@axa-fr/react-oidc 6.12.0 → 6.13.0

package/src/oidc/vanilla/renewTokens.ts

@@ -0,0 +1,36 @@
+import { initSession } from './initSession';
+import { initWorkerAsync } from './initWorker';
+import Oidc from './oidc';
+import { computeTimeLeft } from './parseTokens';
+import timer from './timer';
+import { StringMap } from './types';
+
+export async function renewTokensAndStartTimerAsync(oidc, refreshToken, forceRefresh = false, extras:StringMap = null) {
+    const updateTokens = (tokens) => { oidc.tokens = tokens; };
+    const { tokens, status } = await oidc.synchroniseTokensAsync(refreshToken, 0, forceRefresh, extras, updateTokens);
+
+    const serviceWorker = await initWorkerAsync(oidc.configuration.service_worker_relative_url, oidc.configurationName);
+    if (!serviceWorker) {
+        const session = initSession(oidc.configurationName, oidc.configuration.storage);
+        await session.setTokens(oidc.tokens);
+    }
+
+    if (!oidc.tokens) {
+        await oidc.destroyAsync(status);
+        return;
+    }
+
+    if (oidc.timeoutId) {
+        oidc.timeoutId = autoRenewTokens(oidc, tokens.refreshToken, oidc.tokens.expiresAt, extras);
+    }
+}
+
+export const autoRenewTokens = (oidc, refreshToken, expiresAt, extras:StringMap = null) => {
+    const refreshTimeBeforeTokensExpirationInSecond = oidc.configuration.refresh_time_before_tokens_expiration_in_second;
+    return timer.setTimeout(async () => {
+        const timeLeft = computeTimeLeft(refreshTimeBeforeTokensExpirationInSecond, expiresAt);
+        const timeInfo = { timeLeft };
+        oidc.publishEvent(Oidc.eventNames.token_timer, timeInfo);
+        await renewTokensAndStartTimerAsync(oidc, refreshToken, false, extras);
+    }, 1000);
+};

package/src/oidc/vanilla/requests.ts

@@ -1,5 +1,29 @@
+import { getFromCache, setCache } from './cache';
+import { OidcAuthorizationServiceConfiguration } from './oidc';
 import { parseOriginalTokens } from './parseTokens';
 
+const oneHourSecond = 60 * 60;
+export const fetchFromIssuer = async (openIdIssuerUrl: string, timeCacheSecond = oneHourSecond, storage = window.sessionStorage):
+    Promise<OidcAuthorizationServiceConfiguration> => {
+    const fullUrl = `${openIdIssuerUrl}/.well-known/openid-configuration`;
+
+    const localStorageKey = `oidc.server:${openIdIssuerUrl}`;
+    const data = getFromCache(localStorageKey, storage, timeCacheSecond);
+    if (data) {
+        return new OidcAuthorizationServiceConfiguration(data);
+    }
+    const response = await fetch(fullUrl);
+
+    if (response.status !== 200) {
+        return null;
+    }
+
+    const result = await response.json();
+
+    setCache(localStorageKey, result, storage);
+    return new OidcAuthorizationServiceConfiguration(result);
+};
+
 const internalFetch = async (url, headers, numberRetry = 0, timeoutMs = 10000) => {
     let response;
     try {

package/src/oidc/vanilla/route-utils.ts

@@ -72,7 +72,7 @@ const parseQueryString = (queryString:string) => {
     // Convert the array of strings into an object
     for (i = 0, l = queries.length; i < l; i++) {
         temp = queries[i].split('=');
-        params[temp[0]] = temp[1];
+        params[decodeURIComponent(temp[0])] = temp[1];
     }
 
     return params;

package/src/oidc/vanilla/silentLogin.ts

@@ -0,0 +1,143 @@
+import { eventNames } from './events';
+import { Tokens } from './parseTokens';
+import { autoRenewTokens } from './renewTokens';
+import timer from './timer';
+import { OidcConfiguration, StringMap } from './types';
+type SilentLoginResponse = {
+    tokens:Tokens;
+};
+
+// eslint-disable-next-line @typescript-eslint/ban-types
+export const _silentLoginAsync = (configurationName:string, configuration:OidcConfiguration, publishEvent:Function) => (extras:StringMap = null, state:string = null, scope:string = null):Promise<SilentLoginResponse> => {
+    if (!configuration.silent_redirect_uri || !configuration.silent_login_uri) {
+        return Promise.resolve(null);
+    }
+
+    try {
+        publishEvent(eventNames.silentLoginAsync_begin, {});
+        let queries = '';
+
+        if (state) {
+            if (extras == null) {
+                extras = {};
+            }
+            extras.state = state;
+        }
+
+        if (scope) {
+            if (extras == null) {
+                extras = {};
+            }
+            extras.scope = scope;
+        }
+
+        if (extras != null) {
+            for (const [key, value] of Object.entries(extras)) {
+                if (queries === '') {
+                    queries = `?${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
+                } else {
+                    queries += `&${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
+                }
+            }
+        }
+        const link = configuration.silent_login_uri + queries;
+        const idx = link.indexOf('/', link.indexOf('//') + 2);
+        const iFrameOrigin = link.substr(0, idx);
+        const iframe = document.createElement('iframe');
+        iframe.width = '0px';
+        iframe.height = '0px';
+
+        iframe.id = `${configurationName}_oidc_iframe`;
+        iframe.setAttribute('src', link);
+        document.body.appendChild(iframe);
+        return new Promise((resolve, reject) => {
+            try {
+                let isResolved = false;
+                window.onmessage = (e: MessageEvent<any>) => {
+                    if (e.origin === iFrameOrigin &&
+                        e.source === iframe.contentWindow
+                    ) {
+                        const key = `${configurationName}_oidc_tokens:`;
+                        const key_error = `${configurationName}_oidc_error:`;
+                        const data = e.data;
+                        if (data && typeof (data) === 'string') {
+                            if (!isResolved) {
+                                if (data.startsWith(key)) {
+                                    const result = JSON.parse(e.data.replace(key, ''));
+                                    publishEvent(eventNames.silentLoginAsync_end, {});
+                                    iframe.remove();
+                                    isResolved = true;
+                                    resolve(result);
+                                } else if (data.startsWith(key_error)) {
+                                    const result = JSON.parse(e.data.replace(key_error, ''));
+                                    publishEvent(eventNames.silentLoginAsync_error, result);
+                                    iframe.remove();
+                                    isResolved = true;
+                                    reject(new Error('oidc_' + result.error));
+                                }
+                            }
+                        }
+                    }
+                };
+                const silentSigninTimeout = configuration.silent_login_timeout;
+                setTimeout(() => {
+                    if (!isResolved) {
+                        publishEvent(eventNames.silentLoginAsync_error, { reason: 'timeout' });
+                        iframe.remove();
+                        isResolved = true;
+                        reject(new Error('timeout'));
+                    }
+                }, silentSigninTimeout);
+            } catch (e) {
+                iframe.remove();
+                publishEvent(eventNames.silentLoginAsync_error, e);
+                reject(e);
+            }
+        });
+    } catch (e) {
+        publishEvent(eventNames.silentLoginAsync_error, e);
+        throw e;
+    }
+};
+
+// eslint-disable-next-line @typescript-eslint/ban-types
+export const defaultSilentLoginAsync = (window, configurationName, configuration:OidcConfiguration, publishEvent :(string, any)=>void, oidc:any) => (extras:StringMap = null, scope:string = undefined) => {
+    extras = { ...extras };
+
+    const silentLoginAsync = (extras, state, scope) => {
+        return _silentLoginAsync(configurationName, configuration, publishEvent.bind(oidc))(extras, state, scope);
+    };
+
+    const loginLocalAsync = async () => {
+        if (oidc.timeoutId) {
+            timer.clearTimeout(oidc.timeoutId);
+        }
+
+        let state;
+        if (extras && 'state' in extras) {
+            state = extras.state;
+            delete extras.state;
+        }
+
+        try {
+            const extraFinal = extras ?? configuration.extras ?? {};
+            const silentResult = await silentLoginAsync({
+                ...extraFinal,
+                prompt: 'none',
+            }, state, scope);
+
+            if (silentResult) {
+                oidc.tokens = silentResult.tokens;
+                publishEvent(eventNames.token_aquired, {});
+                // @ts-ignore
+                oidc.timeoutId = autoRenewTokens(oidc, oidc.tokens.refreshToken, oidc.tokens.expiresAt, extras);
+                return {};
+            }
+        } catch (e) {
+            return e;
+        }
+    };
+    return loginLocalAsync();
+};
+
+export default defaultSilentLoginAsync;

package/src/oidc/vanilla/types.ts

@@ -0,0 +1,35 @@
+
+export type OidcConfiguration = {
+    client_id: string;
+    redirect_uri: string;
+    silent_redirect_uri?:string;
+    silent_login_uri?:string;
+    silent_login_timeout?:number;
+    scope: string;
+    authority: string;
+    authority_time_cache_wellknowurl_in_second?: number;
+    authority_configuration?: AuthorityConfiguration;
+    refresh_time_before_tokens_expiration_in_second?: number;
+    token_request_timeout?: number;
+    service_worker_relative_url?:string;
+    service_worker_only?:boolean;
+    extras?:StringMap;
+    token_request_extras?:StringMap;
+    storage?: Storage;
+    monitor_session?: boolean;
+    token_renew_mode?: string;
+};
+
+export interface StringMap {
+    [key: string]: string;
+}
+
+export interface AuthorityConfiguration {
+    authorization_endpoint: string;
+    token_endpoint: string;
+    revocation_endpoint: string;
+    end_session_endpoint?: string;
+    userinfo_endpoint?: string;
+    check_session_iframe?:string;
+    issuer:string;
+}

package/src/oidc/vanilla/user.ts

@@ -0,0 +1,39 @@
+import { sleepAsync } from './initWorker';
+import { isTokensValid } from './parseTokens';
+
+export const userInfoAsync = async (oidc) => {
+    if (oidc.userInfo != null) {
+        return oidc.userInfo;
+    }
+    if (!oidc.tokens) {
+        return null;
+    }
+    const accessToken = oidc.tokens.accessToken;
+    if (!accessToken) {
+        return null;
+    }
+
+    // We wait the synchronisation before making a request
+    while (oidc.tokens && !isTokensValid(oidc.tokens)) {
+        await sleepAsync(200);
+    }
+
+    const oidcServerConfiguration = await oidc.initAsync(oidc.configuration.authority, oidc.configuration.authority_configuration);
+    const url = oidcServerConfiguration.userInfoEndpoint;
+    const fetchUserInfo = async (accessToken) => {
+        const res = await fetch(url, {
+            headers: {
+                authorization: `Bearer ${accessToken}`,
+            },
+        });
+
+        if (res.status !== 200) {
+            return null;
+        }
+
+        return res.json();
+    };
+    const userInfo = await fetchUserInfo(accessToken);
+    oidc.userInfo = userInfo;
+    return userInfo;
+};

package/src/oidc/vanilla/vanillaOidc.ts

@@ -1,5 +1,6 @@
-import { LoginCallback, Oidc, OidcConfiguration, StringMap } from './oidc';
+import { LoginCallback, Oidc } from './oidc';
 import { getValidTokenAsync, Tokens, ValidToken } from './parseTokens';
+import { OidcConfiguration, StringMap } from './types';
 
 export interface EventSubscriber {
     (name: string, data:any);