oidc-spa 8.2.0 → 8.2.2

package/esm/tools/lazySessionStorage.js

@@ -0,0 +1,81 @@
+import { assert } from "../tools/tsafe/assert";
+const SESSION_STORAGE_PREFIX = "lazy-session-storage:";
+export function createLazySessionStorage() {
+    const entries = [];
+    for (let i = 0; i < sessionStorage.length; i++) {
+        const key = sessionStorage.key(i);
+        assert(key !== null, "470498");
+        if (!key.startsWith(SESSION_STORAGE_PREFIX)) {
+            continue;
+        }
+        const value = sessionStorage.getItem(key);
+        assert(value !== null, "846771");
+        sessionStorage.removeItem(key);
+        entries.push({
+            key: key.slice(SESSION_STORAGE_PREFIX.length),
+            value
+        });
+    }
+    let isPersistenceEnabled = false;
+    const storage = {
+        persistCurrentStateAndSubsequentChanges: () => {
+            isPersistenceEnabled = true;
+            for (let i = 0; i < storage.length; i++) {
+                const key = storage.key(i);
+                assert(key !== null, "803385");
+                const value = storage.getItem(key);
+                assert(value !== null, "777098");
+                storage.setItem(key, value);
+            }
+        },
+        get length() {
+            return entries.length;
+        },
+        key: index => {
+            const entry = entries[index];
+            if (entry === undefined) {
+                return null;
+            }
+            return entry.key;
+        },
+        removeItem: key => {
+            const entry = entries.find(entry => entry.key === key);
+            if (entry === undefined) {
+                return;
+            }
+            sessionStorage.removeItem(`${SESSION_STORAGE_PREFIX}${entry.key}`);
+            const index = entries.indexOf(entry);
+            entries.splice(index, 1);
+        },
+        clear: () => {
+            for (let i = 0; i < storage.length; i++) {
+                const key = storage.key(i);
+                assert(key !== null, "290875");
+                storage.removeItem(key);
+            }
+        },
+        getItem: key => {
+            const entry = entries.find(entry => entry.key === key);
+            if (entry === undefined) {
+                return null;
+            }
+            return entry.value;
+        },
+        setItem: (key, value) => {
+            if (isPersistenceEnabled) {
+                sessionStorage.setItem(`${SESSION_STORAGE_PREFIX}${key}`, value);
+            }
+            update: {
+                const entry = entries.find(entry => entry.key === key);
+                if (entry === undefined) {
+                    break update;
+                }
+                entry.value = value;
+                return;
+            }
+            entries.push({ key, value });
+        }
+    };
+    return storage;
+}
+//# sourceMappingURL=lazySessionStorage.js.map

package/esm/tools/lazySessionStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lazySessionStorage.js","sourceRoot":"","sources":["../../src/tools/lazySessionStorage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,MAAM,sBAAsB,GAAG,uBAAuB,CAAC;AAevD,MAAM,UAAU,wBAAwB;IACpC,MAAM,OAAO,GAAqC,EAAE,CAAC;IAErD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,CAAC,GAAG,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE/B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC1C,SAAS;QACb,CAAC;QAED,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAE1C,MAAM,CAAC,KAAK,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEjC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAE/B,OAAO,CAAC,IAAI,CAAC;YACT,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,sBAAsB,CAAC,MAAM,CAAC;YAC7C,KAAK;SACR,CAAC,CAAC;IACP,CAAC;IAED,IAAI,oBAAoB,GAAG,KAAK,CAAC;IAEjC,MAAM,OAAO,GAAuB;QAChC,uCAAuC,EAAE,GAAG,EAAE;YAC1C,oBAAoB,GAAG,IAAI,CAAC;YAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,CAAC,GAAG,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAE/B,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAEnC,MAAM,CAAC,KAAK,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAEjC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAChC,CAAC;QACL,CAAC;QACD,IAAI,MAAM;YACN,OAAO,OAAO,CAAC,MAAM,CAAC;QAC1B,CAAC;QACD,GAAG,EAAE,KAAK,CAAC,EAAE;YACT,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;YAE7B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,OAAO,KAAK,CAAC,GAAG,CAAC;QACrB,CAAC;QACD,UAAU,EAAE,GAAG,CAAC,EAAE;YACd,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;YAEvD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACtB,OAAO;YACX,CAAC;YAED,cAAc,CAAC,UAAU,CAAC,GAAG,sBAAsB,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YAEnE,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAErC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC7B,CAAC;QACD,KAAK,EAAE,GAAG,EAAE;YACR,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,CAAC,GAAG,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAC/B,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YAC5B,CAAC;QACL,CAAC;QACD,OAAO,EAAE,GAAG,CAAC,EAAE;YACX,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;YACvD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,OAAO,KAAK,CAAC,KAAK,CAAC;QACvB,CAAC;QACD,OAAO,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;YACpB,IAAI,oBAAoB,EAAE,CAAC;gBACvB,cAAc,CAAC,OAAO,CAAC,GAAG,sBAAsB,GAAG,GAAG,EAAE,EAAE,KAAK,CAAC,CAAC;YACrE,CAAC;YAED,MAAM,EAAE,CAAC;gBACL,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;gBAEvD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,MAAM,MAAM,CAAC;gBACjB,CAAC;gBAED,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC;gBAEpB,OAAO;YACX,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QACjC,CAAC;KACJ,CAAC;IAEF,OAAO,OAAO,CAAC;AACnB,CAAC"}

package/keycloak/keycloakIssuerUriParsed.js

@@ -5,7 +5,14 @@ const assert_1 = require("../tools/tsafe/assert");
 const isKeycloak_1 = require("./isKeycloak");
 function parseKeycloakIssuerUri(params) {
     const { issuerUri } = params;
-    (0, assert_1.assert)((0, isKeycloak_1.isKeycloak)({ issuerUri }));
+    if (!(0, isKeycloak_1.isKeycloak)({ issuerUri })) {
+        throw new Error([
+            `oidc-spa: The issuer uri provided ${issuerUri}`,
+            "if you are in an environnement that should support multiple",
+            "auth provider, you should first test `isKeycloakUrl({ issuerUri })`",
+            "before calling parseKeycloakIssuerUri({ issuerUri })"
+        ].join(" "));
+    }
     const url = new URL(issuerUri.replace(/\/$/, ""));
     const split = url.pathname.split("/realms/");
     (0, assert_1.assert)(split.length === 2);

package/keycloak/keycloakIssuerUriParsed.js.map

@@ -1 +1 @@
-{"version":3,"file":"keycloakIssuerUriParsed.js","sourceRoot":"","sources":["../src/keycloak/keycloakIssuerUriParsed.ts"],"names":[],"mappings":";;AAUA,wDAkBC;AA5BD,kDAA+C;AAC/C,6CAA0C;AAS1C,SAAgB,sBAAsB,CAAC,MAA6B;IAChE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,IAAA,eAAM,EAAC,IAAA,uBAAU,EAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;IAElD,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAE7C,IAAA,eAAM,EAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;IAE3B,MAAM,CAAC,kBAAkB,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;IAE1C,OAAO;QACH,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,KAAK;QACL,kBAAkB,EAAE,kBAAkB,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,kBAAkB;KACjF,CAAC;AACN,CAAC"}
+{"version":3,"file":"keycloakIssuerUriParsed.js","sourceRoot":"","sources":["../src/keycloak/keycloakIssuerUriParsed.ts"],"names":[],"mappings":";;AAUA,wDA2BC;AArCD,kDAA+C;AAC/C,6CAA0C;AAS1C,SAAgB,sBAAsB,CAAC,MAA6B;IAChE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,IAAI,CAAC,IAAA,uBAAU,EAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACX;YACI,qCAAqC,SAAS,EAAE;YAChD,6DAA6D;YAC7D,qEAAqE;YACrE,sDAAsD;SACzD,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IACN,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;IAElD,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAE7C,IAAA,eAAM,EAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;IAE3B,MAAM,CAAC,kBAAkB,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;IAE1C,OAAO;QACH,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,KAAK;QACL,kBAAkB,EAAE,kBAAkB,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,kBAAkB;KACjF,CAAC;AACN,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "oidc-spa",
-    "version": "8.2.0",
+    "version": "8.2.2",
     "description": "Openidconnect client for Single Page Applications",
     "repository": {
         "type": "git",

package/src/core/AuthResponse.ts

@@ -1,8 +1,4 @@
 import { addOrUpdateSearchParam } from "../tools/urlSearchParams";
-import {
-    createEphemeralSessionStorage,
-    type EphemeralSessionStorage
-} from "../tools/EphemeralSessionStorage";
 
 export type AuthResponse = {
     state: string;
@@ -28,35 +24,3 @@ export function authResponseToUrl(authResponse: AuthResponse): string {
 
     return authResponseUrl;
 }
-
-export const { setPersistedRedirectAuthResponses, getPersistedRedirectAuthResponses } = (() => {
-    const { getEphemeralSessionStorage } = (() => {
-        let cache: EphemeralSessionStorage | undefined = undefined;
-        const getEphemeralSessionStorage = () =>
-            (cache ??= createEphemeralSessionStorage({
-                sessionStorageTtlMs: 30_000
-            }));
-        return { getEphemeralSessionStorage };
-    })();
-
-    const KEY = "oidc-spa:persisted-redirect-auth-response";
-
-    function setPersistedRedirectAuthResponses(params: { authResponses: AuthResponse[] }) {
-        const { authResponses } = params;
-
-        const storage = getEphemeralSessionStorage();
-        storage.persistCurrentStateAndSubsequentChanges();
-
-        storage.setItem(KEY, JSON.stringify(authResponses));
-    }
-
-    function getPersistedRedirectAuthResponses(): { authResponses: AuthResponse[] } {
-        const value = getEphemeralSessionStorage().getItem(KEY);
-
-        const authResponses: AuthResponse[] = value === null ? [] : JSON.parse(value);
-
-        return { authResponses };
-    }
-
-    return { setPersistedRedirectAuthResponses, getPersistedRedirectAuthResponses };
-})();

package/src/core/OidcMetadata.ts

@@ -1,5 +1,6 @@
 import { type OidcMetadata as OidcClientTsOidcMetadata } from "../vendor/frontend/oidc-client-ts";
 import { assert, type Equals } from "../tools/tsafe/assert";
+import { getIsLikelyDevServer } from "../tools/isLikelyDevServer";
 
 /**
  * OpenID Providers have metadata describing their configuration.
@@ -269,3 +270,77 @@ export type OidcMetadata = {
 };
 
 assert<Equals<OidcMetadata, OidcClientTsOidcMetadata>>;
+
+export const WELL_KNOWN_PATH = "/.well-known/openid-configuration";
+
+function getSessionStorageKey(params: { issuerUri: string }) {
+    const { issuerUri } = params;
+
+    return `oidc-spa:openid-configuration:${issuerUri}`;
+}
+
+function readSessionStorage(params: { issuerUri: string }) {
+    const { issuerUri } = params;
+
+    const value = sessionStorage.getItem(getSessionStorageKey({ issuerUri }));
+
+    if (value === null) {
+        return undefined;
+    }
+
+    return JSON.parse(value) as Partial<OidcClientTsOidcMetadata>;
+}
+
+function setSessionStorage(params: { issuerUri: string; oidcMetadata: Partial<OidcMetadata> }): void {
+    const { issuerUri, oidcMetadata } = params;
+
+    sessionStorage.setItem(getSessionStorageKey({ issuerUri }), JSON.stringify(oidcMetadata));
+}
+
+export async function fetchOidcMetadata(params: { issuerUri: string }) {
+    const { issuerUri } = params;
+
+    from_cache: {
+        const oidcMetadata = readSessionStorage({ issuerUri });
+
+        if (oidcMetadata === undefined) {
+            break from_cache;
+        }
+
+        return oidcMetadata;
+    }
+
+    let oidcMetadata: Partial<OidcMetadata>;
+
+    try {
+        const response = await fetch(`${issuerUri}${WELL_KNOWN_PATH}`, {
+            headers: {
+                Accept: "application/jwk-set+json, application/json"
+            }
+        });
+
+        if (!response.ok) {
+            throw new Error();
+        }
+
+        const obj = await response.json();
+
+        {
+            const { authorization_endpoint } = obj;
+
+            if (typeof authorization_endpoint !== "string") {
+                throw new Error();
+            }
+        }
+
+        oidcMetadata = obj;
+    } catch {
+        return undefined;
+    }
+
+    if (!getIsLikelyDevServer()) {
+        setSessionStorage({ issuerUri, oidcMetadata });
+    }
+
+    return oidcMetadata;
+}