oidc-spa 4.13.0 → 4.13.2

package/OidcInitializationError.js

@@ -1,58 +1,75 @@
 "use strict";
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OidcInitializationError = void 0;
-const tsafe_1 = require("./vendor/frontend/tsafe");
-class OidcInitializationError extends Error {
-    constructor(params) {
-        super((() => {
+var tsafe_1 = require("./vendor/frontend/tsafe");
+var OidcInitializationError = /** @class */ (function (_super) {
+    __extends(OidcInitializationError, _super);
+    function OidcInitializationError(params) {
+        var _newTarget = this.constructor;
+        var _this = _super.call(this, (function () {
             var _a;
             switch (params.type) {
                 case "server down":
                     return [
-                        `The OIDC server seems to be down.`,
-                        `If you know it's not the case it means that the issuerUri: ${params.issuerUri} is incorrect.`,
-                        `If you are using Keycloak makes sure that the realm exists and that the url is well formed.\n`,
-                        `More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak`
+                        "The OIDC server seems to be down.",
+                        "If you know it's not the case it means that the issuerUri: ".concat(params.issuerUri, " is incorrect."),
+                        "If you are using Keycloak makes sure that the realm exists and that the url is well formed.\n",
+                        "More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak"
                     ].join(" ");
                 case "bad configuration":
                     switch (params.likelyCause.type) {
                         case "misconfigured OIDC client":
                             return [
-                                `The OIDC client ${params.likelyCause.clientId} seems to be misconfigured on your OIDC server.`,
-                                `If you are using Keycloak you likely need to add "${(_a = params.likelyCause.publicUrl) !== null && _a !== void 0 ? _a : window.location.origin}/*" to the list of Valid Redirect URIs`,
-                                `in the ${params.likelyCause.clientId} client configuration.\n`,
-                                `More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak`,
-                                `Silent SSO timed out after ${params.likelyCause.timeoutDelayMs}ms.`
+                                "The OIDC client ".concat(params.likelyCause.clientId, " seems to be misconfigured on your OIDC server."),
+                                "If you are using Keycloak you likely need to add \"".concat((_a = params.likelyCause.publicUrl) !== null && _a !== void 0 ? _a : window.location.origin, "/*\" to the list of Valid Redirect URIs"),
+                                "in the ".concat(params.likelyCause.clientId, " client configuration.\n"),
+                                "More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak",
+                                "Silent SSO timed out after ".concat(params.likelyCause.timeoutDelayMs, "ms.")
                             ].join(" ");
                         case "not in Web Origins":
                             return [
-                                `It seems that there is a CORS issue.`,
-                                `If you are using Keycloak check the "Web Origins" option in your ${params.likelyCause.clientId} client configuration.`,
-                                `You should probably add "${location.origin}/*" to the list.`,
-                                `More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak`
+                                "It seems that there is a CORS issue.",
+                                "If you are using Keycloak check the \"Web Origins\" option in your ".concat(params.likelyCause.clientId, " client configuration."),
+                                "You should probably add \"".concat(location.origin, "/*\" to the list."),
+                                "More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak"
                             ].join(" ");
                         case "silent-sso.html not reachable":
                             return [
-                                `${params.likelyCause.silentSsoHtmlUrl} is not reachable. Make sure you've created the silent-sso.html file`,
-                                `in your public directory. More info: https://docs.oidc-spa.dev/documentation/installation`
+                                "".concat(params.likelyCause.silentSsoHtmlUrl, " is not reachable. Make sure you've created the silent-sso.html file"),
+                                "in your public directory. More info: https://docs.oidc-spa.dev/documentation/installation"
                             ].join(" ");
                         case "frame-ancestors none":
                             return [
                                 params.likelyCause.silentSso.hasDedicatedHtmlFile
-                                    ? `The silent-sso.html file, `
-                                    : `The URI used for Silent SSO, `,
-                                `${params.likelyCause.silentSso.redirectUri}, `,
+                                    ? "The silent-sso.html file, "
+                                    : "The URI used for Silent SSO, ",
+                                "".concat(params.likelyCause.silentSso.redirectUri, ", "),
                                 "is served by your web server with the HTTP header `Content-Security-Policy: frame-ancestors none` in the response.\n",
                                 "This header prevents the silent sign-in process from working.\n",
                                 "To fix this issue, you should configure your web server to not send this header or to use `frame-ancestors self` instead of `frame-ancestors none`.\n",
                                 "If you use Nginx, you can replace:\n",
-                                `add_header Content-Security-Policy "frame-ancestors 'none'";\n`,
+                                "add_header Content-Security-Policy \"frame-ancestors 'none'\";\n",
                                 "with:\n",
-                                `map $uri $add_content_security_policy {\n`,
-                                `   "~*silent-sso\.html$" "frame-ancestors 'self'";\n`,
-                                `   default "frame-ancestors 'none'";\n`,
-                                `}\n`,
-                                `add_header Content-Security-Policy $add_content_security_policy;\n`
+                                "map $uri $add_content_security_policy {\n",
+                                "   \"~*silent-sso.html$\" \"frame-ancestors 'self'\";\n",
+                                "   default \"frame-ancestors 'none'\";\n",
+                                "}\n",
+                                "add_header Content-Security-Policy $add_content_security_policy;\n"
                             ].join(" ");
                     }
                 case "unknown":
@@ -61,10 +78,12 @@ class OidcInitializationError extends Error {
             (0, tsafe_1.assert)(false);
         })(), 
         // @ts-expect-error
-        { "cause": params.type === "unknown" ? params.cause : undefined });
-        this.type = params.type;
-        Object.setPrototypeOf(this, new.target.prototype);
+        { "cause": params.type === "unknown" ? params.cause : undefined }) || this;
+        _this.type = params.type;
+        Object.setPrototypeOf(_this, _newTarget.prototype);
+        return _this;
     }
-}
+    return OidcInitializationError;
+}(Error));
 exports.OidcInitializationError = OidcInitializationError;
 //# sourceMappingURL=OidcInitializationError.js.map

package/OidcInitializationError.js.map

@@ -1 +1 @@
-{"version":3,"file":"OidcInitializationError.js","sourceRoot":"","sources":["src/OidcInitializationError.ts"],"names":[],"mappings":";;;AAAA,mDAA8D;AAE9D,MAAa,uBAAwB,SAAQ,KAAK;IAG9C,YACI,MAkCO;QAEP,KAAK,CACD,CAAC,GAAG,EAAE;;YACF,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;gBAClB,KAAK,aAAa;oBACd,OAAO;wBACH,mCAAmC;wBACnC,8DAA8D,MAAM,CAAC,SAAS,gBAAgB;wBAC9F,+FAA+F;wBAC/F,oEAAoE;qBACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAChB,KAAK,mBAAmB;oBACpB,QAAQ,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;wBAC9B,KAAK,2BAA2B;4BAC5B,OAAO;gCACH,mBAAmB,MAAM,CAAC,WAAW,CAAC,QAAQ,iDAAiD;gCAC/F,qDACI,MAAA,MAAM,CAAC,WAAW,CAAC,SAAS,mCAAI,MAAM,CAAC,QAAQ,CAAC,MACpD,wCAAwC;gCACxC,UAAU,MAAM,CAAC,WAAW,CAAC,QAAQ,0BAA0B;gCAC/D,oEAAoE;gCACpE,8BAA8B,MAAM,CAAC,WAAW,CAAC,cAAc,KAAK;6BACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBAChB,KAAK,oBAAoB;4BACrB,OAAO;gCACH,sCAAsC;gCACtC,oEAAoE,MAAM,CAAC,WAAW,CAAC,QAAQ,wBAAwB;gCACvH,4BAA4B,QAAQ,CAAC,MAAM,kBAAkB;gCAC7D,oEAAoE;6BACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBAChB,KAAK,+BAA+B;4BAChC,OAAO;gCACH,GAAG,MAAM,CAAC,WAAW,CAAC,gBAAgB,sEAAsE;gCAC5G,2FAA2F;6BAC9F,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBAChB,KAAK,sBAAsB;4BACvB,OAAO;gCACH,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,oBAAoB;oCAC7C,CAAC,CAAC,4BAA4B;oCAC9B,CAAC,CAAC,+BAA+B;gCACrC,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,IAAI;gCAC/C,sHAAsH;gCACtH,iEAAiE;gCACjE,uJAAuJ;gCACvJ,sCAAsC;gCACtC,gEAAgE;gCAChE,SAAS;gCACT,2CAA2C;gCAC3C,sDAAsD;gCACtD,wCAAwC;gCACxC,KAAK;gCACL,oEAAoE;6BACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACpB,CAAC;gBACL,KAAK,SAAS;oBACV,OAAO,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;YACpC,CAAC;YACD,IAAA,cAAM,EAA+B,KAAK,CAAC,CAAC;QAChD,CAAC,CAAC,EAAE;QACJ,mBAAmB;QACnB,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,EAAE,CACpE,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACtD,CAAC;CACJ;AAxGD,0DAwGC"}
+{"version":3,"file":"OidcInitializationError.js","sourceRoot":"","sources":["src/OidcInitializationError.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,iDAA8D;AAE9D;IAA6C,2CAAK;IAG9C,iCACI,MAkCO;;QAEP,YAAA,MAAK,YACD,CAAC;;YACG,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;gBAClB,KAAK,aAAa;oBACd,OAAO;wBACH,mCAAmC;wBACnC,qEAA8D,MAAM,CAAC,SAAS,mBAAgB;wBAC9F,+FAA+F;wBAC/F,oEAAoE;qBACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAChB,KAAK,mBAAmB;oBACpB,QAAQ,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;wBAC9B,KAAK,2BAA2B;4BAC5B,OAAO;gCACH,0BAAmB,MAAM,CAAC,WAAW,CAAC,QAAQ,oDAAiD;gCAC/F,6DACI,MAAA,MAAM,CAAC,WAAW,CAAC,SAAS,mCAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,4CAClB;gCACxC,iBAAU,MAAM,CAAC,WAAW,CAAC,QAAQ,6BAA0B;gCAC/D,oEAAoE;gCACpE,qCAA8B,MAAM,CAAC,WAAW,CAAC,cAAc,QAAK;6BACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBAChB,KAAK,oBAAoB;4BACrB,OAAO;gCACH,sCAAsC;gCACtC,6EAAoE,MAAM,CAAC,WAAW,CAAC,QAAQ,2BAAwB;gCACvH,oCAA4B,QAAQ,CAAC,MAAM,sBAAkB;gCAC7D,oEAAoE;6BACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBAChB,KAAK,+BAA+B;4BAChC,OAAO;gCACH,UAAG,MAAM,CAAC,WAAW,CAAC,gBAAgB,yEAAsE;gCAC5G,2FAA2F;6BAC9F,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBAChB,KAAK,sBAAsB;4BACvB,OAAO;gCACH,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,oBAAoB;oCAC7C,CAAC,CAAC,4BAA4B;oCAC9B,CAAC,CAAC,+BAA+B;gCACrC,UAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,OAAI;gCAC/C,sHAAsH;gCACtH,iEAAiE;gCACjE,uJAAuJ;gCACvJ,sCAAsC;gCACtC,kEAAgE;gCAChE,SAAS;gCACT,2CAA2C;gCAC3C,yDAAsD;gCACtD,0CAAwC;gCACxC,KAAK;gCACL,oEAAoE;6BACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACpB,CAAC;gBACL,KAAK,SAAS;oBACV,OAAO,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;YACpC,CAAC;YACD,IAAA,cAAM,EAA+B,KAAK,CAAC,CAAC;QAChD,CAAC,CAAC,EAAE;QACJ,mBAAmB;QACnB,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,EAAE,CACpE,SAAC;QACF,KAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,MAAM,CAAC,cAAc,CAAC,KAAI,EAAE,WAAW,SAAS,CAAC,CAAC;;IACtD,CAAC;IACL,8BAAC;AAAD,CAAC,AAxGD,CAA6C,KAAK,GAwGjD;AAxGY,0DAAuB"}

package/backend.d.ts

@@ -1,7 +1,3 @@
-export type KeycloakParams = {
-    url: string;
-    realm: string;
-};
 export type ParamsOfCreateOidcBackend<DecodedAccessToken extends Record<string, unknown>> = {
     issuerUri: string;
     decodedAccessTokenSchema?: {

package/backend.js

@@ -22,120 +22,204 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createOidcBackend = createOidcBackend;
-const node_fetch_1 = require("./vendor/backend/node-fetch");
-const tsafe_1 = require("./vendor/backend/tsafe");
-const jwt = __importStar(require("./vendor/backend/jsonwebtoken"));
-const zod_1 = require("./vendor/backend/zod");
-const evt_1 = require("./vendor/backend/evt");
-const evt_2 = require("./vendor/backend/evt");
-async function createOidcBackend(params) {
-    const { issuerUri, decodedAccessTokenSchema = zod_1.z.record(zod_1.z.unknown()) } = params;
-    let { publicKey, signingAlgorithm } = await fetchPublicKeyAndSigningAlgorithm({ issuerUri });
-    const evtInvalidSignature = evt_1.Evt.create();
-    evtInvalidSignature.pipe((0, evt_2.throttleTime)(3600000)).attach(async () => {
-        const wrap = await (async function callee(count) {
-            let wrap;
-            try {
-                wrap = await fetchPublicKeyAndSigningAlgorithm({ issuerUri });
-            }
-            catch (error) {
-                if (count === 9) {
-                    console.warn(`Failed to refresh public key and signing algorithm after ${count + 1} attempts`);
-                    return undefined;
-                }
-                const delayMs = 1000 * Math.pow(2, count);
-                console.warn(`Failed to refresh public key and signing algorithm: ${String(error)}, retrying in ${delayMs}ms`);
-                await new Promise(resolve => setTimeout(resolve, delayMs));
-                return callee(count + 1);
+var node_fetch_1 = require("./vendor/backend/node-fetch");
+var tsafe_1 = require("./vendor/backend/tsafe");
+var jwt = __importStar(require("./vendor/backend/jsonwebtoken"));
+var zod_1 = require("./vendor/backend/zod");
+var evt_1 = require("./vendor/backend/evt");
+var evt_2 = require("./vendor/backend/evt");
+function createOidcBackend(params) {
+    return __awaiter(this, void 0, void 0, function () {
+        var issuerUri, _a, decodedAccessTokenSchema, _b, publicKey, signingAlgorithm, evtInvalidSignature;
+        var _this = this;
+        return __generator(this, function (_c) {
+            switch (_c.label) {
+                case 0:
+                    issuerUri = params.issuerUri, _a = params.decodedAccessTokenSchema, decodedAccessTokenSchema = _a === void 0 ? zod_1.z.record(zod_1.z.unknown()) : _a;
+                    return [4 /*yield*/, fetchPublicKeyAndSigningAlgorithm({ issuerUri: issuerUri })];
+                case 1:
+                    _b = _c.sent(), publicKey = _b.publicKey, signingAlgorithm = _b.signingAlgorithm;
+                    evtInvalidSignature = evt_1.Evt.create();
+                    evtInvalidSignature.pipe((0, evt_2.throttleTime)(3600000)).attach(function () { return __awaiter(_this, void 0, void 0, function () {
+                        var wrap;
+                        return __generator(this, function (_a) {
+                            switch (_a.label) {
+                                case 0: return [4 /*yield*/, (function callee(count) {
+                                        return __awaiter(this, void 0, void 0, function () {
+                                            var wrap, error_1, delayMs_1;
+                                            return __generator(this, function (_a) {
+                                                switch (_a.label) {
+                                                    case 0:
+                                                        _a.trys.push([0, 2, , 4]);
+                                                        return [4 /*yield*/, fetchPublicKeyAndSigningAlgorithm({ issuerUri: issuerUri })];
+                                                    case 1:
+                                                        wrap = _a.sent();
+                                                        return [3 /*break*/, 4];
+                                                    case 2:
+                                                        error_1 = _a.sent();
+                                                        if (count === 9) {
+                                                            console.warn("Failed to refresh public key and signing algorithm after ".concat(count + 1, " attempts"));
+                                                            return [2 /*return*/, undefined];
+                                                        }
+                                                        delayMs_1 = 1000 * Math.pow(2, count);
+                                                        console.warn("Failed to refresh public key and signing algorithm: ".concat(String(error_1), ", retrying in ").concat(delayMs_1, "ms"));
+                                                        return [4 /*yield*/, new Promise(function (resolve) { return setTimeout(resolve, delayMs_1); })];
+                                                    case 3:
+                                                        _a.sent();
+                                                        return [2 /*return*/, callee(count + 1)];
+                                                    case 4: return [2 /*return*/, wrap];
+                                                }
+                                            });
+                                        });
+                                    })(0)];
+                                case 1:
+                                    wrap = _a.sent();
+                                    if (wrap === undefined) {
+                                        return [2 /*return*/];
+                                    }
+                                    publicKey = wrap.publicKey;
+                                    signingAlgorithm = wrap.signingAlgorithm;
+                                    return [2 /*return*/];
+                            }
+                        });
+                    }); });
+                    return [2 /*return*/, {
+                            "verifyAndDecodeAccessToken": function (_a) {
+                                var accessToken = _a.accessToken;
+                                var result = (0, tsafe_1.id)(undefined);
+                                jwt.verify(accessToken, publicKey, { algorithms: [signingAlgorithm] }, function (err, decoded) {
+                                    invalid: {
+                                        if (!err) {
+                                            break invalid;
+                                        }
+                                        if (err.name === "TokenExpiredError") {
+                                            result = (0, tsafe_1.id)({
+                                                "isValid": false,
+                                                "errorCase": "expired",
+                                                "errorMessage": err.message
+                                            });
+                                            return;
+                                        }
+                                        evtInvalidSignature.post();
+                                        result = (0, tsafe_1.id)({
+                                            "isValid": false,
+                                            "errorCase": "invalid signature",
+                                            "errorMessage": err.message
+                                        });
+                                        return;
+                                    }
+                                    var decodedAccessToken;
+                                    try {
+                                        decodedAccessToken = decodedAccessTokenSchema.parse(decoded);
+                                    }
+                                    catch (error) {
+                                        result = (0, tsafe_1.id)({
+                                            "isValid": false,
+                                            "errorCase": "does not respect schema",
+                                            "errorMessage": String(error)
+                                        });
+                                        return;
+                                    }
+                                    result = (0, tsafe_1.id)({
+                                        "isValid": true,
+                                        "decodedAccessToken": decodedAccessToken
+                                    });
+                                });
+                                (0, tsafe_1.assert)(result !== undefined);
+                                return result;
+                            }
+                        }];
             }
-            return wrap;
-        })(0);
-        if (wrap === undefined) {
-            return;
-        }
-        publicKey = wrap.publicKey;
-        signingAlgorithm = wrap.signingAlgorithm;
+        });
     });
-    return {
-        "verifyAndDecodeAccessToken": ({ accessToken }) => {
-            let result = (0, tsafe_1.id)(undefined);
-            jwt.verify(accessToken, publicKey, { algorithms: [signingAlgorithm] }, (err, decoded) => {
-                invalid: {
-                    if (!err) {
-                        break invalid;
-                    }
-                    if (err.name === "TokenExpiredError") {
-                        result = (0, tsafe_1.id)({
-                            "isValid": false,
-                            "errorCase": "expired",
-                            "errorMessage": err.message
-                        });
-                        return;
+}
+function fetchPublicKeyAndSigningAlgorithm(params) {
+    return __awaiter(this, void 0, void 0, function () {
+        var issuerUri, certUri, response, data, error_2, keys, signatureKey, signingAlgorithm, publicKey;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    issuerUri = params.issuerUri;
+                    certUri = "".concat(issuerUri.replace(/\/$/, ""), "/protocol/openid-connect/certs");
+                    return [4 /*yield*/, (0, node_fetch_1.fetch)(certUri)];
+                case 1:
+                    response = _a.sent();
+                    if (!response.ok) {
+                        throw new Error("Failed to fetch public key and algorithm from ".concat(certUri, ": ").concat(response.statusText));
                     }
-                    evtInvalidSignature.post();
-                    result = (0, tsafe_1.id)({
-                        "isValid": false,
-                        "errorCase": "invalid signature",
-                        "errorMessage": err.message
-                    });
-                    return;
-                }
-                let decodedAccessToken;
-                try {
-                    decodedAccessToken = decodedAccessTokenSchema.parse(decoded);
-                }
-                catch (error) {
-                    result = (0, tsafe_1.id)({
-                        "isValid": false,
-                        "errorCase": "does not respect schema",
-                        "errorMessage": String(error)
+                    _a.label = 2;
+                case 2:
+                    _a.trys.push([2, 4, , 5]);
+                    return [4 /*yield*/, response.json()];
+                case 3:
+                    data = _a.sent();
+                    return [3 /*break*/, 5];
+                case 4:
+                    error_2 = _a.sent();
+                    throw new Error("Failed to parse json from ".concat(certUri, ": ").concat(String(error_2)));
+                case 5:
+                    keys = zod_1.z
+                        .object({
+                        "keys": zod_1.z.array(zod_1.z.object({
+                            "use": zod_1.z.string(),
+                            "alg": zod_1.z.string(),
+                            "x5c": zod_1.z.tuple([zod_1.z.string()])
+                        }))
+                    })
+                        .parse(data).keys;
+                    signatureKey = keys.find(function (_a) {
+                        var use = _a.use;
+                        return use === "sig";
                     });
-                    return;
-                }
-                result = (0, tsafe_1.id)({
-                    "isValid": true,
-                    "decodedAccessToken": decodedAccessToken
-                });
-            });
-            (0, tsafe_1.assert)(result !== undefined);
-            return result;
-        }
-    };
-}
-async function fetchPublicKeyAndSigningAlgorithm(params) {
-    const { issuerUri } = params;
-    const certUri = `${issuerUri.replace(/\/$/, "")}/protocol/openid-connect/certs`;
-    const response = await (0, node_fetch_1.fetch)(certUri);
-    if (!response.ok) {
-        throw new Error(`Failed to fetch public key and algorithm from ${certUri}: ${response.statusText}`);
-    }
-    let data;
-    try {
-        data = await response.json();
-    }
-    catch (error) {
-        throw new Error(`Failed to parse json from ${certUri}: ${String(error)}`);
-    }
-    const { keys } = zod_1.z
-        .object({
-        "keys": zod_1.z.array(zod_1.z.object({
-            "use": zod_1.z.string(),
-            "alg": zod_1.z.string(),
-            "x5c": zod_1.z.tuple([zod_1.z.string()])
-        }))
-    })
-        .parse(data);
-    const signatureKey = keys.find(({ use }) => use === "sig");
-    (0, tsafe_1.assert)(signatureKey !== undefined, "No signature key found");
-    const signingAlgorithm = signatureKey["alg"];
-    (0, tsafe_1.assert)((0, tsafe_1.isAmong)(["RS256", "RS384", "RS512"], signingAlgorithm), `Unsupported algorithm ${signingAlgorithm}`);
-    const publicKey = [
-        "-----BEGIN CERTIFICATE-----",
-        signatureKey.x5c[0],
-        "-----END CERTIFICATE-----"
-    ].join("\n");
-    return { publicKey, signingAlgorithm };
+                    (0, tsafe_1.assert)(signatureKey !== undefined, "No signature key found");
+                    signingAlgorithm = signatureKey["alg"];
+                    (0, tsafe_1.assert)((0, tsafe_1.isAmong)(["RS256", "RS384", "RS512"], signingAlgorithm), "Unsupported algorithm ".concat(signingAlgorithm));
+                    publicKey = [
+                        "-----BEGIN CERTIFICATE-----",
+                        signatureKey.x5c[0],
+                        "-----END CERTIFICATE-----"
+                    ].join("\n");
+                    return [2 /*return*/, { publicKey: publicKey, signingAlgorithm: signingAlgorithm }];
+            }
+        });
+    });
 }
 //# sourceMappingURL=backend.js.map

package/backend.js.map

@@ -1 +1 @@
-{"version":3,"file":"backend.js","sourceRoot":"","sources":["src/backend.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,8CAyGC;AAtJD,4DAAoD;AACpD,kDAA6D;AAC7D,mEAAqD;AACrD,8CAAyC;AACzC,8CAA2C;AAC3C,8CAAoD;AAwC7C,KAAK,UAAU,iBAAiB,CACnC,MAAqD;IAErD,MAAM,EAAE,SAAS,EAAE,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC;IAE/E,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,GAAG,MAAM,iCAAiC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IAE7F,MAAM,mBAAmB,GAAG,SAAG,CAAC,MAAM,EAAQ,CAAC;IAE/C,mBAAmB,CAAC,IAAI,CAAC,IAAA,kBAAY,EAAC,OAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;QAC/D,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,UAAU,MAAM,CACrC,KAAa;YAEb,IAAI,IAAI,CAAC;YAET,IAAI,CAAC;gBACD,IAAI,GAAG,MAAM,iCAAiC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;YAClE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;oBACd,OAAO,CAAC,IAAI,CACR,4DAA4D,KAAK,GAAG,CAAC,WAAW,CACnF,CAAC;oBAEF,OAAO,SAAS,CAAC;gBACrB,CAAC;gBAED,MAAM,OAAO,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;gBAE1C,OAAO,CAAC,IAAI,CACR,uDAAuD,MAAM,CACzD,KAAK,CACR,iBAAiB,OAAO,IAAI,CAChC,CAAC;gBAEF,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;gBAE3D,OAAO,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YAC7B,CAAC;YAED,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEN,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACrB,OAAO;QACX,CAAC;QAED,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAC3B,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,OAAO;QACH,4BAA4B,EAAE,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE;YAC9C,IAAI,MAAM,GAAG,IAAA,UAAE,EAA4D,SAAS,CAAC,CAAC;YAEtF,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,UAAU,EAAE,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;gBACpF,OAAO,EAAE,CAAC;oBACN,IAAI,CAAC,GAAG,EAAE,CAAC;wBACP,MAAM,OAAO,CAAC;oBAClB,CAAC;oBAED,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;wBACnC,MAAM,GAAG,IAAA,UAAE,EAAoC;4BAC3C,SAAS,EAAE,KAAK;4BAChB,WAAW,EAAE,SAAS;4BACtB,cAAc,EAAE,GAAG,CAAC,OAAO;yBAC9B,CAAC,CAAC;wBACH,OAAO;oBACX,CAAC;oBAED,mBAAmB,CAAC,IAAI,EAAE,CAAC;oBAE3B,MAAM,GAAG,IAAA,UAAE,EAAoC;wBAC3C,SAAS,EAAE,KAAK;wBAChB,WAAW,EAAE,mBAAmB;wBAChC,cAAc,EAAE,GAAG,CAAC,OAAO;qBAC9B,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,IAAI,kBAAsC,CAAC;gBAE3C,IAAI,CAAC;oBACD,kBAAkB,GAAG,wBAAwB,CAAC,KAAK,CAAC,OAAO,CAAuB,CAAC;gBACvF,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACb,MAAM,GAAG,IAAA,UAAE,EAAoC;wBAC3C,SAAS,EAAE,KAAK;wBAChB,WAAW,EAAE,yBAAyB;wBACtC,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC;qBAChC,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,MAAM,GAAG,IAAA,UAAE,EAAsD;oBAC7D,SAAS,EAAE,IAAI;oBACf,oBAAoB,EAAE,kBAAkB;iBAC3C,CAAC,CAAC;YACP,CAAC,CAAC,CAAC;YAEH,IAAA,cAAM,EAAC,MAAM,KAAK,SAAS,CAAC,CAAC;YAE7B,OAAO,MAAM,CAAC;QAClB,CAAC;KACJ,CAAC;AACN,CAAC;AAED,KAAK,UAAU,iCAAiC,CAAC,MAA6B;IAC1E,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,MAAM,OAAO,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,gCAAgC,CAAC;IAEhF,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAK,EAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACX,iDAAiD,OAAO,KAAK,QAAQ,CAAC,UAAU,EAAE,CACrF,CAAC;IACN,CAAC;IAED,IAAI,IAAI,CAAC;IAET,IAAI,CAAC;QACD,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,OAAC;SACb,MAAM,CAAC;QACJ,MAAM,EAAE,OAAC,CAAC,KAAK,CACX,OAAC,CAAC,MAAM,CAAC;YACL,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;YACjB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;YACjB,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;SAC/B,CAAC,CACL;KACJ,CAAC;SACD,KAAK,CAAC,IAAI,CAAC,CAAC;IAEjB,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,KAAK,KAAK,CAAC,CAAC;IAE3D,IAAA,cAAM,EAAC,YAAY,KAAK,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAE7D,MAAM,gBAAgB,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAE7C,IAAA,cAAM,EACF,IAAA,eAAO,EAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,gBAAgB,CAAC,EACtD,yBAAyB,gBAAgB,EAAE,CAC9C,CAAC;IAEF,MAAM,SAAS,GAAG;QACd,6BAA6B;QAC7B,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;QACnB,2BAA2B;KAC9B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC;AAC3C,CAAC"}
+{"version":3,"file":"backend.js","sourceRoot":"","sources":["src/backend.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCA,8CAyGC;AAjJD,0DAAoD;AACpD,gDAA6D;AAC7D,iEAAqD;AACrD,4CAAyC;AACzC,4CAA2C;AAC3C,4CAAoD;AAmCpD,SAAsB,iBAAiB,CACnC,MAAqD;;;;;;;oBAE7C,SAAS,GAAuD,MAAM,UAA7D,EAAE,KAAqD,MAAM,yBAAX,EAAhD,wBAAwB,mBAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,KAAA,CAAY;oBAEzC,qBAAM,iCAAiC,CAAC,EAAE,SAAS,WAAA,EAAE,CAAC,EAAA;;oBAAxF,KAAkC,SAAsD,EAAtF,SAAS,eAAA,EAAE,gBAAgB,sBAAA;oBAE3B,mBAAmB,GAAG,SAAG,CAAC,MAAM,EAAQ,CAAC;oBAE/C,mBAAmB,CAAC,IAAI,CAAC,IAAA,kBAAY,EAAC,OAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;;;;wCACvC,qBAAM,CAAC,SAAe,MAAM,CACrC,KAAa;;;;;;;wDAKF,qBAAM,iCAAiC,CAAC,EAAE,SAAS,WAAA,EAAE,CAAC,EAAA;;wDAA7D,IAAI,GAAG,SAAsD,CAAC;;;;wDAE9D,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;4DACd,OAAO,CAAC,IAAI,CACR,mEAA4D,KAAK,GAAG,CAAC,cAAW,CACnF,CAAC;4DAEF,sBAAO,SAAS,EAAC;wDACrB,CAAC;wDAEK,YAAU,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;wDAE1C,OAAO,CAAC,IAAI,CACR,8DAAuD,MAAM,CACzD,OAAK,CACR,2BAAiB,SAAO,OAAI,CAChC,CAAC;wDAEF,qBAAM,IAAI,OAAO,CAAC,UAAA,OAAO,IAAI,OAAA,UAAU,CAAC,OAAO,EAAE,SAAO,CAAC,EAA5B,CAA4B,CAAC,EAAA;;wDAA1D,SAA0D,CAAC;wDAE3D,sBAAO,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,EAAC;4DAG7B,sBAAO,IAAI,EAAC;;;;qCACf,CAAC,CAAC,CAAC,CAAC,EAAA;;oCA9BC,IAAI,GAAG,SA8BR;oCAEL,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;wCACrB,sBAAO;oCACX,CAAC;oCAED,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;oCAC3B,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;;;;yBAC5C,CAAC,CAAC;oBAEH,sBAAO;4BACH,4BAA4B,EAAE,UAAC,EAAe;oCAAb,WAAW,iBAAA;gCACxC,IAAI,MAAM,GAAG,IAAA,UAAE,EAA4D,SAAS,CAAC,CAAC;gCAEtF,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,UAAU,EAAE,CAAC,gBAAgB,CAAC,EAAE,EAAE,UAAC,GAAG,EAAE,OAAO;oCAChF,OAAO,EAAE,CAAC;wCACN,IAAI,CAAC,GAAG,EAAE,CAAC;4CACP,MAAM,OAAO,CAAC;wCAClB,CAAC;wCAED,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;4CACnC,MAAM,GAAG,IAAA,UAAE,EAAoC;gDAC3C,SAAS,EAAE,KAAK;gDAChB,WAAW,EAAE,SAAS;gDACtB,cAAc,EAAE,GAAG,CAAC,OAAO;6CAC9B,CAAC,CAAC;4CACH,OAAO;wCACX,CAAC;wCAED,mBAAmB,CAAC,IAAI,EAAE,CAAC;wCAE3B,MAAM,GAAG,IAAA,UAAE,EAAoC;4CAC3C,SAAS,EAAE,KAAK;4CAChB,WAAW,EAAE,mBAAmB;4CAChC,cAAc,EAAE,GAAG,CAAC,OAAO;yCAC9B,CAAC,CAAC;wCAEH,OAAO;oCACX,CAAC;oCAED,IAAI,kBAAsC,CAAC;oCAE3C,IAAI,CAAC;wCACD,kBAAkB,GAAG,wBAAwB,CAAC,KAAK,CAAC,OAAO,CAAuB,CAAC;oCACvF,CAAC;oCAAC,OAAO,KAAK,EAAE,CAAC;wCACb,MAAM,GAAG,IAAA,UAAE,EAAoC;4CAC3C,SAAS,EAAE,KAAK;4CAChB,WAAW,EAAE,yBAAyB;4CACtC,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC;yCAChC,CAAC,CAAC;wCAEH,OAAO;oCACX,CAAC;oCAED,MAAM,GAAG,IAAA,UAAE,EAAsD;wCAC7D,SAAS,EAAE,IAAI;wCACf,oBAAoB,EAAE,kBAAkB;qCAC3C,CAAC,CAAC;gCACP,CAAC,CAAC,CAAC;gCAEH,IAAA,cAAM,EAAC,MAAM,KAAK,SAAS,CAAC,CAAC;gCAE7B,OAAO,MAAM,CAAC;4BAClB,CAAC;yBACJ,EAAC;;;;CACL;AAED,SAAe,iCAAiC,CAAC,MAA6B;;;;;;oBAClE,SAAS,GAAK,MAAM,UAAX,CAAY;oBAEvB,OAAO,GAAG,UAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,mCAAgC,CAAC;oBAE/D,qBAAM,IAAA,kBAAK,EAAC,OAAO,CAAC,EAAA;;oBAA/B,QAAQ,GAAG,SAAoB;oBAErC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;wBACf,MAAM,IAAI,KAAK,CACX,wDAAiD,OAAO,eAAK,QAAQ,CAAC,UAAU,CAAE,CACrF,CAAC;oBACN,CAAC;;;;oBAKU,qBAAM,QAAQ,CAAC,IAAI,EAAE,EAAA;;oBAA5B,IAAI,GAAG,SAAqB,CAAC;;;;oBAE7B,MAAM,IAAI,KAAK,CAAC,oCAA6B,OAAO,eAAK,MAAM,CAAC,OAAK,CAAC,CAAE,CAAC,CAAC;;oBAGtE,IAAI,GAAK,OAAC;yBACb,MAAM,CAAC;wBACJ,MAAM,EAAE,OAAC,CAAC,KAAK,CACX,OAAC,CAAC,MAAM,CAAC;4BACL,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;4BACjB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;4BACjB,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;yBAC/B,CAAC,CACL;qBACJ,CAAC;yBACD,KAAK,CAAC,IAAI,CAAC,KAVJ,CAUK;oBAEX,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAC,EAAO;4BAAL,GAAG,SAAA;wBAAO,OAAA,GAAG,KAAK,KAAK;oBAAb,CAAa,CAAC,CAAC;oBAE3D,IAAA,cAAM,EAAC,YAAY,KAAK,SAAS,EAAE,wBAAwB,CAAC,CAAC;oBAEvD,gBAAgB,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;oBAE7C,IAAA,cAAM,EACF,IAAA,eAAO,EAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,gBAAgB,CAAC,EACtD,gCAAyB,gBAAgB,CAAE,CAC9C,CAAC;oBAEI,SAAS,GAAG;wBACd,6BAA6B;wBAC7B,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;wBACnB,2BAA2B;qBAC9B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAEb,sBAAO,EAAE,SAAS,WAAA,EAAE,gBAAgB,kBAAA,EAAE,EAAC;;;;CAC1C"}