oidc-spa 8.2.0 → 8.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/core/OidcMetadata.d.ts +5 -0
  2. package/core/OidcMetadata.js +56 -0
  3. package/core/OidcMetadata.js.map +1 -1
  4. package/core/createOidc.d.ts +1 -1
  5. package/core/createOidc.js +170 -102
  6. package/core/createOidc.js.map +1 -1
  7. package/core/diagnostic.d.ts +0 -1
  8. package/core/diagnostic.js +18 -5
  9. package/core/diagnostic.js.map +1 -1
  10. package/core/loginOrGoToAuthServer.d.ts +0 -1
  11. package/core/loginOrGoToAuthServer.js +1 -16
  12. package/core/loginOrGoToAuthServer.js.map +1 -1
  13. package/core/loginSilent.d.ts +1 -2
  14. package/core/loginSilent.js +3 -21
  15. package/core/loginSilent.js.map +1 -1
  16. package/esm/core/OidcMetadata.d.ts +5 -0
  17. package/esm/core/OidcMetadata.js +54 -0
  18. package/esm/core/OidcMetadata.js.map +1 -1
  19. package/esm/core/createOidc.d.ts +1 -1
  20. package/esm/core/createOidc.js +170 -102
  21. package/esm/core/createOidc.js.map +1 -1
  22. package/esm/core/diagnostic.d.ts +0 -1
  23. package/esm/core/diagnostic.js +15 -1
  24. package/esm/core/diagnostic.js.map +1 -1
  25. package/esm/core/loginOrGoToAuthServer.d.ts +0 -1
  26. package/esm/core/loginOrGoToAuthServer.js +1 -16
  27. package/esm/core/loginOrGoToAuthServer.js.map +1 -1
  28. package/esm/core/loginSilent.d.ts +1 -2
  29. package/esm/core/loginSilent.js +3 -21
  30. package/esm/core/loginSilent.js.map +1 -1
  31. package/esm/keycloak/keycloakIssuerUriParsed.js +8 -1
  32. package/esm/keycloak/keycloakIssuerUriParsed.js.map +1 -1
  33. package/esm/tools/isLikelyDevServer.d.ts +1 -0
  34. package/esm/tools/isLikelyDevServer.js +14 -0
  35. package/esm/tools/isLikelyDevServer.js.map +1 -0
  36. package/keycloak/keycloakIssuerUriParsed.js +8 -1
  37. package/keycloak/keycloakIssuerUriParsed.js.map +1 -1
  38. package/package.json +1 -1
  39. package/src/core/OidcMetadata.ts +75 -0
  40. package/src/core/createOidc.ts +209 -137
  41. package/src/core/diagnostic.ts +21 -2
  42. package/src/core/loginOrGoToAuthServer.ts +0 -22
  43. package/src/core/loginSilent.ts +4 -27
  44. package/src/keycloak/keycloakIssuerUriParsed.ts +10 -1
  45. package/src/tools/isLikelyDevServer.ts +17 -0
  46. package/tools/isLikelyDevServer.d.ts +1 -0
  47. package/tools/isLikelyDevServer.js +17 -0
  48. package/tools/isLikelyDevServer.js.map +1 -0
package/core/OidcMetadata.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import { type OidcMetadata as OidcClientTsOidcMetadata } from "../vendor/frontend/oidc-client-ts";
1
2
  /**
2
3
  * OpenID Providers have metadata describing their configuration.
3
4
  *
@@ -264,3 +265,7 @@ export type OidcMetadata = {
264
265
  */
265
266
  code_challenge_methods_supported: string[];
266
267
  };
268
+ export declare const WELL_KNOWN_PATH = "/.well-known/openid-configuration";
269
+ export declare function fetchOidcMetadata(params: {
270
+ issuerUri: string;
271
+ }): Promise<Partial<OidcClientTsOidcMetadata> | undefined>;
package/core/OidcMetadata.js CHANGED
@@ -1,5 +1,61 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.WELL_KNOWN_PATH = void 0;
4
+ exports.fetchOidcMetadata = fetchOidcMetadata;
3
5
  const assert_1 = require("../tools/tsafe/assert");
6
+ const isLikelyDevServer_1 = require("../tools/isLikelyDevServer");
4
7
  assert_1.assert;
8
+ exports.WELL_KNOWN_PATH = "/.well-known/openid-configuration";
9
+ function getSessionStorageKey(params) {
10
+ const { issuerUri } = params;
11
+ return `oidc-spa:openid-configuration:${issuerUri}`;
12
+ }
13
+ function readSessionStorage(params) {
14
+ const { issuerUri } = params;
15
+ const value = sessionStorage.getItem(getSessionStorageKey({ issuerUri }));
16
+ if (value === null) {
17
+ return undefined;
18
+ }
19
+ return JSON.parse(value);
20
+ }
21
+ function setSessionStorage(params) {
22
+ const { issuerUri, oidcMetadata } = params;
23
+ sessionStorage.setItem(getSessionStorageKey({ issuerUri }), JSON.stringify(oidcMetadata));
24
+ }
25
+ async function fetchOidcMetadata(params) {
26
+ const { issuerUri } = params;
27
+ from_cache: {
28
+ const oidcMetadata = readSessionStorage({ issuerUri });
29
+ if (oidcMetadata === undefined) {
30
+ break from_cache;
31
+ }
32
+ return oidcMetadata;
33
+ }
34
+ let oidcMetadata;
35
+ try {
36
+ const response = await fetch(`${issuerUri}${exports.WELL_KNOWN_PATH}`, {
37
+ headers: {
38
+ Accept: "application/jwk-set+json, application/json"
39
+ }
40
+ });
41
+ if (!response.ok) {
42
+ throw new Error();
43
+ }
44
+ const obj = await response.json();
45
+ {
46
+ const { authorization_endpoint } = obj;
47
+ if (typeof authorization_endpoint !== "string") {
48
+ throw new Error();
49
+ }
50
+ }
51
+ oidcMetadata = obj;
52
+ }
53
+ catch {
54
+ return undefined;
55
+ }
56
+ if (!(0, isLikelyDevServer_1.getIsLikelyDevServer)()) {
57
+ setSessionStorage({ issuerUri, oidcMetadata });
58
+ }
59
+ return oidcMetadata;
60
+ }
5
61
  //# sourceMappingURL=OidcMetadata.js.map
package/core/OidcMetadata.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"OidcMetadata.js","sourceRoot":"","sources":["../src/core/OidcMetadata.ts"],"names":[],"mappings":";;AACA,kDAA4D;AA6Q5D,eAAsD,CAAC"}
1
+ {"version":3,"file":"OidcMetadata.js","sourceRoot":"","sources":["../src/core/OidcMetadata.ts"],"names":[],"mappings":";;;AA2SA,8CA8CC;AAxVD,kDAA4D;AAC5D,kEAAkE;AA6QlE,eAAsD,CAAC;AAE1C,QAAA,eAAe,GAAG,mCAAmC,CAAC;AAEnE,SAAS,oBAAoB,CAAC,MAA6B;IACvD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,OAAO,iCAAiC,SAAS,EAAE,CAAC;AACxD,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA6B;IACrD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAE1E,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACjB,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAsC,CAAC;AAClE,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAkE;IACzF,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAE3C,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;AAC9F,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAA6B;IACjE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,UAAU,EAAE,CAAC;QACT,MAAM,YAAY,GAAG,kBAAkB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;QAEvD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,UAAU,CAAC;QACrB,CAAC;QAED,OAAO,YAAY,CAAC;IACxB,CAAC;IAED,IAAI,YAAmC,CAAC;IAExC,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,SAAS,GAAG,uBAAe,EAAE,EAAE;YAC3D,OAAO,EAAE;gBACL,MAAM,EAAE,4CAA4C;aACvD;SACJ,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,EAAE,CAAC;QACtB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAElC,CAAC;YACG,MAAM,EAAE,sBAAsB,EAAE,GAAG,GAAG,CAAC;YAEvC,IAAI,OAAO,sBAAsB,KAAK,QAAQ,EAAE,CAAC;gBAC7C,MAAM,IAAI,KAAK,EAAE,CAAC;YACtB,CAAC;QACL,CAAC;QAED,YAAY,GAAG,GAAG,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,CAAC,IAAA,wCAAoB,GAAE,EAAE,CAAC;QAC1B,iBAAiB,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,YAAY,CAAC;AACxB,CAAC"}
package/core/createOidc.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { OidcMetadata } from "./OidcMetadata";
1
+ import { type OidcMetadata } from "./OidcMetadata";
2
2
  import type { Oidc } from "./Oidc";
3
3
  export type ParamsOfCreateOidc<DecodedIdToken extends Record<string, unknown> = Oidc.Tokens.DecodedIdToken_OidcCoreSpec, AutoLogin extends boolean = false> = {
4
4
  /**
package/core/createOidc.js CHANGED
@@ -36,6 +36,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
36
36
  exports.createOidc = createOidc;
37
37
  exports.createOidc_nonMemoized = createOidc_nonMemoized;
38
38
  const oidc_client_ts_1 = require("../vendor/frontend/oidc-client-ts");
39
+ const OidcMetadata_1 = require("./OidcMetadata");
39
40
  const assert_1 = require("../tools/tsafe/assert");
40
41
  const id_1 = require("../tools/tsafe/id");
41
42
  const workerTimers_1 = require("../tools/workerTimers");
@@ -63,11 +64,12 @@ const isNewBrowserSession_1 = require("./isNewBrowserSession");
63
64
  const getIsOnline_1 = require("../tools/getIsOnline");
64
65
  const isKeycloak_1 = require("../keycloak/isKeycloak");
65
66
  const INFINITY_TIME_1 = require("../tools/INFINITY_TIME");
66
- const getIsValidRemoteJson_1 = require("../tools/getIsValidRemoteJson");
67
67
  const prShouldLoadApp_1 = require("./prShouldLoadApp");
68
68
  const BASE_URL_1 = require("./BASE_URL");
69
+ const isLikelyDevServer_1 = require("../tools/isLikelyDevServer");
70
+ const createObjectThatThrowsIfAccessed_1 = require("../tools/createObjectThatThrowsIfAccessed");
69
71
  // NOTE: Replaced at build time
70
- const VERSION = "8.2.0";
72
+ const VERSION = "8.2.1";
71
73
  const globalContext = {
72
74
  prOidcByConfigId: new Map(),
73
75
  hasLogoutBeenCalled: (0, id_1.id)(false),
@@ -207,71 +209,168 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
207
209
  homeUrlAndRedirectUri
208
210
  }, null, 2)}`);
209
211
  const stateUrlParamValue_instance = (0, StateData_1.generateStateUrlParamValue)();
212
+ const oidcMetadata = __metadata ?? (await (0, OidcMetadata_1.fetchOidcMetadata)({ issuerUri }));
210
213
  const canUseIframe = (() => {
211
214
  if (noIframe) {
212
215
  return false;
213
216
  }
214
217
  third_party_cookies: {
215
- const isOidcServerThirdPartyRelativeToApp = (0, haveSharedParentDomain_1.getHaveSharedParentDomain)({
218
+ if (oidcMetadata === undefined) {
219
+ return false;
220
+ }
221
+ const { authorization_endpoint } = oidcMetadata;
222
+ (0, assert_1.assert)(authorization_endpoint !== undefined, "Missing authorization_endpoint on the provided __metadata");
223
+ const isOidcServerThirdPartyRelativeToApp = !(0, haveSharedParentDomain_1.getHaveSharedParentDomain)({
216
224
  url1: window.location.origin,
217
- url2: issuerUri
218
- }) === false;
225
+ // TODO: No, here we should test against the authorization endpoint!
226
+ url2: authorization_endpoint
227
+ });
219
228
  if (!isOidcServerThirdPartyRelativeToApp) {
220
229
  break third_party_cookies;
221
230
  }
222
- const isGoogleChrome = (() => {
223
- const ua = navigator.userAgent;
224
- const vendor = navigator.vendor;
225
- return (/Chrome/.test(ua) && /Google Inc/.test(vendor) && !/Edg/.test(ua) && !/OPR/.test(ua));
231
+ const isLikelyDevServer = (0, isLikelyDevServer_1.getIsLikelyDevServer)();
232
+ const domain_auth = new URL(authorization_endpoint).origin.split("//")[1];
233
+ (0, assert_1.assert)(domain_auth !== undefined, "33921384");
234
+ const domain_here = window.location.origin.split("//")[1];
235
+ let isWellKnownProviderDomain = false;
236
+ let isIp = false;
237
+ const suggestedDeployments = (() => {
238
+ if (/^(?:\d{1,3}\.){3}\d{1,3}$|^\[?[A-Fa-f0-9:]+\]?$/.test(domain_auth)) {
239
+ isIp = true;
240
+ return [];
241
+ }
242
+ const baseDomain = (() => {
243
+ const segments = domain_auth.split(".");
244
+ if (segments.length >= 3) {
245
+ segments.shift();
246
+ }
247
+ return segments.join(".");
248
+ })();
249
+ {
250
+ const baseDomain_low = baseDomain.toLowerCase();
251
+ if (baseDomain_low.includes("auth0") ||
252
+ baseDomain_low.includes("clerk") ||
253
+ baseDomain_low.includes("microsoft") ||
254
+ baseDomain_low.includes("okta") ||
255
+ baseDomain_low.includes("aws")) {
256
+ isWellKnownProviderDomain = true;
257
+ return [];
258
+ }
259
+ }
260
+ const baseUrl = new URL(homeUrlAndRedirectUri).pathname;
261
+ return [
262
+ `myapp.${baseDomain}`,
263
+ baseDomain === domain_auth ? undefined : baseDomain,
264
+ `${baseDomain}/${baseUrl === "/" ? "dashboard" : baseUrl}`
265
+ ].filter(x => x !== undefined);
226
266
  })();
227
- if (window.location.origin.startsWith("http://localhost") && isGoogleChrome) {
228
- break third_party_cookies;
267
+ if (isLikelyDevServer) {
268
+ log?.([
269
+ "Detected localhost environment.",
270
+ "\nWhen reloading while logged in, you may briefly see",
271
+ "some URL params appear in the address bar.",
272
+ "\nThis happens because session restore via iframe is disabled,",
273
+ "the browser treats your auth server as a third party.",
274
+ `\nAuth server: ${domain_auth}`,
275
+ `\nApp domain: ${domain_here}`,
276
+ ...(() => {
277
+ if (isIp) {
278
+ return [];
279
+ }
280
+ if (isWellKnownProviderDomain) {
281
+ return [
282
+ "\nYou seem to be using a well-known auth provider.",
283
+ "Check your provider's docs, some allow configuring",
284
+ `a your custom domain at least for the authorization endpoint.`,
285
+ "\nIf configured, oidc-spa will restore sessions silently",
286
+ "and improve the user experience."
287
+ ];
288
+ }
289
+ return [
290
+ "\nOnce deployed under the same root domain as your auth server,",
291
+ "oidc-spa will use iframes to restore sessions silently.",
292
+ "\nSuggested deployments:",
293
+ ...suggestedDeployments.map(d => `\n • ${d}`)
294
+ ];
295
+ })(),
296
+ "\n\nMore info:",
297
+ "https://docs.oidc-spa.dev/v/v8/resources/end-of-third-party-cookies#when-are-cookies-considered-third-party"
298
+ ].join(" "));
299
+ }
300
+ else {
301
+ log?.([
302
+ "Silent session restore via iframe is disabled.",
303
+ `\nAuth server: ${domain_auth}`,
304
+ `App domain: ${domain_here}`,
305
+ "\nThey do not share a common root domain.",
306
+ ...(() => {
307
+ if (isIp) {
308
+ return [];
309
+ }
310
+ if (isWellKnownProviderDomain) {
311
+ return [
312
+ "\nYou seem to be using a well-known auth provider.",
313
+ "Check if you can configure a custom auth domain.",
314
+ "\nIf so, oidc-spa can restore sessions silently",
315
+ "and improve the user experience."
316
+ ];
317
+ }
318
+ return [
319
+ "\nTo improve the experience, here are some examples of deployment for your app:",
320
+ ...suggestedDeployments.map(d => `\n • ${d}`)
321
+ ];
322
+ })(),
323
+ "\nMore info:",
324
+ "https://docs.oidc-spa.dev/v/v8/resources/end-of-third-party-cookies#when-are-cookies-considered-third-party"
325
+ ].join(" "));
229
326
  }
230
- log?.([
231
- "Can't use iframe because your auth server is on a third party domain relative",
232
- "to the domain of your app and third party cookies are blocked by navigators."
233
- ].join(" "));
234
327
  return false;
235
328
  }
236
- // NOTE: Maybe not, it depend if the app can iframe itself.
237
329
  return true;
238
330
  })();
239
- let isUserStoreInMemoryOnly;
240
- const oidcClientTsUserManager = new oidc_client_ts_1.UserManager({
241
- stateUrlParamValue: stateUrlParamValue_instance,
242
- authority: issuerUri,
243
- client_id: clientId,
244
- redirect_uri: homeUrlAndRedirectUri,
245
- silent_redirect_uri: homeUrlAndRedirectUri,
246
- post_logout_redirect_uri: homeUrlAndRedirectUri,
247
- response_mode: (0, isKeycloak_1.isKeycloak)({ issuerUri }) ? "fragment" : "query",
248
- response_type: "code",
249
- scope: Array.from(new Set(["openid", ...scopes])).join(" "),
250
- automaticSilentRenew: false,
251
- userStore: new oidc_client_ts_1.WebStorageStateStore({
252
- store: (() => {
253
- if (canUseIframe) {
254
- isUserStoreInMemoryOnly = true;
255
- return new oidc_client_ts_1.InMemoryWebStorage();
256
- }
257
- isUserStoreInMemoryOnly = false;
258
- const storage = (0, EphemeralSessionStorage_1.createEphemeralSessionStorage)({
259
- sessionStorageTtlMs: 3 * 60000
260
- });
261
- const { evtRequestToPersistTokens } = globalContext;
262
- evtRequestToPersistTokens.subscribe(({ configIdOfInstancePostingTheRequest }) => {
263
- if (configIdOfInstancePostingTheRequest === configId) {
264
- return;
331
+ let isUserStoreInMemoryOnly = undefined;
332
+ const oidcClientTsUserManager = oidcMetadata === undefined
333
+ ? (0, createObjectThatThrowsIfAccessed_1.createObjectThatThrowsIfAccessed)({
334
+ debugMessage: "oidc-spa: Wrong assertion 43943"
335
+ })
336
+ : new oidc_client_ts_1.UserManager({
337
+ stateUrlParamValue: stateUrlParamValue_instance,
338
+ authority: issuerUri,
339
+ client_id: clientId,
340
+ redirect_uri: homeUrlAndRedirectUri,
341
+ silent_redirect_uri: homeUrlAndRedirectUri,
342
+ post_logout_redirect_uri: homeUrlAndRedirectUri,
343
+ response_mode: (0, isKeycloak_1.isKeycloak)({ issuerUri }) ? "fragment" : "query",
344
+ response_type: "code",
345
+ scope: Array.from(new Set(["openid", ...scopes])).join(" "),
346
+ automaticSilentRenew: false,
347
+ userStore: new oidc_client_ts_1.WebStorageStateStore({
348
+ store: (() => {
349
+ if (canUseIframe) {
350
+ isUserStoreInMemoryOnly = true;
351
+ return new oidc_client_ts_1.InMemoryWebStorage();
265
352
  }
266
- storage.persistCurrentStateAndSubsequentChanges();
267
- });
268
- return storage;
269
- })()
270
- }),
271
- stateStore: new oidc_client_ts_1.WebStorageStateStore({ store: localStorage, prefix: StateData_1.STATE_STORE_KEY_PREFIX }),
272
- client_secret: __unsafe_clientSecret,
273
- metadata: __metadata
274
- });
353
+ isUserStoreInMemoryOnly = false;
354
+ const storage = (0, EphemeralSessionStorage_1.createEphemeralSessionStorage)({
355
+ sessionStorageTtlMs: 3 * 60000
356
+ });
357
+ const { evtRequestToPersistTokens } = globalContext;
358
+ evtRequestToPersistTokens.subscribe(({ configIdOfInstancePostingTheRequest }) => {
359
+ if (configIdOfInstancePostingTheRequest === configId) {
360
+ return;
361
+ }
362
+ storage.persistCurrentStateAndSubsequentChanges();
363
+ });
364
+ return storage;
365
+ })()
366
+ }),
367
+ stateStore: new oidc_client_ts_1.WebStorageStateStore({
368
+ store: localStorage,
369
+ prefix: StateData_1.STATE_STORE_KEY_PREFIX
370
+ }),
371
+ client_secret: __unsafe_clientSecret,
372
+ metadata: oidcMetadata
373
+ });
275
374
  const evtInitializationOutcomeUserNotLoggedIn = (0, Evt_1.createEvt)();
276
375
  const { loginOrGoToAuthServer } = (0, loginOrGoToAuthServer_1.createLoginOrGoToAuthServer)({
277
376
  configId,
@@ -289,6 +388,11 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
289
388
  });
290
389
  const { completeLoginOrRefreshProcess } = await (0, ongoingLoginOrRefreshProcesses_1.startLoginOrRefreshProcess)();
291
390
  const resultOfLoginProcess = await (async () => {
391
+ if (oidcMetadata === undefined) {
392
+ return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createWellKnownOidcConfigurationEndpointUnreachableInitializationError({
393
+ issuerUri
394
+ });
395
+ }
292
396
  handle_redirect_auth_response: {
293
397
  let stateDataAndAuthResponse = undefined;
294
398
  get_stateData_and_authResponse: {
@@ -418,6 +522,7 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
418
522
  // NOTE: We almost never persist tokens, we have to only to support edge case
419
523
  // of multiple oidc instance in a single App with no iframe support.
420
524
  restore_from_session_storage: {
525
+ (0, assert_1.assert)(isUserStoreInMemoryOnly !== undefined, "3392204");
421
526
  if (isUserStoreInMemoryOnly) {
422
527
  break restore_from_session_storage;
423
528
  }
@@ -475,11 +580,6 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
475
580
  break actual_silent_signin;
476
581
  }
477
582
  if (!canUseIframe) {
478
- if (!(await (0, getIsValidRemoteJson_1.getIsValidRemoteJson)(`${issuerUri}${(0, id_1.id)("/.well-known/openid-configuration")}`))) {
479
- return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createWellKnownOidcConfigurationEndpointUnreachableInitializationError({
480
- issuerUri
481
- });
482
- }
483
583
  break actual_silent_signin;
484
584
  }
485
585
  log?.("Trying to restore the auth from the http only cookie (silent signin with iframe)");
@@ -494,21 +594,13 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
494
594
  log
495
595
  });
496
596
  (0, assert_1.assert)(result_loginSilent.outcome !== "token refreshed using refresh token", "876995");
497
- if (result_loginSilent.outcome === "failure") {
498
- switch (result_loginSilent.cause) {
499
- case "can't reach well-known oidc endpoint":
500
- return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createWellKnownOidcConfigurationEndpointUnreachableInitializationError({
501
- issuerUri
502
- });
503
- case "timeout":
504
- return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createIframeTimeoutInitializationError({
505
- redirectUri: homeUrlAndRedirectUri,
506
- clientId,
507
- issuerUri,
508
- noIframe
509
- });
510
- }
511
- (0, assert_1.assert)(false);
597
+ if (result_loginSilent.outcome === "timeout") {
598
+ return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createIframeTimeoutInitializationError({
599
+ redirectUri: homeUrlAndRedirectUri,
600
+ clientId,
601
+ issuerUri,
602
+ noIframe
603
+ });
512
604
  }
513
605
  (0, assert_1.assert)();
514
606
  const { authResponse } = result_loginSilent;
@@ -552,8 +644,7 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
552
644
  configIdOfInstancePostingTheRequest: configId
553
645
  });
554
646
  }
555
- const dCantFetchWellKnownEndpointOrNever = new Deferred_1.Deferred();
556
- loginOrGoToAuthServer({
647
+ await loginOrGoToAuthServer({
557
648
  action: "login",
558
649
  doForceReloadOnBfCache: true,
559
650
  redirectUrl: (0, earlyInit_1.getRootRelativeOriginalLocationHref)(),
@@ -570,15 +661,7 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
570
661
  return "directly redirect if active session show login otherwise";
571
662
  }
572
663
  return "ensure no interaction";
573
- })(),
574
- onCantFetchWellKnownEndpointError: () => {
575
- dCantFetchWellKnownEndpointOrNever.resolve();
576
- }
577
- });
578
- await dCantFetchWellKnownEndpointOrNever.pr;
579
- return (await Promise.resolve().then(() => __importStar(require("./diagnostic")))).createFailedToFetchTokenEndpointInitializationError({
580
- clientId,
581
- issuerUri
664
+ })()
582
665
  });
583
666
  }
584
667
  if (authResponse_error !== undefined) {
@@ -665,11 +748,7 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
665
748
  transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
666
749
  interaction: (0, persistedAuthState_1.getPersistedAuthState)({ configId }) === "explicitly logged out"
667
750
  ? "ensure interaction"
668
- : "directly redirect if active session show login otherwise",
669
- onCantFetchWellKnownEndpointError: () => {
670
- log?.("Login called but the auth server seems to be down..");
671
- alert("Authentication unavailable please try again later.");
672
- }
751
+ : "directly redirect if active session show login otherwise"
673
752
  });
674
753
  },
675
754
  initializationError: undefined
@@ -853,14 +932,7 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
853
932
  extraQueryParams_local: undefined,
854
933
  transformUrlBeforeRedirect_local: undefined,
855
934
  doNavigateBackToLastPublicUrlIfTheTheUserNavigateBack: false,
856
- interaction: "directly redirect if active session show login otherwise",
857
- onCantFetchWellKnownEndpointError: () => {
858
- log?.([
859
- "The auth server seems to be down while we needed to refresh the token",
860
- "with a full page redirect. Reloading the page"
861
- ].join(" "));
862
- window.location.reload();
863
- }
935
+ interaction: "directly redirect if active session show login otherwise"
864
936
  });
865
937
  (0, assert_1.assert)(false, "136134");
866
938
  };
@@ -886,9 +958,9 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
886
958
  autoLogin,
887
959
  log
888
960
  });
889
- if (result_loginSilent.outcome === "failure") {
961
+ if (result_loginSilent.outcome === "timeout") {
890
962
  log?.([
891
- `Silent refresh of the token failed with ${result_loginSilent.cause}.`,
963
+ `Silent refresh of the token failed the iframe didn't post a response (timeout).`,
892
964
  `This isn't recoverable, reloading the page.`
893
965
  ].join(" "));
894
966
  window.location.reload();
@@ -1026,11 +1098,7 @@ async function createOidc_nonMemoized(params, preProcessedParams) {
1026
1098
  action: "go to auth server",
1027
1099
  redirectUrl: redirectUrl ?? window.location.href,
1028
1100
  extraQueryParams_local: extraQueryParams,
1029
- transformUrlBeforeRedirect_local: transformUrlBeforeRedirect,
1030
- onCantFetchWellKnownEndpointError: () => {
1031
- log?.("goToAuthServer called but the auth server seems to be down..");
1032
- alert("Authentication unavailable please try again later.");
1033
- }
1101
+ transformUrlBeforeRedirect_local: transformUrlBeforeRedirect
1034
1102
  }),
1035
1103
  backFromAuthServer: resultOfLoginProcess.backFromAuthServer,
1036
1104
  isNewBrowserSession: (() => {