: _,
|
|
1292
1275
|
scope: u,
|
|
1293
1276
|
response_type: "code",
|
|
1294
|
-
...
|
|
1277
|
+
...d
|
|
1295
1278
|
};
|
|
1296
|
-
await
|
|
1279
|
+
await ns(b, o)(
|
|
1297
1280
|
k.authorizationEndpoint,
|
|
1298
1281
|
E
|
|
1299
1282
|
);
|
|
@@ -1301,22 +1284,22 @@ const us = () => {
|
|
|
1301
1284
|
throw n(m.loginAsync_error, _), _;
|
|
1302
1285
|
}
|
|
1303
1286
|
})();
|
|
1304
|
-
},
|
|
1287
|
+
}, ys = (e) => async (s = !1) => {
|
|
1305
1288
|
try {
|
|
1306
1289
|
e.publishEvent(m.loginCallbackAsync_begin, {});
|
|
1307
1290
|
const n = e.configuration, t = n.client_id, o = s ? n.silent_redirect_uri : n.redirect_uri, i = n.authority, r = n.token_request_timeout, a = await e.initAsync(
|
|
1308
1291
|
i,
|
|
1309
1292
|
n.authority_configuration
|
|
1310
1293
|
), u = e.location.getCurrentHref(), l = Y(u).session_state, c = await I(n, e.configurationName);
|
|
1311
|
-
let _,
|
|
1294
|
+
let _, d, y, p;
|
|
1312
1295
|
if (c)
|
|
1313
|
-
await c.initAsync(a, "loginCallbackAsync", n), await c.setSessionStateAsync(l),
|
|
1296
|
+
await c.initAsync(a, "loginCallbackAsync", n), await c.setSessionStateAsync(l), d = await c.getNonceAsync(), y = c.getLoginParams(), p = await c.getStateAsync(), c.startKeepAliveServiceWorker(), _ = c;
|
|
1314
1297
|
else {
|
|
1315
|
-
const
|
|
1298
|
+
const T = P(
|
|
1316
1299
|
e.configurationName,
|
|
1317
1300
|
n.storage ?? sessionStorage
|
|
1318
1301
|
);
|
|
1319
|
-
await
|
|
1302
|
+
await T.setSessionStateAsync(l), d = await T.getNonceAsync(), y = T.getLoginParams(), p = await T.getStateAsync(), _ = T;
|
|
1320
1303
|
}
|
|
1321
1304
|
const k = Y(u);
|
|
1322
1305
|
if (k.error || k.error_description)
|
|
@@ -1325,8 +1308,8 @@ const us = () => {
|
|
|
1325
1308
|
throw console.error(), new Error(
|
|
1326
1309
|
`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`
|
|
1327
1310
|
);
|
|
1328
|
-
if (k.state && k.state !==
|
|
1329
|
-
throw new Error(`State not valid (expected: ${
|
|
1311
|
+
if (k.state && k.state !== p)
|
|
1312
|
+
throw new Error(`State not valid (expected: ${p}, received: ${k.state})`);
|
|
1330
1313
|
const b = {
|
|
1331
1314
|
code: k.code,
|
|
1332
1315
|
grant_type: "authorization_code",
|
|
@@ -1334,58 +1317,58 @@ const us = () => {
|
|
|
1334
1317
|
redirect_uri: o
|
|
1335
1318
|
}, E = {};
|
|
1336
1319
|
if (n.token_request_extras)
|
|
1337
|
-
for (const [
|
|
1338
|
-
E[
|
|
1339
|
-
if (
|
|
1340
|
-
for (const [
|
|
1341
|
-
|
|
1342
|
-
const
|
|
1320
|
+
for (const [T, K] of Object.entries(n.token_request_extras))
|
|
1321
|
+
E[T] = K;
|
|
1322
|
+
if (y != null && y.extras)
|
|
1323
|
+
for (const [T, K] of Object.entries(y.extras))
|
|
1324
|
+
T.endsWith(":token_request") && (E[T.replace(":token_request", "")] = K);
|
|
1325
|
+
const w = a.tokenEndpoint, v = {};
|
|
1343
1326
|
if (n.demonstrating_proof_of_possession)
|
|
1344
1327
|
if (c)
|
|
1345
|
-
|
|
1328
|
+
v.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
|
|
1346
1329
|
else {
|
|
1347
|
-
const
|
|
1330
|
+
const T = await Ge(window)(
|
|
1348
1331
|
n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
|
|
1349
1332
|
);
|
|
1350
|
-
await P(e.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(
|
|
1333
|
+
await P(e.configurationName, n.storage).setDemonstratingProofOfPossessionJwkAsync(T), v.DPoP = await Se(window)(
|
|
1351
1334
|
n.demonstrating_proof_of_possession_configuration
|
|
1352
|
-
)(
|
|
1335
|
+
)(T, "POST", w);
|
|
1353
1336
|
}
|
|
1354
|
-
const
|
|
1355
|
-
|
|
1337
|
+
const h = await ts(_)(
|
|
1338
|
+
w,
|
|
1356
1339
|
{ ...b, ...E },
|
|
1357
|
-
|
|
1340
|
+
v,
|
|
1358
1341
|
e.configuration.token_renew_mode,
|
|
1359
1342
|
r
|
|
1360
1343
|
);
|
|
1361
|
-
if (!
|
|
1344
|
+
if (!h.success)
|
|
1362
1345
|
throw new Error("Token request failed");
|
|
1363
|
-
let
|
|
1364
|
-
const
|
|
1365
|
-
if (
|
|
1346
|
+
let g;
|
|
1347
|
+
const A = h.data.tokens, S = h.data.demonstratingProofOfPossessionNonce;
|
|
1348
|
+
if (h.data.state !== E.state)
|
|
1366
1349
|
throw new Error("state is not valid");
|
|
1367
|
-
const { isValid:
|
|
1368
|
-
|
|
1369
|
-
|
|
1350
|
+
const { isValid: W, reason: L } = me(
|
|
1351
|
+
A,
|
|
1352
|
+
d.nonce,
|
|
1370
1353
|
a
|
|
1371
1354
|
);
|
|
1372
|
-
if (!
|
|
1355
|
+
if (!W)
|
|
1373
1356
|
throw new Error(`Tokens are not OpenID valid, reason: ${L}`);
|
|
1374
1357
|
if (c) {
|
|
1375
|
-
if (
|
|
1358
|
+
if (A.refreshToken && !A.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1376
1359
|
throw new Error("Refresh token should be hidden by service worker");
|
|
1377
|
-
if (
|
|
1360
|
+
if (S && (A != null && A.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))
|
|
1378
1361
|
throw new Error(
|
|
1379
1362
|
"Demonstration of proof of possession require Access token not hidden by service worker"
|
|
1380
1363
|
);
|
|
1381
1364
|
}
|
|
1382
1365
|
if (c)
|
|
1383
|
-
await c.initAsync(a, "syncTokensAsync", n),
|
|
1384
|
-
|
|
1366
|
+
await c.initAsync(a, "syncTokensAsync", n), g = c.getLoginParams(), S && await c.setDemonstratingProofOfPossessionNonce(
|
|
1367
|
+
S
|
|
1385
1368
|
);
|
|
1386
1369
|
else {
|
|
1387
|
-
const
|
|
1388
|
-
|
|
1370
|
+
const T = P(e.configurationName, n.storage);
|
|
1371
|
+
g = T.getLoginParams(), S && await T.setDemonstratingProofOfPossessionNonce(S);
|
|
1389
1372
|
}
|
|
1390
1373
|
return await e.startCheckSessionAsync(
|
|
1391
1374
|
a.checkSessionIframe,
|
|
@@ -1393,9 +1376,9 @@ const us = () => {
|
|
|
1393
1376
|
l,
|
|
1394
1377
|
s
|
|
1395
1378
|
), e.publishEvent(m.loginCallbackAsync_end, {}), {
|
|
1396
|
-
tokens:
|
|
1379
|
+
tokens: A,
|
|
1397
1380
|
state: "request.state",
|
|
1398
|
-
callbackPath:
|
|
1381
|
+
callbackPath: g.callbackPath
|
|
1399
1382
|
};
|
|
1400
1383
|
} catch (n) {
|
|
1401
1384
|
throw console.error(n), e.publishEvent(m.loginCallbackAsync_error, n), n;
|
|
@@ -1414,7 +1397,7 @@ const us = () => {
|
|
|
1414
1397
|
return n;
|
|
1415
1398
|
}
|
|
1416
1399
|
return n;
|
|
1417
|
-
},
|
|
1400
|
+
}, gs = (e) => {
|
|
1418
1401
|
const s = {};
|
|
1419
1402
|
if (e) {
|
|
1420
1403
|
for (const [n, t] of Object.entries(e))
|
|
@@ -1422,114 +1405,114 @@ const us = () => {
|
|
|
1422
1405
|
return s;
|
|
1423
1406
|
}
|
|
1424
1407
|
return s;
|
|
1425
|
-
},
|
|
1408
|
+
}, ks = (e) => async (s) => {
|
|
1426
1409
|
M.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
|
|
1427
1410
|
const n = await I(e.configuration, e.configurationName);
|
|
1428
1411
|
n ? await n.clearAsync(s) : await P(e.configurationName, e.configuration.storage).clearAsync(s), e.tokens = null, e.userInfo = null;
|
|
1429
|
-
},
|
|
1412
|
+
}, ms = (e, s, n, t, o) => async (i = void 0, r = null) => {
|
|
1430
1413
|
var b, E;
|
|
1431
1414
|
const a = e.configuration, u = await e.initAsync(
|
|
1432
1415
|
a.authority,
|
|
1433
1416
|
a.authority_configuration
|
|
1434
1417
|
);
|
|
1435
1418
|
i && typeof i != "string" && (i = void 0, t.warn("callbackPathOrUrl path is not a string"));
|
|
1436
|
-
const
|
|
1419
|
+
const f = i ?? o.getPath();
|
|
1437
1420
|
let l = !1;
|
|
1438
1421
|
i && (l = i.includes("https://") || i.includes("http://"));
|
|
1439
|
-
const c = l ? i : o.getOrigin() +
|
|
1422
|
+
const c = l ? i : o.getOrigin() + f, _ = e.tokens ? e.tokens.idToken : "";
|
|
1440
1423
|
try {
|
|
1441
|
-
const
|
|
1442
|
-
if (
|
|
1443
|
-
const
|
|
1444
|
-
if (
|
|
1445
|
-
const
|
|
1446
|
-
|
|
1447
|
-
|
|
1424
|
+
const w = u.revocationEndpoint;
|
|
1425
|
+
if (w) {
|
|
1426
|
+
const v = [], h = e.tokens ? e.tokens.accessToken : null;
|
|
1427
|
+
if (h && a.logout_tokens_to_invalidate.includes(ye.access_token)) {
|
|
1428
|
+
const A = Q(r, ":revoke_access_token"), S = de(n)(
|
|
1429
|
+
w,
|
|
1430
|
+
h,
|
|
1448
1431
|
ne.access_token,
|
|
1449
1432
|
a.client_id,
|
|
1450
|
-
|
|
1433
|
+
A
|
|
1451
1434
|
);
|
|
1452
|
-
|
|
1435
|
+
v.push(S);
|
|
1453
1436
|
}
|
|
1454
|
-
const
|
|
1455
|
-
if (
|
|
1456
|
-
const
|
|
1457
|
-
|
|
1458
|
-
|
|
1437
|
+
const g = e.tokens ? e.tokens.refreshToken : null;
|
|
1438
|
+
if (g && a.logout_tokens_to_invalidate.includes(ye.refresh_token)) {
|
|
1439
|
+
const A = Q(r, ":revoke_refresh_token"), S = de(n)(
|
|
1440
|
+
w,
|
|
1441
|
+
g,
|
|
1459
1442
|
ne.refresh_token,
|
|
1460
1443
|
a.client_id,
|
|
1461
|
-
|
|
1444
|
+
A
|
|
1462
1445
|
);
|
|
1463
|
-
|
|
1446
|
+
v.push(S);
|
|
1464
1447
|
}
|
|
1465
|
-
|
|
1448
|
+
v.length > 0 && await Promise.all(v);
|
|
1466
1449
|
}
|
|
1467
|
-
} catch (
|
|
1450
|
+
} catch (w) {
|
|
1468
1451
|
t.warn(
|
|
1469
1452
|
"logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"
|
|
1470
|
-
), t.warn(
|
|
1453
|
+
), t.warn(w);
|
|
1471
1454
|
}
|
|
1472
|
-
const
|
|
1455
|
+
const d = ((E = (b = e.tokens) == null ? void 0 : b.idTokenPayload) == null ? void 0 : E.sub) ?? null;
|
|
1473
1456
|
await e.destroyAsync("LOGGED_OUT");
|
|
1474
|
-
for (const [,
|
|
1475
|
-
|
|
1476
|
-
const
|
|
1477
|
-
if (
|
|
1457
|
+
for (const [, w] of Object.entries(s))
|
|
1458
|
+
w !== e ? await e.logoutSameTabAsync(e.configuration.client_id, d) : e.publishEvent(m.logout_from_same_tab, {});
|
|
1459
|
+
const y = Q(r, ":oidc");
|
|
1460
|
+
if (y && y.no_reload === "true")
|
|
1478
1461
|
return;
|
|
1479
|
-
const k =
|
|
1462
|
+
const k = gs(r);
|
|
1480
1463
|
if (u.endSessionEndpoint) {
|
|
1481
1464
|
"id_token_hint" in k || (k.id_token_hint = _), !("post_logout_redirect_uri" in k) && i !== null && (k.post_logout_redirect_uri = c);
|
|
1482
|
-
let
|
|
1483
|
-
for (const [
|
|
1484
|
-
|
|
1485
|
-
o.open(`${u.endSessionEndpoint}${
|
|
1465
|
+
let w = "";
|
|
1466
|
+
for (const [v, h] of Object.entries(k))
|
|
1467
|
+
h != null && (w === "" ? w += "?" : w += "&", w += `${v}=${encodeURIComponent(h)}`);
|
|
1468
|
+
o.open(`${u.endSessionEndpoint}${w}`);
|
|
1486
1469
|
} else
|
|
1487
1470
|
o.reload();
|
|
1488
1471
|
}, Oe = (e, s, n = !1) => async (...t) => {
|
|
1489
|
-
var
|
|
1472
|
+
var d;
|
|
1490
1473
|
const [o, i, ...r] = t, a = i ? { ...i } : { method: "GET" };
|
|
1491
1474
|
let u = new Headers();
|
|
1492
1475
|
a.headers && (u = a.headers instanceof Headers ? a.headers : new Headers(a.headers));
|
|
1493
|
-
const
|
|
1476
|
+
const f = {
|
|
1494
1477
|
tokens: s.tokens,
|
|
1495
1478
|
configuration: { token_automatic_renew_mode: s.configuration.token_automatic_renew_mode },
|
|
1496
1479
|
renewTokensAsync: s.renewTokensAsync.bind(s)
|
|
1497
|
-
}, l = await ke(
|
|
1480
|
+
}, l = await ke(f), c = (d = l == null ? void 0 : l.tokens) == null ? void 0 : d.accessToken;
|
|
1498
1481
|
if (u.has("Accept") || u.set("Accept", "application/json"), c) {
|
|
1499
1482
|
if (s.configuration.demonstrating_proof_of_possession && n) {
|
|
1500
|
-
const
|
|
1483
|
+
const y = await s.generateDemonstrationOfProofOfPossessionAsync(
|
|
1501
1484
|
c,
|
|
1502
1485
|
o.toString(),
|
|
1503
1486
|
a.method
|
|
1504
1487
|
);
|
|
1505
|
-
u.set("Authorization", `PoP ${c}`), u.set("DPoP",
|
|
1488
|
+
u.set("Authorization", `PoP ${c}`), u.set("DPoP", y);
|
|
1506
1489
|
} else
|
|
1507
1490
|
u.set("Authorization", `Bearer ${c}`);
|
|
1508
1491
|
a.credentials || (a.credentials = "same-origin");
|
|
1509
1492
|
}
|
|
1510
1493
|
const _ = { ...a, headers: u };
|
|
1511
1494
|
return await e(o, _, ...r);
|
|
1512
|
-
},
|
|
1495
|
+
}, ps = (e) => async (s = !1, n = !1) => {
|
|
1513
1496
|
if (e.userInfo != null && !s)
|
|
1514
1497
|
return e.userInfo;
|
|
1515
1498
|
const t = e.configuration, i = (await e.initAsync(
|
|
1516
1499
|
t.authority,
|
|
1517
1500
|
t.authority_configuration
|
|
1518
1501
|
)).userInfoEndpoint, a = await (async () => {
|
|
1519
|
-
const
|
|
1520
|
-
return
|
|
1502
|
+
const f = await Oe(fetch, e, n)(i);
|
|
1503
|
+
return f.status !== 200 ? null : f.json();
|
|
1521
1504
|
})();
|
|
1522
1505
|
return e.userInfo = a, a;
|
|
1523
|
-
},
|
|
1506
|
+
}, ws = () => fetch;
|
|
1524
1507
|
class te {
|
|
1525
1508
|
constructor(s) {
|
|
1526
1509
|
this.authorizationEndpoint = s.authorization_endpoint, this.tokenEndpoint = s.token_endpoint, this.revocationEndpoint = s.revocation_endpoint, this.userInfoEndpoint = s.userinfo_endpoint, this.checkSessionIframe = s.check_session_iframe, this.issuer = s.issuer, this.endSessionEndpoint = s.end_session_endpoint;
|
|
1527
1510
|
}
|
|
1528
1511
|
}
|
|
1529
|
-
const
|
|
1512
|
+
const x = {}, As = (e, s = new q()) => (n, t = "default") => (x[t] || (x[t] = new C(n, t, e, s)), x[t]), Ss = async (e) => {
|
|
1530
1513
|
const { parsedTokens: s, callbackPath: n } = await e.loginCallbackAsync();
|
|
1531
1514
|
return e.timeoutId = J(e, s.expiresAt), { callbackPath: n };
|
|
1532
|
-
},
|
|
1515
|
+
}, vs = (e) => Math.floor(Math.random() * e), F = class F {
|
|
1533
1516
|
constructor(s, n = "default", t, o = new q()) {
|
|
1534
1517
|
this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
|
|
1535
1518
|
let i = s.silent_login_uri;
|
|
@@ -1552,13 +1535,13 @@ const W = {}, ws = (e, s = new q()) => (n, t = "default") => (W[t] || (W[t] = ne
|
|
|
1552
1535
|
"refresh_token"
|
|
1553
1536
|
],
|
|
1554
1537
|
service_worker_update_require_callback: a,
|
|
1555
|
-
service_worker_activate: s.service_worker_activate ??
|
|
1556
|
-
demonstrating_proof_of_possession_configuration: s.demonstrating_proof_of_possession_configuration ??
|
|
1538
|
+
service_worker_activate: s.service_worker_activate ?? _s,
|
|
1539
|
+
demonstrating_proof_of_possession_configuration: s.demonstrating_proof_of_possession_configuration ?? Fe,
|
|
1557
1540
|
preload_user_info: s.preload_user_info ?? !1
|
|
1558
|
-
}, this.getFetch = t ??
|
|
1541
|
+
}, this.getFetch = t ?? ws, this.configurationName = n, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
|
|
1559
1542
|
}
|
|
1560
1543
|
subscribeEvents(s) {
|
|
1561
|
-
const n =
|
|
1544
|
+
const n = vs(9999999999999).toString();
|
|
1562
1545
|
return this.events.push({ id: n, func: s }), n;
|
|
1563
1546
|
}
|
|
1564
1547
|
removeEventSubscription(s) {
|
|
@@ -1572,10 +1555,10 @@ const W = {}, ws = (e, s = new q()) => (n, t = "default") => (W[t] || (W[t] = ne
|
|
|
1572
1555
|
}
|
|
1573
1556
|
static get(s = "default") {
|
|
1574
1557
|
const n = typeof process > "u";
|
|
1575
|
-
if (!Object.prototype.hasOwnProperty.call(
|
|
1558
|
+
if (!Object.prototype.hasOwnProperty.call(x, s) && n)
|
|
1576
1559
|
throw Error(`OIDC library does seem initialized.
|
|
1577
1560
|
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${s}"></OidcProvider> component.`);
|
|
1578
|
-
return
|
|
1561
|
+
return x[s];
|
|
1579
1562
|
}
|
|
1580
1563
|
_silentLoginCallbackFromIFrame() {
|
|
1581
1564
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
@@ -1620,7 +1603,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1620
1603
|
issuer: n.issuer
|
|
1621
1604
|
});
|
|
1622
1605
|
const i = await I(this.configuration, this.configurationName) ? window.localStorage : null;
|
|
1623
|
-
return await
|
|
1606
|
+
return await es(this.getFetch())(
|
|
1624
1607
|
s,
|
|
1625
1608
|
this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60,
|
|
1626
1609
|
i,
|
|
@@ -1632,12 +1615,12 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1632
1615
|
});
|
|
1633
1616
|
}
|
|
1634
1617
|
async tryKeepExistingSessionAsync() {
|
|
1635
|
-
return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise =
|
|
1618
|
+
return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise = fs(this), this.tryKeepExistingSessionPromise.finally(() => {
|
|
1636
1619
|
this.tryKeepExistingSessionPromise = null;
|
|
1637
1620
|
}));
|
|
1638
1621
|
}
|
|
1639
1622
|
async startCheckSessionAsync(s, n, t, o = !1) {
|
|
1640
|
-
await
|
|
1623
|
+
await as(this, x, this.configuration)(
|
|
1641
1624
|
s,
|
|
1642
1625
|
n,
|
|
1643
1626
|
t,
|
|
@@ -1645,13 +1628,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1645
1628
|
);
|
|
1646
1629
|
}
|
|
1647
1630
|
async loginAsync(s = void 0, n = null, t = !1, o = void 0, i = !1) {
|
|
1648
|
-
return this.logoutPromise && await this.logoutPromise, this.loginPromise !== null ? this.loginPromise : i ?
|
|
1631
|
+
return this.logoutPromise && await this.logoutPromise, this.loginPromise !== null ? this.loginPromise : i ? rs(
|
|
1649
1632
|
window,
|
|
1650
1633
|
this.configurationName,
|
|
1651
1634
|
this.configuration,
|
|
1652
1635
|
this.publishEvent.bind(this),
|
|
1653
1636
|
this
|
|
1654
|
-
)(n, o) : (this.loginPromise =
|
|
1637
|
+
)(n, o) : (this.loginPromise = hs(
|
|
1655
1638
|
this.configurationName,
|
|
1656
1639
|
this.configuration,
|
|
1657
1640
|
this.publishEvent.bind(this),
|
|
@@ -1665,7 +1648,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1665
1648
|
if (this.loginCallbackPromise !== null)
|
|
1666
1649
|
return this.loginCallbackPromise;
|
|
1667
1650
|
const n = async () => {
|
|
1668
|
-
const t = await
|
|
1651
|
+
const t = await ys(this)(s), o = t.tokens;
|
|
1669
1652
|
return this.tokens = o, await I(this.configuration, this.configurationName) || P(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(F.eventNames.token_acquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), { parsedTokens: o, state: t.state, callbackPath: t.callbackPath };
|
|
1670
1653
|
};
|
|
1671
1654
|
return this.loginCallbackPromise = n(), this.loginCallbackPromise.finally(() => {
|
|
@@ -1679,18 +1662,18 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1679
1662
|
};
|
|
1680
1663
|
if (await I(i, this.configurationName))
|
|
1681
1664
|
return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
|
|
1682
|
-
const u = P(this.configurationName, i.storage),
|
|
1665
|
+
const u = P(this.configurationName, i.storage), f = await u.getDemonstratingProofOfPossessionJwkAsync(), l = u.getDemonstratingProofOfPossessionNonce();
|
|
1683
1666
|
return l && (r.nonce = l), await Se(window)(
|
|
1684
1667
|
i.demonstrating_proof_of_possession_configuration
|
|
1685
|
-
)(
|
|
1668
|
+
)(f, t, n, r);
|
|
1686
1669
|
}
|
|
1687
1670
|
loginCallbackWithAutoTokensRenewAsync() {
|
|
1688
|
-
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise =
|
|
1671
|
+
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = Ss(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
|
|
1689
1672
|
this.loginCallbackWithAutoTokensRenewPromise = null;
|
|
1690
1673
|
}));
|
|
1691
1674
|
}
|
|
1692
1675
|
userInfoAsync(s = !1, n = !1) {
|
|
1693
|
-
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise =
|
|
1676
|
+
return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = ps(this)(s, n), this.userInfoPromise.finally(() => {
|
|
1694
1677
|
this.userInfoPromise = null;
|
|
1695
1678
|
}));
|
|
1696
1679
|
}
|
|
@@ -1703,7 +1686,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1703
1686
|
});
|
|
1704
1687
|
}
|
|
1705
1688
|
async destroyAsync(s) {
|
|
1706
|
-
return await
|
|
1689
|
+
return await ks(this)(s);
|
|
1707
1690
|
}
|
|
1708
1691
|
async logoutSameTabAsync(s, n) {
|
|
1709
1692
|
this.configuration.monitor_session && this.configuration.client_id === s && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_same_tab, { mmessage: "SessionMonitor", sub: n }));
|
|
@@ -1712,9 +1695,9 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1712
1695
|
this.configuration.monitor_session && this.configuration.client_id === s && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(m.logout_from_another_tab, { message: "SessionMonitor", sub: n }));
|
|
1713
1696
|
}
|
|
1714
1697
|
async logoutAsync(s = void 0, n = null) {
|
|
1715
|
-
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise =
|
|
1698
|
+
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = ms(
|
|
1716
1699
|
this,
|
|
1717
|
-
|
|
1700
|
+
x,
|
|
1718
1701
|
this.getFetch(),
|
|
1719
1702
|
console,
|
|
1720
1703
|
this.location
|
|
@@ -1723,7 +1706,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1723
1706
|
}));
|
|
1724
1707
|
}
|
|
1725
1708
|
};
|
|
1726
|
-
F.getOrCreate = (s, n) => (t, o = "default") =>
|
|
1709
|
+
F.getOrCreate = (s, n) => (t, o = "default") => As(s, n)(t, o), F.eventNames = m;
|
|
1727
1710
|
let C = F;
|
|
1728
1711
|
const $ = class $ {
|
|
1729
1712
|
constructor(s) {
|
|
@@ -1793,7 +1776,7 @@ export {
|
|
|
1793
1776
|
q as OidcLocation,
|
|
1794
1777
|
V as TokenAutomaticRenewMode,
|
|
1795
1778
|
Z as TokenRenewMode,
|
|
1796
|
-
|
|
1779
|
+
ws as getFetchDefault,
|
|
1797
1780
|
Y as getParseQueryStringFromLocation,
|
|
1798
|
-
|
|
1781
|
+
Ts as getPath
|
|
1799
1782
|
};
|