@axa-fr/oidc-client
Version:
OpenID Connect & OAuth authentication using native javascript only, compatible with angular, react, vue, svelte, next, etc.
1,374 lines • 67.8 kB
JavaScript
class H {
open(n) {
window.location.href = n;
}
reload() {
window.location.reload();
}
getCurrentHref() {
return window.location.href;
}
getPath() {
const n = window.location;
return n.pathname + (n.search || "") + (n.hash || "");
}
getOrigin() {
return window.origin;
}
}
const le = 2e3, D = console;
class Ne {
constructor(n, s, t, o = le, i = !0) {
this._callback = n, this._client_id = s, this._url = t, this._interval = o || le, this._stopOnError = i;
const r = t.indexOf("/", t.indexOf("//") + 2);
this._frame_origin = t.substring(0, r), this._frame = window.document.createElement("iframe"), this._frame.style.visibility = "hidden", this._frame.style.position = "absolute", this._frame.style.display = "none", this._frame.width = 0, this._frame.height = 0, this._frame.src = t;
}
load() {
return new Promise((n) => {
this._frame.onload = () => {
n();
}, window.document.body.appendChild(this._frame), this._boundMessageEvent = this._message.bind(this), window.addEventListener("message", this._boundMessageEvent, !1);
});
}
_message(n) {
n.origin === this._frame_origin && n.source === this._frame.contentWindow && (n.data === "error" ? (D.error("CheckSessionIFrame: error message from check session op iframe"), this._stopOnError && this.stop()) : n.data === "changed" ? (D.debug(n), D.debug("CheckSessionIFrame: changed message from check session op iframe"), this.stop(), this._callback()) : D.debug("CheckSessionIFrame: " + n.data + " message from check session op iframe"));
}
start(n) {
D.debug("CheckSessionIFrame.start :" + n), this.stop();
const s = () => {
this._frame.contentWindow.postMessage(
this._client_id + " " + n,
this._frame_origin
);
};
s(), this._timer = window.setInterval(s, this._interval);
}
stop() {
this._timer && (D.debug("CheckSessionIFrame.stop"), window.clearInterval(this._timer), this._timer = null);
}
}
const k = {
service_worker_not_supported_by_browser: "service_worker_not_supported_by_browser",
token_acquired: "token_acquired",
logout_from_another_tab: "logout_from_another_tab",
logout_from_same_tab: "logout_from_same_tab",
token_renewed: "token_renewed",
token_timer: "token_timer",
loginAsync_begin: "loginAsync_begin",
loginAsync_error: "loginAsync_error",
loginCallbackAsync_begin: "loginCallbackAsync_begin",
loginCallbackAsync_end: "loginCallbackAsync_end",
loginCallbackAsync_error: "loginCallbackAsync_error",
refreshTokensAsync_begin: "refreshTokensAsync_begin",
refreshTokensAsync: "refreshTokensAsync",
refreshTokensAsync_end: "refreshTokensAsync_end",
refreshTokensAsync_error: "refreshTokensAsync_error",
refreshTokensAsync_silent_error: "refreshTokensAsync_silent_error",
tryKeepExistingSessionAsync_begin: "tryKeepExistingSessionAsync_begin",
tryKeepExistingSessionAsync_end: "tryKeepExistingSessionAsync_end",
tryKeepExistingSessionAsync_error: "tryKeepExistingSessionAsync_error",
silentLoginAsync_begin: "silentLoginAsync_begin",
silentLoginAsync: "silentLoginAsync",
silentLoginAsync_end: "silentLoginAsync_end",
silentLoginAsync_error: "silentLoginAsync_error",
syncTokensAsync_begin: "syncTokensAsync_begin",
syncTokensAsync_lock_not_available: "syncTokensAsync_lock_not_available",
syncTokensAsync_end: "syncTokensAsync_end",
syncTokensAsync_error: "syncTokensAsync_error",
tokensInvalidAndWaitingActionsToRefresh: "tokensInvalidAndWaitingActionsToRefresh"
}, I = (e, n = sessionStorage) => {
const s = (g) => (n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: g }), Promise.resolve()), t = async () => {
if (!n[`oidc.${e}`])
return n[`oidc.${e}`] = JSON.stringify({ tokens: null, status: null }), { tokens: null, status: null };
const g = JSON.parse(n[`oidc.${e}`]);
return Promise.resolve({ tokens: g.tokens, status: g.status });
}, o = (g) => {
n[`oidc.${e}`] = JSON.stringify({ tokens: g });
}, i = async (g) => {
n[`oidc.session_state.${e}`] = g;
}, r = async () => n[`oidc.session_state.${e}`], a = (g) => {
n[`oidc.nonce.${e}`] = g.nonce;
}, c = (g) => {
n[`oidc.jwk.${e}`] = JSON.stringify(g);
}, l = () => JSON.parse(n[`oidc.jwk.${e}`]), d = async () => ({ nonce: n[`oidc.nonce.${e}`] }), u = async (g) => {
n[`oidc.dpop_nonce.${e}`] = g;
}, _ = () => n[`oidc.dpop_nonce.${e}`], f = () => n[`oidc.${e}`] ? JSON.stringify({ tokens: JSON.parse(n[`oidc.${e}`]).tokens }) : null, y = {};
return {
clearAsync: s,
initAsync: t,
setTokens: o,
getTokens: f,
setSessionStateAsync: i,
getSessionStateAsync: r,
setNonceAsync: a,
getNonceAsync: d,
setLoginParams: (g) => {
y[e] = g, n[`oidc.login.${e}`] = JSON.stringify(g);
},
getLoginParams: () => {
const g = n[`oidc.login.${e}`];
return g ? (y[e] || (y[e] = JSON.parse(g)), y[e]) : (console.warn(
`storage[oidc.login.${e}] is empty, you should have an bad OIDC or code configuration somewhere.`
), null);
},
getStateAsync: async () => n[`oidc.state.${e}`],
setStateAsync: async (g) => {
n[`oidc.state.${e}`] = g;
},
getCodeVerifierAsync: async () => n[`oidc.code_verifier.${e}`],
setCodeVerifierAsync: async (g) => {
n[`oidc.code_verifier.${e}`] = g;
},
setDemonstratingProofOfPossessionNonce: u,
getDemonstratingProofOfPossessionNonce: _,
setDemonstratingProofOfPossessionJwkAsync: c,
getDemonstratingProofOfPossessionJwkAsync: l
};
};
var V = /* @__PURE__ */ ((e) => (e.AutomaticBeforeTokenExpiration = "AutomaticBeforeTokensExpiration", e.AutomaticOnlyWhenFetchExecuted = "AutomaticOnlyWhenFetchExecuted", e))(V || {});
const xe = (e) => decodeURIComponent(
Array.prototype.map.call(atob(e), (n) => "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2)).join("")
), We = (e) => JSON.parse(xe(e.replaceAll(/-/g, "+").replaceAll(/_/g, "/"))), ue = (e) => {
try {
return e && Le(e, ".") === 2 ? We(e.split(".")[1]) : null;
} catch (n) {
console.warn(n);
}
return null;
}, Le = (e, n) => e.split(n).length - 1, z = {
access_token_or_id_token_invalid: "access_token_or_id_token_invalid",
access_token_invalid: "access_token_invalid",
id_token_invalid: "id_token_invalid"
};
function De(e, n, s) {
if (e.issuedAt) {
if (typeof e.issuedAt == "string")
return parseInt(e.issuedAt, 10);
} else return n && n.iat ? n.iat : s && s.iat ? s.iat : (/* @__PURE__ */ new Date()).getTime() / 1e3;
return e.issuedAt;
}
const te = (e, n = null, s) => {
if (!e)
return null;
let t;
const o = typeof e.expiresIn == "string" ? parseInt(e.expiresIn, 10) : e.expiresIn;
e.accessTokenPayload !== void 0 ? t = e.accessTokenPayload : t = ue(e.accessToken);
let i;
n != null && "idToken" in n && !("idToken" in e) ? i = n.idToken : i = e.idToken;
const r = e.idTokenPayload ? e.idTokenPayload : ue(i), a = r && r.exp ? r.exp : Number.MAX_VALUE, c = t && t.exp ? t.exp : e.issuedAt + o;
e.issuedAt = De(e, t, r);
let l;
e.expiresAt ? l = e.expiresAt : s === z.access_token_invalid ? l = c : s === z.id_token_invalid ? l = a : l = a < c ? a : c;
const d = {
...e,
idTokenPayload: r,
accessTokenPayload: t,
expiresAt: l,
idToken: i
};
if (n != null && "refreshToken" in n && !("refreshToken" in e)) {
const u = n.refreshToken;
return { ...d, refreshToken: u };
}
return d;
}, oe = (e, n, s) => {
if (!e)
return null;
if (!e.issued_at) {
const o = (/* @__PURE__ */ new Date()).getTime() / 1e3;
e.issued_at = o;
}
const t = {
accessToken: e.access_token,
expiresIn: e.expires_in,
idToken: e.id_token,
scope: e.scope,
tokenType: e.token_type,
issuedAt: e.issued_at
};
return "refresh_token" in e && (t.refreshToken = e.refresh_token), e.accessTokenPayload !== void 0 && (t.accessTokenPayload = e.accessTokenPayload), e.idTokenPayload !== void 0 && (t.idTokenPayload = e.idTokenPayload), te(t, n, s);
}, K = (e, n) => {
const s = (/* @__PURE__ */ new Date()).getTime() / 1e3, t = n - s;
return Math.round(t - e);
}, _e = (e, n = 0) => e ? K(n, e.expiresAt) > 0 : !1, me = async (e, n = 200, s = 50) => {
let t = s;
if (!e.getTokens())
return null;
for (; !_e(
e.getTokens(),
e.configuration.refresh_time_before_tokens_expiration_in_second
) && t > 0; ) {
if (e.configuration.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted) {
await e.renewTokensAsync({});
break;
} else
await ie({ milliseconds: n });
t = t - 1;
}
return {
isTokensValid: _e(e.getTokens()),
tokens: e.getTokens(),
numberWaited: t - s
};
}, pe = (e, n, s) => {
if (e.idTokenPayload) {
const t = e.idTokenPayload;
if (s.issuer !== t.iss)
return {
isValid: !1,
reason: `Issuer does not match (oidcServerConfiguration issuer) ${s.issuer} !== (idTokenPayload issuer) ${t.iss}`
};
const o = (/* @__PURE__ */ new Date()).getTime() / 1e3;
if (t.exp && t.exp < o)
return {
isValid: !1,
reason: `Token expired (idTokenPayload exp) ${t.exp} < (currentTimeUnixSecond) ${o}`
};
const i = 60 * 60 * 24 * 7;
if (t.iat && t.iat + i < o)
return {
isValid: !1,
reason: `Token is used from too long time (idTokenPayload iat + timeInSevenDays) ${t.iat + i} < (currentTimeUnixSecond) ${o}`
};
if (t.nonce && t.nonce !== n)
return {
isValid: !1,
reason: `Nonce does not match (idTokenPayload nonce) ${t.nonce} !== (nonce) ${n}`
};
}
return { isValid: !0, reason: "" };
}, U = function() {
const e = typeof window > "u" ? global : window;
return {
setTimeout: setTimeout.bind(e),
clearTimeout: clearTimeout.bind(e),
setInterval: setInterval.bind(e),
clearInterval: clearInterval.bind(e)
};
}(), q = "7.25.13";
let fe = null, j;
const ie = ({ milliseconds: e }) => new Promise((n) => U.setTimeout(n, e)), we = (e = "/") => {
try {
j = new AbortController(), fetch(
`${e}OidcKeepAliveServiceWorker.json?minSleepSeconds=150`,
{ signal: j.signal }
).catch((t) => {
console.log(t);
}), ie({ milliseconds: 150 * 1e3 }).then(we);
} catch (n) {
console.log(n);
}
}, Y = () => {
j && j.abort();
}, Ae = (e) => {
const n = sessionStorage.getItem(`oidc.tabId.${e}`);
if (n)
return n;
const s = globalThis.crypto.randomUUID();
return sessionStorage.setItem(`oidc.tabId.${e}`, s), s;
}, O = (e) => (n) => new Promise(function(s, t) {
const o = new MessageChannel();
o.port1.onmessage = function(i) {
i != null && i.data.error ? t(i.data.error) : s(i.data), o.port1.close(), o.port2.close();
}, e.active.postMessage({ ...n, tabId: Ae(n.configurationName) }, [
o.port2
]);
}), C = async (e, n) => {
const s = e.service_worker_relative_url;
if (typeof window > "u" || typeof navigator > "u" || !navigator.serviceWorker || !s || e.service_worker_activate() === !1)
return null;
const t = `${s}?v=${q}`;
let o = null;
e.service_worker_register ? o = await e.service_worker_register(s) : o = await navigator.serviceWorker.register(t, {
updateViaCache: "none"
}), o.addEventListener("updatefound", () => {
const h = o.installing;
Y(), h == null || h.addEventListener("statechange", () => {
h.state === "installed" && navigator.serviceWorker.controller && (Y(), console.log("New SW waiting – skipWaiting()"), h.postMessage({ type: "SKIP_WAITING" }));
});
}), navigator.serviceWorker.addEventListener("controllerchange", () => {
console.log("SW controller changed – reloading page"), Y(), window.location.reload();
});
try {
await navigator.serviceWorker.ready, navigator.serviceWorker.controller || await O(o)({ type: "claim" });
} catch (h) {
return console.warn(`Failed init ServiceWorker ${h.toString()}`), null;
}
const i = async (h) => O(o)({ type: "clear", data: { status: h }, configurationName: n }), r = async (h, b, S) => {
const m = await O(o)({
type: "init",
data: {
oidcServerConfiguration: h,
where: b,
oidcConfiguration: {
token_renew_mode: S.token_renew_mode,
service_worker_convert_all_requests_to_cors: S.service_worker_convert_all_requests_to_cors
}
},
configurationName: n
}), x = m.version;
return x !== q && console.warn(
`Service worker ${x} version mismatch with js client version ${q}, unregistering and reloading`
), {
tokens: oe(m.tokens, null, S.token_renew_mode),
status: m.status
};
}, a = (h = "/") => {
fe == null && (fe = "not_null", we(h));
}, c = (h) => O(o)({
type: "setSessionState",
data: { sessionState: h },
configurationName: n
}), l = async () => (await O(o)({
type: "getSessionState",
data: null,
configurationName: n
})).sessionState, d = (h) => (sessionStorage[`oidc.nonce.${n}`] = h.nonce, O(o)({
type: "setNonce",
data: { nonce: h },
configurationName: n
})), u = async (h = !0) => {
let S = (await O(o)({
type: "getNonce",
data: null,
configurationName: n
})).nonce;
return S || (S = sessionStorage[`oidc.nonce.${n}`], console.warn("nonce not found in service worker, using sessionStorage"), h && (await d(S), S = (await u(!1)).nonce)), { nonce: S };
}, _ = {}, f = (h) => {
_[n] = h, localStorage[`oidc.login.${n}`] = JSON.stringify(h);
}, y = () => {
const h = localStorage[`oidc.login.${n}`];
return _[n] || (_[n] = JSON.parse(h)), _[n];
}, p = async (h) => {
await O(o)({
type: "setDemonstratingProofOfPossessionNonce",
data: { demonstratingProofOfPossessionNonce: h },
configurationName: n
});
}, w = async () => (await O(o)({
type: "getDemonstratingProofOfPossessionNonce",
data: null,
configurationName: n
})).demonstratingProofOfPossessionNonce, v = async (h) => {
const b = JSON.stringify(h);
await O(o)({
type: "setDemonstratingProofOfPossessionJwk",
data: { demonstratingProofOfPossessionJwkJson: b },
configurationName: n
});
}, P = async () => {
const h = await O(o)({
type: "getDemonstratingProofOfPossessionJwk",
data: null,
configurationName: n
});
return h.demonstratingProofOfPossessionJwkJson ? JSON.parse(h.demonstratingProofOfPossessionJwkJson) : null;
}, A = async (h = !0) => {
let S = (await O(o)({
type: "getState",
data: null,
configurationName: n
})).state;
return S || (S = sessionStorage[`oidc.state.${n}`], console.warn("state not found in service worker, using sessionStorage"), h && (await T(S), S = await A(!1))), S;
}, T = async (h) => (sessionStorage[`oidc.state.${n}`] = h, O(o)({
type: "setState",
data: { state: h },
configurationName: n
})), g = async (h = !0) => {
let S = (await O(o)({
type: "getCodeVerifier",
data: null,
configurationName: n
})).codeVerifier;
return S || (S = sessionStorage[`oidc.code_verifier.${n}`], console.warn("codeVerifier not found in service worker, using sessionStorage"), h && (await E(S), S = await g(!1))), S;
}, E = async (h) => (sessionStorage[`oidc.code_verifier.${n}`] = h, O(o)({
type: "setCodeVerifier",
data: { codeVerifier: h },
configurationName: n
}));
return {
clearAsync: i,
initAsync: r,
startKeepAliveServiceWorker: () => a(e.service_worker_keep_alive_path),
setSessionStateAsync: c,
getSessionStateAsync: l,
setNonceAsync: d,
getNonceAsync: u,
setLoginParams: f,
getLoginParams: y,
getStateAsync: A,
setStateAsync: T,
getCodeVerifierAsync: g,
setCodeVerifierAsync: E,
setDemonstratingProofOfPossessionNonce: p,
getDemonstratingProofOfPossessionNonce: w,
setDemonstratingProofOfPossessionJwkAsync: v,
getDemonstratingProofOfPossessionJwkAsync: P
};
}, R = {}, Re = (e, n = window.sessionStorage, s) => {
if (!R[e] && n) {
const o = n.getItem(e);
o && (R[e] = JSON.parse(o));
}
const t = 1e3 * s;
return R[e] && R[e].timestamp + t > Date.now() ? R[e].result : null;
}, $e = (e, n, s = window.sessionStorage) => {
const t = Date.now();
R[e] = { result: n, timestamp: t }, s && s.setItem(e, JSON.stringify({ result: n, timestamp: t }));
};
function Se(e) {
return new TextEncoder().encode(e);
}
function Te(e) {
return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+/g, "");
}
function Ue(e) {
return encodeURIComponent(e).replace(/%([0-9A-F]{2})/g, function(s, t) {
return String.fromCharCode(parseInt(t, 16));
});
}
const re = (e) => {
let n = "";
return e.forEach(function(s) {
n += String.fromCharCode(s);
}), Te(n);
};
function de(e) {
return Te(Ue(e));
}
const Ke = {
importKeyAlgorithm: {
name: "ECDSA",
namedCurve: "P-256",
hash: { name: "ES256" }
},
signAlgorithm: { name: "ECDSA", hash: { name: "SHA-256" } },
generateKeyAlgorithm: {
name: "ECDSA",
namedCurve: "P-256"
},
digestAlgorithm: { name: "SHA-256" },
jwtHeaderAlgorithm: "ES256"
}, Fe = (e) => async (n, s, t, o, i = "dpop+jwt") => {
switch (n = Object.assign({}, n), s.typ = i, s.alg = o.jwtHeaderAlgorithm, s.alg) {
case "ES256":
s.jwk = { kty: n.kty, crv: n.crv, x: n.x, y: n.y };
break;
case "RS256":
s.jwk = { kty: n.kty, n: n.n, e: n.e, kid: s.kid };
break;
default:
throw new Error("Unknown or not implemented JWS algorithm");
}
const r = {
// @ts-ignore
// JWT "headers" really means JWS "protected headers"
protected: de(JSON.stringify(s)),
// @ts-ignore
// JWT "claims" are really a JSON-defined JWS "payload"
payload: de(JSON.stringify(t))
}, a = o.importKeyAlgorithm, c = !0, l = ["sign"], d = await e.crypto.subtle.importKey("jwk", n, a, c, l), u = Se(`${r.protected}.${r.payload}`), _ = o.signAlgorithm, f = await e.crypto.subtle.sign(_, d, u);
return r.signature = re(new Uint8Array(f)), `${r.protected}.${r.payload}.${r.signature}`;
}, Ve = { sign: Fe }, Me = (e) => async (n) => {
const s = n, t = !0, o = ["sign", "verify"], i = await e.crypto.subtle.generateKey(s, t, o);
return await e.crypto.subtle.exportKey("jwk", i.privateKey);
}, Je = (e) => {
const n = Object.assign({}, e);
return delete n.d, n.key_ops = ["verify"], n;
}, Be = {
generate: Me,
neuter: Je
}, He = (e) => async (n, s) => {
let t;
switch (n.kty) {
case "EC":
t = '{"crv":"CRV","kty":"EC","x":"X","y":"Y"}'.replace("CRV", n.crv).replace("X", n.x).replace("Y", n.y);
break;
case "RSA":
t = '{"e":"E","kty":"RSA","n":"N"}'.replace("E", n.e).replace("N", n.n);
break;
default:
throw new Error("Unknown or not implemented JWK type");
}
const o = await e.crypto.subtle.digest(s, Se(t));
return re(new Uint8Array(o));
}, je = { thumbprint: He }, Ge = (e) => async (n) => await Be.generate(e)(n), ve = (e) => (n) => async (s, t = "POST", o, i = {}) => {
const r = {
// https://www.rfc-editor.org/rfc/rfc9449.html#name-concept
jti: btoa(qe()),
htm: t,
htu: o,
iat: Math.round(Date.now() / 1e3),
...i
}, a = await je.thumbprint(e)(
s,
n.digestAlgorithm
);
return await Ve.sign(e)(
s,
{ kid: a },
r,
n
);
}, qe = () => {
const e = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", n = "0123456789abcdef";
let s = 0, t = "";
for (let o = 0; o < 36; o++)
e[o] !== "-" && e[o] !== "4" && (s = Math.random() * 16 | 0), e[o] === "x" ? t += n[s] : e[o] === "y" ? (s &= 3, s |= 8, t += n[s]) : t += e[o];
return t;
}, Ee = () => {
const e = typeof window < "u" && !!window.crypto, n = e && !!window.crypto.subtle;
return { hasCrypto: e, hasSubtleCrypto: n };
}, Q = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", Ye = (e) => {
const n = [];
for (let s = 0; s < e.byteLength; s += 1) {
const t = e[s] % Q.length;
n.push(Q[t]);
}
return n.join("");
}, Z = (e) => {
const n = new Uint8Array(e), { hasCrypto: s } = Ee();
if (s)
window.crypto.getRandomValues(n);
else
for (let t = 0; t < e; t += 1)
n[t] = Math.random() * Q.length | 0;
return Ye(n);
};
function Xe(e) {
const n = new ArrayBuffer(e.length), s = new Uint8Array(n);
for (let t = 0; t < e.length; t++)
s[t] = e.charCodeAt(t);
return s;
}
function be(e) {
return new Promise((n, s) => {
crypto.subtle.digest("SHA-256", Xe(e)).then(
(t) => n(re(new Uint8Array(t))),
(t) => s(t)
);
});
}
const ze = (e) => {
if (e.length < 43 || e.length > 128)
return Promise.reject(new Error("Invalid code length."));
const { hasSubtleCrypto: n } = Ee();
return n ? be(e) : Promise.reject(new Error("window.crypto.subtle is unavailable."));
}, Qe = 60 * 60, Ze = (e) => async (n, s = Qe, t = window.sessionStorage, o = 1e4) => {
const i = `${n}/.well-known/openid-configuration`, r = `oidc.server:${n}`, a = Re(r, t, s);
if (a)
return new se(a);
const c = await J(e)(i, {}, o);
if (c.status !== 200)
return null;
const l = await c.json();
return $e(r, l, t), new se(l);
}, J = (e) => async (n, s = {}, t = 1e4, o = 0) => {
let i;
try {
const r = new AbortController();
setTimeout(() => r.abort(), t), i = await e(n, { ...s, signal: r.signal });
} catch (r) {
if (r.name === "AbortError" || r.message === "Network request failed") {
if (o <= 1)
return await J(e)(n, s, t, o + 1);
throw r;
} else
throw console.error(r.message), r;
}
return i;
}, ee = {
refresh_token: "refresh_token",
access_token: "access_token"
}, he = (e) => async (n, s, t = ee.refresh_token, o, i = {}, r = 1e4) => {
const a = {
token: s,
token_type_hint: t,
client_id: o
};
for (const [u, _] of Object.entries(i))
a[u] === void 0 && (a[u] = _);
const c = [];
for (const u in a) {
const _ = encodeURIComponent(u), f = encodeURIComponent(a[u]);
c.push(`${_}=${f}`);
}
const l = c.join("&");
return (await J(e)(
n,
{
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8"
},
body: l
},
r
)).status !== 200 ? { success: !1 } : {
success: !0
};
}, en = (e) => async (n, s, t, o, i = {}, r, a = 1e4) => {
for (const [f, y] of Object.entries(t))
s[f] === void 0 && (s[f] = y);
const c = [];
for (const f in s) {
const y = encodeURIComponent(f), p = encodeURIComponent(s[f]);
c.push(`${y}=${p}`);
}
const l = c.join("&"), d = await J(e)(
n,
{
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
...i
},
body: l
},
a
);
if (d.status !== 200)
return {
success: !1,
status: d.status,
demonstratingProofOfPossessionNonce: null
};
const u = await d.json();
let _ = null;
return d.headers.has(G) && (_ = d.headers.get(
G
)), {
success: !0,
status: d.status,
data: oe(u, o, r),
demonstratingProofOfPossessionNonce: _
};
}, nn = (e, n) => async (s, t) => {
t = t ? { ...t } : {};
const o = Z(128), i = await ze(o);
await e.setCodeVerifierAsync(o), await e.setStateAsync(t.state), t.code_challenge = i, t.code_challenge_method = "S256";
let r = "";
if (t)
for (const [a, c] of Object.entries(t))
r === "" ? r += "?" : r += "&", r += `${a}=${encodeURIComponent(c)}`;
n.open(`${s}${r}`);
}, G = "DPoP-Nonce", sn = (e) => async (n, s, t, o, i = 1e4) => {
s = s ? { ...s } : {}, s.code_verifier = await e.getCodeVerifierAsync();
const r = [];
for (const u in s) {
const _ = encodeURIComponent(u), f = encodeURIComponent(s[u]);
r.push(`${_}=${f}`);
}
const a = r.join("&"), c = await J(fetch)(
n,
{
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
...t
},
body: a
},
i
);
if (await Promise.all([e.setCodeVerifierAsync(null), e.setStateAsync(null)]), c.status !== 200)
return { success: !1, status: c.status };
let l = null;
c.headers.has(G) && (l = c.headers.get(
G
));
const d = await c.json();
return {
success: !0,
data: {
state: s.state,
tokens: oe(d, null, o),
demonstratingProofOfPossessionNonce: l
}
};
};
async function ye(e, n, s, t = null) {
const o = (c) => {
e.tokens = c;
}, { tokens: i, status: r } = await B(e)(
o,
0,
n,
s,
t
);
return await C(e.configuration, e.configurationName) || await I(e.configurationName, e.configuration.storage).setTokens(e.tokens), e.tokens ? i : (await e.destroyAsync(r), null);
}
async function Oe(e, n = !1, s = null, t = null) {
const o = e.configuration, i = `${o.client_id}_${e.configurationName}_${o.authority}`;
let r;
const a = await C(e.configuration, e.configurationName);
if ((o == null ? void 0 : o.storage) === (window == null ? void 0 : window.sessionStorage) && !a || !navigator.locks)
r = await ye(e, n, s, t);
else {
let c = "retry";
for (; c === "retry"; )
c = await navigator.locks.request(
i,
{ ifAvailable: !0 },
async (l) => l ? await ye(e, n, s, t) : (e.publishEvent(N.eventNames.syncTokensAsync_lock_not_available, {
lock: "lock not available"
}), "retry")
);
r = c;
}
return r ? (e.timeoutId && (e.timeoutId = M(e, e.tokens.expiresAt, s, t)), e.tokens) : null;
}
const M = (e, n, s = null, t = null) => {
const o = e.configuration.refresh_time_before_tokens_expiration_in_second;
return e.timeoutId && U.clearTimeout(e.timeoutId), U.setTimeout(async () => {
const r = { timeLeft: K(o, n) };
e.publishEvent(N.eventNames.token_timer, r), await Oe(e, !1, s, t);
}, 1e3);
}, W = {
FORCE_REFRESH: "FORCE_REFRESH",
SESSION_LOST: "SESSION_LOST",
NOT_CONNECTED: "NOT_CONNECTED",
TOKENS_VALID: "TOKENS_VALID",
TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID",
LOGOUT_FROM_ANOTHER_TAB: "LOGOUT_FROM_ANOTHER_TAB",
REQUIRE_SYNC_TOKENS: "REQUIRE_SYNC_TOKENS"
}, tn = (e) => async (n, s, t, o = !1) => {
const i = { nonce: null };
if (!t)
return { tokens: null, status: "NOT_CONNECTED", nonce: i };
let r = i;
const a = await e.initAsync(
n.authority,
n.authority_configuration
), c = await C(n, s);
if (c) {
const { status: u, tokens: _ } = await c.initAsync(
a,
"syncTokensAsync",
n
);
if (u === "LOGGED_OUT")
return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
if (u === "SESSIONS_LOST")
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
if (!u || !_)
return { tokens: null, status: "REQUIRE_SYNC_TOKENS", nonce: i };
if (_.issuedAt !== t.issuedAt) {
const y = K(
n.refresh_time_before_tokens_expiration_in_second,
_.expiresAt
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", p = await c.getNonceAsync();
return { tokens: _, status: y, nonce: p };
}
r = await c.getNonceAsync();
} else {
const u = I(s, n.storage ?? sessionStorage), _ = await u.initAsync();
let { tokens: f } = _;
const { status: y } = _;
if (f && (f = te(f, e.tokens, n.token_renew_mode)), f) {
if (y === "SESSIONS_LOST")
return { tokens: null, status: "SESSIONS_LOST", nonce: i };
if (f.issuedAt !== t.issuedAt) {
const w = K(
n.refresh_time_before_tokens_expiration_in_second,
f.expiresAt
) > 0 ? "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID" : "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_INVALID", v = await u.getNonceAsync();
return { tokens: f, status: w, nonce: v };
}
} else return { tokens: null, status: "LOGOUT_FROM_ANOTHER_TAB", nonce: i };
r = await u.getNonceAsync();
}
const d = K(
n.refresh_time_before_tokens_expiration_in_second,
t.expiresAt
) > 0 ? "TOKENS_VALID" : "TOKENS_INVALID";
return o ? { tokens: t, status: "FORCE_REFRESH", nonce: r } : { tokens: t, status: d, nonce: r };
}, B = (e) => async (n, s = 0, t = !1, o = null, i = null) => {
if (!navigator.onLine && document.hidden)
return { tokens: e.tokens, status: "GIVE_UP" };
let r = 6;
for (; !navigator.onLine && r > 0; )
await ie({ milliseconds: 1e3 }), r--, e.publishEvent(k.refreshTokensAsync, {
message: `wait because navigator is offline try ${r}`
});
const a = document.hidden, c = a ? s : s + 1;
if (s > 4)
return a ? { tokens: e.tokens, status: "GIVE_UP" } : (n(null), e.publishEvent(k.refreshTokensAsync_error, { message: "refresh token" }), { tokens: null, status: "SESSION_LOST" });
o || (o = {});
const l = e.configuration, d = (_, f = null, y = null) => ae(
e.configurationName,
e.configuration,
e.publishEvent.bind(e)
)(_, f, y), u = async () => {
try {
let _;
const f = await C(l, e.configurationName);
f ? _ = f.getLoginParams() : _ = I(e.configurationName, l.storage).getLoginParams();
const y = await d({
..._.extras,
...o,
prompt: "none",
scope: i
});
return y ? y.error ? (n(null), e.publishEvent(k.refreshTokensAsync_error, {
message: "refresh token silent"
}), { tokens: null, status: "SESSION_LOST" }) : (n(y.tokens), e.publishEvent(N.eventNames.token_renewed, {}), { tokens: y.tokens, status: "LOGGED" }) : (n(null), e.publishEvent(k.refreshTokensAsync_error, {
message: "refresh token silent not active"
}), { tokens: null, status: "SESSION_LOST" });
} catch (_) {
return console.error(_), e.publishEvent(k.refreshTokensAsync_silent_error, {
message: "exceptionSilent",
exception: _.message
}), await B(e)(
n,
c,
t,
o,
i
);
}
};
try {
const { status: _, tokens: f, nonce: y } = await tn(e)(
l,
e.configurationName,
e.tokens,
t
);
switch (_) {
case W.SESSION_LOST:
return n(null), e.publishEvent(k.refreshTokensAsync_error, {
message: "refresh token session lost"
}), { tokens: null, status: "SESSION_LOST" };
case W.NOT_CONNECTED:
return n(null), { tokens: null, status: null };
case W.TOKENS_VALID:
return n(f), { tokens: f, status: "LOGGED_IN" };
case W.TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID:
return n(f), e.publishEvent(N.eventNames.token_renewed, {
reason: "TOKEN_UPDATED_BY_ANOTHER_TAB_TOKENS_VALID"
}), { tokens: f, status: "LOGGED_IN" };
case W.LOGOUT_FROM_ANOTHER_TAB:
return n(null), e.publishEvent(k.logout_from_another_tab, {
status: "session syncTokensAsync"
}), { tokens: null, status: "LOGGED_OUT" };
case W.REQUIRE_SYNC_TOKENS:
return l.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !== _ ? (e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" }) : (e.publishEvent(k.refreshTokensAsync_begin, { tryNumber: s }), await u());
default: {
if (l.token_automatic_renew_mode == V.AutomaticOnlyWhenFetchExecuted && W.FORCE_REFRESH !== _)
return e.publishEvent(k.tokensInvalidAndWaitingActionsToRefresh, {}), { tokens: e.tokens, status: "GIVE_UP" };
if (e.publishEvent(k.refreshTokensAsync_begin, {
refreshToken: f.refreshToken,
status: _,
tryNumber: s
}), !f.refreshToken)
return await u();
const p = l.client_id, w = l.redirect_uri, v = l.authority, A = { ...l.token_request_extras ? l.token_request_extras : {} };
for (const [g, E] of Object.entries(o))
g.endsWith(":token_request") && (A[g.replace(":token_request", "")] = E);
return await (async () => {
const g = {
client_id: p,
redirect_uri: w,
grant_type: "refresh_token",
refresh_token: f.refreshToken
}, E = await e.initAsync(
v,
l.authority_configuration
), h = document.hidden ? 1e4 : 3e4 * 10, b = E.tokenEndpoint, S = {};
l.demonstrating_proof_of_possession && (S.DPoP = await e.generateDemonstrationOfProofOfPossessionAsync(
f.accessToken,
b,
"POST"
));
const m = await en(e.getFetch())(
b,
g,
A,
f,
S,
l.token_renew_mode,
h
);
if (m.success) {
const { isValid: x, reason: Ce } = pe(
m.data,
y.nonce,
E
);
if (!x)
return n(null), e.publishEvent(k.refreshTokensAsync_error, {
message: `refresh token return not valid tokens, reason: ${Ce}`
}), { tokens: null, status: "SESSION_LOST" };
if (n(m.data), m.demonstratingProofOfPossessionNonce) {
const ce = await C(l, e.configurationName);
ce ? await ce.setDemonstratingProofOfPossessionNonce(
m.demonstratingProofOfPossessionNonce
) : await I(e.configurationName, l.storage).setDemonstratingProofOfPossessionNonce(
m.demonstratingProofOfPossessionNonce
);
}
return e.publishEvent(k.refreshTokensAsync_end, {
success: m.success
}), e.publishEvent(N.eventNames.token_renewed, { reason: "REFRESH_TOKEN" }), { tokens: m.data, status: "LOGGED_IN" };
} else
return e.publishEvent(k.refreshTokensAsync_silent_error, {
message: "bad request",
tokenResponse: m
}), m.status >= 400 && m.status < 500 ? (n(null), e.publishEvent(k.refreshTokensAsync_error, {
message: `session lost: ${m.status}`
}), { tokens: null, status: "SESSION_LOST" }) : await B(e)(
n,
c,
t,
o,
i
);
})();
}
}
} catch (_) {
return console.error(_), e.publishEvent(k.refreshTokensAsync_silent_error, {
message: "exception",
exception: _.message
}), new Promise((f, y) => {
setTimeout(() => {
B(e)(n, c, t, o, i).then(f).catch(y);
}, 1e3);
});
}
}, ae = (e, n, s) => (t = null, o = null, i = null) => {
if (!n.silent_redirect_uri || !n.silent_login_uri)
return Promise.resolve(null);
try {
s(k.silentLoginAsync_begin, {});
let r = "";
if (o && (t == null && (t = {}), t.state = o), i != null && (t == null && (t = {}), t.scope = i), t != null)
for (const [u, _] of Object.entries(t))
r === "" ? r = `?${encodeURIComponent(u)}=${encodeURIComponent(_)}` : r += `&${encodeURIComponent(u)}=${encodeURIComponent(_)}`;
const a = n.silent_login_uri + r, c = a.indexOf("/", a.indexOf("//") + 2), l = a.substring(0, c), d = document.createElement("iframe");
return d.width = "0px", d.height = "0px", d.id = `${e}_oidc_iframe`, d.setAttribute("src", a), document.body.appendChild(d), new Promise((u, _) => {
let f = !1;
const y = () => {
window.removeEventListener("message", p), d.remove(), f = !0;
}, p = (w) => {
if (w.origin === l && w.source === d.contentWindow) {
const v = `${e}_oidc_tokens:`, P = `${e}_oidc_error:`, A = `${e}_oidc_exception:`, T = w.data;
if (T && typeof T == "string" && !f) {
if (T.startsWith(v)) {
const g = JSON.parse(w.data.replace(v, ""));
s(k.silentLoginAsync_end, {}), u(g), y();
} else if (T.startsWith(P)) {
const g = JSON.parse(w.data.replace(P, ""));
s(k.silentLoginAsync_error, g), u({ error: "oidc_" + g.error, tokens: null, sessionState: null }), y();
} else if (T.startsWith(A)) {
const g = JSON.parse(w.data.replace(A, ""));
s(k.silentLoginAsync_error, g), _(new Error(g.error)), y();
}
}
}
};
try {
window.addEventListener("message", p);
const w = n.silent_login_timeout;
setTimeout(() => {
f || (y(), s(k.silentLoginAsync_error, { reason: "timeout" }), _(new Error("timeout")));
}, w);
} catch (w) {
y(), s(k.silentLoginAsync_error, w), _(w);
}
});
} catch (r) {
throw s(k.silentLoginAsync_error, r), r;
}
}, on = (e, n, s, t, o) => (i = null, r = void 0) => {
i = { ...i };
const a = (l, d, u) => ae(n, s, t.bind(o))(
l,
d,
u
);
return (async () => {
o.timeoutId && U.clearTimeout(o.timeoutId);
let l;
i && "state" in i && (l = i.state, delete i.state);
try {
const d = s.extras ? { ...s.extras, ...i } : i, u = await a(
{
...d,
prompt: "none"
},
l,
r
);
if (u)
return o.tokens = u.tokens, t(k.token_acquired, {}), o.timeoutId = M(o, o.tokens.expiresAt, i, r), {};
} catch (d) {
return d;
}
})();
}, rn = (e, n, s) => (t, o, i, r = !1) => {
const a = (c, l = void 0, d = void 0) => ae(e.configurationName, s, e.publishEvent.bind(e))(
c,
l,
d
);
return new Promise((c, l) => {
if (s.silent_login_uri && s.silent_redirect_uri && s.monitor_session && t && i && !r) {
const d = () => {
e.checkSessionIFrame.stop();
const u = e.tokens;
if (u === null)
return;
const _ = u.idToken, f = u.idTokenPayload;
return a({
prompt: "none",
id_token_hint: _,
scope: s.scope || "openid"
}).then((y) => {
if (y.error)
throw new Error(y.error);
const p = y.tokens.idTokenPayload;
if (f.sub === p.sub) {
const w = y.sessionState;
e.checkSessionIFrame.start(y.sessionState), f.sid === p.sid ? console.debug(
"SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",
w
) : console.debug(
"SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",
w
);
} else
console.debug(
"SessionMonitor._callback: Different subject signed into OP:",
p.sub
);
}).catch(async (y) => {
console.warn(
"SessionMonitor._callback: Silent login failed, logging out other tabs:",
y
);
for (const [, p] of Object.entries(n))
await p.logoutOtherTabAsync(s.client_id, f.sub);
});
};
e.checkSessionIFrame = new Ne(
d,
o,
t
), e.checkSessionIFrame.load().then(() => {
e.checkSessionIFrame.start(i), c(e.checkSessionIFrame);
}).catch((u) => {
l(u);
});
} else
c(null);
});
}, an = (e) => !!(e.os === "iOS" && e.osVersion.startsWith("12") || e.os === "Mac OS X" && e.osVersion.startsWith("10_15_6")), cn = (e) => {
const n = e.appVersion, s = e.userAgent, t = "-";
let o = t;
const i = [
{ s: "Windows 10", r: /(Windows 10.0|Windows NT 10.0)/ },
{ s: "Windows 8.1", r: /(Windows 8.1|Windows NT 6.3)/ },
{ s: "Windows 8", r: /(Windows 8|Windows NT 6.2)/ },
{ s: "Windows 7", r: /(Windows 7|Windows NT 6.1)/ },
{ s: "Windows Vista", r: /Windows NT 6.0/ },
{ s: "Windows Server 2003", r: /Windows NT 5.2/ },
{ s: "Windows XP", r: /(Windows NT 5.1|Windows XP)/ },
{ s: "Windows 2000", r: /(Windows NT 5.0|Windows 2000)/ },
{ s: "Windows ME", r: /(Win 9x 4.90|Windows ME)/ },
{ s: "Windows 98", r: /(Windows 98|Win98)/ },
{ s: "Windows 95", r: /(Windows 95|Win95|Windows_95)/ },
{ s: "Windows NT 4.0", r: /(Windows NT 4.0|WinNT4.0|WinNT|Windows NT)/ },
{ s: "Windows CE", r: /Windows CE/ },
{ s: "Windows 3.11", r: /Win16/ },
{ s: "Android", r: /Android/ },
{ s: "Open BSD", r: /OpenBSD/ },
{ s: "Sun OS", r: /SunOS/ },
{ s: "Chrome OS", r: /CrOS/ },
{ s: "Linux", r: /(Linux|X11(?!.*CrOS))/ },
{ s: "iOS", r: /(iPhone|iPad|iPod)/ },
{ s: "Mac OS X", r: /Mac OS X/ },
{ s: "Mac OS", r: /(Mac OS|MacPPC|MacIntel|Mac_PowerPC|Macintosh)/ },
{ s: "QNX", r: /QNX/ },
{ s: "UNIX", r: /UNIX/ },
{ s: "BeOS", r: /BeOS/ },
{ s: "OS/2", r: /OS\/2/ },
{
s: "Search Bot",
r: /(nuhk|Googlebot|Yammybot|Openbot|Slurp|MSNBot|Ask Jeeves\/Teoma|ia_archiver)/
}
];
for (const a in i) {
const c = i[a];
if (c.r.test(s)) {
o = c.s;
break;
}
}
let r = t;
switch (/Windows/.test(o) && (r = /Windows (.*)/.exec(o)[1], o = "Windows"), o) {
case "Mac OS":
case "Mac OS X":
case "Android":
r = /(?:Android|Mac OS|Mac OS X|MacPPC|MacIntel|Mac_PowerPC|Macintosh) ([._\d]+)/.exec(s)[1];
break;
case "iOS": {
const a = /OS (\d+)_(\d+)_?(\d+)?/.exec(n);
a != null && a.length > 2 && (r = a[1] + "." + a[2] + "." + (parseInt(a[3]) | 0));
break;
}
}
return {
os: o,
osVersion: r
};
};
function ln() {
const e = navigator.userAgent;
let n, s = e.match(/(opera|chrome|safari|firefox|msie|trident(?=\/))\/?\s*(\d+)/i) || [];
if (/trident/i.test(s[1]))
return n = /\brv[ :]+(\d+)/g.exec(e) || [], { name: "ie", version: n[1] || "" };
if (s[1] === "Chrome" && (n = e.match(/\bOPR|Edge\/(\d+)/), n != null)) {
let t = n[1];
if (!t) {
const o = e.split(n[0] + "/");
o.length > 1 && (t = o[1]);
}
return { name: "opera", version: t };
}
return s = s[2] ? [s[1], s[2]] : [navigator.appName, navigator.appVersion, "-?"], (n = e.match(/version\/(\d+)/i)) != null && s.splice(1, 1, n[1]), {
name: s[0].toLowerCase(),
version: s[1]
};
}
const un = () => {
const { name: e, version: n } = ln();
if (e === "chrome" && parseInt(n) <= 70 || e === "opera" && (!n || parseInt(n.split(".")[0]) < 80) || e === "ie")
return !1;
const s = cn(navigator);
return !an(s);
}, _n = async (e) => {
let n;
if (e.tokens != null)
return !1;
e.publishEvent(k.tryKeepExistingSessionAsync_begin, {});
try {
const s = e.configuration, t = await e.initAsync(
s.authority,
s.authority_configuration
);
if (n = await C(s, e.configurationName), n) {
const { tokens: o } = await n.initAsync(
t,
"tryKeepExistingSessionAsync",
s
);
if (o) {
n.startKeepAliveServiceWorker(), e.tokens = o;
const i = n.getLoginParams(e.configurationName);
e.timeoutId = M(
e,
e.tokens.expiresAt,
i.extras,
i.scope
);
const r = await n.getSessionStateAsync();
return await e.startCheckSessionAsync(
t.checkSessionIframe,
s.client_id,
r
), s.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
success: !0,
message: "tokens inside ServiceWorker are valid"
}), !0;
}
e.publishEvent(k.tryKeepExistingSessionAsync_end, {
success: !1,
message: "no exiting session found"
});
} else {
s.service_worker_relative_url && e.publishEvent(k.service_worker_not_supported_by_browser, {
message: "service worker is not supported by this browser"
});
const o = I(e.configurationName, s.storage ?? sessionStorage), { tokens: i } = await o.initAsync();
if (i) {
e.tokens = te(i, null, s.token_renew_mode);
const r = o.getLoginParams();
e.timeoutId = M(
e,
e.tokens.expiresAt,
r.extras,
r.scope
);
const a = await o.getSessionStateAsync();
return await e.startCheckSessionAsync(
t.checkSessionIframe,
s.client_id,
a
), s.preload_user_info && await e.userInfoAsync(), e.publishEvent(k.tryKeepExistingSessionAsync_end, {
success: !0,
message: "tokens inside storage are valid"
}), !0;
}
}
return e.publishEvent(k.tryKeepExistingSessionAsync_end, {
success: !1,
message: n ? "service worker sessions not retrieved" : "session storage sessions not retrieved"
}), !1;
} catch (s) {
return console.error(s), n && await n.clearAsync(), e.publishEvent(
k.tryKeepExistingSessionAsync_error,
"tokens inside ServiceWorker are invalid"
), !1;
}
}, Pe = (e) => {
const n = e.match(
// eslint-disable-next-line no-useless-escape
/^([a-z][\w-]+\:)\/\/(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/
);
if (!n)
throw new Error("Invalid URL");
let s = n[6], t = n[7];
if (t) {
const o = t.split("?");
o.length === 2 && (t = o[0], s = o[1]);
}
return s.startsWith("?") && (s = s.slice(1)), n && {
href: e,
protocol: n[1],
host: n[2],
hostname: n[3],
port: n[4],
path: n[5],
search: s,
hash: t
};
}, vn = (e) => {
const n = Pe(e);
let { path: s } = n;
s.endsWith("/") && (s = s.slice(0, -1));
let { hash: t } = n;
return t === "#_=_" && (t = ""), t && (s += t), s;
}, ne = (e) => {
const n = Pe(e), { search: s } = n;
return fn(s);
}, fn = (e) => {
const n = {};
let s, t, o;
const i = e.split("&");
for (t = 0, o = i.length; t < o; t++)
s = i[t].split("="), n[decodeURIComponent(s[0])] = decodeURIComponent(s[1]);
return n;
}, dn = (e, n, s, t, o) => (i = void 0, r = null, a = !1, c = void 0) => {
const l = r;
return r = { ...r }, (async () => {
const u = i || o.getPath();
if ("state" in r || (r.state = Z(16)), s(k.loginAsync_begin, {}), r)
for (const _ of Object.keys(r))
_.endsWith(":token_request") && delete r[_];
try {
const _ = a ? n.silent_redirect_uri : n.redirect_uri;
c || (c = n.scope);
const f = n.extras ? { ...n.extras, ...r } : r;
f.nonce || (f.nonce = Z(12));
const y = { nonce: f.nonce }, p = await C(n, e), w = await t(
n.authority,
n.authority_configuration
);
let v;
if (p)
p.setLoginParams({ callbackPath: u, extras: l, scope: c }), await p.initAsync(w, "loginAsync", n), await p.setNonceAsync(y), p.startKeepAliveServiceWorker(), v = p;
else {
const A = I(e, n.storage ?? sessionStorage);
A.setLoginParams({ callbackPath: u, extras: l, scope: c }), await A.setNonceAsync(y), v = A;
}
const P = {
client_id: n.client_id,
redirect_uri: _,
scope: c,
response_type: "code",
...f
};
await nn(v, o)(
w.authorizationEndpoint,
P
);
} catch (_) {
throw s(k.loginAsync_error, _), _;
}
})();
}, hn = (e) => async (n = !1) => {
try {
e.publishEvent(k.loginCallbackAsync_begin, {});
const s = e.configuration, t = s.client_id, o = n ? s.silent_redirect_uri : s.redirect_uri, i = s.authority, r = s.token_request_timeout, a = await e.initAsync(
i,
s.authority_configuration
), c = e.location.getCurrentHref(), l = ne(c), d = l.session_state, u = await C(s, e.configurationName);
let _, f, y, p;
if (u)
await u.initAsync(a, "loginCallbackAsync", s), await u.setSessionStateAsync(d), f = await u.getNonceAsync(), y = u.getLoginParams(), p = await u.getStateAsync(), u.startKeepAliveServiceWorker(), _ = u;
else {
const m = I(
e.configurationName,
s.storage ?? sessionStorage
);
await m.setSessionStateAsync(d), f = await m.getNonceAsync(), y = m.getLoginParams(), p = await m.getStateAsync(), _ = m;
}
if (l.error || l.error_description)
throw new Error(
`Error from OIDC server: ${l.error} - ${l.error_description}`
);
if (l.iss && l.iss !== a.issuer)
throw console.error(), new Error(
`Issuer not valid (expected: ${a.issuer}, received: ${l.iss})`
);
if (l.state && l.state !== p)
throw new Error(`State not valid (expected: ${p}, received: ${l.state})`);
const w = {
code: l.code,
grant_type: "authorization_code",
client_id: s.client_id,
redirect_uri: o
}, v = {};
if (s.token_request_extras)
for (const [m, x] of Object.entries(s.token_request_extras))
v[m] = x;
if (y != null && y.extras)
for (const [m, x] of Object.entries(y.extras))
m.endsWith(":token_request") && (v[m.replace(":token_request", "")] = x);
const P = a.tokenEndpoint, A = {};
if (s.demonstrating_proof_of_possession)
if (u)
A.DPoP = `DPOP_SECURED_BY_OIDC_SERVICE_WORKER_${e.configurationName}`;
else {
const m = await Ge(window)(
s.demonstrating_proof_of_possession_configuration.generateKeyAlgorithm
);
await I(e.configurationName, s.storage).setDemonstratingProofOfPossessionJwkAsync(m), A.DPoP = await ve(window)(
s.demonstrating_proof_of_possession_configuration
)(m, "POST", P);
}
const T = await sn(_)(
P,
{ ...w, ...v },
A,
e.configuration.token_renew_mode,
r
);
if (!T.success)
throw new Error("Token request failed");
let g;
const E = T.data.tokens, h = T.data.demonstratingProofOfPossessionNonce;
if (T.data.state !== v.state)
throw new Error("state is not valid");
const { isValid: b, reason: S } = pe(
E,
f.nonce,
a
);
if (!b)
throw new Error(`Tokens are not OpenID valid, reason: ${S}`);
if (u) {
if (E.refres