@axa-fr/oidc-client 7.22.29 → 7.22.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +320 -318
- package/dist/index.umd.cjs +2 -2
- package/dist/initWorker.d.ts.map +1 -1
- package/dist/parseTokens.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/initWorker.ts +6 -1
- package/src/parseTokens.ts +0 -2
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -16,8 +16,8 @@ class q {
|
|
|
16
16
|
return window.origin;
|
|
17
17
|
}
|
|
18
18
|
}
|
|
19
|
-
const ae = 2e3,
|
|
20
|
-
class
|
|
19
|
+
const ae = 2e3, R = console;
|
|
20
|
+
class Ie {
|
|
21
21
|
constructor(n, s, t, o = ae, i = !0) {
|
|
22
22
|
this._callback = n, this._client_id = s, this._url = t, this._interval = o || ae, this._stopOnError = i;
|
|
23
23
|
const r = t.indexOf("/", t.indexOf("//") + 2);
|
|
@@ -31,10 +31,10 @@ class Pe {
|
|
|
31
31
|
});
|
|
32
32
|
}
|
|
33
33
|
_message(n) {
|
|
34
|
-
n.origin === this._frame_origin && n.source === this._frame.contentWindow && (n.data === "error" ? (
|
|
34
|
+
n.origin === this._frame_origin && n.source === this._frame.contentWindow && (n.data === "error" ? (R.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : n.data === "changed" ? (R.debug(n), R.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : R.debug("CheckSessionIFrame: " + n.data + " message from check session op iframe"));
|
|
35
35
|
}
|
|
36
36
|
start(n) {
|
|
37
|
-
|
|
37
|
+
R.debug("CheckSessionIFrame.start :" + n), this.stop();
|
|
38
38
|
const s = () => {
|
|
39
39
|
this._frame.contentWindow.postMessage(
|
|
40
40
|
this._client_id + " " + n,
|
|
@@ -44,7 +44,7 @@ class Pe {
|
|
|
44
44
|
s(), this._timer = window.setInterval(s, this._interval);
|
|
45
45
|
}
|
|
46
46
|
stop() {
|
|
47
|
-
this._timer && (
|
|
47
|
+
this._timer && (R.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
50
|
const m = {
|
|
@@ -77,47 +77,47 @@ const m = {
|
|
|
77
77
|
syncTokensAsync_error: "syncTokensAsync_error",
|
|
78
78
|
tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
|
|
79
79
|
}, P = (e, n = sessionStorage) => {
|
|
80
|
-
const s = (
|
|
80
|
+
const s = (y) => (n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: y }), Promise.resolve()), t = async () => {
|
|
81
81
|
if (!n[`oidc.${e}`])
|
|
82
82
|
return n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
|
|
83
|
-
const
|
|
84
|
-
return Promise.resolve({ tokens:
|
|
85
|
-
}, o = (
|
|
86
|
-
n[`oidc.${e}`] = JSON.stringify({ tokens:
|
|
87
|
-
}, i = async (
|
|
88
|
-
n[`oidc.session_state.${e}`] =
|
|
89
|
-
}, r = async () => n[`oidc.session_state.${e}`], a = (
|
|
90
|
-
n[`oidc.nonce.${e}`] =
|
|
91
|
-
}, u = (
|
|
92
|
-
n[`oidc.jwk.${e}`] = JSON.stringify(
|
|
93
|
-
}, f = () => JSON.parse(n[`oidc.jwk.${e}`]), l = async () => ({ nonce: n[`oidc.nonce.${e}`] }), c = async (
|
|
94
|
-
n[`oidc.dpop_nonce.${e}`] =
|
|
95
|
-
}, _ = () => n[`oidc.dpop_nonce.${e}`],
|
|
83
|
+
const y = JSON.parse(n[`oidc.${e}`]);
|
|
84
|
+
return Promise.resolve({ tokens: y.tokens, status: y.status });
|
|
85
|
+
}, o = (y) => {
|
|
86
|
+
n[`oidc.${e}`] = JSON.stringify({ tokens: y });
|
|
87
|
+
}, i = async (y) => {
|
|
88
|
+
n[`oidc.session_state.${e}`] = y;
|
|
89
|
+
}, r = async () => n[`oidc.session_state.${e}`], a = (y) => {
|
|
90
|
+
n[`oidc.nonce.${e}`] = y.nonce;
|
|
91
|
+
}, u = (y) => {
|
|
92
|
+
n[`oidc.jwk.${e}`] = JSON.stringify(y);
|
|
93
|
+
}, f = () => JSON.parse(n[`oidc.jwk.${e}`]), l = async () => ({ nonce: n[`oidc.nonce.${e}`] }), c = async (y) => {
|
|
94
|
+
n[`oidc.dpop_nonce.${e}`] = y;
|
|
95
|
+
}, _ = () => n[`oidc.dpop_nonce.${e}`], h = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, g = {};
|
|
96
96
|
return {
|
|
97
97
|
clearAsync: s,
|
|
98
98
|
initAsync: t,
|
|
99
99
|
setTokens: o,
|
|
100
|
-
getTokens:
|
|
100
|
+
getTokens: h,
|
|
101
101
|
setSessionStateAsync: i,
|
|
102
102
|
getSessionStateAsync: r,
|
|
103
103
|
setNonceAsync: a,
|
|
104
104
|
getNonceAsync: l,
|
|
105
|
-
setLoginParams: (
|
|
106
|
-
|
|
105
|
+
setLoginParams: (y) => {
|
|
106
|
+
g[e] = y, n[`oidc.login.${e}`] = JSON.stringify(y);
|
|
107
107
|
},
|
|
108
108
|
getLoginParams: () => {
|
|
109
|
-
const
|
|
110
|
-
return
|
|
109
|
+
const y = n[`oidc.login.${e}`];
|
|
110
|
+
return y ? (g[e] || (g[e] = JSON.parse(y)), g[e]) : (console.warn(
|
|
111
111
|
`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`
|
|
112
112
|
), null);
|
|
113
113
|
},
|
|
114
114
|
getStateAsync: async () => n[`oidc.state.${e}`],
|
|
115
|
-
setStateAsync: async (
|
|
116
|
-
n[`oidc.state.${e}`] =
|
|
115
|
+
setStateAsync: async (y) => {
|
|
116
|
+
n[`oidc.state.${e}`] = y;
|
|
117
117
|
},
|
|
118
118
|
getCodeVerifierAsync: async () => n[`oidc.code_verifier.${e}`],
|
|
119
|
-
setCodeVerifierAsync: async (
|
|
120
|
-
n[`oidc.code_verifier.${e}`] =
|
|
119
|
+
setCodeVerifierAsync: async (y) => {
|
|
120
|
+
n[`oidc.code_verifier.${e}`] = y;
|
|
121
121
|
},
|
|
122
122
|
setDemonstratingProofOfPossessionNonce: c,
|
|
123
123
|
getDemonstratingProofOfPossessionNonce: _,
|
|
@@ -126,21 +126,21 @@ const m = {
|
|
|
126
126
|
};
|
|
127
127
|
};
|
|
128
128
|
var J = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(J || {});
|
|
129
|
-
const
|
|
129
|
+
const Ce = (e) => decodeURIComponent(
|
|
130
130
|
Array.prototype.map.call(atob(e), (n) => "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2)).join("")
|
|
131
|
-
),
|
|
131
|
+
), Ne = (e) => JSON.parse(Ce(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), ce = (e) => {
|
|
132
132
|
try {
|
|
133
|
-
return e &&
|
|
133
|
+
return e && xe(e, ".") === 2 ? Ne(e.split(".")[1]) : null;
|
|
134
134
|
} catch (n) {
|
|
135
135
|
console.warn(n);
|
|
136
136
|
}
|
|
137
137
|
return null;
|
|
138
|
-
},
|
|
138
|
+
}, xe = (e, n) => e.split(n).length - 1, Q = {
|
|
139
139
|
access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
|
|
140
140
|
access_token_invalid: "access_token_invalid",
|
|
141
141
|
id_token_invalid: "id_token_invalid"
|
|
142
142
|
};
|
|
143
|
-
function
|
|
143
|
+
function We(e, n, s) {
|
|
144
144
|
if (e.issuedAt) {
|
|
145
145
|
if (typeof e.issuedAt == "string")
|
|
146
146
|
return parseInt(e.issuedAt, 10);
|
|
@@ -156,7 +156,7 @@ const te = (e, n = null, s) => {
|
|
|
156
156
|
let i;
|
|
157
157
|
n != null && "idToken" in n && !("idToken" in e) ? i = n.idToken : i = e.idToken;
|
|
158
158
|
const r = e.idTokenPayload ? e.idTokenPayload : ce(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, u = t && t.exp ? t.exp : e.issuedAt + o;
|
|
159
|
-
e.issuedAt =
|
|
159
|
+
e.issuedAt = We(e, t, r);
|
|
160
160
|
let f;
|
|
161
161
|
e.expiresAt ? f = e.expiresAt : s === Q.access_token_invalid ? f = u : s === Q.id_token_invalid ? f = a : f = a < u ? a : u;
|
|
162
162
|
const l = {
|
|
@@ -190,7 +190,7 @@ const te = (e, n = null, s) => {
|
|
|
190
190
|
}, V = (e, n) => {
|
|
191
191
|
const s = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = n - s;
|
|
192
192
|
return Math.round(t - e);
|
|
193
|
-
}, le = (e, n = 0) => e ? V(n, e.expiresAt) > 0 : !1,
|
|
193
|
+
}, le = (e, n = 0) => e ? V(n, e.expiresAt) > 0 : !1, me = async (e, n = 200, s = 50) => {
|
|
194
194
|
let t = s;
|
|
195
195
|
if (!e.getTokens())
|
|
196
196
|
return null;
|
|
@@ -198,7 +198,7 @@ const te = (e, n = null, s) => {
|
|
|
198
198
|
e.getTokens(),
|
|
199
199
|
e.configuration.refresh_time_before_tokens_expiration_in_second
|
|
200
200
|
) && t > 0; ) {
|
|
201
|
-
if (
|
|
201
|
+
if (e.configuration.token_automatic_renew_mode == J.AutomaticOnlyWhenFetchExecuted) {
|
|
202
202
|
await e.renewTokensAsync({});
|
|
203
203
|
break;
|
|
204
204
|
} else
|
|
@@ -210,7 +210,7 @@ const te = (e, n = null, s) => {
|
|
|
210
210
|
tokens: e.getTokens(),
|
|
211
211
|
numberWaited: t - s
|
|
212
212
|
};
|
|
213
|
-
},
|
|
213
|
+
}, pe = (e, n, s) => {
|
|
214
214
|
if (e.idTokenPayload) {
|
|
215
215
|
const t = e.idTokenPayload;
|
|
216
216
|
if (s.issuer !== t.iss)
|
|
@@ -237,7 +237,7 @@ const te = (e, n = null, s) => {
|
|
|
237
237
|
};
|
|
238
238
|
}
|
|
239
239
|
return { isValid: !0, reason: "" };
|
|
240
|
-
},
|
|
240
|
+
}, U = function() {
|
|
241
241
|
const e = typeof window > "u" ? global : window;
|
|
242
242
|
return {
|
|
243
243
|
setTimeout: setTimeout.bind(e),
|
|
@@ -245,20 +245,20 @@ const te = (e, n = null, s) => {
|
|
|
245
245
|
setInterval: setInterval.bind(e),
|
|
246
246
|
clearInterval: clearInterval.bind(e)
|
|
247
247
|
};
|
|
248
|
-
}(), ue = "7.22.
|
|
248
|
+
}(), ue = "7.22.31";
|
|
249
249
|
let _e = null, j;
|
|
250
|
-
const X = ({ milliseconds: e }) => new Promise((n) =>
|
|
250
|
+
const X = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), we = (e = "/") => {
|
|
251
251
|
try {
|
|
252
252
|
j = new AbortController(), fetch(
|
|
253
253
|
`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,
|
|
254
254
|
{ signal: j.signal }
|
|
255
255
|
).catch((t) => {
|
|
256
256
|
console.log(t);
|
|
257
|
-
}), X({ milliseconds: 150 * 1e3 }).then(
|
|
257
|
+
}), X({ milliseconds: 150 * 1e3 }).then(we);
|
|
258
258
|
} catch (n) {
|
|
259
259
|
console.log(n);
|
|
260
260
|
}
|
|
261
|
-
},
|
|
261
|
+
}, fe = () => {
|
|
262
262
|
j && j.abort();
|
|
263
263
|
}, Le = (e = "/") => fetch(`${e}OidcKeepAliveServiceWorker.json`, {
|
|
264
264
|
headers: {
|
|
@@ -276,7 +276,7 @@ const X = ({ milliseconds: e }) => new Promise((n) => K.setTimeout(n, e)), pe =
|
|
|
276
276
|
return n;
|
|
277
277
|
const s = globalThis.crypto.randomUUID();
|
|
278
278
|
return sessionStorage.setItem(`oidc.tabId.${e}`, s), s;
|
|
279
|
-
},
|
|
279
|
+
}, E = (e) => (n) => new Promise(function(s, t) {
|
|
280
280
|
const o = new MessageChannel();
|
|
281
281
|
o.port1.onmessage = function(i) {
|
|
282
282
|
i != null && i.data.error ? t(i.data.error) : s(i.data), o.port1.close(), o.port2.close();
|
|
@@ -284,56 +284,58 @@ const X = ({ milliseconds: e }) => new Promise((n) => K.setTimeout(n, e)), pe =
|
|
|
284
284
|
o.port2
|
|
285
285
|
]);
|
|
286
286
|
}), I = async (e, n) => {
|
|
287
|
+
var O;
|
|
287
288
|
const s = e.service_worker_relative_url;
|
|
288
289
|
if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !s || e.service_worker_activate() === !1)
|
|
289
290
|
return null;
|
|
290
291
|
let t = null;
|
|
291
|
-
e.service_worker_register ? t = await e.service_worker_register(s) : t = await navigator.serviceWorker.register(s);
|
|
292
|
+
e.service_worker_register ? t = await e.service_worker_register(s) : (t = await navigator.serviceWorker.register(s), t.active && t.waiting && (console.log("Detected new service worker waiting, unregistering and reloading"), await ((O = e.service_worker_update_require_callback) == null ? void 0 : O.call(e, t, fe))));
|
|
292
293
|
try {
|
|
293
|
-
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await
|
|
294
|
+
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await E(t)({ type: "claim" });
|
|
294
295
|
} catch {
|
|
295
296
|
return null;
|
|
296
297
|
}
|
|
297
|
-
const o = async (
|
|
298
|
-
|
|
298
|
+
const o = async (d) => E(t)({ type: "clear", data: { status: d }, configurationName: n }), i = async (d, p, N) => {
|
|
299
|
+
var x;
|
|
300
|
+
const D = await E(t)({
|
|
299
301
|
type: "init",
|
|
300
302
|
data: {
|
|
301
|
-
oidcServerConfiguration:
|
|
302
|
-
where:
|
|
303
|
+
oidcServerConfiguration: d,
|
|
304
|
+
where: p,
|
|
303
305
|
oidcConfiguration: {
|
|
304
|
-
token_renew_mode:
|
|
305
|
-
service_worker_convert_all_requests_to_cors:
|
|
306
|
+
token_renew_mode: N.token_renew_mode,
|
|
307
|
+
service_worker_convert_all_requests_to_cors: N.service_worker_convert_all_requests_to_cors
|
|
306
308
|
}
|
|
307
309
|
},
|
|
308
310
|
configurationName: n
|
|
309
|
-
}),
|
|
310
|
-
return
|
|
311
|
-
`Service worker ${
|
|
312
|
-
), await
|
|
313
|
-
tokens: oe(
|
|
314
|
-
status:
|
|
311
|
+
}), T = D.version;
|
|
312
|
+
return T !== ue && (console.warn(
|
|
313
|
+
`Service worker ${T} version mismatch with js client version ${ue}, unregistering and reloading`
|
|
314
|
+
), await ((x = N.service_worker_update_require_callback) == null ? void 0 : x.call(N, t, fe))), {
|
|
315
|
+
tokens: oe(D.tokens, null, N.token_renew_mode),
|
|
316
|
+
status: D.status
|
|
315
317
|
};
|
|
316
|
-
}, r = (
|
|
317
|
-
_e == null && (_e = "not_null",
|
|
318
|
-
}, a = (
|
|
318
|
+
}, r = (d = "/") => {
|
|
319
|
+
_e == null && (_e = "not_null", we(d));
|
|
320
|
+
}, a = (d) => E(t)({
|
|
319
321
|
type: "setSessionState",
|
|
320
|
-
data: { sessionState:
|
|
322
|
+
data: { sessionState: d },
|
|
321
323
|
configurationName: n
|
|
322
|
-
}), u = async () => (await
|
|
324
|
+
}), u = async () => (await E(t)({
|
|
323
325
|
type: "getSessionState",
|
|
324
326
|
data: null,
|
|
325
327
|
configurationName: n
|
|
326
|
-
})).sessionState, f = (
|
|
328
|
+
})).sessionState, f = (d) => (sessionStorage[`oidc.nonce.${n}`] = d.nonce, E(t)({
|
|
327
329
|
type: "setNonce",
|
|
328
|
-
data: { nonce:
|
|
330
|
+
data: { nonce: d },
|
|
329
331
|
configurationName: n
|
|
330
332
|
})), l = async () => {
|
|
331
|
-
let
|
|
333
|
+
let p = (await E(t)({
|
|
332
334
|
type: "getNonce",
|
|
333
335
|
data: null,
|
|
334
336
|
configurationName: n
|
|
335
337
|
})).nonce;
|
|
336
|
-
return
|
|
338
|
+
return p || (p = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: p };
|
|
337
339
|
}, c = {};
|
|
338
340
|
return {
|
|
339
341
|
clearAsync: o,
|
|
@@ -344,83 +346,83 @@ const X = ({ milliseconds: e }) => new Promise((n) => K.setTimeout(n, e)), pe =
|
|
|
344
346
|
getSessionStateAsync: u,
|
|
345
347
|
setNonceAsync: f,
|
|
346
348
|
getNonceAsync: l,
|
|
347
|
-
setLoginParams: (
|
|
348
|
-
c[n] =
|
|
349
|
+
setLoginParams: (d) => {
|
|
350
|
+
c[n] = d, localStorage[`oidc.login.${n}`] = JSON.stringify(d);
|
|
349
351
|
},
|
|
350
352
|
getLoginParams: () => {
|
|
351
|
-
const
|
|
352
|
-
return c[n] || (c[n] = JSON.parse(
|
|
353
|
+
const d = localStorage[`oidc.login.${n}`];
|
|
354
|
+
return c[n] || (c[n] = JSON.parse(d)), c[n];
|
|
353
355
|
},
|
|
354
356
|
getStateAsync: async () => {
|
|
355
|
-
let
|
|
357
|
+
let p = (await E(t)({
|
|
356
358
|
type: "getState",
|
|
357
359
|
data: null,
|
|
358
360
|
configurationName: n
|
|
359
361
|
})).state;
|
|
360
|
-
return
|
|
362
|
+
return p || (p = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage")), p;
|
|
361
363
|
},
|
|
362
|
-
setStateAsync: async (
|
|
364
|
+
setStateAsync: async (d) => (sessionStorage[`oidc.state.${n}`] = d, E(t)({
|
|
363
365
|
type: "setState",
|
|
364
|
-
data: { state:
|
|
366
|
+
data: { state: d },
|
|
365
367
|
configurationName: n
|
|
366
368
|
})),
|
|
367
369
|
getCodeVerifierAsync: async () => {
|
|
368
|
-
let
|
|
370
|
+
let p = (await E(t)({
|
|
369
371
|
type: "getCodeVerifier",
|
|
370
372
|
data: null,
|
|
371
373
|
configurationName: n
|
|
372
374
|
})).codeVerifier;
|
|
373
|
-
return
|
|
375
|
+
return p || (p = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage")), p;
|
|
374
376
|
},
|
|
375
|
-
setCodeVerifierAsync: async (
|
|
377
|
+
setCodeVerifierAsync: async (d) => (sessionStorage[`oidc.code_verifier.${n}`] = d, E(t)({
|
|
376
378
|
type: "setCodeVerifier",
|
|
377
|
-
data: { codeVerifier:
|
|
379
|
+
data: { codeVerifier: d },
|
|
378
380
|
configurationName: n
|
|
379
381
|
})),
|
|
380
|
-
setDemonstratingProofOfPossessionNonce: async (
|
|
381
|
-
await
|
|
382
|
+
setDemonstratingProofOfPossessionNonce: async (d) => {
|
|
383
|
+
await E(t)({
|
|
382
384
|
type: "setDemonstratingProofOfPossessionNonce",
|
|
383
|
-
data: { demonstratingProofOfPossessionNonce:
|
|
385
|
+
data: { demonstratingProofOfPossessionNonce: d },
|
|
384
386
|
configurationName: n
|
|
385
387
|
});
|
|
386
388
|
},
|
|
387
|
-
getDemonstratingProofOfPossessionNonce: async () => (await
|
|
389
|
+
getDemonstratingProofOfPossessionNonce: async () => (await E(t)({
|
|
388
390
|
type: "getDemonstratingProofOfPossessionNonce",
|
|
389
391
|
data: null,
|
|
390
392
|
configurationName: n
|
|
391
393
|
})).demonstratingProofOfPossessionNonce,
|
|
392
|
-
setDemonstratingProofOfPossessionJwkAsync: async (
|
|
393
|
-
const
|
|
394
|
-
await
|
|
394
|
+
setDemonstratingProofOfPossessionJwkAsync: async (d) => {
|
|
395
|
+
const p = JSON.stringify(d);
|
|
396
|
+
await E(t)({
|
|
395
397
|
type: "setDemonstratingProofOfPossessionJwk",
|
|
396
|
-
data: { demonstratingProofOfPossessionJwkJson:
|
|
398
|
+
data: { demonstratingProofOfPossessionJwkJson: p },
|
|
397
399
|
configurationName: n
|
|
398
400
|
});
|
|
399
401
|
},
|
|
400
402
|
getDemonstratingProofOfPossessionJwkAsync: async () => {
|
|
401
|
-
const
|
|
403
|
+
const d = await E(t)({
|
|
402
404
|
type: "getDemonstratingProofOfPossessionJwk",
|
|
403
405
|
data: null,
|
|
404
406
|
configurationName: n
|
|
405
407
|
});
|
|
406
|
-
return
|
|
408
|
+
return d.demonstratingProofOfPossessionJwkJson ? JSON.parse(d.demonstratingProofOfPossessionJwkJson) : null;
|
|
407
409
|
}
|
|
408
410
|
};
|
|
409
|
-
},
|
|
410
|
-
if (
|
|
411
|
+
}, $ = {}, $e = (e, n = window.sessionStorage, s) => {
|
|
412
|
+
if (!$[e] && n) {
|
|
411
413
|
const o = n.getItem(e);
|
|
412
|
-
o && (
|
|
414
|
+
o && ($[e] = JSON.parse(o));
|
|
413
415
|
}
|
|
414
416
|
const t = 1e3 * s;
|
|
415
|
-
return
|
|
417
|
+
return $[e] && $[e].timestamp + t > Date.now() ? $[e].result : null;
|
|
416
418
|
}, Ke = (e, n, s = window.sessionStorage) => {
|
|
417
419
|
const t = Date.now();
|
|
418
|
-
|
|
420
|
+
$[e] = { result: n, timestamp: t }, s && s.setItem(e, JSON.stringify({ result: n, timestamp: t }));
|
|
419
421
|
};
|
|
420
|
-
function
|
|
422
|
+
function Ae(e) {
|
|
421
423
|
return new TextEncoder().encode(e);
|
|
422
424
|
}
|
|
423
|
-
function
|
|
425
|
+
function Se(e) {
|
|
424
426
|
return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
|
|
425
427
|
}
|
|
426
428
|
function Ue(e) {
|
|
@@ -432,10 +434,10 @@ const ie = (e) => {
|
|
|
432
434
|
let n = "";
|
|
433
435
|
return e.forEach(function(s) {
|
|
434
436
|
n += String.fromCharCode(s);
|
|
435
|
-
}),
|
|
437
|
+
}), Se(n);
|
|
436
438
|
};
|
|
437
|
-
function
|
|
438
|
-
return
|
|
439
|
+
function de(e) {
|
|
440
|
+
return Se(Ue(e));
|
|
439
441
|
}
|
|
440
442
|
const Ve = {
|
|
441
443
|
importKeyAlgorithm: {
|
|
@@ -464,12 +466,12 @@ const Ve = {
|
|
|
464
466
|
const r = {
|
|
465
467
|
// @ts-ignore
|
|
466
468
|
// JWT "headers" really means JWS "protected headers"
|
|
467
|
-
protected:
|
|
469
|
+
protected: de(JSON.stringify(s)),
|
|
468
470
|
// @ts-ignore
|
|
469
471
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
470
|
-
payload:
|
|
471
|
-
}, a = o.importKeyAlgorithm, u = !0, f = ["sign"], l = await e.crypto.subtle.importKey("jwk", n, a, u, f), c =
|
|
472
|
-
return r.signature = ie(new Uint8Array(
|
|
472
|
+
payload: de(JSON.stringify(t))
|
|
473
|
+
}, a = o.importKeyAlgorithm, u = !0, f = ["sign"], l = await e.crypto.subtle.importKey("jwk", n, a, u, f), c = Ae(`${r.protected}.${r.payload}`), _ = o.signAlgorithm, h = await e.crypto.subtle.sign(_, l, c);
|
|
474
|
+
return r.signature = ie(new Uint8Array(h)), `${r.protected}.${r.payload}.${r.signature}`;
|
|
473
475
|
}, Je = { sign: Fe }, Me = (e) => async (n) => {
|
|
474
476
|
const s = n, t = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(s, t, o);
|
|
475
477
|
return await e.crypto.subtle.exportKey("jwk", i.privateKey);
|
|
@@ -491,9 +493,9 @@ const Ve = {
|
|
|
491
493
|
default:
|
|
492
494
|
throw new Error("Unknown or not implemented JWK type");
|
|
493
495
|
}
|
|
494
|
-
const o = await e.crypto.subtle.digest(s,
|
|
496
|
+
const o = await e.crypto.subtle.digest(s, Ae(t));
|
|
495
497
|
return ie(new Uint8Array(o));
|
|
496
|
-
}, je = { thumbprint: qe }, Ge = (e) => async (n) => await He.generate(e)(n),
|
|
498
|
+
}, je = { thumbprint: qe }, Ge = (e) => async (n) => await He.generate(e)(n), Te = (e) => (n) => async (s, t = "POST", o, i = {}) => {
|
|
497
499
|
const r = {
|
|
498
500
|
// https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
|
|
499
501
|
jti: btoa(Ye()),
|
|
@@ -517,7 +519,7 @@ const Ve = {
|
|
|
517
519
|
for (let o = 0; o < 36; o++)
|
|
518
520
|
e[o] !== "-" && e[o] !== "4" && (s = Math.random() * 16 | 0), e[o] === "x" ? t += n[s] : e[o] === "y" ? (s &= 3, s |= 8, t += n[s]) : t += e[o];
|
|
519
521
|
return t;
|
|
520
|
-
},
|
|
522
|
+
}, ve = () => {
|
|
521
523
|
const e = typeof window < "u" && !!window.crypto, n = e && !!window.crypto.subtle;
|
|
522
524
|
return { hasCrypto: e, hasSubtleCrypto: n };
|
|
523
525
|
}, Z = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", Xe = (e) => {
|
|
@@ -528,7 +530,7 @@ const Ve = {
|
|
|
528
530
|
}
|
|
529
531
|
return n.join("");
|
|
530
532
|
}, ee = (e) => {
|
|
531
|
-
const n = new Uint8Array(e), { hasCrypto: s } =
|
|
533
|
+
const n = new Uint8Array(e), { hasCrypto: s } = ve();
|
|
532
534
|
if (s)
|
|
533
535
|
window.crypto.getRandomValues(n);
|
|
534
536
|
else
|
|
@@ -542,7 +544,7 @@ function ze(e) {
|
|
|
542
544
|
s[t] = e.charCodeAt(t);
|
|
543
545
|
return s;
|
|
544
546
|
}
|
|
545
|
-
function
|
|
547
|
+
function be(e) {
|
|
546
548
|
return new Promise((n, s) => {
|
|
547
549
|
crypto.subtle.digest("SHA-256", ze(e)).then(
|
|
548
550
|
(t) => n(ie(new Uint8Array(t))),
|
|
@@ -553,8 +555,8 @@ function ve(e) {
|
|
|
553
555
|
const Qe = (e) => {
|
|
554
556
|
if (e.length < 43 || e.length > 128)
|
|
555
557
|
return Promise.reject(new Error("Invalid code length."));
|
|
556
|
-
const { hasSubtleCrypto: n } =
|
|
557
|
-
return n ?
|
|
558
|
+
const { hasSubtleCrypto: n } = ve();
|
|
559
|
+
return n ? be(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
|
|
558
560
|
}, Ze = 60 * 60, en = (e) => async (n, s = Ze, t = window.sessionStorage, o = 1e4) => {
|
|
559
561
|
const i = `${n}/.well-known/openid-configuration`, r = `oidc.server:${n}`, a = $e(r, t, s);
|
|
560
562
|
if (a)
|
|
@@ -581,7 +583,7 @@ const Qe = (e) => {
|
|
|
581
583
|
}, ne = {
|
|
582
584
|
refresh_token: "refresh_token",
|
|
583
585
|
access_token: "access_token"
|
|
584
|
-
},
|
|
586
|
+
}, he = (e) => async (n, s, t = ne.refresh_token, o, i = {}, r = 1e4) => {
|
|
585
587
|
const a = {
|
|
586
588
|
token: s,
|
|
587
589
|
token_type_hint: t,
|
|
@@ -591,8 +593,8 @@ const Qe = (e) => {
|
|
|
591
593
|
a[c] === void 0 && (a[c] = _);
|
|
592
594
|
const u = [];
|
|
593
595
|
for (const c in a) {
|
|
594
|
-
const _ = encodeURIComponent(c),
|
|
595
|
-
u.push(`${_}=${
|
|
596
|
+
const _ = encodeURIComponent(c), h = encodeURIComponent(a[c]);
|
|
597
|
+
u.push(`${_}=${h}`);
|
|
596
598
|
}
|
|
597
599
|
const f = u.join("&");
|
|
598
600
|
return (await B(e)(
|
|
@@ -609,12 +611,12 @@ const Qe = (e) => {
|
|
|
609
611
|
success: !0
|
|
610
612
|
};
|
|
611
613
|
}, nn = (e) => async (n, s, t, o, i = {}, r, a = 1e4) => {
|
|
612
|
-
for (const [
|
|
613
|
-
s[
|
|
614
|
+
for (const [h, g] of Object.entries(t))
|
|
615
|
+
s[h] === void 0 && (s[h] = g);
|
|
614
616
|
const u = [];
|
|
615
|
-
for (const
|
|
616
|
-
const
|
|
617
|
-
u.push(`${
|
|
617
|
+
for (const h in s) {
|
|
618
|
+
const g = encodeURIComponent(h), w = encodeURIComponent(s[h]);
|
|
619
|
+
u.push(`${g}=${w}`);
|
|
618
620
|
}
|
|
619
621
|
const f = u.join("&"), l = await B(e)(
|
|
620
622
|
n,
|
|
@@ -657,8 +659,8 @@ const Qe = (e) => {
|
|
|
657
659
|
s = s ? { ...s } : {}, s.code_verifier = await e.getCodeVerifierAsync();
|
|
658
660
|
const r = [];
|
|
659
661
|
for (const c in s) {
|
|
660
|
-
const _ = encodeURIComponent(c),
|
|
661
|
-
r.push(`${_}=${
|
|
662
|
+
const _ = encodeURIComponent(c), h = encodeURIComponent(s[c]);
|
|
663
|
+
r.push(`${_}=${h}`);
|
|
662
664
|
}
|
|
663
665
|
const a = r.join("&"), u = await B(fetch)(
|
|
664
666
|
n,
|
|
@@ -688,7 +690,7 @@ const Qe = (e) => {
|
|
|
688
690
|
}
|
|
689
691
|
};
|
|
690
692
|
};
|
|
691
|
-
async function
|
|
693
|
+
async function ye(e, n, s) {
|
|
692
694
|
const t = (a) => {
|
|
693
695
|
e.tokens = a;
|
|
694
696
|
}, { tokens: o, status: i } = await H(e)(
|
|
@@ -699,19 +701,19 @@ async function he(e, n, s) {
|
|
|
699
701
|
);
|
|
700
702
|
return await I(e.configuration, e.configurationName) || await P(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? o : (await e.destroyAsync(i), null);
|
|
701
703
|
}
|
|
702
|
-
async function
|
|
704
|
+
async function Ee(e, n = !1, s = null) {
|
|
703
705
|
const t = e.configuration, o = `${t.client_id}_${e.configurationName}_${t.authority}`;
|
|
704
706
|
let i;
|
|
705
707
|
const r = await I(e.configuration, e.configurationName);
|
|
706
708
|
if ((t == null ? void 0 : t.storage) === (window == null ? void 0 : window.sessionStorage) && !r || !navigator.locks)
|
|
707
|
-
i = await
|
|
709
|
+
i = await ye(e, n, s);
|
|
708
710
|
else {
|
|
709
711
|
let a = "retry";
|
|
710
712
|
for (; a === "retry"; )
|
|
711
713
|
a = await navigator.locks.request(
|
|
712
714
|
o,
|
|
713
715
|
{ ifAvailable: !0 },
|
|
714
|
-
async (u) => u ? await
|
|
716
|
+
async (u) => u ? await ye(e, n, s) : (e.publishEvent(C.eventNames.syncTokensAsync_lock_not_available, {
|
|
715
717
|
lock: "lock not available"
|
|
716
718
|
}), "retry")
|
|
717
719
|
);
|
|
@@ -721,11 +723,11 @@ async function be(e, n = !1, s = null) {
|
|
|
721
723
|
}
|
|
722
724
|
const M = (e, n, s = null) => {
|
|
723
725
|
const t = e.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
724
|
-
return e.timeoutId &&
|
|
726
|
+
return e.timeoutId && U.clearTimeout(e.timeoutId), U.setTimeout(async () => {
|
|
725
727
|
const i = { timeLeft: V(t, n) };
|
|
726
|
-
e.publishEvent(C.eventNames.token_timer, i), await
|
|
728
|
+
e.publishEvent(C.eventNames.token_timer, i), await Ee(e, !1, s);
|
|
727
729
|
}, 1e3);
|
|
728
|
-
},
|
|
730
|
+
}, W = {
|
|
729
731
|
FORCE_REFRESH: "FORCE_REFRESH",
|
|
730
732
|
SESSION_LOST: "SESSION_LOST",
|
|
731
733
|
NOT_CONNECTED: "NOT_CONNECTED",
|
|
@@ -755,26 +757,26 @@ const M = (e, n, s = null) => {
|
|
|
755
757
|
if (!c || !_)
|
|
756
758
|
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: i };
|
|
757
759
|
if (_.issuedAt !== t.issuedAt) {
|
|
758
|
-
const
|
|
760
|
+
const g = V(
|
|
759
761
|
n.refresh_time_before_tokens_expiration_in_second,
|
|
760
762
|
_.expiresAt
|
|
761
|
-
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
|
|
762
|
-
return { tokens: _, status:
|
|
763
|
+
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", w = await u.getNonceAsync();
|
|
764
|
+
return { tokens: _, status: g, nonce: w };
|
|
763
765
|
}
|
|
764
766
|
r = await u.getNonceAsync();
|
|
765
767
|
} else {
|
|
766
768
|
const c = P(s, n.storage ?? sessionStorage), _ = await c.initAsync();
|
|
767
|
-
let { tokens:
|
|
768
|
-
const { status:
|
|
769
|
-
if (
|
|
770
|
-
if (
|
|
769
|
+
let { tokens: h } = _;
|
|
770
|
+
const { status: g } = _;
|
|
771
|
+
if (h && (h = te(h, e.tokens, n.token_renew_mode)), h) {
|
|
772
|
+
if (g === "SESSIONS_LOST")
|
|
771
773
|
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
|
|
772
|
-
if (
|
|
774
|
+
if (h.issuedAt !== t.issuedAt) {
|
|
773
775
|
const k = V(
|
|
774
776
|
n.refresh_time_before_tokens_expiration_in_second,
|
|
775
|
-
|
|
776
|
-
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
|
|
777
|
-
return { tokens:
|
|
777
|
+
h.expiresAt
|
|
778
|
+
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", v = await c.getNonceAsync();
|
|
779
|
+
return { tokens: h, status: k, nonce: v };
|
|
778
780
|
}
|
|
779
781
|
} else return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
780
782
|
r = await c.getNonceAsync();
|
|
@@ -828,26 +830,26 @@ const M = (e, n, s = null) => {
|
|
|
828
830
|
t
|
|
829
831
|
);
|
|
830
832
|
switch (l) {
|
|
831
|
-
case
|
|
833
|
+
case W.SESSION_LOST:
|
|
832
834
|
return n(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
833
835
|
message: "refresh token session lost"
|
|
834
836
|
}), { tokens: null, status: "SESSION_LOST" };
|
|
835
|
-
case
|
|
837
|
+
case W.NOT_CONNECTED:
|
|
836
838
|
return n(null), { tokens: null, status: null };
|
|
837
|
-
case
|
|
839
|
+
case W.TOKENS_VALID:
|
|
838
840
|
return n(c), { tokens: c, status: "LOGGED_IN" };
|
|
839
|
-
case
|
|
841
|
+
case W.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
|
|
840
842
|
return n(c), e.publishEvent(C.eventNames.token_renewed, {
|
|
841
843
|
reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"
|
|
842
844
|
}), { tokens: c, status: "LOGGED_IN" };
|
|
843
|
-
case
|
|
845
|
+
case W.LOGOUT_FROM_ANOTHER_TAB:
|
|
844
846
|
return n(null), e.publishEvent(m.logout_from_another_tab, {
|
|
845
847
|
status: "session syncTokensAsync"
|
|
846
848
|
}), { tokens: null, status: "LOGGED_OUT" };
|
|
847
|
-
case
|
|
848
|
-
return a.token_automatic_renew_mode == J.AutomaticOnlyWhenFetchExecuted &&
|
|
849
|
+
case W.REQUIRE_SYNC_TOKENS:
|
|
850
|
+
return a.token_automatic_renew_mode == J.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !== l ? (e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(m.refreshTokensAsync_begin, { tryNumber: s }), await f());
|
|
849
851
|
default: {
|
|
850
|
-
if (a.token_automatic_renew_mode == J.AutomaticOnlyWhenFetchExecuted &&
|
|
852
|
+
if (a.token_automatic_renew_mode == J.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !== l)
|
|
851
853
|
return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
|
|
852
854
|
if (e.publishEvent(m.refreshTokensAsync_begin, {
|
|
853
855
|
refreshToken: c.refreshToken,
|
|
@@ -855,60 +857,60 @@ const M = (e, n, s = null) => {
|
|
|
855
857
|
tryNumber: s
|
|
856
858
|
}), !c.refreshToken)
|
|
857
859
|
return await f();
|
|
858
|
-
const
|
|
859
|
-
for (const [
|
|
860
|
-
|
|
860
|
+
const h = a.client_id, g = a.redirect_uri, w = a.authority, v = { ...a.token_request_extras ? a.token_request_extras : {} };
|
|
861
|
+
for (const [A, S] of Object.entries(o))
|
|
862
|
+
A.endsWith(":token_request") && (v[A.replace(":token_request", "")] = S);
|
|
861
863
|
return await (async () => {
|
|
862
|
-
const
|
|
863
|
-
client_id:
|
|
864
|
-
redirect_uri:
|
|
864
|
+
const A = {
|
|
865
|
+
client_id: h,
|
|
866
|
+
redirect_uri: g,
|
|
865
867
|
grant_type: "refresh_token",
|
|
866
868
|
refresh_token: c.refreshToken
|
|
867
|
-
},
|
|
868
|
-
|
|
869
|
+
}, S = await e.initAsync(
|
|
870
|
+
w,
|
|
869
871
|
a.authority_configuration
|
|
870
|
-
),
|
|
871
|
-
a.demonstrating_proof_of_possession && (
|
|
872
|
+
), y = document.hidden ? 1e4 : 3e4 * 10, O = S.tokenEndpoint, d = {};
|
|
873
|
+
a.demonstrating_proof_of_possession && (d.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(
|
|
872
874
|
c.accessToken,
|
|
873
|
-
|
|
875
|
+
O,
|
|
874
876
|
"POST"
|
|
875
877
|
));
|
|
876
|
-
const
|
|
877
|
-
|
|
878
|
-
w,
|
|
879
|
-
b,
|
|
880
|
-
c,
|
|
878
|
+
const p = await nn(e.getFetch())(
|
|
879
|
+
O,
|
|
881
880
|
A,
|
|
881
|
+
v,
|
|
882
|
+
c,
|
|
883
|
+
d,
|
|
882
884
|
a.token_renew_mode,
|
|
883
|
-
|
|
885
|
+
y
|
|
884
886
|
);
|
|
885
|
-
if (
|
|
886
|
-
const { isValid:
|
|
887
|
-
|
|
887
|
+
if (p.success) {
|
|
888
|
+
const { isValid: N, reason: D } = pe(
|
|
889
|
+
p.data,
|
|
888
890
|
_.nonce,
|
|
889
|
-
|
|
891
|
+
S
|
|
890
892
|
);
|
|
891
|
-
if (!
|
|
893
|
+
if (!N)
|
|
892
894
|
return n(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
893
|
-
message: `refresh token return not valid tokens, reason: ${
|
|
895
|
+
message: `refresh token return not valid tokens, reason: ${D}`
|
|
894
896
|
}), { tokens: null, status: "SESSION_LOST" };
|
|
895
|
-
if (n(
|
|
896
|
-
const
|
|
897
|
-
|
|
898
|
-
|
|
897
|
+
if (n(p.data), p.demonstratingProofOfPossessionNonce) {
|
|
898
|
+
const T = await I(a, e.configurationName);
|
|
899
|
+
T ? await T.setDemonstratingProofOfPossessionNonce(
|
|
900
|
+
p.demonstratingProofOfPossessionNonce
|
|
899
901
|
) : await P(e.configurationName, a.storage).setDemonstratingProofOfPossessionNonce(
|
|
900
|
-
|
|
902
|
+
p.demonstratingProofOfPossessionNonce
|
|
901
903
|
);
|
|
902
904
|
}
|
|
903
905
|
return e.publishEvent(m.refreshTokensAsync_end, {
|
|
904
|
-
success:
|
|
905
|
-
}), e.publishEvent(C.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens:
|
|
906
|
+
success: p.success
|
|
907
|
+
}), e.publishEvent(C.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: p.data, status: "LOGGED_IN" };
|
|
906
908
|
} else
|
|
907
909
|
return e.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
908
910
|
message: "bad request",
|
|
909
|
-
tokenResponse:
|
|
910
|
-
}),
|
|
911
|
-
message: `session lost: ${
|
|
911
|
+
tokenResponse: p
|
|
912
|
+
}), p.status >= 400 && p.status < 500 ? (n(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
913
|
+
message: `session lost: ${p.status}`
|
|
912
914
|
}), { tokens: null, status: "SESSION_LOST" }) : await H(e)(
|
|
913
915
|
n,
|
|
914
916
|
r,
|
|
@@ -939,34 +941,34 @@ const M = (e, n, s = null) => {
|
|
|
939
941
|
r === "" ? r = `?${encodeURIComponent(c)}=${encodeURIComponent(_)}` : r += `&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;
|
|
940
942
|
const a = n.silent_login_uri + r, u = a.indexOf("/", a.indexOf("//") + 2), f = a.substring(0, u), l = document.createElement("iframe");
|
|
941
943
|
return l.width = "0px", l.height = "0px", l.id = `${e}_oidc_iframe`, l.setAttribute("src", a), document.body.appendChild(l), new Promise((c, _) => {
|
|
942
|
-
let
|
|
943
|
-
const
|
|
944
|
-
window.removeEventListener("message",
|
|
945
|
-
},
|
|
944
|
+
let h = !1;
|
|
945
|
+
const g = () => {
|
|
946
|
+
window.removeEventListener("message", w), l.remove(), h = !0;
|
|
947
|
+
}, w = (k) => {
|
|
946
948
|
if (k.origin === f && k.source === l.contentWindow) {
|
|
947
|
-
const
|
|
948
|
-
if (
|
|
949
|
-
if (
|
|
950
|
-
const
|
|
951
|
-
s(m.silentLoginAsync_end, {}), c(
|
|
952
|
-
} else if (
|
|
953
|
-
const
|
|
954
|
-
s(m.silentLoginAsync_error,
|
|
955
|
-
} else if (
|
|
956
|
-
const
|
|
957
|
-
s(m.silentLoginAsync_error,
|
|
949
|
+
const v = `${e}_oidc_tokens:`, b = `${e}_oidc_error:`, A = `${e}_oidc_exception:`, S = k.data;
|
|
950
|
+
if (S && typeof S == "string" && !h) {
|
|
951
|
+
if (S.startsWith(v)) {
|
|
952
|
+
const y = JSON.parse(k.data.replace(v, ""));
|
|
953
|
+
s(m.silentLoginAsync_end, {}), c(y), g();
|
|
954
|
+
} else if (S.startsWith(b)) {
|
|
955
|
+
const y = JSON.parse(k.data.replace(b, ""));
|
|
956
|
+
s(m.silentLoginAsync_error, y), c({ error: "oidc_" + y.error, tokens: null, sessionState: null }), g();
|
|
957
|
+
} else if (S.startsWith(A)) {
|
|
958
|
+
const y = JSON.parse(k.data.replace(A, ""));
|
|
959
|
+
s(m.silentLoginAsync_error, y), _(new Error(y.error)), g();
|
|
958
960
|
}
|
|
959
961
|
}
|
|
960
962
|
}
|
|
961
963
|
};
|
|
962
964
|
try {
|
|
963
|
-
window.addEventListener("message",
|
|
965
|
+
window.addEventListener("message", w);
|
|
964
966
|
const k = n.silent_login_timeout;
|
|
965
967
|
setTimeout(() => {
|
|
966
|
-
|
|
968
|
+
h || (g(), s(m.silentLoginAsync_error, { reason: "timeout" }), _(new Error("timeout")));
|
|
967
969
|
}, k);
|
|
968
970
|
} catch (k) {
|
|
969
|
-
|
|
971
|
+
g(), s(m.silentLoginAsync_error, k), _(k);
|
|
970
972
|
}
|
|
971
973
|
});
|
|
972
974
|
} catch (r) {
|
|
@@ -980,7 +982,7 @@ const M = (e, n, s = null) => {
|
|
|
980
982
|
c
|
|
981
983
|
);
|
|
982
984
|
return (async () => {
|
|
983
|
-
o.timeoutId &&
|
|
985
|
+
o.timeoutId && U.clearTimeout(o.timeoutId);
|
|
984
986
|
let f;
|
|
985
987
|
i && "state" in i && (f = i.state, delete i.state);
|
|
986
988
|
try {
|
|
@@ -1011,18 +1013,18 @@ const M = (e, n, s = null) => {
|
|
|
1011
1013
|
const c = e.tokens;
|
|
1012
1014
|
if (c === null)
|
|
1013
1015
|
return;
|
|
1014
|
-
const _ = c.idToken,
|
|
1016
|
+
const _ = c.idToken, h = c.idTokenPayload;
|
|
1015
1017
|
return a({
|
|
1016
1018
|
prompt: "none",
|
|
1017
1019
|
id_token_hint: _,
|
|
1018
1020
|
scope: s.scope || "openid"
|
|
1019
|
-
}).then((
|
|
1020
|
-
if (
|
|
1021
|
-
throw new Error(
|
|
1022
|
-
const
|
|
1023
|
-
if (
|
|
1024
|
-
const k =
|
|
1025
|
-
e.checkSessionIFrame.start(
|
|
1021
|
+
}).then((g) => {
|
|
1022
|
+
if (g.error)
|
|
1023
|
+
throw new Error(g.error);
|
|
1024
|
+
const w = g.tokens.idTokenPayload;
|
|
1025
|
+
if (h.sub === w.sub) {
|
|
1026
|
+
const k = g.sessionState;
|
|
1027
|
+
e.checkSessionIFrame.start(g.sessionState), h.sid === w.sid ? console.debug(
|
|
1026
1028
|
"SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
|
|
1027
1029
|
k
|
|
1028
1030
|
) : console.debug(
|
|
@@ -1032,18 +1034,18 @@ const M = (e, n, s = null) => {
|
|
|
1032
1034
|
} else
|
|
1033
1035
|
console.debug(
|
|
1034
1036
|
"SessionMonitor._callback: Different subject signed into OP:",
|
|
1035
|
-
|
|
1037
|
+
w.sub
|
|
1036
1038
|
);
|
|
1037
|
-
}).catch(async (
|
|
1039
|
+
}).catch(async (g) => {
|
|
1038
1040
|
console.warn(
|
|
1039
1041
|
"SessionMonitor._callback: Silent login failed, logging out other tabs:",
|
|
1040
|
-
|
|
1042
|
+
g
|
|
1041
1043
|
);
|
|
1042
|
-
for (const [,
|
|
1043
|
-
await
|
|
1044
|
+
for (const [, w] of Object.entries(n))
|
|
1045
|
+
await w.logoutOtherTabAsync(s.client_id, h.sub);
|
|
1044
1046
|
});
|
|
1045
1047
|
};
|
|
1046
|
-
e.checkSessionIFrame = new
|
|
1048
|
+
e.checkSessionIFrame = new Ie(
|
|
1047
1049
|
l,
|
|
1048
1050
|
o,
|
|
1049
1051
|
t
|
|
@@ -1203,7 +1205,7 @@ const _n = () => {
|
|
|
1203
1205
|
"tokens inside ServiceWorker are invalid"
|
|
1204
1206
|
), !1;
|
|
1205
1207
|
}
|
|
1206
|
-
},
|
|
1208
|
+
}, Oe = (e) => {
|
|
1207
1209
|
const n = e.match(
|
|
1208
1210
|
// eslint-disable-next-line no-useless-escape
|
|
1209
1211
|
/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
|
|
@@ -1226,13 +1228,13 @@ const _n = () => {
|
|
|
1226
1228
|
hash: t
|
|
1227
1229
|
};
|
|
1228
1230
|
}, vn = (e) => {
|
|
1229
|
-
const n =
|
|
1231
|
+
const n = Oe(e);
|
|
1230
1232
|
let { path: s } = n;
|
|
1231
1233
|
s.endsWith("/") && (s = s.slice(0, -1));
|
|
1232
1234
|
let { hash: t } = n;
|
|
1233
1235
|
return t === "#_=_" && (t = ""), t && (s += t), s;
|
|
1234
1236
|
}, Y = (e) => {
|
|
1235
|
-
const n =
|
|
1237
|
+
const n = Oe(e), { search: s } = n;
|
|
1236
1238
|
return dn(s);
|
|
1237
1239
|
}, dn = (e) => {
|
|
1238
1240
|
const n = {};
|
|
@@ -1251,29 +1253,29 @@ const _n = () => {
|
|
|
1251
1253
|
try {
|
|
1252
1254
|
const _ = a ? n.silent_redirect_uri : n.redirect_uri;
|
|
1253
1255
|
u || (u = n.scope);
|
|
1254
|
-
const
|
|
1255
|
-
|
|
1256
|
-
const
|
|
1256
|
+
const h = n.extras ? { ...n.extras, ...r } : r;
|
|
1257
|
+
h.nonce || (h.nonce = ee(12));
|
|
1258
|
+
const g = { nonce: h.nonce }, w = await I(n, e), k = await t(
|
|
1257
1259
|
n.authority,
|
|
1258
1260
|
n.authority_configuration
|
|
1259
1261
|
);
|
|
1260
|
-
let
|
|
1261
|
-
if (
|
|
1262
|
-
|
|
1262
|
+
let v;
|
|
1263
|
+
if (w)
|
|
1264
|
+
w.setLoginParams({ callbackPath: c, extras: f }), await w.initAsync(k, "loginAsync", n), await w.setNonceAsync(g), w.startKeepAliveServiceWorker(), v = w;
|
|
1263
1265
|
else {
|
|
1264
|
-
const
|
|
1265
|
-
|
|
1266
|
+
const A = P(e, n.storage ?? sessionStorage);
|
|
1267
|
+
A.setLoginParams({ callbackPath: c, extras: f }), await A.setNonceAsync(g), v = A;
|
|
1266
1268
|
}
|
|
1267
|
-
const
|
|
1269
|
+
const b = {
|
|
1268
1270
|
client_id: n.client_id,
|
|
1269
1271
|
redirect_uri: _,
|
|
1270
1272
|
scope: u,
|
|
1271
1273
|
response_type: "code",
|
|
1272
|
-
...
|
|
1274
|
+
...h
|
|
1273
1275
|
};
|
|
1274
|
-
await sn(
|
|
1276
|
+
await sn(v, o)(
|
|
1275
1277
|
k.authorizationEndpoint,
|
|
1276
|
-
|
|
1278
|
+
b
|
|
1277
1279
|
);
|
|
1278
1280
|
} catch (_) {
|
|
1279
1281
|
throw s(m.loginAsync_error, _), _;
|
|
@@ -1286,15 +1288,15 @@ const _n = () => {
|
|
|
1286
1288
|
i,
|
|
1287
1289
|
s.authority_configuration
|
|
1288
1290
|
), u = e.location.getCurrentHref(), l = Y(u).session_state, c = await I(s, e.configurationName);
|
|
1289
|
-
let _,
|
|
1291
|
+
let _, h, g, w;
|
|
1290
1292
|
if (c)
|
|
1291
|
-
await c.initAsync(a, "loginCallbackAsync", s), await c.setSessionStateAsync(l),
|
|
1293
|
+
await c.initAsync(a, "loginCallbackAsync", s), await c.setSessionStateAsync(l), h = await c.getNonceAsync(), g = c.getLoginParams(), w = await c.getStateAsync(), c.startKeepAliveServiceWorker(), _ = c;
|
|
1292
1294
|
else {
|
|
1293
|
-
const
|
|
1295
|
+
const T = P(
|
|
1294
1296
|
e.configurationName,
|
|
1295
1297
|
s.storage ?? sessionStorage
|
|
1296
1298
|
);
|
|
1297
|
-
await
|
|
1299
|
+
await T.setSessionStateAsync(l), h = await T.getNonceAsync(), g = T.getLoginParams(), w = await T.getStateAsync(), _ = T;
|
|
1298
1300
|
}
|
|
1299
1301
|
const k = Y(u);
|
|
1300
1302
|
if (k.error || k.error_description)
|
|
@@ -1303,67 +1305,67 @@ const _n = () => {
|
|
|
1303
1305
|
throw console.error(), new Error(
|
|
1304
1306
|
`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`
|
|
1305
1307
|
);
|
|
1306
|
-
if (k.state && k.state !==
|
|
1307
|
-
throw new Error(`State not valid (expected: ${
|
|
1308
|
-
const
|
|
1308
|
+
if (k.state && k.state !== w)
|
|
1309
|
+
throw new Error(`State not valid (expected: ${w}, received: ${k.state})`);
|
|
1310
|
+
const v = {
|
|
1309
1311
|
code: k.code,
|
|
1310
1312
|
grant_type: "authorization_code",
|
|
1311
1313
|
client_id: s.client_id,
|
|
1312
1314
|
redirect_uri: o
|
|
1313
|
-
},
|
|
1315
|
+
}, b = {};
|
|
1314
1316
|
if (s.token_request_extras)
|
|
1315
|
-
for (const [
|
|
1316
|
-
|
|
1317
|
-
if (
|
|
1318
|
-
for (const [
|
|
1319
|
-
|
|
1320
|
-
const
|
|
1317
|
+
for (const [T, x] of Object.entries(s.token_request_extras))
|
|
1318
|
+
b[T] = x;
|
|
1319
|
+
if (g != null && g.extras)
|
|
1320
|
+
for (const [T, x] of Object.entries(g.extras))
|
|
1321
|
+
T.endsWith(":token_request") && (b[T.replace(":token_request", "")] = x);
|
|
1322
|
+
const A = a.tokenEndpoint, S = {};
|
|
1321
1323
|
if (s.demonstrating_proof_of_possession)
|
|
1322
1324
|
if (c)
|
|
1323
|
-
|
|
1325
|
+
S.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
|
|
1324
1326
|
else {
|
|
1325
|
-
const
|
|
1327
|
+
const T = await Ge(window)(
|
|
1326
1328
|
s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
|
|
1327
1329
|
);
|
|
1328
|
-
await P(e.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(
|
|
1330
|
+
await P(e.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(T), S.DPoP = await Te(window)(
|
|
1329
1331
|
s.demonstrating_proof_of_possession_configuration
|
|
1330
|
-
)(
|
|
1332
|
+
)(T, "POST", A);
|
|
1331
1333
|
}
|
|
1332
|
-
const
|
|
1333
|
-
|
|
1334
|
-
{ ...
|
|
1335
|
-
|
|
1334
|
+
const y = await tn(_)(
|
|
1335
|
+
A,
|
|
1336
|
+
{ ...v, ...b },
|
|
1337
|
+
S,
|
|
1336
1338
|
e.configuration.token_renew_mode,
|
|
1337
1339
|
r
|
|
1338
1340
|
);
|
|
1339
|
-
if (!
|
|
1341
|
+
if (!y.success)
|
|
1340
1342
|
throw new Error("Token request failed");
|
|
1341
|
-
let
|
|
1342
|
-
const
|
|
1343
|
-
if (
|
|
1343
|
+
let O;
|
|
1344
|
+
const d = y.data.tokens, p = y.data.demonstratingProofOfPossessionNonce;
|
|
1345
|
+
if (y.data.state !== b.state)
|
|
1344
1346
|
throw new Error("state is not valid");
|
|
1345
|
-
const { isValid:
|
|
1346
|
-
|
|
1347
|
-
|
|
1347
|
+
const { isValid: N, reason: D } = pe(
|
|
1348
|
+
d,
|
|
1349
|
+
h.nonce,
|
|
1348
1350
|
a
|
|
1349
1351
|
);
|
|
1350
|
-
if (!
|
|
1351
|
-
throw new Error(`Tokens are not OpenID valid, reason: ${
|
|
1352
|
+
if (!N)
|
|
1353
|
+
throw new Error(`Tokens are not OpenID valid, reason: ${D}`);
|
|
1352
1354
|
if (c) {
|
|
1353
|
-
if (
|
|
1355
|
+
if (d.refreshToken && !d.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1354
1356
|
throw new Error("Refresh token should be hidden by service worker");
|
|
1355
|
-
if (
|
|
1357
|
+
if (p && (d != null && d.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))
|
|
1356
1358
|
throw new Error(
|
|
1357
1359
|
"Demonstration of proof of possession require Access token not hidden by service worker"
|
|
1358
1360
|
);
|
|
1359
1361
|
}
|
|
1360
1362
|
if (c)
|
|
1361
|
-
await c.initAsync(a, "syncTokensAsync", s),
|
|
1362
|
-
|
|
1363
|
+
await c.initAsync(a, "syncTokensAsync", s), O = c.getLoginParams(), p && await c.setDemonstratingProofOfPossessionNonce(
|
|
1364
|
+
p
|
|
1363
1365
|
);
|
|
1364
1366
|
else {
|
|
1365
|
-
const
|
|
1366
|
-
|
|
1367
|
+
const T = P(e.configurationName, s.storage);
|
|
1368
|
+
O = T.getLoginParams(), p && await T.setDemonstratingProofOfPossessionNonce(p);
|
|
1367
1369
|
}
|
|
1368
1370
|
return await e.startCheckSessionAsync(
|
|
1369
1371
|
a.checkSessionIframe,
|
|
@@ -1371,14 +1373,14 @@ const _n = () => {
|
|
|
1371
1373
|
l,
|
|
1372
1374
|
n
|
|
1373
1375
|
), e.publishEvent(m.loginCallbackAsync_end, {}), {
|
|
1374
|
-
tokens:
|
|
1376
|
+
tokens: d,
|
|
1375
1377
|
state: "request.state",
|
|
1376
|
-
callbackPath:
|
|
1378
|
+
callbackPath: O.callbackPath
|
|
1377
1379
|
};
|
|
1378
1380
|
} catch (s) {
|
|
1379
1381
|
throw console.error(s), e.publishEvent(m.loginCallbackAsync_error, s), s;
|
|
1380
1382
|
}
|
|
1381
|
-
},
|
|
1383
|
+
}, ge = {
|
|
1382
1384
|
access_token: "access_token",
|
|
1383
1385
|
refresh_token: "refresh_token"
|
|
1384
1386
|
}, z = (e, n) => {
|
|
@@ -1401,11 +1403,11 @@ const _n = () => {
|
|
|
1401
1403
|
}
|
|
1402
1404
|
return n;
|
|
1403
1405
|
}, kn = (e) => async (n) => {
|
|
1404
|
-
|
|
1406
|
+
U.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
|
|
1405
1407
|
const s = await I(e.configuration, e.configurationName);
|
|
1406
1408
|
s ? await s.clearAsync(n) : await P(e.configurationName, e.configuration.storage).clearAsync(n), e.tokens = null, e.userInfo = null;
|
|
1407
1409
|
}, mn = (e, n, s, t, o) => async (i = void 0, r = null) => {
|
|
1408
|
-
var
|
|
1410
|
+
var v, b;
|
|
1409
1411
|
const a = e.configuration, u = await e.initAsync(
|
|
1410
1412
|
a.authority,
|
|
1411
1413
|
a.authority_configuration
|
|
@@ -1416,55 +1418,55 @@ const _n = () => {
|
|
|
1416
1418
|
i && (l = i.includes("https://") || i.includes("http://"));
|
|
1417
1419
|
const c = l ? i : o.getOrigin() + f, _ = e.tokens ? e.tokens.idToken : "";
|
|
1418
1420
|
try {
|
|
1419
|
-
const
|
|
1420
|
-
if (
|
|
1421
|
-
const
|
|
1422
|
-
if (
|
|
1423
|
-
const
|
|
1424
|
-
|
|
1425
|
-
|
|
1421
|
+
const A = u.revocationEndpoint;
|
|
1422
|
+
if (A) {
|
|
1423
|
+
const S = [], y = e.tokens ? e.tokens.accessToken : null;
|
|
1424
|
+
if (y && a.logout_tokens_to_invalidate.includes(ge.access_token)) {
|
|
1425
|
+
const d = z(r, ":revoke_access_token"), p = he(s)(
|
|
1426
|
+
A,
|
|
1427
|
+
y,
|
|
1426
1428
|
ne.access_token,
|
|
1427
1429
|
a.client_id,
|
|
1428
|
-
|
|
1430
|
+
d
|
|
1429
1431
|
);
|
|
1430
|
-
|
|
1432
|
+
S.push(p);
|
|
1431
1433
|
}
|
|
1432
|
-
const
|
|
1433
|
-
if (
|
|
1434
|
-
const
|
|
1435
|
-
|
|
1436
|
-
|
|
1434
|
+
const O = e.tokens ? e.tokens.refreshToken : null;
|
|
1435
|
+
if (O && a.logout_tokens_to_invalidate.includes(ge.refresh_token)) {
|
|
1436
|
+
const d = z(r, ":revoke_refresh_token"), p = he(s)(
|
|
1437
|
+
A,
|
|
1438
|
+
O,
|
|
1437
1439
|
ne.refresh_token,
|
|
1438
1440
|
a.client_id,
|
|
1439
|
-
|
|
1441
|
+
d
|
|
1440
1442
|
);
|
|
1441
|
-
|
|
1443
|
+
S.push(p);
|
|
1442
1444
|
}
|
|
1443
|
-
|
|
1445
|
+
S.length > 0 && await Promise.all(S);
|
|
1444
1446
|
}
|
|
1445
|
-
} catch (
|
|
1447
|
+
} catch (A) {
|
|
1446
1448
|
t.warn(
|
|
1447
1449
|
"logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"
|
|
1448
|
-
), t.warn(
|
|
1450
|
+
), t.warn(A);
|
|
1449
1451
|
}
|
|
1450
|
-
const
|
|
1452
|
+
const h = ((b = (v = e.tokens) == null ? void 0 : v.idTokenPayload) == null ? void 0 : b.sub) ?? null;
|
|
1451
1453
|
await e.destroyAsync("LOGGED_OUT");
|
|
1452
|
-
for (const [,
|
|
1453
|
-
|
|
1454
|
-
const
|
|
1455
|
-
if (
|
|
1454
|
+
for (const [, A] of Object.entries(n))
|
|
1455
|
+
A !== e ? await e.logoutSameTabAsync(e.configuration.client_id, h) : e.publishEvent(m.logout_from_same_tab, {});
|
|
1456
|
+
const g = z(r, ":oidc");
|
|
1457
|
+
if (g && g.no_reload === "true")
|
|
1456
1458
|
return;
|
|
1457
1459
|
const k = gn(r);
|
|
1458
1460
|
if (u.endSessionEndpoint) {
|
|
1459
1461
|
"id_token_hint" in k || (k.id_token_hint = _), !("post_logout_redirect_uri" in k) && i !== null && (k.post_logout_redirect_uri = c);
|
|
1460
|
-
let
|
|
1461
|
-
for (const [
|
|
1462
|
-
|
|
1463
|
-
o.open(`${u.endSessionEndpoint}${
|
|
1462
|
+
let A = "";
|
|
1463
|
+
for (const [S, y] of Object.entries(k))
|
|
1464
|
+
y != null && (A === "" ? A += "?" : A += "&", A += `${S}=${encodeURIComponent(y)}`);
|
|
1465
|
+
o.open(`${u.endSessionEndpoint}${A}`);
|
|
1464
1466
|
} else
|
|
1465
1467
|
o.reload();
|
|
1466
|
-
},
|
|
1467
|
-
var
|
|
1468
|
+
}, Pe = (e, n, s = !1) => async (...t) => {
|
|
1469
|
+
var h;
|
|
1468
1470
|
const [o, i, ...r] = t, a = i ? { ...i } : { method: "GET" };
|
|
1469
1471
|
let u = new Headers();
|
|
1470
1472
|
a.headers && (u = a.headers instanceof Headers ? a.headers : new Headers(a.headers));
|
|
@@ -1475,17 +1477,17 @@ const _n = () => {
|
|
|
1475
1477
|
refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
|
|
1476
1478
|
},
|
|
1477
1479
|
renewTokensAsync: n.renewTokensAsync.bind(n)
|
|
1478
|
-
}, l = await
|
|
1480
|
+
}, l = await me(f);
|
|
1479
1481
|
console.log("getValidTokenAsync"), console.log(l);
|
|
1480
|
-
const c = (
|
|
1482
|
+
const c = (h = l == null ? void 0 : l.tokens) == null ? void 0 : h.accessToken;
|
|
1481
1483
|
if (u.has("Accept") || u.set("Accept", "application/json"), c) {
|
|
1482
1484
|
if (n.configuration.demonstrating_proof_of_possession && s) {
|
|
1483
|
-
const
|
|
1485
|
+
const g = await n.generateDemonstrationOfProofOfPossessionAsync(
|
|
1484
1486
|
c,
|
|
1485
1487
|
o.toString(),
|
|
1486
1488
|
a.method
|
|
1487
1489
|
);
|
|
1488
|
-
u.set("Authorization", `PoP ${c}`), u.set("DPoP",
|
|
1490
|
+
u.set("Authorization", `PoP ${c}`), u.set("DPoP", g);
|
|
1489
1491
|
} else
|
|
1490
1492
|
u.set("Authorization", `Bearer ${c}`);
|
|
1491
1493
|
a.credentials || (a.credentials = "same-origin");
|
|
@@ -1499,7 +1501,7 @@ const _n = () => {
|
|
|
1499
1501
|
t.authority,
|
|
1500
1502
|
t.authority_configuration
|
|
1501
1503
|
)).userInfoEndpoint, a = await (async () => {
|
|
1502
|
-
const f = await
|
|
1504
|
+
const f = await Pe(fetch, e, s)(i);
|
|
1503
1505
|
return f.status !== 200 ? null : f.json();
|
|
1504
1506
|
})();
|
|
1505
1507
|
return e.userInfo = a, a;
|
|
@@ -1509,7 +1511,7 @@ class se {
|
|
|
1509
1511
|
this.authorizationEndpoint = n.authorization_endpoint, this.tokenEndpoint = n.token_endpoint, this.revocationEndpoint = n.revocation_endpoint, this.userInfoEndpoint = n.userinfo_endpoint, this.checkSessionIframe = n.check_session_iframe, this.issuer = n.issuer, this.endSessionEndpoint = n.end_session_endpoint;
|
|
1510
1512
|
}
|
|
1511
1513
|
}
|
|
1512
|
-
const
|
|
1514
|
+
const L = {}, An = (e, n = new q()) => (s, t = "default") => (L[t] || (L[t] = new C(s, t, e, n)), L[t]), Sn = async (e) => {
|
|
1513
1515
|
const { parsedTokens: n, callbackPath: s } = await e.loginCallbackAsync();
|
|
1514
1516
|
return e.timeoutId = M(e, n.expiresAt), { callbackPath: s };
|
|
1515
1517
|
}, Tn = (e) => Math.floor(Math.random() * e), F = class F {
|
|
@@ -1555,10 +1557,10 @@ const x = {}, An = (e, n = new q()) => (s, t = "default") => (x[t] || (x[t] = ne
|
|
|
1555
1557
|
}
|
|
1556
1558
|
static get(n = "default") {
|
|
1557
1559
|
const s = typeof process > "u";
|
|
1558
|
-
if (!Object.prototype.hasOwnProperty.call(
|
|
1560
|
+
if (!Object.prototype.hasOwnProperty.call(L, n) && s)
|
|
1559
1561
|
throw Error(`OIDC library does seem initialized.
|
|
1560
1562
|
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);
|
|
1561
|
-
return
|
|
1563
|
+
return L[n];
|
|
1562
1564
|
}
|
|
1563
1565
|
_silentLoginCallbackFromIFrame() {
|
|
1564
1566
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
@@ -1620,7 +1622,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1620
1622
|
}));
|
|
1621
1623
|
}
|
|
1622
1624
|
async startCheckSessionAsync(n, s, t, o = !1) {
|
|
1623
|
-
await an(this,
|
|
1625
|
+
await an(this, L, this.configuration)(
|
|
1624
1626
|
n,
|
|
1625
1627
|
s,
|
|
1626
1628
|
t,
|
|
@@ -1657,13 +1659,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1657
1659
|
}
|
|
1658
1660
|
async generateDemonstrationOfProofOfPossessionAsync(n, s, t, o = {}) {
|
|
1659
1661
|
const i = this.configuration, r = {
|
|
1660
|
-
ath: await
|
|
1662
|
+
ath: await be(n),
|
|
1661
1663
|
...o
|
|
1662
1664
|
};
|
|
1663
1665
|
if (await I(i, this.configurationName))
|
|
1664
1666
|
return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
|
|
1665
1667
|
const u = P(this.configurationName, i.storage), f = await u.getDemonstratingProofOfPossessionJwkAsync(), l = u.getDemonstratingProofOfPossessionNonce();
|
|
1666
|
-
return l && (r.nonce = l), await
|
|
1668
|
+
return l && (r.nonce = l), await Te(window)(
|
|
1667
1669
|
i.demonstrating_proof_of_possession_configuration
|
|
1668
1670
|
)(f, t, s, r);
|
|
1669
1671
|
}
|
|
@@ -1681,7 +1683,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1681
1683
|
if (this.renewTokensPromise !== null)
|
|
1682
1684
|
return this.renewTokensPromise;
|
|
1683
1685
|
if (this.timeoutId)
|
|
1684
|
-
return
|
|
1686
|
+
return U.clearTimeout(this.timeoutId), this.renewTokensPromise = Ee(this, !0, n), this.renewTokensPromise.finally(() => {
|
|
1685
1687
|
this.renewTokensPromise = null;
|
|
1686
1688
|
});
|
|
1687
1689
|
}
|
|
@@ -1697,7 +1699,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1697
1699
|
async logoutAsync(n = void 0, s = null) {
|
|
1698
1700
|
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = mn(
|
|
1699
1701
|
this,
|
|
1700
|
-
|
|
1702
|
+
L,
|
|
1701
1703
|
this.getFetch(),
|
|
1702
1704
|
console,
|
|
1703
1705
|
this.location
|
|
@@ -1708,7 +1710,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1708
1710
|
};
|
|
1709
1711
|
F.getOrCreate = (n, s) => (t, o = "default") => An(n, s)(t, o), F.eventNames = m;
|
|
1710
1712
|
let C = F;
|
|
1711
|
-
const
|
|
1713
|
+
const K = class K {
|
|
1712
1714
|
constructor(n) {
|
|
1713
1715
|
this._oidc = n;
|
|
1714
1716
|
}
|
|
@@ -1722,7 +1724,7 @@ const $ = class $ {
|
|
|
1722
1724
|
this._oidc.publishEvent(n, s);
|
|
1723
1725
|
}
|
|
1724
1726
|
static get(n = "default") {
|
|
1725
|
-
return new
|
|
1727
|
+
return new K(C.get(n));
|
|
1726
1728
|
}
|
|
1727
1729
|
tryKeepExistingSessionAsync() {
|
|
1728
1730
|
return this._oidc.tryKeepExistingSessionAsync();
|
|
@@ -1765,10 +1767,10 @@ const $ = class $ {
|
|
|
1765
1767
|
},
|
|
1766
1768
|
renewTokensAsync: t.renewTokensAsync.bind(t)
|
|
1767
1769
|
};
|
|
1768
|
-
return
|
|
1770
|
+
return me(o, n, s);
|
|
1769
1771
|
}
|
|
1770
1772
|
fetchWithTokens(n, s = !1) {
|
|
1771
|
-
return
|
|
1773
|
+
return Pe(n, this._oidc, s);
|
|
1772
1774
|
}
|
|
1773
1775
|
async userInfoAsync(n = !1, s = !1) {
|
|
1774
1776
|
return this._oidc.userInfoAsync(n, s);
|
|
@@ -1777,10 +1779,10 @@ const $ = class $ {
|
|
|
1777
1779
|
return this._oidc.userInfo;
|
|
1778
1780
|
}
|
|
1779
1781
|
};
|
|
1780
|
-
|
|
1781
|
-
let
|
|
1782
|
+
K.getOrCreate = (n, s = new q()) => (t, o = "default") => new K(C.getOrCreate(n, s)(t, o)), K.eventNames = C.eventNames;
|
|
1783
|
+
let ke = K;
|
|
1782
1784
|
export {
|
|
1783
|
-
|
|
1785
|
+
ke as OidcClient,
|
|
1784
1786
|
q as OidcLocation,
|
|
1785
1787
|
J as TokenAutomaticRenewMode,
|
|
1786
1788
|
Q as TokenRenewMode,
|