oidc-spa 7.1.10 → 7.2.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (172) hide show
  1. package/backend.js +235 -352
  2. package/backend.js.map +1 -1
  3. package/core/AuthResponse.js +12 -49
  4. package/core/AuthResponse.js.map +1 -1
  5. package/core/Oidc.d.ts +1 -2
  6. package/core/OidcInitializationError.d.ts +2 -2
  7. package/core/OidcInitializationError.js +230 -297
  8. package/core/OidcInitializationError.js.map +1 -1
  9. package/core/OidcMetadata.js +1 -1
  10. package/core/OidcMetadata.js.map +1 -1
  11. package/core/StateData.d.ts +5 -5
  12. package/core/StateData.js +25 -25
  13. package/core/StateData.js.map +1 -1
  14. package/core/configId.js +1 -1
  15. package/core/configId.js.map +1 -1
  16. package/core/createOidc.d.ts +8 -0
  17. package/core/createOidc.js +999 -1294
  18. package/core/createOidc.js.map +1 -1
  19. package/core/evtIsUserActive.js +26 -27
  20. package/core/evtIsUserActive.js.map +1 -1
  21. package/core/handleOidcCallback.js +99 -154
  22. package/core/handleOidcCallback.js.map +1 -1
  23. package/core/iframeMessageProtection.d.ts +1 -1
  24. package/core/iframeMessageProtection.js +40 -106
  25. package/core/iframeMessageProtection.js.map +1 -1
  26. package/core/index.d.ts +1 -1
  27. package/core/index.js +3 -3
  28. package/core/index.js.map +1 -1
  29. package/core/initialLocationHref.js +1 -1
  30. package/core/initialLocationHref.js.map +1 -1
  31. package/core/isNewBrowserSession.js +8 -8
  32. package/core/isNewBrowserSession.js.map +1 -1
  33. package/core/loginOrGoToAuthServer.d.ts +1 -1
  34. package/core/loginOrGoToAuthServer.js +188 -310
  35. package/core/loginOrGoToAuthServer.js.map +1 -1
  36. package/core/loginPropagationToOtherTabs.js +15 -16
  37. package/core/loginPropagationToOtherTabs.js.map +1 -1
  38. package/core/loginSilent.d.ts +2 -3
  39. package/core/loginSilent.js +118 -214
  40. package/core/loginSilent.js.map +1 -1
  41. package/core/logoutPropagationToOtherTabs.js +15 -16
  42. package/core/logoutPropagationToOtherTabs.js.map +1 -1
  43. package/core/oidcClientTsUserToTokens.d.ts +1 -1
  44. package/core/oidcClientTsUserToTokens.js +75 -72
  45. package/core/oidcClientTsUserToTokens.js.map +1 -1
  46. package/core/ongoingLoginOrRefreshProcesses.js +23 -89
  47. package/core/ongoingLoginOrRefreshProcesses.js.map +1 -1
  48. package/core/persistedAuthState.js +13 -13
  49. package/core/persistedAuthState.js.map +1 -1
  50. package/entrypoint.js +9 -9
  51. package/entrypoint.js.map +1 -1
  52. package/index.d.ts +1 -1
  53. package/index.js +1 -2
  54. package/index.js.map +1 -1
  55. package/keycloak/index.d.ts +3 -0
  56. package/keycloak/index.js +8 -0
  57. package/keycloak/index.js.map +1 -0
  58. package/keycloak/isKeycloak.d.ts +3 -0
  59. package/keycloak/isKeycloak.js +20 -0
  60. package/keycloak/isKeycloak.js.map +1 -0
  61. package/keycloak/keycloak-js/Keycloak.d.ts +284 -0
  62. package/keycloak/keycloak-js/Keycloak.js +778 -0
  63. package/keycloak/keycloak-js/Keycloak.js.map +1 -0
  64. package/keycloak/keycloak-js/index.d.ts +2 -0
  65. package/keycloak/keycloak-js/index.js +6 -0
  66. package/keycloak/keycloak-js/index.js.map +1 -0
  67. package/keycloak/keycloak-js/types.d.ts +361 -0
  68. package/keycloak/keycloak-js/types.js +3 -0
  69. package/keycloak/keycloak-js/types.js.map +1 -0
  70. package/keycloak/keycloakIssuerUriParsed.d.ts +9 -0
  71. package/keycloak/keycloakIssuerUriParsed.js +19 -0
  72. package/keycloak/keycloakIssuerUriParsed.js.map +1 -0
  73. package/keycloak/keycloakUtils.d.ts +37 -0
  74. package/keycloak/keycloakUtils.js +47 -0
  75. package/keycloak/keycloakUtils.js.map +1 -0
  76. package/keycloak-js.d.ts +1 -0
  77. package/keycloak-js.js +18 -0
  78. package/keycloak-js.js.map +1 -0
  79. package/mock/oidc.js +147 -194
  80. package/mock/oidc.js.map +1 -1
  81. package/mock/react.js +2 -2
  82. package/mock/react.js.map +1 -1
  83. package/package.json +38 -9
  84. package/react/react.js +133 -244
  85. package/react/react.js.map +1 -1
  86. package/src/core/AuthResponse.ts +2 -0
  87. package/src/core/Oidc.ts +1 -2
  88. package/src/core/OidcInitializationError.ts +30 -30
  89. package/src/core/OidcMetadata.ts +1 -1
  90. package/src/core/StateData.ts +24 -24
  91. package/src/core/createOidc.ts +24 -31
  92. package/src/core/handleOidcCallback.ts +44 -23
  93. package/src/core/iframeMessageProtection.ts +7 -7
  94. package/src/core/index.ts +1 -1
  95. package/src/core/loginOrGoToAuthServer.ts +1 -1
  96. package/src/core/loginSilent.ts +14 -11
  97. package/src/core/oidcClientTsUserToTokens.ts +1 -1
  98. package/src/index.ts +1 -7
  99. package/src/keycloak/index.ts +8 -0
  100. package/src/keycloak/isKeycloak.ts +23 -0
  101. package/src/keycloak/keycloak-js/Keycloak.ts +1097 -0
  102. package/src/keycloak/keycloak-js/index.ts +2 -0
  103. package/src/keycloak/keycloak-js/types.ts +442 -0
  104. package/src/keycloak/keycloakIssuerUriParsed.ts +29 -0
  105. package/src/keycloak/keycloakUtils.ts +90 -0
  106. package/src/keycloak-js.ts +1 -0
  107. package/src/react/react.tsx +17 -1
  108. package/src/tools/decodeJwt.ts +95 -2
  109. package/src/tools/parseKeycloakIssuerUri.ts +11 -30
  110. package/src/vendor/frontend/oidc-client-ts.ts +1 -0
  111. package/src/vendor/frontend/tsafe.ts +1 -0
  112. package/tools/Deferred.js +13 -35
  113. package/tools/Deferred.js.map +1 -1
  114. package/tools/EphemeralSessionStorage.js +46 -48
  115. package/tools/EphemeralSessionStorage.js.map +1 -1
  116. package/tools/Evt.js +14 -14
  117. package/tools/Evt.js.map +1 -1
  118. package/tools/StatefulEvt.js +5 -5
  119. package/tools/StatefulEvt.js.map +1 -1
  120. package/tools/asymmetricEncryption.js +81 -172
  121. package/tools/asymmetricEncryption.js.map +1 -1
  122. package/tools/base64.js +2 -2
  123. package/tools/base64.js.map +1 -1
  124. package/tools/createObjectThatThrowsIfAccessed.js +13 -61
  125. package/tools/createObjectThatThrowsIfAccessed.js.map +1 -1
  126. package/tools/decodeJwt.d.ts +25 -2
  127. package/tools/decodeJwt.js +61 -3
  128. package/tools/decodeJwt.js.map +1 -1
  129. package/tools/generateUrlSafeRandom.js +5 -30
  130. package/tools/generateUrlSafeRandom.js.map +1 -1
  131. package/tools/getDownlinkAndRtt.js +8 -30
  132. package/tools/getDownlinkAndRtt.js.map +1 -1
  133. package/tools/getIsOnline.js +3 -3
  134. package/tools/getIsOnline.js.map +1 -1
  135. package/tools/getIsValidRemoteJson.js +12 -59
  136. package/tools/getIsValidRemoteJson.js.map +1 -1
  137. package/tools/getPrUserInteraction.js +4 -4
  138. package/tools/getPrUserInteraction.js.map +1 -1
  139. package/tools/getUserEnvironmentInfo.js +17 -12
  140. package/tools/getUserEnvironmentInfo.js.map +1 -1
  141. package/tools/haveSharedParentDomain.js +5 -5
  142. package/tools/haveSharedParentDomain.js.map +1 -1
  143. package/tools/isDev.js +2 -2
  144. package/tools/isDev.js.map +1 -1
  145. package/tools/parseKeycloakIssuerUri.d.ts +2 -0
  146. package/tools/parseKeycloakIssuerUri.js +11 -42
  147. package/tools/parseKeycloakIssuerUri.js.map +1 -1
  148. package/tools/readExpirationTimeInJwt.js +4 -4
  149. package/tools/readExpirationTimeInJwt.js.map +1 -1
  150. package/tools/startCountdown.js +17 -65
  151. package/tools/startCountdown.js.map +1 -1
  152. package/tools/subscribeToUserInteraction.js +17 -66
  153. package/tools/subscribeToUserInteraction.js.map +1 -1
  154. package/tools/toFullyQualifiedUrl.js +7 -7
  155. package/tools/toFullyQualifiedUrl.js.map +1 -1
  156. package/tools/toHumanReadableDuration.js +13 -13
  157. package/tools/toHumanReadableDuration.js.map +1 -1
  158. package/tools/urlSearchParams.js +28 -50
  159. package/tools/urlSearchParams.js.map +1 -1
  160. package/tools/workerTimers.js +10 -10
  161. package/tools/workerTimers.js.map +1 -1
  162. package/vendor/frontend/oidc-client-ts.d.ts +1 -0
  163. package/vendor/frontend/oidc-client-ts.js +3686 -0
  164. package/vendor/frontend/tsafe.d.ts +1 -0
  165. package/vendor/frontend/tsafe.js +1 -1
  166. package/core/trustedFetch.d.ts +0 -2
  167. package/core/trustedFetch.js +0 -12
  168. package/core/trustedFetch.js.map +0 -1
  169. package/src/core/trustedFetch.ts +0 -9
  170. package/src/vendor/frontend/oidc-client-ts-and-jwt-decode.ts +0 -4
  171. package/vendor/frontend/oidc-client-ts-and-jwt-decode.d.ts +0 -3
  172. package/vendor/frontend/oidc-client-ts-and-jwt-decode.js +0 -3
package/core/createOidc.js CHANGED
@@ -1,1337 +1,1042 @@
1
1
  "use strict";
2
- var __assign = (this && this.__assign) || function () {
3
- __assign = Object.assign || function(t) {
4
- for (var s, i = 1, n = arguments.length; i < n; i++) {
5
- s = arguments[i];
6
- for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
7
- t[p] = s[p];
8
- }
9
- return t;
10
- };
11
- return __assign.apply(this, arguments);
12
- };
13
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
14
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
15
- return new (P || (P = Promise))(function (resolve, reject) {
16
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
17
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
18
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
19
- step((generator = generator.apply(thisArg, _arguments || [])).next());
20
- });
21
- };
22
- var __generator = (this && this.__generator) || function (thisArg, body) {
23
- var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
24
- return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
25
- function verb(n) { return function (v) { return step([n, v]); }; }
26
- function step(op) {
27
- if (f) throw new TypeError("Generator is already executing.");
28
- while (g && (g = 0, op[0] && (_ = 0)), _) try {
29
- if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
30
- if (y = 0, t) op = [op[0] & 2, t.value];
31
- switch (op[0]) {
32
- case 0: case 1: t = op; break;
33
- case 4: _.label++; return { value: op[1], done: false };
34
- case 5: _.label++; y = op[1]; op = [0]; continue;
35
- case 7: op = _.ops.pop(); _.trys.pop(); continue;
36
- default:
37
- if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
38
- if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
39
- if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
40
- if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
41
- if (t[2]) _.ops.pop();
42
- _.trys.pop(); continue;
43
- }
44
- op = body.call(thisArg, _);
45
- } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
46
- if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
47
- }
48
- };
49
- var __rest = (this && this.__rest) || function (s, e) {
50
- var t = {};
51
- for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
52
- t[p] = s[p];
53
- if (s != null && typeof Object.getOwnPropertySymbols === "function")
54
- for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
55
- if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
56
- t[p[i]] = s[p[i]];
57
- }
58
- return t;
59
- };
60
- var __values = (this && this.__values) || function(o) {
61
- var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
62
- if (m) return m.call(o);
63
- if (o && typeof o.length === "number") return {
64
- next: function () {
65
- if (o && i >= o.length) o = void 0;
66
- return { value: o && o[i++], done: !o };
67
- }
68
- };
69
- throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
70
- };
71
- var __read = (this && this.__read) || function (o, n) {
72
- var m = typeof Symbol === "function" && o[Symbol.iterator];
73
- if (!m) return o;
74
- var i = m.call(o), r, ar = [], e;
75
- try {
76
- while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
77
- }
78
- catch (error) { e = { error: error }; }
79
- finally {
80
- try {
81
- if (r && !r.done && (m = i["return"])) m.call(i);
82
- }
83
- finally { if (e) throw e.error; }
84
- }
85
- return ar;
86
- };
87
- var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
88
- if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
89
- if (ar || !(i in from)) {
90
- if (!ar) ar = Array.prototype.slice.call(from, 0, i);
91
- ar[i] = from[i];
92
- }
93
- }
94
- return to.concat(ar || Array.prototype.slice.call(from));
95
- };
96
2
  Object.defineProperty(exports, "__esModule", { value: true });
97
3
  exports.createOidc = createOidc;
98
4
  exports.createOidc_nonMemoized = createOidc_nonMemoized;
99
- var oidc_client_ts_and_jwt_decode_1 = require("../vendor/frontend/oidc-client-ts-and-jwt-decode");
100
- var tsafe_1 = require("../vendor/frontend/tsafe");
101
- var workerTimers_1 = require("../tools/workerTimers");
102
- var Deferred_1 = require("../tools/Deferred");
103
- var evtIsUserActive_1 = require("./evtIsUserActive");
104
- var startCountdown_1 = require("../tools/startCountdown");
105
- var toHumanReadableDuration_1 = require("../tools/toHumanReadableDuration");
106
- var toFullyQualifiedUrl_1 = require("../tools/toFullyQualifiedUrl");
107
- var OidcInitializationError_1 = require("./OidcInitializationError");
108
- var StateData_1 = require("./StateData");
109
- var logoutPropagationToOtherTabs_1 = require("./logoutPropagationToOtherTabs");
110
- var loginPropagationToOtherTabs_1 = require("./loginPropagationToOtherTabs");
111
- var configId_1 = require("./configId");
112
- var oidcClientTsUserToTokens_1 = require("./oidcClientTsUserToTokens");
113
- var loginSilent_1 = require("./loginSilent");
114
- var AuthResponse_1 = require("./AuthResponse");
115
- var handleOidcCallback_1 = require("./handleOidcCallback");
116
- var persistedAuthState_1 = require("./persistedAuthState");
117
- var Evt_1 = require("../tools/Evt");
118
- var haveSharedParentDomain_1 = require("../tools/haveSharedParentDomain");
119
- var loginOrGoToAuthServer_1 = require("./loginOrGoToAuthServer");
120
- var EphemeralSessionStorage_1 = require("../tools/EphemeralSessionStorage");
121
- var ongoingLoginOrRefreshProcesses_1 = require("./ongoingLoginOrRefreshProcesses");
122
- var initialLocationHref_1 = require("./initialLocationHref");
123
- var isNewBrowserSession_1 = require("./isNewBrowserSession");
124
- var trustedFetch_1 = require("./trustedFetch");
125
- var getIsOnline_1 = require("../tools/getIsOnline");
126
- (0, handleOidcCallback_1.handleOidcCallback)();
5
+ const oidc_client_ts_1 = require("../vendor/frontend/oidc-client-ts");
6
+ const tsafe_1 = require("../vendor/frontend/tsafe");
7
+ const workerTimers_1 = require("../tools/workerTimers");
8
+ const Deferred_1 = require("../tools/Deferred");
9
+ const evtIsUserActive_1 = require("./evtIsUserActive");
10
+ const startCountdown_1 = require("../tools/startCountdown");
11
+ const toHumanReadableDuration_1 = require("../tools/toHumanReadableDuration");
12
+ const toFullyQualifiedUrl_1 = require("../tools/toFullyQualifiedUrl");
13
+ const OidcInitializationError_1 = require("./OidcInitializationError");
14
+ const StateData_1 = require("./StateData");
15
+ const logoutPropagationToOtherTabs_1 = require("./logoutPropagationToOtherTabs");
16
+ const loginPropagationToOtherTabs_1 = require("./loginPropagationToOtherTabs");
17
+ const configId_1 = require("./configId");
18
+ const oidcClientTsUserToTokens_1 = require("./oidcClientTsUserToTokens");
19
+ const loginSilent_1 = require("./loginSilent");
20
+ const AuthResponse_1 = require("./AuthResponse");
21
+ const handleOidcCallback_1 = require("./handleOidcCallback");
22
+ const persistedAuthState_1 = require("./persistedAuthState");
23
+ const Evt_1 = require("../tools/Evt");
24
+ const haveSharedParentDomain_1 = require("../tools/haveSharedParentDomain");
25
+ const loginOrGoToAuthServer_1 = require("./loginOrGoToAuthServer");
26
+ const EphemeralSessionStorage_1 = require("../tools/EphemeralSessionStorage");
27
+ const ongoingLoginOrRefreshProcesses_1 = require("./ongoingLoginOrRefreshProcesses");
28
+ const initialLocationHref_1 = require("./initialLocationHref");
29
+ const isNewBrowserSession_1 = require("./isNewBrowserSession");
30
+ const getIsOnline_1 = require("../tools/getIsOnline");
31
+ const isKeycloak_1 = require("../keycloak/isKeycloak");
127
32
  // NOTE: Replaced at build time
128
- var VERSION = "7.1.10";
129
- var globalContext = {
33
+ const VERSION = "7.2.0-rc.1";
34
+ const globalContext = {
130
35
  prOidcByConfigId: new Map(),
131
36
  hasLogoutBeenCalled: (0, tsafe_1.id)(false),
132
37
  evtRequestToPersistTokens: (0, Evt_1.createEvt)()
133
38
  };
134
39
  /** @see: https://docs.oidc-spa.dev/v/v7/usage */
135
- function createOidc(params) {
136
- return __awaiter(this, void 0, void 0, function () {
137
- var _a, _b, name_1, value, issuerUri_params, clientId, _c, scopes, debugLogs, rest, issuerUri, log, configId, prOidcByConfigId, prOidc, dOidc, oidc;
138
- var e_1, _d;
139
- return __generator(this, function (_e) {
140
- switch (_e.label) {
141
- case 0:
142
- try {
143
- for (_a = __values(["issuerUri", "clientId"]), _b = _a.next(); !_b.done; _b = _a.next()) {
144
- name_1 = _b.value;
145
- value = params[name_1];
146
- if (!value) {
147
- throw new Error("The parameter \"".concat(name_1, "\" is required, you provided: ").concat(value, ". (Forgot a .env variable?)"));
148
- }
149
- }
40
+ async function createOidc(params) {
41
+ for (const name of ["issuerUri", "clientId"]) {
42
+ const value = params[name];
43
+ if (!value) {
44
+ throw new Error(`The parameter "${name}" is required, you provided: ${value}. (Forgot a .env variable?)`);
45
+ }
46
+ }
47
+ const { issuerUri: issuerUri_params, clientId, scopes = ["profile"], debugLogs, ...rest } = params;
48
+ const issuerUri = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
49
+ urlish: issuerUri_params,
50
+ doAssertNoQueryParams: true,
51
+ doOutputWithTrailingSlash: false
52
+ });
53
+ const log = (() => {
54
+ if (!debugLogs) {
55
+ return undefined;
56
+ }
57
+ return (0, tsafe_1.id)((...[first, ...rest]) => {
58
+ const label = "oidc-spa";
59
+ if (typeof first === "string") {
60
+ console.log(...[`${label}: ${first}`, ...rest]);
61
+ }
62
+ else {
63
+ console.log(...[`${label}:`, first, ...rest]);
64
+ }
65
+ });
66
+ })();
67
+ const configId = (0, configId_1.getConfigId)({ issuerUri, clientId });
68
+ const { prOidcByConfigId } = globalContext;
69
+ use_previous_instance: {
70
+ const prOidc = prOidcByConfigId.get(configId);
71
+ if (prOidc === undefined) {
72
+ break use_previous_instance;
73
+ }
74
+ log?.([
75
+ `createOidc was called again with the same config (${JSON.stringify({
76
+ issuerUri,
77
+ clientId
78
+ })})`,
79
+ `Returning the previous instance. All potential different parameters are ignored.`
80
+ ].join(" "));
81
+ // @ts-expect-error: We know what we're doing
82
+ return prOidc;
83
+ }
84
+ const dOidc = new Deferred_1.Deferred();
85
+ prOidcByConfigId.set(configId, dOidc.pr);
86
+ const oidc = await createOidc_nonMemoized(rest, {
87
+ issuerUri,
88
+ clientId,
89
+ scopes,
90
+ configId,
91
+ log
92
+ });
93
+ dOidc.resolve(oidc);
94
+ return oidc;
95
+ }
96
+ async function createOidc_nonMemoized(params, preProcessedParams) {
97
+ const { transformUrlBeforeRedirect, extraQueryParams: extraQueryParamsOrGetter, extraTokenParams: extraTokenParamsOrGetter, homeUrl: homeUrl_params, decodedIdTokenSchema, idleSessionLifetimeInSeconds, autoLogoutParams = { redirectTo: "current page" }, autoLogin = false, postLoginRedirectUrl: postLoginRedirectUrl_default, __unsafe_clientSecret, __unsafe_useIdTokenAsAccessToken = false, __metadata, noIframe = false } = params;
98
+ const { issuerUri, clientId, scopes, configId, log } = preProcessedParams;
99
+ const getExtraQueryParams = (() => {
100
+ if (extraQueryParamsOrGetter === undefined) {
101
+ return undefined;
102
+ }
103
+ if (typeof extraQueryParamsOrGetter !== "function") {
104
+ return () => extraQueryParamsOrGetter;
105
+ }
106
+ return extraQueryParamsOrGetter;
107
+ })();
108
+ const getExtraTokenParams = (() => {
109
+ if (extraTokenParamsOrGetter === undefined) {
110
+ return undefined;
111
+ }
112
+ if (typeof extraTokenParamsOrGetter !== "function") {
113
+ return () => extraTokenParamsOrGetter;
114
+ }
115
+ return extraTokenParamsOrGetter;
116
+ })();
117
+ const homeUrlAndRedirectUri = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
118
+ urlish: homeUrl_params,
119
+ doAssertNoQueryParams: true,
120
+ doOutputWithTrailingSlash: true
121
+ });
122
+ log?.(`Calling createOidc v${VERSION} ${JSON.stringify({
123
+ issuerUri,
124
+ clientId,
125
+ scopes,
126
+ configId,
127
+ homeUrlAndRedirectUri
128
+ }, null, 2)}`);
129
+ {
130
+ const { isHandled } = (0, handleOidcCallback_1.handleOidcCallback)();
131
+ if (isHandled) {
132
+ await new Promise(() => { });
133
+ }
134
+ }
135
+ const stateUrlParamValue_instance = (0, StateData_1.generateStateUrlParamValue)();
136
+ const canUseIframe = (() => {
137
+ if (noIframe) {
138
+ return false;
139
+ }
140
+ third_party_cookies: {
141
+ const isOidcServerThirdPartyRelativeToApp = (0, haveSharedParentDomain_1.getHaveSharedParentDomain)({
142
+ url1: window.location.origin,
143
+ url2: issuerUri
144
+ }) === false;
145
+ if (!isOidcServerThirdPartyRelativeToApp) {
146
+ break third_party_cookies;
147
+ }
148
+ const isGoogleChrome = (() => {
149
+ const ua = navigator.userAgent;
150
+ const vendor = navigator.vendor;
151
+ return (/Chrome/.test(ua) && /Google Inc/.test(vendor) && !/Edg/.test(ua) && !/OPR/.test(ua));
152
+ })();
153
+ if (window.location.origin.startsWith("http://localhost") && isGoogleChrome) {
154
+ break third_party_cookies;
155
+ }
156
+ log?.([
157
+ "Can't use iframe because your auth server is on a third party domain relative",
158
+ "to the domain of your app and third party cookies are blocked by navigators."
159
+ ].join(" "));
160
+ return false;
161
+ }
162
+ // NOTE: Maybe not, it depend if the app can iframe itself.
163
+ return true;
164
+ })();
165
+ let isUserStoreInMemoryOnly;
166
+ const oidcClientTsUserManager = new oidc_client_ts_1.UserManager({
167
+ stateUrlParamValue: stateUrlParamValue_instance,
168
+ authority: issuerUri,
169
+ client_id: clientId,
170
+ redirect_uri: homeUrlAndRedirectUri,
171
+ silent_redirect_uri: homeUrlAndRedirectUri,
172
+ post_logout_redirect_uri: homeUrlAndRedirectUri,
173
+ response_mode: (0, isKeycloak_1.isKeycloak)({ issuerUri }) ? "fragment" : "query",
174
+ response_type: "code",
175
+ scope: Array.from(new Set(["openid", ...scopes])).join(" "),
176
+ automaticSilentRenew: false,
177
+ userStore: new oidc_client_ts_1.WebStorageStateStore({
178
+ store: (() => {
179
+ if (canUseIframe) {
180
+ isUserStoreInMemoryOnly = true;
181
+ return new oidc_client_ts_1.InMemoryWebStorage();
182
+ }
183
+ isUserStoreInMemoryOnly = false;
184
+ const storage = (0, EphemeralSessionStorage_1.createEphemeralSessionStorage)({
185
+ sessionStorageTtlMs: 3 * 60000
186
+ });
187
+ const { evtRequestToPersistTokens } = globalContext;
188
+ evtRequestToPersistTokens.subscribe(({ configIdOfInstancePostingTheRequest }) => {
189
+ if (configIdOfInstancePostingTheRequest === configId) {
190
+ return;
150
191
  }
151
- catch (e_1_1) { e_1 = { error: e_1_1 }; }
152
- finally {
192
+ storage.persistCurrentStateAndSubsequentChanges();
193
+ });
194
+ return storage;
195
+ })()
196
+ }),
197
+ stateStore: new oidc_client_ts_1.WebStorageStateStore({ store: localStorage, prefix: StateData_1.STATE_STORE_KEY_PREFIX }),
198
+ client_secret: __unsafe_clientSecret,
199
+ metadata: __metadata
200
+ });
201
+ const evtIsUserLoggedIn = (0, Evt_1.createEvt)();
202
+ const { loginOrGoToAuthServer } = (0, loginOrGoToAuthServer_1.createLoginOrGoToAuthServer)({
203
+ configId,
204
+ oidcClientTsUserManager,
205
+ transformUrlBeforeRedirect,
206
+ getExtraQueryParams,
207
+ getExtraTokenParams,
208
+ homeUrl: homeUrlAndRedirectUri,
209
+ evtIsUserLoggedIn,
210
+ log
211
+ });
212
+ const { getIsNewBrowserSession } = (0, isNewBrowserSession_1.createGetIsNewBrowserSession)({
213
+ configId,
214
+ evtUserNotLoggedIn: (() => {
215
+ const evt = (0, Evt_1.createEvt)();
216
+ evtIsUserLoggedIn.subscribe(isUserLoggedIn => {
217
+ if (!isUserLoggedIn) {
218
+ evt.post();
219
+ }
220
+ });
221
+ return evt;
222
+ })()
223
+ });
224
+ const { completeLoginOrRefreshProcess } = await (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)();
225
+ const resultOfLoginProcess = await (async () => {
226
+ handle_redirect_auth_response: {
227
+ const authResponseAndStateData = (0, handleOidcCallback_1.retrieveRedirectAuthResponseAndStateData)({ configId });
228
+ if (authResponseAndStateData === undefined) {
229
+ break handle_redirect_auth_response;
230
+ }
231
+ const { authResponse, stateData } = authResponseAndStateData;
232
+ switch (stateData.action) {
233
+ case "login":
234
+ {
235
+ log?.(`Handling login redirect auth response ${JSON.stringify(authResponse, null, 2)}`);
236
+ const authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
237
+ let oidcClientTsUser = undefined;
153
238
  try {
154
- if (_b && !_b.done && (_d = _a.return)) _d.call(_a);
155
- }
156
- finally { if (e_1) throw e_1.error; }
157
- }
158
- issuerUri_params = params.issuerUri, clientId = params.clientId, _c = params.scopes, scopes = _c === void 0 ? ["profile"] : _c, debugLogs = params.debugLogs, rest = __rest(params, ["issuerUri", "clientId", "scopes", "debugLogs"]);
159
- issuerUri = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
160
- urlish: issuerUri_params,
161
- doAssertNoQueryParams: true,
162
- doOutputWithTrailingSlash: false
163
- });
164
- log = (function () {
165
- if (!debugLogs) {
166
- return undefined;
239
+ oidcClientTsUser = await oidcClientTsUserManager.signinRedirectCallback(authResponseUrl);
167
240
  }
168
- return (0, tsafe_1.id)(function () {
169
- var _a = [];
170
- for (var _i = 0; _i < arguments.length; _i++) {
171
- _a[_i] = arguments[_i];
241
+ catch (error) {
242
+ (0, tsafe_1.assert)(error instanceof Error, "741947");
243
+ if (error.message === "Failed to fetch") {
244
+ return (0, OidcInitializationError_1.createFailedToFetchTokenEndpointInitializationError)({
245
+ clientId,
246
+ issuerUri
247
+ });
172
248
  }
173
- var _b = __read(_a), first = _b[0], rest = _b.slice(1);
174
- var label = "oidc-spa";
175
- if (typeof first === "string") {
176
- console.log.apply(console, __spreadArray([], __read(__spreadArray(["".concat(label, ": ").concat(first)], __read(rest), false)), false));
249
+ {
250
+ const authResponse_error = authResponse.error;
251
+ if (authResponse_error !== undefined) {
252
+ log?.(`The auth server responded with: ${authResponse_error}, trying to restore from the http only cookie`);
253
+ break handle_redirect_auth_response;
254
+ }
177
255
  }
178
- else {
179
- console.log.apply(console, __spreadArray([], __read(__spreadArray(["".concat(label, ":"), first], __read(rest), false)), false));
256
+ return error;
257
+ }
258
+ (0, loginPropagationToOtherTabs_1.notifyOtherTabsOfLogin)({ configId });
259
+ return {
260
+ oidcClientTsUser,
261
+ backFromAuthServer: {
262
+ extraQueryParams: stateData.extraQueryParams,
263
+ result: Object.fromEntries(Object.entries(authResponse)
264
+ .map(([name, value]) => {
265
+ if (name === "state" ||
266
+ name === "session_state" ||
267
+ name === "iss" ||
268
+ name === "code") {
269
+ return undefined;
270
+ }
271
+ if (value === undefined) {
272
+ return undefined;
273
+ }
274
+ return [name, value];
275
+ })
276
+ .filter(entry => entry !== undefined))
180
277
  }
278
+ };
279
+ }
280
+ break;
281
+ case "logout":
282
+ {
283
+ log?.("Handling logout redirect auth response", authResponse);
284
+ const authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
285
+ try {
286
+ await oidcClientTsUserManager.signoutRedirectCallback(authResponseUrl);
287
+ }
288
+ catch { }
289
+ (0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
290
+ configId,
291
+ sessionId: stateData.sessionId
181
292
  });
182
- })();
183
- configId = (0, configId_1.getConfigId)({ issuerUri: issuerUri, clientId: clientId });
184
- prOidcByConfigId = globalContext.prOidcByConfigId;
185
- use_previous_instance: {
186
- prOidc = prOidcByConfigId.get(configId);
187
- if (prOidc === undefined) {
188
- break use_previous_instance;
293
+ if (autoLogin) {
294
+ location.reload();
295
+ await new Promise(() => { });
189
296
  }
190
- log === null || log === void 0 ? void 0 : log([
191
- "createOidc was called again with the same config (".concat(JSON.stringify({
192
- issuerUri: issuerUri,
193
- clientId: clientId
194
- }), ")"),
195
- "Returning the previous instance. All potential different parameters are ignored."
297
+ // NOTE: The user is no longer logged in.
298
+ return undefined;
299
+ }
300
+ break;
301
+ }
302
+ }
303
+ restore_from_session_storage: {
304
+ if (isUserStoreInMemoryOnly) {
305
+ break restore_from_session_storage;
306
+ }
307
+ let oidcClientTsUser;
308
+ try {
309
+ oidcClientTsUser = await oidcClientTsUserManager.getUser();
310
+ }
311
+ catch {
312
+ // NOTE: Not sure if it can throw, but let's be safe.
313
+ oidcClientTsUser = null;
314
+ try {
315
+ await oidcClientTsUserManager.removeUser();
316
+ }
317
+ catch { }
318
+ }
319
+ if (oidcClientTsUser === null) {
320
+ break restore_from_session_storage;
321
+ }
322
+ log?.("Restored the auth from ephemeral session storage");
323
+ return {
324
+ oidcClientTsUser,
325
+ backFromAuthServer: undefined
326
+ };
327
+ }
328
+ silent_login_if_possible_and_auto_login: {
329
+ const persistedAuthState = (0, persistedAuthState_1.getPersistedAuthState)({ configId });
330
+ if (persistedAuthState === "explicitly logged out" && !autoLogin) {
331
+ log?.("Skipping silent signin with iframe, the user has logged out");
332
+ break silent_login_if_possible_and_auto_login;
333
+ }
334
+ {
335
+ const { isOnline, prOnline } = (0, getIsOnline_1.getIsOnline)();
336
+ if (!isOnline) {
337
+ if (autoLogin) {
338
+ log?.([
339
+ "The browser is currently offline",
340
+ "Since autoLogin is enabled we wait until it comes back online",
341
+ "to continue with authentication"
342
+ ].join(" "));
343
+ await prOnline;
344
+ }
345
+ else {
346
+ log?.([
347
+ "The browser is not currently online so we proceed with initialization",
348
+ "assuming the user isn't authenticated"
196
349
  ].join(" "));
197
- // @ts-expect-error: We know what we're doing
198
- return [2 /*return*/, prOidc];
350
+ break silent_login_if_possible_and_auto_login;
199
351
  }
200
- dOidc = new Deferred_1.Deferred();
201
- prOidcByConfigId.set(configId, dOidc.pr);
202
- return [4 /*yield*/, createOidc_nonMemoized(rest, {
203
- issuerUri: issuerUri,
204
- clientId: clientId,
205
- scopes: scopes,
206
- configId: configId,
207
- log: log
208
- })];
209
- case 1:
210
- oidc = _e.sent();
211
- dOidc.resolve(oidc);
212
- return [2 /*return*/, oidc];
352
+ }
213
353
  }
214
- });
215
- });
216
- }
217
- function createOidc_nonMemoized(params, preProcessedParams) {
218
- return __awaiter(this, void 0, void 0, function () {
219
- var transformUrlBeforeRedirect, extraQueryParamsOrGetter, extraTokenParamsOrGetter, homeUrl_params, decodedIdTokenSchema, idleSessionLifetimeInSeconds, _a, autoLogoutParams, _b, autoLogin, postLoginRedirectUrl_default, __unsafe_clientSecret, _c, __unsafe_useIdTokenAsAccessToken, __metadata, _d, noIframe, issuerUri, clientId, scopes, configId, log, getExtraQueryParams, getExtraTokenParams, homeUrl, callbackUri, isHandled, stateQueryParamValue_instance, canUseIframe, isUserStoreInMemoryOnly, oidcClientTsUserManager, evtIsUserLoggedIn, loginOrGoToAuthServer, getIsNewBrowserSession, completeLoginOrRefreshProcess, resultOfLoginProcess, oidc_common, oidc_notLoggedIn, prOtherTabLogin, currentTokens, autoLogoutCountdownTickCallbacks, onTokenChanges, _e, sessionId, subjectId, wouldHaveAutoLoggedOutIfBrowserWasOnline, oidc_loggedIn, prOtherTabLogout, getCurrentRefreshTokenTtlInSeconds_1, startCountdown_2, stopCountdown_1, evtIsUserActive, unsubscribeFromIsUserActive_1, currentRefreshTokenTtlInSeconds;
220
- var _this = this;
221
- return __generator(this, function (_f) {
222
- switch (_f.label) {
223
- case 0:
224
- transformUrlBeforeRedirect = params.transformUrlBeforeRedirect, extraQueryParamsOrGetter = params.extraQueryParams, extraTokenParamsOrGetter = params.extraTokenParams, homeUrl_params = params.homeUrl, decodedIdTokenSchema = params.decodedIdTokenSchema, idleSessionLifetimeInSeconds = params.idleSessionLifetimeInSeconds, _a = params.autoLogoutParams, autoLogoutParams = _a === void 0 ? { redirectTo: "current page" } : _a, _b = params.autoLogin, autoLogin = _b === void 0 ? false : _b, postLoginRedirectUrl_default = params.postLoginRedirectUrl, __unsafe_clientSecret = params.__unsafe_clientSecret, _c = params.__unsafe_useIdTokenAsAccessToken, __unsafe_useIdTokenAsAccessToken = _c === void 0 ? false : _c, __metadata = params.__metadata, _d = params.noIframe, noIframe = _d === void 0 ? false : _d;
225
- issuerUri = preProcessedParams.issuerUri, clientId = preProcessedParams.clientId, scopes = preProcessedParams.scopes, configId = preProcessedParams.configId, log = preProcessedParams.log;
226
- getExtraQueryParams = (function () {
227
- if (extraQueryParamsOrGetter === undefined) {
228
- return undefined;
229
- }
230
- if (typeof extraQueryParamsOrGetter !== "function") {
231
- return function () { return extraQueryParamsOrGetter; };
232
- }
233
- return extraQueryParamsOrGetter;
234
- })();
235
- getExtraTokenParams = (function () {
236
- if (extraTokenParamsOrGetter === undefined) {
237
- return undefined;
238
- }
239
- if (typeof extraTokenParamsOrGetter !== "function") {
240
- return function () { return extraTokenParamsOrGetter; };
241
- }
242
- return extraTokenParamsOrGetter;
243
- })();
244
- homeUrl = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
245
- urlish: homeUrl_params,
246
- doAssertNoQueryParams: true,
247
- doOutputWithTrailingSlash: true
248
- });
249
- callbackUri = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
250
- urlish: homeUrl,
251
- doAssertNoQueryParams: true,
252
- doOutputWithTrailingSlash: true
253
- });
254
- log === null || log === void 0 ? void 0 : log("Calling createOidc v".concat(VERSION, " ").concat(JSON.stringify({
255
- issuerUri: issuerUri,
256
- clientId: clientId,
257
- scopes: scopes,
258
- configId: configId,
259
- homeUrl: homeUrl,
260
- callbackUri: callbackUri
261
- }, null, 2)));
262
- isHandled = (0, handleOidcCallback_1.handleOidcCallback)().isHandled;
263
- if (!isHandled) return [3 /*break*/, 2];
264
- return [4 /*yield*/, new Promise(function () { })];
265
- case 1:
266
- _f.sent();
267
- _f.label = 2;
268
- case 2:
269
- stateQueryParamValue_instance = (0, StateData_1.generateStateQueryParamValue)();
270
- canUseIframe = (function () {
271
- if (noIframe) {
272
- return false;
273
- }
274
- // NOTE: Electron
275
- if (!/https?:\/\//.test(callbackUri)) {
276
- log === null || log === void 0 ? void 0 : log("We won't use iframe, callbackUri uses a custom protocol.");
277
- return false;
278
- }
279
- third_party_cookies: {
280
- var isOidcServerThirdPartyRelativeToApp = (0, haveSharedParentDomain_1.getHaveSharedParentDomain)({
281
- url1: window.location.origin,
282
- url2: issuerUri
283
- }) === false;
284
- if (!isOidcServerThirdPartyRelativeToApp) {
285
- break third_party_cookies;
286
- }
287
- var isGoogleChrome = (function () {
288
- var ua = navigator.userAgent;
289
- var vendor = navigator.vendor;
290
- return (/Chrome/.test(ua) && /Google Inc/.test(vendor) && !/Edg/.test(ua) && !/OPR/.test(ua));
291
- })();
292
- if (window.location.origin.startsWith("http://localhost") && isGoogleChrome) {
293
- break third_party_cookies;
294
- }
295
- log === null || log === void 0 ? void 0 : log([
296
- "Can't use iframe because your auth server is on a third party domain relative",
297
- "to the domain of your app and third party cookies are blocked by navigators."
298
- ].join(" "));
299
- return false;
300
- }
301
- // NOTE: Maybe not, it depend if the app can iframe itself.
302
- return true;
303
- })();
304
- oidcClientTsUserManager = new oidc_client_ts_and_jwt_decode_1.UserManager({
305
- stateQueryParamValue: stateQueryParamValue_instance,
306
- authority: issuerUri,
307
- client_id: clientId,
308
- redirect_uri: callbackUri,
309
- silent_redirect_uri: callbackUri,
310
- post_logout_redirect_uri: callbackUri,
311
- response_type: "code",
312
- scope: Array.from(new Set(__spreadArray(["openid"], __read(scopes), false))).join(" "),
313
- automaticSilentRenew: false,
314
- userStore: new oidc_client_ts_and_jwt_decode_1.WebStorageStateStore({
315
- store: (function () {
316
- if (canUseIframe) {
317
- isUserStoreInMemoryOnly = true;
318
- return new oidc_client_ts_and_jwt_decode_1.InMemoryWebStorage();
319
- }
320
- isUserStoreInMemoryOnly = false;
321
- var storage = (0, EphemeralSessionStorage_1.createEphemeralSessionStorage)({
322
- sessionStorageTtlMs: 3 * 60000
323
- });
324
- var evtRequestToPersistTokens = globalContext.evtRequestToPersistTokens;
325
- evtRequestToPersistTokens.subscribe(function (_a) {
326
- var configIdOfInstancePostingTheRequest = _a.configIdOfInstancePostingTheRequest;
327
- if (configIdOfInstancePostingTheRequest === configId) {
328
- return;
329
- }
330
- storage.persistCurrentStateAndSubsequentChanges();
331
- });
332
- return storage;
333
- })()
334
- }),
335
- stateStore: new oidc_client_ts_and_jwt_decode_1.WebStorageStateStore({ store: localStorage, prefix: StateData_1.STATE_STORE_KEY_PREFIX }),
336
- client_secret: __unsafe_clientSecret,
337
- fetch: trustedFetch_1.trustedFetch,
338
- metadata: __metadata
339
- });
340
- evtIsUserLoggedIn = (0, Evt_1.createEvt)();
341
- loginOrGoToAuthServer = (0, loginOrGoToAuthServer_1.createLoginOrGoToAuthServer)({
342
- configId: configId,
343
- oidcClientTsUserManager: oidcClientTsUserManager,
344
- transformUrlBeforeRedirect: transformUrlBeforeRedirect,
345
- getExtraQueryParams: getExtraQueryParams,
346
- getExtraTokenParams: getExtraTokenParams,
347
- homeUrl: homeUrl,
348
- evtIsUserLoggedIn: evtIsUserLoggedIn,
349
- log: log
350
- }).loginOrGoToAuthServer;
351
- getIsNewBrowserSession = (0, isNewBrowserSession_1.createGetIsNewBrowserSession)({
352
- configId: configId,
353
- evtUserNotLoggedIn: (function () {
354
- var evt = (0, Evt_1.createEvt)();
355
- evtIsUserLoggedIn.subscribe(function (isUserLoggedIn) {
356
- if (!isUserLoggedIn) {
357
- evt.post();
358
- }
354
+ let authResponse_error = undefined;
355
+ let oidcClientTsUser = undefined;
356
+ actual_silent_signin: {
357
+ if (persistedAuthState === "explicitly logged out") {
358
+ break actual_silent_signin;
359
+ }
360
+ if (!canUseIframe) {
361
+ break actual_silent_signin;
362
+ }
363
+ log?.("Trying to restore the auth from the http only cookie (silent signin with iframe)");
364
+ const result_loginSilent = await (0, loginSilent_1.loginSilent)({
365
+ oidcClientTsUserManager,
366
+ stateUrlParamValue_instance,
367
+ configId,
368
+ transformUrlBeforeRedirect,
369
+ getExtraQueryParams,
370
+ getExtraTokenParams,
371
+ autoLogin
372
+ });
373
+ (0, tsafe_1.assert)(result_loginSilent.outcome !== "token refreshed using refresh token", "876995");
374
+ if (result_loginSilent.outcome === "failure") {
375
+ switch (result_loginSilent.cause) {
376
+ case "can't reach well-known oidc endpoint":
377
+ return (0, OidcInitializationError_1.createWellKnownOidcConfigurationEndpointUnreachableInitializationError)({
378
+ issuerUri
359
379
  });
360
- return evt;
361
- })()
362
- }).getIsNewBrowserSession;
363
- return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)()];
364
- case 3:
365
- completeLoginOrRefreshProcess = (_f.sent()).completeLoginOrRefreshProcess;
366
- return [4 /*yield*/, (function () { return __awaiter(_this, void 0, void 0, function () {
367
- var authResponseAndStateData, authResponse, stateData, _a, authResponseUrl, oidcClientTsUser, error_1, authResponse_error, authResponseUrl, _b, oidcClientTsUser, _c, _d, persistedAuthState_2, _e, isOnline, prOnline, authResponse_error, oidcClientTsUser, result_loginSilent, authResponse, error_2;
368
- return __generator(this, function (_f) {
369
- switch (_f.label) {
370
- case 0:
371
- authResponseAndStateData = (0, handleOidcCallback_1.retrieveRedirectAuthResponseAndStateData)({ configId: configId });
372
- if (authResponseAndStateData === undefined) {
373
- return [3 /*break*/, 13];
374
- }
375
- authResponse = authResponseAndStateData.authResponse, stateData = authResponseAndStateData.stateData;
376
- _a = stateData.action;
377
- switch (_a) {
378
- case "login": return [3 /*break*/, 1];
379
- case "logout": return [3 /*break*/, 6];
380
- }
381
- return [3 /*break*/, 13];
382
- case 1:
383
- log === null || log === void 0 ? void 0 : log("Handling login redirect auth response ".concat(JSON.stringify(authResponse, null, 2)));
384
- authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
385
- oidcClientTsUser = undefined;
386
- _f.label = 2;
387
- case 2:
388
- _f.trys.push([2, 4, , 5]);
389
- return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback(authResponseUrl)];
390
- case 3:
391
- oidcClientTsUser = _f.sent();
392
- return [3 /*break*/, 5];
393
- case 4:
394
- error_1 = _f.sent();
395
- (0, tsafe_1.assert)(error_1 instanceof Error, "741947");
396
- if (error_1.message === "Failed to fetch") {
397
- return [2 /*return*/, (0, OidcInitializationError_1.createFailedToFetchTokenEndpointInitializationError)({
398
- clientId: clientId,
399
- issuerUri: issuerUri
400
- })];
401
- }
402
- {
403
- authResponse_error = authResponse.error;
404
- if (authResponse_error !== undefined) {
405
- log === null || log === void 0 ? void 0 : log("The auth server responded with: ".concat(authResponse_error, ", trying to restore from the http only cookie"));
406
- return [3 /*break*/, 13];
407
- }
408
- }
409
- return [2 /*return*/, error_1];
410
- case 5:
411
- (0, loginPropagationToOtherTabs_1.notifyOtherTabsOfLogin)({ configId: configId });
412
- return [2 /*return*/, {
413
- oidcClientTsUser: oidcClientTsUser,
414
- backFromAuthServer: {
415
- extraQueryParams: stateData.extraQueryParams,
416
- result: Object.fromEntries(Object.entries(authResponse)
417
- .map(function (_a) {
418
- var _b = __read(_a, 2), name = _b[0], value = _b[1];
419
- if (name === "state" ||
420
- name === "session_state" ||
421
- name === "iss" ||
422
- name === "code") {
423
- return undefined;
424
- }
425
- if (value === undefined) {
426
- return undefined;
427
- }
428
- return [name, value];
429
- })
430
- .filter(function (entry) { return entry !== undefined; }))
431
- }
432
- }];
433
- case 6:
434
- log === null || log === void 0 ? void 0 : log("Handling logout redirect auth response", authResponse);
435
- authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
436
- _f.label = 7;
437
- case 7:
438
- _f.trys.push([7, 9, , 10]);
439
- return [4 /*yield*/, oidcClientTsUserManager.signoutRedirectCallback(authResponseUrl)];
440
- case 8:
441
- _f.sent();
442
- return [3 /*break*/, 10];
443
- case 9:
444
- _b = _f.sent();
445
- return [3 /*break*/, 10];
446
- case 10:
447
- (0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
448
- configId: configId,
449
- sessionId: stateData.sessionId
450
- });
451
- if (!autoLogin) return [3 /*break*/, 12];
452
- location.reload();
453
- return [4 /*yield*/, new Promise(function () { })];
454
- case 11:
455
- _f.sent();
456
- _f.label = 12;
457
- case 12:
458
- // NOTE: The user is no longer logged in.
459
- return [2 /*return*/, undefined];
460
- case 13:
461
- if (isUserStoreInMemoryOnly) {
462
- return [3 /*break*/, 22];
463
- }
464
- oidcClientTsUser = void 0;
465
- _f.label = 14;
466
- case 14:
467
- _f.trys.push([14, 16, , 21]);
468
- return [4 /*yield*/, oidcClientTsUserManager.getUser()];
469
- case 15:
470
- oidcClientTsUser = _f.sent();
471
- return [3 /*break*/, 21];
472
- case 16:
473
- _c = _f.sent();
474
- // NOTE: Not sure if it can throw, but let's be safe.
475
- oidcClientTsUser = null;
476
- _f.label = 17;
477
- case 17:
478
- _f.trys.push([17, 19, , 20]);
479
- return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
480
- case 18:
481
- _f.sent();
482
- return [3 /*break*/, 20];
483
- case 19:
484
- _d = _f.sent();
485
- return [3 /*break*/, 20];
486
- case 20: return [3 /*break*/, 21];
487
- case 21:
488
- if (oidcClientTsUser === null) {
489
- return [3 /*break*/, 22];
490
- }
491
- log === null || log === void 0 ? void 0 : log("Restored the auth from ephemeral session storage");
492
- return [2 /*return*/, {
493
- oidcClientTsUser: oidcClientTsUser,
494
- backFromAuthServer: undefined
495
- }];
496
- case 22:
497
- persistedAuthState_2 = (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId });
498
- if (persistedAuthState_2 === "explicitly logged out" && !autoLogin) {
499
- log === null || log === void 0 ? void 0 : log("Skipping silent signin with iframe, the user has logged out");
500
- return [3 /*break*/, 35];
501
- }
502
- _e = (0, getIsOnline_1.getIsOnline)(), isOnline = _e.isOnline, prOnline = _e.prOnline;
503
- if (!!isOnline) return [3 /*break*/, 25];
504
- if (!autoLogin) return [3 /*break*/, 24];
505
- log === null || log === void 0 ? void 0 : log([
506
- "The browser is currently offline",
507
- "Since autoLogin is enabled we wait until it comes back online",
508
- "to continue with authentication"
509
- ].join(" "));
510
- return [4 /*yield*/, prOnline];
511
- case 23:
512
- _f.sent();
513
- return [3 /*break*/, 25];
514
- case 24:
515
- log === null || log === void 0 ? void 0 : log([
516
- "The browser is not currently online so we proceed with initialization",
517
- "assuming the user isn't authenticated"
518
- ].join(" "));
519
- return [3 /*break*/, 35];
520
- case 25:
521
- authResponse_error = undefined;
522
- oidcClientTsUser = undefined;
523
- if (persistedAuthState_2 === "explicitly logged out") {
524
- return [3 /*break*/, 30];
525
- }
526
- if (!canUseIframe) {
527
- return [3 /*break*/, 30];
528
- }
529
- log === null || log === void 0 ? void 0 : log("Trying to restore the auth from the http only cookie (silent signin with iframe)");
530
- return [4 /*yield*/, (0, loginSilent_1.loginSilent)({
531
- oidcClientTsUserManager: oidcClientTsUserManager,
532
- stateQueryParamValue_instance: stateQueryParamValue_instance,
533
- configId: configId,
534
- transformUrlBeforeRedirect: transformUrlBeforeRedirect,
535
- getExtraQueryParams: getExtraQueryParams,
536
- getExtraTokenParams: getExtraTokenParams,
537
- autoLogin: autoLogin
538
- })];
539
- case 26:
540
- result_loginSilent = _f.sent();
541
- (0, tsafe_1.assert)(result_loginSilent.outcome !== "token refreshed using refresh token", "876995");
542
- if (result_loginSilent.outcome === "failure") {
543
- switch (result_loginSilent.cause) {
544
- case "can't reach well-known oidc endpoint":
545
- return [2 /*return*/, (0, OidcInitializationError_1.createWellKnownOidcConfigurationEndpointUnreachableInitializationError)({
546
- issuerUri: issuerUri
547
- })];
548
- case "timeout":
549
- return [2 /*return*/, (0, OidcInitializationError_1.createIframeTimeoutInitializationError)({
550
- callbackUri: callbackUri,
551
- clientId: clientId,
552
- issuerUri: issuerUri,
553
- noIframe: noIframe
554
- })];
555
- }
556
- (0, tsafe_1.assert)(false);
557
- }
558
- (0, tsafe_1.assert)();
559
- authResponse = result_loginSilent.authResponse;
560
- log === null || log === void 0 ? void 0 : log("Silent signin auth response ".concat(JSON.stringify(authResponse, null, 2)));
561
- authResponse_error = authResponse.error;
562
- _f.label = 27;
563
- case 27:
564
- _f.trys.push([27, 29, , 30]);
565
- return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse))];
566
- case 28:
567
- oidcClientTsUser = _f.sent();
568
- return [3 /*break*/, 30];
569
- case 29:
570
- error_2 = _f.sent();
571
- (0, tsafe_1.assert)(error_2 instanceof Error, "433344");
572
- if (error_2.message === "Failed to fetch") {
573
- return [2 /*return*/, (0, OidcInitializationError_1.createFailedToFetchTokenEndpointInitializationError)({
574
- clientId: clientId,
575
- issuerUri: issuerUri
576
- })];
577
- }
578
- if (authResponse_error === undefined) {
579
- return [2 /*return*/, error_2];
580
- }
581
- return [3 /*break*/, 30];
582
- case 30:
583
- if (!(oidcClientTsUser === undefined)) return [3 /*break*/, 34];
584
- if (!(autoLogin ||
585
- (persistedAuthState_2 === "logged in" &&
586
- (authResponse_error === undefined ||
587
- authResponse_error === "interaction_required" ||
588
- authResponse_error === "login_required" ||
589
- authResponse_error === "consent_required" ||
590
- authResponse_error === "account_selection_required")))) return [3 /*break*/, 33];
591
- log === null || log === void 0 ? void 0 : log("Performing auto login with redirect");
592
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
593
- completeLoginOrRefreshProcess();
594
- if (autoLogin && persistedAuthState_2 !== "logged in") {
595
- evtIsUserLoggedIn.post(false);
596
- }
597
- return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
598
- prUnlock: new Promise(function () { })
599
- })];
600
- case 31:
601
- _f.sent();
602
- if (persistedAuthState_2 === "logged in") {
603
- globalContext.evtRequestToPersistTokens.post({
604
- configIdOfInstancePostingTheRequest: configId
605
- });
606
- }
607
- return [4 /*yield*/, loginOrGoToAuthServer({
608
- action: "login",
609
- doForceReloadOnBfCache: true,
610
- redirectUrl: initialLocationHref_1.initialLocationHref,
611
- // NOTE: Wether or not it's the preferred behavior, pushing to history
612
- // only works on user interaction so it have to be false
613
- doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
614
- extraQueryParams_local: undefined,
615
- transformUrlBeforeRedirect_local: undefined,
616
- interaction: (function () {
617
- if (persistedAuthState_2 === "explicitly logged out") {
618
- return "ensure interaction";
619
- }
620
- if (autoLogin) {
621
- return "directly redirect if active session show login otherwise";
622
- }
623
- return "ensure no interaction";
624
- })()
625
- })];
626
- case 32:
627
- _f.sent();
628
- (0, tsafe_1.assert)(false, "321389");
629
- _f.label = 33;
630
- case 33:
631
- if (authResponse_error !== undefined) {
632
- log === null || log === void 0 ? void 0 : log([
633
- "The auth server responded with: ".concat(authResponse_error, " "),
634
- "login_required" === authResponse_error
635
- ? "(login_required just means that there's no active session for the user)"
636
- : ""
637
- ].join(""));
638
- }
639
- return [3 /*break*/, 35];
640
- case 34:
641
- log === null || log === void 0 ? void 0 : log("Successful silent signed in");
642
- return [2 /*return*/, {
643
- oidcClientTsUser: oidcClientTsUser,
644
- backFromAuthServer: undefined
645
- }];
646
- case 35:
647
- // NOTE: The user is not logged in.
648
- return [2 /*return*/, undefined];
649
- }
380
+ case "timeout":
381
+ return (0, OidcInitializationError_1.createIframeTimeoutInitializationError)({
382
+ redirectUri: homeUrlAndRedirectUri,
383
+ clientId,
384
+ issuerUri,
385
+ noIframe
650
386
  });
651
- }); })()];
652
- case 4:
653
- resultOfLoginProcess = _f.sent();
387
+ }
388
+ (0, tsafe_1.assert)(false);
389
+ }
390
+ (0, tsafe_1.assert)();
391
+ const { authResponse } = result_loginSilent;
392
+ log?.(`Silent signin auth response ${JSON.stringify(authResponse, null, 2)}`);
393
+ authResponse_error = authResponse.error;
394
+ try {
395
+ oidcClientTsUser = await oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse));
396
+ }
397
+ catch (error) {
398
+ (0, tsafe_1.assert)(error instanceof Error, "433344");
399
+ if (error.message === "Failed to fetch") {
400
+ return (0, OidcInitializationError_1.createFailedToFetchTokenEndpointInitializationError)({
401
+ clientId,
402
+ issuerUri
403
+ });
404
+ }
405
+ if (authResponse_error === undefined) {
406
+ return error;
407
+ }
408
+ }
409
+ }
410
+ if (oidcClientTsUser === undefined) {
411
+ if (autoLogin ||
412
+ (persistedAuthState === "logged in" &&
413
+ (authResponse_error === undefined ||
414
+ authResponse_error === "interaction_required" ||
415
+ authResponse_error === "login_required" ||
416
+ authResponse_error === "consent_required" ||
417
+ authResponse_error === "account_selection_required"))) {
418
+ log?.("Performing auto login with redirect");
419
+ (0, persistedAuthState_1.persistAuthState)({ configId, state: undefined });
654
420
  completeLoginOrRefreshProcess();
655
- return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
656
- prUnlock: Promise.resolve()
657
- })];
658
- case 5:
659
- _f.sent();
660
- oidc_common = {
661
- params: {
662
- issuerUri: issuerUri,
663
- clientId: clientId
664
- }
665
- };
666
- not_loggedIn_case: {
667
- if (!(resultOfLoginProcess instanceof Error) && resultOfLoginProcess !== undefined) {
668
- break not_loggedIn_case;
669
- }
421
+ if (autoLogin && persistedAuthState !== "logged in") {
670
422
  evtIsUserLoggedIn.post(false);
671
- if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== "explicitly logged out") {
672
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
673
- }
674
- oidc_notLoggedIn = (function () {
675
- if (resultOfLoginProcess instanceof Error) {
676
- log === null || log === void 0 ? void 0 : log("User not logged in and there was an initialization error");
677
- var error = resultOfLoginProcess;
678
- var initializationError = error instanceof OidcInitializationError_1.OidcInitializationError
679
- ? error
680
- : new OidcInitializationError_1.OidcInitializationError({
681
- isAuthServerLikelyDown: false,
682
- messageOrCause: error
683
- });
684
- if (autoLogin) {
685
- throw initializationError;
686
- }
687
- console.error([
688
- "oidc-spa Initialization Error: ",
689
- "isAuthServerLikelyDown: ".concat(initializationError.isAuthServerLikelyDown),
690
- "",
691
- initializationError.message
692
- ].join("\n"));
693
- return (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: false, login: function () { return __awaiter(_this, void 0, void 0, function () {
694
- return __generator(this, function (_a) {
695
- alert("Authentication is currently unavailable. Please try again later.");
696
- return [2 /*return*/, new Promise(function () { })];
697
- });
698
- }); }, initializationError: initializationError }));
423
+ }
424
+ await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
425
+ prUnlock: new Promise(() => { })
426
+ });
427
+ if (persistedAuthState === "logged in") {
428
+ globalContext.evtRequestToPersistTokens.post({
429
+ configIdOfInstancePostingTheRequest: configId
430
+ });
431
+ }
432
+ await loginOrGoToAuthServer({
433
+ action: "login",
434
+ doForceReloadOnBfCache: true,
435
+ redirectUrl: initialLocationHref_1.initialLocationHref,
436
+ // NOTE: Wether or not it's the preferred behavior, pushing to history
437
+ // only works on user interaction so it have to be false
438
+ doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
439
+ extraQueryParams_local: undefined,
440
+ transformUrlBeforeRedirect_local: undefined,
441
+ interaction: (() => {
442
+ if (persistedAuthState === "explicitly logged out") {
443
+ return "ensure interaction";
699
444
  }
700
- if (resultOfLoginProcess === undefined) {
701
- log === null || log === void 0 ? void 0 : log("User not logged in");
702
- return (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: false, login: function (_a) { return __awaiter(_this, [_a], void 0, function (_b) {
703
- var _c;
704
- var doesCurrentHrefRequiresAuth = _b.doesCurrentHrefRequiresAuth, extraQueryParams = _b.extraQueryParams, redirectUrl = _b.redirectUrl, transformUrlBeforeRedirect = _b.transformUrlBeforeRedirect;
705
- return __generator(this, function (_d) {
706
- switch (_d.label) {
707
- case 0: return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
708
- prUnlock: (0, loginOrGoToAuthServer_1.getPrSafelyRestoredFromBfCacheAfterLoginBackNavigation)()
709
- })];
710
- case 1:
711
- _d.sent();
712
- return [2 /*return*/, loginOrGoToAuthServer({
713
- action: "login",
714
- doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: doesCurrentHrefRequiresAuth,
715
- doForceReloadOnBfCache: false,
716
- redirectUrl: (_c = redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : postLoginRedirectUrl_default) !== null && _c !== void 0 ? _c : window.location.href,
717
- extraQueryParams_local: extraQueryParams,
718
- transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
719
- interaction: (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) === "explicitly logged out"
720
- ? "ensure interaction"
721
- : "directly redirect if active session show login otherwise"
722
- })];
723
- }
724
- });
725
- }); }, initializationError: undefined }));
445
+ if (autoLogin) {
446
+ return "directly redirect if active session show login otherwise";
726
447
  }
727
- (0, tsafe_1.assert)(false);
728
- })();
729
- {
730
- prOtherTabLogin = (0, loginPropagationToOtherTabs_1.getPrOtherTabLogin)({
731
- configId: configId
732
- }).prOtherTabLogin;
733
- prOtherTabLogin.then(function () { return __awaiter(_this, void 0, void 0, function () {
734
- return __generator(this, function (_a) {
735
- switch (_a.label) {
736
- case 0:
737
- log === null || log === void 0 ? void 0 : log("Other tab has logged in, reloading this tab");
738
- return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
739
- prUnlock: new Promise(function () { })
740
- })];
741
- case 1:
742
- _a.sent();
743
- window.location.reload();
744
- return [2 /*return*/];
745
- }
746
- });
747
- }); });
748
- }
749
- // @ts-expect-error: We know what we're doing
750
- return [2 /*return*/, oidc_notLoggedIn];
448
+ return "ensure no interaction";
449
+ })()
450
+ });
451
+ (0, tsafe_1.assert)(false, "321389");
452
+ }
453
+ if (authResponse_error !== undefined) {
454
+ log?.([
455
+ `The auth server responded with: ${authResponse_error} `,
456
+ "login_required" === authResponse_error
457
+ ? `(login_required just means that there's no active session for the user)`
458
+ : ""
459
+ ].join(""));
460
+ }
461
+ break silent_login_if_possible_and_auto_login;
462
+ }
463
+ log?.("Successful silent signed in");
464
+ return {
465
+ oidcClientTsUser,
466
+ backFromAuthServer: undefined
467
+ };
468
+ }
469
+ // NOTE: The user is not logged in.
470
+ return undefined;
471
+ })();
472
+ completeLoginOrRefreshProcess();
473
+ await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
474
+ prUnlock: Promise.resolve()
475
+ });
476
+ const oidc_common = {
477
+ params: {
478
+ issuerUri,
479
+ clientId
480
+ }
481
+ };
482
+ not_loggedIn_case: {
483
+ if (!(resultOfLoginProcess instanceof Error) && resultOfLoginProcess !== undefined) {
484
+ break not_loggedIn_case;
485
+ }
486
+ evtIsUserLoggedIn.post(false);
487
+ if ((0, persistedAuthState_1.getPersistedAuthState)({ configId }) !== "explicitly logged out") {
488
+ (0, persistedAuthState_1.persistAuthState)({ configId, state: undefined });
489
+ }
490
+ const oidc_notLoggedIn = (() => {
491
+ if (resultOfLoginProcess instanceof Error) {
492
+ log?.("User not logged in and there was an initialization error");
493
+ const error = resultOfLoginProcess;
494
+ const initializationError = error instanceof OidcInitializationError_1.OidcInitializationError
495
+ ? error
496
+ : new OidcInitializationError_1.OidcInitializationError({
497
+ isAuthServerLikelyDown: false,
498
+ messageOrCause: error
499
+ });
500
+ if (autoLogin) {
501
+ throw initializationError;
502
+ }
503
+ console.error([
504
+ `oidc-spa Initialization Error: `,
505
+ `isAuthServerLikelyDown: ${initializationError.isAuthServerLikelyDown}`,
506
+ ``,
507
+ initializationError.message
508
+ ].join("\n"));
509
+ return (0, tsafe_1.id)({
510
+ ...oidc_common,
511
+ isUserLoggedIn: false,
512
+ login: async () => {
513
+ alert("Authentication is currently unavailable. Please try again later.");
514
+ return new Promise(() => { });
515
+ },
516
+ initializationError
517
+ });
518
+ }
519
+ if (resultOfLoginProcess === undefined) {
520
+ log?.("User not logged in");
521
+ return (0, tsafe_1.id)({
522
+ ...oidc_common,
523
+ isUserLoggedIn: false,
524
+ login: async ({ doesCurrentHrefRequiresAuth, extraQueryParams, redirectUrl, transformUrlBeforeRedirect }) => {
525
+ await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
526
+ prUnlock: (0, loginOrGoToAuthServer_1.getPrSafelyRestoredFromBfCacheAfterLoginBackNavigation)()
527
+ });
528
+ return loginOrGoToAuthServer({
529
+ action: "login",
530
+ doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: doesCurrentHrefRequiresAuth,
531
+ doForceReloadOnBfCache: false,
532
+ redirectUrl: redirectUrl ?? postLoginRedirectUrl_default ?? window.location.href,
533
+ extraQueryParams_local: extraQueryParams,
534
+ transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
535
+ interaction: (0, persistedAuthState_1.getPersistedAuthState)({ configId }) === "explicitly logged out"
536
+ ? "ensure interaction"
537
+ : "directly redirect if active session show login otherwise"
538
+ });
539
+ },
540
+ initializationError: undefined
541
+ });
542
+ }
543
+ (0, tsafe_1.assert)(false);
544
+ })();
545
+ {
546
+ const { prOtherTabLogin } = (0, loginPropagationToOtherTabs_1.getPrOtherTabLogin)({
547
+ configId
548
+ });
549
+ prOtherTabLogin.then(async () => {
550
+ log?.(`Other tab has logged in, reloading this tab`);
551
+ await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
552
+ prUnlock: new Promise(() => { })
553
+ });
554
+ window.location.reload();
555
+ });
556
+ }
557
+ // @ts-expect-error: We know what we're doing
558
+ return oidc_notLoggedIn;
559
+ }
560
+ log?.("User is logged in");
561
+ evtIsUserLoggedIn.post(true);
562
+ let currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
563
+ oidcClientTsUser: resultOfLoginProcess.oidcClientTsUser,
564
+ decodedIdTokenSchema,
565
+ __unsafe_useIdTokenAsAccessToken,
566
+ decodedIdToken_previous: undefined,
567
+ log
568
+ });
569
+ {
570
+ if ((0, persistedAuthState_1.getPersistedAuthState)({ configId }) !== undefined) {
571
+ (0, persistedAuthState_1.persistAuthState)({ configId, state: undefined });
572
+ }
573
+ if (!canUseIframe) {
574
+ (0, persistedAuthState_1.persistAuthState)({
575
+ configId,
576
+ state: {
577
+ stateDescription: "logged in",
578
+ refreshTokenExpirationTime: currentTokens.refreshTokenExpirationTime,
579
+ idleSessionLifetimeInSeconds
580
+ }
581
+ });
582
+ }
583
+ }
584
+ const autoLogoutCountdownTickCallbacks = new Set();
585
+ const onTokenChanges = new Set();
586
+ const { sid: sessionId, sub: subjectId } = currentTokens.decodedIdToken_original;
587
+ (0, tsafe_1.assert)(subjectId !== undefined, "The 'sub' claim is missing from the id token");
588
+ (0, tsafe_1.assert)(sessionId === undefined || typeof sessionId === "string");
589
+ let wouldHaveAutoLoggedOutIfBrowserWasOnline = false;
590
+ const oidc_loggedIn = (0, tsafe_1.id)({
591
+ ...oidc_common,
592
+ isUserLoggedIn: true,
593
+ getTokens: async () => {
594
+ if (wouldHaveAutoLoggedOutIfBrowserWasOnline) {
595
+ await oidc_loggedIn.logout(autoLogoutParams);
596
+ (0, tsafe_1.assert)(false);
597
+ }
598
+ renew_tokens: {
599
+ {
600
+ const msBeforeExpirationOfTheAccessToken = currentTokens.accessTokenExpirationTime - Date.now();
601
+ if (msBeforeExpirationOfTheAccessToken > 30000) {
602
+ break renew_tokens;
751
603
  }
752
- log === null || log === void 0 ? void 0 : log("User is logged in");
753
- evtIsUserLoggedIn.post(true);
754
- currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
755
- oidcClientTsUser: resultOfLoginProcess.oidcClientTsUser,
756
- decodedIdTokenSchema: decodedIdTokenSchema,
757
- __unsafe_useIdTokenAsAccessToken: __unsafe_useIdTokenAsAccessToken,
758
- decodedIdToken_previous: undefined,
759
- log: log
604
+ }
605
+ {
606
+ const msElapsedSinceCurrentTokenWereIssued = Date.now() - currentTokens.issuedAtTime;
607
+ if (msElapsedSinceCurrentTokenWereIssued < 5000) {
608
+ break renew_tokens;
609
+ }
610
+ }
611
+ await oidc_loggedIn.renewTokens();
612
+ }
613
+ return currentTokens;
614
+ },
615
+ getDecodedIdToken: () => currentTokens.decodedIdToken,
616
+ logout: async (params) => {
617
+ if (globalContext.hasLogoutBeenCalled) {
618
+ log?.("logout() has already been called, ignoring the call");
619
+ return new Promise(() => { });
620
+ }
621
+ globalContext.hasLogoutBeenCalled = true;
622
+ const postLogoutRedirectUrl = (() => {
623
+ switch (params.redirectTo) {
624
+ case "current page":
625
+ return window.location.href;
626
+ case "home":
627
+ return homeUrlAndRedirectUri;
628
+ case "specific url":
629
+ return (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
630
+ urlish: params.url,
631
+ doAssertNoQueryParams: false
632
+ });
633
+ }
634
+ })();
635
+ await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
636
+ prUnlock: new Promise(() => { })
637
+ });
638
+ window.addEventListener("pageshow", () => {
639
+ location.reload();
640
+ });
641
+ try {
642
+ await oidcClientTsUserManager.signoutRedirect({
643
+ state: (0, tsafe_1.id)({
644
+ configId,
645
+ context: "redirect",
646
+ redirectUrl: postLogoutRedirectUrl,
647
+ hasBeenProcessedByCallback: false,
648
+ action: "logout",
649
+ sessionId
650
+ }),
651
+ redirectMethod: "assign"
652
+ });
653
+ }
654
+ catch (error) {
655
+ (0, tsafe_1.assert)((0, tsafe_1.is)(error));
656
+ if (error.message === "No end session endpoint") {
657
+ log?.("No end session endpoint, managing logging state locally");
658
+ (0, persistedAuthState_1.persistAuthState)({ configId, state: { stateDescription: "explicitly logged out" } });
659
+ try {
660
+ await oidcClientTsUserManager.removeUser();
661
+ }
662
+ catch {
663
+ // NOTE: Not sure if it can throw
664
+ }
665
+ (0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
666
+ configId,
667
+ sessionId
760
668
  });
761
- {
762
- if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== undefined) {
763
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
764
- }
765
- if (!canUseIframe) {
766
- (0, persistedAuthState_1.persistAuthState)({
767
- configId: configId,
768
- state: {
769
- stateDescription: "logged in",
770
- refreshTokenExpirationTime: currentTokens.refreshTokenExpirationTime,
771
- idleSessionLifetimeInSeconds: idleSessionLifetimeInSeconds
772
- }
773
- });
669
+ window.location.href = postLogoutRedirectUrl;
670
+ }
671
+ else {
672
+ throw error;
673
+ }
674
+ }
675
+ return new Promise(() => { });
676
+ },
677
+ renewTokens: (() => {
678
+ async function renewTokens_nonMutexed(params) {
679
+ const { extraTokenParams } = params;
680
+ const fallbackToFullPageReload = async () => {
681
+ (0, persistedAuthState_1.persistAuthState)({ configId, state: undefined });
682
+ await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
683
+ prUnlock: new Promise(() => { })
684
+ });
685
+ globalContext.evtRequestToPersistTokens.post({
686
+ configIdOfInstancePostingTheRequest: configId
687
+ });
688
+ await loginOrGoToAuthServer({
689
+ action: "login",
690
+ redirectUrl: window.location.href,
691
+ doForceReloadOnBfCache: true,
692
+ extraQueryParams_local: undefined,
693
+ transformUrlBeforeRedirect_local: undefined,
694
+ doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
695
+ interaction: "directly redirect if active session show login otherwise"
696
+ });
697
+ (0, tsafe_1.assert)(false, "136134");
698
+ };
699
+ if (!currentTokens.hasRefreshToken && !canUseIframe) {
700
+ log?.([
701
+ "Unable to refresh tokens without a full app reload,",
702
+ "because no refresh token is available",
703
+ "and your app setup prevents silent sign-in via iframe.",
704
+ "Your only option to refresh tokens is to call `window.location.reload()`"
705
+ ].join(" "));
706
+ await fallbackToFullPageReload();
707
+ (0, tsafe_1.assert)(false, "136135");
708
+ }
709
+ log?.("Renewing tokens");
710
+ const { completeLoginOrRefreshProcess } = await (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)();
711
+ const result_loginSilent = await (0, loginSilent_1.loginSilent)({
712
+ oidcClientTsUserManager,
713
+ stateUrlParamValue_instance,
714
+ configId,
715
+ transformUrlBeforeRedirect,
716
+ getExtraQueryParams,
717
+ getExtraTokenParams: () => extraTokenParams,
718
+ autoLogin
719
+ });
720
+ if (result_loginSilent.outcome === "failure") {
721
+ completeLoginOrRefreshProcess();
722
+ // NOTE: This is a configuration or network error, okay to throw,
723
+ // this exception doesn't have to be handle if it fails it fails.
724
+ throw new Error(result_loginSilent.cause);
725
+ }
726
+ let oidcClientTsUser;
727
+ switch (result_loginSilent.outcome) {
728
+ case "token refreshed using refresh token":
729
+ {
730
+ log?.("Refresh token used");
731
+ oidcClientTsUser = result_loginSilent.oidcClientTsUser;
774
732
  }
775
- }
776
- autoLogoutCountdownTickCallbacks = new Set();
777
- onTokenChanges = new Set();
778
- _e = currentTokens.decodedIdToken_original, sessionId = _e.sid, subjectId = _e.sub;
779
- (0, tsafe_1.assert)(subjectId !== undefined, "The 'sub' claim is missing from the id token");
780
- (0, tsafe_1.assert)(sessionId === undefined || typeof sessionId === "string");
781
- wouldHaveAutoLoggedOutIfBrowserWasOnline = false;
782
- oidc_loggedIn = (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: true, getTokens: function () { return __awaiter(_this, void 0, void 0, function () {
783
- var msBeforeExpirationOfTheAccessToken, msElapsedSinceCurrentTokenWereIssued;
784
- return __generator(this, function (_a) {
785
- switch (_a.label) {
786
- case 0:
787
- if (!wouldHaveAutoLoggedOutIfBrowserWasOnline) return [3 /*break*/, 2];
788
- return [4 /*yield*/, oidc_loggedIn.logout(autoLogoutParams)];
789
- case 1:
790
- _a.sent();
791
- (0, tsafe_1.assert)(false);
792
- _a.label = 2;
793
- case 2:
794
- {
795
- msBeforeExpirationOfTheAccessToken = currentTokens.accessTokenExpirationTime - Date.now();
796
- if (msBeforeExpirationOfTheAccessToken > 30000) {
797
- return [3 /*break*/, 4];
798
- }
799
- }
800
- {
801
- msElapsedSinceCurrentTokenWereIssued = Date.now() - currentTokens.issuedAtTime;
802
- if (msElapsedSinceCurrentTokenWereIssued < 5000) {
803
- return [3 /*break*/, 4];
804
- }
805
- }
806
- return [4 /*yield*/, oidc_loggedIn.renewTokens()];
807
- case 3:
808
- _a.sent();
809
- _a.label = 4;
810
- case 4: return [2 /*return*/, currentTokens];
811
- }
812
- });
813
- }); }, getDecodedIdToken: function () { return currentTokens.decodedIdToken; }, logout: function (params) { return __awaiter(_this, void 0, void 0, function () {
814
- var postLogoutRedirectUrl, error_3, _a;
815
- return __generator(this, function (_b) {
816
- switch (_b.label) {
817
- case 0:
818
- if (globalContext.hasLogoutBeenCalled) {
819
- log === null || log === void 0 ? void 0 : log("logout() has already been called, ignoring the call");
820
- return [2 /*return*/, new Promise(function () { })];
821
- }
822
- globalContext.hasLogoutBeenCalled = true;
823
- postLogoutRedirectUrl = (function () {
824
- switch (params.redirectTo) {
825
- case "current page":
826
- return window.location.href;
827
- case "home":
828
- return homeUrl;
829
- case "specific url":
830
- return (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
831
- urlish: params.url,
832
- doAssertNoQueryParams: false
833
- });
834
- }
835
- })();
836
- return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
837
- prUnlock: new Promise(function () { })
838
- })];
839
- case 1:
840
- _b.sent();
841
- window.addEventListener("pageshow", function () {
842
- location.reload();
843
- });
844
- _b.label = 2;
845
- case 2:
846
- _b.trys.push([2, 4, , 11]);
847
- return [4 /*yield*/, oidcClientTsUserManager.signoutRedirect({
848
- state: (0, tsafe_1.id)({
849
- configId: configId,
850
- context: "redirect",
851
- redirectUrl: postLogoutRedirectUrl,
852
- hasBeenProcessedByCallback: false,
853
- action: "logout",
854
- sessionId: sessionId
855
- }),
856
- redirectMethod: "assign"
857
- })];
858
- case 3:
859
- _b.sent();
860
- return [3 /*break*/, 11];
861
- case 4:
862
- error_3 = _b.sent();
863
- (0, tsafe_1.assert)((0, tsafe_1.is)(error_3));
864
- if (!(error_3.message === "No end session endpoint")) return [3 /*break*/, 9];
865
- log === null || log === void 0 ? void 0 : log("No end session endpoint, managing logging state locally");
866
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: { stateDescription: "explicitly logged out" } });
867
- _b.label = 5;
868
- case 5:
869
- _b.trys.push([5, 7, , 8]);
870
- return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
871
- case 6:
872
- _b.sent();
873
- return [3 /*break*/, 8];
874
- case 7:
875
- _a = _b.sent();
876
- return [3 /*break*/, 8];
877
- case 8:
878
- (0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
879
- configId: configId,
880
- sessionId: sessionId
881
- });
882
- window.location.href = postLogoutRedirectUrl;
883
- return [3 /*break*/, 10];
884
- case 9: throw error_3;
885
- case 10: return [3 /*break*/, 11];
886
- case 11: return [2 /*return*/, new Promise(function () { })];
733
+ break;
734
+ case "got auth response from iframe":
735
+ {
736
+ const { authResponse } = result_loginSilent;
737
+ log?.("Tokens refresh using iframe", authResponse);
738
+ const authResponse_error = authResponse.error;
739
+ let oidcClientTsUser_scope = undefined;
740
+ try {
741
+ oidcClientTsUser_scope =
742
+ await oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse));
743
+ }
744
+ catch (error) {
745
+ (0, tsafe_1.assert)(error instanceof Error, "321389");
746
+ if (authResponse_error === undefined) {
747
+ completeLoginOrRefreshProcess();
748
+ // Same here, if it fails it fails.
749
+ throw error;
887
750
  }
888
- });
889
- }); }, renewTokens: (function () {
890
- function renewTokens_nonMutexed(params) {
891
- return __awaiter(this, void 0, void 0, function () {
892
- var extraTokenParams, fallbackToFullPageReload, completeLoginOrRefreshProcess, result_loginSilent, oidcClientTsUser, _a, authResponse, authResponse_error, oidcClientTsUser_scope, error_4;
893
- var _this = this;
894
- return __generator(this, function (_b) {
895
- switch (_b.label) {
896
- case 0:
897
- extraTokenParams = params.extraTokenParams;
898
- fallbackToFullPageReload = function () { return __awaiter(_this, void 0, void 0, function () {
899
- return __generator(this, function (_a) {
900
- switch (_a.label) {
901
- case 0:
902
- (0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
903
- return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
904
- prUnlock: new Promise(function () { })
905
- })];
906
- case 1:
907
- _a.sent();
908
- globalContext.evtRequestToPersistTokens.post({
909
- configIdOfInstancePostingTheRequest: configId
910
- });
911
- return [4 /*yield*/, loginOrGoToAuthServer({
912
- action: "login",
913
- redirectUrl: window.location.href,
914
- doForceReloadOnBfCache: true,
915
- extraQueryParams_local: undefined,
916
- transformUrlBeforeRedirect_local: undefined,
917
- doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
918
- interaction: "directly redirect if active session show login otherwise"
919
- })];
920
- case 2:
921
- _a.sent();
922
- (0, tsafe_1.assert)(false, "136134");
923
- return [2 /*return*/];
924
- }
925
- });
926
- }); };
927
- if (!(!currentTokens.hasRefreshToken && !canUseIframe)) return [3 /*break*/, 2];
928
- log === null || log === void 0 ? void 0 : log([
929
- "Unable to refresh tokens without a full app reload,",
930
- "because no refresh token is available",
931
- "and your app setup prevents silent sign-in via iframe.",
932
- "Your only option to refresh tokens is to call `window.location.reload()`"
933
- ].join(" "));
934
- return [4 /*yield*/, fallbackToFullPageReload()];
935
- case 1:
936
- _b.sent();
937
- (0, tsafe_1.assert)(false, "136135");
938
- _b.label = 2;
939
- case 2:
940
- log === null || log === void 0 ? void 0 : log("Renewing tokens");
941
- return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)()];
942
- case 3:
943
- completeLoginOrRefreshProcess = (_b.sent()).completeLoginOrRefreshProcess;
944
- return [4 /*yield*/, (0, loginSilent_1.loginSilent)({
945
- oidcClientTsUserManager: oidcClientTsUserManager,
946
- stateQueryParamValue_instance: stateQueryParamValue_instance,
947
- configId: configId,
948
- transformUrlBeforeRedirect: transformUrlBeforeRedirect,
949
- getExtraQueryParams: getExtraQueryParams,
950
- getExtraTokenParams: function () { return extraTokenParams; },
951
- autoLogin: autoLogin
952
- })];
953
- case 4:
954
- result_loginSilent = _b.sent();
955
- if (result_loginSilent.outcome === "failure") {
956
- completeLoginOrRefreshProcess();
957
- // NOTE: This is a configuration or network error, okay to throw,
958
- // this exception doesn't have to be handle if it fails it fails.
959
- throw new Error(result_loginSilent.cause);
960
- }
961
- _a = result_loginSilent.outcome;
962
- switch (_a) {
963
- case "token refreshed using refresh token": return [3 /*break*/, 5];
964
- case "got auth response from iframe": return [3 /*break*/, 6];
965
- }
966
- return [3 /*break*/, 13];
967
- case 5:
968
- {
969
- log === null || log === void 0 ? void 0 : log("Refresh token used");
970
- oidcClientTsUser = result_loginSilent.oidcClientTsUser;
971
- }
972
- return [3 /*break*/, 14];
973
- case 6:
974
- authResponse = result_loginSilent.authResponse;
975
- log === null || log === void 0 ? void 0 : log("Tokens refresh using iframe", authResponse);
976
- authResponse_error = authResponse.error;
977
- oidcClientTsUser_scope = undefined;
978
- _b.label = 7;
979
- case 7:
980
- _b.trys.push([7, 9, , 10]);
981
- return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse))];
982
- case 8:
983
- oidcClientTsUser_scope =
984
- _b.sent();
985
- return [3 /*break*/, 10];
986
- case 9:
987
- error_4 = _b.sent();
988
- (0, tsafe_1.assert)(error_4 instanceof Error, "321389");
989
- if (authResponse_error === undefined) {
990
- completeLoginOrRefreshProcess();
991
- // Same here, if it fails it fails.
992
- throw error_4;
993
- }
994
- return [3 /*break*/, 10];
995
- case 10:
996
- if (!(oidcClientTsUser_scope === undefined)) return [3 /*break*/, 12];
997
- // NOTE: Here we got a response but it's an error, session might have been
998
- // deleted or other edge case.
999
- completeLoginOrRefreshProcess();
1000
- log === null || log === void 0 ? void 0 : log([
1001
- "The user is probably not logged in anymore,",
1002
- "need to redirect to login pages"
1003
- ].join(" "));
1004
- return [4 /*yield*/, fallbackToFullPageReload()];
1005
- case 11:
1006
- _b.sent();
1007
- (0, tsafe_1.assert)(false, "136135");
1008
- _b.label = 12;
1009
- case 12:
1010
- oidcClientTsUser = oidcClientTsUser_scope;
1011
- return [3 /*break*/, 14];
1012
- case 13:
1013
- (0, tsafe_1.assert)(false);
1014
- return [3 /*break*/, 14];
1015
- case 14:
1016
- currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
1017
- oidcClientTsUser: oidcClientTsUser,
1018
- decodedIdTokenSchema: decodedIdTokenSchema,
1019
- __unsafe_useIdTokenAsAccessToken: __unsafe_useIdTokenAsAccessToken,
1020
- decodedIdToken_previous: currentTokens.decodedIdToken,
1021
- log: log
1022
- });
1023
- if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== undefined) {
1024
- (0, persistedAuthState_1.persistAuthState)({
1025
- configId: configId,
1026
- state: {
1027
- stateDescription: "logged in",
1028
- refreshTokenExpirationTime: currentTokens.refreshTokenExpirationTime,
1029
- idleSessionLifetimeInSeconds: idleSessionLifetimeInSeconds
1030
- }
1031
- });
1032
- }
1033
- Array.from(onTokenChanges).forEach(function (onTokenChange) { return onTokenChange(currentTokens); });
1034
- completeLoginOrRefreshProcess();
1035
- return [2 /*return*/];
1036
- }
1037
- });
1038
- });
1039
751
  }
1040
- var ongoingCall = undefined;
1041
- function handleFinally() {
1042
- (0, tsafe_1.assert)(ongoingCall !== undefined, "131276");
1043
- var pr = ongoingCall.pr;
1044
- pr.finally(function () {
1045
- (0, tsafe_1.assert)(ongoingCall !== undefined, "549462");
1046
- if (ongoingCall.pr !== pr) {
1047
- return;
1048
- }
1049
- ongoingCall = undefined;
1050
- });
752
+ if (oidcClientTsUser_scope === undefined) {
753
+ // NOTE: Here we got a response but it's an error, session might have been
754
+ // deleted or other edge case.
755
+ completeLoginOrRefreshProcess();
756
+ log?.([
757
+ "The user is probably not logged in anymore,",
758
+ "need to redirect to login pages"
759
+ ].join(" "));
760
+ await fallbackToFullPageReload();
761
+ (0, tsafe_1.assert)(false, "136135");
1051
762
  }
1052
- return function (params) { return __awaiter(_this, void 0, void 0, function () {
1053
- var extraTokenParams_local, extraTokenParams;
1054
- var _this = this;
1055
- return __generator(this, function (_a) {
1056
- extraTokenParams_local = (params !== null && params !== void 0 ? params : {}).extraTokenParams;
1057
- extraTokenParams = __assign(__assign({}, getExtraTokenParams === null || getExtraTokenParams === void 0 ? void 0 : getExtraTokenParams()), extraTokenParams_local);
1058
- if (ongoingCall === undefined) {
1059
- ongoingCall = {
1060
- pr: renewTokens_nonMutexed({ extraTokenParams: extraTokenParams }),
1061
- extraTokenParams: extraTokenParams
1062
- };
1063
- handleFinally();
1064
- return [2 /*return*/, ongoingCall.pr];
1065
- }
1066
- if (JSON.stringify(extraTokenParams) === JSON.stringify(ongoingCall.extraTokenParams)) {
1067
- return [2 /*return*/, ongoingCall.pr];
1068
- }
1069
- ongoingCall = {
1070
- pr: (function () { return __awaiter(_this, void 0, void 0, function () {
1071
- var _a;
1072
- return __generator(this, function (_b) {
1073
- switch (_b.label) {
1074
- case 0:
1075
- _b.trys.push([0, 2, , 3]);
1076
- return [4 /*yield*/, ongoingCall.pr];
1077
- case 1:
1078
- _b.sent();
1079
- return [3 /*break*/, 3];
1080
- case 2:
1081
- _a = _b.sent();
1082
- return [3 /*break*/, 3];
1083
- case 3: return [2 /*return*/, renewTokens_nonMutexed({ extraTokenParams: extraTokenParams })];
1084
- }
1085
- });
1086
- }); })(),
1087
- extraTokenParams: extraTokenParams
1088
- };
1089
- handleFinally();
1090
- return [2 /*return*/, ongoingCall.pr];
1091
- });
1092
- }); };
1093
- })(), subscribeToTokensChange: function (onTokenChange) {
1094
- onTokenChanges.add(onTokenChange);
1095
- return {
1096
- unsubscribe: function () {
1097
- onTokenChanges.delete(onTokenChange);
1098
- }
1099
- };
1100
- }, subscribeToAutoLogoutCountdown: function (tickCallback) {
1101
- autoLogoutCountdownTickCallbacks.add(tickCallback);
1102
- var unsubscribeFromAutoLogoutCountdown = function () {
1103
- autoLogoutCountdownTickCallbacks.delete(tickCallback);
1104
- };
1105
- return { unsubscribeFromAutoLogoutCountdown: unsubscribeFromAutoLogoutCountdown };
1106
- }, goToAuthServer: function (_a) {
1107
- var extraQueryParams = _a.extraQueryParams, redirectUrl = _a.redirectUrl, transformUrlBeforeRedirect = _a.transformUrlBeforeRedirect;
1108
- return loginOrGoToAuthServer({
1109
- action: "go to auth server",
1110
- redirectUrl: redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : window.location.href,
1111
- extraQueryParams_local: extraQueryParams,
1112
- transformUrlBeforeRedirect_local: transformUrlBeforeRedirect
1113
- });
1114
- }, backFromAuthServer: resultOfLoginProcess.backFromAuthServer, isNewBrowserSession: (function () {
1115
- var value = getIsNewBrowserSession({ subjectId: subjectId });
1116
- log === null || log === void 0 ? void 0 : log("isNewBrowserSession: ".concat(value));
1117
- return value;
1118
- })() }));
1119
- {
1120
- prOtherTabLogout = (0, logoutPropagationToOtherTabs_1.getPrOtherTabLogout)({
1121
- configId: configId,
1122
- sessionId: sessionId
1123
- }).prOtherTabLogout;
1124
- prOtherTabLogout.then(function () { return __awaiter(_this, void 0, void 0, function () {
1125
- return __generator(this, function (_a) {
1126
- switch (_a.label) {
1127
- case 0:
1128
- log === null || log === void 0 ? void 0 : log("Other tab has logged out, refreshing current tab");
1129
- return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
1130
- prUnlock: new Promise(function () { })
1131
- })];
1132
- case 1:
1133
- _a.sent();
1134
- location.reload();
1135
- return [2 /*return*/];
1136
- }
1137
- });
1138
- }); });
1139
- }
1140
- (function scheduleRenew() {
1141
- var _this = this;
1142
- var _a;
1143
- if (!currentTokens.hasRefreshToken && !canUseIframe) {
1144
- log === null || log === void 0 ? void 0 : log([
1145
- "Disabling token auto refresh mechanism because we",
1146
- "have no way to renew the tokens without a full page reload"
1147
- ].join(" "));
1148
- return;
763
+ oidcClientTsUser = oidcClientTsUser_scope;
1149
764
  }
1150
- var msBeforeExpiration = ((_a = currentTokens.refreshTokenExpirationTime) !== null && _a !== void 0 ? _a : currentTokens.accessTokenExpirationTime) -
1151
- Date.now();
1152
- var typeOfTheTokenWeGotTheTtlFrom = currentTokens.refreshTokenExpirationTime !== undefined ? "refresh" : "access";
1153
- var RENEW_MS_BEFORE_EXPIRES = 30000;
1154
- if (msBeforeExpiration <= RENEW_MS_BEFORE_EXPIRES) {
1155
- // NOTE: We just got a new token that is about to expire. This means that
1156
- // the refresh token has reached it's max SSO time.
1157
- // ...or that the refresh token have a very short lifespan...
1158
- // anyway, no need to keep alive, it will probably redirect on the next getTokens() or refreshTokens() call
1159
- log === null || log === void 0 ? void 0 : log([
1160
- "Disabling auto renew mechanism. We just got fresh tokens",
1161
- (function () {
1162
- switch (typeOfTheTokenWeGotTheTtlFrom) {
1163
- case "refresh":
1164
- return [
1165
- " and the refresh token is already about to expires.",
1166
- "This means that we have reached the max session lifespan, we can't keep",
1167
- "the session alive any longer.",
1168
- "(This can also mean that the refresh token was configured with a TTL,",
1169
- "aka the idle session lifespan, too low to make sense)"
1170
- ].join(" ");
1171
- case "access":
1172
- return [
1173
- currentTokens.hasRefreshToken
1174
- ? ", we can't read the expiration time of the refresh token"
1175
- : ", we don't have a refresh token",
1176
- " and the access token is already about to expire",
1177
- "we would spam the auth server by constantly renewing the access token in the background",
1178
- "avoiding to do so."
1179
- ].join(" ");
1180
- }
1181
- })()
1182
- ].join(" "));
1183
- return;
765
+ break;
766
+ default:
767
+ (0, tsafe_1.assert)(false);
768
+ break;
769
+ }
770
+ currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
771
+ oidcClientTsUser,
772
+ decodedIdTokenSchema,
773
+ __unsafe_useIdTokenAsAccessToken,
774
+ decodedIdToken_previous: currentTokens.decodedIdToken,
775
+ log
776
+ });
777
+ if ((0, persistedAuthState_1.getPersistedAuthState)({ configId }) !== undefined) {
778
+ (0, persistedAuthState_1.persistAuthState)({
779
+ configId,
780
+ state: {
781
+ stateDescription: "logged in",
782
+ refreshTokenExpirationTime: currentTokens.refreshTokenExpirationTime,
783
+ idleSessionLifetimeInSeconds
1184
784
  }
1185
- log === null || log === void 0 ? void 0 : log([
1186
- (0, toHumanReadableDuration_1.toHumanReadableDuration)(msBeforeExpiration),
1187
- "before expiration of the ".concat(typeOfTheTokenWeGotTheTtlFrom, " token."),
1188
- "Scheduling renewal ".concat((0, toHumanReadableDuration_1.toHumanReadableDuration)(RENEW_MS_BEFORE_EXPIRES), " before expiration to keep the session alive on the OIDC server.")
785
+ });
786
+ }
787
+ Array.from(onTokenChanges).forEach(onTokenChange => onTokenChange(currentTokens));
788
+ completeLoginOrRefreshProcess();
789
+ }
790
+ let ongoingCall = undefined;
791
+ function handleFinally() {
792
+ (0, tsafe_1.assert)(ongoingCall !== undefined, "131276");
793
+ const { pr } = ongoingCall;
794
+ pr.finally(() => {
795
+ (0, tsafe_1.assert)(ongoingCall !== undefined, "549462");
796
+ if (ongoingCall.pr !== pr) {
797
+ return;
798
+ }
799
+ ongoingCall = undefined;
800
+ });
801
+ }
802
+ return async (params) => {
803
+ const { extraTokenParams: extraTokenParams_local } = params ?? {};
804
+ const extraTokenParams = {
805
+ ...getExtraTokenParams?.(),
806
+ ...extraTokenParams_local
807
+ };
808
+ if (ongoingCall === undefined) {
809
+ ongoingCall = {
810
+ pr: renewTokens_nonMutexed({ extraTokenParams }),
811
+ extraTokenParams
812
+ };
813
+ handleFinally();
814
+ return ongoingCall.pr;
815
+ }
816
+ if (JSON.stringify(extraTokenParams) === JSON.stringify(ongoingCall.extraTokenParams)) {
817
+ return ongoingCall.pr;
818
+ }
819
+ ongoingCall = {
820
+ pr: (async () => {
821
+ try {
822
+ await ongoingCall.pr;
823
+ }
824
+ catch { }
825
+ return renewTokens_nonMutexed({ extraTokenParams });
826
+ })(),
827
+ extraTokenParams
828
+ };
829
+ handleFinally();
830
+ return ongoingCall.pr;
831
+ };
832
+ })(),
833
+ subscribeToTokensChange: onTokenChange => {
834
+ onTokenChanges.add(onTokenChange);
835
+ return {
836
+ unsubscribe: () => {
837
+ onTokenChanges.delete(onTokenChange);
838
+ }
839
+ };
840
+ },
841
+ subscribeToAutoLogoutCountdown: tickCallback => {
842
+ autoLogoutCountdownTickCallbacks.add(tickCallback);
843
+ const unsubscribeFromAutoLogoutCountdown = () => {
844
+ autoLogoutCountdownTickCallbacks.delete(tickCallback);
845
+ };
846
+ return { unsubscribeFromAutoLogoutCountdown };
847
+ },
848
+ goToAuthServer: ({ extraQueryParams, redirectUrl, transformUrlBeforeRedirect }) => loginOrGoToAuthServer({
849
+ action: "go to auth server",
850
+ redirectUrl: redirectUrl ?? window.location.href,
851
+ extraQueryParams_local: extraQueryParams,
852
+ transformUrlBeforeRedirect_local: transformUrlBeforeRedirect
853
+ }),
854
+ backFromAuthServer: resultOfLoginProcess.backFromAuthServer,
855
+ isNewBrowserSession: (() => {
856
+ const value = getIsNewBrowserSession({ subjectId });
857
+ log?.(`isNewBrowserSession: ${value}`);
858
+ return value;
859
+ })()
860
+ });
861
+ {
862
+ const { prOtherTabLogout } = (0, logoutPropagationToOtherTabs_1.getPrOtherTabLogout)({
863
+ configId,
864
+ sessionId
865
+ });
866
+ prOtherTabLogout.then(async () => {
867
+ log?.(`Other tab has logged out, refreshing current tab`);
868
+ await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
869
+ prUnlock: new Promise(() => { })
870
+ });
871
+ location.reload();
872
+ });
873
+ }
874
+ (function scheduleRenew() {
875
+ if (!currentTokens.hasRefreshToken && !canUseIframe) {
876
+ log?.([
877
+ "Disabling token auto refresh mechanism because we",
878
+ "have no way to renew the tokens without a full page reload"
879
+ ].join(" "));
880
+ return;
881
+ }
882
+ const msBeforeExpiration = (currentTokens.refreshTokenExpirationTime ?? currentTokens.accessTokenExpirationTime) -
883
+ Date.now();
884
+ const typeOfTheTokenWeGotTheTtlFrom = currentTokens.refreshTokenExpirationTime !== undefined ? "refresh" : "access";
885
+ const RENEW_MS_BEFORE_EXPIRES = 30000;
886
+ if (msBeforeExpiration <= RENEW_MS_BEFORE_EXPIRES) {
887
+ // NOTE: We just got a new token that is about to expire. This means that
888
+ // the refresh token has reached it's max SSO time.
889
+ // ...or that the refresh token have a very short lifespan...
890
+ // anyway, no need to keep alive, it will probably redirect on the next getTokens() or refreshTokens() call
891
+ log?.([
892
+ "Disabling auto renew mechanism. We just got fresh tokens",
893
+ (() => {
894
+ switch (typeOfTheTokenWeGotTheTtlFrom) {
895
+ case "refresh":
896
+ return [
897
+ " and the refresh token is already about to expires.",
898
+ "This means that we have reached the max session lifespan, we can't keep",
899
+ "the session alive any longer.",
900
+ "(This can also mean that the refresh token was configured with a TTL,",
901
+ "aka the idle session lifespan, too low to make sense)"
902
+ ].join(" ");
903
+ case "access":
904
+ return [
905
+ currentTokens.hasRefreshToken
906
+ ? ", we can't read the expiration time of the refresh token"
907
+ : ", we don't have a refresh token",
908
+ ` and the access token is already about to expire`,
909
+ "we would spam the auth server by constantly renewing the access token in the background",
910
+ "avoiding to do so."
911
+ ].join(" ");
912
+ }
913
+ })()
914
+ ].join(" "));
915
+ return;
916
+ }
917
+ log?.([
918
+ (0, toHumanReadableDuration_1.toHumanReadableDuration)(msBeforeExpiration),
919
+ `before expiration of the ${typeOfTheTokenWeGotTheTtlFrom} token.`,
920
+ `Scheduling renewal ${(0, toHumanReadableDuration_1.toHumanReadableDuration)(RENEW_MS_BEFORE_EXPIRES)} before expiration to keep the session alive on the OIDC server.`
921
+ ].join(" "));
922
+ const timer = (0, workerTimers_1.setTimeout)(async () => {
923
+ {
924
+ const { isOnline, prOnline } = (0, getIsOnline_1.getIsOnline)();
925
+ if (!isOnline) {
926
+ const didCameBackOnlineInTime = await Promise.race([
927
+ new Promise(resolve => (0, workerTimers_1.setTimeout)(() => resolve(false), RENEW_MS_BEFORE_EXPIRES - 1000)),
928
+ prOnline.then(() => true)
929
+ ]);
930
+ if (!didCameBackOnlineInTime) {
931
+ log?.([
932
+ "The session expired on the OIDC server.",
933
+ "We couldn't keep it alive because the browser was offline.",
934
+ "We are not redirecting to the login page to support PWAs with offline features.",
935
+ "However, the next getTokens() call will trigger a redirect to the Auth server login page."
1189
936
  ].join(" "));
1190
- var timer = (0, workerTimers_1.setTimeout)(function () { return __awaiter(_this, void 0, void 0, function () {
1191
- var _a, isOnline, prOnline, didCameBackOnlineInTime;
1192
- return __generator(this, function (_b) {
1193
- switch (_b.label) {
1194
- case 0:
1195
- _a = (0, getIsOnline_1.getIsOnline)(), isOnline = _a.isOnline, prOnline = _a.prOnline;
1196
- if (!!isOnline) return [3 /*break*/, 2];
1197
- return [4 /*yield*/, Promise.race([
1198
- new Promise(function (resolve) {
1199
- return (0, workerTimers_1.setTimeout)(function () { return resolve(false); }, RENEW_MS_BEFORE_EXPIRES - 1000);
1200
- }),
1201
- prOnline.then(function () { return true; })
1202
- ])];
1203
- case 1:
1204
- didCameBackOnlineInTime = _b.sent();
1205
- if (!didCameBackOnlineInTime) {
1206
- log === null || log === void 0 ? void 0 : log([
1207
- "The session expired on the OIDC server.",
1208
- "We couldn't keep it alive because the browser was offline.",
1209
- "We are not redirecting to the login page to support PWAs with offline features.",
1210
- "However, the next getTokens() call will trigger a redirect to the Auth server login page."
1211
- ].join(" "));
1212
- return [2 /*return*/];
1213
- }
1214
- _b.label = 2;
1215
- case 2:
1216
- log === null || log === void 0 ? void 0 : log("Renewing the tokens now as the ".concat(typeOfTheTokenWeGotTheTtlFrom, " token will expire in ").concat((0, toHumanReadableDuration_1.toHumanReadableDuration)(RENEW_MS_BEFORE_EXPIRES)));
1217
- return [4 /*yield*/, oidc_loggedIn.renewTokens()];
1218
- case 3:
1219
- _b.sent();
1220
- return [2 /*return*/];
1221
- }
1222
- });
1223
- }); }, Math.min(msBeforeExpiration - RENEW_MS_BEFORE_EXPIRES,
1224
- // NOTE: We want to make sure we do not overflow the setTimeout
1225
- // that must be a 32 bit unsigned integer.
1226
- // This can happen if the tokenExpirationTime is more than 24.8 days in the future.
1227
- Math.pow(2, 31) - 1));
1228
- var tokenChangeUnsubscribe = oidc_loggedIn.subscribeToTokensChange(function () {
1229
- (0, workerTimers_1.clearTimeout)(timer);
1230
- tokenChangeUnsubscribe();
1231
- scheduleRenew();
1232
- }).unsubscribe;
1233
- })();
1234
- auto_logout: {
1235
- getCurrentRefreshTokenTtlInSeconds_1 = function () {
1236
- if (idleSessionLifetimeInSeconds !== undefined) {
1237
- return idleSessionLifetimeInSeconds;
1238
- }
1239
- if (currentTokens.refreshTokenExpirationTime === undefined) {
1240
- return undefined;
1241
- }
1242
- return (currentTokens.refreshTokenExpirationTime - currentTokens.issuedAtTime) / 1000;
1243
- };
1244
- if (getCurrentRefreshTokenTtlInSeconds_1() === undefined) {
1245
- log === null || log === void 0 ? void 0 : log("".concat(currentTokens.hasRefreshToken
1246
- ? "The refresh token is opaque, we can't read it's expiration time"
1247
- : "No refresh token", ", and idleSessionLifetimeInSeconds was not set, can't implement auto logout mechanism"));
1248
- break auto_logout;
937
+ return;
938
+ }
939
+ }
940
+ }
941
+ log?.(`Renewing the tokens now as the ${typeOfTheTokenWeGotTheTtlFrom} token will expire in ${(0, toHumanReadableDuration_1.toHumanReadableDuration)(RENEW_MS_BEFORE_EXPIRES)}`);
942
+ await oidc_loggedIn.renewTokens();
943
+ }, Math.min(msBeforeExpiration - RENEW_MS_BEFORE_EXPIRES,
944
+ // NOTE: We want to make sure we do not overflow the setTimeout
945
+ // that must be a 32 bit unsigned integer.
946
+ // This can happen if the tokenExpirationTime is more than 24.8 days in the future.
947
+ Math.pow(2, 31) - 1));
948
+ const { unsubscribe: tokenChangeUnsubscribe } = oidc_loggedIn.subscribeToTokensChange(() => {
949
+ (0, workerTimers_1.clearTimeout)(timer);
950
+ tokenChangeUnsubscribe();
951
+ scheduleRenew();
952
+ });
953
+ })();
954
+ auto_logout: {
955
+ const getCurrentRefreshTokenTtlInSeconds = () => {
956
+ if (idleSessionLifetimeInSeconds !== undefined) {
957
+ return idleSessionLifetimeInSeconds;
958
+ }
959
+ if (currentTokens.refreshTokenExpirationTime === undefined) {
960
+ return undefined;
961
+ }
962
+ return (currentTokens.refreshTokenExpirationTime - currentTokens.issuedAtTime) / 1000;
963
+ };
964
+ if (getCurrentRefreshTokenTtlInSeconds() === undefined) {
965
+ log?.(`${currentTokens.hasRefreshToken
966
+ ? "The refresh token is opaque, we can't read it's expiration time"
967
+ : "No refresh token"}, and idleSessionLifetimeInSeconds was not set, can't implement auto logout mechanism`);
968
+ break auto_logout;
969
+ }
970
+ const { startCountdown } = (0, startCountdown_1.createStartCountdown)({
971
+ tickCallback: async ({ secondsLeft }) => {
972
+ const invokeAllCallbacks = (params) => {
973
+ const { secondsLeft } = params;
974
+ Array.from(autoLogoutCountdownTickCallbacks).forEach(tickCallback => tickCallback({ secondsLeft }));
975
+ };
976
+ invokeAllCallbacks({ secondsLeft });
977
+ if (secondsLeft === 0) {
978
+ cancel_if_offline: {
979
+ const { isOnline, prOnline } = (0, getIsOnline_1.getIsOnline)();
980
+ if (isOnline) {
981
+ break cancel_if_offline;
1249
982
  }
1250
- startCountdown_2 = (0, startCountdown_1.createStartCountdown)({
1251
- tickCallback: function (_a) { return __awaiter(_this, [_a], void 0, function (_b) {
1252
- var invokeAllCallbacks, _c, isOnline, prOnline, didCameBackOnline;
1253
- var secondsLeft = _b.secondsLeft;
1254
- return __generator(this, function (_d) {
1255
- switch (_d.label) {
1256
- case 0:
1257
- invokeAllCallbacks = function (params) {
1258
- var secondsLeft = params.secondsLeft;
1259
- Array.from(autoLogoutCountdownTickCallbacks).forEach(function (tickCallback) {
1260
- return tickCallback({ secondsLeft: secondsLeft });
1261
- });
1262
- };
1263
- invokeAllCallbacks({ secondsLeft: secondsLeft });
1264
- if (!(secondsLeft === 0)) return [3 /*break*/, 4];
1265
- _c = (0, getIsOnline_1.getIsOnline)(), isOnline = _c.isOnline, prOnline = _c.prOnline;
1266
- if (isOnline) {
1267
- return [3 /*break*/, 2];
1268
- }
1269
- return [4 /*yield*/, Promise.race([
1270
- new Promise(function (resolve) { return (0, workerTimers_1.setTimeout)(function () { return resolve(false); }, 10000); }),
1271
- prOnline.then(function () { return true; })
1272
- ])];
1273
- case 1:
1274
- didCameBackOnline = _d.sent();
1275
- if (didCameBackOnline) {
1276
- return [3 /*break*/, 2];
1277
- }
1278
- log === null || log === void 0 ? void 0 : log([
1279
- "Normally now we should auto logout.",
1280
- "However since the browser is currently offline",
1281
- "we avoid calling logout() now to play nice in case",
1282
- "this app is a PWA.",
1283
- "Next getTokens() is called logout will be called"
1284
- ].join(" "));
1285
- unsubscribeFromIsUserActive_1();
1286
- invokeAllCallbacks({ secondsLeft: undefined });
1287
- wouldHaveAutoLoggedOutIfBrowserWasOnline = true;
1288
- return [2 /*return*/];
1289
- case 2: return [4 /*yield*/, oidc_loggedIn.logout(autoLogoutParams)];
1290
- case 3:
1291
- _d.sent();
1292
- _d.label = 4;
1293
- case 4: return [2 /*return*/];
1294
- }
1295
- });
1296
- }); }
1297
- }).startCountdown;
1298
- stopCountdown_1 = undefined;
1299
- evtIsUserActive = (0, evtIsUserActive_1.createEvtIsUserActive)({
1300
- configId: configId,
1301
- sessionId: sessionId
1302
- });
1303
- unsubscribeFromIsUserActive_1 = evtIsUserActive.subscribe(function (isUserActive) {
1304
- if (isUserActive) {
1305
- if (stopCountdown_1 !== undefined) {
1306
- stopCountdown_1();
1307
- stopCountdown_1 = undefined;
1308
- }
1309
- }
1310
- else {
1311
- (0, tsafe_1.assert)(stopCountdown_1 === undefined, "902992");
1312
- var currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds_1();
1313
- (0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "902992326");
1314
- stopCountdown_1 = startCountdown_2({
1315
- countDownFromSeconds: currentRefreshTokenTtlInSeconds
1316
- }).stopCountdown;
1317
- }
1318
- }).unsubscribe;
1319
- {
1320
- currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds_1();
1321
- (0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "9029923253");
1322
- log === null || log === void 0 ? void 0 : log([
1323
- "The user will be automatically logged out after ".concat((0, toHumanReadableDuration_1.toHumanReadableDuration)(currentRefreshTokenTtlInSeconds * 1000), " of inactivity."),
1324
- idleSessionLifetimeInSeconds === undefined
1325
- ? undefined
1326
- : "It was artificially defined by using the idleSessionLifetimeInSeconds param."
1327
- ]
1328
- .filter(function (x) { return x !== undefined; })
1329
- .join("\n"));
983
+ const didCameBackOnline = await Promise.race([
984
+ new Promise(resolve => (0, workerTimers_1.setTimeout)(() => resolve(false), 10000)),
985
+ prOnline.then(() => true)
986
+ ]);
987
+ if (didCameBackOnline) {
988
+ break cancel_if_offline;
1330
989
  }
990
+ log?.([
991
+ "Normally now we should auto logout.",
992
+ "However since the browser is currently offline",
993
+ "we avoid calling logout() now to play nice in case",
994
+ "this app is a PWA.",
995
+ "Next getTokens() is called logout will be called"
996
+ ].join(" "));
997
+ unsubscribeFromIsUserActive();
998
+ invokeAllCallbacks({ secondsLeft: undefined });
999
+ wouldHaveAutoLoggedOutIfBrowserWasOnline = true;
1000
+ return;
1331
1001
  }
1332
- return [2 /*return*/, oidc_loggedIn];
1002
+ await oidc_loggedIn.logout(autoLogoutParams);
1003
+ }
1333
1004
  }
1334
1005
  });
1335
- });
1006
+ let stopCountdown = undefined;
1007
+ const evtIsUserActive = (0, evtIsUserActive_1.createEvtIsUserActive)({
1008
+ configId,
1009
+ sessionId
1010
+ });
1011
+ const { unsubscribe: unsubscribeFromIsUserActive } = evtIsUserActive.subscribe(isUserActive => {
1012
+ if (isUserActive) {
1013
+ if (stopCountdown !== undefined) {
1014
+ stopCountdown();
1015
+ stopCountdown = undefined;
1016
+ }
1017
+ }
1018
+ else {
1019
+ (0, tsafe_1.assert)(stopCountdown === undefined, "902992");
1020
+ const currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds();
1021
+ (0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "902992326");
1022
+ stopCountdown = startCountdown({
1023
+ countDownFromSeconds: currentRefreshTokenTtlInSeconds
1024
+ }).stopCountdown;
1025
+ }
1026
+ });
1027
+ {
1028
+ const currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds();
1029
+ (0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "9029923253");
1030
+ log?.([
1031
+ `The user will be automatically logged out after ${(0, toHumanReadableDuration_1.toHumanReadableDuration)(currentRefreshTokenTtlInSeconds * 1000)} of inactivity.`,
1032
+ idleSessionLifetimeInSeconds === undefined
1033
+ ? undefined
1034
+ : `It was artificially defined by using the idleSessionLifetimeInSeconds param.`
1035
+ ]
1036
+ .filter(x => x !== undefined)
1037
+ .join("\n"));
1038
+ }
1039
+ }
1040
+ return oidc_loggedIn;
1336
1041
  }
1337
1042
  //# sourceMappingURL=createOidc.js.map