@axa-fr/oidc-client 7.26.8 → 7.27.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -1
- package/dist/index.js +381 -336
- package/dist/index.umd.cjs +2 -2
- package/dist/initSession.d.ts +1 -1
- package/dist/initSession.d.ts.map +1 -1
- package/dist/initSession.spec.d.ts +2 -0
- package/dist/initSession.spec.d.ts.map +1 -0
- package/dist/keepSession.d.ts.map +1 -1
- package/dist/login.d.ts.map +1 -1
- package/dist/logout.d.ts.map +1 -1
- package/dist/oidc.d.ts.map +1 -1
- package/dist/renewTokens.d.ts.map +1 -1
- package/dist/types.d.ts +1 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/initSession.spec.ts +215 -0
- package/src/initSession.ts +21 -9
- package/src/keepSession.ts +6 -2
- package/src/login.ts +16 -3
- package/src/logout.ts +5 -1
- package/src/oidc.ts +10 -2
- package/src/renewTokens.ts +20 -4
- package/src/types.ts +1 -0
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -47,7 +47,7 @@ class $e {
|
|
|
47
47
|
this._timer && (K.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
|
-
const
|
|
50
|
+
const k = {
|
|
51
51
|
service_worker_not_supported_by_browser: "service_worker_not_supported_by_browser",
|
|
52
52
|
token_acquired: "token_acquired",
|
|
53
53
|
logout_from_another_tab: "logout_from_another_tab",
|
|
@@ -76,53 +76,53 @@ const w = {
|
|
|
76
76
|
syncTokensAsync_end: "syncTokensAsync_end",
|
|
77
77
|
syncTokensAsync_error: "syncTokensAsync_error",
|
|
78
78
|
tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
|
|
79
|
-
},
|
|
80
|
-
const t = (
|
|
79
|
+
}, C = (e, n = sessionStorage, t) => {
|
|
80
|
+
const s = t ?? n, o = (w) => (n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: w }), delete n[`oidc.${e}.userInfo`], t && t !== n && (delete s[`oidc.login.${e}`], delete s[`oidc.state.${e}`], delete s[`oidc.code_verifier.${e}`], delete s[`oidc.nonce.${e}`]), Promise.resolve()), i = async () => {
|
|
81
81
|
if (!n[`oidc.${e}`])
|
|
82
82
|
return n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
|
|
83
|
-
const
|
|
84
|
-
return Promise.resolve({ tokens:
|
|
85
|
-
},
|
|
86
|
-
n[`oidc.${e}`] = JSON.stringify({ tokens:
|
|
87
|
-
},
|
|
88
|
-
n[`oidc.session_state.${e}`] =
|
|
89
|
-
},
|
|
90
|
-
|
|
91
|
-
},
|
|
92
|
-
n[`oidc.jwk.${e}`] = JSON.stringify(
|
|
93
|
-
},
|
|
94
|
-
n[`oidc.dpop_nonce.${e}`] =
|
|
95
|
-
},
|
|
83
|
+
const w = JSON.parse(n[`oidc.${e}`]);
|
|
84
|
+
return Promise.resolve({ tokens: w.tokens, status: w.status });
|
|
85
|
+
}, r = (w) => {
|
|
86
|
+
n[`oidc.${e}`] = JSON.stringify({ tokens: w });
|
|
87
|
+
}, a = async (w) => {
|
|
88
|
+
n[`oidc.session_state.${e}`] = w;
|
|
89
|
+
}, c = async () => n[`oidc.session_state.${e}`], f = (w) => {
|
|
90
|
+
s[`oidc.nonce.${e}`] = w.nonce;
|
|
91
|
+
}, u = (w) => {
|
|
92
|
+
n[`oidc.jwk.${e}`] = JSON.stringify(w);
|
|
93
|
+
}, l = () => JSON.parse(n[`oidc.jwk.${e}`]), h = async () => ({ nonce: s[`oidc.nonce.${e}`] }), _ = async (w) => {
|
|
94
|
+
n[`oidc.dpop_nonce.${e}`] = w;
|
|
95
|
+
}, m = () => n[`oidc.dpop_nonce.${e}`], p = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, g = {};
|
|
96
96
|
return {
|
|
97
|
-
clearAsync:
|
|
98
|
-
initAsync:
|
|
99
|
-
setTokens:
|
|
100
|
-
getTokens:
|
|
101
|
-
setSessionStateAsync:
|
|
102
|
-
getSessionStateAsync:
|
|
103
|
-
setNonceAsync:
|
|
104
|
-
getNonceAsync:
|
|
105
|
-
setLoginParams: (
|
|
106
|
-
|
|
97
|
+
clearAsync: o,
|
|
98
|
+
initAsync: i,
|
|
99
|
+
setTokens: r,
|
|
100
|
+
getTokens: p,
|
|
101
|
+
setSessionStateAsync: a,
|
|
102
|
+
getSessionStateAsync: c,
|
|
103
|
+
setNonceAsync: f,
|
|
104
|
+
getNonceAsync: h,
|
|
105
|
+
setLoginParams: (w) => {
|
|
106
|
+
g[e] = w, s[`oidc.login.${e}`] = JSON.stringify(w);
|
|
107
107
|
},
|
|
108
108
|
getLoginParams: () => {
|
|
109
|
-
const
|
|
110
|
-
return
|
|
109
|
+
const w = s[`oidc.login.${e}`];
|
|
110
|
+
return w ? (g[e] || (g[e] = JSON.parse(w)), g[e]) : (console.warn(
|
|
111
111
|
`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`
|
|
112
112
|
), null);
|
|
113
113
|
},
|
|
114
|
-
getStateAsync: async () =>
|
|
115
|
-
setStateAsync: async (
|
|
116
|
-
|
|
114
|
+
getStateAsync: async () => s[`oidc.state.${e}`],
|
|
115
|
+
setStateAsync: async (w) => {
|
|
116
|
+
s[`oidc.state.${e}`] = w;
|
|
117
117
|
},
|
|
118
|
-
getCodeVerifierAsync: async () =>
|
|
119
|
-
setCodeVerifierAsync: async (
|
|
120
|
-
|
|
118
|
+
getCodeVerifierAsync: async () => s[`oidc.code_verifier.${e}`],
|
|
119
|
+
setCodeVerifierAsync: async (w) => {
|
|
120
|
+
s[`oidc.code_verifier.${e}`] = w;
|
|
121
121
|
},
|
|
122
|
-
setDemonstratingProofOfPossessionNonce:
|
|
123
|
-
getDemonstratingProofOfPossessionNonce:
|
|
124
|
-
setDemonstratingProofOfPossessionJwkAsync:
|
|
125
|
-
getDemonstratingProofOfPossessionJwkAsync:
|
|
122
|
+
setDemonstratingProofOfPossessionNonce: _,
|
|
123
|
+
getDemonstratingProofOfPossessionNonce: m,
|
|
124
|
+
setDemonstratingProofOfPossessionJwkAsync: u,
|
|
125
|
+
getDemonstratingProofOfPossessionJwkAsync: l
|
|
126
126
|
};
|
|
127
127
|
};
|
|
128
128
|
var H = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(H || {});
|
|
@@ -157,13 +157,13 @@ const ue = (e, n = null, t) => {
|
|
|
157
157
|
n != null && "idToken" in n && !("idToken" in e) ? i = n.idToken : i = e.idToken;
|
|
158
158
|
const r = e.idTokenPayload ? e.idTokenPayload : ke(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, c = s && s.exp ? s.exp : e.issuedAt + o;
|
|
159
159
|
e.issuedAt = Ve(e, s, r);
|
|
160
|
-
let
|
|
161
|
-
e.expiresAt ?
|
|
160
|
+
let f;
|
|
161
|
+
e.expiresAt ? f = e.expiresAt : t === oe.access_token_invalid ? f = c : t === oe.id_token_invalid ? f = a : f = a < c ? a : c;
|
|
162
162
|
const u = {
|
|
163
163
|
...e,
|
|
164
164
|
idTokenPayload: r,
|
|
165
165
|
accessTokenPayload: s,
|
|
166
|
-
expiresAt:
|
|
166
|
+
expiresAt: f,
|
|
167
167
|
idToken: i
|
|
168
168
|
};
|
|
169
169
|
if (n != null && "refreshToken" in n && !("refreshToken" in e)) {
|
|
@@ -193,9 +193,9 @@ const ue = (e, n = null, t) => {
|
|
|
193
193
|
}, Fe = (e, n = 0) => e ? B(n, e.expiresAt) > 0 : !1, ve = async (e, n = 200, t = 50) => {
|
|
194
194
|
let s = t, o = await e.syncTokensInfoAsync();
|
|
195
195
|
for (; [
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
196
|
+
b.REQUIRE_SYNC_TOKENS,
|
|
197
|
+
b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
|
|
198
|
+
b.TOKENS_INVALID
|
|
199
199
|
].includes(o) && s > 0; ) {
|
|
200
200
|
if (e.configuration.token_automatic_renew_mode == H.AutomaticOnlyWhenFetchExecuted) {
|
|
201
201
|
await e.renewTokensAsync({});
|
|
@@ -244,7 +244,7 @@ const ue = (e, n = null, t) => {
|
|
|
244
244
|
setInterval: setInterval.bind(e),
|
|
245
245
|
clearInterval: clearInterval.bind(e)
|
|
246
246
|
};
|
|
247
|
-
})(), te = "7.
|
|
247
|
+
})(), te = "7.27.0";
|
|
248
248
|
let me = null, Z;
|
|
249
249
|
const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe = (e = "/") => {
|
|
250
250
|
try {
|
|
@@ -266,7 +266,7 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
266
266
|
if (t) return t;
|
|
267
267
|
const s = globalThis.crypto.randomUUID();
|
|
268
268
|
return sessionStorage.setItem(n, s), s;
|
|
269
|
-
}, Me = 5e3, Be = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null,
|
|
269
|
+
}, Me = 5e3, Be = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, I = (e, n) => (t) => {
|
|
270
270
|
const s = n?.timeoutMs ?? Me;
|
|
271
271
|
return new Promise((o, i) => {
|
|
272
272
|
const r = Be(e);
|
|
@@ -280,7 +280,7 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
280
280
|
}
|
|
281
281
|
const a = new MessageChannel();
|
|
282
282
|
let c = null;
|
|
283
|
-
const
|
|
283
|
+
const f = () => {
|
|
284
284
|
try {
|
|
285
285
|
c != null && ($.clearTimeout(c), c = null), a.port1.onmessage = null, a.port1.close(), a.port2.close();
|
|
286
286
|
} catch (u) {
|
|
@@ -288,11 +288,11 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
288
288
|
}
|
|
289
289
|
};
|
|
290
290
|
c = $.setTimeout(() => {
|
|
291
|
-
|
|
291
|
+
f(), i(
|
|
292
292
|
new Error(`Service worker did not respond within ${s}ms (type=${t?.type})`)
|
|
293
293
|
);
|
|
294
294
|
}, s), a.port1.onmessage = (u) => {
|
|
295
|
-
|
|
295
|
+
f(), u?.data?.error ? i(u.data.error) : o(u.data);
|
|
296
296
|
};
|
|
297
297
|
try {
|
|
298
298
|
const u = t?.configurationName;
|
|
@@ -300,7 +300,7 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
300
300
|
a.port2
|
|
301
301
|
]);
|
|
302
302
|
} catch (u) {
|
|
303
|
-
|
|
303
|
+
f(), i(u);
|
|
304
304
|
}
|
|
305
305
|
});
|
|
306
306
|
}, Je = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((n) => {
|
|
@@ -311,7 +311,7 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
311
311
|
navigator.serviceWorker.addEventListener("controllerchange", s), $.setTimeout(() => {
|
|
312
312
|
t || (t = !0, navigator.serviceWorker.removeEventListener("controllerchange", s), n(navigator.serviceWorker.controller ?? null));
|
|
313
313
|
}, e);
|
|
314
|
-
}),
|
|
314
|
+
}), x = async (e, n) => {
|
|
315
315
|
const t = e.service_worker_relative_url;
|
|
316
316
|
if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !t || e.service_worker_activate() === !1)
|
|
317
317
|
return null;
|
|
@@ -323,7 +323,7 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
323
323
|
const i = `oidc.sw.version_mismatch_reload.${n}`, r = async () => {
|
|
324
324
|
X(), console.log("New SW waiting – SKIP_WAITING");
|
|
325
325
|
try {
|
|
326
|
-
await
|
|
326
|
+
await I(o, { timeoutMs: 8e3 })({
|
|
327
327
|
type: "SKIP_WAITING",
|
|
328
328
|
configurationName: n,
|
|
329
329
|
data: null
|
|
@@ -355,7 +355,7 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
355
355
|
console.log("SW controller changed – reloading page"), X(), window.location.reload();
|
|
356
356
|
});
|
|
357
357
|
try {
|
|
358
|
-
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await
|
|
358
|
+
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await I(o, { timeoutMs: 8e3 })({
|
|
359
359
|
type: "claim",
|
|
360
360
|
configurationName: n,
|
|
361
361
|
data: null
|
|
@@ -363,19 +363,19 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
363
363
|
} catch (d) {
|
|
364
364
|
return console.warn(`Failed init ServiceWorker ${d?.toString?.() ?? String(d)}`), null;
|
|
365
365
|
}
|
|
366
|
-
const
|
|
367
|
-
const
|
|
366
|
+
const f = async (d) => I(o)({ type: "clear", data: { status: d }, configurationName: n }), u = async (d, D, E) => {
|
|
367
|
+
const P = await I(o)({
|
|
368
368
|
type: "init",
|
|
369
369
|
data: {
|
|
370
370
|
oidcServerConfiguration: d,
|
|
371
371
|
where: D,
|
|
372
372
|
oidcConfiguration: {
|
|
373
|
-
token_renew_mode:
|
|
374
|
-
service_worker_convert_all_requests_to_cors:
|
|
373
|
+
token_renew_mode: E.token_renew_mode,
|
|
374
|
+
service_worker_convert_all_requests_to_cors: E.service_worker_convert_all_requests_to_cors
|
|
375
375
|
}
|
|
376
376
|
},
|
|
377
377
|
configurationName: n
|
|
378
|
-
}), q =
|
|
378
|
+
}), q = P.version;
|
|
379
379
|
if (q !== te) {
|
|
380
380
|
console.warn(
|
|
381
381
|
`Service worker ${q} version mismatch with js client version ${te}, unregistering and reloading`
|
|
@@ -388,8 +388,8 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
388
388
|
X();
|
|
389
389
|
try {
|
|
390
390
|
await o.update();
|
|
391
|
-
} catch (
|
|
392
|
-
console.error(
|
|
391
|
+
} catch (he) {
|
|
392
|
+
console.error(he);
|
|
393
393
|
}
|
|
394
394
|
const Y = await o.unregister();
|
|
395
395
|
console.log(`Service worker unregistering ${Y}`), await ne({ milliseconds: 2e3 }), window.location.reload();
|
|
@@ -401,100 +401,100 @@ const ne = ({ milliseconds: e }) => new Promise((n) => $.setTimeout(n, e)), Oe =
|
|
|
401
401
|
} else
|
|
402
402
|
sessionStorage.removeItem(i);
|
|
403
403
|
return {
|
|
404
|
-
tokens: _e(
|
|
405
|
-
status:
|
|
404
|
+
tokens: _e(P.tokens, null, E.token_renew_mode),
|
|
405
|
+
status: P.status
|
|
406
406
|
};
|
|
407
407
|
}, l = (d = "/") => {
|
|
408
408
|
me == null && (me = "not_null", Oe(d));
|
|
409
|
-
}, h = (d) =>
|
|
409
|
+
}, h = (d) => I(o)({
|
|
410
410
|
type: "setSessionState",
|
|
411
411
|
data: { sessionState: d },
|
|
412
412
|
configurationName: n
|
|
413
|
-
}),
|
|
413
|
+
}), _ = async () => (await I(o)({
|
|
414
414
|
type: "getSessionState",
|
|
415
415
|
data: null,
|
|
416
416
|
configurationName: n
|
|
417
|
-
})).sessionState, m = (d) => (sessionStorage[`oidc.nonce.${n}`] = d.nonce,
|
|
417
|
+
})).sessionState, m = (d) => (sessionStorage[`oidc.nonce.${n}`] = d.nonce, I(o)({
|
|
418
418
|
type: "setNonce",
|
|
419
419
|
data: { nonce: d },
|
|
420
420
|
configurationName: n
|
|
421
421
|
})), p = async (d = !0) => {
|
|
422
|
-
let
|
|
422
|
+
let E = (await I(o)({
|
|
423
423
|
type: "getNonce",
|
|
424
424
|
data: null,
|
|
425
425
|
configurationName: n
|
|
426
426
|
})).nonce;
|
|
427
|
-
return
|
|
428
|
-
}, g = {},
|
|
427
|
+
return E || (E = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage"), d && (await m(E), E = (await p(!1)).nonce)), { nonce: E };
|
|
428
|
+
}, g = {}, y = (d) => {
|
|
429
429
|
g[n] = d, localStorage[`oidc.login.${n}`] = JSON.stringify(d);
|
|
430
430
|
}, A = () => {
|
|
431
431
|
const d = localStorage[`oidc.login.${n}`];
|
|
432
432
|
return g[n] || (g[n] = JSON.parse(d)), g[n];
|
|
433
433
|
}, S = async (d) => {
|
|
434
|
-
await
|
|
434
|
+
await I(o)({
|
|
435
435
|
type: "setDemonstratingProofOfPossessionNonce",
|
|
436
436
|
data: { demonstratingProofOfPossessionNonce: d },
|
|
437
437
|
configurationName: n
|
|
438
438
|
});
|
|
439
|
-
},
|
|
439
|
+
}, O = async () => (await I(o)({
|
|
440
440
|
type: "getDemonstratingProofOfPossessionNonce",
|
|
441
441
|
data: null,
|
|
442
442
|
configurationName: n
|
|
443
|
-
})).demonstratingProofOfPossessionNonce,
|
|
443
|
+
})).demonstratingProofOfPossessionNonce, T = async (d) => {
|
|
444
444
|
const D = JSON.stringify(d);
|
|
445
|
-
await
|
|
445
|
+
await I(o)({
|
|
446
446
|
type: "setDemonstratingProofOfPossessionJwk",
|
|
447
447
|
data: { demonstratingProofOfPossessionJwkJson: D },
|
|
448
448
|
configurationName: n
|
|
449
449
|
});
|
|
450
|
-
},
|
|
451
|
-
const d = await
|
|
450
|
+
}, N = async () => {
|
|
451
|
+
const d = await I(o)({
|
|
452
452
|
type: "getDemonstratingProofOfPossessionJwk",
|
|
453
453
|
data: null,
|
|
454
454
|
configurationName: n
|
|
455
455
|
});
|
|
456
456
|
return d.demonstratingProofOfPossessionJwkJson ? JSON.parse(d.demonstratingProofOfPossessionJwkJson) : null;
|
|
457
|
-
},
|
|
458
|
-
let
|
|
457
|
+
}, w = async (d = !0) => {
|
|
458
|
+
let E = (await I(o)({
|
|
459
459
|
type: "getState",
|
|
460
460
|
data: null,
|
|
461
461
|
configurationName: n
|
|
462
462
|
})).state;
|
|
463
|
-
return
|
|
464
|
-
}, F = async (d) => (sessionStorage[`oidc.state.${n}`] = d,
|
|
463
|
+
return E || (E = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage"), d && (await F(E), E = await w(!1))), E;
|
|
464
|
+
}, F = async (d) => (sessionStorage[`oidc.state.${n}`] = d, I(o)({
|
|
465
465
|
type: "setState",
|
|
466
466
|
data: { state: d },
|
|
467
467
|
configurationName: n
|
|
468
468
|
})), L = async (d = !0) => {
|
|
469
|
-
let
|
|
469
|
+
let E = (await I(o)({
|
|
470
470
|
type: "getCodeVerifier",
|
|
471
471
|
data: null,
|
|
472
472
|
configurationName: n
|
|
473
473
|
})).codeVerifier;
|
|
474
|
-
return
|
|
475
|
-
},
|
|
474
|
+
return E || (E = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), d && (await v(E), E = await L(!1))), E;
|
|
475
|
+
}, v = async (d) => (sessionStorage[`oidc.code_verifier.${n}`] = d, I(o)({
|
|
476
476
|
type: "setCodeVerifier",
|
|
477
477
|
data: { codeVerifier: d },
|
|
478
478
|
configurationName: n
|
|
479
479
|
}));
|
|
480
480
|
return {
|
|
481
|
-
clearAsync:
|
|
481
|
+
clearAsync: f,
|
|
482
482
|
initAsync: u,
|
|
483
483
|
startKeepAliveServiceWorker: () => l(e.service_worker_keep_alive_path),
|
|
484
484
|
setSessionStateAsync: h,
|
|
485
|
-
getSessionStateAsync:
|
|
485
|
+
getSessionStateAsync: _,
|
|
486
486
|
setNonceAsync: m,
|
|
487
487
|
getNonceAsync: p,
|
|
488
|
-
setLoginParams:
|
|
488
|
+
setLoginParams: y,
|
|
489
489
|
getLoginParams: A,
|
|
490
|
-
getStateAsync:
|
|
490
|
+
getStateAsync: w,
|
|
491
491
|
setStateAsync: F,
|
|
492
492
|
getCodeVerifierAsync: L,
|
|
493
|
-
setCodeVerifierAsync:
|
|
493
|
+
setCodeVerifierAsync: v,
|
|
494
494
|
setDemonstratingProofOfPossessionNonce: S,
|
|
495
|
-
getDemonstratingProofOfPossessionNonce:
|
|
496
|
-
setDemonstratingProofOfPossessionJwkAsync:
|
|
497
|
-
getDemonstratingProofOfPossessionJwkAsync:
|
|
495
|
+
getDemonstratingProofOfPossessionNonce: O,
|
|
496
|
+
setDemonstratingProofOfPossessionJwkAsync: T,
|
|
497
|
+
getDemonstratingProofOfPossessionJwkAsync: N
|
|
498
498
|
};
|
|
499
499
|
}, U = {}, He = (e, n = window.sessionStorage, t) => {
|
|
500
500
|
if (!U[e] && n) {
|
|
@@ -558,8 +558,8 @@ const qe = {
|
|
|
558
558
|
// @ts-ignore
|
|
559
559
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
560
560
|
payload: we(JSON.stringify(s))
|
|
561
|
-
}, a = o.importKeyAlgorithm, c = !0,
|
|
562
|
-
return r.signature = fe(new Uint8Array(
|
|
561
|
+
}, a = o.importKeyAlgorithm, c = !0, f = ["sign"], u = await e.crypto.subtle.importKey("jwk", n, a, c, f), l = Pe(`${r.protected}.${r.payload}`), h = o.signAlgorithm, _ = await e.crypto.subtle.sign(h, u, l);
|
|
562
|
+
return r.signature = fe(new Uint8Array(_)), `${r.protected}.${r.payload}.${r.signature}`;
|
|
563
563
|
}, Xe = { sign: Ye }, ze = (e) => async (n) => {
|
|
564
564
|
const t = n, s = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(t, s, o);
|
|
565
565
|
return await e.crypto.subtle.exportKey("jwk", i.privateKey);
|
|
@@ -652,8 +652,8 @@ const an = (e) => {
|
|
|
652
652
|
const c = await j(e)(i, {}, o);
|
|
653
653
|
if (c.status !== 200)
|
|
654
654
|
return null;
|
|
655
|
-
const
|
|
656
|
-
return Ge(r,
|
|
655
|
+
const f = await c.json();
|
|
656
|
+
return Ge(r, f, s), new le(f);
|
|
657
657
|
}, j = (e) => async (n, t = {}, s = 1e4, o = 0) => {
|
|
658
658
|
let i;
|
|
659
659
|
try {
|
|
@@ -681,10 +681,10 @@ const an = (e) => {
|
|
|
681
681
|
a[l] === void 0 && (a[l] = h);
|
|
682
682
|
const c = [];
|
|
683
683
|
for (const l in a) {
|
|
684
|
-
const h = encodeURIComponent(l),
|
|
685
|
-
c.push(`${h}=${
|
|
684
|
+
const h = encodeURIComponent(l), _ = encodeURIComponent(a[l]);
|
|
685
|
+
c.push(`${h}=${_}`);
|
|
686
686
|
}
|
|
687
|
-
const
|
|
687
|
+
const f = c.join("&");
|
|
688
688
|
return (await j(e)(
|
|
689
689
|
n,
|
|
690
690
|
{
|
|
@@ -692,21 +692,21 @@ const an = (e) => {
|
|
|
692
692
|
headers: {
|
|
693
693
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
|
|
694
694
|
},
|
|
695
|
-
body:
|
|
695
|
+
body: f
|
|
696
696
|
},
|
|
697
697
|
r
|
|
698
698
|
)).status !== 200 ? { success: !1 } : {
|
|
699
699
|
success: !0
|
|
700
700
|
};
|
|
701
701
|
}, un = (e) => async (n, t, s, o, i = {}, r, a = 1e4) => {
|
|
702
|
-
for (const [
|
|
703
|
-
t[
|
|
702
|
+
for (const [_, m] of Object.entries(s))
|
|
703
|
+
t[_] === void 0 && (t[_] = m);
|
|
704
704
|
const c = [];
|
|
705
|
-
for (const
|
|
706
|
-
const m = encodeURIComponent(
|
|
705
|
+
for (const _ in t) {
|
|
706
|
+
const m = encodeURIComponent(_), p = encodeURIComponent(t[_]);
|
|
707
707
|
c.push(`${m}=${p}`);
|
|
708
708
|
}
|
|
709
|
-
const
|
|
709
|
+
const f = c.join("&"), u = await j(e)(
|
|
710
710
|
n,
|
|
711
711
|
{
|
|
712
712
|
method: "POST",
|
|
@@ -714,7 +714,7 @@ const an = (e) => {
|
|
|
714
714
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
715
715
|
...i
|
|
716
716
|
},
|
|
717
|
-
body:
|
|
717
|
+
body: f
|
|
718
718
|
},
|
|
719
719
|
a
|
|
720
720
|
);
|
|
@@ -747,8 +747,8 @@ const an = (e) => {
|
|
|
747
747
|
t = t ? { ...t } : {}, t.code_verifier = await e.getCodeVerifierAsync();
|
|
748
748
|
const r = [];
|
|
749
749
|
for (const l in t) {
|
|
750
|
-
const h = encodeURIComponent(l),
|
|
751
|
-
r.push(`${h}=${
|
|
750
|
+
const h = encodeURIComponent(l), _ = encodeURIComponent(t[l]);
|
|
751
|
+
r.push(`${h}=${_}`);
|
|
752
752
|
}
|
|
753
753
|
const a = r.join("&"), c = await j(fetch)(
|
|
754
754
|
n,
|
|
@@ -764,8 +764,8 @@ const an = (e) => {
|
|
|
764
764
|
);
|
|
765
765
|
if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), c.status !== 200)
|
|
766
766
|
return { success: !1, status: c.status };
|
|
767
|
-
let
|
|
768
|
-
c.headers.has(ee) && (
|
|
767
|
+
let f = null;
|
|
768
|
+
c.headers.has(ee) && (f = c.headers.get(
|
|
769
769
|
ee
|
|
770
770
|
));
|
|
771
771
|
const u = await c.json();
|
|
@@ -774,7 +774,7 @@ const an = (e) => {
|
|
|
774
774
|
data: {
|
|
775
775
|
state: t.state,
|
|
776
776
|
tokens: _e(u, null, o),
|
|
777
|
-
demonstratingProofOfPossessionNonce:
|
|
777
|
+
demonstratingProofOfPossessionNonce: f
|
|
778
778
|
}
|
|
779
779
|
};
|
|
780
780
|
};
|
|
@@ -789,12 +789,16 @@ async function Ae(e, n, t, s = null) {
|
|
|
789
789
|
t,
|
|
790
790
|
s
|
|
791
791
|
);
|
|
792
|
-
return await
|
|
792
|
+
return await x(e.configuration, e.configurationName) || C(
|
|
793
|
+
e.configurationName,
|
|
794
|
+
e.configuration.storage,
|
|
795
|
+
e.configuration.login_state_storage ?? e.configuration.storage
|
|
796
|
+
).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(r), null);
|
|
793
797
|
}
|
|
794
798
|
async function We(e, n = !1, t = null, s = null) {
|
|
795
799
|
const o = e.configuration, i = `${o.client_id}_${e.configurationName}_${o.authority}`;
|
|
796
800
|
let r;
|
|
797
|
-
const a = await
|
|
801
|
+
const a = await x(e.configuration, e.configurationName);
|
|
798
802
|
if (o?.storage === window?.sessionStorage && !a || !navigator.locks)
|
|
799
803
|
r = await Ae(e, n, t, s);
|
|
800
804
|
else {
|
|
@@ -803,7 +807,7 @@ async function We(e, n = !1, t = null, s = null) {
|
|
|
803
807
|
c = await navigator.locks.request(
|
|
804
808
|
i,
|
|
805
809
|
{ ifAvailable: !0 },
|
|
806
|
-
async (
|
|
810
|
+
async (f) => f ? await Ae(e, n, t, s) : (e.publishEvent(W.eventNames.syncTokensAsync_lock_not_available, {
|
|
807
811
|
lock: "lock not available"
|
|
808
812
|
}), "retry")
|
|
809
813
|
);
|
|
@@ -817,7 +821,7 @@ const G = (e, n, t = null, s = null) => {
|
|
|
817
821
|
const r = { timeLeft: B(o, n) };
|
|
818
822
|
e.publishEvent(W.eventNames.token_timer, r), await We(e, !1, t, s);
|
|
819
823
|
}, 1e3);
|
|
820
|
-
},
|
|
824
|
+
}, b = {
|
|
821
825
|
FORCE_REFRESH: "FORCE_REFRESH",
|
|
822
826
|
SESSION_LOST: "SESSION_LOST",
|
|
823
827
|
NOT_CONNECTED: "NOT_CONNECTED",
|
|
@@ -830,12 +834,12 @@ const G = (e, n, t = null, s = null) => {
|
|
|
830
834
|
}, de = (e) => async (n, t, s, o = !1) => {
|
|
831
835
|
const i = { nonce: null };
|
|
832
836
|
if (!s)
|
|
833
|
-
return { tokens: null, status:
|
|
837
|
+
return { tokens: null, status: b.NOT_CONNECTED, nonce: i };
|
|
834
838
|
let r = i;
|
|
835
839
|
const a = await e.initAsync(
|
|
836
840
|
n.authority,
|
|
837
841
|
n.authority_configuration
|
|
838
|
-
), c = await
|
|
842
|
+
), c = await x(n, t);
|
|
839
843
|
if (c) {
|
|
840
844
|
const { status: l, tokens: h } = await c.initAsync(
|
|
841
845
|
a,
|
|
@@ -845,42 +849,46 @@ const G = (e, n, t = null, s = null) => {
|
|
|
845
849
|
if (l === "LOGGED_OUT")
|
|
846
850
|
return {
|
|
847
851
|
tokens: null,
|
|
848
|
-
status:
|
|
852
|
+
status: b.LOGOUT_FROM_ANOTHER_TAB,
|
|
849
853
|
nonce: i
|
|
850
854
|
};
|
|
851
855
|
if (l === "SESSIONS_LOST")
|
|
852
|
-
return { tokens: null, status:
|
|
856
|
+
return { tokens: null, status: b.SESSION_LOST, nonce: i };
|
|
853
857
|
if (!l || !h)
|
|
854
858
|
return {
|
|
855
859
|
tokens: null,
|
|
856
|
-
status:
|
|
860
|
+
status: b.REQUIRE_SYNC_TOKENS,
|
|
857
861
|
nonce: i
|
|
858
862
|
};
|
|
859
863
|
if (h.issuedAt !== s.issuedAt) {
|
|
860
864
|
const m = B(
|
|
861
865
|
n.refresh_time_before_tokens_expiration_in_second,
|
|
862
866
|
h.expiresAt
|
|
863
|
-
) > 0 ?
|
|
867
|
+
) > 0 ? b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, p = await c.getNonceAsync();
|
|
864
868
|
return { tokens: h, status: m, nonce: p };
|
|
865
869
|
}
|
|
866
870
|
r = await c.getNonceAsync();
|
|
867
871
|
} else {
|
|
868
|
-
const l =
|
|
869
|
-
|
|
872
|
+
const l = C(
|
|
873
|
+
t,
|
|
874
|
+
n.storage ?? sessionStorage,
|
|
875
|
+
n.login_state_storage ?? n.storage ?? sessionStorage
|
|
876
|
+
), h = await l.initAsync();
|
|
877
|
+
let { tokens: _ } = h;
|
|
870
878
|
const { status: m } = h;
|
|
871
|
-
if (
|
|
879
|
+
if (_ && (_ = ue(_, e.tokens, n.token_renew_mode)), _) {
|
|
872
880
|
if (m === "SESSIONS_LOST")
|
|
873
|
-
return { tokens: null, status:
|
|
874
|
-
if (
|
|
881
|
+
return { tokens: null, status: b.SESSION_LOST, nonce: i };
|
|
882
|
+
if (_.issuedAt !== s.issuedAt) {
|
|
875
883
|
const g = B(
|
|
876
884
|
n.refresh_time_before_tokens_expiration_in_second,
|
|
877
|
-
|
|
878
|
-
) > 0 ?
|
|
879
|
-
return { tokens:
|
|
885
|
+
_.expiresAt
|
|
886
|
+
) > 0 ? b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, y = await l.getNonceAsync();
|
|
887
|
+
return { tokens: _, status: g, nonce: y };
|
|
880
888
|
}
|
|
881
889
|
} else return {
|
|
882
890
|
tokens: null,
|
|
883
|
-
status:
|
|
891
|
+
status: b.LOGOUT_FROM_ANOTHER_TAB,
|
|
884
892
|
nonce: i
|
|
885
893
|
};
|
|
886
894
|
r = await l.getNonceAsync();
|
|
@@ -894,40 +902,44 @@ const G = (e, n, t = null, s = null) => {
|
|
|
894
902
|
if (!navigator.onLine && document.hidden)
|
|
895
903
|
return { tokens: e.tokens, status: "GIVE_UP" };
|
|
896
904
|
let a = 6;
|
|
897
|
-
const c = o ? 2 : 5,
|
|
905
|
+
const c = o ? 2 : 5, f = 5;
|
|
898
906
|
for (; !navigator.onLine && a > 0; )
|
|
899
|
-
await ne({ milliseconds: 1e3 }), a--, e.publishEvent(
|
|
907
|
+
await ne({ milliseconds: 1e3 }), a--, e.publishEvent(k.refreshTokensAsync, {
|
|
900
908
|
message: `wait because navigator is offline try ${a}`
|
|
901
909
|
});
|
|
902
910
|
const u = document.hidden, l = u ? t : t + 1, h = u ? s + 1 : s;
|
|
903
|
-
if (t >= c || s >=
|
|
904
|
-
return n(null), e.publishEvent(
|
|
911
|
+
if (t >= c || s >= f)
|
|
912
|
+
return n(null), e.publishEvent(k.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
|
|
905
913
|
i || (i = {});
|
|
906
|
-
const
|
|
914
|
+
const _ = e.configuration, m = (g, y = null, A = null) => ge(
|
|
907
915
|
e.configurationName,
|
|
908
916
|
e.configuration,
|
|
909
917
|
e.publishEvent.bind(e)
|
|
910
|
-
)(g,
|
|
918
|
+
)(g, y, A), p = async () => {
|
|
911
919
|
try {
|
|
912
920
|
let g;
|
|
913
|
-
const
|
|
914
|
-
|
|
921
|
+
const y = await x(_, e.configurationName);
|
|
922
|
+
y ? g = y.getLoginParams() : g = C(
|
|
923
|
+
e.configurationName,
|
|
924
|
+
_.storage,
|
|
925
|
+
_.login_state_storage ?? _.storage
|
|
926
|
+
).getLoginParams();
|
|
915
927
|
const A = {};
|
|
916
928
|
if (g && g.extras)
|
|
917
|
-
for (const [
|
|
918
|
-
|
|
929
|
+
for (const [O, T] of Object.entries(g.extras))
|
|
930
|
+
T != null && (A[O] = T);
|
|
919
931
|
if (i)
|
|
920
|
-
for (const [
|
|
921
|
-
|
|
932
|
+
for (const [O, T] of Object.entries(i))
|
|
933
|
+
T != null && (A[O] = T);
|
|
922
934
|
A.prompt = "none", r && (A.scope = r);
|
|
923
935
|
const S = await m(A);
|
|
924
|
-
return S ? S.error ? (n(null), e.publishEvent(
|
|
936
|
+
return S ? S.error ? (n(null), e.publishEvent(k.refreshTokensAsync_error, {
|
|
925
937
|
message: "refresh token silent"
|
|
926
|
-
}), { tokens: null, status: "SESSION_LOST" }) : (n(S.tokens), e.publishEvent(W.eventNames.token_renewed, {}), { tokens: S.tokens, status: "LOGGED" }) : (n(null), e.publishEvent(
|
|
938
|
+
}), { tokens: null, status: "SESSION_LOST" }) : (n(S.tokens), e.publishEvent(W.eventNames.token_renewed, {}), { tokens: S.tokens, status: "LOGGED" }) : (n(null), e.publishEvent(k.refreshTokensAsync_error, {
|
|
927
939
|
message: "refresh token silent not active"
|
|
928
940
|
}), { tokens: null, status: "SESSION_LOST" });
|
|
929
941
|
} catch (g) {
|
|
930
|
-
return console.error(g), e.publishEvent(
|
|
942
|
+
return console.error(g), e.publishEvent(k.refreshTokensAsync_silent_error, {
|
|
931
943
|
message: "exceptionSilent",
|
|
932
944
|
exception: g.message
|
|
933
945
|
}), await z(e)(
|
|
@@ -941,95 +953,99 @@ const G = (e, n, t = null, s = null) => {
|
|
|
941
953
|
}
|
|
942
954
|
};
|
|
943
955
|
try {
|
|
944
|
-
const { status: g, tokens:
|
|
945
|
-
|
|
956
|
+
const { status: g, tokens: y, nonce: A } = await de(e)(
|
|
957
|
+
_,
|
|
946
958
|
e.configurationName,
|
|
947
959
|
e.tokens,
|
|
948
960
|
o
|
|
949
961
|
);
|
|
950
962
|
switch (g) {
|
|
951
|
-
case
|
|
952
|
-
return n(null), e.publishEvent(
|
|
963
|
+
case b.SESSION_LOST:
|
|
964
|
+
return n(null), e.publishEvent(k.refreshTokensAsync_error, {
|
|
953
965
|
message: "refresh token session lost"
|
|
954
966
|
}), { tokens: null, status: "SESSION_LOST" };
|
|
955
|
-
case
|
|
967
|
+
case b.NOT_CONNECTED:
|
|
956
968
|
return n(null), { tokens: null, status: null };
|
|
957
|
-
case
|
|
958
|
-
return n(
|
|
959
|
-
case
|
|
960
|
-
return n(
|
|
969
|
+
case b.TOKENS_VALID:
|
|
970
|
+
return n(y), { tokens: y, status: "LOGGED_IN" };
|
|
971
|
+
case b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
|
|
972
|
+
return n(y), e.publishEvent(W.eventNames.token_renewed, {
|
|
961
973
|
reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"
|
|
962
|
-
}), { tokens:
|
|
963
|
-
case
|
|
964
|
-
return n(null), e.publishEvent(
|
|
974
|
+
}), { tokens: y, status: "LOGGED_IN" };
|
|
975
|
+
case b.LOGOUT_FROM_ANOTHER_TAB:
|
|
976
|
+
return n(null), e.publishEvent(k.logout_from_another_tab, {
|
|
965
977
|
status: "session syncTokensAsync"
|
|
966
978
|
}), { tokens: null, status: "LOGGED_OUT" };
|
|
967
|
-
case
|
|
968
|
-
return
|
|
979
|
+
case b.REQUIRE_SYNC_TOKENS:
|
|
980
|
+
return _.token_automatic_renew_mode == H.AutomaticOnlyWhenFetchExecuted && !o ? (e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(k.refreshTokensAsync_begin, { tryNumber: t }), await p());
|
|
969
981
|
default: {
|
|
970
|
-
if (
|
|
971
|
-
return e.publishEvent(
|
|
972
|
-
if (e.publishEvent(
|
|
973
|
-
refreshToken:
|
|
982
|
+
if (_.token_automatic_renew_mode == H.AutomaticOnlyWhenFetchExecuted && b.FORCE_REFRESH !== g)
|
|
983
|
+
return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
|
|
984
|
+
if (e.publishEvent(k.refreshTokensAsync_begin, {
|
|
985
|
+
refreshToken: y.refreshToken,
|
|
974
986
|
status: g,
|
|
975
987
|
tryNumber: t,
|
|
976
988
|
backgroundTry: s
|
|
977
|
-
}), !
|
|
989
|
+
}), !y.refreshToken)
|
|
978
990
|
return await p();
|
|
979
|
-
const S =
|
|
980
|
-
for (const [L,
|
|
981
|
-
L.endsWith(":token_request") && (
|
|
991
|
+
const S = _.client_id, O = _.redirect_uri, T = _.authority, w = { ..._.token_request_extras ? _.token_request_extras : {} };
|
|
992
|
+
for (const [L, v] of Object.entries(i))
|
|
993
|
+
L.endsWith(":token_request") && (w[L.replace(":token_request", "")] = v);
|
|
982
994
|
return await (async () => {
|
|
983
995
|
const L = {
|
|
984
996
|
client_id: S,
|
|
985
|
-
redirect_uri:
|
|
997
|
+
redirect_uri: O,
|
|
986
998
|
grant_type: "refresh_token",
|
|
987
|
-
refresh_token:
|
|
988
|
-
},
|
|
989
|
-
|
|
990
|
-
|
|
991
|
-
), d = document.hidden ? 1e4 : 3e4 * 10, D =
|
|
992
|
-
|
|
993
|
-
|
|
999
|
+
refresh_token: y.refreshToken
|
|
1000
|
+
}, v = await e.initAsync(
|
|
1001
|
+
T,
|
|
1002
|
+
_.authority_configuration
|
|
1003
|
+
), d = document.hidden ? 1e4 : 3e4 * 10, D = v.tokenEndpoint, E = {};
|
|
1004
|
+
_.demonstrating_proof_of_possession && (E.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(
|
|
1005
|
+
y.accessToken,
|
|
994
1006
|
D,
|
|
995
1007
|
"POST"
|
|
996
1008
|
));
|
|
997
|
-
const
|
|
1009
|
+
const P = await un(e.getFetch())(
|
|
998
1010
|
D,
|
|
999
1011
|
L,
|
|
1000
|
-
|
|
1001
|
-
|
|
1002
|
-
|
|
1003
|
-
|
|
1012
|
+
w,
|
|
1013
|
+
y,
|
|
1014
|
+
E,
|
|
1015
|
+
_.token_renew_mode,
|
|
1004
1016
|
d
|
|
1005
1017
|
);
|
|
1006
|
-
if (
|
|
1018
|
+
if (P.success) {
|
|
1007
1019
|
const { isValid: q, reason: M } = Ee(
|
|
1008
|
-
|
|
1020
|
+
P.data,
|
|
1009
1021
|
A.nonce,
|
|
1010
|
-
|
|
1022
|
+
v
|
|
1011
1023
|
);
|
|
1012
1024
|
if (!q)
|
|
1013
|
-
return n(null), e.publishEvent(
|
|
1025
|
+
return n(null), e.publishEvent(k.refreshTokensAsync_error, {
|
|
1014
1026
|
message: `refresh token return not valid tokens, reason: ${M}`
|
|
1015
1027
|
}), { tokens: null, status: "SESSION_LOST" };
|
|
1016
|
-
if (n(
|
|
1017
|
-
const Y = await
|
|
1028
|
+
if (n(P.data), P.demonstratingProofOfPossessionNonce) {
|
|
1029
|
+
const Y = await x(_, e.configurationName);
|
|
1018
1030
|
Y ? await Y.setDemonstratingProofOfPossessionNonce(
|
|
1019
|
-
|
|
1020
|
-
) : await
|
|
1021
|
-
|
|
1031
|
+
P.demonstratingProofOfPossessionNonce
|
|
1032
|
+
) : await C(
|
|
1033
|
+
e.configurationName,
|
|
1034
|
+
_.storage,
|
|
1035
|
+
_.login_state_storage ?? _.storage
|
|
1036
|
+
).setDemonstratingProofOfPossessionNonce(
|
|
1037
|
+
P.demonstratingProofOfPossessionNonce
|
|
1022
1038
|
);
|
|
1023
1039
|
}
|
|
1024
|
-
return e.publishEvent(
|
|
1025
|
-
success:
|
|
1026
|
-
}), e.publishEvent(W.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens:
|
|
1040
|
+
return e.publishEvent(k.refreshTokensAsync_end, {
|
|
1041
|
+
success: P.success
|
|
1042
|
+
}), e.publishEvent(W.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: P.data, status: "LOGGED_IN" };
|
|
1027
1043
|
} else
|
|
1028
|
-
return e.publishEvent(
|
|
1044
|
+
return e.publishEvent(k.refreshTokensAsync_silent_error, {
|
|
1029
1045
|
message: "bad request",
|
|
1030
|
-
tokenResponse:
|
|
1031
|
-
}),
|
|
1032
|
-
message: `session lost: ${
|
|
1046
|
+
tokenResponse: P
|
|
1047
|
+
}), P.status >= 400 && P.status < 500 ? (n(null), e.publishEvent(k.refreshTokensAsync_error, {
|
|
1048
|
+
message: `session lost: ${P.status}`
|
|
1033
1049
|
}), { tokens: null, status: "SESSION_LOST" }) : await z(e)(
|
|
1034
1050
|
n,
|
|
1035
1051
|
l,
|
|
@@ -1042,10 +1058,10 @@ const G = (e, n, t = null, s = null) => {
|
|
|
1042
1058
|
}
|
|
1043
1059
|
}
|
|
1044
1060
|
} catch (g) {
|
|
1045
|
-
return console.error(g), e.publishEvent(
|
|
1061
|
+
return console.error(g), e.publishEvent(k.refreshTokensAsync_silent_error, {
|
|
1046
1062
|
message: "exception",
|
|
1047
1063
|
exception: g.message
|
|
1048
|
-
}), new Promise((
|
|
1064
|
+
}), new Promise((y, A) => {
|
|
1049
1065
|
setTimeout(() => {
|
|
1050
1066
|
z(e)(
|
|
1051
1067
|
n,
|
|
@@ -1054,37 +1070,37 @@ const G = (e, n, t = null, s = null) => {
|
|
|
1054
1070
|
o,
|
|
1055
1071
|
i,
|
|
1056
1072
|
r
|
|
1057
|
-
).then(
|
|
1073
|
+
).then(y).catch(A);
|
|
1058
1074
|
}, 1e3);
|
|
1059
1075
|
});
|
|
1060
1076
|
}
|
|
1061
|
-
},
|
|
1077
|
+
}, ge = (e, n, t) => (s = null, o = null, i = null) => {
|
|
1062
1078
|
if (!n.silent_redirect_uri || !n.silent_login_uri)
|
|
1063
1079
|
return Promise.resolve(null);
|
|
1064
1080
|
try {
|
|
1065
|
-
t(
|
|
1081
|
+
t(k.silentLoginAsync_begin, {});
|
|
1066
1082
|
let r = "";
|
|
1067
1083
|
if (o && (s == null && (s = {}), s.state = o), i != null && (s == null && (s = {}), s.scope = i), s != null)
|
|
1068
1084
|
for (const [l, h] of Object.entries(s))
|
|
1069
1085
|
h != null && (r === "" ? r = `?${encodeURIComponent(l)}=${encodeURIComponent(h)}` : r += `&${encodeURIComponent(l)}=${encodeURIComponent(h)}`);
|
|
1070
|
-
const a = n.silent_login_uri + r, c = a.indexOf("/", a.indexOf("//") + 2),
|
|
1086
|
+
const a = n.silent_login_uri + r, c = a.indexOf("/", a.indexOf("//") + 2), f = a.substring(0, c), u = document.createElement("iframe");
|
|
1071
1087
|
return u.width = "0px", u.height = "0px", u.id = `${e}_oidc_iframe`, u.setAttribute("src", a), u.style.display = "none", document.body.appendChild(u), new Promise((l, h) => {
|
|
1072
|
-
let
|
|
1088
|
+
let _ = !1;
|
|
1073
1089
|
const m = () => {
|
|
1074
|
-
window.removeEventListener("message", p), u.remove(),
|
|
1090
|
+
window.removeEventListener("message", p), u.remove(), _ = !0;
|
|
1075
1091
|
}, p = (g) => {
|
|
1076
|
-
if (g.origin ===
|
|
1077
|
-
const
|
|
1078
|
-
if (
|
|
1079
|
-
if (
|
|
1080
|
-
const
|
|
1081
|
-
t(
|
|
1082
|
-
} else if (
|
|
1083
|
-
const
|
|
1084
|
-
t(
|
|
1085
|
-
} else if (
|
|
1086
|
-
const
|
|
1087
|
-
t(
|
|
1092
|
+
if (g.origin === f && g.source === u.contentWindow) {
|
|
1093
|
+
const y = `${e}_oidc_tokens:`, A = `${e}_oidc_error:`, S = `${e}_oidc_exception:`, O = g.data;
|
|
1094
|
+
if (O && typeof O == "string" && !_) {
|
|
1095
|
+
if (O.startsWith(y)) {
|
|
1096
|
+
const T = JSON.parse(g.data.replace(y, ""));
|
|
1097
|
+
t(k.silentLoginAsync_end, {}), l(T), m();
|
|
1098
|
+
} else if (O.startsWith(A)) {
|
|
1099
|
+
const T = JSON.parse(g.data.replace(A, ""));
|
|
1100
|
+
t(k.silentLoginAsync_error, T), l({ error: "oidc_" + T.error, tokens: null, sessionState: null }), m();
|
|
1101
|
+
} else if (O.startsWith(S)) {
|
|
1102
|
+
const T = JSON.parse(g.data.replace(S, ""));
|
|
1103
|
+
t(k.silentLoginAsync_error, T), h(new Error(T.error)), m();
|
|
1088
1104
|
}
|
|
1089
1105
|
}
|
|
1090
1106
|
}
|
|
@@ -1093,55 +1109,55 @@ const G = (e, n, t = null, s = null) => {
|
|
|
1093
1109
|
window.addEventListener("message", p);
|
|
1094
1110
|
const g = n.silent_login_timeout;
|
|
1095
1111
|
setTimeout(() => {
|
|
1096
|
-
|
|
1112
|
+
_ || (m(), t(k.silentLoginAsync_error, { reason: "timeout" }), h(new Error("timeout")));
|
|
1097
1113
|
}, g);
|
|
1098
1114
|
} catch (g) {
|
|
1099
|
-
m(), t(
|
|
1115
|
+
m(), t(k.silentLoginAsync_error, g), h(g);
|
|
1100
1116
|
}
|
|
1101
1117
|
});
|
|
1102
1118
|
} catch (r) {
|
|
1103
|
-
throw t(
|
|
1119
|
+
throw t(k.silentLoginAsync_error, r), r;
|
|
1104
1120
|
}
|
|
1105
1121
|
}, dn = (e, n, t, s, o) => (i = null, r = void 0) => {
|
|
1106
1122
|
i = { ...i };
|
|
1107
|
-
const a = (
|
|
1108
|
-
|
|
1123
|
+
const a = (f, u, l) => ge(n, t, s.bind(o))(
|
|
1124
|
+
f,
|
|
1109
1125
|
u,
|
|
1110
1126
|
l
|
|
1111
1127
|
);
|
|
1112
1128
|
return (async () => {
|
|
1113
1129
|
o.timeoutId && $.clearTimeout(o.timeoutId);
|
|
1114
|
-
let
|
|
1115
|
-
i && "state" in i && (
|
|
1130
|
+
let f;
|
|
1131
|
+
i && "state" in i && (f = i.state, delete i.state);
|
|
1116
1132
|
try {
|
|
1117
1133
|
const u = t.extras ? { ...t.extras, ...i } : i, l = await a(
|
|
1118
1134
|
{
|
|
1119
1135
|
...u,
|
|
1120
1136
|
prompt: "none"
|
|
1121
1137
|
},
|
|
1122
|
-
|
|
1138
|
+
f,
|
|
1123
1139
|
r
|
|
1124
1140
|
);
|
|
1125
1141
|
if (l)
|
|
1126
|
-
return o.tokens = l.tokens, s(
|
|
1142
|
+
return o.tokens = l.tokens, s(k.token_acquired, {}), o.timeoutId = G(o, o.tokens.expiresAt, i, r), {};
|
|
1127
1143
|
} catch (u) {
|
|
1128
1144
|
return u;
|
|
1129
1145
|
}
|
|
1130
1146
|
})();
|
|
1131
|
-
},
|
|
1132
|
-
const a = (c,
|
|
1147
|
+
}, gn = (e, n, t) => (s, o, i, r = !1) => {
|
|
1148
|
+
const a = (c, f = void 0, u = void 0) => ge(e.configurationName, t, e.publishEvent.bind(e))(
|
|
1133
1149
|
c,
|
|
1134
|
-
|
|
1150
|
+
f,
|
|
1135
1151
|
u
|
|
1136
1152
|
);
|
|
1137
|
-
return new Promise((c,
|
|
1153
|
+
return new Promise((c, f) => {
|
|
1138
1154
|
if (t.silent_login_uri && t.silent_redirect_uri && t.monitor_session && s && i && !r) {
|
|
1139
1155
|
const u = () => {
|
|
1140
1156
|
e.checkSessionIFrame.stop();
|
|
1141
1157
|
const l = e.tokens;
|
|
1142
1158
|
if (l === null)
|
|
1143
1159
|
return;
|
|
1144
|
-
const h = l.idToken,
|
|
1160
|
+
const h = l.idToken, _ = l.idTokenPayload;
|
|
1145
1161
|
return a({
|
|
1146
1162
|
prompt: "none",
|
|
1147
1163
|
id_token_hint: h,
|
|
@@ -1150,9 +1166,9 @@ const G = (e, n, t = null, s = null) => {
|
|
|
1150
1166
|
if (m.error)
|
|
1151
1167
|
throw new Error(m.error);
|
|
1152
1168
|
const p = m.tokens.idTokenPayload;
|
|
1153
|
-
if (
|
|
1169
|
+
if (_.sub === p.sub) {
|
|
1154
1170
|
const g = m.sessionState;
|
|
1155
|
-
e.checkSessionIFrame.start(m.sessionState),
|
|
1171
|
+
e.checkSessionIFrame.start(m.sessionState), _.sid === p.sid ? console.debug(
|
|
1156
1172
|
"SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
|
|
1157
1173
|
g
|
|
1158
1174
|
) : console.debug(
|
|
@@ -1170,7 +1186,7 @@ const G = (e, n, t = null, s = null) => {
|
|
|
1170
1186
|
m
|
|
1171
1187
|
);
|
|
1172
1188
|
for (const [, p] of Object.entries(n))
|
|
1173
|
-
await p.logoutOtherTabAsync(t.client_id,
|
|
1189
|
+
await p.logoutOtherTabAsync(t.client_id, _.sub);
|
|
1174
1190
|
});
|
|
1175
1191
|
};
|
|
1176
1192
|
e.checkSessionIFrame = new $e(
|
|
@@ -1180,12 +1196,12 @@ const G = (e, n, t = null, s = null) => {
|
|
|
1180
1196
|
), e.checkSessionIFrame.load().then(() => {
|
|
1181
1197
|
e.checkSessionIFrame.start(i), c(e.checkSessionIFrame);
|
|
1182
1198
|
}).catch((l) => {
|
|
1183
|
-
|
|
1199
|
+
f(l);
|
|
1184
1200
|
});
|
|
1185
1201
|
} else
|
|
1186
1202
|
c(null);
|
|
1187
1203
|
});
|
|
1188
|
-
},
|
|
1204
|
+
}, hn = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), yn = (e) => {
|
|
1189
1205
|
const n = e.appVersion, t = e.userAgent, s = "-";
|
|
1190
1206
|
let o = s;
|
|
1191
1207
|
const i = [
|
|
@@ -1268,18 +1284,18 @@ const mn = () => {
|
|
|
1268
1284
|
if (e === "chrome" && parseInt(n) <= 70 || e === "opera" && (!n || parseInt(n.split(".")[0]) < 80) || e === "ie")
|
|
1269
1285
|
return !1;
|
|
1270
1286
|
const t = yn(navigator);
|
|
1271
|
-
return !
|
|
1287
|
+
return !hn(t);
|
|
1272
1288
|
}, wn = async (e) => {
|
|
1273
1289
|
let n;
|
|
1274
1290
|
if (e.tokens != null)
|
|
1275
1291
|
return !1;
|
|
1276
|
-
e.publishEvent(
|
|
1292
|
+
e.publishEvent(k.tryKeepExistingSessionAsync_begin, {});
|
|
1277
1293
|
try {
|
|
1278
1294
|
const t = e.configuration, s = await e.initAsync(
|
|
1279
1295
|
t.authority,
|
|
1280
1296
|
t.authority_configuration
|
|
1281
1297
|
);
|
|
1282
|
-
if (n = await
|
|
1298
|
+
if (n = await x(t, e.configurationName), n) {
|
|
1283
1299
|
const { tokens: o } = await n.initAsync(
|
|
1284
1300
|
s,
|
|
1285
1301
|
"tryKeepExistingSessionAsync",
|
|
@@ -1299,20 +1315,24 @@ const mn = () => {
|
|
|
1299
1315
|
s.checkSessionIframe,
|
|
1300
1316
|
t.client_id,
|
|
1301
1317
|
r
|
|
1302
|
-
), t.preload_user_info && await e.userInfoAsync(), e.publishEvent(
|
|
1318
|
+
), t.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
|
|
1303
1319
|
success: !0,
|
|
1304
1320
|
message: "tokens inside ServiceWorker are valid"
|
|
1305
1321
|
}), !0;
|
|
1306
1322
|
}
|
|
1307
|
-
e.publishEvent(
|
|
1323
|
+
e.publishEvent(k.tryKeepExistingSessionAsync_end, {
|
|
1308
1324
|
success: !1,
|
|
1309
1325
|
message: "no exiting session found"
|
|
1310
1326
|
});
|
|
1311
1327
|
} else {
|
|
1312
|
-
t.service_worker_relative_url && e.publishEvent(
|
|
1328
|
+
t.service_worker_relative_url && e.publishEvent(k.service_worker_not_supported_by_browser, {
|
|
1313
1329
|
message: "service worker is not supported by this browser"
|
|
1314
1330
|
});
|
|
1315
|
-
const o =
|
|
1331
|
+
const o = C(
|
|
1332
|
+
e.configurationName,
|
|
1333
|
+
t.storage ?? sessionStorage,
|
|
1334
|
+
t.login_state_storage ?? t.storage ?? sessionStorage
|
|
1335
|
+
), { tokens: i } = await o.initAsync();
|
|
1316
1336
|
if (i) {
|
|
1317
1337
|
e.tokens = ue(i, null, t.token_renew_mode);
|
|
1318
1338
|
const r = o.getLoginParams();
|
|
@@ -1327,19 +1347,19 @@ const mn = () => {
|
|
|
1327
1347
|
s.checkSessionIframe,
|
|
1328
1348
|
t.client_id,
|
|
1329
1349
|
a
|
|
1330
|
-
), t.preload_user_info && await e.userInfoAsync(), e.publishEvent(
|
|
1350
|
+
), t.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
|
|
1331
1351
|
success: !0,
|
|
1332
1352
|
message: "tokens inside storage are valid"
|
|
1333
1353
|
}), !0;
|
|
1334
1354
|
}
|
|
1335
1355
|
}
|
|
1336
|
-
return e.publishEvent(
|
|
1356
|
+
return e.publishEvent(k.tryKeepExistingSessionAsync_end, {
|
|
1337
1357
|
success: !1,
|
|
1338
1358
|
message: n ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
|
|
1339
1359
|
}), !1;
|
|
1340
1360
|
} catch (t) {
|
|
1341
1361
|
return console.error(t), n && await n.clearAsync(), e.publishEvent(
|
|
1342
|
-
|
|
1362
|
+
k.tryKeepExistingSessionAsync_error,
|
|
1343
1363
|
"tokens inside ServiceWorker are invalid"
|
|
1344
1364
|
), !1;
|
|
1345
1365
|
}
|
|
@@ -1382,144 +1402,157 @@ const mn = () => {
|
|
|
1382
1402
|
t = i[s].split("="), n[decodeURIComponent(t[0])] = decodeURIComponent(t[1]);
|
|
1383
1403
|
return n;
|
|
1384
1404
|
}, An = (e, n, t, s, o) => (i = void 0, r = null, a = !1, c = void 0) => {
|
|
1385
|
-
const
|
|
1405
|
+
const f = r;
|
|
1386
1406
|
return r = { ...r }, (async () => {
|
|
1387
1407
|
const l = i || o.getPath();
|
|
1388
|
-
if ("state" in r || (r.state = re(16)), t(
|
|
1408
|
+
if ("state" in r || (r.state = re(16)), t(k.loginAsync_begin, {}), r)
|
|
1389
1409
|
for (const h of Object.keys(r))
|
|
1390
1410
|
h.endsWith(":token_request") && delete r[h];
|
|
1391
1411
|
try {
|
|
1392
1412
|
const h = a ? n.silent_redirect_uri : n.redirect_uri;
|
|
1393
1413
|
c || (c = n.scope);
|
|
1394
|
-
const
|
|
1395
|
-
|
|
1396
|
-
const m = { nonce:
|
|
1414
|
+
const _ = n.extras ? { ...n.extras, ...r } : r;
|
|
1415
|
+
_.nonce || (_.nonce = re(12));
|
|
1416
|
+
const m = { nonce: _.nonce }, p = await x(n, e), g = await s(
|
|
1397
1417
|
n.authority,
|
|
1398
1418
|
n.authority_configuration
|
|
1399
1419
|
);
|
|
1400
|
-
let
|
|
1420
|
+
let y;
|
|
1401
1421
|
if (p)
|
|
1402
|
-
p.setLoginParams({ callbackPath: l, extras:
|
|
1422
|
+
p.setLoginParams({ callbackPath: l, extras: f, scope: c }), await p.initAsync(g, "loginAsync", n), await p.setNonceAsync(m), p.startKeepAliveServiceWorker(), y = p;
|
|
1403
1423
|
else {
|
|
1404
|
-
const S =
|
|
1405
|
-
|
|
1424
|
+
const S = C(
|
|
1425
|
+
e,
|
|
1426
|
+
n.storage ?? sessionStorage,
|
|
1427
|
+
n.login_state_storage ?? n.storage ?? sessionStorage
|
|
1428
|
+
);
|
|
1429
|
+
S.setLoginParams({ callbackPath: l, extras: f, scope: c }), await S.setNonceAsync(m), y = S;
|
|
1406
1430
|
}
|
|
1407
1431
|
const A = {
|
|
1408
1432
|
client_id: n.client_id,
|
|
1409
1433
|
redirect_uri: h,
|
|
1410
1434
|
scope: c,
|
|
1411
1435
|
response_type: "code",
|
|
1412
|
-
...
|
|
1436
|
+
..._
|
|
1413
1437
|
};
|
|
1414
|
-
await _n(
|
|
1438
|
+
await _n(y, o)(
|
|
1415
1439
|
g.authorizationEndpoint,
|
|
1416
1440
|
A
|
|
1417
1441
|
);
|
|
1418
1442
|
} catch (h) {
|
|
1419
|
-
throw t(
|
|
1443
|
+
throw t(k.loginAsync_error, h), h;
|
|
1420
1444
|
}
|
|
1421
1445
|
})();
|
|
1422
1446
|
}, Sn = (e) => async (n = !1) => {
|
|
1423
1447
|
try {
|
|
1424
|
-
e.publishEvent(
|
|
1448
|
+
e.publishEvent(k.loginCallbackAsync_begin, {});
|
|
1425
1449
|
const t = e.configuration, s = t.client_id, o = n ? t.silent_redirect_uri : t.redirect_uri, i = t.authority, r = t.token_request_timeout, a = await e.initAsync(
|
|
1426
1450
|
i,
|
|
1427
1451
|
t.authority_configuration
|
|
1428
|
-
), c = e.location.getCurrentHref(),
|
|
1429
|
-
let h,
|
|
1452
|
+
), c = e.location.getCurrentHref(), f = ce(c), u = f.session_state, l = await x(t, e.configurationName);
|
|
1453
|
+
let h, _, m, p;
|
|
1430
1454
|
if (l)
|
|
1431
|
-
await l.initAsync(a, "loginCallbackAsync", t), await l.setSessionStateAsync(u),
|
|
1455
|
+
await l.initAsync(a, "loginCallbackAsync", t), await l.setSessionStateAsync(u), _ = await l.getNonceAsync(), m = l.getLoginParams(), p = await l.getStateAsync(), l.startKeepAliveServiceWorker(), h = l;
|
|
1432
1456
|
else {
|
|
1433
|
-
const
|
|
1457
|
+
const v = C(
|
|
1434
1458
|
e.configurationName,
|
|
1435
|
-
t.storage ?? sessionStorage
|
|
1459
|
+
t.storage ?? sessionStorage,
|
|
1460
|
+
t.login_state_storage ?? t.storage ?? sessionStorage
|
|
1436
1461
|
);
|
|
1437
|
-
await
|
|
1462
|
+
await v.setSessionStateAsync(u), _ = await v.getNonceAsync(), m = v.getLoginParams(), p = await v.getStateAsync(), h = v;
|
|
1438
1463
|
}
|
|
1439
|
-
if (
|
|
1464
|
+
if (f.error || f.error_description)
|
|
1440
1465
|
throw new Error(
|
|
1441
|
-
`Error from OIDC server: ${
|
|
1466
|
+
`Error from OIDC server: ${f.error} - ${f.error_description}`
|
|
1442
1467
|
);
|
|
1443
|
-
if (
|
|
1468
|
+
if (f.iss && f.iss !== a.issuer)
|
|
1444
1469
|
throw console.error(), new Error(
|
|
1445
|
-
`Issuer not valid (expected: ${a.issuer}, received: ${
|
|
1470
|
+
`Issuer not valid (expected: ${a.issuer}, received: ${f.iss})`
|
|
1446
1471
|
);
|
|
1447
|
-
if (
|
|
1448
|
-
throw new Error(`State not valid (expected: ${p}, received: ${
|
|
1472
|
+
if (f.state && f.state !== p)
|
|
1473
|
+
throw new Error(`State not valid (expected: ${p}, received: ${f.state})`);
|
|
1449
1474
|
const g = {
|
|
1450
|
-
code:
|
|
1475
|
+
code: f.code,
|
|
1451
1476
|
grant_type: "authorization_code",
|
|
1452
1477
|
client_id: t.client_id,
|
|
1453
1478
|
redirect_uri: o
|
|
1454
|
-
},
|
|
1479
|
+
}, y = {};
|
|
1455
1480
|
if (t.token_request_extras)
|
|
1456
|
-
for (const [
|
|
1457
|
-
|
|
1481
|
+
for (const [v, d] of Object.entries(t.token_request_extras))
|
|
1482
|
+
y[v] = d;
|
|
1458
1483
|
if (m?.extras)
|
|
1459
|
-
for (const [
|
|
1460
|
-
|
|
1484
|
+
for (const [v, d] of Object.entries(m.extras))
|
|
1485
|
+
v.endsWith(":token_request") && (y[v.replace(":token_request", "")] = d);
|
|
1461
1486
|
const A = a.tokenEndpoint, S = {};
|
|
1462
1487
|
if (t.demonstrating_proof_of_possession)
|
|
1463
1488
|
if (l)
|
|
1464
1489
|
S.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
|
|
1465
1490
|
else {
|
|
1466
|
-
const
|
|
1491
|
+
const v = await tn(window)(
|
|
1467
1492
|
t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
|
|
1468
1493
|
);
|
|
1469
|
-
await
|
|
1494
|
+
await C(
|
|
1495
|
+
e.configurationName,
|
|
1496
|
+
t.storage,
|
|
1497
|
+
t.login_state_storage ?? t.storage
|
|
1498
|
+
).setDemonstratingProofOfPossessionJwkAsync(v), S.DPoP = await Ne(window)(
|
|
1470
1499
|
t.demonstrating_proof_of_possession_configuration
|
|
1471
|
-
)(
|
|
1500
|
+
)(v, "POST", A);
|
|
1472
1501
|
}
|
|
1473
|
-
const
|
|
1502
|
+
const O = await fn(h)(
|
|
1474
1503
|
A,
|
|
1475
|
-
{ ...g, ...
|
|
1504
|
+
{ ...g, ...y },
|
|
1476
1505
|
S,
|
|
1477
1506
|
e.configuration.token_renew_mode,
|
|
1478
1507
|
r
|
|
1479
1508
|
);
|
|
1480
|
-
if (!
|
|
1509
|
+
if (!O.success)
|
|
1481
1510
|
throw new Error("Token request failed");
|
|
1482
|
-
let
|
|
1483
|
-
const
|
|
1484
|
-
if (
|
|
1511
|
+
let T;
|
|
1512
|
+
const N = O.data.tokens, w = O.data.demonstratingProofOfPossessionNonce;
|
|
1513
|
+
if (O.data.state !== y.state)
|
|
1485
1514
|
throw new Error("state is not valid");
|
|
1486
1515
|
const { isValid: F, reason: L } = Ee(
|
|
1487
|
-
|
|
1488
|
-
|
|
1516
|
+
N,
|
|
1517
|
+
_.nonce,
|
|
1489
1518
|
a
|
|
1490
1519
|
);
|
|
1491
1520
|
if (!F)
|
|
1492
1521
|
throw new Error(`Tokens are not OpenID valid, reason: ${L}`);
|
|
1493
1522
|
if (l) {
|
|
1494
|
-
if (
|
|
1523
|
+
if (N.refreshToken && !N.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1495
1524
|
throw new Error("Refresh token should be hidden by service worker");
|
|
1496
|
-
if (
|
|
1525
|
+
if (w && N?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
1497
1526
|
throw new Error(
|
|
1498
1527
|
"Demonstration of proof of possession require Access token not hidden by service worker"
|
|
1499
1528
|
);
|
|
1500
1529
|
}
|
|
1501
1530
|
if (l)
|
|
1502
|
-
await l.initAsync(a, "syncTokensAsync", t),
|
|
1503
|
-
|
|
1531
|
+
await l.initAsync(a, "syncTokensAsync", t), T = l.getLoginParams(), w && await l.setDemonstratingProofOfPossessionNonce(
|
|
1532
|
+
w
|
|
1504
1533
|
);
|
|
1505
1534
|
else {
|
|
1506
|
-
const
|
|
1507
|
-
|
|
1535
|
+
const v = C(
|
|
1536
|
+
e.configurationName,
|
|
1537
|
+
t.storage,
|
|
1538
|
+
t.login_state_storage ?? t.storage
|
|
1539
|
+
);
|
|
1540
|
+
T = v.getLoginParams(), w && await v.setDemonstratingProofOfPossessionNonce(w);
|
|
1508
1541
|
}
|
|
1509
1542
|
return await e.startCheckSessionAsync(
|
|
1510
1543
|
a.checkSessionIframe,
|
|
1511
1544
|
s,
|
|
1512
1545
|
u,
|
|
1513
1546
|
n
|
|
1514
|
-
), e.publishEvent(
|
|
1515
|
-
tokens:
|
|
1547
|
+
), e.publishEvent(k.loginCallbackAsync_end, {}), {
|
|
1548
|
+
tokens: N,
|
|
1516
1549
|
state: "request.state",
|
|
1517
|
-
callbackPath:
|
|
1518
|
-
scope:
|
|
1519
|
-
extras:
|
|
1550
|
+
callbackPath: T.callbackPath,
|
|
1551
|
+
scope: f.scope,
|
|
1552
|
+
extras: T.extras
|
|
1520
1553
|
};
|
|
1521
1554
|
} catch (t) {
|
|
1522
|
-
throw console.error(t), e.publishEvent(
|
|
1555
|
+
throw console.error(t), e.publishEvent(k.loginCallbackAsync_error, t), t;
|
|
1523
1556
|
}
|
|
1524
1557
|
}, Se = {
|
|
1525
1558
|
access_token: "access_token",
|
|
@@ -1545,95 +1578,99 @@ const mn = () => {
|
|
|
1545
1578
|
return n;
|
|
1546
1579
|
}, vn = (e) => async (n) => {
|
|
1547
1580
|
$.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
|
|
1548
|
-
const t = await
|
|
1549
|
-
t ? await t.clearAsync(n) : await
|
|
1581
|
+
const t = await x(e.configuration, e.configurationName);
|
|
1582
|
+
t ? await t.clearAsync(n) : await C(
|
|
1583
|
+
e.configurationName,
|
|
1584
|
+
e.configuration.storage,
|
|
1585
|
+
e.configuration.login_state_storage ?? e.configuration.storage
|
|
1586
|
+
).clearAsync(n), e.tokens = null, e.userInfo = null;
|
|
1550
1587
|
}, En = (e, n, t, s, o) => async (i = void 0, r = null) => {
|
|
1551
1588
|
const a = e.configuration, c = await e.initAsync(
|
|
1552
1589
|
a.authority,
|
|
1553
1590
|
a.authority_configuration
|
|
1554
1591
|
);
|
|
1555
1592
|
i && typeof i != "string" && (i = void 0, s.warn("callbackPathOrUrl path is not a string"));
|
|
1556
|
-
const
|
|
1593
|
+
const f = i ?? o.getPath();
|
|
1557
1594
|
let u = !1;
|
|
1558
1595
|
i && (u = i.includes("https://") || i.includes("http://"));
|
|
1559
|
-
const l = u ? i : o.getOrigin() +
|
|
1596
|
+
const l = u ? i : o.getOrigin() + f, h = e.tokens ? e.tokens.idToken : "";
|
|
1560
1597
|
try {
|
|
1561
|
-
const
|
|
1562
|
-
if (
|
|
1598
|
+
const y = c.revocationEndpoint;
|
|
1599
|
+
if (y) {
|
|
1563
1600
|
const A = [], S = e.tokens ? e.tokens.accessToken : null;
|
|
1564
1601
|
if (S && a.logout_tokens_to_invalidate.includes(Se.access_token)) {
|
|
1565
|
-
const
|
|
1566
|
-
|
|
1602
|
+
const T = se(r, ":revoke_access_token"), N = pe(t)(
|
|
1603
|
+
y,
|
|
1567
1604
|
S,
|
|
1568
1605
|
ae.access_token,
|
|
1569
1606
|
a.client_id,
|
|
1570
|
-
|
|
1607
|
+
T
|
|
1571
1608
|
);
|
|
1572
|
-
A.push(
|
|
1609
|
+
A.push(N);
|
|
1573
1610
|
}
|
|
1574
|
-
const
|
|
1575
|
-
if (
|
|
1576
|
-
const
|
|
1577
|
-
|
|
1578
|
-
|
|
1611
|
+
const O = e.tokens ? e.tokens.refreshToken : null;
|
|
1612
|
+
if (O && a.logout_tokens_to_invalidate.includes(Se.refresh_token)) {
|
|
1613
|
+
const T = se(r, ":revoke_refresh_token"), N = pe(t)(
|
|
1614
|
+
y,
|
|
1615
|
+
O,
|
|
1579
1616
|
ae.refresh_token,
|
|
1580
1617
|
a.client_id,
|
|
1581
|
-
|
|
1618
|
+
T
|
|
1582
1619
|
);
|
|
1583
|
-
A.push(
|
|
1620
|
+
A.push(N);
|
|
1584
1621
|
}
|
|
1585
1622
|
A.length > 0 && await Promise.all(A);
|
|
1586
1623
|
}
|
|
1587
|
-
} catch (
|
|
1624
|
+
} catch (y) {
|
|
1588
1625
|
s.warn(
|
|
1589
1626
|
"logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"
|
|
1590
|
-
), s.warn(
|
|
1627
|
+
), s.warn(y);
|
|
1591
1628
|
}
|
|
1592
|
-
const
|
|
1629
|
+
const _ = e.tokens?.idTokenPayload?.sub ?? null;
|
|
1593
1630
|
await e.destroyAsync("LOGGED_OUT");
|
|
1594
|
-
for (const [,
|
|
1595
|
-
|
|
1631
|
+
for (const [, y] of Object.entries(n))
|
|
1632
|
+
y !== e ? await e.logoutSameTabAsync(e.configuration.client_id, _) : e.publishEvent(k.logout_from_same_tab, {});
|
|
1596
1633
|
const m = se(r, ":oidc");
|
|
1597
1634
|
if (m && m.no_reload === "true")
|
|
1598
1635
|
return;
|
|
1599
1636
|
const g = Tn(r);
|
|
1600
1637
|
if (c.endSessionEndpoint) {
|
|
1601
1638
|
"id_token_hint" in g || (g.id_token_hint = h), !("post_logout_redirect_uri" in g) && i !== null && (g.post_logout_redirect_uri = l);
|
|
1602
|
-
let
|
|
1639
|
+
let y = "";
|
|
1603
1640
|
for (const [A, S] of Object.entries(g))
|
|
1604
|
-
S != null && (
|
|
1605
|
-
o.open(`${c.endSessionEndpoint}${
|
|
1641
|
+
S != null && (y === "" ? y += "?" : y += "&", y += `${A}=${encodeURIComponent(S)}`);
|
|
1642
|
+
o.open(`${c.endSessionEndpoint}${y}`);
|
|
1606
1643
|
} else
|
|
1607
1644
|
o.reload();
|
|
1608
1645
|
}, De = (e, n, t = !1) => async (...s) => {
|
|
1609
1646
|
const [o, i, ...r] = s, a = i ? { ...i } : { method: "GET" };
|
|
1610
1647
|
let c = new Headers();
|
|
1611
1648
|
a.headers && (c = a.headers instanceof Headers ? a.headers : new Headers(a.headers));
|
|
1612
|
-
const
|
|
1649
|
+
const f = {
|
|
1613
1650
|
getTokens: () => n.tokens,
|
|
1614
1651
|
configuration: {
|
|
1615
1652
|
token_automatic_renew_mode: n.configuration.token_automatic_renew_mode,
|
|
1616
1653
|
refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
|
|
1617
1654
|
},
|
|
1618
1655
|
syncTokensInfoAsync: async () => {
|
|
1619
|
-
const { status:
|
|
1656
|
+
const { status: _ } = await de(n)(
|
|
1620
1657
|
n.configuration,
|
|
1621
1658
|
n.configurationName,
|
|
1622
1659
|
n.tokens,
|
|
1623
1660
|
!1
|
|
1624
1661
|
);
|
|
1625
|
-
return
|
|
1662
|
+
return _;
|
|
1626
1663
|
},
|
|
1627
1664
|
renewTokensAsync: n.renewTokensAsync.bind(n)
|
|
1628
|
-
}, l = (await ve(
|
|
1665
|
+
}, l = (await ve(f))?.tokens?.accessToken;
|
|
1629
1666
|
if (c.has("Accept") || c.set("Accept", "application/json"), l) {
|
|
1630
1667
|
if (n.configuration.demonstrating_proof_of_possession && t) {
|
|
1631
|
-
const
|
|
1668
|
+
const _ = await n.generateDemonstrationOfProofOfPossessionAsync(
|
|
1632
1669
|
l,
|
|
1633
1670
|
o.toString(),
|
|
1634
1671
|
a.method
|
|
1635
1672
|
);
|
|
1636
|
-
c.set("Authorization", `DPoP ${l}`), c.set("DPoP",
|
|
1673
|
+
c.set("Authorization", `DPoP ${l}`), c.set("DPoP", _);
|
|
1637
1674
|
} else
|
|
1638
1675
|
c.set("Authorization", `Bearer ${l}`);
|
|
1639
1676
|
a.credentials || (a.credentials = "same-origin");
|
|
@@ -1753,7 +1790,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1753
1790
|
check_session_iframe: t.check_session_iframe,
|
|
1754
1791
|
issuer: t.issuer
|
|
1755
1792
|
});
|
|
1756
|
-
const i = await
|
|
1793
|
+
const i = await x(this.configuration, this.configurationName) ? this.configuration.storage || window.sessionStorage : this.configuration.storage;
|
|
1757
1794
|
return await ln(this.getFetch())(
|
|
1758
1795
|
n,
|
|
1759
1796
|
this.configuration.authority_time_cache_wellknowurl_in_second ?? 3600,
|
|
@@ -1771,7 +1808,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1771
1808
|
}));
|
|
1772
1809
|
}
|
|
1773
1810
|
async startCheckSessionAsync(n, t, s, o = !1) {
|
|
1774
|
-
await
|
|
1811
|
+
await gn(this, R, this.configuration)(
|
|
1775
1812
|
n,
|
|
1776
1813
|
t,
|
|
1777
1814
|
s,
|
|
@@ -1800,7 +1837,11 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1800
1837
|
return this.loginCallbackPromise;
|
|
1801
1838
|
const t = async () => {
|
|
1802
1839
|
const s = await Sn(this)(n), o = s.tokens;
|
|
1803
|
-
return this.tokens = o, await
|
|
1840
|
+
return this.tokens = o, await x(this.configuration, this.configurationName) || C(
|
|
1841
|
+
this.configurationName,
|
|
1842
|
+
this.configuration.storage,
|
|
1843
|
+
this.configuration.login_state_storage ?? this.configuration.storage
|
|
1844
|
+
).setTokens(o), this.publishEvent(J.eventNames.token_acquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), {
|
|
1804
1845
|
parsedTokens: o,
|
|
1805
1846
|
state: s.state,
|
|
1806
1847
|
callbackPath: s.callbackPath,
|
|
@@ -1817,12 +1858,16 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1817
1858
|
ath: await xe(n),
|
|
1818
1859
|
...o
|
|
1819
1860
|
};
|
|
1820
|
-
if (await
|
|
1861
|
+
if (await x(i, this.configurationName))
|
|
1821
1862
|
return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${be(this.configurationName)}`;
|
|
1822
|
-
const c =
|
|
1863
|
+
const c = C(
|
|
1864
|
+
this.configurationName,
|
|
1865
|
+
i.storage,
|
|
1866
|
+
i.login_state_storage ?? i.storage
|
|
1867
|
+
), f = await c.getDemonstratingProofOfPossessionJwkAsync(), u = c.getDemonstratingProofOfPossessionNonce();
|
|
1823
1868
|
return u && (r.nonce = u), await Ne(window)(
|
|
1824
1869
|
i.demonstrating_proof_of_possession_configuration
|
|
1825
|
-
)(
|
|
1870
|
+
)(f, s, t, r);
|
|
1826
1871
|
}
|
|
1827
1872
|
loginCallbackWithAutoTokensRenewAsync() {
|
|
1828
1873
|
return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = In(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
|
|
@@ -1846,10 +1891,10 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1846
1891
|
return await vn(this)(n);
|
|
1847
1892
|
}
|
|
1848
1893
|
async logoutSameTabAsync(n, t) {
|
|
1849
|
-
this.configuration.monitor_session && this.configuration.client_id === n && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(
|
|
1894
|
+
this.configuration.monitor_session && this.configuration.client_id === n && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(k.logout_from_same_tab, { mmessage: "SessionMonitor", sub: t }));
|
|
1850
1895
|
}
|
|
1851
1896
|
async logoutOtherTabAsync(n, t) {
|
|
1852
|
-
this.configuration.monitor_session && this.configuration.client_id === n && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(
|
|
1897
|
+
this.configuration.monitor_session && this.configuration.client_id === n && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(k.logout_from_another_tab, { message: "SessionMonitor", sub: t }));
|
|
1853
1898
|
}
|
|
1854
1899
|
async logoutAsync(n = void 0, t = null) {
|
|
1855
1900
|
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = En(
|
|
@@ -1863,7 +1908,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1863
1908
|
}));
|
|
1864
1909
|
}
|
|
1865
1910
|
};
|
|
1866
|
-
J.getOrCreate = (n, t) => (s, o = "default") => Pn(n, t)(s, o), J.eventNames =
|
|
1911
|
+
J.getOrCreate = (n, t) => (s, o = "default") => Pn(n, t)(s, o), J.eventNames = k;
|
|
1867
1912
|
let W = J;
|
|
1868
1913
|
const V = class V {
|
|
1869
1914
|
constructor(n) {
|