@axa-fr/oidc-client 7.27.4 → 7.27.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +1 -0
  2. package/dist/index.js +2 -2
  3. package/dist/index.umd.cjs +1 -1
  4. package/dist/version.d.ts +1 -1
  5. package/package.json +2 -2
  6. package/src/version.ts +1 -1
package/README.md CHANGED
@@ -96,6 +96,7 @@ trustedDomains.config_show_access_token = {
96
96
  showAccessToken: false,
97
97
  // convertAllRequestsToCorsExceptNavigate: false, // default value is false
98
98
  // setAccessTokenToNavigateRequests: true, // default value is true
99
+ // bypassAllNonOidcRequests: false, // default value is false; when true, requests outside OIDC and accessTokenDomains are handled by the browser
99
100
  };
100
101
 
101
102
  // DPoP (Demonstrating Proof of Possession) will be activated for the following domains
package/dist/index.js CHANGED
@@ -237,7 +237,7 @@ var p = (e, t = null, n) => {
237
237
  setInterval: setInterval.bind(e),
238
238
  clearInterval: clearInterval.bind(e)
239
239
  };
240
- })(), b = "7.27.4", x = null, S, C = ({ milliseconds: e }) => new Promise((t) => y.setTimeout(t, e)), w = (e = "/") => {
240
+ })(), b = "7.27.7", x = null, S, C = ({ milliseconds: e }) => new Promise((t) => y.setTimeout(t, e)), w = (e = "/") => {
241
241
  try {
242
242
  S = new AbortController(), fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`, { signal: S.signal }).catch((e) => {
243
243
  console.log(e);
@@ -395,7 +395,7 @@ var p = (e, t = null, n) => {
395
395
  },
396
396
  configurationName: t
397
397
  }), c = o.version;
398
- if (c !== "7.27.4") {
398
+ if (c !== "7.27.7") {
399
399
  console.warn(`Service worker ${c} version mismatch with js client version ${b}, unregistering and reloading`);
400
400
  let e = parseInt(sessionStorage.getItem(a) ?? "0", 10);
401
401
  if (e < 3) {
package/dist/index.umd.cjs CHANGED
@@ -1,2 +1,2 @@
1
- (function(e,t){typeof exports==`object`&&typeof module<`u`?t(exports):typeof define==`function`&&define.amd?define([`exports`],t):(e=typeof globalThis<`u`?globalThis:e||self,t(e[`oidc-client`]={}))})(this,function(e){Object.defineProperty(e,Symbol.toStringTag,{value:`Module`});var t=class{open(e){window.location.href=e}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){let e=window.location;return e.pathname+(e.search||``)+(e.hash||``)}getOrigin(){return window.origin}},n=2e3,r=console,i=class{constructor(e,t,r,i=n,a=!0){this._callback=e,this._client_id=t,this._url=r,this._interval=i||n,this._stopOnError=a;let o=r.indexOf(`/`,r.indexOf(`//`)+2);this._frame_origin=r.substring(0,o),this._frame=window.document.createElement(`iframe`),this._frame.style.visibility=`hidden`,this._frame.style.position=`absolute`,this._frame.style.display=`none`,this._frame.width=0,this._frame.height=0,this._frame.src=r}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener(`message`,this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data===`error`?(r.error(`CheckSessionIFrame: error message from check session op iframe`),this._stopOnError&&this.stop()):e.data===`changed`?(r.debug(e),r.debug(`CheckSessionIFrame: changed message from check session op iframe`),this.stop(),this._callback()):r.debug(`CheckSessionIFrame: `+e.data+` message from check session op iframe`))}start(e){r.debug(`CheckSessionIFrame.start :`+e),this.stop();let t=()=>{this._frame.contentWindow.postMessage(this._client_id+` `+e,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&=(r.debug(`CheckSessionIFrame.stop`),window.clearInterval(this._timer),null)}},a={service_worker_not_supported_by_browser:`service_worker_not_supported_by_browser`,token_acquired:`token_acquired`,logout_from_another_tab:`logout_from_another_tab`,logout_from_same_tab:`logout_from_same_tab`,token_renewed:`token_renewed`,token_timer:`token_timer`,loginAsync_begin:`loginAsync_begin`,loginAsync_error:`loginAsync_error`,loginCallbackAsync_begin:`loginCallbackAsync_begin`,loginCallbackAsync_end:`loginCallbackAsync_end`,loginCallbackAsync_error:`loginCallbackAsync_error`,refreshTokensAsync_begin:`refreshTokensAsync_begin`,refreshTokensAsync:`refreshTokensAsync`,refreshTokensAsync_end:`refreshTokensAsync_end`,refreshTokensAsync_error:`refreshTokensAsync_error`,refreshTokensAsync_silent_error:`refreshTokensAsync_silent_error`,tryKeepExistingSessionAsync_begin:`tryKeepExistingSessionAsync_begin`,tryKeepExistingSessionAsync_end:`tryKeepExistingSessionAsync_end`,tryKeepExistingSessionAsync_error:`tryKeepExistingSessionAsync_error`,silentLoginAsync_begin:`silentLoginAsync_begin`,silentLoginAsync:`silentLoginAsync`,silentLoginAsync_end:`silentLoginAsync_end`,silentLoginAsync_error:`silentLoginAsync_error`,syncTokensAsync_begin:`syncTokensAsync_begin`,syncTokensAsync_lock_not_available:`syncTokensAsync_lock_not_available`,syncTokensAsync_end:`syncTokensAsync_end`,syncTokensAsync_error:`syncTokensAsync_error`,tokensInvalidAndWaitingActionsToRefresh:`tokensInvalidAndWaitingActionsToRefresh`},o=(e,t=sessionStorage,n)=>{let r=n??t,i=i=>(t[`oidc.${e}`]=JSON.stringify({tokens:null,status:i}),delete t[`oidc.${e}.userInfo`],n&&n!==t&&(delete r[`oidc.login.${e}`],delete r[`oidc.state.${e}`],delete r[`oidc.code_verifier.${e}`],delete r[`oidc.nonce.${e}`]),Promise.resolve()),a=async()=>{if(!t[`oidc.${e}`])return t[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};let n=JSON.parse(t[`oidc.${e}`]);return Promise.resolve({tokens:n.tokens,status:n.status})},o=n=>{t[`oidc.${e}`]=JSON.stringify({tokens:n})},s=async n=>{t[`oidc.session_state.${e}`]=n},c=async()=>t[`oidc.session_state.${e}`],l=t=>{r[`oidc.nonce.${e}`]=t.nonce},u=n=>{t[`oidc.jwk.${e}`]=JSON.stringify(n)},d=()=>JSON.parse(t[`oidc.jwk.${e}`]),f=async()=>({nonce:r[`oidc.nonce.${e}`]}),p=async n=>{t[`oidc.dpop_nonce.${e}`]=n},m=()=>t[`oidc.dpop_nonce.${e}`],h=()=>t[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(t[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:i,initAsync:a,setTokens:o,getTokens:h,setSessionStateAsync:s,getSessionStateAsync:c,setNonceAsync:l,getNonceAsync:f,setLoginParams:t=>{g[e]=t,r[`oidc.login.${e}`]=JSON.stringify(t)},getLoginParams:()=>{let t=r[`oidc.login.${e}`];return t?(g[e]||(g[e]=JSON.parse(t)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>r[`oidc.state.${e}`],setStateAsync:async t=>{r[`oidc.state.${e}`]=t},getCodeVerifierAsync:async()=>r[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async t=>{r[`oidc.code_verifier.${e}`]=t},setDemonstratingProofOfPossessionNonce:p,getDemonstratingProofOfPossessionNonce:m,setDemonstratingProofOfPossessionJwkAsync:u,getDemonstratingProofOfPossessionJwkAsync:d}},s=function(e){return e.AutomaticBeforeTokenExpiration=`AutomaticBeforeTokensExpiration`,e.AutomaticOnlyWhenFetchExecuted=`AutomaticOnlyWhenFetchExecuted`,e}({}),c=e=>decodeURIComponent(Array.prototype.map.call(atob(e),e=>`%`+(`00`+e.charCodeAt(0).toString(16)).slice(-2)).join(``)),l=e=>JSON.parse(c(e.replaceAll(/-/g,`+`).replaceAll(/_/g,`/`))),u=e=>{try{return e&&d(e,`.`)===2?l(e.split(`.`)[1]):null}catch(e){console.warn(e)}return null},d=(e,t)=>e.split(t).length-1,f={access_token_or_id_token_invalid:`access_token_or_id_token_invalid`,access_token_invalid:`access_token_invalid`,id_token_invalid:`id_token_invalid`};function p(e,t,n){return e.issuedAt?typeof e.issuedAt==`string`?parseInt(e.issuedAt,10):e.issuedAt:t&&t.iat?t.iat:n&&n.iat?n.iat:new Date().getTime()/1e3}var m=(e,t=null,n)=>{if(!e)return null;let r,i=typeof e.expiresIn==`string`?parseInt(e.expiresIn,10):e.expiresIn;r=e.accessTokenPayload===void 0?u(e.accessToken):e.accessTokenPayload;let a;a=t!=null&&`idToken`in t&&!(`idToken`in e)?t.idToken:e.idToken;let o=e.idTokenPayload?e.idTokenPayload:u(a),s=o&&o.exp?o.exp:Number.MAX_VALUE,c=r&&r.exp?r.exp:e.issuedAt+i;e.issuedAt=p(e,r,o);let l;l=e.expiresAt?e.expiresAt:n===f.access_token_invalid?c:n===f.id_token_invalid||s<c?s:c;let d={...e,idTokenPayload:o,accessTokenPayload:r,expiresAt:l,idToken:a};if(t!=null&&`refreshToken`in t&&!(`refreshToken`in e)){let e=t.refreshToken;return{...d,refreshToken:e}}return d},h=(e,t,n)=>{if(!e)return null;e.issued_at||=new Date().getTime()/1e3;let r={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return`refresh_token`in e&&(r.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(r.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(r.idTokenPayload=e.idTokenPayload),m(r,t,n)},g=(e,t)=>{let n=t-new Date().getTime()/1e3;return Math.round(n-e)},_=(e,t=0)=>e?g(t,e.expiresAt)>0:!1,v=async(e,t=200,n=50)=>{let r=n,i=await e.syncTokensInfoAsync();for(;[G.REQUIRE_SYNC_TOKENS,G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,G.TOKENS_INVALID].includes(i)&&r>0;){if(e.configuration.token_automatic_renew_mode==s.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await w({milliseconds:t});--r,i=await e.syncTokensInfoAsync()}return{isTokensValid:_(e.getTokens()),tokens:e.getTokens(),numberWaited:r-n}},y=(e,t,n)=>{if(e.idTokenPayload){let r=e.idTokenPayload;if(n.issuer!==r.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`};let i=new Date().getTime()/1e3;if(r.exp&&r.exp<i)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`};let a=3600*24*7;if(r.iat&&r.iat+a<i)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat+a} < (currentTimeUnixSecond) ${i}`};if(r.nonce&&r.nonce!==t)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`}}return{isValid:!0,reason:``}},b=(function(){let e=typeof window>`u`?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),x=`7.27.4`,S=null,C,w=({milliseconds:e})=>new Promise(t=>b.setTimeout(t,e)),T=(e=`/`)=>{try{C=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:C.signal}).catch(e=>{console.log(e)}),w({milliseconds:150*1e3}).then(()=>T(e))}catch(e){console.log(e)}},E=()=>{C&&C.abort()},D=e=>{let t=`oidc.tabId.${e}`,n=sessionStorage.getItem(t);if(n)return n;let r=globalThis.crypto.randomUUID();return sessionStorage.setItem(t,r),r},ee=5e3,te=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,O=(e,t)=>n=>{let r=t?.timeoutMs??ee;return new Promise((t,i)=>{let a=te(e);if(!a){i(Error(`Service worker target not available (controller/active/waiting/installing missing)`));return}let o=new MessageChannel,s=null,c=()=>{try{s!=null&&(b.clearTimeout(s),s=null),o.port1.onmessage=null,o.port1.close(),o.port2.close()}catch(e){console.error(e)}};s=b.setTimeout(()=>{c(),i(Error(`Service worker did not respond within ${r}ms (type=${n?.type})`))},r),o.port1.onmessage=e=>{c(),e?.data?.error?i(e.data.error):t(e.data)};try{let e=n?.configurationName;a.postMessage({...n,tabId:D(e??`default`)},[o.port2])}catch(e){c(),i(e)}})},ne=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(t=>{let n=!1,r=()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener(`controllerchange`,r),b.setTimeout(()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))},e)}),re=!1,k=!1,A=new Map,j=`oidc.sw.controllerchange_reload_count`,M=3,N=()=>{try{return parseInt(sessionStorage.getItem(j)??`0`,10)}catch{return 0}},ie=()=>{let e=N()+1;try{sessionStorage.setItem(j,String(e))}catch{}return e},ae=()=>{try{sessionStorage.removeItem(j)}catch{}},P=async(e,t)=>{let n=e.service_worker_relative_url;if(typeof window>`u`||typeof navigator>`u`||!navigator.serviceWorker||!n||e.service_worker_activate()===!1)return null;let r=`${n}?v=${x}`,i=null;e.service_worker_register?(A.has(n)||A.set(n,e.service_worker_register(n)),i=await A.get(n)):(A.has(r)||A.set(r,navigator.serviceWorker.register(r,{updateViaCache:`none`})),i=await A.get(r));let a=`oidc.sw.version_mismatch_reload.${t}`,o=async e=>{E(),console.log(`New SW waiting – SKIP_WAITING`);try{await new Promise((n,r)=>{let i=new MessageChannel,a=null,o=()=>{try{a!=null&&(b.clearTimeout(a),a=null),i.port1.onmessage=null,i.port1.close(),i.port2.close()}catch(e){console.error(e)}};a=b.setTimeout(()=>{o(),r(Error(`SKIP_WAITING did not respond within 8000ms`))},8e3),i.port1.onmessage=e=>{o(),e?.data?.error?r(e.data.error):n()};try{e.postMessage({type:`SKIP_WAITING`,configurationName:t,data:null,tabId:D(t??`default`)},[i.port2])}catch(e){o(),r(e)}})}catch(e){console.warn(`SKIP_WAITING failed`,e)}},s=async()=>{let e=i.waiting;e?await o(e):console.warn(`sendSkipWaiting called but no waiting service worker found`)},c=e=>{E(),e.addEventListener(`statechange`,async()=>{if(e.state===`installed`&&navigator.serviceWorker.controller){if(N()>=M){console.warn(`SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted`);return}await o(e)}})};i.addEventListener(`updatefound`,()=>{let e=i.installing;e&&c(e)}),i.installing?c(i.installing):i.waiting&&navigator.serviceWorker.controller&&(N()<M?s():console.warn(`SW: a waiting worker exists but reload budget is exhausted – skipping activation`)),i.update().catch(e=>{console.error(e)});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await O(i,{timeoutMs:8e3})({type:`claim`,configurationName:t,data:null}),await ne(2e3))}catch(e){return console.warn(`Failed init ServiceWorker ${e?.toString?.()??String(e)}`),null}re||(re=!0,navigator.serviceWorker.addEventListener(`controllerchange`,()=>{if(k)return;let e=ie();if(e>M){console.warn(`SW controllerchange: reload budget exhausted (${e-1} reloads). Skipping reload to avoid infinite loop.`);return}k=!0,console.log(`SW controller changed – reloading page`),E(),window.location.reload()}));let l=async e=>O(i)({type:`clear`,data:{status:e},configurationName:t}),u=async(e,n,r)=>{let o=await O(i)({type:`init`,data:{oidcServerConfiguration:e,where:n,oidcConfiguration:{token_renew_mode:r.token_renew_mode,service_worker_convert_all_requests_to_cors:r.service_worker_convert_all_requests_to_cors}},configurationName:t}),c=o.version;if(c!==`7.27.4`){console.warn(`Service worker ${c} version mismatch with js client version ${x}, unregistering and reloading`);let e=parseInt(sessionStorage.getItem(a)??`0`,10);if(e<3){if(sessionStorage.setItem(a,String(e+1)),i.waiting)return await s(),await w({milliseconds:500}),k||(k=!0,window.location.reload()),new Promise(()=>{});{E();try{await i.update()}catch(e){console.error(e)}let e=await i.unregister();return console.log(`Service worker unregistering ${e}`),await w({milliseconds:500}),k||(k=!0,window.location.reload()),new Promise(()=>{})}}else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`)}else sessionStorage.removeItem(a),ae();return{tokens:h(o.tokens,null,r.token_renew_mode),status:o.status}},d=(e=`/`)=>{S??(S=`not_null`,T(e))},f=e=>O(i)({type:`setSessionState`,data:{sessionState:e},configurationName:t}),p=async()=>(await O(i)({type:`getSessionState`,data:null,configurationName:t})).sessionState,m=e=>(sessionStorage[`oidc.nonce.${t}`]=e.nonce,O(i)({type:`setNonce`,data:{nonce:e},configurationName:t})),g=async(e=!0)=>{let n=(await O(i)({type:`getNonce`,data:null,configurationName:t})).nonce;return n||(n=sessionStorage[`oidc.nonce.${t}`],console.warn(`nonce not found in service worker, using sessionStorage`),e&&(await m(n),n=(await g(!1)).nonce)),{nonce:n}},_={},v=e=>{_[t]=e,localStorage[`oidc.login.${t}`]=JSON.stringify(e)},y=()=>{let e=localStorage[`oidc.login.${t}`];return _[t]||(_[t]=JSON.parse(e)),_[t]},C=async e=>{await O(i)({type:`setDemonstratingProofOfPossessionNonce`,data:{demonstratingProofOfPossessionNonce:e},configurationName:t})},ee=async()=>(await O(i)({type:`getDemonstratingProofOfPossessionNonce`,data:null,configurationName:t})).demonstratingProofOfPossessionNonce,te=async e=>{let n=JSON.stringify(e);await O(i)({type:`setDemonstratingProofOfPossessionJwk`,data:{demonstratingProofOfPossessionJwkJson:n},configurationName:t})},j=async()=>{let e=await O(i)({type:`getDemonstratingProofOfPossessionJwk`,data:null,configurationName:t});return e.demonstratingProofOfPossessionJwkJson?JSON.parse(e.demonstratingProofOfPossessionJwkJson):null},P=async(e=!0)=>{let n=(await O(i)({type:`getState`,data:null,configurationName:t})).state;return n||(n=sessionStorage[`oidc.state.${t}`],console.warn(`state not found in service worker, using sessionStorage`),e&&(await F(n),n=await P(!1))),n},F=async e=>(sessionStorage[`oidc.state.${t}`]=e,O(i)({type:`setState`,data:{state:e},configurationName:t})),I=async(e=!0)=>{let n=(await O(i)({type:`getCodeVerifier`,data:null,configurationName:t})).codeVerifier;return n||(n=sessionStorage[`oidc.code_verifier.${t}`],console.warn(`codeVerifier not found in service worker, using sessionStorage`),e&&(await L(n),n=await I(!1))),n},L=async e=>(sessionStorage[`oidc.code_verifier.${t}`]=e,O(i)({type:`setCodeVerifier`,data:{codeVerifier:e},configurationName:t}));return{clearAsync:l,initAsync:u,startKeepAliveServiceWorker:()=>d(e.service_worker_keep_alive_path),setSessionStateAsync:f,getSessionStateAsync:p,setNonceAsync:m,getNonceAsync:g,setLoginParams:v,getLoginParams:y,getStateAsync:P,setStateAsync:F,getCodeVerifierAsync:I,setCodeVerifierAsync:L,setDemonstratingProofOfPossessionNonce:C,getDemonstratingProofOfPossessionNonce:ee,setDemonstratingProofOfPossessionJwkAsync:te,getDemonstratingProofOfPossessionJwkAsync:j}},F={},I=(e,t=window.sessionStorage,n)=>{if(!F[e]&&t){let n=t.getItem(e);n&&(F[e]=JSON.parse(n))}let r=1e3*n;return F[e]&&F[e].timestamp+r>Date.now()?F[e].result:null},L=(e,t,n=window.sessionStorage)=>{let r=Date.now();F[e]={result:t,timestamp:r},n&&n.setItem(e,JSON.stringify({result:t,timestamp:r}))};function oe(e){return new TextEncoder().encode(e)}function se(e){return btoa(e).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=+/g,``)}function ce(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(e,t){return String.fromCharCode(parseInt(t,16))})}var R=e=>{let t=``;return e.forEach(function(e){t+=String.fromCharCode(e)}),se(t)};function le(e){return se(ce(e))}var ue={importKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`,hash:{name:`ES256`}},signAlgorithm:{name:`ECDSA`,hash:{name:`SHA-256`}},generateKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`},digestAlgorithm:{name:`SHA-256`},jwtHeaderAlgorithm:`ES256`},de={sign:e=>async(t,n,r,i,a=`dpop+jwt`)=>{switch(t=Object.assign({},t),n.typ=a,n.alg=i.jwtHeaderAlgorithm,n.alg){case`ES256`:n.jwk={kty:t.kty,crv:t.crv,x:t.x,y:t.y};break;case`RS256`:n.jwk={kty:t.kty,n:t.n,e:t.e,kid:n.kid};break;default:throw Error(`Unknown or not implemented JWS algorithm`)}let o={protected:le(JSON.stringify(n)),payload:le(JSON.stringify(r))},s=i.importKeyAlgorithm,c=await e.crypto.subtle.importKey(`jwk`,t,s,!0,[`sign`]),l=oe(`${o.protected}.${o.payload}`),u=i.signAlgorithm,d=await e.crypto.subtle.sign(u,c,l);return o.signature=R(new Uint8Array(d)),`${o.protected}.${o.payload}.${o.signature}`}},fe={generate:e=>async t=>{let n=t,r=await e.crypto.subtle.generateKey(n,!0,[`sign`,`verify`]);return await e.crypto.subtle.exportKey(`jwk`,r.privateKey)},neuter:e=>{let t=Object.assign({},e);return delete t.d,t.key_ops=[`verify`],t}},pe={thumbprint:e=>async(t,n)=>{let r;switch(t.kty){case`EC`:r=`{"crv":"CRV","kty":"EC","x":"X","y":"Y"}`.replace(`CRV`,t.crv).replace(`X`,t.x).replace(`Y`,t.y);break;case`RSA`:r=`{"e":"E","kty":"RSA","n":"N"}`.replace(`E`,t.e).replace(`N`,t.n);break;default:throw Error(`Unknown or not implemented JWK type`)}let i=await e.crypto.subtle.digest(n,oe(r));return R(new Uint8Array(i))}},me=e=>async t=>await fe.generate(e)(t),he=e=>t=>async(n,r=`POST`,i,a={})=>{let o={jti:btoa(ge()),htm:r,htu:i,iat:Math.round(Date.now()/1e3),...a},s=await pe.thumbprint(e)(n,t.digestAlgorithm);return await de.sign(e)(n,{kid:s},o,t)},ge=()=>{let e=`xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx`,t=`0123456789abcdef`,n=0,r=``;for(let i=0;i<36;i++)e[i]!==`-`&&e[i]!==`4`&&(n=Math.random()*16|0),e[i]===`x`?r+=t[n]:e[i]===`y`?(n&=3,n|=8,r+=t[n]):r+=e[i];return r},z=()=>{let e=typeof window<`u`&&!!window.crypto;return{hasCrypto:e,hasSubtleCrypto:e&&!!window.crypto.subtle}},_e=`ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`,ve=e=>{let t=[];for(let n=0;n<e.byteLength;n+=1){let r=e[n]%62;t.push(_e[r])}return t.join(``)},B=e=>{let t=new Uint8Array(e),{hasCrypto:n}=z();if(n)window.crypto.getRandomValues(t);else for(let n=0;n<e;n+=1)t[n]=Math.random()*62|0;return ve(t)};function ye(e){let t=new ArrayBuffer(e.length),n=new Uint8Array(t);for(let t=0;t<e.length;t++)n[t]=e.charCodeAt(t);return n}function be(e){return new Promise((t,n)=>{crypto.subtle.digest(`SHA-256`,ye(e)).then(e=>t(R(new Uint8Array(e))),e=>n(e))})}var xe=e=>{if(e.length<43||e.length>128)return Promise.reject(Error(`Invalid code length.`));let{hasSubtleCrypto:t}=z();return t?be(e):Promise.reject(Error(`window.crypto.subtle is unavailable.`))},Se=3600,Ce=e=>async(t,n=Se,r=window.sessionStorage,i=1e4)=>{let a=`${t}/.well-known/openid-configuration`,o=`oidc.server:${t}`,s=I(o,r,n);if(s)return new Z(s);let c=await V(e)(a,{},i);if(c.status!==200)return null;let l=await c.json();return L(o,l,r),new Z(l)},V=e=>async(t,n={},r=1e4,i=0)=>{let a;try{let i=new AbortController;setTimeout(()=>i.abort(),r),a=await e(t,{...n,signal:i.signal})}catch(a){if(a.name===`AbortError`||a.message===`Network request failed`){if(i<=1)return await V(e)(t,n,r,i+1);throw a}else throw console.error(a.message),a}return a},H={refresh_token:`refresh_token`,access_token:`access_token`},we=e=>async(t,n,r=H.refresh_token,i,a={},o=1e4)=>{let s={token:n,token_type_hint:r,client_id:i};for(let[e,t]of Object.entries(a))s[e]===void 0&&(s[e]=t);let c=[];for(let e in s){let t=encodeURIComponent(e),n=encodeURIComponent(s[e]);c.push(`${t}=${n}`)}let l=c.join(`&`);return(await V(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`},body:l},o)).status===200?{success:!0}:{success:!1}},Te=e=>async(t,n,r,i,a={},o,s=1e4)=>{for(let[e,t]of Object.entries(r))n[e]===void 0&&(n[e]=t);let c=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);c.push(`${t}=${r}`)}let l=c.join(`&`),u=await V(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...a},body:l},s);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};let d=await u.json(),f=null;return u.headers.has(U)&&(f=u.headers.get(U)),{success:!0,status:u.status,data:h(d,i,o),demonstratingProofOfPossessionNonce:f}},Ee=(e,t)=>async(n,r)=>{r=r?{...r}:{};let i=B(128),a=await xe(i);await e.setCodeVerifierAsync(i),await e.setStateAsync(r.state),r.code_challenge=a,r.code_challenge_method=`S256`;let o=``;if(r)for(let[e,t]of Object.entries(r))o===``?o+=`?`:o+=`&`,o+=`${e}=${encodeURIComponent(t)}`;t.open(`${n}${o}`)},U=`DPoP-Nonce`,De=e=>async(t,n,r,i,a=1e4)=>{n=n?{...n}:{},n.code_verifier=await e.getCodeVerifierAsync();let o=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);o.push(`${t}=${r}`)}let s=o.join(`&`),c=await V(fetch)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...r},body:s},a);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let l=null;c.headers.has(U)&&(l=c.headers.get(U));let u=await c.json();return{success:!0,data:{state:n.state,tokens:h(u,null,i),demonstratingProofOfPossessionNonce:l}}};async function Oe(e,t,n,r=null){let{tokens:i,status:a}=await q(e)(t=>{e.tokens=t},0,0,t,n,r);return await P(e.configuration,e.configurationName)||o(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(a),null)}async function ke(e,t=!1,n=null,r=null){let i=e.configuration,a=`${i.client_id}_${e.configurationName}_${i.authority}`,o,s=await P(e.configuration,e.configurationName);if(i?.storage===window?.sessionStorage&&!s||!navigator.locks)o=await Oe(e,t,n,r);else{let i=`retry`;for(;i===`retry`;)i=await navigator.locks.request(a,{ifAvailable:!0},async i=>i?await Oe(e,t,n,r):(e.publishEvent($.eventNames.syncTokensAsync_lock_not_available,{lock:`lock not available`}),`retry`));o=i}return o?(e.timeoutId&&=W(e,e.tokens.expiresAt,n,r),e.tokens):null}var W=(e,t,n=null,r=null)=>{let i=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&b.clearTimeout(e.timeoutId),b.setTimeout(async()=>{let a={timeLeft:g(i,t)};e.publishEvent($.eventNames.token_timer,a),await ke(e,!1,n,r)},1e3)},G={FORCE_REFRESH:`FORCE_REFRESH`,SESSION_LOST:`SESSION_LOST`,NOT_CONNECTED:`NOT_CONNECTED`,TOKENS_VALID:`TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID`,LOGOUT_FROM_ANOTHER_TAB:`LOGOUT_FROM_ANOTHER_TAB`,REQUIRE_SYNC_TOKENS:`REQUIRE_SYNC_TOKENS`,TOKENS_INVALID:`TOKENS_INVALID`},K=e=>async(t,n,r,i=!1)=>{let a={nonce:null};if(!r)return{tokens:null,status:G.NOT_CONNECTED,nonce:a};let s,c=await e.initAsync(t.authority,t.authority_configuration),l=await P(t,n);if(l){let{status:e,tokens:n}=await l.initAsync(c,`syncTokensAsync`,t);if(e===`LOGGED_OUT`)return{tokens:null,status:G.LOGOUT_FROM_ANOTHER_TAB,nonce:a};if(e===`SESSIONS_LOST`)return{tokens:null,status:G.SESSION_LOST,nonce:a};if(!e||!n)return{tokens:null,status:G.REQUIRE_SYNC_TOKENS,nonce:a};if(n.issuedAt!==r.issuedAt)return{tokens:n,status:g(t.refresh_time_before_tokens_expiration_in_second,n.expiresAt)>0?G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,nonce:await l.getNonceAsync()};s=await l.getNonceAsync()}else{let i=o(n,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage),c=await i.initAsync(),{tokens:l}=c,{status:u}=c;if(l&&=m(l,e.tokens,t.token_renew_mode),!l)return{tokens:null,status:G.LOGOUT_FROM_ANOTHER_TAB,nonce:a};if(u===`SESSIONS_LOST`)return{tokens:null,status:G.SESSION_LOST,nonce:a};if(l.issuedAt!==r.issuedAt){let e=g(t.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,n=await i.getNonceAsync();return{tokens:l,status:e,nonce:n}}s=await i.getNonceAsync()}let u=g(t.refresh_time_before_tokens_expiration_in_second,r.expiresAt)>0?`TOKENS_VALID`:`TOKENS_INVALID`;return i?{tokens:r,status:`FORCE_REFRESH`,nonce:s}:{tokens:r,status:u,nonce:s}},q=e=>async(t,n=0,r=0,i=!1,c=null,l=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:`GIVE_UP`};let u=6,d=i?2:5;for(;!navigator.onLine&&u>0;)await w({milliseconds:1e3}),u--,e.publishEvent(a.refreshTokensAsync,{message:`wait because navigator is offline try ${u}`});let f=document.hidden,p=f?n:n+1,m=f?r+1:r;if(n>=d||r>=5)return t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token`}),{tokens:null,status:`SESSION_LOST`};c||={};let h=e.configuration,g=(t,n=null,r=null)=>J(e.configurationName,e.configuration,e.publishEvent.bind(e))(t,n,r),_=async()=>{try{let n,r=await P(h,e.configurationName);n=r?r.getLoginParams():o(e.configurationName,h.storage,h.login_state_storage??h.storage).getLoginParams();let i={};if(n&&n.extras)for(let[e,t]of Object.entries(n.extras))t!=null&&(i[e]=t);if(c)for(let[e,t]of Object.entries(c))t!=null&&(i[e]=t);i.prompt=`none`,l&&(i.scope=l);let s=await g(i);return s?s.error?(t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token silent`}),{tokens:null,status:`SESSION_LOST`}):(t(s.tokens),e.publishEvent($.eventNames.token_renewed,{}),{tokens:s.tokens,status:`LOGGED`}):(t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token silent not active`}),{tokens:null,status:`SESSION_LOST`})}catch(n){return console.error(n),e.publishEvent(a.refreshTokensAsync_silent_error,{message:`exceptionSilent`,exception:n.message}),await q(e)(t,p,m,i,c,l)}};try{let{status:u,tokens:d,nonce:f}=await K(e)(h,e.configurationName,e.tokens,i);switch(u){case G.SESSION_LOST:return t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token session lost`}),{tokens:null,status:`SESSION_LOST`};case G.NOT_CONNECTED:return t(null),{tokens:null,status:null};case G.TOKENS_VALID:return t(d),{tokens:d,status:`LOGGED_IN`};case G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return t(d),e.publishEvent($.eventNames.token_renewed,{reason:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`}),{tokens:d,status:`LOGGED_IN`};case G.LOGOUT_FROM_ANOTHER_TAB:return t(null),e.publishEvent(a.logout_from_another_tab,{status:`session syncTokensAsync`}),{tokens:null,status:`LOGGED_OUT`};case G.REQUIRE_SYNC_TOKENS:return h.token_automatic_renew_mode==s.AutomaticOnlyWhenFetchExecuted&&!i?(e.publishEvent(a.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`}):(e.publishEvent(a.refreshTokensAsync_begin,{tryNumber:n}),await _());default:{if(h.token_automatic_renew_mode==s.AutomaticOnlyWhenFetchExecuted&&G.FORCE_REFRESH!==u)return e.publishEvent(a.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`};if(e.publishEvent(a.refreshTokensAsync_begin,{refreshToken:d.refreshToken,status:u,tryNumber:n,backgroundTry:r}),!d.refreshToken)return await _();let g=h.client_id,v=h.redirect_uri,b=h.authority,x={...h.token_request_extras?h.token_request_extras:{}};for(let[e,t]of Object.entries(c))e.endsWith(`:token_request`)&&(x[e.replace(`:token_request`,``)]=t);return await(async()=>{let n={client_id:g,redirect_uri:v,grant_type:`refresh_token`,refresh_token:d.refreshToken},r=await e.initAsync(b,h.authority_configuration),s=document.hidden?1e4:3e4*10,u=r.tokenEndpoint,_={};h.demonstrating_proof_of_possession&&(_.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(d.accessToken,u,`POST`));let S=await Te(e.getFetch())(u,n,x,d,_,h.token_renew_mode,s);if(S.success){let{isValid:n,reason:i}=y(S.data,f.nonce,r);if(!n)return t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${i}`}),{tokens:null,status:`SESSION_LOST`};if(t(S.data),S.demonstratingProofOfPossessionNonce){let t=await P(h,e.configurationName);t?await t.setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce):await o(e.configurationName,h.storage,h.login_state_storage??h.storage).setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce)}return e.publishEvent(a.refreshTokensAsync_end,{success:S.success}),e.publishEvent($.eventNames.token_renewed,{reason:`REFRESH_TOKEN`}),{tokens:S.data,status:`LOGGED_IN`}}else return e.publishEvent(a.refreshTokensAsync_silent_error,{message:`bad request`,tokenResponse:S}),S.status>=400&&S.status<500?(t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`session lost: ${S.status}`}),{tokens:null,status:`SESSION_LOST`}):await q(e)(t,p,m,i,c,l)})()}}}catch(n){return console.error(n),e.publishEvent(a.refreshTokensAsync_silent_error,{message:`exception`,exception:n.message}),new Promise((n,r)=>{setTimeout(()=>{q(e)(t,p,m,i,c,l).then(n).catch(r)},1e3)})}},J=(e,t,n)=>(r=null,i=null,o=null)=>{if(!t.silent_redirect_uri||!t.silent_login_uri)return Promise.resolve(null);try{n(a.silentLoginAsync_begin,{});let s=``;if(i&&(r??={},r.state=i),o!=null&&(r??={},r.scope=o),r!=null)for(let[e,t]of Object.entries(r))t!=null&&(s===``?s=`?${encodeURIComponent(e)}=${encodeURIComponent(t)}`:s+=`&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);let c=t.silent_login_uri+s,l=c.indexOf(`/`,c.indexOf(`//`)+2),u=c.substring(0,l),d=document.createElement(`iframe`);return d.width=`0px`,d.height=`0px`,d.id=`${e}_oidc_iframe`,d.setAttribute(`src`,c),d.style.display=`none`,document.body.appendChild(d),new Promise((r,i)=>{let o=!1,s=()=>{window.removeEventListener(`message`,c),d.remove(),o=!0},c=t=>{if(t.origin===u&&t.source===d.contentWindow){let c=`${e}_oidc_tokens:`,l=`${e}_oidc_error:`,u=`${e}_oidc_exception:`,d=t.data;if(d&&typeof d==`string`&&!o){if(d.startsWith(c)){let e=JSON.parse(t.data.replace(c,``));n(a.silentLoginAsync_end,{}),r(e),s()}else if(d.startsWith(l)){let e=JSON.parse(t.data.replace(l,``));n(a.silentLoginAsync_error,e),r({error:`oidc_`+e.error,tokens:null,sessionState:null}),s()}else if(d.startsWith(u)){let e=JSON.parse(t.data.replace(u,``));n(a.silentLoginAsync_error,e),i(Error(e.error)),s()}}}};try{window.addEventListener(`message`,c);let e=t.silent_login_timeout;setTimeout(()=>{o||(s(),n(a.silentLoginAsync_error,{reason:`timeout`}),i(Error(`timeout`)))},e)}catch(e){s(),n(a.silentLoginAsync_error,e),i(e)}})}catch(e){throw n(a.silentLoginAsync_error,e),e}},Ae=(e,t,n,r,i)=>(e=null,o=void 0)=>{e={...e};let s=(e,a,o)=>J(t,n,r.bind(i))(e,a,o);return(async()=>{i.timeoutId&&b.clearTimeout(i.timeoutId);let t;e&&`state`in e&&(t=e.state,delete e.state);try{let c=await s({...n.extras?{...n.extras,...e}:e,prompt:`none`},t,o);if(c)return i.tokens=c.tokens,r(a.token_acquired,{}),i.timeoutId=W(i,i.tokens.expiresAt,e,o),{}}catch(e){return e}})()},je=(e,t,n)=>(r,a,o,s=!1)=>{let c=(t,r=void 0,i=void 0)=>J(e.configurationName,n,e.publishEvent.bind(e))(t,r,i);return new Promise((l,u)=>{n.silent_login_uri&&n.silent_redirect_uri&&n.monitor_session&&r&&o&&!s?(e.checkSessionIFrame=new i(()=>{e.checkSessionIFrame.stop();let r=e.tokens;if(r===null)return;let i=r.idToken,a=r.idTokenPayload;return c({prompt:`none`,id_token_hint:i,scope:n.scope||`openid`}).then(t=>{if(t.error)throw Error(t.error);let n=t.tokens.idTokenPayload;if(a.sub===n.sub){let r=t.sessionState;e.checkSessionIFrame.start(t.sessionState),a.sid===n.sid?console.debug(`SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:`,r):console.debug(`SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:`,r)}else console.debug(`SessionMonitor._callback: Different subject signed into OP:`,n.sub)}).catch(async e=>{console.warn(`SessionMonitor._callback: Silent login failed, logging out other tabs:`,e);for(let[,e]of Object.entries(t))await e.logoutOtherTabAsync(n.client_id,a.sub)})},a,r),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(o),l(e.checkSessionIFrame)}).catch(e=>{u(e)})):l(null)})},Me=e=>!!(e.os===`iOS`&&e.osVersion.startsWith(`12`)||e.os===`Mac OS X`&&e.osVersion.startsWith(`10_15_6`)),Ne=e=>{let t=e.appVersion,n=e.userAgent,r=`-`,i=[{s:`Windows 10`,r:/(Windows 10.0|Windows NT 10.0)/},{s:`Windows 8.1`,r:/(Windows 8.1|Windows NT 6.3)/},{s:`Windows 8`,r:/(Windows 8|Windows NT 6.2)/},{s:`Windows 7`,r:/(Windows 7|Windows NT 6.1)/},{s:`Windows Vista`,r:/Windows NT 6.0/},{s:`Windows Server 2003`,r:/Windows NT 5.2/},{s:`Windows XP`,r:/(Windows NT 5.1|Windows XP)/},{s:`Windows 2000`,r:/(Windows NT 5.0|Windows 2000)/},{s:`Windows ME`,r:/(Win 9x 4.90|Windows ME)/},{s:`Windows 98`,r:/(Windows 98|Win98)/},{s:`Windows 95`,r:/(Windows 95|Win95|Windows_95)/},{s:`Windows NT 4.0`,r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:`Windows CE`,r:/Windows CE/},{s:`Windows 3.11`,r:/Win16/},{s:`Android`,r:/Android/},{s:`Open BSD`,r:/OpenBSD/},{s:`Sun OS`,r:/SunOS/},{s:`Chrome OS`,r:/CrOS/},{s:`Linux`,r:/(Linux|X11(?!.*CrOS))/},{s:`iOS`,r:/(iPhone|iPad|iPod)/},{s:`Mac OS X`,r:/Mac OS X/},{s:`Mac OS`,r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:`QNX`,r:/QNX/},{s:`UNIX`,r:/UNIX/},{s:`BeOS`,r:/BeOS/},{s:`OS/2`,r:/OS\/2/},{s:`Search Bot`,r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(let e in i){let t=i[e];if(t.r.test(n)){r=t.s;break}}let a=`-`;switch(/Windows/.test(r)&&(a=/Windows (.*)/.exec(r)[1],r=`Windows`),r){case`Mac OS`:case`Mac OS X`:case`Android`:a=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];break;case`iOS`:{let e=/OS (\d+)_(\d+)_?(\d+)?/.exec(t);e!=null&&e.length>2&&(a=e[1]+`.`+e[2]+`.`+(parseInt(e[3])|0));break}}return{os:r,osVersion:a}};function Pe(){let e=navigator.userAgent,t,n=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(n[1]))return t=/\brv[ :]+(\d+)/g.exec(e)||[],{name:`ie`,version:t[1]||``};if(n[1]===`Chrome`&&(t=e.match(/\bOPR|Edge\/(\d+)/),t!=null)){let n=t[1];if(!n){let r=e.split(t[0]+`/`);r.length>1&&(n=r[1])}return{name:`opera`,version:n}}return n=n[2]?[n[1],n[2]]:[navigator.appName,navigator.appVersion,`-?`],(t=e.match(/version\/(\d+)/i))!=null&&n.splice(1,1,t[1]),{name:n[0].toLowerCase(),version:n[1]}}var Fe=()=>{let{name:e,version:t}=Pe();return e===`chrome`&&parseInt(t)<=70||e===`opera`&&(!t||parseInt(t.split(`.`)[0])<80)||e===`ie`?!1:!Me(Ne(navigator))},Ie=async e=>{let t;if(e.tokens!=null)return!1;e.publishEvent(a.tryKeepExistingSessionAsync_begin,{});try{let n=e.configuration,r=await e.initAsync(n.authority,n.authority_configuration);if(t=await P(n,e.configurationName),t){let{tokens:i}=await t.initAsync(r,`tryKeepExistingSessionAsync`,n);if(i){t.startKeepAliveServiceWorker(),e.tokens=i;let o=t.getLoginParams(e.configurationName);e.timeoutId=W(e,e.tokens.expiresAt,o.extras,o.scope);let s=await t.getSessionStateAsync();return await e.startCheckSessionAsync(r.checkSessionIframe,n.client_id,s),n.preload_user_info&&await e.userInfoAsync(),e.publishEvent(a.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside ServiceWorker are valid`}),!0}e.publishEvent(a.tryKeepExistingSessionAsync_end,{success:!1,message:`no exiting session found`})}else{n.service_worker_relative_url&&e.publishEvent(a.service_worker_not_supported_by_browser,{message:`service worker is not supported by this browser`});let t=o(e.configurationName,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage),{tokens:i}=await t.initAsync();if(i){e.tokens=m(i,null,n.token_renew_mode);let o=t.getLoginParams();e.timeoutId=W(e,e.tokens.expiresAt,o.extras,o.scope);let s=await t.getSessionStateAsync();return await e.startCheckSessionAsync(r.checkSessionIframe,n.client_id,s),n.preload_user_info&&await e.userInfoAsync(),e.publishEvent(a.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside storage are valid`}),!0}}return e.publishEvent(a.tryKeepExistingSessionAsync_end,{success:!1,message:t?`service worker sessions not retrieved`:`session storage sessions not retrieved`}),!1}catch(n){return console.error(n),t&&await t.clearAsync(),e.publishEvent(a.tryKeepExistingSessionAsync_error,`tokens inside ServiceWorker are invalid`),!1}},Le=e=>{let t=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!t)throw Error(`Invalid URL`);let n=t[6],r=t[7];if(r){let e=r.split(`?`);e.length===2&&(r=e[0],n=e[1])}return n.startsWith(`?`)&&(n=n.slice(1)),t&&{href:e,protocol:t[1],host:t[2],hostname:t[3],port:t[4],path:t[5],search:n,hash:r}},Re=e=>{let t=Le(e),{path:n}=t;n.endsWith(`/`)&&(n=n.slice(0,-1));let{hash:r}=t;return r===`#_=_`&&(r=``),r&&(n+=r),n},Y=e=>{let{search:t}=Le(e);return ze(t)},ze=e=>{let t={},n,r,i,a=e.split(`&`);for(r=0,i=a.length;r<i;r++)n=a[r].split(`=`),t[decodeURIComponent(n[0])]=decodeURIComponent(n[1]);return t},Be=(e,t,n,r,i)=>(s=void 0,c=null,l=!1,u=void 0)=>{let d=c;return c={...c},(async()=>{let f=s||i.getPath();if(`state`in c||(c.state=B(16)),n(a.loginAsync_begin,{}),c)for(let e of Object.keys(c))e.endsWith(`:token_request`)&&delete c[e];try{let n=l?t.silent_redirect_uri:t.redirect_uri;u||=t.scope;let a=t.extras?{...t.extras,...c}:c;a.nonce||=B(12);let s={nonce:a.nonce},p=await P(t,e),m=await r(t.authority,t.authority_configuration),h;if(p)p.setLoginParams({callbackPath:f,extras:d,scope:u}),await p.initAsync(m,`loginAsync`,t),await p.setNonceAsync(s),p.startKeepAliveServiceWorker(),h=p;else{let n=o(e,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage);n.setLoginParams({callbackPath:f,extras:d,scope:u}),await n.setNonceAsync(s),h=n}let g={client_id:t.client_id,redirect_uri:n,scope:u,response_type:`code`,...a};await Ee(h,i)(m.authorizationEndpoint,g)}catch(e){throw n(a.loginAsync_error,e),e}})()},Ve=e=>async(t=!1)=>{try{e.publishEvent(a.loginCallbackAsync_begin,{});let n=e.configuration,r=n.client_id,i=t?n.silent_redirect_uri:n.redirect_uri,s=n.authority,c=n.token_request_timeout,l=await e.initAsync(s,n.authority_configuration),u=Y(e.location.getCurrentHref()),d=u.session_state,f=await P(n,e.configurationName),p,m,h,g;if(f)await f.initAsync(l,`loginCallbackAsync`,n),await f.setSessionStateAsync(d),m=await f.getNonceAsync(),h=f.getLoginParams(),g=await f.getStateAsync(),f.startKeepAliveServiceWorker(),p=f;else{let t=o(e.configurationName,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage);await t.setSessionStateAsync(d),m=await t.getNonceAsync(),h=t.getLoginParams(),g=await t.getStateAsync(),p=t}if(u.error||u.error_description)throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==l.issuer)throw console.error(),Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);if(u.state&&u.state!==g)throw Error(`State not valid (expected: ${g}, received: ${u.state})`);let _={code:u.code,grant_type:`authorization_code`,client_id:n.client_id,redirect_uri:i},v={};if(n.token_request_extras)for(let[e,t]of Object.entries(n.token_request_extras))v[e]=t;if(h?.extras)for(let[e,t]of Object.entries(h.extras))e.endsWith(`:token_request`)&&(v[e.replace(`:token_request`,``)]=t);let b=l.tokenEndpoint,x={};if(n.demonstrating_proof_of_possession)if(f)x.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{let t=await me(window)(n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await o(e.configurationName,n.storage,n.login_state_storage??n.storage).setDemonstratingProofOfPossessionJwkAsync(t),x.DPoP=await he(window)(n.demonstrating_proof_of_possession_configuration)(t,`POST`,b)}let S=await De(p)(b,{..._,...v},x,e.configuration.token_renew_mode,c);if(!S.success)throw Error(`Token request failed`);let C,w=S.data.tokens,T=S.data.demonstratingProofOfPossessionNonce;if(S.data.state!==v.state)throw Error(`state is not valid`);let{isValid:E,reason:D}=y(w,m.nonce,l);if(!E)throw Error(`Tokens are not OpenID valid, reason: ${D}`);if(f){if(w.refreshToken&&!w.refreshToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Refresh token should be hidden by service worker`);if(T&&w?.accessToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Demonstration of proof of possession require Access token not hidden by service worker`)}if(f)await f.initAsync(l,`syncTokensAsync`,n),C=f.getLoginParams(),T&&await f.setDemonstratingProofOfPossessionNonce(T);else{let t=o(e.configurationName,n.storage,n.login_state_storage??n.storage);C=t.getLoginParams(),T&&await t.setDemonstratingProofOfPossessionNonce(T)}return await e.startCheckSessionAsync(l.checkSessionIframe,r,d,t),e.publishEvent(a.loginCallbackAsync_end,{}),{tokens:w,state:`request.state`,callbackPath:C.callbackPath,scope:u.scope,extras:C.extras}}catch(t){throw console.error(t),e.publishEvent(a.loginCallbackAsync_error,t),t}},He={access_token:`access_token`,refresh_token:`refresh_token`},X=(e,t)=>{let n={};if(e){for(let[r,i]of Object.entries(e))if(r.endsWith(t)){let e=r.replace(t,``);n[e]=i}return n}return n},Ue=e=>{let t={};if(e){for(let[n,r]of Object.entries(e))n.includes(`:`)||(t[n]=r);return t}return t},We=e=>async t=>{b.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();let n=await P(e.configuration,e.configurationName);n?await n.clearAsync(t):await o(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).clearAsync(t),e.tokens=null,e.userInfo=null},Ge=(e,t,n,r,i)=>async(o=void 0,s=null)=>{let c=e.configuration,l=await e.initAsync(c.authority,c.authority_configuration);o&&typeof o!=`string`&&(o=void 0,r.warn(`callbackPathOrUrl path is not a string`));let u=o??i.getPath(),d=!1;o&&(d=o.includes(`https://`)||o.includes(`http://`));let f=d?o:i.getOrigin()+u,p=e.tokens?e.tokens.idToken:``;try{let t=l.revocationEndpoint;if(t){let r=[],i=e.tokens?e.tokens.accessToken:null;if(i&&c.logout_tokens_to_invalidate.includes(He.access_token)){let e=X(s,`:revoke_access_token`),a=we(n)(t,i,H.access_token,c.client_id,e);r.push(a)}let a=e.tokens?e.tokens.refreshToken:null;if(a&&c.logout_tokens_to_invalidate.includes(He.refresh_token)){let e=X(s,`:revoke_refresh_token`),i=we(n)(t,a,H.refresh_token,c.client_id,e);r.push(i)}r.length>0&&await Promise.all(r)}}catch(e){r.warn(`logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error`),r.warn(e)}let m=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync(`LOGGED_OUT`);for(let[,n]of Object.entries(t))n===e?e.publishEvent(a.logout_from_same_tab,{}):await e.logoutSameTabAsync(e.configuration.client_id,m);let h=X(s,`:oidc`);if(h&&h.no_reload===`true`)return;let g=Ue(s);if(l.endSessionEndpoint){`id_token_hint`in g||(g.id_token_hint=p),!(`post_logout_redirect_uri`in g)&&o!==null&&(g.post_logout_redirect_uri=f);let e=``;for(let[t,n]of Object.entries(g))n!=null&&(e===``?e+=`?`:e+=`&`,e+=`${t}=${encodeURIComponent(n)}`);i.open(`${l.endSessionEndpoint}${e}`)}else i.reload()},Ke=(e,t,n=!1)=>async(...r)=>{let[i,a,...o]=r,s=a?{...a}:{method:`GET`},c=new Headers;s.headers&&(c=s.headers instanceof Headers?s.headers:new Headers(s.headers));let l=(await v({getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await K(t)(t.configuration,t.configurationName,t.tokens,!1);return e},renewTokensAsync:t.renewTokensAsync.bind(t)}))?.tokens?.accessToken;if(c.has(`Accept`)||c.set(`Accept`,`application/json`),l){if(t.configuration.demonstrating_proof_of_possession&&n){let e=await t.generateDemonstrationOfProofOfPossessionAsync(l,i.toString(),s.method);c.set(`Authorization`,`DPoP ${l}`),c.set(`DPoP`,e)}else c.set(`Authorization`,`Bearer ${l}`);s.credentials||=`same-origin`}return await e(i,{...s,headers:c},...o)},qe=e=>async(t=!1,n=!1)=>{if(e.userInfo!=null&&!t)return e.userInfo;let r=!t&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(r)return e.userInfo=JSON.parse(r),e.userInfo;let i=e.configuration,a=(await e.initAsync(i.authority,i.authority_configuration)).userInfoEndpoint,o=await(async()=>{let t=await Ke(fetch,e,n)(a);return t.status===200?t.json():null})();return e.userInfo=o,o&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(o)),o},Je=()=>fetch,Z=class{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}},Q={},Ye=(e,n=new t)=>(t,r=`default`)=>(Q[r]||(Q[r]=new $(t,r,e,n)),Q[r]),Xe=async e=>{let{parsedTokens:t,callbackPath:n,extras:r,scope:i}=await e.loginCallbackAsync();return e.timeoutId=W(e,t.expiresAt,r,i),{callbackPath:n}},Ze=e=>Math.floor(Math.random()*e),$=class e{constructor(e,n=`default`,r,i=new t){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let a=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(a=`${e.silent_redirect_uri.replace(`-callback`,``).replace(`callback`,``)}-login`);let o=e.refresh_time_before_tokens_expiration_in_second??120;o>60&&(o-=Math.floor(Math.random()*40)),this.location=i??new t,this.configuration={...e,silent_login_uri:a,token_automatic_renew_mode:e.token_automatic_renew_mode??s.AutomaticBeforeTokenExpiration,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:o,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??f.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??[`access_token`,`refresh_token`],service_worker_activate:e.service_worker_activate??Fe,demonstrating_proof_of_possession_configuration:e.demonstrating_proof_of_possession_configuration??ue,preload_user_info:e.preload_user_info??!1},this.getFetch=r??Je,this.configurationName=n,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){let t=Ze(9999999999999).toString();return this.events.push({id:t,func:e}),t}removeEventSubscription(e){let t=this.events.filter(t=>t.id!==e);this.events=t}publishEvent(e,t){this.events.forEach(n=>{n.func(e,t)})}static{this.getOrCreate=(e,t)=>(n,r=`default`)=>Ye(e,t)(n,r)}static get(e=`default`){let t=typeof process>`u`;if(!Object.prototype.hasOwnProperty.call(Q,e)&&t)throw Error(`OIDC library does seem initialized.
1
+ (function(e,t){typeof exports==`object`&&typeof module<`u`?t(exports):typeof define==`function`&&define.amd?define([`exports`],t):(e=typeof globalThis<`u`?globalThis:e||self,t(e[`oidc-client`]={}))})(this,function(e){Object.defineProperty(e,Symbol.toStringTag,{value:`Module`});var t=class{open(e){window.location.href=e}reload(){window.location.reload()}getCurrentHref(){return window.location.href}getPath(){let e=window.location;return e.pathname+(e.search||``)+(e.hash||``)}getOrigin(){return window.origin}},n=2e3,r=console,i=class{constructor(e,t,r,i=n,a=!0){this._callback=e,this._client_id=t,this._url=r,this._interval=i||n,this._stopOnError=a;let o=r.indexOf(`/`,r.indexOf(`//`)+2);this._frame_origin=r.substring(0,o),this._frame=window.document.createElement(`iframe`),this._frame.style.visibility=`hidden`,this._frame.style.position=`absolute`,this._frame.style.display=`none`,this._frame.width=0,this._frame.height=0,this._frame.src=r}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener(`message`,this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data===`error`?(r.error(`CheckSessionIFrame: error message from check session op iframe`),this._stopOnError&&this.stop()):e.data===`changed`?(r.debug(e),r.debug(`CheckSessionIFrame: changed message from check session op iframe`),this.stop(),this._callback()):r.debug(`CheckSessionIFrame: `+e.data+` message from check session op iframe`))}start(e){r.debug(`CheckSessionIFrame.start :`+e),this.stop();let t=()=>{this._frame.contentWindow.postMessage(this._client_id+` `+e,this._frame_origin)};t(),this._timer=window.setInterval(t,this._interval)}stop(){this._timer&&=(r.debug(`CheckSessionIFrame.stop`),window.clearInterval(this._timer),null)}},a={service_worker_not_supported_by_browser:`service_worker_not_supported_by_browser`,token_acquired:`token_acquired`,logout_from_another_tab:`logout_from_another_tab`,logout_from_same_tab:`logout_from_same_tab`,token_renewed:`token_renewed`,token_timer:`token_timer`,loginAsync_begin:`loginAsync_begin`,loginAsync_error:`loginAsync_error`,loginCallbackAsync_begin:`loginCallbackAsync_begin`,loginCallbackAsync_end:`loginCallbackAsync_end`,loginCallbackAsync_error:`loginCallbackAsync_error`,refreshTokensAsync_begin:`refreshTokensAsync_begin`,refreshTokensAsync:`refreshTokensAsync`,refreshTokensAsync_end:`refreshTokensAsync_end`,refreshTokensAsync_error:`refreshTokensAsync_error`,refreshTokensAsync_silent_error:`refreshTokensAsync_silent_error`,tryKeepExistingSessionAsync_begin:`tryKeepExistingSessionAsync_begin`,tryKeepExistingSessionAsync_end:`tryKeepExistingSessionAsync_end`,tryKeepExistingSessionAsync_error:`tryKeepExistingSessionAsync_error`,silentLoginAsync_begin:`silentLoginAsync_begin`,silentLoginAsync:`silentLoginAsync`,silentLoginAsync_end:`silentLoginAsync_end`,silentLoginAsync_error:`silentLoginAsync_error`,syncTokensAsync_begin:`syncTokensAsync_begin`,syncTokensAsync_lock_not_available:`syncTokensAsync_lock_not_available`,syncTokensAsync_end:`syncTokensAsync_end`,syncTokensAsync_error:`syncTokensAsync_error`,tokensInvalidAndWaitingActionsToRefresh:`tokensInvalidAndWaitingActionsToRefresh`},o=(e,t=sessionStorage,n)=>{let r=n??t,i=i=>(t[`oidc.${e}`]=JSON.stringify({tokens:null,status:i}),delete t[`oidc.${e}.userInfo`],n&&n!==t&&(delete r[`oidc.login.${e}`],delete r[`oidc.state.${e}`],delete r[`oidc.code_verifier.${e}`],delete r[`oidc.nonce.${e}`]),Promise.resolve()),a=async()=>{if(!t[`oidc.${e}`])return t[`oidc.${e}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};let n=JSON.parse(t[`oidc.${e}`]);return Promise.resolve({tokens:n.tokens,status:n.status})},o=n=>{t[`oidc.${e}`]=JSON.stringify({tokens:n})},s=async n=>{t[`oidc.session_state.${e}`]=n},c=async()=>t[`oidc.session_state.${e}`],l=t=>{r[`oidc.nonce.${e}`]=t.nonce},u=n=>{t[`oidc.jwk.${e}`]=JSON.stringify(n)},d=()=>JSON.parse(t[`oidc.jwk.${e}`]),f=async()=>({nonce:r[`oidc.nonce.${e}`]}),p=async n=>{t[`oidc.dpop_nonce.${e}`]=n},m=()=>t[`oidc.dpop_nonce.${e}`],h=()=>t[`oidc.${e}`]?JSON.stringify({tokens:JSON.parse(t[`oidc.${e}`]).tokens}):null,g={};return{clearAsync:i,initAsync:a,setTokens:o,getTokens:h,setSessionStateAsync:s,getSessionStateAsync:c,setNonceAsync:l,getNonceAsync:f,setLoginParams:t=>{g[e]=t,r[`oidc.login.${e}`]=JSON.stringify(t)},getLoginParams:()=>{let t=r[`oidc.login.${e}`];return t?(g[e]||(g[e]=JSON.parse(t)),g[e]):(console.warn(`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`),null)},getStateAsync:async()=>r[`oidc.state.${e}`],setStateAsync:async t=>{r[`oidc.state.${e}`]=t},getCodeVerifierAsync:async()=>r[`oidc.code_verifier.${e}`],setCodeVerifierAsync:async t=>{r[`oidc.code_verifier.${e}`]=t},setDemonstratingProofOfPossessionNonce:p,getDemonstratingProofOfPossessionNonce:m,setDemonstratingProofOfPossessionJwkAsync:u,getDemonstratingProofOfPossessionJwkAsync:d}},s=function(e){return e.AutomaticBeforeTokenExpiration=`AutomaticBeforeTokensExpiration`,e.AutomaticOnlyWhenFetchExecuted=`AutomaticOnlyWhenFetchExecuted`,e}({}),c=e=>decodeURIComponent(Array.prototype.map.call(atob(e),e=>`%`+(`00`+e.charCodeAt(0).toString(16)).slice(-2)).join(``)),l=e=>JSON.parse(c(e.replaceAll(/-/g,`+`).replaceAll(/_/g,`/`))),u=e=>{try{return e&&d(e,`.`)===2?l(e.split(`.`)[1]):null}catch(e){console.warn(e)}return null},d=(e,t)=>e.split(t).length-1,f={access_token_or_id_token_invalid:`access_token_or_id_token_invalid`,access_token_invalid:`access_token_invalid`,id_token_invalid:`id_token_invalid`};function p(e,t,n){return e.issuedAt?typeof e.issuedAt==`string`?parseInt(e.issuedAt,10):e.issuedAt:t&&t.iat?t.iat:n&&n.iat?n.iat:new Date().getTime()/1e3}var m=(e,t=null,n)=>{if(!e)return null;let r,i=typeof e.expiresIn==`string`?parseInt(e.expiresIn,10):e.expiresIn;r=e.accessTokenPayload===void 0?u(e.accessToken):e.accessTokenPayload;let a;a=t!=null&&`idToken`in t&&!(`idToken`in e)?t.idToken:e.idToken;let o=e.idTokenPayload?e.idTokenPayload:u(a),s=o&&o.exp?o.exp:Number.MAX_VALUE,c=r&&r.exp?r.exp:e.issuedAt+i;e.issuedAt=p(e,r,o);let l;l=e.expiresAt?e.expiresAt:n===f.access_token_invalid?c:n===f.id_token_invalid||s<c?s:c;let d={...e,idTokenPayload:o,accessTokenPayload:r,expiresAt:l,idToken:a};if(t!=null&&`refreshToken`in t&&!(`refreshToken`in e)){let e=t.refreshToken;return{...d,refreshToken:e}}return d},h=(e,t,n)=>{if(!e)return null;e.issued_at||=new Date().getTime()/1e3;let r={accessToken:e.access_token,expiresIn:e.expires_in,idToken:e.id_token,scope:e.scope,tokenType:e.token_type,issuedAt:e.issued_at};return`refresh_token`in e&&(r.refreshToken=e.refresh_token),e.accessTokenPayload!==void 0&&(r.accessTokenPayload=e.accessTokenPayload),e.idTokenPayload!==void 0&&(r.idTokenPayload=e.idTokenPayload),m(r,t,n)},g=(e,t)=>{let n=t-new Date().getTime()/1e3;return Math.round(n-e)},_=(e,t=0)=>e?g(t,e.expiresAt)>0:!1,v=async(e,t=200,n=50)=>{let r=n,i=await e.syncTokensInfoAsync();for(;[G.REQUIRE_SYNC_TOKENS,G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,G.TOKENS_INVALID].includes(i)&&r>0;){if(e.configuration.token_automatic_renew_mode==s.AutomaticOnlyWhenFetchExecuted){await e.renewTokensAsync({});break}else await w({milliseconds:t});--r,i=await e.syncTokensInfoAsync()}return{isTokensValid:_(e.getTokens()),tokens:e.getTokens(),numberWaited:r-n}},y=(e,t,n)=>{if(e.idTokenPayload){let r=e.idTokenPayload;if(n.issuer!==r.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${n.issuer} !== (idTokenPayload issuer) ${r.iss}`};let i=new Date().getTime()/1e3;if(r.exp&&r.exp<i)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${r.exp} < (currentTimeUnixSecond) ${i}`};let a=3600*24*7;if(r.iat&&r.iat+a<i)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${r.iat+a} < (currentTimeUnixSecond) ${i}`};if(r.nonce&&r.nonce!==t)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${r.nonce} !== (nonce) ${t}`}}return{isValid:!0,reason:``}},b=(function(){let e=typeof window>`u`?global:window;return{setTimeout:setTimeout.bind(e),clearTimeout:clearTimeout.bind(e),setInterval:setInterval.bind(e),clearInterval:clearInterval.bind(e)}})(),x=`7.27.7`,S=null,C,w=({milliseconds:e})=>new Promise(t=>b.setTimeout(t,e)),T=(e=`/`)=>{try{C=new AbortController,fetch(`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,{signal:C.signal}).catch(e=>{console.log(e)}),w({milliseconds:150*1e3}).then(()=>T(e))}catch(e){console.log(e)}},E=()=>{C&&C.abort()},D=e=>{let t=`oidc.tabId.${e}`,n=sessionStorage.getItem(t);if(n)return n;let r=globalThis.crypto.randomUUID();return sessionStorage.setItem(t,r),r},ee=5e3,te=e=>navigator.serviceWorker.controller??e.active??e.waiting??e.installing??null,O=(e,t)=>n=>{let r=t?.timeoutMs??ee;return new Promise((t,i)=>{let a=te(e);if(!a){i(Error(`Service worker target not available (controller/active/waiting/installing missing)`));return}let o=new MessageChannel,s=null,c=()=>{try{s!=null&&(b.clearTimeout(s),s=null),o.port1.onmessage=null,o.port1.close(),o.port2.close()}catch(e){console.error(e)}};s=b.setTimeout(()=>{c(),i(Error(`Service worker did not respond within ${r}ms (type=${n?.type})`))},r),o.port1.onmessage=e=>{c(),e?.data?.error?i(e.data.error):t(e.data)};try{let e=n?.configurationName;a.postMessage({...n,tabId:D(e??`default`)},[o.port2])}catch(e){c(),i(e)}})},ne=async e=>navigator.serviceWorker.controller?navigator.serviceWorker.controller:new Promise(t=>{let n=!1,r=()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))};navigator.serviceWorker.addEventListener(`controllerchange`,r),b.setTimeout(()=>{n||(n=!0,navigator.serviceWorker.removeEventListener(`controllerchange`,r),t(navigator.serviceWorker.controller??null))},e)}),re=!1,k=!1,A=new Map,j=`oidc.sw.controllerchange_reload_count`,M=3,N=()=>{try{return parseInt(sessionStorage.getItem(j)??`0`,10)}catch{return 0}},ie=()=>{let e=N()+1;try{sessionStorage.setItem(j,String(e))}catch{}return e},ae=()=>{try{sessionStorage.removeItem(j)}catch{}},P=async(e,t)=>{let n=e.service_worker_relative_url;if(typeof window>`u`||typeof navigator>`u`||!navigator.serviceWorker||!n||e.service_worker_activate()===!1)return null;let r=`${n}?v=${x}`,i=null;e.service_worker_register?(A.has(n)||A.set(n,e.service_worker_register(n)),i=await A.get(n)):(A.has(r)||A.set(r,navigator.serviceWorker.register(r,{updateViaCache:`none`})),i=await A.get(r));let a=`oidc.sw.version_mismatch_reload.${t}`,o=async e=>{E(),console.log(`New SW waiting – SKIP_WAITING`);try{await new Promise((n,r)=>{let i=new MessageChannel,a=null,o=()=>{try{a!=null&&(b.clearTimeout(a),a=null),i.port1.onmessage=null,i.port1.close(),i.port2.close()}catch(e){console.error(e)}};a=b.setTimeout(()=>{o(),r(Error(`SKIP_WAITING did not respond within 8000ms`))},8e3),i.port1.onmessage=e=>{o(),e?.data?.error?r(e.data.error):n()};try{e.postMessage({type:`SKIP_WAITING`,configurationName:t,data:null,tabId:D(t??`default`)},[i.port2])}catch(e){o(),r(e)}})}catch(e){console.warn(`SKIP_WAITING failed`,e)}},s=async()=>{let e=i.waiting;e?await o(e):console.warn(`sendSkipWaiting called but no waiting service worker found`)},c=e=>{E(),e.addEventListener(`statechange`,async()=>{if(e.state===`installed`&&navigator.serviceWorker.controller){if(N()>=M){console.warn(`SW trackInstallingWorker: skipping SKIP_WAITING because the reload budget is exhausted`);return}await o(e)}})};i.addEventListener(`updatefound`,()=>{let e=i.installing;e&&c(e)}),i.installing?c(i.installing):i.waiting&&navigator.serviceWorker.controller&&(N()<M?s():console.warn(`SW: a waiting worker exists but reload budget is exhausted – skipping activation`)),i.update().catch(e=>{console.error(e)});try{await navigator.serviceWorker.ready,navigator.serviceWorker.controller||(await O(i,{timeoutMs:8e3})({type:`claim`,configurationName:t,data:null}),await ne(2e3))}catch(e){return console.warn(`Failed init ServiceWorker ${e?.toString?.()??String(e)}`),null}re||(re=!0,navigator.serviceWorker.addEventListener(`controllerchange`,()=>{if(k)return;let e=ie();if(e>M){console.warn(`SW controllerchange: reload budget exhausted (${e-1} reloads). Skipping reload to avoid infinite loop.`);return}k=!0,console.log(`SW controller changed – reloading page`),E(),window.location.reload()}));let l=async e=>O(i)({type:`clear`,data:{status:e},configurationName:t}),u=async(e,n,r)=>{let o=await O(i)({type:`init`,data:{oidcServerConfiguration:e,where:n,oidcConfiguration:{token_renew_mode:r.token_renew_mode,service_worker_convert_all_requests_to_cors:r.service_worker_convert_all_requests_to_cors}},configurationName:t}),c=o.version;if(c!==`7.27.7`){console.warn(`Service worker ${c} version mismatch with js client version ${x}, unregistering and reloading`);let e=parseInt(sessionStorage.getItem(a)??`0`,10);if(e<3){if(sessionStorage.setItem(a,String(e+1)),i.waiting)return await s(),await w({milliseconds:500}),k||(k=!0,window.location.reload()),new Promise(()=>{});{E();try{await i.update()}catch(e){console.error(e)}let e=await i.unregister();return console.log(`Service worker unregistering ${e}`),await w({milliseconds:500}),k||(k=!0,window.location.reload()),new Promise(()=>{})}}else console.error(`Service worker version mismatch persists after ${e} attempt(s). Continuing with mismatched version.`)}else sessionStorage.removeItem(a),ae();return{tokens:h(o.tokens,null,r.token_renew_mode),status:o.status}},d=(e=`/`)=>{S??(S=`not_null`,T(e))},f=e=>O(i)({type:`setSessionState`,data:{sessionState:e},configurationName:t}),p=async()=>(await O(i)({type:`getSessionState`,data:null,configurationName:t})).sessionState,m=e=>(sessionStorage[`oidc.nonce.${t}`]=e.nonce,O(i)({type:`setNonce`,data:{nonce:e},configurationName:t})),g=async(e=!0)=>{let n=(await O(i)({type:`getNonce`,data:null,configurationName:t})).nonce;return n||(n=sessionStorage[`oidc.nonce.${t}`],console.warn(`nonce not found in service worker, using sessionStorage`),e&&(await m(n),n=(await g(!1)).nonce)),{nonce:n}},_={},v=e=>{_[t]=e,localStorage[`oidc.login.${t}`]=JSON.stringify(e)},y=()=>{let e=localStorage[`oidc.login.${t}`];return _[t]||(_[t]=JSON.parse(e)),_[t]},C=async e=>{await O(i)({type:`setDemonstratingProofOfPossessionNonce`,data:{demonstratingProofOfPossessionNonce:e},configurationName:t})},ee=async()=>(await O(i)({type:`getDemonstratingProofOfPossessionNonce`,data:null,configurationName:t})).demonstratingProofOfPossessionNonce,te=async e=>{let n=JSON.stringify(e);await O(i)({type:`setDemonstratingProofOfPossessionJwk`,data:{demonstratingProofOfPossessionJwkJson:n},configurationName:t})},j=async()=>{let e=await O(i)({type:`getDemonstratingProofOfPossessionJwk`,data:null,configurationName:t});return e.demonstratingProofOfPossessionJwkJson?JSON.parse(e.demonstratingProofOfPossessionJwkJson):null},P=async(e=!0)=>{let n=(await O(i)({type:`getState`,data:null,configurationName:t})).state;return n||(n=sessionStorage[`oidc.state.${t}`],console.warn(`state not found in service worker, using sessionStorage`),e&&(await F(n),n=await P(!1))),n},F=async e=>(sessionStorage[`oidc.state.${t}`]=e,O(i)({type:`setState`,data:{state:e},configurationName:t})),I=async(e=!0)=>{let n=(await O(i)({type:`getCodeVerifier`,data:null,configurationName:t})).codeVerifier;return n||(n=sessionStorage[`oidc.code_verifier.${t}`],console.warn(`codeVerifier not found in service worker, using sessionStorage`),e&&(await L(n),n=await I(!1))),n},L=async e=>(sessionStorage[`oidc.code_verifier.${t}`]=e,O(i)({type:`setCodeVerifier`,data:{codeVerifier:e},configurationName:t}));return{clearAsync:l,initAsync:u,startKeepAliveServiceWorker:()=>d(e.service_worker_keep_alive_path),setSessionStateAsync:f,getSessionStateAsync:p,setNonceAsync:m,getNonceAsync:g,setLoginParams:v,getLoginParams:y,getStateAsync:P,setStateAsync:F,getCodeVerifierAsync:I,setCodeVerifierAsync:L,setDemonstratingProofOfPossessionNonce:C,getDemonstratingProofOfPossessionNonce:ee,setDemonstratingProofOfPossessionJwkAsync:te,getDemonstratingProofOfPossessionJwkAsync:j}},F={},I=(e,t=window.sessionStorage,n)=>{if(!F[e]&&t){let n=t.getItem(e);n&&(F[e]=JSON.parse(n))}let r=1e3*n;return F[e]&&F[e].timestamp+r>Date.now()?F[e].result:null},L=(e,t,n=window.sessionStorage)=>{let r=Date.now();F[e]={result:t,timestamp:r},n&&n.setItem(e,JSON.stringify({result:t,timestamp:r}))};function oe(e){return new TextEncoder().encode(e)}function se(e){return btoa(e).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=+/g,``)}function ce(e){return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g,function(e,t){return String.fromCharCode(parseInt(t,16))})}var R=e=>{let t=``;return e.forEach(function(e){t+=String.fromCharCode(e)}),se(t)};function le(e){return se(ce(e))}var ue={importKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`,hash:{name:`ES256`}},signAlgorithm:{name:`ECDSA`,hash:{name:`SHA-256`}},generateKeyAlgorithm:{name:`ECDSA`,namedCurve:`P-256`},digestAlgorithm:{name:`SHA-256`},jwtHeaderAlgorithm:`ES256`},de={sign:e=>async(t,n,r,i,a=`dpop+jwt`)=>{switch(t=Object.assign({},t),n.typ=a,n.alg=i.jwtHeaderAlgorithm,n.alg){case`ES256`:n.jwk={kty:t.kty,crv:t.crv,x:t.x,y:t.y};break;case`RS256`:n.jwk={kty:t.kty,n:t.n,e:t.e,kid:n.kid};break;default:throw Error(`Unknown or not implemented JWS algorithm`)}let o={protected:le(JSON.stringify(n)),payload:le(JSON.stringify(r))},s=i.importKeyAlgorithm,c=await e.crypto.subtle.importKey(`jwk`,t,s,!0,[`sign`]),l=oe(`${o.protected}.${o.payload}`),u=i.signAlgorithm,d=await e.crypto.subtle.sign(u,c,l);return o.signature=R(new Uint8Array(d)),`${o.protected}.${o.payload}.${o.signature}`}},fe={generate:e=>async t=>{let n=t,r=await e.crypto.subtle.generateKey(n,!0,[`sign`,`verify`]);return await e.crypto.subtle.exportKey(`jwk`,r.privateKey)},neuter:e=>{let t=Object.assign({},e);return delete t.d,t.key_ops=[`verify`],t}},pe={thumbprint:e=>async(t,n)=>{let r;switch(t.kty){case`EC`:r=`{"crv":"CRV","kty":"EC","x":"X","y":"Y"}`.replace(`CRV`,t.crv).replace(`X`,t.x).replace(`Y`,t.y);break;case`RSA`:r=`{"e":"E","kty":"RSA","n":"N"}`.replace(`E`,t.e).replace(`N`,t.n);break;default:throw Error(`Unknown or not implemented JWK type`)}let i=await e.crypto.subtle.digest(n,oe(r));return R(new Uint8Array(i))}},me=e=>async t=>await fe.generate(e)(t),he=e=>t=>async(n,r=`POST`,i,a={})=>{let o={jti:btoa(ge()),htm:r,htu:i,iat:Math.round(Date.now()/1e3),...a},s=await pe.thumbprint(e)(n,t.digestAlgorithm);return await de.sign(e)(n,{kid:s},o,t)},ge=()=>{let e=`xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx`,t=`0123456789abcdef`,n=0,r=``;for(let i=0;i<36;i++)e[i]!==`-`&&e[i]!==`4`&&(n=Math.random()*16|0),e[i]===`x`?r+=t[n]:e[i]===`y`?(n&=3,n|=8,r+=t[n]):r+=e[i];return r},z=()=>{let e=typeof window<`u`&&!!window.crypto;return{hasCrypto:e,hasSubtleCrypto:e&&!!window.crypto.subtle}},_e=`ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`,ve=e=>{let t=[];for(let n=0;n<e.byteLength;n+=1){let r=e[n]%62;t.push(_e[r])}return t.join(``)},B=e=>{let t=new Uint8Array(e),{hasCrypto:n}=z();if(n)window.crypto.getRandomValues(t);else for(let n=0;n<e;n+=1)t[n]=Math.random()*62|0;return ve(t)};function ye(e){let t=new ArrayBuffer(e.length),n=new Uint8Array(t);for(let t=0;t<e.length;t++)n[t]=e.charCodeAt(t);return n}function be(e){return new Promise((t,n)=>{crypto.subtle.digest(`SHA-256`,ye(e)).then(e=>t(R(new Uint8Array(e))),e=>n(e))})}var xe=e=>{if(e.length<43||e.length>128)return Promise.reject(Error(`Invalid code length.`));let{hasSubtleCrypto:t}=z();return t?be(e):Promise.reject(Error(`window.crypto.subtle is unavailable.`))},Se=3600,Ce=e=>async(t,n=Se,r=window.sessionStorage,i=1e4)=>{let a=`${t}/.well-known/openid-configuration`,o=`oidc.server:${t}`,s=I(o,r,n);if(s)return new Z(s);let c=await V(e)(a,{},i);if(c.status!==200)return null;let l=await c.json();return L(o,l,r),new Z(l)},V=e=>async(t,n={},r=1e4,i=0)=>{let a;try{let i=new AbortController;setTimeout(()=>i.abort(),r),a=await e(t,{...n,signal:i.signal})}catch(a){if(a.name===`AbortError`||a.message===`Network request failed`){if(i<=1)return await V(e)(t,n,r,i+1);throw a}else throw console.error(a.message),a}return a},H={refresh_token:`refresh_token`,access_token:`access_token`},we=e=>async(t,n,r=H.refresh_token,i,a={},o=1e4)=>{let s={token:n,token_type_hint:r,client_id:i};for(let[e,t]of Object.entries(a))s[e]===void 0&&(s[e]=t);let c=[];for(let e in s){let t=encodeURIComponent(e),n=encodeURIComponent(s[e]);c.push(`${t}=${n}`)}let l=c.join(`&`);return(await V(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`},body:l},o)).status===200?{success:!0}:{success:!1}},Te=e=>async(t,n,r,i,a={},o,s=1e4)=>{for(let[e,t]of Object.entries(r))n[e]===void 0&&(n[e]=t);let c=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);c.push(`${t}=${r}`)}let l=c.join(`&`),u=await V(e)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...a},body:l},s);if(u.status!==200)return{success:!1,status:u.status,demonstratingProofOfPossessionNonce:null};let d=await u.json(),f=null;return u.headers.has(U)&&(f=u.headers.get(U)),{success:!0,status:u.status,data:h(d,i,o),demonstratingProofOfPossessionNonce:f}},Ee=(e,t)=>async(n,r)=>{r=r?{...r}:{};let i=B(128),a=await xe(i);await e.setCodeVerifierAsync(i),await e.setStateAsync(r.state),r.code_challenge=a,r.code_challenge_method=`S256`;let o=``;if(r)for(let[e,t]of Object.entries(r))o===``?o+=`?`:o+=`&`,o+=`${e}=${encodeURIComponent(t)}`;t.open(`${n}${o}`)},U=`DPoP-Nonce`,De=e=>async(t,n,r,i,a=1e4)=>{n=n?{...n}:{},n.code_verifier=await e.getCodeVerifierAsync();let o=[];for(let e in n){let t=encodeURIComponent(e),r=encodeURIComponent(n[e]);o.push(`${t}=${r}`)}let s=o.join(`&`),c=await V(fetch)(t,{method:`POST`,headers:{"Content-Type":`application/x-www-form-urlencoded;charset=UTF-8`,...r},body:s},a);if(await Promise.all([e.setCodeVerifierAsync(null),e.setStateAsync(null)]),c.status!==200)return{success:!1,status:c.status};let l=null;c.headers.has(U)&&(l=c.headers.get(U));let u=await c.json();return{success:!0,data:{state:n.state,tokens:h(u,null,i),demonstratingProofOfPossessionNonce:l}}};async function Oe(e,t,n,r=null){let{tokens:i,status:a}=await q(e)(t=>{e.tokens=t},0,0,t,n,r);return await P(e.configuration,e.configurationName)||o(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).setTokens(e.tokens),e.tokens?i:(await e.destroyAsync(a),null)}async function ke(e,t=!1,n=null,r=null){let i=e.configuration,a=`${i.client_id}_${e.configurationName}_${i.authority}`,o,s=await P(e.configuration,e.configurationName);if(i?.storage===window?.sessionStorage&&!s||!navigator.locks)o=await Oe(e,t,n,r);else{let i=`retry`;for(;i===`retry`;)i=await navigator.locks.request(a,{ifAvailable:!0},async i=>i?await Oe(e,t,n,r):(e.publishEvent($.eventNames.syncTokensAsync_lock_not_available,{lock:`lock not available`}),`retry`));o=i}return o?(e.timeoutId&&=W(e,e.tokens.expiresAt,n,r),e.tokens):null}var W=(e,t,n=null,r=null)=>{let i=e.configuration.refresh_time_before_tokens_expiration_in_second;return e.timeoutId&&b.clearTimeout(e.timeoutId),b.setTimeout(async()=>{let a={timeLeft:g(i,t)};e.publishEvent($.eventNames.token_timer,a),await ke(e,!1,n,r)},1e3)},G={FORCE_REFRESH:`FORCE_REFRESH`,SESSION_LOST:`SESSION_LOST`,NOT_CONNECTED:`NOT_CONNECTED`,TOKENS_VALID:`TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`,TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID`,LOGOUT_FROM_ANOTHER_TAB:`LOGOUT_FROM_ANOTHER_TAB`,REQUIRE_SYNC_TOKENS:`REQUIRE_SYNC_TOKENS`,TOKENS_INVALID:`TOKENS_INVALID`},K=e=>async(t,n,r,i=!1)=>{let a={nonce:null};if(!r)return{tokens:null,status:G.NOT_CONNECTED,nonce:a};let s,c=await e.initAsync(t.authority,t.authority_configuration),l=await P(t,n);if(l){let{status:e,tokens:n}=await l.initAsync(c,`syncTokensAsync`,t);if(e===`LOGGED_OUT`)return{tokens:null,status:G.LOGOUT_FROM_ANOTHER_TAB,nonce:a};if(e===`SESSIONS_LOST`)return{tokens:null,status:G.SESSION_LOST,nonce:a};if(!e||!n)return{tokens:null,status:G.REQUIRE_SYNC_TOKENS,nonce:a};if(n.issuedAt!==r.issuedAt)return{tokens:n,status:g(t.refresh_time_before_tokens_expiration_in_second,n.expiresAt)>0?G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,nonce:await l.getNonceAsync()};s=await l.getNonceAsync()}else{let i=o(n,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage),c=await i.initAsync(),{tokens:l}=c,{status:u}=c;if(l&&=m(l,e.tokens,t.token_renew_mode),!l)return{tokens:null,status:G.LOGOUT_FROM_ANOTHER_TAB,nonce:a};if(u===`SESSIONS_LOST`)return{tokens:null,status:G.SESSION_LOST,nonce:a};if(l.issuedAt!==r.issuedAt){let e=g(t.refresh_time_before_tokens_expiration_in_second,l.expiresAt)>0?G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID,n=await i.getNonceAsync();return{tokens:l,status:e,nonce:n}}s=await i.getNonceAsync()}let u=g(t.refresh_time_before_tokens_expiration_in_second,r.expiresAt)>0?`TOKENS_VALID`:`TOKENS_INVALID`;return i?{tokens:r,status:`FORCE_REFRESH`,nonce:s}:{tokens:r,status:u,nonce:s}},q=e=>async(t,n=0,r=0,i=!1,c=null,l=null)=>{if(!navigator.onLine&&document.hidden)return{tokens:e.tokens,status:`GIVE_UP`};let u=6,d=i?2:5;for(;!navigator.onLine&&u>0;)await w({milliseconds:1e3}),u--,e.publishEvent(a.refreshTokensAsync,{message:`wait because navigator is offline try ${u}`});let f=document.hidden,p=f?n:n+1,m=f?r+1:r;if(n>=d||r>=5)return t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token`}),{tokens:null,status:`SESSION_LOST`};c||={};let h=e.configuration,g=(t,n=null,r=null)=>J(e.configurationName,e.configuration,e.publishEvent.bind(e))(t,n,r),_=async()=>{try{let n,r=await P(h,e.configurationName);n=r?r.getLoginParams():o(e.configurationName,h.storage,h.login_state_storage??h.storage).getLoginParams();let i={};if(n&&n.extras)for(let[e,t]of Object.entries(n.extras))t!=null&&(i[e]=t);if(c)for(let[e,t]of Object.entries(c))t!=null&&(i[e]=t);i.prompt=`none`,l&&(i.scope=l);let s=await g(i);return s?s.error?(t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token silent`}),{tokens:null,status:`SESSION_LOST`}):(t(s.tokens),e.publishEvent($.eventNames.token_renewed,{}),{tokens:s.tokens,status:`LOGGED`}):(t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token silent not active`}),{tokens:null,status:`SESSION_LOST`})}catch(n){return console.error(n),e.publishEvent(a.refreshTokensAsync_silent_error,{message:`exceptionSilent`,exception:n.message}),await q(e)(t,p,m,i,c,l)}};try{let{status:u,tokens:d,nonce:f}=await K(e)(h,e.configurationName,e.tokens,i);switch(u){case G.SESSION_LOST:return t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token session lost`}),{tokens:null,status:`SESSION_LOST`};case G.NOT_CONNECTED:return t(null),{tokens:null,status:null};case G.TOKENS_VALID:return t(d),{tokens:d,status:`LOGGED_IN`};case G.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:return t(d),e.publishEvent($.eventNames.token_renewed,{reason:`TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID`}),{tokens:d,status:`LOGGED_IN`};case G.LOGOUT_FROM_ANOTHER_TAB:return t(null),e.publishEvent(a.logout_from_another_tab,{status:`session syncTokensAsync`}),{tokens:null,status:`LOGGED_OUT`};case G.REQUIRE_SYNC_TOKENS:return h.token_automatic_renew_mode==s.AutomaticOnlyWhenFetchExecuted&&!i?(e.publishEvent(a.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`}):(e.publishEvent(a.refreshTokensAsync_begin,{tryNumber:n}),await _());default:{if(h.token_automatic_renew_mode==s.AutomaticOnlyWhenFetchExecuted&&G.FORCE_REFRESH!==u)return e.publishEvent(a.tokensInvalidAndWaitingActionsToRefresh,{}),{tokens:e.tokens,status:`GIVE_UP`};if(e.publishEvent(a.refreshTokensAsync_begin,{refreshToken:d.refreshToken,status:u,tryNumber:n,backgroundTry:r}),!d.refreshToken)return await _();let g=h.client_id,v=h.redirect_uri,b=h.authority,x={...h.token_request_extras?h.token_request_extras:{}};for(let[e,t]of Object.entries(c))e.endsWith(`:token_request`)&&(x[e.replace(`:token_request`,``)]=t);return await(async()=>{let n={client_id:g,redirect_uri:v,grant_type:`refresh_token`,refresh_token:d.refreshToken},r=await e.initAsync(b,h.authority_configuration),s=document.hidden?1e4:3e4*10,u=r.tokenEndpoint,_={};h.demonstrating_proof_of_possession&&(_.DPoP=await e.generateDemonstrationOfProofOfPossessionAsync(d.accessToken,u,`POST`));let S=await Te(e.getFetch())(u,n,x,d,_,h.token_renew_mode,s);if(S.success){let{isValid:n,reason:i}=y(S.data,f.nonce,r);if(!n)return t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${i}`}),{tokens:null,status:`SESSION_LOST`};if(t(S.data),S.demonstratingProofOfPossessionNonce){let t=await P(h,e.configurationName);t?await t.setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce):await o(e.configurationName,h.storage,h.login_state_storage??h.storage).setDemonstratingProofOfPossessionNonce(S.demonstratingProofOfPossessionNonce)}return e.publishEvent(a.refreshTokensAsync_end,{success:S.success}),e.publishEvent($.eventNames.token_renewed,{reason:`REFRESH_TOKEN`}),{tokens:S.data,status:`LOGGED_IN`}}else return e.publishEvent(a.refreshTokensAsync_silent_error,{message:`bad request`,tokenResponse:S}),S.status>=400&&S.status<500?(t(null),e.publishEvent(a.refreshTokensAsync_error,{message:`session lost: ${S.status}`}),{tokens:null,status:`SESSION_LOST`}):await q(e)(t,p,m,i,c,l)})()}}}catch(n){return console.error(n),e.publishEvent(a.refreshTokensAsync_silent_error,{message:`exception`,exception:n.message}),new Promise((n,r)=>{setTimeout(()=>{q(e)(t,p,m,i,c,l).then(n).catch(r)},1e3)})}},J=(e,t,n)=>(r=null,i=null,o=null)=>{if(!t.silent_redirect_uri||!t.silent_login_uri)return Promise.resolve(null);try{n(a.silentLoginAsync_begin,{});let s=``;if(i&&(r??={},r.state=i),o!=null&&(r??={},r.scope=o),r!=null)for(let[e,t]of Object.entries(r))t!=null&&(s===``?s=`?${encodeURIComponent(e)}=${encodeURIComponent(t)}`:s+=`&${encodeURIComponent(e)}=${encodeURIComponent(t)}`);let c=t.silent_login_uri+s,l=c.indexOf(`/`,c.indexOf(`//`)+2),u=c.substring(0,l),d=document.createElement(`iframe`);return d.width=`0px`,d.height=`0px`,d.id=`${e}_oidc_iframe`,d.setAttribute(`src`,c),d.style.display=`none`,document.body.appendChild(d),new Promise((r,i)=>{let o=!1,s=()=>{window.removeEventListener(`message`,c),d.remove(),o=!0},c=t=>{if(t.origin===u&&t.source===d.contentWindow){let c=`${e}_oidc_tokens:`,l=`${e}_oidc_error:`,u=`${e}_oidc_exception:`,d=t.data;if(d&&typeof d==`string`&&!o){if(d.startsWith(c)){let e=JSON.parse(t.data.replace(c,``));n(a.silentLoginAsync_end,{}),r(e),s()}else if(d.startsWith(l)){let e=JSON.parse(t.data.replace(l,``));n(a.silentLoginAsync_error,e),r({error:`oidc_`+e.error,tokens:null,sessionState:null}),s()}else if(d.startsWith(u)){let e=JSON.parse(t.data.replace(u,``));n(a.silentLoginAsync_error,e),i(Error(e.error)),s()}}}};try{window.addEventListener(`message`,c);let e=t.silent_login_timeout;setTimeout(()=>{o||(s(),n(a.silentLoginAsync_error,{reason:`timeout`}),i(Error(`timeout`)))},e)}catch(e){s(),n(a.silentLoginAsync_error,e),i(e)}})}catch(e){throw n(a.silentLoginAsync_error,e),e}},Ae=(e,t,n,r,i)=>(e=null,o=void 0)=>{e={...e};let s=(e,a,o)=>J(t,n,r.bind(i))(e,a,o);return(async()=>{i.timeoutId&&b.clearTimeout(i.timeoutId);let t;e&&`state`in e&&(t=e.state,delete e.state);try{let c=await s({...n.extras?{...n.extras,...e}:e,prompt:`none`},t,o);if(c)return i.tokens=c.tokens,r(a.token_acquired,{}),i.timeoutId=W(i,i.tokens.expiresAt,e,o),{}}catch(e){return e}})()},je=(e,t,n)=>(r,a,o,s=!1)=>{let c=(t,r=void 0,i=void 0)=>J(e.configurationName,n,e.publishEvent.bind(e))(t,r,i);return new Promise((l,u)=>{n.silent_login_uri&&n.silent_redirect_uri&&n.monitor_session&&r&&o&&!s?(e.checkSessionIFrame=new i(()=>{e.checkSessionIFrame.stop();let r=e.tokens;if(r===null)return;let i=r.idToken,a=r.idTokenPayload;return c({prompt:`none`,id_token_hint:i,scope:n.scope||`openid`}).then(t=>{if(t.error)throw Error(t.error);let n=t.tokens.idTokenPayload;if(a.sub===n.sub){let r=t.sessionState;e.checkSessionIFrame.start(t.sessionState),a.sid===n.sid?console.debug(`SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:`,r):console.debug(`SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:`,r)}else console.debug(`SessionMonitor._callback: Different subject signed into OP:`,n.sub)}).catch(async e=>{console.warn(`SessionMonitor._callback: Silent login failed, logging out other tabs:`,e);for(let[,e]of Object.entries(t))await e.logoutOtherTabAsync(n.client_id,a.sub)})},a,r),e.checkSessionIFrame.load().then(()=>{e.checkSessionIFrame.start(o),l(e.checkSessionIFrame)}).catch(e=>{u(e)})):l(null)})},Me=e=>!!(e.os===`iOS`&&e.osVersion.startsWith(`12`)||e.os===`Mac OS X`&&e.osVersion.startsWith(`10_15_6`)),Ne=e=>{let t=e.appVersion,n=e.userAgent,r=`-`,i=[{s:`Windows 10`,r:/(Windows 10.0|Windows NT 10.0)/},{s:`Windows 8.1`,r:/(Windows 8.1|Windows NT 6.3)/},{s:`Windows 8`,r:/(Windows 8|Windows NT 6.2)/},{s:`Windows 7`,r:/(Windows 7|Windows NT 6.1)/},{s:`Windows Vista`,r:/Windows NT 6.0/},{s:`Windows Server 2003`,r:/Windows NT 5.2/},{s:`Windows XP`,r:/(Windows NT 5.1|Windows XP)/},{s:`Windows 2000`,r:/(Windows NT 5.0|Windows 2000)/},{s:`Windows ME`,r:/(Win 9x 4.90|Windows ME)/},{s:`Windows 98`,r:/(Windows 98|Win98)/},{s:`Windows 95`,r:/(Windows 95|Win95|Windows_95)/},{s:`Windows NT 4.0`,r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:`Windows CE`,r:/Windows CE/},{s:`Windows 3.11`,r:/Win16/},{s:`Android`,r:/Android/},{s:`Open BSD`,r:/OpenBSD/},{s:`Sun OS`,r:/SunOS/},{s:`Chrome OS`,r:/CrOS/},{s:`Linux`,r:/(Linux|X11(?!.*CrOS))/},{s:`iOS`,r:/(iPhone|iPad|iPod)/},{s:`Mac OS X`,r:/Mac OS X/},{s:`Mac OS`,r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:`QNX`,r:/QNX/},{s:`UNIX`,r:/UNIX/},{s:`BeOS`,r:/BeOS/},{s:`OS/2`,r:/OS\/2/},{s:`Search Bot`,r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(let e in i){let t=i[e];if(t.r.test(n)){r=t.s;break}}let a=`-`;switch(/Windows/.test(r)&&(a=/Windows (.*)/.exec(r)[1],r=`Windows`),r){case`Mac OS`:case`Mac OS X`:case`Android`:a=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(n)[1];break;case`iOS`:{let e=/OS (\d+)_(\d+)_?(\d+)?/.exec(t);e!=null&&e.length>2&&(a=e[1]+`.`+e[2]+`.`+(parseInt(e[3])|0));break}}return{os:r,osVersion:a}};function Pe(){let e=navigator.userAgent,t,n=e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(n[1]))return t=/\brv[ :]+(\d+)/g.exec(e)||[],{name:`ie`,version:t[1]||``};if(n[1]===`Chrome`&&(t=e.match(/\bOPR|Edge\/(\d+)/),t!=null)){let n=t[1];if(!n){let r=e.split(t[0]+`/`);r.length>1&&(n=r[1])}return{name:`opera`,version:n}}return n=n[2]?[n[1],n[2]]:[navigator.appName,navigator.appVersion,`-?`],(t=e.match(/version\/(\d+)/i))!=null&&n.splice(1,1,t[1]),{name:n[0].toLowerCase(),version:n[1]}}var Fe=()=>{let{name:e,version:t}=Pe();return e===`chrome`&&parseInt(t)<=70||e===`opera`&&(!t||parseInt(t.split(`.`)[0])<80)||e===`ie`?!1:!Me(Ne(navigator))},Ie=async e=>{let t;if(e.tokens!=null)return!1;e.publishEvent(a.tryKeepExistingSessionAsync_begin,{});try{let n=e.configuration,r=await e.initAsync(n.authority,n.authority_configuration);if(t=await P(n,e.configurationName),t){let{tokens:i}=await t.initAsync(r,`tryKeepExistingSessionAsync`,n);if(i){t.startKeepAliveServiceWorker(),e.tokens=i;let o=t.getLoginParams(e.configurationName);e.timeoutId=W(e,e.tokens.expiresAt,o.extras,o.scope);let s=await t.getSessionStateAsync();return await e.startCheckSessionAsync(r.checkSessionIframe,n.client_id,s),n.preload_user_info&&await e.userInfoAsync(),e.publishEvent(a.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside ServiceWorker are valid`}),!0}e.publishEvent(a.tryKeepExistingSessionAsync_end,{success:!1,message:`no exiting session found`})}else{n.service_worker_relative_url&&e.publishEvent(a.service_worker_not_supported_by_browser,{message:`service worker is not supported by this browser`});let t=o(e.configurationName,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage),{tokens:i}=await t.initAsync();if(i){e.tokens=m(i,null,n.token_renew_mode);let o=t.getLoginParams();e.timeoutId=W(e,e.tokens.expiresAt,o.extras,o.scope);let s=await t.getSessionStateAsync();return await e.startCheckSessionAsync(r.checkSessionIframe,n.client_id,s),n.preload_user_info&&await e.userInfoAsync(),e.publishEvent(a.tryKeepExistingSessionAsync_end,{success:!0,message:`tokens inside storage are valid`}),!0}}return e.publishEvent(a.tryKeepExistingSessionAsync_end,{success:!1,message:t?`service worker sessions not retrieved`:`session storage sessions not retrieved`}),!1}catch(n){return console.error(n),t&&await t.clearAsync(),e.publishEvent(a.tryKeepExistingSessionAsync_error,`tokens inside ServiceWorker are invalid`),!1}},Le=e=>{let t=e.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!t)throw Error(`Invalid URL`);let n=t[6],r=t[7];if(r){let e=r.split(`?`);e.length===2&&(r=e[0],n=e[1])}return n.startsWith(`?`)&&(n=n.slice(1)),t&&{href:e,protocol:t[1],host:t[2],hostname:t[3],port:t[4],path:t[5],search:n,hash:r}},Re=e=>{let t=Le(e),{path:n}=t;n.endsWith(`/`)&&(n=n.slice(0,-1));let{hash:r}=t;return r===`#_=_`&&(r=``),r&&(n+=r),n},Y=e=>{let{search:t}=Le(e);return ze(t)},ze=e=>{let t={},n,r,i,a=e.split(`&`);for(r=0,i=a.length;r<i;r++)n=a[r].split(`=`),t[decodeURIComponent(n[0])]=decodeURIComponent(n[1]);return t},Be=(e,t,n,r,i)=>(s=void 0,c=null,l=!1,u=void 0)=>{let d=c;return c={...c},(async()=>{let f=s||i.getPath();if(`state`in c||(c.state=B(16)),n(a.loginAsync_begin,{}),c)for(let e of Object.keys(c))e.endsWith(`:token_request`)&&delete c[e];try{let n=l?t.silent_redirect_uri:t.redirect_uri;u||=t.scope;let a=t.extras?{...t.extras,...c}:c;a.nonce||=B(12);let s={nonce:a.nonce},p=await P(t,e),m=await r(t.authority,t.authority_configuration),h;if(p)p.setLoginParams({callbackPath:f,extras:d,scope:u}),await p.initAsync(m,`loginAsync`,t),await p.setNonceAsync(s),p.startKeepAliveServiceWorker(),h=p;else{let n=o(e,t.storage??sessionStorage,t.login_state_storage??t.storage??sessionStorage);n.setLoginParams({callbackPath:f,extras:d,scope:u}),await n.setNonceAsync(s),h=n}let g={client_id:t.client_id,redirect_uri:n,scope:u,response_type:`code`,...a};await Ee(h,i)(m.authorizationEndpoint,g)}catch(e){throw n(a.loginAsync_error,e),e}})()},Ve=e=>async(t=!1)=>{try{e.publishEvent(a.loginCallbackAsync_begin,{});let n=e.configuration,r=n.client_id,i=t?n.silent_redirect_uri:n.redirect_uri,s=n.authority,c=n.token_request_timeout,l=await e.initAsync(s,n.authority_configuration),u=Y(e.location.getCurrentHref()),d=u.session_state,f=await P(n,e.configurationName),p,m,h,g;if(f)await f.initAsync(l,`loginCallbackAsync`,n),await f.setSessionStateAsync(d),m=await f.getNonceAsync(),h=f.getLoginParams(),g=await f.getStateAsync(),f.startKeepAliveServiceWorker(),p=f;else{let t=o(e.configurationName,n.storage??sessionStorage,n.login_state_storage??n.storage??sessionStorage);await t.setSessionStateAsync(d),m=await t.getNonceAsync(),h=t.getLoginParams(),g=await t.getStateAsync(),p=t}if(u.error||u.error_description)throw Error(`Error from OIDC server: ${u.error} - ${u.error_description}`);if(u.iss&&u.iss!==l.issuer)throw console.error(),Error(`Issuer not valid (expected: ${l.issuer}, received: ${u.iss})`);if(u.state&&u.state!==g)throw Error(`State not valid (expected: ${g}, received: ${u.state})`);let _={code:u.code,grant_type:`authorization_code`,client_id:n.client_id,redirect_uri:i},v={};if(n.token_request_extras)for(let[e,t]of Object.entries(n.token_request_extras))v[e]=t;if(h?.extras)for(let[e,t]of Object.entries(h.extras))e.endsWith(`:token_request`)&&(v[e.replace(`:token_request`,``)]=t);let b=l.tokenEndpoint,x={};if(n.demonstrating_proof_of_possession)if(f)x.DPoP=`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;else{let t=await me(window)(n.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm);await o(e.configurationName,n.storage,n.login_state_storage??n.storage).setDemonstratingProofOfPossessionJwkAsync(t),x.DPoP=await he(window)(n.demonstrating_proof_of_possession_configuration)(t,`POST`,b)}let S=await De(p)(b,{..._,...v},x,e.configuration.token_renew_mode,c);if(!S.success)throw Error(`Token request failed`);let C,w=S.data.tokens,T=S.data.demonstratingProofOfPossessionNonce;if(S.data.state!==v.state)throw Error(`state is not valid`);let{isValid:E,reason:D}=y(w,m.nonce,l);if(!E)throw Error(`Tokens are not OpenID valid, reason: ${D}`);if(f){if(w.refreshToken&&!w.refreshToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Refresh token should be hidden by service worker`);if(T&&w?.accessToken.includes(`SECURED_BY_OIDC_SERVICE_WORKER`))throw Error(`Demonstration of proof of possession require Access token not hidden by service worker`)}if(f)await f.initAsync(l,`syncTokensAsync`,n),C=f.getLoginParams(),T&&await f.setDemonstratingProofOfPossessionNonce(T);else{let t=o(e.configurationName,n.storage,n.login_state_storage??n.storage);C=t.getLoginParams(),T&&await t.setDemonstratingProofOfPossessionNonce(T)}return await e.startCheckSessionAsync(l.checkSessionIframe,r,d,t),e.publishEvent(a.loginCallbackAsync_end,{}),{tokens:w,state:`request.state`,callbackPath:C.callbackPath,scope:u.scope,extras:C.extras}}catch(t){throw console.error(t),e.publishEvent(a.loginCallbackAsync_error,t),t}},He={access_token:`access_token`,refresh_token:`refresh_token`},X=(e,t)=>{let n={};if(e){for(let[r,i]of Object.entries(e))if(r.endsWith(t)){let e=r.replace(t,``);n[e]=i}return n}return n},Ue=e=>{let t={};if(e){for(let[n,r]of Object.entries(e))n.includes(`:`)||(t[n]=r);return t}return t},We=e=>async t=>{b.clearTimeout(e.timeoutId),e.timeoutId=null,e.checkSessionIFrame&&e.checkSessionIFrame.stop();let n=await P(e.configuration,e.configurationName);n?await n.clearAsync(t):await o(e.configurationName,e.configuration.storage,e.configuration.login_state_storage??e.configuration.storage).clearAsync(t),e.tokens=null,e.userInfo=null},Ge=(e,t,n,r,i)=>async(o=void 0,s=null)=>{let c=e.configuration,l=await e.initAsync(c.authority,c.authority_configuration);o&&typeof o!=`string`&&(o=void 0,r.warn(`callbackPathOrUrl path is not a string`));let u=o??i.getPath(),d=!1;o&&(d=o.includes(`https://`)||o.includes(`http://`));let f=d?o:i.getOrigin()+u,p=e.tokens?e.tokens.idToken:``;try{let t=l.revocationEndpoint;if(t){let r=[],i=e.tokens?e.tokens.accessToken:null;if(i&&c.logout_tokens_to_invalidate.includes(He.access_token)){let e=X(s,`:revoke_access_token`),a=we(n)(t,i,H.access_token,c.client_id,e);r.push(a)}let a=e.tokens?e.tokens.refreshToken:null;if(a&&c.logout_tokens_to_invalidate.includes(He.refresh_token)){let e=X(s,`:revoke_refresh_token`),i=we(n)(t,a,H.refresh_token,c.client_id,e);r.push(i)}r.length>0&&await Promise.all(r)}}catch(e){r.warn(`logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error`),r.warn(e)}let m=e.tokens?.idTokenPayload?.sub??null;await e.destroyAsync(`LOGGED_OUT`);for(let[,n]of Object.entries(t))n===e?e.publishEvent(a.logout_from_same_tab,{}):await e.logoutSameTabAsync(e.configuration.client_id,m);let h=X(s,`:oidc`);if(h&&h.no_reload===`true`)return;let g=Ue(s);if(l.endSessionEndpoint){`id_token_hint`in g||(g.id_token_hint=p),!(`post_logout_redirect_uri`in g)&&o!==null&&(g.post_logout_redirect_uri=f);let e=``;for(let[t,n]of Object.entries(g))n!=null&&(e===``?e+=`?`:e+=`&`,e+=`${t}=${encodeURIComponent(n)}`);i.open(`${l.endSessionEndpoint}${e}`)}else i.reload()},Ke=(e,t,n=!1)=>async(...r)=>{let[i,a,...o]=r,s=a?{...a}:{method:`GET`},c=new Headers;s.headers&&(c=s.headers instanceof Headers?s.headers:new Headers(s.headers));let l=(await v({getTokens:()=>t.tokens,configuration:{token_automatic_renew_mode:t.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:t.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await K(t)(t.configuration,t.configurationName,t.tokens,!1);return e},renewTokensAsync:t.renewTokensAsync.bind(t)}))?.tokens?.accessToken;if(c.has(`Accept`)||c.set(`Accept`,`application/json`),l){if(t.configuration.demonstrating_proof_of_possession&&n){let e=await t.generateDemonstrationOfProofOfPossessionAsync(l,i.toString(),s.method);c.set(`Authorization`,`DPoP ${l}`),c.set(`DPoP`,e)}else c.set(`Authorization`,`Bearer ${l}`);s.credentials||=`same-origin`}return await e(i,{...s,headers:c},...o)},qe=e=>async(t=!1,n=!1)=>{if(e.userInfo!=null&&!t)return e.userInfo;let r=!t&&e.configuration.storage?.getItem(`oidc.${e.configurationName}.userInfo`);if(r)return e.userInfo=JSON.parse(r),e.userInfo;let i=e.configuration,a=(await e.initAsync(i.authority,i.authority_configuration)).userInfoEndpoint,o=await(async()=>{let t=await Ke(fetch,e,n)(a);return t.status===200?t.json():null})();return e.userInfo=o,o&&e.configuration.storage?.setItem(`oidc.${e.configurationName}.userInfo`,JSON.stringify(o)),o},Je=()=>fetch,Z=class{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}},Q={},Ye=(e,n=new t)=>(t,r=`default`)=>(Q[r]||(Q[r]=new $(t,r,e,n)),Q[r]),Xe=async e=>{let{parsedTokens:t,callbackPath:n,extras:r,scope:i}=await e.loginCallbackAsync();return e.timeoutId=W(e,t.expiresAt,r,i),{callbackPath:n}},Ze=e=>Math.floor(Math.random()*e),$=class e{constructor(e,n=`default`,r,i=new t){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let a=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(a=`${e.silent_redirect_uri.replace(`-callback`,``).replace(`callback`,``)}-login`);let o=e.refresh_time_before_tokens_expiration_in_second??120;o>60&&(o-=Math.floor(Math.random()*40)),this.location=i??new t,this.configuration={...e,silent_login_uri:a,token_automatic_renew_mode:e.token_automatic_renew_mode??s.AutomaticBeforeTokenExpiration,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:o,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??f.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??[`access_token`,`refresh_token`],service_worker_activate:e.service_worker_activate??Fe,demonstrating_proof_of_possession_configuration:e.demonstrating_proof_of_possession_configuration??ue,preload_user_info:e.preload_user_info??!1},this.getFetch=r??Je,this.configurationName=n,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){let t=Ze(9999999999999).toString();return this.events.push({id:t,func:e}),t}removeEventSubscription(e){let t=this.events.filter(t=>t.id!==e);this.events=t}publishEvent(e,t){this.events.forEach(n=>{n.func(e,t)})}static{this.getOrCreate=(e,t)=>(n,r=`default`)=>Ye(e,t)(n,r)}static get(e=`default`){let t=typeof process>`u`;if(!Object.prototype.hasOwnProperty.call(Q,e)&&t)throw Error(`OIDC library does seem initialized.
2
2
  Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> component.`);return Q[e]}static{this.eventNames=a}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let e=this.location,t=Y(e.getCurrentHref());window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:t.session_state})}`,e.getOrigin())}}_silentLoginErrorCallbackFromIFrame(e=null){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){let t=this.location,n=Y(t.getCurrentHref());n.error?window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:n.error})}`,t.getOrigin()):window.parent.postMessage(`${this.configurationName}_oidc_exception:${JSON.stringify({error:e==null?``:e.toString()})}`,t.getOrigin())}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame(e)}}async initAsync(e,t){if(this.initPromise!==null)return this.initPromise;let n=async()=>{if(t!=null)return new Z({authorization_endpoint:t.authorization_endpoint,end_session_endpoint:t.end_session_endpoint,revocation_endpoint:t.revocation_endpoint,token_endpoint:t.token_endpoint,userinfo_endpoint:t.userinfo_endpoint,check_session_iframe:t.check_session_iframe,issuer:t.issuer});let n=await P(this.configuration,this.configurationName)?this.configuration.storage||window.sessionStorage:this.configuration.storage;return await Ce(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??3600,n,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=n(),this.initPromise.finally(()=>{this.initPromise=null})}async tryKeepExistingSessionAsync(){return this.tryKeepExistingSessionPromise===null?(this.tryKeepExistingSessionPromise=Ie(this),this.tryKeepExistingSessionPromise.finally(()=>{this.tryKeepExistingSessionPromise=null})):this.tryKeepExistingSessionPromise}async startCheckSessionAsync(e,t,n,r=!1){await je(this,Q,this.configuration)(e,t,n,r)}async loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this.logoutPromise&&await this.logoutPromise,this.loginPromise===null?(i?this.loginPromise=Ae(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(t,r):this.loginPromise=Be(this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,t,n,r),this.loginPromise.finally(()=>{this.loginPromise=null})):this.loginPromise}async loginCallbackAsync(t=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;let n=async()=>{let n=await Ve(this)(t),r=n.tokens;return this.tokens=r,await P(this.configuration,this.configurationName)||o(this.configurationName,this.configuration.storage,this.configuration.login_state_storage??this.configuration.storage).setTokens(r),this.publishEvent(e.eventNames.token_acquired,r),this.configuration.preload_user_info&&await this.userInfoAsync(),{parsedTokens:r,state:n.state,callbackPath:n.callbackPath,scope:n.scope,extras:n.extras}};return this.loginCallbackPromise=n(),this.loginCallbackPromise.finally(()=>{this.loginCallbackPromise=null})}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){let i=this.configuration,a={ath:await be(e),...r};if(await P(i,this.configurationName))return`DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${this.configurationName}#tabId=${D(this.configurationName)}`;let s=o(this.configurationName,i.storage,i.login_state_storage??i.storage),c=await s.getDemonstratingProofOfPossessionJwkAsync(),l=s.getDemonstratingProofOfPossessionNonce();return l&&(a.nonce=l),await he(window)(i.demonstrating_proof_of_possession_configuration)(c,n,t,a)}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise===null?(this.loginCallbackWithAutoTokensRenewPromise=Xe(this),this.loginCallbackWithAutoTokensRenewPromise.finally(()=>{this.loginCallbackWithAutoTokensRenewPromise=null})):this.loginCallbackWithAutoTokensRenewPromise}userInfoAsync(e=!1,t=!1){return this.userInfoPromise===null?(this.userInfoPromise=qe(this)(e,t),this.userInfoPromise.finally(()=>{this.userInfoPromise=null})):this.userInfoPromise}async renewTokensAsync(e=null,t=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return b.clearTimeout(this.timeoutId),this.renewTokensPromise=ke(this,!0,e,t),this.renewTokensPromise.finally(()=>{this.renewTokensPromise=null})}async destroyAsync(e){return await We(this)(e)}async logoutSameTabAsync(e,t){this.configuration.monitor_session&&this.configuration.client_id===e&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(a.logout_from_same_tab,{mmessage:`SessionMonitor`,sub:t}))}async logoutOtherTabAsync(e,t){this.configuration.monitor_session&&this.configuration.client_id===e&&t&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===t&&(await this.destroyAsync(`LOGGED_OUT`),this.publishEvent(a.logout_from_another_tab,{message:`SessionMonitor`,sub:t}))}async logoutAsync(e=void 0,t=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=Ge(this,Q,this.getFetch(),console,this.location)(e,t),this.logoutPromise.finally(()=>{this.logoutPromise=null}))}};e.OidcClient=class e{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,t){this._oidc.publishEvent(e,t)}static{this.getOrCreate=(n,r=new t)=>(t,i=`default`)=>new e($.getOrCreate(n,r)(t,i))}static get(t=`default`){return new e($.get(t))}static{this.eventNames=$.eventNames}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,t=null,n=!1,r=void 0,i=!1){return this._oidc.loginAsync(e,t,n,r,i)}logoutAsync(e=void 0,t=null){return this._oidc.logoutAsync(e,t)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null,t=null){return this._oidc.renewTokensAsync(e,t)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,t,n,r={}){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,t,n,r)}async getValidTokenAsync(e=200,t=50){let n=this._oidc;return v({getTokens:()=>n.tokens,configuration:{token_automatic_renew_mode:n.configuration.token_automatic_renew_mode,refresh_time_before_tokens_expiration_in_second:n.configuration.refresh_time_before_tokens_expiration_in_second},syncTokensInfoAsync:async()=>{let{status:e}=await K(n)(n.configuration,n.configurationName,n.tokens,!1);return e},renewTokensAsync:n.renewTokensAsync.bind(n)},e,t)}fetchWithTokens(e,t=!1){return Ke(e,this._oidc,t)}async userInfoAsync(e=!1,t=!1){return this._oidc.userInfoAsync(e,t)}userInfo(){return this._oidc.userInfo}},e.OidcLocation=t,e.TokenAutomaticRenewMode=s,e.TokenRenewMode=f,e.getFetchDefault=Je,e.getParseQueryStringFromLocation=Y,e.getPath=Re});
package/dist/version.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- declare const _default: "7.27.4";
1
+ declare const _default: "7.27.7";
2
2
  export default _default;
3
3
  //# sourceMappingURL=version.d.ts.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client",
3
- "version": "7.27.4",
3
+ "version": "7.27.7",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
20
20
  "url": "https://github.com/AxaFrance/oidc-client.git"
21
21
  },
22
22
  "dependencies": {
23
- "@axa-fr/oidc-client-service-worker": "7.27.4"
23
+ "@axa-fr/oidc-client-service-worker": "7.27.7"
24
24
  },
25
25
  "devDependencies": {
26
26
  "@testing-library/dom": "10.4.1",
package/src/version.ts CHANGED
@@ -1 +1 @@
1
- export default '7.27.4';
1
+ export default '7.27.7';