oidc-spa 7.1.10 → 7.2.0-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/backend.js +235 -352
- package/backend.js.map +1 -1
- package/core/AuthResponse.js +12 -49
- package/core/AuthResponse.js.map +1 -1
- package/core/Oidc.d.ts +1 -2
- package/core/Oidc.js.map +1 -1
- package/core/OidcInitializationError.d.ts +0 -13
- package/core/OidcInitializationError.js +8 -318
- package/core/OidcInitializationError.js.map +1 -1
- package/core/OidcMetadata.js +1 -1
- package/core/OidcMetadata.js.map +1 -1
- package/core/StateData.d.ts +5 -5
- package/core/StateData.js +25 -25
- package/core/StateData.js.map +1 -1
- package/core/configId.js +1 -1
- package/core/configId.js.map +1 -1
- package/core/createOidc.d.ts +8 -0
- package/core/createOidc.js +1030 -1292
- package/core/createOidc.js.map +1 -1
- package/core/diagnostic.d.ts +14 -0
- package/core/diagnostic.js +214 -0
- package/core/diagnostic.js.map +1 -0
- package/core/evtIsUserActive.js +26 -27
- package/core/evtIsUserActive.js.map +1 -1
- package/core/handleOidcCallback.js +99 -154
- package/core/handleOidcCallback.js.map +1 -1
- package/core/iframeMessageProtection.d.ts +1 -1
- package/core/iframeMessageProtection.js +40 -106
- package/core/iframeMessageProtection.js.map +1 -1
- package/core/index.d.ts +1 -1
- package/core/index.js +3 -3
- package/core/index.js.map +1 -1
- package/core/initialLocationHref.js +1 -1
- package/core/initialLocationHref.js.map +1 -1
- package/core/isNewBrowserSession.js +8 -8
- package/core/isNewBrowserSession.js.map +1 -1
- package/core/loginOrGoToAuthServer.d.ts +1 -1
- package/core/loginOrGoToAuthServer.js +188 -310
- package/core/loginOrGoToAuthServer.js.map +1 -1
- package/core/loginPropagationToOtherTabs.js +15 -16
- package/core/loginPropagationToOtherTabs.js.map +1 -1
- package/core/loginSilent.d.ts +2 -3
- package/core/loginSilent.js +118 -214
- package/core/loginSilent.js.map +1 -1
- package/core/logoutPropagationToOtherTabs.js +15 -16
- package/core/logoutPropagationToOtherTabs.js.map +1 -1
- package/core/oidcClientTsUserToTokens.d.ts +1 -1
- package/core/oidcClientTsUserToTokens.js +75 -72
- package/core/oidcClientTsUserToTokens.js.map +1 -1
- package/core/ongoingLoginOrRefreshProcesses.js +23 -89
- package/core/ongoingLoginOrRefreshProcesses.js.map +1 -1
- package/core/persistedAuthState.js +13 -13
- package/core/persistedAuthState.js.map +1 -1
- package/entrypoint.js +9 -9
- package/entrypoint.js.map +1 -1
- package/esm/core/AuthResponse.d.ts +5 -0
- package/{src/core/AuthResponse.ts → esm/core/AuthResponse.js} +3 -9
- package/esm/core/AuthResponse.js.map +1 -0
- package/esm/core/Oidc.d.ts +126 -0
- package/esm/core/Oidc.js +2 -0
- package/esm/core/Oidc.js.map +1 -0
- package/esm/core/OidcInitializationError.d.ts +7 -0
- package/esm/core/OidcInitializationError.js +17 -0
- package/esm/core/OidcInitializationError.js.map +1 -0
- package/{src/core/OidcMetadata.ts → esm/core/OidcMetadata.d.ts} +0 -5
- package/esm/core/OidcMetadata.js +3 -0
- package/esm/core/OidcMetadata.js.map +1 -0
- package/esm/core/StateData.d.ts +42 -0
- package/esm/core/StateData.js +55 -0
- package/esm/core/StateData.js.map +1 -0
- package/esm/core/configId.d.ts +4 -0
- package/esm/core/configId.js +4 -0
- package/esm/core/configId.js.map +1 -0
- package/esm/core/createOidc.d.ts +132 -0
- package/{src/core/createOidc.ts → esm/core/createOidc.js} +282 -826
- package/esm/core/createOidc.js.map +1 -0
- package/esm/core/diagnostic.d.ts +14 -0
- package/{src/core/OidcInitializationError.ts → esm/core/diagnostic.js} +40 -117
- package/esm/core/diagnostic.js.map +1 -0
- package/esm/core/evtIsUserActive.d.ts +5 -0
- package/{src/core/evtIsUserActive.ts → esm/core/evtIsUserActive.js} +14 -46
- package/esm/core/evtIsUserActive.js.map +1 -0
- package/esm/core/handleOidcCallback.d.ts +13 -0
- package/{src/core/handleOidcCallback.ts → esm/core/handleOidcCallback.js} +56 -131
- package/esm/core/handleOidcCallback.js.map +1 -0
- package/esm/core/iframeMessageProtection.d.ts +20 -0
- package/{src/core/iframeMessageProtection.ts → esm/core/iframeMessageProtection.js} +14 -49
- package/esm/core/iframeMessageProtection.js.map +1 -0
- package/{src/core/index.ts → esm/core/index.d.ts} +1 -1
- package/esm/core/index.js +4 -0
- package/esm/core/index.js.map +1 -0
- package/esm/core/initialLocationHref.d.ts +1 -0
- package/{src/core/initialLocationHref.ts → esm/core/initialLocationHref.js} +1 -1
- package/esm/core/initialLocationHref.js.map +1 -0
- package/esm/core/isNewBrowserSession.d.ts +9 -0
- package/{src/core/isNewBrowserSession.ts → esm/core/isNewBrowserSession.js} +3 -15
- package/esm/core/isNewBrowserSession.js.map +1 -0
- package/esm/core/loginOrGoToAuthServer.d.ts +40 -0
- package/{src/core/loginOrGoToAuthServer.ts → esm/core/loginOrGoToAuthServer.js} +60 -168
- package/esm/core/loginOrGoToAuthServer.js.map +1 -0
- package/esm/core/loginPropagationToOtherTabs.d.ts +8 -0
- package/{src/core/loginPropagationToOtherTabs.ts → esm/core/loginPropagationToOtherTabs.js} +7 -25
- package/esm/core/loginPropagationToOtherTabs.js.map +1 -0
- package/esm/core/loginSilent.d.ts +28 -0
- package/esm/core/loginSilent.js +125 -0
- package/esm/core/loginSilent.js.map +1 -0
- package/esm/core/logoutPropagationToOtherTabs.d.ts +10 -0
- package/{src/core/logoutPropagationToOtherTabs.ts → esm/core/logoutPropagationToOtherTabs.js} +8 -28
- package/esm/core/logoutPropagationToOtherTabs.js.map +1 -0
- package/esm/core/oidcClientTsUserToTokens.d.ts +11 -0
- package/esm/core/oidcClientTsUserToTokens.js +155 -0
- package/esm/core/oidcClientTsUserToTokens.js.map +1 -0
- package/esm/core/ongoingLoginOrRefreshProcesses.d.ts +6 -0
- package/{src/core/ongoingLoginOrRefreshProcesses.ts → esm/core/ongoingLoginOrRefreshProcesses.js} +6 -24
- package/esm/core/ongoingLoginOrRefreshProcesses.js.map +1 -0
- package/esm/core/persistedAuthState.d.ts +28 -0
- package/esm/core/persistedAuthState.js +64 -0
- package/esm/core/persistedAuthState.js.map +1 -0
- package/esm/entrypoint.d.ts +7 -0
- package/{src/entrypoint.ts → esm/entrypoint.js} +3 -26
- package/esm/entrypoint.js.map +1 -0
- package/esm/index.d.ts +1 -0
- package/esm/index.js +2 -0
- package/esm/index.js.map +1 -0
- package/esm/keycloak/index.d.ts +3 -0
- package/esm/keycloak/index.js +3 -0
- package/esm/keycloak/index.js.map +1 -0
- package/esm/keycloak/isKeycloak.d.ts +3 -0
- package/esm/keycloak/isKeycloak.js +17 -0
- package/esm/keycloak/isKeycloak.js.map +1 -0
- package/esm/keycloak/keycloak-js/Keycloak.d.ts +284 -0
- package/esm/keycloak/keycloak-js/Keycloak.js +774 -0
- package/esm/keycloak/keycloak-js/Keycloak.js.map +1 -0
- package/esm/keycloak/keycloak-js/index.d.ts +2 -0
- package/esm/keycloak/keycloak-js/index.js +2 -0
- package/esm/keycloak/keycloak-js/index.js.map +1 -0
- package/esm/keycloak/keycloak-js/types.d.ts +361 -0
- package/esm/keycloak/keycloak-js/types.js +2 -0
- package/esm/keycloak/keycloak-js/types.js.map +1 -0
- package/esm/keycloak/keycloakIssuerUriParsed.d.ts +9 -0
- package/esm/keycloak/keycloakIssuerUriParsed.js +16 -0
- package/esm/keycloak/keycloakIssuerUriParsed.js.map +1 -0
- package/esm/keycloak/keycloakUtils.d.ts +37 -0
- package/esm/keycloak/keycloakUtils.js +44 -0
- package/esm/keycloak/keycloakUtils.js.map +1 -0
- package/esm/keycloak-js.d.ts +1 -0
- package/esm/keycloak-js.js +2 -0
- package/esm/keycloak-js.js.map +1 -0
- package/esm/mock/index.js +2 -0
- package/esm/mock/index.js.map +1 -0
- package/esm/mock/oidc.d.ts +19 -0
- package/{src/mock/oidc.ts → esm/mock/oidc.js} +28 -88
- package/esm/mock/oidc.js.map +1 -0
- package/esm/mock/react.d.ts +58 -0
- package/esm/mock/react.js +7 -0
- package/esm/mock/react.js.map +1 -0
- package/esm/react/index.js +2 -0
- package/esm/react/index.js.map +1 -0
- package/esm/react/react.d.ts +102 -0
- package/esm/react/react.js +221 -0
- package/esm/react/react.js.map +1 -0
- package/esm/tools/Deferred.d.ts +14 -0
- package/esm/tools/Deferred.js +23 -0
- package/esm/tools/Deferred.js.map +1 -0
- package/esm/tools/EphemeralSessionStorage.d.ts +12 -0
- package/{src/tools/EphemeralSessionStorage.ts → esm/tools/EphemeralSessionStorage.js} +30 -112
- package/esm/tools/EphemeralSessionStorage.js.map +1 -0
- package/esm/tools/Evt.d.ts +11 -0
- package/{src/tools/Evt.ts → esm/tools/Evt.js} +7 -25
- package/esm/tools/Evt.js.map +1 -0
- package/esm/tools/StatefulEvt.d.ts +12 -0
- package/esm/tools/StatefulEvt.js +21 -0
- package/esm/tools/StatefulEvt.js.map +1 -0
- package/esm/tools/ValueOrAsyncGetter.js +2 -0
- package/esm/tools/ValueOrAsyncGetter.js.map +1 -0
- package/esm/tools/asymmetricEncryption.d.ts +18 -0
- package/esm/tools/asymmetricEncryption.js +85 -0
- package/esm/tools/asymmetricEncryption.js.map +1 -0
- package/esm/tools/base64.d.ts +2 -0
- package/{src/tools/base64.ts → esm/tools/base64.js} +3 -3
- package/esm/tools/base64.js.map +1 -0
- package/esm/tools/createObjectThatThrowsIfAccessed.d.ts +8 -0
- package/{src/tools/createObjectThatThrowsIfAccessed.ts → esm/tools/createObjectThatThrowsIfAccessed.js} +7 -18
- package/esm/tools/createObjectThatThrowsIfAccessed.js.map +1 -0
- package/esm/tools/decodeJwt.d.ts +25 -0
- package/esm/tools/decodeJwt.js +60 -0
- package/esm/tools/decodeJwt.js.map +1 -0
- package/esm/tools/generateUrlSafeRandom.d.ts +3 -0
- package/{src/tools/generateUrlSafeRandom.ts → esm/tools/generateUrlSafeRandom.js} +5 -8
- package/esm/tools/generateUrlSafeRandom.js.map +1 -0
- package/esm/tools/getDownlinkAndRtt.d.ts +4 -0
- package/{src/tools/getDownlinkAndRtt.ts → esm/tools/getDownlinkAndRtt.js} +6 -10
- package/esm/tools/getDownlinkAndRtt.js.map +1 -0
- package/esm/tools/getIsOnline.d.ts +7 -0
- package/{src/tools/getIsOnline.ts → esm/tools/getIsOnline.js} +3 -9
- package/esm/tools/getIsOnline.js.map +1 -0
- package/esm/tools/getIsValidRemoteJson.d.ts +1 -0
- package/esm/tools/getIsValidRemoteJson.js +15 -0
- package/esm/tools/getIsValidRemoteJson.js.map +1 -0
- package/esm/tools/getPrUserInteraction.d.ts +4 -0
- package/{src/tools/getPrUserInteraction.ts → esm/tools/getPrUserInteraction.js} +2 -6
- package/esm/tools/getPrUserInteraction.js.map +1 -0
- package/esm/tools/getUserEnvironmentInfo.d.ts +1 -0
- package/esm/tools/getUserEnvironmentInfo.js +50 -0
- package/esm/tools/getUserEnvironmentInfo.js.map +1 -0
- package/esm/tools/haveSharedParentDomain.d.ts +4 -0
- package/{src/tools/haveSharedParentDomain.ts → esm/tools/haveSharedParentDomain.js} +3 -5
- package/esm/tools/haveSharedParentDomain.js.map +1 -0
- package/esm/tools/isDev.d.ts +1 -0
- package/{src/tools/isDev.ts → esm/tools/isDev.js} +5 -12
- package/esm/tools/isDev.js.map +1 -0
- package/esm/tools/parseKeycloakIssuerUri.d.ts +30 -0
- package/esm/tools/parseKeycloakIssuerUri.js +33 -0
- package/esm/tools/parseKeycloakIssuerUri.js.map +1 -0
- package/esm/tools/readExpirationTimeInJwt.d.ts +1 -0
- package/{src/tools/readExpirationTimeInJwt.ts → esm/tools/readExpirationTimeInJwt.js} +6 -7
- package/esm/tools/readExpirationTimeInJwt.js.map +1 -0
- package/esm/tools/startCountdown.d.ts +11 -0
- package/{src/tools/startCountdown.ts → esm/tools/startCountdown.js} +6 -17
- package/esm/tools/startCountdown.js.map +1 -0
- package/esm/tools/subscribeToUserInteraction.d.ts +6 -0
- package/{src/tools/subscribeToUserInteraction.ts → esm/tools/subscribeToUserInteraction.js} +4 -13
- package/esm/tools/subscribeToUserInteraction.js.map +1 -0
- package/esm/tools/toFullyQualifiedUrl.d.ts +10 -0
- package/{src/tools/toFullyQualifiedUrl.ts → esm/tools/toFullyQualifiedUrl.js} +7 -25
- package/esm/tools/toFullyQualifiedUrl.js.map +1 -0
- package/esm/tools/toHumanReadableDuration.d.ts +1 -0
- package/{src/tools/toHumanReadableDuration.ts → esm/tools/toHumanReadableDuration.js} +8 -5
- package/esm/tools/toHumanReadableDuration.js.map +1 -0
- package/esm/tools/urlSearchParams.d.ts +19 -0
- package/{src/tools/urlSearchParams.ts → esm/tools/urlSearchParams.js} +24 -70
- package/esm/tools/urlSearchParams.js.map +1 -0
- package/esm/tools/workerTimers.d.ts +5 -0
- package/{src/tools/workerTimers.ts → esm/tools/workerTimers.js} +7 -27
- package/esm/tools/workerTimers.js.map +1 -0
- package/esm/vendor/frontend/oidc-client-ts.d.ts +1 -0
- package/esm/vendor/frontend/oidc-client-ts.js +3636 -0
- package/{src/vendor/frontend/tsafe.ts → esm/vendor/frontend/tsafe.d.ts} +1 -0
- package/esm/vendor/frontend/tsafe.js +1 -0
- package/esm/vendor/frontend/worker-timers.js +1 -0
- package/index.d.ts +1 -1
- package/index.js +1 -2
- package/index.js.map +1 -1
- package/keycloak/index.d.ts +3 -0
- package/keycloak/index.js +8 -0
- package/keycloak/index.js.map +1 -0
- package/keycloak/isKeycloak.d.ts +3 -0
- package/keycloak/isKeycloak.js +20 -0
- package/keycloak/isKeycloak.js.map +1 -0
- package/keycloak/keycloak-js/Keycloak.d.ts +284 -0
- package/keycloak/keycloak-js/Keycloak.js +778 -0
- package/keycloak/keycloak-js/Keycloak.js.map +1 -0
- package/keycloak/keycloak-js/index.d.ts +2 -0
- package/keycloak/keycloak-js/index.js +6 -0
- package/keycloak/keycloak-js/index.js.map +1 -0
- package/keycloak/keycloak-js/types.d.ts +361 -0
- package/keycloak/keycloak-js/types.js +3 -0
- package/keycloak/keycloak-js/types.js.map +1 -0
- package/keycloak/keycloakIssuerUriParsed.d.ts +9 -0
- package/keycloak/keycloakIssuerUriParsed.js +19 -0
- package/keycloak/keycloakIssuerUriParsed.js.map +1 -0
- package/keycloak/keycloakUtils.d.ts +37 -0
- package/keycloak/keycloakUtils.js +47 -0
- package/keycloak/keycloakUtils.js.map +1 -0
- package/keycloak-js.d.ts +1 -0
- package/keycloak-js.js +18 -0
- package/keycloak-js.js.map +1 -0
- package/mock/index.js.map +1 -1
- package/mock/oidc.js +147 -194
- package/mock/oidc.js.map +1 -1
- package/mock/react.js +2 -2
- package/mock/react.js.map +1 -1
- package/package.json +74 -299
- package/react/index.js.map +1 -1
- package/react/react.js +133 -244
- package/react/react.js.map +1 -1
- package/tools/Deferred.js +13 -35
- package/tools/Deferred.js.map +1 -1
- package/tools/EphemeralSessionStorage.js +46 -48
- package/tools/EphemeralSessionStorage.js.map +1 -1
- package/tools/Evt.js +14 -14
- package/tools/Evt.js.map +1 -1
- package/tools/StatefulEvt.js +5 -5
- package/tools/StatefulEvt.js.map +1 -1
- package/tools/ValueOrAsyncGetter.js.map +1 -1
- package/tools/asymmetricEncryption.js +81 -172
- package/tools/asymmetricEncryption.js.map +1 -1
- package/tools/base64.js +2 -2
- package/tools/base64.js.map +1 -1
- package/tools/createObjectThatThrowsIfAccessed.js +13 -61
- package/tools/createObjectThatThrowsIfAccessed.js.map +1 -1
- package/tools/decodeJwt.d.ts +25 -2
- package/tools/decodeJwt.js +61 -3
- package/tools/decodeJwt.js.map +1 -1
- package/tools/generateUrlSafeRandom.js +5 -30
- package/tools/generateUrlSafeRandom.js.map +1 -1
- package/tools/getDownlinkAndRtt.js +8 -30
- package/tools/getDownlinkAndRtt.js.map +1 -1
- package/tools/getIsOnline.js +3 -3
- package/tools/getIsOnline.js.map +1 -1
- package/tools/getIsValidRemoteJson.js +12 -59
- package/tools/getIsValidRemoteJson.js.map +1 -1
- package/tools/getPrUserInteraction.js +4 -4
- package/tools/getPrUserInteraction.js.map +1 -1
- package/tools/getUserEnvironmentInfo.js +17 -12
- package/tools/getUserEnvironmentInfo.js.map +1 -1
- package/tools/haveSharedParentDomain.js +5 -5
- package/tools/haveSharedParentDomain.js.map +1 -1
- package/tools/isDev.js +2 -2
- package/tools/isDev.js.map +1 -1
- package/tools/parseKeycloakIssuerUri.d.ts +2 -0
- package/tools/parseKeycloakIssuerUri.js +11 -42
- package/tools/parseKeycloakIssuerUri.js.map +1 -1
- package/tools/readExpirationTimeInJwt.js +4 -4
- package/tools/readExpirationTimeInJwt.js.map +1 -1
- package/tools/startCountdown.js +17 -65
- package/tools/startCountdown.js.map +1 -1
- package/tools/subscribeToUserInteraction.js +17 -66
- package/tools/subscribeToUserInteraction.js.map +1 -1
- package/tools/toFullyQualifiedUrl.js +7 -7
- package/tools/toFullyQualifiedUrl.js.map +1 -1
- package/tools/toHumanReadableDuration.js +13 -13
- package/tools/toHumanReadableDuration.js.map +1 -1
- package/tools/urlSearchParams.js +28 -50
- package/tools/urlSearchParams.js.map +1 -1
- package/tools/workerTimers.js +10 -10
- package/tools/workerTimers.js.map +1 -1
- package/vendor/frontend/oidc-client-ts.d.ts +1 -0
- package/vendor/frontend/oidc-client-ts.js +3686 -0
- package/vendor/frontend/tsafe.d.ts +1 -0
- package/vendor/frontend/tsafe.js +1 -1
- package/LICENSE +0 -21
- package/README.md +0 -185
- package/core/trustedFetch.d.ts +0 -2
- package/core/trustedFetch.js +0 -12
- package/core/trustedFetch.js.map +0 -1
- package/src/backend.ts +0 -391
- package/src/core/Oidc.ts +0 -141
- package/src/core/StateData.ts +0 -118
- package/src/core/configId.ts +0 -3
- package/src/core/loginSilent.ts +0 -206
- package/src/core/oidcClientTsUserToTokens.ts +0 -229
- package/src/core/persistedAuthState.ts +0 -122
- package/src/core/trustedFetch.ts +0 -9
- package/src/index.ts +0 -7
- package/src/mock/react.tsx +0 -11
- package/src/react/react.tsx +0 -460
- package/src/tools/Deferred.ts +0 -39
- package/src/tools/StatefulEvt.ts +0 -38
- package/src/tools/asymmetricEncryption.ts +0 -184
- package/src/tools/decodeJwt.ts +0 -2
- package/src/tools/getIsValidRemoteJson.ts +0 -18
- package/src/tools/getUserEnvironmentInfo.ts +0 -42
- package/src/tools/parseKeycloakIssuerUri.ts +0 -68
- package/src/vendor/backend/evt.ts +0 -2
- package/src/vendor/backend/jsonwebtoken.ts +0 -1
- package/src/vendor/backend/node-fetch.ts +0 -2
- package/src/vendor/backend/node-jose.ts +0 -1
- package/src/vendor/backend/tsafe.ts +0 -5
- package/src/vendor/backend/zod.ts +0 -1
- package/src/vendor/frontend/oidc-client-ts-and-jwt-decode.ts +0 -4
- package/vendor/frontend/oidc-client-ts-and-jwt-decode.d.ts +0 -3
- package/vendor/frontend/oidc-client-ts-and-jwt-decode.js +0 -3
- /package/{src/mock/index.ts → esm/mock/index.d.ts} +0 -0
- /package/{src/react/index.ts → esm/react/index.d.ts} +0 -0
- /package/{src/tools/ValueOrAsyncGetter.ts → esm/tools/ValueOrAsyncGetter.d.ts} +0 -0
- /package/{src/vendor/frontend/worker-timers.ts → esm/vendor/frontend/worker-timers.d.ts} +0 -0
package/core/createOidc.js
CHANGED
|
@@ -1,1337 +1,1075 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
t[p] = s[p];
|
|
8
|
-
}
|
|
9
|
-
return t;
|
|
10
|
-
};
|
|
11
|
-
return __assign.apply(this, arguments);
|
|
12
|
-
};
|
|
13
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
14
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
15
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
16
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
17
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
18
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
19
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
20
|
-
});
|
|
21
|
-
};
|
|
22
|
-
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
23
|
-
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
|
|
24
|
-
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
25
|
-
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
26
|
-
function step(op) {
|
|
27
|
-
if (f) throw new TypeError("Generator is already executing.");
|
|
28
|
-
while (g && (g = 0, op[0] && (_ = 0)), _) try {
|
|
29
|
-
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
30
|
-
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
31
|
-
switch (op[0]) {
|
|
32
|
-
case 0: case 1: t = op; break;
|
|
33
|
-
case 4: _.label++; return { value: op[1], done: false };
|
|
34
|
-
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
35
|
-
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
36
|
-
default:
|
|
37
|
-
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
38
|
-
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
39
|
-
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
40
|
-
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
41
|
-
if (t[2]) _.ops.pop();
|
|
42
|
-
_.trys.pop(); continue;
|
|
43
|
-
}
|
|
44
|
-
op = body.call(thisArg, _);
|
|
45
|
-
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
46
|
-
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
47
7
|
}
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
return { value: o && o[i++], done: !o };
|
|
67
|
-
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
68
26
|
};
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
var
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
}
|
|
78
|
-
catch (error) { e = { error: error }; }
|
|
79
|
-
finally {
|
|
80
|
-
try {
|
|
81
|
-
if (r && !r.done && (m = i["return"])) m.call(i);
|
|
82
|
-
}
|
|
83
|
-
finally { if (e) throw e.error; }
|
|
84
|
-
}
|
|
85
|
-
return ar;
|
|
86
|
-
};
|
|
87
|
-
var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
|
|
88
|
-
if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
|
|
89
|
-
if (ar || !(i in from)) {
|
|
90
|
-
if (!ar) ar = Array.prototype.slice.call(from, 0, i);
|
|
91
|
-
ar[i] = from[i];
|
|
92
|
-
}
|
|
93
|
-
}
|
|
94
|
-
return to.concat(ar || Array.prototype.slice.call(from));
|
|
95
|
-
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
96
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
97
36
|
exports.createOidc = createOidc;
|
|
98
37
|
exports.createOidc_nonMemoized = createOidc_nonMemoized;
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
(0, handleOidcCallback_1.handleOidcCallback)();
|
|
38
|
+
const oidc_client_ts_1 = require("../vendor/frontend/oidc-client-ts");
|
|
39
|
+
const tsafe_1 = require("../vendor/frontend/tsafe");
|
|
40
|
+
const workerTimers_1 = require("../tools/workerTimers");
|
|
41
|
+
const Deferred_1 = require("../tools/Deferred");
|
|
42
|
+
const evtIsUserActive_1 = require("./evtIsUserActive");
|
|
43
|
+
const startCountdown_1 = require("../tools/startCountdown");
|
|
44
|
+
const toHumanReadableDuration_1 = require("../tools/toHumanReadableDuration");
|
|
45
|
+
const toFullyQualifiedUrl_1 = require("../tools/toFullyQualifiedUrl");
|
|
46
|
+
const OidcInitializationError_1 = require("./OidcInitializationError");
|
|
47
|
+
const StateData_1 = require("./StateData");
|
|
48
|
+
const logoutPropagationToOtherTabs_1 = require("./logoutPropagationToOtherTabs");
|
|
49
|
+
const loginPropagationToOtherTabs_1 = require("./loginPropagationToOtherTabs");
|
|
50
|
+
const configId_1 = require("./configId");
|
|
51
|
+
const oidcClientTsUserToTokens_1 = require("./oidcClientTsUserToTokens");
|
|
52
|
+
const loginSilent_1 = require("./loginSilent");
|
|
53
|
+
const AuthResponse_1 = require("./AuthResponse");
|
|
54
|
+
const handleOidcCallback_1 = require("./handleOidcCallback");
|
|
55
|
+
const persistedAuthState_1 = require("./persistedAuthState");
|
|
56
|
+
const Evt_1 = require("../tools/Evt");
|
|
57
|
+
const haveSharedParentDomain_1 = require("../tools/haveSharedParentDomain");
|
|
58
|
+
const loginOrGoToAuthServer_1 = require("./loginOrGoToAuthServer");
|
|
59
|
+
const EphemeralSessionStorage_1 = require("../tools/EphemeralSessionStorage");
|
|
60
|
+
const ongoingLoginOrRefreshProcesses_1 = require("./ongoingLoginOrRefreshProcesses");
|
|
61
|
+
const initialLocationHref_1 = require("./initialLocationHref");
|
|
62
|
+
const isNewBrowserSession_1 = require("./isNewBrowserSession");
|
|
63
|
+
const getIsOnline_1 = require("../tools/getIsOnline");
|
|
64
|
+
const isKeycloak_1 = require("../keycloak/isKeycloak");
|
|
127
65
|
// NOTE: Replaced at build time
|
|
128
|
-
|
|
129
|
-
|
|
66
|
+
const VERSION = "7.2.0-rc.2";
|
|
67
|
+
const globalContext = {
|
|
130
68
|
prOidcByConfigId: new Map(),
|
|
131
69
|
hasLogoutBeenCalled: (0, tsafe_1.id)(false),
|
|
132
70
|
evtRequestToPersistTokens: (0, Evt_1.createEvt)()
|
|
133
71
|
};
|
|
134
72
|
/** @see: https://docs.oidc-spa.dev/v/v7/usage */
|
|
135
|
-
function createOidc(params) {
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
73
|
+
async function createOidc(params) {
|
|
74
|
+
for (const name of ["issuerUri", "clientId"]) {
|
|
75
|
+
const value = params[name];
|
|
76
|
+
if (!value) {
|
|
77
|
+
throw new Error(`The parameter "${name}" is required, you provided: ${value}. (Forgot a .env variable?)`);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
const { issuerUri: issuerUri_params, clientId, scopes = ["profile"], debugLogs, ...rest } = params;
|
|
81
|
+
const issuerUri = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
|
|
82
|
+
urlish: issuerUri_params,
|
|
83
|
+
doAssertNoQueryParams: true,
|
|
84
|
+
doOutputWithTrailingSlash: false
|
|
85
|
+
});
|
|
86
|
+
const log = (() => {
|
|
87
|
+
if (!debugLogs) {
|
|
88
|
+
return undefined;
|
|
89
|
+
}
|
|
90
|
+
return (0, tsafe_1.id)((...[first, ...rest]) => {
|
|
91
|
+
const label = "oidc-spa";
|
|
92
|
+
if (typeof first === "string") {
|
|
93
|
+
console.log(...[`${label}: ${first}`, ...rest]);
|
|
94
|
+
}
|
|
95
|
+
else {
|
|
96
|
+
console.log(...[`${label}:`, first, ...rest]);
|
|
97
|
+
}
|
|
98
|
+
});
|
|
99
|
+
})();
|
|
100
|
+
const configId = (0, configId_1.getConfigId)({ issuerUri, clientId });
|
|
101
|
+
const { prOidcByConfigId } = globalContext;
|
|
102
|
+
use_previous_instance: {
|
|
103
|
+
const prOidc = prOidcByConfigId.get(configId);
|
|
104
|
+
if (prOidc === undefined) {
|
|
105
|
+
break use_previous_instance;
|
|
106
|
+
}
|
|
107
|
+
log?.([
|
|
108
|
+
`createOidc was called again with the same config (${JSON.stringify({
|
|
109
|
+
issuerUri,
|
|
110
|
+
clientId
|
|
111
|
+
})})`,
|
|
112
|
+
`Returning the previous instance. All potential different parameters are ignored.`
|
|
113
|
+
].join(" "));
|
|
114
|
+
// @ts-expect-error: We know what we're doing
|
|
115
|
+
return prOidc;
|
|
116
|
+
}
|
|
117
|
+
const dOidc = new Deferred_1.Deferred();
|
|
118
|
+
prOidcByConfigId.set(configId, dOidc.pr);
|
|
119
|
+
const oidc = await createOidc_nonMemoized(rest, {
|
|
120
|
+
issuerUri,
|
|
121
|
+
clientId,
|
|
122
|
+
scopes,
|
|
123
|
+
configId,
|
|
124
|
+
log
|
|
125
|
+
});
|
|
126
|
+
dOidc.resolve(oidc);
|
|
127
|
+
return oidc;
|
|
128
|
+
}
|
|
129
|
+
async function createOidc_nonMemoized(params, preProcessedParams) {
|
|
130
|
+
const { transformUrlBeforeRedirect, extraQueryParams: extraQueryParamsOrGetter, extraTokenParams: extraTokenParamsOrGetter, homeUrl: homeUrl_params, decodedIdTokenSchema, idleSessionLifetimeInSeconds, autoLogoutParams = { redirectTo: "current page" }, autoLogin = false, postLoginRedirectUrl: postLoginRedirectUrl_default, __unsafe_clientSecret, __unsafe_useIdTokenAsAccessToken = false, __metadata, noIframe = false } = params;
|
|
131
|
+
const { issuerUri, clientId, scopes, configId, log } = preProcessedParams;
|
|
132
|
+
const getExtraQueryParams = (() => {
|
|
133
|
+
if (extraQueryParamsOrGetter === undefined) {
|
|
134
|
+
return undefined;
|
|
135
|
+
}
|
|
136
|
+
if (typeof extraQueryParamsOrGetter !== "function") {
|
|
137
|
+
return () => extraQueryParamsOrGetter;
|
|
138
|
+
}
|
|
139
|
+
return extraQueryParamsOrGetter;
|
|
140
|
+
})();
|
|
141
|
+
const getExtraTokenParams = (() => {
|
|
142
|
+
if (extraTokenParamsOrGetter === undefined) {
|
|
143
|
+
return undefined;
|
|
144
|
+
}
|
|
145
|
+
if (typeof extraTokenParamsOrGetter !== "function") {
|
|
146
|
+
return () => extraTokenParamsOrGetter;
|
|
147
|
+
}
|
|
148
|
+
return extraTokenParamsOrGetter;
|
|
149
|
+
})();
|
|
150
|
+
const homeUrlAndRedirectUri = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
|
|
151
|
+
urlish: homeUrl_params,
|
|
152
|
+
doAssertNoQueryParams: true,
|
|
153
|
+
doOutputWithTrailingSlash: true
|
|
154
|
+
});
|
|
155
|
+
log?.(`Calling createOidc v${VERSION} ${JSON.stringify({
|
|
156
|
+
issuerUri,
|
|
157
|
+
clientId,
|
|
158
|
+
scopes,
|
|
159
|
+
configId,
|
|
160
|
+
homeUrlAndRedirectUri
|
|
161
|
+
}, null, 2)}`);
|
|
162
|
+
{
|
|
163
|
+
const { isHandled } = (0, handleOidcCallback_1.handleOidcCallback)();
|
|
164
|
+
if (isHandled) {
|
|
165
|
+
await new Promise(() => { });
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
const stateUrlParamValue_instance = (0, StateData_1.generateStateUrlParamValue)();
|
|
169
|
+
const canUseIframe = (() => {
|
|
170
|
+
if (noIframe) {
|
|
171
|
+
return false;
|
|
172
|
+
}
|
|
173
|
+
third_party_cookies: {
|
|
174
|
+
const isOidcServerThirdPartyRelativeToApp = (0, haveSharedParentDomain_1.getHaveSharedParentDomain)({
|
|
175
|
+
url1: window.location.origin,
|
|
176
|
+
url2: issuerUri
|
|
177
|
+
}) === false;
|
|
178
|
+
if (!isOidcServerThirdPartyRelativeToApp) {
|
|
179
|
+
break third_party_cookies;
|
|
180
|
+
}
|
|
181
|
+
const isGoogleChrome = (() => {
|
|
182
|
+
const ua = navigator.userAgent;
|
|
183
|
+
const vendor = navigator.vendor;
|
|
184
|
+
return (/Chrome/.test(ua) && /Google Inc/.test(vendor) && !/Edg/.test(ua) && !/OPR/.test(ua));
|
|
185
|
+
})();
|
|
186
|
+
if (window.location.origin.startsWith("http://localhost") && isGoogleChrome) {
|
|
187
|
+
break third_party_cookies;
|
|
188
|
+
}
|
|
189
|
+
log?.([
|
|
190
|
+
"Can't use iframe because your auth server is on a third party domain relative",
|
|
191
|
+
"to the domain of your app and third party cookies are blocked by navigators."
|
|
192
|
+
].join(" "));
|
|
193
|
+
return false;
|
|
194
|
+
}
|
|
195
|
+
// NOTE: Maybe not, it depend if the app can iframe itself.
|
|
196
|
+
return true;
|
|
197
|
+
})();
|
|
198
|
+
let isUserStoreInMemoryOnly;
|
|
199
|
+
const oidcClientTsUserManager = new oidc_client_ts_1.UserManager({
|
|
200
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
201
|
+
authority: issuerUri,
|
|
202
|
+
client_id: clientId,
|
|
203
|
+
redirect_uri: homeUrlAndRedirectUri,
|
|
204
|
+
silent_redirect_uri: homeUrlAndRedirectUri,
|
|
205
|
+
post_logout_redirect_uri: homeUrlAndRedirectUri,
|
|
206
|
+
response_mode: (0, isKeycloak_1.isKeycloak)({ issuerUri }) ? "fragment" : "query",
|
|
207
|
+
response_type: "code",
|
|
208
|
+
scope: Array.from(new Set(["openid", ...scopes])).join(" "),
|
|
209
|
+
automaticSilentRenew: false,
|
|
210
|
+
userStore: new oidc_client_ts_1.WebStorageStateStore({
|
|
211
|
+
store: (() => {
|
|
212
|
+
if (canUseIframe) {
|
|
213
|
+
isUserStoreInMemoryOnly = true;
|
|
214
|
+
return new oidc_client_ts_1.InMemoryWebStorage();
|
|
215
|
+
}
|
|
216
|
+
isUserStoreInMemoryOnly = false;
|
|
217
|
+
const storage = (0, EphemeralSessionStorage_1.createEphemeralSessionStorage)({
|
|
218
|
+
sessionStorageTtlMs: 3 * 60000
|
|
219
|
+
});
|
|
220
|
+
const { evtRequestToPersistTokens } = globalContext;
|
|
221
|
+
evtRequestToPersistTokens.subscribe(({ configIdOfInstancePostingTheRequest }) => {
|
|
222
|
+
if (configIdOfInstancePostingTheRequest === configId) {
|
|
223
|
+
return;
|
|
150
224
|
}
|
|
151
|
-
|
|
152
|
-
|
|
225
|
+
storage.persistCurrentStateAndSubsequentChanges();
|
|
226
|
+
});
|
|
227
|
+
return storage;
|
|
228
|
+
})()
|
|
229
|
+
}),
|
|
230
|
+
stateStore: new oidc_client_ts_1.WebStorageStateStore({ store: localStorage, prefix: StateData_1.STATE_STORE_KEY_PREFIX }),
|
|
231
|
+
client_secret: __unsafe_clientSecret,
|
|
232
|
+
metadata: __metadata
|
|
233
|
+
});
|
|
234
|
+
const evtIsUserLoggedIn = (0, Evt_1.createEvt)();
|
|
235
|
+
const { loginOrGoToAuthServer } = (0, loginOrGoToAuthServer_1.createLoginOrGoToAuthServer)({
|
|
236
|
+
configId,
|
|
237
|
+
oidcClientTsUserManager,
|
|
238
|
+
transformUrlBeforeRedirect,
|
|
239
|
+
getExtraQueryParams,
|
|
240
|
+
getExtraTokenParams,
|
|
241
|
+
homeUrl: homeUrlAndRedirectUri,
|
|
242
|
+
evtIsUserLoggedIn,
|
|
243
|
+
log
|
|
244
|
+
});
|
|
245
|
+
const { getIsNewBrowserSession } = (0, isNewBrowserSession_1.createGetIsNewBrowserSession)({
|
|
246
|
+
configId,
|
|
247
|
+
evtUserNotLoggedIn: (() => {
|
|
248
|
+
const evt = (0, Evt_1.createEvt)();
|
|
249
|
+
evtIsUserLoggedIn.subscribe(isUserLoggedIn => {
|
|
250
|
+
if (!isUserLoggedIn) {
|
|
251
|
+
evt.post();
|
|
252
|
+
}
|
|
253
|
+
});
|
|
254
|
+
return evt;
|
|
255
|
+
})()
|
|
256
|
+
});
|
|
257
|
+
const { completeLoginOrRefreshProcess } = await (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)();
|
|
258
|
+
const resultOfLoginProcess = await (async () => {
|
|
259
|
+
handle_redirect_auth_response: {
|
|
260
|
+
const authResponseAndStateData = (0, handleOidcCallback_1.retrieveRedirectAuthResponseAndStateData)({ configId });
|
|
261
|
+
if (authResponseAndStateData === undefined) {
|
|
262
|
+
break handle_redirect_auth_response;
|
|
263
|
+
}
|
|
264
|
+
const { authResponse, stateData } = authResponseAndStateData;
|
|
265
|
+
switch (stateData.action) {
|
|
266
|
+
case "login":
|
|
267
|
+
{
|
|
268
|
+
log?.(`Handling login redirect auth response ${JSON.stringify(authResponse, null, 2)}`);
|
|
269
|
+
const authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
|
|
270
|
+
let oidcClientTsUser = undefined;
|
|
153
271
|
try {
|
|
154
|
-
|
|
155
|
-
}
|
|
156
|
-
finally { if (e_1) throw e_1.error; }
|
|
157
|
-
}
|
|
158
|
-
issuerUri_params = params.issuerUri, clientId = params.clientId, _c = params.scopes, scopes = _c === void 0 ? ["profile"] : _c, debugLogs = params.debugLogs, rest = __rest(params, ["issuerUri", "clientId", "scopes", "debugLogs"]);
|
|
159
|
-
issuerUri = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
|
|
160
|
-
urlish: issuerUri_params,
|
|
161
|
-
doAssertNoQueryParams: true,
|
|
162
|
-
doOutputWithTrailingSlash: false
|
|
163
|
-
});
|
|
164
|
-
log = (function () {
|
|
165
|
-
if (!debugLogs) {
|
|
166
|
-
return undefined;
|
|
272
|
+
oidcClientTsUser = await oidcClientTsUserManager.signinRedirectCallback(authResponseUrl);
|
|
167
273
|
}
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
274
|
+
catch (error) {
|
|
275
|
+
(0, tsafe_1.assert)(error instanceof Error, "741947");
|
|
276
|
+
if (error.message === "Failed to fetch") {
|
|
277
|
+
return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createFailedToFetchTokenEndpointInitializationError({
|
|
278
|
+
clientId,
|
|
279
|
+
issuerUri
|
|
280
|
+
});
|
|
172
281
|
}
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
282
|
+
{
|
|
283
|
+
const authResponse_error = authResponse.error;
|
|
284
|
+
if (authResponse_error !== undefined) {
|
|
285
|
+
log?.(`The auth server responded with: ${authResponse_error}, trying to restore from the http only cookie`);
|
|
286
|
+
break handle_redirect_auth_response;
|
|
287
|
+
}
|
|
177
288
|
}
|
|
178
|
-
|
|
179
|
-
|
|
289
|
+
return error;
|
|
290
|
+
}
|
|
291
|
+
(0, loginPropagationToOtherTabs_1.notifyOtherTabsOfLogin)({ configId });
|
|
292
|
+
return {
|
|
293
|
+
oidcClientTsUser,
|
|
294
|
+
backFromAuthServer: {
|
|
295
|
+
extraQueryParams: stateData.extraQueryParams,
|
|
296
|
+
result: Object.fromEntries(Object.entries(authResponse)
|
|
297
|
+
.map(([name, value]) => {
|
|
298
|
+
if (name === "state" ||
|
|
299
|
+
name === "session_state" ||
|
|
300
|
+
name === "iss" ||
|
|
301
|
+
name === "code") {
|
|
302
|
+
return undefined;
|
|
303
|
+
}
|
|
304
|
+
if (value === undefined) {
|
|
305
|
+
return undefined;
|
|
306
|
+
}
|
|
307
|
+
return [name, value];
|
|
308
|
+
})
|
|
309
|
+
.filter(entry => entry !== undefined))
|
|
180
310
|
}
|
|
311
|
+
};
|
|
312
|
+
}
|
|
313
|
+
break;
|
|
314
|
+
case "logout":
|
|
315
|
+
{
|
|
316
|
+
log?.("Handling logout redirect auth response", authResponse);
|
|
317
|
+
const authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
|
|
318
|
+
try {
|
|
319
|
+
await oidcClientTsUserManager.signoutRedirectCallback(authResponseUrl);
|
|
320
|
+
}
|
|
321
|
+
catch { }
|
|
322
|
+
(0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
|
|
323
|
+
configId,
|
|
324
|
+
sessionId: stateData.sessionId
|
|
181
325
|
});
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
use_previous_instance: {
|
|
186
|
-
prOidc = prOidcByConfigId.get(configId);
|
|
187
|
-
if (prOidc === undefined) {
|
|
188
|
-
break use_previous_instance;
|
|
326
|
+
if (autoLogin) {
|
|
327
|
+
location.reload();
|
|
328
|
+
await new Promise(() => { });
|
|
189
329
|
}
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
330
|
+
// NOTE: The user is no longer logged in.
|
|
331
|
+
return undefined;
|
|
332
|
+
}
|
|
333
|
+
break;
|
|
334
|
+
}
|
|
335
|
+
}
|
|
336
|
+
restore_from_session_storage: {
|
|
337
|
+
if (isUserStoreInMemoryOnly) {
|
|
338
|
+
break restore_from_session_storage;
|
|
339
|
+
}
|
|
340
|
+
let oidcClientTsUser;
|
|
341
|
+
try {
|
|
342
|
+
oidcClientTsUser = await oidcClientTsUserManager.getUser();
|
|
343
|
+
}
|
|
344
|
+
catch {
|
|
345
|
+
// NOTE: Not sure if it can throw, but let's be safe.
|
|
346
|
+
oidcClientTsUser = null;
|
|
347
|
+
try {
|
|
348
|
+
await oidcClientTsUserManager.removeUser();
|
|
349
|
+
}
|
|
350
|
+
catch { }
|
|
351
|
+
}
|
|
352
|
+
if (oidcClientTsUser === null) {
|
|
353
|
+
break restore_from_session_storage;
|
|
354
|
+
}
|
|
355
|
+
log?.("Restored the auth from ephemeral session storage");
|
|
356
|
+
return {
|
|
357
|
+
oidcClientTsUser,
|
|
358
|
+
backFromAuthServer: undefined
|
|
359
|
+
};
|
|
360
|
+
}
|
|
361
|
+
silent_login_if_possible_and_auto_login: {
|
|
362
|
+
const persistedAuthState = (0, persistedAuthState_1.getPersistedAuthState)({ configId });
|
|
363
|
+
if (persistedAuthState === "explicitly logged out" && !autoLogin) {
|
|
364
|
+
log?.("Skipping silent signin with iframe, the user has logged out");
|
|
365
|
+
break silent_login_if_possible_and_auto_login;
|
|
366
|
+
}
|
|
367
|
+
{
|
|
368
|
+
const { isOnline, prOnline } = (0, getIsOnline_1.getIsOnline)();
|
|
369
|
+
if (!isOnline) {
|
|
370
|
+
if (autoLogin) {
|
|
371
|
+
log?.([
|
|
372
|
+
"The browser is currently offline",
|
|
373
|
+
"Since autoLogin is enabled we wait until it comes back online",
|
|
374
|
+
"to continue with authentication"
|
|
196
375
|
].join(" "));
|
|
197
|
-
|
|
198
|
-
return [2 /*return*/, prOidc];
|
|
376
|
+
await prOnline;
|
|
199
377
|
}
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
})];
|
|
209
|
-
case 1:
|
|
210
|
-
oidc = _e.sent();
|
|
211
|
-
dOidc.resolve(oidc);
|
|
212
|
-
return [2 /*return*/, oidc];
|
|
378
|
+
else {
|
|
379
|
+
log?.([
|
|
380
|
+
"The browser is not currently online so we proceed with initialization",
|
|
381
|
+
"assuming the user isn't authenticated"
|
|
382
|
+
].join(" "));
|
|
383
|
+
break silent_login_if_possible_and_auto_login;
|
|
384
|
+
}
|
|
385
|
+
}
|
|
213
386
|
}
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
return
|
|
238
|
-
|
|
239
|
-
if (typeof extraTokenParamsOrGetter !== "function") {
|
|
240
|
-
return function () { return extraTokenParamsOrGetter; };
|
|
241
|
-
}
|
|
242
|
-
return extraTokenParamsOrGetter;
|
|
243
|
-
})();
|
|
244
|
-
homeUrl = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
|
|
245
|
-
urlish: homeUrl_params,
|
|
246
|
-
doAssertNoQueryParams: true,
|
|
247
|
-
doOutputWithTrailingSlash: true
|
|
248
|
-
});
|
|
249
|
-
callbackUri = (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
|
|
250
|
-
urlish: homeUrl,
|
|
251
|
-
doAssertNoQueryParams: true,
|
|
252
|
-
doOutputWithTrailingSlash: true
|
|
253
|
-
});
|
|
254
|
-
log === null || log === void 0 ? void 0 : log("Calling createOidc v".concat(VERSION, " ").concat(JSON.stringify({
|
|
255
|
-
issuerUri: issuerUri,
|
|
256
|
-
clientId: clientId,
|
|
257
|
-
scopes: scopes,
|
|
258
|
-
configId: configId,
|
|
259
|
-
homeUrl: homeUrl,
|
|
260
|
-
callbackUri: callbackUri
|
|
261
|
-
}, null, 2)));
|
|
262
|
-
isHandled = (0, handleOidcCallback_1.handleOidcCallback)().isHandled;
|
|
263
|
-
if (!isHandled) return [3 /*break*/, 2];
|
|
264
|
-
return [4 /*yield*/, new Promise(function () { })];
|
|
265
|
-
case 1:
|
|
266
|
-
_f.sent();
|
|
267
|
-
_f.label = 2;
|
|
268
|
-
case 2:
|
|
269
|
-
stateQueryParamValue_instance = (0, StateData_1.generateStateQueryParamValue)();
|
|
270
|
-
canUseIframe = (function () {
|
|
271
|
-
if (noIframe) {
|
|
272
|
-
return false;
|
|
273
|
-
}
|
|
274
|
-
// NOTE: Electron
|
|
275
|
-
if (!/https?:\/\//.test(callbackUri)) {
|
|
276
|
-
log === null || log === void 0 ? void 0 : log("We won't use iframe, callbackUri uses a custom protocol.");
|
|
277
|
-
return false;
|
|
278
|
-
}
|
|
279
|
-
third_party_cookies: {
|
|
280
|
-
var isOidcServerThirdPartyRelativeToApp = (0, haveSharedParentDomain_1.getHaveSharedParentDomain)({
|
|
281
|
-
url1: window.location.origin,
|
|
282
|
-
url2: issuerUri
|
|
283
|
-
}) === false;
|
|
284
|
-
if (!isOidcServerThirdPartyRelativeToApp) {
|
|
285
|
-
break third_party_cookies;
|
|
286
|
-
}
|
|
287
|
-
var isGoogleChrome = (function () {
|
|
288
|
-
var ua = navigator.userAgent;
|
|
289
|
-
var vendor = navigator.vendor;
|
|
290
|
-
return (/Chrome/.test(ua) && /Google Inc/.test(vendor) && !/Edg/.test(ua) && !/OPR/.test(ua));
|
|
291
|
-
})();
|
|
292
|
-
if (window.location.origin.startsWith("http://localhost") && isGoogleChrome) {
|
|
293
|
-
break third_party_cookies;
|
|
294
|
-
}
|
|
295
|
-
log === null || log === void 0 ? void 0 : log([
|
|
296
|
-
"Can't use iframe because your auth server is on a third party domain relative",
|
|
297
|
-
"to the domain of your app and third party cookies are blocked by navigators."
|
|
298
|
-
].join(" "));
|
|
299
|
-
return false;
|
|
300
|
-
}
|
|
301
|
-
// NOTE: Maybe not, it depend if the app can iframe itself.
|
|
302
|
-
return true;
|
|
303
|
-
})();
|
|
304
|
-
oidcClientTsUserManager = new oidc_client_ts_and_jwt_decode_1.UserManager({
|
|
305
|
-
stateQueryParamValue: stateQueryParamValue_instance,
|
|
306
|
-
authority: issuerUri,
|
|
307
|
-
client_id: clientId,
|
|
308
|
-
redirect_uri: callbackUri,
|
|
309
|
-
silent_redirect_uri: callbackUri,
|
|
310
|
-
post_logout_redirect_uri: callbackUri,
|
|
311
|
-
response_type: "code",
|
|
312
|
-
scope: Array.from(new Set(__spreadArray(["openid"], __read(scopes), false))).join(" "),
|
|
313
|
-
automaticSilentRenew: false,
|
|
314
|
-
userStore: new oidc_client_ts_and_jwt_decode_1.WebStorageStateStore({
|
|
315
|
-
store: (function () {
|
|
316
|
-
if (canUseIframe) {
|
|
317
|
-
isUserStoreInMemoryOnly = true;
|
|
318
|
-
return new oidc_client_ts_and_jwt_decode_1.InMemoryWebStorage();
|
|
319
|
-
}
|
|
320
|
-
isUserStoreInMemoryOnly = false;
|
|
321
|
-
var storage = (0, EphemeralSessionStorage_1.createEphemeralSessionStorage)({
|
|
322
|
-
sessionStorageTtlMs: 3 * 60000
|
|
323
|
-
});
|
|
324
|
-
var evtRequestToPersistTokens = globalContext.evtRequestToPersistTokens;
|
|
325
|
-
evtRequestToPersistTokens.subscribe(function (_a) {
|
|
326
|
-
var configIdOfInstancePostingTheRequest = _a.configIdOfInstancePostingTheRequest;
|
|
327
|
-
if (configIdOfInstancePostingTheRequest === configId) {
|
|
328
|
-
return;
|
|
329
|
-
}
|
|
330
|
-
storage.persistCurrentStateAndSubsequentChanges();
|
|
331
|
-
});
|
|
332
|
-
return storage;
|
|
333
|
-
})()
|
|
334
|
-
}),
|
|
335
|
-
stateStore: new oidc_client_ts_and_jwt_decode_1.WebStorageStateStore({ store: localStorage, prefix: StateData_1.STATE_STORE_KEY_PREFIX }),
|
|
336
|
-
client_secret: __unsafe_clientSecret,
|
|
337
|
-
fetch: trustedFetch_1.trustedFetch,
|
|
338
|
-
metadata: __metadata
|
|
339
|
-
});
|
|
340
|
-
evtIsUserLoggedIn = (0, Evt_1.createEvt)();
|
|
341
|
-
loginOrGoToAuthServer = (0, loginOrGoToAuthServer_1.createLoginOrGoToAuthServer)({
|
|
342
|
-
configId: configId,
|
|
343
|
-
oidcClientTsUserManager: oidcClientTsUserManager,
|
|
344
|
-
transformUrlBeforeRedirect: transformUrlBeforeRedirect,
|
|
345
|
-
getExtraQueryParams: getExtraQueryParams,
|
|
346
|
-
getExtraTokenParams: getExtraTokenParams,
|
|
347
|
-
homeUrl: homeUrl,
|
|
348
|
-
evtIsUserLoggedIn: evtIsUserLoggedIn,
|
|
349
|
-
log: log
|
|
350
|
-
}).loginOrGoToAuthServer;
|
|
351
|
-
getIsNewBrowserSession = (0, isNewBrowserSession_1.createGetIsNewBrowserSession)({
|
|
352
|
-
configId: configId,
|
|
353
|
-
evtUserNotLoggedIn: (function () {
|
|
354
|
-
var evt = (0, Evt_1.createEvt)();
|
|
355
|
-
evtIsUserLoggedIn.subscribe(function (isUserLoggedIn) {
|
|
356
|
-
if (!isUserLoggedIn) {
|
|
357
|
-
evt.post();
|
|
358
|
-
}
|
|
387
|
+
let authResponse_error = undefined;
|
|
388
|
+
let oidcClientTsUser = undefined;
|
|
389
|
+
actual_silent_signin: {
|
|
390
|
+
if (persistedAuthState === "explicitly logged out") {
|
|
391
|
+
break actual_silent_signin;
|
|
392
|
+
}
|
|
393
|
+
if (!canUseIframe) {
|
|
394
|
+
break actual_silent_signin;
|
|
395
|
+
}
|
|
396
|
+
log?.("Trying to restore the auth from the http only cookie (silent signin with iframe)");
|
|
397
|
+
const result_loginSilent = await (0, loginSilent_1.loginSilent)({
|
|
398
|
+
oidcClientTsUserManager,
|
|
399
|
+
stateUrlParamValue_instance,
|
|
400
|
+
configId,
|
|
401
|
+
transformUrlBeforeRedirect,
|
|
402
|
+
getExtraQueryParams,
|
|
403
|
+
getExtraTokenParams,
|
|
404
|
+
autoLogin
|
|
405
|
+
});
|
|
406
|
+
(0, tsafe_1.assert)(result_loginSilent.outcome !== "token refreshed using refresh token", "876995");
|
|
407
|
+
if (result_loginSilent.outcome === "failure") {
|
|
408
|
+
switch (result_loginSilent.cause) {
|
|
409
|
+
case "can't reach well-known oidc endpoint":
|
|
410
|
+
return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createWellKnownOidcConfigurationEndpointUnreachableInitializationError({
|
|
411
|
+
issuerUri
|
|
359
412
|
});
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
return [4 /*yield*/, (function () { return __awaiter(_this, void 0, void 0, function () {
|
|
367
|
-
var authResponseAndStateData, authResponse, stateData, _a, authResponseUrl, oidcClientTsUser, error_1, authResponse_error, authResponseUrl, _b, oidcClientTsUser, _c, _d, persistedAuthState_2, _e, isOnline, prOnline, authResponse_error, oidcClientTsUser, result_loginSilent, authResponse, error_2;
|
|
368
|
-
return __generator(this, function (_f) {
|
|
369
|
-
switch (_f.label) {
|
|
370
|
-
case 0:
|
|
371
|
-
authResponseAndStateData = (0, handleOidcCallback_1.retrieveRedirectAuthResponseAndStateData)({ configId: configId });
|
|
372
|
-
if (authResponseAndStateData === undefined) {
|
|
373
|
-
return [3 /*break*/, 13];
|
|
374
|
-
}
|
|
375
|
-
authResponse = authResponseAndStateData.authResponse, stateData = authResponseAndStateData.stateData;
|
|
376
|
-
_a = stateData.action;
|
|
377
|
-
switch (_a) {
|
|
378
|
-
case "login": return [3 /*break*/, 1];
|
|
379
|
-
case "logout": return [3 /*break*/, 6];
|
|
380
|
-
}
|
|
381
|
-
return [3 /*break*/, 13];
|
|
382
|
-
case 1:
|
|
383
|
-
log === null || log === void 0 ? void 0 : log("Handling login redirect auth response ".concat(JSON.stringify(authResponse, null, 2)));
|
|
384
|
-
authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
|
|
385
|
-
oidcClientTsUser = undefined;
|
|
386
|
-
_f.label = 2;
|
|
387
|
-
case 2:
|
|
388
|
-
_f.trys.push([2, 4, , 5]);
|
|
389
|
-
return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback(authResponseUrl)];
|
|
390
|
-
case 3:
|
|
391
|
-
oidcClientTsUser = _f.sent();
|
|
392
|
-
return [3 /*break*/, 5];
|
|
393
|
-
case 4:
|
|
394
|
-
error_1 = _f.sent();
|
|
395
|
-
(0, tsafe_1.assert)(error_1 instanceof Error, "741947");
|
|
396
|
-
if (error_1.message === "Failed to fetch") {
|
|
397
|
-
return [2 /*return*/, (0, OidcInitializationError_1.createFailedToFetchTokenEndpointInitializationError)({
|
|
398
|
-
clientId: clientId,
|
|
399
|
-
issuerUri: issuerUri
|
|
400
|
-
})];
|
|
401
|
-
}
|
|
402
|
-
{
|
|
403
|
-
authResponse_error = authResponse.error;
|
|
404
|
-
if (authResponse_error !== undefined) {
|
|
405
|
-
log === null || log === void 0 ? void 0 : log("The auth server responded with: ".concat(authResponse_error, ", trying to restore from the http only cookie"));
|
|
406
|
-
return [3 /*break*/, 13];
|
|
407
|
-
}
|
|
408
|
-
}
|
|
409
|
-
return [2 /*return*/, error_1];
|
|
410
|
-
case 5:
|
|
411
|
-
(0, loginPropagationToOtherTabs_1.notifyOtherTabsOfLogin)({ configId: configId });
|
|
412
|
-
return [2 /*return*/, {
|
|
413
|
-
oidcClientTsUser: oidcClientTsUser,
|
|
414
|
-
backFromAuthServer: {
|
|
415
|
-
extraQueryParams: stateData.extraQueryParams,
|
|
416
|
-
result: Object.fromEntries(Object.entries(authResponse)
|
|
417
|
-
.map(function (_a) {
|
|
418
|
-
var _b = __read(_a, 2), name = _b[0], value = _b[1];
|
|
419
|
-
if (name === "state" ||
|
|
420
|
-
name === "session_state" ||
|
|
421
|
-
name === "iss" ||
|
|
422
|
-
name === "code") {
|
|
423
|
-
return undefined;
|
|
424
|
-
}
|
|
425
|
-
if (value === undefined) {
|
|
426
|
-
return undefined;
|
|
427
|
-
}
|
|
428
|
-
return [name, value];
|
|
429
|
-
})
|
|
430
|
-
.filter(function (entry) { return entry !== undefined; }))
|
|
431
|
-
}
|
|
432
|
-
}];
|
|
433
|
-
case 6:
|
|
434
|
-
log === null || log === void 0 ? void 0 : log("Handling logout redirect auth response", authResponse);
|
|
435
|
-
authResponseUrl = (0, AuthResponse_1.authResponseToUrl)(authResponse);
|
|
436
|
-
_f.label = 7;
|
|
437
|
-
case 7:
|
|
438
|
-
_f.trys.push([7, 9, , 10]);
|
|
439
|
-
return [4 /*yield*/, oidcClientTsUserManager.signoutRedirectCallback(authResponseUrl)];
|
|
440
|
-
case 8:
|
|
441
|
-
_f.sent();
|
|
442
|
-
return [3 /*break*/, 10];
|
|
443
|
-
case 9:
|
|
444
|
-
_b = _f.sent();
|
|
445
|
-
return [3 /*break*/, 10];
|
|
446
|
-
case 10:
|
|
447
|
-
(0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
|
|
448
|
-
configId: configId,
|
|
449
|
-
sessionId: stateData.sessionId
|
|
450
|
-
});
|
|
451
|
-
if (!autoLogin) return [3 /*break*/, 12];
|
|
452
|
-
location.reload();
|
|
453
|
-
return [4 /*yield*/, new Promise(function () { })];
|
|
454
|
-
case 11:
|
|
455
|
-
_f.sent();
|
|
456
|
-
_f.label = 12;
|
|
457
|
-
case 12:
|
|
458
|
-
// NOTE: The user is no longer logged in.
|
|
459
|
-
return [2 /*return*/, undefined];
|
|
460
|
-
case 13:
|
|
461
|
-
if (isUserStoreInMemoryOnly) {
|
|
462
|
-
return [3 /*break*/, 22];
|
|
463
|
-
}
|
|
464
|
-
oidcClientTsUser = void 0;
|
|
465
|
-
_f.label = 14;
|
|
466
|
-
case 14:
|
|
467
|
-
_f.trys.push([14, 16, , 21]);
|
|
468
|
-
return [4 /*yield*/, oidcClientTsUserManager.getUser()];
|
|
469
|
-
case 15:
|
|
470
|
-
oidcClientTsUser = _f.sent();
|
|
471
|
-
return [3 /*break*/, 21];
|
|
472
|
-
case 16:
|
|
473
|
-
_c = _f.sent();
|
|
474
|
-
// NOTE: Not sure if it can throw, but let's be safe.
|
|
475
|
-
oidcClientTsUser = null;
|
|
476
|
-
_f.label = 17;
|
|
477
|
-
case 17:
|
|
478
|
-
_f.trys.push([17, 19, , 20]);
|
|
479
|
-
return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
|
|
480
|
-
case 18:
|
|
481
|
-
_f.sent();
|
|
482
|
-
return [3 /*break*/, 20];
|
|
483
|
-
case 19:
|
|
484
|
-
_d = _f.sent();
|
|
485
|
-
return [3 /*break*/, 20];
|
|
486
|
-
case 20: return [3 /*break*/, 21];
|
|
487
|
-
case 21:
|
|
488
|
-
if (oidcClientTsUser === null) {
|
|
489
|
-
return [3 /*break*/, 22];
|
|
490
|
-
}
|
|
491
|
-
log === null || log === void 0 ? void 0 : log("Restored the auth from ephemeral session storage");
|
|
492
|
-
return [2 /*return*/, {
|
|
493
|
-
oidcClientTsUser: oidcClientTsUser,
|
|
494
|
-
backFromAuthServer: undefined
|
|
495
|
-
}];
|
|
496
|
-
case 22:
|
|
497
|
-
persistedAuthState_2 = (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId });
|
|
498
|
-
if (persistedAuthState_2 === "explicitly logged out" && !autoLogin) {
|
|
499
|
-
log === null || log === void 0 ? void 0 : log("Skipping silent signin with iframe, the user has logged out");
|
|
500
|
-
return [3 /*break*/, 35];
|
|
501
|
-
}
|
|
502
|
-
_e = (0, getIsOnline_1.getIsOnline)(), isOnline = _e.isOnline, prOnline = _e.prOnline;
|
|
503
|
-
if (!!isOnline) return [3 /*break*/, 25];
|
|
504
|
-
if (!autoLogin) return [3 /*break*/, 24];
|
|
505
|
-
log === null || log === void 0 ? void 0 : log([
|
|
506
|
-
"The browser is currently offline",
|
|
507
|
-
"Since autoLogin is enabled we wait until it comes back online",
|
|
508
|
-
"to continue with authentication"
|
|
509
|
-
].join(" "));
|
|
510
|
-
return [4 /*yield*/, prOnline];
|
|
511
|
-
case 23:
|
|
512
|
-
_f.sent();
|
|
513
|
-
return [3 /*break*/, 25];
|
|
514
|
-
case 24:
|
|
515
|
-
log === null || log === void 0 ? void 0 : log([
|
|
516
|
-
"The browser is not currently online so we proceed with initialization",
|
|
517
|
-
"assuming the user isn't authenticated"
|
|
518
|
-
].join(" "));
|
|
519
|
-
return [3 /*break*/, 35];
|
|
520
|
-
case 25:
|
|
521
|
-
authResponse_error = undefined;
|
|
522
|
-
oidcClientTsUser = undefined;
|
|
523
|
-
if (persistedAuthState_2 === "explicitly logged out") {
|
|
524
|
-
return [3 /*break*/, 30];
|
|
525
|
-
}
|
|
526
|
-
if (!canUseIframe) {
|
|
527
|
-
return [3 /*break*/, 30];
|
|
528
|
-
}
|
|
529
|
-
log === null || log === void 0 ? void 0 : log("Trying to restore the auth from the http only cookie (silent signin with iframe)");
|
|
530
|
-
return [4 /*yield*/, (0, loginSilent_1.loginSilent)({
|
|
531
|
-
oidcClientTsUserManager: oidcClientTsUserManager,
|
|
532
|
-
stateQueryParamValue_instance: stateQueryParamValue_instance,
|
|
533
|
-
configId: configId,
|
|
534
|
-
transformUrlBeforeRedirect: transformUrlBeforeRedirect,
|
|
535
|
-
getExtraQueryParams: getExtraQueryParams,
|
|
536
|
-
getExtraTokenParams: getExtraTokenParams,
|
|
537
|
-
autoLogin: autoLogin
|
|
538
|
-
})];
|
|
539
|
-
case 26:
|
|
540
|
-
result_loginSilent = _f.sent();
|
|
541
|
-
(0, tsafe_1.assert)(result_loginSilent.outcome !== "token refreshed using refresh token", "876995");
|
|
542
|
-
if (result_loginSilent.outcome === "failure") {
|
|
543
|
-
switch (result_loginSilent.cause) {
|
|
544
|
-
case "can't reach well-known oidc endpoint":
|
|
545
|
-
return [2 /*return*/, (0, OidcInitializationError_1.createWellKnownOidcConfigurationEndpointUnreachableInitializationError)({
|
|
546
|
-
issuerUri: issuerUri
|
|
547
|
-
})];
|
|
548
|
-
case "timeout":
|
|
549
|
-
return [2 /*return*/, (0, OidcInitializationError_1.createIframeTimeoutInitializationError)({
|
|
550
|
-
callbackUri: callbackUri,
|
|
551
|
-
clientId: clientId,
|
|
552
|
-
issuerUri: issuerUri,
|
|
553
|
-
noIframe: noIframe
|
|
554
|
-
})];
|
|
555
|
-
}
|
|
556
|
-
(0, tsafe_1.assert)(false);
|
|
557
|
-
}
|
|
558
|
-
(0, tsafe_1.assert)();
|
|
559
|
-
authResponse = result_loginSilent.authResponse;
|
|
560
|
-
log === null || log === void 0 ? void 0 : log("Silent signin auth response ".concat(JSON.stringify(authResponse, null, 2)));
|
|
561
|
-
authResponse_error = authResponse.error;
|
|
562
|
-
_f.label = 27;
|
|
563
|
-
case 27:
|
|
564
|
-
_f.trys.push([27, 29, , 30]);
|
|
565
|
-
return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse))];
|
|
566
|
-
case 28:
|
|
567
|
-
oidcClientTsUser = _f.sent();
|
|
568
|
-
return [3 /*break*/, 30];
|
|
569
|
-
case 29:
|
|
570
|
-
error_2 = _f.sent();
|
|
571
|
-
(0, tsafe_1.assert)(error_2 instanceof Error, "433344");
|
|
572
|
-
if (error_2.message === "Failed to fetch") {
|
|
573
|
-
return [2 /*return*/, (0, OidcInitializationError_1.createFailedToFetchTokenEndpointInitializationError)({
|
|
574
|
-
clientId: clientId,
|
|
575
|
-
issuerUri: issuerUri
|
|
576
|
-
})];
|
|
577
|
-
}
|
|
578
|
-
if (authResponse_error === undefined) {
|
|
579
|
-
return [2 /*return*/, error_2];
|
|
580
|
-
}
|
|
581
|
-
return [3 /*break*/, 30];
|
|
582
|
-
case 30:
|
|
583
|
-
if (!(oidcClientTsUser === undefined)) return [3 /*break*/, 34];
|
|
584
|
-
if (!(autoLogin ||
|
|
585
|
-
(persistedAuthState_2 === "logged in" &&
|
|
586
|
-
(authResponse_error === undefined ||
|
|
587
|
-
authResponse_error === "interaction_required" ||
|
|
588
|
-
authResponse_error === "login_required" ||
|
|
589
|
-
authResponse_error === "consent_required" ||
|
|
590
|
-
authResponse_error === "account_selection_required")))) return [3 /*break*/, 33];
|
|
591
|
-
log === null || log === void 0 ? void 0 : log("Performing auto login with redirect");
|
|
592
|
-
(0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
|
|
593
|
-
completeLoginOrRefreshProcess();
|
|
594
|
-
if (autoLogin && persistedAuthState_2 !== "logged in") {
|
|
595
|
-
evtIsUserLoggedIn.post(false);
|
|
596
|
-
}
|
|
597
|
-
return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
598
|
-
prUnlock: new Promise(function () { })
|
|
599
|
-
})];
|
|
600
|
-
case 31:
|
|
601
|
-
_f.sent();
|
|
602
|
-
if (persistedAuthState_2 === "logged in") {
|
|
603
|
-
globalContext.evtRequestToPersistTokens.post({
|
|
604
|
-
configIdOfInstancePostingTheRequest: configId
|
|
605
|
-
});
|
|
606
|
-
}
|
|
607
|
-
return [4 /*yield*/, loginOrGoToAuthServer({
|
|
608
|
-
action: "login",
|
|
609
|
-
doForceReloadOnBfCache: true,
|
|
610
|
-
redirectUrl: initialLocationHref_1.initialLocationHref,
|
|
611
|
-
// NOTE: Wether or not it's the preferred behavior, pushing to history
|
|
612
|
-
// only works on user interaction so it have to be false
|
|
613
|
-
doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
|
|
614
|
-
extraQueryParams_local: undefined,
|
|
615
|
-
transformUrlBeforeRedirect_local: undefined,
|
|
616
|
-
interaction: (function () {
|
|
617
|
-
if (persistedAuthState_2 === "explicitly logged out") {
|
|
618
|
-
return "ensure interaction";
|
|
619
|
-
}
|
|
620
|
-
if (autoLogin) {
|
|
621
|
-
return "directly redirect if active session show login otherwise";
|
|
622
|
-
}
|
|
623
|
-
return "ensure no interaction";
|
|
624
|
-
})()
|
|
625
|
-
})];
|
|
626
|
-
case 32:
|
|
627
|
-
_f.sent();
|
|
628
|
-
(0, tsafe_1.assert)(false, "321389");
|
|
629
|
-
_f.label = 33;
|
|
630
|
-
case 33:
|
|
631
|
-
if (authResponse_error !== undefined) {
|
|
632
|
-
log === null || log === void 0 ? void 0 : log([
|
|
633
|
-
"The auth server responded with: ".concat(authResponse_error, " "),
|
|
634
|
-
"login_required" === authResponse_error
|
|
635
|
-
? "(login_required just means that there's no active session for the user)"
|
|
636
|
-
: ""
|
|
637
|
-
].join(""));
|
|
638
|
-
}
|
|
639
|
-
return [3 /*break*/, 35];
|
|
640
|
-
case 34:
|
|
641
|
-
log === null || log === void 0 ? void 0 : log("Successful silent signed in");
|
|
642
|
-
return [2 /*return*/, {
|
|
643
|
-
oidcClientTsUser: oidcClientTsUser,
|
|
644
|
-
backFromAuthServer: undefined
|
|
645
|
-
}];
|
|
646
|
-
case 35:
|
|
647
|
-
// NOTE: The user is not logged in.
|
|
648
|
-
return [2 /*return*/, undefined];
|
|
649
|
-
}
|
|
413
|
+
case "timeout":
|
|
414
|
+
return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createIframeTimeoutInitializationError({
|
|
415
|
+
redirectUri: homeUrlAndRedirectUri,
|
|
416
|
+
clientId,
|
|
417
|
+
issuerUri,
|
|
418
|
+
noIframe
|
|
650
419
|
});
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
420
|
+
}
|
|
421
|
+
(0, tsafe_1.assert)(false);
|
|
422
|
+
}
|
|
423
|
+
(0, tsafe_1.assert)();
|
|
424
|
+
const { authResponse } = result_loginSilent;
|
|
425
|
+
log?.(`Silent signin auth response ${JSON.stringify(authResponse, null, 2)}`);
|
|
426
|
+
authResponse_error = authResponse.error;
|
|
427
|
+
try {
|
|
428
|
+
oidcClientTsUser = await oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse));
|
|
429
|
+
}
|
|
430
|
+
catch (error) {
|
|
431
|
+
(0, tsafe_1.assert)(error instanceof Error, "433344");
|
|
432
|
+
if (error.message === "Failed to fetch") {
|
|
433
|
+
return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createFailedToFetchTokenEndpointInitializationError({
|
|
434
|
+
clientId,
|
|
435
|
+
issuerUri
|
|
436
|
+
});
|
|
437
|
+
}
|
|
438
|
+
if (authResponse_error === undefined) {
|
|
439
|
+
return error;
|
|
440
|
+
}
|
|
441
|
+
}
|
|
442
|
+
}
|
|
443
|
+
if (oidcClientTsUser === undefined) {
|
|
444
|
+
if (autoLogin ||
|
|
445
|
+
(persistedAuthState === "logged in" &&
|
|
446
|
+
(authResponse_error === undefined ||
|
|
447
|
+
authResponse_error === "interaction_required" ||
|
|
448
|
+
authResponse_error === "login_required" ||
|
|
449
|
+
authResponse_error === "consent_required" ||
|
|
450
|
+
authResponse_error === "account_selection_required"))) {
|
|
451
|
+
log?.("Performing auto login with redirect");
|
|
452
|
+
(0, persistedAuthState_1.persistAuthState)({ configId, state: undefined });
|
|
654
453
|
completeLoginOrRefreshProcess();
|
|
655
|
-
|
|
656
|
-
prUnlock: Promise.resolve()
|
|
657
|
-
})];
|
|
658
|
-
case 5:
|
|
659
|
-
_f.sent();
|
|
660
|
-
oidc_common = {
|
|
661
|
-
params: {
|
|
662
|
-
issuerUri: issuerUri,
|
|
663
|
-
clientId: clientId
|
|
664
|
-
}
|
|
665
|
-
};
|
|
666
|
-
not_loggedIn_case: {
|
|
667
|
-
if (!(resultOfLoginProcess instanceof Error) && resultOfLoginProcess !== undefined) {
|
|
668
|
-
break not_loggedIn_case;
|
|
669
|
-
}
|
|
454
|
+
if (autoLogin && persistedAuthState !== "logged in") {
|
|
670
455
|
evtIsUserLoggedIn.post(false);
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
}
|
|
674
|
-
|
|
675
|
-
|
|
676
|
-
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
680
|
-
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
|
|
684
|
-
|
|
685
|
-
|
|
686
|
-
|
|
687
|
-
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
691
|
-
|
|
692
|
-
].join("\n"));
|
|
693
|
-
return (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: false, login: function () { return __awaiter(_this, void 0, void 0, function () {
|
|
694
|
-
return __generator(this, function (_a) {
|
|
695
|
-
alert("Authentication is currently unavailable. Please try again later.");
|
|
696
|
-
return [2 /*return*/, new Promise(function () { })];
|
|
697
|
-
});
|
|
698
|
-
}); }, initializationError: initializationError }));
|
|
456
|
+
}
|
|
457
|
+
await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
458
|
+
prUnlock: new Promise(() => { })
|
|
459
|
+
});
|
|
460
|
+
if (persistedAuthState === "logged in") {
|
|
461
|
+
globalContext.evtRequestToPersistTokens.post({
|
|
462
|
+
configIdOfInstancePostingTheRequest: configId
|
|
463
|
+
});
|
|
464
|
+
}
|
|
465
|
+
await loginOrGoToAuthServer({
|
|
466
|
+
action: "login",
|
|
467
|
+
doForceReloadOnBfCache: true,
|
|
468
|
+
redirectUrl: initialLocationHref_1.initialLocationHref,
|
|
469
|
+
// NOTE: Wether or not it's the preferred behavior, pushing to history
|
|
470
|
+
// only works on user interaction so it have to be false
|
|
471
|
+
doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
|
|
472
|
+
extraQueryParams_local: undefined,
|
|
473
|
+
transformUrlBeforeRedirect_local: undefined,
|
|
474
|
+
interaction: (() => {
|
|
475
|
+
if (persistedAuthState === "explicitly logged out") {
|
|
476
|
+
return "ensure interaction";
|
|
699
477
|
}
|
|
700
|
-
if (
|
|
701
|
-
|
|
702
|
-
return (0, tsafe_1.id)(__assign(__assign({}, oidc_common), { isUserLoggedIn: false, login: function (_a) { return __awaiter(_this, [_a], void 0, function (_b) {
|
|
703
|
-
var _c;
|
|
704
|
-
var doesCurrentHrefRequiresAuth = _b.doesCurrentHrefRequiresAuth, extraQueryParams = _b.extraQueryParams, redirectUrl = _b.redirectUrl, transformUrlBeforeRedirect = _b.transformUrlBeforeRedirect;
|
|
705
|
-
return __generator(this, function (_d) {
|
|
706
|
-
switch (_d.label) {
|
|
707
|
-
case 0: return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
708
|
-
prUnlock: (0, loginOrGoToAuthServer_1.getPrSafelyRestoredFromBfCacheAfterLoginBackNavigation)()
|
|
709
|
-
})];
|
|
710
|
-
case 1:
|
|
711
|
-
_d.sent();
|
|
712
|
-
return [2 /*return*/, loginOrGoToAuthServer({
|
|
713
|
-
action: "login",
|
|
714
|
-
doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: doesCurrentHrefRequiresAuth,
|
|
715
|
-
doForceReloadOnBfCache: false,
|
|
716
|
-
redirectUrl: (_c = redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : postLoginRedirectUrl_default) !== null && _c !== void 0 ? _c : window.location.href,
|
|
717
|
-
extraQueryParams_local: extraQueryParams,
|
|
718
|
-
transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
|
|
719
|
-
interaction: (0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) === "explicitly logged out"
|
|
720
|
-
? "ensure interaction"
|
|
721
|
-
: "directly redirect if active session show login otherwise"
|
|
722
|
-
})];
|
|
723
|
-
}
|
|
724
|
-
});
|
|
725
|
-
}); }, initializationError: undefined }));
|
|
478
|
+
if (autoLogin) {
|
|
479
|
+
return "directly redirect if active session show login otherwise";
|
|
726
480
|
}
|
|
727
|
-
|
|
728
|
-
})()
|
|
729
|
-
|
|
730
|
-
|
|
731
|
-
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
481
|
+
return "ensure no interaction";
|
|
482
|
+
})()
|
|
483
|
+
});
|
|
484
|
+
(0, tsafe_1.assert)(false, "321389");
|
|
485
|
+
}
|
|
486
|
+
if (authResponse_error !== undefined) {
|
|
487
|
+
log?.([
|
|
488
|
+
`The auth server responded with: ${authResponse_error} `,
|
|
489
|
+
"login_required" === authResponse_error
|
|
490
|
+
? `(login_required just means that there's no active session for the user)`
|
|
491
|
+
: ""
|
|
492
|
+
].join(""));
|
|
493
|
+
}
|
|
494
|
+
break silent_login_if_possible_and_auto_login;
|
|
495
|
+
}
|
|
496
|
+
log?.("Successful silent signed in");
|
|
497
|
+
return {
|
|
498
|
+
oidcClientTsUser,
|
|
499
|
+
backFromAuthServer: undefined
|
|
500
|
+
};
|
|
501
|
+
}
|
|
502
|
+
// NOTE: The user is not logged in.
|
|
503
|
+
return undefined;
|
|
504
|
+
})();
|
|
505
|
+
completeLoginOrRefreshProcess();
|
|
506
|
+
await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
507
|
+
prUnlock: Promise.resolve()
|
|
508
|
+
});
|
|
509
|
+
const oidc_common = {
|
|
510
|
+
params: {
|
|
511
|
+
issuerUri,
|
|
512
|
+
clientId
|
|
513
|
+
}
|
|
514
|
+
};
|
|
515
|
+
not_loggedIn_case: {
|
|
516
|
+
if (!(resultOfLoginProcess instanceof Error) && resultOfLoginProcess !== undefined) {
|
|
517
|
+
break not_loggedIn_case;
|
|
518
|
+
}
|
|
519
|
+
evtIsUserLoggedIn.post(false);
|
|
520
|
+
if ((0, persistedAuthState_1.getPersistedAuthState)({ configId }) !== "explicitly logged out") {
|
|
521
|
+
(0, persistedAuthState_1.persistAuthState)({ configId, state: undefined });
|
|
522
|
+
}
|
|
523
|
+
const oidc_notLoggedIn = (() => {
|
|
524
|
+
if (resultOfLoginProcess instanceof Error) {
|
|
525
|
+
log?.("User not logged in and there was an initialization error");
|
|
526
|
+
const error = resultOfLoginProcess;
|
|
527
|
+
const initializationError = error instanceof OidcInitializationError_1.OidcInitializationError
|
|
528
|
+
? error
|
|
529
|
+
: new OidcInitializationError_1.OidcInitializationError({
|
|
530
|
+
isAuthServerLikelyDown: false,
|
|
531
|
+
messageOrCause: error
|
|
532
|
+
});
|
|
533
|
+
if (autoLogin) {
|
|
534
|
+
throw initializationError;
|
|
535
|
+
}
|
|
536
|
+
console.error([
|
|
537
|
+
`oidc-spa Initialization Error: `,
|
|
538
|
+
`isAuthServerLikelyDown: ${initializationError.isAuthServerLikelyDown}`,
|
|
539
|
+
``,
|
|
540
|
+
initializationError.message
|
|
541
|
+
].join("\n"));
|
|
542
|
+
return (0, tsafe_1.id)({
|
|
543
|
+
...oidc_common,
|
|
544
|
+
isUserLoggedIn: false,
|
|
545
|
+
login: async () => {
|
|
546
|
+
alert("Authentication is currently unavailable. Please try again later.");
|
|
547
|
+
return new Promise(() => { });
|
|
548
|
+
},
|
|
549
|
+
initializationError
|
|
550
|
+
});
|
|
551
|
+
}
|
|
552
|
+
if (resultOfLoginProcess === undefined) {
|
|
553
|
+
log?.("User not logged in");
|
|
554
|
+
return (0, tsafe_1.id)({
|
|
555
|
+
...oidc_common,
|
|
556
|
+
isUserLoggedIn: false,
|
|
557
|
+
login: async ({ doesCurrentHrefRequiresAuth, extraQueryParams, redirectUrl, transformUrlBeforeRedirect }) => {
|
|
558
|
+
await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
559
|
+
prUnlock: (0, loginOrGoToAuthServer_1.getPrSafelyRestoredFromBfCacheAfterLoginBackNavigation)()
|
|
560
|
+
});
|
|
561
|
+
return loginOrGoToAuthServer({
|
|
562
|
+
action: "login",
|
|
563
|
+
doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: doesCurrentHrefRequiresAuth,
|
|
564
|
+
doForceReloadOnBfCache: false,
|
|
565
|
+
redirectUrl: redirectUrl ?? postLoginRedirectUrl_default ?? window.location.href,
|
|
566
|
+
extraQueryParams_local: extraQueryParams,
|
|
567
|
+
transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
|
|
568
|
+
interaction: (0, persistedAuthState_1.getPersistedAuthState)({ configId }) === "explicitly logged out"
|
|
569
|
+
? "ensure interaction"
|
|
570
|
+
: "directly redirect if active session show login otherwise"
|
|
571
|
+
});
|
|
572
|
+
},
|
|
573
|
+
initializationError: undefined
|
|
574
|
+
});
|
|
575
|
+
}
|
|
576
|
+
(0, tsafe_1.assert)(false);
|
|
577
|
+
})();
|
|
578
|
+
{
|
|
579
|
+
const { prOtherTabLogin } = (0, loginPropagationToOtherTabs_1.getPrOtherTabLogin)({
|
|
580
|
+
configId
|
|
581
|
+
});
|
|
582
|
+
prOtherTabLogin.then(async () => {
|
|
583
|
+
log?.(`Other tab has logged in, reloading this tab`);
|
|
584
|
+
await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
585
|
+
prUnlock: new Promise(() => { })
|
|
586
|
+
});
|
|
587
|
+
window.location.reload();
|
|
588
|
+
});
|
|
589
|
+
}
|
|
590
|
+
// @ts-expect-error: We know what we're doing
|
|
591
|
+
return oidc_notLoggedIn;
|
|
592
|
+
}
|
|
593
|
+
log?.("User is logged in");
|
|
594
|
+
evtIsUserLoggedIn.post(true);
|
|
595
|
+
let currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
|
|
596
|
+
oidcClientTsUser: resultOfLoginProcess.oidcClientTsUser,
|
|
597
|
+
decodedIdTokenSchema,
|
|
598
|
+
__unsafe_useIdTokenAsAccessToken,
|
|
599
|
+
decodedIdToken_previous: undefined,
|
|
600
|
+
log
|
|
601
|
+
});
|
|
602
|
+
{
|
|
603
|
+
if ((0, persistedAuthState_1.getPersistedAuthState)({ configId }) !== undefined) {
|
|
604
|
+
(0, persistedAuthState_1.persistAuthState)({ configId, state: undefined });
|
|
605
|
+
}
|
|
606
|
+
if (!canUseIframe) {
|
|
607
|
+
(0, persistedAuthState_1.persistAuthState)({
|
|
608
|
+
configId,
|
|
609
|
+
state: {
|
|
610
|
+
stateDescription: "logged in",
|
|
611
|
+
refreshTokenExpirationTime: currentTokens.refreshTokenExpirationTime,
|
|
612
|
+
idleSessionLifetimeInSeconds
|
|
613
|
+
}
|
|
614
|
+
});
|
|
615
|
+
}
|
|
616
|
+
}
|
|
617
|
+
const autoLogoutCountdownTickCallbacks = new Set();
|
|
618
|
+
const onTokenChanges = new Set();
|
|
619
|
+
const { sid: sessionId, sub: subjectId } = currentTokens.decodedIdToken_original;
|
|
620
|
+
(0, tsafe_1.assert)(subjectId !== undefined, "The 'sub' claim is missing from the id token");
|
|
621
|
+
(0, tsafe_1.assert)(sessionId === undefined || typeof sessionId === "string");
|
|
622
|
+
let wouldHaveAutoLoggedOutIfBrowserWasOnline = false;
|
|
623
|
+
const oidc_loggedIn = (0, tsafe_1.id)({
|
|
624
|
+
...oidc_common,
|
|
625
|
+
isUserLoggedIn: true,
|
|
626
|
+
getTokens: async () => {
|
|
627
|
+
if (wouldHaveAutoLoggedOutIfBrowserWasOnline) {
|
|
628
|
+
await oidc_loggedIn.logout(autoLogoutParams);
|
|
629
|
+
(0, tsafe_1.assert)(false);
|
|
630
|
+
}
|
|
631
|
+
renew_tokens: {
|
|
632
|
+
{
|
|
633
|
+
const msBeforeExpirationOfTheAccessToken = currentTokens.accessTokenExpirationTime - Date.now();
|
|
634
|
+
if (msBeforeExpirationOfTheAccessToken > 30000) {
|
|
635
|
+
break renew_tokens;
|
|
636
|
+
}
|
|
637
|
+
}
|
|
638
|
+
{
|
|
639
|
+
const msElapsedSinceCurrentTokenWereIssued = Date.now() - currentTokens.issuedAtTime;
|
|
640
|
+
if (msElapsedSinceCurrentTokenWereIssued < 5000) {
|
|
641
|
+
break renew_tokens;
|
|
751
642
|
}
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
643
|
+
}
|
|
644
|
+
await oidc_loggedIn.renewTokens();
|
|
645
|
+
}
|
|
646
|
+
return currentTokens;
|
|
647
|
+
},
|
|
648
|
+
getDecodedIdToken: () => currentTokens.decodedIdToken,
|
|
649
|
+
logout: async (params) => {
|
|
650
|
+
if (globalContext.hasLogoutBeenCalled) {
|
|
651
|
+
log?.("logout() has already been called, ignoring the call");
|
|
652
|
+
return new Promise(() => { });
|
|
653
|
+
}
|
|
654
|
+
globalContext.hasLogoutBeenCalled = true;
|
|
655
|
+
const postLogoutRedirectUrl = (() => {
|
|
656
|
+
switch (params.redirectTo) {
|
|
657
|
+
case "current page":
|
|
658
|
+
return window.location.href;
|
|
659
|
+
case "home":
|
|
660
|
+
return homeUrlAndRedirectUri;
|
|
661
|
+
case "specific url":
|
|
662
|
+
return (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
|
|
663
|
+
urlish: params.url,
|
|
664
|
+
doAssertNoQueryParams: false
|
|
665
|
+
});
|
|
666
|
+
}
|
|
667
|
+
})();
|
|
668
|
+
await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
669
|
+
prUnlock: new Promise(() => { })
|
|
670
|
+
});
|
|
671
|
+
window.addEventListener("pageshow", () => {
|
|
672
|
+
location.reload();
|
|
673
|
+
});
|
|
674
|
+
try {
|
|
675
|
+
await oidcClientTsUserManager.signoutRedirect({
|
|
676
|
+
state: (0, tsafe_1.id)({
|
|
677
|
+
configId,
|
|
678
|
+
context: "redirect",
|
|
679
|
+
redirectUrl: postLogoutRedirectUrl,
|
|
680
|
+
hasBeenProcessedByCallback: false,
|
|
681
|
+
action: "logout",
|
|
682
|
+
sessionId
|
|
683
|
+
}),
|
|
684
|
+
redirectMethod: "assign"
|
|
685
|
+
});
|
|
686
|
+
}
|
|
687
|
+
catch (error) {
|
|
688
|
+
(0, tsafe_1.assert)((0, tsafe_1.is)(error));
|
|
689
|
+
if (error.message === "No end session endpoint") {
|
|
690
|
+
log?.("No end session endpoint, managing logging state locally");
|
|
691
|
+
(0, persistedAuthState_1.persistAuthState)({ configId, state: { stateDescription: "explicitly logged out" } });
|
|
692
|
+
try {
|
|
693
|
+
await oidcClientTsUserManager.removeUser();
|
|
694
|
+
}
|
|
695
|
+
catch {
|
|
696
|
+
// NOTE: Not sure if it can throw
|
|
697
|
+
}
|
|
698
|
+
(0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
|
|
699
|
+
configId,
|
|
700
|
+
sessionId
|
|
760
701
|
});
|
|
761
|
-
|
|
762
|
-
|
|
763
|
-
|
|
764
|
-
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
768
|
-
|
|
769
|
-
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
702
|
+
window.location.href = postLogoutRedirectUrl;
|
|
703
|
+
}
|
|
704
|
+
else {
|
|
705
|
+
throw error;
|
|
706
|
+
}
|
|
707
|
+
}
|
|
708
|
+
return new Promise(() => { });
|
|
709
|
+
},
|
|
710
|
+
renewTokens: (() => {
|
|
711
|
+
async function renewTokens_nonMutexed(params) {
|
|
712
|
+
const { extraTokenParams } = params;
|
|
713
|
+
const fallbackToFullPageReload = async () => {
|
|
714
|
+
(0, persistedAuthState_1.persistAuthState)({ configId, state: undefined });
|
|
715
|
+
await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
716
|
+
prUnlock: new Promise(() => { })
|
|
717
|
+
});
|
|
718
|
+
globalContext.evtRequestToPersistTokens.post({
|
|
719
|
+
configIdOfInstancePostingTheRequest: configId
|
|
720
|
+
});
|
|
721
|
+
await loginOrGoToAuthServer({
|
|
722
|
+
action: "login",
|
|
723
|
+
redirectUrl: window.location.href,
|
|
724
|
+
doForceReloadOnBfCache: true,
|
|
725
|
+
extraQueryParams_local: undefined,
|
|
726
|
+
transformUrlBeforeRedirect_local: undefined,
|
|
727
|
+
doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
|
|
728
|
+
interaction: "directly redirect if active session show login otherwise"
|
|
729
|
+
});
|
|
730
|
+
(0, tsafe_1.assert)(false, "136134");
|
|
731
|
+
};
|
|
732
|
+
if (!currentTokens.hasRefreshToken && !canUseIframe) {
|
|
733
|
+
log?.([
|
|
734
|
+
"Unable to refresh tokens without a full app reload,",
|
|
735
|
+
"because no refresh token is available",
|
|
736
|
+
"and your app setup prevents silent sign-in via iframe.",
|
|
737
|
+
"Your only option to refresh tokens is to call `window.location.reload()`"
|
|
738
|
+
].join(" "));
|
|
739
|
+
await fallbackToFullPageReload();
|
|
740
|
+
(0, tsafe_1.assert)(false, "136135");
|
|
741
|
+
}
|
|
742
|
+
log?.("Renewing tokens");
|
|
743
|
+
const { completeLoginOrRefreshProcess } = await (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)();
|
|
744
|
+
const result_loginSilent = await (0, loginSilent_1.loginSilent)({
|
|
745
|
+
oidcClientTsUserManager,
|
|
746
|
+
stateUrlParamValue_instance,
|
|
747
|
+
configId,
|
|
748
|
+
transformUrlBeforeRedirect,
|
|
749
|
+
getExtraQueryParams,
|
|
750
|
+
getExtraTokenParams: () => extraTokenParams,
|
|
751
|
+
autoLogin
|
|
752
|
+
});
|
|
753
|
+
if (result_loginSilent.outcome === "failure") {
|
|
754
|
+
completeLoginOrRefreshProcess();
|
|
755
|
+
// NOTE: This is a configuration or network error, okay to throw,
|
|
756
|
+
// this exception doesn't have to be handle if it fails it fails.
|
|
757
|
+
throw new Error(result_loginSilent.cause);
|
|
758
|
+
}
|
|
759
|
+
let oidcClientTsUser;
|
|
760
|
+
switch (result_loginSilent.outcome) {
|
|
761
|
+
case "token refreshed using refresh token":
|
|
762
|
+
{
|
|
763
|
+
log?.("Refresh token used");
|
|
764
|
+
oidcClientTsUser = result_loginSilent.oidcClientTsUser;
|
|
774
765
|
}
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
|
|
781
|
-
|
|
782
|
-
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
786
|
-
|
|
787
|
-
|
|
788
|
-
|
|
789
|
-
|
|
790
|
-
|
|
791
|
-
|
|
792
|
-
_a.label = 2;
|
|
793
|
-
case 2:
|
|
794
|
-
{
|
|
795
|
-
msBeforeExpirationOfTheAccessToken = currentTokens.accessTokenExpirationTime - Date.now();
|
|
796
|
-
if (msBeforeExpirationOfTheAccessToken > 30000) {
|
|
797
|
-
return [3 /*break*/, 4];
|
|
798
|
-
}
|
|
799
|
-
}
|
|
800
|
-
{
|
|
801
|
-
msElapsedSinceCurrentTokenWereIssued = Date.now() - currentTokens.issuedAtTime;
|
|
802
|
-
if (msElapsedSinceCurrentTokenWereIssued < 5000) {
|
|
803
|
-
return [3 /*break*/, 4];
|
|
804
|
-
}
|
|
805
|
-
}
|
|
806
|
-
return [4 /*yield*/, oidc_loggedIn.renewTokens()];
|
|
807
|
-
case 3:
|
|
808
|
-
_a.sent();
|
|
809
|
-
_a.label = 4;
|
|
810
|
-
case 4: return [2 /*return*/, currentTokens];
|
|
811
|
-
}
|
|
812
|
-
});
|
|
813
|
-
}); }, getDecodedIdToken: function () { return currentTokens.decodedIdToken; }, logout: function (params) { return __awaiter(_this, void 0, void 0, function () {
|
|
814
|
-
var postLogoutRedirectUrl, error_3, _a;
|
|
815
|
-
return __generator(this, function (_b) {
|
|
816
|
-
switch (_b.label) {
|
|
817
|
-
case 0:
|
|
818
|
-
if (globalContext.hasLogoutBeenCalled) {
|
|
819
|
-
log === null || log === void 0 ? void 0 : log("logout() has already been called, ignoring the call");
|
|
820
|
-
return [2 /*return*/, new Promise(function () { })];
|
|
821
|
-
}
|
|
822
|
-
globalContext.hasLogoutBeenCalled = true;
|
|
823
|
-
postLogoutRedirectUrl = (function () {
|
|
824
|
-
switch (params.redirectTo) {
|
|
825
|
-
case "current page":
|
|
826
|
-
return window.location.href;
|
|
827
|
-
case "home":
|
|
828
|
-
return homeUrl;
|
|
829
|
-
case "specific url":
|
|
830
|
-
return (0, toFullyQualifiedUrl_1.toFullyQualifiedUrl)({
|
|
831
|
-
urlish: params.url,
|
|
832
|
-
doAssertNoQueryParams: false
|
|
833
|
-
});
|
|
834
|
-
}
|
|
835
|
-
})();
|
|
836
|
-
return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
837
|
-
prUnlock: new Promise(function () { })
|
|
838
|
-
})];
|
|
839
|
-
case 1:
|
|
840
|
-
_b.sent();
|
|
841
|
-
window.addEventListener("pageshow", function () {
|
|
842
|
-
location.reload();
|
|
843
|
-
});
|
|
844
|
-
_b.label = 2;
|
|
845
|
-
case 2:
|
|
846
|
-
_b.trys.push([2, 4, , 11]);
|
|
847
|
-
return [4 /*yield*/, oidcClientTsUserManager.signoutRedirect({
|
|
848
|
-
state: (0, tsafe_1.id)({
|
|
849
|
-
configId: configId,
|
|
850
|
-
context: "redirect",
|
|
851
|
-
redirectUrl: postLogoutRedirectUrl,
|
|
852
|
-
hasBeenProcessedByCallback: false,
|
|
853
|
-
action: "logout",
|
|
854
|
-
sessionId: sessionId
|
|
855
|
-
}),
|
|
856
|
-
redirectMethod: "assign"
|
|
857
|
-
})];
|
|
858
|
-
case 3:
|
|
859
|
-
_b.sent();
|
|
860
|
-
return [3 /*break*/, 11];
|
|
861
|
-
case 4:
|
|
862
|
-
error_3 = _b.sent();
|
|
863
|
-
(0, tsafe_1.assert)((0, tsafe_1.is)(error_3));
|
|
864
|
-
if (!(error_3.message === "No end session endpoint")) return [3 /*break*/, 9];
|
|
865
|
-
log === null || log === void 0 ? void 0 : log("No end session endpoint, managing logging state locally");
|
|
866
|
-
(0, persistedAuthState_1.persistAuthState)({ configId: configId, state: { stateDescription: "explicitly logged out" } });
|
|
867
|
-
_b.label = 5;
|
|
868
|
-
case 5:
|
|
869
|
-
_b.trys.push([5, 7, , 8]);
|
|
870
|
-
return [4 /*yield*/, oidcClientTsUserManager.removeUser()];
|
|
871
|
-
case 6:
|
|
872
|
-
_b.sent();
|
|
873
|
-
return [3 /*break*/, 8];
|
|
874
|
-
case 7:
|
|
875
|
-
_a = _b.sent();
|
|
876
|
-
return [3 /*break*/, 8];
|
|
877
|
-
case 8:
|
|
878
|
-
(0, logoutPropagationToOtherTabs_1.notifyOtherTabsOfLogout)({
|
|
879
|
-
configId: configId,
|
|
880
|
-
sessionId: sessionId
|
|
881
|
-
});
|
|
882
|
-
window.location.href = postLogoutRedirectUrl;
|
|
883
|
-
return [3 /*break*/, 10];
|
|
884
|
-
case 9: throw error_3;
|
|
885
|
-
case 10: return [3 /*break*/, 11];
|
|
886
|
-
case 11: return [2 /*return*/, new Promise(function () { })];
|
|
766
|
+
break;
|
|
767
|
+
case "got auth response from iframe":
|
|
768
|
+
{
|
|
769
|
+
const { authResponse } = result_loginSilent;
|
|
770
|
+
log?.("Tokens refresh using iframe", authResponse);
|
|
771
|
+
const authResponse_error = authResponse.error;
|
|
772
|
+
let oidcClientTsUser_scope = undefined;
|
|
773
|
+
try {
|
|
774
|
+
oidcClientTsUser_scope =
|
|
775
|
+
await oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse));
|
|
776
|
+
}
|
|
777
|
+
catch (error) {
|
|
778
|
+
(0, tsafe_1.assert)(error instanceof Error, "321389");
|
|
779
|
+
if (authResponse_error === undefined) {
|
|
780
|
+
completeLoginOrRefreshProcess();
|
|
781
|
+
// Same here, if it fails it fails.
|
|
782
|
+
throw error;
|
|
887
783
|
}
|
|
888
|
-
});
|
|
889
|
-
}); }, renewTokens: (function () {
|
|
890
|
-
function renewTokens_nonMutexed(params) {
|
|
891
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
892
|
-
var extraTokenParams, fallbackToFullPageReload, completeLoginOrRefreshProcess, result_loginSilent, oidcClientTsUser, _a, authResponse, authResponse_error, oidcClientTsUser_scope, error_4;
|
|
893
|
-
var _this = this;
|
|
894
|
-
return __generator(this, function (_b) {
|
|
895
|
-
switch (_b.label) {
|
|
896
|
-
case 0:
|
|
897
|
-
extraTokenParams = params.extraTokenParams;
|
|
898
|
-
fallbackToFullPageReload = function () { return __awaiter(_this, void 0, void 0, function () {
|
|
899
|
-
return __generator(this, function (_a) {
|
|
900
|
-
switch (_a.label) {
|
|
901
|
-
case 0:
|
|
902
|
-
(0, persistedAuthState_1.persistAuthState)({ configId: configId, state: undefined });
|
|
903
|
-
return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
904
|
-
prUnlock: new Promise(function () { })
|
|
905
|
-
})];
|
|
906
|
-
case 1:
|
|
907
|
-
_a.sent();
|
|
908
|
-
globalContext.evtRequestToPersistTokens.post({
|
|
909
|
-
configIdOfInstancePostingTheRequest: configId
|
|
910
|
-
});
|
|
911
|
-
return [4 /*yield*/, loginOrGoToAuthServer({
|
|
912
|
-
action: "login",
|
|
913
|
-
redirectUrl: window.location.href,
|
|
914
|
-
doForceReloadOnBfCache: true,
|
|
915
|
-
extraQueryParams_local: undefined,
|
|
916
|
-
transformUrlBeforeRedirect_local: undefined,
|
|
917
|
-
doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
|
|
918
|
-
interaction: "directly redirect if active session show login otherwise"
|
|
919
|
-
})];
|
|
920
|
-
case 2:
|
|
921
|
-
_a.sent();
|
|
922
|
-
(0, tsafe_1.assert)(false, "136134");
|
|
923
|
-
return [2 /*return*/];
|
|
924
|
-
}
|
|
925
|
-
});
|
|
926
|
-
}); };
|
|
927
|
-
if (!(!currentTokens.hasRefreshToken && !canUseIframe)) return [3 /*break*/, 2];
|
|
928
|
-
log === null || log === void 0 ? void 0 : log([
|
|
929
|
-
"Unable to refresh tokens without a full app reload,",
|
|
930
|
-
"because no refresh token is available",
|
|
931
|
-
"and your app setup prevents silent sign-in via iframe.",
|
|
932
|
-
"Your only option to refresh tokens is to call `window.location.reload()`"
|
|
933
|
-
].join(" "));
|
|
934
|
-
return [4 /*yield*/, fallbackToFullPageReload()];
|
|
935
|
-
case 1:
|
|
936
|
-
_b.sent();
|
|
937
|
-
(0, tsafe_1.assert)(false, "136135");
|
|
938
|
-
_b.label = 2;
|
|
939
|
-
case 2:
|
|
940
|
-
log === null || log === void 0 ? void 0 : log("Renewing tokens");
|
|
941
|
-
return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)()];
|
|
942
|
-
case 3:
|
|
943
|
-
completeLoginOrRefreshProcess = (_b.sent()).completeLoginOrRefreshProcess;
|
|
944
|
-
return [4 /*yield*/, (0, loginSilent_1.loginSilent)({
|
|
945
|
-
oidcClientTsUserManager: oidcClientTsUserManager,
|
|
946
|
-
stateQueryParamValue_instance: stateQueryParamValue_instance,
|
|
947
|
-
configId: configId,
|
|
948
|
-
transformUrlBeforeRedirect: transformUrlBeforeRedirect,
|
|
949
|
-
getExtraQueryParams: getExtraQueryParams,
|
|
950
|
-
getExtraTokenParams: function () { return extraTokenParams; },
|
|
951
|
-
autoLogin: autoLogin
|
|
952
|
-
})];
|
|
953
|
-
case 4:
|
|
954
|
-
result_loginSilent = _b.sent();
|
|
955
|
-
if (result_loginSilent.outcome === "failure") {
|
|
956
|
-
completeLoginOrRefreshProcess();
|
|
957
|
-
// NOTE: This is a configuration or network error, okay to throw,
|
|
958
|
-
// this exception doesn't have to be handle if it fails it fails.
|
|
959
|
-
throw new Error(result_loginSilent.cause);
|
|
960
|
-
}
|
|
961
|
-
_a = result_loginSilent.outcome;
|
|
962
|
-
switch (_a) {
|
|
963
|
-
case "token refreshed using refresh token": return [3 /*break*/, 5];
|
|
964
|
-
case "got auth response from iframe": return [3 /*break*/, 6];
|
|
965
|
-
}
|
|
966
|
-
return [3 /*break*/, 13];
|
|
967
|
-
case 5:
|
|
968
|
-
{
|
|
969
|
-
log === null || log === void 0 ? void 0 : log("Refresh token used");
|
|
970
|
-
oidcClientTsUser = result_loginSilent.oidcClientTsUser;
|
|
971
|
-
}
|
|
972
|
-
return [3 /*break*/, 14];
|
|
973
|
-
case 6:
|
|
974
|
-
authResponse = result_loginSilent.authResponse;
|
|
975
|
-
log === null || log === void 0 ? void 0 : log("Tokens refresh using iframe", authResponse);
|
|
976
|
-
authResponse_error = authResponse.error;
|
|
977
|
-
oidcClientTsUser_scope = undefined;
|
|
978
|
-
_b.label = 7;
|
|
979
|
-
case 7:
|
|
980
|
-
_b.trys.push([7, 9, , 10]);
|
|
981
|
-
return [4 /*yield*/, oidcClientTsUserManager.signinRedirectCallback((0, AuthResponse_1.authResponseToUrl)(authResponse))];
|
|
982
|
-
case 8:
|
|
983
|
-
oidcClientTsUser_scope =
|
|
984
|
-
_b.sent();
|
|
985
|
-
return [3 /*break*/, 10];
|
|
986
|
-
case 9:
|
|
987
|
-
error_4 = _b.sent();
|
|
988
|
-
(0, tsafe_1.assert)(error_4 instanceof Error, "321389");
|
|
989
|
-
if (authResponse_error === undefined) {
|
|
990
|
-
completeLoginOrRefreshProcess();
|
|
991
|
-
// Same here, if it fails it fails.
|
|
992
|
-
throw error_4;
|
|
993
|
-
}
|
|
994
|
-
return [3 /*break*/, 10];
|
|
995
|
-
case 10:
|
|
996
|
-
if (!(oidcClientTsUser_scope === undefined)) return [3 /*break*/, 12];
|
|
997
|
-
// NOTE: Here we got a response but it's an error, session might have been
|
|
998
|
-
// deleted or other edge case.
|
|
999
|
-
completeLoginOrRefreshProcess();
|
|
1000
|
-
log === null || log === void 0 ? void 0 : log([
|
|
1001
|
-
"The user is probably not logged in anymore,",
|
|
1002
|
-
"need to redirect to login pages"
|
|
1003
|
-
].join(" "));
|
|
1004
|
-
return [4 /*yield*/, fallbackToFullPageReload()];
|
|
1005
|
-
case 11:
|
|
1006
|
-
_b.sent();
|
|
1007
|
-
(0, tsafe_1.assert)(false, "136135");
|
|
1008
|
-
_b.label = 12;
|
|
1009
|
-
case 12:
|
|
1010
|
-
oidcClientTsUser = oidcClientTsUser_scope;
|
|
1011
|
-
return [3 /*break*/, 14];
|
|
1012
|
-
case 13:
|
|
1013
|
-
(0, tsafe_1.assert)(false);
|
|
1014
|
-
return [3 /*break*/, 14];
|
|
1015
|
-
case 14:
|
|
1016
|
-
currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
|
|
1017
|
-
oidcClientTsUser: oidcClientTsUser,
|
|
1018
|
-
decodedIdTokenSchema: decodedIdTokenSchema,
|
|
1019
|
-
__unsafe_useIdTokenAsAccessToken: __unsafe_useIdTokenAsAccessToken,
|
|
1020
|
-
decodedIdToken_previous: currentTokens.decodedIdToken,
|
|
1021
|
-
log: log
|
|
1022
|
-
});
|
|
1023
|
-
if ((0, persistedAuthState_1.getPersistedAuthState)({ configId: configId }) !== undefined) {
|
|
1024
|
-
(0, persistedAuthState_1.persistAuthState)({
|
|
1025
|
-
configId: configId,
|
|
1026
|
-
state: {
|
|
1027
|
-
stateDescription: "logged in",
|
|
1028
|
-
refreshTokenExpirationTime: currentTokens.refreshTokenExpirationTime,
|
|
1029
|
-
idleSessionLifetimeInSeconds: idleSessionLifetimeInSeconds
|
|
1030
|
-
}
|
|
1031
|
-
});
|
|
1032
|
-
}
|
|
1033
|
-
Array.from(onTokenChanges).forEach(function (onTokenChange) { return onTokenChange(currentTokens); });
|
|
1034
|
-
completeLoginOrRefreshProcess();
|
|
1035
|
-
return [2 /*return*/];
|
|
1036
|
-
}
|
|
1037
|
-
});
|
|
1038
|
-
});
|
|
1039
784
|
}
|
|
1040
|
-
|
|
1041
|
-
|
|
1042
|
-
|
|
1043
|
-
|
|
1044
|
-
|
|
1045
|
-
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
|
|
1049
|
-
|
|
1050
|
-
});
|
|
785
|
+
if (oidcClientTsUser_scope === undefined) {
|
|
786
|
+
// NOTE: Here we got a response but it's an error, session might have been
|
|
787
|
+
// deleted or other edge case.
|
|
788
|
+
completeLoginOrRefreshProcess();
|
|
789
|
+
log?.([
|
|
790
|
+
"The user is probably not logged in anymore,",
|
|
791
|
+
"need to redirect to login pages"
|
|
792
|
+
].join(" "));
|
|
793
|
+
await fallbackToFullPageReload();
|
|
794
|
+
(0, tsafe_1.assert)(false, "136135");
|
|
1051
795
|
}
|
|
1052
|
-
|
|
1053
|
-
var extraTokenParams_local, extraTokenParams;
|
|
1054
|
-
var _this = this;
|
|
1055
|
-
return __generator(this, function (_a) {
|
|
1056
|
-
extraTokenParams_local = (params !== null && params !== void 0 ? params : {}).extraTokenParams;
|
|
1057
|
-
extraTokenParams = __assign(__assign({}, getExtraTokenParams === null || getExtraTokenParams === void 0 ? void 0 : getExtraTokenParams()), extraTokenParams_local);
|
|
1058
|
-
if (ongoingCall === undefined) {
|
|
1059
|
-
ongoingCall = {
|
|
1060
|
-
pr: renewTokens_nonMutexed({ extraTokenParams: extraTokenParams }),
|
|
1061
|
-
extraTokenParams: extraTokenParams
|
|
1062
|
-
};
|
|
1063
|
-
handleFinally();
|
|
1064
|
-
return [2 /*return*/, ongoingCall.pr];
|
|
1065
|
-
}
|
|
1066
|
-
if (JSON.stringify(extraTokenParams) === JSON.stringify(ongoingCall.extraTokenParams)) {
|
|
1067
|
-
return [2 /*return*/, ongoingCall.pr];
|
|
1068
|
-
}
|
|
1069
|
-
ongoingCall = {
|
|
1070
|
-
pr: (function () { return __awaiter(_this, void 0, void 0, function () {
|
|
1071
|
-
var _a;
|
|
1072
|
-
return __generator(this, function (_b) {
|
|
1073
|
-
switch (_b.label) {
|
|
1074
|
-
case 0:
|
|
1075
|
-
_b.trys.push([0, 2, , 3]);
|
|
1076
|
-
return [4 /*yield*/, ongoingCall.pr];
|
|
1077
|
-
case 1:
|
|
1078
|
-
_b.sent();
|
|
1079
|
-
return [3 /*break*/, 3];
|
|
1080
|
-
case 2:
|
|
1081
|
-
_a = _b.sent();
|
|
1082
|
-
return [3 /*break*/, 3];
|
|
1083
|
-
case 3: return [2 /*return*/, renewTokens_nonMutexed({ extraTokenParams: extraTokenParams })];
|
|
1084
|
-
}
|
|
1085
|
-
});
|
|
1086
|
-
}); })(),
|
|
1087
|
-
extraTokenParams: extraTokenParams
|
|
1088
|
-
};
|
|
1089
|
-
handleFinally();
|
|
1090
|
-
return [2 /*return*/, ongoingCall.pr];
|
|
1091
|
-
});
|
|
1092
|
-
}); };
|
|
1093
|
-
})(), subscribeToTokensChange: function (onTokenChange) {
|
|
1094
|
-
onTokenChanges.add(onTokenChange);
|
|
1095
|
-
return {
|
|
1096
|
-
unsubscribe: function () {
|
|
1097
|
-
onTokenChanges.delete(onTokenChange);
|
|
1098
|
-
}
|
|
1099
|
-
};
|
|
1100
|
-
}, subscribeToAutoLogoutCountdown: function (tickCallback) {
|
|
1101
|
-
autoLogoutCountdownTickCallbacks.add(tickCallback);
|
|
1102
|
-
var unsubscribeFromAutoLogoutCountdown = function () {
|
|
1103
|
-
autoLogoutCountdownTickCallbacks.delete(tickCallback);
|
|
1104
|
-
};
|
|
1105
|
-
return { unsubscribeFromAutoLogoutCountdown: unsubscribeFromAutoLogoutCountdown };
|
|
1106
|
-
}, goToAuthServer: function (_a) {
|
|
1107
|
-
var extraQueryParams = _a.extraQueryParams, redirectUrl = _a.redirectUrl, transformUrlBeforeRedirect = _a.transformUrlBeforeRedirect;
|
|
1108
|
-
return loginOrGoToAuthServer({
|
|
1109
|
-
action: "go to auth server",
|
|
1110
|
-
redirectUrl: redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : window.location.href,
|
|
1111
|
-
extraQueryParams_local: extraQueryParams,
|
|
1112
|
-
transformUrlBeforeRedirect_local: transformUrlBeforeRedirect
|
|
1113
|
-
});
|
|
1114
|
-
}, backFromAuthServer: resultOfLoginProcess.backFromAuthServer, isNewBrowserSession: (function () {
|
|
1115
|
-
var value = getIsNewBrowserSession({ subjectId: subjectId });
|
|
1116
|
-
log === null || log === void 0 ? void 0 : log("isNewBrowserSession: ".concat(value));
|
|
1117
|
-
return value;
|
|
1118
|
-
})() }));
|
|
1119
|
-
{
|
|
1120
|
-
prOtherTabLogout = (0, logoutPropagationToOtherTabs_1.getPrOtherTabLogout)({
|
|
1121
|
-
configId: configId,
|
|
1122
|
-
sessionId: sessionId
|
|
1123
|
-
}).prOtherTabLogout;
|
|
1124
|
-
prOtherTabLogout.then(function () { return __awaiter(_this, void 0, void 0, function () {
|
|
1125
|
-
return __generator(this, function (_a) {
|
|
1126
|
-
switch (_a.label) {
|
|
1127
|
-
case 0:
|
|
1128
|
-
log === null || log === void 0 ? void 0 : log("Other tab has logged out, refreshing current tab");
|
|
1129
|
-
return [4 /*yield*/, (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
1130
|
-
prUnlock: new Promise(function () { })
|
|
1131
|
-
})];
|
|
1132
|
-
case 1:
|
|
1133
|
-
_a.sent();
|
|
1134
|
-
location.reload();
|
|
1135
|
-
return [2 /*return*/];
|
|
1136
|
-
}
|
|
1137
|
-
});
|
|
1138
|
-
}); });
|
|
1139
|
-
}
|
|
1140
|
-
(function scheduleRenew() {
|
|
1141
|
-
var _this = this;
|
|
1142
|
-
var _a;
|
|
1143
|
-
if (!currentTokens.hasRefreshToken && !canUseIframe) {
|
|
1144
|
-
log === null || log === void 0 ? void 0 : log([
|
|
1145
|
-
"Disabling token auto refresh mechanism because we",
|
|
1146
|
-
"have no way to renew the tokens without a full page reload"
|
|
1147
|
-
].join(" "));
|
|
1148
|
-
return;
|
|
796
|
+
oidcClientTsUser = oidcClientTsUser_scope;
|
|
1149
797
|
}
|
|
1150
|
-
|
|
1151
|
-
|
|
1152
|
-
|
|
1153
|
-
|
|
1154
|
-
|
|
1155
|
-
|
|
1156
|
-
|
|
1157
|
-
|
|
1158
|
-
|
|
1159
|
-
|
|
1160
|
-
|
|
1161
|
-
|
|
1162
|
-
|
|
1163
|
-
|
|
1164
|
-
|
|
1165
|
-
|
|
1166
|
-
|
|
1167
|
-
|
|
1168
|
-
|
|
1169
|
-
|
|
1170
|
-
|
|
1171
|
-
|
|
1172
|
-
|
|
1173
|
-
|
|
1174
|
-
|
|
1175
|
-
|
|
1176
|
-
|
|
1177
|
-
|
|
1178
|
-
|
|
1179
|
-
|
|
1180
|
-
|
|
1181
|
-
|
|
1182
|
-
|
|
1183
|
-
|
|
798
|
+
break;
|
|
799
|
+
default:
|
|
800
|
+
(0, tsafe_1.assert)(false);
|
|
801
|
+
break;
|
|
802
|
+
}
|
|
803
|
+
currentTokens = (0, oidcClientTsUserToTokens_1.oidcClientTsUserToTokens)({
|
|
804
|
+
oidcClientTsUser,
|
|
805
|
+
decodedIdTokenSchema,
|
|
806
|
+
__unsafe_useIdTokenAsAccessToken,
|
|
807
|
+
decodedIdToken_previous: currentTokens.decodedIdToken,
|
|
808
|
+
log
|
|
809
|
+
});
|
|
810
|
+
if ((0, persistedAuthState_1.getPersistedAuthState)({ configId }) !== undefined) {
|
|
811
|
+
(0, persistedAuthState_1.persistAuthState)({
|
|
812
|
+
configId,
|
|
813
|
+
state: {
|
|
814
|
+
stateDescription: "logged in",
|
|
815
|
+
refreshTokenExpirationTime: currentTokens.refreshTokenExpirationTime,
|
|
816
|
+
idleSessionLifetimeInSeconds
|
|
817
|
+
}
|
|
818
|
+
});
|
|
819
|
+
}
|
|
820
|
+
Array.from(onTokenChanges).forEach(onTokenChange => onTokenChange(currentTokens));
|
|
821
|
+
completeLoginOrRefreshProcess();
|
|
822
|
+
}
|
|
823
|
+
let ongoingCall = undefined;
|
|
824
|
+
function handleFinally() {
|
|
825
|
+
(0, tsafe_1.assert)(ongoingCall !== undefined, "131276");
|
|
826
|
+
const { pr } = ongoingCall;
|
|
827
|
+
pr.finally(() => {
|
|
828
|
+
(0, tsafe_1.assert)(ongoingCall !== undefined, "549462");
|
|
829
|
+
if (ongoingCall.pr !== pr) {
|
|
830
|
+
return;
|
|
831
|
+
}
|
|
832
|
+
ongoingCall = undefined;
|
|
833
|
+
});
|
|
834
|
+
}
|
|
835
|
+
return async (params) => {
|
|
836
|
+
const { extraTokenParams: extraTokenParams_local } = params ?? {};
|
|
837
|
+
const extraTokenParams = {
|
|
838
|
+
...getExtraTokenParams?.(),
|
|
839
|
+
...extraTokenParams_local
|
|
840
|
+
};
|
|
841
|
+
if (ongoingCall === undefined) {
|
|
842
|
+
ongoingCall = {
|
|
843
|
+
pr: renewTokens_nonMutexed({ extraTokenParams }),
|
|
844
|
+
extraTokenParams
|
|
845
|
+
};
|
|
846
|
+
handleFinally();
|
|
847
|
+
return ongoingCall.pr;
|
|
848
|
+
}
|
|
849
|
+
if (JSON.stringify(extraTokenParams) === JSON.stringify(ongoingCall.extraTokenParams)) {
|
|
850
|
+
return ongoingCall.pr;
|
|
851
|
+
}
|
|
852
|
+
ongoingCall = {
|
|
853
|
+
pr: (async () => {
|
|
854
|
+
try {
|
|
855
|
+
await ongoingCall.pr;
|
|
1184
856
|
}
|
|
1185
|
-
|
|
1186
|
-
|
|
1187
|
-
|
|
1188
|
-
|
|
857
|
+
catch { }
|
|
858
|
+
return renewTokens_nonMutexed({ extraTokenParams });
|
|
859
|
+
})(),
|
|
860
|
+
extraTokenParams
|
|
861
|
+
};
|
|
862
|
+
handleFinally();
|
|
863
|
+
return ongoingCall.pr;
|
|
864
|
+
};
|
|
865
|
+
})(),
|
|
866
|
+
subscribeToTokensChange: onTokenChange => {
|
|
867
|
+
onTokenChanges.add(onTokenChange);
|
|
868
|
+
return {
|
|
869
|
+
unsubscribe: () => {
|
|
870
|
+
onTokenChanges.delete(onTokenChange);
|
|
871
|
+
}
|
|
872
|
+
};
|
|
873
|
+
},
|
|
874
|
+
subscribeToAutoLogoutCountdown: tickCallback => {
|
|
875
|
+
autoLogoutCountdownTickCallbacks.add(tickCallback);
|
|
876
|
+
const unsubscribeFromAutoLogoutCountdown = () => {
|
|
877
|
+
autoLogoutCountdownTickCallbacks.delete(tickCallback);
|
|
878
|
+
};
|
|
879
|
+
return { unsubscribeFromAutoLogoutCountdown };
|
|
880
|
+
},
|
|
881
|
+
goToAuthServer: ({ extraQueryParams, redirectUrl, transformUrlBeforeRedirect }) => loginOrGoToAuthServer({
|
|
882
|
+
action: "go to auth server",
|
|
883
|
+
redirectUrl: redirectUrl ?? window.location.href,
|
|
884
|
+
extraQueryParams_local: extraQueryParams,
|
|
885
|
+
transformUrlBeforeRedirect_local: transformUrlBeforeRedirect
|
|
886
|
+
}),
|
|
887
|
+
backFromAuthServer: resultOfLoginProcess.backFromAuthServer,
|
|
888
|
+
isNewBrowserSession: (() => {
|
|
889
|
+
const value = getIsNewBrowserSession({ subjectId });
|
|
890
|
+
log?.(`isNewBrowserSession: ${value}`);
|
|
891
|
+
return value;
|
|
892
|
+
})()
|
|
893
|
+
});
|
|
894
|
+
{
|
|
895
|
+
const { prOtherTabLogout } = (0, logoutPropagationToOtherTabs_1.getPrOtherTabLogout)({
|
|
896
|
+
configId,
|
|
897
|
+
sessionId
|
|
898
|
+
});
|
|
899
|
+
prOtherTabLogout.then(async () => {
|
|
900
|
+
log?.(`Other tab has logged out, refreshing current tab`);
|
|
901
|
+
await (0, ongoingLoginOrRefreshProcesses_1.waitForAllOtherOngoingLoginOrRefreshProcessesToComplete)({
|
|
902
|
+
prUnlock: new Promise(() => { })
|
|
903
|
+
});
|
|
904
|
+
location.reload();
|
|
905
|
+
});
|
|
906
|
+
}
|
|
907
|
+
(function scheduleRenew() {
|
|
908
|
+
if (!currentTokens.hasRefreshToken && !canUseIframe) {
|
|
909
|
+
log?.([
|
|
910
|
+
"Disabling token auto refresh mechanism because we",
|
|
911
|
+
"have no way to renew the tokens without a full page reload"
|
|
912
|
+
].join(" "));
|
|
913
|
+
return;
|
|
914
|
+
}
|
|
915
|
+
const msBeforeExpiration = (currentTokens.refreshTokenExpirationTime ?? currentTokens.accessTokenExpirationTime) -
|
|
916
|
+
Date.now();
|
|
917
|
+
const typeOfTheTokenWeGotTheTtlFrom = currentTokens.refreshTokenExpirationTime !== undefined ? "refresh" : "access";
|
|
918
|
+
const RENEW_MS_BEFORE_EXPIRES = 30000;
|
|
919
|
+
if (msBeforeExpiration <= RENEW_MS_BEFORE_EXPIRES) {
|
|
920
|
+
// NOTE: We just got a new token that is about to expire. This means that
|
|
921
|
+
// the refresh token has reached it's max SSO time.
|
|
922
|
+
// ...or that the refresh token have a very short lifespan...
|
|
923
|
+
// anyway, no need to keep alive, it will probably redirect on the next getTokens() or refreshTokens() call
|
|
924
|
+
log?.([
|
|
925
|
+
"Disabling auto renew mechanism. We just got fresh tokens",
|
|
926
|
+
(() => {
|
|
927
|
+
switch (typeOfTheTokenWeGotTheTtlFrom) {
|
|
928
|
+
case "refresh":
|
|
929
|
+
return [
|
|
930
|
+
" and the refresh token is already about to expires.",
|
|
931
|
+
"This means that we have reached the max session lifespan, we can't keep",
|
|
932
|
+
"the session alive any longer.",
|
|
933
|
+
"(This can also mean that the refresh token was configured with a TTL,",
|
|
934
|
+
"aka the idle session lifespan, too low to make sense)"
|
|
935
|
+
].join(" ");
|
|
936
|
+
case "access":
|
|
937
|
+
return [
|
|
938
|
+
currentTokens.hasRefreshToken
|
|
939
|
+
? ", we can't read the expiration time of the refresh token"
|
|
940
|
+
: ", we don't have a refresh token",
|
|
941
|
+
` and the access token is already about to expire`,
|
|
942
|
+
"we would spam the auth server by constantly renewing the access token in the background",
|
|
943
|
+
"avoiding to do so."
|
|
944
|
+
].join(" ");
|
|
945
|
+
}
|
|
946
|
+
})()
|
|
947
|
+
].join(" "));
|
|
948
|
+
return;
|
|
949
|
+
}
|
|
950
|
+
log?.([
|
|
951
|
+
(0, toHumanReadableDuration_1.toHumanReadableDuration)(msBeforeExpiration),
|
|
952
|
+
`before expiration of the ${typeOfTheTokenWeGotTheTtlFrom} token.`,
|
|
953
|
+
`Scheduling renewal ${(0, toHumanReadableDuration_1.toHumanReadableDuration)(RENEW_MS_BEFORE_EXPIRES)} before expiration to keep the session alive on the OIDC server.`
|
|
954
|
+
].join(" "));
|
|
955
|
+
const timer = (0, workerTimers_1.setTimeout)(async () => {
|
|
956
|
+
{
|
|
957
|
+
const { isOnline, prOnline } = (0, getIsOnline_1.getIsOnline)();
|
|
958
|
+
if (!isOnline) {
|
|
959
|
+
const didCameBackOnlineInTime = await Promise.race([
|
|
960
|
+
new Promise(resolve => (0, workerTimers_1.setTimeout)(() => resolve(false), RENEW_MS_BEFORE_EXPIRES - 1000)),
|
|
961
|
+
prOnline.then(() => true)
|
|
962
|
+
]);
|
|
963
|
+
if (!didCameBackOnlineInTime) {
|
|
964
|
+
log?.([
|
|
965
|
+
"The session expired on the OIDC server.",
|
|
966
|
+
"We couldn't keep it alive because the browser was offline.",
|
|
967
|
+
"We are not redirecting to the login page to support PWAs with offline features.",
|
|
968
|
+
"However, the next getTokens() call will trigger a redirect to the Auth server login page."
|
|
1189
969
|
].join(" "));
|
|
1190
|
-
|
|
1191
|
-
|
|
1192
|
-
|
|
1193
|
-
|
|
1194
|
-
|
|
1195
|
-
|
|
1196
|
-
|
|
1197
|
-
|
|
1198
|
-
|
|
1199
|
-
|
|
1200
|
-
|
|
1201
|
-
|
|
1202
|
-
|
|
1203
|
-
|
|
1204
|
-
|
|
1205
|
-
|
|
1206
|
-
|
|
1207
|
-
|
|
1208
|
-
|
|
1209
|
-
|
|
1210
|
-
|
|
1211
|
-
|
|
1212
|
-
|
|
1213
|
-
|
|
1214
|
-
|
|
1215
|
-
|
|
1216
|
-
|
|
1217
|
-
|
|
1218
|
-
|
|
1219
|
-
|
|
1220
|
-
|
|
1221
|
-
|
|
1222
|
-
|
|
1223
|
-
|
|
1224
|
-
|
|
1225
|
-
|
|
1226
|
-
|
|
1227
|
-
|
|
1228
|
-
|
|
1229
|
-
|
|
1230
|
-
|
|
1231
|
-
|
|
1232
|
-
})
|
|
1233
|
-
|
|
1234
|
-
|
|
1235
|
-
getCurrentRefreshTokenTtlInSeconds_1 = function () {
|
|
1236
|
-
if (idleSessionLifetimeInSeconds !== undefined) {
|
|
1237
|
-
return idleSessionLifetimeInSeconds;
|
|
1238
|
-
}
|
|
1239
|
-
if (currentTokens.refreshTokenExpirationTime === undefined) {
|
|
1240
|
-
return undefined;
|
|
1241
|
-
}
|
|
1242
|
-
return (currentTokens.refreshTokenExpirationTime - currentTokens.issuedAtTime) / 1000;
|
|
1243
|
-
};
|
|
1244
|
-
if (getCurrentRefreshTokenTtlInSeconds_1() === undefined) {
|
|
1245
|
-
log === null || log === void 0 ? void 0 : log("".concat(currentTokens.hasRefreshToken
|
|
1246
|
-
? "The refresh token is opaque, we can't read it's expiration time"
|
|
1247
|
-
: "No refresh token", ", and idleSessionLifetimeInSeconds was not set, can't implement auto logout mechanism"));
|
|
1248
|
-
break auto_logout;
|
|
970
|
+
return;
|
|
971
|
+
}
|
|
972
|
+
}
|
|
973
|
+
}
|
|
974
|
+
log?.(`Renewing the tokens now as the ${typeOfTheTokenWeGotTheTtlFrom} token will expire in ${(0, toHumanReadableDuration_1.toHumanReadableDuration)(RENEW_MS_BEFORE_EXPIRES)}`);
|
|
975
|
+
await oidc_loggedIn.renewTokens();
|
|
976
|
+
}, Math.min(msBeforeExpiration - RENEW_MS_BEFORE_EXPIRES,
|
|
977
|
+
// NOTE: We want to make sure we do not overflow the setTimeout
|
|
978
|
+
// that must be a 32 bit unsigned integer.
|
|
979
|
+
// This can happen if the tokenExpirationTime is more than 24.8 days in the future.
|
|
980
|
+
Math.pow(2, 31) - 1));
|
|
981
|
+
const { unsubscribe: tokenChangeUnsubscribe } = oidc_loggedIn.subscribeToTokensChange(() => {
|
|
982
|
+
(0, workerTimers_1.clearTimeout)(timer);
|
|
983
|
+
tokenChangeUnsubscribe();
|
|
984
|
+
scheduleRenew();
|
|
985
|
+
});
|
|
986
|
+
})();
|
|
987
|
+
auto_logout: {
|
|
988
|
+
const getCurrentRefreshTokenTtlInSeconds = () => {
|
|
989
|
+
if (idleSessionLifetimeInSeconds !== undefined) {
|
|
990
|
+
return idleSessionLifetimeInSeconds;
|
|
991
|
+
}
|
|
992
|
+
if (currentTokens.refreshTokenExpirationTime === undefined) {
|
|
993
|
+
return undefined;
|
|
994
|
+
}
|
|
995
|
+
return (currentTokens.refreshTokenExpirationTime - currentTokens.issuedAtTime) / 1000;
|
|
996
|
+
};
|
|
997
|
+
if (getCurrentRefreshTokenTtlInSeconds() === undefined) {
|
|
998
|
+
log?.(`${currentTokens.hasRefreshToken
|
|
999
|
+
? "The refresh token is opaque, we can't read it's expiration time"
|
|
1000
|
+
: "No refresh token"}, and idleSessionLifetimeInSeconds was not set, can't implement auto logout mechanism`);
|
|
1001
|
+
break auto_logout;
|
|
1002
|
+
}
|
|
1003
|
+
const { startCountdown } = (0, startCountdown_1.createStartCountdown)({
|
|
1004
|
+
tickCallback: async ({ secondsLeft }) => {
|
|
1005
|
+
const invokeAllCallbacks = (params) => {
|
|
1006
|
+
const { secondsLeft } = params;
|
|
1007
|
+
Array.from(autoLogoutCountdownTickCallbacks).forEach(tickCallback => tickCallback({ secondsLeft }));
|
|
1008
|
+
};
|
|
1009
|
+
invokeAllCallbacks({ secondsLeft });
|
|
1010
|
+
if (secondsLeft === 0) {
|
|
1011
|
+
cancel_if_offline: {
|
|
1012
|
+
const { isOnline, prOnline } = (0, getIsOnline_1.getIsOnline)();
|
|
1013
|
+
if (isOnline) {
|
|
1014
|
+
break cancel_if_offline;
|
|
1249
1015
|
}
|
|
1250
|
-
|
|
1251
|
-
|
|
1252
|
-
|
|
1253
|
-
|
|
1254
|
-
|
|
1255
|
-
|
|
1256
|
-
case 0:
|
|
1257
|
-
invokeAllCallbacks = function (params) {
|
|
1258
|
-
var secondsLeft = params.secondsLeft;
|
|
1259
|
-
Array.from(autoLogoutCountdownTickCallbacks).forEach(function (tickCallback) {
|
|
1260
|
-
return tickCallback({ secondsLeft: secondsLeft });
|
|
1261
|
-
});
|
|
1262
|
-
};
|
|
1263
|
-
invokeAllCallbacks({ secondsLeft: secondsLeft });
|
|
1264
|
-
if (!(secondsLeft === 0)) return [3 /*break*/, 4];
|
|
1265
|
-
_c = (0, getIsOnline_1.getIsOnline)(), isOnline = _c.isOnline, prOnline = _c.prOnline;
|
|
1266
|
-
if (isOnline) {
|
|
1267
|
-
return [3 /*break*/, 2];
|
|
1268
|
-
}
|
|
1269
|
-
return [4 /*yield*/, Promise.race([
|
|
1270
|
-
new Promise(function (resolve) { return (0, workerTimers_1.setTimeout)(function () { return resolve(false); }, 10000); }),
|
|
1271
|
-
prOnline.then(function () { return true; })
|
|
1272
|
-
])];
|
|
1273
|
-
case 1:
|
|
1274
|
-
didCameBackOnline = _d.sent();
|
|
1275
|
-
if (didCameBackOnline) {
|
|
1276
|
-
return [3 /*break*/, 2];
|
|
1277
|
-
}
|
|
1278
|
-
log === null || log === void 0 ? void 0 : log([
|
|
1279
|
-
"Normally now we should auto logout.",
|
|
1280
|
-
"However since the browser is currently offline",
|
|
1281
|
-
"we avoid calling logout() now to play nice in case",
|
|
1282
|
-
"this app is a PWA.",
|
|
1283
|
-
"Next getTokens() is called logout will be called"
|
|
1284
|
-
].join(" "));
|
|
1285
|
-
unsubscribeFromIsUserActive_1();
|
|
1286
|
-
invokeAllCallbacks({ secondsLeft: undefined });
|
|
1287
|
-
wouldHaveAutoLoggedOutIfBrowserWasOnline = true;
|
|
1288
|
-
return [2 /*return*/];
|
|
1289
|
-
case 2: return [4 /*yield*/, oidc_loggedIn.logout(autoLogoutParams)];
|
|
1290
|
-
case 3:
|
|
1291
|
-
_d.sent();
|
|
1292
|
-
_d.label = 4;
|
|
1293
|
-
case 4: return [2 /*return*/];
|
|
1294
|
-
}
|
|
1295
|
-
});
|
|
1296
|
-
}); }
|
|
1297
|
-
}).startCountdown;
|
|
1298
|
-
stopCountdown_1 = undefined;
|
|
1299
|
-
evtIsUserActive = (0, evtIsUserActive_1.createEvtIsUserActive)({
|
|
1300
|
-
configId: configId,
|
|
1301
|
-
sessionId: sessionId
|
|
1302
|
-
});
|
|
1303
|
-
unsubscribeFromIsUserActive_1 = evtIsUserActive.subscribe(function (isUserActive) {
|
|
1304
|
-
if (isUserActive) {
|
|
1305
|
-
if (stopCountdown_1 !== undefined) {
|
|
1306
|
-
stopCountdown_1();
|
|
1307
|
-
stopCountdown_1 = undefined;
|
|
1308
|
-
}
|
|
1309
|
-
}
|
|
1310
|
-
else {
|
|
1311
|
-
(0, tsafe_1.assert)(stopCountdown_1 === undefined, "902992");
|
|
1312
|
-
var currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds_1();
|
|
1313
|
-
(0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "902992326");
|
|
1314
|
-
stopCountdown_1 = startCountdown_2({
|
|
1315
|
-
countDownFromSeconds: currentRefreshTokenTtlInSeconds
|
|
1316
|
-
}).stopCountdown;
|
|
1317
|
-
}
|
|
1318
|
-
}).unsubscribe;
|
|
1319
|
-
{
|
|
1320
|
-
currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds_1();
|
|
1321
|
-
(0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "9029923253");
|
|
1322
|
-
log === null || log === void 0 ? void 0 : log([
|
|
1323
|
-
"The user will be automatically logged out after ".concat((0, toHumanReadableDuration_1.toHumanReadableDuration)(currentRefreshTokenTtlInSeconds * 1000), " of inactivity."),
|
|
1324
|
-
idleSessionLifetimeInSeconds === undefined
|
|
1325
|
-
? undefined
|
|
1326
|
-
: "It was artificially defined by using the idleSessionLifetimeInSeconds param."
|
|
1327
|
-
]
|
|
1328
|
-
.filter(function (x) { return x !== undefined; })
|
|
1329
|
-
.join("\n"));
|
|
1016
|
+
const didCameBackOnline = await Promise.race([
|
|
1017
|
+
new Promise(resolve => (0, workerTimers_1.setTimeout)(() => resolve(false), 10000)),
|
|
1018
|
+
prOnline.then(() => true)
|
|
1019
|
+
]);
|
|
1020
|
+
if (didCameBackOnline) {
|
|
1021
|
+
break cancel_if_offline;
|
|
1330
1022
|
}
|
|
1023
|
+
log?.([
|
|
1024
|
+
"Normally now we should auto logout.",
|
|
1025
|
+
"However since the browser is currently offline",
|
|
1026
|
+
"we avoid calling logout() now to play nice in case",
|
|
1027
|
+
"this app is a PWA.",
|
|
1028
|
+
"Next getTokens() is called logout will be called"
|
|
1029
|
+
].join(" "));
|
|
1030
|
+
unsubscribeFromIsUserActive();
|
|
1031
|
+
invokeAllCallbacks({ secondsLeft: undefined });
|
|
1032
|
+
wouldHaveAutoLoggedOutIfBrowserWasOnline = true;
|
|
1033
|
+
return;
|
|
1331
1034
|
}
|
|
1332
|
-
|
|
1035
|
+
await oidc_loggedIn.logout(autoLogoutParams);
|
|
1036
|
+
}
|
|
1333
1037
|
}
|
|
1334
1038
|
});
|
|
1335
|
-
|
|
1039
|
+
let stopCountdown = undefined;
|
|
1040
|
+
const evtIsUserActive = (0, evtIsUserActive_1.createEvtIsUserActive)({
|
|
1041
|
+
configId,
|
|
1042
|
+
sessionId
|
|
1043
|
+
});
|
|
1044
|
+
const { unsubscribe: unsubscribeFromIsUserActive } = evtIsUserActive.subscribe(isUserActive => {
|
|
1045
|
+
if (isUserActive) {
|
|
1046
|
+
if (stopCountdown !== undefined) {
|
|
1047
|
+
stopCountdown();
|
|
1048
|
+
stopCountdown = undefined;
|
|
1049
|
+
}
|
|
1050
|
+
}
|
|
1051
|
+
else {
|
|
1052
|
+
(0, tsafe_1.assert)(stopCountdown === undefined, "902992");
|
|
1053
|
+
const currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds();
|
|
1054
|
+
(0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "902992326");
|
|
1055
|
+
stopCountdown = startCountdown({
|
|
1056
|
+
countDownFromSeconds: currentRefreshTokenTtlInSeconds
|
|
1057
|
+
}).stopCountdown;
|
|
1058
|
+
}
|
|
1059
|
+
});
|
|
1060
|
+
{
|
|
1061
|
+
const currentRefreshTokenTtlInSeconds = getCurrentRefreshTokenTtlInSeconds();
|
|
1062
|
+
(0, tsafe_1.assert)(currentRefreshTokenTtlInSeconds !== undefined, "9029923253");
|
|
1063
|
+
log?.([
|
|
1064
|
+
`The user will be automatically logged out after ${(0, toHumanReadableDuration_1.toHumanReadableDuration)(currentRefreshTokenTtlInSeconds * 1000)} of inactivity.`,
|
|
1065
|
+
idleSessionLifetimeInSeconds === undefined
|
|
1066
|
+
? undefined
|
|
1067
|
+
: `It was artificially defined by using the idleSessionLifetimeInSeconds param.`
|
|
1068
|
+
]
|
|
1069
|
+
.filter(x => x !== undefined)
|
|
1070
|
+
.join("\n"));
|
|
1071
|
+
}
|
|
1072
|
+
}
|
|
1073
|
+
return oidc_loggedIn;
|
|
1336
1074
|
}
|
|
1337
1075
|
//# sourceMappingURL=createOidc.js.map
|