oidc-spa 6.5.2 → 6.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. package/mock/oidc.js +6 -5
  2. package/mock/oidc.js.map +1 -1
  3. package/oidc/AuthResponse.d.ts +6 -0
  4. package/oidc/AuthResponse.js +59 -0
  5. package/oidc/AuthResponse.js.map +1 -0
  6. package/oidc/Oidc.d.ts +19 -8
  7. package/oidc/createOidc.d.ts +4 -4
  8. package/oidc/createOidc.js +359 -295
  9. package/oidc/createOidc.js.map +1 -1
  10. package/oidc/evtIsUserActive.d.ts +15 -0
  11. package/oidc/{isUserActive.js → evtIsUserActive.js} +29 -12
  12. package/oidc/evtIsUserActive.js.map +1 -0
  13. package/oidc/handleOidcCallback.d.ts +8 -1
  14. package/oidc/handleOidcCallback.js +68 -13
  15. package/oidc/handleOidcCallback.js.map +1 -1
  16. package/oidc/loginOrGoToAuthServer.d.ts +5 -4
  17. package/oidc/loginOrGoToAuthServer.js +190 -227
  18. package/oidc/loginOrGoToAuthServer.js.map +1 -1
  19. package/oidc/loginPropagationToOtherTabs.d.ts +17 -0
  20. package/oidc/loginPropagationToOtherTabs.js +41 -0
  21. package/oidc/loginPropagationToOtherTabs.js.map +1 -0
  22. package/oidc/loginSilent.d.ts +1 -5
  23. package/oidc/loginSilent.js +3 -51
  24. package/oidc/loginSilent.js.map +1 -1
  25. package/oidc/logoutPropagationToOtherTabs.js +1 -1
  26. package/oidc/logoutPropagationToOtherTabs.js.map +1 -1
  27. package/oidc/oidcClientTsUserToTokens.d.ts +1 -1
  28. package/oidc/oidcClientTsUserToTokens.js +45 -23
  29. package/oidc/oidcClientTsUserToTokens.js.map +1 -1
  30. package/oidc/ongoingLoginOrRefreshProcesses.d.ts +16 -0
  31. package/oidc/ongoingLoginOrRefreshProcesses.js +102 -0
  32. package/oidc/ongoingLoginOrRefreshProcesses.js.map +1 -0
  33. package/oidc/persistedAuthState.d.ts +16 -3
  34. package/oidc/persistedAuthState.js +35 -4
  35. package/oidc/persistedAuthState.js.map +1 -1
  36. package/package.json +36 -21
  37. package/react/react.js +8 -14
  38. package/react/react.js.map +1 -1
  39. package/src/mock/oidc.ts +14 -3
  40. package/src/oidc/AuthResponse.ts +26 -0
  41. package/src/oidc/Oidc.ts +19 -4
  42. package/src/oidc/createOidc.ts +233 -206
  43. package/src/oidc/{isUserActive.ts → evtIsUserActive.ts} +36 -10
  44. package/src/oidc/handleOidcCallback.ts +73 -12
  45. package/src/oidc/loginOrGoToAuthServer.ts +94 -87
  46. package/src/oidc/loginPropagationToOtherTabs.ts +63 -0
  47. package/src/oidc/loginSilent.ts +2 -20
  48. package/src/oidc/logoutPropagationToOtherTabs.ts +2 -2
  49. package/src/oidc/oidcClientTsUserToTokens.ts +74 -35
  50. package/src/oidc/ongoingLoginOrRefreshProcesses.ts +60 -0
  51. package/src/oidc/persistedAuthState.ts +66 -8
  52. package/src/react/react.tsx +8 -16
  53. package/src/tools/{ephemeralSessionStorage.ts → EphemeralSessionStorage.ts} +59 -27
  54. package/src/tools/Evt.ts +56 -0
  55. package/src/tools/StatefulEvt.ts +38 -0
  56. package/src/tools/subscribeToUserInteraction.ts +0 -1
  57. package/src/tools/workerTimers.ts +10 -12
  58. package/tools/EphemeralSessionStorage.d.ts +12 -0
  59. package/tools/{ephemeralSessionStorage.js → EphemeralSessionStorage.js} +29 -16
  60. package/tools/EphemeralSessionStorage.js.map +1 -0
  61. package/tools/Evt.d.ts +11 -0
  62. package/tools/{AwaitableEventEmitter.js → Evt.js} +24 -8
  63. package/tools/Evt.js.map +1 -0
  64. package/tools/StatefulEvt.d.ts +12 -0
  65. package/tools/StatefulEvt.js +24 -0
  66. package/tools/StatefulEvt.js.map +1 -0
  67. package/tools/subscribeToUserInteraction.js +2 -3
  68. package/tools/subscribeToUserInteraction.js.map +1 -1
  69. package/tools/workerTimers.js +11 -13
  70. package/tools/workerTimers.js.map +1 -1
  71. package/oidc/isUserActive.d.ts +0 -13
  72. package/oidc/isUserActive.js.map +0 -1
  73. package/src/tools/AwaitableEventEmitter.ts +0 -33
  74. package/src/tools/StatefulObservable.ts +0 -52
  75. package/tools/AwaitableEventEmitter.d.ts +0 -5
  76. package/tools/AwaitableEventEmitter.js.map +0 -1
  77. package/tools/StatefulObservable.d.ts +0 -12
  78. package/tools/StatefulObservable.js +0 -33
  79. package/tools/StatefulObservable.js.map +0 -1
  80. package/tools/ephemeralSessionStorage.d.ts +0 -3
  81. package/tools/ephemeralSessionStorage.js.map +0 -1
package/oidc/createOidc.js CHANGED
@@ -102,31 +102,33 @@ var tsafe_1 = require("../vendor/frontend/tsafe");
102
102
  var workerTimers_1 = require("../tools/workerTimers");
103
103
  var Deferred_1 = require("../tools/Deferred");
104
104
  var decodeJwt_1 = require("../tools/decodeJwt");
105
- var isUserActive_1 = require("./isUserActive");
105
+ var evtIsUserActive_1 = require("./evtIsUserActive");
106
106
  var startCountdown_1 = require("../tools/startCountdown");
107
107
  var toHumanReadableDuration_1 = require("../tools/toHumanReadableDuration");
108
108
  var toFullyQualifiedUrl_1 = require("../tools/toFullyQualifiedUrl");
109
109
  var OidcInitializationError_1 = require("./OidcInitializationError");
110
110
  var StateData_1 = require("./StateData");
111
111
  var logoutPropagationToOtherTabs_1 = require("./logoutPropagationToOtherTabs");
112
+ var loginPropagationToOtherTabs_1 = require("./loginPropagationToOtherTabs");
112
113
  var configId_1 = require("./configId");
113
114
  var oidcClientTsUserToTokens_1 = require("./oidcClientTsUserToTokens");
114
115
  var loginSilent_1 = require("./loginSilent");
116
+ var AuthResponse_1 = require("./AuthResponse");
115
117
  var handleOidcCallback_1 = require("./handleOidcCallback");
116
118
  var persistedAuthState_1 = require("./persistedAuthState");
117
- var AwaitableEventEmitter_1 = require("../tools/AwaitableEventEmitter");
119
+ var Evt_1 = require("../tools/Evt");
118
120
  var haveSharedParentDomain_1 = require("../tools/haveSharedParentDomain");
119
121
  var loginOrGoToAuthServer_1 = require("./loginOrGoToAuthServer");
120
- var ephemeralSessionStorage_1 = require("../tools/ephemeralSessionStorage");
121
- // NOTE: Replaced at build time
122
- var VERSION = "6.5.2";
122
+ var EphemeralSessionStorage_1 = require("../tools/EphemeralSessionStorage");
123
+ var ongoingLoginOrRefreshProcesses_1 = require("./ongoingLoginOrRefreshProcesses");
123
124
  (0, handleOidcCallback_1.handleOidcCallback)();
125
+ // NOTE: Replaced at build time
126
+ var VERSION = "6.6.0";
124
127
  var GLOBAL_CONTEXT_KEY = "__oidc-spa.createOidc.globalContext";
125
128
  (_a = window[GLOBAL_CONTEXT_KEY]) !== null && _a !== void 0 ? _a : (window[GLOBAL_CONTEXT_KEY] = {
126
129
  prOidcByConfigId: new Map(),
127
- evtAuthResponseHandled: (0, AwaitableEventEmitter_1.createAwaitableEventEmitter)(),
128
- $isUserActive: undefined,
129
- hasLogoutBeenCalled: false
130
+ hasLogoutBeenCalled: false,
131
+ evtRequestToPersistTokens: (0, Evt_1.createEvt)()
130
132
  });
131
133
  var globalContext = window[GLOBAL_CONTEXT_KEY];
132
134
  var MIN_RENEW_BEFORE_EXPIRE_MS = 2000;
@@ -215,10 +217,10 @@ function createOidc(params) {
215
217
  }
216
218
  function createOidc_nonMemoized(params, preProcessedParams) {
217
219
  return __awaiter(this, void 0, void 0, function () {
218
- var transformUrlBeforeRedirect, extraQueryParamsOrGetter, extraTokenParamsOrGetter, homeUrl_params, decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds, _a, autoLogoutParams, _b, autoLogin, postLoginRedirectUrl_default, __unsafe_clientSecret, _c, __unsafe_useIdTokenAsAccessToken, issuerUri, clientId, scopes, configId, log, _d, getExtraQueryParams, getExtraTokenParams, homeAndCallbackUrl, isHandled, stateQueryParamValue_instance, areThirdPartyCookiesAllowed, url1, url2, isUserStorePersistent, oidcClientTsUserManager, _e, loginOrGoToAuthServer, toCallBeforeReturningOidcLoggedIn, toCallBeforeReturningOidcNotLoggedIn, BROWSER_SESSION_NOT_FIRST_INIT_KEY, resultOfLoginProcess, common, oidc_notLoggedIn, currentTokens, autoLogoutCountdownTickCallbacks, onTokenChanges, oidc_loggedIn, sessionId, prOtherTabLogout, startCountdown_2, stopCountdown_1;
220
+ var transformUrlBeforeRedirect, extraQueryParamsOrGetter, extraTokenParamsOrGetter, homeUrl_params, decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds, _a, autoLogoutParams, _b, autoLogin, postLoginRedirectUrl_default, __unsafe_clientSecret, _c, __unsafe_useIdTokenAsAccessToken, issuerUri, clientId, scopes, configId, log, _d, getExtraQueryParams, getExtraTokenParams, homeAndCallbackUrl, isHandled, stateQueryParamValue_instance, areThirdPartyCookiesAllowed, url1, url2, isUserStoreInMemoryOnly, oidcClientTsUserManager, evtIsUserLoggedIn, loginOrGoToAuthServer, BROWSER_SESSION_NOT_FIRST_INIT_KEY, completeLoginOrRefreshProcess, resultOfLoginProcess, oidc_common, oidc_notLoggedIn, prOtherTabLogin, currentTokens, autoLogoutCountdownTickCallbacks, onTokenChanges, oidc_loggedIn, sessionId, prOtherTabLogout, startCountdown_2, stopCountdown_1, evtIsUserActive;
219
221
  var _this = this;
220
- return __generator(this, function (_f) {
221
- switch (_f.label) {
222
+ return __generator(this, function (_e) {
223
+ switch (_e.label) {
222
224
  case 0:
223
225
  transformUrlBeforeRedirect = params.transformUrlBeforeRedirect, extraQueryParamsOrGetter = params.extraQueryParams, extraTokenParamsOrGetter = params.extraTokenParams, homeUrl_params = params.homeUrl, decodedIdTokenSchema = params.decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds = params.__unsafe_ssoSessionIdleSeconds, _a = params.autoLogoutParams, autoLogoutParams = _a === void 0 ? { redirectTo: "current page" } : _a, _b = params.autoLogin, autoLogin = _b === void 0 ? false : _b, postLoginRedirectUrl_default = params.postLoginRedirectUrl, __unsafe_clientSecret = params.__unsafe_clientSecret, _c = params.__unsafe_useIdTokenAsAccessToken, __unsafe_useIdTokenAsAccessToken = _c === void 0 ? false : _c;
224
226
  issuerUri = preProcessedParams.issuerUri, clientId = preProcessedParams.clientId, scopes = preProcessedParams.scopes, configId = preProcessedParams.configId, log = preProcessedParams.log;
@@ -247,8 +249,8 @@ function createOidc_nonMemoized(params, preProcessedParams) {
247
249
  if (!isHandled) return [3 /*break*/, 2];
248
250
  return [4 /*yield*/, new Promise(function () { })];
249
251
  case 1:
250
- _f.sent();
251
- _f.label = 2;
252
+ _e.sent();
253
+ _e.label = 2;
252
254
  case 2:
253
255
  stateQueryParamValue_instance = (0, StateData_1.generateStateQueryParamValue)();
254
256
  {
@@ -269,7 +271,6 @@ function createOidc_nonMemoized(params, preProcessedParams) {
269
271
  ].join(" "));
270
272
  }
271
273
  }
272
- isUserStorePersistent = !areThirdPartyCookiesAllowed;
273
274
  oidcClientTsUserManager = new oidc_client_ts_and_jwt_decode_1.UserManager({
274
275
  stateQueryParamValue: stateQueryParamValue_instance,
275
276
  authority: issuerUri,
@@ -281,88 +282,71 @@ function createOidc_nonMemoized(params, preProcessedParams) {
281
282
  scope: Array.from(new Set(__spreadArray(["openid"], __read(scopes), false))).join(" "),
282
283
  automaticSilentRenew: false,
283
284
  userStore: new oidc_client_ts_and_jwt_decode_1.WebStorageStateStore({
284
- store: areThirdPartyCookiesAllowed
285
- ? new oidc_client_ts_and_jwt_decode_1.InMemoryWebStorage()
286
- : (0, ephemeralSessionStorage_1.createEphemeralSessionStorage)({
287
- sessionStorageTtlMs: 3 * 601000
288
- })
285
+ store: (function () {
286
+ if (areThirdPartyCookiesAllowed) {
287
+ isUserStoreInMemoryOnly = true;
288
+ return new oidc_client_ts_and_jwt_decode_1.InMemoryWebStorage();
289
+ }
290
+ isUserStoreInMemoryOnly = false;
291
+ var storage = (0, EphemeralSessionStorage_1.createEphemeralSessionStorage)({
292
+ sessionStorageTtlMs: 3 * 60000
293
+ });
294
+ var evtRequestToPersistTokens = globalContext.evtRequestToPersistTokens;
295
+ evtRequestToPersistTokens.subscribe(function (_a) {
296
+ var configIdOfInstancePostingTheRequest = _a.configIdOfInstancePostingTheRequest;
297
+ if (configIdOfInstancePostingTheRequest === configId) {
298
+ return;
299
+ }
300
+ storage.persistCurrentStateAndSubsequentChanges();
301
+ });
302
+ return storage;
303
+ })()
289
304
  }),
290
305
  stateStore: new oidc_client_ts_and_jwt_decode_1.WebStorageStateStore({ store: localStorage, prefix: StateData_1.STATE_STORE_KEY_PREFIX }),
291
306
  client_secret: __unsafe_clientSecret
292
307
  });
293
- _e = (0, loginOrGoToAuthServer_1.createLoginOrGoToAuthServer)({
308
+ evtIsUserLoggedIn = (0, Evt_1.createEvt)();
309
+ loginOrGoToAuthServer = (0, loginOrGoToAuthServer_1.createLoginOrGoToAuthServer)({
294
310
  configId: configId,
295
311
  oidcClientTsUserManager: oidcClientTsUserManager,
296
312
  getExtraQueryParams: getExtraQueryParams,
297
313
  transformUrlBeforeRedirect: transformUrlBeforeRedirect,
298
314
  homeAndCallbackUrl: homeAndCallbackUrl,
315
+ evtIsUserLoggedIn: evtIsUserLoggedIn,
299
316
  log: log
300
- }), loginOrGoToAuthServer = _e.loginOrGoToAuthServer, toCallBeforeReturningOidcLoggedIn = _e.toCallBeforeReturningOidcLoggedIn, toCallBeforeReturningOidcNotLoggedIn = _e.toCallBeforeReturningOidcNotLoggedIn;
317
+ }).loginOrGoToAuthServer;
301
318
  BROWSER_SESSION_NOT_FIRST_INIT_KEY = "oidc-spa.browser-session-not-first-init:".concat(configId);
319
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)()];
320
+ case 3:
321
+ completeLoginOrRefreshProcess = (_e.sent()).completeLoginOrRefreshProcess;
302
322
  return [4 /*yield*/, (function () { return __awaiter(_this, void 0, void 0, function () {
303
- var authResponse, stateData, evtAuthResponseHandled_1, prHandled, _a, authResponseUrl, oidcClientTsUser, error_1, error_3, authResponseUrl, _b, oidcClientTsUser, _c, _d, persistedAuthState, result_loginSilent, authResponse, authResponse_error, oidcClientTsUser, error_2;
323
+ var authResponseAndStateData, authResponse, stateData, _a, authResponseUrl, oidcClientTsUser, error_1, authResponse_error, authResponseUrl, _b, oidcClientTsUser, _c, _d, persistedAuthState, result_loginSilent, authResponse, authResponse_error, oidcClientTsUser, error_2;
304
324
  return __generator(this, function (_e) {
305
325
  switch (_e.label) {
306
326
  case 0:
307
- authResponse = (function () {
308
- var value = sessionStorage.getItem(handleOidcCallback_1.AUTH_RESPONSE_KEY);
309
- if (value === null) {
310
- return undefined;
311
- }
312
- var authResponse;
313
- try {
314
- authResponse = JSON.parse(value);
315
- (0, tsafe_1.assert)((0, tsafe_1.typeGuard)(authResponse, authResponse instanceof Object &&
316
- Object.values(authResponse).every(function (value) { return typeof value === "string"; })), "Valid json but not expected shape");
317
- }
318
- catch (error) {
319
- console.error("Failed to parse auth response from callback URL ".concat(String(error)));
320
- return undefined;
321
- }
322
- return authResponse;
323
- })();
324
- if (authResponse === undefined) {
325
- return [3 /*break*/, 15];
327
+ authResponseAndStateData = (0, handleOidcCallback_1.retrieveRedirectAuthResponseAndStateData)({ configId: configId });
328
+ if (authResponseAndStateData === undefined) {
329
+ return [3 /*break*/, 11];
326
330
  }
327
- stateData = (0, StateData_1.getStateData)({ stateQueryParamValue: authResponse["state"] });
328
- (0, tsafe_1.assert)(stateData !== undefined);
329
- (0, tsafe_1.assert)(stateData.context === "redirect");
330
- evtAuthResponseHandled_1 = globalContext.evtAuthResponseHandled;
331
- if (!(stateData.configId !== configId)) return [3 /*break*/, 4];
332
- prHandled = evtAuthResponseHandled_1.waitFor();
333
- return [4 /*yield*/, Promise.resolve()];
334
- case 1:
335
- _e.sent();
336
- if (!(sessionStorage.getItem(handleOidcCallback_1.AUTH_RESPONSE_KEY) === null)) return [3 /*break*/, 3];
337
- return [4 /*yield*/, prHandled];
338
- case 2:
339
- _e.sent();
340
- _e.label = 3;
341
- case 3: return [3 /*break*/, 15];
342
- case 4:
343
- sessionStorage.removeItem(handleOidcCallback_1.AUTH_RESPONSE_KEY);
331
+ authResponse = authResponseAndStateData.authResponse, stateData = authResponseAndStateData.stateData;
344
332
  _a = stateData.action;
345
333
  switch (_a) {
346
- case "login": return [3 /*break*/, 5];
347
- case "logout": return [3 /*break*/, 10];
334
+ case "login": return [3 /*break*/, 1];
335
+ case "logout": return [3 /*break*/, 6];
348
336
  }
349
- return [3 /*break*/, 15];
350
- case 5:
337
+ return [3 /*break*/, 11];
338
+ case 1:
351
339
  log === null || log === void 0 ? void 0 : log("Handling login redirect auth response", authResponse);
352
- authResponseUrl = (0, loginSilent_1.authResponseToUrl)(authResponse);
340
+ authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
353
341
  oidcClientTsUser = undefined;
354
- _e.label = 6;
355
- case 6:
356
- _e.trys.push([6, 8, , 9]);
357
- return [4 /*yield*/, oidcClientTsUserManager
358
- .signinRedirectCallback(authResponseUrl)
359
- .finally(function () {
360
- evtAuthResponseHandled_1.post();
361
- })];
362
- case 7:
342
+ _e.label = 2;
343
+ case 2:
344
+ _e.trys.push([2, 4, , 5]);
345
+ return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback(authResponseUrl)];
346
+ case 3:
363
347
  oidcClientTsUser = _e.sent();
364
- return [3 /*break*/, 9];
365
- case 8:
348
+ return [3 /*break*/, 5];
349
+ case 4:
366
350
  error_1 = _e.sent();
367
351
  (0, tsafe_1.assert)(error_1 instanceof Error);
368
352
  if (error_1.message === "Failed to fetch") {
@@ -372,43 +356,51 @@ function createOidc_nonMemoized(params, preProcessedParams) {
372
356
  })];
373
357
  }
374
358
  {
375
- error_3 = authResponse["error"];
376
- if (error_3 !== undefined) {
377
- log === null || log === void 0 ? void 0 : log("The auth server responded with: ".concat(error_3, ", trying to restore from the http only cookie"));
378
- return [3 /*break*/, 15];
359
+ authResponse_error = authResponse.error;
360
+ if (authResponse_error !== undefined) {
361
+ log === null || log === void 0 ? void 0 : log("The auth server responded with: ".concat(authResponse_error, ", trying to restore from the http only cookie"));
362
+ return [3 /*break*/, 11];
379
363
  }
380
364
  }
381
365
  return [2 /*return*/, error_1];
382
- case 9:
366
+ case 5:
383
367
  sessionStorage.removeItem(BROWSER_SESSION_NOT_FIRST_INIT_KEY);
368
+ (0, loginPropagationToOtherTabs_1.notifyOtherTabsOfLogin)({ configId: configId });
384
369
  return [2 /*return*/, {
385
370
  oidcClientTsUser: oidcClientTsUser,
386
371
  backFromAuthServer: {
387
372
  extraQueryParams: stateData.extraQueryParams,
388
- result: Object.fromEntries(Object.entries(authResponse).filter(function (_a) {
389
- var _b = __read(_a, 1), name = _b[0];
390
- return name !== "state" &&
391
- name !== "session_state" &&
392
- name !== "iss" &&
393
- name !== "code";
394
- }))
373
+ result: Object.fromEntries(Object.entries(authResponse)
374
+ .map(function (_a) {
375
+ var _b = __read(_a, 2), name = _b[0], value = _b[1];
376
+ if (name === "state" ||
377
+ name === "session_state" ||
378
+ name === "iss" ||
379
+ name === "code") {
380
+ return undefined;
381
+ }
382
+ if (value === undefined) {
383
+ return undefined;
384
+ }
385
+ return [name, value];
386
+ })
387
+ .filter(function (entry) { return entry !== undefined; }))
395
388
  }
396
389
  }];
397
- case 10:
390
+ case 6:
398
391
  log === null || log === void 0 ? void 0 : log("Handling logout redirect auth response", authResponse);
399
- authResponseUrl = (0, loginSilent_1.authResponseToUrl)(authResponse);
400
- _e.label = 11;
401
- case 11:
402
- _e.trys.push([11, 13, , 14]);
392
+ authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
393
+ _e.label = 7;
394
+ case 7:
395
+ _e.trys.push([7, 9, , 10]);
403
396
  return [4 /*yield*/, oidcClientTsUserManager.signoutRedirectCallback(authResponseUrl)];
404
- case 12:
397
+ case 8:
405
398
  _e.sent();
406
- return [3 /*break*/, 14];
407
- case 13:
399
+ return [3 /*break*/, 10];
400
+ case 9:
408
401
  _b = _e.sent();
409
- return [3 /*break*/, 14];
410
- case 14:
411
- evtAuthResponseHandled_1.post();
402
+ return [3 /*break*/, 10];
403
+ case 10:
412
404
  (0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
413
405
  configId: configId,
414
406
  redirectUrl: stateData.redirectUrl,
@@ -416,48 +408,48 @@ function createOidc_nonMemoized(params, preProcessedParams) {
416
408
  });
417
409
  // NOTE: The user is no longer logged in.
418
410
  return [2 /*return*/, undefined];
419
- case 15:
420
- if (!isUserStorePersistent) {
421
- return [3 /*break*/, 24];
411
+ case 11:
412
+ if (isUserStoreInMemoryOnly) {
413
+ return [3 /*break*/, 20];
422
414
  }
423
415
  oidcClientTsUser = void 0;
424
- _e.label = 16;
425
- case 16:
426
- _e.trys.push([16, 18, , 23]);
416
+ _e.label = 12;
417
+ case 12:
418
+ _e.trys.push([12, 14, , 19]);
427
419
  return [4 /*yield*/, oidcClientTsUserManager.getUser()];
428
- case 17:
420
+ case 13:
429
421
  oidcClientTsUser = _e.sent();
430
- return [3 /*break*/, 23];
431
- case 18:
422
+ return [3 /*break*/, 19];
423
+ case 14:
432
424
  _c = _e.sent();
433
425
  // NOTE: Not sure if it can throw, but let's be safe.
434
426
  oidcClientTsUser = null;
435
- _e.label = 19;
436
- case 19:
437
- _e.trys.push([19, 21, , 22]);
427
+ _e.label = 15;
428
+ case 15:
429
+ _e.trys.push([15, 17, , 18]);
438
430
  return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
439
- case 20:
431
+ case 16:
440
432
  _e.sent();
441
- return [3 /*break*/, 22];
442
- case 21:
433
+ return [3 /*break*/, 18];
434
+ case 17:
443
435
  _d = _e.sent();
444
- return [3 /*break*/, 22];
445
- case 22: return [3 /*break*/, 23];
446
- case 23:
436
+ return [3 /*break*/, 18];
437
+ case 18: return [3 /*break*/, 19];
438
+ case 19:
447
439
  if (oidcClientTsUser === null) {
448
- return [3 /*break*/, 24];
440
+ return [3 /*break*/, 20];
449
441
  }
450
442
  log === null || log === void 0 ? void 0 : log("Restored the auth from ephemeral session storage");
451
443
  return [2 /*return*/, {
452
444
  oidcClientTsUser: oidcClientTsUser,
453
445
  backFromAuthServer: undefined
454
446
  }];
455
- case 24:
447
+ case 20:
456
448
  log === null || log === void 0 ? void 0 : log("Trying to restore the auth from the http only cookie (silent signin with iframe)");
457
449
  persistedAuthState = (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId });
458
450
  if (persistedAuthState === "explicitly logged out") {
459
451
  log === null || log === void 0 ? void 0 : log("Skipping silent signin with iframe, the user has logged out");
460
- return [3 /*break*/, 33];
452
+ return [3 /*break*/, 30];
461
453
  }
462
454
  return [4 /*yield*/, (0, loginSilent_1.loginSilent)({
463
455
  oidcClientTsUserManager: oidcClientTsUserManager,
@@ -465,7 +457,7 @@ function createOidc_nonMemoized(params, preProcessedParams) {
465
457
  configId: configId,
466
458
  getExtraTokenParams: getExtraTokenParams
467
459
  })];
468
- case 25:
460
+ case 21:
469
461
  result_loginSilent = _e.sent();
470
462
  (0, tsafe_1.assert)(result_loginSilent.outcome !== "token refreshed using refresh token");
471
463
  if (result_loginSilent.outcome === "failure") {
@@ -486,16 +478,16 @@ function createOidc_nonMemoized(params, preProcessedParams) {
486
478
  (0, tsafe_1.assert)();
487
479
  authResponse = result_loginSilent.authResponse;
488
480
  log === null || log === void 0 ? void 0 : log("Silent signin auth response", authResponse);
489
- authResponse_error = authResponse["error"];
481
+ authResponse_error = authResponse.error;
490
482
  oidcClientTsUser = undefined;
491
- _e.label = 26;
492
- case 26:
493
- _e.trys.push([26, 28, , 29]);
494
- return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, loginSilent_1.authResponseToUrl)(authResponse))];
495
- case 27:
483
+ _e.label = 22;
484
+ case 22:
485
+ _e.trys.push([22, 24, , 25]);
486
+ return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse))];
487
+ case 23:
496
488
  oidcClientTsUser = _e.sent();
497
- return [3 /*break*/, 29];
498
- case 28:
489
+ return [3 /*break*/, 25];
490
+ case 24:
499
491
  error_2 = _e.sent();
500
492
  (0, tsafe_1.assert)(error_2 instanceof Error);
501
493
  if (error_2.message === "Failed to fetch") {
@@ -507,16 +499,27 @@ function createOidc_nonMemoized(params, preProcessedParams) {
507
499
  if (authResponse_error === undefined) {
508
500
  return [2 /*return*/, error_2];
509
501
  }
510
- return [3 /*break*/, 29];
511
- case 29:
512
- if (!(oidcClientTsUser === undefined)) return [3 /*break*/, 32];
502
+ return [3 /*break*/, 25];
503
+ case 25:
504
+ if (!(oidcClientTsUser === undefined)) return [3 /*break*/, 29];
513
505
  if (!(autoLogin ||
514
506
  (persistedAuthState === "logged in" &&
515
507
  (authResponse_error === "interaction_required" ||
516
508
  authResponse_error === "login_required" ||
517
509
  authResponse_error === "consent_required" ||
518
- authResponse_error === "account_selection_required")))) return [3 /*break*/, 31];
510
+ authResponse_error === "account_selection_required")))) return [3 /*break*/, 28];
519
511
  (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
512
+ completeLoginOrRefreshProcess();
513
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
514
+ prUnlock: new Promise(function () { })
515
+ })];
516
+ case 26:
517
+ _e.sent();
518
+ if (persistedAuthState === "logged in") {
519
+ globalContext.evtRequestToPersistTokens.post({
520
+ configIdOfInstancePostingTheRequest: configId
521
+ });
522
+ }
520
523
  return [4 /*yield*/, loginOrGoToAuthServer({
521
524
  action: "login",
522
525
  doForceReloadOnBfCache: true,
@@ -526,77 +529,39 @@ function createOidc_nonMemoized(params, preProcessedParams) {
526
529
  transformUrlBeforeRedirect_local: undefined,
527
530
  doForceInteraction: false
528
531
  })];
529
- case 30:
532
+ case 27:
530
533
  _e.sent();
531
- _e.label = 31;
532
- case 31:
534
+ (0, tsafe_1.assert)(false);
535
+ _e.label = 28;
536
+ case 28:
533
537
  log === null || log === void 0 ? void 0 : log([
534
538
  "The auth server responded with: ".concat(authResponse_error, " "),
535
539
  "login_required" === authResponse_error
536
540
  ? "(login_required just means that there's no active session for the user)"
537
541
  : ""
538
542
  ].join(""));
539
- return [3 /*break*/, 33];
540
- case 32:
543
+ return [3 /*break*/, 30];
544
+ case 29:
541
545
  log === null || log === void 0 ? void 0 : log("Successful silent signed in");
542
546
  return [2 /*return*/, {
543
547
  oidcClientTsUser: oidcClientTsUser,
544
548
  backFromAuthServer: undefined
545
549
  }];
546
- case 33:
550
+ case 30:
547
551
  // NOTE: The user is not logged in.
548
552
  return [2 /*return*/, undefined];
549
553
  }
550
554
  });
551
- }); })().then(function (result) {
552
- if (result === undefined) {
553
- return undefined;
554
- }
555
- if (result instanceof Error) {
556
- return result;
557
- }
558
- var oidcClientTsUser = result.oidcClientTsUser, backFromAuthServer = result.backFromAuthServer;
559
- log_real_decoded_id_token: {
560
- if (log === undefined) {
561
- break log_real_decoded_id_token;
562
- }
563
- var idToken = oidcClientTsUser.id_token;
564
- if (idToken === undefined) {
565
- break log_real_decoded_id_token;
566
- }
567
- var decodedIdToken = (0, decodeJwt_1.decodeJwt)(idToken);
568
- log([
569
- "Decoded ID token",
570
- decodedIdTokenSchema === undefined ? "" : " before `decodedIdTokenSchema.parse()`\n",
571
- JSON.stringify(decodedIdToken, null, 2)
572
- ].join(""));
573
- if (decodedIdTokenSchema === undefined) {
574
- break log_real_decoded_id_token;
575
- }
576
- log([
577
- "Decoded ID token after `decodedIdTokenSchema.parse()`\n",
578
- JSON.stringify(decodedIdTokenSchema.parse(decodedIdToken), null, 2)
579
- ].join(""));
580
- }
581
- var tokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
582
- oidcClientTsUser: oidcClientTsUser,
583
- decodedIdTokenSchema: decodedIdTokenSchema,
584
- __unsafe_useIdTokenAsAccessToken: __unsafe_useIdTokenAsAccessToken,
585
- decodedIdToken_previous: undefined,
586
- log: log
587
- });
588
- if (tokens.refreshTokenExpirationTime < tokens.accessTokenExpirationTime) {
589
- console.warn([
590
- "The OIDC refresh token shorter than the one of the access token.",
591
- "This is very unusual and probably a misconfiguration.",
592
- "Check your oidc server configuration for ".concat(clientId, " ").concat(issuerUri)
593
- ].join(" "));
594
- }
595
- return { tokens: tokens, backFromAuthServer: backFromAuthServer };
555
+ }); })()];
556
+ case 4:
557
+ resultOfLoginProcess = _e.sent();
558
+ completeLoginOrRefreshProcess();
559
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
560
+ prUnlock: Promise.resolve()
596
561
  })];
597
- case 3:
598
- resultOfLoginProcess = _f.sent();
599
- common = {
562
+ case 5:
563
+ _e.sent();
564
+ oidc_common = {
600
565
  params: {
601
566
  issuerUri: issuerUri,
602
567
  clientId: clientId
@@ -606,6 +571,10 @@ function createOidc_nonMemoized(params, preProcessedParams) {
606
571
  if (!(resultOfLoginProcess instanceof Error) && resultOfLoginProcess !== undefined) {
607
572
  break not_loggedIn_case;
608
573
  }
574
+ evtIsUserLoggedIn.post(false);
575
+ if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== "explicitly logged out") {
576
+ (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
577
+ }
609
578
  oidc_notLoggedIn = (function () {
610
579
  if (resultOfLoginProcess instanceof Error) {
611
580
  log === null || log === void 0 ? void 0 : log("User not logged in and there was an initialization error");
@@ -625,7 +594,7 @@ function createOidc_nonMemoized(params, preProcessedParams) {
625
594
  "",
626
595
  initializationError.message
627
596
  ].join("\n"));
628
- return (0, tsafe_1.id)(__assign(__assign({}, common), { isUserLoggedIn: false, login: function () { return __awaiter(_this, void 0, void 0, function () {
597
+ return (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: false, login: function () { return __awaiter(_this, void 0, void 0, function () {
629
598
  return __generator(this, function (_a) {
630
599
  alert("Authentication is currently unavailable. Please try again later.");
631
600
  return [2 /*return*/, new Promise(function () { })];
@@ -634,34 +603,80 @@ function createOidc_nonMemoized(params, preProcessedParams) {
634
603
  }
635
604
  if (resultOfLoginProcess === undefined) {
636
605
  log === null || log === void 0 ? void 0 : log("User not logged in");
637
- return (0, tsafe_1.id)(__assign(__assign({}, common), { isUserLoggedIn: false, login: function (_a) {
638
- var _b;
639
- var doesCurrentHrefRequiresAuth = _a.doesCurrentHrefRequiresAuth, extraQueryParams = _a.extraQueryParams, redirectUrl = _a.redirectUrl, transformUrlBeforeRedirect = _a.transformUrlBeforeRedirect;
640
- return loginOrGoToAuthServer({
641
- action: "login",
642
- doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: doesCurrentHrefRequiresAuth,
643
- doForceReloadOnBfCache: false,
644
- redirectUrl: (_b = redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : postLoginRedirectUrl_default) !== null && _b !== void 0 ? _b : window.location.href,
645
- extraQueryParams_local: extraQueryParams,
646
- transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
647
- doForceInteraction: (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) === "explicitly logged out"
606
+ return (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: false, login: function (_a) { return __awaiter(_this, [_a], void 0, function (_b) {
607
+ var _c;
608
+ var doesCurrentHrefRequiresAuth = _b.doesCurrentHrefRequiresAuth, extraQueryParams = _b.extraQueryParams, redirectUrl = _b.redirectUrl, transformUrlBeforeRedirect = _b.transformUrlBeforeRedirect;
609
+ return __generator(this, function (_d) {
610
+ switch (_d.label) {
611
+ case 0: return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
612
+ prUnlock: (0, loginOrGoToAuthServer_1.getPrSafelyRestoredFromBfCacheAfterLoginBackNavigation)()
613
+ })];
614
+ case 1:
615
+ _d.sent();
616
+ return [2 /*return*/, loginOrGoToAuthServer({
617
+ action: "login",
618
+ doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: doesCurrentHrefRequiresAuth,
619
+ doForceReloadOnBfCache: false,
620
+ redirectUrl: (_c = redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : postLoginRedirectUrl_default) !== null && _c !== void 0 ? _c : window.location.href,
621
+ extraQueryParams_local: extraQueryParams,
622
+ transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
623
+ doForceInteraction: (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) === "explicitly logged out"
624
+ })];
625
+ }
648
626
  });
649
- }, initializationError: undefined }));
627
+ }); }, initializationError: undefined }));
650
628
  }
651
629
  (0, tsafe_1.assert)(false);
652
630
  })();
653
- if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== "explicitly logged out") {
654
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
631
+ {
632
+ prOtherTabLogin = (0, loginPropagationToOtherTabs_1.getPrOtherTabLogin)({
633
+ configId: configId
634
+ }).prOtherTabLogin;
635
+ prOtherTabLogin.then(function () { return __awaiter(_this, void 0, void 0, function () {
636
+ return __generator(this, function (_a) {
637
+ switch (_a.label) {
638
+ case 0:
639
+ log === null || log === void 0 ? void 0 : log("Other tab has logged in, reloading this tab");
640
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
641
+ prUnlock: new Promise(function () { })
642
+ })];
643
+ case 1:
644
+ _a.sent();
645
+ window.location.reload();
646
+ return [2 /*return*/];
647
+ }
648
+ });
649
+ }); });
655
650
  }
656
- toCallBeforeReturningOidcNotLoggedIn();
657
651
  // @ts-expect-error: We know what we're doing
658
652
  return [2 /*return*/, oidc_notLoggedIn];
659
653
  }
660
654
  log === null || log === void 0 ? void 0 : log("User is logged in");
661
- currentTokens = resultOfLoginProcess.tokens;
655
+ evtIsUserLoggedIn.post(true);
656
+ currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
657
+ oidcClientTsUser: resultOfLoginProcess.oidcClientTsUser,
658
+ decodedIdTokenSchema: decodedIdTokenSchema,
659
+ __unsafe_useIdTokenAsAccessToken: __unsafe_useIdTokenAsAccessToken,
660
+ decodedIdToken_previous: undefined,
661
+ log: log
662
+ });
663
+ {
664
+ if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== undefined) {
665
+ (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
666
+ }
667
+ if (!areThirdPartyCookiesAllowed) {
668
+ (0, persistedAuthState_1.persistAuthState)({
669
+ configId: configId,
670
+ state: {
671
+ stateDescription: "logged in",
672
+ untilTime: currentTokens.refreshTokenExpirationTime
673
+ }
674
+ });
675
+ }
676
+ }
662
677
  autoLogoutCountdownTickCallbacks = new Set();
663
678
  onTokenChanges = new Set();
664
- oidc_loggedIn = (0, tsafe_1.id)(__assign(__assign({}, common), { isUserLoggedIn: true, getTokens: function () { return currentTokens; }, getTokens_next: function () { return __awaiter(_this, void 0, void 0, function () {
679
+ oidc_loggedIn = (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: true, getTokens: function () { return currentTokens; }, getTokens_next: function () { return __awaiter(_this, void 0, void 0, function () {
665
680
  return __generator(this, function (_a) {
666
681
  switch (_a.label) {
667
682
  case 0:
@@ -674,7 +689,7 @@ function createOidc_nonMemoized(params, preProcessedParams) {
674
689
  }
675
690
  });
676
691
  }); }, getDecodedIdToken: function () { return currentTokens.decodedIdToken; }, logout: function (params) { return __awaiter(_this, void 0, void 0, function () {
677
- var postLogoutRedirectUrl, error_4, _a;
692
+ var postLogoutRedirectUrl, error_3, _a;
678
693
  return __generator(this, function (_b) {
679
694
  switch (_b.label) {
680
695
  case 0:
@@ -683,11 +698,6 @@ function createOidc_nonMemoized(params, preProcessedParams) {
683
698
  return [2 /*return*/, new Promise(function () { })];
684
699
  }
685
700
  globalContext.hasLogoutBeenCalled = true;
686
- document.addEventListener("visibilitychange", function () {
687
- if (document.visibilityState === "visible") {
688
- location.reload();
689
- }
690
- });
691
701
  postLogoutRedirectUrl = (function () {
692
702
  switch (params.redirectTo) {
693
703
  case "current page":
@@ -701,9 +711,17 @@ function createOidc_nonMemoized(params, preProcessedParams) {
701
711
  });
702
712
  }
703
713
  })();
704
- _b.label = 1;
714
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
715
+ prUnlock: new Promise(function () { })
716
+ })];
705
717
  case 1:
706
- _b.trys.push([1, 3, , 10]);
718
+ _b.sent();
719
+ window.addEventListener("pageshow", function () {
720
+ location.reload();
721
+ });
722
+ _b.label = 2;
723
+ case 2:
724
+ _b.trys.push([2, 4, , 11]);
707
725
  return [4 /*yield*/, oidcClientTsUserManager.signoutRedirect({
708
726
  state: (0, tsafe_1.id)({
709
727
  configId: configId,
@@ -715,89 +733,108 @@ function createOidc_nonMemoized(params, preProcessedParams) {
715
733
  }),
716
734
  redirectMethod: "assign"
717
735
  })];
718
- case 2:
719
- _b.sent();
720
- return [3 /*break*/, 10];
721
736
  case 3:
722
- error_4 = _b.sent();
723
- (0, tsafe_1.assert)((0, tsafe_1.is)(error_4));
724
- if (!(error_4.message === "No end session endpoint")) return [3 /*break*/, 8];
725
- log === null || log === void 0 ? void 0 : log("No end session endpoint, managing logging state locally");
726
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: "explicitly logged out" });
727
- _b.label = 4;
737
+ _b.sent();
738
+ return [3 /*break*/, 11];
728
739
  case 4:
729
- _b.trys.push([4, 6, , 7]);
730
- return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
740
+ error_3 = _b.sent();
741
+ (0, tsafe_1.assert)((0, tsafe_1.is)(error_3));
742
+ if (!(error_3.message === "No end session endpoint")) return [3 /*break*/, 9];
743
+ log === null || log === void 0 ? void 0 : log("No end session endpoint, managing logging state locally");
744
+ (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: { stateDescription: "explicitly logged out" } });
745
+ _b.label = 5;
731
746
  case 5:
732
- _b.sent();
733
- return [3 /*break*/, 7];
747
+ _b.trys.push([5, 7, , 8]);
748
+ return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
734
749
  case 6:
735
- _a = _b.sent();
736
- return [3 /*break*/, 7];
750
+ _b.sent();
751
+ return [3 /*break*/, 8];
737
752
  case 7:
753
+ _a = _b.sent();
754
+ return [3 /*break*/, 8];
755
+ case 8:
756
+ (0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
757
+ configId: configId,
758
+ redirectUrl: postLogoutRedirectUrl,
759
+ sessionId: sessionId
760
+ });
738
761
  window.location.href = postLogoutRedirectUrl;
739
- return [3 /*break*/, 9];
740
- case 8: throw error_4;
741
- case 9: return [3 /*break*/, 10];
742
- case 10: return [2 /*return*/, new Promise(function () { })];
762
+ return [3 /*break*/, 10];
763
+ case 9: throw error_3;
764
+ case 10: return [3 /*break*/, 11];
765
+ case 11: return [2 /*return*/, new Promise(function () { })];
743
766
  }
744
767
  });
745
768
  }); }, renewTokens: (function () {
746
769
  function renewTokens_nonMutexed(params) {
747
770
  return __awaiter(this, void 0, void 0, function () {
748
- var extraTokenParams, result_loginSilent, oidcClientTsUser, _a, authResponse, authResponse_error, oidcClientTsUser_scope, error_5;
771
+ var extraTokenParams, completeLoginOrRefreshProcess, result_loginSilent, oidcClientTsUser, _a, authResponse, authResponse_error, oidcClientTsUser_scope, error_4;
749
772
  return __generator(this, function (_b) {
750
773
  switch (_b.label) {
751
774
  case 0:
752
775
  extraTokenParams = params.extraTokenParams;
753
776
  log === null || log === void 0 ? void 0 : log("Renewing tokens");
777
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)()];
778
+ case 1:
779
+ completeLoginOrRefreshProcess = (_b.sent()).completeLoginOrRefreshProcess;
754
780
  return [4 /*yield*/, (0, loginSilent_1.loginSilent)({
755
781
  oidcClientTsUserManager: oidcClientTsUserManager,
756
782
  stateQueryParamValue_instance: stateQueryParamValue_instance,
757
783
  configId: configId,
758
784
  getExtraTokenParams: function () { return extraTokenParams; }
759
785
  })];
760
- case 1:
786
+ case 2:
761
787
  result_loginSilent = _b.sent();
762
788
  if (result_loginSilent.outcome === "failure") {
789
+ completeLoginOrRefreshProcess();
763
790
  throw new Error(result_loginSilent.cause);
764
791
  }
765
792
  _a = result_loginSilent.outcome;
766
793
  switch (_a) {
767
- case "token refreshed using refresh token": return [3 /*break*/, 2];
768
- case "got auth response from iframe": return [3 /*break*/, 3];
794
+ case "token refreshed using refresh token": return [3 /*break*/, 3];
795
+ case "got auth response from iframe": return [3 /*break*/, 4];
769
796
  }
770
- return [3 /*break*/, 10];
771
- case 2:
797
+ return [3 /*break*/, 12];
798
+ case 3:
772
799
  {
773
800
  log === null || log === void 0 ? void 0 : log("Refresh token used");
774
801
  oidcClientTsUser = result_loginSilent.oidcClientTsUser;
775
802
  }
776
- return [3 /*break*/, 11];
777
- case 3:
803
+ return [3 /*break*/, 13];
804
+ case 4:
778
805
  authResponse = result_loginSilent.authResponse;
779
806
  log === null || log === void 0 ? void 0 : log("Tokens refresh using iframe", authResponse);
780
- authResponse_error = authResponse["error"];
807
+ authResponse_error = authResponse.error;
781
808
  oidcClientTsUser_scope = undefined;
782
- _b.label = 4;
783
- case 4:
784
- _b.trys.push([4, 6, , 7]);
785
- return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, loginSilent_1.authResponseToUrl)(authResponse))];
809
+ _b.label = 5;
786
810
  case 5:
811
+ _b.trys.push([5, 7, , 8]);
812
+ return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse))];
813
+ case 6:
787
814
  oidcClientTsUser_scope =
788
815
  _b.sent();
789
- return [3 /*break*/, 7];
790
- case 6:
791
- error_5 = _b.sent();
792
- (0, tsafe_1.assert)(error_5 instanceof Error);
816
+ return [3 /*break*/, 8];
817
+ case 7:
818
+ error_4 = _b.sent();
819
+ (0, tsafe_1.assert)(error_4 instanceof Error);
793
820
  if (authResponse_error === undefined) {
794
- throw error_5;
821
+ completeLoginOrRefreshProcess();
822
+ throw error_4;
795
823
  }
796
824
  oidcClientTsUser_scope = undefined;
797
- return [3 /*break*/, 7];
798
- case 7:
799
- if (!(oidcClientTsUser_scope === undefined)) return [3 /*break*/, 9];
825
+ return [3 /*break*/, 8];
826
+ case 8:
827
+ if (!(oidcClientTsUser_scope === undefined)) return [3 /*break*/, 11];
800
828
  (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
829
+ completeLoginOrRefreshProcess();
830
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
831
+ prUnlock: new Promise(function () { })
832
+ })];
833
+ case 9:
834
+ _b.sent();
835
+ globalContext.evtRequestToPersistTokens.post({
836
+ configIdOfInstancePostingTheRequest: configId
837
+ });
801
838
  return [4 /*yield*/, loginOrGoToAuthServer({
802
839
  action: "login",
803
840
  redirectUrl: window.location.href,
@@ -807,17 +844,17 @@ function createOidc_nonMemoized(params, preProcessedParams) {
807
844
  doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
808
845
  doForceInteraction: false
809
846
  })];
810
- case 8:
847
+ case 10:
811
848
  _b.sent();
812
849
  (0, tsafe_1.assert)(false);
813
- _b.label = 9;
814
- case 9:
850
+ _b.label = 11;
851
+ case 11:
815
852
  oidcClientTsUser = oidcClientTsUser_scope;
816
- return [3 /*break*/, 11];
817
- case 10:
853
+ return [3 /*break*/, 13];
854
+ case 12:
818
855
  (0, tsafe_1.assert)(false);
819
- return [3 /*break*/, 11];
820
- case 11:
856
+ return [3 /*break*/, 13];
857
+ case 13:
821
858
  currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
822
859
  oidcClientTsUser: oidcClientTsUser,
823
860
  decodedIdTokenSchema: decodedIdTokenSchema,
@@ -825,7 +862,17 @@ function createOidc_nonMemoized(params, preProcessedParams) {
825
862
  decodedIdToken_previous: currentTokens.decodedIdToken,
826
863
  log: log
827
864
  });
865
+ if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== undefined) {
866
+ (0, persistedAuthState_1.persistAuthState)({
867
+ configId: configId,
868
+ state: {
869
+ stateDescription: "logged in",
870
+ untilTime: currentTokens.refreshTokenExpirationTime
871
+ }
872
+ });
873
+ }
828
874
  Array.from(onTokenChanges).forEach(function (onTokenChange) { return onTokenChange(currentTokens); });
875
+ completeLoginOrRefreshProcess();
829
876
  return [2 /*return*/];
830
877
  }
831
878
  });
@@ -921,28 +968,51 @@ function createOidc_nonMemoized(params, preProcessedParams) {
921
968
  homeUrl: homeAndCallbackUrl,
922
969
  sessionId: sessionId
923
970
  }).prOtherTabLogout;
924
- prOtherTabLogout.then(function (_a) {
925
- var redirectUrl = _a.redirectUrl;
926
- log === null || log === void 0 ? void 0 : log("Other tab has logged out, redirecting to ".concat(redirectUrl));
927
- window.location.href = redirectUrl;
928
- });
971
+ prOtherTabLogout.then(function (_a) { return __awaiter(_this, [_a], void 0, function (_b) {
972
+ var redirectUrl = _b.redirectUrl;
973
+ return __generator(this, function (_c) {
974
+ switch (_c.label) {
975
+ case 0:
976
+ log === null || log === void 0 ? void 0 : log("Other tab has logged out, redirecting to ".concat(redirectUrl));
977
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
978
+ prUnlock: new Promise(function () { })
979
+ })];
980
+ case 1:
981
+ _c.sent();
982
+ window.addEventListener("pageshow", function () {
983
+ location.reload();
984
+ });
985
+ window.location.href = redirectUrl;
986
+ return [2 /*return*/];
987
+ }
988
+ });
989
+ }); });
929
990
  }
930
991
  (function scheduleRenew() {
931
992
  var _this = this;
932
- var login_dueToExpiration = function () {
933
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
934
- return loginOrGoToAuthServer({
935
- action: "login",
936
- redirectUrl: window.location.href,
937
- doForceReloadOnBfCache: true,
938
- extraQueryParams_local: undefined,
939
- transformUrlBeforeRedirect_local: undefined,
940
- // NOTE: Wether or not it's the preferred behavior, pushing to history
941
- // only works on user interaction so it have to be false
942
- doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
943
- doForceInteraction: true
993
+ var login_dueToExpiration = function () { return __awaiter(_this, void 0, void 0, function () {
994
+ return __generator(this, function (_a) {
995
+ switch (_a.label) {
996
+ case 0: return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
997
+ prUnlock: new Promise(function () { })
998
+ })];
999
+ case 1:
1000
+ _a.sent();
1001
+ (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
1002
+ return [2 /*return*/, loginOrGoToAuthServer({
1003
+ action: "login",
1004
+ redirectUrl: window.location.href,
1005
+ doForceReloadOnBfCache: true,
1006
+ extraQueryParams_local: undefined,
1007
+ transformUrlBeforeRedirect_local: undefined,
1008
+ // NOTE: Wether or not it's the preferred behavior, pushing to history
1009
+ // only works on user interaction so it have to be false
1010
+ doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
1011
+ doForceInteraction: true
1012
+ })];
1013
+ }
944
1014
  });
945
- };
1015
+ }); };
946
1016
  var msBeforeExpiration = (0, oidcClientTsUserToTokens_1.getMsBeforeExpiration)(currentTokens);
947
1017
  if (msBeforeExpiration <= MIN_RENEW_BEFORE_EXPIRE_MS) {
948
1018
  // NOTE: We just got a new token that is about to expire. This means that
@@ -989,8 +1059,11 @@ function createOidc_nonMemoized(params, preProcessedParams) {
989
1059
  }).unsubscribe;
990
1060
  })();
991
1061
  auto_logout: {
992
- if (currentTokens.refreshToken === "" && __unsafe_ssoSessionIdleSeconds === undefined) {
993
- log === null || log === void 0 ? void 0 : log("No refresh token, and ____unsafe_ssoSessionIdleSeconds was not set, auto logout non applicable");
1062
+ if ((!currentTokens.hasRefreshToken || currentTokens.refreshTokenExpirationTime === undefined) &&
1063
+ __unsafe_ssoSessionIdleSeconds === undefined) {
1064
+ log === null || log === void 0 ? void 0 : log("".concat(currentTokens.hasRefreshToken
1065
+ ? "The refresh token is opaque, we can't read it's expiration time"
1066
+ : "No refresh token", ", and __unsafe_ssoSessionIdleSeconds was not set, can't implement auto logout mechanism"));
994
1067
  break auto_logout;
995
1068
  }
996
1069
  startCountdown_2 = (0, startCountdown_1.createStartCountdown)({
@@ -998,7 +1071,9 @@ function createOidc_nonMemoized(params, preProcessedParams) {
998
1071
  var getCountdownEndTime = function () {
999
1072
  return __unsafe_ssoSessionIdleSeconds !== undefined
1000
1073
  ? Date.now() + __unsafe_ssoSessionIdleSeconds * 1000
1001
- : currentTokens.refreshTokenExpirationTime;
1074
+ : ((0, tsafe_1.assert)(currentTokens.hasRefreshToken),
1075
+ (0, tsafe_1.assert)(currentTokens.refreshTokenExpirationTime !== undefined),
1076
+ currentTokens.refreshTokenExpirationTime);
1002
1077
  };
1003
1078
  var durationBeforeAutoLogout = (0, toHumanReadableDuration_1.toHumanReadableDuration)(getCountdownEndTime() - Date.now());
1004
1079
  log === null || log === void 0 ? void 0 : log([
@@ -1022,13 +1097,11 @@ function createOidc_nonMemoized(params, preProcessedParams) {
1022
1097
  }
1023
1098
  }).startCountdown;
1024
1099
  stopCountdown_1 = undefined;
1025
- if (globalContext.$isUserActive === undefined) {
1026
- globalContext.$isUserActive = (0, isUserActive_1.create$isUserActive)({
1027
- configId: configId,
1028
- sessionId: sessionId
1029
- });
1030
- }
1031
- globalContext.$isUserActive.subscribe(function (isUserActive) {
1100
+ evtIsUserActive = (0, evtIsUserActive_1.createEvtIsUserActive)({
1101
+ configId: configId,
1102
+ sessionId: sessionId
1103
+ });
1104
+ evtIsUserActive.subscribe(function (isUserActive) {
1032
1105
  if (isUserActive) {
1033
1106
  if (stopCountdown_1 !== undefined) {
1034
1107
  stopCountdown_1();
@@ -1041,15 +1114,6 @@ function createOidc_nonMemoized(params, preProcessedParams) {
1041
1114
  }
1042
1115
  });
1043
1116
  }
1044
- {
1045
- if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== undefined) {
1046
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
1047
- }
1048
- if (!areThirdPartyCookiesAllowed) {
1049
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: "logged in" });
1050
- }
1051
- }
1052
- toCallBeforeReturningOidcLoggedIn();
1053
1117
  return [2 /*return*/, oidc_loggedIn];
1054
1118
  }
1055
1119
  });