@axa-fr/react-oidc 6.13.4 → 6.14.1

package/src/oidc/vanilla/initSession.ts

@@ -1,13 +1,5 @@
-export const initSession = (configurationName, storage = sessionStorage) => {
-    const saveItemsAsync = (items) => {
-        storage[`oidc.items.${configurationName}`] = JSON.stringify(items);
-        return Promise.resolve();
-    };
-
-    const loadItemsAsync = () => {
-        return Promise.resolve(JSON.parse(storage[`oidc.items.${configurationName}`]));
-    };
 
+export const initSession = (configurationName, storage = sessionStorage) => {
     const clearAsync = (status) => {
         storage[`oidc.${configurationName}`] = JSON.stringify({ tokens: null, status });
         return Promise.resolve();
@@ -26,11 +18,11 @@ export const initSession = (configurationName, storage = sessionStorage) => {
         storage[`oidc.${configurationName}`] = JSON.stringify({ tokens });
     };
 
-    const setSessionState = (sessionState) => {
+    const setSessionStateAsync = async (sessionState) => {
         storage[`oidc.session_state.${configurationName}`] = sessionState;
     };
 
-    const getSessionState = () => {
+    const getSessionStateAsync = async () => {
         return storage[`oidc.session_state.${configurationName}`];
     };
 
@@ -63,18 +55,36 @@ export const initSession = (configurationName, storage = sessionStorage) => {
         return getLoginParamsCache;
     };
 
+    const getStateAsync = async () => {
+        return storage[`oidc.state.${configurationName}`];
+    };
+
+    const setStateAsync = async (state) => {
+        storage[`oidc.state.${configurationName}`] = state;
+    };
+
+    const getCodeVerifierAsync = async () => {
+        return storage[`oidc.code_verifier.${configurationName}`];
+    };
+
+    const setCodeVerifierAsync = async (codeVerifier) => {
+        storage[`oidc.code_verifier.${configurationName}`] = codeVerifier;
+    };
+
     return {
-        saveItemsAsync,
-        loadItemsAsync,
         clearAsync,
         initAsync,
         setTokens,
         getTokens,
-        setSessionState,
-        getSessionState,
+        setSessionStateAsync,
+        getSessionStateAsync,
         setNonceAsync,
         getNonceAsync,
         setLoginParams,
         getLoginParams,
+        getStateAsync,
+        setStateAsync,
+        getCodeVerifierAsync,
+        setCodeVerifierAsync,
     };
 };

package/src/oidc/vanilla/initWorker.ts

@@ -189,22 +189,6 @@ export const initWorkerAsync = async(serviceWorkerRelativeUrl, configurationName
         });
     });
 
-    const saveItemsAsync = (items) => {
-        // iOS kill Service Worker when domain we leave domain
-        if (operatingSystem.os === 'iOS') {
-            const session = initSession(configurationName);
-            return session.saveItemsAsync(items);
-        }
-        return sendMessageAsync(registration)({ type: 'saveItems', data: items, configurationName });
-    };
-    const loadItemsAsync = () => {
-        // iOS kill Service Worker when domain we leave domain
-        if (operatingSystem.os === 'iOS') {
-            const session = initSession(configurationName);
-            return session.loadItemsAsync();
-        }
-        return sendMessageAsync(registration)({ type: 'loadItems', data: null, configurationName });
-    };
     const clearAsync = async (status) => {
         // iOS kill Service Worker when domain we leave domain
         if (operatingSystem.os === 'iOS') {
@@ -274,9 +258,46 @@ export const initWorkerAsync = async(serviceWorkerRelativeUrl, configurationName
         return getLoginParamsCache;
     };
 
+    const getStateAsync = async () => {
+        // iOS kill Service Worker when domain we leave domain
+        if (operatingSystem.os === 'iOS') {
+            const session = initSession(configurationName);
+            return session.getStateAsync();
+        }
+        const result = await sendMessageAsync(registration)({ type: 'getState', data: null, configurationName });
+        // @ts-ignore
+        return result.state;
+    };
+
+    const setStateAsync = async (state) => {
+        // iOS kill Service Worker when domain we leave domain
+        if (operatingSystem.os === 'iOS') {
+            const session = initSession(configurationName);
+            return session.setStateAsync(state);
+        }
+        return sendMessageAsync(registration)({ type: 'setState', data: { state }, configurationName });
+    };
+
+    const getCodeVerifierAsync = async () => {
+        // iOS kill Service Worker when domain we leave domain
+        if (operatingSystem.os === 'iOS') {
+            const session = initSession(configurationName);
+            return session.getCodeVerifierAsync();
+        }
+        const result = await sendMessageAsync(registration)({ type: 'getCodeVerifier', data: null, configurationName });
+        // @ts-ignore
+        return result.codeVerifier;
+    };
+
+    const setCodeVerifierAsync = async (codeVerifier) => {
+        if (operatingSystem.os === 'iOS') {
+            const session = initSession(configurationName);
+            return session.setCodeVerifierAsync(codeVerifier);
+        }
+        return sendMessageAsync(registration)({ type: 'setCodeVerifier', data: { codeVerifier }, configurationName });
+    };
+
     return {
-        saveItemsAsync,
-        loadItemsAsync,
         clearAsync,
         initAsync,
         startKeepAliveServiceWorker,
@@ -288,5 +309,9 @@ export const initWorkerAsync = async(serviceWorkerRelativeUrl, configurationName
         unregisterAsync,
         setLoginParams,
         getLoginParams,
+        getStateAsync,
+        setStateAsync,
+        getCodeVerifierAsync,
+        setCodeVerifierAsync,
     };
 };

package/src/oidc/vanilla/login.ts

@@ -1,29 +1,12 @@
-import {
-    AuthorizationNotifier,
-    AuthorizationRequest, BaseTokenRequestHandler,
-    DefaultCrypto, FetchRequestor, GRANT_TYPE_AUTHORIZATION_CODE,
-    RedirectRequestHandler,
-    TokenRequest,
-} from '@openid/appauth';
-
+import { generateRandom } from './crypto';
 import { eventNames } from './events';
 import { initSession } from './initSession';
 import { initWorkerAsync } from './initWorker';
-import { MemoryStorageBackend } from './memoryStorageBackend';
-import { HashQueryStringUtils, NoHashQueryStringUtils } from './noHashQueryStringUtils';
-import { isTokensOidcValid, setTokens } from './parseTokens';
+import { isTokensOidcValid } from './parseTokens';
+import { performAuthorizationRequestAsync, performFirstTokenRequestAsync } from './requests';
 import { getParseQueryStringFromLocation } from './route-utils';
 import { OidcConfiguration, StringMap } from './types';
 
-const randomString = function(length) {
-    let text = '';
-    const possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-    for (let i = 0; i < length; i++) {
-        text += possible.charAt(Math.floor(Math.random() * possible.length));
-    }
-    return text;
-};
-
 // eslint-disable-next-line @typescript-eslint/ban-types
 export const defaultLoginAsync = (window, configurationName, configuration:OidcConfiguration, publishEvent :(string, any)=>void, initAsync:Function) => (callbackPath:string = undefined, extras:StringMap = null, isSilentSignin = false, scope:string = undefined) => {
     const originExtras = extras;
@@ -31,10 +14,9 @@ export const defaultLoginAsync = (window, configurationName, configuration:OidcC
     const loginLocalAsync = async () => {
         const location = window.location;
         const url = callbackPath || location.pathname + (location.search || '') + (location.hash || '');
-        let state;
-        if (extras && 'state' in extras) {
-            state = extras.state;
-            delete extras.state;
+
+        if (!('state' in extras)) {
+            extras.state = generateRandom(16);
         }
 
         publishEvent(eventNames.loginAsync_begin, {});
@@ -53,38 +35,34 @@ export const defaultLoginAsync = (window, configurationName, configuration:OidcC
 
             const extraFinal = !configuration.extras ? extras : { ...configuration.extras, ...extras };
             if (!extraFinal.nonce) {
-                extraFinal.nonce = randomString(12);
+                extraFinal.nonce = generateRandom(12);
             }
             const nonce = { nonce: extraFinal.nonce };
             const serviceWorker = await initWorkerAsync(configuration.service_worker_relative_url, configurationName);
             const oidcServerConfiguration = await initAsync(configuration.authority, configuration.authority_configuration);
             let storage;
             if (serviceWorker) {
-                serviceWorker.setLoginParams(configurationName, { callbackPath: url, extras: originExtras, state });
+                serviceWorker.setLoginParams(configurationName, { callbackPath: url, extras: originExtras });
                 serviceWorker.startKeepAliveServiceWorker();
                 await serviceWorker.initAsync(oidcServerConfiguration, 'loginAsync', configuration);
                 await serviceWorker.setNonceAsync(nonce);
-                storage = new MemoryStorageBackend(serviceWorker.saveItemsAsync, {});
-                await storage.setItem('dummy', {});
+                storage = serviceWorker;
             } else {
                 const session = initSession(configurationName, configuration.storage ?? sessionStorage);
-                session.setLoginParams(configurationName, { callbackPath: url, extras: originExtras, state });
+                session.setLoginParams(configurationName, { callbackPath: url, extras: originExtras });
                 await session.setNonceAsync(nonce);
-                storage = new MemoryStorageBackend(session.saveItemsAsync, {});
+                storage = session;
             }
 
             // @ts-ignore
-            const queryStringUtil = redirectUri.includes('#') ? new HashQueryStringUtils() : new NoHashQueryStringUtils();
-            const authorizationHandler = new RedirectRequestHandler(storage, queryStringUtil, window.location, new DefaultCrypto());
-            const authRequest = new AuthorizationRequest({
+            const extraInternal = {
                 client_id: configuration.client_id,
                 redirect_uri: redirectUri,
                 scope,
-                response_type: AuthorizationRequest.RESPONSE_TYPE_CODE,
-                state,
-                extras: extraFinal,
-            });
-            authorizationHandler.performAuthorizationRequest(oidcServerConfiguration, authRequest);
+                response_type: 'code',
+                ...extraFinal,
+            };
+            await performAuthorizationRequestAsync(storage)(oidcServerConfiguration.authorizationEndpoint, extraInternal);
         } catch (exception) {
             publishEvent(eventNames.loginAsync_error, exception);
             throw exception;
@@ -105,134 +83,84 @@ export const loginCallbackAsync = (oidc) => async (isSilentSignin = false) => {
         const queryParams = getParseQueryStringFromLocation(window.location.href);
         const sessionState = queryParams.session_state;
         const serviceWorker = await initWorkerAsync(configuration.service_worker_relative_url, oidc.configurationName);
-        let storage = null;
-        let nonceData = null;
-        let getLoginParams = null;
+        let storage;
+        let nonceData;
+        let getLoginParams;
+        let state;
         if (serviceWorker) {
             serviceWorker.startKeepAliveServiceWorker();
             await serviceWorker.initAsync(oidcServerConfiguration, 'loginCallbackAsync', configuration);
-            const items = await serviceWorker.loadItemsAsync();
-            storage = new MemoryStorageBackend(serviceWorker.saveItemsAsync, items);
-            const dummy = await storage.getItem('dummy');
-            if (!dummy) {
-                throw new Error('Service Worker storage disapear');
-            }
-            await storage.removeItem('dummy');
             await serviceWorker.setSessionStateAsync(sessionState);
             nonceData = await serviceWorker.getNonceAsync();
             getLoginParams = serviceWorker.getLoginParams(oidc.configurationName);
+            state = await serviceWorker.getStateAsync();
+            storage = serviceWorker;
         } else {
             const session = initSession(oidc.configurationName, configuration.storage ?? sessionStorage);
-            session.setSessionState(sessionState);
-            const items = await session.loadItemsAsync();
-            storage = new MemoryStorageBackend(session.saveItemsAsync, items);
+            await session.setSessionStateAsync(sessionState);
             nonceData = await session.getNonceAsync();
             getLoginParams = session.getLoginParams(oidc.configurationName);
+            state = await session.getStateAsync();
+            storage = session;
         }
 
-        return new Promise((resolve, reject) => {
-            let queryStringUtil = new NoHashQueryStringUtils();
-            if (redirectUri.includes('#')) {
-                const splithash = window.location.href.split('#');
-                if (splithash.length === 2 && splithash[1].includes('?')) {
-                    queryStringUtil = new HashQueryStringUtils();
-                }
-            }
-            const authorizationHandler = new RedirectRequestHandler(storage, queryStringUtil, window.location, new DefaultCrypto());
-            const notifier = new AuthorizationNotifier();
-            authorizationHandler.setAuthorizationNotifier(notifier);
+        const params = getParseQueryStringFromLocation(window.location.toString());
 
-            notifier.setAuthorizationListener((request, response, error) => {
-                if (error) {
-                    reject(error);
-                    return;
-                }
-                if (!response) {
-                    reject(new Error('no response'));
-                    return;
-                }
+        if (params.iss && params.iss !== oidcServerConfiguration.issuer) {
+            throw new Error('issuer not valid');
+        }
+        if (params.state && params.state !== state) {
+            throw new Error('state not valid');
+        }
+
+        const data = {
+            code: params.code,
+            grant_type: 'authorization_code',
+            client_id: configuration.client_id,
+            redirect_uri: redirectUri,
+        };
 
-                const extras = {};
-                if (request && request.internal) {
-                    // @ts-ignore
-                    extras.code_verifier = request.internal.code_verifier;
-                    if (configuration.token_request_extras) {
-                        for (const [key, value] of Object.entries(configuration.token_request_extras)) {
-                            extras[key] = value;
-                        }
-                    }
-                    if (getLoginParams && getLoginParams.extras) {
-                        for (const [key, value] of Object.entries(getLoginParams.extras)) {
-                            if (key.endsWith(':token_request')) {
-                                extras[key.replace(':token_request', '')] = value;
-                            }
-                        }
-                    }
+        const extras = {};
+        // @ts-ignore
+        if (configuration.token_request_extras) {
+            for (const [key, value] of Object.entries(configuration.token_request_extras)) {
+                extras[key] = value;
+            }
+        }
+        if (getLoginParams && getLoginParams.extras) {
+            for (const [key, value] of Object.entries(getLoginParams.extras)) {
+                if (key.endsWith(':token_request')) {
+                    extras[key.replace(':token_request', '')] = value;
                 }
+            }
+        }
 
-                const tokenRequest = new TokenRequest({
-                    client_id: clientId,
-                    redirect_uri: redirectUri, // @ts-ignore
-                    grant_type: GRANT_TYPE_AUTHORIZATION_CODE,
-                    code: response.code,
-                    refresh_token: undefined,
-                    extras,
-                });
+        const tokenResponse = await performFirstTokenRequestAsync(storage)(oidcServerConfiguration.tokenEndpoint, { ...data, ...extras }, oidc.configuration.token_renew_mode, tokenRequestTimeout);
 
-                let timeoutId = setTimeout(() => {
-                    reject(new Error('performTokenRequest timeout'));
-                    timeoutId = null;
-                }, tokenRequestTimeout ?? 12000);
-                try {
-                    const tokenHandler = new BaseTokenRequestHandler(new FetchRequestor());
-                    tokenHandler.performTokenRequest(oidcServerConfiguration, tokenRequest).then(async (tokenResponse) => {
-                        if (timeoutId) {
-                            clearTimeout(timeoutId);
-                            oidc.timeoutId = null;
-                            let loginParams = null;
-                            let formattedTokens = null;
-                            if (serviceWorker) {
-                                const { tokens } = await serviceWorker.initAsync(oidcServerConfiguration, 'syncTokensAsync', configuration);
-                                loginParams = serviceWorker.getLoginParams(oidc.configurationName);
-                                formattedTokens = tokens;
-                            } else {
-                                const session = initSession(oidc.configurationName, configuration.storage);
-                                loginParams = session.getLoginParams(oidc.configurationName);
-                                formattedTokens = setTokens(tokenResponse, null, configuration.token_renew_mode);
-                            }
-                            if (!isTokensOidcValid(formattedTokens, nonceData.nonce, oidcServerConfiguration)) {
-                                const exception = new Error('Tokens are not OpenID valid');
-                                if (timeoutId) {
-                                    clearTimeout(timeoutId);
-                                    oidc.timeoutId = null;
-                                    oidc.publishEvent(eventNames.loginCallbackAsync_error, exception);
-                                    console.error(exception);
-                                    reject(exception);
-                                }
-                            }
+        let loginParams = null;
+        const formattedTokens = tokenResponse.data.tokens;
+        if (serviceWorker) {
+            await serviceWorker.initAsync(redirectUri, 'syncTokensAsync', configuration);
+            loginParams = serviceWorker.getLoginParams(oidc.configurationName);
+        } else {
+            const session = initSession(oidc.configurationName, configuration.storage);
+            loginParams = session.getLoginParams(oidc.configurationName);
+        }
+        // @ts-ignore
+        if (tokenResponse.data.state !== extras.state) {
+            throw new Error('state is not valid');
+        }
+        if (!isTokensOidcValid(formattedTokens, nonceData.nonce, oidcServerConfiguration)) {
+            throw new Error('Tokens are not OpenID valid');
+        }
 
-                            oidc.startCheckSessionAsync(oidcServerConfiguration.check_session_iframe, clientId, sessionState, isSilentSignin).then(() => {
-                                oidc.publishEvent(eventNames.loginCallbackAsync_end, {});
-                                resolve({
-                                    tokens: formattedTokens,
-                                    state: request.state,
-                                    callbackPath: loginParams.callbackPath,
-                                });
-                            });
-                        }
-                    });
-                } catch (exception) {
-                    if (timeoutId) {
-                        clearTimeout(timeoutId);
-                        oidc.timeoutId = null;
-                        oidc.publishEvent(eventNames.loginCallbackAsync_error, exception);
-                        console.error(exception);
-                        reject(exception);
-                    }
-                }
-            });
-            authorizationHandler.completeAuthorizationRequestIfPossible();
-        });
+        await oidc.startCheckSessionAsync(oidcServerConfiguration.check_session_iframe, clientId, sessionState, isSilentSignin);
+        oidc.publishEvent(eventNames.loginCallbackAsync_end, {});
+        return {
+            tokens: formattedTokens,
+            state: 'request.state',
+            callbackPath: loginParams.callbackPath,
+        };
     } catch (exception) {
         console.error(exception);
         oidc.publishEvent(eventNames.loginCallbackAsync_error, exception);

package/src/oidc/vanilla/logout.ts

@@ -0,0 +1,95 @@
+import { initSession } from './initSession';
+import { initWorkerAsync } from './initWorker';
+import { performRevocationRequestAsync, TOKEN_TYPE } from './requests';
+import timer from './timer';
+import { StringMap } from './types';
+
+export const destroyAsync = (oidc) => async (status) => {
+    timer.clearTimeout(oidc.timeoutId);
+    oidc.timeoutId = null;
+    if (oidc.checkSessionIFrame) {
+        oidc.checkSessionIFrame.stop();
+    }
+    const serviceWorker = await initWorkerAsync(oidc.configuration.service_worker_relative_url, oidc.configurationName);
+    if (!serviceWorker) {
+        const session = initSession(oidc.configurationName, oidc.configuration.storage);
+        await session.clearAsync(status);
+    } else {
+        await serviceWorker.clearAsync(status);
+    }
+    oidc.tokens = null;
+    oidc.userInfo = null;
+};
+
+export const logoutAsync = (oidc, oidcDatabase) => async (callbackPathOrUrl: string | null | undefined = undefined, extras: StringMap = null) => {
+    const configuration = oidc.configuration;
+    const oidcServerConfiguration = await oidc.initAsync(configuration.authority, configuration.authority_configuration);
+    if (callbackPathOrUrl && (typeof callbackPathOrUrl !== 'string')) {
+        callbackPathOrUrl = undefined;
+        console.warn('callbackPathOrUrl path is not a string');
+    }
+    const path = (callbackPathOrUrl === null || callbackPathOrUrl === undefined) ? location.pathname + (location.search || '') + (location.hash || '') : callbackPathOrUrl;
+    let isUri = false;
+    if (callbackPathOrUrl) {
+        isUri = callbackPathOrUrl.includes('https://') || callbackPathOrUrl.includes('http://');
+    }
+    const url = isUri ? callbackPathOrUrl : window.location.origin + path;
+    // @ts-ignore
+    const idToken = oidc.tokens ? oidc.tokens.idToken : '';
+    try {
+        const revocationEndpoint = oidcServerConfiguration.revocationEndpoint;
+        if (revocationEndpoint) {
+            const promises = [];
+            const accessToken = oidc.tokens.accessToken;
+            if (accessToken) {
+                const revokeAccessTokenPromise = performRevocationRequestAsync(revocationEndpoint, accessToken, TOKEN_TYPE.access_token, configuration.client_id);
+                promises.push(revokeAccessTokenPromise);
+            }
+            const refreshToken = oidc.tokens.refreshToken;
+            if (refreshToken) {
+                const revokeRefreshTokenPromise = performRevocationRequestAsync(revocationEndpoint, refreshToken, TOKEN_TYPE.refresh_token, configuration.client_id);
+                promises.push(revokeRefreshTokenPromise);
+            }
+            if (promises.length > 0) {
+                await Promise.all(promises);
+            }
+        }
+    } catch (exception) {
+        console.warn(exception);
+    }
+    // @ts-ignore
+    const sub = oidc.tokens && oidc.tokens.idTokenPayload ? oidc.tokens.idTokenPayload.sub : null;
+    await oidc.destroyAsync('LOGGED_OUT');
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    for (const [key, itemOidc] of Object.entries(oidcDatabase)) {
+        if (itemOidc !== oidc) {
+            // @ts-ignore
+            await oidc.logoutSameTabAsync(oidc.configuration.client_id, sub);
+        }
+    }
+
+    if (oidcServerConfiguration.endSessionEndpoint) {
+        if (!extras) {
+            extras = {
+                id_token_hint: idToken,
+            };
+            if (callbackPathOrUrl !== null) {
+                extras.post_logout_redirect_uri = url;
+            }
+        }
+        let queryString = '';
+        if (extras) {
+            for (const [key, value] of Object.entries(extras)) {
+                if (queryString === '') {
+                    queryString += '?';
+                } else {
+                    queryString += '&';
+                }
+                queryString += `${key}=${encodeURIComponent(value)}`;
+            }
+        }
+        window.location.href = `${oidcServerConfiguration.endSessionEndpoint}${queryString}`;
+    } else {
+        window.location.reload();
+    }
+};