@axa-fr/oidc-client 7.25.4 → 7.25.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/index.js +40 -40
  2. package/dist/index.umd.cjs +2 -2
  3. package/dist/initWorker.d.ts +1 -0
  4. package/dist/initWorker.d.ts.map +1 -1
  5. package/dist/oidc.d.ts.map +1 -1
  6. package/dist/version.d.ts +1 -1
  7. package/package.json +2 -2
  8. package/src/initWorker.ts +1 -1
  9. package/src/oidc.ts +6 -2
  10. package/src/renewTokens.ts +1 -1
  11. package/src/version.ts +1 -1
package/dist/index.js CHANGED
@@ -17,7 +17,7 @@ class q {
17
17
  }
18
18
  }
19
19
  const ce = 2e3, D = console;
20
- class Ce {
20
+ class Ne {
21
21
  constructor(n, s, t, o = ce, i = !0) {
22
22
  this._callback = n, this._client_id = s, this._url = t, this._interval = o || ce, this._stopOnError = i;
23
23
  const r = t.indexOf("/", t.indexOf("//") + 2);
@@ -126,21 +126,21 @@ const k = {
126
126
  };
127
127
  };
128
128
  var V = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(V || {});
129
- const Ne = (e) => decodeURIComponent(
129
+ const xe = (e) => decodeURIComponent(
130
130
  Array.prototype.map.call(atob(e), (n) => "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2)).join("")
131
- ), xe = (e) => JSON.parse(Ne(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), le = (e) => {
131
+ ), We = (e) => JSON.parse(xe(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), le = (e) => {
132
132
  try {
133
- return e && We(e, ".") === 2 ? xe(e.split(".")[1]) : null;
133
+ return e && Le(e, ".") === 2 ? We(e.split(".")[1]) : null;
134
134
  } catch (n) {
135
135
  console.warn(n);
136
136
  }
137
137
  return null;
138
- }, We = (e, n) => e.split(n).length - 1, z = {
138
+ }, Le = (e, n) => e.split(n).length - 1, z = {
139
139
  access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
140
140
  access_token_invalid: "access_token_invalid",
141
141
  id_token_invalid: "id_token_invalid"
142
142
  };
143
- function Le(e, n, s) {
143
+ function De(e, n, s) {
144
144
  if (e.issuedAt) {
145
145
  if (typeof e.issuedAt == "string")
146
146
  return parseInt(e.issuedAt, 10);
@@ -156,7 +156,7 @@ const te = (e, n = null, s) => {
156
156
  let i;
157
157
  n != null && "idToken" in n && !("idToken" in e) ? i = n.idToken : i = e.idToken;
158
158
  const r = e.idTokenPayload ? e.idTokenPayload : le(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, c = t && t.exp ? t.exp : e.issuedAt + o;
159
- e.issuedAt = Le(e, t, r);
159
+ e.issuedAt = De(e, t, r);
160
160
  let l;
161
161
  e.expiresAt ? l = e.expiresAt : s === z.access_token_invalid ? l = c : s === z.id_token_invalid ? l = a : l = a < c ? a : c;
162
162
  const d = {
@@ -245,7 +245,7 @@ const te = (e, n = null, s) => {
245
245
  setInterval: setInterval.bind(e),
246
246
  clearInterval: clearInterval.bind(e)
247
247
  };
248
- }(), _e = "7.25.4";
248
+ }(), _e = "7.25.6";
249
249
  let fe = null, j;
250
250
  const Y = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Ae = (e = "/") => {
251
251
  try {
@@ -260,17 +260,17 @@ const Y = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Ae =
260
260
  }
261
261
  }, de = () => {
262
262
  j && j.abort();
263
- }, De = (e = "/") => fetch(`${e}OidcKeepAliveServiceWorker.json`, {
263
+ }, Re = (e = "/") => fetch(`${e}OidcKeepAliveServiceWorker.json`, {
264
264
  headers: {
265
265
  "oidc-vanilla": "true"
266
266
  }
267
267
  }).then((n) => n.statusText === "oidc-service-worker").catch((n) => {
268
268
  console.log(n);
269
- }), Re = (e) => async (n, s) => {
269
+ }), $e = (e) => async (n, s) => {
270
270
  s(), await n.update();
271
271
  const t = await n.unregister();
272
272
  console.log(`Service worker unregistration ${t ? "successful" : "failed"}`), await Y({ milliseconds: 2e3 }), e.reload();
273
- }, $e = (e) => {
273
+ }, Se = (e) => {
274
274
  const n = sessionStorage.getItem(`oidc.tabId.${e}`);
275
275
  if (n)
276
276
  return n;
@@ -280,7 +280,7 @@ const Y = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Ae =
280
280
  const o = new MessageChannel();
281
281
  o.port1.onmessage = function(i) {
282
282
  i != null && i.data.error ? t(i.data.error) : s(i.data), o.port1.close(), o.port2.close();
283
- }, e.active.postMessage({ ...n, tabId: $e(n.configurationName) }, [
283
+ }, e.active.postMessage({ ...n, tabId: Se(n.configurationName) }, [
284
284
  o.port2
285
285
  ]);
286
286
  }), I = async (e, n) => {
@@ -341,7 +341,7 @@ const Y = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Ae =
341
341
  clearAsync: o,
342
342
  initAsync: i,
343
343
  startKeepAliveServiceWorker: () => r(e.service_worker_keep_alive_path),
344
- isServiceWorkerProxyActiveAsync: () => De(e.service_worker_keep_alive_path),
344
+ isServiceWorkerProxyActiveAsync: () => Re(e.service_worker_keep_alive_path),
345
345
  setSessionStateAsync: a,
346
346
  getSessionStateAsync: c,
347
347
  setNonceAsync: l,
@@ -419,10 +419,10 @@ const Y = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Ae =
419
419
  const t = Date.now();
420
420
  R[e] = { result: n, timestamp: t }, s && s.setItem(e, JSON.stringify({ result: n, timestamp: t }));
421
421
  };
422
- function Se(e) {
422
+ function Te(e) {
423
423
  return new TextEncoder().encode(e);
424
424
  }
425
- function Te(e) {
425
+ function ve(e) {
426
426
  return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
427
427
  }
428
428
  function Fe(e) {
@@ -434,10 +434,10 @@ const ie = (e) => {
434
434
  let n = "";
435
435
  return e.forEach(function(s) {
436
436
  n += String.fromCharCode(s);
437
- }), Te(n);
437
+ }), ve(n);
438
438
  };
439
439
  function he(e) {
440
- return Te(Fe(e));
440
+ return ve(Fe(e));
441
441
  }
442
442
  const Ve = {
443
443
  importKeyAlgorithm: {
@@ -470,7 +470,7 @@ const Ve = {
470
470
  // @ts-ignore
471
471
  // JWT "claims" are really a JSON-defined JWS "payload"
472
472
  payload: he(JSON.stringify(t))
473
- }, a = o.importKeyAlgorithm, c = !0, l = ["sign"], d = await e.crypto.subtle.importKey("jwk", n, a, c, l), u = Se(`${r.protected}.${r.payload}`), _ = o.signAlgorithm, f = await e.crypto.subtle.sign(_, d, u);
473
+ }, a = o.importKeyAlgorithm, c = !0, l = ["sign"], d = await e.crypto.subtle.importKey("jwk", n, a, c, l), u = Te(`${r.protected}.${r.payload}`), _ = o.signAlgorithm, f = await e.crypto.subtle.sign(_, d, u);
474
474
  return r.signature = ie(new Uint8Array(f)), `${r.protected}.${r.payload}.${r.signature}`;
475
475
  }, Me = { sign: Je }, Be = (e) => async (n) => {
476
476
  const s = n, t = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(s, t, o);
@@ -493,9 +493,9 @@ const Ve = {
493
493
  default:
494
494
  throw new Error("Unknown or not implemented JWK type");
495
495
  }
496
- const o = await e.crypto.subtle.digest(s, Se(t));
496
+ const o = await e.crypto.subtle.digest(s, Te(t));
497
497
  return ie(new Uint8Array(o));
498
- }, Ge = { thumbprint: je }, Ye = (e) => async (n) => await qe.generate(e)(n), ve = (e) => (n) => async (s, t = "POST", o, i = {}) => {
498
+ }, Ge = { thumbprint: je }, Ye = (e) => async (n) => await qe.generate(e)(n), be = (e) => (n) => async (s, t = "POST", o, i = {}) => {
499
499
  const r = {
500
500
  // https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
501
501
  jti: btoa(Xe()),
@@ -519,7 +519,7 @@ const Ve = {
519
519
  for (let o = 0; o < 36; o++)
520
520
  e[o] !== "-" && e[o] !== "4" && (s = Math.random() * 16 | 0), e[o] === "x" ? t += n[s] : e[o] === "y" ? (s &= 3, s |= 8, t += n[s]) : t += e[o];
521
521
  return t;
522
- }, be = () => {
522
+ }, Ee = () => {
523
523
  const e = typeof window < "u" && !!window.crypto, n = e && !!window.crypto.subtle;
524
524
  return { hasCrypto: e, hasSubtleCrypto: n };
525
525
  }, Q = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", ze = (e) => {
@@ -530,7 +530,7 @@ const Ve = {
530
530
  }
531
531
  return n.join("");
532
532
  }, Z = (e) => {
533
- const n = new Uint8Array(e), { hasCrypto: s } = be();
533
+ const n = new Uint8Array(e), { hasCrypto: s } = Ee();
534
534
  if (s)
535
535
  window.crypto.getRandomValues(n);
536
536
  else
@@ -544,7 +544,7 @@ function Qe(e) {
544
544
  s[t] = e.charCodeAt(t);
545
545
  return s;
546
546
  }
547
- function Ee(e) {
547
+ function Oe(e) {
548
548
  return new Promise((n, s) => {
549
549
  crypto.subtle.digest("SHA-256", Qe(e)).then(
550
550
  (t) => n(ie(new Uint8Array(t))),
@@ -555,8 +555,8 @@ function Ee(e) {
555
555
  const Ze = (e) => {
556
556
  if (e.length < 43 || e.length > 128)
557
557
  return Promise.reject(new Error("Invalid code length."));
558
- const { hasSubtleCrypto: n } = be();
559
- return n ? Ee(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
558
+ const { hasSubtleCrypto: n } = Ee();
559
+ return n ? Oe(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
560
560
  }, en = 60 * 60, nn = (e) => async (n, s = en, t = window.sessionStorage, o = 1e4) => {
561
561
  const i = `${n}/.well-known/openid-configuration`, r = `oidc.server:${n}`, a = Ue(r, t, s);
562
562
  if (a)
@@ -702,7 +702,7 @@ async function ge(e, n, s, t = null) {
702
702
  );
703
703
  return await I(e.configuration, e.configurationName) || await P(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(r), null);
704
704
  }
705
- async function Oe(e, n = !1, s = null, t = null) {
705
+ async function Pe(e, n = !1, s = null, t = null) {
706
706
  const o = e.configuration, i = `${o.client_id}_${e.configurationName}_${o.authority}`;
707
707
  let r;
708
708
  const a = await I(e.configuration, e.configurationName);
@@ -726,7 +726,7 @@ const J = (e, n, s = null, t = null) => {
726
726
  const o = e.configuration.refresh_time_before_tokens_expiration_in_second;
727
727
  return e.timeoutId && U.clearTimeout(e.timeoutId), U.setTimeout(async () => {
728
728
  const r = { timeLeft: K(o, n) };
729
- e.publishEvent(N.eventNames.token_timer, r), await Oe(e, !1, s, t);
729
+ e.publishEvent(N.eventNames.token_timer, r), await Pe(e, !1, s, t);
730
730
  }, 1e3);
731
731
  }, W = {
732
732
  FORCE_REFRESH: "FORCE_REFRESH",
@@ -1056,7 +1056,7 @@ const J = (e, n, s = null, t = null) => {
1056
1056
  await p.logoutOtherTabAsync(s.client_id, f.sub);
1057
1057
  });
1058
1058
  };
1059
- e.checkSessionIFrame = new Ce(
1059
+ e.checkSessionIFrame = new Ne(
1060
1060
  d,
1061
1061
  o,
1062
1062
  t
@@ -1226,7 +1226,7 @@ const fn = () => {
1226
1226
  "tokens inside ServiceWorker are invalid"
1227
1227
  ), !1;
1228
1228
  }
1229
- }, Pe = (e) => {
1229
+ }, Ie = (e) => {
1230
1230
  const n = e.match(
1231
1231
  // eslint-disable-next-line no-useless-escape
1232
1232
  /^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
@@ -1249,13 +1249,13 @@ const fn = () => {
1249
1249
  hash: t
1250
1250
  };
1251
1251
  }, En = (e) => {
1252
- const n = Pe(e);
1252
+ const n = Ie(e);
1253
1253
  let { path: s } = n;
1254
1254
  s.endsWith("/") && (s = s.slice(0, -1));
1255
1255
  let { hash: t } = n;
1256
1256
  return t === "#_=_" && (t = ""), t && (s += t), s;
1257
1257
  }, ne = (e) => {
1258
- const n = Pe(e), { search: s } = n;
1258
+ const n = Ie(e), { search: s } = n;
1259
1259
  return hn(s);
1260
1260
  }, hn = (e) => {
1261
1261
  const n = {};
@@ -1349,7 +1349,7 @@ const fn = () => {
1349
1349
  const m = await Ye(window)(
1350
1350
  s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
1351
1351
  );
1352
- await P(e.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(m), A.DPoP = await ve(window)(
1352
+ await P(e.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(m), A.DPoP = await be(window)(
1353
1353
  s.demonstrating_proof_of_possession_configuration
1354
1354
  )(m, "POST", O);
1355
1355
  }
@@ -1489,7 +1489,7 @@ const fn = () => {
1489
1489
  o.open(`${c.endSessionEndpoint}${A}`);
1490
1490
  } else
1491
1491
  o.reload();
1492
- }, Ie = (e, n, s = !1) => async (...t) => {
1492
+ }, Ce = (e, n, s = !1) => async (...t) => {
1493
1493
  var f;
1494
1494
  const [o, i, ...r] = t, a = i ? { ...i } : { method: "GET" };
1495
1495
  let c = new Headers();
@@ -1523,7 +1523,7 @@ const fn = () => {
1523
1523
  t.authority,
1524
1524
  t.authority_configuration
1525
1525
  )).userInfoEndpoint, a = await (async () => {
1526
- const l = await Ie(fetch, e, s)(i);
1526
+ const l = await Ce(fetch, e, s)(i);
1527
1527
  return l.status !== 200 ? null : l.json();
1528
1528
  })();
1529
1529
  return e.userInfo = a, a;
@@ -1543,7 +1543,7 @@ const L = {}, Sn = (e, n = new q()) => (s, t = "default") => (L[t] || (L[t] = ne
1543
1543
  n.silent_redirect_uri && !n.silent_login_uri && (i = `${n.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
1544
1544
  let r = n.refresh_time_before_tokens_expiration_in_second ?? 120;
1545
1545
  r > 60 && (r = r - Math.floor(Math.random() * 40)), this.location = o ?? new q();
1546
- const a = n.service_worker_update_require_callback ?? Re(this.location);
1546
+ const a = n.service_worker_update_require_callback ?? $e(this.location);
1547
1547
  this.configuration = {
1548
1548
  ...n,
1549
1549
  silent_login_uri: i,
@@ -1687,13 +1687,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1687
1687
  }
1688
1688
  async generateDemonstrationOfProofOfPossessionAsync(n, s, t, o = {}) {
1689
1689
  const i = this.configuration, r = {
1690
- ath: await Ee(n),
1690
+ ath: await Oe(n),
1691
1691
  ...o
1692
1692
  };
1693
1693
  if (await I(i, this.configurationName))
1694
- return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
1694
+ return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Se(this.configurationName)}`;
1695
1695
  const c = P(this.configurationName, i.storage), l = await c.getDemonstratingProofOfPossessionJwkAsync(), d = c.getDemonstratingProofOfPossessionNonce();
1696
- return d && (r.nonce = d), await ve(window)(
1696
+ return d && (r.nonce = d), await be(window)(
1697
1697
  i.demonstrating_proof_of_possession_configuration
1698
1698
  )(l, t, s, r);
1699
1699
  }
@@ -1711,7 +1711,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1711
1711
  if (this.renewTokensPromise !== null)
1712
1712
  return this.renewTokensPromise;
1713
1713
  if (this.timeoutId)
1714
- return U.clearTimeout(this.timeoutId), this.renewTokensPromise = Oe(this, !0, n, s), this.renewTokensPromise.finally(() => {
1714
+ return U.clearTimeout(this.timeoutId), this.renewTokensPromise = Pe(this, !0, n, s), this.renewTokensPromise.finally(() => {
1715
1715
  this.renewTokensPromise = null;
1716
1716
  });
1717
1717
  }
@@ -1798,7 +1798,7 @@ const $ = class $ {
1798
1798
  return pe(o, n, s);
1799
1799
  }
1800
1800
  fetchWithTokens(n, s = !1) {
1801
- return Ie(n, this._oidc, s);
1801
+ return Ce(n, this._oidc, s);
1802
1802
  }
1803
1803
  async userInfoAsync(n = !1, s = !1) {
1804
1804
  return this._oidc.userInfoAsync(n, s);
package/dist/index.umd.cjs CHANGED
@@ -1,2 +1,2 @@
1
- (function(P,W){typeof exports=="object"&&typeof module<"u"?W(exports):typeof define=="function"&&define.amd?define(["exports"],W):(P=typeof globalThis<"u"?globalThis:P||self,W(P["oidc-client"]={}))})(this,function(P){"use strict";class W{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const le=2e3,$=console;class xe{constructor(n,s,t,o=le,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||le,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?($.debug(n),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){$.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const k={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},I=(e,n=sessionStorage)=>{const s=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},i=async y=>{n[`oidc.session_state.${e}`]=y},r=async()=>n[`oidc.session_state.${e}`],a=y=>{n[`oidc.nonce.${e}`]=y.nonce},c=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},l=()=>JSON.parse(n[`oidc.jwk.${e}`]),d=async()=>({nonce:n[`oidc.nonce.${e}`]}),u=async y=>{n[`oidc.dpop_nonce.${e}`]=y},_=()=>n[`oidc.dpop_nonce.${e}`],f=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,h={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:f,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:d,setLoginParams:y=>{h[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(h[e]||(h[e]=JSON.parse(y)),h[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:u,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:c,getDemonstratingProofOfPossessionJwkAsync:l}};var U=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(U||{});const We=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Le=e=>JSON.parse(We(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&De(e,".")===2?Le(e.split(".")[1]):null}catch(n){console.warn(n)}return null},De=(e,n)=>e.split(n).length-1,j={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Re(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const Z=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=Re(e,t,r);let l;e.expiresAt?l=e.expiresAt:s===j.access_token_invalid?l=c:s===j.id_token_invalid?l=a:l=a<c?a:c;const d={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:l,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const u=n.refreshToken;return{...d,refreshToken:u}}return d},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),Z(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=(e,n=0)=>e?M(n,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.getTokens())return null;for(;!_e(e.getTokens(),e.configuration.refresh_time_before_tokens_expiration_in_second)&&t>0;){if(e.configuration.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await G({milliseconds:n});t=t-1}return{isTokensValid:_e(e.getTokens()),tokens:e.getTokens(),numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},K=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.25.4";let ye=null,q;const G=({milliseconds:e})=>new Promise(n=>K.setTimeout(n,e)),ge=(e="/")=>{try{q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:q.signal}).catch(t=>{console.log(t)}),G({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},ke=()=>{q&&q.abort()},$e=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),Ue=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistration ${t?"successful":"failed"}`),await G({milliseconds:2e3}),e.reload()},Ke=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,s),s},E=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:Ke(n.configurationName)},[o.port2])}),C=async(e,n)=>{var b;const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.service_worker_register?t=await e.service_worker_register(s):(t=await navigator.serviceWorker.register(s),t.active&&t.waiting&&(console.log("Detected new service worker waiting, unregistering and reloading"),await((b=e.service_worker_update_require_callback)==null?void 0:b.call(e,t,ke))));try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await E(t)({type:"claim"})}catch(g){return console.warn(`Failed init ServiceWorker ${g.toString()}`),null}const o=async g=>E(t)({type:"clear",data:{status:g},configurationName:n}),i=async(g,S,x)=>{var Q;const m=await E(t)({type:"init",data:{oidcServerConfiguration:g,where:S,oidcConfiguration:{token_renew_mode:x.token_renew_mode,service_worker_convert_all_requests_to_cors:x.service_worker_convert_all_requests_to_cors}},configurationName:n}),L=m.version;return L!==he&&(console.warn(`Service worker ${L} version mismatch with js client version ${he}, unregistering and reloading`),await((Q=x.service_worker_update_require_callback)==null?void 0:Q.call(x,t,ke))),{tokens:ee(m.tokens,null,x.token_renew_mode),status:m.status}},r=(g="/")=>{ye==null&&(ye="not_null",ge(g))},a=g=>E(t)({type:"setSessionState",data:{sessionState:g},configurationName:n}),c=async()=>(await E(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,l=g=>(sessionStorage[`oidc.nonce.${n}`]=g.nonce,E(t)({type:"setNonce",data:{nonce:g},configurationName:n})),d=async()=>{let S=(await E(t)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}},u={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>$e(e.service_worker_keep_alive_path),setSessionStateAsync:a,getSessionStateAsync:c,setNonceAsync:l,getNonceAsync:d,setLoginParams:g=>{u[n]=g,localStorage[`oidc.login.${n}`]=JSON.stringify(g)},getLoginParams:()=>{const g=localStorage[`oidc.login.${n}`];return u[n]||(u[n]=JSON.parse(g)),u[n]},getStateAsync:async()=>{let S=(await E(t)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async g=>(sessionStorage[`oidc.state.${n}`]=g,E(t)({type:"setState",data:{state:g},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await E(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async g=>(sessionStorage[`oidc.code_verifier.${n}`]=g,E(t)({type:"setCodeVerifier",data:{codeVerifier:g},configurationName:n})),setDemonstratingProofOfPossessionNonce:async g=>{await E(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:g},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await E(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async g=>{const S=JSON.stringify(g);await E(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const g=await E(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return g.demonstratingProofOfPossessionJwkJson?JSON.parse(g.demonstratingProofOfPossessionJwkJson):null}}},F={},Fe=(e,n=window.sessionStorage,s)=>{if(!F[e]&&n){const o=n.getItem(e);o&&(F[e]=JSON.parse(o))}const t=1e3*s;return F[e]&&F[e].timestamp+t>Date.now()?F[e].result:null},Ve=(e,n,s=window.sessionStorage)=>{const t=Date.now();F[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function me(e){return new TextEncoder().encode(e)}function pe(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Me(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const ne=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),pe(n)};function we(e){return pe(Me(e))}const Je={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Be={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:we(JSON.stringify(s)),payload:we(JSON.stringify(t))},a=o.importKeyAlgorithm,c=!0,l=["sign"],d=await e.crypto.subtle.importKey("jwk",n,a,c,l),u=me(`${r.protected}.${r.payload}`),_=o.signAlgorithm,f=await e.crypto.subtle.sign(_,d,u);return r.signature=ne(new Uint8Array(f)),`${r.protected}.${r.payload}.${r.signature}`}},He={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},je={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,me(t));return ne(new Uint8Array(o))}},qe=e=>async n=>await He.generate(e)(n),Ae=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(Ge()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await je.thumbprint(e)(s,n.digestAlgorithm);return await Be.sign(e)(s,{kid:a},r,n)},Ge=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Se=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ye=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%se.length;n.push(se[t])}return n.join("")},te=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Se();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*se.length|0;return Ye(n)};function Xe(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function Te(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Xe(e)).then(t=>n(ne(new Uint8Array(t))),t=>s(t))})}const ze=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Se();return n?Te(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Qe=60*60,Ze=e=>async(n,s=Qe,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Fe(r,t,s);if(a)return new ae(a);const c=await J(e)(i,{},o);if(c.status!==200)return null;const l=await c.json();return Ve(r,l,t),new ae(l)},J=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},ve=e=>async(n,s,t=oe.refresh_token,o,i={},r=1e4)=>{const a={token:s,token_type_hint:t,client_id:o};for(const[u,_]of Object.entries(i))a[u]===void 0&&(a[u]=_);const c=[];for(const u in a){const _=encodeURIComponent(u),f=encodeURIComponent(a[u]);c.push(`${_}=${f}`)}const l=c.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:l},r)).status!==200?{success:!1}:{success:!0}},en=e=>async(n,s,t,o,i={},r,a=1e4)=>{for(const[f,h]of Object.entries(t))s[f]===void 0&&(s[f]=h);const c=[];for(const f in s){const h=encodeURIComponent(f),p=encodeURIComponent(s[f]);c.push(`${h}=${p}`)}const l=c.join("&"),d=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:l},a);if(d.status!==200)return{success:!1,status:d.status,demonstratingProofOfPossessionNonce:null};const u=await d.json();let _=null;return d.headers.has(Y)&&(_=d.headers.get(Y)),{success:!0,status:d.status,data:ee(u,o,r),demonstratingProofOfPossessionNonce:_}},nn=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await ze(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[a,c]of Object.entries(t))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${s}${r}`)},Y="DPoP-Nonce",sn=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const u in s){const _=encodeURIComponent(u),f=encodeURIComponent(s[u]);r.push(`${_}=${f}`)}const a=r.join("&"),c=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let l=null;c.headers.has(Y)&&(l=c.headers.get(Y));const d=await c.json();return{success:!0,data:{state:s.state,tokens:ee(d,null,o),demonstratingProofOfPossessionNonce:l}}};async function be(e,n,s,t=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await X(e)(o,0,n,s,t);return await C(e.configuration,e.configurationName)||await I(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function Ee(e,n=!1,s=null,t=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await C(e.configuration,e.configurationName);if((o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!a||!navigator.locks)r=await be(e,n,s,t);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async l=>l?await be(e,n,s,t):(e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=B(e,e.tokens.expiresAt,s,t)),e.tokens):null}const B=(e,n,s=null,t=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&K.clearTimeout(e.timeoutId),K.setTimeout(async()=>{const r={timeLeft:M(o,n)};e.publishEvent(N.eventNames.token_timer,r),await Ee(e,!1,s,t)},1e3)},D={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},tn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await C(n,s);if(c){const{status:u,tokens:_}=await c.initAsync(a,"syncTokensAsync",n);if(u==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(u==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!u||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const h=M(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",p=await c.getNonceAsync();return{tokens:_,status:h,nonce:p}}r=await c.getNonceAsync()}else{const u=I(s,n.storage??sessionStorage),_=await u.initAsync();let{tokens:f}=_;const{status:h}=_;if(f&&(f=Z(f,e.tokens,n.token_renew_mode)),f){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(f.issuedAt!==t.issuedAt){const w=M(n.refresh_time_before_tokens_expiration_in_second,f.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",T=await u.getNonceAsync();return{tokens:f,status:w,nonce:T}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await u.getNonceAsync()}const d=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:d,nonce:r}},X=e=>async(n,s=0,t=!1,o=null,i=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let r=6;for(;!navigator.onLine&&r>0;)await G({milliseconds:1e3}),r--,e.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden,c=a?s:s+1;if(s>4)return a?{tokens:e.tokens,status:"GIVE_UP"}:(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});o||(o={});const l=e.configuration,d=(_,f=null,h=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(_,f,h),u=async()=>{try{let _;const f=await C(l,e.configurationName);f?_=f.getLoginParams():_=I(e.configurationName,l.storage).getLoginParams();const h=await d({..._.extras,...o,prompt:"none",scope:i});return h?h.error?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(h.tokens),e.publishEvent(N.eventNames.token_renewed,{}),{tokens:h.tokens,status:"LOGGED"}):(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(_){return console.error(_),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:_.message}),await X(e)(n,c,t,o,i)}};try{const{status:_,tokens:f,nonce:h}=await tn(e)(l,e.configurationName,e.tokens,t);switch(_){case D.SESSION_LOST:return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case D.NOT_CONNECTED:return n(null),{tokens:null,status:null};case D.TOKENS_VALID:return n(f),{tokens:f,status:"LOGGED_IN"};case D.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(f),e.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:f,status:"LOGGED_IN"};case D.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(k.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case D.REQUIRE_SYNC_TOKENS:return l.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&D.FORCE_REFRESH!==_?(e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(k.refreshTokensAsync_begin,{tryNumber:s}),await u());default:{if(l.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&D.FORCE_REFRESH!==_)return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(k.refreshTokensAsync_begin,{refreshToken:f.refreshToken,status:_,tryNumber:s}),!f.refreshToken)return await u();const p=l.client_id,w=l.redirect_uri,T=l.authority,A={...l.token_request_extras?l.token_request_extras:{}};for(const[y,b]of Object.entries(o))y.endsWith(":token_request")&&(A[y.replace(":token_request","")]=b);return await(async()=>{const y={client_id:p,redirect_uri:w,grant_type:"refresh_token",refresh_token:f.refreshToken},b=await e.initAsync(T,l.authority_configuration),g=document.hidden?1e4:3e4*10,S=b.tokenEndpoint,x={};l.demonstrating_proof_of_possession&&(x.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(f.accessToken,S,"POST"));const m=await en(e.getFetch())(S,y,A,f,x,l.token_renew_mode,g);if(m.success){const{isValid:L,reason:Q}=de(m.data,h.nonce,b);if(!L)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${Q}`}),{tokens:null,status:"SESSION_LOST"};if(n(m.data),m.demonstratingProofOfPossessionNonce){const Ne=await C(l,e.configurationName);Ne?await Ne.setDemonstratingProofOfPossessionNonce(m.demonstratingProofOfPossessionNonce):await I(e.configurationName,l.storage).setDemonstratingProofOfPossessionNonce(m.demonstratingProofOfPossessionNonce)}return e.publishEvent(k.refreshTokensAsync_end,{success:m.success}),e.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:m.data,status:"LOGGED_IN"}}else return e.publishEvent(k.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:m}),m.status>=400&&m.status<500?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`session lost: ${m.status}`}),{tokens:null,status:"SESSION_LOST"}):await X(e)(n,c,t,o,i)})()}}}catch(_){return console.error(_),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exception",exception:_.message}),new Promise((f,h)=>{setTimeout(()=>{X(e)(n,c,t,o,i).then(f).catch(h)},1e3)})}},ie=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(k.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i!=null&&(t==null&&(t={}),t.scope=i),t!=null)for(const[u,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(u)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(u)}=${encodeURIComponent(_)}`;const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),l=a.substring(0,c),d=document.createElement("iframe");return d.width="0px",d.height="0px",d.id=`${e}_oidc_iframe`,d.setAttribute("src",a),document.body.appendChild(d),new Promise((u,_)=>{let f=!1;const h=()=>{window.removeEventListener("message",p),d.remove(),f=!0},p=w=>{if(w.origin===l&&w.source===d.contentWindow){const T=`${e}_oidc_tokens:`,O=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,v=w.data;if(v&&typeof v=="string"&&!f){if(v.startsWith(T)){const y=JSON.parse(w.data.replace(T,""));s(k.silentLoginAsync_end,{}),u(y),h()}else if(v.startsWith(O)){const y=JSON.parse(w.data.replace(O,""));s(k.silentLoginAsync_error,y),u({error:"oidc_"+y.error,tokens:null,sessionState:null}),h()}else if(v.startsWith(A)){const y=JSON.parse(w.data.replace(A,""));s(k.silentLoginAsync_error,y),_(new Error(y.error)),h()}}}};try{window.addEventListener("message",p);const w=n.silent_login_timeout;setTimeout(()=>{f||(h(),s(k.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},w)}catch(w){h(),s(k.silentLoginAsync_error,w),_(w)}})}catch(r){throw s(k.silentLoginAsync_error,r),r}},on=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const a=(l,d,u)=>ie(n,s,t.bind(o))(l,d,u);return(async()=>{o.timeoutId&&K.clearTimeout(o.timeoutId);let l;i&&"state"in i&&(l=i.state,delete i.state);try{const d=s.extras?{...s.extras,...i}:i,u=await a({...d,prompt:"none"},l,r);if(u)return o.tokens=u.tokens,t(k.token_acquired,{}),o.timeoutId=B(o,o.tokens.expiresAt,i,r),{}}catch(d){return d}})()},rn=(e,n,s)=>(t,o,i,r=!1)=>{const a=(c,l=void 0,d=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(c,l,d);return new Promise((c,l)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const d=()=>{e.checkSessionIFrame.stop();const u=e.tokens;if(u===null)return;const _=u.idToken,f=u.idTokenPayload;return a({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(h=>{if(h.error)throw new Error(h.error);const p=h.tokens.idTokenPayload;if(f.sub===p.sub){const w=h.sessionState;e.checkSessionIFrame.start(h.sessionState),f.sid===p.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",w):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",w)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",p.sub)}).catch(async h=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",h);for(const[,p]of Object.entries(n))await p.logoutOtherTabAsync(s.client_id,f.sub)})};e.checkSessionIFrame=new xe(d,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(u=>{l(u)})}else c(null)})},an=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),cn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(s)){o=c.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function ln(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const un=()=>{const{name:e,version:n}=ln();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=cn(navigator);return!an(s)},_n=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(k.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await C(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=B(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.checkSessionIframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(k.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=I(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Z(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=B(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.checkSessionIframe,s.client_id,a),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Oe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},fn=e=>{const n=Oe(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},z=e=>{const n=Oe(e),{search:s}=n;return dn(s)},dn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},hn=(e,n,s,t,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const l=r;return r={...r},(async()=>{const u=i||o.getPath();if("state"in r||(r.state=te(16)),s(k.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const f=n.extras?{...n.extras,...r}:r;f.nonce||(f.nonce=te(12));const h={nonce:f.nonce},p=await C(n,e),w=await t(n.authority,n.authority_configuration);let T;if(p)p.setLoginParams({callbackPath:u,extras:l,scope:c}),await p.initAsync(w,"loginAsync",n),await p.setNonceAsync(h),p.startKeepAliveServiceWorker(),T=p;else{const A=I(e,n.storage??sessionStorage);A.setLoginParams({callbackPath:u,extras:l,scope:c}),await A.setNonceAsync(h),T=A}const O={client_id:n.client_id,redirect_uri:_,scope:c,response_type:"code",...f};await nn(T,o)(w.authorizationEndpoint,O)}catch(_){throw s(k.loginAsync_error,_),_}})()},yn=e=>async(n=!1)=>{try{e.publishEvent(k.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,a=await e.initAsync(i,s.authority_configuration),c=e.location.getCurrentHref(),l=z(c),d=l.session_state,u=await C(s,e.configurationName);let _,f,h,p;if(u)await u.initAsync(a,"loginCallbackAsync",s),await u.setSessionStateAsync(d),f=await u.getNonceAsync(),h=u.getLoginParams(),p=await u.getStateAsync(),u.startKeepAliveServiceWorker(),_=u;else{const m=I(e.configurationName,s.storage??sessionStorage);await m.setSessionStateAsync(d),f=await m.getNonceAsync(),h=m.getLoginParams(),p=await m.getStateAsync(),_=m}if(l.error||l.error_description)throw new Error(`Error from OIDC server: ${l.error} - ${l.error_description}`);if(l.iss&&l.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${l.iss})`);if(l.state&&l.state!==p)throw new Error(`State not valid (expected: ${p}, received: ${l.state})`);const w={code:l.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},T={};if(s.token_request_extras)for(const[m,L]of Object.entries(s.token_request_extras))T[m]=L;if(h!=null&&h.extras)for(const[m,L]of Object.entries(h.extras))m.endsWith(":token_request")&&(T[m.replace(":token_request","")]=L);const O=a.tokenEndpoint,A={};if(s.demonstrating_proof_of_possession)if(u)A.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const m=await qe(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await I(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(m),A.DPoP=await Ae(window)(s.demonstrating_proof_of_possession_configuration)(m,"POST",O)}const v=await sn(_)(O,{...w,...T},A,e.configuration.token_renew_mode,r);if(!v.success)throw new Error("Token request failed");let y;const b=v.data.tokens,g=v.data.demonstratingProofOfPossessionNonce;if(v.data.state!==T.state)throw new Error("state is not valid");const{isValid:S,reason:x}=de(b,f.nonce,a);if(!S)throw new Error(`Tokens are not OpenID valid, reason: ${x}`);if(u){if(b.refreshToken&&!b.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(g&&(b!=null&&b.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(u)await u.initAsync(a,"syncTokensAsync",s),y=u.getLoginParams(),g&&await u.setDemonstratingProofOfPossessionNonce(g);else{const m=I(e.configurationName,s.storage);y=m.getLoginParams(),g&&await m.setDemonstratingProofOfPossessionNonce(g)}return await e.startCheckSessionAsync(a.checkSessionIframe,t,d,n),e.publishEvent(k.loginCallbackAsync_end,{}),{tokens:b,state:"request.state",callbackPath:y.callbackPath,scope:l.scope,extras:y.extras}}catch(s){throw console.error(s),e.publishEvent(k.loginCallbackAsync_error,s),s}},Pe={access_token:"access_token",refresh_token:"refresh_token"},re=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},gn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},kn=e=>async n=>{K.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await C(e.configuration,e.configurationName);s?await s.clearAsync(n):await I(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},mn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{var T,O;const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const l=i??o.getPath();let d=!1;i&&(d=i.includes("https://")||i.includes("http://"));const u=d?i:o.getOrigin()+l,_=e.tokens?e.tokens.idToken:"";try{const A=c.revocationEndpoint;if(A){const v=[],y=e.tokens?e.tokens.accessToken:null;if(y&&a.logout_tokens_to_invalidate.includes(Pe.access_token)){const g=re(r,":revoke_access_token"),S=ve(s)(A,y,oe.access_token,a.client_id,g);v.push(S)}const b=e.tokens?e.tokens.refreshToken:null;if(b&&a.logout_tokens_to_invalidate.includes(Pe.refresh_token)){const g=re(r,":revoke_refresh_token"),S=ve(s)(A,b,oe.refresh_token,a.client_id,g);v.push(S)}v.length>0&&await Promise.all(v)}}catch(A){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(A)}const f=((O=(T=e.tokens)==null?void 0:T.idTokenPayload)==null?void 0:O.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,f):e.publishEvent(k.logout_from_same_tab,{});const h=re(r,":oidc");if(h&&h.no_reload==="true")return;const w=gn(r);if(c.endSessionEndpoint){"id_token_hint"in w||(w.id_token_hint=_),!("post_logout_redirect_uri"in w)&&i!==null&&(w.post_logout_redirect_uri=u);let A="";for(const[v,y]of Object.entries(w))y!=null&&(A===""?A+="?":A+="&",A+=`${v}=${encodeURIComponent(y)}`);o.open(`${c.endSessionEndpoint}${A}`)}else o.reload()},Ie=(e,n,s=!1)=>async(...t)=>{var f;const[o,i,...r]=t,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const l={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:n.renewTokensAsync.bind(n)},d=await fe(l),u=(f=d==null?void 0:d.tokens)==null?void 0:f.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),u){if(n.configuration.demonstrating_proof_of_possession&&s){const h=await n.generateDemonstrationOfProofOfPossessionAsync(u,o.toString(),a.method);c.set("Authorization",`DPoP ${u}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${u}`);a.credentials||(a.credentials="same-origin")}const _={...a,headers:c};return await e(o,_,...r)},pn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,a=await(async()=>{const l=await Ie(fetch,e,s)(i);return l.status!==200?null:l.json()})();return e.userInfo=a,a},Ce=()=>fetch;class ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const R={},wn=(e,n=new W)=>(s,t="default")=>(R[t]||(R[t]=new N(s,t,e,n)),R[t]),An=async e=>{const{parsedTokens:n,callbackPath:s,extras:t,scope:o}=await e.loginCallbackAsync();return e.timeoutId=B(e,n.expiresAt,t,o),{callbackPath:s}},Sn=e=>Math.floor(Math.random()*e),H=class H{constructor(n,s="default",t,o=new W){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new W;const a=n.service_worker_update_require_callback??Ue(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??U.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??j.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:a,service_worker_activate:n.service_worker_activate??un,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Je,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ce,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(R,n)&&s)throw Error(`OIDC library does seem initialized.
2
- Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return R[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=z(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=z(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await C(this.configuration,this.configurationName)?window.sessionStorage:null;return await Ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=_n(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await rn(this,R,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=on(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):this.loginPromise=hn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await yn(this)(n),o=t.tokens;return this.tokens=o,await C(this.configuration,this.configurationName)||I(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(H.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath,scope:t.scope,extras:t.extras}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await Te(n),...o};if(await C(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;const c=I(this.configurationName,i.storage),l=await c.getDemonstratingProofOfPossessionJwkAsync(),d=c.getDemonstratingProofOfPossessionNonce();return d&&(r.nonce=d),await Ae(window)(i.demonstrating_proof_of_possession_configuration)(l,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=An(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,s=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=pn(this)(n,s),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,s=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return K.clearTimeout(this.timeoutId),this.renewTokensPromise=Ee(this,!0,n,s),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await kn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=mn(this,R,this.getFetch(),console,this.location)(n,s),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};H.getOrCreate=(n,s)=>(t,o="default")=>wn(n,s)(t,o),H.eventNames=k;let N=H;const V=class V{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new V(N.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,s=null){return this._oidc.renewTokensAsync(n,s)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t,o)}async getValidTokenAsync(n=200,s=50){const t=this._oidc,o={getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:t.renewTokensAsync.bind(t)};return fe(o,n,s)}fetchWithTokens(n,s=!1){return Ie(n,this._oidc,s)}async userInfoAsync(n=!1,s=!1){return this._oidc.userInfoAsync(n,s)}userInfo(){return this._oidc.userInfo}};V.getOrCreate=(n,s=new W)=>(t,o="default")=>new V(N.getOrCreate(n,s)(t,o)),V.eventNames=N.eventNames;let ce=V;P.OidcClient=ce,P.OidcLocation=W,P.TokenAutomaticRenewMode=U,P.TokenRenewMode=j,P.getFetchDefault=Ce,P.getParseQueryStringFromLocation=z,P.getPath=fn,Object.defineProperty(P,Symbol.toStringTag,{value:"Module"})});
1
+ (function(P,W){typeof exports=="object"&&typeof module<"u"?W(exports):typeof define=="function"&&define.amd?define(["exports"],W):(P=typeof globalThis<"u"?globalThis:P||self,W(P["oidc-client"]={}))})(this,function(P){"use strict";class W{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const le=2e3,$=console;class We{constructor(n,s,t,o=le,i=!0){this._callback=n,this._client_id=s,this._url=t,this._interval=o||le,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?($.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?($.debug(n),$.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):$.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){$.debug("CheckSessionIFrame.start :"+n),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&($.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const k={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},I=(e,n=sessionStorage)=>{const s=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),Promise.resolve()),t=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},i=async y=>{n[`oidc.session_state.${e}`]=y},r=async()=>n[`oidc.session_state.${e}`],a=y=>{n[`oidc.nonce.${e}`]=y.nonce},c=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},l=()=>JSON.parse(n[`oidc.jwk.${e}`]),d=async()=>({nonce:n[`oidc.nonce.${e}`]}),u=async y=>{n[`oidc.dpop_nonce.${e}`]=y},_=()=>n[`oidc.dpop_nonce.${e}`],f=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,h={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:f,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:d,setLoginParams:y=>{h[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(h[e]||(h[e]=JSON.parse(y)),h[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:u,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:c,getDemonstratingProofOfPossessionJwkAsync:l}};var U=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(U||{});const Le=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),De=e=>JSON.parse(Le(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ue=e=>{try{return e&&Re(e,".")===2?De(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Re=(e,n)=>e.split(n).length-1,j={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function $e(e,n,s){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return e.issuedAt}const Z=(e,n=null,s)=>{if(!e)return null;let t;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?t=e.accessTokenPayload:t=ue(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ue(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=t&&t.exp?t.exp:e.issuedAt+o;e.issuedAt=$e(e,t,r);let l;e.expiresAt?l=e.expiresAt:s===j.access_token_invalid?l=c:s===j.id_token_invalid?l=a:l=a<c?a:c;const d={...e,idTokenPayload:r,accessTokenPayload:t,expiresAt:l,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const u=n.refreshToken;return{...d,refreshToken:u}}return d},ee=(e,n,s)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const t={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(t.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(t.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(t.idTokenPayload=e.idTokenPayload),Z(t,n,s)},M=(e,n)=>{const s=new Date().getTime()/1e3,t=n-s;return Math.round(t-e)},_e=(e,n=0)=>e?M(n,e.expiresAt)>0:!1,fe=async(e,n=200,s=50)=>{let t=s;if(!e.getTokens())return null;for(;!_e(e.getTokens(),e.configuration.refresh_time_before_tokens_expiration_in_second)&&t>0;){if(e.configuration.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await G({milliseconds:n});t=t-1}return{isTokensValid:_e(e.getTokens()),tokens:e.getTokens(),numberWaited:t-s}},de=(e,n,s)=>{if(e.idTokenPayload){const t=e.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},K=function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}}(),he="7.25.6";let ye=null,q;const G=({milliseconds:e})=>new Promise(n=>K.setTimeout(n,e)),ge=(e="/")=>{try{q=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:q.signal}).catch(t=>{console.log(t)}),G({milliseconds:150*1e3}).then(ge)}catch(n){console.log(n)}},ke=()=>{q&&q.abort()},Ue=(e="/")=>fetch(`${e}OidcKeepAliveServiceWorker.json`,{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),Ke=e=>async(n,s)=>{s(),await n.update();const t=await n.unregister();console.log(`Service worker unregistration ${t?"successful":"failed"}`),await G({milliseconds:2e3}),e.reload()},me=e=>{const n=sessionStorage.getItem(`oidc.tabId.${e}`);if(n)return n;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(`oidc.tabId.${e}`,s),s},E=e=>n=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i!=null&&i.data.error?t(i.data.error):s(i.data),o.port1.close(),o.port2.close()},e.active.postMessage({...n,tabId:me(n.configurationName)},[o.port2])}),C=async(e,n)=>{var b;const s=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!s||e.service_worker_activate()===!1)return null;let t=null;e.service_worker_register?t=await e.service_worker_register(s):(t=await navigator.serviceWorker.register(s),t.active&&t.waiting&&(console.log("Detected new service worker waiting, unregistering and reloading"),await((b=e.service_worker_update_require_callback)==null?void 0:b.call(e,t,ke))));try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||await E(t)({type:"claim"})}catch(g){return console.warn(`Failed init ServiceWorker ${g.toString()}`),null}const o=async g=>E(t)({type:"clear",data:{status:g},configurationName:n}),i=async(g,S,x)=>{var Q;const m=await E(t)({type:"init",data:{oidcServerConfiguration:g,where:S,oidcConfiguration:{token_renew_mode:x.token_renew_mode,service_worker_convert_all_requests_to_cors:x.service_worker_convert_all_requests_to_cors}},configurationName:n}),L=m.version;return L!==he&&(console.warn(`Service worker ${L} version mismatch with js client version ${he}, unregistering and reloading`),await((Q=x.service_worker_update_require_callback)==null?void 0:Q.call(x,t,ke))),{tokens:ee(m.tokens,null,x.token_renew_mode),status:m.status}},r=(g="/")=>{ye==null&&(ye="not_null",ge(g))},a=g=>E(t)({type:"setSessionState",data:{sessionState:g},configurationName:n}),c=async()=>(await E(t)({type:"getSessionState",data:null,configurationName:n})).sessionState,l=g=>(sessionStorage[`oidc.nonce.${n}`]=g.nonce,E(t)({type:"setNonce",data:{nonce:g},configurationName:n})),d=async()=>{let S=(await E(t)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:S}},u={};return{clearAsync:o,initAsync:i,startKeepAliveServiceWorker:()=>r(e.service_worker_keep_alive_path),isServiceWorkerProxyActiveAsync:()=>Ue(e.service_worker_keep_alive_path),setSessionStateAsync:a,getSessionStateAsync:c,setNonceAsync:l,getNonceAsync:d,setLoginParams:g=>{u[n]=g,localStorage[`oidc.login.${n}`]=JSON.stringify(g)},getLoginParams:()=>{const g=localStorage[`oidc.login.${n}`];return u[n]||(u[n]=JSON.parse(g)),u[n]},getStateAsync:async()=>{let S=(await E(t)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage")),S},setStateAsync:async g=>(sessionStorage[`oidc.state.${n}`]=g,E(t)({type:"setState",data:{state:g},configurationName:n})),getCodeVerifierAsync:async()=>{let S=(await E(t)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),S},setCodeVerifierAsync:async g=>(sessionStorage[`oidc.code_verifier.${n}`]=g,E(t)({type:"setCodeVerifier",data:{codeVerifier:g},configurationName:n})),setDemonstratingProofOfPossessionNonce:async g=>{await E(t)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:g},configurationName:n})},getDemonstratingProofOfPossessionNonce:async()=>(await E(t)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:async g=>{const S=JSON.stringify(g);await E(t)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:S},configurationName:n})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const g=await E(t)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return g.demonstratingProofOfPossessionJwkJson?JSON.parse(g.demonstratingProofOfPossessionJwkJson):null}}},F={},Fe=(e,n=window.sessionStorage,s)=>{if(!F[e]&&n){const o=n.getItem(e);o&&(F[e]=JSON.parse(o))}const t=1e3*s;return F[e]&&F[e].timestamp+t>Date.now()?F[e].result:null},Ve=(e,n,s=window.sessionStorage)=>{const t=Date.now();F[e]={result:n,timestamp:t},s&&s.setItem(e,JSON.stringify({result:n,timestamp:t}))};function pe(e){return new TextEncoder().encode(e)}function we(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Me(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(s,t){return String.fromCharCode(parseInt(t,16))})}const ne=e=>{let n="";return e.forEach(function(s){n+=String.fromCharCode(s)}),we(n)};function Ae(e){return we(Me(e))}const Je={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},Be={sign:e=>async(n,s,t,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),s.typ=i,s.alg=o.jwtHeaderAlgorithm,s.alg){case"ES256":s.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":s.jwk={kty:n.kty,n:n.n,e:n.e,kid:s.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:Ae(JSON.stringify(s)),payload:Ae(JSON.stringify(t))},a=o.importKeyAlgorithm,c=!0,l=["sign"],d=await e.crypto.subtle.importKey("jwk",n,a,c,l),u=pe(`${r.protected}.${r.payload}`),_=o.signAlgorithm,f=await e.crypto.subtle.sign(_,d,u);return r.signature=ne(new Uint8Array(f)),`${r.protected}.${r.payload}.${r.signature}`}},He={generate:e=>async n=>{const s=n,t=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(s,t,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},je={thumbprint:e=>async(n,s)=>{let t;switch(n.kty){case"EC":t='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":t='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(s,pe(t));return ne(new Uint8Array(o))}},qe=e=>async n=>await He.generate(e)(n),Se=e=>n=>async(s,t="POST",o,i={})=>{const r={jti:btoa(Ge()),htm:t,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await je.thumbprint(e)(s,n.digestAlgorithm);return await Be.sign(e)(s,{kid:a},r,n)},Ge=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(s=Math.random()*16|0),e[o]==="x"?t+=n[s]:e[o]==="y"?(s&=3,s|=8,t+=n[s]):t+=e[o];return t},Te=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Ye=e=>{const n=[];for(let s=0;s<e.byteLength;s+=1){const t=e[s]%se.length;n.push(se[t])}return n.join("")},te=e=>{const n=new Uint8Array(e),{hasCrypto:s}=Te();if(s)window.crypto.getRandomValues(n);else for(let t=0;t<e;t+=1)n[t]=Math.random()*se.length|0;return Ye(n)};function Xe(e){const n=new ArrayBuffer(e.length),s=new Uint8Array(n);for(let t=0;t<e.length;t++)s[t]=e.charCodeAt(t);return s}function ve(e){return new Promise((n,s)=>{crypto.subtle.digest("SHA-256",Xe(e)).then(t=>n(ne(new Uint8Array(t))),t=>s(t))})}const ze=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Te();return n?ve(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},Qe=60*60,Ze=e=>async(n,s=Qe,t=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Fe(r,t,s);if(a)return new ae(a);const c=await J(e)(i,{},o);if(c.status!==200)return null;const l=await c.json();return Ve(r,l,t),new ae(l)},J=e=>async(n,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await e(n,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await J(e)(n,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},be=e=>async(n,s,t=oe.refresh_token,o,i={},r=1e4)=>{const a={token:s,token_type_hint:t,client_id:o};for(const[u,_]of Object.entries(i))a[u]===void 0&&(a[u]=_);const c=[];for(const u in a){const _=encodeURIComponent(u),f=encodeURIComponent(a[u]);c.push(`${_}=${f}`)}const l=c.join("&");return(await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:l},r)).status!==200?{success:!1}:{success:!0}},en=e=>async(n,s,t,o,i={},r,a=1e4)=>{for(const[f,h]of Object.entries(t))s[f]===void 0&&(s[f]=h);const c=[];for(const f in s){const h=encodeURIComponent(f),p=encodeURIComponent(s[f]);c.push(`${h}=${p}`)}const l=c.join("&"),d=await J(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:l},a);if(d.status!==200)return{success:!1,status:d.status,demonstratingProofOfPossessionNonce:null};const u=await d.json();let _=null;return d.headers.has(Y)&&(_=d.headers.get(Y)),{success:!0,status:d.status,data:ee(u,o,r),demonstratingProofOfPossessionNonce:_}},nn=(e,n)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await ze(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[a,c]of Object.entries(t))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${s}${r}`)},Y="DPoP-Nonce",sn=e=>async(n,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const u in s){const _=encodeURIComponent(u),f=encodeURIComponent(s[u]);r.push(`${_}=${f}`)}const a=r.join("&"),c=await J(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let l=null;c.headers.has(Y)&&(l=c.headers.get(Y));const d=await c.json();return{success:!0,data:{state:s.state,tokens:ee(d,null,o),demonstratingProofOfPossessionNonce:l}}};async function Ee(e,n,s,t=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await X(e)(o,0,n,s,t);return await C(e.configuration,e.configurationName)||await I(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function Oe(e,n=!1,s=null,t=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await C(e.configuration,e.configurationName);if((o==null?void 0:o.storage)===(window==null?void 0:window.sessionStorage)&&!a||!navigator.locks)r=await Ee(e,n,s,t);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async l=>l?await Ee(e,n,s,t):(e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=B(e,e.tokens.expiresAt,s,t)),e.tokens):null}const B=(e,n,s=null,t=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&K.clearTimeout(e.timeoutId),K.setTimeout(async()=>{const r={timeLeft:M(o,n)};e.publishEvent(N.eventNames.token_timer,r),await Oe(e,!1,s,t)},1e3)},D={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS"},tn=e=>async(n,s,t,o=!1)=>{const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await C(n,s);if(c){const{status:u,tokens:_}=await c.initAsync(a,"syncTokensAsync",n);if(u==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(u==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!u||!_)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(_.issuedAt!==t.issuedAt){const h=M(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",p=await c.getNonceAsync();return{tokens:_,status:h,nonce:p}}r=await c.getNonceAsync()}else{const u=I(s,n.storage??sessionStorage),_=await u.initAsync();let{tokens:f}=_;const{status:h}=_;if(f&&(f=Z(f,e.tokens,n.token_renew_mode)),f){if(h==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(f.issuedAt!==t.issuedAt){const w=M(n.refresh_time_before_tokens_expiration_in_second,f.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",T=await u.getNonceAsync();return{tokens:f,status:w,nonce:T}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await u.getNonceAsync()}const d=M(n.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:d,nonce:r}},X=e=>async(n,s=0,t=!1,o=null,i=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let r=6;for(;!navigator.onLine&&r>0;)await G({milliseconds:1e3}),r--,e.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});const a=document.hidden,c=a?s:s+1;if(s>4)return a?{tokens:e.tokens,status:"GIVE_UP"}:(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"});o||(o={});const l=e.configuration,d=(_,f=null,h=null)=>ie(e.configurationName,e.configuration,e.publishEvent.bind(e))(_,f,h),u=async()=>{try{let _;const f=await C(l,e.configurationName);f?_=f.getLoginParams():_=I(e.configurationName,l.storage).getLoginParams();const h=await d({..._.extras,...o,prompt:"none",scope:i});return h?h.error?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(h.tokens),e.publishEvent(N.eventNames.token_renewed,{}),{tokens:h.tokens,status:"LOGGED"}):(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(_){return console.error(_),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:_.message}),await X(e)(n,c,t,o,i)}};try{const{status:_,tokens:f,nonce:h}=await tn(e)(l,e.configurationName,e.tokens,t);switch(_){case D.SESSION_LOST:return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case D.NOT_CONNECTED:return n(null),{tokens:null,status:null};case D.TOKENS_VALID:return n(f),{tokens:f,status:"LOGGED_IN"};case D.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(f),e.publishEvent(N.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:f,status:"LOGGED_IN"};case D.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(k.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case D.REQUIRE_SYNC_TOKENS:return l.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&D.FORCE_REFRESH!==_?(e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(k.refreshTokensAsync_begin,{tryNumber:s}),await u());default:{if(l.token_automatic_renew_mode==U.AutomaticOnlyWhenFetchExecuted&&D.FORCE_REFRESH!==_)return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(k.refreshTokensAsync_begin,{refreshToken:f.refreshToken,status:_,tryNumber:s}),!f.refreshToken)return await u();const p=l.client_id,w=l.redirect_uri,T=l.authority,A={...l.token_request_extras?l.token_request_extras:{}};for(const[y,b]of Object.entries(o))y.endsWith(":token_request")&&(A[y.replace(":token_request","")]=b);return await(async()=>{const y={client_id:p,redirect_uri:w,grant_type:"refresh_token",refresh_token:f.refreshToken},b=await e.initAsync(T,l.authority_configuration),g=document.hidden?1e4:3e4*10,S=b.tokenEndpoint,x={};l.demonstrating_proof_of_possession&&(x.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(f.accessToken,S,"POST"));const m=await en(e.getFetch())(S,y,A,f,x,l.token_renew_mode,g);if(m.success){const{isValid:L,reason:Q}=de(m.data,h.nonce,b);if(!L)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${Q}`}),{tokens:null,status:"SESSION_LOST"};if(n(m.data),m.demonstratingProofOfPossessionNonce){const xe=await C(l,e.configurationName);xe?await xe.setDemonstratingProofOfPossessionNonce(m.demonstratingProofOfPossessionNonce):await I(e.configurationName,l.storage).setDemonstratingProofOfPossessionNonce(m.demonstratingProofOfPossessionNonce)}return e.publishEvent(k.refreshTokensAsync_end,{success:m.success}),e.publishEvent(N.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:m.data,status:"LOGGED_IN"}}else return e.publishEvent(k.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:m}),m.status>=400&&m.status<500?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`session lost: ${m.status}`}),{tokens:null,status:"SESSION_LOST"}):await X(e)(n,c,t,o,i)})()}}}catch(_){return console.error(_),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exception",exception:_.message}),new Promise((f,h)=>{setTimeout(()=>{X(e)(n,c,t,o,i).then(f).catch(h)},1e3)})}},ie=(e,n,s)=>(t=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{s(k.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i!=null&&(t==null&&(t={}),t.scope=i),t!=null)for(const[u,_]of Object.entries(t))r===""?r=`?${encodeURIComponent(u)}=${encodeURIComponent(_)}`:r+=`&${encodeURIComponent(u)}=${encodeURIComponent(_)}`;const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),l=a.substring(0,c),d=document.createElement("iframe");return d.width="0px",d.height="0px",d.id=`${e}_oidc_iframe`,d.setAttribute("src",a),document.body.appendChild(d),new Promise((u,_)=>{let f=!1;const h=()=>{window.removeEventListener("message",p),d.remove(),f=!0},p=w=>{if(w.origin===l&&w.source===d.contentWindow){const T=`${e}_oidc_tokens:`,O=`${e}_oidc_error:`,A=`${e}_oidc_exception:`,v=w.data;if(v&&typeof v=="string"&&!f){if(v.startsWith(T)){const y=JSON.parse(w.data.replace(T,""));s(k.silentLoginAsync_end,{}),u(y),h()}else if(v.startsWith(O)){const y=JSON.parse(w.data.replace(O,""));s(k.silentLoginAsync_error,y),u({error:"oidc_"+y.error,tokens:null,sessionState:null}),h()}else if(v.startsWith(A)){const y=JSON.parse(w.data.replace(A,""));s(k.silentLoginAsync_error,y),_(new Error(y.error)),h()}}}};try{window.addEventListener("message",p);const w=n.silent_login_timeout;setTimeout(()=>{f||(h(),s(k.silentLoginAsync_error,{reason:"timeout"}),_(new Error("timeout")))},w)}catch(w){h(),s(k.silentLoginAsync_error,w),_(w)}})}catch(r){throw s(k.silentLoginAsync_error,r),r}},on=(e,n,s,t,o)=>(i=null,r=void 0)=>{i={...i};const a=(l,d,u)=>ie(n,s,t.bind(o))(l,d,u);return(async()=>{o.timeoutId&&K.clearTimeout(o.timeoutId);let l;i&&"state"in i&&(l=i.state,delete i.state);try{const d=s.extras?{...s.extras,...i}:i,u=await a({...d,prompt:"none"},l,r);if(u)return o.tokens=u.tokens,t(k.token_acquired,{}),o.timeoutId=B(o,o.tokens.expiresAt,i,r),{}}catch(d){return d}})()},rn=(e,n,s)=>(t,o,i,r=!1)=>{const a=(c,l=void 0,d=void 0)=>ie(e.configurationName,s,e.publishEvent.bind(e))(c,l,d);return new Promise((c,l)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const d=()=>{e.checkSessionIFrame.stop();const u=e.tokens;if(u===null)return;const _=u.idToken,f=u.idTokenPayload;return a({prompt:"none",id_token_hint:_,scope:s.scope||"openid"}).then(h=>{if(h.error)throw new Error(h.error);const p=h.tokens.idTokenPayload;if(f.sub===p.sub){const w=h.sessionState;e.checkSessionIFrame.start(h.sessionState),f.sid===p.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",w):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",w)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",p.sub)}).catch(async h=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",h);for(const[,p]of Object.entries(n))await p.logoutOtherTabAsync(s.client_id,f.sub)})};e.checkSessionIFrame=new We(d,o,t),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(u=>{l(u)})}else c(null)})},an=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),cn=e=>{const n=e.appVersion,s=e.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(s)){o=c.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function ln(){const e=navigator.userAgent;let n,s=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(s[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let t=n[1];if(!t){const o=e.split(n[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&s.splice(1,1,n[1]),{name:s[0].toLowerCase(),version:s[1]}}const un=()=>{const{name:e,version:n}=ln();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const s=cn(navigator);return!an(s)},_n=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(k.tryKeepExistingSessionAsync_begin,{});try{const s=e.configuration,t=await e.initAsync(s.authority,s.authority_configuration);if(n=await C(s,e.configurationName),n){const{tokens:o}=await n.initAsync(t,"tryKeepExistingSessionAsync",s);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=B(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(t.checkSessionIframe,s.client_id,r),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{s.service_worker_relative_url&&e.publishEvent(k.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=I(e.configurationName,s.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=Z(i,null,s.token_renew_mode);const r=o.getLoginParams();e.timeoutId=B(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(t.checkSessionIframe,s.client_id,a),s.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(s){return console.error(s),n&&await n.clearAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Pe=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let s=n[6],t=n[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:s,hash:t}},fn=e=>{const n=Pe(e);let{path:s}=n;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=n;return t==="#_=_"&&(t=""),t&&(s+=t),s},z=e=>{const n=Pe(e),{search:s}=n;return dn(s)},dn=e=>{const n={};let s,t,o;const i=e.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),n[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return n},hn=(e,n,s,t,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const l=r;return r={...r},(async()=>{const u=i||o.getPath();if("state"in r||(r.state=te(16)),s(k.loginAsync_begin,{}),r)for(const _ of Object.keys(r))_.endsWith(":token_request")&&delete r[_];try{const _=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const f=n.extras?{...n.extras,...r}:r;f.nonce||(f.nonce=te(12));const h={nonce:f.nonce},p=await C(n,e),w=await t(n.authority,n.authority_configuration);let T;if(p)p.setLoginParams({callbackPath:u,extras:l,scope:c}),await p.initAsync(w,"loginAsync",n),await p.setNonceAsync(h),p.startKeepAliveServiceWorker(),T=p;else{const A=I(e,n.storage??sessionStorage);A.setLoginParams({callbackPath:u,extras:l,scope:c}),await A.setNonceAsync(h),T=A}const O={client_id:n.client_id,redirect_uri:_,scope:c,response_type:"code",...f};await nn(T,o)(w.authorizationEndpoint,O)}catch(_){throw s(k.loginAsync_error,_),_}})()},yn=e=>async(n=!1)=>{try{e.publishEvent(k.loginCallbackAsync_begin,{});const s=e.configuration,t=s.client_id,o=n?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,a=await e.initAsync(i,s.authority_configuration),c=e.location.getCurrentHref(),l=z(c),d=l.session_state,u=await C(s,e.configurationName);let _,f,h,p;if(u)await u.initAsync(a,"loginCallbackAsync",s),await u.setSessionStateAsync(d),f=await u.getNonceAsync(),h=u.getLoginParams(),p=await u.getStateAsync(),u.startKeepAliveServiceWorker(),_=u;else{const m=I(e.configurationName,s.storage??sessionStorage);await m.setSessionStateAsync(d),f=await m.getNonceAsync(),h=m.getLoginParams(),p=await m.getStateAsync(),_=m}if(l.error||l.error_description)throw new Error(`Error from OIDC server: ${l.error} - ${l.error_description}`);if(l.iss&&l.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${l.iss})`);if(l.state&&l.state!==p)throw new Error(`State not valid (expected: ${p}, received: ${l.state})`);const w={code:l.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},T={};if(s.token_request_extras)for(const[m,L]of Object.entries(s.token_request_extras))T[m]=L;if(h!=null&&h.extras)for(const[m,L]of Object.entries(h.extras))m.endsWith(":token_request")&&(T[m.replace(":token_request","")]=L);const O=a.tokenEndpoint,A={};if(s.demonstrating_proof_of_possession)if(u)A.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const m=await qe(window)(s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await I(e.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(m),A.DPoP=await Se(window)(s.demonstrating_proof_of_possession_configuration)(m,"POST",O)}const v=await sn(_)(O,{...w,...T},A,e.configuration.token_renew_mode,r);if(!v.success)throw new Error("Token request failed");let y;const b=v.data.tokens,g=v.data.demonstratingProofOfPossessionNonce;if(v.data.state!==T.state)throw new Error("state is not valid");const{isValid:S,reason:x}=de(b,f.nonce,a);if(!S)throw new Error(`Tokens are not OpenID valid, reason: ${x}`);if(u){if(b.refreshToken&&!b.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(g&&(b!=null&&b.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(u)await u.initAsync(a,"syncTokensAsync",s),y=u.getLoginParams(),g&&await u.setDemonstratingProofOfPossessionNonce(g);else{const m=I(e.configurationName,s.storage);y=m.getLoginParams(),g&&await m.setDemonstratingProofOfPossessionNonce(g)}return await e.startCheckSessionAsync(a.checkSessionIframe,t,d,n),e.publishEvent(k.loginCallbackAsync_end,{}),{tokens:b,state:"request.state",callbackPath:y.callbackPath,scope:l.scope,extras:y.extras}}catch(s){throw console.error(s),e.publishEvent(k.loginCallbackAsync_error,s),s}},Ie={access_token:"access_token",refresh_token:"refresh_token"},re=(e,n)=>{const s={};if(e){for(const[t,o]of Object.entries(e))if(t.endsWith(n)){const i=t.replace(n,"");s[i]=o}return s}return s},gn=e=>{const n={};if(e){for(const[s,t]of Object.entries(e))s.includes(":")||(n[s]=t);return n}return n},kn=e=>async n=>{K.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const s=await C(e.configuration,e.configurationName);s?await s.clearAsync(n):await I(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},mn=(e,n,s,t,o)=>async(i=void 0,r=null)=>{var T,O;const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,t.warn("callbackPathOrUrl path is not a string"));const l=i??o.getPath();let d=!1;i&&(d=i.includes("https://")||i.includes("http://"));const u=d?i:o.getOrigin()+l,_=e.tokens?e.tokens.idToken:"";try{const A=c.revocationEndpoint;if(A){const v=[],y=e.tokens?e.tokens.accessToken:null;if(y&&a.logout_tokens_to_invalidate.includes(Ie.access_token)){const g=re(r,":revoke_access_token"),S=be(s)(A,y,oe.access_token,a.client_id,g);v.push(S)}const b=e.tokens?e.tokens.refreshToken:null;if(b&&a.logout_tokens_to_invalidate.includes(Ie.refresh_token)){const g=re(r,":revoke_refresh_token"),S=be(s)(A,b,oe.refresh_token,a.client_id,g);v.push(S)}v.length>0&&await Promise.all(v)}}catch(A){t.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),t.warn(A)}const f=((O=(T=e.tokens)==null?void 0:T.idTokenPayload)==null?void 0:O.sub)??null;await e.destroyAsync("LOGGED_OUT");for(const[,A]of Object.entries(n))A!==e?await e.logoutSameTabAsync(e.configuration.client_id,f):e.publishEvent(k.logout_from_same_tab,{});const h=re(r,":oidc");if(h&&h.no_reload==="true")return;const w=gn(r);if(c.endSessionEndpoint){"id_token_hint"in w||(w.id_token_hint=_),!("post_logout_redirect_uri"in w)&&i!==null&&(w.post_logout_redirect_uri=u);let A="";for(const[v,y]of Object.entries(w))y!=null&&(A===""?A+="?":A+="&",A+=`${v}=${encodeURIComponent(y)}`);o.open(`${c.endSessionEndpoint}${A}`)}else o.reload()},Ce=(e,n,s=!1)=>async(...t)=>{var f;const[o,i,...r]=t,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const l={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:n.renewTokensAsync.bind(n)},d=await fe(l),u=(f=d==null?void 0:d.tokens)==null?void 0:f.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),u){if(n.configuration.demonstrating_proof_of_possession&&s){const h=await n.generateDemonstrationOfProofOfPossessionAsync(u,o.toString(),a.method);c.set("Authorization",`DPoP ${u}`),c.set("DPoP",h)}else c.set("Authorization",`Bearer ${u}`);a.credentials||(a.credentials="same-origin")}const _={...a,headers:c};return await e(o,_,...r)},pn=e=>async(n=!1,s=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const t=e.configuration,i=(await e.initAsync(t.authority,t.authority_configuration)).userInfoEndpoint,a=await(async()=>{const l=await Ce(fetch,e,s)(i);return l.status!==200?null:l.json()})();return e.userInfo=a,a},Ne=()=>fetch;class ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const R={},wn=(e,n=new W)=>(s,t="default")=>(R[t]||(R[t]=new N(s,t,e,n)),R[t]),An=async e=>{const{parsedTokens:n,callbackPath:s,extras:t,scope:o}=await e.loginCallbackAsync();return e.timeoutId=B(e,n.expiresAt,t,o),{callbackPath:s}},Sn=e=>Math.floor(Math.random()*e),H=class H{constructor(n,s="default",t,o=new W){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new W;const a=n.service_worker_update_require_callback??Ke(this.location);this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??U.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??j.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_update_require_callback:a,service_worker_activate:n.service_worker_activate??un,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Je,preload_user_info:n.preload_user_info??!1},this.getFetch=t??Ne,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const s=Sn(9999999999999).toString();return this.events.push({id:s,func:n}),s}removeEventSubscription(n){const s=this.events.filter(t=>t.id!==n);this.events=s}publishEvent(n,s){this.events.forEach(t=>{t.func(n,s)})}static get(n="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(R,n)&&s)throw Error(`OIDC library does seem initialized.
2
+ Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return R[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,s=z(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:s.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const s=this.location,t=z(s.getCurrentHref());t.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:t.error})}`,s.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,s.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new ae({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await C(this.configuration,this.configurationName)?window.sessionStorage:null;return await Ze(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=_n(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,s,t,o=!1){await rn(this,R,this.configuration)(n,s,t,o)}async loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=on(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):this.loginPromise=hn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,s,t,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await yn(this)(n),o=t.tokens;return this.tokens=o,await C(this.configuration,this.configurationName)||I(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(H.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath,scope:t.scope,extras:t.extras}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){const i=this.configuration,r={ath:await ve(n),...o};if(await C(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${me(this.configurationName)}`;const c=I(this.configurationName,i.storage),l=await c.getDemonstratingProofOfPossessionJwkAsync(),d=c.getDemonstratingProofOfPossessionNonce();return d&&(r.nonce=d),await Se(window)(i.demonstrating_proof_of_possession_configuration)(l,t,s,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=An(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,s=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=pn(this)(n,s),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,s=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return K.clearTimeout(this.timeoutId),this.renewTokensPromise=Oe(this,!0,n,s),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await kn(this)(n)}async logoutSameTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_same_tab,{mmessage:"SessionMonitor",sub:s}))}async logoutOtherTabAsync(n,s){this.configuration.monitor_session&&this.configuration.client_id===n&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(n=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=mn(this,R,this.getFetch(),console,this.location)(n,s),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};H.getOrCreate=(n,s)=>(t,o="default")=>wn(n,s)(t,o),H.eventNames=k;let N=H;const V=class V{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,s){this._oidc.publishEvent(n,s)}static get(n="default"){return new V(N.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,s,t,o,i)}logoutAsync(n=void 0,s=null){return this._oidc.logoutAsync(n,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,s=null){return this._oidc.renewTokensAsync(n,s)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,s,t,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,s,t,o)}async getValidTokenAsync(n=200,s=50){const t=this._oidc,o={getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},renewTokensAsync:t.renewTokensAsync.bind(t)};return fe(o,n,s)}fetchWithTokens(n,s=!1){return Ce(n,this._oidc,s)}async userInfoAsync(n=!1,s=!1){return this._oidc.userInfoAsync(n,s)}userInfo(){return this._oidc.userInfo}};V.getOrCreate=(n,s=new W)=>(t,o="default")=>new V(N.getOrCreate(n,s)(t,o)),V.eventNames=N.eventNames;let ce=V;P.OidcClient=ce,P.OidcLocation=W,P.TokenAutomaticRenewMode=U,P.TokenRenewMode=j,P.getFetchDefault=Ne,P.getParseQueryStringFromLocation=z,P.getPath=fn,Object.defineProperty(P,Symbol.toStringTag,{value:"Module"})});
package/dist/initWorker.d.ts CHANGED
@@ -4,6 +4,7 @@ export declare const sleepAsync: ({ milliseconds }: {
4
4
  milliseconds: any;
5
5
  }) => Promise<unknown>;
6
6
  export declare const defaultServiceWorkerUpdateRequireCallback: (location: ILOidcLocation) => (registration: any, stopKeepAlive: () => void) => Promise<void>;
7
+ export declare const getTabId: (configurationName: string) => string;
7
8
  export declare const initWorkerAsync: (configuration: OidcConfiguration, configurationName: string) => Promise<{
8
9
  clearAsync: (status: any) => Promise<any>;
9
10
  initAsync: (oidcServerConfiguration: any, where: any, oidcConfiguration: OidcConfiguration) => Promise<{
package/dist/initWorker.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../src/initWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAK/C,eAAO,MAAM,UAAU,GAAI,kBAAkB;IAAE,YAAY,EAAE,GAAG,CAAA;CAAE,qBAEjE,CAAC;AAuCF,eAAO,MAAM,yCAAyC,GACnD,UAAU,cAAc,MAAY,cAAc,GAAG,EAAE,eAAe,MAAM,IAAI,kBAOhF,CAAC;AAmCJ,eAAO,MAAM,eAAe,GAC1B,eAAe,iBAAiB,EAChC,mBAAmB,MAAM;;6EA2CJ,iBAAiB;;;;;;yCAuCM,MAAM;;;;;;;;;2BAiHd,MAAM;;yCAwBQ,MAAM;kFAhFjB,MAAM;;mFAmBR,UAAU;;EA4FhD,CAAC"}
1
+ {"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../src/initWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAK/C,eAAO,MAAM,UAAU,GAAI,kBAAkB;IAAE,YAAY,EAAE,GAAG,CAAA;CAAE,qBAEjE,CAAC;AAuCF,eAAO,MAAM,yCAAyC,GACnD,UAAU,cAAc,MAAY,cAAc,GAAG,EAAE,eAAe,MAAM,IAAI,kBAOhF,CAAC;AAEJ,eAAO,MAAM,QAAQ,GAAI,mBAAmB,MAAM,WAUjD,CAAC;AAuBF,eAAO,MAAM,eAAe,GAC1B,eAAe,iBAAiB,EAChC,mBAAmB,MAAM;;6EA2CJ,iBAAiB;;;;;;yCAuCM,MAAM;;;;;;;;;2BAiHd,MAAM;;yCAwBQ,MAAM;kFAhFjB,MAAM;;mFAmBR,UAAU;;EA4FhD,CAAC"}
package/dist/oidc.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAW7D,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAG1D,OAAO,EAAkB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAM1D,OAAO,EACL,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EAEV,MAAM,YAAY,CAAC;AAGpB,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACxD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,qCAAqC;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CASzB;AAYD,MAAM,MAAM,aAAa,GAAG;IAC1B,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,SAAS,CAAC;CACnB,CAAC;AAYF,qBAAa,IAAI;IACR,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBAE9B,aAAa,EAAE,iBAAiB,EAChC,iBAAiB,QAAY,EAC7B,QAAQ,EAAE,MAAM,KAAK,EACrB,QAAQ,GAAE,cAAmC;IA6D/C,eAAe,CAAC,IAAI,KAAA,GAAG,MAAM;IAM7B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,UAAU,cAAc,MAC/C,kBAAa,EAAE,aAAgB,SAE9B;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAW9B,mCAAmC,CAAC,SAAS,MAAO;IAkB9C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,sBAAsB;IAoCjF,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/C,sBAAsB,CAC1B,qBAAqB,KAAA,EACrB,QAAQ,KAAA,EACR,YAAY,KAAA,EACZ,cAAc,UAAQ;IAUxB,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAQ;IAChC,UAAU,CACd,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ;IA+BzB,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACpC,kBAAkB,CAAC,aAAa,UAAQ;IAmCxC,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IA0BlB,uCAAuC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAQ;IACvE,qCAAqC,IAAI,OAAO,CAAC,aAAa,CAAC;IAU/D,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAQ;IAUxE,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IAElC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa;IAgB/D,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAe7C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAepD,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC9B,WAAW,CACf,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB;CAgB3B;AAED,eAAe,IAAI,CAAC"}
1
+ {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAe7D,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAG1D,OAAO,EAAkB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAM1D,OAAO,EACL,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EAEV,MAAM,YAAY,CAAC;AAGpB,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACxD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,qCAAqC;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CASzB;AAYD,MAAM,MAAM,aAAa,GAAG;IAC1B,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,SAAS,CAAC;CACnB,CAAC;AAYF,qBAAa,IAAI;IACR,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBAE9B,aAAa,EAAE,iBAAiB,EAChC,iBAAiB,QAAY,EAC7B,QAAQ,EAAE,MAAM,KAAK,EACrB,QAAQ,GAAE,cAAmC;IA6D/C,eAAe,CAAC,IAAI,KAAA,GAAG,MAAM;IAM7B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,UAAU,cAAc,MAC/C,kBAAa,EAAE,aAAgB,SAE9B;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAW9B,mCAAmC,CAAC,SAAS,MAAO;IAkB9C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,sBAAsB;IAoCjF,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/C,sBAAsB,CAC1B,qBAAqB,KAAA,EACrB,QAAQ,KAAA,EACR,YAAY,KAAA,EACZ,cAAc,UAAQ;IAUxB,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAQ;IAChC,UAAU,CACd,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ;IA+BzB,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACpC,kBAAkB,CAAC,aAAa,UAAQ;IAmCxC,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IA0BlB,uCAAuC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAQ;IACvE,qCAAqC,IAAI,OAAO,CAAC,aAAa,CAAC;IAU/D,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAQ;IAUxE,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IAElC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa;IAgB/D,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAe7C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAepD,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC9B,WAAW,CACf,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB;CAgB3B;AAED,eAAe,IAAI,CAAC"}
package/dist/version.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- declare const _default: "7.25.4";
1
+ declare const _default: "7.25.6";
2
2
  export default _default;
3
3
  //# sourceMappingURL=version.d.ts.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client",
3
- "version": "7.25.4",
3
+ "version": "7.25.6",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
20
20
  "url": "https://github.com/AxaFrance/oidc-client.git"
21
21
  },
22
22
  "dependencies": {
23
- "@axa-fr/oidc-client-service-worker": "7.25.4"
23
+ "@axa-fr/oidc-client-service-worker": "7.25.6"
24
24
  },
25
25
  "devDependencies": {
26
26
  "@testing-library/dom": "10.4.0",
package/src/initWorker.ts CHANGED
@@ -57,7 +57,7 @@ export const defaultServiceWorkerUpdateRequireCallback =
57
57
  location.reload();
58
58
  };
59
59
 
60
- const getTabId = (configurationName: string) => {
60
+ export const getTabId = (configurationName: string) => {
61
61
  const tabId = sessionStorage.getItem(`oidc.tabId.${configurationName}`);
62
62
 
63
63
  if (tabId) {
package/src/oidc.ts CHANGED
@@ -3,7 +3,11 @@ import { CheckSessionIFrame } from './checkSessionIFrame.js';
3
3
  import { base64urlOfHashOfASCIIEncodingAsync } from './crypto';
4
4
  import { eventNames } from './events.js';
5
5
  import { initSession } from './initSession.js';
6
- import { defaultServiceWorkerUpdateRequireCallback, initWorkerAsync } from './initWorker.js';
6
+ import {
7
+ defaultServiceWorkerUpdateRequireCallback,
8
+ getTabId,
9
+ initWorkerAsync,
10
+ } from './initWorker.js';
7
11
  import { activateServiceWorker } from './initWorkerOption';
8
12
  import {
9
13
  defaultDemonstratingProofOfPossessionConfiguration,
@@ -387,7 +391,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
387
391
  const serviceWorker = await initWorkerAsync(configuration, this.configurationName);
388
392
 
389
393
  if (serviceWorker) {
390
- return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}`;
394
+ return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${getTabId(this.configurationName)}`;
391
395
  }
392
396
 
393
397
  const session = initSession(this.configurationName, configuration.storage);
package/src/renewTokens.ts CHANGED
@@ -219,7 +219,7 @@ const synchroniseTokensAsync =
219
219
  const isDocumentHidden = document.hidden;
220
220
  const nextIndex = isDocumentHidden ? index : index + 1;
221
221
  if (index > 4) {
222
- if(isDocumentHidden){
222
+ if (isDocumentHidden) {
223
223
  return { tokens: oidc.tokens, status: 'GIVE_UP' };
224
224
  } else {
225
225
  updateTokens(null);
package/src/version.ts CHANGED
@@ -1 +1 @@
1
- export default '7.25.4';
1
+ export default '7.25.6';