oidc-spa 7.2.5 → 7.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/Oidc.d.ts +4 -1
- package/core/createOidc.js +65 -18
- package/core/createOidc.js.map +1 -1
- package/core/oidcClientTsUserToTokens.js +7 -2
- package/core/oidcClientTsUserToTokens.js.map +1 -1
- package/esm/core/Oidc.d.ts +4 -1
- package/esm/core/createOidc.js +65 -18
- package/esm/core/createOidc.js.map +1 -1
- package/esm/core/oidcClientTsUserToTokens.js +7 -2
- package/esm/core/oidcClientTsUserToTokens.js.map +1 -1
- package/esm/keycloak/keycloak-js/Keycloak.d.ts +5 -3
- package/esm/keycloak/keycloak-js/Keycloak.js +175 -184
- package/esm/keycloak/keycloak-js/Keycloak.js.map +1 -1
- package/esm/keycloak/keycloak-js/types.d.ts +1 -3
- package/esm/mock/oidc.js +2 -1
- package/esm/mock/oidc.js.map +1 -1
- package/esm/tools/workerTimers.js +2 -5
- package/esm/tools/workerTimers.js.map +1 -1
- package/esm/vendor/frontend/oidc-client-ts.js +46 -8
- package/keycloak/keycloak-js/Keycloak.d.ts +5 -3
- package/keycloak/keycloak-js/Keycloak.js +175 -184
- package/keycloak/keycloak-js/Keycloak.js.map +1 -1
- package/keycloak/keycloak-js/types.d.ts +1 -3
- package/mock/oidc.js +2 -1
- package/mock/oidc.js.map +1 -1
- package/package.json +1 -1
- package/src/core/Oidc.ts +5 -1
- package/src/core/createOidc.ts +81 -16
- package/src/core/oidcClientTsUserToTokens.ts +7 -2
- package/src/keycloak/keycloak-js/Keycloak.ts +198 -232
- package/src/keycloak/keycloak-js/types.ts +1 -4
- package/src/mock/oidc.ts +2 -1
- package/src/tools/workerTimers.ts +2 -6
- package/tools/workerTimers.js +2 -5
- package/tools/workerTimers.js.map +1 -1
- package/vendor/frontend/oidc-client-ts.js +46 -8
|
@@ -1,4 +1,16 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
3
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
4
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
5
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
6
|
+
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
7
|
+
};
|
|
8
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
9
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
10
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
11
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
12
|
+
};
|
|
13
|
+
var _Keycloak_state;
|
|
2
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
15
|
exports.Keycloak = void 0;
|
|
4
16
|
const tsafe_1 = require("../../vendor/frontend/tsafe");
|
|
@@ -9,7 +21,6 @@ const keycloakUtils_1 = require("../keycloakUtils");
|
|
|
9
21
|
const worker_timers_1 = require("../../vendor/frontend/worker-timers");
|
|
10
22
|
const StatefulEvt_1 = require("../../tools/StatefulEvt");
|
|
11
23
|
const readExpirationTimeInJwt_1 = require("../../tools/readExpirationTimeInJwt");
|
|
12
|
-
const internalStateByInstance = new WeakMap();
|
|
13
24
|
/**
|
|
14
25
|
* This module provides a drop-in replacement for `keycloak-js`,
|
|
15
26
|
* designed for teams migrating to `oidc-spa` with minimal changes.
|
|
@@ -27,6 +38,7 @@ class Keycloak {
|
|
|
27
38
|
* I'm not seeing the usecase when ran against keycloak right now so not doing it.
|
|
28
39
|
*/
|
|
29
40
|
constructor(params) {
|
|
41
|
+
_Keycloak_state.set(this, void 0);
|
|
30
42
|
/**
|
|
31
43
|
* Response mode passed in init (default value is `'fragment'`).
|
|
32
44
|
*
|
|
@@ -47,16 +59,8 @@ class Keycloak {
|
|
|
47
59
|
* NOTE oidc-spa: Can only be 'standard'
|
|
48
60
|
*/
|
|
49
61
|
this.flow = "standard";
|
|
50
|
-
/**
|
|
51
|
-
* The estimated time difference between the browser time and the Keycloak
|
|
52
|
-
* server in seconds. This value is just an estimation, but is accurate
|
|
53
|
-
* enough when determining if a token is expired or not.
|
|
54
|
-
*
|
|
55
|
-
* NOTE oidc-spa: Not supported.
|
|
56
|
-
*/
|
|
57
|
-
this.timeSkew = null;
|
|
58
62
|
const issuerUri = `${params.url.replace(/\/$/, "")}/realms/${params.realm}`;
|
|
59
|
-
|
|
63
|
+
__classPrivateFieldSet(this, _Keycloak_state, {
|
|
60
64
|
constructorParams: params,
|
|
61
65
|
dInitialized: new Deferred_1.Deferred(),
|
|
62
66
|
initOptions: undefined,
|
|
@@ -67,7 +71,7 @@ class Keycloak {
|
|
|
67
71
|
profile: undefined,
|
|
68
72
|
userInfo: undefined,
|
|
69
73
|
$onTokenExpired: (0, StatefulEvt_1.createStatefulEvt)(() => undefined)
|
|
70
|
-
});
|
|
74
|
+
}, "f");
|
|
71
75
|
}
|
|
72
76
|
/**
|
|
73
77
|
* Called to initialize the adapter.
|
|
@@ -76,25 +80,23 @@ class Keycloak {
|
|
|
76
80
|
*/
|
|
77
81
|
async init(initOptions = {}) {
|
|
78
82
|
const { onLoad = "check-sso", redirectUri, enableLogging, scope, locale } = initOptions;
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
if (internalState.initOptions !== undefined) {
|
|
82
|
-
if (JSON.stringify(internalState.initOptions) !== JSON.stringify(initOptions)) {
|
|
83
|
+
if (__classPrivateFieldGet(this, _Keycloak_state, "f").initOptions !== undefined) {
|
|
84
|
+
if (JSON.stringify(__classPrivateFieldGet(this, _Keycloak_state, "f").initOptions) !== JSON.stringify(initOptions)) {
|
|
83
85
|
throw new Error("Can't call init() multiple time with different params");
|
|
84
86
|
}
|
|
85
|
-
await
|
|
86
|
-
const { oidc } =
|
|
87
|
+
await __classPrivateFieldGet(this, _Keycloak_state, "f").dInitialized.pr;
|
|
88
|
+
const { oidc } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
87
89
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
88
90
|
return oidc.isUserLoggedIn;
|
|
89
91
|
}
|
|
90
|
-
|
|
91
|
-
const { constructorParams, issuerUri } =
|
|
92
|
+
__classPrivateFieldGet(this, _Keycloak_state, "f").initOptions = initOptions;
|
|
93
|
+
const { constructorParams, issuerUri } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
92
94
|
const autoLogin = onLoad === "login-required";
|
|
93
95
|
let hasCreateResolved = false;
|
|
94
96
|
const oidcOrError = await (0, core_1.createOidc)({
|
|
95
97
|
homeUrl: constructorParams.homeUrl,
|
|
96
98
|
issuerUri,
|
|
97
|
-
clientId:
|
|
99
|
+
clientId: __classPrivateFieldGet(this, _Keycloak_state, "f").constructorParams.clientId,
|
|
98
100
|
autoLogin,
|
|
99
101
|
postLoginRedirectUrl: redirectUri,
|
|
100
102
|
debugLogs: enableLogging,
|
|
@@ -123,75 +125,90 @@ class Keycloak {
|
|
|
123
125
|
(0, tsafe_1.assert)(false);
|
|
124
126
|
}
|
|
125
127
|
const oidc = oidcOrError;
|
|
126
|
-
internalState.oidc = oidc;
|
|
127
128
|
if (oidc.isUserLoggedIn) {
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
129
|
+
const tokens = await oidc.getTokens();
|
|
130
|
+
const onNewToken = (tokens_new) => {
|
|
131
|
+
__classPrivateFieldGet(this, _Keycloak_state, "f").tokens = tokens_new;
|
|
132
|
+
this.onAuthRefreshSuccess?.();
|
|
133
|
+
};
|
|
134
|
+
onNewToken(tokens);
|
|
135
|
+
oidc.subscribeToTokensChange(onNewToken);
|
|
136
|
+
}
|
|
137
|
+
__classPrivateFieldGet(this, _Keycloak_state, "f").oidc = oidc;
|
|
138
|
+
__classPrivateFieldGet(this, _Keycloak_state, "f").dInitialized.resolve();
|
|
139
|
+
this.onReady?.(oidc.isUserLoggedIn);
|
|
140
|
+
onAuthSuccess_call: {
|
|
141
|
+
if (!oidc.isUserLoggedIn) {
|
|
142
|
+
break onAuthSuccess_call;
|
|
136
143
|
}
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
if (onTokenExpired === undefined) {
|
|
143
|
-
return;
|
|
144
|
-
}
|
|
145
|
-
let timer = undefined;
|
|
146
|
-
const onNewToken = () => {
|
|
147
|
-
if (timer !== undefined) {
|
|
148
|
-
worker_timers_1.workerTimers.clearTimeout(timer);
|
|
149
|
-
}
|
|
150
|
-
const { tokens } = internalState;
|
|
151
|
-
(0, tsafe_1.assert)(tokens !== undefined);
|
|
152
|
-
timer = worker_timers_1.workerTimers.setTimeout(() => {
|
|
153
|
-
onTokenExpired.call(this);
|
|
154
|
-
}, Math.max(tokens.accessTokenExpirationTime - Date.now() - 3000, 0));
|
|
155
|
-
};
|
|
156
|
-
onNewToken();
|
|
157
|
-
const { unsubscribe } = oidc.subscribeToTokensChange(onNewToken);
|
|
158
|
-
clear = () => {
|
|
159
|
-
if (timer !== undefined) {
|
|
160
|
-
worker_timers_1.workerTimers.clearTimeout(timer);
|
|
161
|
-
}
|
|
162
|
-
unsubscribe();
|
|
163
|
-
};
|
|
164
|
-
});
|
|
144
|
+
this.onAuthSuccess?.();
|
|
145
|
+
}
|
|
146
|
+
onAuthError_call: {
|
|
147
|
+
if (oidc.isUserLoggedIn) {
|
|
148
|
+
break onAuthError_call;
|
|
165
149
|
}
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
break onActionUpdate_call;
|
|
169
|
-
}
|
|
170
|
-
const { backFromAuthServer } = oidc;
|
|
171
|
-
if (backFromAuthServer === undefined) {
|
|
172
|
-
break onActionUpdate_call;
|
|
173
|
-
}
|
|
174
|
-
const status = backFromAuthServer.result.kc_action_status;
|
|
175
|
-
if (!(0, tsafe_1.isAmong)(["success", "cancelled", "error"], status)) {
|
|
176
|
-
break onActionUpdate_call;
|
|
177
|
-
}
|
|
178
|
-
const action = backFromAuthServer.extraQueryParams.kc_action;
|
|
179
|
-
if (action === undefined) {
|
|
180
|
-
break onActionUpdate_call;
|
|
181
|
-
}
|
|
182
|
-
this.onActionUpdate(status, action);
|
|
150
|
+
if (oidc.initializationError === undefined) {
|
|
151
|
+
break onAuthError_call;
|
|
183
152
|
}
|
|
184
|
-
}
|
|
185
|
-
if (!oidc.isUserLoggedIn && oidc.initializationError !== undefined) {
|
|
186
153
|
this.onAuthError?.({
|
|
187
154
|
error: oidc.initializationError.name,
|
|
188
155
|
error_description: oidc.initializationError.message
|
|
189
156
|
});
|
|
190
157
|
}
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
158
|
+
onActionUpdate_call: {
|
|
159
|
+
if (!oidc.isUserLoggedIn) {
|
|
160
|
+
break onActionUpdate_call;
|
|
161
|
+
}
|
|
162
|
+
if (this.onActionUpdate === undefined) {
|
|
163
|
+
break onActionUpdate_call;
|
|
164
|
+
}
|
|
165
|
+
const { backFromAuthServer } = oidc;
|
|
166
|
+
if (backFromAuthServer === undefined) {
|
|
167
|
+
break onActionUpdate_call;
|
|
168
|
+
}
|
|
169
|
+
const status = backFromAuthServer.result.kc_action_status;
|
|
170
|
+
if (!(0, tsafe_1.isAmong)(["success", "cancelled", "error"], status)) {
|
|
171
|
+
break onActionUpdate_call;
|
|
172
|
+
}
|
|
173
|
+
const action = backFromAuthServer.extraQueryParams.kc_action;
|
|
174
|
+
if (action === undefined) {
|
|
175
|
+
break onActionUpdate_call;
|
|
176
|
+
}
|
|
177
|
+
this.onActionUpdate(status, action);
|
|
178
|
+
}
|
|
179
|
+
schedule_onTokenExpired_call: {
|
|
180
|
+
if (!oidc.isUserLoggedIn) {
|
|
181
|
+
break schedule_onTokenExpired_call;
|
|
182
|
+
}
|
|
183
|
+
const { $onTokenExpired } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
184
|
+
let clear = undefined;
|
|
185
|
+
const next = (onTokenExpired) => {
|
|
186
|
+
clear?.();
|
|
187
|
+
if (onTokenExpired === undefined) {
|
|
188
|
+
return;
|
|
189
|
+
}
|
|
190
|
+
let timer = undefined;
|
|
191
|
+
const onNewToken = () => {
|
|
192
|
+
if (timer !== undefined) {
|
|
193
|
+
worker_timers_1.workerTimers.clearTimeout(timer);
|
|
194
|
+
}
|
|
195
|
+
const { tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
196
|
+
(0, tsafe_1.assert)(tokens !== undefined);
|
|
197
|
+
timer = worker_timers_1.workerTimers.setTimeout(() => {
|
|
198
|
+
onTokenExpired.call(this);
|
|
199
|
+
}, Math.max(tokens.accessTokenExpirationTime - tokens.getServerDateNow() - 3000, 0));
|
|
200
|
+
};
|
|
201
|
+
onNewToken();
|
|
202
|
+
const { unsubscribe } = oidc.subscribeToTokensChange(onNewToken);
|
|
203
|
+
clear = () => {
|
|
204
|
+
if (timer !== undefined) {
|
|
205
|
+
worker_timers_1.workerTimers.clearTimeout(timer);
|
|
206
|
+
}
|
|
207
|
+
unsubscribe();
|
|
208
|
+
};
|
|
209
|
+
};
|
|
210
|
+
next($onTokenExpired.current);
|
|
211
|
+
$onTokenExpired.subscribe(next);
|
|
195
212
|
}
|
|
196
213
|
return oidc.isUserLoggedIn;
|
|
197
214
|
}
|
|
@@ -202,9 +219,7 @@ class Keycloak {
|
|
|
202
219
|
if (!this.didInitialize) {
|
|
203
220
|
return false;
|
|
204
221
|
}
|
|
205
|
-
const
|
|
206
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
207
|
-
const { oidc } = internalState;
|
|
222
|
+
const { oidc } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
208
223
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
209
224
|
return oidc.isUserLoggedIn;
|
|
210
225
|
}
|
|
@@ -215,9 +230,7 @@ class Keycloak {
|
|
|
215
230
|
if (!this.didInitialize) {
|
|
216
231
|
return undefined;
|
|
217
232
|
}
|
|
218
|
-
const
|
|
219
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
220
|
-
const { oidc, tokens } = internalState;
|
|
233
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
221
234
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
222
235
|
if (!oidc.isUserLoggedIn) {
|
|
223
236
|
console.warn("Trying to read keycloak.subject when keycloak.authenticated is false is a logical error in your application");
|
|
@@ -233,12 +246,10 @@ class Keycloak {
|
|
|
233
246
|
if (!this.didInitialize) {
|
|
234
247
|
return undefined;
|
|
235
248
|
}
|
|
236
|
-
const
|
|
237
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
238
|
-
const { oidc, tokens } = internalState;
|
|
249
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
239
250
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
240
251
|
if (!oidc.isUserLoggedIn) {
|
|
241
|
-
console.warn("Trying to read keycloak.realAccess when keycloak.
|
|
252
|
+
console.warn("Trying to read keycloak.realAccess when keycloak.authenticated is false is a logical error in your application");
|
|
242
253
|
return undefined;
|
|
243
254
|
}
|
|
244
255
|
(0, tsafe_1.assert)(tokens !== undefined);
|
|
@@ -252,9 +263,7 @@ class Keycloak {
|
|
|
252
263
|
if (!this.didInitialize) {
|
|
253
264
|
return undefined;
|
|
254
265
|
}
|
|
255
|
-
const
|
|
256
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
257
|
-
const { oidc, tokens } = internalState;
|
|
266
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
258
267
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
259
268
|
if (!oidc.isUserLoggedIn) {
|
|
260
269
|
console.warn("Trying to read keycloak.resourceAccess when keycloak.authenticated is false is a logical error in your application");
|
|
@@ -269,15 +278,13 @@ class Keycloak {
|
|
|
269
278
|
* requests to services.
|
|
270
279
|
*/
|
|
271
280
|
get token() {
|
|
272
|
-
const internalState = internalStateByInstance.get(this);
|
|
273
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
274
281
|
if (!this.didInitialize) {
|
|
275
|
-
return
|
|
282
|
+
return __classPrivateFieldGet(this, _Keycloak_state, "f").initOptions?.token;
|
|
276
283
|
}
|
|
277
|
-
const { oidc, tokens } =
|
|
284
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
278
285
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
279
286
|
if (!oidc.isUserLoggedIn) {
|
|
280
|
-
console.warn("Trying to read keycloak.token when keycloak.
|
|
287
|
+
console.warn("Trying to read keycloak.token when keycloak.authenticated is false is a logical error in your application");
|
|
281
288
|
return undefined;
|
|
282
289
|
}
|
|
283
290
|
(0, tsafe_1.assert)(tokens !== undefined);
|
|
@@ -287,19 +294,17 @@ class Keycloak {
|
|
|
287
294
|
* The parsed token as a JavaScript object.
|
|
288
295
|
*/
|
|
289
296
|
get tokenParsed() {
|
|
290
|
-
const internalState = internalStateByInstance.get(this);
|
|
291
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
292
297
|
if (!this.didInitialize) {
|
|
293
|
-
const { token } =
|
|
298
|
+
const { token } = __classPrivateFieldGet(this, _Keycloak_state, "f").initOptions ?? {};
|
|
294
299
|
if (token === undefined) {
|
|
295
300
|
return undefined;
|
|
296
301
|
}
|
|
297
302
|
return (0, decodeJwt_1.decodeJwt)(token);
|
|
298
303
|
}
|
|
299
|
-
const { oidc, tokens } =
|
|
304
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
300
305
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
301
306
|
if (!oidc.isUserLoggedIn) {
|
|
302
|
-
console.warn("Trying to read keycloak.
|
|
307
|
+
console.warn("Trying to read keycloak.tokenParsed when keycloak.authenticated is false is a logical error in your application");
|
|
303
308
|
return undefined;
|
|
304
309
|
}
|
|
305
310
|
(0, tsafe_1.assert)(tokens !== undefined);
|
|
@@ -309,15 +314,13 @@ class Keycloak {
|
|
|
309
314
|
* The base64 encoded refresh token that can be used to retrieve a new token.
|
|
310
315
|
*/
|
|
311
316
|
get refreshToken() {
|
|
312
|
-
const internalState = internalStateByInstance.get(this);
|
|
313
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
314
317
|
if (!this.didInitialize) {
|
|
315
|
-
return
|
|
318
|
+
return __classPrivateFieldGet(this, _Keycloak_state, "f").initOptions?.refreshToken;
|
|
316
319
|
}
|
|
317
|
-
const { oidc, tokens } =
|
|
320
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
318
321
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
319
322
|
if (!oidc.isUserLoggedIn) {
|
|
320
|
-
console.warn("Trying to read keycloak.
|
|
323
|
+
console.warn("Trying to read keycloak.refreshToken when keycloak.authenticated is false is a logical error in your application");
|
|
321
324
|
return undefined;
|
|
322
325
|
}
|
|
323
326
|
(0, tsafe_1.assert)(tokens !== undefined);
|
|
@@ -327,19 +330,17 @@ class Keycloak {
|
|
|
327
330
|
* The parsed refresh token as a JavaScript object.
|
|
328
331
|
*/
|
|
329
332
|
get refreshTokenParsed() {
|
|
330
|
-
const internalState = internalStateByInstance.get(this);
|
|
331
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
332
333
|
if (!this.didInitialize) {
|
|
333
|
-
const { refreshToken } =
|
|
334
|
+
const { refreshToken } = __classPrivateFieldGet(this, _Keycloak_state, "f").initOptions ?? {};
|
|
334
335
|
if (refreshToken === undefined) {
|
|
335
336
|
return undefined;
|
|
336
337
|
}
|
|
337
338
|
return (0, decodeJwt_1.decodeJwt)(refreshToken);
|
|
338
339
|
}
|
|
339
|
-
const { oidc, tokens } =
|
|
340
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
340
341
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
341
342
|
if (!oidc.isUserLoggedIn) {
|
|
342
|
-
console.warn("Trying to read keycloak.
|
|
343
|
+
console.warn("Trying to read keycloak.refreshTokenParsed when keycloak.authenticated is false is a logical error in your application");
|
|
343
344
|
return undefined;
|
|
344
345
|
}
|
|
345
346
|
(0, tsafe_1.assert)(tokens !== undefined);
|
|
@@ -352,15 +353,13 @@ class Keycloak {
|
|
|
352
353
|
* The base64 encoded ID token.
|
|
353
354
|
*/
|
|
354
355
|
get idToken() {
|
|
355
|
-
const internalState = internalStateByInstance.get(this);
|
|
356
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
357
356
|
if (!this.didInitialize) {
|
|
358
|
-
return
|
|
357
|
+
return __classPrivateFieldGet(this, _Keycloak_state, "f").initOptions?.idToken;
|
|
359
358
|
}
|
|
360
|
-
const { oidc, tokens } =
|
|
359
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
361
360
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
362
361
|
if (!oidc.isUserLoggedIn) {
|
|
363
|
-
console.warn("Trying to read keycloak.
|
|
362
|
+
console.warn("Trying to read keycloak.idToken when keycloak.authenticated is false is a logical error in your application");
|
|
364
363
|
return undefined;
|
|
365
364
|
}
|
|
366
365
|
(0, tsafe_1.assert)(tokens !== undefined);
|
|
@@ -370,40 +369,56 @@ class Keycloak {
|
|
|
370
369
|
* The parsed id token as a JavaScript object.
|
|
371
370
|
*/
|
|
372
371
|
get idTokenParsed() {
|
|
373
|
-
const internalState = internalStateByInstance.get(this);
|
|
374
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
375
372
|
if (!this.didInitialize) {
|
|
376
|
-
const { idToken } =
|
|
373
|
+
const { idToken } = __classPrivateFieldGet(this, _Keycloak_state, "f").initOptions ?? {};
|
|
377
374
|
if (idToken === undefined) {
|
|
378
375
|
return undefined;
|
|
379
376
|
}
|
|
380
377
|
return (0, decodeJwt_1.decodeJwt)(idToken);
|
|
381
378
|
}
|
|
382
|
-
const { oidc, tokens } =
|
|
379
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
383
380
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
384
381
|
if (!oidc.isUserLoggedIn) {
|
|
385
|
-
console.warn("Trying to read keycloak.
|
|
382
|
+
console.warn("Trying to read keycloak.idTokenParsed when keycloak.authenticated is false is a logical error in your application");
|
|
386
383
|
return undefined;
|
|
387
384
|
}
|
|
388
385
|
(0, tsafe_1.assert)(tokens !== undefined);
|
|
389
386
|
(0, tsafe_1.assert)((0, tsafe_1.is)(tokens.decodedIdToken_original));
|
|
390
387
|
return tokens.decodedIdToken_original;
|
|
391
388
|
}
|
|
389
|
+
/**
|
|
390
|
+
* The estimated time difference between the browser time and the Keycloak
|
|
391
|
+
* server in seconds. This value is just an estimation, but is accurate
|
|
392
|
+
* enough when determining if a token is expired or not.
|
|
393
|
+
*/
|
|
394
|
+
get timeSkew() {
|
|
395
|
+
if (!this.didInitialize) {
|
|
396
|
+
const { timeSkew } = __classPrivateFieldGet(this, _Keycloak_state, "f").initOptions ?? {};
|
|
397
|
+
if (timeSkew === undefined) {
|
|
398
|
+
return null;
|
|
399
|
+
}
|
|
400
|
+
return timeSkew;
|
|
401
|
+
}
|
|
402
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
403
|
+
(0, tsafe_1.assert)(oidc !== undefined);
|
|
404
|
+
if (!oidc.isUserLoggedIn) {
|
|
405
|
+
console.warn("Trying to read keycloak.timeSkew when keycloak.authenticated is false is a logical error in your application");
|
|
406
|
+
return null;
|
|
407
|
+
}
|
|
408
|
+
(0, tsafe_1.assert)(tokens !== undefined);
|
|
409
|
+
return Math.ceil((tokens.getServerDateNow() - Date.now()) / 1000);
|
|
410
|
+
}
|
|
392
411
|
/**
|
|
393
412
|
* Whether the instance has been initialized by calling `.init()`.
|
|
394
413
|
*/
|
|
395
414
|
get didInitialize() {
|
|
396
|
-
|
|
397
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
398
|
-
return internalState.oidc !== undefined;
|
|
415
|
+
return __classPrivateFieldGet(this, _Keycloak_state, "f").oidc !== undefined;
|
|
399
416
|
}
|
|
400
417
|
/**
|
|
401
418
|
* @private Undocumented.
|
|
402
419
|
*/
|
|
403
420
|
get loginRequired() {
|
|
404
|
-
const
|
|
405
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
406
|
-
const { initOptions } = internalState;
|
|
421
|
+
const { initOptions } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
407
422
|
if (initOptions === undefined) {
|
|
408
423
|
return false;
|
|
409
424
|
}
|
|
@@ -413,36 +428,28 @@ class Keycloak {
|
|
|
413
428
|
* @private Undocumented.
|
|
414
429
|
*/
|
|
415
430
|
get authServerUrl() {
|
|
416
|
-
const
|
|
417
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
418
|
-
const { keycloakUtils: { issuerUriParsed } } = internalState;
|
|
431
|
+
const { keycloakUtils: { issuerUriParsed } } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
419
432
|
return `${issuerUriParsed.origin}${issuerUriParsed.kcHttpRelativePath}`;
|
|
420
433
|
}
|
|
421
434
|
/**
|
|
422
435
|
* @private Undocumented.
|
|
423
436
|
*/
|
|
424
437
|
get realm() {
|
|
425
|
-
const
|
|
426
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
427
|
-
const { keycloakUtils: { issuerUriParsed } } = internalState;
|
|
438
|
+
const { keycloakUtils: { issuerUriParsed } } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
428
439
|
return issuerUriParsed.realm;
|
|
429
440
|
}
|
|
430
441
|
/**
|
|
431
442
|
* @private Undocumented.
|
|
432
443
|
*/
|
|
433
444
|
get clientId() {
|
|
434
|
-
const
|
|
435
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
436
|
-
const { constructorParams } = internalState;
|
|
445
|
+
const { constructorParams } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
437
446
|
return constructorParams.clientId;
|
|
438
447
|
}
|
|
439
448
|
/**
|
|
440
449
|
* @private Undocumented.
|
|
441
450
|
*/
|
|
442
451
|
get redirectUri() {
|
|
443
|
-
const
|
|
444
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
445
|
-
const { initOptions } = internalState;
|
|
452
|
+
const { initOptions } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
446
453
|
if (initOptions === undefined) {
|
|
447
454
|
return undefined;
|
|
448
455
|
}
|
|
@@ -455,9 +462,7 @@ class Keycloak {
|
|
|
455
462
|
if (!this.didInitialize) {
|
|
456
463
|
return undefined;
|
|
457
464
|
}
|
|
458
|
-
const
|
|
459
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
460
|
-
const { oidc, tokens } = internalState;
|
|
465
|
+
const { oidc, tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
461
466
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
462
467
|
if (!oidc.isUserLoggedIn) {
|
|
463
468
|
console.warn("Trying to read keycloak.sessionId when keycloak.authenticated is false is a logical error in your application");
|
|
@@ -472,18 +477,14 @@ class Keycloak {
|
|
|
472
477
|
* @private Undocumented.
|
|
473
478
|
*/
|
|
474
479
|
get profile() {
|
|
475
|
-
const
|
|
476
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
477
|
-
const { profile } = internalState;
|
|
480
|
+
const { profile } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
478
481
|
return profile;
|
|
479
482
|
}
|
|
480
483
|
/**
|
|
481
484
|
* @private Undocumented.
|
|
482
485
|
*/
|
|
483
486
|
get userInfo() {
|
|
484
|
-
const
|
|
485
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
486
|
-
const { userInfo } = internalState;
|
|
487
|
+
const { userInfo } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
487
488
|
return userInfo;
|
|
488
489
|
}
|
|
489
490
|
/**
|
|
@@ -506,15 +507,11 @@ class Keycloak {
|
|
|
506
507
|
* obtain a new access token.
|
|
507
508
|
*/
|
|
508
509
|
set onTokenExpired(value) {
|
|
509
|
-
const
|
|
510
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
511
|
-
const { $onTokenExpired } = internalState;
|
|
510
|
+
const { $onTokenExpired } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
512
511
|
$onTokenExpired.current = value;
|
|
513
512
|
}
|
|
514
513
|
get onTokenExpired() {
|
|
515
|
-
const
|
|
516
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
517
|
-
const { $onTokenExpired } = internalState;
|
|
514
|
+
const { $onTokenExpired } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
518
515
|
return $onTokenExpired.current;
|
|
519
516
|
}
|
|
520
517
|
/**
|
|
@@ -523,12 +520,10 @@ class Keycloak {
|
|
|
523
520
|
*/
|
|
524
521
|
async login(options) {
|
|
525
522
|
const { redirectUri, action, loginHint, acr, acrValues, idpHint, locale, doesCurrentHrefRequiresAuth } = options ?? {};
|
|
526
|
-
const internalState = internalStateByInstance.get(this);
|
|
527
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
528
523
|
if (!this.didInitialize) {
|
|
529
|
-
await
|
|
524
|
+
await __classPrivateFieldGet(this, _Keycloak_state, "f").dInitialized.pr;
|
|
530
525
|
}
|
|
531
|
-
const { oidc, keycloakUtils } =
|
|
526
|
+
const { oidc, keycloakUtils } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
532
527
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
533
528
|
const extraQueryParams_commons = {
|
|
534
529
|
claims: acr === undefined
|
|
@@ -574,12 +569,10 @@ class Keycloak {
|
|
|
574
569
|
* @param options Logout options.
|
|
575
570
|
*/
|
|
576
571
|
async logout(options) {
|
|
577
|
-
const internalState = internalStateByInstance.get(this);
|
|
578
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
579
572
|
if (!this.didInitialize) {
|
|
580
|
-
await
|
|
573
|
+
await __classPrivateFieldGet(this, _Keycloak_state, "f").dInitialized.pr;
|
|
581
574
|
}
|
|
582
|
-
const { oidc, initOptions } =
|
|
575
|
+
const { oidc, initOptions } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
583
576
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
584
577
|
(0, tsafe_1.assert)(initOptions !== undefined);
|
|
585
578
|
(0, tsafe_1.assert)(oidc.isUserLoggedIn, "The user is not currently logged in");
|
|
@@ -639,9 +632,7 @@ class Keycloak {
|
|
|
639
632
|
*/
|
|
640
633
|
createAccountUrl(options) {
|
|
641
634
|
const { locale, redirectUri } = options ?? {};
|
|
642
|
-
const
|
|
643
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
644
|
-
const { keycloakUtils } = internalState;
|
|
635
|
+
const { keycloakUtils } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
645
636
|
return keycloakUtils.getAccountUrl({
|
|
646
637
|
clientId: this.clientId,
|
|
647
638
|
backToAppFromAccountUrl: redirectUri ?? location.href,
|
|
@@ -654,8 +645,6 @@ class Keycloak {
|
|
|
654
645
|
* @param minValidity If not specified, `0` is used.
|
|
655
646
|
*/
|
|
656
647
|
isTokenExpired(minValidity = 0) {
|
|
657
|
-
const internalState = internalStateByInstance.get(this);
|
|
658
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
659
648
|
let accessTokenExpirationTime;
|
|
660
649
|
if (!this.didInitialize) {
|
|
661
650
|
const fakeAccessToken = this.token;
|
|
@@ -667,7 +656,7 @@ class Keycloak {
|
|
|
667
656
|
accessTokenExpirationTime = time;
|
|
668
657
|
}
|
|
669
658
|
else {
|
|
670
|
-
const { tokens } =
|
|
659
|
+
const { tokens } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
671
660
|
(0, tsafe_1.assert)(tokens !== undefined);
|
|
672
661
|
accessTokenExpirationTime = tokens.accessTokenExpirationTime;
|
|
673
662
|
}
|
|
@@ -696,12 +685,10 @@ class Keycloak {
|
|
|
696
685
|
* });
|
|
697
686
|
*/
|
|
698
687
|
async updateToken(minValidity = 5) {
|
|
699
|
-
const internalState = internalStateByInstance.get(this);
|
|
700
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
701
688
|
if (!this.didInitialize) {
|
|
702
|
-
await
|
|
689
|
+
await __classPrivateFieldGet(this, _Keycloak_state, "f").dInitialized.pr;
|
|
703
690
|
}
|
|
704
|
-
const { oidc } =
|
|
691
|
+
const { oidc } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
705
692
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
706
693
|
(0, tsafe_1.assert)(oidc.isUserLoggedIn, "updateToken called too early");
|
|
707
694
|
if (!this.isTokenExpired(minValidity)) {
|
|
@@ -747,32 +734,36 @@ class Keycloak {
|
|
|
747
734
|
* @returns A promise to set functions to be invoked on success or error.
|
|
748
735
|
*/
|
|
749
736
|
async loadUserProfile() {
|
|
750
|
-
const internalState = internalStateByInstance.get(this);
|
|
751
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
752
737
|
if (!this.didInitialize) {
|
|
753
|
-
await
|
|
738
|
+
await __classPrivateFieldGet(this, _Keycloak_state, "f").dInitialized.pr;
|
|
754
739
|
}
|
|
755
|
-
const { oidc, keycloakUtils } =
|
|
740
|
+
const { oidc, keycloakUtils } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
756
741
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
757
742
|
(0, tsafe_1.assert)(oidc.isUserLoggedIn, "Can't load userProfile if user not authenticated");
|
|
758
743
|
const { accessToken } = await oidc.getTokens();
|
|
759
|
-
return (
|
|
744
|
+
return (__classPrivateFieldGet(this, _Keycloak_state, "f").profile = await keycloakUtils.fetchUserProfile({ accessToken }));
|
|
760
745
|
}
|
|
761
746
|
/**
|
|
762
747
|
* @private Undocumented.
|
|
763
748
|
*/
|
|
764
749
|
async loadUserInfo() {
|
|
765
|
-
const internalState = internalStateByInstance.get(this);
|
|
766
|
-
(0, tsafe_1.assert)(internalState !== undefined);
|
|
767
750
|
if (!this.didInitialize) {
|
|
768
|
-
await
|
|
751
|
+
await __classPrivateFieldGet(this, _Keycloak_state, "f").dInitialized.pr;
|
|
769
752
|
}
|
|
770
|
-
const { oidc, keycloakUtils } =
|
|
753
|
+
const { oidc, keycloakUtils } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
771
754
|
(0, tsafe_1.assert)(oidc !== undefined);
|
|
772
755
|
(0, tsafe_1.assert)(oidc.isUserLoggedIn, "Can't load userInfo if user not authenticated");
|
|
773
756
|
const { accessToken } = await oidc.getTokens();
|
|
774
|
-
return (
|
|
757
|
+
return (__classPrivateFieldGet(this, _Keycloak_state, "f").userInfo = await keycloakUtils.fetchUserInfo({ accessToken }));
|
|
758
|
+
}
|
|
759
|
+
/** Get the underlying oidc-spa instance */
|
|
760
|
+
get oidc() {
|
|
761
|
+
(0, tsafe_1.assert)(this.didInitialize, "Cannot get keycloak.oidc before the init() method was called and have resolved.");
|
|
762
|
+
const { oidc } = __classPrivateFieldGet(this, _Keycloak_state, "f");
|
|
763
|
+
(0, tsafe_1.assert)(oidc !== undefined);
|
|
764
|
+
return oidc;
|
|
775
765
|
}
|
|
776
766
|
}
|
|
777
767
|
exports.Keycloak = Keycloak;
|
|
768
|
+
_Keycloak_state = new WeakMap();
|
|
778
769
|
//# sourceMappingURL=Keycloak.js.map
|