oidc-spa 6.15.0 → 7.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -13
- package/core/Oidc.d.ts +24 -12
- package/core/createOidc.d.ts +15 -30
- package/core/createOidc.js +137 -136
- package/core/createOidc.js.map +1 -1
- package/core/handleOidcCallback.js +11 -30
- package/core/handleOidcCallback.js.map +1 -1
- package/core/loginOrGoToAuthServer.d.ts +1 -2
- package/core/loginOrGoToAuthServer.js +239 -180
- package/core/loginOrGoToAuthServer.js.map +1 -1
- package/core/loginSilent.d.ts +1 -1
- package/core/loginSilent.js +4 -4
- package/core/loginSilent.js.map +1 -1
- package/core/logoutPropagationToOtherTabs.d.ts +1 -5
- package/core/logoutPropagationToOtherTabs.js +3 -10
- package/core/logoutPropagationToOtherTabs.js.map +1 -1
- package/core/oidcClientTsUserToTokens.d.ts +1 -2
- package/core/oidcClientTsUserToTokens.js +93 -58
- package/core/oidcClientTsUserToTokens.js.map +1 -1
- package/mock/oidc.d.ts +1 -1
- package/mock/oidc.js +29 -19
- package/mock/oidc.js.map +1 -1
- package/package.json +1 -5
- package/react/react.d.ts +1 -7
- package/react/react.js +8 -59
- package/react/react.js.map +1 -1
- package/src/core/Oidc.ts +27 -14
- package/src/core/createOidc.ts +124 -129
- package/src/core/handleOidcCallback.ts +12 -56
- package/src/core/loginOrGoToAuthServer.ts +26 -12
- package/src/core/loginSilent.ts +4 -4
- package/src/core/logoutPropagationToOtherTabs.ts +6 -24
- package/src/core/oidcClientTsUserToTokens.ts +129 -82
- package/src/mock/oidc.ts +16 -6
- package/src/react/react.tsx +11 -72
- package/src/tools/readExpirationTimeInJwt.ts +4 -5
- package/tools/readExpirationTimeInJwt.js +4 -4
- package/tools/readExpirationTimeInJwt.js.map +1 -1
- package/vendor/frontend/oidc-client-ts-and-jwt-decode.js +1 -1
- package/core/debug966975.d.ts +0 -7
- package/core/debug966975.js +0 -88
- package/core/debug966975.js.map +0 -1
- package/src/core/debug966975.ts +0 -85
package/react/react.js
CHANGED
|
@@ -182,47 +182,16 @@ function createOidcReactApi_dependencyInjection(paramsOrGetParams, createOidc) {
|
|
|
182
182
|
(0, tsafe_1.assert)(false);
|
|
183
183
|
}
|
|
184
184
|
}
|
|
185
|
-
var _a = __read((0, react_1.
|
|
186
|
-
// TODO: Remove in next major version
|
|
185
|
+
var _a = __read((0, react_1.useState)(!oidc.isUserLoggedIn ? undefined : oidc.getDecodedIdToken()), 2), reRenderIfDecodedIdTokenChanged = _a[1];
|
|
187
186
|
(0, react_1.useEffect)(function () {
|
|
188
187
|
if (!oidc.isUserLoggedIn) {
|
|
189
188
|
return;
|
|
190
189
|
}
|
|
191
|
-
var unsubscribe = oidc.subscribeToTokensChange(
|
|
192
|
-
|
|
193
|
-
}, [oidc]);
|
|
194
|
-
var tokensState_ref = (0, react_1.useRef)({
|
|
195
|
-
isConsumerReadingTokens: false,
|
|
196
|
-
tokens: undefined
|
|
197
|
-
});
|
|
198
|
-
(0, react_1.useEffect)(function () {
|
|
199
|
-
if (!oidc.isUserLoggedIn) {
|
|
200
|
-
return;
|
|
201
|
-
}
|
|
202
|
-
var updateTokens = function (tokens) {
|
|
203
|
-
if (tokens === tokensState_ref.current.tokens) {
|
|
204
|
-
return;
|
|
205
|
-
}
|
|
206
|
-
var tokenState = tokensState_ref.current;
|
|
207
|
-
tokenState.tokens = tokens;
|
|
208
|
-
if (tokenState.isConsumerReadingTokens) {
|
|
209
|
-
forceUpdate();
|
|
210
|
-
}
|
|
211
|
-
};
|
|
212
|
-
var isActive = true;
|
|
213
|
-
oidc.getTokens_next().then(function (tokens) {
|
|
214
|
-
if (!isActive) {
|
|
215
|
-
return;
|
|
216
|
-
}
|
|
217
|
-
updateTokens(tokens);
|
|
218
|
-
});
|
|
219
|
-
var unsubscribe = oidc.subscribeToTokensChange(function (tokens) {
|
|
220
|
-
updateTokens(tokens);
|
|
190
|
+
var unsubscribe = oidc.subscribeToTokensChange(function () {
|
|
191
|
+
return reRenderIfDecodedIdTokenChanged(oidc.getDecodedIdToken());
|
|
221
192
|
}).unsubscribe;
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
unsubscribe();
|
|
225
|
-
};
|
|
193
|
+
reRenderIfDecodedIdTokenChanged(oidc.getDecodedIdToken());
|
|
194
|
+
return unsubscribe;
|
|
226
195
|
}, []);
|
|
227
196
|
var common = {
|
|
228
197
|
params: oidc.params
|
|
@@ -234,11 +203,7 @@ function createOidcReactApi_dependencyInjection(paramsOrGetParams, createOidc) {
|
|
|
234
203
|
return oidc.login(__assign({ doesCurrentHrefRequiresAuth: doesCurrentHrefRequiresAuth }, rest));
|
|
235
204
|
}, initializationError: oidc.initializationError }));
|
|
236
205
|
}
|
|
237
|
-
var oidcReact = __assign(__assign({}, common), { isUserLoggedIn: true,
|
|
238
|
-
var tokensState = tokensState_ref.current;
|
|
239
|
-
tokensState.isConsumerReadingTokens = true;
|
|
240
|
-
return tokensState.tokens;
|
|
241
|
-
}, logout: oidc.logout, renewTokens: oidc.renewTokens, subscribeToAutoLogoutCountdown: oidc.subscribeToAutoLogoutCountdown, goToAuthServer: oidc.goToAuthServer, isNewBrowserSession: oidc.isNewBrowserSession, backFromAuthServer: oidc.backFromAuthServer });
|
|
206
|
+
var oidcReact = __assign(__assign({}, common), { isUserLoggedIn: true, decodedIdToken: oidc.getDecodedIdToken(), logout: oidc.logout, renewTokens: oidc.renewTokens, subscribeToAutoLogoutCountdown: oidc.subscribeToAutoLogoutCountdown, goToAuthServer: oidc.goToAuthServer, isNewBrowserSession: oidc.isNewBrowserSession, backFromAuthServer: oidc.backFromAuthServer });
|
|
242
207
|
return oidcReact;
|
|
243
208
|
}
|
|
244
209
|
function withLoginEnforced(Component, params) {
|
|
@@ -298,24 +263,8 @@ function createOidcReactApi_dependencyInjection(paramsOrGetParams, createOidc) {
|
|
|
298
263
|
return oidc;
|
|
299
264
|
});
|
|
300
265
|
function getOidc() {
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
return __generator(this, function (_a) {
|
|
304
|
-
switch (_a.label) {
|
|
305
|
-
case 0:
|
|
306
|
-
dReadyToCreate.resolve();
|
|
307
|
-
return [4 /*yield*/, prOidc];
|
|
308
|
-
case 1:
|
|
309
|
-
oidc = _a.sent();
|
|
310
|
-
if (!oidc.isUserLoggedIn) return [3 /*break*/, 3];
|
|
311
|
-
return [4 /*yield*/, oidc.getTokens_next()];
|
|
312
|
-
case 2:
|
|
313
|
-
_a.sent();
|
|
314
|
-
_a.label = 3;
|
|
315
|
-
case 3: return [2 /*return*/, oidc];
|
|
316
|
-
}
|
|
317
|
-
});
|
|
318
|
-
});
|
|
266
|
+
dReadyToCreate.resolve();
|
|
267
|
+
return prOidc;
|
|
319
268
|
}
|
|
320
269
|
var oidcReact = {
|
|
321
270
|
OidcProvider: OidcProvider,
|
package/react/react.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"react.js","sourceRoot":"","sources":["../src/react/react.tsx"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"react.js","sourceRoot":"","sources":["../src/react/react.tsx"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgHA,wFAkRC;AAGD,0CAKC;;AA1YD,+BASe;AACf,gCAAkG;AAClG,kDAA4E;AAC5E,kDAA8C;AAE9C,8CAA6C;AAsD7C,CAAC;IAMG,IAAA,cAAM,GAA4B,CAAC;AACvC,CAAC;AAqCD,SAAgB,sCAAsC,CAWlD,iBAAyD,EACzD,UAAyE;IAZ7E,iBAkRC;IAjQG,IAAM,cAAc,GAAG,IAAI,mBAAQ,EAAQ,CAAC;IAE5C,IAAM,WAAW,GAAG,IAAA,qBAAa,EAC7B,SAAS,CACZ,CAAC;IAEF,gEAAgE;IAChE,IAAM,2BAA2B,GAAG,CAAC;;;;;wBAClB,qBAAM,CAAC;;;;;yCACd,CAAA,OAAO,iBAAiB,KAAK,UAAU,CAAA,EAAvC,wBAAuC;oCACjC,SAAS,GAAG,iBAAiB,CAAC;oCAEpC,qBAAM,cAAc,CAAC,EAAE,EAAA;;oCAAvB,SAAuB,CAAC;oCAET,qBAAM,SAAS,EAAE,EAAA;;oCAA1B,WAAS,SAAiB;oCAEhC,sBAAO,QAAM,EAAC;;oCAGZ,MAAM,GAAG,iBAAiB,CAAC;oCAEjC,sBAAO,MAAM,EAAC;;;yBACjB,CAAC,EAAE,EAAA;;oBAdE,MAAM,GAAG,SAcX;;;;oBAKO,qBAAM,UAAU,CAAC,MAAM,CAAC,EAAA;;oBAA/B,IAAI,GAAG,SAAwB,CAAC;;;;oBAEhC,IAAI,CAAC,CAAC,OAAK,YAAY,8BAAuB,CAAC,EAAE,CAAC;wBAC9C,MAAM,OAAK,CAAC;oBAChB,CAAC;oBAED,sBAAO,OAAK,EAAC;wBAGjB,sBAAO,IAAI,EAAC;;;SACf,CAAC,EAAE,CAAC;IAEL,SAAS,YAAY,CAAC,KAIrB;QACW,IAAA,QAAQ,GAA8B,KAAK,SAAnC,EAAE,aAAa,GAAe,KAAK,cAApB,EAAE,QAAQ,GAAK,KAAK,SAAV,CAAW;QAE9C,IAAA,KAAA,OAA4D,IAAA,gBAAQ,EAExE,SAAS,CAAC,IAAA,EAFL,yBAAyB,QAAA,EAAE,4BAA4B,QAElD,CAAC;QAEb,IAAA,iBAAS,EAAC;YACN,cAAc,CAAC,OAAO,EAAE,CAAC;YACzB,2BAA2B,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QACnE,CAAC,EAAE,EAAE,CAAC,CAAC;QAEP,IAAI,yBAAyB,KAAK,SAAS,EAAE,CAAC;YAC1C,OAAO,2DAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,GAAI,CAAC;QAC3D,CAAC;QAED,IAAI,yBAAyB,YAAY,8BAAuB,EAAE,CAAC;YAC/D,IAAM,mBAAmB,GAAG,yBAAyB,CAAC;YAEtD,OAAO,CACH,2DACK,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,CAC3B,gCAAI,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,4EAEtB,mBAAmB,CAAC,OAAO,IAC3B,CACR,CAAC,CAAC,CAAC,CACA,uBAAC,aAAa,IAAC,mBAAmB,EAAE,mBAAmB,GAAI,CAC9D,GACF,CACN,CAAC;QACN,CAAC;QAED,IAAM,IAAI,GAAG,yBAAyB,CAAC;QAEvC,OAAO,CACH,uBAAC,WAAW,CAAC,QAAQ,IAAC,KAAK,EAAE,EAAE,IAAI,MAAA,EAAE,QAAQ,EAAE,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,IAAI,EAAE,YAC5D,QAAQ,GACU,CAC1B,CAAC;IACN,CAAC;IAED,SAAS,OAAO,CAAC,MAEhB;QACW,IAAQ,aAAa,GAAK,CAAA,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,EAAE,CAAA,OAAjB,CAAkB;QAE/C,IAAM,YAAY,GAAG,IAAA,kBAAU,EAAC,WAAW,CAAC,CAAC;QAE7C,IAAA,cAAM,EAAC,YAAY,KAAK,SAAS,EAAE,4DAA4D,CAAC,CAAC;QAEzF,IAAA,IAAI,GAAK,YAAY,KAAjB,CAAkB;QAE9B,eAAe,EAAE,CAAC;YACd,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC9B,MAAM,eAAe,CAAC;YAC1B,CAAC;YAED,IAAM,UAAU,GAAG,UAAC,CAAS;gBACzB,OAAA;oBACI,4CAA4C;oBAC5C,4DAAqD,CAAC,MAAG;oBACzD,+CAA+C;iBAClD,CAAC,IAAI,CAAC,GAAG,CAAC;YAJX,CAIW,CAAC;YAEhB,QAAQ,aAAa,EAAE,CAAC;gBACpB,KAAK,gBAAgB;oBACjB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;wBACvB,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,0CAA0C,CAAC,CAAC,CAAC;oBAC5E,CAAC;oBACD,MAAM;gBACV,KAAK,oBAAoB;oBACrB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;wBACtB,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,4CAA4C,CAAC,CAAC,CAAC;oBAC9E,CAAC;oBACD,MAAM;gBACV;oBACI,IAAA,cAAM,EAAsC,KAAK,CAAC,CAAC;YAC3D,CAAC;QACL,CAAC;QAEK,IAAA,KAAA,OAAsC,IAAA,gBAAQ,EAChD,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAC9D,IAAA,EAFQ,+BAA+B,QAEvC,CAAC;QAEF,IAAA,iBAAS,EAAC;YACN,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACvB,OAAO;YACX,CAAC;YAEO,IAAA,WAAW,GAAK,IAAI,CAAC,uBAAuB,CAAC;gBACjD,OAAA,+BAA+B,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAAzD,CAAyD,CAC5D,YAFkB,CAEjB;YAEF,+BAA+B,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC;YAE1D,OAAO,WAAW,CAAC;QACvB,CAAC,EAAE,EAAE,CAAC,CAAC;QAEP,IAAM,MAAM,GAAqB;YAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;SACtB,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACvB,OAAO,IAAA,UAAE,wBACF,MAAM,KACT,cAAc,EAAE,KAAK,EACrB,KAAK,EAAE,UAAC,EAAqD;oBAArD,mBAAA,EAAA,OAAqD;oBAAnD,IAAA,mCAAmC,EAAnC,2BAA2B,mBAAG,KAAK,KAAA,EAAK,IAAI,cAA9C,+BAAgD,CAAF;oBAClD,OAAA,IAAI,CAAC,KAAK,YAAG,2BAA2B,6BAAA,IAAK,IAAI,EAAG,CAAA;iBAAA,EACxD,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAC/C,CAAC;QACP,CAAC;QAED,IAAM,SAAS,yBACR,MAAM,KACT,cAAc,EAAE,IAAI,EACpB,cAAc,EAAE,IAAI,CAAC,iBAAiB,EAAE,EACxC,MAAM,EAAE,IAAI,CAAC,MAAM,EACnB,WAAW,EAAE,IAAI,CAAC,WAAW,EAC7B,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,EACnE,cAAc,EAAE,IAAI,CAAC,cAAc,EACnC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,EAC7C,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,GAC9C,CAAC;QAEF,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,SAAS,iBAAiB,CACtB,SAA+B,EAC/B,MAEC;;QAEO,IAAA,aAAa,GAAK,CAAA,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,EAAE,CAAA,cAAjB,CAAkB;QAEvC,SAAS,0BAA0B,CAAC,KAAY;YAC5C,IAAM,YAAY,GAAG,IAAA,kBAAU,EAAC,WAAW,CAAC,CAAC;YAE7C,IAAA,cAAM,EAAC,YAAY,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;YAErC,IAAA,IAAI,GAAe,YAAY,KAA3B,EAAE,QAAQ,GAAK,YAAY,SAAjB,CAAkB;YAExC,IAAA,iBAAS,EAAC;gBACN,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACtB,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,KAAK,CAAC,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,CAAC;YACtD,CAAC,EAAE,EAAE,CAAC,CAAC;YAEP,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACvB,OAAO,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;YACpE,CAAC;YAED,OAAO,uBAAC,SAAS,eAAK,KAAK,EAAI,CAAC;QACpC,CAAC;QAED,0BAA0B,CAAC,WAAW,GAAG,UACrC,MAAA,MAAA,SAAS,CAAC,WAAW,mCAAI,SAAS,CAAC,IAAI,mCAAI,WAAW,sBACvC,CAAC;QAEpB,OAAO,0BAA0B,CAAC;IACtC,CAAC;IAED,SAAe,YAAY,CAAC,YAG3B;;;;;;;wBACW,KAAK,GAAK,YAAY,MAAjB,CAAkB;wBACzB,WAAW,GAAG,MAAA,MAAA,YAAY,CAAC,OAAO,0CAAE,GAAG,mCAAI,QAAQ,CAAC,IAAI,CAAC;wBAElD,qBAAM,OAAO,EAAE,EAAA;;wBAAtB,IAAI,GAAG,SAAe;6BAExB,CAAC,IAAI,CAAC,cAAc,EAApB,wBAAoB;wBACpB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;4BACtB,MAAM,IAAI,KAAK,CACX,0FAA0F,CAC7F,CAAC;wBACN,CAAC;wBAED,qBAAM,IAAI,CAAC,KAAK,CAAC;gCACb,WAAW,aAAA;gCACX,2BAA2B,EAAE,QAAQ,CAAC,IAAI,KAAK,WAAW;6BAC7D,CAAC,EAAA;;wBAHF,SAGE,CAAC;;;;;;KAEV;IAED,IAAM,MAAM,GAAG,2BAA2B,CAAC,IAAI,CAAC,UAAA,yBAAyB;QACrE,IAAI,yBAAyB,YAAY,8BAAuB,EAAE,CAAC;YAC/D,OAAO,IAAI,OAAO,CAAQ,cAAO,CAAC,CAAC,CAAC;QACxC,CAAC;QAED,IAAM,IAAI,GAAG,yBAAyB,CAAC;QAEvC,OAAO,IAAI,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,SAAS,OAAO;QACZ,cAAc,CAAC,OAAO,EAAE,CAAC;QAEzB,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,IAAM,SAAS,GAAwC;QACnD,YAAY,cAAA;QACZ,OAAO,EAAE,OAAc;QACvB,OAAO,SAAA;QACP,iBAAiB,mBAAA;QACjB,YAAY,cAAA;KACf,CAAC;IAEF,8CAA8C;IAC9C,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,2DAA2D;AAC3D,SAAgB,eAAe,CAG7B,MAAyE;IACvE,OAAO,sCAAsC,CAAC,MAAM,EAAE,iBAAU,CAAC,CAAC;AACtE,CAAC"}
|
package/src/core/Oidc.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import type { OidcInitializationError } from "./OidcInitializationError";
|
|
2
2
|
|
|
3
|
-
export declare type Oidc<
|
|
4
|
-
|
|
5
|
-
|
|
3
|
+
export declare type Oidc<
|
|
4
|
+
DecodedIdToken extends Record<string, unknown> = Oidc.Tokens.DecodedIdToken_base
|
|
5
|
+
> = Oidc.LoggedIn<DecodedIdToken> | Oidc.NotLoggedIn;
|
|
6
6
|
|
|
7
7
|
export declare namespace Oidc {
|
|
8
8
|
export type Common = {
|
|
@@ -43,16 +43,7 @@ export declare namespace Oidc {
|
|
|
43
43
|
renewTokens(params?: {
|
|
44
44
|
extraTokenParams?: Record<string, string | undefined>;
|
|
45
45
|
}): Promise<void>;
|
|
46
|
-
|
|
47
|
-
* Prefer using getTokens_next(), in the next major getTokens() will be be async.
|
|
48
|
-
*
|
|
49
|
-
* The problem is that When the computer wakes up from sleep, the tokens might have expired so
|
|
50
|
-
* there is a window of time where the tokens are not valid.
|
|
51
|
-
*
|
|
52
|
-
* This potential issue do not affect you if you are using "oidc-spa/react" as in the documentation.
|
|
53
|
-
* */
|
|
54
|
-
getTokens: () => Tokens<DecodedIdToken>;
|
|
55
|
-
getTokens_next: () => Promise<Tokens<DecodedIdToken>>;
|
|
46
|
+
getTokens: () => Promise<Tokens<DecodedIdToken>>;
|
|
56
47
|
subscribeToTokensChange: (onTokenChange: (tokens: Tokens<DecodedIdToken>) => void) => {
|
|
57
48
|
unsubscribe: () => void;
|
|
58
49
|
};
|
|
@@ -101,7 +92,7 @@ export declare namespace Oidc {
|
|
|
101
92
|
isNewBrowserSession: boolean;
|
|
102
93
|
};
|
|
103
94
|
|
|
104
|
-
export type Tokens<DecodedIdToken extends Record<string, unknown> =
|
|
95
|
+
export type Tokens<DecodedIdToken extends Record<string, unknown> = Tokens.DecodedIdToken_base> =
|
|
105
96
|
| Tokens.WithRefreshToken<DecodedIdToken>
|
|
106
97
|
| Tokens.WithoutRefreshToken<DecodedIdToken>;
|
|
107
98
|
|
|
@@ -111,6 +102,19 @@ export declare namespace Oidc {
|
|
|
111
102
|
accessTokenExpirationTime: number;
|
|
112
103
|
idToken: string;
|
|
113
104
|
decodedIdToken: DecodedIdToken;
|
|
105
|
+
/**
|
|
106
|
+
* decodedIdToken_original = decodeJwt(idToken);
|
|
107
|
+
* decodedIdToken = decodedIdTokenSchema.parse(decodedIdToken_original)
|
|
108
|
+
*
|
|
109
|
+
* The idea here is that if you have provided a zod schema as `decodedIdTokenSchema`
|
|
110
|
+
* it will strip out every claim that you haven't specified.
|
|
111
|
+
* You might even be applying some transformation.
|
|
112
|
+
*
|
|
113
|
+
* `decodedIdToken_original` is the actual decoded payload of the id_token, untransformed.
|
|
114
|
+
* */
|
|
115
|
+
decodedIdToken_original: DecodedIdToken_base;
|
|
116
|
+
/** Read from id_token's JWT, iat claim value, it's a JavaScript timestamp (millisecond epoch) */
|
|
117
|
+
issuedAtTime: number;
|
|
114
118
|
};
|
|
115
119
|
|
|
116
120
|
export type WithRefreshToken<DecodedIdToken> = Common<DecodedIdToken> & {
|
|
@@ -124,5 +128,14 @@ export declare namespace Oidc {
|
|
|
124
128
|
refreshToken?: never;
|
|
125
129
|
refreshTokenExpirationTime?: never;
|
|
126
130
|
};
|
|
131
|
+
|
|
132
|
+
export type DecodedIdToken_base = {
|
|
133
|
+
iss: string;
|
|
134
|
+
sub: string;
|
|
135
|
+
aud: string | string[];
|
|
136
|
+
exp: number;
|
|
137
|
+
iat: number;
|
|
138
|
+
[claimName: string]: unknown;
|
|
139
|
+
};
|
|
127
140
|
}
|
|
128
141
|
}
|
package/src/core/createOidc.ts
CHANGED
|
@@ -8,7 +8,6 @@ import type { OidcMetadata } from "./OidcMetadata";
|
|
|
8
8
|
import { id, assert, is, type Equals } from "../vendor/frontend/tsafe";
|
|
9
9
|
import { setTimeout, clearTimeout } from "../tools/workerTimers";
|
|
10
10
|
import { Deferred } from "../tools/Deferred";
|
|
11
|
-
import { decodeJwt } from "../tools/decodeJwt";
|
|
12
11
|
import { createEvtIsUserActive } from "./evtIsUserActive";
|
|
13
12
|
import { createStartCountdown } from "../tools/startCountdown";
|
|
14
13
|
import { toHumanReadableDuration } from "../tools/toHumanReadableDuration";
|
|
@@ -23,7 +22,7 @@ import { type StateData, generateStateQueryParamValue, STATE_STORE_KEY_PREFIX }
|
|
|
23
22
|
import { notifyOtherTabsOfLogout, getPrOtherTabLogout } from "./logoutPropagationToOtherTabs";
|
|
24
23
|
import { notifyOtherTabsOfLogin, getPrOtherTabLogin } from "./loginPropagationToOtherTabs";
|
|
25
24
|
import { getConfigId } from "./configId";
|
|
26
|
-
import { oidcClientTsUserToTokens
|
|
25
|
+
import { oidcClientTsUserToTokens } from "./oidcClientTsUserToTokens";
|
|
27
26
|
import { loginSilent } from "./loginSilent";
|
|
28
27
|
import { authResponseToUrl } from "./AuthResponse";
|
|
29
28
|
import { handleOidcCallback, retrieveRedirectAuthResponseAndStateData } from "./handleOidcCallback";
|
|
@@ -60,23 +59,14 @@ export type ParamsOfCreateOidc<
|
|
|
60
59
|
* (the scope "openid" is added automatically as it's mandatory)
|
|
61
60
|
**/
|
|
62
61
|
scopes?: string[];
|
|
63
|
-
/**
|
|
64
|
-
* Transform the url of the authorization endpoint before redirecting to the login pages.
|
|
65
|
-
*/
|
|
66
|
-
transformUrlBeforeRedirect?: (url: string) => string;
|
|
67
62
|
|
|
68
63
|
/**
|
|
69
|
-
* NOTE: Will replace transformUrlBeforeRedirect in the next major version.
|
|
70
|
-
*
|
|
71
64
|
* Transform the url (authorization endpoint) before redirecting to the login pages.
|
|
72
65
|
*
|
|
73
66
|
* The isSilent parameter is true when the redirect is initiated in the background iframe for silent signin.
|
|
74
67
|
* This can be used to omit ui related query parameters (like `ui_locales`).
|
|
75
68
|
*/
|
|
76
|
-
|
|
77
|
-
authorizationUrl: string;
|
|
78
|
-
isSilent: boolean;
|
|
79
|
-
}) => string;
|
|
69
|
+
transformUrlBeforeRedirect?: (params: { authorizationUrl: string; isSilent: boolean }) => string;
|
|
80
70
|
|
|
81
71
|
/**
|
|
82
72
|
* Extra query params to be added to the authorization endpoint url before redirecting or silent signing in.
|
|
@@ -120,30 +110,10 @@ export type ParamsOfCreateOidc<
|
|
|
120
110
|
*/
|
|
121
111
|
homeUrl: string;
|
|
122
112
|
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
*
|
|
127
|
-
* This is only useful for when you also shipping your app as a Desktop App with Electron.
|
|
128
|
-
* NOTE that even in this case, it's not automatic, you still need to handle the response
|
|
129
|
-
* in the electron node process.
|
|
130
|
-
*
|
|
131
|
-
* Example: __callbackUri: "myapp://oidc-callback/"
|
|
132
|
-
*/
|
|
133
|
-
__callbackUri?: string;
|
|
113
|
+
decodedIdTokenSchema?: {
|
|
114
|
+
parse: (decodedIdToken_original: Oidc.Tokens.DecodedIdToken_base) => DecodedIdToken;
|
|
115
|
+
};
|
|
134
116
|
|
|
135
|
-
decodedIdTokenSchema?: { parse: (data: unknown) => DecodedIdToken };
|
|
136
|
-
/**
|
|
137
|
-
* @deprecated: Use idleSessionLifetimeInSeconds instead
|
|
138
|
-
*
|
|
139
|
-
* This parameter defines after how many seconds of inactivity the user should be
|
|
140
|
-
* logged out automatically.
|
|
141
|
-
*
|
|
142
|
-
* WARNING: It should be configured on the identity server side
|
|
143
|
-
* as it's the authoritative source for security policies and not the client.
|
|
144
|
-
* If you don't provide this parameter it will be inferred from the refresh token expiration time.
|
|
145
|
-
* */
|
|
146
|
-
__unsafe_ssoSessionIdleSeconds?: number;
|
|
147
117
|
/**
|
|
148
118
|
* This parameter defines after how many seconds of inactivity the user should be
|
|
149
119
|
* logged out automatically.
|
|
@@ -154,6 +124,9 @@ export type ParamsOfCreateOidc<
|
|
|
154
124
|
* */
|
|
155
125
|
idleSessionLifetimeInSeconds?: number;
|
|
156
126
|
|
|
127
|
+
/**
|
|
128
|
+
* Default: { redirectTo: "current page" }
|
|
129
|
+
*/
|
|
157
130
|
autoLogoutParams?: Parameters<Oidc.LoggedIn<any>["logout"]>[0];
|
|
158
131
|
autoLogin?: AutoLogin;
|
|
159
132
|
|
|
@@ -166,6 +139,16 @@ export type ParamsOfCreateOidc<
|
|
|
166
139
|
|
|
167
140
|
debugLogs?: boolean;
|
|
168
141
|
|
|
142
|
+
/**
|
|
143
|
+
* WARNING: This option exists solely as a workaround
|
|
144
|
+
* for limitations in the Google OAuth API.
|
|
145
|
+
* See: https://docs.oidc-spa.dev/providers-configuration/google-oauth
|
|
146
|
+
*
|
|
147
|
+
* Do not use this for other providers.
|
|
148
|
+
* If you think you need a client secret in a SPA, you are likely
|
|
149
|
+
* trying to use a confidential (private) client in the browser,
|
|
150
|
+
* which is insecure and not supported.
|
|
151
|
+
*/
|
|
169
152
|
__unsafe_clientSecret?: string;
|
|
170
153
|
|
|
171
154
|
/**
|
|
@@ -195,8 +178,6 @@ const globalContext = {
|
|
|
195
178
|
evtRequestToPersistTokens: createEvt<{ configIdOfInstancePostingTheRequest: string }>()
|
|
196
179
|
};
|
|
197
180
|
|
|
198
|
-
const MIN_RENEW_BEFORE_EXPIRE_MS = 2_000;
|
|
199
|
-
|
|
200
181
|
/** @see: https://docs.oidc-spa.dev/v/v6/usage */
|
|
201
182
|
export async function createOidc<
|
|
202
183
|
DecodedIdToken extends Record<string, unknown> = Record<string, unknown>,
|
|
@@ -296,15 +277,12 @@ export async function createOidc_nonMemoized<
|
|
|
296
277
|
}
|
|
297
278
|
): Promise<AutoLogin extends true ? Oidc.LoggedIn<DecodedIdToken> : Oidc<DecodedIdToken>> {
|
|
298
279
|
const {
|
|
299
|
-
transformUrlBeforeRedirect_next,
|
|
300
280
|
transformUrlBeforeRedirect,
|
|
301
281
|
extraQueryParams: extraQueryParamsOrGetter,
|
|
302
282
|
extraTokenParams: extraTokenParamsOrGetter,
|
|
303
283
|
homeUrl: homeUrl_params,
|
|
304
|
-
__callbackUri,
|
|
305
284
|
decodedIdTokenSchema,
|
|
306
|
-
|
|
307
|
-
idleSessionLifetimeInSeconds = __unsafe_ssoSessionIdleSeconds,
|
|
285
|
+
idleSessionLifetimeInSeconds,
|
|
308
286
|
autoLogoutParams = { redirectTo: "current page" },
|
|
309
287
|
autoLogin = false,
|
|
310
288
|
postLoginRedirectUrl: postLoginRedirectUrl_default,
|
|
@@ -347,7 +325,7 @@ export async function createOidc_nonMemoized<
|
|
|
347
325
|
});
|
|
348
326
|
|
|
349
327
|
const callbackUri = toFullyQualifiedUrl({
|
|
350
|
-
urlish:
|
|
328
|
+
urlish: homeUrl,
|
|
351
329
|
doAssertNoQueryParams: true,
|
|
352
330
|
doOutputWithTrailingSlash: true
|
|
353
331
|
});
|
|
@@ -476,7 +454,6 @@ export async function createOidc_nonMemoized<
|
|
|
476
454
|
configId,
|
|
477
455
|
oidcClientTsUserManager,
|
|
478
456
|
transformUrlBeforeRedirect,
|
|
479
|
-
transformUrlBeforeRedirect_next,
|
|
480
457
|
getExtraQueryParams,
|
|
481
458
|
getExtraTokenParams,
|
|
482
459
|
homeUrl,
|
|
@@ -603,7 +580,6 @@ export async function createOidc_nonMemoized<
|
|
|
603
580
|
|
|
604
581
|
notifyOtherTabsOfLogout({
|
|
605
582
|
configId,
|
|
606
|
-
redirectUrl: stateData.redirectUrl,
|
|
607
583
|
sessionId: stateData.sessionId
|
|
608
584
|
});
|
|
609
585
|
|
|
@@ -676,7 +652,7 @@ export async function createOidc_nonMemoized<
|
|
|
676
652
|
oidcClientTsUserManager,
|
|
677
653
|
stateQueryParamValue_instance,
|
|
678
654
|
configId,
|
|
679
|
-
|
|
655
|
+
transformUrlBeforeRedirect,
|
|
680
656
|
getExtraQueryParams,
|
|
681
657
|
getExtraTokenParams,
|
|
682
658
|
autoLogin
|
|
@@ -967,18 +943,33 @@ export async function createOidc_nonMemoized<
|
|
|
967
943
|
|
|
968
944
|
const onTokenChanges = new Set<(tokens: Oidc.Tokens<DecodedIdToken>) => void>();
|
|
969
945
|
|
|
970
|
-
const { sid: sessionId, sub: subjectId } =
|
|
971
|
-
currentTokens.idToken
|
|
972
|
-
);
|
|
946
|
+
const { sid: sessionId, sub: subjectId } = currentTokens.decodedIdToken_original;
|
|
973
947
|
|
|
974
948
|
assert(subjectId !== undefined, "The 'sub' claim is missing from the id token");
|
|
949
|
+
assert(sessionId === undefined || typeof sessionId === "string");
|
|
975
950
|
|
|
976
951
|
const oidc_loggedIn = id<Oidc.LoggedIn<DecodedIdToken>>({
|
|
977
952
|
...oidc_common,
|
|
978
953
|
isUserLoggedIn: true,
|
|
979
|
-
getTokens: () =>
|
|
980
|
-
|
|
981
|
-
|
|
954
|
+
getTokens: async () => {
|
|
955
|
+
renew_tokens: {
|
|
956
|
+
{
|
|
957
|
+
const msBeforeExpirationOfTheAccessToken =
|
|
958
|
+
currentTokens.accessTokenExpirationTime - Date.now();
|
|
959
|
+
|
|
960
|
+
if (msBeforeExpirationOfTheAccessToken > 30_000) {
|
|
961
|
+
break renew_tokens;
|
|
962
|
+
}
|
|
963
|
+
}
|
|
964
|
+
|
|
965
|
+
{
|
|
966
|
+
const msElapsedSinceCurrentTokenWereIssued = Date.now() - currentTokens.issuedAtTime;
|
|
967
|
+
|
|
968
|
+
if (msElapsedSinceCurrentTokenWereIssued < 5_000) {
|
|
969
|
+
break renew_tokens;
|
|
970
|
+
}
|
|
971
|
+
}
|
|
972
|
+
|
|
982
973
|
await oidc_loggedIn.renewTokens();
|
|
983
974
|
}
|
|
984
975
|
|
|
@@ -1043,7 +1034,6 @@ export async function createOidc_nonMemoized<
|
|
|
1043
1034
|
|
|
1044
1035
|
notifyOtherTabsOfLogout({
|
|
1045
1036
|
configId,
|
|
1046
|
-
redirectUrl: postLogoutRedirectUrl,
|
|
1047
1037
|
sessionId
|
|
1048
1038
|
});
|
|
1049
1039
|
|
|
@@ -1061,17 +1051,42 @@ export async function createOidc_nonMemoized<
|
|
|
1061
1051
|
}) {
|
|
1062
1052
|
const { extraTokenParams } = params;
|
|
1063
1053
|
|
|
1054
|
+
const fallbackToFullPageReload = async (): Promise<never> => {
|
|
1055
|
+
persistAuthState({ configId, state: undefined });
|
|
1056
|
+
|
|
1057
|
+
await waitForAllOtherOngoingLoginOrRefreshProcessesToComplete({
|
|
1058
|
+
prUnlock: new Promise<never>(() => {})
|
|
1059
|
+
});
|
|
1060
|
+
|
|
1061
|
+
globalContext.evtRequestToPersistTokens.post({
|
|
1062
|
+
configIdOfInstancePostingTheRequest: configId
|
|
1063
|
+
});
|
|
1064
|
+
|
|
1065
|
+
await loginOrGoToAuthServer({
|
|
1066
|
+
action: "login",
|
|
1067
|
+
redirectUrl: window.location.href,
|
|
1068
|
+
doForceReloadOnBfCache: true,
|
|
1069
|
+
extraQueryParams_local: undefined,
|
|
1070
|
+
transformUrlBeforeRedirect_local: undefined,
|
|
1071
|
+
doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
|
|
1072
|
+
interaction: "directly redirect if active session show login otherwise"
|
|
1073
|
+
});
|
|
1074
|
+
assert(false, "136134");
|
|
1075
|
+
};
|
|
1076
|
+
|
|
1064
1077
|
if (!currentTokens.hasRefreshToken && !canUseIframe) {
|
|
1065
|
-
|
|
1066
|
-
|
|
1067
|
-
|
|
1068
|
-
|
|
1069
|
-
|
|
1070
|
-
|
|
1078
|
+
log?.(
|
|
1079
|
+
[
|
|
1080
|
+
"Unable to refresh tokens without a full app reload,",
|
|
1081
|
+
"because no refresh token is available",
|
|
1082
|
+
"and your app setup prevents silent sign-in via iframe.",
|
|
1083
|
+
"Your only option to refresh tokens is to call `window.location.reload()`"
|
|
1084
|
+
].join(" ")
|
|
1085
|
+
);
|
|
1071
1086
|
|
|
1072
|
-
|
|
1087
|
+
await fallbackToFullPageReload();
|
|
1073
1088
|
|
|
1074
|
-
|
|
1089
|
+
assert(false, "136135");
|
|
1075
1090
|
}
|
|
1076
1091
|
|
|
1077
1092
|
log?.("Renewing tokens");
|
|
@@ -1082,7 +1097,7 @@ export async function createOidc_nonMemoized<
|
|
|
1082
1097
|
oidcClientTsUserManager,
|
|
1083
1098
|
stateQueryParamValue_instance,
|
|
1084
1099
|
configId,
|
|
1085
|
-
|
|
1100
|
+
transformUrlBeforeRedirect,
|
|
1086
1101
|
getExtraQueryParams,
|
|
1087
1102
|
getExtraTokenParams: () => extraTokenParams,
|
|
1088
1103
|
autoLogin
|
|
@@ -1090,6 +1105,8 @@ export async function createOidc_nonMemoized<
|
|
|
1090
1105
|
|
|
1091
1106
|
if (result_loginSilent.outcome === "failure") {
|
|
1092
1107
|
completeLoginOrRefreshProcess();
|
|
1108
|
+
// NOTE: This is a configuration or network error, okay to throw,
|
|
1109
|
+
// this exception doesn't have to be handle if it fails it fails.
|
|
1093
1110
|
throw new Error(result_loginSilent.cause);
|
|
1094
1111
|
}
|
|
1095
1112
|
|
|
@@ -1122,35 +1139,27 @@ export async function createOidc_nonMemoized<
|
|
|
1122
1139
|
|
|
1123
1140
|
if (authResponse_error === undefined) {
|
|
1124
1141
|
completeLoginOrRefreshProcess();
|
|
1142
|
+
// Same here, if it fails it fails.
|
|
1125
1143
|
throw error;
|
|
1126
1144
|
}
|
|
1127
|
-
|
|
1128
|
-
oidcClientTsUser_scope = undefined;
|
|
1129
1145
|
}
|
|
1130
1146
|
|
|
1131
1147
|
if (oidcClientTsUser_scope === undefined) {
|
|
1132
|
-
|
|
1148
|
+
// NOTE: Here we got a response but it's an error, session might have been
|
|
1149
|
+
// deleted or other edge case.
|
|
1133
1150
|
|
|
1134
1151
|
completeLoginOrRefreshProcess();
|
|
1135
1152
|
|
|
1136
|
-
|
|
1137
|
-
|
|
1138
|
-
|
|
1153
|
+
log?.(
|
|
1154
|
+
[
|
|
1155
|
+
"The user is probably not logged in anymore,",
|
|
1156
|
+
"need to redirect to login pages"
|
|
1157
|
+
].join(" ")
|
|
1158
|
+
);
|
|
1139
1159
|
|
|
1140
|
-
|
|
1141
|
-
configIdOfInstancePostingTheRequest: configId
|
|
1142
|
-
});
|
|
1160
|
+
await fallbackToFullPageReload();
|
|
1143
1161
|
|
|
1144
|
-
|
|
1145
|
-
action: "login",
|
|
1146
|
-
redirectUrl: window.location.href,
|
|
1147
|
-
doForceReloadOnBfCache: true,
|
|
1148
|
-
extraQueryParams_local: undefined,
|
|
1149
|
-
transformUrlBeforeRedirect_local: undefined,
|
|
1150
|
-
doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
|
|
1151
|
-
interaction: "ensure no interaction"
|
|
1152
|
-
});
|
|
1153
|
-
assert(false, "136134");
|
|
1162
|
+
assert(false, "136135");
|
|
1154
1163
|
}
|
|
1155
1164
|
|
|
1156
1165
|
oidcClientTsUser = oidcClientTsUser_scope;
|
|
@@ -1285,84 +1294,70 @@ export async function createOidc_nonMemoized<
|
|
|
1285
1294
|
{
|
|
1286
1295
|
const { prOtherTabLogout } = getPrOtherTabLogout({
|
|
1287
1296
|
configId,
|
|
1288
|
-
homeUrl,
|
|
1289
1297
|
sessionId
|
|
1290
1298
|
});
|
|
1291
1299
|
|
|
1292
|
-
prOtherTabLogout.then(async (
|
|
1293
|
-
log?.(`Other tab has logged out,
|
|
1300
|
+
prOtherTabLogout.then(async () => {
|
|
1301
|
+
log?.(`Other tab has logged out, refreshing current tab`);
|
|
1294
1302
|
|
|
1295
1303
|
await waitForAllOtherOngoingLoginOrRefreshProcessesToComplete({
|
|
1296
1304
|
prUnlock: new Promise<never>(() => {})
|
|
1297
1305
|
});
|
|
1298
1306
|
|
|
1299
|
-
|
|
1300
|
-
location.reload();
|
|
1301
|
-
});
|
|
1302
|
-
|
|
1303
|
-
window.location.href = redirectUrl;
|
|
1307
|
+
location.reload();
|
|
1304
1308
|
});
|
|
1305
1309
|
}
|
|
1306
1310
|
|
|
1307
1311
|
(function scheduleRenew() {
|
|
1308
|
-
|
|
1309
|
-
|
|
1310
|
-
|
|
1311
|
-
|
|
1312
|
-
|
|
1313
|
-
|
|
1312
|
+
if (!currentTokens.hasRefreshToken && !canUseIframe) {
|
|
1313
|
+
log?.(
|
|
1314
|
+
"Disabling token auto refresh mechanism because we have no way to do it without reloading the page"
|
|
1315
|
+
);
|
|
1316
|
+
return;
|
|
1317
|
+
}
|
|
1314
1318
|
|
|
1315
|
-
|
|
1316
|
-
|
|
1317
|
-
|
|
1318
|
-
doForceReloadOnBfCache: true,
|
|
1319
|
-
extraQueryParams_local: undefined,
|
|
1320
|
-
transformUrlBeforeRedirect_local: undefined,
|
|
1321
|
-
// NOTE: Wether or not it's the preferred behavior, pushing to history
|
|
1322
|
-
// only works on user interaction so it have to be false
|
|
1323
|
-
doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
|
|
1324
|
-
interaction: "ensure no interaction"
|
|
1325
|
-
});
|
|
1326
|
-
};
|
|
1319
|
+
const msBeforeExpiration =
|
|
1320
|
+
(currentTokens.refreshTokenExpirationTime ?? currentTokens.accessTokenExpirationTime) -
|
|
1321
|
+
Date.now();
|
|
1327
1322
|
|
|
1328
|
-
const
|
|
1323
|
+
const RENEW_MS_BEFORE_EXPIRES = 30_000;
|
|
1329
1324
|
|
|
1330
|
-
if (msBeforeExpiration <=
|
|
1325
|
+
if (msBeforeExpiration <= RENEW_MS_BEFORE_EXPIRES) {
|
|
1331
1326
|
// NOTE: We just got a new token that is about to expire. This means that
|
|
1332
1327
|
// the refresh token has reached it's max SSO time.
|
|
1333
|
-
|
|
1328
|
+
// ...or that the refresh token have a very short lifespan...
|
|
1329
|
+
// anyway, no need to keep alive, it will probably redirect on the next getTokens() or refreshTokens() call
|
|
1334
1330
|
return;
|
|
1335
1331
|
}
|
|
1336
1332
|
|
|
1337
|
-
// NOTE: We refresh the token 25 seconds before it expires.
|
|
1338
|
-
// If the token expiration time is less than 25 seconds we refresh the token when
|
|
1339
|
-
// only 1/10 of the token time is left.
|
|
1340
|
-
const renewMsBeforeExpires = Math.max(
|
|
1341
|
-
Math.min(25_000, msBeforeExpiration * 0.1),
|
|
1342
|
-
MIN_RENEW_BEFORE_EXPIRE_MS
|
|
1343
|
-
);
|
|
1344
|
-
|
|
1345
1333
|
log?.(
|
|
1346
1334
|
[
|
|
1347
1335
|
toHumanReadableDuration(msBeforeExpiration),
|
|
1348
1336
|
`before expiration of the access token.`,
|
|
1349
|
-
`Scheduling renewal ${toHumanReadableDuration(
|
|
1337
|
+
`Scheduling renewal ${toHumanReadableDuration(
|
|
1338
|
+
RENEW_MS_BEFORE_EXPIRES
|
|
1339
|
+
)} before expiration`
|
|
1350
1340
|
].join(" ")
|
|
1351
1341
|
);
|
|
1352
1342
|
|
|
1353
|
-
const timer = setTimeout(
|
|
1354
|
-
|
|
1355
|
-
|
|
1356
|
-
|
|
1357
|
-
|
|
1358
|
-
|
|
1343
|
+
const timer = setTimeout(
|
|
1344
|
+
async () => {
|
|
1345
|
+
log?.(
|
|
1346
|
+
`Renewing the access token now as it will expires in ${toHumanReadableDuration(
|
|
1347
|
+
RENEW_MS_BEFORE_EXPIRES
|
|
1348
|
+
)}`
|
|
1349
|
+
);
|
|
1359
1350
|
|
|
1360
|
-
try {
|
|
1361
1351
|
await oidc_loggedIn.renewTokens();
|
|
1362
|
-
}
|
|
1363
|
-
|
|
1364
|
-
|
|
1365
|
-
|
|
1352
|
+
},
|
|
1353
|
+
Math.min(
|
|
1354
|
+
msBeforeExpiration - RENEW_MS_BEFORE_EXPIRES,
|
|
1355
|
+
// NOTE: We want to make sure we do not overflow the setTimeout
|
|
1356
|
+
// that must be a 32 bit unsigned integer.
|
|
1357
|
+
// This can happen if the tokenExpirationTime is more than 24.8 days in the future.
|
|
1358
|
+
Math.pow(2, 31) - 1
|
|
1359
|
+
)
|
|
1360
|
+
);
|
|
1366
1361
|
|
|
1367
1362
|
const { unsubscribe: tokenChangeUnsubscribe } = oidc_loggedIn.subscribeToTokensChange(() => {
|
|
1368
1363
|
clearTimeout(timer);
|