UNPKG

@curity/oauth-assistant

Version:

Curity JS OAuth Assistant

1 lines 51.3 kB
1
!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.Assistant=t():e.Assistant=t()}(self,(()=>(()=>{var e={289:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=t.SettingNames=void 0;var i=r(624),n=r(403);class o{static get authorization_endpoint(){return"authorization_endpoint"}static get token_endpoint(){return"token_endpoint"}static get assisted_token_endpoint(){return"assisted_token_endpoint"}static get revocation_endpoint(){return"revocation_endpoint"}static get base_url(){return"base_url"}static get client_id(){return"client_id"}static get issuer(){return"issuer"}static get redirect_uri(){return"redirect_uri"}static get for_origin(){return"for_origin"}static get flow_type(){return"flow_type"}static get iframe(){return"iframe"}static get popup(){return"popup"}static get allowed_origins(){return"allowed_origins"}static get disable_session_management(){return"disable_session_management"}static get check_session_iframe(){return"check_session_iframe"}static get session_polling_interval(){return"session_polling_interval"}static get check_session_iframe_events(){return"check_session_iframe_events"}static get allowed_jwt_algorithms(){return"allowed_jwt_algorithms"}static get jwt_sig_public_key(){return"jwt_sig_public_key"}static get end_session_endpoint(){return"end_session_endpoint"}static get openid_configuration_url(){return"openid_configuration_url"}static get ignore_not_before(){return"ignore_not_before"}static get ignore_expiration(){return"ignore_expiration"}static get clock_tolerance(){return"clock_tolerance"}}t.SettingNames=o;t.default=class{constructor(e,t,r,o,a,s,l,c,d,u,_,f,p,g,h,E,v,m,O,S,w,y,b){if(![n.CODE_FLOW,n.IMPLICIT_FLOW,n.ASSISTED_TOKEN_FLOW].includes(e))throw(0,i.getErrorObject)("invalid_flow_type","Cannot initialize Assistant. Invalid flow_type: "+e);this._flow_type=e,this._base_url=t,this._client_id=r,this._issuer=c,this._authorization_endpoint=o,this._token_endpoint=a,this._assisted_token_endpoint=s,this._revoke_endpoint=l,this._redirect_uri=d,this._for_origin=u,this._iframe=_,this._popup=f,this._allowed_origins=p,this._disable_session_management=g,this._check_session_iframe=h,this._session_polling_interval=E,this._check_session_iframe_events=v,this._allowed_jwt_algorithms=m,this._jwt_sig_public_key=O,this._ignore_not_before=S,this._ignore_expiration=w,this._clock_tolerance=y,this._end_session_endpoint=b,this.validate()}get flow_type(){return this._flow_type}get base_url(){return this._base_url}get client_id(){return this._client_id}get authorization_endpoint(){return this._authorization_endpoint}get token_endpoint(){return this._token_endpoint}get assisted_token_token_endpoint(){return this._assisted_token_endpoint+"/token"}get revocation_endpoint(){return this._revoke_endpoint}get assisted_token_revoke_endpoint(){return this._assisted_token_endpoint+"/revoke"}get issuer(){return this._issuer}get allowed_origins(){return this._allowed_origins}get redirect_uri(){return this._redirect_uri}get for_origin(){return this._for_origin}get disable_session_management(){return this._disable_session_management}get end_session_endpoint(){return this._end_session_endpoint}get check_session_iframe(){return this._check_session_iframe}get session_polling_interval(){return this._session_polling_interval}get check_session_iframe_events(){return this._check_session_iframe_events}get allowed_jwt_algorithms(){return this._allowed_jwt_algorithms}get jwt_sig_public_key(){return this._jwt_sig_public_key}get clock_tolerance(){return this._clock_tolerance}get ignore_not_before(){return this._ignore_not_before}get ignore_expiration(){return this._ignore_expiration}get popup_settings(){return this._popup}isFramed(){return null!==this._for_origin}canRevoke(){return null!==this._revoke_endpoint}validate(){if((0,i.errorIfEmpty)(this._client_id,o.client_id),this._flow_type===n.CODE_FLOW)(0,i.errorIfEmpty)(this._authorization_endpoint,o.authorization_endpoint),(0,i.errorIfEmpty)(this._token_endpoint,o.token_endpoint),(0,i.errorIfEmpty)(this._redirect_uri,o.redirect_uri);else if(this._flow_type===n.IMPLICIT_FLOW)(0,i.errorIfEmpty)(this._authorization_endpoint,o.authorization_endpoint),(0,i.errorIfEmpty)(this._redirect_uri,o.redirect_uri);else{if(this._flow_type!==n.ASSISTED_TOKEN_FLOW)throw(0,i.getErrorObject)("invalid_flow_type","Invalid flow_type: "+flow_type);(0,i.errorIfEmpty)(this._authorization_endpoint,o.assisted_token_endpoint),(0,i.errorIfEmpty)(this._for_origin,o.for_origin)}}}},518:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.popupDefaultWidth=t.popupDefaultHeight=t.iframeDefaultWidth=t.iframeDefaultTargetElement=t.iframeDefaultStyle=t.iframeDefaultHeight=t.iframeDefaultCloseButton=t.iframeDefaultBackdrop=void 0,t.iframeDefaultStyle="z-index:100;position:fixed;top:20px;left:50%;margin-left:-160px;border:0;overflow:hidden",t.iframeDefaultTargetElement="body",t.iframeDefaultWidth=400,t.iframeDefaultHeight=700,t.iframeDefaultBackdrop={visible:!0,style:"position: fixed; top: 0; right: 0; bottom: 0; left: 0; z-index: 50; background-color: #000;opacity: 0.5",backdropClass:""},t.iframeDefaultCloseButton={visible:!0,wrapperStyle:"position: fixed; z-index: 101; left: calc(50% + 217px); top: 19px;",wrapperClass:"",button:'<button type="button" class="close" aria-label="Close" style="cursor: pointer; font-size: 1.25rem; outline: none; border: none; top: .5rem; right: .5rem; position: relative; border-radius: 50px; box-shadow: 0 0 4px 4px rgba(0,0,0,.075); width: 26px; height: 26px; display: flex; justify-content: center; align-items: center; line-height: 0; color: #666;">×</button>'},t.popupDefaultWidth=400,t.popupDefaultHeight=600},234:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var i=r(624),n=r(403);class o{constructor(e){o.self=this,this._allowedOrigins=e||[],this._activeListener=null}setupListener(e,t){this.removeListener();var{promise:r,reject:i,callback:n}=this._createCallback(e,t);return this._activeListener={callback:n,reject:i},window.addEventListener("message",this._activeListener.callback),r}removeListener(){null!==this._activeListener&&window.removeEventListener("message",this._activeListener.callback)}rejectListener(e){this._activeListener.reject(e)}_createCallback(e,t){(0,i.log)("Creating callback");var r=(0,i.getDeferredPromise)(),a=(0,i.messageEventHandlerForSource)(t,(function(t){(0,i.log)("Event Callback");var a=t.data;if(("ok"===a.status||"success"===a.status)&&(0,i.getStoredValue)(n.STATE)!=a[n.STATE])throw(0,i.getErrorObject)("invalid_state","Malicious state in response");-1!=o.self._allowedOrigins.findIndex((e=>e.toLowerCase()===t.origin))&&e(a,r.resolve,r.reject)}));return{promise:r.promise,reject:r.reject,callback:a}}}var a=o;t.default=a},571:(e,t,r)=>{"use strict";var i=r(836);Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var n=r(624),o=i(r(234)),a=r(518),s=r(403),l="___loginIframe___",c="___loginIframe___backdrop",d="___loginIframe___closeButton";t.default=class{constructor(e,t,r){e=e||{},r=r||{},this._eventManager=new o.default(t),this._iframeStyle=(0,n.getOptional)("style",e,a.iframeDefaultStyle),this._iframeTargetElement=(0,n.getOptional)("targetElement",e,a.iframeDefaultTargetElement),this._iframWidth=(0,n.getOptional)("width",e,a.iframeDefaultWidth),this._iframHeight=(0,n.getOptional)("height",e,a.iframeDefaultHeight),this._iframeBackdrop={visible:(0,n.getOptional)("visible",e.backdrop,a.iframeDefaultBackdrop.visible),style:(0,n.getOptional)("style",e.backdrop,a.iframeDefaultBackdrop.style),backdropClass:(0,n.getOptional)("backdropClass",e.backdrop,a.iframeDefaultBackdrop.backdropClass)},this._iframeCloseButton={visible:(0,n.getOptional)("visible",e.closeButton,a.iframeDefaultCloseButton.visible),wrapperStyle:(0,n.getOptional)("style",e.closeButton,a.iframeDefaultCloseButton.wrapperStyle),wrapperClass:(0,n.getOptional)("class",e.closeButton,a.iframeDefaultCloseButton.wrapperClass),button:(0,n.getOptional)("button",e.closeButton,a.iframeDefaultCloseButton.button)},this._popupWidth=(0,n.getOptional)("width",r,a.popupDefaultWidth),this._popupHeight=(0,n.getOptional)("height",r,a.popupDefaultHeight),this._iframe={},this._popup=null,this.popupIntervalRef=null,this._onEscape=e=>{("key"in(e=e||window.event)?"Escape"===e.key||"Esc"===e.key:27===e.keyCode)&&this._handleNoLogin()},window.onerror=e=>{this.deleteIframe()}}createIframe(e){var t=arguments.length>1&&void 0!==arguments[1]&&arguments[1],r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:l,i=t?{src:e,style:"display:none;",width:0,height:0}:{src:e,style:this._iframeStyle,width:this._iframWidth,height:this._iframHeight};return this._createFrame(i,r,t)}deleteIframe(){this._deleteElementById(c),this._deleteElementById(d),this.deleteIframeIfExists(l),this._eventManager&&this._eventManager.removeListener(),document.removeEventListener("keydown",this._onEscape)}createPopup(e){return this._popup=this._openCenteredWindow(e,{width:this._popupWidth,height:this._popupHeight}),this._handlePopupClosed(),this._popup}_openCenteredWindow(e,t){var r={x:window.screen.width/2-t.width/2,y:window.screen.height/2-t.height/2},i="width=".concat(t.width," height=").concat(t.height," left=").concat(r.x," top=").concat(r.y);return window.open(e,"___loginPopup___",i)}_handlePopupClosed(){this.popupIntervalRef=setInterval((()=>{(0,n.log)("checking login pop is still open: ",this._popup&&this._popup.closed),this._popup&&this._popup.closed&&this._handleNoLogin()}),1e3)}deletePopup(){this._popup&&((0,n.log)("Closing Popup"),this._popup.close(),this._popup=null,this.popupIntervalRef&&(clearInterval(this.popupIntervalRef),this.popupIntervalRef=null),this._eventManager&&this._eventManager.removeListener())}deleteIframeIfExists(e){var t=document.querySelector("#".concat(e));t&&(t.parentElement.removeChild(t),this._iframe[e]=null)}getIframe(){var e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:l;return this._iframe[e]}_createFrame(e,t){var r=arguments.length>2&&void 0!==arguments[2]&&arguments[2];this.deleteIframeIfExists(t);var i=document.createElement("iframe");Object.keys(e).forEach((t=>{i.setAttribute(t,e[t])})),i.id=t;var n=document.querySelector(this._iframeTargetElement);return r||(this._addBackdrop(n),this._addCloseButton(n),this._handleEscape()),n.appendChild(i),this._iframe[t]=i,i}_addBackdrop(e){if(this._deleteElementById(c),this._iframeBackdrop.visible){var t=document.createElement("div");t.setAttribute("style",this._iframeBackdrop.style),t.setAttribute("class",this._iframeBackdrop.backdropClass),t.id=c,t.addEventListener("click",(()=>{this._handleNoLogin()})),e.appendChild(t)}}_handleEscape(){document.addEventListener("keydown",this._onEscape)}_addCloseButton(e){if(this._deleteElementById(d),this._iframeCloseButton.visible){var t=document.createElement("div");t.setAttribute("style",this._iframeCloseButton.wrapperStyle),t.setAttribute("class",this._iframeCloseButton.wrapperClass),t.innerHTML=this._iframeCloseButton.button,t.id=d,e.appendChild(t),document.querySelector("#".concat(d)).getElementsByTagName("button")[0].addEventListener("click",(()=>{this._handleNoLogin()}))}}_deleteElementById(e){var t=document.querySelector("#".concat(e));t&&t.parentElement.removeChild(t)}_handleNoLogin(){(0,n.log)(s.NO_LOGIN_DESCRIPTION),this.deleteIframe(),this.deletePopup(),this._eventManager.rejectListener((0,n.getErrorObject)(s.NO_LOGIN,s.NO_LOGIN_DESCRIPTION))}}},556:e=>{"use strict";var t=function(e,t){Error.call(this,e),void 0!==Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),this.name="JWTError",this.message=e,t&&(this.inner=t)};(t.prototype=Object.create(Error.prototype)).constructor=t,e.exports=t},535:(e,t,r)=>{"use strict";var i=r(836);Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0,t.generateHash=c,t.parseJWT=f,t.strToUint8Array=p;var n=i(r(156)),o=i(r(556)),a="Signature verification failed",s={HS256:{name:"HMAC",hash:"SHA-256"},HS384:{name:"HMAC",hash:"SHA-384"},HS512:{name:"HMAC",hash:"SHA-512"},RS256:{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},RS384:{name:"RSASSA-PKCS1-v1_5",hash:"SHA-384"},RS512:{name:"RSASSA-PKCS1-v1_5",hash:"SHA-512"},ES256:{name:"ECDSA",namedCurve:"P-256",hash:"SHA-256"},ES384:{name:"ECDSA",namedCurve:"P-384",hash:"SHA-384"},ES512:{name:"ECDSA",namedCurve:"P-521",hash:"SHA-512"},PS256:{name:"RSA-PSS",saltLength:32,hash:"SHA-256"},PS384:{name:"RSA-PSS",saltLength:48,hash:"SHA-384"},PS512:{name:"RSA-PSS",saltLength:64,hash:"SHA-512"}},l=["jwk","jwks_uri","pem","issuer","metadata_url","raw"];function c(e){return d.apply(this,arguments)}function d(){return d=(0,n.default)((function*(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"SHA-256",r=arguments.length>2&&void 0!==arguments[2]&&arguments[2],i=yield O().subtle.digest(t,p(e)),n=Array.from(new Uint8Array(i));return n.length=r?n.length/2:n.length,u(n)})),d.apply(this,arguments)}function u(e){return btoa(String.fromCharCode(...new Uint8Array(e))).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}function _(e){return e+=Array((4-e.length%4)%4+1).join("="),v(e.replace(/-/g,"+").replace(/_/g,"/"))}function f(e){var t=e.split(".");if(3!==t.length)throw new o.default("Jwt cannot be parsed",e,null,null);var r=JSON.parse(_(t[0])),i=JSON.parse(_(t[1]));return{signature:function(e){for(var t=e.length;"="===e[t-1];)--t;var r,i,n,a=new Uint8Array(t*g.bits/8|0);r=i=n=0;for(var s=0;s<t;++s){var l=g.codes[e[s]];if(void 0===l)throw new o.default("Invalid character in signature: "+e[s]);i=i<<g.bits|l,(r+=g.bits)>=8&&(r-=8,a[n++]=255&i>>r)}if(r>=g.bits||255&i<<8-r)throw new o.default("Invalid signature, unexpected end.");return a}(t[2]),header:r,payload:i,alg:r.alg,verificationInput:p(t[0]+"."+t[1])}}function p(e){return(new TextEncoder).encode(e)}for(var g={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6,codes:{}},h=0;h<g.chars.length;++h)g.codes[g.chars[h]]=h;var E,v="function"==typeof atob?atob:e=>Buffer.from(e,"base64").toString("binary");class m{constructor(e){this._data=e}json(){return Promise.resolve(JSON.parse(this._data))}}function O(){if("object"==typeof crypto)return crypto;var e=r(539);if("object"!=typeof e||"object"!=typeof e.webcrypto)throw"The library requires at least node 15.0.0 to run in non-browser environments.";return e.webcrypto}t.default=class{constructor(e,t,i,n){if(this._issuer=Array.isArray(e)?e:[e],this._audience=Array.isArray(t)?t:[t],this._algorithms=i,this._publicKey=n||{format:"issuer",value:null},1!==l.filter((e=>this._publicKey.format===e)).length)throw new o.default("public key parameter must contain one of the allowed formats : "+l.join(" or "));if(!(e&&t&&this._publicKey))throw new o.default("issuer, audience and public key must be provided");this._crypto=O(),E="function"==typeof fetch?fetch:e=>function(e){var t=r(786);return new Promise(((r,i)=>{t.get(e,(e=>{(e.statusCode<200||e.statusCode>=400)&&i(new o.default("JWKS endpoint responded with "+e.statusCode+" status code."));var t="";e.on("data",(e=>{t+=e})),e.on("end",(()=>{r(new m(t))}))})).on("error",(e=>{i(e)}))}))}(e)}verifyJWT(e,t){var r=this;return(0,n.default)((function*(){if(t||(t={}),t=Object.assign({},t),!e)throw new o.default("jwt must be provided");var i;try{i=f(e)}catch(e){throw new o.default(e.message,e)}if(!i)throw new o.default("invalid token");var n=i.header;if(r._algorithms&&r._algorithms.length>0&&!~r._algorithms.indexOf(n.alg))throw new o.default("invalid algorithm : "+n.alg);if(!s[n.alg])throw new o.default("unsupported algorithm : "+n.alg);var a=i.payload;if(!a)throw new o.default("invalid payload");if(0===r._issuer.filter((e=>e===a.iss)).length)throw new o.default("jwt issuer invalid: "+a.iss+", expected: "+r._issuer.join(" or "));yield r.verifySignature(i);var l=Math.floor(Date.now()/1e3);if(a.nbf&&!0!==t.ignoreNotBefore){if("number"!=typeof a.nbf)throw new o.default("invalid nbf value");if(a.nbf>l+(t.clockTolerance||0))throw new o.default("jwt is used before specified nbf claim.",new Date(1e3*a.nbf))}if(!0!==t.ignoreExpiration)if(a.exp){if("number"!=typeof a.exp)throw new o.default("invalid exp value");if(l>=a.exp+(t.clockTolerance||0))throw new o.default("jwt expired",new Date(1e3*a.exp))}else if(!a.exp)throw new o.default("JWT must contain exp claim");if(r._audience&&!(Array.isArray(a.aud)?a.aud:[a.aud]).some((e=>r._audience.filter((t=>t===e)).length>0)))throw new o.default("jwt audience invalid. expected: "+r._audience.join(" or "));if(t.subject&&a.sub!==t.subject)throw new o.default("jwt subject invalid. expected: "+t.subject);if(t.jti&&a.jti!==t.jti)throw new o.default("jwt jti invalid. expected: "+t.jti);if(t.accessToken&&(yield c(t.accessToken,s[n.alg].hash,!0))!==a.at_hash)throw new o.default("JWT: Failed to validate at_hash");if(t.code&&(yield c(t.code,s[n.alg].hash,!0))!==a.c_hash)throw new o.default("JWT: Failed to validate c_hash");if(t.state&&(yield c(t.state,s[n.alg].hash,!0))!==a.s_hash)throw new o.default("JWT: Failed to validate s_hash");if(t.nonce&&a.nonce!==t.nonce)throw new o.default("JWT: Invalid Nonce! Failed to validate Nonce: "+t.nonce);return a}))()}verifySignature(e){var t=this;return(0,n.default)((function*(){var r;try{var i=e.header,n=s[i.alg],l=yield t.getSigningKey(e,n);r=yield t._crypto.subtle.verify(n,l,e.signature,e.verificationInput)}catch(e){throw new o.default("Signature verification failed : "+e)}if(!r)throw new o.default(a)}))()}getSigningKey(e,t){var r=this;return(0,n.default)((function*(){if(r._signingKey)return r._signingKey;if("pem"===r._publicKey.format)r._signingKey=r.importKey(r._publicKey.value,t);else if("raw"===r._publicKey.format)r._signingKey=yield r._crypto.subtle.importKey("raw",r.str2ab(r._publicKey.value),t,!1,["verify"]);else{var i,n,o;switch(r._publicKey.format){case"issuer":i="".concat(e.payload.iss,"/.well-known/openid-configuration");break;case"metadata_url":i=r._publicKey.value;break;case"jwks_uri":n=r._publicKey.value;break;case"jwk":o=r._publicKey.value}if(i){try{n=(yield(yield E(i)).json()).jwks_uri}catch(e){throw"failed to fetch metadata"}if(!n)throw"metadata doesn't contain jwks_uri"}if(n)try{o=yield r.getJwkByJwksUri(n,e.header.kid,e.alg)}catch(e){throw"failed to fetch jwk from jwks_uri"}r._signingKey=yield r._crypto.subtle.importKey("jwk",o,t,!1,["verify"])}return r._signingKey}))()}importKey(e,t){var r=this;return(0,n.default)((function*(){try{var i="-----BEGIN PUBLIC KEY-----",n=e.indexOf(i),o=e.substring(n+i.length,e.length-"-----END PUBLIC KEY-----".length),a=v(o),s=r.str2ab(a);return yield r._crypto.subtle.importKey("spki",s,t,!1,["verify"])}catch(e){throw"Invalid pem: failed to import."}}))()}str2ab(e){for(var t=new ArrayBuffer(e.length),r=new Uint8Array(t),i=0,n=e.length;i<n;i++)r[i]=e.charCodeAt(i);return t}getJwkByJwksUri(e,t,r){return(0,n.default)((function*(){var i=yield(yield E(e)).json();if(!i||!i.hasOwnProperty("keys"))throw"failed to fetch jwk keys from : "+e;var n=i.keys.filter((e=>e.alg===r));if(n.length>1&&(n=n.filter((e=>e.kid===t))),1!==n.length)throw"failed to get jwk against kid : "+t;return n[0]}))()}}},478:(e,t,r)=>{"use strict";var i=r(836);Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var n=i(r(416)),o=i(r(156)),a=i(r(901)),s=r(624),l=r(403);function c(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,i)}return r}function d(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?c(Object(r),!0).forEach((function(t){(0,n.default)(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):c(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}class u extends a.default{constructor(e){super(e),this._clientId=e.client_id,this._assistedTokenTokenEndpoint=e.assisted_token_token_endpoint,this._forOrigin=e.for_origin,this._assistedTokenRevokeEndpoint=e.assisted_token_revoke_endpoint,this._baseUrl=e.base_url}init(){}authorize(e){return(0,o.default)((function*(){throw(0,s.getErrorObject)("must_be_framed","Assisted Token must be framed")}))()}authorizeFrame(e){var t=this;return(0,o.default)((function*(){var r=yield t.getRequestUrl(e);try{return yield t._frameAssisted(r,!1)}finally{t.deleteIframe()}}))()}authorizeHiddenFrame(e){var t=this;return(0,o.default)((function*(){if(!t._configuration.isFramed())throw(0,s.getErrorObject)("hidden_authorize_not_allowed","Hidden authorize not available for non-framed configuration");var r=yield t.getRequestUrl(e,!0);try{return yield t._frameAssisted(r,!0)}finally{t.deleteIframe()}}))()}authorizePopup(e){var t=this;return(0,o.default)((function*(){try{var r=yield t.getRequestUrl(e,!1);return yield t._popupAssisted(r)}finally{(0,s.log)("Removing Popup"),t.deletePopup()}}))()}_frameAssisted(e,t){this.clearExistingTokens();var r=this.createIframe(e,t);return this._eventManager.setupListener(this.getCallbackFunction(t),r.contentWindow)}_popupAssisted(e){var t=this;return(0,o.default)((function*(){t.clearExistingTokens();var r=t.createPopup(e);return t._eventManager.setupListener(t.getCallbackFunction(!1),r)}))()}revoke(){var e=this;return(0,o.default)((function*(){var t=new URLSearchParams;t.append("client_id",e._clientId),t.append("for_origin",e._forOrigin);var r="".concat(e._assistedTokenRevokeEndpoint,"?").concat(t),i=(0,s.getExpiringValue)(l.ACCESS_TOKEN);if(null!==i){var n=(0,s.getDeferredPromise)(),o=e.createIframe(r,!0).contentWindow,a=function(){(0,s.log)("Clearing revocation items"),this.deleteIframe(),window.removeEventListener("message",d,!1)}.bind(e),c=(0,s.messageEventHandlerForSource)(o,function(e){if((0,s.log)("Received begin revocation event: ",e),window.removeEventListener("message",c,!1),this._eventManager._allowedOrigins.includes(e.origin)){if("loaded"===e.data)return(0,s.log)("Tokens to revoke sent"),window.addEventListener("message",d,!1),void o.postMessage(i||"",this._baseUrl);(0,s.log)("Data received did not contain expected 'loaded' message, failing..."),n.reject((0,s.getErrorObject)("revoke_token_failed","Error when revoking"))}else n.reject((0,s.getErrorObject)("unknown_origin","Failed to revoke tokens, received unexpected event from other event source"))}.bind(e)),d=(0,s.messageEventHandlerForSource)(o,function(e){if((0,s.log)("Received revocation event: ",e),a(),this._eventManager._allowedOrigins.includes(e.origin)){if("revoked"===e.data)return this.clearExistingTokens(),(0,s.log)("Tokens revoked"),void n.resolve();if("error"===e.data.status){var t=e.data.error_description;return(0,s.log)("Data contained error status, failing..."),void n.reject((0,s.getErrorObject)("revoke_token_failed","Error when revoking."+(void 0!==t?" Error from server: "+t:"")))}(0,s.log)("Data received did not contain success status, failing..."),n.reject((0,s.getErrorObject)("revoke_token_failed","Error when revoking"))}else n.reject((0,s.getErrorObject)("unknown_origin","Failed to revoke tokens, received unexpected event from other event source"))}.bind(e));return window.addEventListener("message",c,!1),(0,s.log)("Logout sequence initiated"),n.promise}}))()}getRequestUrl(e){var t=this;return(0,o.default)((function*(){var r=(0,s.constructURLSearchParams)(e,!1);return r.append(l.CLIENT_ID,t._clientId),r.append(l.FOR_ORIGIN,t._forOrigin),(0,s.clearValue)(l.STATE),(0,s.clearValue)(l.NONCE),"".concat(t._assistedTokenTokenEndpoint,"?").concat(r)}))()}getCallbackFunction(e){return function(t,r,i){(0,s.log)("Assisted Callback"),"authenticating"!==t?"success"===t.status&&void 0!==t[l.ACCESS_TOKEN]?(this.storeResponseData(t),r(t[l.ACCESS_TOKEN])):i(d(d({},t),{},{error_description:"Error status from assisted token call"+t.error_description})):e&&i({error:l.NO_SSO})}.bind(this)}}var _=u;t.default=_},901:(e,t,r)=>{"use strict";var i=r(836);Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var n=i(r(416)),o=i(r(156)),a=i(r(571)),s=r(624),l=r(403),c=i(r(535)),d=r(816);function u(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,i)}return r}function _(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?u(Object(r),!0).forEach((function(t){(0,n.default)(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):u(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}class f extends a.default{constructor(e){super(e._iframe,e._allowed_origins,e._popup),this._configuration=e,this._jwtValidator=new c.default(this._configuration.issuer,this._configuration.client_id,this._configuration._allowed_jwt_algorithms,this._configuration._jwt_sig_public_key)}authorize(e){var t=this;return(0,o.default)((function*(){t.clearExistingTokens();var r=yield t.getRequestUrl(e,!1);window.location.assign(r)}))()}authorizeFrame(e){var t=this;return(0,o.default)((function*(){if(!t._configuration.isFramed())throw(0,s.getErrorObject)("hidden_authorize_not_allowed","Hidden authorize not available for non-framed configuration");var r=yield t.getRequestUrl(e,!1);try{return yield t._frameAuthorize(r,!1)}finally{t.deleteIframe()}}))()}authorizeHiddenFrame(e){var t=arguments,r=this;return(0,o.default)((function*(){var i=!(t.length>1&&void 0!==t[1])||t[1];if(!r._configuration.isFramed())throw(0,s.getErrorObject)("hidden_authorize_not_allowed","Hidden authorize not available for non-framed configuration");var n=yield r.getRequestUrl(e,!0);try{return yield r._frameAuthorize(n,!0,i)}finally{r.deleteIframe()}}))()}authorizePopup(e){var t=this;return(0,o.default)((function*(){try{var r=yield t.getRequestUrl(e,!1);return yield t._popupAuthorize(r)}finally{(0,s.log)("Deleting Popup"),t.deletePopup()}}))()}revoke(){var e=this;return(0,o.default)((function*(){var t=(0,s.getStoredValue)(l.REFRESH_TOKEN);if(null!==t?(0,s.log)("Revoking refresh_token"):((0,s.log)("Revoking access_token"),t=(0,s.getExpiringValue)(l.ACCESS_TOKEN)),e.clearExistingTokens(),e._configuration.canRevoke()&&null!==t){var r=new URLSearchParams;r.append("token",t),r.append("client_id",e._configuration.client_id);var i={method:"POST",mode:"cors",cache:"no-cache",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:r},n=yield fetch(e._configuration.revocation_endpoint,i),o=yield n.json();if(!n.ok)throw console.warn("Error from revoke endpoint",n),_(_({},o),{},{error_description:"Error from revoke endpoint: "+o.error_description});(0,s.log)("Token Revoked")}else(0,s.log)("Failed to find token to revoke.")}))()}logout(e,t){var r=this;return(0,o.default)((function*(){var i=(0,s.getDeferredPromise)(),n=(0,s.getStoredValue)(l.ID_TOKEN);yield r.revoke();var o=new URLSearchParams;t&&o.append("global",t),o.append("post_logout_redirect_uri",e),o.append(l.STATE,(0,s.generateRandomString)()),n?o.append("id_token_hint",n):o.append("client_id",r._configuration.client_id);var a="".concat(r._configuration.end_session_endpoint,"?").concat(o),c="logout-iframe",u=r.createIframe(a,!0,c),_=(0,s.messageEventHandlerForSource)(u.contentWindow,(e=>{if((0,s.log)(e.data),"object"==typeof e.data)if(e.data.logout_successful){if(f(),r.deleteIframeIfExists(d.CHECK_SESSION_OP_IFRAME_ID),!r._configuration.allowed_origins.includes(e.origin))return void i.reject((0,s.getErrorObject)("unknown_origin","Failed to logout, received unexpected event from other event source"));if(!t&&e.data.state!==o.get(l.STATE))return void i.reject((0,s.getErrorObject)("invalid_state","Invalid state parameter"));(0,s.log)("logged out successfully"),i.resolve()}else"error"===e.data.status&&(f(),i.reject((0,s.getErrorObject)("error",e.data.error_description)))})),f=()=>{window.removeEventListener("message",_,!1),r.deleteIframeIfExists(c)};return window.addEventListener("message",_,!1),i.promise}))()}getRequestUrl(e){return(0,o.default)((function*(){throw(0,s.getErrorObject)("method_not_implemented","Abstract method cannot be called directly")}))()}getCallbackFunction(){throw(0,s.getErrorObject)("method_not_implemented","Abstract method cannot be called directly")}refresh(){return(0,o.default)((function*(){throw(0,s.getErrorObject)("method_not_implemented","Abstract method cannot be called directly")}))()}isFramed(){return this._isFramed}_frameAuthorize(e,t){var r=!(arguments.length>2&&void 0!==arguments[2])||arguments[2];r&&this.clearExistingTokens();var i=this.createIframe(e,t);return this._eventManager.setupListener(this.getCallbackFunction(r),i.contentWindow)}_popupAuthorize(e){this.clearExistingTokens();var t=this.createPopup(e);return this._eventManager.setupListener(this.getCallbackFunction(!0),t)}storeResponseData(e){var t=Date.now()+1e3*e[l.EXPIRES_IN];this.storeValueInSession(l.ACCESS_TOKEN,l.ACCESS_TOKEN_EXPIRY,e[l.ACCESS_TOKEN],t),this.storeValueInSession(l.SCOPE,l.SCOPE_EXPIRY,e[l.SCOPE],t),this.storeValueInSession(l.EXPIRES_IN,l.EXPIRES_IN_EXPIRY,e[l.EXPIRES_IN],t),this.storeValueInSession(l.ADDITIONAL_FIELDS,l.ADDITIONAL_FIELDS_EXPIRY,JSON.stringify(this.getAdditionalResponseFields(e)),t),void 0!==e[l.REFRESH_TOKEN]&&((0,s.log)("Storing refresh_token"),(0,s.storeValue)(l.REFRESH_TOKEN,e[l.REFRESH_TOKEN]))}getAdditionalResponseFields(e){var t=[l.ACCESS_TOKEN,l.ID_TOKEN,l.REFRESH_TOKEN,l.SCOPE,l.EXPIRES_IN];return Object.keys(e).filter((e=>!t.includes(e))).reduce(((t,r)=>_(_({},t),{},{[r]:e[r]})),{})}storeValueInSession(e,t,r,i){(0,s.storeValue)(e,r),(0,s.storeValue)(t,i)}clearExistingTokens(){var e=!(arguments.length>0&&void 0!==arguments[0])||arguments[0];(0,s.clearValue)(l.ACCESS_TOKEN),(0,s.clearValue)(l.REFRESH_TOKEN),(0,s.clearValue)(l.SCOPE),(0,s.clearValue)(l.EXPIRES_IN),(0,s.clearValue)(l.ADDITIONAL_FIELDS),e&&(0,s.clearValue)(l.ID_TOKEN)}validateAndStoreIDToken(e,t){var r=this;return(0,o.default)((function*(){yield r._jwtValidator.verifyJWT(e,{accessToken:t,state:(0,s.getStoredValue)(l.STATE),nonce:(0,s.getAndClearStoredValue)(l.NONCE),ignoreNotBefore:r._configuration.ignore_not_before,ignoreExpiration:r._configuration.ignore_expiration,clockTolerance:r._configuration.clock_tolerance}).then((t=>{var r=1e3*t.exp;(0,s.storeValue)(l.ID_TOKEN,e),(0,s.storeValue)(l.ID_TOKEN_EXPIRY,r),(0,s.log)("signature verified")})).catch((e=>{throw(0,s.getErrorObject)(e.message,e)}))}))()}}var p=f;t.default=p},816:(e,t,r)=>{"use strict";var i=r(836);Object.defineProperty(t,"__esModule",{value:!0}),t.CodeFlow=t.CHECK_SESSION_OP_IFRAME_ID=void 0;var n=i(r(416)),o=i(r(156)),a=r(624),s=i(r(901)),l=r(403),c=i(r(234)),d=r(535);function u(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,i)}return r}function _(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?u(Object(r),!0).forEach((function(t){(0,n.default)(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):u(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}var f="__check_session_op_iframe__";t.CHECK_SESSION_OP_IFRAME_ID=f;class p extends s.default{constructor(e){super(e),p.self=this,this._authorizationEndpoint=e.authorization_endpoint,this._clientId=e.client_id,this._redirectUri=e.redirect_uri,this._forOrigin=e.for_origin,this._tokenEndpoint=e.token_endpoint,this._disableSessionManagement=e.disable_session_management,this._checkSessionOPIframe=e.check_session_iframe,this._sessionOPIframeTargetOrigin=this._checkSessionOPIframe?new URL(this._checkSessionOPIframe).origin:null,this._checkSessionIframeEvents=e.check_session_iframe_events,this._sessionPollingInterval=e.session_polling_interval||5,this._isRegisteredForCheckSession=!1}init(){var e=this;return(0,o.default)((function*(){if(window.location.search&&!e.isFramed()){var t=new URLSearchParams(window.location.search),r=t.get("code"),i=(t.get("state"),t.get(l.SESSION_STATE));r&&(yield e.callTokenEndpoint({code:r,session_state:i}),window.location=window.location.href.split("?")[0])}}))()}getCallbackFunction(){var e=!(arguments.length>0&&void 0!==arguments[0])||arguments[0];return function(t,r,i){(0,a.log)("Code Callback"),"authenticating"!==t?"error"===t.status?((0,a.log)("Error occurred"),i(t)):"ok"===t.status&&void 0!==t.code&&null!==t.code?((0,a.log)("Call token endpoint"),this.callTokenEndpoint(t,e).then((e=>{r(e)})).catch((e=>{i(e)}))):(console.error("Unknown event: ",t),i(_({error:l.NO_SSO},t))):(0,a.log)("Do nothing, wait for next message, The reason is that authenticating postMessage is always sent when a screen is presented")}.bind(this)}callTokenEndpoint(e){var t=arguments,r=this;return(0,o.default)((function*(){var i=!(t.length>1&&void 0!==t[1])||t[1],n=(0,a.getAndClearStoredValue)("code_verifier");if(null!==n){var o=new URLSearchParams;o.append("client_id",r._clientId),o.append("grant_type","authorization_code"),o.append("code",e.code),o.append("code_verifier",n),o.append("redirect_uri",r._redirectUri);var s={method:"POST",mode:"cors",cache:"no-cache",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:o},c=yield fetch(r._tokenEndpoint,s),d=yield c.json();if(!c.ok)throw d;if(d.scope.split(" ").includes("openid")){if(!d[l.ID_TOKEN])throw(0,a.getErrorObject)("id_token_null","Id token can't be null for provided scope openid");yield r.validateAndStoreIDToken(d[l.ID_TOKEN],d[l.ACCESS_TOKEN]),(0,a.storeValue)(l.SESSION_STATE,e[l.SESSION_STATE]),r.handleSessionManagementLogout()}return i&&r.storeResponseData(d),d[l.ACCESS_TOKEN]}}))()}handleSessionManagementLogout(){!this._disableSessionManagement&&this._checkSessionOPIframe&&(this._opIframe=this.createIframe(this._checkSessionOPIframe,!0,f),this.pauseCheckForSession=!1,!1===this._isRegisteredForCheckSession&&(this._isRegisteredForCheckSession=!0,this.checkForSession()),window.removeEventListener("message",this.checkSessionCallback),window.addEventListener("message",this.checkSessionCallback))}checkSessionCallback(e){var t=this;return(0,o.default)((function*(){var r=p.self;if(e.source===r._opIframe.contentWindow)if(e.origin===r._sessionOPIframeTargetOrigin)if("unchanged"===e.data)(0,a.callbackIfExists)(r._checkSessionIframeEvents.onUnchanged);else if("changed"===e.data){r.pauseCheckForSession=!0;var i=(0,a.getStoredValue)(l.ID_TOKEN);try{(0,a.callbackIfExists)(r._checkSessionIframeEvents.onStateChanging),yield r.authorizeHiddenFrame({scope:"openid"},!1),(0,a.callbackIfExists)(r._checkSessionIframeEvents.onStateChanged);var n=(0,a.getStoredValue)(l.ID_TOKEN);n&&i&&(0,d.parseJWT)(i).payload.sub!==(0,d.parseJWT)(n).payload.sub?(r.clearExistingTokens(),(0,a.callbackIfExists)(r._checkSessionIframeEvents.onLogout,(0,a.getErrorObject)("logged_out","You have been logged out."))):t.pauseCheckForSession=!1}catch(e){if(e.error===l.NO_SSO)r.clearExistingTokens(),(0,a.callbackIfExists)(r._checkSessionIframeEvents.onLogout,e);else{if(e.error!==l.CONSENT_REQUIRED)throw e;(0,a.callbackIfExists)(r._checkSessionIframeEvents.onConsent,e)}}}else"error"===e.data&&r._checkSessionIframeEvents.onError&&r._checkSessionIframeEvents.onError((0,a.getErrorObject)("check_session_error","Unable to determine session state"));else c.default.self._allowedOrigins.includes(e.origin)||(0,a.log)("Received message from unknown origin.");else(0,a.log)("Ignoring event from unexpected source",e)}))()}checkForSession(){this.pauseCheckForSession||this._opIframe.contentWindow.postMessage("".concat(this._clientId," ").concat((0,a.getStoredValue)(l.SESSION_STATE)),"*"),setTimeout((()=>{this.getIframe(f)?this.checkForSession():window.removeEventListener("message",this.checkSessionCallback)}),1e3*this._sessionPollingInterval)}refresh(){var e=this;return(0,o.default)((function*(){var t=(0,a.getStoredValue)(l.REFRESH_TOKEN);if(null===t)throw console.warn("Tried to refresh without a refresh_token in storage."),{error_description:"Could not find a refresh_token"};var r=new URLSearchParams;r.append("grant_type","refresh_token"),r.append("refresh_token",t),r.append("client_id",e._configuration.client_id);var i={method:"POST",mode:"cors",cache:"no-cache",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:r};e.clearExistingTokens(!1);var n=yield fetch(e._configuration.token_endpoint,i),o=yield n.json();if(!n.ok)throw console.warn("Error from token endpoint",n),_(_({},o),{},{error_description:"Error from revoke endpoint: "+o.error_description});e.storeResponseData(o),(0,a.log)("Token(s) refreshed")}))()}getRequestUrl(e,t){var r=this;return(0,o.default)((function*(){var i=(0,a.generateRandomString)(64),n=yield(0,d.generateHash)(i);(0,a.storeValue)(l.CODE_VERIFIER,i);var o=(0,a.constructURLSearchParams)(e);return o.append(l.CLIENT_ID,r._clientId),o.append(l.RESPONSE_TYPE,l.RESPONSE_TYPES.CODE),o.append(l.CODE_CHALLENGE,n),o.append(l.CODE_CHALLENGE_METHOD,"S256"),o.append(l.REDIRECT_URI,r._redirectUri),o.append(l.FOR_ORIGIN,r._forOrigin),t&&(o.delete(l.PROMPT),o.append(l.PROMPT,l.PROMPT_NONE)),"".concat(r._authorizationEndpoint,"?").concat(o)}))()}}t.CodeFlow=p},261:(e,t,r)=>{"use strict";var i=r(836);Object.defineProperty(t,"__esModule",{value:!0}),t.ImplicitFlow=void 0;var n=i(r(156)),o=i(r(416)),a=r(624),s=i(r(901)),l=r(403);function c(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,i)}return r}function d(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?c(Object(r),!0).forEach((function(t){(0,o.default)(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):c(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}class u extends s.default{constructor(e){super(e),this._authorizationEndpoint=e.authorization_endpoint,this._clientId=e.client_id,this._redirectUri=e.redirect_uri,this._forOrigin=e.for_origin}init(){if(window.location.hash&&!this.isFramed()){var e=window.location.hash.substr(1,window.location.hash.length),t=new URLSearchParams(e),r=t.get(l.ACCESS_TOKEN),i=t.get("error");if(null!==i)throw d(d({},(0,a.getErrorObject)("fetch_token_failed","Failed to get a token")),i);if(null!==r){var n={};for(var o of t.keys())n[o]=t.get(o);this.storeResponseData(n),window.location=window.location.href.split("#")[0]}}}getCallbackFunction(){return function(e,t,r){var i=this;if((0,a.log)("Implicit Callback"),"authenticating"!==e)if("error"===e.status)r(e);else if("ok"===e.status&&void 0!==e[l.ACCESS_TOKEN]&&null!==e[l.ACCESS_TOKEN])if(e.scope.split(" ").includes("openid")&&(0,a.getAndClearStoredValue)(l.RESPONSE_TYPE).split(" ").includes(l.ID_TOKEN))if(e[l.ID_TOKEN])try{(0,n.default)((function*(){yield i.validateAndStoreIDToken(e[l.ID_TOKEN],e[l.ACCESS_TOKEN]),i.storeResponseData(e),t(e[l.ACCESS_TOKEN])}))()}catch(e){r(e)}else r((0,a.getErrorObject)("id_token_null","id_token not found for given openid scope and id_token response_type"));else this.storeResponseData(e),t(e[l.ACCESS_TOKEN]);else console.error("Unknown event: ",e),r(d({error:l.NO_SSO},e))}.bind(this)}getRequestUrl(e,t){var r=this;return(0,n.default)((function*(){var i=(0,a.constructURLSearchParams)(e);return i.append(l.CLIENT_ID,r._clientId),i.append(l.REDIRECT_URI,r._redirectUri),i.append(l.FOR_ORIGIN,r._forOrigin),t&&(i.delete(l.PROMPT),i.append(l.PROMPT,l.PROMPT_NONE)),e[l.RESPONSE_TYPE]&&[l.RESPONSE_TYPES.TOKEN,l.RESPONSE_TYPES.ID_TOKEN,l.RESPONSE_TYPES.TOKEN_ID_TOKEN,l.RESPONSE_TYPES.ID_TOKEN_TOKEN].includes(e[l.RESPONSE_TYPE])?i.append(l.RESPONSE_TYPE,e[l.RESPONSE_TYPE]):i.append(l.RESPONSE_TYPE,l.RESPONSE_TYPES.TOKEN),(0,a.storeValue)(l.RESPONSE_TYPE,i.get(l.RESPONSE_TYPE)),"".concat(r._authorizationEndpoint,"?").concat(i)}))()}}t.ImplicitFlow=u},403:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t._EXPIRY=t.STATE=t.SESSION_STATE=t.SCOPE_EXPIRY=t.SCOPE=t.RESPONSE_TYPES=t.RESPONSE_TYPE=t.REFRESH_TOKEN=t.REDIRECT_URI=t.PROMPT_NONE=t.PROMPT=t.NO_SSO=t.NO_LOGIN_DESCRIPTION=t.NO_LOGIN=t.NONCE=t.IMPLICIT_FLOW=t.ID_TOKEN_EXPIRY=t.ID_TOKEN=t.FOR_ORIGIN=t.EXPIRES_IN_EXPIRY=t.EXPIRES_IN=t.CONSENT_REQUIRED=t.CODE_VERIFIER=t.CODE_FLOW=t.CODE_CHALLENGE_METHOD=t.CODE_CHALLENGE=t.CLIENT_ID=t.ASSISTED_TOKEN_FLOW=t.ADDITIONAL_FIELDS_EXPIRY=t.ADDITIONAL_FIELDS=t.ACCESS_TOKEN_EXPIRY=t.ACCESS_TOKEN=void 0,t.CODE_VERIFIER="code_verifier",t.CLIENT_ID="client_id",t.RESPONSE_TYPE="response_type",t.CODE_CHALLENGE="code_challenge",t.CODE_CHALLENGE_METHOD="code_challenge_method",t.PROMPT="prompt",t.PROMPT_NONE="none",t.REDIRECT_URI="redirect_uri",t.FOR_ORIGIN="for_origin",t.STATE="state",t.SESSION_STATE="session_state",t.NONCE="nonce";t.ACCESS_TOKEN="access_token",t.REFRESH_TOKEN="refresh_token";t.SCOPE="scope";t.ID_TOKEN="id_token";t.ADDITIONAL_FIELDS="additional_fields";t._EXPIRY="_expiry",t.ACCESS_TOKEN_EXPIRY="access_token_expiry",t.SCOPE_EXPIRY="scope_expiry",t.ID_TOKEN_EXPIRY="id_token_expiry",t.ADDITIONAL_FIELDS_EXPIRY="additional_fields_expiry";t.EXPIRES_IN="expires_in",t.EXPIRES_IN_EXPIRY="expires_in_expiry",t.NO_SSO="login_required",t.CONSENT_REQUIRED="consent_required",t.CODE_FLOW="code",t.IMPLICIT_FLOW="implicit",t.ASSISTED_TOKEN_FLOW="assisted_token",t.NO_LOGIN="no_login",t.NO_LOGIN_DESCRIPTION="Login screen was closed without logging in.",t.RESPONSE_TYPES={TOKEN:"token",ID_TOKEN:"id_token",TOKEN_ID_TOKEN:"id_token token",ID_TOKEN_TOKEN:"token id_token",CODE:"code"}},190:(e,t,r)=>{"use strict";var i=r(836);Object.defineProperty(t,"__esModule",{value:!0}),t.getMetadata=a,t.getMetadataWithWebfinger=function(e){return l.apply(this,arguments)};var n=i(r(156)),o=r(624);function a(e){return s.apply(this,arguments)}function s(){return(s=(0,n.default)((function*(e){var t=yield fetch(e);return yield t.json()}))).apply(this,arguments)}function l(){return(l=(0,n.default)((function*(e){var t="".concat(e,"/.well-known/webfinger?rel=http://openid.net/specs/connect/1.0/issuer&resource=").concat(e),r=yield fetch(t),i=yield r.json();if(void 0!==i.links&&1===i.links.length)return yield a(i.links[0].href);throw(0,o.getErrorObject)("web_finger_error","WebFinger did not return any relevant data")}))).apply(this,arguments)}},624:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.callbackIfExists=function(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;e&&e(t)},t.clearValue=l,t.constructURLSearchParams=function(e){var t=!(arguments.length>1&&void 0!==arguments[1])||arguments[1],r=new URLSearchParams;return Object.keys(e).filter((e=>!n.includes(e))).forEach((t=>{"[object Array]"===Object.prototype.toString.call(e[t])?r.append(t,e[t].join(" ")):r.append(t,e[t])})),t&&(r.get(i.STATE)||r.set(i.STATE,a()),s(i.STATE,r.get(i.STATE)),r.get(i.NONCE)||r.set(i.NONCE,a()),s(i.NONCE,r.get(i.NONCE))),r},t.errorIfEmpty=function(e,t){if(null==e||""===e)throw d("missing_mandatory_field","Missing mandatory value for ".concat(t))},t.generateRandomString=a,t.getAndClearStoredValue=function(e){var t=window.sessionStorage.getItem(e);return window.sessionStorage.removeItem(e),t},t.getDeferredPromise=function(){var e,t;return{promise:new Promise(((r,i)=>{e=r,t=i})),resolve:e,reject:t}},t.getErrorObject=d,t.getExpiringValue=function(e){var t=window.sessionStorage.getItem(e);return+window.sessionStorage.getItem(e+i._EXPIRY)>Date.now()?t:(l(e),l(e+i._EXPIRY),null)},t.getMandatory=function(e,t){if(!t||void 0===t[e]||null===t[e])throw d("missing_mandatory_settings","Missing mandatory settings ".concat(e));return t[e]},t.getOptional=c,t.getOptionalMetaDataOrSetting=function(e,t,r){return c(e,t)||c(e,r)},t.getOptionalOfType=function(e,t,r){var i=arguments.length>3&&void 0!==arguments[3]?arguments[3]:null,n=c(e,t,i);return typeof n===r?n:i},t.getStoredValue=function(e){return window.sessionStorage.getItem(e)},t.log=u,t.messageEventHandlerForSource=function(e,t){return function(r){r.source===e?t(r):u("Ignoring event from unexpected source",r)}},t.storeValue=s;var i=r(403),n=[i.CLIENT_ID,i.RESPONSE_TYPE,i.FOR_ORIGIN,i.CODE_CHALLENGE,i.CODE_CHALLENGE_METHOD,i.REDIRECT_URI],o="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";function a(){var e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:64,t=new Uint8Array(e);return window.crypto.getRandomValues(t),t=t.map((e=>o.charCodeAt(e%o.length))),String.fromCharCode.apply(null,t)}function s(e,t){window.sessionStorage.setItem(e,t)}function l(e){window.sessionStorage.removeItem(e)}function c(e,t){var r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:null;return t&&void 0!==t[e]&&null!==t[e]?t[e]:r}function d(e,t){return{error:e,error_description:t}}function u(e){if(window.debug_assistant){for(var t=arguments.length,r=new Array(t>1?t-1:0),i=1;i<t;i++)r[i-1]=arguments[i];console.log(e,...r)}}},539:()=>{},786:()=>{},156:e=>{function t(e,t,r,i,n,o,a){try{var s=e[o](a),l=s.value}catch(e){return void r(e)}s.done?t(l):Promise.resolve(l).then(i,n)}e.exports=function(e){return function(){var r=this,i=arguments;return new Promise((function(n,o){var a=e.apply(r,i);function s(e){t(a,n,o,s,l,"next",e)}function l(e){t(a,n,o,s,l,"throw",e)}s(void 0)}))}},e.exports.__esModule=!0,e.exports.default=e.exports},416:e=>{e.exports=function(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e},e.exports.__esModule=!0,e.exports.default=e.exports},836:e=>{e.exports=function(e){return e&&e.__esModule?e:{default:e}},e.exports.__esModule=!0,e.exports.default=e.exports}},t={};function r(i){var n=t[i];if(void 0!==n)return n.exports;var o=t[i]={exports:{}};return e[i](o,o.exports,r),o.exports}var i={};return(()=>{"use strict";var e=i,t=r(836);Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0;var n=t(r(156)),o=r(190),a=function(e,t){if(e&&e.__esModule)return e;if(null===e||"object"!=typeof e&&"function"!=typeof e)return{default:e};var r=_(t);if(r&&r.has(e))return r.get(e);var i={},n=Object.defineProperty&&Object.getOwnPropertyDescriptor;for(var o in e)if("default"!==o&&Object.prototype.hasOwnProperty.call(e,o)){var a=n?Object.getOwnPropertyDescriptor(e,o):null;a&&(a.get||a.set)?Object.defineProperty(i,o,a):i[o]=e[o]}return i.default=e,r&&r.set(e,i),i}(r(289)),s=r(816),l=r(261),c=r(624),d=t(r(478)),u=r(403);function _(e){if("function"!=typeof WeakMap)return null;var t=new WeakMap,r=new WeakMap;return(_=function(e){return e?r:t})(e)}e.default=class{constructor(e){this._settings=e,this._configuration=null,window.debug_assistant=e.debug}init(){var e=this;return(0,n.default)((function*(){var t=(0,c.getMandatory)(a.SettingNames.base_url,e._settings),r=(0,c.getMandatory)(a.SettingNames.client_id,e._settings),i=(0,c.getMandatory)(a.SettingNames.flow_type,e._settings),n=(0,c.getMandatory)(a.SettingNames.redirect_uri,e._settings),_=(0,c.getOptional)(a.SettingNames.for_origin,e._settings,window.parent?window.origin:""),f=(0,c.getOptional)(a.SettingNames.issuer,e._settings),p=(0,c.getOptional)(a.SettingNames.iframe,e._settings),g=(0,c.getOptional)(a.SettingNames.popup,e._settings),h=(0,c.getOptional)(a.SettingNames.allowed_origins,e._settings,[window.origin]),E=(0,c.getOptionalOfType)(a.SettingNames.disable_session_management,e._settings,"boolean",!1),v=(0,c.getOptional)(a.SettingNames.session_polling_interval,e._settings),m=(0,c.getOptional)(a.SettingNames.check_session_iframe_events,e._settings,{}),O=(0,c.getOptional)(a.SettingNames.allowed_jwt_algorithms,e._settings),S=(0,c.getOptional)(a.SettingNames.jwt_sig_public_key,e._settings),w=(0,c.getOptional)(a.SettingNames.openid_configuration_url,e._settings),y=(0,c.getOptionalOfType)(a.SettingNames.ignore_not_before,e._settings,"boolean",!1),b=(0,c.getOptionalOfType)(a.SettingNames.ignore_expiration,e._settings,"boolean",!1),k=(0,c.getOptionalOfType)(a.SettingNames.clock_tolerance,e._settings,"number",0),I=null;null!==w?I=yield(0,o.getMetadata)(w,!0):null!==f&&(I=yield(0,o.getMetadata)("".concat(f,"/.well-known/openid-configuration")));var T=(0,c.getOptionalMetaDataOrSetting)(a.SettingNames.authorization_endpoint,I,e._settings),N=(0,c.getOptionalMetaDataOrSetting)(a.SettingNames.token_endpoint,I,e._settings),P=(0,c.getOptionalMetaDataOrSetting)(a.SettingNames.assisted_token_endpoint,I,e._settings),C=(0,c.getOptionalMetaDataOrSetting)(a.SettingNames.revocation_endpoint,I,e._settings),R=(0,c.getOptionalMetaDataOrSetting)(a.SettingNames.check_session_iframe,I,e._settings),j=(0,c.getOptionalMetaDataOrSetting)(a.SettingNames.end_session_endpoint,I,e._settings);e._configuration=new a.default(i,t,r,T,N,P,C,f,n,_,p,g,h,E,R,v,m,O,S,y,b,k,j),e._configuration.flow_type===u.CODE_FLOW?((0,c.log)("Initializing Code Flow handler"),e._flow=new s.CodeFlow(e._configuration),yield e._flow.init()):e._configuration.flow_type===u.IMPLICIT_FLOW?((0,c.log)("Initializing Implicit Flow handler"),e._flow=new l.ImplicitFlow(e._configuration),yield e._flow.init()):e._configuration.flow_type===u.ASSISTED_TOKEN_FLOW&&((0,c.log)("Initializing Assisted Token Flow handler"),e._flow=new d.default(e._configuration),yield e._flow.init())}))()}authorize(){var e=arguments,t=this;return(0,n.default)((function*(){var r=e.length>0&&void 0!==e[0]?e[0]:{};return t._flow.authorize(r)}))()}authorizeFrame(){var e=arguments,t=this;return(0,n.default)((function*(){var r=e.length>0&&void 0!==e[0]?e[0]:{};return t._flow.authorizeFrame(r)}))()}authorizePopup(){var e=arguments,t=this;return(0,n.default)((function*(){var r=e.length>0&&void 0!==e[0]?e[0]:{};return t._flow.authorizePopup(r)}))()}authorizeHiddenFrame(){var e=arguments,t=this;return(0,n.default)((functi