oidc-spa 8.1.7-rc.1 → 8.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/createOidc.js +1 -1
- package/core/earlyInit.js +1 -3
- package/core/earlyInit.js.map +1 -1
- package/core/iframeMessageProtection.d.ts +14 -8
- package/core/iframeMessageProtection.js +58 -34
- package/core/iframeMessageProtection.js.map +1 -1
- package/core/loginSilent.js +27 -10
- package/core/loginSilent.js.map +1 -1
- package/esm/core/createOidc.js +1 -1
- package/esm/core/earlyInit.js +2 -4
- package/esm/core/earlyInit.js.map +1 -1
- package/esm/core/iframeMessageProtection.d.ts +14 -8
- package/esm/core/iframeMessageProtection.js +57 -33
- package/esm/core/iframeMessageProtection.js.map +1 -1
- package/esm/core/loginSilent.js +27 -10
- package/esm/core/loginSilent.js.map +1 -1
- package/package.json +1 -1
- package/src/core/earlyInit.ts +2 -4
- package/src/core/iframeMessageProtection.ts +74 -51
- package/src/core/loginSilent.ts +47 -14
package/core/createOidc.js
CHANGED
|
@@ -65,7 +65,7 @@ const isKeycloak_1 = require("../keycloak/isKeycloak");
|
|
|
65
65
|
const INFINITY_TIME_1 = require("../tools/INFINITY_TIME");
|
|
66
66
|
const getIsValidRemoteJson_1 = require("../tools/getIsValidRemoteJson");
|
|
67
67
|
// NOTE: Replaced at build time
|
|
68
|
-
const VERSION = "8.1.7
|
|
68
|
+
const VERSION = "8.1.7";
|
|
69
69
|
const globalContext = {
|
|
70
70
|
prOidcByConfigId: new Map(),
|
|
71
71
|
hasLogoutBeenCalled: (0, id_1.id)(false),
|
package/core/earlyInit.js
CHANGED
|
@@ -135,9 +135,7 @@ function handleOidcCallback() {
|
|
|
135
135
|
}
|
|
136
136
|
switch (stateData.context) {
|
|
137
137
|
case "iframe":
|
|
138
|
-
(0, iframeMessageProtection_1.
|
|
139
|
-
authResponse
|
|
140
|
-
}).then(({ encryptedMessage }) => parent.postMessage(encryptedMessage, location.origin));
|
|
138
|
+
(0, iframeMessageProtection_1.postEncryptedAuthResponseToParent)({ authResponse });
|
|
141
139
|
return { shouldLoadApp: false };
|
|
142
140
|
case "redirect": {
|
|
143
141
|
redirectAuthResponse = authResponse;
|
package/core/earlyInit.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"earlyInit.js","sourceRoot":"","sources":["../src/core/earlyInit.ts"],"names":[],"mappings":";;AAUA,sCA+DC;AAID,0DAoBC;AAID,kFAGC;AAxGD,2CAAqE;AACrE,kDAA4D;AAE5D,uEAGmC;AAEnC,IAAI,sBAAsB,GAAG,KAAK,CAAC;AAEnC,SAAgB,aAAa,CAAC,MAM7B;IACG,IAAI,sBAAsB,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC5E,CAAC;IAED,sBAAsB,GAAG,IAAI,CAAC;IAE9B,MAAM,EAAE,WAAW,EAAE,oBAAoB,EAAE,eAAe,GAAG,KAAK,EAAE,GAAG,MAAM,IAAI,EAAE,CAAC;IAEpF,MAAM,EAAE,aAAa,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAE/C,IAAI,aAAa,EAAE,CAAC;QAChB,IAAI,oBAAoB,EAAE,CAAC;YACvB,MAAM,sBAAsB,GAAG,UAAU,CAAC,cAAc,CAAC;YAEzD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEtC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,gBAAgB,EAAE;gBAChD,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,sBAAsB;aAChC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;YAEvC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAE7B,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,OAAO,EAAE;gBACvC,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,aAAa;aACvB,CAAC,CAAC;QACP,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC;YAE/C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAEjC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,WAAW,EAAE;gBAC3C,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,iBAAiB;aAC3B,CAAC,CAAC;QACP,CAAC;QAED,IAAA,6EAAmD,GAAE,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,CAAC;AAC7B,CAAC;AAED,IAAI,oBAAoB,GAA6B,SAAS,CAAC;AAE/D,SAAgB,uBAAuB;IAGnC,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACX;YACI,uBAAuB;YACvB,gCAAgC;YAChC,oEAAoE;SACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IACN,CAAC;IACD,OAAO,oBAAoB,KAAK,SAAS;QACrC,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE;QAC7B,CAAC,CAAC;YACI,YAAY,EAAE,oBAAoB;YAClC,iBAAiB,EAAE,GAAG,EAAE;gBACpB,oBAAoB,GAAG,SAAS,CAAC;YACrC,CAAC;SACJ,CAAC;AACZ,CAAC;AAED,IAAI,gCAAgC,GAAuB,SAAS,CAAC;AAErE,SAAgB,mCAAmC;IAC/C,IAAA,eAAM,EAAC,gCAAgC,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;IACjE,OAAO,gCAAgC,CAAC;AAC5C,CAAC;AAED,SAAS,kBAAkB;IACvB,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAEtD,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,CAAC;YACP,MAAM,kBAAkB,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CACtF,OAAO,CACV,CAAC;YAEF,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,IAAI,CAAC,IAAA,oCAAwB,EAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAW,CAAC;QAC7E,CAAC;QAED,KAAK,EAAE,CAAC;YACJ,MAAM,kBAAkB,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAErE,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IAAI,CAAC,IAAA,oCAAwB,EAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IACI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,IAAI;gBACtD,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,IAAI;gBAC1D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,IAAI,EAC3D,CAAC;gBACC,mFAAmF;gBACnF,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAW,CAAC;QAC1E,CAAC;QAED,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAW,CAAC;IACpD,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,CAAC;QAC/C,gCAAgC,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC7F,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,gCAAgC,GAAG,eAAe,CAAC,QAAQ,CAAC;IAE5D,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,GAAG,EAAE;QAC3B,MAAM,YAAY,GAAiB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAEjD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;YACvB,QAAQ,sBAAsB,CAAC,YAAY,EAAE,CAAC;gBAC1C,KAAK,UAAU;oBACX,OAAO,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;gBACvE,KAAK,OAAO;oBACR,OAAO,eAAe,CAAC,YAAY,CAAC;gBACxC;oBACI,IAAA,eAAM,EAA+C,KAAK,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC9B,CAAC;QAED,IAAA,eAAM,EAAC,YAAY,CAAC,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;QAE5C,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;IAE3E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAC/D,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,QAAQ,SAAS,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,QAAQ;YACT,IAAA,
|
|
1
|
+
{"version":3,"file":"earlyInit.js","sourceRoot":"","sources":["../src/core/earlyInit.ts"],"names":[],"mappings":";;AAUA,sCA+DC;AAID,0DAoBC;AAID,kFAGC;AAxGD,2CAAqE;AACrE,kDAA4D;AAE5D,uEAGmC;AAEnC,IAAI,sBAAsB,GAAG,KAAK,CAAC;AAEnC,SAAgB,aAAa,CAAC,MAM7B;IACG,IAAI,sBAAsB,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC5E,CAAC;IAED,sBAAsB,GAAG,IAAI,CAAC;IAE9B,MAAM,EAAE,WAAW,EAAE,oBAAoB,EAAE,eAAe,GAAG,KAAK,EAAE,GAAG,MAAM,IAAI,EAAE,CAAC;IAEpF,MAAM,EAAE,aAAa,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAE/C,IAAI,aAAa,EAAE,CAAC;QAChB,IAAI,oBAAoB,EAAE,CAAC;YACvB,MAAM,sBAAsB,GAAG,UAAU,CAAC,cAAc,CAAC;YAEzD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEtC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,gBAAgB,EAAE;gBAChD,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,sBAAsB;aAChC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;YAEvC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAE7B,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,OAAO,EAAE;gBACvC,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,aAAa;aACvB,CAAC,CAAC;QACP,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC;YAE/C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAEjC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,WAAW,EAAE;gBAC3C,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,iBAAiB;aAC3B,CAAC,CAAC;QACP,CAAC;QAED,IAAA,6EAAmD,GAAE,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,CAAC;AAC7B,CAAC;AAED,IAAI,oBAAoB,GAA6B,SAAS,CAAC;AAE/D,SAAgB,uBAAuB;IAGnC,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACX;YACI,uBAAuB;YACvB,gCAAgC;YAChC,oEAAoE;SACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IACN,CAAC;IACD,OAAO,oBAAoB,KAAK,SAAS;QACrC,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE;QAC7B,CAAC,CAAC;YACI,YAAY,EAAE,oBAAoB;YAClC,iBAAiB,EAAE,GAAG,EAAE;gBACpB,oBAAoB,GAAG,SAAS,CAAC;YACrC,CAAC;SACJ,CAAC;AACZ,CAAC;AAED,IAAI,gCAAgC,GAAuB,SAAS,CAAC;AAErE,SAAgB,mCAAmC;IAC/C,IAAA,eAAM,EAAC,gCAAgC,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;IACjE,OAAO,gCAAgC,CAAC;AAC5C,CAAC;AAED,SAAS,kBAAkB;IACvB,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAEtD,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,CAAC;YACP,MAAM,kBAAkB,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CACtF,OAAO,CACV,CAAC;YAEF,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,IAAI,CAAC,IAAA,oCAAwB,EAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAW,CAAC;QAC7E,CAAC;QAED,KAAK,EAAE,CAAC;YACJ,MAAM,kBAAkB,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAErE,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IAAI,CAAC,IAAA,oCAAwB,EAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IACI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,IAAI;gBACtD,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,IAAI;gBAC1D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,IAAI,EAC3D,CAAC;gBACC,mFAAmF;gBACnF,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAW,CAAC;QAC1E,CAAC;QAED,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAW,CAAC;IACpD,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,CAAC;QAC/C,gCAAgC,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC7F,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,gCAAgC,GAAG,eAAe,CAAC,QAAQ,CAAC;IAE5D,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,GAAG,EAAE;QAC3B,MAAM,YAAY,GAAiB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAEjD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;YACvB,QAAQ,sBAAsB,CAAC,YAAY,EAAE,CAAC;gBAC1C,KAAK,UAAU;oBACX,OAAO,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;gBACvE,KAAK,OAAO;oBACR,OAAO,eAAe,CAAC,YAAY,CAAC;gBACxC;oBACI,IAAA,eAAM,EAA+C,KAAK,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC9B,CAAC;QAED,IAAA,eAAM,EAAC,YAAY,CAAC,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;QAE5C,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;IAE3E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAC/D,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,QAAQ,SAAS,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,QAAQ;YACT,IAAA,2DAAiC,EAAC,EAAE,YAAY,EAAE,CAAC,CAAC;YACpD,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;QACpC,KAAK,UAAU,CAAC,CAAC,CAAC;YACd,oBAAoB,GAAG,YAAY,CAAC;YAEpC,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE;gBAClC,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;oBAC5E,OAAO,SAAS,CAAC,2CAA2C,CAAC;gBACjE,CAAC;gBACD,OAAO,SAAS,CAAC,uBAAuB,CAAC;YAC7C,CAAC,CAAC,EAAE,CAAC;YAEL,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,uBAAuB,CAAC,CAAC;YAEtD,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QACnC,CAAC;QACD;YACI,IAAA,eAAM,EAAkC,KAAK,CAAC,CAAC;IACvD,CAAC;AACL,CAAC"}
|
|
@@ -1,12 +1,19 @@
|
|
|
1
1
|
import { type AuthResponse } from "./AuthResponse";
|
|
2
2
|
export declare function preventSessionStorageSetItemOfPublicKeyByThirdParty(): void;
|
|
3
|
+
declare function getIsEncryptedAuthResponse(params: {
|
|
4
|
+
message: unknown;
|
|
5
|
+
stateUrlParamValue: string;
|
|
6
|
+
}): boolean;
|
|
7
|
+
declare function getIsReadyToReadPublicKeyMessage(params: {
|
|
8
|
+
message: unknown;
|
|
9
|
+
stateUrlParamValue: string;
|
|
10
|
+
}): boolean;
|
|
3
11
|
export declare function initIframeMessageProtection(params: {
|
|
4
12
|
stateUrlParamValue: string;
|
|
5
|
-
log: typeof console.log | undefined;
|
|
6
13
|
}): Promise<{
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
14
|
+
getIsReadyToReadPublicKeyMessage: typeof getIsReadyToReadPublicKeyMessage;
|
|
15
|
+
setSessionStoragePublicKey: () => void;
|
|
16
|
+
getIsEncryptedAuthResponse: typeof getIsEncryptedAuthResponse;
|
|
10
17
|
decodeEncryptedAuth: (params: {
|
|
11
18
|
encryptedAuthResponse: string;
|
|
12
19
|
}) => Promise<{
|
|
@@ -14,8 +21,7 @@ export declare function initIframeMessageProtection(params: {
|
|
|
14
21
|
}>;
|
|
15
22
|
clearSessionStoragePublicKey: () => void;
|
|
16
23
|
}>;
|
|
17
|
-
export declare function
|
|
24
|
+
export declare function postEncryptedAuthResponseToParent(params: {
|
|
18
25
|
authResponse: AuthResponse;
|
|
19
|
-
}): Promise<
|
|
20
|
-
|
|
21
|
-
}>;
|
|
26
|
+
}): Promise<void>;
|
|
27
|
+
export {};
|
|
@@ -2,11 +2,13 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.preventSessionStorageSetItemOfPublicKeyByThirdParty = preventSessionStorageSetItemOfPublicKeyByThirdParty;
|
|
4
4
|
exports.initIframeMessageProtection = initIframeMessageProtection;
|
|
5
|
-
exports.
|
|
5
|
+
exports.postEncryptedAuthResponseToParent = postEncryptedAuthResponseToParent;
|
|
6
6
|
const assert_1 = require("../tools/tsafe/assert");
|
|
7
7
|
const asymmetricEncryption_1 = require("../tools/asymmetricEncryption");
|
|
8
8
|
const setItem_real = Storage.prototype.setItem;
|
|
9
9
|
const sessionStorage_original = window.sessionStorage;
|
|
10
|
+
const setTimeout_original = window.setTimeout;
|
|
11
|
+
const alert_original = window.alert;
|
|
10
12
|
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
11
13
|
function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
12
14
|
const setItem_protected = function setItem(key, value) {
|
|
@@ -25,64 +27,86 @@ function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
|
25
27
|
});
|
|
26
28
|
}
|
|
27
29
|
}
|
|
28
|
-
const ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
|
|
29
30
|
function getSessionStorageKey(params) {
|
|
30
31
|
const { stateUrlParamValue } = params;
|
|
31
32
|
return `${SESSION_STORAGE_PREFIX}${stateUrlParamValue}`;
|
|
32
33
|
}
|
|
34
|
+
const ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
|
|
35
|
+
function getIsEncryptedAuthResponse(params) {
|
|
36
|
+
const { message, stateUrlParamValue } = params;
|
|
37
|
+
return (typeof message === "string" &&
|
|
38
|
+
message.startsWith(`${ENCRYPTED_AUTH_RESPONSES_PREFIX}${stateUrlParamValue}`));
|
|
39
|
+
}
|
|
40
|
+
function getReadyMessage(params) {
|
|
41
|
+
const { stateUrlParamValue } = params;
|
|
42
|
+
return `oidc-spa_ready_to_read_publicKey_${stateUrlParamValue}`;
|
|
43
|
+
}
|
|
44
|
+
function getIsReadyToReadPublicKeyMessage(params) {
|
|
45
|
+
const { message, stateUrlParamValue } = params;
|
|
46
|
+
return message === getReadyMessage({ stateUrlParamValue });
|
|
47
|
+
}
|
|
33
48
|
async function initIframeMessageProtection(params) {
|
|
34
|
-
const { stateUrlParamValue
|
|
49
|
+
const { stateUrlParamValue } = params;
|
|
35
50
|
const { publicKey, privateKey } = await (0, asymmetricEncryption_1.generateKeys)();
|
|
36
51
|
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
52
|
+
let timer = undefined;
|
|
53
|
+
function setSessionStoragePublicKey() {
|
|
54
|
+
setItem_real.call(sessionStorage_original, sessionStorageKey, publicKey);
|
|
55
|
+
const checkTimeoutCallback = () => {
|
|
56
|
+
if (sessionStorage.getItem(sessionStorageKey) !== publicKey) {
|
|
57
|
+
while (true) {
|
|
58
|
+
alert_original([
|
|
59
|
+
"⚠️ Security Alert:",
|
|
60
|
+
"oidc-spa detected an attack attempt.",
|
|
61
|
+
"For your safety, please close this tab immediately",
|
|
62
|
+
"and notify the site administrator."
|
|
63
|
+
].join(" "));
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
check();
|
|
67
|
+
};
|
|
68
|
+
function check() {
|
|
69
|
+
timer = setTimeout_original(checkTimeoutCallback, 5);
|
|
70
|
+
}
|
|
71
|
+
check();
|
|
43
72
|
}
|
|
44
73
|
async function decodeEncryptedAuth(params) {
|
|
45
74
|
const { encryptedAuthResponse } = params;
|
|
46
75
|
const { message: authResponse_str } = await (0, asymmetricEncryption_1.asymmetricDecrypt)({
|
|
47
|
-
encryptedMessage: encryptedAuthResponse.slice(ENCRYPTED_AUTH_RESPONSES_PREFIX.length),
|
|
76
|
+
encryptedMessage: encryptedAuthResponse.slice(ENCRYPTED_AUTH_RESPONSES_PREFIX.length + stateUrlParamValue.length),
|
|
48
77
|
privateKey
|
|
49
78
|
});
|
|
50
79
|
const authResponse = JSON.parse(authResponse_str);
|
|
51
80
|
return { authResponse };
|
|
52
81
|
}
|
|
53
82
|
function clearSessionStoragePublicKey() {
|
|
54
|
-
log?.(`Clearing session storage public key at ${sessionStorageKey}`);
|
|
55
83
|
sessionStorage.removeItem(sessionStorageKey);
|
|
56
|
-
|
|
84
|
+
clearTimeout(timer);
|
|
57
85
|
}
|
|
58
|
-
return {
|
|
86
|
+
return {
|
|
87
|
+
getIsReadyToReadPublicKeyMessage,
|
|
88
|
+
setSessionStoragePublicKey,
|
|
89
|
+
getIsEncryptedAuthResponse,
|
|
90
|
+
decodeEncryptedAuth,
|
|
91
|
+
clearSessionStoragePublicKey
|
|
92
|
+
};
|
|
59
93
|
}
|
|
60
|
-
async function
|
|
94
|
+
async function postEncryptedAuthResponseToParent(params) {
|
|
61
95
|
const { authResponse } = params;
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
{
|
|
68
|
-
const publicKey = sessionStorage.getItem(`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`);
|
|
69
|
-
console.log(`====> PublicKey_alt_1: ${publicKey}`);
|
|
70
|
-
}
|
|
71
|
-
{
|
|
72
|
-
const publicKey = sessionStorage_original.getItem(`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`);
|
|
73
|
-
console.log(`====> PublicKey_alt_2: ${publicKey}`);
|
|
74
|
-
}
|
|
75
|
-
{
|
|
76
|
-
const publicKey = sessionStorage_original.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
|
|
77
|
-
console.log(`====> PublicKey_3: ${publicKey}`);
|
|
78
|
-
}
|
|
79
|
-
throw error;
|
|
96
|
+
parent.postMessage(getReadyMessage({ stateUrlParamValue: authResponse.state }), location.origin);
|
|
97
|
+
const readPublicKey = () => sessionStorage.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
|
|
98
|
+
await new Promise(resolve => setTimeout(resolve, 2));
|
|
99
|
+
while (readPublicKey() === null) {
|
|
100
|
+
await new Promise(resolve => setTimeout(resolve, 2));
|
|
80
101
|
}
|
|
102
|
+
await new Promise(resolve => setTimeout(resolve, 7));
|
|
103
|
+
const publicKey = readPublicKey();
|
|
104
|
+
(0, assert_1.assert)(publicKey !== null, "2293303");
|
|
81
105
|
const { encryptedMessage: encryptedMessage_withoutPrefix } = await (0, asymmetricEncryption_1.asymmetricEncrypt)({
|
|
82
106
|
publicKey,
|
|
83
107
|
message: JSON.stringify(authResponse)
|
|
84
108
|
});
|
|
85
|
-
const encryptedMessage = `${ENCRYPTED_AUTH_RESPONSES_PREFIX}${encryptedMessage_withoutPrefix}`;
|
|
86
|
-
|
|
109
|
+
const encryptedMessage = `${ENCRYPTED_AUTH_RESPONSES_PREFIX}${authResponse.state}${encryptedMessage_withoutPrefix}`;
|
|
110
|
+
parent.postMessage(encryptedMessage, location.origin);
|
|
87
111
|
}
|
|
88
112
|
//# sourceMappingURL=iframeMessageProtection.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../src/core/iframeMessageProtection.ts"],"names":[],"mappings":";;AAWA,kHAsBC;AA6BD,kEAgEC;AAED,8EA4BC;AA5JD,kDAA+C;AAC/C,wEAAmG;AAGnG,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAC/C,MAAM,uBAAuB,GAAG,MAAM,CAAC,cAAc,CAAC;AACtD,MAAM,mBAAmB,GAAsB,MAAM,CAAC,UAAU,CAAC;AACjE,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,CAAC;AAEpC,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,SAAgB,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,IAAA,eAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,0BAA0B,CAAC,MAAwD;IACxF,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAE/C,OAAO,CACH,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,kBAAkB,EAAE,CAAC,CAChF,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,MAAsC;IAC3D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IACtC,OAAO,oCAAoC,kBAAkB,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAwD;IAC9F,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAC/C,OAAO,OAAO,KAAK,eAAe,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAC/D,CAAC;AAEM,KAAK,UAAU,2BAA2B,CAAC,MAAsC;IACpF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,mCAAY,GAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,IAAI,KAAK,GAA8C,SAAS,CAAC;IAEjE,SAAS,0BAA0B;QAC/B,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;QAEzE,MAAM,oBAAoB,GAAG,GAAG,EAAE;YAC9B,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC1D,OAAO,IAAI,EAAE,CAAC;oBACV,cAAc,CACV;wBACI,qBAAqB;wBACrB,sCAAsC;wBACtC,oDAAoD;wBACpD,oCAAoC;qBACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACN,CAAC;YACL,CAAC;YACD,KAAK,EAAE,CAAC;QACZ,CAAC,CAAC;QAEF,SAAS,KAAK;YACV,KAAK,GAAG,mBAAmB,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,KAAK,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CACzC,+BAA+B,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CACrE;YACD,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC7C,YAAY,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC;IAED,OAAO;QACH,gCAAgC;QAChC,0BAA0B;QAC1B,0BAA0B;QAC1B,mBAAmB;QACnB,4BAA4B;KAC/B,CAAC;AACN,CAAC;AAEM,KAAK,UAAU,iCAAiC,CAAC,MAAsC;IAC1F,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEjG,MAAM,aAAa,GAAG,GAAG,EAAE,CACvB,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE7F,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,OAAO,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAElC,IAAA,eAAM,EAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;IAEtC,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,IAAA,wCAAiB,EAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,YAAY,CAAC,KAAK,GAAG,8BAA8B,EAAE,CAAC;IAEpH,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC"}
|
package/core/loginSilent.js
CHANGED
|
@@ -36,9 +36,8 @@ async function loginSilent(params) {
|
|
|
36
36
|
const dynamicDelay = rtt * 2.5 + BASE_DELAY_MS / (downlink + 1);
|
|
37
37
|
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
38
38
|
})();
|
|
39
|
-
const { decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await (0, iframeMessageProtection_1.initIframeMessageProtection)({
|
|
40
|
-
stateUrlParamValue: stateUrlParamValue_instance
|
|
41
|
-
log
|
|
39
|
+
const { getIsReadyToReadPublicKeyMessage, setSessionStoragePublicKey, decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await (0, iframeMessageProtection_1.initIframeMessageProtection)({
|
|
40
|
+
stateUrlParamValue: stateUrlParamValue_instance
|
|
42
41
|
});
|
|
43
42
|
let clearTimeouts;
|
|
44
43
|
{
|
|
@@ -70,24 +69,42 @@ async function loginSilent(params) {
|
|
|
70
69
|
}
|
|
71
70
|
};
|
|
72
71
|
}
|
|
73
|
-
|
|
72
|
+
let listener;
|
|
73
|
+
listener = async (event) => {
|
|
74
74
|
if (event.origin !== window.location.origin) {
|
|
75
75
|
return;
|
|
76
76
|
}
|
|
77
|
-
if (!
|
|
77
|
+
if (!getIsReadyToReadPublicKeyMessage({
|
|
78
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
78
79
|
message: event.data
|
|
79
80
|
})) {
|
|
80
81
|
return;
|
|
81
82
|
}
|
|
82
|
-
|
|
83
|
+
window.removeEventListener("message", listener, false);
|
|
84
|
+
setSessionStoragePublicKey();
|
|
85
|
+
const dEncryptedAuthResponse = new Deferred_1.Deferred();
|
|
86
|
+
listener = event => {
|
|
87
|
+
if (event.origin !== window.location.origin) {
|
|
88
|
+
return;
|
|
89
|
+
}
|
|
90
|
+
const message = event.data;
|
|
91
|
+
if (!getIsEncryptedAuthResponse({
|
|
92
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
93
|
+
message
|
|
94
|
+
})) {
|
|
95
|
+
return;
|
|
96
|
+
}
|
|
97
|
+
window.removeEventListener("message", listener);
|
|
98
|
+
dEncryptedAuthResponse.resolve(message);
|
|
99
|
+
};
|
|
100
|
+
window.addEventListener("message", listener, false);
|
|
101
|
+
const encryptedAuthResponse = await dEncryptedAuthResponse.pr;
|
|
102
|
+
const { authResponse } = await decodeEncryptedAuth({ encryptedAuthResponse });
|
|
83
103
|
const stateData = (0, StateData_1.getStateData)({ stateUrlParamValue: authResponse.state });
|
|
84
104
|
(0, assert_1.assert)(stateData !== undefined, "765645");
|
|
85
105
|
(0, assert_1.assert)(stateData.context === "iframe", "250711");
|
|
86
|
-
|
|
87
|
-
return;
|
|
88
|
-
}
|
|
106
|
+
(0, assert_1.assert)(stateData.configId === configId, "4922732");
|
|
89
107
|
clearTimeouts({ wasSuccess: true });
|
|
90
|
-
window.removeEventListener("message", listener);
|
|
91
108
|
dResult.resolve({
|
|
92
109
|
outcome: "got auth response from iframe",
|
|
93
110
|
authResponse
|
package/core/loginSilent.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;AA8BA,
|
|
1
|
+
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../src/core/loginSilent.ts"],"names":[],"mappings":";;AA8BA,kCAmQC;AA7RD,gDAA6C;AAC7C,kDAA+C;AAC/C,0CAAuC;AACvC,4DAAyD;AACzD,2CAA4E;AAC5E,kEAA+D;AAC/D,0CAA0C;AAE1C,8DAAkE;AAClE,uEAAwE;AACxE,sDAAmD;AAgB5C,KAAK,UAAU,WAAW,CAAC,MAgBjC;IACG,MAAM,EACF,uBAAuB,EACvB,2BAA2B,EAC3B,QAAQ,EACR,0BAA0B,EAC1B,mBAAmB,EACnB,mBAAmB,EACnB,SAAS,EACT,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,kBAAkB,EAAE,CAAC;QACjB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,IAAA,yBAAW,GAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC;QAC7B,CAAC;QACD,GAAG,EAAE,CAAC,wFAAwF,CAAC,CAAC;QAChG,MAAM,QAAQ,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,mBAAQ,EAAuB,CAAC;IAEpD,MAAM,cAAc,GAAW,CAAC,GAAG,EAAE;QACjC,MAAM,KAAK,GAAG,IAAA,gBAAQ,GAAE,CAAC;QAEzB,MAAM,cAAc,GAAG,IAAA,qCAAiB,GAAE,CAAC;QAE3C,6DAA6D;QAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,IAAK,CAAC;QAEjE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACzB,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAAC;QAEzC,oDAAoD;QACpD,8CAA8C;QAC9C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EACF,gCAAgC,EAChC,0BAA0B,EAC1B,mBAAmB,EACnB,0BAA0B,EAC1B,4BAA4B,EAC/B,GAAG,MAAM,IAAA,qDAA2B,EAAC;QAClC,kBAAkB,EAAE,2BAA2B;KAClD,CAAC,CAAC;IAEH,IAAI,aAAwD,CAAC;IAC7D,CAAC;QACG,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,QAAQ,GAAG;YACb,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACnB,CAAC,CAAC;YACP,CAAC,EAAE,cAAc,CAAC;YAClB,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,IAAI,CACR;oBACI,+DAA+D;oBAC/D,2CAA2C;oBAC3C,WAAW,IAAI,CAAC,KAAK,CACjB,cAAc,GAAG,IAAK,CACzB,sCAAsC;oBACvC,yFAAyF;iBAC5F,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACF,uBAAuB,GAAG,IAAI,CAAC;YACnC,CAAC,EAAE,IAAK,CAAC;SACZ,CAAC;QAEF,aAAa,GAAG,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE;YAC/B,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC/B,IAAI,UAAU,IAAI,uBAAuB,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CACP;oBACI,iEAAiE;oBACjE,6CAA6C;iBAChD,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;YACN,CAAC;QACL,CAAC,CAAC;IACN,CAAC;IAED,IAAI,QAAuC,CAAC;IAE5C,QAAQ,GAAG,KAAK,EAAE,KAAmB,EAAE,EAAE;QACrC,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO;QACX,CAAC;QAED,IACI,CAAC,gCAAgC,CAAC;YAC9B,kBAAkB,EAAE,2BAA2B;YAC/C,OAAO,EAAE,KAAK,CAAC,IAAI;SACtB,CAAC,EACJ,CAAC;YACC,OAAO;QACX,CAAC;QAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEvD,0BAA0B,EAAE,CAAC;QAE7B,MAAM,sBAAsB,GAAG,IAAI,mBAAQ,EAAU,CAAC;QAEtD,QAAQ,GAAG,KAAK,CAAC,EAAE;YACf,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC1C,OAAO;YACX,CAAC;YAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC;YAE3B,IACI,CAAC,0BAA0B,CAAC;gBACxB,kBAAkB,EAAE,2BAA2B;gBAC/C,OAAO;aACV,CAAC,EACJ,CAAC;gBACC,OAAO;YACX,CAAC;YAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhD,sBAAsB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEpD,MAAM,qBAAqB,GAAG,MAAM,sBAAsB,CAAC,EAAE,CAAC;QAE9D,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,mBAAmB,CAAC,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAE9E,MAAM,SAAS,GAAG,IAAA,wBAAY,EAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;QAE3E,IAAA,eAAM,EAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC1C,IAAA,eAAM,EAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAA,eAAM,EAAC,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEnD,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,+BAA+B;YACxC,YAAY;SACf,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEpD,MAAM,yBAAyB,GAAG,CAAC,GAAW,EAAE,EAAE;QAC9C,sBAAsB,EAAE,CAAC;YACrB,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACpC,MAAM,sBAAsB,CAAC;YACjC,CAAC;YAED,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YAEtE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,SAAS;gBACb,CAAC;gBACD,GAAG,GAAG,IAAA,wCAAsB,EAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;YACjF,CAAC;QACL,CAAC;QAED,mBAAmB,EAAE,CAAC;YAClB,IAAI,0BAA0B,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,mBAAmB,CAAC;YAC9B,CAAC;YACD,GAAG,GAAG,0BAA0B,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC,CAAC;IAEF,uBAAuB;SAClB,YAAY,CAAC;QACV,KAAK,EAAE,IAAA,OAAE,EAAmB;YACxB,OAAO,EAAE,QAAQ;YACjB,QAAQ;SACX,CAAC;QACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;QACpD,gBAAgB,EACZ,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAA,yBAAW,EAAC,mBAAmB,EAAE,CAAC;QACtF,YAAY,EAAE,yBAAyB;KAC1C,CAAC;SACD,IAAI,CACD,gBAAgB,CAAC,EAAE;QACf,IAAA,eAAM,EAAC,gBAAgB,KAAK,IAAI,EAAE,kDAAkD,CAAC,CAAC;QAEtF,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEhD,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,qCAAqC;YAC9C,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC,EACD,CAAC,KAAY,EAAE,EAAE;QACb,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;YACtC,+DAA+D;YAC/D,mCAAmC;YACnC,mEAAmE;YACnE,0CAA0C;YAC1C,yEAAyE;YAEzE,0DAA0D;YAC1D,kEAAkE;YAClE,mEAAmE;YACnE,qBAAqB;YACrB,aAAa,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAErC,OAAO,CAAC,OAAO,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,sCAAsC;aAChD,CAAC,CAAC;YAEH,OAAO;QACX,CAAC;QAED,yEAAyE;QACzE,qEAAqE;IACzE,CAAC,CACJ,CAAC;IAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACrB,4BAA4B,EAAE,CAAC;QAE/B,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAA,2BAAe,EAAC,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,CAAC,CAAC;QACzE,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,EAAE,CAAC;AACtB,CAAC"}
|
package/esm/core/createOidc.js
CHANGED
|
@@ -28,7 +28,7 @@ import { isKeycloak } from "../keycloak/isKeycloak";
|
|
|
28
28
|
import { INFINITY_TIME } from "../tools/INFINITY_TIME";
|
|
29
29
|
import { getIsValidRemoteJson } from "../tools/getIsValidRemoteJson";
|
|
30
30
|
// NOTE: Replaced at build time
|
|
31
|
-
const VERSION = "8.1.7
|
|
31
|
+
const VERSION = "8.1.7";
|
|
32
32
|
const globalContext = {
|
|
33
33
|
prOidcByConfigId: new Map(),
|
|
34
34
|
hasLogoutBeenCalled: id(false),
|
package/esm/core/earlyInit.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { getStateData, getIsStatQueryParamValue } from "./StateData";
|
|
2
2
|
import { assert } from "../tools/tsafe/assert";
|
|
3
|
-
import {
|
|
3
|
+
import { postEncryptedAuthResponseToParent, preventSessionStorageSetItemOfPublicKeyByThirdParty } from "./iframeMessageProtection";
|
|
4
4
|
let hasEarlyInitBeenCalled = false;
|
|
5
5
|
export function oidcEarlyInit(params) {
|
|
6
6
|
if (hasEarlyInitBeenCalled) {
|
|
@@ -130,9 +130,7 @@ function handleOidcCallback() {
|
|
|
130
130
|
}
|
|
131
131
|
switch (stateData.context) {
|
|
132
132
|
case "iframe":
|
|
133
|
-
|
|
134
|
-
authResponse
|
|
135
|
-
}).then(({ encryptedMessage }) => parent.postMessage(encryptedMessage, location.origin));
|
|
133
|
+
postEncryptedAuthResponseToParent({ authResponse });
|
|
136
134
|
return { shouldLoadApp: false };
|
|
137
135
|
case "redirect": {
|
|
138
136
|
redirectAuthResponse = authResponse;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"earlyInit.js","sourceRoot":"","sources":["../../src/core/earlyInit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,MAAM,EAAe,MAAM,uBAAuB,CAAC;AAE5D,OAAO,EACH,
|
|
1
|
+
{"version":3,"file":"earlyInit.js","sourceRoot":"","sources":["../../src/core/earlyInit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,MAAM,EAAe,MAAM,uBAAuB,CAAC;AAE5D,OAAO,EACH,iCAAiC,EACjC,mDAAmD,EACtD,MAAM,2BAA2B,CAAC;AAEnC,IAAI,sBAAsB,GAAG,KAAK,CAAC;AAEnC,MAAM,UAAU,aAAa,CAAC,MAM7B;IACG,IAAI,sBAAsB,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC5E,CAAC;IAED,sBAAsB,GAAG,IAAI,CAAC;IAE9B,MAAM,EAAE,WAAW,EAAE,oBAAoB,EAAE,eAAe,GAAG,KAAK,EAAE,GAAG,MAAM,IAAI,EAAE,CAAC;IAEpF,MAAM,EAAE,aAAa,EAAE,GAAG,kBAAkB,EAAE,CAAC;IAE/C,IAAI,aAAa,EAAE,CAAC;QAChB,IAAI,oBAAoB,EAAE,CAAC;YACvB,MAAM,sBAAsB,GAAG,UAAU,CAAC,cAAc,CAAC;YAEzD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEtC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,gBAAgB,EAAE;gBAChD,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,sBAAsB;aAChC,CAAC,CAAC;QACP,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;YAEvC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAE7B,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,OAAO,EAAE;gBACvC,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,aAAa;aACvB,CAAC,CAAC;QACP,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YAClB,MAAM,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC;YAE/C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAEjC,MAAM,CAAC,cAAc,CAAC,UAAU,EAAE,WAAW,EAAE;gBAC3C,YAAY,EAAE,KAAK;gBACnB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,iBAAiB;aAC3B,CAAC,CAAC;QACP,CAAC;QAED,mDAAmD,EAAE,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,CAAC;AAC7B,CAAC;AAED,IAAI,oBAAoB,GAA6B,SAAS,CAAC;AAE/D,MAAM,UAAU,uBAAuB;IAGnC,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACX;YACI,uBAAuB;YACvB,gCAAgC;YAChC,oEAAoE;SACvE,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IACN,CAAC;IACD,OAAO,oBAAoB,KAAK,SAAS;QACrC,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE;QAC7B,CAAC,CAAC;YACI,YAAY,EAAE,oBAAoB;YAClC,iBAAiB,EAAE,GAAG,EAAE;gBACpB,oBAAoB,GAAG,SAAS,CAAC;YACrC,CAAC;SACJ,CAAC;AACZ,CAAC;AAED,IAAI,gCAAgC,GAAuB,SAAS,CAAC;AAErE,MAAM,UAAU,mCAAmC;IAC/C,MAAM,CAAC,gCAAgC,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;IACjE,OAAO,gCAAgC,CAAC;AAC5C,CAAC;AAED,SAAS,kBAAkB;IACvB,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAEtD,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE;QACjC,QAAQ,EAAE,CAAC;YACP,MAAM,kBAAkB,GAAG,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CACtF,OAAO,CACV,CAAC;YAEF,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,IAAI,CAAC,wBAAwB,CAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,QAAQ,CAAC;YACnB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAW,CAAC;QAC7E,CAAC;QAED,KAAK,EAAE,CAAC;YACJ,MAAM,kBAAkB,GAAG,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAErE,IAAI,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBAC9B,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IAAI,CAAC,wBAAwB,CAAC,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC7E,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,IACI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,IAAI;gBACtD,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,KAAK,IAAI;gBAC1D,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,IAAI,EAC3D,CAAC;gBACC,mFAAmF;gBACnF,MAAM,KAAK,CAAC;YAChB,CAAC;YAED,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAW,CAAC;QAC1E,CAAC;QAED,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAW,CAAC;IACpD,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,CAAC;QAC/C,gCAAgC,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC7F,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,gCAAgC,GAAG,eAAe,CAAC,QAAQ,CAAC;IAE5D,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,GAAG,EAAE;QAC3B,MAAM,YAAY,GAAiB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAEjD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;YACvB,QAAQ,sBAAsB,CAAC,YAAY,EAAE,CAAC;gBAC1C,KAAK,UAAU;oBACX,OAAO,IAAI,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;gBACvE,KAAK,OAAO;oBACR,OAAO,eAAe,CAAC,YAAY,CAAC;gBACxC;oBACI,MAAM,CAA+C,KAAK,CAAC,CAAC;YACpE,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;QAEL,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE,CAAC;YACtC,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC9B,CAAC;QAED,MAAM,CAAC,YAAY,CAAC,KAAK,KAAK,EAAE,EAAE,QAAQ,CAAC,CAAC;QAE5C,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;IAE3E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAC/D,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,QAAQ,SAAS,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,QAAQ;YACT,iCAAiC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC;YACpD,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;QACpC,KAAK,UAAU,CAAC,CAAC,CAAC;YACd,oBAAoB,GAAG,YAAY,CAAC;YAEpC,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE;gBAClC,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;oBAC5E,OAAO,SAAS,CAAC,2CAA2C,CAAC;gBACjE,CAAC;gBACD,OAAO,SAAS,CAAC,uBAAuB,CAAC;YAC7C,CAAC,CAAC,EAAE,CAAC;YAEL,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,uBAAuB,CAAC,CAAC;YAEtD,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QACnC,CAAC;QACD;YACI,MAAM,CAAkC,KAAK,CAAC,CAAC;IACvD,CAAC;AACL,CAAC"}
|
|
@@ -1,12 +1,19 @@
|
|
|
1
1
|
import { type AuthResponse } from "./AuthResponse";
|
|
2
2
|
export declare function preventSessionStorageSetItemOfPublicKeyByThirdParty(): void;
|
|
3
|
+
declare function getIsEncryptedAuthResponse(params: {
|
|
4
|
+
message: unknown;
|
|
5
|
+
stateUrlParamValue: string;
|
|
6
|
+
}): boolean;
|
|
7
|
+
declare function getIsReadyToReadPublicKeyMessage(params: {
|
|
8
|
+
message: unknown;
|
|
9
|
+
stateUrlParamValue: string;
|
|
10
|
+
}): boolean;
|
|
3
11
|
export declare function initIframeMessageProtection(params: {
|
|
4
12
|
stateUrlParamValue: string;
|
|
5
|
-
log: typeof console.log | undefined;
|
|
6
13
|
}): Promise<{
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
14
|
+
getIsReadyToReadPublicKeyMessage: typeof getIsReadyToReadPublicKeyMessage;
|
|
15
|
+
setSessionStoragePublicKey: () => void;
|
|
16
|
+
getIsEncryptedAuthResponse: typeof getIsEncryptedAuthResponse;
|
|
10
17
|
decodeEncryptedAuth: (params: {
|
|
11
18
|
encryptedAuthResponse: string;
|
|
12
19
|
}) => Promise<{
|
|
@@ -14,8 +21,7 @@ export declare function initIframeMessageProtection(params: {
|
|
|
14
21
|
}>;
|
|
15
22
|
clearSessionStoragePublicKey: () => void;
|
|
16
23
|
}>;
|
|
17
|
-
export declare function
|
|
24
|
+
export declare function postEncryptedAuthResponseToParent(params: {
|
|
18
25
|
authResponse: AuthResponse;
|
|
19
|
-
}): Promise<
|
|
20
|
-
|
|
21
|
-
}>;
|
|
26
|
+
}): Promise<void>;
|
|
27
|
+
export {};
|
|
@@ -2,6 +2,8 @@ import { assert } from "../tools/tsafe/assert";
|
|
|
2
2
|
import { asymmetricEncrypt, asymmetricDecrypt, generateKeys } from "../tools/asymmetricEncryption";
|
|
3
3
|
const setItem_real = Storage.prototype.setItem;
|
|
4
4
|
const sessionStorage_original = window.sessionStorage;
|
|
5
|
+
const setTimeout_original = window.setTimeout;
|
|
6
|
+
const alert_original = window.alert;
|
|
5
7
|
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
6
8
|
export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
7
9
|
const setItem_protected = function setItem(key, value) {
|
|
@@ -20,64 +22,86 @@ export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
|
20
22
|
});
|
|
21
23
|
}
|
|
22
24
|
}
|
|
23
|
-
const ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
|
|
24
25
|
function getSessionStorageKey(params) {
|
|
25
26
|
const { stateUrlParamValue } = params;
|
|
26
27
|
return `${SESSION_STORAGE_PREFIX}${stateUrlParamValue}`;
|
|
27
28
|
}
|
|
29
|
+
const ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
|
|
30
|
+
function getIsEncryptedAuthResponse(params) {
|
|
31
|
+
const { message, stateUrlParamValue } = params;
|
|
32
|
+
return (typeof message === "string" &&
|
|
33
|
+
message.startsWith(`${ENCRYPTED_AUTH_RESPONSES_PREFIX}${stateUrlParamValue}`));
|
|
34
|
+
}
|
|
35
|
+
function getReadyMessage(params) {
|
|
36
|
+
const { stateUrlParamValue } = params;
|
|
37
|
+
return `oidc-spa_ready_to_read_publicKey_${stateUrlParamValue}`;
|
|
38
|
+
}
|
|
39
|
+
function getIsReadyToReadPublicKeyMessage(params) {
|
|
40
|
+
const { message, stateUrlParamValue } = params;
|
|
41
|
+
return message === getReadyMessage({ stateUrlParamValue });
|
|
42
|
+
}
|
|
28
43
|
export async function initIframeMessageProtection(params) {
|
|
29
|
-
const { stateUrlParamValue
|
|
44
|
+
const { stateUrlParamValue } = params;
|
|
30
45
|
const { publicKey, privateKey } = await generateKeys();
|
|
31
46
|
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
47
|
+
let timer = undefined;
|
|
48
|
+
function setSessionStoragePublicKey() {
|
|
49
|
+
setItem_real.call(sessionStorage_original, sessionStorageKey, publicKey);
|
|
50
|
+
const checkTimeoutCallback = () => {
|
|
51
|
+
if (sessionStorage.getItem(sessionStorageKey) !== publicKey) {
|
|
52
|
+
while (true) {
|
|
53
|
+
alert_original([
|
|
54
|
+
"⚠️ Security Alert:",
|
|
55
|
+
"oidc-spa detected an attack attempt.",
|
|
56
|
+
"For your safety, please close this tab immediately",
|
|
57
|
+
"and notify the site administrator."
|
|
58
|
+
].join(" "));
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
check();
|
|
62
|
+
};
|
|
63
|
+
function check() {
|
|
64
|
+
timer = setTimeout_original(checkTimeoutCallback, 5);
|
|
65
|
+
}
|
|
66
|
+
check();
|
|
38
67
|
}
|
|
39
68
|
async function decodeEncryptedAuth(params) {
|
|
40
69
|
const { encryptedAuthResponse } = params;
|
|
41
70
|
const { message: authResponse_str } = await asymmetricDecrypt({
|
|
42
|
-
encryptedMessage: encryptedAuthResponse.slice(ENCRYPTED_AUTH_RESPONSES_PREFIX.length),
|
|
71
|
+
encryptedMessage: encryptedAuthResponse.slice(ENCRYPTED_AUTH_RESPONSES_PREFIX.length + stateUrlParamValue.length),
|
|
43
72
|
privateKey
|
|
44
73
|
});
|
|
45
74
|
const authResponse = JSON.parse(authResponse_str);
|
|
46
75
|
return { authResponse };
|
|
47
76
|
}
|
|
48
77
|
function clearSessionStoragePublicKey() {
|
|
49
|
-
log?.(`Clearing session storage public key at ${sessionStorageKey}`);
|
|
50
78
|
sessionStorage.removeItem(sessionStorageKey);
|
|
51
|
-
|
|
79
|
+
clearTimeout(timer);
|
|
52
80
|
}
|
|
53
|
-
return {
|
|
81
|
+
return {
|
|
82
|
+
getIsReadyToReadPublicKeyMessage,
|
|
83
|
+
setSessionStoragePublicKey,
|
|
84
|
+
getIsEncryptedAuthResponse,
|
|
85
|
+
decodeEncryptedAuth,
|
|
86
|
+
clearSessionStoragePublicKey
|
|
87
|
+
};
|
|
54
88
|
}
|
|
55
|
-
export async function
|
|
89
|
+
export async function postEncryptedAuthResponseToParent(params) {
|
|
56
90
|
const { authResponse } = params;
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
{
|
|
63
|
-
const publicKey = sessionStorage.getItem(`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`);
|
|
64
|
-
console.log(`====> PublicKey_alt_1: ${publicKey}`);
|
|
65
|
-
}
|
|
66
|
-
{
|
|
67
|
-
const publicKey = sessionStorage_original.getItem(`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`);
|
|
68
|
-
console.log(`====> PublicKey_alt_2: ${publicKey}`);
|
|
69
|
-
}
|
|
70
|
-
{
|
|
71
|
-
const publicKey = sessionStorage_original.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
|
|
72
|
-
console.log(`====> PublicKey_3: ${publicKey}`);
|
|
73
|
-
}
|
|
74
|
-
throw error;
|
|
91
|
+
parent.postMessage(getReadyMessage({ stateUrlParamValue: authResponse.state }), location.origin);
|
|
92
|
+
const readPublicKey = () => sessionStorage.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
|
|
93
|
+
await new Promise(resolve => setTimeout(resolve, 2));
|
|
94
|
+
while (readPublicKey() === null) {
|
|
95
|
+
await new Promise(resolve => setTimeout(resolve, 2));
|
|
75
96
|
}
|
|
97
|
+
await new Promise(resolve => setTimeout(resolve, 7));
|
|
98
|
+
const publicKey = readPublicKey();
|
|
99
|
+
assert(publicKey !== null, "2293303");
|
|
76
100
|
const { encryptedMessage: encryptedMessage_withoutPrefix } = await asymmetricEncrypt({
|
|
77
101
|
publicKey,
|
|
78
102
|
message: JSON.stringify(authResponse)
|
|
79
103
|
});
|
|
80
|
-
const encryptedMessage = `${ENCRYPTED_AUTH_RESPONSES_PREFIX}${encryptedMessage_withoutPrefix}`;
|
|
81
|
-
|
|
104
|
+
const encryptedMessage = `${ENCRYPTED_AUTH_RESPONSES_PREFIX}${authResponse.state}${encryptedMessage_withoutPrefix}`;
|
|
105
|
+
parent.postMessage(encryptedMessage, location.origin);
|
|
82
106
|
}
|
|
83
107
|
//# sourceMappingURL=iframeMessageProtection.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../../src/core/iframeMessageProtection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAGnG,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAC/C,MAAM,uBAAuB,GAAG,MAAM,CAAC,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"iframeMessageProtection.js","sourceRoot":"","sources":["../../src/core/iframeMessageProtection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAGnG,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC;AAC/C,MAAM,uBAAuB,GAAG,MAAM,CAAC,cAAc,CAAC;AACtD,MAAM,mBAAmB,GAAsB,MAAM,CAAC,UAAU,CAAC;AACjE,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,CAAC;AAEpC,MAAM,sBAAsB,GAAG,yCAAyC,CAAC;AAEzE,MAAM,UAAU,mDAAmD;IAC/D,MAAM,iBAAiB,GAAG,SAAS,OAAO,CAAY,GAAW,EAAE,KAAa;QAC5E,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACX,8EAA8E,CACjF,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC,CAAC;IAEF,CAAC;QACG,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEzE,MAAM,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;QAEzB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE;YAChD,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,KAAK,EAAE,iBAAiB;SAC3B,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAsC;IAChE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,OAAO,GAAG,sBAAsB,GAAG,kBAAkB,EAAE,CAAC;AAC5D,CAAC;AAED,MAAM,+BAA+B,GAAG,kCAAkC,CAAC;AAE3E,SAAS,0BAA0B,CAAC,MAAwD;IACxF,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAE/C,OAAO,CACH,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,CAAC,UAAU,CAAC,GAAG,+BAA+B,GAAG,kBAAkB,EAAE,CAAC,CAChF,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,MAAsC;IAC3D,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IACtC,OAAO,oCAAoC,kBAAkB,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,gCAAgC,CAAC,MAAwD;IAC9F,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAC/C,OAAO,OAAO,KAAK,eAAe,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,MAAsC;IACpF,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC;IAEtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;IAEvD,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEvE,IAAI,KAAK,GAA8C,SAAS,CAAC;IAEjE,SAAS,0BAA0B;QAC/B,YAAY,CAAC,IAAI,CAAC,uBAAuB,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;QAEzE,MAAM,oBAAoB,GAAG,GAAG,EAAE;YAC9B,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC1D,OAAO,IAAI,EAAE,CAAC;oBACV,cAAc,CACV;wBACI,qBAAqB;wBACrB,sCAAsC;wBACtC,oDAAoD;wBACpD,oCAAoC;qBACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACN,CAAC;YACL,CAAC;YACD,KAAK,EAAE,CAAC;QACZ,CAAC,CAAC;QAEF,SAAS,KAAK;YACV,KAAK,GAAG,mBAAmB,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,KAAK,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,UAAU,mBAAmB,CAAC,MAElC;QACG,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAAC;QAEzC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,iBAAiB,CAAC;YAC1D,gBAAgB,EAAE,qBAAqB,CAAC,KAAK,CACzC,+BAA+B,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CACrE;YACD,UAAU;SACb,CAAC,CAAC;QAEH,MAAM,YAAY,GAAiB,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEhE,OAAO,EAAE,YAAY,EAAE,CAAC;IAC5B,CAAC;IAED,SAAS,4BAA4B;QACjC,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAC7C,YAAY,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC;IAED,OAAO;QACH,gCAAgC;QAChC,0BAA0B;QAC1B,0BAA0B;QAC1B,mBAAmB;QACnB,4BAA4B;KAC/B,CAAC;AACN,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iCAAiC,CAAC,MAAsC;IAC1F,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAEhC,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEjG,MAAM,aAAa,GAAG,GAAG,EAAE,CACvB,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE7F,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,OAAO,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,IAAI,OAAO,CAAO,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAE3D,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAElC,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,SAAS,CAAC,CAAC;IAEtC,MAAM,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,GAAG,MAAM,iBAAiB,CAAC;QACjF,SAAS;QACT,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;KACxC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,GAAG,+BAA+B,GAAG,YAAY,CAAC,KAAK,GAAG,8BAA8B,EAAE,CAAC;IAEpH,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC"}
|
package/esm/core/loginSilent.js
CHANGED
|
@@ -33,9 +33,8 @@ export async function loginSilent(params) {
|
|
|
33
33
|
const dynamicDelay = rtt * 2.5 + BASE_DELAY_MS / (downlink + 1);
|
|
34
34
|
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
35
35
|
})();
|
|
36
|
-
const { decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await initIframeMessageProtection({
|
|
37
|
-
stateUrlParamValue: stateUrlParamValue_instance
|
|
38
|
-
log
|
|
36
|
+
const { getIsReadyToReadPublicKeyMessage, setSessionStoragePublicKey, decodeEncryptedAuth, getIsEncryptedAuthResponse, clearSessionStoragePublicKey } = await initIframeMessageProtection({
|
|
37
|
+
stateUrlParamValue: stateUrlParamValue_instance
|
|
39
38
|
});
|
|
40
39
|
let clearTimeouts;
|
|
41
40
|
{
|
|
@@ -67,24 +66,42 @@ export async function loginSilent(params) {
|
|
|
67
66
|
}
|
|
68
67
|
};
|
|
69
68
|
}
|
|
70
|
-
|
|
69
|
+
let listener;
|
|
70
|
+
listener = async (event) => {
|
|
71
71
|
if (event.origin !== window.location.origin) {
|
|
72
72
|
return;
|
|
73
73
|
}
|
|
74
|
-
if (!
|
|
74
|
+
if (!getIsReadyToReadPublicKeyMessage({
|
|
75
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
75
76
|
message: event.data
|
|
76
77
|
})) {
|
|
77
78
|
return;
|
|
78
79
|
}
|
|
79
|
-
|
|
80
|
+
window.removeEventListener("message", listener, false);
|
|
81
|
+
setSessionStoragePublicKey();
|
|
82
|
+
const dEncryptedAuthResponse = new Deferred();
|
|
83
|
+
listener = event => {
|
|
84
|
+
if (event.origin !== window.location.origin) {
|
|
85
|
+
return;
|
|
86
|
+
}
|
|
87
|
+
const message = event.data;
|
|
88
|
+
if (!getIsEncryptedAuthResponse({
|
|
89
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
90
|
+
message
|
|
91
|
+
})) {
|
|
92
|
+
return;
|
|
93
|
+
}
|
|
94
|
+
window.removeEventListener("message", listener);
|
|
95
|
+
dEncryptedAuthResponse.resolve(message);
|
|
96
|
+
};
|
|
97
|
+
window.addEventListener("message", listener, false);
|
|
98
|
+
const encryptedAuthResponse = await dEncryptedAuthResponse.pr;
|
|
99
|
+
const { authResponse } = await decodeEncryptedAuth({ encryptedAuthResponse });
|
|
80
100
|
const stateData = getStateData({ stateUrlParamValue: authResponse.state });
|
|
81
101
|
assert(stateData !== undefined, "765645");
|
|
82
102
|
assert(stateData.context === "iframe", "250711");
|
|
83
|
-
|
|
84
|
-
return;
|
|
85
|
-
}
|
|
103
|
+
assert(stateData.configId === configId, "4922732");
|
|
86
104
|
clearTimeouts({ wasSuccess: true });
|
|
87
|
-
window.removeEventListener("message", listener);
|
|
88
105
|
dResult.resolve({
|
|
89
106
|
outcome: "got auth response from iframe",
|
|
90
107
|
authResponse
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../../src/core/loginSilent.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,EAAE,EAAE,MAAM,mBAAmB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,eAAe,EAAkB,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAgBnD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAgBjC;IACG,MAAM,EACF,uBAAuB,EACvB,2BAA2B,EAC3B,QAAQ,EACR,0BAA0B,EAC1B,mBAAmB,EACnB,mBAAmB,EACnB,SAAS,EACT,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,kBAAkB,EAAE,CAAC;QACjB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC;QAC7B,CAAC;QACD,GAAG,EAAE,CAAC,wFAAwF,CAAC,CAAC;QAChG,MAAM,QAAQ,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,QAAQ,EAAuB,CAAC;IAEpD,MAAM,cAAc,GAAW,CAAC,GAAG,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QAEzB,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;QAE3C,6DAA6D;QAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,IAAK,CAAC;QAEjE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACzB,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAAC;QAEzC,oDAAoD;QACpD,8CAA8C;QAC9C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,
|
|
1
|
+
{"version":3,"file":"loginSilent.js","sourceRoot":"","sources":["../../src/core/loginSilent.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,EAAE,EAAE,MAAM,mBAAmB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,eAAe,EAAkB,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,2BAA2B,EAAE,MAAM,2BAA2B,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAgBnD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAgBjC;IACG,MAAM,EACF,uBAAuB,EACvB,2BAA2B,EAC3B,QAAQ,EACR,0BAA0B,EAC1B,mBAAmB,EACnB,mBAAmB,EACnB,SAAS,EACT,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,kBAAkB,EAAE,CAAC;QACjB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,kBAAkB,CAAC;QAC7B,CAAC;QACD,GAAG,EAAE,CAAC,wFAAwF,CAAC,CAAC;QAChG,MAAM,QAAQ,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,QAAQ,EAAuB,CAAC;IAEpD,MAAM,cAAc,GAAW,CAAC,GAAG,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QAEzB,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;QAE3C,6DAA6D;QAC7D,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAM,CAAC,CAAC,CAAC,IAAK,CAAC;QAEjE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC;QACzB,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,cAAc,CAAC;QAEzC,oDAAoD;QACpD,8CAA8C;QAC9C,MAAM,YAAY,GAAG,GAAG,GAAG,GAAG,GAAG,aAAa,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEhE,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EACF,gCAAgC,EAChC,0BAA0B,EAC1B,mBAAmB,EACnB,0BAA0B,EAC1B,4BAA4B,EAC/B,GAAG,MAAM,2BAA2B,CAAC;QAClC,kBAAkB,EAAE,2BAA2B;KAClD,CAAC,CAAC;IAEH,IAAI,aAAwD,CAAC;IAC7D,CAAC;QACG,IAAI,uBAAuB,GAAG,KAAK,CAAC;QAEpC,MAAM,QAAQ,GAAG;YACb,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,OAAO,CAAC;oBACZ,OAAO,EAAE,SAAS;oBAClB,KAAK,EAAE,SAAS;iBACnB,CAAC,CAAC;YACP,CAAC,EAAE,cAAc,CAAC;YAClB,UAAU,CAAC,GAAG,EAAE;gBACZ,OAAO,CAAC,IAAI,CACR;oBACI,+DAA+D;oBAC/D,2CAA2C;oBAC3C,WAAW,IAAI,CAAC,KAAK,CACjB,cAAc,GAAG,IAAK,CACzB,sCAAsC;oBACvC,yFAAyF;iBAC5F,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;gBACF,uBAAuB,GAAG,IAAI,CAAC;YACnC,CAAC,EAAE,IAAK,CAAC;SACZ,CAAC;QAEF,aAAa,GAAG,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE;YAC/B,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC/B,IAAI,UAAU,IAAI,uBAAuB,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CACP;oBACI,iEAAiE;oBACjE,6CAA6C;iBAChD,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;YACN,CAAC;QACL,CAAC,CAAC;IACN,CAAC;IAED,IAAI,QAAuC,CAAC;IAE5C,QAAQ,GAAG,KAAK,EAAE,KAAmB,EAAE,EAAE;QACrC,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO;QACX,CAAC;QAED,IACI,CAAC,gCAAgC,CAAC;YAC9B,kBAAkB,EAAE,2BAA2B;YAC/C,OAAO,EAAE,KAAK,CAAC,IAAI;SACtB,CAAC,EACJ,CAAC;YACC,OAAO;QACX,CAAC;QAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEvD,0BAA0B,EAAE,CAAC;QAE7B,MAAM,sBAAsB,GAAG,IAAI,QAAQ,EAAU,CAAC;QAEtD,QAAQ,GAAG,KAAK,CAAC,EAAE;YACf,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC1C,OAAO;YACX,CAAC;YAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC;YAE3B,IACI,CAAC,0BAA0B,CAAC;gBACxB,kBAAkB,EAAE,2BAA2B;gBAC/C,OAAO;aACV,CAAC,EACJ,CAAC;gBACC,OAAO;YACX,CAAC;YAED,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhD,sBAAsB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEpD,MAAM,qBAAqB,GAAG,MAAM,sBAAsB,CAAC,EAAE,CAAC;QAE9D,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,mBAAmB,CAAC,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAE9E,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,kBAAkB,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;QAE3E,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC1C,MAAM,CAAC,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACjD,MAAM,CAAC,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEnD,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,+BAA+B;YACxC,YAAY;SACf,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEpD,MAAM,yBAAyB,GAAG,CAAC,GAAW,EAAE,EAAE;QAC9C,sBAAsB,EAAE,CAAC;YACrB,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;gBACpC,MAAM,sBAAsB,CAAC;YACjC,CAAC;YAED,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YAEtE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,SAAS;gBACb,CAAC;gBACD,GAAG,GAAG,sBAAsB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;YACjF,CAAC;QACL,CAAC;QAED,mBAAmB,EAAE,CAAC;YAClB,IAAI,0BAA0B,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,mBAAmB,CAAC;YAC9B,CAAC;YACD,GAAG,GAAG,0BAA0B,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC,CAAC;IAEF,uBAAuB;SAClB,YAAY,CAAC;QACV,KAAK,EAAE,EAAE,CAAmB;YACxB,OAAO,EAAE,QAAQ;YACjB,QAAQ;SACX,CAAC;QACF,6BAA6B,EAAE,cAAc,GAAG,IAAI;QACpD,gBAAgB,EACZ,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACtF,YAAY,EAAE,yBAAyB;KAC1C,CAAC;SACD,IAAI,CACD,gBAAgB,CAAC,EAAE;QACf,MAAM,CAAC,gBAAgB,KAAK,IAAI,EAAE,kDAAkD,CAAC,CAAC;QAEtF,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAEhD,OAAO,CAAC,OAAO,CAAC;YACZ,OAAO,EAAE,qCAAqC;YAC9C,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC,EACD,CAAC,KAAY,EAAE,EAAE;QACb,IAAI,KAAK,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;YACtC,+DAA+D;YAC/D,mCAAmC;YACnC,mEAAmE;YACnE,0CAA0C;YAC1C,yEAAyE;YAEzE,0DAA0D;YAC1D,kEAAkE;YAClE,mEAAmE;YACnE,qBAAqB;YACrB,aAAa,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC;YAErC,OAAO,CAAC,OAAO,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,sCAAsC;aAChD,CAAC,CAAC;YAEH,OAAO;QACX,CAAC;QAED,yEAAyE;QACzE,qEAAqE;IACzE,CAAC,CACJ,CAAC;IAEN,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;QACrB,4BAA4B,EAAE,CAAC;QAE/B,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,CAAC,CAAC;QACzE,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC,EAAE,CAAC;AACtB,CAAC"}
|
package/package.json
CHANGED
package/src/core/earlyInit.ts
CHANGED
|
@@ -2,7 +2,7 @@ import { getStateData, getIsStatQueryParamValue } from "./StateData";
|
|
|
2
2
|
import { assert, type Equals } from "../tools/tsafe/assert";
|
|
3
3
|
import type { AuthResponse } from "./AuthResponse";
|
|
4
4
|
import {
|
|
5
|
-
|
|
5
|
+
postEncryptedAuthResponseToParent,
|
|
6
6
|
preventSessionStorageSetItemOfPublicKeyByThirdParty
|
|
7
7
|
} from "./iframeMessageProtection";
|
|
8
8
|
|
|
@@ -189,9 +189,7 @@ function handleOidcCallback(): { shouldLoadApp: boolean } {
|
|
|
189
189
|
|
|
190
190
|
switch (stateData.context) {
|
|
191
191
|
case "iframe":
|
|
192
|
-
|
|
193
|
-
authResponse
|
|
194
|
-
}).then(({ encryptedMessage }) => parent.postMessage(encryptedMessage, location.origin));
|
|
192
|
+
postEncryptedAuthResponseToParent({ authResponse });
|
|
195
193
|
return { shouldLoadApp: false };
|
|
196
194
|
case "redirect": {
|
|
197
195
|
redirectAuthResponse = authResponse;
|
|
@@ -4,6 +4,8 @@ import { type AuthResponse } from "./AuthResponse";
|
|
|
4
4
|
|
|
5
5
|
const setItem_real = Storage.prototype.setItem;
|
|
6
6
|
const sessionStorage_original = window.sessionStorage;
|
|
7
|
+
const setTimeout_original: typeof setTimeout = window.setTimeout;
|
|
8
|
+
const alert_original = window.alert;
|
|
7
9
|
|
|
8
10
|
const SESSION_STORAGE_PREFIX = "oidc-spa_iframe_authResponse_publicKey_";
|
|
9
11
|
|
|
@@ -31,35 +33,66 @@ export function preventSessionStorageSetItemOfPublicKeyByThirdParty() {
|
|
|
31
33
|
}
|
|
32
34
|
}
|
|
33
35
|
|
|
34
|
-
const ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
|
|
35
|
-
|
|
36
36
|
function getSessionStorageKey(params: { stateUrlParamValue: string }) {
|
|
37
37
|
const { stateUrlParamValue } = params;
|
|
38
38
|
|
|
39
39
|
return `${SESSION_STORAGE_PREFIX}${stateUrlParamValue}`;
|
|
40
40
|
}
|
|
41
41
|
|
|
42
|
-
|
|
43
|
-
stateUrlParamValue: string;
|
|
44
|
-
log: typeof console.log | undefined;
|
|
45
|
-
}) {
|
|
46
|
-
const { stateUrlParamValue, log } = params;
|
|
47
|
-
|
|
48
|
-
const { publicKey, privateKey } = await generateKeys();
|
|
42
|
+
const ENCRYPTED_AUTH_RESPONSES_PREFIX = "oidc-spa_encrypted_authResponse_";
|
|
49
43
|
|
|
50
|
-
|
|
44
|
+
function getIsEncryptedAuthResponse(params: { message: unknown; stateUrlParamValue: string }): boolean {
|
|
45
|
+
const { message, stateUrlParamValue } = params;
|
|
51
46
|
|
|
52
|
-
|
|
53
|
-
|
|
47
|
+
return (
|
|
48
|
+
typeof message === "string" &&
|
|
49
|
+
message.startsWith(`${ENCRYPTED_AUTH_RESPONSES_PREFIX}${stateUrlParamValue}`)
|
|
54
50
|
);
|
|
51
|
+
}
|
|
55
52
|
|
|
56
|
-
|
|
57
|
-
|
|
53
|
+
function getReadyMessage(params: { stateUrlParamValue: string }) {
|
|
54
|
+
const { stateUrlParamValue } = params;
|
|
55
|
+
return `oidc-spa_ready_to_read_publicKey_${stateUrlParamValue}`;
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
function getIsReadyToReadPublicKeyMessage(params: { message: unknown; stateUrlParamValue: string }) {
|
|
59
|
+
const { message, stateUrlParamValue } = params;
|
|
60
|
+
return message === getReadyMessage({ stateUrlParamValue });
|
|
61
|
+
}
|
|
58
62
|
|
|
59
|
-
|
|
60
|
-
|
|
63
|
+
export async function initIframeMessageProtection(params: { stateUrlParamValue: string }) {
|
|
64
|
+
const { stateUrlParamValue } = params;
|
|
61
65
|
|
|
62
|
-
|
|
66
|
+
const { publicKey, privateKey } = await generateKeys();
|
|
67
|
+
|
|
68
|
+
const sessionStorageKey = getSessionStorageKey({ stateUrlParamValue });
|
|
69
|
+
|
|
70
|
+
let timer: ReturnType<typeof setTimeout> | undefined = undefined;
|
|
71
|
+
|
|
72
|
+
function setSessionStoragePublicKey() {
|
|
73
|
+
setItem_real.call(sessionStorage_original, sessionStorageKey, publicKey);
|
|
74
|
+
|
|
75
|
+
const checkTimeoutCallback = () => {
|
|
76
|
+
if (sessionStorage.getItem(sessionStorageKey) !== publicKey) {
|
|
77
|
+
while (true) {
|
|
78
|
+
alert_original(
|
|
79
|
+
[
|
|
80
|
+
"⚠️ Security Alert:",
|
|
81
|
+
"oidc-spa detected an attack attempt.",
|
|
82
|
+
"For your safety, please close this tab immediately",
|
|
83
|
+
"and notify the site administrator."
|
|
84
|
+
].join(" ")
|
|
85
|
+
);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
check();
|
|
89
|
+
};
|
|
90
|
+
|
|
91
|
+
function check() {
|
|
92
|
+
timer = setTimeout_original(checkTimeoutCallback, 5);
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
check();
|
|
63
96
|
}
|
|
64
97
|
|
|
65
98
|
async function decodeEncryptedAuth(params: {
|
|
@@ -68,7 +101,9 @@ export async function initIframeMessageProtection(params: {
|
|
|
68
101
|
const { encryptedAuthResponse } = params;
|
|
69
102
|
|
|
70
103
|
const { message: authResponse_str } = await asymmetricDecrypt({
|
|
71
|
-
encryptedMessage: encryptedAuthResponse.slice(
|
|
104
|
+
encryptedMessage: encryptedAuthResponse.slice(
|
|
105
|
+
ENCRYPTED_AUTH_RESPONSES_PREFIX.length + stateUrlParamValue.length
|
|
106
|
+
),
|
|
72
107
|
privateKey
|
|
73
108
|
});
|
|
74
109
|
|
|
@@ -78,57 +113,45 @@ export async function initIframeMessageProtection(params: {
|
|
|
78
113
|
}
|
|
79
114
|
|
|
80
115
|
function clearSessionStoragePublicKey() {
|
|
81
|
-
log?.(`Clearing session storage public key at ${sessionStorageKey}`);
|
|
82
116
|
sessionStorage.removeItem(sessionStorageKey);
|
|
83
|
-
|
|
117
|
+
clearTimeout(timer);
|
|
84
118
|
}
|
|
85
119
|
|
|
86
|
-
return {
|
|
120
|
+
return {
|
|
121
|
+
getIsReadyToReadPublicKeyMessage,
|
|
122
|
+
setSessionStoragePublicKey,
|
|
123
|
+
getIsEncryptedAuthResponse,
|
|
124
|
+
decodeEncryptedAuth,
|
|
125
|
+
clearSessionStoragePublicKey
|
|
126
|
+
};
|
|
87
127
|
}
|
|
88
128
|
|
|
89
|
-
export async function
|
|
129
|
+
export async function postEncryptedAuthResponseToParent(params: { authResponse: AuthResponse }) {
|
|
90
130
|
const { authResponse } = params;
|
|
91
131
|
|
|
92
|
-
|
|
93
|
-
getSessionStorageKey({ stateUrlParamValue: authResponse.state })
|
|
94
|
-
);
|
|
95
|
-
|
|
96
|
-
try {
|
|
97
|
-
assert(publicKey !== null, `2293302 no publicKey for state ${authResponse.state}`);
|
|
98
|
-
} catch (error) {
|
|
99
|
-
{
|
|
100
|
-
const publicKey = sessionStorage.getItem(
|
|
101
|
-
`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`
|
|
102
|
-
);
|
|
132
|
+
parent.postMessage(getReadyMessage({ stateUrlParamValue: authResponse.state }), location.origin);
|
|
103
133
|
|
|
104
|
-
|
|
105
|
-
}
|
|
134
|
+
const readPublicKey = () =>
|
|
135
|
+
sessionStorage.getItem(getSessionStorageKey({ stateUrlParamValue: authResponse.state }));
|
|
106
136
|
|
|
107
|
-
|
|
108
|
-
const publicKey = sessionStorage_original.getItem(
|
|
109
|
-
`${getSessionStorageKey({ stateUrlParamValue: authResponse.state })}_alt`
|
|
110
|
-
);
|
|
137
|
+
await new Promise<void>(resolve => setTimeout(resolve, 2));
|
|
111
138
|
|
|
112
|
-
|
|
113
|
-
|
|
139
|
+
while (readPublicKey() === null) {
|
|
140
|
+
await new Promise<void>(resolve => setTimeout(resolve, 2));
|
|
141
|
+
}
|
|
114
142
|
|
|
115
|
-
|
|
116
|
-
const publicKey = sessionStorage_original.getItem(
|
|
117
|
-
getSessionStorageKey({ stateUrlParamValue: authResponse.state })
|
|
118
|
-
);
|
|
143
|
+
await new Promise<void>(resolve => setTimeout(resolve, 7));
|
|
119
144
|
|
|
120
|
-
|
|
121
|
-
}
|
|
145
|
+
const publicKey = readPublicKey();
|
|
122
146
|
|
|
123
|
-
|
|
124
|
-
}
|
|
147
|
+
assert(publicKey !== null, "2293303");
|
|
125
148
|
|
|
126
149
|
const { encryptedMessage: encryptedMessage_withoutPrefix } = await asymmetricEncrypt({
|
|
127
150
|
publicKey,
|
|
128
151
|
message: JSON.stringify(authResponse)
|
|
129
152
|
});
|
|
130
153
|
|
|
131
|
-
const encryptedMessage = `${ENCRYPTED_AUTH_RESPONSES_PREFIX}${encryptedMessage_withoutPrefix}`;
|
|
154
|
+
const encryptedMessage = `${ENCRYPTED_AUTH_RESPONSES_PREFIX}${authResponse.state}${encryptedMessage_withoutPrefix}`;
|
|
132
155
|
|
|
133
|
-
|
|
156
|
+
parent.postMessage(encryptedMessage, location.origin);
|
|
134
157
|
}
|
package/src/core/loginSilent.ts
CHANGED
|
@@ -88,11 +88,15 @@ export async function loginSilent(params: {
|
|
|
88
88
|
return Math.max(BASE_DELAY_MS, dynamicDelay);
|
|
89
89
|
})();
|
|
90
90
|
|
|
91
|
-
const {
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
91
|
+
const {
|
|
92
|
+
getIsReadyToReadPublicKeyMessage,
|
|
93
|
+
setSessionStoragePublicKey,
|
|
94
|
+
decodeEncryptedAuth,
|
|
95
|
+
getIsEncryptedAuthResponse,
|
|
96
|
+
clearSessionStoragePublicKey
|
|
97
|
+
} = await initIframeMessageProtection({
|
|
98
|
+
stateUrlParamValue: stateUrlParamValue_instance
|
|
99
|
+
});
|
|
96
100
|
|
|
97
101
|
let clearTimeouts: (params: { wasSuccess: boolean }) => void;
|
|
98
102
|
{
|
|
@@ -133,34 +137,63 @@ export async function loginSilent(params: {
|
|
|
133
137
|
};
|
|
134
138
|
}
|
|
135
139
|
|
|
136
|
-
|
|
140
|
+
let listener: (event: MessageEvent) => void;
|
|
141
|
+
|
|
142
|
+
listener = async (event: MessageEvent) => {
|
|
137
143
|
if (event.origin !== window.location.origin) {
|
|
138
144
|
return;
|
|
139
145
|
}
|
|
140
146
|
|
|
141
147
|
if (
|
|
142
|
-
!
|
|
148
|
+
!getIsReadyToReadPublicKeyMessage({
|
|
149
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
143
150
|
message: event.data
|
|
144
151
|
})
|
|
145
152
|
) {
|
|
146
153
|
return;
|
|
147
154
|
}
|
|
148
155
|
|
|
149
|
-
|
|
156
|
+
window.removeEventListener("message", listener, false);
|
|
157
|
+
|
|
158
|
+
setSessionStoragePublicKey();
|
|
159
|
+
|
|
160
|
+
const dEncryptedAuthResponse = new Deferred<string>();
|
|
161
|
+
|
|
162
|
+
listener = event => {
|
|
163
|
+
if (event.origin !== window.location.origin) {
|
|
164
|
+
return;
|
|
165
|
+
}
|
|
166
|
+
|
|
167
|
+
const message = event.data;
|
|
168
|
+
|
|
169
|
+
if (
|
|
170
|
+
!getIsEncryptedAuthResponse({
|
|
171
|
+
stateUrlParamValue: stateUrlParamValue_instance,
|
|
172
|
+
message
|
|
173
|
+
})
|
|
174
|
+
) {
|
|
175
|
+
return;
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
window.removeEventListener("message", listener);
|
|
179
|
+
|
|
180
|
+
dEncryptedAuthResponse.resolve(message);
|
|
181
|
+
};
|
|
182
|
+
|
|
183
|
+
window.addEventListener("message", listener, false);
|
|
184
|
+
|
|
185
|
+
const encryptedAuthResponse = await dEncryptedAuthResponse.pr;
|
|
186
|
+
|
|
187
|
+
const { authResponse } = await decodeEncryptedAuth({ encryptedAuthResponse });
|
|
150
188
|
|
|
151
189
|
const stateData = getStateData({ stateUrlParamValue: authResponse.state });
|
|
152
190
|
|
|
153
191
|
assert(stateData !== undefined, "765645");
|
|
154
192
|
assert(stateData.context === "iframe", "250711");
|
|
155
|
-
|
|
156
|
-
if (stateData.configId !== configId) {
|
|
157
|
-
return;
|
|
158
|
-
}
|
|
193
|
+
assert(stateData.configId === configId, "4922732");
|
|
159
194
|
|
|
160
195
|
clearTimeouts({ wasSuccess: true });
|
|
161
196
|
|
|
162
|
-
window.removeEventListener("message", listener);
|
|
163
|
-
|
|
164
197
|
dResult.resolve({
|
|
165
198
|
outcome: "got auth response from iframe",
|
|
166
199
|
authResponse
|