@axa-fr/oidc-client 7.27.2 → 7.27.3

package/dist/index.umd.cjs

@@ -1,2 +1,2 @@
-(function(x,K){typeof exports=="object"&&typeof module<"u"?K(exports):typeof define=="function"&&define.amd?define(["exports"],K):(x=typeof globalThis<"u"?globalThis:x||self,K(x["oidc-client"]={}))})(this,(function(x){"use strict";class K{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const Se=2e3,B=console;class Be{constructor(n,t,s,o=Se,i=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||Se,this._stopOnError=i;const r=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(B.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(B.debug(n),B.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):B.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){B.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(B.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const k={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},W=(e,n=sessionStorage,t)=>{const s=t??n,o=w=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:w}),delete n[`oidc.${e}.userInfo`],t&&t!==n&&(delete s[`oidc.login.${e}`],delete s[`oidc.state.${e}`],delete s[`oidc.code_verifier.${e}`],delete s[`oidc.nonce.${e}`]),Promise.resolve()),i=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const w=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:w.tokens,status:w.status})},r=w=>{n[`oidc.${e}`]=JSON.stringify({tokens:w})},a=async w=>{n[`oidc.session_state.${e}`]=w},c=async()=>n[`oidc.session_state.${e}`],f=w=>{s[`oidc.nonce.${e}`]=w.nonce},u=w=>{n[`oidc.jwk.${e}`]=JSON.stringify(w)},l=()=>JSON.parse(n[`oidc.jwk.${e}`]),h=async()=>({nonce:s[`oidc.nonce.${e}`]}),_=async w=>{n[`oidc.dpop_nonce.${e}`]=w},m=()=>n[`oidc.dpop_nonce.${e}`],p=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:o,initAsync:i,setTokens:r,getTokens:p,setSessionStateAsync:a,getSessionStateAsync:c,setNonceAsync:f,getNonceAsync:h,setLoginParams:w=>{g[e]=w,s[`oidc.login.${e}`]=JSON.stringify(w)},getLoginParams:()=>{const w=s[`oidc.login.${e}`];return w?(g[e]||(g[e]=JSON.parse(w)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>s[`oidc.state.${e}`],setStateAsync:async w=>{s[`oidc.state.${e}`]=w},getCodeVerifierAsync:async()=>s[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async w=>{s[`oidc.code_verifier.${e}`]=w},setDemonstratingProofOfPossessionNonce:_,getDemonstratingProofOfPossessionNonce:m,setDemonstratingProofOfPossessionJwkAsync:u,getDemonstratingProofOfPossessionJwkAsync:l}};var J=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(J||{});const Je=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),He=e=>JSON.parse(Je(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),Te=e=>{try{return e&&Ge(e,".")===2?He(e.split(".")[1]):null}catch(n){console.warn(n)}return null},Ge=(e,n)=>e.split(n).length-1,ee={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function je(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const re=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=Te(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:Te(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=je(e,s,r);let f;e.expiresAt?f=e.expiresAt:t===ee.access_token_invalid?f=c:t===ee.id_token_invalid?f=a:f=a<c?a:c;const u={...e,idTokenPayload:r,accessTokenPayload:s,expiresAt:f,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...u,refreshToken:l}}return u},ae=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),re(s,n,t)},q=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},qe=(e,n=0)=>e?q(n,e.expiresAt)>0:!1,ve=async(e,n=200,t=50)=>{let s=t,o=await e.syncTokensInfoAsync();for(;[P.REQUIRE_SYNC_TOKENS,P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,P.TOKENS_INVALID].includes(o)&&s>0;){if(e.configuration.token_automatic_renew_mode==J.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await Y({milliseconds:n});s=s-1,o=await e.syncTokensInfoAsync()}return{isTokensValid:qe(e.getTokens()),tokens:e.getTokens(),numberWaited:s-t}},Ee=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const i=3600*24*7;if(s.iat&&s.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+i} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},D=(function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),ce="7.27.2";let Oe=null,ne;const Y=({milliseconds:e})=>new Promise(n=>D.setTimeout(n,e)),be=(e="/")=>{try{ne=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:ne.signal}).catch(s=>{console.log(s)}),Y({milliseconds:150*1e3}).then(()=>be(e))}catch(n){console.log(n)}},te=()=>{ne&&ne.abort()},le=e=>{const n=`oidc.tabId.${e}`,t=sessionStorage.getItem(n);if(t)return t;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(n,s),s},Ye=5e3,Xe=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,I=(e,n)=>t=>{const s=n?.timeoutMs??Ye;return new Promise((o,i)=>{const r=Xe(e);if(!r){i(new Error("Service worker target not available (controller/active/waiting/installing missing)"));return}const a=new MessageChannel;let c=null;const f=()=>{try{c!=null&&(D.clearTimeout(c),c=null),a.port1.onmessage=null,a.port1.close(),a.port2.close()}catch(u){console.error(u)}};c=D.setTimeout(()=>{f(),i(new Error(`Service worker did not respond within ${s}ms (type=${t?.type})`))},s),a.port1.onmessage=u=>{f(),u?.data?.error?i(u.data.error):o(u.data)};try{const u=t?.configurationName;r.postMessage({...t,tabId:le(u??"default")},[a.port2])}catch(u){f(),i(u)}})},ze=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(n=>{let t=!1;const s=()=>{t||(t=!0,navigator.serviceWorker.removeEventListener("controllerchange",s),n(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener("controllerchange",s),D.setTimeout(()=>{t||(t=!0,navigator.serviceWorker.removeEventListener("controllerchange",s),n(navigator.serviceWorker.controller??null))},e)});let Pe=!1,H=!1;const ue="oidc.sw.controllerchange_reload_count",_e=3,fe=()=>{try{return parseInt(sessionStorage.getItem(ue)??"0",10)}catch{return 0}},Qe=()=>{const e=fe()+1;try{sessionStorage.setItem(ue,String(e))}catch{}return e},Ze=()=>{try{sessionStorage.removeItem(ue)}catch{}},L=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;const s=`${t}?v=${ce}`;let o=null;e.service_worker_register?o=await e.service_worker_register(t):o=await navigator.serviceWorker.register(s,{updateViaCache:"none"});const i=`oidc.sw.version_mismatch_reload.${n}`,r=async d=>{te(),console.log("New SW waiting – SKIP_WAITING");try{await new Promise((N,S)=>{const b=new MessageChannel;let V=null;const F=()=>{try{V!=null&&(D.clearTimeout(V),V=null),b.port1.onmessage=null,b.port1.close(),b.port2.close()}catch($){console.error($)}};V=D.setTimeout(()=>{F(),S(new Error("SKIP_WAITING did not respond within 8000ms"))},8e3),b.port1.onmessage=$=>{F(),$?.data?.error?S($.data.error):N()};try{d.postMessage({type:"SKIP_WAITING",configurationName:n,data:null,tabId:le(n??"default")},[b.port2])}catch($){F(),S($)}})}catch(N){console.warn("SKIP_WAITING failed",N)}},a=async()=>{const d=o.waiting;d?await r(d):console.warn("sendSkipWaiting called but no waiting service worker found")},c=d=>{te(),d.addEventListener("statechange",async()=>{if(d.state==="installed"&&navigator.serviceWorker.controller){if(fe()>=_e){console.warn("SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted");return}await r(d)}})};o.addEventListener("updatefound",()=>{const d=o.installing;d&&c(d)}),o.installing?c(o.installing):o.waiting&&navigator.serviceWorker.controller&&(fe()<_e?a():console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")),o.update().catch(d=>{console.error(d)});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await I(o,{timeoutMs:8e3})({type:"claim",configurationName:n,data:null}),await ze(2e3))}catch(d){return console.warn(`Failed init ServiceWorker ${d?.toString?.()??String(d)}`),null}Pe||(Pe=!0,navigator.serviceWorker.addEventListener("controllerchange",()=>{if(H)return;const d=Qe();if(d>_e){console.warn(`SW controllerchange: reload budget exhausted (${d-1} reloads). Skipping reload to avoid infinite loop.`);return}H=!0,console.log("SW controller changed – reloading page"),te(),window.location.reload()}));const f=async d=>I(o)({type:"clear",data:{status:d},configurationName:n}),u=async(d,N,S)=>{const b=await I(o)({type:"init",data:{oidcServerConfiguration:d,where:N,oidcConfiguration:{token_renew_mode:S.token_renew_mode,service_worker_convert_all_requests_to_cors:S.service_worker_convert_all_requests_to_cors}},configurationName:n}),V=b.version;if(V!==ce){console.warn(`Service worker ${V} version mismatch with js client version ${ce}, unregistering and reloading`);const F=parseInt(sessionStorage.getItem(i)??"0",10);if(F<3){if(sessionStorage.setItem(i,String(F+1)),o.waiting)return await a(),await Y({milliseconds:500}),H||(H=!0,window.location.reload()),new Promise(()=>{});{te();try{await o.update()}catch(Me){console.error(Me)}const $=await o.unregister();return console.log(`Service worker unregistering ${$}`),await Y({milliseconds:500}),H||(H=!0,window.location.reload()),new Promise(()=>{})}}else console.error(`Service worker version mismatch persists after ${F} attempt(s). Continuing with mismatched version.`)}else sessionStorage.removeItem(i),Ze();return{tokens:ae(b.tokens,null,S.token_renew_mode),status:b.status}},l=(d="/")=>{Oe==null&&(Oe="not_null",be(d))},h=d=>I(o)({type:"setSessionState",data:{sessionState:d},configurationName:n}),_=async()=>(await I(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,m=d=>(sessionStorage[`oidc.nonce.${n}`]=d.nonce,I(o)({type:"setNonce",data:{nonce:d},configurationName:n})),p=async(d=!0)=>{let S=(await I(o)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage"),d&&(await m(S),S=(await p(!1)).nonce)),{nonce:S}},g={},y=d=>{g[n]=d,localStorage[`oidc.login.${n}`]=JSON.stringify(d)},A=()=>{const d=localStorage[`oidc.login.${n}`];return g[n]||(g[n]=JSON.parse(d)),g[n]},T=async d=>{await I(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:d},configurationName:n})},O=async()=>(await I(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,v=async d=>{const N=JSON.stringify(d);await I(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:N},configurationName:n})},C=async()=>{const d=await I(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return d.demonstratingProofOfPossessionJwkJson?JSON.parse(d.demonstratingProofOfPossessionJwkJson):null},w=async(d=!0)=>{let S=(await I(o)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage"),d&&(await Z(S),S=await w(!1))),S},Z=async d=>(sessionStorage[`oidc.state.${n}`]=d,I(o)({type:"setState",data:{state:d},configurationName:n})),U=async(d=!0)=>{let S=(await I(o)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage"),d&&(await E(S),S=await U(!1))),S},E=async d=>(sessionStorage[`oidc.code_verifier.${n}`]=d,I(o)({type:"setCodeVerifier",data:{codeVerifier:d},configurationName:n}));return{clearAsync:f,initAsync:u,startKeepAliveServiceWorker:()=>l(e.service_worker_keep_alive_path),setSessionStateAsync:h,getSessionStateAsync:_,setNonceAsync:m,getNonceAsync:p,setLoginParams:y,getLoginParams:A,getStateAsync:w,setStateAsync:Z,getCodeVerifierAsync:U,setCodeVerifierAsync:E,setDemonstratingProofOfPossessionNonce:T,getDemonstratingProofOfPossessionNonce:O,setDemonstratingProofOfPossessionJwkAsync:v,getDemonstratingProofOfPossessionJwkAsync:C}},G={},en=(e,n=window.sessionStorage,t)=>{if(!G[e]&&n){const o=n.getItem(e);o&&(G[e]=JSON.parse(o))}const s=1e3*t;return G[e]&&G[e].timestamp+s>Date.now()?G[e].result:null},nn=(e,n,t=window.sessionStorage)=>{const s=Date.now();G[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function Ie(e){return new TextEncoder().encode(e)}function Ce(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function tn(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const de=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),Ce(n)};function Ne(e){return Ce(tn(e))}const sn={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},on={sign:e=>async(n,t,s,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=i,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:Ne(JSON.stringify(t)),payload:Ne(JSON.stringify(s))},a=o.importKeyAlgorithm,c=!0,f=["sign"],u=await e.crypto.subtle.importKey("jwk",n,a,c,f),l=Ie(`${r.protected}.${r.payload}`),h=o.signAlgorithm,_=await e.crypto.subtle.sign(h,u,l);return r.signature=de(new Uint8Array(_)),`${r.protected}.${r.payload}.${r.signature}`}},rn={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},an={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,Ie(s));return de(new Uint8Array(o))}},cn=e=>async n=>await rn.generate(e)(n),xe=e=>n=>async(t,s="POST",o,i={})=>{const r={jti:btoa(ln()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await an.thumbprint(e)(t,n.digestAlgorithm);return await on.sign(e)(t,{kid:a},r,n)},ln=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},We=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},ge="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",un=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%ge.length;n.push(ge[s])}return n.join("")},he=e=>{const n=new Uint8Array(e),{hasCrypto:t}=We();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*ge.length|0;return un(n)};function _n(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function Le(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",_n(e)).then(s=>n(de(new Uint8Array(s))),s=>t(s))})}const fn=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=We();return n?Le(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},dn=3600,gn=e=>async(n,t=dn,s=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=en(r,s,t);if(a)return new pe(a);const c=await X(e)(i,{},o);if(c.status!==200)return null;const f=await c.json();return nn(r,f,s),new pe(f)},X=e=>async(n,t={},s=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),s),i=await e(n,{...t,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await X(e)(n,t,s,o+1);throw r}else throw console.error(r.message),r}return i},ye={refresh_token:"refresh_token",access_token:"access_token"},De=e=>async(n,t,s=ye.refresh_token,o,i={},r=1e4)=>{const a={token:t,token_type_hint:s,client_id:o};for(const[l,h]of Object.entries(i))a[l]===void 0&&(a[l]=h);const c=[];for(const l in a){const h=encodeURIComponent(l),_=encodeURIComponent(a[l]);c.push(`${h}=${_}`)}const f=c.join("&");return(await X(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:f},r)).status!==200?{success:!1}:{success:!0}},hn=e=>async(n,t,s,o,i={},r,a=1e4)=>{for(const[_,m]of Object.entries(s))t[_]===void 0&&(t[_]=m);const c=[];for(const _ in t){const m=encodeURIComponent(_),p=encodeURIComponent(t[_]);c.push(`${m}=${p}`)}const f=c.join("&"),u=await X(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},a);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};const l=await u.json();let h=null;return u.headers.has(se)&&(h=u.headers.get(se)),{success:!0,status:u.status,data:ae(l,o,r),demonstratingProofOfPossessionNonce:h}},yn=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=he(128),i=await fn(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=i,s.code_challenge_method="S256";let r="";if(s)for(const[a,c]of Object.entries(s))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${t}${r}`)},se="DPoP-Nonce",kn=e=>async(n,t,s,o,i=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const l in t){const h=encodeURIComponent(l),_=encodeURIComponent(t[l]);r.push(`${h}=${_}`)}const a=r.join("&"),c=await X(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let f=null;c.headers.has(se)&&(f=c.headers.get(se));const u=await c.json();return{success:!0,data:{state:t.state,tokens:ae(u,null,o),demonstratingProofOfPossessionNonce:f}}};async function Re(e,n,t,s=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await oe(e)(o,0,0,n,t,s);return await L(e.configuration,e.configurationName)||W(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function $e(e,n=!1,t=null,s=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await L(e.configuration,e.configurationName);if(o?.storage===window?.sessionStorage&&!a||!navigator.locks)r=await Re(e,n,t,s);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async f=>f?await Re(e,n,t,s):(e.publishEvent(R.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=z(e,e.tokens.expiresAt,t,s)),e.tokens):null}const z=(e,n,t=null,s=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&D.clearTimeout(e.timeoutId),D.setTimeout(async()=>{const r={timeLeft:q(o,n)};e.publishEvent(R.eventNames.token_timer,r),await $e(e,!1,t,s)},1e3)},P={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS",TOKENS_INVALID:"TOKENS_INVALID"},ke=e=>async(n,t,s,o=!1)=>{const i={nonce:null};if(!s)return{tokens:null,status:P.NOT_CONNECTED,nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await L(n,t);if(c){const{status:l,tokens:h}=await c.initAsync(a,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:P.LOGOUT_FROM_ANOTHER_TAB,nonce:i};if(l==="SESSIONS_LOST")return{tokens:null,status:P.SESSION_LOST,nonce:i};if(!l||!h)return{tokens:null,status:P.REQUIRE_SYNC_TOKENS,nonce:i};if(h.issuedAt!==s.issuedAt){const m=q(n.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,p=await c.getNonceAsync();return{tokens:h,status:m,nonce:p}}r=await c.getNonceAsync()}else{const l=W(t,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage),h=await l.initAsync();let{tokens:_}=h;const{status:m}=h;if(_&&(_=re(_,e.tokens,n.token_renew_mode)),_){if(m==="SESSIONS_LOST")return{tokens:null,status:P.SESSION_LOST,nonce:i};if(_.issuedAt!==s.issuedAt){const g=q(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,y=await l.getNonceAsync();return{tokens:_,status:g,nonce:y}}}else return{tokens:null,status:P.LOGOUT_FROM_ANOTHER_TAB,nonce:i};r=await l.getNonceAsync()}const u=q(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:r}:{tokens:s,status:u,nonce:r}},oe=e=>async(n,t=0,s=0,o=!1,i=null,r=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let a=6;const c=o?2:5,f=5;for(;!navigator.onLine&&a>0;)await Y({milliseconds:1e3}),a--,e.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is offline try ${a}`});const u=document.hidden,l=u?t:t+1,h=u?s+1:s;if(t>=c||s>=f)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};i||(i={});const _=e.configuration,m=(g,y=null,A=null)=>me(e.configurationName,e.configuration,e.publishEvent.bind(e))(g,y,A),p=async()=>{try{let g;const y=await L(_,e.configurationName);y?g=y.getLoginParams():g=W(e.configurationName,_.storage,_.login_state_storage??_.storage).getLoginParams();const A={};if(g&&g.extras)for(const[O,v]of Object.entries(g.extras))v!=null&&(A[O]=v);if(i)for(const[O,v]of Object.entries(i))v!=null&&(A[O]=v);A.prompt="none",r&&(A.scope=r);const T=await m(A);return T?T.error?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(T.tokens),e.publishEvent(R.eventNames.token_renewed,{}),{tokens:T.tokens,status:"LOGGED"}):(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(g){return console.error(g),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:g.message}),await oe(e)(n,l,h,o,i,r)}};try{const{status:g,tokens:y,nonce:A}=await ke(e)(_,e.configurationName,e.tokens,o);switch(g){case P.SESSION_LOST:return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case P.NOT_CONNECTED:return n(null),{tokens:null,status:null};case P.TOKENS_VALID:return n(y),{tokens:y,status:"LOGGED_IN"};case P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(y),e.publishEvent(R.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:y,status:"LOGGED_IN"};case P.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(k.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case P.REQUIRE_SYNC_TOKENS:return _.token_automatic_renew_mode==J.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(k.refreshTokensAsync_begin,{tryNumber:t}),await p());default:{if(_.token_automatic_renew_mode==J.AutomaticOnlyWhenFetchExecuted&&P.FORCE_REFRESH!==g)return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(k.refreshTokensAsync_begin,{refreshToken:y.refreshToken,status:g,tryNumber:t,backgroundTry:s}),!y.refreshToken)return await p();const T=_.client_id,O=_.redirect_uri,v=_.authority,w={..._.token_request_extras?_.token_request_extras:{}};for(const[U,E]of Object.entries(i))U.endsWith(":token_request")&&(w[U.replace(":token_request","")]=E);return await(async()=>{const U={client_id:T,redirect_uri:O,grant_type:"refresh_token",refresh_token:y.refreshToken},E=await e.initAsync(v,_.authority_configuration),d=document.hidden?1e4:3e4*10,N=E.tokenEndpoint,S={};_.demonstrating_proof_of_possession&&(S.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(y.accessToken,N,"POST"));const b=await hn(e.getFetch())(N,U,w,y,S,_.token_renew_mode,d);if(b.success){const{isValid:V,reason:F}=Ee(b.data,A.nonce,E);if(!V)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(n(b.data),b.demonstratingProofOfPossessionNonce){const $=await L(_,e.configurationName);$?await $.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await W(e.configurationName,_.storage,_.login_state_storage??_.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(k.refreshTokensAsync_end,{success:b.success}),e.publishEvent(R.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(k.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await oe(e)(n,l,h,o,i,r)})()}}}catch(g){return console.error(g),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exception",exception:g.message}),new Promise((y,A)=>{setTimeout(()=>{oe(e)(n,l,h,o,i,r).then(y).catch(A)},1e3)})}},me=(e,n,t)=>(s=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(k.silentLoginAsync_begin,{});let r="";if(o&&(s==null&&(s={}),s.state=o),i!=null&&(s==null&&(s={}),s.scope=i),s!=null)for(const[l,h]of Object.entries(s))h!=null&&(r===""?r=`?${encodeURIComponent(l)}=${encodeURIComponent(h)}`:r+=`&${encodeURIComponent(l)}=${encodeURIComponent(h)}`);const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),f=a.substring(0,c),u=document.createElement("iframe");return u.width="0px",u.height="0px",u.id=`${e}_oidc_iframe`,u.setAttribute("src",a),u.style.display="none",document.body.appendChild(u),new Promise((l,h)=>{let _=!1;const m=()=>{window.removeEventListener("message",p),u.remove(),_=!0},p=g=>{if(g.origin===f&&g.source===u.contentWindow){const y=`${e}_oidc_tokens:`,A=`${e}_oidc_error:`,T=`${e}_oidc_exception:`,O=g.data;if(O&&typeof O=="string"&&!_){if(O.startsWith(y)){const v=JSON.parse(g.data.replace(y,""));t(k.silentLoginAsync_end,{}),l(v),m()}else if(O.startsWith(A)){const v=JSON.parse(g.data.replace(A,""));t(k.silentLoginAsync_error,v),l({error:"oidc_"+v.error,tokens:null,sessionState:null}),m()}else if(O.startsWith(T)){const v=JSON.parse(g.data.replace(T,""));t(k.silentLoginAsync_error,v),h(new Error(v.error)),m()}}}};try{window.addEventListener("message",p);const g=n.silent_login_timeout;setTimeout(()=>{_||(m(),t(k.silentLoginAsync_error,{reason:"timeout"}),h(new Error("timeout")))},g)}catch(g){m(),t(k.silentLoginAsync_error,g),h(g)}})}catch(r){throw t(k.silentLoginAsync_error,r),r}},mn=(e,n,t,s,o)=>(i=null,r=void 0)=>{i={...i};const a=(f,u,l)=>me(n,t,s.bind(o))(f,u,l);return(async()=>{o.timeoutId&&D.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const u=t.extras?{...t.extras,...i}:i,l=await a({...u,prompt:"none"},f,r);if(l)return o.tokens=l.tokens,s(k.token_acquired,{}),o.timeoutId=z(o,o.tokens.expiresAt,i,r),{}}catch(u){return u}})()},wn=(e,n,t)=>(s,o,i,r=!1)=>{const a=(c,f=void 0,u=void 0)=>me(e.configurationName,t,e.publishEvent.bind(e))(c,f,u);return new Promise((c,f)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&i&&!r){const u=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const h=l.idToken,_=l.idTokenPayload;return a({prompt:"none",id_token_hint:h,scope:t.scope||"openid"}).then(m=>{if(m.error)throw new Error(m.error);const p=m.tokens.idTokenPayload;if(_.sub===p.sub){const g=m.sessionState;e.checkSessionIFrame.start(m.sessionState),_.sid===p.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",p.sub)}).catch(async m=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",m);for(const[,p]of Object.entries(n))await p.logoutOtherTabAsync(t.client_id,_.sub)})};e.checkSessionIFrame=new Be(u,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(l=>{f(l)})}else c(null)})},pn=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),An=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(t)){o=c.s;break}}let r=s;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function Sn(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const Tn=()=>{const{name:e,version:n}=Sn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=An(navigator);return!pn(t)},vn=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(k.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await L(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=z(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,r),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(k.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=W(e.configurationName,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=re(i,null,t.token_renew_mode);const r=o.getLoginParams();e.timeoutId=z(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,a),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ke=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},En=e=>{const n=Ke(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},ie=e=>{const n=Ke(e),{search:t}=n;return On(t)},On=e=>{const n={};let t,s,o;const i=e.split("&");for(s=0,o=i.length;s<o;s++)t=i[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},bn=(e,n,t,s,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const f=r;return r={...r},(async()=>{const l=i||o.getPath();if("state"in r||(r.state=he(16)),t(k.loginAsync_begin,{}),r)for(const h of Object.keys(r))h.endsWith(":token_request")&&delete r[h];try{const h=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const _=n.extras?{...n.extras,...r}:r;_.nonce||(_.nonce=he(12));const m={nonce:_.nonce},p=await L(n,e),g=await s(n.authority,n.authority_configuration);let y;if(p)p.setLoginParams({callbackPath:l,extras:f,scope:c}),await p.initAsync(g,"loginAsync",n),await p.setNonceAsync(m),p.startKeepAliveServiceWorker(),y=p;else{const T=W(e,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage);T.setLoginParams({callbackPath:l,extras:f,scope:c}),await T.setNonceAsync(m),y=T}const A={client_id:n.client_id,redirect_uri:h,scope:c,response_type:"code",..._};await yn(y,o)(g.authorizationEndpoint,A)}catch(h){throw t(k.loginAsync_error,h),h}})()},Pn=e=>async(n=!1)=>{try{e.publishEvent(k.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,i=t.authority,r=t.token_request_timeout,a=await e.initAsync(i,t.authority_configuration),c=e.location.getCurrentHref(),f=ie(c),u=f.session_state,l=await L(t,e.configurationName);let h,_,m,p;if(l)await l.initAsync(a,"loginCallbackAsync",t),await l.setSessionStateAsync(u),_=await l.getNonceAsync(),m=l.getLoginParams(),p=await l.getStateAsync(),l.startKeepAliveServiceWorker(),h=l;else{const E=W(e.configurationName,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage);await E.setSessionStateAsync(u),_=await E.getNonceAsync(),m=E.getLoginParams(),p=await E.getStateAsync(),h=E}if(f.error||f.error_description)throw new Error(`Error from OIDC server: ${f.error} - ${f.error_description}`);if(f.iss&&f.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${f.iss})`);if(f.state&&f.state!==p)throw new Error(`State not valid (expected: ${p}, received: ${f.state})`);const g={code:f.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},y={};if(t.token_request_extras)for(const[E,d]of Object.entries(t.token_request_extras))y[E]=d;if(m?.extras)for(const[E,d]of Object.entries(m.extras))E.endsWith(":token_request")&&(y[E.replace(":token_request","")]=d);const A=a.tokenEndpoint,T={};if(t.demonstrating_proof_of_possession)if(l)T.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const E=await cn(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await W(e.configurationName,t.storage,t.login_state_storage??t.storage).setDemonstratingProofOfPossessionJwkAsync(E),T.DPoP=await xe(window)(t.demonstrating_proof_of_possession_configuration)(E,"POST",A)}const O=await kn(h)(A,{...g,...y},T,e.configuration.token_renew_mode,r);if(!O.success)throw new Error("Token request failed");let v;const C=O.data.tokens,w=O.data.demonstratingProofOfPossessionNonce;if(O.data.state!==y.state)throw new Error("state is not valid");const{isValid:Z,reason:U}=Ee(C,_.nonce,a);if(!Z)throw new Error(`Tokens are not OpenID valid, reason: ${U}`);if(l){if(C.refreshToken&&!C.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(w&&C?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(a,"syncTokensAsync",t),v=l.getLoginParams(),w&&await l.setDemonstratingProofOfPossessionNonce(w);else{const E=W(e.configurationName,t.storage,t.login_state_storage??t.storage);v=E.getLoginParams(),w&&await E.setDemonstratingProofOfPossessionNonce(w)}return await e.startCheckSessionAsync(a.checkSessionIframe,s,u,n),e.publishEvent(k.loginCallbackAsync_end,{}),{tokens:C,state:"request.state",callbackPath:v.callbackPath,scope:f.scope,extras:v.extras}}catch(t){throw console.error(t),e.publishEvent(k.loginCallbackAsync_error,t),t}},Ue={access_token:"access_token",refresh_token:"refresh_token"},we=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const i=s.replace(n,"");t[i]=o}return t}return t},In=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},Cn=e=>async n=>{D.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await L(e.configuration,e.configurationName);t?await t.clearAsync(n):await W(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},Nn=(e,n,t,s,o)=>async(i=void 0,r=null)=>{const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,s.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let u=!1;i&&(u=i.includes("https://")||i.includes("http://"));const l=u?i:o.getOrigin()+f,h=e.tokens?e.tokens.idToken:"";try{const y=c.revocationEndpoint;if(y){const A=[],T=e.tokens?e.tokens.accessToken:null;if(T&&a.logout_tokens_to_invalidate.includes(Ue.access_token)){const v=we(r,":revoke_access_token"),C=De(t)(y,T,ye.access_token,a.client_id,v);A.push(C)}const O=e.tokens?e.tokens.refreshToken:null;if(O&&a.logout_tokens_to_invalidate.includes(Ue.refresh_token)){const v=we(r,":revoke_refresh_token"),C=De(t)(y,O,ye.refresh_token,a.client_id,v);A.push(C)}A.length>0&&await Promise.all(A)}}catch(y){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(y)}const _=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync("LOGGED_OUT");for(const[,y]of Object.entries(n))y!==e?await e.logoutSameTabAsync(e.configuration.client_id,_):e.publishEvent(k.logout_from_same_tab,{});const m=we(r,":oidc");if(m&&m.no_reload==="true")return;const g=In(r);if(c.endSessionEndpoint){"id_token_hint"in g||(g.id_token_hint=h),!("post_logout_redirect_uri"in g)&&i!==null&&(g.post_logout_redirect_uri=l);let y="";for(const[A,T]of Object.entries(g))T!=null&&(y===""?y+="?":y+="&",y+=`${A}=${encodeURIComponent(T)}`);o.open(`${c.endSessionEndpoint}${y}`)}else o.reload()},Ve=(e,n,t=!1)=>async(...s)=>{const[o,i,...r]=s,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const f={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:_}=await ke(n)(n.configuration,n.configurationName,n.tokens,!1);return _},renewTokensAsync:n.renewTokensAsync.bind(n)},l=(await ve(f))?.tokens?.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(n.configuration.demonstrating_proof_of_possession&&t){const _=await n.generateDemonstrationOfProofOfPossessionAsync(l,o.toString(),a.method);c.set("Authorization",`DPoP ${l}`),c.set("DPoP",_)}else c.set("Authorization",`Bearer ${l}`);a.credentials||(a.credentials="same-origin")}const h={...a,headers:c};return await e(o,h,...r)},xn=e=>async(n=!1,t=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const s=!n&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(s)return e.userInfo=JSON.parse(s),e.userInfo;const o=e.configuration,r=(await e.initAsync(o.authority,o.authority_configuration)).userInfoEndpoint,c=await(async()=>{const u=await Ve(fetch,e,t)(r);return u.status!==200?null:u.json()})();return e.userInfo=c,c&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(c)),c},Fe=()=>fetch;class pe{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const M={},Wn=(e,n=new K)=>(t,s="default")=>(M[s]||(M[s]=new R(t,s,e,n)),M[s]),Ln=async e=>{const{parsedTokens:n,callbackPath:t,extras:s,scope:o}=await e.loginCallbackAsync();return e.timeoutId=z(e,n.expiresAt,s,o),{callbackPath:t}},Dn=e=>Math.floor(Math.random()*e),Q=class Q{constructor(n,t="default",s,o=new K){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new K,this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??J.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??ee.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_activate:n.service_worker_activate??Tn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??sn,preload_user_info:n.preload_user_info??!1},this.getFetch=s??Fe,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=Dn(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(M,n)&&t)throw Error(`OIDC library does seem initialized.
-Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return M[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=ie(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=ie(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new pe({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const i=await L(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await gn(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??3600,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=vn(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,t,s,o=!1){await wn(this,M,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=mn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):this.loginPromise=bn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await Pn(this)(n),o=s.tokens;return this.tokens=o,await L(this.configuration,this.configurationName)||W(this.configurationName,this.configuration.storage,this.configuration.login_state_storage??this.configuration.storage).setTokens(o),this.publishEvent(Q.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath,scope:s.scope,extras:s.extras}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const i=this.configuration,r={ath:await Le(n),...o};if(await L(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${le(this.configurationName)}`;const c=W(this.configurationName,i.storage,i.login_state_storage??i.storage),f=await c.getDemonstratingProofOfPossessionJwkAsync(),u=c.getDemonstratingProofOfPossessionNonce();return u&&(r.nonce=u),await xe(window)(i.demonstrating_proof_of_possession_configuration)(f,s,t,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=Ln(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,t=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=xn(this)(n,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return D.clearTimeout(this.timeoutId),this.renewTokensPromise=$e(this,!0,n,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await Cn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=Nn(this,M,this.getFetch(),console,this.location)(n,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};Q.getOrCreate=(n,t)=>(s,o="default")=>Wn(n,t)(s,o),Q.eventNames=k;let R=Q;const j=class j{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new j(R.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,t,s,o,i)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,t=null){return this._oidc.renewTokensAsync(n,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){const s=this._oidc,o={getTokens:()=>s.tokens,configuration:{token_automatic_renew_mode:s.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:s.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:i}=await ke(s)(s.configuration,s.configurationName,s.tokens,!1);return i},renewTokensAsync:s.renewTokensAsync.bind(s)};return ve(o,n,t)}fetchWithTokens(n,t=!1){return Ve(n,this._oidc,t)}async userInfoAsync(n=!1,t=!1){return this._oidc.userInfoAsync(n,t)}userInfo(){return this._oidc.userInfo}};j.getOrCreate=(n,t=new K)=>(s,o="default")=>new j(R.getOrCreate(n,t)(s,o)),j.eventNames=R.eventNames;let Ae=j;x.OidcClient=Ae,x.OidcLocation=K,x.TokenAutomaticRenewMode=J,x.TokenRenewMode=ee,x.getFetchDefault=Fe,x.getParseQueryStringFromLocation=ie,x.getPath=En,Object.defineProperty(x,Symbol.toStringTag,{value:"Module"})}));
+(function(x,K){typeof exports=="object"&&typeof module<"u"?K(exports):typeof define=="function"&&define.amd?define(["exports"],K):(x=typeof globalThis<"u"?globalThis:x||self,K(x["oidc-client"]={}))})(this,(function(x){"use strict";class K{open(n){window.location.href=n}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){const n=window.location;return n.pathname+(n.search||"")+(n.hash||"")}getOrigin(){return window.origin}}const Te=2e3,B=console;class Je{constructor(n,t,s,o=Te,i=!0){this._callback=n,this._client_id=t,this._url=s,this._interval=o||Te,this._stopOnError=i;const r=s.indexOf("/",s.indexOf("//")+2);this._frame_origin=s.substring(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=s}load(){return new Promise(n=>{this._frame.onload=()=>{n()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(n){n.origin===this._frame_origin&&n.source===this._frame.contentWindow&&(n.data==="error"?(B.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):n.data==="changed"?(B.debug(n),B.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):B.debug("CheckSessionIFrame: "+n.data+" message from check session op iframe"))}start(n){B.debug("CheckSessionIFrame.start :"+n),this.stop();const t=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+n,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&(B.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const k={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_acquired:"token_acquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_lock_not_available:"syncTokensAsync_lock_not_available",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error",tokensInvalidAndWaitingActionsToRefresh:"tokensInvalidAndWaitingActionsToRefresh"},W=(e,n=sessionStorage,t)=>{const s=t??n,o=w=>(n[`oidc.${e}`]=JSON.stringify({tokens:null,status:w}),delete n[`oidc.${e}.userInfo`],t&&t!==n&&(delete s[`oidc.login.${e}`],delete s[`oidc.state.${e}`],delete s[`oidc.code_verifier.${e}`],delete s[`oidc.nonce.${e}`]),Promise.resolve()),i=async()=>{if(!n[`oidc.${e}`])return n[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const w=JSON.parse(n[`oidc.${e}`]);return Promise.resolve({tokens:w.tokens,status:w.status})},r=w=>{n[`oidc.${e}`]=JSON.stringify({tokens:w})},a=async w=>{n[`oidc.session_state.${e}`]=w},c=async()=>n[`oidc.session_state.${e}`],f=w=>{s[`oidc.nonce.${e}`]=w.nonce},u=w=>{n[`oidc.jwk.${e}`]=JSON.stringify(w)},l=()=>JSON.parse(n[`oidc.jwk.${e}`]),h=async()=>({nonce:s[`oidc.nonce.${e}`]}),_=async w=>{n[`oidc.dpop_nonce.${e}`]=w},m=()=>n[`oidc.dpop_nonce.${e}`],p=()=>n[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(n[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:o,initAsync:i,setTokens:r,getTokens:p,setSessionStateAsync:a,getSessionStateAsync:c,setNonceAsync:f,getNonceAsync:h,setLoginParams:w=>{g[e]=w,s[`oidc.login.${e}`]=JSON.stringify(w)},getLoginParams:()=>{const w=s[`oidc.login.${e}`];return w?(g[e]||(g[e]=JSON.parse(w)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>s[`oidc.state.${e}`],setStateAsync:async w=>{s[`oidc.state.${e}`]=w},getCodeVerifierAsync:async()=>s[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async w=>{s[`oidc.code_verifier.${e}`]=w},setDemonstratingProofOfPossessionNonce:_,getDemonstratingProofOfPossessionNonce:m,setDemonstratingProofOfPossessionJwkAsync:u,getDemonstratingProofOfPossessionJwkAsync:l}};var J=(e=>(e.AutomaticBeforeTokenExpiration="AutomaticBeforeTokensExpiration",e.AutomaticOnlyWhenFetchExecuted="AutomaticOnlyWhenFetchExecuted",e))(J||{});const He=e=>decodeURIComponent(Array.prototype.map.call(atob(e),n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join("")),Ge=e=>JSON.parse(He(e.replaceAll(/-/g,"+").replaceAll(/_/g,"/"))),ve=e=>{try{return e&&je(e,".")===2?Ge(e.split(".")[1]):null}catch(n){console.warn(n)}return null},je=(e,n)=>e.split(n).length-1,ne={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function qe(e,n,t){if(e.issuedAt){if(typeof e.issuedAt=="string")return parseInt(e.issuedAt,10)}else return n&&n.iat?n.iat:t&&t.iat?t.iat:new Date().getTime()/1e3;return e.issuedAt}const ae=(e,n=null,t)=>{if(!e)return null;let s;const o=typeof e.expiresIn=="string"?parseInt(e.expiresIn,10):e.expiresIn;e.accessTokenPayload!==void 0?s=e.accessTokenPayload:s=ve(e.accessToken);let i;n!=null&&"idToken"in n&&!("idToken"in e)?i=n.idToken:i=e.idToken;const r=e.idTokenPayload?e.idTokenPayload:ve(i),a=r&&r.exp?r.exp:Number.MAX_VALUE,c=s&&s.exp?s.exp:e.issuedAt+o;e.issuedAt=qe(e,s,r);let f;e.expiresAt?f=e.expiresAt:t===ne.access_token_invalid?f=c:t===ne.id_token_invalid?f=a:f=a<c?a:c;const u={...e,idTokenPayload:r,accessTokenPayload:s,expiresAt:f,idToken:i};if(n!=null&&"refreshToken"in n&&!("refreshToken"in e)){const l=n.refreshToken;return{...u,refreshToken:l}}return u},ce=(e,n,t)=>{if(!e)return null;if(!e.issued_at){const o=new Date().getTime()/1e3;e.issued_at=o}const s={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return"refresh_token"in e&&(s.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(s.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(s.idTokenPayload=e.idTokenPayload),ae(s,n,t)},Y=(e,n)=>{const t=new Date().getTime()/1e3,s=n-t;return Math.round(s-e)},Ye=(e,n=0)=>e?Y(n,e.expiresAt)>0:!1,Ee=async(e,n=200,t=50)=>{let s=t,o=await e.syncTokensInfoAsync();for(;[P.REQUIRE_SYNC_TOKENS,P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,P.TOKENS_INVALID].includes(o)&&s>0;){if(e.configuration.token_automatic_renew_mode==J.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await X({milliseconds:n});s=s-1,o=await e.syncTokensInfoAsync()}return{isTokensValid:Ye(e.getTokens()),tokens:e.getTokens(),numberWaited:s-t}},Oe=(e,n,t)=>{if(e.idTokenPayload){const s=e.idTokenPayload;if(t.issuer!==s.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`};const o=new Date().getTime()/1e3;if(s.exp&&s.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`};const i=3600*24*7;if(s.iat&&s.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat+i} < (currentTimeUnixSecond) ${o}`};if(s.nonce&&s.nonce!==n)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`}}return{isValid:!0,reason:""}},D=(function(){const e=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),le="7.27.3";let be=null,te;const X=({milliseconds:e})=>new Promise(n=>D.setTimeout(n,e)),Pe=(e="/")=>{try{te=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:te.signal}).catch(s=>{console.log(s)}),X({milliseconds:150*1e3}).then(()=>Pe(e))}catch(n){console.log(n)}},se=()=>{te&&te.abort()},ue=e=>{const n=`oidc.tabId.${e}`,t=sessionStorage.getItem(n);if(t)return t;const s=globalThis.crypto.randomUUID();return sessionStorage.setItem(n,s),s},Xe=5e3,ze=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,I=(e,n)=>t=>{const s=n?.timeoutMs??Xe;return new Promise((o,i)=>{const r=ze(e);if(!r){i(new Error("Service worker target not available (controller/active/waiting/installing missing)"));return}const a=new MessageChannel;let c=null;const f=()=>{try{c!=null&&(D.clearTimeout(c),c=null),a.port1.onmessage=null,a.port1.close(),a.port2.close()}catch(u){console.error(u)}};c=D.setTimeout(()=>{f(),i(new Error(`Service worker did not respond within ${s}ms (type=${t?.type})`))},s),a.port1.onmessage=u=>{f(),u?.data?.error?i(u.data.error):o(u.data)};try{const u=t?.configurationName;r.postMessage({...t,tabId:ue(u??"default")},[a.port2])}catch(u){f(),i(u)}})},Qe=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(n=>{let t=!1;const s=()=>{t||(t=!0,navigator.serviceWorker.removeEventListener("controllerchange",s),n(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener("controllerchange",s),D.setTimeout(()=>{t||(t=!0,navigator.serviceWorker.removeEventListener("controllerchange",s),n(navigator.serviceWorker.controller??null))},e)});let Ie=!1,H=!1;const G=new Map,_e="oidc.sw.controllerchange_reload_count",fe=3,de=()=>{try{return parseInt(sessionStorage.getItem(_e)??"0",10)}catch{return 0}},Ze=()=>{const e=de()+1;try{sessionStorage.setItem(_e,String(e))}catch{}return e},en=()=>{try{sessionStorage.removeItem(_e)}catch{}},L=async(e,n)=>{const t=e.service_worker_relative_url;if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!t||e.service_worker_activate()===!1)return null;const s=`${t}?v=${le}`;let o=null;e.service_worker_register?(G.has(t)||G.set(t,e.service_worker_register(t)),o=await G.get(t)):(G.has(s)||G.set(s,navigator.serviceWorker.register(s,{updateViaCache:"none"})),o=await G.get(s));const i=`oidc.sw.version_mismatch_reload.${n}`,r=async d=>{se(),console.log("New SW waiting – SKIP_WAITING");try{await new Promise((N,S)=>{const b=new MessageChannel;let V=null;const F=()=>{try{V!=null&&(D.clearTimeout(V),V=null),b.port1.onmessage=null,b.port1.close(),b.port2.close()}catch($){console.error($)}};V=D.setTimeout(()=>{F(),S(new Error("SKIP_WAITING did not respond within 8000ms"))},8e3),b.port1.onmessage=$=>{F(),$?.data?.error?S($.data.error):N()};try{d.postMessage({type:"SKIP_WAITING",configurationName:n,data:null,tabId:ue(n??"default")},[b.port2])}catch($){F(),S($)}})}catch(N){console.warn("SKIP_WAITING failed",N)}},a=async()=>{const d=o.waiting;d?await r(d):console.warn("sendSkipWaiting called but no waiting service worker found")},c=d=>{se(),d.addEventListener("statechange",async()=>{if(d.state==="installed"&&navigator.serviceWorker.controller){if(de()>=fe){console.warn("SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted");return}await r(d)}})};o.addEventListener("updatefound",()=>{const d=o.installing;d&&c(d)}),o.installing?c(o.installing):o.waiting&&navigator.serviceWorker.controller&&(de()<fe?a():console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")),o.update().catch(d=>{console.error(d)});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await I(o,{timeoutMs:8e3})({type:"claim",configurationName:n,data:null}),await Qe(2e3))}catch(d){return console.warn(`Failed init ServiceWorker ${d?.toString?.()??String(d)}`),null}Ie||(Ie=!0,navigator.serviceWorker.addEventListener("controllerchange",()=>{if(H)return;const d=Ze();if(d>fe){console.warn(`SW controllerchange: reload budget exhausted (${d-1} reloads). Skipping reload to avoid infinite loop.`);return}H=!0,console.log("SW controller changed – reloading page"),se(),window.location.reload()}));const f=async d=>I(o)({type:"clear",data:{status:d},configurationName:n}),u=async(d,N,S)=>{const b=await I(o)({type:"init",data:{oidcServerConfiguration:d,where:N,oidcConfiguration:{token_renew_mode:S.token_renew_mode,service_worker_convert_all_requests_to_cors:S.service_worker_convert_all_requests_to_cors}},configurationName:n}),V=b.version;if(V!==le){console.warn(`Service worker ${V} version mismatch with js client version ${le}, unregistering and reloading`);const F=parseInt(sessionStorage.getItem(i)??"0",10);if(F<3){if(sessionStorage.setItem(i,String(F+1)),o.waiting)return await a(),await X({milliseconds:500}),H||(H=!0,window.location.reload()),new Promise(()=>{});{se();try{await o.update()}catch(Be){console.error(Be)}const $=await o.unregister();return console.log(`Service worker unregistering ${$}`),await X({milliseconds:500}),H||(H=!0,window.location.reload()),new Promise(()=>{})}}else console.error(`Service worker version mismatch persists after ${F} attempt(s). Continuing with mismatched version.`)}else sessionStorage.removeItem(i),en();return{tokens:ce(b.tokens,null,S.token_renew_mode),status:b.status}},l=(d="/")=>{be==null&&(be="not_null",Pe(d))},h=d=>I(o)({type:"setSessionState",data:{sessionState:d},configurationName:n}),_=async()=>(await I(o)({type:"getSessionState",data:null,configurationName:n})).sessionState,m=d=>(sessionStorage[`oidc.nonce.${n}`]=d.nonce,I(o)({type:"setNonce",data:{nonce:d},configurationName:n})),p=async(d=!0)=>{let S=(await I(o)({type:"getNonce",data:null,configurationName:n})).nonce;return S||(S=sessionStorage[`oidc.nonce.${n}`],console.warn("nonce not found in service worker, using sessionStorage"),d&&(await m(S),S=(await p(!1)).nonce)),{nonce:S}},g={},y=d=>{g[n]=d,localStorage[`oidc.login.${n}`]=JSON.stringify(d)},A=()=>{const d=localStorage[`oidc.login.${n}`];return g[n]||(g[n]=JSON.parse(d)),g[n]},T=async d=>{await I(o)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:d},configurationName:n})},O=async()=>(await I(o)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:n})).demonstratingProofOfPossessionNonce,v=async d=>{const N=JSON.stringify(d);await I(o)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:N},configurationName:n})},C=async()=>{const d=await I(o)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:n});return d.demonstratingProofOfPossessionJwkJson?JSON.parse(d.demonstratingProofOfPossessionJwkJson):null},w=async(d=!0)=>{let S=(await I(o)({type:"getState",data:null,configurationName:n})).state;return S||(S=sessionStorage[`oidc.state.${n}`],console.warn("state not found in service worker, using sessionStorage"),d&&(await ee(S),S=await w(!1))),S},ee=async d=>(sessionStorage[`oidc.state.${n}`]=d,I(o)({type:"setState",data:{state:d},configurationName:n})),U=async(d=!0)=>{let S=(await I(o)({type:"getCodeVerifier",data:null,configurationName:n})).codeVerifier;return S||(S=sessionStorage[`oidc.code_verifier.${n}`],console.warn("codeVerifier not found in service worker, using sessionStorage"),d&&(await E(S),S=await U(!1))),S},E=async d=>(sessionStorage[`oidc.code_verifier.${n}`]=d,I(o)({type:"setCodeVerifier",data:{codeVerifier:d},configurationName:n}));return{clearAsync:f,initAsync:u,startKeepAliveServiceWorker:()=>l(e.service_worker_keep_alive_path),setSessionStateAsync:h,getSessionStateAsync:_,setNonceAsync:m,getNonceAsync:p,setLoginParams:y,getLoginParams:A,getStateAsync:w,setStateAsync:ee,getCodeVerifierAsync:U,setCodeVerifierAsync:E,setDemonstratingProofOfPossessionNonce:T,getDemonstratingProofOfPossessionNonce:O,setDemonstratingProofOfPossessionJwkAsync:v,getDemonstratingProofOfPossessionJwkAsync:C}},j={},nn=(e,n=window.sessionStorage,t)=>{if(!j[e]&&n){const o=n.getItem(e);o&&(j[e]=JSON.parse(o))}const s=1e3*t;return j[e]&&j[e].timestamp+s>Date.now()?j[e].result:null},tn=(e,n,t=window.sessionStorage)=>{const s=Date.now();j[e]={result:n,timestamp:s},t&&t.setItem(e,JSON.stringify({result:n,timestamp:s}))};function Ce(e){return new TextEncoder().encode(e)}function Ne(e){return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function sn(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(t,s){return String.fromCharCode(parseInt(s,16))})}const ge=e=>{let n="";return e.forEach(function(t){n+=String.fromCharCode(t)}),Ne(n)};function xe(e){return Ne(sn(e))}const on={importKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},signAlgorithm:{name:"ECDSA",hash:{name:"SHA-256"}},generateKeyAlgorithm:{name:"ECDSA",namedCurve:"P-256"},digestAlgorithm:{name:"SHA-256"},jwtHeaderAlgorithm:"ES256"},rn={sign:e=>async(n,t,s,o,i="dpop+jwt")=>{switch(n=Object.assign({},n),t.typ=i,t.alg=o.jwtHeaderAlgorithm,t.alg){case"ES256":t.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y};break;case"RS256":t.jwk={kty:n.kty,n:n.n,e:n.e,kid:t.kid};break;default:throw new Error("Unknown or not implemented JWS algorithm")}const r={protected:xe(JSON.stringify(t)),payload:xe(JSON.stringify(s))},a=o.importKeyAlgorithm,c=!0,f=["sign"],u=await e.crypto.subtle.importKey("jwk",n,a,c,f),l=Ce(`${r.protected}.${r.payload}`),h=o.signAlgorithm,_=await e.crypto.subtle.sign(h,u,l);return r.signature=ge(new Uint8Array(_)),`${r.protected}.${r.payload}.${r.signature}`}},an={generate:e=>async n=>{const t=n,s=!0,o=["sign","verify"],i=await e.crypto.subtle.generateKey(t,s,o);return await e.crypto.subtle.exportKey("jwk",i.privateKey)},neuter:e=>{const n=Object.assign({},e);return delete n.d,n.key_ops=["verify"],n}},cn={thumbprint:e=>async(n,t)=>{let s;switch(n.kty){case"EC":s='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);break;case"RSA":s='{"e":"E","kty":"RSA","n":"N"}'.replace("E",n.e).replace("N",n.n);break;default:throw new Error("Unknown or not implemented JWK type")}const o=await e.crypto.subtle.digest(t,Ce(s));return ge(new Uint8Array(o))}},ln=e=>async n=>await an.generate(e)(n),We=e=>n=>async(t,s="POST",o,i={})=>{const r={jti:btoa(un()),htm:s,htu:o,iat:Math.round(Date.now()/1e3),...i},a=await cn.thumbprint(e)(t,n.digestAlgorithm);return await rn.sign(e)(t,{kid:a},r,n)},un=()=>{const e="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",n="0123456789abcdef";let t=0,s="";for(let o=0;o<36;o++)e[o]!=="-"&&e[o]!=="4"&&(t=Math.random()*16|0),e[o]==="x"?s+=n[t]:e[o]==="y"?(t&=3,t|=8,s+=n[t]):s+=e[o];return s},Le=()=>{const e=typeof window<"u"&&!!window.crypto,n=e&&!!window.crypto.subtle;return{hasCrypto:e,hasSubtleCrypto:n}},he="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",_n=e=>{const n=[];for(let t=0;t<e.byteLength;t+=1){const s=e[t]%he.length;n.push(he[s])}return n.join("")},ye=e=>{const n=new Uint8Array(e),{hasCrypto:t}=Le();if(t)window.crypto.getRandomValues(n);else for(let s=0;s<e;s+=1)n[s]=Math.random()*he.length|0;return _n(n)};function fn(e){const n=new ArrayBuffer(e.length),t=new Uint8Array(n);for(let s=0;s<e.length;s++)t[s]=e.charCodeAt(s);return t}function De(e){return new Promise((n,t)=>{crypto.subtle.digest("SHA-256",fn(e)).then(s=>n(ge(new Uint8Array(s))),s=>t(s))})}const dn=e=>{if(e.length<43||e.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:n}=Le();return n?De(e):Promise.reject(new Error("window.crypto.subtle is unavailable."))},gn=3600,hn=e=>async(n,t=gn,s=window.sessionStorage,o=1e4)=>{const i=`${n}/.well-known/openid-configuration`,r=`oidc.server:${n}`,a=nn(r,s,t);if(a)return new Ae(a);const c=await z(e)(i,{},o);if(c.status!==200)return null;const f=await c.json();return tn(r,f,s),new Ae(f)},z=e=>async(n,t={},s=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),s),i=await e(n,{...t,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await z(e)(n,t,s,o+1);throw r}else throw console.error(r.message),r}return i},ke={refresh_token:"refresh_token",access_token:"access_token"},Re=e=>async(n,t,s=ke.refresh_token,o,i={},r=1e4)=>{const a={token:t,token_type_hint:s,client_id:o};for(const[l,h]of Object.entries(i))a[l]===void 0&&(a[l]=h);const c=[];for(const l in a){const h=encodeURIComponent(l),_=encodeURIComponent(a[l]);c.push(`${h}=${_}`)}const f=c.join("&");return(await z(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:f},r)).status!==200?{success:!1}:{success:!0}},yn=e=>async(n,t,s,o,i={},r,a=1e4)=>{for(const[_,m]of Object.entries(s))t[_]===void 0&&(t[_]=m);const c=[];for(const _ in t){const m=encodeURIComponent(_),p=encodeURIComponent(t[_]);c.push(`${m}=${p}`)}const f=c.join("&"),u=await z(e)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},a);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};const l=await u.json();let h=null;return u.headers.has(oe)&&(h=u.headers.get(oe)),{success:!0,status:u.status,data:ce(l,o,r),demonstratingProofOfPossessionNonce:h}},kn=(e,n)=>async(t,s)=>{s=s?{...s}:{};const o=ye(128),i=await dn(o);await e.setCodeVerifierAsync(o),await e.setStateAsync(s.state),s.code_challenge=i,s.code_challenge_method="S256";let r="";if(s)for(const[a,c]of Object.entries(s))r===""?r+="?":r+="&",r+=`${a}=${encodeURIComponent(c)}`;n.open(`${t}${r}`)},oe="DPoP-Nonce",mn=e=>async(n,t,s,o,i=1e4)=>{t=t?{...t}:{},t.code_verifier=await e.getCodeVerifierAsync();const r=[];for(const l in t){const h=encodeURIComponent(l),_=encodeURIComponent(t[l]);r.push(`${h}=${_}`)}const a=r.join("&"),c=await z(fetch)(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...s},body:a},i);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let f=null;c.headers.has(oe)&&(f=c.headers.get(oe));const u=await c.json();return{success:!0,data:{state:t.state,tokens:ce(u,null,o),demonstratingProofOfPossessionNonce:f}}};async function $e(e,n,t,s=null){const o=c=>{e.tokens=c},{tokens:i,status:r}=await ie(e)(o,0,0,n,t,s);return await L(e.configuration,e.configurationName)||W(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(r),null)}async function Ke(e,n=!1,t=null,s=null){const o=e.configuration,i=`${o.client_id}_${e.configurationName}_${o.authority}`;let r;const a=await L(e.configuration,e.configurationName);if(o?.storage===window?.sessionStorage&&!a||!navigator.locks)r=await $e(e,n,t,s);else{let c="retry";for(;c==="retry";)c=await navigator.locks.request(i,{ifAvailable:!0},async f=>f?await $e(e,n,t,s):(e.publishEvent(R.eventNames.syncTokensAsync_lock_not_available,{lock:"lock not available"}),"retry"));r=c}return r?(e.timeoutId&&(e.timeoutId=Q(e,e.tokens.expiresAt,t,s)),e.tokens):null}const Q=(e,n,t=null,s=null)=>{const o=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&D.clearTimeout(e.timeoutId),D.setTimeout(async()=>{const r={timeLeft:Y(o,n)};e.publishEvent(R.eventNames.token_timer,r),await Ke(e,!1,t,s)},1e3)},P={FORCE_REFRESH:"FORCE_REFRESH",SESSION_LOST:"SESSION_LOST",NOT_CONNECTED:"NOT_CONNECTED",TOKENS_VALID:"TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",LOGOUT_FROM_ANOTHER_TAB:"LOGOUT_FROM_ANOTHER_TAB",REQUIRE_SYNC_TOKENS:"REQUIRE_SYNC_TOKENS",TOKENS_INVALID:"TOKENS_INVALID"},me=e=>async(n,t,s,o=!1)=>{const i={nonce:null};if(!s)return{tokens:null,status:P.NOT_CONNECTED,nonce:i};let r=i;const a=await e.initAsync(n.authority,n.authority_configuration),c=await L(n,t);if(c){const{status:l,tokens:h}=await c.initAsync(a,"syncTokensAsync",n);if(l==="LOGGED_OUT")return{tokens:null,status:P.LOGOUT_FROM_ANOTHER_TAB,nonce:i};if(l==="SESSIONS_LOST")return{tokens:null,status:P.SESSION_LOST,nonce:i};if(!l||!h)return{tokens:null,status:P.REQUIRE_SYNC_TOKENS,nonce:i};if(h.issuedAt!==s.issuedAt){const m=Y(n.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,p=await c.getNonceAsync();return{tokens:h,status:m,nonce:p}}r=await c.getNonceAsync()}else{const l=W(t,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage),h=await l.initAsync();let{tokens:_}=h;const{status:m}=h;if(_&&(_=ae(_,e.tokens,n.token_renew_mode)),_){if(m==="SESSIONS_LOST")return{tokens:null,status:P.SESSION_LOST,nonce:i};if(_.issuedAt!==s.issuedAt){const g=Y(n.refresh_time_before_tokens_expiration_in_second,_.expiresAt)>0?P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,y=await l.getNonceAsync();return{tokens:_,status:g,nonce:y}}}else return{tokens:null,status:P.LOGOUT_FROM_ANOTHER_TAB,nonce:i};r=await l.getNonceAsync()}const u=Y(n.refresh_time_before_tokens_expiration_in_second,s.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:s,status:"FORCE_REFRESH",nonce:r}:{tokens:s,status:u,nonce:r}},ie=e=>async(n,t=0,s=0,o=!1,i=null,r=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:"GIVE_UP"};let a=6;const c=o?2:5,f=5;for(;!navigator.onLine&&a>0;)await X({milliseconds:1e3}),a--,e.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is offline try ${a}`});const u=document.hidden,l=u?t:t+1,h=u?s+1:s;if(t>=c||s>=f)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};i||(i={});const _=e.configuration,m=(g,y=null,A=null)=>we(e.configurationName,e.configuration,e.publishEvent.bind(e))(g,y,A),p=async()=>{try{let g;const y=await L(_,e.configurationName);y?g=y.getLoginParams():g=W(e.configurationName,_.storage,_.login_state_storage??_.storage).getLoginParams();const A={};if(g&&g.extras)for(const[O,v]of Object.entries(g.extras))v!=null&&(A[O]=v);if(i)for(const[O,v]of Object.entries(i))v!=null&&(A[O]=v);A.prompt="none",r&&(A.scope=r);const T=await m(A);return T?T.error?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}):(n(T.tokens),e.publishEvent(R.eventNames.token_renewed,{}),{tokens:T.tokens,status:"LOGGED"}):(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent not active"}),{tokens:null,status:"SESSION_LOST"})}catch(g){return console.error(g),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:g.message}),await ie(e)(n,l,h,o,i,r)}};try{const{status:g,tokens:y,nonce:A}=await me(e)(_,e.configurationName,e.tokens,o);switch(g){case P.SESSION_LOST:return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case P.NOT_CONNECTED:return n(null),{tokens:null,status:null};case P.TOKENS_VALID:return n(y),{tokens:y,status:"LOGGED_IN"};case P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return n(y),e.publishEvent(R.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:y,status:"LOGGED_IN"};case P.LOGOUT_FROM_ANOTHER_TAB:return n(null),e.publishEvent(k.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case P.REQUIRE_SYNC_TOKENS:return _.token_automatic_renew_mode==J.AutomaticOnlyWhenFetchExecuted&&!o?(e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"}):(e.publishEvent(k.refreshTokensAsync_begin,{tryNumber:t}),await p());default:{if(_.token_automatic_renew_mode==J.AutomaticOnlyWhenFetchExecuted&&P.FORCE_REFRESH!==g)return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:"GIVE_UP"};if(e.publishEvent(k.refreshTokensAsync_begin,{refreshToken:y.refreshToken,status:g,tryNumber:t,backgroundTry:s}),!y.refreshToken)return await p();const T=_.client_id,O=_.redirect_uri,v=_.authority,w={..._.token_request_extras?_.token_request_extras:{}};for(const[U,E]of Object.entries(i))U.endsWith(":token_request")&&(w[U.replace(":token_request","")]=E);return await(async()=>{const U={client_id:T,redirect_uri:O,grant_type:"refresh_token",refresh_token:y.refreshToken},E=await e.initAsync(v,_.authority_configuration),d=document.hidden?1e4:3e4*10,N=E.tokenEndpoint,S={};_.demonstrating_proof_of_possession&&(S.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(y.accessToken,N,"POST"));const b=await yn(e.getFetch())(N,U,w,y,S,_.token_renew_mode,d);if(b.success){const{isValid:V,reason:F}=Oe(b.data,A.nonce,E);if(!V)return n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${F}`}),{tokens:null,status:"SESSION_LOST"};if(n(b.data),b.demonstratingProofOfPossessionNonce){const $=await L(_,e.configurationName);$?await $.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await W(e.configurationName,_.storage,_.login_state_storage??_.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return e.publishEvent(k.refreshTokensAsync_end,{success:b.success}),e.publishEvent(R.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return e.publishEvent(k.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),b.status>=400&&b.status<500?(n(null),e.publishEvent(k.refreshTokensAsync_error,{message:`session lost: ${b.status}`}),{tokens:null,status:"SESSION_LOST"}):await ie(e)(n,l,h,o,i,r)})()}}}catch(g){return console.error(g),e.publishEvent(k.refreshTokensAsync_silent_error,{message:"exception",exception:g.message}),new Promise((y,A)=>{setTimeout(()=>{ie(e)(n,l,h,o,i,r).then(y).catch(A)},1e3)})}},we=(e,n,t)=>(s=null,o=null,i=null)=>{if(!n.silent_redirect_uri||!n.silent_login_uri)return Promise.resolve(null);try{t(k.silentLoginAsync_begin,{});let r="";if(o&&(s==null&&(s={}),s.state=o),i!=null&&(s==null&&(s={}),s.scope=i),s!=null)for(const[l,h]of Object.entries(s))h!=null&&(r===""?r=`?${encodeURIComponent(l)}=${encodeURIComponent(h)}`:r+=`&${encodeURIComponent(l)}=${encodeURIComponent(h)}`);const a=n.silent_login_uri+r,c=a.indexOf("/",a.indexOf("//")+2),f=a.substring(0,c),u=document.createElement("iframe");return u.width="0px",u.height="0px",u.id=`${e}_oidc_iframe`,u.setAttribute("src",a),u.style.display="none",document.body.appendChild(u),new Promise((l,h)=>{let _=!1;const m=()=>{window.removeEventListener("message",p),u.remove(),_=!0},p=g=>{if(g.origin===f&&g.source===u.contentWindow){const y=`${e}_oidc_tokens:`,A=`${e}_oidc_error:`,T=`${e}_oidc_exception:`,O=g.data;if(O&&typeof O=="string"&&!_){if(O.startsWith(y)){const v=JSON.parse(g.data.replace(y,""));t(k.silentLoginAsync_end,{}),l(v),m()}else if(O.startsWith(A)){const v=JSON.parse(g.data.replace(A,""));t(k.silentLoginAsync_error,v),l({error:"oidc_"+v.error,tokens:null,sessionState:null}),m()}else if(O.startsWith(T)){const v=JSON.parse(g.data.replace(T,""));t(k.silentLoginAsync_error,v),h(new Error(v.error)),m()}}}};try{window.addEventListener("message",p);const g=n.silent_login_timeout;setTimeout(()=>{_||(m(),t(k.silentLoginAsync_error,{reason:"timeout"}),h(new Error("timeout")))},g)}catch(g){m(),t(k.silentLoginAsync_error,g),h(g)}})}catch(r){throw t(k.silentLoginAsync_error,r),r}},wn=(e,n,t,s,o)=>(i=null,r=void 0)=>{i={...i};const a=(f,u,l)=>we(n,t,s.bind(o))(f,u,l);return(async()=>{o.timeoutId&&D.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const u=t.extras?{...t.extras,...i}:i,l=await a({...u,prompt:"none"},f,r);if(l)return o.tokens=l.tokens,s(k.token_acquired,{}),o.timeoutId=Q(o,o.tokens.expiresAt,i,r),{}}catch(u){return u}})()},pn=(e,n,t)=>(s,o,i,r=!1)=>{const a=(c,f=void 0,u=void 0)=>we(e.configurationName,t,e.publishEvent.bind(e))(c,f,u);return new Promise((c,f)=>{if(t.silent_login_uri&&t.silent_redirect_uri&&t.monitor_session&&s&&i&&!r){const u=()=>{e.checkSessionIFrame.stop();const l=e.tokens;if(l===null)return;const h=l.idToken,_=l.idTokenPayload;return a({prompt:"none",id_token_hint:h,scope:t.scope||"openid"}).then(m=>{if(m.error)throw new Error(m.error);const p=m.tokens.idTokenPayload;if(_.sub===p.sub){const g=m.sessionState;e.checkSessionIFrame.start(m.sessionState),_.sid===p.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",p.sub)}).catch(async m=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",m);for(const[,p]of Object.entries(n))await p.logoutOtherTabAsync(t.client_id,_.sub)})};e.checkSessionIFrame=new Je(u,o,s),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(i),c(e.checkSessionIFrame)}).catch(l=>{f(l)})}else c(null)})},An=e=>!!(e.os==="iOS"&&e.osVersion.startsWith("12")||e.os==="Mac OS X"&&e.osVersion.startsWith("10_15_6")),Sn=e=>{const n=e.appVersion,t=e.userAgent,s="-";let o=s;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const a in i){const c=i[a];if(c.r.test(t)){o=c.s;break}}let r=s;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];break;case"iOS":{const a=/OS (\d+)_(\d+)_?(\d+)?/.exec(n);a!=null&&a.length>2&&(r=a[1]+"."+a[2]+"."+(parseInt(a[3])|0));break}}return{os:o,osVersion:r}};function Tn(){const e=navigator.userAgent;let n,t=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(t[1]))return n=/\brv[ :]+(\d+)/g.exec(e)||[],{name:"ie",version:n[1]||""};if(t[1]==="Chrome"&&(n=e.match(/\bOPR|Edge\/(\d+)/),n!=null)){let s=n[1];if(!s){const o=e.split(n[0]+"/");o.length>1&&(s=o[1])}return{name:"opera",version:s}}return t=t[2]?[t[1],t[2]]:[navigator.appName,navigator.appVersion,"-?"],(n=e.match(/version\/(\d+)/i))!=null&&t.splice(1,1,n[1]),{name:t[0].toLowerCase(),version:t[1]}}const vn=()=>{const{name:e,version:n}=Tn();if(e==="chrome"&&parseInt(n)<=70||e==="opera"&&(!n||parseInt(n.split(".")[0])<80)||e==="ie")return!1;const t=Sn(navigator);return!An(t)},En=async e=>{let n;if(e.tokens!=null)return!1;e.publishEvent(k.tryKeepExistingSessionAsync_begin,{});try{const t=e.configuration,s=await e.initAsync(t.authority,t.authority_configuration);if(n=await L(t,e.configurationName),n){const{tokens:o}=await n.initAsync(s,"tryKeepExistingSessionAsync",t);if(o){n.startKeepAliveServiceWorker(),e.tokens=o;const i=n.getLoginParams(e.configurationName);e.timeoutId=Q(e,e.tokens.expiresAt,i.extras,i.scope);const r=await n.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,r),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&e.publishEvent(k.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const o=W(e.configurationName,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage),{tokens:i}=await o.initAsync();if(i){e.tokens=ae(i,null,t.token_renew_mode);const r=o.getLoginParams();e.timeoutId=Q(e,e.tokens.expiresAt,r.extras,r.scope);const a=await o.getSessionStateAsync();return await e.startCheckSessionAsync(s.checkSessionIframe,t.client_id,a),t.preload_user_info&&await e.userInfoAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return e.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:n?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),n&&await n.clearAsync(),e.publishEvent(k.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}},Ue=e=>{const n=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!n)throw new Error("Invalid URL");let t=n[6],s=n[7];if(s){const o=s.split("?");o.length===2&&(s=o[0],t=o[1])}return t.startsWith("?")&&(t=t.slice(1)),n&&{href:e,protocol:n[1],host:n[2],hostname:n[3],port:n[4],path:n[5],search:t,hash:s}},On=e=>{const n=Ue(e);let{path:t}=n;t.endsWith("/")&&(t=t.slice(0,-1));let{hash:s}=n;return s==="#_=_"&&(s=""),s&&(t+=s),t},re=e=>{const n=Ue(e),{search:t}=n;return bn(t)},bn=e=>{const n={};let t,s,o;const i=e.split("&");for(s=0,o=i.length;s<o;s++)t=i[s].split("="),n[decodeURIComponent(t[0])]=decodeURIComponent(t[1]);return n},Pn=(e,n,t,s,o)=>(i=void 0,r=null,a=!1,c=void 0)=>{const f=r;return r={...r},(async()=>{const l=i||o.getPath();if("state"in r||(r.state=ye(16)),t(k.loginAsync_begin,{}),r)for(const h of Object.keys(r))h.endsWith(":token_request")&&delete r[h];try{const h=a?n.silent_redirect_uri:n.redirect_uri;c||(c=n.scope);const _=n.extras?{...n.extras,...r}:r;_.nonce||(_.nonce=ye(12));const m={nonce:_.nonce},p=await L(n,e),g=await s(n.authority,n.authority_configuration);let y;if(p)p.setLoginParams({callbackPath:l,extras:f,scope:c}),await p.initAsync(g,"loginAsync",n),await p.setNonceAsync(m),p.startKeepAliveServiceWorker(),y=p;else{const T=W(e,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage);T.setLoginParams({callbackPath:l,extras:f,scope:c}),await T.setNonceAsync(m),y=T}const A={client_id:n.client_id,redirect_uri:h,scope:c,response_type:"code",..._};await kn(y,o)(g.authorizationEndpoint,A)}catch(h){throw t(k.loginAsync_error,h),h}})()},In=e=>async(n=!1)=>{try{e.publishEvent(k.loginCallbackAsync_begin,{});const t=e.configuration,s=t.client_id,o=n?t.silent_redirect_uri:t.redirect_uri,i=t.authority,r=t.token_request_timeout,a=await e.initAsync(i,t.authority_configuration),c=e.location.getCurrentHref(),f=re(c),u=f.session_state,l=await L(t,e.configurationName);let h,_,m,p;if(l)await l.initAsync(a,"loginCallbackAsync",t),await l.setSessionStateAsync(u),_=await l.getNonceAsync(),m=l.getLoginParams(),p=await l.getStateAsync(),l.startKeepAliveServiceWorker(),h=l;else{const E=W(e.configurationName,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage);await E.setSessionStateAsync(u),_=await E.getNonceAsync(),m=E.getLoginParams(),p=await E.getStateAsync(),h=E}if(f.error||f.error_description)throw new Error(`Error from OIDC server: ${f.error} - ${f.error_description}`);if(f.iss&&f.iss!==a.issuer)throw console.error(),new Error(`Issuer not valid (expected: ${a.issuer}, received: ${f.iss})`);if(f.state&&f.state!==p)throw new Error(`State not valid (expected: ${p}, received: ${f.state})`);const g={code:f.code,grant_type:"authorization_code",client_id:t.client_id,redirect_uri:o},y={};if(t.token_request_extras)for(const[E,d]of Object.entries(t.token_request_extras))y[E]=d;if(m?.extras)for(const[E,d]of Object.entries(m.extras))E.endsWith(":token_request")&&(y[E.replace(":token_request","")]=d);const A=a.tokenEndpoint,T={};if(t.demonstrating_proof_of_possession)if(l)T.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{const E=await ln(window)(t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await W(e.configurationName,t.storage,t.login_state_storage??t.storage).setDemonstratingProofOfPossessionJwkAsync(E),T.DPoP=await We(window)(t.demonstrating_proof_of_possession_configuration)(E,"POST",A)}const O=await mn(h)(A,{...g,...y},T,e.configuration.token_renew_mode,r);if(!O.success)throw new Error("Token request failed");let v;const C=O.data.tokens,w=O.data.demonstratingProofOfPossessionNonce;if(O.data.state!==y.state)throw new Error("state is not valid");const{isValid:ee,reason:U}=Oe(C,_.nonce,a);if(!ee)throw new Error(`Tokens are not OpenID valid, reason: ${U}`);if(l){if(C.refreshToken&&!C.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(w&&C?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(l)await l.initAsync(a,"syncTokensAsync",t),v=l.getLoginParams(),w&&await l.setDemonstratingProofOfPossessionNonce(w);else{const E=W(e.configurationName,t.storage,t.login_state_storage??t.storage);v=E.getLoginParams(),w&&await E.setDemonstratingProofOfPossessionNonce(w)}return await e.startCheckSessionAsync(a.checkSessionIframe,s,u,n),e.publishEvent(k.loginCallbackAsync_end,{}),{tokens:C,state:"request.state",callbackPath:v.callbackPath,scope:f.scope,extras:v.extras}}catch(t){throw console.error(t),e.publishEvent(k.loginCallbackAsync_error,t),t}},Ve={access_token:"access_token",refresh_token:"refresh_token"},pe=(e,n)=>{const t={};if(e){for(const[s,o]of Object.entries(e))if(s.endsWith(n)){const i=s.replace(n,"");t[i]=o}return t}return t},Cn=e=>{const n={};if(e){for(const[t,s]of Object.entries(e))t.includes(":")||(n[t]=s);return n}return n},Nn=e=>async n=>{D.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();const t=await L(e.configuration,e.configurationName);t?await t.clearAsync(n):await W(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).clearAsync(n),e.tokens=null,e.userInfo=null},xn=(e,n,t,s,o)=>async(i=void 0,r=null)=>{const a=e.configuration,c=await e.initAsync(a.authority,a.authority_configuration);i&&typeof i!="string"&&(i=void 0,s.warn("callbackPathOrUrl path is not a string"));const f=i??o.getPath();let u=!1;i&&(u=i.includes("https://")||i.includes("http://"));const l=u?i:o.getOrigin()+f,h=e.tokens?e.tokens.idToken:"";try{const y=c.revocationEndpoint;if(y){const A=[],T=e.tokens?e.tokens.accessToken:null;if(T&&a.logout_tokens_to_invalidate.includes(Ve.access_token)){const v=pe(r,":revoke_access_token"),C=Re(t)(y,T,ke.access_token,a.client_id,v);A.push(C)}const O=e.tokens?e.tokens.refreshToken:null;if(O&&a.logout_tokens_to_invalidate.includes(Ve.refresh_token)){const v=pe(r,":revoke_refresh_token"),C=Re(t)(y,O,ke.refresh_token,a.client_id,v);A.push(C)}A.length>0&&await Promise.all(A)}}catch(y){s.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),s.warn(y)}const _=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync("LOGGED_OUT");for(const[,y]of Object.entries(n))y!==e?await e.logoutSameTabAsync(e.configuration.client_id,_):e.publishEvent(k.logout_from_same_tab,{});const m=pe(r,":oidc");if(m&&m.no_reload==="true")return;const g=Cn(r);if(c.endSessionEndpoint){"id_token_hint"in g||(g.id_token_hint=h),!("post_logout_redirect_uri"in g)&&i!==null&&(g.post_logout_redirect_uri=l);let y="";for(const[A,T]of Object.entries(g))T!=null&&(y===""?y+="?":y+="&",y+=`${A}=${encodeURIComponent(T)}`);o.open(`${c.endSessionEndpoint}${y}`)}else o.reload()},Fe=(e,n,t=!1)=>async(...s)=>{const[o,i,...r]=s,a=i?{...i}:{method:"GET"};let c=new Headers;a.headers&&(c=a.headers instanceof Headers?a.headers:new Headers(a.headers));const f={getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:_}=await me(n)(n.configuration,n.configurationName,n.tokens,!1);return _},renewTokensAsync:n.renewTokensAsync.bind(n)},l=(await Ee(f))?.tokens?.accessToken;if(c.has("Accept")||c.set("Accept","application/json"),l){if(n.configuration.demonstrating_proof_of_possession&&t){const _=await n.generateDemonstrationOfProofOfPossessionAsync(l,o.toString(),a.method);c.set("Authorization",`DPoP ${l}`),c.set("DPoP",_)}else c.set("Authorization",`Bearer ${l}`);a.credentials||(a.credentials="same-origin")}const h={...a,headers:c};return await e(o,h,...r)},Wn=e=>async(n=!1,t=!1)=>{if(e.userInfo!=null&&!n)return e.userInfo;const s=!n&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(s)return e.userInfo=JSON.parse(s),e.userInfo;const o=e.configuration,r=(await e.initAsync(o.authority,o.authority_configuration)).userInfoEndpoint,c=await(async()=>{const u=await Fe(fetch,e,t)(r);return u.status!==200?null:u.json()})();return e.userInfo=c,c&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(c)),c},Me=()=>fetch;class Ae{constructor(n){this.authorizationEndpoint=n.authorization_endpoint,this.tokenEndpoint=n.token_endpoint,this.revocationEndpoint=n.revocation_endpoint,this.userInfoEndpoint=n.userinfo_endpoint,this.checkSessionIframe=n.check_session_iframe,this.issuer=n.issuer,this.endSessionEndpoint=n.end_session_endpoint}}const M={},Ln=(e,n=new K)=>(t,s="default")=>(M[s]||(M[s]=new R(t,s,e,n)),M[s]),Dn=async e=>{const{parsedTokens:n,callbackPath:t,extras:s,scope:o}=await e.loginCallbackAsync();return e.timeoutId=Q(e,n.expiresAt,s,o),{callbackPath:t}},Rn=e=>Math.floor(Math.random()*e),Z=class Z{constructor(n,t="default",s,o=new K){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=n.silent_login_uri;n.silent_redirect_uri&&!n.silent_login_uri&&(i=`${n.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=n.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.location=o??new K,this.configuration={...n,silent_login_uri:i,token_automatic_renew_mode:n.token_automatic_renew_mode??J.AutomaticBeforeTokenExpiration,monitor_session:n.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:n.silent_login_timeout??12e3,token_renew_mode:n.token_renew_mode??ne.access_token_or_id_token_invalid,demonstrating_proof_of_possession:n.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:n.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:n.logout_tokens_to_invalidate??["access_token","refresh_token"],service_worker_activate:n.service_worker_activate??vn,demonstrating_proof_of_possession_configuration:n.demonstrating_proof_of_possession_configuration??on,preload_user_info:n.preload_user_info??!1},this.getFetch=s??Me,this.configurationName=t,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(n){const t=Rn(9999999999999).toString();return this.events.push({id:t,func:n}),t}removeEventSubscription(n){const t=this.events.filter(s=>s.id!==n);this.events=t}publishEvent(n,t){this.events.forEach(s=>{s.func(n,t)})}static get(n="default"){const t=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(M,n)&&t)throw Error(`OIDC library does seem initialized.
+Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);return M[n]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const n=this.location,t=re(n.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,n.getOrigin())}}_silentLoginErrorCallbackFromIFrame(n=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const t=this.location,s=re(t.getCurrentHref());s.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:s.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:n==null?"":n.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(n){console.error(n),this._silentLoginErrorCallbackFromIFrame(n)}}async initAsync(n,t){if(this.initPromise!==null)return this.initPromise;const s=async()=>{if(t!=null)return new Ae({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});const i=await L(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await hn(this.getFetch())(n,this.configuration.authority_time_cache_wellknowurl_in_second??3600,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=s(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise!==null?this.tryKeepExistingSessionPromise:(this.tryKeepExistingSessionPromise=En(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null}))}async startCheckSessionAsync(n,t,s,o=!1){await pn(this,M,this.configuration)(n,t,s,o)}async loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise!==null?this.loginPromise:(i?this.loginPromise=wn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,o):this.loginPromise=Pn(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(n,t,s,o),this.loginPromise.finally(()=>{this.loginPromise=null}))}async loginCallbackAsync(n=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const t=async()=>{const s=await In(this)(n),o=s.tokens;return this.tokens=o,await L(this.configuration,this.configurationName)||W(this.configurationName,this.configuration.storage,this.configuration.login_state_storage??this.configuration.storage).setTokens(o),this.publishEvent(Z.eventNames.token_acquired,o),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:o,state:s.state,callbackPath:s.callbackPath,scope:s.scope,extras:s.extras}};return this.loginCallbackPromise=t(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){const i=this.configuration,r={ath:await De(n),...o};if(await L(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${ue(this.configurationName)}`;const c=W(this.configurationName,i.storage,i.login_state_storage??i.storage),f=await c.getDemonstratingProofOfPossessionJwkAsync(),u=c.getDemonstratingProofOfPossessionNonce();return u&&(r.nonce=u),await We(window)(i.demonstrating_proof_of_possession_configuration)(f,s,t,r)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=Dn(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null}))}userInfoAsync(n=!1,t=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=Wn(this)(n,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null}))}async renewTokensAsync(n=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return D.clearTimeout(this.timeoutId),this.renewTokensPromise=Ke(this,!0,n,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(n){return await Nn(this)(n)}async logoutSameTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_same_tab,{mmessage:"SessionMonitor",sub:t}))}async logoutOtherTabAsync(n,t){this.configuration.monitor_session&&this.configuration.client_id===n&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_another_tab,{message:"SessionMonitor",sub:t}))}async logoutAsync(n=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=xn(this,M,this.getFetch(),console,this.location)(n,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};Z.getOrCreate=(n,t)=>(s,o="default")=>Ln(n,t)(s,o),Z.eventNames=k;let R=Z;const q=class q{constructor(n){this._oidc=n}subscribeEvents(n){return this._oidc.subscribeEvents(n)}removeEventSubscription(n){this._oidc.removeEventSubscription(n)}publishEvent(n,t){this._oidc.publishEvent(n,t)}static get(n="default"){return new q(R.get(n))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(n=void 0,t=null,s=!1,o=void 0,i=!1){return this._oidc.loginAsync(n,t,s,o,i)}logoutAsync(n=void 0,t=null){return this._oidc.logoutAsync(n,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(n=null,t=null){return this._oidc.renewTokensAsync(n,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(n,t,s,o={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(n,t,s,o)}async getValidTokenAsync(n=200,t=50){const s=this._oidc,o={getTokens:()=>s.tokens,configuration:{token_automatic_renew_mode:s.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:s.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{const{status:i}=await me(s)(s.configuration,s.configurationName,s.tokens,!1);return i},renewTokensAsync:s.renewTokensAsync.bind(s)};return Ee(o,n,t)}fetchWithTokens(n,t=!1){return Fe(n,this._oidc,t)}async userInfoAsync(n=!1,t=!1){return this._oidc.userInfoAsync(n,t)}userInfo(){return this._oidc.userInfo}};q.getOrCreate=(n,t=new K)=>(s,o="default")=>new q(R.getOrCreate(n,t)(s,o)),q.eventNames=R.eventNames;let Se=q;x.OidcClient=Se,x.OidcLocation=K,x.TokenAutomaticRenewMode=J,x.TokenRenewMode=ne,x.getFetchDefault=Me,x.getParseQueryStringFromLocation=re,x.getPath=On,Object.defineProperty(x,Symbol.toStringTag,{value:"Module"})}));

package/dist/initWorker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../src/initWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAM/C,eAAO,MAAM,UAAU,GAAI,kBAAkB;IAAE,YAAY,EAAE,GAAG,CAAA;CAAE,qBAEjE,CAAC;AA4BF,eAAO,MAAM,yCAAyC,GACnD,UAAU,cAAc,MAAY,cAAc,GAAG,EAAE,eAAe,MAAM,IAAI,kBAOhF,CAAC;AAEJ,eAAO,MAAM,QAAQ,GAAI,mBAAmB,MAAM,WAQjD,CAAC;AAwIF,eAAO,MAAM,eAAe,GAC1B,eAAe,iBAAiB,EAChC,mBAAmB,MAAM;;6EAsMJ,iBAAiB;;;;;yCAkFM,MAAM;;;+BA2BX,OAAO;;;;;+BA8EP,OAAO;2BAoBV,MAAM;sCASI,OAAO;yCAoBH,MAAM;kFA1FjB,MAAM;;mFAmBR,UAAU;;EAoGhD,CAAC"}
+{"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../src/initWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAM/C,eAAO,MAAM,UAAU,GAAI,kBAAkB;IAAE,YAAY,EAAE,GAAG,CAAA;CAAE,qBAEjE,CAAC;AA4BF,eAAO,MAAM,yCAAyC,GACnD,UAAU,cAAc,MAAY,cAAc,GAAG,EAAE,eAAe,MAAM,IAAI,kBAOhF,CAAC;AAEJ,eAAO,MAAM,QAAQ,GAAI,mBAAmB,MAAM,WAQjD,CAAC;AA6IF,eAAO,MAAM,eAAe,GAC1B,eAAe,iBAAiB,EAChC,mBAAmB,MAAM;;6EAkNJ,iBAAiB;;;;;yCAkFM,MAAM;;;+BA2BX,OAAO;;;;;+BA8EP,OAAO;2BAoBV,MAAM;sCASI,OAAO;yCAoBH,MAAM;kFA1FjB,MAAM;;mFAmBR,UAAU;;EAoGhD,CAAC"}

package/dist/version.d.ts

@@ -1,3 +1,3 @@
-declare const _default: "7.27.2";
+declare const _default: "7.27.3";
 export default _default;
 //# sourceMappingURL=version.d.ts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@axa-fr/oidc-client",
-  "version": "7.27.2",
+  "version": "7.27.3",
   "private": false,
   "type": "module",
   "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
     "url": "https://github.com/AxaFrance/oidc-client.git"
   },
   "dependencies": {
-    "@axa-fr/oidc-client-service-worker": "7.27.2"
+    "@axa-fr/oidc-client-service-worker": "7.27.3"
   },
   "devDependencies": {
     "@testing-library/dom": "10.4.1",

package/src/initWorker.ts

@@ -157,6 +157,11 @@ const waitForControllerAsync = async (timeoutMs: number) => {
 let controllerChangeListenerRegistered = false;
 let controllerChangeReloading = false;
 
+// Cache registration promises by URL so that navigator.serviceWorker.register (or a custom
+// service_worker_register) is called at most once per JavaScript session (page lifetime),
+// regardless of how many times initWorkerAsync is invoked.
+const registrationCache = new Map<string, Promise<ServiceWorkerRegistration>>();
+
 // Session-level guard to prevent infinite reload loops caused by SW update cycles.
 // The controllerchange listener triggers a page reload, but after reload the module-level
 // guards above are reset. If the SW still hasn't been updated correctly (e.g. stale cache,
@@ -214,11 +219,23 @@ export const initWorkerAsync = async (
 
   let registration: ServiceWorkerRegistration = null as any;
   if (configuration.service_worker_register) {
-    registration = await configuration.service_worker_register(serviceWorkerRelativeUrl);
+    if (!registrationCache.has(serviceWorkerRelativeUrl)) {
+      registrationCache.set(
+        serviceWorkerRelativeUrl,
+        configuration.service_worker_register(serviceWorkerRelativeUrl),
+      );
+    }
+    registration = await registrationCache.get(serviceWorkerRelativeUrl)!;
   } else {
-    registration = await navigator.serviceWorker.register(swUrl, {
-      updateViaCache: 'none',
-    });
+    if (!registrationCache.has(swUrl)) {
+      registrationCache.set(
+        swUrl,
+        navigator.serviceWorker.register(swUrl, {
+          updateViaCache: 'none',
+        }),
+      );
+    }
+    registration = await registrationCache.get(swUrl)!;
   }
 
   const versionMismatchKey = `oidc.sw.version_mismatch_reload.${configurationName}`;

package/src/version.ts

@@ -1 +1 @@
-export default '7.27.2';
+export default '7.27.3';