oidc-spa 7.1.8 → 7.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/AuthResponse.d.ts +0 -1
- package/core/AuthResponse.js +0 -7
- package/core/AuthResponse.js.map +1 -1
- package/core/createOidc.js +1 -1
- package/core/handleOidcCallback.js +9 -4
- package/core/handleOidcCallback.js.map +1 -1
- package/core/iframeMessageProtection.d.ts +20 -0
- package/core/iframeMessageProtection.js +135 -0
- package/core/iframeMessageProtection.js.map +1 -0
- package/core/loginSilent.js +141 -118
- package/core/loginSilent.js.map +1 -1
- package/entrypoint.d.ts +1 -0
- package/entrypoint.js +14 -1
- package/entrypoint.js.map +1 -1
- package/package.json +9 -1
- package/src/core/AuthResponse.ts +0 -9
- package/src/core/handleOidcCallback.ts +6 -4
- package/src/core/iframeMessageProtection.ts +99 -0
- package/src/core/loginSilent.ts +20 -4
- package/src/entrypoint.ts +25 -2
- package/src/tools/asymmetricEncryption.ts +184 -0
- package/tools/asymmetricEncryption.d.ts +18 -0
- package/tools/asymmetricEncryption.js +181 -0
- package/tools/asymmetricEncryption.js.map +1 -0
package/core/AuthResponse.d.ts
CHANGED
package/core/AuthResponse.js
CHANGED
|
@@ -27,15 +27,8 @@ var __read = (this && this.__read) || function (o, n) {
|
|
|
27
27
|
return ar;
|
|
28
28
|
};
|
|
29
29
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
30
|
-
exports.getIsAuthResponse = getIsAuthResponse;
|
|
31
30
|
exports.authResponseToUrl = authResponseToUrl;
|
|
32
31
|
var urlSearchParams_1 = require("../tools/urlSearchParams");
|
|
33
|
-
function getIsAuthResponse(data) {
|
|
34
|
-
return (data instanceof Object &&
|
|
35
|
-
"state" in data &&
|
|
36
|
-
typeof data.state === "string" &&
|
|
37
|
-
Object.values(data).every(function (value) { return value === undefined || typeof value === "string"; }));
|
|
38
|
-
}
|
|
39
32
|
function authResponseToUrl(authResponse) {
|
|
40
33
|
var e_1, _a;
|
|
41
34
|
var authResponseUrl = "https://dummy.com";
|
package/core/AuthResponse.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthResponse.js","sourceRoot":"","sources":["../src/core/AuthResponse.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,
|
|
1
|
+
{"version":3,"file":"AuthResponse.js","sourceRoot":"","sources":["../src/core/AuthResponse.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,8CAgBC;AAvBD,4DAAkE;AAOlE,SAAgB,iBAAiB,CAAC,YAA0B;;IACxD,IAAI,eAAe,GAAG,mBAAmB,CAAC;;QAE1C,KAA4B,IAAA,KAAA,SAAA,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA,gBAAA,4BAAE,CAAC;YAAhD,IAAA,KAAA,mBAAa,EAAZ,MAAI,QAAA,EAAE,KAAK,QAAA;YACnB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACtB,SAAS;YACb,CAAC;YACD,eAAe,GAAG,IAAA,wCAAsB,EAAC;gBACrC,GAAG,EAAE,eAAe;gBACpB,IAAI,QAAA;gBACJ,KAAK,OAAA;gBACL,YAAY,EAAE,UAAU;aAC3B,CAAC,CAAC;QACP,CAAC;;;;;;;;;IAED,OAAO,eAAe,CAAC;AAC3B,CAAC"}
|
package/core/createOidc.js
CHANGED
|
@@ -125,7 +125,7 @@ var trustedFetch_1 = require("./trustedFetch");
|
|
|
125
125
|
var getIsOnline_1 = require("../tools/getIsOnline");
|
|
126
126
|
(0, handleOidcCallback_1.handleOidcCallback)();
|
|
127
127
|
// NOTE: Replaced at build time
|
|
128
|
-
var VERSION = "7.1.
|
|
128
|
+
var VERSION = "7.1.9";
|
|
129
129
|
var globalContext = {
|
|
130
130
|
prOidcByConfigId: new Map(),
|
|
131
131
|
hasLogoutBeenCalled: (0, tsafe_1.id)(false),
|
|
@@ -54,6 +54,7 @@ var StateData_1 = require("./StateData");
|
|
|
54
54
|
var tsafe_1 = require("../vendor/frontend/tsafe");
|
|
55
55
|
var initialLocationHref_1 = require("./initialLocationHref");
|
|
56
56
|
var trustedFetch_1 = require("./trustedFetch");
|
|
57
|
+
var iframeMessageProtection_1 = require("./iframeMessageProtection");
|
|
57
58
|
(0, trustedFetch_1.captureFetch)();
|
|
58
59
|
var globalContext = {
|
|
59
60
|
previousCall: (0, tsafe_1.id)(undefined)
|
|
@@ -127,7 +128,8 @@ function handleOidcCallback_nonMemoized() {
|
|
|
127
128
|
// NOTE: This is a "better than nothing" approach.
|
|
128
129
|
// Under some circumstances it's possible to get stuck on this url
|
|
129
130
|
// if there is no "next" page in the history for example, navigating
|
|
130
|
-
// forward is a NoOp. So in that case it's better to
|
|
131
|
+
// forward is a NoOp. So in that case it's better to reload the same route
|
|
132
|
+
// with just the authResponse removed from the url to avoid re-entering here.
|
|
131
133
|
setTimeout(function () {
|
|
132
134
|
var _a = window.location, protocol = _a.protocol, host = _a.host, pathname = _a.pathname, hash = _a.hash;
|
|
133
135
|
window.location.href = "".concat(protocol, "//").concat(host).concat(pathname).concat(hash);
|
|
@@ -152,9 +154,12 @@ function handleOidcCallback_nonMemoized() {
|
|
|
152
154
|
(0, tsafe_1.assert)(authResponse.state !== "", "063965");
|
|
153
155
|
switch (stateData.context) {
|
|
154
156
|
case "iframe":
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
}
|
|
157
|
+
(0, iframeMessageProtection_1.encryptAuthResponse)({
|
|
158
|
+
authResponse: authResponse
|
|
159
|
+
}).then(function (_a) {
|
|
160
|
+
var encryptedMessage = _a.encryptedMessage;
|
|
161
|
+
return parent.postMessage(encryptedMessage, location.origin);
|
|
162
|
+
});
|
|
158
163
|
break;
|
|
159
164
|
case "redirect":
|
|
160
165
|
(0, StateData_1.markStateDataAsProcessedByCallback)({ stateQueryParamValue: stateQueryParamValue });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handleOidcCallback.js","sourceRoot":"","sources":["../src/core/handleOidcCallback.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"handleOidcCallback.js","sourceRoot":"","sources":["../src/core/handleOidcCallback.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,gDAMC;AAsMD,4FAkCC;AAhQD,yCAKqB;AACrB,kDAAsD;AAEtD,6DAA4D;AAC5D,+CAA8C;AAC9C,qEAAgE;AAEhE,IAAA,2BAAY,GAAE,CAAC;AAEf,IAAM,aAAa,GAAG;IAClB,YAAY,EAAE,IAAA,UAAE,EAAqC,SAAS,CAAC;CAClE,CAAC;AAEF,SAAgB,kBAAkB;IAC9B,IAAI,aAAa,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QAC3C,OAAO,aAAa,CAAC,YAAY,CAAC;IACtC,CAAC;IAED,OAAO,CAAC,aAAa,CAAC,YAAY,GAAG,8BAA8B,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,8BAA8B;;IACnC,IAAM,eAAe,GAAG,IAAI,GAAG,CAAC,yCAAmB,CAAC,CAAC;IAErD,IAAM,oBAAoB,GAAG,CAAC;QAC1B,IAAM,oBAAoB,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEvE,IAAI,oBAAoB,KAAK,IAAI,EAAE,CAAC;YAChC,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,IAAI,CAAC,IAAA,oCAAwB,EAAC,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,CAAC,EAAE,CAAC;YACjF,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,IACI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,IAAI;YACtD,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,IAAI;YAC1D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,IAAI,EAC3D,CAAC;YACC,mFAAmF;YACnF,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,OAAO,oBAAoB,CAAC;IAChC,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;QACrC,IAAM,kBAAkB,GAAG,sBAAsB,EAAE,CAAC;QAEpD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;YACnC,uBAAuB,CAAC;gBACpB,kBAAkB,wBACX,kBAAkB,KACrB,iBAAiB,EAAE,IAAI,GAC1B;aACJ,CAAC,CAAC;QACP,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IAChC,CAAC;IAED,IAAM,SAAS,GAAG,IAAI,CAAC;IAEvB,OAAO,CAAC,GAAG,GAAG,cAAO,CAAC,CAAC;IACvB,OAAO,CAAC,IAAI,GAAG,cAAO,CAAC,CAAC;IACxB,OAAO,CAAC,KAAK,GAAG,cAAO,CAAC,CAAC;IACzB,OAAO,CAAC,KAAK,GAAG,cAAO,CAAC,CAAC;IAEzB,IAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;IAEzD,IACI,SAAS,KAAK,SAAS;QACvB,CAAC,SAAS,CAAC,OAAO,KAAK,UAAU,IAAI,SAAS,CAAC,0BAA0B,CAAC,EAC5E,CAAC;QACC,IAAM,eAAa,GAAuB,CAAC;YACvC,IAAM,kBAAkB,GAAG,sBAAsB,EAAE,CAAC;YAEpD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBACnC,OAAO,MAAM,CAAC;YAClB,CAAC;YAED,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,CAAC;gBACxC,OAAO,kBAAkB,CAAC,qBAAqB,CAAC;YACpD,CAAC;YAED,QAAQ,kBAAkB,CAAC,qBAAqB,EAAE,CAAC;gBAC/C,KAAK,MAAM;oBACP,OAAO,SAAS,CAAC;gBACrB,KAAK,SAAS;oBACV,OAAO,MAAM,CAAC;YACtB,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,uBAAuB,CAAC;YACpB,kBAAkB,EAAE;gBAChB,qBAAqB,EAAE,eAAa;gBACpC,iBAAiB,EAAE,KAAK;aAC3B;SACJ,CAAC,CAAC;QAEH,UAAU,CAAC;YACP,yBAAyB,EAAE,CAAC;YAE5B,MAAM,CAAC,OAAO,CAAC,eAAa,CAAC,EAAE,CAAC;YAEhC,kDAAkD;YAClD,kEAAkE;YAClE,oEAAoE;YACpE,0EAA0E;YAC1E,6EAA6E;YAC7E,UAAU,CAAC;gBACD,IAAA,KAAqC,MAAM,CAAC,QAAQ,EAAlD,QAAQ,cAAA,EAAE,IAAI,UAAA,EAAE,QAAQ,cAAA,EAAE,IAAI,UAAoB,CAAC;gBAC3D,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,UAAG,QAAQ,eAAK,IAAI,SAAG,QAAQ,SAAG,IAAI,CAAE,CAAC;YACpE,CAAC,EAAE,GAAG,CAAC,CAAC;QACZ,CAAC,EAAE,CAAC,CAAC,CAAC;QAEN,OAAO,EAAE,SAAS,WAAA,EAAE,CAAC;IACzB,CAAC;IAED,IAAM,YAAY,GAAiB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;;QAEjD,KAA2B,IAAA,KAAA,SAAA,eAAe,CAAC,YAAY,CAAA,gBAAA,4BAAE,CAAC;YAA/C,IAAA,KAAA,mBAAY,EAAX,GAAG,QAAA,EAAE,KAAK,QAAA;YAClB,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC9B,CAAC;;;;;;;;;IAED,IAAA,cAAM,EAAC,YAAY,CAAC,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;IAE5C,QAAQ,SAAS,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,QAAQ;YACT,IAAA,6CAAmB,EAAC;gBAChB,YAAY,cAAA;aACf,CAAC,CAAC,IAAI,CAAC,UAAC,EAAoB;oBAAlB,gBAAgB,sBAAA;gBAAO,OAAA,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC;YAArD,CAAqD,CAAC,CAAC;YACzF,MAAM;QACV,KAAK,UAAU;YACX,IAAA,8CAAkC,EAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;YAC7D,uBAAuB,EAAE,CAAC;YAC1B,0BAA0B,CAAC;gBACvB,aAAa,yCAAM,yBAAyB,EAAE,YAAE,YAAY,SAAC;aAChE,CAAC,CAAC;YACH,yBAAyB,EAAE,CAAC;YAC5B,UAAU,CAAC;gBACP,IAAM,IAAI,GAAG,CAAC;oBACV,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;wBAC5E,OAAO,SAAS,CAAC,+BAA+B,CAAC;oBACrD,CAAC;oBAED,OAAO,SAAS,CAAC,WAAW,CAAC;gBACjC,CAAC,CAAC,EAAE,CAAC;gBAEL,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;YACzB,CAAC,EAAE,CAAC,CAAC,CAAC;YACN,MAAM;IACd,CAAC;IAED,OAAO,EAAE,SAAS,WAAA,EAAE,CAAC;AACzB,CAAC;AAEK,IAAA,KAIF,CAAC;IACD,IAAM,kBAAkB,GAAG,wBAAwB,CAAC;IAEpD,IAAI,6CAA6C,GAA+B,SAAS,CAAC;IAE1F,gFAAgF;IAChF,8DAA8D;IAC9D,6FAA6F;IAC7F,uFAAuF;IACvF,oFAAoF;IACpF,0CAA0C;IAC1C,wFAAwF;IACxF,SAAS,0BAA0B,CAAC,MAAyC;QACjE,IAAA,aAAa,GAAK,MAAM,cAAX,CAAY;QAEjC,6CAA6C,GAAG,SAAS,CAAC;QAE1D,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,cAAc,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;YAC9C,OAAO;QACX,CAAC;QACD,cAAc,CAAC,OAAO,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,SAAS,yBAAyB;QAC9B,IAAI,6CAA6C,KAAK,SAAS,EAAE,CAAC;YAC9D,OAAO,6CAA6C,CAAC;QACzD,CAAC;QAED,IAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAEvD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,SAAS,kDAAkD;QACvD,IAAM,aAAa,GAAG,yBAAyB,EAAE,CAAC;QAElD,0BAA0B,CAAC,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,CAAC;QAElD,6CAA6C,GAAG,aAAa,CAAC;IAClE,CAAC;IAED,OAAO;QACH,0BAA0B,4BAAA;QAC1B,yBAAyB,2BAAA;QACzB,kDAAkD,oDAAA;KACrD,CAAC;AACN,CAAC,CAAC,EAAE,EAtDA,yBAAyB,+BAAA,EACzB,0BAA0B,gCAAA,EAC1B,kDAAkD,wDAoDlD,CAAC;AAEI,gHAAkD;AAE3D,SAAgB,wCAAwC,CAAC,MAExD;;IACW,IAAA,QAAQ,GAAK,MAAM,SAAX,CAAY;IAE5B,IAAM,aAAa,GAAG,yBAAyB,EAAE,CAAC;IAElD,IAAI,wBAAwB,GAEV,SAAS,CAAC;;QAE5B,KAA2B,IAAA,KAAA,kCAAI,aAAa,UAAC,gBAAA,4BAAE,CAAC;YAA3C,IAAM,YAAY,WAAA;YACnB,IAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;YAE7E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC1B,6DAA6D;gBAC7D,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC7D,SAAS;YACb,CAAC;YAED,IAAA,cAAM,EAAC,SAAS,CAAC,OAAO,KAAK,UAAU,EAAE,QAAQ,CAAC,CAAC;YAEnD,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAClC,SAAS;YACb,CAAC;YAED,aAAa,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;YAE7D,wBAAwB,GAAG,EAAE,YAAY,cAAA,EAAE,SAAS,WAAA,EAAE,CAAC;QAC3D,CAAC;;;;;;;;;IAED,0BAA0B,CAAC,EAAE,aAAa,eAAA,EAAE,CAAC,CAAC;IAE9C,OAAO,wBAAwB,CAAC;AACpC,CAAC;AAED,SAAS,yBAAyB;IAC9B,IAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,CAAC,gBAAgB,CAAC,UAAU,EAAE;QAChC,IAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAEnC,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAChB,OAAO;QACX,CAAC;QACD,QAAQ,CAAC,MAAM,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;AACP,CAAC;AAEK,IAAA,KAA+E,CAAC;IAClF,IAAM,2BAA2B,GAAG,wCAAwC,CAAC;IAO7E,SAAS,uBAAuB,CAAC,MAAkD;QACvE,IAAA,kBAAkB,GAAK,MAAM,mBAAX,CAAY;QAEtC,cAAc,CAAC,OAAO,CAAC,2BAA2B,EAAE,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,SAAS,sBAAsB;QAC3B,IAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;QAEhE,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACf,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,SAAS,uBAAuB;QAC5B,cAAc,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,EAAE,uBAAuB,yBAAA,EAAE,sBAAsB,wBAAA,EAAE,uBAAuB,yBAAA,EAAE,CAAC;AACxF,CAAC,CAAC,EAAE,EA7BI,uBAAuB,6BAAA,EAAE,sBAAsB,4BAAA,EAAE,uBAAuB,6BA6B5E,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { type AuthResponse } from "./AuthResponse";
|
|
2
|
+
export declare function preventSessionStorageSetItemOfPublicKeyByThirdParty(): void;
|
|
3
|
+
export declare function initIframeMessageProtection(params: {
|
|
4
|
+
stateQueryParamValue: string;
|
|
5
|
+
}): Promise<{
|
|
6
|
+
getIsEncryptedAuthResponse: (params: {
|
|
7
|
+
message: unknown;
|
|
8
|
+
}) => boolean;
|
|
9
|
+
decodeEncryptedAuth: (params: {
|
|
10
|
+
encryptedAuthResponse: string;
|
|
11
|
+
}) => Promise<{
|
|
12
|
+
authResponse: AuthResponse;
|
|
13
|
+
}>;
|
|
14
|
+
clearSessionStoragePublicKey: () => void;
|
|
15
|
+
}>;
|
|
16
|
+
export declare function encryptAuthResponse(params: {
|
|
17
|
+
authResponse: AuthResponse;
|
|
18
|
+
}): Promise<{
|
|
19
|
+
encryptedMessage: string;
|
|
20
|
+
}>;
|
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
12
|
+
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
|
|
13
|
+
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
14
|
+
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
15
|
+
function step(op) {
|
|
16
|
+
if (f) throw new TypeError("Generator is already executing.");
|
|
17
|
+
while (g && (g = 0, op[0] && (_ = 0)), _) try {
|
|
18
|
+
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
19
|
+
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
20
|
+
switch (op[0]) {
|
|
21
|
+
case 0: case 1: t = op; break;
|
|
22
|
+
case 4: _.label++; return { value: op[1], done: false };
|
|
23
|
+
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
24
|
+
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
25
|
+
default:
|
|
26
|
+
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
27
|
+
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
28
|
+
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
29
|
+
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
30
|
+
if (t[2]) _.ops.pop();
|
|
31
|
+
_.trys.pop(); continue;
|
|
32
|
+
}
|
|
33
|
+
op = body.call(thisArg, _);
|
|
34
|
+
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
35
|
+
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
36
|
+
}
|
|
37
|
+
};
|
|
38
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
+
exports.preventSessionStorageSetItemOfPublicKeyByThirdParty = preventSessionStorageSetItemOfPublicKeyByThirdParty;
|
|
40
|
+
exports.initIframeMessageProtection = initIframeMessageProtection;
|
|
41
|
+
exports.encryptAuthResponse = encryptAuthResponse;
|
|
42
|
+
var assert_1 = require("tsafe/assert");
|
|
43
|
+
var asymmetricEncryption_1 = require("../tools/asymmetricEncryption");
|
|
44
|
+
var setItem_real = Storage.prototype.setItem;
|
|
45
|
+
var SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
46
|
+
function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
47
|
+
var setItem_protected = function setItem(key, value) {
|
|
48
|
+
if (this !== sessionStorage) {
|
|
49
|
+
return setItem_real.call(this, key, value);
|
|
50
|
+
}
|
|
51
|
+
if (key.startsWith(SESSION_STORAGE_PREFIX)) {
|
|
52
|
+
throw new Error("Attack prevented by oidc-spa. You have malicious code running in your system");
|
|
53
|
+
}
|
|
54
|
+
return setItem_real.call(sessionStorage, key, value);
|
|
55
|
+
};
|
|
56
|
+
{
|
|
57
|
+
var pd = Object.getOwnPropertyDescriptor(Storage.prototype, "setItem");
|
|
58
|
+
(0, assert_1.assert)(pd !== undefined);
|
|
59
|
+
Object.defineProperty(Storage.prototype, "setItem", {
|
|
60
|
+
enumerable: pd.enumerable,
|
|
61
|
+
writable: pd.writable,
|
|
62
|
+
value: setItem_protected
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
var ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
|
|
67
|
+
function getSessionStorageKey(params) {
|
|
68
|
+
var stateQueryParamValue = params.stateQueryParamValue;
|
|
69
|
+
return "".concat(SESSION_STORAGE_PREFIX).concat(stateQueryParamValue);
|
|
70
|
+
}
|
|
71
|
+
function initIframeMessageProtection(params) {
|
|
72
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
73
|
+
function getIsEncryptedAuthResponse(params) {
|
|
74
|
+
var message = params.message;
|
|
75
|
+
return typeof message === "string" && message.startsWith(ENCRYPTED_AUTH_RESPONSES_PREFIX);
|
|
76
|
+
}
|
|
77
|
+
function decodeEncryptedAuth(params) {
|
|
78
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
79
|
+
var encryptedAuthResponse, authResponse_str, authResponse;
|
|
80
|
+
return __generator(this, function (_a) {
|
|
81
|
+
switch (_a.label) {
|
|
82
|
+
case 0:
|
|
83
|
+
encryptedAuthResponse = params.encryptedAuthResponse;
|
|
84
|
+
return [4 /*yield*/, (0, asymmetricEncryption_1.asymmetricDecrypt)({
|
|
85
|
+
encryptedMessage: encryptedAuthResponse.slice(ENCRYPTED_AUTH_RESPONSES_PREFIX.length),
|
|
86
|
+
privateKey: privateKey
|
|
87
|
+
})];
|
|
88
|
+
case 1:
|
|
89
|
+
authResponse_str = (_a.sent()).message;
|
|
90
|
+
authResponse = JSON.parse(authResponse_str);
|
|
91
|
+
return [2 /*return*/, { authResponse: authResponse }];
|
|
92
|
+
}
|
|
93
|
+
});
|
|
94
|
+
});
|
|
95
|
+
}
|
|
96
|
+
function clearSessionStoragePublicKey() {
|
|
97
|
+
sessionStorage.removeItem(sessionStorageKey);
|
|
98
|
+
}
|
|
99
|
+
var stateQueryParamValue, _a, publicKey, privateKey, sessionStorageKey;
|
|
100
|
+
return __generator(this, function (_b) {
|
|
101
|
+
switch (_b.label) {
|
|
102
|
+
case 0:
|
|
103
|
+
stateQueryParamValue = params.stateQueryParamValue;
|
|
104
|
+
return [4 /*yield*/, (0, asymmetricEncryption_1.generateKeys)()];
|
|
105
|
+
case 1:
|
|
106
|
+
_a = _b.sent(), publicKey = _a.publicKey, privateKey = _a.privateKey;
|
|
107
|
+
sessionStorageKey = getSessionStorageKey({ stateQueryParamValue: stateQueryParamValue });
|
|
108
|
+
setItem_real.call(sessionStorage, sessionStorageKey, publicKey);
|
|
109
|
+
return [2 /*return*/, { getIsEncryptedAuthResponse: getIsEncryptedAuthResponse, decodeEncryptedAuth: decodeEncryptedAuth, clearSessionStoragePublicKey: clearSessionStoragePublicKey }];
|
|
110
|
+
}
|
|
111
|
+
});
|
|
112
|
+
});
|
|
113
|
+
}
|
|
114
|
+
function encryptAuthResponse(params) {
|
|
115
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
116
|
+
var authResponse, publicKey, encryptedMessage_withoutPrefix, encryptedMessage;
|
|
117
|
+
return __generator(this, function (_a) {
|
|
118
|
+
switch (_a.label) {
|
|
119
|
+
case 0:
|
|
120
|
+
authResponse = params.authResponse;
|
|
121
|
+
publicKey = sessionStorage.getItem(getSessionStorageKey({ stateQueryParamValue: authResponse.state }));
|
|
122
|
+
(0, assert_1.assert)(publicKey !== null, "2293302");
|
|
123
|
+
return [4 /*yield*/, (0, asymmetricEncryption_1.asymmetricEncrypt)({
|
|
124
|
+
publicKey: publicKey,
|
|
125
|
+
message: JSON.stringify(authResponse)
|
|
126
|
+
})];
|
|
127
|
+
case 1:
|
|
128
|
+
encryptedMessage_withoutPrefix = (_a.sent()).encryptedMessage;
|
|
129
|
+
encryptedMessage = "".concat(ENCRYPTED_AUTH_RESPONSES_PREFIX).concat(encryptedMessage_withoutPrefix);
|
|
130
|
+
return [2 /*return*/, { encryptedMessage: encryptedMessage }];
|
|
131
|
+
}
|
|
132
|
+
});
|
|
133
|
+
});
|
|
134
|
+
}
|
|
135
|
+
//# sourceMappingURL=iframeMessageProtection.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAQA,kHA0BC;AAUD,kEAmCC;AAED,kDAiBC;AAlGD,uCAAsC;AACtC,sEAAmG;AAGnG,IAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAE/C,IAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,SAAgB,mDAAmD;IAC/D,IAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC1B,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACzD,CAAC,CAAC;IAEF,CAAC;QACG,IAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,IAAA,eAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,IAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,oBAAoB,CAAC,MAAwC;IAC1D,IAAA,oBAAoB,GAAK,MAAM,qBAAX,CAAY;IAExC,OAAO,UAAG,sBAAsB,SAAG,oBAAoB,CAAE,CAAC;AAC9D,CAAC;AAED,SAAsB,2BAA2B,CAAC,MAAwC;;QAStF,SAAS,0BAA0B,CAAC,MAA4B;YACpD,IAAA,OAAO,GAAK,MAAM,QAAX,CAAY;YAE3B,OAAO,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,CAAC,+BAA+B,CAAC,CAAC;QAC9F,CAAC;QAED,SAAe,mBAAmB,CAAC,MAElC;;;;;;4BACW,qBAAqB,GAAK,MAAM,sBAAX,CAAY;4BAEH,qBAAM,IAAA,wCAAiB,EAAC;oCAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CAAC,+BAA+B,CAAC,MAAM,CAAC;oCACrF,UAAU,YAAA;iCACb,CAAC,EAAA;;4BAHe,gBAAgB,GAAK,CAAA,SAGpC,CAAA,QAH+B;4BAK3B,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;4BAEhE,sBAAO,EAAE,YAAY,cAAA,EAAE,EAAC;;;;SAC3B;QAED,SAAS,4BAA4B;YACjC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QACjD,CAAC;;;;;oBA/BO,oBAAoB,GAAK,MAAM,qBAAX,CAAY;oBAEN,qBAAM,IAAA,mCAAY,GAAE,EAAA;;oBAAhD,KAA4B,SAAoB,EAA9C,SAAS,eAAA,EAAE,UAAU,gBAAA;oBAEvB,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,oBAAoB,sBAAA,EAAE,CAAC,CAAC;oBAEzE,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;oBA2BhE,sBAAO,EAAE,0BAA0B,4BAAA,EAAE,mBAAmB,qBAAA,EAAE,4BAA4B,8BAAA,EAAE,EAAC;;;;CAC5F;AAED,SAAsB,mBAAmB,CAAC,MAAsC;;;;;;oBACpE,YAAY,GAAK,MAAM,aAAX,CAAY;oBAE1B,SAAS,GAAG,cAAc,CAAC,OAAO,CACpC,oBAAoB,CAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CACrE,CAAC;oBAEF,IAAA,eAAM,EAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;oBAEuB,qBAAM,IAAA,wCAAiB,EAAC;4BACjF,SAAS,WAAA;4BACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;yBACxC,CAAC,EAAA;;oBAHwB,8BAA8B,GAAK,CAAA,SAG3D,CAAA,iBAHsD;oBAKlD,gBAAgB,GAAG,UAAG,+BAA+B,SAAG,8BAA8B,CAAE,CAAC;oBAE/F,sBAAO,EAAE,gBAAgB,kBAAA,EAAE,EAAC;;;;CAC/B"}
|
package/core/loginSilent.js
CHANGED
|
@@ -69,132 +69,155 @@ var tsafe_1 = require("../vendor/frontend/tsafe");
|
|
|
69
69
|
var StateData_1 = require("./StateData");
|
|
70
70
|
var getDownlinkAndRtt_1 = require("../tools/getDownlinkAndRtt");
|
|
71
71
|
var isDev_1 = require("../tools/isDev");
|
|
72
|
-
var AuthResponse_1 = require("./AuthResponse");
|
|
73
72
|
var urlSearchParams_1 = require("../tools/urlSearchParams");
|
|
73
|
+
var iframeMessageProtection_1 = require("./iframeMessageProtection");
|
|
74
74
|
function loginSilent(params) {
|
|
75
75
|
return __awaiter(this, void 0, void 0, function () {
|
|
76
|
-
var oidcClientTsUserManager, stateQueryParamValue_instance, configId, transformUrlBeforeRedirect, getExtraQueryParams, getExtraTokenParams, autoLogin, dResult, timeoutDelayMs, timeout, listener, transformUrl_oidcClientTs;
|
|
76
|
+
var oidcClientTsUserManager, stateQueryParamValue_instance, configId, transformUrlBeforeRedirect, getExtraQueryParams, getExtraTokenParams, autoLogin, dResult, timeoutDelayMs, _a, decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey, timeout, listener, transformUrl_oidcClientTs;
|
|
77
77
|
var _this = this;
|
|
78
|
-
return __generator(this, function (
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
78
|
+
return __generator(this, function (_b) {
|
|
79
|
+
switch (_b.label) {
|
|
80
|
+
case 0:
|
|
81
|
+
oidcClientTsUserManager = params.oidcClientTsUserManager, stateQueryParamValue_instance = params.stateQueryParamValue_instance, configId = params.configId, transformUrlBeforeRedirect = params.transformUrlBeforeRedirect, getExtraQueryParams = params.getExtraQueryParams, getExtraTokenParams = params.getExtraTokenParams, autoLogin = params.autoLogin;
|
|
82
|
+
dResult = new Deferred_1.Deferred();
|
|
83
|
+
timeoutDelayMs = (function () {
|
|
84
|
+
if (autoLogin) {
|
|
85
|
+
return 25000;
|
|
86
|
+
}
|
|
87
|
+
var downlinkAndRtt = (0, getDownlinkAndRtt_1.getDownlinkAndRtt)();
|
|
88
|
+
var isDev = (0, isDev_1.getIsDev)();
|
|
89
|
+
// Base delay is the minimum delay we should wait in any case
|
|
90
|
+
var BASE_DELAY_MS = isDev ? 9000 : 7000;
|
|
91
|
+
if (downlinkAndRtt === undefined) {
|
|
92
|
+
return BASE_DELAY_MS;
|
|
93
|
+
}
|
|
94
|
+
var downlink = downlinkAndRtt.downlink, rtt = downlinkAndRtt.rtt;
|
|
95
|
+
// Calculate dynamic delay based on RTT and downlink
|
|
96
|
+
// Add 1 to downlink to avoid division by zero
|
|
97
|
+
var dynamicDelay = rtt * 2.5 + BASE_DELAY_MS / (downlink + 1);
|
|
98
|
+
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
99
|
+
})();
|
|
100
|
+
return [4 /*yield*/, (0, iframeMessageProtection_1.initIframeMessageProtection)({
|
|
101
|
+
stateQueryParamValue: stateQueryParamValue_instance
|
|
102
|
+
})];
|
|
103
|
+
case 1:
|
|
104
|
+
_a = _b.sent(), decodeEncryptedAuth = _a.decodeEncryptedAuth, getIsEncryptedAuthResponse = _a.getIsEncryptedAuthResponse, clearSessionStoragePublicKey = _a.clearSessionStoragePublicKey;
|
|
105
|
+
timeout = setTimeout(function () { return __awaiter(_this, void 0, void 0, function () {
|
|
106
|
+
return __generator(this, function (_a) {
|
|
107
|
+
dResult.resolve({
|
|
108
|
+
outcome: "failure",
|
|
109
|
+
cause: "timeout"
|
|
110
|
+
});
|
|
111
|
+
return [2 /*return*/];
|
|
112
|
+
});
|
|
113
|
+
}); }, timeoutDelayMs);
|
|
114
|
+
listener = function (event) { return __awaiter(_this, void 0, void 0, function () {
|
|
115
|
+
var authResponse, stateData;
|
|
116
|
+
return __generator(this, function (_a) {
|
|
117
|
+
switch (_a.label) {
|
|
118
|
+
case 0:
|
|
119
|
+
if (event.origin !== window.location.origin) {
|
|
120
|
+
return [2 /*return*/];
|
|
121
|
+
}
|
|
122
|
+
if (!getIsEncryptedAuthResponse({
|
|
123
|
+
message: event.data
|
|
124
|
+
})) {
|
|
125
|
+
return [2 /*return*/];
|
|
126
|
+
}
|
|
127
|
+
return [4 /*yield*/, decodeEncryptedAuth({ encryptedAuthResponse: event.data })];
|
|
128
|
+
case 1:
|
|
129
|
+
authResponse = (_a.sent()).authResponse;
|
|
130
|
+
stateData = (0, StateData_1.getStateData)({ stateQueryParamValue: authResponse.state });
|
|
131
|
+
(0, tsafe_1.assert)(stateData !== undefined, "765645");
|
|
132
|
+
(0, tsafe_1.assert)(stateData.context === "iframe", "250711");
|
|
133
|
+
if (stateData.configId !== configId) {
|
|
134
|
+
return [2 /*return*/];
|
|
135
|
+
}
|
|
136
|
+
clearTimeout(timeout);
|
|
137
|
+
window.removeEventListener("message", listener);
|
|
138
|
+
dResult.resolve({
|
|
139
|
+
outcome: "got auth response from iframe",
|
|
140
|
+
authResponse: authResponse
|
|
141
|
+
});
|
|
142
|
+
return [2 /*return*/];
|
|
143
|
+
}
|
|
144
|
+
});
|
|
145
|
+
}); };
|
|
146
|
+
window.addEventListener("message", listener, false);
|
|
147
|
+
transformUrl_oidcClientTs = function (url) {
|
|
148
|
+
var e_1, _a;
|
|
149
|
+
add_extra_query_params: {
|
|
150
|
+
if (getExtraQueryParams === undefined) {
|
|
151
|
+
break add_extra_query_params;
|
|
152
|
+
}
|
|
153
|
+
var extraQueryParams = getExtraQueryParams({ isSilent: true, url: url });
|
|
154
|
+
try {
|
|
155
|
+
for (var _b = __values(Object.entries(extraQueryParams)), _c = _b.next(); !_c.done; _c = _b.next()) {
|
|
156
|
+
var _d = __read(_c.value, 2), name_1 = _d[0], value = _d[1];
|
|
157
|
+
if (value === undefined) {
|
|
158
|
+
continue;
|
|
159
|
+
}
|
|
160
|
+
url = (0, urlSearchParams_1.addOrUpdateSearchParam)({ url: url, name: name_1, value: value, encodeMethod: "www-form" });
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
164
|
+
finally {
|
|
165
|
+
try {
|
|
166
|
+
if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
|
|
167
|
+
}
|
|
168
|
+
finally { if (e_1) throw e_1.error; }
|
|
138
169
|
}
|
|
139
|
-
url = (0, urlSearchParams_1.addOrUpdateSearchParam)({ url: url, name: name_1, value: value, encodeMethod: "www-form" });
|
|
140
170
|
}
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
171
|
+
apply_transform_url: {
|
|
172
|
+
if (transformUrlBeforeRedirect === undefined) {
|
|
173
|
+
break apply_transform_url;
|
|
174
|
+
}
|
|
175
|
+
url = transformUrlBeforeRedirect({ authorizationUrl: url, isSilent: true });
|
|
176
|
+
}
|
|
177
|
+
return url;
|
|
178
|
+
};
|
|
179
|
+
oidcClientTsUserManager
|
|
180
|
+
.signinSilent({
|
|
181
|
+
state: (0, tsafe_1.id)({
|
|
182
|
+
context: "iframe",
|
|
183
|
+
configId: configId
|
|
184
|
+
}),
|
|
185
|
+
silentRequestTimeoutInSeconds: timeoutDelayMs / 1000,
|
|
186
|
+
extraTokenParams: getExtraTokenParams === undefined ? undefined : (0, tsafe_1.noUndefined)(getExtraTokenParams()),
|
|
187
|
+
transformUrl: transformUrl_oidcClientTs
|
|
188
|
+
})
|
|
189
|
+
.then(function (oidcClientTsUser) {
|
|
190
|
+
(0, tsafe_1.assert)(oidcClientTsUser !== null, "oidcClientTsUser is not supposed to be null here");
|
|
191
|
+
clearTimeout(timeout);
|
|
192
|
+
dResult.resolve({
|
|
193
|
+
outcome: "token refreshed using refresh token",
|
|
194
|
+
oidcClientTsUser: oidcClientTsUser
|
|
195
|
+
});
|
|
196
|
+
}, function (error) {
|
|
197
|
+
if (error.message === "Failed to fetch") {
|
|
198
|
+
// NOTE: If we got an error here it means that the fetch to the
|
|
199
|
+
// well-known oidc endpoint failed.
|
|
200
|
+
// This usually means that the server is down or that the issuerUri
|
|
201
|
+
// is not pointing to a valid oidc server.
|
|
202
|
+
// It could be a CORS error on the well-known endpoint but it's unlikely.
|
|
203
|
+
clearTimeout(timeout);
|
|
204
|
+
dResult.resolve({
|
|
205
|
+
outcome: "failure",
|
|
206
|
+
cause: "can't reach well-known oidc endpoint"
|
|
207
|
+
});
|
|
208
|
+
return;
|
|
146
209
|
}
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
}
|
|
150
|
-
apply_transform_url: {
|
|
151
|
-
if (transformUrlBeforeRedirect === undefined) {
|
|
152
|
-
break apply_transform_url;
|
|
153
|
-
}
|
|
154
|
-
url = transformUrlBeforeRedirect({ authorizationUrl: url, isSilent: true });
|
|
155
|
-
}
|
|
156
|
-
return url;
|
|
157
|
-
};
|
|
158
|
-
oidcClientTsUserManager
|
|
159
|
-
.signinSilent({
|
|
160
|
-
state: (0, tsafe_1.id)({
|
|
161
|
-
context: "iframe",
|
|
162
|
-
configId: configId
|
|
163
|
-
}),
|
|
164
|
-
silentRequestTimeoutInSeconds: timeoutDelayMs / 1000,
|
|
165
|
-
extraTokenParams: getExtraTokenParams === undefined ? undefined : (0, tsafe_1.noUndefined)(getExtraTokenParams()),
|
|
166
|
-
transformUrl: transformUrl_oidcClientTs
|
|
167
|
-
})
|
|
168
|
-
.then(function (oidcClientTsUser) {
|
|
169
|
-
(0, tsafe_1.assert)(oidcClientTsUser !== null, "oidcClientTsUser is not supposed to be null here");
|
|
170
|
-
clearTimeout(timeout);
|
|
171
|
-
dResult.resolve({
|
|
172
|
-
outcome: "token refreshed using refresh token",
|
|
173
|
-
oidcClientTsUser: oidcClientTsUser
|
|
174
|
-
});
|
|
175
|
-
}, function (error) {
|
|
176
|
-
if (error.message === "Failed to fetch") {
|
|
177
|
-
// NOTE: If we got an error here it means that the fetch to the
|
|
178
|
-
// well-known oidc endpoint failed.
|
|
179
|
-
// This usually means that the server is down or that the issuerUri
|
|
180
|
-
// is not pointing to a valid oidc server.
|
|
181
|
-
// It could be a CORS error on the well-known endpoint but it's unlikely.
|
|
182
|
-
clearTimeout(timeout);
|
|
183
|
-
dResult.resolve({
|
|
184
|
-
outcome: "failure",
|
|
185
|
-
cause: "can't reach well-known oidc endpoint"
|
|
210
|
+
// NOTE: Here, except error on our understanding there can't be any other
|
|
211
|
+
// error than timeout so we fail silently and let the timeout expire.
|
|
186
212
|
});
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
}
|
|
196
|
-
});
|
|
197
|
-
return [2 /*return*/, dResult.pr];
|
|
213
|
+
dResult.pr.then(function (result) {
|
|
214
|
+
clearSessionStoragePublicKey();
|
|
215
|
+
if (result.outcome === "failure") {
|
|
216
|
+
(0, StateData_1.clearStateStore)({ stateQueryParamValue: stateQueryParamValue_instance });
|
|
217
|
+
}
|
|
218
|
+
});
|
|
219
|
+
return [2 /*return*/, dResult.pr];
|
|
220
|
+
}
|
|
198
221
|
});
|
|
199
222
|
});
|
|
200
223
|
}
|
package/core/loginSilent.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,kCAoLC;AA5MD,8CAA6C;AAC7C,kDAAmE;AACnE,yCAA4E;AAC5E,gEAA+D;AAC/D,wCAA0C;AAG1C,4DAAkE;AAClE,qEAAwE;AAgBxE,SAAsB,WAAW,CAAC,MAejC;;;;;;;oBAEO,uBAAuB,GAOvB,MAAM,wBAPiB,EACvB,6BAA6B,GAM7B,MAAM,8BANuB,EAC7B,QAAQ,GAKR,MAAM,SALE,EACR,0BAA0B,GAI1B,MAAM,2BAJoB,EAC1B,mBAAmB,GAGnB,MAAM,oBAHa,EACnB,mBAAmB,GAEnB,MAAM,oBAFa,EACnB,SAAS,GACT,MAAM,UADG,CACF;oBAEL,OAAO,GAAG,IAAI,mBAAQ,EAAuB,CAAC;oBAE9C,cAAc,GAAW,CAAC;wBAC5B,IAAI,SAAS,EAAE,CAAC;4BACZ,OAAO,KAAM,CAAC;wBAClB,CAAC;wBAED,IAAM,cAAc,GAAG,IAAA,qCAAiB,GAAE,CAAC;wBAC3C,IAAM,KAAK,GAAG,IAAA,gBAAQ,GAAE,CAAC;wBAEzB,6DAA6D;wBAC7D,IAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,IAAK,CAAC;wBAE5C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;4BAC/B,OAAO,aAAa,CAAC;wBACzB,CAAC;wBAEO,IAAA,QAAQ,GAAU,cAAc,SAAxB,EAAE,GAAG,GAAK,cAAc,IAAnB,CAAoB;wBAEzC,oDAAoD;wBACpD,8CAA8C;wBAC9C,IAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;wBAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;oBACjD,CAAC,CAAC,EAAE,CAAC;oBAGD,qBAAM,IAAA,qDAA2B,EAAC;4BAC9B,oBAAoB,EAAE,6BAA6B;yBACtD,CAAC,EAAA;;oBAHA,KACF,SAEE,EAHE,mBAAmB,yBAAA,EAAE,0BAA0B,gCAAA,EAAE,4BAA4B,kCAAA;oBAK/E,OAAO,GAAG,UAAU,CAAC;;4BACvB,OAAO,CAAC,OAAO,CAAC;gCACZ,OAAO,EAAE,SAAS;gCAClB,KAAK,EAAE,SAAS;6BACnB,CAAC,CAAC;;;yBACN,EAAE,cAAc,CAAC,CAAC;oBAEb,QAAQ,GAAG,UAAO,KAAmB;;;;;oCACvC,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;wCAC1C,sBAAO;oCACX,CAAC;oCAED,IACI,CAAC,0BAA0B,CAAC;wCACxB,OAAO,EAAE,KAAK,CAAC,IAAI;qCACtB,CAAC,EACJ,CAAC;wCACC,sBAAO;oCACX,CAAC;oCAEwB,qBAAM,mBAAmB,CAAC,EAAE,qBAAqB,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,EAAA;;oCAAjF,YAAY,GAAK,CAAA,SAAgE,CAAA,aAArE;oCAEd,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,oBAAoB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;oCAE7E,IAAA,cAAM,EAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;oCAC1C,IAAA,cAAM,EAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;oCAEjD,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;wCAClC,sBAAO;oCACX,CAAC;oCAED,YAAY,CAAC,OAAO,CAAC,CAAC;oCAEtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;oCAEhD,OAAO,CAAC,OAAO,CAAC;wCACZ,OAAO,EAAE,+BAA+B;wCACxC,YAAY,cAAA;qCACf,CAAC,CAAC;;;;yBACN,CAAC;oBAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;oBAE9C,yBAAyB,GAAG,UAAC,GAAW;;wBAC1C,sBAAsB,EAAE,CAAC;4BACrB,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gCACpC,MAAM,sBAAsB,CAAC;4BACjC,CAAC;4BAED,IAAM,gBAAgB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,KAAA,EAAE,CAAC,CAAC;;gCAEtE,KAA4B,IAAA,KAAA,SAAA,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA,gBAAA,4BAAE,CAAC;oCAApD,IAAA,KAAA,mBAAa,EAAZ,MAAI,QAAA,EAAE,KAAK,QAAA;oCACnB,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;wCACtB,SAAS;oCACb,CAAC;oCACD,GAAG,GAAG,IAAA,wCAAsB,EAAC,EAAE,GAAG,KAAA,EAAE,IAAI,QAAA,EAAE,KAAK,OAAA,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;gCACjF,CAAC;;;;;;;;;wBACL,CAAC;wBAED,mBAAmB,EAAE,CAAC;4BAClB,IAAI,0BAA0B,KAAK,SAAS,EAAE,CAAC;gCAC3C,MAAM,mBAAmB,CAAC;4BAC9B,CAAC;4BACD,GAAG,GAAG,0BAA0B,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;wBAChF,CAAC;wBAED,OAAO,GAAG,CAAC;oBACf,CAAC,CAAC;oBAEF,uBAAuB;yBAClB,YAAY,CAAC;wBACV,KAAK,EAAE,IAAA,UAAE,EAAmB;4BACxB,OAAO,EAAE,QAAQ;4BACjB,QAAQ,UAAA;yBACX,CAAC;wBACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;wBACpD,gBAAgB,EACZ,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAA,mBAAW,EAAC,mBAAmB,EAAE,CAAC;wBACtF,YAAY,EAAE,yBAAyB;qBAC1C,CAAC;yBACD,IAAI,CACD,UAAA,gBAAgB;wBACZ,IAAA,cAAM,EAAC,gBAAgB,KAAK,IAAI,EAAE,kDAAkD,CAAC,CAAC;wBAEtF,YAAY,CAAC,OAAO,CAAC,CAAC;wBAEtB,OAAO,CAAC,OAAO,CAAC;4BACZ,OAAO,EAAE,qCAAqC;4BAC9C,gBAAgB,kBAAA;yBACnB,CAAC,CAAC;oBACP,CAAC,EACD,UAAC,KAAY;wBACT,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;4BACtC,+DAA+D;4BAC/D,mCAAmC;4BACnC,mEAAmE;4BACnE,0CAA0C;4BAC1C,yEAAyE;4BAEzE,YAAY,CAAC,OAAO,CAAC,CAAC;4BAEtB,OAAO,CAAC,OAAO,CAAC;gCACZ,OAAO,EAAE,SAAS;gCAClB,KAAK,EAAE,sCAAsC;6BAChD,CAAC,CAAC;4BAEH,OAAO;wBACX,CAAC;wBAED,yEAAyE;wBACzE,qEAAqE;oBACzE,CAAC,CACJ,CAAC;oBAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,UAAA,MAAM;wBAClB,4BAA4B,EAAE,CAAC;wBAE/B,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;4BAC/B,IAAA,2BAAe,EAAC,EAAE,oBAAoB,EAAE,6BAA6B,EAAE,CAAC,CAAC;wBAC7E,CAAC;oBACL,CAAC,CAAC,CAAC;oBAEH,sBAAO,OAAO,CAAC,EAAE,EAAC;;;;CACrB"}
|
package/entrypoint.d.ts
CHANGED
package/entrypoint.js
CHANGED
|
@@ -2,8 +2,9 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.oidcEarlyInit = oidcEarlyInit;
|
|
4
4
|
var handleOidcCallback_1 = require("./core/handleOidcCallback");
|
|
5
|
+
var iframeMessageProtection_1 = require("./core/iframeMessageProtection");
|
|
5
6
|
function oidcEarlyInit(params) {
|
|
6
|
-
var _a = params !== null && params !== void 0 ? params : {}, freezeFetch = _a.freezeFetch, freezeXMLHttpRequest = _a.freezeXMLHttpRequest;
|
|
7
|
+
var _a = params !== null && params !== void 0 ? params : {}, freezeFetch = _a.freezeFetch, freezeXMLHttpRequest = _a.freezeXMLHttpRequest, _b = _a.freezeWebSocket, freezeWebSocket = _b === void 0 ? false : _b;
|
|
7
8
|
var isHandled = (0, handleOidcCallback_1.handleOidcCallback)().isHandled;
|
|
8
9
|
var shouldLoadApp = !isHandled;
|
|
9
10
|
if (shouldLoadApp) {
|
|
@@ -30,6 +31,18 @@ function oidcEarlyInit(params) {
|
|
|
30
31
|
value: fetch_trusted
|
|
31
32
|
});
|
|
32
33
|
}
|
|
34
|
+
if (freezeWebSocket) {
|
|
35
|
+
var WebSocket_trusted = globalThis.WebSocket;
|
|
36
|
+
Object.freeze(WebSocket_trusted.prototype);
|
|
37
|
+
Object.freeze(WebSocket_trusted);
|
|
38
|
+
Object.defineProperty(globalThis, "WebSocket", {
|
|
39
|
+
configurable: false,
|
|
40
|
+
writable: false,
|
|
41
|
+
enumerable: true,
|
|
42
|
+
value: WebSocket_trusted
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
(0, iframeMessageProtection_1.preventSessionStorageSetItemOfPublicKeyByThirdParty)();
|
|
33
46
|
}
|
|
34
47
|
return { shouldLoadApp: shouldLoadApp };
|
|
35
48
|
}
|