oidc-spa 7.1.10 → 7.2.0-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/backend.js +235 -352
- package/backend.js.map +1 -1
- package/core/AuthResponse.js +12 -49
- package/core/AuthResponse.js.map +1 -1
- package/core/Oidc.d.ts +1 -2
- package/core/Oidc.js.map +1 -1
- package/core/OidcInitializationError.d.ts +0 -13
- package/core/OidcInitializationError.js +8 -318
- package/core/OidcInitializationError.js.map +1 -1
- package/core/OidcMetadata.js +1 -1
- package/core/OidcMetadata.js.map +1 -1
- package/core/StateData.d.ts +5 -5
- package/core/StateData.js +25 -25
- package/core/StateData.js.map +1 -1
- package/core/configId.js +1 -1
- package/core/configId.js.map +1 -1
- package/core/createOidc.d.ts +8 -0
- package/core/createOidc.js +1030 -1292
- package/core/createOidc.js.map +1 -1
- package/core/diagnostic.d.ts +14 -0
- package/core/diagnostic.js +214 -0
- package/core/diagnostic.js.map +1 -0
- package/core/evtIsUserActive.js +26 -27
- package/core/evtIsUserActive.js.map +1 -1
- package/core/handleOidcCallback.js +99 -154
- package/core/handleOidcCallback.js.map +1 -1
- package/core/iframeMessageProtection.d.ts +1 -1
- package/core/iframeMessageProtection.js +40 -106
- package/core/iframeMessageProtection.js.map +1 -1
- package/core/index.d.ts +1 -1
- package/core/index.js +3 -3
- package/core/index.js.map +1 -1
- package/core/initialLocationHref.js +1 -1
- package/core/initialLocationHref.js.map +1 -1
- package/core/isNewBrowserSession.js +8 -8
- package/core/isNewBrowserSession.js.map +1 -1
- package/core/loginOrGoToAuthServer.d.ts +1 -1
- package/core/loginOrGoToAuthServer.js +188 -310
- package/core/loginOrGoToAuthServer.js.map +1 -1
- package/core/loginPropagationToOtherTabs.js +15 -16
- package/core/loginPropagationToOtherTabs.js.map +1 -1
- package/core/loginSilent.d.ts +2 -3
- package/core/loginSilent.js +118 -214
- package/core/loginSilent.js.map +1 -1
- package/core/logoutPropagationToOtherTabs.js +15 -16
- package/core/logoutPropagationToOtherTabs.js.map +1 -1
- package/core/oidcClientTsUserToTokens.d.ts +1 -1
- package/core/oidcClientTsUserToTokens.js +75 -72
- package/core/oidcClientTsUserToTokens.js.map +1 -1
- package/core/ongoingLoginOrRefreshProcesses.js +23 -89
- package/core/ongoingLoginOrRefreshProcesses.js.map +1 -1
- package/core/persistedAuthState.js +13 -13
- package/core/persistedAuthState.js.map +1 -1
- package/entrypoint.js +9 -9
- package/entrypoint.js.map +1 -1
- package/esm/core/AuthResponse.d.ts +5 -0
- package/{src/core/AuthResponse.ts → esm/core/AuthResponse.js} +3 -9
- package/esm/core/AuthResponse.js.map +1 -0
- package/esm/core/Oidc.d.ts +126 -0
- package/esm/core/Oidc.js +2 -0
- package/esm/core/Oidc.js.map +1 -0
- package/esm/core/OidcInitializationError.d.ts +7 -0
- package/esm/core/OidcInitializationError.js +17 -0
- package/esm/core/OidcInitializationError.js.map +1 -0
- package/{src/core/OidcMetadata.ts → esm/core/OidcMetadata.d.ts} +0 -5
- package/esm/core/OidcMetadata.js +3 -0
- package/esm/core/OidcMetadata.js.map +1 -0
- package/esm/core/StateData.d.ts +42 -0
- package/esm/core/StateData.js +55 -0
- package/esm/core/StateData.js.map +1 -0
- package/esm/core/configId.d.ts +4 -0
- package/esm/core/configId.js +4 -0
- package/esm/core/configId.js.map +1 -0
- package/esm/core/createOidc.d.ts +132 -0
- package/{src/core/createOidc.ts → esm/core/createOidc.js} +282 -826
- package/esm/core/createOidc.js.map +1 -0
- package/esm/core/diagnostic.d.ts +14 -0
- package/{src/core/OidcInitializationError.ts → esm/core/diagnostic.js} +40 -117
- package/esm/core/diagnostic.js.map +1 -0
- package/esm/core/evtIsUserActive.d.ts +5 -0
- package/{src/core/evtIsUserActive.ts → esm/core/evtIsUserActive.js} +14 -46
- package/esm/core/evtIsUserActive.js.map +1 -0
- package/esm/core/handleOidcCallback.d.ts +13 -0
- package/{src/core/handleOidcCallback.ts → esm/core/handleOidcCallback.js} +56 -131
- package/esm/core/handleOidcCallback.js.map +1 -0
- package/esm/core/iframeMessageProtection.d.ts +20 -0
- package/{src/core/iframeMessageProtection.ts → esm/core/iframeMessageProtection.js} +14 -49
- package/esm/core/iframeMessageProtection.js.map +1 -0
- package/{src/core/index.ts → esm/core/index.d.ts} +1 -1
- package/esm/core/index.js +4 -0
- package/esm/core/index.js.map +1 -0
- package/esm/core/initialLocationHref.d.ts +1 -0
- package/{src/core/initialLocationHref.ts → esm/core/initialLocationHref.js} +1 -1
- package/esm/core/initialLocationHref.js.map +1 -0
- package/esm/core/isNewBrowserSession.d.ts +9 -0
- package/{src/core/isNewBrowserSession.ts → esm/core/isNewBrowserSession.js} +3 -15
- package/esm/core/isNewBrowserSession.js.map +1 -0
- package/esm/core/loginOrGoToAuthServer.d.ts +40 -0
- package/{src/core/loginOrGoToAuthServer.ts → esm/core/loginOrGoToAuthServer.js} +60 -168
- package/esm/core/loginOrGoToAuthServer.js.map +1 -0
- package/esm/core/loginPropagationToOtherTabs.d.ts +8 -0
- package/{src/core/loginPropagationToOtherTabs.ts → esm/core/loginPropagationToOtherTabs.js} +7 -25
- package/esm/core/loginPropagationToOtherTabs.js.map +1 -0
- package/esm/core/loginSilent.d.ts +28 -0
- package/esm/core/loginSilent.js +125 -0
- package/esm/core/loginSilent.js.map +1 -0
- package/esm/core/logoutPropagationToOtherTabs.d.ts +10 -0
- package/{src/core/logoutPropagationToOtherTabs.ts → esm/core/logoutPropagationToOtherTabs.js} +8 -28
- package/esm/core/logoutPropagationToOtherTabs.js.map +1 -0
- package/esm/core/oidcClientTsUserToTokens.d.ts +11 -0
- package/esm/core/oidcClientTsUserToTokens.js +155 -0
- package/esm/core/oidcClientTsUserToTokens.js.map +1 -0
- package/esm/core/ongoingLoginOrRefreshProcesses.d.ts +6 -0
- package/{src/core/ongoingLoginOrRefreshProcesses.ts → esm/core/ongoingLoginOrRefreshProcesses.js} +6 -24
- package/esm/core/ongoingLoginOrRefreshProcesses.js.map +1 -0
- package/esm/core/persistedAuthState.d.ts +28 -0
- package/esm/core/persistedAuthState.js +64 -0
- package/esm/core/persistedAuthState.js.map +1 -0
- package/esm/entrypoint.d.ts +7 -0
- package/{src/entrypoint.ts → esm/entrypoint.js} +3 -26
- package/esm/entrypoint.js.map +1 -0
- package/esm/index.d.ts +1 -0
- package/esm/index.js +2 -0
- package/esm/index.js.map +1 -0
- package/esm/keycloak/index.d.ts +3 -0
- package/esm/keycloak/index.js +3 -0
- package/esm/keycloak/index.js.map +1 -0
- package/esm/keycloak/isKeycloak.d.ts +3 -0
- package/esm/keycloak/isKeycloak.js +17 -0
- package/esm/keycloak/isKeycloak.js.map +1 -0
- package/esm/keycloak/keycloak-js/Keycloak.d.ts +284 -0
- package/esm/keycloak/keycloak-js/Keycloak.js +774 -0
- package/esm/keycloak/keycloak-js/Keycloak.js.map +1 -0
- package/esm/keycloak/keycloak-js/index.d.ts +2 -0
- package/esm/keycloak/keycloak-js/index.js +2 -0
- package/esm/keycloak/keycloak-js/index.js.map +1 -0
- package/esm/keycloak/keycloak-js/types.d.ts +361 -0
- package/esm/keycloak/keycloak-js/types.js +2 -0
- package/esm/keycloak/keycloak-js/types.js.map +1 -0
- package/esm/keycloak/keycloakIssuerUriParsed.d.ts +9 -0
- package/esm/keycloak/keycloakIssuerUriParsed.js +16 -0
- package/esm/keycloak/keycloakIssuerUriParsed.js.map +1 -0
- package/esm/keycloak/keycloakUtils.d.ts +37 -0
- package/esm/keycloak/keycloakUtils.js +44 -0
- package/esm/keycloak/keycloakUtils.js.map +1 -0
- package/esm/keycloak-js.d.ts +1 -0
- package/esm/keycloak-js.js +2 -0
- package/esm/keycloak-js.js.map +1 -0
- package/esm/mock/index.js +2 -0
- package/esm/mock/index.js.map +1 -0
- package/esm/mock/oidc.d.ts +19 -0
- package/{src/mock/oidc.ts → esm/mock/oidc.js} +28 -88
- package/esm/mock/oidc.js.map +1 -0
- package/esm/mock/react.d.ts +58 -0
- package/esm/mock/react.js +7 -0
- package/esm/mock/react.js.map +1 -0
- package/esm/react/index.js +2 -0
- package/esm/react/index.js.map +1 -0
- package/esm/react/react.d.ts +102 -0
- package/esm/react/react.js +221 -0
- package/esm/react/react.js.map +1 -0
- package/esm/tools/Deferred.d.ts +14 -0
- package/esm/tools/Deferred.js +23 -0
- package/esm/tools/Deferred.js.map +1 -0
- package/esm/tools/EphemeralSessionStorage.d.ts +12 -0
- package/{src/tools/EphemeralSessionStorage.ts → esm/tools/EphemeralSessionStorage.js} +30 -112
- package/esm/tools/EphemeralSessionStorage.js.map +1 -0
- package/esm/tools/Evt.d.ts +11 -0
- package/{src/tools/Evt.ts → esm/tools/Evt.js} +7 -25
- package/esm/tools/Evt.js.map +1 -0
- package/esm/tools/StatefulEvt.d.ts +12 -0
- package/esm/tools/StatefulEvt.js +21 -0
- package/esm/tools/StatefulEvt.js.map +1 -0
- package/esm/tools/ValueOrAsyncGetter.js +2 -0
- package/esm/tools/ValueOrAsyncGetter.js.map +1 -0
- package/esm/tools/asymmetricEncryption.d.ts +18 -0
- package/esm/tools/asymmetricEncryption.js +85 -0
- package/esm/tools/asymmetricEncryption.js.map +1 -0
- package/esm/tools/base64.d.ts +2 -0
- package/{src/tools/base64.ts → esm/tools/base64.js} +3 -3
- package/esm/tools/base64.js.map +1 -0
- package/esm/tools/createObjectThatThrowsIfAccessed.d.ts +8 -0
- package/{src/tools/createObjectThatThrowsIfAccessed.ts → esm/tools/createObjectThatThrowsIfAccessed.js} +7 -18
- package/esm/tools/createObjectThatThrowsIfAccessed.js.map +1 -0
- package/esm/tools/decodeJwt.d.ts +25 -0
- package/esm/tools/decodeJwt.js +60 -0
- package/esm/tools/decodeJwt.js.map +1 -0
- package/esm/tools/generateUrlSafeRandom.d.ts +3 -0
- package/{src/tools/generateUrlSafeRandom.ts → esm/tools/generateUrlSafeRandom.js} +5 -8
- package/esm/tools/generateUrlSafeRandom.js.map +1 -0
- package/esm/tools/getDownlinkAndRtt.d.ts +4 -0
- package/{src/tools/getDownlinkAndRtt.ts → esm/tools/getDownlinkAndRtt.js} +6 -10
- package/esm/tools/getDownlinkAndRtt.js.map +1 -0
- package/esm/tools/getIsOnline.d.ts +7 -0
- package/{src/tools/getIsOnline.ts → esm/tools/getIsOnline.js} +3 -9
- package/esm/tools/getIsOnline.js.map +1 -0
- package/esm/tools/getIsValidRemoteJson.d.ts +1 -0
- package/esm/tools/getIsValidRemoteJson.js +15 -0
- package/esm/tools/getIsValidRemoteJson.js.map +1 -0
- package/esm/tools/getPrUserInteraction.d.ts +4 -0
- package/{src/tools/getPrUserInteraction.ts → esm/tools/getPrUserInteraction.js} +2 -6
- package/esm/tools/getPrUserInteraction.js.map +1 -0
- package/esm/tools/getUserEnvironmentInfo.d.ts +1 -0
- package/esm/tools/getUserEnvironmentInfo.js +50 -0
- package/esm/tools/getUserEnvironmentInfo.js.map +1 -0
- package/esm/tools/haveSharedParentDomain.d.ts +4 -0
- package/{src/tools/haveSharedParentDomain.ts → esm/tools/haveSharedParentDomain.js} +3 -5
- package/esm/tools/haveSharedParentDomain.js.map +1 -0
- package/esm/tools/isDev.d.ts +1 -0
- package/{src/tools/isDev.ts → esm/tools/isDev.js} +5 -12
- package/esm/tools/isDev.js.map +1 -0
- package/esm/tools/parseKeycloakIssuerUri.d.ts +30 -0
- package/esm/tools/parseKeycloakIssuerUri.js +33 -0
- package/esm/tools/parseKeycloakIssuerUri.js.map +1 -0
- package/esm/tools/readExpirationTimeInJwt.d.ts +1 -0
- package/{src/tools/readExpirationTimeInJwt.ts → esm/tools/readExpirationTimeInJwt.js} +6 -7
- package/esm/tools/readExpirationTimeInJwt.js.map +1 -0
- package/esm/tools/startCountdown.d.ts +11 -0
- package/{src/tools/startCountdown.ts → esm/tools/startCountdown.js} +6 -17
- package/esm/tools/startCountdown.js.map +1 -0
- package/esm/tools/subscribeToUserInteraction.d.ts +6 -0
- package/{src/tools/subscribeToUserInteraction.ts → esm/tools/subscribeToUserInteraction.js} +4 -13
- package/esm/tools/subscribeToUserInteraction.js.map +1 -0
- package/esm/tools/toFullyQualifiedUrl.d.ts +10 -0
- package/{src/tools/toFullyQualifiedUrl.ts → esm/tools/toFullyQualifiedUrl.js} +7 -25
- package/esm/tools/toFullyQualifiedUrl.js.map +1 -0
- package/esm/tools/toHumanReadableDuration.d.ts +1 -0
- package/{src/tools/toHumanReadableDuration.ts → esm/tools/toHumanReadableDuration.js} +8 -5
- package/esm/tools/toHumanReadableDuration.js.map +1 -0
- package/esm/tools/urlSearchParams.d.ts +19 -0
- package/{src/tools/urlSearchParams.ts → esm/tools/urlSearchParams.js} +24 -70
- package/esm/tools/urlSearchParams.js.map +1 -0
- package/esm/tools/workerTimers.d.ts +5 -0
- package/{src/tools/workerTimers.ts → esm/tools/workerTimers.js} +7 -27
- package/esm/tools/workerTimers.js.map +1 -0
- package/esm/vendor/frontend/oidc-client-ts.d.ts +1 -0
- package/esm/vendor/frontend/oidc-client-ts.js +3636 -0
- package/{src/vendor/frontend/tsafe.ts → esm/vendor/frontend/tsafe.d.ts} +1 -0
- package/esm/vendor/frontend/tsafe.js +1 -0
- package/esm/vendor/frontend/worker-timers.js +1 -0
- package/index.d.ts +1 -1
- package/index.js +1 -2
- package/index.js.map +1 -1
- package/keycloak/index.d.ts +3 -0
- package/keycloak/index.js +8 -0
- package/keycloak/index.js.map +1 -0
- package/keycloak/isKeycloak.d.ts +3 -0
- package/keycloak/isKeycloak.js +20 -0
- package/keycloak/isKeycloak.js.map +1 -0
- package/keycloak/keycloak-js/Keycloak.d.ts +284 -0
- package/keycloak/keycloak-js/Keycloak.js +778 -0
- package/keycloak/keycloak-js/Keycloak.js.map +1 -0
- package/keycloak/keycloak-js/index.d.ts +2 -0
- package/keycloak/keycloak-js/index.js +6 -0
- package/keycloak/keycloak-js/index.js.map +1 -0
- package/keycloak/keycloak-js/types.d.ts +361 -0
- package/keycloak/keycloak-js/types.js +3 -0
- package/keycloak/keycloak-js/types.js.map +1 -0
- package/keycloak/keycloakIssuerUriParsed.d.ts +9 -0
- package/keycloak/keycloakIssuerUriParsed.js +19 -0
- package/keycloak/keycloakIssuerUriParsed.js.map +1 -0
- package/keycloak/keycloakUtils.d.ts +37 -0
- package/keycloak/keycloakUtils.js +47 -0
- package/keycloak/keycloakUtils.js.map +1 -0
- package/keycloak-js.d.ts +1 -0
- package/keycloak-js.js +18 -0
- package/keycloak-js.js.map +1 -0
- package/mock/index.js.map +1 -1
- package/mock/oidc.js +147 -194
- package/mock/oidc.js.map +1 -1
- package/mock/react.js +2 -2
- package/mock/react.js.map +1 -1
- package/package.json +74 -299
- package/react/index.js.map +1 -1
- package/react/react.js +133 -244
- package/react/react.js.map +1 -1
- package/tools/Deferred.js +13 -35
- package/tools/Deferred.js.map +1 -1
- package/tools/EphemeralSessionStorage.js +46 -48
- package/tools/EphemeralSessionStorage.js.map +1 -1
- package/tools/Evt.js +14 -14
- package/tools/Evt.js.map +1 -1
- package/tools/StatefulEvt.js +5 -5
- package/tools/StatefulEvt.js.map +1 -1
- package/tools/ValueOrAsyncGetter.js.map +1 -1
- package/tools/asymmetricEncryption.js +81 -172
- package/tools/asymmetricEncryption.js.map +1 -1
- package/tools/base64.js +2 -2
- package/tools/base64.js.map +1 -1
- package/tools/createObjectThatThrowsIfAccessed.js +13 -61
- package/tools/createObjectThatThrowsIfAccessed.js.map +1 -1
- package/tools/decodeJwt.d.ts +25 -2
- package/tools/decodeJwt.js +61 -3
- package/tools/decodeJwt.js.map +1 -1
- package/tools/generateUrlSafeRandom.js +5 -30
- package/tools/generateUrlSafeRandom.js.map +1 -1
- package/tools/getDownlinkAndRtt.js +8 -30
- package/tools/getDownlinkAndRtt.js.map +1 -1
- package/tools/getIsOnline.js +3 -3
- package/tools/getIsOnline.js.map +1 -1
- package/tools/getIsValidRemoteJson.js +12 -59
- package/tools/getIsValidRemoteJson.js.map +1 -1
- package/tools/getPrUserInteraction.js +4 -4
- package/tools/getPrUserInteraction.js.map +1 -1
- package/tools/getUserEnvironmentInfo.js +17 -12
- package/tools/getUserEnvironmentInfo.js.map +1 -1
- package/tools/haveSharedParentDomain.js +5 -5
- package/tools/haveSharedParentDomain.js.map +1 -1
- package/tools/isDev.js +2 -2
- package/tools/isDev.js.map +1 -1
- package/tools/parseKeycloakIssuerUri.d.ts +2 -0
- package/tools/parseKeycloakIssuerUri.js +11 -42
- package/tools/parseKeycloakIssuerUri.js.map +1 -1
- package/tools/readExpirationTimeInJwt.js +4 -4
- package/tools/readExpirationTimeInJwt.js.map +1 -1
- package/tools/startCountdown.js +17 -65
- package/tools/startCountdown.js.map +1 -1
- package/tools/subscribeToUserInteraction.js +17 -66
- package/tools/subscribeToUserInteraction.js.map +1 -1
- package/tools/toFullyQualifiedUrl.js +7 -7
- package/tools/toFullyQualifiedUrl.js.map +1 -1
- package/tools/toHumanReadableDuration.js +13 -13
- package/tools/toHumanReadableDuration.js.map +1 -1
- package/tools/urlSearchParams.js +28 -50
- package/tools/urlSearchParams.js.map +1 -1
- package/tools/workerTimers.js +10 -10
- package/tools/workerTimers.js.map +1 -1
- package/vendor/frontend/oidc-client-ts.d.ts +1 -0
- package/vendor/frontend/oidc-client-ts.js +3686 -0
- package/vendor/frontend/tsafe.d.ts +1 -0
- package/vendor/frontend/tsafe.js +1 -1
- package/LICENSE +0 -21
- package/README.md +0 -185
- package/core/trustedFetch.d.ts +0 -2
- package/core/trustedFetch.js +0 -12
- package/core/trustedFetch.js.map +0 -1
- package/src/backend.ts +0 -391
- package/src/core/Oidc.ts +0 -141
- package/src/core/StateData.ts +0 -118
- package/src/core/configId.ts +0 -3
- package/src/core/loginSilent.ts +0 -206
- package/src/core/oidcClientTsUserToTokens.ts +0 -229
- package/src/core/persistedAuthState.ts +0 -122
- package/src/core/trustedFetch.ts +0 -9
- package/src/index.ts +0 -7
- package/src/mock/react.tsx +0 -11
- package/src/react/react.tsx +0 -460
- package/src/tools/Deferred.ts +0 -39
- package/src/tools/StatefulEvt.ts +0 -38
- package/src/tools/asymmetricEncryption.ts +0 -184
- package/src/tools/decodeJwt.ts +0 -2
- package/src/tools/getIsValidRemoteJson.ts +0 -18
- package/src/tools/getUserEnvironmentInfo.ts +0 -42
- package/src/tools/parseKeycloakIssuerUri.ts +0 -68
- package/src/vendor/backend/evt.ts +0 -2
- package/src/vendor/backend/jsonwebtoken.ts +0 -1
- package/src/vendor/backend/node-fetch.ts +0 -2
- package/src/vendor/backend/node-jose.ts +0 -1
- package/src/vendor/backend/tsafe.ts +0 -5
- package/src/vendor/backend/zod.ts +0 -1
- package/src/vendor/frontend/oidc-client-ts-and-jwt-decode.ts +0 -4
- package/vendor/frontend/oidc-client-ts-and-jwt-decode.d.ts +0 -3
- package/vendor/frontend/oidc-client-ts-and-jwt-decode.js +0 -3
- /package/{src/mock/index.ts → esm/mock/index.d.ts} +0 -0
- /package/{src/react/index.ts → esm/react/index.d.ts} +0 -0
- /package/{src/tools/ValueOrAsyncGetter.ts → esm/tools/ValueOrAsyncGetter.d.ts} +0 -0
- /package/{src/vendor/frontend/worker-timers.ts → esm/vendor/frontend/worker-timers.d.ts} +0 -0
package/backend.js
CHANGED
|
@@ -32,363 +32,246 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
32
32
|
return result;
|
|
33
33
|
};
|
|
34
34
|
})();
|
|
35
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
36
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
37
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
38
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
39
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
40
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
41
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
42
|
-
});
|
|
43
|
-
};
|
|
44
|
-
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
45
|
-
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
|
|
46
|
-
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
47
|
-
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
48
|
-
function step(op) {
|
|
49
|
-
if (f) throw new TypeError("Generator is already executing.");
|
|
50
|
-
while (g && (g = 0, op[0] && (_ = 0)), _) try {
|
|
51
|
-
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
52
|
-
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
53
|
-
switch (op[0]) {
|
|
54
|
-
case 0: case 1: t = op; break;
|
|
55
|
-
case 4: _.label++; return { value: op[1], done: false };
|
|
56
|
-
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
57
|
-
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
58
|
-
default:
|
|
59
|
-
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
60
|
-
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
61
|
-
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
62
|
-
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
63
|
-
if (t[2]) _.ops.pop();
|
|
64
|
-
_.trys.pop(); continue;
|
|
65
|
-
}
|
|
66
|
-
op = body.call(thisArg, _);
|
|
67
|
-
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
68
|
-
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
69
|
-
}
|
|
70
|
-
};
|
|
71
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
72
36
|
exports.createOidcBackend = createOidcBackend;
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
function createOidcBackend(params) {
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
case 1:
|
|
90
|
-
publicSigningKeys = _b.sent();
|
|
91
|
-
evtInvalidSignature = evt_1.Evt.create();
|
|
92
|
-
evtInvalidSignature.pipe((0, evt_2.throttleTime)(3600000)).attach(function () { return __awaiter(_this, void 0, void 0, function () {
|
|
93
|
-
var publicSigningKeys_new;
|
|
94
|
-
return __generator(this, function (_a) {
|
|
95
|
-
switch (_a.label) {
|
|
96
|
-
case 0: return [4 /*yield*/, (function callee(count) {
|
|
97
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
98
|
-
var wrap, error_1, delayMs_1;
|
|
99
|
-
return __generator(this, function (_a) {
|
|
100
|
-
switch (_a.label) {
|
|
101
|
-
case 0:
|
|
102
|
-
_a.trys.push([0, 2, , 4]);
|
|
103
|
-
return [4 /*yield*/, fetchPublicSigningKeys({ issuerUri: issuerUri })];
|
|
104
|
-
case 1:
|
|
105
|
-
wrap = _a.sent();
|
|
106
|
-
return [3 /*break*/, 4];
|
|
107
|
-
case 2:
|
|
108
|
-
error_1 = _a.sent();
|
|
109
|
-
if (count === 9) {
|
|
110
|
-
console.warn("Failed to refresh public key and signing algorithm after ".concat(count + 1, " attempts"));
|
|
111
|
-
return [2 /*return*/, undefined];
|
|
112
|
-
}
|
|
113
|
-
delayMs_1 = 1000 * Math.pow(2, count);
|
|
114
|
-
console.warn("Failed to refresh public key and signing algorithm: ".concat(String(error_1), ", retrying in ").concat(delayMs_1, "ms"));
|
|
115
|
-
return [4 /*yield*/, new Promise(function (resolve) { return setTimeout(resolve, delayMs_1); })];
|
|
116
|
-
case 3:
|
|
117
|
-
_a.sent();
|
|
118
|
-
return [2 /*return*/, callee(count + 1)];
|
|
119
|
-
case 4: return [2 /*return*/, wrap];
|
|
120
|
-
}
|
|
121
|
-
});
|
|
122
|
-
});
|
|
123
|
-
})(0)];
|
|
124
|
-
case 1:
|
|
125
|
-
publicSigningKeys_new = _a.sent();
|
|
126
|
-
if (publicSigningKeys_new === undefined) {
|
|
127
|
-
return [2 /*return*/];
|
|
128
|
-
}
|
|
129
|
-
publicSigningKeys = publicSigningKeys_new;
|
|
130
|
-
return [2 /*return*/];
|
|
131
|
-
}
|
|
132
|
-
});
|
|
133
|
-
}); });
|
|
134
|
-
return [2 /*return*/, {
|
|
135
|
-
verifyAndDecodeAccessToken: function (_a) {
|
|
136
|
-
var accessToken = _a.accessToken;
|
|
137
|
-
var kid;
|
|
138
|
-
var alg;
|
|
139
|
-
{
|
|
140
|
-
var jwtHeader_b64 = accessToken.split(".")[0];
|
|
141
|
-
var jwtHeader = void 0;
|
|
142
|
-
try {
|
|
143
|
-
jwtHeader = Buffer.from(jwtHeader_b64, "base64").toString("utf8");
|
|
144
|
-
}
|
|
145
|
-
catch (_b) {
|
|
146
|
-
return {
|
|
147
|
-
isValid: false,
|
|
148
|
-
errorCase: "invalid signature",
|
|
149
|
-
errorMessage: "Failed to decode the JWT header as a base64 string"
|
|
150
|
-
};
|
|
151
|
-
}
|
|
152
|
-
var decodedHeader = void 0;
|
|
153
|
-
try {
|
|
154
|
-
decodedHeader = JSON.parse(jwtHeader);
|
|
155
|
-
}
|
|
156
|
-
catch (_c) {
|
|
157
|
-
return {
|
|
158
|
-
isValid: false,
|
|
159
|
-
errorCase: "invalid signature",
|
|
160
|
-
errorMessage: "Failed to parse the JWT header as a JSON"
|
|
161
|
-
};
|
|
162
|
-
}
|
|
163
|
-
var zDecodedHeader = zod_1.z.object({
|
|
164
|
-
kid: zod_1.z.string(),
|
|
165
|
-
alg: zod_1.z.string()
|
|
166
|
-
});
|
|
167
|
-
(0, tsafe_1.assert)();
|
|
168
|
-
try {
|
|
169
|
-
zDecodedHeader.parse(decodedHeader);
|
|
170
|
-
}
|
|
171
|
-
catch (_d) {
|
|
172
|
-
return {
|
|
173
|
-
isValid: false,
|
|
174
|
-
errorCase: "invalid signature",
|
|
175
|
-
errorMessage: "The decoded JWT header does not have a kid property"
|
|
176
|
-
};
|
|
177
|
-
}
|
|
178
|
-
(0, tsafe_1.assert)((0, tsafe_1.is)(decodedHeader));
|
|
179
|
-
{
|
|
180
|
-
var supportedAlgs = [
|
|
181
|
-
"RS256",
|
|
182
|
-
"RS384",
|
|
183
|
-
"RS512",
|
|
184
|
-
"ES256",
|
|
185
|
-
"ES384",
|
|
186
|
-
"ES512",
|
|
187
|
-
"PS256",
|
|
188
|
-
"PS384",
|
|
189
|
-
"PS512"
|
|
190
|
-
];
|
|
191
|
-
(0, tsafe_1.assert)();
|
|
192
|
-
if (!(0, tsafe_1.isAmong)(supportedAlgs, decodedHeader.alg)) {
|
|
193
|
-
return {
|
|
194
|
-
isValid: false,
|
|
195
|
-
errorCase: "invalid signature",
|
|
196
|
-
errorMessage: "Unsupported or too week algorithm ".concat(decodedHeader.alg)
|
|
197
|
-
};
|
|
198
|
-
}
|
|
199
|
-
}
|
|
200
|
-
kid = decodedHeader.kid;
|
|
201
|
-
alg = decodedHeader.alg;
|
|
202
|
-
}
|
|
203
|
-
var publicSigningKey = publicSigningKeys.find(function (publicSigningKey) { return publicSigningKey.kid === kid; });
|
|
204
|
-
if (publicSigningKey === undefined) {
|
|
205
|
-
return {
|
|
206
|
-
isValid: false,
|
|
207
|
-
errorCase: "invalid signature",
|
|
208
|
-
errorMessage: "No public signing key found with kid ".concat(kid)
|
|
209
|
-
};
|
|
210
|
-
}
|
|
211
|
-
var result = (0, tsafe_1.id)(undefined);
|
|
212
|
-
jwt.verify(accessToken, publicSigningKey.publicKey, { algorithms: [alg] }, function (err, decoded) {
|
|
213
|
-
invalid: {
|
|
214
|
-
if (!err) {
|
|
215
|
-
break invalid;
|
|
216
|
-
}
|
|
217
|
-
if (err.name === "TokenExpiredError") {
|
|
218
|
-
result = (0, tsafe_1.id)({
|
|
219
|
-
isValid: false,
|
|
220
|
-
errorCase: "expired",
|
|
221
|
-
errorMessage: err.message
|
|
222
|
-
});
|
|
223
|
-
return;
|
|
224
|
-
}
|
|
225
|
-
evtInvalidSignature.post();
|
|
226
|
-
result = (0, tsafe_1.id)({
|
|
227
|
-
isValid: false,
|
|
228
|
-
errorCase: "invalid signature",
|
|
229
|
-
errorMessage: err.message
|
|
230
|
-
});
|
|
231
|
-
return;
|
|
232
|
-
}
|
|
233
|
-
var decodedAccessToken;
|
|
234
|
-
try {
|
|
235
|
-
decodedAccessToken = decodedAccessTokenSchema.parse(decoded);
|
|
236
|
-
}
|
|
237
|
-
catch (error) {
|
|
238
|
-
result = (0, tsafe_1.id)({
|
|
239
|
-
isValid: false,
|
|
240
|
-
errorCase: "does not respect schema",
|
|
241
|
-
errorMessage: String(error)
|
|
242
|
-
});
|
|
243
|
-
return;
|
|
244
|
-
}
|
|
245
|
-
result = (0, tsafe_1.id)({
|
|
246
|
-
isValid: true,
|
|
247
|
-
decodedAccessToken: decodedAccessToken
|
|
248
|
-
});
|
|
249
|
-
});
|
|
250
|
-
(0, tsafe_1.assert)(result !== undefined, "0522e6");
|
|
251
|
-
return result;
|
|
252
|
-
}
|
|
253
|
-
}];
|
|
37
|
+
const node_fetch_1 = require("./vendor/backend/node-fetch");
|
|
38
|
+
const tsafe_1 = require("./vendor/backend/tsafe");
|
|
39
|
+
const node_jose_1 = require("./vendor/backend/node-jose");
|
|
40
|
+
const jwt = __importStar(require("./vendor/backend/jsonwebtoken"));
|
|
41
|
+
const zod_1 = require("./vendor/backend/zod");
|
|
42
|
+
const evt_1 = require("./vendor/backend/evt");
|
|
43
|
+
const evt_2 = require("./vendor/backend/evt");
|
|
44
|
+
async function createOidcBackend(params) {
|
|
45
|
+
const { issuerUri, decodedAccessTokenSchema = zod_1.z.record(zod_1.z.unknown()) } = params;
|
|
46
|
+
let publicSigningKeys = await fetchPublicSigningKeys({ issuerUri });
|
|
47
|
+
const evtInvalidSignature = evt_1.Evt.create();
|
|
48
|
+
evtInvalidSignature.pipe((0, evt_2.throttleTime)(3600000)).attach(async () => {
|
|
49
|
+
const publicSigningKeys_new = await (async function callee(count) {
|
|
50
|
+
let wrap;
|
|
51
|
+
try {
|
|
52
|
+
wrap = await fetchPublicSigningKeys({ issuerUri });
|
|
254
53
|
}
|
|
255
|
-
|
|
54
|
+
catch (error) {
|
|
55
|
+
if (count === 9) {
|
|
56
|
+
console.warn(`Failed to refresh public key and signing algorithm after ${count + 1} attempts`);
|
|
57
|
+
return undefined;
|
|
58
|
+
}
|
|
59
|
+
const delayMs = 1000 * Math.pow(2, count);
|
|
60
|
+
console.warn(`Failed to refresh public key and signing algorithm: ${String(error)}, retrying in ${delayMs}ms`);
|
|
61
|
+
await new Promise(resolve => setTimeout(resolve, delayMs));
|
|
62
|
+
return callee(count + 1);
|
|
63
|
+
}
|
|
64
|
+
return wrap;
|
|
65
|
+
})(0);
|
|
66
|
+
if (publicSigningKeys_new === undefined) {
|
|
67
|
+
return;
|
|
68
|
+
}
|
|
69
|
+
publicSigningKeys = publicSigningKeys_new;
|
|
256
70
|
});
|
|
71
|
+
return {
|
|
72
|
+
verifyAndDecodeAccessToken: ({ accessToken }) => {
|
|
73
|
+
let kid;
|
|
74
|
+
let alg;
|
|
75
|
+
{
|
|
76
|
+
const jwtHeader_b64 = accessToken.split(".")[0];
|
|
77
|
+
let jwtHeader;
|
|
78
|
+
try {
|
|
79
|
+
jwtHeader = Buffer.from(jwtHeader_b64, "base64").toString("utf8");
|
|
80
|
+
}
|
|
81
|
+
catch {
|
|
82
|
+
return {
|
|
83
|
+
isValid: false,
|
|
84
|
+
errorCase: "invalid signature",
|
|
85
|
+
errorMessage: "Failed to decode the JWT header as a base64 string"
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
let decodedHeader;
|
|
89
|
+
try {
|
|
90
|
+
decodedHeader = JSON.parse(jwtHeader);
|
|
91
|
+
}
|
|
92
|
+
catch {
|
|
93
|
+
return {
|
|
94
|
+
isValid: false,
|
|
95
|
+
errorCase: "invalid signature",
|
|
96
|
+
errorMessage: "Failed to parse the JWT header as a JSON"
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
const zDecodedHeader = zod_1.z.object({
|
|
100
|
+
kid: zod_1.z.string(),
|
|
101
|
+
alg: zod_1.z.string()
|
|
102
|
+
});
|
|
103
|
+
(0, tsafe_1.assert)();
|
|
104
|
+
try {
|
|
105
|
+
zDecodedHeader.parse(decodedHeader);
|
|
106
|
+
}
|
|
107
|
+
catch {
|
|
108
|
+
return {
|
|
109
|
+
isValid: false,
|
|
110
|
+
errorCase: "invalid signature",
|
|
111
|
+
errorMessage: "The decoded JWT header does not have a kid property"
|
|
112
|
+
};
|
|
113
|
+
}
|
|
114
|
+
(0, tsafe_1.assert)((0, tsafe_1.is)(decodedHeader));
|
|
115
|
+
{
|
|
116
|
+
const supportedAlgs = [
|
|
117
|
+
"RS256",
|
|
118
|
+
"RS384",
|
|
119
|
+
"RS512",
|
|
120
|
+
"ES256",
|
|
121
|
+
"ES384",
|
|
122
|
+
"ES512",
|
|
123
|
+
"PS256",
|
|
124
|
+
"PS384",
|
|
125
|
+
"PS512"
|
|
126
|
+
];
|
|
127
|
+
(0, tsafe_1.assert)();
|
|
128
|
+
if (!(0, tsafe_1.isAmong)(supportedAlgs, decodedHeader.alg)) {
|
|
129
|
+
return {
|
|
130
|
+
isValid: false,
|
|
131
|
+
errorCase: "invalid signature",
|
|
132
|
+
errorMessage: `Unsupported or too week algorithm ${decodedHeader.alg}`
|
|
133
|
+
};
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
kid = decodedHeader.kid;
|
|
137
|
+
alg = decodedHeader.alg;
|
|
138
|
+
}
|
|
139
|
+
const publicSigningKey = publicSigningKeys.find(publicSigningKey => publicSigningKey.kid === kid);
|
|
140
|
+
if (publicSigningKey === undefined) {
|
|
141
|
+
return {
|
|
142
|
+
isValid: false,
|
|
143
|
+
errorCase: "invalid signature",
|
|
144
|
+
errorMessage: `No public signing key found with kid ${kid}`
|
|
145
|
+
};
|
|
146
|
+
}
|
|
147
|
+
let result = (0, tsafe_1.id)(undefined);
|
|
148
|
+
jwt.verify(accessToken, publicSigningKey.publicKey, { algorithms: [alg] }, (err, decoded) => {
|
|
149
|
+
invalid: {
|
|
150
|
+
if (!err) {
|
|
151
|
+
break invalid;
|
|
152
|
+
}
|
|
153
|
+
if (err.name === "TokenExpiredError") {
|
|
154
|
+
result = (0, tsafe_1.id)({
|
|
155
|
+
isValid: false,
|
|
156
|
+
errorCase: "expired",
|
|
157
|
+
errorMessage: err.message
|
|
158
|
+
});
|
|
159
|
+
return;
|
|
160
|
+
}
|
|
161
|
+
evtInvalidSignature.post();
|
|
162
|
+
result = (0, tsafe_1.id)({
|
|
163
|
+
isValid: false,
|
|
164
|
+
errorCase: "invalid signature",
|
|
165
|
+
errorMessage: err.message
|
|
166
|
+
});
|
|
167
|
+
return;
|
|
168
|
+
}
|
|
169
|
+
let decodedAccessToken;
|
|
170
|
+
try {
|
|
171
|
+
decodedAccessToken = decodedAccessTokenSchema.parse(decoded);
|
|
172
|
+
}
|
|
173
|
+
catch (error) {
|
|
174
|
+
result = (0, tsafe_1.id)({
|
|
175
|
+
isValid: false,
|
|
176
|
+
errorCase: "does not respect schema",
|
|
177
|
+
errorMessage: String(error)
|
|
178
|
+
});
|
|
179
|
+
return;
|
|
180
|
+
}
|
|
181
|
+
result = (0, tsafe_1.id)({
|
|
182
|
+
isValid: true,
|
|
183
|
+
decodedAccessToken: decodedAccessToken
|
|
184
|
+
});
|
|
185
|
+
});
|
|
186
|
+
(0, tsafe_1.assert)(result !== undefined, "0522e6");
|
|
187
|
+
return result;
|
|
188
|
+
}
|
|
189
|
+
};
|
|
257
190
|
}
|
|
258
|
-
function fetchPublicSigningKeys(params) {
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
_a.trys.push([2, 4, , 5]);
|
|
281
|
-
return [4 /*yield*/, response.json()];
|
|
282
|
-
case 3:
|
|
283
|
-
data = _a.sent();
|
|
284
|
-
return [3 /*break*/, 5];
|
|
285
|
-
case 4:
|
|
286
|
-
error_2 = _a.sent();
|
|
287
|
-
throw new Error("Failed to parse json from ".concat(url, ": ").concat(String(error_2)));
|
|
288
|
-
case 5:
|
|
289
|
-
{
|
|
290
|
-
zWellKnownConfiguration = zod_1.z.object({
|
|
291
|
-
jwks_uri: zod_1.z.string()
|
|
292
|
-
});
|
|
293
|
-
(0, tsafe_1.assert)();
|
|
294
|
-
try {
|
|
295
|
-
zWellKnownConfiguration.parse(data);
|
|
296
|
-
}
|
|
297
|
-
catch (_b) {
|
|
298
|
-
throw new Error("".concat(url, " does not have a jwks_uri property"));
|
|
299
|
-
}
|
|
300
|
-
(0, tsafe_1.assert)((0, tsafe_1.is)(data));
|
|
301
|
-
}
|
|
302
|
-
jwks_uri = data.jwks_uri;
|
|
303
|
-
return [2 /*return*/, { jwks_uri: jwks_uri }];
|
|
304
|
-
}
|
|
305
|
-
});
|
|
306
|
-
}); })()];
|
|
307
|
-
case 1:
|
|
308
|
-
jwks_uri = (_a.sent()).jwks_uri;
|
|
309
|
-
return [4 /*yield*/, (function () { return __awaiter(_this, void 0, void 0, function () {
|
|
310
|
-
var response, jwks, error_3, zJwks;
|
|
311
|
-
return __generator(this, function (_a) {
|
|
312
|
-
switch (_a.label) {
|
|
313
|
-
case 0: return [4 /*yield*/, (0, node_fetch_1.fetch)(jwks_uri)];
|
|
314
|
-
case 1:
|
|
315
|
-
response = _a.sent();
|
|
316
|
-
if (!response.ok) {
|
|
317
|
-
throw new Error("Failed to fetch public key and algorithm from ".concat(jwks_uri, ": ").concat(response.statusText));
|
|
318
|
-
}
|
|
319
|
-
_a.label = 2;
|
|
320
|
-
case 2:
|
|
321
|
-
_a.trys.push([2, 4, , 5]);
|
|
322
|
-
return [4 /*yield*/, response.json()];
|
|
323
|
-
case 3:
|
|
324
|
-
jwks = _a.sent();
|
|
325
|
-
return [3 /*break*/, 5];
|
|
326
|
-
case 4:
|
|
327
|
-
error_3 = _a.sent();
|
|
328
|
-
throw new Error("Failed to parse json from ".concat(jwks_uri, ": ").concat(String(error_3)));
|
|
329
|
-
case 5:
|
|
330
|
-
{
|
|
331
|
-
zJwks = zod_1.z.object({
|
|
332
|
-
keys: zod_1.z.array(zod_1.z.object({
|
|
333
|
-
kid: zod_1.z.string(),
|
|
334
|
-
kty: zod_1.z.string(),
|
|
335
|
-
e: zod_1.z.string().optional(),
|
|
336
|
-
n: zod_1.z.string().optional(),
|
|
337
|
-
use: zod_1.z.string()
|
|
338
|
-
}))
|
|
339
|
-
});
|
|
340
|
-
(0, tsafe_1.assert)();
|
|
341
|
-
try {
|
|
342
|
-
zJwks.parse(jwks);
|
|
343
|
-
}
|
|
344
|
-
catch (_b) {
|
|
345
|
-
throw new Error("".concat(jwks_uri, " does not have the expected shape"));
|
|
346
|
-
}
|
|
347
|
-
(0, tsafe_1.assert)((0, tsafe_1.is)(jwks));
|
|
348
|
-
}
|
|
349
|
-
return [2 /*return*/, { jwks: jwks }];
|
|
350
|
-
}
|
|
351
|
-
});
|
|
352
|
-
}); })()];
|
|
353
|
-
case 2:
|
|
354
|
-
jwks = (_a.sent()).jwks;
|
|
355
|
-
return [4 /*yield*/, Promise.all(jwks.keys
|
|
356
|
-
.filter(function (_a) {
|
|
357
|
-
var use = _a.use;
|
|
358
|
-
return use === "sig";
|
|
359
|
-
})
|
|
360
|
-
.map(function (_a) {
|
|
361
|
-
var kid = _a.kid, kty = _a.kty, e = _a.e, n = _a.n;
|
|
362
|
-
if (kty !== "RSA") {
|
|
363
|
-
return undefined;
|
|
364
|
-
}
|
|
365
|
-
(0, tsafe_1.assert)(e !== undefined, "e is undefined");
|
|
366
|
-
(0, tsafe_1.assert)(n !== undefined, "n is undefined");
|
|
367
|
-
return { kid: kid, e: e, n: n };
|
|
368
|
-
})
|
|
369
|
-
.filter((0, tsafe_1.exclude)(undefined))
|
|
370
|
-
.map(function (_a) { return __awaiter(_this, [_a], void 0, function (_b) {
|
|
371
|
-
var key, publicKey;
|
|
372
|
-
var kid = _b.kid, e = _b.e, n = _b.n;
|
|
373
|
-
return __generator(this, function (_c) {
|
|
374
|
-
switch (_c.label) {
|
|
375
|
-
case 0: return [4 /*yield*/, node_jose_1.JWK.asKey({ kty: "RSA", e: e, n: n })];
|
|
376
|
-
case 1:
|
|
377
|
-
key = _c.sent();
|
|
378
|
-
publicKey = key.toPEM(false);
|
|
379
|
-
return [2 /*return*/, {
|
|
380
|
-
kid: kid,
|
|
381
|
-
publicKey: publicKey
|
|
382
|
-
}];
|
|
383
|
-
}
|
|
384
|
-
});
|
|
385
|
-
}); }))];
|
|
386
|
-
case 3:
|
|
387
|
-
publicSigningKeys = _a.sent();
|
|
388
|
-
(0, tsafe_1.assert)(publicSigningKeys.length !== 0, "No public signing key found at ".concat(jwks_uri, ", ").concat(JSON.stringify(jwks, null, 2)));
|
|
389
|
-
return [2 /*return*/, publicSigningKeys];
|
|
191
|
+
async function fetchPublicSigningKeys(params) {
|
|
192
|
+
const { issuerUri } = params;
|
|
193
|
+
const { jwks_uri } = await (async () => {
|
|
194
|
+
const url = `${issuerUri.replace(/\/$/, "")}/.well-known/openid-configuration`;
|
|
195
|
+
const response = await (0, node_fetch_1.fetch)(url);
|
|
196
|
+
if (!response.ok) {
|
|
197
|
+
throw new Error(`Failed to fetch openid configuration of the issuerUri: ${issuerUri} (${url}): ${response.statusText}`);
|
|
198
|
+
}
|
|
199
|
+
let data;
|
|
200
|
+
try {
|
|
201
|
+
data = await response.json();
|
|
202
|
+
}
|
|
203
|
+
catch (error) {
|
|
204
|
+
throw new Error(`Failed to parse json from ${url}: ${String(error)}`);
|
|
205
|
+
}
|
|
206
|
+
{
|
|
207
|
+
const zWellKnownConfiguration = zod_1.z.object({
|
|
208
|
+
jwks_uri: zod_1.z.string()
|
|
209
|
+
});
|
|
210
|
+
(0, tsafe_1.assert)();
|
|
211
|
+
try {
|
|
212
|
+
zWellKnownConfiguration.parse(data);
|
|
390
213
|
}
|
|
391
|
-
|
|
392
|
-
|
|
214
|
+
catch {
|
|
215
|
+
throw new Error(`${url} does not have a jwks_uri property`);
|
|
216
|
+
}
|
|
217
|
+
(0, tsafe_1.assert)((0, tsafe_1.is)(data));
|
|
218
|
+
}
|
|
219
|
+
const { jwks_uri } = data;
|
|
220
|
+
return { jwks_uri };
|
|
221
|
+
})();
|
|
222
|
+
const { jwks } = await (async () => {
|
|
223
|
+
const response = await (0, node_fetch_1.fetch)(jwks_uri);
|
|
224
|
+
if (!response.ok) {
|
|
225
|
+
throw new Error(`Failed to fetch public key and algorithm from ${jwks_uri}: ${response.statusText}`);
|
|
226
|
+
}
|
|
227
|
+
let jwks;
|
|
228
|
+
try {
|
|
229
|
+
jwks = await response.json();
|
|
230
|
+
}
|
|
231
|
+
catch (error) {
|
|
232
|
+
throw new Error(`Failed to parse json from ${jwks_uri}: ${String(error)}`);
|
|
233
|
+
}
|
|
234
|
+
{
|
|
235
|
+
const zJwks = zod_1.z.object({
|
|
236
|
+
keys: zod_1.z.array(zod_1.z.object({
|
|
237
|
+
kid: zod_1.z.string(),
|
|
238
|
+
kty: zod_1.z.string(),
|
|
239
|
+
e: zod_1.z.string().optional(),
|
|
240
|
+
n: zod_1.z.string().optional(),
|
|
241
|
+
use: zod_1.z.string()
|
|
242
|
+
}))
|
|
243
|
+
});
|
|
244
|
+
(0, tsafe_1.assert)();
|
|
245
|
+
try {
|
|
246
|
+
zJwks.parse(jwks);
|
|
247
|
+
}
|
|
248
|
+
catch {
|
|
249
|
+
throw new Error(`${jwks_uri} does not have the expected shape`);
|
|
250
|
+
}
|
|
251
|
+
(0, tsafe_1.assert)((0, tsafe_1.is)(jwks));
|
|
252
|
+
}
|
|
253
|
+
return { jwks };
|
|
254
|
+
})();
|
|
255
|
+
const publicSigningKeys = await Promise.all(jwks.keys
|
|
256
|
+
.filter(({ use }) => use === "sig")
|
|
257
|
+
.map(({ kid, kty, e, n }) => {
|
|
258
|
+
if (kty !== "RSA") {
|
|
259
|
+
return undefined;
|
|
260
|
+
}
|
|
261
|
+
(0, tsafe_1.assert)(e !== undefined, "e is undefined");
|
|
262
|
+
(0, tsafe_1.assert)(n !== undefined, "n is undefined");
|
|
263
|
+
return { kid, e, n };
|
|
264
|
+
})
|
|
265
|
+
.filter((0, tsafe_1.exclude)(undefined))
|
|
266
|
+
.map(async ({ kid, e, n }) => {
|
|
267
|
+
const key = await node_jose_1.JWK.asKey({ kty: "RSA", e, n });
|
|
268
|
+
const publicKey = key.toPEM(false);
|
|
269
|
+
return {
|
|
270
|
+
kid,
|
|
271
|
+
publicKey
|
|
272
|
+
};
|
|
273
|
+
}));
|
|
274
|
+
(0, tsafe_1.assert)(publicSigningKeys.length !== 0, `No public signing key found at ${jwks_uri}, ${JSON.stringify(jwks, null, 2)}`);
|
|
275
|
+
return publicSigningKeys;
|
|
393
276
|
}
|
|
394
277
|
//# sourceMappingURL=backend.js.map
|
package/backend.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"backend.js","sourceRoot":"","sources":["src/backend.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"backend.js","sourceRoot":"","sources":["../src/backend.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCA,8CAkNC;AA3PD,4DAAoD;AACpD,kDAAuF;AACvF,0DAAiD;AACjD,mEAAqD;AACrD,8CAAyC;AACzC,8CAA2C;AAC3C,8CAAoD;AAmC7C,KAAK,UAAU,iBAAiB,CACnC,MAAqD;IAErD,MAAM,EAAE,SAAS,EAAE,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC;IAE/E,IAAI,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IAEpE,MAAM,mBAAmB,GAAG,SAAG,CAAC,MAAM,EAAQ,CAAC;IAE/C,mBAAmB,CAAC,IAAI,CAAC,IAAA,kBAAY,EAAC,OAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;QAC/D,MAAM,qBAAqB,GAAG,MAAM,CAAC,KAAK,UAAU,MAAM,CACtD,KAAa;YAEb,IAAI,IAAI,CAAC;YAET,IAAI,CAAC;gBACD,IAAI,GAAG,MAAM,sBAAsB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;oBACd,OAAO,CAAC,IAAI,CACR,4DAA4D,KAAK,GAAG,CAAC,WAAW,CACnF,CAAC;oBAEF,OAAO,SAAS,CAAC;gBACrB,CAAC;gBAED,MAAM,OAAO,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;gBAE1C,OAAO,CAAC,IAAI,CACR,uDAAuD,MAAM,CACzD,KAAK,CACR,iBAAiB,OAAO,IAAI,CAChC,CAAC;gBAEF,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;gBAE3D,OAAO,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YAC7B,CAAC;YAED,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEN,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO;QACX,CAAC;QAED,iBAAiB,GAAG,qBAAqB,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,OAAO;QACH,0BAA0B,EAAE,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE;YAC5C,IAAI,GAAW,CAAC;YAChB,IAAI,GAAkB,CAAC;YAEvB,CAAC;gBACG,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAEhD,IAAI,SAAiB,CAAC;gBAEtB,IAAI,CAAC;oBACD,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACtE,CAAC;gBAAC,MAAM,CAAC;oBACL,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,mBAAmB;wBAC9B,YAAY,EAAE,oDAAoD;qBACrE,CAAC;gBACN,CAAC;gBAED,IAAI,aAAsB,CAAC;gBAE3B,IAAI,CAAC;oBACD,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAC1C,CAAC;gBAAC,MAAM,CAAC;oBACL,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,mBAAmB;wBAC9B,YAAY,EAAE,0CAA0C;qBAC3D,CAAC;gBACN,CAAC;gBAOD,MAAM,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;oBAC5B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;oBACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;iBAClB,CAAC,CAAC;gBAEH,IAAA,cAAM,GAAyD,CAAC;gBAEhE,IAAI,CAAC;oBACD,cAAc,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;gBACxC,CAAC;gBAAC,MAAM,CAAC;oBACL,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,mBAAmB;wBAC9B,YAAY,EAAE,qDAAqD;qBACtE,CAAC;gBACN,CAAC;gBAED,IAAA,cAAM,EAAC,IAAA,UAAE,EAAgB,aAAa,CAAC,CAAC,CAAC;gBAEzC,CAAC;oBACG,MAAM,aAAa,GAAG;wBAClB,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;qBACD,CAAC;oBAEX,IAAA,cAAM,GAKH,CAAC;oBAEJ,IAAI,CAAC,IAAA,eAAO,EAAC,aAAa,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC7C,OAAO;4BACH,OAAO,EAAE,KAAK;4BACd,SAAS,EAAE,mBAAmB;4BAC9B,YAAY,EAAE,qCAAqC,aAAa,CAAC,GAAG,EAAE;yBACzE,CAAC;oBACN,CAAC;gBACL,CAAC;gBAED,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC;gBACxB,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC;YAC5B,CAAC;YAED,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,IAAI,CAC3C,gBAAgB,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,KAAK,GAAG,CACnD,CAAC;YAEF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACjC,OAAO;oBACH,OAAO,EAAE,KAAK;oBACd,SAAS,EAAE,mBAAmB;oBAC9B,YAAY,EAAE,wCAAwC,GAAG,EAAE;iBAC9D,CAAC;YACN,CAAC;YAED,IAAI,MAAM,GAAG,IAAA,UAAE,EAA4D,SAAS,CAAC,CAAC;YAEtF,GAAG,CAAC,MAAM,CACN,WAAW,EACX,gBAAgB,CAAC,SAAS,EAC1B,EAAE,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,EACrB,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;gBACb,OAAO,EAAE,CAAC;oBACN,IAAI,CAAC,GAAG,EAAE,CAAC;wBACP,MAAM,OAAO,CAAC;oBAClB,CAAC;oBAED,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;wBACnC,MAAM,GAAG,IAAA,UAAE,EAAoC;4BAC3C,OAAO,EAAE,KAAK;4BACd,SAAS,EAAE,SAAS;4BACpB,YAAY,EAAE,GAAG,CAAC,OAAO;yBAC5B,CAAC,CAAC;wBACH,OAAO;oBACX,CAAC;oBAED,mBAAmB,CAAC,IAAI,EAAE,CAAC;oBAE3B,MAAM,GAAG,IAAA,UAAE,EAAoC;wBAC3C,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,mBAAmB;wBAC9B,YAAY,EAAE,GAAG,CAAC,OAAO;qBAC5B,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,IAAI,kBAAsC,CAAC;gBAE3C,IAAI,CAAC;oBACD,kBAAkB,GAAG,wBAAwB,CAAC,KAAK,CAC/C,OAAO,CACY,CAAC;gBAC5B,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACb,MAAM,GAAG,IAAA,UAAE,EAAoC;wBAC3C,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,yBAAyB;wBACpC,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC;qBAC9B,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,MAAM,GAAG,IAAA,UAAE,EAAsD;oBAC7D,OAAO,EAAE,IAAI;oBACb,kBAAkB,EAAE,kBAAkB;iBACzC,CAAC,CAAC;YACP,CAAC,CACJ,CAAC;YAEF,IAAA,cAAM,EAAC,MAAM,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEvC,OAAO,MAAM,CAAC;QAClB,CAAC;KACJ,CAAC;AACN,CAAC;AAOD,KAAK,UAAU,sBAAsB,CAAC,MAA6B;IAC/D,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE;QACnC,MAAM,GAAG,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,mCAAmC,CAAC;QAE/E,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAK,EAAC,GAAG,CAAC,CAAC;QAElC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACX,0DAA0D,SAAS,KAAK,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CACzG,CAAC;QACN,CAAC;QAED,IAAI,IAAa,CAAC;QAElB,IAAI,CAAC;YACD,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,CAAC;YAKG,MAAM,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;gBACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;aACvB,CAAC,CAAC;YAEH,IAAA,cAAM,GAA2E,CAAC;YAElF,IAAI,CAAC;gBACD,uBAAuB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACxC,CAAC;YAAC,MAAM,CAAC;gBACL,MAAM,IAAI,KAAK,CAAC,GAAG,GAAG,oCAAoC,CAAC,CAAC;YAChE,CAAC;YAED,IAAA,cAAM,EAAC,IAAA,UAAE,EAAyB,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;QAE1B,OAAO,EAAE,QAAQ,EAAE,CAAC;IACxB,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE;QAC/B,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAK,EAAC,QAAQ,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACX,iDAAiD,QAAQ,KAAK,QAAQ,CAAC,UAAU,EAAE,CACtF,CAAC;QACN,CAAC;QAED,IAAI,IAAa,CAAC;QAElB,IAAI,CAAC;YACD,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC/E,CAAC;QAED,CAAC;YAWG,MAAM,KAAK,GAAG,OAAC,CAAC,MAAM,CAAC;gBACnB,IAAI,EAAE,OAAC,CAAC,KAAK,CACT,OAAC,CAAC,MAAM,CAAC;oBACL,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;oBACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;oBACf,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;oBACxB,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;oBACxB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;iBAClB,CAAC,CACL;aACJ,CAAC,CAAC;YAEH,IAAA,cAAM,GAAuC,CAAC;YAE9C,IAAI,CAAC;gBACD,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;YAAC,MAAM,CAAC;gBACL,MAAM,IAAI,KAAK,CAAC,GAAG,QAAQ,mCAAmC,CAAC,CAAC;YACpE,CAAC;YAED,IAAA,cAAM,EAAC,IAAA,UAAE,EAAO,IAAI,CAAC,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,CAAC;IACpB,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,iBAAiB,GAAuB,MAAM,OAAO,CAAC,GAAG,CAC3D,IAAI,CAAC,IAAI;SACJ,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,KAAK,KAAK,CAAC;SAClC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE;QACxB,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YAChB,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,IAAA,cAAM,EAAC,CAAC,KAAK,SAAS,EAAE,gBAAgB,CAAC,CAAC;QAC1C,IAAA,cAAM,EAAC,CAAC,KAAK,SAAS,EAAE,gBAAgB,CAAC,CAAC;QAE1C,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IACzB,CAAC,CAAC;SACD,MAAM,CAAC,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC;SAC1B,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE;QACzB,MAAM,GAAG,GAAG,MAAM,eAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEnC,OAAO;YACH,GAAG;YACH,SAAS;SACZ,CAAC;IACN,CAAC,CAAC,CACT,CAAC;IAEF,IAAA,cAAM,EACF,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAC9B,kCAAkC,QAAQ,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CACjF,CAAC;IAEF,OAAO,iBAAiB,CAAC;AAC7B,CAAC"}
|