oidc-spa 7.2.5 → 7.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/Oidc.d.ts +4 -1
- package/core/createOidc.js +65 -18
- package/core/createOidc.js.map +1 -1
- package/core/oidcClientTsUserToTokens.js +7 -2
- package/core/oidcClientTsUserToTokens.js.map +1 -1
- package/esm/core/Oidc.d.ts +4 -1
- package/esm/core/createOidc.js +65 -18
- package/esm/core/createOidc.js.map +1 -1
- package/esm/core/oidcClientTsUserToTokens.js +7 -2
- package/esm/core/oidcClientTsUserToTokens.js.map +1 -1
- package/esm/keycloak/keycloak-js/Keycloak.d.ts +1 -3
- package/esm/keycloak/keycloak-js/Keycloak.js +31 -15
- package/esm/keycloak/keycloak-js/Keycloak.js.map +1 -1
- package/esm/keycloak/keycloak-js/types.d.ts +1 -3
- package/esm/mock/oidc.js +2 -1
- package/esm/mock/oidc.js.map +1 -1
- package/esm/tools/workerTimers.js +2 -5
- package/esm/tools/workerTimers.js.map +1 -1
- package/esm/vendor/frontend/oidc-client-ts.js +46 -8
- package/keycloak/keycloak-js/Keycloak.d.ts +1 -3
- package/keycloak/keycloak-js/Keycloak.js +31 -15
- package/keycloak/keycloak-js/Keycloak.js.map +1 -1
- package/keycloak/keycloak-js/types.d.ts +1 -3
- package/mock/oidc.js +2 -1
- package/mock/oidc.js.map +1 -1
- package/package.json +1 -1
- package/src/core/Oidc.ts +5 -1
- package/src/core/createOidc.ts +81 -16
- package/src/core/oidcClientTsUserToTokens.ts +7 -2
- package/src/keycloak/keycloak-js/Keycloak.ts +37 -10
- package/src/keycloak/keycloak-js/types.ts +1 -4
- package/src/mock/oidc.ts +2 -1
- package/src/tools/workerTimers.ts +2 -6
- package/tools/workerTimers.js +2 -5
- package/tools/workerTimers.js.map +1 -1
- package/vendor/frontend/oidc-client-ts.js +46 -8
|
@@ -330,7 +330,7 @@ export class Keycloak {
|
|
|
330
330
|
|
|
331
331
|
if (!oidc.isUserLoggedIn) {
|
|
332
332
|
console.warn(
|
|
333
|
-
"Trying to read keycloak.realAccess when keycloak.
|
|
333
|
+
"Trying to read keycloak.realAccess when keycloak.authenticated is false is a logical error in your application"
|
|
334
334
|
);
|
|
335
335
|
return undefined;
|
|
336
336
|
}
|
|
@@ -389,7 +389,7 @@ export class Keycloak {
|
|
|
389
389
|
|
|
390
390
|
if (!oidc.isUserLoggedIn) {
|
|
391
391
|
console.warn(
|
|
392
|
-
"Trying to read keycloak.token when keycloak.
|
|
392
|
+
"Trying to read keycloak.token when keycloak.authenticated is false is a logical error in your application"
|
|
393
393
|
);
|
|
394
394
|
return undefined;
|
|
395
395
|
}
|
|
@@ -423,7 +423,7 @@ export class Keycloak {
|
|
|
423
423
|
|
|
424
424
|
if (!oidc.isUserLoggedIn) {
|
|
425
425
|
console.warn(
|
|
426
|
-
"Trying to read keycloak.
|
|
426
|
+
"Trying to read keycloak.tokenParsed when keycloak.authenticated is false is a logical error in your application"
|
|
427
427
|
);
|
|
428
428
|
return undefined;
|
|
429
429
|
}
|
|
@@ -451,7 +451,7 @@ export class Keycloak {
|
|
|
451
451
|
|
|
452
452
|
if (!oidc.isUserLoggedIn) {
|
|
453
453
|
console.warn(
|
|
454
|
-
"Trying to read keycloak.
|
|
454
|
+
"Trying to read keycloak.refreshToken when keycloak.authenticated is false is a logical error in your application"
|
|
455
455
|
);
|
|
456
456
|
return undefined;
|
|
457
457
|
}
|
|
@@ -485,7 +485,7 @@ export class Keycloak {
|
|
|
485
485
|
|
|
486
486
|
if (!oidc.isUserLoggedIn) {
|
|
487
487
|
console.warn(
|
|
488
|
-
"Trying to read keycloak.
|
|
488
|
+
"Trying to read keycloak.refreshTokenParsed when keycloak.authenticated is false is a logical error in your application"
|
|
489
489
|
);
|
|
490
490
|
return undefined;
|
|
491
491
|
}
|
|
@@ -517,7 +517,7 @@ export class Keycloak {
|
|
|
517
517
|
|
|
518
518
|
if (!oidc.isUserLoggedIn) {
|
|
519
519
|
console.warn(
|
|
520
|
-
"Trying to read keycloak.
|
|
520
|
+
"Trying to read keycloak.idToken when keycloak.authenticated is false is a logical error in your application"
|
|
521
521
|
);
|
|
522
522
|
return undefined;
|
|
523
523
|
}
|
|
@@ -551,7 +551,7 @@ export class Keycloak {
|
|
|
551
551
|
|
|
552
552
|
if (!oidc.isUserLoggedIn) {
|
|
553
553
|
console.warn(
|
|
554
|
-
"Trying to read keycloak.
|
|
554
|
+
"Trying to read keycloak.idTokenParsed when keycloak.authenticated is false is a logical error in your application"
|
|
555
555
|
);
|
|
556
556
|
return undefined;
|
|
557
557
|
}
|
|
@@ -566,10 +566,37 @@ export class Keycloak {
|
|
|
566
566
|
* The estimated time difference between the browser time and the Keycloak
|
|
567
567
|
* server in seconds. This value is just an estimation, but is accurate
|
|
568
568
|
* enough when determining if a token is expired or not.
|
|
569
|
-
*
|
|
570
|
-
* NOTE oidc-spa: Not supported.
|
|
571
569
|
*/
|
|
572
|
-
timeSkew
|
|
570
|
+
get timeSkew(): number | null {
|
|
571
|
+
const internalState = internalStateByInstance.get(this);
|
|
572
|
+
|
|
573
|
+
assert(internalState !== undefined);
|
|
574
|
+
|
|
575
|
+
if (!this.didInitialize) {
|
|
576
|
+
const { timeSkew } = internalState.initOptions ?? {};
|
|
577
|
+
|
|
578
|
+
if (timeSkew === undefined) {
|
|
579
|
+
return null;
|
|
580
|
+
}
|
|
581
|
+
|
|
582
|
+
return timeSkew;
|
|
583
|
+
}
|
|
584
|
+
|
|
585
|
+
const { oidc, tokens } = internalState;
|
|
586
|
+
|
|
587
|
+
assert(oidc !== undefined);
|
|
588
|
+
|
|
589
|
+
if (!oidc.isUserLoggedIn) {
|
|
590
|
+
console.warn(
|
|
591
|
+
"Trying to read keycloak.timeSkew when keycloak.authenticated is false is a logical error in your application"
|
|
592
|
+
);
|
|
593
|
+
return null;
|
|
594
|
+
}
|
|
595
|
+
|
|
596
|
+
assert(tokens !== undefined);
|
|
597
|
+
|
|
598
|
+
return Math.ceil((tokens.getServerDateNow() - Date.now()) / 1000);
|
|
599
|
+
}
|
|
573
600
|
|
|
574
601
|
/**
|
|
575
602
|
* Whether the instance has been initialized by calling `.init()`.
|
|
@@ -139,11 +139,8 @@ export interface KeycloakInitOptions {
|
|
|
139
139
|
/**
|
|
140
140
|
* Set an initial value for skew between local time and Keycloak server in
|
|
141
141
|
* seconds (only together with `token` or `refreshToken`).
|
|
142
|
-
*
|
|
143
|
-
* NOTE oidc-spa: Not supported
|
|
144
142
|
*/
|
|
145
|
-
|
|
146
|
-
timeSkew?: undefined;
|
|
143
|
+
timeSkew?: number;
|
|
147
144
|
|
|
148
145
|
/**
|
|
149
146
|
* Set to enable/disable monitoring login state.
|
package/src/mock/oidc.ts
CHANGED
|
@@ -151,7 +151,8 @@ export async function createMockOidc<
|
|
|
151
151
|
"See https://docs.oidc-spa.dev/v/v7/mock"
|
|
152
152
|
].join("\n")
|
|
153
153
|
}),
|
|
154
|
-
issuedAtTime: Date.now()
|
|
154
|
+
issuedAtTime: Date.now(),
|
|
155
|
+
getServerDateNow: () => Date.now()
|
|
155
156
|
};
|
|
156
157
|
|
|
157
158
|
const tokens: Oidc.Tokens<DecodedIdToken> =
|
|
@@ -29,16 +29,12 @@ export function setTimeout(callback: () => void, delay: number): TimerHandle {
|
|
|
29
29
|
|
|
30
30
|
const start = Date.now();
|
|
31
31
|
|
|
32
|
-
const onPageshow = (
|
|
33
|
-
if (!event.persisted) {
|
|
34
|
-
return;
|
|
35
|
-
}
|
|
36
|
-
|
|
32
|
+
const onPageshow = () => {
|
|
37
33
|
workerTimers.clearTimeout(timerHandle_n);
|
|
38
34
|
|
|
39
35
|
const elapsed = Date.now() - start;
|
|
40
36
|
|
|
41
|
-
if (elapsed < delay) {
|
|
37
|
+
if (0 <= elapsed && elapsed < delay) {
|
|
42
38
|
timerHandle_n = workerTimers.setTimeout(callback_actual, delay - elapsed);
|
|
43
39
|
} else {
|
|
44
40
|
callback_actual();
|
package/tools/workerTimers.js
CHANGED
|
@@ -18,13 +18,10 @@ function setTimeout(callback, delay) {
|
|
|
18
18
|
window.removeEventListener("pageshow", onPageshow);
|
|
19
19
|
});
|
|
20
20
|
const start = Date.now();
|
|
21
|
-
const onPageshow = (
|
|
22
|
-
if (!event.persisted) {
|
|
23
|
-
return;
|
|
24
|
-
}
|
|
21
|
+
const onPageshow = () => {
|
|
25
22
|
worker_timers_1.workerTimers.clearTimeout(timerHandle_n);
|
|
26
23
|
const elapsed = Date.now() - start;
|
|
27
|
-
if (elapsed < delay) {
|
|
24
|
+
if (0 <= elapsed && elapsed < delay) {
|
|
28
25
|
timerHandle_n = worker_timers_1.workerTimers.setTimeout(callback_actual, delay - elapsed);
|
|
29
26
|
}
|
|
30
27
|
else {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"workerTimers.js","sourceRoot":"","sources":["../src/tools/workerTimers.ts"],"names":[],"mappings":";;AAQA,
|
|
1
|
+
{"version":3,"file":"workerTimers.js","sourceRoot":"","sources":["../src/tools/workerTimers.ts"],"names":[],"mappings":";;AAQA,gCAsCC;AAED,oCAQC;AAxDD,oEAAgE;AAMhE,MAAM,kBAAkB,GAAG,IAAI,OAAO,EAA2B,CAAC;AAElE,SAAgB,UAAU,CAAC,QAAoB,EAAE,KAAa;IAC1D,MAAM,eAAe,GAAG,GAAG,EAAE;QACzB,MAAM,CAAC,mBAAmB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAEnD,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAEvC,QAAQ,EAAE,CAAC;IACf,CAAC,CAAC;IAEF,IAAI,aAAa,GAAG,4BAAY,CAAC,UAAU,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAEpE,MAAM,WAAW,GAAgB,EAAS,CAAC;IAE3C,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,EAAE;QACrC,kBAAkB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAEvC,4BAAY,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAEzC,MAAM,CAAC,mBAAmB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,MAAM,UAAU,GAAG,GAAG,EAAE;QACpB,4BAAY,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAEzC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAEnC,IAAI,CAAC,IAAI,OAAO,IAAI,OAAO,GAAG,KAAK,EAAE,CAAC;YAClC,aAAa,GAAG,4BAAY,CAAC,UAAU,CAAC,eAAe,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;QAC9E,CAAC;aAAM,CAAC;YACJ,eAAe,EAAE,CAAC;QACtB,CAAC;IACL,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAEhD,OAAO,WAAW,CAAC;AACvB,CAAC;AAED,SAAgB,YAAY,CAAC,MAAmB;IAC5C,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAE7C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACtB,OAAO;IACX,CAAC;IAED,KAAK,EAAE,CAAC;AACZ,CAAC"}
|
|
@@ -1182,6 +1182,7 @@ var UserInfoService = class {
|
|
|
1182
1182
|
};
|
|
1183
1183
|
|
|
1184
1184
|
// src/TokenClient.ts
|
|
1185
|
+
var localTimeByResponse = /* @__PURE__ */ new WeakMap();
|
|
1185
1186
|
var TokenClient = class {
|
|
1186
1187
|
constructor(_settings, _metadataService) {
|
|
1187
1188
|
this._settings = _settings;
|
|
@@ -1240,6 +1241,7 @@ var TokenClient = class {
|
|
|
1240
1241
|
}
|
|
1241
1242
|
const url = await this._metadataService.getTokenEndpoint(false);
|
|
1242
1243
|
logger2.debug("got token endpoint");
|
|
1244
|
+
const timeBefore = Date.now();
|
|
1243
1245
|
const response = await this._jsonService.postForm(url, {
|
|
1244
1246
|
body: params,
|
|
1245
1247
|
basicAuth,
|
|
@@ -1247,6 +1249,8 @@ var TokenClient = class {
|
|
|
1247
1249
|
initCredentials: this._settings.fetchRequestCredentials,
|
|
1248
1250
|
extraHeaders
|
|
1249
1251
|
});
|
|
1252
|
+
const timeAfter = Date.now();
|
|
1253
|
+
localTimeByResponse.set(response, Math.floor((timeBefore + timeAfter) / 2));
|
|
1250
1254
|
logger2.debug("got response");
|
|
1251
1255
|
return response;
|
|
1252
1256
|
}
|
|
@@ -1293,7 +1297,10 @@ var TokenClient = class {
|
|
|
1293
1297
|
}
|
|
1294
1298
|
const url = await this._metadataService.getTokenEndpoint(false);
|
|
1295
1299
|
logger2.debug("got token endpoint");
|
|
1300
|
+
const timeBefore = Date.now();
|
|
1296
1301
|
const response = await this._jsonService.postForm(url, { body: params, basicAuth, timeoutInSeconds: this._settings.requestTimeoutInSeconds, initCredentials: this._settings.fetchRequestCredentials });
|
|
1302
|
+
const timeAfter = Date.now();
|
|
1303
|
+
localTimeByResponse.set(response, Math.floor((timeBefore + timeAfter) / 2));
|
|
1297
1304
|
logger2.debug("got response");
|
|
1298
1305
|
return response;
|
|
1299
1306
|
}
|
|
@@ -1343,7 +1350,10 @@ var TokenClient = class {
|
|
|
1343
1350
|
}
|
|
1344
1351
|
const url = await this._metadataService.getTokenEndpoint(false);
|
|
1345
1352
|
logger2.debug("got token endpoint");
|
|
1353
|
+
const timeBefore = Date.now();
|
|
1346
1354
|
const response = await this._jsonService.postForm(url, { body: params, basicAuth, timeoutInSeconds, initCredentials: this._settings.fetchRequestCredentials, extraHeaders });
|
|
1355
|
+
const timeAfter = Date.now();
|
|
1356
|
+
localTimeByResponse.set(response, Math.floor((timeBefore + timeAfter) / 2));
|
|
1347
1357
|
logger2.debug("got response");
|
|
1348
1358
|
return response;
|
|
1349
1359
|
}
|
|
@@ -1498,6 +1508,13 @@ var ResponseValidator = class {
|
|
|
1498
1508
|
});
|
|
1499
1509
|
Object.assign(response, tokenResponse);
|
|
1500
1510
|
response.__oidc_spa_tokenResponse = tokenResponse;
|
|
1511
|
+
response.__oidc_spa_localTimeWhenTokenIssued = (() => {
|
|
1512
|
+
const time = localTimeByResponse.get(tokenResponse);
|
|
1513
|
+
if (time === void 0) {
|
|
1514
|
+
throw new Error("oidc-spa error in oidc-client-ts");
|
|
1515
|
+
}
|
|
1516
|
+
return time;
|
|
1517
|
+
})();
|
|
1501
1518
|
} else {
|
|
1502
1519
|
logger2.debug("No code to process");
|
|
1503
1520
|
}
|
|
@@ -1782,6 +1799,7 @@ var SigninResponse = class {
|
|
|
1782
1799
|
this.error_uri = params.get("error_uri");
|
|
1783
1800
|
this.code = params.get("code");
|
|
1784
1801
|
this.__oidc_spa_tokenResponse = void 0;
|
|
1802
|
+
this.__oidc_spa_localTimeWhenTokenIssued = void 0;
|
|
1785
1803
|
}
|
|
1786
1804
|
get expires_in() {
|
|
1787
1805
|
if (this.expires_at === void 0) {
|
|
@@ -2068,6 +2086,13 @@ var OidcClient = class {
|
|
|
2068
2086
|
const signinResponse = new SigninResponse(new URLSearchParams());
|
|
2069
2087
|
Object.assign(signinResponse, tokenResponse);
|
|
2070
2088
|
signinResponse.__oidc_spa_tokenResponse = tokenResponse;
|
|
2089
|
+
signinResponse.__oidc_spa_localTimeWhenTokenIssued = (() => {
|
|
2090
|
+
const time = localTimeByResponse.get(tokenResponse);
|
|
2091
|
+
if (time === void 0) {
|
|
2092
|
+
throw new Error("oidc-spa error in oidc-client-ts");
|
|
2093
|
+
}
|
|
2094
|
+
return time;
|
|
2095
|
+
})();
|
|
2071
2096
|
await this._validator.validateCredentialsResponse(signinResponse, skipUserInfo);
|
|
2072
2097
|
return signinResponse;
|
|
2073
2098
|
}
|
|
@@ -2125,6 +2150,13 @@ var OidcClient = class {
|
|
|
2125
2150
|
const response = new SigninResponse(new URLSearchParams());
|
|
2126
2151
|
Object.assign(response, result);
|
|
2127
2152
|
response.__oidc_spa_tokenResponse = result;
|
|
2153
|
+
response.__oidc_spa_localTimeWhenTokenIssued = (() => {
|
|
2154
|
+
const time = localTimeByResponse.get(result);
|
|
2155
|
+
if (time === void 0) {
|
|
2156
|
+
throw new Error("oidc-spa error in oidc-client-ts");
|
|
2157
|
+
}
|
|
2158
|
+
return time;
|
|
2159
|
+
})();
|
|
2128
2160
|
logger2.debug("validating response", response);
|
|
2129
2161
|
await this._validator.validateRefreshResponse(response, {
|
|
2130
2162
|
...state,
|
|
@@ -2356,6 +2388,7 @@ var User = class _User {
|
|
|
2356
2388
|
this.state = args.userState;
|
|
2357
2389
|
this.url_state = args.url_state;
|
|
2358
2390
|
this.__oidc_spa_tokenResponse = args.__oidc_spa_tokenResponse;
|
|
2391
|
+
this.__oidc_spa_localTimeWhenTokenIssued = args.__oidc_spa_localTimeWhenTokenIssued;
|
|
2359
2392
|
}
|
|
2360
2393
|
/** Computed number of seconds the access token has remaining. */
|
|
2361
2394
|
get expires_in() {
|
|
@@ -2393,7 +2426,8 @@ var User = class _User {
|
|
|
2393
2426
|
scope: this.scope,
|
|
2394
2427
|
profile: this.profile,
|
|
2395
2428
|
expires_at: this.expires_at,
|
|
2396
|
-
__oidc_spa_tokenResponse: this.__oidc_spa_tokenResponse
|
|
2429
|
+
__oidc_spa_tokenResponse: this.__oidc_spa_tokenResponse,
|
|
2430
|
+
__oidc_spa_localTimeWhenTokenIssued: this.__oidc_spa_localTimeWhenTokenIssued
|
|
2397
2431
|
});
|
|
2398
2432
|
}
|
|
2399
2433
|
static fromStorageString(storageString) {
|
|
@@ -3150,12 +3184,15 @@ var UserManager = class {
|
|
|
3150
3184
|
timeoutInSeconds: this.settings.silentRequestTimeoutInSeconds,
|
|
3151
3185
|
...args
|
|
3152
3186
|
});
|
|
3153
|
-
if (response.__oidc_spa_tokenResponse === void 0) {
|
|
3154
|
-
throw new Error(
|
|
3155
|
-
"Wrong Assertion Encountered: Error in oidc-spa mod of oidc-client-ts"
|
|
3156
|
-
);
|
|
3187
|
+
if (response.__oidc_spa_tokenResponse === void 0 || response.__oidc_spa_localTimeWhenTokenIssued === void 0) {
|
|
3188
|
+
throw new Error("Wrong Assertion Encountered: Error in oidc-spa mod of oidc-client-ts");
|
|
3157
3189
|
}
|
|
3158
|
-
const user = new User({
|
|
3190
|
+
const user = new User({
|
|
3191
|
+
...args.state,
|
|
3192
|
+
...response,
|
|
3193
|
+
__oidc_spa_tokenResponse: response.__oidc_spa_tokenResponse,
|
|
3194
|
+
__oidc_spa_localTimeWhenTokenIssued: response.__oidc_spa_localTimeWhenTokenIssued
|
|
3195
|
+
});
|
|
3159
3196
|
await this.storeUser(user);
|
|
3160
3197
|
await this._events.load(user);
|
|
3161
3198
|
return user;
|
|
@@ -3318,14 +3355,15 @@ var UserManager = class {
|
|
|
3318
3355
|
}
|
|
3319
3356
|
async _buildUser(signinResponse, verifySub) {
|
|
3320
3357
|
const logger2 = this._logger.create("_buildUser");
|
|
3321
|
-
if (signinResponse.__oidc_spa_tokenResponse === void 0) {
|
|
3358
|
+
if (signinResponse.__oidc_spa_tokenResponse === void 0 || signinResponse.__oidc_spa_localTimeWhenTokenIssued === void 0) {
|
|
3322
3359
|
throw new Error(
|
|
3323
3360
|
"Wrong Assertion Encountered: Error in oidc-spa mod of oidc-client-ts"
|
|
3324
3361
|
);
|
|
3325
3362
|
}
|
|
3326
3363
|
const user = new User({
|
|
3327
3364
|
...signinResponse,
|
|
3328
|
-
__oidc_spa_tokenResponse: signinResponse.__oidc_spa_tokenResponse
|
|
3365
|
+
__oidc_spa_tokenResponse: signinResponse.__oidc_spa_tokenResponse,
|
|
3366
|
+
__oidc_spa_localTimeWhenTokenIssued: signinResponse.__oidc_spa_localTimeWhenTokenIssued
|
|
3329
3367
|
});
|
|
3330
3368
|
if (verifySub) {
|
|
3331
3369
|
if (verifySub !== user.profile.sub) {
|