@axa-fr/react-oidc 6.3.1 → 6.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/OidcServiceWorker.js +72 -10
- package/dist/vanilla/initSession.d.ts +4 -0
- package/dist/vanilla/initSession.d.ts.map +1 -1
- package/dist/vanilla/initSession.js +23 -1
- package/dist/vanilla/initSession.js.map +1 -1
- package/dist/vanilla/initWorker.d.ts +4 -0
- package/dist/vanilla/initWorker.d.ts.map +1 -1
- package/dist/vanilla/initWorker.js +15 -2
- package/dist/vanilla/initWorker.js.map +1 -1
- package/dist/vanilla/oidc.d.ts +3 -0
- package/dist/vanilla/oidc.d.ts.map +1 -1
- package/dist/vanilla/oidc.js +68 -26
- package/dist/vanilla/oidc.js.map +1 -1
- package/dist/vanilla/parseTokens.d.ts +3 -2
- package/dist/vanilla/parseTokens.d.ts.map +1 -1
- package/dist/vanilla/parseTokens.js +46 -7
- package/dist/vanilla/parseTokens.js.map +1 -1
- package/package.json +1 -1
- package/src/oidc/vanilla/OidcServiceWorker.js +72 -10
- package/src/oidc/vanilla/initSession.ts +23 -2
- package/src/oidc/vanilla/initWorker.ts +13 -1
- package/src/oidc/vanilla/oidc.ts +47 -10
- package/src/oidc/vanilla/parseTokens.ts +49 -6
|
@@ -20,6 +20,7 @@ let database = {
|
|
|
20
20
|
tokens: null,
|
|
21
21
|
status:null,
|
|
22
22
|
items:[],
|
|
23
|
+
nonce: null,
|
|
23
24
|
oidcServerConfiguration: null
|
|
24
25
|
}
|
|
25
26
|
};
|
|
@@ -56,6 +57,37 @@ const isTokensValid= (tokens) =>{
|
|
|
56
57
|
return computeTimeLeft(0, tokens.expiresAt) > 0;
|
|
57
58
|
}
|
|
58
59
|
|
|
60
|
+
// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation (excluding rules #1, #4, #5, #7, #8, #12, and #13 which did not apply).
|
|
61
|
+
// https://github.com/openid/AppAuth-JS/issues/65
|
|
62
|
+
const isTokensOidcValid =(tokens, nonce, oidcServerConfiguration) =>{
|
|
63
|
+
if(tokens.idTokenPayload) {
|
|
64
|
+
const idTokenPayload = tokens.idTokenPayload;
|
|
65
|
+
// 2: The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.
|
|
66
|
+
if(oidcServerConfiguration.issuer !== idTokenPayload.iss){
|
|
67
|
+
return false;
|
|
68
|
+
}
|
|
69
|
+
// 3: The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.
|
|
70
|
+
|
|
71
|
+
// 6: If the ID Token is received via direct communication between the Client and the Token Endpoint (which it is in this flow), the TLS server validation MAY be used to validate the issuer in place of checking the token signature. The Client MUST validate the signature of all other ID Tokens according to JWS [JWS] using the algorithm specified in the JWT alg Header Parameter. The Client MUST use the keys provided by the Issuer.
|
|
72
|
+
|
|
73
|
+
// 9: The current time MUST be before the time represented by the exp Claim.
|
|
74
|
+
const currentTimeUnixSecond = new Date().getTime() /1000;
|
|
75
|
+
if(idTokenPayload.exp && idTokenPayload.exp < currentTimeUnixSecond) {
|
|
76
|
+
return false;
|
|
77
|
+
}
|
|
78
|
+
// 10: The iat Claim can be used to reject tokens that were issued too far away from the current time, limiting the amount of time that nonces need to be stored to prevent attacks. The acceptable range is Client specific.
|
|
79
|
+
const timeInSevenDays = 60 * 60 * 24 * 7;
|
|
80
|
+
if(idTokenPayload.iat && (idTokenPayload.iat + timeInSevenDays) < currentTimeUnixSecond) {
|
|
81
|
+
return false;
|
|
82
|
+
}
|
|
83
|
+
// 11: If a nonce value was sent in the Authentication Request, a nonce Claim MUST be present and its value checked to verify that it is the same value as the one that was sent in the Authentication Request. The Client SHOULD check the nonce value for replay attacks. The precise method for detecting replay attacks is Client specific.
|
|
84
|
+
if (idTokenPayload.nonce && idTokenPayload.nonce !== nonce) {
|
|
85
|
+
return false;
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
return true;
|
|
89
|
+
}
|
|
90
|
+
|
|
59
91
|
function hideTokens(currentDatabaseElement) {
|
|
60
92
|
const configurationName = currentDatabaseElement.configurationName;
|
|
61
93
|
return (response) => {
|
|
@@ -79,8 +111,12 @@ function hideTokens(currentDatabaseElement) {
|
|
|
79
111
|
let _idTokenPayload = null;
|
|
80
112
|
if(tokens.id_token) {
|
|
81
113
|
_idTokenPayload = extractTokenPayload(tokens.id_token);
|
|
114
|
+
tokens.idTokenPayload = {..._idTokenPayload};
|
|
115
|
+
if(_idTokenPayload.nonce) {
|
|
116
|
+
const keyNonce = NONCE_TOKEN + '_'+ currentDatabaseElement.configurationName;
|
|
117
|
+
_idTokenPayload.nonce = keyNonce;
|
|
118
|
+
}
|
|
82
119
|
secureTokens.idTokenPayload = _idTokenPayload;
|
|
83
|
-
tokens.idTokenPayload = _idTokenPayload;
|
|
84
120
|
}
|
|
85
121
|
if(tokens.refresh_token){
|
|
86
122
|
secureTokens.refresh_token = REFRESH_TOKEN + "_" + configurationName;
|
|
@@ -90,10 +126,23 @@ function hideTokens(currentDatabaseElement) {
|
|
|
90
126
|
const accessTokenExpiresAt = (accessTokenPayload && accessTokenPayload.exp)? accessTokenPayload.exp : tokens.issued_at + tokens.expires_in;
|
|
91
127
|
const expiresAt = idTokenExpiresAt < accessTokenExpiresAt ? idTokenExpiresAt : accessTokenExpiresAt;
|
|
92
128
|
secureTokens.expiresAt = expiresAt;
|
|
93
|
-
|
|
129
|
+
|
|
94
130
|
tokens.expiresAt = expiresAt;
|
|
95
|
-
|
|
131
|
+
|
|
132
|
+
if(!isTokensOidcValid(tokens, currentDatabaseElement.nonce.nonce, currentDatabaseElement.oidcServerConfiguration)){
|
|
133
|
+
throw Error("Tokens are not OpenID valid");
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
// When refresh_token is not rotated we reuse ald refresh_token
|
|
137
|
+
if(currentDatabaseElement.tokens != null && "refresh_token" in currentDatabaseElement.tokens && !("refresh_token" in tokens)){
|
|
138
|
+
const refreshToken = currentDatabaseElement.tokens.refresh_token;
|
|
139
|
+
currentDatabaseElement.tokens = {...tokens, refresh_token : refreshToken};
|
|
140
|
+
} else{
|
|
141
|
+
currentDatabaseElement.tokens = tokens;
|
|
142
|
+
}
|
|
143
|
+
|
|
96
144
|
currentDatabaseElement.status = "LOGGED_IN";
|
|
145
|
+
const body = JSON.stringify(secureTokens);
|
|
97
146
|
return new Response(body, response);
|
|
98
147
|
});
|
|
99
148
|
};
|
|
@@ -138,7 +187,7 @@ const getCurrentDatabaseDomain = (database, url) => {
|
|
|
138
187
|
}
|
|
139
188
|
}
|
|
140
189
|
|
|
141
|
-
if(hasToSendToken){
|
|
190
|
+
if(hasToSendToken) {
|
|
142
191
|
if(!currentDatabase.tokens) {
|
|
143
192
|
return null;
|
|
144
193
|
}
|
|
@@ -159,6 +208,7 @@ const serializeHeaders = (headers) => {
|
|
|
159
208
|
|
|
160
209
|
const REFRESH_TOKEN = 'REFRESH_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER';
|
|
161
210
|
const ACCESS_TOKEN = 'ACCESS_TOKEN_SECURED_BY_OIDC_SERVICE_WORKER';
|
|
211
|
+
const NONCE_TOKEN = 'NONCE_SECURED_BY_OIDC_SERVICE_WORKER';
|
|
162
212
|
|
|
163
213
|
const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
|
|
164
214
|
|
|
@@ -215,11 +265,14 @@ const handleFetch = async (event) => {
|
|
|
215
265
|
let newBody = actualBody;
|
|
216
266
|
for(let i= 0;i<numberDatabase;i++){
|
|
217
267
|
const currentDb = currentDatabases[i];
|
|
218
|
-
|
|
219
|
-
if(currentDb && currentDb.tokens != null
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
268
|
+
|
|
269
|
+
if(currentDb && currentDb.tokens != null) {
|
|
270
|
+
const keyRefreshToken = REFRESH_TOKEN + '_'+ currentDb.configurationName;
|
|
271
|
+
if(actualBody.includes(keyRefreshToken)) {
|
|
272
|
+
newBody = newBody.replace(keyRefreshToken, encodeURIComponent(currentDb.tokens.refresh_token));
|
|
273
|
+
currentDatabase = currentDb;
|
|
274
|
+
break;
|
|
275
|
+
}
|
|
223
276
|
}
|
|
224
277
|
}
|
|
225
278
|
|
|
@@ -327,6 +380,8 @@ addEventListener('message', event => {
|
|
|
327
380
|
checkDomain(domains, tokenEndpoint);
|
|
328
381
|
const userInfoEndpoint = oidcServerConfiguration.userInfoEndpoint;
|
|
329
382
|
checkDomain(domains, userInfoEndpoint);
|
|
383
|
+
const issuer = oidcServerConfiguration.issuer;
|
|
384
|
+
checkDomain(domains, issuer);
|
|
330
385
|
currentDatabase.oidcServerConfiguration = oidcServerConfiguration;
|
|
331
386
|
const where = data.data.where;
|
|
332
387
|
if(where === "loginCallbackAsync" || where === "tryKeepExistingSessionAsync") {
|
|
@@ -348,6 +403,9 @@ addEventListener('message', event => {
|
|
|
348
403
|
if(tokens.refresh_token){
|
|
349
404
|
tokens.refresh_token = REFRESH_TOKEN + "_" + configurationName;
|
|
350
405
|
}
|
|
406
|
+
if(tokens.idTokenPayload && tokens.idTokenPayload.nonce){
|
|
407
|
+
tokens.idTokenPayload.nonce = NONCE_TOKEN + "_" + configurationName;
|
|
408
|
+
}
|
|
351
409
|
port.postMessage({
|
|
352
410
|
tokens,
|
|
353
411
|
status: currentDatabase.status,
|
|
@@ -364,8 +422,12 @@ addEventListener('message', event => {
|
|
|
364
422
|
const sessionState = currentDatabase.sessionState;
|
|
365
423
|
port.postMessage({configurationName, sessionState});
|
|
366
424
|
return;
|
|
425
|
+
case "setNonce":
|
|
426
|
+
currentDatabase.nonce = data.data.nonce;
|
|
427
|
+
port.postMessage({configurationName});
|
|
428
|
+
return;
|
|
367
429
|
default:
|
|
368
|
-
currentDatabase.items = data.data;
|
|
430
|
+
currentDatabase.items = { ...data.data };
|
|
369
431
|
port.postMessage({configurationName});
|
|
370
432
|
return;
|
|
371
433
|
}
|
|
@@ -10,5 +10,9 @@ export declare const initSession: (configurationName: any, redirectUri: any, sto
|
|
|
10
10
|
getTokens: () => string;
|
|
11
11
|
setSessionState: (sessionState: any) => void;
|
|
12
12
|
getSessionState: () => any;
|
|
13
|
+
setNonceAsync: (nonce: any) => void;
|
|
14
|
+
getNonceAsync: () => Promise<{
|
|
15
|
+
nonce: any;
|
|
16
|
+
}>;
|
|
13
17
|
};
|
|
14
18
|
//# sourceMappingURL=initSession.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"initSession.d.ts","sourceRoot":"","sources":["../../src/oidc/vanilla/initSession.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW
|
|
1
|
+
{"version":3,"file":"initSession.d.ts","sourceRoot":"","sources":["../../src/oidc/vanilla/initSession.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;CAmEvB,CAAA"}
|
|
@@ -70,13 +70,35 @@ var initSession = function (configurationName, redirectUri, storage) {
|
|
|
70
70
|
var getSessionState = function () {
|
|
71
71
|
return storage["oidc.session_state.".concat(configurationName, ":").concat(redirectUri)];
|
|
72
72
|
};
|
|
73
|
+
var setNonceAsync = function (nonce) {
|
|
74
|
+
localStorage["oidc.nonce.".concat(configurationName, ":").concat(redirectUri)] = nonce.nonce;
|
|
75
|
+
};
|
|
76
|
+
var getNonceAsync = function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
77
|
+
var result;
|
|
78
|
+
return __generator(this, function (_a) {
|
|
79
|
+
result = { nonce: localStorage["oidc.nonce.".concat(configurationName, ":").concat(redirectUri)] };
|
|
80
|
+
localStorage["oidc.nonce.".concat(configurationName, ":").concat(redirectUri)] = "";
|
|
81
|
+
return [2 /*return*/, result];
|
|
82
|
+
});
|
|
83
|
+
}); };
|
|
73
84
|
var getTokens = function () {
|
|
74
85
|
if (!storage["oidc.".concat(configurationName, ":").concat(redirectUri)]) {
|
|
75
86
|
return null;
|
|
76
87
|
}
|
|
77
88
|
return JSON.stringify({ tokens: JSON.parse(storage["oidc.".concat(configurationName, ":").concat(redirectUri)]).tokens });
|
|
78
89
|
};
|
|
79
|
-
return {
|
|
90
|
+
return {
|
|
91
|
+
saveItemsAsync: saveItemsAsync,
|
|
92
|
+
loadItemsAsync: loadItemsAsync,
|
|
93
|
+
clearAsync: clearAsync,
|
|
94
|
+
initAsync: initAsync,
|
|
95
|
+
setTokens: setTokens,
|
|
96
|
+
getTokens: getTokens,
|
|
97
|
+
setSessionState: setSessionState,
|
|
98
|
+
getSessionState: getSessionState,
|
|
99
|
+
setNonceAsync: setNonceAsync,
|
|
100
|
+
getNonceAsync: getNonceAsync
|
|
101
|
+
};
|
|
80
102
|
};
|
|
81
103
|
exports.initSession = initSession;
|
|
82
104
|
//# sourceMappingURL=initSession.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"initSession.js","sourceRoot":"","sources":["../../src/oidc/vanilla/initSession.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAO,IAAM,WAAW,GAAG,UAAC,iBAAiB,EAAE,WAAW,EAAE,OAAsB;IAAtB,wBAAA,EAAA,wBAAsB;IAE9E,IAAM,cAAc,GAAE,UAAC,KAAK;QACxB,OAAO,CAAC,qBAAc,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAClF,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC7B,CAAC,CAAA;IAED,IAAM,cAAc,GAAC;QACjB,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,qBAAc,iBAAiB,cAAI,WAAW,CAAE,CAAC,CAAC,CAAC,CAAC;IAClG,CAAC,CAAA;IAED,IAAM,UAAU,GAAC,UAAC,MAAM;QACpB,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAC,MAAM,EAAC,IAAI,EAAE,MAAM,QAAA,EAAC,CAAC,CAAC;QAC5F,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC7B,CAAC,CAAA;IAED,IAAM,SAAS,GAAC;;;YACZ,IAAG,CAAC,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,EAAC;gBACpD,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAC,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,IAAI,EAAC,CAAC,CAAC;gBACjG,sBAAO,EAAC,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,IAAI,EAAC,EAAC;aACrC;YACK,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,CAAC,CAAC;YAC7E,sBAAO,OAAO,CAAC,OAAO,CAAC,EAAE,MAAM,EAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,EAAC;;SACzE,CAAA;IAED,IAAM,SAAS,GAAG,UAAC,MAAM;QACrB,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAC,MAAM,QAAA,EAAC,CAAC,CAAC;IACnF,CAAC,CAAA;IAED,IAAM,eAAe,GAAG,UAAC,YAAY;QACjC,OAAO,CAAC,6BAAsB,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,YAAY,CAAC;IACrF,CAAC,CAAA;IAED,IAAM,eAAe,GAAE;QACnB,OAAO,OAAO,CAAC,6BAAsB,iBAAiB,cAAI,WAAW,CAAE,CAAC,CAAC;IAC7E,CAAC,CAAA;IAED,IAAM,SAAS,GAAG;
|
|
1
|
+
{"version":3,"file":"initSession.js","sourceRoot":"","sources":["../../src/oidc/vanilla/initSession.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAO,IAAM,WAAW,GAAG,UAAC,iBAAiB,EAAE,WAAW,EAAE,OAAsB;IAAtB,wBAAA,EAAA,wBAAsB;IAE9E,IAAM,cAAc,GAAE,UAAC,KAAK;QACxB,OAAO,CAAC,qBAAc,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAClF,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC7B,CAAC,CAAA;IAED,IAAM,cAAc,GAAC;QACjB,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,qBAAc,iBAAiB,cAAI,WAAW,CAAE,CAAC,CAAC,CAAC,CAAC;IAClG,CAAC,CAAA;IAED,IAAM,UAAU,GAAC,UAAC,MAAM;QACpB,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAC,MAAM,EAAC,IAAI,EAAE,MAAM,QAAA,EAAC,CAAC,CAAC;QAC5F,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC7B,CAAC,CAAA;IAED,IAAM,SAAS,GAAC;;;YACZ,IAAG,CAAC,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,EAAC;gBACpD,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAC,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,IAAI,EAAC,CAAC,CAAC;gBACjG,sBAAO,EAAC,MAAM,EAAC,IAAI,EAAE,MAAM,EAAC,IAAI,EAAC,EAAC;aACrC;YACK,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,CAAC,CAAC;YAC7E,sBAAO,OAAO,CAAC,OAAO,CAAC,EAAE,MAAM,EAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,EAAC;;SACzE,CAAA;IAED,IAAM,SAAS,GAAG,UAAC,MAAM;QACrB,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAC,MAAM,QAAA,EAAC,CAAC,CAAC;IACnF,CAAC,CAAA;IAED,IAAM,eAAe,GAAG,UAAC,YAAY;QACjC,OAAO,CAAC,6BAAsB,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,YAAY,CAAC;IACrF,CAAC,CAAA;IAED,IAAM,eAAe,GAAE;QACnB,OAAO,OAAO,CAAC,6BAAsB,iBAAiB,cAAI,WAAW,CAAE,CAAC,CAAC;IAC7E,CAAC,CAAA;IAED,IAAM,aAAa,GAAG,UAAC,KAAK;QACxB,YAAY,CAAC,qBAAc,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC;IACjF,CAAC,CAAA;IAED,IAAM,aAAa,GAAE;;;YAEX,MAAM,GAAI,EAAC,KAAK,EAAE,YAAY,CAAC,qBAAc,iBAAiB,cAAI,WAAW,CAAE,CAAC,EAAC,CAAC;YACxF,YAAY,CAAC,qBAAc,iBAAiB,cAAI,WAAW,CAAE,CAAC,GAAG,EAAE,CAAC;YACpE,sBAAO,MAAM,EAAC;;SACjB,CAAA;IAED,IAAM,SAAS,GAAG;QACd,IAAG,CAAC,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,EAAC;YACpD,OAAO,IAAI,CAAC;SACf;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAQ,iBAAiB,cAAI,WAAW,CAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/G,CAAC,CAAA;IAED,OAAO;QACH,cAAc,gBAAA;QACd,cAAc,gBAAA;QACd,UAAU,YAAA;QACV,SAAS,WAAA;QACT,SAAS,WAAA;QACT,SAAS,WAAA;QACT,eAAe,iBAAA;QACf,eAAe,iBAAA;QACf,aAAa,eAAA;QACb,aAAa,eAAA;KAChB,CAAC;AACN,CAAC,CAAA;AAnEY,QAAA,WAAW,eAmEvB"}
|
|
@@ -11,6 +11,10 @@ export declare const initWorkerAsync: (serviceWorkerRelativeUrl: any, configurat
|
|
|
11
11
|
isServiceWorkerProxyActiveAsync: () => Promise<boolean>;
|
|
12
12
|
setSessionStateAsync: (sessionState: any) => Promise<unknown>;
|
|
13
13
|
getSessionStateAsync: () => Promise<any>;
|
|
14
|
+
setNonceAsync: (nonce: any) => Promise<unknown>;
|
|
15
|
+
getNonceAsync: () => Promise<{
|
|
16
|
+
nonce: string;
|
|
17
|
+
}>;
|
|
14
18
|
unregisterAsync: () => Promise<boolean>;
|
|
15
19
|
}>;
|
|
16
20
|
//# sourceMappingURL=initWorker.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../../src/oidc/vanilla/initWorker.ts"],"names":[],"mappings":"AAmCA,eAAO,MAAM,UAAU,yCAEtB,CAAA;AA+BD,eAAO,MAAM,eAAe
|
|
1
|
+
{"version":3,"file":"initWorker.d.ts","sourceRoot":"","sources":["../../src/oidc/vanilla/initWorker.ts"],"names":[],"mappings":"AAmCA,eAAO,MAAM,UAAU,yCAEtB,CAAA;AA+BD,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;EAgG3B,CAAA"}
|
|
@@ -104,7 +104,7 @@ var sendMessageAsync = function (registration) { return function (data) {
|
|
|
104
104
|
});
|
|
105
105
|
}; };
|
|
106
106
|
var initWorkerAsync = function (serviceWorkerRelativeUrl, configurationName) { return __awaiter(void 0, void 0, void 0, function () {
|
|
107
|
-
var _a, name, version, registration, err_1, saveItemsAsync, loadItemsAsync, unregisterAsync, clearAsync, initAsync, startKeepAliveServiceWorker, setSessionStateAsync, getSessionStateAsync;
|
|
107
|
+
var _a, name, version, registration, err_1, saveItemsAsync, loadItemsAsync, unregisterAsync, clearAsync, initAsync, startKeepAliveServiceWorker, setSessionStateAsync, getSessionStateAsync, setNonceAsync, NONCE_TOKEN, getNonceAsync;
|
|
108
108
|
return __generator(this, function (_b) {
|
|
109
109
|
switch (_b.label) {
|
|
110
110
|
case 0:
|
|
@@ -169,7 +169,7 @@ var initWorkerAsync = function (serviceWorkerRelativeUrl, configurationName) { r
|
|
|
169
169
|
case 1:
|
|
170
170
|
result = _a.sent();
|
|
171
171
|
// @ts-ignore
|
|
172
|
-
return [2 /*return*/, { tokens: (0, parseTokens_1.parseOriginalTokens)(result.tokens), status: result.status }];
|
|
172
|
+
return [2 /*return*/, { tokens: (0, parseTokens_1.parseOriginalTokens)(result.tokens, null), status: result.status }];
|
|
173
173
|
}
|
|
174
174
|
});
|
|
175
175
|
}); };
|
|
@@ -194,6 +194,17 @@ var initWorkerAsync = function (serviceWorkerRelativeUrl, configurationName) { r
|
|
|
194
194
|
}
|
|
195
195
|
});
|
|
196
196
|
}); };
|
|
197
|
+
setNonceAsync = function (nonce) {
|
|
198
|
+
return sendMessageAsync(registration)({ type: "setNonce", data: { nonce: nonce }, configurationName: configurationName });
|
|
199
|
+
};
|
|
200
|
+
NONCE_TOKEN = 'NONCE_SECURED_BY_OIDC_SERVICE_WORKER';
|
|
201
|
+
getNonceAsync = function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
202
|
+
var keyNonce;
|
|
203
|
+
return __generator(this, function (_a) {
|
|
204
|
+
keyNonce = NONCE_TOKEN + '_' + configurationName;
|
|
205
|
+
return [2 /*return*/, { nonce: keyNonce }];
|
|
206
|
+
});
|
|
207
|
+
}); };
|
|
197
208
|
return [2 /*return*/, {
|
|
198
209
|
saveItemsAsync: saveItemsAsync,
|
|
199
210
|
loadItemsAsync: loadItemsAsync,
|
|
@@ -204,6 +215,8 @@ var initWorkerAsync = function (serviceWorkerRelativeUrl, configurationName) { r
|
|
|
204
215
|
isServiceWorkerProxyActiveAsync: isServiceWorkerProxyActiveAsync,
|
|
205
216
|
setSessionStateAsync: setSessionStateAsync,
|
|
206
217
|
getSessionStateAsync: getSessionStateAsync,
|
|
218
|
+
setNonceAsync: setNonceAsync,
|
|
219
|
+
getNonceAsync: getNonceAsync,
|
|
207
220
|
unregisterAsync: unregisterAsync,
|
|
208
221
|
}];
|
|
209
222
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"initWorker.js","sourceRoot":"","sources":["../../src/oidc/vanilla/initWorker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kDAA2B;AAC3B,6CAAkD;AAElD,SAAS,WAAW;IAChB,IAAI,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,GAAG,EAC7B,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,8DAA8D,CAAC,IAAI,EAAE,CAAC;IACvF,IAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAC;QACrB,GAAG,GAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,EAAC,IAAI,EAAC,IAAI,EAAC,OAAO,EAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAE,EAAE,CAAC,EAAC,CAAC;KAC3C;IACD,IAAG,CAAC,CAAC,CAAC,CAAC,KAAG,QAAQ,EAAC;QACf,GAAG,GAAC,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAElC,IAAG,GAAG,IAAE,IAAI,EAAE;YACV,IAAI,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACrB,IAAG,CAAC,OAAO,EAAC;gBACR,IAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAC,GAAG,CAAC,CAAC;gBACpC,IAAG,MAAM,CAAC,MAAM,GAAC,CAAC,EAAC;oBACf,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;iBACvB;aACJ;YAED,OAAO,EAAC,IAAI,EAAC,OAAO,EAAE,OAAO,SAAA,EAAC,CAAC;SAClC;KACJ;IACD,CAAC,GAAC,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IACtE,IAAG,CAAC,GAAG,GAAC,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,IAAE,IAAI,EAAE;QAAC,CAAC,CAAC,MAAM,CAAC,CAAC,EAAC,CAAC,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;KAAC;IACnE,OAAO;QACH,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;QACxB,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;KAChB,CAAC;AACN,CAAC;AAED,IAAI,+BAA+B,GAAG,IAAI,CAAC;AAEpC,IAAM,UAAU,GAAG,UAAC,YAAY;IACnC,OAAO,IAAI,OAAO,CAAC,UAAA,OAAO,IAAI,OAAA,eAAK,CAAC,UAAU,CAAC,OAAO,EAAE,YAAY,CAAC,EAAvC,CAAuC,CAAC,CAAA;AAC1E,CAAC,CAAA;AAFY,QAAA,UAAU,cAEtB;AAED,IAAM,SAAS,GAAG;IACd,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC1C,IAAA,kBAAU,EAAC,GAAG,GAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACzC,CAAC,CAAA;AAED,IAAM,+BAA+B,GAAG;IACpC,OAAO,KAAK,CAAC,kCAAkC,EAAE;QAC7C,OAAO,EAAE;YACL,cAAc,EAAE,MAAM;SACzB;KAAC,CAAC;SACF,IAAI,CAAC,UAAC,QAAQ;QACX,OAAO,QAAQ,CAAC,UAAU,KAAK,qBAAqB,CAAC;IACzD,CAAC,CAAC,CAAC;AACX,CAAC,CAAC;AAEF,IAAM,gBAAgB,GAAG,UAAC,YAAY,IAAK,OAAA,UAAC,IAAI;IAC5C,OAAO,IAAI,OAAO,CAAC,UAAS,OAAO,EAAE,MAAM;QACvC,IAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;QAC5C,cAAc,CAAC,KAAK,CAAC,SAAS,GAAG,UAAU,KAAK;YAC5C,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE;gBAChC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;aAC5B;iBAAM;gBACH,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aACvB;QACL,CAAC,CAAC;QACF,YAAY,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACP,CAAC,EAZ0C,CAY1C,CAAA;AAEM,IAAM,eAAe,GAAG,UAAM,wBAAwB,EAAE,iBAAiB;;;;;gBAE5E,IAAG,CAAC,SAAS,CAAC,aAAa,IAAE,CAAC,wBAAwB,EAAC;oBACnD,sBAAO,IAAI,EAAC;iBACf;gBACK,KAAkB,WAAW,EAAE,EAA9B,IAAI,UAAA,EAAE,OAAO,aAAA,CAAkB;gBACtC,IAAG,IAAI,IAAI,QAAQ,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAC,EAAE,EAAC;oBACxC,sBAAO,IAAI,EAAC;iBACf;gBACD,IAAG,IAAI,IAAI,OAAO,EAAC;oBACf,IAAG,CAAC,OAAO,EAAE;wBACT,sBAAO,IAAI,EAAC;qBACf;oBACD,IAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAE,EAAE,EAAE;wBACpC,sBAAO,IAAI,EAAC;qBACf;iBACJ;gBACD,IAAG,IAAI,IAAI,IAAI,EAAC;oBACZ,sBAAO,IAAI,EAAC;iBACf;gBAEoB,qBAAM,SAAS,CAAC,aAAa,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAA;;gBAA/E,YAAY,GAAG,SAAgE;;;;gBAGjF,qBAAM,SAAS,CAAC,aAAa,CAAC,KAAK,EAAA;;gBAAnC,SAAmC,CAAA;;;;gBAGnC,sBAAO,IAAI,EAAC;;gBAGV,cAAc,GAAE,UAAC,KAAK;oBACpB,OAAO,gBAAgB,CAAC,YAAY,CAAC,CAAC,EAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,mBAAA,EAAC,CAAC,CAAC;gBACnG,CAAC,CAAA;gBAEK,cAAc,GAAC;oBACjB,OAAO,gBAAgB,CAAC,YAAY,CAAC,CAAC,EAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAiB,mBAAA,EAAC,CAAC,CAAC;gBAC9F,CAAC,CAAA;gBAEK,eAAe,GAAG;;;oCACb,qBAAM,YAAY,CAAC,UAAU,EAAE,EAAA;oCAAtC,sBAAO,SAA+B,EAAC;;;qBAC1C,CAAA;gBAEK,UAAU,GAAC,UAAC,MAAM;oBACpB,OAAO,gBAAgB,CAAC,YAAY,CAAC,CAAC,EAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAC,MAAM,QAAA,EAAC,EAAE,iBAAiB,mBAAA,EAAC,CAAC,CAAC;gBAC9F,CAAC,CAAA;gBACK,SAAS,GAAE,UAAO,uBAAuB,EAAE,KAAK;;;;oCACnC,qBAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;oCAChD,IAAI,EAAE,MAAM;oCACZ,IAAI,EAAE,EAAC,uBAAuB,yBAAA,EAAE,KAAK,OAAA,EAAC;oCACtC,iBAAiB,mBAAA;iCACpB,CAAC,EAAA;;gCAJI,MAAM,GAAG,SAIb;gCACF,aAAa;gCACb,sBAAO,EAAE,MAAM,EAAG,IAAA,iCAAmB,EAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAC,EAAC;;;
|
|
1
|
+
{"version":3,"file":"initWorker.js","sourceRoot":"","sources":["../../src/oidc/vanilla/initWorker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kDAA2B;AAC3B,6CAAkD;AAElD,SAAS,WAAW;IAChB,IAAI,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,GAAG,EAC7B,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,8DAA8D,CAAC,IAAI,EAAE,CAAC;IACvF,IAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAC;QACrB,GAAG,GAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,EAAC,IAAI,EAAC,IAAI,EAAC,OAAO,EAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAE,EAAE,CAAC,EAAC,CAAC;KAC3C;IACD,IAAG,CAAC,CAAC,CAAC,CAAC,KAAG,QAAQ,EAAC;QACf,GAAG,GAAC,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAElC,IAAG,GAAG,IAAE,IAAI,EAAE;YACV,IAAI,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACrB,IAAG,CAAC,OAAO,EAAC;gBACR,IAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAC,GAAG,CAAC,CAAC;gBACpC,IAAG,MAAM,CAAC,MAAM,GAAC,CAAC,EAAC;oBACf,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;iBACvB;aACJ;YAED,OAAO,EAAC,IAAI,EAAC,OAAO,EAAE,OAAO,SAAA,EAAC,CAAC;SAClC;KACJ;IACD,CAAC,GAAC,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IACtE,IAAG,CAAC,GAAG,GAAC,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,IAAE,IAAI,EAAE;QAAC,CAAC,CAAC,MAAM,CAAC,CAAC,EAAC,CAAC,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;KAAC;IACnE,OAAO;QACH,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;QACxB,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;KAChB,CAAC;AACN,CAAC;AAED,IAAI,+BAA+B,GAAG,IAAI,CAAC;AAEpC,IAAM,UAAU,GAAG,UAAC,YAAY;IACnC,OAAO,IAAI,OAAO,CAAC,UAAA,OAAO,IAAI,OAAA,eAAK,CAAC,UAAU,CAAC,OAAO,EAAE,YAAY,CAAC,EAAvC,CAAuC,CAAC,CAAA;AAC1E,CAAC,CAAA;AAFY,QAAA,UAAU,cAEtB;AAED,IAAM,SAAS,GAAG;IACd,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC1C,IAAA,kBAAU,EAAC,GAAG,GAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACzC,CAAC,CAAA;AAED,IAAM,+BAA+B,GAAG;IACpC,OAAO,KAAK,CAAC,kCAAkC,EAAE;QAC7C,OAAO,EAAE;YACL,cAAc,EAAE,MAAM;SACzB;KAAC,CAAC;SACF,IAAI,CAAC,UAAC,QAAQ;QACX,OAAO,QAAQ,CAAC,UAAU,KAAK,qBAAqB,CAAC;IACzD,CAAC,CAAC,CAAC;AACX,CAAC,CAAC;AAEF,IAAM,gBAAgB,GAAG,UAAC,YAAY,IAAK,OAAA,UAAC,IAAI;IAC5C,OAAO,IAAI,OAAO,CAAC,UAAS,OAAO,EAAE,MAAM;QACvC,IAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;QAC5C,cAAc,CAAC,KAAK,CAAC,SAAS,GAAG,UAAU,KAAK;YAC5C,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE;gBAChC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;aAC5B;iBAAM;gBACH,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aACvB;QACL,CAAC,CAAC;QACF,YAAY,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACP,CAAC,EAZ0C,CAY1C,CAAA;AAEM,IAAM,eAAe,GAAG,UAAM,wBAAwB,EAAE,iBAAiB;;;;;gBAE5E,IAAG,CAAC,SAAS,CAAC,aAAa,IAAE,CAAC,wBAAwB,EAAC;oBACnD,sBAAO,IAAI,EAAC;iBACf;gBACK,KAAkB,WAAW,EAAE,EAA9B,IAAI,UAAA,EAAE,OAAO,aAAA,CAAkB;gBACtC,IAAG,IAAI,IAAI,QAAQ,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAC,EAAE,EAAC;oBACxC,sBAAO,IAAI,EAAC;iBACf;gBACD,IAAG,IAAI,IAAI,OAAO,EAAC;oBACf,IAAG,CAAC,OAAO,EAAE;wBACT,sBAAO,IAAI,EAAC;qBACf;oBACD,IAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAE,EAAE,EAAE;wBACpC,sBAAO,IAAI,EAAC;qBACf;iBACJ;gBACD,IAAG,IAAI,IAAI,IAAI,EAAC;oBACZ,sBAAO,IAAI,EAAC;iBACf;gBAEoB,qBAAM,SAAS,CAAC,aAAa,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAA;;gBAA/E,YAAY,GAAG,SAAgE;;;;gBAGjF,qBAAM,SAAS,CAAC,aAAa,CAAC,KAAK,EAAA;;gBAAnC,SAAmC,CAAA;;;;gBAGnC,sBAAO,IAAI,EAAC;;gBAGV,cAAc,GAAE,UAAC,KAAK;oBACpB,OAAO,gBAAgB,CAAC,YAAY,CAAC,CAAC,EAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,mBAAA,EAAC,CAAC,CAAC;gBACnG,CAAC,CAAA;gBAEK,cAAc,GAAC;oBACjB,OAAO,gBAAgB,CAAC,YAAY,CAAC,CAAC,EAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAiB,mBAAA,EAAC,CAAC,CAAC;gBAC9F,CAAC,CAAA;gBAEK,eAAe,GAAG;;;oCACb,qBAAM,YAAY,CAAC,UAAU,EAAE,EAAA;oCAAtC,sBAAO,SAA+B,EAAC;;;qBAC1C,CAAA;gBAEK,UAAU,GAAC,UAAC,MAAM;oBACpB,OAAO,gBAAgB,CAAC,YAAY,CAAC,CAAC,EAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAC,MAAM,QAAA,EAAC,EAAE,iBAAiB,mBAAA,EAAC,CAAC,CAAC;gBAC9F,CAAC,CAAA;gBACK,SAAS,GAAE,UAAO,uBAAuB,EAAE,KAAK;;;;oCACnC,qBAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;oCAChD,IAAI,EAAE,MAAM;oCACZ,IAAI,EAAE,EAAC,uBAAuB,yBAAA,EAAE,KAAK,OAAA,EAAC;oCACtC,iBAAiB,mBAAA;iCACpB,CAAC,EAAA;;gCAJI,MAAM,GAAG,SAIb;gCACF,aAAa;gCACb,sBAAO,EAAE,MAAM,EAAG,IAAA,iCAAmB,EAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAC,EAAC;;;qBACtF,CAAA;gBAEK,2BAA2B,GAAG;oBAChC,IAAI,+BAA+B,IAAI,IAAI,EAAE;wBACzC,+BAA+B,GAAG,UAAU,CAAC;wBAC7C,SAAS,EAAE,CAAC;qBACf;gBACL,CAAC,CAAA;gBAEK,oBAAoB,GAAG,UAAC,YAAY;oBACtC,OAAO,gBAAgB,CAAC,YAAY,CAAC,CAAC,EAAC,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,EAAC,YAAY,cAAA,EAAC,EAAE,iBAAiB,mBAAA,EAAC,CAAC,CAAC;gBAC9G,CAAC,CAAA;gBAEK,oBAAoB,GAAE;;;;oCACT,qBAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC,EAAC,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,IAAI,EAAE,iBAAiB,mBAAA,EAAC,CAAC,EAAA;;gCAAvG,MAAM,GAAG,SAA8F;gCAC7G,aAAa;gCACb,sBAAO,MAAM,CAAC,YAAY,EAAC;;;qBAC9B,CAAA;gBAEK,aAAa,GAAG,UAAC,KAAK;oBACxB,OAAO,gBAAgB,CAAC,YAAY,CAAC,CAAC,EAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAC,KAAK,OAAA,EAAC,EAAE,iBAAiB,mBAAA,EAAC,CAAC,CAAC;gBAChG,CAAC,CAAA;gBACK,WAAW,GAAG,sCAAsC,CAAC;gBACrD,aAAa,GAAE;;;wBAEX,QAAQ,GAAG,WAAW,GAAG,GAAG,GAAE,iBAAiB,CAAC;wBACtD,sBAAO,EAAC,KAAK,EAAC,QAAQ,EAAC,EAAC;;qBAC3B,CAAA;gBAED,sBAAO;wBACH,cAAc,gBAAA;wBACd,cAAc,gBAAA;wBACd,UAAU,YAAA;wBACV,SAAS,WAAA;wBACV,8BAA8B;wBAC7B,2BAA2B,6BAAA;wBAC3B,+BAA+B,iCAAA;wBAC/B,oBAAoB,sBAAA;wBACpB,oBAAoB,sBAAA;wBACpB,aAAa,eAAA;wBACb,aAAa,eAAA;wBACb,eAAe,iBAAA;qBAClB,EAAC;;;KACL,CAAA;AAhGY,QAAA,eAAe,mBAgG3B"}
|
package/dist/vanilla/oidc.d.ts
CHANGED
|
@@ -2,9 +2,11 @@ import { AuthorizationServiceConfiguration } from '@openid/appauth';
|
|
|
2
2
|
import { AuthorizationServiceConfigurationJson } from "@openid/appauth/src/authorization_service_configuration";
|
|
3
3
|
export interface OidcAuthorizationServiceConfigurationJson extends AuthorizationServiceConfigurationJson {
|
|
4
4
|
check_session_iframe?: string;
|
|
5
|
+
issuer: string;
|
|
5
6
|
}
|
|
6
7
|
export declare class OidcAuthorizationServiceConfiguration extends AuthorizationServiceConfiguration {
|
|
7
8
|
private check_session_iframe;
|
|
9
|
+
private issuer;
|
|
8
10
|
constructor(request: any);
|
|
9
11
|
}
|
|
10
12
|
export interface StringMap {
|
|
@@ -21,6 +23,7 @@ export interface AuthorityConfiguration {
|
|
|
21
23
|
end_session_endpoint?: string;
|
|
22
24
|
userinfo_endpoint?: string;
|
|
23
25
|
check_session_iframe?: string;
|
|
26
|
+
issuer: string;
|
|
24
27
|
}
|
|
25
28
|
export declare type OidcConfiguration = {
|
|
26
29
|
client_id: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/oidc/vanilla/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAGH,iCAAiC,EAQpC,MAAM,iBAAiB,CAAC;AASzB,OAAO,EAAC,qCAAqC,EAAC,MAAM,yDAAyD,CAAC;AA4D9G,MAAM,WAAW,yCAA0C,SAAQ,qCAAqC;IACpG,oBAAoB,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/oidc/vanilla/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAGH,iCAAiC,EAQpC,MAAM,iBAAiB,CAAC;AASzB,OAAO,EAAC,qCAAqC,EAAC,MAAM,yDAAyD,CAAC;AA4D9G,MAAM,WAAW,yCAA0C,SAAQ,qCAAqC;IACpG,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAC,MAAM,CAAC;CACjB;AAED,qBAAa,qCAAsC,SAAQ,iCAAiC;IACxF,OAAO,CAAC,oBAAoB,CAAS;IACrC,OAAO,CAAC,MAAM,CAAS;gBAEX,OAAO,EAAE,GAAG;CAU3B;AAGD,MAAM,WAAW,SAAS;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,sBAAsB;IACnC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,oBAAoB,CAAC,EAAC,MAAM,CAAC;IAC7B,MAAM,EAAC,MAAM,CAAC;CACjB;AAEA,oBAAY,iBAAiB,GAAG;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAC,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAC,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAC,MAAM,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C,CAAC,EAAE,MAAM,CAAC;IACpD,uBAAuB,CAAC,EAAE,sBAAsB,CAAC;IACjD,+CAA+C,CAAC,EAAE,MAAM,CAAC;IACzD,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,2BAA2B,CAAC,EAAC,MAAM,CAAC;IACpC,mBAAmB,CAAC,EAAC,OAAO,CAAC;IAC7B,MAAM,CAAC,EAAC,SAAS,CAAA;IACjB,oBAAoB,CAAC,EAAC,SAAS,CAAC;IAChC,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,eAAe,CAAC,EAAE,OAAO,CAAA;CAC7B,CAAC;AAsLF,qBAAa,IAAI;IACN,aAAa,EAAE,iBAAiB,CAAC;IACjC,QAAQ,EAAE,IAAI,CAAC;IACf,MAAM,EAAE,IAAI,CAAC;IACb,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,CAAC,SAAS,CAAiB;IAClC,OAAO,CAAC,aAAa,CAAC,CAAM;IAC5B,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,OAAO,CAAC,CAAM;IACtB,OAAO,CAAC,kBAAkB,CAAqB;gBACnC,aAAa,EAAC,iBAAiB,EAAE,iBAAiB,SAAU;IAkCxE,eAAe,CAAC,IAAI,KAAA;IAMpB,uBAAuB,CAAC,EAAE,KAAA;IAK1B,YAAY,CAAC,SAAS,KAAA,EAAE,IAAI,KAAA;IAK5B,MAAM,CAAC,WAAW,CAAC,aAAa,KAAA,EAAE,IAAI,SAAU;IAGhD,MAAM,CAAC,GAAG,CAAC,IAAI,SAAU;IAQzB,MAAM,CAAC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAc;IAE/B,8BAA8B;IAM9B,mCAAmC;IAO7B,wBAAwB;IAUxB,gBAAgB,CAAC,MAAM,GAAC,SAAc,EAAE,KAAK,GAAC,MAAW,EAAE,KAAK,GAAC,MAAW;IA8FlF,WAAW,MAAQ;IACb,SAAS,CAAC,SAAS,EAAC,MAAM,EAAE,sBAAsB,EAAC,sBAAsB;IA4B/E,6BAA6B,MAAQ;IAC/B,2BAA2B;IAoFjC,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,CAAM;IAC1B,UAAU,CAAC,YAAY,GAAC,MAAgB,EAAE,MAAM,GAAC,SAAc,EAAE,KAAK,GAAC,MAAgB,EAAE,cAAc,GAAC,OAAa,EAAE,KAAK,GAAC,MAAgB;IAyE7I,sBAAsB,CAAC,qBAAqB,KAAA,EAAE,QAAQ,KAAA,EAAE,YAAY,KAAA,EAAE,cAAc,UAAM;IAyDhG,oBAAoB,EAAG,OAAO,CAAC,GAAG,CAAC,CAAK;IAClC,kBAAkB,CAAC,aAAa,GAAC,OAAa;IA0B9C,mBAAmB,CAAC,cAAc,GAAC,OAAa;IAyIhD,sBAAsB,CAAC,YAAY,KAAA,EAAE,KAAK,SAAE,EAAE,YAAY,UAAO;IAgHjE,mBAAmB,CAAC,aAAa,KAAA,EAAE,iBAAiB,KAAA,EAAE,aAAa,KAAA,EAAE,YAAY,UAAO;;;;IA6C9F,uCAAuC,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAQ;IAC3E,qCAAqC,IAAG,OAAO,CAAC,mBAAmB,CAAC;IAWrE,eAAe,EAAC,OAAO,CAAC,GAAG,CAAC,CAAQ;IACnC,aAAa;IAWP,gBAAgB;IAShB,YAAY,CAAC,MAAM,KAAA;IAiBnB,kBAAkB,CAAC,QAAQ,KAAA,EAAE,GAAG,KAAA;IAQjC,mBAAmB,CAAC,QAAQ,KAAA,EAAE,GAAG,KAAA;IAQjC,WAAW,CAAC,iBAAiB,GAAE,MAAM,GAAG,IAAI,GAAG,SAAqB,EAAE,MAAM,GAAE,SAAgB;CAqDrG;AAGD,eAAe,IAAI,CAAC"}
|
package/dist/vanilla/oidc.js
CHANGED
|
@@ -75,7 +75,7 @@ var timer_1 = __importDefault(require("./timer"));
|
|
|
75
75
|
var checkSessionIFrame_1 = require("./checkSessionIFrame");
|
|
76
76
|
var route_utils_1 = require("./route-utils");
|
|
77
77
|
var parseTokens_1 = require("./parseTokens");
|
|
78
|
-
var performTokenRequestAsync = function (url, details, extras) { return __awaiter(void 0, void 0, void 0, function () {
|
|
78
|
+
var performTokenRequestAsync = function (url, details, extras, oldTokens) { return __awaiter(void 0, void 0, void 0, function () {
|
|
79
79
|
var _i, _a, _b, key, value, formBody, property, encodedKey, encodedValue, formBodyString, response, tokens;
|
|
80
80
|
return __generator(this, function (_c) {
|
|
81
81
|
switch (_c.label) {
|
|
@@ -111,7 +111,7 @@ var performTokenRequestAsync = function (url, details, extras) { return __awaite
|
|
|
111
111
|
tokens = _c.sent();
|
|
112
112
|
return [2 /*return*/, {
|
|
113
113
|
success: true,
|
|
114
|
-
data: (0, parseTokens_1.parseOriginalTokens)(tokens)
|
|
114
|
+
data: (0, parseTokens_1.parseOriginalTokens)(tokens, oldTokens)
|
|
115
115
|
}];
|
|
116
116
|
}
|
|
117
117
|
});
|
|
@@ -157,6 +157,7 @@ var OidcAuthorizationServiceConfiguration = /** @class */ (function (_super) {
|
|
|
157
157
|
_this.revocationEndpoint = request.revocation_endpoint;
|
|
158
158
|
_this.userInfoEndpoint = request.userinfo_endpoint;
|
|
159
159
|
_this.check_session_iframe = request.check_session_iframe;
|
|
160
|
+
_this.issuer = request.issuer;
|
|
160
161
|
return _this;
|
|
161
162
|
}
|
|
162
163
|
return OidcAuthorizationServiceConfiguration;
|
|
@@ -608,6 +609,7 @@ var Oidc = /** @class */ (function () {
|
|
|
608
609
|
token_endpoint: authorityConfiguration.token_endpoint,
|
|
609
610
|
userinfo_endpoint: authorityConfiguration.userinfo_endpoint,
|
|
610
611
|
check_session_iframe: authorityConfiguration.check_session_iframe,
|
|
612
|
+
issuer: authorityConfiguration.issuer,
|
|
611
613
|
})];
|
|
612
614
|
}
|
|
613
615
|
return [4 /*yield*/, (0, initWorker_1.initWorkerAsync)(this.configuration.service_worker_relative_url, this.configurationName)];
|
|
@@ -697,7 +699,7 @@ var Oidc = /** @class */ (function () {
|
|
|
697
699
|
tokens = (_b.sent()).tokens;
|
|
698
700
|
if (!tokens) return [3 /*break*/, 11];
|
|
699
701
|
// @ts-ignore
|
|
700
|
-
this.tokens = (0, parseTokens_1.setTokens)(tokens);
|
|
702
|
+
this.tokens = (0, parseTokens_1.setTokens)(tokens, null);
|
|
701
703
|
//session.setTokens(this.tokens);
|
|
702
704
|
this.session = session;
|
|
703
705
|
// @ts-ignore
|
|
@@ -756,12 +758,12 @@ var Oidc = /** @class */ (function () {
|
|
|
756
758
|
return [2 /*return*/, this.loginPromise];
|
|
757
759
|
}
|
|
758
760
|
loginLocalAsync = function () { return __awaiter(_this, void 0, void 0, function () {
|
|
759
|
-
var location_1, url, configuration, redirectUri, serviceWorker, oidcServerConfiguration, storage, session,
|
|
761
|
+
var location_1, url, configuration, redirectUri, randomString, extraFinal, nonce, serviceWorker, oidcServerConfiguration, storage, session, queryStringUtil, authorizationHandler, authRequest, exception_2;
|
|
760
762
|
var _a;
|
|
761
763
|
return __generator(this, function (_b) {
|
|
762
764
|
switch (_b.label) {
|
|
763
765
|
case 0:
|
|
764
|
-
_b.trys.push([0,
|
|
766
|
+
_b.trys.push([0, 9, , 10]);
|
|
765
767
|
location_1 = window.location;
|
|
766
768
|
url = callbackPath || location_1.pathname + (location_1.search || '') + (location_1.hash || '');
|
|
767
769
|
this.publishEvent(eventNames.loginAsync_begin, {});
|
|
@@ -770,7 +772,20 @@ var Oidc = /** @class */ (function () {
|
|
|
770
772
|
if (!scope) {
|
|
771
773
|
scope = configuration.scope;
|
|
772
774
|
}
|
|
775
|
+
randomString = function (length) {
|
|
776
|
+
var text = "";
|
|
777
|
+
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
778
|
+
for (var i = 0; i < length; i++) {
|
|
779
|
+
text += possible.charAt(Math.floor(Math.random() * possible.length));
|
|
780
|
+
}
|
|
781
|
+
return text;
|
|
782
|
+
};
|
|
773
783
|
setLoginParams(this.configurationName, redirectUri, { callbackPath: url, extras: extras, state: state });
|
|
784
|
+
extraFinal = (_a = extras !== null && extras !== void 0 ? extras : configuration.extras) !== null && _a !== void 0 ? _a : {};
|
|
785
|
+
if (!extraFinal.nonce) {
|
|
786
|
+
extraFinal["nonce"] = randomString(12);
|
|
787
|
+
}
|
|
788
|
+
nonce = { "nonce": extraFinal.nonce };
|
|
774
789
|
return [4 /*yield*/, (0, initWorker_1.initWorkerAsync)(configuration.service_worker_relative_url, this.configurationName)];
|
|
775
790
|
case 1:
|
|
776
791
|
serviceWorker = _b.sent();
|
|
@@ -778,22 +793,27 @@ var Oidc = /** @class */ (function () {
|
|
|
778
793
|
case 2:
|
|
779
794
|
oidcServerConfiguration = _b.sent();
|
|
780
795
|
storage = void 0;
|
|
781
|
-
if (!serviceWorker) return [3 /*break*/,
|
|
796
|
+
if (!serviceWorker) return [3 /*break*/, 6];
|
|
782
797
|
serviceWorker.startKeepAliveServiceWorker();
|
|
783
798
|
return [4 /*yield*/, serviceWorker.initAsync(oidcServerConfiguration, "loginAsync")];
|
|
784
799
|
case 3:
|
|
785
800
|
_b.sent();
|
|
786
|
-
|
|
787
|
-
return [4 /*yield*/, storage.setItem("dummy", {})];
|
|
801
|
+
return [4 /*yield*/, serviceWorker.setNonceAsync(nonce)];
|
|
788
802
|
case 4:
|
|
789
803
|
_b.sent();
|
|
790
|
-
|
|
804
|
+
storage = new memoryStorageBackend_1.MemoryStorageBackend(serviceWorker.saveItemsAsync, {});
|
|
805
|
+
return [4 /*yield*/, storage.setItem("dummy", {})];
|
|
791
806
|
case 5:
|
|
807
|
+
_b.sent();
|
|
808
|
+
return [3 /*break*/, 8];
|
|
809
|
+
case 6:
|
|
792
810
|
session = (0, initSession_1.initSession)(this.configurationName, redirectUri);
|
|
811
|
+
return [4 /*yield*/, session.setNonceAsync(nonce)];
|
|
812
|
+
case 7:
|
|
813
|
+
_b.sent();
|
|
793
814
|
storage = new memoryStorageBackend_1.MemoryStorageBackend(session.saveItemsAsync, {});
|
|
794
|
-
_b.label =
|
|
795
|
-
case
|
|
796
|
-
extraFinal = (_a = extras !== null && extras !== void 0 ? extras : configuration.extras) !== null && _a !== void 0 ? _a : {};
|
|
815
|
+
_b.label = 8;
|
|
816
|
+
case 8:
|
|
797
817
|
queryStringUtil = redirectUri.includes("#") ? new noHashQueryStringUtils_1.HashQueryStringUtils() : new noHashQueryStringUtils_1.NoHashQueryStringUtils();
|
|
798
818
|
authorizationHandler = new appauth_1.RedirectRequestHandler(storage, queryStringUtil, window.location, new appauth_1.DefaultCrypto());
|
|
799
819
|
authRequest = new appauth_1.AuthorizationRequest({
|
|
@@ -805,12 +825,12 @@ var Oidc = /** @class */ (function () {
|
|
|
805
825
|
extras: extraFinal
|
|
806
826
|
});
|
|
807
827
|
authorizationHandler.performAuthorizationRequest(oidcServerConfiguration, authRequest);
|
|
808
|
-
return [3 /*break*/,
|
|
809
|
-
case
|
|
828
|
+
return [3 /*break*/, 10];
|
|
829
|
+
case 9:
|
|
810
830
|
exception_2 = _b.sent();
|
|
811
831
|
this.publishEvent(eventNames.loginAsync_error, exception_2);
|
|
812
832
|
throw exception_2;
|
|
813
|
-
case
|
|
833
|
+
case 10: return [2 /*return*/];
|
|
814
834
|
}
|
|
815
835
|
});
|
|
816
836
|
}); };
|
|
@@ -941,12 +961,12 @@ var Oidc = /** @class */ (function () {
|
|
|
941
961
|
var _a;
|
|
942
962
|
if (isSilentSignin === void 0) { isSilentSignin = false; }
|
|
943
963
|
return __awaiter(this, void 0, void 0, function () {
|
|
944
|
-
var configuration_2, clientId_1, redirectUri_1, authority, tokenRequestTimeout_1, oidcServerConfiguration_1, queryParams, sessionState_2, serviceWorker_1, storage_1, items, dummy, session, items, exception_3;
|
|
964
|
+
var configuration_2, clientId_1, redirectUri_1, authority, tokenRequestTimeout_1, oidcServerConfiguration_1, queryParams, sessionState_2, serviceWorker_1, storage_1, nonceData_1, items, dummy, session, items, exception_3;
|
|
945
965
|
var _this = this;
|
|
946
966
|
return __generator(this, function (_b) {
|
|
947
967
|
switch (_b.label) {
|
|
948
968
|
case 0:
|
|
949
|
-
_b.trys.push([0,
|
|
969
|
+
_b.trys.push([0, 13, , 14]);
|
|
950
970
|
this.publishEvent(eventNames.loginCallbackAsync_begin, {});
|
|
951
971
|
configuration_2 = this.configuration;
|
|
952
972
|
clientId_1 = configuration_2.client_id;
|
|
@@ -962,7 +982,8 @@ var Oidc = /** @class */ (function () {
|
|
|
962
982
|
case 2:
|
|
963
983
|
serviceWorker_1 = _b.sent();
|
|
964
984
|
storage_1 = null;
|
|
965
|
-
|
|
985
|
+
nonceData_1 = null;
|
|
986
|
+
if (!serviceWorker_1) return [3 /*break*/, 9];
|
|
966
987
|
serviceWorker_1.startKeepAliveServiceWorker();
|
|
967
988
|
this.serviceWorker = serviceWorker_1;
|
|
968
989
|
return [4 /*yield*/, serviceWorker_1.initAsync(oidcServerConfiguration_1, "loginCallbackAsync")];
|
|
@@ -984,17 +1005,23 @@ var Oidc = /** @class */ (function () {
|
|
|
984
1005
|
return [4 /*yield*/, serviceWorker_1.setSessionStateAsync(sessionState_2)];
|
|
985
1006
|
case 7:
|
|
986
1007
|
_b.sent();
|
|
987
|
-
return [
|
|
1008
|
+
return [4 /*yield*/, serviceWorker_1.getNonceAsync()];
|
|
988
1009
|
case 8:
|
|
1010
|
+
nonceData_1 = _b.sent();
|
|
1011
|
+
return [3 /*break*/, 12];
|
|
1012
|
+
case 9:
|
|
989
1013
|
this.session = (0, initSession_1.initSession)(this.configurationName, redirectUri_1, (_a = configuration_2.storage) !== null && _a !== void 0 ? _a : sessionStorage);
|
|
990
1014
|
session = (0, initSession_1.initSession)(this.configurationName, redirectUri_1);
|
|
991
1015
|
session.setSessionState(sessionState_2);
|
|
992
1016
|
return [4 /*yield*/, session.loadItemsAsync()];
|
|
993
|
-
case
|
|
1017
|
+
case 10:
|
|
994
1018
|
items = _b.sent();
|
|
995
1019
|
storage_1 = new memoryStorageBackend_1.MemoryStorageBackend(session.saveItemsAsync, items);
|
|
996
|
-
|
|
997
|
-
case
|
|
1020
|
+
return [4 /*yield*/, session.getNonceAsync()];
|
|
1021
|
+
case 11:
|
|
1022
|
+
nonceData_1 = _b.sent();
|
|
1023
|
+
_b.label = 12;
|
|
1024
|
+
case 12: return [2 /*return*/, new Promise(function (resolve, reject) {
|
|
998
1025
|
// @ts-ignore
|
|
999
1026
|
var queryStringUtil = new noHashQueryStringUtils_1.NoHashQueryStringUtils();
|
|
1000
1027
|
if (redirectUri_1.includes("#")) {
|
|
@@ -1042,7 +1069,7 @@ var Oidc = /** @class */ (function () {
|
|
|
1042
1069
|
try {
|
|
1043
1070
|
var tokenHandler = new appauth_1.BaseTokenRequestHandler(new appauth_1.FetchRequestor());
|
|
1044
1071
|
tokenHandler.performTokenRequest(oidcServerConfiguration_1, tokenRequest).then(function (tokenResponse) { return __awaiter(_this, void 0, void 0, function () {
|
|
1045
|
-
var loginParams_1, tokens;
|
|
1072
|
+
var loginParams_1, tokens, exception;
|
|
1046
1073
|
var _this = this;
|
|
1047
1074
|
return __generator(this, function (_a) {
|
|
1048
1075
|
switch (_a.label) {
|
|
@@ -1058,6 +1085,17 @@ var Oidc = /** @class */ (function () {
|
|
|
1058
1085
|
tokenResponse = tokens;
|
|
1059
1086
|
_a.label = 2;
|
|
1060
1087
|
case 2:
|
|
1088
|
+
;
|
|
1089
|
+
if (!(0, parseTokens_1.isTokensOidcValid)(tokenResponse, nonceData_1.nonce, oidcServerConfiguration_1)) {
|
|
1090
|
+
exception = new Error("Tokens are not OpenID valid");
|
|
1091
|
+
if (timeoutId) {
|
|
1092
|
+
clearTimeout(timeoutId);
|
|
1093
|
+
this.timeoutId = null;
|
|
1094
|
+
this.publishEvent(eventNames.loginCallbackAsync_error, exception);
|
|
1095
|
+
console.error(exception);
|
|
1096
|
+
reject(exception);
|
|
1097
|
+
}
|
|
1098
|
+
}
|
|
1061
1099
|
// @ts-ignore
|
|
1062
1100
|
this.startCheckSessionAsync(oidcServerConfiguration_1.check_session_iframe, clientId_1, sessionState_2, isSilentSignin).then(function () {
|
|
1063
1101
|
_this.publishEvent(eventNames.loginCallbackAsync_end, {});
|
|
@@ -1085,12 +1123,12 @@ var Oidc = /** @class */ (function () {
|
|
|
1085
1123
|
});
|
|
1086
1124
|
authorizationHandler.completeAuthorizationRequestIfPossible();
|
|
1087
1125
|
})];
|
|
1088
|
-
case
|
|
1126
|
+
case 13:
|
|
1089
1127
|
exception_3 = _b.sent();
|
|
1090
1128
|
console.error(exception_3);
|
|
1091
1129
|
this.publishEvent(eventNames.loginCallbackAsync_error, exception_3);
|
|
1092
1130
|
throw exception_3;
|
|
1093
|
-
case
|
|
1131
|
+
case 14: return [2 /*return*/];
|
|
1094
1132
|
}
|
|
1095
1133
|
});
|
|
1096
1134
|
});
|
|
@@ -1215,10 +1253,14 @@ var Oidc = /** @class */ (function () {
|
|
|
1215
1253
|
return [4 /*yield*/, this.initAsync(authority, configuration.authority_configuration)];
|
|
1216
1254
|
case 19:
|
|
1217
1255
|
oidcServerConfiguration = _e.sent();
|
|
1218
|
-
return [4 /*yield*/, performTokenRequestAsync(oidcServerConfiguration.tokenEndpoint, details, extras)];
|
|
1256
|
+
return [4 /*yield*/, performTokenRequestAsync(oidcServerConfiguration.tokenEndpoint, details, extras, tokens)];
|
|
1219
1257
|
case 20:
|
|
1220
1258
|
tokenResponse = _e.sent();
|
|
1221
1259
|
if (!tokenResponse.success) return [3 /*break*/, 21];
|
|
1260
|
+
if (!(0, parseTokens_1.isTokensOidcValid)(tokenResponse.data, null, oidcServerConfiguration)) {
|
|
1261
|
+
this.publishEvent(eventNames.refreshTokensAsync_error, { message: "refresh token return not valid tokens" });
|
|
1262
|
+
return [2 /*return*/, { tokens: null, status: "SESSION_LOST" }];
|
|
1263
|
+
}
|
|
1222
1264
|
this.publishEvent(eventNames.refreshTokensAsync_end, { success: tokenResponse.success });
|
|
1223
1265
|
this.publishEvent(Oidc.eventNames.token_renewed, {});
|
|
1224
1266
|
return [2 /*return*/, { tokens: tokenResponse.data, status: "LOGGED_IN" }];
|