oidc-spa 6.13.2 → 6.14.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -2
- package/core/OidcMetadata.d.ts +266 -0
- package/core/OidcMetadata.js +5 -0
- package/core/OidcMetadata.js.map +1 -0
- package/core/createOidc.d.ts +13 -0
- package/core/createOidc.js +9 -6
- package/core/createOidc.js.map +1 -1
- package/core/debug966975.d.ts +7 -0
- package/core/debug966975.js +88 -0
- package/core/debug966975.js.map +1 -0
- package/core/handleOidcCallback.js +49 -11
- package/core/handleOidcCallback.js.map +1 -1
- package/core/loginSilent.d.ts +1 -0
- package/core/loginSilent.js +5 -3
- package/core/loginSilent.js.map +1 -1
- package/core/oidcClientTsUserToTokens.js +1 -1
- package/core/oidcClientTsUserToTokens.js.map +1 -1
- package/package.json +13 -1
- package/src/core/OidcMetadata.ts +271 -0
- package/src/core/createOidc.ts +22 -4
- package/src/core/debug966975.ts +85 -0
- package/src/core/handleOidcCallback.ts +75 -9
- package/src/core/loginSilent.ts +7 -2
- package/src/core/oidcClientTsUserToTokens.ts +1 -1
- package/src/tools/getUserEnvironmentInfo.ts +42 -0
- package/tools/getUserEnvironmentInfo.d.ts +1 -0
- package/tools/getUserEnvironmentInfo.js +48 -0
- package/tools/getUserEnvironmentInfo.js.map +1 -0
|
@@ -53,42 +53,52 @@ var StateData_1 = require("./StateData");
|
|
|
53
53
|
var tsafe_1 = require("../vendor/frontend/tsafe");
|
|
54
54
|
var initialLocationHref_1 = require("./initialLocationHref");
|
|
55
55
|
var trustedFetch_1 = require("./trustedFetch");
|
|
56
|
+
var debug966975_1 = require("./debug966975");
|
|
56
57
|
(0, trustedFetch_1.captureFetch)();
|
|
57
58
|
var globalContext = {
|
|
58
59
|
previousCall: (0, tsafe_1.id)(undefined)
|
|
59
60
|
};
|
|
61
|
+
debug966975_1.debug966975.log("=================== Evaluating the handleOidcCallback file, isInIframe: ".concat(window.self !== window.top ? "true" : "false", ", location.href: ").concat(initialLocationHref_1.initialLocationHref));
|
|
60
62
|
function handleOidcCallback() {
|
|
61
63
|
if (globalContext.previousCall !== undefined) {
|
|
64
|
+
debug966975_1.debug966975.log("handleOidcCallback() call, it has been called previously ".concat(JSON.stringify(globalContext.previousCall)));
|
|
62
65
|
return globalContext.previousCall;
|
|
63
66
|
}
|
|
64
67
|
return (globalContext.previousCall = handleOidcCallback_nonMemoized());
|
|
65
68
|
}
|
|
66
69
|
function handleOidcCallback_nonMemoized() {
|
|
67
70
|
var e_1, _a;
|
|
71
|
+
debug966975_1.debug966975.log("In handleOidcCallback_nonMemoized()");
|
|
68
72
|
var location_urlObj = new URL(initialLocationHref_1.initialLocationHref);
|
|
69
73
|
var stateQueryParamValue = (function () {
|
|
70
74
|
var stateQueryParamValue = location_urlObj.searchParams.get("state");
|
|
71
75
|
if (stateQueryParamValue === null) {
|
|
76
|
+
debug966975_1.debug966975.log("No state in url");
|
|
72
77
|
return undefined;
|
|
73
78
|
}
|
|
74
79
|
if (!(0, StateData_1.getIsStatQueryParamValue)({ maybeStateQueryParamValue: stateQueryParamValue })) {
|
|
80
|
+
debug966975_1.debug966975.log("State query param value ".concat(stateQueryParamValue, " is malformed"));
|
|
75
81
|
return undefined;
|
|
76
82
|
}
|
|
77
83
|
if (location_urlObj.searchParams.get("client_id") !== null &&
|
|
78
84
|
location_urlObj.searchParams.get("response_type") !== null &&
|
|
79
85
|
location_urlObj.searchParams.get("redirect_uri") !== null) {
|
|
86
|
+
debug966975_1.debug966975.log("NOTE: We are probably in a Keycloakify theme and oidc-spa was loaded by mistake.");
|
|
80
87
|
// NOTE: We are probably in a Keycloakify theme and oidc-spa was loaded by mistake.
|
|
81
88
|
return undefined;
|
|
82
89
|
}
|
|
83
90
|
return stateQueryParamValue;
|
|
84
91
|
})();
|
|
92
|
+
debug966975_1.debug966975.log("state query param value ".concat(stateQueryParamValue !== null && stateQueryParamValue !== void 0 ? stateQueryParamValue : "undefined"));
|
|
85
93
|
if (stateQueryParamValue === undefined) {
|
|
86
94
|
var backForwardTracker = readBackForwardTracker();
|
|
95
|
+
debug966975_1.debug966975.log("backForwardTracker: ".concat(JSON.stringify(backForwardTracker)));
|
|
87
96
|
if (backForwardTracker !== undefined) {
|
|
88
97
|
writeBackForwardTracker({
|
|
89
98
|
backForwardTracker: __assign(__assign({}, backForwardTracker), { hasExitedCallback: true })
|
|
90
99
|
});
|
|
91
100
|
}
|
|
101
|
+
debug966975_1.debug966975.log("returning isHandled false");
|
|
92
102
|
return { isHandled: false };
|
|
93
103
|
}
|
|
94
104
|
var isHandled = true;
|
|
@@ -97,9 +107,10 @@ function handleOidcCallback_nonMemoized() {
|
|
|
97
107
|
console.error = function () { };
|
|
98
108
|
console.debug = function () { };
|
|
99
109
|
var stateData = (0, StateData_1.getStateData)({ stateQueryParamValue: stateQueryParamValue });
|
|
110
|
+
debug966975_1.debug966975.log("stateData: ".concat(JSON.stringify(stateData)));
|
|
100
111
|
if (stateData === undefined ||
|
|
101
112
|
(stateData.context === "redirect" && stateData.hasBeenProcessedByCallback)) {
|
|
102
|
-
var
|
|
113
|
+
var historyMethod_1 = (function () {
|
|
103
114
|
var backForwardTracker = readBackForwardTracker();
|
|
104
115
|
if (backForwardTracker === undefined) {
|
|
105
116
|
return "back";
|
|
@@ -114,14 +125,19 @@ function handleOidcCallback_nonMemoized() {
|
|
|
114
125
|
return "back";
|
|
115
126
|
}
|
|
116
127
|
})();
|
|
128
|
+
debug966975_1.debug966975.log("historyMethod: ".concat(historyMethod_1));
|
|
117
129
|
writeBackForwardTracker({
|
|
118
130
|
backForwardTracker: {
|
|
119
|
-
previousHistoryMethod:
|
|
131
|
+
previousHistoryMethod: historyMethod_1,
|
|
120
132
|
hasExitedCallback: false
|
|
121
133
|
}
|
|
122
134
|
});
|
|
123
135
|
reloadOnBfCacheNavigation();
|
|
124
|
-
|
|
136
|
+
setTimeout(function () {
|
|
137
|
+
debug966975_1.debug966975.log("(callback 0) Calling window.history.".concat(historyMethod_1, "()"));
|
|
138
|
+
window.history[historyMethod_1]();
|
|
139
|
+
}, 0);
|
|
140
|
+
debug966975_1.debug966975.log("returning isHandled: ".concat(isHandled ? "true" : "false"));
|
|
125
141
|
return { isHandled: isHandled };
|
|
126
142
|
}
|
|
127
143
|
var authResponse = { state: "" };
|
|
@@ -139,9 +155,13 @@ function handleOidcCallback_nonMemoized() {
|
|
|
139
155
|
finally { if (e_1) throw e_1.error; }
|
|
140
156
|
}
|
|
141
157
|
(0, tsafe_1.assert)(authResponse.state !== "", "063965");
|
|
158
|
+
debug966975_1.debug966975.log("authResponse: ".concat(JSON.stringify(authResponse)));
|
|
142
159
|
switch (stateData.context) {
|
|
143
160
|
case "iframe":
|
|
144
|
-
|
|
161
|
+
setTimeout(function () {
|
|
162
|
+
debug966975_1.debug966975.log("(callback 0) posting message to parent");
|
|
163
|
+
parent.postMessage(authResponse, location.origin);
|
|
164
|
+
}, 0);
|
|
145
165
|
break;
|
|
146
166
|
case "redirect":
|
|
147
167
|
(0, StateData_1.markStateDataAsProcessedByCallback)({ stateQueryParamValue: stateQueryParamValue });
|
|
@@ -150,14 +170,19 @@ function handleOidcCallback_nonMemoized() {
|
|
|
150
170
|
authResponses: __spreadArray(__spreadArray([], __read(readRedirectAuthResponses()), false), [authResponse], false)
|
|
151
171
|
});
|
|
152
172
|
reloadOnBfCacheNavigation();
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
173
|
+
setTimeout(function () {
|
|
174
|
+
var href = (function () {
|
|
175
|
+
if (stateData.action === "login" && authResponse.error === "consent_required") {
|
|
176
|
+
return stateData.redirectUrl_consentRequiredCase;
|
|
177
|
+
}
|
|
178
|
+
return stateData.redirectUrl;
|
|
179
|
+
})();
|
|
180
|
+
debug966975_1.debug966975.log("(callback 0) location.href = \"".concat(href, "\";"));
|
|
181
|
+
location.href = href;
|
|
182
|
+
}, 0);
|
|
159
183
|
break;
|
|
160
184
|
}
|
|
185
|
+
debug966975_1.debug966975.log("Returning isHandled: ".concat(isHandled ? "true" : "false"));
|
|
161
186
|
return { isHandled: isHandled };
|
|
162
187
|
}
|
|
163
188
|
var _a = (function () {
|
|
@@ -182,13 +207,24 @@ var _a = (function () {
|
|
|
182
207
|
function retrieveRedirectAuthResponseAndStateData(params) {
|
|
183
208
|
var e_2, _a;
|
|
184
209
|
var configId = params.configId;
|
|
210
|
+
debug966975_1.debug966975.log(">>> In retrieveRedirectAuthResponseAndStateData(".concat(JSON.stringify({ configId: configId }), ")"));
|
|
185
211
|
var authResponses = readRedirectAuthResponses();
|
|
212
|
+
debug966975_1.debug966975.log("authResponses: ".concat(JSON.stringify(authResponses)));
|
|
186
213
|
var authResponseAndStateData = undefined;
|
|
187
214
|
try {
|
|
188
215
|
for (var _b = __values(__spreadArray([], __read(authResponses), false)), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
189
216
|
var authResponse = _c.value;
|
|
217
|
+
debug966975_1.debug966975.log("authResponse: ".concat(JSON.stringify(authResponse)));
|
|
190
218
|
var stateData = (0, StateData_1.getStateData)({ stateQueryParamValue: authResponse.state });
|
|
191
|
-
(
|
|
219
|
+
debug966975_1.debug966975.log("stateDate: ".concat(JSON.stringify(stateData)));
|
|
220
|
+
try {
|
|
221
|
+
(0, tsafe_1.assert)(stateData !== undefined, "966975");
|
|
222
|
+
}
|
|
223
|
+
catch (_d) {
|
|
224
|
+
authResponses.splice(authResponses.indexOf(authResponse), 1);
|
|
225
|
+
debug966975_1.debug966975.report();
|
|
226
|
+
continue;
|
|
227
|
+
}
|
|
192
228
|
(0, tsafe_1.assert)(stateData.context === "redirect", "474728");
|
|
193
229
|
if (stateData.configId !== configId) {
|
|
194
230
|
continue;
|
|
@@ -205,8 +241,10 @@ function retrieveRedirectAuthResponseAndStateData(params) {
|
|
|
205
241
|
finally { if (e_2) throw e_2.error; }
|
|
206
242
|
}
|
|
207
243
|
if (authResponseAndStateData !== undefined) {
|
|
244
|
+
debug966975_1.debug966975.log("writeRedirectAuthResponses(".concat(JSON.stringify({ authResponses: authResponses }), ")"));
|
|
208
245
|
writeRedirectAuthResponses({ authResponses: authResponses });
|
|
209
246
|
}
|
|
247
|
+
debug966975_1.debug966975.log("Returning ".concat(JSON.stringify({ authResponseAndStateData: authResponseAndStateData }), " <<<<<<<<<"));
|
|
210
248
|
return authResponseAndStateData;
|
|
211
249
|
}
|
|
212
250
|
function reloadOnBfCacheNavigation() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handleOidcCallback.js","sourceRoot":"","sources":["../src/core/handleOidcCallback.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"handleOidcCallback.js","sourceRoot":"","sources":["../src/core/handleOidcCallback.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwBA,gDAWC;AAsLD,4FAiDC;AA1QD,yCAKqB;AACrB,kDAAsD;AAEtD,6DAA4D;AAC5D,+CAA8C;AAC9C,6CAA4C;AAE5C,IAAA,2BAAY,GAAE,CAAC;AAEf,IAAM,aAAa,GAAG;IAClB,YAAY,EAAE,IAAA,UAAE,EAAqC,SAAS,CAAC;CAClE,CAAC;AAEF,yBAAW,CAAC,GAAG,CACX,kFACI,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,8BAC7B,yCAAmB,CAAE,CAC5C,CAAC;AAEF,SAAgB,kBAAkB;IAC9B,IAAI,aAAa,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QAC3C,yBAAW,CAAC,GAAG,CACX,mEAA4D,IAAI,CAAC,SAAS,CACtE,aAAa,CAAC,YAAY,CAC7B,CAAE,CACN,CAAC;QACF,OAAO,aAAa,CAAC,YAAY,CAAC;IACtC,CAAC;IAED,OAAO,CAAC,aAAa,CAAC,YAAY,GAAG,8BAA8B,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,8BAA8B;;IACnC,yBAAW,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;IAEvD,IAAM,eAAe,GAAG,IAAI,GAAG,CAAC,yCAAmB,CAAC,CAAC;IAErD,IAAM,oBAAoB,GAAG,CAAC;QAC1B,IAAM,oBAAoB,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEvE,IAAI,oBAAoB,KAAK,IAAI,EAAE,CAAC;YAChC,yBAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACnC,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,IAAI,CAAC,IAAA,oCAAwB,EAAC,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,CAAC,EAAE,CAAC;YACjF,yBAAW,CAAC,GAAG,CAAC,kCAA2B,oBAAoB,kBAAe,CAAC,CAAC;YAChF,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,IACI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,IAAI;YACtD,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,IAAI;YAC1D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,IAAI,EAC3D,CAAC;YACC,yBAAW,CAAC,GAAG,CACX,kFAAkF,CACrF,CAAC;YACF,mFAAmF;YACnF,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,OAAO,oBAAoB,CAAC;IAChC,CAAC,CAAC,EAAE,CAAC;IAEL,yBAAW,CAAC,GAAG,CAAC,kCAA2B,oBAAoB,aAApB,oBAAoB,cAApB,oBAAoB,GAAI,WAAW,CAAE,CAAC,CAAC;IAElF,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;QACrC,IAAM,kBAAkB,GAAG,sBAAsB,EAAE,CAAC;QAEpD,yBAAW,CAAC,GAAG,CAAC,8BAAuB,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAE,CAAC,CAAC;QAE7E,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;YACnC,uBAAuB,CAAC;gBACpB,kBAAkB,wBACX,kBAAkB,KACrB,iBAAiB,EAAE,IAAI,GAC1B;aACJ,CAAC,CAAC;QACP,CAAC;QAED,yBAAW,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QAE7C,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IAChC,CAAC;IAED,IAAM,SAAS,GAAG,IAAI,CAAC;IAEvB,OAAO,CAAC,GAAG,GAAG,cAAO,CAAC,CAAC;IACvB,OAAO,CAAC,IAAI,GAAG,cAAO,CAAC,CAAC;IACxB,OAAO,CAAC,KAAK,GAAG,cAAO,CAAC,CAAC;IACzB,OAAO,CAAC,KAAK,GAAG,cAAO,CAAC,CAAC;IAEzB,IAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;IAEzD,yBAAW,CAAC,GAAG,CAAC,qBAAc,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAE,CAAC,CAAC;IAE3D,IACI,SAAS,KAAK,SAAS;QACvB,CAAC,SAAS,CAAC,OAAO,KAAK,UAAU,IAAI,SAAS,CAAC,0BAA0B,CAAC,EAC5E,CAAC;QACC,IAAM,eAAa,GAAuB,CAAC;YACvC,IAAM,kBAAkB,GAAG,sBAAsB,EAAE,CAAC;YAEpD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBACnC,OAAO,MAAM,CAAC;YAClB,CAAC;YAED,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,CAAC;gBACxC,OAAO,kBAAkB,CAAC,qBAAqB,CAAC;YACpD,CAAC;YAED,QAAQ,kBAAkB,CAAC,qBAAqB,EAAE,CAAC;gBAC/C,KAAK,MAAM;oBACP,OAAO,SAAS,CAAC;gBACrB,KAAK,SAAS;oBACV,OAAO,MAAM,CAAC;YACtB,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,yBAAW,CAAC,GAAG,CAAC,yBAAkB,eAAa,CAAE,CAAC,CAAC;QAEnD,uBAAuB,CAAC;YACpB,kBAAkB,EAAE;gBAChB,qBAAqB,EAAE,eAAa;gBACpC,iBAAiB,EAAE,KAAK;aAC3B;SACJ,CAAC,CAAC;QAEH,yBAAyB,EAAE,CAAC;QAE5B,UAAU,CAAC;YACP,yBAAW,CAAC,GAAG,CAAC,8CAAuC,eAAa,OAAI,CAAC,CAAC;YAE1E,MAAM,CAAC,OAAO,CAAC,eAAa,CAAC,EAAE,CAAC;QACpC,CAAC,EAAE,CAAC,CAAC,CAAC;QAEN,yBAAW,CAAC,GAAG,CAAC,+BAAwB,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAE,CAAC,CAAC;QAExE,OAAO,EAAE,SAAS,WAAA,EAAE,CAAC;IACzB,CAAC;IAED,IAAM,YAAY,GAAiB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;;QAEjD,KAA2B,IAAA,KAAA,SAAA,eAAe,CAAC,YAAY,CAAA,gBAAA,4BAAE,CAAC;YAA/C,IAAA,KAAA,mBAAY,EAAX,GAAG,QAAA,EAAE,KAAK,QAAA;YAClB,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC9B,CAAC;;;;;;;;;IAED,IAAA,cAAM,EAAC,YAAY,CAAC,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;IAE5C,yBAAW,CAAC,GAAG,CAAC,wBAAiB,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAE,CAAC,CAAC;IAEjE,QAAQ,SAAS,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,QAAQ;YACT,UAAU,CAAC;gBACP,yBAAW,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;gBAC1D,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YACtD,CAAC,EAAE,CAAC,CAAC,CAAC;YACN,MAAM;QACV,KAAK,UAAU;YACX,IAAA,8CAAkC,EAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;YAC7D,uBAAuB,EAAE,CAAC;YAC1B,0BAA0B,CAAC;gBACvB,aAAa,yCAAM,yBAAyB,EAAE,YAAE,YAAY,SAAC;aAChE,CAAC,CAAC;YACH,yBAAyB,EAAE,CAAC;YAC5B,UAAU,CAAC;gBACP,IAAM,IAAI,GAAG,CAAC;oBACV,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;wBAC5E,OAAO,SAAS,CAAC,+BAA+B,CAAC;oBACrD,CAAC;oBAED,OAAO,SAAS,CAAC,WAAW,CAAC;gBACjC,CAAC,CAAC,EAAE,CAAC;gBAEL,yBAAW,CAAC,GAAG,CAAC,yCAAiC,IAAI,QAAI,CAAC,CAAC;gBAE3D,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;YACzB,CAAC,EAAE,CAAC,CAAC,CAAC;YACN,MAAM;IACd,CAAC;IAED,yBAAW,CAAC,GAAG,CAAC,+BAAwB,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAE,CAAC,CAAC;IAExE,OAAO,EAAE,SAAS,WAAA,EAAE,CAAC;AACzB,CAAC;AAEK,IAAA,KAA4D,CAAC;IAC/D,IAAM,kBAAkB,GAAG,wBAAwB,CAAC;IAEpD,SAAS,0BAA0B,CAAC,MAAyC;QACjE,IAAA,aAAa,GAAK,MAAM,cAAX,CAAY;QACjC,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,cAAc,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;YAC9C,OAAO;QACX,CAAC;QACD,cAAc,CAAC,OAAO,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,SAAS,yBAAyB;QAC9B,IAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAEvD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,OAAO,EAAE,0BAA0B,4BAAA,EAAE,yBAAyB,2BAAA,EAAE,CAAC;AACrE,CAAC,CAAC,EAAE,EAvBI,yBAAyB,+BAAA,EAAE,0BAA0B,gCAuBzD,CAAC;AAEL,SAAgB,wCAAwC,CAAC,MAExD;;IACW,IAAA,QAAQ,GAAK,MAAM,SAAX,CAAY;IAE5B,yBAAW,CAAC,GAAG,CAAC,0DAAmD,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,UAAA,EAAE,CAAC,MAAG,CAAC,CAAC;IAEpG,IAAM,aAAa,GAAG,yBAAyB,EAAE,CAAC;IAElD,yBAAW,CAAC,GAAG,CAAC,yBAAkB,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAE,CAAC,CAAC;IAEnE,IAAI,wBAAwB,GAEV,SAAS,CAAC;;QAE5B,KAA2B,IAAA,KAAA,kCAAI,aAAa,UAAC,gBAAA,4BAAE,CAAC;YAA3C,IAAM,YAAY,WAAA;YACnB,yBAAW,CAAC,GAAG,CAAC,wBAAiB,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAE,CAAC,CAAC;YAEjE,IAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;YAE7E,yBAAW,CAAC,GAAG,CAAC,qBAAc,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAE,CAAC,CAAC;YAE3D,IAAI,CAAC;gBACD,IAAA,cAAM,EAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC9C,CAAC;YAAC,WAAM,CAAC;gBACL,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC7D,yBAAW,CAAC,MAAM,EAAE,CAAC;gBACrB,SAAS;YACb,CAAC;YAED,IAAA,cAAM,EAAC,SAAS,CAAC,OAAO,KAAK,UAAU,EAAE,QAAQ,CAAC,CAAC;YAEnD,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAClC,SAAS;YACb,CAAC;YAED,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;YAE7D,wBAAwB,GAAG,EAAE,YAAY,cAAA,EAAE,SAAS,WAAA,EAAE,CAAC;QAC3D,CAAC;;;;;;;;;IAED,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;QACzC,yBAAW,CAAC,GAAG,CAAC,qCAA8B,IAAI,CAAC,SAAS,CAAC,EAAE,aAAa,eAAA,EAAE,CAAC,MAAG,CAAC,CAAC;QACpF,0BAA0B,CAAC,EAAE,aAAa,eAAA,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,yBAAW,CAAC,GAAG,CAAC,oBAAa,IAAI,CAAC,SAAS,CAAC,EAAE,wBAAwB,0BAAA,EAAE,CAAC,eAAY,CAAC,CAAC;IAEvF,OAAO,wBAAwB,CAAC;AACpC,CAAC;AAED,SAAS,yBAAyB;IAC9B,IAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,CAAC,gBAAgB,CAAC,UAAU,EAAE;QAChC,IAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAEnC,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAChB,OAAO;QACX,CAAC;QACD,QAAQ,CAAC,MAAM,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;AACP,CAAC;AAEK,IAAA,KAA+E,CAAC;IAClF,IAAM,2BAA2B,GAAG,wCAAwC,CAAC;IAO7E,SAAS,uBAAuB,CAAC,MAAkD;QACvE,IAAA,kBAAkB,GAAK,MAAM,mBAAX,CAAY;QAEtC,cAAc,CAAC,OAAO,CAAC,2BAA2B,EAAE,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,SAAS,sBAAsB;QAC3B,IAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;QAEhE,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACf,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,SAAS,uBAAuB;QAC5B,cAAc,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,EAAE,uBAAuB,yBAAA,EAAE,sBAAsB,wBAAA,EAAE,uBAAuB,yBAAA,EAAE,CAAC;AACxF,CAAC,CAAC,EAAE,EA7BI,uBAAuB,6BAAA,EAAE,sBAAsB,4BAAA,EAAE,uBAAuB,6BA6B5E,CAAC"}
|
package/core/loginSilent.d.ts
CHANGED
|
@@ -24,5 +24,6 @@ export declare function loginSilent(params: {
|
|
|
24
24
|
url: string;
|
|
25
25
|
}) => Record<string, string | undefined>) | undefined;
|
|
26
26
|
getExtraTokenParams: (() => Record<string, string | undefined>) | undefined;
|
|
27
|
+
autoLogin: boolean;
|
|
27
28
|
}): Promise<ResultOfLoginSilent>;
|
|
28
29
|
export {};
|
package/core/loginSilent.js
CHANGED
|
@@ -73,16 +73,18 @@ var AuthResponse_1 = require("./AuthResponse");
|
|
|
73
73
|
var urlSearchParams_1 = require("../tools/urlSearchParams");
|
|
74
74
|
function loginSilent(params) {
|
|
75
75
|
return __awaiter(this, void 0, void 0, function () {
|
|
76
|
-
var oidcClientTsUserManager, stateQueryParamValue_instance, configId, transformUrlBeforeRedirect_next, getExtraQueryParams, getExtraTokenParams, dResult, timeoutDelayMs, timeout, listener, transformUrl_oidcClientTs;
|
|
76
|
+
var oidcClientTsUserManager, stateQueryParamValue_instance, configId, transformUrlBeforeRedirect_next, getExtraQueryParams, getExtraTokenParams, autoLogin, dResult, timeoutDelayMs, timeout, listener, transformUrl_oidcClientTs;
|
|
77
77
|
var _this = this;
|
|
78
78
|
return __generator(this, function (_a) {
|
|
79
|
-
oidcClientTsUserManager = params.oidcClientTsUserManager, stateQueryParamValue_instance = params.stateQueryParamValue_instance, configId = params.configId, transformUrlBeforeRedirect_next = params.transformUrlBeforeRedirect_next, getExtraQueryParams = params.getExtraQueryParams, getExtraTokenParams = params.getExtraTokenParams;
|
|
79
|
+
oidcClientTsUserManager = params.oidcClientTsUserManager, stateQueryParamValue_instance = params.stateQueryParamValue_instance, configId = params.configId, transformUrlBeforeRedirect_next = params.transformUrlBeforeRedirect_next, getExtraQueryParams = params.getExtraQueryParams, getExtraTokenParams = params.getExtraTokenParams, autoLogin = params.autoLogin;
|
|
80
80
|
dResult = new Deferred_1.Deferred();
|
|
81
81
|
timeoutDelayMs = (function () {
|
|
82
|
+
if (autoLogin) {
|
|
83
|
+
return 25000;
|
|
84
|
+
}
|
|
82
85
|
var downlinkAndRtt = (0, getDownlinkAndRtt_1.getDownlinkAndRtt)();
|
|
83
86
|
var isDev = (0, isDev_1.getIsDev)();
|
|
84
87
|
// Base delay is the minimum delay we should wait in any case
|
|
85
|
-
//const BASE_DELAY_MS = 3000;
|
|
86
88
|
var BASE_DELAY_MS = isDev ? 9000 : 7000;
|
|
87
89
|
if (downlinkAndRtt === undefined) {
|
|
88
90
|
return BASE_DELAY_MS;
|
package/core/loginSilent.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwBA,
|
|
1
|
+
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwBA,kCAqKC;AA5LD,8CAA6C;AAC7C,kDAAmE;AACnE,yCAA4E;AAC5E,gEAA+D;AAC/D,wCAA0C;AAE1C,+CAAsE;AACtE,4DAAkE;AAgBlE,SAAsB,WAAW,CAAC,MAejC;;;;;YAEO,uBAAuB,GAOvB,MAAM,wBAPiB,EACvB,6BAA6B,GAM7B,MAAM,8BANuB,EAC7B,QAAQ,GAKR,MAAM,SALE,EACR,+BAA+B,GAI/B,MAAM,gCAJyB,EAC/B,mBAAmB,GAGnB,MAAM,oBAHa,EACnB,mBAAmB,GAEnB,MAAM,oBAFa,EACnB,SAAS,GACT,MAAM,UADG,CACF;YAEL,OAAO,GAAG,IAAI,mBAAQ,EAAuB,CAAC;YAE9C,cAAc,GAAW,CAAC;gBAC5B,IAAI,SAAS,EAAE,CAAC;oBACZ,OAAO,KAAM,CAAC;gBAClB,CAAC;gBAED,IAAM,cAAc,GAAG,IAAA,qCAAiB,GAAE,CAAC;gBAC3C,IAAM,KAAK,GAAG,IAAA,gBAAQ,GAAE,CAAC;gBAEzB,6DAA6D;gBAC7D,IAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,IAAK,CAAC;gBAE5C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;oBAC/B,OAAO,aAAa,CAAC;gBACzB,CAAC;gBAEO,IAAA,QAAQ,GAAU,cAAc,SAAxB,EAAE,GAAG,GAAK,cAAc,IAAnB,CAAoB;gBAEzC,oDAAoD;gBACpD,8CAA8C;gBAC9C,IAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;gBAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;YACjD,CAAC,CAAC,EAAE,CAAC;YAEC,OAAO,GAAG,UAAU,CAAC;;oBACvB,OAAO,CAAC,OAAO,CAAC;wBACZ,OAAO,EAAE,SAAS;wBAClB,KAAK,EAAE,SAAS;qBACnB,CAAC,CAAC;;;iBACN,EAAE,cAAc,CAAC,CAAC;YAEb,QAAQ,GAAG,UAAC,KAAmB;gBACjC,IAAI,CAAC,IAAA,gCAAiB,EAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACjC,OAAO;gBACX,CAAC;gBAED,IAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;gBAEhC,IAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;gBAE7E,IAAA,cAAM,EAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAC1C,IAAA,cAAM,EAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAEjD,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAClC,OAAO;gBACX,CAAC;gBAED,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAEhD,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,+BAA+B;oBACxC,YAAY,cAAA;iBACf,CAAC,CAAC;YACP,CAAC,CAAC;YAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YAE9C,yBAAyB,GAAG,UAAC,GAAW;;gBAC1C,sBAAsB,EAAE,CAAC;oBACrB,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;wBACpC,MAAM,sBAAsB,CAAC;oBACjC,CAAC;oBAED,IAAM,gBAAgB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;;wBAEtE,KAA4B,IAAA,KAAA,SAAA,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA,gBAAA,4BAAE,CAAC;4BAApD,IAAA,KAAA,mBAAa,EAAZ,MAAI,QAAA,EAAE,KAAK,QAAA;4BACnB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gCACtB,SAAS;4BACb,CAAC;4BACD,GAAG,GAAG,IAAA,wCAAsB,EAAC,EAAE,GAAG,KAAA,EAAE,IAAI,QAAA,EAAE,KAAK,OAAA,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;wBACjF,CAAC;;;;;;;;;gBACL,CAAC;gBAED,mBAAmB,EAAE,CAAC;oBAClB,IAAI,+BAA+B,KAAK,SAAS,EAAE,CAAC;wBAChD,MAAM,mBAAmB,CAAC;oBAC9B,CAAC;oBACD,GAAG,GAAG,+BAA+B,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;gBACrF,CAAC;gBAED,OAAO,GAAG,CAAC;YACf,CAAC,CAAC;YAEF,uBAAuB;iBAClB,YAAY,CAAC;gBACV,KAAK,EAAE,IAAA,UAAE,EAAmB;oBACxB,OAAO,EAAE,QAAQ;oBACjB,QAAQ,UAAA;iBACX,CAAC;gBACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;gBACpD,gBAAgB,EACZ,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAA,mBAAW,EAAC,mBAAmB,EAAE,CAAC;gBACtF,YAAY,EAAE,yBAAyB;aAC1C,CAAC;iBACD,IAAI,CACD,UAAA,gBAAgB;gBACZ,IAAA,cAAM,EAAC,gBAAgB,KAAK,IAAI,EAAE,kDAAkD,CAAC,CAAC;gBAEtF,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEtB,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,qCAAqC;oBAC9C,gBAAgB,kBAAA;iBACnB,CAAC,CAAC;YACP,CAAC,EACD,UAAC,KAAY;gBACT,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;oBACtC,+DAA+D;oBAC/D,mCAAmC;oBACnC,mEAAmE;oBACnE,0CAA0C;oBAC1C,yEAAyE;oBAEzE,YAAY,CAAC,OAAO,CAAC,CAAC;oBAEtB,OAAO,CAAC,OAAO,CAAC;wBACZ,OAAO,EAAE,SAAS;wBAClB,KAAK,EAAE,sCAAsC;qBAChD,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,yEAAyE;gBACzE,qEAAqE;YACzE,CAAC,CACJ,CAAC;YAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,UAAA,MAAM;gBAClB,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC/B,IAAA,2BAAe,EAAC,EAAE,oBAAoB,EAAE,6BAA6B,EAAE,CAAC,CAAC;gBAC7E,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,sBAAO,OAAO,CAAC,EAAE,EAAC;;;CACrB"}
|
|
@@ -95,7 +95,7 @@ function oidcClientTsUserToTokens(params) {
|
|
|
95
95
|
tokens.refreshTokenExpirationTime !== undefined &&
|
|
96
96
|
tokens.refreshTokenExpirationTime < tokens.accessTokenExpirationTime) {
|
|
97
97
|
console.warn([
|
|
98
|
-
"The OIDC refresh token shorter than the one of the access token.",
|
|
98
|
+
"The OIDC refresh token expirationTime is shorter than the one of the access token.",
|
|
99
99
|
"This is very unusual and probably a misconfiguration."
|
|
100
100
|
].join(" "));
|
|
101
101
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidcClientTsUserToTokens.js","sourceRoot":"","sources":["../src/core/oidcClientTsUserToTokens.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAMA,4DAuJC;AAED,sDAsBC;AApLD,kDAAsD;AACtD,4EAA2E;AAC3E,gDAA+C;AAG/C,SAAgB,wBAAwB,CAAiD,MAMxF;IAEO,IAAA,gBAAgB,GAKhB,MAAM,iBALU,EAChB,oBAAoB,GAIpB,MAAM,qBAJc,EACpB,gCAAgC,GAGhC,MAAM,iCAH0B,EAChC,uBAAuB,GAEvB,MAAM,wBAFiB,EACvB,GAAG,GACH,MAAM,IADH,CACI;IAEX,IAAM,WAAW,GAAG,uBAAuB,KAAK,SAAS,CAAC;IAE1D,IAAM,WAAW,GAAG,gBAAgB,CAAC,YAAY,CAAC;IAElD,IAAM,yBAAyB,GAAG,CAAC;QAC/B,wBAAwB,EAAE,CAAC;YACf,IAAA,UAAU,GAAK,gBAAgB,WAArB,CAAsB;YAExC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAC3B,MAAM,wBAAwB,CAAC;YACnC,CAAC;YAED,OAAO,UAAU,GAAG,IAAI,CAAC;QAC7B,CAAC;QAED,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,WAAW,CAAC,CAAC;YAE5D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,IAAA,cAAM,EAAC,KAAK,EAAE,4CAA4C,CAAC,CAAC;IAChE,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,YAAY,GAAG,gBAAgB,CAAC,aAAa,CAAC;IAEpD,IAAM,0BAA0B,GAAG,CAAC;QAChC,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,YAAY,CAAC,CAAC;YAE7D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,OAAO,SAAS,CAAC;IACrB,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC;IAE1C,IAAA,cAAM,EAAC,OAAO,KAAK,SAAS,EAAE,yCAAyC,CAAC,CAAC;IAEzE,IAAM,cAAc,GAAG,CAAC;QACpB,IAAI,cAAc,GAAG,IAAA,qBAAS,EAAC,OAAO,CAAmB,CAAC;QAE1D,IAAI,WAAW,EAAE,CAAC;YACd,GAAG,aAAH,GAAG,uBAAH,GAAG,CACC;gBACI,kBAAkB;gBAClB,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,0CAA0C;gBACpF,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;aAC1C,CAAC,IAAI,CAAC,EAAE,CAAC,CACb,CAAC;QACN,CAAC;QAED,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;YACrC,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAE5D,IAAI,WAAW,EAAE,CAAC;gBACd,GAAG,aAAH,GAAG,uBAAH,GAAG,CACC;oBACI,yDAAyD;oBACzD,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC1C,CAAC,IAAI,CAAC,EAAE,CAAC,CACb,CAAC;YACN,CAAC;QACL,CAAC;QAED,IACI,uBAAuB,KAAK,SAAS;YACrC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,EAC5E,CAAC;YACC,OAAO,uBAAuB,CAAC;QACnC,CAAC;QAED,OAAO,cAAc,CAAC;IAC1B,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,aAAa,yBACZ,CAAC,gCAAgC;QAChC,CAAC,CAAC;YACI,WAAW,EAAE,OAAO;YACpB,yBAAyB,EAAE,CAAC;gBACxB,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,OAAO,CAAC,CAAC;gBAExD,IAAA,cAAM,EACF,cAAc,KAAK,SAAS,EAC5B,oGAAoG,CACvG,CAAC;gBAEF,OAAO,cAAc,CAAC;YAC1B,CAAC,CAAC,EAAE;SACP;QACH,CAAC,CAAC,EAAE,WAAW,aAAA,EAAE,yBAAyB,2BAAA,EAAE,CAAC,KACjD,OAAO,SAAA,EACP,cAAc,gBAAA,GACjB,CAAC;IAEF,IAAM,MAAM,GACR,YAAY,KAAK,SAAS;QACtB,CAAC,CAAC,IAAA,UAAE,wBACK,aAAa,KAChB,eAAe,EAAE,KAAK,IACxB;QACJ,CAAC,CAAC,IAAA,UAAE,wBACK,aAAa,KAChB,eAAe,EAAE,IAAI,EACrB,YAAY,cAAA,EACZ,0BAA0B,4BAAA,IAC5B,CAAC;IAEb,IACI,WAAW;QACX,MAAM,CAAC,eAAe;QACtB,MAAM,CAAC,0BAA0B,KAAK,SAAS;QAC/C,MAAM,CAAC,0BAA0B,GAAG,MAAM,CAAC,yBAAyB,EACtE,CAAC;QACC,OAAO,CAAC,IAAI,CACR;YACI,
|
|
1
|
+
{"version":3,"file":"oidcClientTsUserToTokens.js","sourceRoot":"","sources":["../src/core/oidcClientTsUserToTokens.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAMA,4DAuJC;AAED,sDAsBC;AApLD,kDAAsD;AACtD,4EAA2E;AAC3E,gDAA+C;AAG/C,SAAgB,wBAAwB,CAAiD,MAMxF;IAEO,IAAA,gBAAgB,GAKhB,MAAM,iBALU,EAChB,oBAAoB,GAIpB,MAAM,qBAJc,EACpB,gCAAgC,GAGhC,MAAM,iCAH0B,EAChC,uBAAuB,GAEvB,MAAM,wBAFiB,EACvB,GAAG,GACH,MAAM,IADH,CACI;IAEX,IAAM,WAAW,GAAG,uBAAuB,KAAK,SAAS,CAAC;IAE1D,IAAM,WAAW,GAAG,gBAAgB,CAAC,YAAY,CAAC;IAElD,IAAM,yBAAyB,GAAG,CAAC;QAC/B,wBAAwB,EAAE,CAAC;YACf,IAAA,UAAU,GAAK,gBAAgB,WAArB,CAAsB;YAExC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAC3B,MAAM,wBAAwB,CAAC;YACnC,CAAC;YAED,OAAO,UAAU,GAAG,IAAI,CAAC;QAC7B,CAAC;QAED,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,WAAW,CAAC,CAAC;YAE5D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,IAAA,cAAM,EAAC,KAAK,EAAE,4CAA4C,CAAC,CAAC;IAChE,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,YAAY,GAAG,gBAAgB,CAAC,aAAa,CAAC;IAEpD,IAAM,0BAA0B,GAAG,CAAC;QAChC,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,aAAa,EAAE,CAAC;YACZ,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,YAAY,CAAC,CAAC;YAE7D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBAC/B,MAAM,aAAa,CAAC;YACxB,CAAC;YAED,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,OAAO,SAAS,CAAC;IACrB,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC;IAE1C,IAAA,cAAM,EAAC,OAAO,KAAK,SAAS,EAAE,yCAAyC,CAAC,CAAC;IAEzE,IAAM,cAAc,GAAG,CAAC;QACpB,IAAI,cAAc,GAAG,IAAA,qBAAS,EAAC,OAAO,CAAmB,CAAC;QAE1D,IAAI,WAAW,EAAE,CAAC;YACd,GAAG,aAAH,GAAG,uBAAH,GAAG,CACC;gBACI,kBAAkB;gBAClB,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,0CAA0C;gBACpF,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;aAC1C,CAAC,IAAI,CAAC,EAAE,CAAC,CACb,CAAC;QACN,CAAC;QAED,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;YACrC,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAE5D,IAAI,WAAW,EAAE,CAAC;gBACd,GAAG,aAAH,GAAG,uBAAH,GAAG,CACC;oBACI,yDAAyD;oBACzD,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC1C,CAAC,IAAI,CAAC,EAAE,CAAC,CACb,CAAC;YACN,CAAC;QACL,CAAC;QAED,IACI,uBAAuB,KAAK,SAAS;YACrC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,EAC5E,CAAC;YACC,OAAO,uBAAuB,CAAC;QACnC,CAAC;QAED,OAAO,cAAc,CAAC;IAC1B,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,aAAa,yBACZ,CAAC,gCAAgC;QAChC,CAAC,CAAC;YACI,WAAW,EAAE,OAAO;YACpB,yBAAyB,EAAE,CAAC;gBACxB,IAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,OAAO,CAAC,CAAC;gBAExD,IAAA,cAAM,EACF,cAAc,KAAK,SAAS,EAC5B,oGAAoG,CACvG,CAAC;gBAEF,OAAO,cAAc,CAAC;YAC1B,CAAC,CAAC,EAAE;SACP;QACH,CAAC,CAAC,EAAE,WAAW,aAAA,EAAE,yBAAyB,2BAAA,EAAE,CAAC,KACjD,OAAO,SAAA,EACP,cAAc,gBAAA,GACjB,CAAC;IAEF,IAAM,MAAM,GACR,YAAY,KAAK,SAAS;QACtB,CAAC,CAAC,IAAA,UAAE,wBACK,aAAa,KAChB,eAAe,EAAE,KAAK,IACxB;QACJ,CAAC,CAAC,IAAA,UAAE,wBACK,aAAa,KAChB,eAAe,EAAE,IAAI,EACrB,YAAY,cAAA,EACZ,0BAA0B,4BAAA,IAC5B,CAAC;IAEb,IACI,WAAW;QACX,MAAM,CAAC,eAAe;QACtB,MAAM,CAAC,0BAA0B,KAAK,SAAS;QAC/C,MAAM,CAAC,0BAA0B,GAAG,MAAM,CAAC,yBAAyB,EACtE,CAAC;QACC,OAAO,CAAC,IAAI,CACR;YACI,oFAAoF;YACpF,uDAAuD;SAC1D,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IACN,CAAC;IAED,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,SAAgB,qBAAqB,CAAC,MAAmB;;IACrD,kEAAkE;IAClE,gEAAgE;IAChE,mBAAmB;IACnB,IAAM,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAChC,MAAM,CAAC,yBAAyB,EAChC,MAAA,MAAM,CAAC,0BAA0B,mCAAI,MAAM,CAAC,iBAAiB,CAChE,CAAC;IAEF,IAAM,kBAAkB,GAAG,IAAI,CAAC,GAAG,CAC/B,mBAAmB,GAAG,IAAI,CAAC,GAAG,EAAE;IAChC,+DAA+D;IAC/D,0CAA0C;IAC1C,mFAAmF;IACnF,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CACtB,CAAC;IAEF,IAAI,kBAAkB,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC;IACb,CAAC;IAED,OAAO,kBAAkB,CAAC;AAC9B,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "oidc-spa",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.14.1",
|
|
4
4
|
"description": "Openidconnect client for Single Page Applications",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -35,9 +35,11 @@
|
|
|
35
35
|
"./src/core/AuthResponse.ts",
|
|
36
36
|
"./src/core/Oidc.ts",
|
|
37
37
|
"./src/core/OidcInitializationError.ts",
|
|
38
|
+
"./src/core/OidcMetadata.ts",
|
|
38
39
|
"./src/core/StateData.ts",
|
|
39
40
|
"./src/core/configId.ts",
|
|
40
41
|
"./src/core/createOidc.ts",
|
|
42
|
+
"./src/core/debug966975.ts",
|
|
41
43
|
"./src/core/evtIsUserActive.ts",
|
|
42
44
|
"./src/core/handleOidcCallback.ts",
|
|
43
45
|
"./src/core/index.ts",
|
|
@@ -70,6 +72,7 @@
|
|
|
70
72
|
"./src/tools/getDownlinkAndRtt.ts",
|
|
71
73
|
"./src/tools/getIsValidRemoteJson.ts",
|
|
72
74
|
"./src/tools/getPrUserInteraction.ts",
|
|
75
|
+
"./src/tools/getUserEnvironmentInfo.ts",
|
|
73
76
|
"./src/tools/haveSharedParentDomain.ts",
|
|
74
77
|
"./src/tools/isDev.ts",
|
|
75
78
|
"./src/tools/parseKeycloakIssuerUri.ts",
|
|
@@ -101,6 +104,9 @@
|
|
|
101
104
|
"./core/OidcInitializationError.d.ts",
|
|
102
105
|
"./core/OidcInitializationError.js",
|
|
103
106
|
"./core/OidcInitializationError.js.map",
|
|
107
|
+
"./core/OidcMetadata.d.ts",
|
|
108
|
+
"./core/OidcMetadata.js",
|
|
109
|
+
"./core/OidcMetadata.js.map",
|
|
104
110
|
"./core/StateData.d.ts",
|
|
105
111
|
"./core/StateData.js",
|
|
106
112
|
"./core/StateData.js.map",
|
|
@@ -110,6 +116,9 @@
|
|
|
110
116
|
"./core/createOidc.d.ts",
|
|
111
117
|
"./core/createOidc.js",
|
|
112
118
|
"./core/createOidc.js.map",
|
|
119
|
+
"./core/debug966975.d.ts",
|
|
120
|
+
"./core/debug966975.js",
|
|
121
|
+
"./core/debug966975.js.map",
|
|
113
122
|
"./core/evtIsUserActive.d.ts",
|
|
114
123
|
"./core/evtIsUserActive.js",
|
|
115
124
|
"./core/evtIsUserActive.js.map",
|
|
@@ -206,6 +215,9 @@
|
|
|
206
215
|
"./tools/getPrUserInteraction.d.ts",
|
|
207
216
|
"./tools/getPrUserInteraction.js",
|
|
208
217
|
"./tools/getPrUserInteraction.js.map",
|
|
218
|
+
"./tools/getUserEnvironmentInfo.d.ts",
|
|
219
|
+
"./tools/getUserEnvironmentInfo.js",
|
|
220
|
+
"./tools/getUserEnvironmentInfo.js.map",
|
|
209
221
|
"./tools/haveSharedParentDomain.d.ts",
|
|
210
222
|
"./tools/haveSharedParentDomain.js",
|
|
211
223
|
"./tools/haveSharedParentDomain.js.map",
|
|
@@ -0,0 +1,271 @@
|
|
|
1
|
+
import { type OidcMetadata as OidcClientTsOidcMetadata } from "../vendor/frontend/oidc-client-ts-and-jwt-decode";
|
|
2
|
+
import { assert, type Equals } from "../vendor/frontend/tsafe";
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* OpenID Providers have metadata describing their configuration.
|
|
6
|
+
*
|
|
7
|
+
* @public
|
|
8
|
+
*/
|
|
9
|
+
export type OidcMetadata = {
|
|
10
|
+
/**
|
|
11
|
+
* REQUIRED. URL using the `https` scheme with no query or fragment component that the OP asserts as its Issuer
|
|
12
|
+
* Identifier. If Issuer discovery is supported
|
|
13
|
+
* (see [Section 2](https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery)),
|
|
14
|
+
* this value MUST be identical to the issuer value
|
|
15
|
+
* returned by WebFinger. This also MUST be identical to the `iss` Claim value in ID Tokens issued from this Issuer.
|
|
16
|
+
*
|
|
17
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
18
|
+
*/
|
|
19
|
+
issuer: string;
|
|
20
|
+
/**
|
|
21
|
+
* REQUIRED. URL of the OP's OAuth 2.0 Authorization Endpoint
|
|
22
|
+
* [[OpenID.Core](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core)].
|
|
23
|
+
* This URL MUST use the `https` scheme and MAY contain port, path, and query parameter components.
|
|
24
|
+
*
|
|
25
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
26
|
+
*/
|
|
27
|
+
authorization_endpoint: string;
|
|
28
|
+
/**
|
|
29
|
+
* URL of the OP's OAuth 2.0 Token Endpoint
|
|
30
|
+
* [[OpenID.Core](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core)].
|
|
31
|
+
* This is REQUIRED unless only the Implicit Flow is used. This URL MUST use the `https` scheme and MAY contain
|
|
32
|
+
* port, path, and query parameter components.
|
|
33
|
+
*
|
|
34
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
35
|
+
*/
|
|
36
|
+
token_endpoint: string;
|
|
37
|
+
/**
|
|
38
|
+
* OPTIONAL. JSON array containing a list of Client Authentication methods supported by this Token Endpoint.
|
|
39
|
+
* The options are `client_secret_post`, `client_secret_basic`, `client_secret_jwt`, and `private_key_jwt`, as
|
|
40
|
+
* described in Section 9 of
|
|
41
|
+
* [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core)
|
|
42
|
+
* [OpenID.Core]. Other authentication methods MAY be defined by extensions. If omitted, the default is
|
|
43
|
+
* `client_secret_basic` -- the HTTP Basic Authentication Scheme specified in Section 2.3.1 of
|
|
44
|
+
* [OAuth 2.0](https://openid.net/specs/openid-connect-discovery-1_0.html#RFC6749) [RFC6749].
|
|
45
|
+
*
|
|
46
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
47
|
+
*/
|
|
48
|
+
token_endpoint_auth_methods_supported: string[];
|
|
49
|
+
/**
|
|
50
|
+
* OPTIONAL. JSON array containing a list of the JWS signing algorithms (`alg` values) supported by the
|
|
51
|
+
* Token Endpoint for the signature on the JWT
|
|
52
|
+
* [[JWT](https://openid.net/specs/openid-connect-discovery-1_0.html#JWT)]
|
|
53
|
+
* used to authenticate the Client at the Token Endpoint for the `private_key_jwt` and `client_secret_jwt`
|
|
54
|
+
* authentication methods. Servers SHOULD support RS256. The value none MUST NOT be used.
|
|
55
|
+
*
|
|
56
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
57
|
+
*/
|
|
58
|
+
token_endpoint_auth_signing_alg_values_supported: string[];
|
|
59
|
+
/**
|
|
60
|
+
* RECOMMENDED. URL of the OP's UserInfo Endpoint
|
|
61
|
+
* [[OpenID.Core](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core)].
|
|
62
|
+
* This URL MUST use the https scheme and MAY contain port, path, and query parameter components.
|
|
63
|
+
*
|
|
64
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
65
|
+
*/
|
|
66
|
+
userinfo_endpoint: string;
|
|
67
|
+
/**
|
|
68
|
+
* REQUIRED. URL of an OP iframe that supports cross-origin communications for session state information with the
|
|
69
|
+
* RP Client, using the HTML5 postMessage API. This URL MUST use the `https` scheme and MAY contain port, path, and
|
|
70
|
+
* query parameter components. The page is loaded from an invisible iframe embedded in an RP page so that it can run
|
|
71
|
+
* in the OP's security context. It accepts postMessage requests from the relevant RP iframe and uses postMessage to
|
|
72
|
+
* post back the login status of the End-User at the OP.
|
|
73
|
+
*
|
|
74
|
+
* @see https://openid.net/specs/openid-connect-session-1_0.html#OPMetadata
|
|
75
|
+
*/
|
|
76
|
+
check_session_iframe: string;
|
|
77
|
+
/**
|
|
78
|
+
* REQUIRED. URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
|
|
79
|
+
*
|
|
80
|
+
* @see https://openid.net/specs/openid-connect-session-1_0-17.html#OPMetadata
|
|
81
|
+
*/
|
|
82
|
+
end_session_endpoint: string;
|
|
83
|
+
/**
|
|
84
|
+
* REQUIRED. URL of the OP's JWK Set
|
|
85
|
+
* [[JWK](https://openid.net/specs/openid-connect-discovery-1_0.html#JWK)]
|
|
86
|
+
* document, which MUST use the `https` scheme. This contains the signing key(s) the RP uses to validate signatures from
|
|
87
|
+
* the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server.
|
|
88
|
+
* When both signing and encryption keys are made available, a `use` (public key use) parameter value is REQUIRED for all keys
|
|
89
|
+
* in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for
|
|
90
|
+
* both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK `x5c` parameter MAY be used to provide
|
|
91
|
+
* X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the
|
|
92
|
+
* certificate. The JWK Set MUST NOT contain private or symmetric key values.
|
|
93
|
+
*
|
|
94
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
95
|
+
*/
|
|
96
|
+
jwks_uri: string;
|
|
97
|
+
/**
|
|
98
|
+
* RECOMMENDED. URL of the OP's Dynamic Client Registration Endpoint
|
|
99
|
+
* [[OpenID.Registration](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Registration)],
|
|
100
|
+
* which MUST use the `https` scheme.
|
|
101
|
+
*
|
|
102
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
103
|
+
*/
|
|
104
|
+
registration_endpoint: string;
|
|
105
|
+
/**
|
|
106
|
+
* RECOMMENDED. JSON array containing a list of the
|
|
107
|
+
* [OAuth 2.0](https://openid.net/specs/openid-connect-discovery-1_0.html#RFC6749)
|
|
108
|
+
* [RFC6749] scope values that this server supports. The server MUST support the openid scope value. Servers MAY choose not
|
|
109
|
+
* to advertise some supported scope values even when this parameter is used, although those defined in
|
|
110
|
+
* [[OpenID.Core](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core)]
|
|
111
|
+
* SHOULD be listed, if supported.
|
|
112
|
+
*
|
|
113
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
114
|
+
*/
|
|
115
|
+
scopes_supported: string[];
|
|
116
|
+
/**
|
|
117
|
+
* REQUIRED. JSON array containing a list of the OAuth 2.0 `response_type` values that this OP supports. Dynamic OpenID
|
|
118
|
+
* Providers MUST support the `code`, `id_token`, and the `id_token token` Response Type values.
|
|
119
|
+
*
|
|
120
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
121
|
+
*/
|
|
122
|
+
response_types_supported: string[];
|
|
123
|
+
/**
|
|
124
|
+
* OPTIONAL. JSON array containing a list of the Authentication Context Class References that this OP supports.
|
|
125
|
+
*
|
|
126
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
127
|
+
*/
|
|
128
|
+
acr_values_supported: string[];
|
|
129
|
+
/**
|
|
130
|
+
* REQUIRED. JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include `pairwise`
|
|
131
|
+
* and `public`.
|
|
132
|
+
*
|
|
133
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
134
|
+
*/
|
|
135
|
+
subject_types_supported: string[];
|
|
136
|
+
/**
|
|
137
|
+
* OPTIONAL. JSON array containing a list of the JWS signing algorithms (`alg` values) supported by the OP for Request Objects,
|
|
138
|
+
* which are described in Section 6.1 of
|
|
139
|
+
* [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core)
|
|
140
|
+
* [OpenID.Core]. These algorithms are used both when the Request Object is passed by value (using the `request` parameter) and
|
|
141
|
+
* when it is passed by reference (using the `request_uri` parameter). Servers SHOULD support `none` and `RS256`.
|
|
142
|
+
*
|
|
143
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
144
|
+
*/
|
|
145
|
+
request_object_signing_alg_values_supported: string[];
|
|
146
|
+
/**
|
|
147
|
+
* OPTIONAL. JSON array containing a list of the `display` parameter values that the OpenID Provider supports. These values are
|
|
148
|
+
* described in Section 3.1.2.1 of
|
|
149
|
+
* [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core)
|
|
150
|
+
* [OpenID.Core].
|
|
151
|
+
*
|
|
152
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
153
|
+
*/
|
|
154
|
+
display_values_supported: string[];
|
|
155
|
+
/**
|
|
156
|
+
* OPTIONAL. JSON array containing a list of the Claim Types that the OpenID Provider supports. These Claim Types are described
|
|
157
|
+
* in Section 5.6 of
|
|
158
|
+
* [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core)
|
|
159
|
+
* [OpenID.Core]. Values defined by this specification are `normal`, `aggregated`, and `distributed`. If omitted, the
|
|
160
|
+
* implementation supports only normal Claims.
|
|
161
|
+
*
|
|
162
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
163
|
+
*/
|
|
164
|
+
claim_types_supported: string[];
|
|
165
|
+
/**
|
|
166
|
+
* RECOMMENDED. JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply
|
|
167
|
+
* values for. Note that for privacy or other reasons, this might not be an exhaustive list.
|
|
168
|
+
*
|
|
169
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
170
|
+
*/
|
|
171
|
+
claims_supported: string[];
|
|
172
|
+
/**
|
|
173
|
+
* OPTIONAL. Boolean value specifying whether the OP supports use of the `claims` parameter, with `true` indicating support. If
|
|
174
|
+
* omitted, the default value is `false`.
|
|
175
|
+
*
|
|
176
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
177
|
+
*/
|
|
178
|
+
claims_parameter_supported: boolean;
|
|
179
|
+
/**
|
|
180
|
+
* OPTIONAL. URL of a page containing human-readable information that developers might want or need to know when using the
|
|
181
|
+
* OpenID Provider. In particular, if the OpenID Provider does not support Dynamic Client Registration, then information on
|
|
182
|
+
* how to register Clients needs to be provided in this documentation.
|
|
183
|
+
*
|
|
184
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
185
|
+
*/
|
|
186
|
+
service_documentation: string;
|
|
187
|
+
/**
|
|
188
|
+
* OPTIONAL. Languages and scripts supported for the user interface, represented as a JSON array of
|
|
189
|
+
* [BCP47](https://openid.net/specs/openid-connect-discovery-1_0.html#RFC5646)
|
|
190
|
+
* [RFC5646] language tag values.
|
|
191
|
+
*
|
|
192
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
193
|
+
*/
|
|
194
|
+
ui_locales_supported: string[];
|
|
195
|
+
/**
|
|
196
|
+
* The fully qualified URL of the server's revocation endpoint defined by
|
|
197
|
+
* [OAuth 2.0 Token Revocation](https://openid.net/specs/openid-heart-oauth2-2015-12-07.html#RFC7009)
|
|
198
|
+
* [RFC7009].
|
|
199
|
+
*
|
|
200
|
+
* @see https://openid.net/specs/openid-heart-oauth2-2015-12-07.html#rfc.section.4.1
|
|
201
|
+
*/
|
|
202
|
+
revocation_endpoint: string;
|
|
203
|
+
/**
|
|
204
|
+
* The fully qualified URL of the server's introspection endpoint defined by
|
|
205
|
+
* [OAuth Token Introspection](https://openid.net/specs/openid-heart-oauth2-2015-12-07.html#RFC7662)
|
|
206
|
+
* [RFC7662].
|
|
207
|
+
*
|
|
208
|
+
* @see https://openid.net/specs/openid-heart-oauth2-2015-12-07.html#rfc.section.4.1
|
|
209
|
+
*/
|
|
210
|
+
introspection_endpoint: string;
|
|
211
|
+
/**
|
|
212
|
+
* OPTIONAL. Boolean value specifying whether the OP supports HTTP-based logout, with `true` indicating support. If omitted,
|
|
213
|
+
* the default value is `false`.
|
|
214
|
+
*
|
|
215
|
+
* @see https://openid.net/specs/openid-connect-frontchannel-1_0.html#OPLogout
|
|
216
|
+
*/
|
|
217
|
+
frontchannel_logout_supported: boolean;
|
|
218
|
+
/**
|
|
219
|
+
* OPTIONAL. Boolean value specifying whether the OP can pass iss (issuer) and `sid` (session ID) query parameters to identify
|
|
220
|
+
* the RP session with the OP when the `frontchannel_logout_uri` is used. If supported, the `sid` Claim is also included in
|
|
221
|
+
* ID Tokens issued by the OP. If omitted, the default value is `false`.
|
|
222
|
+
*
|
|
223
|
+
* @see https://openid.net/specs/openid-connect-frontchannel-1_0.html#OPLogout
|
|
224
|
+
*/
|
|
225
|
+
frontchannel_logout_session_supported: boolean;
|
|
226
|
+
/**
|
|
227
|
+
* OPTIONAL. Boolean value specifying whether the OP supports back-channel logout, with `true` indicating support. If omitted,
|
|
228
|
+
* the default value is `false`.
|
|
229
|
+
*
|
|
230
|
+
* @see https://openid.net/specs/openid-connect-backchannel-1_0.html#BCSupport
|
|
231
|
+
*/
|
|
232
|
+
backchannel_logout_supported: boolean;
|
|
233
|
+
/**
|
|
234
|
+
* OPTIONAL. Boolean value specifying whether the OP can pass a `sid` (session ID) Claim in the Logout Token to identify the
|
|
235
|
+
* RP session with the OP. If supported, the `sid` Claim is also included in ID Tokens issued by the OP. If omitted, the default
|
|
236
|
+
* value is `false`.
|
|
237
|
+
*
|
|
238
|
+
* @see https://openid.net/specs/openid-connect-backchannel-1_0.html#BCSupport
|
|
239
|
+
*/
|
|
240
|
+
backchannel_logout_session_supported: boolean;
|
|
241
|
+
/**
|
|
242
|
+
* OPTIONAL. JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. Dynamic OpenID Providers
|
|
243
|
+
* MUST support the `authorization_code` and `implicit` Grant Type values and MAY support other Grant Types. If omitted, the
|
|
244
|
+
* default value is [`"authorization_code"`, `"implicit"`].
|
|
245
|
+
*
|
|
246
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
247
|
+
*/
|
|
248
|
+
grant_types_supported: string[];
|
|
249
|
+
/**
|
|
250
|
+
* OPTIONAL. JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports, as specified in
|
|
251
|
+
* [OAuth 2.0 Multiple Response Type Encoding Practices](https://openid.net/specs/openid-connect-discovery-1_0.html#OAuth.Responses)
|
|
252
|
+
* [OAuth.Responses]. If omitted, the default for Dynamic OpenID Providers is [`"query"`, `"fragment"`].
|
|
253
|
+
*
|
|
254
|
+
* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
|
255
|
+
*/
|
|
256
|
+
response_modes_supported: string[];
|
|
257
|
+
/**
|
|
258
|
+
* OPTIONAL. JSON array containing a list of
|
|
259
|
+
* [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636)
|
|
260
|
+
* [RFC7636] code challenge methods supported by this authorization server. Code challenge method values are used in
|
|
261
|
+
* the "code_challenge_method" parameter defined in Section 4.3 of [RFC7636]. The valid code challenge method values are
|
|
262
|
+
* those registered in the
|
|
263
|
+
* [IANA "PKCE Code Challenge Methods" registry](https://datatracker.ietf.org/doc/html/rfc8414#ref-IANA.OAuth.Parameters)
|
|
264
|
+
* [IANA.OAuth.Parameters]. If omitted, the authorization server does not support PKCE.
|
|
265
|
+
*
|
|
266
|
+
* @see https://datatracker.ietf.org/doc/html/rfc8414
|
|
267
|
+
*/
|
|
268
|
+
code_challenge_methods_supported: string[];
|
|
269
|
+
};
|
|
270
|
+
|
|
271
|
+
assert<Equals<OidcMetadata, OidcClientTsOidcMetadata>>;
|