oidc-spa 6.1.13 → 6.1.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/mock/oidc.js +31 -41
- package/mock/oidc.js.map +1 -1
- package/oidc/createOidc.js +93 -31
- package/oidc/createOidc.js.map +1 -1
- package/oidc/handleOidcCallback.js +9 -21
- package/oidc/handleOidcCallback.js.map +1 -1
- package/oidc/loginSilent.d.ts +6 -2
- package/oidc/loginSilent.js +15 -13
- package/oidc/loginSilent.js.map +1 -1
- package/oidc/oidcClientTsUserToTokens.js +4 -2
- package/oidc/oidcClientTsUserToTokens.js.map +1 -1
- package/oidc/persistedLogoutState.d.ts +9 -0
- package/oidc/persistedLogoutState.js +25 -0
- package/oidc/persistedLogoutState.js.map +1 -0
- package/package.json +6 -6
- package/src/mock/oidc.ts +22 -24
- package/src/oidc/createOidc.ts +93 -32
- package/src/oidc/handleOidcCallback.ts +10 -21
- package/src/oidc/loginSilent.ts +40 -28
- package/src/oidc/oidcClientTsUserToTokens.ts +5 -3
- package/src/oidc/persistedLogoutState.ts +29 -0
- package/src/tools/urlQueryParams.ts +0 -113
- package/tools/urlQueryParams.d.ts +0 -31
- package/tools/urlQueryParams.js +0 -112
- package/tools/urlQueryParams.js.map +0 -1
package/oidc/loginSilent.js
CHANGED
|
@@ -68,7 +68,6 @@ exports.loginSilent = loginSilent;
|
|
|
68
68
|
var Deferred_1 = require("../tools/Deferred");
|
|
69
69
|
var tsafe_1 = require("../vendor/frontend/tsafe");
|
|
70
70
|
var StateData_1 = require("./StateData");
|
|
71
|
-
var urlQueryParams_1 = require("../tools/urlQueryParams");
|
|
72
71
|
var getDownlinkAndRtt_1 = require("../tools/getDownlinkAndRtt");
|
|
73
72
|
var isDev_1 = require("../tools/isDev");
|
|
74
73
|
function getIsAuthResponse(data) {
|
|
@@ -76,15 +75,11 @@ function getIsAuthResponse(data) {
|
|
|
76
75
|
}
|
|
77
76
|
function authResponseToUrl(authResponse) {
|
|
78
77
|
var e_1, _a;
|
|
79
|
-
var authResponseUrl = "https://dummy.com";
|
|
78
|
+
var authResponseUrl = new URL("https://dummy.com");
|
|
80
79
|
try {
|
|
81
80
|
for (var _b = __values(Object.entries(authResponse)), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
82
81
|
var _d = __read(_c.value, 2), name_1 = _d[0], value = _d[1];
|
|
83
|
-
authResponseUrl
|
|
84
|
-
url: authResponseUrl,
|
|
85
|
-
name: name_1,
|
|
86
|
-
value: value
|
|
87
|
-
}).newUrl;
|
|
82
|
+
authResponseUrl.searchParams.set(name_1, value);
|
|
88
83
|
}
|
|
89
84
|
}
|
|
90
85
|
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
@@ -94,7 +89,7 @@ function authResponseToUrl(authResponse) {
|
|
|
94
89
|
}
|
|
95
90
|
finally { if (e_1) throw e_1.error; }
|
|
96
91
|
}
|
|
97
|
-
return authResponseUrl;
|
|
92
|
+
return authResponseUrl.href;
|
|
98
93
|
}
|
|
99
94
|
function loginSilent(params) {
|
|
100
95
|
return __awaiter(this, void 0, void 0, function () {
|
|
@@ -121,7 +116,7 @@ function loginSilent(params) {
|
|
|
121
116
|
timeout = setTimeout(function () { return __awaiter(_this, void 0, void 0, function () {
|
|
122
117
|
return __generator(this, function (_a) {
|
|
123
118
|
dResult.resolve({
|
|
124
|
-
|
|
119
|
+
outcome: "failure",
|
|
125
120
|
cause: "timeout"
|
|
126
121
|
});
|
|
127
122
|
return [2 /*return*/];
|
|
@@ -141,7 +136,7 @@ function loginSilent(params) {
|
|
|
141
136
|
clearTimeout(timeout);
|
|
142
137
|
window.removeEventListener("message", listener);
|
|
143
138
|
dResult.resolve({
|
|
144
|
-
|
|
139
|
+
outcome: "success iframe",
|
|
145
140
|
authResponse: authResponse
|
|
146
141
|
});
|
|
147
142
|
};
|
|
@@ -155,7 +150,14 @@ function loginSilent(params) {
|
|
|
155
150
|
silentRequestTimeoutInSeconds: timeoutDelayMs / 1000,
|
|
156
151
|
extraTokenParams: getExtraTokenParams === null || getExtraTokenParams === void 0 ? void 0 : getExtraTokenParams()
|
|
157
152
|
})
|
|
158
|
-
.
|
|
153
|
+
.then(function (oidcClientTsUser) {
|
|
154
|
+
(0, tsafe_1.assert)(oidcClientTsUser !== null);
|
|
155
|
+
clearTimeout(timeout);
|
|
156
|
+
dResult.resolve({
|
|
157
|
+
outcome: "refresh token used",
|
|
158
|
+
oidcClientTsUser: oidcClientTsUser
|
|
159
|
+
});
|
|
160
|
+
}, function (error) {
|
|
159
161
|
if (error.message === "Failed to fetch") {
|
|
160
162
|
// NOTE: If we got an error here it means that the fetch to the
|
|
161
163
|
// well-known oidc endpoint failed.
|
|
@@ -164,7 +166,7 @@ function loginSilent(params) {
|
|
|
164
166
|
// It could be a CORS error on the well-known endpoint but it's unlikely.
|
|
165
167
|
clearTimeout(timeout);
|
|
166
168
|
dResult.resolve({
|
|
167
|
-
|
|
169
|
+
outcome: "failure",
|
|
168
170
|
cause: "can't reach well-known oidc endpoint"
|
|
169
171
|
});
|
|
170
172
|
return;
|
|
@@ -173,7 +175,7 @@ function loginSilent(params) {
|
|
|
173
175
|
// error than timeout so we fail silently and let the timeout expire.
|
|
174
176
|
});
|
|
175
177
|
dResult.pr.then(function (result) {
|
|
176
|
-
if (
|
|
178
|
+
if (result.outcome === "failure") {
|
|
177
179
|
(0, StateData_1.clearStateStore)({ stateQueryParamValue: stateQueryParamValue_instance });
|
|
178
180
|
}
|
|
179
181
|
});
|
package/oidc/loginSilent.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/oidc/loginSilent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA,
|
|
1
|
+
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/oidc/loginSilent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA,8CAQC;AAgBD,kCAqHC;AA7JD,8CAA6C;AAC7C,kDAAsD;AACtD,yCAA4E;AAC5E,gEAA+D;AAC/D,wCAA0C;AAQ1C,SAAS,iBAAiB,CAAC,IAAS;IAChC,OAAO,IAAI,YAAY,MAAM,IAAI,OAAO,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC;AACvF,CAAC;AAED,SAAgB,iBAAiB,CAAC,YAA0B;;IACxD,IAAM,eAAe,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;;QAErD,KAA4B,IAAA,KAAA,SAAA,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA,gBAAA,4BAAE,CAAC;YAAhD,IAAA,KAAA,mBAAa,EAAZ,MAAI,QAAA,EAAE,KAAK,QAAA;YACnB,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,MAAI,EAAE,KAAK,CAAC,CAAC;QAClD,CAAC;;;;;;;;;IAED,OAAO,eAAe,CAAC,IAAI,CAAC;AAChC,CAAC;AAgBD,SAAsB,WAAW,CAAC,MAKjC;;;;;YACW,uBAAuB,GAC3B,MAAM,wBADqB,EAAE,6BAA6B,GAC1D,MAAM,8BADoD,EAAE,QAAQ,GACpE,MAAM,SAD8D,EAAE,mBAAmB,GACzF,MAAM,oBADmF,CAClF;YAEL,OAAO,GAAG,IAAI,mBAAQ,EAAuB,CAAC;YAE9C,cAAc,GAAW,CAAC;gBAC5B,IAAM,cAAc,GAAG,IAAA,qCAAiB,GAAE,CAAC;gBAC3C,IAAM,KAAK,GAAG,IAAA,gBAAQ,GAAE,CAAC;gBAEzB,6DAA6D;gBAC7D,6BAA6B;gBAC7B,IAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,IAAK,CAAC;gBAE5C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;oBAC/B,OAAO,aAAa,CAAC;gBACzB,CAAC;gBAEO,IAAA,QAAQ,GAAU,cAAc,SAAxB,EAAE,GAAG,GAAK,cAAc,IAAnB,CAAoB;gBAEzC,oDAAoD;gBACpD,8CAA8C;gBAC9C,IAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;gBAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;YACjD,CAAC,CAAC,EAAE,CAAC;YAEC,OAAO,GAAG,UAAU,CAAC;;oBACvB,OAAO,CAAC,OAAO,CAAC;wBACZ,OAAO,EAAE,SAAS;wBAClB,KAAK,EAAE,SAAS;qBACnB,CAAC,CAAC;;;iBACN,EAAE,cAAc,CAAC,CAAC;YAEb,QAAQ,GAAG,UAAC,KAAmB;gBACjC,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACjC,OAAO;gBACX,CAAC;gBAED,IAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;gBAEhC,IAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;gBAE7E,IAAA,cAAM,EAAC,SAAS,KAAK,SAAS,CAAC,CAAC;gBAChC,IAAA,cAAM,EAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC;gBAEvC,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAClC,OAAO;gBACX,CAAC;gBAED,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAEhD,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,gBAAgB;oBACzB,YAAY,cAAA;iBACf,CAAC,CAAC;YACP,CAAC,CAAC;YAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YAEpD,uBAAuB;iBAClB,YAAY,CAAC;gBACV,KAAK,EAAE,IAAA,UAAE,EAAmB;oBACxB,OAAO,EAAE,QAAQ;oBACjB,QAAQ,UAAA;iBACX,CAAC;gBACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;gBACpD,gBAAgB,EAAE,mBAAmB,aAAnB,mBAAmB,uBAAnB,mBAAmB,EAAI;aAC5C,CAAC;iBACD,IAAI,CACD,UAAA,gBAAgB;gBACZ,IAAA,cAAM,EAAC,gBAAgB,KAAK,IAAI,CAAC,CAAC;gBAElC,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEtB,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,oBAAoB;oBAC7B,gBAAgB,kBAAA;iBACnB,CAAC,CAAC;YACP,CAAC,EACD,UAAC,KAAY;gBACT,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;oBACtC,+DAA+D;oBAC/D,mCAAmC;oBACnC,mEAAmE;oBACnE,0CAA0C;oBAC1C,yEAAyE;oBAEzE,YAAY,CAAC,OAAO,CAAC,CAAC;oBAEtB,OAAO,CAAC,OAAO,CAAC;wBACZ,OAAO,EAAE,SAAS;wBAClB,KAAK,EAAE,sCAAsC;qBAChD,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,yEAAyE;gBACzE,qEAAqE;YACzE,CAAC,CACJ,CAAC;YAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,UAAA,MAAM;gBAClB,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC/B,IAAA,2BAAe,EAAC,EAAE,oBAAoB,EAAE,6BAA6B,EAAE,CAAC,CAAC;gBAC7E,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,sBAAO,OAAO,CAAC,EAAE,EAAC;;;CACrB"}
|
|
@@ -25,8 +25,10 @@ function oidcClientTsUserToTokens(params) {
|
|
|
25
25
|
(0, tsafe_1.assert)(false, "Failed to get access token expiration time");
|
|
26
26
|
})();
|
|
27
27
|
var refreshToken = oidcClientTsUser.refresh_token;
|
|
28
|
-
(0, tsafe_1.assert)(refreshToken !== undefined, "No refresh token provided by the oidc server");
|
|
29
28
|
var refreshTokenExpirationTime = (function () {
|
|
29
|
+
if (refreshToken === undefined) {
|
|
30
|
+
return Number.POSITIVE_INFINITY;
|
|
31
|
+
}
|
|
30
32
|
read_from_jwt: {
|
|
31
33
|
var expirationTime = (0, readExpirationTimeInJwt_1.readExpirationTimeInJwt)(refreshToken);
|
|
32
34
|
if (expirationTime === undefined) {
|
|
@@ -47,7 +49,7 @@ function oidcClientTsUserToTokens(params) {
|
|
|
47
49
|
var tokens = {
|
|
48
50
|
accessToken: accessToken,
|
|
49
51
|
accessTokenExpirationTime: accessTokenExpirationTime,
|
|
50
|
-
refreshToken: refreshToken,
|
|
52
|
+
refreshToken: refreshToken !== null && refreshToken !== void 0 ? refreshToken : "",
|
|
51
53
|
refreshTokenExpirationTime: refreshTokenExpirationTime,
|
|
52
54
|
idToken: idToken,
|
|
53
55
|
decodedIdToken: null
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidcClientTsUserToTokens.js","sourceRoot":"","sources":["../src/oidc/oidcClientTsUserToTokens.ts"],"names":[],"mappings":";;AAMA,
|
|
1
|
+
{"version":3,"file":"oidcClientTsUserToTokens.js","sourceRoot":"","sources":["../src/oidc/oidcClientTsUserToTokens.ts"],"names":[],"mappings":";;AAMA,4DA0GC;AA/GD,kDAAkD;AAClD,4EAA2E;AAC3E,gDAA+C;AAG/C,SAAgB,wBAAwB,CAAiD,MAIxF;IACW,IAAA,gBAAgB,GAAgC,MAAM,iBAAtC,EAAE,oBAAoB,GAAU,MAAM,qBAAhB,EAAE,GAAG,GAAK,MAAM,IAAX,CAAY;IAE/D,IAAM,WAAW,GAAG,gBAAgB,CAAC,YAAY,CAAC;IAElD,IAAM,yBAAyB,GAAG,CAAC;QAC/B,kBAAkB,EAAE,CAAC;YACT,IAAA,UAAU,GAAK,gBAAgB,WAArB,CAAsB;YAExC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAC3B,MAAM,kBAAkB,CAAC;YAC7B,CAAC;YAED,OAAO,UAAU,GAAG,IAAI,CAAC;QAC7B,CAAC;QAED,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,WAAW,CAAC,CAAC;YAE5D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,IAAA,cAAM,EAAC,KAAK,EAAE,4CAA4C,CAAC,CAAC;IAChE,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,YAAY,GAAG,gBAAgB,CAAC,aAAa,CAAC;IAEpD,IAAM,0BAA0B,GAAG,CAAC;QAChC,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,MAAM,CAAC,iBAAiB,CAAC;QACpC,CAAC;QAED,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,YAAY,CAAC,CAAC;YAE7D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,GAAG,aAAH,GAAG,uBAAH,GAAG,CACC;YACI,qEAAqE;YACrE,2FAA2F;YAC3F,sHAAsH;YACtH,8FAA8F;SACjG,CAAC,IAAI,CAAC,IAAI,CAAC,CACf,CAAC;QAEF,OAAO,MAAM,CAAC,iBAAiB,CAAC;IACpC,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC;IAE1C,IAAA,cAAM,EAAC,OAAO,KAAK,SAAS,EAAE,yCAAyC,CAAC,CAAC;IAEzE,IAAM,MAAM,GAAgC;QACxC,WAAW,aAAA;QACX,yBAAyB,2BAAA;QACzB,YAAY,EAAE,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,EAAE;QAChC,0BAA0B,4BAAA;QAC1B,OAAO,SAAA;QACP,cAAc,EAAE,IAAW;KAC9B,CAAC;IAEF,IAAI,KAAK,GAKS,SAAS,CAAC;IAE5B,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,gBAAgB,EAAE;QAC5C,GAAG,EAAE;YACD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;gBACxD,OAAO,KAAK,CAAC,cAAc,CAAC;YAChC,CAAC;YAED,IAAI,cAAc,GAAG,IAAA,qBAAS,EAAC,IAAI,CAAC,OAAO,CAAmB,CAAC;YAE/D,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;gBACrC,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAChE,CAAC;YAED,KAAK,GAAG;gBACJ,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,cAAc,gBAAA;aACjB,CAAC;YAEF,OAAO,cAAc,CAAC;QAC1B,CAAC;QACD,YAAY,EAAE,IAAI;QAClB,UAAU,EAAE,IAAI;KACnB,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export declare function persistLogoutState(params: {
|
|
2
|
+
configId: string;
|
|
3
|
+
}): void;
|
|
4
|
+
export declare function clearPersistedLogoutState(params: {
|
|
5
|
+
configId: string;
|
|
6
|
+
}): void;
|
|
7
|
+
export declare function getIsPersistedLogoutState(params: {
|
|
8
|
+
configId: string;
|
|
9
|
+
}): boolean;
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.persistLogoutState = persistLogoutState;
|
|
4
|
+
exports.clearPersistedLogoutState = clearPersistedLogoutState;
|
|
5
|
+
exports.getIsPersistedLogoutState = getIsPersistedLogoutState;
|
|
6
|
+
function getKey(params) {
|
|
7
|
+
var configId = params.configId;
|
|
8
|
+
return "oidc-spa:is-logged-out:".concat(configId);
|
|
9
|
+
}
|
|
10
|
+
function persistLogoutState(params) {
|
|
11
|
+
var configId = params.configId;
|
|
12
|
+
var key = getKey({ configId: configId });
|
|
13
|
+
localStorage.setItem(key, "true");
|
|
14
|
+
}
|
|
15
|
+
function clearPersistedLogoutState(params) {
|
|
16
|
+
var configId = params.configId;
|
|
17
|
+
var key = getKey({ configId: configId });
|
|
18
|
+
localStorage.removeItem(key);
|
|
19
|
+
}
|
|
20
|
+
function getIsPersistedLogoutState(params) {
|
|
21
|
+
var configId = params.configId;
|
|
22
|
+
var key = getKey({ configId: configId });
|
|
23
|
+
return localStorage.getItem(key) === "true";
|
|
24
|
+
}
|
|
25
|
+
//# sourceMappingURL=persistedLogoutState.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"persistedLogoutState.js","sourceRoot":"","sources":["../src/oidc/persistedLogoutState.ts"],"names":[],"mappings":";;AAMA,gDAMC;AAED,8DAMC;AAED,8DAMC;AA5BD,SAAS,MAAM,CAAC,MAA4B;IAChC,IAAA,QAAQ,GAAK,MAAM,SAAX,CAAY;IAE5B,OAAO,iCAA0B,QAAQ,CAAE,CAAC;AAChD,CAAC;AAED,SAAgB,kBAAkB,CAAC,MAA4B;IACnD,IAAA,QAAQ,GAAK,MAAM,SAAX,CAAY;IAE5B,IAAM,GAAG,GAAG,MAAM,CAAC,EAAE,QAAQ,UAAA,EAAE,CAAC,CAAC;IAEjC,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,yBAAyB,CAAC,MAA4B;IAC1D,IAAA,QAAQ,GAAK,MAAM,SAAX,CAAY;IAE5B,IAAM,GAAG,GAAG,MAAM,CAAC,EAAE,QAAQ,UAAA,EAAE,CAAC,CAAC;IAEjC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,SAAgB,yBAAyB,CAAC,MAA4B;IAC1D,IAAA,QAAQ,GAAK,MAAM,SAAX,CAAY;IAE5B,IAAM,GAAG,GAAG,MAAM,CAAC,EAAE,QAAQ,UAAA,EAAE,CAAC,CAAC;IAEjC,OAAO,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC;AAChD,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "oidc-spa",
|
|
3
|
-
"version": "6.1.
|
|
3
|
+
"version": "6.1.15",
|
|
4
4
|
"description": "Openidconnect client for Single Page Applications",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -24,6 +24,7 @@
|
|
|
24
24
|
"./oidc/Oidc": "./oidc/Oidc.js",
|
|
25
25
|
"./oidc/oidcClientTsUserToTokens": "./oidc/oidcClientTsUserToTokens.js",
|
|
26
26
|
"./oidc/OidcInitializationError": "./oidc/OidcInitializationError.js",
|
|
27
|
+
"./oidc/persistedLogoutState": "./oidc/persistedLogoutState.js",
|
|
27
28
|
"./oidc/StateData": "./oidc/StateData.js",
|
|
28
29
|
"./react/index": "./react/index.js",
|
|
29
30
|
"./react/react": "./react/react.js",
|
|
@@ -46,7 +47,6 @@
|
|
|
46
47
|
"./tools/subscribeToUserInteraction": "./tools/subscribeToUserInteraction.js",
|
|
47
48
|
"./tools/toFullyQualifiedUrl": "./tools/toFullyQualifiedUrl.js",
|
|
48
49
|
"./tools/toHumanReadableDuration": "./tools/toHumanReadableDuration.js",
|
|
49
|
-
"./tools/urlQueryParams": "./tools/urlQueryParams.js",
|
|
50
50
|
"./tools/ValueOrAsyncGetter": "./tools/ValueOrAsyncGetter.js",
|
|
51
51
|
"./tools/workerTimers": "./tools/workerTimers.js",
|
|
52
52
|
"./vendor/backend/evt": "./vendor/backend/evt.js",
|
|
@@ -89,6 +89,7 @@
|
|
|
89
89
|
"./src/oidc/loginSilent.ts",
|
|
90
90
|
"./src/oidc/logoutPropagationToOtherTabs.ts",
|
|
91
91
|
"./src/oidc/oidcClientTsUserToTokens.ts",
|
|
92
|
+
"./src/oidc/persistedLogoutState.ts",
|
|
92
93
|
"./src/react/index.ts",
|
|
93
94
|
"./src/react/react.tsx",
|
|
94
95
|
"./src/tools/AwaitableEventEmitter.ts",
|
|
@@ -111,7 +112,6 @@
|
|
|
111
112
|
"./src/tools/subscribeToUserInteraction.ts",
|
|
112
113
|
"./src/tools/toFullyQualifiedUrl.ts",
|
|
113
114
|
"./src/tools/toHumanReadableDuration.ts",
|
|
114
|
-
"./src/tools/urlQueryParams.ts",
|
|
115
115
|
"./src/tools/workerTimers.ts",
|
|
116
116
|
"./src/vendor/backend/evt.ts",
|
|
117
117
|
"./src/vendor/backend/jsonwebtoken.ts",
|
|
@@ -167,6 +167,9 @@
|
|
|
167
167
|
"./oidc/oidcClientTsUserToTokens.d.ts",
|
|
168
168
|
"./oidc/oidcClientTsUserToTokens.js",
|
|
169
169
|
"./oidc/oidcClientTsUserToTokens.js.map",
|
|
170
|
+
"./oidc/persistedLogoutState.d.ts",
|
|
171
|
+
"./oidc/persistedLogoutState.js",
|
|
172
|
+
"./oidc/persistedLogoutState.js.map",
|
|
170
173
|
"./react/index.d.ts",
|
|
171
174
|
"./react/index.js",
|
|
172
175
|
"./react/index.js.map",
|
|
@@ -233,9 +236,6 @@
|
|
|
233
236
|
"./tools/toHumanReadableDuration.d.ts",
|
|
234
237
|
"./tools/toHumanReadableDuration.js",
|
|
235
238
|
"./tools/toHumanReadableDuration.js.map",
|
|
236
|
-
"./tools/urlQueryParams.d.ts",
|
|
237
|
-
"./tools/urlQueryParams.js",
|
|
238
|
-
"./tools/urlQueryParams.js.map",
|
|
239
239
|
"./tools/workerTimers.d.ts",
|
|
240
240
|
"./tools/workerTimers.js",
|
|
241
241
|
"./tools/workerTimers.js.map",
|
package/src/mock/oidc.ts
CHANGED
|
@@ -1,8 +1,6 @@
|
|
|
1
1
|
import type { Oidc } from "../oidc";
|
|
2
|
-
import { retrieveQueryParamFromUrl, addQueryParamToUrl } from "../tools/urlQueryParams";
|
|
3
2
|
import { createObjectThatThrowsIfAccessed } from "../tools/createObjectThatThrowsIfAccessed";
|
|
4
3
|
import { id } from "../vendor/frontend/tsafe";
|
|
5
|
-
import { assert, type Equals } from "../vendor/frontend/tsafe";
|
|
6
4
|
import { toFullyQualifiedUrl } from "../tools/toFullyQualifiedUrl";
|
|
7
5
|
|
|
8
6
|
export type ParamsOfCreateMockOidc<
|
|
@@ -44,18 +42,19 @@ export async function createMockOidc<
|
|
|
44
42
|
} = params;
|
|
45
43
|
|
|
46
44
|
const isUserLoggedIn = (() => {
|
|
47
|
-
const
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
});
|
|
45
|
+
const newUrl = new URL(window.location.href);
|
|
46
|
+
|
|
47
|
+
const urlParamValue = newUrl.searchParams.get(urlParamName);
|
|
51
48
|
|
|
52
|
-
if (
|
|
49
|
+
if (urlParamValue === null) {
|
|
53
50
|
return isUserInitiallyLoggedIn;
|
|
54
51
|
}
|
|
55
52
|
|
|
56
|
-
|
|
53
|
+
newUrl.searchParams.delete(urlParamName);
|
|
57
54
|
|
|
58
|
-
|
|
55
|
+
window.history.replaceState({}, "", newUrl.href);
|
|
56
|
+
|
|
57
|
+
return urlParamValue === "true";
|
|
59
58
|
})();
|
|
60
59
|
|
|
61
60
|
const homeUrl = toFullyQualifiedUrl({
|
|
@@ -76,20 +75,20 @@ export async function createMockOidc<
|
|
|
76
75
|
}): Promise<never> => {
|
|
77
76
|
const { redirectUrl } = params;
|
|
78
77
|
|
|
79
|
-
const
|
|
80
|
-
|
|
78
|
+
const newUrl = new URL(
|
|
79
|
+
(() => {
|
|
81
80
|
if (redirectUrl === undefined) {
|
|
82
81
|
return window.location.href;
|
|
83
82
|
}
|
|
84
83
|
return redirectUrl.startsWith("/")
|
|
85
84
|
? `${window.location.origin}${redirectUrl}`
|
|
86
85
|
: redirectUrl;
|
|
87
|
-
})()
|
|
88
|
-
|
|
89
|
-
value: "true"
|
|
90
|
-
});
|
|
86
|
+
})()
|
|
87
|
+
);
|
|
91
88
|
|
|
92
|
-
|
|
89
|
+
newUrl.searchParams.set(urlParamName, "true");
|
|
90
|
+
|
|
91
|
+
window.location.href = newUrl.href;
|
|
93
92
|
|
|
94
93
|
return new Promise<never>(() => {});
|
|
95
94
|
};
|
|
@@ -139,8 +138,8 @@ export async function createMockOidc<
|
|
|
139
138
|
unsubscribe: () => {}
|
|
140
139
|
}),
|
|
141
140
|
logout: params => {
|
|
142
|
-
const
|
|
143
|
-
|
|
141
|
+
const newUrl = new URL(
|
|
142
|
+
(() => {
|
|
144
143
|
switch (params.redirectTo) {
|
|
145
144
|
case "current page":
|
|
146
145
|
return window.location.href;
|
|
@@ -152,13 +151,12 @@ export async function createMockOidc<
|
|
|
152
151
|
doAssertNoQueryParams: false
|
|
153
152
|
});
|
|
154
153
|
}
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
});
|
|
154
|
+
})()
|
|
155
|
+
);
|
|
156
|
+
|
|
157
|
+
newUrl.searchParams.set(urlParamName, "false");
|
|
160
158
|
|
|
161
|
-
window.location.href = newUrl;
|
|
159
|
+
window.location.href = newUrl.href;
|
|
162
160
|
|
|
163
161
|
return new Promise<never>(() => {});
|
|
164
162
|
},
|
package/src/oidc/createOidc.ts
CHANGED
|
@@ -4,9 +4,8 @@ import {
|
|
|
4
4
|
type User as OidcClientTsUser,
|
|
5
5
|
InMemoryWebStorage
|
|
6
6
|
} from "../vendor/frontend/oidc-client-ts-and-jwt-decode";
|
|
7
|
-
import { id, type Param0, assert, type Equals, typeGuard } from "../vendor/frontend/tsafe";
|
|
7
|
+
import { id, type Param0, assert, is, type Equals, typeGuard } from "../vendor/frontend/tsafe";
|
|
8
8
|
import { setTimeout, clearTimeout } from "../tools/workerTimers";
|
|
9
|
-
import { addQueryParamToUrl, retrieveAllQueryParamFromUrl } from "../tools/urlQueryParams";
|
|
10
9
|
import { Deferred } from "../tools/Deferred";
|
|
11
10
|
import { decodeJwt } from "../tools/decodeJwt";
|
|
12
11
|
import { createIsUserActive } from "../tools/createIsUserActive";
|
|
@@ -31,6 +30,11 @@ import { getConfigId } from "./configId";
|
|
|
31
30
|
import { oidcClientTsUserToTokens } from "./oidcClientTsUserToTokens";
|
|
32
31
|
import { loginSilent, authResponseToUrl } from "./loginSilent";
|
|
33
32
|
import { handleOidcCallback, AUTH_RESPONSE_KEY } from "./handleOidcCallback";
|
|
33
|
+
import {
|
|
34
|
+
clearPersistedLogoutState,
|
|
35
|
+
getIsPersistedLogoutState,
|
|
36
|
+
persistLogoutState
|
|
37
|
+
} from "./persistedLogoutState";
|
|
34
38
|
import type { Oidc } from "./Oidc";
|
|
35
39
|
import { type AwaitableEventEmitter, createAwaitableEventEmitter } from "../tools/AwaitableEventEmitter";
|
|
36
40
|
|
|
@@ -421,14 +425,13 @@ export async function createOidc_nonMemoized<
|
|
|
421
425
|
break add_extra_query_params;
|
|
422
426
|
}
|
|
423
427
|
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
);
|
|
428
|
+
const url_obj = new URL_real(url);
|
|
429
|
+
|
|
430
|
+
for (const [name, value] of Object.entries(extraQueryParams)) {
|
|
431
|
+
url_obj.searchParams.set(name, value);
|
|
432
|
+
}
|
|
433
|
+
|
|
434
|
+
url = url_obj.href;
|
|
432
435
|
}
|
|
433
436
|
|
|
434
437
|
apply_transform_before_redirect: {
|
|
@@ -481,10 +484,7 @@ export async function createOidc_nonMemoized<
|
|
|
481
484
|
break read_query_params_added_by_transform_before_redirect;
|
|
482
485
|
}
|
|
483
486
|
|
|
484
|
-
const
|
|
485
|
-
retrieveAllQueryParamFromUrl({ url: url_afterTransform });
|
|
486
|
-
|
|
487
|
-
for (const [name, value] of Object.entries(queryParamsAddedByTransformBeforeRedirect)) {
|
|
487
|
+
for (const [name, value] of new URL(url_afterTransform).searchParams) {
|
|
488
488
|
extraQueryParams[name] = value;
|
|
489
489
|
}
|
|
490
490
|
}
|
|
@@ -501,7 +501,8 @@ export async function createOidc_nonMemoized<
|
|
|
501
501
|
configId,
|
|
502
502
|
action: "login"
|
|
503
503
|
}),
|
|
504
|
-
redirectMethod
|
|
504
|
+
redirectMethod,
|
|
505
|
+
prompt: getIsPersistedLogoutState({ configId }) ? "consent" : undefined
|
|
505
506
|
});
|
|
506
507
|
return new Promise<never>(() => {});
|
|
507
508
|
};
|
|
@@ -610,6 +611,7 @@ export async function createOidc_nonMemoized<
|
|
|
610
611
|
}
|
|
611
612
|
|
|
612
613
|
sessionStorage.removeItem(BROWSER_SESSION_NOT_FIRST_INIT_KEY);
|
|
614
|
+
clearPersistedLogoutState({ configId });
|
|
613
615
|
|
|
614
616
|
return {
|
|
615
617
|
oidcClientTsUser,
|
|
@@ -656,6 +658,11 @@ export async function createOidc_nonMemoized<
|
|
|
656
658
|
restore_from_http_only_cookie: {
|
|
657
659
|
log?.("Trying to restore the auth from the http only cookie (silent signin with iframe)");
|
|
658
660
|
|
|
661
|
+
if (getIsPersistedLogoutState({ configId })) {
|
|
662
|
+
log?.("Skipping silent signin with iframe, the user has logged out");
|
|
663
|
+
break restore_from_http_only_cookie;
|
|
664
|
+
}
|
|
665
|
+
|
|
659
666
|
const result_loginSilent = await loginSilent({
|
|
660
667
|
oidcClientTsUserManager,
|
|
661
668
|
stateQueryParamValue_instance,
|
|
@@ -663,7 +670,9 @@ export async function createOidc_nonMemoized<
|
|
|
663
670
|
getExtraTokenParams
|
|
664
671
|
});
|
|
665
672
|
|
|
666
|
-
|
|
673
|
+
assert(result_loginSilent.outcome !== "refresh token used");
|
|
674
|
+
|
|
675
|
+
if (result_loginSilent.outcome === "failure") {
|
|
667
676
|
switch (result_loginSilent.cause) {
|
|
668
677
|
case "can't reach well-known oidc endpoint":
|
|
669
678
|
return createWellKnownOidcConfigurationEndpointUnreachableInitializationError({
|
|
@@ -680,6 +689,8 @@ export async function createOidc_nonMemoized<
|
|
|
680
689
|
assert<Equals<typeof result_loginSilent.cause, never>>(false);
|
|
681
690
|
}
|
|
682
691
|
|
|
692
|
+
assert<Equals<typeof result_loginSilent.outcome, "success iframe">>();
|
|
693
|
+
|
|
683
694
|
const { authResponse } = result_loginSilent;
|
|
684
695
|
|
|
685
696
|
log?.("Silent signin auth response", authResponse);
|
|
@@ -913,31 +924,76 @@ export async function createOidc_nonMemoized<
|
|
|
913
924
|
|
|
914
925
|
const sessionId = decodeJwt<{ sid?: string }>(oidc.getTokens().idToken).sid;
|
|
915
926
|
|
|
916
|
-
|
|
917
|
-
|
|
918
|
-
|
|
919
|
-
|
|
920
|
-
|
|
921
|
-
|
|
922
|
-
|
|
923
|
-
|
|
924
|
-
|
|
925
|
-
|
|
926
|
-
|
|
927
|
+
try {
|
|
928
|
+
await oidcClientTsUserManager.signoutRedirect({
|
|
929
|
+
state: id<StateData>({
|
|
930
|
+
configId,
|
|
931
|
+
context: "redirect",
|
|
932
|
+
redirectUrl: postLogoutRedirectUrl,
|
|
933
|
+
hasBeenProcessedByCallback: false,
|
|
934
|
+
action: "logout",
|
|
935
|
+
sessionId
|
|
936
|
+
}),
|
|
937
|
+
redirectMethod: "assign"
|
|
938
|
+
});
|
|
939
|
+
} catch (error) {
|
|
940
|
+
assert(is<Error>(error));
|
|
941
|
+
|
|
942
|
+
if (error.message !== "No end session endpoint") {
|
|
943
|
+
throw error;
|
|
944
|
+
}
|
|
945
|
+
|
|
946
|
+
log?.("No end session endpoint, managing logging state locally");
|
|
947
|
+
|
|
948
|
+
persistLogoutState({ configId });
|
|
949
|
+
window.location.href = postLogoutRedirectUrl;
|
|
950
|
+
}
|
|
927
951
|
|
|
928
952
|
return new Promise<never>(() => {});
|
|
929
953
|
},
|
|
930
954
|
renewTokens: async params => {
|
|
931
955
|
const { extraTokenParams: extraTokenParams_local } = params ?? {};
|
|
932
956
|
|
|
933
|
-
|
|
934
|
-
|
|
957
|
+
log?.("Renewing tokens");
|
|
958
|
+
|
|
959
|
+
const result_loginSilent = await loginSilent({
|
|
960
|
+
oidcClientTsUserManager,
|
|
961
|
+
stateQueryParamValue_instance,
|
|
962
|
+
configId,
|
|
963
|
+
getExtraTokenParams: () => ({
|
|
935
964
|
...getExtraTokenParams?.(),
|
|
936
965
|
...extraTokenParams_local
|
|
937
|
-
}
|
|
966
|
+
})
|
|
938
967
|
});
|
|
939
968
|
|
|
940
|
-
|
|
969
|
+
if (result_loginSilent.outcome === "failure") {
|
|
970
|
+
throw new Error(result_loginSilent.cause);
|
|
971
|
+
}
|
|
972
|
+
|
|
973
|
+
let oidcClientTsUser: OidcClientTsUser;
|
|
974
|
+
|
|
975
|
+
switch (result_loginSilent.outcome) {
|
|
976
|
+
case "refresh token used":
|
|
977
|
+
{
|
|
978
|
+
log?.("Refresh token used");
|
|
979
|
+
oidcClientTsUser = result_loginSilent.oidcClientTsUser;
|
|
980
|
+
}
|
|
981
|
+
break;
|
|
982
|
+
case "success iframe":
|
|
983
|
+
{
|
|
984
|
+
const { authResponse } = result_loginSilent;
|
|
985
|
+
|
|
986
|
+
log?.("Tokens refresh using iframe", authResponse);
|
|
987
|
+
|
|
988
|
+
oidcClientTsUser = await oidcClientTsUserManager.signinRedirectCallback(
|
|
989
|
+
authResponseToUrl(authResponse)
|
|
990
|
+
);
|
|
991
|
+
}
|
|
992
|
+
break;
|
|
993
|
+
default:
|
|
994
|
+
assert<Equals<typeof result_loginSilent, never>>(false);
|
|
995
|
+
break;
|
|
996
|
+
}
|
|
941
997
|
|
|
942
998
|
const decodedIdTokenPropertyDescriptor = Object.getOwnPropertyDescriptor(
|
|
943
999
|
currentTokens,
|
|
@@ -1080,7 +1136,12 @@ export async function createOidc_nonMemoized<
|
|
|
1080
1136
|
})();
|
|
1081
1137
|
}
|
|
1082
1138
|
|
|
1083
|
-
{
|
|
1139
|
+
auto_logout: {
|
|
1140
|
+
if (currentTokens.refreshToken === "" && __unsafe_ssoSessionIdleSeconds === undefined) {
|
|
1141
|
+
log?.("No refresh token, auto logout non applicable");
|
|
1142
|
+
break auto_logout;
|
|
1143
|
+
}
|
|
1144
|
+
|
|
1084
1145
|
const { startCountdown } = createStartCountdown({
|
|
1085
1146
|
getCountdownEndTime: (() => {
|
|
1086
1147
|
const getCountdownEndTime = () =>
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { retrieveQueryParamFromUrl } from "../tools/urlQueryParams";
|
|
2
1
|
import { getStateData, markStateDataAsProcessedByCallback, getIsStatQueryParamValue } from "./StateData";
|
|
3
2
|
|
|
4
3
|
declare global {
|
|
@@ -26,39 +25,29 @@ export function handleOidcCallback(): { isHandled: boolean } {
|
|
|
26
25
|
export const AUTH_RESPONSE_KEY = "oidc-spa.authResponse";
|
|
27
26
|
|
|
28
27
|
function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
|
|
28
|
+
const locationUrl = new URL(window.location.href);
|
|
29
|
+
|
|
29
30
|
const stateQueryParamValue = (() => {
|
|
30
|
-
const
|
|
31
|
-
url: window.location.href,
|
|
32
|
-
name: "state"
|
|
33
|
-
});
|
|
31
|
+
const stateQueryParamValue = locationUrl.searchParams.get("state");
|
|
34
32
|
|
|
35
|
-
if (
|
|
33
|
+
if (stateQueryParamValue === null) {
|
|
36
34
|
return undefined;
|
|
37
35
|
}
|
|
38
36
|
|
|
39
|
-
if (!getIsStatQueryParamValue({ maybeStateQueryParamValue:
|
|
37
|
+
if (!getIsStatQueryParamValue({ maybeStateQueryParamValue: stateQueryParamValue })) {
|
|
40
38
|
return undefined;
|
|
41
39
|
}
|
|
42
40
|
|
|
43
41
|
if (
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
}).wasPresent &&
|
|
48
|
-
retrieveQueryParamFromUrl({
|
|
49
|
-
url: window.location.href,
|
|
50
|
-
name: "response_type"
|
|
51
|
-
}).wasPresent &&
|
|
52
|
-
retrieveQueryParamFromUrl({
|
|
53
|
-
url: window.location.href,
|
|
54
|
-
name: "redirect_uri"
|
|
55
|
-
}).wasPresent
|
|
42
|
+
locationUrl.searchParams.get("client_id") !== null &&
|
|
43
|
+
locationUrl.searchParams.get("response_type") !== null &&
|
|
44
|
+
locationUrl.searchParams.get("redirect_uri") !== null
|
|
56
45
|
) {
|
|
57
46
|
// NOTE: We are probably in a Keycloakify theme and oidc-spa was loaded by mistake.
|
|
58
47
|
return undefined;
|
|
59
48
|
}
|
|
60
49
|
|
|
61
|
-
return
|
|
50
|
+
return stateQueryParamValue;
|
|
62
51
|
})();
|
|
63
52
|
|
|
64
53
|
if (stateQueryParamValue === undefined) {
|
|
@@ -124,7 +113,7 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
|
|
|
124
113
|
|
|
125
114
|
const authResponse: Record<string, string> = {};
|
|
126
115
|
|
|
127
|
-
for (const [key, value] of
|
|
116
|
+
for (const [key, value] of locationUrl.searchParams) {
|
|
128
117
|
authResponse[key] = value;
|
|
129
118
|
}
|
|
130
119
|
|