@axa-fr/oidc-client 7.27.15 → 7.27.17

package/dist/index.js

@@ -636,10 +636,10 @@ var oe = () => {
 		} else throw console.error(a.message), a;
 	}
 	return a;
-}, j = {
+}, fe = {
 	refresh_token: "refresh_token",
 	access_token: "access_token"
-}, fe = (e) => async (t, n, r = j.refresh_token, i, a = {}, o = 1e4) => {
+}, pe = (e) => async (t, n, r = fe.refresh_token, i, a = {}, o = 1e4) => {
 	let s = {
 		token: n,
 		token_type_hint: r,
@@ -657,7 +657,7 @@ var oe = () => {
 		headers: { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8" },
 		body: l
 	}, o)).status === 200 ? { success: !0 } : { success: !1 };
-}, pe = (e) => async (t, n, r, i, a = {}, o, s = 1e4) => {
+}, me = (e) => async (t, n, r, i, a = {}, o, s = 1e4) => {
 	for (let [e, t] of Object.entries(r)) n[e] === void 0 && (n[e] = t);
 	let c = [];
 	for (let e in n) {
@@ -678,20 +678,20 @@ var oe = () => {
 		demonstratingProofOfPossessionNonce: null
 	};
 	let d = await u.json(), f = null;
-	return u.headers.has(M) && (f = u.headers.get(M)), {
+	return u.headers.has(j) && (f = u.headers.get(j)), {
 		success: !0,
 		status: u.status,
 		data: G(d, i, o),
 		demonstratingProofOfPossessionNonce: f
 	};
-}, me = (e, t) => async (n, r) => {
+}, he = (e, t) => async (n, r) => {
 	r = r ? { ...r } : {};
 	let i = D(128), a = await ne(i);
 	await e.setCodeVerifierAsync(i), await e.setStateAsync(r.state), r.code_challenge = a, r.code_challenge_method = "S256";
 	let o = "";
 	if (r) for (let [e, t] of Object.entries(r)) o === "" ? o += "?" : o += "&", o += `${e}=${encodeURIComponent(t)}`;
 	t.open(`${n}${o}`);
-}, M = "DPoP-Nonce", he = (e) => async (t, n, r, i, a = 1e4) => {
+}, j = "DPoP-Nonce", ge = (e) => async (t, n, r, i, a = 1e4) => {
 	n = n ? { ...n } : {}, n.code_verifier = await e.getCodeVerifierAsync();
 	let o = [];
 	for (let e in n) {
@@ -711,7 +711,7 @@ var oe = () => {
 		status: c.status
 	};
 	let l = null;
-	c.headers.has(M) && (l = c.headers.get(M));
+	c.headers.has(j) && (l = c.headers.get(j));
 	let u = await c.json();
 	return {
 		success: !0,
@@ -721,7 +721,7 @@ var oe = () => {
 			demonstratingProofOfPossessionNonce: l
 		}
 	};
-}, ge = (e) => {
+}, _e = (e) => {
 	let t = e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);
 	if (!t) throw Error("Invalid URL");
 	let n = t[6], r = t[7];
@@ -739,19 +739,19 @@ var oe = () => {
 		search: n,
 		hash: r
 	};
-}, _e = (e) => {
-	let t = ge(e), { path: n } = t;
+}, ve = (e) => {
+	let t = _e(e), { path: n } = t;
 	n.endsWith("/") && (n = n.slice(0, -1));
 	let { hash: r } = t;
 	return r === "#_=_" && (r = ""), r && (n += r), n;
-}, N = (e) => {
-	let { search: t } = ge(e);
-	return ve(t);
-}, ve = (e) => {
+}, M = (e) => {
+	let { search: t } = _e(e);
+	return ye(t);
+}, ye = (e) => {
 	let t = {}, n, r, i, a = e.split("&");
 	for (r = 0, i = a.length; r < i; r++) n = a[r].split("="), t[decodeURIComponent(n[0])] = decodeURIComponent(n[1]);
 	return t;
-}, ye = (t, n, r, a, o) => (s = void 0, c = null, l = !1, u = void 0) => {
+}, be = (t, n, r, a, o) => (s = void 0, c = null, l = !1, u = void 0) => {
 	let d = c;
 	return c = { ...c }, (async () => {
 		let f = s || o.getPath();
@@ -785,15 +785,15 @@ var oe = () => {
 				response_type: "code",
 				...r
 			};
-			await me(h, o)(m.authorizationEndpoint, g);
+			await he(h, o)(m.authorizationEndpoint, g);
 		} catch (t) {
 			throw r(e.loginAsync_error, t), t;
 		}
 	})();
-}, be = (t) => async (n = !1) => {
+}, xe = (t) => async (n = !1) => {
 	try {
 		t.publishEvent(e.loginCallbackAsync_begin, {});
-		let r = t.configuration, a = r.client_id, o = n ? r.silent_redirect_uri : r.redirect_uri, s = r.authority, c = r.token_request_timeout, l = await t.initAsync(s, r.authority_configuration), u = N(t.location.getCurrentHref()), d = u.session_state, f = await $(r, t.configurationName), p, m, h, g;
+		let r = t.configuration, a = r.client_id, o = n ? r.silent_redirect_uri : r.redirect_uri, s = r.authority, c = r.token_request_timeout, l = await t.initAsync(s, r.authority_configuration), u = M(t.location.getCurrentHref()), d = u.session_state, f = await $(r, t.configurationName), p, m, h, g;
 		if (f) await f.initAsync(l, "loginCallbackAsync", r), await f.setSessionStateAsync(d), m = await f.getNonceAsync(), h = f.getLoginParams(), g = await f.getStateAsync(), f.startKeepAliveServiceWorker(), p = f;
 		else {
 			let e = i(t.configurationName, r.storage ?? sessionStorage, r.login_state_storage ?? r.storage ?? sessionStorage);
@@ -816,14 +816,14 @@ var oe = () => {
 			let e = await x(window)(r.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
 			await i(t.configurationName, r.storage, r.login_state_storage ?? r.storage).setDemonstratingProofOfPossessionJwkAsync(e), b.DPoP = await S(window)(r.demonstrating_proof_of_possession_configuration)(e, "POST", y);
 		}
-		let C = await he(p)(y, {
+		let C = await ge(p)(y, {
 			..._,
 			...v
 		}, b, t.configuration.token_renew_mode, c);
 		if (!C.success) throw Error("Token request failed");
 		let w, T = C.data.tokens, E = C.data.demonstratingProofOfPossessionNonce;
 		if (C.data.state !== v.state) throw Error("state is not valid");
-		let { isValid: D, reason: ee } = Be(T, m.nonce, l);
+		let { isValid: D, reason: ee } = He(T, m.nonce, l);
 		if (!D) throw Error(`Tokens are not OpenID valid, reason: ${ee}`);
 		if (f) {
 			if (T.refreshToken && !T.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Refresh token should be hidden by service worker");
@@ -844,10 +844,10 @@ var oe = () => {
 	} catch (n) {
 		throw console.error(n), t.publishEvent(e.loginCallbackAsync_error, n), n;
 	}
-}, xe = {
+}, Se = {
 	access_token: "access_token",
 	refresh_token: "refresh_token"
-}, P = (e, t) => {
+}, N = (e, t) => {
 	let n = {};
 	if (e) {
 		for (let [r, i] of Object.entries(e)) if (r.endsWith(t)) {
@@ -857,59 +857,72 @@ var oe = () => {
 		return n;
 	}
 	return n;
-}, Se = (e) => {
+}, Ce = (e) => {
 	let t = {};
 	if (e) {
 		for (let [n, r] of Object.entries(e)) n.includes(":") || (t[n] = r);
 		return t;
 	}
 	return t;
-}, Ce = (e) => async (t) => {
+}, we = (e) => async (t) => {
 	c.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
 	let n = await $(e.configuration, e.configurationName);
 	n ? await n.clearAsync(t) : await i(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).clearAsync(t), e.tokens = null, e.userInfo = null;
-}, we = (t, n, r, i, a) => async (o = void 0, s = null) => {
-	let c = t.configuration, l = await t.initAsync(c.authority, c.authority_configuration);
-	o && typeof o != "string" && (o = void 0, i.warn("callbackPathOrUrl path is not a string"));
-	let u = o ?? a.getPath(), d = !1;
-	o && (d = o.includes("https://") || o.includes("http://"));
-	let f = d ? o : a.getOrigin() + u, p = t.tokens ? t.tokens.idToken : "";
+}, P = (t, n) => async () => {
+	let r = t.tokens?.idTokenPayload?.sub ?? null;
+	await t.destroyAsync("LOGGED_OUT");
+	for (let [, i] of Object.entries(n)) i === t ? t.publishEvent(e.logout_from_same_tab, {}) : await t.logoutSameTabAsync(t.configuration.client_id, r);
+}, Te = (e, t, n, r) => {
+	"id_token_hint" in t || (t.id_token_hint = n), !("post_logout_redirect_uri" in t) && r !== null && (t.post_logout_redirect_uri = r);
+	let i = "";
+	for (let [e, n] of Object.entries(t)) n != null && (i === "" ? i += "?" : i += "&", i += `${e}=${encodeURIComponent(n)}`);
+	return `${e}${i}`;
+}, Ee = (e, t, n, r, i) => async (a = void 0, o = null) => {
+	let s = e.configuration, c = await e.initAsync(s.authority, s.authority_configuration);
+	a && typeof a != "string" && (a = void 0, r.warn("callbackPathOrUrl path is not a string"));
+	let l = a ?? i.getPath(), u = !1;
+	a && (u = a.includes("https://") || a.includes("http://"));
+	let d = a === null ? null : u ? a : i.getOrigin() + l, f = e.tokens ? e.tokens.idToken : "";
+	e.isLoggingOut = !0;
 	try {
-		let e = l.revocationEndpoint;
-		if (e) {
-			let n = [], i = t.tokens ? t.tokens.accessToken : null;
-			if (i && c.logout_tokens_to_invalidate.includes(xe.access_token)) {
-				let t = P(s, ":revoke_access_token"), a = fe(r)(e, i, j.access_token, c.client_id, t);
-				n.push(a);
-			}
-			let a = t.tokens ? t.tokens.refreshToken : null;
-			if (a && c.logout_tokens_to_invalidate.includes(xe.refresh_token)) {
-				let t = P(s, ":revoke_refresh_token"), i = fe(r)(e, a, j.refresh_token, c.client_id, t);
-				n.push(i);
+		try {
+			let t = c.revocationEndpoint;
+			if (t) {
+				let r = [], i = e.tokens ? e.tokens.accessToken : null;
+				if (i && s.logout_tokens_to_invalidate.includes(Se.access_token)) {
+					let e = N(o, ":revoke_access_token"), a = pe(n)(t, i, fe.access_token, s.client_id, e);
+					r.push(a);
+				}
+				let a = e.tokens ? e.tokens.refreshToken : null;
+				if (a && s.logout_tokens_to_invalidate.includes(Se.refresh_token)) {
+					let e = N(o, ":revoke_refresh_token"), i = pe(n)(t, a, fe.refresh_token, s.client_id, e);
+					r.push(i);
+				}
+				r.length > 0 && await Promise.all(r);
 			}
-			n.length > 0 && await Promise.all(n);
+		} catch (e) {
+			r.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), r.warn(e);
 		}
-	} catch (e) {
-		i.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), i.warn(e);
+		let a = N(o, ":oidc");
+		if (a && a.no_reload === "true") {
+			await P(e, t)(), e.isLoggingOut = !1;
+			return;
+		}
+		let l = Ce(o);
+		if (c.endSessionEndpoint) {
+			let e = Te(c.endSessionEndpoint, l, f, d);
+			i.open(e);
+		} else i.reload();
+		await P(e, t)();
+	} catch (t) {
+		throw e.isLoggingOut = !1, t;
 	}
-	let m = t.tokens?.idTokenPayload?.sub ?? null;
-	await t.destroyAsync("LOGGED_OUT");
-	for (let [, r] of Object.entries(n)) r === t ? t.publishEvent(e.logout_from_same_tab, {}) : await t.logoutSameTabAsync(t.configuration.client_id, m);
-	let h = P(s, ":oidc");
-	if (h && h.no_reload === "true") return;
-	let g = Se(s);
-	if (l.endSessionEndpoint) {
-		"id_token_hint" in g || (g.id_token_hint = p), !("post_logout_redirect_uri" in g) && o !== null && (g.post_logout_redirect_uri = f);
-		let e = "";
-		for (let [t, n] of Object.entries(g)) n != null && (e === "" ? e += "?" : e += "&", e += `${t}=${encodeURIComponent(n)}`);
-		a.open(`${l.endSessionEndpoint}${e}`);
-	} else a.reload();
 }, F = /* @__PURE__ */ function(e) {
 	return e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e;
-}({}), Te = (e, t, n = !1) => async (...r) => {
+}({}), De = (e, t, n = !1) => async (...r) => {
 	let [i, a, ...o] = r, s = a ? { ...a } : { method: "GET" }, c = new Headers();
 	s.headers && (c = s.headers instanceof Headers ? s.headers : new Headers(s.headers));
-	let l = (await ze({
+	let l = (await Ve({
 		getTokens: () => t.tokens,
 		configuration: {
 			token_automatic_renew_mode: t.configuration.token_automatic_renew_mode,
@@ -932,25 +945,25 @@ var oe = () => {
 		...s,
 		headers: c
 	}, ...o);
-}, Ee = (e) => async (t = !1, n = !1) => {
+}, Oe = (e) => async (t = !1, n = !1) => {
 	if (e.userInfo != null && !t) return e.userInfo;
 	let r = !t && e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);
 	if (r) return e.userInfo = JSON.parse(r), e.userInfo;
 	let i = e.configuration, a = (await e.initAsync(i.authority, i.authority_configuration)).userInfoEndpoint, o = await (async () => {
-		let t = await Te(fetch, e, n)(a);
+		let t = await De(fetch, e, n)(a);
 		return t.status === 200 ? t.json() : null;
 	})();
 	return e.userInfo = o, o && e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`, JSON.stringify(o)), o;
-}, De = () => fetch, I = class {
+}, ke = () => fetch, I = class {
 	constructor(e) {
 		this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
 	}
-}, L = {}, Oe = (e, t = new O()) => (n, r = "default") => (L[r] || (L[r] = new R(n, r, e, t)), L[r]), ke = async (e) => {
+}, L = {}, Ae = (e, t = new O()) => (n, r = "default") => (L[r] || (L[r] = new R(n, r, e, t)), L[r]), je = async (e) => {
 	let { parsedTokens: t, callbackPath: n, extras: r, scope: i } = await e.loginCallbackAsync();
 	return e.timeoutId = z(e, t.expiresAt, r, i), { callbackPath: n };
-}, Ae = (e) => Math.floor(Math.random() * e), R = class t {
+}, Me = (e) => Math.floor(Math.random() * e), R = class t {
 	constructor(e, t = "default", n, r = new O()) {
-		this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
+		this.isLoggingOut = !1, this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.clearSessionPromise = null, this.logoutPromise = null;
 		let i = e.silent_login_uri;
 		e.silent_redirect_uri && !e.silent_login_uri && (i = `${e.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
 		let a = e.refresh_time_before_tokens_expiration_in_second ?? 120;
@@ -968,10 +981,10 @@ var oe = () => {
 			service_worker_activate: e.service_worker_activate ?? oe,
 			demonstrating_proof_of_possession_configuration: e.demonstrating_proof_of_possession_configuration ?? _,
 			preload_user_info: e.preload_user_info ?? !1
-		}, this.getFetch = n ?? De, this.configurationName = t, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
+		}, this.getFetch = n ?? ke, this.configurationName = t, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
 	}
 	subscribeEvents(e) {
-		let t = Ae(9999999999999).toString();
+		let t = Me(9999999999999).toString();
 		return this.events.push({
 			id: t,
 			func: e
@@ -987,20 +1000,23 @@ var oe = () => {
 		});
 	}
 	static {
-		this.getOrCreate = (e, t) => (n, r = "default") => Oe(e, t)(n, r);
+		this.getOrCreate = (e, t) => (n, r = "default") => Ae(e, t)(n, r);
 	}
 	static get(e = "default") {
-		let t = typeof process > "u";
-		if (!Object.prototype.hasOwnProperty.call(L, e) && t) throw Error(`OIDC library does seem initialized.
+		return Object.prototype.hasOwnProperty.call(L, e) ? L[e] : null;
+	}
+	static getOrThrow(e = "default") {
+		let n = t.get(e);
+		if (!n) throw Error(`OIDC library does seem initialized.
 Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> component.`);
-		return L[e];
+		return n;
 	}
 	static {
 		this.eventNames = e;
 	}
 	_silentLoginCallbackFromIFrame() {
 		if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
-			let e = this.location, t = N(e.getCurrentHref());
+			let e = this.location, t = M(e.getCurrentHref());
 			window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({
 				tokens: this.tokens,
 				sessionState: t.session_state
@@ -1009,7 +1025,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 	}
 	_silentLoginErrorCallbackFromIFrame(e = null) {
 		if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
-			let t = this.location, n = N(t.getCurrentHref());
+			let t = this.location, n = M(t.getCurrentHref());
 			n.error ? window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({ error: n.error })}`, t.getOrigin()) : window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({ error: e == null ? "" : e.toString() })}`, t.getOrigin());
 		}
 	}
@@ -1048,14 +1064,14 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 		await d(this, L, this.configuration)(e, t, n, r);
 	}
 	async loginAsync(e = void 0, t = null, n = !1, r = void 0, i = !1) {
-		return this.logoutPromise && await this.logoutPromise, this.loginPromise === null ? (i ? this.loginPromise = u(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(t, r) : this.loginPromise = ye(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, t, n, r), this.loginPromise.finally(() => {
+		return this.logoutPromise && await this.logoutPromise, this.loginPromise === null ? (i ? this.loginPromise = u(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(t, r) : this.loginPromise = be(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, t, n, r), this.loginPromise.finally(() => {
 			this.loginPromise = null;
 		})) : this.loginPromise;
 	}
 	async loginCallbackAsync(e = !1) {
 		if (this.loginCallbackPromise !== null) return this.loginCallbackPromise;
 		let n = async () => {
-			let n = await be(this)(e), r = n.tokens;
+			let n = await xe(this)(e), r = n.tokens;
 			return this.tokens = r, await $(this.configuration, this.configurationName) || i(this.configurationName, this.configuration.storage, this.configuration.login_state_storage ?? this.configuration.storage).setTokens(r), this.publishEvent(t.eventNames.token_acquired, r), this.configuration.preload_user_info && await this.userInfoAsync(), {
 				parsedTokens: r,
 				state: n.state,
@@ -1073,28 +1089,33 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 			ath: await te(e),
 			...r
 		};
-		if (await $(a, this.configurationName)) return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${We(this.configurationName)}`;
+		if (await $(a, this.configurationName)) return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Ke(this.configurationName)}`;
 		let s = i(this.configurationName, a.storage, a.login_state_storage ?? a.storage), c = await s.getDemonstratingProofOfPossessionJwkAsync(), l = s.getDemonstratingProofOfPossessionNonce();
 		return l && (o.nonce = l), await S(window)(a.demonstrating_proof_of_possession_configuration)(c, n, t, o);
 	}
 	loginCallbackWithAutoTokensRenewAsync() {
-		return this.loginCallbackWithAutoTokensRenewPromise === null ? (this.loginCallbackWithAutoTokensRenewPromise = ke(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
+		return this.loginCallbackWithAutoTokensRenewPromise === null ? (this.loginCallbackWithAutoTokensRenewPromise = je(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
 			this.loginCallbackWithAutoTokensRenewPromise = null;
 		})) : this.loginCallbackWithAutoTokensRenewPromise;
 	}
 	userInfoAsync(e = !1, t = !1) {
-		return this.userInfoPromise === null ? (this.userInfoPromise = Ee(this)(e, t), this.userInfoPromise.finally(() => {
+		return this.userInfoPromise === null ? (this.userInfoPromise = Oe(this)(e, t), this.userInfoPromise.finally(() => {
 			this.userInfoPromise = null;
 		})) : this.userInfoPromise;
 	}
 	async renewTokensAsync(e = null, t = null) {
 		if (this.renewTokensPromise !== null) return this.renewTokensPromise;
-		if (this.timeoutId) return c.clearTimeout(this.timeoutId), this.renewTokensPromise = Me(this, !0, e, t), this.renewTokensPromise.finally(() => {
+		if (this.timeoutId) return c.clearTimeout(this.timeoutId), this.renewTokensPromise = Pe(this, !0, e, t), this.renewTokensPromise.finally(() => {
 			this.renewTokensPromise = null;
 		});
 	}
 	async destroyAsync(e) {
-		return await Ce(this)(e);
+		return await we(this)(e);
+	}
+	async clearSessionAsync() {
+		return this.clearSessionPromise ? this.clearSessionPromise : (this.clearSessionPromise = P(this, L)(), this.clearSessionPromise.finally(() => {
+			this.clearSessionPromise = null;
+		}));
 	}
 	async logoutSameTabAsync(t, n) {
 		this.configuration.monitor_session && this.configuration.client_id === t && n && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === n && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(e.logout_from_same_tab, {
@@ -1109,25 +1130,25 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 		}));
 	}
 	async logoutAsync(e = void 0, t = null) {
-		return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = we(this, L, this.getFetch(), console, this.location)(e, t), this.logoutPromise.finally(() => {
+		return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = Ee(this, L, this.getFetch(), console, this.location)(e, t), this.logoutPromise.finally(() => {
 			this.logoutPromise = null;
 		}));
 	}
 };
 //#endregion
 //#region src/renewTokens.ts
-async function je(e, t, n, r = null) {
+async function Ne(e, t, n, r = null) {
 	let { tokens: a, status: o } = await H(e)((t) => {
 		e.tokens = t;
 	}, 0, 0, t, n, r);
 	return await $(e.configuration, e.configurationName) || i(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).setTokens(e.tokens), e.tokens ? a : (await e.destroyAsync(o), null);
 }
-async function Me(e, t = !1, n = null, r = null) {
+async function Pe(e, t = !1, n = null, r = null) {
 	let i = e.configuration, a = `${i.client_id}_${e.configurationName}_${i.authority}`, o, s = await $(e.configuration, e.configurationName);
-	if (i?.storage === window?.sessionStorage && !s || !navigator.locks) o = await je(e, t, n, r);
+	if (i?.storage === window?.sessionStorage && !s || !navigator.locks) o = await Ne(e, t, n, r);
 	else {
 		let i = "retry";
-		for (; i === "retry";) i = await navigator.locks.request(a, { ifAvailable: !0 }, async (i) => i ? await je(e, t, n, r) : (e.publishEvent(R.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), "retry"));
+		for (; i === "retry";) i = await navigator.locks.request(a, { ifAvailable: !0 }, async (i) => i ? await Ne(e, t, n, r) : (e.publishEvent(R.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), "retry"));
 		o = i;
 	}
 	return o ? (e.timeoutId &&= z(e, e.tokens.expiresAt, n, r), e.tokens) : null;
@@ -1136,7 +1157,7 @@ var z = (e, t, n = null, r = null) => {
 	let i = e.configuration.refresh_time_before_tokens_expiration_in_second;
 	return e.timeoutId && c.clearTimeout(e.timeoutId), c.setTimeout(async () => {
 		let a = { timeLeft: K(i, t) };
-		e.publishEvent(R.eventNames.token_timer, a), await Me(e, !1, n, r);
+		e.publishEvent(R.eventNames.token_timer, a), await Pe(e, !1, n, r);
 	}, 1e3);
 }, B = {
 	FORCE_REFRESH: "FORCE_REFRESH",
@@ -1298,9 +1319,9 @@ var z = (e, t, n = null, r = null) => {
 						refresh_token: u.refreshToken
 					}, a = await t.initAsync(v, h.authority_configuration), l = document.hidden ? 1e4 : 3e4 * 10, _ = a.tokenEndpoint, b = {};
 					h.demonstrating_proof_of_possession && (b.DPoP = await t.generateDemonstrationOfProofOfPossessionAsync(u.accessToken, _, "POST"));
-					let x = await pe(t.getFetch())(_, r, y, u, b, h.token_renew_mode, l);
+					let x = await me(t.getFetch())(_, r, y, u, b, h.token_renew_mode, l);
 					if (x.success) {
-						let { isValid: r, reason: o } = Be(x.data, d.nonce, a);
+						let { isValid: r, reason: o } = He(x.data, d.nonce, a);
 						if (!r) return n(null), t.publishEvent(e.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${o}` }), {
 							tokens: null,
 							status: "SESSION_LOST"
@@ -1333,29 +1354,29 @@ var z = (e, t, n = null, r = null) => {
 			}, 1e3);
 		});
 	}
-}, Ne = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), Pe = (e) => JSON.parse(Ne(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), Fe = (e) => {
+}, Fe = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), Ie = (e) => JSON.parse(Fe(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), Le = (e) => {
 	try {
-		return e && Ie(e, ".") === 2 ? Pe(e.split(".")[1]) : null;
+		return e && Re(e, ".") === 2 ? Ie(e.split(".")[1]) : null;
 	} catch (e) {
 		console.warn(e);
 	}
 	return null;
-}, Ie = (e, t) => e.split(t).length - 1, U = {
+}, Re = (e, t) => e.split(t).length - 1, U = {
 	access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
 	access_token_invalid: "access_token_invalid",
 	id_token_invalid: "id_token_invalid"
 };
-function Le(e, t, n) {
+function ze(e, t, n) {
 	return e.issuedAt ? typeof e.issuedAt == "string" ? parseInt(e.issuedAt, 10) : e.issuedAt : t && t.iat ? t.iat : n && n.iat ? n.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
 }
 var W = (e, t = null, n) => {
 	if (!e) return null;
 	let r, i = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
-	r = e.accessTokenPayload === void 0 ? Fe(e.accessToken) : e.accessTokenPayload;
+	r = e.accessTokenPayload === void 0 ? Le(e.accessToken) : e.accessTokenPayload;
 	let a;
 	a = t != null && "idToken" in t && !("idToken" in e) ? t.idToken : e.idToken;
-	let o = e.idTokenPayload ? e.idTokenPayload : Fe(a), s = o && o.exp ? o.exp : Number.MAX_VALUE, c = r && r.exp ? r.exp : e.issuedAt + i;
-	e.issuedAt = Le(e, r, o);
+	let o = e.idTokenPayload ? e.idTokenPayload : Le(a), s = o && o.exp ? o.exp : Number.MAX_VALUE, c = r && r.exp ? r.exp : e.issuedAt + i;
+	e.issuedAt = ze(e, r, o);
 	let l;
 	l = e.expiresAt ? e.expiresAt : n === U.access_token_invalid ? c : n === U.id_token_invalid || s < c ? s : c;
 	let u = {
@@ -1388,7 +1409,7 @@ var W = (e, t = null, n) => {
 }, K = (e, t) => {
 	let n = t - (/* @__PURE__ */ new Date()).getTime() / 1e3;
 	return Math.round(n - e);
-}, Re = (e, t = 0) => e ? K(t, e.expiresAt) > 0 : !1, ze = async (e, t = 200, n = 50) => {
+}, Be = (e, t = 0) => e ? K(t, e.expiresAt) > 0 : !1, Ve = async (e, t = 200, n = 50) => {
 	let r = n, i = await e.syncTokensInfoAsync();
 	for (; [
 		B.REQUIRE_SYNC_TOKENS,
@@ -1402,11 +1423,11 @@ var W = (e, t = null, n) => {
 		--r, i = await e.syncTokensInfoAsync();
 	}
 	return {
-		isTokensValid: Re(e.getTokens()),
+		isTokensValid: Be(e.getTokens()),
 		tokens: e.getTokens(),
 		numberWaited: r - n
 	};
-}, Be = (e, t, n) => {
+}, He = (e, t, n) => {
 	if (e.idTokenPayload) {
 		let r = e.idTokenPayload;
 		if (n.issuer !== r.iss) return {
@@ -1432,25 +1453,25 @@ var W = (e, t = null, n) => {
 		isValid: !0,
 		reason: ""
 	};
-}, Ve = "7.27.15", He = null, q, J = ({ milliseconds: e }) => new Promise((t) => c.setTimeout(t, e)), Ue = (e = "/") => {
+}, Ue = "7.27.17", We = null, q, J = ({ milliseconds: e }) => new Promise((t) => c.setTimeout(t, e)), Ge = (e = "/") => {
 	try {
 		q = new AbortController(), fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: q.signal }).catch((e) => {
 			console.log(e);
-		}), J({ milliseconds: 150 * 1e3 }).then(() => Ue(e));
+		}), J({ milliseconds: 150 * 1e3 }).then(() => Ge(e));
 	} catch (e) {
 		console.log(e);
 	}
 }, Y = () => {
 	q && q.abort();
-}, We = (e) => {
+}, Ke = (e) => {
 	let t = `oidc.tabId.${e}`, n = sessionStorage.getItem(t);
 	if (n) return n;
 	let r = globalThis.crypto.randomUUID();
 	return sessionStorage.setItem(t, r), r;
-}, Ge = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, X = (e, t) => (n) => {
+}, qe = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, X = (e, t) => (n) => {
 	let r = t?.timeoutMs ?? 5e3;
 	return new Promise((t, i) => {
-		let a = Ge(e);
+		let a = qe(e);
 		if (!a) {
 			i(/* @__PURE__ */ Error("Service worker target not available (controller/active/waiting/installing missing)"));
 			return;
@@ -1471,39 +1492,39 @@ var W = (e, t = null, n) => {
 			let e = n?.configurationName;
 			a.postMessage({
 				...n,
-				tabId: We(e ?? "default")
+				tabId: Ke(e ?? "default")
 			}, [o.port2]);
 		} catch (e) {
 			l(), i(e);
 		}
 	});
-}, Ke = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((t) => {
+}, Je = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((t) => {
 	let n = !1, r = () => {
 		n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
 	};
 	navigator.serviceWorker.addEventListener("controllerchange", r), c.setTimeout(() => {
 		n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
 	}, e);
-}), qe = !1, Z = !1, Q = /* @__PURE__ */ new Map(), Je = "oidc.sw.controllerchange_reload_count", Ye = 3, Xe = () => {
+}), Ye = !1, Z = !1, Q = /* @__PURE__ */ new Map(), Xe = "oidc.sw.controllerchange_reload_count", Ze = 3, Qe = () => {
 	try {
-		return parseInt(sessionStorage.getItem(Je) ?? "0", 10);
+		return parseInt(sessionStorage.getItem(Xe) ?? "0", 10);
 	} catch {
 		return 0;
 	}
-}, Ze = () => {
-	let e = Xe() + 1;
+}, $e = () => {
+	let e = Qe() + 1;
 	try {
-		sessionStorage.setItem(Je, String(e));
+		sessionStorage.setItem(Xe, String(e));
 	} catch {}
 	return e;
-}, Qe = () => {
+}, et = () => {
 	try {
-		sessionStorage.removeItem(Je);
+		sessionStorage.removeItem(Xe);
 	} catch {}
 }, $ = async (e, t) => {
 	let n = e.service_worker_relative_url;
 	if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n || e.service_worker_activate() === !1) return null;
-	let r = `${n}?v=${Ve}`, i = null;
+	let r = `${n}?v=${Ue}`, i = null;
 	e.service_worker_register ? (Q.has(n) || Q.set(n, e.service_worker_register(n)), i = await Q.get(n)) : (Q.has(r) || Q.set(r, navigator.serviceWorker.register(r, { updateViaCache: "none" })), i = await Q.get(r));
 	let a = `oidc.sw.version_mismatch_reload.${t}`, o = async (e) => {
 		Y(), console.log("New SW waiting – SKIP_WAITING");
@@ -1526,7 +1547,7 @@ var W = (e, t = null, n) => {
 						type: "SKIP_WAITING",
 						configurationName: t,
 						data: null,
-						tabId: We(t ?? "default")
+						tabId: Ke(t ?? "default")
 					}, [i.port2]);
 				} catch (e) {
 					o(), r(e);
@@ -1541,7 +1562,7 @@ var W = (e, t = null, n) => {
 	}, l = (e) => {
 		Y(), e.addEventListener("statechange", async () => {
 			if (e.state === "installed" && navigator.serviceWorker.controller) {
-				if (Xe() >= Ye) {
+				if (Qe() >= Ze) {
 					console.warn("SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted");
 					return;
 				}
@@ -1552,7 +1573,7 @@ var W = (e, t = null, n) => {
 	i.addEventListener("updatefound", () => {
 		let e = i.installing;
 		e && l(e);
-	}), i.installing ? l(i.installing) : i.waiting && navigator.serviceWorker.controller && (Xe() < Ye ? s() : console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")), i.update().catch((e) => {
+	}), i.installing ? l(i.installing) : i.waiting && navigator.serviceWorker.controller && (Qe() < Ze ? s() : console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")), i.update().catch((e) => {
 		console.error(e);
 	});
 	try {
@@ -1560,14 +1581,14 @@ var W = (e, t = null, n) => {
 			type: "claim",
 			configurationName: t,
 			data: null
-		}), await Ke(2e3));
+		}), await Je(2e3));
 	} catch (e) {
 		return console.warn(`Failed init ServiceWorker ${e?.toString?.() ?? String(e)}`), null;
 	}
-	qe || (qe = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
+	Ye || (Ye = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
 		if (Z) return;
-		let e = Ze();
-		if (e > Ye) {
+		let e = $e();
+		if (e > Ze) {
 			console.warn(`SW controllerchange: reload budget exhausted (${e - 1} reloads). Skipping reload to avoid infinite loop.`);
 			return;
 		}
@@ -1590,8 +1611,8 @@ var W = (e, t = null, n) => {
 			},
 			configurationName: t
 		}), c = o.version;
-		if (c !== "7.27.15") {
-			console.warn(`Service worker ${c} version mismatch with js client version ${Ve}, unregistering and reloading`);
+		if (c !== "7.27.17") {
+			console.warn(`Service worker ${c} version mismatch with js client version ${Ue}, unregistering and reloading`);
 			let e = parseInt(sessionStorage.getItem(a) ?? "0", 10);
 			if (e < 3) {
 				if (sessionStorage.setItem(a, String(e + 1)), i.waiting) return await s(), await J({ milliseconds: 500 }), Z || (Z = !0, window.location.reload()), new Promise(() => {});
@@ -1606,13 +1627,13 @@ var W = (e, t = null, n) => {
 					return console.log(`Service worker unregistering ${e}`), await J({ milliseconds: 500 }), Z || (Z = !0, window.location.reload()), new Promise(() => {});
 				}
 			} else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`);
-		} else sessionStorage.removeItem(a), Qe();
+		} else sessionStorage.removeItem(a), et();
 		return {
 			tokens: G(o.tokens, null, r.token_renew_mode),
 			status: o.status
 		};
 	}, f = (e = "/") => {
-		He ?? (He = "not_null", Ue(e));
+		We ?? (We = "not_null", Ge(e));
 	}, p = (e) => X(i)({
 		type: "setSessionState",
 		data: { sessionState: e },
@@ -1718,11 +1739,11 @@ var W = (e, t = null, n) => {
 			configurationName: e.configurationName ?? t
 		})
 	};
-}, $e = async (e, t, n, r) => {
+}, tt = async (e, t, n, r) => {
 	let i = await $(e, t);
 	if (!i) throw Error(`signalServiceWorkerAsync: no service worker registered for configuration "${t}"`);
 	return i.signalAsync(n, r);
-}, et = class e {
+}, nt = class e {
 	constructor(e) {
 		this._oidc = e;
 	}
@@ -1739,7 +1760,11 @@ var W = (e, t = null, n) => {
 		this.getOrCreate = (t, n = new O()) => (r, i = "default") => new e(R.getOrCreate(t, n)(r, i));
 	}
 	static get(t = "default") {
-		return new e(R.get(t));
+		let n = R.get(t);
+		return n ? new e(n) : null;
+	}
+	static getOrThrow(t = "default") {
+		return new e(R.getOrThrow(t));
 	}
 	static {
 		this.eventNames = R.eventNames;
@@ -1753,6 +1778,12 @@ var W = (e, t = null, n) => {
 	logoutAsync(e = void 0, t = null) {
 		return this._oidc.logoutAsync(e, t);
 	}
+	clearSessionAsync() {
+		return this._oidc.clearSessionAsync();
+	}
+	get isLoggingOut() {
+		return this._oidc.isLoggingOut === !0;
+	}
 	silentLoginCallbackAsync() {
 		return this._oidc.silentLoginCallbackAsync();
 	}
@@ -1773,7 +1804,7 @@ var W = (e, t = null, n) => {
 	}
 	async getValidTokenAsync(e = 200, t = 50) {
 		let n = this._oidc;
-		return ze({
+		return Ve({
 			getTokens: () => n.tokens,
 			configuration: {
 				token_automatic_renew_mode: n.configuration.token_automatic_renew_mode,
@@ -1787,7 +1818,7 @@ var W = (e, t = null, n) => {
 		}, e, t);
 	}
 	fetchWithTokens(e, t = !1) {
-		return Te(e, this._oidc, t);
+		return De(e, this._oidc, t);
 	}
 	async userInfoAsync(e = !1, t = !1) {
 		return this._oidc.userInfoAsync(e, t);
@@ -1796,9 +1827,9 @@ var W = (e, t = null, n) => {
 		return this._oidc.userInfo;
 	}
 	async signalServiceWorker(e, t) {
-		return $e(this._oidc.configuration, this._oidc.configurationName, e, t);
+		return tt(this._oidc.configuration, this._oidc.configurationName, e, t);
 	}
-}, tt = "1.0.0", nt = {
+}, rt = "1.0.0", it = {
 	SKIP_WAITING: "SKIP_WAITING",
 	CLAIM: "claim",
 	CLEAR: "clear",
@@ -1815,18 +1846,18 @@ var W = (e, t = null, n) => {
 	GET_DPOP_NONCE: "getDemonstratingProofOfPossessionNonce",
 	SET_DPOP_JWK: "setDemonstratingProofOfPossessionJwk",
 	GET_DPOP_JWK: "getDemonstratingProofOfPossessionJwk"
-}, rt = {
+}, at = {
 	ACCESS_TOKEN: "ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER",
 	REFRESH_TOKEN: "REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER",
 	NONCE_TOKEN: "NONCE_SECURED_BY_OIDC_SERVICE_WORKER",
 	CODE_VERIFIER: "CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER"
-}, it = "DPOP_SECURED_BY_OIDC_SERVICE_WORKER", at = {
+}, ot = "DPOP_SECURED_BY_OIDC_SERVICE_WORKER", st = {
 	TAB_ID: "oidc.tabId.",
 	STATE: "oidc.state.",
 	NONCE: "oidc.nonce.",
 	CODE_VERIFIER: "oidc.code_verifier.",
 	LOGIN_PARAMS: "oidc.login.",
 	SW_VERSION_MISMATCH_RELOAD: "oidc.sw.version_mismatch_reload."
-}, ot = "oidc.sw.controllerchange_reload_count", st = (e, t) => `${e}${t}`, ct = (e, t, n = "default") => `${e}_${t}#tabId=${n}`, lt = (e, t = "default") => `${it}_${e}#tabId=${t}`, ut = (e) => typeof e == "string" ? Object.values(nt).includes(e) : !1;
+}, ct = "oidc.sw.controllerchange_reload_count", lt = (e, t) => `${e}${t}`, ut = (e, t, n = "default") => `${e}_${t}#tabId=${n}`, dt = (e, t = "default") => `${ot}_${e}#tabId=${t}`, ft = (e) => typeof e == "string" ? Object.values(it).includes(e) : !1;
 //#endregion
-export { it as DPOP_TOKEN_PLACEHOLDER_PREFIX, et as OidcClient, O as OidcLocation, tt as PROTOCOL_VERSION, at as STORAGE_KEY_PREFIX, ot as SW_CONTROLLER_CHANGE_RELOAD_COUNT_KEY, nt as ServiceWorkerMessageType, rt as TOKEN_PLACEHOLDERS, F as TokenAutomaticRenewMode, U as TokenRenewMode, lt as buildDpopSecuredPlaceholder, ct as buildSecuredTokenPlaceholder, st as buildStorageKey, De as getFetchDefault, N as getParseQueryStringFromLocation, _e as getPath, ut as isServiceWorkerMessageType, $e as signalServiceWorkerAsync };
+export { ot as DPOP_TOKEN_PLACEHOLDER_PREFIX, nt as OidcClient, O as OidcLocation, rt as PROTOCOL_VERSION, st as STORAGE_KEY_PREFIX, ct as SW_CONTROLLER_CHANGE_RELOAD_COUNT_KEY, it as ServiceWorkerMessageType, at as TOKEN_PLACEHOLDERS, F as TokenAutomaticRenewMode, U as TokenRenewMode, dt as buildDpopSecuredPlaceholder, ut as buildSecuredTokenPlaceholder, lt as buildStorageKey, ke as getFetchDefault, M as getParseQueryStringFromLocation, ve as getPath, ft as isServiceWorkerMessageType, tt as signalServiceWorkerAsync };