oidc-spa 6.13.2 → 6.14.1

package/src/core/createOidc.ts

@@ -4,6 +4,7 @@ import {
     type User as OidcClientTsUser,
     InMemoryWebStorage
 } from "../vendor/frontend/oidc-client-ts-and-jwt-decode";
+import type { OidcMetadata } from "./OidcMetadata";
 import { id, assert, is, type Equals } from "../vendor/frontend/tsafe";
 import { setTimeout, clearTimeout } from "../tools/workerTimers";
 import { Deferred } from "../tools/Deferred";
@@ -165,6 +166,19 @@ export type ParamsOfCreateOidc<
      *  Use at your own risk, this is a hack.
      */
     __unsafe_useIdTokenAsAccessToken?: boolean;
+
+    /**
+     * This option should only be used as a last resort.
+     *
+     * If your OIDC provider is correctly configured, this should not be necessary.
+     *
+     * The metadata is normally retrieved automatically from:
+     * `${issuerUri}/.well-known/openid-configuration`
+     *
+     * Use this only if that endpoint is not accessible (e.g. due to missing CORS headers
+     * or non-standard deployments), and you cannot fix the server-side configuration.
+     */
+    __metadata?: Partial<OidcMetadata>;
 };
 
 const globalContext = {
@@ -287,7 +301,8 @@ export async function createOidc_nonMemoized<
         autoLogin = false,
         postLoginRedirectUrl: postLoginRedirectUrl_default,
         __unsafe_clientSecret,
-        __unsafe_useIdTokenAsAccessToken = false
+        __unsafe_useIdTokenAsAccessToken = false,
+        __metadata
     } = params;
 
     const { issuerUri, clientId, scopes, configId, log } = preProcessedParams;
@@ -416,7 +431,8 @@ export async function createOidc_nonMemoized<
         }),
         stateStore: new WebStorageStateStore({ store: localStorage, prefix: STATE_STORE_KEY_PREFIX }),
         client_secret: __unsafe_clientSecret,
-        fetch: trustedFetch
+        fetch: trustedFetch,
+        metadata: __metadata
     });
 
     const evtIsUserLoggedIn = createEvt<boolean>();
@@ -638,7 +654,8 @@ export async function createOidc_nonMemoized<
                     configId,
                     transformUrlBeforeRedirect_next,
                     getExtraQueryParams,
-                    getExtraTokenParams
+                    getExtraTokenParams,
+                    autoLogin
                 });
 
                 assert(result_loginSilent.outcome !== "token refreshed using refresh token", "876995");
@@ -1029,7 +1046,8 @@ export async function createOidc_nonMemoized<
                     configId,
                     transformUrlBeforeRedirect_next,
                     getExtraQueryParams,
-                    getExtraTokenParams: () => extraTokenParams
+                    getExtraTokenParams: () => extraTokenParams,
+                    autoLogin
                 });
 
                 if (result_loginSilent.outcome === "failure") {

package/src/core/debug966975.ts

@@ -0,0 +1,85 @@
+import { getUserEnvironmentInfo } from "../tools/getUserEnvironmentInfo";
+
+const LOCAL_STORAGE_KEY = "oidc-spa_966975_diagnostic";
+const appInstanceId = Math.random().toString(36).slice(2);
+
+type LogEntry = {
+    appInstanceId: string;
+    time: number;
+    message: string;
+};
+
+function log(message: string) {
+    const logEntry: LogEntry = {
+        appInstanceId,
+        time: Date.now(),
+        message
+    };
+
+    const value = localStorage.getItem(LOCAL_STORAGE_KEY);
+
+    const value_parsed: LogEntry[] = value === null ? [] : JSON.parse(value);
+
+    if (value_parsed.length === 100) {
+        value_parsed.shift();
+    }
+
+    value_parsed.push(logEntry);
+
+    localStorage.setItem(LOCAL_STORAGE_KEY, JSON.stringify(value_parsed));
+}
+
+function report() {
+    const logEntries: LogEntry[] = (() => {
+        const value = localStorage.getItem(LOCAL_STORAGE_KEY);
+
+        if (value === null) {
+            return [];
+        }
+
+        return JSON.parse(value);
+    })();
+
+    localStorage.removeItem(LOCAL_STORAGE_KEY);
+
+    const report = [
+        getUserEnvironmentInfo(),
+        ...logEntries.map(
+            ({ appInstanceId, time, message }) => `${appInstanceId} (${time}): ${message}`
+        ),
+        getOidcLocalStorageDump()
+    ].join("\n");
+
+    const key_report = `${LOCAL_STORAGE_KEY}_report_b64`;
+
+    localStorage.setItem(key_report, btoa(report));
+
+    console.warn(
+        [
+            "If you see this message there's been unexpected behavior in oidc-spa",
+            "It is a hard to reproduce case, could you please open an issue on https://github.com/keycloakify/oidc-spa",
+            `and include the value of \`localStorage["${key_report}"]\` in the message?`,
+            "Alternatively, you can send an email at joseph.garrone@protonmail.com",
+            "Thanks in advance for helping me figure this out"
+        ].join(" ")
+    );
+}
+
+export const debug966975 = {
+    log,
+    report
+};
+
+function getOidcLocalStorageDump(): string {
+    const entries: string[] = [];
+
+    for (let i = 0; i < localStorage.length; i++) {
+        const key = localStorage.key(i);
+        if (key && key.startsWith("oidc.")) {
+            const value = localStorage.getItem(key);
+            entries.push(`${key} = ${value}`);
+        }
+    }
+
+    return entries.join("\n");
+}

package/src/core/handleOidcCallback.ts

@@ -8,6 +8,7 @@ import { assert, id } from "../vendor/frontend/tsafe";
 import type { AuthResponse } from "./AuthResponse";
 import { initialLocationHref } from "./initialLocationHref";
 import { captureFetch } from "./trustedFetch";
+import { debug966975 } from "./debug966975";
 
 captureFetch();
 
@@ -15,8 +16,19 @@ const globalContext = {
     previousCall: id<{ isHandled: boolean } | undefined>(undefined)
 };
 
+debug966975.log(
+    `=================== Evaluating the handleOidcCallback file, isInIframe: ${
+        window.self !== window.top ? "true" : "false"
+    }, location.href: ${initialLocationHref}`
+);
+
 export function handleOidcCallback(): { isHandled: boolean } {
     if (globalContext.previousCall !== undefined) {
+        debug966975.log(
+            `handleOidcCallback() call, it has been called previously ${JSON.stringify(
+                globalContext.previousCall
+            )}`
+        );
         return globalContext.previousCall;
     }
 
@@ -24,16 +36,20 @@ export function handleOidcCallback(): { isHandled: boolean } {
 }
 
 function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
+    debug966975.log(`In handleOidcCallback_nonMemoized()`);
+
     const location_urlObj = new URL(initialLocationHref);
 
     const stateQueryParamValue = (() => {
         const stateQueryParamValue = location_urlObj.searchParams.get("state");
 
         if (stateQueryParamValue === null) {
+            debug966975.log("No state in url");
             return undefined;
         }
 
         if (!getIsStatQueryParamValue({ maybeStateQueryParamValue: stateQueryParamValue })) {
+            debug966975.log(`State query param value ${stateQueryParamValue} is malformed`);
             return undefined;
         }
 
@@ -42,6 +58,9 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
             location_urlObj.searchParams.get("response_type") !== null &&
             location_urlObj.searchParams.get("redirect_uri") !== null
         ) {
+            debug966975.log(
+                "NOTE: We are probably in a Keycloakify theme and oidc-spa was loaded by mistake."
+            );
             // NOTE: We are probably in a Keycloakify theme and oidc-spa was loaded by mistake.
             return undefined;
         }
@@ -49,9 +68,13 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
         return stateQueryParamValue;
     })();
 
+    debug966975.log(`state query param value ${stateQueryParamValue ?? "undefined"}`);
+
     if (stateQueryParamValue === undefined) {
         const backForwardTracker = readBackForwardTracker();
 
+        debug966975.log(`backForwardTracker: ${JSON.stringify(backForwardTracker)}`);
+
         if (backForwardTracker !== undefined) {
             writeBackForwardTracker({
                 backForwardTracker: {
@@ -61,6 +84,8 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
             });
         }
 
+        debug966975.log("returning isHandled false");
+
         return { isHandled: false };
     }
 
@@ -73,6 +98,8 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
 
     const stateData = getStateData({ stateQueryParamValue });
 
+    debug966975.log(`stateData: ${JSON.stringify(stateData)}`);
+
     if (
         stateData === undefined ||
         (stateData.context === "redirect" && stateData.hasBeenProcessedByCallback)
@@ -96,6 +123,8 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
             }
         })();
 
+        debug966975.log(`historyMethod: ${historyMethod}`);
+
         writeBackForwardTracker({
             backForwardTracker: {
                 previousHistoryMethod: historyMethod,
@@ -105,7 +134,13 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
 
         reloadOnBfCacheNavigation();
 
-        window.history[historyMethod]();
+        setTimeout(() => {
+            debug966975.log(`(callback 0) Calling window.history.${historyMethod}()`);
+
+            window.history[historyMethod]();
+        }, 0);
+
+        debug966975.log(`returning isHandled: ${isHandled ? "true" : "false"}`);
 
         return { isHandled };
     }
@@ -118,9 +153,14 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
 
     assert(authResponse.state !== "", "063965");
 
+    debug966975.log(`authResponse: ${JSON.stringify(authResponse)}`);
+
     switch (stateData.context) {
         case "iframe":
-            parent.postMessage(authResponse, location.origin);
+            setTimeout(() => {
+                debug966975.log(`(callback 0) posting message to parent`);
+                parent.postMessage(authResponse, location.origin);
+            }, 0);
             break;
         case "redirect":
             markStateDataAsProcessedByCallback({ stateQueryParamValue });
@@ -129,16 +169,24 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
                 authResponses: [...readRedirectAuthResponses(), authResponse]
             });
             reloadOnBfCacheNavigation();
-            location.href = (() => {
-                if (stateData.action === "login" && authResponse.error === "consent_required") {
-                    return stateData.redirectUrl_consentRequiredCase;
-                }
+            setTimeout(() => {
+                const href = (() => {
+                    if (stateData.action === "login" && authResponse.error === "consent_required") {
+                        return stateData.redirectUrl_consentRequiredCase;
+                    }
 
-                return stateData.redirectUrl;
-            })();
+                    return stateData.redirectUrl;
+                })();
+
+                debug966975.log(`(callback 0) location.href = "${href}";`);
+
+                location.href = href;
+            }, 0);
             break;
     }
 
+    debug966975.log(`Returning isHandled: ${isHandled ? "true" : "false"}`);
+
     return { isHandled };
 }
 
@@ -172,16 +220,31 @@ export function retrieveRedirectAuthResponseAndStateData(params: {
 }): { authResponse: AuthResponse; stateData: StateData.Redirect } | undefined {
     const { configId } = params;
 
+    debug966975.log(`>>> In retrieveRedirectAuthResponseAndStateData(${JSON.stringify({ configId })})`);
+
     const authResponses = readRedirectAuthResponses();
 
+    debug966975.log(`authResponses: ${JSON.stringify(authResponses)}`);
+
     let authResponseAndStateData:
         | { authResponse: AuthResponse; stateData: StateData.Redirect }
         | undefined = undefined;
 
     for (const authResponse of [...authResponses]) {
+        debug966975.log(`authResponse: ${JSON.stringify(authResponse)}`);
+
         const stateData = getStateData({ stateQueryParamValue: authResponse.state });
 
-        assert(stateData !== undefined, "966975");
+        debug966975.log(`stateDate: ${JSON.stringify(stateData)}`);
+
+        try {
+            assert(stateData !== undefined, "966975");
+        } catch {
+            authResponses.splice(authResponses.indexOf(authResponse), 1);
+            debug966975.report();
+            continue;
+        }
+
         assert(stateData.context === "redirect", "474728");
 
         if (stateData.configId !== configId) {
@@ -194,9 +257,12 @@ export function retrieveRedirectAuthResponseAndStateData(params: {
     }
 
     if (authResponseAndStateData !== undefined) {
+        debug966975.log(`writeRedirectAuthResponses(${JSON.stringify({ authResponses })})`);
         writeRedirectAuthResponses({ authResponses });
     }
 
+    debug966975.log(`Returning ${JSON.stringify({ authResponseAndStateData })} <<<<<<<<<`);
+
     return authResponseAndStateData;
 }
 

package/src/core/loginSilent.ts

@@ -36,6 +36,7 @@ export async function loginSilent(params: {
         | undefined;
 
     getExtraTokenParams: (() => Record<string, string | undefined>) | undefined;
+    autoLogin: boolean;
 }): Promise<ResultOfLoginSilent> {
     const {
         oidcClientTsUserManager,
@@ -43,17 +44,21 @@ export async function loginSilent(params: {
         configId,
         transformUrlBeforeRedirect_next,
         getExtraQueryParams,
-        getExtraTokenParams
+        getExtraTokenParams,
+        autoLogin
     } = params;
 
     const dResult = new Deferred<ResultOfLoginSilent>();
 
     const timeoutDelayMs: number = (() => {
+        if (autoLogin) {
+            return 25_000;
+        }
+
         const downlinkAndRtt = getDownlinkAndRtt();
         const isDev = getIsDev();
 
         // Base delay is the minimum delay we should wait in any case
-        //const BASE_DELAY_MS = 3000;
         const BASE_DELAY_MS = isDev ? 9_000 : 7_000;
 
         if (downlinkAndRtt === undefined) {

package/src/core/oidcClientTsUserToTokens.ts

@@ -148,7 +148,7 @@ export function oidcClientTsUserToTokens<DecodedIdToken extends Record<string, u
     ) {
         console.warn(
             [
-                "The OIDC refresh token shorter than the one of the access token.",
+                "The OIDC refresh token expirationTime is shorter than the one of the access token.",
                 "This is very unusual and probably a misconfiguration."
             ].join(" ")
         );

package/src/tools/getUserEnvironmentInfo.ts

@@ -0,0 +1,42 @@
+export function getUserEnvironmentInfo(): string {
+    function safeGet<T>(getter: () => T, fallback: string = "Unknown"): string {
+        try {
+            const value = getter();
+            return value != null ? String(value) : fallback;
+        } catch {
+            return fallback;
+        }
+    }
+
+    const ua = safeGet(() => navigator.userAgent);
+    const platform = safeGet(() => navigator.platform);
+    const language = safeGet(() => navigator.language || (navigator as any).userLanguage);
+    const screenSize = safeGet(() => `${screen.width}x${screen.height}`);
+    const timezone = safeGet(() => Intl.DateTimeFormat().resolvedOptions().timeZone);
+
+    const browser: string = (() => {
+        if (ua.includes("Firefox/")) return "Firefox";
+        if (ua.includes("Edg/")) return "Edge";
+        if (ua.includes("Chrome/") && !ua.includes("Edg/")) return "Chrome";
+        if (ua.includes("Safari/") && !ua.includes("Chrome/")) return "Safari";
+        if (ua.includes("OPR/") || ua.includes("Opera/")) return "Opera";
+        return "Unknown";
+    })();
+
+    const os: string = (() => {
+        if (platform.startsWith("Win")) return "Windows";
+        if (platform.startsWith("Mac")) return "macOS";
+        if (platform.startsWith("Linux")) return "Linux";
+        if (/Android/.test(ua)) return "Android";
+        if (/iPhone|iPad|iPod/.test(ua)) return "iOS";
+        return "Unknown";
+    })();
+
+    return `Browser: ${browser}
+OS: ${os}
+Platform: ${platform}
+Language: ${language}
+Screen: ${screenSize}
+Timezone: ${timezone}
+User Agent: ${ua}`;
+}

package/tools/getUserEnvironmentInfo.d.ts

@@ -0,0 +1 @@
+export declare function getUserEnvironmentInfo(): string;

package/tools/getUserEnvironmentInfo.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getUserEnvironmentInfo = getUserEnvironmentInfo;
+function getUserEnvironmentInfo() {
+    function safeGet(getter, fallback) {
+        if (fallback === void 0) { fallback = "Unknown"; }
+        try {
+            var value = getter();
+            return value != null ? String(value) : fallback;
+        }
+        catch (_a) {
+            return fallback;
+        }
+    }
+    var ua = safeGet(function () { return navigator.userAgent; });
+    var platform = safeGet(function () { return navigator.platform; });
+    var language = safeGet(function () { return navigator.language || navigator.userLanguage; });
+    var screenSize = safeGet(function () { return "".concat(screen.width, "x").concat(screen.height); });
+    var timezone = safeGet(function () { return Intl.DateTimeFormat().resolvedOptions().timeZone; });
+    var browser = (function () {
+        if (ua.includes("Firefox/"))
+            return "Firefox";
+        if (ua.includes("Edg/"))
+            return "Edge";
+        if (ua.includes("Chrome/") && !ua.includes("Edg/"))
+            return "Chrome";
+        if (ua.includes("Safari/") && !ua.includes("Chrome/"))
+            return "Safari";
+        if (ua.includes("OPR/") || ua.includes("Opera/"))
+            return "Opera";
+        return "Unknown";
+    })();
+    var os = (function () {
+        if (platform.startsWith("Win"))
+            return "Windows";
+        if (platform.startsWith("Mac"))
+            return "macOS";
+        if (platform.startsWith("Linux"))
+            return "Linux";
+        if (/Android/.test(ua))
+            return "Android";
+        if (/iPhone|iPad|iPod/.test(ua))
+            return "iOS";
+        return "Unknown";
+    })();
+    return "Browser: ".concat(browser, "\nOS: ").concat(os, "\nPlatform: ").concat(platform, "\nLanguage: ").concat(language, "\nScreen: ").concat(screenSize, "\nTimezone: ").concat(timezone, "\nUser Agent: ").concat(ua);
+}
+//# sourceMappingURL=getUserEnvironmentInfo.js.map

package/tools/getUserEnvironmentInfo.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getUserEnvironmentInfo.js","sourceRoot":"","sources":["../src/tools/getUserEnvironmentInfo.ts"],"names":[],"mappings":";;AAAA,wDAyCC;AAzCD,SAAgB,sBAAsB;IAClC,SAAS,OAAO,CAAI,MAAe,EAAE,QAA4B;QAA5B,yBAAA,EAAA,oBAA4B;QAC7D,IAAI,CAAC;YACD,IAAM,KAAK,GAAG,MAAM,EAAE,CAAC;YACvB,OAAO,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACpD,CAAC;QAAC,WAAM,CAAC;YACL,OAAO,QAAQ,CAAC;QACpB,CAAC;IACL,CAAC;IAED,IAAM,EAAE,GAAG,OAAO,CAAC,cAAM,OAAA,SAAS,CAAC,SAAS,EAAnB,CAAmB,CAAC,CAAC;IAC9C,IAAM,QAAQ,GAAG,OAAO,CAAC,cAAM,OAAA,SAAS,CAAC,QAAQ,EAAlB,CAAkB,CAAC,CAAC;IACnD,IAAM,QAAQ,GAAG,OAAO,CAAC,cAAM,OAAA,SAAS,CAAC,QAAQ,IAAK,SAAiB,CAAC,YAAY,EAArD,CAAqD,CAAC,CAAC;IACtF,IAAM,UAAU,GAAG,OAAO,CAAC,cAAM,OAAA,UAAG,MAAM,CAAC,KAAK,cAAI,MAAM,CAAC,MAAM,CAAE,EAAlC,CAAkC,CAAC,CAAC;IACrE,IAAM,QAAQ,GAAG,OAAO,CAAC,cAAM,OAAA,IAAI,CAAC,cAAc,EAAE,CAAC,eAAe,EAAE,CAAC,QAAQ,EAAhD,CAAgD,CAAC,CAAC;IAEjF,IAAM,OAAO,GAAW,CAAC;QACrB,IAAI,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,SAAS,CAAC;QAC9C,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAC;QACvC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,QAAQ,CAAC;QACpE,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;YAAE,OAAO,QAAQ,CAAC;QACvE,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,OAAO,CAAC;QACjE,OAAO,SAAS,CAAC;IACrB,CAAC,CAAC,EAAE,CAAC;IAEL,IAAM,EAAE,GAAW,CAAC;QAChB,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QACjD,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,OAAO,OAAO,CAAC;QAC/C,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAO,OAAO,CAAC;QACjD,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,OAAO,SAAS,CAAC;QACzC,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9C,OAAO,SAAS,CAAC;IACrB,CAAC,CAAC,EAAE,CAAC;IAEL,OAAO,mBAAY,OAAO,mBACxB,EAAE,yBACI,QAAQ,yBACR,QAAQ,uBACV,UAAU,yBACR,QAAQ,2BACN,EAAE,CAAE,CAAC;AACnB,CAAC"}