@axa-fr/react-oidc 6.6.7 → 6.6.9-alpha0

package/src/oidc/vanilla/oidc.ts

@@ -19,10 +19,44 @@ import timer from './timer';
 import {CheckSessionIFrame} from "./checkSessionIFrame"
 import {getParseQueryStringFromLocation} from "./route-utils";
 import {AuthorizationServiceConfigurationJson} from "@openid/appauth/src/authorization_service_configuration";
-import {computeTimeLeft, isTokensOidcValid, isTokensValid, parseOriginalTokens, setTokens} from "./parseTokens";
+import {computeTimeLeft, isTokensOidcValid, isTokensValid, parseOriginalTokens, setTokens, Tokens} from "./parseTokens";
+
+const TOKEN_TYPE ={
+    refresh_token:"refresh_token",
+    access_token:"access_token"
+}
+
+const performRevocationRequestAsync= async (url, token, token_type=TOKEN_TYPE.refresh_token, client_id) => {
+    const details = {
+        token:token,
+        token_type_hint:token_type,
+        client_id: client_id
+    }
+
+    let formBody = [];
+    for (const property in details) {
+        const encodedKey = encodeURIComponent(property);
+        const encodedValue = encodeURIComponent(details[property]);
+        formBody.push(`${encodedKey}=${encodedValue}`);
+    }
+    const formBodyString = formBody.join("&");
+
+    const response = await internalFetch(url, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
+        },
+        body: formBodyString,
+    });
+    if(response.status !== 200){
+        return { success:false };
+    }
+    return {
+        success : true
+    };
+}
 
 const performTokenRequestAsync= async (url, details, extras, oldTokens) => {
-    
     for (let [key, value] of Object.entries(extras)) {
         if (details[key] === undefined) {
             details[key] = value;
@@ -77,6 +111,15 @@ const internalFetch = async (url, headers, numberRetry=0) => {
     return response;
 }
 
+const randomString = function(length) {
+    let text = "";
+    const possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    for(let i = 0; i < length; i++) {
+        text += possible.charAt(Math.floor(Math.random() * possible.length));
+    }
+    return text;
+}
+
 export interface OidcAuthorizationServiceConfigurationJson extends AuthorizationServiceConfigurationJson{
     check_session_iframe?: string;
     issuer:string;
@@ -103,10 +146,6 @@ export interface StringMap {
     [key: string]: string;
 }
 
-export interface loginCallbackResult {
-    state: string,
-    callbackPath: string,
-}
 
 export interface AuthorityConfiguration {
     authorization_endpoint: string;
@@ -146,16 +185,25 @@ const oidcFactory = (configuration: OidcConfiguration, name="default") => {
     oidcDatabase[name] = new Oidc(configuration, name)
     return oidcDatabase[name];
 }
+export type LoginCallback = {
+    callbackPath:string
+}
+
+export type InternalLoginCallback = {
+    callbackPath:string
+    parsedTokens:Tokens,
+}
 
-const loginCallbackWithAutoTokensRenewAsync = async (oidc) => {
-    const { parsedTokens, state, callbackPath } = await oidc.loginCallbackAsync();
+const loginCallbackWithAutoTokensRenewAsync = async (oidc) : Promise<LoginCallback> => {
+    const { parsedTokens, callbackPath } = await oidc.loginCallbackAsync();
     oidc.timeoutId = autoRenewTokens(oidc, parsedTokens.refreshToken, parsedTokens.expiresAt)
-    return { state, callbackPath };
+    return { callbackPath };
 }
 
 async function renewTokensAndStartTimerAsync(oidc, refreshToken, forceRefresh =false, extras:StringMap=null) {
-    const {tokens, status} = await oidc.synchroniseTokensAsync(refreshToken, 0, forceRefresh, extras);
-    oidc.tokens = tokens;
+    const updateTokens = (tokens) => oidc.tokens = tokens;
+    const {tokens, status} = await oidc.synchroniseTokensAsync(refreshToken, 0, forceRefresh, extras, updateTokens);
+    
     const serviceWorker = await initWorkerAsync(oidc.configuration.service_worker_relative_url, oidc.configurationName);
     if (!serviceWorker) {
         const session = initSession(oidc.configurationName, oidc.configuration.redirect_uri, oidc.configuration.storage);
@@ -306,24 +354,10 @@ const fetchFromIssuer = async (openIdIssuerUrl: string, timeCacheSecond = oneHou
     return new OidcAuthorizationServiceConfiguration(result);
 }
 
-const buildQueries = (extras:StringMap) => {
-    let queries = '';
-    if(extras != null){
-        for (let [key, value] of Object.entries(extras)) {
-            if (queries === ""){
-                queries = `?${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
-            } else {
-                queries+= `&${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
-            }
-        }
-    }
-    return queries;
-}
-
 export class Oidc {
     public configuration: OidcConfiguration;
     public userInfo: null;
-    public tokens: null;
+    public tokens?: Tokens;
     public events: Array<any>;
     private timeoutId: NodeJS.Timeout;
     private configurationName: string;
@@ -360,13 +394,13 @@ export class Oidc {
       this.initAsync(this.configuration.authority, this.configuration.authority_configuration);
     }
 
-    subscriveEvents(func){
+    subscriveEvents(func):string{
         const id = getRandomInt(9999999999999).toString();
         this.events.push({id, func});
         return id;
     }
 
-    removeEventSubscription(id){
+    removeEventSubscription(id) :void{
        const newEvents = this.events.filter(e =>  e.id !== id);
        this.events = newEvents;
     }
@@ -402,7 +436,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
         }
     }
     
-    async silentLoginCallBackAsync() {
+    async silentLoginCallbackAsync() {
         try {
             await this.loginCallbackAsync(true);
             this._silentLoginCallbackFromIFrame();
@@ -536,11 +570,10 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
     }
 
     tryKeepExistingSessionPromise = null;
-    async tryKeepExistingSessionAsync() {
+    async tryKeepExistingSessionAsync() :Promise<boolean> {
         if(this.tryKeepExistingSessionPromise !== null){
             return this.tryKeepExistingSessionPromise;
         }
-        
         const funcAsync  =async () => {
             let serviceWorker
             if (this.tokens != null) {
@@ -617,25 +650,20 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
         });
     }
 
-    loginPromise: Promise<any>=null;
+    loginPromise: Promise<void>=null;
     async loginAsync(callbackPath:string=undefined, extras:StringMap=null, isSilentSignin:boolean=false, scope:string=undefined, silentLoginOnly = false) {
         if(this.loginPromise !== null){
             return this.loginPromise;
         }
-        
         const loginLocalAsync=async () => {
-            
                 const location = window.location;
                 const url = callbackPath || location.pathname + (location.search || '') + (location.hash || '');
-               
                 const configuration = this.configuration;
             let state = undefined;
             if(extras && "state" in extras){
                 state = extras["state"];
                 delete extras["state"];
             }
-           
-
                 if(silentLoginOnly){
                     try {
                         const extraFinal = extras ?? configuration.extras ?? {};
@@ -662,15 +690,6 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                     scope = configuration.scope;
                 }
 
-                const randomString = function(length) {
-                    let text = "";
-                    const possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
-                    for(let i = 0; i < length; i++) {
-                        text += possible.charAt(Math.floor(Math.random() * possible.length));
-                    }
-                    return text;
-                }
-
                 setLoginParams(this.configurationName, redirectUri, {callbackPath: url, extras, state});
                 const extraFinal = extras ?? configuration.extras ?? {};
                 if(!extraFinal.nonce) {
@@ -693,7 +712,6 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                     storage = new MemoryStorageBackend(session.saveItemsAsync, {});
                 }
                 
-                
                 // @ts-ignore
                 const queryStringUtil = redirectUri.includes("#") ? new HashQueryStringUtils() : new NoHashQueryStringUtils();
                 const authorizationHandler = new RedirectRequestHandler(storage, queryStringUtil, window.location, new DefaultCrypto());
@@ -781,24 +799,22 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
             return this.loginCallbackPromise;
         }
         
-        const loginCallbackLocalAsync= async( ) =>{
+        const loginCallbackLocalAsync= async():Promise<InternalLoginCallback> =>{
             const response = await this._loginCallbackAsync(isSilenSignin);
             // @ts-ignore
-            const tokens = response.tokens;
-            const parsedTokens = setTokens(tokens);
-            this.tokens = parsedTokens;
+            const parsedTokens = response.tokens;
+            // @ts-ignore
+            this.tokens = response.tokens;
             const oidc = this;
             const serviceWorker = await initWorkerAsync(oidc.configuration.service_worker_relative_url, oidc.configurationName);
             if (!serviceWorker) {
                 const session = initSession(this.configurationName, oidc.configuration.redirect_uri, oidc.configuration.storage);
                 await session.setTokens(parsedTokens);
             }
-            
             this.publishEvent(Oidc.eventNames.token_aquired, parsedTokens);
             // @ts-ignore
             return  { parsedTokens, state:response.state, callbackPath : response.callbackPath};
         }
-        
         this.loginCallbackPromise = loginCallbackLocalAsync();
         return this.loginCallbackPromise.then(result =>{
             this.loginCallbackPromise = null;
@@ -891,16 +907,19 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                     try {
                         const tokenHandler = new BaseTokenRequestHandler(new FetchRequestor());
                         tokenHandler.performTokenRequest(oidcServerConfiguration, tokenRequest).then(async (tokenResponse) => {
+                            
                             if (timeoutId) {
                                 clearTimeout(timeoutId);
                                 this.timeoutId = null;
                                 const loginParams = getLoginParams(this.configurationName, redirectUri);
-
+                                let formattedTokens = null;
                                 if (serviceWorker) {
                                     const {tokens} = await serviceWorker.initAsync(oidcServerConfiguration, "syncTokensAsync");
-                                    tokenResponse = tokens;
+                                    formattedTokens = tokens;
+                                } else{
+                                    formattedTokens = setTokens(tokenResponse);
                                 }
-                                if(!isTokensOidcValid(tokenResponse, nonceData.nonce, oidcServerConfiguration)){
+                                if(!isTokensOidcValid(formattedTokens, nonceData.nonce, oidcServerConfiguration)){
                                     const exception = new Error("Tokens are not OpenID valid");
                                     if(timeoutId) {
                                         clearTimeout(timeoutId);
@@ -915,7 +934,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                                 this.startCheckSessionAsync(oidcServerConfiguration.check_session_iframe, clientId, sessionState, isSilentSignin).then(() => {
                                     this.publishEvent(eventNames.loginCallbackAsync_end, {});
                                     resolve({
-                                        tokens: tokenResponse,
+                                        tokens: formattedTokens,
                                         state: request.state,
                                         callbackPath: loginParams.callbackPath,
                                     });
@@ -941,12 +960,11 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
         }
     }
 
-    async synchroniseTokensAsync(refreshToken, index=0, forceRefresh =false, extras:StringMap=null) {
-        
+    async synchroniseTokensAsync(refreshToken, index=0, forceRefresh =false, extras:StringMap=null, updateTokens) {
             if (document.hidden) {
                 await sleepAsync(1000);
                 this.publishEvent(eventNames.refreshTokensAsync, {message: "wait because document is hidden"});
-                return await this.synchroniseTokensAsync(refreshToken, index, forceRefresh);
+                return await this.synchroniseTokensAsync(refreshToken, index, forceRefresh, extras, updateTokens);
             }
             let numberTryOnline = 6;
             while (!navigator.onLine && numberTryOnline > 0) {
@@ -968,6 +986,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                     prompt: "none"
                 }, loginParams.state);
                 if (silent_token_response) {
+                    updateTokens(silent_token_response.tokens);
                     this.publishEvent(Oidc.eventNames.token_renewed, {});
                     return {tokens:silent_token_response.tokens, status:"LOGGED"};
                 }
@@ -975,12 +994,14 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                 console.error(exceptionSilent);
                 this.publishEvent(eventNames.refreshTokensAsync_silent_error, {message: "exceptionSilent" ,exception: exceptionSilent.message});
                 if(exceptionSilent && exceptionSilent.message && exceptionSilent.message.startsWith("oidc")){
+                    updateTokens(null);
                     this.publishEvent(eventNames.refreshTokensAsync_error, {message: `refresh token silent` });
                     return {tokens:null, status:"SESSION_LOST"};
                 } 
                 await sleepAsync(1000);
                 throw exceptionSilent;
             }
+            updateTokens(null);
             this.publishEvent(eventNames.refreshTokensAsync_error, {message: `refresh token silent return` });
             return {tokens:null, status:"SESSION_LOST"};
         }
@@ -990,16 +1011,21 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                     const { status, tokens, nonce } = await this.syncTokensInfoAsync(configuration, this.configurationName, this.tokens, forceRefresh);
                     switch (status) {
                         case "SESSION_LOST":
+                            updateTokens(null);
                             this.publishEvent(eventNames.refreshTokensAsync_error, {message: `refresh token session lost` });
                             return {tokens:null, status:"SESSION_LOST"};
                         case "NOT_CONNECTED":
+                            updateTokens(null);
                             return {tokens:null, status:null};
                         case "TOKENS_VALID":
+                            updateTokens(tokens);
                             return {tokens, status:"LOGGED_IN"};
                         case "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID":
+                            updateTokens(tokens);
                             this.publishEvent(Oidc.eventNames.token_renewed, {});
                             return {tokens, status:"LOGGED_IN"};
                         case "LOGOUT_FROM_ANOTHER_TAB":
+                            updateTokens(null);
                             this.publishEvent(eventNames.logout_from_another_tab, {"status": "session syncTokensAsync"});
                             return {tokens:null, status:"LOGGED_OUT"};
                         case "REQUIRE_SYNC_TOKENS":
@@ -1008,7 +1034,6 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                         default:
                             if(!refreshToken)
                             {
-                                this.publishEvent(eventNames.refreshTokensAsync_begin, {refreshToken:refreshToken, tryNumber: index});
                                 return await localsilentLoginAsync();
                             }
                             this.publishEvent(eventNames.refreshTokensAsync_begin, {refreshToken:refreshToken, status, tryNumber: index});
@@ -1028,9 +1053,11 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                             const tokenResponse = await performTokenRequestAsync(oidcServerConfiguration.tokenEndpoint, details, finalExtras, tokens);
                             if (tokenResponse.success) {
                                 if(!isTokensOidcValid(tokenResponse.data, nonce.nonce, oidcServerConfiguration)){
+                                    updateTokens(null);
                                     this.publishEvent(eventNames.refreshTokensAsync_error, {message: `refresh token return not valid tokens` });
                                     return {tokens:null, status:"SESSION_LOST"};
                                 }
+                                updateTokens(tokenResponse.data);
                                 this.publishEvent(eventNames.refreshTokensAsync_end, {success: tokenResponse.success});
                                 this.publishEvent(Oidc.eventNames.token_renewed, {});
                                 return {tokens: tokenResponse.data, status:"LOGGED_IN"};
@@ -1039,13 +1066,13 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                                     message: "bad request",
                                     tokenResponse: tokenResponse
                                 });
-                                return await this.synchroniseTokensAsync(null, index+1, forceRefresh);
+                                return await this.synchroniseTokensAsync(null, index+1, forceRefresh, extras, updateTokens);
                             }
                     }
                 } catch (exception) {
                     console.error(exception);
                     this.publishEvent(eventNames.refreshTokensAsync_silent_error, {message: "exception" ,exception: exception.message});
-                    return this.synchroniseTokensAsync(refreshToken, index+1, forceRefresh);
+                    return this.synchroniseTokensAsync(refreshToken, index+1, forceRefresh, extras, updateTokens);
                 }
             }
 
@@ -1103,8 +1130,8 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
         return { tokens:currentTokens, status, nonce};
     }
 
-    loginCallbackWithAutoTokensRenewPromise:Promise<loginCallbackResult> = null;
-     loginCallbackWithAutoTokensRenewAsync():Promise<loginCallbackResult>{
+    loginCallbackWithAutoTokensRenewPromise:Promise<LoginCallback> = null;
+     loginCallbackWithAutoTokensRenewAsync():Promise<LoginCallback>{
          if(this.loginCallbackWithAutoTokensRenewPromise !== null){
              return this.loginCallbackWithAutoTokensRenewPromise;
          }
@@ -1187,6 +1214,21 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
 		const url = isUri ? callbackPathOrUrl : window.location.origin + path;
         // @ts-ignore
         const idToken = this.tokens ? this.tokens.idToken : "";
+        const revocationEndpoint = oidcServerConfiguration.revocationEndpoint;
+        if(revocationEndpoint) {
+            const promises = [];
+            if(this.tokens.accessToken){
+                const revokeAccessTokenPromise = performRevocationRequestAsync(revocationEndpoint, this.tokens.accessToken, TOKEN_TYPE.refresh_token, configuration.client_id);
+                promises.push(revokeAccessTokenPromise);
+            }
+            if(this.tokens.refreshToken) {
+                const revokeRefreshTokenPromise = performRevocationRequestAsync(revocationEndpoint, this.tokens.refreshToken, TOKEN_TYPE.refresh_token, configuration.client_id);
+                promises.push(revokeRefreshTokenPromise);
+            }
+            if(promises.length > 0){
+                await Promise.all(promises);
+            }
+        }
         // @ts-ignore
         const sub = this.tokens && this.tokens.idTokenPayload ? this.tokens.idTokenPayload.sub : null;
         await this.destroyAsync("LOGGED_OUT");
@@ -1196,6 +1238,7 @@ Please checkout that you are using OIDC hook inside a <OidcProvider configuratio
                 await oidc.logoutSameTabAsync(this.configuration.client_id, sub);
             }
         }
+
         
         if(oidcServerConfiguration.endSessionEndpoint) {
             if(!extras){

package/src/oidc/vanilla/parseTokens.ts

@@ -24,8 +24,17 @@ const countLetter = (str, find)=> {
     return (str.split(find)).length - 1;
 }
 
-
-export const setTokens = (tokens, oldTokens=null) =>{
+export type Tokens = {
+    refreshToken: string,
+    idTokenPayload:any,
+    idToken:string,
+    accessTokenPayload:any,
+    accessToken:string,
+    expiresAt: number,
+    issuedAt: number
+};
+
+export const setTokens = (tokens, oldTokens=null):Tokens =>{
     
     if(!tokens){
         return null;
@@ -45,9 +54,9 @@ export const setTokens = (tokens, oldTokens=null) =>{
     }
     const _idTokenPayload = tokens.idTokenPayload ? tokens.idTokenPayload : extractTokenPayload(tokens.idToken);
 
-    const idTokenExipreAt =(_idTokenPayload && _idTokenPayload.exp) ? _idTokenPayload.exp: Number.MAX_VALUE;
+    const idTokenExpireAt =(_idTokenPayload && _idTokenPayload.exp) ? _idTokenPayload.exp: Number.MAX_VALUE;
     const accessTokenExpiresAt =  (accessTokenPayload && accessTokenPayload.exp)? accessTokenPayload.exp : tokens.issuedAt + tokens.expiresIn;
-    const expiresAt = idTokenExipreAt < accessTokenExpiresAt ? idTokenExipreAt : accessTokenExpiresAt;
+    const expiresAt = idTokenExpireAt < accessTokenExpiresAt ? idTokenExpireAt : accessTokenExpiresAt;
     
     const newTokens = {...tokens, idTokenPayload: _idTokenPayload, accessTokenPayload, expiresAt};
     // When refresh_token is not rotated we reuse ald refresh_token

package/src/oidc/vanilla/timer.ts

@@ -32,9 +32,9 @@
             };
 
             function onMessage(port, event) {
-                var method = event.data[0];
-                var id = event.data[1];
-                var option = event.data[2];
+                const method = event.data[0];
+                const id = event.data[1];
+                const option = event.data[2];
 
                 if (methods[method]) {
                     methods[method](port, id, option);

package/src/oidc/vanilla/vanillaOidc.ts

@@ -0,0 +1,74 @@
+import {LoginCallback, Oidc, OidcConfiguration, StringMap} from "./oidc";
+import {isTokensValid} from "./parseTokens";
+import {sleepAsync} from "./initWorker";
+import {Tokens} from "./parseTokens";
+
+type ValidToken = {
+    isTokensValid: Boolean,
+    tokens: Tokens,
+    numberWaited: Number
+}
+
+export class VanillaOidc {
+    private _oidc: Oidc;
+    constructor(oidc: Oidc) {
+        this._oidc = oidc;
+    }
+    subscriveEvents(func:Function):string{
+        return this._oidc.subscriveEvents(func);
+    }
+    removeEventSubscription(id:string):void{
+        this._oidc.removeEventSubscription(id);
+    }
+    publishEvent(eventName:string, data:any) : void{
+        this._oidc.publishEvent(eventName, data);
+    }
+    static getOrCreate(configuration:OidcConfiguration, name:string="default"):VanillaOidc {
+        return new VanillaOidc(Oidc.getOrCreate(configuration, name));
+    }
+    static get(name:string="default"):VanillaOidc {
+        return new VanillaOidc(Oidc.get(name));
+    }
+    static eventNames = Oidc.eventNames;
+    tryKeepExistingSessionAsync():Promise<boolean>{
+        return this._oidc.tryKeepExistingSessionAsync();
+    }
+    loginAsync(callbackPath:string=undefined, extras:StringMap=null, isSilentSignin:boolean=false, scope:string=undefined, silentLoginOnly = false):Promise<void> {
+        return this._oidc.loginAsync(callbackPath, extras, isSilentSignin, scope, silentLoginOnly);
+    }
+    logoutAsync(callbackPathOrUrl: string | null | undefined = undefined, extras: StringMap = null):Promise<void> {
+        return this._oidc.logoutAsync(callbackPathOrUrl, extras);
+    }
+    silentLoginCallbackAsync():Promise<any>{
+        return this._oidc.silentLoginCallbackAsync();
+    };
+    renewTokensAsync(extras:StringMap=null):Promise<void> {
+        return this._oidc.renewTokensAsync(extras);
+    }
+    loginCallbackAsync():Promise<LoginCallback>{
+        return this._oidc.loginCallbackWithAutoTokensRenewAsync();
+    }
+    get tokens():Tokens {
+        return this._oidc.tokens;
+    }
+    get configuration():OidcConfiguration {
+        return this._oidc.configuration;
+    }
+    async getValidTokenAsync(waitMs=200, numberWait=50 ): Promise<ValidToken> {
+        const oidc = this._oidc;
+        let numberWaitTemp = numberWait;
+        while (oidc.tokens && !isTokensValid(oidc.tokens) && numberWaitTemp > 0) {
+            await sleepAsync(200);
+            numberWaitTemp=numberWaitTemp-1;
+        }
+        const isValid = !isTokensValid(oidc.tokens);
+        return { 
+            isTokensValid: isValid, 
+            tokens: oidc.tokens,
+            numberWaited: numberWaitTemp - numberWait
+        };
+    }
+    async userInfoAsync():Promise<any>{
+        return this._oidc.userInfoAsync();
+    }
+}