@axa-fr/oidc-client 7.5.0 → 7.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/index.js +198 -194
- package/dist/index.umd.cjs +2 -2
- package/dist/initWorker.d.ts +9 -9
- package/dist/version.d.ts +1 -1
- package/package.json +2 -2
- package/src/initWorker.ts +15 -10
- package/src/version.ts +1 -1
package/dist/index.js
CHANGED
|
@@ -53,7 +53,7 @@ const k = {
|
|
|
53
53
|
syncTokensAsync_begin: "syncTokensAsync_begin",
|
|
54
54
|
syncTokensAsync_end: "syncTokensAsync_end",
|
|
55
55
|
syncTokensAsync_error: "syncTokensAsync_error"
|
|
56
|
-
},
|
|
56
|
+
}, I = (n, e = sessionStorage) => {
|
|
57
57
|
const s = (p) => (e[`oidc.${n}`] = JSON.stringify({ tokens: null, status: p }), Promise.resolve()), t = async () => {
|
|
58
58
|
if (!e[`oidc.${n}`])
|
|
59
59
|
return e[`oidc.${n}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
|
|
@@ -67,7 +67,7 @@ const k = {
|
|
|
67
67
|
e[`oidc.nonce.${n}`] = p.nonce;
|
|
68
68
|
}, a = (p) => {
|
|
69
69
|
e[`oidc.jwk.${n}`] = JSON.stringify(p);
|
|
70
|
-
},
|
|
70
|
+
}, h = () => JSON.parse(e[`oidc.jwk.${n}`]), c = async () => ({ nonce: e[`oidc.nonce.${n}`] }), _ = (p) => {
|
|
71
71
|
e[`oidc.dpop_nonce.${n}`] = p;
|
|
72
72
|
}, y = () => e[`oidc.dpop_nonce.${n}`], u = () => e[`oidc.${n}`] ? JSON.stringify({ tokens: JSON.parse(e[`oidc.${n}`]).tokens }) : null;
|
|
73
73
|
let d = {};
|
|
@@ -98,7 +98,7 @@ const k = {
|
|
|
98
98
|
setDemonstratingProofOfPossessionNonce: _,
|
|
99
99
|
getDemonstratingProofOfPossessionNonce: y,
|
|
100
100
|
setDemonstratingProofOfPossessionJwkAsync: a,
|
|
101
|
-
getDemonstratingProofOfPossessionJwkAsync:
|
|
101
|
+
getDemonstratingProofOfPossessionJwkAsync: h
|
|
102
102
|
};
|
|
103
103
|
}, Ce = (n) => decodeURIComponent(Array.prototype.map.call(atob(n), (e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join("")), xe = (n) => JSON.parse(Ce(n.split(".")[1].replace("-", "+").replace("_", "/"))), re = (n) => {
|
|
104
104
|
try {
|
|
@@ -130,12 +130,12 @@ const ye = (n, e = null, s) => {
|
|
|
130
130
|
n.issuedAt = Le(n, t, o);
|
|
131
131
|
let a;
|
|
132
132
|
n.expiresAt ? a = n.expiresAt : s === Y.access_token_invalid ? a = l : s === Y.id_token_invalid ? a = r : a = r < l ? r : l;
|
|
133
|
-
const
|
|
133
|
+
const h = { ...n, idTokenPayload: o, accessTokenPayload: t, expiresAt: a };
|
|
134
134
|
if (e != null && "refreshToken" in e && !("refreshToken" in n)) {
|
|
135
135
|
const c = e.refreshToken;
|
|
136
|
-
return { ...
|
|
136
|
+
return { ...h, refreshToken: c };
|
|
137
137
|
}
|
|
138
|
-
return
|
|
138
|
+
return h;
|
|
139
139
|
}, se = (n, e, s) => {
|
|
140
140
|
if (!n)
|
|
141
141
|
return null;
|
|
@@ -183,34 +183,34 @@ const ye = (n, e = null, s) => {
|
|
|
183
183
|
return { isValid: !0, reason: "" };
|
|
184
184
|
}, K = function() {
|
|
185
185
|
const n = function() {
|
|
186
|
-
let a,
|
|
186
|
+
let a, h;
|
|
187
187
|
const c = (function() {
|
|
188
188
|
const y = {}, u = {
|
|
189
|
-
setTimeout: function(
|
|
189
|
+
setTimeout: function(f, g, w) {
|
|
190
190
|
y[g] = setTimeout(function() {
|
|
191
|
-
|
|
191
|
+
f.postMessage(g), y[g] = null;
|
|
192
192
|
}, w);
|
|
193
193
|
},
|
|
194
|
-
setInterval: function(
|
|
194
|
+
setInterval: function(f, g, w) {
|
|
195
195
|
y[g] = setInterval(function() {
|
|
196
|
-
|
|
196
|
+
f.postMessage(g);
|
|
197
197
|
}, w);
|
|
198
198
|
},
|
|
199
|
-
clearTimeout: function(
|
|
199
|
+
clearTimeout: function(f, g) {
|
|
200
200
|
clearTimeout(y[g]), y[g] = null;
|
|
201
201
|
},
|
|
202
|
-
clearInterval: function(
|
|
202
|
+
clearInterval: function(f, g) {
|
|
203
203
|
clearInterval(y[g]), y[g] = null;
|
|
204
204
|
}
|
|
205
205
|
};
|
|
206
|
-
function d(
|
|
207
|
-
const w = g.data[0],
|
|
208
|
-
u[w] && u[w](
|
|
206
|
+
function d(f, g) {
|
|
207
|
+
const w = g.data[0], v = g.data[1], b = g.data[2];
|
|
208
|
+
u[w] && u[w](f, v, b);
|
|
209
209
|
}
|
|
210
|
-
this.onmessage = function(
|
|
211
|
-
d(self,
|
|
212
|
-
}, this.onconnect = function(
|
|
213
|
-
const g =
|
|
210
|
+
this.onmessage = function(f) {
|
|
211
|
+
d(self, f);
|
|
212
|
+
}, this.onconnect = function(f) {
|
|
213
|
+
const g = f.ports[0];
|
|
214
214
|
g.onmessage = function(w) {
|
|
215
215
|
d(g, w);
|
|
216
216
|
};
|
|
@@ -218,20 +218,20 @@ const ye = (n, e = null, s) => {
|
|
|
218
218
|
}).toString();
|
|
219
219
|
try {
|
|
220
220
|
const y = new Blob(["(", c, ")()"], { type: "application/javascript" });
|
|
221
|
-
|
|
221
|
+
h = URL.createObjectURL(y);
|
|
222
222
|
} catch {
|
|
223
223
|
return null;
|
|
224
224
|
}
|
|
225
225
|
const _ = typeof process > "u";
|
|
226
226
|
try {
|
|
227
227
|
if (SharedWorker)
|
|
228
|
-
return a = new SharedWorker(
|
|
228
|
+
return a = new SharedWorker(h), a.port;
|
|
229
229
|
} catch {
|
|
230
230
|
_ && console.warn("SharedWorker not available");
|
|
231
231
|
}
|
|
232
232
|
try {
|
|
233
233
|
if (Worker)
|
|
234
|
-
return a = new Worker(
|
|
234
|
+
return a = new Worker(h), a;
|
|
235
235
|
} catch {
|
|
236
236
|
_ && console.warn("Worker not available");
|
|
237
237
|
}
|
|
@@ -253,24 +253,24 @@ const ye = (n, e = null, s) => {
|
|
|
253
253
|
};
|
|
254
254
|
}(), s = {}, t = {};
|
|
255
255
|
n.onmessage = function(a) {
|
|
256
|
-
const
|
|
256
|
+
const h = a.data, c = s[h];
|
|
257
257
|
if (c) {
|
|
258
|
-
c(), s[
|
|
258
|
+
c(), s[h] = null;
|
|
259
259
|
return;
|
|
260
260
|
}
|
|
261
|
-
const _ = t[
|
|
261
|
+
const _ = t[h];
|
|
262
262
|
_ && _();
|
|
263
263
|
};
|
|
264
|
-
function i(a,
|
|
264
|
+
function i(a, h) {
|
|
265
265
|
const c = e();
|
|
266
|
-
return n.postMessage(["setTimeout", c,
|
|
266
|
+
return n.postMessage(["setTimeout", c, h]), s[c] = a, c;
|
|
267
267
|
}
|
|
268
268
|
function o(a) {
|
|
269
269
|
n.postMessage(["clearTimeout", a]), s[a] = null;
|
|
270
270
|
}
|
|
271
|
-
function r(a,
|
|
271
|
+
function r(a, h) {
|
|
272
272
|
const c = e();
|
|
273
|
-
return n.postMessage(["setInterval", c,
|
|
273
|
+
return n.postMessage(["setInterval", c, h]), t[c] = a, c;
|
|
274
274
|
}
|
|
275
275
|
function l(a) {
|
|
276
276
|
n.postMessage(["clearInterval", a]), t[a] = null;
|
|
@@ -281,7 +281,7 @@ const ye = (n, e = null, s) => {
|
|
|
281
281
|
setInterval: r,
|
|
282
282
|
clearInterval: l
|
|
283
283
|
};
|
|
284
|
-
}(), ae = "7.
|
|
284
|
+
}(), ae = "7.6.0", ke = (n) => {
|
|
285
285
|
const e = n.appVersion, s = n.userAgent, t = "-";
|
|
286
286
|
let i = t;
|
|
287
287
|
const o = [
|
|
@@ -376,12 +376,12 @@ const me = () => {
|
|
|
376
376
|
}
|
|
377
377
|
}).then((n) => n.statusText === "oidc-service-worker").catch((n) => {
|
|
378
378
|
console.log(n);
|
|
379
|
-
}), Re = (n) => !!(n.os === "iOS" && n.osVersion.startsWith("12") || n.os === "Mac OS X" && n.osVersion.startsWith("10_15_6")),
|
|
379
|
+
}), Re = (n) => !!(n.os === "iOS" && n.osVersion.startsWith("12") || n.os === "Mac OS X" && n.osVersion.startsWith("10_15_6")), P = (n) => (e) => new Promise(function(s, t) {
|
|
380
380
|
const i = new MessageChannel();
|
|
381
381
|
i.port1.onmessage = function(o) {
|
|
382
382
|
o.data && o.data.error ? t(o.data.error) : s(o.data);
|
|
383
383
|
}, n.active.postMessage(e, [i.port2]);
|
|
384
|
-
}),
|
|
384
|
+
}), x = async (n, e) => {
|
|
385
385
|
if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !n)
|
|
386
386
|
return null;
|
|
387
387
|
const { name: s, version: t } = De();
|
|
@@ -396,21 +396,21 @@ const me = () => {
|
|
|
396
396
|
} catch {
|
|
397
397
|
return null;
|
|
398
398
|
}
|
|
399
|
-
const r = async (m) =>
|
|
400
|
-
const T = await
|
|
399
|
+
const r = async (m) => P(o)({ type: "clear", data: { status: m }, configurationName: e }), l = async (m, S, A) => {
|
|
400
|
+
const T = await P(o)({
|
|
401
401
|
type: "init",
|
|
402
402
|
data: {
|
|
403
403
|
oidcServerConfiguration: m,
|
|
404
|
-
where:
|
|
404
|
+
where: S,
|
|
405
405
|
oidcConfiguration: {
|
|
406
406
|
token_renew_mode: A.token_renew_mode,
|
|
407
407
|
service_worker_convert_all_requests_to_cors: A.service_worker_convert_all_requests_to_cors
|
|
408
408
|
}
|
|
409
409
|
},
|
|
410
410
|
configurationName: e
|
|
411
|
-
}),
|
|
412
|
-
if (
|
|
413
|
-
if (console.warn(`Service worker ${
|
|
411
|
+
}), B = T.version;
|
|
412
|
+
if (B !== ae)
|
|
413
|
+
if (console.warn(`Service worker ${B} version mismatch with js client version ${ae}, unregistering and reloading`), A.service_worker_update_require_callback)
|
|
414
414
|
await A.service_worker_update_require_callback(o, le);
|
|
415
415
|
else {
|
|
416
416
|
le(), await o.update();
|
|
@@ -420,9 +420,9 @@ const me = () => {
|
|
|
420
420
|
return { tokens: se(T.tokens, null, A.token_renew_mode), status: T.status };
|
|
421
421
|
}, a = () => {
|
|
422
422
|
ce == null && (ce = "not_null", me());
|
|
423
|
-
},
|
|
424
|
-
let
|
|
425
|
-
return
|
|
423
|
+
}, h = (m) => P(o)({ type: "setSessionState", data: { sessionState: m }, configurationName: e }), c = async () => (await P(o)({ type: "getSessionState", data: null, configurationName: e })).sessionState, _ = (m) => (sessionStorage[`oidc.nonce.${e}`] = m.nonce, P(o)({ type: "setNonce", data: { nonce: m }, configurationName: e })), y = async () => {
|
|
424
|
+
let S = (await P(o)({ type: "getNonce", data: null, configurationName: e })).nonce;
|
|
425
|
+
return S || (S = sessionStorage[`oidc.nonce.${e}`], console.warn("nonce not found in service worker, using sessionStorage")), { nonce: S };
|
|
426
426
|
};
|
|
427
427
|
let u = {};
|
|
428
428
|
return {
|
|
@@ -430,7 +430,7 @@ const me = () => {
|
|
|
430
430
|
initAsync: l,
|
|
431
431
|
startKeepAliveServiceWorker: a,
|
|
432
432
|
isServiceWorkerProxyActiveAsync: $e,
|
|
433
|
-
setSessionStateAsync:
|
|
433
|
+
setSessionStateAsync: h,
|
|
434
434
|
getSessionStateAsync: c,
|
|
435
435
|
setNonceAsync: _,
|
|
436
436
|
getNonceAsync: y,
|
|
@@ -442,30 +442,34 @@ const me = () => {
|
|
|
442
442
|
return u[e] || (u[e] = JSON.parse(m)), u[e];
|
|
443
443
|
},
|
|
444
444
|
getStateAsync: async () => {
|
|
445
|
-
let
|
|
446
|
-
return
|
|
445
|
+
let S = (await P(o)({ type: "getState", data: null, configurationName: e })).state;
|
|
446
|
+
return S || (S = sessionStorage[`oidc.state.${e}`], console.warn("state not found in service worker, using sessionStorage")), S;
|
|
447
447
|
},
|
|
448
|
-
setStateAsync: async (m) => (sessionStorage[`oidc.state.${e}`] = m,
|
|
448
|
+
setStateAsync: async (m) => (sessionStorage[`oidc.state.${e}`] = m, P(o)({ type: "setState", data: { state: m }, configurationName: e })),
|
|
449
449
|
getCodeVerifierAsync: async () => {
|
|
450
|
-
let
|
|
451
|
-
return
|
|
450
|
+
let S = (await P(o)({ type: "getCodeVerifier", data: null, configurationName: e })).codeVerifier;
|
|
451
|
+
return S || (S = sessionStorage[`oidc.code_verifier.${e}`], console.warn("codeVerifier not found in service worker, using sessionStorage")), S;
|
|
452
452
|
},
|
|
453
|
-
setCodeVerifierAsync: async (m) => (sessionStorage[`oidc.code_verifier.${e}`] = m,
|
|
453
|
+
setCodeVerifierAsync: async (m) => (sessionStorage[`oidc.code_verifier.${e}`] = m, P(o)({ type: "setCodeVerifier", data: { codeVerifier: m }, configurationName: e })),
|
|
454
454
|
setDemonstratingProofOfPossessionNonce: (m) => {
|
|
455
|
-
|
|
455
|
+
P(o)({ type: "setDemonstratingProofOfPossessionNonce", data: { demonstratingProofOfPossessionNonce: m }, configurationName: e });
|
|
456
456
|
},
|
|
457
|
-
getDemonstratingProofOfPossessionNonce: () =>
|
|
457
|
+
getDemonstratingProofOfPossessionNonce: async () => (await P(o)({ type: "getDemonstratingProofOfPossessionNonce", data: null, configurationName: e })).demonstratingProofOfPossessionNonce,
|
|
458
458
|
setDemonstratingProofOfPossessionJwkAsync: (m) => {
|
|
459
|
-
|
|
459
|
+
const S = JSON.stringify(m);
|
|
460
|
+
P(o)({ type: "setDemonstratingProofOfPossessionJwk", data: { demonstratingProofOfPossessionJwkJson: S }, configurationName: e });
|
|
460
461
|
},
|
|
461
|
-
getDemonstratingProofOfPossessionJwkAsync: () =>
|
|
462
|
+
getDemonstratingProofOfPossessionJwkAsync: async () => {
|
|
463
|
+
const m = await P(o)({ type: "getDemonstratingProofOfPossessionJwk", data: null, configurationName: e });
|
|
464
|
+
return m.demonstratingProofOfPossessionJwkJson ? JSON.parse(m.demonstratingProofOfPossessionJwkJson) : null;
|
|
465
|
+
}
|
|
462
466
|
};
|
|
463
467
|
};
|
|
464
468
|
async function pe(n, e, s = !1, t = null) {
|
|
465
469
|
const i = (a) => {
|
|
466
470
|
n.tokens = a;
|
|
467
471
|
}, { tokens: o, status: r } = await n.synchroniseTokensAsync(e, 0, s, t, i);
|
|
468
|
-
if (await
|
|
472
|
+
if (await x(n.configuration.service_worker_relative_url, n.configurationName) || await I(n.configurationName, n.configuration.storage).setTokens(n.tokens), !n.tokens) {
|
|
469
473
|
await n.destroyAsync(r);
|
|
470
474
|
return;
|
|
471
475
|
}
|
|
@@ -486,19 +490,19 @@ const M = (n, e, s, t = null) => {
|
|
|
486
490
|
if (i && (t == null && (t = {}), t.state = i), o && (t == null && (t = {}), t.scope = o), t != null)
|
|
487
491
|
for (const [_, y] of Object.entries(t))
|
|
488
492
|
r === "" ? r = `?${encodeURIComponent(_)}=${encodeURIComponent(y)}` : r += `&${encodeURIComponent(_)}=${encodeURIComponent(y)}`;
|
|
489
|
-
const l = e.silent_login_uri + r, a = l.indexOf("/", l.indexOf("//") + 2),
|
|
493
|
+
const l = e.silent_login_uri + r, a = l.indexOf("/", l.indexOf("//") + 2), h = l.substr(0, a), c = document.createElement("iframe");
|
|
490
494
|
return c.width = "0px", c.height = "0px", c.id = `${n}_oidc_iframe`, c.setAttribute("src", l), document.body.appendChild(c), new Promise((_, y) => {
|
|
491
495
|
try {
|
|
492
496
|
let u = !1;
|
|
493
|
-
window.onmessage = (
|
|
494
|
-
if (
|
|
495
|
-
const g = `${n}_oidc_tokens:`, w = `${n}_oidc_error:`,
|
|
496
|
-
if (
|
|
497
|
-
if (
|
|
498
|
-
const b = JSON.parse(
|
|
497
|
+
window.onmessage = (f) => {
|
|
498
|
+
if (f.origin === h && f.source === c.contentWindow) {
|
|
499
|
+
const g = `${n}_oidc_tokens:`, w = `${n}_oidc_error:`, v = f.data;
|
|
500
|
+
if (v && typeof v == "string" && !u) {
|
|
501
|
+
if (v.startsWith(g)) {
|
|
502
|
+
const b = JSON.parse(f.data.replace(g, ""));
|
|
499
503
|
s(k.silentLoginAsync_end, {}), c.remove(), u = !0, _(b);
|
|
500
|
-
} else if (
|
|
501
|
-
const b = JSON.parse(
|
|
504
|
+
} else if (v.startsWith(w)) {
|
|
505
|
+
const b = JSON.parse(f.data.replace(w, ""));
|
|
502
506
|
s(k.silentLoginAsync_error, b), c.remove(), u = !0, y(new Error("oidc_" + b.error));
|
|
503
507
|
}
|
|
504
508
|
}
|
|
@@ -517,16 +521,16 @@ const M = (n, e, s, t = null) => {
|
|
|
517
521
|
}
|
|
518
522
|
}, Fe = (n, e, s, t, i) => (o = null, r = void 0) => {
|
|
519
523
|
o = { ...o };
|
|
520
|
-
const l = (
|
|
524
|
+
const l = (h, c, _) => te(e, s, t.bind(i))(h, c, _);
|
|
521
525
|
return (async () => {
|
|
522
526
|
i.timeoutId && K.clearTimeout(i.timeoutId);
|
|
523
|
-
let
|
|
524
|
-
o && "state" in o && (
|
|
527
|
+
let h;
|
|
528
|
+
o && "state" in o && (h = o.state, delete o.state);
|
|
525
529
|
try {
|
|
526
530
|
const c = s.extras ? { ...s.extras, ...o } : o, _ = await l({
|
|
527
531
|
...c,
|
|
528
532
|
prompt: "none"
|
|
529
|
-
},
|
|
533
|
+
}, h, r);
|
|
530
534
|
if (_)
|
|
531
535
|
return i.tokens = _.tokens, t(k.token_aquired, {}), i.timeoutId = M(i, i.tokens.refreshToken, i.tokens.expiresAt, o), {};
|
|
532
536
|
} catch (c) {
|
|
@@ -534,8 +538,8 @@ const M = (n, e, s, t = null) => {
|
|
|
534
538
|
}
|
|
535
539
|
})();
|
|
536
540
|
}, Ve = (n, e, s) => (t, i, o, r = !1) => {
|
|
537
|
-
const l = (a,
|
|
538
|
-
return new Promise((a,
|
|
541
|
+
const l = (a, h = void 0, c = void 0) => te(n.configurationName, s, n.publishEvent.bind(n))(a, h, c);
|
|
542
|
+
return new Promise((a, h) => {
|
|
539
543
|
if (s.silent_login_uri && s.silent_redirect_uri && s.monitor_session && t && o && !r) {
|
|
540
544
|
const c = () => {
|
|
541
545
|
n.checkSessionIFrame.stop();
|
|
@@ -548,41 +552,41 @@ const M = (n, e, s, t = null) => {
|
|
|
548
552
|
id_token_hint: y,
|
|
549
553
|
scope: s.scope || "openid"
|
|
550
554
|
}).then((d) => {
|
|
551
|
-
const
|
|
552
|
-
if (u.sub ===
|
|
555
|
+
const f = d.tokens.idTokenPayload;
|
|
556
|
+
if (u.sub === f.sub) {
|
|
553
557
|
const g = d.sessionState;
|
|
554
|
-
n.checkSessionIFrame.start(d.sessionState), u.sid ===
|
|
558
|
+
n.checkSessionIFrame.start(d.sessionState), u.sid === f.sid ? console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", g) : console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", g);
|
|
555
559
|
} else
|
|
556
|
-
console.debug("SessionMonitor._callback: Different subject signed into OP:",
|
|
560
|
+
console.debug("SessionMonitor._callback: Different subject signed into OP:", f.sub);
|
|
557
561
|
}).catch(async (d) => {
|
|
558
562
|
console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:", d);
|
|
559
|
-
for (const [
|
|
563
|
+
for (const [f, g] of Object.entries(e))
|
|
560
564
|
await g.logoutOtherTabAsync(s.client_id, u.sub);
|
|
561
565
|
});
|
|
562
566
|
};
|
|
563
567
|
n.checkSessionIFrame = new Ie(c, i, t), n.checkSessionIFrame.load().then(() => {
|
|
564
568
|
n.checkSessionIFrame.start(o), a(n.checkSessionIFrame);
|
|
565
569
|
}).catch((_) => {
|
|
566
|
-
|
|
570
|
+
h(_);
|
|
567
571
|
});
|
|
568
572
|
} else
|
|
569
573
|
a(null);
|
|
570
574
|
});
|
|
571
575
|
};
|
|
572
|
-
var Ue =
|
|
576
|
+
var Ue = Be, N = [], ue = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
|
573
577
|
for (var j = 0, Me = ue.length; j < Me; ++j)
|
|
574
578
|
N[j] = ue[j];
|
|
575
579
|
function Ke(n) {
|
|
576
580
|
return N[n >> 18 & 63] + N[n >> 12 & 63] + N[n >> 6 & 63] + N[n & 63];
|
|
577
581
|
}
|
|
578
|
-
function
|
|
582
|
+
function Je(n, e, s) {
|
|
579
583
|
for (var t, i = [], o = e; o < s; o += 3)
|
|
580
584
|
t = (n[o] << 16 & 16711680) + (n[o + 1] << 8 & 65280) + (n[o + 2] & 255), i.push(Ke(t));
|
|
581
585
|
return i.join("");
|
|
582
586
|
}
|
|
583
|
-
function
|
|
587
|
+
function Be(n) {
|
|
584
588
|
for (var e, s = n.length, t = s % 3, i = [], o = 16383, r = 0, l = s - t; r < l; r += o)
|
|
585
|
-
i.push(
|
|
589
|
+
i.push(Je(n, r, r + o > l ? l : r + o));
|
|
586
590
|
return t === 1 ? (e = n[s - 1], i.push(
|
|
587
591
|
N[e >> 2] + N[e << 4 & 63] + "=="
|
|
588
592
|
)) : t === 2 && (e = (n[s - 2] << 8) + n[s - 1], i.push(
|
|
@@ -638,12 +642,12 @@ const He = (n) => {
|
|
|
638
642
|
const o = `${e}/.well-known/openid-configuration`, r = `oidc.server:${e}`, l = Xe(r, t, s);
|
|
639
643
|
if (l)
|
|
640
644
|
return new ne(l);
|
|
641
|
-
const a = await
|
|
645
|
+
const a = await J(n)(o, {}, i);
|
|
642
646
|
if (a.status !== 200)
|
|
643
647
|
return null;
|
|
644
|
-
const
|
|
645
|
-
return Ye(r,
|
|
646
|
-
},
|
|
648
|
+
const h = await a.json();
|
|
649
|
+
return Ye(r, h, t), new ne(h);
|
|
650
|
+
}, J = (n) => async (e, s = {}, t = 1e4, i = 0) => {
|
|
647
651
|
let o;
|
|
648
652
|
try {
|
|
649
653
|
const r = new AbortController();
|
|
@@ -651,7 +655,7 @@ const He = (n) => {
|
|
|
651
655
|
} catch (r) {
|
|
652
656
|
if (r.name === "AbortError" || r.message === "Network request failed") {
|
|
653
657
|
if (i <= 1)
|
|
654
|
-
return await
|
|
658
|
+
return await J(n)(e, s, t, i + 1);
|
|
655
659
|
throw r;
|
|
656
660
|
} else
|
|
657
661
|
throw console.error(r.message), r;
|
|
@@ -671,7 +675,7 @@ const He = (n) => {
|
|
|
671
675
|
l.push(`${_}=${y}`);
|
|
672
676
|
}
|
|
673
677
|
const a = l.join("&");
|
|
674
|
-
return (await
|
|
678
|
+
return (await J(n)(e, {
|
|
675
679
|
method: "POST",
|
|
676
680
|
headers: {
|
|
677
681
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
|
|
@@ -685,16 +689,16 @@ const He = (n) => {
|
|
|
685
689
|
s[u] === void 0 && (s[u] = d);
|
|
686
690
|
const a = [];
|
|
687
691
|
for (const u in s) {
|
|
688
|
-
const d = encodeURIComponent(u),
|
|
689
|
-
a.push(`${d}=${
|
|
692
|
+
const d = encodeURIComponent(u), f = encodeURIComponent(s[u]);
|
|
693
|
+
a.push(`${d}=${f}`);
|
|
690
694
|
}
|
|
691
|
-
const
|
|
695
|
+
const h = a.join("&"), c = await J(n)(e, {
|
|
692
696
|
method: "POST",
|
|
693
697
|
headers: {
|
|
694
698
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
695
699
|
...o
|
|
696
700
|
},
|
|
697
|
-
body:
|
|
701
|
+
body: h
|
|
698
702
|
}, l);
|
|
699
703
|
if (c.status !== 200)
|
|
700
704
|
return { success: !1, status: c.status, demonstratingProofOfPossessionNonce: null };
|
|
@@ -721,7 +725,7 @@ const He = (n) => {
|
|
|
721
725
|
const y = encodeURIComponent(_), u = encodeURIComponent(s[_]);
|
|
722
726
|
r.push(`${y}=${u}`);
|
|
723
727
|
}
|
|
724
|
-
const l = r.join("&"), a = await
|
|
728
|
+
const l = r.join("&"), a = await J(fetch)(e, {
|
|
725
729
|
method: "POST",
|
|
726
730
|
headers: {
|
|
727
731
|
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
|
|
@@ -731,18 +735,18 @@ const He = (n) => {
|
|
|
731
735
|
}, o);
|
|
732
736
|
if (await Promise.all([n.setCodeVerifierAsync(null), n.setStateAsync(null)]), a.status !== 200)
|
|
733
737
|
return { success: !1, status: a.status };
|
|
734
|
-
let
|
|
735
|
-
a.headers.has(G) && (
|
|
738
|
+
let h = null;
|
|
739
|
+
a.headers.has(G) && (h = a.headers.get(G));
|
|
736
740
|
const c = await a.json();
|
|
737
741
|
return {
|
|
738
742
|
success: !0,
|
|
739
743
|
data: {
|
|
740
744
|
state: s.state,
|
|
741
745
|
tokens: se(c, null, i),
|
|
742
|
-
demonstratingProofOfPossessionNonce:
|
|
746
|
+
demonstratingProofOfPossessionNonce: h
|
|
743
747
|
}
|
|
744
748
|
};
|
|
745
|
-
},
|
|
749
|
+
}, ve = (n) => {
|
|
746
750
|
const e = n.match(
|
|
747
751
|
// eslint-disable-next-line no-useless-escape
|
|
748
752
|
/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
|
|
@@ -765,13 +769,13 @@ const He = (n) => {
|
|
|
765
769
|
hash: t
|
|
766
770
|
};
|
|
767
771
|
}, kn = (n) => {
|
|
768
|
-
const e =
|
|
772
|
+
const e = ve(n);
|
|
769
773
|
let { path: s } = e;
|
|
770
774
|
s.endsWith("/") && (s = s.slice(0, -1));
|
|
771
775
|
let { hash: t } = e;
|
|
772
776
|
return t === "#_=_" && (t = ""), t && (s += t), s;
|
|
773
777
|
}, H = (n) => {
|
|
774
|
-
const e =
|
|
778
|
+
const e = ve(n), { search: s } = e;
|
|
775
779
|
return sn(s);
|
|
776
780
|
}, sn = (n) => {
|
|
777
781
|
const e = {};
|
|
@@ -781,7 +785,7 @@ const He = (n) => {
|
|
|
781
785
|
s = o[t].split("="), e[decodeURIComponent(s[0])] = decodeURIComponent(s[1]);
|
|
782
786
|
return e;
|
|
783
787
|
};
|
|
784
|
-
function
|
|
788
|
+
function Se(n) {
|
|
785
789
|
return new TextEncoder().encode(n);
|
|
786
790
|
}
|
|
787
791
|
function Te(n) {
|
|
@@ -798,7 +802,7 @@ function be(n) {
|
|
|
798
802
|
e += String.fromCharCode(s);
|
|
799
803
|
}), Te(e);
|
|
800
804
|
}
|
|
801
|
-
function
|
|
805
|
+
function fe(n) {
|
|
802
806
|
return Te(tn(n));
|
|
803
807
|
}
|
|
804
808
|
var Pe = {};
|
|
@@ -807,18 +811,18 @@ Pe.sign = (n, e, s, t = "dpop+jwt") => {
|
|
|
807
811
|
const i = {
|
|
808
812
|
// @ts-ignore
|
|
809
813
|
// JWT "headers" really means JWS "protected headers"
|
|
810
|
-
protected:
|
|
814
|
+
protected: fe(JSON.stringify(e)),
|
|
811
815
|
// @ts-ignore
|
|
812
816
|
// JWT "claims" are really a JSON-defined JWS "payload"
|
|
813
|
-
payload:
|
|
817
|
+
payload: fe(JSON.stringify(s))
|
|
814
818
|
}, o = {
|
|
815
819
|
name: "ECDSA",
|
|
816
820
|
namedCurve: "P-256",
|
|
817
821
|
hash: { name: "ES256" }
|
|
818
822
|
}, r = !0, l = ["sign"];
|
|
819
823
|
return window.crypto.subtle.importKey("jwk", n, o, r, l).then(function(a) {
|
|
820
|
-
const
|
|
821
|
-
return window.crypto.subtle.sign(c, a,
|
|
824
|
+
const h = Se(i.protected + "." + i.payload), c = { name: "ECDSA", hash: { name: "SHA-256" } };
|
|
825
|
+
return window.crypto.subtle.sign(c, a, h).then(function(_) {
|
|
822
826
|
return i.signature = be(new Uint8Array(_)), i.protected + "." + i.payload + "." + i.signature;
|
|
823
827
|
});
|
|
824
828
|
});
|
|
@@ -840,7 +844,7 @@ oe.neuter = function(n) {
|
|
|
840
844
|
var Oe = {};
|
|
841
845
|
Oe.thumbprint = function(n) {
|
|
842
846
|
const e = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", n.crv).replace("X", n.x).replace("Y", n.y);
|
|
843
|
-
return window.crypto.subtle.digest({ name: "SHA-256" },
|
|
847
|
+
return window.crypto.subtle.digest({ name: "SHA-256" }, Se(e)).then(function(s) {
|
|
844
848
|
return be(new Uint8Array(s));
|
|
845
849
|
});
|
|
846
850
|
};
|
|
@@ -869,7 +873,7 @@ const on = function() {
|
|
|
869
873
|
});
|
|
870
874
|
});
|
|
871
875
|
}, an = (n, e, s, t, i) => (o = void 0, r = null, l = !1, a = void 0) => {
|
|
872
|
-
const
|
|
876
|
+
const h = r;
|
|
873
877
|
return r = { ...r }, (async () => {
|
|
874
878
|
const _ = n.location, y = o || _.pathname + (_.search || "") + (_.hash || "");
|
|
875
879
|
if ("state" in r || (r.state = Z(16)), t(k.loginAsync_begin, {}), r)
|
|
@@ -880,13 +884,13 @@ const on = function() {
|
|
|
880
884
|
a || (a = s.scope);
|
|
881
885
|
const d = s.extras ? { ...s.extras, ...r } : r;
|
|
882
886
|
d.nonce || (d.nonce = Z(12));
|
|
883
|
-
const
|
|
884
|
-
let
|
|
887
|
+
const f = { nonce: d.nonce }, g = await x(s.service_worker_relative_url, e), w = await i(s.authority, s.authority_configuration);
|
|
888
|
+
let v;
|
|
885
889
|
if (g)
|
|
886
|
-
g.setLoginParams({ callbackPath: y, extras:
|
|
890
|
+
g.setLoginParams({ callbackPath: y, extras: h }), await g.initAsync(w, "loginAsync", s), await g.setNonceAsync(f), g.startKeepAliveServiceWorker(), v = g;
|
|
887
891
|
else {
|
|
888
|
-
const
|
|
889
|
-
|
|
892
|
+
const O = I(e, s.storage ?? sessionStorage);
|
|
893
|
+
O.setLoginParams({ callbackPath: y, extras: h }), await O.setNonceAsync(f), v = O;
|
|
890
894
|
}
|
|
891
895
|
const b = {
|
|
892
896
|
client_id: s.client_id,
|
|
@@ -895,7 +899,7 @@ const on = function() {
|
|
|
895
899
|
response_type: "code",
|
|
896
900
|
...d
|
|
897
901
|
};
|
|
898
|
-
await en(
|
|
902
|
+
await en(v)(w.authorizationEndpoint, b);
|
|
899
903
|
} catch (u) {
|
|
900
904
|
throw t(k.loginAsync_error, u), u;
|
|
901
905
|
}
|
|
@@ -903,21 +907,21 @@ const on = function() {
|
|
|
903
907
|
}, cn = (n) => async (e = !1) => {
|
|
904
908
|
try {
|
|
905
909
|
n.publishEvent(k.loginCallbackAsync_begin, {});
|
|
906
|
-
const s = n.configuration, t = s.client_id, i = e ? s.silent_redirect_uri : s.redirect_uri, o = s.authority, r = s.token_request_timeout, l = await n.initAsync(o, s.authority_configuration),
|
|
910
|
+
const s = n.configuration, t = s.client_id, i = e ? s.silent_redirect_uri : s.redirect_uri, o = s.authority, r = s.token_request_timeout, l = await n.initAsync(o, s.authority_configuration), h = H(window.location.href).session_state, c = await x(s.service_worker_relative_url, n.configurationName);
|
|
907
911
|
let _, y, u, d;
|
|
908
912
|
if (c)
|
|
909
|
-
await c.initAsync(l, "loginCallbackAsync", s), await c.setSessionStateAsync(
|
|
913
|
+
await c.initAsync(l, "loginCallbackAsync", s), await c.setSessionStateAsync(h), y = await c.getNonceAsync(), u = c.getLoginParams(), d = await c.getStateAsync(), c.startKeepAliveServiceWorker(), _ = c;
|
|
910
914
|
else {
|
|
911
|
-
const A =
|
|
912
|
-
await A.setSessionStateAsync(
|
|
915
|
+
const A = I(n.configurationName, s.storage ?? sessionStorage);
|
|
916
|
+
await A.setSessionStateAsync(h), y = await A.getNonceAsync(), u = A.getLoginParams(), d = await A.getStateAsync(), _ = A;
|
|
913
917
|
}
|
|
914
|
-
const
|
|
915
|
-
if (
|
|
916
|
-
throw console.error(), new Error(`issuer not valid (expected: ${l.issuer}, received: ${
|
|
917
|
-
if (
|
|
918
|
-
throw new Error(`state not valid (expected: ${d}, received: ${
|
|
918
|
+
const f = H(window.location.toString());
|
|
919
|
+
if (f.iss && f.iss !== l.issuer)
|
|
920
|
+
throw console.error(), new Error(`issuer not valid (expected: ${l.issuer}, received: ${f.iss})`);
|
|
921
|
+
if (f.state && f.state !== d)
|
|
922
|
+
throw new Error(`state not valid (expected: ${d}, received: ${f.state})`);
|
|
919
923
|
const g = {
|
|
920
|
-
code:
|
|
924
|
+
code: f.code,
|
|
921
925
|
grant_type: "authorization_code",
|
|
922
926
|
client_id: s.client_id,
|
|
923
927
|
redirect_uri: i
|
|
@@ -928,91 +932,91 @@ const on = function() {
|
|
|
928
932
|
if (u && u.extras)
|
|
929
933
|
for (const [A, T] of Object.entries(u.extras))
|
|
930
934
|
A.endsWith(":token_request") && (w[A.replace(":token_request", "")] = T);
|
|
931
|
-
const
|
|
935
|
+
const v = l.tokenEndpoint, b = {};
|
|
932
936
|
if (s.demonstrating_proof_of_possession) {
|
|
933
937
|
const A = await rn();
|
|
934
|
-
c ? await c.setDemonstratingProofOfPossessionJwkAsync(A) : await
|
|
938
|
+
c ? await c.setDemonstratingProofOfPossessionJwkAsync(A) : await I(n.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(A), b.DPoP = await Ee(A, "POST", v);
|
|
935
939
|
}
|
|
936
|
-
const
|
|
937
|
-
|
|
940
|
+
const O = await nn(_)(
|
|
941
|
+
v,
|
|
938
942
|
{ ...g, ...w },
|
|
939
943
|
b,
|
|
940
944
|
n.configuration.token_renew_mode,
|
|
941
945
|
r
|
|
942
946
|
);
|
|
943
|
-
if (!
|
|
947
|
+
if (!O.success)
|
|
944
948
|
throw new Error("Token request failed");
|
|
945
949
|
let p;
|
|
946
|
-
const
|
|
947
|
-
if (
|
|
950
|
+
const E = O.data.tokens, C = O.data.demonstratingProofOfPossessionNonce;
|
|
951
|
+
if (O.data.state !== w.state)
|
|
948
952
|
throw new Error("state is not valid");
|
|
949
|
-
const { isValid: m, reason:
|
|
953
|
+
const { isValid: m, reason: S } = ge(E, y.nonce, l);
|
|
950
954
|
if (!m)
|
|
951
|
-
throw new Error(`Tokens are not OpenID valid, reason: ${
|
|
955
|
+
throw new Error(`Tokens are not OpenID valid, reason: ${S}`);
|
|
952
956
|
if (c) {
|
|
953
|
-
if (
|
|
957
|
+
if (E.refreshToken && !E.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
954
958
|
throw new Error("Refresh token should be hidden by service worker");
|
|
955
|
-
if (
|
|
959
|
+
if (C && E.accessToken && E.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))
|
|
956
960
|
throw new Error("Demonstration of proof of possession require Access token not hidden by service worker");
|
|
957
961
|
}
|
|
958
962
|
if (c)
|
|
959
|
-
await c.initAsync(i, "syncTokensAsync", s), p = c.getLoginParams(),
|
|
963
|
+
await c.initAsync(i, "syncTokensAsync", s), p = c.getLoginParams(), C && await c.setDemonstratingProofOfPossessionNonce(C);
|
|
960
964
|
else {
|
|
961
|
-
const A =
|
|
962
|
-
p = A.getLoginParams(),
|
|
965
|
+
const A = I(n.configurationName, s.storage);
|
|
966
|
+
p = A.getLoginParams(), C && await A.setDemonstratingProofOfPossessionNonce(C);
|
|
963
967
|
}
|
|
964
|
-
return await n.startCheckSessionAsync(l.checkSessionIframe, t,
|
|
965
|
-
tokens:
|
|
968
|
+
return await n.startCheckSessionAsync(l.checkSessionIframe, t, h, e), n.publishEvent(k.loginCallbackAsync_end, {}), {
|
|
969
|
+
tokens: E,
|
|
966
970
|
state: "request.state",
|
|
967
971
|
callbackPath: p.callbackPath
|
|
968
972
|
};
|
|
969
973
|
} catch (s) {
|
|
970
974
|
throw console.error(s), n.publishEvent(k.loginCallbackAsync_error, s), s;
|
|
971
975
|
}
|
|
972
|
-
},
|
|
976
|
+
}, he = {
|
|
973
977
|
access_token: "access_token",
|
|
974
978
|
refresh_token: "refresh_token"
|
|
975
979
|
}, ln = (n) => async (e) => {
|
|
976
980
|
K.clearTimeout(n.timeoutId), n.timeoutId = null, n.checkSessionIFrame && n.checkSessionIFrame.stop();
|
|
977
|
-
const s = await
|
|
978
|
-
s ? await s.clearAsync(e) : await
|
|
981
|
+
const s = await x(n.configuration.service_worker_relative_url, n.configurationName);
|
|
982
|
+
s ? await s.clearAsync(e) : await I(n.configurationName, n.configuration.storage).clearAsync(e), n.tokens = null, n.userInfo = null;
|
|
979
983
|
}, un = (n, e, s, t, i) => async (o = void 0, r = null) => {
|
|
980
984
|
const l = n.configuration, a = await n.initAsync(l.authority, l.authority_configuration);
|
|
981
985
|
o && typeof o != "string" && (o = void 0, i.warn("callbackPathOrUrl path is not a string"));
|
|
982
|
-
const
|
|
986
|
+
const h = o ?? location.pathname + (location.search || "") + (location.hash || "");
|
|
983
987
|
let c = !1;
|
|
984
988
|
o && (c = o.includes("https://") || o.includes("http://"));
|
|
985
|
-
const _ = c ? o : t.location.origin +
|
|
989
|
+
const _ = c ? o : t.location.origin + h, y = n.tokens ? n.tokens.idToken : "";
|
|
986
990
|
try {
|
|
987
991
|
const d = a.revocationEndpoint;
|
|
988
992
|
if (d) {
|
|
989
|
-
const
|
|
990
|
-
if (g && l.logout_tokens_to_invalidate.includes(
|
|
991
|
-
const
|
|
992
|
-
|
|
993
|
+
const f = [], g = n.tokens.accessToken;
|
|
994
|
+
if (g && l.logout_tokens_to_invalidate.includes(he.access_token)) {
|
|
995
|
+
const v = de(s)(d, g, ee.access_token, l.client_id);
|
|
996
|
+
f.push(v);
|
|
993
997
|
}
|
|
994
998
|
const w = n.tokens.refreshToken;
|
|
995
|
-
if (w && l.logout_tokens_to_invalidate.includes(
|
|
996
|
-
const
|
|
997
|
-
|
|
999
|
+
if (w && l.logout_tokens_to_invalidate.includes(he.refresh_token)) {
|
|
1000
|
+
const v = de(s)(d, w, ee.refresh_token, l.client_id);
|
|
1001
|
+
f.push(v);
|
|
998
1002
|
}
|
|
999
|
-
|
|
1003
|
+
f.length > 0 && await Promise.all(f);
|
|
1000
1004
|
}
|
|
1001
1005
|
} catch (d) {
|
|
1002
1006
|
i.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"), i.warn(d);
|
|
1003
1007
|
}
|
|
1004
1008
|
const u = n.tokens && n.tokens.idTokenPayload ? n.tokens.idTokenPayload.sub : null;
|
|
1005
1009
|
await n.destroyAsync("LOGGED_OUT");
|
|
1006
|
-
for (const [d,
|
|
1007
|
-
|
|
1010
|
+
for (const [d, f] of Object.entries(e))
|
|
1011
|
+
f !== n && await n.logoutSameTabAsync(n.configuration.client_id, u);
|
|
1008
1012
|
if (a.endSessionEndpoint) {
|
|
1009
1013
|
r || (r = {
|
|
1010
1014
|
id_token_hint: y
|
|
1011
1015
|
}, o !== null && (r.post_logout_redirect_uri = _));
|
|
1012
1016
|
let d = "";
|
|
1013
1017
|
if (r)
|
|
1014
|
-
for (const [
|
|
1015
|
-
d === "" ? d += "?" : d += "&", d += `${
|
|
1018
|
+
for (const [f, g] of Object.entries(r))
|
|
1019
|
+
d === "" ? d += "?" : d += "&", d += `${f}=${encodeURIComponent(g)}`;
|
|
1016
1020
|
t.location.href = `${a.endSessionEndpoint}${d}`;
|
|
1017
1021
|
} else
|
|
1018
1022
|
t.location.reload();
|
|
@@ -1035,13 +1039,13 @@ const on = function() {
|
|
|
1035
1039
|
return a.status !== 200 ? null : a.json();
|
|
1036
1040
|
})(s);
|
|
1037
1041
|
return n.userInfo = r, r;
|
|
1038
|
-
},
|
|
1042
|
+
}, fn = () => fetch;
|
|
1039
1043
|
class ne {
|
|
1040
1044
|
constructor(e) {
|
|
1041
1045
|
this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
|
|
1042
1046
|
}
|
|
1043
1047
|
}
|
|
1044
|
-
const W = {},
|
|
1048
|
+
const W = {}, hn = (n) => (e, s = "default") => (W[s] || (W[s] = new $(e, s, n)), W[s]), _n = async (n) => {
|
|
1045
1049
|
const { parsedTokens: e, callbackPath: s } = await n.loginCallbackAsync();
|
|
1046
1050
|
return n.timeoutId = M(n, e.refreshToken, e.expiresAt), { callbackPath: s };
|
|
1047
1051
|
}, yn = (n) => Math.floor(Math.random() * n), L = class L {
|
|
@@ -1060,7 +1064,7 @@ const W = {}, fn = (n) => (e, s = "default") => (W[s] || (W[s] = new $(e, s, n))
|
|
|
1060
1064
|
demonstrating_proof_of_possession: e.demonstrating_proof_of_possession ?? !1,
|
|
1061
1065
|
authority_timeout_wellknowurl_in_millisecond: e.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
|
|
1062
1066
|
logout_tokens_to_invalidate: e.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"]
|
|
1063
|
-
}, this.getFetch = t ??
|
|
1067
|
+
}, this.getFetch = t ?? fn, this.configurationName = s, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.synchroniseTokensAsync.bind(this), this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
|
|
1064
1068
|
}
|
|
1065
1069
|
subscribeEvents(e) {
|
|
1066
1070
|
const s = yn(9999999999999).toString();
|
|
@@ -1115,7 +1119,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1115
1119
|
check_session_iframe: s.check_session_iframe,
|
|
1116
1120
|
issuer: s.issuer
|
|
1117
1121
|
});
|
|
1118
|
-
const o = await
|
|
1122
|
+
const o = await x(this.configuration.service_worker_relative_url, this.configurationName) ? window.localStorage : null;
|
|
1119
1123
|
return await Qe(this.getFetch())(e, this.configuration.authority_time_cache_wellknowurl_in_second ?? 60 * 60, o, this.configuration.authority_timeout_wellknowurl_in_millisecond);
|
|
1120
1124
|
};
|
|
1121
1125
|
return this.initPromise = t(), this.initPromise.then((i) => (this.initPromise = null, i));
|
|
@@ -1130,7 +1134,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1130
1134
|
this.publishEvent(k.tryKeepExistingSessionAsync_begin, {});
|
|
1131
1135
|
try {
|
|
1132
1136
|
const t = this.configuration, i = await this.initAsync(t.authority, t.authority_configuration);
|
|
1133
|
-
if (s = await
|
|
1137
|
+
if (s = await x(t.service_worker_relative_url, this.configurationName), s) {
|
|
1134
1138
|
const { tokens: o } = await s.initAsync(i, "tryKeepExistingSessionAsync", t);
|
|
1135
1139
|
if (o) {
|
|
1136
1140
|
s.startKeepAliveServiceWorker(), this.tokens = o;
|
|
@@ -1150,7 +1154,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1150
1154
|
t.service_worker_relative_url && this.publishEvent(k.service_worker_not_supported_by_browser, {
|
|
1151
1155
|
message: "service worker is not supported by this browser"
|
|
1152
1156
|
});
|
|
1153
|
-
const o =
|
|
1157
|
+
const o = I(this.configurationName, t.storage ?? sessionStorage), { tokens: r } = await o.initAsync();
|
|
1154
1158
|
if (r) {
|
|
1155
1159
|
this.tokens = ye(r, null, t.token_renew_mode);
|
|
1156
1160
|
const l = o.getLoginParams();
|
|
@@ -1183,7 +1187,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1183
1187
|
return this.loginCallbackPromise;
|
|
1184
1188
|
const s = async () => {
|
|
1185
1189
|
const t = await cn(this)(e), i = t.tokens;
|
|
1186
|
-
return this.tokens = i, await
|
|
1190
|
+
return this.tokens = i, await x(this.configuration.service_worker_relative_url, this.configurationName) || I(this.configurationName, this.configuration.storage).setTokens(i), this.publishEvent(L.eventNames.token_aquired, i), { parsedTokens: i, state: t.state, callbackPath: t.callbackPath };
|
|
1187
1191
|
};
|
|
1188
1192
|
return this.loginCallbackPromise = s(), this.loginCallbackPromise.then((t) => (this.loginCallbackPromise = null, t));
|
|
1189
1193
|
}
|
|
@@ -1196,30 +1200,30 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1196
1200
|
let l = Math.floor(Math.random() * 15) + 10;
|
|
1197
1201
|
for (; document.hidden && l > 0; )
|
|
1198
1202
|
await D(1e3), l--, this.publishEvent(k.refreshTokensAsync, { message: `wait because navigator is hidden try ${l}` });
|
|
1199
|
-
const
|
|
1203
|
+
const h = document.hidden ? s : s + 1;
|
|
1200
1204
|
i || (i = {});
|
|
1201
|
-
const c = this.configuration, _ = (u, d,
|
|
1205
|
+
const c = this.configuration, _ = (u, d, f = null) => te(this.configurationName, this.configuration, this.publishEvent.bind(this))(u, d, f), y = async () => {
|
|
1202
1206
|
try {
|
|
1203
1207
|
let u;
|
|
1204
|
-
const d = await
|
|
1205
|
-
d ? u = d.getLoginParams() : u =
|
|
1206
|
-
const
|
|
1208
|
+
const d = await x(c.service_worker_relative_url, this.configurationName);
|
|
1209
|
+
d ? u = d.getLoginParams() : u = I(this.configurationName, c.storage).getLoginParams();
|
|
1210
|
+
const f = await _({
|
|
1207
1211
|
...u.extras,
|
|
1208
1212
|
...i,
|
|
1209
1213
|
prompt: "none"
|
|
1210
1214
|
}, u.state);
|
|
1211
|
-
if (
|
|
1212
|
-
return o(
|
|
1215
|
+
if (f)
|
|
1216
|
+
return o(f.tokens), this.publishEvent(L.eventNames.token_renewed, {}), { tokens: f.tokens, status: "LOGGED" };
|
|
1213
1217
|
} catch (u) {
|
|
1214
1218
|
if (console.error(u), this.publishEvent(k.refreshTokensAsync_silent_error, { message: "exceptionSilent", exception: u.message }), u && u.message && u.message.startsWith("oidc"))
|
|
1215
1219
|
return o(null), this.publishEvent(k.refreshTokensAsync_error, { message: "refresh token silent" }), { tokens: null, status: "SESSION_LOST" };
|
|
1216
1220
|
}
|
|
1217
|
-
return this.publishEvent(k.refreshTokensAsync_error, { message: "refresh token silent return" }), await this.synchroniseTokensAsync(null,
|
|
1221
|
+
return this.publishEvent(k.refreshTokensAsync_error, { message: "refresh token silent return" }), await this.synchroniseTokensAsync(null, h, t, i, o);
|
|
1218
1222
|
};
|
|
1219
1223
|
if (s > 4)
|
|
1220
1224
|
return o(null), this.publishEvent(k.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" };
|
|
1221
1225
|
try {
|
|
1222
|
-
const { status: u, tokens: d, nonce:
|
|
1226
|
+
const { status: u, tokens: d, nonce: f } = await this.syncTokensInfoAsync(c, this.configurationName, this.tokens, t);
|
|
1223
1227
|
switch (u) {
|
|
1224
1228
|
case "SESSION_LOST":
|
|
1225
1229
|
return o(null), this.publishEvent(k.refreshTokensAsync_error, { message: "refresh token session lost" }), { tokens: null, status: "SESSION_LOST" };
|
|
@@ -1236,55 +1240,55 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1236
1240
|
default: {
|
|
1237
1241
|
if (this.publishEvent(k.refreshTokensAsync_begin, { refreshToken: e, status: u, tryNumber: s }), !e)
|
|
1238
1242
|
return await y();
|
|
1239
|
-
const g = c.client_id, w = c.redirect_uri,
|
|
1240
|
-
for (const [
|
|
1241
|
-
|
|
1243
|
+
const g = c.client_id, w = c.redirect_uri, v = c.authority, O = { ...c.token_request_extras ? c.token_request_extras : {} };
|
|
1244
|
+
for (const [E, C] of Object.entries(i))
|
|
1245
|
+
E.endsWith(":token_request") && (O[E.replace(":token_request", "")] = C);
|
|
1242
1246
|
return await (async () => {
|
|
1243
|
-
const
|
|
1247
|
+
const E = {
|
|
1244
1248
|
client_id: g,
|
|
1245
1249
|
redirect_uri: w,
|
|
1246
1250
|
grant_type: "refresh_token",
|
|
1247
1251
|
refresh_token: d.refreshToken
|
|
1248
|
-
},
|
|
1249
|
-
c.demonstrating_proof_of_possession && (A.DPoP = await this.generateDemonstrationOfProofOfPossessionAsync(d.accessToken,
|
|
1252
|
+
}, C = await this.initAsync(v, c.authority_configuration), m = document.hidden ? 1e4 : 3e4 * 10, S = C.tokenEndpoint, A = {};
|
|
1253
|
+
c.demonstrating_proof_of_possession && (A.DPoP = await this.generateDemonstrationOfProofOfPossessionAsync(d.accessToken, S, "POST"));
|
|
1250
1254
|
const T = await Ze(this.getFetch())(
|
|
1251
|
-
|
|
1255
|
+
S,
|
|
1256
|
+
E,
|
|
1252
1257
|
O,
|
|
1253
|
-
P,
|
|
1254
1258
|
d,
|
|
1255
1259
|
A,
|
|
1256
1260
|
c.token_renew_mode,
|
|
1257
1261
|
m
|
|
1258
1262
|
);
|
|
1259
1263
|
if (T.success) {
|
|
1260
|
-
const { isValid:
|
|
1261
|
-
if (!
|
|
1264
|
+
const { isValid: B, reason: X } = ge(T.data, f.nonce, C);
|
|
1265
|
+
if (!B)
|
|
1262
1266
|
return o(null), this.publishEvent(k.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${X}` }), { tokens: null, status: "SESSION_LOST" };
|
|
1263
1267
|
if (o(T.data), T.demonstratingProofOfPossessionNonce) {
|
|
1264
|
-
const ie = await
|
|
1265
|
-
ie ? await ie.setDemonstratingProofOfPossessionNonce(T.demonstratingProofOfPossessionNonce) : await
|
|
1268
|
+
const ie = await x(c.service_worker_relative_url, this.configurationName);
|
|
1269
|
+
ie ? await ie.setDemonstratingProofOfPossessionNonce(T.demonstratingProofOfPossessionNonce) : await I(this.configurationName, c.storage).setDemonstratingProofOfPossessionNonce(T.demonstratingProofOfPossessionNonce);
|
|
1266
1270
|
}
|
|
1267
1271
|
return this.publishEvent(k.refreshTokensAsync_end, { success: T.success }), this.publishEvent(L.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: T.data, status: "LOGGED_IN" };
|
|
1268
1272
|
} else
|
|
1269
1273
|
return this.publishEvent(k.refreshTokensAsync_silent_error, {
|
|
1270
1274
|
message: "bad request",
|
|
1271
1275
|
tokenResponse: T
|
|
1272
|
-
}), await this.synchroniseTokensAsync(e,
|
|
1276
|
+
}), await this.synchroniseTokensAsync(e, h, t, i, o);
|
|
1273
1277
|
})();
|
|
1274
1278
|
}
|
|
1275
1279
|
}
|
|
1276
1280
|
} catch (u) {
|
|
1277
|
-
return console.error(u), this.publishEvent(k.refreshTokensAsync_silent_error, { message: "exception", exception: u.message }), this.synchroniseTokensAsync(e,
|
|
1281
|
+
return console.error(u), this.publishEvent(k.refreshTokensAsync_silent_error, { message: "exception", exception: u.message }), this.synchroniseTokensAsync(e, h, t, i, o);
|
|
1278
1282
|
}
|
|
1279
1283
|
}
|
|
1280
1284
|
async generateDemonstrationOfProofOfPossessionAsync(e, s, t) {
|
|
1281
|
-
const i = this.configuration, o = { ath: await Ae(e) }, r = await
|
|
1285
|
+
const i = this.configuration, o = { ath: await Ae(e) }, r = await x(i.service_worker_relative_url, this.configurationName);
|
|
1282
1286
|
let l = null, a;
|
|
1283
1287
|
if (r)
|
|
1284
1288
|
l = await r.getDemonstratingProofOfPossessionNonce(), a = await r.getDemonstratingProofOfPossessionJwkAsync();
|
|
1285
1289
|
else {
|
|
1286
|
-
const
|
|
1287
|
-
a = await
|
|
1290
|
+
const h = I(this.configurationName, i.storage);
|
|
1291
|
+
a = await h.getDemonstratingProofOfPossessionJwkAsync(), l = await h.getDemonstratingProofOfPossessionNonce();
|
|
1288
1292
|
}
|
|
1289
1293
|
return l && (o.nonce = l), await Ee(a, t, s, o);
|
|
1290
1294
|
}
|
|
@@ -1293,7 +1297,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1293
1297
|
if (!t)
|
|
1294
1298
|
return { tokens: null, status: "NOT_CONNECTED", nonce: o };
|
|
1295
1299
|
let r = o;
|
|
1296
|
-
const l = await this.initAsync(e.authority, e.authority_configuration), a = await
|
|
1300
|
+
const l = await this.initAsync(e.authority, e.authority_configuration), a = await x(e.service_worker_relative_url, s);
|
|
1297
1301
|
if (a) {
|
|
1298
1302
|
const { status: _, tokens: y } = await a.initAsync(l, "syncTokensAsync", e);
|
|
1299
1303
|
if (_ === "LOGGED_OUT")
|
|
@@ -1303,18 +1307,18 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1303
1307
|
if (!_ || !y)
|
|
1304
1308
|
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: o };
|
|
1305
1309
|
if (y.issuedAt !== t.issuedAt) {
|
|
1306
|
-
const d = U(e.refresh_time_before_tokens_expiration_in_second, y.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",
|
|
1307
|
-
return { tokens: y, status: d, nonce:
|
|
1310
|
+
const d = U(e.refresh_time_before_tokens_expiration_in_second, y.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", f = await a.getNonceAsync();
|
|
1311
|
+
return { tokens: y, status: d, nonce: f };
|
|
1308
1312
|
}
|
|
1309
1313
|
r = await a.getNonceAsync();
|
|
1310
1314
|
} else {
|
|
1311
|
-
const _ =
|
|
1315
|
+
const _ = I(s, e.storage ?? sessionStorage), { tokens: y, status: u } = await _.initAsync();
|
|
1312
1316
|
if (y) {
|
|
1313
1317
|
if (u === "SESSIONS_LOST")
|
|
1314
1318
|
return { tokens: null, status: "SESSIONS_LOST", nonce: o };
|
|
1315
1319
|
if (y.issuedAt !== t.issuedAt) {
|
|
1316
|
-
const
|
|
1317
|
-
return { tokens: y, status:
|
|
1320
|
+
const f = U(e.refresh_time_before_tokens_expiration_in_second, y.expiresAt) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", g = await _.getNonceAsync();
|
|
1321
|
+
return { tokens: y, status: f, nonce: g };
|
|
1318
1322
|
}
|
|
1319
1323
|
} else
|
|
1320
1324
|
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: o };
|
|
@@ -1348,7 +1352,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
|
|
|
1348
1352
|
return this.logoutPromise ? this.logoutPromise : (this.logoutPromise = un(this, W, this.getFetch(), window, console)(e, s), this.logoutPromise.then((t) => (this.logoutPromise = null, t)));
|
|
1349
1353
|
}
|
|
1350
1354
|
};
|
|
1351
|
-
L.getOrCreate = (e) => (s, t = "default") =>
|
|
1355
|
+
L.getOrCreate = (e) => (s, t = "default") => hn(e)(s, t), L.eventNames = k;
|
|
1352
1356
|
let $ = L;
|
|
1353
1357
|
const V = class V {
|
|
1354
1358
|
constructor(e) {
|
|
@@ -1405,7 +1409,7 @@ let _e = V;
|
|
|
1405
1409
|
export {
|
|
1406
1410
|
_e as OidcClient,
|
|
1407
1411
|
Y as TokenRenewMode,
|
|
1408
|
-
|
|
1412
|
+
fn as getFetchDefault,
|
|
1409
1413
|
H as getParseQueryStringFromLocation,
|
|
1410
1414
|
kn as getPath
|
|
1411
1415
|
};
|