@axa-fr/oidc-client 7.22.31 → 7.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/OidcTrustedDomains.js +1 -0
- package/dist/fetch.d.ts.map +1 -1
- package/dist/index.js +120 -122
- package/dist/index.umd.cjs +2 -2
- package/dist/oidcClient.d.ts +2 -2
- package/dist/oidcClient.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/fetch.ts +1 -4
- package/src/oidcClient.ts +4 -4
- package/src/version.ts +1 -1
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
const trustedDomains = {
|
|
8
8
|
default: ['https://demo.duendesoftware.com', 'https://kdhttps.auth0.com'],
|
|
9
9
|
config_classic: ['https://demo.duendesoftware.com'],
|
|
10
|
+
config_with_monitor_session: ['https://demo.duendesoftware.com'],
|
|
10
11
|
config_without_silent_login: ['https://demo.duendesoftware.com'],
|
|
11
12
|
config_without_refresh_token: ['https://demo.duendesoftware.com'],
|
|
12
13
|
config_without_refresh_token_silent_login: ['https://demo.duendesoftware.com'],
|
package/dist/fetch.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAE1B,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAGhC,eAAO,MAAM,eAAe,UAClB,KAAK,QAAQ,IAAI,GAAG,IAAI,sCAAqC,OAAO,KAAW,
|
|
1
|
+
{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAE1B,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAGhC,eAAO,MAAM,eAAe,UAClB,KAAK,QAAQ,IAAI,GAAG,IAAI,sCAAqC,OAAO,KAAW,KAkDtF,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -88,9 +88,9 @@ const m = {
|
|
|
88
88
|
n[`oidc.session_state.${e}`] = y;
|
|
89
89
|
}, r = async () => n[`oidc.session_state.${e}`], a = (y) => {
|
|
90
90
|
n[`oidc.nonce.${e}`] = y.nonce;
|
|
91
|
-
},
|
|
91
|
+
}, l = (y) => {
|
|
92
92
|
n[`oidc.jwk.${e}`] = JSON.stringify(y);
|
|
93
|
-
}, f = () => JSON.parse(n[`oidc.jwk.${e}`]),
|
|
93
|
+
}, f = () => JSON.parse(n[`oidc.jwk.${e}`]), u = async () => ({ nonce: n[`oidc.nonce.${e}`] }), c = async (y) => {
|
|
94
94
|
n[`oidc.dpop_nonce.${e}`] = y;
|
|
95
95
|
}, _ = () => n[`oidc.dpop_nonce.${e}`], h = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, g = {};
|
|
96
96
|
return {
|
|
@@ -101,7 +101,7 @@ const m = {
|
|
|
101
101
|
setSessionStateAsync: i,
|
|
102
102
|
getSessionStateAsync: r,
|
|
103
103
|
setNonceAsync: a,
|
|
104
|
-
getNonceAsync:
|
|
104
|
+
getNonceAsync: u,
|
|
105
105
|
setLoginParams: (y) => {
|
|
106
106
|
g[e] = y, n[`oidc.login.${e}`] = JSON.stringify(y);
|
|
107
107
|
},
|
|
@@ -121,7 +121,7 @@ const m = {
|
|
|
121
121
|
},
|
|
122
122
|
setDemonstratingProofOfPossessionNonce: c,
|
|
123
123
|
getDemonstratingProofOfPossessionNonce: _,
|
|
124
|
-
setDemonstratingProofOfPossessionJwkAsync:
|
|
124
|
+
setDemonstratingProofOfPossessionJwkAsync: l,
|
|
125
125
|
getDemonstratingProofOfPossessionJwkAsync: f
|
|
126
126
|
};
|
|
127
127
|
};
|
|
@@ -155,11 +155,11 @@ const te = (e, n = null, s) => {
|
|
|
155
155
|
e.accessTokenPayload !== void 0 ? t = e.accessTokenPayload : t = ce(e.accessToken);
|
|
156
156
|
let i;
|
|
157
157
|
n != null && "idToken" in n && !("idToken" in e) ? i = n.idToken : i = e.idToken;
|
|
158
|
-
const r = e.idTokenPayload ? e.idTokenPayload : ce(i), a = r && r.exp ? r.exp : Number.MAX_VALUE,
|
|
158
|
+
const r = e.idTokenPayload ? e.idTokenPayload : ce(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, l = t && t.exp ? t.exp : e.issuedAt + o;
|
|
159
159
|
e.issuedAt = We(e, t, r);
|
|
160
160
|
let f;
|
|
161
|
-
e.expiresAt ? f = e.expiresAt : s === Q.access_token_invalid ? f =
|
|
162
|
-
const
|
|
161
|
+
e.expiresAt ? f = e.expiresAt : s === Q.access_token_invalid ? f = l : s === Q.id_token_invalid ? f = a : f = a < l ? a : l;
|
|
162
|
+
const u = {
|
|
163
163
|
...e,
|
|
164
164
|
idTokenPayload: r,
|
|
165
165
|
accessTokenPayload: t,
|
|
@@ -168,9 +168,9 @@ const te = (e, n = null, s) => {
|
|
|
168
168
|
};
|
|
169
169
|
if (n != null && "refreshToken" in n && !("refreshToken" in e)) {
|
|
170
170
|
const c = n.refreshToken;
|
|
171
|
-
return { ...
|
|
171
|
+
return { ...u, refreshToken: c };
|
|
172
172
|
}
|
|
173
|
-
return
|
|
173
|
+
return u;
|
|
174
174
|
}, oe = (e, n, s) => {
|
|
175
175
|
if (!e)
|
|
176
176
|
return null;
|
|
@@ -187,10 +187,10 @@ const te = (e, n = null, s) => {
|
|
|
187
187
|
issuedAt: e.issued_at
|
|
188
188
|
};
|
|
189
189
|
return "refresh_token" in e && (t.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (t.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (t.idTokenPayload = e.idTokenPayload), te(t, n, s);
|
|
190
|
-
},
|
|
190
|
+
}, F = (e, n) => {
|
|
191
191
|
const s = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = n - s;
|
|
192
192
|
return Math.round(t - e);
|
|
193
|
-
}, le = (e, n = 0) => e ?
|
|
193
|
+
}, le = (e, n = 0) => e ? F(n, e.expiresAt) > 0 : !1, me = async (e, n = 200, s = 50) => {
|
|
194
194
|
let t = s;
|
|
195
195
|
if (!e.getTokens())
|
|
196
196
|
return null;
|
|
@@ -245,7 +245,7 @@ const te = (e, n = null, s) => {
|
|
|
245
245
|
setInterval: setInterval.bind(e),
|
|
246
246
|
clearInterval: clearInterval.bind(e)
|
|
247
247
|
};
|
|
248
|
-
}(), ue = "7.
|
|
248
|
+
}(), ue = "7.23.0";
|
|
249
249
|
let _e = null, j;
|
|
250
250
|
const X = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), we = (e = "/") => {
|
|
251
251
|
try {
|
|
@@ -321,7 +321,7 @@ const X = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), we =
|
|
|
321
321
|
type: "setSessionState",
|
|
322
322
|
data: { sessionState: d },
|
|
323
323
|
configurationName: n
|
|
324
|
-
}),
|
|
324
|
+
}), l = async () => (await E(t)({
|
|
325
325
|
type: "getSessionState",
|
|
326
326
|
data: null,
|
|
327
327
|
configurationName: n
|
|
@@ -329,7 +329,7 @@ const X = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), we =
|
|
|
329
329
|
type: "setNonce",
|
|
330
330
|
data: { nonce: d },
|
|
331
331
|
configurationName: n
|
|
332
|
-
})),
|
|
332
|
+
})), u = async () => {
|
|
333
333
|
let p = (await E(t)({
|
|
334
334
|
type: "getNonce",
|
|
335
335
|
data: null,
|
|
@@ -343,9 +343,9 @@ const X = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), we =
|
|
|
343
343
|
startKeepAliveServiceWorker: () => r(e.service_worker_keep_alive_path),
|
|
344
344
|
isServiceWorkerProxyActiveAsync: () => Le(e.service_worker_keep_alive_path),
|
|
345
345
|
setSessionStateAsync: a,
|
|
346
|
-
getSessionStateAsync:
|
|
346
|
+
getSessionStateAsync: l,
|
|
347
347
|
setNonceAsync: f,
|
|
348
|
-
getNonceAsync:
|
|
348
|
+
getNonceAsync: u,
|
|
349
349
|
setLoginParams: (d) => {
|
|
350
350
|
c[n] = d, localStorage[`oidc.login.${n}`] = JSON.stringify(d);
|
|
351
351
|
},
|
|
@@ -439,7 +439,7 @@ const ie = (e) => {
|
|
|
439
439
|
function de(e) {
|
|
440
440
|
return Se(Ue(e));
|
|
441
441
|
}
|
|
442
|
-
const
|
|
442
|
+
const Fe = {
|
|
443
443
|
importKeyAlgorithm: {
|
|
444
444
|
name: "ECDSA",
|
|
445
445
|
namedCurve: "P-256",
|
|
@@ -452,7 +452,7 @@ const Ve = {
|
|
|
452
452
|
},
|
|
453
453
|
digestAlgorithm: { name: "SHA-256" },
|
|
454
454
|
jwtHeaderAlgorithm: "ES256"
|
|
455
|
-
},
|
|
455
|
+
}, Ve = (e) => async (n, s, t, o, i = "dpop+jwt") => {
|
|
456
456
|
switch (n = Object.assign({}, n), s.typ = i, s.alg = o.jwtHeaderAlgorithm, s.alg) {
|
|
457
457
|
case "ES256":
|
|
458
458
|
s.jwk = { kty: n.kty, crv: n.crv, x: n.x, y: n.y };
|
|
@@ -470,9 +470,9 @@ const Ve = {
|
|
|
470
470
|
// @ts-ignore
|
|
471
471
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
472
472
|
payload: de(JSON.stringify(t))
|
|
473
|
-
}, a = o.importKeyAlgorithm,
|
|
473
|
+
}, a = o.importKeyAlgorithm, l = !0, f = ["sign"], u = await e.crypto.subtle.importKey("jwk", n, a, l, f), c = Ae(`${r.protected}.${r.payload}`), _ = o.signAlgorithm, h = await e.crypto.subtle.sign(_, u, c);
|
|
474
474
|
return r.signature = ie(new Uint8Array(h)), `${r.protected}.${r.payload}.${r.signature}`;
|
|
475
|
-
}, Je = { sign:
|
|
475
|
+
}, Je = { sign: Ve }, Me = (e) => async (n) => {
|
|
476
476
|
const s = n, t = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(s, t, o);
|
|
477
477
|
return await e.crypto.subtle.exportKey("jwk", i.privateKey);
|
|
478
478
|
}, Be = (e) => {
|
|
@@ -561,10 +561,10 @@ const Qe = (e) => {
|
|
|
561
561
|
const i = `${n}/.well-known/openid-configuration`, r = `oidc.server:${n}`, a = $e(r, t, s);
|
|
562
562
|
if (a)
|
|
563
563
|
return new se(a);
|
|
564
|
-
const
|
|
565
|
-
if (
|
|
564
|
+
const l = await B(e)(i, {}, o);
|
|
565
|
+
if (l.status !== 200)
|
|
566
566
|
return null;
|
|
567
|
-
const f = await
|
|
567
|
+
const f = await l.json();
|
|
568
568
|
return Ke(r, f, t), new se(f);
|
|
569
569
|
}, B = (e) => async (n, s = {}, t = 1e4, o = 0) => {
|
|
570
570
|
let i;
|
|
@@ -591,12 +591,12 @@ const Qe = (e) => {
|
|
|
591
591
|
};
|
|
592
592
|
for (const [c, _] of Object.entries(i))
|
|
593
593
|
a[c] === void 0 && (a[c] = _);
|
|
594
|
-
const
|
|
594
|
+
const l = [];
|
|
595
595
|
for (const c in a) {
|
|
596
596
|
const _ = encodeURIComponent(c), h = encodeURIComponent(a[c]);
|
|
597
|
-
|
|
597
|
+
l.push(`${_}=${h}`);
|
|
598
598
|
}
|
|
599
|
-
const f =
|
|
599
|
+
const f = l.join("&");
|
|
600
600
|
return (await B(e)(
|
|
601
601
|
n,
|
|
602
602
|
{
|
|
@@ -613,12 +613,12 @@ const Qe = (e) => {
|
|
|
613
613
|
}, nn = (e) => async (n, s, t, o, i = {}, r, a = 1e4) => {
|
|
614
614
|
for (const [h, g] of Object.entries(t))
|
|
615
615
|
s[h] === void 0 && (s[h] = g);
|
|
616
|
-
const
|
|
616
|
+
const l = [];
|
|
617
617
|
for (const h in s) {
|
|
618
618
|
const g = encodeURIComponent(h), w = encodeURIComponent(s[h]);
|
|
619
|
-
|
|
619
|
+
l.push(`${g}=${w}`);
|
|
620
620
|
}
|
|
621
|
-
const f =
|
|
621
|
+
const f = l.join("&"), u = await B(e)(
|
|
622
622
|
n,
|
|
623
623
|
{
|
|
624
624
|
method: "POST",
|
|
@@ -630,19 +630,19 @@ const Qe = (e) => {
|
|
|
630
630
|
},
|
|
631
631
|
a
|
|
632
632
|
);
|
|
633
|
-
if (
|
|
633
|
+
if (u.status !== 200)
|
|
634
634
|
return {
|
|
635
635
|
success: !1,
|
|
636
|
-
status:
|
|
636
|
+
status: u.status,
|
|
637
637
|
demonstratingProofOfPossessionNonce: null
|
|
638
638
|
};
|
|
639
|
-
const c = await
|
|
639
|
+
const c = await u.json();
|
|
640
640
|
let _ = null;
|
|
641
|
-
return
|
|
641
|
+
return u.headers.has(G) && (_ = u.headers.get(
|
|
642
642
|
G
|
|
643
643
|
)), {
|
|
644
644
|
success: !0,
|
|
645
|
-
status:
|
|
645
|
+
status: u.status,
|
|
646
646
|
data: oe(c, o, r),
|
|
647
647
|
demonstratingProofOfPossessionNonce: _
|
|
648
648
|
};
|
|
@@ -652,8 +652,8 @@ const Qe = (e) => {
|
|
|
652
652
|
await e.setCodeVerifierAsync(o), await e.setStateAsync(t.state), t.code_challenge = i, t.code_challenge_method = "S256";
|
|
653
653
|
let r = "";
|
|
654
654
|
if (t)
|
|
655
|
-
for (const [a,
|
|
656
|
-
r === "" ? r += "?" : r += "&", r += `${a}=${encodeURIComponent(
|
|
655
|
+
for (const [a, l] of Object.entries(t))
|
|
656
|
+
r === "" ? r += "?" : r += "&", r += `${a}=${encodeURIComponent(l)}`;
|
|
657
657
|
n.open(`${s}${r}`);
|
|
658
658
|
}, G = "DPoP-Nonce", tn = (e) => async (n, s, t, o, i = 1e4) => {
|
|
659
659
|
s = s ? { ...s } : {}, s.code_verifier = await e.getCodeVerifierAsync();
|
|
@@ -662,7 +662,7 @@ const Qe = (e) => {
|
|
|
662
662
|
const _ = encodeURIComponent(c), h = encodeURIComponent(s[c]);
|
|
663
663
|
r.push(`${_}=${h}`);
|
|
664
664
|
}
|
|
665
|
-
const a = r.join("&"),
|
|
665
|
+
const a = r.join("&"), l = await B(fetch)(
|
|
666
666
|
n,
|
|
667
667
|
{
|
|
668
668
|
method: "POST",
|
|
@@ -674,18 +674,18 @@ const Qe = (e) => {
|
|
|
674
674
|
},
|
|
675
675
|
i
|
|
676
676
|
);
|
|
677
|
-
if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]),
|
|
678
|
-
return { success: !1, status:
|
|
677
|
+
if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), l.status !== 200)
|
|
678
|
+
return { success: !1, status: l.status };
|
|
679
679
|
let f = null;
|
|
680
|
-
|
|
680
|
+
l.headers.has(G) && (f = l.headers.get(
|
|
681
681
|
G
|
|
682
682
|
));
|
|
683
|
-
const
|
|
683
|
+
const u = await l.json();
|
|
684
684
|
return {
|
|
685
685
|
success: !0,
|
|
686
686
|
data: {
|
|
687
687
|
state: s.state,
|
|
688
|
-
tokens: oe(
|
|
688
|
+
tokens: oe(u, null, o),
|
|
689
689
|
demonstratingProofOfPossessionNonce: f
|
|
690
690
|
}
|
|
691
691
|
};
|
|
@@ -713,7 +713,7 @@ async function Ee(e, n = !1, s = null) {
|
|
|
713
713
|
a = await navigator.locks.request(
|
|
714
714
|
o,
|
|
715
715
|
{ ifAvailable: !0 },
|
|
716
|
-
async (
|
|
716
|
+
async (l) => l ? await ye(e, n, s) : (e.publishEvent(C.eventNames.syncTokensAsync_lock_not_available, {
|
|
717
717
|
lock: "lock not available"
|
|
718
718
|
}), "retry")
|
|
719
719
|
);
|
|
@@ -724,7 +724,7 @@ async function Ee(e, n = !1, s = null) {
|
|
|
724
724
|
const M = (e, n, s = null) => {
|
|
725
725
|
const t = e.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
726
726
|
return e.timeoutId && U.clearTimeout(e.timeoutId), U.setTimeout(async () => {
|
|
727
|
-
const i = { timeLeft:
|
|
727
|
+
const i = { timeLeft: F(t, n) };
|
|
728
728
|
e.publishEvent(C.eventNames.token_timer, i), await Ee(e, !1, s);
|
|
729
729
|
}, 1e3);
|
|
730
730
|
}, W = {
|
|
@@ -743,9 +743,9 @@ const M = (e, n, s = null) => {
|
|
|
743
743
|
const a = await e.initAsync(
|
|
744
744
|
n.authority,
|
|
745
745
|
n.authority_configuration
|
|
746
|
-
),
|
|
747
|
-
if (
|
|
748
|
-
const { status: c, tokens: _ } = await
|
|
746
|
+
), l = await I(n, s);
|
|
747
|
+
if (l) {
|
|
748
|
+
const { status: c, tokens: _ } = await l.initAsync(
|
|
749
749
|
a,
|
|
750
750
|
"syncTokensAsync",
|
|
751
751
|
n
|
|
@@ -757,13 +757,13 @@ const M = (e, n, s = null) => {
|
|
|
757
757
|
if (!c || !_)
|
|
758
758
|
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: i };
|
|
759
759
|
if (_.issuedAt !== t.issuedAt) {
|
|
760
|
-
const g =
|
|
760
|
+
const g = F(
|
|
761
761
|
n.refresh_time_before_tokens_expiration_in_second,
|
|
762
762
|
_.expiresAt
|
|
763
|
-
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", w = await
|
|
763
|
+
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", w = await l.getNonceAsync();
|
|
764
764
|
return { tokens: _, status: g, nonce: w };
|
|
765
765
|
}
|
|
766
|
-
r = await
|
|
766
|
+
r = await l.getNonceAsync();
|
|
767
767
|
} else {
|
|
768
768
|
const c = P(s, n.storage ?? sessionStorage), _ = await c.initAsync();
|
|
769
769
|
let { tokens: h } = _;
|
|
@@ -772,7 +772,7 @@ const M = (e, n, s = null) => {
|
|
|
772
772
|
if (g === "SESSIONS_LOST")
|
|
773
773
|
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
|
|
774
774
|
if (h.issuedAt !== t.issuedAt) {
|
|
775
|
-
const k =
|
|
775
|
+
const k = F(
|
|
776
776
|
n.refresh_time_before_tokens_expiration_in_second,
|
|
777
777
|
h.expiresAt
|
|
778
778
|
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", v = await c.getNonceAsync();
|
|
@@ -781,11 +781,11 @@ const M = (e, n, s = null) => {
|
|
|
781
781
|
} else return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
782
782
|
r = await c.getNonceAsync();
|
|
783
783
|
}
|
|
784
|
-
const
|
|
784
|
+
const u = F(
|
|
785
785
|
n.refresh_time_before_tokens_expiration_in_second,
|
|
786
786
|
t.expiresAt
|
|
787
787
|
) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
|
|
788
|
-
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status:
|
|
788
|
+
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status: u, nonce: r };
|
|
789
789
|
}, H = (e) => async (n, s = 0, t = !1, o = null) => {
|
|
790
790
|
if (!navigator.onLine && document.hidden)
|
|
791
791
|
return { tokens: e.tokens, status: "GIVE_UP" };
|
|
@@ -796,17 +796,17 @@ const M = (e, n, s = null) => {
|
|
|
796
796
|
});
|
|
797
797
|
const r = s + 1;
|
|
798
798
|
o || (o = {});
|
|
799
|
-
const a = e.configuration,
|
|
799
|
+
const a = e.configuration, l = (u, c = null, _ = null) => re(
|
|
800
800
|
e.configurationName,
|
|
801
801
|
e.configuration,
|
|
802
802
|
e.publishEvent.bind(e)
|
|
803
|
-
)(
|
|
803
|
+
)(u, c, _), f = async () => {
|
|
804
804
|
try {
|
|
805
|
-
let
|
|
805
|
+
let u;
|
|
806
806
|
const c = await I(a, e.configurationName);
|
|
807
|
-
c ?
|
|
808
|
-
const _ = await
|
|
809
|
-
...
|
|
807
|
+
c ? u = c.getLoginParams() : u = P(e.configurationName, a.storage).getLoginParams();
|
|
808
|
+
const _ = await l({
|
|
809
|
+
...u.extras,
|
|
810
810
|
...o,
|
|
811
811
|
prompt: "none"
|
|
812
812
|
});
|
|
@@ -815,21 +815,21 @@ const M = (e, n, s = null) => {
|
|
|
815
815
|
}), { tokens: null, status: "SESSION_LOST" }) : (n(_.tokens), e.publishEvent(C.eventNames.token_renewed, {}), { tokens: _.tokens, status: "LOGGED" }) : (n(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
816
816
|
message: "refresh token silent not active"
|
|
817
817
|
}), { tokens: null, status: "SESSION_LOST" });
|
|
818
|
-
} catch (
|
|
819
|
-
return console.error(
|
|
818
|
+
} catch (u) {
|
|
819
|
+
return console.error(u), e.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
820
820
|
message: "exceptionSilent",
|
|
821
|
-
exception:
|
|
821
|
+
exception: u.message
|
|
822
822
|
}), await H(e)(n, r, t, o);
|
|
823
823
|
}
|
|
824
824
|
};
|
|
825
825
|
try {
|
|
826
|
-
const { status:
|
|
826
|
+
const { status: u, tokens: c, nonce: _ } = await on(e)(
|
|
827
827
|
a,
|
|
828
828
|
e.configurationName,
|
|
829
829
|
e.tokens,
|
|
830
830
|
t
|
|
831
831
|
);
|
|
832
|
-
switch (
|
|
832
|
+
switch (u) {
|
|
833
833
|
case W.SESSION_LOST:
|
|
834
834
|
return n(null), e.publishEvent(m.refreshTokensAsync_error, {
|
|
835
835
|
message: "refresh token session lost"
|
|
@@ -847,13 +847,13 @@ const M = (e, n, s = null) => {
|
|
|
847
847
|
status: "session syncTokensAsync"
|
|
848
848
|
}), { tokens: null, status: "LOGGED_OUT" };
|
|
849
849
|
case W.REQUIRE_SYNC_TOKENS:
|
|
850
|
-
return a.token_automatic_renew_mode == J.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !==
|
|
850
|
+
return a.token_automatic_renew_mode == J.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !== u ? (e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(m.refreshTokensAsync_begin, { tryNumber: s }), await f());
|
|
851
851
|
default: {
|
|
852
|
-
if (a.token_automatic_renew_mode == J.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !==
|
|
852
|
+
if (a.token_automatic_renew_mode == J.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !== u)
|
|
853
853
|
return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
|
|
854
854
|
if (e.publishEvent(m.refreshTokensAsync_begin, {
|
|
855
855
|
refreshToken: c.refreshToken,
|
|
856
|
-
status:
|
|
856
|
+
status: u,
|
|
857
857
|
tryNumber: s
|
|
858
858
|
}), !c.refreshToken)
|
|
859
859
|
return await f();
|
|
@@ -920,10 +920,10 @@ const M = (e, n, s = null) => {
|
|
|
920
920
|
})();
|
|
921
921
|
}
|
|
922
922
|
}
|
|
923
|
-
} catch (
|
|
924
|
-
return console.error(
|
|
923
|
+
} catch (u) {
|
|
924
|
+
return console.error(u), e.publishEvent(m.refreshTokensAsync_silent_error, {
|
|
925
925
|
message: "exception",
|
|
926
|
-
exception:
|
|
926
|
+
exception: u.message
|
|
927
927
|
}), new Promise((c, _) => {
|
|
928
928
|
setTimeout(() => {
|
|
929
929
|
H(e)(n, r, t, o).then(c).catch(_);
|
|
@@ -939,13 +939,13 @@ const M = (e, n, s = null) => {
|
|
|
939
939
|
if (o && (t == null && (t = {}), t.state = o), i && (t == null && (t = {}), t.scope = i), t != null)
|
|
940
940
|
for (const [c, _] of Object.entries(t))
|
|
941
941
|
r === "" ? r = `?${encodeURIComponent(c)}=${encodeURIComponent(_)}` : r += `&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;
|
|
942
|
-
const a = n.silent_login_uri + r,
|
|
943
|
-
return
|
|
942
|
+
const a = n.silent_login_uri + r, l = a.indexOf("/", a.indexOf("//") + 2), f = a.substring(0, l), u = document.createElement("iframe");
|
|
943
|
+
return u.width = "0px", u.height = "0px", u.id = `${e}_oidc_iframe`, u.setAttribute("src", a), document.body.appendChild(u), new Promise((c, _) => {
|
|
944
944
|
let h = !1;
|
|
945
945
|
const g = () => {
|
|
946
|
-
window.removeEventListener("message", w),
|
|
946
|
+
window.removeEventListener("message", w), u.remove(), h = !0;
|
|
947
947
|
}, w = (k) => {
|
|
948
|
-
if (k.origin === f && k.source ===
|
|
948
|
+
if (k.origin === f && k.source === u.contentWindow) {
|
|
949
949
|
const v = `${e}_oidc_tokens:`, b = `${e}_oidc_error:`, A = `${e}_oidc_exception:`, S = k.data;
|
|
950
950
|
if (S && typeof S == "string" && !h) {
|
|
951
951
|
if (S.startsWith(v)) {
|
|
@@ -976,9 +976,9 @@ const M = (e, n, s = null) => {
|
|
|
976
976
|
}
|
|
977
977
|
}, rn = (e, n, s, t, o) => (i = null, r = void 0) => {
|
|
978
978
|
i = { ...i };
|
|
979
|
-
const a = (f,
|
|
979
|
+
const a = (f, u, c) => re(n, s, t.bind(o))(
|
|
980
980
|
f,
|
|
981
|
-
|
|
981
|
+
u,
|
|
982
982
|
c
|
|
983
983
|
);
|
|
984
984
|
return (async () => {
|
|
@@ -986,9 +986,9 @@ const M = (e, n, s = null) => {
|
|
|
986
986
|
let f;
|
|
987
987
|
i && "state" in i && (f = i.state, delete i.state);
|
|
988
988
|
try {
|
|
989
|
-
const
|
|
989
|
+
const u = s.extras ? { ...s.extras, ...i } : i, c = await a(
|
|
990
990
|
{
|
|
991
|
-
...
|
|
991
|
+
...u,
|
|
992
992
|
prompt: "none"
|
|
993
993
|
},
|
|
994
994
|
f,
|
|
@@ -996,19 +996,19 @@ const M = (e, n, s = null) => {
|
|
|
996
996
|
);
|
|
997
997
|
if (c)
|
|
998
998
|
return o.tokens = c.tokens, t(m.token_acquired, {}), o.timeoutId = M(o, o.tokens.expiresAt, i), {};
|
|
999
|
-
} catch (
|
|
1000
|
-
return
|
|
999
|
+
} catch (u) {
|
|
1000
|
+
return u;
|
|
1001
1001
|
}
|
|
1002
1002
|
})();
|
|
1003
1003
|
}, an = (e, n, s) => (t, o, i, r = !1) => {
|
|
1004
|
-
const a = (
|
|
1005
|
-
|
|
1004
|
+
const a = (l, f = void 0, u = void 0) => re(e.configurationName, s, e.publishEvent.bind(e))(
|
|
1005
|
+
l,
|
|
1006
1006
|
f,
|
|
1007
|
-
|
|
1007
|
+
u
|
|
1008
1008
|
);
|
|
1009
|
-
return new Promise((
|
|
1009
|
+
return new Promise((l, f) => {
|
|
1010
1010
|
if (s.silent_login_uri && s.silent_redirect_uri && s.monitor_session && t && i && !r) {
|
|
1011
|
-
const
|
|
1011
|
+
const u = () => {
|
|
1012
1012
|
e.checkSessionIFrame.stop();
|
|
1013
1013
|
const c = e.tokens;
|
|
1014
1014
|
if (c === null)
|
|
@@ -1046,16 +1046,16 @@ const M = (e, n, s = null) => {
|
|
|
1046
1046
|
});
|
|
1047
1047
|
};
|
|
1048
1048
|
e.checkSessionIFrame = new Ie(
|
|
1049
|
-
|
|
1049
|
+
u,
|
|
1050
1050
|
o,
|
|
1051
1051
|
t
|
|
1052
1052
|
), e.checkSessionIFrame.load().then(() => {
|
|
1053
|
-
e.checkSessionIFrame.start(i),
|
|
1053
|
+
e.checkSessionIFrame.start(i), l(e.checkSessionIFrame);
|
|
1054
1054
|
}).catch((c) => {
|
|
1055
1055
|
f(c);
|
|
1056
1056
|
});
|
|
1057
1057
|
} else
|
|
1058
|
-
|
|
1058
|
+
l(null);
|
|
1059
1059
|
});
|
|
1060
1060
|
}, cn = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), ln = (e) => {
|
|
1061
1061
|
const n = e.appVersion, s = e.userAgent, t = "-";
|
|
@@ -1093,9 +1093,9 @@ const M = (e, n, s = null) => {
|
|
|
1093
1093
|
}
|
|
1094
1094
|
];
|
|
1095
1095
|
for (const a in i) {
|
|
1096
|
-
const
|
|
1097
|
-
if (
|
|
1098
|
-
o =
|
|
1096
|
+
const l = i[a];
|
|
1097
|
+
if (l.r.test(s)) {
|
|
1098
|
+
o = l.s;
|
|
1099
1099
|
break;
|
|
1100
1100
|
}
|
|
1101
1101
|
}
|
|
@@ -1243,7 +1243,7 @@ const _n = () => {
|
|
|
1243
1243
|
for (t = 0, o = i.length; t < o; t++)
|
|
1244
1244
|
s = i[t].split("="), n[decodeURIComponent(s[0])] = decodeURIComponent(s[1]);
|
|
1245
1245
|
return n;
|
|
1246
|
-
}, hn = (e, n, s, t, o) => (i = void 0, r = null, a = !1,
|
|
1246
|
+
}, hn = (e, n, s, t, o) => (i = void 0, r = null, a = !1, l = void 0) => {
|
|
1247
1247
|
const f = r;
|
|
1248
1248
|
return r = { ...r }, (async () => {
|
|
1249
1249
|
const c = i || o.getPath();
|
|
@@ -1252,7 +1252,7 @@ const _n = () => {
|
|
|
1252
1252
|
_.endsWith(":token_request") && delete r[_];
|
|
1253
1253
|
try {
|
|
1254
1254
|
const _ = a ? n.silent_redirect_uri : n.redirect_uri;
|
|
1255
|
-
|
|
1255
|
+
l || (l = n.scope);
|
|
1256
1256
|
const h = n.extras ? { ...n.extras, ...r } : r;
|
|
1257
1257
|
h.nonce || (h.nonce = ee(12));
|
|
1258
1258
|
const g = { nonce: h.nonce }, w = await I(n, e), k = await t(
|
|
@@ -1269,7 +1269,7 @@ const _n = () => {
|
|
|
1269
1269
|
const b = {
|
|
1270
1270
|
client_id: n.client_id,
|
|
1271
1271
|
redirect_uri: _,
|
|
1272
|
-
scope:
|
|
1272
|
+
scope: l,
|
|
1273
1273
|
response_type: "code",
|
|
1274
1274
|
...h
|
|
1275
1275
|
};
|
|
@@ -1287,18 +1287,18 @@ const _n = () => {
|
|
|
1287
1287
|
const s = e.configuration, t = s.client_id, o = n ? s.silent_redirect_uri : s.redirect_uri, i = s.authority, r = s.token_request_timeout, a = await e.initAsync(
|
|
1288
1288
|
i,
|
|
1289
1289
|
s.authority_configuration
|
|
1290
|
-
),
|
|
1290
|
+
), l = e.location.getCurrentHref(), u = Y(l).session_state, c = await I(s, e.configurationName);
|
|
1291
1291
|
let _, h, g, w;
|
|
1292
1292
|
if (c)
|
|
1293
|
-
await c.initAsync(a, "loginCallbackAsync", s), await c.setSessionStateAsync(
|
|
1293
|
+
await c.initAsync(a, "loginCallbackAsync", s), await c.setSessionStateAsync(u), h = await c.getNonceAsync(), g = c.getLoginParams(), w = await c.getStateAsync(), c.startKeepAliveServiceWorker(), _ = c;
|
|
1294
1294
|
else {
|
|
1295
1295
|
const T = P(
|
|
1296
1296
|
e.configurationName,
|
|
1297
1297
|
s.storage ?? sessionStorage
|
|
1298
1298
|
);
|
|
1299
|
-
await T.setSessionStateAsync(
|
|
1299
|
+
await T.setSessionStateAsync(u), h = await T.getNonceAsync(), g = T.getLoginParams(), w = await T.getStateAsync(), _ = T;
|
|
1300
1300
|
}
|
|
1301
|
-
const k = Y(
|
|
1301
|
+
const k = Y(l);
|
|
1302
1302
|
if (k.error || k.error_description)
|
|
1303
1303
|
throw new Error(`Error from OIDC server: ${k.error} - ${k.error_description}`);
|
|
1304
1304
|
if (k.iss && k.iss !== a.issuer)
|
|
@@ -1370,7 +1370,7 @@ const _n = () => {
|
|
|
1370
1370
|
return await e.startCheckSessionAsync(
|
|
1371
1371
|
a.checkSessionIframe,
|
|
1372
1372
|
t,
|
|
1373
|
-
|
|
1373
|
+
u,
|
|
1374
1374
|
n
|
|
1375
1375
|
), e.publishEvent(m.loginCallbackAsync_end, {}), {
|
|
1376
1376
|
tokens: d,
|
|
@@ -1408,17 +1408,17 @@ const _n = () => {
|
|
|
1408
1408
|
s ? await s.clearAsync(n) : await P(e.configurationName, e.configuration.storage).clearAsync(n), e.tokens = null, e.userInfo = null;
|
|
1409
1409
|
}, mn = (e, n, s, t, o) => async (i = void 0, r = null) => {
|
|
1410
1410
|
var v, b;
|
|
1411
|
-
const a = e.configuration,
|
|
1411
|
+
const a = e.configuration, l = await e.initAsync(
|
|
1412
1412
|
a.authority,
|
|
1413
1413
|
a.authority_configuration
|
|
1414
1414
|
);
|
|
1415
1415
|
i && typeof i != "string" && (i = void 0, t.warn("callbackPathOrUrl path is not a string"));
|
|
1416
1416
|
const f = i ?? o.getPath();
|
|
1417
|
-
let
|
|
1418
|
-
i && (
|
|
1419
|
-
const c =
|
|
1417
|
+
let u = !1;
|
|
1418
|
+
i && (u = i.includes("https://") || i.includes("http://"));
|
|
1419
|
+
const c = u ? i : o.getOrigin() + f, _ = e.tokens ? e.tokens.idToken : "";
|
|
1420
1420
|
try {
|
|
1421
|
-
const A =
|
|
1421
|
+
const A = l.revocationEndpoint;
|
|
1422
1422
|
if (A) {
|
|
1423
1423
|
const S = [], y = e.tokens ? e.tokens.accessToken : null;
|
|
1424
1424
|
if (y && a.logout_tokens_to_invalidate.includes(ge.access_token)) {
|
|
@@ -1457,19 +1457,19 @@ const _n = () => {
|
|
|
1457
1457
|
if (g && g.no_reload === "true")
|
|
1458
1458
|
return;
|
|
1459
1459
|
const k = gn(r);
|
|
1460
|
-
if (
|
|
1460
|
+
if (l.endSessionEndpoint) {
|
|
1461
1461
|
"id_token_hint" in k || (k.id_token_hint = _), !("post_logout_redirect_uri" in k) && i !== null && (k.post_logout_redirect_uri = c);
|
|
1462
1462
|
let A = "";
|
|
1463
1463
|
for (const [S, y] of Object.entries(k))
|
|
1464
1464
|
y != null && (A === "" ? A += "?" : A += "&", A += `${S}=${encodeURIComponent(y)}`);
|
|
1465
|
-
o.open(`${
|
|
1465
|
+
o.open(`${l.endSessionEndpoint}${A}`);
|
|
1466
1466
|
} else
|
|
1467
1467
|
o.reload();
|
|
1468
1468
|
}, Pe = (e, n, s = !1) => async (...t) => {
|
|
1469
1469
|
var h;
|
|
1470
1470
|
const [o, i, ...r] = t, a = i ? { ...i } : { method: "GET" };
|
|
1471
|
-
let
|
|
1472
|
-
a.headers && (
|
|
1471
|
+
let l = new Headers();
|
|
1472
|
+
a.headers && (l = a.headers instanceof Headers ? a.headers : new Headers(a.headers));
|
|
1473
1473
|
const f = {
|
|
1474
1474
|
getTokens: () => n.tokens,
|
|
1475
1475
|
configuration: {
|
|
@@ -1477,22 +1477,20 @@ const _n = () => {
|
|
|
1477
1477
|
refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
|
|
1478
1478
|
},
|
|
1479
1479
|
renewTokensAsync: n.renewTokensAsync.bind(n)
|
|
1480
|
-
},
|
|
1481
|
-
|
|
1482
|
-
const c = (h = l == null ? void 0 : l.tokens) == null ? void 0 : h.accessToken;
|
|
1483
|
-
if (u.has("Accept") || u.set("Accept", "application/json"), c) {
|
|
1480
|
+
}, u = await me(f), c = (h = u == null ? void 0 : u.tokens) == null ? void 0 : h.accessToken;
|
|
1481
|
+
if (l.has("Accept") || l.set("Accept", "application/json"), c) {
|
|
1484
1482
|
if (n.configuration.demonstrating_proof_of_possession && s) {
|
|
1485
1483
|
const g = await n.generateDemonstrationOfProofOfPossessionAsync(
|
|
1486
1484
|
c,
|
|
1487
1485
|
o.toString(),
|
|
1488
1486
|
a.method
|
|
1489
1487
|
);
|
|
1490
|
-
|
|
1488
|
+
l.set("Authorization", `DPoP ${c}`), l.set("DPoP", g);
|
|
1491
1489
|
} else
|
|
1492
|
-
|
|
1490
|
+
l.set("Authorization", `Bearer ${c}`);
|
|
1493
1491
|
a.credentials || (a.credentials = "same-origin");
|
|
1494
1492
|
}
|
|
1495
|
-
const _ = { ...a, headers:
|
|
1493
|
+
const _ = { ...a, headers: l };
|
|
1496
1494
|
return await e(o, _, ...r);
|
|
1497
1495
|
}, pn = (e) => async (n = !1, s = !1) => {
|
|
1498
1496
|
if (e.userInfo != null && !n)
|
|
@@ -1514,7 +1512,7 @@ class se {
|
|
|
1514
1512
|
const L = {}, An = (e, n = new q()) => (s, t = "default") => (L[t] || (L[t] = new C(s, t, e, n)), L[t]), Sn = async (e) => {
|
|
1515
1513
|
const { parsedTokens: n, callbackPath: s } = await e.loginCallbackAsync();
|
|
1516
1514
|
return e.timeoutId = M(e, n.expiresAt), { callbackPath: s };
|
|
1517
|
-
}, Tn = (e) => Math.floor(Math.random() * e),
|
|
1515
|
+
}, Tn = (e) => Math.floor(Math.random() * e), V = class V {
|
|
1518
1516
|
constructor(n, s = "default", t, o = new q()) {
|
|
1519
1517
|
this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
|
|
1520
1518
|
let i = n.silent_login_uri;
|
|
@@ -1538,7 +1536,7 @@ const L = {}, An = (e, n = new q()) => (s, t = "default") => (L[t] || (L[t] = ne
|
|
|
1538
1536
|
],
|
|
1539
1537
|
service_worker_update_require_callback: a,
|
|
1540
1538
|
service_worker_activate: n.service_worker_activate ?? _n,
|
|
1541
|
-
demonstrating_proof_of_possession_configuration: n.demonstrating_proof_of_possession_configuration ??
|
|
1539
|
+
demonstrating_proof_of_possession_configuration: n.demonstrating_proof_of_possession_configuration ?? Fe,
|
|
1542
1540
|
preload_user_info: n.preload_user_info ?? !1
|
|
1543
1541
|
}, this.getFetch = t ?? wn, this.configurationName = s, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
|
|
1544
1542
|
}
|
|
@@ -1651,7 +1649,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1651
1649
|
return this.loginCallbackPromise;
|
|
1652
1650
|
const s = async () => {
|
|
1653
1651
|
const t = await yn(this)(n), o = t.tokens;
|
|
1654
|
-
return this.tokens = o, await I(this.configuration, this.configurationName) || P(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(
|
|
1652
|
+
return this.tokens = o, await I(this.configuration, this.configurationName) || P(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(V.eventNames.token_acquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), { parsedTokens: o, state: t.state, callbackPath: t.callbackPath };
|
|
1655
1653
|
};
|
|
1656
1654
|
return this.loginCallbackPromise = s(), this.loginCallbackPromise.finally(() => {
|
|
1657
1655
|
this.loginCallbackPromise = null;
|
|
@@ -1664,8 +1662,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1664
1662
|
};
|
|
1665
1663
|
if (await I(i, this.configurationName))
|
|
1666
1664
|
return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
|
|
1667
|
-
const
|
|
1668
|
-
return
|
|
1665
|
+
const l = P(this.configurationName, i.storage), f = await l.getDemonstratingProofOfPossessionJwkAsync(), u = l.getDemonstratingProofOfPossessionNonce();
|
|
1666
|
+
return u && (r.nonce = u), await Te(window)(
|
|
1669
1667
|
i.demonstrating_proof_of_possession_configuration
|
|
1670
1668
|
)(f, t, s, r);
|
|
1671
1669
|
}
|
|
@@ -1708,8 +1706,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1708
1706
|
}));
|
|
1709
1707
|
}
|
|
1710
1708
|
};
|
|
1711
|
-
|
|
1712
|
-
let C =
|
|
1709
|
+
V.getOrCreate = (n, s) => (t, o = "default") => An(n, s)(t, o), V.eventNames = m;
|
|
1710
|
+
let C = V;
|
|
1713
1711
|
const K = class K {
|
|
1714
1712
|
constructor(n) {
|
|
1715
1713
|
this._oidc = n;
|
package/dist/index.umd.cjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
(function(O,W){typeof exports=="object"&&typeof module<"u"?W(exports):typeof define=="function"&&define.amd?define(["exports"],W):(O=typeof globalThis<"u"?globalThis:O||self,W(O["oidc-client"]={}))})(this,function(O){"use strict";class W{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const le=2e3,K=console;class Ne{constructor(n,s,t,o=le,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||le,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(K.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(K.debug(n),K.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):K.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){K.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(K.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},P=(e,n=sessionStorage)=>{const s=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},i=async y=>{n[`oidc.session_state.${e}`]=y},r=async()=>n[`oidc.session_state.${e}`],a=y=>{n[`oidc.nonce.${e}`]=y.nonce},u=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},f=()=>JSON.parse(n[`oidc.jwk.${e}`]),l=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async y=>{n[`oidc.dpop_nonce.${e}`]=y},_=()=>n[`oidc.dpop_nonce.${e}`],h=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:l,setLoginParams:y=>{g[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(g[e]||(g[e]=JSON.parse(y)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:u,getDemonstratingProofOfPossessionJwkAsync:f}};var U=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(U||{});const xe=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),We=e=>JSON.parse(xe(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&Le(e,".")===2?We(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Le=(e,n)=>e.split(n).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function De(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const Z=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,u=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=De(e,t,r);let f;e.expiresAt?f=e.expiresAt:s===G.access_token_invalid?f=u:s===G.id_token_invalid?f=a:f=a<u?a:u;const l={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:f,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...l,refreshToken:c}}return l},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),Z(t,n,s)},J=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=(e,n=0)=>e?J(n,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.getTokens())return null;for(;!_e(e.getTokens(),e.configuration.refresh_time_before_tokens_expiration_in_second)&&t>0;){if(e.configuration.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await X({milliseconds:n});t=t-1}return{isTokensValid:_e(e.getTokens()),tokens:e.getTokens(),numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},F=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.22.31";let ye=null,Y;const X=({milliseconds:e})=>new Promise(n=>F.setTimeout(n,e)),ge=(e="/")=>{try{Y=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Y.signal}).catch(t=>{console.log(t)}),X({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},ke=()=>{Y&&Y.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistration ${t?"successful":"failed"}`),await X({milliseconds:2e3}),e.reload()},Ke=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,s),s},b=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:Ke(n.configurationName)},[o.port2])}),I=async(e,n)=>{var C;const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.service_worker_register?t=await e.service_worker_register(s):(t=await navigator.serviceWorker.register(s),t.active&&t.waiting&&(console.log("Detected new service worker waiting, unregistering and reloading"),await((C=e.service_worker_update_require_callback)==null?void 0:C.call(e,t,ke))));try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async d=>b(t)({type:"clear",data:{status:d},configurationName:n}),i=async(d,p,x)=>{var R;const $=await b(t)({type:"init",data:{oidcServerConfiguration:d,where:p,oidcConfiguration:{token_renew_mode:x.token_renew_mode,service_worker_convert_all_requests_to_cors:x.service_worker_convert_all_requests_to_cors}},configurationName:n}),T=$.version;return T!==he&&(console.warn(`Service worker ${T} version mismatch with js client version ${he}, unregistering and reloading`),await((R=x.service_worker_update_require_callback)==null?void 0:R.call(x,t,ke))),{tokens:ee($.tokens,null,x.token_renew_mode),status:$.status}},r=(d="/")=>{ye==null&&(ye="not_null",ge(d))},a=d=>b(t)({type:"setSessionState",data:{sessionState:d},configurationName:n}),u=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,f=d=>(sessionStorage[`oidc.nonce.${n}`]=d.nonce,b(t)({type:"setNonce",data:{nonce:d},configurationName:n})),l=async()=>{let p=(await b(t)({type:"getNonce",data:null,configurationName:n})).nonce;return p||(p=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:p}},c={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:a,getSessionStateAsync:u,setNonceAsync:f,getNonceAsync:l,setLoginParams:d=>{c[n]=d,localStorage[`oidc.login.${n}`]=JSON.stringify(d)},getLoginParams:()=>{const d=localStorage[`oidc.login.${n}`];return c[n]||(c[n]=JSON.parse(d)),c[n]},getStateAsync:async()=>{let p=(await b(t)({type:"getState",data:null,configurationName:n})).state;return p||(p=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),p},setStateAsync:async d=>(sessionStorage[`oidc.state.${n}`]=d,b(t)({type:"setState",data:{state:d},configurationName:n})),getCodeVerifierAsync:async()=>{let p=(await b(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return p||(p=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),p},setCodeVerifierAsync:async d=>(sessionStorage[`oidc.code_verifier.${n}`]=d,b(t)({type:"setCodeVerifier",data:{codeVerifier:d},configurationName:n})),setDemonstratingProofOfPossessionNonce:async d=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:d},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async d=>{const p=JSON.stringify(d);await b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:p},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const d=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return d.demonstratingProofOfPossessionJwkJson?JSON.parse(d.demonstratingProofOfPossessionJwkJson):null}}},V={},Ue=(e,n=window.sessionStorage,s)=>{if(!V[e]&&n){const o=n.getItem(e);o&&(V[e]=JSON.parse(o))}const t=1e3*s;return V[e]&&V[e].timestamp+t>Date.now()?V[e].result:null},Fe=(e,n,s=window.sessionStorage)=>{const t=Date.now();V[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function me(e){return new TextEncoder().encode(e)}function pe(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Ve(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const ne=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),pe(n)};function we(e){return pe(Ve(e))}const Me={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Je={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:we(JSON.stringify(s)),payload:we(JSON.stringify(t))},a=o.importKeyAlgorithm,u=!0,f=["sign"],l=await e.crypto.subtle.importKey("jwk",n,a,u,f),c=me(`${r.protected}.${r.payload}`),_=o.signAlgorithm,h=await e.crypto.subtle.sign(_,l,c);return r.signature=ne(new Uint8Array(h)),`${r.protected}.${r.payload}.${r.signature}`}},Be={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},He={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,me(t));return ne(new Uint8Array(o))}},je=e=>async n=>await Be.generate(e)(n),Ae=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(qe()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await He.thumbprint(e)(s,n.digestAlgorithm);return await Je.sign(e)(s,{kid:a},r,n)},qe=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Se=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ge=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%se.length;n.push(se[t])}return n.join("")},te=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Se();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*se.length|0;return Ge(n)};function Ye(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function Te(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Ye(e)).then(t=>n(ne(new Uint8Array(t))),t=>s(t))})}const Xe=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Se();return n?Te(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},ze=60*60,Qe=e=>async(n,s=ze,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Ue(r,t,s);if(a)return new ae(a);const u=await B(e)(i,{},o);if(u.status!==200)return null;const f=await u.json();return Fe(r,f,t),new ae(f)},B=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await B(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,s,t=oe.refresh_token,o,i={},r=1e4)=>{const a={token:s,token_type_hint:t,client_id:o};for(const[c,_]of Object.entries(i))a[c]===void 0&&(a[c]=_);const u=[];for(const c in a){const _=encodeURIComponent(c),h=encodeURIComponent(a[c]);u.push(`${_}=${h}`)}const f=u.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:f},r)).status!==200?{success:!1}:{success:!0}},Ze=e=>async(n,s,t,o,i={},r,a=1e4)=>{for(const[h,g]of Object.entries(t))s[h]===void 0&&(s[h]=g);const u=[];for(const h in s){const g=encodeURIComponent(h),w=encodeURIComponent(s[h]);u.push(`${g}=${w}`)}const f=u.join("&"),l=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},a);if(l.status!==200)return{success:!1,status:l.status,demonstratingProofOfPossessionNonce:null};const c=await l.json();let _=null;return l.headers.has(z)&&(_=l.headers.get(z)),{success:!0,status:l.status,data:ee(c,o,r),demonstratingProofOfPossessionNonce:_}},en=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Xe(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[a,u]of Object.entries(t))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(u)}`;n.open(`${s}${r}`)},z="DPoP-Nonce",nn=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const c in s){const _=encodeURIComponent(c),h=encodeURIComponent(s[c]);r.push(`${_}=${h}`)}const a=r.join("&"),u=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),u.status!==200)return{success:!1,status:u.status};let f=null;u.headers.has(z)&&(f=u.headers.get(z));const l=await u.json();return{success:!0,data:{state:s.state,tokens:ee(l,null,o),demonstratingProofOfPossessionNonce:f}}};async function be(e,n,s){const t=a=>{e.tokens=a},{tokens:o,status:i}=await Q(e)(t,0,n,s);return await I(e.configuration,e.configurationName)||await P(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(i),null)}async function Ee(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let i;const r=await I(e.configuration,e.configurationName);if((t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!r||!navigator.locks)i=await be(e,n,s);else{let a="retry";for(;a==="retry";)a=await navigator.locks.request(o,{ifAvailable:!0},async u=>u?await be(e,n,s):(e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));i=a}return i?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,s)),e.tokens):null}const H=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&F.clearTimeout(e.timeoutId),F.setTimeout(async()=>{const i={timeLeft:J(t,n)};e.publishEvent(N.eventNames.token_timer,i),await Ee(e,!1,s)},1e3)},L={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),u=await I(n,s);if(u){const{status:c,tokens:_}=await u.initAsync(a,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!c||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const g=J(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",w=await u.getNonceAsync();return{tokens:_,status:g,nonce:w}}r=await u.getNonceAsync()}else{const c=P(s,n.storage??sessionStorage),_=await c.initAsync();let{tokens:h}=_;const{status:g}=_;if(h&&(h=Z(h,e.tokens,n.token_renew_mode)),h){if(g==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(h.issuedAt!==t.issuedAt){const k=J(n.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",v=await c.getNonceAsync();return{tokens:h,status:k,nonce:v}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await c.getNonceAsync()}const l=J(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:l,nonce:r}},Q=e=>async(n,s=0,t=!1,o=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let i=6;for(;!navigator.onLine&&i>0;)await X({milliseconds:1e3}),i--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${i}`});const r=s+1;o||(o={});const a=e.configuration,u=(l,c=null,_=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(l,c,_),f=async()=>{try{let l;const c=await I(a,e.configurationName);c?l=c.getLoginParams():l=P(e.configurationName,a.storage).getLoginParams();const _=await u({...l.extras,...o,prompt:"none"});return _?_.error?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(_.tokens),e.publishEvent(N.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}):(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:l.message}),await Q(e)(n,r,t,o)}};try{const{status:l,tokens:c,nonce:_}=await sn(e)(a,e.configurationName,e.tokens,t);switch(l){case L.SESSION_LOST:return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case L.NOT_CONNECTED:return n(null),{tokens:null,status:null};case L.TOKENS_VALID:return n(c),{tokens:c,status:"LOGGED_IN"};case L.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(c),e.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:c,status:"LOGGED_IN"};case L.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case L.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&L.FORCE_REFRESH!==l?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:s}),await f());default:{if(a.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&L.FORCE_REFRESH!==l)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:c.refreshToken,status:l,tryNumber:s}),!c.refreshToken)return await f();const h=a.client_id,g=a.redirect_uri,w=a.authority,v={...a.token_request_extras?a.token_request_extras:{}};for(const[A,S]of Object.entries(o))A.endsWith(":token_request")&&(v[A.replace(":token_request","")]=S);return await(async()=>{const A={client_id:h,redirect_uri:g,grant_type:"refresh_token",refresh_token:c.refreshToken},S=await e.initAsync(w,a.authority_configuration),y=document.hidden?1e4:3e4*10,C=S.tokenEndpoint,d={};a.demonstrating_proof_of_possession&&(d.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(c.accessToken,C,"POST"));const p=await Ze(e.getFetch())(C,A,v,c,d,a.token_renew_mode,y);if(p.success){const{isValid:x,reason:$}=de(p.data,_.nonce,S);if(!x)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${$}`}),{tokens:null,status:"SESSION_LOST"};if(n(p.data),p.demonstratingProofOfPossessionNonce){const T=await I(a,e.configurationName);T?await T.setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce):await P(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:p.success}),e.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:p.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:p}),p.status>=400&&p.status<500?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${p.status}`}),{tokens:null,status:"SESSION_LOST"}):await Q(e)(n,r,t,o)})()}}}catch(l){return console.error(l),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:l.message}),new Promise((c,_)=>{setTimeout(()=>{Q(e)(n,r,t,o).then(c).catch(_)},1e3)})}},ie=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[c,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(c)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;const a=n.silent_login_uri+r,u=a.indexOf("/",a.indexOf("//")+2),f=a.substring(0,u),l=document.createElement("iframe");return l.width="0px",l.height="0px",l.id=`${e}_oidc_iframe`,l.setAttribute("src",a),document.body.appendChild(l),new Promise((c,_)=>{let h=!1;const g=()=>{window.removeEventListener("message",w),l.remove(),h=!0},w=k=>{if(k.origin===f&&k.source===l.contentWindow){const v=`${e}_oidc_tokens:`,E=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,S=k.data;if(S&&typeof S=="string"&&!h){if(S.startsWith(v)){const y=JSON.parse(k.data.replace(v,""));s(m.silentLoginAsync_end,{}),c(y),g()}else if(S.startsWith(E)){const y=JSON.parse(k.data.replace(E,""));s(m.silentLoginAsync_error,y),c({error:"oidc_"+y.error,tokens:null,sessionState:null}),g()}else if(S.startsWith(A)){const y=JSON.parse(k.data.replace(A,""));s(m.silentLoginAsync_error,y),_(new Error(y.error)),g()}}}};try{window.addEventListener("message",w);const k=n.silent_login_timeout;setTimeout(()=>{h||(g(),s(m.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},k)}catch(k){g(),s(m.silentLoginAsync_error,k),_(k)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},tn=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const a=(f,l,c)=>ie(n,s,t.bind(o))(f,l,c);return(async()=>{o.timeoutId&&F.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const l=s.extras?{...s.extras,...i}:i,c=await a({...l,prompt:"none"},f,r);if(c)return o.tokens=c.tokens,t(m.token_acquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,i),{}}catch(l){return l}})()},on=(e,n,s)=>(t,o,i,r=!1)=>{const a=(u,f=void 0,l=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(u,f,l);return new Promise((u,f)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const l=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const _=c.idToken,h=c.idTokenPayload;return a({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const w=g.tokens.idTokenPayload;if(h.sub===w.sub){const k=g.sessionState;e.checkSessionIFrame.start(g.sessionState),h.sid===w.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",k):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",k)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",w.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[,w]of Object.entries(n))await w.logoutOtherTabAsync(s.client_id,h.sub)})};e.checkSessionIFrame=new Ne(l,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),u(e.checkSessionIFrame)}).catch(c=>{f(c)})}else u(null)})},rn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),an=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const u=i[a];if(u.r.test(s)){o=u.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function cn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const ln=()=>{const{name:e,version:n}=cn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=an(navigator);return!rn(s)},un=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,i.extras);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=P(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Z(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,r.extras);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,a),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Oe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},_n=e=>{const n=Oe(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},j=e=>{const n=Oe(e),{search:s}=n;return fn(s)},fn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},dn=(e,n,s,t,o)=>(i=void 0,r=null,a=!1,u=void 0)=>{const f=r;return r={...r},(async()=>{const c=i||o.getPath();if("state"in r||(r.state=te(16)),s(m.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=a?n.silent_redirect_uri:n.redirect_uri;u||(u=n.scope);const h=n.extras?{...n.extras,...r}:r;h.nonce||(h.nonce=te(12));const g={nonce:h.nonce},w=await I(n,e),k=await t(n.authority,n.authority_configuration);let v;if(w)w.setLoginParams({callbackPath:c,extras:f}),await w.initAsync(k,"loginAsync",n),await w.setNonceAsync(g),w.startKeepAliveServiceWorker(),v=w;else{const A=P(e,n.storage??sessionStorage);A.setLoginParams({callbackPath:c,extras:f}),await A.setNonceAsync(g),v=A}const E={client_id:n.client_id,redirect_uri:_,scope:u,response_type:"code",...h};await en(v,o)(k.authorizationEndpoint,E)}catch(_){throw s(m.loginAsync_error,_),_}})()},hn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,a=await e.initAsync(i,s.authority_configuration),u=e.location.getCurrentHref(),l=j(u).session_state,c=await I(s,e.configurationName);let _,h,g,w;if(c)await c.initAsync(a,"loginCallbackAsync",s),await c.setSessionStateAsync(l),h=await c.getNonceAsync(),g=c.getLoginParams(),w=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const T=P(e.configurationName,s.storage??sessionStorage);await T.setSessionStateAsync(l),h=await T.getNonceAsync(),g=T.getLoginParams(),w=await T.getStateAsync(),_=T}const k=j(u);if(k.error||k.error_description)throw new Error(`Error from OIDC server: ${k.error} - ${k.error_description}`);if(k.iss&&k.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`);if(k.state&&k.state!==w)throw new Error(`State not valid (expected: ${w}, received: ${k.state})`);const v={code:k.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},E={};if(s.token_request_extras)for(const[T,R]of Object.entries(s.token_request_extras))E[T]=R;if(g!=null&&g.extras)for(const[T,R]of Object.entries(g.extras))T.endsWith(":token_request")&&(E[T.replace(":token_request","")]=R);const A=a.tokenEndpoint,S={};if(s.demonstrating_proof_of_possession)if(c)S.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const T=await je(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await P(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(T),S.DPoP=await Ae(window)(s.demonstrating_proof_of_possession_configuration)(T,"POST",A)}const y=await nn(_)(A,{...v,...E},S,e.configuration.token_renew_mode,r);if(!y.success)throw new Error("Token request failed");let C;const d=y.data.tokens,p=y.data.demonstratingProofOfPossessionNonce;if(y.data.state!==E.state)throw new Error("state is not valid");const{isValid:x,reason:$}=de(d,h.nonce,a);if(!x)throw new Error(`Tokens are not OpenID valid, reason: ${$}`);if(c){if(d.refreshToken&&!d.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(p&&(d!=null&&d.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(a,"syncTokensAsync",s),C=c.getLoginParams(),p&&await c.setDemonstratingProofOfPossessionNonce(p);else{const T=P(e.configurationName,s.storage);C=T.getLoginParams(),p&&await T.setDemonstratingProofOfPossessionNonce(p)}return await e.startCheckSessionAsync(a.checkSessionIframe,t,l,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:d,state:"request.state",callbackPath:C.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Pe={access_token:"access_token",refresh_token:"refresh_token"},re=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},yn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},gn=e=>async n=>{F.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await P(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},kn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{var v,E;const a=e.configuration,u=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let l=!1;i&&(l=i.includes("https://")||i.includes("http://"));const c=l?i:o.getOrigin()+f,_=e.tokens?e.tokens.idToken:"";try{const A=u.revocationEndpoint;if(A){const S=[],y=e.tokens?e.tokens.accessToken:null;if(y&&a.logout_tokens_to_invalidate.includes(Pe.access_token)){const d=re(r,":revoke_access_token"),p=ve(s)(A,y,oe.access_token,a.client_id,d);S.push(p)}const C=e.tokens?e.tokens.refreshToken:null;if(C&&a.logout_tokens_to_invalidate.includes(Pe.refresh_token)){const d=re(r,":revoke_refresh_token"),p=ve(s)(A,C,oe.refresh_token,a.client_id,d);S.push(p)}S.length>0&&await Promise.all(S)}}catch(A){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(A)}const h=((E=(v=e.tokens)==null?void 0:v.idTokenPayload)==null?void 0:E.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,h):e.publishEvent(m.logout_from_same_tab,{});const g=re(r,":oidc");if(g&&g.no_reload==="true")return;const k=yn(r);if(u.endSessionEndpoint){"id_token_hint"in k||(k.id_token_hint=_),!("post_logout_redirect_uri"in k)&&i!==null&&(k.post_logout_redirect_uri=c);let A="";for(const[S,y]of Object.entries(k))y!=null&&(A===""?A+="?":A+="&",A+=`${S}=${encodeURIComponent(y)}`);o.open(`${u.endSessionEndpoint}${A}`)}else o.reload()},Ie=(e,n,s=!1)=>async(...t)=>{var h;const[o,i,...r]=t,a=i?{...i}:{method:"GET"};let u=new Headers;a.headers&&(u=a.headers instanceof Headers?a.headers:new Headers(a.headers));const f={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:n.renewTokensAsync.bind(n)},l=await fe(f);console.log("getValidTokenAsync"),console.log(l);const c=(h=l==null?void 0:l.tokens)==null?void 0:h.accessToken;if(u.has("Accept")||u.set("Accept","application/json"),c){if(n.configuration.demonstrating_proof_of_possession&&s){const g=await n.generateDemonstrationOfProofOfPossessionAsync(c,o.toString(),a.method);u.set("Authorization",`PoP ${c}`),u.set("DPoP",g)}else u.set("Authorization",`Bearer ${c}`);a.credentials||(a.credentials="same-origin")}const _={...a,headers:u};return await e(o,_,...r)},mn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,a=await(async()=>{const f=await Ie(fetch,e,s)(i);return f.status!==200?null:f.json()})();return e.userInfo=a,a},Ce=()=>fetch;class ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const D={},pn=(e,n=new W)=>(s,t="default")=>(D[t]||(D[t]=new N(s,t,e,n)),D[t]),wn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt),{callbackPath:s}},An=e=>Math.floor(Math.random()*e),q=class q{constructor(n,s="default",t,o=new W){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new W;const a=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??U.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:a,service_worker_activate:n.service_worker_activate??ln,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Me,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=An(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(D,n)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
-
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return D[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=j(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=j(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Qe(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=un(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await on(this,D,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:i?tn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=dn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await Te(n),...o};if(await I(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const
|
|
1
|
+
(function(O,W){typeof exports=="object"&&typeof module<"u"?W(exports):typeof define=="function"&&define.amd?define(["exports"],W):(O=typeof globalThis<"u"?globalThis:O||self,W(O["oidc-client"]={}))})(this,function(O){"use strict";class W{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const le=2e3,K=console;class Ne{constructor(n,s,t,o=le,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||le,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(K.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(K.debug(n),K.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):K.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){K.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(K.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},P=(e,n=sessionStorage)=>{const s=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},i=async y=>{n[`oidc.session_state.${e}`]=y},r=async()=>n[`oidc.session_state.${e}`],a=y=>{n[`oidc.nonce.${e}`]=y.nonce},l=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},f=()=>JSON.parse(n[`oidc.jwk.${e}`]),u=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async y=>{n[`oidc.dpop_nonce.${e}`]=y},_=()=>n[`oidc.dpop_nonce.${e}`],h=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:h,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:u,setLoginParams:y=>{g[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(g[e]||(g[e]=JSON.parse(y)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:l,getDemonstratingProofOfPossessionJwkAsync:f}};var U=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(U||{});const xe=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),We=e=>JSON.parse(xe(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&Le(e,".")===2?We(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Le=(e,n)=>e.split(n).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function De(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const Z=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,l=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=De(e,t,r);let f;e.expiresAt?f=e.expiresAt:s===G.access_token_invalid?f=l:s===G.id_token_invalid?f=a:f=a<l?a:l;const u={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:f,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...u,refreshToken:c}}return u},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),Z(t,n,s)},J=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=(e,n=0)=>e?J(n,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.getTokens())return null;for(;!_e(e.getTokens(),e.configuration.refresh_time_before_tokens_expiration_in_second)&&t>0;){if(e.configuration.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await X({milliseconds:n});t=t-1}return{isTokensValid:_e(e.getTokens()),tokens:e.getTokens(),numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},F=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.23.0";let ye=null,Y;const X=({milliseconds:e})=>new Promise(n=>F.setTimeout(n,e)),ge=(e="/")=>{try{Y=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:Y.signal}).catch(t=>{console.log(t)}),X({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},ke=()=>{Y&&Y.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistration ${t?"successful":"failed"}`),await X({milliseconds:2e3}),e.reload()},Ke=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,s),s},b=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:Ke(n.configurationName)},[o.port2])}),I=async(e,n)=>{var C;const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.service_worker_register?t=await e.service_worker_register(s):(t=await navigator.serviceWorker.register(s),t.active&&t.waiting&&(console.log("Detected new service worker waiting, unregistering and reloading"),await((C=e.service_worker_update_require_callback)==null?void 0:C.call(e,t,ke))));try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(t)({type:"claim"})}catch{return null}const o=async d=>b(t)({type:"clear",data:{status:d},configurationName:n}),i=async(d,p,x)=>{var R;const $=await b(t)({type:"init",data:{oidcServerConfiguration:d,where:p,oidcConfiguration:{token_renew_mode:x.token_renew_mode,service_worker_convert_all_requests_to_cors:x.service_worker_convert_all_requests_to_cors}},configurationName:n}),T=$.version;return T!==he&&(console.warn(`Service worker ${T} version mismatch with js client version ${he}, unregistering and reloading`),await((R=x.service_worker_update_require_callback)==null?void 0:R.call(x,t,ke))),{tokens:ee($.tokens,null,x.token_renew_mode),status:$.status}},r=(d="/")=>{ye==null&&(ye="not_null",ge(d))},a=d=>b(t)({type:"setSessionState",data:{sessionState:d},configurationName:n}),l=async()=>(await b(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,f=d=>(sessionStorage[`oidc.nonce.${n}`]=d.nonce,b(t)({type:"setNonce",data:{nonce:d},configurationName:n})),u=async()=>{let p=(await b(t)({type:"getNonce",data:null,configurationName:n})).nonce;return p||(p=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:p}},c={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:a,getSessionStateAsync:l,setNonceAsync:f,getNonceAsync:u,setLoginParams:d=>{c[n]=d,localStorage[`oidc.login.${n}`]=JSON.stringify(d)},getLoginParams:()=>{const d=localStorage[`oidc.login.${n}`];return c[n]||(c[n]=JSON.parse(d)),c[n]},getStateAsync:async()=>{let p=(await b(t)({type:"getState",data:null,configurationName:n})).state;return p||(p=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),p},setStateAsync:async d=>(sessionStorage[`oidc.state.${n}`]=d,b(t)({type:"setState",data:{state:d},configurationName:n})),getCodeVerifierAsync:async()=>{let p=(await b(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return p||(p=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),p},setCodeVerifierAsync:async d=>(sessionStorage[`oidc.code_verifier.${n}`]=d,b(t)({type:"setCodeVerifier",data:{codeVerifier:d},configurationName:n})),setDemonstratingProofOfPossessionNonce:async d=>{await b(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:d},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await b(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async d=>{const p=JSON.stringify(d);await b(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:p},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const d=await b(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return d.demonstratingProofOfPossessionJwkJson?JSON.parse(d.demonstratingProofOfPossessionJwkJson):null}}},V={},Ue=(e,n=window.sessionStorage,s)=>{if(!V[e]&&n){const o=n.getItem(e);o&&(V[e]=JSON.parse(o))}const t=1e3*s;return V[e]&&V[e].timestamp+t>Date.now()?V[e].result:null},Fe=(e,n,s=window.sessionStorage)=>{const t=Date.now();V[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function me(e){return new TextEncoder().encode(e)}function pe(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Ve(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const ne=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),pe(n)};function we(e){return pe(Ve(e))}const Me={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Je={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:we(JSON.stringify(s)),payload:we(JSON.stringify(t))},a=o.importKeyAlgorithm,l=!0,f=["sign"],u=await e.crypto.subtle.importKey("jwk",n,a,l,f),c=me(`${r.protected}.${r.payload}`),_=o.signAlgorithm,h=await e.crypto.subtle.sign(_,u,c);return r.signature=ne(new Uint8Array(h)),`${r.protected}.${r.payload}.${r.signature}`}},Be={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},He={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,me(t));return ne(new Uint8Array(o))}},je=e=>async n=>await Be.generate(e)(n),Ae=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(qe()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await He.thumbprint(e)(s,n.digestAlgorithm);return await Je.sign(e)(s,{kid:a},r,n)},qe=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Se=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ge=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%se.length;n.push(se[t])}return n.join("")},te=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Se();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*se.length|0;return Ge(n)};function Ye(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function Te(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Ye(e)).then(t=>n(ne(new Uint8Array(t))),t=>s(t))})}const Xe=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Se();return n?Te(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},ze=60*60,Qe=e=>async(n,s=ze,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Ue(r,t,s);if(a)return new ae(a);const l=await B(e)(i,{},o);if(l.status!==200)return null;const f=await l.json();return Fe(r,f,t),new ae(f)},B=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await B(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,s,t=oe.refresh_token,o,i={},r=1e4)=>{const a={token:s,token_type_hint:t,client_id:o};for(const[c,_]of Object.entries(i))a[c]===void 0&&(a[c]=_);const l=[];for(const c in a){const _=encodeURIComponent(c),h=encodeURIComponent(a[c]);l.push(`${_}=${h}`)}const f=l.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:f},r)).status!==200?{success:!1}:{success:!0}},Ze=e=>async(n,s,t,o,i={},r,a=1e4)=>{for(const[h,g]of Object.entries(t))s[h]===void 0&&(s[h]=g);const l=[];for(const h in s){const g=encodeURIComponent(h),w=encodeURIComponent(s[h]);l.push(`${g}=${w}`)}const f=l.join("&"),u=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},a);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};const c=await u.json();let _=null;return u.headers.has(z)&&(_=u.headers.get(z)),{success:!0,status:u.status,data:ee(c,o,r),demonstratingProofOfPossessionNonce:_}},en=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Xe(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[a,l]of Object.entries(t))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(l)}`;n.open(`${s}${r}`)},z="DPoP-Nonce",nn=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const c in s){const _=encodeURIComponent(c),h=encodeURIComponent(s[c]);r.push(`${_}=${h}`)}const a=r.join("&"),l=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),l.status!==200)return{success:!1,status:l.status};let f=null;l.headers.has(z)&&(f=l.headers.get(z));const u=await l.json();return{success:!0,data:{state:s.state,tokens:ee(u,null,o),demonstratingProofOfPossessionNonce:f}}};async function be(e,n,s){const t=a=>{e.tokens=a},{tokens:o,status:i}=await Q(e)(t,0,n,s);return await I(e.configuration,e.configurationName)||await P(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?o:(await e.destroyAsync(i),null)}async function Ee(e,n=!1,s=null){const t=e.configuration,o=`${t.client_id}_${e.configurationName}_${t.authority}`;let i;const r=await I(e.configuration,e.configurationName);if((t==null?void 0:t.storage)===(window==null?void 0:window.sessionStorage)&&!r||!navigator.locks)i=await be(e,n,s);else{let a="retry";for(;a==="retry";)a=await navigator.locks.request(o,{ifAvailable:!0},async l=>l?await be(e,n,s):(e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));i=a}return i?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,s)),e.tokens):null}const H=(e,n,s=null)=>{const t=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&F.clearTimeout(e.timeoutId),F.setTimeout(async()=>{const i={timeLeft:J(t,n)};e.publishEvent(N.eventNames.token_timer,i),await Ee(e,!1,s)},1e3)},L={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),l=await I(n,s);if(l){const{status:c,tokens:_}=await l.initAsync(a,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!c||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const g=J(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",w=await l.getNonceAsync();return{tokens:_,status:g,nonce:w}}r=await l.getNonceAsync()}else{const c=P(s,n.storage??sessionStorage),_=await c.initAsync();let{tokens:h}=_;const{status:g}=_;if(h&&(h=Z(h,e.tokens,n.token_renew_mode)),h){if(g==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(h.issuedAt!==t.issuedAt){const k=J(n.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",v=await c.getNonceAsync();return{tokens:h,status:k,nonce:v}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await c.getNonceAsync()}const u=J(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:u,nonce:r}},Q=e=>async(n,s=0,t=!1,o=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let i=6;for(;!navigator.onLine&&i>0;)await X({milliseconds:1e3}),i--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${i}`});const r=s+1;o||(o={});const a=e.configuration,l=(u,c=null,_=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(u,c,_),f=async()=>{try{let u;const c=await I(a,e.configurationName);c?u=c.getLoginParams():u=P(e.configurationName,a.storage).getLoginParams();const _=await l({...u.extras,...o,prompt:"none"});return _?_.error?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(_.tokens),e.publishEvent(N.eventNames.token_renewed,{}),{tokens:_.tokens,status:"LOGGED"}):(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(u){return console.error(u),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:u.message}),await Q(e)(n,r,t,o)}};try{const{status:u,tokens:c,nonce:_}=await sn(e)(a,e.configurationName,e.tokens,t);switch(u){case L.SESSION_LOST:return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case L.NOT_CONNECTED:return n(null),{tokens:null,status:null};case L.TOKENS_VALID:return n(c),{tokens:c,status:"LOGGED_IN"};case L.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(c),e.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:c,status:"LOGGED_IN"};case L.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case L.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&L.FORCE_REFRESH!==u?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:s}),await f());default:{if(a.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&L.FORCE_REFRESH!==u)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:c.refreshToken,status:u,tryNumber:s}),!c.refreshToken)return await f();const h=a.client_id,g=a.redirect_uri,w=a.authority,v={...a.token_request_extras?a.token_request_extras:{}};for(const[A,S]of Object.entries(o))A.endsWith(":token_request")&&(v[A.replace(":token_request","")]=S);return await(async()=>{const A={client_id:h,redirect_uri:g,grant_type:"refresh_token",refresh_token:c.refreshToken},S=await e.initAsync(w,a.authority_configuration),y=document.hidden?1e4:3e4*10,C=S.tokenEndpoint,d={};a.demonstrating_proof_of_possession&&(d.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(c.accessToken,C,"POST"));const p=await Ze(e.getFetch())(C,A,v,c,d,a.token_renew_mode,y);if(p.success){const{isValid:x,reason:$}=de(p.data,_.nonce,S);if(!x)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${$}`}),{tokens:null,status:"SESSION_LOST"};if(n(p.data),p.demonstratingProofOfPossessionNonce){const T=await I(a,e.configurationName);T?await T.setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce):await P(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(p.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:p.success}),e.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:p.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:p}),p.status>=400&&p.status<500?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${p.status}`}),{tokens:null,status:"SESSION_LOST"}):await Q(e)(n,r,t,o)})()}}}catch(u){return console.error(u),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:u.message}),new Promise((c,_)=>{setTimeout(()=>{Q(e)(n,r,t,o).then(c).catch(_)},1e3)})}},ie=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[c,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(c)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;const a=n.silent_login_uri+r,l=a.indexOf("/",a.indexOf("//")+2),f=a.substring(0,l),u=document.createElement("iframe");return u.width="0px",u.height="0px",u.id=`${e}_oidc_iframe`,u.setAttribute("src",a),document.body.appendChild(u),new Promise((c,_)=>{let h=!1;const g=()=>{window.removeEventListener("message",w),u.remove(),h=!0},w=k=>{if(k.origin===f&&k.source===u.contentWindow){const v=`${e}_oidc_tokens:`,E=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,S=k.data;if(S&&typeof S=="string"&&!h){if(S.startsWith(v)){const y=JSON.parse(k.data.replace(v,""));s(m.silentLoginAsync_end,{}),c(y),g()}else if(S.startsWith(E)){const y=JSON.parse(k.data.replace(E,""));s(m.silentLoginAsync_error,y),c({error:"oidc_"+y.error,tokens:null,sessionState:null}),g()}else if(S.startsWith(A)){const y=JSON.parse(k.data.replace(A,""));s(m.silentLoginAsync_error,y),_(new Error(y.error)),g()}}}};try{window.addEventListener("message",w);const k=n.silent_login_timeout;setTimeout(()=>{h||(g(),s(m.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},k)}catch(k){g(),s(m.silentLoginAsync_error,k),_(k)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},tn=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const a=(f,u,c)=>ie(n,s,t.bind(o))(f,u,c);return(async()=>{o.timeoutId&&F.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const u=s.extras?{...s.extras,...i}:i,c=await a({...u,prompt:"none"},f,r);if(c)return o.tokens=c.tokens,t(m.token_acquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,i),{}}catch(u){return u}})()},on=(e,n,s)=>(t,o,i,r=!1)=>{const a=(l,f=void 0,u=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(l,f,u);return new Promise((l,f)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const u=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const _=c.idToken,h=c.idTokenPayload;return a({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const w=g.tokens.idTokenPayload;if(h.sub===w.sub){const k=g.sessionState;e.checkSessionIFrame.start(g.sessionState),h.sid===w.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",k):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",k)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",w.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[,w]of Object.entries(n))await w.logoutOtherTabAsync(s.client_id,h.sub)})};e.checkSessionIFrame=new Ne(u,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),l(e.checkSessionIFrame)}).catch(c=>{f(c)})}else l(null)})},rn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),an=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const l=i[a];if(l.r.test(s)){o=l.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function cn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const ln=()=>{const{name:e,version:n}=cn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=an(navigator);return!rn(s)},un=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await I(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,i.extras);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=P(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Z(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,r.extras);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,a),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Oe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},_n=e=>{const n=Oe(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},j=e=>{const n=Oe(e),{search:s}=n;return fn(s)},fn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},dn=(e,n,s,t,o)=>(i=void 0,r=null,a=!1,l=void 0)=>{const f=r;return r={...r},(async()=>{const c=i||o.getPath();if("state"in r||(r.state=te(16)),s(m.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=a?n.silent_redirect_uri:n.redirect_uri;l||(l=n.scope);const h=n.extras?{...n.extras,...r}:r;h.nonce||(h.nonce=te(12));const g={nonce:h.nonce},w=await I(n,e),k=await t(n.authority,n.authority_configuration);let v;if(w)w.setLoginParams({callbackPath:c,extras:f}),await w.initAsync(k,"loginAsync",n),await w.setNonceAsync(g),w.startKeepAliveServiceWorker(),v=w;else{const A=P(e,n.storage??sessionStorage);A.setLoginParams({callbackPath:c,extras:f}),await A.setNonceAsync(g),v=A}const E={client_id:n.client_id,redirect_uri:_,scope:l,response_type:"code",...h};await en(v,o)(k.authorizationEndpoint,E)}catch(_){throw s(m.loginAsync_error,_),_}})()},hn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,a=await e.initAsync(i,s.authority_configuration),l=e.location.getCurrentHref(),u=j(l).session_state,c=await I(s,e.configurationName);let _,h,g,w;if(c)await c.initAsync(a,"loginCallbackAsync",s),await c.setSessionStateAsync(u),h=await c.getNonceAsync(),g=c.getLoginParams(),w=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const T=P(e.configurationName,s.storage??sessionStorage);await T.setSessionStateAsync(u),h=await T.getNonceAsync(),g=T.getLoginParams(),w=await T.getStateAsync(),_=T}const k=j(l);if(k.error||k.error_description)throw new Error(`Error from OIDC server: ${k.error} - ${k.error_description}`);if(k.iss&&k.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${k.iss})`);if(k.state&&k.state!==w)throw new Error(`State not valid (expected: ${w}, received: ${k.state})`);const v={code:k.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},E={};if(s.token_request_extras)for(const[T,R]of Object.entries(s.token_request_extras))E[T]=R;if(g!=null&&g.extras)for(const[T,R]of Object.entries(g.extras))T.endsWith(":token_request")&&(E[T.replace(":token_request","")]=R);const A=a.tokenEndpoint,S={};if(s.demonstrating_proof_of_possession)if(c)S.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const T=await je(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await P(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(T),S.DPoP=await Ae(window)(s.demonstrating_proof_of_possession_configuration)(T,"POST",A)}const y=await nn(_)(A,{...v,...E},S,e.configuration.token_renew_mode,r);if(!y.success)throw new Error("Token request failed");let C;const d=y.data.tokens,p=y.data.demonstratingProofOfPossessionNonce;if(y.data.state!==E.state)throw new Error("state is not valid");const{isValid:x,reason:$}=de(d,h.nonce,a);if(!x)throw new Error(`Tokens are not OpenID valid, reason: ${$}`);if(c){if(d.refreshToken&&!d.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(p&&(d!=null&&d.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(a,"syncTokensAsync",s),C=c.getLoginParams(),p&&await c.setDemonstratingProofOfPossessionNonce(p);else{const T=P(e.configurationName,s.storage);C=T.getLoginParams(),p&&await T.setDemonstratingProofOfPossessionNonce(p)}return await e.startCheckSessionAsync(a.checkSessionIframe,t,u,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:d,state:"request.state",callbackPath:C.callbackPath}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Pe={access_token:"access_token",refresh_token:"refresh_token"},re=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},yn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},gn=e=>async n=>{F.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await I(e.configuration,e.configurationName);s?await s.clearAsync(n):await P(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},kn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{var v,E;const a=e.configuration,l=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let u=!1;i&&(u=i.includes("https://")||i.includes("http://"));const c=u?i:o.getOrigin()+f,_=e.tokens?e.tokens.idToken:"";try{const A=l.revocationEndpoint;if(A){const S=[],y=e.tokens?e.tokens.accessToken:null;if(y&&a.logout_tokens_to_invalidate.includes(Pe.access_token)){const d=re(r,":revoke_access_token"),p=ve(s)(A,y,oe.access_token,a.client_id,d);S.push(p)}const C=e.tokens?e.tokens.refreshToken:null;if(C&&a.logout_tokens_to_invalidate.includes(Pe.refresh_token)){const d=re(r,":revoke_refresh_token"),p=ve(s)(A,C,oe.refresh_token,a.client_id,d);S.push(p)}S.length>0&&await Promise.all(S)}}catch(A){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(A)}const h=((E=(v=e.tokens)==null?void 0:v.idTokenPayload)==null?void 0:E.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,h):e.publishEvent(m.logout_from_same_tab,{});const g=re(r,":oidc");if(g&&g.no_reload==="true")return;const k=yn(r);if(l.endSessionEndpoint){"id_token_hint"in k||(k.id_token_hint=_),!("post_logout_redirect_uri"in k)&&i!==null&&(k.post_logout_redirect_uri=c);let A="";for(const[S,y]of Object.entries(k))y!=null&&(A===""?A+="?":A+="&",A+=`${S}=${encodeURIComponent(y)}`);o.open(`${l.endSessionEndpoint}${A}`)}else o.reload()},Ie=(e,n,s=!1)=>async(...t)=>{var h;const[o,i,...r]=t,a=i?{...i}:{method:"GET"};let l=new Headers;a.headers&&(l=a.headers instanceof Headers?a.headers:new Headers(a.headers));const f={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:n.renewTokensAsync.bind(n)},u=await fe(f),c=(h=u==null?void 0:u.tokens)==null?void 0:h.accessToken;if(l.has("Accept")||l.set("Accept","application/json"),c){if(n.configuration.demonstrating_proof_of_possession&&s){const g=await n.generateDemonstrationOfProofOfPossessionAsync(c,o.toString(),a.method);l.set("Authorization",`DPoP ${c}`),l.set("DPoP",g)}else l.set("Authorization",`Bearer ${c}`);a.credentials||(a.credentials="same-origin")}const _={...a,headers:l};return await e(o,_,...r)},mn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,a=await(async()=>{const f=await Ie(fetch,e,s)(i);return f.status!==200?null:f.json()})();return e.userInfo=a,a},Ce=()=>fetch;class ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const D={},pn=(e,n=new W)=>(s,t="default")=>(D[t]||(D[t]=new N(s,t,e,n)),D[t]),wn=async e=>{const{parsedTokens:n,callbackPath:s}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt),{callbackPath:s}},An=e=>Math.floor(Math.random()*e),q=class q{constructor(n,s="default",t,o=new W){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new W;const a=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??U.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:a,service_worker_activate:n.service_worker_activate??ln,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Me,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=An(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(D,n)&&s)throw Error(`OIDC library does seem initialized.
|
|
2
|
+
Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return D[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=j(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=j(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await I(this.configuration,this.configurationName)?window.localStorage:null;return await Qe(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=un(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await on(this,D,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:i?tn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=dn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(n),o=t.tokens;return this.tokens=o,await I(this.configuration,this.configurationName)||P(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(q.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await Te(n),...o};if(await I(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const l=P(this.configurationName,i.storage),f=await l.getDemonstratingProofOfPossessionJwkAsync(),u=l.getDemonstratingProofOfPossessionNonce();return u&&(r.nonce=u),await Ae(window)(i.demonstrating_proof_of_possession_configuration)(f,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=wn(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,s=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=mn(this)(n,s),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return F.clearTimeout(this.timeoutId),this.renewTokensPromise=Ee(this,!0,n),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await gn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=kn(this,D,this.getFetch(),console,this.location)(n,s),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};q.getOrCreate=(n,s)=>(t,o="default")=>pn(n,s)(t,o),q.eventNames=m;let N=q;const M=class M{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new M(N.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null){return this._oidc.renewTokensAsync(n)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t,o)}async getValidTokenAsync(n=200,s=50){const t=this._oidc,o={getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:t.renewTokensAsync.bind(t)};return fe(o,n,s)}fetchWithTokens(n,s=!1){return Ie(n,this._oidc,s)}async userInfoAsync(n=!1,s=!1){return this._oidc.userInfoAsync(n,s)}userInfo(){return this._oidc.userInfo}};M.getOrCreate=(n,s=new W)=>(t,o="default")=>new M(N.getOrCreate(n,s)(t,o)),M.eventNames=N.eventNames;let ce=M;O.OidcClient=ce,O.OidcLocation=W,O.TokenAutomaticRenewMode=U,O.TokenRenewMode=G,O.getFetchDefault=Ce,O.getParseQueryStringFromLocation=j,O.getPath=_n,Object.defineProperty(O,Symbol.toStringTag,{value:"Module"})});
|
package/dist/oidcClient.d.ts
CHANGED
|
@@ -53,8 +53,8 @@ export declare class OidcClient {
|
|
|
53
53
|
get configuration(): OidcConfiguration;
|
|
54
54
|
generateDemonstrationOfProofOfPossessionAsync(accessToken: string, url: string, method: string, extras?: StringMap): Promise<string>;
|
|
55
55
|
getValidTokenAsync(waitMs?: number, numberWait?: number): Promise<ValidToken>;
|
|
56
|
-
fetchWithTokens(fetch: Fetch,
|
|
57
|
-
userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache?: boolean,
|
|
56
|
+
fetchWithTokens(fetch: Fetch, demonstratingProofOfPossession?: boolean): Fetch;
|
|
57
|
+
userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(noCache?: boolean, demonstratingProofOfPossession?: boolean): Promise<T>;
|
|
58
58
|
userInfo<T extends OidcUserInfo = OidcUserInfo>(): T;
|
|
59
59
|
}
|
|
60
60
|
export interface OidcUserInfo {
|
package/dist/oidcClient.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAiC,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACrF,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEjE,MAAM,WAAW,eAAe;IAC9B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAE;CAC3B;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAO;gBACjB,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAE,eAAe,GAAG,MAAM;IAI9C,uBAAuB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAIzC,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,IAAI;IAIhD,MAAM,CAAC,WAAW,aACL,MAAM,KAAK,aAAY,cAAc,qBAChC,iBAAiB,oBAAqB,UAAU,CAE9D;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAG,UAAU;IAIxC,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAmB;IACpC,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAI/C,UAAU,CACR,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ,GACtB,OAAO,CAAC,OAAO,CAAC;IAInB,WAAW,CACT,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB,GACvB,OAAO,CAAC,IAAI,CAAC;IAIhB,wBAAwB,IAAI,OAAO,CAAC,IAAI,CAAC;IAIzC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzD,kBAAkB,IAAI,OAAO,CAAC,aAAa,CAAC;IAI5C,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,aAAa,IAAI,iBAAiB,CAErC;IAEK,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IASZ,kBAAkB,CAAC,MAAM,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,UAAU,CAAC;IAc5E,eAAe,CAAC,KAAK,EAAE,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAiC,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACrF,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEjE,MAAM,WAAW,eAAe;IAC9B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAE;CAC3B;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAO;gBACjB,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAE,eAAe,GAAG,MAAM;IAI9C,uBAAuB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAIzC,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,IAAI;IAIhD,MAAM,CAAC,WAAW,aACL,MAAM,KAAK,aAAY,cAAc,qBAChC,iBAAiB,oBAAqB,UAAU,CAE9D;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAG,UAAU;IAIxC,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAmB;IACpC,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAI/C,UAAU,CACR,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ,GACtB,OAAO,CAAC,OAAO,CAAC;IAInB,WAAW,CACT,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB,GACvB,OAAO,CAAC,IAAI,CAAC;IAIhB,wBAAwB,IAAI,OAAO,CAAC,IAAI,CAAC;IAIzC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzD,kBAAkB,IAAI,OAAO,CAAC,aAAa,CAAC;IAI5C,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,aAAa,IAAI,iBAAiB,CAErC;IAEK,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IASZ,kBAAkB,CAAC,MAAM,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,UAAU,CAAC;IAc5E,eAAe,CAAC,KAAK,EAAE,KAAK,EAAE,8BAA8B,GAAE,OAAe,GAAG,KAAK;IAI/E,aAAa,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,EACvD,OAAO,UAAQ,EACf,8BAA8B,GAAE,OAAe,GAC9C,OAAO,CAAC,CAAC,CAAC;IAIb,QAAQ,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,KAAK,CAAC;CAGrD;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}
|
package/dist/version.d.ts
CHANGED
package/dist/version.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":";AAAA,
|
|
1
|
+
{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":";AAAA,wBAAwB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axa-fr/oidc-client",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.23.0",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.umd.cjs",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"url": "https://github.com/AxaFrance/oidc-client.git"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@axa-fr/oidc-client-service-worker": "7.
|
|
23
|
+
"@axa-fr/oidc-client-service-worker": "7.23.0"
|
|
24
24
|
},
|
|
25
25
|
"devDependencies": {
|
|
26
26
|
"@testing-library/dom": "10.4.0",
|
package/src/fetch.ts
CHANGED
|
@@ -28,9 +28,6 @@ export const fetchWithTokens =
|
|
|
28
28
|
// @ts-ignore
|
|
29
29
|
const getValidToken = await getValidTokenAsync(oidcToken);
|
|
30
30
|
|
|
31
|
-
console.log('getValidTokenAsync');
|
|
32
|
-
console.log(getValidToken);
|
|
33
|
-
|
|
34
31
|
const accessToken = getValidToken?.tokens?.accessToken;
|
|
35
32
|
if (!headers.has('Accept')) {
|
|
36
33
|
headers.set('Accept', 'application/json');
|
|
@@ -46,7 +43,7 @@ export const fetchWithTokens =
|
|
|
46
43
|
url.toString(),
|
|
47
44
|
optionTmp.method,
|
|
48
45
|
);
|
|
49
|
-
headers.set('Authorization', `
|
|
46
|
+
headers.set('Authorization', `DPoP ${accessToken}`);
|
|
50
47
|
headers.set('DPoP', demonstrationOdProofOfPossession);
|
|
51
48
|
} else {
|
|
52
49
|
headers.set('Authorization', `Bearer ${accessToken}`);
|
package/src/oidcClient.ts
CHANGED
|
@@ -106,15 +106,15 @@ export class OidcClient {
|
|
|
106
106
|
return getValidTokenAsync(oidcToken, waitMs, numberWait);
|
|
107
107
|
}
|
|
108
108
|
|
|
109
|
-
fetchWithTokens(fetch: Fetch,
|
|
110
|
-
return fetchWithTokens(fetch, this._oidc,
|
|
109
|
+
fetchWithTokens(fetch: Fetch, demonstratingProofOfPossession: boolean = false): Fetch {
|
|
110
|
+
return fetchWithTokens(fetch, this._oidc, demonstratingProofOfPossession);
|
|
111
111
|
}
|
|
112
112
|
|
|
113
113
|
async userInfoAsync<T extends OidcUserInfo = OidcUserInfo>(
|
|
114
114
|
noCache = false,
|
|
115
|
-
|
|
115
|
+
demonstratingProofOfPossession: boolean = false,
|
|
116
116
|
): Promise<T> {
|
|
117
|
-
return this._oidc.userInfoAsync(noCache,
|
|
117
|
+
return this._oidc.userInfoAsync(noCache, demonstratingProofOfPossession);
|
|
118
118
|
}
|
|
119
119
|
|
|
120
120
|
userInfo<T extends OidcUserInfo = OidcUserInfo>(): T {
|
package/src/version.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export default '7.
|
|
1
|
+
export default '7.23.0';
|