@axa-fr/oidc-client 7.25.8 → 7.25.10-alpha.1716
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +354 -346
- package/dist/index.umd.cjs +2 -2
- package/dist/initWorker.d.ts +3 -3
- package/dist/initWorker.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.d.ts.map +1 -1
- package/package.json +7 -7
- package/src/initWorker.ts +52 -20
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class
|
|
1
|
+
class j {
|
|
2
2
|
open(n) {
|
|
3
3
|
window.location.href = n;
|
|
4
4
|
}
|
|
@@ -16,10 +16,10 @@ class q {
|
|
|
16
16
|
return window.origin;
|
|
17
17
|
}
|
|
18
18
|
}
|
|
19
|
-
const
|
|
20
|
-
class
|
|
21
|
-
constructor(n, s, t, o =
|
|
22
|
-
this._callback = n, this._client_id = s, this._url = t, this._interval = o ||
|
|
19
|
+
const le = 2e3, D = console;
|
|
20
|
+
class Ce {
|
|
21
|
+
constructor(n, s, t, o = le, i = !0) {
|
|
22
|
+
this._callback = n, this._client_id = s, this._url = t, this._interval = o || le, this._stopOnError = i;
|
|
23
23
|
const r = t.indexOf("/", t.indexOf("//") + 2);
|
|
24
24
|
this._frame_origin = t.substring(0, r), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = t;
|
|
25
25
|
}
|
|
@@ -76,22 +76,22 @@ const k = {
|
|
|
76
76
|
syncTokensAsync_end: "syncTokensAsync_end",
|
|
77
77
|
syncTokensAsync_error: "syncTokensAsync_error",
|
|
78
78
|
tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
|
|
79
|
-
},
|
|
80
|
-
const s = (
|
|
79
|
+
}, I = (e, n = sessionStorage) => {
|
|
80
|
+
const s = (g) => (n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: g }), Promise.resolve()), t = async () => {
|
|
81
81
|
if (!n[`oidc.${e}`])
|
|
82
82
|
return n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
|
|
83
|
-
const
|
|
84
|
-
return Promise.resolve({ tokens:
|
|
85
|
-
}, o = (
|
|
86
|
-
n[`oidc.${e}`] = JSON.stringify({ tokens:
|
|
87
|
-
}, i = async (
|
|
88
|
-
n[`oidc.session_state.${e}`] =
|
|
89
|
-
}, r = async () => n[`oidc.session_state.${e}`], a = (
|
|
90
|
-
n[`oidc.nonce.${e}`] =
|
|
91
|
-
}, c = (
|
|
92
|
-
n[`oidc.jwk.${e}`] = JSON.stringify(
|
|
93
|
-
}, l = () => JSON.parse(n[`oidc.jwk.${e}`]), d = async () => ({ nonce: n[`oidc.nonce.${e}`] }), u = async (
|
|
94
|
-
n[`oidc.dpop_nonce.${e}`] =
|
|
83
|
+
const g = JSON.parse(n[`oidc.${e}`]);
|
|
84
|
+
return Promise.resolve({ tokens: g.tokens, status: g.status });
|
|
85
|
+
}, o = (g) => {
|
|
86
|
+
n[`oidc.${e}`] = JSON.stringify({ tokens: g });
|
|
87
|
+
}, i = async (g) => {
|
|
88
|
+
n[`oidc.session_state.${e}`] = g;
|
|
89
|
+
}, r = async () => n[`oidc.session_state.${e}`], a = (g) => {
|
|
90
|
+
n[`oidc.nonce.${e}`] = g.nonce;
|
|
91
|
+
}, c = (g) => {
|
|
92
|
+
n[`oidc.jwk.${e}`] = JSON.stringify(g);
|
|
93
|
+
}, l = () => JSON.parse(n[`oidc.jwk.${e}`]), d = async () => ({ nonce: n[`oidc.nonce.${e}`] }), u = async (g) => {
|
|
94
|
+
n[`oidc.dpop_nonce.${e}`] = g;
|
|
95
95
|
}, _ = () => n[`oidc.dpop_nonce.${e}`], f = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, h = {};
|
|
96
96
|
return {
|
|
97
97
|
clearAsync: s,
|
|
@@ -102,22 +102,22 @@ const k = {
|
|
|
102
102
|
getSessionStateAsync: r,
|
|
103
103
|
setNonceAsync: a,
|
|
104
104
|
getNonceAsync: d,
|
|
105
|
-
setLoginParams: (
|
|
106
|
-
h[e] =
|
|
105
|
+
setLoginParams: (g) => {
|
|
106
|
+
h[e] = g, n[`oidc.login.${e}`] = JSON.stringify(g);
|
|
107
107
|
},
|
|
108
108
|
getLoginParams: () => {
|
|
109
|
-
const
|
|
110
|
-
return
|
|
109
|
+
const g = n[`oidc.login.${e}`];
|
|
110
|
+
return g ? (h[e] || (h[e] = JSON.parse(g)), h[e]) : (console.warn(
|
|
111
111
|
`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`
|
|
112
112
|
), null);
|
|
113
113
|
},
|
|
114
114
|
getStateAsync: async () => n[`oidc.state.${e}`],
|
|
115
|
-
setStateAsync: async (
|
|
116
|
-
n[`oidc.state.${e}`] =
|
|
115
|
+
setStateAsync: async (g) => {
|
|
116
|
+
n[`oidc.state.${e}`] = g;
|
|
117
117
|
},
|
|
118
118
|
getCodeVerifierAsync: async () => n[`oidc.code_verifier.${e}`],
|
|
119
|
-
setCodeVerifierAsync: async (
|
|
120
|
-
n[`oidc.code_verifier.${e}`] =
|
|
119
|
+
setCodeVerifierAsync: async (g) => {
|
|
120
|
+
n[`oidc.code_verifier.${e}`] = g;
|
|
121
121
|
},
|
|
122
122
|
setDemonstratingProofOfPossessionNonce: u,
|
|
123
123
|
getDemonstratingProofOfPossessionNonce: _,
|
|
@@ -125,40 +125,40 @@ const k = {
|
|
|
125
125
|
getDemonstratingProofOfPossessionJwkAsync: l
|
|
126
126
|
};
|
|
127
127
|
};
|
|
128
|
-
var
|
|
129
|
-
const
|
|
128
|
+
var F = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(F || {});
|
|
129
|
+
const Ne = (e) => decodeURIComponent(
|
|
130
130
|
Array.prototype.map.call(atob(e), (n) => "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2)).join("")
|
|
131
|
-
),
|
|
131
|
+
), xe = (e) => JSON.parse(Ne(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), ue = (e) => {
|
|
132
132
|
try {
|
|
133
|
-
return e &&
|
|
133
|
+
return e && We(e, ".") === 2 ? xe(e.split(".")[1]) : null;
|
|
134
134
|
} catch (n) {
|
|
135
135
|
console.warn(n);
|
|
136
136
|
}
|
|
137
137
|
return null;
|
|
138
|
-
},
|
|
138
|
+
}, We = (e, n) => e.split(n).length - 1, Q = {
|
|
139
139
|
access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
|
|
140
140
|
access_token_invalid: "access_token_invalid",
|
|
141
141
|
id_token_invalid: "id_token_invalid"
|
|
142
142
|
};
|
|
143
|
-
function
|
|
143
|
+
function Le(e, n, s) {
|
|
144
144
|
if (e.issuedAt) {
|
|
145
145
|
if (typeof e.issuedAt == "string")
|
|
146
146
|
return parseInt(e.issuedAt, 10);
|
|
147
147
|
} else return n && n.iat ? n.iat : s && s.iat ? s.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
|
|
148
148
|
return e.issuedAt;
|
|
149
149
|
}
|
|
150
|
-
const
|
|
150
|
+
const oe = (e, n = null, s) => {
|
|
151
151
|
if (!e)
|
|
152
152
|
return null;
|
|
153
153
|
let t;
|
|
154
154
|
const o = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
|
|
155
|
-
e.accessTokenPayload !== void 0 ? t = e.accessTokenPayload : t =
|
|
155
|
+
e.accessTokenPayload !== void 0 ? t = e.accessTokenPayload : t = ue(e.accessToken);
|
|
156
156
|
let i;
|
|
157
157
|
n != null && "idToken" in n && !("idToken" in e) ? i = n.idToken : i = e.idToken;
|
|
158
|
-
const r = e.idTokenPayload ? e.idTokenPayload :
|
|
159
|
-
e.issuedAt =
|
|
158
|
+
const r = e.idTokenPayload ? e.idTokenPayload : ue(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, c = t && t.exp ? t.exp : e.issuedAt + o;
|
|
159
|
+
e.issuedAt = Le(e, t, r);
|
|
160
160
|
let l;
|
|
161
|
-
e.expiresAt ? l = e.expiresAt : s ===
|
|
161
|
+
e.expiresAt ? l = e.expiresAt : s === Q.access_token_invalid ? l = c : s === Q.id_token_invalid ? l = a : l = a < c ? a : c;
|
|
162
162
|
const d = {
|
|
163
163
|
...e,
|
|
164
164
|
idTokenPayload: r,
|
|
@@ -171,7 +171,7 @@ const te = (e, n = null, s) => {
|
|
|
171
171
|
return { ...d, refreshToken: u };
|
|
172
172
|
}
|
|
173
173
|
return d;
|
|
174
|
-
},
|
|
174
|
+
}, ie = (e, n, s) => {
|
|
175
175
|
if (!e)
|
|
176
176
|
return null;
|
|
177
177
|
if (!e.issued_at) {
|
|
@@ -186,19 +186,19 @@ const te = (e, n = null, s) => {
|
|
|
186
186
|
tokenType: e.token_type,
|
|
187
187
|
issuedAt: e.issued_at
|
|
188
188
|
};
|
|
189
|
-
return "refresh_token" in e && (t.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (t.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (t.idTokenPayload = e.idTokenPayload),
|
|
189
|
+
return "refresh_token" in e && (t.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (t.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (t.idTokenPayload = e.idTokenPayload), oe(t, n, s);
|
|
190
190
|
}, K = (e, n) => {
|
|
191
191
|
const s = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = n - s;
|
|
192
192
|
return Math.round(t - e);
|
|
193
|
-
},
|
|
193
|
+
}, _e = (e, n = 0) => e ? K(n, e.expiresAt) > 0 : !1, me = async (e, n = 200, s = 50) => {
|
|
194
194
|
let t = s;
|
|
195
195
|
if (!e.getTokens())
|
|
196
196
|
return null;
|
|
197
|
-
for (; !
|
|
197
|
+
for (; !_e(
|
|
198
198
|
e.getTokens(),
|
|
199
199
|
e.configuration.refresh_time_before_tokens_expiration_in_second
|
|
200
200
|
) && t > 0; ) {
|
|
201
|
-
if (e.configuration.token_automatic_renew_mode ==
|
|
201
|
+
if (e.configuration.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted) {
|
|
202
202
|
await e.renewTokensAsync({});
|
|
203
203
|
break;
|
|
204
204
|
} else
|
|
@@ -206,11 +206,11 @@ const te = (e, n = null, s) => {
|
|
|
206
206
|
t = t - 1;
|
|
207
207
|
}
|
|
208
208
|
return {
|
|
209
|
-
isTokensValid:
|
|
209
|
+
isTokensValid: _e(e.getTokens()),
|
|
210
210
|
tokens: e.getTokens(),
|
|
211
211
|
numberWaited: t - s
|
|
212
212
|
};
|
|
213
|
-
},
|
|
213
|
+
}, pe = (e, n, s) => {
|
|
214
214
|
if (e.idTokenPayload) {
|
|
215
215
|
const t = e.idTokenPayload;
|
|
216
216
|
if (s.issuer !== t.iss)
|
|
@@ -245,21 +245,21 @@ const te = (e, n = null, s) => {
|
|
|
245
245
|
setInterval: setInterval.bind(e),
|
|
246
246
|
clearInterval: clearInterval.bind(e)
|
|
247
247
|
};
|
|
248
|
-
}(),
|
|
249
|
-
let fe = null,
|
|
250
|
-
const Y = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)),
|
|
248
|
+
}(), X = "7.25.10-alpha.1716";
|
|
249
|
+
let fe = null, q;
|
|
250
|
+
const Y = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), we = (e = "/") => {
|
|
251
251
|
try {
|
|
252
|
-
|
|
252
|
+
q = new AbortController(), fetch(
|
|
253
253
|
`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,
|
|
254
|
-
{ signal:
|
|
254
|
+
{ signal: q.signal }
|
|
255
255
|
).catch((t) => {
|
|
256
256
|
console.log(t);
|
|
257
|
-
}), Y({ milliseconds: 150 * 1e3 }).then(
|
|
257
|
+
}), Y({ milliseconds: 150 * 1e3 }).then(we);
|
|
258
258
|
} catch (n) {
|
|
259
259
|
console.log(n);
|
|
260
260
|
}
|
|
261
|
-
},
|
|
262
|
-
|
|
261
|
+
}, De = () => {
|
|
262
|
+
q && q.abort();
|
|
263
263
|
}, Re = (e = "/") => fetch(`${e}OidcKeepAliveServiceWorker.json`, {
|
|
264
264
|
headers: {
|
|
265
265
|
"oidc-vanilla": "true"
|
|
@@ -270,143 +270,151 @@ const Y = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Ae =
|
|
|
270
270
|
s(), await n.update();
|
|
271
271
|
const t = await n.unregister();
|
|
272
272
|
console.log(`Service worker unregistration ${t ? "successful" : "failed"}`), await Y({ milliseconds: 2e3 }), e.reload();
|
|
273
|
-
},
|
|
273
|
+
}, Ae = (e) => {
|
|
274
274
|
const n = sessionStorage.getItem(`oidc.tabId.${e}`);
|
|
275
275
|
if (n)
|
|
276
276
|
return n;
|
|
277
277
|
const s = globalThis.crypto.randomUUID();
|
|
278
278
|
return sessionStorage.setItem(`oidc.tabId.${e}`, s), s;
|
|
279
|
-
},
|
|
279
|
+
}, O = (e) => (n) => new Promise(function(s, t) {
|
|
280
280
|
const o = new MessageChannel();
|
|
281
281
|
o.port1.onmessage = function(i) {
|
|
282
282
|
i != null && i.data.error ? t(i.data.error) : s(i.data), o.port1.close(), o.port2.close();
|
|
283
|
-
}, e.active.postMessage({ ...n, tabId:
|
|
283
|
+
}, e.active.postMessage({ ...n, tabId: Ae(n.configurationName) }, [
|
|
284
284
|
o.port2
|
|
285
285
|
]);
|
|
286
|
-
}),
|
|
287
|
-
var b;
|
|
286
|
+
}), C = async (e, n) => {
|
|
288
287
|
const s = e.service_worker_relative_url;
|
|
289
288
|
if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !s || e.service_worker_activate() === !1)
|
|
290
289
|
return null;
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
290
|
+
const t = `${s}?v=${X}`, o = await navigator.serviceWorker.register(t, {
|
|
291
|
+
updateViaCache: "none"
|
|
292
|
+
});
|
|
293
|
+
o.addEventListener("updatefound", () => {
|
|
294
|
+
const y = o.installing;
|
|
295
|
+
y == null || y.addEventListener("statechange", () => {
|
|
296
|
+
y.state === "installed" && navigator.serviceWorker.controller && (console.log("New SW waiting – skipWaiting()"), y.postMessage({ type: "SKIP_WAITING" }));
|
|
297
|
+
});
|
|
298
|
+
}), navigator.serviceWorker.addEventListener("controllerchange", () => {
|
|
299
|
+
window.__swReloading || (window.__swReloading = !0, console.log("SW controller changed – reloading page"), window.location.reload());
|
|
300
|
+
}), await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await O(o)({ type: "claim" });
|
|
301
|
+
const i = async (y) => O(o)({ type: "clear", data: { status: y }, configurationName: n }), r = async (y, E, S) => {
|
|
299
302
|
var B;
|
|
300
|
-
const m = await
|
|
303
|
+
const m = await O(o)({
|
|
301
304
|
type: "init",
|
|
302
305
|
data: {
|
|
303
|
-
oidcServerConfiguration:
|
|
304
|
-
where:
|
|
306
|
+
oidcServerConfiguration: y,
|
|
307
|
+
where: E,
|
|
305
308
|
oidcConfiguration: {
|
|
306
|
-
token_renew_mode:
|
|
307
|
-
service_worker_convert_all_requests_to_cors:
|
|
309
|
+
token_renew_mode: S.token_renew_mode,
|
|
310
|
+
service_worker_convert_all_requests_to_cors: S.service_worker_convert_all_requests_to_cors
|
|
308
311
|
}
|
|
309
312
|
},
|
|
310
313
|
configurationName: n
|
|
311
314
|
}), x = m.version;
|
|
312
|
-
return x !==
|
|
313
|
-
`Service worker ${x} version mismatch with js client version ${
|
|
314
|
-
), await ((B =
|
|
315
|
-
tokens:
|
|
315
|
+
return x !== X ? (console.warn(
|
|
316
|
+
`Service worker ${x} version mismatch with js client version ${X}, unregistering and reloading`
|
|
317
|
+
), await ((B = S.service_worker_update_require_callback) == null ? void 0 : B.call(S, o, De))) : console.log(`Service worker ${x} version match with js client version`), {
|
|
318
|
+
tokens: ie(m.tokens, null, S.token_renew_mode),
|
|
316
319
|
status: m.status
|
|
317
320
|
};
|
|
318
|
-
},
|
|
319
|
-
fe == null && (fe = "not_null",
|
|
320
|
-
},
|
|
321
|
+
}, a = (y = "/") => {
|
|
322
|
+
fe == null && (fe = "not_null", we(y));
|
|
323
|
+
}, c = (y) => O(o)({
|
|
321
324
|
type: "setSessionState",
|
|
322
|
-
data: { sessionState:
|
|
325
|
+
data: { sessionState: y },
|
|
323
326
|
configurationName: n
|
|
324
|
-
}),
|
|
327
|
+
}), l = async () => (await O(o)({
|
|
325
328
|
type: "getSessionState",
|
|
326
329
|
data: null,
|
|
327
330
|
configurationName: n
|
|
328
|
-
})).sessionState,
|
|
331
|
+
})).sessionState, d = (y) => (sessionStorage[`oidc.nonce.${n}`] = y.nonce, O(o)({
|
|
329
332
|
type: "setNonce",
|
|
330
|
-
data: { nonce:
|
|
333
|
+
data: { nonce: y },
|
|
331
334
|
configurationName: n
|
|
332
|
-
})),
|
|
333
|
-
let S = (await
|
|
335
|
+
})), u = async (y = !0) => {
|
|
336
|
+
let S = (await O(o)({
|
|
334
337
|
type: "getNonce",
|
|
335
338
|
data: null,
|
|
336
339
|
configurationName: n
|
|
337
340
|
})).nonce;
|
|
338
|
-
return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: S };
|
|
339
|
-
},
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
getNonceAsync: d,
|
|
349
|
-
setLoginParams: (g) => {
|
|
350
|
-
u[n] = g, localStorage[`oidc.login.${n}`] = JSON.stringify(g);
|
|
351
|
-
},
|
|
352
|
-
getLoginParams: () => {
|
|
353
|
-
const g = localStorage[`oidc.login.${n}`];
|
|
354
|
-
return u[n] || (u[n] = JSON.parse(g)), u[n];
|
|
355
|
-
},
|
|
356
|
-
getStateAsync: async () => {
|
|
357
|
-
let S = (await E(t)({
|
|
358
|
-
type: "getState",
|
|
359
|
-
data: null,
|
|
360
|
-
configurationName: n
|
|
361
|
-
})).state;
|
|
362
|
-
return S || (S = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage")), S;
|
|
363
|
-
},
|
|
364
|
-
setStateAsync: async (g) => (sessionStorage[`oidc.state.${n}`] = g, E(t)({
|
|
365
|
-
type: "setState",
|
|
366
|
-
data: { state: g },
|
|
341
|
+
return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage"), y && (await d(S), S = (await u(!1)).nonce)), { nonce: S };
|
|
342
|
+
}, _ = {}, f = (y) => {
|
|
343
|
+
_[n] = y, localStorage[`oidc.login.${n}`] = JSON.stringify(y);
|
|
344
|
+
}, h = () => {
|
|
345
|
+
const y = localStorage[`oidc.login.${n}`];
|
|
346
|
+
return _[n] || (_[n] = JSON.parse(y)), _[n];
|
|
347
|
+
}, p = async (y) => {
|
|
348
|
+
await O(o)({
|
|
349
|
+
type: "setDemonstratingProofOfPossessionNonce",
|
|
350
|
+
data: { demonstratingProofOfPossessionNonce: y },
|
|
367
351
|
configurationName: n
|
|
368
|
-
})
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
type: "setCodeVerifier",
|
|
379
|
-
data: { codeVerifier: g },
|
|
352
|
+
});
|
|
353
|
+
}, w = async () => (await O(o)({
|
|
354
|
+
type: "getDemonstratingProofOfPossessionNonce",
|
|
355
|
+
data: null,
|
|
356
|
+
configurationName: n
|
|
357
|
+
})).demonstratingProofOfPossessionNonce, v = async (y) => {
|
|
358
|
+
const E = JSON.stringify(y);
|
|
359
|
+
await O(o)({
|
|
360
|
+
type: "setDemonstratingProofOfPossessionJwk",
|
|
361
|
+
data: { demonstratingProofOfPossessionJwkJson: E },
|
|
380
362
|
configurationName: n
|
|
381
|
-
})
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
data: { demonstratingProofOfPossessionNonce: g },
|
|
386
|
-
configurationName: n
|
|
387
|
-
});
|
|
388
|
-
},
|
|
389
|
-
getDemonstratingProofOfPossessionNonce: async () => (await E(t)({
|
|
390
|
-
type: "getDemonstratingProofOfPossessionNonce",
|
|
363
|
+
});
|
|
364
|
+
}, P = async () => {
|
|
365
|
+
const y = await O(o)({
|
|
366
|
+
type: "getDemonstratingProofOfPossessionJwk",
|
|
391
367
|
data: null,
|
|
392
368
|
configurationName: n
|
|
393
|
-
})
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
},
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
369
|
+
});
|
|
370
|
+
return y.demonstratingProofOfPossessionJwkJson ? JSON.parse(y.demonstratingProofOfPossessionJwkJson) : null;
|
|
371
|
+
}, A = async (y = !0) => {
|
|
372
|
+
let S = (await O(o)({
|
|
373
|
+
type: "getState",
|
|
374
|
+
data: null,
|
|
375
|
+
configurationName: n
|
|
376
|
+
})).state;
|
|
377
|
+
return S || (S = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage"), y && (await T(S), S = await A(!1))), S;
|
|
378
|
+
}, T = async (y) => (sessionStorage[`oidc.state.${n}`] = y, O(o)({
|
|
379
|
+
type: "setState",
|
|
380
|
+
data: { state: y },
|
|
381
|
+
configurationName: n
|
|
382
|
+
})), g = async (y = !0) => {
|
|
383
|
+
let S = (await O(o)({
|
|
384
|
+
type: "getCodeVerifier",
|
|
385
|
+
data: null,
|
|
386
|
+
configurationName: n
|
|
387
|
+
})).codeVerifier;
|
|
388
|
+
if (!S && (S = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), y)) {
|
|
389
|
+
console.log("setCodeVerifierAsync", S), await b(S);
|
|
390
|
+
const m = await g(!1);
|
|
391
|
+
console.log("getCodeVerifierAsync", m), S = m.codeVerifier;
|
|
409
392
|
}
|
|
393
|
+
return S;
|
|
394
|
+
}, b = async (y) => (sessionStorage[`oidc.code_verifier.${n}`] = y, O(o)({
|
|
395
|
+
type: "setCodeVerifier",
|
|
396
|
+
data: { codeVerifier: y },
|
|
397
|
+
configurationName: n
|
|
398
|
+
}));
|
|
399
|
+
return {
|
|
400
|
+
clearAsync: i,
|
|
401
|
+
initAsync: r,
|
|
402
|
+
startKeepAliveServiceWorker: () => a(e.service_worker_keep_alive_path),
|
|
403
|
+
isServiceWorkerProxyActiveAsync: () => Re(e.service_worker_keep_alive_path),
|
|
404
|
+
setSessionStateAsync: c,
|
|
405
|
+
getSessionStateAsync: l,
|
|
406
|
+
setNonceAsync: d,
|
|
407
|
+
getNonceAsync: u,
|
|
408
|
+
setLoginParams: f,
|
|
409
|
+
getLoginParams: h,
|
|
410
|
+
getStateAsync: A,
|
|
411
|
+
setStateAsync: T,
|
|
412
|
+
getCodeVerifierAsync: g,
|
|
413
|
+
setCodeVerifierAsync: b,
|
|
414
|
+
setDemonstratingProofOfPossessionNonce: p,
|
|
415
|
+
getDemonstratingProofOfPossessionNonce: w,
|
|
416
|
+
setDemonstratingProofOfPossessionJwkAsync: v,
|
|
417
|
+
getDemonstratingProofOfPossessionJwkAsync: P
|
|
410
418
|
};
|
|
411
419
|
}, R = {}, Ue = (e, n = window.sessionStorage, s) => {
|
|
412
420
|
if (!R[e] && n) {
|
|
@@ -419,27 +427,27 @@ const Y = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), Ae =
|
|
|
419
427
|
const t = Date.now();
|
|
420
428
|
R[e] = { result: n, timestamp: t }, s && s.setItem(e, JSON.stringify({ result: n, timestamp: t }));
|
|
421
429
|
};
|
|
422
|
-
function
|
|
430
|
+
function Se(e) {
|
|
423
431
|
return new TextEncoder().encode(e);
|
|
424
432
|
}
|
|
425
|
-
function
|
|
433
|
+
function Te(e) {
|
|
426
434
|
return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
|
|
427
435
|
}
|
|
428
|
-
function
|
|
436
|
+
function Ve(e) {
|
|
429
437
|
return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g, function(s, t) {
|
|
430
438
|
return String.fromCharCode(parseInt(t, 16));
|
|
431
439
|
});
|
|
432
440
|
}
|
|
433
|
-
const
|
|
441
|
+
const re = (e) => {
|
|
434
442
|
let n = "";
|
|
435
443
|
return e.forEach(function(s) {
|
|
436
444
|
n += String.fromCharCode(s);
|
|
437
|
-
}),
|
|
445
|
+
}), Te(n);
|
|
438
446
|
};
|
|
439
|
-
function
|
|
440
|
-
return
|
|
447
|
+
function de(e) {
|
|
448
|
+
return Te(Ve(e));
|
|
441
449
|
}
|
|
442
|
-
const
|
|
450
|
+
const Fe = {
|
|
443
451
|
importKeyAlgorithm: {
|
|
444
452
|
name: "ECDSA",
|
|
445
453
|
namedCurve: "P-256",
|
|
@@ -452,7 +460,7 @@ const Ve = {
|
|
|
452
460
|
},
|
|
453
461
|
digestAlgorithm: { name: "SHA-256" },
|
|
454
462
|
jwtHeaderAlgorithm: "ES256"
|
|
455
|
-
},
|
|
463
|
+
}, Me = (e) => async (n, s, t, o, i = "dpop+jwt") => {
|
|
456
464
|
switch (n = Object.assign({}, n), s.typ = i, s.alg = o.jwtHeaderAlgorithm, s.alg) {
|
|
457
465
|
case "ES256":
|
|
458
466
|
s.jwk = { kty: n.kty, crv: n.crv, x: n.x, y: n.y };
|
|
@@ -466,22 +474,22 @@ const Ve = {
|
|
|
466
474
|
const r = {
|
|
467
475
|
// @ts-ignore
|
|
468
476
|
// JWT "headers" really means JWS "protected headers"
|
|
469
|
-
protected:
|
|
477
|
+
protected: de(JSON.stringify(s)),
|
|
470
478
|
// @ts-ignore
|
|
471
479
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
472
|
-
payload:
|
|
473
|
-
}, a = o.importKeyAlgorithm, c = !0, l = ["sign"], d = await e.crypto.subtle.importKey("jwk", n, a, c, l), u =
|
|
474
|
-
return r.signature =
|
|
475
|
-
},
|
|
480
|
+
payload: de(JSON.stringify(t))
|
|
481
|
+
}, a = o.importKeyAlgorithm, c = !0, l = ["sign"], d = await e.crypto.subtle.importKey("jwk", n, a, c, l), u = Se(`${r.protected}.${r.payload}`), _ = o.signAlgorithm, f = await e.crypto.subtle.sign(_, d, u);
|
|
482
|
+
return r.signature = re(new Uint8Array(f)), `${r.protected}.${r.payload}.${r.signature}`;
|
|
483
|
+
}, Je = { sign: Me }, Be = (e) => async (n) => {
|
|
476
484
|
const s = n, t = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(s, t, o);
|
|
477
485
|
return await e.crypto.subtle.exportKey("jwk", i.privateKey);
|
|
478
486
|
}, He = (e) => {
|
|
479
487
|
const n = Object.assign({}, e);
|
|
480
488
|
return delete n.d, n.key_ops = ["verify"], n;
|
|
481
|
-
},
|
|
489
|
+
}, je = {
|
|
482
490
|
generate: Be,
|
|
483
491
|
neuter: He
|
|
484
|
-
},
|
|
492
|
+
}, qe = (e) => async (n, s) => {
|
|
485
493
|
let t;
|
|
486
494
|
switch (n.kty) {
|
|
487
495
|
case "EC":
|
|
@@ -493,9 +501,9 @@ const Ve = {
|
|
|
493
501
|
default:
|
|
494
502
|
throw new Error("Unknown or not implemented JWK type");
|
|
495
503
|
}
|
|
496
|
-
const o = await e.crypto.subtle.digest(s,
|
|
497
|
-
return
|
|
498
|
-
}, Ge = { thumbprint:
|
|
504
|
+
const o = await e.crypto.subtle.digest(s, Se(t));
|
|
505
|
+
return re(new Uint8Array(o));
|
|
506
|
+
}, Ge = { thumbprint: qe }, Ye = (e) => async (n) => await je.generate(e)(n), ve = (e) => (n) => async (s, t = "POST", o, i = {}) => {
|
|
499
507
|
const r = {
|
|
500
508
|
// https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
|
|
501
509
|
jti: btoa(Xe()),
|
|
@@ -507,7 +515,7 @@ const Ve = {
|
|
|
507
515
|
s,
|
|
508
516
|
n.digestAlgorithm
|
|
509
517
|
);
|
|
510
|
-
return await
|
|
518
|
+
return await Je.sign(e)(
|
|
511
519
|
s,
|
|
512
520
|
{ kid: a },
|
|
513
521
|
r,
|
|
@@ -519,23 +527,23 @@ const Ve = {
|
|
|
519
527
|
for (let o = 0; o < 36; o++)
|
|
520
528
|
e[o] !== "-" && e[o] !== "4" && (s = Math.random() * 16 | 0), e[o] === "x" ? t += n[s] : e[o] === "y" ? (s &= 3, s |= 8, t += n[s]) : t += e[o];
|
|
521
529
|
return t;
|
|
522
|
-
},
|
|
530
|
+
}, be = () => {
|
|
523
531
|
const e = typeof window < "u" && !!window.crypto, n = e && !!window.crypto.subtle;
|
|
524
532
|
return { hasCrypto: e, hasSubtleCrypto: n };
|
|
525
|
-
},
|
|
533
|
+
}, Z = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", ze = (e) => {
|
|
526
534
|
const n = [];
|
|
527
535
|
for (let s = 0; s < e.byteLength; s += 1) {
|
|
528
|
-
const t = e[s] %
|
|
529
|
-
n.push(
|
|
536
|
+
const t = e[s] % Z.length;
|
|
537
|
+
n.push(Z[t]);
|
|
530
538
|
}
|
|
531
539
|
return n.join("");
|
|
532
|
-
},
|
|
533
|
-
const n = new Uint8Array(e), { hasCrypto: s } =
|
|
540
|
+
}, ee = (e) => {
|
|
541
|
+
const n = new Uint8Array(e), { hasCrypto: s } = be();
|
|
534
542
|
if (s)
|
|
535
543
|
window.crypto.getRandomValues(n);
|
|
536
544
|
else
|
|
537
545
|
for (let t = 0; t < e; t += 1)
|
|
538
|
-
n[t] = Math.random() *
|
|
546
|
+
n[t] = Math.random() * Z.length | 0;
|
|
539
547
|
return ze(n);
|
|
540
548
|
};
|
|
541
549
|
function Qe(e) {
|
|
@@ -544,10 +552,10 @@ function Qe(e) {
|
|
|
544
552
|
s[t] = e.charCodeAt(t);
|
|
545
553
|
return s;
|
|
546
554
|
}
|
|
547
|
-
function
|
|
555
|
+
function Ee(e) {
|
|
548
556
|
return new Promise((n, s) => {
|
|
549
557
|
crypto.subtle.digest("SHA-256", Qe(e)).then(
|
|
550
|
-
(t) => n(
|
|
558
|
+
(t) => n(re(new Uint8Array(t))),
|
|
551
559
|
(t) => s(t)
|
|
552
560
|
);
|
|
553
561
|
});
|
|
@@ -555,18 +563,18 @@ function Oe(e) {
|
|
|
555
563
|
const Ze = (e) => {
|
|
556
564
|
if (e.length < 43 || e.length > 128)
|
|
557
565
|
return Promise.reject(new Error("Invalid code length."));
|
|
558
|
-
const { hasSubtleCrypto: n } =
|
|
559
|
-
return n ?
|
|
566
|
+
const { hasSubtleCrypto: n } = be();
|
|
567
|
+
return n ? Ee(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
|
|
560
568
|
}, en = 60 * 60, nn = (e) => async (n, s = en, t = window.sessionStorage, o = 1e4) => {
|
|
561
569
|
const i = `${n}/.well-known/openid-configuration`, r = `oidc.server:${n}`, a = Ue(r, t, s);
|
|
562
570
|
if (a)
|
|
563
|
-
return new
|
|
564
|
-
const c = await
|
|
571
|
+
return new te(a);
|
|
572
|
+
const c = await J(e)(i, {}, o);
|
|
565
573
|
if (c.status !== 200)
|
|
566
574
|
return null;
|
|
567
575
|
const l = await c.json();
|
|
568
|
-
return Ke(r, l, t), new
|
|
569
|
-
},
|
|
576
|
+
return Ke(r, l, t), new te(l);
|
|
577
|
+
}, J = (e) => async (n, s = {}, t = 1e4, o = 0) => {
|
|
570
578
|
let i;
|
|
571
579
|
try {
|
|
572
580
|
const r = new AbortController();
|
|
@@ -574,16 +582,16 @@ const Ze = (e) => {
|
|
|
574
582
|
} catch (r) {
|
|
575
583
|
if (r.name === "AbortError" || r.message === "Network request failed") {
|
|
576
584
|
if (o <= 1)
|
|
577
|
-
return await
|
|
585
|
+
return await J(e)(n, s, t, o + 1);
|
|
578
586
|
throw r;
|
|
579
587
|
} else
|
|
580
588
|
throw console.error(r.message), r;
|
|
581
589
|
}
|
|
582
590
|
return i;
|
|
583
|
-
},
|
|
591
|
+
}, ne = {
|
|
584
592
|
refresh_token: "refresh_token",
|
|
585
593
|
access_token: "access_token"
|
|
586
|
-
},
|
|
594
|
+
}, he = (e) => async (n, s, t = ne.refresh_token, o, i = {}, r = 1e4) => {
|
|
587
595
|
const a = {
|
|
588
596
|
token: s,
|
|
589
597
|
token_type_hint: t,
|
|
@@ -597,7 +605,7 @@ const Ze = (e) => {
|
|
|
597
605
|
c.push(`${_}=${f}`);
|
|
598
606
|
}
|
|
599
607
|
const l = c.join("&");
|
|
600
|
-
return (await
|
|
608
|
+
return (await J(e)(
|
|
601
609
|
n,
|
|
602
610
|
{
|
|
603
611
|
method: "POST",
|
|
@@ -618,7 +626,7 @@ const Ze = (e) => {
|
|
|
618
626
|
const h = encodeURIComponent(f), p = encodeURIComponent(s[f]);
|
|
619
627
|
c.push(`${h}=${p}`);
|
|
620
628
|
}
|
|
621
|
-
const l = c.join("&"), d = await
|
|
629
|
+
const l = c.join("&"), d = await J(e)(
|
|
622
630
|
n,
|
|
623
631
|
{
|
|
624
632
|
method: "POST",
|
|
@@ -643,12 +651,12 @@ const Ze = (e) => {
|
|
|
643
651
|
)), {
|
|
644
652
|
success: !0,
|
|
645
653
|
status: d.status,
|
|
646
|
-
data:
|
|
654
|
+
data: ie(u, o, r),
|
|
647
655
|
demonstratingProofOfPossessionNonce: _
|
|
648
656
|
};
|
|
649
657
|
}, tn = (e, n) => async (s, t) => {
|
|
650
658
|
t = t ? { ...t } : {};
|
|
651
|
-
const o =
|
|
659
|
+
const o = ee(128), i = await Ze(o);
|
|
652
660
|
await e.setCodeVerifierAsync(o), await e.setStateAsync(t.state), t.code_challenge = i, t.code_challenge_method = "S256";
|
|
653
661
|
let r = "";
|
|
654
662
|
if (t)
|
|
@@ -662,7 +670,7 @@ const Ze = (e) => {
|
|
|
662
670
|
const _ = encodeURIComponent(u), f = encodeURIComponent(s[u]);
|
|
663
671
|
r.push(`${_}=${f}`);
|
|
664
672
|
}
|
|
665
|
-
const a = r.join("&"), c = await
|
|
673
|
+
const a = r.join("&"), c = await J(fetch)(
|
|
666
674
|
n,
|
|
667
675
|
{
|
|
668
676
|
method: "POST",
|
|
@@ -685,12 +693,12 @@ const Ze = (e) => {
|
|
|
685
693
|
success: !0,
|
|
686
694
|
data: {
|
|
687
695
|
state: s.state,
|
|
688
|
-
tokens:
|
|
696
|
+
tokens: ie(d, null, o),
|
|
689
697
|
demonstratingProofOfPossessionNonce: l
|
|
690
698
|
}
|
|
691
699
|
};
|
|
692
700
|
};
|
|
693
|
-
async function
|
|
701
|
+
async function ye(e, n, s, t = null) {
|
|
694
702
|
const o = (c) => {
|
|
695
703
|
e.tokens = c;
|
|
696
704
|
}, { tokens: i, status: r } = await H(e)(
|
|
@@ -700,33 +708,33 @@ async function ge(e, n, s, t = null) {
|
|
|
700
708
|
s,
|
|
701
709
|
t
|
|
702
710
|
);
|
|
703
|
-
return await
|
|
711
|
+
return await C(e.configuration, e.configurationName) || await I(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(r), null);
|
|
704
712
|
}
|
|
705
|
-
async function
|
|
713
|
+
async function Oe(e, n = !1, s = null, t = null) {
|
|
706
714
|
const o = e.configuration, i = `${o.client_id}_${e.configurationName}_${o.authority}`;
|
|
707
715
|
let r;
|
|
708
|
-
const a = await
|
|
716
|
+
const a = await C(e.configuration, e.configurationName);
|
|
709
717
|
if ((o == null ? void 0 : o.storage) === (window == null ? void 0 : window.sessionStorage) && !a || !navigator.locks)
|
|
710
|
-
r = await
|
|
718
|
+
r = await ye(e, n, s, t);
|
|
711
719
|
else {
|
|
712
720
|
let c = "retry";
|
|
713
721
|
for (; c === "retry"; )
|
|
714
722
|
c = await navigator.locks.request(
|
|
715
723
|
i,
|
|
716
724
|
{ ifAvailable: !0 },
|
|
717
|
-
async (l) => l ? await
|
|
725
|
+
async (l) => l ? await ye(e, n, s, t) : (e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available, {
|
|
718
726
|
lock: "lock not available"
|
|
719
727
|
}), "retry")
|
|
720
728
|
);
|
|
721
729
|
r = c;
|
|
722
730
|
}
|
|
723
|
-
return r ? (e.timeoutId && (e.timeoutId =
|
|
731
|
+
return r ? (e.timeoutId && (e.timeoutId = M(e, e.tokens.expiresAt, s, t)), e.tokens) : null;
|
|
724
732
|
}
|
|
725
|
-
const
|
|
733
|
+
const M = (e, n, s = null, t = null) => {
|
|
726
734
|
const o = e.configuration.refresh_time_before_tokens_expiration_in_second;
|
|
727
735
|
return e.timeoutId && U.clearTimeout(e.timeoutId), U.setTimeout(async () => {
|
|
728
736
|
const r = { timeLeft: K(o, n) };
|
|
729
|
-
e.publishEvent(N.eventNames.token_timer, r), await
|
|
737
|
+
e.publishEvent(N.eventNames.token_timer, r), await Oe(e, !1, s, t);
|
|
730
738
|
}, 1e3);
|
|
731
739
|
}, W = {
|
|
732
740
|
FORCE_REFRESH: "FORCE_REFRESH",
|
|
@@ -744,7 +752,7 @@ const J = (e, n, s = null, t = null) => {
|
|
|
744
752
|
const a = await e.initAsync(
|
|
745
753
|
n.authority,
|
|
746
754
|
n.authority_configuration
|
|
747
|
-
), c = await
|
|
755
|
+
), c = await C(n, s);
|
|
748
756
|
if (c) {
|
|
749
757
|
const { status: u, tokens: _ } = await c.initAsync(
|
|
750
758
|
a,
|
|
@@ -766,18 +774,18 @@ const J = (e, n, s = null, t = null) => {
|
|
|
766
774
|
}
|
|
767
775
|
r = await c.getNonceAsync();
|
|
768
776
|
} else {
|
|
769
|
-
const u =
|
|
777
|
+
const u = I(s, n.storage ?? sessionStorage), _ = await u.initAsync();
|
|
770
778
|
let { tokens: f } = _;
|
|
771
779
|
const { status: h } = _;
|
|
772
|
-
if (f && (f =
|
|
780
|
+
if (f && (f = oe(f, e.tokens, n.token_renew_mode)), f) {
|
|
773
781
|
if (h === "SESSIONS_LOST")
|
|
774
782
|
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
|
|
775
783
|
if (f.issuedAt !== t.issuedAt) {
|
|
776
784
|
const w = K(
|
|
777
785
|
n.refresh_time_before_tokens_expiration_in_second,
|
|
778
786
|
f.expiresAt
|
|
779
|
-
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
|
|
780
|
-
return { tokens: f, status: w, nonce:
|
|
787
|
+
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", v = await u.getNonceAsync();
|
|
788
|
+
return { tokens: f, status: w, nonce: v };
|
|
781
789
|
}
|
|
782
790
|
} else return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
|
|
783
791
|
r = await u.getNonceAsync();
|
|
@@ -799,15 +807,15 @@ const J = (e, n, s = null, t = null) => {
|
|
|
799
807
|
if (s > 4)
|
|
800
808
|
return a ? { tokens: e.tokens, status: "GIVE_UP" } : (n(null), e.publishEvent(k.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" });
|
|
801
809
|
o || (o = {});
|
|
802
|
-
const l = e.configuration, d = (_, f = null, h = null) =>
|
|
810
|
+
const l = e.configuration, d = (_, f = null, h = null) => ae(
|
|
803
811
|
e.configurationName,
|
|
804
812
|
e.configuration,
|
|
805
813
|
e.publishEvent.bind(e)
|
|
806
814
|
)(_, f, h), u = async () => {
|
|
807
815
|
try {
|
|
808
816
|
let _;
|
|
809
|
-
const f = await
|
|
810
|
-
f ? _ = f.getLoginParams() : _ =
|
|
817
|
+
const f = await C(l, e.configurationName);
|
|
818
|
+
f ? _ = f.getLoginParams() : _ = I(e.configurationName, l.storage).getLoginParams();
|
|
811
819
|
const h = await d({
|
|
812
820
|
..._.extras,
|
|
813
821
|
...o,
|
|
@@ -857,9 +865,9 @@ const J = (e, n, s = null, t = null) => {
|
|
|
857
865
|
status: "session syncTokensAsync"
|
|
858
866
|
}), { tokens: null, status: "LOGGED_OUT" };
|
|
859
867
|
case W.REQUIRE_SYNC_TOKENS:
|
|
860
|
-
return l.token_automatic_renew_mode ==
|
|
868
|
+
return l.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !== _ ? (e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(k.refreshTokensAsync_begin, { tryNumber: s }), await u());
|
|
861
869
|
default: {
|
|
862
|
-
if (l.token_automatic_renew_mode ==
|
|
870
|
+
if (l.token_automatic_renew_mode == F.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !== _)
|
|
863
871
|
return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
|
|
864
872
|
if (e.publishEvent(k.refreshTokensAsync_begin, {
|
|
865
873
|
refreshToken: f.refreshToken,
|
|
@@ -867,35 +875,35 @@ const J = (e, n, s = null, t = null) => {
|
|
|
867
875
|
tryNumber: s
|
|
868
876
|
}), !f.refreshToken)
|
|
869
877
|
return await u();
|
|
870
|
-
const p = l.client_id, w = l.redirect_uri,
|
|
871
|
-
for (const [
|
|
872
|
-
|
|
878
|
+
const p = l.client_id, w = l.redirect_uri, v = l.authority, A = { ...l.token_request_extras ? l.token_request_extras : {} };
|
|
879
|
+
for (const [g, b] of Object.entries(o))
|
|
880
|
+
g.endsWith(":token_request") && (A[g.replace(":token_request", "")] = b);
|
|
873
881
|
return await (async () => {
|
|
874
|
-
const
|
|
882
|
+
const g = {
|
|
875
883
|
client_id: p,
|
|
876
884
|
redirect_uri: w,
|
|
877
885
|
grant_type: "refresh_token",
|
|
878
886
|
refresh_token: f.refreshToken
|
|
879
887
|
}, b = await e.initAsync(
|
|
880
|
-
|
|
888
|
+
v,
|
|
881
889
|
l.authority_configuration
|
|
882
|
-
),
|
|
883
|
-
l.demonstrating_proof_of_possession && (
|
|
890
|
+
), y = document.hidden ? 1e4 : 3e4 * 10, E = b.tokenEndpoint, S = {};
|
|
891
|
+
l.demonstrating_proof_of_possession && (S.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(
|
|
884
892
|
f.accessToken,
|
|
885
|
-
|
|
893
|
+
E,
|
|
886
894
|
"POST"
|
|
887
895
|
));
|
|
888
896
|
const m = await sn(e.getFetch())(
|
|
889
|
-
|
|
890
|
-
|
|
897
|
+
E,
|
|
898
|
+
g,
|
|
891
899
|
A,
|
|
892
900
|
f,
|
|
893
|
-
|
|
901
|
+
S,
|
|
894
902
|
l.token_renew_mode,
|
|
895
|
-
|
|
903
|
+
y
|
|
896
904
|
);
|
|
897
905
|
if (m.success) {
|
|
898
|
-
const { isValid: x, reason: B } =
|
|
906
|
+
const { isValid: x, reason: B } = pe(
|
|
899
907
|
m.data,
|
|
900
908
|
h.nonce,
|
|
901
909
|
b
|
|
@@ -905,10 +913,10 @@ const J = (e, n, s = null, t = null) => {
|
|
|
905
913
|
message: `refresh token return not valid tokens, reason: ${B}`
|
|
906
914
|
}), { tokens: null, status: "SESSION_LOST" };
|
|
907
915
|
if (n(m.data), m.demonstratingProofOfPossessionNonce) {
|
|
908
|
-
const
|
|
909
|
-
|
|
916
|
+
const ce = await C(l, e.configurationName);
|
|
917
|
+
ce ? await ce.setDemonstratingProofOfPossessionNonce(
|
|
910
918
|
m.demonstratingProofOfPossessionNonce
|
|
911
|
-
) : await
|
|
919
|
+
) : await I(e.configurationName, l.storage).setDemonstratingProofOfPossessionNonce(
|
|
912
920
|
m.demonstratingProofOfPossessionNonce
|
|
913
921
|
);
|
|
914
922
|
}
|
|
@@ -941,7 +949,7 @@ const J = (e, n, s = null, t = null) => {
|
|
|
941
949
|
}, 1e3);
|
|
942
950
|
});
|
|
943
951
|
}
|
|
944
|
-
},
|
|
952
|
+
}, ae = (e, n, s) => (t = null, o = null, i = null) => {
|
|
945
953
|
if (!n.silent_redirect_uri || !n.silent_login_uri)
|
|
946
954
|
return Promise.resolve(null);
|
|
947
955
|
try {
|
|
@@ -957,17 +965,17 @@ const J = (e, n, s = null, t = null) => {
|
|
|
957
965
|
window.removeEventListener("message", p), d.remove(), f = !0;
|
|
958
966
|
}, p = (w) => {
|
|
959
967
|
if (w.origin === l && w.source === d.contentWindow) {
|
|
960
|
-
const
|
|
961
|
-
if (
|
|
962
|
-
if (
|
|
963
|
-
const
|
|
964
|
-
s(k.silentLoginAsync_end, {}), u(
|
|
965
|
-
} else if (
|
|
966
|
-
const
|
|
967
|
-
s(k.silentLoginAsync_error,
|
|
968
|
-
} else if (
|
|
969
|
-
const
|
|
970
|
-
s(k.silentLoginAsync_error,
|
|
968
|
+
const v = `${e}_oidc_tokens:`, P = `${e}_oidc_error:`, A = `${e}_oidc_exception:`, T = w.data;
|
|
969
|
+
if (T && typeof T == "string" && !f) {
|
|
970
|
+
if (T.startsWith(v)) {
|
|
971
|
+
const g = JSON.parse(w.data.replace(v, ""));
|
|
972
|
+
s(k.silentLoginAsync_end, {}), u(g), h();
|
|
973
|
+
} else if (T.startsWith(P)) {
|
|
974
|
+
const g = JSON.parse(w.data.replace(P, ""));
|
|
975
|
+
s(k.silentLoginAsync_error, g), u({ error: "oidc_" + g.error, tokens: null, sessionState: null }), h();
|
|
976
|
+
} else if (T.startsWith(A)) {
|
|
977
|
+
const g = JSON.parse(w.data.replace(A, ""));
|
|
978
|
+
s(k.silentLoginAsync_error, g), _(new Error(g.error)), h();
|
|
971
979
|
}
|
|
972
980
|
}
|
|
973
981
|
}
|
|
@@ -987,7 +995,7 @@ const J = (e, n, s = null, t = null) => {
|
|
|
987
995
|
}
|
|
988
996
|
}, an = (e, n, s, t, o) => (i = null, r = void 0) => {
|
|
989
997
|
i = { ...i };
|
|
990
|
-
const a = (l, d, u) =>
|
|
998
|
+
const a = (l, d, u) => ae(n, s, t.bind(o))(
|
|
991
999
|
l,
|
|
992
1000
|
d,
|
|
993
1001
|
u
|
|
@@ -1006,13 +1014,13 @@ const J = (e, n, s = null, t = null) => {
|
|
|
1006
1014
|
r
|
|
1007
1015
|
);
|
|
1008
1016
|
if (u)
|
|
1009
|
-
return o.tokens = u.tokens, t(k.token_acquired, {}), o.timeoutId =
|
|
1017
|
+
return o.tokens = u.tokens, t(k.token_acquired, {}), o.timeoutId = M(o, o.tokens.expiresAt, i, r), {};
|
|
1010
1018
|
} catch (d) {
|
|
1011
1019
|
return d;
|
|
1012
1020
|
}
|
|
1013
1021
|
})();
|
|
1014
1022
|
}, cn = (e, n, s) => (t, o, i, r = !1) => {
|
|
1015
|
-
const a = (c, l = void 0, d = void 0) =>
|
|
1023
|
+
const a = (c, l = void 0, d = void 0) => ae(e.configurationName, s, e.publishEvent.bind(e))(
|
|
1016
1024
|
c,
|
|
1017
1025
|
l,
|
|
1018
1026
|
d
|
|
@@ -1056,7 +1064,7 @@ const J = (e, n, s = null, t = null) => {
|
|
|
1056
1064
|
await p.logoutOtherTabAsync(s.client_id, f.sub);
|
|
1057
1065
|
});
|
|
1058
1066
|
};
|
|
1059
|
-
e.checkSessionIFrame = new
|
|
1067
|
+
e.checkSessionIFrame = new Ce(
|
|
1060
1068
|
d,
|
|
1061
1069
|
o,
|
|
1062
1070
|
t
|
|
@@ -1162,7 +1170,7 @@ const fn = () => {
|
|
|
1162
1170
|
s.authority,
|
|
1163
1171
|
s.authority_configuration
|
|
1164
1172
|
);
|
|
1165
|
-
if (n = await
|
|
1173
|
+
if (n = await C(s, e.configurationName), n) {
|
|
1166
1174
|
const { tokens: o } = await n.initAsync(
|
|
1167
1175
|
t,
|
|
1168
1176
|
"tryKeepExistingSessionAsync",
|
|
@@ -1171,7 +1179,7 @@ const fn = () => {
|
|
|
1171
1179
|
if (o) {
|
|
1172
1180
|
n.startKeepAliveServiceWorker(), e.tokens = o;
|
|
1173
1181
|
const i = n.getLoginParams(e.configurationName);
|
|
1174
|
-
e.timeoutId =
|
|
1182
|
+
e.timeoutId = M(
|
|
1175
1183
|
e,
|
|
1176
1184
|
e.tokens.expiresAt,
|
|
1177
1185
|
i.extras,
|
|
@@ -1195,11 +1203,11 @@ const fn = () => {
|
|
|
1195
1203
|
s.service_worker_relative_url && e.publishEvent(k.service_worker_not_supported_by_browser, {
|
|
1196
1204
|
message: "service worker is not supported by this browser"
|
|
1197
1205
|
});
|
|
1198
|
-
const o =
|
|
1206
|
+
const o = I(e.configurationName, s.storage ?? sessionStorage), { tokens: i } = await o.initAsync();
|
|
1199
1207
|
if (i) {
|
|
1200
|
-
e.tokens =
|
|
1208
|
+
e.tokens = oe(i, null, s.token_renew_mode);
|
|
1201
1209
|
const r = o.getLoginParams();
|
|
1202
|
-
e.timeoutId =
|
|
1210
|
+
e.timeoutId = M(
|
|
1203
1211
|
e,
|
|
1204
1212
|
e.tokens.expiresAt,
|
|
1205
1213
|
r.extras,
|
|
@@ -1226,7 +1234,7 @@ const fn = () => {
|
|
|
1226
1234
|
"tokens inside ServiceWorker are invalid"
|
|
1227
1235
|
), !1;
|
|
1228
1236
|
}
|
|
1229
|
-
},
|
|
1237
|
+
}, Pe = (e) => {
|
|
1230
1238
|
const n = e.match(
|
|
1231
1239
|
// eslint-disable-next-line no-useless-escape
|
|
1232
1240
|
/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
|
|
@@ -1249,13 +1257,13 @@ const fn = () => {
|
|
|
1249
1257
|
hash: t
|
|
1250
1258
|
};
|
|
1251
1259
|
}, En = (e) => {
|
|
1252
|
-
const n =
|
|
1260
|
+
const n = Pe(e);
|
|
1253
1261
|
let { path: s } = n;
|
|
1254
1262
|
s.endsWith("/") && (s = s.slice(0, -1));
|
|
1255
1263
|
let { hash: t } = n;
|
|
1256
1264
|
return t === "#_=_" && (t = ""), t && (s += t), s;
|
|
1257
|
-
},
|
|
1258
|
-
const n =
|
|
1265
|
+
}, se = (e) => {
|
|
1266
|
+
const n = Pe(e), { search: s } = n;
|
|
1259
1267
|
return hn(s);
|
|
1260
1268
|
}, hn = (e) => {
|
|
1261
1269
|
const n = {};
|
|
@@ -1268,35 +1276,35 @@ const fn = () => {
|
|
|
1268
1276
|
const l = r;
|
|
1269
1277
|
return r = { ...r }, (async () => {
|
|
1270
1278
|
const u = i || o.getPath();
|
|
1271
|
-
if ("state" in r || (r.state =
|
|
1279
|
+
if ("state" in r || (r.state = ee(16)), s(k.loginAsync_begin, {}), r)
|
|
1272
1280
|
for (const _ of Object.keys(r))
|
|
1273
1281
|
_.endsWith(":token_request") && delete r[_];
|
|
1274
1282
|
try {
|
|
1275
1283
|
const _ = a ? n.silent_redirect_uri : n.redirect_uri;
|
|
1276
1284
|
c || (c = n.scope);
|
|
1277
1285
|
const f = n.extras ? { ...n.extras, ...r } : r;
|
|
1278
|
-
f.nonce || (f.nonce =
|
|
1279
|
-
const h = { nonce: f.nonce }, p = await
|
|
1286
|
+
f.nonce || (f.nonce = ee(12));
|
|
1287
|
+
const h = { nonce: f.nonce }, p = await C(n, e), w = await t(
|
|
1280
1288
|
n.authority,
|
|
1281
1289
|
n.authority_configuration
|
|
1282
1290
|
);
|
|
1283
|
-
let
|
|
1291
|
+
let v;
|
|
1284
1292
|
if (p)
|
|
1285
|
-
p.setLoginParams({ callbackPath: u, extras: l, scope: c }), await p.initAsync(w, "loginAsync", n), await p.setNonceAsync(h), p.startKeepAliveServiceWorker(),
|
|
1293
|
+
p.setLoginParams({ callbackPath: u, extras: l, scope: c }), await p.initAsync(w, "loginAsync", n), await p.setNonceAsync(h), p.startKeepAliveServiceWorker(), v = p;
|
|
1286
1294
|
else {
|
|
1287
|
-
const A =
|
|
1288
|
-
A.setLoginParams({ callbackPath: u, extras: l, scope: c }), await A.setNonceAsync(h),
|
|
1295
|
+
const A = I(e, n.storage ?? sessionStorage);
|
|
1296
|
+
A.setLoginParams({ callbackPath: u, extras: l, scope: c }), await A.setNonceAsync(h), v = A;
|
|
1289
1297
|
}
|
|
1290
|
-
const
|
|
1298
|
+
const P = {
|
|
1291
1299
|
client_id: n.client_id,
|
|
1292
1300
|
redirect_uri: _,
|
|
1293
1301
|
scope: c,
|
|
1294
1302
|
response_type: "code",
|
|
1295
1303
|
...f
|
|
1296
1304
|
};
|
|
1297
|
-
await tn(
|
|
1305
|
+
await tn(v, o)(
|
|
1298
1306
|
w.authorizationEndpoint,
|
|
1299
|
-
|
|
1307
|
+
P
|
|
1300
1308
|
);
|
|
1301
1309
|
} catch (_) {
|
|
1302
1310
|
throw s(k.loginAsync_error, _), _;
|
|
@@ -1308,12 +1316,12 @@ const fn = () => {
|
|
|
1308
1316
|
const s = e.configuration, t = s.client_id, o = n ? s.silent_redirect_uri : s.redirect_uri, i = s.authority, r = s.token_request_timeout, a = await e.initAsync(
|
|
1309
1317
|
i,
|
|
1310
1318
|
s.authority_configuration
|
|
1311
|
-
), c = e.location.getCurrentHref(), l =
|
|
1319
|
+
), c = e.location.getCurrentHref(), l = se(c), d = l.session_state, u = await C(s, e.configurationName);
|
|
1312
1320
|
let _, f, h, p;
|
|
1313
1321
|
if (u)
|
|
1314
1322
|
await u.initAsync(a, "loginCallbackAsync", s), await u.setSessionStateAsync(d), f = await u.getNonceAsync(), h = u.getLoginParams(), p = await u.getStateAsync(), u.startKeepAliveServiceWorker(), _ = u;
|
|
1315
1323
|
else {
|
|
1316
|
-
const m =
|
|
1324
|
+
const m = I(
|
|
1317
1325
|
e.configurationName,
|
|
1318
1326
|
s.storage ?? sessionStorage
|
|
1319
1327
|
);
|
|
@@ -1334,14 +1342,14 @@ const fn = () => {
|
|
|
1334
1342
|
grant_type: "authorization_code",
|
|
1335
1343
|
client_id: s.client_id,
|
|
1336
1344
|
redirect_uri: o
|
|
1337
|
-
},
|
|
1345
|
+
}, v = {};
|
|
1338
1346
|
if (s.token_request_extras)
|
|
1339
1347
|
for (const [m, x] of Object.entries(s.token_request_extras))
|
|
1340
|
-
|
|
1348
|
+
v[m] = x;
|
|
1341
1349
|
if (h != null && h.extras)
|
|
1342
1350
|
for (const [m, x] of Object.entries(h.extras))
|
|
1343
|
-
m.endsWith(":token_request") && (
|
|
1344
|
-
const
|
|
1351
|
+
m.endsWith(":token_request") && (v[m.replace(":token_request", "")] = x);
|
|
1352
|
+
const P = a.tokenEndpoint, A = {};
|
|
1345
1353
|
if (s.demonstrating_proof_of_possession)
|
|
1346
1354
|
if (u)
|
|
1347
1355
|
A.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
|
|
@@ -1349,45 +1357,45 @@ const fn = () => {
|
|
|
1349
1357
|
const m = await Ye(window)(
|
|
1350
1358
|
s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
|
|
1351
1359
|
);
|
|
1352
|
-
await
|
|
1360
|
+
await I(e.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(m), A.DPoP = await ve(window)(
|
|
1353
1361
|
s.demonstrating_proof_of_possession_configuration
|
|
1354
|
-
)(m, "POST",
|
|
1362
|
+
)(m, "POST", P);
|
|
1355
1363
|
}
|
|
1356
|
-
const
|
|
1357
|
-
|
|
1358
|
-
{ ...w, ...
|
|
1364
|
+
const T = await on(_)(
|
|
1365
|
+
P,
|
|
1366
|
+
{ ...w, ...v },
|
|
1359
1367
|
A,
|
|
1360
1368
|
e.configuration.token_renew_mode,
|
|
1361
1369
|
r
|
|
1362
1370
|
);
|
|
1363
|
-
if (!
|
|
1371
|
+
if (!T.success)
|
|
1364
1372
|
throw new Error("Token request failed");
|
|
1365
|
-
let
|
|
1366
|
-
const b =
|
|
1367
|
-
if (
|
|
1373
|
+
let g;
|
|
1374
|
+
const b = T.data.tokens, y = T.data.demonstratingProofOfPossessionNonce;
|
|
1375
|
+
if (T.data.state !== v.state)
|
|
1368
1376
|
throw new Error("state is not valid");
|
|
1369
|
-
const { isValid:
|
|
1377
|
+
const { isValid: E, reason: S } = pe(
|
|
1370
1378
|
b,
|
|
1371
1379
|
f.nonce,
|
|
1372
1380
|
a
|
|
1373
1381
|
);
|
|
1374
|
-
if (!
|
|
1375
|
-
throw new Error(`Tokens are not OpenID valid, reason: ${
|
|
1382
|
+
if (!E)
|
|
1383
|
+
throw new Error(`Tokens are not OpenID valid, reason: ${S}`);
|
|
1376
1384
|
if (u) {
|
|
1377
1385
|
if (b.refreshToken && !b.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1378
1386
|
throw new Error("Refresh token should be hidden by service worker");
|
|
1379
|
-
if (
|
|
1387
|
+
if (y && (b != null && b.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")))
|
|
1380
1388
|
throw new Error(
|
|
1381
1389
|
"Demonstration of proof of possession require Access token not hidden by service worker"
|
|
1382
1390
|
);
|
|
1383
1391
|
}
|
|
1384
1392
|
if (u)
|
|
1385
|
-
await u.initAsync(a, "syncTokensAsync", s),
|
|
1386
|
-
|
|
1393
|
+
await u.initAsync(a, "syncTokensAsync", s), g = u.getLoginParams(), y && await u.setDemonstratingProofOfPossessionNonce(
|
|
1394
|
+
y
|
|
1387
1395
|
);
|
|
1388
1396
|
else {
|
|
1389
|
-
const m =
|
|
1390
|
-
|
|
1397
|
+
const m = I(e.configurationName, s.storage);
|
|
1398
|
+
g = m.getLoginParams(), y && await m.setDemonstratingProofOfPossessionNonce(y);
|
|
1391
1399
|
}
|
|
1392
1400
|
return await e.startCheckSessionAsync(
|
|
1393
1401
|
a.checkSessionIframe,
|
|
@@ -1397,17 +1405,17 @@ const fn = () => {
|
|
|
1397
1405
|
), e.publishEvent(k.loginCallbackAsync_end, {}), {
|
|
1398
1406
|
tokens: b,
|
|
1399
1407
|
state: "request.state",
|
|
1400
|
-
callbackPath:
|
|
1408
|
+
callbackPath: g.callbackPath,
|
|
1401
1409
|
scope: l.scope,
|
|
1402
|
-
extras:
|
|
1410
|
+
extras: g.extras
|
|
1403
1411
|
};
|
|
1404
1412
|
} catch (s) {
|
|
1405
1413
|
throw console.error(s), e.publishEvent(k.loginCallbackAsync_error, s), s;
|
|
1406
1414
|
}
|
|
1407
|
-
},
|
|
1415
|
+
}, ge = {
|
|
1408
1416
|
access_token: "access_token",
|
|
1409
1417
|
refresh_token: "refresh_token"
|
|
1410
|
-
},
|
|
1418
|
+
}, z = (e, n) => {
|
|
1411
1419
|
const s = {};
|
|
1412
1420
|
if (e) {
|
|
1413
1421
|
for (const [t, o] of Object.entries(e))
|
|
@@ -1428,10 +1436,10 @@ const fn = () => {
|
|
|
1428
1436
|
return n;
|
|
1429
1437
|
}, mn = (e) => async (n) => {
|
|
1430
1438
|
U.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
|
|
1431
|
-
const s = await
|
|
1432
|
-
s ? await s.clearAsync(n) : await
|
|
1439
|
+
const s = await C(e.configuration, e.configurationName);
|
|
1440
|
+
s ? await s.clearAsync(n) : await I(e.configurationName, e.configuration.storage).clearAsync(n), e.tokens = null, e.userInfo = null;
|
|
1433
1441
|
}, pn = (e, n, s, t, o) => async (i = void 0, r = null) => {
|
|
1434
|
-
var
|
|
1442
|
+
var v, P;
|
|
1435
1443
|
const a = e.configuration, c = await e.initAsync(
|
|
1436
1444
|
a.authority,
|
|
1437
1445
|
a.authority_configuration
|
|
@@ -1444,52 +1452,52 @@ const fn = () => {
|
|
|
1444
1452
|
try {
|
|
1445
1453
|
const A = c.revocationEndpoint;
|
|
1446
1454
|
if (A) {
|
|
1447
|
-
const
|
|
1448
|
-
if (
|
|
1449
|
-
const
|
|
1455
|
+
const T = [], g = e.tokens ? e.tokens.accessToken : null;
|
|
1456
|
+
if (g && a.logout_tokens_to_invalidate.includes(ge.access_token)) {
|
|
1457
|
+
const y = z(r, ":revoke_access_token"), E = he(s)(
|
|
1450
1458
|
A,
|
|
1451
|
-
|
|
1452
|
-
|
|
1459
|
+
g,
|
|
1460
|
+
ne.access_token,
|
|
1453
1461
|
a.client_id,
|
|
1454
|
-
|
|
1462
|
+
y
|
|
1455
1463
|
);
|
|
1456
|
-
|
|
1464
|
+
T.push(E);
|
|
1457
1465
|
}
|
|
1458
1466
|
const b = e.tokens ? e.tokens.refreshToken : null;
|
|
1459
|
-
if (b && a.logout_tokens_to_invalidate.includes(
|
|
1460
|
-
const
|
|
1467
|
+
if (b && a.logout_tokens_to_invalidate.includes(ge.refresh_token)) {
|
|
1468
|
+
const y = z(r, ":revoke_refresh_token"), E = he(s)(
|
|
1461
1469
|
A,
|
|
1462
1470
|
b,
|
|
1463
|
-
|
|
1471
|
+
ne.refresh_token,
|
|
1464
1472
|
a.client_id,
|
|
1465
|
-
|
|
1473
|
+
y
|
|
1466
1474
|
);
|
|
1467
|
-
|
|
1475
|
+
T.push(E);
|
|
1468
1476
|
}
|
|
1469
|
-
|
|
1477
|
+
T.length > 0 && await Promise.all(T);
|
|
1470
1478
|
}
|
|
1471
1479
|
} catch (A) {
|
|
1472
1480
|
t.warn(
|
|
1473
1481
|
"logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"
|
|
1474
1482
|
), t.warn(A);
|
|
1475
1483
|
}
|
|
1476
|
-
const f = ((
|
|
1484
|
+
const f = ((P = (v = e.tokens) == null ? void 0 : v.idTokenPayload) == null ? void 0 : P.sub) ?? null;
|
|
1477
1485
|
await e.destroyAsync("LOGGED_OUT");
|
|
1478
1486
|
for (const [, A] of Object.entries(n))
|
|
1479
1487
|
A !== e ? await e.logoutSameTabAsync(e.configuration.client_id, f) : e.publishEvent(k.logout_from_same_tab, {});
|
|
1480
|
-
const h =
|
|
1488
|
+
const h = z(r, ":oidc");
|
|
1481
1489
|
if (h && h.no_reload === "true")
|
|
1482
1490
|
return;
|
|
1483
1491
|
const w = kn(r);
|
|
1484
1492
|
if (c.endSessionEndpoint) {
|
|
1485
1493
|
"id_token_hint" in w || (w.id_token_hint = _), !("post_logout_redirect_uri" in w) && i !== null && (w.post_logout_redirect_uri = u);
|
|
1486
1494
|
let A = "";
|
|
1487
|
-
for (const [
|
|
1488
|
-
|
|
1495
|
+
for (const [T, g] of Object.entries(w))
|
|
1496
|
+
g != null && (A === "" ? A += "?" : A += "&", A += `${T}=${encodeURIComponent(g)}`);
|
|
1489
1497
|
o.open(`${c.endSessionEndpoint}${A}`);
|
|
1490
1498
|
} else
|
|
1491
1499
|
o.reload();
|
|
1492
|
-
},
|
|
1500
|
+
}, Ie = (e, n, s = !1) => async (...t) => {
|
|
1493
1501
|
var f;
|
|
1494
1502
|
const [o, i, ...r] = t, a = i ? { ...i } : { method: "GET" };
|
|
1495
1503
|
let c = new Headers();
|
|
@@ -1501,7 +1509,7 @@ const fn = () => {
|
|
|
1501
1509
|
refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
|
|
1502
1510
|
},
|
|
1503
1511
|
renewTokensAsync: n.renewTokensAsync.bind(n)
|
|
1504
|
-
}, d = await
|
|
1512
|
+
}, d = await me(l), u = (f = d == null ? void 0 : d.tokens) == null ? void 0 : f.accessToken;
|
|
1505
1513
|
if (c.has("Accept") || c.set("Accept", "application/json"), u) {
|
|
1506
1514
|
if (n.configuration.demonstrating_proof_of_possession && s) {
|
|
1507
1515
|
const h = await n.generateDemonstrationOfProofOfPossessionAsync(
|
|
@@ -1523,35 +1531,35 @@ const fn = () => {
|
|
|
1523
1531
|
t.authority,
|
|
1524
1532
|
t.authority_configuration
|
|
1525
1533
|
)).userInfoEndpoint, a = await (async () => {
|
|
1526
|
-
const l = await
|
|
1534
|
+
const l = await Ie(fetch, e, s)(i);
|
|
1527
1535
|
return l.status !== 200 ? null : l.json();
|
|
1528
1536
|
})();
|
|
1529
1537
|
return e.userInfo = a, a;
|
|
1530
1538
|
}, An = () => fetch;
|
|
1531
|
-
class
|
|
1539
|
+
class te {
|
|
1532
1540
|
constructor(n) {
|
|
1533
1541
|
this.authorizationEndpoint = n.authorization_endpoint, this.tokenEndpoint = n.token_endpoint, this.revocationEndpoint = n.revocation_endpoint, this.userInfoEndpoint = n.userinfo_endpoint, this.checkSessionIframe = n.check_session_iframe, this.issuer = n.issuer, this.endSessionEndpoint = n.end_session_endpoint;
|
|
1534
1542
|
}
|
|
1535
1543
|
}
|
|
1536
|
-
const L = {}, Sn = (e, n = new
|
|
1544
|
+
const L = {}, Sn = (e, n = new j()) => (s, t = "default") => (L[t] || (L[t] = new N(s, t, e, n)), L[t]), Tn = async (e) => {
|
|
1537
1545
|
const { parsedTokens: n, callbackPath: s, extras: t, scope: o } = await e.loginCallbackAsync();
|
|
1538
|
-
return e.timeoutId =
|
|
1539
|
-
}, vn = (e) => Math.floor(Math.random() * e),
|
|
1540
|
-
constructor(n, s = "default", t, o = new
|
|
1546
|
+
return e.timeoutId = M(e, n.expiresAt, t, o), { callbackPath: s };
|
|
1547
|
+
}, vn = (e) => Math.floor(Math.random() * e), V = class V {
|
|
1548
|
+
constructor(n, s = "default", t, o = new j()) {
|
|
1541
1549
|
this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
|
|
1542
1550
|
let i = n.silent_login_uri;
|
|
1543
1551
|
n.silent_redirect_uri && !n.silent_login_uri && (i = `${n.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
|
|
1544
1552
|
let r = n.refresh_time_before_tokens_expiration_in_second ?? 120;
|
|
1545
|
-
r > 60 && (r = r - Math.floor(Math.random() * 40)), this.location = o ?? new
|
|
1553
|
+
r > 60 && (r = r - Math.floor(Math.random() * 40)), this.location = o ?? new j();
|
|
1546
1554
|
const a = n.service_worker_update_require_callback ?? $e(this.location);
|
|
1547
1555
|
this.configuration = {
|
|
1548
1556
|
...n,
|
|
1549
1557
|
silent_login_uri: i,
|
|
1550
|
-
token_automatic_renew_mode: n.token_automatic_renew_mode ??
|
|
1558
|
+
token_automatic_renew_mode: n.token_automatic_renew_mode ?? F.AutomaticBeforeTokenExpiration,
|
|
1551
1559
|
monitor_session: n.monitor_session ?? !1,
|
|
1552
1560
|
refresh_time_before_tokens_expiration_in_second: r,
|
|
1553
1561
|
silent_login_timeout: n.silent_login_timeout ?? 12e3,
|
|
1554
|
-
token_renew_mode: n.token_renew_mode ??
|
|
1562
|
+
token_renew_mode: n.token_renew_mode ?? Q.access_token_or_id_token_invalid,
|
|
1555
1563
|
demonstrating_proof_of_possession: n.demonstrating_proof_of_possession ?? !1,
|
|
1556
1564
|
authority_timeout_wellknowurl_in_millisecond: n.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
|
|
1557
1565
|
logout_tokens_to_invalidate: n.logout_tokens_to_invalidate ?? [
|
|
@@ -1560,7 +1568,7 @@ const L = {}, Sn = (e, n = new q()) => (s, t = "default") => (L[t] || (L[t] = ne
|
|
|
1560
1568
|
],
|
|
1561
1569
|
service_worker_update_require_callback: a,
|
|
1562
1570
|
service_worker_activate: n.service_worker_activate ?? fn,
|
|
1563
|
-
demonstrating_proof_of_possession_configuration: n.demonstrating_proof_of_possession_configuration ??
|
|
1571
|
+
demonstrating_proof_of_possession_configuration: n.demonstrating_proof_of_possession_configuration ?? Fe,
|
|
1564
1572
|
preload_user_info: n.preload_user_info ?? !1
|
|
1565
1573
|
}, this.getFetch = t ?? An, this.configurationName = s, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
|
|
1566
1574
|
}
|
|
@@ -1586,7 +1594,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1586
1594
|
}
|
|
1587
1595
|
_silentLoginCallbackFromIFrame() {
|
|
1588
1596
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
1589
|
-
const n = this.location, s =
|
|
1597
|
+
const n = this.location, s = se(n.getCurrentHref());
|
|
1590
1598
|
window.parent.postMessage(
|
|
1591
1599
|
`${this.configurationName}_oidc_tokens:${JSON.stringify({ tokens: this.tokens, sessionState: s.session_state })}`,
|
|
1592
1600
|
n.getOrigin()
|
|
@@ -1595,7 +1603,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1595
1603
|
}
|
|
1596
1604
|
_silentLoginErrorCallbackFromIFrame(n = null) {
|
|
1597
1605
|
if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
|
|
1598
|
-
const s = this.location, t =
|
|
1606
|
+
const s = this.location, t = se(s.getCurrentHref());
|
|
1599
1607
|
t.error ? window.parent.postMessage(
|
|
1600
1608
|
`${this.configurationName}_oidc_error:${JSON.stringify({ error: t.error })}`,
|
|
1601
1609
|
s.getOrigin()
|
|
@@ -1617,7 +1625,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1617
1625
|
return this.initPromise;
|
|
1618
1626
|
const t = async () => {
|
|
1619
1627
|
if (s != null)
|
|
1620
|
-
return new
|
|
1628
|
+
return new te({
|
|
1621
1629
|
authorization_endpoint: s.authorization_endpoint,
|
|
1622
1630
|
end_session_endpoint: s.end_session_endpoint,
|
|
1623
1631
|
revocation_endpoint: s.revocation_endpoint,
|
|
@@ -1626,7 +1634,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1626
1634
|
check_session_iframe: s.check_session_iframe,
|
|
1627
1635
|
issuer: s.issuer
|
|
1628
1636
|
});
|
|
1629
|
-
const i = await
|
|
1637
|
+
const i = await C(this.configuration, this.configurationName) ? window.sessionStorage : null;
|
|
1630
1638
|
return await nn(this.getFetch())(
|
|
1631
1639
|
n,
|
|
1632
1640
|
this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60,
|
|
@@ -1673,7 +1681,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1673
1681
|
return this.loginCallbackPromise;
|
|
1674
1682
|
const s = async () => {
|
|
1675
1683
|
const t = await gn(this)(n), o = t.tokens;
|
|
1676
|
-
return this.tokens = o, await
|
|
1684
|
+
return this.tokens = o, await C(this.configuration, this.configurationName) || I(this.configurationName, this.configuration.storage).setTokens(o), this.publishEvent(V.eventNames.token_acquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), {
|
|
1677
1685
|
parsedTokens: o,
|
|
1678
1686
|
state: t.state,
|
|
1679
1687
|
callbackPath: t.callbackPath,
|
|
@@ -1687,13 +1695,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1687
1695
|
}
|
|
1688
1696
|
async generateDemonstrationOfProofOfPossessionAsync(n, s, t, o = {}) {
|
|
1689
1697
|
const i = this.configuration, r = {
|
|
1690
|
-
ath: await
|
|
1698
|
+
ath: await Ee(n),
|
|
1691
1699
|
...o
|
|
1692
1700
|
};
|
|
1693
|
-
if (await
|
|
1694
|
-
return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${
|
|
1695
|
-
const c =
|
|
1696
|
-
return d && (r.nonce = d), await
|
|
1701
|
+
if (await C(i, this.configurationName))
|
|
1702
|
+
return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Ae(this.configurationName)}`;
|
|
1703
|
+
const c = I(this.configurationName, i.storage), l = await c.getDemonstratingProofOfPossessionJwkAsync(), d = c.getDemonstratingProofOfPossessionNonce();
|
|
1704
|
+
return d && (r.nonce = d), await ve(window)(
|
|
1697
1705
|
i.demonstrating_proof_of_possession_configuration
|
|
1698
1706
|
)(l, t, s, r);
|
|
1699
1707
|
}
|
|
@@ -1711,7 +1719,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1711
1719
|
if (this.renewTokensPromise !== null)
|
|
1712
1720
|
return this.renewTokensPromise;
|
|
1713
1721
|
if (this.timeoutId)
|
|
1714
|
-
return U.clearTimeout(this.timeoutId), this.renewTokensPromise =
|
|
1722
|
+
return U.clearTimeout(this.timeoutId), this.renewTokensPromise = Oe(this, !0, n, s), this.renewTokensPromise.finally(() => {
|
|
1715
1723
|
this.renewTokensPromise = null;
|
|
1716
1724
|
});
|
|
1717
1725
|
}
|
|
@@ -1736,8 +1744,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1736
1744
|
}));
|
|
1737
1745
|
}
|
|
1738
1746
|
};
|
|
1739
|
-
|
|
1740
|
-
let N =
|
|
1747
|
+
V.getOrCreate = (n, s) => (t, o = "default") => Sn(n, s)(t, o), V.eventNames = k;
|
|
1748
|
+
let N = V;
|
|
1741
1749
|
const $ = class $ {
|
|
1742
1750
|
constructor(n) {
|
|
1743
1751
|
this._oidc = n;
|
|
@@ -1795,10 +1803,10 @@ const $ = class $ {
|
|
|
1795
1803
|
},
|
|
1796
1804
|
renewTokensAsync: t.renewTokensAsync.bind(t)
|
|
1797
1805
|
};
|
|
1798
|
-
return
|
|
1806
|
+
return me(o, n, s);
|
|
1799
1807
|
}
|
|
1800
1808
|
fetchWithTokens(n, s = !1) {
|
|
1801
|
-
return
|
|
1809
|
+
return Ie(n, this._oidc, s);
|
|
1802
1810
|
}
|
|
1803
1811
|
async userInfoAsync(n = !1, s = !1) {
|
|
1804
1812
|
return this._oidc.userInfoAsync(n, s);
|
|
@@ -1807,14 +1815,14 @@ const $ = class $ {
|
|
|
1807
1815
|
return this._oidc.userInfo;
|
|
1808
1816
|
}
|
|
1809
1817
|
};
|
|
1810
|
-
$.getOrCreate = (n, s = new
|
|
1811
|
-
let
|
|
1818
|
+
$.getOrCreate = (n, s = new j()) => (t, o = "default") => new $(N.getOrCreate(n, s)(t, o)), $.eventNames = N.eventNames;
|
|
1819
|
+
let ke = $;
|
|
1812
1820
|
export {
|
|
1813
|
-
|
|
1814
|
-
|
|
1815
|
-
|
|
1816
|
-
|
|
1821
|
+
ke as OidcClient,
|
|
1822
|
+
j as OidcLocation,
|
|
1823
|
+
F as TokenAutomaticRenewMode,
|
|
1824
|
+
Q as TokenRenewMode,
|
|
1817
1825
|
An as getFetchDefault,
|
|
1818
|
-
|
|
1826
|
+
se as getParseQueryStringFromLocation,
|
|
1819
1827
|
En as getPath
|
|
1820
1828
|
};
|