npm - @ghentcdh/authentication-vue - Versions diffs - 0.0.2-4 → 0.0.2-6 - Mend

@ghentcdh/authentication-vue 0.0.2-4 → 0.0.2-6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/index.mjs +964 -0
package/lib/authentication.store.d.ts +19 -0
package/lib/keycloak.adapter.d.ts +9 -0
package/lib/request.store.d.ts +25 -0
package/package.json +2 -3
package/eslint.config.cjs +0 -21
package/project.json +0 -13
package/src/lib/authentication.store.ts +0 -46
package/src/lib/keycloak.adapter.ts +0 -55
package/src/lib/request.store.ts +0 -126
package/src/lib/vue-shims.d.ts +0 -7
package/tsconfig.json +0 -23
package/tsconfig.lib.json +0 -31
package/tsconfig.spec.json +0 -28
package/vite.config.ts +0 -61
/package/{src/index.ts → index.d.ts} +0 -0

package/index.mjs ADDED Viewed

@@ -0,0 +1,964 @@
+import { defineStore as G } from "pinia";
+import { shallowRef as oe, ref as F, watch as ae } from "vue";
+function q(k) {
+  if (!(this instanceof q))
+    throw new Error("The 'Keycloak' constructor must be invoked with 'new'.");
+  if (typeof k != "string" && !O(k))
+    throw new Error("The 'Keycloak' constructor must be provided with a configuration object, or a URL to a JSON configuration file.");
+  if (O(k)) {
+    const r = "oidcProvider" in k ? ["clientId"] : ["url", "realm", "clientId"];
+    for (const t of r)
+      if (!k[t])
+        throw new Error(`The configuration object is missing the required '${t}' property.`);
+  }
+  var e = this, p, m = [], l, h = {
+    enable: !0,
+    callbackList: [],
+    interval: 5
+  };
+  e.didInitialize = !1;
+  var b = !0, w = Y(console.info), A = Y(console.warn);
+  globalThis.isSecureContext || A(
+    `[KEYCLOAK] Keycloak JS must be used in a 'secure context' to function properly as it relies on browser APIs that are otherwise not available.
+Continuing to run your application insecurely will lead to unexpected behavior and breakage.
+For more information see: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts`
+  ), e.init = function(r = {}) {
+    if (e.didInitialize)
+      throw new Error("A 'Keycloak' instance can only be initialized once.");
+    e.didInitialize = !0, e.authenticated = !1, l = ne();
+    var t = ["default", "cordova", "cordova-native"];
+    if (t.indexOf(r.adapter) > -1 ? p = M(r.adapter) : typeof r.adapter == "object" ? p = r.adapter : window.Cordova || window.cordova ? p = M("cordova") : p = M(), typeof r.useNonce < "u" && (b = r.useNonce), typeof r.checkLoginIframe < "u" && (h.enable = r.checkLoginIframe), r.checkLoginIframeInterval && (h.interval = r.checkLoginIframeInterval), r.onLoad === "login-required" && (e.loginRequired = !0), r.responseMode)
+      if (r.responseMode === "query" || r.responseMode === "fragment")
+        e.responseMode = r.responseMode;
+      else
+        throw "Invalid value for responseMode";
+    if (r.flow) {
+      switch (r.flow) {
+        case "standard":
+          e.responseType = "code";
+          break;
+        case "implicit":
+          e.responseType = "id_token token";
+          break;
+        case "hybrid":
+          e.responseType = "code id_token token";
+          break;
+        default:
+          throw "Invalid value for flow";
+      }
+      e.flow = r.flow;
+    }
+    if (r.timeSkew != null && (e.timeSkew = r.timeSkew), r.redirectUri && (e.redirectUri = r.redirectUri), r.silentCheckSsoRedirectUri && (e.silentCheckSsoRedirectUri = r.silentCheckSsoRedirectUri), typeof r.silentCheckSsoFallback == "boolean" ? e.silentCheckSsoFallback = r.silentCheckSsoFallback : e.silentCheckSsoFallback = !0, typeof r.pkceMethod < "u") {
+      if (r.pkceMethod !== "S256" && r.pkceMethod !== !1)
+        throw new TypeError(`Invalid value for pkceMethod', expected 'S256' or false but got ${r.pkceMethod}.`);
+      e.pkceMethod = r.pkceMethod;
+    } else
+      e.pkceMethod = "S256";
+    typeof r.enableLogging == "boolean" ? e.enableLogging = r.enableLogging : e.enableLogging = !1, r.logoutMethod === "POST" ? e.logoutMethod = "POST" : e.logoutMethod = "GET", typeof r.scope == "string" && (e.scope = r.scope), typeof r.acrValues == "string" && (e.acrValues = r.acrValues), typeof r.messageReceiveTimeout == "number" && r.messageReceiveTimeout > 0 ? e.messageReceiveTimeout = r.messageReceiveTimeout : e.messageReceiveTimeout = 1e4, e.responseMode || (e.responseMode = "fragment"), e.responseType || (e.responseType = "code", e.flow = "standard");
+    var i = v(), s = v();
+    s.promise.then(function() {
+      e.onReady && e.onReady(e.authenticated), i.setSuccess(e.authenticated);
+    }).catch(function(o) {
+      i.setError(o);
+    });
+    var a = Z();
+    function c() {
+      var o = function(d) {
+        d || (f.prompt = "none"), r.locale && (f.locale = r.locale), e.login(f).then(function() {
+          s.setSuccess();
+        }).catch(function(g) {
+          s.setError(g);
+        });
+      }, u = async function() {
+        var d = document.createElement("iframe"), g = await e.createLoginUrl({ prompt: "none", redirectUri: e.silentCheckSsoRedirectUri });
+        d.setAttribute("src", g), d.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin"), d.setAttribute("title", "keycloak-silent-check-sso"), d.style.display = "none", document.body.appendChild(d);
+        var y = function(T) {
+          if (!(T.origin !== window.location.origin || d.contentWindow !== T.source)) {
+            var S = E(T.data);
+            U(S, s), document.body.removeChild(d), window.removeEventListener("message", y);
+          }
+        };
+        window.addEventListener("message", y);
+      }, f = {};
+      switch (r.onLoad) {
+        case "check-sso":
+          h.enable ? x().then(function() {
+            L().then(function(d) {
+              d ? s.setSuccess() : e.silentCheckSsoRedirectUri ? u() : o(!1);
+            }).catch(function(d) {
+              s.setError(d);
+            });
+          }) : e.silentCheckSsoRedirectUri ? u() : o(!1);
+          break;
+        case "login-required":
+          o(!0);
+          break;
+        default:
+          throw "Invalid value for onLoad";
+      }
+    }
+    function n() {
+      var o = E(window.location.href);
+      if (o && window.history.replaceState(window.history.state, null, o.newUrl), o && o.valid)
+        return x().then(function() {
+          U(o, s);
+        }).catch(function(u) {
+          s.setError(u);
+        });
+      r.token && r.refreshToken ? (C(r.token, r.refreshToken, r.idToken), h.enable ? x().then(function() {
+        L().then(function(u) {
+          u ? (e.onAuthSuccess && e.onAuthSuccess(), s.setSuccess(), P()) : s.setSuccess();
+        }).catch(function(u) {
+          s.setError(u);
+        });
+      }) : e.updateToken(-1).then(function() {
+        e.onAuthSuccess && e.onAuthSuccess(), s.setSuccess();
+      }).catch(function(u) {
+        e.onAuthError && e.onAuthError(), r.onLoad ? c() : s.setError(u);
+      })) : r.onLoad ? c() : s.setSuccess();
+    }
+    return a.then(function() {
+      te().then(n).catch(function(o) {
+        i.setError(o);
+      });
+    }), a.catch(function(o) {
+      i.setError(o);
+    }), i.promise;
+  }, e.login = function(r) {
+    return p.login(r);
+  };
+  function R(r) {
+    if (typeof crypto > "u" || typeof crypto.getRandomValues > "u")
+      throw new Error("Web Crypto API is not available.");
+    return crypto.getRandomValues(new Uint8Array(r));
+  }
+  function B(r) {
+    return X(r, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
+  }
+  function X(r, t) {
+    for (var i = R(r), s = new Array(r), a = 0; a < r; a++)
+      s[a] = t.charCodeAt(i[a] % t.length);
+    return String.fromCharCode.apply(null, s);
+  }
+  async function W(r, t) {
+    if (r !== "S256")
+      throw new TypeError(`Invalid value for 'pkceMethod', expected 'S256' but got '${r}'.`);
+    const i = new Uint8Array(await ie(t));
+    return se(i).replace(/\+/g, "-").replace(/\//g, "_").replace(/\=/g, "");
+  }
+  function $(r) {
+    var t = {
+      id_token: {
+        acr: r
+      }
+    };
+    return JSON.stringify(t);
+  }
+  e.createLoginUrl = async function(r) {
+    var t = V(), i = V(), s = p.redirectUri(r), a = {
+      state: t,
+      nonce: i,
+      redirectUri: encodeURIComponent(s),
+      loginOptions: r
+    };
+    r && r.prompt && (a.prompt = r.prompt);
+    var c;
+    r && r.action == "register" ? c = e.endpoints.register() : c = e.endpoints.authorize();
+    var n = r && r.scope || e.scope;
+    n ? n.indexOf("openid") === -1 && (n = "openid " + n) : n = "openid";
+    var o = c + "?client_id=" + encodeURIComponent(e.clientId) + "&redirect_uri=" + encodeURIComponent(s) + "&state=" + encodeURIComponent(t) + "&response_mode=" + encodeURIComponent(e.responseMode) + "&response_type=" + encodeURIComponent(e.responseType) + "&scope=" + encodeURIComponent(n);
+    if (b && (o = o + "&nonce=" + encodeURIComponent(i)), r && r.prompt && (o += "&prompt=" + encodeURIComponent(r.prompt)), r && typeof r.maxAge == "number" && (o += "&max_age=" + encodeURIComponent(r.maxAge)), r && r.loginHint && (o += "&login_hint=" + encodeURIComponent(r.loginHint)), r && r.idpHint && (o += "&kc_idp_hint=" + encodeURIComponent(r.idpHint)), r && r.action && r.action != "register" && (o += "&kc_action=" + encodeURIComponent(r.action)), r && r.locale && (o += "&ui_locales=" + encodeURIComponent(r.locale)), r && r.acr) {
+      var u = $(r.acr);
+      o += "&claims=" + encodeURIComponent(u);
+    }
+    if ((r && r.acrValues || e.acrValues) && (o += "&acr_values=" + encodeURIComponent(r.acrValues || e.acrValues)), e.pkceMethod)
+      try {
+        const f = B(96), d = await W(e.pkceMethod, f);
+        a.pkceCodeVerifier = f, o += "&code_challenge=" + d, o += "&code_challenge_method=" + e.pkceMethod;
+      } catch (f) {
+        throw new Error("Failed to generate PKCE challenge.", { cause: f });
+      }
+    return l.add(a), o;
+  }, e.logout = function(r) {
+    return p.logout(r);
+  }, e.createLogoutUrl = function(r) {
+    if (((r == null ? void 0 : r.logoutMethod) ?? e.logoutMethod) === "POST")
+      return e.endpoints.logout();
+    var i = e.endpoints.logout() + "?client_id=" + encodeURIComponent(e.clientId) + "&post_logout_redirect_uri=" + encodeURIComponent(p.redirectUri(r, !1));
+    return e.idToken && (i += "&id_token_hint=" + encodeURIComponent(e.idToken)), i;
+  }, e.register = function(r) {
+    return p.register(r);
+  }, e.createRegisterUrl = async function(r) {
+    return r || (r = {}), r.action = "register", await e.createLoginUrl(r);
+  }, e.createAccountUrl = function(r) {
+    var t = _(), i = void 0;
+    return typeof t < "u" && (i = t + "/account?referrer=" + encodeURIComponent(e.clientId) + "&referrer_uri=" + encodeURIComponent(p.redirectUri(r))), i;
+  }, e.accountManagement = function() {
+    return p.accountManagement();
+  }, e.hasRealmRole = function(r) {
+    var t = e.realmAccess;
+    return !!t && t.roles.indexOf(r) >= 0;
+  }, e.hasResourceRole = function(r, t) {
+    if (!e.resourceAccess)
+      return !1;
+    var i = e.resourceAccess[t || e.clientId];
+    return !!i && i.roles.indexOf(r) >= 0;
+  }, e.loadUserProfile = function() {
+    var r = _() + "/account", t = new XMLHttpRequest();
+    t.open("GET", r, !0), t.setRequestHeader("Accept", "application/json"), t.setRequestHeader("Authorization", "bearer " + e.token);
+    var i = v();
+    return t.onreadystatechange = function() {
+      t.readyState == 4 && (t.status == 200 ? (e.profile = JSON.parse(t.responseText), i.setSuccess(e.profile)) : i.setError());
+    }, t.send(), i.promise;
+  }, e.loadUserInfo = function() {
+    var r = e.endpoints.userinfo(), t = new XMLHttpRequest();
+    t.open("GET", r, !0), t.setRequestHeader("Accept", "application/json"), t.setRequestHeader("Authorization", "bearer " + e.token);
+    var i = v();
+    return t.onreadystatechange = function() {
+      t.readyState == 4 && (t.status == 200 ? (e.userInfo = JSON.parse(t.responseText), i.setSuccess(e.userInfo)) : i.setError());
+    }, t.send(), i.promise;
+  }, e.isTokenExpired = function(r) {
+    if (!e.tokenParsed || !e.refreshToken && e.flow != "implicit")
+      throw "Not authenticated";
+    if (e.timeSkew == null)
+      return w("[KEYCLOAK] Unable to determine if token is expired as timeskew is not set"), !0;
+    var t = e.tokenParsed.exp - Math.ceil((/* @__PURE__ */ new Date()).getTime() / 1e3) + e.timeSkew;
+    if (r) {
+      if (isNaN(r))
+        throw "Invalid minValidity";
+      t -= r;
+    }
+    return t < 0;
+  }, e.updateToken = function(r) {
+    var t = v();
+    if (!e.refreshToken)
+      return t.setError(), t.promise;
+    r = r || 5;
+    var i = function() {
+      var a = !1;
+      if (r == -1 ? (a = !0, w("[KEYCLOAK] Refreshing token: forced refresh")) : (!e.tokenParsed || e.isTokenExpired(r)) && (a = !0, w("[KEYCLOAK] Refreshing token: token expired")), !a)
+        t.setSuccess(!1);
+      else {
+        var c = "grant_type=refresh_token&refresh_token=" + e.refreshToken, n = e.endpoints.token();
+        if (m.push(t), m.length == 1) {
+          var o = new XMLHttpRequest();
+          o.open("POST", n, !0), o.setRequestHeader("Content-type", "application/x-www-form-urlencoded"), o.withCredentials = !0, c += "&client_id=" + encodeURIComponent(e.clientId);
+          var u = (/* @__PURE__ */ new Date()).getTime();
+          o.onreadystatechange = function() {
+            if (o.readyState == 4)
+              if (o.status == 200) {
+                w("[KEYCLOAK] Token refreshed"), u = (u + (/* @__PURE__ */ new Date()).getTime()) / 2;
+                var f = JSON.parse(o.responseText);
+                C(f.access_token, f.refresh_token, f.id_token, u), e.onAuthRefreshSuccess && e.onAuthRefreshSuccess();
+                for (var d = m.pop(); d != null; d = m.pop())
+                  d.setSuccess(!0);
+              } else {
+                A("[KEYCLOAK] Failed to refresh token"), o.status == 400 && e.clearToken(), e.onAuthRefreshError && e.onAuthRefreshError();
+                for (var d = m.pop(); d != null; d = m.pop())
+                  d.setError("Failed to refresh token: An unexpected HTTP error occurred while attempting to refresh the token.");
+              }
+          }, o.send(c);
+        }
+      }
+    };
+    if (h.enable) {
+      var s = L();
+      s.then(function() {
+        i();
+      }).catch(function(a) {
+        t.setError(a);
+      });
+    } else
+      i();
+    return t.promise;
+  }, e.clearToken = function() {
+    e.token && (C(null, null, null), e.onAuthLogout && e.onAuthLogout(), e.loginRequired && e.login());
+  };
+  function _() {
+    if (typeof e.authServerUrl < "u")
+      return e.authServerUrl.charAt(e.authServerUrl.length - 1) == "/" ? e.authServerUrl + "realms/" + encodeURIComponent(e.realm) : e.authServerUrl + "/realms/" + encodeURIComponent(e.realm);
+  }
+  function Q() {
+    return window.location.origin ? window.location.origin : window.location.protocol + "//" + window.location.hostname + (window.location.port ? ":" + window.location.port : "");
+  }
+  function U(r, t) {
+    var i = r.code, s = r.error, a = r.prompt, c = (/* @__PURE__ */ new Date()).getTime();
+    if (r.kc_action_status && e.onActionUpdate && e.onActionUpdate(r.kc_action_status, r.kc_action), s) {
+      if (a != "none")
+        if (r.error_description && r.error_description === "authentication_expired")
+          e.login(r.loginOptions);
+        else {
+          var n = { error: s, error_description: r.error_description };
+          e.onAuthError && e.onAuthError(n), t && t.setError(n);
+        }
+      else
+        t && t.setSuccess();
+      return;
+    } else e.flow != "standard" && (r.access_token || r.id_token) && d(r.access_token, null, r.id_token, !0);
+    if (e.flow != "implicit" && i) {
+      var o = "code=" + i + "&grant_type=authorization_code", u = e.endpoints.token(), f = new XMLHttpRequest();
+      f.open("POST", u, !0), f.setRequestHeader("Content-type", "application/x-www-form-urlencoded"), o += "&client_id=" + encodeURIComponent(e.clientId), o += "&redirect_uri=" + r.redirectUri, r.pkceCodeVerifier && (o += "&code_verifier=" + r.pkceCodeVerifier), f.withCredentials = !0, f.onreadystatechange = function() {
+        if (f.readyState == 4)
+          if (f.status == 200) {
+            var g = JSON.parse(f.responseText);
+            d(g.access_token, g.refresh_token, g.id_token, e.flow === "standard"), P();
+          } else
+            e.onAuthError && e.onAuthError(), t && t.setError();
+      }, f.send(o);
+    }
+    function d(g, y, T, S) {
+      c = (c + (/* @__PURE__ */ new Date()).getTime()) / 2, C(g, y, T, c), b && e.idTokenParsed && e.idTokenParsed.nonce != r.storedNonce ? (w("[KEYCLOAK] Invalid nonce, clearing token"), e.clearToken(), t && t.setError()) : S && (e.onAuthSuccess && e.onAuthSuccess(), t && t.setSuccess());
+    }
+  }
+  function Z() {
+    var r = v(), t;
+    typeof k == "string" && (t = k);
+    function i(n) {
+      n ? e.endpoints = {
+        authorize: function() {
+          return n.authorization_endpoint;
+        },
+        token: function() {
+          return n.token_endpoint;
+        },
+        logout: function() {
+          if (!n.end_session_endpoint)
+            throw "Not supported by the OIDC server";
+          return n.end_session_endpoint;
+        },
+        checkSessionIframe: function() {
+          if (!n.check_session_iframe)
+            throw "Not supported by the OIDC server";
+          return n.check_session_iframe;
+        },
+        register: function() {
+          throw 'Redirection to "Register user" page not supported in standard OIDC mode';
+        },
+        userinfo: function() {
+          if (!n.userinfo_endpoint)
+            throw "Not supported by the OIDC server";
+          return n.userinfo_endpoint;
+        }
+      } : e.endpoints = {
+        authorize: function() {
+          return _() + "/protocol/openid-connect/auth";
+        },
+        token: function() {
+          return _() + "/protocol/openid-connect/token";
+        },
+        logout: function() {
+          return _() + "/protocol/openid-connect/logout";
+        },
+        checkSessionIframe: function() {
+          return _() + "/protocol/openid-connect/login-status-iframe.html";
+        },
+        thirdPartyCookiesIframe: function() {
+          return _() + "/protocol/openid-connect/3p-cookies/step1.html";
+        },
+        register: function() {
+          return _() + "/protocol/openid-connect/registrations";
+        },
+        userinfo: function() {
+          return _() + "/protocol/openid-connect/userinfo";
+        }
+      };
+    }
+    if (t) {
+      var s = new XMLHttpRequest();
+      s.open("GET", t, !0), s.setRequestHeader("Accept", "application/json"), s.onreadystatechange = function() {
+        if (s.readyState == 4)
+          if (s.status == 200 || J(s)) {
+            var n = JSON.parse(s.responseText);
+            e.authServerUrl = n["auth-server-url"], e.realm = n.realm, e.clientId = n.resource, i(null), r.setSuccess();
+          } else
+            r.setError();
+      }, s.send();
+    } else {
+      e.clientId = k.clientId;
+      var a = k.oidcProvider;
+      if (!a)
+        e.authServerUrl = k.url, e.realm = k.realm, i(null), r.setSuccess();
+      else if (typeof a == "string") {
+        var c;
+        a.charAt(a.length - 1) == "/" ? c = a + ".well-known/openid-configuration" : c = a + "/.well-known/openid-configuration";
+        var s = new XMLHttpRequest();
+        s.open("GET", c, !0), s.setRequestHeader("Accept", "application/json"), s.onreadystatechange = function() {
+          if (s.readyState == 4)
+            if (s.status == 200 || J(s)) {
+              var o = JSON.parse(s.responseText);
+              i(o), r.setSuccess();
+            } else
+              r.setError();
+        }, s.send();
+      } else
+        i(a), r.setSuccess();
+    }
+    return r.promise;
+  }
+  function J(r) {
+    return r.status == 0 && r.responseText && r.responseURL.startsWith("file:");
+  }
+  function C(r, t, i, s) {
+    if (e.tokenTimeoutHandle && (clearTimeout(e.tokenTimeoutHandle), e.tokenTimeoutHandle = null), t ? (e.refreshToken = t, e.refreshTokenParsed = D(t)) : (delete e.refreshToken, delete e.refreshTokenParsed), i ? (e.idToken = i, e.idTokenParsed = D(i)) : (delete e.idToken, delete e.idTokenParsed), r) {
+      if (e.token = r, e.tokenParsed = D(r), e.sessionId = e.tokenParsed.sid, e.authenticated = !0, e.subject = e.tokenParsed.sub, e.realmAccess = e.tokenParsed.realm_access, e.resourceAccess = e.tokenParsed.resource_access, s && (e.timeSkew = Math.floor(s / 1e3) - e.tokenParsed.iat), e.timeSkew != null && (w("[KEYCLOAK] Estimated time difference between browser and server is " + e.timeSkew + " seconds"), e.onTokenExpired)) {
+        var a = (e.tokenParsed.exp - (/* @__PURE__ */ new Date()).getTime() / 1e3 + e.timeSkew) * 1e3;
+        w("[KEYCLOAK] Token expires in " + Math.round(a / 1e3) + " s"), a <= 0 ? e.onTokenExpired() : e.tokenTimeoutHandle = setTimeout(e.onTokenExpired, a);
+      }
+    } else
+      delete e.token, delete e.tokenParsed, delete e.subject, delete e.realmAccess, delete e.resourceAccess, e.authenticated = !1;
+  }
+  function V() {
+    if (typeof crypto > "u" || typeof crypto.randomUUID > "u")
+      throw new Error("Web Crypto API is not available.");
+    return crypto.randomUUID();
+  }
+  function E(r) {
+    var t = ee(r);
+    if (t) {
+      var i = l.get(t.state);
+      return i && (t.valid = !0, t.redirectUri = i.redirectUri, t.storedNonce = i.nonce, t.prompt = i.prompt, t.pkceCodeVerifier = i.pkceCodeVerifier, t.loginOptions = i.loginOptions), t;
+    }
+  }
+  function ee(r) {
+    var t;
+    switch (e.flow) {
+      case "standard":
+        t = ["code", "state", "session_state", "kc_action_status", "kc_action", "iss"];
+        break;
+      case "implicit":
+        t = ["access_token", "token_type", "id_token", "state", "session_state", "expires_in", "kc_action_status", "kc_action", "iss"];
+        break;
+      case "hybrid":
+        t = ["access_token", "token_type", "id_token", "code", "state", "session_state", "expires_in", "kc_action_status", "kc_action", "iss"];
+        break;
+    }
+    t.push("error"), t.push("error_description"), t.push("error_uri");
+    var i = r.indexOf("?"), s = r.indexOf("#"), a, c;
+    if (e.responseMode === "query" && i !== -1 ? (a = r.substring(0, i), c = z(r.substring(i + 1, s !== -1 ? s : r.length), t), c.paramsString !== "" && (a += "?" + c.paramsString), s !== -1 && (a += r.substring(s))) : e.responseMode === "fragment" && s !== -1 && (a = r.substring(0, s), c = z(r.substring(s + 1), t), c.paramsString !== "" && (a += "#" + c.paramsString)), c && c.oauthParams) {
+      if (e.flow === "standard" || e.flow === "hybrid") {
+        if ((c.oauthParams.code || c.oauthParams.error) && c.oauthParams.state)
+          return c.oauthParams.newUrl = a, c.oauthParams;
+      } else if (e.flow === "implicit" && (c.oauthParams.access_token || c.oauthParams.error) && c.oauthParams.state)
+        return c.oauthParams.newUrl = a, c.oauthParams;
+    }
+  }
+  function z(r, t) {
+    for (var i = r.split("&"), s = {
+      paramsString: "",
+      oauthParams: {}
+    }, a = 0; a < i.length; a++) {
+      var c = i[a].indexOf("="), n = i[a].slice(0, c);
+      t.indexOf(n) !== -1 ? s.oauthParams[n] = i[a].slice(c + 1) : (s.paramsString !== "" && (s.paramsString += "&"), s.paramsString += i[a]);
+    }
+    return s;
+  }
+  function v() {
+    var r = {
+      setSuccess: function(t) {
+        r.resolve(t);
+      },
+      setError: function(t) {
+        r.reject(t);
+      }
+    };
+    return r.promise = new Promise(function(t, i) {
+      r.resolve = t, r.reject = i;
+    }), r;
+  }
+  function re(r, t, i) {
+    var s = null, a = new Promise(function(c, n) {
+      s = setTimeout(function() {
+        n({ error: i });
+      }, t);
+    });
+    return Promise.race([r, a]).finally(function() {
+      clearTimeout(s);
+    });
+  }
+  function x() {
+    var r = v();
+    if (!h.enable || h.iframe)
+      return r.setSuccess(), r.promise;
+    var t = document.createElement("iframe");
+    h.iframe = t, t.onload = function() {
+      var a = e.endpoints.authorize();
+      a.charAt(0) === "/" ? h.iframeOrigin = Q() : h.iframeOrigin = a.substring(0, a.indexOf("/", 8)), r.setSuccess();
+    };
+    var i = e.endpoints.checkSessionIframe();
+    t.setAttribute("src", i), t.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin"), t.setAttribute("title", "keycloak-session-iframe"), t.style.display = "none", document.body.appendChild(t);
+    var s = function(a) {
+      if (!(a.origin !== h.iframeOrigin || h.iframe.contentWindow !== a.source) && (a.data == "unchanged" || a.data == "changed" || a.data == "error")) {
+        a.data != "unchanged" && e.clearToken();
+        for (var c = h.callbackList.splice(0, h.callbackList.length), n = c.length - 1; n >= 0; --n) {
+          var o = c[n];
+          a.data == "error" ? o.setError() : o.setSuccess(a.data == "unchanged");
+        }
+      }
+    };
+    return window.addEventListener("message", s, !1), r.promise;
+  }
+  function P() {
+    h.enable && e.token && setTimeout(function() {
+      L().then(function(r) {
+        r && P();
+      });
+    }, h.interval * 1e3);
+  }
+  function L() {
+    var r = v();
+    if (h.iframe && h.iframeOrigin) {
+      var t = e.clientId + " " + (e.sessionId ? e.sessionId : "");
+      h.callbackList.push(r);
+      var i = h.iframeOrigin;
+      h.callbackList.length == 1 && h.iframe.contentWindow.postMessage(t, i);
+    } else
+      r.setSuccess();
+    return r.promise;
+  }
+  function te() {
+    var r = v();
+    if ((h.enable || e.silentCheckSsoRedirectUri) && typeof e.endpoints.thirdPartyCookiesIframe == "function") {
+      var t = document.createElement("iframe");
+      t.setAttribute("src", e.endpoints.thirdPartyCookiesIframe()), t.setAttribute("sandbox", "allow-storage-access-by-user-activation allow-scripts allow-same-origin"), t.setAttribute("title", "keycloak-3p-check-iframe"), t.style.display = "none", document.body.appendChild(t);
+      var i = function(s) {
+        t.contentWindow === s.source && (s.data !== "supported" && s.data !== "unsupported" || (s.data === "unsupported" && (A(
+          `[KEYCLOAK] Your browser is blocking access to 3rd-party cookies, this means:
+ - It is not possible to retrieve tokens without redirecting to the Keycloak server (a.k.a. no support for silent authentication).
+ - It is not possible to automatically detect changes to the session status (such as the user logging out in another tab).
+For more information see: https://www.keycloak.org/securing-apps/javascript-adapter#_modern_browsers`
+        ), h.enable = !1, e.silentCheckSsoFallback && (e.silentCheckSsoRedirectUri = !1)), document.body.removeChild(t), window.removeEventListener("message", i), r.setSuccess()));
+      };
+      window.addEventListener("message", i, !1);
+    } else
+      r.setSuccess();
+    return re(r.promise, e.messageReceiveTimeout, "Timeout when waiting for 3rd party check iframe message.");
+  }
+  function M(r) {
+    if (!r || r == "default")
+      return {
+        login: async function(n) {
+          return window.location.assign(await e.createLoginUrl(n)), v().promise;
+        },
+        logout: async function(n) {
+          if (((n == null ? void 0 : n.logoutMethod) ?? e.logoutMethod) === "GET") {
+            window.location.replace(e.createLogoutUrl(n));
+            return;
+          }
+          const u = document.createElement("form");
+          u.setAttribute("method", "POST"), u.setAttribute("action", e.createLogoutUrl(n)), u.style.display = "none";
+          const f = {
+            id_token_hint: e.idToken,
+            client_id: e.clientId,
+            post_logout_redirect_uri: p.redirectUri(n, !1)
+          };
+          for (const [d, g] of Object.entries(f)) {
+            const y = document.createElement("input");
+            y.setAttribute("type", "hidden"), y.setAttribute("name", d), y.setAttribute("value", g), u.appendChild(y);
+          }
+          document.body.appendChild(u), u.submit();
+        },
+        register: async function(n) {
+          return window.location.assign(await e.createRegisterUrl(n)), v().promise;
+        },
+        accountManagement: function() {
+          var n = e.createAccountUrl();
+          if (typeof n < "u")
+            window.location.href = n;
+          else
+            throw "Not supported by the OIDC server";
+          return v().promise;
+        },
+        redirectUri: function(n, o) {
+          return n && n.redirectUri ? n.redirectUri : e.redirectUri ? e.redirectUri : location.href;
+        }
+      };
+    if (r == "cordova") {
+      h.enable = !1;
+      var t = function(n, o, u) {
+        return window.cordova && window.cordova.InAppBrowser ? window.cordova.InAppBrowser.open(n, o, u) : window.open(n, o, u);
+      }, i = function(n) {
+        return n && n.cordovaOptions ? Object.keys(n.cordovaOptions).reduce(function(o, u) {
+          return o[u] = n.cordovaOptions[u], o;
+        }, {}) : {};
+      }, s = function(n) {
+        return Object.keys(n).reduce(function(o, u) {
+          return o.push(u + "=" + n[u]), o;
+        }, []).join(",");
+      }, a = function(n) {
+        var o = i(n);
+        return o.location = "no", n && n.prompt == "none" && (o.hidden = "yes"), s(o);
+      }, c = function() {
+        return e.redirectUri || "http://localhost";
+      };
+      return {
+        login: async function(n) {
+          var o = v(), u = a(n), f = await e.createLoginUrl(n), d = t(f, "_blank", u), g = !1, y = !1, T = function() {
+            y = !0, d.close();
+          };
+          return d.addEventListener("loadstart", function(S) {
+            if (S.url.indexOf(c()) == 0) {
+              var K = E(S.url);
+              U(K, o), T(), g = !0;
+            }
+          }), d.addEventListener("loaderror", function(S) {
+            if (!g)
+              if (S.url.indexOf(c()) == 0) {
+                var K = E(S.url);
+                U(K, o), T(), g = !0;
+              } else
+                o.setError(), T();
+          }), d.addEventListener("exit", function(S) {
+            y || o.setError({
+              reason: "closed_by_user"
+            });
+          }), o.promise;
+        },
+        logout: function(n) {
+          var o = v(), u = e.createLogoutUrl(n), f = t(u, "_blank", "location=no,hidden=yes,clearcache=yes"), d;
+          return f.addEventListener("loadstart", function(g) {
+            g.url.indexOf(c()) == 0 && f.close();
+          }), f.addEventListener("loaderror", function(g) {
+            g.url.indexOf(c()) == 0 || (d = !0), f.close();
+          }), f.addEventListener("exit", function(g) {
+            d ? o.setError() : (e.clearToken(), o.setSuccess());
+          }), o.promise;
+        },
+        register: async function(n) {
+          var o = v(), u = await e.createRegisterUrl(), f = a(n), d = t(u, "_blank", f);
+          return d.addEventListener("loadstart", function(g) {
+            if (g.url.indexOf(c()) == 0) {
+              d.close();
+              var y = E(g.url);
+              U(y, o);
+            }
+          }), o.promise;
+        },
+        accountManagement: function() {
+          var n = e.createAccountUrl();
+          if (typeof n < "u") {
+            var o = t(n, "_blank", "location=no");
+            o.addEventListener("loadstart", function(u) {
+              u.url.indexOf(c()) == 0 && o.close();
+            });
+          } else
+            throw "Not supported by the OIDC server";
+        },
+        redirectUri: function(n) {
+          return c();
+        }
+      };
+    }
+    if (r == "cordova-native")
+      return h.enable = !1, {
+        login: async function(n) {
+          var o = v(), u = await e.createLoginUrl(n);
+          return universalLinks.subscribe("keycloak", function(f) {
+            universalLinks.unsubscribe("keycloak"), window.cordova.plugins.browsertab.close();
+            var d = E(f.url);
+            U(d, o);
+          }), window.cordova.plugins.browsertab.openUrl(u), o.promise;
+        },
+        logout: function(n) {
+          var o = v(), u = e.createLogoutUrl(n);
+          return universalLinks.subscribe("keycloak", function(f) {
+            universalLinks.unsubscribe("keycloak"), window.cordova.plugins.browsertab.close(), e.clearToken(), o.setSuccess();
+          }), window.cordova.plugins.browsertab.openUrl(u), o.promise;
+        },
+        register: async function(n) {
+          var o = v(), u = await e.createRegisterUrl(n);
+          return universalLinks.subscribe("keycloak", function(f) {
+            universalLinks.unsubscribe("keycloak"), window.cordova.plugins.browsertab.close();
+            var d = E(f.url);
+            U(d, o);
+          }), window.cordova.plugins.browsertab.openUrl(u), o.promise;
+        },
+        accountManagement: function() {
+          var n = e.createAccountUrl();
+          if (typeof n < "u")
+            window.cordova.plugins.browsertab.openUrl(n);
+          else
+            throw "Not supported by the OIDC server";
+        },
+        redirectUri: function(n) {
+          return n && n.redirectUri ? n.redirectUri : e.redirectUri ? e.redirectUri : "http://localhost";
+        }
+      };
+    throw "invalid adapter type: " + r;
+  }
+  const I = "kc-callback-";
+  var H = function() {
+    if (!(this instanceof H))
+      return new H();
+    localStorage.setItem("kc-test", "test"), localStorage.removeItem("kc-test");
+    var r = this;
+    function t() {
+      const c = Date.now();
+      for (const [n, o] of s()) {
+        const u = a(o);
+        (u === null || u < c) && localStorage.removeItem(n);
+      }
+    }
+    function i() {
+      for (const [c] of s())
+        localStorage.removeItem(c);
+    }
+    function s() {
+      return Object.entries(localStorage).filter(([c]) => c.startsWith(I));
+    }
+    function a(c) {
+      let n;
+      try {
+        n = JSON.parse(c);
+      } catch {
+        return null;
+      }
+      return O(n) && "expires" in n && typeof n.expires == "number" ? n.expires : null;
+    }
+    r.get = function(c) {
+      if (c) {
+        var n = I + c, o = localStorage.getItem(n);
+        return o && (localStorage.removeItem(n), o = JSON.parse(o)), t(), o;
+      }
+    }, r.add = function(c) {
+      t();
+      const n = I + c.state, o = JSON.stringify({
+        ...c,
+        // Set the expiry time to 1 hour from now.
+        expires: Date.now() + 60 * 60 * 1e3
+      });
+      try {
+        localStorage.setItem(n, o);
+      } catch {
+        i(), localStorage.setItem(n, o);
+      }
+    };
+  }, N = function() {
+    if (!(this instanceof N))
+      return new N();
+    var r = this;
+    r.get = function(a) {
+      if (a) {
+        var c = i(I + a);
+        if (s(I + a, "", t(-100)), c)
+          return JSON.parse(c);
+      }
+    }, r.add = function(a) {
+      s(I + a.state, JSON.stringify(a), t(60));
+    }, r.removeItem = function(a) {
+      s(a, "", t(-100));
+    };
+    var t = function(a) {
+      var c = /* @__PURE__ */ new Date();
+      return c.setTime(c.getTime() + a * 60 * 1e3), c;
+    }, i = function(a) {
+      for (var c = a + "=", n = document.cookie.split(";"), o = 0; o < n.length; o++) {
+        for (var u = n[o]; u.charAt(0) == " "; )
+          u = u.substring(1);
+        if (u.indexOf(c) == 0)
+          return u.substring(c.length, u.length);
+      }
+      return "";
+    }, s = function(a, c, n) {
+      var o = a + "=" + c + "; expires=" + n.toUTCString() + "; ";
+      document.cookie = o;
+    };
+  };
+  function ne() {
+    try {
+      return new H();
+    } catch {
+    }
+    return new N();
+  }
+  function Y(r) {
+    return function() {
+      e.enableLogging && r.apply(console, Array.prototype.slice.call(arguments));
+    };
+  }
+}
+function se(k) {
+  const e = String.fromCodePoint(...k);
+  return btoa(e);
+}
+async function ie(k) {
+  const p = new TextEncoder().encode(k);
+  if (typeof crypto > "u" || typeof crypto.subtle > "u")
+    throw new Error("Web Crypto API is not available.");
+  return await crypto.subtle.digest("SHA-256", p);
+}
+function D(k) {
+  const [e, p] = k.split(".");
+  if (typeof p != "string")
+    throw new Error("Unable to decode token, payload not found.");
+  let m;
+  try {
+    m = ce(p);
+  } catch (l) {
+    throw new Error("Unable to decode token, payload is not a valid Base64URL value.", { cause: l });
+  }
+  try {
+    return JSON.parse(m);
+  } catch (l) {
+    throw new Error("Unable to decode token, payload is not a valid JSON value.", { cause: l });
+  }
+}
+function ce(k) {
+  let e = k.replaceAll("-", "+").replaceAll("_", "/");
+  switch (e.length % 4) {
+    case 0:
+      break;
+    case 2:
+      e += "==";
+      break;
+    case 3:
+      e += "=";
+      break;
+    default:
+      throw new Error("Input is not of the correct length.");
+  }
+  try {
+    return ue(e);
+  } catch {
+    return atob(e);
+  }
+}
+function ue(k) {
+  return decodeURIComponent(atob(k).replace(/(.)/g, (e, p) => {
+    let m = p.charCodeAt(0).toString(16).toUpperCase();
+    return m.length < 2 && (m = "0" + m), "%" + m;
+  }));
+}
+function O(k) {
+  return typeof k == "object" && k !== null;
+}
+const le = {};
+class j extends q {
+  constructor() {
+    const { VITE_KEYCLOAK_REALM: e, VITE_KEYCLOAK_HOST: p, VITE_KEYCLOAK_CLIENT_ID: m } = le;
+    super({
+      url: p,
+      realm: e,
+      clientId: m
+    });
+  }
+  async initialize() {
+    try {
+      await this.init(
+        {
+          onLoad: "login-required"
+        }
+      ) && console.log("User is authenticated"), console.log("User is not authenticated");
+    } catch (e) {
+      console.error("Failed to initialize adapter:", e);
+    }
+  }
+  static async init() {
+    const e = new j();
+    return await e.initialize(), e;
+  }
+  get userInfo() {
+    return this.idTokenParsed;
+  }
+  updateToken() {
+    return this.updateToken(30);
+  }
+  get isAuthenticated() {
+    return this.authenticated ?? !1;
+  }
+}
+const de = "GHENT_CDH_AUTH_STORE", fe = G(de, () => {
+  const k = oe(!1), e = F(), p = F(!1);
+  return j.init().then((l) => (k.value = l.isAuthenticated, e.value = l, p.value = !0, l)), {
+    token: () => {
+      var l;
+      return (l = e.value) == null ? void 0 : l.token;
+    },
+    user: () => {
+      var l;
+      return (l = e.value) == null ? void 0 : l.userInfo;
+    },
+    isAuthenticated: () => {
+      var l;
+      return (l = e.value) == null ? void 0 : l.isAuthenticated;
+    },
+    logout: () => {
+      console.warn("logout");
+    },
+    updateToken: async () => {
+      var l;
+      return p.value || await new Promise((h) => {
+        const b = ae(p, (w) => {
+          w && (b(), h());
+        });
+      }), (l = e.value) == null ? void 0 : l.updateToken();
+    }
+  };
+}), pe = "GHENT_CDH_HTTP_REQUEST", ke = G(pe, () => {
+  const k = fe(), e = async (p, m, l = { contentType: "application/json" }) => {
+    const h = {
+      accept: "application/json",
+      ...m.headers ?? {}
+    };
+    l.contentType && (h["Content-Type"] = l.contentType), l != null && l.skipAuth || (await k.updateToken(), h.Authorization = `Bearer ${k.token()}`);
+    const b = new URL(p, window.location.href);
+    if (l != null && l.queryParams)
+      for (const [A, R] of Object.entries(l.queryParams))
+        b.searchParams.set(A, R);
+    const w = await fetch(b.toString(), {
+      ...m,
+      headers: h
+    });
+    return w.ok ? w.json() : (l != null && l.skipAuth, Promise.reject({
+      content: w.body,
+      status: w.status
+    }));
+  };
+  return {
+    get: (p, m) => e(p, { method: "GET" }, m),
+    postFile: (p, m, l = {}, h) => {
+      const b = new FormData();
+      for (const w in l)
+        b.append(w, l[w]);
+      return b.append("file", m), e(
+        p,
+        {
+          method: "POST",
+          body: b
+        },
+        { ...h, contentType: void 0 }
+      );
+    },
+    post: (p, m, l) => e(
+      p,
+      {
+        method: "POST",
+        body: JSON.stringify(m)
+      },
+      l
+    ),
+    patch: (p, m, l) => e(
+      p,
+      {
+        method: "PATCH",
+        body: JSON.stringify(m)
+      },
+      l
+    ),
+    delete: (p, m, l) => e(
+      p,
+      {
+        method: "DELETE",
+        body: JSON.stringify(m)
+      },
+      l
+    )
+  };
+});
+export {
+  j as KeycloakAdapter,
+  fe as useAuthenticationStore,
+  ke as useHttpStore
+};