oidc-spa 7.1.10 → 7.2.0-rc.2

package/{src/core/logoutPropagationToOtherTabs.ts → esm/core/logoutPropagationToOtherTabs.js}

@@ -1,53 +1,33 @@
 import { assert, is } from "../vendor/frontend/tsafe";
 import { Deferred } from "../tools/Deferred";
-
 const globalContext = {
     appInstanceId: Math.random().toString(36).slice(2)
 };
-
-type Message = {
-    appInstanceId: string;
-    configId: string;
-};
-
-function getChannelName(params: { sessionIdOrConfigId: string }) {
+function getChannelName(params) {
     const { sessionIdOrConfigId } = params;
     return `oidc-spa:logout-propagation:${sessionIdOrConfigId}`;
 }
-
-export function notifyOtherTabsOfLogout(params: { configId: string; sessionId: string | undefined }) {
+export function notifyOtherTabsOfLogout(params) {
     const { configId, sessionId } = params;
-
-    const message: Message = {
+    const message = {
         configId,
         appInstanceId: globalContext.appInstanceId
     };
-
-    new BroadcastChannel(getChannelName({ sessionIdOrConfigId: sessionId ?? configId })).postMessage(
-        message
-    );
+    new BroadcastChannel(getChannelName({ sessionIdOrConfigId: sessionId ?? configId })).postMessage(message);
 }
-
-export function getPrOtherTabLogout(params: { sessionId: string | undefined; configId: string }) {
+export function getPrOtherTabLogout(params) {
     const { sessionId, configId } = params;
-
-    const dOtherTabLogout = new Deferred<void>();
-
+    const dOtherTabLogout = new Deferred();
     const channel = new BroadcastChannel(getChannelName({ sessionIdOrConfigId: sessionId ?? configId }));
-
     channel.onmessage = ({ data: message }) => {
-        assert(is<Message>(message));
-
+        assert(is(message));
         if (message.appInstanceId === globalContext.appInstanceId) {
             return;
         }
-
         channel.close();
-
         dOtherTabLogout.resolve();
     };
-
     const prOtherTabLogout = dOtherTabLogout.pr;
-
     return { prOtherTabLogout };
 }
+//# sourceMappingURL=logoutPropagationToOtherTabs.js.map

package/esm/core/logoutPropagationToOtherTabs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logoutPropagationToOtherTabs.js","sourceRoot":"","sources":["../../../src/core/logoutPropagationToOtherTabs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAE7C,MAAM,aAAa,GAAG;IAClB,aAAa,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;CACrD,CAAC;AAOF,SAAS,cAAc,CAAC,MAAuC;IAC3D,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,CAAC;IACvC,OAAO,+BAA+B,mBAAmB,EAAE,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,MAA2D;IAC/F,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAEvC,MAAM,OAAO,GAAY;QACrB,QAAQ;QACR,aAAa,EAAE,aAAa,CAAC,aAAa;KAC7C,CAAC;IAEF,IAAI,gBAAgB,CAAC,cAAc,CAAC,EAAE,mBAAmB,EAAE,SAAS,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,WAAW,CAC5F,OAAO,CACV,CAAC;AACN,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAA2D;IAC3F,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAEvC,MAAM,eAAe,GAAG,IAAI,QAAQ,EAAQ,CAAC;IAE7C,MAAM,OAAO,GAAG,IAAI,gBAAgB,CAAC,cAAc,CAAC,EAAE,mBAAmB,EAAE,SAAS,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;IAErG,OAAO,CAAC,SAAS,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE;QACtC,MAAM,CAAC,EAAE,CAAU,OAAO,CAAC,CAAC,CAAC;QAE7B,IAAI,OAAO,CAAC,aAAa,KAAK,aAAa,CAAC,aAAa,EAAE,CAAC;YACxD,OAAO;QACX,CAAC;QAED,OAAO,CAAC,KAAK,EAAE,CAAC;QAEhB,eAAe,CAAC,OAAO,EAAE,CAAC;IAC9B,CAAC,CAAC;IAEF,MAAM,gBAAgB,GAAG,eAAe,CAAC,EAAE,CAAC;IAE5C,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAChC,CAAC"}

package/esm/core/oidcClientTsUserToTokens.d.ts

@@ -0,0 +1,11 @@
+import type { User as OidcClientTsUser } from "../vendor/frontend/oidc-client-ts";
+import type { Oidc } from "./Oidc";
+export declare function oidcClientTsUserToTokens<DecodedIdToken extends Record<string, unknown>>(params: {
+    oidcClientTsUser: OidcClientTsUser;
+    decodedIdTokenSchema?: {
+        parse: (decodedIdToken_original: Oidc.Tokens.DecodedIdToken_base) => DecodedIdToken;
+    };
+    __unsafe_useIdTokenAsAccessToken: boolean;
+    decodedIdToken_previous: DecodedIdToken | undefined;
+    log: typeof console.log | undefined;
+}): Oidc.Tokens<DecodedIdToken>;

package/esm/core/oidcClientTsUserToTokens.js

@@ -0,0 +1,155 @@
+import { assert, id } from "../vendor/frontend/tsafe";
+import { readExpirationTimeInJwt } from "../tools/readExpirationTimeInJwt";
+import { decodeJwt } from "../tools/decodeJwt";
+export function oidcClientTsUserToTokens(params) {
+    const { oidcClientTsUser, decodedIdTokenSchema, __unsafe_useIdTokenAsAccessToken, decodedIdToken_previous, log } = params;
+    const isFirstInit = decodedIdToken_previous === undefined;
+    const accessToken = oidcClientTsUser.access_token;
+    const refreshToken = oidcClientTsUser.refresh_token;
+    const idToken = oidcClientTsUser.id_token;
+    assert(idToken !== undefined, "No id token provided by the oidc server");
+    const decodedIdToken_original = decodeJwt(idToken);
+    if (isFirstInit) {
+        log?.([
+            `Decoded ID token`,
+            decodedIdTokenSchema === undefined ? "" : " before `decodedIdTokenSchema.parse()`\n",
+            JSON.stringify(decodedIdToken_original, null, 2)
+        ].join(""));
+    }
+    const decodedIdToken = (() => {
+        let decodedIdToken;
+        if (decodedIdTokenSchema !== undefined) {
+            decodedIdToken = decodedIdTokenSchema.parse(decodedIdToken_original);
+            if (isFirstInit) {
+                log?.([
+                    "Decoded ID token after `decodedIdTokenSchema.parse()`\n",
+                    JSON.stringify(decodedIdToken, null, 2)
+                ].join(""));
+            }
+        }
+        else {
+            // @ts-expect-error
+            decodedIdToken = decodedIdToken_original;
+        }
+        if (decodedIdToken_previous !== undefined &&
+            JSON.stringify(decodedIdToken) === JSON.stringify(decodedIdToken_previous)) {
+            // NOTE: For stable ref, prevent re-render for component that would memoize
+            return decodedIdToken_previous;
+        }
+        return decodedIdToken;
+    })();
+    const issuedAtTime = (() => {
+        // NOTE: The id_token is always a JWT as per the protocol.
+        // We don't use Date.now() due to network latency.
+        const id_token_iat = (() => {
+            let iat;
+            try {
+                const iat_claimValue = decodedIdToken_original.iat;
+                assert(iat_claimValue === undefined || typeof iat_claimValue === "number");
+                iat = iat_claimValue;
+            }
+            catch {
+                iat = undefined;
+            }
+            if (iat === undefined) {
+                return undefined;
+            }
+            return iat;
+        })();
+        if (id_token_iat === undefined) {
+            return Date.now();
+        }
+        return id_token_iat * 1000;
+    })();
+    const tokens_common = {
+        ...(__unsafe_useIdTokenAsAccessToken
+            ? {
+                accessToken: idToken,
+                accessTokenExpirationTime: (() => {
+                    const expirationTime = readExpirationTimeInJwt(idToken);
+                    assert(expirationTime !== undefined, "Failed to get id token expiration time while trying to substitute the access token by the id token");
+                    return expirationTime;
+                })()
+            }
+            : {
+                accessToken,
+                accessTokenExpirationTime: (() => {
+                    read_from_jwt: {
+                        const expirationTime = readExpirationTimeInJwt(accessToken);
+                        if (expirationTime === undefined) {
+                            break read_from_jwt;
+                        }
+                        return expirationTime;
+                    }
+                    read_from_token_response_expires_at: {
+                        const { expires_at } = oidcClientTsUser.__oidc_spa_tokenResponse;
+                        if (expires_at === undefined) {
+                            break read_from_token_response_expires_at;
+                        }
+                        assert(typeof expires_at === "number", "2033392");
+                        return expires_at * 1000;
+                    }
+                    read_from_token_response_expires_in: {
+                        const { expires_in } = oidcClientTsUser.__oidc_spa_tokenResponse;
+                        if (expires_in === undefined) {
+                            break read_from_token_response_expires_in;
+                        }
+                        assert(typeof expires_in === "number", "203333425");
+                        return issuedAtTime + expires_in * 1000;
+                    }
+                    assert(false, "Failed to get access token expiration time");
+                })()
+            }),
+        idToken,
+        decodedIdToken,
+        decodedIdToken_original,
+        issuedAtTime
+    };
+    const tokens = refreshToken === undefined
+        ? id({
+            ...tokens_common,
+            hasRefreshToken: false
+        })
+        : id({
+            ...tokens_common,
+            hasRefreshToken: true,
+            refreshToken,
+            refreshTokenExpirationTime: (() => {
+                read_from_token_response_expires_at: {
+                    const { refresh_expires_at } = oidcClientTsUser.__oidc_spa_tokenResponse;
+                    if (refresh_expires_at === undefined) {
+                        break read_from_token_response_expires_at;
+                    }
+                    assert(typeof refresh_expires_at === "number", "2033392");
+                    return refresh_expires_at * 1000;
+                }
+                read_from_token_response_expires_in: {
+                    const { refresh_expires_in } = oidcClientTsUser.__oidc_spa_tokenResponse;
+                    if (refresh_expires_in === undefined) {
+                        break read_from_token_response_expires_in;
+                    }
+                    assert(typeof refresh_expires_in === "number", "2033425330");
+                    return issuedAtTime + refresh_expires_in * 1000;
+                }
+                read_from_jwt: {
+                    const expirationTime = readExpirationTimeInJwt(refreshToken);
+                    if (expirationTime === undefined) {
+                        break read_from_jwt;
+                    }
+                    return expirationTime;
+                }
+                return undefined;
+            })()
+        });
+    if (isFirstInit &&
+        tokens.hasRefreshToken &&
+        tokens.refreshTokenExpirationTime !== undefined &&
+        tokens.refreshTokenExpirationTime < tokens.accessTokenExpirationTime) {
+        console.warn([
+            "The OIDC refresh token expirationTime is shorter than the one of the access token.",
+            "This is very unusual and probably a misconfiguration."
+        ].join(" "));
+    }
+    return tokens;
+}
+//# sourceMappingURL=oidcClientTsUserToTokens.js.map

package/esm/core/oidcClientTsUserToTokens.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidcClientTsUserToTokens.js","sourceRoot":"","sources":["../../../src/core/oidcClientTsUserToTokens.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAG/C,MAAM,UAAU,wBAAwB,CAAiD,MAQxF;IACG,MAAM,EACF,gBAAgB,EAChB,oBAAoB,EACpB,gCAAgC,EAChC,uBAAuB,EACvB,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,MAAM,WAAW,GAAG,uBAAuB,KAAK,SAAS,CAAC;IAE1D,MAAM,WAAW,GAAG,gBAAgB,CAAC,YAAY,CAAC;IAElD,MAAM,YAAY,GAAG,gBAAgB,CAAC,aAAa,CAAC;IAEpD,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC;IAE1C,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,yCAAyC,CAAC,CAAC;IAEzE,MAAM,uBAAuB,GAAG,SAAS,CAAkC,OAAO,CAAC,CAAC;IAEpF,IAAI,WAAW,EAAE,CAAC;QACd,GAAG,EAAE,CACD;YACI,kBAAkB;YAClB,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,0CAA0C;YACpF,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,IAAI,EAAE,CAAC,CAAC;SACnD,CAAC,IAAI,CAAC,EAAE,CAAC,CACb,CAAC;IACN,CAAC;IAED,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE;QACzB,IAAI,cAA8B,CAAC;QAEnC,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;YACrC,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAErE,IAAI,WAAW,EAAE,CAAC;gBACd,GAAG,EAAE,CACD;oBACI,yDAAyD;oBACzD,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC1C,CAAC,IAAI,CAAC,EAAE,CAAC,CACb,CAAC;YACN,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,mBAAmB;YACnB,cAAc,GAAG,uBAAuB,CAAC;QAC7C,CAAC;QAED,IACI,uBAAuB,KAAK,SAAS;YACrC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,EAC5E,CAAC;YACC,2EAA2E;YAC3E,OAAO,uBAAuB,CAAC;QACnC,CAAC;QAED,OAAO,cAAc,CAAC;IAC1B,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;QACvB,0DAA0D;QAC1D,kDAAkD;QAClD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;YACvB,IAAI,GAAuB,CAAC;YAE5B,IAAI,CAAC;gBACD,MAAM,cAAc,GAAG,uBAAuB,CAAC,GAAG,CAAC;gBACnD,MAAM,CAAC,cAAc,KAAK,SAAS,IAAI,OAAO,cAAc,KAAK,QAAQ,CAAC,CAAC;gBAC3E,GAAG,GAAG,cAAc,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACL,GAAG,GAAG,SAAS,CAAC;YACpB,CAAC;YAED,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACpB,OAAO,SAAS,CAAC;YACrB,CAAC;YAED,OAAO,GAAG,CAAC;QACf,CAAC,CAAC,EAAE,CAAC;QAEL,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;QACtB,CAAC;QAED,OAAO,YAAY,GAAG,IAAI,CAAC;IAC/B,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,aAAa,GAAuC;QACtD,GAAG,CAAC,gCAAgC;YAChC,CAAC,CAAC;gBACI,WAAW,EAAE,OAAO;gBACpB,yBAAyB,EAAE,CAAC,GAAG,EAAE;oBAC7B,MAAM,cAAc,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;oBAExD,MAAM,CACF,cAAc,KAAK,SAAS,EAC5B,oGAAoG,CACvG,CAAC;oBAEF,OAAO,cAAc,CAAC;gBAC1B,CAAC,CAAC,EAAE;aACP;YACH,CAAC,CAAC;gBACI,WAAW;gBACX,yBAAyB,EAAE,CAAC,GAAG,EAAE;oBAC7B,aAAa,EAAE,CAAC;wBACZ,MAAM,cAAc,GAAG,uBAAuB,CAAC,WAAW,CAAC,CAAC;wBAE5D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;4BAC/B,MAAM,aAAa,CAAC;wBACxB,CAAC;wBAED,OAAO,cAAc,CAAC;oBAC1B,CAAC;oBAED,mCAAmC,EAAE,CAAC;wBAClC,MAAM,EAAE,UAAU,EAAE,GAAG,gBAAgB,CAAC,wBAAwB,CAAC;wBAEjE,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;4BAC3B,MAAM,mCAAmC,CAAC;wBAC9C,CAAC;wBAED,MAAM,CAAC,OAAO,UAAU,KAAK,QAAQ,EAAE,SAAS,CAAC,CAAC;wBAElD,OAAO,UAAU,GAAG,IAAI,CAAC;oBAC7B,CAAC;oBAED,mCAAmC,EAAE,CAAC;wBAClC,MAAM,EAAE,UAAU,EAAE,GAAG,gBAAgB,CAAC,wBAAwB,CAAC;wBAEjE,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;4BAC3B,MAAM,mCAAmC,CAAC;wBAC9C,CAAC;wBAED,MAAM,CAAC,OAAO,UAAU,KAAK,QAAQ,EAAE,WAAW,CAAC,CAAC;wBAEpD,OAAO,YAAY,GAAG,UAAU,GAAG,IAAK,CAAC;oBAC7C,CAAC;oBAED,MAAM,CAAC,KAAK,EAAE,4CAA4C,CAAC,CAAC;gBAChE,CAAC,CAAC,EAAE;aACP,CAAC;QACR,OAAO;QACP,cAAc;QACd,uBAAuB;QACvB,YAAY;KACf,CAAC;IAEF,MAAM,MAAM,GACR,YAAY,KAAK,SAAS;QACtB,CAAC,CAAC,EAAE,CAAkD;YAChD,GAAG,aAAa;YAChB,eAAe,EAAE,KAAK;SACzB,CAAC;QACJ,CAAC,CAAC,EAAE,CAA+C;YAC7C,GAAG,aAAa;YAChB,eAAe,EAAE,IAAI;YACrB,YAAY;YACZ,0BAA0B,EAAE,CAAC,GAAG,EAAE;gBAC9B,mCAAmC,EAAE,CAAC;oBAClC,MAAM,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,wBAAwB,CAAC;oBAEzE,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;wBACnC,MAAM,mCAAmC,CAAC;oBAC9C,CAAC;oBAED,MAAM,CAAC,OAAO,kBAAkB,KAAK,QAAQ,EAAE,SAAS,CAAC,CAAC;oBAE1D,OAAO,kBAAkB,GAAG,IAAI,CAAC;gBACrC,CAAC;gBAED,mCAAmC,EAAE,CAAC;oBAClC,MAAM,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,wBAAwB,CAAC;oBAEzE,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;wBACnC,MAAM,mCAAmC,CAAC;oBAC9C,CAAC;oBAED,MAAM,CAAC,OAAO,kBAAkB,KAAK,QAAQ,EAAE,YAAY,CAAC,CAAC;oBAE7D,OAAO,YAAY,GAAG,kBAAkB,GAAG,IAAI,CAAC;gBACpD,CAAC;gBAED,aAAa,EAAE,CAAC;oBACZ,MAAM,cAAc,GAAG,uBAAuB,CAAC,YAAY,CAAC,CAAC;oBAE7D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;wBAC/B,MAAM,aAAa,CAAC;oBACxB,CAAC;oBAED,OAAO,cAAc,CAAC;gBAC1B,CAAC;gBAED,OAAO,SAAS,CAAC;YACrB,CAAC,CAAC,EAAE;SACP,CAAC,CAAC;IAEb,IACI,WAAW;QACX,MAAM,CAAC,eAAe;QACtB,MAAM,CAAC,0BAA0B,KAAK,SAAS;QAC/C,MAAM,CAAC,0BAA0B,GAAG,MAAM,CAAC,yBAAyB,EACtE,CAAC;QACC,OAAO,CAAC,IAAI,CACR;YACI,oFAAoF;YACpF,uDAAuD;SAC1D,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IACN,CAAC;IAED,OAAO,MAAM,CAAC;AAClB,CAAC"}

package/esm/core/ongoingLoginOrRefreshProcesses.d.ts

@@ -0,0 +1,6 @@
+export declare function startLoginOrRefreshProcess(): Promise<{
+    completeLoginOrRefreshProcess: () => void;
+}>;
+export declare function waitForAllOtherOngoingLoginOrRefreshProcessesToComplete(params: {
+    prUnlock: Promise<void>;
+}): Promise<void>;

package/{src/core/ongoingLoginOrRefreshProcesses.ts → esm/core/ongoingLoginOrRefreshProcesses.js}

@@ -1,47 +1,29 @@
 import { Deferred } from "../tools/Deferred";
 import { assert, id } from "../vendor/frontend/tsafe";
-
 const globalContext = {
-    prDone_arr: id<Promise<void>[]>([]),
-    prUnlock: id<Promise<void>>(Promise.resolve())
+    prDone_arr: id([]),
+    prUnlock: id(Promise.resolve())
 };
-
-export async function startLoginOrRefreshProcess(): Promise<{
-    completeLoginOrRefreshProcess: () => void;
-}> {
+export async function startLoginOrRefreshProcess() {
     await globalContext.prUnlock;
-
-    const dDone = new Deferred<void>();
-
+    const dDone = new Deferred();
     const { prDone_arr } = globalContext;
-
     prDone_arr.push(dDone.pr);
-
     function completeLoginOrRefreshProcess() {
         const index = prDone_arr.indexOf(dDone.pr);
-
         assert(index !== -1, "104044");
-
         prDone_arr.splice(index, 1);
-
         dDone.resolve();
     }
-
     return { completeLoginOrRefreshProcess };
 }
-
-export async function waitForAllOtherOngoingLoginOrRefreshProcessesToComplete(params: {
-    prUnlock: Promise<void>;
-}): Promise<void> {
+export async function waitForAllOtherOngoingLoginOrRefreshProcessesToComplete(params) {
     const { prUnlock } = params;
-
     const prUnlock_current = globalContext.prUnlock;
-
     globalContext.prUnlock = (async () => {
         await prUnlock_current;
-
         await prUnlock;
     })();
-
     await Promise.all(globalContext.prDone_arr);
 }
+//# sourceMappingURL=ongoingLoginOrRefreshProcesses.js.map

package/esm/core/ongoingLoginOrRefreshProcesses.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ongoingLoginOrRefreshProcesses.js","sourceRoot":"","sources":["../../../src/core/ongoingLoginOrRefreshProcesses.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,0BAA0B,CAAC;AAEtD,MAAM,aAAa,GAAG;IAClB,UAAU,EAAE,EAAE,CAAkB,EAAE,CAAC;IACnC,QAAQ,EAAE,EAAE,CAAgB,OAAO,CAAC,OAAO,EAAE,CAAC;CACjD,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,0BAA0B;IAG5C,MAAM,aAAa,CAAC,QAAQ,CAAC;IAE7B,MAAM,KAAK,GAAG,IAAI,QAAQ,EAAQ,CAAC;IAEnC,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;IAErC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAE1B,SAAS,6BAA6B;QAClC,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAE3C,MAAM,CAAC,KAAK,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAE/B,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAE5B,KAAK,CAAC,OAAO,EAAE,CAAC;IACpB,CAAC;IAED,OAAO,EAAE,6BAA6B,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uDAAuD,CAAC,MAE7E;IACG,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAE5B,MAAM,gBAAgB,GAAG,aAAa,CAAC,QAAQ,CAAC;IAEhD,aAAa,CAAC,QAAQ,GAAG,CAAC,KAAK,IAAI,EAAE;QACjC,MAAM,gBAAgB,CAAC;QAEvB,MAAM,QAAQ,CAAC;IACnB,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;AAChD,CAAC"}

package/esm/core/persistedAuthState.d.ts

@@ -0,0 +1,28 @@
+type PersistedAuthState = PersistedAuthState.LoggedIn | PersistedAuthState.ExplicitlyLoggedOut;
+declare namespace PersistedAuthState {
+    type Common = {
+        __brand: "PersistedAuthState-v1";
+    };
+    export type LoggedIn = Common & {
+        stateDescription: "logged in";
+        untilTime: number | undefined;
+    };
+    export type ExplicitlyLoggedOut = Common & {
+        stateDescription: "explicitly logged out";
+    };
+    export {};
+}
+export declare function persistAuthState(params: {
+    configId: string;
+    state: {
+        stateDescription: "logged in";
+        idleSessionLifetimeInSeconds: number | undefined;
+        refreshTokenExpirationTime: number | undefined;
+    } | {
+        stateDescription: "explicitly logged out";
+    } | undefined;
+}): void;
+export declare function getPersistedAuthState(params: {
+    configId: string;
+}): PersistedAuthState["stateDescription"] | undefined;
+export {};

package/esm/core/persistedAuthState.js

@@ -0,0 +1,64 @@
+import { typeGuard, id } from "../vendor/frontend/tsafe";
+function getKey(params) {
+    const { configId } = params;
+    return `oidc-spa:auth-state:${configId}`;
+}
+export function persistAuthState(params) {
+    const { configId, state } = params;
+    const key = getKey({ configId });
+    if (state === undefined) {
+        localStorage.removeItem(key);
+        return;
+    }
+    localStorage.setItem(key, JSON.stringify(id((() => {
+        switch (state.stateDescription) {
+            case "logged in":
+                return id({
+                    __brand: "PersistedAuthState-v1",
+                    stateDescription: "logged in",
+                    untilTime: (() => {
+                        const { idleSessionLifetimeInSeconds, refreshTokenExpirationTime } = state;
+                        if (idleSessionLifetimeInSeconds !== undefined) {
+                            return Date.now() + idleSessionLifetimeInSeconds * 1000;
+                        }
+                        return refreshTokenExpirationTime;
+                    })()
+                });
+            case "explicitly logged out":
+                return id({
+                    __brand: "PersistedAuthState-v1",
+                    stateDescription: "explicitly logged out"
+                });
+        }
+    })())));
+}
+export function getPersistedAuthState(params) {
+    const { configId } = params;
+    const key = getKey({ configId });
+    const value = localStorage.getItem(key);
+    if (value === null) {
+        return undefined;
+    }
+    let state;
+    try {
+        state = JSON.parse(value);
+    }
+    catch {
+        localStorage.removeItem(key);
+        return undefined;
+    }
+    if (!typeGuard(state, state instanceof Object &&
+        "__brand" in state &&
+        state.__brand === id("PersistedAuthState-v1"))) {
+        localStorage.removeItem(key);
+        return undefined;
+    }
+    if (state.stateDescription === "logged in") {
+        if (state.untilTime !== undefined && state.untilTime <= Date.now()) {
+            localStorage.removeItem(key);
+            return undefined;
+        }
+    }
+    return state.stateDescription;
+}
+//# sourceMappingURL=persistedAuthState.js.map

package/esm/core/persistedAuthState.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"persistedAuthState.js","sourceRoot":"","sources":["../../../src/core/persistedAuthState.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,0BAA0B,CAAC;AAEzD,SAAS,MAAM,CAAC,MAA4B;IACxC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAE5B,OAAO,uBAAuB,QAAQ,EAAE,CAAC;AAC7C,CAAC;AAkBD,MAAM,UAAU,gBAAgB,CAAC,MAYhC;IACG,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IAEnC,MAAM,GAAG,GAAG,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAEjC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACtB,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO;IACX,CAAC;IAED,YAAY,CAAC,OAAO,CAChB,GAAG,EACH,IAAI,CAAC,SAAS,CACV,EAAE,CACE,CAAC,GAAG,EAAE;QACF,QAAQ,KAAK,CAAC,gBAAgB,EAAE,CAAC;YAC7B,KAAK,WAAW;gBACZ,OAAO,EAAE,CAA8B;oBACnC,OAAO,EAAE,uBAAuB;oBAChC,gBAAgB,EAAE,WAAW;oBAC7B,SAAS,EAAE,CAAC,GAAG,EAAE;wBACb,MAAM,EAAE,4BAA4B,EAAE,0BAA0B,EAAE,GAC9D,KAAK,CAAC;wBAEV,IAAI,4BAA4B,KAAK,SAAS,EAAE,CAAC;4BAC7C,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,4BAA4B,GAAG,IAAI,CAAC;wBAC5D,CAAC;wBAED,OAAO,0BAA0B,CAAC;oBACtC,CAAC,CAAC,EAAE;iBACP,CAAC,CAAC;YACP,KAAK,uBAAuB;gBACxB,OAAO,EAAE,CAAyC;oBAC9C,OAAO,EAAE,uBAAuB;oBAChC,gBAAgB,EAAE,uBAAuB;iBAC5C,CAAC,CAAC;QACX,CAAC;IACL,CAAC,CAAC,EAAE,CACP,CACJ,CACJ,CAAC;AACN,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,MAErC;IACG,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAE5B,MAAM,GAAG,GAAG,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAEjC,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAExC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjB,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,KAAc,CAAC;IAEnB,IAAI,CAAC;QACD,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACL,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IACI,CAAC,SAAS,CACN,KAAK,EACL,KAAK,YAAY,MAAM;QACnB,SAAS,IAAI,KAAK;QAClB,KAAK,CAAC,OAAO,KAAK,EAAE,CAAgC,uBAAuB,CAAC,CACnF,EACH,CAAC;QACC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,KAAK,CAAC,gBAAgB,KAAK,WAAW,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,IAAI,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACjE,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YAC7B,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC;IAED,OAAO,KAAK,CAAC,gBAAgB,CAAC;AAClC,CAAC"}

package/esm/entrypoint.d.ts

@@ -0,0 +1,7 @@
+export declare function oidcEarlyInit(params: {
+    freezeFetch: boolean;
+    freezeXMLHttpRequest: boolean;
+    freezeWebSocket?: boolean;
+}): {
+    shouldLoadApp: boolean;
+};

package/{src/entrypoint.ts → esm/entrypoint.js}

@@ -1,31 +1,15 @@
-import {
-    handleOidcCallback,
-    moveRedirectAuthResponseFromSessionStorageToMemory
-} from "./core/handleOidcCallback";
+import { handleOidcCallback, moveRedirectAuthResponseFromSessionStorageToMemory } from "./core/handleOidcCallback";
 import { preventSessionStorageSetItemOfPublicKeyByThirdParty } from "./core/iframeMessageProtection";
-
-export function oidcEarlyInit(params: {
-    freezeFetch: boolean;
-    freezeXMLHttpRequest: boolean;
-    // NOTE: Made optional just to avoid breaking change.
-    // Will be made mandatory next major.
-    freezeWebSocket?: boolean;
-}) {
+export function oidcEarlyInit(params) {
     const { freezeFetch, freezeXMLHttpRequest, freezeWebSocket = false } = params ?? {};
-
     const { isHandled } = handleOidcCallback();
-
     const shouldLoadApp = !isHandled;
-
     if (shouldLoadApp) {
         moveRedirectAuthResponseFromSessionStorageToMemory();
-
         if (freezeXMLHttpRequest) {
             const XMLHttpRequest_trusted = globalThis.XMLHttpRequest;
-
             Object.freeze(XMLHttpRequest_trusted.prototype);
             Object.freeze(XMLHttpRequest_trusted);
-
             Object.defineProperty(globalThis, "XMLHttpRequest", {
                 configurable: false,
                 writable: false,
@@ -33,13 +17,10 @@ export function oidcEarlyInit(params: {
                 value: XMLHttpRequest_trusted
             });
         }
-
         if (freezeFetch) {
             const fetch_trusted = globalThis.fetch;
-
             Object.freeze(fetch_trusted.prototype);
             Object.freeze(fetch_trusted);
-
             Object.defineProperty(globalThis, "fetch", {
                 configurable: false,
                 writable: false,
@@ -47,13 +28,10 @@ export function oidcEarlyInit(params: {
                 value: fetch_trusted
             });
         }
-
         if (freezeWebSocket) {
             const WebSocket_trusted = globalThis.WebSocket;
-
             Object.freeze(WebSocket_trusted.prototype);
             Object.freeze(WebSocket_trusted);
-
             Object.defineProperty(globalThis, "WebSocket", {
                 configurable: false,
                 writable: false,
@@ -61,9 +39,8 @@ export function oidcEarlyInit(params: {
                 value: WebSocket_trusted
             });
         }
-
         preventSessionStorageSetItemOfPublicKeyByThirdParty();
     }
-
     return { shouldLoadApp };
 }
+//# sourceMappingURL=entrypoint.js.map

package/esm/entrypoint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entrypoint.js","sourceRoot":"","sources":["../../src/entrypoint.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,kBAAkB,EAClB,kDAAkD,EACrD,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,mDAAmD,EAAE,MAAM,gCAAgC,CAAC;AAErG,MAAM,UAAU,aAAa,CAAC,MAM7B;IACG,MAAM,EAAE,WAAW,EAAE,oBAAoB,EAAE,eAAe,GAAG,KAAK,EAAE,GAAG,MAAM,IAAI,EAAE,CAAC;IAEpF,MAAM,EAAE,SAAS,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAE3C,MAAM,aAAa,GAAG,CAAC,SAAS,CAAC;IAEjC,IAAI,aAAa,EAAE,CAAC;QAChB,kDAAkD,EAAE,CAAC;QAErD,IAAI,oBAAoB,EAAE,CAAC;YACvB,MAAM,sBAAsB,GAAG,UAAU,CAAC,cAAc,CAAC;YAEzD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEtC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,gBAAgB,EAAE;gBAChD,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,sBAAsB;aAChC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;YAEvC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAE7B,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,OAAO,EAAE;gBACvC,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,aAAa;aACvB,CAAC,CAAC;QACP,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC;YAE/C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAEjC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,WAAW,EAAE;gBAC3C,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,iBAAiB;aAC3B,CAAC,CAAC;QACP,CAAC;QAED,mDAAmD,EAAE,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,CAAC;AAC7B,CAAC"}

package/esm/index.d.ts

@@ -0,0 +1 @@
+export { type Oidc, OidcInitializationError, type ParamsOfCreateOidc, createOidc } from "./core";

package/esm/index.js

@@ -0,0 +1,2 @@
+export { OidcInitializationError, createOidc } from "./core";
+//# sourceMappingURL=index.js.map

package/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,uBAAuB,EAA2B,UAAU,EAAE,MAAM,QAAQ,CAAC"}

package/esm/keycloak/index.d.ts

@@ -0,0 +1,3 @@
+export { isKeycloak } from "./isKeycloak";
+export type { KeycloakIssuerUriParsed } from "./keycloakIssuerUriParsed";
+export { type KeycloakUtils, KeycloakProfile, KeycloakUserInfo, createKeycloakUtils } from "./keycloakUtils";

package/esm/keycloak/index.js

@@ -0,0 +1,3 @@
+export { isKeycloak } from "./isKeycloak";
+export { createKeycloakUtils } from "./keycloakUtils";
+//# sourceMappingURL=index.js.map

package/esm/keycloak/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/keycloak/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,OAAO,EAIH,mBAAmB,EACtB,MAAM,iBAAiB,CAAC"}

package/esm/keycloak/isKeycloak.d.ts

@@ -0,0 +1,3 @@
+export declare function isKeycloak(params: {
+    issuerUri: string;
+}): boolean;

package/esm/keycloak/isKeycloak.js

@@ -0,0 +1,17 @@
+export function isKeycloak(params) {
+    const { issuerUri } = params;
+    const url = new URL(issuerUri.replace(/\/$/, ""));
+    const split = url.pathname.split("/realms/");
+    if (split.length !== 2) {
+        return false;
+    }
+    const [, realm] = split;
+    if (realm === "") {
+        return false;
+    }
+    if (realm.includes("/")) {
+        return false;
+    }
+    return true;
+}
+//# sourceMappingURL=isKeycloak.js.map

package/esm/keycloak/isKeycloak.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isKeycloak.js","sourceRoot":"","sources":["../../../src/keycloak/isKeycloak.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,UAAU,CAAC,MAA6B;IACpD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;IAElD,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAE7C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,CAAC,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;IAExB,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,IAAI,CAAC;AAChB,CAAC"}