oidc-spa 6.5.2 → 6.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. package/mock/oidc.js +6 -5
  2. package/mock/oidc.js.map +1 -1
  3. package/oidc/AuthResponse.d.ts +6 -0
  4. package/oidc/AuthResponse.js +59 -0
  5. package/oidc/AuthResponse.js.map +1 -0
  6. package/oidc/Oidc.d.ts +19 -8
  7. package/oidc/createOidc.d.ts +4 -4
  8. package/oidc/createOidc.js +366 -298
  9. package/oidc/createOidc.js.map +1 -1
  10. package/oidc/evtIsUserActive.d.ts +15 -0
  11. package/oidc/{isUserActive.js → evtIsUserActive.js} +29 -12
  12. package/oidc/evtIsUserActive.js.map +1 -0
  13. package/oidc/handleOidcCallback.d.ts +8 -1
  14. package/oidc/handleOidcCallback.js +68 -13
  15. package/oidc/handleOidcCallback.js.map +1 -1
  16. package/oidc/loginOrGoToAuthServer.d.ts +5 -4
  17. package/oidc/loginOrGoToAuthServer.js +190 -227
  18. package/oidc/loginOrGoToAuthServer.js.map +1 -1
  19. package/oidc/loginPropagationToOtherTabs.d.ts +17 -0
  20. package/oidc/loginPropagationToOtherTabs.js +41 -0
  21. package/oidc/loginPropagationToOtherTabs.js.map +1 -0
  22. package/oidc/loginSilent.d.ts +1 -5
  23. package/oidc/loginSilent.js +3 -51
  24. package/oidc/loginSilent.js.map +1 -1
  25. package/oidc/logoutPropagationToOtherTabs.js +1 -1
  26. package/oidc/logoutPropagationToOtherTabs.js.map +1 -1
  27. package/oidc/oidcClientTsUserToTokens.d.ts +1 -1
  28. package/oidc/oidcClientTsUserToTokens.js +45 -23
  29. package/oidc/oidcClientTsUserToTokens.js.map +1 -1
  30. package/oidc/ongoingLoginOrRefreshProcesses.d.ts +16 -0
  31. package/oidc/ongoingLoginOrRefreshProcesses.js +102 -0
  32. package/oidc/ongoingLoginOrRefreshProcesses.js.map +1 -0
  33. package/oidc/persistedAuthState.d.ts +16 -3
  34. package/oidc/persistedAuthState.js +35 -4
  35. package/oidc/persistedAuthState.js.map +1 -1
  36. package/package.json +36 -21
  37. package/react/react.js +8 -14
  38. package/react/react.js.map +1 -1
  39. package/src/mock/oidc.ts +14 -3
  40. package/src/oidc/AuthResponse.ts +26 -0
  41. package/src/oidc/Oidc.ts +19 -4
  42. package/src/oidc/createOidc.ts +288 -251
  43. package/src/oidc/{isUserActive.ts → evtIsUserActive.ts} +36 -10
  44. package/src/oidc/handleOidcCallback.ts +73 -12
  45. package/src/oidc/loginOrGoToAuthServer.ts +94 -87
  46. package/src/oidc/loginPropagationToOtherTabs.ts +63 -0
  47. package/src/oidc/loginSilent.ts +2 -20
  48. package/src/oidc/logoutPropagationToOtherTabs.ts +2 -2
  49. package/src/oidc/oidcClientTsUserToTokens.ts +74 -35
  50. package/src/oidc/ongoingLoginOrRefreshProcesses.ts +60 -0
  51. package/src/oidc/persistedAuthState.ts +66 -8
  52. package/src/react/react.tsx +8 -16
  53. package/src/tools/{ephemeralSessionStorage.ts → EphemeralSessionStorage.ts} +59 -27
  54. package/src/tools/Evt.ts +56 -0
  55. package/src/tools/StatefulEvt.ts +38 -0
  56. package/src/tools/subscribeToUserInteraction.ts +0 -1
  57. package/src/tools/workerTimers.ts +10 -12
  58. package/tools/EphemeralSessionStorage.d.ts +12 -0
  59. package/tools/{ephemeralSessionStorage.js → EphemeralSessionStorage.js} +29 -16
  60. package/tools/EphemeralSessionStorage.js.map +1 -0
  61. package/tools/Evt.d.ts +11 -0
  62. package/tools/{AwaitableEventEmitter.js → Evt.js} +24 -8
  63. package/tools/Evt.js.map +1 -0
  64. package/tools/StatefulEvt.d.ts +12 -0
  65. package/tools/StatefulEvt.js +24 -0
  66. package/tools/StatefulEvt.js.map +1 -0
  67. package/tools/subscribeToUserInteraction.js +2 -3
  68. package/tools/subscribeToUserInteraction.js.map +1 -1
  69. package/tools/workerTimers.js +11 -13
  70. package/tools/workerTimers.js.map +1 -1
  71. package/oidc/isUserActive.d.ts +0 -13
  72. package/oidc/isUserActive.js.map +0 -1
  73. package/src/tools/AwaitableEventEmitter.ts +0 -33
  74. package/src/tools/StatefulObservable.ts +0 -52
  75. package/tools/AwaitableEventEmitter.d.ts +0 -5
  76. package/tools/AwaitableEventEmitter.js.map +0 -1
  77. package/tools/StatefulObservable.d.ts +0 -12
  78. package/tools/StatefulObservable.js +0 -33
  79. package/tools/StatefulObservable.js.map +0 -1
  80. package/tools/ephemeralSessionStorage.d.ts +0 -3
  81. package/tools/ephemeralSessionStorage.js.map +0 -1
package/oidc/createOidc.js CHANGED
@@ -102,31 +102,33 @@ var tsafe_1 = require("../vendor/frontend/tsafe");
102
102
  var workerTimers_1 = require("../tools/workerTimers");
103
103
  var Deferred_1 = require("../tools/Deferred");
104
104
  var decodeJwt_1 = require("../tools/decodeJwt");
105
- var isUserActive_1 = require("./isUserActive");
105
+ var evtIsUserActive_1 = require("./evtIsUserActive");
106
106
  var startCountdown_1 = require("../tools/startCountdown");
107
107
  var toHumanReadableDuration_1 = require("../tools/toHumanReadableDuration");
108
108
  var toFullyQualifiedUrl_1 = require("../tools/toFullyQualifiedUrl");
109
109
  var OidcInitializationError_1 = require("./OidcInitializationError");
110
110
  var StateData_1 = require("./StateData");
111
111
  var logoutPropagationToOtherTabs_1 = require("./logoutPropagationToOtherTabs");
112
+ var loginPropagationToOtherTabs_1 = require("./loginPropagationToOtherTabs");
112
113
  var configId_1 = require("./configId");
113
114
  var oidcClientTsUserToTokens_1 = require("./oidcClientTsUserToTokens");
114
115
  var loginSilent_1 = require("./loginSilent");
116
+ var AuthResponse_1 = require("./AuthResponse");
115
117
  var handleOidcCallback_1 = require("./handleOidcCallback");
116
118
  var persistedAuthState_1 = require("./persistedAuthState");
117
- var AwaitableEventEmitter_1 = require("../tools/AwaitableEventEmitter");
119
+ var Evt_1 = require("../tools/Evt");
118
120
  var haveSharedParentDomain_1 = require("../tools/haveSharedParentDomain");
119
121
  var loginOrGoToAuthServer_1 = require("./loginOrGoToAuthServer");
120
- var ephemeralSessionStorage_1 = require("../tools/ephemeralSessionStorage");
121
- // NOTE: Replaced at build time
122
- var VERSION = "6.5.2";
122
+ var EphemeralSessionStorage_1 = require("../tools/EphemeralSessionStorage");
123
+ var ongoingLoginOrRefreshProcesses_1 = require("./ongoingLoginOrRefreshProcesses");
123
124
  (0, handleOidcCallback_1.handleOidcCallback)();
125
+ // NOTE: Replaced at build time
126
+ var VERSION = "6.6.1";
124
127
  var GLOBAL_CONTEXT_KEY = "__oidc-spa.createOidc.globalContext";
125
128
  (_a = window[GLOBAL_CONTEXT_KEY]) !== null && _a !== void 0 ? _a : (window[GLOBAL_CONTEXT_KEY] = {
126
129
  prOidcByConfigId: new Map(),
127
- evtAuthResponseHandled: (0, AwaitableEventEmitter_1.createAwaitableEventEmitter)(),
128
- $isUserActive: undefined,
129
- hasLogoutBeenCalled: false
130
+ hasLogoutBeenCalled: false,
131
+ evtRequestToPersistTokens: (0, Evt_1.createEvt)()
130
132
  });
131
133
  var globalContext = window[GLOBAL_CONTEXT_KEY];
132
134
  var MIN_RENEW_BEFORE_EXPIRE_MS = 2000;
@@ -215,10 +217,10 @@ function createOidc(params) {
215
217
  }
216
218
  function createOidc_nonMemoized(params, preProcessedParams) {
217
219
  return __awaiter(this, void 0, void 0, function () {
218
- var transformUrlBeforeRedirect, extraQueryParamsOrGetter, extraTokenParamsOrGetter, homeUrl_params, decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds, _a, autoLogoutParams, _b, autoLogin, postLoginRedirectUrl_default, __unsafe_clientSecret, _c, __unsafe_useIdTokenAsAccessToken, issuerUri, clientId, scopes, configId, log, _d, getExtraQueryParams, getExtraTokenParams, homeAndCallbackUrl, isHandled, stateQueryParamValue_instance, areThirdPartyCookiesAllowed, url1, url2, isUserStorePersistent, oidcClientTsUserManager, _e, loginOrGoToAuthServer, toCallBeforeReturningOidcLoggedIn, toCallBeforeReturningOidcNotLoggedIn, BROWSER_SESSION_NOT_FIRST_INIT_KEY, resultOfLoginProcess, common, oidc_notLoggedIn, currentTokens, autoLogoutCountdownTickCallbacks, onTokenChanges, oidc_loggedIn, sessionId, prOtherTabLogout, startCountdown_2, stopCountdown_1;
220
+ var transformUrlBeforeRedirect, extraQueryParamsOrGetter, extraTokenParamsOrGetter, homeUrl_params, decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds, _a, autoLogoutParams, _b, autoLogin, postLoginRedirectUrl_default, __unsafe_clientSecret, _c, __unsafe_useIdTokenAsAccessToken, issuerUri, clientId, scopes, configId, log, _d, getExtraQueryParams, getExtraTokenParams, homeAndCallbackUrl, isHandled, stateQueryParamValue_instance, areThirdPartyCookiesAllowed, url1, url2, isUserStoreInMemoryOnly, oidcClientTsUserManager, evtIsUserLoggedIn, loginOrGoToAuthServer, BROWSER_SESSION_NOT_FIRST_INIT_KEY, completeLoginOrRefreshProcess, resultOfLoginProcess, oidc_common, oidc_notLoggedIn, prOtherTabLogin, currentTokens, autoLogoutCountdownTickCallbacks, onTokenChanges, oidc_loggedIn, sessionId, prOtherTabLogout, startCountdown_2, stopCountdown_1, evtIsUserActive;
219
221
  var _this = this;
220
- return __generator(this, function (_f) {
221
- switch (_f.label) {
222
+ return __generator(this, function (_e) {
223
+ switch (_e.label) {
222
224
  case 0:
223
225
  transformUrlBeforeRedirect = params.transformUrlBeforeRedirect, extraQueryParamsOrGetter = params.extraQueryParams, extraTokenParamsOrGetter = params.extraTokenParams, homeUrl_params = params.homeUrl, decodedIdTokenSchema = params.decodedIdTokenSchema, __unsafe_ssoSessionIdleSeconds = params.__unsafe_ssoSessionIdleSeconds, _a = params.autoLogoutParams, autoLogoutParams = _a === void 0 ? { redirectTo: "current page" } : _a, _b = params.autoLogin, autoLogin = _b === void 0 ? false : _b, postLoginRedirectUrl_default = params.postLoginRedirectUrl, __unsafe_clientSecret = params.__unsafe_clientSecret, _c = params.__unsafe_useIdTokenAsAccessToken, __unsafe_useIdTokenAsAccessToken = _c === void 0 ? false : _c;
224
226
  issuerUri = preProcessedParams.issuerUri, clientId = preProcessedParams.clientId, scopes = preProcessedParams.scopes, configId = preProcessedParams.configId, log = preProcessedParams.log;
@@ -247,8 +249,8 @@ function createOidc_nonMemoized(params, preProcessedParams) {
247
249
  if (!isHandled) return [3 /*break*/, 2];
248
250
  return [4 /*yield*/, new Promise(function () { })];
249
251
  case 1:
250
- _f.sent();
251
- _f.label = 2;
252
+ _e.sent();
253
+ _e.label = 2;
252
254
  case 2:
253
255
  stateQueryParamValue_instance = (0, StateData_1.generateStateQueryParamValue)();
254
256
  {
@@ -269,7 +271,6 @@ function createOidc_nonMemoized(params, preProcessedParams) {
269
271
  ].join(" "));
270
272
  }
271
273
  }
272
- isUserStorePersistent = !areThirdPartyCookiesAllowed;
273
274
  oidcClientTsUserManager = new oidc_client_ts_and_jwt_decode_1.UserManager({
274
275
  stateQueryParamValue: stateQueryParamValue_instance,
275
276
  authority: issuerUri,
@@ -281,88 +282,71 @@ function createOidc_nonMemoized(params, preProcessedParams) {
281
282
  scope: Array.from(new Set(__spreadArray(["openid"], __read(scopes), false))).join(" "),
282
283
  automaticSilentRenew: false,
283
284
  userStore: new oidc_client_ts_and_jwt_decode_1.WebStorageStateStore({
284
- store: areThirdPartyCookiesAllowed
285
- ? new oidc_client_ts_and_jwt_decode_1.InMemoryWebStorage()
286
- : (0, ephemeralSessionStorage_1.createEphemeralSessionStorage)({
287
- sessionStorageTtlMs: 3 * 601000
288
- })
285
+ store: (function () {
286
+ if (areThirdPartyCookiesAllowed) {
287
+ isUserStoreInMemoryOnly = true;
288
+ return new oidc_client_ts_and_jwt_decode_1.InMemoryWebStorage();
289
+ }
290
+ isUserStoreInMemoryOnly = false;
291
+ var storage = (0, EphemeralSessionStorage_1.createEphemeralSessionStorage)({
292
+ sessionStorageTtlMs: 3 * 60000
293
+ });
294
+ var evtRequestToPersistTokens = globalContext.evtRequestToPersistTokens;
295
+ evtRequestToPersistTokens.subscribe(function (_a) {
296
+ var configIdOfInstancePostingTheRequest = _a.configIdOfInstancePostingTheRequest;
297
+ if (configIdOfInstancePostingTheRequest === configId) {
298
+ return;
299
+ }
300
+ storage.persistCurrentStateAndSubsequentChanges();
301
+ });
302
+ return storage;
303
+ })()
289
304
  }),
290
305
  stateStore: new oidc_client_ts_and_jwt_decode_1.WebStorageStateStore({ store: localStorage, prefix: StateData_1.STATE_STORE_KEY_PREFIX }),
291
306
  client_secret: __unsafe_clientSecret
292
307
  });
293
- _e = (0, loginOrGoToAuthServer_1.createLoginOrGoToAuthServer)({
308
+ evtIsUserLoggedIn = (0, Evt_1.createEvt)();
309
+ loginOrGoToAuthServer = (0, loginOrGoToAuthServer_1.createLoginOrGoToAuthServer)({
294
310
  configId: configId,
295
311
  oidcClientTsUserManager: oidcClientTsUserManager,
296
312
  getExtraQueryParams: getExtraQueryParams,
297
313
  transformUrlBeforeRedirect: transformUrlBeforeRedirect,
298
314
  homeAndCallbackUrl: homeAndCallbackUrl,
315
+ evtIsUserLoggedIn: evtIsUserLoggedIn,
299
316
  log: log
300
- }), loginOrGoToAuthServer = _e.loginOrGoToAuthServer, toCallBeforeReturningOidcLoggedIn = _e.toCallBeforeReturningOidcLoggedIn, toCallBeforeReturningOidcNotLoggedIn = _e.toCallBeforeReturningOidcNotLoggedIn;
317
+ }).loginOrGoToAuthServer;
301
318
  BROWSER_SESSION_NOT_FIRST_INIT_KEY = "oidc-spa.browser-session-not-first-init:".concat(configId);
319
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)()];
320
+ case 3:
321
+ completeLoginOrRefreshProcess = (_e.sent()).completeLoginOrRefreshProcess;
302
322
  return [4 /*yield*/, (function () { return __awaiter(_this, void 0, void 0, function () {
303
- var authResponse, stateData, evtAuthResponseHandled_1, prHandled, _a, authResponseUrl, oidcClientTsUser, error_1, error_3, authResponseUrl, _b, oidcClientTsUser, _c, _d, persistedAuthState, result_loginSilent, authResponse, authResponse_error, oidcClientTsUser, error_2;
323
+ var authResponseAndStateData, authResponse, stateData, _a, authResponseUrl, oidcClientTsUser, error_1, authResponse_error, authResponseUrl, _b, oidcClientTsUser, _c, _d, persistedAuthState, authResponse_error, oidcClientTsUser, result_loginSilent, authResponse, error_2;
304
324
  return __generator(this, function (_e) {
305
325
  switch (_e.label) {
306
326
  case 0:
307
- authResponse = (function () {
308
- var value = sessionStorage.getItem(handleOidcCallback_1.AUTH_RESPONSE_KEY);
309
- if (value === null) {
310
- return undefined;
311
- }
312
- var authResponse;
313
- try {
314
- authResponse = JSON.parse(value);
315
- (0, tsafe_1.assert)((0, tsafe_1.typeGuard)(authResponse, authResponse instanceof Object &&
316
- Object.values(authResponse).every(function (value) { return typeof value === "string"; })), "Valid json but not expected shape");
317
- }
318
- catch (error) {
319
- console.error("Failed to parse auth response from callback URL ".concat(String(error)));
320
- return undefined;
321
- }
322
- return authResponse;
323
- })();
324
- if (authResponse === undefined) {
325
- return [3 /*break*/, 15];
327
+ authResponseAndStateData = (0, handleOidcCallback_1.retrieveRedirectAuthResponseAndStateData)({ configId: configId });
328
+ if (authResponseAndStateData === undefined) {
329
+ return [3 /*break*/, 11];
326
330
  }
327
- stateData = (0, StateData_1.getStateData)({ stateQueryParamValue: authResponse["state"] });
328
- (0, tsafe_1.assert)(stateData !== undefined);
329
- (0, tsafe_1.assert)(stateData.context === "redirect");
330
- evtAuthResponseHandled_1 = globalContext.evtAuthResponseHandled;
331
- if (!(stateData.configId !== configId)) return [3 /*break*/, 4];
332
- prHandled = evtAuthResponseHandled_1.waitFor();
333
- return [4 /*yield*/, Promise.resolve()];
334
- case 1:
335
- _e.sent();
336
- if (!(sessionStorage.getItem(handleOidcCallback_1.AUTH_RESPONSE_KEY) === null)) return [3 /*break*/, 3];
337
- return [4 /*yield*/, prHandled];
338
- case 2:
339
- _e.sent();
340
- _e.label = 3;
341
- case 3: return [3 /*break*/, 15];
342
- case 4:
343
- sessionStorage.removeItem(handleOidcCallback_1.AUTH_RESPONSE_KEY);
331
+ authResponse = authResponseAndStateData.authResponse, stateData = authResponseAndStateData.stateData;
344
332
  _a = stateData.action;
345
333
  switch (_a) {
346
- case "login": return [3 /*break*/, 5];
347
- case "logout": return [3 /*break*/, 10];
334
+ case "login": return [3 /*break*/, 1];
335
+ case "logout": return [3 /*break*/, 6];
348
336
  }
349
- return [3 /*break*/, 15];
350
- case 5:
337
+ return [3 /*break*/, 11];
338
+ case 1:
351
339
  log === null || log === void 0 ? void 0 : log("Handling login redirect auth response", authResponse);
352
- authResponseUrl = (0, loginSilent_1.authResponseToUrl)(authResponse);
340
+ authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
353
341
  oidcClientTsUser = undefined;
354
- _e.label = 6;
355
- case 6:
356
- _e.trys.push([6, 8, , 9]);
357
- return [4 /*yield*/, oidcClientTsUserManager
358
- .signinRedirectCallback(authResponseUrl)
359
- .finally(function () {
360
- evtAuthResponseHandled_1.post();
361
- })];
362
- case 7:
342
+ _e.label = 2;
343
+ case 2:
344
+ _e.trys.push([2, 4, , 5]);
345
+ return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback(authResponseUrl)];
346
+ case 3:
363
347
  oidcClientTsUser = _e.sent();
364
- return [3 /*break*/, 9];
365
- case 8:
348
+ return [3 /*break*/, 5];
349
+ case 4:
366
350
  error_1 = _e.sent();
367
351
  (0, tsafe_1.assert)(error_1 instanceof Error);
368
352
  if (error_1.message === "Failed to fetch") {
@@ -372,43 +356,51 @@ function createOidc_nonMemoized(params, preProcessedParams) {
372
356
  })];
373
357
  }
374
358
  {
375
- error_3 = authResponse["error"];
376
- if (error_3 !== undefined) {
377
- log === null || log === void 0 ? void 0 : log("The auth server responded with: ".concat(error_3, ", trying to restore from the http only cookie"));
378
- return [3 /*break*/, 15];
359
+ authResponse_error = authResponse.error;
360
+ if (authResponse_error !== undefined) {
361
+ log === null || log === void 0 ? void 0 : log("The auth server responded with: ".concat(authResponse_error, ", trying to restore from the http only cookie"));
362
+ return [3 /*break*/, 11];
379
363
  }
380
364
  }
381
365
  return [2 /*return*/, error_1];
382
- case 9:
366
+ case 5:
383
367
  sessionStorage.removeItem(BROWSER_SESSION_NOT_FIRST_INIT_KEY);
368
+ (0, loginPropagationToOtherTabs_1.notifyOtherTabsOfLogin)({ configId: configId });
384
369
  return [2 /*return*/, {
385
370
  oidcClientTsUser: oidcClientTsUser,
386
371
  backFromAuthServer: {
387
372
  extraQueryParams: stateData.extraQueryParams,
388
- result: Object.fromEntries(Object.entries(authResponse).filter(function (_a) {
389
- var _b = __read(_a, 1), name = _b[0];
390
- return name !== "state" &&
391
- name !== "session_state" &&
392
- name !== "iss" &&
393
- name !== "code";
394
- }))
373
+ result: Object.fromEntries(Object.entries(authResponse)
374
+ .map(function (_a) {
375
+ var _b = __read(_a, 2), name = _b[0], value = _b[1];
376
+ if (name === "state" ||
377
+ name === "session_state" ||
378
+ name === "iss" ||
379
+ name === "code") {
380
+ return undefined;
381
+ }
382
+ if (value === undefined) {
383
+ return undefined;
384
+ }
385
+ return [name, value];
386
+ })
387
+ .filter(function (entry) { return entry !== undefined; }))
395
388
  }
396
389
  }];
397
- case 10:
390
+ case 6:
398
391
  log === null || log === void 0 ? void 0 : log("Handling logout redirect auth response", authResponse);
399
- authResponseUrl = (0, loginSilent_1.authResponseToUrl)(authResponse);
400
- _e.label = 11;
401
- case 11:
402
- _e.trys.push([11, 13, , 14]);
392
+ authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
393
+ _e.label = 7;
394
+ case 7:
395
+ _e.trys.push([7, 9, , 10]);
403
396
  return [4 /*yield*/, oidcClientTsUserManager.signoutRedirectCallback(authResponseUrl)];
404
- case 12:
397
+ case 8:
405
398
  _e.sent();
406
- return [3 /*break*/, 14];
407
- case 13:
399
+ return [3 /*break*/, 10];
400
+ case 9:
408
401
  _b = _e.sent();
409
- return [3 /*break*/, 14];
410
- case 14:
411
- evtAuthResponseHandled_1.post();
402
+ return [3 /*break*/, 10];
403
+ case 10:
412
404
  (0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
413
405
  configId: configId,
414
406
  redirectUrl: stateData.redirectUrl,
@@ -416,48 +408,53 @@ function createOidc_nonMemoized(params, preProcessedParams) {
416
408
  });
417
409
  // NOTE: The user is no longer logged in.
418
410
  return [2 /*return*/, undefined];
419
- case 15:
420
- if (!isUserStorePersistent) {
421
- return [3 /*break*/, 24];
411
+ case 11:
412
+ if (isUserStoreInMemoryOnly) {
413
+ return [3 /*break*/, 20];
422
414
  }
423
415
  oidcClientTsUser = void 0;
424
- _e.label = 16;
425
- case 16:
426
- _e.trys.push([16, 18, , 23]);
416
+ _e.label = 12;
417
+ case 12:
418
+ _e.trys.push([12, 14, , 19]);
427
419
  return [4 /*yield*/, oidcClientTsUserManager.getUser()];
428
- case 17:
420
+ case 13:
429
421
  oidcClientTsUser = _e.sent();
430
- return [3 /*break*/, 23];
431
- case 18:
422
+ return [3 /*break*/, 19];
423
+ case 14:
432
424
  _c = _e.sent();
433
425
  // NOTE: Not sure if it can throw, but let's be safe.
434
426
  oidcClientTsUser = null;
435
- _e.label = 19;
436
- case 19:
437
- _e.trys.push([19, 21, , 22]);
427
+ _e.label = 15;
428
+ case 15:
429
+ _e.trys.push([15, 17, , 18]);
438
430
  return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
439
- case 20:
431
+ case 16:
440
432
  _e.sent();
441
- return [3 /*break*/, 22];
442
- case 21:
433
+ return [3 /*break*/, 18];
434
+ case 17:
443
435
  _d = _e.sent();
444
- return [3 /*break*/, 22];
445
- case 22: return [3 /*break*/, 23];
446
- case 23:
436
+ return [3 /*break*/, 18];
437
+ case 18: return [3 /*break*/, 19];
438
+ case 19:
447
439
  if (oidcClientTsUser === null) {
448
- return [3 /*break*/, 24];
440
+ return [3 /*break*/, 20];
449
441
  }
450
442
  log === null || log === void 0 ? void 0 : log("Restored the auth from ephemeral session storage");
451
443
  return [2 /*return*/, {
452
444
  oidcClientTsUser: oidcClientTsUser,
453
445
  backFromAuthServer: undefined
454
446
  }];
455
- case 24:
447
+ case 20:
456
448
  log === null || log === void 0 ? void 0 : log("Trying to restore the auth from the http only cookie (silent signin with iframe)");
457
449
  persistedAuthState = (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId });
458
- if (persistedAuthState === "explicitly logged out") {
450
+ if (persistedAuthState === "explicitly logged out" && !autoLogin) {
459
451
  log === null || log === void 0 ? void 0 : log("Skipping silent signin with iframe, the user has logged out");
460
- return [3 /*break*/, 33];
452
+ return [3 /*break*/, 30];
453
+ }
454
+ authResponse_error = undefined;
455
+ oidcClientTsUser = undefined;
456
+ if (persistedAuthState === "explicitly logged out") {
457
+ return [3 /*break*/, 25];
461
458
  }
462
459
  return [4 /*yield*/, (0, loginSilent_1.loginSilent)({
463
460
  oidcClientTsUserManager: oidcClientTsUserManager,
@@ -465,7 +462,7 @@ function createOidc_nonMemoized(params, preProcessedParams) {
465
462
  configId: configId,
466
463
  getExtraTokenParams: getExtraTokenParams
467
464
  })];
468
- case 25:
465
+ case 21:
469
466
  result_loginSilent = _e.sent();
470
467
  (0, tsafe_1.assert)(result_loginSilent.outcome !== "token refreshed using refresh token");
471
468
  if (result_loginSilent.outcome === "failure") {
@@ -486,16 +483,15 @@ function createOidc_nonMemoized(params, preProcessedParams) {
486
483
  (0, tsafe_1.assert)();
487
484
  authResponse = result_loginSilent.authResponse;
488
485
  log === null || log === void 0 ? void 0 : log("Silent signin auth response", authResponse);
489
- authResponse_error = authResponse["error"];
490
- oidcClientTsUser = undefined;
491
- _e.label = 26;
492
- case 26:
493
- _e.trys.push([26, 28, , 29]);
494
- return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, loginSilent_1.authResponseToUrl)(authResponse))];
495
- case 27:
486
+ authResponse_error = authResponse.error;
487
+ _e.label = 22;
488
+ case 22:
489
+ _e.trys.push([22, 24, , 25]);
490
+ return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse))];
491
+ case 23:
496
492
  oidcClientTsUser = _e.sent();
497
- return [3 /*break*/, 29];
498
- case 28:
493
+ return [3 /*break*/, 25];
494
+ case 24:
499
495
  error_2 = _e.sent();
500
496
  (0, tsafe_1.assert)(error_2 instanceof Error);
501
497
  if (error_2.message === "Failed to fetch") {
@@ -507,16 +503,27 @@ function createOidc_nonMemoized(params, preProcessedParams) {
507
503
  if (authResponse_error === undefined) {
508
504
  return [2 /*return*/, error_2];
509
505
  }
510
- return [3 /*break*/, 29];
511
- case 29:
512
- if (!(oidcClientTsUser === undefined)) return [3 /*break*/, 32];
506
+ return [3 /*break*/, 25];
507
+ case 25:
508
+ if (!(oidcClientTsUser === undefined)) return [3 /*break*/, 29];
513
509
  if (!(autoLogin ||
514
510
  (persistedAuthState === "logged in" &&
515
511
  (authResponse_error === "interaction_required" ||
516
512
  authResponse_error === "login_required" ||
517
513
  authResponse_error === "consent_required" ||
518
- authResponse_error === "account_selection_required")))) return [3 /*break*/, 31];
514
+ authResponse_error === "account_selection_required")))) return [3 /*break*/, 28];
519
515
  (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
516
+ completeLoginOrRefreshProcess();
517
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
518
+ prUnlock: new Promise(function () { })
519
+ })];
520
+ case 26:
521
+ _e.sent();
522
+ if (persistedAuthState === "logged in") {
523
+ globalContext.evtRequestToPersistTokens.post({
524
+ configIdOfInstancePostingTheRequest: configId
525
+ });
526
+ }
520
527
  return [4 /*yield*/, loginOrGoToAuthServer({
521
528
  action: "login",
522
529
  doForceReloadOnBfCache: true,
@@ -524,79 +531,41 @@ function createOidc_nonMemoized(params, preProcessedParams) {
524
531
  doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: autoLogin,
525
532
  extraQueryParams_local: undefined,
526
533
  transformUrlBeforeRedirect_local: undefined,
527
- doForceInteraction: false
534
+ doForceInteraction: persistedAuthState === "explicitly logged out"
528
535
  })];
529
- case 30:
536
+ case 27:
530
537
  _e.sent();
531
- _e.label = 31;
532
- case 31:
538
+ (0, tsafe_1.assert)(false);
539
+ _e.label = 28;
540
+ case 28:
533
541
  log === null || log === void 0 ? void 0 : log([
534
542
  "The auth server responded with: ".concat(authResponse_error, " "),
535
543
  "login_required" === authResponse_error
536
544
  ? "(login_required just means that there's no active session for the user)"
537
545
  : ""
538
546
  ].join(""));
539
- return [3 /*break*/, 33];
540
- case 32:
547
+ return [3 /*break*/, 30];
548
+ case 29:
541
549
  log === null || log === void 0 ? void 0 : log("Successful silent signed in");
542
550
  return [2 /*return*/, {
543
551
  oidcClientTsUser: oidcClientTsUser,
544
552
  backFromAuthServer: undefined
545
553
  }];
546
- case 33:
554
+ case 30:
547
555
  // NOTE: The user is not logged in.
548
556
  return [2 /*return*/, undefined];
549
557
  }
550
558
  });
551
- }); })().then(function (result) {
552
- if (result === undefined) {
553
- return undefined;
554
- }
555
- if (result instanceof Error) {
556
- return result;
557
- }
558
- var oidcClientTsUser = result.oidcClientTsUser, backFromAuthServer = result.backFromAuthServer;
559
- log_real_decoded_id_token: {
560
- if (log === undefined) {
561
- break log_real_decoded_id_token;
562
- }
563
- var idToken = oidcClientTsUser.id_token;
564
- if (idToken === undefined) {
565
- break log_real_decoded_id_token;
566
- }
567
- var decodedIdToken = (0, decodeJwt_1.decodeJwt)(idToken);
568
- log([
569
- "Decoded ID token",
570
- decodedIdTokenSchema === undefined ? "" : " before `decodedIdTokenSchema.parse()`\n",
571
- JSON.stringify(decodedIdToken, null, 2)
572
- ].join(""));
573
- if (decodedIdTokenSchema === undefined) {
574
- break log_real_decoded_id_token;
575
- }
576
- log([
577
- "Decoded ID token after `decodedIdTokenSchema.parse()`\n",
578
- JSON.stringify(decodedIdTokenSchema.parse(decodedIdToken), null, 2)
579
- ].join(""));
580
- }
581
- var tokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
582
- oidcClientTsUser: oidcClientTsUser,
583
- decodedIdTokenSchema: decodedIdTokenSchema,
584
- __unsafe_useIdTokenAsAccessToken: __unsafe_useIdTokenAsAccessToken,
585
- decodedIdToken_previous: undefined,
586
- log: log
587
- });
588
- if (tokens.refreshTokenExpirationTime < tokens.accessTokenExpirationTime) {
589
- console.warn([
590
- "The OIDC refresh token shorter than the one of the access token.",
591
- "This is very unusual and probably a misconfiguration.",
592
- "Check your oidc server configuration for ".concat(clientId, " ").concat(issuerUri)
593
- ].join(" "));
594
- }
595
- return { tokens: tokens, backFromAuthServer: backFromAuthServer };
559
+ }); })()];
560
+ case 4:
561
+ resultOfLoginProcess = _e.sent();
562
+ completeLoginOrRefreshProcess();
563
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
564
+ prUnlock: Promise.resolve()
596
565
  })];
597
- case 3:
598
- resultOfLoginProcess = _f.sent();
599
- common = {
566
+ case 5:
567
+ _e.sent();
568
+ oidc_common = {
600
569
  params: {
601
570
  issuerUri: issuerUri,
602
571
  clientId: clientId
@@ -606,6 +575,10 @@ function createOidc_nonMemoized(params, preProcessedParams) {
606
575
  if (!(resultOfLoginProcess instanceof Error) && resultOfLoginProcess !== undefined) {
607
576
  break not_loggedIn_case;
608
577
  }
578
+ evtIsUserLoggedIn.post(false);
579
+ if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== "explicitly logged out") {
580
+ (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
581
+ }
609
582
  oidc_notLoggedIn = (function () {
610
583
  if (resultOfLoginProcess instanceof Error) {
611
584
  log === null || log === void 0 ? void 0 : log("User not logged in and there was an initialization error");
@@ -625,7 +598,7 @@ function createOidc_nonMemoized(params, preProcessedParams) {
625
598
  "",
626
599
  initializationError.message
627
600
  ].join("\n"));
628
- return (0, tsafe_1.id)(__assign(__assign({}, common), { isUserLoggedIn: false, login: function () { return __awaiter(_this, void 0, void 0, function () {
601
+ return (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: false, login: function () { return __awaiter(_this, void 0, void 0, function () {
629
602
  return __generator(this, function (_a) {
630
603
  alert("Authentication is currently unavailable. Please try again later.");
631
604
  return [2 /*return*/, new Promise(function () { })];
@@ -634,34 +607,80 @@ function createOidc_nonMemoized(params, preProcessedParams) {
634
607
  }
635
608
  if (resultOfLoginProcess === undefined) {
636
609
  log === null || log === void 0 ? void 0 : log("User not logged in");
637
- return (0, tsafe_1.id)(__assign(__assign({}, common), { isUserLoggedIn: false, login: function (_a) {
638
- var _b;
639
- var doesCurrentHrefRequiresAuth = _a.doesCurrentHrefRequiresAuth, extraQueryParams = _a.extraQueryParams, redirectUrl = _a.redirectUrl, transformUrlBeforeRedirect = _a.transformUrlBeforeRedirect;
640
- return loginOrGoToAuthServer({
641
- action: "login",
642
- doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: doesCurrentHrefRequiresAuth,
643
- doForceReloadOnBfCache: false,
644
- redirectUrl: (_b = redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : postLoginRedirectUrl_default) !== null && _b !== void 0 ? _b : window.location.href,
645
- extraQueryParams_local: extraQueryParams,
646
- transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
647
- doForceInteraction: (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) === "explicitly logged out"
610
+ return (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: false, login: function (_a) { return __awaiter(_this, [_a], void 0, function (_b) {
611
+ var _c;
612
+ var doesCurrentHrefRequiresAuth = _b.doesCurrentHrefRequiresAuth, extraQueryParams = _b.extraQueryParams, redirectUrl = _b.redirectUrl, transformUrlBeforeRedirect = _b.transformUrlBeforeRedirect;
613
+ return __generator(this, function (_d) {
614
+ switch (_d.label) {
615
+ case 0: return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
616
+ prUnlock: (0, loginOrGoToAuthServer_1.getPrSafelyRestoredFromBfCacheAfterLoginBackNavigation)()
617
+ })];
618
+ case 1:
619
+ _d.sent();
620
+ return [2 /*return*/, loginOrGoToAuthServer({
621
+ action: "login",
622
+ doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: doesCurrentHrefRequiresAuth,
623
+ doForceReloadOnBfCache: false,
624
+ redirectUrl: (_c = redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : postLoginRedirectUrl_default) !== null && _c !== void 0 ? _c : window.location.href,
625
+ extraQueryParams_local: extraQueryParams,
626
+ transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
627
+ doForceInteraction: (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) === "explicitly logged out"
628
+ })];
629
+ }
648
630
  });
649
- }, initializationError: undefined }));
631
+ }); }, initializationError: undefined }));
650
632
  }
651
633
  (0, tsafe_1.assert)(false);
652
634
  })();
653
- if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== "explicitly logged out") {
654
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
635
+ {
636
+ prOtherTabLogin = (0, loginPropagationToOtherTabs_1.getPrOtherTabLogin)({
637
+ configId: configId
638
+ }).prOtherTabLogin;
639
+ prOtherTabLogin.then(function () { return __awaiter(_this, void 0, void 0, function () {
640
+ return __generator(this, function (_a) {
641
+ switch (_a.label) {
642
+ case 0:
643
+ log === null || log === void 0 ? void 0 : log("Other tab has logged in, reloading this tab");
644
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
645
+ prUnlock: new Promise(function () { })
646
+ })];
647
+ case 1:
648
+ _a.sent();
649
+ window.location.reload();
650
+ return [2 /*return*/];
651
+ }
652
+ });
653
+ }); });
655
654
  }
656
- toCallBeforeReturningOidcNotLoggedIn();
657
655
  // @ts-expect-error: We know what we're doing
658
656
  return [2 /*return*/, oidc_notLoggedIn];
659
657
  }
660
658
  log === null || log === void 0 ? void 0 : log("User is logged in");
661
- currentTokens = resultOfLoginProcess.tokens;
659
+ evtIsUserLoggedIn.post(true);
660
+ currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
661
+ oidcClientTsUser: resultOfLoginProcess.oidcClientTsUser,
662
+ decodedIdTokenSchema: decodedIdTokenSchema,
663
+ __unsafe_useIdTokenAsAccessToken: __unsafe_useIdTokenAsAccessToken,
664
+ decodedIdToken_previous: undefined,
665
+ log: log
666
+ });
667
+ {
668
+ if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== undefined) {
669
+ (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
670
+ }
671
+ if (!areThirdPartyCookiesAllowed) {
672
+ (0, persistedAuthState_1.persistAuthState)({
673
+ configId: configId,
674
+ state: {
675
+ stateDescription: "logged in",
676
+ untilTime: currentTokens.refreshTokenExpirationTime
677
+ }
678
+ });
679
+ }
680
+ }
662
681
  autoLogoutCountdownTickCallbacks = new Set();
663
682
  onTokenChanges = new Set();
664
- oidc_loggedIn = (0, tsafe_1.id)(__assign(__assign({}, common), { isUserLoggedIn: true, getTokens: function () { return currentTokens; }, getTokens_next: function () { return __awaiter(_this, void 0, void 0, function () {
683
+ oidc_loggedIn = (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: true, getTokens: function () { return currentTokens; }, getTokens_next: function () { return __awaiter(_this, void 0, void 0, function () {
665
684
  return __generator(this, function (_a) {
666
685
  switch (_a.label) {
667
686
  case 0:
@@ -674,7 +693,7 @@ function createOidc_nonMemoized(params, preProcessedParams) {
674
693
  }
675
694
  });
676
695
  }); }, getDecodedIdToken: function () { return currentTokens.decodedIdToken; }, logout: function (params) { return __awaiter(_this, void 0, void 0, function () {
677
- var postLogoutRedirectUrl, error_4, _a;
696
+ var postLogoutRedirectUrl, error_3, _a;
678
697
  return __generator(this, function (_b) {
679
698
  switch (_b.label) {
680
699
  case 0:
@@ -683,11 +702,6 @@ function createOidc_nonMemoized(params, preProcessedParams) {
683
702
  return [2 /*return*/, new Promise(function () { })];
684
703
  }
685
704
  globalContext.hasLogoutBeenCalled = true;
686
- document.addEventListener("visibilitychange", function () {
687
- if (document.visibilityState === "visible") {
688
- location.reload();
689
- }
690
- });
691
705
  postLogoutRedirectUrl = (function () {
692
706
  switch (params.redirectTo) {
693
707
  case "current page":
@@ -701,9 +715,17 @@ function createOidc_nonMemoized(params, preProcessedParams) {
701
715
  });
702
716
  }
703
717
  })();
704
- _b.label = 1;
718
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
719
+ prUnlock: new Promise(function () { })
720
+ })];
705
721
  case 1:
706
- _b.trys.push([1, 3, , 10]);
722
+ _b.sent();
723
+ window.addEventListener("pageshow", function () {
724
+ location.reload();
725
+ });
726
+ _b.label = 2;
727
+ case 2:
728
+ _b.trys.push([2, 4, , 11]);
707
729
  return [4 /*yield*/, oidcClientTsUserManager.signoutRedirect({
708
730
  state: (0, tsafe_1.id)({
709
731
  configId: configId,
@@ -715,89 +737,108 @@ function createOidc_nonMemoized(params, preProcessedParams) {
715
737
  }),
716
738
  redirectMethod: "assign"
717
739
  })];
718
- case 2:
719
- _b.sent();
720
- return [3 /*break*/, 10];
721
740
  case 3:
722
- error_4 = _b.sent();
723
- (0, tsafe_1.assert)((0, tsafe_1.is)(error_4));
724
- if (!(error_4.message === "No end session endpoint")) return [3 /*break*/, 8];
725
- log === null || log === void 0 ? void 0 : log("No end session endpoint, managing logging state locally");
726
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: "explicitly logged out" });
727
- _b.label = 4;
741
+ _b.sent();
742
+ return [3 /*break*/, 11];
728
743
  case 4:
729
- _b.trys.push([4, 6, , 7]);
730
- return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
744
+ error_3 = _b.sent();
745
+ (0, tsafe_1.assert)((0, tsafe_1.is)(error_3));
746
+ if (!(error_3.message === "No end session endpoint")) return [3 /*break*/, 9];
747
+ log === null || log === void 0 ? void 0 : log("No end session endpoint, managing logging state locally");
748
+ (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: { stateDescription: "explicitly logged out" } });
749
+ _b.label = 5;
731
750
  case 5:
732
- _b.sent();
733
- return [3 /*break*/, 7];
751
+ _b.trys.push([5, 7, , 8]);
752
+ return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
734
753
  case 6:
735
- _a = _b.sent();
736
- return [3 /*break*/, 7];
754
+ _b.sent();
755
+ return [3 /*break*/, 8];
737
756
  case 7:
757
+ _a = _b.sent();
758
+ return [3 /*break*/, 8];
759
+ case 8:
760
+ (0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
761
+ configId: configId,
762
+ redirectUrl: postLogoutRedirectUrl,
763
+ sessionId: sessionId
764
+ });
738
765
  window.location.href = postLogoutRedirectUrl;
739
- return [3 /*break*/, 9];
740
- case 8: throw error_4;
741
- case 9: return [3 /*break*/, 10];
742
- case 10: return [2 /*return*/, new Promise(function () { })];
766
+ return [3 /*break*/, 10];
767
+ case 9: throw error_3;
768
+ case 10: return [3 /*break*/, 11];
769
+ case 11: return [2 /*return*/, new Promise(function () { })];
743
770
  }
744
771
  });
745
772
  }); }, renewTokens: (function () {
746
773
  function renewTokens_nonMutexed(params) {
747
774
  return __awaiter(this, void 0, void 0, function () {
748
- var extraTokenParams, result_loginSilent, oidcClientTsUser, _a, authResponse, authResponse_error, oidcClientTsUser_scope, error_5;
775
+ var extraTokenParams, completeLoginOrRefreshProcess, result_loginSilent, oidcClientTsUser, _a, authResponse, authResponse_error, oidcClientTsUser_scope, error_4;
749
776
  return __generator(this, function (_b) {
750
777
  switch (_b.label) {
751
778
  case 0:
752
779
  extraTokenParams = params.extraTokenParams;
753
780
  log === null || log === void 0 ? void 0 : log("Renewing tokens");
781
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)()];
782
+ case 1:
783
+ completeLoginOrRefreshProcess = (_b.sent()).completeLoginOrRefreshProcess;
754
784
  return [4 /*yield*/, (0, loginSilent_1.loginSilent)({
755
785
  oidcClientTsUserManager: oidcClientTsUserManager,
756
786
  stateQueryParamValue_instance: stateQueryParamValue_instance,
757
787
  configId: configId,
758
788
  getExtraTokenParams: function () { return extraTokenParams; }
759
789
  })];
760
- case 1:
790
+ case 2:
761
791
  result_loginSilent = _b.sent();
762
792
  if (result_loginSilent.outcome === "failure") {
793
+ completeLoginOrRefreshProcess();
763
794
  throw new Error(result_loginSilent.cause);
764
795
  }
765
796
  _a = result_loginSilent.outcome;
766
797
  switch (_a) {
767
- case "token refreshed using refresh token": return [3 /*break*/, 2];
768
- case "got auth response from iframe": return [3 /*break*/, 3];
798
+ case "token refreshed using refresh token": return [3 /*break*/, 3];
799
+ case "got auth response from iframe": return [3 /*break*/, 4];
769
800
  }
770
- return [3 /*break*/, 10];
771
- case 2:
801
+ return [3 /*break*/, 12];
802
+ case 3:
772
803
  {
773
804
  log === null || log === void 0 ? void 0 : log("Refresh token used");
774
805
  oidcClientTsUser = result_loginSilent.oidcClientTsUser;
775
806
  }
776
- return [3 /*break*/, 11];
777
- case 3:
807
+ return [3 /*break*/, 13];
808
+ case 4:
778
809
  authResponse = result_loginSilent.authResponse;
779
810
  log === null || log === void 0 ? void 0 : log("Tokens refresh using iframe", authResponse);
780
- authResponse_error = authResponse["error"];
811
+ authResponse_error = authResponse.error;
781
812
  oidcClientTsUser_scope = undefined;
782
- _b.label = 4;
783
- case 4:
784
- _b.trys.push([4, 6, , 7]);
785
- return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, loginSilent_1.authResponseToUrl)(authResponse))];
813
+ _b.label = 5;
786
814
  case 5:
815
+ _b.trys.push([5, 7, , 8]);
816
+ return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse))];
817
+ case 6:
787
818
  oidcClientTsUser_scope =
788
819
  _b.sent();
789
- return [3 /*break*/, 7];
790
- case 6:
791
- error_5 = _b.sent();
792
- (0, tsafe_1.assert)(error_5 instanceof Error);
820
+ return [3 /*break*/, 8];
821
+ case 7:
822
+ error_4 = _b.sent();
823
+ (0, tsafe_1.assert)(error_4 instanceof Error);
793
824
  if (authResponse_error === undefined) {
794
- throw error_5;
825
+ completeLoginOrRefreshProcess();
826
+ throw error_4;
795
827
  }
796
828
  oidcClientTsUser_scope = undefined;
797
- return [3 /*break*/, 7];
798
- case 7:
799
- if (!(oidcClientTsUser_scope === undefined)) return [3 /*break*/, 9];
829
+ return [3 /*break*/, 8];
830
+ case 8:
831
+ if (!(oidcClientTsUser_scope === undefined)) return [3 /*break*/, 11];
800
832
  (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
833
+ completeLoginOrRefreshProcess();
834
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
835
+ prUnlock: new Promise(function () { })
836
+ })];
837
+ case 9:
838
+ _b.sent();
839
+ globalContext.evtRequestToPersistTokens.post({
840
+ configIdOfInstancePostingTheRequest: configId
841
+ });
801
842
  return [4 /*yield*/, loginOrGoToAuthServer({
802
843
  action: "login",
803
844
  redirectUrl: window.location.href,
@@ -807,17 +848,17 @@ function createOidc_nonMemoized(params, preProcessedParams) {
807
848
  doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
808
849
  doForceInteraction: false
809
850
  })];
810
- case 8:
851
+ case 10:
811
852
  _b.sent();
812
853
  (0, tsafe_1.assert)(false);
813
- _b.label = 9;
814
- case 9:
854
+ _b.label = 11;
855
+ case 11:
815
856
  oidcClientTsUser = oidcClientTsUser_scope;
816
- return [3 /*break*/, 11];
817
- case 10:
857
+ return [3 /*break*/, 13];
858
+ case 12:
818
859
  (0, tsafe_1.assert)(false);
819
- return [3 /*break*/, 11];
820
- case 11:
860
+ return [3 /*break*/, 13];
861
+ case 13:
821
862
  currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
822
863
  oidcClientTsUser: oidcClientTsUser,
823
864
  decodedIdTokenSchema: decodedIdTokenSchema,
@@ -825,7 +866,17 @@ function createOidc_nonMemoized(params, preProcessedParams) {
825
866
  decodedIdToken_previous: currentTokens.decodedIdToken,
826
867
  log: log
827
868
  });
869
+ if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== undefined) {
870
+ (0, persistedAuthState_1.persistAuthState)({
871
+ configId: configId,
872
+ state: {
873
+ stateDescription: "logged in",
874
+ untilTime: currentTokens.refreshTokenExpirationTime
875
+ }
876
+ });
877
+ }
828
878
  Array.from(onTokenChanges).forEach(function (onTokenChange) { return onTokenChange(currentTokens); });
879
+ completeLoginOrRefreshProcess();
829
880
  return [2 /*return*/];
830
881
  }
831
882
  });
@@ -921,28 +972,51 @@ function createOidc_nonMemoized(params, preProcessedParams) {
921
972
  homeUrl: homeAndCallbackUrl,
922
973
  sessionId: sessionId
923
974
  }).prOtherTabLogout;
924
- prOtherTabLogout.then(function (_a) {
925
- var redirectUrl = _a.redirectUrl;
926
- log === null || log === void 0 ? void 0 : log("Other tab has logged out, redirecting to ".concat(redirectUrl));
927
- window.location.href = redirectUrl;
928
- });
975
+ prOtherTabLogout.then(function (_a) { return __awaiter(_this, [_a], void 0, function (_b) {
976
+ var redirectUrl = _b.redirectUrl;
977
+ return __generator(this, function (_c) {
978
+ switch (_c.label) {
979
+ case 0:
980
+ log === null || log === void 0 ? void 0 : log("Other tab has logged out, redirecting to ".concat(redirectUrl));
981
+ return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
982
+ prUnlock: new Promise(function () { })
983
+ })];
984
+ case 1:
985
+ _c.sent();
986
+ window.addEventListener("pageshow", function () {
987
+ location.reload();
988
+ });
989
+ window.location.href = redirectUrl;
990
+ return [2 /*return*/];
991
+ }
992
+ });
993
+ }); });
929
994
  }
930
995
  (function scheduleRenew() {
931
996
  var _this = this;
932
- var login_dueToExpiration = function () {
933
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
934
- return loginOrGoToAuthServer({
935
- action: "login",
936
- redirectUrl: window.location.href,
937
- doForceReloadOnBfCache: true,
938
- extraQueryParams_local: undefined,
939
- transformUrlBeforeRedirect_local: undefined,
940
- // NOTE: Wether or not it's the preferred behavior, pushing to history
941
- // only works on user interaction so it have to be false
942
- doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
943
- doForceInteraction: true
997
+ var login_dueToExpiration = function () { return __awaiter(_this, void 0, void 0, function () {
998
+ return __generator(this, function (_a) {
999
+ switch (_a.label) {
1000
+ case 0: return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
1001
+ prUnlock: new Promise(function () { })
1002
+ })];
1003
+ case 1:
1004
+ _a.sent();
1005
+ (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
1006
+ return [2 /*return*/, loginOrGoToAuthServer({
1007
+ action: "login",
1008
+ redirectUrl: window.location.href,
1009
+ doForceReloadOnBfCache: true,
1010
+ extraQueryParams_local: undefined,
1011
+ transformUrlBeforeRedirect_local: undefined,
1012
+ // NOTE: Wether or not it's the preferred behavior, pushing to history
1013
+ // only works on user interaction so it have to be false
1014
+ doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
1015
+ doForceInteraction: true
1016
+ })];
1017
+ }
944
1018
  });
945
- };
1019
+ }); };
946
1020
  var msBeforeExpiration = (0, oidcClientTsUserToTokens_1.getMsBeforeExpiration)(currentTokens);
947
1021
  if (msBeforeExpiration <= MIN_RENEW_BEFORE_EXPIRE_MS) {
948
1022
  // NOTE: We just got a new token that is about to expire. This means that
@@ -989,8 +1063,11 @@ function createOidc_nonMemoized(params, preProcessedParams) {
989
1063
  }).unsubscribe;
990
1064
  })();
991
1065
  auto_logout: {
992
- if (currentTokens.refreshToken === "" && __unsafe_ssoSessionIdleSeconds === undefined) {
993
- log === null || log === void 0 ? void 0 : log("No refresh token, and ____unsafe_ssoSessionIdleSeconds was not set, auto logout non applicable");
1066
+ if ((!currentTokens.hasRefreshToken || currentTokens.refreshTokenExpirationTime === undefined) &&
1067
+ __unsafe_ssoSessionIdleSeconds === undefined) {
1068
+ log === null || log === void 0 ? void 0 : log("".concat(currentTokens.hasRefreshToken
1069
+ ? "The refresh token is opaque, we can't read it's expiration time"
1070
+ : "No refresh token", ", and __unsafe_ssoSessionIdleSeconds was not set, can't implement auto logout mechanism"));
994
1071
  break auto_logout;
995
1072
  }
996
1073
  startCountdown_2 = (0, startCountdown_1.createStartCountdown)({
@@ -998,7 +1075,9 @@ function createOidc_nonMemoized(params, preProcessedParams) {
998
1075
  var getCountdownEndTime = function () {
999
1076
  return __unsafe_ssoSessionIdleSeconds !== undefined
1000
1077
  ? Date.now() + __unsafe_ssoSessionIdleSeconds * 1000
1001
- : currentTokens.refreshTokenExpirationTime;
1078
+ : ((0, tsafe_1.assert)(currentTokens.hasRefreshToken),
1079
+ (0, tsafe_1.assert)(currentTokens.refreshTokenExpirationTime !== undefined),
1080
+ currentTokens.refreshTokenExpirationTime);
1002
1081
  };
1003
1082
  var durationBeforeAutoLogout = (0, toHumanReadableDuration_1.toHumanReadableDuration)(getCountdownEndTime() - Date.now());
1004
1083
  log === null || log === void 0 ? void 0 : log([
@@ -1022,13 +1101,11 @@ function createOidc_nonMemoized(params, preProcessedParams) {
1022
1101
  }
1023
1102
  }).startCountdown;
1024
1103
  stopCountdown_1 = undefined;
1025
- if (globalContext.$isUserActive === undefined) {
1026
- globalContext.$isUserActive = (0, isUserActive_1.create$isUserActive)({
1027
- configId: configId,
1028
- sessionId: sessionId
1029
- });
1030
- }
1031
- globalContext.$isUserActive.subscribe(function (isUserActive) {
1104
+ evtIsUserActive = (0, evtIsUserActive_1.createEvtIsUserActive)({
1105
+ configId: configId,
1106
+ sessionId: sessionId
1107
+ });
1108
+ evtIsUserActive.subscribe(function (isUserActive) {
1032
1109
  if (isUserActive) {
1033
1110
  if (stopCountdown_1 !== undefined) {
1034
1111
  stopCountdown_1();
@@ -1041,15 +1118,6 @@ function createOidc_nonMemoized(params, preProcessedParams) {
1041
1118
  }
1042
1119
  });
1043
1120
  }
1044
- {
1045
- if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== undefined) {
1046
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
1047
- }
1048
- if (!areThirdPartyCookiesAllowed) {
1049
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: "logged in" });
1050
- }
1051
- }
1052
- toCallBeforeReturningOidcLoggedIn();
1053
1121
  return [2 /*return*/, oidc_loggedIn];
1054
1122
  }
1055
1123
  });