npm - @axa-fr/oidc-client - Versions diffs - 7.25.16 → 7.26.0 - Mend

@axa-fr/oidc-client 7.25.16 → 7.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js CHANGED Viewed

@@ -77,21 +77,21 @@ const m = {
   syncTokensAsync_error: "syncTokensAsync_error",
   tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
 }, C = (e, n = sessionStorage) => {
-  const s = (g) => (n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: g }), Promise.resolve()), t = async () => {
+  const s = (y) => (n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: y }), delete n[`oidc.${e}.userInfo`], Promise.resolve()), t = async () => {
     if (!n[`oidc.${e}`])
       return n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
-    const g = JSON.parse(n[`oidc.${e}`]);
-    return Promise.resolve({ tokens: g.tokens, status: g.status });
-  }, o = (g) => {
-    n[`oidc.${e}`] = JSON.stringify({ tokens: g });
-  }, i = async (g) => {
-    n[`oidc.session_state.${e}`] = g;
-  }, r = async () => n[`oidc.session_state.${e}`], a = (g) => {
-    n[`oidc.nonce.${e}`] = g.nonce;
-  }, c = (g) => {
-    n[`oidc.jwk.${e}`] = JSON.stringify(g);
-  }, u = () => JSON.parse(n[`oidc.jwk.${e}`]), f = async () => ({ nonce: n[`oidc.nonce.${e}`] }), l = async (g) => {
-    n[`oidc.dpop_nonce.${e}`] = g;
+    const y = JSON.parse(n[`oidc.${e}`]);
+    return Promise.resolve({ tokens: y.tokens, status: y.status });
+  }, o = (y) => {
+    n[`oidc.${e}`] = JSON.stringify({ tokens: y });
+  }, i = async (y) => {
+    n[`oidc.session_state.${e}`] = y;
+  }, r = async () => n[`oidc.session_state.${e}`], a = (y) => {
+    n[`oidc.nonce.${e}`] = y.nonce;
+  }, c = (y) => {
+    n[`oidc.jwk.${e}`] = JSON.stringify(y);
+  }, u = () => JSON.parse(n[`oidc.jwk.${e}`]), f = async () => ({ nonce: n[`oidc.nonce.${e}`] }), l = async (y) => {
+    n[`oidc.dpop_nonce.${e}`] = y;
   }, d = () => n[`oidc.dpop_nonce.${e}`], _ = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, k = {};
   return {
     clearAsync: s,
@@ -102,22 +102,22 @@ const m = {
     getSessionStateAsync: r,
     setNonceAsync: a,
     getNonceAsync: f,
-    setLoginParams: (g) => {
-      k[e] = g, n[`oidc.login.${e}`] = JSON.stringify(g);
+    setLoginParams: (y) => {
+      k[e] = y, n[`oidc.login.${e}`] = JSON.stringify(y);
     },
     getLoginParams: () => {
-      const g = n[`oidc.login.${e}`];
-      return g ? (k[e] || (k[e] = JSON.parse(g)), k[e]) : (console.warn(
+      const y = n[`oidc.login.${e}`];
+      return y ? (k[e] || (k[e] = JSON.parse(y)), k[e]) : (console.warn(
         `storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`
       ), null);
     },
     getStateAsync: async () => n[`oidc.state.${e}`],
-    setStateAsync: async (g) => {
-      n[`oidc.state.${e}`] = g;
+    setStateAsync: async (y) => {
+      n[`oidc.state.${e}`] = y;
     },
     getCodeVerifierAsync: async () => n[`oidc.code_verifier.${e}`],
-    setCodeVerifierAsync: async (g) => {
-      n[`oidc.code_verifier.${e}`] = g;
+    setCodeVerifierAsync: async (y) => {
+      n[`oidc.code_verifier.${e}`] = y;
     },
     setDemonstratingProofOfPossessionNonce: l,
     getDemonstratingProofOfPossessionNonce: d,
@@ -244,8 +244,8 @@ const oe = (e, n = null, s) => {
     setInterval: setInterval.bind(e),
     clearInterval: clearInterval.bind(e)
   };
-}(), Y = "7.25.16";
-let ge = null, G;
+}(), Y = "7.26.0";
+let ye = null, G;
 const re = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Te = (e = "/") => {
   try {
     G = new AbortController(), fetch(
@@ -313,7 +313,7 @@ const re = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Te =
       status: v.status
     };
   }, a = (h = "/") => {
-    ge == null && (ge = "not_null", Te(h));
+    ye == null && (ye = "not_null", Te(h));
   }, c = (h) => b(o)({
     type: "setSessionState",
     data: { sessionState: h },
@@ -344,7 +344,7 @@ const re = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Te =
       data: { demonstratingProofOfPossessionNonce: h },
       configurationName: n
     });
-  }, y = async () => (await b(o)({
+  }, g = async () => (await b(o)({
     type: "getDemonstratingProofOfPossessionNonce",
     data: null,
     configurationName: n
@@ -373,13 +373,13 @@ const re = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Te =
     type: "setState",
     data: { state: h },
     configurationName: n
-  })), g = async (h = !0) => {
+  })), y = async (h = !0) => {
     let T = (await b(o)({
       type: "getCodeVerifier",
       data: null,
       configurationName: n
     })).codeVerifier;
-    return T || (T = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), h && (await P(T), T = await g(!1))), T;
+    return T || (T = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), h && (await P(T), T = await y(!1))), T;
   }, P = async (h) => (sessionStorage[`oidc.code_verifier.${n}`] = h, b(o)({
     type: "setCodeVerifier",
     data: { codeVerifier: h },
@@ -397,10 +397,10 @@ const re = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Te =
     getLoginParams: k,
     getStateAsync: w,
     setStateAsync: S,
-    getCodeVerifierAsync: g,
+    getCodeVerifierAsync: y,
     setCodeVerifierAsync: P,
     setDemonstratingProofOfPossessionNonce: A,
-    getDemonstratingProofOfPossessionNonce: y,
+    getDemonstratingProofOfPossessionNonce: g,
     setDemonstratingProofOfPossessionJwkAsync: p,
     getDemonstratingProofOfPossessionJwkAsync: E
   };
@@ -432,7 +432,7 @@ const ae = (e) => {
     n += String.fromCharCode(s);
   }), Oe(n);
 };
-function ye(e) {
+function ge(e) {
   return Oe(Me(e));
 }
 const Je = {
@@ -462,10 +462,10 @@ const Je = {
   const r = {
     // @ts-ignore
     // JWT "headers" really means JWS "protected headers"
-    protected: ye(JSON.stringify(s)),
+    protected: ge(JSON.stringify(s)),
     // @ts-ignore
     // JWT "claims" are really a JSON-defined JWS "payload"
-    payload: ye(JSON.stringify(t))
+    payload: ge(JSON.stringify(t))
   }, a = o.importKeyAlgorithm, c = !0, u = ["sign"], f = await e.crypto.subtle.importKey("jwk", n, a, c, u), l = Ee(`${r.protected}.${r.payload}`), d = o.signAlgorithm, _ = await e.crypto.subtle.sign(d, f, l);
   return r.signature = ae(new Uint8Array(_)), `${r.protected}.${r.payload}.${r.signature}`;
 }, je = { sign: He }, Ge = (e) => async (n) => {
@@ -780,11 +780,11 @@ const M = (e, n, s = null, t = null) => {
       if (k === "SESSIONS_LOST")
         return { tokens: null, status: O.SESSION_LOST, nonce: i };
       if (_.issuedAt !== t.issuedAt) {
-        const y = V(
+        const g = V(
           n.refresh_time_before_tokens_expiration_in_second,
           _.expiresAt
         ) > 0 ? O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, p = await l.getNonceAsync();
-        return { tokens: _, status: y, nonce: p };
+        return { tokens: _, status: g, nonce: p };
       }
     } else return {
       tokens: null,
@@ -811,22 +811,22 @@ const M = (e, n, s = null, t = null) => {
   if (s >= c || t >= u)
     return n(null), e.publishEvent(m.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
   i || (i = {});
-  const _ = e.configuration, k = (y, p = null, E = null) => le(
+  const _ = e.configuration, k = (g, p = null, E = null) => le(
     e.configurationName,
     e.configuration,
     e.publishEvent.bind(e)
-  )(y, p, E), A = async () => {
+  )(g, p, E), A = async () => {
     try {
-      let y;
+      let g;
       const p = await x(_, e.configurationName);
-      p ? y = p.getLoginParams() : y = C(e.configurationName, _.storage).getLoginParams();
+      p ? g = p.getLoginParams() : g = C(e.configurationName, _.storage).getLoginParams();
       const E = {};
-      if (y && y.extras)
-        for (const [S, g] of Object.entries(y.extras))
-          E[S] = g;
+      if (g && g.extras)
+        for (const [S, y] of Object.entries(g.extras))
+          E[S] = y;
       if (i)
-        for (const [S, g] of Object.entries(i))
-          E[S] = g;
+        for (const [S, y] of Object.entries(i))
+          E[S] = y;
       E.prompt = "none", r && (E.scope = r);
       const w = await k(E);
       return w ? w.error ? (n(null), e.publishEvent(m.refreshTokensAsync_error, {
@@ -834,10 +834,10 @@ const M = (e, n, s = null, t = null) => {
       }), { tokens: null, status: "SESSION_LOST" }) : (n(w.tokens), e.publishEvent(L.eventNames.token_renewed, {}), { tokens: w.tokens, status: "LOGGED" }) : (n(null), e.publishEvent(m.refreshTokensAsync_error, {
         message: "refresh token silent not active"
       }), { tokens: null, status: "SESSION_LOST" });
-    } catch (y) {
-      return console.error(y), e.publishEvent(m.refreshTokensAsync_silent_error, {
+    } catch (g) {
+      return console.error(g), e.publishEvent(m.refreshTokensAsync_silent_error, {
         message: "exceptionSilent",
-        exception: y.message
+        exception: g.message
       }), await H(e)(
         n,
         l,
@@ -849,13 +849,13 @@ const M = (e, n, s = null, t = null) => {
     }
   };
   try {
-    const { status: y, tokens: p, nonce: E } = await ce(e)(
+    const { status: g, tokens: p, nonce: E } = await ce(e)(
       _,
       e.configurationName,
       e.tokens,
       o
     );
-    switch (y) {
+    switch (g) {
       case O.SESSION_LOST:
         return n(null), e.publishEvent(m.refreshTokensAsync_error, {
           message: "refresh token session lost"
@@ -875,16 +875,16 @@ const M = (e, n, s = null, t = null) => {
       case O.REQUIRE_SYNC_TOKENS:
         return _.token_automatic_renew_mode == B.AutomaticOnlyWhenFetchExecuted && !o ? (e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(m.refreshTokensAsync_begin, { tryNumber: s }), await A());
       default: {
-        if (_.token_automatic_renew_mode == B.AutomaticOnlyWhenFetchExecuted && O.FORCE_REFRESH !== y)
+        if (_.token_automatic_renew_mode == B.AutomaticOnlyWhenFetchExecuted && O.FORCE_REFRESH !== g)
           return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
         if (e.publishEvent(m.refreshTokensAsync_begin, {
           refreshToken: p.refreshToken,
-          status: y,
+          status: g,
           tryNumber: s,
           backgroundTry: t
         }), !p.refreshToken)
           return await A();
-        const w = _.client_id, S = _.redirect_uri, g = _.authority, h = { ..._.token_request_extras ? _.token_request_extras : {} };
+        const w = _.client_id, S = _.redirect_uri, y = _.authority, h = { ..._.token_request_extras ? _.token_request_extras : {} };
         for (const [T, v] of Object.entries(i))
           T.endsWith(":token_request") && (h[T.replace(":token_request", "")] = v);
         return await (async () => {
@@ -894,7 +894,7 @@ const M = (e, n, s = null, t = null) => {
             grant_type: "refresh_token",
             refresh_token: p.refreshToken
           }, v = await e.initAsync(
-            g,
+            y,
             _.authority_configuration
           ), W = document.hidden ? 1e4 : 3e4 * 10, ue = v.tokenEndpoint, _e = {};
           _.demonstrating_proof_of_possession && (_e.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(
@@ -949,10 +949,10 @@ const M = (e, n, s = null, t = null) => {
         })();
       }
     }
-  } catch (y) {
-    return console.error(y), e.publishEvent(m.refreshTokensAsync_silent_error, {
+  } catch (g) {
+    return console.error(g), e.publishEvent(m.refreshTokensAsync_silent_error, {
       message: "exception",
-      exception: y.message
+      exception: g.message
     }), new Promise((p, E) => {
       setTimeout(() => {
         H(e)(
@@ -980,31 +980,31 @@ const M = (e, n, s = null, t = null) => {
       let _ = !1;
       const k = () => {
         window.removeEventListener("message", A), f.remove(), _ = !0;
-      }, A = (y) => {
-        if (y.origin === u && y.source === f.contentWindow) {
-          const p = `${e}_oidc_tokens:`, E = `${e}_oidc_error:`, w = `${e}_oidc_exception:`, S = y.data;
+      }, A = (g) => {
+        if (g.origin === u && g.source === f.contentWindow) {
+          const p = `${e}_oidc_tokens:`, E = `${e}_oidc_error:`, w = `${e}_oidc_exception:`, S = g.data;
           if (S && typeof S == "string" && !_) {
             if (S.startsWith(p)) {
-              const g = JSON.parse(y.data.replace(p, ""));
-              s(m.silentLoginAsync_end, {}), l(g), k();
+              const y = JSON.parse(g.data.replace(p, ""));
+              s(m.silentLoginAsync_end, {}), l(y), k();
             } else if (S.startsWith(E)) {
-              const g = JSON.parse(y.data.replace(E, ""));
-              s(m.silentLoginAsync_error, g), l({ error: "oidc_" + g.error, tokens: null, sessionState: null }), k();
+              const y = JSON.parse(g.data.replace(E, ""));
+              s(m.silentLoginAsync_error, y), l({ error: "oidc_" + y.error, tokens: null, sessionState: null }), k();
             } else if (S.startsWith(w)) {
-              const g = JSON.parse(y.data.replace(w, ""));
-              s(m.silentLoginAsync_error, g), d(new Error(g.error)), k();
+              const y = JSON.parse(g.data.replace(w, ""));
+              s(m.silentLoginAsync_error, y), d(new Error(y.error)), k();
             }
           }
         }
       };
       try {
         window.addEventListener("message", A);
-        const y = n.silent_login_timeout;
+        const g = n.silent_login_timeout;
         setTimeout(() => {
           _ || (k(), s(m.silentLoginAsync_error, { reason: "timeout" }), d(new Error("timeout")));
-        }, y);
-      } catch (y) {
-        k(), s(m.silentLoginAsync_error, y), d(y);
+        }, g);
+      } catch (g) {
+        k(), s(m.silentLoginAsync_error, g), d(g);
       }
     });
   } catch (r) {
@@ -1059,13 +1059,13 @@ const M = (e, n, s = null, t = null) => {
             throw new Error(k.error);
           const A = k.tokens.idTokenPayload;
           if (_.sub === A.sub) {
-            const y = k.sessionState;
+            const g = k.sessionState;
             e.checkSessionIFrame.start(k.sessionState), _.sid === A.sid ? console.debug(
               "SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
-              y
+              g
             ) : console.debug(
               "SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",
-              y
+              g
             );
           } else
             console.debug(
@@ -1177,7 +1177,7 @@ const hn = () => {
     return !1;
   const s = fn(navigator);
   return !_n(s);
-}, gn = async (e) => {
+}, yn = async (e) => {
   let n;
   if (e.tokens != null)
     return !1;
@@ -1281,8 +1281,8 @@ const hn = () => {
   return t === "#_=_" && (t = ""), t && (s += t), s;
 }, se = (e) => {
   const n = Ce(e), { search: s } = n;
-  return yn(s);
-}, yn = (e) => {
+  return gn(s);
+}, gn = (e) => {
   const n = {};
   let s, t, o;
   const i = e.split("&");
@@ -1301,13 +1301,13 @@ const hn = () => {
       c || (c = n.scope);
       const _ = n.extras ? { ...n.extras, ...r } : r;
       _.nonce || (_.nonce = ee(12));
-      const k = { nonce: _.nonce }, A = await x(n, e), y = await t(
+      const k = { nonce: _.nonce }, A = await x(n, e), g = await t(
         n.authority,
         n.authority_configuration
       );
       let p;
       if (A)
-        A.setLoginParams({ callbackPath: l, extras: u, scope: c }), await A.initAsync(y, "loginAsync", n), await A.setNonceAsync(k), A.startKeepAliveServiceWorker(), p = A;
+        A.setLoginParams({ callbackPath: l, extras: u, scope: c }), await A.initAsync(g, "loginAsync", n), await A.setNonceAsync(k), A.startKeepAliveServiceWorker(), p = A;
       else {
         const w = C(e, n.storage ?? sessionStorage);
         w.setLoginParams({ callbackPath: l, extras: u, scope: c }), await w.setNonceAsync(k), p = w;
@@ -1320,7 +1320,7 @@ const hn = () => {
         ..._
       };
       await an(p, o)(
-        y.authorizationEndpoint,
+        g.authorizationEndpoint,
         E
       );
     } catch (d) {
@@ -1354,7 +1354,7 @@ const hn = () => {
       );
     if (u.state && u.state !== A)
       throw new Error(`State not valid (expected: ${A}, received: ${u.state})`);
-    const y = {
+    const g = {
       code: u.code,
       grant_type: "authorization_code",
       client_id: s.client_id,
@@ -1380,14 +1380,14 @@ const hn = () => {
       }
     const S = await cn(d)(
       E,
-      { ...y, ...p },
+      { ...g, ...p },
       w,
       e.configuration.token_renew_mode,
       r
     );
     if (!S.success)
       throw new Error("Token request failed");
-    let g;
+    let y;
     const P = S.data.tokens, h = S.data.demonstratingProofOfPossessionNonce;
     if (S.data.state !== p.state)
       throw new Error("state is not valid");
@@ -1407,12 +1407,12 @@ const hn = () => {
         );
     }
     if (l)
-      await l.initAsync(a, "syncTokensAsync", s), g = l.getLoginParams(), h && await l.setDemonstratingProofOfPossessionNonce(
+      await l.initAsync(a, "syncTokensAsync", s), y = l.getLoginParams(), h && await l.setDemonstratingProofOfPossessionNonce(
         h
       );
     else {
       const v = C(e.configurationName, s.storage);
-      g = v.getLoginParams(), h && await v.setDemonstratingProofOfPossessionNonce(h);
+      y = v.getLoginParams(), h && await v.setDemonstratingProofOfPossessionNonce(h);
     }
     return await e.startCheckSessionAsync(
       a.checkSessionIframe,
@@ -1422,9 +1422,9 @@ const hn = () => {
     ), e.publishEvent(m.loginCallbackAsync_end, {}), {
       tokens: P,
       state: "request.state",
-      callbackPath: g.callbackPath,
+      callbackPath: y.callbackPath,
       scope: u.scope,
-      extras: g.extras
+      extras: y.extras
     };
   } catch (s) {
     throw console.error(s), e.publishEvent(m.loginCallbackAsync_error, s), s;
@@ -1469,11 +1469,11 @@ const hn = () => {
   try {
     const w = c.revocationEndpoint;
     if (w) {
-      const S = [], g = e.tokens ? e.tokens.accessToken : null;
-      if (g && a.logout_tokens_to_invalidate.includes(pe.access_token)) {
+      const S = [], y = e.tokens ? e.tokens.accessToken : null;
+      if (y && a.logout_tokens_to_invalidate.includes(pe.access_token)) {
         const h = z(r, ":revoke_access_token"), I = ke(s)(
           w,
-          g,
+          y,
           ne.access_token,
           a.client_id,
           h
@@ -1505,12 +1505,12 @@ const hn = () => {
   const k = z(r, ":oidc");
   if (k && k.no_reload === "true")
     return;
-  const y = pn(r);
+  const g = pn(r);
   if (c.endSessionEndpoint) {
-    "id_token_hint" in y || (y.id_token_hint = d), !("post_logout_redirect_uri" in y) && i !== null && (y.post_logout_redirect_uri = l);
+    "id_token_hint" in g || (g.id_token_hint = d), !("post_logout_redirect_uri" in g) && i !== null && (g.post_logout_redirect_uri = l);
     let w = "";
-    for (const [S, g] of Object.entries(y))
-      g != null && (w === "" ? w += "?" : w += "&", w += `${S}=${encodeURIComponent(g)}`);
+    for (const [S, y] of Object.entries(g))
+      y != null && (w === "" ? w += "?" : w += "&", w += `${S}=${encodeURIComponent(y)}`);
     o.open(`${c.endSessionEndpoint}${w}`);
   } else
     o.reload();
@@ -1677,7 +1677,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
     });
   }
   async tryKeepExistingSessionAsync() {
-    return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise = gn(this), this.tryKeepExistingSessionPromise.finally(() => {
+    return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise = yn(this), this.tryKeepExistingSessionPromise.finally(() => {
       this.tryKeepExistingSessionPromise = null;
     }));
   }

package/dist/index.umd.cjs CHANGED Viewed

@@ -1,2 +1,2 @@
-(function(N,D){typeof exports=="object"&&typeof module<"u"?D(exports):typeof define=="function"&&define.amd?define(["exports"],D):(N=typeof globalThis<"u"?globalThis:N||self,D(N["oidc-client"]={}))})(this,function(N){"use strict";class D{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const fe=2e3,K=console;class De{constructor(n,t,s,o=fe,i=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||fe,this._stopOnError=i;const r=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(K.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(K.debug(n),K.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):K.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){K.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(K.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},C=(e,n=sessionStorage)=>{const t=g=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:g}),Promise.resolve()),s=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const g=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:g.tokens,status:g.status})},o=g=>{n[`oidc.${e}`]=JSON.stringify({tokens:g})},i=async g=>{n[`oidc.session_state.${e}`]=g},r=async()=>n[`oidc.session_state.${e}`],a=g=>{n[`oidc.nonce.${e}`]=g.nonce},c=g=>{n[`oidc.jwk.${e}`]=JSON.stringify(g)},u=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async g=>{n[`oidc.dpop_nonce.${e}`]=g},d=()=>n[`oidc.dpop_nonce.${e}`],_=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,k={};return{clearAsync:t,initAsync:s,setTokens:o,getTokens:_,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:f,setLoginParams:g=>{k[e]=g,n[`oidc.login.${e}`]=JSON.stringify(g)},getLoginParams:()=>{const g=n[`oidc.login.${e}`];return g?(k[e]||(k[e]=JSON.parse(g)),k[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async g=>{n[`oidc.state.${e}`]=g},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async g=>{n[`oidc.code_verifier.${e}`]=g},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:d,setDemonstratingProofOfPossessionJwkAsync:c,getDemonstratingProofOfPossessionJwkAsync:u}};var U=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(U||{});const Re=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),$e=e=>JSON.parse(Re(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),de=e=>{try{return e&&Ke(e,".")===2?$e(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Ke=(e,n)=>e.split(n).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Ue(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const Q=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=de(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:de(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=Ue(e,s,r);let u;e.expiresAt?u=e.expiresAt:t===G.access_token_invalid?u=c:t===G.id_token_invalid?u=a:u=a<c?a:c;const f={...e,idTokenPayload:r,accessTokenPayload:s,expiresAt:u,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},Z=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),Q(s,n,t)},B=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},Ve=(e,n=0)=>e?B(n,e.expiresAt)>0:!1,he=async(e,n=200,t=50)=>{let s=t,o=await e.syncTokensInfoAsync();for(;[O.REQUIRE_SYNC_TOKENS,O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,O.TOKENS_INVALID].includes(o)&&s>0;){if(e.configuration.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await ne({milliseconds:n});s=s-1,o=await e.syncTokensInfoAsync()}return{isTokensValid:Ve(e.getTokens()),tokens:e.getTokens(),numberWaited:s-t}},ge=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(s.iat&&s.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+i} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},V=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),ee="7.25.16";let ye=null,q;const ne=({milliseconds:e})=>new Promise(n=>V.setTimeout(n,e)),ke=(e="/")=>{try{q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:q.signal}).catch(s=>{console.log(s)}),ne({milliseconds:150*1e3}).then(ke)}catch(n){console.log(n)}},te=()=>{q&&q.abort()},me=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const t=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,t),t},b=e=>n=>new Promise(function(t,s){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?s(i.data.error):t(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:me(n.configurationName)},[o.port2])}),x=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;const s=`${t}?v=${ee}`;let o=null;e.service_worker_register?o=await e.service_worker_register(t):o=await navigator.serviceWorker.register(s,{updateViaCache:"none"}),o.addEventListener("updatefound",()=>{const h=o.installing;te(),h==null||h.addEventListener("statechange",()=>{h.state==="installed"&&navigator.serviceWorker.controller&&(te(),console.log("New SW waiting – skipWaiting()"),h.postMessage({type:"SKIP_WAITING"}))})}),navigator.serviceWorker.addEventListener("controllerchange",()=>{console.log("SW controller changed – reloading page"),te(),window.location.reload()});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(o)({type:"claim"})}catch(h){return console.warn(`Failed init ServiceWorker ${h.toString()}`),null}const i=async h=>b(o)({type:"clear",data:{status:h},configurationName:n}),r=async(h,I,T)=>{const v=await b(o)({type:"init",data:{oidcServerConfiguration:h,where:I,oidcConfiguration:{token_renew_mode:T.token_renew_mode,service_worker_convert_all_requests_to_cors:T.service_worker_convert_all_requests_to_cors}},configurationName:n}),R=v.version;return R!==ee&&console.warn(`Service worker ${R} version mismatch with js client version ${ee}, unregistering and reloading`),{tokens:Z(v.tokens,null,T.token_renew_mode),status:v.status}},a=(h="/")=>{ye==null&&(ye="not_null",ke(h))},c=h=>b(o)({type:"setSessionState",data:{sessionState:h},configurationName:n}),u=async()=>(await b(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,f=h=>(sessionStorage[`oidc.nonce.${n}`]=h.nonce,b(o)({type:"setNonce",data:{nonce:h},configurationName:n})),l=async(h=!0)=>{let T=(await b(o)({type:"getNonce",data:null,configurationName:n})).nonce;return T||(T=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage"),h&&(await f(T),T=(await l(!1)).nonce)),{nonce:T}},d={},_=h=>{d[n]=h,localStorage[`oidc.login.${n}`]=JSON.stringify(h)},k=()=>{const h=localStorage[`oidc.login.${n}`];return d[n]||(d[n]=JSON.parse(h)),d[n]},A=async h=>{await b(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:h},configurationName:n})},y=async()=>(await b(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,p=async h=>{const I=JSON.stringify(h);await b(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:I},configurationName:n})},E=async()=>{const h=await b(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return h.demonstratingProofOfPossessionJwkJson?JSON.parse(h.demonstratingProofOfPossessionJwkJson):null},w=async(h=!0)=>{let T=(await b(o)({type:"getState",data:null,configurationName:n})).state;return T||(T=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage"),h&&(await S(T),T=await w(!1))),T},S=async h=>(sessionStorage[`oidc.state.${n}`]=h,b(o)({type:"setState",data:{state:h},configurationName:n})),g=async(h=!0)=>{let T=(await b(o)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return T||(T=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage"),h&&(await P(T),T=await g(!1))),T},P=async h=>(sessionStorage[`oidc.code_verifier.${n}`]=h,b(o)({type:"setCodeVerifier",data:{codeVerifier:h},configurationName:n}));return{clearAsync:i,initAsync:r,startKeepAliveServiceWorker:()=>a(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:u,setNonceAsync:f,getNonceAsync:l,setLoginParams:_,getLoginParams:k,getStateAsync:w,setStateAsync:S,getCodeVerifierAsync:g,setCodeVerifierAsync:P,setDemonstratingProofOfPossessionNonce:A,getDemonstratingProofOfPossessionNonce:y,setDemonstratingProofOfPossessionJwkAsync:p,getDemonstratingProofOfPossessionJwkAsync:E}},F={},Fe=(e,n=window.sessionStorage,t)=>{if(!F[e]&&n){const o=n.getItem(e);o&&(F[e]=JSON.parse(o))}const s=1e3*t;return F[e]&&F[e].timestamp+s>Date.now()?F[e].result:null},Me=(e,n,t=window.sessionStorage)=>{const s=Date.now();F[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function pe(e){return new TextEncoder().encode(e)}function we(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Be(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const se=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),we(n)};function Ae(e){return we(Be(e))}const Je={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},He={sign:e=>async(n,t,s,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=i,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:Ae(JSON.stringify(t)),payload:Ae(JSON.stringify(s))},a=o.importKeyAlgorithm,c=!0,u=["sign"],f=await e.crypto.subtle.importKey("jwk",n,a,c,u),l=pe(`${r.protected}.${r.payload}`),d=o.signAlgorithm,_=await e.crypto.subtle.sign(d,f,l);return r.signature=se(new Uint8Array(_)),`${r.protected}.${r.payload}.${r.signature}`}},je={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},Ge={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,pe(s));return se(new Uint8Array(o))}},qe=e=>async n=>await je.generate(e)(n),Se=e=>n=>async(t,s="POST",o,i={})=>{const r={jti:btoa(Ye()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await Ge.thumbprint(e)(t,n.digestAlgorithm);return await He.sign(e)(t,{kid:a},r,n)},Ye=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Te=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Xe=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%oe.length;n.push(oe[s])}return n.join("")},ie=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Te();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*oe.length|0;return Xe(n)};function ze(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function ve(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",ze(e)).then(s=>n(se(new Uint8Array(s))),s=>t(s))})}const Qe=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Te();return n?ve(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Ze=60*60,en=e=>async(n,t=Ze,s=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Fe(r,s,t);if(a)return new ue(a);const c=await J(e)(i,{},o);if(c.status!==200)return null;const u=await c.json();return Me(r,u,s),new ue(u)},J=e=>async(n,t={},s=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),s),i=await e(n,{...t,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(e)(n,t,s,o+1);throw r}else throw console.error(r.message),r}return i},re={refresh_token:"refresh_token",access_token:"access_token"},Ee=e=>async(n,t,s=re.refresh_token,o,i={},r=1e4)=>{const a={token:t,token_type_hint:s,client_id:o};for(const[l,d]of Object.entries(i))a[l]===void 0&&(a[l]=d);const c=[];for(const l in a){const d=encodeURIComponent(l),_=encodeURIComponent(a[l]);c.push(`${d}=${_}`)}const u=c.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:u},r)).status!==200?{success:!1}:{success:!0}},nn=e=>async(n,t,s,o,i={},r,a=1e4)=>{for(const[_,k]of Object.entries(s))t[_]===void 0&&(t[_]=k);const c=[];for(const _ in t){const k=encodeURIComponent(_),A=encodeURIComponent(t[_]);c.push(`${k}=${A}`)}const u=c.join("&"),f=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},a);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let d=null;return f.headers.has(Y)&&(d=f.headers.get(Y)),{success:!0,status:f.status,data:Z(l,o,r),demonstratingProofOfPossessionNonce:d}},tn=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=ie(128),i=await Qe(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=i,s.code_challenge_method="S256";let r="";if(s)for(const[a,c]of Object.entries(s))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${t}${r}`)},Y="DPoP-Nonce",sn=e=>async(n,t,s,o,i=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const l in t){const d=encodeURIComponent(l),_=encodeURIComponent(t[l]);r.push(`${d}=${_}`)}const a=r.join("&"),c=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let u=null;c.headers.has(Y)&&(u=c.headers.get(Y));const f=await c.json();return{success:!0,data:{state:t.state,tokens:Z(f,null,o),demonstratingProofOfPossessionNonce:u}}};async function Oe(e,n,t,s=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await X(e)(o,0,0,n,t,s);return await x(e.configuration,e.configurationName)||C(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function be(e,n=!1,t=null,s=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await x(e.configuration,e.configurationName);if((o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!a||!navigator.locks)r=await Oe(e,n,t,s);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async u=>u?await Oe(e,n,t,s):(e.publishEvent(W.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,t,s)),e.tokens):null}const H=(e,n,t=null,s=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&V.clearTimeout(e.timeoutId),V.setTimeout(async()=>{const r={timeLeft:B(o,n)};e.publishEvent(W.eventNames.token_timer,r),await be(e,!1,t,s)},1e3)},O={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS",TOKENS_INVALID:"TOKENS_INVALID"},ae=e=>async(n,t,s,o=!1)=>{const i={nonce:null};if(!s)return{tokens:null,status:O.NOT_CONNECTED,nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await x(n,t);if(c){const{status:l,tokens:d}=await c.initAsync(a,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:O.LOGOUT_FROM_ANOTHER_TAB,nonce:i};if(l==="SESSIONS_LOST")return{tokens:null,status:O.SESSION_LOST,nonce:i};if(!l||!d)return{tokens:null,status:O.REQUIRE_SYNC_TOKENS,nonce:i};if(d.issuedAt!==s.issuedAt){const k=B(n.refresh_time_before_tokens_expiration_in_second,d.expiresAt)>0?O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,A=await c.getNonceAsync();return{tokens:d,status:k,nonce:A}}r=await c.getNonceAsync()}else{const l=C(t,n.storage??sessionStorage),d=await l.initAsync();let{tokens:_}=d;const{status:k}=d;if(_&&(_=Q(_,e.tokens,n.token_renew_mode)),_){if(k==="SESSIONS_LOST")return{tokens:null,status:O.SESSION_LOST,nonce:i};if(_.issuedAt!==s.issuedAt){const y=B(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,p=await l.getNonceAsync();return{tokens:_,status:y,nonce:p}}}else return{tokens:null,status:O.LOGOUT_FROM_ANOTHER_TAB,nonce:i};r=await l.getNonceAsync()}const f=B(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:r}:{tokens:s,status:f,nonce:r}},X=e=>async(n,t=0,s=0,o=!1,i=null,r=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let a=6;const c=o?2:5,u=5;for(;!navigator.onLine&&a>0;)await ne({milliseconds:1e3}),a--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${a}`});const f=document.hidden,l=f?t:t+1,d=f?s+1:s;if(t>=c||s>=u)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};i||(i={});const _=e.configuration,k=(y,p=null,E=null)=>ce(e.configurationName,e.configuration,e.publishEvent.bind(e))(y,p,E),A=async()=>{try{let y;const p=await x(_,e.configurationName);p?y=p.getLoginParams():y=C(e.configurationName,_.storage).getLoginParams();const E={};if(y&&y.extras)for(const[S,g]of Object.entries(y.extras))E[S]=g;if(i)for(const[S,g]of Object.entries(i))E[S]=g;E.prompt="none",r&&(E.scope=r);const w=await k(E);return w?w.error?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(w.tokens),e.publishEvent(W.eventNames.token_renewed,{}),{tokens:w.tokens,status:"LOGGED"}):(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(y){return console.error(y),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:y.message}),await X(e)(n,l,d,o,i,r)}};try{const{status:y,tokens:p,nonce:E}=await ae(e)(_,e.configurationName,e.tokens,o);switch(y){case O.SESSION_LOST:return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case O.NOT_CONNECTED:return n(null),{tokens:null,status:null};case O.TOKENS_VALID:return n(p),{tokens:p,status:"LOGGED_IN"};case O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(p),e.publishEvent(W.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:p,status:"LOGGED_IN"};case O.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case O.REQUIRE_SYNC_TOKENS:return _.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:t}),await A());default:{if(_.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&O.FORCE_REFRESH!==y)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:p.refreshToken,status:y,tryNumber:t,backgroundTry:s}),!p.refreshToken)return await A();const w=_.client_id,S=_.redirect_uri,g=_.authority,h={..._.token_request_extras?_.token_request_extras:{}};for(const[T,v]of Object.entries(i))T.endsWith(":token_request")&&(h[T.replace(":token_request","")]=v);return await(async()=>{const T={client_id:w,redirect_uri:S,grant_type:"refresh_token",refresh_token:p.refreshToken},v=await e.initAsync(g,_.authority_configuration),R=document.hidden?1e4:3e4*10,xe=v.tokenEndpoint,Le={};_.demonstrating_proof_of_possession&&(Le.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(p.accessToken,xe,"POST"));const L=await nn(e.getFetch())(xe,T,h,p,Le,_.token_renew_mode,R);if(L.success){const{isValid:Tn,reason:vn}=ge(L.data,E.nonce,v);if(!Tn)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${vn}`}),{tokens:null,status:"SESSION_LOST"};if(n(L.data),L.demonstratingProofOfPossessionNonce){const We=await x(_,e.configurationName);We?await We.setDemonstratingProofOfPossessionNonce(L.demonstratingProofOfPossessionNonce):await C(e.configurationName,_.storage).setDemonstratingProofOfPossessionNonce(L.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:L.success}),e.publishEvent(W.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:L.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:L}),L.status>=400&&L.status<500?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${L.status}`}),{tokens:null,status:"SESSION_LOST"}):await X(e)(n,l,d,o,i,r)})()}}}catch(y){return console.error(y),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:y.message}),new Promise((p,E)=>{setTimeout(()=>{X(e)(n,l,d,o,i,r).then(p).catch(E)},1e3)})}},ce=(e,n,t)=>(s=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(m.silentLoginAsync_begin,{});let r="";if(o&&(s==null&&(s={}),s.state=o),i!=null&&(s==null&&(s={}),s.scope=i),s!=null)for(const[l,d]of Object.entries(s))r===""?r=`?${encodeURIComponent(l)}=${encodeURIComponent(d)}`:r+=`&${encodeURIComponent(l)}=${encodeURIComponent(d)}`;const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),u=a.substring(0,c),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",a),f.style.display="none",document.body.appendChild(f),new Promise((l,d)=>{let _=!1;const k=()=>{window.removeEventListener("message",A),f.remove(),_=!0},A=y=>{if(y.origin===u&&y.source===f.contentWindow){const p=`${e}_oidc_tokens:`,E=`${e}_oidc_error:`,w=`${e}_oidc_exception:`,S=y.data;if(S&&typeof S=="string"&&!_){if(S.startsWith(p)){const g=JSON.parse(y.data.replace(p,""));t(m.silentLoginAsync_end,{}),l(g),k()}else if(S.startsWith(E)){const g=JSON.parse(y.data.replace(E,""));t(m.silentLoginAsync_error,g),l({error:"oidc_"+g.error,tokens:null,sessionState:null}),k()}else if(S.startsWith(w)){const g=JSON.parse(y.data.replace(w,""));t(m.silentLoginAsync_error,g),d(new Error(g.error)),k()}}}};try{window.addEventListener("message",A);const y=n.silent_login_timeout;setTimeout(()=>{_||(k(),t(m.silentLoginAsync_error,{reason:"timeout"}),d(new Error("timeout")))},y)}catch(y){k(),t(m.silentLoginAsync_error,y),d(y)}})}catch(r){throw t(m.silentLoginAsync_error,r),r}},on=(e,n,t,s,o)=>(i=null,r=void 0)=>{i={...i};const a=(u,f,l)=>ce(n,t,s.bind(o))(u,f,l);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=t.extras?{...t.extras,...i}:i,l=await a({...f,prompt:"none"},u,r);if(l)return o.tokens=l.tokens,s(m.token_acquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,i,r),{}}catch(f){return f}})()},rn=(e,n,t)=>(s,o,i,r=!1)=>{const a=(c,u=void 0,f=void 0)=>ce(e.configurationName,t,e.publishEvent.bind(e))(c,u,f);return new Promise((c,u)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&i&&!r){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const d=l.idToken,_=l.idTokenPayload;return a({prompt:"none",id_token_hint:d,scope:t.scope||"openid"}).then(k=>{if(k.error)throw new Error(k.error);const A=k.tokens.idTokenPayload;if(_.sub===A.sub){const y=k.sessionState;e.checkSessionIFrame.start(k.sessionState),_.sid===A.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",y):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",y)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",A.sub)}).catch(async k=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",k);for(const[,A]of Object.entries(n))await A.logoutOtherTabAsync(t.client_id,_.sub)})};e.checkSessionIFrame=new De(f,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(l=>{u(l)})}else c(null)})},an=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),cn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(t)){o=c.s;break}}let r=s;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function ln(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const un=()=>{const{name:e,version:n}=ln();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=cn(navigator);return!an(t)},_n=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await x(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,r),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=C(e.configurationName,t.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Q(i,null,t.token_renew_mode);const r=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,a),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Pe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},fn=e=>{const n=Pe(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},z=e=>{const n=Pe(e),{search:t}=n;return dn(t)},dn=e=>{const n={};let t,s,o;const i=e.split("&");for(s=0,o=i.length;s<o;s++)t=i[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},hn=(e,n,t,s,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const u=r;return r={...r},(async()=>{const l=i||o.getPath();if("state"in r||(r.state=ie(16)),t(m.loginAsync_begin,{}),r)for(const d of Object.keys(r))d.endsWith(":token_request")&&delete r[d];try{const d=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const _=n.extras?{...n.extras,...r}:r;_.nonce||(_.nonce=ie(12));const k={nonce:_.nonce},A=await x(n,e),y=await s(n.authority,n.authority_configuration);let p;if(A)A.setLoginParams({callbackPath:l,extras:u,scope:c}),await A.initAsync(y,"loginAsync",n),await A.setNonceAsync(k),A.startKeepAliveServiceWorker(),p=A;else{const w=C(e,n.storage??sessionStorage);w.setLoginParams({callbackPath:l,extras:u,scope:c}),await w.setNonceAsync(k),p=w}const E={client_id:n.client_id,redirect_uri:d,scope:c,response_type:"code",..._};await tn(p,o)(y.authorizationEndpoint,E)}catch(d){throw t(m.loginAsync_error,d),d}})()},gn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,i=t.authority,r=t.token_request_timeout,a=await e.initAsync(i,t.authority_configuration),c=e.location.getCurrentHref(),u=z(c),f=u.session_state,l=await x(t,e.configurationName);let d,_,k,A;if(l)await l.initAsync(a,"loginCallbackAsync",t),await l.setSessionStateAsync(f),_=await l.getNonceAsync(),k=l.getLoginParams(),A=await l.getStateAsync(),l.startKeepAliveServiceWorker(),d=l;else{const v=C(e.configurationName,t.storage??sessionStorage);await v.setSessionStateAsync(f),_=await v.getNonceAsync(),k=v.getLoginParams(),A=await v.getStateAsync(),d=v}if(u.error||u.error_description)throw new Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${u.iss})`);if(u.state&&u.state!==A)throw new Error(`State not valid (expected: ${A}, received: ${u.state})`);const y={code:u.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},p={};if(t.token_request_extras)for(const[v,R]of Object.entries(t.token_request_extras))p[v]=R;if(k!=null&&k.extras)for(const[v,R]of Object.entries(k.extras))v.endsWith(":token_request")&&(p[v.replace(":token_request","")]=R);const E=a.tokenEndpoint,w={};if(t.demonstrating_proof_of_possession)if(l)w.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const v=await qe(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await C(e.configurationName,t.storage).setDemonstratingProofOfPossessionJwkAsync(v),w.DPoP=await Se(window)(t.demonstrating_proof_of_possession_configuration)(v,"POST",E)}const S=await sn(d)(E,{...y,...p},w,e.configuration.token_renew_mode,r);if(!S.success)throw new Error("Token request failed");let g;const P=S.data.tokens,h=S.data.demonstratingProofOfPossessionNonce;if(S.data.state!==p.state)throw new Error("state is not valid");const{isValid:I,reason:T}=ge(P,_.nonce,a);if(!I)throw new Error(`Tokens are not OpenID valid, reason: ${T}`);if(l){if(P.refreshToken&&!P.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(h&&(P!=null&&P.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(a,"syncTokensAsync",t),g=l.getLoginParams(),h&&await l.setDemonstratingProofOfPossessionNonce(h);else{const v=C(e.configurationName,t.storage);g=v.getLoginParams(),h&&await v.setDemonstratingProofOfPossessionNonce(h)}return await e.startCheckSessionAsync(a.checkSessionIframe,s,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:P,state:"request.state",callbackPath:g.callbackPath,scope:u.scope,extras:g.extras}}catch(t){throw console.error(t),e.publishEvent(m.loginCallbackAsync_error,t),t}},Ie={access_token:"access_token",refresh_token:"refresh_token"},le=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const i=s.replace(n,"");t[i]=o}return t}return t},yn=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},kn=e=>async n=>{V.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await x(e.configuration,e.configurationName);t?await t.clearAsync(n):await C(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},mn=(e,n,t,s,o)=>async(i=void 0,r=null)=>{var p,E;const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,s.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const l=f?i:o.getOrigin()+u,d=e.tokens?e.tokens.idToken:"";try{const w=c.revocationEndpoint;if(w){const S=[],g=e.tokens?e.tokens.accessToken:null;if(g&&a.logout_tokens_to_invalidate.includes(Ie.access_token)){const h=le(r,":revoke_access_token"),I=Ee(t)(w,g,re.access_token,a.client_id,h);S.push(I)}const P=e.tokens?e.tokens.refreshToken:null;if(P&&a.logout_tokens_to_invalidate.includes(Ie.refresh_token)){const h=le(r,":revoke_refresh_token"),I=Ee(t)(w,P,re.refresh_token,a.client_id,h);S.push(I)}S.length>0&&await Promise.all(S)}}catch(w){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(w)}const _=((E=(p=e.tokens)==null?void 0:p.idTokenPayload)==null?void 0:E.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,w]of Object.entries(n))w!==e?await e.logoutSameTabAsync(e.configuration.client_id,_):e.publishEvent(m.logout_from_same_tab,{});const k=le(r,":oidc");if(k&&k.no_reload==="true")return;const y=yn(r);if(c.endSessionEndpoint){"id_token_hint"in y||(y.id_token_hint=d),!("post_logout_redirect_uri"in y)&&i!==null&&(y.post_logout_redirect_uri=l);let w="";for(const[S,g]of Object.entries(y))g!=null&&(w===""?w+="?":w+="&",w+=`${S}=${encodeURIComponent(g)}`);o.open(`${c.endSessionEndpoint}${w}`)}else o.reload()},Ne=(e,n,t=!1)=>async(...s)=>{var _;const[o,i,...r]=s,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const u={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:k}=await ae(n)(n.configuration,n.configurationName,n.tokens,!1);return k},renewTokensAsync:n.renewTokensAsync.bind(n)},f=await he(u),l=(_=f==null?void 0:f.tokens)==null?void 0:_.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(n.configuration.demonstrating_proof_of_possession&&t){const k=await n.generateDemonstrationOfProofOfPossessionAsync(l,o.toString(),a.method);c.set("Authorization",`DPoP ${l}`),c.set("DPoP",k)}else c.set("Authorization",`Bearer ${l}`);a.credentials||(a.credentials="same-origin")}const d={...a,headers:c};return await e(o,d,...r)},pn=e=>async(n=!1,t=!1)=>{var u,f;if(e.userInfo!=null&&!n)return e.userInfo;const s=!n&&((u=e.configuration.storage)==null?void 0:u.getItem(`oidc.${e.configurationName}.userInfo`));if(s)return e.userInfo=JSON.parse(s),e.userInfo;const o=e.configuration,r=(await e.initAsync(o.authority,o.authority_configuration)).userInfoEndpoint,c=await(async()=>{const d=await Ne(fetch,e,t)(r);return d.status!==200?null:d.json()})();return e.userInfo=c,c&&((f=e.configuration.storage)==null||f.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(c))),c},Ce=()=>fetch;class ue{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const $={},wn=(e,n=new D)=>(t,s="default")=>($[s]||($[s]=new W(t,s,e,n)),$[s]),An=async e=>{const{parsedTokens:n,callbackPath:t,extras:s,scope:o}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt,s,o),{callbackPath:t}},Sn=e=>Math.floor(Math.random()*e),j=class j{constructor(n,t="default",s,o=new D){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new D,this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??U.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_activate:n.service_worker_activate??un,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Je,preload_user_info:n.preload_user_info??!1},this.getFetch=s??Ce,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=Sn(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call($,n)&&t)throw Error(`OIDC library does seem initialized.
-Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return $[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=z(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=z(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new ue({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const i=await x(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await en(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=_n(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,t,s,o=!1){await rn(this,$,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=on(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):this.loginPromise=hn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await gn(this)(n),o=s.tokens;return this.tokens=o,await x(this.configuration,this.configurationName)||C(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(j.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath,scope:s.scope,extras:s.extras}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const i=this.configuration,r={ath:await ve(n),...o};if(await x(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${me(this.configurationName)}`;const c=C(this.configurationName,i.storage),u=await c.getDemonstratingProofOfPossessionJwkAsync(),f=c.getDemonstratingProofOfPossessionNonce();return f&&(r.nonce=f),await Se(window)(i.demonstrating_proof_of_possession_configuration)(u,s,t,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=An(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,t=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=pn(this)(n,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=be(this,!0,n,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await kn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=mn(this,$,this.getFetch(),console,this.location)(n,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};j.getOrCreate=(n,t)=>(s,o="default")=>wn(n,t)(s,o),j.eventNames=m;let W=j;const M=class M{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new M(W.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,t,s,o,i)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,t=null){return this._oidc.renewTokensAsync(n,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){const s=this._oidc,o={getTokens:()=>s.tokens,configuration:{token_automatic_renew_mode:s.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:s.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:i}=await ae(s)(s.configuration,s.configurationName,s.tokens,!1);return i},renewTokensAsync:s.renewTokensAsync.bind(s)};return he(o,n,t)}fetchWithTokens(n,t=!1){return Ne(n,this._oidc,t)}async userInfoAsync(n=!1,t=!1){return this._oidc.userInfoAsync(n,t)}userInfo(){return this._oidc.userInfo}};M.getOrCreate=(n,t=new D)=>(s,o="default")=>new M(W.getOrCreate(n,t)(s,o)),M.eventNames=W.eventNames;let _e=M;N.OidcClient=_e,N.OidcLocation=D,N.TokenAutomaticRenewMode=U,N.TokenRenewMode=G,N.getFetchDefault=Ce,N.getParseQueryStringFromLocation=z,N.getPath=fn,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});
+(function(N,D){typeof exports=="object"&&typeof module<"u"?D(exports):typeof define=="function"&&define.amd?define(["exports"],D):(N=typeof globalThis<"u"?globalThis:N||self,D(N["oidc-client"]={}))})(this,function(N){"use strict";class D{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const fe=2e3,K=console;class De{constructor(n,s,t,o=fe,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||fe,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(K.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(K.debug(n),K.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):K.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){K.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(K.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const m={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},C=(e,n=sessionStorage)=>{const s=g=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:g}),delete n[`oidc.${e}.userInfo`],Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const g=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:g.tokens,status:g.status})},o=g=>{n[`oidc.${e}`]=JSON.stringify({tokens:g})},i=async g=>{n[`oidc.session_state.${e}`]=g},r=async()=>n[`oidc.session_state.${e}`],a=g=>{n[`oidc.nonce.${e}`]=g.nonce},c=g=>{n[`oidc.jwk.${e}`]=JSON.stringify(g)},u=()=>JSON.parse(n[`oidc.jwk.${e}`]),f=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async g=>{n[`oidc.dpop_nonce.${e}`]=g},d=()=>n[`oidc.dpop_nonce.${e}`],_=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,k={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:_,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:f,setLoginParams:g=>{k[e]=g,n[`oidc.login.${e}`]=JSON.stringify(g)},getLoginParams:()=>{const g=n[`oidc.login.${e}`];return g?(k[e]||(k[e]=JSON.parse(g)),k[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async g=>{n[`oidc.state.${e}`]=g},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async g=>{n[`oidc.code_verifier.${e}`]=g},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:d,setDemonstratingProofOfPossessionJwkAsync:c,getDemonstratingProofOfPossessionJwkAsync:u}};var U=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(U||{});const Re=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),$e=e=>JSON.parse(Re(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),de=e=>{try{return e&&Ke(e,".")===2?$e(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Ke=(e,n)=>e.split(n).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Ue(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const Q=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=de(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:de(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Ue(e,t,r);let u;e.expiresAt?u=e.expiresAt:s===G.access_token_invalid?u=c:s===G.id_token_invalid?u=a:u=a<c?a:c;const f={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:u,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...f,refreshToken:l}}return f},Z=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),Q(t,n,s)},B=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},Ve=(e,n=0)=>e?B(n,e.expiresAt)>0:!1,he=async(e,n=200,s=50)=>{let t=s,o=await e.syncTokensInfoAsync();for(;[O.REQUIRE_SYNC_TOKENS,O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,O.TOKENS_INVALID].includes(o)&&t>0;){if(e.configuration.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await ne({milliseconds:n});t=t-1,o=await e.syncTokensInfoAsync()}return{isTokensValid:Ve(e.getTokens()),tokens:e.getTokens(),numberWaited:t-s}},ge=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},V=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),ee="7.26.0";let ye=null,q;const ne=({milliseconds:e})=>new Promise(n=>V.setTimeout(n,e)),ke=(e="/")=>{try{q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:q.signal}).catch(t=>{console.log(t)}),ne({milliseconds:150*1e3}).then(ke)}catch(n){console.log(n)}},se=()=>{q&&q.abort()},me=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,s),s},b=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:me(n.configurationName)},[o.port2])}),x=async(e,n)=>{const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;const t=`${s}?v=${ee}`;let o=null;e.service_worker_register?o=await e.service_worker_register(s):o=await navigator.serviceWorker.register(t,{updateViaCache:"none"}),o.addEventListener("updatefound",()=>{const h=o.installing;se(),h==null||h.addEventListener("statechange",()=>{h.state==="installed"&&navigator.serviceWorker.controller&&(se(),console.log("New SW waiting – skipWaiting()"),h.postMessage({type:"SKIP_WAITING"}))})}),navigator.serviceWorker.addEventListener("controllerchange",()=>{console.log("SW controller changed – reloading page"),se(),window.location.reload()});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await b(o)({type:"claim"})}catch(h){return console.warn(`Failed init ServiceWorker ${h.toString()}`),null}const i=async h=>b(o)({type:"clear",data:{status:h},configurationName:n}),r=async(h,I,T)=>{const v=await b(o)({type:"init",data:{oidcServerConfiguration:h,where:I,oidcConfiguration:{token_renew_mode:T.token_renew_mode,service_worker_convert_all_requests_to_cors:T.service_worker_convert_all_requests_to_cors}},configurationName:n}),R=v.version;return R!==ee&&console.warn(`Service worker ${R} version mismatch with js client version ${ee}, unregistering and reloading`),{tokens:Z(v.tokens,null,T.token_renew_mode),status:v.status}},a=(h="/")=>{ye==null&&(ye="not_null",ke(h))},c=h=>b(o)({type:"setSessionState",data:{sessionState:h},configurationName:n}),u=async()=>(await b(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,f=h=>(sessionStorage[`oidc.nonce.${n}`]=h.nonce,b(o)({type:"setNonce",data:{nonce:h},configurationName:n})),l=async(h=!0)=>{let T=(await b(o)({type:"getNonce",data:null,configurationName:n})).nonce;return T||(T=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage"),h&&(await f(T),T=(await l(!1)).nonce)),{nonce:T}},d={},_=h=>{d[n]=h,localStorage[`oidc.login.${n}`]=JSON.stringify(h)},k=()=>{const h=localStorage[`oidc.login.${n}`];return d[n]||(d[n]=JSON.parse(h)),d[n]},A=async h=>{await b(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:h},configurationName:n})},y=async()=>(await b(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,p=async h=>{const I=JSON.stringify(h);await b(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:I},configurationName:n})},E=async()=>{const h=await b(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return h.demonstratingProofOfPossessionJwkJson?JSON.parse(h.demonstratingProofOfPossessionJwkJson):null},w=async(h=!0)=>{let T=(await b(o)({type:"getState",data:null,configurationName:n})).state;return T||(T=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage"),h&&(await S(T),T=await w(!1))),T},S=async h=>(sessionStorage[`oidc.state.${n}`]=h,b(o)({type:"setState",data:{state:h},configurationName:n})),g=async(h=!0)=>{let T=(await b(o)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return T||(T=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage"),h&&(await P(T),T=await g(!1))),T},P=async h=>(sessionStorage[`oidc.code_verifier.${n}`]=h,b(o)({type:"setCodeVerifier",data:{codeVerifier:h},configurationName:n}));return{clearAsync:i,initAsync:r,startKeepAliveServiceWorker:()=>a(e.service_worker_keep_alive_path),setSessionStateAsync:c,getSessionStateAsync:u,setNonceAsync:f,getNonceAsync:l,setLoginParams:_,getLoginParams:k,getStateAsync:w,setStateAsync:S,getCodeVerifierAsync:g,setCodeVerifierAsync:P,setDemonstratingProofOfPossessionNonce:A,getDemonstratingProofOfPossessionNonce:y,setDemonstratingProofOfPossessionJwkAsync:p,getDemonstratingProofOfPossessionJwkAsync:E}},F={},Fe=(e,n=window.sessionStorage,s)=>{if(!F[e]&&n){const o=n.getItem(e);o&&(F[e]=JSON.parse(o))}const t=1e3*s;return F[e]&&F[e].timestamp+t>Date.now()?F[e].result:null},Me=(e,n,s=window.sessionStorage)=>{const t=Date.now();F[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function pe(e){return new TextEncoder().encode(e)}function we(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Be(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const te=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),we(n)};function Ae(e){return we(Be(e))}const Je={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},He={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:Ae(JSON.stringify(s)),payload:Ae(JSON.stringify(t))},a=o.importKeyAlgorithm,c=!0,u=["sign"],f=await e.crypto.subtle.importKey("jwk",n,a,c,u),l=pe(`${r.protected}.${r.payload}`),d=o.signAlgorithm,_=await e.crypto.subtle.sign(d,f,l);return r.signature=te(new Uint8Array(_)),`${r.protected}.${r.payload}.${r.signature}`}},je={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},Ge={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,pe(t));return te(new Uint8Array(o))}},qe=e=>async n=>await je.generate(e)(n),Se=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(Ye()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await Ge.thumbprint(e)(s,n.digestAlgorithm);return await He.sign(e)(s,{kid:a},r,n)},Ye=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Te=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},oe="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Xe=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%oe.length;n.push(oe[t])}return n.join("")},ie=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Te();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*oe.length|0;return Xe(n)};function ze(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function ve(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",ze(e)).then(t=>n(te(new Uint8Array(t))),t=>s(t))})}const Qe=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Te();return n?ve(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Ze=60*60,en=e=>async(n,s=Ze,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Fe(r,t,s);if(a)return new ue(a);const c=await J(e)(i,{},o);if(c.status!==200)return null;const u=await c.json();return Me(r,u,t),new ue(u)},J=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},re={refresh_token:"refresh_token",access_token:"access_token"},Ee=e=>async(n,s,t=re.refresh_token,o,i={},r=1e4)=>{const a={token:s,token_type_hint:t,client_id:o};for(const[l,d]of Object.entries(i))a[l]===void 0&&(a[l]=d);const c=[];for(const l in a){const d=encodeURIComponent(l),_=encodeURIComponent(a[l]);c.push(`${d}=${_}`)}const u=c.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:u},r)).status!==200?{success:!1}:{success:!0}},nn=e=>async(n,s,t,o,i={},r,a=1e4)=>{for(const[_,k]of Object.entries(t))s[_]===void 0&&(s[_]=k);const c=[];for(const _ in s){const k=encodeURIComponent(_),A=encodeURIComponent(s[_]);c.push(`${k}=${A}`)}const u=c.join("&"),f=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:u},a);if(f.status!==200)return{success:!1,status:f.status,demonstratingProofOfPossessionNonce:null};const l=await f.json();let d=null;return f.headers.has(Y)&&(d=f.headers.get(Y)),{success:!0,status:f.status,data:Z(l,o,r),demonstratingProofOfPossessionNonce:d}},sn=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=ie(128),i=await Qe(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[a,c]of Object.entries(t))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${s}${r}`)},Y="DPoP-Nonce",tn=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const l in s){const d=encodeURIComponent(l),_=encodeURIComponent(s[l]);r.push(`${d}=${_}`)}const a=r.join("&"),c=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let u=null;c.headers.has(Y)&&(u=c.headers.get(Y));const f=await c.json();return{success:!0,data:{state:s.state,tokens:Z(f,null,o),demonstratingProofOfPossessionNonce:u}}};async function Oe(e,n,s,t=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await X(e)(o,0,0,n,s,t);return await x(e.configuration,e.configurationName)||C(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function be(e,n=!1,s=null,t=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await x(e.configuration,e.configurationName);if((o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!a||!navigator.locks)r=await Oe(e,n,s,t);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async u=>u?await Oe(e,n,s,t):(e.publishEvent(W.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=H(e,e.tokens.expiresAt,s,t)),e.tokens):null}const H=(e,n,s=null,t=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&V.clearTimeout(e.timeoutId),V.setTimeout(async()=>{const r={timeLeft:B(o,n)};e.publishEvent(W.eventNames.token_timer,r),await be(e,!1,s,t)},1e3)},O={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS",TOKENS_INVALID:"TOKENS_INVALID"},ae=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:O.NOT_CONNECTED,nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await x(n,s);if(c){const{status:l,tokens:d}=await c.initAsync(a,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:O.LOGOUT_FROM_ANOTHER_TAB,nonce:i};if(l==="SESSIONS_LOST")return{tokens:null,status:O.SESSION_LOST,nonce:i};if(!l||!d)return{tokens:null,status:O.REQUIRE_SYNC_TOKENS,nonce:i};if(d.issuedAt!==t.issuedAt){const k=B(n.refresh_time_before_tokens_expiration_in_second,d.expiresAt)>0?O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,A=await c.getNonceAsync();return{tokens:d,status:k,nonce:A}}r=await c.getNonceAsync()}else{const l=C(s,n.storage??sessionStorage),d=await l.initAsync();let{tokens:_}=d;const{status:k}=d;if(_&&(_=Q(_,e.tokens,n.token_renew_mode)),_){if(k==="SESSIONS_LOST")return{tokens:null,status:O.SESSION_LOST,nonce:i};if(_.issuedAt!==t.issuedAt){const y=B(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,p=await l.getNonceAsync();return{tokens:_,status:y,nonce:p}}}else return{tokens:null,status:O.LOGOUT_FROM_ANOTHER_TAB,nonce:i};r=await l.getNonceAsync()}const f=B(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:f,nonce:r}},X=e=>async(n,s=0,t=0,o=!1,i=null,r=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let a=6;const c=o?2:5,u=5;for(;!navigator.onLine&&a>0;)await ne({milliseconds:1e3}),a--,e.publishEvent(m.refreshTokensAsync,{message:`wait because navigator is offline try ${a}`});const f=document.hidden,l=f?s:s+1,d=f?t+1:t;if(s>=c||t>=u)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};i||(i={});const _=e.configuration,k=(y,p=null,E=null)=>ce(e.configurationName,e.configuration,e.publishEvent.bind(e))(y,p,E),A=async()=>{try{let y;const p=await x(_,e.configurationName);p?y=p.getLoginParams():y=C(e.configurationName,_.storage).getLoginParams();const E={};if(y&&y.extras)for(const[S,g]of Object.entries(y.extras))E[S]=g;if(i)for(const[S,g]of Object.entries(i))E[S]=g;E.prompt="none",r&&(E.scope=r);const w=await k(E);return w?w.error?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(w.tokens),e.publishEvent(W.eventNames.token_renewed,{}),{tokens:w.tokens,status:"LOGGED"}):(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(y){return console.error(y),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:y.message}),await X(e)(n,l,d,o,i,r)}};try{const{status:y,tokens:p,nonce:E}=await ae(e)(_,e.configurationName,e.tokens,o);switch(y){case O.SESSION_LOST:return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case O.NOT_CONNECTED:return n(null),{tokens:null,status:null};case O.TOKENS_VALID:return n(p),{tokens:p,status:"LOGGED_IN"};case O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(p),e.publishEvent(W.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:p,status:"LOGGED_IN"};case O.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(m.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case O.REQUIRE_SYNC_TOKENS:return _.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(m.refreshTokensAsync_begin,{tryNumber:s}),await A());default:{if(_.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&O.FORCE_REFRESH!==y)return e.publishEvent(m.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(m.refreshTokensAsync_begin,{refreshToken:p.refreshToken,status:y,tryNumber:s,backgroundTry:t}),!p.refreshToken)return await A();const w=_.client_id,S=_.redirect_uri,g=_.authority,h={..._.token_request_extras?_.token_request_extras:{}};for(const[T,v]of Object.entries(i))T.endsWith(":token_request")&&(h[T.replace(":token_request","")]=v);return await(async()=>{const T={client_id:w,redirect_uri:S,grant_type:"refresh_token",refresh_token:p.refreshToken},v=await e.initAsync(g,_.authority_configuration),R=document.hidden?1e4:3e4*10,xe=v.tokenEndpoint,Le={};_.demonstrating_proof_of_possession&&(Le.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(p.accessToken,xe,"POST"));const L=await nn(e.getFetch())(xe,T,h,p,Le,_.token_renew_mode,R);if(L.success){const{isValid:Tn,reason:vn}=ge(L.data,E.nonce,v);if(!Tn)return n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${vn}`}),{tokens:null,status:"SESSION_LOST"};if(n(L.data),L.demonstratingProofOfPossessionNonce){const We=await x(_,e.configurationName);We?await We.setDemonstratingProofOfPossessionNonce(L.demonstratingProofOfPossessionNonce):await C(e.configurationName,_.storage).setDemonstratingProofOfPossessionNonce(L.demonstratingProofOfPossessionNonce)}return e.publishEvent(m.refreshTokensAsync_end,{success:L.success}),e.publishEvent(W.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:L.data,status:"LOGGED_IN"}}else return e.publishEvent(m.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:L}),L.status>=400&&L.status<500?(n(null),e.publishEvent(m.refreshTokensAsync_error,{message:`session lost: ${L.status}`}),{tokens:null,status:"SESSION_LOST"}):await X(e)(n,l,d,o,i,r)})()}}}catch(y){return console.error(y),e.publishEvent(m.refreshTokensAsync_silent_error,{message:"exception",exception:y.message}),new Promise((p,E)=>{setTimeout(()=>{X(e)(n,l,d,o,i,r).then(p).catch(E)},1e3)})}},ce=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(m.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i!=null&&(t==null&&(t={}),t.scope=i),t!=null)for(const[l,d]of Object.entries(t))r===""?r=`?${encodeURIComponent(l)}=${encodeURIComponent(d)}`:r+=`&${encodeURIComponent(l)}=${encodeURIComponent(d)}`;const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),u=a.substring(0,c),f=document.createElement("iframe");return f.width="0px",f.height="0px",f.id=`${e}_oidc_iframe`,f.setAttribute("src",a),f.style.display="none",document.body.appendChild(f),new Promise((l,d)=>{let _=!1;const k=()=>{window.removeEventListener("message",A),f.remove(),_=!0},A=y=>{if(y.origin===u&&y.source===f.contentWindow){const p=`${e}_oidc_tokens:`,E=`${e}_oidc_error:`,w=`${e}_oidc_exception:`,S=y.data;if(S&&typeof S=="string"&&!_){if(S.startsWith(p)){const g=JSON.parse(y.data.replace(p,""));s(m.silentLoginAsync_end,{}),l(g),k()}else if(S.startsWith(E)){const g=JSON.parse(y.data.replace(E,""));s(m.silentLoginAsync_error,g),l({error:"oidc_"+g.error,tokens:null,sessionState:null}),k()}else if(S.startsWith(w)){const g=JSON.parse(y.data.replace(w,""));s(m.silentLoginAsync_error,g),d(new Error(g.error)),k()}}}};try{window.addEventListener("message",A);const y=n.silent_login_timeout;setTimeout(()=>{_||(k(),s(m.silentLoginAsync_error,{reason:"timeout"}),d(new Error("timeout")))},y)}catch(y){k(),s(m.silentLoginAsync_error,y),d(y)}})}catch(r){throw s(m.silentLoginAsync_error,r),r}},on=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const a=(u,f,l)=>ce(n,s,t.bind(o))(u,f,l);return(async()=>{o.timeoutId&&V.clearTimeout(o.timeoutId);let u;i&&"state"in i&&(u=i.state,delete i.state);try{const f=s.extras?{...s.extras,...i}:i,l=await a({...f,prompt:"none"},u,r);if(l)return o.tokens=l.tokens,t(m.token_acquired,{}),o.timeoutId=H(o,o.tokens.expiresAt,i,r),{}}catch(f){return f}})()},rn=(e,n,s)=>(t,o,i,r=!1)=>{const a=(c,u=void 0,f=void 0)=>ce(e.configurationName,s,e.publishEvent.bind(e))(c,u,f);return new Promise((c,u)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const f=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const d=l.idToken,_=l.idTokenPayload;return a({prompt:"none",id_token_hint:d,scope:s.scope||"openid"}).then(k=>{if(k.error)throw new Error(k.error);const A=k.tokens.idTokenPayload;if(_.sub===A.sub){const y=k.sessionState;e.checkSessionIFrame.start(k.sessionState),_.sid===A.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",y):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",y)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",A.sub)}).catch(async k=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",k);for(const[,A]of Object.entries(n))await A.logoutOtherTabAsync(s.client_id,_.sub)})};e.checkSessionIFrame=new De(f,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(l=>{u(l)})}else c(null)})},an=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),cn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(s)){o=c.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function ln(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const un=()=>{const{name:e,version:n}=ln();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=cn(navigator);return!an(s)},_n=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(m.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await x(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=H(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.checkSessionIframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(m.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=C(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Q(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=H(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.checkSessionIframe,s.client_id,a),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(m.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(m.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Pe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},fn=e=>{const n=Pe(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},z=e=>{const n=Pe(e),{search:s}=n;return dn(s)},dn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},hn=(e,n,s,t,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const u=r;return r={...r},(async()=>{const l=i||o.getPath();if("state"in r||(r.state=ie(16)),s(m.loginAsync_begin,{}),r)for(const d of Object.keys(r))d.endsWith(":token_request")&&delete r[d];try{const d=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const _=n.extras?{...n.extras,...r}:r;_.nonce||(_.nonce=ie(12));const k={nonce:_.nonce},A=await x(n,e),y=await t(n.authority,n.authority_configuration);let p;if(A)A.setLoginParams({callbackPath:l,extras:u,scope:c}),await A.initAsync(y,"loginAsync",n),await A.setNonceAsync(k),A.startKeepAliveServiceWorker(),p=A;else{const w=C(e,n.storage??sessionStorage);w.setLoginParams({callbackPath:l,extras:u,scope:c}),await w.setNonceAsync(k),p=w}const E={client_id:n.client_id,redirect_uri:d,scope:c,response_type:"code",..._};await sn(p,o)(y.authorizationEndpoint,E)}catch(d){throw s(m.loginAsync_error,d),d}})()},gn=e=>async(n=!1)=>{try{e.publishEvent(m.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,a=await e.initAsync(i,s.authority_configuration),c=e.location.getCurrentHref(),u=z(c),f=u.session_state,l=await x(s,e.configurationName);let d,_,k,A;if(l)await l.initAsync(a,"loginCallbackAsync",s),await l.setSessionStateAsync(f),_=await l.getNonceAsync(),k=l.getLoginParams(),A=await l.getStateAsync(),l.startKeepAliveServiceWorker(),d=l;else{const v=C(e.configurationName,s.storage??sessionStorage);await v.setSessionStateAsync(f),_=await v.getNonceAsync(),k=v.getLoginParams(),A=await v.getStateAsync(),d=v}if(u.error||u.error_description)throw new Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${u.iss})`);if(u.state&&u.state!==A)throw new Error(`State not valid (expected: ${A}, received: ${u.state})`);const y={code:u.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},p={};if(s.token_request_extras)for(const[v,R]of Object.entries(s.token_request_extras))p[v]=R;if(k!=null&&k.extras)for(const[v,R]of Object.entries(k.extras))v.endsWith(":token_request")&&(p[v.replace(":token_request","")]=R);const E=a.tokenEndpoint,w={};if(s.demonstrating_proof_of_possession)if(l)w.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const v=await qe(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await C(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(v),w.DPoP=await Se(window)(s.demonstrating_proof_of_possession_configuration)(v,"POST",E)}const S=await tn(d)(E,{...y,...p},w,e.configuration.token_renew_mode,r);if(!S.success)throw new Error("Token request failed");let g;const P=S.data.tokens,h=S.data.demonstratingProofOfPossessionNonce;if(S.data.state!==p.state)throw new Error("state is not valid");const{isValid:I,reason:T}=ge(P,_.nonce,a);if(!I)throw new Error(`Tokens are not OpenID valid, reason: ${T}`);if(l){if(P.refreshToken&&!P.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(h&&(P!=null&&P.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(a,"syncTokensAsync",s),g=l.getLoginParams(),h&&await l.setDemonstratingProofOfPossessionNonce(h);else{const v=C(e.configurationName,s.storage);g=v.getLoginParams(),h&&await v.setDemonstratingProofOfPossessionNonce(h)}return await e.startCheckSessionAsync(a.checkSessionIframe,t,f,n),e.publishEvent(m.loginCallbackAsync_end,{}),{tokens:P,state:"request.state",callbackPath:g.callbackPath,scope:u.scope,extras:g.extras}}catch(s){throw console.error(s),e.publishEvent(m.loginCallbackAsync_error,s),s}},Ie={access_token:"access_token",refresh_token:"refresh_token"},le=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},yn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},kn=e=>async n=>{V.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await x(e.configuration,e.configurationName);s?await s.clearAsync(n):await C(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},mn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{var p,E;const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const u=i??o.getPath();let f=!1;i&&(f=i.includes("https://")||i.includes("http://"));const l=f?i:o.getOrigin()+u,d=e.tokens?e.tokens.idToken:"";try{const w=c.revocationEndpoint;if(w){const S=[],g=e.tokens?e.tokens.accessToken:null;if(g&&a.logout_tokens_to_invalidate.includes(Ie.access_token)){const h=le(r,":revoke_access_token"),I=Ee(s)(w,g,re.access_token,a.client_id,h);S.push(I)}const P=e.tokens?e.tokens.refreshToken:null;if(P&&a.logout_tokens_to_invalidate.includes(Ie.refresh_token)){const h=le(r,":revoke_refresh_token"),I=Ee(s)(w,P,re.refresh_token,a.client_id,h);S.push(I)}S.length>0&&await Promise.all(S)}}catch(w){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(w)}const _=((E=(p=e.tokens)==null?void 0:p.idTokenPayload)==null?void 0:E.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,w]of Object.entries(n))w!==e?await e.logoutSameTabAsync(e.configuration.client_id,_):e.publishEvent(m.logout_from_same_tab,{});const k=le(r,":oidc");if(k&&k.no_reload==="true")return;const y=yn(r);if(c.endSessionEndpoint){"id_token_hint"in y||(y.id_token_hint=d),!("post_logout_redirect_uri"in y)&&i!==null&&(y.post_logout_redirect_uri=l);let w="";for(const[S,g]of Object.entries(y))g!=null&&(w===""?w+="?":w+="&",w+=`${S}=${encodeURIComponent(g)}`);o.open(`${c.endSessionEndpoint}${w}`)}else o.reload()},Ne=(e,n,s=!1)=>async(...t)=>{var _;const[o,i,...r]=t,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const u={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:k}=await ae(n)(n.configuration,n.configurationName,n.tokens,!1);return k},renewTokensAsync:n.renewTokensAsync.bind(n)},f=await he(u),l=(_=f==null?void 0:f.tokens)==null?void 0:_.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(n.configuration.demonstrating_proof_of_possession&&s){const k=await n.generateDemonstrationOfProofOfPossessionAsync(l,o.toString(),a.method);c.set("Authorization",`DPoP ${l}`),c.set("DPoP",k)}else c.set("Authorization",`Bearer ${l}`);a.credentials||(a.credentials="same-origin")}const d={...a,headers:c};return await e(o,d,...r)},pn=e=>async(n=!1,s=!1)=>{var u,f;if(e.userInfo!=null&&!n)return e.userInfo;const t=!n&&((u=e.configuration.storage)==null?void 0:u.getItem(`oidc.${e.configurationName}.userInfo`));if(t)return e.userInfo=JSON.parse(t),e.userInfo;const o=e.configuration,r=(await e.initAsync(o.authority,o.authority_configuration)).userInfoEndpoint,c=await(async()=>{const d=await Ne(fetch,e,s)(r);return d.status!==200?null:d.json()})();return e.userInfo=c,c&&((f=e.configuration.storage)==null||f.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(c))),c},Ce=()=>fetch;class ue{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const $={},wn=(e,n=new D)=>(s,t="default")=>($[t]||($[t]=new W(s,t,e,n)),$[t]),An=async e=>{const{parsedTokens:n,callbackPath:s,extras:t,scope:o}=await e.loginCallbackAsync();return e.timeoutId=H(e,n.expiresAt,t,o),{callbackPath:s}},Sn=e=>Math.floor(Math.random()*e),j=class j{constructor(n,s="default",t,o=new D){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new D,this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??U.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_activate:n.service_worker_activate??un,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Je,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call($,n)&&s)throw Error(`OIDC library does seem initialized.
+Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return $[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=z(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=z(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ue({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await x(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await en(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=_n(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await rn(this,$,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=on(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):this.loginPromise=hn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await gn(this)(n),o=t.tokens;return this.tokens=o,await x(this.configuration,this.configurationName)||C(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(j.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath,scope:t.scope,extras:t.extras}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await ve(n),...o};if(await x(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${me(this.configurationName)}`;const c=C(this.configurationName,i.storage),u=await c.getDemonstratingProofOfPossessionJwkAsync(),f=c.getDemonstratingProofOfPossessionNonce();return f&&(r.nonce=f),await Se(window)(i.demonstrating_proof_of_possession_configuration)(u,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=An(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,s=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=pn(this)(n,s),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,s=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return V.clearTimeout(this.timeoutId),this.renewTokensPromise=be(this,!0,n,s),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await kn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(m.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=mn(this,$,this.getFetch(),console,this.location)(n,s),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};j.getOrCreate=(n,s)=>(t,o="default")=>wn(n,s)(t,o),j.eventNames=m;let W=j;const M=class M{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new M(W.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,s=null){return this._oidc.renewTokensAsync(n,s)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t,o)}async getValidTokenAsync(n=200,s=50){const t=this._oidc,o={getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:i}=await ae(t)(t.configuration,t.configurationName,t.tokens,!1);return i},renewTokensAsync:t.renewTokensAsync.bind(t)};return he(o,n,s)}fetchWithTokens(n,s=!1){return Ne(n,this._oidc,s)}async userInfoAsync(n=!1,s=!1){return this._oidc.userInfoAsync(n,s)}userInfo(){return this._oidc.userInfo}};M.getOrCreate=(n,s=new D)=>(t,o="default")=>new M(W.getOrCreate(n,s)(t,o)),M.eventNames=W.eventNames;let _e=M;N.OidcClient=_e,N.OidcLocation=D,N.TokenAutomaticRenewMode=U,N.TokenRenewMode=G,N.getFetchDefault=Ce,N.getParseQueryStringFromLocation=z,N.getPath=fn,Object.defineProperty(N,Symbol.toStringTag,{value:"Module"})});

package/dist/initSession.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"initSession.d.ts","sourceRoot":"","sources":["../src/initSession.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW,GAAI,sBAAiB,EAAE,iBAAwB;;;;;;;;;;;;;;;;;~~2BAoFjC~~,MAAM;;;wDAxCuB,MAAM;kDAIpB,MAAM;qDAjBD,UAAU;;CAqFnE,CAAC"}
1	+ {"version":3,"file":"initSession.d.ts","sourceRoot":"","sources":["../src/initSession.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW,GAAI,sBAAiB,EAAE,iBAAwB;;;;;;;;;;;;;;;;;2BAqFjC,MAAM;;;wDAxCuB,MAAM;kDAIpB,MAAM;qDAjBD,UAAU;;CAqFnE,CAAC"}

package/dist/version.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-declare const _default: "7.25.16";
+declare const _default: "7.26.0";
 export default _default;
 //# sourceMappingURL=version.d.ts.map

package/dist/version.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"wBAAe,~~SAAS~~;~~AAAxB~~,~~wBAAyB~~"}
1	+ {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"wBAAe,QAAQ;AAAvB,wBAAwB"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@axa-fr/oidc-client",
-  "version": "7.25.16",
+  "version": "7.26.0",
   "private": false,
   "type": "module",
   "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
     "url": "https://github.com/AxaFrance/oidc-client.git"
   },
   "dependencies": {
-    "@axa-fr/oidc-client-service-worker": "7.25.16"
+    "@axa-fr/oidc-client-service-worker": "7.26.0"
   },
   "devDependencies": {
     "@testing-library/dom": "10.4.0",

package/src/initSession.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 export const initSession = (configurationName, storage = sessionStorage) => {
   const clearAsync = status => {
     storage[`oidc.${configurationName}`] = JSON.stringify({ tokens: null, status });
+    delete storage[`oidc.${configurationName}.userInfo`];
     return Promise.resolve();
   };

package/src/version.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export default '7.25.16';
1	+ export default '7.26.0';