@axa-fr/react-oidc 6.9.7 → 6.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +102 -102
- package/dist/FetchToken.d.ts.map +1 -1
- package/dist/FetchToken.js +2 -2
- package/dist/FetchToken.js.map +1 -1
- package/dist/OidcProvider.d.ts +7 -6
- package/dist/OidcProvider.d.ts.map +1 -1
- package/dist/OidcProvider.js +30 -26
- package/dist/OidcProvider.js.map +1 -1
- package/dist/OidcSecure.d.ts +2 -2
- package/dist/OidcSecure.d.ts.map +1 -1
- package/dist/OidcSecure.js +2 -4
- package/dist/OidcSecure.js.map +1 -1
- package/dist/OidcServiceWorker.js +150 -144
- package/dist/OidcTrustedDomains.js +9 -10
- package/dist/ReactOidc.d.ts +1 -1
- package/dist/ReactOidc.d.ts.map +1 -1
- package/dist/ReactOidc.js +22 -16
- package/dist/ReactOidc.js.map +1 -1
- package/dist/User.d.ts.map +1 -1
- package/dist/User.js +1 -1
- package/dist/User.js.map +1 -1
- package/dist/core/default-component/AuthenticateError.component.d.ts +1 -1
- package/dist/core/default-component/AuthenticateError.component.d.ts.map +1 -1
- package/dist/core/default-component/Authenticating.component.d.ts +1 -1
- package/dist/core/default-component/Authenticating.component.d.ts.map +1 -1
- package/dist/core/default-component/Callback.component.d.ts.map +1 -1
- package/dist/core/default-component/Callback.component.js +5 -5
- package/dist/core/default-component/Callback.component.js.map +1 -1
- package/dist/core/default-component/Loading.component.d.ts +1 -1
- package/dist/core/default-component/Loading.component.d.ts.map +1 -1
- package/dist/core/default-component/ServiceWorkerNotSupported.component.d.ts +1 -1
- package/dist/core/default-component/ServiceWorkerNotSupported.component.d.ts.map +1 -1
- package/dist/core/default-component/SessionLost.component.d.ts.map +1 -1
- package/dist/core/default-component/SilentCallback.component.d.ts.map +1 -1
- package/dist/core/default-component/SilentCallback.component.js +1 -0
- package/dist/core/default-component/SilentCallback.component.js.map +1 -1
- package/dist/core/default-component/SilentLogin.component.d.ts.map +1 -1
- package/dist/core/default-component/SilentLogin.component.js +5 -7
- package/dist/core/default-component/SilentLogin.component.js.map +1 -1
- package/dist/core/default-component/index.d.ts +2 -2
- package/dist/core/default-component/index.d.ts.map +1 -1
- package/dist/core/default-component/index.js +5 -5
- package/dist/core/default-component/index.js.map +1 -1
- package/dist/core/routes/OidcRoutes.d.ts +1 -1
- package/dist/core/routes/OidcRoutes.d.ts.map +1 -1
- package/dist/core/routes/OidcRoutes.js +1 -1
- package/dist/core/routes/OidcRoutes.js.map +1 -1
- package/dist/core/routes/withRouter.d.ts.map +1 -1
- package/dist/core/routes/withRouter.js.map +1 -1
- package/dist/index.d.ts +7 -6
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -10
- package/dist/index.js.map +1 -1
- package/dist/vanilla/checkSessionIFrame.d.ts.map +1 -1
- package/dist/vanilla/checkSessionIFrame.js +15 -15
- package/dist/vanilla/checkSessionIFrame.js.map +1 -1
- package/dist/vanilla/initSession.d.ts.map +1 -1
- package/dist/vanilla/initSession.js +1 -1
- package/dist/vanilla/initSession.js.map +1 -1
- package/dist/vanilla/initWorker.d.ts +1 -1
- package/dist/vanilla/initWorker.d.ts.map +1 -1
- package/dist/vanilla/initWorker.js +22 -20
- package/dist/vanilla/initWorker.js.map +1 -1
- package/dist/vanilla/memoryStorageBackend.d.ts +5 -4
- package/dist/vanilla/memoryStorageBackend.d.ts.map +1 -1
- package/dist/vanilla/memoryStorageBackend.js.map +1 -1
- package/dist/vanilla/noHashQueryStringUtils.d.ts +3 -3
- package/dist/vanilla/noHashQueryStringUtils.d.ts.map +1 -1
- package/dist/vanilla/noHashQueryStringUtils.js +4 -4
- package/dist/vanilla/noHashQueryStringUtils.js.map +1 -1
- package/dist/vanilla/oidc.d.ts +6 -6
- package/dist/vanilla/oidc.d.ts.map +1 -1
- package/dist/vanilla/oidc.js +215 -216
- package/dist/vanilla/oidc.js.map +1 -1
- package/dist/vanilla/parseTokens.d.ts +2 -2
- package/dist/vanilla/parseTokens.d.ts.map +1 -1
- package/dist/vanilla/parseTokens.js +8 -8
- package/dist/vanilla/parseTokens.js.map +1 -1
- package/dist/vanilla/route-utils.d.ts.map +1 -1
- package/dist/vanilla/route-utils.js +10 -7
- package/dist/vanilla/route-utils.js.map +1 -1
- package/dist/vanilla/timer.d.ts.map +1 -1
- package/dist/vanilla/timer.js +8 -8
- package/dist/vanilla/timer.js.map +1 -1
- package/dist/vanilla/vanillaOidc.d.ts +6 -4
- package/dist/vanilla/vanillaOidc.d.ts.map +1 -1
- package/dist/vanilla/vanillaOidc.js +4 -5
- package/dist/vanilla/vanillaOidc.js.map +1 -1
- package/package.json +15 -6
- package/src/oidc/FetchToken.tsx +10 -11
- package/src/oidc/OidcProvider.tsx +82 -83
- package/src/oidc/OidcSecure.tsx +16 -18
- package/src/oidc/ReactOidc.tsx +74 -63
- package/src/oidc/User.ts +14 -13
- package/src/oidc/core/default-component/AuthenticateError.component.tsx +1 -1
- package/src/oidc/core/default-component/Authenticating.component.tsx +1 -1
- package/src/oidc/core/default-component/Callback.component.tsx +18 -18
- package/src/oidc/core/default-component/Loading.component.tsx +1 -1
- package/src/oidc/core/default-component/ServiceWorkerNotSupported.component.tsx +1 -1
- package/src/oidc/core/default-component/SessionLost.component.tsx +1 -1
- package/src/oidc/core/default-component/SilentCallback.component.tsx +7 -6
- package/src/oidc/core/default-component/SilentLogin.component.tsx +16 -18
- package/src/oidc/core/default-component/index.ts +2 -2
- package/src/oidc/core/routes/OidcRoutes.tsx +16 -15
- package/src/oidc/core/routes/withRouter.tsx +2 -4
- package/src/oidc/index.ts +7 -6
- package/src/oidc/vanilla/OidcServiceWorker.js +150 -144
- package/src/oidc/vanilla/OidcTrustedDomains.js +9 -10
- package/src/oidc/vanilla/checkSessionIFrame.ts +24 -23
- package/src/oidc/vanilla/index.ts +2 -1
- package/src/oidc/vanilla/initSession.ts +36 -37
- package/src/oidc/vanilla/initWorker.ts +82 -83
- package/src/oidc/vanilla/memoryStorageBackend.ts +13 -6
- package/src/oidc/vanilla/noHashQueryStringUtils.ts +13 -13
- package/src/oidc/vanilla/oidc.ts +460 -467
- package/src/oidc/vanilla/parseTokens.ts +73 -79
- package/src/oidc/vanilla/route-utils.ts +18 -18
- package/src/oidc/vanilla/timer.ts +14 -16
- package/src/oidc/vanilla/vanillaOidc.ts +35 -19
- package/src/override/AuthenticateError.component.tsx +4 -3
- package/src/override/Authenticating.component.tsx +4 -3
- package/src/override/Callback.component.tsx +4 -3
- package/src/override/Loading.component.tsx +4 -6
- package/src/override/ServiceWorkerNotSupported.component.tsx +5 -5
- package/src/override/SessionLost.component.tsx +8 -7
- package/src/override/style.ts +12 -10
- package/dist/core/routes/index.d.ts +0 -3
- package/dist/core/routes/index.d.ts.map +0 -1
- package/dist/core/routes/index.js +0 -9
- package/dist/core/routes/index.js.map +0 -1
- package/dist/vanilla/index.d.ts +0 -2
- package/dist/vanilla/index.d.ts.map +0 -1
- package/dist/vanilla/index.js +0 -6
- package/dist/vanilla/index.js.map +0 -1
- package/src/App.css +0 -38
- package/src/App.specold.tsx +0 -46
- package/src/App.tsx +0 -103
- package/src/FetchUser.tsx +0 -53
- package/src/Home.tsx +0 -23
- package/src/MultiAuth.tsx +0 -129
- package/src/Profile.tsx +0 -81
- package/src/configurations.ts +0 -73
- package/src/index.css +0 -13
- package/src/index.tsx +0 -9
- package/src/logo.svg +0 -7
- package/src/setupTests.js +0 -5
|
@@ -1,10 +1,11 @@
|
|
|
1
|
-
|
|
1
|
+
/* global trustedDomains */
|
|
2
|
+
this.importScripts('OidcTrustedDomains.js');
|
|
2
3
|
|
|
3
4
|
const id = Math.round(new Date().getTime() / 1000).toString();
|
|
4
5
|
|
|
5
|
-
const acceptAnyDomainToken =
|
|
6
|
+
const acceptAnyDomainToken = '*';
|
|
6
7
|
|
|
7
|
-
const keepAliveJsonFilename =
|
|
8
|
+
const keepAliveJsonFilename = 'OidcKeepAliveServiceWorker.json';
|
|
8
9
|
const handleInstall = (event) => {
|
|
9
10
|
console.log('[OidcServiceWorker] service worker installed ' + id);
|
|
10
11
|
event.waitUntil(self.skipWaiting());
|
|
@@ -13,40 +14,40 @@ const handleInstall = (event) => {
|
|
|
13
14
|
const handleActivate = (event) => {
|
|
14
15
|
console.log('[OidcServiceWorker] service worker activated ' + id);
|
|
15
16
|
event.waitUntil(self.clients.claim());
|
|
16
|
-
/*self.registration.unregister()
|
|
17
|
+
/* self.registration.unregister()
|
|
17
18
|
.then(function() {
|
|
18
19
|
return self.clients.matchAll();
|
|
19
20
|
})
|
|
20
21
|
.then(function(clients) {
|
|
21
22
|
clients.forEach(client => client.navigate(client.url))
|
|
22
|
-
})
|
|
23
|
+
}); */
|
|
23
24
|
};
|
|
24
25
|
|
|
25
26
|
let currentLoginCallbackConfigurationName = null;
|
|
26
|
-
|
|
27
|
+
const database = {
|
|
27
28
|
default: {
|
|
28
|
-
configurationName:
|
|
29
|
+
configurationName: 'default',
|
|
29
30
|
tokens: null,
|
|
30
|
-
status:null,
|
|
31
|
-
items:[],
|
|
31
|
+
status: null,
|
|
32
|
+
items: [],
|
|
32
33
|
nonce: null,
|
|
33
|
-
oidcServerConfiguration: null
|
|
34
|
-
}
|
|
34
|
+
oidcServerConfiguration: null,
|
|
35
|
+
},
|
|
35
36
|
};
|
|
36
37
|
|
|
37
|
-
const countLetter = (str, find)=> {
|
|
38
|
+
const countLetter = (str, find) => {
|
|
38
39
|
return (str.split(find)).length - 1;
|
|
39
|
-
}
|
|
40
|
+
};
|
|
40
41
|
|
|
41
42
|
const b64DecodeUnicode = (str) =>
|
|
42
43
|
decodeURIComponent(Array.prototype.map.call(atob(str), (c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)).join(''));
|
|
43
44
|
const parseJwt = (token) => JSON.parse(b64DecodeUnicode(token.split('.')[1].replace('-', '+').replace('_', '/')));
|
|
44
|
-
const extractTokenPayload=(token)=> {
|
|
45
|
-
try{
|
|
45
|
+
const extractTokenPayload = (token) => {
|
|
46
|
+
try {
|
|
46
47
|
if (!token) {
|
|
47
48
|
return null;
|
|
48
49
|
}
|
|
49
|
-
if(countLetter(token,'.') === 2) {
|
|
50
|
+
if (countLetter(token, '.') === 2) {
|
|
50
51
|
return parseJwt(token);
|
|
51
52
|
} else {
|
|
52
53
|
return null;
|
|
@@ -55,27 +56,27 @@ const extractTokenPayload=(token)=> {
|
|
|
55
56
|
console.warn(e);
|
|
56
57
|
}
|
|
57
58
|
return null;
|
|
58
|
-
}
|
|
59
|
+
};
|
|
59
60
|
|
|
60
|
-
const computeTimeLeft = (refreshTimeBeforeTokensExpirationInSecond, expiresAt)=>{
|
|
61
|
-
const currentTimeUnixSecond = new Date().getTime() /1000;
|
|
61
|
+
const computeTimeLeft = (refreshTimeBeforeTokensExpirationInSecond, expiresAt) => {
|
|
62
|
+
const currentTimeUnixSecond = new Date().getTime() / 1000;
|
|
62
63
|
return Math.round(((expiresAt - refreshTimeBeforeTokensExpirationInSecond) - currentTimeUnixSecond));
|
|
63
|
-
}
|
|
64
|
+
};
|
|
64
65
|
|
|
65
|
-
const isTokensValid= (tokens) =>{
|
|
66
|
-
if(!tokens){
|
|
66
|
+
const isTokensValid = (tokens) => {
|
|
67
|
+
if (!tokens) {
|
|
67
68
|
return false;
|
|
68
69
|
}
|
|
69
70
|
return computeTimeLeft(0, tokens.expiresAt) > 0;
|
|
70
|
-
}
|
|
71
|
+
};
|
|
71
72
|
|
|
72
73
|
// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation (excluding rules #1, #4, #5, #7, #8, #12, and #13 which did not apply).
|
|
73
74
|
// https://github.com/openid/AppAuth-JS/issues/65
|
|
74
|
-
const isTokensOidcValid =(tokens, nonce, oidcServerConfiguration) =>{
|
|
75
|
-
if(tokens.idTokenPayload) {
|
|
75
|
+
const isTokensOidcValid = (tokens, nonce, oidcServerConfiguration) => {
|
|
76
|
+
if (tokens.idTokenPayload) {
|
|
76
77
|
const idTokenPayload = tokens.idTokenPayload;
|
|
77
78
|
// 2: The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.
|
|
78
|
-
if(oidcServerConfiguration.issuer !==
|
|
79
|
+
if (oidcServerConfiguration.issuer !== idTokenPayload.iss) {
|
|
79
80
|
return false;
|
|
80
81
|
}
|
|
81
82
|
// 3: The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The aud (audience) Claim MAY contain an array with more than one element. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.
|
|
@@ -83,13 +84,13 @@ const isTokensOidcValid =(tokens, nonce, oidcServerConfiguration) =>{
|
|
|
83
84
|
// 6: If the ID Token is received via direct communication between the Client and the Token Endpoint (which it is in this flow), the TLS server validation MAY be used to validate the issuer in place of checking the token signature. The Client MUST validate the signature of all other ID Tokens according to JWS [JWS] using the algorithm specified in the JWT alg Header Parameter. The Client MUST use the keys provided by the Issuer.
|
|
84
85
|
|
|
85
86
|
// 9: The current time MUST be before the time represented by the exp Claim.
|
|
86
|
-
const currentTimeUnixSecond = new Date().getTime() /1000;
|
|
87
|
-
if(idTokenPayload.exp && idTokenPayload.exp < currentTimeUnixSecond) {
|
|
87
|
+
const currentTimeUnixSecond = new Date().getTime() / 1000;
|
|
88
|
+
if (idTokenPayload.exp && idTokenPayload.exp < currentTimeUnixSecond) {
|
|
88
89
|
return false;
|
|
89
90
|
}
|
|
90
91
|
// 10: The iat Claim can be used to reject tokens that were issued too far away from the current time, limiting the amount of time that nonces need to be stored to prevent attacks. The acceptable range is Client specific.
|
|
91
92
|
const timeInSevenDays = 60 * 60 * 24 * 7;
|
|
92
|
-
if(idTokenPayload.iat && (idTokenPayload.iat + timeInSevenDays) < currentTimeUnixSecond) {
|
|
93
|
+
if (idTokenPayload.iat && (idTokenPayload.iat + timeInSevenDays) < currentTimeUnixSecond) {
|
|
93
94
|
return false;
|
|
94
95
|
}
|
|
95
96
|
// 11: If a nonce value was sent in the Authentication Request, a nonce Claim MUST be present and its value checked to verify that it is the same value as the one that was sent in the Authentication Request. The Client SHOULD check the nonce value for replay attacks. The precise method for detecting replay attacks is Client specific.
|
|
@@ -98,50 +99,50 @@ const isTokensOidcValid =(tokens, nonce, oidcServerConfiguration) =>{
|
|
|
98
99
|
}
|
|
99
100
|
}
|
|
100
101
|
return true;
|
|
101
|
-
}
|
|
102
|
+
};
|
|
102
103
|
|
|
103
104
|
const TokenRenewMode = {
|
|
104
|
-
access_token_or_id_token_invalid:
|
|
105
|
-
access_token_invalid:
|
|
106
|
-
id_token_invalid:
|
|
107
|
-
}
|
|
105
|
+
access_token_or_id_token_invalid: 'access_token_or_id_token_invalid',
|
|
106
|
+
access_token_invalid: 'access_token_invalid',
|
|
107
|
+
id_token_invalid: 'id_token_invalid',
|
|
108
|
+
};
|
|
108
109
|
|
|
109
110
|
function hideTokens(currentDatabaseElement) {
|
|
110
111
|
const configurationName = currentDatabaseElement.configurationName;
|
|
111
112
|
return (response) => {
|
|
112
|
-
if(response.status !== 200){
|
|
113
|
+
if (response.status !== 200) {
|
|
113
114
|
return response;
|
|
114
115
|
}
|
|
115
116
|
return response.json().then(tokens => {
|
|
116
|
-
if(!tokens.issued_at) {
|
|
117
|
-
const currentTimeUnixSecond = new Date().getTime() /1000;
|
|
117
|
+
if (!tokens.issued_at) {
|
|
118
|
+
const currentTimeUnixSecond = new Date().getTime() / 1000;
|
|
118
119
|
tokens.issued_at = currentTimeUnixSecond;
|
|
119
120
|
}
|
|
120
121
|
|
|
121
122
|
const accessTokenPayload = extractTokenPayload(tokens.access_token);
|
|
122
123
|
const secureTokens = {
|
|
123
124
|
...tokens,
|
|
124
|
-
access_token: ACCESS_TOKEN +
|
|
125
|
-
accessTokenPayload
|
|
125
|
+
access_token: ACCESS_TOKEN + '_' + configurationName,
|
|
126
|
+
accessTokenPayload,
|
|
126
127
|
};
|
|
127
128
|
tokens.accessTokenPayload = accessTokenPayload;
|
|
128
129
|
|
|
129
130
|
let _idTokenPayload = null;
|
|
130
|
-
if(tokens.id_token) {
|
|
131
|
+
if (tokens.id_token) {
|
|
131
132
|
_idTokenPayload = extractTokenPayload(tokens.id_token);
|
|
132
|
-
tokens.idTokenPayload = {..._idTokenPayload};
|
|
133
|
-
if(_idTokenPayload.nonce) {
|
|
134
|
-
const keyNonce = NONCE_TOKEN + '_'+ currentDatabaseElement.configurationName;
|
|
133
|
+
tokens.idTokenPayload = { ..._idTokenPayload };
|
|
134
|
+
if (_idTokenPayload.nonce) {
|
|
135
|
+
const keyNonce = NONCE_TOKEN + '_' + currentDatabaseElement.configurationName;
|
|
135
136
|
_idTokenPayload.nonce = keyNonce;
|
|
136
137
|
}
|
|
137
138
|
secureTokens.idTokenPayload = _idTokenPayload;
|
|
138
139
|
}
|
|
139
|
-
if(tokens.refresh_token){
|
|
140
|
-
secureTokens.refresh_token = REFRESH_TOKEN +
|
|
140
|
+
if (tokens.refresh_token) {
|
|
141
|
+
secureTokens.refresh_token = REFRESH_TOKEN + '_' + configurationName;
|
|
141
142
|
}
|
|
142
143
|
|
|
143
|
-
const idTokenExpiresAt =(_idTokenPayload && _idTokenPayload.exp) ? _idTokenPayload.exp: Number.MAX_VALUE;
|
|
144
|
-
const accessTokenExpiresAt =
|
|
144
|
+
const idTokenExpiresAt = (_idTokenPayload && _idTokenPayload.exp) ? _idTokenPayload.exp : Number.MAX_VALUE;
|
|
145
|
+
const accessTokenExpiresAt = (accessTokenPayload && accessTokenPayload.exp) ? accessTokenPayload.exp : tokens.issued_at + tokens.expires_in;
|
|
145
146
|
|
|
146
147
|
let expiresAt;
|
|
147
148
|
const tokenRenewMode = currentDatabaseElement.oidcConfiguration.token_renew_mode;
|
|
@@ -156,19 +157,19 @@ function hideTokens(currentDatabaseElement) {
|
|
|
156
157
|
|
|
157
158
|
tokens.expiresAt = expiresAt;
|
|
158
159
|
|
|
159
|
-
if(!isTokensOidcValid(tokens, currentDatabaseElement.nonce.nonce, currentDatabaseElement.oidcServerConfiguration)){
|
|
160
|
-
throw Error(
|
|
160
|
+
if (!isTokensOidcValid(tokens, currentDatabaseElement.nonce.nonce, currentDatabaseElement.oidcServerConfiguration)) {
|
|
161
|
+
throw Error('Tokens are not OpenID valid');
|
|
161
162
|
}
|
|
162
163
|
|
|
163
164
|
// When refresh_token is not rotated we reuse ald refresh_token
|
|
164
|
-
if(currentDatabaseElement.tokens != null &&
|
|
165
|
+
if (currentDatabaseElement.tokens != null && 'refresh_token' in currentDatabaseElement.tokens && !('refresh_token' in tokens)) {
|
|
165
166
|
const refreshToken = currentDatabaseElement.tokens.refresh_token;
|
|
166
|
-
currentDatabaseElement.tokens = {...tokens, refresh_token
|
|
167
|
-
} else{
|
|
167
|
+
currentDatabaseElement.tokens = { ...tokens, refresh_token: refreshToken };
|
|
168
|
+
} else {
|
|
168
169
|
currentDatabaseElement.tokens = tokens;
|
|
169
170
|
}
|
|
170
171
|
|
|
171
|
-
currentDatabaseElement.status =
|
|
172
|
+
currentDatabaseElement.status = 'LOGGED_IN';
|
|
172
173
|
const body = JSON.stringify(secureTokens);
|
|
173
174
|
return new Response(body, response);
|
|
174
175
|
});
|
|
@@ -177,44 +178,47 @@ function hideTokens(currentDatabaseElement) {
|
|
|
177
178
|
|
|
178
179
|
const getCurrentDatabasesTokenEndpoint = (database, url) => {
|
|
179
180
|
const databases = [];
|
|
181
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
180
182
|
for (const [key, value] of Object.entries(database)) {
|
|
181
|
-
if(value
|
|
182
|
-
if(value.oidcServerConfiguration !=null && url.startsWith(value.oidcServerConfiguration.tokenEndpoint)){
|
|
183
|
+
if (value) {
|
|
184
|
+
if (value.oidcServerConfiguration != null && url.startsWith(value.oidcServerConfiguration.tokenEndpoint)) {
|
|
183
185
|
databases.push(value);
|
|
184
|
-
} else if(value.oidcServerConfiguration !=null && value.oidcServerConfiguration.revocationEndpoint && url.startsWith(value.oidcServerConfiguration.revocationEndpoint)) {
|
|
186
|
+
} else if (value.oidcServerConfiguration != null && value.oidcServerConfiguration.revocationEndpoint && url.startsWith(value.oidcServerConfiguration.revocationEndpoint)) {
|
|
185
187
|
databases.push(value);
|
|
186
188
|
}
|
|
187
189
|
}
|
|
188
190
|
}
|
|
189
191
|
return databases;
|
|
190
|
-
}
|
|
192
|
+
};
|
|
191
193
|
|
|
192
|
-
const openidWellknownUrlEndWith
|
|
194
|
+
const openidWellknownUrlEndWith = '/.well-known/openid-configuration';
|
|
193
195
|
const getCurrentDatabaseDomain = (database, url) => {
|
|
194
|
-
if(url.endsWith(openidWellknownUrlEndWith)){
|
|
196
|
+
if (url.endsWith(openidWellknownUrlEndWith)) {
|
|
195
197
|
return null;
|
|
196
198
|
}
|
|
197
199
|
for (const [key, currentDatabase] of Object.entries(database)) {
|
|
198
200
|
const oidcServerConfiguration = currentDatabase.oidcServerConfiguration;
|
|
199
201
|
|
|
200
|
-
if(!oidcServerConfiguration){
|
|
202
|
+
if (!oidcServerConfiguration) {
|
|
201
203
|
continue;
|
|
202
204
|
}
|
|
203
205
|
|
|
204
|
-
if(oidcServerConfiguration.tokenEndpoint && url === oidcServerConfiguration.tokenEndpoint){
|
|
206
|
+
if (oidcServerConfiguration.tokenEndpoint && url === oidcServerConfiguration.tokenEndpoint) {
|
|
205
207
|
continue;
|
|
206
208
|
}
|
|
207
|
-
if(oidcServerConfiguration.revocationEndpoint && url === oidcServerConfiguration.revocationEndpoint){
|
|
209
|
+
if (oidcServerConfiguration.revocationEndpoint && url === oidcServerConfiguration.revocationEndpoint) {
|
|
208
210
|
continue;
|
|
209
211
|
}
|
|
210
212
|
|
|
211
|
-
const domainsToSendTokens = oidcServerConfiguration.userInfoEndpoint
|
|
212
|
-
|
|
213
|
-
|
|
213
|
+
const domainsToSendTokens = oidcServerConfiguration.userInfoEndpoint
|
|
214
|
+
? [
|
|
215
|
+
oidcServerConfiguration.userInfoEndpoint, ...trustedDomains[key],
|
|
216
|
+
]
|
|
217
|
+
: [...trustedDomains[key]];
|
|
214
218
|
|
|
215
219
|
let hasToSendToken = false;
|
|
216
220
|
if (domainsToSendTokens.find((f) => f === acceptAnyDomainToken)) {
|
|
217
|
-
hasToSendToken= true;
|
|
221
|
+
hasToSendToken = true;
|
|
218
222
|
} else {
|
|
219
223
|
for (let i = 0; i < domainsToSendTokens.length; i++) {
|
|
220
224
|
const domain = domainsToSendTokens[i];
|
|
@@ -225,8 +229,8 @@ const getCurrentDatabaseDomain = (database, url) => {
|
|
|
225
229
|
}
|
|
226
230
|
}
|
|
227
231
|
|
|
228
|
-
if(hasToSendToken) {
|
|
229
|
-
if(!currentDatabase.tokens) {
|
|
232
|
+
if (hasToSendToken) {
|
|
233
|
+
if (!currentDatabase.tokens) {
|
|
230
234
|
return null;
|
|
231
235
|
}
|
|
232
236
|
return currentDatabase;
|
|
@@ -234,11 +238,11 @@ const getCurrentDatabaseDomain = (database, url) => {
|
|
|
234
238
|
}
|
|
235
239
|
|
|
236
240
|
return null;
|
|
237
|
-
}
|
|
241
|
+
};
|
|
238
242
|
|
|
239
243
|
const serializeHeaders = (headers) => {
|
|
240
|
-
|
|
241
|
-
for (
|
|
244
|
+
const headersObj = {};
|
|
245
|
+
for (const key of headers.keys()) {
|
|
242
246
|
headersObj[key] = headers.get(key);
|
|
243
247
|
}
|
|
244
248
|
return headersObj;
|
|
@@ -253,74 +257,74 @@ const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
|
|
|
253
257
|
const keepAliveAsync = async (event) => {
|
|
254
258
|
const originalRequest = event.request;
|
|
255
259
|
const isFromVanilla = originalRequest.headers.has('oidc-vanilla');
|
|
256
|
-
const init = {
|
|
260
|
+
const init = { status: 200, statusText: 'oidc-service-worker' };
|
|
257
261
|
const response = new Response('{}', init);
|
|
258
|
-
if(!isFromVanilla) {
|
|
259
|
-
for(let i=0; i<240;i++){
|
|
262
|
+
if (!isFromVanilla) {
|
|
263
|
+
for (let i = 0; i < 240; i++) {
|
|
260
264
|
await sleep(1000 + Math.floor(Math.random() * 1000));
|
|
261
|
-
const cache = await caches.open(
|
|
265
|
+
const cache = await caches.open('oidc_dummy_cache');
|
|
262
266
|
await cache.put(event.request, response.clone());
|
|
263
267
|
}
|
|
264
268
|
}
|
|
265
269
|
|
|
266
270
|
return response;
|
|
267
|
-
}
|
|
271
|
+
};
|
|
268
272
|
|
|
269
273
|
const handleFetch = async (event) => {
|
|
270
274
|
const originalRequest = event.request;
|
|
271
|
-
const url =originalRequest.url;
|
|
272
|
-
if(originalRequest.url.includes(keepAliveJsonFilename)
|
|
275
|
+
const url = originalRequest.url;
|
|
276
|
+
if (originalRequest.url.includes(keepAliveJsonFilename)) {
|
|
273
277
|
event.respondWith(keepAliveAsync(event));
|
|
274
278
|
return;
|
|
275
279
|
}
|
|
276
280
|
|
|
277
281
|
const currentDatabaseForRequestAccessToken = getCurrentDatabaseDomain(database, originalRequest.url);
|
|
278
|
-
if(currentDatabaseForRequestAccessToken && currentDatabaseForRequestAccessToken.tokens && currentDatabaseForRequestAccessToken.tokens.access_token) {
|
|
279
|
-
while (currentDatabaseForRequestAccessToken.tokens && !isTokensValid(currentDatabaseForRequestAccessToken.tokens)){
|
|
282
|
+
if (currentDatabaseForRequestAccessToken && currentDatabaseForRequestAccessToken.tokens && currentDatabaseForRequestAccessToken.tokens.access_token) {
|
|
283
|
+
while (currentDatabaseForRequestAccessToken.tokens && !isTokensValid(currentDatabaseForRequestAccessToken.tokens)) {
|
|
280
284
|
await sleep(200);
|
|
281
285
|
}
|
|
282
286
|
const newRequest = new Request(originalRequest, {
|
|
283
287
|
headers: {
|
|
284
288
|
...serializeHeaders(originalRequest.headers),
|
|
285
|
-
authorization:
|
|
286
|
-
}
|
|
289
|
+
authorization: 'Bearer ' + currentDatabaseForRequestAccessToken.tokens.access_token,
|
|
290
|
+
},
|
|
287
291
|
});
|
|
288
292
|
event.waitUntil(event.respondWith(fetch(newRequest)));
|
|
289
293
|
return;
|
|
290
294
|
}
|
|
291
295
|
|
|
292
|
-
if(event.request.method !==
|
|
296
|
+
if (event.request.method !== 'POST') {
|
|
293
297
|
return;
|
|
294
298
|
}
|
|
295
299
|
|
|
296
300
|
let currentDatabase = null;
|
|
297
301
|
const currentDatabases = getCurrentDatabasesTokenEndpoint(database, originalRequest.url);
|
|
298
302
|
const numberDatabase = currentDatabases.length;
|
|
299
|
-
if(numberDatabase > 0) {
|
|
303
|
+
if (numberDatabase > 0) {
|
|
300
304
|
const maPromesse = new Promise((resolve, reject) => {
|
|
301
305
|
const clonedRequest = originalRequest.clone();
|
|
302
306
|
const response = clonedRequest.text().then(actualBody => {
|
|
303
|
-
if(actualBody.includes(REFRESH_TOKEN) || actualBody.includes(ACCESS_TOKEN)) {
|
|
307
|
+
if (actualBody.includes(REFRESH_TOKEN) || actualBody.includes(ACCESS_TOKEN)) {
|
|
304
308
|
let newBody = actualBody;
|
|
305
|
-
for(let i= 0;i<numberDatabase;i++){
|
|
309
|
+
for (let i = 0; i < numberDatabase; i++) {
|
|
306
310
|
const currentDb = currentDatabases[i];
|
|
307
311
|
|
|
308
|
-
if(currentDb && currentDb.tokens != null) {
|
|
309
|
-
const keyRefreshToken = REFRESH_TOKEN + '_'+ currentDb.configurationName;
|
|
310
|
-
if(actualBody.includes(keyRefreshToken)) {
|
|
312
|
+
if (currentDb && currentDb.tokens != null) {
|
|
313
|
+
const keyRefreshToken = REFRESH_TOKEN + '_' + currentDb.configurationName;
|
|
314
|
+
if (actualBody.includes(keyRefreshToken)) {
|
|
311
315
|
newBody = newBody.replace(keyRefreshToken, encodeURIComponent(currentDb.tokens.refresh_token));
|
|
312
316
|
currentDatabase = currentDb;
|
|
313
317
|
break;
|
|
314
318
|
}
|
|
315
|
-
const keyAccessToken = ACCESS_TOKEN + '_'+ currentDb.configurationName;
|
|
316
|
-
if(actualBody.includes(keyAccessToken)) {
|
|
319
|
+
const keyAccessToken = ACCESS_TOKEN + '_' + currentDb.configurationName;
|
|
320
|
+
if (actualBody.includes(keyAccessToken)) {
|
|
317
321
|
newBody = newBody.replace(keyAccessToken, encodeURIComponent(currentDb.tokens.access_token));
|
|
318
322
|
currentDatabase = currentDb;
|
|
319
323
|
break;
|
|
320
324
|
}
|
|
321
325
|
}
|
|
322
326
|
}
|
|
323
|
-
|
|
327
|
+
const fetchPromise = fetch(originalRequest, {
|
|
324
328
|
body: newBody,
|
|
325
329
|
method: clonedRequest.method,
|
|
326
330
|
headers: {
|
|
@@ -331,19 +335,19 @@ const handleFetch = async (event) => {
|
|
|
331
335
|
redirect: clonedRequest.redirect,
|
|
332
336
|
referrer: clonedRequest.referrer,
|
|
333
337
|
credentials: clonedRequest.credentials,
|
|
334
|
-
integrity: clonedRequest.integrity
|
|
338
|
+
integrity: clonedRequest.integrity,
|
|
335
339
|
});
|
|
336
|
-
if(currentDatabase.oidcServerConfiguration !=null && currentDatabase.oidcServerConfiguration.revocationEndpoint && url.startsWith(currentDatabase.oidcServerConfiguration.revocationEndpoint)){
|
|
340
|
+
if (currentDatabase.oidcServerConfiguration != null && currentDatabase.oidcServerConfiguration.revocationEndpoint && url.startsWith(currentDatabase.oidcServerConfiguration.revocationEndpoint)) {
|
|
337
341
|
return fetchPromise.then(async response => {
|
|
338
342
|
const text = await response.text();
|
|
339
343
|
return new Response(text, response);
|
|
340
344
|
});
|
|
341
345
|
}
|
|
342
346
|
return fetchPromise.then(hideTokens(currentDatabase));
|
|
343
|
-
} else if(actualBody.includes(
|
|
347
|
+
} else if (actualBody.includes('code_verifier=') && currentLoginCallbackConfigurationName) {
|
|
344
348
|
currentDatabase = database[currentLoginCallbackConfigurationName];
|
|
345
|
-
currentLoginCallbackConfigurationName=null;
|
|
346
|
-
return fetch(originalRequest,{
|
|
349
|
+
currentLoginCallbackConfigurationName = null;
|
|
350
|
+
return fetch(originalRequest, {
|
|
347
351
|
body: actualBody,
|
|
348
352
|
method: clonedRequest.method,
|
|
349
353
|
headers: {
|
|
@@ -354,23 +358,23 @@ const handleFetch = async (event) => {
|
|
|
354
358
|
redirect: clonedRequest.redirect,
|
|
355
359
|
referrer: clonedRequest.referrer,
|
|
356
360
|
credentials: clonedRequest.credentials,
|
|
357
|
-
integrity: clonedRequest.integrity
|
|
361
|
+
integrity: clonedRequest.integrity,
|
|
358
362
|
}).then(hideTokens(currentDatabase));
|
|
359
363
|
}
|
|
360
364
|
});
|
|
361
365
|
response.then(r => {
|
|
362
|
-
if(r !== undefined){
|
|
366
|
+
if (r !== undefined) {
|
|
363
367
|
resolve(r);
|
|
364
|
-
} else{
|
|
365
|
-
console.log(
|
|
366
|
-
reject(new Error(
|
|
368
|
+
} else {
|
|
369
|
+
console.log('success undefined');
|
|
370
|
+
reject(new Error('Response is undefined inside a success'));
|
|
367
371
|
}
|
|
368
372
|
}).catch(err => {
|
|
369
|
-
if(err !== undefined) {
|
|
373
|
+
if (err !== undefined) {
|
|
370
374
|
reject(err);
|
|
371
|
-
} else{
|
|
372
|
-
console.log(
|
|
373
|
-
reject(new Error(
|
|
375
|
+
} else {
|
|
376
|
+
console.log('error undefined');
|
|
377
|
+
reject(new Error('Response is undefined inside a error'));
|
|
374
378
|
}
|
|
375
379
|
});
|
|
376
380
|
});
|
|
@@ -382,17 +386,16 @@ self.addEventListener('install', handleInstall);
|
|
|
382
386
|
self.addEventListener('activate', handleActivate);
|
|
383
387
|
self.addEventListener('fetch', handleFetch);
|
|
384
388
|
|
|
385
|
-
|
|
386
389
|
const checkDomain = (domains, endpoint) => {
|
|
387
|
-
if(!endpoint){
|
|
390
|
+
if (!endpoint) {
|
|
388
391
|
return;
|
|
389
392
|
}
|
|
390
393
|
|
|
391
394
|
const domain = domains.find(domain => endpoint.startsWith(domain));
|
|
392
|
-
if(!domain){
|
|
393
|
-
throw new Error(
|
|
395
|
+
if (!domain) {
|
|
396
|
+
throw new Error('Domain ' + endpoint + ' is not trusted, please add domain in TrustedDomains.js');
|
|
394
397
|
}
|
|
395
|
-
}
|
|
398
|
+
};
|
|
396
399
|
|
|
397
400
|
addEventListener('message', event => {
|
|
398
401
|
const port = event.ports[0];
|
|
@@ -400,32 +403,33 @@ addEventListener('message', event => {
|
|
|
400
403
|
const configurationName = data.configurationName;
|
|
401
404
|
let currentDatabase = database[configurationName];
|
|
402
405
|
|
|
403
|
-
if(!currentDatabase){
|
|
406
|
+
if (!currentDatabase) {
|
|
404
407
|
database[configurationName] = {
|
|
405
408
|
tokens: null,
|
|
406
|
-
items:[],
|
|
409
|
+
items: [],
|
|
407
410
|
oidcServerConfiguration: null,
|
|
408
|
-
oidcConfiguration:null,
|
|
409
|
-
status:null,
|
|
410
|
-
configurationName
|
|
411
|
+
oidcConfiguration: null,
|
|
412
|
+
status: null,
|
|
413
|
+
configurationName,
|
|
411
414
|
};
|
|
412
415
|
currentDatabase = database[configurationName];
|
|
413
|
-
if(!trustedDomains[configurationName]) {
|
|
416
|
+
if (!trustedDomains[configurationName]) {
|
|
414
417
|
trustedDomains[configurationName] = [];
|
|
415
418
|
}
|
|
416
419
|
}
|
|
417
420
|
|
|
418
|
-
switch (data.type){
|
|
419
|
-
case
|
|
421
|
+
switch (data.type) {
|
|
422
|
+
case 'loadItems':
|
|
420
423
|
port.postMessage(database[configurationName].items);
|
|
421
424
|
return;
|
|
422
|
-
case
|
|
425
|
+
case 'clear':
|
|
423
426
|
currentDatabase.tokens = null;
|
|
424
427
|
currentDatabase.items = null;
|
|
425
428
|
currentDatabase.status = data.data.status;
|
|
426
|
-
port.postMessage({configurationName});
|
|
429
|
+
port.postMessage({ configurationName });
|
|
427
430
|
return;
|
|
428
|
-
case
|
|
431
|
+
case 'init':
|
|
432
|
+
{
|
|
429
433
|
const oidcServerConfiguration = data.data.oidcServerConfiguration;
|
|
430
434
|
const domains = trustedDomains[configurationName];
|
|
431
435
|
if (!domains.find(f => f === acceptAnyDomainToken)) {
|
|
@@ -437,52 +441,54 @@ addEventListener('message', event => {
|
|
|
437
441
|
currentDatabase.oidcServerConfiguration = oidcServerConfiguration;
|
|
438
442
|
currentDatabase.oidcConfiguration = data.data.oidcConfiguration;
|
|
439
443
|
const where = data.data.where;
|
|
440
|
-
if(where ===
|
|
444
|
+
if (where === 'loginCallbackAsync' || where === 'tryKeepExistingSessionAsync') {
|
|
441
445
|
currentLoginCallbackConfigurationName = configurationName;
|
|
442
|
-
} else{
|
|
446
|
+
} else {
|
|
443
447
|
currentLoginCallbackConfigurationName = null;
|
|
444
448
|
}
|
|
445
449
|
|
|
446
|
-
if(!currentDatabase.tokens){
|
|
450
|
+
if (!currentDatabase.tokens) {
|
|
447
451
|
port.postMessage({
|
|
448
|
-
tokens:null,
|
|
452
|
+
tokens: null,
|
|
449
453
|
status: currentDatabase.status,
|
|
450
|
-
configurationName
|
|
454
|
+
configurationName,
|
|
455
|
+
});
|
|
451
456
|
} else {
|
|
452
457
|
const tokens = {
|
|
453
458
|
...currentDatabase.tokens,
|
|
454
|
-
access_token: ACCESS_TOKEN +
|
|
459
|
+
access_token: ACCESS_TOKEN + '_' + configurationName,
|
|
455
460
|
};
|
|
456
|
-
if(tokens.refresh_token){
|
|
457
|
-
tokens.refresh_token = REFRESH_TOKEN +
|
|
461
|
+
if (tokens.refresh_token) {
|
|
462
|
+
tokens.refresh_token = REFRESH_TOKEN + '_' + configurationName;
|
|
458
463
|
}
|
|
459
|
-
if(tokens.idTokenPayload && tokens.idTokenPayload.nonce){
|
|
460
|
-
tokens.idTokenPayload.nonce =
|
|
464
|
+
if (tokens.idTokenPayload && tokens.idTokenPayload.nonce) {
|
|
465
|
+
tokens.idTokenPayload.nonce = NONCE_TOKEN + '_' + configurationName;
|
|
461
466
|
}
|
|
462
467
|
port.postMessage({
|
|
463
468
|
tokens,
|
|
464
469
|
status: currentDatabase.status,
|
|
465
|
-
configurationName
|
|
470
|
+
configurationName,
|
|
466
471
|
});
|
|
467
472
|
}
|
|
468
473
|
return;
|
|
474
|
+
}
|
|
469
475
|
|
|
470
|
-
case
|
|
476
|
+
case 'setSessionState':
|
|
471
477
|
currentDatabase.sessionState = data.data.sessionState;
|
|
472
|
-
port.postMessage({configurationName});
|
|
473
|
-
return;
|
|
474
|
-
case "getSessionState":
|
|
475
|
-
const sessionState = currentDatabase.sessionState;
|
|
476
|
-
port.postMessage({configurationName, sessionState});
|
|
478
|
+
port.postMessage({ configurationName });
|
|
477
479
|
return;
|
|
478
|
-
case
|
|
480
|
+
case 'getSessionState':
|
|
481
|
+
{
|
|
482
|
+
const sessionState = currentDatabase.sessionState;
|
|
483
|
+
port.postMessage({ configurationName, sessionState });
|
|
484
|
+
return;
|
|
485
|
+
}
|
|
486
|
+
case 'setNonce':
|
|
479
487
|
currentDatabase.nonce = data.data.nonce;
|
|
480
|
-
port.postMessage({configurationName});
|
|
488
|
+
port.postMessage({ configurationName });
|
|
481
489
|
return;
|
|
482
490
|
default:
|
|
483
491
|
currentDatabase.items = { ...data.data };
|
|
484
|
-
port.postMessage({configurationName});
|
|
485
|
-
return;
|
|
492
|
+
port.postMessage({ configurationName });
|
|
486
493
|
}
|
|
487
494
|
});
|
|
488
|
-
|
|
@@ -1,16 +1,15 @@
|
|
|
1
|
-
|
|
2
1
|
// Add bellow trusted domains, access tokens will automatically injected to be send to
|
|
3
|
-
// trusted domain can also be a path like https://www.myapi.com/users,
|
|
2
|
+
// trusted domain can also be a path like https://www.myapi.com/users,
|
|
4
3
|
// then all subroute like https://www.myapi.com/useers/1 will be authorized to send access_token to.
|
|
5
4
|
|
|
6
5
|
// Domains used by OIDC server must be also declared here
|
|
6
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
7
7
|
const trustedDomains = {
|
|
8
|
-
default:[
|
|
9
|
-
config_classic: [
|
|
10
|
-
config_without_silent_login: [
|
|
11
|
-
config_without_refresh_token: [
|
|
12
|
-
config_without_refresh_token_silent_login: [
|
|
13
|
-
config_google: [
|
|
14
|
-
config_with_hash: [
|
|
8
|
+
default: ['https://demo.duendesoftware.com', 'https://kdhttps.auth0.com'],
|
|
9
|
+
config_classic: ['https://demo.duendesoftware.com'],
|
|
10
|
+
config_without_silent_login: ['https://demo.duendesoftware.com'],
|
|
11
|
+
config_without_refresh_token: ['https://demo.duendesoftware.com'],
|
|
12
|
+
config_without_refresh_token_silent_login: ['https://demo.duendesoftware.com'],
|
|
13
|
+
config_google: ['https://oauth2.googleapis.com', 'https://openidconnect.googleapis.com'],
|
|
14
|
+
config_with_hash: ['https://demo.duendesoftware.com'],
|
|
15
15
|
};
|
|
16
|
-
|
package/dist/ReactOidc.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { StringMap } from
|
|
1
|
+
import { StringMap } from './vanilla/oidc';
|
|
2
2
|
export declare const useOidc: (configurationName?: string) => {
|
|
3
3
|
login: (callbackPath?: string | undefined, extras?: StringMap, silentLoginOnly?: boolean) => Promise<void>;
|
|
4
4
|
logout: (callbackPath?: string | null | undefined, extras?: StringMap) => Promise<void>;
|
package/dist/ReactOidc.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ReactOidc.d.ts","sourceRoot":"","sources":["../src/oidc/ReactOidc.tsx"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"ReactOidc.d.ts","sourceRoot":"","sources":["../src/oidc/ReactOidc.tsx"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAkB3C,eAAO,MAAM,OAAO;2BAuBY,MAAM,GAAG,SAAS,WAAqB,SAAS;4BAG9C,MAAM,GAAG,IAAI,GAAG,SAAS,WAAqB,SAAS;2BAGzD,SAAS;;CAIxC,CAAC;AAcF,oBAAY,eAAe,GAAG;IAC1B,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,kBAAkB,CAAC,EAAE,GAAG,CAAC;CAC5B,CAAA;AAED,eAAO,MAAM,kBAAkB,iDAgC9B,CAAC;AAcF,oBAAY,WAAW,GAAG;IACtB,OAAO,CAAC,EAAE,GAAG,CAAC;IACd,cAAc,CAAC,EAAE,GAAG,CAAC;CACxB,CAAA;AAED,eAAO,MAAM,cAAc,6CAgC1B,CAAC"}
|