@axa-fr/oidc-client 7.27.3 → 7.27.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +1 -1
  2. package/dist/index.js +1735 -2049
  3. package/dist/index.umd.cjs +2 -2
  4. package/dist/renewTokens.d.ts +4 -0
  5. package/dist/renewTokens.d.ts.map +1 -1
  6. package/dist/version.d.ts +1 -1
  7. package/package.json +10 -10
  8. package/src/renewTokens.ts +1 -1
  9. package/src/version.ts +1 -1
package/dist/index.js CHANGED
@@ -1,2066 +1,1752 @@
1
- class ne {
2
- open(n) {
3
- window.location.href = n;
4
- }
5
- reload() {
6
- window.location.reload();
7
- }
8
- getCurrentHref() {
9
- return window.location.href;
10
- }
11
- getPath() {
12
- const n = window.location;
13
- return n.pathname + (n.search || "") + (n.hash || "");
14
- }
15
- getOrigin() {
16
- return window.origin;
17
- }
18
- }
19
- const Se = 2e3, F = console;
20
- class Me {
21
- constructor(n, t, s, o = Se, i = !0) {
22
- this._callback = n, this._client_id = t, this._url = s, this._interval = o || Se, this._stopOnError = i;
23
- const r = s.indexOf("/", s.indexOf("//") + 2);
24
- this._frame_origin = s.substring(0, r), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = s;
25
- }
26
- load() {
27
- return new Promise((n) => {
28
- this._frame.onload = () => {
29
- n();
30
- }, window.document.body.appendChild(this._frame), this._boundMessageEvent = this._message.bind(this), window.addEventListener("message", this._boundMessageEvent, !1);
31
- });
32
- }
33
- _message(n) {
34
- n.origin === this._frame_origin && n.source === this._frame.contentWindow && (n.data === "error" ? (F.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : n.data === "changed" ? (F.debug(n), F.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : F.debug("CheckSessionIFrame: " + n.data + " message from check session op iframe"));
35
- }
36
- start(n) {
37
- F.debug("CheckSessionIFrame.start :" + n), this.stop();
38
- const t = () => {
39
- this._frame.contentWindow.postMessage(
40
- this._client_id + " " + n,
41
- this._frame_origin
42
- );
43
- };
44
- t(), this._timer = window.setInterval(t, this._interval);
45
- }
46
- stop() {
47
- this._timer && (F.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
48
- }
49
- }
50
- const k = {
51
- service_worker_not_supported_by_browser: "service_worker_not_supported_by_browser",
52
- token_acquired: "token_acquired",
53
- logout_from_another_tab: "logout_from_another_tab",
54
- logout_from_same_tab: "logout_from_same_tab",
55
- token_renewed: "token_renewed",
56
- token_timer: "token_timer",
57
- loginAsync_begin: "loginAsync_begin",
58
- loginAsync_error: "loginAsync_error",
59
- loginCallbackAsync_begin: "loginCallbackAsync_begin",
60
- loginCallbackAsync_end: "loginCallbackAsync_end",
61
- loginCallbackAsync_error: "loginCallbackAsync_error",
62
- refreshTokensAsync_begin: "refreshTokensAsync_begin",
63
- refreshTokensAsync: "refreshTokensAsync",
64
- refreshTokensAsync_end: "refreshTokensAsync_end",
65
- refreshTokensAsync_error: "refreshTokensAsync_error",
66
- refreshTokensAsync_silent_error: "refreshTokensAsync_silent_error",
67
- tryKeepExistingSessionAsync_begin: "tryKeepExistingSessionAsync_begin",
68
- tryKeepExistingSessionAsync_end: "tryKeepExistingSessionAsync_end",
69
- tryKeepExistingSessionAsync_error: "tryKeepExistingSessionAsync_error",
70
- silentLoginAsync_begin: "silentLoginAsync_begin",
71
- silentLoginAsync: "silentLoginAsync",
72
- silentLoginAsync_end: "silentLoginAsync_end",
73
- silentLoginAsync_error: "silentLoginAsync_error",
74
- syncTokensAsync_begin: "syncTokensAsync_begin",
75
- syncTokensAsync_lock_not_available: "syncTokensAsync_lock_not_available",
76
- syncTokensAsync_end: "syncTokensAsync_end",
77
- syncTokensAsync_error: "syncTokensAsync_error",
78
- tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
79
- }, x = (e, n = sessionStorage, t) => {
80
- const s = t ?? n, o = (w) => (n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: w }), delete n[`oidc.${e}.userInfo`], t && t !== n && (delete s[`oidc.login.${e}`], delete s[`oidc.state.${e}`], delete s[`oidc.code_verifier.${e}`], delete s[`oidc.nonce.${e}`]), Promise.resolve()), i = async () => {
81
- if (!n[`oidc.${e}`])
82
- return n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
83
- const w = JSON.parse(n[`oidc.${e}`]);
84
- return Promise.resolve({ tokens: w.tokens, status: w.status });
85
- }, r = (w) => {
86
- n[`oidc.${e}`] = JSON.stringify({ tokens: w });
87
- }, a = async (w) => {
88
- n[`oidc.session_state.${e}`] = w;
89
- }, c = async () => n[`oidc.session_state.${e}`], f = (w) => {
90
- s[`oidc.nonce.${e}`] = w.nonce;
91
- }, u = (w) => {
92
- n[`oidc.jwk.${e}`] = JSON.stringify(w);
93
- }, l = () => JSON.parse(n[`oidc.jwk.${e}`]), h = async () => ({ nonce: s[`oidc.nonce.${e}`] }), _ = async (w) => {
94
- n[`oidc.dpop_nonce.${e}`] = w;
95
- }, m = () => n[`oidc.dpop_nonce.${e}`], p = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, g = {};
96
- return {
97
- clearAsync: o,
98
- initAsync: i,
99
- setTokens: r,
100
- getTokens: p,
101
- setSessionStateAsync: a,
102
- getSessionStateAsync: c,
103
- setNonceAsync: f,
104
- getNonceAsync: h,
105
- setLoginParams: (w) => {
106
- g[e] = w, s[`oidc.login.${e}`] = JSON.stringify(w);
107
- },
108
- getLoginParams: () => {
109
- const w = s[`oidc.login.${e}`];
110
- return w ? (g[e] || (g[e] = JSON.parse(w)), g[e]) : (console.warn(
111
- `storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`
112
- ), null);
113
- },
114
- getStateAsync: async () => s[`oidc.state.${e}`],
115
- setStateAsync: async (w) => {
116
- s[`oidc.state.${e}`] = w;
117
- },
118
- getCodeVerifierAsync: async () => s[`oidc.code_verifier.${e}`],
119
- setCodeVerifierAsync: async (w) => {
120
- s[`oidc.code_verifier.${e}`] = w;
121
- },
122
- setDemonstratingProofOfPossessionNonce: _,
123
- getDemonstratingProofOfPossessionNonce: m,
124
- setDemonstratingProofOfPossessionJwkAsync: u,
125
- getDemonstratingProofOfPossessionJwkAsync: l
126
- };
127
- };
128
- var Y = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(Y || {});
129
- const Be = (e) => decodeURIComponent(
130
- Array.prototype.map.call(atob(e), (n) => "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2)).join("")
131
- ), Je = (e) => JSON.parse(Be(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), Te = (e) => {
132
- try {
133
- return e && He(e, ".") === 2 ? Je(e.split(".")[1]) : null;
134
- } catch (n) {
135
- console.warn(n);
136
- }
137
- return null;
138
- }, He = (e, n) => e.split(n).length - 1, ae = {
139
- access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
140
- access_token_invalid: "access_token_invalid",
141
- id_token_invalid: "id_token_invalid"
1
+ //#region src/location.ts
2
+ var e = class {
3
+ open(e) {
4
+ window.location.href = e;
5
+ }
6
+ reload() {
7
+ window.location.reload();
8
+ }
9
+ getCurrentHref() {
10
+ return window.location.href;
11
+ }
12
+ getPath() {
13
+ let e = window.location;
14
+ return e.pathname + (e.search || "") + (e.hash || "");
15
+ }
16
+ getOrigin() {
17
+ return window.origin;
18
+ }
19
+ }, t = 2e3, n = console, r = class {
20
+ constructor(e, n, r, i = t, a = !0) {
21
+ this._callback = e, this._client_id = n, this._url = r, this._interval = i || t, this._stopOnError = a;
22
+ let o = r.indexOf("/", r.indexOf("//") + 2);
23
+ this._frame_origin = r.substring(0, o), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = r;
24
+ }
25
+ load() {
26
+ return new Promise((e) => {
27
+ this._frame.onload = () => {
28
+ e();
29
+ }, window.document.body.appendChild(this._frame), this._boundMessageEvent = this._message.bind(this), window.addEventListener("message", this._boundMessageEvent, !1);
30
+ });
31
+ }
32
+ _message(e) {
33
+ e.origin === this._frame_origin && e.source === this._frame.contentWindow && (e.data === "error" ? (n.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : e.data === "changed" ? (n.debug(e), n.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : n.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe"));
34
+ }
35
+ start(e) {
36
+ n.debug("CheckSessionIFrame.start :" + e), this.stop();
37
+ let t = () => {
38
+ this._frame.contentWindow.postMessage(this._client_id + " " + e, this._frame_origin);
39
+ };
40
+ t(), this._timer = window.setInterval(t, this._interval);
41
+ }
42
+ stop() {
43
+ this._timer &&= (n.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), null);
44
+ }
45
+ }, i = {
46
+ service_worker_not_supported_by_browser: "service_worker_not_supported_by_browser",
47
+ token_acquired: "token_acquired",
48
+ logout_from_another_tab: "logout_from_another_tab",
49
+ logout_from_same_tab: "logout_from_same_tab",
50
+ token_renewed: "token_renewed",
51
+ token_timer: "token_timer",
52
+ loginAsync_begin: "loginAsync_begin",
53
+ loginAsync_error: "loginAsync_error",
54
+ loginCallbackAsync_begin: "loginCallbackAsync_begin",
55
+ loginCallbackAsync_end: "loginCallbackAsync_end",
56
+ loginCallbackAsync_error: "loginCallbackAsync_error",
57
+ refreshTokensAsync_begin: "refreshTokensAsync_begin",
58
+ refreshTokensAsync: "refreshTokensAsync",
59
+ refreshTokensAsync_end: "refreshTokensAsync_end",
60
+ refreshTokensAsync_error: "refreshTokensAsync_error",
61
+ refreshTokensAsync_silent_error: "refreshTokensAsync_silent_error",
62
+ tryKeepExistingSessionAsync_begin: "tryKeepExistingSessionAsync_begin",
63
+ tryKeepExistingSessionAsync_end: "tryKeepExistingSessionAsync_end",
64
+ tryKeepExistingSessionAsync_error: "tryKeepExistingSessionAsync_error",
65
+ silentLoginAsync_begin: "silentLoginAsync_begin",
66
+ silentLoginAsync: "silentLoginAsync",
67
+ silentLoginAsync_end: "silentLoginAsync_end",
68
+ silentLoginAsync_error: "silentLoginAsync_error",
69
+ syncTokensAsync_begin: "syncTokensAsync_begin",
70
+ syncTokensAsync_lock_not_available: "syncTokensAsync_lock_not_available",
71
+ syncTokensAsync_end: "syncTokensAsync_end",
72
+ syncTokensAsync_error: "syncTokensAsync_error",
73
+ tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
74
+ }, a = (e, t = sessionStorage, n) => {
75
+ let r = n ?? t, i = (i) => (t[`oidc.${e}`] = JSON.stringify({
76
+ tokens: null,
77
+ status: i
78
+ }), delete t[`oidc.${e}.userInfo`], n && n !== t && (delete r[`oidc.login.${e}`], delete r[`oidc.state.${e}`], delete r[`oidc.code_verifier.${e}`], delete r[`oidc.nonce.${e}`]), Promise.resolve()), a = async () => {
79
+ if (!t[`oidc.${e}`]) return t[`oidc.${e}`] = JSON.stringify({
80
+ tokens: null,
81
+ status: null
82
+ }), {
83
+ tokens: null,
84
+ status: null
85
+ };
86
+ let n = JSON.parse(t[`oidc.${e}`]);
87
+ return Promise.resolve({
88
+ tokens: n.tokens,
89
+ status: n.status
90
+ });
91
+ }, o = (n) => {
92
+ t[`oidc.${e}`] = JSON.stringify({ tokens: n });
93
+ }, s = async (n) => {
94
+ t[`oidc.session_state.${e}`] = n;
95
+ }, c = async () => t[`oidc.session_state.${e}`], l = (t) => {
96
+ r[`oidc.nonce.${e}`] = t.nonce;
97
+ }, u = (n) => {
98
+ t[`oidc.jwk.${e}`] = JSON.stringify(n);
99
+ }, d = () => JSON.parse(t[`oidc.jwk.${e}`]), f = async () => ({ nonce: r[`oidc.nonce.${e}`] }), p = async (n) => {
100
+ t[`oidc.dpop_nonce.${e}`] = n;
101
+ }, m = () => t[`oidc.dpop_nonce.${e}`], h = () => t[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(t[`oidc.${e}`]).tokens }) : null, g = {};
102
+ return {
103
+ clearAsync: i,
104
+ initAsync: a,
105
+ setTokens: o,
106
+ getTokens: h,
107
+ setSessionStateAsync: s,
108
+ getSessionStateAsync: c,
109
+ setNonceAsync: l,
110
+ getNonceAsync: f,
111
+ setLoginParams: (t) => {
112
+ g[e] = t, r[`oidc.login.${e}`] = JSON.stringify(t);
113
+ },
114
+ getLoginParams: () => {
115
+ let t = r[`oidc.login.${e}`];
116
+ return t ? (g[e] || (g[e] = JSON.parse(t)), g[e]) : (console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`), null);
117
+ },
118
+ getStateAsync: async () => r[`oidc.state.${e}`],
119
+ setStateAsync: async (t) => {
120
+ r[`oidc.state.${e}`] = t;
121
+ },
122
+ getCodeVerifierAsync: async () => r[`oidc.code_verifier.${e}`],
123
+ setCodeVerifierAsync: async (t) => {
124
+ r[`oidc.code_verifier.${e}`] = t;
125
+ },
126
+ setDemonstratingProofOfPossessionNonce: p,
127
+ getDemonstratingProofOfPossessionNonce: m,
128
+ setDemonstratingProofOfPossessionJwkAsync: u,
129
+ getDemonstratingProofOfPossessionJwkAsync: d
130
+ };
131
+ }, o = /* @__PURE__ */ function(e) {
132
+ return e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e;
133
+ }({}), s = (e) => decodeURIComponent(Array.prototype.map.call(atob(e), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), c = (e) => JSON.parse(s(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), l = (e) => {
134
+ try {
135
+ return e && u(e, ".") === 2 ? c(e.split(".")[1]) : null;
136
+ } catch (e) {
137
+ console.warn(e);
138
+ }
139
+ return null;
140
+ }, u = (e, t) => e.split(t).length - 1, d = {
141
+ access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
142
+ access_token_invalid: "access_token_invalid",
143
+ id_token_invalid: "id_token_invalid"
142
144
  };
143
- function Ge(e, n, t) {
144
- if (e.issuedAt) {
145
- if (typeof e.issuedAt == "string")
146
- return parseInt(e.issuedAt, 10);
147
- } else return n && n.iat ? n.iat : t && t.iat ? t.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
148
- return e.issuedAt;
145
+ function f(e, t, n) {
146
+ return e.issuedAt ? typeof e.issuedAt == "string" ? parseInt(e.issuedAt, 10) : e.issuedAt : t && t.iat ? t.iat : n && n.iat ? n.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
149
147
  }
150
- const ge = (e, n = null, t) => {
151
- if (!e)
152
- return null;
153
- let s;
154
- const o = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
155
- e.accessTokenPayload !== void 0 ? s = e.accessTokenPayload : s = Te(e.accessToken);
156
- let i;
157
- n != null && "idToken" in n && !("idToken" in e) ? i = n.idToken : i = e.idToken;
158
- const r = e.idTokenPayload ? e.idTokenPayload : Te(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, c = s && s.exp ? s.exp : e.issuedAt + o;
159
- e.issuedAt = Ge(e, s, r);
160
- let f;
161
- e.expiresAt ? f = e.expiresAt : t === ae.access_token_invalid ? f = c : t === ae.id_token_invalid ? f = a : f = a < c ? a : c;
162
- const u = {
163
- ...e,
164
- idTokenPayload: r,
165
- accessTokenPayload: s,
166
- expiresAt: f,
167
- idToken: i
168
- };
169
- if (n != null && "refreshToken" in n && !("refreshToken" in e)) {
170
- const l = n.refreshToken;
171
- return { ...u, refreshToken: l };
172
- }
173
- return u;
174
- }, he = (e, n, t) => {
175
- if (!e)
176
- return null;
177
- if (!e.issued_at) {
178
- const o = (/* @__PURE__ */ new Date()).getTime() / 1e3;
179
- e.issued_at = o;
180
- }
181
- const s = {
182
- accessToken: e.access_token,
183
- expiresIn: e.expires_in,
184
- idToken: e.id_token,
185
- scope: e.scope,
186
- tokenType: e.token_type,
187
- issuedAt: e.issued_at
188
- };
189
- return "refresh_token" in e && (s.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (s.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (s.idTokenPayload = e.idTokenPayload), ge(s, n, t);
190
- }, j = (e, n) => {
191
- const t = (/* @__PURE__ */ new Date()).getTime() / 1e3, s = n - t;
192
- return Math.round(s - e);
193
- }, je = (e, n = 0) => e ? j(n, e.expiresAt) > 0 : !1, Ne = async (e, n = 200, t = 50) => {
194
- let s = t, o = await e.syncTokensInfoAsync();
195
- for (; [
196
- P.REQUIRE_SYNC_TOKENS,
197
- P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
198
- P.TOKENS_INVALID
199
- ].includes(o) && s > 0; ) {
200
- if (e.configuration.token_automatic_renew_mode == Y.AutomaticOnlyWhenFetchExecuted) {
201
- await e.renewTokensAsync({});
202
- break;
203
- } else
204
- await X({ milliseconds: n });
205
- s = s - 1, o = await e.syncTokensInfoAsync();
206
- }
207
- return {
208
- isTokensValid: je(e.getTokens()),
209
- tokens: e.getTokens(),
210
- numberWaited: s - t
211
- };
212
- }, xe = (e, n, t) => {
213
- if (e.idTokenPayload) {
214
- const s = e.idTokenPayload;
215
- if (t.issuer !== s.iss)
216
- return {
217
- isValid: !1,
218
- reason: `Issuer does not match (oidcServerConfiguration issuer) ${t.issuer} !== (idTokenPayload issuer) ${s.iss}`
219
- };
220
- const o = (/* @__PURE__ */ new Date()).getTime() / 1e3;
221
- if (s.exp && s.exp < o)
222
- return {
223
- isValid: !1,
224
- reason: `Token expired (idTokenPayload exp) ${s.exp} < (currentTimeUnixSecond) ${o}`
225
- };
226
- const i = 3600 * 24 * 7;
227
- if (s.iat && s.iat + i < o)
228
- return {
229
- isValid: !1,
230
- reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${s.iat + i} < (currentTimeUnixSecond) ${o}`
231
- };
232
- if (s.nonce && s.nonce !== n)
233
- return {
234
- isValid: !1,
235
- reason: `Nonce does not match (idTokenPayload nonce) ${s.nonce} !== (nonce) ${n}`
236
- };
237
- }
238
- return { isValid: !0, reason: "" };
239
- }, R = (function() {
240
- const e = typeof window > "u" ? global : window;
241
- return {
242
- setTimeout: setTimeout.bind(e),
243
- clearTimeout: clearTimeout.bind(e),
244
- setInterval: setInterval.bind(e),
245
- clearInterval: clearInterval.bind(e)
246
- };
247
- })(), oe = "7.27.3";
248
- let ve = null, te;
249
- const X = ({ milliseconds: e }) => new Promise((n) => R.setTimeout(n, e)), We = (e = "/") => {
250
- try {
251
- te = new AbortController(), fetch(
252
- `${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,
253
- { signal: te.signal }
254
- ).catch((s) => {
255
- console.log(s);
256
- }), X({ milliseconds: 150 * 1e3 }).then(
257
- () => We(e)
258
- );
259
- } catch (n) {
260
- console.log(n);
261
- }
262
- }, Z = () => {
263
- te && te.abort();
264
- }, ye = (e) => {
265
- const n = `oidc.tabId.${e}`, t = sessionStorage.getItem(n);
266
- if (t) return t;
267
- const s = globalThis.crypto.randomUUID();
268
- return sessionStorage.setItem(n, s), s;
269
- }, qe = 5e3, Ye = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, I = (e, n) => (t) => {
270
- const s = n?.timeoutMs ?? qe;
271
- return new Promise((o, i) => {
272
- const r = Ye(e);
273
- if (!r) {
274
- i(
275
- new Error(
276
- "Service worker target not available (controller/active/waiting/installing missing)"
277
- )
278
- );
279
- return;
280
- }
281
- const a = new MessageChannel();
282
- let c = null;
283
- const f = () => {
284
- try {
285
- c != null && (R.clearTimeout(c), c = null), a.port1.onmessage = null, a.port1.close(), a.port2.close();
286
- } catch (u) {
287
- console.error(u);
288
- }
289
- };
290
- c = R.setTimeout(() => {
291
- f(), i(
292
- new Error(`Service worker did not respond within ${s}ms (type=${t?.type})`)
293
- );
294
- }, s), a.port1.onmessage = (u) => {
295
- f(), u?.data?.error ? i(u.data.error) : o(u.data);
296
- };
297
- try {
298
- const u = t?.configurationName;
299
- r.postMessage({ ...t, tabId: ye(u ?? "default") }, [
300
- a.port2
301
- ]);
302
- } catch (u) {
303
- f(), i(u);
304
- }
305
- });
306
- }, Xe = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((n) => {
307
- let t = !1;
308
- const s = () => {
309
- t || (t = !0, navigator.serviceWorker.removeEventListener("controllerchange", s), n(navigator.serviceWorker.controller ?? null));
310
- };
311
- navigator.serviceWorker.addEventListener("controllerchange", s), R.setTimeout(() => {
312
- t || (t = !0, navigator.serviceWorker.removeEventListener("controllerchange", s), n(navigator.serviceWorker.controller ?? null));
313
- }, e);
314
- });
315
- let Ee = !1, M = !1;
316
- const B = /* @__PURE__ */ new Map(), ke = "oidc.sw.controllerchange_reload_count", ie = 3, ce = () => {
317
- try {
318
- return parseInt(sessionStorage.getItem(ke) ?? "0", 10);
319
- } catch {
320
- return 0;
321
- }
322
- }, ze = () => {
323
- const e = ce() + 1;
324
- try {
325
- sessionStorage.setItem(ke, String(e));
326
- } catch {
327
- }
328
- return e;
329
- }, Qe = () => {
330
- try {
331
- sessionStorage.removeItem(ke);
332
- } catch {
333
- }
334
- }, W = async (e, n) => {
335
- const t = e.service_worker_relative_url;
336
- if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !t || e.service_worker_activate() === !1)
337
- return null;
338
- const s = `${t}?v=${oe}`;
339
- let o = null;
340
- e.service_worker_register ? (B.has(t) || B.set(
341
- t,
342
- e.service_worker_register(t)
343
- ), o = await B.get(t)) : (B.has(s) || B.set(
344
- s,
345
- navigator.serviceWorker.register(s, {
346
- updateViaCache: "none"
347
- })
348
- ), o = await B.get(s));
349
- const i = `oidc.sw.version_mismatch_reload.${n}`, r = async (d) => {
350
- Z(), console.log("New SW waiting SKIP_WAITING");
351
- try {
352
- await new Promise((N, S) => {
353
- const b = new MessageChannel();
354
- let K = null;
355
- const U = () => {
356
- try {
357
- K != null && (R.clearTimeout(K), K = null), b.port1.onmessage = null, b.port1.close(), b.port2.close();
358
- } catch (L) {
359
- console.error(L);
360
- }
361
- };
362
- K = R.setTimeout(() => {
363
- U(), S(new Error("SKIP_WAITING did not respond within 8000ms"));
364
- }, 8e3), b.port1.onmessage = (L) => {
365
- U(), L?.data?.error ? S(L.data.error) : N();
366
- };
367
- try {
368
- d.postMessage(
369
- {
370
- type: "SKIP_WAITING",
371
- configurationName: n,
372
- data: null,
373
- tabId: ye(n ?? "default")
374
- },
375
- [b.port2]
376
- );
377
- } catch (L) {
378
- U(), S(L);
379
- }
380
- });
381
- } catch (N) {
382
- console.warn("SKIP_WAITING failed", N);
383
- }
384
- }, a = async () => {
385
- const d = o.waiting;
386
- d ? await r(d) : console.warn("sendSkipWaiting called but no waiting service worker found");
387
- }, c = (d) => {
388
- Z(), d.addEventListener("statechange", async () => {
389
- if (d.state === "installed" && navigator.serviceWorker.controller) {
390
- if (ce() >= ie) {
391
- console.warn(
392
- "SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted"
393
- );
394
- return;
395
- }
396
- await r(d);
397
- }
398
- });
399
- };
400
- o.addEventListener("updatefound", () => {
401
- const d = o.installing;
402
- d && c(d);
403
- }), o.installing ? c(o.installing) : o.waiting && navigator.serviceWorker.controller && (ce() < ie ? a() : console.warn(
404
- "SW: a waiting worker exists but reload budget is exhausted skipping activation"
405
- )), o.update().catch((d) => {
406
- console.error(d);
407
- });
408
- try {
409
- await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await I(o, { timeoutMs: 8e3 })({
410
- type: "claim",
411
- configurationName: n,
412
- data: null
413
- }), await Xe(2e3));
414
- } catch (d) {
415
- return console.warn(`Failed init ServiceWorker ${d?.toString?.() ?? String(d)}`), null;
416
- }
417
- Ee || (Ee = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
418
- if (M)
419
- return;
420
- const d = ze();
421
- if (d > ie) {
422
- console.warn(
423
- `SW controllerchange: reload budget exhausted (${d - 1} reloads). Skipping reload to avoid infinite loop.`
424
- );
425
- return;
426
- }
427
- M = !0, console.log("SW controller changed – reloading page"), Z(), window.location.reload();
428
- }));
429
- const f = async (d) => I(o)({ type: "clear", data: { status: d }, configurationName: n }), u = async (d, N, S) => {
430
- const b = await I(o)({
431
- type: "init",
432
- data: {
433
- oidcServerConfiguration: d,
434
- where: N,
435
- oidcConfiguration: {
436
- token_renew_mode: S.token_renew_mode,
437
- service_worker_convert_all_requests_to_cors: S.service_worker_convert_all_requests_to_cors
438
- }
439
- },
440
- configurationName: n
441
- }), K = b.version;
442
- if (K !== oe) {
443
- console.warn(
444
- `Service worker ${K} version mismatch with js client version ${oe}, unregistering and reloading`
445
- );
446
- const U = parseInt(sessionStorage.getItem(i) ?? "0", 10);
447
- if (U < 3) {
448
- if (sessionStorage.setItem(i, String(U + 1)), o.waiting)
449
- return await a(), await X({ milliseconds: 500 }), M || (M = !0, window.location.reload()), new Promise(() => {
450
- });
451
- {
452
- Z();
453
- try {
454
- await o.update();
455
- } catch (Ae) {
456
- console.error(Ae);
457
- }
458
- const L = await o.unregister();
459
- return console.log(`Service worker unregistering ${L}`), await X({ milliseconds: 500 }), M || (M = !0, window.location.reload()), new Promise(() => {
460
- });
461
- }
462
- } else
463
- console.error(
464
- `Service worker version mismatch persists after ${U} attempt(s). Continuing with mismatched version.`
465
- );
466
- } else
467
- sessionStorage.removeItem(i), Qe();
468
- return {
469
- tokens: he(b.tokens, null, S.token_renew_mode),
470
- status: b.status
471
- };
472
- }, l = (d = "/") => {
473
- ve == null && (ve = "not_null", We(d));
474
- }, h = (d) => I(o)({
475
- type: "setSessionState",
476
- data: { sessionState: d },
477
- configurationName: n
478
- }), _ = async () => (await I(o)({
479
- type: "getSessionState",
480
- data: null,
481
- configurationName: n
482
- })).sessionState, m = (d) => (sessionStorage[`oidc.nonce.${n}`] = d.nonce, I(o)({
483
- type: "setNonce",
484
- data: { nonce: d },
485
- configurationName: n
486
- })), p = async (d = !0) => {
487
- let S = (await I(o)({
488
- type: "getNonce",
489
- data: null,
490
- configurationName: n
491
- })).nonce;
492
- return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage"), d && (await m(S), S = (await p(!1)).nonce)), { nonce: S };
493
- }, g = {}, y = (d) => {
494
- g[n] = d, localStorage[`oidc.login.${n}`] = JSON.stringify(d);
495
- }, A = () => {
496
- const d = localStorage[`oidc.login.${n}`];
497
- return g[n] || (g[n] = JSON.parse(d)), g[n];
498
- }, T = async (d) => {
499
- await I(o)({
500
- type: "setDemonstratingProofOfPossessionNonce",
501
- data: { demonstratingProofOfPossessionNonce: d },
502
- configurationName: n
503
- });
504
- }, O = async () => (await I(o)({
505
- type: "getDemonstratingProofOfPossessionNonce",
506
- data: null,
507
- configurationName: n
508
- })).demonstratingProofOfPossessionNonce, v = async (d) => {
509
- const N = JSON.stringify(d);
510
- await I(o)({
511
- type: "setDemonstratingProofOfPossessionJwk",
512
- data: { demonstratingProofOfPossessionJwkJson: N },
513
- configurationName: n
514
- });
515
- }, C = async () => {
516
- const d = await I(o)({
517
- type: "getDemonstratingProofOfPossessionJwk",
518
- data: null,
519
- configurationName: n
520
- });
521
- return d.demonstratingProofOfPossessionJwkJson ? JSON.parse(d.demonstratingProofOfPossessionJwkJson) : null;
522
- }, w = async (d = !0) => {
523
- let S = (await I(o)({
524
- type: "getState",
525
- data: null,
526
- configurationName: n
527
- })).state;
528
- return S || (S = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage"), d && (await G(S), S = await w(!1))), S;
529
- }, G = async (d) => (sessionStorage[`oidc.state.${n}`] = d, I(o)({
530
- type: "setState",
531
- data: { state: d },
532
- configurationName: n
533
- })), $ = async (d = !0) => {
534
- let S = (await I(o)({
535
- type: "getCodeVerifier",
536
- data: null,
537
- configurationName: n
538
- })).codeVerifier;
539
- return S || (S = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), d && (await E(S), S = await $(!1))), S;
540
- }, E = async (d) => (sessionStorage[`oidc.code_verifier.${n}`] = d, I(o)({
541
- type: "setCodeVerifier",
542
- data: { codeVerifier: d },
543
- configurationName: n
544
- }));
545
- return {
546
- clearAsync: f,
547
- initAsync: u,
548
- startKeepAliveServiceWorker: () => l(e.service_worker_keep_alive_path),
549
- setSessionStateAsync: h,
550
- getSessionStateAsync: _,
551
- setNonceAsync: m,
552
- getNonceAsync: p,
553
- setLoginParams: y,
554
- getLoginParams: A,
555
- getStateAsync: w,
556
- setStateAsync: G,
557
- getCodeVerifierAsync: $,
558
- setCodeVerifierAsync: E,
559
- setDemonstratingProofOfPossessionNonce: T,
560
- getDemonstratingProofOfPossessionNonce: O,
561
- setDemonstratingProofOfPossessionJwkAsync: v,
562
- getDemonstratingProofOfPossessionJwkAsync: C
563
- };
564
- }, J = {}, Ze = (e, n = window.sessionStorage, t) => {
565
- if (!J[e] && n) {
566
- const o = n.getItem(e);
567
- o && (J[e] = JSON.parse(o));
568
- }
569
- const s = 1e3 * t;
570
- return J[e] && J[e].timestamp + s > Date.now() ? J[e].result : null;
571
- }, en = (e, n, t = window.sessionStorage) => {
572
- const s = Date.now();
573
- J[e] = { result: n, timestamp: s }, t && t.setItem(e, JSON.stringify({ result: n, timestamp: s }));
148
+ var p = (e, t = null, n) => {
149
+ if (!e) return null;
150
+ let r, i = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
151
+ r = e.accessTokenPayload === void 0 ? l(e.accessToken) : e.accessTokenPayload;
152
+ let a;
153
+ a = t != null && "idToken" in t && !("idToken" in e) ? t.idToken : e.idToken;
154
+ let o = e.idTokenPayload ? e.idTokenPayload : l(a), s = o && o.exp ? o.exp : Number.MAX_VALUE, c = r && r.exp ? r.exp : e.issuedAt + i;
155
+ e.issuedAt = f(e, r, o);
156
+ let u;
157
+ u = e.expiresAt ? e.expiresAt : n === d.access_token_invalid ? c : n === d.id_token_invalid || s < c ? s : c;
158
+ let p = {
159
+ ...e,
160
+ idTokenPayload: o,
161
+ accessTokenPayload: r,
162
+ expiresAt: u,
163
+ idToken: a
164
+ };
165
+ if (t != null && "refreshToken" in t && !("refreshToken" in e)) {
166
+ let e = t.refreshToken;
167
+ return {
168
+ ...p,
169
+ refreshToken: e
170
+ };
171
+ }
172
+ return p;
173
+ }, m = (e, t, n) => {
174
+ if (!e) return null;
175
+ e.issued_at ||= (/* @__PURE__ */ new Date()).getTime() / 1e3;
176
+ let r = {
177
+ accessToken: e.access_token,
178
+ expiresIn: e.expires_in,
179
+ idToken: e.id_token,
180
+ scope: e.scope,
181
+ tokenType: e.token_type,
182
+ issuedAt: e.issued_at
183
+ };
184
+ return "refresh_token" in e && (r.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (r.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (r.idTokenPayload = e.idTokenPayload), p(r, t, n);
185
+ }, h = (e, t) => {
186
+ let n = t - (/* @__PURE__ */ new Date()).getTime() / 1e3;
187
+ return Math.round(n - e);
188
+ }, g = (e, t = 0) => e ? h(t, e.expiresAt) > 0 : !1, _ = async (e, t = 200, n = 50) => {
189
+ let r = n, i = await e.syncTokensInfoAsync();
190
+ for (; [
191
+ G.REQUIRE_SYNC_TOKENS,
192
+ G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
193
+ G.TOKENS_INVALID
194
+ ].includes(i) && r > 0;) {
195
+ if (e.configuration.token_automatic_renew_mode == o.AutomaticOnlyWhenFetchExecuted) {
196
+ await e.renewTokensAsync({});
197
+ break;
198
+ } else await C({ milliseconds: t });
199
+ --r, i = await e.syncTokensInfoAsync();
200
+ }
201
+ return {
202
+ isTokensValid: g(e.getTokens()),
203
+ tokens: e.getTokens(),
204
+ numberWaited: r - n
205
+ };
206
+ }, v = (e, t, n) => {
207
+ if (e.idTokenPayload) {
208
+ let r = e.idTokenPayload;
209
+ if (n.issuer !== r.iss) return {
210
+ isValid: !1,
211
+ reason: `Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`
212
+ };
213
+ let i = (/* @__PURE__ */ new Date()).getTime() / 1e3;
214
+ if (r.exp && r.exp < i) return {
215
+ isValid: !1,
216
+ reason: `Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`
217
+ };
218
+ let a = 3600 * 24 * 7;
219
+ if (r.iat && r.iat + a < i) return {
220
+ isValid: !1,
221
+ reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat + a} < (currentTimeUnixSecond) ${i}`
222
+ };
223
+ if (r.nonce && r.nonce !== t) return {
224
+ isValid: !1,
225
+ reason: `Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`
226
+ };
227
+ }
228
+ return {
229
+ isValid: !0,
230
+ reason: ""
231
+ };
232
+ }, y = (function() {
233
+ let e = typeof window > "u" ? global : window;
234
+ return {
235
+ setTimeout: setTimeout.bind(e),
236
+ clearTimeout: clearTimeout.bind(e),
237
+ setInterval: setInterval.bind(e),
238
+ clearInterval: clearInterval.bind(e)
239
+ };
240
+ })(), b = "7.27.4", x = null, S, C = ({ milliseconds: e }) => new Promise((t) => y.setTimeout(t, e)), w = (e = "/") => {
241
+ try {
242
+ S = new AbortController(), fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: S.signal }).catch((e) => {
243
+ console.log(e);
244
+ }), C({ milliseconds: 150 * 1e3 }).then(() => w(e));
245
+ } catch (e) {
246
+ console.log(e);
247
+ }
248
+ }, T = () => {
249
+ S && S.abort();
250
+ }, E = (e) => {
251
+ let t = `oidc.tabId.${e}`, n = sessionStorage.getItem(t);
252
+ if (n) return n;
253
+ let r = globalThis.crypto.randomUUID();
254
+ return sessionStorage.setItem(t, r), r;
255
+ }, D = 5e3, ee = (e) => navigator.serviceWorker.controller ?? e.active ?? e.waiting ?? e.installing ?? null, O = (e, t) => (n) => {
256
+ let r = t?.timeoutMs ?? D;
257
+ return new Promise((t, i) => {
258
+ let a = ee(e);
259
+ if (!a) {
260
+ i(/* @__PURE__ */ Error("Service worker target not available (controller/active/waiting/installing missing)"));
261
+ return;
262
+ }
263
+ let o = new MessageChannel(), s = null, c = () => {
264
+ try {
265
+ s != null && (y.clearTimeout(s), s = null), o.port1.onmessage = null, o.port1.close(), o.port2.close();
266
+ } catch (e) {
267
+ console.error(e);
268
+ }
269
+ };
270
+ s = y.setTimeout(() => {
271
+ c(), i(/* @__PURE__ */ Error(`Service worker did not respond within ${r}ms (type=${n?.type})`));
272
+ }, r), o.port1.onmessage = (e) => {
273
+ c(), e?.data?.error ? i(e.data.error) : t(e.data);
274
+ };
275
+ try {
276
+ let e = n?.configurationName;
277
+ a.postMessage({
278
+ ...n,
279
+ tabId: E(e ?? "default")
280
+ }, [o.port2]);
281
+ } catch (e) {
282
+ c(), i(e);
283
+ }
284
+ });
285
+ }, te = async (e) => navigator.serviceWorker.controller ? navigator.serviceWorker.controller : new Promise((t) => {
286
+ let n = !1, r = () => {
287
+ n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
288
+ };
289
+ navigator.serviceWorker.addEventListener("controllerchange", r), y.setTimeout(() => {
290
+ n || (n = !0, navigator.serviceWorker.removeEventListener("controllerchange", r), t(navigator.serviceWorker.controller ?? null));
291
+ }, e);
292
+ }), ne = !1, k = !1, A = /* @__PURE__ */ new Map(), j = "oidc.sw.controllerchange_reload_count", M = 3, N = () => {
293
+ try {
294
+ return parseInt(sessionStorage.getItem(j) ?? "0", 10);
295
+ } catch {
296
+ return 0;
297
+ }
298
+ }, re = () => {
299
+ let e = N() + 1;
300
+ try {
301
+ sessionStorage.setItem(j, String(e));
302
+ } catch {}
303
+ return e;
304
+ }, ie = () => {
305
+ try {
306
+ sessionStorage.removeItem(j);
307
+ } catch {}
308
+ }, P = async (e, t) => {
309
+ let n = e.service_worker_relative_url;
310
+ if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n || e.service_worker_activate() === !1) return null;
311
+ let r = `${n}?v=${b}`, i = null;
312
+ e.service_worker_register ? (A.has(n) || A.set(n, e.service_worker_register(n)), i = await A.get(n)) : (A.has(r) || A.set(r, navigator.serviceWorker.register(r, { updateViaCache: "none" })), i = await A.get(r));
313
+ let a = `oidc.sw.version_mismatch_reload.${t}`, o = async (e) => {
314
+ T(), console.log("New SW waiting SKIP_WAITING");
315
+ try {
316
+ await new Promise((n, r) => {
317
+ let i = new MessageChannel(), a = null, o = () => {
318
+ try {
319
+ a != null && (y.clearTimeout(a), a = null), i.port1.onmessage = null, i.port1.close(), i.port2.close();
320
+ } catch (e) {
321
+ console.error(e);
322
+ }
323
+ };
324
+ a = y.setTimeout(() => {
325
+ o(), r(/* @__PURE__ */ Error("SKIP_WAITING did not respond within 8000ms"));
326
+ }, 8e3), i.port1.onmessage = (e) => {
327
+ o(), e?.data?.error ? r(e.data.error) : n();
328
+ };
329
+ try {
330
+ e.postMessage({
331
+ type: "SKIP_WAITING",
332
+ configurationName: t,
333
+ data: null,
334
+ tabId: E(t ?? "default")
335
+ }, [i.port2]);
336
+ } catch (e) {
337
+ o(), r(e);
338
+ }
339
+ });
340
+ } catch (e) {
341
+ console.warn("SKIP_WAITING failed", e);
342
+ }
343
+ }, s = async () => {
344
+ let e = i.waiting;
345
+ e ? await o(e) : console.warn("sendSkipWaiting called but no waiting service worker found");
346
+ }, c = (e) => {
347
+ T(), e.addEventListener("statechange", async () => {
348
+ if (e.state === "installed" && navigator.serviceWorker.controller) {
349
+ if (N() >= M) {
350
+ console.warn("SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted");
351
+ return;
352
+ }
353
+ await o(e);
354
+ }
355
+ });
356
+ };
357
+ i.addEventListener("updatefound", () => {
358
+ let e = i.installing;
359
+ e && c(e);
360
+ }), i.installing ? c(i.installing) : i.waiting && navigator.serviceWorker.controller && (N() < M ? s() : console.warn("SW: a waiting worker exists but reload budget is exhausted – skipping activation")), i.update().catch((e) => {
361
+ console.error(e);
362
+ });
363
+ try {
364
+ await navigator.serviceWorker.ready, navigator.serviceWorker.controller || (await O(i, { timeoutMs: 8e3 })({
365
+ type: "claim",
366
+ configurationName: t,
367
+ data: null
368
+ }), await te(2e3));
369
+ } catch (e) {
370
+ return console.warn(`Failed init ServiceWorker ${e?.toString?.() ?? String(e)}`), null;
371
+ }
372
+ ne || (ne = !0, navigator.serviceWorker.addEventListener("controllerchange", () => {
373
+ if (k) return;
374
+ let e = re();
375
+ if (e > M) {
376
+ console.warn(`SW controllerchange: reload budget exhausted (${e - 1} reloads). Skipping reload to avoid infinite loop.`);
377
+ return;
378
+ }
379
+ k = !0, console.log("SW controller changed – reloading page"), T(), window.location.reload();
380
+ }));
381
+ let l = async (e) => O(i)({
382
+ type: "clear",
383
+ data: { status: e },
384
+ configurationName: t
385
+ }), u = async (e, n, r) => {
386
+ let o = await O(i)({
387
+ type: "init",
388
+ data: {
389
+ oidcServerConfiguration: e,
390
+ where: n,
391
+ oidcConfiguration: {
392
+ token_renew_mode: r.token_renew_mode,
393
+ service_worker_convert_all_requests_to_cors: r.service_worker_convert_all_requests_to_cors
394
+ }
395
+ },
396
+ configurationName: t
397
+ }), c = o.version;
398
+ if (c !== "7.27.4") {
399
+ console.warn(`Service worker ${c} version mismatch with js client version ${b}, unregistering and reloading`);
400
+ let e = parseInt(sessionStorage.getItem(a) ?? "0", 10);
401
+ if (e < 3) {
402
+ if (sessionStorage.setItem(a, String(e + 1)), i.waiting) return await s(), await C({ milliseconds: 500 }), k || (k = !0, window.location.reload()), new Promise(() => {});
403
+ {
404
+ T();
405
+ try {
406
+ await i.update();
407
+ } catch (e) {
408
+ console.error(e);
409
+ }
410
+ let e = await i.unregister();
411
+ return console.log(`Service worker unregistering ${e}`), await C({ milliseconds: 500 }), k || (k = !0, window.location.reload()), new Promise(() => {});
412
+ }
413
+ } else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`);
414
+ } else sessionStorage.removeItem(a), ie();
415
+ return {
416
+ tokens: m(o.tokens, null, r.token_renew_mode),
417
+ status: o.status
418
+ };
419
+ }, d = (e = "/") => {
420
+ x ?? (x = "not_null", w(e));
421
+ }, f = (e) => O(i)({
422
+ type: "setSessionState",
423
+ data: { sessionState: e },
424
+ configurationName: t
425
+ }), p = async () => (await O(i)({
426
+ type: "getSessionState",
427
+ data: null,
428
+ configurationName: t
429
+ })).sessionState, h = (e) => (sessionStorage[`oidc.nonce.${t}`] = e.nonce, O(i)({
430
+ type: "setNonce",
431
+ data: { nonce: e },
432
+ configurationName: t
433
+ })), g = async (e = !0) => {
434
+ let n = (await O(i)({
435
+ type: "getNonce",
436
+ data: null,
437
+ configurationName: t
438
+ })).nonce;
439
+ return n || (n = sessionStorage[`oidc.nonce.${t}`], console.warn("nonce not found in service worker, using sessionStorage"), e && (await h(n), n = (await g(!1)).nonce)), { nonce: n };
440
+ }, _ = {}, v = (e) => {
441
+ _[t] = e, localStorage[`oidc.login.${t}`] = JSON.stringify(e);
442
+ }, S = () => {
443
+ let e = localStorage[`oidc.login.${t}`];
444
+ return _[t] || (_[t] = JSON.parse(e)), _[t];
445
+ }, D = async (e) => {
446
+ await O(i)({
447
+ type: "setDemonstratingProofOfPossessionNonce",
448
+ data: { demonstratingProofOfPossessionNonce: e },
449
+ configurationName: t
450
+ });
451
+ }, ee = async () => (await O(i)({
452
+ type: "getDemonstratingProofOfPossessionNonce",
453
+ data: null,
454
+ configurationName: t
455
+ })).demonstratingProofOfPossessionNonce, j = async (e) => {
456
+ let n = JSON.stringify(e);
457
+ await O(i)({
458
+ type: "setDemonstratingProofOfPossessionJwk",
459
+ data: { demonstratingProofOfPossessionJwkJson: n },
460
+ configurationName: t
461
+ });
462
+ }, P = async () => {
463
+ let e = await O(i)({
464
+ type: "getDemonstratingProofOfPossessionJwk",
465
+ data: null,
466
+ configurationName: t
467
+ });
468
+ return e.demonstratingProofOfPossessionJwkJson ? JSON.parse(e.demonstratingProofOfPossessionJwkJson) : null;
469
+ }, F = async (e = !0) => {
470
+ let n = (await O(i)({
471
+ type: "getState",
472
+ data: null,
473
+ configurationName: t
474
+ })).state;
475
+ return n || (n = sessionStorage[`oidc.state.${t}`], console.warn("state not found in service worker, using sessionStorage"), e && (await I(n), n = await F(!1))), n;
476
+ }, I = async (e) => (sessionStorage[`oidc.state.${t}`] = e, O(i)({
477
+ type: "setState",
478
+ data: { state: e },
479
+ configurationName: t
480
+ })), L = async (e = !0) => {
481
+ let n = (await O(i)({
482
+ type: "getCodeVerifier",
483
+ data: null,
484
+ configurationName: t
485
+ })).codeVerifier;
486
+ return n || (n = sessionStorage[`oidc.code_verifier.${t}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), e && (await R(n), n = await L(!1))), n;
487
+ }, R = async (e) => (sessionStorage[`oidc.code_verifier.${t}`] = e, O(i)({
488
+ type: "setCodeVerifier",
489
+ data: { codeVerifier: e },
490
+ configurationName: t
491
+ }));
492
+ return {
493
+ clearAsync: l,
494
+ initAsync: u,
495
+ startKeepAliveServiceWorker: () => d(e.service_worker_keep_alive_path),
496
+ setSessionStateAsync: f,
497
+ getSessionStateAsync: p,
498
+ setNonceAsync: h,
499
+ getNonceAsync: g,
500
+ setLoginParams: v,
501
+ getLoginParams: S,
502
+ getStateAsync: F,
503
+ setStateAsync: I,
504
+ getCodeVerifierAsync: L,
505
+ setCodeVerifierAsync: R,
506
+ setDemonstratingProofOfPossessionNonce: D,
507
+ getDemonstratingProofOfPossessionNonce: ee,
508
+ setDemonstratingProofOfPossessionJwkAsync: j,
509
+ getDemonstratingProofOfPossessionJwkAsync: P
510
+ };
511
+ }, F = {}, I = (e, t = window.sessionStorage, n) => {
512
+ if (!F[e] && t) {
513
+ let n = t.getItem(e);
514
+ n && (F[e] = JSON.parse(n));
515
+ }
516
+ let r = 1e3 * n;
517
+ return F[e] && F[e].timestamp + r > Date.now() ? F[e].result : null;
518
+ }, L = (e, t, n = window.sessionStorage) => {
519
+ let r = Date.now();
520
+ F[e] = {
521
+ result: t,
522
+ timestamp: r
523
+ }, n && n.setItem(e, JSON.stringify({
524
+ result: t,
525
+ timestamp: r
526
+ }));
574
527
  };
575
- function Le(e) {
576
- return new TextEncoder().encode(e);
528
+ //#endregion
529
+ //#region src/jwt.ts
530
+ function R(e) {
531
+ return new TextEncoder().encode(e);
577
532
  }
578
- function De(e) {
579
- return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
533
+ function ae(e) {
534
+ return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
580
535
  }
581
- function nn(e) {
582
- return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g, function(t, s) {
583
- return String.fromCharCode(parseInt(s, 16));
584
- });
536
+ function oe(e) {
537
+ return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g, function(e, t) {
538
+ return String.fromCharCode(parseInt(t, 16));
539
+ });
585
540
  }
586
- const me = (e) => {
587
- let n = "";
588
- return e.forEach(function(t) {
589
- n += String.fromCharCode(t);
590
- }), De(n);
541
+ var z = (e) => {
542
+ let t = "";
543
+ return e.forEach(function(e) {
544
+ t += String.fromCharCode(e);
545
+ }), ae(t);
591
546
  };
592
- function Oe(e) {
593
- return De(nn(e));
547
+ function se(e) {
548
+ return ae(oe(e));
594
549
  }
595
- const tn = {
596
- importKeyAlgorithm: {
597
- name: "ECDSA",
598
- namedCurve: "P-256",
599
- hash: { name: "ES256" }
600
- },
601
- signAlgorithm: { name: "ECDSA", hash: { name: "SHA-256" } },
602
- generateKeyAlgorithm: {
603
- name: "ECDSA",
604
- namedCurve: "P-256"
605
- },
606
- digestAlgorithm: { name: "SHA-256" },
607
- jwtHeaderAlgorithm: "ES256"
608
- }, sn = (e) => async (n, t, s, o, i = "dpop+jwt") => {
609
- switch (n = Object.assign({}, n), t.typ = i, t.alg = o.jwtHeaderAlgorithm, t.alg) {
610
- case "ES256":
611
- t.jwk = { kty: n.kty, crv: n.crv, x: n.x, y: n.y };
612
- break;
613
- case "RS256":
614
- t.jwk = { kty: n.kty, n: n.n, e: n.e, kid: t.kid };
615
- break;
616
- default:
617
- throw new Error("Unknown or not implemented JWS algorithm");
618
- }
619
- const r = {
620
- // @ts-ignore
621
- // JWT "headers" really means JWS "protected headers"
622
- protected: Oe(JSON.stringify(t)),
623
- // @ts-ignore
624
- // JWT "claims" are really a JSON-defined JWS "payload"
625
- payload: Oe(JSON.stringify(s))
626
- }, a = o.importKeyAlgorithm, c = !0, f = ["sign"], u = await e.crypto.subtle.importKey("jwk", n, a, c, f), l = Le(`${r.protected}.${r.payload}`), h = o.signAlgorithm, _ = await e.crypto.subtle.sign(h, u, l);
627
- return r.signature = me(new Uint8Array(_)), `${r.protected}.${r.payload}.${r.signature}`;
628
- }, on = { sign: sn }, rn = (e) => async (n) => {
629
- const t = n, s = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(t, s, o);
630
- return await e.crypto.subtle.exportKey("jwk", i.privateKey);
631
- }, an = (e) => {
632
- const n = Object.assign({}, e);
633
- return delete n.d, n.key_ops = ["verify"], n;
634
- }, cn = {
635
- generate: rn,
636
- neuter: an
637
- }, ln = (e) => async (n, t) => {
638
- let s;
639
- switch (n.kty) {
640
- case "EC":
641
- s = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", n.crv).replace("X", n.x).replace("Y", n.y);
642
- break;
643
- case "RSA":
644
- s = '{"e":"E","kty":"RSA","n":"N"}'.replace("E", n.e).replace("N", n.n);
645
- break;
646
- default:
647
- throw new Error("Unknown or not implemented JWK type");
648
- }
649
- const o = await e.crypto.subtle.digest(t, Le(s));
650
- return me(new Uint8Array(o));
651
- }, un = { thumbprint: ln }, _n = (e) => async (n) => await cn.generate(e)(n), Re = (e) => (n) => async (t, s = "POST", o, i = {}) => {
652
- const r = {
653
- // https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
654
- jti: btoa(fn()),
655
- htm: s,
656
- htu: o,
657
- iat: Math.round(Date.now() / 1e3),
658
- ...i
659
- }, a = await un.thumbprint(e)(
660
- t,
661
- n.digestAlgorithm
662
- );
663
- return await on.sign(e)(
664
- t,
665
- { kid: a },
666
- r,
667
- n
668
- );
669
- }, fn = () => {
670
- const e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", n = "0123456789abcdef";
671
- let t = 0, s = "";
672
- for (let o = 0; o < 36; o++)
673
- e[o] !== "-" && e[o] !== "4" && (t = Math.random() * 16 | 0), e[o] === "x" ? s += n[t] : e[o] === "y" ? (t &= 3, t |= 8, s += n[t]) : s += e[o];
674
- return s;
675
- }, $e = () => {
676
- const e = typeof window < "u" && !!window.crypto, n = e && !!window.crypto.subtle;
677
- return { hasCrypto: e, hasSubtleCrypto: n };
678
- }, le = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", dn = (e) => {
679
- const n = [];
680
- for (let t = 0; t < e.byteLength; t += 1) {
681
- const s = e[t] % le.length;
682
- n.push(le[s]);
683
- }
684
- return n.join("");
685
- }, ue = (e) => {
686
- const n = new Uint8Array(e), { hasCrypto: t } = $e();
687
- if (t)
688
- window.crypto.getRandomValues(n);
689
- else
690
- for (let s = 0; s < e; s += 1)
691
- n[s] = Math.random() * le.length | 0;
692
- return dn(n);
550
+ var ce = {
551
+ importKeyAlgorithm: {
552
+ name: "ECDSA",
553
+ namedCurve: "P-256",
554
+ hash: { name: "ES256" }
555
+ },
556
+ signAlgorithm: {
557
+ name: "ECDSA",
558
+ hash: { name: "SHA-256" }
559
+ },
560
+ generateKeyAlgorithm: {
561
+ name: "ECDSA",
562
+ namedCurve: "P-256"
563
+ },
564
+ digestAlgorithm: { name: "SHA-256" },
565
+ jwtHeaderAlgorithm: "ES256"
566
+ }, le = { sign: (e) => async (t, n, r, i, a = "dpop+jwt") => {
567
+ switch (t = Object.assign({}, t), n.typ = a, n.alg = i.jwtHeaderAlgorithm, n.alg) {
568
+ case "ES256":
569
+ n.jwk = {
570
+ kty: t.kty,
571
+ crv: t.crv,
572
+ x: t.x,
573
+ y: t.y
574
+ };
575
+ break;
576
+ case "RS256":
577
+ n.jwk = {
578
+ kty: t.kty,
579
+ n: t.n,
580
+ e: t.e,
581
+ kid: n.kid
582
+ };
583
+ break;
584
+ default: throw Error("Unknown or not implemented JWS algorithm");
585
+ }
586
+ let o = {
587
+ protected: se(JSON.stringify(n)),
588
+ payload: se(JSON.stringify(r))
589
+ }, s = i.importKeyAlgorithm, c = await e.crypto.subtle.importKey("jwk", t, s, !0, ["sign"]), l = R(`${o.protected}.${o.payload}`), u = i.signAlgorithm, d = await e.crypto.subtle.sign(u, c, l);
590
+ return o.signature = z(new Uint8Array(d)), `${o.protected}.${o.payload}.${o.signature}`;
591
+ } }, ue = {
592
+ generate: (e) => async (t) => {
593
+ let n = t, r = await e.crypto.subtle.generateKey(n, !0, ["sign", "verify"]);
594
+ return await e.crypto.subtle.exportKey("jwk", r.privateKey);
595
+ },
596
+ neuter: (e) => {
597
+ let t = Object.assign({}, e);
598
+ return delete t.d, t.key_ops = ["verify"], t;
599
+ }
600
+ }, de = { thumbprint: (e) => async (t, n) => {
601
+ let r;
602
+ switch (t.kty) {
603
+ case "EC":
604
+ r = "{\"crv\":\"CRV\",\"kty\":\"EC\",\"x\":\"X\",\"y\":\"Y\"}".replace("CRV", t.crv).replace("X", t.x).replace("Y", t.y);
605
+ break;
606
+ case "RSA":
607
+ r = "{\"e\":\"E\",\"kty\":\"RSA\",\"n\":\"N\"}".replace("E", t.e).replace("N", t.n);
608
+ break;
609
+ default: throw Error("Unknown or not implemented JWK type");
610
+ }
611
+ let i = await e.crypto.subtle.digest(n, R(r));
612
+ return z(new Uint8Array(i));
613
+ } }, fe = (e) => async (t) => await ue.generate(e)(t), pe = (e) => (t) => async (n, r = "POST", i, a = {}) => {
614
+ let o = {
615
+ jti: btoa(me()),
616
+ htm: r,
617
+ htu: i,
618
+ iat: Math.round(Date.now() / 1e3),
619
+ ...a
620
+ }, s = await de.thumbprint(e)(n, t.digestAlgorithm);
621
+ return await le.sign(e)(n, { kid: s }, o, t);
622
+ }, me = () => {
623
+ let e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", t = "0123456789abcdef", n = 0, r = "";
624
+ for (let i = 0; i < 36; i++) e[i] !== "-" && e[i] !== "4" && (n = Math.random() * 16 | 0), e[i] === "x" ? r += t[n] : e[i] === "y" ? (n &= 3, n |= 8, r += t[n]) : r += e[i];
625
+ return r;
626
+ }, he = () => {
627
+ let e = typeof window < "u" && !!window.crypto;
628
+ return {
629
+ hasCrypto: e,
630
+ hasSubtleCrypto: e && !!window.crypto.subtle
631
+ };
632
+ }, ge = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", _e = (e) => {
633
+ let t = [];
634
+ for (let n = 0; n < e.byteLength; n += 1) {
635
+ let r = e[n] % 62;
636
+ t.push(ge[r]);
637
+ }
638
+ return t.join("");
639
+ }, B = (e) => {
640
+ let t = new Uint8Array(e), { hasCrypto: n } = he();
641
+ if (n) window.crypto.getRandomValues(t);
642
+ else for (let n = 0; n < e; n += 1) t[n] = Math.random() * 62 | 0;
643
+ return _e(t);
693
644
  };
694
- function gn(e) {
695
- const n = new ArrayBuffer(e.length), t = new Uint8Array(n);
696
- for (let s = 0; s < e.length; s++)
697
- t[s] = e.charCodeAt(s);
698
- return t;
645
+ function ve(e) {
646
+ let t = new ArrayBuffer(e.length), n = new Uint8Array(t);
647
+ for (let t = 0; t < e.length; t++) n[t] = e.charCodeAt(t);
648
+ return n;
699
649
  }
700
- function Ke(e) {
701
- return new Promise((n, t) => {
702
- crypto.subtle.digest("SHA-256", gn(e)).then(
703
- (s) => n(me(new Uint8Array(s))),
704
- (s) => t(s)
705
- );
706
- });
650
+ function ye(e) {
651
+ return new Promise((t, n) => {
652
+ crypto.subtle.digest("SHA-256", ve(e)).then((e) => t(z(new Uint8Array(e))), (e) => n(e));
653
+ });
707
654
  }
708
- const hn = (e) => {
709
- if (e.length < 43 || e.length > 128)
710
- return Promise.reject(new Error("Invalid code length."));
711
- const { hasSubtleCrypto: n } = $e();
712
- return n ? Ke(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
713
- }, yn = 3600, kn = (e) => async (n, t = yn, s = window.sessionStorage, o = 1e4) => {
714
- const i = `${n}/.well-known/openid-configuration`, r = `oidc.server:${n}`, a = Ze(r, s, t);
715
- if (a)
716
- return new de(a);
717
- const c = await Q(e)(i, {}, o);
718
- if (c.status !== 200)
719
- return null;
720
- const f = await c.json();
721
- return en(r, f, s), new de(f);
722
- }, Q = (e) => async (n, t = {}, s = 1e4, o = 0) => {
723
- let i;
724
- try {
725
- const r = new AbortController();
726
- setTimeout(() => r.abort(), s), i = await e(n, { ...t, signal: r.signal });
727
- } catch (r) {
728
- if (r.name === "AbortError" || r.message === "Network request failed") {
729
- if (o <= 1)
730
- return await Q(e)(n, t, s, o + 1);
731
- throw r;
732
- } else
733
- throw console.error(r.message), r;
734
- }
735
- return i;
736
- }, _e = {
737
- refresh_token: "refresh_token",
738
- access_token: "access_token"
739
- }, be = (e) => async (n, t, s = _e.refresh_token, o, i = {}, r = 1e4) => {
740
- const a = {
741
- token: t,
742
- token_type_hint: s,
743
- client_id: o
744
- };
745
- for (const [l, h] of Object.entries(i))
746
- a[l] === void 0 && (a[l] = h);
747
- const c = [];
748
- for (const l in a) {
749
- const h = encodeURIComponent(l), _ = encodeURIComponent(a[l]);
750
- c.push(`${h}=${_}`);
751
- }
752
- const f = c.join("&");
753
- return (await Q(e)(
754
- n,
755
- {
756
- method: "POST",
757
- headers: {
758
- "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
759
- },
760
- body: f
761
- },
762
- r
763
- )).status !== 200 ? { success: !1 } : {
764
- success: !0
765
- };
766
- }, mn = (e) => async (n, t, s, o, i = {}, r, a = 1e4) => {
767
- for (const [_, m] of Object.entries(s))
768
- t[_] === void 0 && (t[_] = m);
769
- const c = [];
770
- for (const _ in t) {
771
- const m = encodeURIComponent(_), p = encodeURIComponent(t[_]);
772
- c.push(`${m}=${p}`);
773
- }
774
- const f = c.join("&"), u = await Q(e)(
775
- n,
776
- {
777
- method: "POST",
778
- headers: {
779
- "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
780
- ...i
781
- },
782
- body: f
783
- },
784
- a
785
- );
786
- if (u.status !== 200)
787
- return {
788
- success: !1,
789
- status: u.status,
790
- demonstratingProofOfPossessionNonce: null
791
- };
792
- const l = await u.json();
793
- let h = null;
794
- return u.headers.has(se) && (h = u.headers.get(
795
- se
796
- )), {
797
- success: !0,
798
- status: u.status,
799
- data: he(l, o, r),
800
- demonstratingProofOfPossessionNonce: h
801
- };
802
- }, wn = (e, n) => async (t, s) => {
803
- s = s ? { ...s } : {};
804
- const o = ue(128), i = await hn(o);
805
- await e.setCodeVerifierAsync(o), await e.setStateAsync(s.state), s.code_challenge = i, s.code_challenge_method = "S256";
806
- let r = "";
807
- if (s)
808
- for (const [a, c] of Object.entries(s))
809
- r === "" ? r += "?" : r += "&", r += `${a}=${encodeURIComponent(c)}`;
810
- n.open(`${t}${r}`);
811
- }, se = "DPoP-Nonce", pn = (e) => async (n, t, s, o, i = 1e4) => {
812
- t = t ? { ...t } : {}, t.code_verifier = await e.getCodeVerifierAsync();
813
- const r = [];
814
- for (const l in t) {
815
- const h = encodeURIComponent(l), _ = encodeURIComponent(t[l]);
816
- r.push(`${h}=${_}`);
817
- }
818
- const a = r.join("&"), c = await Q(fetch)(
819
- n,
820
- {
821
- method: "POST",
822
- headers: {
823
- "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
824
- ...s
825
- },
826
- body: a
827
- },
828
- i
829
- );
830
- if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), c.status !== 200)
831
- return { success: !1, status: c.status };
832
- let f = null;
833
- c.headers.has(se) && (f = c.headers.get(
834
- se
835
- ));
836
- const u = await c.json();
837
- return {
838
- success: !0,
839
- data: {
840
- state: t.state,
841
- tokens: he(u, null, o),
842
- demonstratingProofOfPossessionNonce: f
843
- }
844
- };
655
+ var be = (e) => {
656
+ if (e.length < 43 || e.length > 128) return Promise.reject(/* @__PURE__ */ Error("Invalid code length."));
657
+ let { hasSubtleCrypto: t } = he();
658
+ return t ? ye(e) : Promise.reject(/* @__PURE__ */ Error("window.crypto.subtle is unavailable."));
659
+ }, xe = 3600, Se = (e) => async (t, n = xe, r = window.sessionStorage, i = 1e4) => {
660
+ let a = `${t}/.well-known/openid-configuration`, o = `oidc.server:${t}`, s = I(o, r, n);
661
+ if (s) return new Z(s);
662
+ let c = await V(e)(a, {}, i);
663
+ if (c.status !== 200) return null;
664
+ let l = await c.json();
665
+ return L(o, l, r), new Z(l);
666
+ }, V = (e) => async (t, n = {}, r = 1e4, i = 0) => {
667
+ let a;
668
+ try {
669
+ let i = new AbortController();
670
+ setTimeout(() => i.abort(), r), a = await e(t, {
671
+ ...n,
672
+ signal: i.signal
673
+ });
674
+ } catch (a) {
675
+ if (a.name === "AbortError" || a.message === "Network request failed") {
676
+ if (i <= 1) return await V(e)(t, n, r, i + 1);
677
+ throw a;
678
+ } else throw console.error(a.message), a;
679
+ }
680
+ return a;
681
+ }, H = {
682
+ refresh_token: "refresh_token",
683
+ access_token: "access_token"
684
+ }, Ce = (e) => async (t, n, r = H.refresh_token, i, a = {}, o = 1e4) => {
685
+ let s = {
686
+ token: n,
687
+ token_type_hint: r,
688
+ client_id: i
689
+ };
690
+ for (let [e, t] of Object.entries(a)) s[e] === void 0 && (s[e] = t);
691
+ let c = [];
692
+ for (let e in s) {
693
+ let t = encodeURIComponent(e), n = encodeURIComponent(s[e]);
694
+ c.push(`${t}=${n}`);
695
+ }
696
+ let l = c.join("&");
697
+ return (await V(e)(t, {
698
+ method: "POST",
699
+ headers: { "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8" },
700
+ body: l
701
+ }, o)).status === 200 ? { success: !0 } : { success: !1 };
702
+ }, we = (e) => async (t, n, r, i, a = {}, o, s = 1e4) => {
703
+ for (let [e, t] of Object.entries(r)) n[e] === void 0 && (n[e] = t);
704
+ let c = [];
705
+ for (let e in n) {
706
+ let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
707
+ c.push(`${t}=${r}`);
708
+ }
709
+ let l = c.join("&"), u = await V(e)(t, {
710
+ method: "POST",
711
+ headers: {
712
+ "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
713
+ ...a
714
+ },
715
+ body: l
716
+ }, s);
717
+ if (u.status !== 200) return {
718
+ success: !1,
719
+ status: u.status,
720
+ demonstratingProofOfPossessionNonce: null
721
+ };
722
+ let d = await u.json(), f = null;
723
+ return u.headers.has(U) && (f = u.headers.get(U)), {
724
+ success: !0,
725
+ status: u.status,
726
+ data: m(d, i, o),
727
+ demonstratingProofOfPossessionNonce: f
728
+ };
729
+ }, Te = (e, t) => async (n, r) => {
730
+ r = r ? { ...r } : {};
731
+ let i = B(128), a = await be(i);
732
+ await e.setCodeVerifierAsync(i), await e.setStateAsync(r.state), r.code_challenge = a, r.code_challenge_method = "S256";
733
+ let o = "";
734
+ if (r) for (let [e, t] of Object.entries(r)) o === "" ? o += "?" : o += "&", o += `${e}=${encodeURIComponent(t)}`;
735
+ t.open(`${n}${o}`);
736
+ }, U = "DPoP-Nonce", Ee = (e) => async (t, n, r, i, a = 1e4) => {
737
+ n = n ? { ...n } : {}, n.code_verifier = await e.getCodeVerifierAsync();
738
+ let o = [];
739
+ for (let e in n) {
740
+ let t = encodeURIComponent(e), r = encodeURIComponent(n[e]);
741
+ o.push(`${t}=${r}`);
742
+ }
743
+ let s = o.join("&"), c = await V(fetch)(t, {
744
+ method: "POST",
745
+ headers: {
746
+ "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
747
+ ...r
748
+ },
749
+ body: s
750
+ }, a);
751
+ if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), c.status !== 200) return {
752
+ success: !1,
753
+ status: c.status
754
+ };
755
+ let l = null;
756
+ c.headers.has(U) && (l = c.headers.get(U));
757
+ let u = await c.json();
758
+ return {
759
+ success: !0,
760
+ data: {
761
+ state: n.state,
762
+ tokens: m(u, null, i),
763
+ demonstratingProofOfPossessionNonce: l
764
+ }
765
+ };
845
766
  };
846
- async function Pe(e, n, t, s = null) {
847
- const o = (c) => {
848
- e.tokens = c;
849
- }, { tokens: i, status: r } = await ee(e)(
850
- o,
851
- 0,
852
- 0,
853
- n,
854
- t,
855
- s
856
- );
857
- return await W(e.configuration, e.configurationName) || x(
858
- e.configurationName,
859
- e.configuration.storage,
860
- e.configuration.login_state_storage ?? e.configuration.storage
861
- ).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(r), null);
767
+ //#endregion
768
+ //#region src/renewTokens.ts
769
+ async function De(e, t, n, r = null) {
770
+ let { tokens: i, status: o } = await q(e)((t) => {
771
+ e.tokens = t;
772
+ }, 0, 0, t, n, r);
773
+ return await P(e.configuration, e.configurationName) || a(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(o), null);
862
774
  }
863
- async function Ue(e, n = !1, t = null, s = null) {
864
- const o = e.configuration, i = `${o.client_id}_${e.configurationName}_${o.authority}`;
865
- let r;
866
- const a = await W(e.configuration, e.configurationName);
867
- if (o?.storage === window?.sessionStorage && !a || !navigator.locks)
868
- r = await Pe(e, n, t, s);
869
- else {
870
- let c = "retry";
871
- for (; c === "retry"; )
872
- c = await navigator.locks.request(
873
- i,
874
- { ifAvailable: !0 },
875
- async (f) => f ? await Pe(e, n, t, s) : (e.publishEvent(D.eventNames.syncTokensAsync_lock_not_available, {
876
- lock: "lock not available"
877
- }), "retry")
878
- );
879
- r = c;
880
- }
881
- return r ? (e.timeoutId && (e.timeoutId = z(e, e.tokens.expiresAt, t, s)), e.tokens) : null;
775
+ async function Oe(e, t = !1, n = null, r = null) {
776
+ let i = e.configuration, a = `${i.client_id}_${e.configurationName}_${i.authority}`, o, s = await P(e.configuration, e.configurationName);
777
+ if (i?.storage === window?.sessionStorage && !s || !navigator.locks) o = await De(e, t, n, r);
778
+ else {
779
+ let i = "retry";
780
+ for (; i === "retry";) i = await navigator.locks.request(a, { ifAvailable: !0 }, async (i) => i ? await De(e, t, n, r) : (e.publishEvent($.eventNames.syncTokensAsync_lock_not_available, { lock: "lock not available" }), "retry"));
781
+ o = i;
782
+ }
783
+ return o ? (e.timeoutId &&= W(e, e.tokens.expiresAt, n, r), e.tokens) : null;
882
784
  }
883
- const z = (e, n, t = null, s = null) => {
884
- const o = e.configuration.refresh_time_before_tokens_expiration_in_second;
885
- return e.timeoutId && R.clearTimeout(e.timeoutId), R.setTimeout(async () => {
886
- const r = { timeLeft: j(o, n) };
887
- e.publishEvent(D.eventNames.token_timer, r), await Ue(e, !1, t, s);
888
- }, 1e3);
889
- }, P = {
890
- FORCE_REFRESH: "FORCE_REFRESH",
891
- SESSION_LOST: "SESSION_LOST",
892
- NOT_CONNECTED: "NOT_CONNECTED",
893
- TOKENS_VALID: "TOKENS_VALID",
894
- TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",
895
- TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
896
- LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
897
- REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS",
898
- TOKENS_INVALID: "TOKENS_INVALID"
899
- }, we = (e) => async (n, t, s, o = !1) => {
900
- const i = { nonce: null };
901
- if (!s)
902
- return { tokens: null, status: P.NOT_CONNECTED, nonce: i };
903
- let r = i;
904
- const a = await e.initAsync(
905
- n.authority,
906
- n.authority_configuration
907
- ), c = await W(n, t);
908
- if (c) {
909
- const { status: l, tokens: h } = await c.initAsync(
910
- a,
911
- "syncTokensAsync",
912
- n
913
- );
914
- if (l === "LOGGED_OUT")
915
- return {
916
- tokens: null,
917
- status: P.LOGOUT_FROM_ANOTHER_TAB,
918
- nonce: i
919
- };
920
- if (l === "SESSIONS_LOST")
921
- return { tokens: null, status: P.SESSION_LOST, nonce: i };
922
- if (!l || !h)
923
- return {
924
- tokens: null,
925
- status: P.REQUIRE_SYNC_TOKENS,
926
- nonce: i
927
- };
928
- if (h.issuedAt !== s.issuedAt) {
929
- const m = j(
930
- n.refresh_time_before_tokens_expiration_in_second,
931
- h.expiresAt
932
- ) > 0 ? P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, p = await c.getNonceAsync();
933
- return { tokens: h, status: m, nonce: p };
934
- }
935
- r = await c.getNonceAsync();
936
- } else {
937
- const l = x(
938
- t,
939
- n.storage ?? sessionStorage,
940
- n.login_state_storage ?? n.storage ?? sessionStorage
941
- ), h = await l.initAsync();
942
- let { tokens: _ } = h;
943
- const { status: m } = h;
944
- if (_ && (_ = ge(_, e.tokens, n.token_renew_mode)), _) {
945
- if (m === "SESSIONS_LOST")
946
- return { tokens: null, status: P.SESSION_LOST, nonce: i };
947
- if (_.issuedAt !== s.issuedAt) {
948
- const g = j(
949
- n.refresh_time_before_tokens_expiration_in_second,
950
- _.expiresAt
951
- ) > 0 ? P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, y = await l.getNonceAsync();
952
- return { tokens: _, status: g, nonce: y };
953
- }
954
- } else return {
955
- tokens: null,
956
- status: P.LOGOUT_FROM_ANOTHER_TAB,
957
- nonce: i
958
- };
959
- r = await l.getNonceAsync();
960
- }
961
- const u = j(
962
- n.refresh_time_before_tokens_expiration_in_second,
963
- s.expiresAt
964
- ) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
965
- return o ? { tokens: s, status: "FORCE_REFRESH", nonce: r } : { tokens: s, status: u, nonce: r };
966
- }, ee = (e) => async (n, t = 0, s = 0, o = !1, i = null, r = null) => {
967
- if (!navigator.onLine && document.hidden)
968
- return { tokens: e.tokens, status: "GIVE_UP" };
969
- let a = 6;
970
- const c = o ? 2 : 5, f = 5;
971
- for (; !navigator.onLine && a > 0; )
972
- await X({ milliseconds: 1e3 }), a--, e.publishEvent(k.refreshTokensAsync, {
973
- message: `wait because navigator is offline try ${a}`
974
- });
975
- const u = document.hidden, l = u ? t : t + 1, h = u ? s + 1 : s;
976
- if (t >= c || s >= f)
977
- return n(null), e.publishEvent(k.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
978
- i || (i = {});
979
- const _ = e.configuration, m = (g, y = null, A = null) => pe(
980
- e.configurationName,
981
- e.configuration,
982
- e.publishEvent.bind(e)
983
- )(g, y, A), p = async () => {
984
- try {
985
- let g;
986
- const y = await W(_, e.configurationName);
987
- y ? g = y.getLoginParams() : g = x(
988
- e.configurationName,
989
- _.storage,
990
- _.login_state_storage ?? _.storage
991
- ).getLoginParams();
992
- const A = {};
993
- if (g && g.extras)
994
- for (const [O, v] of Object.entries(g.extras))
995
- v != null && (A[O] = v);
996
- if (i)
997
- for (const [O, v] of Object.entries(i))
998
- v != null && (A[O] = v);
999
- A.prompt = "none", r && (A.scope = r);
1000
- const T = await m(A);
1001
- return T ? T.error ? (n(null), e.publishEvent(k.refreshTokensAsync_error, {
1002
- message: "refresh token silent"
1003
- }), { tokens: null, status: "SESSION_LOST" }) : (n(T.tokens), e.publishEvent(D.eventNames.token_renewed, {}), { tokens: T.tokens, status: "LOGGED" }) : (n(null), e.publishEvent(k.refreshTokensAsync_error, {
1004
- message: "refresh token silent not active"
1005
- }), { tokens: null, status: "SESSION_LOST" });
1006
- } catch (g) {
1007
- return console.error(g), e.publishEvent(k.refreshTokensAsync_silent_error, {
1008
- message: "exceptionSilent",
1009
- exception: g.message
1010
- }), await ee(e)(
1011
- n,
1012
- l,
1013
- h,
1014
- o,
1015
- i,
1016
- r
1017
- );
1018
- }
1019
- };
1020
- try {
1021
- const { status: g, tokens: y, nonce: A } = await we(e)(
1022
- _,
1023
- e.configurationName,
1024
- e.tokens,
1025
- o
1026
- );
1027
- switch (g) {
1028
- case P.SESSION_LOST:
1029
- return n(null), e.publishEvent(k.refreshTokensAsync_error, {
1030
- message: "refresh token session lost"
1031
- }), { tokens: null, status: "SESSION_LOST" };
1032
- case P.NOT_CONNECTED:
1033
- return n(null), { tokens: null, status: null };
1034
- case P.TOKENS_VALID:
1035
- return n(y), { tokens: y, status: "LOGGED_IN" };
1036
- case P.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
1037
- return n(y), e.publishEvent(D.eventNames.token_renewed, {
1038
- reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"
1039
- }), { tokens: y, status: "LOGGED_IN" };
1040
- case P.LOGOUT_FROM_ANOTHER_TAB:
1041
- return n(null), e.publishEvent(k.logout_from_another_tab, {
1042
- status: "session syncTokensAsync"
1043
- }), { tokens: null, status: "LOGGED_OUT" };
1044
- case P.REQUIRE_SYNC_TOKENS:
1045
- return _.token_automatic_renew_mode == Y.AutomaticOnlyWhenFetchExecuted && !o ? (e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(k.refreshTokensAsync_begin, { tryNumber: t }), await p());
1046
- default: {
1047
- if (_.token_automatic_renew_mode == Y.AutomaticOnlyWhenFetchExecuted && P.FORCE_REFRESH !== g)
1048
- return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
1049
- if (e.publishEvent(k.refreshTokensAsync_begin, {
1050
- refreshToken: y.refreshToken,
1051
- status: g,
1052
- tryNumber: t,
1053
- backgroundTry: s
1054
- }), !y.refreshToken)
1055
- return await p();
1056
- const T = _.client_id, O = _.redirect_uri, v = _.authority, w = { ..._.token_request_extras ? _.token_request_extras : {} };
1057
- for (const [$, E] of Object.entries(i))
1058
- $.endsWith(":token_request") && (w[$.replace(":token_request", "")] = E);
1059
- return await (async () => {
1060
- const $ = {
1061
- client_id: T,
1062
- redirect_uri: O,
1063
- grant_type: "refresh_token",
1064
- refresh_token: y.refreshToken
1065
- }, E = await e.initAsync(
1066
- v,
1067
- _.authority_configuration
1068
- ), d = document.hidden ? 1e4 : 3e4 * 10, N = E.tokenEndpoint, S = {};
1069
- _.demonstrating_proof_of_possession && (S.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(
1070
- y.accessToken,
1071
- N,
1072
- "POST"
1073
- ));
1074
- const b = await mn(e.getFetch())(
1075
- N,
1076
- $,
1077
- w,
1078
- y,
1079
- S,
1080
- _.token_renew_mode,
1081
- d
1082
- );
1083
- if (b.success) {
1084
- const { isValid: K, reason: U } = xe(
1085
- b.data,
1086
- A.nonce,
1087
- E
1088
- );
1089
- if (!K)
1090
- return n(null), e.publishEvent(k.refreshTokensAsync_error, {
1091
- message: `refresh token return not valid tokens, reason: ${U}`
1092
- }), { tokens: null, status: "SESSION_LOST" };
1093
- if (n(b.data), b.demonstratingProofOfPossessionNonce) {
1094
- const L = await W(_, e.configurationName);
1095
- L ? await L.setDemonstratingProofOfPossessionNonce(
1096
- b.demonstratingProofOfPossessionNonce
1097
- ) : await x(
1098
- e.configurationName,
1099
- _.storage,
1100
- _.login_state_storage ?? _.storage
1101
- ).setDemonstratingProofOfPossessionNonce(
1102
- b.demonstratingProofOfPossessionNonce
1103
- );
1104
- }
1105
- return e.publishEvent(k.refreshTokensAsync_end, {
1106
- success: b.success
1107
- }), e.publishEvent(D.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: b.data, status: "LOGGED_IN" };
1108
- } else
1109
- return e.publishEvent(k.refreshTokensAsync_silent_error, {
1110
- message: "bad request",
1111
- tokenResponse: b
1112
- }), b.status >= 400 && b.status < 500 ? (n(null), e.publishEvent(k.refreshTokensAsync_error, {
1113
- message: `session lost: ${b.status}`
1114
- }), { tokens: null, status: "SESSION_LOST" }) : await ee(e)(
1115
- n,
1116
- l,
1117
- h,
1118
- o,
1119
- i,
1120
- r
1121
- );
1122
- })();
1123
- }
1124
- }
1125
- } catch (g) {
1126
- return console.error(g), e.publishEvent(k.refreshTokensAsync_silent_error, {
1127
- message: "exception",
1128
- exception: g.message
1129
- }), new Promise((y, A) => {
1130
- setTimeout(() => {
1131
- ee(e)(
1132
- n,
1133
- l,
1134
- h,
1135
- o,
1136
- i,
1137
- r
1138
- ).then(y).catch(A);
1139
- }, 1e3);
1140
- });
1141
- }
1142
- }, pe = (e, n, t) => (s = null, o = null, i = null) => {
1143
- if (!n.silent_redirect_uri || !n.silent_login_uri)
1144
- return Promise.resolve(null);
1145
- try {
1146
- t(k.silentLoginAsync_begin, {});
1147
- let r = "";
1148
- if (o && (s == null && (s = {}), s.state = o), i != null && (s == null && (s = {}), s.scope = i), s != null)
1149
- for (const [l, h] of Object.entries(s))
1150
- h != null && (r === "" ? r = `?${encodeURIComponent(l)}=${encodeURIComponent(h)}` : r += `&${encodeURIComponent(l)}=${encodeURIComponent(h)}`);
1151
- const a = n.silent_login_uri + r, c = a.indexOf("/", a.indexOf("//") + 2), f = a.substring(0, c), u = document.createElement("iframe");
1152
- return u.width = "0px", u.height = "0px", u.id = `${e}_oidc_iframe`, u.setAttribute("src", a), u.style.display = "none", document.body.appendChild(u), new Promise((l, h) => {
1153
- let _ = !1;
1154
- const m = () => {
1155
- window.removeEventListener("message", p), u.remove(), _ = !0;
1156
- }, p = (g) => {
1157
- if (g.origin === f && g.source === u.contentWindow) {
1158
- const y = `${e}_oidc_tokens:`, A = `${e}_oidc_error:`, T = `${e}_oidc_exception:`, O = g.data;
1159
- if (O && typeof O == "string" && !_) {
1160
- if (O.startsWith(y)) {
1161
- const v = JSON.parse(g.data.replace(y, ""));
1162
- t(k.silentLoginAsync_end, {}), l(v), m();
1163
- } else if (O.startsWith(A)) {
1164
- const v = JSON.parse(g.data.replace(A, ""));
1165
- t(k.silentLoginAsync_error, v), l({ error: "oidc_" + v.error, tokens: null, sessionState: null }), m();
1166
- } else if (O.startsWith(T)) {
1167
- const v = JSON.parse(g.data.replace(T, ""));
1168
- t(k.silentLoginAsync_error, v), h(new Error(v.error)), m();
1169
- }
1170
- }
1171
- }
1172
- };
1173
- try {
1174
- window.addEventListener("message", p);
1175
- const g = n.silent_login_timeout;
1176
- setTimeout(() => {
1177
- _ || (m(), t(k.silentLoginAsync_error, { reason: "timeout" }), h(new Error("timeout")));
1178
- }, g);
1179
- } catch (g) {
1180
- m(), t(k.silentLoginAsync_error, g), h(g);
1181
- }
1182
- });
1183
- } catch (r) {
1184
- throw t(k.silentLoginAsync_error, r), r;
1185
- }
1186
- }, An = (e, n, t, s, o) => (i = null, r = void 0) => {
1187
- i = { ...i };
1188
- const a = (f, u, l) => pe(n, t, s.bind(o))(
1189
- f,
1190
- u,
1191
- l
1192
- );
1193
- return (async () => {
1194
- o.timeoutId && R.clearTimeout(o.timeoutId);
1195
- let f;
1196
- i && "state" in i && (f = i.state, delete i.state);
1197
- try {
1198
- const u = t.extras ? { ...t.extras, ...i } : i, l = await a(
1199
- {
1200
- ...u,
1201
- prompt: "none"
1202
- },
1203
- f,
1204
- r
1205
- );
1206
- if (l)
1207
- return o.tokens = l.tokens, s(k.token_acquired, {}), o.timeoutId = z(o, o.tokens.expiresAt, i, r), {};
1208
- } catch (u) {
1209
- return u;
1210
- }
1211
- })();
1212
- }, Sn = (e, n, t) => (s, o, i, r = !1) => {
1213
- const a = (c, f = void 0, u = void 0) => pe(e.configurationName, t, e.publishEvent.bind(e))(
1214
- c,
1215
- f,
1216
- u
1217
- );
1218
- return new Promise((c, f) => {
1219
- if (t.silent_login_uri && t.silent_redirect_uri && t.monitor_session && s && i && !r) {
1220
- const u = () => {
1221
- e.checkSessionIFrame.stop();
1222
- const l = e.tokens;
1223
- if (l === null)
1224
- return;
1225
- const h = l.idToken, _ = l.idTokenPayload;
1226
- return a({
1227
- prompt: "none",
1228
- id_token_hint: h,
1229
- scope: t.scope || "openid"
1230
- }).then((m) => {
1231
- if (m.error)
1232
- throw new Error(m.error);
1233
- const p = m.tokens.idTokenPayload;
1234
- if (_.sub === p.sub) {
1235
- const g = m.sessionState;
1236
- e.checkSessionIFrame.start(m.sessionState), _.sid === p.sid ? console.debug(
1237
- "SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
1238
- g
1239
- ) : console.debug(
1240
- "SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",
1241
- g
1242
- );
1243
- } else
1244
- console.debug(
1245
- "SessionMonitor._callback: Different subject signed into OP:",
1246
- p.sub
1247
- );
1248
- }).catch(async (m) => {
1249
- console.warn(
1250
- "SessionMonitor._callback: Silent login failed, logging out other tabs:",
1251
- m
1252
- );
1253
- for (const [, p] of Object.entries(n))
1254
- await p.logoutOtherTabAsync(t.client_id, _.sub);
1255
- });
1256
- };
1257
- e.checkSessionIFrame = new Me(
1258
- u,
1259
- o,
1260
- s
1261
- ), e.checkSessionIFrame.load().then(() => {
1262
- e.checkSessionIFrame.start(i), c(e.checkSessionIFrame);
1263
- }).catch((l) => {
1264
- f(l);
1265
- });
1266
- } else
1267
- c(null);
1268
- });
1269
- }, Tn = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), vn = (e) => {
1270
- const n = e.appVersion, t = e.userAgent, s = "-";
1271
- let o = s;
1272
- const i = [
1273
- { s: "Windows 10", r: /(Windows 10.0|Windows NT 10.0)/ },
1274
- { s: "Windows 8.1", r: /(Windows 8.1|Windows NT 6.3)/ },
1275
- { s: "Windows 8", r: /(Windows 8|Windows NT 6.2)/ },
1276
- { s: "Windows 7", r: /(Windows 7|Windows NT 6.1)/ },
1277
- { s: "Windows Vista", r: /Windows NT 6.0/ },
1278
- { s: "Windows Server 2003", r: /Windows NT 5.2/ },
1279
- { s: "Windows XP", r: /(Windows NT 5.1|Windows XP)/ },
1280
- { s: "Windows 2000", r: /(Windows NT 5.0|Windows 2000)/ },
1281
- { s: "Windows ME", r: /(Win 9x 4.90|Windows ME)/ },
1282
- { s: "Windows 98", r: /(Windows 98|Win98)/ },
1283
- { s: "Windows 95", r: /(Windows 95|Win95|Windows_95)/ },
1284
- { s: "Windows NT 4.0", r: /(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/ },
1285
- { s: "Windows CE", r: /Windows CE/ },
1286
- { s: "Windows 3.11", r: /Win16/ },
1287
- { s: "Android", r: /Android/ },
1288
- { s: "Open BSD", r: /OpenBSD/ },
1289
- { s: "Sun OS", r: /SunOS/ },
1290
- { s: "Chrome OS", r: /CrOS/ },
1291
- { s: "Linux", r: /(Linux|X11(?!.*CrOS))/ },
1292
- { s: "iOS", r: /(iPhone|iPad|iPod)/ },
1293
- { s: "Mac OS X", r: /Mac OS X/ },
1294
- { s: "Mac OS", r: /(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/ },
1295
- { s: "QNX", r: /QNX/ },
1296
- { s: "UNIX", r: /UNIX/ },
1297
- { s: "BeOS", r: /BeOS/ },
1298
- { s: "OS/2", r: /OS\/2/ },
1299
- {
1300
- s: "Search Bot",
1301
- r: /(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/
1302
- }
1303
- ];
1304
- for (const a in i) {
1305
- const c = i[a];
1306
- if (c.r.test(t)) {
1307
- o = c.s;
1308
- break;
1309
- }
1310
- }
1311
- let r = s;
1312
- switch (/Windows/.test(o) && (r = /Windows (.*)/.exec(o)[1], o = "Windows"), o) {
1313
- case "Mac OS":
1314
- case "Mac OS X":
1315
- case "Android":
1316
- r = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(t)[1];
1317
- break;
1318
- case "iOS": {
1319
- const a = /OS (\d+)_(\d+)_?(\d+)?/.exec(n);
1320
- a != null && a.length > 2 && (r = a[1] + "." + a[2] + "." + (parseInt(a[3]) | 0));
1321
- break;
1322
- }
1323
- }
1324
- return {
1325
- os: o,
1326
- osVersion: r
1327
- };
785
+ var W = (e, t, n = null, r = null) => {
786
+ let i = e.configuration.refresh_time_before_tokens_expiration_in_second;
787
+ return e.timeoutId && y.clearTimeout(e.timeoutId), y.setTimeout(async () => {
788
+ let a = { timeLeft: h(i, t) };
789
+ e.publishEvent($.eventNames.token_timer, a), await Oe(e, !1, n, r);
790
+ }, 1e3);
791
+ }, G = {
792
+ FORCE_REFRESH: "FORCE_REFRESH",
793
+ SESSION_LOST: "SESSION_LOST",
794
+ NOT_CONNECTED: "NOT_CONNECTED",
795
+ TOKENS_VALID: "TOKENS_VALID",
796
+ TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",
797
+ TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
798
+ LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
799
+ REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS",
800
+ TOKENS_INVALID: "TOKENS_INVALID"
801
+ }, K = (e) => async (t, n, r, i = !1) => {
802
+ let o = { nonce: null };
803
+ if (!r) return {
804
+ tokens: null,
805
+ status: G.NOT_CONNECTED,
806
+ nonce: o
807
+ };
808
+ let s, c = await e.initAsync(t.authority, t.authority_configuration), l = await P(t, n);
809
+ if (l) {
810
+ let { status: e, tokens: n } = await l.initAsync(c, "syncTokensAsync", t);
811
+ if (e === "LOGGED_OUT") return {
812
+ tokens: null,
813
+ status: G.LOGOUT_FROM_ANOTHER_TAB,
814
+ nonce: o
815
+ };
816
+ if (e === "SESSIONS_LOST") return {
817
+ tokens: null,
818
+ status: G.SESSION_LOST,
819
+ nonce: o
820
+ };
821
+ if (!e || !n) return {
822
+ tokens: null,
823
+ status: G.REQUIRE_SYNC_TOKENS,
824
+ nonce: o
825
+ };
826
+ if (n.issuedAt !== r.issuedAt) return {
827
+ tokens: n,
828
+ status: h(t.refresh_time_before_tokens_expiration_in_second, n.expiresAt) > 0 ? G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,
829
+ nonce: await l.getNonceAsync()
830
+ };
831
+ s = await l.getNonceAsync();
832
+ } else {
833
+ let i = a(n, t.storage ?? sessionStorage, t.login_state_storage ?? t.storage ?? sessionStorage), c = await i.initAsync(), { tokens: l } = c, { status: u } = c;
834
+ if (l &&= p(l, e.tokens, t.token_renew_mode), !l) return {
835
+ tokens: null,
836
+ status: G.LOGOUT_FROM_ANOTHER_TAB,
837
+ nonce: o
838
+ };
839
+ if (u === "SESSIONS_LOST") return {
840
+ tokens: null,
841
+ status: G.SESSION_LOST,
842
+ nonce: o
843
+ };
844
+ if (l.issuedAt !== r.issuedAt) {
845
+ let e = h(t.refresh_time_before_tokens_expiration_in_second, l.expiresAt) > 0 ? G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID : G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID, n = await i.getNonceAsync();
846
+ return {
847
+ tokens: l,
848
+ status: e,
849
+ nonce: n
850
+ };
851
+ }
852
+ s = await i.getNonceAsync();
853
+ }
854
+ let u = h(t.refresh_time_before_tokens_expiration_in_second, r.expiresAt) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
855
+ return i ? {
856
+ tokens: r,
857
+ status: "FORCE_REFRESH",
858
+ nonce: s
859
+ } : {
860
+ tokens: r,
861
+ status: u,
862
+ nonce: s
863
+ };
864
+ }, q = (e) => async (t, n = 0, r = 0, s = !1, c = null, l = null) => {
865
+ if (!navigator.onLine && document.hidden) return {
866
+ tokens: e.tokens,
867
+ status: "GIVE_UP"
868
+ };
869
+ let u = 6, d = s ? 2 : 5;
870
+ for (; !navigator.onLine && u > 0;) await C({ milliseconds: 1e3 }), u--, e.publishEvent(i.refreshTokensAsync, { message: `wait because navigator is offline try ${u}` });
871
+ let f = document.hidden, p = f ? n : n + 1, m = f ? r + 1 : r;
872
+ if (n >= d || r >= 5) return t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token" }), {
873
+ tokens: null,
874
+ status: "SESSION_LOST"
875
+ };
876
+ c ||= {};
877
+ let h = e.configuration, g = (t, n = null, r = null) => J(e.configurationName, e.configuration, e.publishEvent.bind(e))(t, n, r), _ = async () => {
878
+ try {
879
+ let n, r = await P(h, e.configurationName);
880
+ n = r ? r.getLoginParams() : a(e.configurationName, h.storage, h.login_state_storage ?? h.storage).getLoginParams();
881
+ let o = {};
882
+ if (n && n.extras) for (let [e, t] of Object.entries(n.extras)) t != null && (o[e] = t);
883
+ if (c) for (let [e, t] of Object.entries(c)) t != null && (o[e] = t);
884
+ o.prompt = "none", l && (o.scope = l);
885
+ let s = await g(o);
886
+ return s ? s.error ? (t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token silent" }), {
887
+ tokens: null,
888
+ status: "SESSION_LOST"
889
+ }) : (t(s.tokens), e.publishEvent($.eventNames.token_renewed, {}), {
890
+ tokens: s.tokens,
891
+ status: "LOGGED"
892
+ }) : (t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token silent not active" }), {
893
+ tokens: null,
894
+ status: "SESSION_LOST"
895
+ });
896
+ } catch (n) {
897
+ return console.error(n), e.publishEvent(i.refreshTokensAsync_silent_error, {
898
+ message: "exceptionSilent",
899
+ exception: n.message
900
+ }), await q(e)(t, p, m, s, c, l);
901
+ }
902
+ };
903
+ try {
904
+ let { status: u, tokens: d, nonce: f } = await K(e)(h, e.configurationName, e.tokens, s);
905
+ switch (u) {
906
+ case G.SESSION_LOST: return t(null), e.publishEvent(i.refreshTokensAsync_error, { message: "refresh token session lost" }), {
907
+ tokens: null,
908
+ status: "SESSION_LOST"
909
+ };
910
+ case G.NOT_CONNECTED: return t(null), {
911
+ tokens: null,
912
+ status: null
913
+ };
914
+ case G.TOKENS_VALID: return t(d), {
915
+ tokens: d,
916
+ status: "LOGGED_IN"
917
+ };
918
+ case G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: return t(d), e.publishEvent($.eventNames.token_renewed, { reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" }), {
919
+ tokens: d,
920
+ status: "LOGGED_IN"
921
+ };
922
+ case G.LOGOUT_FROM_ANOTHER_TAB: return t(null), e.publishEvent(i.logout_from_another_tab, { status: "session syncTokensAsync" }), {
923
+ tokens: null,
924
+ status: "LOGGED_OUT"
925
+ };
926
+ case G.REQUIRE_SYNC_TOKENS: return h.token_automatic_renew_mode == o.AutomaticOnlyWhenFetchExecuted && !s ? (e.publishEvent(i.tokensInvalidAndWaitingActionsToRefresh, {}), {
927
+ tokens: e.tokens,
928
+ status: "GIVE_UP"
929
+ }) : (e.publishEvent(i.refreshTokensAsync_begin, { tryNumber: n }), await _());
930
+ default: {
931
+ if (h.token_automatic_renew_mode == o.AutomaticOnlyWhenFetchExecuted && G.FORCE_REFRESH !== u) return e.publishEvent(i.tokensInvalidAndWaitingActionsToRefresh, {}), {
932
+ tokens: e.tokens,
933
+ status: "GIVE_UP"
934
+ };
935
+ if (e.publishEvent(i.refreshTokensAsync_begin, {
936
+ refreshToken: d.refreshToken,
937
+ status: u,
938
+ tryNumber: n,
939
+ backgroundTry: r
940
+ }), !d.refreshToken) return await _();
941
+ let g = h.client_id, y = h.redirect_uri, b = h.authority, x = { ...h.token_request_extras ? h.token_request_extras : {} };
942
+ for (let [e, t] of Object.entries(c)) e.endsWith(":token_request") && (x[e.replace(":token_request", "")] = t);
943
+ return await (async () => {
944
+ let n = {
945
+ client_id: g,
946
+ redirect_uri: y,
947
+ grant_type: "refresh_token",
948
+ refresh_token: d.refreshToken
949
+ }, r = await e.initAsync(b, h.authority_configuration), o = document.hidden ? 1e4 : 3e4 * 10, u = r.tokenEndpoint, _ = {};
950
+ h.demonstrating_proof_of_possession && (_.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(d.accessToken, u, "POST"));
951
+ let S = await we(e.getFetch())(u, n, x, d, _, h.token_renew_mode, o);
952
+ if (S.success) {
953
+ let { isValid: n, reason: o } = v(S.data, f.nonce, r);
954
+ if (!n) return t(null), e.publishEvent(i.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${o}` }), {
955
+ tokens: null,
956
+ status: "SESSION_LOST"
957
+ };
958
+ if (t(S.data), S.demonstratingProofOfPossessionNonce) {
959
+ let t = await P(h, e.configurationName);
960
+ t ? await t.setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce) : await a(e.configurationName, h.storage, h.login_state_storage ?? h.storage).setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce);
961
+ }
962
+ return e.publishEvent(i.refreshTokensAsync_end, { success: S.success }), e.publishEvent($.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), {
963
+ tokens: S.data,
964
+ status: "LOGGED_IN"
965
+ };
966
+ } else return e.publishEvent(i.refreshTokensAsync_silent_error, {
967
+ message: "bad request",
968
+ tokenResponse: S
969
+ }), S.status >= 400 && S.status < 500 ? (t(null), e.publishEvent(i.refreshTokensAsync_error, { message: `session lost: ${S.status}` }), {
970
+ tokens: null,
971
+ status: "SESSION_LOST"
972
+ }) : await q(e)(t, p, m, s, c, l);
973
+ })();
974
+ }
975
+ }
976
+ } catch (n) {
977
+ return console.error(n), e.publishEvent(i.refreshTokensAsync_silent_error, {
978
+ message: "exception",
979
+ exception: n.message
980
+ }), new Promise((n, r) => {
981
+ setTimeout(() => {
982
+ q(e)(t, p, m, s, c, l).then(n).catch(r);
983
+ }, 1e3);
984
+ });
985
+ }
986
+ }, J = (e, t, n) => (r = null, a = null, o = null) => {
987
+ if (!t.silent_redirect_uri || !t.silent_login_uri) return Promise.resolve(null);
988
+ try {
989
+ n(i.silentLoginAsync_begin, {});
990
+ let s = "";
991
+ if (a && (r ??= {}, r.state = a), o != null && (r ??= {}, r.scope = o), r != null) for (let [e, t] of Object.entries(r)) t != null && (s === "" ? s = `?${encodeURIComponent(e)}=${encodeURIComponent(t)}` : s += `&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);
992
+ let c = t.silent_login_uri + s, l = c.indexOf("/", c.indexOf("//") + 2), u = c.substring(0, l), d = document.createElement("iframe");
993
+ return d.width = "0px", d.height = "0px", d.id = `${e}_oidc_iframe`, d.setAttribute("src", c), d.style.display = "none", document.body.appendChild(d), new Promise((r, a) => {
994
+ let o = !1, s = () => {
995
+ window.removeEventListener("message", c), d.remove(), o = !0;
996
+ }, c = (t) => {
997
+ if (t.origin === u && t.source === d.contentWindow) {
998
+ let c = `${e}_oidc_tokens:`, l = `${e}_oidc_error:`, u = `${e}_oidc_exception:`, d = t.data;
999
+ if (d && typeof d == "string" && !o) {
1000
+ if (d.startsWith(c)) {
1001
+ let e = JSON.parse(t.data.replace(c, ""));
1002
+ n(i.silentLoginAsync_end, {}), r(e), s();
1003
+ } else if (d.startsWith(l)) {
1004
+ let e = JSON.parse(t.data.replace(l, ""));
1005
+ n(i.silentLoginAsync_error, e), r({
1006
+ error: "oidc_" + e.error,
1007
+ tokens: null,
1008
+ sessionState: null
1009
+ }), s();
1010
+ } else if (d.startsWith(u)) {
1011
+ let e = JSON.parse(t.data.replace(u, ""));
1012
+ n(i.silentLoginAsync_error, e), a(Error(e.error)), s();
1013
+ }
1014
+ }
1015
+ }
1016
+ };
1017
+ try {
1018
+ window.addEventListener("message", c);
1019
+ let e = t.silent_login_timeout;
1020
+ setTimeout(() => {
1021
+ o || (s(), n(i.silentLoginAsync_error, { reason: "timeout" }), a(/* @__PURE__ */ Error("timeout")));
1022
+ }, e);
1023
+ } catch (e) {
1024
+ s(), n(i.silentLoginAsync_error, e), a(e);
1025
+ }
1026
+ });
1027
+ } catch (e) {
1028
+ throw n(i.silentLoginAsync_error, e), e;
1029
+ }
1030
+ }, ke = (e, t, n, r, a) => (e = null, o = void 0) => {
1031
+ e = { ...e };
1032
+ let s = (e, i, o) => J(t, n, r.bind(a))(e, i, o);
1033
+ return (async () => {
1034
+ a.timeoutId && y.clearTimeout(a.timeoutId);
1035
+ let t;
1036
+ e && "state" in e && (t = e.state, delete e.state);
1037
+ try {
1038
+ let c = await s({
1039
+ ...n.extras ? {
1040
+ ...n.extras,
1041
+ ...e
1042
+ } : e,
1043
+ prompt: "none"
1044
+ }, t, o);
1045
+ if (c) return a.tokens = c.tokens, r(i.token_acquired, {}), a.timeoutId = W(a, a.tokens.expiresAt, e, o), {};
1046
+ } catch (e) {
1047
+ return e;
1048
+ }
1049
+ })();
1050
+ }, Ae = (e, t, n) => (i, a, o, s = !1) => {
1051
+ let c = (t, r = void 0, i = void 0) => J(e.configurationName, n, e.publishEvent.bind(e))(t, r, i);
1052
+ return new Promise((l, u) => {
1053
+ n.silent_login_uri && n.silent_redirect_uri && n.monitor_session && i && o && !s ? (e.checkSessionIFrame = new r(() => {
1054
+ e.checkSessionIFrame.stop();
1055
+ let r = e.tokens;
1056
+ if (r === null) return;
1057
+ let i = r.idToken, a = r.idTokenPayload;
1058
+ return c({
1059
+ prompt: "none",
1060
+ id_token_hint: i,
1061
+ scope: n.scope || "openid"
1062
+ }).then((t) => {
1063
+ if (t.error) throw Error(t.error);
1064
+ let n = t.tokens.idTokenPayload;
1065
+ if (a.sub === n.sub) {
1066
+ let r = t.sessionState;
1067
+ e.checkSessionIFrame.start(t.sessionState), a.sid === n.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", r) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", r);
1068
+ } else console.debug("SessionMonitor._callback: Different subject signed into OP:", n.sub);
1069
+ }).catch(async (e) => {
1070
+ console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", e);
1071
+ for (let [, e] of Object.entries(t)) await e.logoutOtherTabAsync(n.client_id, a.sub);
1072
+ });
1073
+ }, a, i), e.checkSessionIFrame.load().then(() => {
1074
+ e.checkSessionIFrame.start(o), l(e.checkSessionIFrame);
1075
+ }).catch((e) => {
1076
+ u(e);
1077
+ })) : l(null);
1078
+ });
1079
+ }, je = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), Me = (e) => {
1080
+ let t = e.appVersion, n = e.userAgent, r = "-", i = [
1081
+ {
1082
+ s: "Windows 10",
1083
+ r: /(Windows 10.0|Windows NT 10.0)/
1084
+ },
1085
+ {
1086
+ s: "Windows 8.1",
1087
+ r: /(Windows 8.1|Windows NT 6.3)/
1088
+ },
1089
+ {
1090
+ s: "Windows 8",
1091
+ r: /(Windows 8|Windows NT 6.2)/
1092
+ },
1093
+ {
1094
+ s: "Windows 7",
1095
+ r: /(Windows 7|Windows NT 6.1)/
1096
+ },
1097
+ {
1098
+ s: "Windows Vista",
1099
+ r: /Windows NT 6.0/
1100
+ },
1101
+ {
1102
+ s: "Windows Server 2003",
1103
+ r: /Windows NT 5.2/
1104
+ },
1105
+ {
1106
+ s: "Windows XP",
1107
+ r: /(Windows NT 5.1|Windows XP)/
1108
+ },
1109
+ {
1110
+ s: "Windows 2000",
1111
+ r: /(Windows NT 5.0|Windows 2000)/
1112
+ },
1113
+ {
1114
+ s: "Windows ME",
1115
+ r: /(Win 9x 4.90|Windows ME)/
1116
+ },
1117
+ {
1118
+ s: "Windows 98",
1119
+ r: /(Windows 98|Win98)/
1120
+ },
1121
+ {
1122
+ s: "Windows 95",
1123
+ r: /(Windows 95|Win95|Windows_95)/
1124
+ },
1125
+ {
1126
+ s: "Windows NT 4.0",
1127
+ r: /(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/
1128
+ },
1129
+ {
1130
+ s: "Windows CE",
1131
+ r: /Windows CE/
1132
+ },
1133
+ {
1134
+ s: "Windows 3.11",
1135
+ r: /Win16/
1136
+ },
1137
+ {
1138
+ s: "Android",
1139
+ r: /Android/
1140
+ },
1141
+ {
1142
+ s: "Open BSD",
1143
+ r: /OpenBSD/
1144
+ },
1145
+ {
1146
+ s: "Sun OS",
1147
+ r: /SunOS/
1148
+ },
1149
+ {
1150
+ s: "Chrome OS",
1151
+ r: /CrOS/
1152
+ },
1153
+ {
1154
+ s: "Linux",
1155
+ r: /(Linux|X11(?!.*CrOS))/
1156
+ },
1157
+ {
1158
+ s: "iOS",
1159
+ r: /(iPhone|iPad|iPod)/
1160
+ },
1161
+ {
1162
+ s: "Mac OS X",
1163
+ r: /Mac OS X/
1164
+ },
1165
+ {
1166
+ s: "Mac OS",
1167
+ r: /(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/
1168
+ },
1169
+ {
1170
+ s: "QNX",
1171
+ r: /QNX/
1172
+ },
1173
+ {
1174
+ s: "UNIX",
1175
+ r: /UNIX/
1176
+ },
1177
+ {
1178
+ s: "BeOS",
1179
+ r: /BeOS/
1180
+ },
1181
+ {
1182
+ s: "OS/2",
1183
+ r: /OS\/2/
1184
+ },
1185
+ {
1186
+ s: "Search Bot",
1187
+ r: /(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/
1188
+ }
1189
+ ];
1190
+ for (let e in i) {
1191
+ let t = i[e];
1192
+ if (t.r.test(n)) {
1193
+ r = t.s;
1194
+ break;
1195
+ }
1196
+ }
1197
+ let a = "-";
1198
+ switch (/Windows/.test(r) && (a = /Windows (.*)/.exec(r)[1], r = "Windows"), r) {
1199
+ case "Mac OS":
1200
+ case "Mac OS X":
1201
+ case "Android":
1202
+ a = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];
1203
+ break;
1204
+ case "iOS": {
1205
+ let e = /OS (\d+)_(\d+)_?(\d+)?/.exec(t);
1206
+ e != null && e.length > 2 && (a = e[1] + "." + e[2] + "." + (parseInt(e[3]) | 0));
1207
+ break;
1208
+ }
1209
+ }
1210
+ return {
1211
+ os: r,
1212
+ osVersion: a
1213
+ };
1328
1214
  };
1329
- function En() {
1330
- const e = navigator.userAgent;
1331
- let n, t = e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
1332
- if (/trident/i.test(t[1]))
1333
- return n = /\brv[ :]+(\d+)/g.exec(e) || [], { name: "ie", version: n[1] || "" };
1334
- if (t[1] === "Chrome" && (n = e.match(/\bOPR|Edge\/(\d+)/), n != null)) {
1335
- let s = n[1];
1336
- if (!s) {
1337
- const o = e.split(n[0] + "/");
1338
- o.length > 1 && (s = o[1]);
1339
- }
1340
- return { name: "opera", version: s };
1341
- }
1342
- return t = t[2] ? [t[1], t[2]] : [navigator.appName, navigator.appVersion, "-?"], (n = e.match(/version\/(\d+)/i)) != null && t.splice(1, 1, n[1]), {
1343
- name: t[0].toLowerCase(),
1344
- version: t[1]
1345
- };
1215
+ function Ne() {
1216
+ let e = navigator.userAgent, t, n = e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
1217
+ if (/trident/i.test(n[1])) return t = /\brv[ :]+(\d+)/g.exec(e) || [], {
1218
+ name: "ie",
1219
+ version: t[1] || ""
1220
+ };
1221
+ if (n[1] === "Chrome" && (t = e.match(/\bOPR|Edge\/(\d+)/), t != null)) {
1222
+ let n = t[1];
1223
+ if (!n) {
1224
+ let r = e.split(t[0] + "/");
1225
+ r.length > 1 && (n = r[1]);
1226
+ }
1227
+ return {
1228
+ name: "opera",
1229
+ version: n
1230
+ };
1231
+ }
1232
+ return n = n[2] ? [n[1], n[2]] : [
1233
+ navigator.appName,
1234
+ navigator.appVersion,
1235
+ "-?"
1236
+ ], (t = e.match(/version\/(\d+)/i)) != null && n.splice(1, 1, t[1]), {
1237
+ name: n[0].toLowerCase(),
1238
+ version: n[1]
1239
+ };
1346
1240
  }
1347
- const On = () => {
1348
- const { name: e, version: n } = En();
1349
- if (e === "chrome" && parseInt(n) <= 70 || e === "opera" && (!n || parseInt(n.split(".")[0]) < 80) || e === "ie")
1350
- return !1;
1351
- const t = vn(navigator);
1352
- return !Tn(t);
1353
- }, bn = async (e) => {
1354
- let n;
1355
- if (e.tokens != null)
1356
- return !1;
1357
- e.publishEvent(k.tryKeepExistingSessionAsync_begin, {});
1358
- try {
1359
- const t = e.configuration, s = await e.initAsync(
1360
- t.authority,
1361
- t.authority_configuration
1362
- );
1363
- if (n = await W(t, e.configurationName), n) {
1364
- const { tokens: o } = await n.initAsync(
1365
- s,
1366
- "tryKeepExistingSessionAsync",
1367
- t
1368
- );
1369
- if (o) {
1370
- n.startKeepAliveServiceWorker(), e.tokens = o;
1371
- const i = n.getLoginParams(e.configurationName);
1372
- e.timeoutId = z(
1373
- e,
1374
- e.tokens.expiresAt,
1375
- i.extras,
1376
- i.scope
1377
- );
1378
- const r = await n.getSessionStateAsync();
1379
- return await e.startCheckSessionAsync(
1380
- s.checkSessionIframe,
1381
- t.client_id,
1382
- r
1383
- ), t.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
1384
- success: !0,
1385
- message: "tokens inside ServiceWorker are valid"
1386
- }), !0;
1387
- }
1388
- e.publishEvent(k.tryKeepExistingSessionAsync_end, {
1389
- success: !1,
1390
- message: "no exiting session found"
1391
- });
1392
- } else {
1393
- t.service_worker_relative_url && e.publishEvent(k.service_worker_not_supported_by_browser, {
1394
- message: "service worker is not supported by this browser"
1395
- });
1396
- const o = x(
1397
- e.configurationName,
1398
- t.storage ?? sessionStorage,
1399
- t.login_state_storage ?? t.storage ?? sessionStorage
1400
- ), { tokens: i } = await o.initAsync();
1401
- if (i) {
1402
- e.tokens = ge(i, null, t.token_renew_mode);
1403
- const r = o.getLoginParams();
1404
- e.timeoutId = z(
1405
- e,
1406
- e.tokens.expiresAt,
1407
- r.extras,
1408
- r.scope
1409
- );
1410
- const a = await o.getSessionStateAsync();
1411
- return await e.startCheckSessionAsync(
1412
- s.checkSessionIframe,
1413
- t.client_id,
1414
- a
1415
- ), t.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
1416
- success: !0,
1417
- message: "tokens inside storage are valid"
1418
- }), !0;
1419
- }
1420
- }
1421
- return e.publishEvent(k.tryKeepExistingSessionAsync_end, {
1422
- success: !1,
1423
- message: n ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
1424
- }), !1;
1425
- } catch (t) {
1426
- return console.error(t), n && await n.clearAsync(), e.publishEvent(
1427
- k.tryKeepExistingSessionAsync_error,
1428
- "tokens inside ServiceWorker are invalid"
1429
- ), !1;
1430
- }
1431
- }, Ve = (e) => {
1432
- const n = e.match(
1433
- // eslint-disable-next-line no-useless-escape
1434
- /^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
1435
- );
1436
- if (!n)
1437
- throw new Error("Invalid URL");
1438
- let t = n[6], s = n[7];
1439
- if (s) {
1440
- const o = s.split("?");
1441
- o.length === 2 && (s = o[0], t = o[1]);
1442
- }
1443
- return t.startsWith("?") && (t = t.slice(1)), n && {
1444
- href: e,
1445
- protocol: n[1],
1446
- host: n[2],
1447
- hostname: n[3],
1448
- port: n[4],
1449
- path: n[5],
1450
- search: t,
1451
- hash: s
1452
- };
1453
- }, Un = (e) => {
1454
- const n = Ve(e);
1455
- let { path: t } = n;
1456
- t.endsWith("/") && (t = t.slice(0, -1));
1457
- let { hash: s } = n;
1458
- return s === "#_=_" && (s = ""), s && (t += s), t;
1459
- }, fe = (e) => {
1460
- const n = Ve(e), { search: t } = n;
1461
- return Pn(t);
1462
- }, Pn = (e) => {
1463
- const n = {};
1464
- let t, s, o;
1465
- const i = e.split("&");
1466
- for (s = 0, o = i.length; s < o; s++)
1467
- t = i[s].split("="), n[decodeURIComponent(t[0])] = decodeURIComponent(t[1]);
1468
- return n;
1469
- }, In = (e, n, t, s, o) => (i = void 0, r = null, a = !1, c = void 0) => {
1470
- const f = r;
1471
- return r = { ...r }, (async () => {
1472
- const l = i || o.getPath();
1473
- if ("state" in r || (r.state = ue(16)), t(k.loginAsync_begin, {}), r)
1474
- for (const h of Object.keys(r))
1475
- h.endsWith(":token_request") && delete r[h];
1476
- try {
1477
- const h = a ? n.silent_redirect_uri : n.redirect_uri;
1478
- c || (c = n.scope);
1479
- const _ = n.extras ? { ...n.extras, ...r } : r;
1480
- _.nonce || (_.nonce = ue(12));
1481
- const m = { nonce: _.nonce }, p = await W(n, e), g = await s(
1482
- n.authority,
1483
- n.authority_configuration
1484
- );
1485
- let y;
1486
- if (p)
1487
- p.setLoginParams({ callbackPath: l, extras: f, scope: c }), await p.initAsync(g, "loginAsync", n), await p.setNonceAsync(m), p.startKeepAliveServiceWorker(), y = p;
1488
- else {
1489
- const T = x(
1490
- e,
1491
- n.storage ?? sessionStorage,
1492
- n.login_state_storage ?? n.storage ?? sessionStorage
1493
- );
1494
- T.setLoginParams({ callbackPath: l, extras: f, scope: c }), await T.setNonceAsync(m), y = T;
1495
- }
1496
- const A = {
1497
- client_id: n.client_id,
1498
- redirect_uri: h,
1499
- scope: c,
1500
- response_type: "code",
1501
- ..._
1502
- };
1503
- await wn(y, o)(
1504
- g.authorizationEndpoint,
1505
- A
1506
- );
1507
- } catch (h) {
1508
- throw t(k.loginAsync_error, h), h;
1509
- }
1510
- })();
1511
- }, Cn = (e) => async (n = !1) => {
1512
- try {
1513
- e.publishEvent(k.loginCallbackAsync_begin, {});
1514
- const t = e.configuration, s = t.client_id, o = n ? t.silent_redirect_uri : t.redirect_uri, i = t.authority, r = t.token_request_timeout, a = await e.initAsync(
1515
- i,
1516
- t.authority_configuration
1517
- ), c = e.location.getCurrentHref(), f = fe(c), u = f.session_state, l = await W(t, e.configurationName);
1518
- let h, _, m, p;
1519
- if (l)
1520
- await l.initAsync(a, "loginCallbackAsync", t), await l.setSessionStateAsync(u), _ = await l.getNonceAsync(), m = l.getLoginParams(), p = await l.getStateAsync(), l.startKeepAliveServiceWorker(), h = l;
1521
- else {
1522
- const E = x(
1523
- e.configurationName,
1524
- t.storage ?? sessionStorage,
1525
- t.login_state_storage ?? t.storage ?? sessionStorage
1526
- );
1527
- await E.setSessionStateAsync(u), _ = await E.getNonceAsync(), m = E.getLoginParams(), p = await E.getStateAsync(), h = E;
1528
- }
1529
- if (f.error || f.error_description)
1530
- throw new Error(
1531
- `Error from OIDC server: ${f.error} - ${f.error_description}`
1532
- );
1533
- if (f.iss && f.iss !== a.issuer)
1534
- throw console.error(), new Error(
1535
- `Issuer not valid (expected: ${a.issuer}, received: ${f.iss})`
1536
- );
1537
- if (f.state && f.state !== p)
1538
- throw new Error(`State not valid (expected: ${p}, received: ${f.state})`);
1539
- const g = {
1540
- code: f.code,
1541
- grant_type: "authorization_code",
1542
- client_id: t.client_id,
1543
- redirect_uri: o
1544
- }, y = {};
1545
- if (t.token_request_extras)
1546
- for (const [E, d] of Object.entries(t.token_request_extras))
1547
- y[E] = d;
1548
- if (m?.extras)
1549
- for (const [E, d] of Object.entries(m.extras))
1550
- E.endsWith(":token_request") && (y[E.replace(":token_request", "")] = d);
1551
- const A = a.tokenEndpoint, T = {};
1552
- if (t.demonstrating_proof_of_possession)
1553
- if (l)
1554
- T.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
1555
- else {
1556
- const E = await _n(window)(
1557
- t.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
1558
- );
1559
- await x(
1560
- e.configurationName,
1561
- t.storage,
1562
- t.login_state_storage ?? t.storage
1563
- ).setDemonstratingProofOfPossessionJwkAsync(E), T.DPoP = await Re(window)(
1564
- t.demonstrating_proof_of_possession_configuration
1565
- )(E, "POST", A);
1566
- }
1567
- const O = await pn(h)(
1568
- A,
1569
- { ...g, ...y },
1570
- T,
1571
- e.configuration.token_renew_mode,
1572
- r
1573
- );
1574
- if (!O.success)
1575
- throw new Error("Token request failed");
1576
- let v;
1577
- const C = O.data.tokens, w = O.data.demonstratingProofOfPossessionNonce;
1578
- if (O.data.state !== y.state)
1579
- throw new Error("state is not valid");
1580
- const { isValid: G, reason: $ } = xe(
1581
- C,
1582
- _.nonce,
1583
- a
1584
- );
1585
- if (!G)
1586
- throw new Error(`Tokens are not OpenID valid, reason: ${$}`);
1587
- if (l) {
1588
- if (C.refreshToken && !C.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
1589
- throw new Error("Refresh token should be hidden by service worker");
1590
- if (w && C?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
1591
- throw new Error(
1592
- "Demonstration of proof of possession require Access token not hidden by service worker"
1593
- );
1594
- }
1595
- if (l)
1596
- await l.initAsync(a, "syncTokensAsync", t), v = l.getLoginParams(), w && await l.setDemonstratingProofOfPossessionNonce(
1597
- w
1598
- );
1599
- else {
1600
- const E = x(
1601
- e.configurationName,
1602
- t.storage,
1603
- t.login_state_storage ?? t.storage
1604
- );
1605
- v = E.getLoginParams(), w && await E.setDemonstratingProofOfPossessionNonce(w);
1606
- }
1607
- return await e.startCheckSessionAsync(
1608
- a.checkSessionIframe,
1609
- s,
1610
- u,
1611
- n
1612
- ), e.publishEvent(k.loginCallbackAsync_end, {}), {
1613
- tokens: C,
1614
- state: "request.state",
1615
- callbackPath: v.callbackPath,
1616
- scope: f.scope,
1617
- extras: v.extras
1618
- };
1619
- } catch (t) {
1620
- throw console.error(t), e.publishEvent(k.loginCallbackAsync_error, t), t;
1621
- }
1622
- }, Ie = {
1623
- access_token: "access_token",
1624
- refresh_token: "refresh_token"
1625
- }, re = (e, n) => {
1626
- const t = {};
1627
- if (e) {
1628
- for (const [s, o] of Object.entries(e))
1629
- if (s.endsWith(n)) {
1630
- const i = s.replace(n, "");
1631
- t[i] = o;
1632
- }
1633
- return t;
1634
- }
1635
- return t;
1636
- }, Nn = (e) => {
1637
- const n = {};
1638
- if (e) {
1639
- for (const [t, s] of Object.entries(e))
1640
- t.includes(":") || (n[t] = s);
1641
- return n;
1642
- }
1643
- return n;
1644
- }, xn = (e) => async (n) => {
1645
- R.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
1646
- const t = await W(e.configuration, e.configurationName);
1647
- t ? await t.clearAsync(n) : await x(
1648
- e.configurationName,
1649
- e.configuration.storage,
1650
- e.configuration.login_state_storage ?? e.configuration.storage
1651
- ).clearAsync(n), e.tokens = null, e.userInfo = null;
1652
- }, Wn = (e, n, t, s, o) => async (i = void 0, r = null) => {
1653
- const a = e.configuration, c = await e.initAsync(
1654
- a.authority,
1655
- a.authority_configuration
1656
- );
1657
- i && typeof i != "string" && (i = void 0, s.warn("callbackPathOrUrl path is not a string"));
1658
- const f = i ?? o.getPath();
1659
- let u = !1;
1660
- i && (u = i.includes("https://") || i.includes("http://"));
1661
- const l = u ? i : o.getOrigin() + f, h = e.tokens ? e.tokens.idToken : "";
1662
- try {
1663
- const y = c.revocationEndpoint;
1664
- if (y) {
1665
- const A = [], T = e.tokens ? e.tokens.accessToken : null;
1666
- if (T && a.logout_tokens_to_invalidate.includes(Ie.access_token)) {
1667
- const v = re(r, ":revoke_access_token"), C = be(t)(
1668
- y,
1669
- T,
1670
- _e.access_token,
1671
- a.client_id,
1672
- v
1673
- );
1674
- A.push(C);
1675
- }
1676
- const O = e.tokens ? e.tokens.refreshToken : null;
1677
- if (O && a.logout_tokens_to_invalidate.includes(Ie.refresh_token)) {
1678
- const v = re(r, ":revoke_refresh_token"), C = be(t)(
1679
- y,
1680
- O,
1681
- _e.refresh_token,
1682
- a.client_id,
1683
- v
1684
- );
1685
- A.push(C);
1686
- }
1687
- A.length > 0 && await Promise.all(A);
1688
- }
1689
- } catch (y) {
1690
- s.warn(
1691
- "logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"
1692
- ), s.warn(y);
1693
- }
1694
- const _ = e.tokens?.idTokenPayload?.sub ?? null;
1695
- await e.destroyAsync("LOGGED_OUT");
1696
- for (const [, y] of Object.entries(n))
1697
- y !== e ? await e.logoutSameTabAsync(e.configuration.client_id, _) : e.publishEvent(k.logout_from_same_tab, {});
1698
- const m = re(r, ":oidc");
1699
- if (m && m.no_reload === "true")
1700
- return;
1701
- const g = Nn(r);
1702
- if (c.endSessionEndpoint) {
1703
- "id_token_hint" in g || (g.id_token_hint = h), !("post_logout_redirect_uri" in g) && i !== null && (g.post_logout_redirect_uri = l);
1704
- let y = "";
1705
- for (const [A, T] of Object.entries(g))
1706
- T != null && (y === "" ? y += "?" : y += "&", y += `${A}=${encodeURIComponent(T)}`);
1707
- o.open(`${c.endSessionEndpoint}${y}`);
1708
- } else
1709
- o.reload();
1710
- }, Fe = (e, n, t = !1) => async (...s) => {
1711
- const [o, i, ...r] = s, a = i ? { ...i } : { method: "GET" };
1712
- let c = new Headers();
1713
- a.headers && (c = a.headers instanceof Headers ? a.headers : new Headers(a.headers));
1714
- const f = {
1715
- getTokens: () => n.tokens,
1716
- configuration: {
1717
- token_automatic_renew_mode: n.configuration.token_automatic_renew_mode,
1718
- refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
1719
- },
1720
- syncTokensInfoAsync: async () => {
1721
- const { status: _ } = await we(n)(
1722
- n.configuration,
1723
- n.configurationName,
1724
- n.tokens,
1725
- !1
1726
- );
1727
- return _;
1728
- },
1729
- renewTokensAsync: n.renewTokensAsync.bind(n)
1730
- }, l = (await Ne(f))?.tokens?.accessToken;
1731
- if (c.has("Accept") || c.set("Accept", "application/json"), l) {
1732
- if (n.configuration.demonstrating_proof_of_possession && t) {
1733
- const _ = await n.generateDemonstrationOfProofOfPossessionAsync(
1734
- l,
1735
- o.toString(),
1736
- a.method
1737
- );
1738
- c.set("Authorization", `DPoP ${l}`), c.set("DPoP", _);
1739
- } else
1740
- c.set("Authorization", `Bearer ${l}`);
1741
- a.credentials || (a.credentials = "same-origin");
1742
- }
1743
- const h = { ...a, headers: c };
1744
- return await e(o, h, ...r);
1745
- }, Ln = (e) => async (n = !1, t = !1) => {
1746
- if (e.userInfo != null && !n)
1747
- return e.userInfo;
1748
- const s = !n && e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);
1749
- if (s)
1750
- return e.userInfo = JSON.parse(s), e.userInfo;
1751
- const o = e.configuration, r = (await e.initAsync(
1752
- o.authority,
1753
- o.authority_configuration
1754
- )).userInfoEndpoint, c = await (async () => {
1755
- const u = await Fe(fetch, e, t)(r);
1756
- return u.status !== 200 ? null : u.json();
1757
- })();
1758
- return e.userInfo = c, c && e.configuration.storage?.setItem(
1759
- `oidc.${e.configurationName}.userInfo`,
1760
- JSON.stringify(c)
1761
- ), c;
1762
- }, Dn = () => fetch;
1763
- class de {
1764
- constructor(n) {
1765
- this.authorizationEndpoint = n.authorization_endpoint, this.tokenEndpoint = n.token_endpoint, this.revocationEndpoint = n.revocation_endpoint, this.userInfoEndpoint = n.userinfo_endpoint, this.checkSessionIframe = n.check_session_iframe, this.issuer = n.issuer, this.endSessionEndpoint = n.end_session_endpoint;
1766
- }
1767
- }
1768
- const V = {}, Rn = (e, n = new ne()) => (t, s = "default") => (V[s] || (V[s] = new D(t, s, e, n)), V[s]), $n = async (e) => {
1769
- const { parsedTokens: n, callbackPath: t, extras: s, scope: o } = await e.loginCallbackAsync();
1770
- return e.timeoutId = z(e, n.expiresAt, s, o), { callbackPath: t };
1771
- }, Kn = (e) => Math.floor(Math.random() * e), q = class q {
1772
- constructor(n, t = "default", s, o = new ne()) {
1773
- this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
1774
- let i = n.silent_login_uri;
1775
- n.silent_redirect_uri && !n.silent_login_uri && (i = `${n.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
1776
- let r = n.refresh_time_before_tokens_expiration_in_second ?? 120;
1777
- r > 60 && (r = r - Math.floor(Math.random() * 40)), this.location = o ?? new ne(), this.configuration = {
1778
- ...n,
1779
- silent_login_uri: i,
1780
- token_automatic_renew_mode: n.token_automatic_renew_mode ?? Y.AutomaticBeforeTokenExpiration,
1781
- monitor_session: n.monitor_session ?? !1,
1782
- refresh_time_before_tokens_expiration_in_second: r,
1783
- silent_login_timeout: n.silent_login_timeout ?? 12e3,
1784
- token_renew_mode: n.token_renew_mode ?? ae.access_token_or_id_token_invalid,
1785
- demonstrating_proof_of_possession: n.demonstrating_proof_of_possession ?? !1,
1786
- authority_timeout_wellknowurl_in_millisecond: n.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
1787
- logout_tokens_to_invalidate: n.logout_tokens_to_invalidate ?? [
1788
- "access_token",
1789
- "refresh_token"
1790
- ],
1791
- service_worker_activate: n.service_worker_activate ?? On,
1792
- demonstrating_proof_of_possession_configuration: n.demonstrating_proof_of_possession_configuration ?? tn,
1793
- preload_user_info: n.preload_user_info ?? !1
1794
- }, this.getFetch = s ?? Dn, this.configurationName = t, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
1795
- }
1796
- subscribeEvents(n) {
1797
- const t = Kn(9999999999999).toString();
1798
- return this.events.push({ id: t, func: n }), t;
1799
- }
1800
- removeEventSubscription(n) {
1801
- const t = this.events.filter((s) => s.id !== n);
1802
- this.events = t;
1803
- }
1804
- publishEvent(n, t) {
1805
- this.events.forEach((s) => {
1806
- s.func(n, t);
1807
- });
1808
- }
1809
- static get(n = "default") {
1810
- const t = typeof process > "u";
1811
- if (!Object.prototype.hasOwnProperty.call(V, n) && t)
1812
- throw Error(`OIDC library does seem initialized.
1813
- Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${n}"></OidcProvider> component.`);
1814
- return V[n];
1815
- }
1816
- _silentLoginCallbackFromIFrame() {
1817
- if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
1818
- const n = this.location, t = fe(n.getCurrentHref());
1819
- window.parent.postMessage(
1820
- `${this.configurationName}_oidc_tokens:${JSON.stringify({ tokens: this.tokens, sessionState: t.session_state })}`,
1821
- n.getOrigin()
1822
- );
1823
- }
1824
- }
1825
- _silentLoginErrorCallbackFromIFrame(n = null) {
1826
- if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
1827
- const t = this.location, s = fe(t.getCurrentHref());
1828
- s.error ? window.parent.postMessage(
1829
- `${this.configurationName}_oidc_error:${JSON.stringify({ error: s.error })}`,
1830
- t.getOrigin()
1831
- ) : window.parent.postMessage(
1832
- `${this.configurationName}_oidc_exception:${JSON.stringify({ error: n == null ? "" : n.toString() })}`,
1833
- t.getOrigin()
1834
- );
1835
- }
1836
- }
1837
- async silentLoginCallbackAsync() {
1838
- try {
1839
- await this.loginCallbackAsync(!0), this._silentLoginCallbackFromIFrame();
1840
- } catch (n) {
1841
- console.error(n), this._silentLoginErrorCallbackFromIFrame(n);
1842
- }
1843
- }
1844
- async initAsync(n, t) {
1845
- if (this.initPromise !== null)
1846
- return this.initPromise;
1847
- const s = async () => {
1848
- if (t != null)
1849
- return new de({
1850
- authorization_endpoint: t.authorization_endpoint,
1851
- end_session_endpoint: t.end_session_endpoint,
1852
- revocation_endpoint: t.revocation_endpoint,
1853
- token_endpoint: t.token_endpoint,
1854
- userinfo_endpoint: t.userinfo_endpoint,
1855
- check_session_iframe: t.check_session_iframe,
1856
- issuer: t.issuer
1857
- });
1858
- const i = await W(this.configuration, this.configurationName) ? this.configuration.storage || window.sessionStorage : this.configuration.storage;
1859
- return await kn(this.getFetch())(
1860
- n,
1861
- this.configuration.authority_time_cache_wellknowurl_in_second ?? 3600,
1862
- i,
1863
- this.configuration.authority_timeout_wellknowurl_in_millisecond
1864
- );
1865
- };
1866
- return this.initPromise = s(), this.initPromise.finally(() => {
1867
- this.initPromise = null;
1868
- });
1869
- }
1870
- async tryKeepExistingSessionAsync() {
1871
- return this.tryKeepExistingSessionPromise !== null ? this.tryKeepExistingSessionPromise : (this.tryKeepExistingSessionPromise = bn(this), this.tryKeepExistingSessionPromise.finally(() => {
1872
- this.tryKeepExistingSessionPromise = null;
1873
- }));
1874
- }
1875
- async startCheckSessionAsync(n, t, s, o = !1) {
1876
- await Sn(this, V, this.configuration)(
1877
- n,
1878
- t,
1879
- s,
1880
- o
1881
- );
1882
- }
1883
- async loginAsync(n = void 0, t = null, s = !1, o = void 0, i = !1) {
1884
- return this.logoutPromise && await this.logoutPromise, this.loginPromise !== null ? this.loginPromise : (i ? this.loginPromise = An(
1885
- window,
1886
- this.configurationName,
1887
- this.configuration,
1888
- this.publishEvent.bind(this),
1889
- this
1890
- )(t, o) : this.loginPromise = In(
1891
- this.configurationName,
1892
- this.configuration,
1893
- this.publishEvent.bind(this),
1894
- this.initAsync.bind(this),
1895
- this.location
1896
- )(n, t, s, o), this.loginPromise.finally(() => {
1897
- this.loginPromise = null;
1898
- }));
1899
- }
1900
- async loginCallbackAsync(n = !1) {
1901
- if (this.loginCallbackPromise !== null)
1902
- return this.loginCallbackPromise;
1903
- const t = async () => {
1904
- const s = await Cn(this)(n), o = s.tokens;
1905
- return this.tokens = o, await W(this.configuration, this.configurationName) || x(
1906
- this.configurationName,
1907
- this.configuration.storage,
1908
- this.configuration.login_state_storage ?? this.configuration.storage
1909
- ).setTokens(o), this.publishEvent(q.eventNames.token_acquired, o), this.configuration.preload_user_info && await this.userInfoAsync(), {
1910
- parsedTokens: o,
1911
- state: s.state,
1912
- callbackPath: s.callbackPath,
1913
- scope: s.scope,
1914
- extras: s.extras
1915
- };
1916
- };
1917
- return this.loginCallbackPromise = t(), this.loginCallbackPromise.finally(() => {
1918
- this.loginCallbackPromise = null;
1919
- });
1920
- }
1921
- async generateDemonstrationOfProofOfPossessionAsync(n, t, s, o = {}) {
1922
- const i = this.configuration, r = {
1923
- ath: await Ke(n),
1924
- ...o
1925
- };
1926
- if (await W(i, this.configurationName))
1927
- return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${ye(this.configurationName)}`;
1928
- const c = x(
1929
- this.configurationName,
1930
- i.storage,
1931
- i.login_state_storage ?? i.storage
1932
- ), f = await c.getDemonstratingProofOfPossessionJwkAsync(), u = c.getDemonstratingProofOfPossessionNonce();
1933
- return u && (r.nonce = u), await Re(window)(
1934
- i.demonstrating_proof_of_possession_configuration
1935
- )(f, s, t, r);
1936
- }
1937
- loginCallbackWithAutoTokensRenewAsync() {
1938
- return this.loginCallbackWithAutoTokensRenewPromise !== null ? this.loginCallbackWithAutoTokensRenewPromise : (this.loginCallbackWithAutoTokensRenewPromise = $n(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
1939
- this.loginCallbackWithAutoTokensRenewPromise = null;
1940
- }));
1941
- }
1942
- userInfoAsync(n = !1, t = !1) {
1943
- return this.userInfoPromise !== null ? this.userInfoPromise : (this.userInfoPromise = Ln(this)(n, t), this.userInfoPromise.finally(() => {
1944
- this.userInfoPromise = null;
1945
- }));
1946
- }
1947
- async renewTokensAsync(n = null, t = null) {
1948
- if (this.renewTokensPromise !== null)
1949
- return this.renewTokensPromise;
1950
- if (this.timeoutId)
1951
- return R.clearTimeout(this.timeoutId), this.renewTokensPromise = Ue(this, !0, n, t), this.renewTokensPromise.finally(() => {
1952
- this.renewTokensPromise = null;
1953
- });
1954
- }
1955
- async destroyAsync(n) {
1956
- return await xn(this)(n);
1957
- }
1958
- async logoutSameTabAsync(n, t) {
1959
- this.configuration.monitor_session && this.configuration.client_id === n && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(k.logout_from_same_tab, { mmessage: "SessionMonitor", sub: t }));
1960
- }
1961
- async logoutOtherTabAsync(n, t) {
1962
- this.configuration.monitor_session && this.configuration.client_id === n && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(k.logout_from_another_tab, { message: "SessionMonitor", sub: t }));
1963
- }
1964
- async logoutAsync(n = void 0, t = null) {
1965
- return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = Wn(
1966
- this,
1967
- V,
1968
- this.getFetch(),
1969
- console,
1970
- this.location
1971
- )(n, t), this.logoutPromise.finally(() => {
1972
- this.logoutPromise = null;
1973
- }));
1974
- }
1975
- };
1976
- q.getOrCreate = (n, t) => (s, o = "default") => Rn(n, t)(s, o), q.eventNames = k;
1977
- let D = q;
1978
- const H = class H {
1979
- constructor(n) {
1980
- this._oidc = n;
1981
- }
1982
- subscribeEvents(n) {
1983
- return this._oidc.subscribeEvents(n);
1984
- }
1985
- removeEventSubscription(n) {
1986
- this._oidc.removeEventSubscription(n);
1987
- }
1988
- publishEvent(n, t) {
1989
- this._oidc.publishEvent(n, t);
1990
- }
1991
- static get(n = "default") {
1992
- return new H(D.get(n));
1993
- }
1994
- tryKeepExistingSessionAsync() {
1995
- return this._oidc.tryKeepExistingSessionAsync();
1996
- }
1997
- loginAsync(n = void 0, t = null, s = !1, o = void 0, i = !1) {
1998
- return this._oidc.loginAsync(n, t, s, o, i);
1999
- }
2000
- logoutAsync(n = void 0, t = null) {
2001
- return this._oidc.logoutAsync(n, t);
2002
- }
2003
- silentLoginCallbackAsync() {
2004
- return this._oidc.silentLoginCallbackAsync();
2005
- }
2006
- renewTokensAsync(n = null, t = null) {
2007
- return this._oidc.renewTokensAsync(n, t);
2008
- }
2009
- loginCallbackAsync() {
2010
- return this._oidc.loginCallbackWithAutoTokensRenewAsync();
2011
- }
2012
- get tokens() {
2013
- return this._oidc.tokens;
2014
- }
2015
- get configuration() {
2016
- return this._oidc.configuration;
2017
- }
2018
- async generateDemonstrationOfProofOfPossessionAsync(n, t, s, o = {}) {
2019
- return this._oidc.generateDemonstrationOfProofOfPossessionAsync(
2020
- n,
2021
- t,
2022
- s,
2023
- o
2024
- );
2025
- }
2026
- async getValidTokenAsync(n = 200, t = 50) {
2027
- const s = this._oidc, o = {
2028
- getTokens: () => s.tokens,
2029
- configuration: {
2030
- token_automatic_renew_mode: s.configuration.token_automatic_renew_mode,
2031
- refresh_time_before_tokens_expiration_in_second: s.configuration.refresh_time_before_tokens_expiration_in_second
2032
- },
2033
- syncTokensInfoAsync: async () => {
2034
- const { status: i } = await we(s)(
2035
- s.configuration,
2036
- s.configurationName,
2037
- s.tokens,
2038
- !1
2039
- );
2040
- return i;
2041
- },
2042
- renewTokensAsync: s.renewTokensAsync.bind(s)
2043
- };
2044
- return Ne(o, n, t);
2045
- }
2046
- fetchWithTokens(n, t = !1) {
2047
- return Fe(n, this._oidc, t);
2048
- }
2049
- async userInfoAsync(n = !1, t = !1) {
2050
- return this._oidc.userInfoAsync(n, t);
2051
- }
2052
- userInfo() {
2053
- return this._oidc.userInfo;
2054
- }
2055
- };
2056
- H.getOrCreate = (n, t = new ne()) => (s, o = "default") => new H(D.getOrCreate(n, t)(s, o)), H.eventNames = D.eventNames;
2057
- let Ce = H;
2058
- export {
2059
- Ce as OidcClient,
2060
- ne as OidcLocation,
2061
- Y as TokenAutomaticRenewMode,
2062
- ae as TokenRenewMode,
2063
- Dn as getFetchDefault,
2064
- fe as getParseQueryStringFromLocation,
2065
- Un as getPath
1241
+ var Pe = () => {
1242
+ let { name: e, version: t } = Ne();
1243
+ return e === "chrome" && parseInt(t) <= 70 || e === "opera" && (!t || parseInt(t.split(".")[0]) < 80) || e === "ie" ? !1 : !je(Me(navigator));
1244
+ }, Fe = async (e) => {
1245
+ let t;
1246
+ if (e.tokens != null) return !1;
1247
+ e.publishEvent(i.tryKeepExistingSessionAsync_begin, {});
1248
+ try {
1249
+ let n = e.configuration, r = await e.initAsync(n.authority, n.authority_configuration);
1250
+ if (t = await P(n, e.configurationName), t) {
1251
+ let { tokens: a } = await t.initAsync(r, "tryKeepExistingSessionAsync", n);
1252
+ if (a) {
1253
+ t.startKeepAliveServiceWorker(), e.tokens = a;
1254
+ let o = t.getLoginParams(e.configurationName);
1255
+ e.timeoutId = W(e, e.tokens.expiresAt, o.extras, o.scope);
1256
+ let s = await t.getSessionStateAsync();
1257
+ return await e.startCheckSessionAsync(r.checkSessionIframe, n.client_id, s), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(i.tryKeepExistingSessionAsync_end, {
1258
+ success: !0,
1259
+ message: "tokens inside ServiceWorker are valid"
1260
+ }), !0;
1261
+ }
1262
+ e.publishEvent(i.tryKeepExistingSessionAsync_end, {
1263
+ success: !1,
1264
+ message: "no exiting session found"
1265
+ });
1266
+ } else {
1267
+ n.service_worker_relative_url && e.publishEvent(i.service_worker_not_supported_by_browser, { message: "service worker is not supported by this browser" });
1268
+ let t = a(e.configurationName, n.storage ?? sessionStorage, n.login_state_storage ?? n.storage ?? sessionStorage), { tokens: o } = await t.initAsync();
1269
+ if (o) {
1270
+ e.tokens = p(o, null, n.token_renew_mode);
1271
+ let a = t.getLoginParams();
1272
+ e.timeoutId = W(e, e.tokens.expiresAt, a.extras, a.scope);
1273
+ let s = await t.getSessionStateAsync();
1274
+ return await e.startCheckSessionAsync(r.checkSessionIframe, n.client_id, s), n.preload_user_info && await e.userInfoAsync(), e.publishEvent(i.tryKeepExistingSessionAsync_end, {
1275
+ success: !0,
1276
+ message: "tokens inside storage are valid"
1277
+ }), !0;
1278
+ }
1279
+ }
1280
+ return e.publishEvent(i.tryKeepExistingSessionAsync_end, {
1281
+ success: !1,
1282
+ message: t ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
1283
+ }), !1;
1284
+ } catch (n) {
1285
+ return console.error(n), t && await t.clearAsync(), e.publishEvent(i.tryKeepExistingSessionAsync_error, "tokens inside ServiceWorker are invalid"), !1;
1286
+ }
1287
+ }, Ie = (e) => {
1288
+ let t = e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);
1289
+ if (!t) throw Error("Invalid URL");
1290
+ let n = t[6], r = t[7];
1291
+ if (r) {
1292
+ let e = r.split("?");
1293
+ e.length === 2 && (r = e[0], n = e[1]);
1294
+ }
1295
+ return n.startsWith("?") && (n = n.slice(1)), t && {
1296
+ href: e,
1297
+ protocol: t[1],
1298
+ host: t[2],
1299
+ hostname: t[3],
1300
+ port: t[4],
1301
+ path: t[5],
1302
+ search: n,
1303
+ hash: r
1304
+ };
1305
+ }, Le = (e) => {
1306
+ let t = Ie(e), { path: n } = t;
1307
+ n.endsWith("/") && (n = n.slice(0, -1));
1308
+ let { hash: r } = t;
1309
+ return r === "#_=_" && (r = ""), r && (n += r), n;
1310
+ }, Y = (e) => {
1311
+ let { search: t } = Ie(e);
1312
+ return Re(t);
1313
+ }, Re = (e) => {
1314
+ let t = {}, n, r, i, a = e.split("&");
1315
+ for (r = 0, i = a.length; r < i; r++) n = a[r].split("="), t[decodeURIComponent(n[0])] = decodeURIComponent(n[1]);
1316
+ return t;
1317
+ }, ze = (e, t, n, r, o) => (s = void 0, c = null, l = !1, u = void 0) => {
1318
+ let d = c;
1319
+ return c = { ...c }, (async () => {
1320
+ let f = s || o.getPath();
1321
+ if ("state" in c || (c.state = B(16)), n(i.loginAsync_begin, {}), c) for (let e of Object.keys(c)) e.endsWith(":token_request") && delete c[e];
1322
+ try {
1323
+ let n = l ? t.silent_redirect_uri : t.redirect_uri;
1324
+ u ||= t.scope;
1325
+ let i = t.extras ? {
1326
+ ...t.extras,
1327
+ ...c
1328
+ } : c;
1329
+ i.nonce ||= B(12);
1330
+ let s = { nonce: i.nonce }, p = await P(t, e), m = await r(t.authority, t.authority_configuration), h;
1331
+ if (p) p.setLoginParams({
1332
+ callbackPath: f,
1333
+ extras: d,
1334
+ scope: u
1335
+ }), await p.initAsync(m, "loginAsync", t), await p.setNonceAsync(s), p.startKeepAliveServiceWorker(), h = p;
1336
+ else {
1337
+ let n = a(e, t.storage ?? sessionStorage, t.login_state_storage ?? t.storage ?? sessionStorage);
1338
+ n.setLoginParams({
1339
+ callbackPath: f,
1340
+ extras: d,
1341
+ scope: u
1342
+ }), await n.setNonceAsync(s), h = n;
1343
+ }
1344
+ let g = {
1345
+ client_id: t.client_id,
1346
+ redirect_uri: n,
1347
+ scope: u,
1348
+ response_type: "code",
1349
+ ...i
1350
+ };
1351
+ await Te(h, o)(m.authorizationEndpoint, g);
1352
+ } catch (e) {
1353
+ throw n(i.loginAsync_error, e), e;
1354
+ }
1355
+ })();
1356
+ }, Be = (e) => async (t = !1) => {
1357
+ try {
1358
+ e.publishEvent(i.loginCallbackAsync_begin, {});
1359
+ let n = e.configuration, r = n.client_id, o = t ? n.silent_redirect_uri : n.redirect_uri, s = n.authority, c = n.token_request_timeout, l = await e.initAsync(s, n.authority_configuration), u = Y(e.location.getCurrentHref()), d = u.session_state, f = await P(n, e.configurationName), p, m, h, g;
1360
+ if (f) await f.initAsync(l, "loginCallbackAsync", n), await f.setSessionStateAsync(d), m = await f.getNonceAsync(), h = f.getLoginParams(), g = await f.getStateAsync(), f.startKeepAliveServiceWorker(), p = f;
1361
+ else {
1362
+ let t = a(e.configurationName, n.storage ?? sessionStorage, n.login_state_storage ?? n.storage ?? sessionStorage);
1363
+ await t.setSessionStateAsync(d), m = await t.getNonceAsync(), h = t.getLoginParams(), g = await t.getStateAsync(), p = t;
1364
+ }
1365
+ if (u.error || u.error_description) throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);
1366
+ if (u.iss && u.iss !== l.issuer) throw console.error(), Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);
1367
+ if (u.state && u.state !== g) throw Error(`State not valid (expected: ${g}, received: ${u.state})`);
1368
+ let _ = {
1369
+ code: u.code,
1370
+ grant_type: "authorization_code",
1371
+ client_id: n.client_id,
1372
+ redirect_uri: o
1373
+ }, y = {};
1374
+ if (n.token_request_extras) for (let [e, t] of Object.entries(n.token_request_extras)) y[e] = t;
1375
+ if (h?.extras) for (let [e, t] of Object.entries(h.extras)) e.endsWith(":token_request") && (y[e.replace(":token_request", "")] = t);
1376
+ let b = l.tokenEndpoint, x = {};
1377
+ if (n.demonstrating_proof_of_possession) if (f) x.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
1378
+ else {
1379
+ let t = await fe(window)(n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);
1380
+ await a(e.configurationName, n.storage, n.login_state_storage ?? n.storage).setDemonstratingProofOfPossessionJwkAsync(t), x.DPoP = await pe(window)(n.demonstrating_proof_of_possession_configuration)(t, "POST", b);
1381
+ }
1382
+ let S = await Ee(p)(b, {
1383
+ ..._,
1384
+ ...y
1385
+ }, x, e.configuration.token_renew_mode, c);
1386
+ if (!S.success) throw Error("Token request failed");
1387
+ let C, w = S.data.tokens, T = S.data.demonstratingProofOfPossessionNonce;
1388
+ if (S.data.state !== y.state) throw Error("state is not valid");
1389
+ let { isValid: E, reason: D } = v(w, m.nonce, l);
1390
+ if (!E) throw Error(`Tokens are not OpenID valid, reason: ${D}`);
1391
+ if (f) {
1392
+ if (w.refreshToken && !w.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Refresh token should be hidden by service worker");
1393
+ if (T && w?.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER")) throw Error("Demonstration of proof of possession require Access token not hidden by service worker");
1394
+ }
1395
+ if (f) await f.initAsync(l, "syncTokensAsync", n), C = f.getLoginParams(), T && await f.setDemonstratingProofOfPossessionNonce(T);
1396
+ else {
1397
+ let t = a(e.configurationName, n.storage, n.login_state_storage ?? n.storage);
1398
+ C = t.getLoginParams(), T && await t.setDemonstratingProofOfPossessionNonce(T);
1399
+ }
1400
+ return await e.startCheckSessionAsync(l.checkSessionIframe, r, d, t), e.publishEvent(i.loginCallbackAsync_end, {}), {
1401
+ tokens: w,
1402
+ state: "request.state",
1403
+ callbackPath: C.callbackPath,
1404
+ scope: u.scope,
1405
+ extras: C.extras
1406
+ };
1407
+ } catch (t) {
1408
+ throw console.error(t), e.publishEvent(i.loginCallbackAsync_error, t), t;
1409
+ }
1410
+ }, Ve = {
1411
+ access_token: "access_token",
1412
+ refresh_token: "refresh_token"
1413
+ }, X = (e, t) => {
1414
+ let n = {};
1415
+ if (e) {
1416
+ for (let [r, i] of Object.entries(e)) if (r.endsWith(t)) {
1417
+ let e = r.replace(t, "");
1418
+ n[e] = i;
1419
+ }
1420
+ return n;
1421
+ }
1422
+ return n;
1423
+ }, He = (e) => {
1424
+ let t = {};
1425
+ if (e) {
1426
+ for (let [n, r] of Object.entries(e)) n.includes(":") || (t[n] = r);
1427
+ return t;
1428
+ }
1429
+ return t;
1430
+ }, Ue = (e) => async (t) => {
1431
+ y.clearTimeout(e.timeoutId), e.timeoutId = null, e.checkSessionIFrame && e.checkSessionIFrame.stop();
1432
+ let n = await P(e.configuration, e.configurationName);
1433
+ n ? await n.clearAsync(t) : await a(e.configurationName, e.configuration.storage, e.configuration.login_state_storage ?? e.configuration.storage).clearAsync(t), e.tokens = null, e.userInfo = null;
1434
+ }, We = (e, t, n, r, a) => async (o = void 0, s = null) => {
1435
+ let c = e.configuration, l = await e.initAsync(c.authority, c.authority_configuration);
1436
+ o && typeof o != "string" && (o = void 0, r.warn("callbackPathOrUrl path is not a string"));
1437
+ let u = o ?? a.getPath(), d = !1;
1438
+ o && (d = o.includes("https://") || o.includes("http://"));
1439
+ let f = d ? o : a.getOrigin() + u, p = e.tokens ? e.tokens.idToken : "";
1440
+ try {
1441
+ let t = l.revocationEndpoint;
1442
+ if (t) {
1443
+ let r = [], i = e.tokens ? e.tokens.accessToken : null;
1444
+ if (i && c.logout_tokens_to_invalidate.includes(Ve.access_token)) {
1445
+ let e = X(s, ":revoke_access_token"), a = Ce(n)(t, i, H.access_token, c.client_id, e);
1446
+ r.push(a);
1447
+ }
1448
+ let a = e.tokens ? e.tokens.refreshToken : null;
1449
+ if (a && c.logout_tokens_to_invalidate.includes(Ve.refresh_token)) {
1450
+ let e = X(s, ":revoke_refresh_token"), i = Ce(n)(t, a, H.refresh_token, c.client_id, e);
1451
+ r.push(i);
1452
+ }
1453
+ r.length > 0 && await Promise.all(r);
1454
+ }
1455
+ } catch (e) {
1456
+ r.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), r.warn(e);
1457
+ }
1458
+ let m = e.tokens?.idTokenPayload?.sub ?? null;
1459
+ await e.destroyAsync("LOGGED_OUT");
1460
+ for (let [, n] of Object.entries(t)) n === e ? e.publishEvent(i.logout_from_same_tab, {}) : await e.logoutSameTabAsync(e.configuration.client_id, m);
1461
+ let h = X(s, ":oidc");
1462
+ if (h && h.no_reload === "true") return;
1463
+ let g = He(s);
1464
+ if (l.endSessionEndpoint) {
1465
+ "id_token_hint" in g || (g.id_token_hint = p), !("post_logout_redirect_uri" in g) && o !== null && (g.post_logout_redirect_uri = f);
1466
+ let e = "";
1467
+ for (let [t, n] of Object.entries(g)) n != null && (e === "" ? e += "?" : e += "&", e += `${t}=${encodeURIComponent(n)}`);
1468
+ a.open(`${l.endSessionEndpoint}${e}`);
1469
+ } else a.reload();
1470
+ }, Ge = (e, t, n = !1) => async (...r) => {
1471
+ let [i, a, ...o] = r, s = a ? { ...a } : { method: "GET" }, c = new Headers();
1472
+ s.headers && (c = s.headers instanceof Headers ? s.headers : new Headers(s.headers));
1473
+ let l = (await _({
1474
+ getTokens: () => t.tokens,
1475
+ configuration: {
1476
+ token_automatic_renew_mode: t.configuration.token_automatic_renew_mode,
1477
+ refresh_time_before_tokens_expiration_in_second: t.configuration.refresh_time_before_tokens_expiration_in_second
1478
+ },
1479
+ syncTokensInfoAsync: async () => {
1480
+ let { status: e } = await K(t)(t.configuration, t.configurationName, t.tokens, !1);
1481
+ return e;
1482
+ },
1483
+ renewTokensAsync: t.renewTokensAsync.bind(t)
1484
+ }))?.tokens?.accessToken;
1485
+ if (c.has("Accept") || c.set("Accept", "application/json"), l) {
1486
+ if (t.configuration.demonstrating_proof_of_possession && n) {
1487
+ let e = await t.generateDemonstrationOfProofOfPossessionAsync(l, i.toString(), s.method);
1488
+ c.set("Authorization", `DPoP ${l}`), c.set("DPoP", e);
1489
+ } else c.set("Authorization", `Bearer ${l}`);
1490
+ s.credentials ||= "same-origin";
1491
+ }
1492
+ return await e(i, {
1493
+ ...s,
1494
+ headers: c
1495
+ }, ...o);
1496
+ }, Ke = (e) => async (t = !1, n = !1) => {
1497
+ if (e.userInfo != null && !t) return e.userInfo;
1498
+ let r = !t && e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);
1499
+ if (r) return e.userInfo = JSON.parse(r), e.userInfo;
1500
+ let i = e.configuration, a = (await e.initAsync(i.authority, i.authority_configuration)).userInfoEndpoint, o = await (async () => {
1501
+ let t = await Ge(fetch, e, n)(a);
1502
+ return t.status === 200 ? t.json() : null;
1503
+ })();
1504
+ return e.userInfo = o, o && e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`, JSON.stringify(o)), o;
1505
+ }, qe = () => fetch, Z = class {
1506
+ constructor(e) {
1507
+ this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
1508
+ }
1509
+ }, Q = {}, Je = (t, n = new e()) => (e, r = "default") => (Q[r] || (Q[r] = new $(e, r, t, n)), Q[r]), Ye = async (e) => {
1510
+ let { parsedTokens: t, callbackPath: n, extras: r, scope: i } = await e.loginCallbackAsync();
1511
+ return e.timeoutId = W(e, t.expiresAt, r, i), { callbackPath: n };
1512
+ }, Xe = (e) => Math.floor(Math.random() * e), $ = class t {
1513
+ constructor(t, n = "default", r, i = new e()) {
1514
+ this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
1515
+ let a = t.silent_login_uri;
1516
+ t.silent_redirect_uri && !t.silent_login_uri && (a = `${t.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
1517
+ let s = t.refresh_time_before_tokens_expiration_in_second ?? 120;
1518
+ s > 60 && (s -= Math.floor(Math.random() * 40)), this.location = i ?? new e(), this.configuration = {
1519
+ ...t,
1520
+ silent_login_uri: a,
1521
+ token_automatic_renew_mode: t.token_automatic_renew_mode ?? o.AutomaticBeforeTokenExpiration,
1522
+ monitor_session: t.monitor_session ?? !1,
1523
+ refresh_time_before_tokens_expiration_in_second: s,
1524
+ silent_login_timeout: t.silent_login_timeout ?? 12e3,
1525
+ token_renew_mode: t.token_renew_mode ?? d.access_token_or_id_token_invalid,
1526
+ demonstrating_proof_of_possession: t.demonstrating_proof_of_possession ?? !1,
1527
+ authority_timeout_wellknowurl_in_millisecond: t.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
1528
+ logout_tokens_to_invalidate: t.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"],
1529
+ service_worker_activate: t.service_worker_activate ?? Pe,
1530
+ demonstrating_proof_of_possession_configuration: t.demonstrating_proof_of_possession_configuration ?? ce,
1531
+ preload_user_info: t.preload_user_info ?? !1
1532
+ }, this.getFetch = r ?? qe, this.configurationName = n, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
1533
+ }
1534
+ subscribeEvents(e) {
1535
+ let t = Xe(9999999999999).toString();
1536
+ return this.events.push({
1537
+ id: t,
1538
+ func: e
1539
+ }), t;
1540
+ }
1541
+ removeEventSubscription(e) {
1542
+ let t = this.events.filter((t) => t.id !== e);
1543
+ this.events = t;
1544
+ }
1545
+ publishEvent(e, t) {
1546
+ this.events.forEach((n) => {
1547
+ n.func(e, t);
1548
+ });
1549
+ }
1550
+ static {
1551
+ this.getOrCreate = (e, t) => (n, r = "default") => Je(e, t)(n, r);
1552
+ }
1553
+ static get(e = "default") {
1554
+ let t = typeof process > "u";
1555
+ if (!Object.prototype.hasOwnProperty.call(Q, e) && t) throw Error(`OIDC library does seem initialized.
1556
+ Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> component.`);
1557
+ return Q[e];
1558
+ }
1559
+ static {
1560
+ this.eventNames = i;
1561
+ }
1562
+ _silentLoginCallbackFromIFrame() {
1563
+ if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
1564
+ let e = this.location, t = Y(e.getCurrentHref());
1565
+ window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({
1566
+ tokens: this.tokens,
1567
+ sessionState: t.session_state
1568
+ })}`, e.getOrigin());
1569
+ }
1570
+ }
1571
+ _silentLoginErrorCallbackFromIFrame(e = null) {
1572
+ if (this.configuration.silent_redirect_uri && this.configuration.silent_login_uri) {
1573
+ let t = this.location, n = Y(t.getCurrentHref());
1574
+ n.error ? window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({ error: n.error })}`, t.getOrigin()) : window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({ error: e == null ? "" : e.toString() })}`, t.getOrigin());
1575
+ }
1576
+ }
1577
+ async silentLoginCallbackAsync() {
1578
+ try {
1579
+ await this.loginCallbackAsync(!0), this._silentLoginCallbackFromIFrame();
1580
+ } catch (e) {
1581
+ console.error(e), this._silentLoginErrorCallbackFromIFrame(e);
1582
+ }
1583
+ }
1584
+ async initAsync(e, t) {
1585
+ if (this.initPromise !== null) return this.initPromise;
1586
+ let n = async () => {
1587
+ if (t != null) return new Z({
1588
+ authorization_endpoint: t.authorization_endpoint,
1589
+ end_session_endpoint: t.end_session_endpoint,
1590
+ revocation_endpoint: t.revocation_endpoint,
1591
+ token_endpoint: t.token_endpoint,
1592
+ userinfo_endpoint: t.userinfo_endpoint,
1593
+ check_session_iframe: t.check_session_iframe,
1594
+ issuer: t.issuer
1595
+ });
1596
+ let n = await P(this.configuration, this.configurationName) ? this.configuration.storage || window.sessionStorage : this.configuration.storage;
1597
+ return await Se(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 3600, n, this.configuration.authority_timeout_wellknowurl_in_millisecond);
1598
+ };
1599
+ return this.initPromise = n(), this.initPromise.finally(() => {
1600
+ this.initPromise = null;
1601
+ });
1602
+ }
1603
+ async tryKeepExistingSessionAsync() {
1604
+ return this.tryKeepExistingSessionPromise === null ? (this.tryKeepExistingSessionPromise = Fe(this), this.tryKeepExistingSessionPromise.finally(() => {
1605
+ this.tryKeepExistingSessionPromise = null;
1606
+ })) : this.tryKeepExistingSessionPromise;
1607
+ }
1608
+ async startCheckSessionAsync(e, t, n, r = !1) {
1609
+ await Ae(this, Q, this.configuration)(e, t, n, r);
1610
+ }
1611
+ async loginAsync(e = void 0, t = null, n = !1, r = void 0, i = !1) {
1612
+ return this.logoutPromise && await this.logoutPromise, this.loginPromise === null ? (i ? this.loginPromise = ke(window, this.configurationName, this.configuration, this.publishEvent.bind(this), this)(t, r) : this.loginPromise = ze(this.configurationName, this.configuration, this.publishEvent.bind(this), this.initAsync.bind(this), this.location)(e, t, n, r), this.loginPromise.finally(() => {
1613
+ this.loginPromise = null;
1614
+ })) : this.loginPromise;
1615
+ }
1616
+ async loginCallbackAsync(e = !1) {
1617
+ if (this.loginCallbackPromise !== null) return this.loginCallbackPromise;
1618
+ let n = async () => {
1619
+ let n = await Be(this)(e), r = n.tokens;
1620
+ return this.tokens = r, await P(this.configuration, this.configurationName) || a(this.configurationName, this.configuration.storage, this.configuration.login_state_storage ?? this.configuration.storage).setTokens(r), this.publishEvent(t.eventNames.token_acquired, r), this.configuration.preload_user_info && await this.userInfoAsync(), {
1621
+ parsedTokens: r,
1622
+ state: n.state,
1623
+ callbackPath: n.callbackPath,
1624
+ scope: n.scope,
1625
+ extras: n.extras
1626
+ };
1627
+ };
1628
+ return this.loginCallbackPromise = n(), this.loginCallbackPromise.finally(() => {
1629
+ this.loginCallbackPromise = null;
1630
+ });
1631
+ }
1632
+ async generateDemonstrationOfProofOfPossessionAsync(e, t, n, r = {}) {
1633
+ let i = this.configuration, o = {
1634
+ ath: await ye(e),
1635
+ ...r
1636
+ };
1637
+ if (await P(i, this.configurationName)) return `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${E(this.configurationName)}`;
1638
+ let s = a(this.configurationName, i.storage, i.login_state_storage ?? i.storage), c = await s.getDemonstratingProofOfPossessionJwkAsync(), l = s.getDemonstratingProofOfPossessionNonce();
1639
+ return l && (o.nonce = l), await pe(window)(i.demonstrating_proof_of_possession_configuration)(c, n, t, o);
1640
+ }
1641
+ loginCallbackWithAutoTokensRenewAsync() {
1642
+ return this.loginCallbackWithAutoTokensRenewPromise === null ? (this.loginCallbackWithAutoTokensRenewPromise = Ye(this), this.loginCallbackWithAutoTokensRenewPromise.finally(() => {
1643
+ this.loginCallbackWithAutoTokensRenewPromise = null;
1644
+ })) : this.loginCallbackWithAutoTokensRenewPromise;
1645
+ }
1646
+ userInfoAsync(e = !1, t = !1) {
1647
+ return this.userInfoPromise === null ? (this.userInfoPromise = Ke(this)(e, t), this.userInfoPromise.finally(() => {
1648
+ this.userInfoPromise = null;
1649
+ })) : this.userInfoPromise;
1650
+ }
1651
+ async renewTokensAsync(e = null, t = null) {
1652
+ if (this.renewTokensPromise !== null) return this.renewTokensPromise;
1653
+ if (this.timeoutId) return y.clearTimeout(this.timeoutId), this.renewTokensPromise = Oe(this, !0, e, t), this.renewTokensPromise.finally(() => {
1654
+ this.renewTokensPromise = null;
1655
+ });
1656
+ }
1657
+ async destroyAsync(e) {
1658
+ return await Ue(this)(e);
1659
+ }
1660
+ async logoutSameTabAsync(e, t) {
1661
+ this.configuration.monitor_session && this.configuration.client_id === e && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(i.logout_from_same_tab, {
1662
+ mmessage: "SessionMonitor",
1663
+ sub: t
1664
+ }));
1665
+ }
1666
+ async logoutOtherTabAsync(e, t) {
1667
+ this.configuration.monitor_session && this.configuration.client_id === e && t && this.tokens && this.tokens.idTokenPayload && this.tokens.idTokenPayload.sub === t && (await this.destroyAsync("LOGGED_OUT"), this.publishEvent(i.logout_from_another_tab, {
1668
+ message: "SessionMonitor",
1669
+ sub: t
1670
+ }));
1671
+ }
1672
+ async logoutAsync(e = void 0, t = null) {
1673
+ return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = We(this, Q, this.getFetch(), console, this.location)(e, t), this.logoutPromise.finally(() => {
1674
+ this.logoutPromise = null;
1675
+ }));
1676
+ }
1677
+ }, Ze = class t {
1678
+ constructor(e) {
1679
+ this._oidc = e;
1680
+ }
1681
+ subscribeEvents(e) {
1682
+ return this._oidc.subscribeEvents(e);
1683
+ }
1684
+ removeEventSubscription(e) {
1685
+ this._oidc.removeEventSubscription(e);
1686
+ }
1687
+ publishEvent(e, t) {
1688
+ this._oidc.publishEvent(e, t);
1689
+ }
1690
+ static {
1691
+ this.getOrCreate = (n, r = new e()) => (e, i = "default") => new t($.getOrCreate(n, r)(e, i));
1692
+ }
1693
+ static get(e = "default") {
1694
+ return new t($.get(e));
1695
+ }
1696
+ static {
1697
+ this.eventNames = $.eventNames;
1698
+ }
1699
+ tryKeepExistingSessionAsync() {
1700
+ return this._oidc.tryKeepExistingSessionAsync();
1701
+ }
1702
+ loginAsync(e = void 0, t = null, n = !1, r = void 0, i = !1) {
1703
+ return this._oidc.loginAsync(e, t, n, r, i);
1704
+ }
1705
+ logoutAsync(e = void 0, t = null) {
1706
+ return this._oidc.logoutAsync(e, t);
1707
+ }
1708
+ silentLoginCallbackAsync() {
1709
+ return this._oidc.silentLoginCallbackAsync();
1710
+ }
1711
+ renewTokensAsync(e = null, t = null) {
1712
+ return this._oidc.renewTokensAsync(e, t);
1713
+ }
1714
+ loginCallbackAsync() {
1715
+ return this._oidc.loginCallbackWithAutoTokensRenewAsync();
1716
+ }
1717
+ get tokens() {
1718
+ return this._oidc.tokens;
1719
+ }
1720
+ get configuration() {
1721
+ return this._oidc.configuration;
1722
+ }
1723
+ async generateDemonstrationOfProofOfPossessionAsync(e, t, n, r = {}) {
1724
+ return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e, t, n, r);
1725
+ }
1726
+ async getValidTokenAsync(e = 200, t = 50) {
1727
+ let n = this._oidc;
1728
+ return _({
1729
+ getTokens: () => n.tokens,
1730
+ configuration: {
1731
+ token_automatic_renew_mode: n.configuration.token_automatic_renew_mode,
1732
+ refresh_time_before_tokens_expiration_in_second: n.configuration.refresh_time_before_tokens_expiration_in_second
1733
+ },
1734
+ syncTokensInfoAsync: async () => {
1735
+ let { status: e } = await K(n)(n.configuration, n.configurationName, n.tokens, !1);
1736
+ return e;
1737
+ },
1738
+ renewTokensAsync: n.renewTokensAsync.bind(n)
1739
+ }, e, t);
1740
+ }
1741
+ fetchWithTokens(e, t = !1) {
1742
+ return Ge(e, this._oidc, t);
1743
+ }
1744
+ async userInfoAsync(e = !1, t = !1) {
1745
+ return this._oidc.userInfoAsync(e, t);
1746
+ }
1747
+ userInfo() {
1748
+ return this._oidc.userInfo;
1749
+ }
2066
1750
  };
1751
+ //#endregion
1752
+ export { Ze as OidcClient, e as OidcLocation, o as TokenAutomaticRenewMode, d as TokenRenewMode, qe as getFetchDefault, Y as getParseQueryStringFromLocation, Le as getPath };