@axa-fr/oidc-client 7.25.0 → 7.25.2

package/dist/index.js

@@ -245,7 +245,7 @@ const te = (e, n = null, s) => {
     setInterval: setInterval.bind(e),
     clearInterval: clearInterval.bind(e)
   };
-}(), ue = "7.25.0";
+}(), ue = "7.25.2";
 let _e = null, j;
 const Y = ({ milliseconds: e }) => new Promise((n) => K.setTimeout(n, e)), we = (e = "/") => {
   try {
@@ -1177,7 +1177,7 @@ const _n = () => {
         );
         const r = await n.getSessionStateAsync();
         return await e.startCheckSessionAsync(
-          t.check_session_iframe,
+          t.checkSessionIframe,
           s.client_id,
           r
         ), s.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
@@ -1205,7 +1205,7 @@ const _n = () => {
         );
         const l = await o.getSessionStateAsync();
         return await e.startCheckSessionAsync(
-          t.check_session_iframe,
+          t.checkSessionIframe,
           s.client_id,
           l
         ), s.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
@@ -1624,7 +1624,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
           check_session_iframe: s.check_session_iframe,
           issuer: s.issuer
         });
-      const i = await C(this.configuration, this.configurationName) ? window.localStorage : null;
+      const i = await C(this.configuration, this.configurationName) ? window.sessionStorage : null;
       return await en(this.getFetch())(
         n,
         this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60,

package/dist/index.umd.cjs

@@ -1,2 +1,2 @@
-(function(I,W){typeof exports=="object"&&typeof module<"u"?W(exports):typeof define=="function"&&define.amd?define(["exports"],W):(I=typeof globalThis<"u"?globalThis:I||self,W(I["oidc-client"]={}))})(this,function(I){"use strict";class W{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const le=2e3,$=console;class Ne{constructor(n,s,t,o=le,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||le,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?($.debug(n),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){$.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const k={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},C=(e,n=sessionStorage)=>{const s=h=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:h}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const h=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:h.tokens,status:h.status})},o=h=>{n[`oidc.${e}`]=JSON.stringify({tokens:h})},i=async h=>{n[`oidc.session_state.${e}`]=h},r=async()=>n[`oidc.session_state.${e}`],l=h=>{n[`oidc.nonce.${e}`]=h.nonce},a=h=>{n[`oidc.jwk.${e}`]=JSON.stringify(h)},u=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async h=>{n[`oidc.dpop_nonce.${e}`]=h},_=()=>n[`oidc.dpop_nonce.${e}`],d=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:d,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:l,getNonceAsync:f,setLoginParams:h=>{g[e]=h,n[`oidc.login.${e}`]=JSON.stringify(h)},getLoginParams:()=>{const h=n[`oidc.login.${e}`];return h?(g[e]||(g[e]=JSON.parse(h)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async h=>{n[`oidc.state.${e}`]=h},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async h=>{n[`oidc.code_verifier.${e}`]=h},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}};var K=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(K||{});const xe=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),We=e=>JSON.parse(xe(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&Le(e,".")===2?We(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Le=(e,n)=>e.split(n).length-1,q={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function De(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const Z=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),l=r&&r.exp?r.exp:Number.MAX_VALUE,a=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=De(e,t,r);let u;e.expiresAt?u=e.expiresAt:s===q.access_token_invalid?u=a:s===q.id_token_invalid?u=l:u=l<a?l:a;const f={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:u,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...f,refreshToken:c}}return f},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),Z(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=(e,n=0)=>e?M(n,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.getTokens())return null;for(;!_e(e.getTokens(),e.configuration.refresh_time_before_tokens_expiration_in_second)&&t>0;){if(e.configuration.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await Y({milliseconds:n});t=t-1}return{isTokensValid:_e(e.getTokens()),tokens:e.getTokens(),numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},U=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.25.0";let ye=null,G;const Y=({milliseconds:e})=>new Promise(n=>U.setTimeout(n,e)),ge=(e="/")=>{try{G=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:G.signal}).catch(t=>{console.log(t)}),Y({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},ke=()=>{G&&G.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistration ${t?"successful":"failed"}`),await Y({milliseconds:2e3}),e.reload()},Ke=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,s),s},E=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:Ke(n.configurationName)},[o.port2])}),N=async(e,n)=>{var P;const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.service_worker_register?t=await e.service_worker_register(s):(t=await navigator.serviceWorker.register(s),t.active&&t.waiting&&(console.log("Detected new service worker waiting, unregistering and reloading"),await((P=e.service_worker_update_require_callback)==null?void 0:P.call(e,t,ke))));try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await E(t)({type:"claim"})}catch(y){return console.warn(`Failed init ServiceWorker ${y.toString()}`),null}const o=async y=>E(t)({type:"clear",data:{status:y},configurationName:n}),i=async(y,S,v)=>{var j;const T=await E(t)({type:"init",data:{oidcServerConfiguration:y,where:S,oidcConfiguration:{token_renew_mode:v.token_renew_mode,service_worker_convert_all_requests_to_cors:v.service_worker_convert_all_requests_to_cors}},configurationName:n}),L=T.version;return L!==he&&(console.warn(`Service worker ${L} version mismatch with js client version ${he}, unregistering and reloading`),await((j=v.service_worker_update_require_callback)==null?void 0:j.call(v,t,ke))),{tokens:ee(T.tokens,null,v.token_renew_mode),status:T.status}},r=(y="/")=>{ye==null&&(ye="not_null",ge(y))},l=y=>E(t)({type:"setSessionState",data:{sessionState:y},configurationName:n}),a=async()=>(await E(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,u=y=>(sessionStorage[`oidc.nonce.${n}`]=y.nonce,E(t)({type:"setNonce",data:{nonce:y},configurationName:n})),f=async()=>{let S=(await E(t)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}},c={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:l,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:y=>{c[n]=y,localStorage[`oidc.login.${n}`]=JSON.stringify(y)},getLoginParams:()=>{const y=localStorage[`oidc.login.${n}`];return c[n]||(c[n]=JSON.parse(y)),c[n]},getStateAsync:async()=>{let S=(await E(t)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async y=>(sessionStorage[`oidc.state.${n}`]=y,E(t)({type:"setState",data:{state:y},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await E(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async y=>(sessionStorage[`oidc.code_verifier.${n}`]=y,E(t)({type:"setCodeVerifier",data:{codeVerifier:y},configurationName:n})),setDemonstratingProofOfPossessionNonce:async y=>{await E(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:y},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await E(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async y=>{const S=JSON.stringify(y);await E(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const y=await E(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return y.demonstratingProofOfPossessionJwkJson?JSON.parse(y.demonstratingProofOfPossessionJwkJson):null}}},F={},Ue=(e,n=window.sessionStorage,s)=>{if(!F[e]&&n){const o=n.getItem(e);o&&(F[e]=JSON.parse(o))}const t=1e3*s;return F[e]&&F[e].timestamp+t>Date.now()?F[e].result:null},Fe=(e,n,s=window.sessionStorage)=>{const t=Date.now();F[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function me(e){return new TextEncoder().encode(e)}function pe(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Ve(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const ne=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),pe(n)};function we(e){return pe(Ve(e))}const Me={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Je={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:we(JSON.stringify(s)),payload:we(JSON.stringify(t))},l=o.importKeyAlgorithm,a=!0,u=["sign"],f=await e.crypto.subtle.importKey("jwk",n,l,a,u),c=me(`${r.protected}.${r.payload}`),_=o.signAlgorithm,d=await e.crypto.subtle.sign(_,f,c);return r.signature=ne(new Uint8Array(d)),`${r.protected}.${r.payload}.${r.signature}`}},Be={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},He={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,me(t));return ne(new Uint8Array(o))}},je=e=>async n=>await Be.generate(e)(n),Ae=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(qe()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},l=await He.thumbprint(e)(s,n.digestAlgorithm);return await Je.sign(e)(s,{kid:l},r,n)},qe=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Se=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ge=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%se.length;n.push(se[t])}return n.join("")},te=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Se();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*se.length|0;return Ge(n)};function Ye(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function Te(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Ye(e)).then(t=>n(ne(new Uint8Array(t))),t=>s(t))})}const Xe=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Se();return n?Te(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},ze=60*60,Qe=e=>async(n,s=ze,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,l=Ue(r,t,s);if(l)return new ae(l);const a=await J(e)(i,{},o);if(a.status!==200)return null;const u=await a.json();return Fe(r,u,t),new ae(u)},J=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,s,t=oe.refresh_token,o,i={},r=1e4)=>{const l={token:s,token_type_hint:t,client_id:o};for(const[c,_]of Object.entries(i))l[c]===void 0&&(l[c]=_);const a=[];for(const c in l){const _=encodeURIComponent(c),d=encodeURIComponent(l[c]);a.push(`${_}=${d}`)}const u=a.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:u},r)).status!==200?{success:!1}:{success:!0}},Ze=e=>async(n,s,t,o,i={},r,l=1e4)=>{for(const[d,g]of Object.entries(t))s[d]===void 0&&(s[d]=g);const a=[];for(const d in s){const g=encodeURIComponent(d),p=encodeURIComponent(s[d]);a.push(`${g}=${p}`)}const u=a.join("&"),f=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},l);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const c=await f.json();let _=null;return f.headers.has(X)&&(_=f.headers.get(X)),{success:!0,status:f.status,data:ee(c,o,r),demonstratingProofOfPossessionNonce:_}},en=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Xe(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[l,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${l}=${encodeURIComponent(a)}`;n.open(`${s}${r}`)},X="DPoP-Nonce",nn=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const c in s){const _=encodeURIComponent(c),d=encodeURIComponent(s[c]);r.push(`${_}=${d}`)}const l=r.join("&"),a=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:l},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(X)&&(u=a.headers.get(X));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ee(f,null,o),demonstratingProofOfPossessionNonce:u}}};async function be(e,n,s,t=null){const o=a=>{e.tokens=a},{tokens:i,status:r}=await z(e)(o,0,n,s,t);return await N(e.configuration,e.configurationName)||await C(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function Ee(e,n=!1,s=null,t=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const l=await N(e.configuration,e.configurationName);if((o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!l||!navigator.locks)r=await be(e,n,s,t);else{let a="retry";for(;a==="retry";)a=await navigator.locks.request(i,{ifAvailable:!0},async u=>u?await be(e,n,s,t):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=a}return r?(e.timeoutId&&(e.timeoutId=B(e,e.tokens.expiresAt,s,t)),e.tokens):null}const B=(e,n,s=null,t=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&U.clearTimeout(e.timeoutId),U.setTimeout(async()=>{const r={timeLeft:M(o,n)};e.publishEvent(x.eventNames.token_timer,r),await Ee(e,!1,s,t)},1e3)},D={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const l=await e.initAsync(n.authority,n.authority_configuration),a=await N(n,s);if(a){const{status:c,tokens:_}=await a.initAsync(l,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!c||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const g=M(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",p=await a.getNonceAsync();return{tokens:_,status:g,nonce:p}}r=await a.getNonceAsync()}else{const c=C(s,n.storage??sessionStorage),_=await c.initAsync();let{tokens:d}=_;const{status:g}=_;if(d&&(d=Z(d,e.tokens,n.token_renew_mode)),d){if(g==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(d.issuedAt!==t.issuedAt){const m=M(n.refresh_time_before_tokens_expiration_in_second,d.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",b=await c.getNonceAsync();return{tokens:d,status:m,nonce:b}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await c.getNonceAsync()}const f=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}},z=e=>async(n,s=0,t=!1,o=null,i=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let r=6;for(;!navigator.onLine&&r>0;)await Y({milliseconds:1e3}),r--,e.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const l=s+1;o||(o={});const a=e.configuration,u=(c,_=null,d=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(c,_,d),f=async()=>{try{let c;const _=await N(a,e.configurationName);_?c=_.getLoginParams():c=C(e.configurationName,a.storage).getLoginParams();const d=await u({...c.extras,...o,prompt:"none",scope:i});return d?d.error?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(d.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:d.tokens,status:"LOGGED"}):(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(c){return console.error(c),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:c.message}),await z(e)(n,l,t,o,i)}};try{const{status:c,tokens:_,nonce:d}=await sn(e)(a,e.configurationName,e.tokens,t);switch(c){case D.SESSION_LOST:return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case D.NOT_CONNECTED:return n(null),{tokens:null,status:null};case D.TOKENS_VALID:return n(_),{tokens:_,status:"LOGGED_IN"};case D.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(_),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:_,status:"LOGGED_IN"};case D.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(k.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case D.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted&&D.FORCE_REFRESH!==c?(e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(k.refreshTokensAsync_begin,{tryNumber:s}),await f());default:{if(a.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted&&D.FORCE_REFRESH!==c)return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(k.refreshTokensAsync_begin,{refreshToken:_.refreshToken,status:c,tryNumber:s}),!_.refreshToken)return await f();const g=a.client_id,p=a.redirect_uri,m=a.authority,O={...a.token_request_extras?a.token_request_extras:{}};for(const[A,h]of Object.entries(o))A.endsWith(":token_request")&&(O[A.replace(":token_request","")]=h);return await(async()=>{const A={client_id:g,redirect_uri:p,grant_type:"refresh_token",refresh_token:_.refreshToken},h=await e.initAsync(m,a.authority_configuration),P=document.hidden?1e4:3e4*10,y=h.tokenEndpoint,S={};a.demonstrating_proof_of_possession&&(S.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(_.accessToken,y,"POST"));const v=await Ze(e.getFetch())(y,A,O,_,S,a.token_renew_mode,P);if(v.success){const{isValid:T,reason:L}=de(v.data,d.nonce,h);if(!T)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${L}`}),{tokens:null,status:"SESSION_LOST"};if(n(v.data),v.demonstratingProofOfPossessionNonce){const j=await N(a,e.configurationName);j?await j.setDemonstratingProofOfPossessionNonce(v.demonstratingProofOfPossessionNonce):await C(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(v.demonstratingProofOfPossessionNonce)}return e.publishEvent(k.refreshTokensAsync_end,{success:v.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:v.data,status:"LOGGED_IN"}}else return e.publishEvent(k.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:v}),v.status>=400&&v.status<500?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`session lost: ${v.status}`}),{tokens:null,status:"SESSION_LOST"}):await z(e)(n,l,t,o,i)})()}}}catch(c){return console.error(c),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exception",exception:c.message}),new Promise((_,d)=>{setTimeout(()=>{z(e)(n,l,t,o,i).then(_).catch(d)},1e3)})}},ie=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(k.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i!=null&&(t==null&&(t={}),t.scope=i),t!=null)for(const[c,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(c)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;const l=n.silent_login_uri+r,a=l.indexOf("/",l.indexOf("//")+2),u=l.substring(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",l),document.body.appendChild(f),new Promise((c,_)=>{let d=!1;const g=()=>{window.removeEventListener("message",p),f.remove(),d=!0},p=m=>{if(m.origin===u&&m.source===f.contentWindow){const b=`${e}_oidc_tokens:`,O=`${e}_oidc_error:`,w=`${e}_oidc_exception:`,A=m.data;if(A&&typeof A=="string"&&!d){if(A.startsWith(b)){const h=JSON.parse(m.data.replace(b,""));s(k.silentLoginAsync_end,{}),c(h),g()}else if(A.startsWith(O)){const h=JSON.parse(m.data.replace(O,""));s(k.silentLoginAsync_error,h),c({error:"oidc_"+h.error,tokens:null,sessionState:null}),g()}else if(A.startsWith(w)){const h=JSON.parse(m.data.replace(w,""));s(k.silentLoginAsync_error,h),_(new Error(h.error)),g()}}}};try{window.addEventListener("message",p);const m=n.silent_login_timeout;setTimeout(()=>{d||(g(),s(k.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},m)}catch(m){g(),s(k.silentLoginAsync_error,m),_(m)}})}catch(r){throw s(k.silentLoginAsync_error,r),r}},tn=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const l=(u,f,c)=>ie(n,s,t.bind(o))(u,f,c);return(async()=>{o.timeoutId&&U.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,c=await l({...f,prompt:"none"},u,r);if(c)return o.tokens=c.tokens,t(k.token_acquired,{}),o.timeoutId=B(o,o.tokens.expiresAt,i,r),{}}catch(f){return f}})()},on=(e,n,s)=>(t,o,i,r=!1)=>{const l=(a,u=void 0,f=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const _=c.idToken,d=c.idTokenPayload;return l({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const p=g.tokens.idTokenPayload;if(d.sub===p.sub){const m=g.sessionState;e.checkSessionIFrame.start(g.sessionState),d.sid===p.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",m):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",m)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",p.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[,p]of Object.entries(n))await p.logoutOtherTabAsync(s.client_id,d.sub)})};e.checkSessionIFrame=new Ne(f,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),a(e.checkSessionIFrame)}).catch(c=>{u(c)})}else a(null)})},rn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),an=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in i){const a=i[l];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);l!=null&&l.length>2&&(r=l[1]+"."+l[2]+"."+(parseInt(l[3])|0));break}}return{os:o,osVersion:r}};function cn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const ln=()=>{const{name:e,version:n}=cn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=an(navigator);return!rn(s)},un=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(k.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await N(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=B(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(k.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=C(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Z(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=B(e,e.tokens.expiresAt,r.extras,r.scope);const l=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.check_session_iframe,s.client_id,l),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Oe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},_n=e=>{const n=Oe(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},Q=e=>{const n=Oe(e),{search:s}=n;return fn(s)},fn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},dn=(e,n,s,t,o)=>(i=void 0,r=null,l=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const c=i||o.getPath();if("state"in r||(r.state=te(16)),s(k.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=l?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const d=n.extras?{...n.extras,...r}:r;d.nonce||(d.nonce=te(12));const g={nonce:d.nonce},p=await N(n,e),m=await t(n.authority,n.authority_configuration);let b;if(p)p.setLoginParams({callbackPath:c,extras:u,scope:a}),await p.initAsync(m,"loginAsync",n),await p.setNonceAsync(g),p.startKeepAliveServiceWorker(),b=p;else{const w=C(e,n.storage??sessionStorage);w.setLoginParams({callbackPath:c,extras:u,scope:a}),await w.setNonceAsync(g),b=w}const O={client_id:n.client_id,redirect_uri:_,scope:a,response_type:"code",...d};await en(b,o)(m.authorizationEndpoint,O)}catch(_){throw s(k.loginAsync_error,_),_}})()},hn=e=>async(n=!1)=>{try{e.publishEvent(k.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,l=await e.initAsync(i,s.authority_configuration),a=e.location.getCurrentHref(),u=Q(a),f=u.session_state,c=await N(s,e.configurationName);let _,d,g,p;if(c)await c.initAsync(l,"loginCallbackAsync",s),await c.setSessionStateAsync(f),d=await c.getNonceAsync(),g=c.getLoginParams(),p=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const T=C(e.configurationName,s.storage??sessionStorage);await T.setSessionStateAsync(f),d=await T.getNonceAsync(),g=T.getLoginParams(),p=await T.getStateAsync(),_=T}if(u.error||u.error_description)throw new Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==l.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);if(u.state&&u.state!==p)throw new Error(`State not valid (expected: ${p}, received: ${u.state})`);const m={code:u.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},b={};if(s.token_request_extras)for(const[T,L]of Object.entries(s.token_request_extras))b[T]=L;if(g!=null&&g.extras)for(const[T,L]of Object.entries(g.extras))T.endsWith(":token_request")&&(b[T.replace(":token_request","")]=L);const O=l.tokenEndpoint,w={};if(s.demonstrating_proof_of_possession)if(c)w.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const T=await je(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await C(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(T),w.DPoP=await Ae(window)(s.demonstrating_proof_of_possession_configuration)(T,"POST",O)}const A=await nn(_)(O,{...m,...b},w,e.configuration.token_renew_mode,r);if(!A.success)throw new Error("Token request failed");let h;const P=A.data.tokens,y=A.data.demonstratingProofOfPossessionNonce;if(A.data.state!==b.state)throw new Error("state is not valid");const{isValid:S,reason:v}=de(P,d.nonce,l);if(!S)throw new Error(`Tokens are not OpenID valid, reason: ${v}`);if(c){if(P.refreshToken&&!P.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(y&&(P!=null&&P.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(l,"syncTokensAsync",s),h=c.getLoginParams(),y&&await c.setDemonstratingProofOfPossessionNonce(y);else{const T=C(e.configurationName,s.storage);h=T.getLoginParams(),y&&await T.setDemonstratingProofOfPossessionNonce(y)}return await e.startCheckSessionAsync(l.checkSessionIframe,t,f,n),e.publishEvent(k.loginCallbackAsync_end,{}),{tokens:P,state:"request.state",callbackPath:h.callbackPath,scope:u.scope,extras:h.extras}}catch(s){throw console.error(s),e.publishEvent(k.loginCallbackAsync_error,s),s}},Pe={access_token:"access_token",refresh_token:"refresh_token"},re=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},yn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},gn=e=>async n=>{U.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await N(e.configuration,e.configurationName);s?await s.clearAsync(n):await C(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},kn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{var b,O;const l=e.configuration,a=await e.initAsync(l.authority,l.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const c=f?i:o.getOrigin()+u,_=e.tokens?e.tokens.idToken:"";try{const w=a.revocationEndpoint;if(w){const A=[],h=e.tokens?e.tokens.accessToken:null;if(h&&l.logout_tokens_to_invalidate.includes(Pe.access_token)){const y=re(r,":revoke_access_token"),S=ve(s)(w,h,oe.access_token,l.client_id,y);A.push(S)}const P=e.tokens?e.tokens.refreshToken:null;if(P&&l.logout_tokens_to_invalidate.includes(Pe.refresh_token)){const y=re(r,":revoke_refresh_token"),S=ve(s)(w,P,oe.refresh_token,l.client_id,y);A.push(S)}A.length>0&&await Promise.all(A)}}catch(w){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(w)}const d=((O=(b=e.tokens)==null?void 0:b.idTokenPayload)==null?void 0:O.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,w]of Object.entries(n))w!==e?await e.logoutSameTabAsync(e.configuration.client_id,d):e.publishEvent(k.logout_from_same_tab,{});const g=re(r,":oidc");if(g&&g.no_reload==="true")return;const m=yn(r);if(a.endSessionEndpoint){"id_token_hint"in m||(m.id_token_hint=_),!("post_logout_redirect_uri"in m)&&i!==null&&(m.post_logout_redirect_uri=c);let w="";for(const[A,h]of Object.entries(m))h!=null&&(w===""?w+="?":w+="&",w+=`${A}=${encodeURIComponent(h)}`);o.open(`${a.endSessionEndpoint}${w}`)}else o.reload()},Ie=(e,n,s=!1)=>async(...t)=>{var d;const[o,i,...r]=t,l=i?{...i}:{method:"GET"};let a=new Headers;l.headers&&(a=l.headers instanceof Headers?l.headers:new Headers(l.headers));const u={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:n.renewTokensAsync.bind(n)},f=await fe(u),c=(d=f==null?void 0:f.tokens)==null?void 0:d.accessToken;if(a.has("Accept")||a.set("Accept","application/json"),c){if(n.configuration.demonstrating_proof_of_possession&&s){const g=await n.generateDemonstrationOfProofOfPossessionAsync(c,o.toString(),l.method);a.set("Authorization",`DPoP ${c}`),a.set("DPoP",g)}else a.set("Authorization",`Bearer ${c}`);l.credentials||(l.credentials="same-origin")}const _={...l,headers:a};return await e(o,_,...r)},mn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,l=await(async()=>{const u=await Ie(fetch,e,s)(i);return u.status!==200?null:u.json()})();return e.userInfo=l,l},Ce=()=>fetch;class ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const R={},pn=(e,n=new W)=>(s,t="default")=>(R[t]||(R[t]=new x(s,t,e,n)),R[t]),wn=async e=>{const{parsedTokens:n,callbackPath:s,extras:t,scope:o}=await e.loginCallbackAsync();return e.timeoutId=B(e,n.expiresAt,t,o),{callbackPath:s}},An=e=>Math.floor(Math.random()*e),H=class H{constructor(n,s="default",t,o=new W){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new W;const l=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??K.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??q.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:l,service_worker_activate:n.service_worker_activate??ln,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Me,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=An(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(R,n)&&s)throw Error(`OIDC library does seem initialized.
-Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return R[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=Q(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=Q(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await N(this.configuration,this.configurationName)?window.localStorage:null;return await Qe(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=un(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await on(this,R,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=tn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):this.loginPromise=dn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(n),o=t.tokens;return this.tokens=o,await N(this.configuration,this.configurationName)||C(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(H.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath,scope:t.scope,extras:t.extras}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await Te(n),...o};if(await N(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const a=C(this.configurationName,i.storage),u=await a.getDemonstratingProofOfPossessionJwkAsync(),f=a.getDemonstratingProofOfPossessionNonce();return f&&(r.nonce=f),await Ae(window)(i.demonstrating_proof_of_possession_configuration)(u,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=wn(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,s=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=mn(this)(n,s),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,s=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return U.clearTimeout(this.timeoutId),this.renewTokensPromise=Ee(this,!0,n,s),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await gn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=kn(this,R,this.getFetch(),console,this.location)(n,s),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};H.getOrCreate=(n,s)=>(t,o="default")=>pn(n,s)(t,o),H.eventNames=k;let x=H;const V=class V{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new V(x.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,s=null){return this._oidc.renewTokensAsync(n,s)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t,o)}async getValidTokenAsync(n=200,s=50){const t=this._oidc,o={getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:t.renewTokensAsync.bind(t)};return fe(o,n,s)}fetchWithTokens(n,s=!1){return Ie(n,this._oidc,s)}async userInfoAsync(n=!1,s=!1){return this._oidc.userInfoAsync(n,s)}userInfo(){return this._oidc.userInfo}};V.getOrCreate=(n,s=new W)=>(t,o="default")=>new V(x.getOrCreate(n,s)(t,o)),V.eventNames=x.eventNames;let ce=V;I.OidcClient=ce,I.OidcLocation=W,I.TokenAutomaticRenewMode=K,I.TokenRenewMode=q,I.getFetchDefault=Ce,I.getParseQueryStringFromLocation=Q,I.getPath=_n,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});
+(function(I,W){typeof exports=="object"&&typeof module<"u"?W(exports):typeof define=="function"&&define.amd?define(["exports"],W):(I=typeof globalThis<"u"?globalThis:I||self,W(I["oidc-client"]={}))})(this,function(I){"use strict";class W{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const le=2e3,$=console;class Ne{constructor(n,s,t,o=le,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||le,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?($.debug(n),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){$.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const k={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},C=(e,n=sessionStorage)=>{const s=h=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:h}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const h=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:h.tokens,status:h.status})},o=h=>{n[`oidc.${e}`]=JSON.stringify({tokens:h})},i=async h=>{n[`oidc.session_state.${e}`]=h},r=async()=>n[`oidc.session_state.${e}`],l=h=>{n[`oidc.nonce.${e}`]=h.nonce},a=h=>{n[`oidc.jwk.${e}`]=JSON.stringify(h)},u=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),c=async h=>{n[`oidc.dpop_nonce.${e}`]=h},_=()=>n[`oidc.dpop_nonce.${e}`],d=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:d,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:l,getNonceAsync:f,setLoginParams:h=>{g[e]=h,n[`oidc.login.${e}`]=JSON.stringify(h)},getLoginParams:()=>{const h=n[`oidc.login.${e}`];return h?(g[e]||(g[e]=JSON.parse(h)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async h=>{n[`oidc.state.${e}`]=h},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async h=>{n[`oidc.code_verifier.${e}`]=h},setDemonstratingProofOfPossessionNonce:c,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:u}};var K=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(K||{});const xe=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),We=e=>JSON.parse(xe(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&Le(e,".")===2?We(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Le=(e,n)=>e.split(n).length-1,q={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function De(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const Z=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),l=r&&r.exp?r.exp:Number.MAX_VALUE,a=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=De(e,t,r);let u;e.expiresAt?u=e.expiresAt:s===q.access_token_invalid?u=a:s===q.id_token_invalid?u=l:u=l<a?l:a;const f={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:u,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const c=n.refreshToken;return{...f,refreshToken:c}}return f},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),Z(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=(e,n=0)=>e?M(n,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.getTokens())return null;for(;!_e(e.getTokens(),e.configuration.refresh_time_before_tokens_expiration_in_second)&&t>0;){if(e.configuration.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await Y({milliseconds:n});t=t-1}return{isTokensValid:_e(e.getTokens()),tokens:e.getTokens(),numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},U=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.25.2";let ye=null,G;const Y=({milliseconds:e})=>new Promise(n=>U.setTimeout(n,e)),ge=(e="/")=>{try{G=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:G.signal}).catch(t=>{console.log(t)}),Y({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},ke=()=>{G&&G.abort()},Re=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),$e=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistration ${t?"successful":"failed"}`),await Y({milliseconds:2e3}),e.reload()},Ke=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,s),s},E=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:Ke(n.configurationName)},[o.port2])}),N=async(e,n)=>{var P;const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.service_worker_register?t=await e.service_worker_register(s):(t=await navigator.serviceWorker.register(s),t.active&&t.waiting&&(console.log("Detected new service worker waiting, unregistering and reloading"),await((P=e.service_worker_update_require_callback)==null?void 0:P.call(e,t,ke))));try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await E(t)({type:"claim"})}catch(y){return console.warn(`Failed init ServiceWorker ${y.toString()}`),null}const o=async y=>E(t)({type:"clear",data:{status:y},configurationName:n}),i=async(y,S,v)=>{var j;const T=await E(t)({type:"init",data:{oidcServerConfiguration:y,where:S,oidcConfiguration:{token_renew_mode:v.token_renew_mode,service_worker_convert_all_requests_to_cors:v.service_worker_convert_all_requests_to_cors}},configurationName:n}),L=T.version;return L!==he&&(console.warn(`Service worker ${L} version mismatch with js client version ${he}, unregistering and reloading`),await((j=v.service_worker_update_require_callback)==null?void 0:j.call(v,t,ke))),{tokens:ee(T.tokens,null,v.token_renew_mode),status:T.status}},r=(y="/")=>{ye==null&&(ye="not_null",ge(y))},l=y=>E(t)({type:"setSessionState",data:{sessionState:y},configurationName:n}),a=async()=>(await E(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,u=y=>(sessionStorage[`oidc.nonce.${n}`]=y.nonce,E(t)({type:"setNonce",data:{nonce:y},configurationName:n})),f=async()=>{let S=(await E(t)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}},c={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Re(e.service_worker_keep_alive_path),setSessionStateAsync:l,getSessionStateAsync:a,setNonceAsync:u,getNonceAsync:f,setLoginParams:y=>{c[n]=y,localStorage[`oidc.login.${n}`]=JSON.stringify(y)},getLoginParams:()=>{const y=localStorage[`oidc.login.${n}`];return c[n]||(c[n]=JSON.parse(y)),c[n]},getStateAsync:async()=>{let S=(await E(t)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async y=>(sessionStorage[`oidc.state.${n}`]=y,E(t)({type:"setState",data:{state:y},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await E(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async y=>(sessionStorage[`oidc.code_verifier.${n}`]=y,E(t)({type:"setCodeVerifier",data:{codeVerifier:y},configurationName:n})),setDemonstratingProofOfPossessionNonce:async y=>{await E(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:y},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await E(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async y=>{const S=JSON.stringify(y);await E(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const y=await E(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return y.demonstratingProofOfPossessionJwkJson?JSON.parse(y.demonstratingProofOfPossessionJwkJson):null}}},F={},Ue=(e,n=window.sessionStorage,s)=>{if(!F[e]&&n){const o=n.getItem(e);o&&(F[e]=JSON.parse(o))}const t=1e3*s;return F[e]&&F[e].timestamp+t>Date.now()?F[e].result:null},Fe=(e,n,s=window.sessionStorage)=>{const t=Date.now();F[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function me(e){return new TextEncoder().encode(e)}function pe(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Ve(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const ne=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),pe(n)};function we(e){return pe(Ve(e))}const Me={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Je={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:we(JSON.stringify(s)),payload:we(JSON.stringify(t))},l=o.importKeyAlgorithm,a=!0,u=["sign"],f=await e.crypto.subtle.importKey("jwk",n,l,a,u),c=me(`${r.protected}.${r.payload}`),_=o.signAlgorithm,d=await e.crypto.subtle.sign(_,f,c);return r.signature=ne(new Uint8Array(d)),`${r.protected}.${r.payload}.${r.signature}`}},Be={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},He={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,me(t));return ne(new Uint8Array(o))}},je=e=>async n=>await Be.generate(e)(n),Ae=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(qe()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},l=await He.thumbprint(e)(s,n.digestAlgorithm);return await Je.sign(e)(s,{kid:l},r,n)},qe=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Se=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ge=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%se.length;n.push(se[t])}return n.join("")},te=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Se();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*se.length|0;return Ge(n)};function Ye(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function Te(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Ye(e)).then(t=>n(ne(new Uint8Array(t))),t=>s(t))})}const Xe=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Se();return n?Te(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},ze=60*60,Qe=e=>async(n,s=ze,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,l=Ue(r,t,s);if(l)return new ae(l);const a=await J(e)(i,{},o);if(a.status!==200)return null;const u=await a.json();return Fe(r,u,t),new ae(u)},J=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,s,t=oe.refresh_token,o,i={},r=1e4)=>{const l={token:s,token_type_hint:t,client_id:o};for(const[c,_]of Object.entries(i))l[c]===void 0&&(l[c]=_);const a=[];for(const c in l){const _=encodeURIComponent(c),d=encodeURIComponent(l[c]);a.push(`${_}=${d}`)}const u=a.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:u},r)).status!==200?{success:!1}:{success:!0}},Ze=e=>async(n,s,t,o,i={},r,l=1e4)=>{for(const[d,g]of Object.entries(t))s[d]===void 0&&(s[d]=g);const a=[];for(const d in s){const g=encodeURIComponent(d),p=encodeURIComponent(s[d]);a.push(`${g}=${p}`)}const u=a.join("&"),f=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},l);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const c=await f.json();let _=null;return f.headers.has(X)&&(_=f.headers.get(X)),{success:!0,status:f.status,data:ee(c,o,r),demonstratingProofOfPossessionNonce:_}},en=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Xe(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[l,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${l}=${encodeURIComponent(a)}`;n.open(`${s}${r}`)},X="DPoP-Nonce",nn=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const c in s){const _=encodeURIComponent(c),d=encodeURIComponent(s[c]);r.push(`${_}=${d}`)}const l=r.join("&"),a=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:l},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let u=null;a.headers.has(X)&&(u=a.headers.get(X));const f=await a.json();return{success:!0,data:{state:s.state,tokens:ee(f,null,o),demonstratingProofOfPossessionNonce:u}}};async function be(e,n,s,t=null){const o=a=>{e.tokens=a},{tokens:i,status:r}=await z(e)(o,0,n,s,t);return await N(e.configuration,e.configurationName)||await C(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function Ee(e,n=!1,s=null,t=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const l=await N(e.configuration,e.configurationName);if((o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!l||!navigator.locks)r=await be(e,n,s,t);else{let a="retry";for(;a==="retry";)a=await navigator.locks.request(i,{ifAvailable:!0},async u=>u?await be(e,n,s,t):(e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=a}return r?(e.timeoutId&&(e.timeoutId=B(e,e.tokens.expiresAt,s,t)),e.tokens):null}const B=(e,n,s=null,t=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&U.clearTimeout(e.timeoutId),U.setTimeout(async()=>{const r={timeLeft:M(o,n)};e.publishEvent(x.eventNames.token_timer,r),await Ee(e,!1,s,t)},1e3)},D={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const l=await e.initAsync(n.authority,n.authority_configuration),a=await N(n,s);if(a){const{status:c,tokens:_}=await a.initAsync(l,"syncTokensAsync",n);if(c==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(c==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!c||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const g=M(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",p=await a.getNonceAsync();return{tokens:_,status:g,nonce:p}}r=await a.getNonceAsync()}else{const c=C(s,n.storage??sessionStorage),_=await c.initAsync();let{tokens:d}=_;const{status:g}=_;if(d&&(d=Z(d,e.tokens,n.token_renew_mode)),d){if(g==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(d.issuedAt!==t.issuedAt){const m=M(n.refresh_time_before_tokens_expiration_in_second,d.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",b=await c.getNonceAsync();return{tokens:d,status:m,nonce:b}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await c.getNonceAsync()}const f=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}},z=e=>async(n,s=0,t=!1,o=null,i=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let r=6;for(;!navigator.onLine&&r>0;)await Y({milliseconds:1e3}),r--,e.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const l=s+1;o||(o={});const a=e.configuration,u=(c,_=null,d=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(c,_,d),f=async()=>{try{let c;const _=await N(a,e.configurationName);_?c=_.getLoginParams():c=C(e.configurationName,a.storage).getLoginParams();const d=await u({...c.extras,...o,prompt:"none",scope:i});return d?d.error?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(d.tokens),e.publishEvent(x.eventNames.token_renewed,{}),{tokens:d.tokens,status:"LOGGED"}):(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(c){return console.error(c),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:c.message}),await z(e)(n,l,t,o,i)}};try{const{status:c,tokens:_,nonce:d}=await sn(e)(a,e.configurationName,e.tokens,t);switch(c){case D.SESSION_LOST:return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case D.NOT_CONNECTED:return n(null),{tokens:null,status:null};case D.TOKENS_VALID:return n(_),{tokens:_,status:"LOGGED_IN"};case D.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(_),e.publishEvent(x.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:_,status:"LOGGED_IN"};case D.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(k.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case D.REQUIRE_SYNC_TOKENS:return a.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted&&D.FORCE_REFRESH!==c?(e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(k.refreshTokensAsync_begin,{tryNumber:s}),await f());default:{if(a.token_automatic_renew_mode==K.AutomaticOnlyWhenFetchExecuted&&D.FORCE_REFRESH!==c)return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(k.refreshTokensAsync_begin,{refreshToken:_.refreshToken,status:c,tryNumber:s}),!_.refreshToken)return await f();const g=a.client_id,p=a.redirect_uri,m=a.authority,O={...a.token_request_extras?a.token_request_extras:{}};for(const[A,h]of Object.entries(o))A.endsWith(":token_request")&&(O[A.replace(":token_request","")]=h);return await(async()=>{const A={client_id:g,redirect_uri:p,grant_type:"refresh_token",refresh_token:_.refreshToken},h=await e.initAsync(m,a.authority_configuration),P=document.hidden?1e4:3e4*10,y=h.tokenEndpoint,S={};a.demonstrating_proof_of_possession&&(S.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(_.accessToken,y,"POST"));const v=await Ze(e.getFetch())(y,A,O,_,S,a.token_renew_mode,P);if(v.success){const{isValid:T,reason:L}=de(v.data,d.nonce,h);if(!T)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${L}`}),{tokens:null,status:"SESSION_LOST"};if(n(v.data),v.demonstratingProofOfPossessionNonce){const j=await N(a,e.configurationName);j?await j.setDemonstratingProofOfPossessionNonce(v.demonstratingProofOfPossessionNonce):await C(e.configurationName,a.storage).setDemonstratingProofOfPossessionNonce(v.demonstratingProofOfPossessionNonce)}return e.publishEvent(k.refreshTokensAsync_end,{success:v.success}),e.publishEvent(x.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:v.data,status:"LOGGED_IN"}}else return e.publishEvent(k.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:v}),v.status>=400&&v.status<500?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`session lost: ${v.status}`}),{tokens:null,status:"SESSION_LOST"}):await z(e)(n,l,t,o,i)})()}}}catch(c){return console.error(c),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exception",exception:c.message}),new Promise((_,d)=>{setTimeout(()=>{z(e)(n,l,t,o,i).then(_).catch(d)},1e3)})}},ie=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(k.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i!=null&&(t==null&&(t={}),t.scope=i),t!=null)for(const[c,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(c)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(c)}=${encodeURIComponent(_)}`;const l=n.silent_login_uri+r,a=l.indexOf("/",l.indexOf("//")+2),u=l.substring(0,a),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",l),document.body.appendChild(f),new Promise((c,_)=>{let d=!1;const g=()=>{window.removeEventListener("message",p),f.remove(),d=!0},p=m=>{if(m.origin===u&&m.source===f.contentWindow){const b=`${e}_oidc_tokens:`,O=`${e}_oidc_error:`,w=`${e}_oidc_exception:`,A=m.data;if(A&&typeof A=="string"&&!d){if(A.startsWith(b)){const h=JSON.parse(m.data.replace(b,""));s(k.silentLoginAsync_end,{}),c(h),g()}else if(A.startsWith(O)){const h=JSON.parse(m.data.replace(O,""));s(k.silentLoginAsync_error,h),c({error:"oidc_"+h.error,tokens:null,sessionState:null}),g()}else if(A.startsWith(w)){const h=JSON.parse(m.data.replace(w,""));s(k.silentLoginAsync_error,h),_(new Error(h.error)),g()}}}};try{window.addEventListener("message",p);const m=n.silent_login_timeout;setTimeout(()=>{d||(g(),s(k.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},m)}catch(m){g(),s(k.silentLoginAsync_error,m),_(m)}})}catch(r){throw s(k.silentLoginAsync_error,r),r}},tn=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const l=(u,f,c)=>ie(n,s,t.bind(o))(u,f,c);return(async()=>{o.timeoutId&&U.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,c=await l({...f,prompt:"none"},u,r);if(c)return o.tokens=c.tokens,t(k.token_acquired,{}),o.timeoutId=B(o,o.tokens.expiresAt,i,r),{}}catch(f){return f}})()},on=(e,n,s)=>(t,o,i,r=!1)=>{const l=(a,u=void 0,f=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(a,u,f);return new Promise((a,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{e.checkSessionIFrame.stop();const c=e.tokens;if(c===null)return;const _=c.idToken,d=c.idTokenPayload;return l({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(g=>{if(g.error)throw new Error(g.error);const p=g.tokens.idTokenPayload;if(d.sub===p.sub){const m=g.sessionState;e.checkSessionIFrame.start(g.sessionState),d.sid===p.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",m):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",m)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",p.sub)}).catch(async g=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",g);for(const[,p]of Object.entries(n))await p.logoutOtherTabAsync(s.client_id,d.sub)})};e.checkSessionIFrame=new Ne(f,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),a(e.checkSessionIFrame)}).catch(c=>{u(c)})}else a(null)})},rn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),an=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in i){const a=i[l];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);l!=null&&l.length>2&&(r=l[1]+"."+l[2]+"."+(parseInt(l[3])|0));break}}return{os:o,osVersion:r}};function cn(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const ln=()=>{const{name:e,version:n}=cn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=an(navigator);return!rn(s)},un=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(k.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await N(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=B(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.checkSessionIframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(k.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=C(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Z(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=B(e,e.tokens.expiresAt,r.extras,r.scope);const l=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.checkSessionIframe,s.client_id,l),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Oe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},_n=e=>{const n=Oe(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},Q=e=>{const n=Oe(e),{search:s}=n;return fn(s)},fn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},dn=(e,n,s,t,o)=>(i=void 0,r=null,l=!1,a=void 0)=>{const u=r;return r={...r},(async()=>{const c=i||o.getPath();if("state"in r||(r.state=te(16)),s(k.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=l?n.silent_redirect_uri:n.redirect_uri;a||(a=n.scope);const d=n.extras?{...n.extras,...r}:r;d.nonce||(d.nonce=te(12));const g={nonce:d.nonce},p=await N(n,e),m=await t(n.authority,n.authority_configuration);let b;if(p)p.setLoginParams({callbackPath:c,extras:u,scope:a}),await p.initAsync(m,"loginAsync",n),await p.setNonceAsync(g),p.startKeepAliveServiceWorker(),b=p;else{const w=C(e,n.storage??sessionStorage);w.setLoginParams({callbackPath:c,extras:u,scope:a}),await w.setNonceAsync(g),b=w}const O={client_id:n.client_id,redirect_uri:_,scope:a,response_type:"code",...d};await en(b,o)(m.authorizationEndpoint,O)}catch(_){throw s(k.loginAsync_error,_),_}})()},hn=e=>async(n=!1)=>{try{e.publishEvent(k.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,l=await e.initAsync(i,s.authority_configuration),a=e.location.getCurrentHref(),u=Q(a),f=u.session_state,c=await N(s,e.configurationName);let _,d,g,p;if(c)await c.initAsync(l,"loginCallbackAsync",s),await c.setSessionStateAsync(f),d=await c.getNonceAsync(),g=c.getLoginParams(),p=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const T=C(e.configurationName,s.storage??sessionStorage);await T.setSessionStateAsync(f),d=await T.getNonceAsync(),g=T.getLoginParams(),p=await T.getStateAsync(),_=T}if(u.error||u.error_description)throw new Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==l.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);if(u.state&&u.state!==p)throw new Error(`State not valid (expected: ${p}, received: ${u.state})`);const m={code:u.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},b={};if(s.token_request_extras)for(const[T,L]of Object.entries(s.token_request_extras))b[T]=L;if(g!=null&&g.extras)for(const[T,L]of Object.entries(g.extras))T.endsWith(":token_request")&&(b[T.replace(":token_request","")]=L);const O=l.tokenEndpoint,w={};if(s.demonstrating_proof_of_possession)if(c)w.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const T=await je(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await C(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(T),w.DPoP=await Ae(window)(s.demonstrating_proof_of_possession_configuration)(T,"POST",O)}const A=await nn(_)(O,{...m,...b},w,e.configuration.token_renew_mode,r);if(!A.success)throw new Error("Token request failed");let h;const P=A.data.tokens,y=A.data.demonstratingProofOfPossessionNonce;if(A.data.state!==b.state)throw new Error("state is not valid");const{isValid:S,reason:v}=de(P,d.nonce,l);if(!S)throw new Error(`Tokens are not OpenID valid, reason: ${v}`);if(c){if(P.refreshToken&&!P.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(y&&(P!=null&&P.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(l,"syncTokensAsync",s),h=c.getLoginParams(),y&&await c.setDemonstratingProofOfPossessionNonce(y);else{const T=C(e.configurationName,s.storage);h=T.getLoginParams(),y&&await T.setDemonstratingProofOfPossessionNonce(y)}return await e.startCheckSessionAsync(l.checkSessionIframe,t,f,n),e.publishEvent(k.loginCallbackAsync_end,{}),{tokens:P,state:"request.state",callbackPath:h.callbackPath,scope:u.scope,extras:h.extras}}catch(s){throw console.error(s),e.publishEvent(k.loginCallbackAsync_error,s),s}},Pe={access_token:"access_token",refresh_token:"refresh_token"},re=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},yn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},gn=e=>async n=>{U.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await N(e.configuration,e.configurationName);s?await s.clearAsync(n):await C(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},kn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{var b,O;const l=e.configuration,a=await e.initAsync(l.authority,l.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const c=f?i:o.getOrigin()+u,_=e.tokens?e.tokens.idToken:"";try{const w=a.revocationEndpoint;if(w){const A=[],h=e.tokens?e.tokens.accessToken:null;if(h&&l.logout_tokens_to_invalidate.includes(Pe.access_token)){const y=re(r,":revoke_access_token"),S=ve(s)(w,h,oe.access_token,l.client_id,y);A.push(S)}const P=e.tokens?e.tokens.refreshToken:null;if(P&&l.logout_tokens_to_invalidate.includes(Pe.refresh_token)){const y=re(r,":revoke_refresh_token"),S=ve(s)(w,P,oe.refresh_token,l.client_id,y);A.push(S)}A.length>0&&await Promise.all(A)}}catch(w){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(w)}const d=((O=(b=e.tokens)==null?void 0:b.idTokenPayload)==null?void 0:O.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,w]of Object.entries(n))w!==e?await e.logoutSameTabAsync(e.configuration.client_id,d):e.publishEvent(k.logout_from_same_tab,{});const g=re(r,":oidc");if(g&&g.no_reload==="true")return;const m=yn(r);if(a.endSessionEndpoint){"id_token_hint"in m||(m.id_token_hint=_),!("post_logout_redirect_uri"in m)&&i!==null&&(m.post_logout_redirect_uri=c);let w="";for(const[A,h]of Object.entries(m))h!=null&&(w===""?w+="?":w+="&",w+=`${A}=${encodeURIComponent(h)}`);o.open(`${a.endSessionEndpoint}${w}`)}else o.reload()},Ie=(e,n,s=!1)=>async(...t)=>{var d;const[o,i,...r]=t,l=i?{...i}:{method:"GET"};let a=new Headers;l.headers&&(a=l.headers instanceof Headers?l.headers:new Headers(l.headers));const u={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:n.renewTokensAsync.bind(n)},f=await fe(u),c=(d=f==null?void 0:f.tokens)==null?void 0:d.accessToken;if(a.has("Accept")||a.set("Accept","application/json"),c){if(n.configuration.demonstrating_proof_of_possession&&s){const g=await n.generateDemonstrationOfProofOfPossessionAsync(c,o.toString(),l.method);a.set("Authorization",`DPoP ${c}`),a.set("DPoP",g)}else a.set("Authorization",`Bearer ${c}`);l.credentials||(l.credentials="same-origin")}const _={...l,headers:a};return await e(o,_,...r)},mn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,l=await(async()=>{const u=await Ie(fetch,e,s)(i);return u.status!==200?null:u.json()})();return e.userInfo=l,l},Ce=()=>fetch;class ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const R={},pn=(e,n=new W)=>(s,t="default")=>(R[t]||(R[t]=new x(s,t,e,n)),R[t]),wn=async e=>{const{parsedTokens:n,callbackPath:s,extras:t,scope:o}=await e.loginCallbackAsync();return e.timeoutId=B(e,n.expiresAt,t,o),{callbackPath:s}},An=e=>Math.floor(Math.random()*e),H=class H{constructor(n,s="default",t,o=new W){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new W;const l=n.service_worker_update_require_callback??$e(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??K.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??q.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:l,service_worker_activate:n.service_worker_activate??ln,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Me,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=An(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(R,n)&&s)throw Error(`OIDC library does seem initialized.
+Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return R[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=Q(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=Q(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await N(this.configuration,this.configurationName)?window.sessionStorage:null;return await Qe(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=un(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await on(this,R,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=tn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):this.loginPromise=dn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(n),o=t.tokens;return this.tokens=o,await N(this.configuration,this.configurationName)||C(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(H.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath,scope:t.scope,extras:t.extras}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await Te(n),...o};if(await N(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const a=C(this.configurationName,i.storage),u=await a.getDemonstratingProofOfPossessionJwkAsync(),f=a.getDemonstratingProofOfPossessionNonce();return f&&(r.nonce=f),await Ae(window)(i.demonstrating_proof_of_possession_configuration)(u,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=wn(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,s=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=mn(this)(n,s),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,s=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return U.clearTimeout(this.timeoutId),this.renewTokensPromise=Ee(this,!0,n,s),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await gn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=kn(this,R,this.getFetch(),console,this.location)(n,s),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};H.getOrCreate=(n,s)=>(t,o="default")=>pn(n,s)(t,o),H.eventNames=k;let x=H;const V=class V{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new V(x.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,s=null){return this._oidc.renewTokensAsync(n,s)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t,o)}async getValidTokenAsync(n=200,s=50){const t=this._oidc,o={getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:t.renewTokensAsync.bind(t)};return fe(o,n,s)}fetchWithTokens(n,s=!1){return Ie(n,this._oidc,s)}async userInfoAsync(n=!1,s=!1){return this._oidc.userInfoAsync(n,s)}userInfo(){return this._oidc.userInfo}};V.getOrCreate=(n,s=new W)=>(t,o="default")=>new V(x.getOrCreate(n,s)(t,o)),V.eventNames=x.eventNames;let ce=V;I.OidcClient=ce,I.OidcLocation=W,I.TokenAutomaticRenewMode=K,I.TokenRenewMode=q,I.getFetchDefault=Ce,I.getParseQueryStringFromLocation=Q,I.getPath=_n,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});

package/dist/version.d.ts

@@ -1,3 +1,3 @@
-declare const _default: "7.25.0";
+declare const _default: "7.25.2";
 export default _default;
 //# sourceMappingURL=version.d.ts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axa-fr/oidc-client",
-  "version": "7.25.0",
+  "version": "7.25.2",
   "private": false,
   "type": "module",
   "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
     "url": "https://github.com/AxaFrance/oidc-client.git"
   },
   "dependencies": {
-    "@axa-fr/oidc-client-service-worker": "7.25.0"
+    "@axa-fr/oidc-client-service-worker": "7.25.2"
   },
   "devDependencies": {
     "@testing-library/dom": "10.4.0",

package/src/keepSession.ts

@@ -39,7 +39,7 @@ export const tryKeepSessionAsync = async (oidc: Oidc) => {
         const sessionState = await serviceWorker.getSessionStateAsync();
         // @ts-ignore
         await oidc.startCheckSessionAsync(
-          oidcServerConfiguration.check_session_iframe,
+          oidcServerConfiguration.checkSessionIframe,
           configuration.client_id,
           sessionState,
         );
@@ -78,7 +78,7 @@ export const tryKeepSessionAsync = async (oidc: Oidc) => {
         const sessionState = await session.getSessionStateAsync();
         // @ts-ignore
         await oidc.startCheckSessionAsync(
-          oidcServerConfiguration.check_session_iframe,
+          oidcServerConfiguration.checkSessionIframe,
           configuration.client_id,
           sessionState,
         );

package/src/oidc.ts

@@ -256,7 +256,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
       }
 
       const serviceWorker = await initWorkerAsync(this.configuration, this.configurationName);
-      const storage = serviceWorker ? window.localStorage : null;
+      const storage = serviceWorker ? window.sessionStorage : null;
       return await fetchFromIssuer(this.getFetch())(
         authority,
         this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60,

package/src/version.ts

@@ -1 +1 @@
-export default '7.25.0';
+export default '7.25.2';