@nocobase/plugin-idp-oauth 2.1.0-alpha.12 → 2.1.0-alpha.14

package/dist/client/index.js

@@ -7,4 +7,4 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("antd"),require("react"),require("@nocobase/client"),require("react-router-dom")):"function"==typeof define&&define.amd?define("@nocobase/plugin-idp-oauth",["antd","react","@nocobase/client","react-router-dom"],t):"object"==typeof exports?exports["@nocobase/plugin-idp-oauth"]=t(require("antd"),require("react"),require("@nocobase/client"),require("react-router-dom")):e["@nocobase/plugin-idp-oauth"]=t(e.antd,e.react,e["@nocobase/client"],e["react-router-dom"])}(self,function(e,t,r,n){return function(){"use strict";var o={342:function(e){e.exports=r},59:function(t){t.exports=e},155:function(e){e.exports=t},442:function(e){e.exports=n}},a={};function i(e){var t=a[e];if(void 0!==t)return t.exports;var r=a[e]={exports:{}};return o[e](r,r.exports,i),r.exports}i.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(t,{a:t}),t},i.d=function(e,t){for(var r in t)i.o(t,r)&&!i.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},i.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||Function("return this")()}catch(e){if("object"==typeof window)return window}}(),i.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},i.r=function(e){"u">typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.g.importScripts&&(u=i.g.location+"");var u,c=i.g.document;if(!u&&c&&(c.currentScript&&"SCRIPT"===c.currentScript.tagName.toUpperCase()&&(u=c.currentScript.src),!u)){var l=c.getElementsByTagName("script");if(l.length)for(var s=l.length-1;s>-1&&(!u||!/^http(s?):/.test(u));)u=l[s--].src}if(!u)throw Error("Automatic publicPath is not supported in this browser");i.p=u.replace(/^blob:/,"").replace(/#.*$/,"").replace(/\?.*$/,"").replace(/\/[^\/]+$/,"/");var p={},f=window.__nocobase_public_path__||"";if(!f&&window.location&&window.location.pathname){var d=window.location.pathname||"/",y=d.indexOf("/v2/");f=y>=0?d.slice(0,y+1):"/"}return f&&(f=f.replace(/\/v2\/?$/,"/")),f||(f="/"),"/"!==f.charAt(f.length-1)&&(f+="/"),i.p=f+"static/plugins/@nocobase/plugin-idp-oauth/dist/client/",!function(){i.r(p),i.d(p,{default:function(){return O}});var e=i(342),t=i(59),r=i(155),n=i.n(r),o=i(442);function a(e,t){(null==t||t>e.length)&&(t=e.length);for(var r=0,n=Array(t);r<t;r++)n[r]=e[r];return n}var u=function(){var e,r=(function(e){if(Array.isArray(e))return e}(e=(0,o.useSearchParams)())||function(e){var t,r,n=null==e?null:"u">typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(null!=n){var o=[],a=!0,i=!1;try{for(n=n.call(e);!(a=(t=n.next()).done)&&(o.push(t.value),1!==o.length);a=!0);}catch(e){i=!0,r=e}finally{try{a||null==n.return||n.return()}finally{if(i)throw r}}return o}}(e)||function(e){if(e){if("string"==typeof e)return a(e,1);var t=Object.prototype.toString.call(e).slice(8,-1);if("Object"===t&&e.constructor&&(t=e.constructor.name),"Map"===t||"Set"===t)return Array.from(t);if("Arguments"===t||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t))return a(e,1)}}(e)||function(){throw TypeError("Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}())[0],i=r.get("error"),u=r.get("error_description"),c=r.get("iss");return n().createElement("div",{style:{maxWidth:640,margin:"48px auto",padding:"0 24px"}},n().createElement(t.Result,{status:"error",title:i||"Authentication failed",subTitle:u||void 0}),n().createElement(t.Space,{direction:"vertical",size:"middle",style:{width:"100%"}},c?n().createElement("div",null,n().createElement(t.Typography.Text,{type:"secondary"},"Issuer"),n().createElement("div",null,n().createElement(t.Typography.Text,{code:!0},c))):null))};function c(e,t){(null==t||t>e.length)&&(t=e.length);for(var r=0,n=Array(t);r<t;r++)n[r]=e[r];return n}function l(e,t,r,n,o,a,i){try{var u=e[a](i),c=u.value}catch(e){r(e);return}u.done?t(c):Promise.resolve(c).then(n,o)}function s(e){return function(){var t=this,r=arguments;return new Promise(function(n,o){var a=e.apply(t,r);function i(e){l(a,n,o,i,u,"next",e)}function u(e){l(a,n,o,i,u,"throw",e)}i(void 0)})}}function f(e,t){return function(e){if(Array.isArray(e))return e}(e)||function(e,t){var r,n,o=null==e?null:"u">typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(null!=o){var a=[],i=!0,u=!1;try{for(o=o.call(e);!(i=(r=o.next()).done)&&(a.push(r.value),!t||a.length!==t);i=!0);}catch(e){u=!0,n=e}finally{try{i||null==o.return||o.return()}finally{if(u)throw n}}return a}}(e,t)||function(e,t){if(e){if("string"==typeof e)return c(e,t);var r=Object.prototype.toString.call(e).slice(8,-1);if("Object"===r&&e.constructor&&(r=e.constructor.name),"Map"===r||"Set"===r)return Array.from(r);if("Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r))return c(e,t)}}(e,t)||function(){throw TypeError("Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function d(e,t){var r,n,o,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]},i=Object.create(("function"==typeof Iterator?Iterator:Object).prototype),u=Object.defineProperty;return u(i,"next",{value:c(0)}),u(i,"throw",{value:c(1)}),u(i,"return",{value:c(2)}),"function"==typeof Symbol&&u(i,Symbol.iterator,{value:function(){return this}}),i;function c(u){return function(c){var l=[u,c];if(r)throw TypeError("Generator is already executing.");for(;i&&(i=0,l[0]&&(a=0)),a;)try{if(r=1,n&&(o=2&l[0]?n.return:l[0]?n.throw||((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,l[1])).done)return o;switch(n=0,o&&(l=[2&l[0],o.value]),l[0]){case 0:case 1:o=l;break;case 4:return a.label++,{value:l[1],done:!1};case 5:a.label++,n=l[1],l=[0];continue;case 7:l=a.ops.pop(),a.trys.pop();continue;default:if(!(o=(o=a.trys).length>0&&o[o.length-1])&&(6===l[0]||2===l[0])){a=0;continue}if(3===l[0]&&(!o||l[1]>o[0]&&l[1]<o[3])){a.label=l[1];break}if(6===l[0]&&a.label<o[1]){a.label=o[1],o=l;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(l);break}o[2]&&a.ops.pop(),a.trys.pop();continue}l=t.call(e,a)}catch(e){l=[6,e],n=0}finally{r=o=0}if(5&l[0])throw l[1];return{value:l[0]?l[1]:void 0,done:!0}}}}function y(e,t){var r;return(null!=(r=Error)&&"u">typeof Symbol&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):e instanceof r)?e.message:t}var h=function(){var a=(0,e.useAPIClient)();(0,e.useApp)();var i=(0,o.useNavigate)(),u=(0,o.useParams)(),c=f((0,r.useState)(!0),2),l=c[0],p=c[1],h=f((0,r.useState)(null),2),b=h[0],m=h[1],v=f((0,r.useState)(null),2),g=v[0],w=v[1],S=(0,r.useMemo)(function(){return u.appName&&u.uid?"main"===u.appName?"idpOAuth/interaction/".concat(u.uid):"__app/".concat(u.appName,"/idpOAuth/interaction/").concat(u.uid):null},[u.appName,u.uid]),x=(0,r.useMemo)(function(){return u.appName&&u.uid?"/idp-oauth/interaction/".concat(u.appName,"/").concat(u.uid):"/signin"},[u.appName,u.uid]),O=function(e,t){return s(function(){var r,n,o,u,c,l;return d(this,function(s){switch(s.label){case 0:if(!S)return m("Invalid interaction path"),p(!1),[2];return n=a.auth.getToken(),o=a.auth.getAuthenticator()||"basic",u=function(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{},n=Object.keys(r);"function"==typeof Object.getOwnPropertySymbols&&(n=n.concat(Object.getOwnPropertySymbols(r).filter(function(e){return Object.getOwnPropertyDescriptor(r,e).enumerable}))),n.forEach(function(t){var n;n=r[t],t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n})}return e}({},t||{}),n&&(u.bridge_token=n,u.bridge_authenticator=o),[4,a.request({url:S,method:e,skipNotify:!0,withCredentials:!0,data:"post"===e?u:void 0,headers:n?{Authorization:"Bearer ".concat(n),"X-Authenticator":o}:void 0})];case 1:if(null==(l=(null==(c=s.sent())||null==(r=c.data)?void 0:r.data)||(null==c?void 0:c.data))?void 0:l.redirectTo)return window.location.replace(l.redirectTo),[2];if((null==l?void 0:l.prompt)!=="login")return[3,4];if(!n)return i("/signin?redirect=".concat(encodeURIComponent(x)),{replace:!0}),[2];if("get"!==e)return[3,3];return[4,O("post")];case 2:return s.sent(),[2];case 3:return i("/signin?redirect=".concat(encodeURIComponent(x)),{replace:!0}),[2];case 4:return w(l),p(!1),[2]}})})()};(0,r.useEffect)(function(){var e=!1;return s(function(){var t;return d(this,function(r){switch(r.label){case 0:return r.trys.push([0,2,,3]),[4,O("get")];case 1:return r.sent(),[3,3];case 2:return t=r.sent(),e||(m(y(t,"Failed to load interaction")),p(!1)),[3,3];case 3:return[2]}})})(),function(){e=!0}},[S]);var E=function(){var e=arguments.length>0&&void 0!==arguments[0]&&arguments[0];return s(function(){return d(this,function(t){switch(t.label){case 0:p(!0),m(null),t.label=1;case 1:return t.trys.push([1,3,,4]),[4,O("post",e?{cancel:1}:{submit:1})];case 2:return t.sent(),[3,4];case 3:return m(y(t.sent(),"Failed to submit interaction")),p(!1),[3,4];case 4:return[2]}})})()};return l?n().createElement("div",{style:{display:"flex",justifyContent:"center",padding:48}},n().createElement(t.Spin,{size:"large"})):b?n().createElement("div",{style:{maxWidth:640,margin:"48px auto",padding:"0 24px"}},n().createElement(t.Alert,{type:"error",message:b,showIcon:!0})):(null==g?void 0:g.prompt)==="consent"?n().createElement("div",{style:{maxWidth:640,margin:"48px auto",padding:"0 24px"}},n().createElement(t.Card,null,n().createElement(t.Space,{direction:"vertical",size:"large",style:{width:"100%"}},n().createElement("div",null,n().createElement(t.Typography.Title,{level:3,style:{marginBottom:8}},"Authorize application"),n().createElement(t.Typography.Paragraph,{style:{marginBottom:0}},g.clientName||"Application"," requests access to your account.")),g.details?n().createElement(t.Alert,{type:"info",showIcon:!0,message:"Requested permissions",description:g.details}):null,n().createElement(t.Space,null,n().createElement(t.Button,{type:"primary",loading:l,onClick:function(){return E(!1)}},"Continue"),n().createElement(t.Button,{loading:l,onClick:function(){return E(!0)}},"Cancel"))))):n().createElement("div",{style:{maxWidth:640,margin:"48px auto",padding:"0 24px"}},n().createElement(t.Result,{title:"Redirecting...",subTitle:"Please wait while authorization continues."}))},b={};function m(e,t,r,n,o,a,i){try{var u=e[a](i),c=u.value}catch(e){r(e);return}u.done?t(c):Promise.resolve(c).then(n,o)}function v(e,t,r){return(v=x()?Reflect.construct:function(e,t,r){var n=[null];n.push.apply(n,t);var o=new(Function.bind.apply(e,n));return r&&w(o,r.prototype),o}).apply(null,arguments)}function g(e){return(g=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function w(e,t){return(w=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function S(e){var t="function"==typeof Map?new Map:void 0;return(S=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return v(e,arguments,g(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),w(r,e)})(e)}function x(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch(e){}return(x=function(){return!!e})()}var O=function(e){var t;if("function"!=typeof e&&null!==e)throw TypeError("Super expression must either be null or a function");function r(){var e,t;if(!(this instanceof r))throw TypeError("Cannot call a class as a function");return e=r,t=arguments,e=g(e),function(e,t){var r;if(t&&("object"==((r=t)&&"u">typeof Symbol&&r.constructor===Symbol?"symbol":typeof r)||"function"==typeof t))return t;if(void 0===e)throw ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(this,x()?Reflect.construct(e,t||[],g(this).constructor):e.apply(this,t))}return r.prototype=Object.create(e&&e.prototype,{constructor:{value:r,writable:!0,configurable:!0}}),e&&w(r,e),t=[{key:"load",value:function(){var e;return(e=function(){return function(e,t){var r,n,o,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]},i=Object.create(("function"==typeof Iterator?Iterator:Object).prototype),u=Object.defineProperty;return u(i,"next",{value:c(0)}),u(i,"throw",{value:c(1)}),u(i,"return",{value:c(2)}),"function"==typeof Symbol&&u(i,Symbol.iterator,{value:function(){return this}}),i;function c(u){return function(c){var l=[u,c];if(r)throw TypeError("Generator is already executing.");for(;i&&(i=0,l[0]&&(a=0)),a;)try{if(r=1,n&&(o=2&l[0]?n.return:l[0]?n.throw||((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,l[1])).done)return o;switch(n=0,o&&(l=[2&l[0],o.value]),l[0]){case 0:case 1:o=l;break;case 4:return a.label++,{value:l[1],done:!1};case 5:a.label++,n=l[1],l=[0];continue;case 7:l=a.ops.pop(),a.trys.pop();continue;default:if(!(o=(o=a.trys).length>0&&o[o.length-1])&&(6===l[0]||2===l[0])){a=0;continue}if(3===l[0]&&(!o||l[1]>o[0]&&l[1]<o[3])){a.label=l[1];break}if(6===l[0]&&a.label<o[1]){a.label=o[1],o=l;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(l);break}o[2]&&a.ops.pop(),a.trys.pop();continue}l=t.call(e,a)}catch(e){l=[6,e],n=0}finally{r=o=0}if(5&l[0])throw l[1];return{value:l[0]?l[1]:void 0,done:!0}}}}(this,function(e){return this.flowEngine.registerModels(b),this.router.add("idp-oauth.interaction",{path:"/idp-oauth/interaction/:appName/:uid",Component:h,skipAuthCheck:!0}),this.router.add("idp-oauth.error",{path:"/idp-oauth/error/:appName",Component:u,skipAuthCheck:!0}),[2]})},function(){var t=this,r=arguments;return new Promise(function(n,o){var a=e.apply(t,r);function i(e){m(a,n,o,i,u,"next",e)}function u(e){m(a,n,o,i,u,"throw",e)}i(void 0)})}).call(this)}}],function(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}(r.prototype,t),r}(S(e.Plugin))}(),p}()});
+!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("antd"),require("react"),require("@nocobase/client"),require("react-router-dom")):"function"==typeof define&&define.amd?define("@nocobase/plugin-idp-oauth",["antd","react","@nocobase/client","react-router-dom"],t):"object"==typeof exports?exports["@nocobase/plugin-idp-oauth"]=t(require("antd"),require("react"),require("@nocobase/client"),require("react-router-dom")):e["@nocobase/plugin-idp-oauth"]=t(e.antd,e.react,e["@nocobase/client"],e["react-router-dom"])}(self,function(e,t,r,n){return function(){"use strict";var o={342:function(e){e.exports=r},59:function(t){t.exports=e},155:function(e){e.exports=t},442:function(e){e.exports=n}},i={};function a(e){var t=i[e];if(void 0!==t)return t.exports;var r=i[e]={exports:{}};return o[e](r,r.exports,a),r.exports}a.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return a.d(t,{a:t}),t},a.d=function(e,t){for(var r in t)a.o(t,r)&&!a.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},a.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||Function("return this")()}catch(e){if("object"==typeof window)return window}}(),a.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},a.r=function(e){"u">typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.g.importScripts&&(u=a.g.location+"");var u,c=a.g.document;if(!u&&c&&(c.currentScript&&"SCRIPT"===c.currentScript.tagName.toUpperCase()&&(u=c.currentScript.src),!u)){var l=c.getElementsByTagName("script");if(l.length)for(var s=l.length-1;s>-1&&(!u||!/^http(s?):/.test(u));)u=l[s--].src}if(!u)throw Error("Automatic publicPath is not supported in this browser");a.p=u.replace(/^blob:/,"").replace(/#.*$/,"").replace(/\?.*$/,"").replace(/\/[^\/]+$/,"/");var p={};return!function(){var e="",t="u">typeof document?document.currentScript:null;if(t&&t.src&&(e=t.src.replace(/^blob:/,"").replace(/#.*$/,"").replace(/\?.*$/,"").replace(/\/[^\/]+$/,"/")),!e){var r=window.__webpack_public_path__||"";r&&("/"!==r.charAt(r.length-1)&&(r+="/"),e=r+"static/plugins/@nocobase/plugin-idp-oauth/dist/client/")}if(!e){if(!(e=window.__nocobase_public_path__||"")&&window.location&&window.location.pathname){var n=window.location.pathname||"/",o=n.indexOf("/v2/");e=o>=0?n.slice(0,o+1):"/"}e&&(e=e.replace(/\/v2\/?$/,"/")),e||(e="/"),"/"!==e.charAt(e.length-1)&&(e+="/"),e+="static/plugins/@nocobase/plugin-idp-oauth/dist/client/"}a.p=e}(),!function(){a.r(p),a.d(p,{default:function(){return O}});var e=a(342),t=a(59),r=a(155),n=a.n(r),o=a(442);function i(e,t){(null==t||t>e.length)&&(t=e.length);for(var r=0,n=Array(t);r<t;r++)n[r]=e[r];return n}var u=function(){var e,r=(function(e){if(Array.isArray(e))return e}(e=(0,o.useSearchParams)())||function(e){var t,r,n=null==e?null:"u">typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(null!=n){var o=[],i=!0,a=!1;try{for(n=n.call(e);!(i=(t=n.next()).done)&&(o.push(t.value),1!==o.length);i=!0);}catch(e){a=!0,r=e}finally{try{i||null==n.return||n.return()}finally{if(a)throw r}}return o}}(e)||function(e){if(e){if("string"==typeof e)return i(e,1);var t=Object.prototype.toString.call(e).slice(8,-1);if("Object"===t&&e.constructor&&(t=e.constructor.name),"Map"===t||"Set"===t)return Array.from(t);if("Arguments"===t||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t))return i(e,1)}}(e)||function(){throw TypeError("Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}())[0],a=r.get("error"),u=r.get("error_description"),c=r.get("iss");return n().createElement("div",{style:{maxWidth:640,margin:"48px auto",padding:"0 24px"}},n().createElement(t.Result,{status:"error",title:a||"Authentication failed",subTitle:u||void 0}),n().createElement(t.Space,{direction:"vertical",size:"middle",style:{width:"100%"}},c?n().createElement("div",null,n().createElement(t.Typography.Text,{type:"secondary"},"Issuer"),n().createElement("div",null,n().createElement(t.Typography.Text,{code:!0},c))):null))};function c(e,t){(null==t||t>e.length)&&(t=e.length);for(var r=0,n=Array(t);r<t;r++)n[r]=e[r];return n}function l(e,t,r,n,o,i,a){try{var u=e[i](a),c=u.value}catch(e){r(e);return}u.done?t(c):Promise.resolve(c).then(n,o)}function s(e){return function(){var t=this,r=arguments;return new Promise(function(n,o){var i=e.apply(t,r);function a(e){l(i,n,o,a,u,"next",e)}function u(e){l(i,n,o,a,u,"throw",e)}a(void 0)})}}function f(e,t){return function(e){if(Array.isArray(e))return e}(e)||function(e,t){var r,n,o=null==e?null:"u">typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(null!=o){var i=[],a=!0,u=!1;try{for(o=o.call(e);!(a=(r=o.next()).done)&&(i.push(r.value),!t||i.length!==t);a=!0);}catch(e){u=!0,n=e}finally{try{a||null==o.return||o.return()}finally{if(u)throw n}}return i}}(e,t)||function(e,t){if(e){if("string"==typeof e)return c(e,t);var r=Object.prototype.toString.call(e).slice(8,-1);if("Object"===r&&e.constructor&&(r=e.constructor.name),"Map"===r||"Set"===r)return Array.from(r);if("Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r))return c(e,t)}}(e,t)||function(){throw TypeError("Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function d(e,t){var r,n,o,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]},a=Object.create(("function"==typeof Iterator?Iterator:Object).prototype),u=Object.defineProperty;return u(a,"next",{value:c(0)}),u(a,"throw",{value:c(1)}),u(a,"return",{value:c(2)}),"function"==typeof Symbol&&u(a,Symbol.iterator,{value:function(){return this}}),a;function c(u){return function(c){var l=[u,c];if(r)throw TypeError("Generator is already executing.");for(;a&&(a=0,l[0]&&(i=0)),i;)try{if(r=1,n&&(o=2&l[0]?n.return:l[0]?n.throw||((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,l[1])).done)return o;switch(n=0,o&&(l=[2&l[0],o.value]),l[0]){case 0:case 1:o=l;break;case 4:return i.label++,{value:l[1],done:!1};case 5:i.label++,n=l[1],l=[0];continue;case 7:l=i.ops.pop(),i.trys.pop();continue;default:if(!(o=(o=i.trys).length>0&&o[o.length-1])&&(6===l[0]||2===l[0])){i=0;continue}if(3===l[0]&&(!o||l[1]>o[0]&&l[1]<o[3])){i.label=l[1];break}if(6===l[0]&&i.label<o[1]){i.label=o[1],o=l;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(l);break}o[2]&&i.ops.pop(),i.trys.pop();continue}l=t.call(e,i)}catch(e){l=[6,e],n=0}finally{r=o=0}if(5&l[0])throw l[1];return{value:l[0]?l[1]:void 0,done:!0}}}}function y(e,t){var r;return(null!=(r=Error)&&"u">typeof Symbol&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):e instanceof r)?e.message:t}var h=function(){var i=(0,e.useAPIClient)(),a=(0,e.useApp)(),u=(0,o.useNavigate)(),c=(0,o.useParams)(),l=f((0,r.useState)(!0),2),p=l[0],h=l[1],b=f((0,r.useState)(null),2),m=b[0],v=b[1],g=f((0,r.useState)(null),2),w=g[0],S=g[1],x=(0,r.useMemo)(function(){return c.uid?"main"===a.name?"idpOAuth/interaction/".concat(c.uid):"__app/".concat(a.name,"/idpOAuth/interaction/").concat(c.uid):null},[a.name,c.uid]),O=(0,r.useMemo)(function(){return c.uid?"/idp-oauth/interaction/".concat(c.uid):"/signin"},[c.uid]),E=(0,r.useCallback)(function(e,t){return s(function(){var r,n,o,a,c,l;return d(this,function(s){switch(s.label){case 0:if(!x)return v("Invalid interaction path"),h(!1),[2];return n=i.auth.getToken(),o=i.auth.getAuthenticator()||"basic",a=function(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{},n=Object.keys(r);"function"==typeof Object.getOwnPropertySymbols&&(n=n.concat(Object.getOwnPropertySymbols(r).filter(function(e){return Object.getOwnPropertyDescriptor(r,e).enumerable}))),n.forEach(function(t){var n;n=r[t],t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n})}return e}({},t||{}),n&&(a.bridge_token=n,a.bridge_authenticator=o),[4,i.request({url:x,method:e,skipNotify:!0,withCredentials:!0,data:"post"===e?a:void 0,headers:n?{Authorization:"Bearer ".concat(n),"X-Authenticator":o}:void 0})];case 1:if(null==(l=(null==(c=s.sent())||null==(r=c.data)?void 0:r.data)||(null==c?void 0:c.data))?void 0:l.redirectTo)return window.location.replace(l.redirectTo),[2];if((null==l?void 0:l.prompt)!=="login")return[3,4];if(!n)return u("/signin?redirect=".concat(encodeURIComponent(O)),{replace:!0}),[2];if("get"!==e)return[3,3];return[4,E("post")];case 2:return s.sent(),[2];case 3:return u("/signin?redirect=".concat(encodeURIComponent(O)),{replace:!0}),[2];case 4:return S(l),h(!1),[2]}})})()},[i,O,x,u]);(0,r.useEffect)(function(){var e=!1;return s(function(){var t;return d(this,function(r){switch(r.label){case 0:return r.trys.push([0,2,,3]),[4,E("get")];case 1:return r.sent(),[3,3];case 2:return t=r.sent(),e||(v(y(t,"Failed to load interaction")),h(!1)),[3,3];case 3:return[2]}})})(),function(){e=!0}},[E]);var j=function(){var e=arguments.length>0&&void 0!==arguments[0]&&arguments[0];return s(function(){return d(this,function(t){switch(t.label){case 0:h(!0),v(null),t.label=1;case 1:return t.trys.push([1,3,,4]),[4,E("post",e?{cancel:1}:{submit:1})];case 2:return t.sent(),[3,4];case 3:return v(y(t.sent(),"Failed to submit interaction")),h(!1),[3,4];case 4:return[2]}})})()};return p?n().createElement("div",{style:{display:"flex",justifyContent:"center",padding:48}},n().createElement(t.Spin,{size:"large"})):m?n().createElement("div",{style:{maxWidth:640,margin:"48px auto",padding:"0 24px"}},n().createElement(t.Alert,{type:"error",message:m,showIcon:!0})):(null==w?void 0:w.prompt)==="consent"?n().createElement("div",{style:{maxWidth:640,margin:"48px auto",padding:"0 24px"}},n().createElement(t.Card,null,n().createElement(t.Space,{direction:"vertical",size:"large",style:{width:"100%"}},n().createElement("div",null,n().createElement(t.Typography.Title,{level:3,style:{marginBottom:8}},"Authorize application"),n().createElement(t.Typography.Paragraph,{style:{marginBottom:0}},w.clientName||"Application"," requests access to your account.")),w.details?n().createElement(t.Alert,{type:"info",showIcon:!0,message:"Requested permissions",description:w.details}):null,n().createElement(t.Space,null,n().createElement(t.Button,{type:"primary",loading:p,onClick:function(){return j(!1)}},"Continue"),n().createElement(t.Button,{loading:p,onClick:function(){return j(!0)}},"Cancel"))))):n().createElement("div",{style:{maxWidth:640,margin:"48px auto",padding:"0 24px"}},n().createElement(t.Result,{title:"Redirecting...",subTitle:"Please wait while authorization continues."}))},b={};function m(e,t,r,n,o,i,a){try{var u=e[i](a),c=u.value}catch(e){r(e);return}u.done?t(c):Promise.resolve(c).then(n,o)}function v(e,t,r){return(v=x()?Reflect.construct:function(e,t,r){var n=[null];n.push.apply(n,t);var o=new(Function.bind.apply(e,n));return r&&w(o,r.prototype),o}).apply(null,arguments)}function g(e){return(g=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function w(e,t){return(w=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function S(e){var t="function"==typeof Map?new Map:void 0;return(S=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return v(e,arguments,g(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),w(r,e)})(e)}function x(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch(e){}return(x=function(){return!!e})()}var O=function(e){var t;if("function"!=typeof e&&null!==e)throw TypeError("Super expression must either be null or a function");function r(){var e,t;if(!(this instanceof r))throw TypeError("Cannot call a class as a function");return e=r,t=arguments,e=g(e),function(e,t){var r;if(t&&("object"==((r=t)&&"u">typeof Symbol&&r.constructor===Symbol?"symbol":typeof r)||"function"==typeof t))return t;if(void 0===e)throw ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(this,x()?Reflect.construct(e,t||[],g(this).constructor):e.apply(this,t))}return r.prototype=Object.create(e&&e.prototype,{constructor:{value:r,writable:!0,configurable:!0}}),e&&w(r,e),t=[{key:"load",value:function(){var e;return(e=function(){return function(e,t){var r,n,o,i={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]},a=Object.create(("function"==typeof Iterator?Iterator:Object).prototype),u=Object.defineProperty;return u(a,"next",{value:c(0)}),u(a,"throw",{value:c(1)}),u(a,"return",{value:c(2)}),"function"==typeof Symbol&&u(a,Symbol.iterator,{value:function(){return this}}),a;function c(u){return function(c){var l=[u,c];if(r)throw TypeError("Generator is already executing.");for(;a&&(a=0,l[0]&&(i=0)),i;)try{if(r=1,n&&(o=2&l[0]?n.return:l[0]?n.throw||((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,l[1])).done)return o;switch(n=0,o&&(l=[2&l[0],o.value]),l[0]){case 0:case 1:o=l;break;case 4:return i.label++,{value:l[1],done:!1};case 5:i.label++,n=l[1],l=[0];continue;case 7:l=i.ops.pop(),i.trys.pop();continue;default:if(!(o=(o=i.trys).length>0&&o[o.length-1])&&(6===l[0]||2===l[0])){i=0;continue}if(3===l[0]&&(!o||l[1]>o[0]&&l[1]<o[3])){i.label=l[1];break}if(6===l[0]&&i.label<o[1]){i.label=o[1],o=l;break}if(o&&i.label<o[2]){i.label=o[2],i.ops.push(l);break}o[2]&&i.ops.pop(),i.trys.pop();continue}l=t.call(e,i)}catch(e){l=[6,e],n=0}finally{r=o=0}if(5&l[0])throw l[1];return{value:l[0]?l[1]:void 0,done:!0}}}}(this,function(e){return this.flowEngine.registerModels(b),this.router.add("idp-oauth.interaction",{path:"/idp-oauth/interaction/:uid",Component:h,skipAuthCheck:!0}),this.router.add("idp-oauth.error",{path:"/idp-oauth/error",Component:u,skipAuthCheck:!0}),[2]})},function(){var t=this,r=arguments;return new Promise(function(n,o){var i=e.apply(t,r);function a(e){m(i,n,o,a,u,"next",e)}function u(e){m(i,n,o,a,u,"throw",e)}a(void 0)})}).call(this)}}],function(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}(r.prototype,t),r}(S(e.Plugin))}(),p}()});

package/dist/externalVersion.js

@@ -11,8 +11,8 @@ module.exports = {
   "antd": "5.24.2",
   "react": "18.2.0",
   "react-router-dom": "6.30.1",
-  "@nocobase/client": "2.1.0-alpha.12",
-  "@nocobase/flow-engine": "2.1.0-alpha.12",
-  "@nocobase/cache": "2.1.0-alpha.12",
-  "@nocobase/server": "2.1.0-alpha.12"
+  "@nocobase/client": "2.1.0-alpha.14",
+  "@nocobase/flow-engine": "2.1.0-alpha.14",
+  "@nocobase/cache": "2.1.0-alpha.14",
+  "@nocobase/server": "2.1.0-alpha.14"
 };

package/dist/node_modules/jose/dist/webapi/jwe/flattened/decrypt.js

@@ -134,7 +134,11 @@ export async function flattenedDecrypt(jwe, key, options) {
             (!Number.isSafeInteger(maxDecompressedLength) || maxDecompressedLength < 1)) {
             throw new TypeError('maxDecompressedLength must be 0, a positive safe integer, or Infinity');
         }
-        result.plaintext = await decompress(plaintext, maxDecompressedLength);
+        result.plaintext = await decompress(plaintext, maxDecompressedLength).catch((cause) => {
+            if (cause instanceof JWEInvalid)
+                throw cause;
+            throw new JWEInvalid('Failed to decompress plaintext', { cause });
+        });
     }
     if (jwe.protected !== undefined) {
         result.protectedHeader = parsedProt;

package/dist/node_modules/jose/dist/webapi/jwe/flattened/encrypt.js

@@ -133,7 +133,9 @@ export class FlattenedEncrypt {
         }
         let plaintext = this.#plaintext;
         if (joseHeader.zip === 'DEF') {
-            plaintext = await compress(plaintext);
+            plaintext = await compress(plaintext).catch((cause) => {
+                throw new JWEInvalid('Failed to compress plaintext', { cause });
+            });
         }
         const { ciphertext, tag, iv } = await encrypt(enc, plaintext, cek, this.#iv, additionalData);
         const jwe = {

package/dist/node_modules/jose/dist/webapi/jwks/remote.js

@@ -9,7 +9,7 @@ function isCloudflareWorkers() {
 let USER_AGENT;
 if (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {
     const NAME = 'jose';
-    const VERSION = 'v6.2.1';
+    const VERSION = 'v6.2.2';
     USER_AGENT = `${NAME}/${VERSION}`;
 }
 export const customFetch = Symbol();

package/dist/node_modules/jose/dist/webapi/lib/deflate.js

@@ -9,8 +9,8 @@ export async function compress(input) {
     supported('CompressionStream');
     const cs = new CompressionStream('deflate-raw');
     const writer = cs.writable.getWriter();
-    writer.write(input);
-    writer.close();
+    writer.write(input).catch(() => { });
+    writer.close().catch(() => { });
     const chunks = [];
     const reader = cs.readable.getReader();
     for (;;) {
@@ -25,8 +25,8 @@ export async function decompress(input, maxLength) {
     supported('DecompressionStream');
     const ds = new DecompressionStream('deflate-raw');
     const writer = ds.writable.getWriter();
-    writer.write(input);
-    writer.close();
+    writer.write(input).catch(() => { });
+    writer.close().catch(() => { });
     const chunks = [];
     let length = 0;
     const reader = ds.readable.getReader();

package/dist/node_modules/jose/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jose",
-  "version": "6.2.1",
+  "version": "6.2.2",
   "description": "JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes",
   "keywords": [
     "akp",

package/dist/node_modules/light-my-request/package.json

@@ -1 +1 @@
-{"name":"light-my-request","version":"6.6.0","description":"Fake HTTP injection library","main":"index.js","type":"commonjs","types":"types/index.d.ts","dependencies":{"cookie":"^1.0.1","process-warning":"^4.0.0","set-cookie-parser":"^2.6.0"},"devDependencies":{"@fastify/ajv-compiler":"^4.0.0","@fastify/pre-commit":"^2.1.0","@types/node":"^22.7.7","c8":"^10.1.2","end-of-stream":"^1.4.4","eslint":"^9.17.0","express":"^4.19.2","form-auto-content":"^3.2.1","form-data":"^4.0.0","formdata-node":"^6.0.3","multer":"^1.4.5-lts.1","neostandard":"^0.12.0","tinybench":"^3.0.0","tsd":"^0.31.0","undici":"^7.0.0"},"scripts":{"benchmark":"node benchmark/benchmark.js","coverage":"npm run unit -- --cov --coverage-report=html","lint":"eslint","lint:fix":"eslint --fix","test":"npm run lint && npm run test:unit && npm run test:typescript","test:typescript":"tsd","test:unit":"c8 --100 node --test"},"repository":{"type":"git","url":"git+https://github.com/fastify/light-my-request.git"},"keywords":["http","inject","fake","request","server"],"author":"Tomas Della Vedova - @delvedor (http://delved.org)","contributors":[{"name":"Matteo Collina","email":"hello@matteocollina.com"},{"name":"Manuel Spigolon","email":"behemoth89@gmail.com"},{"name":"Aras Abbasi","email":"aras.abbasi@gmail.com"},{"name":"Frazer Smith","email":"frazer.dev@icloud.com","url":"https://github.com/fdawgs"}],"license":"BSD-3-Clause","bugs":{"url":"https://github.com/fastify/light-my-request/issues"},"homepage":"https://github.com/fastify/light-my-request#readme","funding":[{"type":"github","url":"https://github.com/sponsors/fastify"},{"type":"opencollective","url":"https://opencollective.com/fastify"}],"_lastModified":"2026-03-25T14:08:05.803Z"}
+{"name":"light-my-request","version":"6.6.0","description":"Fake HTTP injection library","main":"index.js","type":"commonjs","types":"types/index.d.ts","dependencies":{"cookie":"^1.0.1","process-warning":"^4.0.0","set-cookie-parser":"^2.6.0"},"devDependencies":{"@fastify/ajv-compiler":"^4.0.0","@fastify/pre-commit":"^2.1.0","@types/node":"^22.7.7","c8":"^10.1.2","end-of-stream":"^1.4.4","eslint":"^9.17.0","express":"^4.19.2","form-auto-content":"^3.2.1","form-data":"^4.0.0","formdata-node":"^6.0.3","multer":"^1.4.5-lts.1","neostandard":"^0.12.0","tinybench":"^3.0.0","tsd":"^0.31.0","undici":"^7.0.0"},"scripts":{"benchmark":"node benchmark/benchmark.js","coverage":"npm run unit -- --cov --coverage-report=html","lint":"eslint","lint:fix":"eslint --fix","test":"npm run lint && npm run test:unit && npm run test:typescript","test:typescript":"tsd","test:unit":"c8 --100 node --test"},"repository":{"type":"git","url":"git+https://github.com/fastify/light-my-request.git"},"keywords":["http","inject","fake","request","server"],"author":"Tomas Della Vedova - @delvedor (http://delved.org)","contributors":[{"name":"Matteo Collina","email":"hello@matteocollina.com"},{"name":"Manuel Spigolon","email":"behemoth89@gmail.com"},{"name":"Aras Abbasi","email":"aras.abbasi@gmail.com"},{"name":"Frazer Smith","email":"frazer.dev@icloud.com","url":"https://github.com/fdawgs"}],"license":"BSD-3-Clause","bugs":{"url":"https://github.com/fastify/light-my-request/issues"},"homepage":"https://github.com/fastify/light-my-request#readme","funding":[{"type":"github","url":"https://github.com/sponsors/fastify"},{"type":"opencollective","url":"https://opencollective.com/fastify"}],"_lastModified":"2026-04-07T15:54:32.054Z"}

package/dist/node_modules/oidc-provider/lib/actions/code_verification.js

@@ -1,11 +1,10 @@
-import * as crypto from 'node:crypto';
-
 import sessionMiddleware from '../shared/session.js';
 import paramsMiddleware from '../shared/assemble_params.js';
 import bodyParser from '../shared/conditional_body.js';
 import rejectDupes from '../shared/reject_dupes.js';
 import instance from '../helpers/weak_cache.js';
-import { InvalidClient, InvalidRequest } from '../helpers/errors.js';
+import { InvalidClient } from '../helpers/errors.js';
+import { generateXsrf, checkXsrf } from '../shared/xsrf.js';
 import * as formHtml from '../helpers/user_code_form.js';
 import formPost from '../response_modes/form_post.js';
 import { normalize, denormalize } from '../helpers/user_codes.js';
@@ -18,13 +17,11 @@ const parseBody = bodyParser.bind(undefined, 'application/x-www-form-urlencoded'
 export const get = [
   sessionMiddleware,
   paramsMiddleware.bind(undefined, new Set(['user_code'])),
+  generateXsrf,
   async function renderCodeVerification(ctx) {
     const { charset, userCodeInputSource } = instance(ctx.oidc.provider).features.deviceFlow;
 
-    // TODO: generic xsrf middleware to remove this
-    const secret = crypto.randomBytes(24).toString('hex');
-    ctx.oidc.session.state = { secret };
-
+    const { secret } = ctx.oidc.session.state;
     const action = ctx.oidc.urlFor('code_verification');
     if (ctx.oidc.params.user_code) {
       formPost(ctx, action, {
@@ -43,15 +40,7 @@ export const post = [
   paramsMiddleware.bind(undefined, new Set(['xsrf', 'user_code', 'confirm', 'abort'])),
   rejectDupes.bind(undefined, {}),
 
-  async function codeVerificationCSRF(ctx, next) {
-    if (!ctx.oidc.session.state) {
-      throw new InvalidRequest('could not find device form details');
-    }
-    if (ctx.oidc.session.state.secret !== ctx.oidc.params.xsrf) {
-      throw new InvalidRequest('xsrf token invalid');
-    }
-    await next();
-  },
+  checkXsrf('could not find device form details'),
 
   async function loadDeviceCodeByUserInput(ctx, next) {
     const { userCodeConfirmSource, mask } = instance(ctx.oidc.provider).features.deviceFlow;

package/dist/node_modules/oidc-provider/lib/actions/end_session.js

@@ -1,5 +1,3 @@
-import * as crypto from 'node:crypto';
-
 import { InvalidClient, InvalidRequest, OIDCProviderError } from '../helpers/errors.js';
 import * as JWT from '../helpers/jwt.js';
 import redirectUri from '../helpers/redirect_uri.js';
@@ -11,6 +9,7 @@ import sessionMiddleware from '../shared/session.js';
 import revoke from '../helpers/revoke.js';
 import noCache from '../shared/no_cache.js';
 import formPost from '../response_modes/form_post.js';
+import { generateXsrf, checkXsrf } from '../shared/xsrf.js';
 
 const parseBody = bodyParser.bind(undefined, 'application/x-www-form-urlencoded');
 
@@ -70,16 +69,14 @@ export const init = [
     await next();
   },
 
+  generateXsrf,
+
   async function renderLogout(ctx) {
-    // TODO: generic xsrf middleware to remove this
-    const secret = crypto.randomBytes(24).toString('hex');
+    const { secret } = ctx.oidc.session.state;
 
-    ctx.oidc.session.state = {
-      secret,
-      clientId: ctx.oidc.client ? ctx.oidc.client.clientId : undefined,
-      state: ctx.oidc.params.state,
-      postLogoutRedirectUri: ctx.oidc.params.post_logout_redirect_uri,
-    };
+    ctx.oidc.session.state.clientId = ctx.oidc.client ? ctx.oidc.client.clientId : undefined;
+    ctx.oidc.session.state.state = ctx.oidc.params.state;
+    ctx.oidc.session.state.postLogoutRedirectUri = ctx.oidc.params.post_logout_redirect_uri;
 
     const action = ctx.oidc.urlFor('end_session_confirm');
 
@@ -105,15 +102,7 @@ export const confirm = [
   paramsMiddleware.bind(undefined, new Set(['xsrf', 'logout'])),
   rejectDupes.bind(undefined, {}),
 
-  async function checkLogoutToken(ctx, next) {
-    if (!ctx.oidc.session.state) {
-      throw new InvalidRequest('could not find logout details');
-    }
-    if (ctx.oidc.session.state.secret !== ctx.oidc.params.xsrf) {
-      throw new InvalidRequest('xsrf token invalid');
-    }
-    await next();
-  },
+  checkXsrf('could not find logout details'),
 
   async function endSession(ctx) {
     const { oidc: { session, params } } = ctx;

package/dist/node_modules/oidc-provider/lib/helpers/add_client.js

@@ -1,13 +1,14 @@
+/* eslint-disable no-param-reassign */
 import sectorValidate from './sector_validate.js';
 
-export default async function add(provider, metadata, { ctx, store = false } = {}) {
-  const client = new provider.Client(metadata, ctx); // eslint-disable-line no-use-before-define
+export default async function add(provider, metadata, { ctx, store, cimd } = {}) {
+  const client = new provider.Client(metadata, ctx, { cimd });
 
   if (client.sectorIdentifierUri !== undefined) {
     await sectorValidate(provider, client);
   }
 
-  if (store) {
+  if (!cimd && store) {
     await provider.Client.adapter.upsert(client.clientId, client.metadata());
   }
   return client;

package/dist/node_modules/oidc-provider/lib/helpers/client_id_metadata_document.js

@@ -102,7 +102,7 @@ export async function resolveClientByMetadataDocument(provider, id) {
   // Check cache
   const cached = entries.get(id);
   if (cached && cached.freshUntil > Date.now()) {
-    const client = await addClient(provider, cached.properties, { store: false });
+    const client = await addClient(provider, cached.properties, { cimd: true });
     Object.defineProperty(client, 'clientIdMetadataDocument', { value: true });
 
     if (!(await feature.allowClient(ctx, client))) {
@@ -180,7 +180,7 @@ export async function resolveClientByMetadataDocument(provider, id) {
   // Compute cache TTL
   const ttl = parseCacheDuration(response, feature.cacheDuration);
 
-  const client = await addClient(provider, properties, { store: false });
+  const client = await addClient(provider, properties, { cimd: true });
 
   Object.defineProperty(client, 'clientIdMetadataDocument', { value: true });
 

package/dist/node_modules/oidc-provider/lib/helpers/client_schema.js

@@ -211,23 +211,29 @@ export default function getSchema(provider) {
   };
 
   class Schema {
+    #cimd = false;
+
     constructor(
       metadata,
       ctx,
       processCustomMetadata = !!configuration.extraClientMetadata.properties.length,
+      cimd = false,
     ) {
-      this.#initialize(metadata);
+      this.#cimd = cimd;
 
       if (processCustomMetadata) {
+        this.#assign(metadata);
         this.processCustomMetadata(ctx);
         this.#initialize(this);
+      } else {
+        this.#initialize(metadata);
       }
 
       this.ensureStripUnrecognized();
       this.ensureStripChoices();
     }
 
-    #initialize(metadata) {
+    #assign(metadata) {
       Object.assign(
         this,
         omitBy(
@@ -240,6 +246,10 @@ export default function getSchema(provider) {
           isUndefined,
         ),
       );
+    }
+
+    #initialize(metadata) {
+      this.#assign(metadata);
 
       this.choices();
       this.required();
@@ -269,10 +279,6 @@ export default function getSchema(provider) {
 
       const responseTypes = new Set(this.response_types.map((rt) => rt.split(' ')).flat());
 
-      if (this.grant_types.some((type) => ['authorization_code', 'implicit'].includes(type)) && !this.response_types.length) {
-        this.invalidate('response_types must contain members');
-      }
-
       if (responseTypes.size && !this.redirect_uris.length) {
         const { pushedAuthorizationRequests: par } = features;
         if (
@@ -291,13 +297,19 @@ export default function getSchema(provider) {
       }
 
       if (responseTypes.has('code') && !this.grant_types.includes('authorization_code')) {
-        this.invalidate("grant_types must contain 'authorization_code' when code is amongst response_types");
+        this.grant_types.push('authorization_code');
       }
 
-      if (responseTypes.has('token') || responseTypes.has('id_token')) {
-        if (!this.grant_types.includes('implicit')) {
-          this.invalidate("grant_types must contain 'implicit' when 'id_token' or 'token' are amongst response_types");
-        }
+      if ((responseTypes.has('token') || responseTypes.has('id_token')) && !this.grant_types.includes('implicit')) {
+        this.grant_types.push('implicit');
+      }
+
+      if (this.grant_types.includes('implicit') && !responseTypes.has('id_token') && !responseTypes.has('token')) {
+        this.grant_types.splice(this.grant_types.indexOf('implicit'), 1);
+      }
+
+      if (this.grant_types.includes('authorization_code') && !responseTypes.has('code')) {
+        this.grant_types.splice(this.grant_types.indexOf('authorization_code'), 1);
       }
 
       {
@@ -552,7 +564,12 @@ export default function getSchema(provider) {
       }
 
       if (isAry && !this[prop].every((val) => only[method](val))) {
-        if (length) {
+        if (this.#cimd && length) {
+          this[prop] = this[prop].filter((val) => only[method](val));
+          if (!this[prop].length) {
+            this.invalidate(`${prop} has no values supported by this authorization server`);
+          }
+        } else if (length) {
           this.invalidate(`${prop} can only contain ${formatters.formatList([...only], { type: 'disjunction' })}`);
         } else {
           this.invalidate(`${prop} must be empty (no values are allowed)`);

package/dist/node_modules/oidc-provider/lib/helpers/fetch_body_check.js

@@ -3,19 +3,21 @@ import instance from './weak_cache.js';
 export default async function fetchBodyCheck(provider, purpose, response) {
   const limit = instance(provider).configuration.fetchResponseBodyLimits[purpose];
 
-  if (Number.isFinite(limit)) {
-    const contentLength = response.headers.get('content-length');
-    if (contentLength && parseInt(contentLength, 10) > limit) {
-      await response.body?.cancel();
-      throw new Error('response too large');
-    }
+  if (!Number.isFinite(limit)) {
+    return Buffer.from(await response.arrayBuffer());
+  }
+
+  const contentLength = response.headers.get('content-length');
+  if (contentLength && parseInt(contentLength, 10) > limit) {
+    await response.body?.cancel();
+    throw new Error('response too large');
   }
 
   const chunks = [];
   let received = 0;
   for await (const chunk of response.body) {
     received += chunk.length;
-    if (Number.isFinite(limit) && received > limit) {
+    if (received > limit) {
       await response.body?.cancel();
       throw new Error('response too large');
     }

package/dist/node_modules/oidc-provider/lib/models/client.js

@@ -322,8 +322,8 @@ export default function getClient(provider) {
 
     static #adapter;
 
-    constructor(metadata, ctx) {
-      const schema = new Client.Schema(metadata, ctx);
+    constructor(metadata, ctx, { cimd } = {}) {
+      const schema = new Client.Schema(metadata, ctx, undefined, cimd);
 
       Object.assign(this, mapKeys(schema, (value, key) => {
         if (!instance(provider).RECOGNIZED_METADATA.includes(key)) {
@@ -551,7 +551,7 @@ export default function getClient(provider) {
         let client = dynamicClients.get(propHash);
 
         if (!client) {
-          client = await addClient(provider, properties, { store: false });
+          client = await addClient(provider, properties);
           dynamicClients.set(propHash, client);
         }
 

package/dist/node_modules/oidc-provider/lib/shared/error_handler.js

@@ -1,5 +1,3 @@
-import * as crypto from 'node:crypto';
-
 import debug from 'debug';
 
 import instance from '../helpers/weak_cache.js';
@@ -7,6 +5,8 @@ import * as formHtml from '../helpers/user_code_form.js';
 import { ReRenderError } from '../helpers/re_render_errors.js';
 import errOut from '../helpers/err_out.js';
 
+import { generateXsrf } from './xsrf.js';
+
 const debugError = debug('oidc-provider:error');
 const serverError = debug('oidc-provider:server_error');
 const serverErrorTrace = debug('oidc-provider:server_error:trace');
@@ -33,8 +33,8 @@ export default function getErrorHandler(provider, eventName) {
       }
 
       if (ctx.oidc?.session && userInputRoutes.has(ctx.oidc.route)) {
-        const secret = crypto.randomBytes(24).toString('hex');
-        ctx.oidc.session.state = { secret };
+        generateXsrf(ctx, () => {});
+        const { secret } = ctx.oidc.session.state;
 
         await userCodeInputSource(ctx, formHtml.input(ctx.oidc.urlFor('code_verification'), secret, err.userCode, charset), out, err);
         if (err instanceof ReRenderError) { // render without emit

package/dist/node_modules/oidc-provider/lib/shared/xsrf.js

@@ -0,0 +1,22 @@
+import * as crypto from 'node:crypto';
+
+import { InvalidRequest } from '../helpers/errors.js';
+import constantEquals from '../helpers/constant_equals.js';
+
+export function generateXsrf(ctx, next) {
+  const secret = crypto.randomBytes(24).toString('hex');
+  ctx.oidc.session.state = { secret };
+  return next();
+}
+
+export function checkXsrf(missingMessage) {
+  return async function verifyXsrf(ctx, next) {
+    if (!ctx.oidc.session.state) {
+      throw new InvalidRequest(missingMessage);
+    }
+    if (!constantEquals(ctx.oidc.session.state.secret, ctx.oidc.params.xsrf || '')) {
+      throw new InvalidRequest('xsrf token invalid');
+    }
+    await next();
+  };
+}

package/dist/node_modules/oidc-provider/node_modules/path-to-regexp/Readme.md

@@ -153,7 +153,7 @@ The `parse` function accepts a string and returns `TokenData`, which can be used
 
 `TokenData` has two properties:
 
-- **tokens** A sequence of tokens, currently of types `text`, `parameter`, `wildcard`, or `group`.
+- **tokens** A sequence of tokens, currently of types `text`, `param`, `wildcard`, or `group`.
 - **originalPath** The original path used with `parse`, shown in error messages to assist debugging.
 
 ### Custom path
@@ -165,13 +165,13 @@ import { match } from "path-to-regexp";
 
 const tokens = [
   { type: "text", value: "/" },
-  { type: "parameter", name: "foo" },
+  { type: "param", name: "foo" },
 ];
 const originalPath = "/[foo]"; // To help debug error messages.
 const path = { tokens, originalPath };
 const fn = match(path);
 
-fn("/test"); //=> { path: '/test', index: 0, params: { foo: 'test' } }
+fn("/test"); //=> { path: '/test', params: { foo: 'test' } }
 ```
 
 ## Errors

package/dist/node_modules/oidc-provider/node_modules/path-to-regexp/dist/index.d.ts

@@ -134,6 +134,9 @@ export type Path = string | TokenData;
  * Transform a path into a match function.
  */
 export declare function match<P extends ParamData>(path: Path | Path[], options?: MatchOptions & ParseOptions): MatchFunction<P>;
+/**
+ * Transform a path into a regular expression and capture keys.
+ */
 export declare function pathToRegexp(path: Path | Path[], options?: PathToRegexpOptions & ParseOptions): {
     regexp: RegExp;
     keys: Keys;