@axa-fr/oidc-client 7.25.14 → 7.25.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.js +133 -126
  2. package/dist/index.umd.cjs +2 -2
  3. package/dist/oidc.d.ts.map +1 -1
  4. package/dist/user.d.ts.map +1 -1
  5. package/dist/version.d.ts +1 -1
  6. package/package.json +3 -3
  7. package/src/oidc.ts +3 -1
  8. package/src/user.ts +14 -0
  9. package/src/version.ts +1 -1
package/dist/index.js CHANGED
@@ -92,7 +92,7 @@ const m = {
92
92
  n[`oidc.jwk.${e}`] = JSON.stringify(g);
93
93
  }, u = () => JSON.parse(n[`oidc.jwk.${e}`]), f = async () => ({ nonce: n[`oidc.nonce.${e}`] }), l = async (g) => {
94
94
  n[`oidc.dpop_nonce.${e}`] = g;
95
- }, h = () => n[`oidc.dpop_nonce.${e}`], _ = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, k = {};
95
+ }, d = () => n[`oidc.dpop_nonce.${e}`], _ = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, k = {};
96
96
  return {
97
97
  clearAsync: s,
98
98
  initAsync: t,
@@ -120,7 +120,7 @@ const m = {
120
120
  n[`oidc.code_verifier.${e}`] = g;
121
121
  },
122
122
  setDemonstratingProofOfPossessionNonce: l,
123
- getDemonstratingProofOfPossessionNonce: h,
123
+ getDemonstratingProofOfPossessionNonce: d,
124
124
  setDemonstratingProofOfPossessionJwkAsync: c,
125
125
  getDemonstratingProofOfPossessionJwkAsync: u
126
126
  };
@@ -245,7 +245,7 @@ const oe = (e, n = null, s) => {
245
245
  setInterval: setInterval.bind(e),
246
246
  clearInterval: clearInterval.bind(e)
247
247
  };
248
- }(), Y = "7.25.14";
248
+ }(), Y = "7.25.15";
249
249
  let ge = null, G;
250
250
  const re = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Te = (e = "/") => {
251
251
  try {
@@ -273,7 +273,7 @@ const re = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Te =
273
273
  }, e.active.postMessage({ ...n, tabId: ve(n.configurationName) }, [
274
274
  o.port2
275
275
  ]);
276
- }), x = async (e, n) => {
276
+ }), N = async (e, n) => {
277
277
  const s = e.service_worker_relative_url;
278
278
  if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !s || e.service_worker_activate() === !1)
279
279
  return null;
@@ -282,23 +282,23 @@ const re = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Te =
282
282
  e.service_worker_register ? o = await e.service_worker_register(s) : o = await navigator.serviceWorker.register(t, {
283
283
  updateViaCache: "none"
284
284
  }), o.addEventListener("updatefound", () => {
285
- const d = o.installing;
286
- X(), d == null || d.addEventListener("statechange", () => {
287
- d.state === "installed" && navigator.serviceWorker.controller && (X(), console.log("New SW waiting – skipWaiting()"), d.postMessage({ type: "SKIP_WAITING" }));
285
+ const h = o.installing;
286
+ X(), h == null || h.addEventListener("statechange", () => {
287
+ h.state === "installed" && navigator.serviceWorker.controller && (X(), console.log("New SW waiting – skipWaiting()"), h.postMessage({ type: "SKIP_WAITING" }));
288
288
  });
289
289
  }), navigator.serviceWorker.addEventListener("controllerchange", () => {
290
290
  console.log("SW controller changed – reloading page"), X(), window.location.reload();
291
291
  });
292
292
  try {
293
293
  await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await b(o)({ type: "claim" });
294
- } catch (d) {
295
- return console.warn(`Failed init ServiceWorker ${d.toString()}`), null;
294
+ } catch (h) {
295
+ return console.warn(`Failed init ServiceWorker ${h.toString()}`), null;
296
296
  }
297
- const i = async (d) => b(o)({ type: "clear", data: { status: d }, configurationName: n }), r = async (d, P, S) => {
297
+ const i = async (h) => b(o)({ type: "clear", data: { status: h }, configurationName: n }), r = async (h, P, S) => {
298
298
  const T = await b(o)({
299
299
  type: "init",
300
300
  data: {
301
- oidcServerConfiguration: d,
301
+ oidcServerConfiguration: h,
302
302
  where: P,
303
303
  oidcConfiguration: {
304
304
  token_renew_mode: S.token_renew_mode,
@@ -313,77 +313,77 @@ const re = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Te =
313
313
  tokens: ie(T.tokens, null, S.token_renew_mode),
314
314
  status: T.status
315
315
  };
316
- }, a = (d = "/") => {
317
- ge == null && (ge = "not_null", Te(d));
318
- }, c = (d) => b(o)({
316
+ }, a = (h = "/") => {
317
+ ge == null && (ge = "not_null", Te(h));
318
+ }, c = (h) => b(o)({
319
319
  type: "setSessionState",
320
- data: { sessionState: d },
320
+ data: { sessionState: h },
321
321
  configurationName: n
322
322
  }), u = async () => (await b(o)({
323
323
  type: "getSessionState",
324
324
  data: null,
325
325
  configurationName: n
326
- })).sessionState, f = (d) => (sessionStorage[`oidc.nonce.${n}`] = d.nonce, b(o)({
326
+ })).sessionState, f = (h) => (sessionStorage[`oidc.nonce.${n}`] = h.nonce, b(o)({
327
327
  type: "setNonce",
328
- data: { nonce: d },
328
+ data: { nonce: h },
329
329
  configurationName: n
330
- })), l = async (d = !0) => {
330
+ })), l = async (h = !0) => {
331
331
  let S = (await b(o)({
332
332
  type: "getNonce",
333
333
  data: null,
334
334
  configurationName: n
335
335
  })).nonce;
336
- return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage"), d && (await f(S), S = (await l(!1)).nonce)), { nonce: S };
337
- }, h = {}, _ = (d) => {
338
- h[n] = d, localStorage[`oidc.login.${n}`] = JSON.stringify(d);
336
+ return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage"), h && (await f(S), S = (await l(!1)).nonce)), { nonce: S };
337
+ }, d = {}, _ = (h) => {
338
+ d[n] = h, localStorage[`oidc.login.${n}`] = JSON.stringify(h);
339
339
  }, k = () => {
340
- const d = localStorage[`oidc.login.${n}`];
341
- return h[n] || (h[n] = JSON.parse(d)), h[n];
342
- }, w = async (d) => {
340
+ const h = localStorage[`oidc.login.${n}`];
341
+ return d[n] || (d[n] = JSON.parse(h)), d[n];
342
+ }, w = async (h) => {
343
343
  await b(o)({
344
344
  type: "setDemonstratingProofOfPossessionNonce",
345
- data: { demonstratingProofOfPossessionNonce: d },
345
+ data: { demonstratingProofOfPossessionNonce: h },
346
346
  configurationName: n
347
347
  });
348
348
  }, y = async () => (await b(o)({
349
349
  type: "getDemonstratingProofOfPossessionNonce",
350
350
  data: null,
351
351
  configurationName: n
352
- })).demonstratingProofOfPossessionNonce, p = async (d) => {
353
- const P = JSON.stringify(d);
352
+ })).demonstratingProofOfPossessionNonce, p = async (h) => {
353
+ const P = JSON.stringify(h);
354
354
  await b(o)({
355
355
  type: "setDemonstratingProofOfPossessionJwk",
356
356
  data: { demonstratingProofOfPossessionJwkJson: P },
357
357
  configurationName: n
358
358
  });
359
359
  }, v = async () => {
360
- const d = await b(o)({
360
+ const h = await b(o)({
361
361
  type: "getDemonstratingProofOfPossessionJwk",
362
362
  data: null,
363
363
  configurationName: n
364
364
  });
365
- return d.demonstratingProofOfPossessionJwkJson ? JSON.parse(d.demonstratingProofOfPossessionJwkJson) : null;
366
- }, A = async (d = !0) => {
365
+ return h.demonstratingProofOfPossessionJwkJson ? JSON.parse(h.demonstratingProofOfPossessionJwkJson) : null;
366
+ }, A = async (h = !0) => {
367
367
  let S = (await b(o)({
368
368
  type: "getState",
369
369
  data: null,
370
370
  configurationName: n
371
371
  })).state;
372
- return S || (S = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage"), d && (await E(S), S = await A(!1))), S;
373
- }, E = async (d) => (sessionStorage[`oidc.state.${n}`] = d, b(o)({
372
+ return S || (S = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage"), h && (await E(S), S = await A(!1))), S;
373
+ }, E = async (h) => (sessionStorage[`oidc.state.${n}`] = h, b(o)({
374
374
  type: "setState",
375
- data: { state: d },
375
+ data: { state: h },
376
376
  configurationName: n
377
- })), g = async (d = !0) => {
377
+ })), g = async (h = !0) => {
378
378
  let S = (await b(o)({
379
379
  type: "getCodeVerifier",
380
380
  data: null,
381
381
  configurationName: n
382
382
  })).codeVerifier;
383
- return S || (S = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), d && (await O(S), S = await g(!1))), S;
384
- }, O = async (d) => (sessionStorage[`oidc.code_verifier.${n}`] = d, b(o)({
383
+ return S || (S = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), h && (await O(S), S = await g(!1))), S;
384
+ }, O = async (h) => (sessionStorage[`oidc.code_verifier.${n}`] = h, b(o)({
385
385
  type: "setCodeVerifier",
386
- data: { codeVerifier: d },
386
+ data: { codeVerifier: h },
387
387
  configurationName: n
388
388
  }));
389
389
  return {
@@ -467,7 +467,7 @@ const Je = {
467
467
  // @ts-ignore
468
468
  // JWT "claims" are really a JSON-defined JWS "payload"
469
469
  payload: ye(JSON.stringify(t))
470
- }, a = o.importKeyAlgorithm, c = !0, u = ["sign"], f = await e.crypto.subtle.importKey("jwk", n, a, c, u), l = Ee(`${r.protected}.${r.payload}`), h = o.signAlgorithm, _ = await e.crypto.subtle.sign(h, f, l);
470
+ }, a = o.importKeyAlgorithm, c = !0, u = ["sign"], f = await e.crypto.subtle.importKey("jwk", n, a, c, u), l = Ee(`${r.protected}.${r.payload}`), d = o.signAlgorithm, _ = await e.crypto.subtle.sign(d, f, l);
471
471
  return r.signature = ae(new Uint8Array(_)), `${r.protected}.${r.payload}.${r.signature}`;
472
472
  }, He = { sign: Be }, je = (e) => async (n) => {
473
473
  const s = n, t = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(s, t, o);
@@ -586,12 +586,12 @@ const nn = (e) => {
586
586
  token_type_hint: t,
587
587
  client_id: o
588
588
  };
589
- for (const [l, h] of Object.entries(i))
590
- a[l] === void 0 && (a[l] = h);
589
+ for (const [l, d] of Object.entries(i))
590
+ a[l] === void 0 && (a[l] = d);
591
591
  const c = [];
592
592
  for (const l in a) {
593
- const h = encodeURIComponent(l), _ = encodeURIComponent(a[l]);
594
- c.push(`${h}=${_}`);
593
+ const d = encodeURIComponent(l), _ = encodeURIComponent(a[l]);
594
+ c.push(`${d}=${_}`);
595
595
  }
596
596
  const u = c.join("&");
597
597
  return (await B(e)(
@@ -634,14 +634,14 @@ const nn = (e) => {
634
634
  demonstratingProofOfPossessionNonce: null
635
635
  };
636
636
  const l = await f.json();
637
- let h = null;
638
- return f.headers.has(q) && (h = f.headers.get(
637
+ let d = null;
638
+ return f.headers.has(q) && (d = f.headers.get(
639
639
  q
640
640
  )), {
641
641
  success: !0,
642
642
  status: f.status,
643
643
  data: ie(l, o, r),
644
- demonstratingProofOfPossessionNonce: h
644
+ demonstratingProofOfPossessionNonce: d
645
645
  };
646
646
  }, rn = (e, n) => async (s, t) => {
647
647
  t = t ? { ...t } : {};
@@ -656,8 +656,8 @@ const nn = (e) => {
656
656
  s = s ? { ...s } : {}, s.code_verifier = await e.getCodeVerifierAsync();
657
657
  const r = [];
658
658
  for (const l in s) {
659
- const h = encodeURIComponent(l), _ = encodeURIComponent(s[l]);
660
- r.push(`${h}=${_}`);
659
+ const d = encodeURIComponent(l), _ = encodeURIComponent(s[l]);
660
+ r.push(`${d}=${_}`);
661
661
  }
662
662
  const a = r.join("&"), c = await B(fetch)(
663
663
  n,
@@ -698,12 +698,12 @@ async function me(e, n, s, t = null) {
698
698
  s,
699
699
  t
700
700
  );
701
- return await x(e.configuration, e.configurationName) || await C(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(r), null);
701
+ return await N(e.configuration, e.configurationName) || await C(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(r), null);
702
702
  }
703
703
  async function Ce(e, n = !1, s = null, t = null) {
704
704
  const o = e.configuration, i = `${o.client_id}_${e.configurationName}_${o.authority}`;
705
705
  let r;
706
- const a = await x(e.configuration, e.configurationName);
706
+ const a = await N(e.configuration, e.configurationName);
707
707
  if ((o == null ? void 0 : o.storage) === (window == null ? void 0 : window.sessionStorage) && !a || !navigator.locks)
708
708
  r = await me(e, n, s, t);
709
709
  else {
@@ -712,7 +712,7 @@ async function Ce(e, n = !1, s = null, t = null) {
712
712
  c = await navigator.locks.request(
713
713
  i,
714
714
  { ifAvailable: !0 },
715
- async (u) => u ? await me(e, n, s, t) : (e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available, {
715
+ async (u) => u ? await me(e, n, s, t) : (e.publishEvent(x.eventNames.syncTokensAsync_lock_not_available, {
716
716
  lock: "lock not available"
717
717
  }), "retry")
718
718
  );
@@ -724,7 +724,7 @@ const J = (e, n, s = null, t = null) => {
724
724
  const o = e.configuration.refresh_time_before_tokens_expiration_in_second;
725
725
  return e.timeoutId && U.clearTimeout(e.timeoutId), U.setTimeout(async () => {
726
726
  const r = { timeLeft: F(o, n) };
727
- e.publishEvent(N.eventNames.token_timer, r), await Ce(e, !1, s, t);
727
+ e.publishEvent(x.eventNames.token_timer, r), await Ce(e, !1, s, t);
728
728
  }, 1e3);
729
729
  }, L = {
730
730
  FORCE_REFRESH: "FORCE_REFRESH",
@@ -742,9 +742,9 @@ const J = (e, n, s = null, t = null) => {
742
742
  const a = await e.initAsync(
743
743
  n.authority,
744
744
  n.authority_configuration
745
- ), c = await x(n, s);
745
+ ), c = await N(n, s);
746
746
  if (c) {
747
- const { status: l, tokens: h } = await c.initAsync(
747
+ const { status: l, tokens: d } = await c.initAsync(
748
748
  a,
749
749
  "syncTokensAsync",
750
750
  n
@@ -753,20 +753,20 @@ const J = (e, n, s = null, t = null) => {
753
753
  return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
754
754
  if (l === "SESSIONS_LOST")
755
755
  return { tokens: null, status: "SESSIONS_LOST", nonce: i };
756
- if (!l || !h)
756
+ if (!l || !d)
757
757
  return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: i };
758
- if (h.issuedAt !== t.issuedAt) {
758
+ if (d.issuedAt !== t.issuedAt) {
759
759
  const k = F(
760
760
  n.refresh_time_before_tokens_expiration_in_second,
761
- h.expiresAt
761
+ d.expiresAt
762
762
  ) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", w = await c.getNonceAsync();
763
- return { tokens: h, status: k, nonce: w };
763
+ return { tokens: d, status: k, nonce: w };
764
764
  }
765
765
  r = await c.getNonceAsync();
766
766
  } else {
767
- const l = C(s, n.storage ?? sessionStorage), h = await l.initAsync();
768
- let { tokens: _ } = h;
769
- const { status: k } = h;
767
+ const l = C(s, n.storage ?? sessionStorage), d = await l.initAsync();
768
+ let { tokens: _ } = d;
769
+ const { status: k } = d;
770
770
  if (_ && (_ = oe(_, e.tokens, n.token_renew_mode)), _) {
771
771
  if (k === "SESSIONS_LOST")
772
772
  return { tokens: null, status: "SESSIONS_LOST", nonce: i };
@@ -794,7 +794,7 @@ const J = (e, n, s = null, t = null) => {
794
794
  await re({ milliseconds: 1e3 }), a--, e.publishEvent(m.refreshTokensAsync, {
795
795
  message: `wait because navigator is offline try ${a}`
796
796
  });
797
- const f = document.hidden, l = f ? s : s + 1, h = f ? t + 1 : t;
797
+ const f = document.hidden, l = f ? s : s + 1, d = f ? t + 1 : t;
798
798
  if (s >= c || t >= u)
799
799
  return n(null), e.publishEvent(m.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
800
800
  i || (i = {});
@@ -805,7 +805,7 @@ const J = (e, n, s = null, t = null) => {
805
805
  )(y, p, v), w = async () => {
806
806
  try {
807
807
  let y;
808
- const p = await x(_, e.configurationName);
808
+ const p = await N(_, e.configurationName);
809
809
  p ? y = p.getLoginParams() : y = C(e.configurationName, _.storage).getLoginParams();
810
810
  const v = await k({
811
811
  ...y.extras,
@@ -815,7 +815,7 @@ const J = (e, n, s = null, t = null) => {
815
815
  });
816
816
  return v ? v.error ? (n(null), e.publishEvent(m.refreshTokensAsync_error, {
817
817
  message: "refresh token silent"
818
- }), { tokens: null, status: "SESSION_LOST" }) : (n(v.tokens), e.publishEvent(N.eventNames.token_renewed, {}), { tokens: v.tokens, status: "LOGGED" }) : (n(null), e.publishEvent(m.refreshTokensAsync_error, {
818
+ }), { tokens: null, status: "SESSION_LOST" }) : (n(v.tokens), e.publishEvent(x.eventNames.token_renewed, {}), { tokens: v.tokens, status: "LOGGED" }) : (n(null), e.publishEvent(m.refreshTokensAsync_error, {
819
819
  message: "refresh token silent not active"
820
820
  }), { tokens: null, status: "SESSION_LOST" });
821
821
  } catch (y) {
@@ -825,7 +825,7 @@ const J = (e, n, s = null, t = null) => {
825
825
  }), await H(e)(
826
826
  n,
827
827
  l,
828
- h,
828
+ d,
829
829
  o,
830
830
  i,
831
831
  r
@@ -849,7 +849,7 @@ const J = (e, n, s = null, t = null) => {
849
849
  case L.TOKENS_VALID:
850
850
  return n(p), { tokens: p, status: "LOGGED_IN" };
851
851
  case L.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
852
- return n(p), e.publishEvent(N.eventNames.token_renewed, {
852
+ return n(p), e.publishEvent(x.eventNames.token_renewed, {
853
853
  reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"
854
854
  }), { tokens: p, status: "LOGGED_IN" };
855
855
  case L.LOGOUT_FROM_ANOTHER_TAB:
@@ -868,9 +868,9 @@ const J = (e, n, s = null, t = null) => {
868
868
  backgroundTry: t
869
869
  }), !p.refreshToken)
870
870
  return await w();
871
- const A = _.client_id, E = _.redirect_uri, g = _.authority, d = { ..._.token_request_extras ? _.token_request_extras : {} };
871
+ const A = _.client_id, E = _.redirect_uri, g = _.authority, h = { ..._.token_request_extras ? _.token_request_extras : {} };
872
872
  for (const [S, T] of Object.entries(i))
873
- S.endsWith(":token_request") && (d[S.replace(":token_request", "")] = T);
873
+ S.endsWith(":token_request") && (h[S.replace(":token_request", "")] = T);
874
874
  return await (async () => {
875
875
  const S = {
876
876
  client_id: A,
@@ -889,7 +889,7 @@ const J = (e, n, s = null, t = null) => {
889
889
  const I = await on(e.getFetch())(
890
890
  le,
891
891
  S,
892
- d,
892
+ h,
893
893
  p,
894
894
  ue,
895
895
  _.token_renew_mode,
@@ -906,7 +906,7 @@ const J = (e, n, s = null, t = null) => {
906
906
  message: `refresh token return not valid tokens, reason: ${Le}`
907
907
  }), { tokens: null, status: "SESSION_LOST" };
908
908
  if (n(I.data), I.demonstratingProofOfPossessionNonce) {
909
- const _e = await x(_, e.configurationName);
909
+ const _e = await N(_, e.configurationName);
910
910
  _e ? await _e.setDemonstratingProofOfPossessionNonce(
911
911
  I.demonstratingProofOfPossessionNonce
912
912
  ) : await C(e.configurationName, _.storage).setDemonstratingProofOfPossessionNonce(
@@ -915,7 +915,7 @@ const J = (e, n, s = null, t = null) => {
915
915
  }
916
916
  return e.publishEvent(m.refreshTokensAsync_end, {
917
917
  success: I.success
918
- }), e.publishEvent(N.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: I.data, status: "LOGGED_IN" };
918
+ }), e.publishEvent(x.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: I.data, status: "LOGGED_IN" };
919
919
  } else
920
920
  return e.publishEvent(m.refreshTokensAsync_silent_error, {
921
921
  message: "bad request",
@@ -925,7 +925,7 @@ const J = (e, n, s = null, t = null) => {
925
925
  }), { tokens: null, status: "SESSION_LOST" }) : await H(e)(
926
926
  n,
927
927
  l,
928
- h,
928
+ d,
929
929
  o,
930
930
  i,
931
931
  r
@@ -942,7 +942,7 @@ const J = (e, n, s = null, t = null) => {
942
942
  H(e)(
943
943
  n,
944
944
  l,
945
- h,
945
+ d,
946
946
  o,
947
947
  i,
948
948
  r
@@ -957,10 +957,10 @@ const J = (e, n, s = null, t = null) => {
957
957
  s(m.silentLoginAsync_begin, {});
958
958
  let r = "";
959
959
  if (o && (t == null && (t = {}), t.state = o), i != null && (t == null && (t = {}), t.scope = i), t != null)
960
- for (const [l, h] of Object.entries(t))
961
- r === "" ? r = `?${encodeURIComponent(l)}=${encodeURIComponent(h)}` : r += `&${encodeURIComponent(l)}=${encodeURIComponent(h)}`;
960
+ for (const [l, d] of Object.entries(t))
961
+ r === "" ? r = `?${encodeURIComponent(l)}=${encodeURIComponent(d)}` : r += `&${encodeURIComponent(l)}=${encodeURIComponent(d)}`;
962
962
  const a = n.silent_login_uri + r, c = a.indexOf("/", a.indexOf("//") + 2), u = a.substring(0, c), f = document.createElement("iframe");
963
- return f.width = "0px", f.height = "0px", f.id = `${e}_oidc_iframe`, f.setAttribute("src", a), document.body.appendChild(f), new Promise((l, h) => {
963
+ return f.width = "0px", f.height = "0px", f.id = `${e}_oidc_iframe`, f.setAttribute("src", a), document.body.appendChild(f), new Promise((l, d) => {
964
964
  let _ = !1;
965
965
  const k = () => {
966
966
  window.removeEventListener("message", w), f.remove(), _ = !0;
@@ -976,7 +976,7 @@ const J = (e, n, s = null, t = null) => {
976
976
  s(m.silentLoginAsync_error, g), l({ error: "oidc_" + g.error, tokens: null, sessionState: null }), k();
977
977
  } else if (E.startsWith(A)) {
978
978
  const g = JSON.parse(y.data.replace(A, ""));
979
- s(m.silentLoginAsync_error, g), h(new Error(g.error)), k();
979
+ s(m.silentLoginAsync_error, g), d(new Error(g.error)), k();
980
980
  }
981
981
  }
982
982
  }
@@ -985,10 +985,10 @@ const J = (e, n, s = null, t = null) => {
985
985
  window.addEventListener("message", w);
986
986
  const y = n.silent_login_timeout;
987
987
  setTimeout(() => {
988
- _ || (k(), s(m.silentLoginAsync_error, { reason: "timeout" }), h(new Error("timeout")));
988
+ _ || (k(), s(m.silentLoginAsync_error, { reason: "timeout" }), d(new Error("timeout")));
989
989
  }, y);
990
990
  } catch (y) {
991
- k(), s(m.silentLoginAsync_error, y), h(y);
991
+ k(), s(m.silentLoginAsync_error, y), d(y);
992
992
  }
993
993
  });
994
994
  } catch (r) {
@@ -1033,10 +1033,10 @@ const J = (e, n, s = null, t = null) => {
1033
1033
  const l = e.tokens;
1034
1034
  if (l === null)
1035
1035
  return;
1036
- const h = l.idToken, _ = l.idTokenPayload;
1036
+ const d = l.idToken, _ = l.idTokenPayload;
1037
1037
  return a({
1038
1038
  prompt: "none",
1039
- id_token_hint: h,
1039
+ id_token_hint: d,
1040
1040
  scope: s.scope || "openid"
1041
1041
  }).then((k) => {
1042
1042
  if (k.error)
@@ -1171,7 +1171,7 @@ const hn = () => {
1171
1171
  s.authority,
1172
1172
  s.authority_configuration
1173
1173
  );
1174
- if (n = await x(s, e.configurationName), n) {
1174
+ if (n = await N(s, e.configurationName), n) {
1175
1175
  const { tokens: o } = await n.initAsync(
1176
1176
  t,
1177
1177
  "tryKeepExistingSessionAsync",
@@ -1235,7 +1235,7 @@ const hn = () => {
1235
1235
  "tokens inside ServiceWorker are invalid"
1236
1236
  ), !1;
1237
1237
  }
1238
- }, xe = (e) => {
1238
+ }, Ne = (e) => {
1239
1239
  const n = e.match(
1240
1240
  // eslint-disable-next-line no-useless-escape
1241
1241
  /^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
@@ -1258,13 +1258,13 @@ const hn = () => {
1258
1258
  hash: t
1259
1259
  };
1260
1260
  }, Pn = (e) => {
1261
- const n = xe(e);
1261
+ const n = Ne(e);
1262
1262
  let { path: s } = n;
1263
1263
  s.endsWith("/") && (s = s.slice(0, -1));
1264
1264
  let { hash: t } = n;
1265
1265
  return t === "#_=_" && (t = ""), t && (s += t), s;
1266
1266
  }, se = (e) => {
1267
- const n = xe(e), { search: s } = n;
1267
+ const n = Ne(e), { search: s } = n;
1268
1268
  return yn(s);
1269
1269
  }, yn = (e) => {
1270
1270
  const n = {};
@@ -1278,14 +1278,14 @@ const hn = () => {
1278
1278
  return r = { ...r }, (async () => {
1279
1279
  const l = i || o.getPath();
1280
1280
  if ("state" in r || (r.state = ee(16)), s(m.loginAsync_begin, {}), r)
1281
- for (const h of Object.keys(r))
1282
- h.endsWith(":token_request") && delete r[h];
1281
+ for (const d of Object.keys(r))
1282
+ d.endsWith(":token_request") && delete r[d];
1283
1283
  try {
1284
- const h = a ? n.silent_redirect_uri : n.redirect_uri;
1284
+ const d = a ? n.silent_redirect_uri : n.redirect_uri;
1285
1285
  c || (c = n.scope);
1286
1286
  const _ = n.extras ? { ...n.extras, ...r } : r;
1287
1287
  _.nonce || (_.nonce = ee(12));
1288
- const k = { nonce: _.nonce }, w = await x(n, e), y = await t(
1288
+ const k = { nonce: _.nonce }, w = await N(n, e), y = await t(
1289
1289
  n.authority,
1290
1290
  n.authority_configuration
1291
1291
  );
@@ -1298,7 +1298,7 @@ const hn = () => {
1298
1298
  }
1299
1299
  const v = {
1300
1300
  client_id: n.client_id,
1301
- redirect_uri: h,
1301
+ redirect_uri: d,
1302
1302
  scope: c,
1303
1303
  response_type: "code",
1304
1304
  ..._
@@ -1307,8 +1307,8 @@ const hn = () => {
1307
1307
  y.authorizationEndpoint,
1308
1308
  v
1309
1309
  );
1310
- } catch (h) {
1311
- throw s(m.loginAsync_error, h), h;
1310
+ } catch (d) {
1311
+ throw s(m.loginAsync_error, d), d;
1312
1312
  }
1313
1313
  })();
1314
1314
  }, mn = (e) => async (n = !1) => {
@@ -1317,16 +1317,16 @@ const hn = () => {
1317
1317
  const s = e.configuration, t = s.client_id, o = n ? s.silent_redirect_uri : s.redirect_uri, i = s.authority, r = s.token_request_timeout, a = await e.initAsync(
1318
1318
  i,
1319
1319
  s.authority_configuration
1320
- ), c = e.location.getCurrentHref(), u = se(c), f = u.session_state, l = await x(s, e.configurationName);
1321
- let h, _, k, w;
1320
+ ), c = e.location.getCurrentHref(), u = se(c), f = u.session_state, l = await N(s, e.configurationName);
1321
+ let d, _, k, w;
1322
1322
  if (l)
1323
- await l.initAsync(a, "loginCallbackAsync", s), await l.setSessionStateAsync(f), _ = await l.getNonceAsync(), k = l.getLoginParams(), w = await l.getStateAsync(), l.startKeepAliveServiceWorker(), h = l;
1323
+ await l.initAsync(a, "loginCallbackAsync", s), await l.setSessionStateAsync(f), _ = await l.getNonceAsync(), k = l.getLoginParams(), w = await l.getStateAsync(), l.startKeepAliveServiceWorker(), d = l;
1324
1324
  else {
1325
1325
  const T = C(
1326
1326
  e.configurationName,
1327
1327
  s.storage ?? sessionStorage
1328
1328
  );
1329
- await T.setSessionStateAsync(f), _ = await T.getNonceAsync(), k = T.getLoginParams(), w = await T.getStateAsync(), h = T;
1329
+ await T.setSessionStateAsync(f), _ = await T.getNonceAsync(), k = T.getLoginParams(), w = await T.getStateAsync(), d = T;
1330
1330
  }
1331
1331
  if (u.error || u.error_description)
1332
1332
  throw new Error(
@@ -1362,7 +1362,7 @@ const hn = () => {
1362
1362
  s.demonstrating_proof_of_possession_configuration
1363
1363
  )(T, "POST", v);
1364
1364
  }
1365
- const E = await an(h)(
1365
+ const E = await an(d)(
1366
1366
  v,
1367
1367
  { ...y, ...p },
1368
1368
  A,
@@ -1372,7 +1372,7 @@ const hn = () => {
1372
1372
  if (!E.success)
1373
1373
  throw new Error("Token request failed");
1374
1374
  let g;
1375
- const O = E.data.tokens, d = E.data.demonstratingProofOfPossessionNonce;
1375
+ const O = E.data.tokens, h = E.data.demonstratingProofOfPossessionNonce;
1376
1376
  if (E.data.state !== p.state)
1377
1377
  throw new Error("state is not valid");
1378
1378
  const { isValid: P, reason: S } = Se(
@@ -1385,18 +1385,18 @@ const hn = () => {
1385
1385
  if (l) {
1386
1386
  if (O.refreshToken && !O.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
1387
1387
  throw new Error("Refresh token should be hidden by service worker");
1388
- if (d && (O != null && O.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))
1388
+ if (h && (O != null && O.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))
1389
1389
  throw new Error(
1390
1390
  "Demonstration of proof of possession require Access token not hidden by service worker"
1391
1391
  );
1392
1392
  }
1393
1393
  if (l)
1394
- await l.initAsync(a, "syncTokensAsync", s), g = l.getLoginParams(), d && await l.setDemonstratingProofOfPossessionNonce(
1395
- d
1394
+ await l.initAsync(a, "syncTokensAsync", s), g = l.getLoginParams(), h && await l.setDemonstratingProofOfPossessionNonce(
1395
+ h
1396
1396
  );
1397
1397
  else {
1398
1398
  const T = C(e.configurationName, s.storage);
1399
- g = T.getLoginParams(), d && await T.setDemonstratingProofOfPossessionNonce(d);
1399
+ g = T.getLoginParams(), h && await T.setDemonstratingProofOfPossessionNonce(h);
1400
1400
  }
1401
1401
  return await e.startCheckSessionAsync(
1402
1402
  a.checkSessionIframe,
@@ -1437,7 +1437,7 @@ const hn = () => {
1437
1437
  return n;
1438
1438
  }, wn = (e) => async (n) => {
1439
1439
  U.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
1440
- const s = await x(e.configuration, e.configurationName);
1440
+ const s = await N(e.configuration, e.configurationName);
1441
1441
  s ? await s.clearAsync(n) : await C(e.configurationName, e.configuration.storage).clearAsync(n), e.tokens = null, e.userInfo = null;
1442
1442
  }, An = (e, n, s, t, o) => async (i = void 0, r = null) => {
1443
1443
  var p, v;
@@ -1449,29 +1449,29 @@ const hn = () => {
1449
1449
  const u = i ?? o.getPath();
1450
1450
  let f = !1;
1451
1451
  i && (f = i.includes("https://") || i.includes("http://"));
1452
- const l = f ? i : o.getOrigin() + u, h = e.tokens ? e.tokens.idToken : "";
1452
+ const l = f ? i : o.getOrigin() + u, d = e.tokens ? e.tokens.idToken : "";
1453
1453
  try {
1454
1454
  const A = c.revocationEndpoint;
1455
1455
  if (A) {
1456
1456
  const E = [], g = e.tokens ? e.tokens.accessToken : null;
1457
1457
  if (g && a.logout_tokens_to_invalidate.includes(pe.access_token)) {
1458
- const d = z(r, ":revoke_access_token"), P = ke(s)(
1458
+ const h = z(r, ":revoke_access_token"), P = ke(s)(
1459
1459
  A,
1460
1460
  g,
1461
1461
  ne.access_token,
1462
1462
  a.client_id,
1463
- d
1463
+ h
1464
1464
  );
1465
1465
  E.push(P);
1466
1466
  }
1467
1467
  const O = e.tokens ? e.tokens.refreshToken : null;
1468
1468
  if (O && a.logout_tokens_to_invalidate.includes(pe.refresh_token)) {
1469
- const d = z(r, ":revoke_refresh_token"), P = ke(s)(
1469
+ const h = z(r, ":revoke_refresh_token"), P = ke(s)(
1470
1470
  A,
1471
1471
  O,
1472
1472
  ne.refresh_token,
1473
1473
  a.client_id,
1474
- d
1474
+ h
1475
1475
  );
1476
1476
  E.push(P);
1477
1477
  }
@@ -1491,14 +1491,14 @@ const hn = () => {
1491
1491
  return;
1492
1492
  const y = pn(r);
1493
1493
  if (c.endSessionEndpoint) {
1494
- "id_token_hint" in y || (y.id_token_hint = h), !("post_logout_redirect_uri" in y) && i !== null && (y.post_logout_redirect_uri = l);
1494
+ "id_token_hint" in y || (y.id_token_hint = d), !("post_logout_redirect_uri" in y) && i !== null && (y.post_logout_redirect_uri = l);
1495
1495
  let A = "";
1496
1496
  for (const [E, g] of Object.entries(y))
1497
1497
  g != null && (A === "" ? A += "?" : A += "&", A += `${E}=${encodeURIComponent(g)}`);
1498
1498
  o.open(`${c.endSessionEndpoint}${A}`);
1499
1499
  } else
1500
1500
  o.reload();
1501
- }, Ne = (e, n, s = !1) => async (...t) => {
1501
+ }, xe = (e, n, s = !1) => async (...t) => {
1502
1502
  var _;
1503
1503
  const [o, i, ...r] = t, a = i ? { ...i } : { method: "GET" };
1504
1504
  let c = new Headers();
@@ -1523,26 +1523,33 @@ const hn = () => {
1523
1523
  c.set("Authorization", `Bearer ${l}`);
1524
1524
  a.credentials || (a.credentials = "same-origin");
1525
1525
  }
1526
- const h = { ...a, headers: c };
1527
- return await e(o, h, ...r);
1526
+ const d = { ...a, headers: c };
1527
+ return await e(o, d, ...r);
1528
1528
  }, Sn = (e) => async (n = !1, s = !1) => {
1529
+ var u, f;
1529
1530
  if (e.userInfo != null && !n)
1530
1531
  return e.userInfo;
1531
- const t = e.configuration, i = (await e.initAsync(
1532
- t.authority,
1533
- t.authority_configuration
1534
- )).userInfoEndpoint, a = await (async () => {
1535
- const u = await Ne(fetch, e, s)(i);
1536
- return u.status !== 200 ? null : u.json();
1532
+ const t = !n && ((u = e.configuration.storage) == null ? void 0 : u.getItem(`oidc.${e.configurationName}.userInfo`));
1533
+ if (t)
1534
+ return e.userInfo = JSON.parse(t), e.userInfo;
1535
+ const o = e.configuration, r = (await e.initAsync(
1536
+ o.authority,
1537
+ o.authority_configuration
1538
+ )).userInfoEndpoint, c = await (async () => {
1539
+ const d = await xe(fetch, e, s)(r);
1540
+ return d.status !== 200 ? null : d.json();
1537
1541
  })();
1538
- return e.userInfo = a, a;
1542
+ return e.userInfo = c, c && ((f = e.configuration.storage) == null || f.setItem(
1543
+ `oidc.${e.configurationName}.userInfo`,
1544
+ JSON.stringify(c)
1545
+ )), c;
1539
1546
  }, Tn = () => fetch;
1540
1547
  class te {
1541
1548
  constructor(n) {
1542
1549
  this.authorizationEndpoint = n.authorization_endpoint, this.tokenEndpoint = n.token_endpoint, this.revocationEndpoint = n.revocation_endpoint, this.userInfoEndpoint = n.userinfo_endpoint, this.checkSessionIframe = n.check_session_iframe, this.issuer = n.issuer, this.endSessionEndpoint = n.end_session_endpoint;
1543
1550
  }
1544
1551
  }
1545
- const D = {}, vn = (e, n = new j()) => (s, t = "default") => (D[t] || (D[t] = new N(s, t, e, n)), D[t]), En = async (e) => {
1552
+ const D = {}, vn = (e, n = new j()) => (s, t = "default") => (D[t] || (D[t] = new x(s, t, e, n)), D[t]), En = async (e) => {
1546
1553
  const { parsedTokens: n, callbackPath: s, extras: t, scope: o } = await e.loginCallbackAsync();
1547
1554
  return e.timeoutId = J(e, n.expiresAt, t, o), { callbackPath: s };
1548
1555
  }, bn = (e) => Math.floor(Math.random() * e), V = class V {
@@ -1632,7 +1639,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1632
1639
  check_session_iframe: s.check_session_iframe,
1633
1640
  issuer: s.issuer
1634
1641
  });
1635
- const i = await x(this.configuration, this.configurationName) ? window.sessionStorage : null;
1642
+ const i = await N(this.configuration, this.configurationName) ? this.configuration.storage || window.sessionStorage : this.configuration.storage;
1636
1643
  return await tn(this.getFetch())(
1637
1644
  n,
1638
1645
  this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60,
@@ -1679,7 +1686,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1679
1686
  return this.loginCallbackPromise;
1680
1687
  const s = async () => {
1681
1688
  const t = await mn(this)(n), o = t.tokens;
1682
- return this.tokens = o, await x(this.configuration, this.configurationName) || C(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(V.eventNames.token_acquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), {
1689
+ return this.tokens = o, await N(this.configuration, this.configurationName) || C(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(V.eventNames.token_acquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), {
1683
1690
  parsedTokens: o,
1684
1691
  state: t.state,
1685
1692
  callbackPath: t.callbackPath,
@@ -1696,7 +1703,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1696
1703
  ath: await Ie(n),
1697
1704
  ...o
1698
1705
  };
1699
- if (await x(i, this.configurationName))
1706
+ if (await N(i, this.configurationName))
1700
1707
  return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${ve(this.configurationName)}`;
1701
1708
  const c = C(this.configurationName, i.storage), u = await c.getDemonstratingProofOfPossessionJwkAsync(), f = c.getDemonstratingProofOfPossessionNonce();
1702
1709
  return f && (r.nonce = f), await Oe(window)(
@@ -1743,7 +1750,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1743
1750
  }
1744
1751
  };
1745
1752
  V.getOrCreate = (n, s) => (t, o = "default") => vn(n, s)(t, o), V.eventNames = m;
1746
- let N = V;
1753
+ let x = V;
1747
1754
  const K = class K {
1748
1755
  constructor(n) {
1749
1756
  this._oidc = n;
@@ -1758,7 +1765,7 @@ const K = class K {
1758
1765
  this._oidc.publishEvent(n, s);
1759
1766
  }
1760
1767
  static get(n = "default") {
1761
- return new K(N.get(n));
1768
+ return new K(x.get(n));
1762
1769
  }
1763
1770
  tryKeepExistingSessionAsync() {
1764
1771
  return this._oidc.tryKeepExistingSessionAsync();
@@ -1804,7 +1811,7 @@ const K = class K {
1804
1811
  return Ae(o, n, s);
1805
1812
  }
1806
1813
  fetchWithTokens(n, s = !1) {
1807
- return Ne(n, this._oidc, s);
1814
+ return xe(n, this._oidc, s);
1808
1815
  }
1809
1816
  async userInfoAsync(n = !1, s = !1) {
1810
1817
  return this._oidc.userInfoAsync(n, s);
@@ -1813,7 +1820,7 @@ const K = class K {
1813
1820
  return this._oidc.userInfo;
1814
1821
  }
1815
1822
  };
1816
- K.getOrCreate = (n, s = new j()) => (t, o = "default") => new K(N.getOrCreate(n, s)(t, o)), K.eventNames = N.eventNames;
1823
+ K.getOrCreate = (n, s = new j()) => (t, o = "default") => new K(x.getOrCreate(n, s)(t, o)), K.eventNames = x.eventNames;
1817
1824
  let we = K;
1818
1825
  export {
1819
1826
  we as OidcClient,
package/dist/index.umd.cjs CHANGED
@@ -1,2 +1,2 @@
1
- (function(I,L){typeof exports=="object"&&typeof module<"u"?L(exports):typeof define=="function"&&define.amd?define(["exports"],L):(I=typeof globalThis<"u"?globalThis:I||self,L(I["oidc-client"]={}))})(this,function(I){"use strict";class L{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const _e=2e3,K=console;class De{constructor(n,t,s,o=_e,i=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||_e,this._stopOnError=i;const r=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(K.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(K.debug(n),K.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):K.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){K.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(K.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},C=(e,n=sessionStorage)=>{const t=g=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:g}),Promise.resolve()),s=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const g=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:g.tokens,status:g.status})},o=g=>{n[`oidc.${e}`]=JSON.stringify({tokens:g})},i=async g=>{n[`oidc.session_state.${e}`]=g},r=async()=>n[`oidc.session_state.${e}`],a=g=>{n[`oidc.nonce.${e}`]=g.nonce},c=g=>{n[`oidc.jwk.${e}`]=JSON.stringify(g)},u=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async g=>{n[`oidc.dpop_nonce.${e}`]=g},h=()=>n[`oidc.dpop_nonce.${e}`],_=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,k={};return{clearAsync:t,initAsync:s,setTokens:o,getTokens:_,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:f,setLoginParams:g=>{k[e]=g,n[`oidc.login.${e}`]=JSON.stringify(g)},getLoginParams:()=>{const g=n[`oidc.login.${e}`];return g?(k[e]||(k[e]=JSON.parse(g)),k[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async g=>{n[`oidc.state.${e}`]=g},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async g=>{n[`oidc.code_verifier.${e}`]=g},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:h,setDemonstratingProofOfPossessionJwkAsync:c,getDemonstratingProofOfPossessionJwkAsync:u}};var U=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(U||{});const Re=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),$e=e=>JSON.parse(Re(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),fe=e=>{try{return e&&Ke(e,".")===2?$e(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Ke=(e,n)=>e.split(n).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Ue(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const Q=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=fe(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:fe(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=Ue(e,s,r);let u;e.expiresAt?u=e.expiresAt:t===G.access_token_invalid?u=c:t===G.id_token_invalid?u=a:u=a<c?a:c;const f={...e,idTokenPayload:r,accessTokenPayload:s,expiresAt:u,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},Z=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),Q(s,n,t)},J=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},de=(e,n=0)=>e?J(n,e.expiresAt)>0:!1,he=async(e,n=200,t=50)=>{let s=t;if(!e.getTokens())return null;for(;!de(e.getTokens(),e.configuration.refresh_time_before_tokens_expiration_in_second)&&s>0;){if(e.configuration.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await ne({milliseconds:n});s=s-1}return{isTokensValid:de(e.getTokens()),tokens:e.getTokens(),numberWaited:s-t}},ge=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(s.iat&&s.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+i} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},F=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),ee="7.25.14";let ye=null,q;const ne=({milliseconds:e})=>new Promise(n=>F.setTimeout(n,e)),ke=(e="/")=>{try{q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:q.signal}).catch(s=>{console.log(s)}),ne({milliseconds:150*1e3}).then(ke)}catch(n){console.log(n)}},te=()=>{q&&q.abort()},me=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const t=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,t),t},b=e=>n=>new Promise(function(t,s){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?s(i.data.error):t(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:me(n.configurationName)},[o.port2])}),N=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;const s=`${t}?v=${ee}`;let o=null;e.service_worker_register?o=await e.service_worker_register(t):o=await navigator.serviceWorker.register(s,{updateViaCache:"none"}),o.addEventListener("updatefound",()=>{const d=o.installing;te(),d==null||d.addEventListener("statechange",()=>{d.state==="installed"&&navigator.serviceWorker.controller&&(te(),console.log("New SW waiting – skipWaiting()"),d.postMessage({type:"SKIP_WAITING"}))})}),navigator.serviceWorker.addEventListener("controllerchange",()=>{console.log("SW controller changed – reloading page"),te(),window.location.reload()});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(o)({type:"claim"})}catch(d){return console.warn(`Failed init ServiceWorker ${d.toString()}`),null}const i=async d=>b(o)({type:"clear",data:{status:d},configurationName:n}),r=async(d,P,S)=>{const T=await b(o)({type:"init",data:{oidcServerConfiguration:d,where:P,oidcConfiguration:{token_renew_mode:S.token_renew_mode,service_worker_convert_all_requests_to_cors:S.service_worker_convert_all_requests_to_cors}},configurationName:n}),D=T.version;return D!==ee&&console.warn(`Service worker ${D} version mismatch with js client version ${ee}, unregistering and reloading`),{tokens:Z(T.tokens,null,S.token_renew_mode),status:T.status}},a=(d="/")=>{ye==null&&(ye="not_null",ke(d))},c=d=>b(o)({type:"setSessionState",data:{sessionState:d},configurationName:n}),u=async()=>(await b(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,f=d=>(sessionStorage[`oidc.nonce.${n}`]=d.nonce,b(o)({type:"setNonce",data:{nonce:d},configurationName:n})),l=async(d=!0)=>{let S=(await b(o)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage"),d&&(await f(S),S=(await l(!1)).nonce)),{nonce:S}},h={},_=d=>{h[n]=d,localStorage[`oidc.login.${n}`]=JSON.stringify(d)},k=()=>{const d=localStorage[`oidc.login.${n}`];return h[n]||(h[n]=JSON.parse(d)),h[n]},w=async d=>{await b(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:d},configurationName:n})},y=async()=>(await b(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,p=async d=>{const P=JSON.stringify(d);await b(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:P},configurationName:n})},v=async()=>{const d=await b(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return d.demonstratingProofOfPossessionJwkJson?JSON.parse(d.demonstratingProofOfPossessionJwkJson):null},A=async(d=!0)=>{let S=(await b(o)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage"),d&&(await E(S),S=await A(!1))),S},E=async d=>(sessionStorage[`oidc.state.${n}`]=d,b(o)({type:"setState",data:{state:d},configurationName:n})),g=async(d=!0)=>{let S=(await b(o)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage"),d&&(await O(S),S=await g(!1))),S},O=async d=>(sessionStorage[`oidc.code_verifier.${n}`]=d,b(o)({type:"setCodeVerifier",data:{codeVerifier:d},configurationName:n}));return{clearAsync:i,initAsync:r,startKeepAliveServiceWorker:()=>a(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:u,setNonceAsync:f,getNonceAsync:l,setLoginParams:_,getLoginParams:k,getStateAsync:A,setStateAsync:E,getCodeVerifierAsync:g,setCodeVerifierAsync:O,setDemonstratingProofOfPossessionNonce:w,getDemonstratingProofOfPossessionNonce:y,setDemonstratingProofOfPossessionJwkAsync:p,getDemonstratingProofOfPossessionJwkAsync:v}},V={},Fe=(e,n=window.sessionStorage,t)=>{if(!V[e]&&n){const o=n.getItem(e);o&&(V[e]=JSON.parse(o))}const s=1e3*t;return V[e]&&V[e].timestamp+s>Date.now()?V[e].result:null},Ve=(e,n,t=window.sessionStorage)=>{const s=Date.now();V[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function pe(e){return new TextEncoder().encode(e)}function we(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Me(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const se=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),we(n)};function Ae(e){return we(Me(e))}const Je={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Be={sign:e=>async(n,t,s,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=i,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:Ae(JSON.stringify(t)),payload:Ae(JSON.stringify(s))},a=o.importKeyAlgorithm,c=!0,u=["sign"],f=await e.crypto.subtle.importKey("jwk",n,a,c,u),l=pe(`${r.protected}.${r.payload}`),h=o.signAlgorithm,_=await e.crypto.subtle.sign(h,f,l);return r.signature=se(new Uint8Array(_)),`${r.protected}.${r.payload}.${r.signature}`}},He={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},je={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,pe(s));return se(new Uint8Array(o))}},Ge=e=>async n=>await He.generate(e)(n),Se=e=>n=>async(t,s="POST",o,i={})=>{const r={jti:btoa(qe()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await je.thumbprint(e)(t,n.digestAlgorithm);return await Be.sign(e)(t,{kid:a},r,n)},qe=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Te=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ye=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%oe.length;n.push(oe[s])}return n.join("")},ie=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Te();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*oe.length|0;return Ye(n)};function Xe(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function ve(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",Xe(e)).then(s=>n(se(new Uint8Array(s))),s=>t(s))})}const ze=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Te();return n?ve(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Qe=60*60,Ze=e=>async(n,t=Qe,s=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Fe(r,s,t);if(a)return new le(a);const c=await B(e)(i,{},o);if(c.status!==200)return null;const u=await c.json();return Ve(r,u,s),new le(u)},B=e=>async(n,t={},s=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),s),i=await e(n,{...t,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await B(e)(n,t,s,o+1);throw r}else throw console.error(r.message),r}return i},re={refresh_token:"refresh_token",access_token:"access_token"},Ee=e=>async(n,t,s=re.refresh_token,o,i={},r=1e4)=>{const a={token:t,token_type_hint:s,client_id:o};for(const[l,h]of Object.entries(i))a[l]===void 0&&(a[l]=h);const c=[];for(const l in a){const h=encodeURIComponent(l),_=encodeURIComponent(a[l]);c.push(`${h}=${_}`)}const u=c.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:u},r)).status!==200?{success:!1}:{success:!0}},en=e=>async(n,t,s,o,i={},r,a=1e4)=>{for(const[_,k]of Object.entries(s))t[_]===void 0&&(t[_]=k);const c=[];for(const _ in t){const k=encodeURIComponent(_),w=encodeURIComponent(t[_]);c.push(`${k}=${w}`)}const u=c.join("&"),f=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},a);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let h=null;return f.headers.has(Y)&&(h=f.headers.get(Y)),{success:!0,status:f.status,data:Z(l,o,r),demonstratingProofOfPossessionNonce:h}},nn=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=ie(128),i=await ze(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=i,s.code_challenge_method="S256";let r="";if(s)for(const[a,c]of Object.entries(s))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${t}${r}`)},Y="DPoP-Nonce",tn=e=>async(n,t,s,o,i=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const l in t){const h=encodeURIComponent(l),_=encodeURIComponent(t[l]);r.push(`${h}=${_}`)}const a=r.join("&"),c=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let u=null;c.headers.has(Y)&&(u=c.headers.get(Y));const f=await c.json();return{success:!0,data:{state:t.state,tokens:Z(f,null,o),demonstratingProofOfPossessionNonce:u}}};async function be(e,n,t,s=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await X(e)(o,0,0,n,t,s);return await N(e.configuration,e.configurationName)||await C(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function Oe(e,n=!1,t=null,s=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await N(e.configuration,e.configurationName);if((o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!a||!navigator.locks)r=await be(e,n,t,s);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async u=>u?await be(e,n,t,s):(e.publishEvent(W.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,t,s)),e.tokens):null}const H=(e,n,t=null,s=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&F.clearTimeout(e.timeoutId),F.setTimeout(async()=>{const r={timeLeft:J(o,n)};e.publishEvent(W.eventNames.token_timer,r),await Oe(e,!1,t,s)},1e3)},R={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,t,s,o=!1)=>{const i={nonce:null};if(!s)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await N(n,t);if(c){const{status:l,tokens:h}=await c.initAsync(a,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(l==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!l||!h)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(h.issuedAt!==s.issuedAt){const k=J(n.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",w=await c.getNonceAsync();return{tokens:h,status:k,nonce:w}}r=await c.getNonceAsync()}else{const l=C(t,n.storage??sessionStorage),h=await l.initAsync();let{tokens:_}=h;const{status:k}=h;if(_&&(_=Q(_,e.tokens,n.token_renew_mode)),_){if(k==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(_.issuedAt!==s.issuedAt){const y=J(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",p=await l.getNonceAsync();return{tokens:_,status:y,nonce:p}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await l.getNonceAsync()}const f=J(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:r}:{tokens:s,status:f,nonce:r}},X=e=>async(n,t=0,s=0,o=!1,i=null,r=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let a=6;const c=5,u=5;for(;!navigator.onLine&&a>0;)await ne({milliseconds:1e3}),a--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${a}`});const f=document.hidden,l=f?t:t+1,h=f?s+1:s;if(t>=c||s>=u)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};i||(i={});const _=e.configuration,k=(y,p=null,v=null)=>ae(e.configurationName,e.configuration,e.publishEvent.bind(e))(y,p,v),w=async()=>{try{let y;const p=await N(_,e.configurationName);p?y=p.getLoginParams():y=C(e.configurationName,_.storage).getLoginParams();const v=await k({...y.extras,...i,prompt:"none",scope:r});return v?v.error?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(v.tokens),e.publishEvent(W.eventNames.token_renewed,{}),{tokens:v.tokens,status:"LOGGED"}):(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(y){return console.error(y),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:y.message}),await X(e)(n,l,h,o,i,r)}};try{const{status:y,tokens:p,nonce:v}=await sn(e)(_,e.configurationName,e.tokens,o);switch(y){case R.SESSION_LOST:return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case R.NOT_CONNECTED:return n(null),{tokens:null,status:null};case R.TOKENS_VALID:return n(p),{tokens:p,status:"LOGGED_IN"};case R.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(p),e.publishEvent(W.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:p,status:"LOGGED_IN"};case R.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case R.REQUIRE_SYNC_TOKENS:return _.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&R.FORCE_REFRESH!==y?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:t}),await w());default:{if(_.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&R.FORCE_REFRESH!==y)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:p.refreshToken,status:y,tryNumber:t,backgroundTry:s}),!p.refreshToken)return await w();const A=_.client_id,E=_.redirect_uri,g=_.authority,d={..._.token_request_extras?_.token_request_extras:{}};for(const[S,T]of Object.entries(i))S.endsWith(":token_request")&&(d[S.replace(":token_request","")]=T);return await(async()=>{const S={client_id:A,redirect_uri:E,grant_type:"refresh_token",refresh_token:p.refreshToken},T=await e.initAsync(g,_.authority_configuration),D=document.hidden?1e4:3e4*10,xe=T.tokenEndpoint,We={};_.demonstrating_proof_of_possession&&(We.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(p.accessToken,xe,"POST"));const x=await en(e.getFetch())(xe,S,d,p,We,_.token_renew_mode,D);if(x.success){const{isValid:Tn,reason:vn}=ge(x.data,v.nonce,T);if(!Tn)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${vn}`}),{tokens:null,status:"SESSION_LOST"};if(n(x.data),x.demonstratingProofOfPossessionNonce){const Le=await N(_,e.configurationName);Le?await Le.setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce):await C(e.configurationName,_.storage).setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:x.success}),e.publishEvent(W.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:x.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:x}),x.status>=400&&x.status<500?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${x.status}`}),{tokens:null,status:"SESSION_LOST"}):await X(e)(n,l,h,o,i,r)})()}}}catch(y){return console.error(y),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:y.message}),new Promise((p,v)=>{setTimeout(()=>{X(e)(n,l,h,o,i,r).then(p).catch(v)},1e3)})}},ae=(e,n,t)=>(s=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(m.silentLoginAsync_begin,{});let r="";if(o&&(s==null&&(s={}),s.state=o),i!=null&&(s==null&&(s={}),s.scope=i),s!=null)for(const[l,h]of Object.entries(s))r===""?r=`?${encodeURIComponent(l)}=${encodeURIComponent(h)}`:r+=`&${encodeURIComponent(l)}=${encodeURIComponent(h)}`;const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),u=a.substring(0,c),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",a),document.body.appendChild(f),new Promise((l,h)=>{let _=!1;const k=()=>{window.removeEventListener("message",w),f.remove(),_=!0},w=y=>{if(y.origin===u&&y.source===f.contentWindow){const p=`${e}_oidc_tokens:`,v=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,E=y.data;if(E&&typeof E=="string"&&!_){if(E.startsWith(p)){const g=JSON.parse(y.data.replace(p,""));t(m.silentLoginAsync_end,{}),l(g),k()}else if(E.startsWith(v)){const g=JSON.parse(y.data.replace(v,""));t(m.silentLoginAsync_error,g),l({error:"oidc_"+g.error,tokens:null,sessionState:null}),k()}else if(E.startsWith(A)){const g=JSON.parse(y.data.replace(A,""));t(m.silentLoginAsync_error,g),h(new Error(g.error)),k()}}}};try{window.addEventListener("message",w);const y=n.silent_login_timeout;setTimeout(()=>{_||(k(),t(m.silentLoginAsync_error,{reason:"timeout"}),h(new Error("timeout")))},y)}catch(y){k(),t(m.silentLoginAsync_error,y),h(y)}})}catch(r){throw t(m.silentLoginAsync_error,r),r}},on=(e,n,t,s,o)=>(i=null,r=void 0)=>{i={...i};const a=(u,f,l)=>ae(n,t,s.bind(o))(u,f,l);return(async()=>{o.timeoutId&&F.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=t.extras?{...t.extras,...i}:i,l=await a({...f,prompt:"none"},u,r);if(l)return o.tokens=l.tokens,s(m.token_acquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,i,r),{}}catch(f){return f}})()},rn=(e,n,t)=>(s,o,i,r=!1)=>{const a=(c,u=void 0,f=void 0)=>ae(e.configurationName,t,e.publishEvent.bind(e))(c,u,f);return new Promise((c,u)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&i&&!r){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const h=l.idToken,_=l.idTokenPayload;return a({prompt:"none",id_token_hint:h,scope:t.scope||"openid"}).then(k=>{if(k.error)throw new Error(k.error);const w=k.tokens.idTokenPayload;if(_.sub===w.sub){const y=k.sessionState;e.checkSessionIFrame.start(k.sessionState),_.sid===w.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",y):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",y)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",w.sub)}).catch(async k=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",k);for(const[,w]of Object.entries(n))await w.logoutOtherTabAsync(t.client_id,_.sub)})};e.checkSessionIFrame=new De(f,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(l=>{u(l)})}else c(null)})},an=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),cn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(t)){o=c.s;break}}let r=s;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function ln(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const un=()=>{const{name:e,version:n}=ln();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=cn(navigator);return!an(t)},_n=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await N(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,r),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=C(e.configurationName,t.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Q(i,null,t.token_renew_mode);const r=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,a),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Pe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},fn=e=>{const n=Pe(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},z=e=>{const n=Pe(e),{search:t}=n;return dn(t)},dn=e=>{const n={};let t,s,o;const i=e.split("&");for(s=0,o=i.length;s<o;s++)t=i[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},hn=(e,n,t,s,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const u=r;return r={...r},(async()=>{const l=i||o.getPath();if("state"in r||(r.state=ie(16)),t(m.loginAsync_begin,{}),r)for(const h of Object.keys(r))h.endsWith(":token_request")&&delete r[h];try{const h=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const _=n.extras?{...n.extras,...r}:r;_.nonce||(_.nonce=ie(12));const k={nonce:_.nonce},w=await N(n,e),y=await s(n.authority,n.authority_configuration);let p;if(w)w.setLoginParams({callbackPath:l,extras:u,scope:c}),await w.initAsync(y,"loginAsync",n),await w.setNonceAsync(k),w.startKeepAliveServiceWorker(),p=w;else{const A=C(e,n.storage??sessionStorage);A.setLoginParams({callbackPath:l,extras:u,scope:c}),await A.setNonceAsync(k),p=A}const v={client_id:n.client_id,redirect_uri:h,scope:c,response_type:"code",..._};await nn(p,o)(y.authorizationEndpoint,v)}catch(h){throw t(m.loginAsync_error,h),h}})()},gn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,i=t.authority,r=t.token_request_timeout,a=await e.initAsync(i,t.authority_configuration),c=e.location.getCurrentHref(),u=z(c),f=u.session_state,l=await N(t,e.configurationName);let h,_,k,w;if(l)await l.initAsync(a,"loginCallbackAsync",t),await l.setSessionStateAsync(f),_=await l.getNonceAsync(),k=l.getLoginParams(),w=await l.getStateAsync(),l.startKeepAliveServiceWorker(),h=l;else{const T=C(e.configurationName,t.storage??sessionStorage);await T.setSessionStateAsync(f),_=await T.getNonceAsync(),k=T.getLoginParams(),w=await T.getStateAsync(),h=T}if(u.error||u.error_description)throw new Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${u.iss})`);if(u.state&&u.state!==w)throw new Error(`State not valid (expected: ${w}, received: ${u.state})`);const y={code:u.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},p={};if(t.token_request_extras)for(const[T,D]of Object.entries(t.token_request_extras))p[T]=D;if(k!=null&&k.extras)for(const[T,D]of Object.entries(k.extras))T.endsWith(":token_request")&&(p[T.replace(":token_request","")]=D);const v=a.tokenEndpoint,A={};if(t.demonstrating_proof_of_possession)if(l)A.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const T=await Ge(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await C(e.configurationName,t.storage).setDemonstratingProofOfPossessionJwkAsync(T),A.DPoP=await Se(window)(t.demonstrating_proof_of_possession_configuration)(T,"POST",v)}const E=await tn(h)(v,{...y,...p},A,e.configuration.token_renew_mode,r);if(!E.success)throw new Error("Token request failed");let g;const O=E.data.tokens,d=E.data.demonstratingProofOfPossessionNonce;if(E.data.state!==p.state)throw new Error("state is not valid");const{isValid:P,reason:S}=ge(O,_.nonce,a);if(!P)throw new Error(`Tokens are not OpenID valid, reason: ${S}`);if(l){if(O.refreshToken&&!O.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(d&&(O!=null&&O.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(a,"syncTokensAsync",t),g=l.getLoginParams(),d&&await l.setDemonstratingProofOfPossessionNonce(d);else{const T=C(e.configurationName,t.storage);g=T.getLoginParams(),d&&await T.setDemonstratingProofOfPossessionNonce(d)}return await e.startCheckSessionAsync(a.checkSessionIframe,s,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:O,state:"request.state",callbackPath:g.callbackPath,scope:u.scope,extras:g.extras}}catch(t){throw console.error(t),e.publishEvent(m.loginCallbackAsync_error,t),t}},Ie={access_token:"access_token",refresh_token:"refresh_token"},ce=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const i=s.replace(n,"");t[i]=o}return t}return t},yn=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},kn=e=>async n=>{F.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await N(e.configuration,e.configurationName);t?await t.clearAsync(n):await C(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},mn=(e,n,t,s,o)=>async(i=void 0,r=null)=>{var p,v;const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,s.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const l=f?i:o.getOrigin()+u,h=e.tokens?e.tokens.idToken:"";try{const A=c.revocationEndpoint;if(A){const E=[],g=e.tokens?e.tokens.accessToken:null;if(g&&a.logout_tokens_to_invalidate.includes(Ie.access_token)){const d=ce(r,":revoke_access_token"),P=Ee(t)(A,g,re.access_token,a.client_id,d);E.push(P)}const O=e.tokens?e.tokens.refreshToken:null;if(O&&a.logout_tokens_to_invalidate.includes(Ie.refresh_token)){const d=ce(r,":revoke_refresh_token"),P=Ee(t)(A,O,re.refresh_token,a.client_id,d);E.push(P)}E.length>0&&await Promise.all(E)}}catch(A){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(A)}const _=((v=(p=e.tokens)==null?void 0:p.idTokenPayload)==null?void 0:v.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,_):e.publishEvent(m.logout_from_same_tab,{});const k=ce(r,":oidc");if(k&&k.no_reload==="true")return;const y=yn(r);if(c.endSessionEndpoint){"id_token_hint"in y||(y.id_token_hint=h),!("post_logout_redirect_uri"in y)&&i!==null&&(y.post_logout_redirect_uri=l);let A="";for(const[E,g]of Object.entries(y))g!=null&&(A===""?A+="?":A+="&",A+=`${E}=${encodeURIComponent(g)}`);o.open(`${c.endSessionEndpoint}${A}`)}else o.reload()},Ce=(e,n,t=!1)=>async(...s)=>{var _;const[o,i,...r]=s,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const u={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:n.renewTokensAsync.bind(n)},f=await he(u),l=(_=f==null?void 0:f.tokens)==null?void 0:_.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(n.configuration.demonstrating_proof_of_possession&&t){const k=await n.generateDemonstrationOfProofOfPossessionAsync(l,o.toString(),a.method);c.set("Authorization",`DPoP ${l}`),c.set("DPoP",k)}else c.set("Authorization",`Bearer ${l}`);a.credentials||(a.credentials="same-origin")}const h={...a,headers:c};return await e(o,h,...r)},pn=e=>async(n=!1,t=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const s=e.configuration,i=(await e.initAsync(s.authority,s.authority_configuration)).userInfoEndpoint,a=await(async()=>{const u=await Ce(fetch,e,t)(i);return u.status!==200?null:u.json()})();return e.userInfo=a,a},Ne=()=>fetch;class le{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const $={},wn=(e,n=new L)=>(t,s="default")=>($[s]||($[s]=new W(t,s,e,n)),$[s]),An=async e=>{const{parsedTokens:n,callbackPath:t,extras:s,scope:o}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt,s,o),{callbackPath:t}},Sn=e=>Math.floor(Math.random()*e),j=class j{constructor(n,t="default",s,o=new L){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new L,this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??U.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_activate:n.service_worker_activate??un,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Je,preload_user_info:n.preload_user_info??!1},this.getFetch=s??Ne,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=Sn(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call($,n)&&t)throw Error(`OIDC library does seem initialized.
2
- Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return $[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=z(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=z(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new le({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const i=await N(this.configuration,this.configurationName)?window.sessionStorage:null;return await Ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=_n(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,t,s,o=!1){await rn(this,$,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=on(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):this.loginPromise=hn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await gn(this)(n),o=s.tokens;return this.tokens=o,await N(this.configuration,this.configurationName)||C(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(j.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath,scope:s.scope,extras:s.extras}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const i=this.configuration,r={ath:await ve(n),...o};if(await N(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${me(this.configurationName)}`;const c=C(this.configurationName,i.storage),u=await c.getDemonstratingProofOfPossessionJwkAsync(),f=c.getDemonstratingProofOfPossessionNonce();return f&&(r.nonce=f),await Se(window)(i.demonstrating_proof_of_possession_configuration)(u,s,t,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=An(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,t=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=pn(this)(n,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return F.clearTimeout(this.timeoutId),this.renewTokensPromise=Oe(this,!0,n,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await kn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=mn(this,$,this.getFetch(),console,this.location)(n,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};j.getOrCreate=(n,t)=>(s,o="default")=>wn(n,t)(s,o),j.eventNames=m;let W=j;const M=class M{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new M(W.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,t,s,o,i)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,t=null){return this._oidc.renewTokensAsync(n,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){const s=this._oidc,o={getTokens:()=>s.tokens,configuration:{token_automatic_renew_mode:s.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:s.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:s.renewTokensAsync.bind(s)};return he(o,n,t)}fetchWithTokens(n,t=!1){return Ce(n,this._oidc,t)}async userInfoAsync(n=!1,t=!1){return this._oidc.userInfoAsync(n,t)}userInfo(){return this._oidc.userInfo}};M.getOrCreate=(n,t=new L)=>(s,o="default")=>new M(W.getOrCreate(n,t)(s,o)),M.eventNames=W.eventNames;let ue=M;I.OidcClient=ue,I.OidcLocation=L,I.TokenAutomaticRenewMode=U,I.TokenRenewMode=G,I.getFetchDefault=Ne,I.getParseQueryStringFromLocation=z,I.getPath=fn,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});
1
+ (function(I,L){typeof exports=="object"&&typeof module<"u"?L(exports):typeof define=="function"&&define.amd?define(["exports"],L):(I=typeof globalThis<"u"?globalThis:I||self,L(I["oidc-client"]={}))})(this,function(I){"use strict";class L{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const _e=2e3,K=console;class De{constructor(n,t,s,o=_e,i=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||_e,this._stopOnError=i;const r=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(K.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(K.debug(n),K.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):K.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){K.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(K.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},C=(e,n=sessionStorage)=>{const t=g=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:g}),Promise.resolve()),s=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const g=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:g.tokens,status:g.status})},o=g=>{n[`oidc.${e}`]=JSON.stringify({tokens:g})},i=async g=>{n[`oidc.session_state.${e}`]=g},r=async()=>n[`oidc.session_state.${e}`],a=g=>{n[`oidc.nonce.${e}`]=g.nonce},c=g=>{n[`oidc.jwk.${e}`]=JSON.stringify(g)},u=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async g=>{n[`oidc.dpop_nonce.${e}`]=g},d=()=>n[`oidc.dpop_nonce.${e}`],_=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,k={};return{clearAsync:t,initAsync:s,setTokens:o,getTokens:_,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:f,setLoginParams:g=>{k[e]=g,n[`oidc.login.${e}`]=JSON.stringify(g)},getLoginParams:()=>{const g=n[`oidc.login.${e}`];return g?(k[e]||(k[e]=JSON.parse(g)),k[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async g=>{n[`oidc.state.${e}`]=g},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async g=>{n[`oidc.code_verifier.${e}`]=g},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:d,setDemonstratingProofOfPossessionJwkAsync:c,getDemonstratingProofOfPossessionJwkAsync:u}};var U=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(U||{});const Re=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),$e=e=>JSON.parse(Re(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),fe=e=>{try{return e&&Ke(e,".")===2?$e(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Ke=(e,n)=>e.split(n).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Ue(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const Q=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=fe(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:fe(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=Ue(e,s,r);let u;e.expiresAt?u=e.expiresAt:t===G.access_token_invalid?u=c:t===G.id_token_invalid?u=a:u=a<c?a:c;const f={...e,idTokenPayload:r,accessTokenPayload:s,expiresAt:u,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},Z=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),Q(s,n,t)},J=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},de=(e,n=0)=>e?J(n,e.expiresAt)>0:!1,he=async(e,n=200,t=50)=>{let s=t;if(!e.getTokens())return null;for(;!de(e.getTokens(),e.configuration.refresh_time_before_tokens_expiration_in_second)&&s>0;){if(e.configuration.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await ne({milliseconds:n});s=s-1}return{isTokensValid:de(e.getTokens()),tokens:e.getTokens(),numberWaited:s-t}},ge=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(s.iat&&s.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+i} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},F=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),ee="7.25.15";let ye=null,q;const ne=({milliseconds:e})=>new Promise(n=>F.setTimeout(n,e)),ke=(e="/")=>{try{q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:q.signal}).catch(s=>{console.log(s)}),ne({milliseconds:150*1e3}).then(ke)}catch(n){console.log(n)}},te=()=>{q&&q.abort()},me=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const t=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,t),t},b=e=>n=>new Promise(function(t,s){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?s(i.data.error):t(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:me(n.configurationName)},[o.port2])}),N=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;const s=`${t}?v=${ee}`;let o=null;e.service_worker_register?o=await e.service_worker_register(t):o=await navigator.serviceWorker.register(s,{updateViaCache:"none"}),o.addEventListener("updatefound",()=>{const h=o.installing;te(),h==null||h.addEventListener("statechange",()=>{h.state==="installed"&&navigator.serviceWorker.controller&&(te(),console.log("New SW waiting – skipWaiting()"),h.postMessage({type:"SKIP_WAITING"}))})}),navigator.serviceWorker.addEventListener("controllerchange",()=>{console.log("SW controller changed – reloading page"),te(),window.location.reload()});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(o)({type:"claim"})}catch(h){return console.warn(`Failed init ServiceWorker ${h.toString()}`),null}const i=async h=>b(o)({type:"clear",data:{status:h},configurationName:n}),r=async(h,P,S)=>{const T=await b(o)({type:"init",data:{oidcServerConfiguration:h,where:P,oidcConfiguration:{token_renew_mode:S.token_renew_mode,service_worker_convert_all_requests_to_cors:S.service_worker_convert_all_requests_to_cors}},configurationName:n}),D=T.version;return D!==ee&&console.warn(`Service worker ${D} version mismatch with js client version ${ee}, unregistering and reloading`),{tokens:Z(T.tokens,null,S.token_renew_mode),status:T.status}},a=(h="/")=>{ye==null&&(ye="not_null",ke(h))},c=h=>b(o)({type:"setSessionState",data:{sessionState:h},configurationName:n}),u=async()=>(await b(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,f=h=>(sessionStorage[`oidc.nonce.${n}`]=h.nonce,b(o)({type:"setNonce",data:{nonce:h},configurationName:n})),l=async(h=!0)=>{let S=(await b(o)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage"),h&&(await f(S),S=(await l(!1)).nonce)),{nonce:S}},d={},_=h=>{d[n]=h,localStorage[`oidc.login.${n}`]=JSON.stringify(h)},k=()=>{const h=localStorage[`oidc.login.${n}`];return d[n]||(d[n]=JSON.parse(h)),d[n]},w=async h=>{await b(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:h},configurationName:n})},y=async()=>(await b(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,p=async h=>{const P=JSON.stringify(h);await b(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:P},configurationName:n})},v=async()=>{const h=await b(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return h.demonstratingProofOfPossessionJwkJson?JSON.parse(h.demonstratingProofOfPossessionJwkJson):null},A=async(h=!0)=>{let S=(await b(o)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage"),h&&(await E(S),S=await A(!1))),S},E=async h=>(sessionStorage[`oidc.state.${n}`]=h,b(o)({type:"setState",data:{state:h},configurationName:n})),g=async(h=!0)=>{let S=(await b(o)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage"),h&&(await O(S),S=await g(!1))),S},O=async h=>(sessionStorage[`oidc.code_verifier.${n}`]=h,b(o)({type:"setCodeVerifier",data:{codeVerifier:h},configurationName:n}));return{clearAsync:i,initAsync:r,startKeepAliveServiceWorker:()=>a(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:u,setNonceAsync:f,getNonceAsync:l,setLoginParams:_,getLoginParams:k,getStateAsync:A,setStateAsync:E,getCodeVerifierAsync:g,setCodeVerifierAsync:O,setDemonstratingProofOfPossessionNonce:w,getDemonstratingProofOfPossessionNonce:y,setDemonstratingProofOfPossessionJwkAsync:p,getDemonstratingProofOfPossessionJwkAsync:v}},V={},Fe=(e,n=window.sessionStorage,t)=>{if(!V[e]&&n){const o=n.getItem(e);o&&(V[e]=JSON.parse(o))}const s=1e3*t;return V[e]&&V[e].timestamp+s>Date.now()?V[e].result:null},Ve=(e,n,t=window.sessionStorage)=>{const s=Date.now();V[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function pe(e){return new TextEncoder().encode(e)}function we(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Me(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const se=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),we(n)};function Ae(e){return we(Me(e))}const Je={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Be={sign:e=>async(n,t,s,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=i,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:Ae(JSON.stringify(t)),payload:Ae(JSON.stringify(s))},a=o.importKeyAlgorithm,c=!0,u=["sign"],f=await e.crypto.subtle.importKey("jwk",n,a,c,u),l=pe(`${r.protected}.${r.payload}`),d=o.signAlgorithm,_=await e.crypto.subtle.sign(d,f,l);return r.signature=se(new Uint8Array(_)),`${r.protected}.${r.payload}.${r.signature}`}},He={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},je={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,pe(s));return se(new Uint8Array(o))}},Ge=e=>async n=>await He.generate(e)(n),Se=e=>n=>async(t,s="POST",o,i={})=>{const r={jti:btoa(qe()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await je.thumbprint(e)(t,n.digestAlgorithm);return await Be.sign(e)(t,{kid:a},r,n)},qe=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Te=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ye=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%oe.length;n.push(oe[s])}return n.join("")},ie=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Te();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*oe.length|0;return Ye(n)};function Xe(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function ve(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",Xe(e)).then(s=>n(se(new Uint8Array(s))),s=>t(s))})}const ze=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Te();return n?ve(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Qe=60*60,Ze=e=>async(n,t=Qe,s=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Fe(r,s,t);if(a)return new le(a);const c=await B(e)(i,{},o);if(c.status!==200)return null;const u=await c.json();return Ve(r,u,s),new le(u)},B=e=>async(n,t={},s=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),s),i=await e(n,{...t,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await B(e)(n,t,s,o+1);throw r}else throw console.error(r.message),r}return i},re={refresh_token:"refresh_token",access_token:"access_token"},Ee=e=>async(n,t,s=re.refresh_token,o,i={},r=1e4)=>{const a={token:t,token_type_hint:s,client_id:o};for(const[l,d]of Object.entries(i))a[l]===void 0&&(a[l]=d);const c=[];for(const l in a){const d=encodeURIComponent(l),_=encodeURIComponent(a[l]);c.push(`${d}=${_}`)}const u=c.join("&");return(await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:u},r)).status!==200?{success:!1}:{success:!0}},en=e=>async(n,t,s,o,i={},r,a=1e4)=>{for(const[_,k]of Object.entries(s))t[_]===void 0&&(t[_]=k);const c=[];for(const _ in t){const k=encodeURIComponent(_),w=encodeURIComponent(t[_]);c.push(`${k}=${w}`)}const u=c.join("&"),f=await B(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},a);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let d=null;return f.headers.has(Y)&&(d=f.headers.get(Y)),{success:!0,status:f.status,data:Z(l,o,r),demonstratingProofOfPossessionNonce:d}},nn=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=ie(128),i=await ze(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=i,s.code_challenge_method="S256";let r="";if(s)for(const[a,c]of Object.entries(s))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${t}${r}`)},Y="DPoP-Nonce",tn=e=>async(n,t,s,o,i=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const l in t){const d=encodeURIComponent(l),_=encodeURIComponent(t[l]);r.push(`${d}=${_}`)}const a=r.join("&"),c=await B(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let u=null;c.headers.has(Y)&&(u=c.headers.get(Y));const f=await c.json();return{success:!0,data:{state:t.state,tokens:Z(f,null,o),demonstratingProofOfPossessionNonce:u}}};async function be(e,n,t,s=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await X(e)(o,0,0,n,t,s);return await N(e.configuration,e.configurationName)||await C(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function Oe(e,n=!1,t=null,s=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await N(e.configuration,e.configurationName);if((o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!a||!navigator.locks)r=await be(e,n,t,s);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async u=>u?await be(e,n,t,s):(e.publishEvent(W.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,t,s)),e.tokens):null}const H=(e,n,t=null,s=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&F.clearTimeout(e.timeoutId),F.setTimeout(async()=>{const r={timeLeft:J(o,n)};e.publishEvent(W.eventNames.token_timer,r),await Oe(e,!1,t,s)},1e3)},R={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},sn=e=>async(n,t,s,o=!1)=>{const i={nonce:null};if(!s)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await N(n,t);if(c){const{status:l,tokens:d}=await c.initAsync(a,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(l==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!l||!d)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(d.issuedAt!==s.issuedAt){const k=J(n.refresh_time_before_tokens_expiration_in_second,d.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",w=await c.getNonceAsync();return{tokens:d,status:k,nonce:w}}r=await c.getNonceAsync()}else{const l=C(t,n.storage??sessionStorage),d=await l.initAsync();let{tokens:_}=d;const{status:k}=d;if(_&&(_=Q(_,e.tokens,n.token_renew_mode)),_){if(k==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(_.issuedAt!==s.issuedAt){const y=J(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",p=await l.getNonceAsync();return{tokens:_,status:y,nonce:p}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await l.getNonceAsync()}const f=J(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:r}:{tokens:s,status:f,nonce:r}},X=e=>async(n,t=0,s=0,o=!1,i=null,r=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let a=6;const c=5,u=5;for(;!navigator.onLine&&a>0;)await ne({milliseconds:1e3}),a--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${a}`});const f=document.hidden,l=f?t:t+1,d=f?s+1:s;if(t>=c||s>=u)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};i||(i={});const _=e.configuration,k=(y,p=null,v=null)=>ae(e.configurationName,e.configuration,e.publishEvent.bind(e))(y,p,v),w=async()=>{try{let y;const p=await N(_,e.configurationName);p?y=p.getLoginParams():y=C(e.configurationName,_.storage).getLoginParams();const v=await k({...y.extras,...i,prompt:"none",scope:r});return v?v.error?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(v.tokens),e.publishEvent(W.eventNames.token_renewed,{}),{tokens:v.tokens,status:"LOGGED"}):(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(y){return console.error(y),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:y.message}),await X(e)(n,l,d,o,i,r)}};try{const{status:y,tokens:p,nonce:v}=await sn(e)(_,e.configurationName,e.tokens,o);switch(y){case R.SESSION_LOST:return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case R.NOT_CONNECTED:return n(null),{tokens:null,status:null};case R.TOKENS_VALID:return n(p),{tokens:p,status:"LOGGED_IN"};case R.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(p),e.publishEvent(W.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:p,status:"LOGGED_IN"};case R.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case R.REQUIRE_SYNC_TOKENS:return _.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&R.FORCE_REFRESH!==y?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:t}),await w());default:{if(_.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&R.FORCE_REFRESH!==y)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:p.refreshToken,status:y,tryNumber:t,backgroundTry:s}),!p.refreshToken)return await w();const A=_.client_id,E=_.redirect_uri,g=_.authority,h={..._.token_request_extras?_.token_request_extras:{}};for(const[S,T]of Object.entries(i))S.endsWith(":token_request")&&(h[S.replace(":token_request","")]=T);return await(async()=>{const S={client_id:A,redirect_uri:E,grant_type:"refresh_token",refresh_token:p.refreshToken},T=await e.initAsync(g,_.authority_configuration),D=document.hidden?1e4:3e4*10,xe=T.tokenEndpoint,We={};_.demonstrating_proof_of_possession&&(We.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(p.accessToken,xe,"POST"));const x=await en(e.getFetch())(xe,S,h,p,We,_.token_renew_mode,D);if(x.success){const{isValid:Tn,reason:vn}=ge(x.data,v.nonce,T);if(!Tn)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${vn}`}),{tokens:null,status:"SESSION_LOST"};if(n(x.data),x.demonstratingProofOfPossessionNonce){const Le=await N(_,e.configurationName);Le?await Le.setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce):await C(e.configurationName,_.storage).setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:x.success}),e.publishEvent(W.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:x.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:x}),x.status>=400&&x.status<500?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${x.status}`}),{tokens:null,status:"SESSION_LOST"}):await X(e)(n,l,d,o,i,r)})()}}}catch(y){return console.error(y),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:y.message}),new Promise((p,v)=>{setTimeout(()=>{X(e)(n,l,d,o,i,r).then(p).catch(v)},1e3)})}},ae=(e,n,t)=>(s=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(m.silentLoginAsync_begin,{});let r="";if(o&&(s==null&&(s={}),s.state=o),i!=null&&(s==null&&(s={}),s.scope=i),s!=null)for(const[l,d]of Object.entries(s))r===""?r=`?${encodeURIComponent(l)}=${encodeURIComponent(d)}`:r+=`&${encodeURIComponent(l)}=${encodeURIComponent(d)}`;const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),u=a.substring(0,c),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",a),document.body.appendChild(f),new Promise((l,d)=>{let _=!1;const k=()=>{window.removeEventListener("message",w),f.remove(),_=!0},w=y=>{if(y.origin===u&&y.source===f.contentWindow){const p=`${e}_oidc_tokens:`,v=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,E=y.data;if(E&&typeof E=="string"&&!_){if(E.startsWith(p)){const g=JSON.parse(y.data.replace(p,""));t(m.silentLoginAsync_end,{}),l(g),k()}else if(E.startsWith(v)){const g=JSON.parse(y.data.replace(v,""));t(m.silentLoginAsync_error,g),l({error:"oidc_"+g.error,tokens:null,sessionState:null}),k()}else if(E.startsWith(A)){const g=JSON.parse(y.data.replace(A,""));t(m.silentLoginAsync_error,g),d(new Error(g.error)),k()}}}};try{window.addEventListener("message",w);const y=n.silent_login_timeout;setTimeout(()=>{_||(k(),t(m.silentLoginAsync_error,{reason:"timeout"}),d(new Error("timeout")))},y)}catch(y){k(),t(m.silentLoginAsync_error,y),d(y)}})}catch(r){throw t(m.silentLoginAsync_error,r),r}},on=(e,n,t,s,o)=>(i=null,r=void 0)=>{i={...i};const a=(u,f,l)=>ae(n,t,s.bind(o))(u,f,l);return(async()=>{o.timeoutId&&F.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=t.extras?{...t.extras,...i}:i,l=await a({...f,prompt:"none"},u,r);if(l)return o.tokens=l.tokens,s(m.token_acquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,i,r),{}}catch(f){return f}})()},rn=(e,n,t)=>(s,o,i,r=!1)=>{const a=(c,u=void 0,f=void 0)=>ae(e.configurationName,t,e.publishEvent.bind(e))(c,u,f);return new Promise((c,u)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&i&&!r){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const d=l.idToken,_=l.idTokenPayload;return a({prompt:"none",id_token_hint:d,scope:t.scope||"openid"}).then(k=>{if(k.error)throw new Error(k.error);const w=k.tokens.idTokenPayload;if(_.sub===w.sub){const y=k.sessionState;e.checkSessionIFrame.start(k.sessionState),_.sid===w.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",y):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",y)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",w.sub)}).catch(async k=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",k);for(const[,w]of Object.entries(n))await w.logoutOtherTabAsync(t.client_id,_.sub)})};e.checkSessionIFrame=new De(f,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(l=>{u(l)})}else c(null)})},an=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),cn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(t)){o=c.s;break}}let r=s;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function ln(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const un=()=>{const{name:e,version:n}=ln();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=cn(navigator);return!an(t)},_n=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await N(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,r),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=C(e.configurationName,t.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Q(i,null,t.token_renew_mode);const r=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,a),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Pe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},fn=e=>{const n=Pe(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},z=e=>{const n=Pe(e),{search:t}=n;return dn(t)},dn=e=>{const n={};let t,s,o;const i=e.split("&");for(s=0,o=i.length;s<o;s++)t=i[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},hn=(e,n,t,s,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const u=r;return r={...r},(async()=>{const l=i||o.getPath();if("state"in r||(r.state=ie(16)),t(m.loginAsync_begin,{}),r)for(const d of Object.keys(r))d.endsWith(":token_request")&&delete r[d];try{const d=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const _=n.extras?{...n.extras,...r}:r;_.nonce||(_.nonce=ie(12));const k={nonce:_.nonce},w=await N(n,e),y=await s(n.authority,n.authority_configuration);let p;if(w)w.setLoginParams({callbackPath:l,extras:u,scope:c}),await w.initAsync(y,"loginAsync",n),await w.setNonceAsync(k),w.startKeepAliveServiceWorker(),p=w;else{const A=C(e,n.storage??sessionStorage);A.setLoginParams({callbackPath:l,extras:u,scope:c}),await A.setNonceAsync(k),p=A}const v={client_id:n.client_id,redirect_uri:d,scope:c,response_type:"code",..._};await nn(p,o)(y.authorizationEndpoint,v)}catch(d){throw t(m.loginAsync_error,d),d}})()},gn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,i=t.authority,r=t.token_request_timeout,a=await e.initAsync(i,t.authority_configuration),c=e.location.getCurrentHref(),u=z(c),f=u.session_state,l=await N(t,e.configurationName);let d,_,k,w;if(l)await l.initAsync(a,"loginCallbackAsync",t),await l.setSessionStateAsync(f),_=await l.getNonceAsync(),k=l.getLoginParams(),w=await l.getStateAsync(),l.startKeepAliveServiceWorker(),d=l;else{const T=C(e.configurationName,t.storage??sessionStorage);await T.setSessionStateAsync(f),_=await T.getNonceAsync(),k=T.getLoginParams(),w=await T.getStateAsync(),d=T}if(u.error||u.error_description)throw new Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${u.iss})`);if(u.state&&u.state!==w)throw new Error(`State not valid (expected: ${w}, received: ${u.state})`);const y={code:u.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},p={};if(t.token_request_extras)for(const[T,D]of Object.entries(t.token_request_extras))p[T]=D;if(k!=null&&k.extras)for(const[T,D]of Object.entries(k.extras))T.endsWith(":token_request")&&(p[T.replace(":token_request","")]=D);const v=a.tokenEndpoint,A={};if(t.demonstrating_proof_of_possession)if(l)A.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const T=await Ge(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await C(e.configurationName,t.storage).setDemonstratingProofOfPossessionJwkAsync(T),A.DPoP=await Se(window)(t.demonstrating_proof_of_possession_configuration)(T,"POST",v)}const E=await tn(d)(v,{...y,...p},A,e.configuration.token_renew_mode,r);if(!E.success)throw new Error("Token request failed");let g;const O=E.data.tokens,h=E.data.demonstratingProofOfPossessionNonce;if(E.data.state!==p.state)throw new Error("state is not valid");const{isValid:P,reason:S}=ge(O,_.nonce,a);if(!P)throw new Error(`Tokens are not OpenID valid, reason: ${S}`);if(l){if(O.refreshToken&&!O.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(h&&(O!=null&&O.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(a,"syncTokensAsync",t),g=l.getLoginParams(),h&&await l.setDemonstratingProofOfPossessionNonce(h);else{const T=C(e.configurationName,t.storage);g=T.getLoginParams(),h&&await T.setDemonstratingProofOfPossessionNonce(h)}return await e.startCheckSessionAsync(a.checkSessionIframe,s,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:O,state:"request.state",callbackPath:g.callbackPath,scope:u.scope,extras:g.extras}}catch(t){throw console.error(t),e.publishEvent(m.loginCallbackAsync_error,t),t}},Ie={access_token:"access_token",refresh_token:"refresh_token"},ce=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const i=s.replace(n,"");t[i]=o}return t}return t},yn=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},kn=e=>async n=>{F.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await N(e.configuration,e.configurationName);t?await t.clearAsync(n):await C(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},mn=(e,n,t,s,o)=>async(i=void 0,r=null)=>{var p,v;const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,s.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const l=f?i:o.getOrigin()+u,d=e.tokens?e.tokens.idToken:"";try{const A=c.revocationEndpoint;if(A){const E=[],g=e.tokens?e.tokens.accessToken:null;if(g&&a.logout_tokens_to_invalidate.includes(Ie.access_token)){const h=ce(r,":revoke_access_token"),P=Ee(t)(A,g,re.access_token,a.client_id,h);E.push(P)}const O=e.tokens?e.tokens.refreshToken:null;if(O&&a.logout_tokens_to_invalidate.includes(Ie.refresh_token)){const h=ce(r,":revoke_refresh_token"),P=Ee(t)(A,O,re.refresh_token,a.client_id,h);E.push(P)}E.length>0&&await Promise.all(E)}}catch(A){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(A)}const _=((v=(p=e.tokens)==null?void 0:p.idTokenPayload)==null?void 0:v.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,_):e.publishEvent(m.logout_from_same_tab,{});const k=ce(r,":oidc");if(k&&k.no_reload==="true")return;const y=yn(r);if(c.endSessionEndpoint){"id_token_hint"in y||(y.id_token_hint=d),!("post_logout_redirect_uri"in y)&&i!==null&&(y.post_logout_redirect_uri=l);let A="";for(const[E,g]of Object.entries(y))g!=null&&(A===""?A+="?":A+="&",A+=`${E}=${encodeURIComponent(g)}`);o.open(`${c.endSessionEndpoint}${A}`)}else o.reload()},Ce=(e,n,t=!1)=>async(...s)=>{var _;const[o,i,...r]=s,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const u={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:n.renewTokensAsync.bind(n)},f=await he(u),l=(_=f==null?void 0:f.tokens)==null?void 0:_.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(n.configuration.demonstrating_proof_of_possession&&t){const k=await n.generateDemonstrationOfProofOfPossessionAsync(l,o.toString(),a.method);c.set("Authorization",`DPoP ${l}`),c.set("DPoP",k)}else c.set("Authorization",`Bearer ${l}`);a.credentials||(a.credentials="same-origin")}const d={...a,headers:c};return await e(o,d,...r)},pn=e=>async(n=!1,t=!1)=>{var u,f;if(e.userInfo!=null&&!n)return e.userInfo;const s=!n&&((u=e.configuration.storage)==null?void 0:u.getItem(`oidc.${e.configurationName}.userInfo`));if(s)return e.userInfo=JSON.parse(s),e.userInfo;const o=e.configuration,r=(await e.initAsync(o.authority,o.authority_configuration)).userInfoEndpoint,c=await(async()=>{const d=await Ce(fetch,e,t)(r);return d.status!==200?null:d.json()})();return e.userInfo=c,c&&((f=e.configuration.storage)==null||f.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(c))),c},Ne=()=>fetch;class le{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const $={},wn=(e,n=new L)=>(t,s="default")=>($[s]||($[s]=new W(t,s,e,n)),$[s]),An=async e=>{const{parsedTokens:n,callbackPath:t,extras:s,scope:o}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt,s,o),{callbackPath:t}},Sn=e=>Math.floor(Math.random()*e),j=class j{constructor(n,t="default",s,o=new L){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new L,this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??U.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_activate:n.service_worker_activate??un,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Je,preload_user_info:n.preload_user_info??!1},this.getFetch=s??Ne,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=Sn(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call($,n)&&t)throw Error(`OIDC library does seem initialized.
2
+ Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return $[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=z(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=z(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new le({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const i=await N(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await Ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=_n(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,t,s,o=!1){await rn(this,$,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=on(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):this.loginPromise=hn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await gn(this)(n),o=s.tokens;return this.tokens=o,await N(this.configuration,this.configurationName)||C(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(j.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath,scope:s.scope,extras:s.extras}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const i=this.configuration,r={ath:await ve(n),...o};if(await N(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${me(this.configurationName)}`;const c=C(this.configurationName,i.storage),u=await c.getDemonstratingProofOfPossessionJwkAsync(),f=c.getDemonstratingProofOfPossessionNonce();return f&&(r.nonce=f),await Se(window)(i.demonstrating_proof_of_possession_configuration)(u,s,t,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=An(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,t=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=pn(this)(n,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return F.clearTimeout(this.timeoutId),this.renewTokensPromise=Oe(this,!0,n,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await kn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=mn(this,$,this.getFetch(),console,this.location)(n,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};j.getOrCreate=(n,t)=>(s,o="default")=>wn(n,t)(s,o),j.eventNames=m;let W=j;const M=class M{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new M(W.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,t,s,o,i)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,t=null){return this._oidc.renewTokensAsync(n,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){const s=this._oidc,o={getTokens:()=>s.tokens,configuration:{token_automatic_renew_mode:s.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:s.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:s.renewTokensAsync.bind(s)};return he(o,n,t)}fetchWithTokens(n,t=!1){return Ce(n,this._oidc,t)}async userInfoAsync(n=!1,t=!1){return this._oidc.userInfoAsync(n,t)}userInfo(){return this._oidc.userInfo}};M.getOrCreate=(n,t=new L)=>(s,o="default")=>new M(W.getOrCreate(n,t)(s,o)),M.eventNames=W.eventNames;let ue=M;I.OidcClient=ue,I.OidcLocation=L,I.TokenAutomaticRenewMode=U,I.TokenRenewMode=G,I.getFetchDefault=Ne,I.getParseQueryStringFromLocation=z,I.getPath=fn,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});
package/dist/oidc.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAW7D,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAG1D,OAAO,EAAkB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAM1D,OAAO,EACL,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EAEV,MAAM,YAAY,CAAC;AAGpB,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACxD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,qCAAqC;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CASzB;AAYD,MAAM,MAAM,aAAa,GAAG;IAC1B,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,SAAS,CAAC;CACnB,CAAC;AAYF,qBAAa,IAAI;IACR,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBAE9B,aAAa,EAAE,iBAAiB,EAChC,iBAAiB,QAAY,EAC7B,QAAQ,EAAE,MAAM,KAAK,EACrB,QAAQ,GAAE,cAAmC;IAyD/C,eAAe,CAAC,IAAI,KAAA,GAAG,MAAM;IAM7B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,UAAU,cAAc,MAC/C,kBAAa,EAAE,aAAgB,SAE9B;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAW9B,mCAAmC,CAAC,SAAS,MAAO;IAkB9C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,sBAAsB;IAoCjF,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/C,sBAAsB,CAC1B,qBAAqB,KAAA,EACrB,QAAQ,KAAA,EACR,YAAY,KAAA,EACZ,cAAc,UAAQ;IAUxB,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAQ;IAChC,UAAU,CACd,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ;IA+BzB,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACpC,kBAAkB,CAAC,aAAa,UAAQ;IAmCxC,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IA0BlB,uCAAuC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAQ;IACvE,qCAAqC,IAAI,OAAO,CAAC,aAAa,CAAC;IAU/D,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAQ;IAUxE,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IAElC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa;IAgB/D,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAe7C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAepD,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC9B,WAAW,CACf,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB;CAgB3B;AAED,eAAe,IAAI,CAAC"}
1
+ {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAW7D,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAG1D,OAAO,EAAkB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAM1D,OAAO,EACL,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EAEV,MAAM,YAAY,CAAC;AAGpB,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACxD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,qCAAqC;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CASzB;AAYD,MAAM,MAAM,aAAa,GAAG;IAC1B,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,SAAS,CAAC;CACnB,CAAC;AAYF,qBAAa,IAAI;IACR,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBAE9B,aAAa,EAAE,iBAAiB,EAChC,iBAAiB,QAAY,EAC7B,QAAQ,EAAE,MAAM,KAAK,EACrB,QAAQ,GAAE,cAAmC;IAyD/C,eAAe,CAAC,IAAI,KAAA,GAAG,MAAM;IAM7B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,UAAU,cAAc,MAC/C,kBAAa,EAAE,aAAgB,SAE9B;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAW9B,mCAAmC,CAAC,SAAS,MAAO;IAkB9C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,sBAAsB;IAsCjF,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/C,sBAAsB,CAC1B,qBAAqB,KAAA,EACrB,QAAQ,KAAA,EACR,YAAY,KAAA,EACZ,cAAc,UAAQ;IAUxB,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAQ;IAChC,UAAU,CACd,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ;IA+BzB,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACpC,kBAAkB,CAAC,aAAa,UAAQ;IAmCxC,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IA0BlB,uCAAuC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAQ;IACvE,qCAAqC,IAAI,OAAO,CAAC,aAAa,CAAC;IAU/D,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAQ;IAUxE,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IAElC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa;IAgB/D,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAe7C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAepD,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC9B,WAAW,CACf,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB;CAgB3B;AAED,eAAe,IAAI,CAAC"}
package/dist/user.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../src/user.ts"],"names":[],"mappings":"AACA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAE1B,eAAO,MAAM,aAAa,GACvB,MAAM,IAAI,MACJ,iBAAe,EAAE,2CAAyC,iBAqBhE,CAAC"}
1
+ {"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../src/user.ts"],"names":[],"mappings":"AACA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAE1B,eAAO,MAAM,aAAa,GACvB,MAAM,IAAI,MACJ,iBAAe,EAAE,2CAAyC,iBAmChE,CAAC"}
package/dist/version.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- declare const _default: "7.25.14";
1
+ declare const _default: "7.25.15";
2
2
  export default _default;
3
3
  //# sourceMappingURL=version.d.ts.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client",
3
- "version": "7.25.14",
3
+ "version": "7.25.15",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
20
20
  "url": "https://github.com/AxaFrance/oidc-client.git"
21
21
  },
22
22
  "dependencies": {
23
- "@axa-fr/oidc-client-service-worker": "7.25.14"
23
+ "@axa-fr/oidc-client-service-worker": "7.25.15"
24
24
  },
25
25
  "devDependencies": {
26
26
  "@testing-library/dom": "10.4.0",
@@ -57,4 +57,4 @@
57
57
  "access": "public",
58
58
  "registry": "https://registry.npmjs.org/"
59
59
  }
60
- }
60
+ }
package/src/oidc.ts CHANGED
@@ -252,7 +252,9 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
252
252
  }
253
253
 
254
254
  const serviceWorker = await initWorkerAsync(this.configuration, this.configurationName);
255
- const storage = serviceWorker ? window.sessionStorage : null;
255
+ const storage = serviceWorker
256
+ ? this.configuration.storage || window.sessionStorage
257
+ : this.configuration.storage;
256
258
  return await fetchFromIssuer(this.getFetch())(
257
259
  authority,
258
260
  this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60,
package/src/user.ts CHANGED
@@ -7,6 +7,13 @@ export const userInfoAsync =
7
7
  if (oidc.userInfo != null && !noCache) {
8
8
  return oidc.userInfo;
9
9
  }
10
+ // Check storage cache
11
+ const stored =
12
+ !noCache && oidc.configuration.storage?.getItem(`oidc.${oidc.configurationName}.userInfo`);
13
+ if (stored) {
14
+ oidc.userInfo = JSON.parse(stored);
15
+ return oidc.userInfo;
16
+ }
10
17
  const configuration = oidc.configuration;
11
18
  const oidcServerConfiguration = await oidc.initAsync(
12
19
  configuration.authority,
@@ -23,5 +30,12 @@ export const userInfoAsync =
23
30
  };
24
31
  const userInfo = await fetchUserInfo();
25
32
  oidc.userInfo = userInfo;
33
+ // Store in cache
34
+ if (userInfo) {
35
+ oidc.configuration.storage?.setItem(
36
+ `oidc.${oidc.configurationName}.userInfo`,
37
+ JSON.stringify(userInfo),
38
+ );
39
+ }
26
40
  return userInfo;
27
41
  };
package/src/version.ts CHANGED
@@ -1 +1 @@
1
- export default '7.25.14';
1
+ export default '7.25.15';