oidc-spa 8.4.8 → 8.5.2

package/esm/core/tokenExfiltrationDefense_legacy.js

@@ -0,0 +1,130 @@
+import { assert } from "../tools/tsafe/assert";
+export function handleTokenExfiltrationDefense_legacy(params) {
+    const { freezeFetch, freezeXMLHttpRequest, freezeWebSocket, freezePromise, safeMode = false } = params;
+    const createWriteError = (target) => new Error([
+        `oidc-spa: Monkey patching of ${target} has been blocked for security reasons.`,
+        "You can disable this restriction by setting `safeMode: false` in `oidcEarlyInit()`",
+        "or in your Vite plugin configuration,",
+        "but please note this will reduce security.",
+        "If you believe this restriction is too strict, please open an issue at:",
+        "https://github.com/keycloakify/oidc-spa",
+        "We're still identifying real-world blockers and can safely add exceptions where needed.",
+        "For now, we prefer to err on the side of hardening rather than exposure."
+    ].join(" "));
+    for (const name of [
+        "fetch",
+        "XMLHttpRequest",
+        "WebSocket",
+        "Headers",
+        "URLSearchParams",
+        "String",
+        "Object",
+        "Promise",
+        "Array",
+        "RegExp",
+        "TextEncoder",
+        "Uint8Array",
+        "Uint32Array",
+        "Response",
+        "Reflect",
+        "JSON",
+        "encodeURIComponent",
+        "decodeURIComponent",
+        "atob",
+        "btoa"
+    ]) {
+        const doSkip = (() => {
+            switch (name) {
+                case "XMLHttpRequest":
+                    if (freezeXMLHttpRequest !== undefined) {
+                        return !freezeXMLHttpRequest;
+                    }
+                    break;
+                case "fetch":
+                    if (freezeFetch !== undefined) {
+                        return !freezeFetch;
+                    }
+                    break;
+                case "WebSocket":
+                    if (freezeWebSocket !== undefined) {
+                        return !freezeWebSocket;
+                    }
+                    break;
+                case "Promise":
+                    if (freezePromise !== undefined) {
+                        return !freezePromise;
+                    }
+                    break;
+            }
+            return !safeMode;
+        })();
+        if (doSkip) {
+            continue;
+        }
+        const original = window[name];
+        if (!original) {
+            continue;
+        }
+        if ("prototype" in original) {
+            for (const propertyName of Object.getOwnPropertyNames(original.prototype)) {
+                if (name === "Object") {
+                    if (propertyName === "toString" ||
+                        propertyName === "constructor" ||
+                        propertyName === "valueOf") {
+                        continue;
+                    }
+                }
+                if (name === "Array") {
+                    if (propertyName === "constructor" || propertyName === "concat") {
+                        continue;
+                    }
+                }
+                const pd = Object.getOwnPropertyDescriptor(original.prototype, propertyName);
+                assert(pd !== undefined);
+                if (!pd.configurable) {
+                    continue;
+                }
+                Object.defineProperty(original.prototype, propertyName, {
+                    enumerable: pd.enumerable,
+                    configurable: false,
+                    ...("value" in pd
+                        ? {
+                            get: () => pd.value,
+                            set: () => {
+                                throw createWriteError(`window.${name}.prototype.${propertyName}`);
+                            }
+                        }
+                        : {
+                            get: pd.get,
+                            set: pd.set ??
+                                (() => {
+                                    throw createWriteError(`window.${name}.prototype.${propertyName}`);
+                                })
+                        })
+                });
+            }
+        }
+        Object.defineProperty(window, name, {
+            configurable: false,
+            enumerable: true,
+            get: () => original,
+            set: () => {
+                throw createWriteError(`window.${name}`);
+            }
+        });
+    }
+    if (safeMode) {
+        for (const name of ["call", "apply", "bind"]) {
+            const original = Function.prototype[name];
+            Object.defineProperty(Function.prototype, name, {
+                configurable: false,
+                enumerable: true,
+                get: () => original,
+                set: () => {
+                    throw createWriteError(`window.Function.prototype.${name})`);
+                }
+            });
+        }
+    }
+}
+//# sourceMappingURL=tokenExfiltrationDefense_legacy.js.map

package/esm/core/tokenExfiltrationDefense_legacy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenExfiltrationDefense_legacy.js","sourceRoot":"","sources":["../../src/core/tokenExfiltrationDefense_legacy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAU/C,MAAM,UAAU,qCAAqC,CAAC,MAAc;IAChE,MAAM,EACF,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,aAAa,EACb,QAAQ,GAAG,KAAK,EACnB,GAAG,MAAM,CAAC;IAEX,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAE,EAAE,CACxC,IAAI,KAAK,CACL;QACI,gCAAgC,MAAM,yCAAyC;QAC/E,oFAAoF;QACpF,uCAAuC;QACvC,4CAA4C;QAC5C,yEAAyE;QACzE,yCAAyC;QACzC,yFAAyF;QACzF,0EAA0E;KAC7E,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IAEN,KAAK,MAAM,IAAI,IAAI;QACf,OAAO;QACP,gBAAgB;QAChB,WAAW;QACX,SAAS;QACT,iBAAiB;QACjB,QAAQ;QACR,QAAQ;QACR,SAAS;QACT,OAAO;QACP,QAAQ;QACR,aAAa;QACb,YAAY;QACZ,aAAa;QACb,UAAU;QACV,SAAS;QACT,MAAM;QACN,oBAAoB;QACpB,oBAAoB;QACpB,MAAM;QACN,MAAM;KACA,EAAE,CAAC;QACT,MAAM,MAAM,GAAG,CAAC,GAAG,EAAE;YACjB,QAAQ,IAAI,EAAE,CAAC;gBACX,KAAK,gBAAgB;oBACjB,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;wBACrC,OAAO,CAAC,oBAAoB,CAAC;oBACjC,CAAC;oBACD,MAAM;gBACV,KAAK,OAAO;oBACR,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;wBAC5B,OAAO,CAAC,WAAW,CAAC;oBACxB,CAAC;oBACD,MAAM;gBACV,KAAK,WAAW;oBACZ,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;wBAChC,OAAO,CAAC,eAAe,CAAC;oBAC5B,CAAC;oBACD,MAAM;gBACV,KAAK,SAAS;oBACV,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;wBAC9B,OAAO,CAAC,aAAa,CAAC;oBAC1B,CAAC;oBACD,MAAM;YACd,CAAC;YAED,OAAO,CAAC,QAAQ,CAAC;QACrB,CAAC,CAAC,EAAE,CAAC;QAEL,IAAI,MAAM,EAAE,CAAC;YACT,SAAS;QACb,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAE9B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,SAAS;QACb,CAAC;QAED,IAAI,WAAW,IAAI,QAAQ,EAAE,CAAC;YAC1B,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,mBAAmB,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACxE,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACpB,IACI,YAAY,KAAK,UAAU;wBAC3B,YAAY,KAAK,aAAa;wBAC9B,YAAY,KAAK,SAAS,EAC5B,CAAC;wBACC,SAAS;oBACb,CAAC;gBACL,CAAC;gBAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;oBACnB,IAAI,YAAY,KAAK,aAAa,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;wBAC9D,SAAS;oBACb,CAAC;gBACL,CAAC;gBAED,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,QAAQ,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;gBAE7E,MAAM,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;gBAEzB,IAAI,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC;oBACnB,SAAS;gBACb,CAAC;gBAED,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,YAAY,EAAE;oBACpD,UAAU,EAAE,EAAE,CAAC,UAAU;oBACzB,YAAY,EAAE,KAAK;oBACnB,GAAG,CAAC,OAAO,IAAI,EAAE;wBACb,CAAC,CAAC;4BACI,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK;4BACnB,GAAG,EAAE,GAAG,EAAE;gCACN,MAAM,gBAAgB,CAAC,UAAU,IAAI,cAAc,YAAY,EAAE,CAAC,CAAC;4BACvE,CAAC;yBACJ;wBACH,CAAC,CAAC;4BACI,GAAG,EAAE,EAAE,CAAC,GAAG;4BACX,GAAG,EACC,EAAE,CAAC,GAAG;gCACN,CAAC,GAAG,EAAE;oCACF,MAAM,gBAAgB,CAAC,UAAU,IAAI,cAAc,YAAY,EAAE,CAAC,CAAC;gCACvE,CAAC,CAAC;yBACT,CAAC;iBACX,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE;YAChC,YAAY,EAAE,KAAK;YACnB,UAAU,EAAE,IAAI;YAChB,GAAG,EAAE,GAAG,EAAE,CAAC,QAAQ;YACnB,GAAG,EAAE,GAAG,EAAE;gBACN,MAAM,gBAAgB,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;YAC7C,CAAC;SACJ,CAAC,CAAC;IACP,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACX,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAU,EAAE,CAAC;YACpD,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAE1C,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE;gBAC5C,YAAY,EAAE,KAAK;gBACnB,UAAU,EAAE,IAAI;gBAChB,GAAG,EAAE,GAAG,EAAE,CAAC,QAAQ;gBACnB,GAAG,EAAE,GAAG,EAAE;oBACN,MAAM,gBAAgB,CAAC,6BAA6B,IAAI,GAAG,CAAC,CAAC;gBACjE,CAAC;aACJ,CAAC,CAAC;QACP,CAAC;IACL,CAAC;AACL,CAAC"}

package/esm/core/tokenPlaceholderSubstitution.d.ts

@@ -0,0 +1,13 @@
+export declare function markTokenSubstitutionAdEnabled(): void;
+export declare function getIsTokenSubstitutionEnabled(): boolean;
+type Tokens = {
+    accessToken: string;
+    idToken: string;
+    refreshToken?: string;
+};
+export declare function getTokensPlaceholders(params: {
+    configId: string;
+    tokens: Tokens;
+}): Tokens;
+export declare function substitutePlaceholderByRealToken(text: string): string;
+export {};

package/esm/core/tokenPlaceholderSubstitution.js

@@ -0,0 +1,73 @@
+import { assert } from "../tools/tsafe/assert";
+let isTokenSubstitutionEnabled = false;
+export function markTokenSubstitutionAdEnabled() {
+    isTokenSubstitutionEnabled = true;
+}
+export function getIsTokenSubstitutionEnabled() {
+    return isTokenSubstitutionEnabled;
+}
+const entries = [];
+let counter = Math.floor(Math.random() * 1000000) + 1000000;
+export function getTokensPlaceholders(params) {
+    const { configId, tokens } = params;
+    assert(isTokenSubstitutionEnabled, "2934482");
+    for (const entry of entries) {
+        if (entry.configId !== configId) {
+            continue;
+        }
+        setTimeout(() => {
+            const index = entries.indexOf(entry);
+            if (index === -1) {
+                return;
+            }
+            entries.splice(index, 1);
+        }, 30000);
+    }
+    const id = counter++;
+    const entry_new = {
+        id,
+        configId,
+        tokens: {
+            accessToken: tokens.accessToken,
+            idToken: tokens.idToken,
+            refreshToken: tokens.refreshToken
+        }
+    };
+    entries.push(entry_new);
+    return {
+        accessToken: `access_token_placeholder_${id}`,
+        idToken: `id_token_placeholder_${id}`,
+        refreshToken: tokens.refreshToken === undefined ? undefined : `refresh_token_placeholder_${id}`
+    };
+}
+export function substitutePlaceholderByRealToken(text) {
+    let text_modified = text;
+    for (const [tokenType, regExp] of [
+        ["access_token", /access_token_placeholder_(\d+)/g],
+        ["id_token", /id_token_placeholder_(\d+)/g],
+        ["refresh_token", /refresh_token_placeholder_(\d+)/g]
+    ]) {
+        text_modified = text_modified.replace(regExp, (...[, p1]) => {
+            const id = parseInt(p1);
+            const entry = entries.find(e => e.id === id);
+            if (!entry) {
+                throw new Error([
+                    "oidc-spa: Outdated token used to make a request.",
+                    "Token should not be stored at the application level, when a token",
+                    "is needed, it should be requested and used immediately."
+                ].join(" "));
+            }
+            switch (tokenType) {
+                case "access_token":
+                    return entry.tokens.accessToken;
+                case "id_token":
+                    return entry.tokens.idToken;
+                case "refresh_token":
+                    assert(entry.tokens.refreshToken !== undefined, "204392284");
+                    return entry.tokens.refreshToken;
+            }
+        });
+    }
+    return text_modified;
+}
+//# sourceMappingURL=tokenPlaceholderSubstitution.js.map

package/esm/core/tokenPlaceholderSubstitution.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenPlaceholderSubstitution.js","sourceRoot":"","sources":["../../src/core/tokenPlaceholderSubstitution.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,IAAI,0BAA0B,GAAG,KAAK,CAAC;AAEvC,MAAM,UAAU,8BAA8B;IAC1C,0BAA0B,GAAG,IAAI,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,6BAA6B;IACzC,OAAO,0BAA0B,CAAC;AACtC,CAAC;AAQD,MAAM,OAAO,GAIP,EAAE,CAAC;AAET,IAAI,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,OAAS,CAAC,GAAG,OAAS,CAAC;AAEhE,MAAM,UAAU,qBAAqB,CAAC,MAA4C;IAC9E,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAEpC,MAAM,CAAC,0BAA0B,EAAE,SAAS,CAAC,CAAC;IAE9C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC1B,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC9B,SAAS;QACb,CAAC;QAED,UAAU,CAAC,GAAG,EAAE;YACZ,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAErC,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;gBACf,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC7B,CAAC,EAAE,KAAM,CAAC,CAAC;IACf,CAAC;IAED,MAAM,EAAE,GAAG,OAAO,EAAE,CAAC;IAErB,MAAM,SAAS,GAA6B;QACxC,EAAE;QACF,QAAQ;QACR,MAAM,EAAE;YACJ,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,YAAY,EAAE,MAAM,CAAC,YAAY;SACpC;KACJ,CAAC;IAEF,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAExB,OAAO;QACH,WAAW,EAAE,4BAA4B,EAAE,EAAE;QAC7C,OAAO,EAAE,wBAAwB,EAAE,EAAE;QACrC,YAAY,EAAE,MAAM,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,6BAA6B,EAAE,EAAE;KAClG,CAAC;AACN,CAAC;AAED,MAAM,UAAU,gCAAgC,CAAC,IAAY;IACzD,IAAI,aAAa,GAAG,IAAI,CAAC;IAEzB,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI;QAC9B,CAAC,cAAc,EAAE,iCAAiC,CAAC;QACnD,CAAC,UAAU,EAAE,6BAA6B,CAAC;QAC3C,CAAC,eAAe,EAAE,kCAAkC,CAAC;KAC/C,EAAE,CAAC;QACT,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE;YACxD,MAAM,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC;YAExB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YAE7C,IAAI,CAAC,KAAK,EAAE,CAAC;gBACT,MAAM,IAAI,KAAK,CACX;oBACI,kDAAkD;oBAClD,mEAAmE;oBACnE,yDAAyD;iBAC5D,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;YACN,CAAC;YAED,QAAQ,SAAS,EAAE,CAAC;gBAChB,KAAK,cAAc;oBACf,OAAO,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC;gBACpC,KAAK,UAAU;oBACX,OAAO,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC;gBAChC,KAAK,eAAe;oBAChB,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,KAAK,SAAS,EAAE,WAAW,CAAC,CAAC;oBAC7D,OAAO,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC;YACzC,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IAED,OAAO,aAAa,CAAC;AACzB,CAAC"}

package/esm/tools/isDomain.d.ts

@@ -0,0 +1 @@
+export declare function getIsDomain(hostname: string): boolean;

package/esm/tools/isDomain.js

@@ -0,0 +1,16 @@
+export function getIsDomain(hostname) {
+    // Reject IPv4
+    if (/^\d+\.\d+\.\d+\.\d+$/.test(hostname)) {
+        return false;
+    }
+    // Reject IPv6
+    if (hostname.includes(":")) {
+        return false;
+    }
+    // Must contain at least one dot (e.g., "example.com")
+    if (!hostname.includes(".")) {
+        return false;
+    }
+    return true;
+}
+//# sourceMappingURL=isDomain.js.map

package/esm/tools/isDomain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isDomain.js","sourceRoot":"","sources":["../../src/tools/isDomain.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,WAAW,CAAC,QAAgB;IACxC,cAAc;IACd,IAAI,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,cAAc;IACd,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,sDAAsD;IACtD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,IAAI,CAAC;AAChB,CAAC"}

package/esm/tools/isHostnameAuthorized.d.ts

@@ -0,0 +1,5 @@
+export declare function getIsHostnameAuthorized(params: {
+    allowedHostnames: string[];
+    hostname: string;
+    extendAuthorizationToParentDomain: boolean;
+}): boolean;

package/esm/tools/isHostnameAuthorized.js

@@ -0,0 +1,74 @@
+import { getIsLikelyDevServer } from "../tools/isLikelyDevServer";
+import { getIsDomain } from "../tools/isDomain";
+const MULTI_TENANT_DOMAINS = [
+    "vercel.app",
+    "netlify.app",
+    "github.io",
+    "pages.dev",
+    "web.app",
+    "firebaseapp.com",
+    "onrender.com",
+    "railway.app",
+    "fly.dev",
+    "herokuapp.com",
+    "amplifyapp.com",
+    "surge.sh",
+    "stackblitz.io",
+    "glitch.me",
+    "csb.app",
+    "codesandbox.io",
+    "repl.co",
+    "replit.dev",
+    "ondigitalocean.app",
+    "bubbleapps.io",
+    "wixsite.com",
+    "webflow.io",
+    "framer.app",
+    "deno.dev",
+    "azurestaticapps.net",
+    "run.app",
+    "cloudfront.net",
+    "qovery.io",
+    "northflank.app",
+    "cyclic.app",
+    "turso.io",
+    "koyeb.app",
+    "on.fleek.co",
+    "back4app.io"
+];
+export function getIsHostnameAuthorized(params) {
+    if (getIsLikelyDevServer()) {
+        return true;
+    }
+    const { hostname, allowedHostnames, extendAuthorizationToParentDomain } = params;
+    if (hostname === location.host) {
+        return true;
+    }
+    for (let allowedHost of allowedHostnames) {
+        allowedHost = allowedHost.toLocaleLowerCase();
+        if (allowedHost === hostname) {
+            return true;
+        }
+        if (allowedHost.startsWith("*") && hostname.endsWith(allowedHost.slice(1))) {
+            return true;
+        }
+    }
+    if (!extendAuthorizationToParentDomain) {
+        return false;
+    }
+    if (!getIsDomain(location.host) || !getIsDomain(hostname)) {
+        return false;
+    }
+    if (MULTI_TENANT_DOMAINS.find(suffix => location.host.endsWith(`.${suffix}`)) !== undefined) {
+        return false;
+    }
+    const trustedParentDomain = (() => {
+        const [s1, s2] = location.host.split(".").reverse();
+        return `${s2}.${s1}`;
+    })();
+    if (hostname.endsWith(`.${trustedParentDomain}`)) {
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=isHostnameAuthorized.js.map

package/esm/tools/isHostnameAuthorized.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isHostnameAuthorized.js","sourceRoot":"","sources":["../../src/tools/isHostnameAuthorized.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,oBAAoB,GAAG;IACzB,YAAY;IACZ,aAAa;IACb,WAAW;IACX,WAAW;IACX,SAAS;IACT,iBAAiB;IACjB,cAAc;IACd,aAAa;IACb,SAAS;IACT,eAAe;IACf,gBAAgB;IAChB,UAAU;IACV,eAAe;IACf,WAAW;IACX,SAAS;IACT,gBAAgB;IAChB,SAAS;IACT,YAAY;IACZ,oBAAoB;IACpB,eAAe;IACf,aAAa;IACb,YAAY;IACZ,YAAY;IACZ,UAAU;IACV,qBAAqB;IACrB,SAAS;IACT,gBAAgB;IAChB,WAAW;IACX,gBAAgB;IAChB,YAAY;IACZ,UAAU;IACV,WAAW;IACX,aAAa;IACb,aAAa;CAChB,CAAC;AAEF,MAAM,UAAU,uBAAuB,CAAC,MAIvC;IACG,IAAI,oBAAoB,EAAE,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,gBAAgB,EAAE,iCAAiC,EAAE,GAAG,MAAM,CAAC;IAEjF,IAAI,QAAQ,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,IAAI,WAAW,IAAI,gBAAgB,EAAE,CAAC;QACvC,WAAW,GAAG,WAAW,CAAC,iBAAiB,EAAE,CAAC;QAE9C,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzE,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAED,IAAI,CAAC,iCAAiC,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QAC1F,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE;QAC9B,MAAM,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;QAEpD,OAAO,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC;IACzB,CAAC,CAAC,EAAE,CAAC;IAEL,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,mBAAmB,EAAE,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC"}

package/esm/tools/isLikelyDevServer.js

@@ -1,14 +1,22 @@
+let isLikelyDevServer_cache = undefined;
 export function getIsLikelyDevServer() {
-    const origin = window.location.origin;
-    if (/^https?:\/\/localhost/.test(origin)) {
-        return true;
+    if (isLikelyDevServer_cache !== undefined) {
+        return isLikelyDevServer_cache;
     }
-    if (/^https?:\/\/\[::\]/.test(origin)) {
-        return true;
-    }
-    if (/^https?:\/\/127.0.0.1/.test(origin)) {
-        return true;
-    }
-    return false;
+    const isLikelyDevServer = (() => {
+        const origin = window.location.origin;
+        if (/^https?:\/\/localhost/.test(origin)) {
+            return true;
+        }
+        if (/^https?:\/\/\[::\]/.test(origin)) {
+            return true;
+        }
+        if (/^https?:\/\/127.0.0.1/.test(origin)) {
+            return true;
+        }
+        return false;
+    })();
+    isLikelyDevServer_cache = isLikelyDevServer;
+    return isLikelyDevServer;
 }
 //# sourceMappingURL=isLikelyDevServer.js.map

package/esm/tools/isLikelyDevServer.js.map

@@ -1 +1 @@
-{"version":3,"file":"isLikelyDevServer.js","sourceRoot":"","sources":["../../src/tools/isLikelyDevServer.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,oBAAoB;IAChC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;IAEtC,IAAI,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC"}
+{"version":3,"file":"isLikelyDevServer.js","sourceRoot":"","sources":["../../src/tools/isLikelyDevServer.ts"],"names":[],"mappings":"AAAA,IAAI,uBAAuB,GAAwB,SAAS,CAAC;AAE7D,MAAM,UAAU,oBAAoB;IAChC,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;QACxC,OAAO,uBAAuB,CAAC;IACnC,CAAC;IAED,MAAM,iBAAiB,GAAG,CAAC,GAAG,EAAE;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAEtC,IAAI,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,IAAI,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,IAAI,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC,CAAC,EAAE,CAAC;IAEL,uBAAuB,GAAG,iBAAiB,CAAC;IAE5C,OAAO,iBAAiB,CAAC;AAC7B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "oidc-spa",
-    "version": "8.4.8",
+    "version": "8.5.2",
     "description": "OIDC Client for Client Centric Web Applications",
     "repository": {
         "type": "git",

package/src/core/createOidc.ts

@@ -1211,6 +1211,7 @@ export async function createOidc_nonMemoized<
     assert(oidcMetadata !== undefined, "30483403");
 
     let currentTokens = oidcClientTsUserToTokens({
+        configId,
         oidcClientTsUser: resultOfLoginProcess.oidcClientTsUser,
         decodedIdTokenSchema,
         __unsafe_useIdTokenAsAccessToken,
@@ -1537,6 +1538,7 @@ export async function createOidc_nonMemoized<
                 }
 
                 currentTokens = oidcClientTsUserToTokens({
+                    configId,
                     oidcClientTsUser,
                     decodedIdTokenSchema,
                     __unsafe_useIdTokenAsAccessToken,