oidc-spa 8.1.6 → 8.1.7-rc.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/createOidc.js +1 -1
- package/core/iframeMessageProtection.d.ts +1 -0
- package/core/iframeMessageProtection.js +24 -2
- package/core/iframeMessageProtection.js.map +1 -1
- package/core/loginSilent.js +2 -1
- package/core/loginSilent.js.map +1 -1
- package/esm/core/createOidc.js +1 -1
- package/esm/core/iframeMessageProtection.d.ts +1 -0
- package/esm/core/iframeMessageProtection.js +24 -2
- package/esm/core/iframeMessageProtection.js.map +1 -1
- package/esm/core/loginSilent.js +2 -1
- package/esm/core/loginSilent.js.map +1 -1
- package/package.json +1 -1
- package/src/core/iframeMessageProtection.ts +42 -3
- package/src/core/loginSilent.ts +2 -1
package/core/createOidc.js
CHANGED
|
@@ -65,7 +65,7 @@ const isKeycloak_1 = require("../keycloak/isKeycloak");
|
|
|
65
65
|
const INFINITY_TIME_1 = require("../tools/INFINITY_TIME");
|
|
66
66
|
const getIsValidRemoteJson_1 = require("../tools/getIsValidRemoteJson");
|
|
67
67
|
// NOTE: Replaced at build time
|
|
68
|
-
const VERSION = "8.1.
|
|
68
|
+
const VERSION = "8.1.7-rc.1";
|
|
69
69
|
const globalContext = {
|
|
70
70
|
prOidcByConfigId: new Map(),
|
|
71
71
|
hasLogoutBeenCalled: (0, id_1.id)(false),
|
|
@@ -2,6 +2,7 @@ import { type AuthResponse } from "./AuthResponse";
|
|
|
2
2
|
export declare function preventSessionStorageSetItemOfPublicKeyByThirdParty(): void;
|
|
3
3
|
export declare function initIframeMessageProtection(params: {
|
|
4
4
|
stateUrlParamValue: string;
|
|
5
|
+
log: typeof console.log | undefined;
|
|
5
6
|
}): Promise<{
|
|
6
7
|
getIsEncryptedAuthResponse: (params: {
|
|
7
8
|
message: unknown;
|
|
@@ -6,6 +6,7 @@ exports.encryptAuthResponse = encryptAuthResponse;
|
|
|
6
6
|
const assert_1 = require("../tools/tsafe/assert");
|
|
7
7
|
const asymmetricEncryption_1 = require("../tools/asymmetricEncryption");
|
|
8
8
|
const setItem_real = Storage.prototype.setItem;
|
|
9
|
+
const sessionStorage_original = window.sessionStorage;
|
|
9
10
|
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
10
11
|
function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
11
12
|
const setItem_protected = function setItem(key, value) {
|
|
@@ -30,10 +31,12 @@ function getSessionStorageKey(params) {
|
|
|
30
31
|
return `${SESSION_STORAGE_PREFIX}${stateUrlParamValue}`;
|
|
31
32
|
}
|
|
32
33
|
async function initIframeMessageProtection(params) {
|
|
33
|
-
const { stateUrlParamValue } = params;
|
|
34
|
+
const { stateUrlParamValue, log } = params;
|
|
34
35
|
const { publicKey, privateKey } = await (0, asymmetricEncryption_1.generateKeys)();
|
|
35
36
|
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
37
|
+
log?.(`Writing iframe messaging protection publicKey for state: ${stateUrlParamValue} at sessionStorage -> ${sessionStorageKey}`);
|
|
36
38
|
setItem_real.call(sessionStorage, sessionStorageKey, publicKey);
|
|
39
|
+
setItem_real.call(sessionStorage_original, `${sessionStorageKey}_alt`, publicKey);
|
|
37
40
|
function getIsEncryptedAuthResponse(params) {
|
|
38
41
|
const { message } = params;
|
|
39
42
|
return typeof message === "string" && message.startsWith(ENCRYPTED_AUTH_RESPONSES_PREFIX);
|
|
@@ -48,14 +51,33 @@ async function initIframeMessageProtection(params) {
|
|
|
48
51
|
return { authResponse };
|
|
49
52
|
}
|
|
50
53
|
function clearSessionStoragePublicKey() {
|
|
54
|
+
log?.(`Clearing session storage public key at ${sessionStorageKey}`);
|
|
51
55
|
sessionStorage.removeItem(sessionStorageKey);
|
|
56
|
+
sessionStorage.removeItem(`${sessionStorageKey}_alt`);
|
|
52
57
|
}
|
|
53
58
|
return { getIsEncryptedAuthResponse, decodeEncryptedAuth, clearSessionStoragePublicKey };
|
|
54
59
|
}
|
|
55
60
|
async function encryptAuthResponse(params) {
|
|
56
61
|
const { authResponse } = params;
|
|
57
62
|
const publicKey = sessionStorage.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
|
|
58
|
-
|
|
63
|
+
try {
|
|
64
|
+
(0, assert_1.assert)(publicKey !== null, `2293302 no publicKey for state ${authResponse.state}`);
|
|
65
|
+
}
|
|
66
|
+
catch (error) {
|
|
67
|
+
{
|
|
68
|
+
const publicKey = sessionStorage.getItem(`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`);
|
|
69
|
+
console.log(`====> PublicKey_alt_1: ${publicKey}`);
|
|
70
|
+
}
|
|
71
|
+
{
|
|
72
|
+
const publicKey = sessionStorage_original.getItem(`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`);
|
|
73
|
+
console.log(`====> PublicKey_alt_2: ${publicKey}`);
|
|
74
|
+
}
|
|
75
|
+
{
|
|
76
|
+
const publicKey = sessionStorage_original.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
|
|
77
|
+
console.log(`====> PublicKey_3: ${publicKey}`);
|
|
78
|
+
}
|
|
79
|
+
throw error;
|
|
80
|
+
}
|
|
59
81
|
const { encryptedMessage: encryptedMessage_withoutPrefix } = await (0, asymmetricEncryption_1.asymmetricEncrypt)({
|
|
60
82
|
publicKey,
|
|
61
83
|
message: JSON.stringify(authResponse)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;AASA,kHAsBC;AAUD,kEA6CC;AAED,kDA6CC;AArID,kDAA+C;AAC/C,wEAAmG;AAGnG,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAC/C,MAAM,uBAAuB,GAAG,MAAM,CAAC,cAAc,CAAC;AAEtD,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,SAAgB,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,IAAA,eAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAEM,KAAK,UAAU,2BAA2B,CAAC,MAGjD;IACG,MAAM,EAAE,kBAAkB,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC;IAE3C,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,mCAAY,GAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,GAAG,EAAE,CACD,4DAA4D,kBAAkB,yBAAyB,iBAAiB,EAAE,CAC7H,CAAC;IAEF,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAChE,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,iBAAiB,MAAM,EAAE,SAAS,CAAC,CAAC;IAElF,SAAS,0BAA0B,CAAC,MAA4B;QAC5D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;QAE3B,OAAO,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,CAAC,+BAA+B,CAAC,CAAC;IAC9F,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CAAC,+BAA+B,CAAC,MAAM,CAAC;YACrF,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,GAAG,EAAE,CAAC,0CAA0C,iBAAiB,EAAE,CAAC,CAAC;QACrE,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC7C,cAAc,CAAC,UAAU,CAAC,GAAG,iBAAiB,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,CAAC;AAC7F,CAAC;AAEM,KAAK,UAAU,mBAAmB,CAAC,MAAsC;IAC5E,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CACpC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CACnE,CAAC;IAEF,IAAI,CAAC;QACD,IAAA,eAAM,EAAC,SAAS,KAAK,IAAI,EAAE,kCAAkC,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;IACvF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,CAAC;YACG,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CACpC,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,CAC5E,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;QACvD,CAAC;QAED,CAAC;YACG,MAAM,SAAS,GAAG,uBAAuB,CAAC,OAAO,CAC7C,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,CAC5E,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;QACvD,CAAC;QAED,CAAC;YACG,MAAM,SAAS,GAAG,uBAAuB,CAAC,OAAO,CAC7C,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CACnE,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,KAAK,CAAC;IAChB,CAAC;IAED,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,8BAA8B,EAAE,CAAC;IAE/F,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAChC,CAAC"}
|
package/core/loginSilent.js
CHANGED
|
@@ -37,7 +37,8 @@ async function loginSilent(params) {
|
|
|
37
37
|
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
38
38
|
})();
|
|
39
39
|
const { decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await (0, iframeMessageProtection_1.initIframeMessageProtection)({
|
|
40
|
-
stateUrlParamValue: stateUrlParamValue_instance
|
|
40
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
41
|
+
log
|
|
41
42
|
});
|
|
42
43
|
let clearTimeouts;
|
|
43
44
|
{
|
package/core/loginSilent.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;AA8BA,
|
|
1
|
+
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;AA8BA,kCAkOC;AA5PD,gDAA6C;AAC7C,kDAA+C;AAC/C,0CAAuC;AACvC,4DAAyD;AACzD,2CAA4E;AAC5E,kEAA+D;AAC/D,0CAA0C;AAE1C,8DAAkE;AAClE,uEAAwE;AACxE,sDAAmD;AAgB5C,KAAK,UAAU,WAAW,CAAC,MAgBjC;IACG,MAAM,EACF,uBAAuB,EACvB,2BAA2B,EAC3B,QAAQ,EACR,0BAA0B,EAC1B,mBAAmB,EACnB,mBAAmB,EACnB,SAAS,EACT,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,kBAAkB,EAAE,CAAC;QACjB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,IAAA,yBAAW,GAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC;QAC7B,CAAC;QACD,GAAG,EAAE,CAAC,wFAAwF,CAAC,CAAC;QAChG,MAAM,QAAQ,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,mBAAQ,EAAuB,CAAC;IAEpD,MAAM,cAAc,GAAW,CAAC,GAAG,EAAE;QACjC,MAAM,KAAK,GAAG,IAAA,gBAAQ,GAAE,CAAC;QAEzB,MAAM,cAAc,GAAG,IAAA,qCAAiB,GAAE,CAAC;QAE3C,6DAA6D;QAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,IAAK,CAAC;QAEjE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACzB,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAAC;QAEzC,oDAAoD;QACpD,8CAA8C;QAC9C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,4BAA4B,EAAE,GACnF,MAAM,IAAA,qDAA2B,EAAC;QAC9B,kBAAkB,EAAE,2BAA2B;QAC/C,GAAG;KACN,CAAC,CAAC;IAEP,IAAI,aAAwD,CAAC;IAC7D,CAAC;QACG,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,QAAQ,GAAG;YACb,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACnB,CAAC,CAAC;YACP,CAAC,EAAE,cAAc,CAAC;YAClB,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,IAAI,CACR;oBACI,+DAA+D;oBAC/D,2CAA2C;oBAC3C,WAAW,IAAI,CAAC,KAAK,CACjB,cAAc,GAAG,IAAK,CACzB,sCAAsC;oBACvC,yFAAyF;iBAC5F,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACF,uBAAuB,GAAG,IAAI,CAAC;YACnC,CAAC,EAAE,IAAK,CAAC;SACZ,CAAC;QAEF,aAAa,GAAG,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE;YAC/B,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC/B,IAAI,UAAU,IAAI,uBAAuB,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CACP;oBACI,iEAAiE;oBACjE,6CAA6C;iBAChD,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;YACN,CAAC;QACL,CAAC,CAAC;IACN,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,EAAE,KAAmB,EAAE,EAAE;QAC3C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO;QACX,CAAC;QAED,IACI,CAAC,0BAA0B,CAAC;YACxB,OAAO,EAAE,KAAK,CAAC,IAAI;SACtB,CAAC,EACJ,CAAC;YACC,OAAO;QACX,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,mBAAmB,CAAC,EAAE,qBAAqB,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAE1F,MAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;QAE3E,IAAA,eAAM,EAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC1C,IAAA,eAAM,EAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAEjD,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO;QACX,CAAC;QAED,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEhD,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,+BAA+B;YACxC,YAAY;SACf,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEpD,MAAM,yBAAyB,GAAG,CAAC,GAAW,EAAE,EAAE;QAC9C,sBAAsB,EAAE,CAAC;YACrB,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACpC,MAAM,sBAAsB,CAAC;YACjC,CAAC;YAED,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YAEtE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,SAAS;gBACb,CAAC;gBACD,GAAG,GAAG,IAAA,wCAAsB,EAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;YACjF,CAAC;QACL,CAAC;QAED,mBAAmB,EAAE,CAAC;YAClB,IAAI,0BAA0B,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,mBAAmB,CAAC;YAC9B,CAAC;YACD,GAAG,GAAG,0BAA0B,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC,CAAC;IAEF,uBAAuB;SAClB,YAAY,CAAC;QACV,KAAK,EAAE,IAAA,OAAE,EAAmB;YACxB,OAAO,EAAE,QAAQ;YACjB,QAAQ;SACX,CAAC;QACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;QACpD,gBAAgB,EACZ,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAA,yBAAW,EAAC,mBAAmB,EAAE,CAAC;QACtF,YAAY,EAAE,yBAAyB;KAC1C,CAAC;SACD,IAAI,CACD,gBAAgB,CAAC,EAAE;QACf,IAAA,eAAM,EAAC,gBAAgB,KAAK,IAAI,EAAE,kDAAkD,CAAC,CAAC;QAEtF,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEhD,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,qCAAqC;YAC9C,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC,EACD,CAAC,KAAY,EAAE,EAAE;QACb,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;YACtC,+DAA+D;YAC/D,mCAAmC;YACnC,mEAAmE;YACnE,0CAA0C;YAC1C,yEAAyE;YAEzE,0DAA0D;YAC1D,kEAAkE;YAClE,mEAAmE;YACnE,qBAAqB;YACrB,aAAa,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAErC,OAAO,CAAC,OAAO,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,sCAAsC;aAChD,CAAC,CAAC;YAEH,OAAO;QACX,CAAC;QAED,yEAAyE;QACzE,qEAAqE;IACzE,CAAC,CACJ,CAAC;IAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACrB,4BAA4B,EAAE,CAAC;QAE/B,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAA,2BAAe,EAAC,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,CAAC,CAAC;QACzE,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,EAAE,CAAC;AACtB,CAAC"}
|
package/esm/core/createOidc.js
CHANGED
|
@@ -28,7 +28,7 @@ import { isKeycloak } from "../keycloak/isKeycloak";
|
|
|
28
28
|
import { INFINITY_TIME } from "../tools/INFINITY_TIME";
|
|
29
29
|
import { getIsValidRemoteJson } from "../tools/getIsValidRemoteJson";
|
|
30
30
|
// NOTE: Replaced at build time
|
|
31
|
-
const VERSION = "8.1.
|
|
31
|
+
const VERSION = "8.1.7-rc.1";
|
|
32
32
|
const globalContext = {
|
|
33
33
|
prOidcByConfigId: new Map(),
|
|
34
34
|
hasLogoutBeenCalled: id(false),
|
|
@@ -2,6 +2,7 @@ import { type AuthResponse } from "./AuthResponse";
|
|
|
2
2
|
export declare function preventSessionStorageSetItemOfPublicKeyByThirdParty(): void;
|
|
3
3
|
export declare function initIframeMessageProtection(params: {
|
|
4
4
|
stateUrlParamValue: string;
|
|
5
|
+
log: typeof console.log | undefined;
|
|
5
6
|
}): Promise<{
|
|
6
7
|
getIsEncryptedAuthResponse: (params: {
|
|
7
8
|
message: unknown;
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { assert } from "../tools/tsafe/assert";
|
|
2
2
|
import { asymmetricEncrypt, asymmetricDecrypt, generateKeys } from "../tools/asymmetricEncryption";
|
|
3
3
|
const setItem_real = Storage.prototype.setItem;
|
|
4
|
+
const sessionStorage_original = window.sessionStorage;
|
|
4
5
|
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
5
6
|
export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
6
7
|
const setItem_protected = function setItem(key, value) {
|
|
@@ -25,10 +26,12 @@ function getSessionStorageKey(params) {
|
|
|
25
26
|
return `${SESSION_STORAGE_PREFIX}${stateUrlParamValue}`;
|
|
26
27
|
}
|
|
27
28
|
export async function initIframeMessageProtection(params) {
|
|
28
|
-
const { stateUrlParamValue } = params;
|
|
29
|
+
const { stateUrlParamValue, log } = params;
|
|
29
30
|
const { publicKey, privateKey } = await generateKeys();
|
|
30
31
|
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
32
|
+
log?.(`Writing iframe messaging protection publicKey for state: ${stateUrlParamValue} at sessionStorage -> ${sessionStorageKey}`);
|
|
31
33
|
setItem_real.call(sessionStorage, sessionStorageKey, publicKey);
|
|
34
|
+
setItem_real.call(sessionStorage_original, `${sessionStorageKey}_alt`, publicKey);
|
|
32
35
|
function getIsEncryptedAuthResponse(params) {
|
|
33
36
|
const { message } = params;
|
|
34
37
|
return typeof message === "string" && message.startsWith(ENCRYPTED_AUTH_RESPONSES_PREFIX);
|
|
@@ -43,14 +46,33 @@ export async function initIframeMessageProtection(params) {
|
|
|
43
46
|
return { authResponse };
|
|
44
47
|
}
|
|
45
48
|
function clearSessionStoragePublicKey() {
|
|
49
|
+
log?.(`Clearing session storage public key at ${sessionStorageKey}`);
|
|
46
50
|
sessionStorage.removeItem(sessionStorageKey);
|
|
51
|
+
sessionStorage.removeItem(`${sessionStorageKey}_alt`);
|
|
47
52
|
}
|
|
48
53
|
return { getIsEncryptedAuthResponse, decodeEncryptedAuth, clearSessionStoragePublicKey };
|
|
49
54
|
}
|
|
50
55
|
export async function encryptAuthResponse(params) {
|
|
51
56
|
const { authResponse } = params;
|
|
52
57
|
const publicKey = sessionStorage.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
|
|
53
|
-
|
|
58
|
+
try {
|
|
59
|
+
assert(publicKey !== null, `2293302 no publicKey for state ${authResponse.state}`);
|
|
60
|
+
}
|
|
61
|
+
catch (error) {
|
|
62
|
+
{
|
|
63
|
+
const publicKey = sessionStorage.getItem(`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`);
|
|
64
|
+
console.log(`====> PublicKey_alt_1: ${publicKey}`);
|
|
65
|
+
}
|
|
66
|
+
{
|
|
67
|
+
const publicKey = sessionStorage_original.getItem(`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`);
|
|
68
|
+
console.log(`====> PublicKey_alt_2: ${publicKey}`);
|
|
69
|
+
}
|
|
70
|
+
{
|
|
71
|
+
const publicKey = sessionStorage_original.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
|
|
72
|
+
console.log(`====> PublicKey_3: ${publicKey}`);
|
|
73
|
+
}
|
|
74
|
+
throw error;
|
|
75
|
+
}
|
|
54
76
|
const { encryptedMessage: encryptedMessage_withoutPrefix } = await asymmetricEncrypt({
|
|
55
77
|
publicKey,
|
|
56
78
|
message: JSON.stringify(authResponse)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../../src/core/iframeMessageProtection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAGnG,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../../src/core/iframeMessageProtection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAGnG,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAC/C,MAAM,uBAAuB,GAAG,MAAM,CAAC,cAAc,CAAC;AAEtD,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,MAAM,UAAU,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,MAAM,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,MAGjD;IACG,MAAM,EAAE,kBAAkB,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC;IAE3C,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,GAAG,EAAE,CACD,4DAA4D,kBAAkB,yBAAyB,iBAAiB,EAAE,CAC7H,CAAC;IAEF,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAChE,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE,GAAG,iBAAiB,MAAM,EAAE,SAAS,CAAC,CAAC;IAElF,SAAS,0BAA0B,CAAC,MAA4B;QAC5D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;QAE3B,OAAO,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,CAAC,+BAA+B,CAAC,CAAC;IAC9F,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,iBAAiB,CAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CAAC,+BAA+B,CAAC,MAAM,CAAC;YACrF,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,GAAG,EAAE,CAAC,0CAA0C,iBAAiB,EAAE,CAAC,CAAC;QACrE,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC7C,cAAc,CAAC,UAAU,CAAC,GAAG,iBAAiB,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,CAAC;AAC7F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,MAAsC;IAC5E,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CACpC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CACnE,CAAC;IAEF,IAAI,CAAC;QACD,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,kCAAkC,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;IACvF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,CAAC;YACG,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CACpC,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,CAC5E,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;QACvD,CAAC;QAED,CAAC;YACG,MAAM,SAAS,GAAG,uBAAuB,CAAC,OAAO,CAC7C,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,CAC5E,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;QACvD,CAAC;QAED,CAAC;YACG,MAAM,SAAS,GAAG,uBAAuB,CAAC,OAAO,CAC7C,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CACnE,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,KAAK,CAAC;IAChB,CAAC;IAED,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,iBAAiB,CAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,8BAA8B,EAAE,CAAC;IAE/F,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAChC,CAAC"}
|
package/esm/core/loginSilent.js
CHANGED
|
@@ -34,7 +34,8 @@ export async function loginSilent(params) {
|
|
|
34
34
|
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
35
35
|
})();
|
|
36
36
|
const { decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await initIframeMessageProtection({
|
|
37
|
-
stateUrlParamValue: stateUrlParamValue_instance
|
|
37
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
38
|
+
log
|
|
38
39
|
});
|
|
39
40
|
let clearTimeouts;
|
|
40
41
|
{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../../src/core/loginSilent.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,EAAE,EAAE,MAAM,mBAAmB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,eAAe,EAAkB,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAgBnD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAgBjC;IACG,MAAM,EACF,uBAAuB,EACvB,2BAA2B,EAC3B,QAAQ,EACR,0BAA0B,EAC1B,mBAAmB,EACnB,mBAAmB,EACnB,SAAS,EACT,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,kBAAkB,EAAE,CAAC;QACjB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC;QAC7B,CAAC;QACD,GAAG,EAAE,CAAC,wFAAwF,CAAC,CAAC;QAChG,MAAM,QAAQ,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,QAAQ,EAAuB,CAAC;IAEpD,MAAM,cAAc,GAAW,CAAC,GAAG,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QAEzB,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;QAE3C,6DAA6D;QAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,IAAK,CAAC;QAEjE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACzB,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAAC;QAEzC,oDAAoD;QACpD,8CAA8C;QAC9C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,4BAA4B,EAAE,GACnF,MAAM,2BAA2B,CAAC;QAC9B,kBAAkB,EAAE,2BAA2B;
|
|
1
|
+
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../../src/core/loginSilent.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,EAAE,EAAE,MAAM,mBAAmB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,eAAe,EAAkB,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAgBnD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAgBjC;IACG,MAAM,EACF,uBAAuB,EACvB,2BAA2B,EAC3B,QAAQ,EACR,0BAA0B,EAC1B,mBAAmB,EACnB,mBAAmB,EACnB,SAAS,EACT,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,kBAAkB,EAAE,CAAC;QACjB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC;QAC7B,CAAC;QACD,GAAG,EAAE,CAAC,wFAAwF,CAAC,CAAC;QAChG,MAAM,QAAQ,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,QAAQ,EAAuB,CAAC;IAEpD,MAAM,cAAc,GAAW,CAAC,GAAG,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QAEzB,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;QAE3C,6DAA6D;QAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,IAAK,CAAC;QAEjE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACzB,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAAC;QAEzC,oDAAoD;QACpD,8CAA8C;QAC9C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,4BAA4B,EAAE,GACnF,MAAM,2BAA2B,CAAC;QAC9B,kBAAkB,EAAE,2BAA2B;QAC/C,GAAG;KACN,CAAC,CAAC;IAEP,IAAI,aAAwD,CAAC;IAC7D,CAAC;QACG,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,QAAQ,GAAG;YACb,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACnB,CAAC,CAAC;YACP,CAAC,EAAE,cAAc,CAAC;YAClB,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,IAAI,CACR;oBACI,+DAA+D;oBAC/D,2CAA2C;oBAC3C,WAAW,IAAI,CAAC,KAAK,CACjB,cAAc,GAAG,IAAK,CACzB,sCAAsC;oBACvC,yFAAyF;iBAC5F,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACF,uBAAuB,GAAG,IAAI,CAAC;YACnC,CAAC,EAAE,IAAK,CAAC;SACZ,CAAC;QAEF,aAAa,GAAG,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE;YAC/B,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC/B,IAAI,UAAU,IAAI,uBAAuB,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CACP;oBACI,iEAAiE;oBACjE,6CAA6C;iBAChD,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;YACN,CAAC;QACL,CAAC,CAAC;IACN,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,EAAE,KAAmB,EAAE,EAAE;QAC3C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO;QACX,CAAC;QAED,IACI,CAAC,0BAA0B,CAAC;YACxB,OAAO,EAAE,KAAK,CAAC,IAAI;SACtB,CAAC,EACJ,CAAC;YACC,OAAO;QACX,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,mBAAmB,CAAC,EAAE,qBAAqB,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAE1F,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;QAE3E,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC1C,MAAM,CAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAEjD,IAAI,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO;QACX,CAAC;QAED,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEhD,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,+BAA+B;YACxC,YAAY;SACf,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEpD,MAAM,yBAAyB,GAAG,CAAC,GAAW,EAAE,EAAE;QAC9C,sBAAsB,EAAE,CAAC;YACrB,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACpC,MAAM,sBAAsB,CAAC;YACjC,CAAC;YAED,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YAEtE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,SAAS;gBACb,CAAC;gBACD,GAAG,GAAG,sBAAsB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;YACjF,CAAC;QACL,CAAC;QAED,mBAAmB,EAAE,CAAC;YAClB,IAAI,0BAA0B,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,mBAAmB,CAAC;YAC9B,CAAC;YACD,GAAG,GAAG,0BAA0B,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC,CAAC;IAEF,uBAAuB;SAClB,YAAY,CAAC;QACV,KAAK,EAAE,EAAE,CAAmB;YACxB,OAAO,EAAE,QAAQ;YACjB,QAAQ;SACX,CAAC;QACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;QACpD,gBAAgB,EACZ,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACtF,YAAY,EAAE,yBAAyB;KAC1C,CAAC;SACD,IAAI,CACD,gBAAgB,CAAC,EAAE;QACf,MAAM,CAAC,gBAAgB,KAAK,IAAI,EAAE,kDAAkD,CAAC,CAAC;QAEtF,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEhD,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,qCAAqC;YAC9C,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC,EACD,CAAC,KAAY,EAAE,EAAE;QACb,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;YACtC,+DAA+D;YAC/D,mCAAmC;YACnC,mEAAmE;YACnE,0CAA0C;YAC1C,yEAAyE;YAEzE,0DAA0D;YAC1D,kEAAkE;YAClE,mEAAmE;YACnE,qBAAqB;YACrB,aAAa,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAErC,OAAO,CAAC,OAAO,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,sCAAsC;aAChD,CAAC,CAAC;YAEH,OAAO;QACX,CAAC;QAED,yEAAyE;QACzE,qEAAqE;IACzE,CAAC,CACJ,CAAC;IAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACrB,4BAA4B,EAAE,CAAC;QAE/B,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,CAAC,CAAC;QACzE,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,EAAE,CAAC;AACtB,CAAC"}
|
package/package.json
CHANGED
|
@@ -3,6 +3,7 @@ import { asymmetricEncrypt, asymmetricDecrypt, generateKeys } from "../tools/asy
|
|
|
3
3
|
import { type AuthResponse } from "./AuthResponse";
|
|
4
4
|
|
|
5
5
|
const setItem_real = Storage.prototype.setItem;
|
|
6
|
+
const sessionStorage_original = window.sessionStorage;
|
|
6
7
|
|
|
7
8
|
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
8
9
|
|
|
@@ -38,14 +39,22 @@ function getSessionStorageKey(params: { stateUrlParamValue: string }) {
|
|
|
38
39
|
return `${SESSION_STORAGE_PREFIX}${stateUrlParamValue}`;
|
|
39
40
|
}
|
|
40
41
|
|
|
41
|
-
export async function initIframeMessageProtection(params: {
|
|
42
|
-
|
|
42
|
+
export async function initIframeMessageProtection(params: {
|
|
43
|
+
stateUrlParamValue: string;
|
|
44
|
+
log: typeof console.log | undefined;
|
|
45
|
+
}) {
|
|
46
|
+
const { stateUrlParamValue, log } = params;
|
|
43
47
|
|
|
44
48
|
const { publicKey, privateKey } = await generateKeys();
|
|
45
49
|
|
|
46
50
|
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
47
51
|
|
|
52
|
+
log?.(
|
|
53
|
+
`Writing iframe messaging protection publicKey for state: ${stateUrlParamValue} at sessionStorage -> ${sessionStorageKey}`
|
|
54
|
+
);
|
|
55
|
+
|
|
48
56
|
setItem_real.call(sessionStorage, sessionStorageKey, publicKey);
|
|
57
|
+
setItem_real.call(sessionStorage_original, `${sessionStorageKey}_alt`, publicKey);
|
|
49
58
|
|
|
50
59
|
function getIsEncryptedAuthResponse(params: { message: unknown }): boolean {
|
|
51
60
|
const { message } = params;
|
|
@@ -69,7 +78,9 @@ export async function initIframeMessageProtection(params: { stateUrlParamValue:
|
|
|
69
78
|
}
|
|
70
79
|
|
|
71
80
|
function clearSessionStoragePublicKey() {
|
|
81
|
+
log?.(`Clearing session storage public key at ${sessionStorageKey}`);
|
|
72
82
|
sessionStorage.removeItem(sessionStorageKey);
|
|
83
|
+
sessionStorage.removeItem(`${sessionStorageKey}_alt`);
|
|
73
84
|
}
|
|
74
85
|
|
|
75
86
|
return { getIsEncryptedAuthResponse, decodeEncryptedAuth, clearSessionStoragePublicKey };
|
|
@@ -82,7 +93,35 @@ export async function encryptAuthResponse(params: { authResponse: AuthResponse }
|
|
|
82
93
|
getSessionStorageKey({ stateUrlParamValue: authResponse.state })
|
|
83
94
|
);
|
|
84
95
|
|
|
85
|
-
|
|
96
|
+
try {
|
|
97
|
+
assert(publicKey !== null, `2293302 no publicKey for state ${authResponse.state}`);
|
|
98
|
+
} catch (error) {
|
|
99
|
+
{
|
|
100
|
+
const publicKey = sessionStorage.getItem(
|
|
101
|
+
`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`
|
|
102
|
+
);
|
|
103
|
+
|
|
104
|
+
console.log(`====> PublicKey_alt_1: ${publicKey}`);
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
{
|
|
108
|
+
const publicKey = sessionStorage_original.getItem(
|
|
109
|
+
`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`
|
|
110
|
+
);
|
|
111
|
+
|
|
112
|
+
console.log(`====> PublicKey_alt_2: ${publicKey}`);
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
{
|
|
116
|
+
const publicKey = sessionStorage_original.getItem(
|
|
117
|
+
getSessionStorageKey({ stateUrlParamValue: authResponse.state })
|
|
118
|
+
);
|
|
119
|
+
|
|
120
|
+
console.log(`====> PublicKey_3: ${publicKey}`);
|
|
121
|
+
}
|
|
122
|
+
|
|
123
|
+
throw error;
|
|
124
|
+
}
|
|
86
125
|
|
|
87
126
|
const { encryptedMessage: encryptedMessage_withoutPrefix } = await asymmetricEncrypt({
|
|
88
127
|
publicKey,
|
package/src/core/loginSilent.ts
CHANGED
|
@@ -90,7 +90,8 @@ export async function loginSilent(params: {
|
|
|
90
90
|
|
|
91
91
|
const { decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } =
|
|
92
92
|
await initIframeMessageProtection({
|
|
93
|
-
stateUrlParamValue: stateUrlParamValue_instance
|
|
93
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
94
|
+
log
|
|
94
95
|
});
|
|
95
96
|
|
|
96
97
|
let clearTimeouts: (params: { wasSuccess: boolean }) => void;
|