oidc-spa 4.6.1 → 4.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/oidc.d.ts +19 -1
  2. package/oidc.js +201 -48
  3. package/oidc.js.map +1 -1
  4. package/package.json +1 -1
  5. package/src/oidc.ts +214 -29
package/oidc.d.ts CHANGED
@@ -11,6 +11,13 @@ export declare namespace Oidc {
11
11
  login: (params: {
12
12
  doesCurrentHrefRequiresAuth: boolean;
13
13
  extraQueryParams?: Record<string, string>;
14
+ /**
15
+ * Where to redirect after successful login.
16
+ * Default: window.location.href (here)
17
+ *
18
+ * It does not need to include the origin, eg: "/dashboard"
19
+ */
20
+ successRedirectUrl?: string;
14
21
  }) => Promise<never>;
15
22
  initializationError: OidcInitializationError | undefined;
16
23
  };
@@ -53,9 +60,20 @@ export declare class OidcInitializationError extends Error {
53
60
  readonly type: "server down" | "bad configuration" | "unknown";
54
61
  constructor(params: {
55
62
  type: "server down";
63
+ issuerUri: string;
56
64
  } | {
57
65
  type: "bad configuration";
58
- timeoutDelayMs: number;
66
+ likelyCause: {
67
+ type: "misconfigured OIDC client";
68
+ clientId: string;
69
+ timeoutDelayMs: number;
70
+ } | {
71
+ type: "not in Web Origins";
72
+ clientId: string;
73
+ } | {
74
+ type: "silent-sso.html not reachable";
75
+ silentSsoHtmlUrl: string;
76
+ };
59
77
  } | {
60
78
  type: "unknown";
61
79
  cause: Error;
package/oidc.js CHANGED
@@ -118,12 +118,39 @@ var OidcInitializationError = /** @class */ (function (_super) {
118
118
  var _this = _super.call(this, (function () {
119
119
  switch (params.type) {
120
120
  case "server down":
121
- return "The OIDC server is down";
121
+ return [
122
+ "The OIDC server seems to be down.",
123
+ "If you know it's not the case it means that the issuerUri: ".concat(params.issuerUri, " is incorrect."),
124
+ "If you are using Keycloak makes sure that the realm exists and that the url is well formed.\n",
125
+ "More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak"
126
+ ].join(" ");
122
127
  case "bad configuration":
123
- return "Bad configuration. Timed out after ".concat(params.timeoutDelayMs, "ms");
128
+ switch (params.likelyCause.type) {
129
+ case "misconfigured OIDC client":
130
+ return [
131
+ "The OIDC client ".concat(params.likelyCause.clientId, " seems to be misconfigured on your OIDC server."),
132
+ "If you are using Keycloak you likely need to add \"".concat(location.origin, "/*\" to the list of Valid Redirect URIs"),
133
+ "in the ".concat(params.likelyCause.clientId, " client configuration.\n"),
134
+ "More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak",
135
+ "Silent SSO timed out after ".concat(params.likelyCause.timeoutDelayMs, "ms.")
136
+ ].join(" ");
137
+ case "not in Web Origins":
138
+ return [
139
+ "It seems that there is a CORS issue.",
140
+ "If you are using Keycloak check the \"Web Origins\" option in your ".concat(params.likelyCause.clientId, " client configuration."),
141
+ "You should probably add \"".concat(location.origin, "/*\" to the list."),
142
+ "More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak"
143
+ ].join(" ");
144
+ case "silent-sso.html not reachable":
145
+ return [
146
+ "".concat(params.likelyCause.silentSsoHtmlUrl, " is not reachable. Make sure you've created the silent-sso.html file"),
147
+ "in your public directory. More info: https://docs.oidc-spa.dev/documentation/installation"
148
+ ].join(" ");
149
+ }
124
150
  case "unknown":
125
151
  return params.cause.message;
126
152
  }
153
+ (0, assert_1.assert)(false);
127
154
  })(),
128
155
  // @ts-expect-error
129
156
  { "cause": params.type === "unknown" ? params.cause : undefined }) || this;
@@ -141,7 +168,7 @@ var URL_real = window.URL;
141
168
  /** @see: https://github.com/garronej/oidc-spa#option-1-usage-without-involving-the-ui-framework */
142
169
  function createOidc(params) {
143
170
  return __awaiter(this, void 0, void 0, function () {
144
- var issuerUri, clientId, clientSecret, _a, transformUrlBeforeRedirect, extraQueryParamsOrGetter, publicUrl_params, decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds, _b, autoLogoutParams, getExtraQueryParams, publicUrl, configHash, cleanups, configHashKey, oidcClientTsUserManager, lastPublicRoute, startTrackingLastPublicRoute, hasLoginBeenCalled, login, resultOfLoginProcess, common, error, initializationError, currentTokens, autoLogoutCountdownTickCallbacks, onTokenChanges, oidc, getMsBeforeExpiration_1, startCountdown_2, stopCountdown_1, unsubscribeFrom$isUserActive_1, hotReloadCleanupsForThisConfig;
171
+ var issuerUri, clientId, clientSecret, _a, transformUrlBeforeRedirect, extraQueryParamsOrGetter, publicUrl_params, decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds, _b, autoLogoutParams, getExtraQueryParams, publicUrl, configHash, cleanups, configHashKey, silentSsoHtmlUrl, oidcClientTsUserManager, lastPublicRoute, startTrackingLastPublicRoute, hasLoginBeenCalled, login, resultOfLoginProcess, common, error, initializationError, currentTokens, autoLogoutCountdownTickCallbacks, onTokenChanges, oidc, getMsBeforeExpiration_1, startCountdown_2, stopCountdown_1, unsubscribeFrom$isUserActive_1, hotReloadCleanupsForThisConfig;
145
172
  var _this = this;
146
173
  return __generator(this, function (_c) {
147
174
  switch (_c.label) {
@@ -173,6 +200,7 @@ function createOidc(params) {
173
200
  hotReloadCleanups.set(configHash, new Set());
174
201
  }
175
202
  configHashKey = "configHash";
203
+ silentSsoHtmlUrl = "".concat(publicUrl, "/silent-sso.html");
176
204
  oidcClientTsUserManager = new oidc_client_ts_1.UserManager({
177
205
  "authority": issuerUri,
178
206
  "client_id": clientId,
@@ -181,7 +209,7 @@ function createOidc(params) {
181
209
  "response_type": "code",
182
210
  "scope": "openid profile",
183
211
  "automaticSilentRenew": false,
184
- "silent_redirect_uri": "".concat(publicUrl, "/silent-sso.html?").concat(configHashKey, "=").concat(configHash)
212
+ "silent_redirect_uri": "".concat(silentSsoHtmlUrl, "?").concat(configHashKey, "=").concat(configHash)
185
213
  });
186
214
  lastPublicRoute = undefined;
187
215
  startTrackingLastPublicRoute = function () {
@@ -197,7 +225,7 @@ function createOidc(params) {
197
225
  };
198
226
  hasLoginBeenCalled = false;
199
227
  login = function (_a) {
200
- var doesCurrentHrefRequiresAuth = _a.doesCurrentHrefRequiresAuth, extraQueryParams = _a.extraQueryParams;
228
+ var doesCurrentHrefRequiresAuth = _a.doesCurrentHrefRequiresAuth, extraQueryParams = _a.extraQueryParams, successRedirectUrl = _a.successRedirectUrl;
201
229
  return __awaiter(_this, void 0, void 0, function () {
202
230
  var redirect_uri, callback_1, URL_1;
203
231
  return __generator(this, function (_b) {
@@ -208,7 +236,14 @@ function createOidc(params) {
208
236
  }
209
237
  hasLoginBeenCalled = true;
210
238
  redirect_uri = (0, urlQueryParams_1.addQueryParamToUrl)({
211
- "url": window.location.href,
239
+ "url": (function () {
240
+ if (successRedirectUrl === undefined) {
241
+ return window.location.href;
242
+ }
243
+ return successRedirectUrl.startsWith("/")
244
+ ? "".concat(window.location.origin).concat(successRedirectUrl)
245
+ : successRedirectUrl;
246
+ })(),
212
247
  "name": configHashKey,
213
248
  "value": configHash
214
249
  }).newUrl;
@@ -284,10 +319,11 @@ function createOidc(params) {
284
319
  };
285
320
  return [4 /*yield*/, (function getUser() {
286
321
  return __awaiter(this, void 0, void 0, function () {
287
- var url, result, result, loginSuccessUrl, paramsToRetrieveFromSuccessfulLogin_1, paramsToRetrieveFromSuccessfulLogin_1_1, name_1, result, oidcClientTsUser, _a, oidcClientTsUser, error_1, dLoginSuccessUrl_1, timeoutDelayMs_1, timeout_1, listener_1, loginSuccessUrl, oidcClientTsUser;
288
- var e_1, _b;
289
- return __generator(this, function (_c) {
290
- switch (_c.label) {
322
+ var url, result, loginSuccessUrl, missingMandatoryParams, paramsToRetrieveFromSuccessfulLogin_1, paramsToRetrieveFromSuccessfulLogin_1_1, name_1, result, result, oidcClientTsUser, error_1, oidcClientTsUser, error_2, dLoginSuccessUrl_1, timeoutDelayMs_1, timeout_1, listener_1, loginSuccessUrl, oidcClientTsUser, error_3;
323
+ var e_1, _a;
324
+ var _this = this;
325
+ return __generator(this, function (_b) {
326
+ switch (_b.label) {
291
327
  case 0:
292
328
  url = window.location.href;
293
329
  {
@@ -297,13 +333,8 @@ function createOidc(params) {
297
333
  }
298
334
  url = result.newUrl;
299
335
  }
300
- {
301
- result = (0, urlQueryParams_1.retrieveQueryParamFromUrl)({ "name": "error", url: url });
302
- if (result.wasPresent) {
303
- throw new Error("OIDC error: ".concat(result.value));
304
- }
305
- }
306
336
  loginSuccessUrl = "https://dummy.com";
337
+ missingMandatoryParams = [];
307
338
  try {
308
339
  for (paramsToRetrieveFromSuccessfulLogin_1 = __values(paramsToRetrieveFromSuccessfulLogin), paramsToRetrieveFromSuccessfulLogin_1_1 = paramsToRetrieveFromSuccessfulLogin_1.next(); !paramsToRetrieveFromSuccessfulLogin_1_1.done; paramsToRetrieveFromSuccessfulLogin_1_1 = paramsToRetrieveFromSuccessfulLogin_1.next()) {
309
340
  name_1 = paramsToRetrieveFromSuccessfulLogin_1_1.value;
@@ -312,7 +343,8 @@ function createOidc(params) {
312
343
  if (name_1 === "iss") {
313
344
  continue;
314
345
  }
315
- throw new Error("Missing query param: ".concat(name_1));
346
+ missingMandatoryParams.push(name_1);
347
+ continue;
316
348
  }
317
349
  loginSuccessUrl = (0, urlQueryParams_1.addQueryParamToUrl)({
318
350
  "url": loginSuccessUrl,
@@ -325,22 +357,58 @@ function createOidc(params) {
325
357
  catch (e_1_1) { e_1 = { error: e_1_1 }; }
326
358
  finally {
327
359
  try {
328
- if (paramsToRetrieveFromSuccessfulLogin_1_1 && !paramsToRetrieveFromSuccessfulLogin_1_1.done && (_b = paramsToRetrieveFromSuccessfulLogin_1.return)) _b.call(paramsToRetrieveFromSuccessfulLogin_1);
360
+ if (paramsToRetrieveFromSuccessfulLogin_1_1 && !paramsToRetrieveFromSuccessfulLogin_1_1.done && (_a = paramsToRetrieveFromSuccessfulLogin_1.return)) _a.call(paramsToRetrieveFromSuccessfulLogin_1);
329
361
  }
330
362
  finally { if (e_1) throw e_1.error; }
331
363
  }
332
364
  window.history.pushState(null, "", url);
365
+ {
366
+ result = (0, urlQueryParams_1.retrieveQueryParamFromUrl)({ "name": "error", url: url });
367
+ if (result.wasPresent) {
368
+ if (window !== top && result.value === "login_required") {
369
+ // Here we are in an iframe, it's a bit hacky to suspend the process here but
370
+ // it's a common case when the user of the lib forgot to create the silent-sso.html file.
371
+ // In this case we want to let the timeout of the parent expire to provide the correct error message.
372
+ // If we go on with execution of this it would still work but the user would get a misleading error message.
373
+ return [2 /*return*/, new Promise(function () { })];
374
+ }
375
+ throw new Error([
376
+ "The OIDC server responded with an error passed as query parameter after the login process",
377
+ "this error is: ".concat(result.value)
378
+ ].join(" "));
379
+ }
380
+ }
381
+ if (missingMandatoryParams.length !== 0) {
382
+ throw new Error([
383
+ "After the login process the following mandatory OIDC query parameters where missing:",
384
+ missingMandatoryParams.join(", ")
385
+ ].join(" "));
386
+ }
333
387
  oidcClientTsUser = undefined;
334
- _c.label = 1;
388
+ _b.label = 1;
335
389
  case 1:
336
- _c.trys.push([1, 3, , 4]);
390
+ _b.trys.push([1, 3, , 4]);
337
391
  return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback(loginSuccessUrl)];
338
392
  case 2:
339
- oidcClientTsUser = _c.sent();
393
+ oidcClientTsUser = _b.sent();
340
394
  return [3 /*break*/, 4];
341
395
  case 3:
342
- _a = _c.sent();
396
+ error_1 = _b.sent();
397
+ (0, assert_1.assert)(error_1 instanceof Error);
398
+ if (error_1.message === "Failed to fetch") {
399
+ // If it's a fetch error here we know that the web server is not down and the login was successful,
400
+ // we just where redirected from the login pages.
401
+ // This means it's likely a "Web origins" misconfiguration.
402
+ throw new OidcInitializationError({
403
+ "type": "bad configuration",
404
+ "likelyCause": {
405
+ "type": "not in Web Origins",
406
+ clientId: clientId
407
+ }
408
+ });
409
+ }
343
410
  //NOTE: The user has likely pressed the back button just after logging in.
411
+ //UPDATE: I don't remember how to reproduce this case and I don't know if it's still relevant.
344
412
  return [2 /*return*/, undefined];
345
413
  case 4: return [2 /*return*/, {
346
414
  "loginScenario": "backFromLoginPages",
@@ -348,22 +416,32 @@ function createOidc(params) {
348
416
  }];
349
417
  case 5: return [4 /*yield*/, oidcClientTsUserManager.getUser()];
350
418
  case 6:
351
- oidcClientTsUser = _c.sent();
419
+ oidcClientTsUser = _b.sent();
352
420
  if (oidcClientTsUser === null) {
353
421
  return [3 /*break*/, 11];
354
422
  }
355
- _c.label = 7;
423
+ _b.label = 7;
356
424
  case 7:
357
- _c.trys.push([7, 9, , 10]);
425
+ _b.trys.push([7, 9, , 10]);
358
426
  return [4 /*yield*/, oidcClientTsUserManager.signinSilent()];
359
427
  case 8:
360
- _c.sent();
428
+ _b.sent();
361
429
  return [3 /*break*/, 10];
362
430
  case 9:
363
- error_1 = _c.sent();
364
- (0, assert_1.assert)(error_1 instanceof Error);
365
- if (error_1.message === "Failed to fetch") {
366
- throw new OidcInitializationError({ "type": "server down" });
431
+ error_2 = _b.sent();
432
+ (0, assert_1.assert)(error_2 instanceof Error);
433
+ if (error_2.message === "Failed to fetch") {
434
+ // Here it could be web origins as well but it's less likely because
435
+ // it would mean that there was once a valid configuration and it has been
436
+ // changed to an invalid one before the token expired.
437
+ // but the server is not necessarily down, the issuerUri could be wrong.
438
+ // So the error that we return should be either "server down" if fetching the
439
+ // well known configuration endpoint failed without returning any status code
440
+ // or "bad configuration" if the endpoint returned a 404 or an other status code.
441
+ throw new OidcInitializationError({
442
+ "type": "server down",
443
+ issuerUri: issuerUri
444
+ });
367
445
  }
368
446
  return [2 /*return*/, undefined];
369
447
  case 10: return [2 /*return*/, {
@@ -385,12 +463,52 @@ function createOidc(params) {
385
463
  var dynamicDelay = rtt * 2.5 + 3000 / (downlink + 1);
386
464
  return Math.max(baseDelay, dynamicDelay);
387
465
  })();
388
- timeout_1 = (0, worker_timers_1.setTimeout)(function () {
389
- return dLoginSuccessUrl_1.reject(new OidcInitializationError({
390
- "type": "bad configuration",
391
- timeoutDelayMs: timeoutDelayMs_1
392
- }));
393
- }, timeoutDelayMs_1);
466
+ timeout_1 = (0, worker_timers_1.setTimeout)(function () { return __awaiter(_this, void 0, void 0, function () {
467
+ var isSilentSsoHtmlReachable;
468
+ var _this = this;
469
+ return __generator(this, function (_a) {
470
+ switch (_a.label) {
471
+ case 0: return [4 /*yield*/, fetch(silentSsoHtmlUrl).then(function (response) { return __awaiter(_this, void 0, void 0, function () {
472
+ var content;
473
+ return __generator(this, function (_a) {
474
+ switch (_a.label) {
475
+ case 0: return [4 /*yield*/, response.text()];
476
+ case 1:
477
+ content = _a.sent();
478
+ return [2 /*return*/, (content.split("\n").length < 20 &&
479
+ content.includes("parent.postMessage(location.href"))];
480
+ }
481
+ });
482
+ }); }, function () { return false; })];
483
+ case 1:
484
+ isSilentSsoHtmlReachable = _a.sent();
485
+ if (!isSilentSsoHtmlReachable) {
486
+ dLoginSuccessUrl_1.reject(new OidcInitializationError({
487
+ "type": "bad configuration",
488
+ "likelyCause": {
489
+ "type": "silent-sso.html not reachable",
490
+ silentSsoHtmlUrl: silentSsoHtmlUrl
491
+ }
492
+ }));
493
+ return [2 /*return*/];
494
+ }
495
+ // Here we know that the server is not down and that the issuer_uri is correct
496
+ // otherwise we would have had a fetch error when loading the iframe.
497
+ // So this means that it's very likely a OIDC client misconfiguration.
498
+ // It could also be a very slow network but this risk is mitigated by the fact that we check
499
+ // for the network speed to adjust the timeout delay.
500
+ dLoginSuccessUrl_1.reject(new OidcInitializationError({
501
+ "type": "bad configuration",
502
+ "likelyCause": {
503
+ "type": "misconfigured OIDC client",
504
+ clientId: clientId,
505
+ timeoutDelayMs: timeoutDelayMs_1
506
+ }
507
+ }));
508
+ return [2 /*return*/];
509
+ }
510
+ });
511
+ }); }, timeoutDelayMs_1);
394
512
  listener_1 = function (event) {
395
513
  var e_2, _a;
396
514
  if (typeof event.data !== "string") {
@@ -420,6 +538,7 @@ function createOidc(params) {
420
538
  }
421
539
  }
422
540
  var loginSuccessUrl = "https://dummy.com";
541
+ var missingMandatoryParams = [];
423
542
  try {
424
543
  for (var paramsToRetrieveFromSuccessfulLogin_2 = __values(paramsToRetrieveFromSuccessfulLogin), paramsToRetrieveFromSuccessfulLogin_2_1 = paramsToRetrieveFromSuccessfulLogin_2.next(); !paramsToRetrieveFromSuccessfulLogin_2_1.done; paramsToRetrieveFromSuccessfulLogin_2_1 = paramsToRetrieveFromSuccessfulLogin_2.next()) {
425
544
  var name_2 = paramsToRetrieveFromSuccessfulLogin_2_1.value;
@@ -428,7 +547,8 @@ function createOidc(params) {
428
547
  if (name_2 === "iss") {
429
548
  continue;
430
549
  }
431
- throw new Error("Missing query param: ".concat(name_2));
550
+ missingMandatoryParams.push(name_2);
551
+ continue;
432
552
  }
433
553
  loginSuccessUrl = (0, urlQueryParams_1.addQueryParamToUrl)({
434
554
  "url": loginSuccessUrl,
@@ -444,6 +564,13 @@ function createOidc(params) {
444
564
  }
445
565
  finally { if (e_2) throw e_2.error; }
446
566
  }
567
+ if (missingMandatoryParams.length !== 0) {
568
+ dLoginSuccessUrl_1.reject(new Error([
569
+ "After the silent signin process the following mandatory OIDC query parameters where missing:",
570
+ missingMandatoryParams.join(", ")
571
+ ].join(" ")));
572
+ return;
573
+ }
447
574
  dLoginSuccessUrl_1.resolve(loginSuccessUrl);
448
575
  };
449
576
  window.addEventListener("message", listener_1, false);
@@ -452,23 +579,49 @@ function createOidc(params) {
452
579
  .catch(function (error) {
453
580
  if (error.message === "Failed to fetch") {
454
581
  (0, worker_timers_1.clearTimeout)(timeout_1);
455
- dLoginSuccessUrl_1.reject(new OidcInitializationError({ "type": "server down" }));
582
+ // Here we know it's not web origin because it's not the token we are fetching
583
+ // but just the well known configuration endpoint that is not subject to CORS.
584
+ dLoginSuccessUrl_1.reject(new OidcInitializationError({
585
+ "type": "server down",
586
+ issuerUri: issuerUri
587
+ }));
456
588
  }
457
589
  });
458
590
  return [4 /*yield*/, dLoginSuccessUrl_1.pr];
459
591
  case 12:
460
- loginSuccessUrl = _c.sent();
592
+ loginSuccessUrl = _b.sent();
461
593
  if (loginSuccessUrl === undefined) {
462
- return [3 /*break*/, 14];
594
+ return [3 /*break*/, 17];
463
595
  }
464
- return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback(loginSuccessUrl)];
596
+ oidcClientTsUser = undefined;
597
+ _b.label = 13;
465
598
  case 13:
466
- oidcClientTsUser = _c.sent();
467
- return [2 /*return*/, {
468
- "loginScenario": "silentSignin",
469
- oidcClientTsUser: oidcClientTsUser
470
- }];
471
- case 14: return [2 /*return*/, undefined];
599
+ _b.trys.push([13, 15, , 16]);
600
+ return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback(loginSuccessUrl)];
601
+ case 14:
602
+ oidcClientTsUser = _b.sent();
603
+ return [3 /*break*/, 16];
604
+ case 15:
605
+ error_3 = _b.sent();
606
+ (0, assert_1.assert)(error_3 instanceof Error);
607
+ if (error_3.message === "Failed to fetch") {
608
+ // If we have a fetch error here. We know for sure that the server isn't down,
609
+ // the silent sign-in was successful. We also know that the issuer_uri is correct.
610
+ // so it's very likely the web origins that are misconfigured.
611
+ throw new OidcInitializationError({
612
+ "type": "bad configuration",
613
+ "likelyCause": {
614
+ "type": "not in Web Origins",
615
+ clientId: clientId
616
+ }
617
+ });
618
+ }
619
+ throw error_3;
620
+ case 16: return [2 /*return*/, {
621
+ "loginScenario": "silentSignin",
622
+ oidcClientTsUser: oidcClientTsUser
623
+ }];
624
+ case 17: return [2 /*return*/, undefined];
472
625
  }
473
626
  });
474
627
  });
@@ -509,7 +662,7 @@ function createOidc(params) {
509
662
  "type": "unknown",
510
663
  "cause": error
511
664
  });
512
- console.error("OIDC initialization error: ".concat(initializationError.message));
665
+ console.error("OIDC initialization error of type \"".concat(initializationError.type, "\": ").concat(initializationError.message));
513
666
  startTrackingLastPublicRoute();
514
667
  return [2 /*return*/, (0, id_1.id)(__assign(__assign({}, common), { "isUserLoggedIn": false, "login": function () { return __awaiter(_this, void 0, void 0, function () {
515
668
  return __generator(this, function (_a) {
package/oidc.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oidc.js","sourceRoot":"","sources":["src/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAuG;AACvG,+BAA8B;AAC9B,2EAA0E;AAC1E,uCAAmD;AACnD,yDAAuF;AACvF,yDAAwD;AACxD,6CAA4C;AAC5C,+CAA8C;AAC9C,+DAA8D;AAC9D,iEAAgE;AAChE,yDAA8D;AAE9D,+CAAyD;AA0DzD;IAA6C,2CAAK;IAG9C,iCACI,MAWO;;QAEP,YAAA,MAAK,YACD,CAAC;YACG,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;gBAClB,KAAK,aAAa;oBACd,OAAO,yBAAyB,CAAC;gBACrC,KAAK,mBAAmB;oBACpB,OAAO,6CAAsC,MAAM,CAAC,cAAc,OAAI,CAAC;gBAC3E,KAAK,SAAS;oBACV,OAAO,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;YACpC,CAAC;QACL,CAAC,CAAC,EAAE;QACJ,mBAAmB;QACnB,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,EAAE,CACpE,SAAC;QACF,KAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,MAAM,CAAC,cAAc,CAAC,KAAI,EAAE,WAAW,SAAS,CAAC,CAAC;;IACtD,CAAC;IACL,8BAAC;AAAD,CAAC,AAlCD,CAA6C,KAAK,GAkCjD;AAlCY,0DAAuB;AAoCpC,IAAM,mCAAmC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,CAAU,CAAC;AA4C/F,IAAI,aAAa,GAA4C,SAAS,CAAC;AACvE,IAAM,iBAAiB,GAAG,IAAI,GAAG,EAA2B,CAAC;AAE7D,IAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC;AAE5B,mGAAmG;AACnG,SAAsB,UAAU,CAE9B,MAA0C;;;;;;;oBAEpC,SAAS,GAST,MAAM,UATG,EACT,QAAQ,GAQR,MAAM,SARE,EACR,YAAY,GAOZ,MAAM,aAPM,EACZ,KAMA,MAAM,2BANiC,EAAvC,0BAA0B,mBAAG,UAAA,GAAG,IAAI,OAAA,GAAG,EAAH,CAAG,KAAA,EACrB,wBAAwB,GAK1C,MAAM,iBALoC,EAC/B,gBAAgB,GAI3B,MAAM,UAJqB,EAC3B,oBAAoB,GAGpB,MAAM,qBAHc,EACpB,8BAA8B,GAE9B,MAAM,+BAFwB,EAC9B,KACA,MAAM,iBAD6C,EAAnD,gBAAgB,mBAAG,EAAE,YAAY,EAAE,cAAc,EAAE,KAAA,CAC5C;oBAEL,mBAAmB,GAAG,CAAC;wBACzB,IAAI,OAAO,wBAAwB,KAAK,UAAU,EAAE,CAAC;4BACjD,OAAO,wBAAwB,CAAC;wBACpC,CAAC;wBAED,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;4BACzC,OAAO,cAAM,OAAA,wBAAwB,EAAxB,CAAwB,CAAC;wBAC1C,CAAC;wBAED,OAAO,SAAS,CAAC;oBACrB,CAAC,CAAC,EAAE,CAAC;oBAEC,SAAS,GAAG,CAAC;wBACf,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;4BACjC,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;wBAClC,CAAC;wBAED,OAAO,CACH,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;4BAC/B,CAAC,CAAC,gBAAgB;4BAClB,CAAC,CAAC,UAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,SAAG,gBAAgB,CAAE,CACvD,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBACzB,CAAC,CAAC,EAAE,CAAC;oBAEC,UAAU,GAAG,IAAA,+BAAc,EAAC,UAAG,SAAS,cAAI,QAAQ,CAAE,CAAC,CAAC;oBAE9D,CAAC;wBACS,QAAQ,GAAG,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;wBAEnD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;4BACzB,KAAK,CAAC,IAAI,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAA,OAAO,IAAI,OAAA,OAAO,EAAE,EAAT,CAAS,CAAC,CAAC;wBAC7D,CAAC;wBAED,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;oBACjD,CAAC;oBAEK,aAAa,GAAG,YAAY,CAAC;oBAE7B,uBAAuB,GAAG,IAAI,4BAAuB,CAAC;wBACxD,WAAW,EAAE,SAAS;wBACtB,WAAW,EAAE,QAAQ;wBACrB,eAAe,EAAE,YAAY;wBAC7B,cAAc,EAAE,EAAE,CAAC,iCAAiC;wBACpD,eAAe,EAAE,MAAM;wBACvB,OAAO,EAAE,gBAAgB;wBACzB,sBAAsB,EAAE,KAAK;wBAC7B,qBAAqB,EAAE,UAAG,SAAS,8BAAoB,aAAa,cAAI,UAAU,CAAE;qBACvF,CAAC,CAAC;oBAEC,eAAe,GAAuB,SAAS,CAAC;oBAG9C,4BAA4B,GAAG;wBACjC,IAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;wBACtD,OAAO,CAAC,SAAS,GAAG,SAAS,SAAS;4BAAC,cAAO;iCAAP,UAAO,EAAP,qBAAO,EAAP,IAAO;gCAAP,yBAAO;;4BAC1C,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4BACvC,OAAO,aAAa,wCAAI,IAAI,WAAE;wBAClC,CAAC,CAAC;oBACN,CAAC,CAAC;oBAEE,kBAAkB,GAAG,KAAK,CAAC;oBAEzB,KAAK,GAA8B,UAAO,EAG/C;4BAFG,2BAA2B,iCAAA,EAC3B,gBAAgB,sBAAA;;;;;;wCAEhB,IAAI,kBAAkB,EAAE,CAAC;4CACrB,sBAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,EAAC;wCACxC,CAAC;wCAED,kBAAkB,GAAG,IAAI,CAAC;wCAEV,YAAY,GAAK,IAAA,mCAAkB,EAAC;4CAChD,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;4CAC3B,MAAM,EAAE,aAAa;4CACrB,OAAO,EAAE,UAAU;yCACtB,CAAC,OAJ0B,CAIzB;wCAEH,uFAAuF;wCACvF,qGAAqG;wCACrG,iCAAiC;wCACjC,CAAC;4CACS,aAAW;gDACb,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;oDACzC,QAAQ,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,UAAQ,CAAC,CAAC;oDAE3D,IAAI,2BAA2B,EAAE,CAAC;wDAC9B,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;4DAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,eAAe,CAAC;wDAC3C,CAAC;6DAAM,CAAC;4DACJ,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;wDAC1B,CAAC;oDACL,CAAC;yDAAM,CAAC;wDACJ,kBAAkB,GAAG,KAAK,CAAC;oDAC/B,CAAC;gDACL,CAAC;4CACL,CAAC,CAAC;4CACF,QAAQ,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,UAAQ,CAAC,CAAC;wCAC5D,CAAC;wCAED,0EAA0E;wCAC1E,0EAA0E;wCAC1E,0EAA0E;wCAC1E,oDAAoD;wCACpD,CAAC;4CACS,QAAM;gDAAC,cAA+C;qDAA/C,UAA+C,EAA/C,qBAA+C,EAA/C,IAA+C;oDAA/C,yBAA+C;;gDACxD,IAAM,WAAW,QAAO,QAAQ,YAAR,QAAQ,iCAAI,IAAI,aAAC,CAAC;gDAE1C,OAAO,IAAI,KAAK,CAAC,WAAW,EAAE;oDAC1B,KAAK,EAAE,UAAC,MAAM,EAAE,IAAI;wDAChB,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;4DAClB,IAAI,KAAG,GAAG,WAAW,CAAC,IAAI,CAAC;4DAE3B,MAAM,CAAC,OAAO,uBACP,mBAAmB,aAAnB,mBAAmB,uBAAnB,mBAAmB,EAAI,GACvB,gBAAgB,EACrB,CAAC,OAAO,CACN,UAAC,EAAa;oEAAb,KAAA,aAAa,EAAZ,IAAI,QAAA,EAAE,KAAK,QAAA;gEACT,OAAA,CAAC,KAAG,GAAG,IAAA,mCAAkB,EAAC;oEACtB,GAAG,OAAA;oEACH,IAAI,MAAA;oEACJ,KAAK,OAAA;iEACR,CAAC,CAAC,MAAM,CAAC;4DAJV,CAIU,CACjB,CAAC;4DAEF,KAAG,GAAG,0BAA0B,CAAC,KAAG,CAAC,CAAC;4DAEtC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;4DAE5D,OAAO,KAAG,CAAC;wDACf,CAAC;wDAED,kBAAkB;wDAClB,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;oDACxB,CAAC;iDACJ,CAAC,CAAC;4CACP,CAAC,CAAC;4CAEF,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,KAAG,EAAE,CAAC,CAAC;wCAC3D,CAAC;wCAED,qBAAM,uBAAuB,CAAC,cAAc,CAAC;gDACzC,YAAY,cAAA;gDACZ,0FAA0F;gDAC1F,gEAAgE;gDAChE,uDAAuD;gDACvD,gBAAgB,EAAE,2BAA2B,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;6CACvE,CAAC,EAAA;;wCANF,SAME,CAAC;wCACH,sBAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,EAAC;;;;qBACvC,CAAC;oBAE2B,qBAAM,CAAC,SAAe,OAAO;;;;;;;4CAE9C,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4CAE/B,CAAC;gDACS,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;gDAEzE,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;oDACpD,wBAAyC;gDAC7C,CAAC;gDAED,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;4CACxB,CAAC;4CAED,CAAC;gDACS,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;gDAEnE,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oDACpB,MAAM,IAAI,KAAK,CAAC,sBAAe,MAAM,CAAC,KAAK,CAAE,CAAC,CAAC;gDACnD,CAAC;4CACL,CAAC;4CAEG,eAAe,GAAG,mBAAmB,CAAC;;gDAE1C,KAAmB,wCAAA,SAAA,mCAAmC,CAAA,iOAAE,CAAC;oDAApD;oDACK,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,IAAI,QAAA,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;oDAExD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;wDACrB,IAAI,MAAI,KAAK,KAAK,EAAE,CAAC;4DACjB,SAAS;wDACb,CAAC;wDACD,MAAM,IAAI,KAAK,CAAC,+BAAwB,MAAI,CAAE,CAAC,CAAC;oDACpD,CAAC;oDAED,eAAe,GAAG,IAAA,mCAAkB,EAAC;wDACjC,KAAK,EAAE,eAAe;wDACtB,MAAM,EAAE,MAAI;wDACZ,OAAO,EAAE,MAAM,CAAC,KAAK;qDACxB,CAAC,CAAC,MAAM,CAAC;oDAEV,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;gDACxB,CAAC;;;;;;;;;4CAED,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;4CAEpC,gBAAgB,GAAiC,SAAS,CAAC;;;;4CAGxC,qBAAM,uBAAuB,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAA;;4CAAxF,gBAAgB,GAAG,SAAqE,CAAC;;;;4CAEzF,0EAA0E;4CAC1E,sBAAO,SAAS,EAAC;gDAGrB,sBAAO;gDACH,eAAe,EAAE,oBAA6B;gDAC9C,gBAAgB,kBAAA;6CACnB,EAAC;gDAIuB,qBAAM,uBAAuB,CAAC,OAAO,EAAE,EAAA;;4CAA1D,gBAAgB,GAAG,SAAuC;4CAEhE,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;gDAC5B,yBAA2B;4CAC/B,CAAC;;;;4CAIG,qBAAM,uBAAuB,CAAC,YAAY,EAAE,EAAA;;4CAA5C,SAA4C,CAAC;;;;4CAE7C,IAAA,eAAM,EAAC,OAAK,YAAY,KAAK,CAAC,CAAC;4CAE/B,IAAI,OAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;gDACtC,MAAM,IAAI,uBAAuB,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;4CACjE,CAAC;4CAED,sBAAO,SAAS,EAAC;iDAGrB,sBAAO;gDACH,eAAe,EAAE,2BAAoC;gDACrD,gBAAgB,kBAAA;6CACnB,EAAC;;4CAII,qBAAmB,IAAI,mBAAQ,EAAsB,CAAC;4CAEtD,mBAAiB,CAAC;gDACpB,IAAM,cAAc,GAAG,IAAA,qCAAiB,GAAE,CAAC;gDAE3C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;oDAC/B,OAAO,IAAI,CAAC;gDAChB,CAAC;gDAEO,IAAA,QAAQ,GAAU,cAAc,SAAxB,EAAE,GAAG,GAAK,cAAc,IAAnB,CAAoB;gDAEzC,4DAA4D;gDAC5D,IAAM,SAAS,GAAG,IAAI,CAAC;gDAEvB,oDAAoD;gDACpD,8CAA8C;gDAC9C,IAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;gDAEvD,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;4CAC7C,CAAC,CAAC,EAAE,CAAC;4CAEC,YAAU,IAAA,0BAAU,EACtB;gDACI,OAAA,kBAAgB,CAAC,MAAM,CACnB,IAAI,uBAAuB,CAAC;oDACxB,MAAM,EAAE,mBAAmB;oDAC3B,cAAc,kBAAA;iDACjB,CAAC,CACL;4CALD,CAKC,EACL,gBAAc,CACjB,CAAC;4CAEI,aAAW,UAAC,KAAmB;;gDACjC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oDACjC,OAAO;gDACX,CAAC;gDAED,IAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC;gDAEvB,CAAC;oDACG,IAAI,MAAM,SAA8C,CAAC;oDAEzD,IAAI,CAAC;wDACD,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;oDACvE,CAAC;oDAAC,WAAM,CAAC;wDACL,wDAAwD;wDACxD,OAAO;oDACX,CAAC;oDAED,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;wDACpD,OAAO;oDACX,CAAC;gDACL,CAAC;gDAED,IAAA,4BAAY,EAAC,SAAO,CAAC,CAAC;gDAEtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,UAAQ,CAAC,CAAC;gDAEhD,CAAC;oDACG,IAAM,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;oDAEnE,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;wDACpB,kBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;wDACpC,OAAO;oDACX,CAAC;gDACL,CAAC;gDAED,IAAI,eAAe,GAAG,mBAAmB,CAAC;;oDAE1C,KAAmB,IAAA,wCAAA,SAAA,mCAAmC,CAAA,wFAAA,yIAAE,CAAC;wDAApD,IAAM,MAAI,gDAAA;wDACX,IAAM,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,IAAI,QAAA,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;wDAExD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;4DACrB,IAAI,MAAI,KAAK,KAAK,EAAE,CAAC;gEACjB,SAAS;4DACb,CAAC;4DACD,MAAM,IAAI,KAAK,CAAC,+BAAwB,MAAI,CAAE,CAAC,CAAC;wDACpD,CAAC;wDAED,eAAe,GAAG,IAAA,mCAAkB,EAAC;4DACjC,KAAK,EAAE,eAAe;4DACtB,MAAM,EAAE,MAAI;4DACZ,OAAO,EAAE,MAAM,CAAC,KAAK;yDACxB,CAAC,CAAC,MAAM,CAAC;oDACd,CAAC;;;;;;;;;gDAED,kBAAgB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;4CAC9C,CAAC,CAAC;4CAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,UAAQ,EAAE,KAAK,CAAC,CAAC;4CAEpD,uBAAuB;iDAClB,YAAY,CAAC,EAAE,+BAA+B,EAAE,gBAAc,GAAG,IAAI,EAAE,CAAC;iDACxE,KAAK,CAAC,UAAC,KAAY;gDAChB,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;oDACtC,IAAA,4BAAY,EAAC,SAAO,CAAC,CAAC;oDAEtB,kBAAgB,CAAC,MAAM,CAAC,IAAI,uBAAuB,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;gDACpF,CAAC;4CACL,CAAC,CAAC,CAAC;4CAEiB,qBAAM,kBAAgB,CAAC,EAAE,EAAA;;4CAA3C,eAAe,GAAG,SAAyB;4CAEjD,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gDAChC,yBAAoC;4CACxC,CAAC;4CAEwB,qBAAM,uBAAuB,CAAC,sBAAsB,CACzE,eAAe,CAClB,EAAA;;4CAFK,gBAAgB,GAAG,SAExB;4CAED,sBAAO;oDACH,eAAe,EAAE,cAAuB;oDACxC,gBAAgB,kBAAA;iDACnB,EAAC;iDAGN,sBAAO,SAAS,EAAC;;;;yBACpB,CAAC,EAAE,CAAC,IAAI,CACL,UAAA,MAAM;4BACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gCACvB,OAAO,SAAS,CAAC;4BACrB,CAAC;4BAEO,IAAA,gBAAgB,GAAoB,MAAM,iBAA1B,EAAE,aAAa,GAAK,MAAM,cAAX,CAAY;4BAEnD,IAAM,MAAM,GAAG,wBAAwB,CAAC;gCACpC,gBAAgB,kBAAA;gCAChB,oBAAoB,sBAAA;6BACvB,CAAC,CAAC;4BAEH,IAAI,MAAM,CAAC,0BAA0B,GAAG,MAAM,CAAC,yBAAyB,EAAE,CAAC;gCACvE,OAAO,CAAC,IAAI,CACR;oCACI,kEAAkE;oCAClE,uDAAuD;oCACvD,mDAA4C,QAAQ,cAAI,SAAS,CAAE;iCACtE,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;4BACN,CAAC;4BAED,OAAO,EAAE,MAAM,QAAA,EAAE,aAAa,eAAA,EAAE,CAAC;wBACrC,CAAC,EACD,UAAA,KAAK;4BACD,IAAA,eAAM,EAAC,KAAK,YAAY,KAAK,CAAC,CAAC;4BAC/B,OAAO,KAAK,CAAC;wBACjB,CAAC,CACJ,EAAA;;oBA1OK,oBAAoB,GAAG,SA0O5B;oBAEK,MAAM,GAAgB;wBACxB,QAAQ,EAAE;4BACN,SAAS,WAAA;4BACT,QAAQ,UAAA;yBACX;qBACJ,CAAC;oBAEF,IAAI,oBAAoB,YAAY,KAAK,EAAE,CAAC;wBAClC,KAAK,GAAG,oBAAoB,CAAC;wBAE7B,mBAAmB,GACrB,KAAK,YAAY,uBAAuB;4BACpC,CAAC,CAAC,KAAK;4BACP,CAAC,CAAC,IAAI,uBAAuB,CAAC;gCACxB,MAAM,EAAE,SAAS;gCACjB,OAAO,EAAE,KAAK;6BACjB,CAAC,CAAC;wBAEb,OAAO,CAAC,KAAK,CAAC,qCAA8B,mBAAmB,CAAC,OAAO,CAAE,CAAC,CAAC;wBAE3E,4BAA4B,EAAE,CAAC;wBAE/B,sBAAO,IAAA,OAAE,wBACF,MAAM,KACT,gBAAgB,EAAE,KAAK,EACvB,OAAO,EAAE;;wCACL,KAAK,CAAC,kEAAkE,CAAC,CAAC;wCAC1E,sBAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,EAAC;;qCACvC,EACD,mBAAmB,qBAAA,IACrB,EAAC;oBACP,CAAC;oBAED,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;wBACrC,4BAA4B,EAAE,CAAC;wBAE/B,sBAAO,IAAA,OAAE,wBACF,MAAM,KACT,gBAAgB,EAAE,KAAK,EACvB,KAAK,OAAA,EACL,qBAAqB,EAAE,SAAS,IAClC,EAAC;oBACP,CAAC;oBAEG,aAAa,GAAG,oBAAoB,CAAC,MAAM,CAAC;oBAE1C,gCAAgC,GAAG,IAAI,GAAG,EAE7C,CAAC;oBAEE,cAAc,GAAG,IAAI,GAAG,EAAc,CAAC;oBAEvC,IAAI,GAAG,IAAA,OAAE,wBACR,MAAM,KACT,gBAAgB,EAAE,IAAI,EACtB,WAAW,EAAE,cAAM,OAAA,aAAa,EAAb,CAAa,EAChC,QAAQ,EAAE,UAAM,MAAM;;;4CAClB,qBAAM,uBAAuB,CAAC,eAAe,CAAC;4CAC1C,0BAA0B,EAAE,CAAC;gDACzB,QAAQ,MAAM,CAAC,UAAU,EAAE,CAAC;oDACxB,KAAK,cAAc;wDACf,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oDAChC,KAAK,MAAM;wDACP,OAAO,SAAS,CAAC;oDACrB,KAAK,cAAc;wDACf,OAAO,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC;4DAC7B,CAAC,CAAC,UAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,SAAG,MAAM,CAAC,GAAG,CAAE;4DAC1C,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gDACzB,CAAC;gDACD,IAAA,eAAM,EAA+B,KAAK,CAAC,CAAC;4CAChD,CAAC,CAAC,EAAE;yCACP,CAAC,EAAA;;wCAdF,SAcE,CAAC;wCACH,sBAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,EAAC;;;6BACvC,EACD,aAAa,EAAE;;;;4CACc,qBAAM,uBAAuB,CAAC,YAAY,EAAE,EAAA;;wCAA/D,gBAAgB,GAAG,SAA4C;wCAErE,IAAA,eAAM,EAAC,gBAAgB,KAAK,IAAI,CAAC,CAAC;wCAE5B,gCAAgC,GAAG,MAAM,CAAC,wBAAwB,CACpE,aAAa,EACb,gBAAgB,CACnB,CAAC;wCAEF,IAAA,eAAM,EAAC,gCAAgC,KAAK,SAAS,CAAC,CAAC;wCAEvD,aAAa,GAAG,wBAAwB,CAAC;4CACrC,gBAAgB,kBAAA;4CAChB,oBAAoB,sBAAA;yCACvB,CAAC,CAAC;wCAEH,mEAAmE;wCACnE,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,gBAAgB,EAAE,gCAAgC,CAAC,CAAC;wCAEzF,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,UAAA,aAAa,IAAI,OAAA,aAAa,EAAE,EAAf,CAAe,CAAC,CAAC;;;;6BACxE,EACD,yBAAyB,EAAE,UAAA,aAAa;4BACpC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;4BAElC,OAAO;gCACH,aAAa,EAAE;oCACX,cAAc,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gCACzC,CAAC;6BACJ,CAAC;wBACN,CAAC,EACD,gCAAgC,EAAE,UAAA,YAAY;4BAC1C,gCAAgC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;4BAEnD,IAAM,kCAAkC,GAAG;gCACvC,gCAAgC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;4BAC1D,CAAC,CAAC;4BAEF,OAAO,EAAE,kCAAkC,oCAAA,EAAE,CAAC;wBAClD,CAAC,EACD,eAAe,EAAE,oBAAoB,CAAC,aAAa,IACrD,CAAC;oBAEH,CAAC;wBACS,0BAAwB;4BAC1B,kEAAkE;4BAClE,gEAAgE;4BAChE,mBAAmB;4BACnB,IAAM,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAChC,aAAa,CAAC,yBAAyB,EACvC,aAAa,CAAC,0BAA0B,CAC3C,CAAC;4BAEF,OAAO,IAAI,CAAC,GAAG,CACX,mBAAmB,GAAG,IAAI,CAAC,GAAG,EAAE;4BAChC,+DAA+D;4BAC/D,0CAA0C;4BAC1C,mFAAmF;4BACnF,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CACtB,CAAC;wBACN,CAAC,CAAC;wBAEF,CAAC,SAAS,aAAa;4BAAtB,iBA6BA;4BA5BG,2DAA2D;4BAC3D,iFAAiF;4BACjF,uCAAuC;4BACvC,IAAM,oBAAoB,GAAG,IAAI,CAAC,GAAG,CAAC,KAAM,EAAE,uBAAqB,EAAE,GAAG,GAAG,CAAC,CAAC;4BAE7E,IAAM,KAAK,GAAG,IAAA,0BAAU,EAAC;;;;;4CACrB,sBAAsB,EAAE,CAAC;;;;4CAGrB,qBAAM,IAAI,CAAC,WAAW,EAAE,EAAA;;4CAAxB,SAAwB,CAAC;;;;4CAEzB,gEAAgE;4CAChE,+BAA+B;4CAC/B,oEAAoE;4CACpE,kEAAkE;4CAClE,qEAAqE;4CACrE,mCAAmC;4CACnC,qBAAM,KAAK,CAAC,EAAE,6BAA6B,EAAE,KAAK,EAAE,CAAC,EAAA;;4CANrD,gEAAgE;4CAChE,+BAA+B;4CAC/B,oEAAoE;4CACpE,kEAAkE;4CAClE,qEAAqE;4CACrE,mCAAmC;4CACnC,SAAqD,CAAC;;;4CAG1D,aAAa,EAAE,CAAC;;;;iCACnB,EAAE,uBAAqB,EAAE,GAAG,oBAAoB,CAAC,CAAC;4BAE3C,IAAa,sBAAsB,GAAK,IAAI,CAAC,uBAAuB,CAAC;gCACzE,IAAA,4BAAY,EAAC,KAAK,CAAC,CAAC;gCACpB,sBAAsB,EAAE,CAAC;gCACzB,aAAa,EAAE,CAAC;4BACpB,CAAC,CAAC,YAJyC,CAIxC;wBACP,CAAC,CAAC,EAAE,CAAC;oBACT,CAAC;oBAED,CAAC;wBACW,mBAAmB,IAAA,qCAAoB,EAAC;4BAC5C,qBAAqB,EAAE;gCACnB,OAAA,8BAA8B,aAA9B,8BAA8B,cAA9B,8BAA8B,GAAI,aAAa,CAAC,0BAA0B;4BAA1E,CAA0E;4BAC9E,cAAc,EAAE,UAAC,EAAe;oCAAb,WAAW,iBAAA;gCAC1B,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,OAAO,CAAC,UAAA,YAAY;oCAC7D,OAAA,YAAY,CAAC,EAAE,WAAW,aAAA,EAAE,CAAC;gCAA7B,CAA6B,CAChC,CAAC;gCAEF,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;oCACpB,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gCAClC,CAAC;4BACL,CAAC;yBACJ,CAAC,eAZoB,CAYnB;wBAEC,kBAA0C,SAAS,CAAC;wBAExD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;4BAC9B,aAAa,GAAG,IAAA,uCAAkB,EAAC;gCAC/B,gDAAgD,EAAE,IAAK;6BAC1D,CAAC,CAAC,aAAa,CAAC;wBACrB,CAAC;wBAEO,iCAA8C,aAAa,CAAC,SAAS,CAAC,UAAA,YAAY;4BACtF,IAAI,YAAY,EAAE,CAAC;gCACf,IAAI,eAAa,KAAK,SAAS,EAAE,CAAC;oCAC9B,eAAa,EAAE,CAAC;oCAChB,eAAa,GAAG,SAAS,CAAC;gCAC9B,CAAC;4BACL,CAAC;iCAAM,CAAC;gCACJ,IAAA,eAAM,EAAC,eAAa,KAAK,SAAS,CAAC,CAAC;gCACpC,eAAa,GAAG,gBAAc,EAAE,CAAC,aAAa,CAAC;4BACnD,CAAC;wBACL,CAAC,CAAC,YAV+C,CAU9C;wBAEH,CAAC;4BACS,8BAA8B,GAAG,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;4BACzE,IAAA,eAAM,EAAC,8BAA8B,KAAK,SAAS,CAAC,CAAC;4BACrD,8BAA8B,CAAC,GAAG,CAAC;gCAC/B,8BAA4B,EAAE,CAAC;gCAC/B,eAAa,aAAb,eAAa,uBAAb,eAAa,EAAI,CAAC;4BACtB,CAAC,CAAC,CAAC;wBACP,CAAC;oBACL,CAAC;oBAED,sBAAO,IAAI,EAAC;;;;CACf;AAxmBD,gCAwmBC;AAED,SAAS,wBAAwB,CAAiD,MAGjF;IACW,IAAA,gBAAgB,GAA2B,MAAM,iBAAjC,EAAE,oBAAoB,GAAK,MAAM,qBAAX,CAAY;IAE1D,IAAM,WAAW,GAAG,gBAAgB,CAAC,YAAY,CAAC;IAElD,IAAM,yBAAyB,GAAG,CAAC;QAC/B,kBAAkB,EAAE,CAAC;YACT,IAAA,UAAU,GAAK,gBAAgB,WAArB,CAAsB;YAExC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAC3B,MAAM,kBAAkB,CAAC;YAC7B,CAAC;YAED,OAAO,UAAU,GAAG,IAAI,CAAC;QAC7B,CAAC;QAED,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,WAAW,CAAC,CAAC;YAE5D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,IAAA,eAAM,EAAC,KAAK,EAAE,4CAA4C,CAAC,CAAC;IAChE,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,YAAY,GAAG,gBAAgB,CAAC,aAAa,CAAC;IAEpD,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,EAAE,8CAA8C,CAAC,CAAC;IAEnF,IAAM,0BAA0B,GAAG,CAAC;QAChC,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,YAAY,CAAC,CAAC;YAE7D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,IAAA,eAAM,EAAC,KAAK,EAAE,6CAA6C,CAAC,CAAC;IACjE,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC;IAE1C,IAAA,eAAM,EAAC,OAAO,KAAK,SAAS,EAAE,yCAAyC,CAAC,CAAC;IAEzE,IAAM,MAAM,GAAgC;QACxC,WAAW,aAAA;QACX,yBAAyB,2BAAA;QACzB,YAAY,cAAA;QACZ,0BAA0B,4BAAA;QAC1B,OAAO,SAAA;QACP,gBAAgB,EAAE,IAAW;KAChC,CAAC;IAEF,IAAI,KAAK,GAKS,SAAS,CAAC;IAE5B,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,gBAAgB,EAAE;QAC5C,KAAK,EAAE;YACH,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;gBACxD,OAAO,KAAK,CAAC,cAAc,CAAC;YAChC,CAAC;YAED,IAAI,cAAc,GAAG,IAAA,qBAAS,EAAC,IAAI,CAAC,OAAO,CAAmB,CAAC;YAE/D,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;gBACrC,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAChE,CAAC;YAED,KAAK,GAAG;gBACJ,SAAS,EAAE,IAAI,CAAC,OAAO;gBACvB,cAAc,gBAAA;aACjB,CAAC;YAEF,OAAO,cAAc,CAAC;QAC1B,CAAC;QACD,cAAc,EAAE,IAAI;QACpB,YAAY,EAAE,IAAI;KACrB,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
1
+ {"version":3,"file":"oidc.js","sourceRoot":"","sources":["src/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAuG;AACvG,+BAA8B;AAC9B,2EAA0E;AAC1E,uCAAmD;AACnD,yDAAuF;AACvF,yDAAwD;AACxD,6CAA4C;AAC5C,+CAA8C;AAC9C,+DAA8D;AAC9D,iEAAgE;AAChE,yDAA8D;AAE9D,+CAAyD;AAiEzD;IAA6C,2CAAK;IAG9C,iCACI,MA0BO;;QAEP,YAAA,MAAK,YACD,CAAC;YACG,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;gBAClB,KAAK,aAAa;oBACd,OAAO;wBACH,mCAAmC;wBACnC,qEAA8D,MAAM,CAAC,SAAS,mBAAgB;wBAC9F,+FAA+F;wBAC/F,oEAAoE;qBACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAChB,KAAK,mBAAmB;oBACpB,QAAQ,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;wBAC9B,KAAK,2BAA2B;4BAC5B,OAAO;gCACH,0BAAmB,MAAM,CAAC,WAAW,CAAC,QAAQ,oDAAiD;gCAC/F,6DAAqD,QAAQ,CAAC,MAAM,4CAAwC;gCAC5G,iBAAU,MAAM,CAAC,WAAW,CAAC,QAAQ,6BAA0B;gCAC/D,oEAAoE;gCACpE,qCAA8B,MAAM,CAAC,WAAW,CAAC,cAAc,QAAK;6BACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBAChB,KAAK,oBAAoB;4BACrB,OAAO;gCACH,sCAAsC;gCACtC,6EAAoE,MAAM,CAAC,WAAW,CAAC,QAAQ,2BAAwB;gCACvH,oCAA4B,QAAQ,CAAC,MAAM,sBAAkB;gCAC7D,oEAAoE;6BACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBAChB,KAAK,+BAA+B;4BAChC,OAAO;gCACH,UAAG,MAAM,CAAC,WAAW,CAAC,gBAAgB,yEAAsE;gCAC5G,2FAA2F;6BAC9F,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACpB,CAAC;gBACL,KAAK,SAAS;oBACV,OAAO,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;YACpC,CAAC;YACD,IAAA,eAAM,EAA+B,KAAK,CAAC,CAAC;QAChD,CAAC,CAAC,EAAE;QACJ,mBAAmB;QACnB,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,EAAE,CACpE,SAAC;QACF,KAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,MAAM,CAAC,cAAc,CAAC,KAAI,EAAE,WAAW,SAAS,CAAC,CAAC;;IACtD,CAAC;IACL,8BAAC;AAAD,CAAC,AA5ED,CAA6C,KAAK,GA4EjD;AA5EY,0DAAuB;AA8EpC,IAAM,mCAAmC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,CAAU,CAAC;AA4C/F,IAAI,aAAa,GAA4C,SAAS,CAAC;AACvE,IAAM,iBAAiB,GAAG,IAAI,GAAG,EAA2B,CAAC;AAE7D,IAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC;AAE5B,mGAAmG;AACnG,SAAsB,UAAU,CAE9B,MAA0C;;;;;;;oBAEpC,SAAS,GAST,MAAM,UATG,EACT,QAAQ,GAQR,MAAM,SARE,EACR,YAAY,GAOZ,MAAM,aAPM,EACZ,KAMA,MAAM,2BANiC,EAAvC,0BAA0B,mBAAG,UAAA,GAAG,IAAI,OAAA,GAAG,EAAH,CAAG,KAAA,EACrB,wBAAwB,GAK1C,MAAM,iBALoC,EAC/B,gBAAgB,GAI3B,MAAM,UAJqB,EAC3B,oBAAoB,GAGpB,MAAM,qBAHc,EACpB,8BAA8B,GAE9B,MAAM,+BAFwB,EAC9B,KACA,MAAM,iBAD6C,EAAnD,gBAAgB,mBAAG,EAAE,YAAY,EAAE,cAAc,EAAE,KAAA,CAC5C;oBAEL,mBAAmB,GAAG,CAAC;wBACzB,IAAI,OAAO,wBAAwB,KAAK,UAAU,EAAE,CAAC;4BACjD,OAAO,wBAAwB,CAAC;wBACpC,CAAC;wBAED,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;4BACzC,OAAO,cAAM,OAAA,wBAAwB,EAAxB,CAAwB,CAAC;wBAC1C,CAAC;wBAED,OAAO,SAAS,CAAC;oBACrB,CAAC,CAAC,EAAE,CAAC;oBAEC,SAAS,GAAG,CAAC;wBACf,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;4BACjC,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;wBAClC,CAAC;wBAED,OAAO,CACH,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;4BAC/B,CAAC,CAAC,gBAAgB;4BAClB,CAAC,CAAC,UAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,SAAG,gBAAgB,CAAE,CACvD,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBACzB,CAAC,CAAC,EAAE,CAAC;oBAEC,UAAU,GAAG,IAAA,+BAAc,EAAC,UAAG,SAAS,cAAI,QAAQ,CAAE,CAAC,CAAC;oBAE9D,CAAC;wBACS,QAAQ,GAAG,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;wBAEnD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;4BACzB,KAAK,CAAC,IAAI,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAA,OAAO,IAAI,OAAA,OAAO,EAAE,EAAT,CAAS,CAAC,CAAC;wBAC7D,CAAC;wBAED,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;oBACjD,CAAC;oBAEK,aAAa,GAAG,YAAY,CAAC;oBAE7B,gBAAgB,GAAG,UAAG,SAAS,qBAAkB,CAAC;oBAElD,uBAAuB,GAAG,IAAI,4BAAuB,CAAC;wBACxD,WAAW,EAAE,SAAS;wBACtB,WAAW,EAAE,QAAQ;wBACrB,eAAe,EAAE,YAAY;wBAC7B,cAAc,EAAE,EAAE,CAAC,iCAAiC;wBACpD,eAAe,EAAE,MAAM;wBACvB,OAAO,EAAE,gBAAgB;wBACzB,sBAAsB,EAAE,KAAK;wBAC7B,qBAAqB,EAAE,UAAG,gBAAgB,cAAI,aAAa,cAAI,UAAU,CAAE;qBAC9E,CAAC,CAAC;oBAEC,eAAe,GAAuB,SAAS,CAAC;oBAG9C,4BAA4B,GAAG;wBACjC,IAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;wBACtD,OAAO,CAAC,SAAS,GAAG,SAAS,SAAS;4BAAC,cAAO;iCAAP,UAAO,EAAP,qBAAO,EAAP,IAAO;gCAAP,yBAAO;;4BAC1C,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4BACvC,OAAO,aAAa,wCAAI,IAAI,WAAE;wBAClC,CAAC,CAAC;oBACN,CAAC,CAAC;oBAEE,kBAAkB,GAAG,KAAK,CAAC;oBAEzB,KAAK,GAA8B,UAAO,EAI/C;4BAHG,2BAA2B,iCAAA,EAC3B,gBAAgB,sBAAA,EAChB,kBAAkB,wBAAA;;;;;;wCAElB,IAAI,kBAAkB,EAAE,CAAC;4CACrB,sBAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,EAAC;wCACxC,CAAC;wCAED,kBAAkB,GAAG,IAAI,CAAC;wCAEV,YAAY,GAAK,IAAA,mCAAkB,EAAC;4CAChD,KAAK,EAAE,CAAC;gDACJ,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;oDACnC,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gDAChC,CAAC;gDACD,OAAO,kBAAkB,CAAC,UAAU,CAAC,GAAG,CAAC;oDACrC,CAAC,CAAC,UAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,SAAG,kBAAkB,CAAE;oDAClD,CAAC,CAAC,kBAAkB,CAAC;4CAC7B,CAAC,CAAC,EAAE;4CACJ,MAAM,EAAE,aAAa;4CACrB,OAAO,EAAE,UAAU;yCACtB,CAAC,OAX0B,CAWzB;wCAEH,uFAAuF;wCACvF,qGAAqG;wCACrG,iCAAiC;wCACjC,CAAC;4CACS,aAAW;gDACb,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;oDACzC,QAAQ,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,UAAQ,CAAC,CAAC;oDAE3D,IAAI,2BAA2B,EAAE,CAAC;wDAC9B,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;4DAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,eAAe,CAAC;wDAC3C,CAAC;6DAAM,CAAC;4DACJ,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;wDAC1B,CAAC;oDACL,CAAC;yDAAM,CAAC;wDACJ,kBAAkB,GAAG,KAAK,CAAC;oDAC/B,CAAC;gDACL,CAAC;4CACL,CAAC,CAAC;4CACF,QAAQ,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,UAAQ,CAAC,CAAC;wCAC5D,CAAC;wCAED,0EAA0E;wCAC1E,0EAA0E;wCAC1E,0EAA0E;wCAC1E,oDAAoD;wCACpD,CAAC;4CACS,QAAM;gDAAC,cAA+C;qDAA/C,UAA+C,EAA/C,qBAA+C,EAA/C,IAA+C;oDAA/C,yBAA+C;;gDACxD,IAAM,WAAW,QAAO,QAAQ,YAAR,QAAQ,iCAAI,IAAI,aAAC,CAAC;gDAE1C,OAAO,IAAI,KAAK,CAAC,WAAW,EAAE;oDAC1B,KAAK,EAAE,UAAC,MAAM,EAAE,IAAI;wDAChB,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;4DAClB,IAAI,KAAG,GAAG,WAAW,CAAC,IAAI,CAAC;4DAE3B,MAAM,CAAC,OAAO,uBACP,mBAAmB,aAAnB,mBAAmB,uBAAnB,mBAAmB,EAAI,GACvB,gBAAgB,EACrB,CAAC,OAAO,CACN,UAAC,EAAa;oEAAb,KAAA,aAAa,EAAZ,IAAI,QAAA,EAAE,KAAK,QAAA;gEACT,OAAA,CAAC,KAAG,GAAG,IAAA,mCAAkB,EAAC;oEACtB,GAAG,OAAA;oEACH,IAAI,MAAA;oEACJ,KAAK,OAAA;iEACR,CAAC,CAAC,MAAM,CAAC;4DAJV,CAIU,CACjB,CAAC;4DAEF,KAAG,GAAG,0BAA0B,CAAC,KAAG,CAAC,CAAC;4DAEtC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;4DAE5D,OAAO,KAAG,CAAC;wDACf,CAAC;wDAED,kBAAkB;wDAClB,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;oDACxB,CAAC;iDACJ,CAAC,CAAC;4CACP,CAAC,CAAC;4CAEF,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,KAAG,EAAE,CAAC,CAAC;wCAC3D,CAAC;wCAED,qBAAM,uBAAuB,CAAC,cAAc,CAAC;gDACzC,YAAY,cAAA;gDACZ,0FAA0F;gDAC1F,gEAAgE;gDAChE,uDAAuD;gDACvD,gBAAgB,EAAE,2BAA2B,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;6CACvE,CAAC,EAAA;;wCANF,SAME,CAAC;wCACH,sBAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,EAAC;;;;qBACvC,CAAC;oBAE2B,qBAAM,CAAC,SAAe,OAAO;;;;;;;;4CAE9C,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4CAE/B,CAAC;gDACS,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;gDAEzE,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;oDACpD,wBAAyC;gDAC7C,CAAC;gDAED,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;4CACxB,CAAC;4CAEG,eAAe,GAAG,mBAAmB,CAAC;4CAEtC,sBAAsB,GAAa,EAAE,CAAC;;gDAE1C,KAAmB,wCAAA,SAAA,mCAAmC,CAAA,iOAAE,CAAC;oDAApD;oDACK,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,IAAI,QAAA,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;oDAExD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;wDACrB,IAAI,MAAI,KAAK,KAAK,EAAE,CAAC;4DACjB,SAAS;wDACb,CAAC;wDACD,sBAAsB,CAAC,IAAI,CAAC,MAAI,CAAC,CAAC;wDAClC,SAAS;oDACb,CAAC;oDAED,eAAe,GAAG,IAAA,mCAAkB,EAAC;wDACjC,KAAK,EAAE,eAAe;wDACtB,MAAM,EAAE,MAAI;wDACZ,OAAO,EAAE,MAAM,CAAC,KAAK;qDACxB,CAAC,CAAC,MAAM,CAAC;oDAEV,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;gDACxB,CAAC;;;;;;;;;4CAED,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;4CAExC,CAAC;gDACS,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;gDAEnE,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oDACpB,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,KAAK,gBAAgB,EAAE,CAAC;wDACtD,6EAA6E;wDAC7E,yFAAyF;wDACzF,qGAAqG;wDACrG,4GAA4G;wDAC5G,sBAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,EAAC;oDACxC,CAAC;oDAED,MAAM,IAAI,KAAK,CACX;wDACI,2FAA2F;wDAC3F,yBAAkB,MAAM,CAAC,KAAK,CAAE;qDACnC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gDACN,CAAC;4CACL,CAAC;4CAED,IAAI,sBAAsB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gDACtC,MAAM,IAAI,KAAK,CACX;oDACI,sFAAsF;oDACtF,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;iDACpC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;4CACN,CAAC;4CAEG,gBAAgB,GAAiC,SAAS,CAAC;;;;4CAGxC,qBAAM,uBAAuB,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAA;;4CAAxF,gBAAgB,GAAG,SAAqE,CAAC;;;;4CAEzF,IAAA,eAAM,EAAC,OAAK,YAAY,KAAK,CAAC,CAAC;4CAE/B,IAAI,OAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;gDACtC,mGAAmG;gDACnG,iDAAiD;gDACjD,2DAA2D;gDAC3D,MAAM,IAAI,uBAAuB,CAAC;oDAC9B,MAAM,EAAE,mBAAmB;oDAC3B,aAAa,EAAE;wDACX,MAAM,EAAE,oBAAoB;wDAC5B,QAAQ,UAAA;qDACX;iDACJ,CAAC,CAAC;4CACP,CAAC;4CAED,0EAA0E;4CAC1E,8FAA8F;4CAC9F,sBAAO,SAAS,EAAC;gDAGrB,sBAAO;gDACH,eAAe,EAAE,oBAA6B;gDAC9C,gBAAgB,kBAAA;6CACnB,EAAC;gDAIuB,qBAAM,uBAAuB,CAAC,OAAO,EAAE,EAAA;;4CAA1D,gBAAgB,GAAG,SAAuC;4CAEhE,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;gDAC5B,yBAA2B;4CAC/B,CAAC;;;;4CAIG,qBAAM,uBAAuB,CAAC,YAAY,EAAE,EAAA;;4CAA5C,SAA4C,CAAC;;;;4CAE7C,IAAA,eAAM,EAAC,OAAK,YAAY,KAAK,CAAC,CAAC;4CAE/B,IAAI,OAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;gDACtC,oEAAoE;gDACpE,0EAA0E;gDAC1E,sDAAsD;gDACtD,wEAAwE;gDACxE,6EAA6E;gDAC7E,6EAA6E;gDAC7E,iFAAiF;gDACjF,MAAM,IAAI,uBAAuB,CAAC;oDAC9B,MAAM,EAAE,aAAa;oDACrB,SAAS,WAAA;iDACZ,CAAC,CAAC;4CACP,CAAC;4CAED,sBAAO,SAAS,EAAC;iDAGrB,sBAAO;gDACH,eAAe,EAAE,2BAAoC;gDACrD,gBAAgB,kBAAA;6CACnB,EAAC;;4CAII,qBAAmB,IAAI,mBAAQ,EAAsB,CAAC;4CAEtD,mBAAiB,CAAC;gDACpB,IAAM,cAAc,GAAG,IAAA,qCAAiB,GAAE,CAAC;gDAE3C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;oDAC/B,OAAO,IAAI,CAAC;gDAChB,CAAC;gDAEO,IAAA,QAAQ,GAAU,cAAc,SAAxB,EAAE,GAAG,GAAK,cAAc,IAAnB,CAAoB;gDAEzC,4DAA4D;gDAC5D,IAAM,SAAS,GAAG,IAAI,CAAC;gDAEvB,oDAAoD;gDACpD,8CAA8C;gDAC9C,IAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;gDAEvD,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;4CAC7C,CAAC,CAAC,EAAE,CAAC;4CAEC,YAAU,IAAA,0BAAU,EAAC;;;;;gEACU,qBAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAC/D,UAAM,QAAQ;;;;gFACM,qBAAM,QAAQ,CAAC,IAAI,EAAE,EAAA;;4EAA/B,OAAO,GAAG,SAAqB;4EAErC,sBAAO,CACH,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE;oFAC/B,OAAO,CAAC,QAAQ,CAAC,kCAAkC,CAAC,CACvD,EAAC;;;iEACL,EACD,cAAM,OAAA,KAAK,EAAL,CAAK,CACd,EAAA;;4DAVK,wBAAwB,GAAG,SAUhC;4DAED,IAAI,CAAC,wBAAwB,EAAE,CAAC;gEAC5B,kBAAgB,CAAC,MAAM,CACnB,IAAI,uBAAuB,CAAC;oEACxB,MAAM,EAAE,mBAAmB;oEAC3B,aAAa,EAAE;wEACX,MAAM,EAAE,+BAA+B;wEACvC,gBAAgB,kBAAA;qEACnB;iEACJ,CAAC,CACL,CAAC;gEACF,sBAAO;4DACX,CAAC;4DAED,8EAA8E;4DAC9E,qEAAqE;4DACrE,sEAAsE;4DACtE,4FAA4F;4DAC5F,qDAAqD;4DACrD,kBAAgB,CAAC,MAAM,CACnB,IAAI,uBAAuB,CAAC;gEACxB,MAAM,EAAE,mBAAmB;gEAC3B,aAAa,EAAE;oEACX,MAAM,EAAE,2BAA2B;oEACnC,QAAQ,UAAA;oEACR,cAAc,kBAAA;iEACjB;6DACJ,CAAC,CACL,CAAC;;;;iDACL,EAAE,gBAAc,CAAC,CAAC;4CAEb,aAAW,UAAC,KAAmB;;gDACjC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oDACjC,OAAO;gDACX,CAAC;gDAED,IAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC;gDAEvB,CAAC;oDACG,IAAI,MAAM,SAA8C,CAAC;oDAEzD,IAAI,CAAC;wDACD,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;oDACvE,CAAC;oDAAC,WAAM,CAAC;wDACL,wDAAwD;wDACxD,OAAO;oDACX,CAAC;oDAED,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;wDACpD,OAAO;oDACX,CAAC;gDACL,CAAC;gDAED,IAAA,4BAAY,EAAC,SAAO,CAAC,CAAC;gDAEtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,UAAQ,CAAC,CAAC;gDAEhD,CAAC;oDACG,IAAM,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;oDAEnE,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;wDACpB,kBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;wDACpC,OAAO;oDACX,CAAC;gDACL,CAAC;gDAED,IAAI,eAAe,GAAG,mBAAmB,CAAC;gDAE1C,IAAM,sBAAsB,GAAa,EAAE,CAAC;;oDAE5C,KAAmB,IAAA,wCAAA,SAAA,mCAAmC,CAAA,wFAAA,yIAAE,CAAC;wDAApD,IAAM,MAAI,gDAAA;wDACX,IAAM,MAAM,GAAG,IAAA,0CAAyB,EAAC,EAAE,IAAI,QAAA,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;wDAExD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;4DACrB,IAAI,MAAI,KAAK,KAAK,EAAE,CAAC;gEACjB,SAAS;4DACb,CAAC;4DACD,sBAAsB,CAAC,IAAI,CAAC,MAAI,CAAC,CAAC;4DAClC,SAAS;wDACb,CAAC;wDAED,eAAe,GAAG,IAAA,mCAAkB,EAAC;4DACjC,KAAK,EAAE,eAAe;4DACtB,MAAM,EAAE,MAAI;4DACZ,OAAO,EAAE,MAAM,CAAC,KAAK;yDACxB,CAAC,CAAC,MAAM,CAAC;oDACd,CAAC;;;;;;;;;gDAED,IAAI,sBAAsB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oDACtC,kBAAgB,CAAC,MAAM,CACnB,IAAI,KAAK,CACL;wDACI,8FAA8F;wDAC9F,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;qDACpC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CACJ,CAAC;oDACF,OAAO;gDACX,CAAC;gDAED,kBAAgB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;4CAC9C,CAAC,CAAC;4CAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,UAAQ,EAAE,KAAK,CAAC,CAAC;4CAEpD,uBAAuB;iDAClB,YAAY,CAAC,EAAE,+BAA+B,EAAE,gBAAc,GAAG,IAAI,EAAE,CAAC;iDACxE,KAAK,CAAC,UAAC,KAAY;gDAChB,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;oDACtC,IAAA,4BAAY,EAAC,SAAO,CAAC,CAAC;oDAEtB,8EAA8E;oDAC9E,8EAA8E;oDAC9E,kBAAgB,CAAC,MAAM,CACnB,IAAI,uBAAuB,CAAC;wDACxB,MAAM,EAAE,aAAa;wDACrB,SAAS,WAAA;qDACZ,CAAC,CACL,CAAC;gDACN,CAAC;4CACL,CAAC,CAAC,CAAC;4CAEiB,qBAAM,kBAAgB,CAAC,EAAE,EAAA;;4CAA3C,eAAe,GAAG,SAAyB;4CAEjD,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gDAChC,yBAAoC;4CACxC,CAAC;4CAEG,gBAAgB,GAAiC,SAAS,CAAC;;;;4CAGxC,qBAAM,uBAAuB,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAA;;4CAAxF,gBAAgB,GAAG,SAAqE,CAAC;;;;4CAEzF,IAAA,eAAM,EAAC,OAAK,YAAY,KAAK,CAAC,CAAC;4CAE/B,IAAI,OAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;gDACtC,8EAA8E;gDAC9E,kFAAkF;gDAClF,8DAA8D;gDAC9D,MAAM,IAAI,uBAAuB,CAAC;oDAC9B,MAAM,EAAE,mBAAmB;oDAC3B,aAAa,EAAE;wDACX,MAAM,EAAE,oBAAoB;wDAC5B,QAAQ,UAAA;qDACX;iDACJ,CAAC,CAAC;4CACP,CAAC;4CAED,MAAM,OAAK,CAAC;iDAGhB,sBAAO;gDACH,eAAe,EAAE,cAAuB;gDACxC,gBAAgB,kBAAA;6CACnB,EAAC;iDAGN,sBAAO,SAAS,EAAC;;;;yBACpB,CAAC,EAAE,CAAC,IAAI,CACL,UAAA,MAAM;4BACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gCACvB,OAAO,SAAS,CAAC;4BACrB,CAAC;4BAEO,IAAA,gBAAgB,GAAoB,MAAM,iBAA1B,EAAE,aAAa,GAAK,MAAM,cAAX,CAAY;4BAEnD,IAAM,MAAM,GAAG,wBAAwB,CAAC;gCACpC,gBAAgB,kBAAA;gCAChB,oBAAoB,sBAAA;6BACvB,CAAC,CAAC;4BAEH,IAAI,MAAM,CAAC,0BAA0B,GAAG,MAAM,CAAC,yBAAyB,EAAE,CAAC;gCACvE,OAAO,CAAC,IAAI,CACR;oCACI,kEAAkE;oCAClE,uDAAuD;oCACvD,mDAA4C,QAAQ,cAAI,SAAS,CAAE;iCACtE,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;4BACN,CAAC;4BAED,OAAO,EAAE,MAAM,QAAA,EAAE,aAAa,eAAA,EAAE,CAAC;wBACrC,CAAC,EACD,UAAA,KAAK;4BACD,IAAA,eAAM,EAAC,KAAK,YAAY,KAAK,CAAC,CAAC;4BAC/B,OAAO,KAAK,CAAC;wBACjB,CAAC,CACJ,EAAA;;oBAtWK,oBAAoB,GAAG,SAsW5B;oBAEK,MAAM,GAAgB;wBACxB,QAAQ,EAAE;4BACN,SAAS,WAAA;4BACT,QAAQ,UAAA;yBACX;qBACJ,CAAC;oBAEF,IAAI,oBAAoB,YAAY,KAAK,EAAE,CAAC;wBAClC,KAAK,GAAG,oBAAoB,CAAC;wBAE7B,mBAAmB,GACrB,KAAK,YAAY,uBAAuB;4BACpC,CAAC,CAAC,KAAK;4BACP,CAAC,CAAC,IAAI,uBAAuB,CAAC;gCACxB,MAAM,EAAE,SAAS;gCACjB,OAAO,EAAE,KAAK;6BACjB,CAAC,CAAC;wBAEb,OAAO,CAAC,KAAK,CACT,8CAAsC,mBAAmB,CAAC,IAAI,iBAAM,mBAAmB,CAAC,OAAO,CAAE,CACpG,CAAC;wBAEF,4BAA4B,EAAE,CAAC;wBAE/B,sBAAO,IAAA,OAAE,wBACF,MAAM,KACT,gBAAgB,EAAE,KAAK,EACvB,OAAO,EAAE;;wCACL,KAAK,CAAC,kEAAkE,CAAC,CAAC;wCAC1E,sBAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,EAAC;;qCACvC,EACD,mBAAmB,qBAAA,IACrB,EAAC;oBACP,CAAC;oBAED,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;wBACrC,4BAA4B,EAAE,CAAC;wBAE/B,sBAAO,IAAA,OAAE,wBACF,MAAM,KACT,gBAAgB,EAAE,KAAK,EACvB,KAAK,OAAA,EACL,qBAAqB,EAAE,SAAS,IAClC,EAAC;oBACP,CAAC;oBAEG,aAAa,GAAG,oBAAoB,CAAC,MAAM,CAAC;oBAE1C,gCAAgC,GAAG,IAAI,GAAG,EAE7C,CAAC;oBAEE,cAAc,GAAG,IAAI,GAAG,EAAc,CAAC;oBAEvC,IAAI,GAAG,IAAA,OAAE,wBACR,MAAM,KACT,gBAAgB,EAAE,IAAI,EACtB,WAAW,EAAE,cAAM,OAAA,aAAa,EAAb,CAAa,EAChC,QAAQ,EAAE,UAAM,MAAM;;;4CAClB,qBAAM,uBAAuB,CAAC,eAAe,CAAC;4CAC1C,0BAA0B,EAAE,CAAC;gDACzB,QAAQ,MAAM,CAAC,UAAU,EAAE,CAAC;oDACxB,KAAK,cAAc;wDACf,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oDAChC,KAAK,MAAM;wDACP,OAAO,SAAS,CAAC;oDACrB,KAAK,cAAc;wDACf,OAAO,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC;4DAC7B,CAAC,CAAC,UAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,SAAG,MAAM,CAAC,GAAG,CAAE;4DAC1C,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gDACzB,CAAC;gDACD,IAAA,eAAM,EAA+B,KAAK,CAAC,CAAC;4CAChD,CAAC,CAAC,EAAE;yCACP,CAAC,EAAA;;wCAdF,SAcE,CAAC;wCACH,sBAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,EAAC;;;6BACvC,EACD,aAAa,EAAE;;;;4CACc,qBAAM,uBAAuB,CAAC,YAAY,EAAE,EAAA;;wCAA/D,gBAAgB,GAAG,SAA4C;wCAErE,IAAA,eAAM,EAAC,gBAAgB,KAAK,IAAI,CAAC,CAAC;wCAE5B,gCAAgC,GAAG,MAAM,CAAC,wBAAwB,CACpE,aAAa,EACb,gBAAgB,CACnB,CAAC;wCAEF,IAAA,eAAM,EAAC,gCAAgC,KAAK,SAAS,CAAC,CAAC;wCAEvD,aAAa,GAAG,wBAAwB,CAAC;4CACrC,gBAAgB,kBAAA;4CAChB,oBAAoB,sBAAA;yCACvB,CAAC,CAAC;wCAEH,mEAAmE;wCACnE,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,gBAAgB,EAAE,gCAAgC,CAAC,CAAC;wCAEzF,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,UAAA,aAAa,IAAI,OAAA,aAAa,EAAE,EAAf,CAAe,CAAC,CAAC;;;;6BACxE,EACD,yBAAyB,EAAE,UAAA,aAAa;4BACpC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;4BAElC,OAAO;gCACH,aAAa,EAAE;oCACX,cAAc,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gCACzC,CAAC;6BACJ,CAAC;wBACN,CAAC,EACD,gCAAgC,EAAE,UAAA,YAAY;4BAC1C,gCAAgC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;4BAEnD,IAAM,kCAAkC,GAAG;gCACvC,gCAAgC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;4BAC1D,CAAC,CAAC;4BAEF,OAAO,EAAE,kCAAkC,oCAAA,EAAE,CAAC;wBAClD,CAAC,EACD,eAAe,EAAE,oBAAoB,CAAC,aAAa,IACrD,CAAC;oBAEH,CAAC;wBACS,0BAAwB;4BAC1B,kEAAkE;4BAClE,gEAAgE;4BAChE,mBAAmB;4BACnB,IAAM,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAChC,aAAa,CAAC,yBAAyB,EACvC,aAAa,CAAC,0BAA0B,CAC3C,CAAC;4BAEF,OAAO,IAAI,CAAC,GAAG,CACX,mBAAmB,GAAG,IAAI,CAAC,GAAG,EAAE;4BAChC,+DAA+D;4BAC/D,0CAA0C;4BAC1C,mFAAmF;4BACnF,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CACtB,CAAC;wBACN,CAAC,CAAC;wBAEF,CAAC,SAAS,aAAa;4BAAtB,iBA6BA;4BA5BG,2DAA2D;4BAC3D,iFAAiF;4BACjF,uCAAuC;4BACvC,IAAM,oBAAoB,GAAG,IAAI,CAAC,GAAG,CAAC,KAAM,EAAE,uBAAqB,EAAE,GAAG,GAAG,CAAC,CAAC;4BAE7E,IAAM,KAAK,GAAG,IAAA,0BAAU,EAAC;;;;;4CACrB,sBAAsB,EAAE,CAAC;;;;4CAGrB,qBAAM,IAAI,CAAC,WAAW,EAAE,EAAA;;4CAAxB,SAAwB,CAAC;;;;4CAEzB,gEAAgE;4CAChE,+BAA+B;4CAC/B,oEAAoE;4CACpE,kEAAkE;4CAClE,qEAAqE;4CACrE,mCAAmC;4CACnC,qBAAM,KAAK,CAAC,EAAE,6BAA6B,EAAE,KAAK,EAAE,CAAC,EAAA;;4CANrD,gEAAgE;4CAChE,+BAA+B;4CAC/B,oEAAoE;4CACpE,kEAAkE;4CAClE,qEAAqE;4CACrE,mCAAmC;4CACnC,SAAqD,CAAC;;;4CAG1D,aAAa,EAAE,CAAC;;;;iCACnB,EAAE,uBAAqB,EAAE,GAAG,oBAAoB,CAAC,CAAC;4BAE3C,IAAa,sBAAsB,GAAK,IAAI,CAAC,uBAAuB,CAAC;gCACzE,IAAA,4BAAY,EAAC,KAAK,CAAC,CAAC;gCACpB,sBAAsB,EAAE,CAAC;gCACzB,aAAa,EAAE,CAAC;4BACpB,CAAC,CAAC,YAJyC,CAIxC;wBACP,CAAC,CAAC,EAAE,CAAC;oBACT,CAAC;oBAED,CAAC;wBACW,mBAAmB,IAAA,qCAAoB,EAAC;4BAC5C,qBAAqB,EAAE;gCACnB,OAAA,8BAA8B,aAA9B,8BAA8B,cAA9B,8BAA8B,GAAI,aAAa,CAAC,0BAA0B;4BAA1E,CAA0E;4BAC9E,cAAc,EAAE,UAAC,EAAe;oCAAb,WAAW,iBAAA;gCAC1B,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,OAAO,CAAC,UAAA,YAAY;oCAC7D,OAAA,YAAY,CAAC,EAAE,WAAW,aAAA,EAAE,CAAC;gCAA7B,CAA6B,CAChC,CAAC;gCAEF,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;oCACpB,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gCAClC,CAAC;4BACL,CAAC;yBACJ,CAAC,eAZoB,CAYnB;wBAEC,kBAA0C,SAAS,CAAC;wBAExD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;4BAC9B,aAAa,GAAG,IAAA,uCAAkB,EAAC;gCAC/B,gDAAgD,EAAE,IAAK;6BAC1D,CAAC,CAAC,aAAa,CAAC;wBACrB,CAAC;wBAEO,iCAA8C,aAAa,CAAC,SAAS,CAAC,UAAA,YAAY;4BACtF,IAAI,YAAY,EAAE,CAAC;gCACf,IAAI,eAAa,KAAK,SAAS,EAAE,CAAC;oCAC9B,eAAa,EAAE,CAAC;oCAChB,eAAa,GAAG,SAAS,CAAC;gCAC9B,CAAC;4BACL,CAAC;iCAAM,CAAC;gCACJ,IAAA,eAAM,EAAC,eAAa,KAAK,SAAS,CAAC,CAAC;gCACpC,eAAa,GAAG,gBAAc,EAAE,CAAC,aAAa,CAAC;4BACnD,CAAC;wBACL,CAAC,CAAC,YAV+C,CAU9C;wBAEH,CAAC;4BACS,8BAA8B,GAAG,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;4BACzE,IAAA,eAAM,EAAC,8BAA8B,KAAK,SAAS,CAAC,CAAC;4BACrD,8BAA8B,CAAC,GAAG,CAAC;gCAC/B,8BAA4B,EAAE,CAAC;gCAC/B,eAAa,aAAb,eAAa,uBAAb,eAAa,EAAI,CAAC;4BACtB,CAAC,CAAC,CAAC;wBACP,CAAC;oBACL,CAAC;oBAED,sBAAO,IAAI,EAAC;;;;CACf;AAhvBD,gCAgvBC;AAED,SAAS,wBAAwB,CAAiD,MAGjF;IACW,IAAA,gBAAgB,GAA2B,MAAM,iBAAjC,EAAE,oBAAoB,GAAK,MAAM,qBAAX,CAAY;IAE1D,IAAM,WAAW,GAAG,gBAAgB,CAAC,YAAY,CAAC;IAElD,IAAM,yBAAyB,GAAG,CAAC;QAC/B,kBAAkB,EAAE,CAAC;YACT,IAAA,UAAU,GAAK,gBAAgB,WAArB,CAAsB;YAExC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAC3B,MAAM,kBAAkB,CAAC;YAC7B,CAAC;YAED,OAAO,UAAU,GAAG,IAAI,CAAC;QAC7B,CAAC;QAED,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,WAAW,CAAC,CAAC;YAE5D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,IAAA,eAAM,EAAC,KAAK,EAAE,4CAA4C,CAAC,CAAC;IAChE,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,YAAY,GAAG,gBAAgB,CAAC,aAAa,CAAC;IAEpD,IAAA,eAAM,EAAC,YAAY,KAAK,SAAS,EAAE,8CAA8C,CAAC,CAAC;IAEnF,IAAM,0BAA0B,GAAG,CAAC;QAChC,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,YAAY,CAAC,CAAC;YAE7D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,IAAA,eAAM,EAAC,KAAK,EAAE,6CAA6C,CAAC,CAAC;IACjE,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC;IAE1C,IAAA,eAAM,EAAC,OAAO,KAAK,SAAS,EAAE,yCAAyC,CAAC,CAAC;IAEzE,IAAM,MAAM,GAAgC;QACxC,WAAW,aAAA;QACX,yBAAyB,2BAAA;QACzB,YAAY,cAAA;QACZ,0BAA0B,4BAAA;QAC1B,OAAO,SAAA;QACP,gBAAgB,EAAE,IAAW;KAChC,CAAC;IAEF,IAAI,KAAK,GAKS,SAAS,CAAC;IAE5B,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,gBAAgB,EAAE;QAC5C,KAAK,EAAE;YACH,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;gBACxD,OAAO,KAAK,CAAC,cAAc,CAAC;YAChC,CAAC;YAED,IAAI,cAAc,GAAG,IAAA,qBAAS,EAAC,IAAI,CAAC,OAAO,CAAmB,CAAC;YAE/D,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;gBACrC,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAChE,CAAC;YAED,KAAK,GAAG;gBACJ,SAAS,EAAE,IAAI,CAAC,OAAO;gBACvB,cAAc,gBAAA;aACjB,CAAC;YAEF,OAAO,cAAc,CAAC;QAC1B,CAAC;QACD,cAAc,EAAE,IAAI;QACpB,YAAY,EAAE,IAAI;KACrB,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "oidc-spa",
3
- "version": "4.6.1",
3
+ "version": "4.7.0",
4
4
  "description": "Openidconnect client for Single Page Applications",
5
5
  "repository": {
6
6
  "type": "git",
package/src/oidc.ts CHANGED
@@ -29,6 +29,13 @@ export declare namespace Oidc {
29
29
  login: (params: {
30
30
  doesCurrentHrefRequiresAuth: boolean;
31
31
  extraQueryParams?: Record<string, string>;
32
+ /**
33
+ * Where to redirect after successful login.
34
+ * Default: window.location.href (here)
35
+ *
36
+ * It does not need to include the origin, eg: "/dashboard"
37
+ */
38
+ successRedirectUrl?: string;
32
39
  }) => Promise<never>;
33
40
  initializationError: OidcInitializationError | undefined;
34
41
  };
@@ -75,10 +82,25 @@ export class OidcInitializationError extends Error {
75
82
  params:
76
83
  | {
77
84
  type: "server down";
85
+ issuerUri: string;
78
86
  }
79
87
  | {
80
88
  type: "bad configuration";
81
- timeoutDelayMs: number;
89
+ likelyCause:
90
+ | {
91
+ // Most likely redirect URIs or the client does not exist.
92
+ type: "misconfigured OIDC client";
93
+ clientId: string;
94
+ timeoutDelayMs: number;
95
+ }
96
+ | {
97
+ type: "not in Web Origins";
98
+ clientId: string;
99
+ }
100
+ | {
101
+ type: "silent-sso.html not reachable";
102
+ silentSsoHtmlUrl: string;
103
+ };
82
104
  }
83
105
  | {
84
106
  type: "unknown";
@@ -89,12 +111,39 @@ export class OidcInitializationError extends Error {
89
111
  (() => {
90
112
  switch (params.type) {
91
113
  case "server down":
92
- return "The OIDC server is down";
114
+ return [
115
+ `The OIDC server seems to be down.`,
116
+ `If you know it's not the case it means that the issuerUri: ${params.issuerUri} is incorrect.`,
117
+ `If you are using Keycloak makes sure that the realm exists and that the url is well formed.\n`,
118
+ `More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak`
119
+ ].join(" ");
93
120
  case "bad configuration":
94
- return `Bad configuration. Timed out after ${params.timeoutDelayMs}ms`;
121
+ switch (params.likelyCause.type) {
122
+ case "misconfigured OIDC client":
123
+ return [
124
+ `The OIDC client ${params.likelyCause.clientId} seems to be misconfigured on your OIDC server.`,
125
+ `If you are using Keycloak you likely need to add "${location.origin}/*" to the list of Valid Redirect URIs`,
126
+ `in the ${params.likelyCause.clientId} client configuration.\n`,
127
+ `More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak`,
128
+ `Silent SSO timed out after ${params.likelyCause.timeoutDelayMs}ms.`
129
+ ].join(" ");
130
+ case "not in Web Origins":
131
+ return [
132
+ `It seems that there is a CORS issue.`,
133
+ `If you are using Keycloak check the "Web Origins" option in your ${params.likelyCause.clientId} client configuration.`,
134
+ `You should probably add "${location.origin}/*" to the list.`,
135
+ `More info: https://docs.oidc-spa.dev/resources/usage-with-keycloak`
136
+ ].join(" ");
137
+ case "silent-sso.html not reachable":
138
+ return [
139
+ `${params.likelyCause.silentSsoHtmlUrl} is not reachable. Make sure you've created the silent-sso.html file`,
140
+ `in your public directory. More info: https://docs.oidc-spa.dev/documentation/installation`
141
+ ].join(" ");
142
+ }
95
143
  case "unknown":
96
144
  return params.cause.message;
97
145
  }
146
+ assert<Equals<typeof params, never>>(false);
98
147
  })(),
99
148
  // @ts-expect-error
100
149
  { "cause": params.type === "unknown" ? params.cause : undefined }
@@ -207,6 +256,8 @@ export async function createOidc<
207
256
 
208
257
  const configHashKey = "configHash";
209
258
 
259
+ const silentSsoHtmlUrl = `${publicUrl}/silent-sso.html`;
260
+
210
261
  const oidcClientTsUserManager = new OidcClientTsUserManager({
211
262
  "authority": issuerUri,
212
263
  "client_id": clientId,
@@ -215,7 +266,7 @@ export async function createOidc<
215
266
  "response_type": "code",
216
267
  "scope": "openid profile",
217
268
  "automaticSilentRenew": false,
218
- "silent_redirect_uri": `${publicUrl}/silent-sso.html?${configHashKey}=${configHash}`
269
+ "silent_redirect_uri": `${silentSsoHtmlUrl}?${configHashKey}=${configHash}`
219
270
  });
220
271
 
221
272
  let lastPublicRoute: string | undefined = undefined;
@@ -233,7 +284,8 @@ export async function createOidc<
233
284
 
234
285
  const login: Oidc.NotLoggedIn["login"] = async ({
235
286
  doesCurrentHrefRequiresAuth,
236
- extraQueryParams
287
+ extraQueryParams,
288
+ successRedirectUrl
237
289
  }) => {
238
290
  if (hasLoginBeenCalled) {
239
291
  return new Promise<never>(() => {});
@@ -242,7 +294,14 @@ export async function createOidc<
242
294
  hasLoginBeenCalled = true;
243
295
 
244
296
  const { newUrl: redirect_uri } = addQueryParamToUrl({
245
- "url": window.location.href,
297
+ "url": (() => {
298
+ if (successRedirectUrl === undefined) {
299
+ return window.location.href;
300
+ }
301
+ return successRedirectUrl.startsWith("/")
302
+ ? `${window.location.origin}${successRedirectUrl}`
303
+ : successRedirectUrl;
304
+ })(),
246
305
  "name": configHashKey,
247
306
  "value": configHash
248
307
  });
@@ -334,16 +393,10 @@ export async function createOidc<
334
393
  url = result.newUrl;
335
394
  }
336
395
 
337
- {
338
- const result = retrieveQueryParamFromUrl({ "name": "error", url });
339
-
340
- if (result.wasPresent) {
341
- throw new Error(`OIDC error: ${result.value}`);
342
- }
343
- }
344
-
345
396
  let loginSuccessUrl = "https://dummy.com";
346
397
 
398
+ let missingMandatoryParams: string[] = [];
399
+
347
400
  for (const name of paramsToRetrieveFromSuccessfulLogin) {
348
401
  const result = retrieveQueryParamFromUrl({ name, url });
349
402
 
@@ -351,7 +404,8 @@ export async function createOidc<
351
404
  if (name === "iss") {
352
405
  continue;
353
406
  }
354
- throw new Error(`Missing query param: ${name}`);
407
+ missingMandatoryParams.push(name);
408
+ continue;
355
409
  }
356
410
 
357
411
  loginSuccessUrl = addQueryParamToUrl({
@@ -365,12 +419,58 @@ export async function createOidc<
365
419
 
366
420
  window.history.pushState(null, "", url);
367
421
 
422
+ {
423
+ const result = retrieveQueryParamFromUrl({ "name": "error", url });
424
+
425
+ if (result.wasPresent) {
426
+ if (window !== top && result.value === "login_required") {
427
+ // Here we are in an iframe, it's a bit hacky to suspend the process here but
428
+ // it's a common case when the user of the lib forgot to create the silent-sso.html file.
429
+ // In this case we want to let the timeout of the parent expire to provide the correct error message.
430
+ // If we go on with execution of this it would still work but the user would get a misleading error message.
431
+ return new Promise<never>(() => {});
432
+ }
433
+
434
+ throw new Error(
435
+ [
436
+ "The OIDC server responded with an error passed as query parameter after the login process",
437
+ `this error is: ${result.value}`
438
+ ].join(" ")
439
+ );
440
+ }
441
+ }
442
+
443
+ if (missingMandatoryParams.length !== 0) {
444
+ throw new Error(
445
+ [
446
+ "After the login process the following mandatory OIDC query parameters where missing:",
447
+ missingMandatoryParams.join(", ")
448
+ ].join(" ")
449
+ );
450
+ }
451
+
368
452
  let oidcClientTsUser: OidcClientTsUser | undefined = undefined;
369
453
 
370
454
  try {
371
455
  oidcClientTsUser = await oidcClientTsUserManager.signinRedirectCallback(loginSuccessUrl);
372
- } catch {
456
+ } catch (error) {
457
+ assert(error instanceof Error);
458
+
459
+ if (error.message === "Failed to fetch") {
460
+ // If it's a fetch error here we know that the web server is not down and the login was successful,
461
+ // we just where redirected from the login pages.
462
+ // This means it's likely a "Web origins" misconfiguration.
463
+ throw new OidcInitializationError({
464
+ "type": "bad configuration",
465
+ "likelyCause": {
466
+ "type": "not in Web Origins",
467
+ clientId
468
+ }
469
+ });
470
+ }
471
+
373
472
  //NOTE: The user has likely pressed the back button just after logging in.
473
+ //UPDATE: I don't remember how to reproduce this case and I don't know if it's still relevant.
374
474
  return undefined;
375
475
  }
376
476
 
@@ -394,7 +494,17 @@ export async function createOidc<
394
494
  assert(error instanceof Error);
395
495
 
396
496
  if (error.message === "Failed to fetch") {
397
- throw new OidcInitializationError({ "type": "server down" });
497
+ // Here it could be web origins as well but it's less likely because
498
+ // it would mean that there was once a valid configuration and it has been
499
+ // changed to an invalid one before the token expired.
500
+ // but the server is not necessarily down, the issuerUri could be wrong.
501
+ // So the error that we return should be either "server down" if fetching the
502
+ // well known configuration endpoint failed without returning any status code
503
+ // or "bad configuration" if the endpoint returned a 404 or an other status code.
504
+ throw new OidcInitializationError({
505
+ "type": "server down",
506
+ issuerUri
507
+ });
398
508
  }
399
509
 
400
510
  return undefined;
@@ -428,16 +538,48 @@ export async function createOidc<
428
538
  return Math.max(baseDelay, dynamicDelay);
429
539
  })();
430
540
 
431
- const timeout = setTimeout(
432
- () =>
541
+ const timeout = setTimeout(async () => {
542
+ const isSilentSsoHtmlReachable = await fetch(silentSsoHtmlUrl).then(
543
+ async response => {
544
+ const content = await response.text();
545
+
546
+ return (
547
+ content.split("\n").length < 20 &&
548
+ content.includes("parent.postMessage(location.href")
549
+ );
550
+ },
551
+ () => false
552
+ );
553
+
554
+ if (!isSilentSsoHtmlReachable) {
433
555
  dLoginSuccessUrl.reject(
434
556
  new OidcInitializationError({
435
557
  "type": "bad configuration",
436
- timeoutDelayMs
558
+ "likelyCause": {
559
+ "type": "silent-sso.html not reachable",
560
+ silentSsoHtmlUrl
561
+ }
437
562
  })
438
- ),
439
- timeoutDelayMs
440
- );
563
+ );
564
+ return;
565
+ }
566
+
567
+ // Here we know that the server is not down and that the issuer_uri is correct
568
+ // otherwise we would have had a fetch error when loading the iframe.
569
+ // So this means that it's very likely a OIDC client misconfiguration.
570
+ // It could also be a very slow network but this risk is mitigated by the fact that we check
571
+ // for the network speed to adjust the timeout delay.
572
+ dLoginSuccessUrl.reject(
573
+ new OidcInitializationError({
574
+ "type": "bad configuration",
575
+ "likelyCause": {
576
+ "type": "misconfigured OIDC client",
577
+ clientId,
578
+ timeoutDelayMs
579
+ }
580
+ })
581
+ );
582
+ }, timeoutDelayMs);
441
583
 
442
584
  const listener = (event: MessageEvent) => {
443
585
  if (typeof event.data !== "string") {
@@ -476,6 +618,8 @@ export async function createOidc<
476
618
 
477
619
  let loginSuccessUrl = "https://dummy.com";
478
620
 
621
+ const missingMandatoryParams: string[] = [];
622
+
479
623
  for (const name of paramsToRetrieveFromSuccessfulLogin) {
480
624
  const result = retrieveQueryParamFromUrl({ name, url });
481
625
 
@@ -483,7 +627,8 @@ export async function createOidc<
483
627
  if (name === "iss") {
484
628
  continue;
485
629
  }
486
- throw new Error(`Missing query param: ${name}`);
630
+ missingMandatoryParams.push(name);
631
+ continue;
487
632
  }
488
633
 
489
634
  loginSuccessUrl = addQueryParamToUrl({
@@ -493,6 +638,18 @@ export async function createOidc<
493
638
  }).newUrl;
494
639
  }
495
640
 
641
+ if (missingMandatoryParams.length !== 0) {
642
+ dLoginSuccessUrl.reject(
643
+ new Error(
644
+ [
645
+ "After the silent signin process the following mandatory OIDC query parameters where missing:",
646
+ missingMandatoryParams.join(", ")
647
+ ].join(" ")
648
+ )
649
+ );
650
+ return;
651
+ }
652
+
496
653
  dLoginSuccessUrl.resolve(loginSuccessUrl);
497
654
  };
498
655
 
@@ -504,7 +661,14 @@ export async function createOidc<
504
661
  if (error.message === "Failed to fetch") {
505
662
  clearTimeout(timeout);
506
663
 
507
- dLoginSuccessUrl.reject(new OidcInitializationError({ "type": "server down" }));
664
+ // Here we know it's not web origin because it's not the token we are fetching
665
+ // but just the well known configuration endpoint that is not subject to CORS.
666
+ dLoginSuccessUrl.reject(
667
+ new OidcInitializationError({
668
+ "type": "server down",
669
+ issuerUri
670
+ })
671
+ );
508
672
  }
509
673
  });
510
674
 
@@ -514,9 +678,28 @@ export async function createOidc<
514
678
  break restore_from_http_only_cookie;
515
679
  }
516
680
 
517
- const oidcClientTsUser = await oidcClientTsUserManager.signinRedirectCallback(
518
- loginSuccessUrl
519
- );
681
+ let oidcClientTsUser: OidcClientTsUser | undefined = undefined;
682
+
683
+ try {
684
+ oidcClientTsUser = await oidcClientTsUserManager.signinRedirectCallback(loginSuccessUrl);
685
+ } catch (error) {
686
+ assert(error instanceof Error);
687
+
688
+ if (error.message === "Failed to fetch") {
689
+ // If we have a fetch error here. We know for sure that the server isn't down,
690
+ // the silent sign-in was successful. We also know that the issuer_uri is correct.
691
+ // so it's very likely the web origins that are misconfigured.
692
+ throw new OidcInitializationError({
693
+ "type": "bad configuration",
694
+ "likelyCause": {
695
+ "type": "not in Web Origins",
696
+ clientId
697
+ }
698
+ });
699
+ }
700
+
701
+ throw error;
702
+ }
520
703
 
521
704
  return {
522
705
  "loginScenario": "silentSignin" as const,
@@ -574,7 +757,9 @@ export async function createOidc<
574
757
  "cause": error
575
758
  });
576
759
 
577
- console.error(`OIDC initialization error: ${initializationError.message}`);
760
+ console.error(
761
+ `OIDC initialization error of type "${initializationError.type}": ${initializationError.message}`
762
+ );
578
763
 
579
764
  startTrackingLastPublicRoute();
580
765