@axa-fr/oidc-client 7.27.17 → 7.27.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/README.md +35 -0
  2. package/dist/index.d.ts +1 -0
  3. package/dist/index.d.ts.map +1 -1
  4. package/dist/index.js +253 -230
  5. package/dist/index.umd.cjs +2 -2
  6. package/dist/initWorker.d.ts +1 -0
  7. package/dist/initWorker.d.ts.map +1 -1
  8. package/dist/initWorkerAbortError.spec.d.ts +2 -0
  9. package/dist/initWorkerAbortError.spec.d.ts.map +1 -0
  10. package/dist/login.d.ts.map +1 -1
  11. package/dist/login.spec.d.ts +2 -0
  12. package/dist/login.spec.d.ts.map +1 -0
  13. package/dist/oidcStateError.d.ts +33 -0
  14. package/dist/oidcStateError.d.ts.map +1 -0
  15. package/dist/oidcStateError.spec.d.ts +2 -0
  16. package/dist/oidcStateError.spec.d.ts.map +1 -0
  17. package/dist/version.d.ts +1 -1
  18. package/package.json +2 -2
  19. package/src/index.ts +1 -0
  20. package/src/initWorker.ts +37 -17
  21. package/src/initWorkerAbortError.spec.ts +147 -0
  22. package/src/login.spec.ts +151 -0
  23. package/src/login.ts +23 -2
  24. package/src/oidcStateError.spec.ts +33 -0
  25. package/src/oidcStateError.ts +50 -0
  26. package/src/renewTokens.ts +13 -0
  27. package/src/version.ts +1 -1
package/dist/index.umd.cjs CHANGED
@@ -1,2 +1,2 @@
1
- (function(e,t){typeof exports==`object`&&typeof module<`u`?t(exports):typeof define==`function`&&define.amd?define([`exports`],t):(e=typeof globalThis<`u`?globalThis:e||self,t(e[`oidc-client`]={}))})(this,function(e){Object.defineProperty(e,Symbol.toStringTag,{value:`Module`});var t={service_worker_not_supported_by_browser:`service_worker_not_supported_by_browser`,token_acquired:`token_acquired`,logout_from_another_tab:`logout_from_another_tab`,logout_from_same_tab:`logout_from_same_tab`,token_renewed:`token_renewed`,token_timer:`token_timer`,loginAsync_begin:`loginAsync_begin`,loginAsync_error:`loginAsync_error`,loginCallbackAsync_begin:`loginCallbackAsync_begin`,loginCallbackAsync_end:`loginCallbackAsync_end`,loginCallbackAsync_error:`loginCallbackAsync_error`,loginCallbackAsync_navigated:`loginCallbackAsync_navigated`,loginCallbackAsync_navigation_error:`loginCallbackAsync_navigation_error`,refreshTokensAsync_begin:`refreshTokensAsync_begin`,refreshTokensAsync:`refreshTokensAsync`,refreshTokensAsync_end:`refreshTokensAsync_end`,refreshTokensAsync_error:`refreshTokensAsync_error`,refreshTokensAsync_silent_error:`refreshTokensAsync_silent_error`,tryKeepExistingSessionAsync_begin:`tryKeepExistingSessionAsync_begin`,tryKeepExistingSessionAsync_end:`tryKeepExistingSessionAsync_end`,tryKeepExistingSessionAsync_error:`tryKeepExistingSessionAsync_error`,silentLoginAsync_begin:`silentLoginAsync_begin`,silentLoginAsync:`silentLoginAsync`,silentLoginAsync_end:`silentLoginAsync_end`,silentLoginAsync_error:`silentLoginAsync_error`,syncTokensAsync_begin:`syncTokensAsync_begin`,syncTokensAsync_lock_not_available:`syncTokensAsync_lock_not_available`,syncTokensAsync_end:`syncTokensAsync_end`,syncTokensAsync_error:`syncTokensAsync_error`,tokensInvalidAndWaitingActionsToRefresh:`tokensInvalidAndWaitingActionsToRefresh`,loadingTimeout_error:`loadingTimeout_error`},n=(e,t,n)=>{if(n==null){delete e[t];return}e[t]=JSON.stringify(n)},r=(e,t,n)=>{if(n==null){delete e[t];return}e[t]=n},i=e=>{if(typeof e!=`string`||e===`undefined`||e===`null`||e===``)return null;try{return JSON.parse(e)}catch{return null}},a=(e,t=sessionStorage,a)=>{let o=a??t,s=r=>(n(t,`oidc.${e}`,{tokens:null,status:r}),delete t[`oidc.${e}.userInfo`],a&&a!==t&&(delete o[`oidc.login.${e}`],delete o[`oidc.state.${e}`],delete o[`oidc.code_verifier.${e}`],delete o[`oidc.nonce.${e}`]),Promise.resolve()),c=async()=>{let r=i(t[`oidc.${e}`]);return r?Promise.resolve({tokens:r.tokens,status:r.status}):(n(t,`oidc.${e}`,{tokens:null,status:null}),{tokens:null,status:null})},l=r=>{n(t,`oidc.${e}`,{tokens:r})},u=async n=>{r(t,`oidc.session_state.${e}`,n)},d=async()=>t[`oidc.session_state.${e}`],f=t=>{r(o,`oidc.nonce.${e}`,t?.nonce)},p=r=>{n(t,`oidc.jwk.${e}`,r)},m=()=>i(t[`oidc.jwk.${e}`]),h=async()=>({nonce:o[`oidc.nonce.${e}`]}),g=async n=>{r(t,`oidc.dpop_nonce.${e}`,n)},_=()=>t[`oidc.dpop_nonce.${e}`],v=()=>{let n=i(t[`oidc.${e}`]);return n?JSON.stringify({tokens:n.tokens}):null},y={};return{clearAsync:s,initAsync:c,setTokens:l,getTokens:v,setSessionStateAsync:u,getSessionStateAsync:d,setNonceAsync:f,getNonceAsync:h,setLoginParams:t=>{if(t==null){delete y[e],delete o[`oidc.login.${e}`];return}y[e]=t,n(o,`oidc.login.${e}`,t)},getLoginParams:()=>{if(y[e])return y[e];let t=i(o[`oidc.login.${e}`]);return t===null?(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null):(y[e]=t,t)},getStateAsync:async()=>o[`oidc.state.${e}`],setStateAsync:async t=>{r(o,`oidc.state.${e}`,t)},getCodeVerifierAsync:async()=>o[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async t=>{r(o,`oidc.code_verifier.${e}`,t)},setDemonstratingProofOfPossessionNonce:g,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:p,getDemonstratingProofOfPossessionJwkAsync:m}},o=2e3,s=console,c=class{constructor(e,t,n,r=o,i=!0){this._callback=e,this._client_id=t,this._url=n,this._interval=r||o,this._stopOnError=i;let a=n.indexOf(`/`,n.indexOf(`//`)+2);this._frame_origin=n.substring(0,a),this._frame=window.document.createElement(`iframe`),this._frame.style.visibility=`hidden`,this._frame.style.position=`absolute`,this._frame.style.display=`none`,this._frame.width=0,this._frame.height=0,this._frame.src=n}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener(`message`,this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data===`error`?(s.error(`CheckSessionIFrame: error message from check session op iframe`),this._stopOnError&&this.stop()):e.data===`changed`?(s.debug(e),s.debug(`CheckSessionIFrame: changed message from check session op iframe`),this.stop(),this._callback()):s.debug(`CheckSessionIFrame: `+e.data+` message from check session op iframe`))}start(e){s.debug(`CheckSessionIFrame.start :`+e),this.stop();let t=()=>{this._frame.contentWindow.postMessage(this._client_id+` `+e,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&=(s.debug(`CheckSessionIFrame.stop`),window.clearInterval(this._timer),null)}},l=(function(){let e=typeof window>`u`?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),u=(e,n,r)=>(i=null,a=null,o=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{r(t.silentLoginAsync_begin,{});let s=``;if(a&&(i??={},i.state=a),o!=null&&(i??={},i.scope=o),i!=null)for(let[e,t]of Object.entries(i))t!=null&&(s===``?s=`?${encodeURIComponent(e)}=${encodeURIComponent(t)}`:s+=`&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);let c=n.silent_login_uri+s,l=c.indexOf(`/`,c.indexOf(`//`)+2),u=c.substring(0,l),d=document.createElement(`iframe`);return d.width=`0px`,d.height=`0px`,d.id=`${e}_oidc_iframe`,d.setAttribute(`src`,c),d.style.display=`none`,document.body.appendChild(d),new Promise((i,a)=>{let o=!1,s=()=>{window.removeEventListener(`message`,c),d.remove(),o=!0},c=n=>{if(n.origin===u&&n.source===d.contentWindow){let c=`${e}_oidc_tokens:`,l=`${e}_oidc_error:`,u=`${e}_oidc_exception:`,d=n.data;if(d&&typeof d==`string`&&!o){if(d.startsWith(c)){let e=JSON.parse(n.data.replace(c,``));r(t.silentLoginAsync_end,{}),i(e),s()}else if(d.startsWith(l)){let e=JSON.parse(n.data.replace(l,``));r(t.silentLoginAsync_error,e),i({error:`oidc_`+e.error,tokens:null,sessionState:null}),s()}else if(d.startsWith(u)){let e=JSON.parse(n.data.replace(u,``));r(t.silentLoginAsync_error,e),a(Error(e.error)),s()}}}};try{window.addEventListener(`message`,c);let e=n.silent_login_timeout;setTimeout(()=>{o||(s(),r(t.silentLoginAsync_error,{reason:`timeout`}),a(Error(`timeout`)))},e)}catch(e){s(),r(t.silentLoginAsync_error,e),a(e)}})}catch(e){throw r(t.silentLoginAsync_error,e),e}},d=(e,n,r,i,a)=>(e=null,o=void 0)=>{e={...e};let s=(e,t,o)=>u(n,r,i.bind(a))(e,t,o);return(async()=>{a.timeoutId&&l.clearTimeout(a.timeoutId);let n;e&&`state`in e&&(n=e.state,delete e.state);try{let c=await s({...r.extras?{...r.extras,...e}:e,prompt:`none`},n,o);if(c)return a.tokens=c.tokens,i(t.token_acquired,{}),a.timeoutId=z(a,a.tokens.expiresAt,e,o),{}}catch(e){return e}})()},f=(e,t,n)=>(r,i,a,o=!1)=>{let s=(t,r=void 0,i=void 0)=>u(e.configurationName,n,e.publishEvent.bind(e))(t,r,i);return new Promise((l,u)=>{n.silent_login_uri&&n.silent_redirect_uri&&n.monitor_session&&r&&a&&!o?(e.checkSessionIFrame=new c(()=>{e.checkSessionIFrame.stop();let r=e.tokens;if(r===null)return;let i=r.idToken,a=r.idTokenPayload;return s({prompt:`none`,id_token_hint:i,scope:n.scope||`openid`}).then(t=>{if(t.error)throw Error(t.error);let n=t.tokens.idTokenPayload;if(a.sub===n.sub){let r=t.sessionState;e.checkSessionIFrame.start(t.sessionState),a.sid===n.sid?console.debug(`SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:`,r):console.debug(`SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:`,r)}else console.debug(`SessionMonitor._callback: Different subject signed into OP:`,n.sub)}).catch(async e=>{console.warn(`SessionMonitor._callback: Silent login failed, logging out other tabs:`,e);for(let[,e]of Object.entries(t))await e.logoutOtherTabAsync(n.client_id,a.sub)})},i,r),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(a),l(e.checkSessionIFrame)}).catch(e=>{u(e)})):l(null)})};function p(e){return new TextEncoder().encode(e)}function m(e){return btoa(e).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=+/g,``)}function h(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(e,t){return String.fromCharCode(parseInt(t,16))})}var g=e=>{let t=``;return e.forEach(function(e){t+=String.fromCharCode(e)}),m(t)};function _(e){return m(h(e))}var v={importKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`,hash:{name:`ES256`}},signAlgorithm:{name:`ECDSA`,hash:{name:`SHA-256`}},generateKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`},digestAlgorithm:{name:`SHA-256`},jwtHeaderAlgorithm:`ES256`},y={sign:e=>async(t,n,r,i,a=`dpop+jwt`)=>{switch(t=Object.assign({},t),n.typ=a,n.alg=i.jwtHeaderAlgorithm,n.alg){case`ES256`:n.jwk={kty:t.kty,crv:t.crv,x:t.x,y:t.y};break;case`RS256`:n.jwk={kty:t.kty,n:t.n,e:t.e,kid:n.kid};break;default:throw Error(`Unknown or not implemented JWS algorithm`)}let o={protected:_(JSON.stringify(n)),payload:_(JSON.stringify(r))},s=i.importKeyAlgorithm,c=await e.crypto.subtle.importKey(`jwk`,t,s,!0,[`sign`]),l=p(`${o.protected}.${o.payload}`),u=i.signAlgorithm,d=await e.crypto.subtle.sign(u,c,l);return o.signature=g(new Uint8Array(d)),`${o.protected}.${o.payload}.${o.signature}`}},b={generate:e=>async t=>{let n=t,r=await e.crypto.subtle.generateKey(n,!0,[`sign`,`verify`]);return await e.crypto.subtle.exportKey(`jwk`,r.privateKey)},neuter:e=>{let t=Object.assign({},e);return delete t.d,t.key_ops=[`verify`],t}},x={thumbprint:e=>async(t,n)=>{let r;switch(t.kty){case`EC`:r=`{"crv":"CRV","kty":"EC","x":"X","y":"Y"}`.replace(`CRV`,t.crv).replace(`X`,t.x).replace(`Y`,t.y);break;case`RSA`:r=`{"e":"E","kty":"RSA","n":"N"}`.replace(`E`,t.e).replace(`N`,t.n);break;default:throw Error(`Unknown or not implemented JWK type`)}let i=await e.crypto.subtle.digest(n,p(r));return g(new Uint8Array(i))}},ee=e=>async t=>await b.generate(e)(t),S=e=>t=>async(n,r=`POST`,i,a={})=>{let o={jti:btoa(C()),htm:r,htu:i,iat:Math.round(Date.now()/1e3),...a},s=await x.thumbprint(e)(n,t.digestAlgorithm);return await y.sign(e)(n,{kid:s},o,t)},C=()=>{let e=`xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx`,t=`0123456789abcdef`,n=0,r=``;for(let i=0;i<36;i++)e[i]!==`-`&&e[i]!==`4`&&(n=Math.random()*16|0),e[i]===`x`?r+=t[n]:e[i]===`y`?(n&=3,n|=8,r+=t[n]):r+=e[i];return r},w=()=>{let e=typeof window<`u`&&!!window.crypto;return{hasCrypto:e,hasSubtleCrypto:e&&!!window.crypto.subtle}},T=`ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`,E=e=>{let t=[];for(let n=0;n<e.byteLength;n+=1){let r=e[n]%62;t.push(T[r])}return t.join(``)},D=e=>{let t=new Uint8Array(e),{hasCrypto:n}=w();if(n)window.crypto.getRandomValues(t);else for(let n=0;n<e;n+=1)t[n]=Math.random()*62|0;return E(t)};function te(e){let t=new ArrayBuffer(e.length),n=new Uint8Array(t);for(let t=0;t<e.length;t++)n[t]=e.charCodeAt(t);return n}function ne(e){return new Promise((t,n)=>{crypto.subtle.digest(`SHA-256`,te(e)).then(e=>t(g(new Uint8Array(e))),e=>n(e))})}var re=e=>{if(e.length<43||e.length>128)return Promise.reject(Error(`Invalid code length.`));let{hasSubtleCrypto:t}=w();return t?ne(e):Promise.reject(Error(`window.crypto.subtle is unavailable.`))},ie=e=>!!(e.os===`iOS`&&e.osVersion.startsWith(`12`)||e.os===`Mac OS X`&&e.osVersion.startsWith(`10_15_6`)),ae=e=>{let t=e.appVersion,n=e.userAgent,r=`-`,i=[{s:`Windows 10`,r:/(Windows 10.0|Windows NT 10.0)/},{s:`Windows 8.1`,r:/(Windows 8.1|Windows NT 6.3)/},{s:`Windows 8`,r:/(Windows 8|Windows NT 6.2)/},{s:`Windows 7`,r:/(Windows 7|Windows NT 6.1)/},{s:`Windows Vista`,r:/Windows NT 6.0/},{s:`Windows Server 2003`,r:/Windows NT 5.2/},{s:`Windows XP`,r:/(Windows NT 5.1|Windows XP)/},{s:`Windows 2000`,r:/(Windows NT 5.0|Windows 2000)/},{s:`Windows ME`,r:/(Win 9x 4.90|Windows ME)/},{s:`Windows 98`,r:/(Windows 98|Win98)/},{s:`Windows 95`,r:/(Windows 95|Win95|Windows_95)/},{s:`Windows NT 4.0`,r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:`Windows CE`,r:/Windows CE/},{s:`Windows 3.11`,r:/Win16/},{s:`Android`,r:/Android/},{s:`Open BSD`,r:/OpenBSD/},{s:`Sun OS`,r:/SunOS/},{s:`Chrome OS`,r:/CrOS/},{s:`Linux`,r:/(Linux|X11(?!.*CrOS))/},{s:`iOS`,r:/(iPhone|iPad|iPod)/},{s:`Mac OS X`,r:/Mac OS X/},{s:`Mac OS`,r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:`QNX`,r:/QNX/},{s:`UNIX`,r:/UNIX/},{s:`BeOS`,r:/BeOS/},{s:`OS/2`,r:/OS\/2/},{s:`Search Bot`,r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(let e in i){let t=i[e];if(t.r.test(n)){r=t.s;break}}let a=`-`;switch(/Windows/.test(r)&&(a=/Windows (.*)/.exec(r)[1],r=`Windows`),r){case`Mac OS`:case`Mac OS X`:case`Android`:a=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];break;case`iOS`:{let e=/OS (\d+)_(\d+)_?(\d+)?/.exec(t);e!=null&&e.length>2&&(a=e[1]+`.`+e[2]+`.`+(parseInt(e[3])|0));break}}return{os:r,osVersion:a}};function oe(){let e=navigator.userAgent,t,n=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(n[1]))return t=/\brv[ :]+(\d+)/g.exec(e)||[],{name:`ie`,version:t[1]||``};if(n[1]===`Chrome`&&(t=e.match(/\bOPR|Edge\/(\d+)/),t!=null)){let n=t[1];if(!n){let r=e.split(t[0]+`/`);r.length>1&&(n=r[1])}return{name:`opera`,version:n}}return n=n[2]?[n[1],n[2]]:[navigator.appName,navigator.appVersion,`-?`],(t=e.match(/version\/(\d+)/i))!=null&&n.splice(1,1,t[1]),{name:n[0].toLowerCase(),version:n[1]}}var se=()=>{let{name:e,version:t}=oe();return e===`chrome`&&parseInt(t)<=70||e===`opera`&&(!t||parseInt(t.split(`.`)[0])<80)||e===`ie`?!1:!ie(ae(navigator))},ce=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(t.tryKeepExistingSessionAsync_begin,{});try{let r=e.configuration,i=await e.initAsync(r.authority,r.authority_configuration);if(n=await $(r,e.configurationName),n){let{tokens:a}=await n.initAsync(i,`tryKeepExistingSessionAsync`,r);if(a){n.startKeepAliveServiceWorker(),e.tokens=a;let o=n.getLoginParams(e.configurationName);e.timeoutId=z(e,e.tokens.expiresAt,o.extras,o.scope);let s=await n.getSessionStateAsync();return await e.startCheckSessionAsync(i.checkSessionIframe,r.client_id,s),r.preload_user_info&&await e.userInfoAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside ServiceWorker are valid`}),!0}e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!1,message:`no exiting session found`})}else{r.service_worker_relative_url&&e.publishEvent(t.service_worker_not_supported_by_browser,{message:`service worker is not supported by this browser`});let n=a(e.configurationName,r.storage??sessionStorage,r.login_state_storage??r.storage??sessionStorage),{tokens:o}=await n.initAsync();if(o){e.tokens=W(o,null,r.token_renew_mode);let a=n.getLoginParams();e.timeoutId=z(e,e.tokens.expiresAt,a.extras,a.scope);let s=await n.getSessionStateAsync();return await e.startCheckSessionAsync(i.checkSessionIframe,r.client_id,s),r.preload_user_info&&await e.userInfoAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside storage are valid`}),!0}}return e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!1,message:n?`service worker sessions not retrieved`:`session storage sessions not retrieved`}),!1}catch(r){return console.error(r),n&&await n.clearAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_error,`tokens inside ServiceWorker are invalid`),!1}},O=class{open(e){window.location.href=e}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){let e=window.location;return e.pathname+(e.search||``)+(e.hash||``)}getOrigin(){return window.origin}},k={},le=(e,t=window.sessionStorage,n)=>{if(!k[e]&&t){let n=t.getItem(e);n&&(k[e]=JSON.parse(n))}let r=1e3*n;return k[e]&&k[e].timestamp+r>Date.now()?k[e].result:null},ue=(e,t,n=window.sessionStorage)=>{let r=Date.now();k[e]={result:t,timestamp:r},n&&n.setItem(e,JSON.stringify({result:t,timestamp:r}))},de=3600,fe=e=>async(t,n=de,r=window.sessionStorage,i=1e4)=>{let a=`${t}/.well-known/openid-configuration`,o=`oidc.server:${t}`,s=le(o,r,n);if(s)return new I(s);let c=await A(e)(a,{},i);if(c.status!==200)return null;let l=await c.json();return ue(o,l,r),new I(l)},A=e=>async(t,n={},r=1e4,i=0)=>{let a;try{let i=new AbortController;setTimeout(()=>i.abort(),r),a=await e(t,{...n,signal:i.signal})}catch(a){if(a.name===`AbortError`||a.message===`Network request failed`){if(i<=1)return await A(e)(t,n,r,i+1);throw a}else throw console.error(a.message),a}return a},pe={refresh_token:`refresh_token`,access_token:`access_token`},me=e=>async(t,n,r=pe.refresh_token,i,a={},o=1e4)=>{let s={token:n,token_type_hint:r,client_id:i};for(let[e,t]of Object.entries(a))s[e]===void 0&&(s[e]=t);let c=[];for(let e in s){let t=encodeURIComponent(e),n=encodeURIComponent(s[e]);c.push(`${t}=${n}`)}let l=c.join(`&`);return(await A(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`},body:l},o)).status===200?{success:!0}:{success:!1}},he=e=>async(t,n,r,i,a={},o,s=1e4)=>{for(let[e,t]of Object.entries(r))n[e]===void 0&&(n[e]=t);let c=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);c.push(`${t}=${r}`)}let l=c.join(`&`),u=await A(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...a},body:l},s);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};let d=await u.json(),f=null;return u.headers.has(j)&&(f=u.headers.get(j)),{success:!0,status:u.status,data:Ve(d,i,o),demonstratingProofOfPossessionNonce:f}},ge=(e,t)=>async(n,r)=>{r=r?{...r}:{};let i=D(128),a=await re(i);await e.setCodeVerifierAsync(i),await e.setStateAsync(r.state),r.code_challenge=a,r.code_challenge_method=`S256`;let o=``;if(r)for(let[e,t]of Object.entries(r))o===``?o+=`?`:o+=`&`,o+=`${e}=${encodeURIComponent(t)}`;t.open(`${n}${o}`)},j=`DPoP-Nonce`,_e=e=>async(t,n,r,i,a=1e4)=>{n=n?{...n}:{},n.code_verifier=await e.getCodeVerifierAsync();let o=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);o.push(`${t}=${r}`)}let s=o.join(`&`),c=await A(fetch)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...r},body:s},a);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let l=null;c.headers.has(j)&&(l=c.headers.get(j));let u=await c.json();return{success:!0,data:{state:n.state,tokens:Ve(u,null,i),demonstratingProofOfPossessionNonce:l}}},ve=e=>{let t=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!t)throw Error(`Invalid URL`);let n=t[6],r=t[7];if(r){let e=r.split(`?`);e.length===2&&(r=e[0],n=e[1])}return n.startsWith(`?`)&&(n=n.slice(1)),t&&{href:e,protocol:t[1],host:t[2],hostname:t[3],port:t[4],path:t[5],search:n,hash:r}},ye=e=>{let t=ve(e),{path:n}=t;n.endsWith(`/`)&&(n=n.slice(0,-1));let{hash:r}=t;return r===`#_=_`&&(r=``),r&&(n+=r),n},M=e=>{let{search:t}=ve(e);return be(t)},be=e=>{let t={},n,r,i,a=e.split(`&`);for(r=0,i=a.length;r<i;r++)n=a[r].split(`=`),t[decodeURIComponent(n[0])]=decodeURIComponent(n[1]);return t},xe=(e,n,r,i,o)=>(s=void 0,c=null,l=!1,u=void 0)=>{let d=c;return c={...c},(async()=>{let f=s||o.getPath();if(`state`in c||(c.state=D(16)),r(t.loginAsync_begin,{}),c)for(let e of Object.keys(c))e.endsWith(`:token_request`)&&delete c[e];try{let t=l?n.silent_redirect_uri:n.redirect_uri;u||=n.scope;let r=n.extras?{...n.extras,...c}:c;r.nonce||=D(12);let s={nonce:r.nonce},p=await $(n,e),m=await i(n.authority,n.authority_configuration),h;if(p)p.setLoginParams({callbackPath:f,extras:d,scope:u}),await p.initAsync(m,`loginAsync`,n),await p.setNonceAsync(s),p.startKeepAliveServiceWorker(),h=p;else{let t=a(e,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage);t.setLoginParams({callbackPath:f,extras:d,scope:u}),await t.setNonceAsync(s),h=t}let g={client_id:n.client_id,redirect_uri:t,scope:u,response_type:`code`,...r};await ge(h,o)(m.authorizationEndpoint,g)}catch(e){throw r(t.loginAsync_error,e),e}})()},Se=e=>async(n=!1)=>{try{e.publishEvent(t.loginCallbackAsync_begin,{});let r=e.configuration,i=r.client_id,o=n?r.silent_redirect_uri:r.redirect_uri,s=r.authority,c=r.token_request_timeout,l=await e.initAsync(s,r.authority_configuration),u=M(e.location.getCurrentHref()),d=u.session_state,f=await $(r,e.configurationName),p,m,h,g;if(f)await f.initAsync(l,`loginCallbackAsync`,r),await f.setSessionStateAsync(d),m=await f.getNonceAsync(),h=f.getLoginParams(),g=await f.getStateAsync(),f.startKeepAliveServiceWorker(),p=f;else{let t=a(e.configurationName,r.storage??sessionStorage,r.login_state_storage??r.storage??sessionStorage);await t.setSessionStateAsync(d),m=await t.getNonceAsync(),h=t.getLoginParams(),g=await t.getStateAsync(),p=t}if(u.error||u.error_description)throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==l.issuer)throw console.error(),Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);if(u.state&&u.state!==g)throw Error(`State not valid (expected: ${g}, received: ${u.state})`);let _={code:u.code,grant_type:`authorization_code`,client_id:r.client_id,redirect_uri:o},v={};if(r.token_request_extras)for(let[e,t]of Object.entries(r.token_request_extras))v[e]=t;if(h?.extras)for(let[e,t]of Object.entries(h.extras))e.endsWith(`:token_request`)&&(v[e.replace(`:token_request`,``)]=t);let y=l.tokenEndpoint,b={};if(r.demonstrating_proof_of_possession)if(f)b.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{let t=await ee(window)(r.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await a(e.configurationName,r.storage,r.login_state_storage??r.storage).setDemonstratingProofOfPossessionJwkAsync(t),b.DPoP=await S(window)(r.demonstrating_proof_of_possession_configuration)(t,`POST`,y)}let x=await _e(p)(y,{..._,...v},b,e.configuration.token_renew_mode,c);if(!x.success)throw Error(`Token request failed`);let C,w=x.data.tokens,T=x.data.demonstratingProofOfPossessionNonce;if(x.data.state!==v.state)throw Error(`state is not valid`);let{isValid:E,reason:D}=We(w,m.nonce,l);if(!E)throw Error(`Tokens are not OpenID valid, reason: ${D}`);if(f){if(w.refreshToken&&!w.refreshToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Refresh token should be hidden by service worker`);if(T&&w?.accessToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Demonstration of proof of possession require Access token not hidden by service worker`)}if(f)await f.initAsync(l,`syncTokensAsync`,r),C=f.getLoginParams(),T&&await f.setDemonstratingProofOfPossessionNonce(T);else{let t=a(e.configurationName,r.storage,r.login_state_storage??r.storage);C=t.getLoginParams(),T&&await t.setDemonstratingProofOfPossessionNonce(T)}return await e.startCheckSessionAsync(l.checkSessionIframe,i,d,n),e.publishEvent(t.loginCallbackAsync_end,{}),{tokens:w,state:`request.state`,callbackPath:C.callbackPath,scope:u.scope,extras:C.extras}}catch(n){throw console.error(n),e.publishEvent(t.loginCallbackAsync_error,n),n}},Ce={access_token:`access_token`,refresh_token:`refresh_token`},N=(e,t)=>{let n={};if(e){for(let[r,i]of Object.entries(e))if(r.endsWith(t)){let e=r.replace(t,``);n[e]=i}return n}return n},we=e=>{let t={};if(e){for(let[n,r]of Object.entries(e))n.includes(`:`)||(t[n]=r);return t}return t},Te=e=>async t=>{l.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();let n=await $(e.configuration,e.configurationName);n?await n.clearAsync(t):await a(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).clearAsync(t),e.tokens=null,e.userInfo=null},P=(e,n)=>async()=>{let r=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync(`LOGGED_OUT`);for(let[,i]of Object.entries(n))i===e?e.publishEvent(t.logout_from_same_tab,{}):await e.logoutSameTabAsync(e.configuration.client_id,r)},Ee=(e,t,n,r)=>{`id_token_hint`in t||(t.id_token_hint=n),!(`post_logout_redirect_uri`in t)&&r!==null&&(t.post_logout_redirect_uri=r);let i=``;for(let[e,n]of Object.entries(t))n!=null&&(i===``?i+=`?`:i+=`&`,i+=`${e}=${encodeURIComponent(n)}`);return`${e}${i}`},De=(e,t,n,r,i)=>async(a=void 0,o=null)=>{let s=e.configuration,c=await e.initAsync(s.authority,s.authority_configuration);a&&typeof a!=`string`&&(a=void 0,r.warn(`callbackPathOrUrl path is not a string`));let l=a??i.getPath(),u=!1;a&&(u=a.includes(`https://`)||a.includes(`http://`));let d=a===null?null:u?a:i.getOrigin()+l,f=e.tokens?e.tokens.idToken:``;e.isLoggingOut=!0;try{try{let t=c.revocationEndpoint;if(t){let r=[],i=e.tokens?e.tokens.accessToken:null;if(i&&s.logout_tokens_to_invalidate.includes(Ce.access_token)){let e=N(o,`:revoke_access_token`),a=me(n)(t,i,pe.access_token,s.client_id,e);r.push(a)}let a=e.tokens?e.tokens.refreshToken:null;if(a&&s.logout_tokens_to_invalidate.includes(Ce.refresh_token)){let e=N(o,`:revoke_refresh_token`),i=me(n)(t,a,pe.refresh_token,s.client_id,e);r.push(i)}r.length>0&&await Promise.all(r)}}catch(e){r.warn(`logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error`),r.warn(e)}let a=N(o,`:oidc`);if(a&&a.no_reload===`true`){await P(e,t)(),e.isLoggingOut=!1;return}let l=we(o);if(c.endSessionEndpoint){let e=Ee(c.endSessionEndpoint,l,f,d);i.open(e)}else i.reload();await P(e,t)()}catch(t){throw e.isLoggingOut=!1,t}},F=function(e){return e.AutomaticBeforeTokenExpiration=`AutomaticBeforeTokensExpiration`,e.AutomaticOnlyWhenFetchExecuted=`AutomaticOnlyWhenFetchExecuted`,e}({}),Oe=(e,t,n=!1)=>async(...r)=>{let[i,a,...o]=r,s=a?{...a}:{method:`GET`},c=new Headers;s.headers&&(c=s.headers instanceof Headers?s.headers:new Headers(s.headers));let l=(await Ue({getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await V(t)(t.configuration,t.configurationName,t.tokens,!1);return e},renewTokensAsync:t.renewTokensAsync.bind(t)}))?.tokens?.accessToken;if(c.has(`Accept`)||c.set(`Accept`,`application/json`),l){if(t.configuration.demonstrating_proof_of_possession&&n){let e=await t.generateDemonstrationOfProofOfPossessionAsync(l,i.toString(),s.method);c.set(`Authorization`,`DPoP ${l}`),c.set(`DPoP`,e)}else c.set(`Authorization`,`Bearer ${l}`);s.credentials||=`same-origin`}return await e(i,{...s,headers:c},...o)},ke=e=>async(t=!1,n=!1)=>{if(e.userInfo!=null&&!t)return e.userInfo;let r=!t&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(r)return e.userInfo=JSON.parse(r),e.userInfo;let i=e.configuration,a=(await e.initAsync(i.authority,i.authority_configuration)).userInfoEndpoint,o=await(async()=>{let t=await Oe(fetch,e,n)(a);return t.status===200?t.json():null})();return e.userInfo=o,o&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(o)),o},Ae=()=>fetch,I=class{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}},L={},je=(e,t=new O)=>(n,r=`default`)=>(L[r]||(L[r]=new R(n,r,e,t)),L[r]),Me=async e=>{let{parsedTokens:t,callbackPath:n,extras:r,scope:i}=await e.loginCallbackAsync();return e.timeoutId=z(e,t.expiresAt,r,i),{callbackPath:n}},Ne=e=>Math.floor(Math.random()*e),R=class e{constructor(e,t=`default`,n,r=new O){this.isLoggingOut=!1,this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.clearSessionPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace(`-callback`,``).replace(`callback`,``)}-login`);let a=e.refresh_time_before_tokens_expiration_in_second??120;a>60&&(a-=Math.floor(Math.random()*40)),this.location=r??new O,this.configuration={...e,silent_login_uri:i,token_automatic_renew_mode:e.token_automatic_renew_mode??F.AutomaticBeforeTokenExpiration,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:a,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??U.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??[`access_token`,`refresh_token`],service_worker_activate:e.service_worker_activate??se,demonstrating_proof_of_possession_configuration:e.demonstrating_proof_of_possession_configuration??v,preload_user_info:e.preload_user_info??!1},this.getFetch=n??Ae,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){let t=Ne(9999999999999).toString();return this.events.push({id:t,func:e}),t}removeEventSubscription(e){let t=this.events.filter(t=>t.id!==e);this.events=t}publishEvent(e,t){this.events.forEach(n=>{n.func(e,t)})}static{this.getOrCreate=(e,t)=>(n,r=`default`)=>je(e,t)(n,r)}static get(e=`default`){return Object.prototype.hasOwnProperty.call(L,e)?L[e]:null}static getOrThrow(t=`default`){let n=e.get(t);if(!n)throw Error(`OIDC library does seem initialized.
2
- Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${t}"></OidcProvider> component.`);return n}static{this.eventNames=t}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let e=this.location,t=M(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(e=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let t=this.location,n=M(t.getCurrentHref());n.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:n.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:e==null?``:e.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame(e)}}async initAsync(e,t){if(this.initPromise!==null)return this.initPromise;let n=async()=>{if(t!=null)return new I({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});let n=await $(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await fe(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??3600,n,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=n(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise===null?(this.tryKeepExistingSessionPromise=ce(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null})):this.tryKeepExistingSessionPromise}async startCheckSessionAsync(e,t,n,r=!1){await f(this,L,this.configuration)(e,t,n,r)}async loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise===null?(i?this.loginPromise=d(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,r):this.loginPromise=xe(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,t,n,r),this.loginPromise.finally(()=>{this.loginPromise=null})):this.loginPromise}async loginCallbackAsync(t=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;let n=async()=>{let n=await Se(this)(t),r=n.tokens;return this.tokens=r,await $(this.configuration,this.configurationName)||a(this.configurationName,this.configuration.storage,this.configuration.login_state_storage??this.configuration.storage).setTokens(r),this.publishEvent(e.eventNames.token_acquired,r),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:r,state:n.state,callbackPath:n.callbackPath,scope:n.scope,extras:n.extras}};return this.loginCallbackPromise=n(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){let i=this.configuration,o={ath:await ne(e),...r};if(await $(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Je(this.configurationName)}`;let s=a(this.configurationName,i.storage,i.login_state_storage??i.storage),c=await s.getDemonstratingProofOfPossessionJwkAsync(),l=s.getDemonstratingProofOfPossessionNonce();return l&&(o.nonce=l),await S(window)(i.demonstrating_proof_of_possession_configuration)(c,n,t,o)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise===null?(this.loginCallbackWithAutoTokensRenewPromise=Me(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null})):this.loginCallbackWithAutoTokensRenewPromise}userInfoAsync(e=!1,t=!1){return this.userInfoPromise===null?(this.userInfoPromise=ke(this)(e,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null})):this.userInfoPromise}async renewTokensAsync(e=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return l.clearTimeout(this.timeoutId),this.renewTokensPromise=Fe(this,!0,e,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(e){return await Te(this)(e)}async clearSessionAsync(){return this.clearSessionPromise?this.clearSessionPromise:(this.clearSessionPromise=P(this,L)(),this.clearSessionPromise.finally(()=>{this.clearSessionPromise=null}))}async logoutSameTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(t.logout_from_same_tab,{mmessage:`SessionMonitor`,sub:n}))}async logoutOtherTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(t.logout_from_another_tab,{message:`SessionMonitor`,sub:n}))}async logoutAsync(e=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=De(this,L,this.getFetch(),console,this.location)(e,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};async function Pe(e,t,n,r=null){let{tokens:i,status:o}=await H(e)(t=>{e.tokens=t},0,0,t,n,r);return await $(e.configuration,e.configurationName)||a(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(o),null)}async function Fe(e,t=!1,n=null,r=null){let i=e.configuration,a=`${i.client_id}_${e.configurationName}_${i.authority}`,o,s=await $(e.configuration,e.configurationName);if(i?.storage===window?.sessionStorage&&!s||!navigator.locks)o=await Pe(e,t,n,r);else{let i=`retry`;for(;i===`retry`;)i=await navigator.locks.request(a,{ifAvailable:!0},async i=>i?await Pe(e,t,n,r):(e.publishEvent(R.eventNames.syncTokensAsync_lock_not_available,{lock:`lock not available`}),`retry`));o=i}return o?(e.timeoutId&&=z(e,e.tokens.expiresAt,n,r),e.tokens):null}var z=(e,t,n=null,r=null)=>{let i=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&l.clearTimeout(e.timeoutId),l.setTimeout(async()=>{let a={timeLeft:G(i,t)};e.publishEvent(R.eventNames.token_timer,a),await Fe(e,!1,n,r)},1e3)},B={FORCE_REFRESH:`FORCE_REFRESH`,SESSION_LOST:`SESSION_LOST`,NOT_CONNECTED:`NOT_CONNECTED`,TOKENS_VALID:`TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID`,LOGOUT_FROM_ANOTHER_TAB:`LOGOUT_FROM_ANOTHER_TAB`,REQUIRE_SYNC_TOKENS:`REQUIRE_SYNC_TOKENS`,TOKENS_INVALID:`TOKENS_INVALID`},V=e=>async(t,n,r,i=!1)=>{let o={nonce:null};if(!r)return{tokens:null,status:B.NOT_CONNECTED,nonce:o};let s,c=await e.initAsync(t.authority,t.authority_configuration),l=await $(t,n);if(l){let{status:e,tokens:n}=await l.initAsync(c,`syncTokensAsync`,t);if(e===`LOGGED_OUT`)return{tokens:null,status:B.LOGOUT_FROM_ANOTHER_TAB,nonce:o};if(e===`SESSIONS_LOST`)return{tokens:null,status:B.SESSION_LOST,nonce:o};if(!e||!n)return{tokens:null,status:B.REQUIRE_SYNC_TOKENS,nonce:o};if(n.issuedAt!==r.issuedAt)return{tokens:n,status:G(t.refresh_time_before_tokens_expiration_in_second,n.expiresAt)>0?B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,nonce:await l.getNonceAsync()};s=await l.getNonceAsync()}else{let i=a(n,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage),c=await i.initAsync(),{tokens:l}=c,{status:u}=c;if(l&&=W(l,e.tokens,t.token_renew_mode),!l)return{tokens:null,status:B.LOGOUT_FROM_ANOTHER_TAB,nonce:o};if(u===`SESSIONS_LOST`)return{tokens:null,status:B.SESSION_LOST,nonce:o};if(l.issuedAt!==r.issuedAt){let e=G(t.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,n=await i.getNonceAsync();return{tokens:l,status:e,nonce:n}}s=await i.getNonceAsync()}let u=G(t.refresh_time_before_tokens_expiration_in_second,r.expiresAt)>0?`TOKENS_VALID`:`TOKENS_INVALID`;return i?{tokens:r,status:`FORCE_REFRESH`,nonce:s}:{tokens:r,status:u,nonce:s}},H=e=>async(n,r=0,i=0,o=!1,s=null,c=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:`GIVE_UP`};let l=6,d=o?2:5;for(;!navigator.onLine&&l>0;)await q({milliseconds:1e3}),l--,e.publishEvent(t.refreshTokensAsync,{message:`wait because navigator is offline try ${l}`});let f=document.hidden,p=f?r:r+1,m=f?i+1:i;if(r>=d||i>=5)return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token`}),{tokens:null,status:`SESSION_LOST`};s||={};let h=e.configuration,g=(t,n=null,r=null)=>u(e.configurationName,e.configuration,e.publishEvent.bind(e))(t,n,r),_=async()=>{try{let r,i=await $(h,e.configurationName);r=i?i.getLoginParams():a(e.configurationName,h.storage,h.login_state_storage??h.storage).getLoginParams();let o={};if(r&&r.extras)for(let[e,t]of Object.entries(r.extras))t!=null&&(o[e]=t);if(s)for(let[e,t]of Object.entries(s))t!=null&&(o[e]=t);o.prompt=`none`,c&&(o.scope=c);let l=await g(o);return l?l.error?(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token silent`}),{tokens:null,status:`SESSION_LOST`}):(n(l.tokens),e.publishEvent(R.eventNames.token_renewed,{}),{tokens:l.tokens,status:`LOGGED`}):(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token silent not active`}),{tokens:null,status:`SESSION_LOST`})}catch(r){return console.error(r),e.publishEvent(t.refreshTokensAsync_silent_error,{message:`exceptionSilent`,exception:r.message}),await H(e)(n,p,m,o,s,c)}};try{let{status:l,tokens:u,nonce:d}=await V(e)(h,e.configurationName,e.tokens,o);switch(l){case B.SESSION_LOST:return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token session lost`}),{tokens:null,status:`SESSION_LOST`};case B.NOT_CONNECTED:return n(null),{tokens:null,status:null};case B.TOKENS_VALID:return n(u),{tokens:u,status:`LOGGED_IN`};case B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(u),e.publishEvent(R.eventNames.token_renewed,{reason:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`}),{tokens:u,status:`LOGGED_IN`};case B.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(t.logout_from_another_tab,{status:`session syncTokensAsync`}),{tokens:null,status:`LOGGED_OUT`};case B.REQUIRE_SYNC_TOKENS:return h.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(t.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`}):(e.publishEvent(t.refreshTokensAsync_begin,{tryNumber:r}),await _());default:{if(h.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted&&B.FORCE_REFRESH!==l)return e.publishEvent(t.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`};if(e.publishEvent(t.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:r,backgroundTry:i}),!u.refreshToken)return await _();let f=h.client_id,g=h.redirect_uri,v=h.authority,y={...h.token_request_extras?h.token_request_extras:{}};for(let[e,t]of Object.entries(s))e.endsWith(`:token_request`)&&(y[e.replace(`:token_request`,``)]=t);return await(async()=>{let r={client_id:f,redirect_uri:g,grant_type:`refresh_token`,refresh_token:u.refreshToken},i=await e.initAsync(v,h.authority_configuration),l=document.hidden?1e4:3e4*10,_=i.tokenEndpoint,b={};h.demonstrating_proof_of_possession&&(b.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,_,`POST`));let x=await he(e.getFetch())(_,r,y,u,b,h.token_renew_mode,l);if(x.success){let{isValid:r,reason:o}=We(x.data,d.nonce,i);if(!r)return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${o}`}),{tokens:null,status:`SESSION_LOST`};if(n(x.data),x.demonstratingProofOfPossessionNonce){let t=await $(h,e.configurationName);t?await t.setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce):await a(e.configurationName,h.storage,h.login_state_storage??h.storage).setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce)}return e.publishEvent(t.refreshTokensAsync_end,{success:x.success}),e.publishEvent(R.eventNames.token_renewed,{reason:`REFRESH_TOKEN`}),{tokens:x.data,status:`LOGGED_IN`}}else return e.publishEvent(t.refreshTokensAsync_silent_error,{message:`bad request`,tokenResponse:x}),x.status>=400&&x.status<500?(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`session lost: ${x.status}`}),{tokens:null,status:`SESSION_LOST`}):await H(e)(n,p,m,o,s,c)})()}}}catch(r){return console.error(r),e.publishEvent(t.refreshTokensAsync_silent_error,{message:`exception`,exception:r.message}),new Promise((t,r)=>{setTimeout(()=>{H(e)(n,p,m,o,s,c).then(t).catch(r)},1e3)})}},Ie=e=>decodeURIComponent(Array.prototype.map.call(atob(e),e=>`%`+(`00`+e.charCodeAt(0).toString(16)).slice(-2)).join(``)),Le=e=>JSON.parse(Ie(e.replaceAll(/-/g,`+`).replaceAll(/_/g,`/`))),Re=e=>{try{return e&&ze(e,`.`)===2?Le(e.split(`.`)[1]):null}catch(e){console.warn(e)}return null},ze=(e,t)=>e.split(t).length-1,U={access_token_or_id_token_invalid:`access_token_or_id_token_invalid`,access_token_invalid:`access_token_invalid`,id_token_invalid:`id_token_invalid`};function Be(e,t,n){return e.issuedAt?typeof e.issuedAt==`string`?parseInt(e.issuedAt,10):e.issuedAt:t&&t.iat?t.iat:n&&n.iat?n.iat:new Date().getTime()/1e3}var W=(e,t=null,n)=>{if(!e)return null;let r,i=typeof e.expiresIn==`string`?parseInt(e.expiresIn,10):e.expiresIn;r=e.accessTokenPayload===void 0?Re(e.accessToken):e.accessTokenPayload;let a;a=t!=null&&`idToken`in t&&!(`idToken`in e)?t.idToken:e.idToken;let o=e.idTokenPayload?e.idTokenPayload:Re(a),s=o&&o.exp?o.exp:Number.MAX_VALUE,c=r&&r.exp?r.exp:e.issuedAt+i;e.issuedAt=Be(e,r,o);let l;l=e.expiresAt?e.expiresAt:n===U.access_token_invalid?c:n===U.id_token_invalid||s<c?s:c;let u={...e,idTokenPayload:o,accessTokenPayload:r,expiresAt:l,idToken:a};if(t!=null&&`refreshToken`in t&&!(`refreshToken`in e)){let e=t.refreshToken;return{...u,refreshToken:e}}return u},Ve=(e,t,n)=>{if(!e)return null;e.issued_at||=new Date().getTime()/1e3;let r={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return`refresh_token`in e&&(r.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(r.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(r.idTokenPayload=e.idTokenPayload),W(r,t,n)},G=(e,t)=>{let n=t-new Date().getTime()/1e3;return Math.round(n-e)},He=(e,t=0)=>e?G(t,e.expiresAt)>0:!1,Ue=async(e,t=200,n=50)=>{let r=n,i=await e.syncTokensInfoAsync();for(;[B.REQUIRE_SYNC_TOKENS,B.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,B.TOKENS_INVALID].includes(i)&&r>0;){if(e.configuration.token_automatic_renew_mode==F.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await q({milliseconds:t});--r,i=await e.syncTokensInfoAsync()}return{isTokensValid:He(e.getTokens()),tokens:e.getTokens(),numberWaited:r-n}},We=(e,t,n)=>{if(e.idTokenPayload){let r=e.idTokenPayload;if(n.issuer!==r.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`};let i=new Date().getTime()/1e3;if(r.exp&&r.exp<i)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`};let a=3600*24*7;if(r.iat&&r.iat+a<i)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat+a} < (currentTimeUnixSecond) ${i}`};if(r.nonce&&r.nonce!==t)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`}}return{isValid:!0,reason:``}},Ge=`7.27.17`,Ke=null,K,q=({milliseconds:e})=>new Promise(t=>l.setTimeout(t,e)),qe=(e=`/`)=>{try{K=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:K.signal}).catch(e=>{console.log(e)}),q({milliseconds:150*1e3}).then(()=>qe(e))}catch(e){console.log(e)}},J=()=>{K&&K.abort()},Je=e=>{let t=`oidc.tabId.${e}`,n=sessionStorage.getItem(t);if(n)return n;let r=globalThis.crypto.randomUUID();return sessionStorage.setItem(t,r),r},Ye=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,Y=(e,t)=>n=>{let r=t?.timeoutMs??5e3;return new Promise((t,i)=>{let a=Ye(e);if(!a){i(Error(`Service worker target not available (controller/active/waiting/installing missing)`));return}let o=new MessageChannel,s=null,c=()=>{try{s!=null&&(l.clearTimeout(s),s=null),o.port1.onmessage=null,o.port1.close(),o.port2.close()}catch(e){console.error(e)}};s=l.setTimeout(()=>{c(),i(Error(`Service worker did not respond within ${r}ms (type=${n?.type})`))},r),o.port1.onmessage=e=>{c(),e?.data?.error?i(e.data.error):t(e.data)};try{let e=n?.configurationName;a.postMessage({...n,tabId:Je(e??`default`)},[o.port2])}catch(e){c(),i(e)}})},Xe=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(t=>{let n=!1,r=()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener(`controllerchange`,r),l.setTimeout(()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))},e)}),Ze=!1,X=!1,Z=new Map,Qe=`oidc.sw.controllerchange_reload_count`,Q=3,$e=()=>{try{return parseInt(sessionStorage.getItem(Qe)??`0`,10)}catch{return 0}},et=()=>{let e=$e()+1;try{sessionStorage.setItem(Qe,String(e))}catch{}return e},tt=()=>{try{sessionStorage.removeItem(Qe)}catch{}},$=async(e,t)=>{let n=e.service_worker_relative_url;if(typeof window>`u`||typeof navigator>`u`||!navigator.serviceWorker||!n||e.service_worker_activate()===!1)return null;let r=`${n}?v=${Ge}`,i=null;e.service_worker_register?(Z.has(n)||Z.set(n,e.service_worker_register(n)),i=await Z.get(n)):(Z.has(r)||Z.set(r,navigator.serviceWorker.register(r,{updateViaCache:`none`})),i=await Z.get(r));let a=`oidc.sw.version_mismatch_reload.${t}`,o=async e=>{J(),console.log(`New SW waiting – SKIP_WAITING`);try{await new Promise((n,r)=>{let i=new MessageChannel,a=null,o=()=>{try{a!=null&&(l.clearTimeout(a),a=null),i.port1.onmessage=null,i.port1.close(),i.port2.close()}catch(e){console.error(e)}};a=l.setTimeout(()=>{o(),r(Error(`SKIP_WAITING did not respond within 8000ms`))},8e3),i.port1.onmessage=e=>{o(),e?.data?.error?r(e.data.error):n()};try{e.postMessage({type:`SKIP_WAITING`,configurationName:t,data:null,tabId:Je(t??`default`)},[i.port2])}catch(e){o(),r(e)}})}catch(e){console.warn(`SKIP_WAITING failed`,e)}},s=async()=>{let e=i.waiting;e?await o(e):console.warn(`sendSkipWaiting called but no waiting service worker found`)},c=e=>{J(),e.addEventListener(`statechange`,async()=>{if(e.state===`installed`&&navigator.serviceWorker.controller){if($e()>=Q){console.warn(`SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted`);return}await o(e)}})};i.addEventListener(`updatefound`,()=>{let e=i.installing;e&&c(e)}),i.installing?c(i.installing):i.waiting&&navigator.serviceWorker.controller&&($e()<Q?s():console.warn(`SW: a waiting worker exists but reload budget is exhausted – skipping activation`)),i.update().catch(e=>{console.error(e)});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await Y(i,{timeoutMs:8e3})({type:`claim`,configurationName:t,data:null}),await Xe(2e3))}catch(e){return console.warn(`Failed init ServiceWorker ${e?.toString?.()??String(e)}`),null}Ze||(Ze=!0,navigator.serviceWorker.addEventListener(`controllerchange`,()=>{if(X)return;let e=et();if(e>Q){console.warn(`SW controllerchange: reload budget exhausted (${e-1} reloads). Skipping reload to avoid infinite loop.`);return}X=!0,console.log(`SW controller changed – reloading page`),J(),window.location.reload()}));let u=async e=>Y(i)({type:`clear`,data:{status:e},configurationName:t}),d=async(e,n,r)=>{let o=await Y(i)({type:`init`,data:{oidcServerConfiguration:e,where:n,oidcConfiguration:{token_renew_mode:r.token_renew_mode,service_worker_convert_all_requests_to_cors:r.service_worker_convert_all_requests_to_cors}},configurationName:t}),c=o.version;if(c!==`7.27.17`){console.warn(`Service worker ${c} version mismatch with js client version ${Ge}, unregistering and reloading`);let e=parseInt(sessionStorage.getItem(a)??`0`,10);if(e<3){if(sessionStorage.setItem(a,String(e+1)),i.waiting)return await s(),await q({milliseconds:500}),X||(X=!0,window.location.reload()),new Promise(()=>{});{J();try{await i.update()}catch(e){console.error(e)}let e=await i.unregister();return console.log(`Service worker unregistering ${e}`),await q({milliseconds:500}),X||(X=!0,window.location.reload()),new Promise(()=>{})}}else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`)}else sessionStorage.removeItem(a),tt();return{tokens:Ve(o.tokens,null,r.token_renew_mode),status:o.status}},f=(e=`/`)=>{Ke??(Ke=`not_null`,qe(e))},p=e=>Y(i)({type:`setSessionState`,data:{sessionState:e},configurationName:t}),m=async()=>(await Y(i)({type:`getSessionState`,data:null,configurationName:t})).sessionState,h=e=>(sessionStorage[`oidc.nonce.${t}`]=e.nonce,Y(i)({type:`setNonce`,data:{nonce:e},configurationName:t})),g=async(e=!0)=>{let n=(await Y(i)({type:`getNonce`,data:null,configurationName:t})).nonce;return n||(n=sessionStorage[`oidc.nonce.${t}`],console.warn(`nonce not found in service worker, using sessionStorage`),e&&(await h(n),n=(await g(!1)).nonce)),{nonce:n}},_={},v=e=>{if(e==null){delete _[t],delete localStorage[`oidc.login.${t}`];return}_[t]=e,localStorage[`oidc.login.${t}`]=JSON.stringify(e)},y=()=>{if(_[t])return _[t];let e=localStorage[`oidc.login.${t}`];if(typeof e!=`string`||e===``||e===`undefined`||e===`null`)return null;try{_[t]=JSON.parse(e)}catch{return null}return _[t]},b=async e=>{await Y(i)({type:`setDemonstratingProofOfPossessionNonce`,data:{demonstratingProofOfPossessionNonce:e},configurationName:t})},x=async()=>(await Y(i)({type:`getDemonstratingProofOfPossessionNonce`,data:null,configurationName:t})).demonstratingProofOfPossessionNonce,ee=async e=>{let n=JSON.stringify(e);await Y(i)({type:`setDemonstratingProofOfPossessionJwk`,data:{demonstratingProofOfPossessionJwkJson:n},configurationName:t})},S=async()=>{let e=await Y(i)({type:`getDemonstratingProofOfPossessionJwk`,data:null,configurationName:t});return e.demonstratingProofOfPossessionJwkJson?JSON.parse(e.demonstratingProofOfPossessionJwkJson):null},C=async(e=!0)=>{let n=(await Y(i)({type:`getState`,data:null,configurationName:t})).state;return n||(n=sessionStorage[`oidc.state.${t}`],console.warn(`state not found in service worker, using sessionStorage`),e&&(await w(n),n=await C(!1))),n},w=async e=>(sessionStorage[`oidc.state.${t}`]=e,Y(i)({type:`setState`,data:{state:e},configurationName:t})),T=async(e=!0)=>{let n=(await Y(i)({type:`getCodeVerifier`,data:null,configurationName:t})).codeVerifier;return n||(n=sessionStorage[`oidc.code_verifier.${t}`],console.warn(`codeVerifier not found in service worker, using sessionStorage`),e&&(await E(n),n=await T(!1))),n},E=async e=>(sessionStorage[`oidc.code_verifier.${t}`]=e,Y(i)({type:`setCodeVerifier`,data:{codeVerifier:e},configurationName:t}));return{clearAsync:u,initAsync:d,startKeepAliveServiceWorker:()=>f(e.service_worker_keep_alive_path),setSessionStateAsync:p,getSessionStateAsync:m,setNonceAsync:h,getNonceAsync:g,setLoginParams:v,getLoginParams:y,getStateAsync:C,setStateAsync:w,getCodeVerifierAsync:T,setCodeVerifierAsync:E,setDemonstratingProofOfPossessionNonce:b,getDemonstratingProofOfPossessionNonce:x,setDemonstratingProofOfPossessionJwkAsync:ee,getDemonstratingProofOfPossessionJwkAsync:S,signalAsync:(e,n)=>Y(i,n)({...e,configurationName:e.configurationName??t})}},nt=async(e,t,n,r)=>{let i=await $(e,t);if(!i)throw Error(`signalServiceWorkerAsync: no service worker registered for configuration "${t}"`);return i.signalAsync(n,r)},rt=class e{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,t){this._oidc.publishEvent(e,t)}static{this.getOrCreate=(t,n=new O)=>(r,i=`default`)=>new e(R.getOrCreate(t,n)(r,i))}static get(t=`default`){let n=R.get(t);return n?new e(n):null}static getOrThrow(t=`default`){return new e(R.getOrThrow(t))}static{this.eventNames=R.eventNames}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this._oidc.loginAsync(e,t,n,r,i)}logoutAsync(e=void 0,t=null){return this._oidc.logoutAsync(e,t)}clearSessionAsync(){return this._oidc.clearSessionAsync()}get isLoggingOut(){return this._oidc.isLoggingOut===!0}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null,t=null){return this._oidc.renewTokensAsync(e,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,t,n,r)}async getValidTokenAsync(e=200,t=50){let n=this._oidc;return Ue({getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await V(n)(n.configuration,n.configurationName,n.tokens,!1);return e},renewTokensAsync:n.renewTokensAsync.bind(n)},e,t)}fetchWithTokens(e,t=!1){return Oe(e,this._oidc,t)}async userInfoAsync(e=!1,t=!1){return this._oidc.userInfoAsync(e,t)}userInfo(){return this._oidc.userInfo}async signalServiceWorker(e,t){return nt(this._oidc.configuration,this._oidc.configurationName,e,t)}},it=`1.0.0`,at={SKIP_WAITING:`SKIP_WAITING`,CLAIM:`claim`,CLEAR:`clear`,INIT:`init`,SET_STATE:`setState`,GET_STATE:`getState`,SET_CODE_VERIFIER:`setCodeVerifier`,GET_CODE_VERIFIER:`getCodeVerifier`,SET_SESSION_STATE:`setSessionState`,GET_SESSION_STATE:`getSessionState`,SET_NONCE:`setNonce`,GET_NONCE:`getNonce`,SET_DPOP_NONCE:`setDemonstratingProofOfPossessionNonce`,GET_DPOP_NONCE:`getDemonstratingProofOfPossessionNonce`,SET_DPOP_JWK:`setDemonstratingProofOfPossessionJwk`,GET_DPOP_JWK:`getDemonstratingProofOfPossessionJwk`},ot={ACCESS_TOKEN:`ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER`,REFRESH_TOKEN:`REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER`,NONCE_TOKEN:`NONCE_SECURED_BY_OIDC_SERVICE_WORKER`,CODE_VERIFIER:`CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER`},st=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER`;e.DPOP_TOKEN_PLACEHOLDER_PREFIX=st,e.OidcClient=rt,e.OidcLocation=O,e.PROTOCOL_VERSION=it,e.STORAGE_KEY_PREFIX={TAB_ID:`oidc.tabId.`,STATE:`oidc.state.`,NONCE:`oidc.nonce.`,CODE_VERIFIER:`oidc.code_verifier.`,LOGIN_PARAMS:`oidc.login.`,SW_VERSION_MISMATCH_RELOAD:`oidc.sw.version_mismatch_reload.`},e.SW_CONTROLLER_CHANGE_RELOAD_COUNT_KEY=`oidc.sw.controllerchange_reload_count`,e.ServiceWorkerMessageType=at,e.TOKEN_PLACEHOLDERS=ot,e.TokenAutomaticRenewMode=F,e.TokenRenewMode=U,e.buildDpopSecuredPlaceholder=(e,t=`default`)=>`${st}_${e}#tabId=${t}`,e.buildSecuredTokenPlaceholder=(e,t,n=`default`)=>`${e}_${t}#tabId=${n}`,e.buildStorageKey=(e,t)=>`${e}${t}`,e.getFetchDefault=Ae,e.getParseQueryStringFromLocation=M,e.getPath=ye,e.isServiceWorkerMessageType=e=>typeof e==`string`?Object.values(at).includes(e):!1,e.signalServiceWorkerAsync=nt});
1
+ (function(e,t){typeof exports==`object`&&typeof module<`u`?t(exports):typeof define==`function`&&define.amd?define([`exports`],t):(e=typeof globalThis<`u`?globalThis:e||self,t(e[`oidc-client`]={}))})(this,function(e){Object.defineProperty(e,Symbol.toStringTag,{value:`Module`});var t={service_worker_not_supported_by_browser:`service_worker_not_supported_by_browser`,token_acquired:`token_acquired`,logout_from_another_tab:`logout_from_another_tab`,logout_from_same_tab:`logout_from_same_tab`,token_renewed:`token_renewed`,token_timer:`token_timer`,loginAsync_begin:`loginAsync_begin`,loginAsync_error:`loginAsync_error`,loginCallbackAsync_begin:`loginCallbackAsync_begin`,loginCallbackAsync_end:`loginCallbackAsync_end`,loginCallbackAsync_error:`loginCallbackAsync_error`,loginCallbackAsync_navigated:`loginCallbackAsync_navigated`,loginCallbackAsync_navigation_error:`loginCallbackAsync_navigation_error`,refreshTokensAsync_begin:`refreshTokensAsync_begin`,refreshTokensAsync:`refreshTokensAsync`,refreshTokensAsync_end:`refreshTokensAsync_end`,refreshTokensAsync_error:`refreshTokensAsync_error`,refreshTokensAsync_silent_error:`refreshTokensAsync_silent_error`,tryKeepExistingSessionAsync_begin:`tryKeepExistingSessionAsync_begin`,tryKeepExistingSessionAsync_end:`tryKeepExistingSessionAsync_end`,tryKeepExistingSessionAsync_error:`tryKeepExistingSessionAsync_error`,silentLoginAsync_begin:`silentLoginAsync_begin`,silentLoginAsync:`silentLoginAsync`,silentLoginAsync_end:`silentLoginAsync_end`,silentLoginAsync_error:`silentLoginAsync_error`,syncTokensAsync_begin:`syncTokensAsync_begin`,syncTokensAsync_lock_not_available:`syncTokensAsync_lock_not_available`,syncTokensAsync_end:`syncTokensAsync_end`,syncTokensAsync_error:`syncTokensAsync_error`,tokensInvalidAndWaitingActionsToRefresh:`tokensInvalidAndWaitingActionsToRefresh`,loadingTimeout_error:`loadingTimeout_error`},n=(e,t,n)=>{if(n==null){delete e[t];return}e[t]=JSON.stringify(n)},r=(e,t,n)=>{if(n==null){delete e[t];return}e[t]=n},i=e=>{if(typeof e!=`string`||e===`undefined`||e===`null`||e===``)return null;try{return JSON.parse(e)}catch{return null}},a=(e,t=sessionStorage,a)=>{let o=a??t,s=r=>(n(t,`oidc.${e}`,{tokens:null,status:r}),delete t[`oidc.${e}.userInfo`],a&&a!==t&&(delete o[`oidc.login.${e}`],delete o[`oidc.state.${e}`],delete o[`oidc.code_verifier.${e}`],delete o[`oidc.nonce.${e}`]),Promise.resolve()),c=async()=>{let r=i(t[`oidc.${e}`]);return r?Promise.resolve({tokens:r.tokens,status:r.status}):(n(t,`oidc.${e}`,{tokens:null,status:null}),{tokens:null,status:null})},l=r=>{n(t,`oidc.${e}`,{tokens:r})},u=async n=>{r(t,`oidc.session_state.${e}`,n)},d=async()=>t[`oidc.session_state.${e}`],f=t=>{r(o,`oidc.nonce.${e}`,t?.nonce)},p=r=>{n(t,`oidc.jwk.${e}`,r)},m=()=>i(t[`oidc.jwk.${e}`]),h=async()=>({nonce:o[`oidc.nonce.${e}`]}),g=async n=>{r(t,`oidc.dpop_nonce.${e}`,n)},_=()=>t[`oidc.dpop_nonce.${e}`],v=()=>{let n=i(t[`oidc.${e}`]);return n?JSON.stringify({tokens:n.tokens}):null},y={};return{clearAsync:s,initAsync:c,setTokens:l,getTokens:v,setSessionStateAsync:u,getSessionStateAsync:d,setNonceAsync:f,getNonceAsync:h,setLoginParams:t=>{if(t==null){delete y[e],delete o[`oidc.login.${e}`];return}y[e]=t,n(o,`oidc.login.${e}`,t)},getLoginParams:()=>{if(y[e])return y[e];let t=i(o[`oidc.login.${e}`]);return t===null?(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null):(y[e]=t,t)},getStateAsync:async()=>o[`oidc.state.${e}`],setStateAsync:async t=>{r(o,`oidc.state.${e}`,t)},getCodeVerifierAsync:async()=>o[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async t=>{r(o,`oidc.code_verifier.${e}`,t)},setDemonstratingProofOfPossessionNonce:g,getDemonstratingProofOfPossessionNonce:_,setDemonstratingProofOfPossessionJwkAsync:p,getDemonstratingProofOfPossessionJwkAsync:m}},o=2e3,s=console,c=class{constructor(e,t,n,r=o,i=!0){this._callback=e,this._client_id=t,this._url=n,this._interval=r||o,this._stopOnError=i;let a=n.indexOf(`/`,n.indexOf(`//`)+2);this._frame_origin=n.substring(0,a),this._frame=window.document.createElement(`iframe`),this._frame.style.visibility=`hidden`,this._frame.style.position=`absolute`,this._frame.style.display=`none`,this._frame.width=0,this._frame.height=0,this._frame.src=n}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener(`message`,this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data===`error`?(s.error(`CheckSessionIFrame: error message from check session op iframe`),this._stopOnError&&this.stop()):e.data===`changed`?(s.debug(e),s.debug(`CheckSessionIFrame: changed message from check session op iframe`),this.stop(),this._callback()):s.debug(`CheckSessionIFrame: `+e.data+` message from check session op iframe`))}start(e){s.debug(`CheckSessionIFrame.start :`+e),this.stop();let t=()=>{this._frame.contentWindow.postMessage(this._client_id+` `+e,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&=(s.debug(`CheckSessionIFrame.stop`),window.clearInterval(this._timer),null)}},l=(function(){let e=typeof window>`u`?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),u=(e,n,r)=>(i=null,a=null,o=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{r(t.silentLoginAsync_begin,{});let s=``;if(a&&(i??={},i.state=a),o!=null&&(i??={},i.scope=o),i!=null)for(let[e,t]of Object.entries(i))t!=null&&(s===``?s=`?${encodeURIComponent(e)}=${encodeURIComponent(t)}`:s+=`&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);let c=n.silent_login_uri+s,l=c.indexOf(`/`,c.indexOf(`//`)+2),u=c.substring(0,l),d=document.createElement(`iframe`);return d.width=`0px`,d.height=`0px`,d.id=`${e}_oidc_iframe`,d.setAttribute(`src`,c),d.style.display=`none`,document.body.appendChild(d),new Promise((i,a)=>{let o=!1,s=()=>{window.removeEventListener(`message`,c),d.remove(),o=!0},c=n=>{if(n.origin===u&&n.source===d.contentWindow){let c=`${e}_oidc_tokens:`,l=`${e}_oidc_error:`,u=`${e}_oidc_exception:`,d=n.data;if(d&&typeof d==`string`&&!o){if(d.startsWith(c)){let e=JSON.parse(n.data.replace(c,``));r(t.silentLoginAsync_end,{}),i(e),s()}else if(d.startsWith(l)){let e=JSON.parse(n.data.replace(l,``));r(t.silentLoginAsync_error,e),i({error:`oidc_`+e.error,tokens:null,sessionState:null}),s()}else if(d.startsWith(u)){let e=JSON.parse(n.data.replace(u,``));r(t.silentLoginAsync_error,e),a(Error(e.error)),s()}}}};try{window.addEventListener(`message`,c);let e=n.silent_login_timeout;setTimeout(()=>{o||(s(),r(t.silentLoginAsync_error,{reason:`timeout`}),a(Error(`timeout`)))},e)}catch(e){s(),r(t.silentLoginAsync_error,e),a(e)}})}catch(e){throw r(t.silentLoginAsync_error,e),e}},d=(e,n,r,i,a)=>(e=null,o=void 0)=>{e={...e};let s=(e,t,o)=>u(n,r,i.bind(a))(e,t,o);return(async()=>{a.timeoutId&&l.clearTimeout(a.timeoutId);let n;e&&`state`in e&&(n=e.state,delete e.state);try{let c=await s({...r.extras?{...r.extras,...e}:e,prompt:`none`},n,o);if(c)return a.tokens=c.tokens,i(t.token_acquired,{}),a.timeoutId=V(a,a.tokens.expiresAt,e,o),{}}catch(e){return e}})()},f=(e,t,n)=>(r,i,a,o=!1)=>{let s=(t,r=void 0,i=void 0)=>u(e.configurationName,n,e.publishEvent.bind(e))(t,r,i);return new Promise((l,u)=>{n.silent_login_uri&&n.silent_redirect_uri&&n.monitor_session&&r&&a&&!o?(e.checkSessionIFrame=new c(()=>{e.checkSessionIFrame.stop();let r=e.tokens;if(r===null)return;let i=r.idToken,a=r.idTokenPayload;return s({prompt:`none`,id_token_hint:i,scope:n.scope||`openid`}).then(t=>{if(t.error)throw Error(t.error);let n=t.tokens.idTokenPayload;if(a.sub===n.sub){let r=t.sessionState;e.checkSessionIFrame.start(t.sessionState),a.sid===n.sid?console.debug(`SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:`,r):console.debug(`SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:`,r)}else console.debug(`SessionMonitor._callback: Different subject signed into OP:`,n.sub)}).catch(async e=>{console.warn(`SessionMonitor._callback: Silent login failed, logging out other tabs:`,e);for(let[,e]of Object.entries(t))await e.logoutOtherTabAsync(n.client_id,a.sub)})},i,r),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(a),l(e.checkSessionIFrame)}).catch(e=>{u(e)})):l(null)})};function p(e){return new TextEncoder().encode(e)}function m(e){return btoa(e).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=+/g,``)}function h(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(e,t){return String.fromCharCode(parseInt(t,16))})}var g=e=>{let t=``;return e.forEach(function(e){t+=String.fromCharCode(e)}),m(t)};function _(e){return m(h(e))}var v={importKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`,hash:{name:`ES256`}},signAlgorithm:{name:`ECDSA`,hash:{name:`SHA-256`}},generateKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`},digestAlgorithm:{name:`SHA-256`},jwtHeaderAlgorithm:`ES256`},y={sign:e=>async(t,n,r,i,a=`dpop+jwt`)=>{switch(t=Object.assign({},t),n.typ=a,n.alg=i.jwtHeaderAlgorithm,n.alg){case`ES256`:n.jwk={kty:t.kty,crv:t.crv,x:t.x,y:t.y};break;case`RS256`:n.jwk={kty:t.kty,n:t.n,e:t.e,kid:n.kid};break;default:throw Error(`Unknown or not implemented JWS algorithm`)}let o={protected:_(JSON.stringify(n)),payload:_(JSON.stringify(r))},s=i.importKeyAlgorithm,c=await e.crypto.subtle.importKey(`jwk`,t,s,!0,[`sign`]),l=p(`${o.protected}.${o.payload}`),u=i.signAlgorithm,d=await e.crypto.subtle.sign(u,c,l);return o.signature=g(new Uint8Array(d)),`${o.protected}.${o.payload}.${o.signature}`}},b={generate:e=>async t=>{let n=t,r=await e.crypto.subtle.generateKey(n,!0,[`sign`,`verify`]);return await e.crypto.subtle.exportKey(`jwk`,r.privateKey)},neuter:e=>{let t=Object.assign({},e);return delete t.d,t.key_ops=[`verify`],t}},x={thumbprint:e=>async(t,n)=>{let r;switch(t.kty){case`EC`:r=`{"crv":"CRV","kty":"EC","x":"X","y":"Y"}`.replace(`CRV`,t.crv).replace(`X`,t.x).replace(`Y`,t.y);break;case`RSA`:r=`{"e":"E","kty":"RSA","n":"N"}`.replace(`E`,t.e).replace(`N`,t.n);break;default:throw Error(`Unknown or not implemented JWK type`)}let i=await e.crypto.subtle.digest(n,p(r));return g(new Uint8Array(i))}},ee=e=>async t=>await b.generate(e)(t),S=e=>t=>async(n,r=`POST`,i,a={})=>{let o={jti:btoa(C()),htm:r,htu:i,iat:Math.round(Date.now()/1e3),...a},s=await x.thumbprint(e)(n,t.digestAlgorithm);return await y.sign(e)(n,{kid:s},o,t)},C=()=>{let e=`xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx`,t=`0123456789abcdef`,n=0,r=``;for(let i=0;i<36;i++)e[i]!==`-`&&e[i]!==`4`&&(n=Math.random()*16|0),e[i]===`x`?r+=t[n]:e[i]===`y`?(n&=3,n|=8,r+=t[n]):r+=e[i];return r},w=()=>{let e=typeof window<`u`&&!!window.crypto;return{hasCrypto:e,hasSubtleCrypto:e&&!!window.crypto.subtle}},T=`ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`,E=e=>{let t=[];for(let n=0;n<e.byteLength;n+=1){let r=e[n]%62;t.push(T[r])}return t.join(``)},D=e=>{let t=new Uint8Array(e),{hasCrypto:n}=w();if(n)window.crypto.getRandomValues(t);else for(let n=0;n<e;n+=1)t[n]=Math.random()*62|0;return E(t)};function te(e){let t=new ArrayBuffer(e.length),n=new Uint8Array(t);for(let t=0;t<e.length;t++)n[t]=e.charCodeAt(t);return n}function ne(e){return new Promise((t,n)=>{crypto.subtle.digest(`SHA-256`,te(e)).then(e=>t(g(new Uint8Array(e))),e=>n(e))})}var re=e=>{if(e.length<43||e.length>128)return Promise.reject(Error(`Invalid code length.`));let{hasSubtleCrypto:t}=w();return t?ne(e):Promise.reject(Error(`window.crypto.subtle is unavailable.`))},ie=e=>!!(e.os===`iOS`&&e.osVersion.startsWith(`12`)||e.os===`Mac OS X`&&e.osVersion.startsWith(`10_15_6`)),ae=e=>{let t=e.appVersion,n=e.userAgent,r=`-`,i=[{s:`Windows 10`,r:/(Windows 10.0|Windows NT 10.0)/},{s:`Windows 8.1`,r:/(Windows 8.1|Windows NT 6.3)/},{s:`Windows 8`,r:/(Windows 8|Windows NT 6.2)/},{s:`Windows 7`,r:/(Windows 7|Windows NT 6.1)/},{s:`Windows Vista`,r:/Windows NT 6.0/},{s:`Windows Server 2003`,r:/Windows NT 5.2/},{s:`Windows XP`,r:/(Windows NT 5.1|Windows XP)/},{s:`Windows 2000`,r:/(Windows NT 5.0|Windows 2000)/},{s:`Windows ME`,r:/(Win 9x 4.90|Windows ME)/},{s:`Windows 98`,r:/(Windows 98|Win98)/},{s:`Windows 95`,r:/(Windows 95|Win95|Windows_95)/},{s:`Windows NT 4.0`,r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:`Windows CE`,r:/Windows CE/},{s:`Windows 3.11`,r:/Win16/},{s:`Android`,r:/Android/},{s:`Open BSD`,r:/OpenBSD/},{s:`Sun OS`,r:/SunOS/},{s:`Chrome OS`,r:/CrOS/},{s:`Linux`,r:/(Linux|X11(?!.*CrOS))/},{s:`iOS`,r:/(iPhone|iPad|iPod)/},{s:`Mac OS X`,r:/Mac OS X/},{s:`Mac OS`,r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:`QNX`,r:/QNX/},{s:`UNIX`,r:/UNIX/},{s:`BeOS`,r:/BeOS/},{s:`OS/2`,r:/OS\/2/},{s:`Search Bot`,r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(let e in i){let t=i[e];if(t.r.test(n)){r=t.s;break}}let a=`-`;switch(/Windows/.test(r)&&(a=/Windows (.*)/.exec(r)[1],r=`Windows`),r){case`Mac OS`:case`Mac OS X`:case`Android`:a=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];break;case`iOS`:{let e=/OS (\d+)_(\d+)_?(\d+)?/.exec(t);e!=null&&e.length>2&&(a=e[1]+`.`+e[2]+`.`+(parseInt(e[3])|0));break}}return{os:r,osVersion:a}};function oe(){let e=navigator.userAgent,t,n=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(n[1]))return t=/\brv[ :]+(\d+)/g.exec(e)||[],{name:`ie`,version:t[1]||``};if(n[1]===`Chrome`&&(t=e.match(/\bOPR|Edge\/(\d+)/),t!=null)){let n=t[1];if(!n){let r=e.split(t[0]+`/`);r.length>1&&(n=r[1])}return{name:`opera`,version:n}}return n=n[2]?[n[1],n[2]]:[navigator.appName,navigator.appVersion,`-?`],(t=e.match(/version\/(\d+)/i))!=null&&n.splice(1,1,t[1]),{name:n[0].toLowerCase(),version:n[1]}}var se=()=>{let{name:e,version:t}=oe();return e===`chrome`&&parseInt(t)<=70||e===`opera`&&(!t||parseInt(t.split(`.`)[0])<80)||e===`ie`?!1:!ie(ae(navigator))},ce=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(t.tryKeepExistingSessionAsync_begin,{});try{let r=e.configuration,i=await e.initAsync(r.authority,r.authority_configuration);if(n=await $(r,e.configurationName),n){let{tokens:a}=await n.initAsync(i,`tryKeepExistingSessionAsync`,r);if(a){n.startKeepAliveServiceWorker(),e.tokens=a;let o=n.getLoginParams(e.configurationName);e.timeoutId=V(e,e.tokens.expiresAt,o.extras,o.scope);let s=await n.getSessionStateAsync();return await e.startCheckSessionAsync(i.checkSessionIframe,r.client_id,s),r.preload_user_info&&await e.userInfoAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside ServiceWorker are valid`}),!0}e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!1,message:`no exiting session found`})}else{r.service_worker_relative_url&&e.publishEvent(t.service_worker_not_supported_by_browser,{message:`service worker is not supported by this browser`});let n=a(e.configurationName,r.storage??sessionStorage,r.login_state_storage??r.storage??sessionStorage),{tokens:o}=await n.initAsync();if(o){e.tokens=Ue(o,null,r.token_renew_mode);let a=n.getLoginParams();e.timeoutId=V(e,e.tokens.expiresAt,a.extras,a.scope);let s=await n.getSessionStateAsync();return await e.startCheckSessionAsync(i.checkSessionIframe,r.client_id,s),r.preload_user_info&&await e.userInfoAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside storage are valid`}),!0}}return e.publishEvent(t.tryKeepExistingSessionAsync_end,{success:!1,message:n?`service worker sessions not retrieved`:`session storage sessions not retrieved`}),!1}catch(r){return console.error(r),n&&await n.clearAsync(),e.publishEvent(t.tryKeepExistingSessionAsync_error,`tokens inside ServiceWorker are invalid`),!1}},O=class{open(e){window.location.href=e}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){let e=window.location;return e.pathname+(e.search||``)+(e.hash||``)}getOrigin(){return window.origin}},k={STATE_MISSING:`STATE_MISSING`,STATE_MISMATCH:`STATE_MISMATCH`,NONCE_MISSING:`NONCE_MISSING`},A=class e extends Error{constructor(t,n){super(n),this.name=`OidcStateError`,this.code=t,Object.setPrototypeOf(this,e.prototype)}},le=e=>e instanceof A,j={},ue=(e,t=window.sessionStorage,n)=>{if(!j[e]&&t){let n=t.getItem(e);n&&(j[e]=JSON.parse(n))}let r=1e3*n;return j[e]&&j[e].timestamp+r>Date.now()?j[e].result:null},de=(e,t,n=window.sessionStorage)=>{let r=Date.now();j[e]={result:t,timestamp:r},n&&n.setItem(e,JSON.stringify({result:t,timestamp:r}))},fe=3600,pe=e=>async(t,n=fe,r=window.sessionStorage,i=1e4)=>{let a=`${t}/.well-known/openid-configuration`,o=`oidc.server:${t}`,s=ue(o,r,n);if(s)return new R(s);let c=await M(e)(a,{},i);if(c.status!==200)return null;let l=await c.json();return de(o,l,r),new R(l)},M=e=>async(t,n={},r=1e4,i=0)=>{let a;try{let i=new AbortController;setTimeout(()=>i.abort(),r),a=await e(t,{...n,signal:i.signal})}catch(a){if(a.name===`AbortError`||a.message===`Network request failed`){if(i<=1)return await M(e)(t,n,r,i+1);throw a}else throw console.error(a.message),a}return a},me={refresh_token:`refresh_token`,access_token:`access_token`},he=e=>async(t,n,r=me.refresh_token,i,a={},o=1e4)=>{let s={token:n,token_type_hint:r,client_id:i};for(let[e,t]of Object.entries(a))s[e]===void 0&&(s[e]=t);let c=[];for(let e in s){let t=encodeURIComponent(e),n=encodeURIComponent(s[e]);c.push(`${t}=${n}`)}let l=c.join(`&`);return(await M(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`},body:l},o)).status===200?{success:!0}:{success:!1}},ge=e=>async(t,n,r,i,a={},o,s=1e4)=>{for(let[e,t]of Object.entries(r))n[e]===void 0&&(n[e]=t);let c=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);c.push(`${t}=${r}`)}let l=c.join(`&`),u=await M(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...a},body:l},s);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};let d=await u.json(),f=null;return u.headers.has(N)&&(f=u.headers.get(N)),{success:!0,status:u.status,data:We(d,i,o),demonstratingProofOfPossessionNonce:f}},_e=(e,t)=>async(n,r)=>{r=r?{...r}:{};let i=D(128),a=await re(i);await e.setCodeVerifierAsync(i),await e.setStateAsync(r.state),r.code_challenge=a,r.code_challenge_method=`S256`;let o=``;if(r)for(let[e,t]of Object.entries(r))o===``?o+=`?`:o+=`&`,o+=`${e}=${encodeURIComponent(t)}`;t.open(`${n}${o}`)},N=`DPoP-Nonce`,ve=e=>async(t,n,r,i,a=1e4)=>{n=n?{...n}:{},n.code_verifier=await e.getCodeVerifierAsync();let o=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);o.push(`${t}=${r}`)}let s=o.join(`&`),c=await M(fetch)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...r},body:s},a);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let l=null;c.headers.has(N)&&(l=c.headers.get(N));let u=await c.json();return{success:!0,data:{state:n.state,tokens:We(u,null,i),demonstratingProofOfPossessionNonce:l}}},ye=e=>{let t=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!t)throw Error(`Invalid URL`);let n=t[6],r=t[7];if(r){let e=r.split(`?`);e.length===2&&(r=e[0],n=e[1])}return n.startsWith(`?`)&&(n=n.slice(1)),t&&{href:e,protocol:t[1],host:t[2],hostname:t[3],port:t[4],path:t[5],search:n,hash:r}},be=e=>{let t=ye(e),{path:n}=t;n.endsWith(`/`)&&(n=n.slice(0,-1));let{hash:r}=t;return r===`#_=_`&&(r=``),r&&(n+=r),n},P=e=>{let{search:t}=ye(e);return xe(t)},xe=e=>{let t={},n,r,i,a=e.split(`&`);for(r=0,i=a.length;r<i;r++)n=a[r].split(`=`),t[decodeURIComponent(n[0])]=decodeURIComponent(n[1]);return t},Se=(e,n,r,i,o)=>(s=void 0,c=null,l=!1,u=void 0)=>{let d=c;return c={...c},(async()=>{let f=s||o.getPath();if(`state`in c||(c.state=D(16)),r(t.loginAsync_begin,{}),c)for(let e of Object.keys(c))e.endsWith(`:token_request`)&&delete c[e];try{let t=l?n.silent_redirect_uri:n.redirect_uri;u||=n.scope;let r=n.extras?{...n.extras,...c}:c;r.nonce||=D(12);let s={nonce:r.nonce},p=await $(n,e),m=await i(n.authority,n.authority_configuration),h;if(p)p.setLoginParams({callbackPath:f,extras:d,scope:u}),await p.initAsync(m,`loginAsync`,n),await p.setNonceAsync(s),p.startKeepAliveServiceWorker(),h=p;else{let t=a(e,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage);t.setLoginParams({callbackPath:f,extras:d,scope:u}),await t.setNonceAsync(s),h=t}let g={client_id:n.client_id,redirect_uri:t,scope:u,response_type:`code`,...r};await _e(h,o)(m.authorizationEndpoint,g)}catch(e){throw r(t.loginAsync_error,e),e}})()},Ce=e=>async(n=!1)=>{try{e.publishEvent(t.loginCallbackAsync_begin,{});let r=e.configuration,i=r.client_id,o=n?r.silent_redirect_uri:r.redirect_uri,s=r.authority,c=r.token_request_timeout,l=await e.initAsync(s,r.authority_configuration),u=P(e.location.getCurrentHref()),d=u.session_state,f=await $(r,e.configurationName),p,m,h,g;if(f)await f.initAsync(l,`loginCallbackAsync`,r),await f.setSessionStateAsync(d),m=await f.getNonceAsync(),h=f.getLoginParams(),g=await f.getStateAsync(),f.startKeepAliveServiceWorker(),p=f;else{let t=a(e.configurationName,r.storage??sessionStorage,r.login_state_storage??r.storage??sessionStorage);await t.setSessionStateAsync(d),m=await t.getNonceAsync(),h=t.getLoginParams(),g=await t.getStateAsync(),p=t}if(u.error||u.error_description)throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==l.issuer)throw console.error(),Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);if(u.state){if(!g)throw new A(k.STATE_MISSING,`OIDC state is missing from storage. The login state may have been cleared between the authorization redirect and the callback (e.g., private browsing, storage cleared, or browser eviction).`);if(u.state!==g)throw new A(k.STATE_MISMATCH,`OIDC state does not match the stored one (expected: ${g}, received: ${u.state}).`)}if(!m||!m.nonce)throw new A(k.NONCE_MISSING,`OIDC nonce is missing from storage. The login state may have been cleared between the authorization redirect and the callback (e.g., private browsing, storage cleared, or browser eviction).`);let _={code:u.code,grant_type:`authorization_code`,client_id:r.client_id,redirect_uri:o},v={};if(r.token_request_extras)for(let[e,t]of Object.entries(r.token_request_extras))v[e]=t;if(h?.extras)for(let[e,t]of Object.entries(h.extras))e.endsWith(`:token_request`)&&(v[e.replace(`:token_request`,``)]=t);let y=l.tokenEndpoint,b={};if(r.demonstrating_proof_of_possession)if(f)b.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{let t=await ee(window)(r.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await a(e.configurationName,r.storage,r.login_state_storage??r.storage).setDemonstratingProofOfPossessionJwkAsync(t),b.DPoP=await S(window)(r.demonstrating_proof_of_possession_configuration)(t,`POST`,y)}let x=await ve(p)(y,{..._,...v},b,e.configuration.token_renew_mode,c);if(!x.success)throw Error(`Token request failed`);let C,w=x.data.tokens,T=x.data.demonstratingProofOfPossessionNonce;if(x.data.state!==v.state)throw Error(`state is not valid`);let{isValid:E,reason:D}=qe(w,m.nonce,l);if(!E)throw Error(`Tokens are not OpenID valid, reason: ${D}`);if(f){if(w.refreshToken&&!w.refreshToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Refresh token should be hidden by service worker`);if(T&&w?.accessToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Demonstration of proof of possession require Access token not hidden by service worker`)}if(f)await f.initAsync(l,`syncTokensAsync`,r),C=f.getLoginParams(),T&&await f.setDemonstratingProofOfPossessionNonce(T);else{let t=a(e.configurationName,r.storage,r.login_state_storage??r.storage);C=t.getLoginParams(),T&&await t.setDemonstratingProofOfPossessionNonce(T)}return await e.startCheckSessionAsync(l.checkSessionIframe,i,d,n),e.publishEvent(t.loginCallbackAsync_end,{}),{tokens:w,state:`request.state`,callbackPath:C.callbackPath,scope:u.scope,extras:C.extras}}catch(n){throw console.error(n),e.publishEvent(t.loginCallbackAsync_error,n),n}},we={access_token:`access_token`,refresh_token:`refresh_token`},F=(e,t)=>{let n={};if(e){for(let[r,i]of Object.entries(e))if(r.endsWith(t)){let e=r.replace(t,``);n[e]=i}return n}return n},Te=e=>{let t={};if(e){for(let[n,r]of Object.entries(e))n.includes(`:`)||(t[n]=r);return t}return t},Ee=e=>async t=>{l.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();let n=await $(e.configuration,e.configurationName);n?await n.clearAsync(t):await a(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).clearAsync(t),e.tokens=null,e.userInfo=null},I=(e,n)=>async()=>{let r=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync(`LOGGED_OUT`);for(let[,i]of Object.entries(n))i===e?e.publishEvent(t.logout_from_same_tab,{}):await e.logoutSameTabAsync(e.configuration.client_id,r)},De=(e,t,n,r)=>{`id_token_hint`in t||(t.id_token_hint=n),!(`post_logout_redirect_uri`in t)&&r!==null&&(t.post_logout_redirect_uri=r);let i=``;for(let[e,n]of Object.entries(t))n!=null&&(i===``?i+=`?`:i+=`&`,i+=`${e}=${encodeURIComponent(n)}`);return`${e}${i}`},Oe=(e,t,n,r,i)=>async(a=void 0,o=null)=>{let s=e.configuration,c=await e.initAsync(s.authority,s.authority_configuration);a&&typeof a!=`string`&&(a=void 0,r.warn(`callbackPathOrUrl path is not a string`));let l=a??i.getPath(),u=!1;a&&(u=a.includes(`https://`)||a.includes(`http://`));let d=a===null?null:u?a:i.getOrigin()+l,f=e.tokens?e.tokens.idToken:``;e.isLoggingOut=!0;try{try{let t=c.revocationEndpoint;if(t){let r=[],i=e.tokens?e.tokens.accessToken:null;if(i&&s.logout_tokens_to_invalidate.includes(we.access_token)){let e=F(o,`:revoke_access_token`),a=he(n)(t,i,me.access_token,s.client_id,e);r.push(a)}let a=e.tokens?e.tokens.refreshToken:null;if(a&&s.logout_tokens_to_invalidate.includes(we.refresh_token)){let e=F(o,`:revoke_refresh_token`),i=he(n)(t,a,me.refresh_token,s.client_id,e);r.push(i)}r.length>0&&await Promise.all(r)}}catch(e){r.warn(`logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error`),r.warn(e)}let a=F(o,`:oidc`);if(a&&a.no_reload===`true`){await I(e,t)(),e.isLoggingOut=!1;return}let l=Te(o);if(c.endSessionEndpoint){let e=De(c.endSessionEndpoint,l,f,d);i.open(e)}else i.reload();await I(e,t)()}catch(t){throw e.isLoggingOut=!1,t}},L=function(e){return e.AutomaticBeforeTokenExpiration=`AutomaticBeforeTokensExpiration`,e.AutomaticOnlyWhenFetchExecuted=`AutomaticOnlyWhenFetchExecuted`,e}({}),ke=(e,t,n=!1)=>async(...r)=>{let[i,a,...o]=r,s=a?{...a}:{method:`GET`},c=new Headers;s.headers&&(c=s.headers instanceof Headers?s.headers:new Headers(s.headers));let l=(await Ke({getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await Le(t)(t.configuration,t.configurationName,t.tokens,!1);return e},renewTokensAsync:t.renewTokensAsync.bind(t)}))?.tokens?.accessToken;if(c.has(`Accept`)||c.set(`Accept`,`application/json`),l){if(t.configuration.demonstrating_proof_of_possession&&n){let e=await t.generateDemonstrationOfProofOfPossessionAsync(l,i.toString(),s.method);c.set(`Authorization`,`DPoP ${l}`),c.set(`DPoP`,e)}else c.set(`Authorization`,`Bearer ${l}`);s.credentials||=`same-origin`}return await e(i,{...s,headers:c},...o)},Ae=e=>async(t=!1,n=!1)=>{if(e.userInfo!=null&&!t)return e.userInfo;let r=!t&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(r)return e.userInfo=JSON.parse(r),e.userInfo;let i=e.configuration,a=(await e.initAsync(i.authority,i.authority_configuration)).userInfoEndpoint,o=await(async()=>{let t=await ke(fetch,e,n)(a);return t.status===200?t.json():null})();return e.userInfo=o,o&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(o)),o},je=()=>fetch,R=class{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}},z={},Me=(e,t=new O)=>(n,r=`default`)=>(z[r]||(z[r]=new B(n,r,e,t)),z[r]),Ne=async e=>{let{parsedTokens:t,callbackPath:n,extras:r,scope:i}=await e.loginCallbackAsync();return e.timeoutId=V(e,t.expiresAt,r,i),{callbackPath:n}},Pe=e=>Math.floor(Math.random()*e),B=class e{constructor(e,t=`default`,n,r=new O){this.isLoggingOut=!1,this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.clearSessionPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace(`-callback`,``).replace(`callback`,``)}-login`);let a=e.refresh_time_before_tokens_expiration_in_second??120;a>60&&(a-=Math.floor(Math.random()*40)),this.location=r??new O,this.configuration={...e,silent_login_uri:i,token_automatic_renew_mode:e.token_automatic_renew_mode??L.AutomaticBeforeTokenExpiration,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:a,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??W.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??[`access_token`,`refresh_token`],service_worker_activate:e.service_worker_activate??se,demonstrating_proof_of_possession_configuration:e.demonstrating_proof_of_possession_configuration??v,preload_user_info:e.preload_user_info??!1},this.getFetch=n??je,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){let t=Pe(9999999999999).toString();return this.events.push({id:t,func:e}),t}removeEventSubscription(e){let t=this.events.filter(t=>t.id!==e);this.events=t}publishEvent(e,t){this.events.forEach(n=>{n.func(e,t)})}static{this.getOrCreate=(e,t)=>(n,r=`default`)=>Me(e,t)(n,r)}static get(e=`default`){return Object.prototype.hasOwnProperty.call(z,e)?z[e]:null}static getOrThrow(t=`default`){let n=e.get(t);if(!n)throw Error(`OIDC library does seem initialized.
2
+ Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${t}"></OidcProvider> component.`);return n}static{this.eventNames=t}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let e=this.location,t=P(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(e=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let t=this.location,n=P(t.getCurrentHref());n.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:n.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:e==null?``:e.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame(e)}}async initAsync(e,t){if(this.initPromise!==null)return this.initPromise;let n=async()=>{if(t!=null)return new R({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});let n=await $(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await pe(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??3600,n,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=n(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise===null?(this.tryKeepExistingSessionPromise=ce(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null})):this.tryKeepExistingSessionPromise}async startCheckSessionAsync(e,t,n,r=!1){await f(this,z,this.configuration)(e,t,n,r)}async loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise===null?(i?this.loginPromise=d(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,r):this.loginPromise=Se(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,t,n,r),this.loginPromise.finally(()=>{this.loginPromise=null})):this.loginPromise}async loginCallbackAsync(t=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;let n=async()=>{let n=await Ce(this)(t),r=n.tokens;return this.tokens=r,await $(this.configuration,this.configurationName)||a(this.configurationName,this.configuration.storage,this.configuration.login_state_storage??this.configuration.storage).setTokens(r),this.publishEvent(e.eventNames.token_acquired,r),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:r,state:n.state,callbackPath:n.callbackPath,scope:n.scope,extras:n.extras}};return this.loginCallbackPromise=n(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){let i=this.configuration,o={ath:await ne(e),...r};if(await $(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${Ze(this.configurationName)}`;let s=a(this.configurationName,i.storage,i.login_state_storage??i.storage),c=await s.getDemonstratingProofOfPossessionJwkAsync(),l=s.getDemonstratingProofOfPossessionNonce();return l&&(o.nonce=l),await S(window)(i.demonstrating_proof_of_possession_configuration)(c,n,t,o)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise===null?(this.loginCallbackWithAutoTokensRenewPromise=Ne(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null})):this.loginCallbackWithAutoTokensRenewPromise}userInfoAsync(e=!1,t=!1){return this.userInfoPromise===null?(this.userInfoPromise=Ae(this)(e,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null})):this.userInfoPromise}async renewTokensAsync(e=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return l.clearTimeout(this.timeoutId),this.renewTokensPromise=Ie(this,!0,e,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(e){return await Ee(this)(e)}async clearSessionAsync(){return this.clearSessionPromise?this.clearSessionPromise:(this.clearSessionPromise=I(this,z)(),this.clearSessionPromise.finally(()=>{this.clearSessionPromise=null}))}async logoutSameTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(t.logout_from_same_tab,{mmessage:`SessionMonitor`,sub:n}))}async logoutOtherTabAsync(e,n){this.configuration.monitor_session&&this.configuration.client_id===e&&n&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===n&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(t.logout_from_another_tab,{message:`SessionMonitor`,sub:n}))}async logoutAsync(e=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=Oe(this,z,this.getFetch(),console,this.location)(e,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};async function Fe(e,t,n,r=null){let{tokens:i,status:o}=await U(e)(t=>{e.tokens=t},0,0,t,n,r);return await $(e.configuration,e.configurationName)||a(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(o),null)}async function Ie(e,t=!1,n=null,r=null){let i=e.configuration,a=`${i.client_id}_${e.configurationName}_${i.authority}`,o,s=await $(e.configuration,e.configurationName);if(i?.storage===window?.sessionStorage&&!s||!navigator.locks)o=await Fe(e,t,n,r);else{let i=`retry`;for(;i===`retry`;)i=await navigator.locks.request(a,{ifAvailable:!0},async i=>i?await Fe(e,t,n,r):(e.publishEvent(B.eventNames.syncTokensAsync_lock_not_available,{lock:`lock not available`}),`retry`));o=i}return o?(e.timeoutId&&=V(e,e.tokens.expiresAt,n,r),e.tokens):null}var V=(e,t,n=null,r=null)=>{let i=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&l.clearTimeout(e.timeoutId),l.setTimeout(async()=>{let a={timeLeft:G(i,t)};e.publishEvent(B.eventNames.token_timer,a),await Ie(e,!1,n,r)},1e3)},H={FORCE_REFRESH:`FORCE_REFRESH`,SESSION_LOST:`SESSION_LOST`,NOT_CONNECTED:`NOT_CONNECTED`,TOKENS_VALID:`TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID`,LOGOUT_FROM_ANOTHER_TAB:`LOGOUT_FROM_ANOTHER_TAB`,REQUIRE_SYNC_TOKENS:`REQUIRE_SYNC_TOKENS`,TOKENS_INVALID:`TOKENS_INVALID`},Le=e=>async(t,n,r,i=!1)=>{let o={nonce:null};if(!r)return{tokens:null,status:H.NOT_CONNECTED,nonce:o};let s,c=await e.initAsync(t.authority,t.authority_configuration),l=await $(t,n);if(l){let{status:e,tokens:n}=await l.initAsync(c,`syncTokensAsync`,t);if(e===`LOGGED_OUT`)return{tokens:null,status:H.LOGOUT_FROM_ANOTHER_TAB,nonce:o};if(e===`SESSIONS_LOST`)return{tokens:null,status:H.SESSION_LOST,nonce:o};if(!e||!n)return{tokens:null,status:H.REQUIRE_SYNC_TOKENS,nonce:o};if(n.issuedAt!==r.issuedAt)return{tokens:n,status:G(t.refresh_time_before_tokens_expiration_in_second,n.expiresAt)>0?H.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:H.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,nonce:await l.getNonceAsync()};s=await l.getNonceAsync()}else{let i=a(n,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage),c=await i.initAsync(),{tokens:l}=c,{status:u}=c;if(l&&=Ue(l,e.tokens,t.token_renew_mode),!l)return{tokens:null,status:H.LOGOUT_FROM_ANOTHER_TAB,nonce:o};if(u===`SESSIONS_LOST`)return{tokens:null,status:H.SESSION_LOST,nonce:o};if(l.issuedAt!==r.issuedAt){let e=G(t.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?H.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:H.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,n=await i.getNonceAsync();return{tokens:l,status:e,nonce:n}}s=await i.getNonceAsync()}let u=G(t.refresh_time_before_tokens_expiration_in_second,r.expiresAt)>0?`TOKENS_VALID`:`TOKENS_INVALID`;return i?{tokens:r,status:`FORCE_REFRESH`,nonce:s}:{tokens:r,status:u,nonce:s}},U=e=>async(n,r=0,i=0,o=!1,s=null,c=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:`GIVE_UP`};let l=6,d=o?2:5;for(;!navigator.onLine&&l>0;)await q({milliseconds:1e3}),l--,e.publishEvent(t.refreshTokensAsync,{message:`wait because navigator is offline try ${l}`});let f=document.hidden,p=f?r:r+1,m=f?i+1:i;if(r>=d||i>=5)return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token`}),{tokens:null,status:`SESSION_LOST`};s||={};let h=e.configuration,g=(t,n=null,r=null)=>u(e.configurationName,e.configuration,e.publishEvent.bind(e))(t,n,r),_=async()=>{try{let r,i=await $(h,e.configurationName);r=i?i.getLoginParams():a(e.configurationName,h.storage,h.login_state_storage??h.storage).getLoginParams();let o={};if(r&&r.extras)for(let[e,t]of Object.entries(r.extras))t!=null&&(o[e]=t);if(s)for(let[e,t]of Object.entries(s))t!=null&&(o[e]=t);o.prompt=`none`,c&&(o.scope=c);let l=await g(o);return l?l.error?(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token silent`}),{tokens:null,status:`SESSION_LOST`}):(n(l.tokens),e.publishEvent(B.eventNames.token_renewed,{}),{tokens:l.tokens,status:`LOGGED`}):(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token silent not active`}),{tokens:null,status:`SESSION_LOST`})}catch(r){return console.error(r),e.publishEvent(t.refreshTokensAsync_silent_error,{message:`exceptionSilent`,exception:r.message}),await U(e)(n,p,m,o,s,c)}};try{let{status:l,tokens:u,nonce:d}=await Le(e)(h,e.configurationName,e.tokens,o);switch(l){case H.SESSION_LOST:return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token session lost`}),{tokens:null,status:`SESSION_LOST`};case H.NOT_CONNECTED:return n(null),{tokens:null,status:null};case H.TOKENS_VALID:return n(u),{tokens:u,status:`LOGGED_IN`};case H.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(u),e.publishEvent(B.eventNames.token_renewed,{reason:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`}),{tokens:u,status:`LOGGED_IN`};case H.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(t.logout_from_another_tab,{status:`session syncTokensAsync`}),{tokens:null,status:`LOGGED_OUT`};case H.REQUIRE_SYNC_TOKENS:return h.token_automatic_renew_mode==L.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(t.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`}):(e.publishEvent(t.refreshTokensAsync_begin,{tryNumber:r}),await _());default:{if(h.token_automatic_renew_mode==L.AutomaticOnlyWhenFetchExecuted&&H.FORCE_REFRESH!==l)return e.publishEvent(t.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`};if(e.publishEvent(t.refreshTokensAsync_begin,{refreshToken:u.refreshToken,status:l,tryNumber:r,backgroundTry:i}),!u.refreshToken)return await _();let f=h.client_id,g=h.redirect_uri,v=h.authority,y={...h.token_request_extras?h.token_request_extras:{}};for(let[e,t]of Object.entries(s))e.endsWith(`:token_request`)&&(y[e.replace(`:token_request`,``)]=t);return await(async()=>{let r={client_id:f,redirect_uri:g,grant_type:`refresh_token`,refresh_token:u.refreshToken},i=await e.initAsync(v,h.authority_configuration),l=document.hidden?1e4:3e4*10,_=i.tokenEndpoint,b={};h.demonstrating_proof_of_possession&&(b.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(u.accessToken,_,`POST`));let x=await ge(e.getFetch())(_,r,y,u,b,h.token_renew_mode,l);if(x.success){if(!d||!d.nonce)return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token: nonce missing from storage`}),{tokens:null,status:`SESSION_LOST`};let{isValid:r,reason:o}=qe(x.data,d.nonce,i);if(!r)return n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${o}`}),{tokens:null,status:`SESSION_LOST`};if(n(x.data),x.demonstratingProofOfPossessionNonce){let t=await $(h,e.configurationName);t?await t.setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce):await a(e.configurationName,h.storage,h.login_state_storage??h.storage).setDemonstratingProofOfPossessionNonce(x.demonstratingProofOfPossessionNonce)}return e.publishEvent(t.refreshTokensAsync_end,{success:x.success}),e.publishEvent(B.eventNames.token_renewed,{reason:`REFRESH_TOKEN`}),{tokens:x.data,status:`LOGGED_IN`}}else return e.publishEvent(t.refreshTokensAsync_silent_error,{message:`bad request`,tokenResponse:x}),x.status>=400&&x.status<500?(n(null),e.publishEvent(t.refreshTokensAsync_error,{message:`session lost: ${x.status}`}),{tokens:null,status:`SESSION_LOST`}):await U(e)(n,p,m,o,s,c)})()}}}catch(r){return console.error(r),e.publishEvent(t.refreshTokensAsync_silent_error,{message:`exception`,exception:r.message}),new Promise((t,r)=>{setTimeout(()=>{U(e)(n,p,m,o,s,c).then(t).catch(r)},1e3)})}},Re=e=>decodeURIComponent(Array.prototype.map.call(atob(e),e=>`%`+(`00`+e.charCodeAt(0).toString(16)).slice(-2)).join(``)),ze=e=>JSON.parse(Re(e.replaceAll(/-/g,`+`).replaceAll(/_/g,`/`))),Be=e=>{try{return e&&Ve(e,`.`)===2?ze(e.split(`.`)[1]):null}catch(e){console.warn(e)}return null},Ve=(e,t)=>e.split(t).length-1,W={access_token_or_id_token_invalid:`access_token_or_id_token_invalid`,access_token_invalid:`access_token_invalid`,id_token_invalid:`id_token_invalid`};function He(e,t,n){return e.issuedAt?typeof e.issuedAt==`string`?parseInt(e.issuedAt,10):e.issuedAt:t&&t.iat?t.iat:n&&n.iat?n.iat:new Date().getTime()/1e3}var Ue=(e,t=null,n)=>{if(!e)return null;let r,i=typeof e.expiresIn==`string`?parseInt(e.expiresIn,10):e.expiresIn;r=e.accessTokenPayload===void 0?Be(e.accessToken):e.accessTokenPayload;let a;a=t!=null&&`idToken`in t&&!(`idToken`in e)?t.idToken:e.idToken;let o=e.idTokenPayload?e.idTokenPayload:Be(a),s=o&&o.exp?o.exp:Number.MAX_VALUE,c=r&&r.exp?r.exp:e.issuedAt+i;e.issuedAt=He(e,r,o);let l;l=e.expiresAt?e.expiresAt:n===W.access_token_invalid?c:n===W.id_token_invalid||s<c?s:c;let u={...e,idTokenPayload:o,accessTokenPayload:r,expiresAt:l,idToken:a};if(t!=null&&`refreshToken`in t&&!(`refreshToken`in e)){let e=t.refreshToken;return{...u,refreshToken:e}}return u},We=(e,t,n)=>{if(!e)return null;e.issued_at||=new Date().getTime()/1e3;let r={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return`refresh_token`in e&&(r.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(r.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(r.idTokenPayload=e.idTokenPayload),Ue(r,t,n)},G=(e,t)=>{let n=t-new Date().getTime()/1e3;return Math.round(n-e)},Ge=(e,t=0)=>e?G(t,e.expiresAt)>0:!1,Ke=async(e,t=200,n=50)=>{let r=n,i=await e.syncTokensInfoAsync();for(;[H.REQUIRE_SYNC_TOKENS,H.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,H.TOKENS_INVALID].includes(i)&&r>0;){if(e.configuration.token_automatic_renew_mode==L.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await q({milliseconds:t});--r,i=await e.syncTokensInfoAsync()}return{isTokensValid:Ge(e.getTokens()),tokens:e.getTokens(),numberWaited:r-n}},qe=(e,t,n)=>{if(e.idTokenPayload){let r=e.idTokenPayload;if(n.issuer!==r.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`};let i=new Date().getTime()/1e3;if(r.exp&&r.exp<i)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`};let a=3600*24*7;if(r.iat&&r.iat+a<i)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat+a} < (currentTimeUnixSecond) ${i}`};if(r.nonce&&r.nonce!==t)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`}}return{isValid:!0,reason:``}},Je=`7.27.19`,Ye=null,K,q=({milliseconds:e})=>new Promise(t=>l.setTimeout(t,e)),Xe=(e=`/`)=>{try{K=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:K.signal}).catch(e=>{console.log(e)}),q({milliseconds:150*1e3}).then(()=>Xe(e))}catch(e){console.log(e)}},J=()=>{K&&K.abort()},Ze=e=>{let t=`oidc.tabId.${e}`,n=sessionStorage.getItem(t);if(n)return n;let r=globalThis.crypto.randomUUID();return sessionStorage.setItem(t,r),r},Qe=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,Y=(e,t)=>n=>{let r=t?.timeoutMs??5e3;return new Promise((t,i)=>{let a=Qe(e);if(!a){i(Error(`Service worker target not available (controller/active/waiting/installing missing)`));return}let o=new MessageChannel,s=null,c=()=>{try{s!=null&&(l.clearTimeout(s),s=null),o.port1.onmessage=null,o.port1.close(),o.port2.close()}catch(e){console.error(e)}};s=l.setTimeout(()=>{c(),i(Error(`Service worker did not respond within ${r}ms (type=${n?.type})`))},r),o.port1.onmessage=e=>{c(),e?.data?.error?i(e.data.error):t(e.data)};try{let e=n?.configurationName;a.postMessage({...n,tabId:Ze(e??`default`)},[o.port2])}catch(e){c(),i(e)}})},$e=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(t=>{let n=!1,r=()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener(`controllerchange`,r),l.setTimeout(()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))},e)}),et=!1,X=!1,Z=new Map,tt=e=>e instanceof DOMException?e.name===`AbortError`:e?.name===`AbortError`,nt=`oidc.sw.controllerchange_reload_count`,Q=3,rt=()=>{try{return parseInt(sessionStorage.getItem(nt)??`0`,10)}catch{return 0}},it=()=>{let e=rt()+1;try{sessionStorage.setItem(nt,String(e))}catch{}return e},at=()=>{try{sessionStorage.removeItem(nt)}catch{}},$=async(e,t)=>{let n=e.service_worker_relative_url;if(typeof window>`u`||typeof navigator>`u`||!navigator.serviceWorker||!n||e.service_worker_activate()===!1)return null;let r=`${n}?v=${Je}`,i=e.service_worker_register?n:r;Z.has(i)||Z.set(i,e.service_worker_register?e.service_worker_register(n):navigator.serviceWorker.register(r,{updateViaCache:`none`}));let a=null;try{a=await Z.get(i)}catch(e){if(tt(e))return Z.delete(i),console.warn(`oidc-client: service worker registration was aborted (likely tab shutdown or backgrounding); falling back to non–service-worker mode.`,e),null;throw e}let o=`oidc.sw.version_mismatch_reload.${t}`,s=async e=>{J(),console.log(`New SW waiting – SKIP_WAITING`);try{await new Promise((n,r)=>{let i=new MessageChannel,a=null,o=()=>{try{a!=null&&(l.clearTimeout(a),a=null),i.port1.onmessage=null,i.port1.close(),i.port2.close()}catch(e){console.error(e)}};a=l.setTimeout(()=>{o(),r(Error(`SKIP_WAITING did not respond within 8000ms`))},8e3),i.port1.onmessage=e=>{o(),e?.data?.error?r(e.data.error):n()};try{e.postMessage({type:`SKIP_WAITING`,configurationName:t,data:null,tabId:Ze(t??`default`)},[i.port2])}catch(e){o(),r(e)}})}catch(e){console.warn(`SKIP_WAITING failed`,e)}},c=async()=>{let e=a.waiting;e?await s(e):console.warn(`sendSkipWaiting called but no waiting service worker found`)},u=e=>{J(),e.addEventListener(`statechange`,async()=>{if(e.state===`installed`&&navigator.serviceWorker.controller){if(rt()>=Q){console.warn(`SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted`);return}await s(e)}})};a.addEventListener(`updatefound`,()=>{let e=a.installing;e&&u(e)}),a.installing?u(a.installing):a.waiting&&navigator.serviceWorker.controller&&(rt()<Q?c():console.warn(`SW: a waiting worker exists but reload budget is exhausted – skipping activation`)),a.update().catch(e=>{console.error(e)});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await Y(a,{timeoutMs:8e3})({type:`claim`,configurationName:t,data:null}),await $e(2e3))}catch(e){return console.warn(`Failed init ServiceWorker ${e?.toString?.()??String(e)}`),null}et||(et=!0,navigator.serviceWorker.addEventListener(`controllerchange`,()=>{if(X)return;let e=it();if(e>Q){console.warn(`SW controllerchange: reload budget exhausted (${e-1} reloads). Skipping reload to avoid infinite loop.`);return}X=!0,console.log(`SW controller changed – reloading page`),J(),window.location.reload()}));let d=async e=>Y(a)({type:`clear`,data:{status:e},configurationName:t}),f=async(e,n,r)=>{let i=await Y(a)({type:`init`,data:{oidcServerConfiguration:e,where:n,oidcConfiguration:{token_renew_mode:r.token_renew_mode,service_worker_convert_all_requests_to_cors:r.service_worker_convert_all_requests_to_cors}},configurationName:t}),s=i.version;if(s!==`7.27.19`){console.warn(`Service worker ${s} version mismatch with js client version ${Je}, unregistering and reloading`);let e=parseInt(sessionStorage.getItem(o)??`0`,10);if(e<3){if(sessionStorage.setItem(o,String(e+1)),a.waiting)return await c(),await q({milliseconds:500}),X||(X=!0,window.location.reload()),new Promise(()=>{});{J();try{await a.update()}catch(e){console.error(e)}let e=await a.unregister();return console.log(`Service worker unregistering ${e}`),await q({milliseconds:500}),X||(X=!0,window.location.reload()),new Promise(()=>{})}}else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`)}else sessionStorage.removeItem(o),at();return{tokens:We(i.tokens,null,r.token_renew_mode),status:i.status}},p=(e=`/`)=>{Ye??(Ye=`not_null`,Xe(e))},m=e=>Y(a)({type:`setSessionState`,data:{sessionState:e},configurationName:t}),h=async()=>(await Y(a)({type:`getSessionState`,data:null,configurationName:t})).sessionState,g=e=>(sessionStorage[`oidc.nonce.${t}`]=e.nonce,Y(a)({type:`setNonce`,data:{nonce:e},configurationName:t})),_=async(e=!0)=>{let n=(await Y(a)({type:`getNonce`,data:null,configurationName:t})).nonce;return n||(n=sessionStorage[`oidc.nonce.${t}`],console.warn(`nonce not found in service worker, using sessionStorage`),e&&(await g(n),n=(await _(!1)).nonce)),{nonce:n}},v={},y=e=>{if(e==null){delete v[t],delete localStorage[`oidc.login.${t}`];return}v[t]=e,localStorage[`oidc.login.${t}`]=JSON.stringify(e)},b=()=>{if(v[t])return v[t];let e=localStorage[`oidc.login.${t}`];if(typeof e!=`string`||e===``||e===`undefined`||e===`null`)return null;try{v[t]=JSON.parse(e)}catch{return null}return v[t]},x=async e=>{await Y(a)({type:`setDemonstratingProofOfPossessionNonce`,data:{demonstratingProofOfPossessionNonce:e},configurationName:t})},ee=async()=>(await Y(a)({type:`getDemonstratingProofOfPossessionNonce`,data:null,configurationName:t})).demonstratingProofOfPossessionNonce,S=async e=>{let n=JSON.stringify(e);await Y(a)({type:`setDemonstratingProofOfPossessionJwk`,data:{demonstratingProofOfPossessionJwkJson:n},configurationName:t})},C=async()=>{let e=await Y(a)({type:`getDemonstratingProofOfPossessionJwk`,data:null,configurationName:t});return e.demonstratingProofOfPossessionJwkJson?JSON.parse(e.demonstratingProofOfPossessionJwkJson):null},w=async(e=!0)=>{let n=(await Y(a)({type:`getState`,data:null,configurationName:t})).state;return n||(n=sessionStorage[`oidc.state.${t}`],console.warn(`state not found in service worker, using sessionStorage`),e&&(await T(n),n=await w(!1))),n},T=async e=>(sessionStorage[`oidc.state.${t}`]=e,Y(a)({type:`setState`,data:{state:e},configurationName:t})),E=async(e=!0)=>{let n=(await Y(a)({type:`getCodeVerifier`,data:null,configurationName:t})).codeVerifier;return n||(n=sessionStorage[`oidc.code_verifier.${t}`],console.warn(`codeVerifier not found in service worker, using sessionStorage`),e&&(await D(n),n=await E(!1))),n},D=async e=>(sessionStorage[`oidc.code_verifier.${t}`]=e,Y(a)({type:`setCodeVerifier`,data:{codeVerifier:e},configurationName:t}));return{clearAsync:d,initAsync:f,startKeepAliveServiceWorker:()=>p(e.service_worker_keep_alive_path),setSessionStateAsync:m,getSessionStateAsync:h,setNonceAsync:g,getNonceAsync:_,setLoginParams:y,getLoginParams:b,getStateAsync:w,setStateAsync:T,getCodeVerifierAsync:E,setCodeVerifierAsync:D,setDemonstratingProofOfPossessionNonce:x,getDemonstratingProofOfPossessionNonce:ee,setDemonstratingProofOfPossessionJwkAsync:S,getDemonstratingProofOfPossessionJwkAsync:C,signalAsync:(e,n)=>Y(a,n)({...e,configurationName:e.configurationName??t})}},ot=async(e,t,n,r)=>{let i=await $(e,t);if(!i)throw Error(`signalServiceWorkerAsync: no service worker registered for configuration "${t}"`);return i.signalAsync(n,r)},st=class e{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,t){this._oidc.publishEvent(e,t)}static{this.getOrCreate=(t,n=new O)=>(r,i=`default`)=>new e(B.getOrCreate(t,n)(r,i))}static get(t=`default`){let n=B.get(t);return n?new e(n):null}static getOrThrow(t=`default`){return new e(B.getOrThrow(t))}static{this.eventNames=B.eventNames}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this._oidc.loginAsync(e,t,n,r,i)}logoutAsync(e=void 0,t=null){return this._oidc.logoutAsync(e,t)}clearSessionAsync(){return this._oidc.clearSessionAsync()}get isLoggingOut(){return this._oidc.isLoggingOut===!0}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null,t=null){return this._oidc.renewTokensAsync(e,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,t,n,r)}async getValidTokenAsync(e=200,t=50){let n=this._oidc;return Ke({getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await Le(n)(n.configuration,n.configurationName,n.tokens,!1);return e},renewTokensAsync:n.renewTokensAsync.bind(n)},e,t)}fetchWithTokens(e,t=!1){return ke(e,this._oidc,t)}async userInfoAsync(e=!1,t=!1){return this._oidc.userInfoAsync(e,t)}userInfo(){return this._oidc.userInfo}async signalServiceWorker(e,t){return ot(this._oidc.configuration,this._oidc.configurationName,e,t)}},ct=`1.0.0`,lt={SKIP_WAITING:`SKIP_WAITING`,CLAIM:`claim`,CLEAR:`clear`,INIT:`init`,SET_STATE:`setState`,GET_STATE:`getState`,SET_CODE_VERIFIER:`setCodeVerifier`,GET_CODE_VERIFIER:`getCodeVerifier`,SET_SESSION_STATE:`setSessionState`,GET_SESSION_STATE:`getSessionState`,SET_NONCE:`setNonce`,GET_NONCE:`getNonce`,SET_DPOP_NONCE:`setDemonstratingProofOfPossessionNonce`,GET_DPOP_NONCE:`getDemonstratingProofOfPossessionNonce`,SET_DPOP_JWK:`setDemonstratingProofOfPossessionJwk`,GET_DPOP_JWK:`getDemonstratingProofOfPossessionJwk`},ut={ACCESS_TOKEN:`ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER`,REFRESH_TOKEN:`REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER`,NONCE_TOKEN:`NONCE_SECURED_BY_OIDC_SERVICE_WORKER`,CODE_VERIFIER:`CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER`},dt=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER`;e.DPOP_TOKEN_PLACEHOLDER_PREFIX=dt,e.OidcClient=st,e.OidcLocation=O,e.OidcStateError=A,e.OidcStateErrorCode=k,e.PROTOCOL_VERSION=ct,e.STORAGE_KEY_PREFIX={TAB_ID:`oidc.tabId.`,STATE:`oidc.state.`,NONCE:`oidc.nonce.`,CODE_VERIFIER:`oidc.code_verifier.`,LOGIN_PARAMS:`oidc.login.`,SW_VERSION_MISMATCH_RELOAD:`oidc.sw.version_mismatch_reload.`},e.SW_CONTROLLER_CHANGE_RELOAD_COUNT_KEY=`oidc.sw.controllerchange_reload_count`,e.ServiceWorkerMessageType=lt,e.TOKEN_PLACEHOLDERS=ut,e.TokenAutomaticRenewMode=L,e.TokenRenewMode=W,e.buildDpopSecuredPlaceholder=(e,t=`default`)=>`${dt}_${e}#tabId=${t}`,e.buildSecuredTokenPlaceholder=(e,t,n=`default`)=>`${e}_${t}#tabId=${n}`,e.buildStorageKey=(e,t)=>`${e}${t}`,e.getFetchDefault=je,e.getParseQueryStringFromLocation=P,e.getPath=be,e.isOidcStateError=le,e.isServiceWorkerMessageType=e=>typeof e==`string`?Object.values(lt).includes(e):!1,e.signalServiceWorkerAsync=ot});
package/dist/initWorker.d.ts CHANGED
@@ -16,6 +16,7 @@ export declare const sleepAsync: ({ milliseconds }: {
16
16
  }) => Promise<unknown>;
17
17
  export declare const defaultServiceWorkerUpdateRequireCallback: (location: ILOidcLocation) => (registration: any, stopKeepAlive: () => void) => Promise<void>;
18
18
  export declare const getTabId: (configurationName: string) => string;
19
+ export declare const registrationCache: Map<string, Promise<ServiceWorkerRegistration>>;
19
20
  export declare const initWorkerAsync: (configuration: OidcConfiguration, configurationName: string) => Promise<{
20
21
  clearAsync: (status: any) => Promise<any>;
21
22
  initAsync: (oidcServerConfiguration: any, where: any, oidcConfiguration: OidcConfiguration) => Promise<{
package/dist/initWorker.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../src/initWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,6BAA6B,OAAO,CAAC;AAElD,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,0BAA0B;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAKD,eAAO,MAAM,UAAU,GAAI,kBAAkB;IAAE,YAAY,EAAE,GAAG,CAAA;CAAE,qBAEjE,CAAC;AA4BF,eAAO,MAAM,yCAAyC,GACnD,UAAU,cAAc,MAAY,cAAc,GAAG,EAAE,eAAe,MAAM,IAAI,kBAOhF,CAAC;AAEJ,eAAO,MAAM,QAAQ,GAAI,mBAAmB,MAAM,WAQjD,CAAC;AA2IF,eAAO,MAAM,eAAe,GAC1B,eAAe,iBAAiB,EAChC,mBAAmB,MAAM;;6EAkNJ,iBAAiB;;;;;yCAkFM,MAAM;;;+BA2BX,OAAO;;;;;+BAkGP,OAAO;2BAoBV,MAAM;sCASI,OAAO;yCAoBH,MAAM;kFA1FjB,MAAM;;mFAmBR,UAAU;;2BAiFpC,0BAA0B,YACzB,0BAA0B,KACnC,OAAO,CAAC,GAAG,CAAC;EA8BhB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,GACnC,eAAe,iBAAiB,EAChC,mBAAmB,MAAM,EACzB,SAAS,0BAA0B,EACnC,UAAU,0BAA0B,KACnC,OAAO,CAAC,GAAG,CAQb,CAAC"}
1
+ {"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../src/initWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,6BAA6B,OAAO,CAAC;AAElD,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,0BAA0B;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAKD,eAAO,MAAM,UAAU,GAAI,kBAAkB;IAAE,YAAY,EAAE,GAAG,CAAA;CAAE,qBAEjE,CAAC;AA4BF,eAAO,MAAM,yCAAyC,GACnD,UAAU,cAAc,MAAY,cAAc,GAAG,EAAE,eAAe,MAAM,IAAI,kBAOhF,CAAC;AAEJ,eAAO,MAAM,QAAQ,GAAI,mBAAmB,MAAM,WAQjD,CAAC;AAuGF,eAAO,MAAM,iBAAiB,iDAAwD,CAAC;AA+CvF,eAAO,MAAM,eAAe,GAC1B,eAAe,iBAAiB,EAChC,mBAAmB,MAAM;;6EA2NJ,iBAAiB;;;;;yCAkFM,MAAM;;;+BA2BX,OAAO;;;;;+BAkGP,OAAO;2BAoBV,MAAM;sCASI,OAAO;yCAoBH,MAAM;kFA1FjB,MAAM;;mFAmBR,UAAU;;2BAiFpC,0BAA0B,YACzB,0BAA0B,KACnC,OAAO,CAAC,GAAG,CAAC;EA8BhB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,GACnC,eAAe,iBAAiB,EAChC,mBAAmB,MAAM,EACzB,SAAS,0BAA0B,EACnC,UAAU,0BAA0B,KACnC,OAAO,CAAC,GAAG,CAQb,CAAC"}
package/dist/initWorkerAbortError.spec.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=initWorkerAbortError.spec.d.ts.map
package/dist/initWorkerAbortError.spec.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"initWorkerAbortError.spec.d.ts","sourceRoot":"","sources":["../src/initWorkerAbortError.spec.ts"],"names":[],"mappings":""}
package/dist/login.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../src/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,IAAI,MAAM,QAAQ,CAAC;AAI1B,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,MAAM,iBAAiB,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;AAEjG,eAAO,MAAM,iBAAiB,GAE1B,mBAAmB,MAAM,EACzB,eAAe,iBAAiB,EAChC,cAAc,CAAC,MAAM,KAAA,EAAE,GAAG,KAAA,KAAK,IAAI,EACnC,WAAW,iBAAiB,EAC5B,cAAc,cAAc,MAG5B,eAAc,MAAkB,EAChC,SAAQ,SAAgB,EACxB,wBAAsB,EACtB,QAAO,MAAkB,KACxB,OAAO,CAAC,OAAO,CAwEjB,CAAC;AAEJ,eAAO,MAAM,kBAAkB,GAC5B,MAAM,IAAI,MACJ,wBAAsB;;;;;;EA6L5B,CAAC"}
1
+ {"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../src/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,IAAI,MAAM,QAAQ,CAAC;AAK1B,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,MAAM,iBAAiB,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,sBAAsB,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;AAEjG,eAAO,MAAM,iBAAiB,GAE1B,mBAAmB,MAAM,EACzB,eAAe,iBAAiB,EAChC,cAAc,CAAC,MAAM,KAAA,EAAE,GAAG,KAAA,KAAK,IAAI,EACnC,WAAW,iBAAiB,EAC5B,cAAc,cAAc,MAG5B,eAAc,MAAkB,EAChC,SAAQ,SAAgB,EACxB,wBAAsB,EACtB,QAAO,MAAkB,KACxB,OAAO,CAAC,OAAO,CAwEjB,CAAC;AAEJ,eAAO,MAAM,kBAAkB,GAC5B,MAAM,IAAI,MACJ,wBAAsB;;;;;;EAiN5B,CAAC"}
package/dist/login.spec.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=login.spec.d.ts.map
package/dist/login.spec.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"login.spec.d.ts","sourceRoot":"","sources":["../src/login.spec.ts"],"names":[],"mappings":""}
package/dist/oidcStateError.d.ts ADDED
@@ -0,0 +1,33 @@
1
+ /**
2
+ * Stable, machine-readable codes for OIDC state / nonce failures occurring
3
+ * between the authorization redirect and the callback handling.
4
+ *
5
+ * These codes let consumers react to specific failure modes without having to
6
+ * pattern-match against error message strings.
7
+ */
8
+ export declare const OidcStateErrorCode: {
9
+ /** No state was found in storage when handling the callback. */
10
+ readonly STATE_MISSING: "STATE_MISSING";
11
+ /** The state returned by the server does not match the stored one. */
12
+ readonly STATE_MISMATCH: "STATE_MISMATCH";
13
+ /** No nonce was found in storage when handling the callback / renewal. */
14
+ readonly NONCE_MISSING: "NONCE_MISSING";
15
+ };
16
+ export type OidcStateErrorCode = (typeof OidcStateErrorCode)[keyof typeof OidcStateErrorCode];
17
+ /**
18
+ * Typed error thrown when the OIDC login state or nonce is missing,
19
+ * corrupted, or does not match the value returned by the authorization server.
20
+ *
21
+ * Consumers can use `instanceof OidcStateError` and inspect `code` instead of
22
+ * relying on the (unstable) error message text.
23
+ */
24
+ export declare class OidcStateError extends Error {
25
+ readonly code: OidcStateErrorCode;
26
+ constructor(code: OidcStateErrorCode, message: string);
27
+ }
28
+ /**
29
+ * Type guard for {@link OidcStateError}. Useful in callers that want to react
30
+ * specifically to state/nonce failures.
31
+ */
32
+ export declare const isOidcStateError: (value: unknown) => value is OidcStateError;
33
+ //# sourceMappingURL=oidcStateError.d.ts.map
package/dist/oidcStateError.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oidcStateError.d.ts","sourceRoot":"","sources":["../src/oidcStateError.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,eAAO,MAAM,kBAAkB;IAC7B,gEAAgE;;IAEhE,sEAAsE;;IAEtE,0EAA0E;;CAElE,CAAC;AAOX,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,OAAO,kBAAkB,CAAC,CAAC;AAE9F;;;;;;GAMG;AACH,qBAAa,cAAe,SAAQ,KAAK;IACvC,QAAQ,CAAC,IAAI,EAAE,kBAAkB,CAAC;gBAEtB,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM;CAQtD;AAED;;;GAGG;AACH,eAAO,MAAM,gBAAgB,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,cAE1D,CAAC"}
package/dist/oidcStateError.spec.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=oidcStateError.spec.d.ts.map
package/dist/oidcStateError.spec.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oidcStateError.spec.d.ts","sourceRoot":"","sources":["../src/oidcStateError.spec.ts"],"names":[],"mappings":""}
package/dist/version.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- declare const _default: "7.27.17";
1
+ declare const _default: "7.27.19";
2
2
  export default _default;
3
3
  //# sourceMappingURL=version.d.ts.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client",
3
- "version": "7.27.17",
3
+ "version": "7.27.19",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
20
20
  "url": "https://github.com/AxaFrance/oidc-client.git"
21
21
  },
22
22
  "dependencies": {
23
- "@axa-fr/oidc-client-service-worker": "7.27.17"
23
+ "@axa-fr/oidc-client-service-worker": "7.27.19"
24
24
  },
25
25
  "devDependencies": {
26
26
  "@testing-library/dom": "10.4.1",
package/src/index.ts CHANGED
@@ -5,6 +5,7 @@ export { OidcLocation } from './location.js';
5
5
  export { getFetchDefault } from './oidc.js';
6
6
  export type { OidcUserInfo } from './oidcClient.js';
7
7
  export { OidcClient } from './oidcClient.js';
8
+ export { isOidcStateError, OidcStateError, OidcStateErrorCode } from './oidcStateError.js';
8
9
  export type { Tokens } from './parseTokens.js';
9
10
  export { TokenRenewMode } from './parseTokens.js';
10
11
  export type {
package/src/initWorker.ts CHANGED
@@ -172,7 +172,18 @@ let controllerChangeReloading = false;
172
172
  // Cache registration promises by URL so that navigator.serviceWorker.register (or a custom
173
173
  // service_worker_register) is called at most once per JavaScript session (page lifetime),
174
174
  // regardless of how many times initWorkerAsync is invoked.
175
- const registrationCache = new Map<string, Promise<ServiceWorkerRegistration>>();
175
+ export const registrationCache = new Map<string, Promise<ServiceWorkerRegistration>>();
176
+
177
+ // AbortError surfaces during transient lifecycle events (e.g. iOS Safari tab shutdown or
178
+ // backgrounding) and does not represent a genuine configuration problem. We treat it as
179
+ // non-fatal, clear the cache entry so future calls can retry, and fall back to the
180
+ // non–service-worker path by returning null from initWorkerAsync.
181
+ const isAbortError = (error: unknown): boolean => {
182
+ if (error instanceof DOMException) {
183
+ return error.name === 'AbortError';
184
+ }
185
+ return (error as { name?: string } | null)?.name === 'AbortError';
186
+ };
176
187
 
177
188
  // Session-level guard to prevent infinite reload loops caused by SW update cycles.
178
189
  // The controllerchange listener triggers a page reload, but after reload the module-level
@@ -229,25 +240,34 @@ export const initWorkerAsync = async (
229
240
 
230
241
  const swUrl = `${serviceWorkerRelativeUrl}?v=${codeVersion}`;
231
242
 
243
+ const cacheKey = configuration.service_worker_register ? serviceWorkerRelativeUrl : swUrl;
244
+
245
+ if (!registrationCache.has(cacheKey)) {
246
+ registrationCache.set(
247
+ cacheKey,
248
+ configuration.service_worker_register
249
+ ? configuration.service_worker_register(serviceWorkerRelativeUrl)
250
+ : navigator.serviceWorker.register(swUrl, {
251
+ updateViaCache: 'none',
252
+ }),
253
+ );
254
+ }
255
+
232
256
  let registration: ServiceWorkerRegistration = null as any;
233
- if (configuration.service_worker_register) {
234
- if (!registrationCache.has(serviceWorkerRelativeUrl)) {
235
- registrationCache.set(
236
- serviceWorkerRelativeUrl,
237
- configuration.service_worker_register(serviceWorkerRelativeUrl),
238
- );
239
- }
240
- registration = await registrationCache.get(serviceWorkerRelativeUrl)!;
241
- } else {
242
- if (!registrationCache.has(swUrl)) {
243
- registrationCache.set(
244
- swUrl,
245
- navigator.serviceWorker.register(swUrl, {
246
- updateViaCache: 'none',
247
- }),
257
+ try {
258
+ registration = await registrationCache.get(cacheKey)!;
259
+ } catch (error) {
260
+ if (isAbortError(error)) {
261
+ // Drop the rejected promise so a later call can attempt registration again
262
+ // once the browser is in a stable state (e.g. tab is foregrounded again).
263
+ registrationCache.delete(cacheKey);
264
+ console.warn(
265
+ 'oidc-client: service worker registration was aborted (likely tab shutdown or backgrounding); falling back to non–service-worker mode.',
266
+ error,
248
267
  );
268
+ return null;
249
269
  }
250
- registration = await registrationCache.get(swUrl)!;
270
+ throw error;
251
271
  }
252
272
 
253
273
  const versionMismatchKey = `oidc.sw.version_mismatch_reload.${configurationName}`;