npm - @axa-fr/oidc-client - Versions diffs - 7.26.8 → 7.27.0 - Mend

@axa-fr/oidc-client 7.26.8 → 7.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/README.md +2 -1
package/dist/index.js +381 -336
package/dist/index.umd.cjs +2 -2
package/dist/initSession.d.ts +1 -1
package/dist/initSession.d.ts.map +1 -1
package/dist/initSession.spec.d.ts +2 -0
package/dist/initSession.spec.d.ts.map +1 -0
package/dist/keepSession.d.ts.map +1 -1
package/dist/login.d.ts.map +1 -1
package/dist/logout.d.ts.map +1 -1
package/dist/oidc.d.ts.map +1 -1
package/dist/renewTokens.d.ts.map +1 -1
package/dist/types.d.ts +1 -0
package/dist/types.d.ts.map +1 -1
package/dist/version.d.ts +1 -1
package/package.json +2 -2
package/src/initSession.spec.ts +215 -0
package/src/initSession.ts +21 -9
package/src/keepSession.ts +6 -2
package/src/login.ts +16 -3
package/src/logout.ts +5 -1
package/src/oidc.ts +10 -2
package/src/renewTokens.ts +20 -4
package/src/types.ts +1 -0
package/src/version.ts +1 -1

package/dist/index.umd.cjs CHANGED Viewed

@@ -1,2 +1,2 @@
-(function(I,D){typeof exports=="object"&&typeof module<"u"?D(exports):typeof define=="function"&&define.amd?define(["exports"],D):(I=typeof globalThis<"u"?globalThis:I||self,D(I["oidc-client"]={}))})(this,(function(I){"use strict";class D{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const ke=2e3,V=console;class Ke{constructor(n,t,s,o=ke,i=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||ke,this._stopOnError=i;const r=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(V.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(V.debug(n),V.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):V.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){V.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(V.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const w={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},N=(e,n=sessionStorage)=>{const t=y=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:y}),delete n[`oidc.${e}.userInfo`],Promise.resolve()),s=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const y=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:y.tokens,status:y.status})},o=y=>{n[`oidc.${e}`]=JSON.stringify({tokens:y})},i=async y=>{n[`oidc.session_state.${e}`]=y},r=async()=>n[`oidc.session_state.${e}`],a=y=>{n[`oidc.nonce.${e}`]=y.nonce},c=y=>{n[`oidc.jwk.${e}`]=JSON.stringify(y)},f=()=>JSON.parse(n[`oidc.jwk.${e}`]),u=async()=>({nonce:n[`oidc.nonce.${e}`]}),l=async y=>{n[`oidc.dpop_nonce.${e}`]=y},h=()=>n[`oidc.dpop_nonce.${e}`],_=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,m={};return{clearAsync:t,initAsync:s,setTokens:o,getTokens:_,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:a,getNonceAsync:u,setLoginParams:y=>{m[e]=y,n[`oidc.login.${e}`]=JSON.stringify(y)},getLoginParams:()=>{const y=n[`oidc.login.${e}`];return y?(m[e]||(m[e]=JSON.parse(y)),m[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>n[`oidc.state.${e}`],setStateAsync:async y=>{n[`oidc.state.${e}`]=y},getCodeVerifierAsync:async()=>n[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async y=>{n[`oidc.code_verifier.${e}`]=y},setDemonstratingProofOfPossessionNonce:l,getDemonstratingProofOfPossessionNonce:h,setDemonstratingProofOfPossessionJwkAsync:c,getDemonstratingProofOfPossessionJwkAsync:f}};var F=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(F||{});const Ue=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Ve=e=>JSON.parse(Ue(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),me=e=>{try{return e&&Fe(e,".")===2?Ve(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Fe=(e,n)=>e.split(n).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Me(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const ie=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=me(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:me(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=Me(e,s,r);let f;e.expiresAt?f=e.expiresAt:t===X.access_token_invalid?f=c:t===X.id_token_invalid?f=a:f=a<c?a:c;const u={...e,idTokenPayload:r,accessTokenPayload:s,expiresAt:f,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...u,refreshToken:l}}return u},re=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),ie(s,n,t)},J=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},Be=(e,n=0)=>e?J(n,e.expiresAt)>0:!1,we=async(e,n=200,t=50)=>{let s=t,o=await e.syncTokensInfoAsync();for(;[O.REQUIRE_SYNC_TOKENS,O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,O.TOKENS_INVALID].includes(o)&&s>0;){if(e.configuration.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await Q({milliseconds:n});s=s-1,o=await e.syncTokensInfoAsync()}return{isTokensValid:Be(e.getTokens()),tokens:e.getTokens(),numberWaited:s-t}},pe=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const i=3600*24*7;if(s.iat&&s.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+i} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},R=(function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),ae="7.26.8";let Ae=null,z;const Q=({milliseconds:e})=>new Promise(n=>R.setTimeout(n,e)),Se=(e="/")=>{try{z=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:z.signal}).catch(s=>{console.log(s)}),Q({milliseconds:150*1e3}).then(()=>Se(e))}catch(n){console.log(n)}},Z=()=>{z&&z.abort()},Te=e=>{const n=`oidc.tabId.${e}`,t=sessionStorage.getItem(n);if(t)return t;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(n,s),s},Je=5e3,He=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,P=(e,n)=>t=>{const s=n?.timeoutMs??Je;return new Promise((o,i)=>{const r=He(e);if(!r){i(new Error("Service worker target not available (controller/active/waiting/installing missing)"));return}const a=new MessageChannel;let c=null;const f=()=>{try{c!=null&&(R.clearTimeout(c),c=null),a.port1.onmessage=null,a.port1.close(),a.port2.close()}catch(u){console.error(u)}};c=R.setTimeout(()=>{f(),i(new Error(`Service worker did not respond within ${s}ms (type=${t?.type})`))},s),a.port1.onmessage=u=>{f(),u?.data?.error?i(u.data.error):o(u.data)};try{const u=t?.configurationName;r.postMessage({...t,tabId:Te(u??"default")},[a.port2])}catch(u){f(),i(u)}})},je=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(n=>{let t=!1;const s=()=>{t||(t=!0,navigator.serviceWorker.removeEventListener("controllerchange",s),n(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener("controllerchange",s),R.setTimeout(()=>{t||(t=!0,navigator.serviceWorker.removeEventListener("controllerchange",s),n(navigator.serviceWorker.controller??null))},e)}),C=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;const s=`${t}?v=${ae}`;let o=null;e.service_worker_register?o=await e.service_worker_register(t):o=await navigator.serviceWorker.register(s,{updateViaCache:"none"});const i=`oidc.sw.version_mismatch_reload.${n}`,r=async()=>{Z(),console.log("New SW waiting – SKIP_WAITING");try{await P(o,{timeoutMs:8e3})({type:"SKIP_WAITING",configurationName:n,data:null})}catch(d){console.warn("SKIP_WAITING failed",d)}},a=d=>{Z(),d.addEventListener("statechange",async()=>{d.state==="installed"&&navigator.serviceWorker.controller&&await r()})};o.addEventListener("updatefound",()=>{const d=o.installing;d&&a(d)}),o.installing?a(o.installing):o.waiting&&navigator.serviceWorker.controller&&r();try{await o.update()}catch(d){console.error(d)}const c=`oidc.sw.controllerchange.reloaded.${n}`;navigator.serviceWorker.addEventListener("controllerchange",()=>{try{if(sessionStorage.getItem(c)==="1")return;sessionStorage.setItem(c,"1")}catch{}console.log("SW controller changed – reloading page"),Z(),window.location.reload()});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await P(o,{timeoutMs:8e3})({type:"claim",configurationName:n,data:null}),await je(2e3))}catch(d){return console.warn(`Failed init ServiceWorker ${d?.toString?.()??String(d)}`),null}const f=async d=>P(o)({type:"clear",data:{status:d},configurationName:n}),u=async(d,K,v)=>{const b=await P(o)({type:"init",data:{oidcServerConfiguration:d,where:K,oidcConfiguration:{token_renew_mode:v.token_renew_mode,service_worker_convert_all_requests_to_cors:v.service_worker_convert_all_requests_to_cors}},configurationName:n}),se=b.version;if(se!==ae){console.warn(`Service worker ${se} version mismatch with js client version ${ae}, unregistering and reloading`);const Y=parseInt(sessionStorage.getItem(i)??"0",10);if(Y<3)if(sessionStorage.setItem(i,String(Y+1)),o.waiting)await r();else{Z();try{await o.update()}catch($e){console.error($e)}const oe=await o.unregister();console.log(`Service worker unregistering ${oe}`),await Q({milliseconds:2e3}),window.location.reload()}else console.error(`Service worker version mismatch persists after ${Y} attempt(s). Continuing with mismatched version.`),sessionStorage.removeItem(i)}else sessionStorage.removeItem(i);return{tokens:re(b.tokens,null,v.token_renew_mode),status:b.status}},l=(d="/")=>{Ae==null&&(Ae="not_null",Se(d))},h=d=>P(o)({type:"setSessionState",data:{sessionState:d},configurationName:n}),_=async()=>(await P(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,m=d=>(sessionStorage[`oidc.nonce.${n}`]=d.nonce,P(o)({type:"setNonce",data:{nonce:d},configurationName:n})),p=async(d=!0)=>{let v=(await P(o)({type:"getNonce",data:null,configurationName:n})).nonce;return v||(v=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage"),d&&(await m(v),v=(await p(!1)).nonce)),{nonce:v}},g={},k=d=>{g[n]=d,localStorage[`oidc.login.${n}`]=JSON.stringify(d)},A=()=>{const d=localStorage[`oidc.login.${n}`];return g[n]||(g[n]=JSON.parse(d)),g[n]},S=async d=>{await P(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:d},configurationName:n})},E=async()=>(await P(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,y=async d=>{const K=JSON.stringify(d);await P(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:K},configurationName:n})},x=async()=>{const d=await P(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return d.demonstratingProofOfPossessionJwkJson?JSON.parse(d.demonstratingProofOfPossessionJwkJson):null},L=async(d=!0)=>{let v=(await P(o)({type:"getState",data:null,configurationName:n})).state;return v||(v=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage"),d&&(await q(v),v=await L(!1))),v},q=async d=>(sessionStorage[`oidc.state.${n}`]=d,P(o)({type:"setState",data:{state:d},configurationName:n})),$=async(d=!0)=>{let v=(await P(o)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return v||(v=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage"),d&&(await T(v),v=await $(!1))),v},T=async d=>(sessionStorage[`oidc.code_verifier.${n}`]=d,P(o)({type:"setCodeVerifier",data:{codeVerifier:d},configurationName:n}));return{clearAsync:f,initAsync:u,startKeepAliveServiceWorker:()=>l(e.service_worker_keep_alive_path),setSessionStateAsync:h,getSessionStateAsync:_,setNonceAsync:m,getNonceAsync:p,setLoginParams:k,getLoginParams:A,getStateAsync:L,setStateAsync:q,getCodeVerifierAsync:$,setCodeVerifierAsync:T,setDemonstratingProofOfPossessionNonce:S,getDemonstratingProofOfPossessionNonce:E,setDemonstratingProofOfPossessionJwkAsync:y,getDemonstratingProofOfPossessionJwkAsync:x}},M={},Ge=(e,n=window.sessionStorage,t)=>{if(!M[e]&&n){const o=n.getItem(e);o&&(M[e]=JSON.parse(o))}const s=1e3*t;return M[e]&&M[e].timestamp+s>Date.now()?M[e].result:null},qe=(e,n,t=window.sessionStorage)=>{const s=Date.now();M[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function ve(e){return new TextEncoder().encode(e)}function Ee(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Ye(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const ce=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),Ee(n)};function Oe(e){return Ee(Ye(e))}const Xe={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},ze={sign:e=>async(n,t,s,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=i,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:Oe(JSON.stringify(t)),payload:Oe(JSON.stringify(s))},a=o.importKeyAlgorithm,c=!0,f=["sign"],u=await e.crypto.subtle.importKey("jwk",n,a,c,f),l=ve(`${r.protected}.${r.payload}`),h=o.signAlgorithm,_=await e.crypto.subtle.sign(h,u,l);return r.signature=ce(new Uint8Array(_)),`${r.protected}.${r.payload}.${r.signature}`}},Qe={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},Ze={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,ve(s));return ce(new Uint8Array(o))}},en=e=>async n=>await Qe.generate(e)(n),be=e=>n=>async(t,s="POST",o,i={})=>{const r={jti:btoa(nn()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await Ze.thumbprint(e)(t,n.digestAlgorithm);return await ze.sign(e)(t,{kid:a},r,n)},nn=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Pe=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},le="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",tn=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%le.length;n.push(le[s])}return n.join("")},ue=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Pe();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*le.length|0;return tn(n)};function sn(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function Ie(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",sn(e)).then(s=>n(ce(new Uint8Array(s))),s=>t(s))})}const on=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Pe();return n?Ie(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},rn=3600,an=e=>async(n,t=rn,s=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Ge(r,s,t);if(a)return new ge(a);const c=await H(e)(i,{},o);if(c.status!==200)return null;const f=await c.json();return qe(r,f,s),new ge(f)},H=e=>async(n,t={},s=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),s),i=await e(n,{...t,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await H(e)(n,t,s,o+1);throw r}else throw console.error(r.message),r}return i},fe={refresh_token:"refresh_token",access_token:"access_token"},Ne=e=>async(n,t,s=fe.refresh_token,o,i={},r=1e4)=>{const a={token:t,token_type_hint:s,client_id:o};for(const[l,h]of Object.entries(i))a[l]===void 0&&(a[l]=h);const c=[];for(const l in a){const h=encodeURIComponent(l),_=encodeURIComponent(a[l]);c.push(`${h}=${_}`)}const f=c.join("&");return(await H(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:f},r)).status!==200?{success:!1}:{success:!0}},cn=e=>async(n,t,s,o,i={},r,a=1e4)=>{for(const[_,m]of Object.entries(s))t[_]===void 0&&(t[_]=m);const c=[];for(const _ in t){const m=encodeURIComponent(_),p=encodeURIComponent(t[_]);c.push(`${m}=${p}`)}const f=c.join("&"),u=await H(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},a);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};const l=await u.json();let h=null;return u.headers.has(ee)&&(h=u.headers.get(ee)),{success:!0,status:u.status,data:re(l,o,r),demonstratingProofOfPossessionNonce:h}},ln=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=ue(128),i=await on(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=i,s.code_challenge_method="S256";let r="";if(s)for(const[a,c]of Object.entries(s))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${t}${r}`)},ee="DPoP-Nonce",un=e=>async(n,t,s,o,i=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const l in t){const h=encodeURIComponent(l),_=encodeURIComponent(t[l]);r.push(`${h}=${_}`)}const a=r.join("&"),c=await H(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let f=null;c.headers.has(ee)&&(f=c.headers.get(ee));const u=await c.json();return{success:!0,data:{state:t.state,tokens:re(u,null,o),demonstratingProofOfPossessionNonce:f}}};async function Ce(e,n,t,s=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await ne(e)(o,0,0,n,t,s);return await C(e.configuration,e.configurationName)||N(e.configurationName,e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function xe(e,n=!1,t=null,s=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await C(e.configuration,e.configurationName);if(o?.storage===window?.sessionStorage&&!a||!navigator.locks)r=await Ce(e,n,t,s);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async f=>f?await Ce(e,n,t,s):(e.publishEvent(W.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=j(e,e.tokens.expiresAt,t,s)),e.tokens):null}const j=(e,n,t=null,s=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&R.clearTimeout(e.timeoutId),R.setTimeout(async()=>{const r={timeLeft:J(o,n)};e.publishEvent(W.eventNames.token_timer,r),await xe(e,!1,t,s)},1e3)},O={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS",TOKENS_INVALID:"TOKENS_INVALID"},_e=e=>async(n,t,s,o=!1)=>{const i={nonce:null};if(!s)return{tokens:null,status:O.NOT_CONNECTED,nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await C(n,t);if(c){const{status:l,tokens:h}=await c.initAsync(a,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:O.LOGOUT_FROM_ANOTHER_TAB,nonce:i};if(l==="SESSIONS_LOST")return{tokens:null,status:O.SESSION_LOST,nonce:i};if(!l||!h)return{tokens:null,status:O.REQUIRE_SYNC_TOKENS,nonce:i};if(h.issuedAt!==s.issuedAt){const m=J(n.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,p=await c.getNonceAsync();return{tokens:h,status:m,nonce:p}}r=await c.getNonceAsync()}else{const l=N(t,n.storage??sessionStorage),h=await l.initAsync();let{tokens:_}=h;const{status:m}=h;if(_&&(_=ie(_,e.tokens,n.token_renew_mode)),_){if(m==="SESSIONS_LOST")return{tokens:null,status:O.SESSION_LOST,nonce:i};if(_.issuedAt!==s.issuedAt){const g=J(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,k=await l.getNonceAsync();return{tokens:_,status:g,nonce:k}}}else return{tokens:null,status:O.LOGOUT_FROM_ANOTHER_TAB,nonce:i};r=await l.getNonceAsync()}const u=J(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:r}:{tokens:s,status:u,nonce:r}},ne=e=>async(n,t=0,s=0,o=!1,i=null,r=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let a=6;const c=o?2:5,f=5;for(;!navigator.onLine&&a>0;)await Q({milliseconds:1e3}),a--,e.publishEvent(w.refreshTokensAsync,{message:`wait because navigator is offline try ${a}`});const u=document.hidden,l=u?t:t+1,h=u?s+1:s;if(t>=c||s>=f)return n(null),e.publishEvent(w.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};i||(i={});const _=e.configuration,m=(g,k=null,A=null)=>de(e.configurationName,e.configuration,e.publishEvent.bind(e))(g,k,A),p=async()=>{try{let g;const k=await C(_,e.configurationName);k?g=k.getLoginParams():g=N(e.configurationName,_.storage).getLoginParams();const A={};if(g&&g.extras)for(const[E,y]of Object.entries(g.extras))y!=null&&(A[E]=y);if(i)for(const[E,y]of Object.entries(i))y!=null&&(A[E]=y);A.prompt="none",r&&(A.scope=r);const S=await m(A);return S?S.error?(n(null),e.publishEvent(w.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(S.tokens),e.publishEvent(W.eventNames.token_renewed,{}),{tokens:S.tokens,status:"LOGGED"}):(n(null),e.publishEvent(w.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(g){return console.error(g),e.publishEvent(w.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:g.message}),await ne(e)(n,l,h,o,i,r)}};try{const{status:g,tokens:k,nonce:A}=await _e(e)(_,e.configurationName,e.tokens,o);switch(g){case O.SESSION_LOST:return n(null),e.publishEvent(w.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case O.NOT_CONNECTED:return n(null),{tokens:null,status:null};case O.TOKENS_VALID:return n(k),{tokens:k,status:"LOGGED_IN"};case O.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(k),e.publishEvent(W.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:k,status:"LOGGED_IN"};case O.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(w.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case O.REQUIRE_SYNC_TOKENS:return _.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(w.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(w.refreshTokensAsync_begin,{tryNumber:t}),await p());default:{if(_.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted&&O.FORCE_REFRESH!==g)return e.publishEvent(w.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(w.refreshTokensAsync_begin,{refreshToken:k.refreshToken,status:g,tryNumber:t,backgroundTry:s}),!k.refreshToken)return await p();const S=_.client_id,E=_.redirect_uri,y=_.authority,L={..._.token_request_extras?_.token_request_extras:{}};for(const[$,T]of Object.entries(i))$.endsWith(":token_request")&&(L[$.replace(":token_request","")]=T);return await(async()=>{const $={client_id:S,redirect_uri:E,grant_type:"refresh_token",refresh_token:k.refreshToken},T=await e.initAsync(y,_.authority_configuration),d=document.hidden?1e4:3e4*10,K=T.tokenEndpoint,v={};_.demonstrating_proof_of_possession&&(v.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(k.accessToken,K,"POST"));const b=await cn(e.getFetch())(K,$,L,k,v,_.token_renew_mode,d);if(b.success){const{isValid:se,reason:Y}=pe(b.data,A.nonce,T);if(!se)return n(null),e.publishEvent(w.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${Y}`}),{tokens:null,status:"SESSION_LOST"};if(n(b.data),b.demonstratingProofOfPossessionNonce){const oe=await C(_,e.configurationName);oe?await oe.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await N(e.configurationName,_.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(w.refreshTokensAsync_end,{success:b.success}),e.publishEvent(W.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(w.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(n(null),e.publishEvent(w.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await ne(e)(n,l,h,o,i,r)})()}}}catch(g){return console.error(g),e.publishEvent(w.refreshTokensAsync_silent_error,{message:"exception",exception:g.message}),new Promise((k,A)=>{setTimeout(()=>{ne(e)(n,l,h,o,i,r).then(k).catch(A)},1e3)})}},de=(e,n,t)=>(s=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(w.silentLoginAsync_begin,{});let r="";if(o&&(s==null&&(s={}),s.state=o),i!=null&&(s==null&&(s={}),s.scope=i),s!=null)for(const[l,h]of Object.entries(s))h!=null&&(r===""?r=`?${encodeURIComponent(l)}=${encodeURIComponent(h)}`:r+=`&${encodeURIComponent(l)}=${encodeURIComponent(h)}`);const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),f=a.substring(0,c),u=document.createElement("iframe");return u.width="0px",u.height="0px",u.id=`${e}_oidc_iframe`,u.setAttribute("src",a),u.style.display="none",document.body.appendChild(u),new Promise((l,h)=>{let _=!1;const m=()=>{window.removeEventListener("message",p),u.remove(),_=!0},p=g=>{if(g.origin===f&&g.source===u.contentWindow){const k=`${e}_oidc_tokens:`,A=`${e}_oidc_error:`,S=`${e}_oidc_exception:`,E=g.data;if(E&&typeof E=="string"&&!_){if(E.startsWith(k)){const y=JSON.parse(g.data.replace(k,""));t(w.silentLoginAsync_end,{}),l(y),m()}else if(E.startsWith(A)){const y=JSON.parse(g.data.replace(A,""));t(w.silentLoginAsync_error,y),l({error:"oidc_"+y.error,tokens:null,sessionState:null}),m()}else if(E.startsWith(S)){const y=JSON.parse(g.data.replace(S,""));t(w.silentLoginAsync_error,y),h(new Error(y.error)),m()}}}};try{window.addEventListener("message",p);const g=n.silent_login_timeout;setTimeout(()=>{_||(m(),t(w.silentLoginAsync_error,{reason:"timeout"}),h(new Error("timeout")))},g)}catch(g){m(),t(w.silentLoginAsync_error,g),h(g)}})}catch(r){throw t(w.silentLoginAsync_error,r),r}},fn=(e,n,t,s,o)=>(i=null,r=void 0)=>{i={...i};const a=(f,u,l)=>de(n,t,s.bind(o))(f,u,l);return(async()=>{o.timeoutId&&R.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const u=t.extras?{...t.extras,...i}:i,l=await a({...u,prompt:"none"},f,r);if(l)return o.tokens=l.tokens,s(w.token_acquired,{}),o.timeoutId=j(o,o.tokens.expiresAt,i,r),{}}catch(u){return u}})()},_n=(e,n,t)=>(s,o,i,r=!1)=>{const a=(c,f=void 0,u=void 0)=>de(e.configurationName,t,e.publishEvent.bind(e))(c,f,u);return new Promise((c,f)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&i&&!r){const u=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const h=l.idToken,_=l.idTokenPayload;return a({prompt:"none",id_token_hint:h,scope:t.scope||"openid"}).then(m=>{if(m.error)throw new Error(m.error);const p=m.tokens.idTokenPayload;if(_.sub===p.sub){const g=m.sessionState;e.checkSessionIFrame.start(m.sessionState),_.sid===p.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",p.sub)}).catch(async m=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",m);for(const[,p]of Object.entries(n))await p.logoutOtherTabAsync(t.client_id,_.sub)})};e.checkSessionIFrame=new Ke(u,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(l=>{f(l)})}else c(null)})},dn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),hn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(t)){o=c.s;break}}let r=s;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function gn(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const yn=()=>{const{name:e,version:n}=gn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=hn(navigator);return!dn(t)},kn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(w.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await C(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=j(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,r),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(w.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(w.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(w.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=N(e.configurationName,t.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=ie(i,null,t.token_renew_mode);const r=o.getLoginParams();e.timeoutId=j(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,a),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(w.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(w.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(w.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},We=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},mn=e=>{const n=We(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},te=e=>{const n=We(e),{search:t}=n;return wn(t)},wn=e=>{const n={};let t,s,o;const i=e.split("&");for(s=0,o=i.length;s<o;s++)t=i[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},pn=(e,n,t,s,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const f=r;return r={...r},(async()=>{const l=i||o.getPath();if("state"in r||(r.state=ue(16)),t(w.loginAsync_begin,{}),r)for(const h of Object.keys(r))h.endsWith(":token_request")&&delete r[h];try{const h=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const _=n.extras?{...n.extras,...r}:r;_.nonce||(_.nonce=ue(12));const m={nonce:_.nonce},p=await C(n,e),g=await s(n.authority,n.authority_configuration);let k;if(p)p.setLoginParams({callbackPath:l,extras:f,scope:c}),await p.initAsync(g,"loginAsync",n),await p.setNonceAsync(m),p.startKeepAliveServiceWorker(),k=p;else{const S=N(e,n.storage??sessionStorage);S.setLoginParams({callbackPath:l,extras:f,scope:c}),await S.setNonceAsync(m),k=S}const A={client_id:n.client_id,redirect_uri:h,scope:c,response_type:"code",..._};await ln(k,o)(g.authorizationEndpoint,A)}catch(h){throw t(w.loginAsync_error,h),h}})()},An=e=>async(n=!1)=>{try{e.publishEvent(w.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,i=t.authority,r=t.token_request_timeout,a=await e.initAsync(i,t.authority_configuration),c=e.location.getCurrentHref(),f=te(c),u=f.session_state,l=await C(t,e.configurationName);let h,_,m,p;if(l)await l.initAsync(a,"loginCallbackAsync",t),await l.setSessionStateAsync(u),_=await l.getNonceAsync(),m=l.getLoginParams(),p=await l.getStateAsync(),l.startKeepAliveServiceWorker(),h=l;else{const T=N(e.configurationName,t.storage??sessionStorage);await T.setSessionStateAsync(u),_=await T.getNonceAsync(),m=T.getLoginParams(),p=await T.getStateAsync(),h=T}if(f.error||f.error_description)throw new Error(`Error from OIDC server: ${f.error} - ${f.error_description}`);if(f.iss&&f.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${f.iss})`);if(f.state&&f.state!==p)throw new Error(`State not valid (expected: ${p}, received: ${f.state})`);const g={code:f.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},k={};if(t.token_request_extras)for(const[T,d]of Object.entries(t.token_request_extras))k[T]=d;if(m?.extras)for(const[T,d]of Object.entries(m.extras))T.endsWith(":token_request")&&(k[T.replace(":token_request","")]=d);const A=a.tokenEndpoint,S={};if(t.demonstrating_proof_of_possession)if(l)S.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const T=await en(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await N(e.configurationName,t.storage).setDemonstratingProofOfPossessionJwkAsync(T),S.DPoP=await be(window)(t.demonstrating_proof_of_possession_configuration)(T,"POST",A)}const E=await un(h)(A,{...g,...k},S,e.configuration.token_renew_mode,r);if(!E.success)throw new Error("Token request failed");let y;const x=E.data.tokens,L=E.data.demonstratingProofOfPossessionNonce;if(E.data.state!==k.state)throw new Error("state is not valid");const{isValid:q,reason:$}=pe(x,_.nonce,a);if(!q)throw new Error(`Tokens are not OpenID valid, reason: ${$}`);if(l){if(x.refreshToken&&!x.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(L&&x?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(a,"syncTokensAsync",t),y=l.getLoginParams(),L&&await l.setDemonstratingProofOfPossessionNonce(L);else{const T=N(e.configurationName,t.storage);y=T.getLoginParams(),L&&await T.setDemonstratingProofOfPossessionNonce(L)}return await e.startCheckSessionAsync(a.checkSessionIframe,s,u,n),e.publishEvent(w.loginCallbackAsync_end,{}),{tokens:x,state:"request.state",callbackPath:y.callbackPath,scope:f.scope,extras:y.extras}}catch(t){throw console.error(t),e.publishEvent(w.loginCallbackAsync_error,t),t}},Le={access_token:"access_token",refresh_token:"refresh_token"},he=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const i=s.replace(n,"");t[i]=o}return t}return t},Sn=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},Tn=e=>async n=>{R.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await C(e.configuration,e.configurationName);t?await t.clearAsync(n):await N(e.configurationName,e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},vn=(e,n,t,s,o)=>async(i=void 0,r=null)=>{const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,s.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let u=!1;i&&(u=i.includes("https://")||i.includes("http://"));const l=u?i:o.getOrigin()+f,h=e.tokens?e.tokens.idToken:"";try{const k=c.revocationEndpoint;if(k){const A=[],S=e.tokens?e.tokens.accessToken:null;if(S&&a.logout_tokens_to_invalidate.includes(Le.access_token)){const y=he(r,":revoke_access_token"),x=Ne(t)(k,S,fe.access_token,a.client_id,y);A.push(x)}const E=e.tokens?e.tokens.refreshToken:null;if(E&&a.logout_tokens_to_invalidate.includes(Le.refresh_token)){const y=he(r,":revoke_refresh_token"),x=Ne(t)(k,E,fe.refresh_token,a.client_id,y);A.push(x)}A.length>0&&await Promise.all(A)}}catch(k){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(k)}const _=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync("LOGGED_OUT");for(const[,k]of Object.entries(n))k!==e?await e.logoutSameTabAsync(e.configuration.client_id,_):e.publishEvent(w.logout_from_same_tab,{});const m=he(r,":oidc");if(m&&m.no_reload==="true")return;const g=Sn(r);if(c.endSessionEndpoint){"id_token_hint"in g||(g.id_token_hint=h),!("post_logout_redirect_uri"in g)&&i!==null&&(g.post_logout_redirect_uri=l);let k="";for(const[A,S]of Object.entries(g))S!=null&&(k===""?k+="?":k+="&",k+=`${A}=${encodeURIComponent(S)}`);o.open(`${c.endSessionEndpoint}${k}`)}else o.reload()},De=(e,n,t=!1)=>async(...s)=>{const[o,i,...r]=s,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const f={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:_}=await _e(n)(n.configuration,n.configurationName,n.tokens,!1);return _},renewTokensAsync:n.renewTokensAsync.bind(n)},l=(await we(f))?.tokens?.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(n.configuration.demonstrating_proof_of_possession&&t){const _=await n.generateDemonstrationOfProofOfPossessionAsync(l,o.toString(),a.method);c.set("Authorization",`DPoP ${l}`),c.set("DPoP",_)}else c.set("Authorization",`Bearer ${l}`);a.credentials||(a.credentials="same-origin")}const h={...a,headers:c};return await e(o,h,...r)},En=e=>async(n=!1,t=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const s=!n&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(s)return e.userInfo=JSON.parse(s),e.userInfo;const o=e.configuration,r=(await e.initAsync(o.authority,o.authority_configuration)).userInfoEndpoint,c=await(async()=>{const u=await De(fetch,e,t)(r);return u.status!==200?null:u.json()})();return e.userInfo=c,c&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(c)),c},Re=()=>fetch;class ge{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const U={},On=(e,n=new D)=>(t,s="default")=>(U[s]||(U[s]=new W(t,s,e,n)),U[s]),bn=async e=>{const{parsedTokens:n,callbackPath:t,extras:s,scope:o}=await e.loginCallbackAsync();return e.timeoutId=j(e,n.expiresAt,s,o),{callbackPath:t}},Pn=e=>Math.floor(Math.random()*e),G=class G{constructor(n,t="default",s,o=new D){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new D,this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??F.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_activate:n.service_worker_activate??yn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Xe,preload_user_info:n.preload_user_info??!1},this.getFetch=s??Re,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=Pn(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(U,n)&&t)throw Error(`OIDC library does seem initialized.
-Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return U[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=te(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=te(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new ge({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const i=await C(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await an(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??3600,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=kn(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,t,s,o=!1){await _n(this,U,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=fn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):this.loginPromise=pn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await An(this)(n),o=s.tokens;return this.tokens=o,await C(this.configuration,this.configurationName)||N(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(G.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath,scope:s.scope,extras:s.extras}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const i=this.configuration,r={ath:await Ie(n),...o};if(await C(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Te(this.configurationName)}`;const c=N(this.configurationName,i.storage),f=await c.getDemonstratingProofOfPossessionJwkAsync(),u=c.getDemonstratingProofOfPossessionNonce();return u&&(r.nonce=u),await be(window)(i.demonstrating_proof_of_possession_configuration)(f,s,t,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=bn(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,t=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=En(this)(n,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return R.clearTimeout(this.timeoutId),this.renewTokensPromise=xe(this,!0,n,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await Tn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(w.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(w.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=vn(this,U,this.getFetch(),console,this.location)(n,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};G.getOrCreate=(n,t)=>(s,o="default")=>On(n,t)(s,o),G.eventNames=w;let W=G;const B=class B{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new B(W.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,t,s,o,i)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,t=null){return this._oidc.renewTokensAsync(n,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){const s=this._oidc,o={getTokens:()=>s.tokens,configuration:{token_automatic_renew_mode:s.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:s.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:i}=await _e(s)(s.configuration,s.configurationName,s.tokens,!1);return i},renewTokensAsync:s.renewTokensAsync.bind(s)};return we(o,n,t)}fetchWithTokens(n,t=!1){return De(n,this._oidc,t)}async userInfoAsync(n=!1,t=!1){return this._oidc.userInfoAsync(n,t)}userInfo(){return this._oidc.userInfo}};B.getOrCreate=(n,t=new D)=>(s,o="default")=>new B(W.getOrCreate(n,t)(s,o)),B.eventNames=W.eventNames;let ye=B;I.OidcClient=ye,I.OidcLocation=D,I.TokenAutomaticRenewMode=F,I.TokenRenewMode=X,I.getFetchDefault=Re,I.getParseQueryStringFromLocation=te,I.getPath=mn,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})}));
+(function(C,D){typeof exports=="object"&&typeof module<"u"?D(exports):typeof define=="function"&&define.amd?define(["exports"],D):(C=typeof globalThis<"u"?globalThis:C||self,D(C["oidc-client"]={}))})(this,(function(C){"use strict";class D{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const ke=2e3,V=console;class Ke{constructor(n,t,s,o=ke,i=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||ke,this._stopOnError=i;const r=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(V.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(V.debug(n),V.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):V.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){V.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(V.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const k={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},x=(e,n=sessionStorage,t)=>{const s=t??n,o=w=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:w}),delete n[`oidc.${e}.userInfo`],t&&t!==n&&(delete s[`oidc.login.${e}`],delete s[`oidc.state.${e}`],delete s[`oidc.code_verifier.${e}`],delete s[`oidc.nonce.${e}`]),Promise.resolve()),i=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const w=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:w.tokens,status:w.status})},r=w=>{n[`oidc.${e}`]=JSON.stringify({tokens:w})},a=async w=>{n[`oidc.session_state.${e}`]=w},c=async()=>n[`oidc.session_state.${e}`],f=w=>{s[`oidc.nonce.${e}`]=w.nonce},u=w=>{n[`oidc.jwk.${e}`]=JSON.stringify(w)},l=()=>JSON.parse(n[`oidc.jwk.${e}`]),h=async()=>({nonce:s[`oidc.nonce.${e}`]}),_=async w=>{n[`oidc.dpop_nonce.${e}`]=w},m=()=>n[`oidc.dpop_nonce.${e}`],p=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:o,initAsync:i,setTokens:r,getTokens:p,setSessionStateAsync:a,getSessionStateAsync:c,setNonceAsync:f,getNonceAsync:h,setLoginParams:w=>{g[e]=w,s[`oidc.login.${e}`]=JSON.stringify(w)},getLoginParams:()=>{const w=s[`oidc.login.${e}`];return w?(g[e]||(g[e]=JSON.parse(w)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>s[`oidc.state.${e}`],setStateAsync:async w=>{s[`oidc.state.${e}`]=w},getCodeVerifierAsync:async()=>s[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async w=>{s[`oidc.code_verifier.${e}`]=w},setDemonstratingProofOfPossessionNonce:_,getDemonstratingProofOfPossessionNonce:m,setDemonstratingProofOfPossessionJwkAsync:u,getDemonstratingProofOfPossessionJwkAsync:l}};var F=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(F||{});const Ue=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Ve=e=>JSON.parse(Ue(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),me=e=>{try{return e&&Fe(e,".")===2?Ve(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Fe=(e,n)=>e.split(n).length-1,X={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Me(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const ie=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=me(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:me(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=Me(e,s,r);let f;e.expiresAt?f=e.expiresAt:t===X.access_token_invalid?f=c:t===X.id_token_invalid?f=a:f=a<c?a:c;const u={...e,idTokenPayload:r,accessTokenPayload:s,expiresAt:f,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...u,refreshToken:l}}return u},re=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),ie(s,n,t)},J=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},Be=(e,n=0)=>e?J(n,e.expiresAt)>0:!1,we=async(e,n=200,t=50)=>{let s=t,o=await e.syncTokensInfoAsync();for(;[b.REQUIRE_SYNC_TOKENS,b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,b.TOKENS_INVALID].includes(o)&&s>0;){if(e.configuration.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await Q({milliseconds:n});s=s-1,o=await e.syncTokensInfoAsync()}return{isTokensValid:Be(e.getTokens()),tokens:e.getTokens(),numberWaited:s-t}},pe=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const i=3600*24*7;if(s.iat&&s.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+i} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},$=(function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),ae="7.27.0";let Ae=null,z;const Q=({milliseconds:e})=>new Promise(n=>$.setTimeout(n,e)),Se=(e="/")=>{try{z=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:z.signal}).catch(s=>{console.log(s)}),Q({milliseconds:150*1e3}).then(()=>Se(e))}catch(n){console.log(n)}},Z=()=>{z&&z.abort()},Te=e=>{const n=`oidc.tabId.${e}`,t=sessionStorage.getItem(n);if(t)return t;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(n,s),s},Je=5e3,He=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,I=(e,n)=>t=>{const s=n?.timeoutMs??Je;return new Promise((o,i)=>{const r=He(e);if(!r){i(new Error("Service worker target not available (controller/active/waiting/installing missing)"));return}const a=new MessageChannel;let c=null;const f=()=>{try{c!=null&&($.clearTimeout(c),c=null),a.port1.onmessage=null,a.port1.close(),a.port2.close()}catch(u){console.error(u)}};c=$.setTimeout(()=>{f(),i(new Error(`Service worker did not respond within ${s}ms (type=${t?.type})`))},s),a.port1.onmessage=u=>{f(),u?.data?.error?i(u.data.error):o(u.data)};try{const u=t?.configurationName;r.postMessage({...t,tabId:Te(u??"default")},[a.port2])}catch(u){f(),i(u)}})},je=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(n=>{let t=!1;const s=()=>{t||(t=!0,navigator.serviceWorker.removeEventListener("controllerchange",s),n(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener("controllerchange",s),$.setTimeout(()=>{t||(t=!0,navigator.serviceWorker.removeEventListener("controllerchange",s),n(navigator.serviceWorker.controller??null))},e)}),W=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;const s=`${t}?v=${ae}`;let o=null;e.service_worker_register?o=await e.service_worker_register(t):o=await navigator.serviceWorker.register(s,{updateViaCache:"none"});const i=`oidc.sw.version_mismatch_reload.${n}`,r=async()=>{Z(),console.log("New SW waiting – SKIP_WAITING");try{await I(o,{timeoutMs:8e3})({type:"SKIP_WAITING",configurationName:n,data:null})}catch(d){console.warn("SKIP_WAITING failed",d)}},a=d=>{Z(),d.addEventListener("statechange",async()=>{d.state==="installed"&&navigator.serviceWorker.controller&&await r()})};o.addEventListener("updatefound",()=>{const d=o.installing;d&&a(d)}),o.installing?a(o.installing):o.waiting&&navigator.serviceWorker.controller&&r();try{await o.update()}catch(d){console.error(d)}const c=`oidc.sw.controllerchange.reloaded.${n}`;navigator.serviceWorker.addEventListener("controllerchange",()=>{try{if(sessionStorage.getItem(c)==="1")return;sessionStorage.setItem(c,"1")}catch{}console.log("SW controller changed – reloading page"),Z(),window.location.reload()});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await I(o,{timeoutMs:8e3})({type:"claim",configurationName:n,data:null}),await je(2e3))}catch(d){return console.warn(`Failed init ServiceWorker ${d?.toString?.()??String(d)}`),null}const f=async d=>I(o)({type:"clear",data:{status:d},configurationName:n}),u=async(d,K,E)=>{const P=await I(o)({type:"init",data:{oidcServerConfiguration:d,where:K,oidcConfiguration:{token_renew_mode:E.token_renew_mode,service_worker_convert_all_requests_to_cors:E.service_worker_convert_all_requests_to_cors}},configurationName:n}),se=P.version;if(se!==ae){console.warn(`Service worker ${se} version mismatch with js client version ${ae}, unregistering and reloading`);const Y=parseInt(sessionStorage.getItem(i)??"0",10);if(Y<3)if(sessionStorage.setItem(i,String(Y+1)),o.waiting)await r();else{Z();try{await o.update()}catch(Re){console.error(Re)}const oe=await o.unregister();console.log(`Service worker unregistering ${oe}`),await Q({milliseconds:2e3}),window.location.reload()}else console.error(`Service worker version mismatch persists after ${Y} attempt(s). Continuing with mismatched version.`),sessionStorage.removeItem(i)}else sessionStorage.removeItem(i);return{tokens:re(P.tokens,null,E.token_renew_mode),status:P.status}},l=(d="/")=>{Ae==null&&(Ae="not_null",Se(d))},h=d=>I(o)({type:"setSessionState",data:{sessionState:d},configurationName:n}),_=async()=>(await I(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,m=d=>(sessionStorage[`oidc.nonce.${n}`]=d.nonce,I(o)({type:"setNonce",data:{nonce:d},configurationName:n})),p=async(d=!0)=>{let E=(await I(o)({type:"getNonce",data:null,configurationName:n})).nonce;return E||(E=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage"),d&&(await m(E),E=(await p(!1)).nonce)),{nonce:E}},g={},y=d=>{g[n]=d,localStorage[`oidc.login.${n}`]=JSON.stringify(d)},A=()=>{const d=localStorage[`oidc.login.${n}`];return g[n]||(g[n]=JSON.parse(d)),g[n]},S=async d=>{await I(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:d},configurationName:n})},O=async()=>(await I(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,T=async d=>{const K=JSON.stringify(d);await I(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:K},configurationName:n})},N=async()=>{const d=await I(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return d.demonstratingProofOfPossessionJwkJson?JSON.parse(d.demonstratingProofOfPossessionJwkJson):null},w=async(d=!0)=>{let E=(await I(o)({type:"getState",data:null,configurationName:n})).state;return E||(E=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage"),d&&(await q(E),E=await w(!1))),E},q=async d=>(sessionStorage[`oidc.state.${n}`]=d,I(o)({type:"setState",data:{state:d},configurationName:n})),R=async(d=!0)=>{let E=(await I(o)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return E||(E=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage"),d&&(await v(E),E=await R(!1))),E},v=async d=>(sessionStorage[`oidc.code_verifier.${n}`]=d,I(o)({type:"setCodeVerifier",data:{codeVerifier:d},configurationName:n}));return{clearAsync:f,initAsync:u,startKeepAliveServiceWorker:()=>l(e.service_worker_keep_alive_path),setSessionStateAsync:h,getSessionStateAsync:_,setNonceAsync:m,getNonceAsync:p,setLoginParams:y,getLoginParams:A,getStateAsync:w,setStateAsync:q,getCodeVerifierAsync:R,setCodeVerifierAsync:v,setDemonstratingProofOfPossessionNonce:S,getDemonstratingProofOfPossessionNonce:O,setDemonstratingProofOfPossessionJwkAsync:T,getDemonstratingProofOfPossessionJwkAsync:N}},M={},Ge=(e,n=window.sessionStorage,t)=>{if(!M[e]&&n){const o=n.getItem(e);o&&(M[e]=JSON.parse(o))}const s=1e3*t;return M[e]&&M[e].timestamp+s>Date.now()?M[e].result:null},qe=(e,n,t=window.sessionStorage)=>{const s=Date.now();M[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function ve(e){return new TextEncoder().encode(e)}function Ee(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function Ye(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const ce=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),Ee(n)};function Oe(e){return Ee(Ye(e))}const Xe={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},ze={sign:e=>async(n,t,s,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=i,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:Oe(JSON.stringify(t)),payload:Oe(JSON.stringify(s))},a=o.importKeyAlgorithm,c=!0,f=["sign"],u=await e.crypto.subtle.importKey("jwk",n,a,c,f),l=ve(`${r.protected}.${r.payload}`),h=o.signAlgorithm,_=await e.crypto.subtle.sign(h,u,l);return r.signature=ce(new Uint8Array(_)),`${r.protected}.${r.payload}.${r.signature}`}},Qe={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},Ze={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,ve(s));return ce(new Uint8Array(o))}},en=e=>async n=>await Qe.generate(e)(n),be=e=>n=>async(t,s="POST",o,i={})=>{const r={jti:btoa(nn()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await Ze.thumbprint(e)(t,n.digestAlgorithm);return await ze.sign(e)(t,{kid:a},r,n)},nn=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Pe=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},le="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",tn=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%le.length;n.push(le[s])}return n.join("")},ue=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Pe();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*le.length|0;return tn(n)};function sn(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function Ie(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",sn(e)).then(s=>n(ce(new Uint8Array(s))),s=>t(s))})}const on=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Pe();return n?Ie(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},rn=3600,an=e=>async(n,t=rn,s=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=Ge(r,s,t);if(a)return new he(a);const c=await H(e)(i,{},o);if(c.status!==200)return null;const f=await c.json();return qe(r,f,s),new he(f)},H=e=>async(n,t={},s=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),s),i=await e(n,{...t,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await H(e)(n,t,s,o+1);throw r}else throw console.error(r.message),r}return i},_e={refresh_token:"refresh_token",access_token:"access_token"},Ne=e=>async(n,t,s=_e.refresh_token,o,i={},r=1e4)=>{const a={token:t,token_type_hint:s,client_id:o};for(const[l,h]of Object.entries(i))a[l]===void 0&&(a[l]=h);const c=[];for(const l in a){const h=encodeURIComponent(l),_=encodeURIComponent(a[l]);c.push(`${h}=${_}`)}const f=c.join("&");return(await H(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:f},r)).status!==200?{success:!1}:{success:!0}},cn=e=>async(n,t,s,o,i={},r,a=1e4)=>{for(const[_,m]of Object.entries(s))t[_]===void 0&&(t[_]=m);const c=[];for(const _ in t){const m=encodeURIComponent(_),p=encodeURIComponent(t[_]);c.push(`${m}=${p}`)}const f=c.join("&"),u=await H(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},a);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};const l=await u.json();let h=null;return u.headers.has(ee)&&(h=u.headers.get(ee)),{success:!0,status:u.status,data:re(l,o,r),demonstratingProofOfPossessionNonce:h}},ln=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=ue(128),i=await on(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=i,s.code_challenge_method="S256";let r="";if(s)for(const[a,c]of Object.entries(s))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${t}${r}`)},ee="DPoP-Nonce",un=e=>async(n,t,s,o,i=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const l in t){const h=encodeURIComponent(l),_=encodeURIComponent(t[l]);r.push(`${h}=${_}`)}const a=r.join("&"),c=await H(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let f=null;c.headers.has(ee)&&(f=c.headers.get(ee));const u=await c.json();return{success:!0,data:{state:t.state,tokens:re(u,null,o),demonstratingProofOfPossessionNonce:f}}};async function Ce(e,n,t,s=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await ne(e)(o,0,0,n,t,s);return await W(e.configuration,e.configurationName)||x(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function xe(e,n=!1,t=null,s=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await W(e.configuration,e.configurationName);if(o?.storage===window?.sessionStorage&&!a||!navigator.locks)r=await Ce(e,n,t,s);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async f=>f?await Ce(e,n,t,s):(e.publishEvent(L.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=j(e,e.tokens.expiresAt,t,s)),e.tokens):null}const j=(e,n,t=null,s=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&$.clearTimeout(e.timeoutId),$.setTimeout(async()=>{const r={timeLeft:J(o,n)};e.publishEvent(L.eventNames.token_timer,r),await xe(e,!1,t,s)},1e3)},b={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS",TOKENS_INVALID:"TOKENS_INVALID"},fe=e=>async(n,t,s,o=!1)=>{const i={nonce:null};if(!s)return{tokens:null,status:b.NOT_CONNECTED,nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await W(n,t);if(c){const{status:l,tokens:h}=await c.initAsync(a,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:b.LOGOUT_FROM_ANOTHER_TAB,nonce:i};if(l==="SESSIONS_LOST")return{tokens:null,status:b.SESSION_LOST,nonce:i};if(!l||!h)return{tokens:null,status:b.REQUIRE_SYNC_TOKENS,nonce:i};if(h.issuedAt!==s.issuedAt){const m=J(n.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,p=await c.getNonceAsync();return{tokens:h,status:m,nonce:p}}r=await c.getNonceAsync()}else{const l=x(t,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage),h=await l.initAsync();let{tokens:_}=h;const{status:m}=h;if(_&&(_=ie(_,e.tokens,n.token_renew_mode)),_){if(m==="SESSIONS_LOST")return{tokens:null,status:b.SESSION_LOST,nonce:i};if(_.issuedAt!==s.issuedAt){const g=J(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,y=await l.getNonceAsync();return{tokens:_,status:g,nonce:y}}}else return{tokens:null,status:b.LOGOUT_FROM_ANOTHER_TAB,nonce:i};r=await l.getNonceAsync()}const u=J(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:r}:{tokens:s,status:u,nonce:r}},ne=e=>async(n,t=0,s=0,o=!1,i=null,r=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let a=6;const c=o?2:5,f=5;for(;!navigator.onLine&&a>0;)await Q({milliseconds:1e3}),a--,e.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is offline try ${a}`});const u=document.hidden,l=u?t:t+1,h=u?s+1:s;if(t>=c||s>=f)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};i||(i={});const _=e.configuration,m=(g,y=null,A=null)=>de(e.configurationName,e.configuration,e.publishEvent.bind(e))(g,y,A),p=async()=>{try{let g;const y=await W(_,e.configurationName);y?g=y.getLoginParams():g=x(e.configurationName,_.storage,_.login_state_storage??_.storage).getLoginParams();const A={};if(g&&g.extras)for(const[O,T]of Object.entries(g.extras))T!=null&&(A[O]=T);if(i)for(const[O,T]of Object.entries(i))T!=null&&(A[O]=T);A.prompt="none",r&&(A.scope=r);const S=await m(A);return S?S.error?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(S.tokens),e.publishEvent(L.eventNames.token_renewed,{}),{tokens:S.tokens,status:"LOGGED"}):(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(g){return console.error(g),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:g.message}),await ne(e)(n,l,h,o,i,r)}};try{const{status:g,tokens:y,nonce:A}=await fe(e)(_,e.configurationName,e.tokens,o);switch(g){case b.SESSION_LOST:return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case b.NOT_CONNECTED:return n(null),{tokens:null,status:null};case b.TOKENS_VALID:return n(y),{tokens:y,status:"LOGGED_IN"};case b.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(y),e.publishEvent(L.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:y,status:"LOGGED_IN"};case b.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(k.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case b.REQUIRE_SYNC_TOKENS:return _.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(k.refreshTokensAsync_begin,{tryNumber:t}),await p());default:{if(_.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted&&b.FORCE_REFRESH!==g)return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(k.refreshTokensAsync_begin,{refreshToken:y.refreshToken,status:g,tryNumber:t,backgroundTry:s}),!y.refreshToken)return await p();const S=_.client_id,O=_.redirect_uri,T=_.authority,w={..._.token_request_extras?_.token_request_extras:{}};for(const[R,v]of Object.entries(i))R.endsWith(":token_request")&&(w[R.replace(":token_request","")]=v);return await(async()=>{const R={client_id:S,redirect_uri:O,grant_type:"refresh_token",refresh_token:y.refreshToken},v=await e.initAsync(T,_.authority_configuration),d=document.hidden?1e4:3e4*10,K=v.tokenEndpoint,E={};_.demonstrating_proof_of_possession&&(E.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(y.accessToken,K,"POST"));const P=await cn(e.getFetch())(K,R,w,y,E,_.token_renew_mode,d);if(P.success){const{isValid:se,reason:Y}=pe(P.data,A.nonce,v);if(!se)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${Y}`}),{tokens:null,status:"SESSION_LOST"};if(n(P.data),P.demonstratingProofOfPossessionNonce){const oe=await W(_,e.configurationName);oe?await oe.setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce):await x(e.configurationName,_.storage,_.login_state_storage??_.storage).setDemonstratingProofOfPossessionNonce(P.demonstratingProofOfPossessionNonce)}return e.publishEvent(k.refreshTokensAsync_end,{success:P.success}),e.publishEvent(L.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:P.data,status:"LOGGED_IN"}}else return e.publishEvent(k.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:P}),P.status>=400&&P.status<500?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`session lost: ${P.status}`}),{tokens:null,status:"SESSION_LOST"}):await ne(e)(n,l,h,o,i,r)})()}}}catch(g){return console.error(g),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exception",exception:g.message}),new Promise((y,A)=>{setTimeout(()=>{ne(e)(n,l,h,o,i,r).then(y).catch(A)},1e3)})}},de=(e,n,t)=>(s=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(k.silentLoginAsync_begin,{});let r="";if(o&&(s==null&&(s={}),s.state=o),i!=null&&(s==null&&(s={}),s.scope=i),s!=null)for(const[l,h]of Object.entries(s))h!=null&&(r===""?r=`?${encodeURIComponent(l)}=${encodeURIComponent(h)}`:r+=`&${encodeURIComponent(l)}=${encodeURIComponent(h)}`);const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),f=a.substring(0,c),u=document.createElement("iframe");return u.width="0px",u.height="0px",u.id=`${e}_oidc_iframe`,u.setAttribute("src",a),u.style.display="none",document.body.appendChild(u),new Promise((l,h)=>{let _=!1;const m=()=>{window.removeEventListener("message",p),u.remove(),_=!0},p=g=>{if(g.origin===f&&g.source===u.contentWindow){const y=`${e}_oidc_tokens:`,A=`${e}_oidc_error:`,S=`${e}_oidc_exception:`,O=g.data;if(O&&typeof O=="string"&&!_){if(O.startsWith(y)){const T=JSON.parse(g.data.replace(y,""));t(k.silentLoginAsync_end,{}),l(T),m()}else if(O.startsWith(A)){const T=JSON.parse(g.data.replace(A,""));t(k.silentLoginAsync_error,T),l({error:"oidc_"+T.error,tokens:null,sessionState:null}),m()}else if(O.startsWith(S)){const T=JSON.parse(g.data.replace(S,""));t(k.silentLoginAsync_error,T),h(new Error(T.error)),m()}}}};try{window.addEventListener("message",p);const g=n.silent_login_timeout;setTimeout(()=>{_||(m(),t(k.silentLoginAsync_error,{reason:"timeout"}),h(new Error("timeout")))},g)}catch(g){m(),t(k.silentLoginAsync_error,g),h(g)}})}catch(r){throw t(k.silentLoginAsync_error,r),r}},_n=(e,n,t,s,o)=>(i=null,r=void 0)=>{i={...i};const a=(f,u,l)=>de(n,t,s.bind(o))(f,u,l);return(async()=>{o.timeoutId&&$.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const u=t.extras?{...t.extras,...i}:i,l=await a({...u,prompt:"none"},f,r);if(l)return o.tokens=l.tokens,s(k.token_acquired,{}),o.timeoutId=j(o,o.tokens.expiresAt,i,r),{}}catch(u){return u}})()},fn=(e,n,t)=>(s,o,i,r=!1)=>{const a=(c,f=void 0,u=void 0)=>de(e.configurationName,t,e.publishEvent.bind(e))(c,f,u);return new Promise((c,f)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&i&&!r){const u=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const h=l.idToken,_=l.idTokenPayload;return a({prompt:"none",id_token_hint:h,scope:t.scope||"openid"}).then(m=>{if(m.error)throw new Error(m.error);const p=m.tokens.idTokenPayload;if(_.sub===p.sub){const g=m.sessionState;e.checkSessionIFrame.start(m.sessionState),_.sid===p.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",p.sub)}).catch(async m=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",m);for(const[,p]of Object.entries(n))await p.logoutOtherTabAsync(t.client_id,_.sub)})};e.checkSessionIFrame=new Ke(u,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(l=>{f(l)})}else c(null)})},dn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),gn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(t)){o=c.s;break}}let r=s;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function hn(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const yn=()=>{const{name:e,version:n}=hn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=gn(navigator);return!dn(t)},kn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(k.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await W(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=j(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,r),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(k.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=x(e.configurationName,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=ie(i,null,t.token_renew_mode);const r=o.getLoginParams();e.timeoutId=j(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,a),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},We=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},mn=e=>{const n=We(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},te=e=>{const n=We(e),{search:t}=n;return wn(t)},wn=e=>{const n={};let t,s,o;const i=e.split("&");for(s=0,o=i.length;s<o;s++)t=i[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},pn=(e,n,t,s,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const f=r;return r={...r},(async()=>{const l=i||o.getPath();if("state"in r||(r.state=ue(16)),t(k.loginAsync_begin,{}),r)for(const h of Object.keys(r))h.endsWith(":token_request")&&delete r[h];try{const h=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const _=n.extras?{...n.extras,...r}:r;_.nonce||(_.nonce=ue(12));const m={nonce:_.nonce},p=await W(n,e),g=await s(n.authority,n.authority_configuration);let y;if(p)p.setLoginParams({callbackPath:l,extras:f,scope:c}),await p.initAsync(g,"loginAsync",n),await p.setNonceAsync(m),p.startKeepAliveServiceWorker(),y=p;else{const S=x(e,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage);S.setLoginParams({callbackPath:l,extras:f,scope:c}),await S.setNonceAsync(m),y=S}const A={client_id:n.client_id,redirect_uri:h,scope:c,response_type:"code",..._};await ln(y,o)(g.authorizationEndpoint,A)}catch(h){throw t(k.loginAsync_error,h),h}})()},An=e=>async(n=!1)=>{try{e.publishEvent(k.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,i=t.authority,r=t.token_request_timeout,a=await e.initAsync(i,t.authority_configuration),c=e.location.getCurrentHref(),f=te(c),u=f.session_state,l=await W(t,e.configurationName);let h,_,m,p;if(l)await l.initAsync(a,"loginCallbackAsync",t),await l.setSessionStateAsync(u),_=await l.getNonceAsync(),m=l.getLoginParams(),p=await l.getStateAsync(),l.startKeepAliveServiceWorker(),h=l;else{const v=x(e.configurationName,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage);await v.setSessionStateAsync(u),_=await v.getNonceAsync(),m=v.getLoginParams(),p=await v.getStateAsync(),h=v}if(f.error||f.error_description)throw new Error(`Error from OIDC server: ${f.error} - ${f.error_description}`);if(f.iss&&f.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${f.iss})`);if(f.state&&f.state!==p)throw new Error(`State not valid (expected: ${p}, received: ${f.state})`);const g={code:f.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},y={};if(t.token_request_extras)for(const[v,d]of Object.entries(t.token_request_extras))y[v]=d;if(m?.extras)for(const[v,d]of Object.entries(m.extras))v.endsWith(":token_request")&&(y[v.replace(":token_request","")]=d);const A=a.tokenEndpoint,S={};if(t.demonstrating_proof_of_possession)if(l)S.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const v=await en(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await x(e.configurationName,t.storage,t.login_state_storage??t.storage).setDemonstratingProofOfPossessionJwkAsync(v),S.DPoP=await be(window)(t.demonstrating_proof_of_possession_configuration)(v,"POST",A)}const O=await un(h)(A,{...g,...y},S,e.configuration.token_renew_mode,r);if(!O.success)throw new Error("Token request failed");let T;const N=O.data.tokens,w=O.data.demonstratingProofOfPossessionNonce;if(O.data.state!==y.state)throw new Error("state is not valid");const{isValid:q,reason:R}=pe(N,_.nonce,a);if(!q)throw new Error(`Tokens are not OpenID valid, reason: ${R}`);if(l){if(N.refreshToken&&!N.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(w&&N?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(a,"syncTokensAsync",t),T=l.getLoginParams(),w&&await l.setDemonstratingProofOfPossessionNonce(w);else{const v=x(e.configurationName,t.storage,t.login_state_storage??t.storage);T=v.getLoginParams(),w&&await v.setDemonstratingProofOfPossessionNonce(w)}return await e.startCheckSessionAsync(a.checkSessionIframe,s,u,n),e.publishEvent(k.loginCallbackAsync_end,{}),{tokens:N,state:"request.state",callbackPath:T.callbackPath,scope:f.scope,extras:T.extras}}catch(t){throw console.error(t),e.publishEvent(k.loginCallbackAsync_error,t),t}},Le={access_token:"access_token",refresh_token:"refresh_token"},ge=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const i=s.replace(n,"");t[i]=o}return t}return t},Sn=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},Tn=e=>async n=>{$.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await W(e.configuration,e.configurationName);t?await t.clearAsync(n):await x(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},vn=(e,n,t,s,o)=>async(i=void 0,r=null)=>{const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,s.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let u=!1;i&&(u=i.includes("https://")||i.includes("http://"));const l=u?i:o.getOrigin()+f,h=e.tokens?e.tokens.idToken:"";try{const y=c.revocationEndpoint;if(y){const A=[],S=e.tokens?e.tokens.accessToken:null;if(S&&a.logout_tokens_to_invalidate.includes(Le.access_token)){const T=ge(r,":revoke_access_token"),N=Ne(t)(y,S,_e.access_token,a.client_id,T);A.push(N)}const O=e.tokens?e.tokens.refreshToken:null;if(O&&a.logout_tokens_to_invalidate.includes(Le.refresh_token)){const T=ge(r,":revoke_refresh_token"),N=Ne(t)(y,O,_e.refresh_token,a.client_id,T);A.push(N)}A.length>0&&await Promise.all(A)}}catch(y){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(y)}const _=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync("LOGGED_OUT");for(const[,y]of Object.entries(n))y!==e?await e.logoutSameTabAsync(e.configuration.client_id,_):e.publishEvent(k.logout_from_same_tab,{});const m=ge(r,":oidc");if(m&&m.no_reload==="true")return;const g=Sn(r);if(c.endSessionEndpoint){"id_token_hint"in g||(g.id_token_hint=h),!("post_logout_redirect_uri"in g)&&i!==null&&(g.post_logout_redirect_uri=l);let y="";for(const[A,S]of Object.entries(g))S!=null&&(y===""?y+="?":y+="&",y+=`${A}=${encodeURIComponent(S)}`);o.open(`${c.endSessionEndpoint}${y}`)}else o.reload()},De=(e,n,t=!1)=>async(...s)=>{const[o,i,...r]=s,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const f={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:_}=await fe(n)(n.configuration,n.configurationName,n.tokens,!1);return _},renewTokensAsync:n.renewTokensAsync.bind(n)},l=(await we(f))?.tokens?.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(n.configuration.demonstrating_proof_of_possession&&t){const _=await n.generateDemonstrationOfProofOfPossessionAsync(l,o.toString(),a.method);c.set("Authorization",`DPoP ${l}`),c.set("DPoP",_)}else c.set("Authorization",`Bearer ${l}`);a.credentials||(a.credentials="same-origin")}const h={...a,headers:c};return await e(o,h,...r)},En=e=>async(n=!1,t=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const s=!n&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(s)return e.userInfo=JSON.parse(s),e.userInfo;const o=e.configuration,r=(await e.initAsync(o.authority,o.authority_configuration)).userInfoEndpoint,c=await(async()=>{const u=await De(fetch,e,t)(r);return u.status!==200?null:u.json()})();return e.userInfo=c,c&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(c)),c},$e=()=>fetch;class he{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const U={},On=(e,n=new D)=>(t,s="default")=>(U[s]||(U[s]=new L(t,s,e,n)),U[s]),bn=async e=>{const{parsedTokens:n,callbackPath:t,extras:s,scope:o}=await e.loginCallbackAsync();return e.timeoutId=j(e,n.expiresAt,s,o),{callbackPath:t}},Pn=e=>Math.floor(Math.random()*e),G=class G{constructor(n,t="default",s,o=new D){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new D,this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??F.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??X.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_activate:n.service_worker_activate??yn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??Xe,preload_user_info:n.preload_user_info??!1},this.getFetch=s??$e,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=Pn(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(U,n)&&t)throw Error(`OIDC library does seem initialized.
+Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return U[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=te(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=te(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new he({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const i=await W(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await an(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??3600,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=kn(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,t,s,o=!1){await fn(this,U,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=_n(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):this.loginPromise=pn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await An(this)(n),o=s.tokens;return this.tokens=o,await W(this.configuration,this.configurationName)||x(this.configurationName,this.configuration.storage,this.configuration.login_state_storage??this.configuration.storage).setTokens(o),this.publishEvent(G.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath,scope:s.scope,extras:s.extras}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const i=this.configuration,r={ath:await Ie(n),...o};if(await W(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Te(this.configurationName)}`;const c=x(this.configurationName,i.storage,i.login_state_storage??i.storage),f=await c.getDemonstratingProofOfPossessionJwkAsync(),u=c.getDemonstratingProofOfPossessionNonce();return u&&(r.nonce=u),await be(window)(i.demonstrating_proof_of_possession_configuration)(f,s,t,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=bn(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,t=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=En(this)(n,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return $.clearTimeout(this.timeoutId),this.renewTokensPromise=xe(this,!0,n,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await Tn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=vn(this,U,this.getFetch(),console,this.location)(n,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};G.getOrCreate=(n,t)=>(s,o="default")=>On(n,t)(s,o),G.eventNames=k;let L=G;const B=class B{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new B(L.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,t,s,o,i)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,t=null){return this._oidc.renewTokensAsync(n,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){const s=this._oidc,o={getTokens:()=>s.tokens,configuration:{token_automatic_renew_mode:s.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:s.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:i}=await fe(s)(s.configuration,s.configurationName,s.tokens,!1);return i},renewTokensAsync:s.renewTokensAsync.bind(s)};return we(o,n,t)}fetchWithTokens(n,t=!1){return De(n,this._oidc,t)}async userInfoAsync(n=!1,t=!1){return this._oidc.userInfoAsync(n,t)}userInfo(){return this._oidc.userInfo}};B.getOrCreate=(n,t=new D)=>(s,o="default")=>new B(L.getOrCreate(n,t)(s,o)),B.eventNames=L.eventNames;let ye=B;C.OidcClient=ye,C.OidcLocation=D,C.TokenAutomaticRenewMode=F,C.TokenRenewMode=X,C.getFetchDefault=$e,C.getParseQueryStringFromLocation=te,C.getPath=mn,Object.defineProperty(C,Symbol.toStringTag,{value:"Module"})}));

package/dist/initSession.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export declare const initSession: (configurationName: any, storage?: Storage) => {
+export declare const initSession: (configurationName: any, storage?: Storage, loginStateStorage?: Storage) => {
     clearAsync: (status: any) => Promise<void>;
     initAsync: () => Promise<{
         tokens: any;

package/dist/initSession.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"initSession.d.ts","sourceRoot":"","sources":["../src/initSession.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW,~~GAAI~~,sBAAiB,~~EAAE~~,iBAAwB;;;;;;;;;;;;;;;;;~~2BAqFjC~~,MAAM;;;wDAxCuB,MAAM;kDAIpB,MAAM;qDAjBD,UAAU;;CAqFnE,CAAC"}
1	+ {"version":3,"file":"initSession.d.ts","sourceRoot":"","sources":["../src/initSession.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW,GACtB,sBAAiB,EACjB,iBAAwB,EACxB,oBAAoB,OAAO;;;;;;;;;;;;;;;;;2BA8FS,MAAM;;;wDAxCuB,MAAM;kDAIpB,MAAM;qDAjBD,UAAU;;CAqFnE,CAAC"}

package/dist/initSession.spec.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=initSession.spec.d.ts.map

package/dist/initSession.spec.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"initSession.spec.d.ts","sourceRoot":"","sources":["../src/initSession.spec.ts"],"names":[],"mappings":""}

package/dist/keepSession.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"keepSession.d.ts","sourceRoot":"","sources":["../src/keepSession.ts"],"names":[],"mappings":"AAGA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAI1B,eAAO,MAAM,mBAAmB,GAAU,MAAM,IAAI,~~qBAyGnD~~,CAAC"}
1	+ {"version":3,"file":"keepSession.d.ts","sourceRoot":"","sources":["../src/keepSession.ts"],"names":[],"mappings":"AAGA,OAAO,IAAI,MAAM,QAAQ,CAAC;AAI1B,eAAO,MAAM,mBAAmB,GAAU,MAAM,IAAI,qBA6GnD,CAAC"}

package/dist/login.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../src/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,IAAI,MAAM,QAAQ,CAAC;AAI1B,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,MAAM,iBAAiB,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;AAEjG,eAAO,MAAM,iBAAiB,GAE1B,mBAAmB,MAAM,EACzB,eAAe,iBAAiB,EAChC,cAAc,CAAC,MAAM,KAAA,EAAE,GAAG,KAAA,KAAK,IAAI,EACnC,WAAW,iBAAiB,EAC5B,cAAc,cAAc,MAG5B,eAAc,MAAkB,EAChC,SAAQ,SAAgB,EACxB,wBAAsB,EACtB,QAAO,MAAkB,KACxB,OAAO,CAAC,OAAO,~~CAoEjB~~,CAAC;AAEJ,eAAO,MAAM,kBAAkB,GAC5B,MAAM,IAAI,MACJ,wBAAsB;;;;;;~~EAoL5B~~,CAAC"}
1	+ {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../src/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,IAAI,MAAM,QAAQ,CAAC;AAI1B,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,MAAM,iBAAiB,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;AAEjG,eAAO,MAAM,iBAAiB,GAE1B,mBAAmB,MAAM,EACzB,eAAe,iBAAiB,EAChC,cAAc,CAAC,MAAM,KAAA,EAAE,GAAG,KAAA,KAAK,IAAI,EACnC,WAAW,iBAAiB,EAC5B,cAAc,cAAc,MAG5B,eAAc,MAAkB,EAChC,SAAQ,SAAgB,EACxB,wBAAsB,EACtB,QAAO,MAAkB,KACxB,OAAO,CAAC,OAAO,CAwEjB,CAAC;AAEJ,eAAO,MAAM,kBAAkB,GAC5B,MAAM,IAAI,MACJ,wBAAsB;;;;;;EA6L5B,CAAC"}

package/dist/logout.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../src/logout.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,eAAO,MAAM,gBAAgB;;;CAG5B,CAAC;AA6BF,eAAO,MAAM,YAAY,GAAG,SAAI,MAAU,WAAM,~~kBAe~~/C,CAAC;AAEF,eAAO,MAAM,WAAW,GACrB,SAAI,EAAE,iBAAY,EAAE,UAAK,EAAE,YAAO,EAAE,aAAa,cAAc,MACzD,oBAAmB,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,SAAQ,SAAgB,kBA4GxF,CAAC"}
1	+ {"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../src/logout.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,eAAO,MAAM,gBAAgB;;;CAG5B,CAAC;AA6BF,eAAO,MAAM,YAAY,GAAG,SAAI,MAAU,WAAM,kBAmB/C,CAAC;AAEF,eAAO,MAAM,WAAW,GACrB,SAAI,EAAE,iBAAY,EAAE,UAAK,EAAE,YAAO,EAAE,aAAa,cAAc,MACzD,oBAAmB,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,SAAQ,SAAgB,kBA4GxF,CAAC"}

package/dist/oidc.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAW7D,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAG1D,OAAO,EAAkB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAM1D,OAAO,EACL,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EAEV,MAAM,YAAY,CAAC;AAGpB,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACxD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,qCAAqC;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CASzB;AAYD,MAAM,MAAM,aAAa,GAAG;IAC1B,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,SAAS,CAAC;CACnB,CAAC;AAYF,qBAAa,IAAI;IACR,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBAE9B,aAAa,EAAE,iBAAiB,EAChC,iBAAiB,QAAY,EAC7B,QAAQ,EAAE,MAAM,KAAK,EACrB,QAAQ,GAAE,cAAmC;IAyD/C,eAAe,CAAC,IAAI,KAAA,GAAG,MAAM;IAM7B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,UAAU,cAAc,MAC/C,kBAAa,EAAE,aAAgB,SAE9B;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAW9B,mCAAmC,CAAC,SAAS,MAAO;IAkB9C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,sBAAsB;IAsCjF,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/C,sBAAsB,CAC1B,qBAAqB,KAAA,EACrB,QAAQ,KAAA,EACR,YAAY,KAAA,EACZ,cAAc,UAAQ;IAUxB,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAQ;IAChC,UAAU,CACd,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ;IA+BzB,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACpC,kBAAkB,CAAC,aAAa,UAAQ;~~IAmCxC~~,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;~~IA0BlB~~,uCAAuC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAQ;IACvE,qCAAqC,IAAI,OAAO,CAAC,aAAa,CAAC;IAU/D,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAQ;IAUxE,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IAElC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa;IAe/D,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAe7C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAepD,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC9B,WAAW,CACf,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB;CAgB3B;AAED,eAAe,IAAI,CAAC"}
1	+ {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAW7D,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAG1D,OAAO,EAAkB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAM1D,OAAO,EACL,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EAEV,MAAM,YAAY,CAAC;AAGpB,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACxD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,qCAAqC;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CASzB;AAYD,MAAM,MAAM,aAAa,GAAG;IAC1B,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,SAAS,CAAC;CACnB,CAAC;AAYF,qBAAa,IAAI;IACR,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBAE9B,aAAa,EAAE,iBAAiB,EAChC,iBAAiB,QAAY,EAC7B,QAAQ,EAAE,MAAM,KAAK,EACrB,QAAQ,GAAE,cAAmC;IAyD/C,eAAe,CAAC,IAAI,KAAA,GAAG,MAAM;IAM7B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,UAAU,cAAc,MAC/C,kBAAa,EAAE,aAAgB,SAE9B;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAW9B,mCAAmC,CAAC,SAAS,MAAO;IAkB9C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,sBAAsB;IAsCjF,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/C,sBAAsB,CAC1B,qBAAqB,KAAA,EACrB,QAAQ,KAAA,EACR,YAAY,KAAA,EACZ,cAAc,UAAQ;IAUxB,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAQ;IAChC,UAAU,CACd,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ;IA+BzB,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACpC,kBAAkB,CAAC,aAAa,UAAQ;IAuCxC,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IA8BlB,uCAAuC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAQ;IACvE,qCAAqC,IAAI,OAAO,CAAC,aAAa,CAAC;IAU/D,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAQ;IAUxE,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IAElC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa;IAe/D,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAe7C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAepD,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC9B,WAAW,CACf,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB;CAgB3B;AAED,eAAe,IAAI,CAAC"}

package/dist/renewTokens.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"renewTokens.d.ts","sourceRoot":"","sources":["../src/renewTokens.ts"],"names":[],"mappings":"AAGA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAiD,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAIzF,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAA2B,MAAM,YAAY,CAAC;~~AAiCnF~~,wBAAsB,6BAA6B,CACjD,IAAI,KAAA,EACJ,YAAY,UAAQ,EACpB,MAAM,GAAE,SAAgB,EACxB,KAAK,GAAE,MAAa,gBAuCrB;AAED,eAAO,MAAM,eAAe,GAC1B,MAAM,IAAI,EACV,cAAS,EACT,SAAQ,SAAgB,EACxB,QAAO,MAAa,mBAarB,CAAC;AAEF,eAAO,MAAM,uBAAuB;;;;;;;;;;CAUnC,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC7B,MAAM,IAAI,MAET,eAAe,iBAAiB,EAChC,mBAAmB,MAAM,EACzB,eAAe,MAAM,EACrB,sBAAoB;;;;;;~~EAuFrB~~,CAAC"}
1	+ {"version":3,"file":"renewTokens.d.ts","sourceRoot":"","sources":["../src/renewTokens.ts"],"names":[],"mappings":"AAGA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAiD,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAIzF,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAA2B,MAAM,YAAY,CAAC;AAqCnF,wBAAsB,6BAA6B,CACjD,IAAI,KAAA,EACJ,YAAY,UAAQ,EACpB,MAAM,GAAE,SAAgB,EACxB,KAAK,GAAE,MAAa,gBAuCrB;AAED,eAAO,MAAM,eAAe,GAC1B,MAAM,IAAI,EACV,cAAS,EACT,SAAQ,SAAgB,EACxB,QAAO,MAAa,mBAarB,CAAC;AAEF,eAAO,MAAM,uBAAuB;;;;;;;;;;CAUnC,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAC7B,MAAM,IAAI,MAET,eAAe,iBAAiB,EAChC,mBAAmB,MAAM,EACzB,eAAe,MAAM,EACrB,sBAAoB;;;;;;EA2FrB,CAAC"}

package/dist/types.d.ts CHANGED Viewed

@@ -30,6 +30,7 @@ export type OidcConfiguration = {
     extras?: StringMap;
     token_request_extras?: StringMap;
     storage?: Storage;
+    login_state_storage?: Storage;
     monitor_session?: boolean;
     token_renew_mode?: string;
     logout_tokens_to_invalidate?: Array<LogoutToken>;

package/dist/types.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,KAAK,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC;AAExC,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,eAAe,CAAC;AAE3D,MAAM,MAAM,kCAAkC,GAAG,CAC/C,YAAY,EAAE,GAAG,EACjB,aAAa,EAAE,MAAM,IAAI,KACtB,OAAO,CAAC,IAAI,CAAC,CAAC;AACnB,MAAM,MAAM,qBAAqB,GAAG,CAClC,wBAAwB,EAAE,MAAM,KAC7B,OAAO,CAAC,yBAAyB,CAAC,CAAC;AACxC,MAAM,MAAM,qBAAqB,GAAG,MAAM,OAAO,CAAC;AAElD,oBAAY,uBAAuB;IACjC,8BAA8B,oCAAoC;IAClE,8BAA8B,mCAAmC;CAClE;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C,CAAC,EAAE,MAAM,CAAC;IACpD,4CAA4C,CAAC,EAAE,MAAM,CAAC;IACtD,uBAAuB,CAAC,EAAE,sBAAsB,CAAC;IACjD,+CAA+C,CAAC,EAAE,MAAM,CAAC;IACzD,0BAA0B,CAAC,EAAE,uBAAuB,CAAC;IACrD,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,uBAAuB,CAAC,EAAE,qBAAqB,CAAC;IAChD,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,uBAAuB,CAAC,EAAE,qBAAqB,CAAC;IAChD,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,2CAA2C,CAAC,EAAE,OAAO,CAAC;IACtD,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,oBAAoB,CAAC,EAAE,SAAS,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,2BAA2B,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;IACjD,iCAAiC,CAAC,EAAE,OAAO,CAAC;IAC5C,+CAA+C,CAAC,EAAE,2CAA2C,CAAC;IAC9F,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAEF,MAAM,WAAW,2CAA2C;IAC1D,oBAAoB,EAAE,qBAAqB,GAAG,cAAc,CAAC;IAC7D,eAAe,EAAE,mBAAmB,CAAC;IACrC,kBAAkB,EACd,mBAAmB,GACnB,qBAAqB,GACrB,iBAAiB,GACjB,gBAAgB,GAChB,eAAe,CAAC;IACpB,aAAa,EAAE,mBAAmB,GAAG,YAAY,GAAG,WAAW,CAAC;IAChE,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,SAAS;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,sBAAsB;IACrC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,KAAK,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC;AAExC,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,eAAe,CAAC;AAE3D,MAAM,MAAM,kCAAkC,GAAG,CAC/C,YAAY,EAAE,GAAG,EACjB,aAAa,EAAE,MAAM,IAAI,KACtB,OAAO,CAAC,IAAI,CAAC,CAAC;AACnB,MAAM,MAAM,qBAAqB,GAAG,CAClC,wBAAwB,EAAE,MAAM,KAC7B,OAAO,CAAC,yBAAyB,CAAC,CAAC;AACxC,MAAM,MAAM,qBAAqB,GAAG,MAAM,OAAO,CAAC;AAElD,oBAAY,uBAAuB;IACjC,8BAA8B,oCAAoC;IAClE,8BAA8B,mCAAmC;CAClE;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C,CAAC,EAAE,MAAM,CAAC;IACpD,4CAA4C,CAAC,EAAE,MAAM,CAAC;IACtD,uBAAuB,CAAC,EAAE,sBAAsB,CAAC;IACjD,+CAA+C,CAAC,EAAE,MAAM,CAAC;IACzD,0BAA0B,CAAC,EAAE,uBAAuB,CAAC;IACrD,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,uBAAuB,CAAC,EAAE,qBAAqB,CAAC;IAChD,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,uBAAuB,CAAC,EAAE,qBAAqB,CAAC;IAChD,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,2CAA2C,CAAC,EAAE,OAAO,CAAC;IACtD,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,oBAAoB,CAAC,EAAE,SAAS,CAAC;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,2BAA2B,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;IACjD,iCAAiC,CAAC,EAAE,OAAO,CAAC;IAC5C,+CAA+C,CAAC,EAAE,2CAA2C,CAAC;IAC9F,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B,CAAC;AAEF,MAAM,WAAW,2CAA2C;IAC1D,oBAAoB,EAAE,qBAAqB,GAAG,cAAc,CAAC;IAC7D,eAAe,EAAE,mBAAmB,CAAC;IACrC,kBAAkB,EACd,mBAAmB,GACnB,qBAAqB,GACrB,iBAAiB,GACjB,gBAAgB,GAChB,eAAe,CAAC;IACpB,aAAa,EAAE,mBAAmB,GAAG,YAAY,GAAG,WAAW,CAAC;IAChE,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,SAAS;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,sBAAsB;IACrC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB"}

package/dist/version.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-declare const _default: "7.26.8";
+declare const _default: "7.27.0";
 export default _default;
 //# sourceMappingURL=version.d.ts.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@axa-fr/oidc-client",
-  "version": "7.26.8",
+  "version": "7.27.0",
   "private": false,
   "type": "module",
   "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
     "url": "https://github.com/AxaFrance/oidc-client.git"
   },
   "dependencies": {
-    "@axa-fr/oidc-client-service-worker": "7.26.8"
+    "@axa-fr/oidc-client-service-worker": "7.27.0"
   },
   "devDependencies": {
     "@testing-library/dom": "10.4.1",

package/src/initSession.spec.ts ADDED Viewed

@@ -0,0 +1,215 @@
+import { beforeEach, describe, expect, it } from 'vitest';
+import { initSession } from './initSession';
+const makeStorage = (): Storage => {
+  const store: Record<string, string> = {};
+  return {
+    getItem: (key: string) => store[key] ?? null,
+    setItem: (key: string, value: string) => {
+      store[key] = value;
+    },
+    removeItem: (key: string) => {
+      delete store[key];
+    },
+    clear: () => {
+      for (const key of Object.keys(store)) {
+        delete store[key];
+      }
+    },
+    get length() {
+      return Object.keys(store).length;
+    },
+    key: (index: number) => Object.keys(store)[index] ?? null,
+    [Symbol.iterator]: function* () {
+      yield* Object.entries(store);
+    },
+  } as unknown as Storage;
+};
+describe('initSession', () => {
+  const configName = 'default';
+  describe('single storage (existing behaviour)', () => {
+    let storage: Storage;
+    let session: ReturnType<typeof initSession>;
+    beforeEach(() => {
+      storage = makeStorage();
+      session = initSession(configName, storage);
+    });
+    it('stores tokens in storage', () => {
+      session.setTokens({ accessToken: 'at', idToken: 'id' });
+      expect(storage[`oidc.${configName}`]).toContain('accessToken');
+    });
+    it('stores login params in same storage', () => {
+      session.setLoginParams({ callbackPath: '/callback', extras: null, scope: 'openid' });
+      expect(storage[`oidc.login.${configName}`]).toBeTruthy();
+    });
+    it('stores state in same storage', async () => {
+      await session.setStateAsync('abc123');
+      expect(storage[`oidc.state.${configName}`]).toBe('abc123');
+    });
+    it('stores code verifier in same storage', async () => {
+      await session.setCodeVerifierAsync('verifier');
+      expect(storage[`oidc.code_verifier.${configName}`]).toBe('verifier');
+    });
+    it('stores nonce in same storage', async () => {
+      await session.setNonceAsync({ nonce: 'nonce-value' });
+      expect(storage[`oidc.nonce.${configName}`]).toBe('nonce-value');
+    });
+    it('clearAsync nulls the tokens entry', async () => {
+      session.setTokens({ accessToken: 'at' });
+      await session.clearAsync('LOGGED_OUT');
+      const stored = JSON.parse(storage[`oidc.${configName}`]);
+      expect(stored.tokens).toBeNull();
+    });
+  });
+  describe('dual storage — login state in separate storage', () => {
+    let tokenStorage: Storage;
+    let loginStateStorage: Storage;
+    let session: ReturnType<typeof initSession>;
+    beforeEach(() => {
+      tokenStorage = makeStorage();
+      loginStateStorage = makeStorage();
+      session = initSession(configName, tokenStorage, loginStateStorage);
+    });
+    it('stores tokens in tokenStorage, not loginStateStorage', () => {
+      session.setTokens({ accessToken: 'at', idToken: 'id' });
+      expect(tokenStorage[`oidc.${configName}`]).toContain('accessToken');
+      expect(loginStateStorage[`oidc.${configName}`]).toBeUndefined();
+    });
+    it('stores login params in loginStateStorage, not tokenStorage', () => {
+      session.setLoginParams({ callbackPath: '/callback', extras: null, scope: 'openid' });
+      expect(loginStateStorage[`oidc.login.${configName}`]).toBeTruthy();
+      expect(tokenStorage[`oidc.login.${configName}`]).toBeUndefined();
+    });
+    it('stores state in loginStateStorage, not tokenStorage', async () => {
+      await session.setStateAsync('abc123');
+      expect(loginStateStorage[`oidc.state.${configName}`]).toBe('abc123');
+      expect(tokenStorage[`oidc.state.${configName}`]).toBeUndefined();
+    });
+    it('retrieves state from loginStateStorage', async () => {
+      await session.setStateAsync('state-value');
+      const retrieved = await session.getStateAsync();
+      expect(retrieved).toBe('state-value');
+    });
+    it('stores code verifier in loginStateStorage, not tokenStorage', async () => {
+      await session.setCodeVerifierAsync('verifier');
+      expect(loginStateStorage[`oidc.code_verifier.${configName}`]).toBe('verifier');
+      expect(tokenStorage[`oidc.code_verifier.${configName}`]).toBeUndefined();
+    });
+    it('retrieves code verifier from loginStateStorage', async () => {
+      await session.setCodeVerifierAsync('cv-value');
+      const retrieved = await session.getCodeVerifierAsync();
+      expect(retrieved).toBe('cv-value');
+    });
+    it('stores nonce in loginStateStorage, not tokenStorage', async () => {
+      await session.setNonceAsync({ nonce: 'nonce-value' });
+      expect(loginStateStorage[`oidc.nonce.${configName}`]).toBe('nonce-value');
+      expect(tokenStorage[`oidc.nonce.${configName}`]).toBeUndefined();
+    });
+    it('retrieves nonce from loginStateStorage', async () => {
+      await session.setNonceAsync({ nonce: 'nonce-value' });
+      const { nonce } = await session.getNonceAsync();
+      expect(nonce).toBe('nonce-value');
+    });
+    it('stores session_state in tokenStorage, not loginStateStorage', async () => {
+      await session.setSessionStateAsync('ss-value');
+      expect(tokenStorage[`oidc.session_state.${configName}`]).toBe('ss-value');
+      expect(loginStateStorage[`oidc.session_state.${configName}`]).toBeUndefined();
+    });
+    it('clearAsync nulls tokens in tokenStorage', async () => {
+      session.setTokens({ accessToken: 'at' });
+      await session.clearAsync('LOGGED_OUT');
+      const stored = JSON.parse(tokenStorage[`oidc.${configName}`]);
+      expect(stored.tokens).toBeNull();
+    });
+    it('clearAsync removes login state keys from loginStateStorage', async () => {
+      session.setLoginParams({ callbackPath: '/callback', extras: null, scope: 'openid' });
+      await session.setStateAsync('abc');
+      await session.setCodeVerifierAsync('verifier');
+      await session.setNonceAsync({ nonce: 'n' });
+      await session.clearAsync('LOGGED_OUT');
+      expect(loginStateStorage[`oidc.login.${configName}`]).toBeUndefined();
+      expect(loginStateStorage[`oidc.state.${configName}`]).toBeUndefined();
+      expect(loginStateStorage[`oidc.code_verifier.${configName}`]).toBeUndefined();
+      expect(loginStateStorage[`oidc.nonce.${configName}`]).toBeUndefined();
+    });
+    it('clearAsync does not remove login state from tokenStorage when storages differ', async () => {
+      tokenStorage[`oidc.login.${configName}`] = 'should-not-be-touched';
+      await session.clearAsync('LOGGED_OUT');
+      expect(tokenStorage[`oidc.login.${configName}`]).toBe('should-not-be-touched');
+    });
+  });
+  describe('two-tab isolation', () => {
+    it('two sessions sharing tokenStorage but with independent loginStateStorages do not overwrite each other', async () => {
+      const sharedTokenStorage = makeStorage();
+      const tab1LoginStorage = makeStorage();
+      const tab2LoginStorage = makeStorage();
+      const tab1 = initSession(configName, sharedTokenStorage, tab1LoginStorage);
+      const tab2 = initSession(configName, sharedTokenStorage, tab2LoginStorage);
+      await tab1.setStateAsync('state-tab1');
+      await tab2.setStateAsync('state-tab2');
+      expect(await tab1.getStateAsync()).toBe('state-tab1');
+      expect(await tab2.getStateAsync()).toBe('state-tab2');
+    });
+    it('two sessions sharing tokenStorage but with independent loginStateStorages have isolated nonces', async () => {
+      const sharedTokenStorage = makeStorage();
+      const tab1LoginStorage = makeStorage();
+      const tab2LoginStorage = makeStorage();
+      const tab1 = initSession(configName, sharedTokenStorage, tab1LoginStorage);
+      const tab2 = initSession(configName, sharedTokenStorage, tab2LoginStorage);
+      await tab1.setNonceAsync({ nonce: 'nonce-tab1' });
+      await tab2.setNonceAsync({ nonce: 'nonce-tab2' });
+      const { nonce: nonce1 } = await tab1.getNonceAsync();
+      const { nonce: nonce2 } = await tab2.getNonceAsync();
+      expect(nonce1).toBe('nonce-tab1');
+      expect(nonce2).toBe('nonce-tab2');
+    });
+    it('token updates from one tab are visible to the other via shared tokenStorage', async () => {
+      const sharedTokenStorage = makeStorage();
+      const tab1 = initSession(configName, sharedTokenStorage, makeStorage());
+      const tab2 = initSession(configName, sharedTokenStorage, makeStorage());
+      tab1.setTokens({ accessToken: 'new-at', idToken: 'new-id' });
+      const tokensJson = tab2.getTokens();
+      expect(tokensJson).not.toBeNull();
+      const parsed = JSON.parse(tokensJson!);
+      expect(parsed.tokens.accessToken).toBe('new-at');
+    });
+  });
+});