@axa-fr/oidc-client 7.7.0-alpha.1071 → 7.7.0-beta.1072

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.js +31 -31
  2. package/dist/index.umd.cjs +2 -2
  3. package/dist/oidcClient.d.ts +1 -1
  4. package/dist/version.d.ts +1 -1
  5. package/package.json +2 -2
  6. package/src/logout.spec.ts +11 -3
  7. package/src/oidcClient.ts +2 -2
  8. package/src/version.ts +1 -1
package/dist/index.js CHANGED
@@ -107,7 +107,7 @@ const k = {
107
107
  console.warn(e);
108
108
  }
109
109
  return null;
110
- }, Le = (n, e) => n.split(e).length - 1, Y = {
110
+ }, Le = (n, e) => n.split(e).length - 1, z = {
111
111
  access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
112
112
  access_token_invalid: "access_token_invalid",
113
113
  id_token_invalid: "id_token_invalid"
@@ -129,7 +129,7 @@ const ge = (n, e = null, s) => {
129
129
  const i = n.idTokenPayload ? n.idTokenPayload : ae(n.idToken), r = i && i.exp ? i.exp : Number.MAX_VALUE, l = t && t.exp ? t.exp : n.issuedAt + o;
130
130
  n.issuedAt = We(n, t, i);
131
131
  let a;
132
- n.expiresAt ? a = n.expiresAt : s === Y.access_token_invalid ? a = l : s === Y.id_token_invalid ? a = r : a = r < l ? r : l;
132
+ n.expiresAt ? a = n.expiresAt : s === z.access_token_invalid ? a = l : s === z.id_token_invalid ? a = r : a = r < l ? r : l;
133
133
  const f = { ...n, idTokenPayload: i, accessTokenPayload: t, expiresAt: a };
134
134
  if (e != null && "refreshToken" in e && !("refreshToken" in n)) {
135
135
  const c = e.refreshToken;
@@ -155,14 +155,14 @@ const ge = (n, e = null, s) => {
155
155
  }, U = (n, e) => {
156
156
  const s = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = e - s;
157
157
  return Math.round(t - n);
158
- }, z = (n) => n ? U(0, n.expiresAt) > 0 : !1, De = async (n, e = 200, s = 50) => {
158
+ }, Q = (n) => n ? U(0, n.expiresAt) > 0 : !1, De = async (n, e = 200, s = 50) => {
159
159
  let t = s;
160
160
  if (!n.tokens)
161
161
  return null;
162
- for (; !z(n.tokens) && t > 0; )
162
+ for (; !Q(n.tokens) && t > 0; )
163
163
  await D(e), t = t - 1;
164
164
  return {
165
- isTokensValid: z(n.tokens),
165
+ isTokensValid: Q(n.tokens),
166
166
  tokens: n.tokens,
167
167
  numberWaited: t - s
168
168
  };
@@ -281,7 +281,7 @@ const ge = (n, e = null, s) => {
281
281
  setInterval: r,
282
282
  clearInterval: l
283
283
  };
284
- }(), ce = "7.7.0-alpha.1071", me = (n) => {
284
+ }(), ce = "7.7.0-beta.1072", me = (n) => {
285
285
  const e = n.appVersion, s = n.userAgent, t = "-";
286
286
  let o = t;
287
287
  const i = [
@@ -414,8 +414,8 @@ const pe = () => {
414
414
  await A.service_worker_update_require_callback(i, ue);
415
415
  else {
416
416
  ue(), await i.update();
417
- const X = await i.unregister();
418
- console.log(`Service worker unregistering ${X}`), await D(2e3), window.location.reload();
417
+ const Y = await i.unregister();
418
+ console.log(`Service worker unregistering ${Y}`), await D(2e3), window.location.reload();
419
419
  }
420
420
  return { tokens: te(b.tokens, null, A.token_renew_mode), status: b.status };
421
421
  }, a = () => {
@@ -596,20 +596,20 @@ function je(n) {
596
596
  const Ae = () => {
597
597
  const n = typeof window < "u" && !!window.crypto, e = n && !!window.crypto.subtle;
598
598
  return { hasCrypto: n, hasSubtleCrypto: e };
599
- }, Q = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", qe = (n) => {
599
+ }, Z = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", qe = (n) => {
600
600
  const e = [];
601
601
  for (let s = 0; s < n.byteLength; s += 1) {
602
- const t = n[s] % Q.length;
603
- e.push(Q[t]);
602
+ const t = n[s] % Z.length;
603
+ e.push(Z[t]);
604
604
  }
605
605
  return e.join("");
606
- }, Ge = (n) => Me(new Uint8Array(n)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, ""), Z = (n) => {
606
+ }, Ge = (n) => Me(new Uint8Array(n)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, ""), ee = (n) => {
607
607
  const e = new Uint8Array(n), { hasCrypto: s } = Ae();
608
608
  if (s)
609
609
  window.crypto.getRandomValues(e);
610
610
  else
611
611
  for (let t = 0; t < n; t += 1)
612
- e[t] = Math.random() * Q.length | 0;
612
+ e[t] = Math.random() * Z.length | 0;
613
613
  return qe(e);
614
614
  };
615
615
  function He(n) {
@@ -661,10 +661,10 @@ const Xe = (n) => {
661
661
  throw console.error(r.message), r;
662
662
  }
663
663
  return i;
664
- }, ee = {
664
+ }, ne = {
665
665
  refresh_token: "refresh_token",
666
666
  access_token: "access_token"
667
- }, fe = (n) => async (e, s, t = ee.refresh_token, o, i = 1e4) => {
667
+ }, fe = (n) => async (e, s, t = ne.refresh_token, o, i = 1e4) => {
668
668
  const r = {
669
669
  token: s,
670
670
  token_type_hint: t,
@@ -711,7 +711,7 @@ const Xe = (n) => {
711
711
  };
712
712
  }, nn = (n, e) => async (s, t) => {
713
713
  t = t ? { ...t } : {};
714
- const o = Z(128), i = await Xe(o);
714
+ const o = ee(128), i = await Xe(o);
715
715
  await n.setCodeVerifierAsync(o), await n.setStateAsync(t.state), t.code_challenge = i, t.code_challenge_method = "S256";
716
716
  let r = "";
717
717
  if (t)
@@ -876,14 +876,14 @@ const rn = function() {
876
876
  const c = l;
877
877
  return l = { ...l }, (async () => {
878
878
  const h = n.location, u = r || h.pathname + (h.search || "") + (h.hash || "");
879
- if ("state" in l || (l.state = Z(16)), t(k.loginAsync_begin, {}), l)
879
+ if ("state" in l || (l.state = ee(16)), t(k.loginAsync_begin, {}), l)
880
880
  for (const y of Object.keys(l))
881
881
  y.endsWith(":token_request") && delete l[y];
882
882
  try {
883
883
  const y = a ? s.silent_redirect_uri : s.redirect_uri;
884
884
  f || (f = s.scope);
885
885
  const d = s.extras ? { ...s.extras, ...l } : l;
886
- d.nonce || (d.nonce = Z(12));
886
+ d.nonce || (d.nonce = ee(12));
887
887
  const g = { nonce: d.nonce }, w = await x(s.service_worker_relative_url, e), T = await o(s.authority, s.authority_configuration);
888
888
  let v;
889
889
  if (w)
@@ -992,12 +992,12 @@ const rn = function() {
992
992
  if (d) {
993
993
  const g = [], w = n.tokens.accessToken;
994
994
  if (w && a.logout_tokens_to_invalidate.includes(_e.access_token)) {
995
- const v = fe(s)(d, w, ee.access_token, a.client_id);
995
+ const v = fe(s)(d, w, ne.access_token, a.client_id);
996
996
  g.push(v);
997
997
  }
998
998
  const T = n.tokens.refreshToken;
999
999
  if (T && a.logout_tokens_to_invalidate.includes(_e.refresh_token)) {
1000
- const v = fe(s)(d, T, ee.refresh_token, a.client_id);
1000
+ const v = fe(s)(d, T, ne.refresh_token, a.client_id);
1001
1001
  g.push(v);
1002
1002
  }
1003
1003
  g.length > 0 && await Promise.all(g);
@@ -1023,7 +1023,7 @@ const rn = function() {
1023
1023
  }, fn = (n) => async (e = !1) => {
1024
1024
  if (n.userInfo != null && !e)
1025
1025
  return n.userInfo;
1026
- for (; n.tokens && !z(n.tokens); )
1026
+ for (; n.tokens && !Q(n.tokens); )
1027
1027
  await D(200);
1028
1028
  if (!n.tokens)
1029
1029
  return null;
@@ -1040,7 +1040,7 @@ const rn = function() {
1040
1040
  })(s);
1041
1041
  return n.userInfo = r, r;
1042
1042
  };
1043
- class ne {
1043
+ class X {
1044
1044
  open(e) {
1045
1045
  window.open(e, "_self");
1046
1046
  }
@@ -1051,11 +1051,11 @@ class se {
1051
1051
  this.authorizationEndpoint = e.authorization_endpoint, this.tokenEndpoint = e.token_endpoint, this.revocationEndpoint = e.revocation_endpoint, this.userInfoEndpoint = e.userinfo_endpoint, this.checkSessionIframe = e.check_session_iframe, this.issuer = e.issuer, this.endSessionEndpoint = e.end_session_endpoint;
1052
1052
  }
1053
1053
  }
1054
- const W = {}, _n = (n, e = new ne()) => (s, t = "default") => (W[t] || (W[t] = new $(s, t, n, e)), W[t]), yn = async (n) => {
1054
+ const W = {}, _n = (n, e = new X()) => (s, t = "default") => (W[t] || (W[t] = new $(s, t, n, e)), W[t]), yn = async (n) => {
1055
1055
  const { parsedTokens: e, callbackPath: s } = await n.loginCallbackAsync();
1056
1056
  return n.timeoutId = M(n, e.refreshToken, e.expiresAt), { callbackPath: s };
1057
1057
  }, gn = (n) => Math.floor(Math.random() * n), L = class L {
1058
- constructor(e, s = "default", t, o = new ne()) {
1058
+ constructor(e, s = "default", t, o = new X()) {
1059
1059
  this.initPromise = null, this.tryKeepExistingSessionPromise = null, this.loginPromise = null, this.loginCallbackPromise = null, this.loginCallbackWithAutoTokensRenewPromise = null, this.userInfoPromise = null, this.renewTokensPromise = null, this.logoutPromise = null;
1060
1060
  let i = e.silent_login_uri;
1061
1061
  e.silent_redirect_uri && !e.silent_login_uri && (i = `${e.silent_redirect_uri.replace("-callback", "").replace("callback", "")}-login`);
@@ -1066,11 +1066,11 @@ const W = {}, _n = (n, e = new ne()) => (s, t = "default") => (W[t] || (W[t] = n
1066
1066
  monitor_session: e.monitor_session ?? !1,
1067
1067
  refresh_time_before_tokens_expiration_in_second: r,
1068
1068
  silent_login_timeout: e.silent_login_timeout ?? 12e3,
1069
- token_renew_mode: e.token_renew_mode ?? Y.access_token_or_id_token_invalid,
1069
+ token_renew_mode: e.token_renew_mode ?? z.access_token_or_id_token_invalid,
1070
1070
  demonstrating_proof_of_possession: e.demonstrating_proof_of_possession ?? !1,
1071
1071
  authority_timeout_wellknowurl_in_millisecond: e.authority_timeout_wellknowurl_in_millisecond ?? 1e4,
1072
1072
  logout_tokens_to_invalidate: e.logout_tokens_to_invalidate ?? ["access_token", "refresh_token"]
1073
- }, this.location = o ?? new ne(), this.getFetch = t ?? hn, this.configurationName = s, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.synchroniseTokensAsync.bind(this), this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
1073
+ }, this.location = o ?? new X(), this.getFetch = t ?? hn, this.configurationName = s, this.tokens = null, this.userInfo = null, this.events = [], this.timeoutId = null, this.synchroniseTokensAsync.bind(this), this.loginCallbackWithAutoTokensRenewAsync.bind(this), this.initAsync.bind(this), this.loginCallbackAsync.bind(this), this.subscribeEvents.bind(this), this.removeEventSubscription.bind(this), this.publishEvent.bind(this), this.destroyAsync.bind(this), this.logoutAsync.bind(this), this.renewTokensAsync.bind(this), this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
1074
1074
  }
1075
1075
  subscribeEvents(e) {
1076
1076
  const s = gn(9999999999999).toString();
@@ -1267,9 +1267,9 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
1267
1267
  m
1268
1268
  );
1269
1269
  if (b.success) {
1270
- const { isValid: B, reason: X } = ke(b.data, d.nonce, C);
1270
+ const { isValid: B, reason: Y } = ke(b.data, d.nonce, C);
1271
1271
  if (!B)
1272
- return i(null), this.publishEvent(k.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${X}` }), { tokens: null, status: "SESSION_LOST" };
1272
+ return i(null), this.publishEvent(k.refreshTokensAsync_error, { message: `refresh token return not valid tokens, reason: ${Y}` }), { tokens: null, status: "SESSION_LOST" };
1273
1273
  if (i(b.data), b.demonstratingProofOfPossessionNonce) {
1274
1274
  const re = await x(c.service_worker_relative_url, this.configurationName);
1275
1275
  re ? await re.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce) : await E(this.configurationName, c.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce);
@@ -1410,12 +1410,12 @@ const V = class V {
1410
1410
  return this._oidc.userInfoAsync(e);
1411
1411
  }
1412
1412
  };
1413
- V.getOrCreate = (e, s) => (t, o = "default") => new V($.getOrCreate(e, s)(t, o)), V.eventNames = $.eventNames;
1413
+ V.getOrCreate = (e, s = new X()) => (t, o = "default") => new V($.getOrCreate(e, s)(t, o)), V.eventNames = $.eventNames;
1414
1414
  let ye = V;
1415
1415
  export {
1416
1416
  ye as OidcClient,
1417
- ne as OidcLocation,
1418
- Y as TokenRenewMode,
1417
+ X as OidcLocation,
1418
+ z as TokenRenewMode,
1419
1419
  hn as getFetchDefault,
1420
1420
  H as getParseQueryStringFromLocation,
1421
1421
  mn as getPath
package/dist/index.umd.cjs CHANGED
@@ -1,2 +1,2 @@
1
- (function(I,q){typeof exports=="object"&&typeof module<"u"?q(exports):typeof define=="function"&&define.amd?define(["exports"],q):(I=typeof globalThis<"u"?globalThis:I||self,q(I["oidc-client"]={}))})(this,function(I){"use strict";const F=console;class Le{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(F.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(F.debug(e),F.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):F.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){F.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(F.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const k={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},O=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],l=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},f=()=>JSON.parse(e[`oidc.jwk.${n}`]),c=async()=>({nonce:e[`oidc.nonce.${n}`]}),_=p=>{e[`oidc.dpop_nonce.${n}`]=p},h=()=>e[`oidc.dpop_nonce.${n}`],u=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:u,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:l,getNonceAsync:c,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:_,getDemonstratingProofOfPossessionNonce:h,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:f}},We=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),De=n=>JSON.parse(We(n.split(".")[1].replace("-","+").replace("_","/"))),le=n=>{try{return n&&$e(n,".")===2?De(n):null}catch(e){console.warn(e)}return null},$e=(n,e)=>n.split(e).length-1,G={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Re(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const ue=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=le(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:le(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,l=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=Re(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===G.access_token_invalid?a=l:s===G.id_token_invalid?a=r:a=r<l?r:l;const f={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const c=e.refreshToken;return{...f,refreshToken:c}}return f},Z=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),ue(t,e,s)},U=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ee=n=>n?U(0,n.expiresAt)>0:!1,Fe=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ee(n.tokens)&&t>0;)await $(e),t=t-1;return{isTokensValid:ee(n.tokens),tokens:n.tokens,numberWaited:t-s}},de=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},K=function(){const n=function(){let a,f;const c=(function(){const h={},u={setTimeout:function(d,g,w){h[g]=setTimeout(function(){d.postMessage(g),h[g]=null},w)},setInterval:function(d,g,w){h[g]=setInterval(function(){d.postMessage(g)},w)},clearTimeout:function(d,g){clearTimeout(h[g]),h[g]=null},clearInterval:function(d,g){clearInterval(h[g]),h[g]=null}};function y(d,g){const w=g.data[0],T=g.data[1],S=g.data[2];u[w]&&u[w](d,T,S)}this.onmessage=function(d){y(self,d)},this.onconnect=function(d){const g=d.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const h=new Blob(["(",c,")()"],{type:"application/javascript"});f=URL.createObjectURL(h)}catch{return null}const _=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(f),a.port}catch{_&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(f),a}catch{_&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const f=a.data,c=s[f];if(c){c(),s[f]=null;return}const _=t[f];_&&_()};function o(a,f){const c=e();return n.postMessage(["setTimeout",c,f]),s[c]=a,c}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,f){const c=e();return n.postMessage(["setInterval",c,f]),t[c]=a,c}function l(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:l}}(),fe="7.7.0-alpha.1071",he=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in i){const a=i[l];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=l[1]+"."+l[2]+"."+(parseInt(l[3])|0);break}}return{os:o,osVersion:r}};function Ve(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}let _e=null;const $=n=>new Promise(e=>K.setTimeout(e,n));let H;const ye=()=>{try{const e=he(navigator).os==="Android"?240:150;H=new AbortController,fetch(`/OidcKeepAliveServiceWorker.json?minSleepSeconds=${e}`,{signal:H.signal}).catch(t=>{console.log(t)}),$(e*1e3).then(ye)}catch(n){console.log(n)}},ge=()=>{H&&H.abort()},Me=()=>fetch("/OidcKeepAliveServiceWorker.json",{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),Ue=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),P=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),C=async(n,e)=>{if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!n)return null;const{name:s,version:t}=Ve();if(s==="chrome"&&parseInt(t)<=70||s==="opera"&&(!t||parseInt(t.split(".")[0])<80)||s==="ie")return null;const o=he(navigator);if(Ue(o))return null;const i=await navigator.serviceWorker.register(n);try{await navigator.serviceWorker.ready}catch{return null}const r=async m=>P(i)({type:"clear",data:{status:m},configurationName:e}),l=async(m,v,A)=>{const b=await P(i)({type:"init",data:{oidcServerConfiguration:m,where:v,oidcConfiguration:{token_renew_mode:A.token_renew_mode,service_worker_convert_all_requests_to_cors:A.service_worker_convert_all_requests_to_cors}},configurationName:e}),Q=b.version;if(Q!==fe)if(console.warn(`Service worker ${Q} version mismatch with js client version ${fe}, unregistering and reloading`),A.service_worker_update_require_callback)await A.service_worker_update_require_callback(i,ge);else{ge(),await i.update();const ce=await i.unregister();console.log(`Service worker unregistering ${ce}`),await $(2e3),window.location.reload()}return{tokens:Z(b.tokens,null,A.token_renew_mode),status:b.status}},a=()=>{_e==null&&(_e="not_null",ye())},f=m=>P(i)({type:"setSessionState",data:{sessionState:m},configurationName:e}),c=async()=>(await P(i)({type:"getSessionState",data:null,configurationName:e})).sessionState,_=m=>(sessionStorage[`oidc.nonce.${e}`]=m.nonce,P(i)({type:"setNonce",data:{nonce:m},configurationName:e})),h=async()=>{let v=(await P(i)({type:"getNonce",data:null,configurationName:e})).nonce;return v||(v=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:v}};let u={};return{clearAsync:r,initAsync:l,startKeepAliveServiceWorker:a,isServiceWorkerProxyActiveAsync:Me,setSessionStateAsync:f,getSessionStateAsync:c,setNonceAsync:_,getNonceAsync:h,setLoginParams:m=>{u[e]=m,localStorage[`oidc.login.${e}`]=JSON.stringify(m)},getLoginParams:()=>{const m=localStorage[`oidc.login.${e}`];return u[e]||(u[e]=JSON.parse(m)),u[e]},getStateAsync:async()=>{let v=(await P(i)({type:"getState",data:null,configurationName:e})).state;return v||(v=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),v},setStateAsync:async m=>(sessionStorage[`oidc.state.${e}`]=m,P(i)({type:"setState",data:{state:m},configurationName:e})),getCodeVerifierAsync:async()=>{let v=(await P(i)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return v||(v=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),v},setCodeVerifierAsync:async m=>(sessionStorage[`oidc.code_verifier.${e}`]=m,P(i)({type:"setCodeVerifier",data:{codeVerifier:m},configurationName:e})),setDemonstratingProofOfPossessionNonce:m=>{P(i)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:m},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await P(i)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:m=>{const v=JSON.stringify(m);P(i)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:v},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const m=await P(i)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return m.demonstratingProofOfPossessionJwkJson?JSON.parse(m.demonstratingProofOfPossessionJwkJson):null}}};async function ke(n,e,s=!1,t=null){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);if(await C(n.configuration.service_worker_relative_url,n.configurationName)||await O(n.configurationName,n.configuration.storage).setTokens(n.tokens),!n.tokens){await n.destroyAsync(r);return}return n.timeoutId&&(n.timeoutId=J(n,i.refreshToken,n.tokens.expiresAt,t)),n.tokens}const J=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return K.setTimeout(async()=>{const r={timeLeft:U(o,s)};n.publishEvent(R.eventNames.token_timer,r),await ke(n,e,!1,t)},1e3)},ne=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(k.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[_,h]of Object.entries(t))r===""?r=`?${encodeURIComponent(_)}=${encodeURIComponent(h)}`:r+=`&${encodeURIComponent(_)}=${encodeURIComponent(h)}`;const l=e.silent_login_uri+r,a=l.indexOf("/",l.indexOf("//")+2),f=l.substr(0,a),c=document.createElement("iframe");return c.width="0px",c.height="0px",c.id=`${n}_oidc_iframe`,c.setAttribute("src",l),document.body.appendChild(c),new Promise((_,h)=>{try{let u=!1;window.onmessage=d=>{if(d.origin===f&&d.source===c.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,T=d.data;if(T&&typeof T=="string"&&!u){if(T.startsWith(g)){const S=JSON.parse(d.data.replace(g,""));s(k.silentLoginAsync_end,{}),c.remove(),u=!0,_(S)}else if(T.startsWith(w)){const S=JSON.parse(d.data.replace(w,""));s(k.silentLoginAsync_error,S),c.remove(),u=!0,h(new Error("oidc_"+S.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{u||(s(k.silentLoginAsync_error,{reason:"timeout"}),c.remove(),u=!0,h(new Error("timeout")))},y)}catch(u){c.remove(),s(k.silentLoginAsync_error,u),h(u)}})}catch(r){throw s(k.silentLoginAsync_error,r),r}},Ke=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const l=(f,c,_)=>ne(e,s,t.bind(o))(f,c,_);return(async()=>{o.timeoutId&&K.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const c=s.extras?{...s.extras,...i}:i,_=await l({...c,prompt:"none"},f,r);if(_)return o.tokens=_.tokens,t(k.token_aquired,{}),o.timeoutId=J(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(c){return c}})()},Je=(n,e,s)=>(t,o,i,r=!1)=>{const l=(a,f=void 0,c=void 0)=>ne(n.configurationName,s,n.publishEvent.bind(n))(a,f,c);return new Promise((a,f)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const c=()=>{n.checkSessionIFrame.stop();const _=n.tokens;if(_===null)return;const h=_.idToken,u=_.idTokenPayload;return l({prompt:"none",id_token_hint:h,scope:s.scope||"openid"}).then(y=>{const d=y.tokens.idTokenPayload;if(u.sub===d.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),u.sid===d.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",d.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[d,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,u.sub)})};n.checkSessionIFrame=new Le(c,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(_=>{f(_)})}else a(null)})};for(var Be=He,L=[],me="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",X=0,je=me.length;X<je;++X)L[X]=me[X];function qe(n){return L[n>>18&63]+L[n>>12&63]+L[n>>6&63]+L[n&63]}function Ge(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(qe(t));return o.join("")}function He(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,l=s-t;r<l;r+=i)o.push(Ge(n,r,r+i>l?l:r+i));return t===1?(e=n[s-1],o.push(L[e>>2]+L[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(L[e>>10]+L[e>>4&63]+L[e<<2&63]+"=")),o.join("")}const pe=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Xe=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%se.length;e.push(se[t])}return e.join("")},Ye=n=>Be(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),te=n=>{const e=new Uint8Array(n),{hasCrypto:s}=pe();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*se.length|0;return Xe(e)};function ze(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function we(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",ze(n)).then(t=>e(Ye(new Uint8Array(t))),t=>s(t))})}const Qe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=pe();return e?we(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},V={},Ze=(n,e=window.sessionStorage,s)=>{if(!V[n]&&e){const o=e.getItem(n);o&&(V[n]=JSON.parse(o))}const t=1e3*s;return V[n]&&V[n].timestamp+t>Date.now()?V[n].result:null},en=(n,e,s=window.sessionStorage)=>{const t=Date.now();V[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},nn=60*60,sn=n=>async(e,s=nn,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,l=Ze(r,t,s);if(l)return new re(l);const a=await B(n)(i,{},o);if(a.status!==200)return null;const f=await a.json();return en(r,f,t),new re(f)},B=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await B(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},Ae=n=>async(e,s,t=oe.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},l=[];for(const c in r){const _=encodeURIComponent(c),h=encodeURIComponent(r[c]);l.push(`${_}=${h}`)}const a=l.join("&");return(await B(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},tn=n=>async(e,s,t,o,i={},r,l=1e4)=>{for(const[u,y]of Object.entries(t))s[u]===void 0&&(s[u]=y);const a=[];for(const u in s){const y=encodeURIComponent(u),d=encodeURIComponent(s[u]);a.push(`${y}=${d}`)}const f=a.join("&"),c=await B(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},l);if(c.status!==200)return{success:!1,status:c.status,demonstratingProofOfPossessionNonce:null};const _=await c.json();let h=null;return c.headers.has(Y)&&(h=c.headers.get(Y)),{success:!0,data:Z(_,o,r),demonstratingProofOfPossessionNonce:h}},on=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Qe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[l,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${l}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},Y="DPoP-Nonce",rn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const _ in s){const h=encodeURIComponent(_),u=encodeURIComponent(s[_]);r.push(`${h}=${u}`)}const l=r.join("&"),a=await B(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:l},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let f=null;a.headers.has(Y)&&(f=a.headers.get(Y));const c=await a.json();return{success:!0,data:{state:s.state,tokens:Z(c,null,o),demonstratingProofOfPossessionNonce:f}}},Se=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},an=n=>{const e=Se(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},j=n=>{const e=Se(n),{search:s}=e;return cn(s)},cn=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function ve(n){return new TextEncoder().encode(n)}function Te(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function ln(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function be(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),Te(e)}function Pe(n){return Te(ln(n))}var Oe={};Oe.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:Pe(JSON.stringify(e)),payload:Pe(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,l=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,l).then(function(a){const f=ve(o.protected+"."+o.payload),c={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(c,a,f).then(function(_){return o.signature=be(new Uint8Array(_)),o.protected+"."+o.payload+"."+o.signature})})};const ie={};ie.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},ie.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var Ee={};Ee.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},ve(e)).then(function(s){return be(new Uint8Array(s))})};const un=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},dn=()=>ie.generate().then(function(n){return n}),Ie=(n,e="POST",s,t={})=>{const o={jit:btoa(un()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return Ee.thumbprint(n).then(function(i){return Oe.sign(n,{},o).then(function(r){return r})})},fn=(n,e,s,t,o,i)=>(r=void 0,l=null,a=!1,f=void 0)=>{const c=l;return l={...l},(async()=>{const h=n.location,u=r||h.pathname+(h.search||"")+(h.hash||"");if("state"in l||(l.state=te(16)),t(k.loginAsync_begin,{}),l)for(const y of Object.keys(l))y.endsWith(":token_request")&&delete l[y];try{const y=a?s.silent_redirect_uri:s.redirect_uri;f||(f=s.scope);const d=s.extras?{...s.extras,...l}:l;d.nonce||(d.nonce=te(12));const g={nonce:d.nonce},w=await C(s.service_worker_relative_url,e),T=await o(s.authority,s.authority_configuration);let S;if(w)w.setLoginParams({callbackPath:u,extras:c}),await w.initAsync(T,"loginAsync",s),await w.setNonceAsync(g),w.startKeepAliveServiceWorker(),S=w;else{const p=O(e,s.storage??sessionStorage);p.setLoginParams({callbackPath:u,extras:c}),await p.setNonceAsync(g),S=p}const x={client_id:s.client_id,redirect_uri:y,scope:f,response_type:"code",...d};await on(S,i)(T.authorizationEndpoint,x)}catch(y){throw t(k.loginAsync_error,y),y}})()},hn=n=>async(e=!1)=>{try{n.publishEvent(k.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,l=await n.initAsync(i,s.authority_configuration),f=j(window.location.href).session_state,c=await C(s.service_worker_relative_url,n.configurationName);let _,h,u,y;if(c)await c.initAsync(l,"loginCallbackAsync",s),await c.setSessionStateAsync(f),h=await c.getNonceAsync(),u=c.getLoginParams(),y=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const A=O(n.configurationName,s.storage??sessionStorage);await A.setSessionStateAsync(f),h=await A.getNonceAsync(),u=A.getLoginParams(),y=await A.getStateAsync(),_=A}const d=j(window.location.toString());if(d.iss&&d.iss!==l.issuer)throw console.error(),new Error(`issuer not valid (expected: ${l.issuer}, received: ${d.iss})`);if(d.state&&d.state!==y)throw new Error(`state not valid (expected: ${y}, received: ${d.state})`);const g={code:d.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},w={};if(s.token_request_extras)for(const[A,b]of Object.entries(s.token_request_extras))w[A]=b;if(u&&u.extras)for(const[A,b]of Object.entries(u.extras))A.endsWith(":token_request")&&(w[A.replace(":token_request","")]=b);const T=l.tokenEndpoint,S={};if(s.demonstrating_proof_of_possession){const A=await dn();c?await c.setDemonstratingProofOfPossessionJwkAsync(A):await O(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(A),S.DPoP=await Ie(A,"POST",T)}const x=await rn(_)(T,{...g,...w},S,n.configuration.token_renew_mode,r);if(!x.success)throw new Error("Token request failed");let p;const E=x.data.tokens,N=x.data.demonstratingProofOfPossessionNonce;if(x.data.state!==w.state)throw new Error("state is not valid");const{isValid:m,reason:v}=de(E,h.nonce,l);if(!m)throw new Error(`Tokens are not OpenID valid, reason: ${v}`);if(c){if(E.refreshToken&&!E.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(N&&E.accessToken&&E.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(o,"syncTokensAsync",s),p=c.getLoginParams(),N&&await c.setDemonstratingProofOfPossessionNonce(N);else{const A=O(n.configurationName,s.storage);p=A.getLoginParams(),N&&await A.setDemonstratingProofOfPossessionNonce(N)}return await n.startCheckSessionAsync(l.checkSessionIframe,t,f,e),n.publishEvent(k.loginCallbackAsync_end,{}),{tokens:E,state:"request.state",callbackPath:p.callbackPath}}catch(s){throw console.error(s),n.publishEvent(k.loginCallbackAsync_error,s),s}},Ce={access_token:"access_token",refresh_token:"refresh_token"},_n=n=>async e=>{K.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await C(n.configuration.service_worker_relative_url,n.configurationName);s?await s.clearAsync(e):await O(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},yn=(n,e,s,t,o,i)=>async(r=void 0,l=null)=>{const a=n.configuration,f=await n.initAsync(a.authority,a.authority_configuration);r&&typeof r!="string"&&(r=void 0,o.warn("callbackPathOrUrl path is not a string"));const c=r??location.pathname+(location.search||"")+(location.hash||"");let _=!1;r&&(_=r.includes("https://")||r.includes("http://"));const h=_?r:t.location.origin+c,u=n.tokens?n.tokens.idToken:"";try{const d=f.revocationEndpoint;if(d){const g=[],w=n.tokens.accessToken;if(w&&a.logout_tokens_to_invalidate.includes(Ce.access_token)){const S=Ae(s)(d,w,oe.access_token,a.client_id);g.push(S)}const T=n.tokens.refreshToken;if(T&&a.logout_tokens_to_invalidate.includes(Ce.refresh_token)){const S=Ae(s)(d,T,oe.refresh_token,a.client_id);g.push(S)}g.length>0&&await Promise.all(g)}}catch(d){o.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),o.warn(d)}const y=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[d,g]of Object.entries(e))g!==n&&await n.logoutSameTabAsync(n.configuration.client_id,y);if(f.endSessionEndpoint){l||(l={id_token_hint:u},r!==null&&(l.post_logout_redirect_uri=h));let d="";if(l)for(const[g,w]of Object.entries(l))d===""?d+="?":d+="&",d+=`${g}=${encodeURIComponent(w)}`;i.open(`${f.endSessionEndpoint}${d}`)}else t.location.reload()},gn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ee(n.tokens);)await $(200);if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const o=(await n.initAsync(n.configuration.authority,n.configuration.authority_configuration)).userInfoEndpoint,r=await(async l=>{const a=await fetch(o,{headers:{authorization:`Bearer ${l}`}});return a.status!==200?null:a.json()})(s);return n.userInfo=r,r};class z{open(e){window.open(e,"_self")}}const xe=()=>fetch;class re{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const W={},kn=(n,e=new z)=>(s,t="default")=>(W[t]||(W[t]=new R(s,t,n,e)),W[t]),mn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=J(n,e.refreshToken,e.expiresAt),{callbackPath:s}},pn=n=>Math.floor(Math.random()*n),D=class D{constructor(e,s="default",t,o=new z){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??G.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"]},this.location=o??new z,this.getFetch=t??xe,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=pn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(W,e)&&s)throw Error(`OIDC library does seem initialized.
2
- Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return W[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=j(window.location.href);window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:e.session_state})}`,window.location.origin)}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=j(window.location.href);window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:e.error})}`,window.location.origin)}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new re({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await C(this.configuration.service_worker_relative_url,this.configurationName)?window.localStorage:null;return await sn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(k.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await C(t.service_worker_relative_url,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=J(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const l=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,l),this.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(k.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=O(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=ue(r,null,t.token_renew_mode);const l=i.getLoginParams();this.timeoutId=J(this,r.refreshToken,this.tokens.expiresAt,l.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(k.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Je(this,W,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ke(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=fn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(e),o=t.tokens;return this.tokens=o,await C(this.configuration.service_worker_relative_url,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(D.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await $(1e3),this.publishEvent(k.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await $(1e3),r--,this.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});let l=Math.floor(Math.random()*15)+10;for(;document.hidden&&l>0;)await $(1e3),l--,this.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is hidden try ${l}`});const f=document.hidden?s:s+1;o||(o={});const c=this.configuration,_=(u,y,d=null)=>ne(this.configurationName,this.configuration,this.publishEvent.bind(this))(u,y,d),h=async()=>{try{let u;const y=await C(c.service_worker_relative_url,this.configurationName);y?u=y.getLoginParams():u=O(this.configurationName,c.storage).getLoginParams();const d=await _({...u.extras,...o,prompt:"none"},u.state);if(d)return i(d.tokens),this.publishEvent(D.eventNames.token_renewed,{}),{tokens:d.tokens,status:"LOGGED"}}catch(u){if(console.error(u),this.publishEvent(k.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:u.message}),u&&u.message&&u.message.startsWith("oidc"))return i(null),this.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,f,t,o,i)};if(s>4)return i(null),this.publishEvent(k.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:u,tokens:y,nonce:d}=await this.syncTokensInfoAsync(c,this.configurationName,this.tokens,t);switch(u){case"SESSION_LOST":return i(null),this.publishEvent(k.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(y),{tokens:y,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(y),this.publishEvent(D.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:y,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(k.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(k.refreshTokensAsync_begin,{refreshToken:e,status:u,tryNumber:s}),await h();default:{if(this.publishEvent(k.refreshTokensAsync_begin,{refreshToken:e,status:u,tryNumber:s}),!e)return await h();const g=c.client_id,w=c.redirect_uri,T=c.authority,x={...c.token_request_extras?c.token_request_extras:{}};for(const[E,N]of Object.entries(o))E.endsWith(":token_request")&&(x[E.replace(":token_request","")]=N);return await(async()=>{const E={client_id:g,redirect_uri:w,grant_type:"refresh_token",refresh_token:y.refreshToken},N=await this.initAsync(T,c.authority_configuration),m=document.hidden?1e4:3e4*10,v=N.tokenEndpoint,A={};c.demonstrating_proof_of_possession&&(A.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(y.accessToken,v,"POST"));const b=await tn(this.getFetch())(v,E,x,y,A,c.token_renew_mode,m);if(b.success){const{isValid:Q,reason:ce}=de(b.data,d.nonce,N);if(!Q)return i(null),this.publishEvent(k.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${ce}`}),{tokens:null,status:"SESSION_LOST"};if(i(b.data),b.demonstratingProofOfPossessionNonce){const Ne=await C(c.service_worker_relative_url,this.configurationName);Ne?await Ne.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await O(this.configurationName,c.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return this.publishEvent(k.refreshTokensAsync_end,{success:b.success}),this.publishEvent(D.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return this.publishEvent(k.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),await this.synchroniseTokensAsync(e,f,t,o,i)})()}}}catch(u){return console.error(u),this.publishEvent(k.refreshTokensAsync_silent_error,{message:"exception",exception:u.message}),this.synchroniseTokensAsync(e,f,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await we(e)},r=await C(o.service_worker_relative_url,this.configurationName);let l=null,a;if(r)l=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const f=O(this.configurationName,o.storage);a=await f.getDemonstratingProofOfPossessionJwkAsync(),l=await f.getDemonstratingProofOfPossessionNonce()}return l&&(i.nonce=l),await Ie(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const l=await this.initAsync(e.authority,e.authority_configuration),a=await C(e.service_worker_relative_url,s);if(a){const{status:_,tokens:h}=await a.initAsync(l,"syncTokensAsync",e);if(_==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(_==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!_||!h)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(h.issuedAt!==t.issuedAt){const y=U(e.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",d=await a.getNonceAsync();return{tokens:h,status:y,nonce:d}}r=await a.getNonceAsync()}else{const _=O(s,e.storage??sessionStorage),{tokens:h,status:u}=await _.initAsync();if(h){if(u==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(h.issuedAt!==t.issuedAt){const d=U(e.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await _.getNonceAsync();return{tokens:h,status:d,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await _.getNonceAsync()}const c=U(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:c,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=mn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=gn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return K.clearTimeout(this.timeoutId),this.renewTokensPromise=ke(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await _n(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(k.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=yn(this,W,this.getFetch(),window,console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};D.getOrCreate=(e,s)=>(t,o="default")=>kn(e,s)(t,o),D.eventNames=k;let R=D;const M=class M{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new M(R.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return Fe(this._oidc,e,s)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};M.getOrCreate=(e,s)=>(t,o="default")=>new M(R.getOrCreate(e,s)(t,o)),M.eventNames=R.eventNames;let ae=M;I.OidcClient=ae,I.OidcLocation=z,I.TokenRenewMode=G,I.getFetchDefault=xe,I.getParseQueryStringFromLocation=j,I.getPath=an,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});
1
+ (function(I,G){typeof exports=="object"&&typeof module<"u"?G(exports):typeof define=="function"&&define.amd?define(["exports"],G):(I=typeof globalThis<"u"?globalThis:I||self,G(I["oidc-client"]={}))})(this,function(I){"use strict";const F=console;class Le{constructor(e,s,t,o=2e3,i=!0){this._callback=e,this._client_id=s,this._url=t,this._interval=o||2e3,this._stopOnError=i;const r=t.indexOf("/",t.indexOf("//")+2);this._frame_origin=t.substr(0,r),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=t}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1)})}_message(e){e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(F.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(F.debug(e),F.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):F.debug("CheckSessionIFrame: "+e.data+" message from check session op iframe"))}start(e){F.debug("CheckSessionIFrame.start :"+e),this.stop();const s=()=>{this._frame.contentWindow.postMessage(this._client_id+" "+e,this._frame_origin)};s(),this._timer=window.setInterval(s,this._interval)}stop(){this._timer&&(F.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)}}const k={service_worker_not_supported_by_browser:"service_worker_not_supported_by_browser",token_aquired:"token_aquired",logout_from_another_tab:"logout_from_another_tab",logout_from_same_tab:"logout_from_same_tab",token_renewed:"token_renewed",token_timer:"token_timer",loginAsync_begin:"loginAsync_begin",loginAsync_error:"loginAsync_error",loginCallbackAsync_begin:"loginCallbackAsync_begin",loginCallbackAsync_end:"loginCallbackAsync_end",loginCallbackAsync_error:"loginCallbackAsync_error",refreshTokensAsync_begin:"refreshTokensAsync_begin",refreshTokensAsync:"refreshTokensAsync",refreshTokensAsync_end:"refreshTokensAsync_end",refreshTokensAsync_error:"refreshTokensAsync_error",refreshTokensAsync_silent_error:"refreshTokensAsync_silent_error",tryKeepExistingSessionAsync_begin:"tryKeepExistingSessionAsync_begin",tryKeepExistingSessionAsync_end:"tryKeepExistingSessionAsync_end",tryKeepExistingSessionAsync_error:"tryKeepExistingSessionAsync_error",silentLoginAsync_begin:"silentLoginAsync_begin",silentLoginAsync:"silentLoginAsync",silentLoginAsync_end:"silentLoginAsync_end",silentLoginAsync_error:"silentLoginAsync_error",syncTokensAsync_begin:"syncTokensAsync_begin",syncTokensAsync_end:"syncTokensAsync_end",syncTokensAsync_error:"syncTokensAsync_error"},O=(n,e=sessionStorage)=>{const s=p=>(e[`oidc.${n}`]=JSON.stringify({tokens:null,status:p}),Promise.resolve()),t=async()=>{if(!e[`oidc.${n}`])return e[`oidc.${n}`]=JSON.stringify({tokens:null,status:null}),{tokens:null,status:null};const p=JSON.parse(e[`oidc.${n}`]);return Promise.resolve({tokens:p.tokens,status:p.status})},o=p=>{e[`oidc.${n}`]=JSON.stringify({tokens:p})},i=async p=>{e[`oidc.session_state.${n}`]=p},r=async()=>e[`oidc.session_state.${n}`],l=p=>{e[`oidc.nonce.${n}`]=p.nonce},a=p=>{e[`oidc.jwk.${n}`]=JSON.stringify(p)},f=()=>JSON.parse(e[`oidc.jwk.${n}`]),c=async()=>({nonce:e[`oidc.nonce.${n}`]}),_=p=>{e[`oidc.dpop_nonce.${n}`]=p},h=()=>e[`oidc.dpop_nonce.${n}`],u=()=>e[`oidc.${n}`]?JSON.stringify({tokens:JSON.parse(e[`oidc.${n}`]).tokens}):null;let y={};return{clearAsync:s,initAsync:t,setTokens:o,getTokens:u,setSessionStateAsync:i,getSessionStateAsync:r,setNonceAsync:l,getNonceAsync:c,setLoginParams:p=>{y[n]=p,e[`oidc.login.${n}`]=JSON.stringify(p)},getLoginParams:()=>{const p=e[`oidc.login.${n}`];return y[n]||(y[n]=JSON.parse(p)),y[n]},getStateAsync:async()=>e[`oidc.state.${n}`],setStateAsync:async p=>{e[`oidc.state.${n}`]=p},getCodeVerifierAsync:async()=>e[`oidc.code_verifier.${n}`],setCodeVerifierAsync:async p=>{e[`oidc.code_verifier.${n}`]=p},setDemonstratingProofOfPossessionNonce:_,getDemonstratingProofOfPossessionNonce:h,setDemonstratingProofOfPossessionJwkAsync:a,getDemonstratingProofOfPossessionJwkAsync:f}},We=n=>decodeURIComponent(Array.prototype.map.call(atob(n),e=>"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)).join("")),De=n=>JSON.parse(We(n.split(".")[1].replace("-","+").replace("_","/"))),le=n=>{try{return n&&$e(n,".")===2?De(n):null}catch(e){console.warn(e)}return null},$e=(n,e)=>n.split(e).length-1,H={access_token_or_id_token_invalid:"access_token_or_id_token_invalid",access_token_invalid:"access_token_invalid",id_token_invalid:"id_token_invalid"};function Re(n,e,s){if(n.issuedAt){if(typeof n.issuedAt=="string")return parseInt(n.issuedAt,10)}else return e&&e.iat?e.iat:s&&s.iat?s.iat:new Date().getTime()/1e3;return n.issuedAt}const ue=(n,e=null,s)=>{if(!n)return null;let t;const o=typeof n.expiresIn=="string"?parseInt(n.expiresIn,10):n.expiresIn;n.accessTokenPayload!==void 0?t=n.accessTokenPayload:t=le(n.accessToken);const i=n.idTokenPayload?n.idTokenPayload:le(n.idToken),r=i&&i.exp?i.exp:Number.MAX_VALUE,l=t&&t.exp?t.exp:n.issuedAt+o;n.issuedAt=Re(n,t,i);let a;n.expiresAt?a=n.expiresAt:s===H.access_token_invalid?a=l:s===H.id_token_invalid?a=r:a=r<l?r:l;const f={...n,idTokenPayload:i,accessTokenPayload:t,expiresAt:a};if(e!=null&&"refreshToken"in e&&!("refreshToken"in n)){const c=e.refreshToken;return{...f,refreshToken:c}}return f},Z=(n,e,s)=>{if(!n)return null;if(!n.issued_at){const o=new Date().getTime()/1e3;n.issued_at=o}const t={accessToken:n.access_token,expiresIn:n.expires_in,idToken:n.id_token,scope:n.scope,tokenType:n.token_type,issuedAt:n.issued_at};return"refresh_token"in n&&(t.refreshToken=n.refresh_token),n.accessTokenPayload!==void 0&&(t.accessTokenPayload=n.accessTokenPayload),n.idTokenPayload!==void 0&&(t.idTokenPayload=n.idTokenPayload),ue(t,e,s)},U=(n,e)=>{const s=new Date().getTime()/1e3,t=e-s;return Math.round(t-n)},ee=n=>n?U(0,n.expiresAt)>0:!1,Fe=async(n,e=200,s=50)=>{let t=s;if(!n.tokens)return null;for(;!ee(n.tokens)&&t>0;)await $(e),t=t-1;return{isTokensValid:ee(n.tokens),tokens:n.tokens,numberWaited:t-s}},de=(n,e,s)=>{if(n.idTokenPayload){const t=n.idTokenPayload;if(s.issuer!==t.iss)return{isValid:!1,reason:`Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`};const o=new Date().getTime()/1e3;if(t.exp&&t.exp<o)return{isValid:!1,reason:`Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`};const i=60*60*24*7;if(t.iat&&t.iat+i<o)return{isValid:!1,reason:`Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat+i} < (currentTimeUnixSecond) ${o}`};if(t.nonce&&t.nonce!==e)return{isValid:!1,reason:`Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${e}`}}return{isValid:!0,reason:""}},K=function(){const n=function(){let a,f;const c=(function(){const h={},u={setTimeout:function(d,g,w){h[g]=setTimeout(function(){d.postMessage(g),h[g]=null},w)},setInterval:function(d,g,w){h[g]=setInterval(function(){d.postMessage(g)},w)},clearTimeout:function(d,g){clearTimeout(h[g]),h[g]=null},clearInterval:function(d,g){clearInterval(h[g]),h[g]=null}};function y(d,g){const w=g.data[0],T=g.data[1],S=g.data[2];u[w]&&u[w](d,T,S)}this.onmessage=function(d){y(self,d)},this.onconnect=function(d){const g=d.ports[0];g.onmessage=function(w){y(g,w)}}}).toString();try{const h=new Blob(["(",c,")()"],{type:"application/javascript"});f=URL.createObjectURL(h)}catch{return null}const _=typeof process>"u";try{if(SharedWorker)return a=new SharedWorker(f),a.port}catch{_&&console.warn("SharedWorker not available")}try{if(Worker)return a=new Worker(f),a}catch{_&&console.warn("Worker not available")}return null}();if(!n){const a=typeof window>"u"?global:window;return{setTimeout:setTimeout.bind(a),clearTimeout:clearTimeout.bind(a),setInterval:setInterval.bind(a),clearInterval:clearInterval.bind(a)}}const e=function(){let a=0;return function(){return a++,a}}(),s={},t={};n.onmessage=function(a){const f=a.data,c=s[f];if(c){c(),s[f]=null;return}const _=t[f];_&&_()};function o(a,f){const c=e();return n.postMessage(["setTimeout",c,f]),s[c]=a,c}function i(a){n.postMessage(["clearTimeout",a]),s[a]=null}function r(a,f){const c=e();return n.postMessage(["setInterval",c,f]),t[c]=a,c}function l(a){n.postMessage(["clearInterval",a]),t[a]=null}return{setTimeout:o,clearTimeout:i,setInterval:r,clearInterval:l}}(),fe="7.7.0-beta.1072",he=n=>{const e=n.appVersion,s=n.userAgent,t="-";let o=t;const i=[{s:"Windows 10",r:/(Windows 10.0|Windows NT 10.0)/},{s:"Windows 8.1",r:/(Windows 8.1|Windows NT 6.3)/},{s:"Windows 8",r:/(Windows 8|Windows NT 6.2)/},{s:"Windows 7",r:/(Windows 7|Windows NT 6.1)/},{s:"Windows Vista",r:/Windows NT 6.0/},{s:"Windows Server 2003",r:/Windows NT 5.2/},{s:"Windows XP",r:/(Windows NT 5.1|Windows XP)/},{s:"Windows 2000",r:/(Windows NT 5.0|Windows 2000)/},{s:"Windows ME",r:/(Win 9x 4.90|Windows ME)/},{s:"Windows 98",r:/(Windows 98|Win98)/},{s:"Windows 95",r:/(Windows 95|Win95|Windows_95)/},{s:"Windows NT 4.0",r:/(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/},{s:"Windows CE",r:/Windows CE/},{s:"Windows 3.11",r:/Win16/},{s:"Android",r:/Android/},{s:"Open BSD",r:/OpenBSD/},{s:"Sun OS",r:/SunOS/},{s:"Chrome OS",r:/CrOS/},{s:"Linux",r:/(Linux|X11(?!.*CrOS))/},{s:"iOS",r:/(iPhone|iPad|iPod)/},{s:"Mac OS X",r:/Mac OS X/},{s:"Mac OS",r:/(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/},{s:"QNX",r:/QNX/},{s:"UNIX",r:/UNIX/},{s:"BeOS",r:/BeOS/},{s:"OS/2",r:/OS\/2/},{s:"Search Bot",r:/(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/}];for(const l in i){const a=i[l];if(a.r.test(s)){o=a.s;break}}let r=t;switch(/Windows/.test(o)&&(r=/Windows (.*)/.exec(o)[1],o="Windows"),o){case"Mac OS":case"Mac OS X":case"Android":r=/(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];break;case"iOS":{const l=/OS (\d+)_(\d+)_?(\d+)?/.exec(e);r=l[1]+"."+l[2]+"."+(parseInt(l[3])|0);break}}return{os:o,osVersion:r}};function Ve(){const n=navigator.userAgent;let e,s=n.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i)||[];if(/trident/i.test(s[1]))return e=/\brv[ :]+(\d+)/g.exec(n)||[],{name:"ie",version:e[1]||""};if(s[1]==="Chrome"&&(e=n.match(/\bOPR|Edge\/(\d+)/),e!=null)){let t=e[1];if(!t){const o=n.split(e[0]+"/");o.length>1&&(t=o[1])}return{name:"opera",version:t}}return s=s[2]?[s[1],s[2]]:[navigator.appName,navigator.appVersion,"-?"],(e=n.match(/version\/(\d+)/i))!=null&&s.splice(1,1,e[1]),{name:s[0].toLowerCase(),version:s[1]}}let _e=null;const $=n=>new Promise(e=>K.setTimeout(e,n));let X;const ye=()=>{try{const e=he(navigator).os==="Android"?240:150;X=new AbortController,fetch(`/OidcKeepAliveServiceWorker.json?minSleepSeconds=${e}`,{signal:X.signal}).catch(t=>{console.log(t)}),$(e*1e3).then(ye)}catch(n){console.log(n)}},ge=()=>{X&&X.abort()},Me=()=>fetch("/OidcKeepAliveServiceWorker.json",{headers:{"oidc-vanilla":"true"}}).then(n=>n.statusText==="oidc-service-worker").catch(n=>{console.log(n)}),Ue=n=>!!(n.os==="iOS"&&n.osVersion.startsWith("12")||n.os==="Mac OS X"&&n.osVersion.startsWith("10_15_6")),P=n=>e=>new Promise(function(s,t){const o=new MessageChannel;o.port1.onmessage=function(i){i.data&&i.data.error?t(i.data.error):s(i.data)},n.active.postMessage(e,[o.port2])}),C=async(n,e)=>{if(typeof window>"u"||typeof navigator>"u"||!navigator.serviceWorker||!n)return null;const{name:s,version:t}=Ve();if(s==="chrome"&&parseInt(t)<=70||s==="opera"&&(!t||parseInt(t.split(".")[0])<80)||s==="ie")return null;const o=he(navigator);if(Ue(o))return null;const i=await navigator.serviceWorker.register(n);try{await navigator.serviceWorker.ready}catch{return null}const r=async m=>P(i)({type:"clear",data:{status:m},configurationName:e}),l=async(m,v,A)=>{const b=await P(i)({type:"init",data:{oidcServerConfiguration:m,where:v,oidcConfiguration:{token_renew_mode:A.token_renew_mode,service_worker_convert_all_requests_to_cors:A.service_worker_convert_all_requests_to_cors}},configurationName:e}),Q=b.version;if(Q!==fe)if(console.warn(`Service worker ${Q} version mismatch with js client version ${fe}, unregistering and reloading`),A.service_worker_update_require_callback)await A.service_worker_update_require_callback(i,ge);else{ge(),await i.update();const ce=await i.unregister();console.log(`Service worker unregistering ${ce}`),await $(2e3),window.location.reload()}return{tokens:Z(b.tokens,null,A.token_renew_mode),status:b.status}},a=()=>{_e==null&&(_e="not_null",ye())},f=m=>P(i)({type:"setSessionState",data:{sessionState:m},configurationName:e}),c=async()=>(await P(i)({type:"getSessionState",data:null,configurationName:e})).sessionState,_=m=>(sessionStorage[`oidc.nonce.${e}`]=m.nonce,P(i)({type:"setNonce",data:{nonce:m},configurationName:e})),h=async()=>{let v=(await P(i)({type:"getNonce",data:null,configurationName:e})).nonce;return v||(v=sessionStorage[`oidc.nonce.${e}`],console.warn("nonce not found in service worker, using sessionStorage")),{nonce:v}};let u={};return{clearAsync:r,initAsync:l,startKeepAliveServiceWorker:a,isServiceWorkerProxyActiveAsync:Me,setSessionStateAsync:f,getSessionStateAsync:c,setNonceAsync:_,getNonceAsync:h,setLoginParams:m=>{u[e]=m,localStorage[`oidc.login.${e}`]=JSON.stringify(m)},getLoginParams:()=>{const m=localStorage[`oidc.login.${e}`];return u[e]||(u[e]=JSON.parse(m)),u[e]},getStateAsync:async()=>{let v=(await P(i)({type:"getState",data:null,configurationName:e})).state;return v||(v=sessionStorage[`oidc.state.${e}`],console.warn("state not found in service worker, using sessionStorage")),v},setStateAsync:async m=>(sessionStorage[`oidc.state.${e}`]=m,P(i)({type:"setState",data:{state:m},configurationName:e})),getCodeVerifierAsync:async()=>{let v=(await P(i)({type:"getCodeVerifier",data:null,configurationName:e})).codeVerifier;return v||(v=sessionStorage[`oidc.code_verifier.${e}`],console.warn("codeVerifier not found in service worker, using sessionStorage")),v},setCodeVerifierAsync:async m=>(sessionStorage[`oidc.code_verifier.${e}`]=m,P(i)({type:"setCodeVerifier",data:{codeVerifier:m},configurationName:e})),setDemonstratingProofOfPossessionNonce:m=>{P(i)({type:"setDemonstratingProofOfPossessionNonce",data:{demonstratingProofOfPossessionNonce:m},configurationName:e})},getDemonstratingProofOfPossessionNonce:async()=>(await P(i)({type:"getDemonstratingProofOfPossessionNonce",data:null,configurationName:e})).demonstratingProofOfPossessionNonce,setDemonstratingProofOfPossessionJwkAsync:m=>{const v=JSON.stringify(m);P(i)({type:"setDemonstratingProofOfPossessionJwk",data:{demonstratingProofOfPossessionJwkJson:v},configurationName:e})},getDemonstratingProofOfPossessionJwkAsync:async()=>{const m=await P(i)({type:"getDemonstratingProofOfPossessionJwk",data:null,configurationName:e});return m.demonstratingProofOfPossessionJwkJson?JSON.parse(m.demonstratingProofOfPossessionJwkJson):null}}};async function ke(n,e,s=!1,t=null){const o=a=>{n.tokens=a},{tokens:i,status:r}=await n.synchroniseTokensAsync(e,0,s,t,o);if(await C(n.configuration.service_worker_relative_url,n.configurationName)||await O(n.configurationName,n.configuration.storage).setTokens(n.tokens),!n.tokens){await n.destroyAsync(r);return}return n.timeoutId&&(n.timeoutId=J(n,i.refreshToken,n.tokens.expiresAt,t)),n.tokens}const J=(n,e,s,t=null)=>{const o=n.configuration.refresh_time_before_tokens_expiration_in_second;return K.setTimeout(async()=>{const r={timeLeft:U(o,s)};n.publishEvent(R.eventNames.token_timer,r),await ke(n,e,!1,t)},1e3)},ne=(n,e,s)=>(t=null,o=null,i=null)=>{if(!e.silent_redirect_uri||!e.silent_login_uri)return Promise.resolve(null);try{s(k.silentLoginAsync_begin,{});let r="";if(o&&(t==null&&(t={}),t.state=o),i&&(t==null&&(t={}),t.scope=i),t!=null)for(const[_,h]of Object.entries(t))r===""?r=`?${encodeURIComponent(_)}=${encodeURIComponent(h)}`:r+=`&${encodeURIComponent(_)}=${encodeURIComponent(h)}`;const l=e.silent_login_uri+r,a=l.indexOf("/",l.indexOf("//")+2),f=l.substr(0,a),c=document.createElement("iframe");return c.width="0px",c.height="0px",c.id=`${n}_oidc_iframe`,c.setAttribute("src",l),document.body.appendChild(c),new Promise((_,h)=>{try{let u=!1;window.onmessage=d=>{if(d.origin===f&&d.source===c.contentWindow){const g=`${n}_oidc_tokens:`,w=`${n}_oidc_error:`,T=d.data;if(T&&typeof T=="string"&&!u){if(T.startsWith(g)){const S=JSON.parse(d.data.replace(g,""));s(k.silentLoginAsync_end,{}),c.remove(),u=!0,_(S)}else if(T.startsWith(w)){const S=JSON.parse(d.data.replace(w,""));s(k.silentLoginAsync_error,S),c.remove(),u=!0,h(new Error("oidc_"+S.error))}}}};const y=e.silent_login_timeout;setTimeout(()=>{u||(s(k.silentLoginAsync_error,{reason:"timeout"}),c.remove(),u=!0,h(new Error("timeout")))},y)}catch(u){c.remove(),s(k.silentLoginAsync_error,u),h(u)}})}catch(r){throw s(k.silentLoginAsync_error,r),r}},Ke=(n,e,s,t,o)=>(i=null,r=void 0)=>{i={...i};const l=(f,c,_)=>ne(e,s,t.bind(o))(f,c,_);return(async()=>{o.timeoutId&&K.clearTimeout(o.timeoutId);let f;i&&"state"in i&&(f=i.state,delete i.state);try{const c=s.extras?{...s.extras,...i}:i,_=await l({...c,prompt:"none"},f,r);if(_)return o.tokens=_.tokens,t(k.token_aquired,{}),o.timeoutId=J(o,o.tokens.refreshToken,o.tokens.expiresAt,i),{}}catch(c){return c}})()},Je=(n,e,s)=>(t,o,i,r=!1)=>{const l=(a,f=void 0,c=void 0)=>ne(n.configurationName,s,n.publishEvent.bind(n))(a,f,c);return new Promise((a,f)=>{if(s.silent_login_uri&&s.silent_redirect_uri&&s.monitor_session&&t&&i&&!r){const c=()=>{n.checkSessionIFrame.stop();const _=n.tokens;if(_===null)return;const h=_.idToken,u=_.idTokenPayload;return l({prompt:"none",id_token_hint:h,scope:s.scope||"openid"}).then(y=>{const d=y.tokens.idTokenPayload;if(u.sub===d.sub){const g=y.sessionState;n.checkSessionIFrame.start(y.sessionState),u.sid===d.sid?console.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",g):console.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",g)}else console.debug("SessionMonitor._callback: Different subject signed into OP:",d.sub)}).catch(async y=>{console.warn("SessionMonitor._callback: Silent login failed, logging out other tabs:",y);for(const[d,g]of Object.entries(e))await g.logoutOtherTabAsync(s.client_id,u.sub)})};n.checkSessionIFrame=new Le(c,o,t),n.checkSessionIFrame.load().then(()=>{n.checkSessionIFrame.start(i),a(n.checkSessionIFrame)}).catch(_=>{f(_)})}else a(null)})};for(var Be=He,L=[],me="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Y=0,je=me.length;Y<je;++Y)L[Y]=me[Y];function qe(n){return L[n>>18&63]+L[n>>12&63]+L[n>>6&63]+L[n&63]}function Ge(n,e,s){for(var t,o=[],i=e;i<s;i+=3)t=(n[i]<<16&16711680)+(n[i+1]<<8&65280)+(n[i+2]&255),o.push(qe(t));return o.join("")}function He(n){for(var e,s=n.length,t=s%3,o=[],i=16383,r=0,l=s-t;r<l;r+=i)o.push(Ge(n,r,r+i>l?l:r+i));return t===1?(e=n[s-1],o.push(L[e>>2]+L[e<<4&63]+"==")):t===2&&(e=(n[s-2]<<8)+n[s-1],o.push(L[e>>10]+L[e>>4&63]+L[e<<2&63]+"=")),o.join("")}const pe=()=>{const n=typeof window<"u"&&!!window.crypto,e=n&&!!window.crypto.subtle;return{hasCrypto:n,hasSubtleCrypto:e}},se="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",Xe=n=>{const e=[];for(let s=0;s<n.byteLength;s+=1){const t=n[s]%se.length;e.push(se[t])}return e.join("")},Ye=n=>Be(new Uint8Array(n)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,""),te=n=>{const e=new Uint8Array(n),{hasCrypto:s}=pe();if(s)window.crypto.getRandomValues(e);else for(let t=0;t<n;t+=1)e[t]=Math.random()*se.length|0;return Xe(e)};function ze(n){const e=new ArrayBuffer(n.length),s=new Uint8Array(e);for(let t=0;t<n.length;t++)s[t]=n.charCodeAt(t);return s}function we(n){return new Promise((e,s)=>{crypto.subtle.digest("SHA-256",ze(n)).then(t=>e(Ye(new Uint8Array(t))),t=>s(t))})}const Qe=n=>{if(n.length<43||n.length>128)return Promise.reject(new Error("Invalid code length."));const{hasSubtleCrypto:e}=pe();return e?we(n):Promise.reject(new Error("window.crypto.subtle is unavailable."))},V={},Ze=(n,e=window.sessionStorage,s)=>{if(!V[n]&&e){const o=e.getItem(n);o&&(V[n]=JSON.parse(o))}const t=1e3*s;return V[n]&&V[n].timestamp+t>Date.now()?V[n].result:null},en=(n,e,s=window.sessionStorage)=>{const t=Date.now();V[n]={result:e,timestamp:t},s&&s.setItem(n,JSON.stringify({result:e,timestamp:t}))},nn=60*60,sn=n=>async(e,s=nn,t=window.sessionStorage,o=1e4)=>{const i=`${e}/.well-known/openid-configuration`,r=`oidc.server:${e}`,l=Ze(r,t,s);if(l)return new re(l);const a=await B(n)(i,{},o);if(a.status!==200)return null;const f=await a.json();return en(r,f,t),new re(f)},B=n=>async(e,s={},t=1e4,o=0)=>{let i;try{const r=new AbortController;setTimeout(()=>r.abort(),t),i=await n(e,{...s,signal:r.signal})}catch(r){if(r.name==="AbortError"||r.message==="Network request failed"){if(o<=1)return await B(n)(e,s,t,o+1);throw r}else throw console.error(r.message),r}return i},oe={refresh_token:"refresh_token",access_token:"access_token"},Ae=n=>async(e,s,t=oe.refresh_token,o,i=1e4)=>{const r={token:s,token_type_hint:t,client_id:o},l=[];for(const c in r){const _=encodeURIComponent(c),h=encodeURIComponent(r[c]);l.push(`${_}=${h}`)}const a=l.join("&");return(await B(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8"},body:a},i)).status!==200?{success:!1}:{success:!0}},tn=n=>async(e,s,t,o,i={},r,l=1e4)=>{for(const[u,y]of Object.entries(t))s[u]===void 0&&(s[u]=y);const a=[];for(const u in s){const y=encodeURIComponent(u),d=encodeURIComponent(s[u]);a.push(`${y}=${d}`)}const f=a.join("&"),c=await B(n)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...i},body:f},l);if(c.status!==200)return{success:!1,status:c.status,demonstratingProofOfPossessionNonce:null};const _=await c.json();let h=null;return c.headers.has(z)&&(h=c.headers.get(z)),{success:!0,data:Z(_,o,r),demonstratingProofOfPossessionNonce:h}},on=(n,e)=>async(s,t)=>{t=t?{...t}:{};const o=te(128),i=await Qe(o);await n.setCodeVerifierAsync(o),await n.setStateAsync(t.state),t.code_challenge=i,t.code_challenge_method="S256";let r="";if(t)for(const[l,a]of Object.entries(t))r===""?r+="?":r+="&",r+=`${l}=${encodeURIComponent(a)}`;e.open(`${s}${r}`)},z="DPoP-Nonce",rn=n=>async(e,s,t,o,i=1e4)=>{s=s?{...s}:{},s.code_verifier=await n.getCodeVerifierAsync();const r=[];for(const _ in s){const h=encodeURIComponent(_),u=encodeURIComponent(s[_]);r.push(`${h}=${u}`)}const l=r.join("&"),a=await B(fetch)(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",...t},body:l},i);if(await Promise.all([n.setCodeVerifierAsync(null),n.setStateAsync(null)]),a.status!==200)return{success:!1,status:a.status};let f=null;a.headers.has(z)&&(f=a.headers.get(z));const c=await a.json();return{success:!0,data:{state:s.state,tokens:Z(c,null,o),demonstratingProofOfPossessionNonce:f}}},Se=n=>{const e=n.match(/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/);if(!e)throw new Error("Invalid URL");let s=e[6],t=e[7];if(t){const o=t.split("?");o.length===2&&(t=o[0],s=o[1])}return s.startsWith("?")&&(s=s.slice(1)),e&&{href:n,protocol:e[1],host:e[2],hostname:e[3],port:e[4],path:e[5],search:s,hash:t}},an=n=>{const e=Se(n);let{path:s}=e;s.endsWith("/")&&(s=s.slice(0,-1));let{hash:t}=e;return t==="#_=_"&&(t=""),t&&(s+=t),s},j=n=>{const e=Se(n),{search:s}=e;return cn(s)},cn=n=>{const e={};let s,t,o;const i=n.split("&");for(t=0,o=i.length;t<o;t++)s=i[t].split("="),e[decodeURIComponent(s[0])]=decodeURIComponent(s[1]);return e};function ve(n){return new TextEncoder().encode(n)}function Te(n){return btoa(n).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+/g,"")}function ln(n){return encodeURIComponent(n).replace(/%([0-9A-F]{2})/g,function(t,o){return String.fromCharCode(parseInt(o,16))})}function be(n){let e="";return n.forEach(function(s){e+=String.fromCharCode(s)}),Te(e)}function Pe(n){return Te(ln(n))}var Oe={};Oe.sign=(n,e,s,t="dpop+jwt")=>{n=Object.assign({},n),e.typ=t,e.alg="ES256",e.kid||(e.jwk={kty:n.kty,crv:n.crv,x:n.x,y:n.y});const o={protected:Pe(JSON.stringify(e)),payload:Pe(JSON.stringify(s))},i={name:"ECDSA",namedCurve:"P-256",hash:{name:"ES256"}},r=!0,l=["sign"];return window.crypto.subtle.importKey("jwk",n,i,r,l).then(function(a){const f=ve(o.protected+"."+o.payload),c={name:"ECDSA",hash:{name:"SHA-256"}};return window.crypto.subtle.sign(c,a,f).then(function(_){return o.signature=be(new Uint8Array(_)),o.protected+"."+o.payload+"."+o.signature})})};const ie={};ie.generate=function(){const n={name:"ECDSA",namedCurve:"P-256"},e=!0,s=["sign","verify"];return window.crypto.subtle.generateKey(n,e,s).then(function(t){return window.crypto.subtle.exportKey("jwk",t.privateKey)})},ie.neuter=function(n){const e=Object.assign({},n);return delete e.d,e.key_ops=["verify"],e};var Ee={};Ee.thumbprint=function(n){const e='{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV",n.crv).replace("X",n.x).replace("Y",n.y);return window.crypto.subtle.digest({name:"SHA-256"},ve(e)).then(function(s){return be(new Uint8Array(s))})};const un=function(){const n="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",e="0123456789abcdef";let s=0,t="";for(let o=0;o<36;o++)n[o]!=="-"&&n[o]!=="4"&&(s=Math.random()*16|0),n[o]==="x"?t+=e[s]:n[o]==="y"?(s&=3,s|=8,t+=e[s]):t+=n[o];return t},dn=()=>ie.generate().then(function(n){return n}),Ie=(n,e="POST",s,t={})=>{const o={jit:btoa(un()),htm:e,htu:s,iat:Math.round(Date.now()/1e3),...t};return Ee.thumbprint(n).then(function(i){return Oe.sign(n,{},o).then(function(r){return r})})},fn=(n,e,s,t,o,i)=>(r=void 0,l=null,a=!1,f=void 0)=>{const c=l;return l={...l},(async()=>{const h=n.location,u=r||h.pathname+(h.search||"")+(h.hash||"");if("state"in l||(l.state=te(16)),t(k.loginAsync_begin,{}),l)for(const y of Object.keys(l))y.endsWith(":token_request")&&delete l[y];try{const y=a?s.silent_redirect_uri:s.redirect_uri;f||(f=s.scope);const d=s.extras?{...s.extras,...l}:l;d.nonce||(d.nonce=te(12));const g={nonce:d.nonce},w=await C(s.service_worker_relative_url,e),T=await o(s.authority,s.authority_configuration);let S;if(w)w.setLoginParams({callbackPath:u,extras:c}),await w.initAsync(T,"loginAsync",s),await w.setNonceAsync(g),w.startKeepAliveServiceWorker(),S=w;else{const p=O(e,s.storage??sessionStorage);p.setLoginParams({callbackPath:u,extras:c}),await p.setNonceAsync(g),S=p}const x={client_id:s.client_id,redirect_uri:y,scope:f,response_type:"code",...d};await on(S,i)(T.authorizationEndpoint,x)}catch(y){throw t(k.loginAsync_error,y),y}})()},hn=n=>async(e=!1)=>{try{n.publishEvent(k.loginCallbackAsync_begin,{});const s=n.configuration,t=s.client_id,o=e?s.silent_redirect_uri:s.redirect_uri,i=s.authority,r=s.token_request_timeout,l=await n.initAsync(i,s.authority_configuration),f=j(window.location.href).session_state,c=await C(s.service_worker_relative_url,n.configurationName);let _,h,u,y;if(c)await c.initAsync(l,"loginCallbackAsync",s),await c.setSessionStateAsync(f),h=await c.getNonceAsync(),u=c.getLoginParams(),y=await c.getStateAsync(),c.startKeepAliveServiceWorker(),_=c;else{const A=O(n.configurationName,s.storage??sessionStorage);await A.setSessionStateAsync(f),h=await A.getNonceAsync(),u=A.getLoginParams(),y=await A.getStateAsync(),_=A}const d=j(window.location.toString());if(d.iss&&d.iss!==l.issuer)throw console.error(),new Error(`issuer not valid (expected: ${l.issuer}, received: ${d.iss})`);if(d.state&&d.state!==y)throw new Error(`state not valid (expected: ${y}, received: ${d.state})`);const g={code:d.code,grant_type:"authorization_code",client_id:s.client_id,redirect_uri:o},w={};if(s.token_request_extras)for(const[A,b]of Object.entries(s.token_request_extras))w[A]=b;if(u&&u.extras)for(const[A,b]of Object.entries(u.extras))A.endsWith(":token_request")&&(w[A.replace(":token_request","")]=b);const T=l.tokenEndpoint,S={};if(s.demonstrating_proof_of_possession){const A=await dn();c?await c.setDemonstratingProofOfPossessionJwkAsync(A):await O(n.configurationName,s.storage).setDemonstratingProofOfPossessionJwkAsync(A),S.DPoP=await Ie(A,"POST",T)}const x=await rn(_)(T,{...g,...w},S,n.configuration.token_renew_mode,r);if(!x.success)throw new Error("Token request failed");let p;const E=x.data.tokens,N=x.data.demonstratingProofOfPossessionNonce;if(x.data.state!==w.state)throw new Error("state is not valid");const{isValid:m,reason:v}=de(E,h.nonce,l);if(!m)throw new Error(`Tokens are not OpenID valid, reason: ${v}`);if(c){if(E.refreshToken&&!E.refreshToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Refresh token should be hidden by service worker");if(N&&E.accessToken&&E.accessToken.includes("SECURED_BY_OIDC_SERVICE_WORKER"))throw new Error("Demonstration of proof of possession require Access token not hidden by service worker")}if(c)await c.initAsync(o,"syncTokensAsync",s),p=c.getLoginParams(),N&&await c.setDemonstratingProofOfPossessionNonce(N);else{const A=O(n.configurationName,s.storage);p=A.getLoginParams(),N&&await A.setDemonstratingProofOfPossessionNonce(N)}return await n.startCheckSessionAsync(l.checkSessionIframe,t,f,e),n.publishEvent(k.loginCallbackAsync_end,{}),{tokens:E,state:"request.state",callbackPath:p.callbackPath}}catch(s){throw console.error(s),n.publishEvent(k.loginCallbackAsync_error,s),s}},Ce={access_token:"access_token",refresh_token:"refresh_token"},_n=n=>async e=>{K.clearTimeout(n.timeoutId),n.timeoutId=null,n.checkSessionIFrame&&n.checkSessionIFrame.stop();const s=await C(n.configuration.service_worker_relative_url,n.configurationName);s?await s.clearAsync(e):await O(n.configurationName,n.configuration.storage).clearAsync(e),n.tokens=null,n.userInfo=null},yn=(n,e,s,t,o,i)=>async(r=void 0,l=null)=>{const a=n.configuration,f=await n.initAsync(a.authority,a.authority_configuration);r&&typeof r!="string"&&(r=void 0,o.warn("callbackPathOrUrl path is not a string"));const c=r??location.pathname+(location.search||"")+(location.hash||"");let _=!1;r&&(_=r.includes("https://")||r.includes("http://"));const h=_?r:t.location.origin+c,u=n.tokens?n.tokens.idToken:"";try{const d=f.revocationEndpoint;if(d){const g=[],w=n.tokens.accessToken;if(w&&a.logout_tokens_to_invalidate.includes(Ce.access_token)){const S=Ae(s)(d,w,oe.access_token,a.client_id);g.push(S)}const T=n.tokens.refreshToken;if(T&&a.logout_tokens_to_invalidate.includes(Ce.refresh_token)){const S=Ae(s)(d,T,oe.refresh_token,a.client_id);g.push(S)}g.length>0&&await Promise.all(g)}}catch(d){o.warn("logoutAsync: error when revoking tokens, if the error persist, you ay configure property logout_tokens_to_invalidate from configuration to avoid this error"),o.warn(d)}const y=n.tokens&&n.tokens.idTokenPayload?n.tokens.idTokenPayload.sub:null;await n.destroyAsync("LOGGED_OUT");for(const[d,g]of Object.entries(e))g!==n&&await n.logoutSameTabAsync(n.configuration.client_id,y);if(f.endSessionEndpoint){l||(l={id_token_hint:u},r!==null&&(l.post_logout_redirect_uri=h));let d="";if(l)for(const[g,w]of Object.entries(l))d===""?d+="?":d+="&",d+=`${g}=${encodeURIComponent(w)}`;i.open(`${f.endSessionEndpoint}${d}`)}else t.location.reload()},gn=n=>async(e=!1)=>{if(n.userInfo!=null&&!e)return n.userInfo;for(;n.tokens&&!ee(n.tokens);)await $(200);if(!n.tokens)return null;const s=n.tokens.accessToken;if(!s)return null;const o=(await n.initAsync(n.configuration.authority,n.configuration.authority_configuration)).userInfoEndpoint,r=await(async l=>{const a=await fetch(o,{headers:{authorization:`Bearer ${l}`}});return a.status!==200?null:a.json()})(s);return n.userInfo=r,r};class q{open(e){window.open(e,"_self")}}const xe=()=>fetch;class re{constructor(e){this.authorizationEndpoint=e.authorization_endpoint,this.tokenEndpoint=e.token_endpoint,this.revocationEndpoint=e.revocation_endpoint,this.userInfoEndpoint=e.userinfo_endpoint,this.checkSessionIframe=e.check_session_iframe,this.issuer=e.issuer,this.endSessionEndpoint=e.end_session_endpoint}}const W={},kn=(n,e=new q)=>(s,t="default")=>(W[t]||(W[t]=new R(s,t,n,e)),W[t]),mn=async n=>{const{parsedTokens:e,callbackPath:s}=await n.loginCallbackAsync();return n.timeoutId=J(n,e.refreshToken,e.expiresAt),{callbackPath:s}},pn=n=>Math.floor(Math.random()*n),D=class D{constructor(e,s="default",t,o=new q){this.initPromise=null,this.tryKeepExistingSessionPromise=null,this.loginPromise=null,this.loginCallbackPromise=null,this.loginCallbackWithAutoTokensRenewPromise=null,this.userInfoPromise=null,this.renewTokensPromise=null,this.logoutPromise=null;let i=e.silent_login_uri;e.silent_redirect_uri&&!e.silent_login_uri&&(i=`${e.silent_redirect_uri.replace("-callback","").replace("callback","")}-login`);let r=e.refresh_time_before_tokens_expiration_in_second??120;r>60&&(r=r-Math.floor(Math.random()*40)),this.configuration={...e,silent_login_uri:i,monitor_session:e.monitor_session??!1,refresh_time_before_tokens_expiration_in_second:r,silent_login_timeout:e.silent_login_timeout??12e3,token_renew_mode:e.token_renew_mode??H.access_token_or_id_token_invalid,demonstrating_proof_of_possession:e.demonstrating_proof_of_possession??!1,authority_timeout_wellknowurl_in_millisecond:e.authority_timeout_wellknowurl_in_millisecond??1e4,logout_tokens_to_invalidate:e.logout_tokens_to_invalidate??["access_token","refresh_token"]},this.location=o??new q,this.getFetch=t??xe,this.configurationName=s,this.tokens=null,this.userInfo=null,this.events=[],this.timeoutId=null,this.synchroniseTokensAsync.bind(this),this.loginCallbackWithAutoTokensRenewAsync.bind(this),this.initAsync.bind(this),this.loginCallbackAsync.bind(this),this.subscribeEvents.bind(this),this.removeEventSubscription.bind(this),this.publishEvent.bind(this),this.destroyAsync.bind(this),this.logoutAsync.bind(this),this.renewTokensAsync.bind(this),this.initAsync(this.configuration.authority,this.configuration.authority_configuration)}subscribeEvents(e){const s=pn(9999999999999).toString();return this.events.push({id:s,func:e}),s}removeEventSubscription(e){const s=this.events.filter(t=>t.id!==e);this.events=s}publishEvent(e,s){this.events.forEach(t=>{t.func(e,s)})}static get(e="default"){const s=typeof process>"u";if(!Object.prototype.hasOwnProperty.call(W,e)&&s)throw Error(`OIDC library does seem initialized.
2
+ Please checkout that you are using OIDC hook inside a <OidcProvider configurationName="${e}"></OidcProvider> compoment.`);return W[e]}_silentLoginCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=j(window.location.href);window.parent.postMessage(`${this.configurationName}_oidc_tokens:${JSON.stringify({tokens:this.tokens,sessionState:e.session_state})}`,window.location.origin)}}_silentLoginErrorCallbackFromIFrame(){if(this.configuration.silent_redirect_uri&&this.configuration.silent_login_uri){const e=j(window.location.href);window.parent.postMessage(`${this.configurationName}_oidc_error:${JSON.stringify({error:e.error})}`,window.location.origin)}}async silentLoginCallbackAsync(){try{await this.loginCallbackAsync(!0),this._silentLoginCallbackFromIFrame()}catch(e){console.error(e),this._silentLoginErrorCallbackFromIFrame()}}async initAsync(e,s){if(this.initPromise!==null)return this.initPromise;const t=async()=>{if(s!=null)return new re({authorization_endpoint:s.authorization_endpoint,end_session_endpoint:s.end_session_endpoint,revocation_endpoint:s.revocation_endpoint,token_endpoint:s.token_endpoint,userinfo_endpoint:s.userinfo_endpoint,check_session_iframe:s.check_session_iframe,issuer:s.issuer});const i=await C(this.configuration.service_worker_relative_url,this.configurationName)?window.localStorage:null;return await sn(this.getFetch())(e,this.configuration.authority_time_cache_wellknowurl_in_second??60*60,i,this.configuration.authority_timeout_wellknowurl_in_millisecond)};return this.initPromise=t(),this.initPromise.then(o=>(this.initPromise=null,o))}async tryKeepExistingSessionAsync(){if(this.tryKeepExistingSessionPromise!==null)return this.tryKeepExistingSessionPromise;const e=async()=>{let s;if(this.tokens!=null)return!1;this.publishEvent(k.tryKeepExistingSessionAsync_begin,{});try{const t=this.configuration,o=await this.initAsync(t.authority,t.authority_configuration);if(s=await C(t.service_worker_relative_url,this.configurationName),s){const{tokens:i}=await s.initAsync(o,"tryKeepExistingSessionAsync",t);if(i){s.startKeepAliveServiceWorker(),this.tokens=i;const r=s.getLoginParams(this.configurationName);this.timeoutId=J(this,this.tokens.refreshToken,this.tokens.expiresAt,r.extras);const l=await s.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,l),this.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside ServiceWorker are valid"}),!0}this.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:"no exiting session found"})}else{t.service_worker_relative_url&&this.publishEvent(k.service_worker_not_supported_by_browser,{message:"service worker is not supported by this browser"});const i=O(this.configurationName,t.storage??sessionStorage),{tokens:r}=await i.initAsync();if(r){this.tokens=ue(r,null,t.token_renew_mode);const l=i.getLoginParams();this.timeoutId=J(this,r.refreshToken,this.tokens.expiresAt,l.extras);const a=await i.getSessionStateAsync();return await this.startCheckSessionAsync(o.check_session_iframe,t.client_id,a),this.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!0,message:"tokens inside storage are valid"}),!0}}return this.publishEvent(k.tryKeepExistingSessionAsync_end,{success:!1,message:s?"service worker sessions not retrieved":"session storage sessions not retrieved"}),!1}catch(t){return console.error(t),s&&await s.clearAsync(),this.publishEvent(k.tryKeepExistingSessionAsync_error,"tokens inside ServiceWorker are invalid"),!1}};return this.tryKeepExistingSessionPromise=e(),this.tryKeepExistingSessionPromise.then(s=>(this.tryKeepExistingSessionPromise=null,s))}async startCheckSessionAsync(e,s,t,o=!1){await Je(this,W,this.configuration)(e,s,t,o)}async loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this.loginPromise!==null?this.loginPromise:i?Ke(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this)(s,o):(this.loginPromise=fn(window,this.configurationName,this.configuration,this.publishEvent.bind(this),this.initAsync.bind(this),this.location)(e,s,t,o),this.loginPromise.then(r=>(this.loginPromise=null,r)))}async loginCallbackAsync(e=!1){if(this.loginCallbackPromise!==null)return this.loginCallbackPromise;const s=async()=>{const t=await hn(this)(e),o=t.tokens;return this.tokens=o,await C(this.configuration.service_worker_relative_url,this.configurationName)||O(this.configurationName,this.configuration.storage).setTokens(o),this.publishEvent(D.eventNames.token_aquired,o),{parsedTokens:o,state:t.state,callbackPath:t.callbackPath}};return this.loginCallbackPromise=s(),this.loginCallbackPromise.then(t=>(this.loginCallbackPromise=null,t))}async synchroniseTokensAsync(e,s=0,t=!1,o=null,i){for(;!navigator.onLine&&document.hidden;)await $(1e3),this.publishEvent(k.refreshTokensAsync,{message:"wait because navigator is offline and hidden"});let r=6;for(;!navigator.onLine&&r>0;)await $(1e3),r--,this.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is offline try ${r}`});let l=Math.floor(Math.random()*15)+10;for(;document.hidden&&l>0;)await $(1e3),l--,this.publishEvent(k.refreshTokensAsync,{message:`wait because navigator is hidden try ${l}`});const f=document.hidden?s:s+1;o||(o={});const c=this.configuration,_=(u,y,d=null)=>ne(this.configurationName,this.configuration,this.publishEvent.bind(this))(u,y,d),h=async()=>{try{let u;const y=await C(c.service_worker_relative_url,this.configurationName);y?u=y.getLoginParams():u=O(this.configurationName,c.storage).getLoginParams();const d=await _({...u.extras,...o,prompt:"none"},u.state);if(d)return i(d.tokens),this.publishEvent(D.eventNames.token_renewed,{}),{tokens:d.tokens,status:"LOGGED"}}catch(u){if(console.error(u),this.publishEvent(k.refreshTokensAsync_silent_error,{message:"exceptionSilent",exception:u.message}),u&&u.message&&u.message.startsWith("oidc"))return i(null),this.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent"}),{tokens:null,status:"SESSION_LOST"}}return this.publishEvent(k.refreshTokensAsync_error,{message:"refresh token silent return"}),await this.synchroniseTokensAsync(null,f,t,o,i)};if(s>4)return i(null),this.publishEvent(k.refreshTokensAsync_error,{message:"refresh token"}),{tokens:null,status:"SESSION_LOST"};try{const{status:u,tokens:y,nonce:d}=await this.syncTokensInfoAsync(c,this.configurationName,this.tokens,t);switch(u){case"SESSION_LOST":return i(null),this.publishEvent(k.refreshTokensAsync_error,{message:"refresh token session lost"}),{tokens:null,status:"SESSION_LOST"};case"NOT_CONNECTED":return i(null),{tokens:null,status:null};case"TOKENS_VALID":return i(y),{tokens:y,status:"LOGGED_IN"};case"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":return i(y),this.publishEvent(D.eventNames.token_renewed,{reason:"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"}),{tokens:y,status:"LOGGED_IN"};case"LOGOUT_FROM_ANOTHER_TAB":return i(null),this.publishEvent(k.logout_from_another_tab,{status:"session syncTokensAsync"}),{tokens:null,status:"LOGGED_OUT"};case"REQUIRE_SYNC_TOKENS":return this.publishEvent(k.refreshTokensAsync_begin,{refreshToken:e,status:u,tryNumber:s}),await h();default:{if(this.publishEvent(k.refreshTokensAsync_begin,{refreshToken:e,status:u,tryNumber:s}),!e)return await h();const g=c.client_id,w=c.redirect_uri,T=c.authority,x={...c.token_request_extras?c.token_request_extras:{}};for(const[E,N]of Object.entries(o))E.endsWith(":token_request")&&(x[E.replace(":token_request","")]=N);return await(async()=>{const E={client_id:g,redirect_uri:w,grant_type:"refresh_token",refresh_token:y.refreshToken},N=await this.initAsync(T,c.authority_configuration),m=document.hidden?1e4:3e4*10,v=N.tokenEndpoint,A={};c.demonstrating_proof_of_possession&&(A.DPoP=await this.generateDemonstrationOfProofOfPossessionAsync(y.accessToken,v,"POST"));const b=await tn(this.getFetch())(v,E,x,y,A,c.token_renew_mode,m);if(b.success){const{isValid:Q,reason:ce}=de(b.data,d.nonce,N);if(!Q)return i(null),this.publishEvent(k.refreshTokensAsync_error,{message:`refresh token return not valid tokens, reason: ${ce}`}),{tokens:null,status:"SESSION_LOST"};if(i(b.data),b.demonstratingProofOfPossessionNonce){const Ne=await C(c.service_worker_relative_url,this.configurationName);Ne?await Ne.setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce):await O(this.configurationName,c.storage).setDemonstratingProofOfPossessionNonce(b.demonstratingProofOfPossessionNonce)}return this.publishEvent(k.refreshTokensAsync_end,{success:b.success}),this.publishEvent(D.eventNames.token_renewed,{reason:"REFRESH_TOKEN"}),{tokens:b.data,status:"LOGGED_IN"}}else return this.publishEvent(k.refreshTokensAsync_silent_error,{message:"bad request",tokenResponse:b}),await this.synchroniseTokensAsync(e,f,t,o,i)})()}}}catch(u){return console.error(u),this.publishEvent(k.refreshTokensAsync_silent_error,{message:"exception",exception:u.message}),this.synchroniseTokensAsync(e,f,t,o,i)}}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){const o=this.configuration,i={ath:await we(e)},r=await C(o.service_worker_relative_url,this.configurationName);let l=null,a;if(r)l=await r.getDemonstratingProofOfPossessionNonce(),a=await r.getDemonstratingProofOfPossessionJwkAsync();else{const f=O(this.configurationName,o.storage);a=await f.getDemonstratingProofOfPossessionJwkAsync(),l=await f.getDemonstratingProofOfPossessionNonce()}return l&&(i.nonce=l),await Ie(a,t,s,i)}async syncTokensInfoAsync(e,s,t,o=!1){const i={nonce:null};if(!t)return{tokens:null,status:"NOT_CONNECTED",nonce:i};let r=i;const l=await this.initAsync(e.authority,e.authority_configuration),a=await C(e.service_worker_relative_url,s);if(a){const{status:_,tokens:h}=await a.initAsync(l,"syncTokensAsync",e);if(_==="LOGGED_OUT")return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};if(_==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(!_||!h)return{tokens:null,status:"REQUIRE_SYNC_TOKENS",nonce:i};if(h.issuedAt!==t.issuedAt){const y=U(e.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",d=await a.getNonceAsync();return{tokens:h,status:y,nonce:d}}r=await a.getNonceAsync()}else{const _=O(s,e.storage??sessionStorage),{tokens:h,status:u}=await _.initAsync();if(h){if(u==="SESSIONS_LOST")return{tokens:null,status:"SESSIONS_LOST",nonce:i};if(h.issuedAt!==t.issuedAt){const d=U(e.refresh_time_before_tokens_expiration_in_second,h.expiresAt)>0?"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":"TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID",g=await _.getNonceAsync();return{tokens:h,status:d,nonce:g}}}else return{tokens:null,status:"LOGOUT_FROM_ANOTHER_TAB",nonce:i};r=await _.getNonceAsync()}const c=U(e.refresh_time_before_tokens_expiration_in_second,t.expiresAt)>0?"TOKENS_VALID":"TOKENS_INVALID";return o?{tokens:t,status:"FORCE_REFRESH",nonce:r}:{tokens:t,status:c,nonce:r}}loginCallbackWithAutoTokensRenewAsync(){return this.loginCallbackWithAutoTokensRenewPromise!==null?this.loginCallbackWithAutoTokensRenewPromise:(this.loginCallbackWithAutoTokensRenewPromise=mn(this),this.loginCallbackWithAutoTokensRenewPromise.then(e=>(this.loginCallbackWithAutoTokensRenewPromise=null,e)))}userInfoAsync(e=!1){return this.userInfoPromise!==null?this.userInfoPromise:(this.userInfoPromise=gn(this)(e),this.userInfoPromise.then(s=>(this.userInfoPromise=null,s)))}async renewTokensAsync(e=null){if(this.renewTokensPromise!==null)return this.renewTokensPromise;if(this.timeoutId)return K.clearTimeout(this.timeoutId),this.renewTokensPromise=ke(this,this.tokens.refreshToken,!0,e),this.renewTokensPromise.then(s=>(this.renewTokensPromise=null,s))}async destroyAsync(e){return await _n(this)(e)}async logoutSameTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(this.publishEvent(k.logout_from_same_tab,{message:s}),await this.destroyAsync("LOGGED_OUT"))}async logoutOtherTabAsync(e,s){this.configuration.monitor_session&&this.configuration.client_id===e&&s&&this.tokens&&this.tokens.idTokenPayload&&this.tokens.idTokenPayload.sub===s&&(await this.destroyAsync("LOGGED_OUT"),this.publishEvent(k.logout_from_another_tab,{message:"SessionMonitor",sub:s}))}async logoutAsync(e=void 0,s=null){return this.logoutPromise?this.logoutPromise:(this.logoutPromise=yn(this,W,this.getFetch(),window,console,this.location)(e,s),this.logoutPromise.then(t=>(this.logoutPromise=null,t)))}};D.getOrCreate=(e,s)=>(t,o="default")=>kn(e,s)(t,o),D.eventNames=k;let R=D;const M=class M{constructor(e){this._oidc=e}subscribeEvents(e){return this._oidc.subscribeEvents(e)}removeEventSubscription(e){this._oidc.removeEventSubscription(e)}publishEvent(e,s){this._oidc.publishEvent(e,s)}static get(e="default"){return new M(R.get(e))}tryKeepExistingSessionAsync(){return this._oidc.tryKeepExistingSessionAsync()}loginAsync(e=void 0,s=null,t=!1,o=void 0,i=!1){return this._oidc.loginAsync(e,s,t,o,i)}logoutAsync(e=void 0,s=null){return this._oidc.logoutAsync(e,s)}silentLoginCallbackAsync(){return this._oidc.silentLoginCallbackAsync()}renewTokensAsync(e=null){return this._oidc.renewTokensAsync(e)}loginCallbackAsync(){return this._oidc.loginCallbackWithAutoTokensRenewAsync()}get tokens(){return this._oidc.tokens}get configuration(){return this._oidc.configuration}async generateDemonstrationOfProofOfPossessionAsync(e,s,t){return this._oidc.generateDemonstrationOfProofOfPossessionAsync(e,s,t)}async getValidTokenAsync(e=200,s=50){return Fe(this._oidc,e,s)}async userInfoAsync(e=!1){return this._oidc.userInfoAsync(e)}};M.getOrCreate=(e,s=new q)=>(t,o="default")=>new M(R.getOrCreate(e,s)(t,o)),M.eventNames=R.eventNames;let ae=M;I.OidcClient=ae,I.OidcLocation=q,I.TokenRenewMode=H,I.getFetchDefault=xe,I.getParseQueryStringFromLocation=j,I.getPath=an,Object.defineProperty(I,Symbol.toStringTag,{value:"Module"})});
package/dist/oidcClient.d.ts CHANGED
@@ -11,7 +11,7 @@ export declare class OidcClient {
11
11
  subscribeEvents(func: EventSubscriber): string;
12
12
  removeEventSubscription(id: string): void;
13
13
  publishEvent(eventName: string, data: any): void;
14
- static getOrCreate: (getFetch: () => Fetch, location: ILOidcLocation) => (configuration: OidcConfiguration, name?: string) => OidcClient;
14
+ static getOrCreate: (getFetch: () => Fetch, location?: ILOidcLocation) => (configuration: OidcConfiguration, name?: string) => OidcClient;
15
15
  static get(name?: string): OidcClient;
16
16
  static eventNames: {
17
17
  service_worker_not_supported_by_browser: string;
package/dist/version.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- declare const _default: "7.7.0-alpha.1071";
1
+ declare const _default: "7.7.0-beta.1072";
2
2
  export default _default;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axa-fr/oidc-client",
3
- "version": "7.7.0-alpha.1071",
3
+ "version": "7.7.0-beta.1072",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "main": "./dist/index.umd.cjs",
@@ -20,7 +20,7 @@
20
20
  "url": "https://github.com/AxaFrance/oidc-client.git"
21
21
  },
22
22
  "dependencies": {
23
- "@axa-fr/oidc-client-service-worker": "7.7.0-alpha.1071"
23
+ "@axa-fr/oidc-client-service-worker": "7.7.0-beta.1072"
24
24
  },
25
25
  "devDependencies": {
26
26
  "@testing-library/dom": "^9.3.1",
package/src/logout.spec.ts CHANGED
@@ -3,7 +3,7 @@
3
3
  import { describe, expect, it, vi } from 'vitest';
4
4
 
5
5
  import { logoutAsync } from "./logout";
6
- import {OidcLocation} from "./location";
6
+ import {ILOidcLocation, OidcLocation} from "./location";
7
7
 
8
8
  describe('Logout test suite', () => {
9
9
 
@@ -53,14 +53,22 @@ describe('Logout test suite', () => {
53
53
  origin: "http://localhost:4200",
54
54
  },
55
55
  };
56
+
57
+ let finalUrl = "";
58
+ class OidcLocationMock implements ILOidcLocation{
59
+ open(url: string): void {
60
+ finalUrl = url;
61
+ }
62
+
63
+ }
56
64
 
57
- await logoutAsync(oidc, oidcDatabase, mockFetchFn, window, console, new OidcLocation())("/logged_out");
65
+ await logoutAsync(oidc, oidcDatabase, mockFetchFn, window, console, new OidcLocationMock())("/logged_out");
58
66
 
59
67
  // @ts-ignore
60
68
 
61
69
  const results = mockFetchFn.mock.calls.map((call, index) => call[1].body);
62
70
 
63
71
  expect(results).toEqual(expectedResults);
64
- expect(window.location.href).toBe("http://api/connect/endsession?id_token_hint=abcd&post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Flogged_out");
72
+ expect(finalUrl).toBe("http://api/connect/endsession?id_token_hint=abcd&post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Flogged_out");
65
73
  });
66
74
  });
package/src/oidcClient.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import { LoginCallback, Oidc } from './oidc.js';
2
2
  import { getValidTokenAsync, Tokens, ValidToken } from './parseTokens.js';
3
3
  import { Fetch, OidcConfiguration, StringMap } from './types.js';
4
- import {ILOidcLocation} from "./location";
4
+ import {ILOidcLocation, OidcLocation} from "./location";
5
5
 
6
6
  export interface EventSubscriber {
7
7
  (name: string, data:any);
@@ -25,7 +25,7 @@ export class OidcClient {
25
25
  this._oidc.publishEvent(eventName, data);
26
26
  }
27
27
 
28
- static getOrCreate = (getFetch : () => Fetch, location:ILOidcLocation) => (configuration:OidcConfiguration, name = 'default'): OidcClient => {
28
+ static getOrCreate = (getFetch : () => Fetch, location:ILOidcLocation= new OidcLocation()) => (configuration:OidcConfiguration, name = 'default'): OidcClient => {
29
29
  return new OidcClient(Oidc.getOrCreate(getFetch, location)(configuration, name));
30
30
  };
31
31
 
package/src/version.ts CHANGED
@@ -1 +1 @@
1
- export default '7.7.0-alpha.1071';
1
+ export default '7.7.0-beta.1072';