@axa-fr/oidc-client 7.27.2 → 7.27.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/README.md +1 -1
  2. package/dist/index.js +1735 -2043
  3. package/dist/index.umd.cjs +2 -2
  4. package/dist/initWorker.d.ts.map +1 -1
  5. package/dist/renewTokens.d.ts +4 -0
  6. package/dist/renewTokens.d.ts.map +1 -1
  7. package/dist/version.d.ts +1 -1
  8. package/package.json +10 -10
  9. package/src/initWorker.ts +21 -4
  10. package/src/renewTokens.ts +1 -1
  11. package/src/version.ts +1 -1
package/dist/index.js CHANGED
@@ -1,2060 +1,1752 @@
1
- class ee {
2
- open(n) {
3
- window.location.href = n;
4
- }
5
- reload() {
6
- window.location.reload();
7
- }
8
- getCurrentHref() {
9
- return window.location.href;
10
- }
11
- getPath() {
12
- const n = window.location;
13
- return n.pathname + (n.search || "") + (n.hash || "");
14
- }
15
- getOrigin() {
16
- return window.origin;
17
- }
18
- }
19
- const Ae = 2e3, F = console;
20
- class Fe {
21
- constructor(n, t, s, o = Ae, i = !0) {
22
- this._callback = n, this._client_id = t, this._url = s, this._interval = o || Ae, this._stopOnError = i;
23
- const r = s.indexOf("/", s.indexOf("//") + 2);
24
- this._frame_origin = s.substring(0, r), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = s;
25
- }
26
- load() {
27
- return new Promise((n) => {
28
- this._frame.onload = () => {
29
- n();
30
- }, window.document.body.appendChild(this._frame), this._boundMessageEvent = this._message.bind(this), window.addEventListener("message", this._boundMessageEvent, !1);
31
- });
32
- }
33
- _message(n) {
34
- n.origin === this._frame_origin && n.source === this._frame.contentWindow && (n.data === "error" ? (F.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : n.data === "changed" ? (F.debug(n), F.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : F.debug("CheckSessionIFrame: " + n.data + " message from check session op iframe"));
35
- }
36
- start(n) {
37
- F.debug("CheckSessionIFrame.start :" + n), this.stop();
38
- const t = () => {
39
- this._frame.contentWindow.postMessage(
40
- this._client_id + " " + n,
41
- this._frame_origin
42
- );
43
- };
44
- t(), this._timer = window.setInterval(t, this._interval);
45
- }
46
- stop() {
47
- this._timer && (F.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
48
- }
49
- }
50
- const k = {
51
- service_worker_not_supported_by_browser: "service_worker_not_supported_by_browser",
52
- token_acquired: "token_acquired",
53
- logout_from_another_tab: "logout_from_another_tab",
54
- logout_from_same_tab: "logout_from_same_tab",
55
- token_renewed: "token_renewed",
56
- token_timer: "token_timer",
57
- loginAsync_begin: "loginAsync_begin",
58
- loginAsync_error: "loginAsync_error",
59
- loginCallbackAsync_begin: "loginCallbackAsync_begin",
60
- loginCallbackAsync_end: "loginCallbackAsync_end",
61
- loginCallbackAsync_error: "loginCallbackAsync_error",
62
- refreshTokensAsync_begin: "refreshTokensAsync_begin",
63
- refreshTokensAsync: "refreshTokensAsync",
64
- refreshTokensAsync_end: "refreshTokensAsync_end",
65
- refreshTokensAsync_error: "refreshTokensAsync_error",
66
- refreshTokensAsync_silent_error: "refreshTokensAsync_silent_error",
67
- tryKeepExistingSessionAsync_begin: "tryKeepExistingSessionAsync_begin",
68
- tryKeepExistingSessionAsync_end: "tryKeepExistingSessionAsync_end",
69
- tryKeepExistingSessionAsync_error: "tryKeepExistingSessionAsync_error",
70
- silentLoginAsync_begin: "silentLoginAsync_begin",
71
- silentLoginAsync: "silentLoginAsync",
72
- silentLoginAsync_end: "silentLoginAsync_end",
73
- silentLoginAsync_error: "silentLoginAsync_error",
74
- syncTokensAsync_begin: "syncTokensAsync_begin",
75
- syncTokensAsync_lock_not_available: "syncTokensAsync_lock_not_available",
76
- syncTokensAsync_end: "syncTokensAsync_end",
77
- syncTokensAsync_error: "syncTokensAsync_error",
78
- tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
79
- }, x = (e, n = sessionStorage, t) => {
80
- const s = t ?? n, o = (w) => (n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: w }), delete n[`oidc.${e}.userInfo`], t && t !== n && (delete s[`oidc.login.${e}`], delete s[`oidc.state.${e}`], delete s[`oidc.code_verifier.${e}`], delete s[`oidc.nonce.${e}`]), Promise.resolve()), i = async () => {
81
- if (!n[`oidc.${e}`])
82
- return n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
83
- const w = JSON.parse(n[`oidc.${e}`]);
84
- return Promise.resolve({ tokens: w.tokens, status: w.status });
85
- }, r = (w) => {
86
- n[`oidc.${e}`] = JSON.stringify({ tokens: w });
87
- }, a = async (w) => {
88
- n[`oidc.session_state.${e}`] = w;
89
- }, c = async () => n[`oidc.session_state.${e}`], f = (w) => {
90
- s[`oidc.nonce.${e}`] = w.nonce;
91
- }, u = (w) => {
92
- n[`oidc.jwk.${e}`] = JSON.stringify(w);
93
- }, l = () => JSON.parse(n[`oidc.jwk.${e}`]), h = async () => ({ nonce: s[`oidc.nonce.${e}`] }), _ = async (w) => {
94
- n[`oidc.dpop_nonce.${e}`] = w;
95
- }, m = () => n[`oidc.dpop_nonce.${e}`], p = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, g = {};
96
- return {
97
- clearAsync: o,
98
- initAsync: i,
99
- setTokens: r,
100
- getTokens: p,
101
- setSessionStateAsync: a,
102
- getSessionStateAsync: c,
103
- setNonceAsync: f,
104
- getNonceAsync: h,
105
- setLoginParams: (w) => {
106
- g[e] = w, s[`oidc.login.${e}`] = JSON.stringify(w);
107
- },
108
- getLoginParams: () => {
109
- const w = s[`oidc.login.${e}`];
110
- return w ? (g[e] || (g[e] = JSON.parse(w)), g[e]) : (console.warn(
111
- `storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`
112
- ), null);
113
- },
114
- getStateAsync: async () => s[`oidc.state.${e}`],
115
- setStateAsync: async (w) => {
116
- s[`oidc.state.${e}`] = w;
117
- },
118
- getCodeVerifierAsync: async () => s[`oidc.code_verifier.${e}`],
119
- setCodeVerifierAsync: async (w) => {
120
- s[`oidc.code_verifier.${e}`] = w;
121
- },
122
- setDemonstratingProofOfPossessionNonce: _,
123
- getDemonstratingProofOfPossessionNonce: m,
124
- setDemonstratingProofOfPossessionJwkAsync: u,
125
- getDemonstratingProofOfPossessionJwkAsync: l
126
- };
127
- };
128
- var q = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(q || {});
129
- const Me = (e) => decodeURIComponent(
130
- Array.prototype.map.call(atob(e), (n) => "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2)).join("")
131
- ), Be = (e) => JSON.parse(Me(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), Se = (e) => {
132
- try {
133
- return e && Je(e, ".") === 2 ? Be(e.split(".")[1]) : null;
134
- } catch (n) {
135
- console.warn(n);
136
- }
137
- return null;
138
- }, Je = (e, n) => e.split(n).length - 1, re = {
139
- access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
140
- access_token_invalid: "access_token_invalid",
141
- id_token_invalid: "id_token_invalid"
1
+ //#region src/location.ts
2
+ var e = class {
3
+ open(e) {
4
+ window.location.href = e;
5
+ }
6
+ reload() {
7
+ window.location.reload();
8
+ }
9
+ getCurrentHref() {
10
+ return window.location.href;
11
+ }
12
+ getPath() {
13
+ let e = window.location;
14
+ return e.pathname + (e.search || "") + (e.hash || "");
15
+ }
16
+ getOrigin() {
17
+ return window.origin;
18
+ }
19
+ }, t = 2e3, n = console, r = class {
20
+ constructor(e, n, r, i = t, a = !0) {
21
+ this._callback = e, this._client_id = n, this._url = r, this._interval = i || t, this._stopOnError = a;
22
+ let o = r.indexOf("/", r.indexOf("//") + 2);
23
+ this._frame_origin = r.substring(0, o), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = r;
24
+ }
25
+ load() {
26
+ return new Promise((e) => {
27
+ this._frame.onload = () => {
28
+ e();
29
+ }, window.document.body.appendChild(this._frame), this._boundMessageEvent = this._message.bind(this), window.addEventListener("message", this._boundMessageEvent, !1);
30
+ });
31
+ }
32
+ _message(e) {
33
+ e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (n.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? (n.debug(e), n.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : n.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
34
+ }
35
+ start(e) {
36
+ n.debug("CheckSessionIFrame.start :" + e), this.stop();
37
+ let t = () => {
38
+ this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
39
+ };
40
+ t(), this._timer = window.setInterval(t, this._interval);
41
+ }
42
+ stop() {
43
+ this._timer &&= (n.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), null);
44
+ }
45
+ }, i = {
46
+ service_worker_not_supported_by_browser: "service_worker_not_supported_by_browser",
47
+ token_acquired: "token_acquired",
48
+ logout_from_another_tab: "logout_from_another_tab",
49
+ logout_from_same_tab: "logout_from_same_tab",
50
+ token_renewed: "token_renewed",
51
+ token_timer: "token_timer",
52
+ loginAsync_begin: "loginAsync_begin",
53
+ loginAsync_error: "loginAsync_error",
54
+ loginCallbackAsync_begin: "loginCallbackAsync_begin",
55
+ loginCallbackAsync_end: "loginCallbackAsync_end",
56
+ loginCallbackAsync_error: "loginCallbackAsync_error",
57
+ refreshTokensAsync_begin: "refreshTokensAsync_begin",
58
+ refreshTokensAsync: "refreshTokensAsync",
59
+ refreshTokensAsync_end: "refreshTokensAsync_end",
60
+ refreshTokensAsync_error: "refreshTokensAsync_error",
61
+ refreshTokensAsync_silent_error: "refreshTokensAsync_silent_error",
62
+ tryKeepExistingSessionAsync_begin: "tryKeepExistingSessionAsync_begin",
63
+ tryKeepExistingSessionAsync_end: "tryKeepExistingSessionAsync_end",
64
+ tryKeepExistingSessionAsync_error: "tryKeepExistingSessionAsync_error",
65
+ silentLoginAsync_begin: "silentLoginAsync_begin",
66
+ silentLoginAsync: "silentLoginAsync",
67
+ silentLoginAsync_end: "silentLoginAsync_end",
68
+ silentLoginAsync_error: "silentLoginAsync_error",
69
+ syncTokensAsync_begin: "syncTokensAsync_begin",
70
+ syncTokensAsync_lock_not_available: "syncTokensAsync_lock_not_available",
71
+ syncTokensAsync_end: "syncTokensAsync_end",
72
+ syncTokensAsync_error: "syncTokensAsync_error",
73
+ tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
74
+ }, a = (e, t = sessionStorage, n) => {
75
+ let r = n ?? t, i = (i) => (t[`oidc.${e}`] = JSON.stringify({
76
+ tokens: null,
77
+ status: i
78
+ }), delete t[`oidc.${e}.userInfo`], n && n !== t && (delete r[`oidc.login.${e}`], delete r[`oidc.state.${e}`], delete r[`oidc.code_verifier.${e}`], delete r[`oidc.nonce.${e}`]), Promise.resolve()), a = async () => {
79
+ if (!t[`oidc.${e}`]) return t[`oidc.${e}`] = JSON.stringify({
80
+ tokens: null,
81
+ status: null
82
+ }), {
83
+ tokens: null,
84
+ status: null
85
+ };
86
+ let n = JSON.parse(t[`oidc.${e}`]);
87
+ return Promise.resolve({
88
+ tokens: n.tokens,
89
+ status: n.status
90
+ });
91
+ }, o = (n) => {
92
+ t[`oidc.${e}`] = JSON.stringify({ tokens: n });
93
+ }, s = async (n) => {
94
+ t[`oidc.session_state.${e}`] = n;
95
+ }, c = async () => t[`oidc.session_state.${e}`], l = (t) => {
96
+ r[`oidc.nonce.${e}`] = t.nonce;
97
+ }, u = (n) => {
98
+ t[`oidc.jwk.${e}`] = JSON.stringify(n);
99
+ }, d = () => JSON.parse(t[`oidc.jwk.${e}`]), f = async () => ({ nonce: r[`oidc.nonce.${e}`] }), p = async (n) => {
100
+ t[`oidc.dpop_nonce.${e}`] = n;
101
+ }, m = () => t[`oidc.dpop_nonce.${e}`], h = () => t[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(t[`oidc.${e}`]).tokens }) : null, g = {};
102
+ return {
103
+ clearAsync: i,
104
+ initAsync: a,
105
+ setTokens: o,
106
+ getTokens: h,
107
+ setSessionStateAsync: s,
108
+ getSessionStateAsync: c,
109
+ setNonceAsync: l,
110
+ getNonceAsync: f,
111
+ setLoginParams: (t) => {
112
+ g[e] = t, r[`oidc.login.${e}`] = JSON.stringify(t);
113
+ },
114
+ getLoginParams: () => {
115
+ let t = r[`oidc.login.${e}`];
116
+ return t ? (g[e] || (g[e] = JSON.parse(t)), g[e]) : (console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`), null);
117
+ },
118
+ getStateAsync: async () => r[`oidc.state.${e}`],
119
+ setStateAsync: async (t) => {
120
+ r[`oidc.state.${e}`] = t;
121
+ },
122
+ getCodeVerifierAsync: async () => r[`oidc.code_verifier.${e}`],
123
+ setCodeVerifierAsync: async (t) => {
124
+ r[`oidc.code_verifier.${e}`] = t;
125
+ },
126
+ setDemonstratingProofOfPossessionNonce: p,
127
+ getDemonstratingProofOfPossessionNonce: m,
128
+ setDemonstratingProofOfPossessionJwkAsync: u,
129
+ getDemonstratingProofOfPossessionJwkAsync: d
130
+ };
131
+ }, o = /* @__PURE__ */ function(e) {
132
+ return e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e;
133
+ }({}), s = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), c = (e) => JSON.parse(s(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), l = (e) => {
134
+ try {
135
+ return e && u(e, ".") === 2 ? c(e.split(".")[1]) : null;
136
+ } catch (e) {
137
+ console.warn(e);
138
+ }
139
+ return null;
140
+ }, u = (e, t) => e.split(t).length - 1, d = {
141
+ access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
142
+ access_token_invalid: "access_token_invalid",
143
+ id_token_invalid: "id_token_invalid"
142
144
  };
143
- function He(e, n, t) {
144
- if (e.issuedAt) {
145
- if (typeof e.issuedAt == "string")
146
- return parseInt(e.issuedAt, 10);
147
- } else return n && n.iat ? n.iat : t && t.iat ? t.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
148
- return e.issuedAt;
145
+ function f(e, t, n) {
146
+ return e.issuedAt ? typeof e.issuedAt == "string" ? parseInt(e.issuedAt, 10) : e.issuedAt : t && t.iat ? t.iat : n && n.iat ? n.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
149
147
  }
150
- const de = (e, n = null, t) => {
151
- if (!e)
152
- return null;
153
- let s;
154
- const o = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
155
- e.accessTokenPayload !== void 0 ? s = e.accessTokenPayload : s = Se(e.accessToken);
156
- let i;
157
- n != null && "idToken" in n && !("idToken" in e) ? i = n.idToken : i = e.idToken;
158
- const r = e.idTokenPayload ? e.idTokenPayload : Se(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, c = s && s.exp ? s.exp : e.issuedAt + o;
159
- e.issuedAt = He(e, s, r);
160
- let f;
161
- e.expiresAt ? f = e.expiresAt : t === re.access_token_invalid ? f = c : t === re.id_token_invalid ? f = a : f = a < c ? a : c;
162
- const u = {
163
- ...e,
164
- idTokenPayload: r,
165
- accessTokenPayload: s,
166
- expiresAt: f,
167
- idToken: i
168
- };
169
- if (n != null && "refreshToken" in n && !("refreshToken" in e)) {
170
- const l = n.refreshToken;
171
- return { ...u, refreshToken: l };
172
- }
173
- return u;
174
- }, ge = (e, n, t) => {
175
- if (!e)
176
- return null;
177
- if (!e.issued_at) {
178
- const o = (/* @__PURE__ */ new Date()).getTime() / 1e3;
179
- e.issued_at = o;
180
- }
181
- const s = {
182
- accessToken: e.access_token,
183
- expiresIn: e.expires_in,
184
- idToken: e.id_token,
185
- scope: e.scope,
186
- tokenType: e.token_type,
187
- issuedAt: e.issued_at
188
- };
189
- return "refresh_token" in e && (s.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (s.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (s.idTokenPayload = e.idTokenPayload), de(s, n, t);
190
- }, G = (e, n) => {
191
- const t = (/* @__PURE__ */ new Date()).getTime() / 1e3, s = n - t;
192
- return Math.round(s - e);
193
- }, Ge = (e, n = 0) => e ? G(n, e.expiresAt) > 0 : !1, Ce = async (e, n = 200, t = 50) => {
194
- let s = t, o = await e.syncTokensInfoAsync();
195
- for (; [
196
- P.REQUIRE_SYNC_TOKENS,
197
- P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
198
- P.TOKENS_INVALID
199
- ].includes(o) && s > 0; ) {
200
- if (e.configuration.token_automatic_renew_mode == q.AutomaticOnlyWhenFetchExecuted) {
201
- await e.renewTokensAsync({});
202
- break;
203
- } else
204
- await Y({ milliseconds: n });
205
- s = s - 1, o = await e.syncTokensInfoAsync();
206
- }
207
- return {
208
- isTokensValid: Ge(e.getTokens()),
209
- tokens: e.getTokens(),
210
- numberWaited: s - t
211
- };
212
- }, Ne = (e, n, t) => {
213
- if (e.idTokenPayload) {
214
- const s = e.idTokenPayload;
215
- if (t.issuer !== s.iss)
216
- return {
217
- isValid: !1,
218
- reason: `Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`
219
- };
220
- const o = (/* @__PURE__ */ new Date()).getTime() / 1e3;
221
- if (s.exp && s.exp < o)
222
- return {
223
- isValid: !1,
224
- reason: `Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`
225
- };
226
- const i = 3600 * 24 * 7;
227
- if (s.iat && s.iat + i < o)
228
- return {
229
- isValid: !1,
230
- reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat + i} < (currentTimeUnixSecond) ${o}`
231
- };
232
- if (s.nonce && s.nonce !== n)
233
- return {
234
- isValid: !1,
235
- reason: `Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`
236
- };
237
- }
238
- return { isValid: !0, reason: "" };
239
- }, R = (function() {
240
- const e = typeof window > "u" ? global : window;
241
- return {
242
- setTimeout: setTimeout.bind(e),
243
- clearTimeout: clearTimeout.bind(e),
244
- setInterval: setInterval.bind(e),
245
- clearInterval: clearInterval.bind(e)
246
- };
247
- })(), se = "7.27.2";
248
- let Te = null, ne;
249
- const Y = ({ milliseconds: e }) => new Promise((n) => R.setTimeout(n, e)), xe = (e = "/") => {
250
- try {
251
- ne = new AbortController(), fetch(
252
- `${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,
253
- { signal: ne.signal }
254
- ).catch((s) => {
255
- console.log(s);
256
- }), Y({ milliseconds: 150 * 1e3 }).then(
257
- () => xe(e)
258
- );
259
- } catch (n) {
260
- console.log(n);
261
- }
262
- }, Q = () => {
263
- ne && ne.abort();
264
- }, he = (e) => {
265
- const n = `oidc.tabId.${e}`, t = sessionStorage.getItem(n);
266
- if (t) return t;
267
- const s = globalThis.crypto.randomUUID();
268
- return sessionStorage.setItem(n, s), s;
269
- }, je = 5e3, qe = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, I = (e, n) => (t) => {
270
- const s = n?.timeoutMs ?? je;
271
- return new Promise((o, i) => {
272
- const r = qe(e);
273
- if (!r) {
274
- i(
275
- new Error(
276
- "Service worker target not available (controller/active/waiting/installing missing)"
277
- )
278
- );
279
- return;
280
- }
281
- const a = new MessageChannel();
282
- let c = null;
283
- const f = () => {
284
- try {
285
- c != null && (R.clearTimeout(c), c = null), a.port1.onmessage = null, a.port1.close(), a.port2.close();
286
- } catch (u) {
287
- console.error(u);
288
- }
289
- };
290
- c = R.setTimeout(() => {
291
- f(), i(
292
- new Error(`Service worker did not respond within ${s}ms (type=${t?.type})`)
293
- );
294
- }, s), a.port1.onmessage = (u) => {
295
- f(), u?.data?.error ? i(u.data.error) : o(u.data);
296
- };
297
- try {
298
- const u = t?.configurationName;
299
- r.postMessage({ ...t, tabId: he(u ?? "default") }, [
300
- a.port2
301
- ]);
302
- } catch (u) {
303
- f(), i(u);
304
- }
305
- });
306
- }, Ye = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((n) => {
307
- let t = !1;
308
- const s = () => {
309
- t || (t = !0, navigator.serviceWorker.removeEventListener("controllerchange", s), n(navigator.serviceWorker.controller ?? null));
310
- };
311
- navigator.serviceWorker.addEventListener("controllerchange", s), R.setTimeout(() => {
312
- t || (t = !0, navigator.serviceWorker.removeEventListener("controllerchange", s), n(navigator.serviceWorker.controller ?? null));
313
- }, e);
314
- });
315
- let ve = !1, M = !1;
316
- const ye = "oidc.sw.controllerchange_reload_count", oe = 3, ae = () => {
317
- try {
318
- return parseInt(sessionStorage.getItem(ye) ?? "0", 10);
319
- } catch {
320
- return 0;
321
- }
322
- }, Xe = () => {
323
- const e = ae() + 1;
324
- try {
325
- sessionStorage.setItem(ye, String(e));
326
- } catch {
327
- }
328
- return e;
329
- }, ze = () => {
330
- try {
331
- sessionStorage.removeItem(ye);
332
- } catch {
333
- }
334
- }, W = async (e, n) => {
335
- const t = e.service_worker_relative_url;
336
- if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !t || e.service_worker_activate() === !1)
337
- return null;
338
- const s = `${t}?v=${se}`;
339
- let o = null;
340
- e.service_worker_register ? o = await e.service_worker_register(t) : o = await navigator.serviceWorker.register(s, {
341
- updateViaCache: "none"
342
- });
343
- const i = `oidc.sw.version_mismatch_reload.${n}`, r = async (d) => {
344
- Q(), console.log("New SW waiting – SKIP_WAITING");
345
- try {
346
- await new Promise((N, S) => {
347
- const b = new MessageChannel();
348
- let K = null;
349
- const U = () => {
350
- try {
351
- K != null && (R.clearTimeout(K), K = null), b.port1.onmessage = null, b.port1.close(), b.port2.close();
352
- } catch (L) {
353
- console.error(L);
354
- }
355
- };
356
- K = R.setTimeout(() => {
357
- U(), S(new Error("SKIP_WAITING did not respond within 8000ms"));
358
- }, 8e3), b.port1.onmessage = (L) => {
359
- U(), L?.data?.error ? S(L.data.error) : N();
360
- };
361
- try {
362
- d.postMessage(
363
- {
364
- type: "SKIP_WAITING",
365
- configurationName: n,
366
- data: null,
367
- tabId: he(n ?? "default")
368
- },
369
- [b.port2]
370
- );
371
- } catch (L) {
372
- U(), S(L);
373
- }
374
- });
375
- } catch (N) {
376
- console.warn("SKIP_WAITING failed", N);
377
- }
378
- }, a = async () => {
379
- const d = o.waiting;
380
- d ? await r(d) : console.warn("sendSkipWaiting called but no waiting service worker found");
381
- }, c = (d) => {
382
- Q(), d.addEventListener("statechange", async () => {
383
- if (d.state === "installed" && navigator.serviceWorker.controller) {
384
- if (ae() >= oe) {
385
- console.warn(
386
- "SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted"
387
- );
388
- return;
389
- }
390
- await r(d);
391
- }
392
- });
393
- };
394
- o.addEventListener("updatefound", () => {
395
- const d = o.installing;
396
- d && c(d);
397
- }), o.installing ? c(o.installing) : o.waiting && navigator.serviceWorker.controller && (ae() < oe ? a() : console.warn(
398
- "SW: a waiting worker exists but reload budget is exhausted – skipping activation"
399
- )), o.update().catch((d) => {
400
- console.error(d);
401
- });
402
- try {
403
- await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await I(o, { timeoutMs: 8e3 })({
404
- type: "claim",
405
- configurationName: n,
406
- data: null
407
- }), await Ye(2e3));
408
- } catch (d) {
409
- return console.warn(`Failed init ServiceWorker ${d?.toString?.() ?? String(d)}`), null;
410
- }
411
- ve || (ve = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
412
- if (M)
413
- return;
414
- const d = Xe();
415
- if (d > oe) {
416
- console.warn(
417
- `SW controllerchange: reload budget exhausted (${d - 1} reloads). Skipping reload to avoid infinite loop.`
418
- );
419
- return;
420
- }
421
- M = !0, console.log("SW controller changed – reloading page"), Q(), window.location.reload();
422
- }));
423
- const f = async (d) => I(o)({ type: "clear", data: { status: d }, configurationName: n }), u = async (d, N, S) => {
424
- const b = await I(o)({
425
- type: "init",
426
- data: {
427
- oidcServerConfiguration: d,
428
- where: N,
429
- oidcConfiguration: {
430
- token_renew_mode: S.token_renew_mode,
431
- service_worker_convert_all_requests_to_cors: S.service_worker_convert_all_requests_to_cors
432
- }
433
- },
434
- configurationName: n
435
- }), K = b.version;
436
- if (K !== se) {
437
- console.warn(
438
- `Service worker ${K} version mismatch with js client version ${se}, unregistering and reloading`
439
- );
440
- const U = parseInt(sessionStorage.getItem(i) ?? "0", 10);
441
- if (U < 3) {
442
- if (sessionStorage.setItem(i, String(U + 1)), o.waiting)
443
- return await a(), await Y({ milliseconds: 500 }), M || (M = !0, window.location.reload()), new Promise(() => {
444
- });
445
- {
446
- Q();
447
- try {
448
- await o.update();
449
- } catch (pe) {
450
- console.error(pe);
451
- }
452
- const L = await o.unregister();
453
- return console.log(`Service worker unregistering ${L}`), await Y({ milliseconds: 500 }), M || (M = !0, window.location.reload()), new Promise(() => {
454
- });
455
- }
456
- } else
457
- console.error(
458
- `Service worker version mismatch persists after ${U} attempt(s). Continuing with mismatched version.`
459
- );
460
- } else
461
- sessionStorage.removeItem(i), ze();
462
- return {
463
- tokens: ge(b.tokens, null, S.token_renew_mode),
464
- status: b.status
465
- };
466
- }, l = (d = "/") => {
467
- Te == null && (Te = "not_null", xe(d));
468
- }, h = (d) => I(o)({
469
- type: "setSessionState",
470
- data: { sessionState: d },
471
- configurationName: n
472
- }), _ = async () => (await I(o)({
473
- type: "getSessionState",
474
- data: null,
475
- configurationName: n
476
- })).sessionState, m = (d) => (sessionStorage[`oidc.nonce.${n}`] = d.nonce, I(o)({
477
- type: "setNonce",
478
- data: { nonce: d },
479
- configurationName: n
480
- })), p = async (d = !0) => {
481
- let S = (await I(o)({
482
- type: "getNonce",
483
- data: null,
484
- configurationName: n
485
- })).nonce;
486
- return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage"), d && (await m(S), S = (await p(!1)).nonce)), { nonce: S };
487
- }, g = {}, y = (d) => {
488
- g[n] = d, localStorage[`oidc.login.${n}`] = JSON.stringify(d);
489
- }, A = () => {
490
- const d = localStorage[`oidc.login.${n}`];
491
- return g[n] || (g[n] = JSON.parse(d)), g[n];
492
- }, T = async (d) => {
493
- await I(o)({
494
- type: "setDemonstratingProofOfPossessionNonce",
495
- data: { demonstratingProofOfPossessionNonce: d },
496
- configurationName: n
497
- });
498
- }, O = async () => (await I(o)({
499
- type: "getDemonstratingProofOfPossessionNonce",
500
- data: null,
501
- configurationName: n
502
- })).demonstratingProofOfPossessionNonce, v = async (d) => {
503
- const N = JSON.stringify(d);
504
- await I(o)({
505
- type: "setDemonstratingProofOfPossessionJwk",
506
- data: { demonstratingProofOfPossessionJwkJson: N },
507
- configurationName: n
508
- });
509
- }, C = async () => {
510
- const d = await I(o)({
511
- type: "getDemonstratingProofOfPossessionJwk",
512
- data: null,
513
- configurationName: n
514
- });
515
- return d.demonstratingProofOfPossessionJwkJson ? JSON.parse(d.demonstratingProofOfPossessionJwkJson) : null;
516
- }, w = async (d = !0) => {
517
- let S = (await I(o)({
518
- type: "getState",
519
- data: null,
520
- configurationName: n
521
- })).state;
522
- return S || (S = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage"), d && (await H(S), S = await w(!1))), S;
523
- }, H = async (d) => (sessionStorage[`oidc.state.${n}`] = d, I(o)({
524
- type: "setState",
525
- data: { state: d },
526
- configurationName: n
527
- })), $ = async (d = !0) => {
528
- let S = (await I(o)({
529
- type: "getCodeVerifier",
530
- data: null,
531
- configurationName: n
532
- })).codeVerifier;
533
- return S || (S = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), d && (await E(S), S = await $(!1))), S;
534
- }, E = async (d) => (sessionStorage[`oidc.code_verifier.${n}`] = d, I(o)({
535
- type: "setCodeVerifier",
536
- data: { codeVerifier: d },
537
- configurationName: n
538
- }));
539
- return {
540
- clearAsync: f,
541
- initAsync: u,
542
- startKeepAliveServiceWorker: () => l(e.service_worker_keep_alive_path),
543
- setSessionStateAsync: h,
544
- getSessionStateAsync: _,
545
- setNonceAsync: m,
546
- getNonceAsync: p,
547
- setLoginParams: y,
548
- getLoginParams: A,
549
- getStateAsync: w,
550
- setStateAsync: H,
551
- getCodeVerifierAsync: $,
552
- setCodeVerifierAsync: E,
553
- setDemonstratingProofOfPossessionNonce: T,
554
- getDemonstratingProofOfPossessionNonce: O,
555
- setDemonstratingProofOfPossessionJwkAsync: v,
556
- getDemonstratingProofOfPossessionJwkAsync: C
557
- };
558
- }, B = {}, Qe = (e, n = window.sessionStorage, t) => {
559
- if (!B[e] && n) {
560
- const o = n.getItem(e);
561
- o && (B[e] = JSON.parse(o));
562
- }
563
- const s = 1e3 * t;
564
- return B[e] && B[e].timestamp + s > Date.now() ? B[e].result : null;
565
- }, Ze = (e, n, t = window.sessionStorage) => {
566
- const s = Date.now();
567
- B[e] = { result: n, timestamp: s }, t && t.setItem(e, JSON.stringify({ result: n, timestamp: s }));
148
+ var p = (e, t = null, n) => {
149
+ if (!e) return null;
150
+ let r, i = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
151
+ r = e.accessTokenPayload === void 0 ? l(e.accessToken) : e.accessTokenPayload;
152
+ let a;
153
+ a = t != null && "idToken" in t && !("idToken" in e) ? t.idToken : e.idToken;
154
+ let o = e.idTokenPayload ? e.idTokenPayload : l(a), s = o && o.exp ? o.exp : Number.MAX_VALUE, c = r && r.exp ? r.exp : e.issuedAt + i;
155
+ e.issuedAt = f(e, r, o);
156
+ let u;
157
+ u = e.expiresAt ? e.expiresAt : n === d.access_token_invalid ? c : n === d.id_token_invalid || s < c ? s : c;
158
+ let p = {
159
+ ...e,
160
+ idTokenPayload: o,
161
+ accessTokenPayload: r,
162
+ expiresAt: u,
163
+ idToken: a
164
+ };
165
+ if (t != null && "refreshToken" in t && !("refreshToken" in e)) {
166
+ let e = t.refreshToken;
167
+ return {
168
+ ...p,
169
+ refreshToken: e
170
+ };
171
+ }
172
+ return p;
173
+ }, m = (e, t, n) => {
174
+ if (!e) return null;
175
+ e.issued_at ||= (/* @__PURE__ */ new Date()).getTime() / 1e3;
176
+ let r = {
177
+ accessToken: e.access_token,
178
+ expiresIn: e.expires_in,
179
+ idToken: e.id_token,
180
+ scope: e.scope,
181
+ tokenType: e.token_type,
182
+ issuedAt: e.issued_at
183
+ };
184
+ return "refresh_token" in e && (r.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (r.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (r.idTokenPayload = e.idTokenPayload), p(r, t, n);
185
+ }, h = (e, t) => {
186
+ let n = t - (/* @__PURE__ */ new Date()).getTime() / 1e3;
187
+ return Math.round(n - e);
188
+ }, g = (e, t = 0) => e ? h(t, e.expiresAt) > 0 : !1, _ = async (e, t = 200, n = 50) => {
189
+ let r = n, i = await e.syncTokensInfoAsync();
190
+ for (; [
191
+ G.REQUIRE_SYNC_TOKENS,
192
+ G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
193
+ G.TOKENS_INVALID
194
+ ].includes(i) && r > 0;) {
195
+ if (e.configuration.token_automatic_renew_mode == o.AutomaticOnlyWhenFetchExecuted) {
196
+ await e.renewTokensAsync({});
197
+ break;
198
+ } else await C({ milliseconds: t });
199
+ --r, i = await e.syncTokensInfoAsync();
200
+ }
201
+ return {
202
+ isTokensValid: g(e.getTokens()),
203
+ tokens: e.getTokens(),
204
+ numberWaited: r - n
205
+ };
206
+ }, v = (e, t, n) => {
207
+ if (e.idTokenPayload) {
208
+ let r = e.idTokenPayload;
209
+ if (n.issuer !== r.iss) return {
210
+ isValid: !1,
211
+ reason: `Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`
212
+ };
213
+ let i = (/* @__PURE__ */ new Date()).getTime() / 1e3;
214
+ if (r.exp && r.exp < i) return {
215
+ isValid: !1,
216
+ reason: `Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`
217
+ };
218
+ let a = 3600 * 24 * 7;
219
+ if (r.iat && r.iat + a < i) return {
220
+ isValid: !1,
221
+ reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat + a} < (currentTimeUnixSecond) ${i}`
222
+ };
223
+ if (r.nonce && r.nonce !== t) return {
224
+ isValid: !1,
225
+ reason: `Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`
226
+ };
227
+ }
228
+ return {
229
+ isValid: !0,
230
+ reason: ""
231
+ };
232
+ }, y = (function() {
233
+ let e = typeof window > "u" ? global : window;
234
+ return {
235
+ setTimeout: setTimeout.bind(e),
236
+ clearTimeout: clearTimeout.bind(e),
237
+ setInterval: setInterval.bind(e),
238
+ clearInterval: clearInterval.bind(e)
239
+ };
240
+ })(), b = "7.27.4", x = null, S, C = ({ milliseconds: e }) => new Promise((t) => y.setTimeout(t, e)), w = (e = "/") => {
241
+ try {
242
+ S = new AbortController(), fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: S.signal }).catch((e) => {
243
+ console.log(e);
244
+ }), C({ milliseconds: 150 * 1e3 }).then(() => w(e));
245
+ } catch (e) {
246
+ console.log(e);
247
+ }
248
+ }, T = () => {
249
+ S && S.abort();
250
+ }, E = (e) => {
251
+ let t = `oidc.tabId.${e}`, n = sessionStorage.getItem(t);
252
+ if (n) return n;
253
+ let r = globalThis.crypto.randomUUID();
254
+ return sessionStorage.setItem(t, r), r;
255
+ }, D = 5e3, ee = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, O = (e, t) => (n) => {
256
+ let r = t?.timeoutMs ?? D;
257
+ return new Promise((t, i) => {
258
+ let a = ee(e);
259
+ if (!a) {
260
+ i(/* @__PURE__ */ Error("Service worker target not available (controller/active/waiting/installing missing)"));
261
+ return;
262
+ }
263
+ let o = new MessageChannel(), s = null, c = () => {
264
+ try {
265
+ s != null && (y.clearTimeout(s), s = null), o.port1.onmessage = null, o.port1.close(), o.port2.close();
266
+ } catch (e) {
267
+ console.error(e);
268
+ }
269
+ };
270
+ s = y.setTimeout(() => {
271
+ c(), i(/* @__PURE__ */ Error(`Service worker did not respond within ${r}ms (type=${n?.type})`));
272
+ }, r), o.port1.onmessage = (e) => {
273
+ c(), e?.data?.error ? i(e.data.error) : t(e.data);
274
+ };
275
+ try {
276
+ let e = n?.configurationName;
277
+ a.postMessage({
278
+ ...n,
279
+ tabId: E(e ?? "default")
280
+ }, [o.port2]);
281
+ } catch (e) {
282
+ c(), i(e);
283
+ }
284
+ });
285
+ }, te = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((t) => {
286
+ let n = !1, r = () => {
287
+ n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
288
+ };
289
+ navigator.serviceWorker.addEventListener("controllerchange", r), y.setTimeout(() => {
290
+ n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
291
+ }, e);
292
+ }), ne = !1, k = !1, A = /* @__PURE__ */ new Map(), j = "oidc.sw.controllerchange_reload_count", M = 3, N = () => {
293
+ try {
294
+ return parseInt(sessionStorage.getItem(j) ?? "0", 10);
295
+ } catch {
296
+ return 0;
297
+ }
298
+ }, re = () => {
299
+ let e = N() + 1;
300
+ try {
301
+ sessionStorage.setItem(j, String(e));
302
+ } catch {}
303
+ return e;
304
+ }, ie = () => {
305
+ try {
306
+ sessionStorage.removeItem(j);
307
+ } catch {}
308
+ }, P = async (e, t) => {
309
+ let n = e.service_worker_relative_url;
310
+ if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n || e.service_worker_activate() === !1) return null;
311
+ let r = `${n}?v=${b}`, i = null;
312
+ e.service_worker_register ? (A.has(n) || A.set(n, e.service_worker_register(n)), i = await A.get(n)) : (A.has(r) || A.set(r, navigator.serviceWorker.register(r, { updateViaCache: "none" })), i = await A.get(r));
313
+ let a = `oidc.sw.version_mismatch_reload.${t}`, o = async (e) => {
314
+ T(), console.log("New SW waiting SKIP_WAITING");
315
+ try {
316
+ await new Promise((n, r) => {
317
+ let i = new MessageChannel(), a = null, o = () => {
318
+ try {
319
+ a != null && (y.clearTimeout(a), a = null), i.port1.onmessage = null, i.port1.close(), i.port2.close();
320
+ } catch (e) {
321
+ console.error(e);
322
+ }
323
+ };
324
+ a = y.setTimeout(() => {
325
+ o(), r(/* @__PURE__ */ Error("SKIP_WAITING did not respond within 8000ms"));
326
+ }, 8e3), i.port1.onmessage = (e) => {
327
+ o(), e?.data?.error ? r(e.data.error) : n();
328
+ };
329
+ try {
330
+ e.postMessage({
331
+ type: "SKIP_WAITING",
332
+ configurationName: t,
333
+ data: null,
334
+ tabId: E(t ?? "default")
335
+ }, [i.port2]);
336
+ } catch (e) {
337
+ o(), r(e);
338
+ }
339
+ });
340
+ } catch (e) {
341
+ console.warn("SKIP_WAITING failed", e);
342
+ }
343
+ }, s = async () => {
344
+ let e = i.waiting;
345
+ e ? await o(e) : console.warn("sendSkipWaiting called but no waiting service worker found");
346
+ }, c = (e) => {
347
+ T(), e.addEventListener("statechange", async () => {
348
+ if (e.state === "installed" && navigator.serviceWorker.controller) {
349
+ if (N() >= M) {
350
+ console.warn("SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted");
351
+ return;
352
+ }
353
+ await o(e);
354
+ }
355
+ });
356
+ };
357
+ i.addEventListener("updatefound", () => {
358
+ let e = i.installing;
359
+ e && c(e);
360
+ }), i.installing ? c(i.installing) : i.waiting && navigator.serviceWorker.controller && (N() < M ? s() : console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")), i.update().catch((e) => {
361
+ console.error(e);
362
+ });
363
+ try {
364
+ await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await O(i, { timeoutMs: 8e3 })({
365
+ type: "claim",
366
+ configurationName: t,
367
+ data: null
368
+ }), await te(2e3));
369
+ } catch (e) {
370
+ return console.warn(`Failed init ServiceWorker ${e?.toString?.() ?? String(e)}`), null;
371
+ }
372
+ ne || (ne = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
373
+ if (k) return;
374
+ let e = re();
375
+ if (e > M) {
376
+ console.warn(`SW controllerchange: reload budget exhausted (${e - 1} reloads). Skipping reload to avoid infinite loop.`);
377
+ return;
378
+ }
379
+ k = !0, console.log("SW controller changed – reloading page"), T(), window.location.reload();
380
+ }));
381
+ let l = async (e) => O(i)({
382
+ type: "clear",
383
+ data: { status: e },
384
+ configurationName: t
385
+ }), u = async (e, n, r) => {
386
+ let o = await O(i)({
387
+ type: "init",
388
+ data: {
389
+ oidcServerConfiguration: e,
390
+ where: n,
391
+ oidcConfiguration: {
392
+ token_renew_mode: r.token_renew_mode,
393
+ service_worker_convert_all_requests_to_cors: r.service_worker_convert_all_requests_to_cors
394
+ }
395
+ },
396
+ configurationName: t
397
+ }), c = o.version;
398
+ if (c !== "7.27.4") {
399
+ console.warn(`Service worker ${c} version mismatch with js client version ${b}, unregistering and reloading`);
400
+ let e = parseInt(sessionStorage.getItem(a) ?? "0", 10);
401
+ if (e < 3) {
402
+ if (sessionStorage.setItem(a, String(e + 1)), i.waiting) return await s(), await C({ milliseconds: 500 }), k || (k = !0, window.location.reload()), new Promise(() => {});
403
+ {
404
+ T();
405
+ try {
406
+ await i.update();
407
+ } catch (e) {
408
+ console.error(e);
409
+ }
410
+ let e = await i.unregister();
411
+ return console.log(`Service worker unregistering ${e}`), await C({ milliseconds: 500 }), k || (k = !0, window.location.reload()), new Promise(() => {});
412
+ }
413
+ } else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`);
414
+ } else sessionStorage.removeItem(a), ie();
415
+ return {
416
+ tokens: m(o.tokens, null, r.token_renew_mode),
417
+ status: o.status
418
+ };
419
+ }, d = (e = "/") => {
420
+ x ?? (x = "not_null", w(e));
421
+ }, f = (e) => O(i)({
422
+ type: "setSessionState",
423
+ data: { sessionState: e },
424
+ configurationName: t
425
+ }), p = async () => (await O(i)({
426
+ type: "getSessionState",
427
+ data: null,
428
+ configurationName: t
429
+ })).sessionState, h = (e) => (sessionStorage[`oidc.nonce.${t}`] = e.nonce, O(i)({
430
+ type: "setNonce",
431
+ data: { nonce: e },
432
+ configurationName: t
433
+ })), g = async (e = !0) => {
434
+ let n = (await O(i)({
435
+ type: "getNonce",
436
+ data: null,
437
+ configurationName: t
438
+ })).nonce;
439
+ return n || (n = sessionStorage[`oidc.nonce.${t}`], console.warn("nonce not found in service worker, using sessionStorage"), e && (await h(n), n = (await g(!1)).nonce)), { nonce: n };
440
+ }, _ = {}, v = (e) => {
441
+ _[t] = e, localStorage[`oidc.login.${t}`] = JSON.stringify(e);
442
+ }, S = () => {
443
+ let e = localStorage[`oidc.login.${t}`];
444
+ return _[t] || (_[t] = JSON.parse(e)), _[t];
445
+ }, D = async (e) => {
446
+ await O(i)({
447
+ type: "setDemonstratingProofOfPossessionNonce",
448
+ data: { demonstratingProofOfPossessionNonce: e },
449
+ configurationName: t
450
+ });
451
+ }, ee = async () => (await O(i)({
452
+ type: "getDemonstratingProofOfPossessionNonce",
453
+ data: null,
454
+ configurationName: t
455
+ })).demonstratingProofOfPossessionNonce, j = async (e) => {
456
+ let n = JSON.stringify(e);
457
+ await O(i)({
458
+ type: "setDemonstratingProofOfPossessionJwk",
459
+ data: { demonstratingProofOfPossessionJwkJson: n },
460
+ configurationName: t
461
+ });
462
+ }, P = async () => {
463
+ let e = await O(i)({
464
+ type: "getDemonstratingProofOfPossessionJwk",
465
+ data: null,
466
+ configurationName: t
467
+ });
468
+ return e.demonstratingProofOfPossessionJwkJson ? JSON.parse(e.demonstratingProofOfPossessionJwkJson) : null;
469
+ }, F = async (e = !0) => {
470
+ let n = (await O(i)({
471
+ type: "getState",
472
+ data: null,
473
+ configurationName: t
474
+ })).state;
475
+ return n || (n = sessionStorage[`oidc.state.${t}`], console.warn("state not found in service worker, using sessionStorage"), e && (await I(n), n = await F(!1))), n;
476
+ }, I = async (e) => (sessionStorage[`oidc.state.${t}`] = e, O(i)({
477
+ type: "setState",
478
+ data: { state: e },
479
+ configurationName: t
480
+ })), L = async (e = !0) => {
481
+ let n = (await O(i)({
482
+ type: "getCodeVerifier",
483
+ data: null,
484
+ configurationName: t
485
+ })).codeVerifier;
486
+ return n || (n = sessionStorage[`oidc.code_verifier.${t}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), e && (await R(n), n = await L(!1))), n;
487
+ }, R = async (e) => (sessionStorage[`oidc.code_verifier.${t}`] = e, O(i)({
488
+ type: "setCodeVerifier",
489
+ data: { codeVerifier: e },
490
+ configurationName: t
491
+ }));
492
+ return {
493
+ clearAsync: l,
494
+ initAsync: u,
495
+ startKeepAliveServiceWorker: () => d(e.service_worker_keep_alive_path),
496
+ setSessionStateAsync: f,
497
+ getSessionStateAsync: p,
498
+ setNonceAsync: h,
499
+ getNonceAsync: g,
500
+ setLoginParams: v,
501
+ getLoginParams: S,
502
+ getStateAsync: F,
503
+ setStateAsync: I,
504
+ getCodeVerifierAsync: L,
505
+ setCodeVerifierAsync: R,
506
+ setDemonstratingProofOfPossessionNonce: D,
507
+ getDemonstratingProofOfPossessionNonce: ee,
508
+ setDemonstratingProofOfPossessionJwkAsync: j,
509
+ getDemonstratingProofOfPossessionJwkAsync: P
510
+ };
511
+ }, F = {}, I = (e, t = window.sessionStorage, n) => {
512
+ if (!F[e] && t) {
513
+ let n = t.getItem(e);
514
+ n && (F[e] = JSON.parse(n));
515
+ }
516
+ let r = 1e3 * n;
517
+ return F[e] && F[e].timestamp + r > Date.now() ? F[e].result : null;
518
+ }, L = (e, t, n = window.sessionStorage) => {
519
+ let r = Date.now();
520
+ F[e] = {
521
+ result: t,
522
+ timestamp: r
523
+ }, n && n.setItem(e, JSON.stringify({
524
+ result: t,
525
+ timestamp: r
526
+ }));
568
527
  };
569
- function We(e) {
570
- return new TextEncoder().encode(e);
528
+ //#endregion
529
+ //#region src/jwt.ts
530
+ function R(e) {
531
+ return new TextEncoder().encode(e);
571
532
  }
572
- function Le(e) {
573
- return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
533
+ function ae(e) {
534
+ return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
574
535
  }
575
- function en(e) {
576
- return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g, function(t, s) {
577
- return String.fromCharCode(parseInt(s, 16));
578
- });
536
+ function oe(e) {
537
+ return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g, function(e, t) {
538
+ return String.fromCharCode(parseInt(t, 16));
539
+ });
579
540
  }
580
- const ke = (e) => {
581
- let n = "";
582
- return e.forEach(function(t) {
583
- n += String.fromCharCode(t);
584
- }), Le(n);
541
+ var z = (e) => {
542
+ let t = "";
543
+ return e.forEach(function(e) {
544
+ t += String.fromCharCode(e);
545
+ }), ae(t);
585
546
  };
586
- function Ee(e) {
587
- return Le(en(e));
547
+ function se(e) {
548
+ return ae(oe(e));
588
549
  }
589
- const nn = {
590
- importKeyAlgorithm: {
591
- name: "ECDSA",
592
- namedCurve: "P-256",
593
- hash: { name: "ES256" }
594
- },
595
- signAlgorithm: { name: "ECDSA", hash: { name: "SHA-256" } },
596
- generateKeyAlgorithm: {
597
- name: "ECDSA",
598
- namedCurve: "P-256"
599
- },
600
- digestAlgorithm: { name: "SHA-256" },
601
- jwtHeaderAlgorithm: "ES256"
602
- }, tn = (e) => async (n, t, s, o, i = "dpop+jwt") => {
603
- switch (n = Object.assign({}, n), t.typ = i, t.alg = o.jwtHeaderAlgorithm, t.alg) {
604
- case "ES256":
605
- t.jwk = { kty: n.kty, crv: n.crv, x: n.x, y: n.y };
606
- break;
607
- case "RS256":
608
- t.jwk = { kty: n.kty, n: n.n, e: n.e, kid: t.kid };
609
- break;
610
- default:
611
- throw new Error("Unknown or not implemented JWS algorithm");
612
- }
613
- const r = {
614
- // @ts-ignore
615
- // JWT "headers" really means JWS "protected headers"
616
- protected: Ee(JSON.stringify(t)),
617
- // @ts-ignore
618
- // JWT "claims" are really a JSON-defined JWS "payload"
619
- payload: Ee(JSON.stringify(s))
620
- }, a = o.importKeyAlgorithm, c = !0, f = ["sign"], u = await e.crypto.subtle.importKey("jwk", n, a, c, f), l = We(`${r.protected}.${r.payload}`), h = o.signAlgorithm, _ = await e.crypto.subtle.sign(h, u, l);
621
- return r.signature = ke(new Uint8Array(_)), `${r.protected}.${r.payload}.${r.signature}`;
622
- }, sn = { sign: tn }, on = (e) => async (n) => {
623
- const t = n, s = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(t, s, o);
624
- return await e.crypto.subtle.exportKey("jwk", i.privateKey);
625
- }, rn = (e) => {
626
- const n = Object.assign({}, e);
627
- return delete n.d, n.key_ops = ["verify"], n;
628
- }, an = {
629
- generate: on,
630
- neuter: rn
631
- }, cn = (e) => async (n, t) => {
632
- let s;
633
- switch (n.kty) {
634
- case "EC":
635
- s = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", n.crv).replace("X", n.x).replace("Y", n.y);
636
- break;
637
- case "RSA":
638
- s = '{"e":"E","kty":"RSA","n":"N"}'.replace("E", n.e).replace("N", n.n);
639
- break;
640
- default:
641
- throw new Error("Unknown or not implemented JWK type");
642
- }
643
- const o = await e.crypto.subtle.digest(t, We(s));
644
- return ke(new Uint8Array(o));
645
- }, ln = { thumbprint: cn }, un = (e) => async (n) => await an.generate(e)(n), De = (e) => (n) => async (t, s = "POST", o, i = {}) => {
646
- const r = {
647
- // https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
648
- jti: btoa(_n()),
649
- htm: s,
650
- htu: o,
651
- iat: Math.round(Date.now() / 1e3),
652
- ...i
653
- }, a = await ln.thumbprint(e)(
654
- t,
655
- n.digestAlgorithm
656
- );
657
- return await sn.sign(e)(
658
- t,
659
- { kid: a },
660
- r,
661
- n
662
- );
663
- }, _n = () => {
664
- const e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", n = "0123456789abcdef";
665
- let t = 0, s = "";
666
- for (let o = 0; o < 36; o++)
667
- e[o] !== "-" && e[o] !== "4" && (t = Math.random() * 16 | 0), e[o] === "x" ? s += n[t] : e[o] === "y" ? (t &= 3, t |= 8, s += n[t]) : s += e[o];
668
- return s;
669
- }, Re = () => {
670
- const e = typeof window < "u" && !!window.crypto, n = e && !!window.crypto.subtle;
671
- return { hasCrypto: e, hasSubtleCrypto: n };
672
- }, ce = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", fn = (e) => {
673
- const n = [];
674
- for (let t = 0; t < e.byteLength; t += 1) {
675
- const s = e[t] % ce.length;
676
- n.push(ce[s]);
677
- }
678
- return n.join("");
679
- }, le = (e) => {
680
- const n = new Uint8Array(e), { hasCrypto: t } = Re();
681
- if (t)
682
- window.crypto.getRandomValues(n);
683
- else
684
- for (let s = 0; s < e; s += 1)
685
- n[s] = Math.random() * ce.length | 0;
686
- return fn(n);
550
+ var ce = {
551
+ importKeyAlgorithm: {
552
+ name: "ECDSA",
553
+ namedCurve: "P-256",
554
+ hash: { name: "ES256" }
555
+ },
556
+ signAlgorithm: {
557
+ name: "ECDSA",
558
+ hash: { name: "SHA-256" }
559
+ },
560
+ generateKeyAlgorithm: {
561
+ name: "ECDSA",
562
+ namedCurve: "P-256"
563
+ },
564
+ digestAlgorithm: { name: "SHA-256" },
565
+ jwtHeaderAlgorithm: "ES256"
566
+ }, le = { sign: (e) => async (t, n, r, i, a = "dpop+jwt") => {
567
+ switch (t = Object.assign({}, t), n.typ = a, n.alg = i.jwtHeaderAlgorithm, n.alg) {
568
+ case "ES256":
569
+ n.jwk = {
570
+ kty: t.kty,
571
+ crv: t.crv,
572
+ x: t.x,
573
+ y: t.y
574
+ };
575
+ break;
576
+ case "RS256":
577
+ n.jwk = {
578
+ kty: t.kty,
579
+ n: t.n,
580
+ e: t.e,
581
+ kid: n.kid
582
+ };
583
+ break;
584
+ default: throw Error("Unknown or not implemented JWS algorithm");
585
+ }
586
+ let o = {
587
+ protected: se(JSON.stringify(n)),
588
+ payload: se(JSON.stringify(r))
589
+ }, s = i.importKeyAlgorithm, c = await e.crypto.subtle.importKey("jwk", t, s, !0, ["sign"]), l = R(`${o.protected}.${o.payload}`), u = i.signAlgorithm, d = await e.crypto.subtle.sign(u, c, l);
590
+ return o.signature = z(new Uint8Array(d)), `${o.protected}.${o.payload}.${o.signature}`;
591
+ } }, ue = {
592
+ generate: (e) => async (t) => {
593
+ let n = t, r = await e.crypto.subtle.generateKey(n, !0, ["sign", "verify"]);
594
+ return await e.crypto.subtle.exportKey("jwk", r.privateKey);
595
+ },
596
+ neuter: (e) => {
597
+ let t = Object.assign({}, e);
598
+ return delete t.d, t.key_ops = ["verify"], t;
599
+ }
600
+ }, de = { thumbprint: (e) => async (t, n) => {
601
+ let r;
602
+ switch (t.kty) {
603
+ case "EC":
604
+ r = "{\"crv\":\"CRV\",\"kty\":\"EC\",\"x\":\"X\",\"y\":\"Y\"}".replace("CRV", t.crv).replace("X", t.x).replace("Y", t.y);
605
+ break;
606
+ case "RSA":
607
+ r = "{\"e\":\"E\",\"kty\":\"RSA\",\"n\":\"N\"}".replace("E", t.e).replace("N", t.n);
608
+ break;
609
+ default: throw Error("Unknown or not implemented JWK type");
610
+ }
611
+ let i = await e.crypto.subtle.digest(n, R(r));
612
+ return z(new Uint8Array(i));
613
+ } }, fe = (e) => async (t) => await ue.generate(e)(t), pe = (e) => (t) => async (n, r = "POST", i, a = {}) => {
614
+ let o = {
615
+ jti: btoa(me()),
616
+ htm: r,
617
+ htu: i,
618
+ iat: Math.round(Date.now() / 1e3),
619
+ ...a
620
+ }, s = await de.thumbprint(e)(n, t.digestAlgorithm);
621
+ return await le.sign(e)(n, { kid: s }, o, t);
622
+ }, me = () => {
623
+ let e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", t = "0123456789abcdef", n = 0, r = "";
624
+ for (let i = 0; i < 36; i++) e[i] !== "-" && e[i] !== "4" && (n = Math.random() * 16 | 0), e[i] === "x" ? r += t[n] : e[i] === "y" ? (n &= 3, n |= 8, r += t[n]) : r += e[i];
625
+ return r;
626
+ }, he = () => {
627
+ let e = typeof window < "u" && !!window.crypto;
628
+ return {
629
+ hasCrypto: e,
630
+ hasSubtleCrypto: e && !!window.crypto.subtle
631
+ };
632
+ }, ge = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", _e = (e) => {
633
+ let t = [];
634
+ for (let n = 0; n < e.byteLength; n += 1) {
635
+ let r = e[n] % 62;
636
+ t.push(ge[r]);
637
+ }
638
+ return t.join("");
639
+ }, B = (e) => {
640
+ let t = new Uint8Array(e), { hasCrypto: n } = he();
641
+ if (n) window.crypto.getRandomValues(t);
642
+ else for (let n = 0; n < e; n += 1) t[n] = Math.random() * 62 | 0;
643
+ return _e(t);
687
644
  };
688
- function dn(e) {
689
- const n = new ArrayBuffer(e.length), t = new Uint8Array(n);
690
- for (let s = 0; s < e.length; s++)
691
- t[s] = e.charCodeAt(s);
692
- return t;
645
+ function ve(e) {
646
+ let t = new ArrayBuffer(e.length), n = new Uint8Array(t);
647
+ for (let t = 0; t < e.length; t++) n[t] = e.charCodeAt(t);
648
+ return n;
693
649
  }
694
- function $e(e) {
695
- return new Promise((n, t) => {
696
- crypto.subtle.digest("SHA-256", dn(e)).then(
697
- (s) => n(ke(new Uint8Array(s))),
698
- (s) => t(s)
699
- );
700
- });
650
+ function ye(e) {
651
+ return new Promise((t, n) => {
652
+ crypto.subtle.digest("SHA-256", ve(e)).then((e) => t(z(new Uint8Array(e))), (e) => n(e));
653
+ });
701
654
  }
702
- const gn = (e) => {
703
- if (e.length < 43 || e.length > 128)
704
- return Promise.reject(new Error("Invalid code length."));
705
- const { hasSubtleCrypto: n } = Re();
706
- return n ? $e(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
707
- }, hn = 3600, yn = (e) => async (n, t = hn, s = window.sessionStorage, o = 1e4) => {
708
- const i = `${n}/.well-known/openid-configuration`, r = `oidc.server:${n}`, a = Qe(r, s, t);
709
- if (a)
710
- return new fe(a);
711
- const c = await z(e)(i, {}, o);
712
- if (c.status !== 200)
713
- return null;
714
- const f = await c.json();
715
- return Ze(r, f, s), new fe(f);
716
- }, z = (e) => async (n, t = {}, s = 1e4, o = 0) => {
717
- let i;
718
- try {
719
- const r = new AbortController();
720
- setTimeout(() => r.abort(), s), i = await e(n, { ...t, signal: r.signal });
721
- } catch (r) {
722
- if (r.name === "AbortError" || r.message === "Network request failed") {
723
- if (o <= 1)
724
- return await z(e)(n, t, s, o + 1);
725
- throw r;
726
- } else
727
- throw console.error(r.message), r;
728
- }
729
- return i;
730
- }, ue = {
731
- refresh_token: "refresh_token",
732
- access_token: "access_token"
733
- }, Oe = (e) => async (n, t, s = ue.refresh_token, o, i = {}, r = 1e4) => {
734
- const a = {
735
- token: t,
736
- token_type_hint: s,
737
- client_id: o
738
- };
739
- for (const [l, h] of Object.entries(i))
740
- a[l] === void 0 && (a[l] = h);
741
- const c = [];
742
- for (const l in a) {
743
- const h = encodeURIComponent(l), _ = encodeURIComponent(a[l]);
744
- c.push(`${h}=${_}`);
745
- }
746
- const f = c.join("&");
747
- return (await z(e)(
748
- n,
749
- {
750
- method: "POST",
751
- headers: {
752
- "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
753
- },
754
- body: f
755
- },
756
- r
757
- )).status !== 200 ? { success: !1 } : {
758
- success: !0
759
- };
760
- }, kn = (e) => async (n, t, s, o, i = {}, r, a = 1e4) => {
761
- for (const [_, m] of Object.entries(s))
762
- t[_] === void 0 && (t[_] = m);
763
- const c = [];
764
- for (const _ in t) {
765
- const m = encodeURIComponent(_), p = encodeURIComponent(t[_]);
766
- c.push(`${m}=${p}`);
767
- }
768
- const f = c.join("&"), u = await z(e)(
769
- n,
770
- {
771
- method: "POST",
772
- headers: {
773
- "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
774
- ...i
775
- },
776
- body: f
777
- },
778
- a
779
- );
780
- if (u.status !== 200)
781
- return {
782
- success: !1,
783
- status: u.status,
784
- demonstratingProofOfPossessionNonce: null
785
- };
786
- const l = await u.json();
787
- let h = null;
788
- return u.headers.has(te) && (h = u.headers.get(
789
- te
790
- )), {
791
- success: !0,
792
- status: u.status,
793
- data: ge(l, o, r),
794
- demonstratingProofOfPossessionNonce: h
795
- };
796
- }, mn = (e, n) => async (t, s) => {
797
- s = s ? { ...s } : {};
798
- const o = le(128), i = await gn(o);
799
- await e.setCodeVerifierAsync(o), await e.setStateAsync(s.state), s.code_challenge = i, s.code_challenge_method = "S256";
800
- let r = "";
801
- if (s)
802
- for (const [a, c] of Object.entries(s))
803
- r === "" ? r += "?" : r += "&", r += `${a}=${encodeURIComponent(c)}`;
804
- n.open(`${t}${r}`);
805
- }, te = "DPoP-Nonce", wn = (e) => async (n, t, s, o, i = 1e4) => {
806
- t = t ? { ...t } : {}, t.code_verifier = await e.getCodeVerifierAsync();
807
- const r = [];
808
- for (const l in t) {
809
- const h = encodeURIComponent(l), _ = encodeURIComponent(t[l]);
810
- r.push(`${h}=${_}`);
811
- }
812
- const a = r.join("&"), c = await z(fetch)(
813
- n,
814
- {
815
- method: "POST",
816
- headers: {
817
- "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
818
- ...s
819
- },
820
- body: a
821
- },
822
- i
823
- );
824
- if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), c.status !== 200)
825
- return { success: !1, status: c.status };
826
- let f = null;
827
- c.headers.has(te) && (f = c.headers.get(
828
- te
829
- ));
830
- const u = await c.json();
831
- return {
832
- success: !0,
833
- data: {
834
- state: t.state,
835
- tokens: ge(u, null, o),
836
- demonstratingProofOfPossessionNonce: f
837
- }
838
- };
655
+ var be = (e) => {
656
+ if (e.length < 43 || e.length > 128) return Promise.reject(/* @__PURE__ */ Error("Invalid code length."));
657
+ let { hasSubtleCrypto: t } = he();
658
+ return t ? ye(e) : Promise.reject(/* @__PURE__ */ Error("window.crypto.subtle is unavailable."));
659
+ }, xe = 3600, Se = (e) => async (t, n = xe, r = window.sessionStorage, i = 1e4) => {
660
+ let a = `${t}/.well-known/openid-configuration`, o = `oidc.server:${t}`, s = I(o, r, n);
661
+ if (s) return new Z(s);
662
+ let c = await V(e)(a, {}, i);
663
+ if (c.status !== 200) return null;
664
+ let l = await c.json();
665
+ return L(o, l, r), new Z(l);
666
+ }, V = (e) => async (t, n = {}, r = 1e4, i = 0) => {
667
+ let a;
668
+ try {
669
+ let i = new AbortController();
670
+ setTimeout(() => i.abort(), r), a = await e(t, {
671
+ ...n,
672
+ signal: i.signal
673
+ });
674
+ } catch (a) {
675
+ if (a.name === "AbortError" || a.message === "Network request failed") {
676
+ if (i <= 1) return await V(e)(t, n, r, i + 1);
677
+ throw a;
678
+ } else throw console.error(a.message), a;
679
+ }
680
+ return a;
681
+ }, H = {
682
+ refresh_token: "refresh_token",
683
+ access_token: "access_token"
684
+ }, Ce = (e) => async (t, n, r = H.refresh_token, i, a = {}, o = 1e4) => {
685
+ let s = {
686
+ token: n,
687
+ token_type_hint: r,
688
+ client_id: i
689
+ };
690
+ for (let [e, t] of Object.entries(a)) s[e] === void 0 && (s[e] = t);
691
+ let c = [];
692
+ for (let e in s) {
693
+ let t = encodeURIComponent(e), n = encodeURIComponent(s[e]);
694
+ c.push(`${t}=${n}`);
695
+ }
696
+ let l = c.join("&");
697
+ return (await V(e)(t, {
698
+ method: "POST",
699
+ headers: { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8" },
700
+ body: l
701
+ }, o)).status === 200 ? { success: !0 } : { success: !1 };
702
+ }, we = (e) => async (t, n, r, i, a = {}, o, s = 1e4) => {
703
+ for (let [e, t] of Object.entries(r)) n[e] === void 0 && (n[e] = t);
704
+ let c = [];
705
+ for (let e in n) {
706
+ let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
707
+ c.push(`${t}=${r}`);
708
+ }
709
+ let l = c.join("&"), u = await V(e)(t, {
710
+ method: "POST",
711
+ headers: {
712
+ "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
713
+ ...a
714
+ },
715
+ body: l
716
+ }, s);
717
+ if (u.status !== 200) return {
718
+ success: !1,
719
+ status: u.status,
720
+ demonstratingProofOfPossessionNonce: null
721
+ };
722
+ let d = await u.json(), f = null;
723
+ return u.headers.has(U) && (f = u.headers.get(U)), {
724
+ success: !0,
725
+ status: u.status,
726
+ data: m(d, i, o),
727
+ demonstratingProofOfPossessionNonce: f
728
+ };
729
+ }, Te = (e, t) => async (n, r) => {
730
+ r = r ? { ...r } : {};
731
+ let i = B(128), a = await be(i);
732
+ await e.setCodeVerifierAsync(i), await e.setStateAsync(r.state), r.code_challenge = a, r.code_challenge_method = "S256";
733
+ let o = "";
734
+ if (r) for (let [e, t] of Object.entries(r)) o === "" ? o += "?" : o += "&", o += `${e}=${encodeURIComponent(t)}`;
735
+ t.open(`${n}${o}`);
736
+ }, U = "DPoP-Nonce", Ee = (e) => async (t, n, r, i, a = 1e4) => {
737
+ n = n ? { ...n } : {}, n.code_verifier = await e.getCodeVerifierAsync();
738
+ let o = [];
739
+ for (let e in n) {
740
+ let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
741
+ o.push(`${t}=${r}`);
742
+ }
743
+ let s = o.join("&"), c = await V(fetch)(t, {
744
+ method: "POST",
745
+ headers: {
746
+ "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
747
+ ...r
748
+ },
749
+ body: s
750
+ }, a);
751
+ if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), c.status !== 200) return {
752
+ success: !1,
753
+ status: c.status
754
+ };
755
+ let l = null;
756
+ c.headers.has(U) && (l = c.headers.get(U));
757
+ let u = await c.json();
758
+ return {
759
+ success: !0,
760
+ data: {
761
+ state: n.state,
762
+ tokens: m(u, null, i),
763
+ demonstratingProofOfPossessionNonce: l
764
+ }
765
+ };
839
766
  };
840
- async function be(e, n, t, s = null) {
841
- const o = (c) => {
842
- e.tokens = c;
843
- }, { tokens: i, status: r } = await Z(e)(
844
- o,
845
- 0,
846
- 0,
847
- n,
848
- t,
849
- s
850
- );
851
- return await W(e.configuration, e.configurationName) || x(
852
- e.configurationName,
853
- e.configuration.storage,
854
- e.configuration.login_state_storage ?? e.configuration.storage
855
- ).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(r), null);
767
+ //#endregion
768
+ //#region src/renewTokens.ts
769
+ async function De(e, t, n, r = null) {
770
+ let { tokens: i, status: o } = await q(e)((t) => {
771
+ e.tokens = t;
772
+ }, 0, 0, t, n, r);
773
+ return await P(e.configuration, e.configurationName) || a(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(o), null);
856
774
  }
857
- async function Ke(e, n = !1, t = null, s = null) {
858
- const o = e.configuration, i = `${o.client_id}_${e.configurationName}_${o.authority}`;
859
- let r;
860
- const a = await W(e.configuration, e.configurationName);
861
- if (o?.storage === window?.sessionStorage && !a || !navigator.locks)
862
- r = await be(e, n, t, s);
863
- else {
864
- let c = "retry";
865
- for (; c === "retry"; )
866
- c = await navigator.locks.request(
867
- i,
868
- { ifAvailable: !0 },
869
- async (f) => f ? await be(e, n, t, s) : (e.publishEvent(D.eventNames.syncTokensAsync_lock_not_available, {
870
- lock: "lock not available"
871
- }), "retry")
872
- );
873
- r = c;
874
- }
875
- return r ? (e.timeoutId && (e.timeoutId = X(e, e.tokens.expiresAt, t, s)), e.tokens) : null;
775
+ async function Oe(e, t = !1, n = null, r = null) {
776
+ let i = e.configuration, a = `${i.client_id}_${e.configurationName}_${i.authority}`, o, s = await P(e.configuration, e.configurationName);
777
+ if (i?.storage === window?.sessionStorage && !s || !navigator.locks) o = await De(e, t, n, r);
778
+ else {
779
+ let i = "retry";
780
+ for (; i === "retry";) i = await navigator.locks.request(a, { ifAvailable: !0 }, async (i) => i ? await De(e, t, n, r) : (e.publishEvent($.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), "retry"));
781
+ o = i;
782
+ }
783
+ return o ? (e.timeoutId &&= W(e, e.tokens.expiresAt, n, r), e.tokens) : null;
876
784
  }
877
- const X = (e, n, t = null, s = null) => {
878
- const o = e.configuration.refresh_time_before_tokens_expiration_in_second;
879
- return e.timeoutId && R.clearTimeout(e.timeoutId), R.setTimeout(async () => {
880
- const r = { timeLeft: G(o, n) };
881
- e.publishEvent(D.eventNames.token_timer, r), await Ke(e, !1, t, s);
882
- }, 1e3);
883
- }, P = {
884
- FORCE_REFRESH: "FORCE_REFRESH",
885
- SESSION_LOST: "SESSION_LOST",
886
- NOT_CONNECTED: "NOT_CONNECTED",
887
- TOKENS_VALID: "TOKENS_VALID",
888
- TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",
889
- TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
890
- LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
891
- REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS",
892
- TOKENS_INVALID: "TOKENS_INVALID"
893
- }, me = (e) => async (n, t, s, o = !1) => {
894
- const i = { nonce: null };
895
- if (!s)
896
- return { tokens: null, status: P.NOT_CONNECTED, nonce: i };
897
- let r = i;
898
- const a = await e.initAsync(
899
- n.authority,
900
- n.authority_configuration
901
- ), c = await W(n, t);
902
- if (c) {
903
- const { status: l, tokens: h } = await c.initAsync(
904
- a,
905
- "syncTokensAsync",
906
- n
907
- );
908
- if (l === "LOGGED_OUT")
909
- return {
910
- tokens: null,
911
- status: P.LOGOUT_FROM_ANOTHER_TAB,
912
- nonce: i
913
- };
914
- if (l === "SESSIONS_LOST")
915
- return { tokens: null, status: P.SESSION_LOST, nonce: i };
916
- if (!l || !h)
917
- return {
918
- tokens: null,
919
- status: P.REQUIRE_SYNC_TOKENS,
920
- nonce: i
921
- };
922
- if (h.issuedAt !== s.issuedAt) {
923
- const m = G(
924
- n.refresh_time_before_tokens_expiration_in_second,
925
- h.expiresAt
926
- ) > 0 ? P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, p = await c.getNonceAsync();
927
- return { tokens: h, status: m, nonce: p };
928
- }
929
- r = await c.getNonceAsync();
930
- } else {
931
- const l = x(
932
- t,
933
- n.storage ?? sessionStorage,
934
- n.login_state_storage ?? n.storage ?? sessionStorage
935
- ), h = await l.initAsync();
936
- let { tokens: _ } = h;
937
- const { status: m } = h;
938
- if (_ && (_ = de(_, e.tokens, n.token_renew_mode)), _) {
939
- if (m === "SESSIONS_LOST")
940
- return { tokens: null, status: P.SESSION_LOST, nonce: i };
941
- if (_.issuedAt !== s.issuedAt) {
942
- const g = G(
943
- n.refresh_time_before_tokens_expiration_in_second,
944
- _.expiresAt
945
- ) > 0 ? P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, y = await l.getNonceAsync();
946
- return { tokens: _, status: g, nonce: y };
947
- }
948
- } else return {
949
- tokens: null,
950
- status: P.LOGOUT_FROM_ANOTHER_TAB,
951
- nonce: i
952
- };
953
- r = await l.getNonceAsync();
954
- }
955
- const u = G(
956
- n.refresh_time_before_tokens_expiration_in_second,
957
- s.expiresAt
958
- ) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
959
- return o ? { tokens: s, status: "FORCE_REFRESH", nonce: r } : { tokens: s, status: u, nonce: r };
960
- }, Z = (e) => async (n, t = 0, s = 0, o = !1, i = null, r = null) => {
961
- if (!navigator.onLine && document.hidden)
962
- return { tokens: e.tokens, status: "GIVE_UP" };
963
- let a = 6;
964
- const c = o ? 2 : 5, f = 5;
965
- for (; !navigator.onLine && a > 0; )
966
- await Y({ milliseconds: 1e3 }), a--, e.publishEvent(k.refreshTokensAsync, {
967
- message: `wait because navigator is offline try ${a}`
968
- });
969
- const u = document.hidden, l = u ? t : t + 1, h = u ? s + 1 : s;
970
- if (t >= c || s >= f)
971
- return n(null), e.publishEvent(k.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
972
- i || (i = {});
973
- const _ = e.configuration, m = (g, y = null, A = null) => we(
974
- e.configurationName,
975
- e.configuration,
976
- e.publishEvent.bind(e)
977
- )(g, y, A), p = async () => {
978
- try {
979
- let g;
980
- const y = await W(_, e.configurationName);
981
- y ? g = y.getLoginParams() : g = x(
982
- e.configurationName,
983
- _.storage,
984
- _.login_state_storage ?? _.storage
985
- ).getLoginParams();
986
- const A = {};
987
- if (g && g.extras)
988
- for (const [O, v] of Object.entries(g.extras))
989
- v != null && (A[O] = v);
990
- if (i)
991
- for (const [O, v] of Object.entries(i))
992
- v != null && (A[O] = v);
993
- A.prompt = "none", r && (A.scope = r);
994
- const T = await m(A);
995
- return T ? T.error ? (n(null), e.publishEvent(k.refreshTokensAsync_error, {
996
- message: "refresh token silent"
997
- }), { tokens: null, status: "SESSION_LOST" }) : (n(T.tokens), e.publishEvent(D.eventNames.token_renewed, {}), { tokens: T.tokens, status: "LOGGED" }) : (n(null), e.publishEvent(k.refreshTokensAsync_error, {
998
- message: "refresh token silent not active"
999
- }), { tokens: null, status: "SESSION_LOST" });
1000
- } catch (g) {
1001
- return console.error(g), e.publishEvent(k.refreshTokensAsync_silent_error, {
1002
- message: "exceptionSilent",
1003
- exception: g.message
1004
- }), await Z(e)(
1005
- n,
1006
- l,
1007
- h,
1008
- o,
1009
- i,
1010
- r
1011
- );
1012
- }
1013
- };
1014
- try {
1015
- const { status: g, tokens: y, nonce: A } = await me(e)(
1016
- _,
1017
- e.configurationName,
1018
- e.tokens,
1019
- o
1020
- );
1021
- switch (g) {
1022
- case P.SESSION_LOST:
1023
- return n(null), e.publishEvent(k.refreshTokensAsync_error, {
1024
- message: "refresh token session lost"
1025
- }), { tokens: null, status: "SESSION_LOST" };
1026
- case P.NOT_CONNECTED:
1027
- return n(null), { tokens: null, status: null };
1028
- case P.TOKENS_VALID:
1029
- return n(y), { tokens: y, status: "LOGGED_IN" };
1030
- case P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
1031
- return n(y), e.publishEvent(D.eventNames.token_renewed, {
1032
- reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"
1033
- }), { tokens: y, status: "LOGGED_IN" };
1034
- case P.LOGOUT_FROM_ANOTHER_TAB:
1035
- return n(null), e.publishEvent(k.logout_from_another_tab, {
1036
- status: "session syncTokensAsync"
1037
- }), { tokens: null, status: "LOGGED_OUT" };
1038
- case P.REQUIRE_SYNC_TOKENS:
1039
- return _.token_automatic_renew_mode == q.AutomaticOnlyWhenFetchExecuted && !o ? (e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(k.refreshTokensAsync_begin, { tryNumber: t }), await p());
1040
- default: {
1041
- if (_.token_automatic_renew_mode == q.AutomaticOnlyWhenFetchExecuted && P.FORCE_REFRESH !== g)
1042
- return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
1043
- if (e.publishEvent(k.refreshTokensAsync_begin, {
1044
- refreshToken: y.refreshToken,
1045
- status: g,
1046
- tryNumber: t,
1047
- backgroundTry: s
1048
- }), !y.refreshToken)
1049
- return await p();
1050
- const T = _.client_id, O = _.redirect_uri, v = _.authority, w = { ..._.token_request_extras ? _.token_request_extras : {} };
1051
- for (const [$, E] of Object.entries(i))
1052
- $.endsWith(":token_request") && (w[$.replace(":token_request", "")] = E);
1053
- return await (async () => {
1054
- const $ = {
1055
- client_id: T,
1056
- redirect_uri: O,
1057
- grant_type: "refresh_token",
1058
- refresh_token: y.refreshToken
1059
- }, E = await e.initAsync(
1060
- v,
1061
- _.authority_configuration
1062
- ), d = document.hidden ? 1e4 : 3e4 * 10, N = E.tokenEndpoint, S = {};
1063
- _.demonstrating_proof_of_possession && (S.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(
1064
- y.accessToken,
1065
- N,
1066
- "POST"
1067
- ));
1068
- const b = await kn(e.getFetch())(
1069
- N,
1070
- $,
1071
- w,
1072
- y,
1073
- S,
1074
- _.token_renew_mode,
1075
- d
1076
- );
1077
- if (b.success) {
1078
- const { isValid: K, reason: U } = Ne(
1079
- b.data,
1080
- A.nonce,
1081
- E
1082
- );
1083
- if (!K)
1084
- return n(null), e.publishEvent(k.refreshTokensAsync_error, {
1085
- message: `refresh token return not valid tokens, reason: ${U}`
1086
- }), { tokens: null, status: "SESSION_LOST" };
1087
- if (n(b.data), b.demonstratingProofOfPossessionNonce) {
1088
- const L = await W(_, e.configurationName);
1089
- L ? await L.setDemonstratingProofOfPossessionNonce(
1090
- b.demonstratingProofOfPossessionNonce
1091
- ) : await x(
1092
- e.configurationName,
1093
- _.storage,
1094
- _.login_state_storage ?? _.storage
1095
- ).setDemonstratingProofOfPossessionNonce(
1096
- b.demonstratingProofOfPossessionNonce
1097
- );
1098
- }
1099
- return e.publishEvent(k.refreshTokensAsync_end, {
1100
- success: b.success
1101
- }), e.publishEvent(D.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: b.data, status: "LOGGED_IN" };
1102
- } else
1103
- return e.publishEvent(k.refreshTokensAsync_silent_error, {
1104
- message: "bad request",
1105
- tokenResponse: b
1106
- }), b.status >= 400 && b.status < 500 ? (n(null), e.publishEvent(k.refreshTokensAsync_error, {
1107
- message: `session lost: ${b.status}`
1108
- }), { tokens: null, status: "SESSION_LOST" }) : await Z(e)(
1109
- n,
1110
- l,
1111
- h,
1112
- o,
1113
- i,
1114
- r
1115
- );
1116
- })();
1117
- }
1118
- }
1119
- } catch (g) {
1120
- return console.error(g), e.publishEvent(k.refreshTokensAsync_silent_error, {
1121
- message: "exception",
1122
- exception: g.message
1123
- }), new Promise((y, A) => {
1124
- setTimeout(() => {
1125
- Z(e)(
1126
- n,
1127
- l,
1128
- h,
1129
- o,
1130
- i,
1131
- r
1132
- ).then(y).catch(A);
1133
- }, 1e3);
1134
- });
1135
- }
1136
- }, we = (e, n, t) => (s = null, o = null, i = null) => {
1137
- if (!n.silent_redirect_uri || !n.silent_login_uri)
1138
- return Promise.resolve(null);
1139
- try {
1140
- t(k.silentLoginAsync_begin, {});
1141
- let r = "";
1142
- if (o && (s == null && (s = {}), s.state = o), i != null && (s == null && (s = {}), s.scope = i), s != null)
1143
- for (const [l, h] of Object.entries(s))
1144
- h != null && (r === "" ? r = `?${encodeURIComponent(l)}=${encodeURIComponent(h)}` : r += `&${encodeURIComponent(l)}=${encodeURIComponent(h)}`);
1145
- const a = n.silent_login_uri + r, c = a.indexOf("/", a.indexOf("//") + 2), f = a.substring(0, c), u = document.createElement("iframe");
1146
- return u.width = "0px", u.height = "0px", u.id = `${e}_oidc_iframe`, u.setAttribute("src", a), u.style.display = "none", document.body.appendChild(u), new Promise((l, h) => {
1147
- let _ = !1;
1148
- const m = () => {
1149
- window.removeEventListener("message", p), u.remove(), _ = !0;
1150
- }, p = (g) => {
1151
- if (g.origin === f && g.source === u.contentWindow) {
1152
- const y = `${e}_oidc_tokens:`, A = `${e}_oidc_error:`, T = `${e}_oidc_exception:`, O = g.data;
1153
- if (O && typeof O == "string" && !_) {
1154
- if (O.startsWith(y)) {
1155
- const v = JSON.parse(g.data.replace(y, ""));
1156
- t(k.silentLoginAsync_end, {}), l(v), m();
1157
- } else if (O.startsWith(A)) {
1158
- const v = JSON.parse(g.data.replace(A, ""));
1159
- t(k.silentLoginAsync_error, v), l({ error: "oidc_" + v.error, tokens: null, sessionState: null }), m();
1160
- } else if (O.startsWith(T)) {
1161
- const v = JSON.parse(g.data.replace(T, ""));
1162
- t(k.silentLoginAsync_error, v), h(new Error(v.error)), m();
1163
- }
1164
- }
1165
- }
1166
- };
1167
- try {
1168
- window.addEventListener("message", p);
1169
- const g = n.silent_login_timeout;
1170
- setTimeout(() => {
1171
- _ || (m(), t(k.silentLoginAsync_error, { reason: "timeout" }), h(new Error("timeout")));
1172
- }, g);
1173
- } catch (g) {
1174
- m(), t(k.silentLoginAsync_error, g), h(g);
1175
- }
1176
- });
1177
- } catch (r) {
1178
- throw t(k.silentLoginAsync_error, r), r;
1179
- }
1180
- }, pn = (e, n, t, s, o) => (i = null, r = void 0) => {
1181
- i = { ...i };
1182
- const a = (f, u, l) => we(n, t, s.bind(o))(
1183
- f,
1184
- u,
1185
- l
1186
- );
1187
- return (async () => {
1188
- o.timeoutId && R.clearTimeout(o.timeoutId);
1189
- let f;
1190
- i && "state" in i && (f = i.state, delete i.state);
1191
- try {
1192
- const u = t.extras ? { ...t.extras, ...i } : i, l = await a(
1193
- {
1194
- ...u,
1195
- prompt: "none"
1196
- },
1197
- f,
1198
- r
1199
- );
1200
- if (l)
1201
- return o.tokens = l.tokens, s(k.token_acquired, {}), o.timeoutId = X(o, o.tokens.expiresAt, i, r), {};
1202
- } catch (u) {
1203
- return u;
1204
- }
1205
- })();
1206
- }, An = (e, n, t) => (s, o, i, r = !1) => {
1207
- const a = (c, f = void 0, u = void 0) => we(e.configurationName, t, e.publishEvent.bind(e))(
1208
- c,
1209
- f,
1210
- u
1211
- );
1212
- return new Promise((c, f) => {
1213
- if (t.silent_login_uri && t.silent_redirect_uri && t.monitor_session && s && i && !r) {
1214
- const u = () => {
1215
- e.checkSessionIFrame.stop();
1216
- const l = e.tokens;
1217
- if (l === null)
1218
- return;
1219
- const h = l.idToken, _ = l.idTokenPayload;
1220
- return a({
1221
- prompt: "none",
1222
- id_token_hint: h,
1223
- scope: t.scope || "openid"
1224
- }).then((m) => {
1225
- if (m.error)
1226
- throw new Error(m.error);
1227
- const p = m.tokens.idTokenPayload;
1228
- if (_.sub === p.sub) {
1229
- const g = m.sessionState;
1230
- e.checkSessionIFrame.start(m.sessionState), _.sid === p.sid ? console.debug(
1231
- "SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
1232
- g
1233
- ) : console.debug(
1234
- "SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",
1235
- g
1236
- );
1237
- } else
1238
- console.debug(
1239
- "SessionMonitor._callback: Different subject signed into OP:",
1240
- p.sub
1241
- );
1242
- }).catch(async (m) => {
1243
- console.warn(
1244
- "SessionMonitor._callback: Silent login failed, logging out other tabs:",
1245
- m
1246
- );
1247
- for (const [, p] of Object.entries(n))
1248
- await p.logoutOtherTabAsync(t.client_id, _.sub);
1249
- });
1250
- };
1251
- e.checkSessionIFrame = new Fe(
1252
- u,
1253
- o,
1254
- s
1255
- ), e.checkSessionIFrame.load().then(() => {
1256
- e.checkSessionIFrame.start(i), c(e.checkSessionIFrame);
1257
- }).catch((l) => {
1258
- f(l);
1259
- });
1260
- } else
1261
- c(null);
1262
- });
1263
- }, Sn = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), Tn = (e) => {
1264
- const n = e.appVersion, t = e.userAgent, s = "-";
1265
- let o = s;
1266
- const i = [
1267
- { s: "Windows 10", r: /(Windows 10.0|Windows NT 10.0)/ },
1268
- { s: "Windows 8.1", r: /(Windows 8.1|Windows NT 6.3)/ },
1269
- { s: "Windows 8", r: /(Windows 8|Windows NT 6.2)/ },
1270
- { s: "Windows 7", r: /(Windows 7|Windows NT 6.1)/ },
1271
- { s: "Windows Vista", r: /Windows NT 6.0/ },
1272
- { s: "Windows Server 2003", r: /Windows NT 5.2/ },
1273
- { s: "Windows XP", r: /(Windows NT 5.1|Windows XP)/ },
1274
- { s: "Windows 2000", r: /(Windows NT 5.0|Windows 2000)/ },
1275
- { s: "Windows ME", r: /(Win 9x 4.90|Windows ME)/ },
1276
- { s: "Windows 98", r: /(Windows 98|Win98)/ },
1277
- { s: "Windows 95", r: /(Windows 95|Win95|Windows_95)/ },
1278
- { s: "Windows NT 4.0", r: /(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/ },
1279
- { s: "Windows CE", r: /Windows CE/ },
1280
- { s: "Windows 3.11", r: /Win16/ },
1281
- { s: "Android", r: /Android/ },
1282
- { s: "Open BSD", r: /OpenBSD/ },
1283
- { s: "Sun OS", r: /SunOS/ },
1284
- { s: "Chrome OS", r: /CrOS/ },
1285
- { s: "Linux", r: /(Linux|X11(?!.*CrOS))/ },
1286
- { s: "iOS", r: /(iPhone|iPad|iPod)/ },
1287
- { s: "Mac OS X", r: /Mac OS X/ },
1288
- { s: "Mac OS", r: /(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/ },
1289
- { s: "QNX", r: /QNX/ },
1290
- { s: "UNIX", r: /UNIX/ },
1291
- { s: "BeOS", r: /BeOS/ },
1292
- { s: "OS/2", r: /OS\/2/ },
1293
- {
1294
- s: "Search Bot",
1295
- r: /(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/
1296
- }
1297
- ];
1298
- for (const a in i) {
1299
- const c = i[a];
1300
- if (c.r.test(t)) {
1301
- o = c.s;
1302
- break;
1303
- }
1304
- }
1305
- let r = s;
1306
- switch (/Windows/.test(o) && (r = /Windows (.*)/.exec(o)[1], o = "Windows"), o) {
1307
- case "Mac OS":
1308
- case "Mac OS X":
1309
- case "Android":
1310
- r = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];
1311
- break;
1312
- case "iOS": {
1313
- const a = /OS (\d+)_(\d+)_?(\d+)?/.exec(n);
1314
- a != null && a.length > 2 && (r = a[1] + "." + a[2] + "." + (parseInt(a[3]) | 0));
1315
- break;
1316
- }
1317
- }
1318
- return {
1319
- os: o,
1320
- osVersion: r
1321
- };
785
+ var W = (e, t, n = null, r = null) => {
786
+ let i = e.configuration.refresh_time_before_tokens_expiration_in_second;
787
+ return e.timeoutId && y.clearTimeout(e.timeoutId), y.setTimeout(async () => {
788
+ let a = { timeLeft: h(i, t) };
789
+ e.publishEvent($.eventNames.token_timer, a), await Oe(e, !1, n, r);
790
+ }, 1e3);
791
+ }, G = {
792
+ FORCE_REFRESH: "FORCE_REFRESH",
793
+ SESSION_LOST: "SESSION_LOST",
794
+ NOT_CONNECTED: "NOT_CONNECTED",
795
+ TOKENS_VALID: "TOKENS_VALID",
796
+ TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",
797
+ TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
798
+ LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
799
+ REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS",
800
+ TOKENS_INVALID: "TOKENS_INVALID"
801
+ }, K = (e) => async (t, n, r, i = !1) => {
802
+ let o = { nonce: null };
803
+ if (!r) return {
804
+ tokens: null,
805
+ status: G.NOT_CONNECTED,
806
+ nonce: o
807
+ };
808
+ let s, c = await e.initAsync(t.authority, t.authority_configuration), l = await P(t, n);
809
+ if (l) {
810
+ let { status: e, tokens: n } = await l.initAsync(c, "syncTokensAsync", t);
811
+ if (e === "LOGGED_OUT") return {
812
+ tokens: null,
813
+ status: G.LOGOUT_FROM_ANOTHER_TAB,
814
+ nonce: o
815
+ };
816
+ if (e === "SESSIONS_LOST") return {
817
+ tokens: null,
818
+ status: G.SESSION_LOST,
819
+ nonce: o
820
+ };
821
+ if (!e || !n) return {
822
+ tokens: null,
823
+ status: G.REQUIRE_SYNC_TOKENS,
824
+ nonce: o
825
+ };
826
+ if (n.issuedAt !== r.issuedAt) return {
827
+ tokens: n,
828
+ status: h(t.refresh_time_before_tokens_expiration_in_second, n.expiresAt) > 0 ? G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
829
+ nonce: await l.getNonceAsync()
830
+ };
831
+ s = await l.getNonceAsync();
832
+ } else {
833
+ let i = a(n, t.storage ?? sessionStorage, t.login_state_storage ?? t.storage ?? sessionStorage), c = await i.initAsync(), { tokens: l } = c, { status: u } = c;
834
+ if (l &&= p(l, e.tokens, t.token_renew_mode), !l) return {
835
+ tokens: null,
836
+ status: G.LOGOUT_FROM_ANOTHER_TAB,
837
+ nonce: o
838
+ };
839
+ if (u === "SESSIONS_LOST") return {
840
+ tokens: null,
841
+ status: G.SESSION_LOST,
842
+ nonce: o
843
+ };
844
+ if (l.issuedAt !== r.issuedAt) {
845
+ let e = h(t.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, n = await i.getNonceAsync();
846
+ return {
847
+ tokens: l,
848
+ status: e,
849
+ nonce: n
850
+ };
851
+ }
852
+ s = await i.getNonceAsync();
853
+ }
854
+ let u = h(t.refresh_time_before_tokens_expiration_in_second, r.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
855
+ return i ? {
856
+ tokens: r,
857
+ status: "FORCE_REFRESH",
858
+ nonce: s
859
+ } : {
860
+ tokens: r,
861
+ status: u,
862
+ nonce: s
863
+ };
864
+ }, q = (e) => async (t, n = 0, r = 0, s = !1, c = null, l = null) => {
865
+ if (!navigator.onLine && document.hidden) return {
866
+ tokens: e.tokens,
867
+ status: "GIVE_UP"
868
+ };
869
+ let u = 6, d = s ? 2 : 5;
870
+ for (; !navigator.onLine && u > 0;) await C({ milliseconds: 1e3 }), u--, e.publishEvent(i.refreshTokensAsync, { message: `wait because navigator is offline try ${u}` });
871
+ let f = document.hidden, p = f ? n : n + 1, m = f ? r + 1 : r;
872
+ if (n >= d || r >= 5) return t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token" }), {
873
+ tokens: null,
874
+ status: "SESSION_LOST"
875
+ };
876
+ c ||= {};
877
+ let h = e.configuration, g = (t, n = null, r = null) => J(e.configurationName, e.configuration, e.publishEvent.bind(e))(t, n, r), _ = async () => {
878
+ try {
879
+ let n, r = await P(h, e.configurationName);
880
+ n = r ? r.getLoginParams() : a(e.configurationName, h.storage, h.login_state_storage ?? h.storage).getLoginParams();
881
+ let o = {};
882
+ if (n && n.extras) for (let [e, t] of Object.entries(n.extras)) t != null && (o[e] = t);
883
+ if (c) for (let [e, t] of Object.entries(c)) t != null && (o[e] = t);
884
+ o.prompt = "none", l && (o.scope = l);
885
+ let s = await g(o);
886
+ return s ? s.error ? (t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token silent" }), {
887
+ tokens: null,
888
+ status: "SESSION_LOST"
889
+ }) : (t(s.tokens), e.publishEvent($.eventNames.token_renewed, {}), {
890
+ tokens: s.tokens,
891
+ status: "LOGGED"
892
+ }) : (t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token silent not active" }), {
893
+ tokens: null,
894
+ status: "SESSION_LOST"
895
+ });
896
+ } catch (n) {
897
+ return console.error(n), e.publishEvent(i.refreshTokensAsync_silent_error, {
898
+ message: "exceptionSilent",
899
+ exception: n.message
900
+ }), await q(e)(t, p, m, s, c, l);
901
+ }
902
+ };
903
+ try {
904
+ let { status: u, tokens: d, nonce: f } = await K(e)(h, e.configurationName, e.tokens, s);
905
+ switch (u) {
906
+ case G.SESSION_LOST: return t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token session lost" }), {
907
+ tokens: null,
908
+ status: "SESSION_LOST"
909
+ };
910
+ case G.NOT_CONNECTED: return t(null), {
911
+ tokens: null,
912
+ status: null
913
+ };
914
+ case G.TOKENS_VALID: return t(d), {
915
+ tokens: d,
916
+ status: "LOGGED_IN"
917
+ };
918
+ case G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: return t(d), e.publishEvent($.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), {
919
+ tokens: d,
920
+ status: "LOGGED_IN"
921
+ };
922
+ case G.LOGOUT_FROM_ANOTHER_TAB: return t(null), e.publishEvent(i.logout_from_another_tab, { status: "session syncTokensAsync" }), {
923
+ tokens: null,
924
+ status: "LOGGED_OUT"
925
+ };
926
+ case G.REQUIRE_SYNC_TOKENS: return h.token_automatic_renew_mode == o.AutomaticOnlyWhenFetchExecuted && !s ? (e.publishEvent(i.tokensInvalidAndWaitingActionsToRefresh, {}), {
927
+ tokens: e.tokens,
928
+ status: "GIVE_UP"
929
+ }) : (e.publishEvent(i.refreshTokensAsync_begin, { tryNumber: n }), await _());
930
+ default: {
931
+ if (h.token_automatic_renew_mode == o.AutomaticOnlyWhenFetchExecuted && G.FORCE_REFRESH !== u) return e.publishEvent(i.tokensInvalidAndWaitingActionsToRefresh, {}), {
932
+ tokens: e.tokens,
933
+ status: "GIVE_UP"
934
+ };
935
+ if (e.publishEvent(i.refreshTokensAsync_begin, {
936
+ refreshToken: d.refreshToken,
937
+ status: u,
938
+ tryNumber: n,
939
+ backgroundTry: r
940
+ }), !d.refreshToken) return await _();
941
+ let g = h.client_id, y = h.redirect_uri, b = h.authority, x = { ...h.token_request_extras ? h.token_request_extras : {} };
942
+ for (let [e, t] of Object.entries(c)) e.endsWith(":token_request") && (x[e.replace(":token_request", "")] = t);
943
+ return await (async () => {
944
+ let n = {
945
+ client_id: g,
946
+ redirect_uri: y,
947
+ grant_type: "refresh_token",
948
+ refresh_token: d.refreshToken
949
+ }, r = await e.initAsync(b, h.authority_configuration), o = document.hidden ? 1e4 : 3e4 * 10, u = r.tokenEndpoint, _ = {};
950
+ h.demonstrating_proof_of_possession && (_.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(d.accessToken, u, "POST"));
951
+ let S = await we(e.getFetch())(u, n, x, d, _, h.token_renew_mode, o);
952
+ if (S.success) {
953
+ let { isValid: n, reason: o } = v(S.data, f.nonce, r);
954
+ if (!n) return t(null), e.publishEvent(i.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${o}` }), {
955
+ tokens: null,
956
+ status: "SESSION_LOST"
957
+ };
958
+ if (t(S.data), S.demonstratingProofOfPossessionNonce) {
959
+ let t = await P(h, e.configurationName);
960
+ t ? await t.setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce) : await a(e.configurationName, h.storage, h.login_state_storage ?? h.storage).setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce);
961
+ }
962
+ return e.publishEvent(i.refreshTokensAsync_end, { success: S.success }), e.publishEvent($.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), {
963
+ tokens: S.data,
964
+ status: "LOGGED_IN"
965
+ };
966
+ } else return e.publishEvent(i.refreshTokensAsync_silent_error, {
967
+ message: "bad request",
968
+ tokenResponse: S
969
+ }), S.status >= 400 && S.status < 500 ? (t(null), e.publishEvent(i.refreshTokensAsync_error, { message: `session lost: ${S.status}` }), {
970
+ tokens: null,
971
+ status: "SESSION_LOST"
972
+ }) : await q(e)(t, p, m, s, c, l);
973
+ })();
974
+ }
975
+ }
976
+ } catch (n) {
977
+ return console.error(n), e.publishEvent(i.refreshTokensAsync_silent_error, {
978
+ message: "exception",
979
+ exception: n.message
980
+ }), new Promise((n, r) => {
981
+ setTimeout(() => {
982
+ q(e)(t, p, m, s, c, l).then(n).catch(r);
983
+ }, 1e3);
984
+ });
985
+ }
986
+ }, J = (e, t, n) => (r = null, a = null, o = null) => {
987
+ if (!t.silent_redirect_uri || !t.silent_login_uri) return Promise.resolve(null);
988
+ try {
989
+ n(i.silentLoginAsync_begin, {});
990
+ let s = "";
991
+ if (a && (r ??= {}, r.state = a), o != null && (r ??= {}, r.scope = o), r != null) for (let [e, t] of Object.entries(r)) t != null && (s === "" ? s = `?${encodeURIComponent(e)}=${encodeURIComponent(t)}` : s += `&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);
992
+ let c = t.silent_login_uri + s, l = c.indexOf("/", c.indexOf("//") + 2), u = c.substring(0, l), d = document.createElement("iframe");
993
+ return d.width = "0px", d.height = "0px", d.id = `${e}_oidc_iframe`, d.setAttribute("src", c), d.style.display = "none", document.body.appendChild(d), new Promise((r, a) => {
994
+ let o = !1, s = () => {
995
+ window.removeEventListener("message", c), d.remove(), o = !0;
996
+ }, c = (t) => {
997
+ if (t.origin === u && t.source === d.contentWindow) {
998
+ let c = `${e}_oidc_tokens:`, l = `${e}_oidc_error:`, u = `${e}_oidc_exception:`, d = t.data;
999
+ if (d && typeof d == "string" && !o) {
1000
+ if (d.startsWith(c)) {
1001
+ let e = JSON.parse(t.data.replace(c, ""));
1002
+ n(i.silentLoginAsync_end, {}), r(e), s();
1003
+ } else if (d.startsWith(l)) {
1004
+ let e = JSON.parse(t.data.replace(l, ""));
1005
+ n(i.silentLoginAsync_error, e), r({
1006
+ error: "oidc_" + e.error,
1007
+ tokens: null,
1008
+ sessionState: null
1009
+ }), s();
1010
+ } else if (d.startsWith(u)) {
1011
+ let e = JSON.parse(t.data.replace(u, ""));
1012
+ n(i.silentLoginAsync_error, e), a(Error(e.error)), s();
1013
+ }
1014
+ }
1015
+ }
1016
+ };
1017
+ try {
1018
+ window.addEventListener("message", c);
1019
+ let e = t.silent_login_timeout;
1020
+ setTimeout(() => {
1021
+ o || (s(), n(i.silentLoginAsync_error, { reason: "timeout" }), a(/* @__PURE__ */ Error("timeout")));
1022
+ }, e);
1023
+ } catch (e) {
1024
+ s(), n(i.silentLoginAsync_error, e), a(e);
1025
+ }
1026
+ });
1027
+ } catch (e) {
1028
+ throw n(i.silentLoginAsync_error, e), e;
1029
+ }
1030
+ }, ke = (e, t, n, r, a) => (e = null, o = void 0) => {
1031
+ e = { ...e };
1032
+ let s = (e, i, o) => J(t, n, r.bind(a))(e, i, o);
1033
+ return (async () => {
1034
+ a.timeoutId && y.clearTimeout(a.timeoutId);
1035
+ let t;
1036
+ e && "state" in e && (t = e.state, delete e.state);
1037
+ try {
1038
+ let c = await s({
1039
+ ...n.extras ? {
1040
+ ...n.extras,
1041
+ ...e
1042
+ } : e,
1043
+ prompt: "none"
1044
+ }, t, o);
1045
+ if (c) return a.tokens = c.tokens, r(i.token_acquired, {}), a.timeoutId = W(a, a.tokens.expiresAt, e, o), {};
1046
+ } catch (e) {
1047
+ return e;
1048
+ }
1049
+ })();
1050
+ }, Ae = (e, t, n) => (i, a, o, s = !1) => {
1051
+ let c = (t, r = void 0, i = void 0) => J(e.configurationName, n, e.publishEvent.bind(e))(t, r, i);
1052
+ return new Promise((l, u) => {
1053
+ n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && i && o && !s ? (e.checkSessionIFrame = new r(() => {
1054
+ e.checkSessionIFrame.stop();
1055
+ let r = e.tokens;
1056
+ if (r === null) return;
1057
+ let i = r.idToken, a = r.idTokenPayload;
1058
+ return c({
1059
+ prompt: "none",
1060
+ id_token_hint: i,
1061
+ scope: n.scope || "openid"
1062
+ }).then((t) => {
1063
+ if (t.error) throw Error(t.error);
1064
+ let n = t.tokens.idTokenPayload;
1065
+ if (a.sub === n.sub) {
1066
+ let r = t.sessionState;
1067
+ e.checkSessionIFrame.start(t.sessionState), a.sid === n.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", r) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", r);
1068
+ } else console.debug("SessionMonitor._callback: Different subject signed into OP:", n.sub);
1069
+ }).catch(async (e) => {
1070
+ console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", e);
1071
+ for (let [, e] of Object.entries(t)) await e.logoutOtherTabAsync(n.client_id, a.sub);
1072
+ });
1073
+ }, a, i), e.checkSessionIFrame.load().then(() => {
1074
+ e.checkSessionIFrame.start(o), l(e.checkSessionIFrame);
1075
+ }).catch((e) => {
1076
+ u(e);
1077
+ })) : l(null);
1078
+ });
1079
+ }, je = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), Me = (e) => {
1080
+ let t = e.appVersion, n = e.userAgent, r = "-", i = [
1081
+ {
1082
+ s: "Windows 10",
1083
+ r: /(Windows 10.0|Windows NT 10.0)/
1084
+ },
1085
+ {
1086
+ s: "Windows 8.1",
1087
+ r: /(Windows 8.1|Windows NT 6.3)/
1088
+ },
1089
+ {
1090
+ s: "Windows 8",
1091
+ r: /(Windows 8|Windows NT 6.2)/
1092
+ },
1093
+ {
1094
+ s: "Windows 7",
1095
+ r: /(Windows 7|Windows NT 6.1)/
1096
+ },
1097
+ {
1098
+ s: "Windows Vista",
1099
+ r: /Windows NT 6.0/
1100
+ },
1101
+ {
1102
+ s: "Windows Server 2003",
1103
+ r: /Windows NT 5.2/
1104
+ },
1105
+ {
1106
+ s: "Windows XP",
1107
+ r: /(Windows NT 5.1|Windows XP)/
1108
+ },
1109
+ {
1110
+ s: "Windows 2000",
1111
+ r: /(Windows NT 5.0|Windows 2000)/
1112
+ },
1113
+ {
1114
+ s: "Windows ME",
1115
+ r: /(Win 9x 4.90|Windows ME)/
1116
+ },
1117
+ {
1118
+ s: "Windows 98",
1119
+ r: /(Windows 98|Win98)/
1120
+ },
1121
+ {
1122
+ s: "Windows 95",
1123
+ r: /(Windows 95|Win95|Windows_95)/
1124
+ },
1125
+ {
1126
+ s: "Windows NT 4.0",
1127
+ r: /(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/
1128
+ },
1129
+ {
1130
+ s: "Windows CE",
1131
+ r: /Windows CE/
1132
+ },
1133
+ {
1134
+ s: "Windows 3.11",
1135
+ r: /Win16/
1136
+ },
1137
+ {
1138
+ s: "Android",
1139
+ r: /Android/
1140
+ },
1141
+ {
1142
+ s: "Open BSD",
1143
+ r: /OpenBSD/
1144
+ },
1145
+ {
1146
+ s: "Sun OS",
1147
+ r: /SunOS/
1148
+ },
1149
+ {
1150
+ s: "Chrome OS",
1151
+ r: /CrOS/
1152
+ },
1153
+ {
1154
+ s: "Linux",
1155
+ r: /(Linux|X11(?!.*CrOS))/
1156
+ },
1157
+ {
1158
+ s: "iOS",
1159
+ r: /(iPhone|iPad|iPod)/
1160
+ },
1161
+ {
1162
+ s: "Mac OS X",
1163
+ r: /Mac OS X/
1164
+ },
1165
+ {
1166
+ s: "Mac OS",
1167
+ r: /(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/
1168
+ },
1169
+ {
1170
+ s: "QNX",
1171
+ r: /QNX/
1172
+ },
1173
+ {
1174
+ s: "UNIX",
1175
+ r: /UNIX/
1176
+ },
1177
+ {
1178
+ s: "BeOS",
1179
+ r: /BeOS/
1180
+ },
1181
+ {
1182
+ s: "OS/2",
1183
+ r: /OS\/2/
1184
+ },
1185
+ {
1186
+ s: "Search Bot",
1187
+ r: /(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/
1188
+ }
1189
+ ];
1190
+ for (let e in i) {
1191
+ let t = i[e];
1192
+ if (t.r.test(n)) {
1193
+ r = t.s;
1194
+ break;
1195
+ }
1196
+ }
1197
+ let a = "-";
1198
+ switch (/Windows/.test(r) && (a = /Windows (.*)/.exec(r)[1], r = "Windows"), r) {
1199
+ case "Mac OS":
1200
+ case "Mac OS X":
1201
+ case "Android":
1202
+ a = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];
1203
+ break;
1204
+ case "iOS": {
1205
+ let e = /OS (\d+)_(\d+)_?(\d+)?/.exec(t);
1206
+ e != null && e.length > 2 && (a = e[1] + "." + e[2] + "." + (parseInt(e[3]) | 0));
1207
+ break;
1208
+ }
1209
+ }
1210
+ return {
1211
+ os: r,
1212
+ osVersion: a
1213
+ };
1322
1214
  };
1323
- function vn() {
1324
- const e = navigator.userAgent;
1325
- let n, t = e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
1326
- if (/trident/i.test(t[1]))
1327
- return n = /\brv[ :]+(\d+)/g.exec(e) || [], { name: "ie", version: n[1] || "" };
1328
- if (t[1] === "Chrome" && (n = e.match(/\bOPR|Edge\/(\d+)/), n != null)) {
1329
- let s = n[1];
1330
- if (!s) {
1331
- const o = e.split(n[0] + "/");
1332
- o.length > 1 && (s = o[1]);
1333
- }
1334
- return { name: "opera", version: s };
1335
- }
1336
- return t = t[2] ? [t[1], t[2]] : [navigator.appName, navigator.appVersion, "-?"], (n = e.match(/version\/(\d+)/i)) != null && t.splice(1, 1, n[1]), {
1337
- name: t[0].toLowerCase(),
1338
- version: t[1]
1339
- };
1215
+ function Ne() {
1216
+ let e = navigator.userAgent, t, n = e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
1217
+ if (/trident/i.test(n[1])) return t = /\brv[ :]+(\d+)/g.exec(e) || [], {
1218
+ name: "ie",
1219
+ version: t[1] || ""
1220
+ };
1221
+ if (n[1] === "Chrome" && (t = e.match(/\bOPR|Edge\/(\d+)/), t != null)) {
1222
+ let n = t[1];
1223
+ if (!n) {
1224
+ let r = e.split(t[0] + "/");
1225
+ r.length > 1 && (n = r[1]);
1226
+ }
1227
+ return {
1228
+ name: "opera",
1229
+ version: n
1230
+ };
1231
+ }
1232
+ return n = n[2] ? [n[1], n[2]] : [
1233
+ navigator.appName,
1234
+ navigator.appVersion,
1235
+ "-?"
1236
+ ], (t = e.match(/version\/(\d+)/i)) != null && n.splice(1, 1, t[1]), {
1237
+ name: n[0].toLowerCase(),
1238
+ version: n[1]
1239
+ };
1340
1240
  }
1341
- const En = () => {
1342
- const { name: e, version: n } = vn();
1343
- if (e === "chrome" && parseInt(n) <= 70 || e === "opera" && (!n || parseInt(n.split(".")[0]) < 80) || e === "ie")
1344
- return !1;
1345
- const t = Tn(navigator);
1346
- return !Sn(t);
1347
- }, On = async (e) => {
1348
- let n;
1349
- if (e.tokens != null)
1350
- return !1;
1351
- e.publishEvent(k.tryKeepExistingSessionAsync_begin, {});
1352
- try {
1353
- const t = e.configuration, s = await e.initAsync(
1354
- t.authority,
1355
- t.authority_configuration
1356
- );
1357
- if (n = await W(t, e.configurationName), n) {
1358
- const { tokens: o } = await n.initAsync(
1359
- s,
1360
- "tryKeepExistingSessionAsync",
1361
- t
1362
- );
1363
- if (o) {
1364
- n.startKeepAliveServiceWorker(), e.tokens = o;
1365
- const i = n.getLoginParams(e.configurationName);
1366
- e.timeoutId = X(
1367
- e,
1368
- e.tokens.expiresAt,
1369
- i.extras,
1370
- i.scope
1371
- );
1372
- const r = await n.getSessionStateAsync();
1373
- return await e.startCheckSessionAsync(
1374
- s.checkSessionIframe,
1375
- t.client_id,
1376
- r
1377
- ), t.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
1378
- success: !0,
1379
- message: "tokens inside ServiceWorker are valid"
1380
- }), !0;
1381
- }
1382
- e.publishEvent(k.tryKeepExistingSessionAsync_end, {
1383
- success: !1,
1384
- message: "no exiting session found"
1385
- });
1386
- } else {
1387
- t.service_worker_relative_url && e.publishEvent(k.service_worker_not_supported_by_browser, {
1388
- message: "service worker is not supported by this browser"
1389
- });
1390
- const o = x(
1391
- e.configurationName,
1392
- t.storage ?? sessionStorage,
1393
- t.login_state_storage ?? t.storage ?? sessionStorage
1394
- ), { tokens: i } = await o.initAsync();
1395
- if (i) {
1396
- e.tokens = de(i, null, t.token_renew_mode);
1397
- const r = o.getLoginParams();
1398
- e.timeoutId = X(
1399
- e,
1400
- e.tokens.expiresAt,
1401
- r.extras,
1402
- r.scope
1403
- );
1404
- const a = await o.getSessionStateAsync();
1405
- return await e.startCheckSessionAsync(
1406
- s.checkSessionIframe,
1407
- t.client_id,
1408
- a
1409
- ), t.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
1410
- success: !0,
1411
- message: "tokens inside storage are valid"
1412
- }), !0;
1413
- }
1414
- }
1415
- return e.publishEvent(k.tryKeepExistingSessionAsync_end, {
1416
- success: !1,
1417
- message: n ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
1418
- }), !1;
1419
- } catch (t) {
1420
- return console.error(t), n && await n.clearAsync(), e.publishEvent(
1421
- k.tryKeepExistingSessionAsync_error,
1422
- "tokens inside ServiceWorker are invalid"
1423
- ), !1;
1424
- }
1425
- }, Ue = (e) => {
1426
- const n = e.match(
1427
- // eslint-disable-next-line no-useless-escape
1428
- /^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
1429
- );
1430
- if (!n)
1431
- throw new Error("Invalid URL");
1432
- let t = n[6], s = n[7];
1433
- if (s) {
1434
- const o = s.split("?");
1435
- o.length === 2 && (s = o[0], t = o[1]);
1436
- }
1437
- return t.startsWith("?") && (t = t.slice(1)), n && {
1438
- href: e,
1439
- protocol: n[1],
1440
- host: n[2],
1441
- hostname: n[3],
1442
- port: n[4],
1443
- path: n[5],
1444
- search: t,
1445
- hash: s
1446
- };
1447
- }, Kn = (e) => {
1448
- const n = Ue(e);
1449
- let { path: t } = n;
1450
- t.endsWith("/") && (t = t.slice(0, -1));
1451
- let { hash: s } = n;
1452
- return s === "#_=_" && (s = ""), s && (t += s), t;
1453
- }, _e = (e) => {
1454
- const n = Ue(e), { search: t } = n;
1455
- return bn(t);
1456
- }, bn = (e) => {
1457
- const n = {};
1458
- let t, s, o;
1459
- const i = e.split("&");
1460
- for (s = 0, o = i.length; s < o; s++)
1461
- t = i[s].split("="), n[decodeURIComponent(t[0])] = decodeURIComponent(t[1]);
1462
- return n;
1463
- }, Pn = (e, n, t, s, o) => (i = void 0, r = null, a = !1, c = void 0) => {
1464
- const f = r;
1465
- return r = { ...r }, (async () => {
1466
- const l = i || o.getPath();
1467
- if ("state" in r || (r.state = le(16)), t(k.loginAsync_begin, {}), r)
1468
- for (const h of Object.keys(r))
1469
- h.endsWith(":token_request") && delete r[h];
1470
- try {
1471
- const h = a ? n.silent_redirect_uri : n.redirect_uri;
1472
- c || (c = n.scope);
1473
- const _ = n.extras ? { ...n.extras, ...r } : r;
1474
- _.nonce || (_.nonce = le(12));
1475
- const m = { nonce: _.nonce }, p = await W(n, e), g = await s(
1476
- n.authority,
1477
- n.authority_configuration
1478
- );
1479
- let y;
1480
- if (p)
1481
- p.setLoginParams({ callbackPath: l, extras: f, scope: c }), await p.initAsync(g, "loginAsync", n), await p.setNonceAsync(m), p.startKeepAliveServiceWorker(), y = p;
1482
- else {
1483
- const T = x(
1484
- e,
1485
- n.storage ?? sessionStorage,
1486
- n.login_state_storage ?? n.storage ?? sessionStorage
1487
- );
1488
- T.setLoginParams({ callbackPath: l, extras: f, scope: c }), await T.setNonceAsync(m), y = T;
1489
- }
1490
- const A = {
1491
- client_id: n.client_id,
1492
- redirect_uri: h,
1493
- scope: c,
1494
- response_type: "code",
1495
- ..._
1496
- };
1497
- await mn(y, o)(
1498
- g.authorizationEndpoint,
1499
- A
1500
- );
1501
- } catch (h) {
1502
- throw t(k.loginAsync_error, h), h;
1503
- }
1504
- })();
1505
- }, In = (e) => async (n = !1) => {
1506
- try {
1507
- e.publishEvent(k.loginCallbackAsync_begin, {});
1508
- const t = e.configuration, s = t.client_id, o = n ? t.silent_redirect_uri : t.redirect_uri, i = t.authority, r = t.token_request_timeout, a = await e.initAsync(
1509
- i,
1510
- t.authority_configuration
1511
- ), c = e.location.getCurrentHref(), f = _e(c), u = f.session_state, l = await W(t, e.configurationName);
1512
- let h, _, m, p;
1513
- if (l)
1514
- await l.initAsync(a, "loginCallbackAsync", t), await l.setSessionStateAsync(u), _ = await l.getNonceAsync(), m = l.getLoginParams(), p = await l.getStateAsync(), l.startKeepAliveServiceWorker(), h = l;
1515
- else {
1516
- const E = x(
1517
- e.configurationName,
1518
- t.storage ?? sessionStorage,
1519
- t.login_state_storage ?? t.storage ?? sessionStorage
1520
- );
1521
- await E.setSessionStateAsync(u), _ = await E.getNonceAsync(), m = E.getLoginParams(), p = await E.getStateAsync(), h = E;
1522
- }
1523
- if (f.error || f.error_description)
1524
- throw new Error(
1525
- `Error from OIDC server: ${f.error} - ${f.error_description}`
1526
- );
1527
- if (f.iss && f.iss !== a.issuer)
1528
- throw console.error(), new Error(
1529
- `Issuer not valid (expected: ${a.issuer}, received: ${f.iss})`
1530
- );
1531
- if (f.state && f.state !== p)
1532
- throw new Error(`State not valid (expected: ${p}, received: ${f.state})`);
1533
- const g = {
1534
- code: f.code,
1535
- grant_type: "authorization_code",
1536
- client_id: t.client_id,
1537
- redirect_uri: o
1538
- }, y = {};
1539
- if (t.token_request_extras)
1540
- for (const [E, d] of Object.entries(t.token_request_extras))
1541
- y[E] = d;
1542
- if (m?.extras)
1543
- for (const [E, d] of Object.entries(m.extras))
1544
- E.endsWith(":token_request") && (y[E.replace(":token_request", "")] = d);
1545
- const A = a.tokenEndpoint, T = {};
1546
- if (t.demonstrating_proof_of_possession)
1547
- if (l)
1548
- T.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
1549
- else {
1550
- const E = await un(window)(
1551
- t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
1552
- );
1553
- await x(
1554
- e.configurationName,
1555
- t.storage,
1556
- t.login_state_storage ?? t.storage
1557
- ).setDemonstratingProofOfPossessionJwkAsync(E), T.DPoP = await De(window)(
1558
- t.demonstrating_proof_of_possession_configuration
1559
- )(E, "POST", A);
1560
- }
1561
- const O = await wn(h)(
1562
- A,
1563
- { ...g, ...y },
1564
- T,
1565
- e.configuration.token_renew_mode,
1566
- r
1567
- );
1568
- if (!O.success)
1569
- throw new Error("Token request failed");
1570
- let v;
1571
- const C = O.data.tokens, w = O.data.demonstratingProofOfPossessionNonce;
1572
- if (O.data.state !== y.state)
1573
- throw new Error("state is not valid");
1574
- const { isValid: H, reason: $ } = Ne(
1575
- C,
1576
- _.nonce,
1577
- a
1578
- );
1579
- if (!H)
1580
- throw new Error(`Tokens are not OpenID valid, reason: ${$}`);
1581
- if (l) {
1582
- if (C.refreshToken && !C.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
1583
- throw new Error("Refresh token should be hidden by service worker");
1584
- if (w && C?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
1585
- throw new Error(
1586
- "Demonstration of proof of possession require Access token not hidden by service worker"
1587
- );
1588
- }
1589
- if (l)
1590
- await l.initAsync(a, "syncTokensAsync", t), v = l.getLoginParams(), w && await l.setDemonstratingProofOfPossessionNonce(
1591
- w
1592
- );
1593
- else {
1594
- const E = x(
1595
- e.configurationName,
1596
- t.storage,
1597
- t.login_state_storage ?? t.storage
1598
- );
1599
- v = E.getLoginParams(), w && await E.setDemonstratingProofOfPossessionNonce(w);
1600
- }
1601
- return await e.startCheckSessionAsync(
1602
- a.checkSessionIframe,
1603
- s,
1604
- u,
1605
- n
1606
- ), e.publishEvent(k.loginCallbackAsync_end, {}), {
1607
- tokens: C,
1608
- state: "request.state",
1609
- callbackPath: v.callbackPath,
1610
- scope: f.scope,
1611
- extras: v.extras
1612
- };
1613
- } catch (t) {
1614
- throw console.error(t), e.publishEvent(k.loginCallbackAsync_error, t), t;
1615
- }
1616
- }, Pe = {
1617
- access_token: "access_token",
1618
- refresh_token: "refresh_token"
1619
- }, ie = (e, n) => {
1620
- const t = {};
1621
- if (e) {
1622
- for (const [s, o] of Object.entries(e))
1623
- if (s.endsWith(n)) {
1624
- const i = s.replace(n, "");
1625
- t[i] = o;
1626
- }
1627
- return t;
1628
- }
1629
- return t;
1630
- }, Cn = (e) => {
1631
- const n = {};
1632
- if (e) {
1633
- for (const [t, s] of Object.entries(e))
1634
- t.includes(":") || (n[t] = s);
1635
- return n;
1636
- }
1637
- return n;
1638
- }, Nn = (e) => async (n) => {
1639
- R.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
1640
- const t = await W(e.configuration, e.configurationName);
1641
- t ? await t.clearAsync(n) : await x(
1642
- e.configurationName,
1643
- e.configuration.storage,
1644
- e.configuration.login_state_storage ?? e.configuration.storage
1645
- ).clearAsync(n), e.tokens = null, e.userInfo = null;
1646
- }, xn = (e, n, t, s, o) => async (i = void 0, r = null) => {
1647
- const a = e.configuration, c = await e.initAsync(
1648
- a.authority,
1649
- a.authority_configuration
1650
- );
1651
- i && typeof i != "string" && (i = void 0, s.warn("callbackPathOrUrl path is not a string"));
1652
- const f = i ?? o.getPath();
1653
- let u = !1;
1654
- i && (u = i.includes("https://") || i.includes("http://"));
1655
- const l = u ? i : o.getOrigin() + f, h = e.tokens ? e.tokens.idToken : "";
1656
- try {
1657
- const y = c.revocationEndpoint;
1658
- if (y) {
1659
- const A = [], T = e.tokens ? e.tokens.accessToken : null;
1660
- if (T && a.logout_tokens_to_invalidate.includes(Pe.access_token)) {
1661
- const v = ie(r, ":revoke_access_token"), C = Oe(t)(
1662
- y,
1663
- T,
1664
- ue.access_token,
1665
- a.client_id,
1666
- v
1667
- );
1668
- A.push(C);
1669
- }
1670
- const O = e.tokens ? e.tokens.refreshToken : null;
1671
- if (O && a.logout_tokens_to_invalidate.includes(Pe.refresh_token)) {
1672
- const v = ie(r, ":revoke_refresh_token"), C = Oe(t)(
1673
- y,
1674
- O,
1675
- ue.refresh_token,
1676
- a.client_id,
1677
- v
1678
- );
1679
- A.push(C);
1680
- }
1681
- A.length > 0 && await Promise.all(A);
1682
- }
1683
- } catch (y) {
1684
- s.warn(
1685
- "logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"
1686
- ), s.warn(y);
1687
- }
1688
- const _ = e.tokens?.idTokenPayload?.sub ?? null;
1689
- await e.destroyAsync("LOGGED_OUT");
1690
- for (const [, y] of Object.entries(n))
1691
- y !== e ? await e.logoutSameTabAsync(e.configuration.client_id, _) : e.publishEvent(k.logout_from_same_tab, {});
1692
- const m = ie(r, ":oidc");
1693
- if (m && m.no_reload === "true")
1694
- return;
1695
- const g = Cn(r);
1696
- if (c.endSessionEndpoint) {
1697
- "id_token_hint" in g || (g.id_token_hint = h), !("post_logout_redirect_uri" in g) && i !== null && (g.post_logout_redirect_uri = l);
1698
- let y = "";
1699
- for (const [A, T] of Object.entries(g))
1700
- T != null && (y === "" ? y += "?" : y += "&", y += `${A}=${encodeURIComponent(T)}`);
1701
- o.open(`${c.endSessionEndpoint}${y}`);
1702
- } else
1703
- o.reload();
1704
- }, Ve = (e, n, t = !1) => async (...s) => {
1705
- const [o, i, ...r] = s, a = i ? { ...i } : { method: "GET" };
1706
- let c = new Headers();
1707
- a.headers && (c = a.headers instanceof Headers ? a.headers : new Headers(a.headers));
1708
- const f = {
1709
- getTokens: () => n.tokens,
1710
- configuration: {
1711
- token_automatic_renew_mode: n.configuration.token_automatic_renew_mode,
1712
- refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
1713
- },
1714
- syncTokensInfoAsync: async () => {
1715
- const { status: _ } = await me(n)(
1716
- n.configuration,
1717
- n.configurationName,
1718
- n.tokens,
1719
- !1
1720
- );
1721
- return _;
1722
- },
1723
- renewTokensAsync: n.renewTokensAsync.bind(n)
1724
- }, l = (await Ce(f))?.tokens?.accessToken;
1725
- if (c.has("Accept") || c.set("Accept", "application/json"), l) {
1726
- if (n.configuration.demonstrating_proof_of_possession && t) {
1727
- const _ = await n.generateDemonstrationOfProofOfPossessionAsync(
1728
- l,
1729
- o.toString(),
1730
- a.method
1731
- );
1732
- c.set("Authorization", `DPoP ${l}`), c.set("DPoP", _);
1733
- } else
1734
- c.set("Authorization", `Bearer ${l}`);
1735
- a.credentials || (a.credentials = "same-origin");
1736
- }
1737
- const h = { ...a, headers: c };
1738
- return await e(o, h, ...r);
1739
- }, Wn = (e) => async (n = !1, t = !1) => {
1740
- if (e.userInfo != null && !n)
1741
- return e.userInfo;
1742
- const s = !n && e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);
1743
- if (s)
1744
- return e.userInfo = JSON.parse(s), e.userInfo;
1745
- const o = e.configuration, r = (await e.initAsync(
1746
- o.authority,
1747
- o.authority_configuration
1748
- )).userInfoEndpoint, c = await (async () => {
1749
- const u = await Ve(fetch, e, t)(r);
1750
- return u.status !== 200 ? null : u.json();
1751
- })();
1752
- return e.userInfo = c, c && e.configuration.storage?.setItem(
1753
- `oidc.${e.configurationName}.userInfo`,
1754
- JSON.stringify(c)
1755
- ), c;
1756
- }, Ln = () => fetch;
1757
- class fe {
1758
- constructor(n) {
1759
- this.authorizationEndpoint = n.authorization_endpoint, this.tokenEndpoint = n.token_endpoint, this.revocationEndpoint = n.revocation_endpoint, this.userInfoEndpoint = n.userinfo_endpoint, this.checkSessionIframe = n.check_session_iframe, this.issuer = n.issuer, this.endSessionEndpoint = n.end_session_endpoint;
1760
- }
1761
- }
1762
- const V = {}, Dn = (e, n = new ee()) => (t, s = "default") => (V[s] || (V[s] = new D(t, s, e, n)), V[s]), Rn = async (e) => {
1763
- const { parsedTokens: n, callbackPath: t, extras: s, scope: o } = await e.loginCallbackAsync();
1764
- return e.timeoutId = X(e, n.expiresAt, s, o), { callbackPath: t };
1765
- }, $n = (e) => Math.floor(Math.random() * e), j = class j {
1766
- constructor(n, t = "default", s, o = new ee()) {
1767
- this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
1768
- let i = n.silent_login_uri;
1769
- n.silent_redirect_uri && !n.silent_login_uri && (i = `${n.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
1770
- let r = n.refresh_time_before_tokens_expiration_in_second ?? 120;
1771
- r > 60 && (r = r - Math.floor(Math.random() * 40)), this.location = o ?? new ee(), this.configuration = {
1772
- ...n,
1773
- silent_login_uri: i,
1774
- token_automatic_renew_mode: n.token_automatic_renew_mode ?? q.AutomaticBeforeTokenExpiration,
1775
- monitor_session: n.monitor_session ?? !1,
1776
- refresh_time_before_tokens_expiration_in_second: r,
1777
- silent_login_timeout: n.silent_login_timeout ?? 12e3,
1778
- token_renew_mode: n.token_renew_mode ?? re.access_token_or_id_token_invalid,
1779
- demonstrating_proof_of_possession: n.demonstrating_proof_of_possession ?? !1,
1780
- authority_timeout_wellknowurl_in_millisecond: n.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
1781
- logout_tokens_to_invalidate: n.logout_tokens_to_invalidate ?? [
1782
- "access_token",
1783
- "refresh_token"
1784
- ],
1785
- service_worker_activate: n.service_worker_activate ?? En,
1786
- demonstrating_proof_of_possession_configuration: n.demonstrating_proof_of_possession_configuration ?? nn,
1787
- preload_user_info: n.preload_user_info ?? !1
1788
- }, this.getFetch = s ?? Ln, this.configurationName = t, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
1789
- }
1790
- subscribeEvents(n) {
1791
- const t = $n(9999999999999).toString();
1792
- return this.events.push({ id: t, func: n }), t;
1793
- }
1794
- removeEventSubscription(n) {
1795
- const t = this.events.filter((s) => s.id !== n);
1796
- this.events = t;
1797
- }
1798
- publishEvent(n, t) {
1799
- this.events.forEach((s) => {
1800
- s.func(n, t);
1801
- });
1802
- }
1803
- static get(n = "default") {
1804
- const t = typeof process > "u";
1805
- if (!Object.prototype.hasOwnProperty.call(V, n) && t)
1806
- throw Error(`OIDC library does seem initialized.
1807
- Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);
1808
- return V[n];
1809
- }
1810
- _silentLoginCallbackFromIFrame() {
1811
- if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
1812
- const n = this.location, t = _e(n.getCurrentHref());
1813
- window.parent.postMessage(
1814
- `${this.configurationName}_oidc_tokens:${JSON.stringify({ tokens: this.tokens, sessionState: t.session_state })}`,
1815
- n.getOrigin()
1816
- );
1817
- }
1818
- }
1819
- _silentLoginErrorCallbackFromIFrame(n = null) {
1820
- if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
1821
- const t = this.location, s = _e(t.getCurrentHref());
1822
- s.error ? window.parent.postMessage(
1823
- `${this.configurationName}_oidc_error:${JSON.stringify({ error: s.error })}`,
1824
- t.getOrigin()
1825
- ) : window.parent.postMessage(
1826
- `${this.configurationName}_oidc_exception:${JSON.stringify({ error: n == null ? "" : n.toString() })}`,
1827
- t.getOrigin()
1828
- );
1829
- }
1830
- }
1831
- async silentLoginCallbackAsync() {
1832
- try {
1833
- await this.loginCallbackAsync(!0), this._silentLoginCallbackFromIFrame();
1834
- } catch (n) {
1835
- console.error(n), this._silentLoginErrorCallbackFromIFrame(n);
1836
- }
1837
- }
1838
- async initAsync(n, t) {
1839
- if (this.initPromise !== null)
1840
- return this.initPromise;
1841
- const s = async () => {
1842
- if (t != null)
1843
- return new fe({
1844
- authorization_endpoint: t.authorization_endpoint,
1845
- end_session_endpoint: t.end_session_endpoint,
1846
- revocation_endpoint: t.revocation_endpoint,
1847
- token_endpoint: t.token_endpoint,
1848
- userinfo_endpoint: t.userinfo_endpoint,
1849
- check_session_iframe: t.check_session_iframe,
1850
- issuer: t.issuer
1851
- });
1852
- const i = await W(this.configuration, this.configurationName) ? this.configuration.storage || window.sessionStorage : this.configuration.storage;
1853
- return await yn(this.getFetch())(
1854
- n,
1855
- this.configuration.authority_time_cache_wellknowurl_in_second ?? 3600,
1856
- i,
1857
- this.configuration.authority_timeout_wellknowurl_in_millisecond
1858
- );
1859
- };
1860
- return this.initPromise = s(), this.initPromise.finally(() => {
1861
- this.initPromise = null;
1862
- });
1863
- }
1864
- async tryKeepExistingSessionAsync() {
1865
- return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise = On(this), this.tryKeepExistingSessionPromise.finally(() => {
1866
- this.tryKeepExistingSessionPromise = null;
1867
- }));
1868
- }
1869
- async startCheckSessionAsync(n, t, s, o = !1) {
1870
- await An(this, V, this.configuration)(
1871
- n,
1872
- t,
1873
- s,
1874
- o
1875
- );
1876
- }
1877
- async loginAsync(n = void 0, t = null, s = !1, o = void 0, i = !1) {
1878
- return this.logoutPromise && await this.logoutPromise, this.loginPromise !== null ? this.loginPromise : (i ? this.loginPromise = pn(
1879
- window,
1880
- this.configurationName,
1881
- this.configuration,
1882
- this.publishEvent.bind(this),
1883
- this
1884
- )(t, o) : this.loginPromise = Pn(
1885
- this.configurationName,
1886
- this.configuration,
1887
- this.publishEvent.bind(this),
1888
- this.initAsync.bind(this),
1889
- this.location
1890
- )(n, t, s, o), this.loginPromise.finally(() => {
1891
- this.loginPromise = null;
1892
- }));
1893
- }
1894
- async loginCallbackAsync(n = !1) {
1895
- if (this.loginCallbackPromise !== null)
1896
- return this.loginCallbackPromise;
1897
- const t = async () => {
1898
- const s = await In(this)(n), o = s.tokens;
1899
- return this.tokens = o, await W(this.configuration, this.configurationName) || x(
1900
- this.configurationName,
1901
- this.configuration.storage,
1902
- this.configuration.login_state_storage ?? this.configuration.storage
1903
- ).setTokens(o), this.publishEvent(j.eventNames.token_acquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), {
1904
- parsedTokens: o,
1905
- state: s.state,
1906
- callbackPath: s.callbackPath,
1907
- scope: s.scope,
1908
- extras: s.extras
1909
- };
1910
- };
1911
- return this.loginCallbackPromise = t(), this.loginCallbackPromise.finally(() => {
1912
- this.loginCallbackPromise = null;
1913
- });
1914
- }
1915
- async generateDemonstrationOfProofOfPossessionAsync(n, t, s, o = {}) {
1916
- const i = this.configuration, r = {
1917
- ath: await $e(n),
1918
- ...o
1919
- };
1920
- if (await W(i, this.configurationName))
1921
- return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${he(this.configurationName)}`;
1922
- const c = x(
1923
- this.configurationName,
1924
- i.storage,
1925
- i.login_state_storage ?? i.storage
1926
- ), f = await c.getDemonstratingProofOfPossessionJwkAsync(), u = c.getDemonstratingProofOfPossessionNonce();
1927
- return u && (r.nonce = u), await De(window)(
1928
- i.demonstrating_proof_of_possession_configuration
1929
- )(f, s, t, r);
1930
- }
1931
- loginCallbackWithAutoTokensRenewAsync() {
1932
- return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = Rn(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
1933
- this.loginCallbackWithAutoTokensRenewPromise = null;
1934
- }));
1935
- }
1936
- userInfoAsync(n = !1, t = !1) {
1937
- return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = Wn(this)(n, t), this.userInfoPromise.finally(() => {
1938
- this.userInfoPromise = null;
1939
- }));
1940
- }
1941
- async renewTokensAsync(n = null, t = null) {
1942
- if (this.renewTokensPromise !== null)
1943
- return this.renewTokensPromise;
1944
- if (this.timeoutId)
1945
- return R.clearTimeout(this.timeoutId), this.renewTokensPromise = Ke(this, !0, n, t), this.renewTokensPromise.finally(() => {
1946
- this.renewTokensPromise = null;
1947
- });
1948
- }
1949
- async destroyAsync(n) {
1950
- return await Nn(this)(n);
1951
- }
1952
- async logoutSameTabAsync(n, t) {
1953
- this.configuration.monitor_session && this.configuration.client_id === n && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(k.logout_from_same_tab, { mmessage: "SessionMonitor", sub: t }));
1954
- }
1955
- async logoutOtherTabAsync(n, t) {
1956
- this.configuration.monitor_session && this.configuration.client_id === n && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(k.logout_from_another_tab, { message: "SessionMonitor", sub: t }));
1957
- }
1958
- async logoutAsync(n = void 0, t = null) {
1959
- return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = xn(
1960
- this,
1961
- V,
1962
- this.getFetch(),
1963
- console,
1964
- this.location
1965
- )(n, t), this.logoutPromise.finally(() => {
1966
- this.logoutPromise = null;
1967
- }));
1968
- }
1969
- };
1970
- j.getOrCreate = (n, t) => (s, o = "default") => Dn(n, t)(s, o), j.eventNames = k;
1971
- let D = j;
1972
- const J = class J {
1973
- constructor(n) {
1974
- this._oidc = n;
1975
- }
1976
- subscribeEvents(n) {
1977
- return this._oidc.subscribeEvents(n);
1978
- }
1979
- removeEventSubscription(n) {
1980
- this._oidc.removeEventSubscription(n);
1981
- }
1982
- publishEvent(n, t) {
1983
- this._oidc.publishEvent(n, t);
1984
- }
1985
- static get(n = "default") {
1986
- return new J(D.get(n));
1987
- }
1988
- tryKeepExistingSessionAsync() {
1989
- return this._oidc.tryKeepExistingSessionAsync();
1990
- }
1991
- loginAsync(n = void 0, t = null, s = !1, o = void 0, i = !1) {
1992
- return this._oidc.loginAsync(n, t, s, o, i);
1993
- }
1994
- logoutAsync(n = void 0, t = null) {
1995
- return this._oidc.logoutAsync(n, t);
1996
- }
1997
- silentLoginCallbackAsync() {
1998
- return this._oidc.silentLoginCallbackAsync();
1999
- }
2000
- renewTokensAsync(n = null, t = null) {
2001
- return this._oidc.renewTokensAsync(n, t);
2002
- }
2003
- loginCallbackAsync() {
2004
- return this._oidc.loginCallbackWithAutoTokensRenewAsync();
2005
- }
2006
- get tokens() {
2007
- return this._oidc.tokens;
2008
- }
2009
- get configuration() {
2010
- return this._oidc.configuration;
2011
- }
2012
- async generateDemonstrationOfProofOfPossessionAsync(n, t, s, o = {}) {
2013
- return this._oidc.generateDemonstrationOfProofOfPossessionAsync(
2014
- n,
2015
- t,
2016
- s,
2017
- o
2018
- );
2019
- }
2020
- async getValidTokenAsync(n = 200, t = 50) {
2021
- const s = this._oidc, o = {
2022
- getTokens: () => s.tokens,
2023
- configuration: {
2024
- token_automatic_renew_mode: s.configuration.token_automatic_renew_mode,
2025
- refresh_time_before_tokens_expiration_in_second: s.configuration.refresh_time_before_tokens_expiration_in_second
2026
- },
2027
- syncTokensInfoAsync: async () => {
2028
- const { status: i } = await me(s)(
2029
- s.configuration,
2030
- s.configurationName,
2031
- s.tokens,
2032
- !1
2033
- );
2034
- return i;
2035
- },
2036
- renewTokensAsync: s.renewTokensAsync.bind(s)
2037
- };
2038
- return Ce(o, n, t);
2039
- }
2040
- fetchWithTokens(n, t = !1) {
2041
- return Ve(n, this._oidc, t);
2042
- }
2043
- async userInfoAsync(n = !1, t = !1) {
2044
- return this._oidc.userInfoAsync(n, t);
2045
- }
2046
- userInfo() {
2047
- return this._oidc.userInfo;
2048
- }
2049
- };
2050
- J.getOrCreate = (n, t = new ee()) => (s, o = "default") => new J(D.getOrCreate(n, t)(s, o)), J.eventNames = D.eventNames;
2051
- let Ie = J;
2052
- export {
2053
- Ie as OidcClient,
2054
- ee as OidcLocation,
2055
- q as TokenAutomaticRenewMode,
2056
- re as TokenRenewMode,
2057
- Ln as getFetchDefault,
2058
- _e as getParseQueryStringFromLocation,
2059
- Kn as getPath
1241
+ var Pe = () => {
1242
+ let { name: e, version: t } = Ne();
1243
+ return e === "chrome" && parseInt(t) <= 70 || e === "opera" && (!t || parseInt(t.split(".")[0]) < 80) || e === "ie" ? !1 : !je(Me(navigator));
1244
+ }, Fe = async (e) => {
1245
+ let t;
1246
+ if (e.tokens != null) return !1;
1247
+ e.publishEvent(i.tryKeepExistingSessionAsync_begin, {});
1248
+ try {
1249
+ let n = e.configuration, r = await e.initAsync(n.authority, n.authority_configuration);
1250
+ if (t = await P(n, e.configurationName), t) {
1251
+ let { tokens: a } = await t.initAsync(r, "tryKeepExistingSessionAsync", n);
1252
+ if (a) {
1253
+ t.startKeepAliveServiceWorker(), e.tokens = a;
1254
+ let o = t.getLoginParams(e.configurationName);
1255
+ e.timeoutId = W(e, e.tokens.expiresAt, o.extras, o.scope);
1256
+ let s = await t.getSessionStateAsync();
1257
+ return await e.startCheckSessionAsync(r.checkSessionIframe, n.client_id, s), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(i.tryKeepExistingSessionAsync_end, {
1258
+ success: !0,
1259
+ message: "tokens inside ServiceWorker are valid"
1260
+ }), !0;
1261
+ }
1262
+ e.publishEvent(i.tryKeepExistingSessionAsync_end, {
1263
+ success: !1,
1264
+ message: "no exiting session found"
1265
+ });
1266
+ } else {
1267
+ n.service_worker_relative_url && e.publishEvent(i.service_worker_not_supported_by_browser, { message: "service worker is not supported by this browser" });
1268
+ let t = a(e.configurationName, n.storage ?? sessionStorage, n.login_state_storage ?? n.storage ?? sessionStorage), { tokens: o } = await t.initAsync();
1269
+ if (o) {
1270
+ e.tokens = p(o, null, n.token_renew_mode);
1271
+ let a = t.getLoginParams();
1272
+ e.timeoutId = W(e, e.tokens.expiresAt, a.extras, a.scope);
1273
+ let s = await t.getSessionStateAsync();
1274
+ return await e.startCheckSessionAsync(r.checkSessionIframe, n.client_id, s), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(i.tryKeepExistingSessionAsync_end, {
1275
+ success: !0,
1276
+ message: "tokens inside storage are valid"
1277
+ }), !0;
1278
+ }
1279
+ }
1280
+ return e.publishEvent(i.tryKeepExistingSessionAsync_end, {
1281
+ success: !1,
1282
+ message: t ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
1283
+ }), !1;
1284
+ } catch (n) {
1285
+ return console.error(n), t && await t.clearAsync(), e.publishEvent(i.tryKeepExistingSessionAsync_error, "tokens inside ServiceWorker are invalid"), !1;
1286
+ }
1287
+ }, Ie = (e) => {
1288
+ let t = e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);
1289
+ if (!t) throw Error("Invalid URL");
1290
+ let n = t[6], r = t[7];
1291
+ if (r) {
1292
+ let e = r.split("?");
1293
+ e.length === 2 && (r = e[0], n = e[1]);
1294
+ }
1295
+ return n.startsWith("?") && (n = n.slice(1)), t && {
1296
+ href: e,
1297
+ protocol: t[1],
1298
+ host: t[2],
1299
+ hostname: t[3],
1300
+ port: t[4],
1301
+ path: t[5],
1302
+ search: n,
1303
+ hash: r
1304
+ };
1305
+ }, Le = (e) => {
1306
+ let t = Ie(e), { path: n } = t;
1307
+ n.endsWith("/") && (n = n.slice(0, -1));
1308
+ let { hash: r } = t;
1309
+ return r === "#_=_" && (r = ""), r && (n += r), n;
1310
+ }, Y = (e) => {
1311
+ let { search: t } = Ie(e);
1312
+ return Re(t);
1313
+ }, Re = (e) => {
1314
+ let t = {}, n, r, i, a = e.split("&");
1315
+ for (r = 0, i = a.length; r < i; r++) n = a[r].split("="), t[decodeURIComponent(n[0])] = decodeURIComponent(n[1]);
1316
+ return t;
1317
+ }, ze = (e, t, n, r, o) => (s = void 0, c = null, l = !1, u = void 0) => {
1318
+ let d = c;
1319
+ return c = { ...c }, (async () => {
1320
+ let f = s || o.getPath();
1321
+ if ("state" in c || (c.state = B(16)), n(i.loginAsync_begin, {}), c) for (let e of Object.keys(c)) e.endsWith(":token_request") && delete c[e];
1322
+ try {
1323
+ let n = l ? t.silent_redirect_uri : t.redirect_uri;
1324
+ u ||= t.scope;
1325
+ let i = t.extras ? {
1326
+ ...t.extras,
1327
+ ...c
1328
+ } : c;
1329
+ i.nonce ||= B(12);
1330
+ let s = { nonce: i.nonce }, p = await P(t, e), m = await r(t.authority, t.authority_configuration), h;
1331
+ if (p) p.setLoginParams({
1332
+ callbackPath: f,
1333
+ extras: d,
1334
+ scope: u
1335
+ }), await p.initAsync(m, "loginAsync", t), await p.setNonceAsync(s), p.startKeepAliveServiceWorker(), h = p;
1336
+ else {
1337
+ let n = a(e, t.storage ?? sessionStorage, t.login_state_storage ?? t.storage ?? sessionStorage);
1338
+ n.setLoginParams({
1339
+ callbackPath: f,
1340
+ extras: d,
1341
+ scope: u
1342
+ }), await n.setNonceAsync(s), h = n;
1343
+ }
1344
+ let g = {
1345
+ client_id: t.client_id,
1346
+ redirect_uri: n,
1347
+ scope: u,
1348
+ response_type: "code",
1349
+ ...i
1350
+ };
1351
+ await Te(h, o)(m.authorizationEndpoint, g);
1352
+ } catch (e) {
1353
+ throw n(i.loginAsync_error, e), e;
1354
+ }
1355
+ })();
1356
+ }, Be = (e) => async (t = !1) => {
1357
+ try {
1358
+ e.publishEvent(i.loginCallbackAsync_begin, {});
1359
+ let n = e.configuration, r = n.client_id, o = t ? n.silent_redirect_uri : n.redirect_uri, s = n.authority, c = n.token_request_timeout, l = await e.initAsync(s, n.authority_configuration), u = Y(e.location.getCurrentHref()), d = u.session_state, f = await P(n, e.configurationName), p, m, h, g;
1360
+ if (f) await f.initAsync(l, "loginCallbackAsync", n), await f.setSessionStateAsync(d), m = await f.getNonceAsync(), h = f.getLoginParams(), g = await f.getStateAsync(), f.startKeepAliveServiceWorker(), p = f;
1361
+ else {
1362
+ let t = a(e.configurationName, n.storage ?? sessionStorage, n.login_state_storage ?? n.storage ?? sessionStorage);
1363
+ await t.setSessionStateAsync(d), m = await t.getNonceAsync(), h = t.getLoginParams(), g = await t.getStateAsync(), p = t;
1364
+ }
1365
+ if (u.error || u.error_description) throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);
1366
+ if (u.iss && u.iss !== l.issuer) throw console.error(), Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);
1367
+ if (u.state && u.state !== g) throw Error(`State not valid (expected: ${g}, received: ${u.state})`);
1368
+ let _ = {
1369
+ code: u.code,
1370
+ grant_type: "authorization_code",
1371
+ client_id: n.client_id,
1372
+ redirect_uri: o
1373
+ }, y = {};
1374
+ if (n.token_request_extras) for (let [e, t] of Object.entries(n.token_request_extras)) y[e] = t;
1375
+ if (h?.extras) for (let [e, t] of Object.entries(h.extras)) e.endsWith(":token_request") && (y[e.replace(":token_request", "")] = t);
1376
+ let b = l.tokenEndpoint, x = {};
1377
+ if (n.demonstrating_proof_of_possession) if (f) x.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
1378
+ else {
1379
+ let t = await fe(window)(n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
1380
+ await a(e.configurationName, n.storage, n.login_state_storage ?? n.storage).setDemonstratingProofOfPossessionJwkAsync(t), x.DPoP = await pe(window)(n.demonstrating_proof_of_possession_configuration)(t, "POST", b);
1381
+ }
1382
+ let S = await Ee(p)(b, {
1383
+ ..._,
1384
+ ...y
1385
+ }, x, e.configuration.token_renew_mode, c);
1386
+ if (!S.success) throw Error("Token request failed");
1387
+ let C, w = S.data.tokens, T = S.data.demonstratingProofOfPossessionNonce;
1388
+ if (S.data.state !== y.state) throw Error("state is not valid");
1389
+ let { isValid: E, reason: D } = v(w, m.nonce, l);
1390
+ if (!E) throw Error(`Tokens are not OpenID valid, reason: ${D}`);
1391
+ if (f) {
1392
+ if (w.refreshToken && !w.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Refresh token should be hidden by service worker");
1393
+ if (T && w?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Demonstration of proof of possession require Access token not hidden by service worker");
1394
+ }
1395
+ if (f) await f.initAsync(l, "syncTokensAsync", n), C = f.getLoginParams(), T && await f.setDemonstratingProofOfPossessionNonce(T);
1396
+ else {
1397
+ let t = a(e.configurationName, n.storage, n.login_state_storage ?? n.storage);
1398
+ C = t.getLoginParams(), T && await t.setDemonstratingProofOfPossessionNonce(T);
1399
+ }
1400
+ return await e.startCheckSessionAsync(l.checkSessionIframe, r, d, t), e.publishEvent(i.loginCallbackAsync_end, {}), {
1401
+ tokens: w,
1402
+ state: "request.state",
1403
+ callbackPath: C.callbackPath,
1404
+ scope: u.scope,
1405
+ extras: C.extras
1406
+ };
1407
+ } catch (t) {
1408
+ throw console.error(t), e.publishEvent(i.loginCallbackAsync_error, t), t;
1409
+ }
1410
+ }, Ve = {
1411
+ access_token: "access_token",
1412
+ refresh_token: "refresh_token"
1413
+ }, X = (e, t) => {
1414
+ let n = {};
1415
+ if (e) {
1416
+ for (let [r, i] of Object.entries(e)) if (r.endsWith(t)) {
1417
+ let e = r.replace(t, "");
1418
+ n[e] = i;
1419
+ }
1420
+ return n;
1421
+ }
1422
+ return n;
1423
+ }, He = (e) => {
1424
+ let t = {};
1425
+ if (e) {
1426
+ for (let [n, r] of Object.entries(e)) n.includes(":") || (t[n] = r);
1427
+ return t;
1428
+ }
1429
+ return t;
1430
+ }, Ue = (e) => async (t) => {
1431
+ y.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
1432
+ let n = await P(e.configuration, e.configurationName);
1433
+ n ? await n.clearAsync(t) : await a(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).clearAsync(t), e.tokens = null, e.userInfo = null;
1434
+ }, We = (e, t, n, r, a) => async (o = void 0, s = null) => {
1435
+ let c = e.configuration, l = await e.initAsync(c.authority, c.authority_configuration);
1436
+ o && typeof o != "string" && (o = void 0, r.warn("callbackPathOrUrl path is not a string"));
1437
+ let u = o ?? a.getPath(), d = !1;
1438
+ o && (d = o.includes("https://") || o.includes("http://"));
1439
+ let f = d ? o : a.getOrigin() + u, p = e.tokens ? e.tokens.idToken : "";
1440
+ try {
1441
+ let t = l.revocationEndpoint;
1442
+ if (t) {
1443
+ let r = [], i = e.tokens ? e.tokens.accessToken : null;
1444
+ if (i && c.logout_tokens_to_invalidate.includes(Ve.access_token)) {
1445
+ let e = X(s, ":revoke_access_token"), a = Ce(n)(t, i, H.access_token, c.client_id, e);
1446
+ r.push(a);
1447
+ }
1448
+ let a = e.tokens ? e.tokens.refreshToken : null;
1449
+ if (a && c.logout_tokens_to_invalidate.includes(Ve.refresh_token)) {
1450
+ let e = X(s, ":revoke_refresh_token"), i = Ce(n)(t, a, H.refresh_token, c.client_id, e);
1451
+ r.push(i);
1452
+ }
1453
+ r.length > 0 && await Promise.all(r);
1454
+ }
1455
+ } catch (e) {
1456
+ r.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), r.warn(e);
1457
+ }
1458
+ let m = e.tokens?.idTokenPayload?.sub ?? null;
1459
+ await e.destroyAsync("LOGGED_OUT");
1460
+ for (let [, n] of Object.entries(t)) n === e ? e.publishEvent(i.logout_from_same_tab, {}) : await e.logoutSameTabAsync(e.configuration.client_id, m);
1461
+ let h = X(s, ":oidc");
1462
+ if (h && h.no_reload === "true") return;
1463
+ let g = He(s);
1464
+ if (l.endSessionEndpoint) {
1465
+ "id_token_hint" in g || (g.id_token_hint = p), !("post_logout_redirect_uri" in g) && o !== null && (g.post_logout_redirect_uri = f);
1466
+ let e = "";
1467
+ for (let [t, n] of Object.entries(g)) n != null && (e === "" ? e += "?" : e += "&", e += `${t}=${encodeURIComponent(n)}`);
1468
+ a.open(`${l.endSessionEndpoint}${e}`);
1469
+ } else a.reload();
1470
+ }, Ge = (e, t, n = !1) => async (...r) => {
1471
+ let [i, a, ...o] = r, s = a ? { ...a } : { method: "GET" }, c = new Headers();
1472
+ s.headers && (c = s.headers instanceof Headers ? s.headers : new Headers(s.headers));
1473
+ let l = (await _({
1474
+ getTokens: () => t.tokens,
1475
+ configuration: {
1476
+ token_automatic_renew_mode: t.configuration.token_automatic_renew_mode,
1477
+ refresh_time_before_tokens_expiration_in_second: t.configuration.refresh_time_before_tokens_expiration_in_second
1478
+ },
1479
+ syncTokensInfoAsync: async () => {
1480
+ let { status: e } = await K(t)(t.configuration, t.configurationName, t.tokens, !1);
1481
+ return e;
1482
+ },
1483
+ renewTokensAsync: t.renewTokensAsync.bind(t)
1484
+ }))?.tokens?.accessToken;
1485
+ if (c.has("Accept") || c.set("Accept", "application/json"), l) {
1486
+ if (t.configuration.demonstrating_proof_of_possession && n) {
1487
+ let e = await t.generateDemonstrationOfProofOfPossessionAsync(l, i.toString(), s.method);
1488
+ c.set("Authorization", `DPoP ${l}`), c.set("DPoP", e);
1489
+ } else c.set("Authorization", `Bearer ${l}`);
1490
+ s.credentials ||= "same-origin";
1491
+ }
1492
+ return await e(i, {
1493
+ ...s,
1494
+ headers: c
1495
+ }, ...o);
1496
+ }, Ke = (e) => async (t = !1, n = !1) => {
1497
+ if (e.userInfo != null && !t) return e.userInfo;
1498
+ let r = !t && e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);
1499
+ if (r) return e.userInfo = JSON.parse(r), e.userInfo;
1500
+ let i = e.configuration, a = (await e.initAsync(i.authority, i.authority_configuration)).userInfoEndpoint, o = await (async () => {
1501
+ let t = await Ge(fetch, e, n)(a);
1502
+ return t.status === 200 ? t.json() : null;
1503
+ })();
1504
+ return e.userInfo = o, o && e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`, JSON.stringify(o)), o;
1505
+ }, qe = () => fetch, Z = class {
1506
+ constructor(e) {
1507
+ this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
1508
+ }
1509
+ }, Q = {}, Je = (t, n = new e()) => (e, r = "default") => (Q[r] || (Q[r] = new $(e, r, t, n)), Q[r]), Ye = async (e) => {
1510
+ let { parsedTokens: t, callbackPath: n, extras: r, scope: i } = await e.loginCallbackAsync();
1511
+ return e.timeoutId = W(e, t.expiresAt, r, i), { callbackPath: n };
1512
+ }, Xe = (e) => Math.floor(Math.random() * e), $ = class t {
1513
+ constructor(t, n = "default", r, i = new e()) {
1514
+ this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
1515
+ let a = t.silent_login_uri;
1516
+ t.silent_redirect_uri && !t.silent_login_uri && (a = `${t.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
1517
+ let s = t.refresh_time_before_tokens_expiration_in_second ?? 120;
1518
+ s > 60 && (s -= Math.floor(Math.random() * 40)), this.location = i ?? new e(), this.configuration = {
1519
+ ...t,
1520
+ silent_login_uri: a,
1521
+ token_automatic_renew_mode: t.token_automatic_renew_mode ?? o.AutomaticBeforeTokenExpiration,
1522
+ monitor_session: t.monitor_session ?? !1,
1523
+ refresh_time_before_tokens_expiration_in_second: s,
1524
+ silent_login_timeout: t.silent_login_timeout ?? 12e3,
1525
+ token_renew_mode: t.token_renew_mode ?? d.access_token_or_id_token_invalid,
1526
+ demonstrating_proof_of_possession: t.demonstrating_proof_of_possession ?? !1,
1527
+ authority_timeout_wellknowurl_in_millisecond: t.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
1528
+ logout_tokens_to_invalidate: t.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"],
1529
+ service_worker_activate: t.service_worker_activate ?? Pe,
1530
+ demonstrating_proof_of_possession_configuration: t.demonstrating_proof_of_possession_configuration ?? ce,
1531
+ preload_user_info: t.preload_user_info ?? !1
1532
+ }, this.getFetch = r ?? qe, this.configurationName = n, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
1533
+ }
1534
+ subscribeEvents(e) {
1535
+ let t = Xe(9999999999999).toString();
1536
+ return this.events.push({
1537
+ id: t,
1538
+ func: e
1539
+ }), t;
1540
+ }
1541
+ removeEventSubscription(e) {
1542
+ let t = this.events.filter((t) => t.id !== e);
1543
+ this.events = t;
1544
+ }
1545
+ publishEvent(e, t) {
1546
+ this.events.forEach((n) => {
1547
+ n.func(e, t);
1548
+ });
1549
+ }
1550
+ static {
1551
+ this.getOrCreate = (e, t) => (n, r = "default") => Je(e, t)(n, r);
1552
+ }
1553
+ static get(e = "default") {
1554
+ let t = typeof process > "u";
1555
+ if (!Object.prototype.hasOwnProperty.call(Q, e) && t) throw Error(`OIDC library does seem initialized.
1556
+ Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> component.`);
1557
+ return Q[e];
1558
+ }
1559
+ static {
1560
+ this.eventNames = i;
1561
+ }
1562
+ _silentLoginCallbackFromIFrame() {
1563
+ if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
1564
+ let e = this.location, t = Y(e.getCurrentHref());
1565
+ window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({
1566
+ tokens: this.tokens,
1567
+ sessionState: t.session_state
1568
+ })}`, e.getOrigin());
1569
+ }
1570
+ }
1571
+ _silentLoginErrorCallbackFromIFrame(e = null) {
1572
+ if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
1573
+ let t = this.location, n = Y(t.getCurrentHref());
1574
+ n.error ? window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({ error: n.error })}`, t.getOrigin()) : window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({ error: e == null ? "" : e.toString() })}`, t.getOrigin());
1575
+ }
1576
+ }
1577
+ async silentLoginCallbackAsync() {
1578
+ try {
1579
+ await this.loginCallbackAsync(!0), this._silentLoginCallbackFromIFrame();
1580
+ } catch (e) {
1581
+ console.error(e), this._silentLoginErrorCallbackFromIFrame(e);
1582
+ }
1583
+ }
1584
+ async initAsync(e, t) {
1585
+ if (this.initPromise !== null) return this.initPromise;
1586
+ let n = async () => {
1587
+ if (t != null) return new Z({
1588
+ authorization_endpoint: t.authorization_endpoint,
1589
+ end_session_endpoint: t.end_session_endpoint,
1590
+ revocation_endpoint: t.revocation_endpoint,
1591
+ token_endpoint: t.token_endpoint,
1592
+ userinfo_endpoint: t.userinfo_endpoint,
1593
+ check_session_iframe: t.check_session_iframe,
1594
+ issuer: t.issuer
1595
+ });
1596
+ let n = await P(this.configuration, this.configurationName) ? this.configuration.storage || window.sessionStorage : this.configuration.storage;
1597
+ return await Se(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 3600, n, this.configuration.authority_timeout_wellknowurl_in_millisecond);
1598
+ };
1599
+ return this.initPromise = n(), this.initPromise.finally(() => {
1600
+ this.initPromise = null;
1601
+ });
1602
+ }
1603
+ async tryKeepExistingSessionAsync() {
1604
+ return this.tryKeepExistingSessionPromise === null ? (this.tryKeepExistingSessionPromise = Fe(this), this.tryKeepExistingSessionPromise.finally(() => {
1605
+ this.tryKeepExistingSessionPromise = null;
1606
+ })) : this.tryKeepExistingSessionPromise;
1607
+ }
1608
+ async startCheckSessionAsync(e, t, n, r = !1) {
1609
+ await Ae(this, Q, this.configuration)(e, t, n, r);
1610
+ }
1611
+ async loginAsync(e = void 0, t = null, n = !1, r = void 0, i = !1) {
1612
+ return this.logoutPromise && await this.logoutPromise, this.loginPromise === null ? (i ? this.loginPromise = ke(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(t, r) : this.loginPromise = ze(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, t, n, r), this.loginPromise.finally(() => {
1613
+ this.loginPromise = null;
1614
+ })) : this.loginPromise;
1615
+ }
1616
+ async loginCallbackAsync(e = !1) {
1617
+ if (this.loginCallbackPromise !== null) return this.loginCallbackPromise;
1618
+ let n = async () => {
1619
+ let n = await Be(this)(e), r = n.tokens;
1620
+ return this.tokens = r, await P(this.configuration, this.configurationName) || a(this.configurationName, this.configuration.storage, this.configuration.login_state_storage ?? this.configuration.storage).setTokens(r), this.publishEvent(t.eventNames.token_acquired, r), this.configuration.preload_user_info && await this.userInfoAsync(), {
1621
+ parsedTokens: r,
1622
+ state: n.state,
1623
+ callbackPath: n.callbackPath,
1624
+ scope: n.scope,
1625
+ extras: n.extras
1626
+ };
1627
+ };
1628
+ return this.loginCallbackPromise = n(), this.loginCallbackPromise.finally(() => {
1629
+ this.loginCallbackPromise = null;
1630
+ });
1631
+ }
1632
+ async generateDemonstrationOfProofOfPossessionAsync(e, t, n, r = {}) {
1633
+ let i = this.configuration, o = {
1634
+ ath: await ye(e),
1635
+ ...r
1636
+ };
1637
+ if (await P(i, this.configurationName)) return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${E(this.configurationName)}`;
1638
+ let s = a(this.configurationName, i.storage, i.login_state_storage ?? i.storage), c = await s.getDemonstratingProofOfPossessionJwkAsync(), l = s.getDemonstratingProofOfPossessionNonce();
1639
+ return l && (o.nonce = l), await pe(window)(i.demonstrating_proof_of_possession_configuration)(c, n, t, o);
1640
+ }
1641
+ loginCallbackWithAutoTokensRenewAsync() {
1642
+ return this.loginCallbackWithAutoTokensRenewPromise === null ? (this.loginCallbackWithAutoTokensRenewPromise = Ye(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
1643
+ this.loginCallbackWithAutoTokensRenewPromise = null;
1644
+ })) : this.loginCallbackWithAutoTokensRenewPromise;
1645
+ }
1646
+ userInfoAsync(e = !1, t = !1) {
1647
+ return this.userInfoPromise === null ? (this.userInfoPromise = Ke(this)(e, t), this.userInfoPromise.finally(() => {
1648
+ this.userInfoPromise = null;
1649
+ })) : this.userInfoPromise;
1650
+ }
1651
+ async renewTokensAsync(e = null, t = null) {
1652
+ if (this.renewTokensPromise !== null) return this.renewTokensPromise;
1653
+ if (this.timeoutId) return y.clearTimeout(this.timeoutId), this.renewTokensPromise = Oe(this, !0, e, t), this.renewTokensPromise.finally(() => {
1654
+ this.renewTokensPromise = null;
1655
+ });
1656
+ }
1657
+ async destroyAsync(e) {
1658
+ return await Ue(this)(e);
1659
+ }
1660
+ async logoutSameTabAsync(e, t) {
1661
+ this.configuration.monitor_session && this.configuration.client_id === e && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(i.logout_from_same_tab, {
1662
+ mmessage: "SessionMonitor",
1663
+ sub: t
1664
+ }));
1665
+ }
1666
+ async logoutOtherTabAsync(e, t) {
1667
+ this.configuration.monitor_session && this.configuration.client_id === e && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(i.logout_from_another_tab, {
1668
+ message: "SessionMonitor",
1669
+ sub: t
1670
+ }));
1671
+ }
1672
+ async logoutAsync(e = void 0, t = null) {
1673
+ return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = We(this, Q, this.getFetch(), console, this.location)(e, t), this.logoutPromise.finally(() => {
1674
+ this.logoutPromise = null;
1675
+ }));
1676
+ }
1677
+ }, Ze = class t {
1678
+ constructor(e) {
1679
+ this._oidc = e;
1680
+ }
1681
+ subscribeEvents(e) {
1682
+ return this._oidc.subscribeEvents(e);
1683
+ }
1684
+ removeEventSubscription(e) {
1685
+ this._oidc.removeEventSubscription(e);
1686
+ }
1687
+ publishEvent(e, t) {
1688
+ this._oidc.publishEvent(e, t);
1689
+ }
1690
+ static {
1691
+ this.getOrCreate = (n, r = new e()) => (e, i = "default") => new t($.getOrCreate(n, r)(e, i));
1692
+ }
1693
+ static get(e = "default") {
1694
+ return new t($.get(e));
1695
+ }
1696
+ static {
1697
+ this.eventNames = $.eventNames;
1698
+ }
1699
+ tryKeepExistingSessionAsync() {
1700
+ return this._oidc.tryKeepExistingSessionAsync();
1701
+ }
1702
+ loginAsync(e = void 0, t = null, n = !1, r = void 0, i = !1) {
1703
+ return this._oidc.loginAsync(e, t, n, r, i);
1704
+ }
1705
+ logoutAsync(e = void 0, t = null) {
1706
+ return this._oidc.logoutAsync(e, t);
1707
+ }
1708
+ silentLoginCallbackAsync() {
1709
+ return this._oidc.silentLoginCallbackAsync();
1710
+ }
1711
+ renewTokensAsync(e = null, t = null) {
1712
+ return this._oidc.renewTokensAsync(e, t);
1713
+ }
1714
+ loginCallbackAsync() {
1715
+ return this._oidc.loginCallbackWithAutoTokensRenewAsync();
1716
+ }
1717
+ get tokens() {
1718
+ return this._oidc.tokens;
1719
+ }
1720
+ get configuration() {
1721
+ return this._oidc.configuration;
1722
+ }
1723
+ async generateDemonstrationOfProofOfPossessionAsync(e, t, n, r = {}) {
1724
+ return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e, t, n, r);
1725
+ }
1726
+ async getValidTokenAsync(e = 200, t = 50) {
1727
+ let n = this._oidc;
1728
+ return _({
1729
+ getTokens: () => n.tokens,
1730
+ configuration: {
1731
+ token_automatic_renew_mode: n.configuration.token_automatic_renew_mode,
1732
+ refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
1733
+ },
1734
+ syncTokensInfoAsync: async () => {
1735
+ let { status: e } = await K(n)(n.configuration, n.configurationName, n.tokens, !1);
1736
+ return e;
1737
+ },
1738
+ renewTokensAsync: n.renewTokensAsync.bind(n)
1739
+ }, e, t);
1740
+ }
1741
+ fetchWithTokens(e, t = !1) {
1742
+ return Ge(e, this._oidc, t);
1743
+ }
1744
+ async userInfoAsync(e = !1, t = !1) {
1745
+ return this._oidc.userInfoAsync(e, t);
1746
+ }
1747
+ userInfo() {
1748
+ return this._oidc.userInfo;
1749
+ }
2060
1750
  };
1751
+ //#endregion
1752
+ export { Ze as OidcClient, e as OidcLocation, o as TokenAutomaticRenewMode, d as TokenRenewMode, qe as getFetchDefault, Y as getParseQueryStringFromLocation, Le as getPath };