@axa-fr/oidc-client 7.27.15 → 7.27.16

package/README.md

@@ -315,11 +315,23 @@ export class OidcClient {
   static getOrCreate(getFetch: () => Fetch)(configuration: OidcConfiguration, name?: string): OidcClient;
 
   /**
-   * Retrieves an existing OidcClient instance with the specified name, or creates a new instance if it does not exist.
+   * Retrieves an existing OidcClient instance with the specified name.
+   * Since issue #1679, this returns `null` when no instance has been
+   * initialized for the given name (instead of throwing). Use
+   * `OidcClient.getOrThrow` to preserve the previous fail-fast behaviour.
    * @param name The name of the OidcClient instance to retrieve.
-   * @returns The existing OidcClient instance or a new instance with the specified name.
+   * @returns The existing OidcClient instance, or null if none exists.
    */
-  static get(name?: string): OidcClient;
+  static get(name?: string): OidcClient | null;
+
+  /**
+   * Same as `OidcClient.get` but throws an explicit error when no instance
+   * has been initialized for the given name. Useful when you want to fail
+   * fast on misconfiguration.
+   * @param name The name of the OidcClient instance to retrieve.
+   * @returns The existing OidcClient instance.
+   */
+  static getOrThrow(name?: string): OidcClient;
 
   /**
    * The names of the events supported by the Oidc class.

package/dist/index.js

@@ -990,10 +990,13 @@ var oe = () => {
 		this.getOrCreate = (e, t) => (n, r = "default") => Oe(e, t)(n, r);
 	}
 	static get(e = "default") {
-		let t = typeof process > "u";
-		if (!Object.prototype.hasOwnProperty.call(L, e) && t) throw Error(`OIDC library does seem initialized.
+		return Object.prototype.hasOwnProperty.call(L, e) ? L[e] : null;
+	}
+	static getOrThrow(e = "default") {
+		let n = t.get(e);
+		if (!n) throw Error(`OIDC library does seem initialized.
 Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> component.`);
-		return L[e];
+		return n;
 	}
 	static {
 		this.eventNames = e;
@@ -1432,7 +1435,7 @@ var W = (e, t = null, n) => {
 		isValid: !0,
 		reason: ""
 	};
-}, Ve = "7.27.15", He = null, q, J = ({ milliseconds: e }) => new Promise((t) => c.setTimeout(t, e)), Ue = (e = "/") => {
+}, Ve = "7.27.16", He = null, q, J = ({ milliseconds: e }) => new Promise((t) => c.setTimeout(t, e)), Ue = (e = "/") => {
 	try {
 		q = new AbortController(), fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: q.signal }).catch((e) => {
 			console.log(e);
@@ -1590,7 +1593,7 @@ var W = (e, t = null, n) => {
 			},
 			configurationName: t
 		}), c = o.version;
-		if (c !== "7.27.15") {
+		if (c !== "7.27.16") {
 			console.warn(`Service worker ${c} version mismatch with js client version ${Ve}, unregistering and reloading`);
 			let e = parseInt(sessionStorage.getItem(a) ?? "0", 10);
 			if (e < 3) {
@@ -1739,7 +1742,11 @@ var W = (e, t = null, n) => {
 		this.getOrCreate = (t, n = new O()) => (r, i = "default") => new e(R.getOrCreate(t, n)(r, i));
 	}
 	static get(t = "default") {
-		return new e(R.get(t));
+		let n = R.get(t);
+		return n ? new e(n) : null;
+	}
+	static getOrThrow(t = "default") {
+		return new e(R.getOrThrow(t));
 	}
 	static {
 		this.eventNames = R.eventNames;

package/dist/index.umd.cjs

@@ -1,2 +1,2 @@
-(function(e,t){typeof exports==`object`&&typeof module<`u`?t(exports):typeof define==`function`&&define.amd?define([`exports`],t):(e=typeof globalThis<`u`?globalThis:e||self,t(e[`oidc-client`]={}))})(this,function(e){Object.defineProperty(e,Symbol.toStringTag,{value:`Module`});var t={service_worker_not_supported_by_browser:`service_worker_not_supported_by_browser`,token_acquired:`token_acquired`,logout_from_another_tab:`logout_from_another_tab`,logout_from_same_tab:`logout_from_same_tab`,token_renewed:`token_renewed`,token_timer:`token_timer`,loginAsync_begin:`loginAsync_begin`,loginAsync_error:`loginAsync_error`,loginCallbackAsync_begin:`loginCallbackAsync_begin`,loginCallbackAsync_end:`loginCallbackAsync_end`,loginCallbackAsync_error:`loginCallbackAsync_error`,loginCallbackAsync_navigated:`loginCallbackAsync_navigated`,loginCallbackAsync_navigation_error:`loginCallbackAsync_navigation_error`,refreshTokensAsync_begin:`refreshTokensAsync_begin`,refreshTokensAsync:`refreshTokensAsync`,refreshTokensAsync_end:`refreshTokensAsync_end`,refreshTokensAsync_error:`refreshTokensAsync_error`,refreshTokensAsync_silent_error:`refreshTokensAsync_silent_error`,tryKeepExistingSessionAsync_begin:`tryKeepExistingSessionAsync_begin`,tryKeepExistingSessionAsync_end:`tryKeepExistingSessionAsync_end`,tryKeepExistingSessionAsync_error:`tryKeepExistingSessionAsync_error`,silentLoginAsync_begin:`silentLoginAsync_begin`,silentLoginAsync:`silentLoginAsync`,silentLoginAsync_end:`silentLoginAsync_end`,silentLoginAsync_error:`silentLoginAsync_error`,syncTokensAsync_begin:`syncTokensAsync_begin`,syncTokensAsync_lock_not_available:`syncTokensAsync_lock_not_available`,syncTokensAsync_end:`syncTokensAsync_end`,syncTokensAsync_error:`syncTokensAsync_error`,tokensInvalidAndWaitingActionsToRefresh:`tokensInvalidAndWaitingActionsToRefresh`,loadingTimeout_error:`loadingTimeout_error`},n=(e,t,n)=>{if(n==null){delete e[t];return}e[t]=JSON.stringify(n)},r=(e,t,n)=>{if(n==null){delete e[t];return}e[t]=n},i=e=>{if(typeof e!=`string`||e===`undefined`||e===`null`||e===``)return null;try{return JSON.parse(e)}catch{return null}},a=(e,t=sessionStorage,a)=>{let o=a??t,s=r=>(n(t,`oidc.${e}`,{tokens:null,status:r}),delete t[`oidc.${e}.userInfo`],a&&a!==t&&(delete o[`oidc.login.${e}`],delete o[`oidc.state.${e}`],delete o[`oidc.code_verifier.${e}`],delete o[`oidc.nonce.${e}`]),Promise.resolve()),c=async()=>{let r=i(t[`oidc.${e}`]);return r?Promise.resolve({tokens:r.tokens,status:r.status}):(n(t,`oidc.${e}`,{tokens:null,status:null}),{tokens:null,status:null})},l=r=>{n(t,`oidc.${e}`,{tokens:r})},u=async n=>{r(t,`oidc.session_state.${e}`,n)},d=async()=>t[`oidc.session_state.${e}`],f=t=>{r(o,`oidc.nonce.${e}`,t?.nonce)},p=r=>{n(t,`oidc.jwk.${e}`,r)},m=()=>i(t[`oidc.jwk.${e}`]),h=async()=>({nonce:o[`oidc.nonce.${e}`]}),g=async n=>{r(t,`oidc.dpop_nonce.${e}`,n)},_=()=>t[`oidc.dpop_nonce.${e}`],v=()=>{let n=i(t[`oidc.${e}`]);return n?JSON.stringify({tokens:n.tokens}):null},y={};return{clearAsync:s,initAsync:c,setTokens:l,getTokens:v,setSessionStateAsync:u,getSessionStateAsync:d,setNonceAsync:f,getNonceAsync:h,setLoginParams:t=>{if(t==null){delete y[e],delete o[`oidc.login.${e}`];return}y[e]=t,n(o,`oidc.login.${e}`,t)},getLoginParams:()=>{if(y[e])return y[e];let t=i(o[`oidc.login.${e}`]);return t===null?(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null):(y[e]=t,t)},getStateAsync:async()=>o[`oidc.state.${e}`],setStateAsync:async t=>{r(o,`oidc.state.${e}`,t)},getCodeVerifierAsync:async()=>o[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async t=>{r(o,`oidc.code_verifier.${e}`,t)},setDemonstratingProofOfPossessionNonce:g,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:p,getDemonstratingProofOfPossessionJwkAsync:m}},o=2e3,s=console,c=class{constructor(e,t,n,r=o,i=!0){this._callback=e,this._client_id=t,this._url=n,this._interval=r||o,this._stopOnError=i;let a=n.indexOf(`/`,n.indexOf(`//`)+2);this._frame_origin=n.substring(0,a),this._frame=window.document.createElement(`iframe`),this._frame.style.visibility=`hidden`,this._frame.style.position=`absolute`,this._frame.style.display=`none`,this._frame.width=0,this._frame.height=0,this._frame.src=n}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener(`message`,this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data===`error`?(s.error(`CheckSessionIFrame: error message from check session op iframe`),this._stopOnError&&this.stop()):e.data===`changed`?(s.debug(e),s.debug(`CheckSessionIFrame: changed message from check session op iframe`),this.stop(),this._callback()):s.debug(`CheckSessionIFrame: `+e.data+` message from check session op iframe`))}start(e){s.debug(`CheckSessionIFrame.start :`+e),this.stop();let t=()=>{this._frame.contentWindow.postMessage(this._client_id+` `+e,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&=(s.debug(`CheckSessionIFrame.stop`),window.clearInterval(this._timer),null)}},l=(function(){let e=typeof window>`u`?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),u=(e,n,r)=>(i=null,a=null,o=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{r(t.silentLoginAsync_begin,{});let s=``;if(a&&(i??={},i.state=a),o!=null&&(i??={},i.scope=o),i!=null)for(let[e,t]of Object.entries(i))t!=null&&(s===``?s=`?${encodeURIComponent(e)}=${encodeURIComponent(t)}`:s+=`&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);let c=n.silent_login_uri+s,l=c.indexOf(`/`,c.indexOf(`//`)+2),u=c.substring(0,l),d=document.createElement(`iframe`);return d.width=`0px`,d.height=`0px`,d.id=`${e}_oidc_iframe`,d.setAttribute(`src`,c),d.style.display=`none`,document.body.appendChild(d),new Promise((i,a)=>{let o=!1,s=()=>{window.removeEventListener(`message`,c),d.remove(),o=!0},c=n=>{if(n.origin===u&&n.source===d.contentWindow){let c=`${e}_oidc_tokens:`,l=`${e}_oidc_error:`,u=`${e}_oidc_exception:`,d=n.data;if(d&&typeof d==`string`&&!o){if(d.startsWith(c)){let e=JSON.parse(n.data.replace(c,``));r(t.silentLoginAsync_end,{}),i(e),s()}else if(d.startsWith(l)){let e=JSON.parse(n.data.replace(l,``));r(t.silentLoginAsync_error,e),i({error:`oidc_`+e.error,tokens:null,sessionState:null}),s()}else if(d.startsWith(u)){let e=JSON.parse(n.data.replace(u,``));r(t.silentLoginAsync_error,e),a(Error(e.error)),s()}}}};try{window.addEventListener(`message`,c);let e=n.silent_login_timeout;setTimeout(()=>{o||(s(),r(t.silentLoginAsync_error,{reason:`timeout`}),a(Error(`timeout`)))},e)}catch(e){s(),r(t.silentLoginAsync_error,e),a(e)}})}catch(e){throw r(t.silentLoginAsync_error,e),e}},d=(e,n,r,i,a)=>(e=null,o=void 0)=>{e={...e};let s=(e,t,o)=>u(n,r,i.bind(a))(e,t,o);return(async()=>{a.timeoutId&&l.clearTimeout(a.timeoutId);let n;e&&`state`in e&&(n=e.state,delete e.state);try{let c=await s({...r.extras?{...r.extras,...e}:e,prompt:`none`},n,o);if(c)return a.tokens=c.tokens,i(t.token_acquired,{}),a.timeoutId=R(a,a.tokens.expiresAt,e,o),{}}catch(e){return e}})()},f=(e,t,n)=>(r,i,a,o=!1)=>{let s=(t,r=void 0,i=void 0)=>u(e.configurationName,n,e.publishEvent.bind(e))(t,r,i);return new Promise((l,u)=>{n.silent_login_uri&&n.silent_redirect_uri&&n.monitor_session&&r&&a&&!o?(e.checkSessionIFrame=new c(()=>{e.checkSessionIFrame.stop();let r=e.tokens;if(r===null)return;let i=r.idToken,a=r.idTokenPayload;return s({prompt:`none`,id_token_hint:i,scope:n.scope||`openid`}).then(t=>{if(t.error)throw Error(t.error);let n=t.tokens.idTokenPayload;if(a.sub===n.sub){let r=t.sessionState;e.checkSessionIFrame.start(t.sessionState),a.sid===n.sid?console.debug(`SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:`,r):console.debug(`SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:`,r)}else console.debug(`SessionMonitor._callback: Different subject signed into OP:`,n.sub)}).catch(async e=>{console.warn(`SessionMonitor._callback: Silent login failed, logging out other tabs:`,e);for(let[,e]of Object.entries(t))await e.logoutOtherTabAsync(n.client_id,a.sub)})},i,r),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(a),l(e.checkSessionIFrame)}).catch(e=>{u(e)})):l(null)})};function p(e){return new TextEncoder().encode(e)}function m(e){return btoa(e).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=+/g,``)}function h(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(e,t){return String.fromCharCode(parseInt(t,16))})}var g=e=>{let t=``;return e.forEach(function(e){t+=String.fromCharCode(e)}),m(t)};function _(e){return m(h(e))}var v={importKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`,hash:{name:`ES256`}},signAlgorithm:{name:`ECDSA`,hash:{name:`SHA-256`}},generateKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`},digestAlgorithm:{name:`SHA-256`},jwtHeaderAlgorithm:`ES256`},y={sign:e=>async(t,n,r,i,a=`dpop+jwt`)=>{switch(t=Object.assign({},t),n.typ=a,n.alg=i.jwtHeaderAlgorithm,n.alg){case`ES256`:n.jwk={kty:t.kty,crv:t.crv,x:t.x,y:t.y};break;case`RS256`:n.jwk={kty:t.kty,n:t.n,e:t.e,kid:n.kid};break;default:throw Error(`Unknown or not implemented JWS algorithm`)}let o={protected:_(JSON.stringify(n)),payload:_(JSON.stringify(r))},s=i.importKeyAlgorithm,c=await e.crypto.subtle.importKey(`jwk`,t,s,!0,[`sign`]),l=p(`${o.protected}.${o.payload}`),u=i.signAlgorithm,d=await e.crypto.subtle.sign(u,c,l);return o.signature=g(new Uint8Array(d)),`${o.protected}.${o.payload}.${o.signature}`}},b={generate:e=>async t=>{let n=t,r=await e.crypto.subtle.generateKey(n,!0,[`sign`,`verify`]);return await e.crypto.subtle.exportKey(`jwk`,r.privateKey)},neuter:e=>{let t=Object.assign({},e);return delete t.d,t.key_ops=[`verify`],t}},x={thumbprint:e=>async(t,n)=>{let r;switch(t.kty){case`EC`:r=`{"crv":"CRV","kty":"EC","x":"X","y":"Y"}`.replace(`CRV`,t.crv).replace(`X`,t.x).replace(`Y`,t.y);break;case`RSA`:r=`{"e":"E","kty":"RSA","n":"N"}`.replace(`E`,t.e).replace(`N`,t.n);break;default:throw Error(`Unknown or not implemented JWK type`)}let i=await e.crypto.subtle.digest(n,p(r));return g(new Uint8Array(i))}},ee=e=>async t=>await b.generate(e)(t),S=e=>t=>async(n,r=`POST`,i,a={})=>{let o={jti:btoa(C()),htm:r,htu:i,iat:Math.round(Date.now()/1e3),...a},s=await x.thumbprint(e)(n,t.digestAlgorithm);return await y.sign(e)(n,{kid:s},o,t)},C=()=>{let e=`xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx`,t=`0123456789abcdef`,n=0,r=``;for(let i=0;i<36;i++)e[i]!==`-`&&e[i]!==`4`&&(n=Math.random()*16|0),e[i]===`x`?r+=t[n]:e[i]===`y`?(n&=3,n|=8,r+=t[n]):r+=e[i];return r},w=()=>{let e=typeof window<`u`&&!!window.crypto;return{hasCrypto:e,hasSubtleCrypto:e&&!!window.crypto.subtle}},T=`ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`,E=e=>{let t=[];for(let n=0;n<e.byteLength;n+=1){let r=e[n]%62;t.push(T[r])}return t.join(``)},D=e=>{let t=new Uint8Array(e),{hasCrypto:n}=w();if(n)window.crypto.getRandomValues(t);else for(let n=0;n<e;n+=1)t[n]=Math.random()*62|0;return E(t)};function te(e){let t=new ArrayBuffer(e.length),n=new Uint8Array(t);for(let t=0;t<e.length;t++)n[t]=e.charCodeAt(t);return n}function ne(e){return new Promise((t,n)=>{crypto.subtle.digest(`SHA-256`,te(e)).then(e=>t(g(new Uint8Array(e))),e=>n(e))})}var re=e=>{if(e.length<43||e.length>128)return Promise.reject(Error(`Invalid code length.`));let{hasSubtleCrypto:t}=w();return t?ne(e):Promise.reject(Error(`window.crypto.subtle is unavailable.`))},ie=e=>!!(e.os===`iOS`&&e.osVersion.startsWith(`12`)||e.os===`Mac OS X`&&e.osVersion.startsWith(`10_15_6`)),ae=e=>{let t=e.appVersion,n=e.userAgent,r=`-`,i=[{s:`Windows 10`,r:/(Windows 10.0|Windows NT 10.0)/},{s:`Windows 8.1`,r:/(Windows 8.1|Windows NT 6.3)/},{s:`Windows 8`,r:/(Windows 8|Windows NT 6.2)/},{s:`Windows 7`,r:/(Windows 7|Windows NT 6.1)/},{s:`Windows Vista`,r:/Windows NT 6.0/},{s:`Windows Server 2003`,r:/Windows NT 5.2/},{s:`Windows XP`,r:/(Windows NT 5.1|Windows XP)/},{s:`Windows 2000`,r:/(Windows NT 5.0|Windows 2000)/},{s:`Windows ME`,r:/(Win 9x 4.90|Windows ME)/},{s:`Windows 98`,r:/(Windows 98|Win98)/},{s:`Windows 95`,r:/(Windows 95|Win95|Windows_95)/},{s:`Windows NT 4.0`,r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:`Windows CE`,r:/Windows CE/},{s:`Windows 3.11`,r:/Win16/},{s:`Android`,r:/Android/},{s:`Open BSD`,r:/OpenBSD/},{s:`Sun OS`,r:/SunOS/},{s:`Chrome OS`,r:/CrOS/},{s:`Linux`,r:/(Linux|X11(?!.*CrOS))/},{s:`iOS`,r:/(iPhone|iPad|iPod)/},{s:`Mac OS X`,r:/Mac OS X/},{s:`Mac OS`,r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:`QNX`,r:/QNX/},{s:`UNIX`,r:/UNIX/},{s:`BeOS`,r:/BeOS/},{s:`OS/2`,r:/OS\/2/},{s:`Search Bot`,r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(let e in i){let t=i[e];if(t.r.test(n)){r=t.s;break}}let a=`-`;switch(/Windows/.test(r)&&(a=/Windows (.*)/.exec(r)[1],r=`Windows`),r){case`Mac OS`:case`Mac OS X`:case`Android`:a=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];break;case`iOS`:{let e=/OS (\d+)_(\d+)_?(\d+)?/.exec(t);e!=null&&e.length>2&&(a=e[1]+`.`+e[2]+`.`+(parseInt(e[3])|0));break}}return{os:r,osVersion:a}};function oe(){let e=navigator.userAgent,t,n=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(n[1]))return t=/\brv[ :]+(\d+)/g.exec(e)||[],{name:`ie`,version:t[1]||``};if(n[1]===`Chrome`&&(t=e.match(/\bOPR|Edge\/(\d+)/),t!=null)){let n=t[1];if(!n){let r=e.split(t[0]+`/`);r.length>1&&(n=r[1])}return{name:`opera`,version:n}}return n=n[2]?[n[1],n[2]]:[navigator.appName,navigator.appVersion,`-?`],(t=e.match(/version\/(\d+)/i))!=null&&n.splice(1,1,t[1]),{name:n[0].toLowerCase(),version:n[1]}}var se=()=>{let{name:e,version:t}=oe();return e===`chrome`&&parseInt(t)<=70||e===`opera`&&(!t||parseInt(t.split(`.`)[0])<80)||e===`ie`?!1:!ie(ae(navigator))},ce=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(t.tryKeepExistingSessionAsync_begin,{});try{let r=e.configuration,i=await e.initAsync(r.authority,r.authority_configuration);if(n=await $(r,e.configurationName),n){let{tokens:a}=await n.initAsync(i,`tryKeepExistingSessionAsync`,r);if(a){n.startKeepAliveServiceWorker(),e.tokens=a;let o=n.getLoginParams(e.configurationName);e.timeoutId=R(e,e.tokens.expiresAt,o.extras,o.scope);let s=await n.getSessionStateAsync();return await e.startCheckSessionAsync(i.checkSessionIframe,r.client_id,s),r.preload_user_info&&await e.userInfoAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside ServiceWorker are valid`}),!0}e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!1,message:`no exiting session found`})}else{r.service_worker_relative_url&&e.publishEvent(t.service_worker_not_supported_by_browser,{message:`service worker is not supported by this browser`});let n=a(e.configurationName,r.storage??sessionStorage,r.login_state_storage??r.storage??sessionStorage),{tokens:o}=await n.initAsync();if(o){e.tokens=U(o,null,r.token_renew_mode);let a=n.getLoginParams();e.timeoutId=R(e,e.tokens.expiresAt,a.extras,a.scope);let s=await n.getSessionStateAsync();return await e.startCheckSessionAsync(i.checkSessionIframe,r.client_id,s),r.preload_user_info&&await e.userInfoAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside storage are valid`}),!0}}return e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!1,message:n?`service worker sessions not retrieved`:`session storage sessions not retrieved`}),!1}catch(r){return console.error(r),n&&await n.clearAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_error,`tokens inside ServiceWorker are invalid`),!1}},O=class{open(e){window.location.href=e}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){let e=window.location;return e.pathname+(e.search||``)+(e.hash||``)}getOrigin(){return window.origin}},k={},le=(e,t=window.sessionStorage,n)=>{if(!k[e]&&t){let n=t.getItem(e);n&&(k[e]=JSON.parse(n))}let r=1e3*n;return k[e]&&k[e].timestamp+r>Date.now()?k[e].result:null},ue=(e,t,n=window.sessionStorage)=>{let r=Date.now();k[e]={result:t,timestamp:r},n&&n.setItem(e,JSON.stringify({result:t,timestamp:r}))},de=3600,fe=e=>async(t,n=de,r=window.sessionStorage,i=1e4)=>{let a=`${t}/.well-known/openid-configuration`,o=`oidc.server:${t}`,s=le(o,r,n);if(s)return new F(s);let c=await A(e)(a,{},i);if(c.status!==200)return null;let l=await c.json();return ue(o,l,r),new F(l)},A=e=>async(t,n={},r=1e4,i=0)=>{let a;try{let i=new AbortController;setTimeout(()=>i.abort(),r),a=await e(t,{...n,signal:i.signal})}catch(a){if(a.name===`AbortError`||a.message===`Network request failed`){if(i<=1)return await A(e)(t,n,r,i+1);throw a}else throw console.error(a.message),a}return a},j={refresh_token:`refresh_token`,access_token:`access_token`},pe=e=>async(t,n,r=j.refresh_token,i,a={},o=1e4)=>{let s={token:n,token_type_hint:r,client_id:i};for(let[e,t]of Object.entries(a))s[e]===void 0&&(s[e]=t);let c=[];for(let e in s){let t=encodeURIComponent(e),n=encodeURIComponent(s[e]);c.push(`${t}=${n}`)}let l=c.join(`&`);return(await A(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`},body:l},o)).status===200?{success:!0}:{success:!1}},me=e=>async(t,n,r,i,a={},o,s=1e4)=>{for(let[e,t]of Object.entries(r))n[e]===void 0&&(n[e]=t);let c=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);c.push(`${t}=${r}`)}let l=c.join(`&`),u=await A(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...a},body:l},s);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};let d=await u.json(),f=null;return u.headers.has(M)&&(f=u.headers.get(M)),{success:!0,status:u.status,data:W(d,i,o),demonstratingProofOfPossessionNonce:f}},he=(e,t)=>async(n,r)=>{r=r?{...r}:{};let i=D(128),a=await re(i);await e.setCodeVerifierAsync(i),await e.setStateAsync(r.state),r.code_challenge=a,r.code_challenge_method=`S256`;let o=``;if(r)for(let[e,t]of Object.entries(r))o===``?o+=`?`:o+=`&`,o+=`${e}=${encodeURIComponent(t)}`;t.open(`${n}${o}`)},M=`DPoP-Nonce`,ge=e=>async(t,n,r,i,a=1e4)=>{n=n?{...n}:{},n.code_verifier=await e.getCodeVerifierAsync();let o=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);o.push(`${t}=${r}`)}let s=o.join(`&`),c=await A(fetch)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...r},body:s},a);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let l=null;c.headers.has(M)&&(l=c.headers.get(M));let u=await c.json();return{success:!0,data:{state:n.state,tokens:W(u,null,i),demonstratingProofOfPossessionNonce:l}}},_e=e=>{let t=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!t)throw Error(`Invalid URL`);let n=t[6],r=t[7];if(r){let e=r.split(`?`);e.length===2&&(r=e[0],n=e[1])}return n.startsWith(`?`)&&(n=n.slice(1)),t&&{href:e,protocol:t[1],host:t[2],hostname:t[3],port:t[4],path:t[5],search:n,hash:r}},ve=e=>{let t=_e(e),{path:n}=t;n.endsWith(`/`)&&(n=n.slice(0,-1));let{hash:r}=t;return r===`#_=_`&&(r=``),r&&(n+=r),n},N=e=>{let{search:t}=_e(e);return ye(t)},ye=e=>{let t={},n,r,i,a=e.split(`&`);for(r=0,i=a.length;r<i;r++)n=a[r].split(`=`),t[decodeURIComponent(n[0])]=decodeURIComponent(n[1]);return t},be=(e,n,r,i,o)=>(s=void 0,c=null,l=!1,u=void 0)=>{let d=c;return c={...c},(async()=>{let f=s||o.getPath();if(`state`in c||(c.state=D(16)),r(t.loginAsync_begin,{}),c)for(let e of Object.keys(c))e.endsWith(`:token_request`)&&delete c[e];try{let t=l?n.silent_redirect_uri:n.redirect_uri;u||=n.scope;let r=n.extras?{...n.extras,...c}:c;r.nonce||=D(12);let s={nonce:r.nonce},p=await $(n,e),m=await i(n.authority,n.authority_configuration),h;if(p)p.setLoginParams({callbackPath:f,extras:d,scope:u}),await p.initAsync(m,`loginAsync`,n),await p.setNonceAsync(s),p.startKeepAliveServiceWorker(),h=p;else{let t=a(e,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage);t.setLoginParams({callbackPath:f,extras:d,scope:u}),await t.setNonceAsync(s),h=t}let g={client_id:n.client_id,redirect_uri:t,scope:u,response_type:`code`,...r};await he(h,o)(m.authorizationEndpoint,g)}catch(e){throw r(t.loginAsync_error,e),e}})()},xe=e=>async(n=!1)=>{try{e.publishEvent(t.loginCallbackAsync_begin,{});let r=e.configuration,i=r.client_id,o=n?r.silent_redirect_uri:r.redirect_uri,s=r.authority,c=r.token_request_timeout,l=await e.initAsync(s,r.authority_configuration),u=N(e.location.getCurrentHref()),d=u.session_state,f=await $(r,e.configurationName),p,m,h,g;if(f)await f.initAsync(l,`loginCallbackAsync`,r),await f.setSessionStateAsync(d),m=await f.getNonceAsync(),h=f.getLoginParams(),g=await f.getStateAsync(),f.startKeepAliveServiceWorker(),p=f;else{let t=a(e.configurationName,r.storage??sessionStorage,r.login_state_storage??r.storage??sessionStorage);await t.setSessionStateAsync(d),m=await t.getNonceAsync(),h=t.getLoginParams(),g=await t.getStateAsync(),p=t}if(u.error||u.error_description)throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==l.issuer)throw console.error(),Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);if(u.state&&u.state!==g)throw Error(`State not valid (expected: ${g}, received: ${u.state})`);let _={code:u.code,grant_type:`authorization_code`,client_id:r.client_id,redirect_uri:o},v={};if(r.token_request_extras)for(let[e,t]of Object.entries(r.token_request_extras))v[e]=t;if(h?.extras)for(let[e,t]of Object.entries(h.extras))e.endsWith(`:token_request`)&&(v[e.replace(`:token_request`,``)]=t);let y=l.tokenEndpoint,b={};if(r.demonstrating_proof_of_possession)if(f)b.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{let t=await ee(window)(r.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await a(e.configurationName,r.storage,r.login_state_storage??r.storage).setDemonstratingProofOfPossessionJwkAsync(t),b.DPoP=await S(window)(r.demonstrating_proof_of_possession_configuration)(t,`POST`,y)}let x=await ge(p)(y,{..._,...v},b,e.configuration.token_renew_mode,c);if(!x.success)throw Error(`Token request failed`);let C,w=x.data.tokens,T=x.data.demonstratingProofOfPossessionNonce;if(x.data.state!==v.state)throw Error(`state is not valid`);let{isValid:E,reason:D}=He(w,m.nonce,l);if(!E)throw Error(`Tokens are not OpenID valid, reason: ${D}`);if(f){if(w.refreshToken&&!w.refreshToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Refresh token should be hidden by service worker`);if(T&&w?.accessToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Demonstration of proof of possession require Access token not hidden by service worker`)}if(f)await f.initAsync(l,`syncTokensAsync`,r),C=f.getLoginParams(),T&&await f.setDemonstratingProofOfPossessionNonce(T);else{let t=a(e.configurationName,r.storage,r.login_state_storage??r.storage);C=t.getLoginParams(),T&&await t.setDemonstratingProofOfPossessionNonce(T)}return await e.startCheckSessionAsync(l.checkSessionIframe,i,d,n),e.publishEvent(t.loginCallbackAsync_end,{}),{tokens:w,state:`request.state`,callbackPath:C.callbackPath,scope:u.scope,extras:C.extras}}catch(n){throw console.error(n),e.publishEvent(t.loginCallbackAsync_error,n),n}},Se={access_token:`access_token`,refresh_token:`refresh_token`},Ce=(e,t)=>{let n={};if(e){for(let[r,i]of Object.entries(e))if(r.endsWith(t)){let e=r.replace(t,``);n[e]=i}return n}return n},we=e=>{let t={};if(e){for(let[n,r]of Object.entries(e))n.includes(`:`)||(t[n]=r);return t}return t},Te=e=>async t=>{l.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();let n=await $(e.configuration,e.configurationName);n?await n.clearAsync(t):await a(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).clearAsync(t),e.tokens=null,e.userInfo=null},Ee=(e,n,r,i,a)=>async(o=void 0,s=null)=>{let c=e.configuration,l=await e.initAsync(c.authority,c.authority_configuration);o&&typeof o!=`string`&&(o=void 0,i.warn(`callbackPathOrUrl path is not a string`));let u=o??a.getPath(),d=!1;o&&(d=o.includes(`https://`)||o.includes(`http://`));let f=d?o:a.getOrigin()+u,p=e.tokens?e.tokens.idToken:``;try{let t=l.revocationEndpoint;if(t){let n=[],i=e.tokens?e.tokens.accessToken:null;if(i&&c.logout_tokens_to_invalidate.includes(Se.access_token)){let e=Ce(s,`:revoke_access_token`),a=pe(r)(t,i,j.access_token,c.client_id,e);n.push(a)}let a=e.tokens?e.tokens.refreshToken:null;if(a&&c.logout_tokens_to_invalidate.includes(Se.refresh_token)){let e=Ce(s,`:revoke_refresh_token`),i=pe(r)(t,a,j.refresh_token,c.client_id,e);n.push(i)}n.length>0&&await Promise.all(n)}}catch(e){i.warn(`logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error`),i.warn(e)}let m=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync(`LOGGED_OUT`);for(let[,r]of Object.entries(n))r===e?e.publishEvent(t.logout_from_same_tab,{}):await e.logoutSameTabAsync(e.configuration.client_id,m);let h=Ce(s,`:oidc`);if(h&&h.no_reload===`true`)return;let g=we(s);if(l.endSessionEndpoint){`id_token_hint`in g||(g.id_token_hint=p),!(`post_logout_redirect_uri`in g)&&o!==null&&(g.post_logout_redirect_uri=f);let e=``;for(let[t,n]of Object.entries(g))n!=null&&(e===``?e+=`?`:e+=`&`,e+=`${t}=${encodeURIComponent(n)}`);a.open(`${l.endSessionEndpoint}${e}`)}else a.reload()},P=function(e){return e.AutomaticBeforeTokenExpiration=`AutomaticBeforeTokensExpiration`,e.AutomaticOnlyWhenFetchExecuted=`AutomaticOnlyWhenFetchExecuted`,e}({}),De=(e,t,n=!1)=>async(...r)=>{let[i,a,...o]=r,s=a?{...a}:{method:`GET`},c=new Headers;s.headers&&(c=s.headers instanceof Headers?s.headers:new Headers(s.headers));let l=(await Ve({getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await B(t)(t.configuration,t.configurationName,t.tokens,!1);return e},renewTokensAsync:t.renewTokensAsync.bind(t)}))?.tokens?.accessToken;if(c.has(`Accept`)||c.set(`Accept`,`application/json`),l){if(t.configuration.demonstrating_proof_of_possession&&n){let e=await t.generateDemonstrationOfProofOfPossessionAsync(l,i.toString(),s.method);c.set(`Authorization`,`DPoP ${l}`),c.set(`DPoP`,e)}else c.set(`Authorization`,`Bearer ${l}`);s.credentials||=`same-origin`}return await e(i,{...s,headers:c},...o)},Oe=e=>async(t=!1,n=!1)=>{if(e.userInfo!=null&&!t)return e.userInfo;let r=!t&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(r)return e.userInfo=JSON.parse(r),e.userInfo;let i=e.configuration,a=(await e.initAsync(i.authority,i.authority_configuration)).userInfoEndpoint,o=await(async()=>{let t=await De(fetch,e,n)(a);return t.status===200?t.json():null})();return e.userInfo=o,o&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(o)),o},ke=()=>fetch,F=class{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}},I={},Ae=(e,t=new O)=>(n,r=`default`)=>(I[r]||(I[r]=new L(n,r,e,t)),I[r]),je=async e=>{let{parsedTokens:t,callbackPath:n,extras:r,scope:i}=await e.loginCallbackAsync();return e.timeoutId=R(e,t.expiresAt,r,i),{callbackPath:n}},Me=e=>Math.floor(Math.random()*e),L=class e{constructor(e,t=`default`,n,r=new O){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace(`-callback`,``).replace(`callback`,``)}-login`);let a=e.refresh_time_before_tokens_expiration_in_second??120;a>60&&(a-=Math.floor(Math.random()*40)),this.location=r??new O,this.configuration={...e,silent_login_uri:i,token_automatic_renew_mode:e.token_automatic_renew_mode??P.AutomaticBeforeTokenExpiration,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:a,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??H.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??[`access_token`,`refresh_token`],service_worker_activate:e.service_worker_activate??se,demonstrating_proof_of_possession_configuration:e.demonstrating_proof_of_possession_configuration??v,preload_user_info:e.preload_user_info??!1},this.getFetch=n??ke,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){let t=Me(9999999999999).toString();return this.events.push({id:t,func:e}),t}removeEventSubscription(e){let t=this.events.filter(t=>t.id!==e);this.events=t}publishEvent(e,t){this.events.forEach(n=>{n.func(e,t)})}static{this.getOrCreate=(e,t)=>(n,r=`default`)=>Ae(e,t)(n,r)}static get(e=`default`){let t=typeof process>`u`;if(!Object.prototype.hasOwnProperty.call(I,e)&&t)throw Error(`OIDC library does seem initialized.
-Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> component.`);return I[e]}static{this.eventNames=t}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let e=this.location,t=N(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(e=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let t=this.location,n=N(t.getCurrentHref());n.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:n.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:e==null?``:e.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame(e)}}async initAsync(e,t){if(this.initPromise!==null)return this.initPromise;let n=async()=>{if(t!=null)return new F({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});let n=await $(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await fe(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??3600,n,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=n(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise===null?(this.tryKeepExistingSessionPromise=ce(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null})):this.tryKeepExistingSessionPromise}async startCheckSessionAsync(e,t,n,r=!1){await f(this,I,this.configuration)(e,t,n,r)}async loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise===null?(i?this.loginPromise=d(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,r):this.loginPromise=be(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,t,n,r),this.loginPromise.finally(()=>{this.loginPromise=null})):this.loginPromise}async loginCallbackAsync(t=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;let n=async()=>{let n=await xe(this)(t),r=n.tokens;return this.tokens=r,await $(this.configuration,this.configurationName)||a(this.configurationName,this.configuration.storage,this.configuration.login_state_storage??this.configuration.storage).setTokens(r),this.publishEvent(e.eventNames.token_acquired,r),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:r,state:n.state,callbackPath:n.callbackPath,scope:n.scope,extras:n.extras}};return this.loginCallbackPromise=n(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){let i=this.configuration,o={ath:await ne(e),...r};if(await $(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Y(this.configurationName)}`;let s=a(this.configurationName,i.storage,i.login_state_storage??i.storage),c=await s.getDemonstratingProofOfPossessionJwkAsync(),l=s.getDemonstratingProofOfPossessionNonce();return l&&(o.nonce=l),await S(window)(i.demonstrating_proof_of_possession_configuration)(c,n,t,o)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise===null?(this.loginCallbackWithAutoTokensRenewPromise=je(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null})):this.loginCallbackWithAutoTokensRenewPromise}userInfoAsync(e=!1,t=!1){return this.userInfoPromise===null?(this.userInfoPromise=Oe(this)(e,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null})):this.userInfoPromise}async renewTokensAsync(e=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return l.clearTimeout(this.timeoutId),this.renewTokensPromise=Pe(this,!0,e,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(e){return await Te(this)(e)}async logoutSameTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(t.logout_from_same_tab,{mmessage:`SessionMonitor`,sub:n}))}async logoutOtherTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(t.logout_from_another_tab,{message:`SessionMonitor`,sub:n}))}async logoutAsync(e=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=Ee(this,I,this.getFetch(),console,this.location)(e,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};async function Ne(e,t,n,r=null){let{tokens:i,status:o}=await V(e)(t=>{e.tokens=t},0,0,t,n,r);return await $(e.configuration,e.configurationName)||a(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(o),null)}async function Pe(e,t=!1,n=null,r=null){let i=e.configuration,a=`${i.client_id}_${e.configurationName}_${i.authority}`,o,s=await $(e.configuration,e.configurationName);if(i?.storage===window?.sessionStorage&&!s||!navigator.locks)o=await Ne(e,t,n,r);else{let i=`retry`;for(;i===`retry`;)i=await navigator.locks.request(a,{ifAvailable:!0},async i=>i?await Ne(e,t,n,r):(e.publishEvent(L.eventNames.syncTokensAsync_lock_not_available,{lock:`lock not available`}),`retry`));o=i}return o?(e.timeoutId&&=R(e,e.tokens.expiresAt,n,r),e.tokens):null}var R=(e,t,n=null,r=null)=>{let i=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&l.clearTimeout(e.timeoutId),l.setTimeout(async()=>{let a={timeLeft:G(i,t)};e.publishEvent(L.eventNames.token_timer,a),await Pe(e,!1,n,r)},1e3)},z={FORCE_REFRESH:`FORCE_REFRESH`,SESSION_LOST:`SESSION_LOST`,NOT_CONNECTED:`NOT_CONNECTED`,TOKENS_VALID:`TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID`,LOGOUT_FROM_ANOTHER_TAB:`LOGOUT_FROM_ANOTHER_TAB`,REQUIRE_SYNC_TOKENS:`REQUIRE_SYNC_TOKENS`,TOKENS_INVALID:`TOKENS_INVALID`},B=e=>async(t,n,r,i=!1)=>{let o={nonce:null};if(!r)return{tokens:null,status:z.NOT_CONNECTED,nonce:o};let s,c=await e.initAsync(t.authority,t.authority_configuration),l=await $(t,n);if(l){let{status:e,tokens:n}=await l.initAsync(c,`syncTokensAsync`,t);if(e===`LOGGED_OUT`)return{tokens:null,status:z.LOGOUT_FROM_ANOTHER_TAB,nonce:o};if(e===`SESSIONS_LOST`)return{tokens:null,status:z.SESSION_LOST,nonce:o};if(!e||!n)return{tokens:null,status:z.REQUIRE_SYNC_TOKENS,nonce:o};if(n.issuedAt!==r.issuedAt)return{tokens:n,status:G(t.refresh_time_before_tokens_expiration_in_second,n.expiresAt)>0?z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,nonce:await l.getNonceAsync()};s=await l.getNonceAsync()}else{let i=a(n,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage),c=await i.initAsync(),{tokens:l}=c,{status:u}=c;if(l&&=U(l,e.tokens,t.token_renew_mode),!l)return{tokens:null,status:z.LOGOUT_FROM_ANOTHER_TAB,nonce:o};if(u===`SESSIONS_LOST`)return{tokens:null,status:z.SESSION_LOST,nonce:o};if(l.issuedAt!==r.issuedAt){let e=G(t.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,n=await i.getNonceAsync();return{tokens:l,status:e,nonce:n}}s=await i.getNonceAsync()}let u=G(t.refresh_time_before_tokens_expiration_in_second,r.expiresAt)>0?`TOKENS_VALID`:`TOKENS_INVALID`;return i?{tokens:r,status:`FORCE_REFRESH`,nonce:s}:{tokens:r,status:u,nonce:s}},V=e=>async(n,r=0,i=0,o=!1,s=null,c=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:`GIVE_UP`};let l=6,d=o?2:5;for(;!navigator.onLine&&l>0;)await q({milliseconds:1e3}),l--,e.publishEvent(t.refreshTokensAsync,{message:`wait because navigator is offline try ${l}`});let f=document.hidden,p=f?r:r+1,m=f?i+1:i;if(r>=d||i>=5)return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token`}),{tokens:null,status:`SESSION_LOST`};s||={};let h=e.configuration,g=(t,n=null,r=null)=>u(e.configurationName,e.configuration,e.publishEvent.bind(e))(t,n,r),_=async()=>{try{let r,i=await $(h,e.configurationName);r=i?i.getLoginParams():a(e.configurationName,h.storage,h.login_state_storage??h.storage).getLoginParams();let o={};if(r&&r.extras)for(let[e,t]of Object.entries(r.extras))t!=null&&(o[e]=t);if(s)for(let[e,t]of Object.entries(s))t!=null&&(o[e]=t);o.prompt=`none`,c&&(o.scope=c);let l=await g(o);return l?l.error?(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token silent`}),{tokens:null,status:`SESSION_LOST`}):(n(l.tokens),e.publishEvent(L.eventNames.token_renewed,{}),{tokens:l.tokens,status:`LOGGED`}):(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token silent not active`}),{tokens:null,status:`SESSION_LOST`})}catch(r){return console.error(r),e.publishEvent(t.refreshTokensAsync_silent_error,{message:`exceptionSilent`,exception:r.message}),await V(e)(n,p,m,o,s,c)}};try{let{status:l,tokens:u,nonce:d}=await B(e)(h,e.configurationName,e.tokens,o);switch(l){case z.SESSION_LOST:return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token session lost`}),{tokens:null,status:`SESSION_LOST`};case z.NOT_CONNECTED:return n(null),{tokens:null,status:null};case z.TOKENS_VALID:return n(u),{tokens:u,status:`LOGGED_IN`};case z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(u),e.publishEvent(L.eventNames.token_renewed,{reason:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`}),{tokens:u,status:`LOGGED_IN`};case z.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(t.logout_from_another_tab,{status:`session syncTokensAsync`}),{tokens:null,status:`LOGGED_OUT`};case z.REQUIRE_SYNC_TOKENS:return h.token_automatic_renew_mode==P.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(t.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`}):(e.publishEvent(t.refreshTokensAsync_begin,{tryNumber:r}),await _());default:{if(h.token_automatic_renew_mode==P.AutomaticOnlyWhenFetchExecuted&&z.FORCE_REFRESH!==l)return e.publishEvent(t.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`};if(e.publishEvent(t.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:r,backgroundTry:i}),!u.refreshToken)return await _();let f=h.client_id,g=h.redirect_uri,v=h.authority,y={...h.token_request_extras?h.token_request_extras:{}};for(let[e,t]of Object.entries(s))e.endsWith(`:token_request`)&&(y[e.replace(`:token_request`,``)]=t);return await(async()=>{let r={client_id:f,redirect_uri:g,grant_type:`refresh_token`,refresh_token:u.refreshToken},i=await e.initAsync(v,h.authority_configuration),l=document.hidden?1e4:3e4*10,_=i.tokenEndpoint,b={};h.demonstrating_proof_of_possession&&(b.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,_,`POST`));let x=await me(e.getFetch())(_,r,y,u,b,h.token_renew_mode,l);if(x.success){let{isValid:r,reason:o}=He(x.data,d.nonce,i);if(!r)return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${o}`}),{tokens:null,status:`SESSION_LOST`};if(n(x.data),x.demonstratingProofOfPossessionNonce){let t=await $(h,e.configurationName);t?await t.setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce):await a(e.configurationName,h.storage,h.login_state_storage??h.storage).setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce)}return e.publishEvent(t.refreshTokensAsync_end,{success:x.success}),e.publishEvent(L.eventNames.token_renewed,{reason:`REFRESH_TOKEN`}),{tokens:x.data,status:`LOGGED_IN`}}else return e.publishEvent(t.refreshTokensAsync_silent_error,{message:`bad request`,tokenResponse:x}),x.status>=400&&x.status<500?(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`session lost: ${x.status}`}),{tokens:null,status:`SESSION_LOST`}):await V(e)(n,p,m,o,s,c)})()}}}catch(r){return console.error(r),e.publishEvent(t.refreshTokensAsync_silent_error,{message:`exception`,exception:r.message}),new Promise((t,r)=>{setTimeout(()=>{V(e)(n,p,m,o,s,c).then(t).catch(r)},1e3)})}},Fe=e=>decodeURIComponent(Array.prototype.map.call(atob(e),e=>`%`+(`00`+e.charCodeAt(0).toString(16)).slice(-2)).join(``)),Ie=e=>JSON.parse(Fe(e.replaceAll(/-/g,`+`).replaceAll(/_/g,`/`))),Le=e=>{try{return e&&Re(e,`.`)===2?Ie(e.split(`.`)[1]):null}catch(e){console.warn(e)}return null},Re=(e,t)=>e.split(t).length-1,H={access_token_or_id_token_invalid:`access_token_or_id_token_invalid`,access_token_invalid:`access_token_invalid`,id_token_invalid:`id_token_invalid`};function ze(e,t,n){return e.issuedAt?typeof e.issuedAt==`string`?parseInt(e.issuedAt,10):e.issuedAt:t&&t.iat?t.iat:n&&n.iat?n.iat:new Date().getTime()/1e3}var U=(e,t=null,n)=>{if(!e)return null;let r,i=typeof e.expiresIn==`string`?parseInt(e.expiresIn,10):e.expiresIn;r=e.accessTokenPayload===void 0?Le(e.accessToken):e.accessTokenPayload;let a;a=t!=null&&`idToken`in t&&!(`idToken`in e)?t.idToken:e.idToken;let o=e.idTokenPayload?e.idTokenPayload:Le(a),s=o&&o.exp?o.exp:Number.MAX_VALUE,c=r&&r.exp?r.exp:e.issuedAt+i;e.issuedAt=ze(e,r,o);let l;l=e.expiresAt?e.expiresAt:n===H.access_token_invalid?c:n===H.id_token_invalid||s<c?s:c;let u={...e,idTokenPayload:o,accessTokenPayload:r,expiresAt:l,idToken:a};if(t!=null&&`refreshToken`in t&&!(`refreshToken`in e)){let e=t.refreshToken;return{...u,refreshToken:e}}return u},W=(e,t,n)=>{if(!e)return null;e.issued_at||=new Date().getTime()/1e3;let r={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return`refresh_token`in e&&(r.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(r.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(r.idTokenPayload=e.idTokenPayload),U(r,t,n)},G=(e,t)=>{let n=t-new Date().getTime()/1e3;return Math.round(n-e)},Be=(e,t=0)=>e?G(t,e.expiresAt)>0:!1,Ve=async(e,t=200,n=50)=>{let r=n,i=await e.syncTokensInfoAsync();for(;[z.REQUIRE_SYNC_TOKENS,z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,z.TOKENS_INVALID].includes(i)&&r>0;){if(e.configuration.token_automatic_renew_mode==P.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await q({milliseconds:t});--r,i=await e.syncTokensInfoAsync()}return{isTokensValid:Be(e.getTokens()),tokens:e.getTokens(),numberWaited:r-n}},He=(e,t,n)=>{if(e.idTokenPayload){let r=e.idTokenPayload;if(n.issuer!==r.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`};let i=new Date().getTime()/1e3;if(r.exp&&r.exp<i)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`};let a=3600*24*7;if(r.iat&&r.iat+a<i)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat+a} < (currentTimeUnixSecond) ${i}`};if(r.nonce&&r.nonce!==t)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`}}return{isValid:!0,reason:``}},Ue=`7.27.15`,We=null,K,q=({milliseconds:e})=>new Promise(t=>l.setTimeout(t,e)),Ge=(e=`/`)=>{try{K=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:K.signal}).catch(e=>{console.log(e)}),q({milliseconds:150*1e3}).then(()=>Ge(e))}catch(e){console.log(e)}},J=()=>{K&&K.abort()},Y=e=>{let t=`oidc.tabId.${e}`,n=sessionStorage.getItem(t);if(n)return n;let r=globalThis.crypto.randomUUID();return sessionStorage.setItem(t,r),r},Ke=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,X=(e,t)=>n=>{let r=t?.timeoutMs??5e3;return new Promise((t,i)=>{let a=Ke(e);if(!a){i(Error(`Service worker target not available (controller/active/waiting/installing missing)`));return}let o=new MessageChannel,s=null,c=()=>{try{s!=null&&(l.clearTimeout(s),s=null),o.port1.onmessage=null,o.port1.close(),o.port2.close()}catch(e){console.error(e)}};s=l.setTimeout(()=>{c(),i(Error(`Service worker did not respond within ${r}ms (type=${n?.type})`))},r),o.port1.onmessage=e=>{c(),e?.data?.error?i(e.data.error):t(e.data)};try{let e=n?.configurationName;a.postMessage({...n,tabId:Y(e??`default`)},[o.port2])}catch(e){c(),i(e)}})},qe=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(t=>{let n=!1,r=()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener(`controllerchange`,r),l.setTimeout(()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))},e)}),Je=!1,Z=!1,Q=new Map,Ye=`oidc.sw.controllerchange_reload_count`,Xe=3,Ze=()=>{try{return parseInt(sessionStorage.getItem(Ye)??`0`,10)}catch{return 0}},Qe=()=>{let e=Ze()+1;try{sessionStorage.setItem(Ye,String(e))}catch{}return e},$e=()=>{try{sessionStorage.removeItem(Ye)}catch{}},$=async(e,t)=>{let n=e.service_worker_relative_url;if(typeof window>`u`||typeof navigator>`u`||!navigator.serviceWorker||!n||e.service_worker_activate()===!1)return null;let r=`${n}?v=${Ue}`,i=null;e.service_worker_register?(Q.has(n)||Q.set(n,e.service_worker_register(n)),i=await Q.get(n)):(Q.has(r)||Q.set(r,navigator.serviceWorker.register(r,{updateViaCache:`none`})),i=await Q.get(r));let a=`oidc.sw.version_mismatch_reload.${t}`,o=async e=>{J(),console.log(`New SW waiting – SKIP_WAITING`);try{await new Promise((n,r)=>{let i=new MessageChannel,a=null,o=()=>{try{a!=null&&(l.clearTimeout(a),a=null),i.port1.onmessage=null,i.port1.close(),i.port2.close()}catch(e){console.error(e)}};a=l.setTimeout(()=>{o(),r(Error(`SKIP_WAITING did not respond within 8000ms`))},8e3),i.port1.onmessage=e=>{o(),e?.data?.error?r(e.data.error):n()};try{e.postMessage({type:`SKIP_WAITING`,configurationName:t,data:null,tabId:Y(t??`default`)},[i.port2])}catch(e){o(),r(e)}})}catch(e){console.warn(`SKIP_WAITING failed`,e)}},s=async()=>{let e=i.waiting;e?await o(e):console.warn(`sendSkipWaiting called but no waiting service worker found`)},c=e=>{J(),e.addEventListener(`statechange`,async()=>{if(e.state===`installed`&&navigator.serviceWorker.controller){if(Ze()>=Xe){console.warn(`SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted`);return}await o(e)}})};i.addEventListener(`updatefound`,()=>{let e=i.installing;e&&c(e)}),i.installing?c(i.installing):i.waiting&&navigator.serviceWorker.controller&&(Ze()<Xe?s():console.warn(`SW: a waiting worker exists but reload budget is exhausted – skipping activation`)),i.update().catch(e=>{console.error(e)});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await X(i,{timeoutMs:8e3})({type:`claim`,configurationName:t,data:null}),await qe(2e3))}catch(e){return console.warn(`Failed init ServiceWorker ${e?.toString?.()??String(e)}`),null}Je||(Je=!0,navigator.serviceWorker.addEventListener(`controllerchange`,()=>{if(Z)return;let e=Qe();if(e>Xe){console.warn(`SW controllerchange: reload budget exhausted (${e-1} reloads). Skipping reload to avoid infinite loop.`);return}Z=!0,console.log(`SW controller changed – reloading page`),J(),window.location.reload()}));let u=async e=>X(i)({type:`clear`,data:{status:e},configurationName:t}),d=async(e,n,r)=>{let o=await X(i)({type:`init`,data:{oidcServerConfiguration:e,where:n,oidcConfiguration:{token_renew_mode:r.token_renew_mode,service_worker_convert_all_requests_to_cors:r.service_worker_convert_all_requests_to_cors}},configurationName:t}),c=o.version;if(c!==`7.27.15`){console.warn(`Service worker ${c} version mismatch with js client version ${Ue}, unregistering and reloading`);let e=parseInt(sessionStorage.getItem(a)??`0`,10);if(e<3){if(sessionStorage.setItem(a,String(e+1)),i.waiting)return await s(),await q({milliseconds:500}),Z||(Z=!0,window.location.reload()),new Promise(()=>{});{J();try{await i.update()}catch(e){console.error(e)}let e=await i.unregister();return console.log(`Service worker unregistering ${e}`),await q({milliseconds:500}),Z||(Z=!0,window.location.reload()),new Promise(()=>{})}}else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`)}else sessionStorage.removeItem(a),$e();return{tokens:W(o.tokens,null,r.token_renew_mode),status:o.status}},f=(e=`/`)=>{We??(We=`not_null`,Ge(e))},p=e=>X(i)({type:`setSessionState`,data:{sessionState:e},configurationName:t}),m=async()=>(await X(i)({type:`getSessionState`,data:null,configurationName:t})).sessionState,h=e=>(sessionStorage[`oidc.nonce.${t}`]=e.nonce,X(i)({type:`setNonce`,data:{nonce:e},configurationName:t})),g=async(e=!0)=>{let n=(await X(i)({type:`getNonce`,data:null,configurationName:t})).nonce;return n||(n=sessionStorage[`oidc.nonce.${t}`],console.warn(`nonce not found in service worker, using sessionStorage`),e&&(await h(n),n=(await g(!1)).nonce)),{nonce:n}},_={},v=e=>{if(e==null){delete _[t],delete localStorage[`oidc.login.${t}`];return}_[t]=e,localStorage[`oidc.login.${t}`]=JSON.stringify(e)},y=()=>{if(_[t])return _[t];let e=localStorage[`oidc.login.${t}`];if(typeof e!=`string`||e===``||e===`undefined`||e===`null`)return null;try{_[t]=JSON.parse(e)}catch{return null}return _[t]},b=async e=>{await X(i)({type:`setDemonstratingProofOfPossessionNonce`,data:{demonstratingProofOfPossessionNonce:e},configurationName:t})},x=async()=>(await X(i)({type:`getDemonstratingProofOfPossessionNonce`,data:null,configurationName:t})).demonstratingProofOfPossessionNonce,ee=async e=>{let n=JSON.stringify(e);await X(i)({type:`setDemonstratingProofOfPossessionJwk`,data:{demonstratingProofOfPossessionJwkJson:n},configurationName:t})},S=async()=>{let e=await X(i)({type:`getDemonstratingProofOfPossessionJwk`,data:null,configurationName:t});return e.demonstratingProofOfPossessionJwkJson?JSON.parse(e.demonstratingProofOfPossessionJwkJson):null},C=async(e=!0)=>{let n=(await X(i)({type:`getState`,data:null,configurationName:t})).state;return n||(n=sessionStorage[`oidc.state.${t}`],console.warn(`state not found in service worker, using sessionStorage`),e&&(await w(n),n=await C(!1))),n},w=async e=>(sessionStorage[`oidc.state.${t}`]=e,X(i)({type:`setState`,data:{state:e},configurationName:t})),T=async(e=!0)=>{let n=(await X(i)({type:`getCodeVerifier`,data:null,configurationName:t})).codeVerifier;return n||(n=sessionStorage[`oidc.code_verifier.${t}`],console.warn(`codeVerifier not found in service worker, using sessionStorage`),e&&(await E(n),n=await T(!1))),n},E=async e=>(sessionStorage[`oidc.code_verifier.${t}`]=e,X(i)({type:`setCodeVerifier`,data:{codeVerifier:e},configurationName:t}));return{clearAsync:u,initAsync:d,startKeepAliveServiceWorker:()=>f(e.service_worker_keep_alive_path),setSessionStateAsync:p,getSessionStateAsync:m,setNonceAsync:h,getNonceAsync:g,setLoginParams:v,getLoginParams:y,getStateAsync:C,setStateAsync:w,getCodeVerifierAsync:T,setCodeVerifierAsync:E,setDemonstratingProofOfPossessionNonce:b,getDemonstratingProofOfPossessionNonce:x,setDemonstratingProofOfPossessionJwkAsync:ee,getDemonstratingProofOfPossessionJwkAsync:S,signalAsync:(e,n)=>X(i,n)({...e,configurationName:e.configurationName??t})}},et=async(e,t,n,r)=>{let i=await $(e,t);if(!i)throw Error(`signalServiceWorkerAsync: no service worker registered for configuration "${t}"`);return i.signalAsync(n,r)},tt=class e{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,t){this._oidc.publishEvent(e,t)}static{this.getOrCreate=(t,n=new O)=>(r,i=`default`)=>new e(L.getOrCreate(t,n)(r,i))}static get(t=`default`){return new e(L.get(t))}static{this.eventNames=L.eventNames}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this._oidc.loginAsync(e,t,n,r,i)}logoutAsync(e=void 0,t=null){return this._oidc.logoutAsync(e,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null,t=null){return this._oidc.renewTokensAsync(e,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,t,n,r)}async getValidTokenAsync(e=200,t=50){let n=this._oidc;return Ve({getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await B(n)(n.configuration,n.configurationName,n.tokens,!1);return e},renewTokensAsync:n.renewTokensAsync.bind(n)},e,t)}fetchWithTokens(e,t=!1){return De(e,this._oidc,t)}async userInfoAsync(e=!1,t=!1){return this._oidc.userInfoAsync(e,t)}userInfo(){return this._oidc.userInfo}async signalServiceWorker(e,t){return et(this._oidc.configuration,this._oidc.configurationName,e,t)}},nt=`1.0.0`,rt={SKIP_WAITING:`SKIP_WAITING`,CLAIM:`claim`,CLEAR:`clear`,INIT:`init`,SET_STATE:`setState`,GET_STATE:`getState`,SET_CODE_VERIFIER:`setCodeVerifier`,GET_CODE_VERIFIER:`getCodeVerifier`,SET_SESSION_STATE:`setSessionState`,GET_SESSION_STATE:`getSessionState`,SET_NONCE:`setNonce`,GET_NONCE:`getNonce`,SET_DPOP_NONCE:`setDemonstratingProofOfPossessionNonce`,GET_DPOP_NONCE:`getDemonstratingProofOfPossessionNonce`,SET_DPOP_JWK:`setDemonstratingProofOfPossessionJwk`,GET_DPOP_JWK:`getDemonstratingProofOfPossessionJwk`},it={ACCESS_TOKEN:`ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER`,REFRESH_TOKEN:`REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER`,NONCE_TOKEN:`NONCE_SECURED_BY_OIDC_SERVICE_WORKER`,CODE_VERIFIER:`CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER`},at=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER`;e.DPOP_TOKEN_PLACEHOLDER_PREFIX=at,e.OidcClient=tt,e.OidcLocation=O,e.PROTOCOL_VERSION=nt,e.STORAGE_KEY_PREFIX={TAB_ID:`oidc.tabId.`,STATE:`oidc.state.`,NONCE:`oidc.nonce.`,CODE_VERIFIER:`oidc.code_verifier.`,LOGIN_PARAMS:`oidc.login.`,SW_VERSION_MISMATCH_RELOAD:`oidc.sw.version_mismatch_reload.`},e.SW_CONTROLLER_CHANGE_RELOAD_COUNT_KEY=`oidc.sw.controllerchange_reload_count`,e.ServiceWorkerMessageType=rt,e.TOKEN_PLACEHOLDERS=it,e.TokenAutomaticRenewMode=P,e.TokenRenewMode=H,e.buildDpopSecuredPlaceholder=(e,t=`default`)=>`${at}_${e}#tabId=${t}`,e.buildSecuredTokenPlaceholder=(e,t,n=`default`)=>`${e}_${t}#tabId=${n}`,e.buildStorageKey=(e,t)=>`${e}${t}`,e.getFetchDefault=ke,e.getParseQueryStringFromLocation=N,e.getPath=ve,e.isServiceWorkerMessageType=e=>typeof e==`string`?Object.values(rt).includes(e):!1,e.signalServiceWorkerAsync=et});
+(function(e,t){typeof exports==`object`&&typeof module<`u`?t(exports):typeof define==`function`&&define.amd?define([`exports`],t):(e=typeof globalThis<`u`?globalThis:e||self,t(e[`oidc-client`]={}))})(this,function(e){Object.defineProperty(e,Symbol.toStringTag,{value:`Module`});var t={service_worker_not_supported_by_browser:`service_worker_not_supported_by_browser`,token_acquired:`token_acquired`,logout_from_another_tab:`logout_from_another_tab`,logout_from_same_tab:`logout_from_same_tab`,token_renewed:`token_renewed`,token_timer:`token_timer`,loginAsync_begin:`loginAsync_begin`,loginAsync_error:`loginAsync_error`,loginCallbackAsync_begin:`loginCallbackAsync_begin`,loginCallbackAsync_end:`loginCallbackAsync_end`,loginCallbackAsync_error:`loginCallbackAsync_error`,loginCallbackAsync_navigated:`loginCallbackAsync_navigated`,loginCallbackAsync_navigation_error:`loginCallbackAsync_navigation_error`,refreshTokensAsync_begin:`refreshTokensAsync_begin`,refreshTokensAsync:`refreshTokensAsync`,refreshTokensAsync_end:`refreshTokensAsync_end`,refreshTokensAsync_error:`refreshTokensAsync_error`,refreshTokensAsync_silent_error:`refreshTokensAsync_silent_error`,tryKeepExistingSessionAsync_begin:`tryKeepExistingSessionAsync_begin`,tryKeepExistingSessionAsync_end:`tryKeepExistingSessionAsync_end`,tryKeepExistingSessionAsync_error:`tryKeepExistingSessionAsync_error`,silentLoginAsync_begin:`silentLoginAsync_begin`,silentLoginAsync:`silentLoginAsync`,silentLoginAsync_end:`silentLoginAsync_end`,silentLoginAsync_error:`silentLoginAsync_error`,syncTokensAsync_begin:`syncTokensAsync_begin`,syncTokensAsync_lock_not_available:`syncTokensAsync_lock_not_available`,syncTokensAsync_end:`syncTokensAsync_end`,syncTokensAsync_error:`syncTokensAsync_error`,tokensInvalidAndWaitingActionsToRefresh:`tokensInvalidAndWaitingActionsToRefresh`,loadingTimeout_error:`loadingTimeout_error`},n=(e,t,n)=>{if(n==null){delete e[t];return}e[t]=JSON.stringify(n)},r=(e,t,n)=>{if(n==null){delete e[t];return}e[t]=n},i=e=>{if(typeof e!=`string`||e===`undefined`||e===`null`||e===``)return null;try{return JSON.parse(e)}catch{return null}},a=(e,t=sessionStorage,a)=>{let o=a??t,s=r=>(n(t,`oidc.${e}`,{tokens:null,status:r}),delete t[`oidc.${e}.userInfo`],a&&a!==t&&(delete o[`oidc.login.${e}`],delete o[`oidc.state.${e}`],delete o[`oidc.code_verifier.${e}`],delete o[`oidc.nonce.${e}`]),Promise.resolve()),c=async()=>{let r=i(t[`oidc.${e}`]);return r?Promise.resolve({tokens:r.tokens,status:r.status}):(n(t,`oidc.${e}`,{tokens:null,status:null}),{tokens:null,status:null})},l=r=>{n(t,`oidc.${e}`,{tokens:r})},u=async n=>{r(t,`oidc.session_state.${e}`,n)},d=async()=>t[`oidc.session_state.${e}`],f=t=>{r(o,`oidc.nonce.${e}`,t?.nonce)},p=r=>{n(t,`oidc.jwk.${e}`,r)},m=()=>i(t[`oidc.jwk.${e}`]),h=async()=>({nonce:o[`oidc.nonce.${e}`]}),g=async n=>{r(t,`oidc.dpop_nonce.${e}`,n)},_=()=>t[`oidc.dpop_nonce.${e}`],v=()=>{let n=i(t[`oidc.${e}`]);return n?JSON.stringify({tokens:n.tokens}):null},y={};return{clearAsync:s,initAsync:c,setTokens:l,getTokens:v,setSessionStateAsync:u,getSessionStateAsync:d,setNonceAsync:f,getNonceAsync:h,setLoginParams:t=>{if(t==null){delete y[e],delete o[`oidc.login.${e}`];return}y[e]=t,n(o,`oidc.login.${e}`,t)},getLoginParams:()=>{if(y[e])return y[e];let t=i(o[`oidc.login.${e}`]);return t===null?(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null):(y[e]=t,t)},getStateAsync:async()=>o[`oidc.state.${e}`],setStateAsync:async t=>{r(o,`oidc.state.${e}`,t)},getCodeVerifierAsync:async()=>o[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async t=>{r(o,`oidc.code_verifier.${e}`,t)},setDemonstratingProofOfPossessionNonce:g,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:p,getDemonstratingProofOfPossessionJwkAsync:m}},o=2e3,s=console,c=class{constructor(e,t,n,r=o,i=!0){this._callback=e,this._client_id=t,this._url=n,this._interval=r||o,this._stopOnError=i;let a=n.indexOf(`/`,n.indexOf(`//`)+2);this._frame_origin=n.substring(0,a),this._frame=window.document.createElement(`iframe`),this._frame.style.visibility=`hidden`,this._frame.style.position=`absolute`,this._frame.style.display=`none`,this._frame.width=0,this._frame.height=0,this._frame.src=n}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener(`message`,this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data===`error`?(s.error(`CheckSessionIFrame: error message from check session op iframe`),this._stopOnError&&this.stop()):e.data===`changed`?(s.debug(e),s.debug(`CheckSessionIFrame: changed message from check session op iframe`),this.stop(),this._callback()):s.debug(`CheckSessionIFrame: `+e.data+` message from check session op iframe`))}start(e){s.debug(`CheckSessionIFrame.start :`+e),this.stop();let t=()=>{this._frame.contentWindow.postMessage(this._client_id+` `+e,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&=(s.debug(`CheckSessionIFrame.stop`),window.clearInterval(this._timer),null)}},l=(function(){let e=typeof window>`u`?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),u=(e,n,r)=>(i=null,a=null,o=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{r(t.silentLoginAsync_begin,{});let s=``;if(a&&(i??={},i.state=a),o!=null&&(i??={},i.scope=o),i!=null)for(let[e,t]of Object.entries(i))t!=null&&(s===``?s=`?${encodeURIComponent(e)}=${encodeURIComponent(t)}`:s+=`&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);let c=n.silent_login_uri+s,l=c.indexOf(`/`,c.indexOf(`//`)+2),u=c.substring(0,l),d=document.createElement(`iframe`);return d.width=`0px`,d.height=`0px`,d.id=`${e}_oidc_iframe`,d.setAttribute(`src`,c),d.style.display=`none`,document.body.appendChild(d),new Promise((i,a)=>{let o=!1,s=()=>{window.removeEventListener(`message`,c),d.remove(),o=!0},c=n=>{if(n.origin===u&&n.source===d.contentWindow){let c=`${e}_oidc_tokens:`,l=`${e}_oidc_error:`,u=`${e}_oidc_exception:`,d=n.data;if(d&&typeof d==`string`&&!o){if(d.startsWith(c)){let e=JSON.parse(n.data.replace(c,``));r(t.silentLoginAsync_end,{}),i(e),s()}else if(d.startsWith(l)){let e=JSON.parse(n.data.replace(l,``));r(t.silentLoginAsync_error,e),i({error:`oidc_`+e.error,tokens:null,sessionState:null}),s()}else if(d.startsWith(u)){let e=JSON.parse(n.data.replace(u,``));r(t.silentLoginAsync_error,e),a(Error(e.error)),s()}}}};try{window.addEventListener(`message`,c);let e=n.silent_login_timeout;setTimeout(()=>{o||(s(),r(t.silentLoginAsync_error,{reason:`timeout`}),a(Error(`timeout`)))},e)}catch(e){s(),r(t.silentLoginAsync_error,e),a(e)}})}catch(e){throw r(t.silentLoginAsync_error,e),e}},d=(e,n,r,i,a)=>(e=null,o=void 0)=>{e={...e};let s=(e,t,o)=>u(n,r,i.bind(a))(e,t,o);return(async()=>{a.timeoutId&&l.clearTimeout(a.timeoutId);let n;e&&`state`in e&&(n=e.state,delete e.state);try{let c=await s({...r.extras?{...r.extras,...e}:e,prompt:`none`},n,o);if(c)return a.tokens=c.tokens,i(t.token_acquired,{}),a.timeoutId=R(a,a.tokens.expiresAt,e,o),{}}catch(e){return e}})()},f=(e,t,n)=>(r,i,a,o=!1)=>{let s=(t,r=void 0,i=void 0)=>u(e.configurationName,n,e.publishEvent.bind(e))(t,r,i);return new Promise((l,u)=>{n.silent_login_uri&&n.silent_redirect_uri&&n.monitor_session&&r&&a&&!o?(e.checkSessionIFrame=new c(()=>{e.checkSessionIFrame.stop();let r=e.tokens;if(r===null)return;let i=r.idToken,a=r.idTokenPayload;return s({prompt:`none`,id_token_hint:i,scope:n.scope||`openid`}).then(t=>{if(t.error)throw Error(t.error);let n=t.tokens.idTokenPayload;if(a.sub===n.sub){let r=t.sessionState;e.checkSessionIFrame.start(t.sessionState),a.sid===n.sid?console.debug(`SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:`,r):console.debug(`SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:`,r)}else console.debug(`SessionMonitor._callback: Different subject signed into OP:`,n.sub)}).catch(async e=>{console.warn(`SessionMonitor._callback: Silent login failed, logging out other tabs:`,e);for(let[,e]of Object.entries(t))await e.logoutOtherTabAsync(n.client_id,a.sub)})},i,r),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(a),l(e.checkSessionIFrame)}).catch(e=>{u(e)})):l(null)})};function p(e){return new TextEncoder().encode(e)}function m(e){return btoa(e).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=+/g,``)}function h(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(e,t){return String.fromCharCode(parseInt(t,16))})}var g=e=>{let t=``;return e.forEach(function(e){t+=String.fromCharCode(e)}),m(t)};function _(e){return m(h(e))}var v={importKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`,hash:{name:`ES256`}},signAlgorithm:{name:`ECDSA`,hash:{name:`SHA-256`}},generateKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`},digestAlgorithm:{name:`SHA-256`},jwtHeaderAlgorithm:`ES256`},y={sign:e=>async(t,n,r,i,a=`dpop+jwt`)=>{switch(t=Object.assign({},t),n.typ=a,n.alg=i.jwtHeaderAlgorithm,n.alg){case`ES256`:n.jwk={kty:t.kty,crv:t.crv,x:t.x,y:t.y};break;case`RS256`:n.jwk={kty:t.kty,n:t.n,e:t.e,kid:n.kid};break;default:throw Error(`Unknown or not implemented JWS algorithm`)}let o={protected:_(JSON.stringify(n)),payload:_(JSON.stringify(r))},s=i.importKeyAlgorithm,c=await e.crypto.subtle.importKey(`jwk`,t,s,!0,[`sign`]),l=p(`${o.protected}.${o.payload}`),u=i.signAlgorithm,d=await e.crypto.subtle.sign(u,c,l);return o.signature=g(new Uint8Array(d)),`${o.protected}.${o.payload}.${o.signature}`}},b={generate:e=>async t=>{let n=t,r=await e.crypto.subtle.generateKey(n,!0,[`sign`,`verify`]);return await e.crypto.subtle.exportKey(`jwk`,r.privateKey)},neuter:e=>{let t=Object.assign({},e);return delete t.d,t.key_ops=[`verify`],t}},x={thumbprint:e=>async(t,n)=>{let r;switch(t.kty){case`EC`:r=`{"crv":"CRV","kty":"EC","x":"X","y":"Y"}`.replace(`CRV`,t.crv).replace(`X`,t.x).replace(`Y`,t.y);break;case`RSA`:r=`{"e":"E","kty":"RSA","n":"N"}`.replace(`E`,t.e).replace(`N`,t.n);break;default:throw Error(`Unknown or not implemented JWK type`)}let i=await e.crypto.subtle.digest(n,p(r));return g(new Uint8Array(i))}},ee=e=>async t=>await b.generate(e)(t),S=e=>t=>async(n,r=`POST`,i,a={})=>{let o={jti:btoa(C()),htm:r,htu:i,iat:Math.round(Date.now()/1e3),...a},s=await x.thumbprint(e)(n,t.digestAlgorithm);return await y.sign(e)(n,{kid:s},o,t)},C=()=>{let e=`xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx`,t=`0123456789abcdef`,n=0,r=``;for(let i=0;i<36;i++)e[i]!==`-`&&e[i]!==`4`&&(n=Math.random()*16|0),e[i]===`x`?r+=t[n]:e[i]===`y`?(n&=3,n|=8,r+=t[n]):r+=e[i];return r},w=()=>{let e=typeof window<`u`&&!!window.crypto;return{hasCrypto:e,hasSubtleCrypto:e&&!!window.crypto.subtle}},T=`ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`,E=e=>{let t=[];for(let n=0;n<e.byteLength;n+=1){let r=e[n]%62;t.push(T[r])}return t.join(``)},D=e=>{let t=new Uint8Array(e),{hasCrypto:n}=w();if(n)window.crypto.getRandomValues(t);else for(let n=0;n<e;n+=1)t[n]=Math.random()*62|0;return E(t)};function te(e){let t=new ArrayBuffer(e.length),n=new Uint8Array(t);for(let t=0;t<e.length;t++)n[t]=e.charCodeAt(t);return n}function ne(e){return new Promise((t,n)=>{crypto.subtle.digest(`SHA-256`,te(e)).then(e=>t(g(new Uint8Array(e))),e=>n(e))})}var re=e=>{if(e.length<43||e.length>128)return Promise.reject(Error(`Invalid code length.`));let{hasSubtleCrypto:t}=w();return t?ne(e):Promise.reject(Error(`window.crypto.subtle is unavailable.`))},ie=e=>!!(e.os===`iOS`&&e.osVersion.startsWith(`12`)||e.os===`Mac OS X`&&e.osVersion.startsWith(`10_15_6`)),ae=e=>{let t=e.appVersion,n=e.userAgent,r=`-`,i=[{s:`Windows 10`,r:/(Windows 10.0|Windows NT 10.0)/},{s:`Windows 8.1`,r:/(Windows 8.1|Windows NT 6.3)/},{s:`Windows 8`,r:/(Windows 8|Windows NT 6.2)/},{s:`Windows 7`,r:/(Windows 7|Windows NT 6.1)/},{s:`Windows Vista`,r:/Windows NT 6.0/},{s:`Windows Server 2003`,r:/Windows NT 5.2/},{s:`Windows XP`,r:/(Windows NT 5.1|Windows XP)/},{s:`Windows 2000`,r:/(Windows NT 5.0|Windows 2000)/},{s:`Windows ME`,r:/(Win 9x 4.90|Windows ME)/},{s:`Windows 98`,r:/(Windows 98|Win98)/},{s:`Windows 95`,r:/(Windows 95|Win95|Windows_95)/},{s:`Windows NT 4.0`,r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:`Windows CE`,r:/Windows CE/},{s:`Windows 3.11`,r:/Win16/},{s:`Android`,r:/Android/},{s:`Open BSD`,r:/OpenBSD/},{s:`Sun OS`,r:/SunOS/},{s:`Chrome OS`,r:/CrOS/},{s:`Linux`,r:/(Linux|X11(?!.*CrOS))/},{s:`iOS`,r:/(iPhone|iPad|iPod)/},{s:`Mac OS X`,r:/Mac OS X/},{s:`Mac OS`,r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:`QNX`,r:/QNX/},{s:`UNIX`,r:/UNIX/},{s:`BeOS`,r:/BeOS/},{s:`OS/2`,r:/OS\/2/},{s:`Search Bot`,r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(let e in i){let t=i[e];if(t.r.test(n)){r=t.s;break}}let a=`-`;switch(/Windows/.test(r)&&(a=/Windows (.*)/.exec(r)[1],r=`Windows`),r){case`Mac OS`:case`Mac OS X`:case`Android`:a=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];break;case`iOS`:{let e=/OS (\d+)_(\d+)_?(\d+)?/.exec(t);e!=null&&e.length>2&&(a=e[1]+`.`+e[2]+`.`+(parseInt(e[3])|0));break}}return{os:r,osVersion:a}};function oe(){let e=navigator.userAgent,t,n=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(n[1]))return t=/\brv[ :]+(\d+)/g.exec(e)||[],{name:`ie`,version:t[1]||``};if(n[1]===`Chrome`&&(t=e.match(/\bOPR|Edge\/(\d+)/),t!=null)){let n=t[1];if(!n){let r=e.split(t[0]+`/`);r.length>1&&(n=r[1])}return{name:`opera`,version:n}}return n=n[2]?[n[1],n[2]]:[navigator.appName,navigator.appVersion,`-?`],(t=e.match(/version\/(\d+)/i))!=null&&n.splice(1,1,t[1]),{name:n[0].toLowerCase(),version:n[1]}}var se=()=>{let{name:e,version:t}=oe();return e===`chrome`&&parseInt(t)<=70||e===`opera`&&(!t||parseInt(t.split(`.`)[0])<80)||e===`ie`?!1:!ie(ae(navigator))},ce=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(t.tryKeepExistingSessionAsync_begin,{});try{let r=e.configuration,i=await e.initAsync(r.authority,r.authority_configuration);if(n=await $(r,e.configurationName),n){let{tokens:a}=await n.initAsync(i,`tryKeepExistingSessionAsync`,r);if(a){n.startKeepAliveServiceWorker(),e.tokens=a;let o=n.getLoginParams(e.configurationName);e.timeoutId=R(e,e.tokens.expiresAt,o.extras,o.scope);let s=await n.getSessionStateAsync();return await e.startCheckSessionAsync(i.checkSessionIframe,r.client_id,s),r.preload_user_info&&await e.userInfoAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside ServiceWorker are valid`}),!0}e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!1,message:`no exiting session found`})}else{r.service_worker_relative_url&&e.publishEvent(t.service_worker_not_supported_by_browser,{message:`service worker is not supported by this browser`});let n=a(e.configurationName,r.storage??sessionStorage,r.login_state_storage??r.storage??sessionStorage),{tokens:o}=await n.initAsync();if(o){e.tokens=U(o,null,r.token_renew_mode);let a=n.getLoginParams();e.timeoutId=R(e,e.tokens.expiresAt,a.extras,a.scope);let s=await n.getSessionStateAsync();return await e.startCheckSessionAsync(i.checkSessionIframe,r.client_id,s),r.preload_user_info&&await e.userInfoAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside storage are valid`}),!0}}return e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!1,message:n?`service worker sessions not retrieved`:`session storage sessions not retrieved`}),!1}catch(r){return console.error(r),n&&await n.clearAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_error,`tokens inside ServiceWorker are invalid`),!1}},O=class{open(e){window.location.href=e}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){let e=window.location;return e.pathname+(e.search||``)+(e.hash||``)}getOrigin(){return window.origin}},k={},le=(e,t=window.sessionStorage,n)=>{if(!k[e]&&t){let n=t.getItem(e);n&&(k[e]=JSON.parse(n))}let r=1e3*n;return k[e]&&k[e].timestamp+r>Date.now()?k[e].result:null},ue=(e,t,n=window.sessionStorage)=>{let r=Date.now();k[e]={result:t,timestamp:r},n&&n.setItem(e,JSON.stringify({result:t,timestamp:r}))},de=3600,fe=e=>async(t,n=de,r=window.sessionStorage,i=1e4)=>{let a=`${t}/.well-known/openid-configuration`,o=`oidc.server:${t}`,s=le(o,r,n);if(s)return new F(s);let c=await A(e)(a,{},i);if(c.status!==200)return null;let l=await c.json();return ue(o,l,r),new F(l)},A=e=>async(t,n={},r=1e4,i=0)=>{let a;try{let i=new AbortController;setTimeout(()=>i.abort(),r),a=await e(t,{...n,signal:i.signal})}catch(a){if(a.name===`AbortError`||a.message===`Network request failed`){if(i<=1)return await A(e)(t,n,r,i+1);throw a}else throw console.error(a.message),a}return a},j={refresh_token:`refresh_token`,access_token:`access_token`},pe=e=>async(t,n,r=j.refresh_token,i,a={},o=1e4)=>{let s={token:n,token_type_hint:r,client_id:i};for(let[e,t]of Object.entries(a))s[e]===void 0&&(s[e]=t);let c=[];for(let e in s){let t=encodeURIComponent(e),n=encodeURIComponent(s[e]);c.push(`${t}=${n}`)}let l=c.join(`&`);return(await A(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`},body:l},o)).status===200?{success:!0}:{success:!1}},me=e=>async(t,n,r,i,a={},o,s=1e4)=>{for(let[e,t]of Object.entries(r))n[e]===void 0&&(n[e]=t);let c=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);c.push(`${t}=${r}`)}let l=c.join(`&`),u=await A(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...a},body:l},s);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};let d=await u.json(),f=null;return u.headers.has(M)&&(f=u.headers.get(M)),{success:!0,status:u.status,data:W(d,i,o),demonstratingProofOfPossessionNonce:f}},he=(e,t)=>async(n,r)=>{r=r?{...r}:{};let i=D(128),a=await re(i);await e.setCodeVerifierAsync(i),await e.setStateAsync(r.state),r.code_challenge=a,r.code_challenge_method=`S256`;let o=``;if(r)for(let[e,t]of Object.entries(r))o===``?o+=`?`:o+=`&`,o+=`${e}=${encodeURIComponent(t)}`;t.open(`${n}${o}`)},M=`DPoP-Nonce`,ge=e=>async(t,n,r,i,a=1e4)=>{n=n?{...n}:{},n.code_verifier=await e.getCodeVerifierAsync();let o=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);o.push(`${t}=${r}`)}let s=o.join(`&`),c=await A(fetch)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...r},body:s},a);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let l=null;c.headers.has(M)&&(l=c.headers.get(M));let u=await c.json();return{success:!0,data:{state:n.state,tokens:W(u,null,i),demonstratingProofOfPossessionNonce:l}}},_e=e=>{let t=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!t)throw Error(`Invalid URL`);let n=t[6],r=t[7];if(r){let e=r.split(`?`);e.length===2&&(r=e[0],n=e[1])}return n.startsWith(`?`)&&(n=n.slice(1)),t&&{href:e,protocol:t[1],host:t[2],hostname:t[3],port:t[4],path:t[5],search:n,hash:r}},ve=e=>{let t=_e(e),{path:n}=t;n.endsWith(`/`)&&(n=n.slice(0,-1));let{hash:r}=t;return r===`#_=_`&&(r=``),r&&(n+=r),n},N=e=>{let{search:t}=_e(e);return ye(t)},ye=e=>{let t={},n,r,i,a=e.split(`&`);for(r=0,i=a.length;r<i;r++)n=a[r].split(`=`),t[decodeURIComponent(n[0])]=decodeURIComponent(n[1]);return t},be=(e,n,r,i,o)=>(s=void 0,c=null,l=!1,u=void 0)=>{let d=c;return c={...c},(async()=>{let f=s||o.getPath();if(`state`in c||(c.state=D(16)),r(t.loginAsync_begin,{}),c)for(let e of Object.keys(c))e.endsWith(`:token_request`)&&delete c[e];try{let t=l?n.silent_redirect_uri:n.redirect_uri;u||=n.scope;let r=n.extras?{...n.extras,...c}:c;r.nonce||=D(12);let s={nonce:r.nonce},p=await $(n,e),m=await i(n.authority,n.authority_configuration),h;if(p)p.setLoginParams({callbackPath:f,extras:d,scope:u}),await p.initAsync(m,`loginAsync`,n),await p.setNonceAsync(s),p.startKeepAliveServiceWorker(),h=p;else{let t=a(e,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage);t.setLoginParams({callbackPath:f,extras:d,scope:u}),await t.setNonceAsync(s),h=t}let g={client_id:n.client_id,redirect_uri:t,scope:u,response_type:`code`,...r};await he(h,o)(m.authorizationEndpoint,g)}catch(e){throw r(t.loginAsync_error,e),e}})()},xe=e=>async(n=!1)=>{try{e.publishEvent(t.loginCallbackAsync_begin,{});let r=e.configuration,i=r.client_id,o=n?r.silent_redirect_uri:r.redirect_uri,s=r.authority,c=r.token_request_timeout,l=await e.initAsync(s,r.authority_configuration),u=N(e.location.getCurrentHref()),d=u.session_state,f=await $(r,e.configurationName),p,m,h,g;if(f)await f.initAsync(l,`loginCallbackAsync`,r),await f.setSessionStateAsync(d),m=await f.getNonceAsync(),h=f.getLoginParams(),g=await f.getStateAsync(),f.startKeepAliveServiceWorker(),p=f;else{let t=a(e.configurationName,r.storage??sessionStorage,r.login_state_storage??r.storage??sessionStorage);await t.setSessionStateAsync(d),m=await t.getNonceAsync(),h=t.getLoginParams(),g=await t.getStateAsync(),p=t}if(u.error||u.error_description)throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==l.issuer)throw console.error(),Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);if(u.state&&u.state!==g)throw Error(`State not valid (expected: ${g}, received: ${u.state})`);let _={code:u.code,grant_type:`authorization_code`,client_id:r.client_id,redirect_uri:o},v={};if(r.token_request_extras)for(let[e,t]of Object.entries(r.token_request_extras))v[e]=t;if(h?.extras)for(let[e,t]of Object.entries(h.extras))e.endsWith(`:token_request`)&&(v[e.replace(`:token_request`,``)]=t);let y=l.tokenEndpoint,b={};if(r.demonstrating_proof_of_possession)if(f)b.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{let t=await ee(window)(r.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await a(e.configurationName,r.storage,r.login_state_storage??r.storage).setDemonstratingProofOfPossessionJwkAsync(t),b.DPoP=await S(window)(r.demonstrating_proof_of_possession_configuration)(t,`POST`,y)}let x=await ge(p)(y,{..._,...v},b,e.configuration.token_renew_mode,c);if(!x.success)throw Error(`Token request failed`);let C,w=x.data.tokens,T=x.data.demonstratingProofOfPossessionNonce;if(x.data.state!==v.state)throw Error(`state is not valid`);let{isValid:E,reason:D}=He(w,m.nonce,l);if(!E)throw Error(`Tokens are not OpenID valid, reason: ${D}`);if(f){if(w.refreshToken&&!w.refreshToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Refresh token should be hidden by service worker`);if(T&&w?.accessToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Demonstration of proof of possession require Access token not hidden by service worker`)}if(f)await f.initAsync(l,`syncTokensAsync`,r),C=f.getLoginParams(),T&&await f.setDemonstratingProofOfPossessionNonce(T);else{let t=a(e.configurationName,r.storage,r.login_state_storage??r.storage);C=t.getLoginParams(),T&&await t.setDemonstratingProofOfPossessionNonce(T)}return await e.startCheckSessionAsync(l.checkSessionIframe,i,d,n),e.publishEvent(t.loginCallbackAsync_end,{}),{tokens:w,state:`request.state`,callbackPath:C.callbackPath,scope:u.scope,extras:C.extras}}catch(n){throw console.error(n),e.publishEvent(t.loginCallbackAsync_error,n),n}},Se={access_token:`access_token`,refresh_token:`refresh_token`},Ce=(e,t)=>{let n={};if(e){for(let[r,i]of Object.entries(e))if(r.endsWith(t)){let e=r.replace(t,``);n[e]=i}return n}return n},we=e=>{let t={};if(e){for(let[n,r]of Object.entries(e))n.includes(`:`)||(t[n]=r);return t}return t},Te=e=>async t=>{l.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();let n=await $(e.configuration,e.configurationName);n?await n.clearAsync(t):await a(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).clearAsync(t),e.tokens=null,e.userInfo=null},Ee=(e,n,r,i,a)=>async(o=void 0,s=null)=>{let c=e.configuration,l=await e.initAsync(c.authority,c.authority_configuration);o&&typeof o!=`string`&&(o=void 0,i.warn(`callbackPathOrUrl path is not a string`));let u=o??a.getPath(),d=!1;o&&(d=o.includes(`https://`)||o.includes(`http://`));let f=d?o:a.getOrigin()+u,p=e.tokens?e.tokens.idToken:``;try{let t=l.revocationEndpoint;if(t){let n=[],i=e.tokens?e.tokens.accessToken:null;if(i&&c.logout_tokens_to_invalidate.includes(Se.access_token)){let e=Ce(s,`:revoke_access_token`),a=pe(r)(t,i,j.access_token,c.client_id,e);n.push(a)}let a=e.tokens?e.tokens.refreshToken:null;if(a&&c.logout_tokens_to_invalidate.includes(Se.refresh_token)){let e=Ce(s,`:revoke_refresh_token`),i=pe(r)(t,a,j.refresh_token,c.client_id,e);n.push(i)}n.length>0&&await Promise.all(n)}}catch(e){i.warn(`logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error`),i.warn(e)}let m=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync(`LOGGED_OUT`);for(let[,r]of Object.entries(n))r===e?e.publishEvent(t.logout_from_same_tab,{}):await e.logoutSameTabAsync(e.configuration.client_id,m);let h=Ce(s,`:oidc`);if(h&&h.no_reload===`true`)return;let g=we(s);if(l.endSessionEndpoint){`id_token_hint`in g||(g.id_token_hint=p),!(`post_logout_redirect_uri`in g)&&o!==null&&(g.post_logout_redirect_uri=f);let e=``;for(let[t,n]of Object.entries(g))n!=null&&(e===``?e+=`?`:e+=`&`,e+=`${t}=${encodeURIComponent(n)}`);a.open(`${l.endSessionEndpoint}${e}`)}else a.reload()},P=function(e){return e.AutomaticBeforeTokenExpiration=`AutomaticBeforeTokensExpiration`,e.AutomaticOnlyWhenFetchExecuted=`AutomaticOnlyWhenFetchExecuted`,e}({}),De=(e,t,n=!1)=>async(...r)=>{let[i,a,...o]=r,s=a?{...a}:{method:`GET`},c=new Headers;s.headers&&(c=s.headers instanceof Headers?s.headers:new Headers(s.headers));let l=(await Ve({getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await B(t)(t.configuration,t.configurationName,t.tokens,!1);return e},renewTokensAsync:t.renewTokensAsync.bind(t)}))?.tokens?.accessToken;if(c.has(`Accept`)||c.set(`Accept`,`application/json`),l){if(t.configuration.demonstrating_proof_of_possession&&n){let e=await t.generateDemonstrationOfProofOfPossessionAsync(l,i.toString(),s.method);c.set(`Authorization`,`DPoP ${l}`),c.set(`DPoP`,e)}else c.set(`Authorization`,`Bearer ${l}`);s.credentials||=`same-origin`}return await e(i,{...s,headers:c},...o)},Oe=e=>async(t=!1,n=!1)=>{if(e.userInfo!=null&&!t)return e.userInfo;let r=!t&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(r)return e.userInfo=JSON.parse(r),e.userInfo;let i=e.configuration,a=(await e.initAsync(i.authority,i.authority_configuration)).userInfoEndpoint,o=await(async()=>{let t=await De(fetch,e,n)(a);return t.status===200?t.json():null})();return e.userInfo=o,o&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(o)),o},ke=()=>fetch,F=class{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}},I={},Ae=(e,t=new O)=>(n,r=`default`)=>(I[r]||(I[r]=new L(n,r,e,t)),I[r]),je=async e=>{let{parsedTokens:t,callbackPath:n,extras:r,scope:i}=await e.loginCallbackAsync();return e.timeoutId=R(e,t.expiresAt,r,i),{callbackPath:n}},Me=e=>Math.floor(Math.random()*e),L=class e{constructor(e,t=`default`,n,r=new O){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace(`-callback`,``).replace(`callback`,``)}-login`);let a=e.refresh_time_before_tokens_expiration_in_second??120;a>60&&(a-=Math.floor(Math.random()*40)),this.location=r??new O,this.configuration={...e,silent_login_uri:i,token_automatic_renew_mode:e.token_automatic_renew_mode??P.AutomaticBeforeTokenExpiration,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:a,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??H.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??[`access_token`,`refresh_token`],service_worker_activate:e.service_worker_activate??se,demonstrating_proof_of_possession_configuration:e.demonstrating_proof_of_possession_configuration??v,preload_user_info:e.preload_user_info??!1},this.getFetch=n??ke,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){let t=Me(9999999999999).toString();return this.events.push({id:t,func:e}),t}removeEventSubscription(e){let t=this.events.filter(t=>t.id!==e);this.events=t}publishEvent(e,t){this.events.forEach(n=>{n.func(e,t)})}static{this.getOrCreate=(e,t)=>(n,r=`default`)=>Ae(e,t)(n,r)}static get(e=`default`){return Object.prototype.hasOwnProperty.call(I,e)?I[e]:null}static getOrThrow(t=`default`){let n=e.get(t);if(!n)throw Error(`OIDC library does seem initialized.
+Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${t}"></OidcProvider> component.`);return n}static{this.eventNames=t}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let e=this.location,t=N(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(e=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let t=this.location,n=N(t.getCurrentHref());n.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:n.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:e==null?``:e.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame(e)}}async initAsync(e,t){if(this.initPromise!==null)return this.initPromise;let n=async()=>{if(t!=null)return new F({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});let n=await $(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await fe(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??3600,n,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=n(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise===null?(this.tryKeepExistingSessionPromise=ce(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null})):this.tryKeepExistingSessionPromise}async startCheckSessionAsync(e,t,n,r=!1){await f(this,I,this.configuration)(e,t,n,r)}async loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise===null?(i?this.loginPromise=d(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,r):this.loginPromise=be(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,t,n,r),this.loginPromise.finally(()=>{this.loginPromise=null})):this.loginPromise}async loginCallbackAsync(t=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;let n=async()=>{let n=await xe(this)(t),r=n.tokens;return this.tokens=r,await $(this.configuration,this.configurationName)||a(this.configurationName,this.configuration.storage,this.configuration.login_state_storage??this.configuration.storage).setTokens(r),this.publishEvent(e.eventNames.token_acquired,r),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:r,state:n.state,callbackPath:n.callbackPath,scope:n.scope,extras:n.extras}};return this.loginCallbackPromise=n(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){let i=this.configuration,o={ath:await ne(e),...r};if(await $(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Y(this.configurationName)}`;let s=a(this.configurationName,i.storage,i.login_state_storage??i.storage),c=await s.getDemonstratingProofOfPossessionJwkAsync(),l=s.getDemonstratingProofOfPossessionNonce();return l&&(o.nonce=l),await S(window)(i.demonstrating_proof_of_possession_configuration)(c,n,t,o)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise===null?(this.loginCallbackWithAutoTokensRenewPromise=je(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null})):this.loginCallbackWithAutoTokensRenewPromise}userInfoAsync(e=!1,t=!1){return this.userInfoPromise===null?(this.userInfoPromise=Oe(this)(e,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null})):this.userInfoPromise}async renewTokensAsync(e=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return l.clearTimeout(this.timeoutId),this.renewTokensPromise=Pe(this,!0,e,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(e){return await Te(this)(e)}async logoutSameTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(t.logout_from_same_tab,{mmessage:`SessionMonitor`,sub:n}))}async logoutOtherTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(t.logout_from_another_tab,{message:`SessionMonitor`,sub:n}))}async logoutAsync(e=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=Ee(this,I,this.getFetch(),console,this.location)(e,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};async function Ne(e,t,n,r=null){let{tokens:i,status:o}=await V(e)(t=>{e.tokens=t},0,0,t,n,r);return await $(e.configuration,e.configurationName)||a(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(o),null)}async function Pe(e,t=!1,n=null,r=null){let i=e.configuration,a=`${i.client_id}_${e.configurationName}_${i.authority}`,o,s=await $(e.configuration,e.configurationName);if(i?.storage===window?.sessionStorage&&!s||!navigator.locks)o=await Ne(e,t,n,r);else{let i=`retry`;for(;i===`retry`;)i=await navigator.locks.request(a,{ifAvailable:!0},async i=>i?await Ne(e,t,n,r):(e.publishEvent(L.eventNames.syncTokensAsync_lock_not_available,{lock:`lock not available`}),`retry`));o=i}return o?(e.timeoutId&&=R(e,e.tokens.expiresAt,n,r),e.tokens):null}var R=(e,t,n=null,r=null)=>{let i=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&l.clearTimeout(e.timeoutId),l.setTimeout(async()=>{let a={timeLeft:G(i,t)};e.publishEvent(L.eventNames.token_timer,a),await Pe(e,!1,n,r)},1e3)},z={FORCE_REFRESH:`FORCE_REFRESH`,SESSION_LOST:`SESSION_LOST`,NOT_CONNECTED:`NOT_CONNECTED`,TOKENS_VALID:`TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID`,LOGOUT_FROM_ANOTHER_TAB:`LOGOUT_FROM_ANOTHER_TAB`,REQUIRE_SYNC_TOKENS:`REQUIRE_SYNC_TOKENS`,TOKENS_INVALID:`TOKENS_INVALID`},B=e=>async(t,n,r,i=!1)=>{let o={nonce:null};if(!r)return{tokens:null,status:z.NOT_CONNECTED,nonce:o};let s,c=await e.initAsync(t.authority,t.authority_configuration),l=await $(t,n);if(l){let{status:e,tokens:n}=await l.initAsync(c,`syncTokensAsync`,t);if(e===`LOGGED_OUT`)return{tokens:null,status:z.LOGOUT_FROM_ANOTHER_TAB,nonce:o};if(e===`SESSIONS_LOST`)return{tokens:null,status:z.SESSION_LOST,nonce:o};if(!e||!n)return{tokens:null,status:z.REQUIRE_SYNC_TOKENS,nonce:o};if(n.issuedAt!==r.issuedAt)return{tokens:n,status:G(t.refresh_time_before_tokens_expiration_in_second,n.expiresAt)>0?z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,nonce:await l.getNonceAsync()};s=await l.getNonceAsync()}else{let i=a(n,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage),c=await i.initAsync(),{tokens:l}=c,{status:u}=c;if(l&&=U(l,e.tokens,t.token_renew_mode),!l)return{tokens:null,status:z.LOGOUT_FROM_ANOTHER_TAB,nonce:o};if(u===`SESSIONS_LOST`)return{tokens:null,status:z.SESSION_LOST,nonce:o};if(l.issuedAt!==r.issuedAt){let e=G(t.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,n=await i.getNonceAsync();return{tokens:l,status:e,nonce:n}}s=await i.getNonceAsync()}let u=G(t.refresh_time_before_tokens_expiration_in_second,r.expiresAt)>0?`TOKENS_VALID`:`TOKENS_INVALID`;return i?{tokens:r,status:`FORCE_REFRESH`,nonce:s}:{tokens:r,status:u,nonce:s}},V=e=>async(n,r=0,i=0,o=!1,s=null,c=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:`GIVE_UP`};let l=6,d=o?2:5;for(;!navigator.onLine&&l>0;)await q({milliseconds:1e3}),l--,e.publishEvent(t.refreshTokensAsync,{message:`wait because navigator is offline try ${l}`});let f=document.hidden,p=f?r:r+1,m=f?i+1:i;if(r>=d||i>=5)return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token`}),{tokens:null,status:`SESSION_LOST`};s||={};let h=e.configuration,g=(t,n=null,r=null)=>u(e.configurationName,e.configuration,e.publishEvent.bind(e))(t,n,r),_=async()=>{try{let r,i=await $(h,e.configurationName);r=i?i.getLoginParams():a(e.configurationName,h.storage,h.login_state_storage??h.storage).getLoginParams();let o={};if(r&&r.extras)for(let[e,t]of Object.entries(r.extras))t!=null&&(o[e]=t);if(s)for(let[e,t]of Object.entries(s))t!=null&&(o[e]=t);o.prompt=`none`,c&&(o.scope=c);let l=await g(o);return l?l.error?(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token silent`}),{tokens:null,status:`SESSION_LOST`}):(n(l.tokens),e.publishEvent(L.eventNames.token_renewed,{}),{tokens:l.tokens,status:`LOGGED`}):(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token silent not active`}),{tokens:null,status:`SESSION_LOST`})}catch(r){return console.error(r),e.publishEvent(t.refreshTokensAsync_silent_error,{message:`exceptionSilent`,exception:r.message}),await V(e)(n,p,m,o,s,c)}};try{let{status:l,tokens:u,nonce:d}=await B(e)(h,e.configurationName,e.tokens,o);switch(l){case z.SESSION_LOST:return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token session lost`}),{tokens:null,status:`SESSION_LOST`};case z.NOT_CONNECTED:return n(null),{tokens:null,status:null};case z.TOKENS_VALID:return n(u),{tokens:u,status:`LOGGED_IN`};case z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(u),e.publishEvent(L.eventNames.token_renewed,{reason:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`}),{tokens:u,status:`LOGGED_IN`};case z.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(t.logout_from_another_tab,{status:`session syncTokensAsync`}),{tokens:null,status:`LOGGED_OUT`};case z.REQUIRE_SYNC_TOKENS:return h.token_automatic_renew_mode==P.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(t.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`}):(e.publishEvent(t.refreshTokensAsync_begin,{tryNumber:r}),await _());default:{if(h.token_automatic_renew_mode==P.AutomaticOnlyWhenFetchExecuted&&z.FORCE_REFRESH!==l)return e.publishEvent(t.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`};if(e.publishEvent(t.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:r,backgroundTry:i}),!u.refreshToken)return await _();let f=h.client_id,g=h.redirect_uri,v=h.authority,y={...h.token_request_extras?h.token_request_extras:{}};for(let[e,t]of Object.entries(s))e.endsWith(`:token_request`)&&(y[e.replace(`:token_request`,``)]=t);return await(async()=>{let r={client_id:f,redirect_uri:g,grant_type:`refresh_token`,refresh_token:u.refreshToken},i=await e.initAsync(v,h.authority_configuration),l=document.hidden?1e4:3e4*10,_=i.tokenEndpoint,b={};h.demonstrating_proof_of_possession&&(b.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,_,`POST`));let x=await me(e.getFetch())(_,r,y,u,b,h.token_renew_mode,l);if(x.success){let{isValid:r,reason:o}=He(x.data,d.nonce,i);if(!r)return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${o}`}),{tokens:null,status:`SESSION_LOST`};if(n(x.data),x.demonstratingProofOfPossessionNonce){let t=await $(h,e.configurationName);t?await t.setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce):await a(e.configurationName,h.storage,h.login_state_storage??h.storage).setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce)}return e.publishEvent(t.refreshTokensAsync_end,{success:x.success}),e.publishEvent(L.eventNames.token_renewed,{reason:`REFRESH_TOKEN`}),{tokens:x.data,status:`LOGGED_IN`}}else return e.publishEvent(t.refreshTokensAsync_silent_error,{message:`bad request`,tokenResponse:x}),x.status>=400&&x.status<500?(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`session lost: ${x.status}`}),{tokens:null,status:`SESSION_LOST`}):await V(e)(n,p,m,o,s,c)})()}}}catch(r){return console.error(r),e.publishEvent(t.refreshTokensAsync_silent_error,{message:`exception`,exception:r.message}),new Promise((t,r)=>{setTimeout(()=>{V(e)(n,p,m,o,s,c).then(t).catch(r)},1e3)})}},Fe=e=>decodeURIComponent(Array.prototype.map.call(atob(e),e=>`%`+(`00`+e.charCodeAt(0).toString(16)).slice(-2)).join(``)),Ie=e=>JSON.parse(Fe(e.replaceAll(/-/g,`+`).replaceAll(/_/g,`/`))),Le=e=>{try{return e&&Re(e,`.`)===2?Ie(e.split(`.`)[1]):null}catch(e){console.warn(e)}return null},Re=(e,t)=>e.split(t).length-1,H={access_token_or_id_token_invalid:`access_token_or_id_token_invalid`,access_token_invalid:`access_token_invalid`,id_token_invalid:`id_token_invalid`};function ze(e,t,n){return e.issuedAt?typeof e.issuedAt==`string`?parseInt(e.issuedAt,10):e.issuedAt:t&&t.iat?t.iat:n&&n.iat?n.iat:new Date().getTime()/1e3}var U=(e,t=null,n)=>{if(!e)return null;let r,i=typeof e.expiresIn==`string`?parseInt(e.expiresIn,10):e.expiresIn;r=e.accessTokenPayload===void 0?Le(e.accessToken):e.accessTokenPayload;let a;a=t!=null&&`idToken`in t&&!(`idToken`in e)?t.idToken:e.idToken;let o=e.idTokenPayload?e.idTokenPayload:Le(a),s=o&&o.exp?o.exp:Number.MAX_VALUE,c=r&&r.exp?r.exp:e.issuedAt+i;e.issuedAt=ze(e,r,o);let l;l=e.expiresAt?e.expiresAt:n===H.access_token_invalid?c:n===H.id_token_invalid||s<c?s:c;let u={...e,idTokenPayload:o,accessTokenPayload:r,expiresAt:l,idToken:a};if(t!=null&&`refreshToken`in t&&!(`refreshToken`in e)){let e=t.refreshToken;return{...u,refreshToken:e}}return u},W=(e,t,n)=>{if(!e)return null;e.issued_at||=new Date().getTime()/1e3;let r={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return`refresh_token`in e&&(r.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(r.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(r.idTokenPayload=e.idTokenPayload),U(r,t,n)},G=(e,t)=>{let n=t-new Date().getTime()/1e3;return Math.round(n-e)},Be=(e,t=0)=>e?G(t,e.expiresAt)>0:!1,Ve=async(e,t=200,n=50)=>{let r=n,i=await e.syncTokensInfoAsync();for(;[z.REQUIRE_SYNC_TOKENS,z.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,z.TOKENS_INVALID].includes(i)&&r>0;){if(e.configuration.token_automatic_renew_mode==P.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await q({milliseconds:t});--r,i=await e.syncTokensInfoAsync()}return{isTokensValid:Be(e.getTokens()),tokens:e.getTokens(),numberWaited:r-n}},He=(e,t,n)=>{if(e.idTokenPayload){let r=e.idTokenPayload;if(n.issuer!==r.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`};let i=new Date().getTime()/1e3;if(r.exp&&r.exp<i)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`};let a=3600*24*7;if(r.iat&&r.iat+a<i)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat+a} < (currentTimeUnixSecond) ${i}`};if(r.nonce&&r.nonce!==t)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`}}return{isValid:!0,reason:``}},Ue=`7.27.16`,We=null,K,q=({milliseconds:e})=>new Promise(t=>l.setTimeout(t,e)),Ge=(e=`/`)=>{try{K=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:K.signal}).catch(e=>{console.log(e)}),q({milliseconds:150*1e3}).then(()=>Ge(e))}catch(e){console.log(e)}},J=()=>{K&&K.abort()},Y=e=>{let t=`oidc.tabId.${e}`,n=sessionStorage.getItem(t);if(n)return n;let r=globalThis.crypto.randomUUID();return sessionStorage.setItem(t,r),r},Ke=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,X=(e,t)=>n=>{let r=t?.timeoutMs??5e3;return new Promise((t,i)=>{let a=Ke(e);if(!a){i(Error(`Service worker target not available (controller/active/waiting/installing missing)`));return}let o=new MessageChannel,s=null,c=()=>{try{s!=null&&(l.clearTimeout(s),s=null),o.port1.onmessage=null,o.port1.close(),o.port2.close()}catch(e){console.error(e)}};s=l.setTimeout(()=>{c(),i(Error(`Service worker did not respond within ${r}ms (type=${n?.type})`))},r),o.port1.onmessage=e=>{c(),e?.data?.error?i(e.data.error):t(e.data)};try{let e=n?.configurationName;a.postMessage({...n,tabId:Y(e??`default`)},[o.port2])}catch(e){c(),i(e)}})},qe=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(t=>{let n=!1,r=()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener(`controllerchange`,r),l.setTimeout(()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))},e)}),Je=!1,Z=!1,Q=new Map,Ye=`oidc.sw.controllerchange_reload_count`,Xe=3,Ze=()=>{try{return parseInt(sessionStorage.getItem(Ye)??`0`,10)}catch{return 0}},Qe=()=>{let e=Ze()+1;try{sessionStorage.setItem(Ye,String(e))}catch{}return e},$e=()=>{try{sessionStorage.removeItem(Ye)}catch{}},$=async(e,t)=>{let n=e.service_worker_relative_url;if(typeof window>`u`||typeof navigator>`u`||!navigator.serviceWorker||!n||e.service_worker_activate()===!1)return null;let r=`${n}?v=${Ue}`,i=null;e.service_worker_register?(Q.has(n)||Q.set(n,e.service_worker_register(n)),i=await Q.get(n)):(Q.has(r)||Q.set(r,navigator.serviceWorker.register(r,{updateViaCache:`none`})),i=await Q.get(r));let a=`oidc.sw.version_mismatch_reload.${t}`,o=async e=>{J(),console.log(`New SW waiting – SKIP_WAITING`);try{await new Promise((n,r)=>{let i=new MessageChannel,a=null,o=()=>{try{a!=null&&(l.clearTimeout(a),a=null),i.port1.onmessage=null,i.port1.close(),i.port2.close()}catch(e){console.error(e)}};a=l.setTimeout(()=>{o(),r(Error(`SKIP_WAITING did not respond within 8000ms`))},8e3),i.port1.onmessage=e=>{o(),e?.data?.error?r(e.data.error):n()};try{e.postMessage({type:`SKIP_WAITING`,configurationName:t,data:null,tabId:Y(t??`default`)},[i.port2])}catch(e){o(),r(e)}})}catch(e){console.warn(`SKIP_WAITING failed`,e)}},s=async()=>{let e=i.waiting;e?await o(e):console.warn(`sendSkipWaiting called but no waiting service worker found`)},c=e=>{J(),e.addEventListener(`statechange`,async()=>{if(e.state===`installed`&&navigator.serviceWorker.controller){if(Ze()>=Xe){console.warn(`SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted`);return}await o(e)}})};i.addEventListener(`updatefound`,()=>{let e=i.installing;e&&c(e)}),i.installing?c(i.installing):i.waiting&&navigator.serviceWorker.controller&&(Ze()<Xe?s():console.warn(`SW: a waiting worker exists but reload budget is exhausted – skipping activation`)),i.update().catch(e=>{console.error(e)});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await X(i,{timeoutMs:8e3})({type:`claim`,configurationName:t,data:null}),await qe(2e3))}catch(e){return console.warn(`Failed init ServiceWorker ${e?.toString?.()??String(e)}`),null}Je||(Je=!0,navigator.serviceWorker.addEventListener(`controllerchange`,()=>{if(Z)return;let e=Qe();if(e>Xe){console.warn(`SW controllerchange: reload budget exhausted (${e-1} reloads). Skipping reload to avoid infinite loop.`);return}Z=!0,console.log(`SW controller changed – reloading page`),J(),window.location.reload()}));let u=async e=>X(i)({type:`clear`,data:{status:e},configurationName:t}),d=async(e,n,r)=>{let o=await X(i)({type:`init`,data:{oidcServerConfiguration:e,where:n,oidcConfiguration:{token_renew_mode:r.token_renew_mode,service_worker_convert_all_requests_to_cors:r.service_worker_convert_all_requests_to_cors}},configurationName:t}),c=o.version;if(c!==`7.27.16`){console.warn(`Service worker ${c} version mismatch with js client version ${Ue}, unregistering and reloading`);let e=parseInt(sessionStorage.getItem(a)??`0`,10);if(e<3){if(sessionStorage.setItem(a,String(e+1)),i.waiting)return await s(),await q({milliseconds:500}),Z||(Z=!0,window.location.reload()),new Promise(()=>{});{J();try{await i.update()}catch(e){console.error(e)}let e=await i.unregister();return console.log(`Service worker unregistering ${e}`),await q({milliseconds:500}),Z||(Z=!0,window.location.reload()),new Promise(()=>{})}}else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`)}else sessionStorage.removeItem(a),$e();return{tokens:W(o.tokens,null,r.token_renew_mode),status:o.status}},f=(e=`/`)=>{We??(We=`not_null`,Ge(e))},p=e=>X(i)({type:`setSessionState`,data:{sessionState:e},configurationName:t}),m=async()=>(await X(i)({type:`getSessionState`,data:null,configurationName:t})).sessionState,h=e=>(sessionStorage[`oidc.nonce.${t}`]=e.nonce,X(i)({type:`setNonce`,data:{nonce:e},configurationName:t})),g=async(e=!0)=>{let n=(await X(i)({type:`getNonce`,data:null,configurationName:t})).nonce;return n||(n=sessionStorage[`oidc.nonce.${t}`],console.warn(`nonce not found in service worker, using sessionStorage`),e&&(await h(n),n=(await g(!1)).nonce)),{nonce:n}},_={},v=e=>{if(e==null){delete _[t],delete localStorage[`oidc.login.${t}`];return}_[t]=e,localStorage[`oidc.login.${t}`]=JSON.stringify(e)},y=()=>{if(_[t])return _[t];let e=localStorage[`oidc.login.${t}`];if(typeof e!=`string`||e===``||e===`undefined`||e===`null`)return null;try{_[t]=JSON.parse(e)}catch{return null}return _[t]},b=async e=>{await X(i)({type:`setDemonstratingProofOfPossessionNonce`,data:{demonstratingProofOfPossessionNonce:e},configurationName:t})},x=async()=>(await X(i)({type:`getDemonstratingProofOfPossessionNonce`,data:null,configurationName:t})).demonstratingProofOfPossessionNonce,ee=async e=>{let n=JSON.stringify(e);await X(i)({type:`setDemonstratingProofOfPossessionJwk`,data:{demonstratingProofOfPossessionJwkJson:n},configurationName:t})},S=async()=>{let e=await X(i)({type:`getDemonstratingProofOfPossessionJwk`,data:null,configurationName:t});return e.demonstratingProofOfPossessionJwkJson?JSON.parse(e.demonstratingProofOfPossessionJwkJson):null},C=async(e=!0)=>{let n=(await X(i)({type:`getState`,data:null,configurationName:t})).state;return n||(n=sessionStorage[`oidc.state.${t}`],console.warn(`state not found in service worker, using sessionStorage`),e&&(await w(n),n=await C(!1))),n},w=async e=>(sessionStorage[`oidc.state.${t}`]=e,X(i)({type:`setState`,data:{state:e},configurationName:t})),T=async(e=!0)=>{let n=(await X(i)({type:`getCodeVerifier`,data:null,configurationName:t})).codeVerifier;return n||(n=sessionStorage[`oidc.code_verifier.${t}`],console.warn(`codeVerifier not found in service worker, using sessionStorage`),e&&(await E(n),n=await T(!1))),n},E=async e=>(sessionStorage[`oidc.code_verifier.${t}`]=e,X(i)({type:`setCodeVerifier`,data:{codeVerifier:e},configurationName:t}));return{clearAsync:u,initAsync:d,startKeepAliveServiceWorker:()=>f(e.service_worker_keep_alive_path),setSessionStateAsync:p,getSessionStateAsync:m,setNonceAsync:h,getNonceAsync:g,setLoginParams:v,getLoginParams:y,getStateAsync:C,setStateAsync:w,getCodeVerifierAsync:T,setCodeVerifierAsync:E,setDemonstratingProofOfPossessionNonce:b,getDemonstratingProofOfPossessionNonce:x,setDemonstratingProofOfPossessionJwkAsync:ee,getDemonstratingProofOfPossessionJwkAsync:S,signalAsync:(e,n)=>X(i,n)({...e,configurationName:e.configurationName??t})}},et=async(e,t,n,r)=>{let i=await $(e,t);if(!i)throw Error(`signalServiceWorkerAsync: no service worker registered for configuration "${t}"`);return i.signalAsync(n,r)},tt=class e{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,t){this._oidc.publishEvent(e,t)}static{this.getOrCreate=(t,n=new O)=>(r,i=`default`)=>new e(L.getOrCreate(t,n)(r,i))}static get(t=`default`){let n=L.get(t);return n?new e(n):null}static getOrThrow(t=`default`){return new e(L.getOrThrow(t))}static{this.eventNames=L.eventNames}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this._oidc.loginAsync(e,t,n,r,i)}logoutAsync(e=void 0,t=null){return this._oidc.logoutAsync(e,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null,t=null){return this._oidc.renewTokensAsync(e,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,t,n,r)}async getValidTokenAsync(e=200,t=50){let n=this._oidc;return Ve({getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await B(n)(n.configuration,n.configurationName,n.tokens,!1);return e},renewTokensAsync:n.renewTokensAsync.bind(n)},e,t)}fetchWithTokens(e,t=!1){return De(e,this._oidc,t)}async userInfoAsync(e=!1,t=!1){return this._oidc.userInfoAsync(e,t)}userInfo(){return this._oidc.userInfo}async signalServiceWorker(e,t){return et(this._oidc.configuration,this._oidc.configurationName,e,t)}},nt=`1.0.0`,rt={SKIP_WAITING:`SKIP_WAITING`,CLAIM:`claim`,CLEAR:`clear`,INIT:`init`,SET_STATE:`setState`,GET_STATE:`getState`,SET_CODE_VERIFIER:`setCodeVerifier`,GET_CODE_VERIFIER:`getCodeVerifier`,SET_SESSION_STATE:`setSessionState`,GET_SESSION_STATE:`getSessionState`,SET_NONCE:`setNonce`,GET_NONCE:`getNonce`,SET_DPOP_NONCE:`setDemonstratingProofOfPossessionNonce`,GET_DPOP_NONCE:`getDemonstratingProofOfPossessionNonce`,SET_DPOP_JWK:`setDemonstratingProofOfPossessionJwk`,GET_DPOP_JWK:`getDemonstratingProofOfPossessionJwk`},it={ACCESS_TOKEN:`ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER`,REFRESH_TOKEN:`REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER`,NONCE_TOKEN:`NONCE_SECURED_BY_OIDC_SERVICE_WORKER`,CODE_VERIFIER:`CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER`},at=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER`;e.DPOP_TOKEN_PLACEHOLDER_PREFIX=at,e.OidcClient=tt,e.OidcLocation=O,e.PROTOCOL_VERSION=nt,e.STORAGE_KEY_PREFIX={TAB_ID:`oidc.tabId.`,STATE:`oidc.state.`,NONCE:`oidc.nonce.`,CODE_VERIFIER:`oidc.code_verifier.`,LOGIN_PARAMS:`oidc.login.`,SW_VERSION_MISMATCH_RELOAD:`oidc.sw.version_mismatch_reload.`},e.SW_CONTROLLER_CHANGE_RELOAD_COUNT_KEY=`oidc.sw.controllerchange_reload_count`,e.ServiceWorkerMessageType=rt,e.TOKEN_PLACEHOLDERS=it,e.TokenAutomaticRenewMode=P,e.TokenRenewMode=H,e.buildDpopSecuredPlaceholder=(e,t=`default`)=>`${at}_${e}#tabId=${t}`,e.buildSecuredTokenPlaceholder=(e,t,n=`default`)=>`${e}_${t}#tabId=${n}`,e.buildStorageKey=(e,t)=>`${e}${t}`,e.getFetchDefault=ke,e.getParseQueryStringFromLocation=N,e.getPath=ve,e.isServiceWorkerMessageType=e=>typeof e==`string`?Object.values(rt).includes(e):!1,e.signalServiceWorkerAsync=et});

package/dist/oidc.d.ts

@@ -42,7 +42,26 @@ export declare class Oidc {
     removeEventSubscription(id: any): void;
     publishEvent(eventName: any, data: any): void;
     static getOrCreate: (getFetch: () => Fetch, location: ILOidcLocation) => (configuration: any, name?: string) => any;
-    static get(name?: string): any;
+    /**
+     * Retrieve an existing OIDC instance previously initialized via
+     * {@link Oidc.getOrCreate}.
+     *
+     * Since issue #1679, this method no longer throws when the requested
+     * configuration has not been initialized; it returns `null` instead.
+     * This makes hooks such as `useOidc`, `useOidcUser` and `useOidcIdToken`
+     * safe to call outside of an `<OidcProvider>` (e.g. in unit tests or
+     * Storybook stories).
+     *
+     * Use {@link Oidc.getOrThrow} to preserve the previous fail-fast
+     * behaviour.
+     */
+    static get(name?: string): Oidc | null;
+    /**
+     * Retrieve an existing OIDC instance, throwing an explicit error if it
+     * has not been initialized. This preserves the historical (pre-#1679)
+     * fail-fast behaviour of `Oidc.get`.
+     */
+    static getOrThrow(name?: string): Oidc;
     static eventNames: {
         service_worker_not_supported_by_browser: string;
         token_acquired: string;

package/dist/oidc.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAW7D,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAG1D,OAAO,EAAkB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAM1D,OAAO,EACL,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EAEV,MAAM,YAAY,CAAC;AAGpB,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACxD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,qCAAqC;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CASzB;AAYD,MAAM,MAAM,aAAa,GAAG;IAC1B,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,SAAS,CAAC;CACnB,CAAC;AAYF,qBAAa,IAAI;IACR,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBAE9B,aAAa,EAAE,iBAAiB,EAChC,iBAAiB,QAAY,EAC7B,QAAQ,EAAE,MAAM,KAAK,EACrB,QAAQ,GAAE,cAAmC;IAyD/C,eAAe,CAAC,IAAI,KAAA,GAAG,MAAM;IAM7B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,UAAU,cAAc,MAC/C,kBAAa,EAAE,aAAgB,SAE9B;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY;IAS3B,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAW9B,mCAAmC,CAAC,SAAS,MAAO;IAkB9C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,sBAAsB;IAsCjF,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/C,sBAAsB,CAC1B,qBAAqB,KAAA,EACrB,QAAQ,KAAA,EACR,YAAY,KAAA,EACZ,cAAc,UAAQ;IAUxB,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAQ;IAChC,UAAU,CACd,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ;IA+BzB,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACpC,kBAAkB,CAAC,aAAa,UAAQ;IAuCxC,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IA8BlB,uCAAuC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAQ;IACvE,qCAAqC,IAAI,OAAO,CAAC,aAAa,CAAC;IAU/D,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAQ;IAUxE,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IAElC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa;IAe/D,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAe7C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAepD,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC9B,WAAW,CACf,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB;CAgB3B;AAED,eAAe,IAAI,CAAC"}
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAW7D,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAG1D,OAAO,EAAkB,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAM1D,OAAO,EACL,sBAAsB,EACtB,KAAK,EACL,iBAAiB,EACjB,SAAS,EAEV,MAAM,YAAY,CAAC;AAGpB,eAAO,MAAM,eAAe,oBAE3B,CAAC;AAEF,MAAM,WAAW,yCAAyC;IACxD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,qCAAqC;IAChD,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,gBAAgB,CAAS;IACjC,OAAO,CAAC,kBAAkB,CAAS;gBAEvB,OAAO,EAAE,GAAG;CASzB;AAYD,MAAM,MAAM,aAAa,GAAG;IAC1B,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,SAAS,CAAC;CACnB,CAAC;AAYF,qBAAa,IAAI;IACR,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,EAAE,MAAM,KAAK,CAAC;IACtB,QAAQ,EAAE,cAAc,CAAC;gBAE9B,aAAa,EAAE,iBAAiB,EAChC,iBAAiB,QAAY,EAC7B,QAAQ,EAAE,MAAM,KAAK,EACrB,QAAQ,GAAE,cAAmC;IAyD/C,eAAe,CAAC,IAAI,KAAA,GAAG,MAAM;IAM7B,uBAAuB,CAAC,EAAE,KAAA,GAAG,IAAI;IAKjC,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAM5B,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,UAAU,cAAc,MAC/C,kBAAa,EAAE,aAAgB,SAE9B;IAEJ;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAG,IAAI,GAAG,IAAI;IAOzC;;;;OAIG;IACH,MAAM,CAAC,UAAU,CAAC,IAAI,SAAY,GAAG,IAAI;IASzC,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAW9B,mCAAmC,CAAC,SAAS,MAAO;IAkB9C,wBAAwB;IAU9B,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,sBAAsB;IAsCjF,6BAA6B,MAAQ;IAC/B,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAU/C,sBAAsB,CAC1B,qBAAqB,KAAA,EACrB,QAAQ,KAAA,EACR,YAAY,KAAA,EACZ,cAAc,UAAQ;IAUxB,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,CAAQ;IAChC,UAAU,CACd,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ;IA+BzB,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACpC,kBAAkB,CAAC,aAAa,UAAQ;IAuCxC,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IA8BlB,uCAAuC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAQ;IACvE,qCAAqC,IAAI,OAAO,CAAC,aAAa,CAAC;IAU/D,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IACrC,aAAa,CAAC,OAAO,UAAQ,EAAE,iCAAiC,UAAQ;IAUxE,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,CAAQ;IAElC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa;IAe/D,YAAY,CAAC,MAAM,KAAA;IAInB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAe7C,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAepD,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,CAAQ;IAC9B,WAAW,CACf,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB;CAgB3B;AAED,eAAe,IAAI,CAAC"}

package/dist/oidcClient.d.ts

@@ -13,7 +13,23 @@ export declare class OidcClient {
     removeEventSubscription(id: string): void;
     publishEvent(eventName: string, data: any): void;
     static getOrCreate: (getFetch: () => Fetch, location?: ILOidcLocation) => (configuration: OidcConfiguration, name?: string) => OidcClient;
-    static get(name?: string): OidcClient;
+    /**
+     * Retrieve an existing {@link OidcClient} by configuration name.
+     *
+     * Since issue #1679, this method returns `null` when the requested
+     * configuration has not been initialized, instead of throwing. This
+     * allows React hooks to be used safely outside of `<OidcProvider>`.
+     *
+     * Use {@link OidcClient.getOrThrow} to preserve the previous fail-fast
+     * behaviour.
+     */
+    static get(name?: string): OidcClient | null;
+    /**
+     * Retrieve an existing {@link OidcClient}, throwing if it has not been
+     * initialized. Equivalent to the pre-#1679 behaviour of
+     * {@link OidcClient.get}.
+     */
+    static getOrThrow(name?: string): OidcClient;
     static eventNames: {
         service_worker_not_supported_by_browser: string;
         token_acquired: string;

package/dist/oidcClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AACA,OAAO,EACL,0BAA0B,EAC1B,0BAA0B,EAE3B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAiC,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAErF,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEjE,MAAM,WAAW,eAAe;IAC9B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAE;CAC3B;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAO;gBACjB,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAE,eAAe,GAAG,MAAM;IAI9C,uBAAuB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAIzC,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,IAAI;IAIhD,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,WAAU,cAAmC,MACpE,eAAe,iBAAiB,EAAE,aAAgB,KAAG,UAAU,CAE9D;IAEJ,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAG,UAAU;IAIxC,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAmB;IACpC,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAI/C,UAAU,CACR,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ,GACtB,OAAO,CAAC,OAAO,CAAC;IAInB,WAAW,CACT,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB,GACvB,OAAO,CAAC,IAAI,CAAC;IAIhB,wBAAwB,IAAI,OAAO,CAAC,IAAI,CAAC;IAIzC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/E,kBAAkB,IAAI,OAAO,CAAC,aAAa,CAAC;IAI5C,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,aAAa,IAAI,iBAAiB,CAErC;IAEK,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IASZ,kBAAkB,CAAC,MAAM,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,UAAU,CAAC;IAuB5E,eAAe,CAAC,KAAK,EAAE,KAAK,EAAE,8BAA8B,GAAE,OAAe,GAAG,KAAK;IAI/E,aAAa,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,EACvD,OAAO,UAAQ,EACf,8BAA8B,GAAE,OAAe,GAC9C,OAAO,CAAC,CAAC,CAAC;IAIb,QAAQ,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,KAAK,CAAC;IAIpD;;;;;;;;;;;OAWG;IACG,mBAAmB,CAAC,SAAS,GAAG,OAAO,EAC3C,OAAO,EAAE,0BAA0B,EACnC,OAAO,CAAC,EAAE,0BAA0B,GACnC,OAAO,CAAC,SAAS,CAAC;CAQtB;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}
+{"version":3,"file":"oidcClient.d.ts","sourceRoot":"","sources":["../src/oidcClient.ts"],"names":[],"mappings":"AACA,OAAO,EACL,0BAA0B,EAC1B,0BAA0B,EAE3B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,cAAc,EAAgB,MAAM,YAAY,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAiC,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAErF,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEjE,MAAM,WAAW,eAAe;IAC9B,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAE;CAC3B;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAO;gBACjB,IAAI,EAAE,IAAI;IAItB,eAAe,CAAC,IAAI,EAAE,eAAe,GAAG,MAAM;IAI9C,uBAAuB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAIzC,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,IAAI;IAIhD,MAAM,CAAC,WAAW,GACf,UAAU,MAAM,KAAK,EAAE,WAAU,cAAmC,MACpE,eAAe,iBAAiB,EAAE,aAAgB,KAAG,UAAU,CAE9D;IAEJ;;;;;;;;;OASG;IACH,MAAM,CAAC,GAAG,CAAC,IAAI,SAAY,GAAG,UAAU,GAAG,IAAI;IAK/C;;;;OAIG;IACH,MAAM,CAAC,UAAU,CAAC,IAAI,SAAY,GAAG,UAAU;IAI/C,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAmB;IACpC,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC;IAI/C,UAAU,CACR,YAAY,GAAE,MAAkB,EAChC,MAAM,GAAE,SAAgB,EACxB,cAAc,UAAQ,EACtB,KAAK,GAAE,MAAkB,EACzB,eAAe,UAAQ,GACtB,OAAO,CAAC,OAAO,CAAC;IAInB,WAAW,CACT,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EACxD,MAAM,GAAE,SAAgB,GACvB,OAAO,CAAC,IAAI,CAAC;IAIhB,wBAAwB,IAAI,OAAO,CAAC,IAAI,CAAC;IAIzC,gBAAgB,CAAC,MAAM,GAAE,SAAgB,EAAE,KAAK,GAAE,MAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/E,kBAAkB,IAAI,OAAO,CAAC,aAAa,CAAC;IAI5C,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,aAAa,IAAI,iBAAiB,CAErC;IAEK,6CAA6C,CACjD,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,SAAc,GACrB,OAAO,CAAC,MAAM,CAAC;IASZ,kBAAkB,CAAC,MAAM,SAAM,EAAE,UAAU,SAAK,GAAG,OAAO,CAAC,UAAU,CAAC;IAuB5E,eAAe,CAAC,KAAK,EAAE,KAAK,EAAE,8BAA8B,GAAE,OAAe,GAAG,KAAK;IAI/E,aAAa,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,EACvD,OAAO,UAAQ,EACf,8BAA8B,GAAE,OAAe,GAC9C,OAAO,CAAC,CAAC,CAAC;IAIb,QAAQ,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY,KAAK,CAAC;IAIpD;;;;;;;;;;;OAWG;IACG,mBAAmB,CAAC,SAAS,GAAG,OAAO,EAC3C,OAAO,EAAE,0BAA0B,EACnC,OAAO,CAAC,EAAE,0BAA0B,GACnC,OAAO,CAAC,SAAS,CAAC;CAQtB;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}

package/dist/oidcClient.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=oidcClient.spec.d.ts.map

package/dist/oidcClient.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidcClient.spec.d.ts","sourceRoot":"","sources":["../src/oidcClient.spec.ts"],"names":[],"mappings":""}

package/dist/version.d.ts

@@ -1,3 +1,3 @@
-declare const _default: "7.27.15";
+declare const _default: "7.27.16";
 export default _default;
 //# sourceMappingURL=version.d.ts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axa-fr/oidc-client",
-  "version": "7.27.15",
+  "version": "7.27.16",
   "private": false,
   "type": "module",
   "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
     "url": "https://github.com/AxaFrance/oidc-client.git"
   },
   "dependencies": {
-    "@axa-fr/oidc-client-service-worker": "7.27.15"
+    "@axa-fr/oidc-client-service-worker": "7.27.16"
   },
   "devDependencies": {
     "@testing-library/dom": "10.4.1",

package/src/oidc.ts

@@ -183,13 +183,38 @@ export class Oidc {
       return oidcFactory(getFetch, location)(configuration, name);
     };
 
-  static get(name = 'default') {
-    const isInsideBrowser = typeof process === 'undefined';
-    if (!Object.prototype.hasOwnProperty.call(oidcDatabase, name) && isInsideBrowser) {
+  /**
+   * Retrieve an existing OIDC instance previously initialized via
+   * {@link Oidc.getOrCreate}.
+   *
+   * Since issue #1679, this method no longer throws when the requested
+   * configuration has not been initialized; it returns `null` instead.
+   * This makes hooks such as `useOidc`, `useOidcUser` and `useOidcIdToken`
+   * safe to call outside of an `<OidcProvider>` (e.g. in unit tests or
+   * Storybook stories).
+   *
+   * Use {@link Oidc.getOrThrow} to preserve the previous fail-fast
+   * behaviour.
+   */
+  static get(name = 'default'): Oidc | null {
+    if (!Object.prototype.hasOwnProperty.call(oidcDatabase, name)) {
+      return null;
+    }
+    return oidcDatabase[name];
+  }
+
+  /**
+   * Retrieve an existing OIDC instance, throwing an explicit error if it
+   * has not been initialized. This preserves the historical (pre-#1679)
+   * fail-fast behaviour of `Oidc.get`.
+   */
+  static getOrThrow(name = 'default'): Oidc {
+    const oidc = Oidc.get(name);
+    if (!oidc) {
       throw Error(`OIDC library does seem initialized.
 Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${name}"></OidcProvider> component.`);
     }
-    return oidcDatabase[name];
+    return oidc;
   }
 
   static eventNames = eventNames;

package/src/oidcClient.spec.ts

@@ -0,0 +1,34 @@
+import { describe, expect, it } from 'vitest';
+
+import { Oidc } from './oidc.js';
+import { OidcClient } from './oidcClient.js';
+
+describe('OidcClient.get (issue #1679)', () => {
+  it('returns null when no configuration has been initialized', () => {
+    expect(OidcClient.get('unknown-configuration-1679')).toBeNull();
+  });
+
+  it('does not throw when no configuration has been initialized', () => {
+    expect(() => OidcClient.get('another-unknown-configuration-1679')).not.toThrow();
+  });
+});
+
+describe('OidcClient.getOrThrow (issue #1679)', () => {
+  it('throws an explicit error when configuration has not been initialized', () => {
+    expect(() => OidcClient.getOrThrow('missing-configuration-1679')).toThrow(
+      /OIDC library does seem initialized/,
+    );
+  });
+});
+
+describe('Oidc.get (issue #1679)', () => {
+  it('returns null when no configuration has been initialized', () => {
+    expect(Oidc.get('unknown-oidc-1679')).toBeNull();
+  });
+
+  it('Oidc.getOrThrow throws when configuration has not been initialized', () => {
+    expect(() => Oidc.getOrThrow('missing-oidc-1679')).toThrow(
+      /OIDC library does seem initialized/,
+    );
+  });
+});

package/src/oidcClient.ts

@@ -38,8 +38,28 @@ export class OidcClient {
       return new OidcClient(Oidc.getOrCreate(getFetch, location)(configuration, name));
     };
 
-  static get(name = 'default'): OidcClient {
-    return new OidcClient(Oidc.get(name));
+  /**
+   * Retrieve an existing {@link OidcClient} by configuration name.
+   *
+   * Since issue #1679, this method returns `null` when the requested
+   * configuration has not been initialized, instead of throwing. This
+   * allows React hooks to be used safely outside of `<OidcProvider>`.
+   *
+   * Use {@link OidcClient.getOrThrow} to preserve the previous fail-fast
+   * behaviour.
+   */
+  static get(name = 'default'): OidcClient | null {
+    const oidc = Oidc.get(name);
+    return oidc ? new OidcClient(oidc) : null;
+  }
+
+  /**
+   * Retrieve an existing {@link OidcClient}, throwing if it has not been
+   * initialized. Equivalent to the pre-#1679 behaviour of
+   * {@link OidcClient.get}.
+   */
+  static getOrThrow(name = 'default'): OidcClient {
+    return new OidcClient(Oidc.getOrThrow(name));
   }
 
   static eventNames = Oidc.eventNames;

package/src/version.ts

@@ -1 +1 @@
-export default '7.27.15';
+export default '7.27.16';