oidc-spa 7.1.10 → 7.2.0-rc.2

package/{src/core/handleOidcCallback.ts → esm/core/handleOidcCallback.js}

@@ -1,58 +1,49 @@
-import {
-    getStateData,
-    markStateDataAsProcessedByCallback,
-    getIsStatQueryParamValue,
-    type StateData
-} from "./StateData";
+import { getStateData, markStateDataAsProcessedByCallback, getIsStatQueryParamValue } from "./StateData";
 import { assert, id } from "../vendor/frontend/tsafe";
-import type { AuthResponse } from "./AuthResponse";
 import { initialLocationHref } from "./initialLocationHref";
-import { captureFetch } from "./trustedFetch";
 import { encryptAuthResponse } from "./iframeMessageProtection";
-
-captureFetch();
-
 const globalContext = {
-    previousCall: id<{ isHandled: boolean } | undefined>(undefined)
+    previousCall: id(undefined)
 };
-
-export function handleOidcCallback(): { isHandled: boolean } {
+export function handleOidcCallback() {
     if (globalContext.previousCall !== undefined) {
         return globalContext.previousCall;
     }
-
     return (globalContext.previousCall = handleOidcCallback_nonMemoized());
 }
-
-function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
+function handleOidcCallback_nonMemoized() {
     const location_urlObj = new URL(initialLocationHref);
-
-    const stateQueryParamValue = (() => {
-        const stateQueryParamValue = location_urlObj.searchParams.get("state");
-
-        if (stateQueryParamValue === null) {
-            return undefined;
-        }
-
-        if (!getIsStatQueryParamValue({ maybeStateQueryParamValue: stateQueryParamValue })) {
-            return undefined;
+    const stateUrlParamValue_wrap = (() => {
+        fragment: {
+            const stateUrlParamValue = new URLSearchParams(location_urlObj.hash.replace(/^#/, "")).get("state");
+            if (stateUrlParamValue === null) {
+                break fragment;
+            }
+            if (!getIsStatQueryParamValue({ maybeStateUrlParamValue: stateUrlParamValue })) {
+                break fragment;
+            }
+            return { stateUrlParamValue, isFragment: true };
         }
-
-        if (
-            location_urlObj.searchParams.get("client_id") !== null &&
-            location_urlObj.searchParams.get("response_type") !== null &&
-            location_urlObj.searchParams.get("redirect_uri") !== null
-        ) {
-            // NOTE: We are probably in a Keycloakify theme and oidc-spa was loaded by mistake.
-            return undefined;
+        query: {
+            const stateUrlParamValue = location_urlObj.searchParams.get("state");
+            if (stateUrlParamValue === null) {
+                break query;
+            }
+            if (!getIsStatQueryParamValue({ maybeStateUrlParamValue: stateUrlParamValue })) {
+                break query;
+            }
+            if (location_urlObj.searchParams.get("client_id") !== null &&
+                location_urlObj.searchParams.get("response_type") !== null &&
+                location_urlObj.searchParams.get("redirect_uri") !== null) {
+                // NOTE: We are probably in a Keycloakify theme and oidc-spa was loaded by mistake.
+                break query;
+            }
+            return { stateUrlParamValue, isFragment: false };
         }
-
-        return stateQueryParamValue;
+        return undefined;
     })();
-
-    if (stateQueryParamValue === undefined) {
+    if (stateUrlParamValue_wrap === undefined) {
         const backForwardTracker = readBackForwardTracker();
-
         if (backForwardTracker !== undefined) {
             writeBackForwardTracker({
                 backForwardTracker: {
@@ -61,34 +52,25 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
                 }
             });
         }
-
         return { isHandled: false };
     }
-
     const isHandled = true;
-
-    console.log = () => {};
-    console.warn = () => {};
-    console.error = () => {};
-    console.debug = () => {};
-
-    const stateData = getStateData({ stateQueryParamValue });
-
-    if (
-        stateData === undefined ||
-        (stateData.context === "redirect" && stateData.hasBeenProcessedByCallback)
-    ) {
-        const historyMethod: "back" | "forward" = (() => {
+    const { stateUrlParamValue, isFragment } = stateUrlParamValue_wrap;
+    console.log = () => { };
+    console.warn = () => { };
+    console.error = () => { };
+    console.debug = () => { };
+    const stateData = getStateData({ stateUrlParamValue });
+    if (stateData === undefined ||
+        (stateData.context === "redirect" && stateData.hasBeenProcessedByCallback)) {
+        const historyMethod = (() => {
             const backForwardTracker = readBackForwardTracker();
-
             if (backForwardTracker === undefined) {
                 return "back";
             }
-
             if (!backForwardTracker.hasExitedCallback) {
                 return backForwardTracker.previousHistoryMethod;
             }
-
             switch (backForwardTracker.previousHistoryMethod) {
                 case "back":
                     return "forward";
@@ -96,19 +78,15 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
                     return "back";
             }
         })();
-
         writeBackForwardTracker({
             backForwardTracker: {
                 previousHistoryMethod: historyMethod,
                 hasExitedCallback: false
             }
         });
-
         setTimeout(() => {
             reloadOnBfCacheNavigation();
-
             window.history[historyMethod]();
-
             // NOTE: This is a "better than nothing" approach.
             // Under some circumstances it's possible to get stuck on this url
             // if there is no "next" page in the history for example, navigating
@@ -119,18 +97,15 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
                 window.location.href = `${protocol}//${host}${pathname}${hash}`;
             }, 350);
         }, 0);
-
         return { isHandled };
     }
-
-    const authResponse: AuthResponse = { state: "" };
-
-    for (const [key, value] of location_urlObj.searchParams) {
+    const authResponse = { state: "" };
+    for (const [key, value] of isFragment
+        ? new URLSearchParams(location_urlObj.hash.replace(/^#/, ""))
+        : location_urlObj.searchParams) {
         authResponse[key] = value;
     }
-
     assert(authResponse.state !== "", "063965");
-
     switch (stateData.context) {
         case "iframe":
             encryptAuthResponse({
@@ -138,7 +113,7 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
             }).then(({ encryptedMessage }) => parent.postMessage(encryptedMessage, location.origin));
             break;
         case "redirect":
-            markStateDataAsProcessedByCallback({ stateQueryParamValue });
+            markStateDataAsProcessedByCallback({ stateUrlParamValue });
             clearBackForwardTracker();
             writeRedirectAuthResponses({
                 authResponses: [...readRedirectAuthResponses(), authResponse]
@@ -149,27 +124,17 @@ function handleOidcCallback_nonMemoized(): { isHandled: boolean } {
                     if (stateData.action === "login" && authResponse.error === "consent_required") {
                         return stateData.redirectUrl_consentRequiredCase;
                     }
-
                     return stateData.redirectUrl;
                 })();
-
                 location.href = href;
             }, 0);
             break;
     }
-
     return { isHandled };
 }
-
-const {
-    readRedirectAuthResponses,
-    writeRedirectAuthResponses,
-    moveRedirectAuthResponseFromSessionStorageToMemory
-} = (() => {
+const { readRedirectAuthResponses, writeRedirectAuthResponses, moveRedirectAuthResponseFromSessionStorageToMemory } = (() => {
     const AUTH_RESPONSES_KEY = "oidc-spa:authResponses";
-
-    let authResponses_movedToMemoryFromSessionStorage: AuthResponse[] | undefined = undefined;
-
+    let authResponses_movedToMemoryFromSessionStorage = undefined;
     // NOTE: Here we note that we can re-write on session storage some auth response
     // after earlyInit in retrieveRedirectAuthResponseAndStateData
     // In situation where there are more than one client in the same app and we can't use iframe,
@@ -177,124 +142,84 @@ const {
     // In most case it won't happen if the init sequence is deterministic but the client
     // can be instantiated at any time really.
     // So the move to memory of the response is fully effective only when theres one client.
-    function writeRedirectAuthResponses(params: { authResponses: AuthResponse[] }): void {
+    function writeRedirectAuthResponses(params) {
         const { authResponses } = params;
-
         authResponses_movedToMemoryFromSessionStorage = undefined;
-
         if (authResponses.length === 0) {
             sessionStorage.removeItem(AUTH_RESPONSES_KEY);
             return;
         }
         sessionStorage.setItem(AUTH_RESPONSES_KEY, JSON.stringify(authResponses));
     }
-
-    function readRedirectAuthResponses(): AuthResponse[] {
+    function readRedirectAuthResponses() {
         if (authResponses_movedToMemoryFromSessionStorage !== undefined) {
             return authResponses_movedToMemoryFromSessionStorage;
         }
-
         const raw = sessionStorage.getItem(AUTH_RESPONSES_KEY);
-
         if (raw === null) {
             return [];
         }
-
         return JSON.parse(raw);
     }
-
     function moveRedirectAuthResponseFromSessionStorageToMemory() {
         const authResponses = readRedirectAuthResponses();
-
         writeRedirectAuthResponses({ authResponses: [] });
-
         authResponses_movedToMemoryFromSessionStorage = authResponses;
     }
-
     return {
         writeRedirectAuthResponses,
         readRedirectAuthResponses,
         moveRedirectAuthResponseFromSessionStorageToMemory
     };
 })();
-
 export { moveRedirectAuthResponseFromSessionStorageToMemory };
-
-export function retrieveRedirectAuthResponseAndStateData(params: {
-    configId: string;
-}): { authResponse: AuthResponse; stateData: StateData.Redirect } | undefined {
+export function retrieveRedirectAuthResponseAndStateData(params) {
     const { configId } = params;
-
     const authResponses = readRedirectAuthResponses();
-
-    let authResponseAndStateData:
-        | { authResponse: AuthResponse; stateData: StateData.Redirect }
-        | undefined = undefined;
-
+    let authResponseAndStateData = undefined;
     for (const authResponse of [...authResponses]) {
-        const stateData = getStateData({ stateQueryParamValue: authResponse.state });
-
+        const stateData = getStateData({ stateUrlParamValue: authResponse.state });
         if (stateData === undefined) {
             // NOTE: We do not understand how this can happen but it can.
             authResponses.splice(authResponses.indexOf(authResponse), 1);
             continue;
         }
-
         assert(stateData.context === "redirect", "474728");
-
         if (stateData.configId !== configId) {
             continue;
         }
-
         authResponses.splice(authResponses.indexOf(authResponse), 1);
-
         authResponseAndStateData = { authResponse, stateData };
     }
-
     writeRedirectAuthResponses({ authResponses });
-
     return authResponseAndStateData;
 }
-
 function reloadOnBfCacheNavigation() {
     const start = Date.now();
     window.addEventListener("pageshow", () => {
         const elapsed = Date.now() - start;
-
         if (elapsed < 100) {
             return;
         }
         location.reload();
     });
 }
-
 const { writeBackForwardTracker, readBackForwardTracker, clearBackForwardTracker } = (() => {
     const BACK_NAVIGATION_TRACKER_KEY = "oidc-spa:callback-back-forward-tracker";
-
-    type BackForwardTracker = {
-        previousHistoryMethod: "back" | "forward";
-        hasExitedCallback: boolean;
-    };
-
-    function writeBackForwardTracker(params: { backForwardTracker: BackForwardTracker }): void {
+    function writeBackForwardTracker(params) {
         const { backForwardTracker } = params;
-
         sessionStorage.setItem(BACK_NAVIGATION_TRACKER_KEY, JSON.stringify(backForwardTracker));
     }
-
-    function readBackForwardTracker(): BackForwardTracker | undefined {
+    function readBackForwardTracker() {
         const raw = sessionStorage.getItem(BACK_NAVIGATION_TRACKER_KEY);
-
         if (raw === null) {
             return undefined;
         }
-
         return JSON.parse(raw);
     }
-
-    function clearBackForwardTracker(): void {
+    function clearBackForwardTracker() {
         sessionStorage.removeItem(BACK_NAVIGATION_TRACKER_KEY);
     }
-
     return { writeBackForwardTracker, readBackForwardTracker, clearBackForwardTracker };
 })();
+//# sourceMappingURL=handleOidcCallback.js.map

package/esm/core/handleOidcCallback.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handleOidcCallback.js","sourceRoot":"","sources":["../../../src/core/handleOidcCallback.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,YAAY,EACZ,kCAAkC,EAClC,wBAAwB,EAE3B,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,0BAA0B,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAEhE,MAAM,aAAa,GAAG;IAClB,YAAY,EAAE,EAAE,CAAqC,SAAS,CAAC;CAClE,CAAC;AAEF,MAAM,UAAU,kBAAkB;IAC9B,IAAI,aAAa,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QAC3C,OAAO,aAAa,CAAC,YAAY,CAAC;IACtC,CAAC;IAED,OAAO,CAAC,aAAa,CAAC,YAAY,GAAG,8BAA8B,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,8BAA8B;IACnC,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAErD,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE;QAClC,QAAQ,EAAE,CAAC;YACP,MAAM,kBAAkB,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CACtF,OAAO,CACV,CAAC;YAEF,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,IAAI,CAAC,wBAAwB,CAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QACpD,CAAC;QAED,KAAK,EAAE,CAAC;YACJ,MAAM,kBAAkB,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAErE,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IAAI,CAAC,wBAAwB,CAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IACI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,IAAI;gBACtD,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,IAAI;gBAC1D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,IAAI,EAC3D,CAAC;gBACC,mFAAmF;gBACnF,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;QACrD,CAAC;QAED,OAAO,SAAS,CAAC;IACrB,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,kBAAkB,GAAG,sBAAsB,EAAE,CAAC;QAEpD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;YACnC,uBAAuB,CAAC;gBACpB,kBAAkB,EAAE;oBAChB,GAAG,kBAAkB;oBACrB,iBAAiB,EAAE,IAAI;iBAC1B;aACJ,CAAC,CAAC;QACP,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IAChC,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC;IAEvB,MAAM,EAAE,kBAAkB,EAAE,UAAU,EAAE,GAAG,uBAAuB,CAAC;IAEnE,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;IACvB,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;IACxB,OAAO,CAAC,KAAK,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;IACzB,OAAO,CAAC,KAAK,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;IAEzB,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvD,IACI,SAAS,KAAK,SAAS;QACvB,CAAC,SAAS,CAAC,OAAO,KAAK,UAAU,IAAI,SAAS,CAAC,0BAA0B,CAAC,EAC5E,CAAC;QACC,MAAM,aAAa,GAAuB,CAAC,GAAG,EAAE;YAC5C,MAAM,kBAAkB,GAAG,sBAAsB,EAAE,CAAC;YAEpD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBACnC,OAAO,MAAM,CAAC;YAClB,CAAC;YAED,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,CAAC;gBACxC,OAAO,kBAAkB,CAAC,qBAAqB,CAAC;YACpD,CAAC;YAED,QAAQ,kBAAkB,CAAC,qBAAqB,EAAE,CAAC;gBAC/C,KAAK,MAAM;oBACP,OAAO,SAAS,CAAC;gBACrB,KAAK,SAAS;oBACV,OAAO,MAAM,CAAC;YACtB,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,uBAAuB,CAAC;YACpB,kBAAkB,EAAE;gBAChB,qBAAqB,EAAE,aAAa;gBACpC,iBAAiB,EAAE,KAAK;aAC3B;SACJ,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,EAAE;YACZ,yBAAyB,EAAE,CAAC;YAE5B,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAEhC,kDAAkD;YAClD,kEAAkE;YAClE,oEAAoE;YACpE,0EAA0E;YAC1E,6EAA6E;YAC7E,UAAU,CAAC,GAAG,EAAE;gBACZ,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;gBAC3D,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,QAAQ,KAAK,IAAI,GAAG,QAAQ,GAAG,IAAI,EAAE,CAAC;YACpE,CAAC,EAAE,GAAG,CAAC,CAAC;QACZ,CAAC,EAAE,CAAC,CAAC,CAAC;QAEN,OAAO,EAAE,SAAS,EAAE,CAAC;IACzB,CAAC;IAED,MAAM,YAAY,GAAiB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAEjD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,UAAU;QACjC,CAAC,CAAC,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7D,CAAC,CAAC,eAAe,CAAC,YAAY,EAAE,CAAC;QACjC,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,YAAY,CAAC,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;IAE5C,QAAQ,SAAS,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,QAAQ;YACT,mBAAmB,CAAC;gBAChB,YAAY;aACf,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YACzF,MAAM;QACV,KAAK,UAAU;YACX,kCAAkC,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,uBAAuB,EAAE,CAAC;YAC1B,0BAA0B,CAAC;gBACvB,aAAa,EAAE,CAAC,GAAG,yBAAyB,EAAE,EAAE,YAAY,CAAC;aAChE,CAAC,CAAC;YACH,yBAAyB,EAAE,CAAC;YAC5B,UAAU,CAAC,GAAG,EAAE;gBACZ,MAAM,IAAI,GAAG,CAAC,GAAG,EAAE;oBACf,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;wBAC5E,OAAO,SAAS,CAAC,+BAA+B,CAAC;oBACrD,CAAC;oBAED,OAAO,SAAS,CAAC,WAAW,CAAC;gBACjC,CAAC,CAAC,EAAE,CAAC;gBAEL,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;YACzB,CAAC,EAAE,CAAC,CAAC,CAAC;YACN,MAAM;IACd,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,CAAC;AACzB,CAAC;AAED,MAAM,EACF,yBAAyB,EACzB,0BAA0B,EAC1B,kDAAkD,EACrD,GAAG,CAAC,GAAG,EAAE;IACN,MAAM,kBAAkB,GAAG,wBAAwB,CAAC;IAEpD,IAAI,6CAA6C,GAA+B,SAAS,CAAC;IAE1F,gFAAgF;IAChF,8DAA8D;IAC9D,6FAA6F;IAC7F,uFAAuF;IACvF,oFAAoF;IACpF,0CAA0C;IAC1C,wFAAwF;IACxF,SAAS,0BAA0B,CAAC,MAAyC;QACzE,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;QAEjC,6CAA6C,GAAG,SAAS,CAAC;QAE1D,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,cAAc,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;YAC9C,OAAO;QACX,CAAC;QACD,cAAc,CAAC,OAAO,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,SAAS,yBAAyB;QAC9B,IAAI,6CAA6C,KAAK,SAAS,EAAE,CAAC;YAC9D,OAAO,6CAA6C,CAAC;QACzD,CAAC;QAED,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAEvD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,SAAS,kDAAkD;QACvD,MAAM,aAAa,GAAG,yBAAyB,EAAE,CAAC;QAElD,0BAA0B,CAAC,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,CAAC;QAElD,6CAA6C,GAAG,aAAa,CAAC;IAClE,CAAC;IAED,OAAO;QACH,0BAA0B;QAC1B,yBAAyB;QACzB,kDAAkD;KACrD,CAAC;AACN,CAAC,CAAC,EAAE,CAAC;AAEL,OAAO,EAAE,kDAAkD,EAAE,CAAC;AAE9D,MAAM,UAAU,wCAAwC,CAAC,MAExD;IACG,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAE5B,MAAM,aAAa,GAAG,yBAAyB,EAAE,CAAC;IAElD,IAAI,wBAAwB,GAEV,SAAS,CAAC;IAE5B,KAAK,MAAM,YAAY,IAAI,CAAC,GAAG,aAAa,CAAC,EAAE,CAAC;QAC5C,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;QAE3E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC1B,6DAA6D;YAC7D,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7D,SAAS;QACb,CAAC;QAED,MAAM,CAAC,SAAS,CAAC,OAAO,KAAK,UAAU,EAAE,QAAQ,CAAC,CAAC;QAEnD,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAClC,SAAS;QACb,CAAC;QAED,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;QAE7D,wBAAwB,GAAG,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;IAC3D,CAAC;IAED,0BAA0B,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC;IAE9C,OAAO,wBAAwB,CAAC;AACpC,CAAC;AAED,SAAS,yBAAyB;IAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,CAAC,gBAAgB,CAAC,UAAU,EAAE,GAAG,EAAE;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAEnC,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAChB,OAAO;QACX,CAAC;QACD,QAAQ,CAAC,MAAM,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;AACP,CAAC;AAED,MAAM,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,GAAG,CAAC,GAAG,EAAE;IACvF,MAAM,2BAA2B,GAAG,wCAAwC,CAAC;IAO7E,SAAS,uBAAuB,CAAC,MAAkD;QAC/E,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;QAEtC,cAAc,CAAC,OAAO,CAAC,2BAA2B,EAAE,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,SAAS,sBAAsB;QAC3B,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;QAEhE,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACf,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,SAAS,uBAAuB;QAC5B,cAAc,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,CAAC;AACxF,CAAC,CAAC,EAAE,CAAC"}

package/esm/core/iframeMessageProtection.d.ts

@@ -0,0 +1,20 @@
+import { type AuthResponse } from "./AuthResponse";
+export declare function preventSessionStorageSetItemOfPublicKeyByThirdParty(): void;
+export declare function initIframeMessageProtection(params: {
+    stateUrlParamValue: string;
+}): Promise<{
+    getIsEncryptedAuthResponse: (params: {
+        message: unknown;
+    }) => boolean;
+    decodeEncryptedAuth: (params: {
+        encryptedAuthResponse: string;
+    }) => Promise<{
+        authResponse: AuthResponse;
+    }>;
+    clearSessionStoragePublicKey: () => void;
+}>;
+export declare function encryptAuthResponse(params: {
+    authResponse: AuthResponse;
+}): Promise<{
+    encryptedMessage: string;
+}>;

package/{src/core/iframeMessageProtection.ts → esm/core/iframeMessageProtection.js}

@@ -1,32 +1,21 @@
 import { assert } from "../vendor/frontend/tsafe";
 import { asymmetricEncrypt, asymmetricDecrypt, generateKeys } from "../tools/asymmetricEncryption";
-import { type AuthResponse } from "./AuthResponse";
-
 const sessionStorage_original = window.sessionStorage;
 const setItem_real = Storage.prototype.setItem;
-
 const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
-
 export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
-    const setItem_protected = function setItem(this: any, key: string, value: string): void {
+    const setItem_protected = function setItem(key, value) {
         if (this !== sessionStorage_original) {
             return setItem_real.call(this, key, value);
         }
-
         if (key.startsWith(SESSION_STORAGE_PREFIX)) {
-            throw new Error(
-                "Attack prevented by oidc-spa. You have malicious code running in your system"
-            );
+            throw new Error("Attack prevented by oidc-spa. You have malicious code running in your system");
         }
-
         return setItem_real.call(sessionStorage_original, key, value);
     };
-
     {
         const pd = Object.getOwnPropertyDescriptor(Storage.prototype, "setItem");
-
         assert(pd !== undefined);
-
         Object.defineProperty(Storage.prototype, "setItem", {
             enumerable: pd.enumerable,
             writable: pd.writable,
@@ -34,67 +23,43 @@ export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
         });
     }
 }
-
 const ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
-
-function getSessionStorageKey(params: { stateQueryParamValue: string }) {
-    const { stateQueryParamValue } = params;
-
-    return `${SESSION_STORAGE_PREFIX}${stateQueryParamValue}`;
+function getSessionStorageKey(params) {
+    const { stateUrlParamValue } = params;
+    return `${SESSION_STORAGE_PREFIX}${stateUrlParamValue}`;
 }
-
-export async function initIframeMessageProtection(params: { stateQueryParamValue: string }) {
-    const { stateQueryParamValue } = params;
-
+export async function initIframeMessageProtection(params) {
+    const { stateUrlParamValue } = params;
     const { publicKey, privateKey } = await generateKeys();
-
-    const sessionStorageKey = getSessionStorageKey({ stateQueryParamValue });
-
+    const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
     setItem_real.call(sessionStorage, sessionStorageKey, publicKey);
-
-    function getIsEncryptedAuthResponse(params: { message: unknown }): boolean {
+    function getIsEncryptedAuthResponse(params) {
         const { message } = params;
-
         return typeof message === "string" && message.startsWith(ENCRYPTED_AUTH_RESPONSES_PREFIX);
     }
-
-    async function decodeEncryptedAuth(params: {
-        encryptedAuthResponse: string;
-    }): Promise<{ authResponse: AuthResponse }> {
+    async function decodeEncryptedAuth(params) {
         const { encryptedAuthResponse } = params;
-
         const { message: authResponse_str } = await asymmetricDecrypt({
             encryptedMessage: encryptedAuthResponse.slice(ENCRYPTED_AUTH_RESPONSES_PREFIX.length),
             privateKey
         });
-
-        const authResponse: AuthResponse = JSON.parse(authResponse_str);
-
+        const authResponse = JSON.parse(authResponse_str);
         return { authResponse };
     }
-
     function clearSessionStoragePublicKey() {
         sessionStorage.removeItem(sessionStorageKey);
     }
-
     return { getIsEncryptedAuthResponse, decodeEncryptedAuth, clearSessionStoragePublicKey };
 }
-
-export async function encryptAuthResponse(params: { authResponse: AuthResponse }) {
+export async function encryptAuthResponse(params) {
     const { authResponse } = params;
-
-    const publicKey = sessionStorage.getItem(
-        getSessionStorageKey({ stateQueryParamValue: authResponse.state })
-    );
-
+    const publicKey = sessionStorage.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
     assert(publicKey !== null, "2293302");
-
     const { encryptedMessage: encryptedMessage_withoutPrefix } = await asymmetricEncrypt({
         publicKey,
         message: JSON.stringify(authResponse)
     });
-
     const encryptedMessage = `${ENCRYPTED_AUTH_RESPONSES_PREFIX}${encryptedMessage_withoutPrefix}`;
-
     return { encryptedMessage };
 }
+//# sourceMappingURL=iframeMessageProtection.js.map

package/esm/core/iframeMessageProtection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../../../src/core/iframeMessageProtection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAGnG,MAAM,uBAAuB,GAAG,MAAM,CAAC,cAAc,CAAC;AACtD,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAE/C,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,MAAM,UAAU,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YACnC,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAClE,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,MAAM,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,MAAsC;IACpF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAEhE,SAAS,0BAA0B,CAAC,MAA4B;QAC5D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;QAE3B,OAAO,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,CAAC,+BAA+B,CAAC,CAAC;IAC9F,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,iBAAiB,CAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CAAC,+BAA+B,CAAC,MAAM,CAAC;YACrF,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,CAAC;AAC7F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,MAAsC;IAC5E,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CACpC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CACnE,CAAC;IAEF,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;IAEtC,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,iBAAiB,CAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,8BAA8B,EAAE,CAAC;IAE/F,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAChC,CAAC"}

package/{src/core/index.ts → esm/core/index.d.ts}

@@ -1,4 +1,4 @@
 export type { Oidc } from "./Oidc";
 export { createOidc, type ParamsOfCreateOidc } from "./createOidc";
 export { OidcInitializationError } from "./OidcInitializationError";
-export { trustedFetch } from "./trustedFetch";
+export { handleOidcCallback } from "./handleOidcCallback";

package/esm/core/index.js

@@ -0,0 +1,4 @@
+export { createOidc } from "./createOidc";
+export { OidcInitializationError } from "./OidcInitializationError";
+export { handleOidcCallback } from "./handleOidcCallback";
+//# sourceMappingURL=index.js.map

package/esm/core/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAA2B,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}

package/esm/core/initialLocationHref.d.ts

@@ -0,0 +1 @@
+export declare const initialLocationHref: string;

package/{src/core/initialLocationHref.ts → esm/core/initialLocationHref.js}

@@ -1,5 +1,5 @@
 const globalContext = {
     initialLocationHref: window.location.href
 };
-
 export const { initialLocationHref } = globalContext;
+//# sourceMappingURL=initialLocationHref.js.map

package/esm/core/initialLocationHref.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"initialLocationHref.js","sourceRoot":"","sources":["../../../src/core/initialLocationHref.ts"],"names":[],"mappings":"AAAA,MAAM,aAAa,GAAG;IAClB,mBAAmB,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;CAC5C,CAAC;AAEF,MAAM,CAAC,MAAM,EAAE,mBAAmB,EAAE,GAAG,aAAa,CAAC"}

package/esm/core/isNewBrowserSession.d.ts

@@ -0,0 +1,9 @@
+import type { NonPostableEvt } from "../tools/Evt";
+export declare function createGetIsNewBrowserSession(params: {
+    configId: string;
+    evtUserNotLoggedIn: NonPostableEvt<void>;
+}): {
+    getIsNewBrowserSession: (params: {
+        subjectId: string;
+    }) => boolean;
+};

package/{src/core/isNewBrowserSession.ts → esm/core/isNewBrowserSession.js}

@@ -1,37 +1,25 @@
-import type { NonPostableEvt } from "../tools/Evt";
-
-export function createGetIsNewBrowserSession(params: {
-    configId: string;
-    evtUserNotLoggedIn: NonPostableEvt<void>;
-}) {
+export function createGetIsNewBrowserSession(params) {
     const { configId, evtUserNotLoggedIn } = params;
-
     const SESSION_STORAGE_KEY = `oidc-spa.subject-id:${configId}`;
-
     {
         const { unsubscribe } = evtUserNotLoggedIn.subscribe(() => {
             unsubscribe();
             sessionStorage.removeItem(SESSION_STORAGE_KEY);
         });
     }
-
-    function getIsNewBrowserSession(params: { subjectId: string }): boolean {
+    function getIsNewBrowserSession(params) {
         const { subjectId } = params;
-
         const subjectId_sessionStorage = sessionStorage.getItem(SESSION_STORAGE_KEY);
-
         if (subjectId_sessionStorage === null) {
             sessionStorage.setItem(SESSION_STORAGE_KEY, subjectId);
             return true;
         }
-
         if (subjectId !== subjectId_sessionStorage) {
             sessionStorage.setItem(SESSION_STORAGE_KEY, subjectId);
             return true;
         }
-
         return false;
     }
-
     return { getIsNewBrowserSession };
 }
+//# sourceMappingURL=isNewBrowserSession.js.map

package/esm/core/isNewBrowserSession.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isNewBrowserSession.js","sourceRoot":"","sources":["../../../src/core/isNewBrowserSession.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,4BAA4B,CAAC,MAG5C;IACG,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEhD,MAAM,mBAAmB,GAAG,uBAAuB,QAAQ,EAAE,CAAC;IAE9D,CAAC;QACG,MAAM,EAAE,WAAW,EAAE,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,EAAE;YACtD,WAAW,EAAE,CAAC;YACd,cAAc,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACP,CAAC;IAED,SAAS,sBAAsB,CAAC,MAA6B;QACzD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAE7B,MAAM,wBAAwB,GAAG,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAE7E,IAAI,wBAAwB,KAAK,IAAI,EAAE,CAAC;YACpC,cAAc,CAAC,OAAO,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;YACvD,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,IAAI,SAAS,KAAK,wBAAwB,EAAE,CAAC;YACzC,cAAc,CAAC,OAAO,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;YACvD,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,EAAE,sBAAsB,EAAE,CAAC;AACtC,CAAC"}

package/esm/core/loginOrGoToAuthServer.d.ts

@@ -0,0 +1,40 @@
+import type { UserManager as OidcClientTsUserManager } from "../vendor/frontend/oidc-client-ts";
+import type { NonPostableEvt } from "../tools/Evt";
+type Params = Params.Login | Params.GoToAuthServer;
+declare namespace Params {
+    type Common = {
+        redirectUrl: string;
+        extraQueryParams_local: Record<string, string | undefined> | undefined;
+        transformUrlBeforeRedirect_local: ((url: string) => string) | undefined;
+    };
+    export type Login = Common & {
+        action: "login";
+        doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: boolean;
+        doForceReloadOnBfCache: boolean;
+        interaction: "ensure no interaction" | "ensure interaction" | "directly redirect if active session show login otherwise";
+    };
+    export type GoToAuthServer = Common & {
+        action: "go to auth server";
+    };
+    export {};
+}
+export declare function getPrSafelyRestoredFromBfCacheAfterLoginBackNavigation(): Promise<void>;
+export declare function createLoginOrGoToAuthServer(params: {
+    configId: string;
+    oidcClientTsUserManager: OidcClientTsUserManager;
+    transformUrlBeforeRedirect: ((params: {
+        authorizationUrl: string;
+        isSilent: boolean;
+    }) => string) | undefined;
+    getExtraQueryParams: ((params: {
+        isSilent: boolean;
+        url: string;
+    }) => Record<string, string | undefined>) | undefined;
+    getExtraTokenParams: (() => Record<string, string | undefined>) | undefined;
+    homeUrl: string;
+    evtIsUserLoggedIn: NonPostableEvt<boolean>;
+    log: typeof console.log | undefined;
+}): {
+    loginOrGoToAuthServer: (params: Params) => Promise<never>;
+};
+export {};