oidc-spa 6.15.1 → 7.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/README.md +12 -13
  2. package/core/Oidc.d.ts +24 -12
  3. package/core/createOidc.d.ts +15 -30
  4. package/core/createOidc.js +184 -146
  5. package/core/createOidc.js.map +1 -1
  6. package/core/handleOidcCallback.js +2 -29
  7. package/core/handleOidcCallback.js.map +1 -1
  8. package/core/loginOrGoToAuthServer.d.ts +1 -2
  9. package/core/loginOrGoToAuthServer.js +10 -10
  10. package/core/loginOrGoToAuthServer.js.map +1 -1
  11. package/core/loginSilent.d.ts +1 -1
  12. package/core/loginSilent.js +4 -4
  13. package/core/loginSilent.js.map +1 -1
  14. package/core/oidcClientTsUserToTokens.d.ts +1 -2
  15. package/core/oidcClientTsUserToTokens.js +93 -58
  16. package/core/oidcClientTsUserToTokens.js.map +1 -1
  17. package/mock/oidc.d.ts +1 -1
  18. package/mock/oidc.js +29 -19
  19. package/mock/oidc.js.map +1 -1
  20. package/package.json +1 -5
  21. package/react/react.d.ts +9 -14
  22. package/react/react.js +32 -60
  23. package/react/react.js.map +1 -1
  24. package/src/core/Oidc.ts +27 -14
  25. package/src/core/createOidc.ts +189 -149
  26. package/src/core/handleOidcCallback.ts +2 -55
  27. package/src/core/loginOrGoToAuthServer.ts +10 -11
  28. package/src/core/loginSilent.ts +4 -4
  29. package/src/core/oidcClientTsUserToTokens.ts +129 -82
  30. package/src/mock/oidc.ts +16 -6
  31. package/src/react/react.tsx +52 -80
  32. package/src/tools/readExpirationTimeInJwt.ts +4 -5
  33. package/src/tools/startCountdown.ts +4 -5
  34. package/tools/readExpirationTimeInJwt.js +4 -4
  35. package/tools/readExpirationTimeInJwt.js.map +1 -1
  36. package/tools/startCountdown.d.ts +3 -2
  37. package/tools/startCountdown.js +4 -4
  38. package/tools/startCountdown.js.map +1 -1
  39. package/vendor/frontend/oidc-client-ts-and-jwt-decode.js +1 -1
  40. package/core/debug966975.d.ts +0 -7
  41. package/core/debug966975.js +0 -88
  42. package/core/debug966975.js.map +0 -1
  43. package/src/core/debug966975.ts +0 -85
package/core/createOidc.js CHANGED
@@ -100,7 +100,6 @@ var oidc_client_ts_and_jwt_decode_1 = require("../vendor/frontend/oidc-client-ts
100
100
  var tsafe_1 = require("../vendor/frontend/tsafe");
101
101
  var workerTimers_1 = require("../tools/workerTimers");
102
102
  var Deferred_1 = require("../tools/Deferred");
103
- var decodeJwt_1 = require("../tools/decodeJwt");
104
103
  var evtIsUserActive_1 = require("./evtIsUserActive");
105
104
  var startCountdown_1 = require("../tools/startCountdown");
106
105
  var toHumanReadableDuration_1 = require("../tools/toHumanReadableDuration");
@@ -125,13 +124,12 @@ var isNewBrowserSession_1 = require("./isNewBrowserSession");
125
124
  var trustedFetch_1 = require("./trustedFetch");
126
125
  (0, handleOidcCallback_1.handleOidcCallback)();
127
126
  // NOTE: Replaced at build time
128
- var VERSION = "6.15.1";
127
+ var VERSION = "7.0.1";
129
128
  var globalContext = {
130
129
  prOidcByConfigId: new Map(),
131
130
  hasLogoutBeenCalled: (0, tsafe_1.id)(false),
132
131
  evtRequestToPersistTokens: (0, Evt_1.createEvt)()
133
132
  };
134
- var MIN_RENEW_BEFORE_EXPIRE_MS = 2000;
135
133
  /** @see: https://docs.oidc-spa.dev/v/v6/usage */
136
134
  function createOidc(params) {
137
135
  return __awaiter(this, void 0, void 0, function () {
@@ -217,12 +215,12 @@ function createOidc(params) {
217
215
  }
218
216
  function createOidc_nonMemoized(params, preProcessedParams) {
219
217
  return __awaiter(this, void 0, void 0, function () {
220
- var transformUrlBeforeRedirect_next, transformUrlBeforeRedirect, extraQueryParamsOrGetter, extraTokenParamsOrGetter, homeUrl_params, __callbackUri, decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds, _a, idleSessionLifetimeInSeconds, _b, autoLogoutParams, _c, autoLogin, postLoginRedirectUrl_default, __unsafe_clientSecret, _d, __unsafe_useIdTokenAsAccessToken, __metadata, _e, noIframe, issuerUri, clientId, scopes, configId, log, getExtraQueryParams, getExtraTokenParams, homeUrl, callbackUri, isHandled, stateQueryParamValue_instance, canUseIframe, isUserStoreInMemoryOnly, oidcClientTsUserManager, evtIsUserLoggedIn, loginOrGoToAuthServer, getIsNewBrowserSession, completeLoginOrRefreshProcess, resultOfLoginProcess, oidc_common, oidc_notLoggedIn, prOtherTabLogin, currentTokens, autoLogoutCountdownTickCallbacks, onTokenChanges, _f, sessionId, subjectId, oidc_loggedIn, prOtherTabLogout, startCountdown_2, stopCountdown_1, evtIsUserActive;
218
+ var transformUrlBeforeRedirect, extraQueryParamsOrGetter, extraTokenParamsOrGetter, homeUrl_params, decodedIdTokenSchema, idleSessionLifetimeInSeconds, _a, autoLogoutParams, _b, autoLogin, postLoginRedirectUrl_default, __unsafe_clientSecret, _c, __unsafe_useIdTokenAsAccessToken, __metadata, _d, noIframe, issuerUri, clientId, scopes, configId, log, getExtraQueryParams, getExtraTokenParams, homeUrl, callbackUri, isHandled, stateQueryParamValue_instance, canUseIframe, isUserStoreInMemoryOnly, oidcClientTsUserManager, evtIsUserLoggedIn, loginOrGoToAuthServer, getIsNewBrowserSession, completeLoginOrRefreshProcess, resultOfLoginProcess, oidc_common, oidc_notLoggedIn, prOtherTabLogin, currentTokens, autoLogoutCountdownTickCallbacks, onTokenChanges, _e, sessionId, subjectId, oidc_loggedIn, prOtherTabLogout, getCurrentRefreshTokenTtlInSeconds_1, startCountdown_2, stopCountdown_1, evtIsUserActive, currentRefreshTokenTtlInSeconds;
221
219
  var _this = this;
222
- return __generator(this, function (_g) {
223
- switch (_g.label) {
220
+ return __generator(this, function (_f) {
221
+ switch (_f.label) {
224
222
  case 0:
225
- transformUrlBeforeRedirect_next = params.transformUrlBeforeRedirect_next, transformUrlBeforeRedirect = params.transformUrlBeforeRedirect, extraQueryParamsOrGetter = params.extraQueryParams, extraTokenParamsOrGetter = params.extraTokenParams, homeUrl_params = params.homeUrl, __callbackUri = params.__callbackUri, decodedIdTokenSchema = params.decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds = params.__unsafe_ssoSessionIdleSeconds, _a = params.idleSessionLifetimeInSeconds, idleSessionLifetimeInSeconds = _a === void 0 ? __unsafe_ssoSessionIdleSeconds : _a, _b = params.autoLogoutParams, autoLogoutParams = _b === void 0 ? { redirectTo: "current page" } : _b, _c = params.autoLogin, autoLogin = _c === void 0 ? false : _c, postLoginRedirectUrl_default = params.postLoginRedirectUrl, __unsafe_clientSecret = params.__unsafe_clientSecret, _d = params.__unsafe_useIdTokenAsAccessToken, __unsafe_useIdTokenAsAccessToken = _d === void 0 ? false : _d, __metadata = params.__metadata, _e = params.noIframe, noIframe = _e === void 0 ? false : _e;
223
+ transformUrlBeforeRedirect = params.transformUrlBeforeRedirect, extraQueryParamsOrGetter = params.extraQueryParams, extraTokenParamsOrGetter = params.extraTokenParams, homeUrl_params = params.homeUrl, decodedIdTokenSchema = params.decodedIdTokenSchema, idleSessionLifetimeInSeconds = params.idleSessionLifetimeInSeconds, _a = params.autoLogoutParams, autoLogoutParams = _a === void 0 ? { redirectTo: "current page" } : _a, _b = params.autoLogin, autoLogin = _b === void 0 ? false : _b, postLoginRedirectUrl_default = params.postLoginRedirectUrl, __unsafe_clientSecret = params.__unsafe_clientSecret, _c = params.__unsafe_useIdTokenAsAccessToken, __unsafe_useIdTokenAsAccessToken = _c === void 0 ? false : _c, __metadata = params.__metadata, _d = params.noIframe, noIframe = _d === void 0 ? false : _d;
226
224
  issuerUri = preProcessedParams.issuerUri, clientId = preProcessedParams.clientId, scopes = preProcessedParams.scopes, configId = preProcessedParams.configId, log = preProcessedParams.log;
227
225
  getExtraQueryParams = (function () {
228
226
  if (extraQueryParamsOrGetter === undefined) {
@@ -248,7 +246,7 @@ function createOidc_nonMemoized(params, preProcessedParams) {
248
246
  doOutputWithTrailingSlash: true
249
247
  });
250
248
  callbackUri = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
251
- urlish: __callbackUri !== null && __callbackUri !== void 0 ? __callbackUri : homeUrl,
249
+ urlish: homeUrl,
252
250
  doAssertNoQueryParams: true,
253
251
  doOutputWithTrailingSlash: true
254
252
  });
@@ -264,8 +262,8 @@ function createOidc_nonMemoized(params, preProcessedParams) {
264
262
  if (!isHandled) return [3 /*break*/, 2];
265
263
  return [4 /*yield*/, new Promise(function () { })];
266
264
  case 1:
267
- _g.sent();
268
- _g.label = 2;
265
+ _f.sent();
266
+ _f.label = 2;
269
267
  case 2:
270
268
  stateQueryParamValue_instance = (0, StateData_1.generateStateQueryParamValue)();
271
269
  canUseIframe = (function () {
@@ -343,7 +341,6 @@ function createOidc_nonMemoized(params, preProcessedParams) {
343
341
  configId: configId,
344
342
  oidcClientTsUserManager: oidcClientTsUserManager,
345
343
  transformUrlBeforeRedirect: transformUrlBeforeRedirect,
346
- transformUrlBeforeRedirect_next: transformUrlBeforeRedirect_next,
347
344
  getExtraQueryParams: getExtraQueryParams,
348
345
  getExtraTokenParams: getExtraTokenParams,
349
346
  homeUrl: homeUrl,
@@ -364,7 +361,7 @@ function createOidc_nonMemoized(params, preProcessedParams) {
364
361
  }).getIsNewBrowserSession;
365
362
  return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)()];
366
363
  case 3:
367
- completeLoginOrRefreshProcess = (_g.sent()).completeLoginOrRefreshProcess;
364
+ completeLoginOrRefreshProcess = (_f.sent()).completeLoginOrRefreshProcess;
368
365
  return [4 /*yield*/, (function () { return __awaiter(_this, void 0, void 0, function () {
369
366
  var authResponseAndStateData, authResponse, stateData, _a, authResponseUrl, oidcClientTsUser, error_1, authResponse_error, authResponseUrl, _b, oidcClientTsUser, _c, _d, persistedAuthState_2, authResponse_error, oidcClientTsUser, result_loginSilent, authResponse, error_2;
370
367
  return __generator(this, function (_e) {
@@ -514,7 +511,7 @@ function createOidc_nonMemoized(params, preProcessedParams) {
514
511
  oidcClientTsUserManager: oidcClientTsUserManager,
515
512
  stateQueryParamValue_instance: stateQueryParamValue_instance,
516
513
  configId: configId,
517
- transformUrlBeforeRedirect_next: transformUrlBeforeRedirect_next,
514
+ transformUrlBeforeRedirect: transformUrlBeforeRedirect,
518
515
  getExtraQueryParams: getExtraQueryParams,
519
516
  getExtraTokenParams: getExtraTokenParams,
520
517
  autoLogin: autoLogin
@@ -633,13 +630,13 @@ function createOidc_nonMemoized(params, preProcessedParams) {
633
630
  });
634
631
  }); })()];
635
632
  case 4:
636
- resultOfLoginProcess = _g.sent();
633
+ resultOfLoginProcess = _f.sent();
637
634
  completeLoginOrRefreshProcess();
638
635
  return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
639
636
  prUnlock: Promise.resolve()
640
637
  })];
641
638
  case 5:
642
- _g.sent();
639
+ _f.sent();
643
640
  oidc_common = {
644
641
  params: {
645
642
  issuerUri: issuerUri,
@@ -758,13 +755,26 @@ function createOidc_nonMemoized(params, preProcessedParams) {
758
755
  }
759
756
  autoLogoutCountdownTickCallbacks = new Set();
760
757
  onTokenChanges = new Set();
761
- _f = (0, decodeJwt_1.decodeJwt)(currentTokens.idToken), sessionId = _f.sid, subjectId = _f.sub;
758
+ _e = currentTokens.decodedIdToken_original, sessionId = _e.sid, subjectId = _e.sub;
762
759
  (0, tsafe_1.assert)(subjectId !== undefined, "The 'sub' claim is missing from the id token");
763
- oidc_loggedIn = (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: true, getTokens: function () { return currentTokens; }, getTokens_next: function () { return __awaiter(_this, void 0, void 0, function () {
760
+ (0, tsafe_1.assert)(sessionId === undefined || typeof sessionId === "string");
761
+ oidc_loggedIn = (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: true, getTokens: function () { return __awaiter(_this, void 0, void 0, function () {
762
+ var msBeforeExpirationOfTheAccessToken, msElapsedSinceCurrentTokenWereIssued;
764
763
  return __generator(this, function (_a) {
765
764
  switch (_a.label) {
766
765
  case 0:
767
- if (!((0, oidcClientTsUserToTokens_1.getMsBeforeExpiration)(currentTokens) <= MIN_RENEW_BEFORE_EXPIRE_MS)) return [3 /*break*/, 2];
766
+ {
767
+ msBeforeExpirationOfTheAccessToken = currentTokens.accessTokenExpirationTime - Date.now();
768
+ if (msBeforeExpirationOfTheAccessToken > 30000) {
769
+ return [3 /*break*/, 2];
770
+ }
771
+ }
772
+ {
773
+ msElapsedSinceCurrentTokenWereIssued = Date.now() - currentTokens.issuedAtTime;
774
+ if (msElapsedSinceCurrentTokenWereIssued < 5000) {
775
+ return [3 /*break*/, 2];
776
+ }
777
+ }
768
778
  return [4 /*yield*/, oidc_loggedIn.renewTokens()];
769
779
  case 1:
770
780
  _a.sent();
@@ -851,106 +861,130 @@ function createOidc_nonMemoized(params, preProcessedParams) {
851
861
  }); }, renewTokens: (function () {
852
862
  function renewTokens_nonMutexed(params) {
853
863
  return __awaiter(this, void 0, void 0, function () {
854
- var extraTokenParams, message, completeLoginOrRefreshProcess, result_loginSilent, oidcClientTsUser, _a, authResponse, authResponse_error, oidcClientTsUser_scope, error_4;
864
+ var extraTokenParams, fallbackToFullPageReload, completeLoginOrRefreshProcess, result_loginSilent, oidcClientTsUser, _a, authResponse, authResponse_error, oidcClientTsUser_scope, error_4;
865
+ var _this = this;
855
866
  return __generator(this, function (_b) {
856
867
  switch (_b.label) {
857
868
  case 0:
858
869
  extraTokenParams = params.extraTokenParams;
859
- if (!currentTokens.hasRefreshToken && !canUseIframe) {
860
- message = [
861
- "Unable to refresh tokens without a full app reload,",
862
- "because no refresh token is available",
863
- "and your app setup prevents silent sign-in via iframe.",
864
- "Your only option to refresh tokens is to call `window.location.reload()`"
865
- ].join(" ");
866
- log === null || log === void 0 ? void 0 : log(message);
867
- throw new Error(message);
868
- }
870
+ fallbackToFullPageReload = function () { return __awaiter(_this, void 0, void 0, function () {
871
+ return __generator(this, function (_a) {
872
+ switch (_a.label) {
873
+ case 0:
874
+ (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
875
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
876
+ prUnlock: new Promise(function () { })
877
+ })];
878
+ case 1:
879
+ _a.sent();
880
+ globalContext.evtRequestToPersistTokens.post({
881
+ configIdOfInstancePostingTheRequest: configId
882
+ });
883
+ return [4 /*yield*/, loginOrGoToAuthServer({
884
+ action: "login",
885
+ redirectUrl: window.location.href,
886
+ doForceReloadOnBfCache: true,
887
+ extraQueryParams_local: undefined,
888
+ transformUrlBeforeRedirect_local: undefined,
889
+ doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
890
+ interaction: "directly redirect if active session show login otherwise"
891
+ })];
892
+ case 2:
893
+ _a.sent();
894
+ (0, tsafe_1.assert)(false, "136134");
895
+ return [2 /*return*/];
896
+ }
897
+ });
898
+ }); };
899
+ if (!(!currentTokens.hasRefreshToken && !canUseIframe)) return [3 /*break*/, 2];
900
+ log === null || log === void 0 ? void 0 : log([
901
+ "Unable to refresh tokens without a full app reload,",
902
+ "because no refresh token is available",
903
+ "and your app setup prevents silent sign-in via iframe.",
904
+ "Your only option to refresh tokens is to call `window.location.reload()`"
905
+ ].join(" "));
906
+ return [4 /*yield*/, fallbackToFullPageReload()];
907
+ case 1:
908
+ _b.sent();
909
+ (0, tsafe_1.assert)(false, "136135");
910
+ _b.label = 2;
911
+ case 2:
869
912
  log === null || log === void 0 ? void 0 : log("Renewing tokens");
870
913
  return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)()];
871
- case 1:
914
+ case 3:
872
915
  completeLoginOrRefreshProcess = (_b.sent()).completeLoginOrRefreshProcess;
873
916
  return [4 /*yield*/, (0, loginSilent_1.loginSilent)({
874
917
  oidcClientTsUserManager: oidcClientTsUserManager,
875
918
  stateQueryParamValue_instance: stateQueryParamValue_instance,
876
919
  configId: configId,
877
- transformUrlBeforeRedirect_next: transformUrlBeforeRedirect_next,
920
+ transformUrlBeforeRedirect: transformUrlBeforeRedirect,
878
921
  getExtraQueryParams: getExtraQueryParams,
879
922
  getExtraTokenParams: function () { return extraTokenParams; },
880
923
  autoLogin: autoLogin
881
924
  })];
882
- case 2:
925
+ case 4:
883
926
  result_loginSilent = _b.sent();
884
927
  if (result_loginSilent.outcome === "failure") {
885
928
  completeLoginOrRefreshProcess();
929
+ // NOTE: This is a configuration or network error, okay to throw,
930
+ // this exception doesn't have to be handle if it fails it fails.
886
931
  throw new Error(result_loginSilent.cause);
887
932
  }
888
933
  _a = result_loginSilent.outcome;
889
934
  switch (_a) {
890
- case "token refreshed using refresh token": return [3 /*break*/, 3];
891
- case "got auth response from iframe": return [3 /*break*/, 4];
935
+ case "token refreshed using refresh token": return [3 /*break*/, 5];
936
+ case "got auth response from iframe": return [3 /*break*/, 6];
892
937
  }
893
- return [3 /*break*/, 12];
894
- case 3:
938
+ return [3 /*break*/, 13];
939
+ case 5:
895
940
  {
896
941
  log === null || log === void 0 ? void 0 : log("Refresh token used");
897
942
  oidcClientTsUser = result_loginSilent.oidcClientTsUser;
898
943
  }
899
- return [3 /*break*/, 13];
900
- case 4:
944
+ return [3 /*break*/, 14];
945
+ case 6:
901
946
  authResponse = result_loginSilent.authResponse;
902
947
  log === null || log === void 0 ? void 0 : log("Tokens refresh using iframe", authResponse);
903
948
  authResponse_error = authResponse.error;
904
949
  oidcClientTsUser_scope = undefined;
905
- _b.label = 5;
906
- case 5:
907
- _b.trys.push([5, 7, , 8]);
950
+ _b.label = 7;
951
+ case 7:
952
+ _b.trys.push([7, 9, , 10]);
908
953
  return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse))];
909
- case 6:
954
+ case 8:
910
955
  oidcClientTsUser_scope =
911
956
  _b.sent();
912
- return [3 /*break*/, 8];
913
- case 7:
957
+ return [3 /*break*/, 10];
958
+ case 9:
914
959
  error_4 = _b.sent();
915
960
  (0, tsafe_1.assert)(error_4 instanceof Error, "321389");
916
961
  if (authResponse_error === undefined) {
917
962
  completeLoginOrRefreshProcess();
963
+ // Same here, if it fails it fails.
918
964
  throw error_4;
919
965
  }
920
- oidcClientTsUser_scope = undefined;
921
- return [3 /*break*/, 8];
922
- case 8:
923
- if (!(oidcClientTsUser_scope === undefined)) return [3 /*break*/, 11];
924
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
925
- completeLoginOrRefreshProcess();
926
- return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
927
- prUnlock: new Promise(function () { })
928
- })];
929
- case 9:
930
- _b.sent();
931
- globalContext.evtRequestToPersistTokens.post({
932
- configIdOfInstancePostingTheRequest: configId
933
- });
934
- return [4 /*yield*/, loginOrGoToAuthServer({
935
- action: "login",
936
- redirectUrl: window.location.href,
937
- doForceReloadOnBfCache: true,
938
- extraQueryParams_local: undefined,
939
- transformUrlBeforeRedirect_local: undefined,
940
- doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
941
- interaction: "ensure no interaction"
942
- })];
966
+ return [3 /*break*/, 10];
943
967
  case 10:
944
- _b.sent();
945
- (0, tsafe_1.assert)(false, "136134");
946
- _b.label = 11;
968
+ if (!(oidcClientTsUser_scope === undefined)) return [3 /*break*/, 12];
969
+ // NOTE: Here we got a response but it's an error, session might have been
970
+ // deleted or other edge case.
971
+ completeLoginOrRefreshProcess();
972
+ log === null || log === void 0 ? void 0 : log([
973
+ "The user is probably not logged in anymore,",
974
+ "need to redirect to login pages"
975
+ ].join(" "));
976
+ return [4 /*yield*/, fallbackToFullPageReload()];
947
977
  case 11:
948
- oidcClientTsUser = oidcClientTsUser_scope;
949
- return [3 /*break*/, 13];
978
+ _b.sent();
979
+ (0, tsafe_1.assert)(false, "136135");
980
+ _b.label = 12;
950
981
  case 12:
951
- (0, tsafe_1.assert)(false);
952
- return [3 /*break*/, 13];
982
+ oidcClientTsUser = oidcClientTsUser_scope;
983
+ return [3 /*break*/, 14];
953
984
  case 13:
985
+ (0, tsafe_1.assert)(false);
986
+ return [3 /*break*/, 14];
987
+ case 14:
954
988
  currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
955
989
  oidcClientTsUser: oidcClientTsUser,
956
990
  decodedIdTokenSchema: decodedIdTokenSchema,
@@ -1077,68 +1111,67 @@ function createOidc_nonMemoized(params, preProcessedParams) {
1077
1111
  }
1078
1112
  (function scheduleRenew() {
1079
1113
  var _this = this;
1080
- var login_dueToExpiration = function () { return __awaiter(_this, void 0, void 0, function () {
1081
- return __generator(this, function (_a) {
1082
- switch (_a.label) {
1083
- case 0: return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
1084
- prUnlock: new Promise(function () { })
1085
- })];
1086
- case 1:
1087
- _a.sent();
1088
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
1089
- return [2 /*return*/, loginOrGoToAuthServer({
1090
- action: "login",
1091
- redirectUrl: window.location.href,
1092
- doForceReloadOnBfCache: true,
1093
- extraQueryParams_local: undefined,
1094
- transformUrlBeforeRedirect_local: undefined,
1095
- // NOTE: Wether or not it's the preferred behavior, pushing to history
1096
- // only works on user interaction so it have to be false
1097
- doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
1098
- interaction: "ensure no interaction"
1099
- })];
1100
- }
1101
- });
1102
- }); };
1103
- var msBeforeExpiration = (0, oidcClientTsUserToTokens_1.getMsBeforeExpiration)(currentTokens);
1104
- if (msBeforeExpiration <= MIN_RENEW_BEFORE_EXPIRE_MS) {
1114
+ var _a;
1115
+ if (!currentTokens.hasRefreshToken && !canUseIframe) {
1116
+ log === null || log === void 0 ? void 0 : log([
1117
+ "Disabling token auto refresh mechanism because we",
1118
+ "have no way to renew the tokens without a full page reload"
1119
+ ].join(" "));
1120
+ return;
1121
+ }
1122
+ var typeOfTheTokenWeGotTheTtlFrom = currentTokens.hasRefreshToken ? "refresh" : "access";
1123
+ var msBeforeExpiration = ((_a = currentTokens.refreshTokenExpirationTime) !== null && _a !== void 0 ? _a : currentTokens.accessTokenExpirationTime) -
1124
+ Date.now();
1125
+ var RENEW_MS_BEFORE_EXPIRES = 30000;
1126
+ if (msBeforeExpiration <= RENEW_MS_BEFORE_EXPIRES) {
1105
1127
  // NOTE: We just got a new token that is about to expire. This means that
1106
1128
  // the refresh token has reached it's max SSO time.
1107
- login_dueToExpiration();
1129
+ // ...or that the refresh token have a very short lifespan...
1130
+ // anyway, no need to keep alive, it will probably redirect on the next getTokens() or refreshTokens() call
1131
+ log === null || log === void 0 ? void 0 : log([
1132
+ "Disabling auto renew mechanism. We just got fresh tokens",
1133
+ (function () {
1134
+ switch (typeOfTheTokenWeGotTheTtlFrom) {
1135
+ case "refresh":
1136
+ return [
1137
+ " and the refresh token is already about to expires.",
1138
+ "This means that we have reached the max session lifespan, we can't keep",
1139
+ "the session alive any longer.",
1140
+ "(This can also mean that the refresh token was configured with a TTL,",
1141
+ "aka the idle session lifespan, too low to make sense)"
1142
+ ].join(" ");
1143
+ case "access":
1144
+ return [
1145
+ ", we have no refresh token and the access token is already about to expire",
1146
+ "we would spam the auth server by constantly renewing the access token in the background",
1147
+ "avoiding to do so."
1148
+ ].join(" ");
1149
+ }
1150
+ })()
1151
+ ].join(" "));
1108
1152
  return;
1109
1153
  }
1110
- // NOTE: We refresh the token 25 seconds before it expires.
1111
- // If the token expiration time is less than 25 seconds we refresh the token when
1112
- // only 1/10 of the token time is left.
1113
- var renewMsBeforeExpires = Math.max(Math.min(25000, msBeforeExpiration * 0.1), MIN_RENEW_BEFORE_EXPIRE_MS);
1114
1154
  log === null || log === void 0 ? void 0 : log([
1115
1155
  (0, toHumanReadableDuration_1.toHumanReadableDuration)(msBeforeExpiration),
1116
- "before expiration of the access token.",
1117
- "Scheduling renewal ".concat((0, toHumanReadableDuration_1.toHumanReadableDuration)(renewMsBeforeExpires), " before expiration")
1156
+ "before expiration of the ".concat(typeOfTheTokenWeGotTheTtlFrom, " token."),
1157
+ "Scheduling renewal ".concat((0, toHumanReadableDuration_1.toHumanReadableDuration)(RENEW_MS_BEFORE_EXPIRES), " before expiration to keep the session alive on the OIDC server.")
1118
1158
  ].join(" "));
1119
1159
  var timer = (0, workerTimers_1.setTimeout)(function () { return __awaiter(_this, void 0, void 0, function () {
1120
- var _a;
1121
- return __generator(this, function (_b) {
1122
- switch (_b.label) {
1160
+ return __generator(this, function (_a) {
1161
+ switch (_a.label) {
1123
1162
  case 0:
1124
- log === null || log === void 0 ? void 0 : log("Renewing the access token now as it will expires in ".concat((0, toHumanReadableDuration_1.toHumanReadableDuration)(renewMsBeforeExpires)));
1125
- _b.label = 1;
1126
- case 1:
1127
- _b.trys.push([1, 3, , 5]);
1163
+ log === null || log === void 0 ? void 0 : log("Renewing the ".concat(typeOfTheTokenWeGotTheTtlFrom, " token now as it will expires in ").concat((0, toHumanReadableDuration_1.toHumanReadableDuration)(RENEW_MS_BEFORE_EXPIRES)));
1128
1164
  return [4 /*yield*/, oidc_loggedIn.renewTokens()];
1129
- case 2:
1130
- _b.sent();
1131
- return [3 /*break*/, 5];
1132
- case 3:
1133
- _a = _b.sent();
1134
- return [4 /*yield*/, login_dueToExpiration()];
1135
- case 4:
1136
- _b.sent();
1137
- return [3 /*break*/, 5];
1138
- case 5: return [2 /*return*/];
1165
+ case 1:
1166
+ _a.sent();
1167
+ return [2 /*return*/];
1139
1168
  }
1140
1169
  });
1141
- }); }, msBeforeExpiration - renewMsBeforeExpires);
1170
+ }); }, Math.min(msBeforeExpiration - RENEW_MS_BEFORE_EXPIRES,
1171
+ // NOTE: We want to make sure we do not overflow the setTimeout
1172
+ // that must be a 32 bit unsigned integer.
1173
+ // This can happen if the tokenExpirationTime is more than 24.8 days in the future.
1174
+ Math.pow(2, 31) - 1));
1142
1175
  var tokenChangeUnsubscribe = oidc_loggedIn.subscribeToTokensChange(function () {
1143
1176
  (0, workerTimers_1.clearTimeout)(timer);
1144
1177
  tokenChangeUnsubscribe();
@@ -1146,33 +1179,22 @@ function createOidc_nonMemoized(params, preProcessedParams) {
1146
1179
  }).unsubscribe;
1147
1180
  })();
1148
1181
  auto_logout: {
1149
- if ((!currentTokens.hasRefreshToken || currentTokens.refreshTokenExpirationTime === undefined) &&
1150
- idleSessionLifetimeInSeconds === undefined) {
1182
+ getCurrentRefreshTokenTtlInSeconds_1 = function () {
1183
+ if (idleSessionLifetimeInSeconds !== undefined) {
1184
+ return idleSessionLifetimeInSeconds;
1185
+ }
1186
+ if (currentTokens.refreshTokenExpirationTime === undefined) {
1187
+ return undefined;
1188
+ }
1189
+ return (currentTokens.refreshTokenExpirationTime - currentTokens.issuedAtTime) / 1000;
1190
+ };
1191
+ if (getCurrentRefreshTokenTtlInSeconds_1() === undefined) {
1151
1192
  log === null || log === void 0 ? void 0 : log("".concat(currentTokens.hasRefreshToken
1152
1193
  ? "The refresh token is opaque, we can't read it's expiration time"
1153
1194
  : "No refresh token", ", and idleSessionLifetimeInSeconds was not set, can't implement auto logout mechanism"));
1154
1195
  break auto_logout;
1155
1196
  }
1156
1197
  startCountdown_2 = (0, startCountdown_1.createStartCountdown)({
1157
- getCountdownEndTime: (function () {
1158
- var getCountdownEndTime = function () {
1159
- return idleSessionLifetimeInSeconds !== undefined
1160
- ? Date.now() + idleSessionLifetimeInSeconds * 1000
1161
- : ((0, tsafe_1.assert)(currentTokens.hasRefreshToken, "230198"),
1162
- (0, tsafe_1.assert)(currentTokens.refreshTokenExpirationTime !== undefined, "435490"),
1163
- currentTokens.refreshTokenExpirationTime);
1164
- };
1165
- var durationBeforeAutoLogout = (0, toHumanReadableDuration_1.toHumanReadableDuration)(getCountdownEndTime() - Date.now());
1166
- log === null || log === void 0 ? void 0 : log([
1167
- "The user will be automatically logged out after ".concat(durationBeforeAutoLogout, " of inactivity."),
1168
- idleSessionLifetimeInSeconds === undefined
1169
- ? undefined
1170
- : "It was artificially defined by using the idleSessionLifetimeInSeconds param."
1171
- ]
1172
- .filter(function (x) { return x !== undefined; })
1173
- .join("\n"));
1174
- return getCountdownEndTime;
1175
- })(),
1176
1198
  tickCallback: function (_a) {
1177
1199
  var secondsLeft = _a.secondsLeft;
1178
1200
  Array.from(autoLogoutCountdownTickCallbacks).forEach(function (tickCallback) {
@@ -1197,9 +1219,25 @@ function createOidc_nonMemoized(params, preProcessedParams) {
1197
1219
  }
1198
1220
  else {
1199
1221
  (0, tsafe_1.assert)(stopCountdown_1 === undefined, "902992");
1200
- stopCountdown_1 = startCountdown_2().stopCountdown;
1222
+ var currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds_1();
1223
+ (0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "902992326");
1224
+ stopCountdown_1 = startCountdown_2({
1225
+ countDownFromSeconds: currentRefreshTokenTtlInSeconds
1226
+ }).stopCountdown;
1201
1227
  }
1202
1228
  });
1229
+ {
1230
+ currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds_1();
1231
+ (0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "9029923253");
1232
+ log === null || log === void 0 ? void 0 : log([
1233
+ "The user will be automatically logged out after ".concat((0, toHumanReadableDuration_1.toHumanReadableDuration)(currentRefreshTokenTtlInSeconds * 1000), " of inactivity."),
1234
+ idleSessionLifetimeInSeconds === undefined
1235
+ ? undefined
1236
+ : "It was artificially defined by using the idleSessionLifetimeInSeconds param."
1237
+ ]
1238
+ .filter(function (x) { return x !== undefined; })
1239
+ .join("\n"));
1240
+ }
1203
1241
  }
1204
1242
  return [2 /*return*/, oidc_loggedIn];
1205
1243
  }