UNPKG

@digital-blueprint/esign-app

Version:

[GitHub Repository](https://github.com/digital-blueprint/esign-app) | [npmjs package](https://www.npmjs.com/package/@digital-blueprint/esign-app) | [Unpkg CDN](https://unpkg.com/browse/@digital-blueprint/esign-app/) | [Esign Bundle](https://gitlab.tugraz.

github.com/digital-blueprint/esign-app

digital-blueprint/esign-app

10 lines (7 loc) 29.2 kB
1
2
3
4
5
6
7
8
9
10
var e,t,n,r,i,a,o,s,c,l,u;function d(e,t){h(e,t),t.add(e)}function f(e,t,n){return(t=ee(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function ee(e){var t=p(e,`string`);return typeof t==`symbol`?t:t+``}function p(e,t){if(typeof e!=`object`||!e)return e;var n=e[Symbol.toPrimitive];if(n!==void 0){var r=n.call(e,t||`default`);if(typeof r!=`object`)return r;throw TypeError(`@@toPrimitive must return a primitive value.`)}return(t===`string`?String:Number)(e)}function m(e,t,n){h(e,t),t.set(e,n)}function h(e,t){if(t.has(e))throw TypeError(`Cannot initialize the same private elements twice on an object`)}function g(e,t,n){return e.set(v(e,t),n),n}function _(e,t){return e.get(v(e,t))}function v(e,t,n){if(typeof e==`function`?e===t:e.has(t))return arguments.length<3?t:n;throw TypeError(`Private element is not present on this object`)}var te=(e=new WeakMap,t=new WeakMap,n=new WeakMap,r=new WeakMap,i=new WeakMap,a=new WeakMap,o=new WeakMap,s=new WeakMap,c=new WeakSet,class{constructor(l){if(d(this,c),m(this,e,[]),m(this,t,void 0),m(this,n,!0),m(this,r,void 0),m(this,i,v(c,this,N).call(this,console.info)),m(this,a,v(c,this,N).call(this,console.warn)),m(this,o,{enable:!0,callbackList:[],interval:5}),m(this,s,void 0),f(this,`didInitialize`,!1),f(this,`authenticated`,!1),f(this,`loginRequired`,!1),f(this,`responseMode`,`fragment`),f(this,`responseType`,`code`),f(this,`flow`,`standard`),f(this,`timeSkew`,null),f(this,`redirectUri`,void 0),f(this,`silentCheckSsoRedirectUri`,void 0),f(this,`silentCheckSsoFallback`,!0),f(this,`pkceMethod`,`S256`),f(this,`enableLogging`,!1),f(this,`logoutMethod`,`GET`),f(this,`scope`,void 0),f(this,`messageReceiveTimeout`,1e4),f(this,`idToken`,void 0),f(this,`idTokenParsed`,void 0),f(this,`token`,void 0),f(this,`tokenParsed`,void 0),f(this,`refreshToken`,void 0),f(this,`refreshTokenParsed`,void 0),f(this,`clientId`,void 0),f(this,`sessionId`,void 0),f(this,`subject`,void 0),f(this,`authServerUrl`,void 0),f(this,`realm`,void 0),f(this,`realmAccess`,void 0),f(this,`resourceAccess`,void 0),f(this,`profile`,void 0),f(this,`userInfo`,void 0),f(this,`endpoints`,void 0),f(this,`tokenTimeoutHandle`,void 0),f(this,`onAuthSuccess`,void 0),f(this,`onAuthError`,void 0),f(this,`onAuthRefreshSuccess`,void 0),f(this,`onAuthRefreshError`,void 0),f(this,`onTokenExpired`,void 0),f(this,`onAuthLogout`,void 0),f(this,`onReady`,void 0),f(this,`onActionUpdate`,void 0),f(this,`init`,async(e={})=>{if(this.didInitialize)throw Error(`A 'Keycloak' instance can only be initialized once.`);if(this.didInitialize=!0,g(r,this,B()),typeof e.adapter==`string`&&[`default`,`cordova`,`cordova-native`].includes(e.adapter)?g(t,this,v(c,this,y).call(this,e.adapter)):typeof e.adapter==`object`?g(t,this,e.adapter):`Cordova`in window||`cordova`in window?g(t,this,v(c,this,y).call(this,`cordova`)):g(t,this,v(c,this,y).call(this,`default`)),e.useNonce!==void 0&&g(n,this,e.useNonce),e.checkLoginIframe!==void 0&&(_(o,this).enable=e.checkLoginIframe),e.checkLoginIframeInterval&&(_(o,this).interval=e.checkLoginIframeInterval),e.onLoad===`login-required`&&(this.loginRequired=!0),e.responseMode)if(e.responseMode===`query`||e.responseMode===`fragment`)this.responseMode=e.responseMode;else throw Error(`Invalid value for responseMode`);if(e.flow){switch(e.flow){case`standard`:this.responseType=`code`;break;case`implicit`:this.responseType=`id_token token`;break;case`hybrid`:this.responseType=`code id_token token`;break;default:throw Error(`Invalid value for flow`)}this.flow=e.flow}if(typeof e.timeSkew==`number`&&(this.timeSkew=e.timeSkew),e.redirectUri&&(this.redirectUri=e.redirectUri),e.silentCheckSsoRedirectUri&&(this.silentCheckSsoRedirectUri=e.silentCheckSsoRedirectUri),typeof e.silentCheckSsoFallback==`boolean`&&(this.silentCheckSsoFallback=e.silentCheckSsoFallback),e.pkceMethod!==void 0){if(e.pkceMethod!==`S256`&&e.pkceMethod!==!1)throw TypeError(`Invalid value for pkceMethod', expected 'S256' or false but got ${e.pkceMethod}.`);this.pkceMethod=e.pkceMethod}return typeof e.enableLogging==`boolean`&&(this.enableLogging=e.enableLogging),e.logoutMethod===`POST`&&(this.logoutMethod=`POST`),typeof e.scope==`string`&&(this.scope=e.scope),typeof e.messageReceiveTimeout==`number`&&e.messageReceiveTimeout>0&&(this.messageReceiveTimeout=e.messageReceiveTimeout),await v(c,this,ie).call(this),await v(c,this,oe).call(this),await v(c,this,C).call(this,e),this.onReady?.(this.authenticated),this.authenticated}),f(this,`login`,e=>_(t,this).login(e)),f(this,`createLoginUrl`,async e=>{let i=P(),a=P(),o=_(t,this).redirectUri(e),s={state:i,nonce:a,redirectUri:o,loginOptions:e};e?.prompt&&(s.prompt=e.prompt);let c=e?.action===`register`?this.endpoints.register():this.endpoints.authorize(),l=e?.scope||this.scope,u=l?l.split(` `):[];u.includes(`openid`)||u.unshift(`openid`),l=u.join(` `);let d=new URLSearchParams([[`client_id`,this.clientId],[`redirect_uri`,o],[`state`,i],[`response_mode`,this.responseMode],[`response_type`,this.responseType],[`scope`,l]]);if(_(n,this)&&d.append(`nonce`,a),e?.prompt&&d.append(`prompt`,e.prompt),typeof e?.maxAge==`number`&&d.append(`max_age`,e.maxAge.toString()),e?.loginHint&&d.append(`login_hint`,e.loginHint),e?.idpHint&&d.append(`kc_idp_hint`,e.idpHint),e?.action&&e.action!==`register`&&d.append(`kc_action`,e.action),e?.locale&&d.append(`ui_locales`,e.locale),e?.acr&&d.append(`claims`,ce(e.acr)),e?.acrValues&&d.append(`acr_values`,e.acrValues),this.pkceMethod)try{let e=F(96),t=await I(this.pkceMethod,e);s.pkceCodeVerifier=e,d.append(`code_challenge`,t),d.append(`code_challenge_method`,this.pkceMethod)}catch(e){throw Error(`Failed to generate PKCE challenge.`,{cause:e})}return _(r,this).add(s),`${c}?${d.toString()}`}),f(this,`logout`,e=>_(t,this).logout(e)),f(this,`createLogoutUrl`,e=>{let n=e?.logoutMethod??this.logoutMethod,r=this.endpoints.logout();if(n===`POST`)return r;let i=new URLSearchParams([[`client_id`,this.clientId],[`post_logout_redirect_uri`,_(t,this).redirectUri(e)]]);return this.idToken&&i.append(`id_token_hint`,this.idToken),`${r}?${i.toString()}`}),f(this,`register`,e=>_(t,this).register(e)),f(this,`createRegisterUrl`,e=>this.createLoginUrl({...e,action:`register`})),f(this,`createAccountUrl`,e=>{let n=v(c,this,M).call(this);if(!n)throw Error(`Unable to create account URL, make sure the adapter is not configured using a generic OIDC provider.`);return`${n}/account?${new URLSearchParams([[`referrer`,this.clientId],[`referrer_uri`,_(t,this).redirectUri(e)]]).toString()}`}),f(this,`accountManagement`,()=>_(t,this).accountManagement()),f(this,`hasRealmRole`,e=>{let t=this.realmAccess;return!!t&&t.roles.indexOf(e)>=0}),f(this,`hasResourceRole`,(e,t)=>{if(!this.resourceAccess)return!1;let n=this.resourceAccess[t||this.clientId];return!!n&&n.roles.indexOf(e)>=0}),f(this,`loadUserProfile`,async()=>{let e=v(c,this,M).call(this);if(!e)throw Error(`Unable to load user profile, make sure the adapter is not configured using a generic OIDC provider.`);return this.profile=await X(`${e}/account`,{headers:[Z(this.token)]})}),f(this,`loadUserInfo`,async()=>this.userInfo=await X(this.endpoints.userinfo(),{headers:[Z(this.token)]})),f(this,`isTokenExpired`,e=>{if(!this.tokenParsed||!this.refreshToken&&this.flow!==`implicit`)throw Error(`Not authenticated`);if(this.timeSkew==null)return _(i,this).call(this,`[KEYCLOAK] Unable to determine if token is expired as timeskew is not set`),!0;if(typeof this.tokenParsed.exp!=`number`)return!1;let t=this.tokenParsed.exp-Math.ceil(new Date().getTime()/1e3)+this.timeSkew;if(e){if(isNaN(e))throw Error(`Invalid minValidity`);t-=e}return t<0}),f(this,`updateToken`,async t=>{if(!this.refreshToken)throw Error(`Unable to update token, no refresh token available.`);t||=5,_(o,this).enable&&await v(c,this,T).call(this);let n=!1;if(t===-1?(n=!0,_(i,this).call(this,`[KEYCLOAK] Refreshing token: forced refresh`)):(!this.tokenParsed||this.isTokenExpired(t))&&(n=!0,_(i,this).call(this,`[KEYCLOAK] Refreshing token: token expired`)),!n)return!1;let{promise:r,resolve:s,reject:l}=Promise.withResolvers();if(_(e,this).push({resolve:s,reject:l}),_(e,this).length===1){let t=this.endpoints.token(),n=new Date().getTime();try{let r=await ye(t,this.refreshToken,this.clientId);_(i,this).call(this,`[KEYCLOAK] Token refreshed`),n=(n+new Date().getTime())/2,v(c,this,j).call(this,r.access_token,r.refresh_token,r.id_token,n),this.onAuthRefreshSuccess?.();for(let t=_(e,this).pop();t!=null;t=_(e,this).pop())t.resolve(!0)}catch(t){_(a,this).call(this,`[KEYCLOAK] Failed to refresh token`),t instanceof $&&t.response.status===400&&this.clearToken(),this.onAuthRefreshError?.();for(let n=_(e,this).pop();n!=null;n=_(e,this).pop())n.reject(t)}}return await r}),f(this,`clearToken`,()=>{this.token&&(v(c,this,j).call(this),this.onAuthLogout?.(),this.loginRequired&&this.login())}),typeof l!=`string`&&!Y(l))throw Error(`The 'Keycloak' constructor must be provided with a configuration object, or a URL to a JSON configuration file.`);if(Y(l)){let e=`oidcProvider`in l?[`clientId`]:[`url`,`realm`,`clientId`];for(let t of e)if(!(t in l))throw Error(`The configuration object is missing the required '${t}' property.`)}globalThis.isSecureContext||_(a,this).call(this,`[KEYCLOAK] Keycloak JS must be used in a 'secure context' to function properly as it relies on browser APIs that are otherwise not available. Continuing to run your application insecurely will lead to unexpected behavior and breakage. For more information see: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts`),g(s,this,l)}});function y(e){if(e===`default`)return v(c,this,ne).call(this);if(e===`cordova`)return _(o,this).enable=!1,v(c,this,re).call(this);if(e===`cordova-native`)return _(o,this).enable=!1,v(c,this,b).call(this);throw Error(`invalid adapter type: `+e)}function ne(){let e=e=>e?.redirectUri||this.redirectUri||globalThis.location.href;return{login:async e=>(window.location.assign(await this.createLoginUrl(e)),await new Promise(()=>{})),logout:async t=>{if((t?.logoutMethod??this.logoutMethod)===`GET`){window.location.replace(this.createLogoutUrl(t));return}let n=document.createElement(`form`);n.setAttribute(`method`,`POST`),n.setAttribute(`action`,this.createLogoutUrl(t)),n.style.display=`none`;let r={id_token_hint:this.idToken,client_id:this.clientId,post_logout_redirect_uri:e(t)};for(let[e,t]of Object.entries(r)){let r=document.createElement(`input`);r.setAttribute(`type`,`hidden`),r.setAttribute(`name`,e),r.setAttribute(`value`,t),n.appendChild(r)}document.body.appendChild(n),n.submit()},register:async e=>(window.location.assign(await this.createRegisterUrl(e)),await new Promise(()=>{})),accountManagement:async()=>{let e=this.createAccountUrl();if(e!==void 0)window.location.href=e;else throw Error(`Not supported by the OIDC server`);return await new Promise(()=>{})},redirectUri:e}}function re(){let e=(e,t,n)=>window.cordova&&window.cordova.InAppBrowser?window.cordova.InAppBrowser.open(e,t,n):window.open(e,t,n),t=e=>e&&e.cordovaOptions?Object.keys(e.cordovaOptions).reduce((t,n)=>(t[n]=e.cordovaOptions[n],t),{}):{},n=e=>Object.keys(e).reduce((t,n)=>(t.push(n+`=`+e[n]),t),[]).join(`,`),r=e=>{let r=t(e);return r.location=`no`,e&&e.prompt===`none`&&(r.hidden=`yes`),n(r)},i=()=>this.redirectUri||`http://localhost`;return{login:async t=>{let n=r(t),a=e(await this.createLoginUrl(t),`_blank`,n),o=!1,s=!1;function l(){s=!0,a.close()}return await new Promise((e,t)=>{a.addEventListener(`loadstart`,async n=>{if(n.url.indexOf(i())===0){let r=v(c,this,D).call(this,n.url);try{await v(c,this,k).call(this,r),e()}catch(e){t(e)}l(),o=!0}}),a.addEventListener(`loaderror`,async n=>{if(!o)if(n.url.indexOf(i())===0){let r=v(c,this,D).call(this,n.url);try{await v(c,this,k).call(this,r),e()}catch(e){t(e)}l(),o=!0}else t(Error(`Unable to process login.`)),l()}),a.addEventListener(`exit`,function(e){s||t(Error(`User closed the login window.`))})})},logout:async t=>{let n=e(this.createLogoutUrl(t),`_blank`,`location=no,hidden=yes,clearcache=yes`),r=!1;n.addEventListener(`loadstart`,e=>{e.url.indexOf(i())===0&&n.close()}),n.addEventListener(`loaderror`,e=>{e.url.indexOf(i())===0||(r=!0),n.close()}),await new Promise((e,t)=>{n.addEventListener(`exit`,()=>{r?t(Error(`User closed the login window.`)):(this.clearToken(),e())})})},register:async t=>{let n=e(await this.createRegisterUrl(),`_blank`,r(t));await new Promise((e,t)=>{n.addEventListener(`loadstart`,async r=>{if(r.url.indexOf(i())===0){n.close();let i=v(c,this,D).call(this,r.url);try{await v(c,this,k).call(this,i),e()}catch(e){t(e)}}})})},accountManagement:async()=>{let t=this.createAccountUrl();if(t!==void 0){let n=e(t,`_blank`,`location=no`);n.addEventListener(`loadstart`,function(e){e.url.indexOf(i())===0&&n.close()})}else throw Error(`Not supported by the OIDC server`)},redirectUri:()=>i()}}function b(){return{login:async e=>{let t=await this.createLoginUrl(e);await new Promise((e,n)=>{universalLinks.subscribe(`keycloak`,async t=>{universalLinks.unsubscribe(`keycloak`),window.cordova.plugins.browsertab.close();let r=v(c,this,D).call(this,t.url);try{await v(c,this,k).call(this,r),e()}catch(e){n(e)}}),window.cordova.plugins.browsertab.openUrl(t)})},logout:async e=>{let t=this.createLogoutUrl(e);await new Promise(e=>{universalLinks.subscribe(`keycloak`,()=>{universalLinks.unsubscribe(`keycloak`),window.cordova.plugins.browsertab.close(),this.clearToken(),e()}),window.cordova.plugins.browsertab.openUrl(t)})},register:async e=>{let t=await this.createRegisterUrl(e);await new Promise((e,n)=>{universalLinks.subscribe(`keycloak`,async t=>{universalLinks.unsubscribe(`keycloak`),window.cordova.plugins.browsertab.close();let r=v(c,this,D).call(this,t.url);try{await v(c,this,k).call(this,r),e()}catch(e){n(e)}}),window.cordova.plugins.browsertab.openUrl(t)})},accountManagement:async()=>{let e=this.createAccountUrl();if(e!==void 0)window.cordova.plugins.browsertab.openUrl(e);else throw Error(`Not supported by the OIDC server`)},redirectUri:e=>e&&e.redirectUri?e.redirectUri:this.redirectUri?this.redirectUri:`http://localhost`}}async function ie(){if(typeof _(s,this)==`string`){let e=await ge(_(s,this));this.authServerUrl=e[`auth-server-url`],this.realm=e.realm,this.clientId=e.resource,v(c,this,x).call(this)}else this.clientId=_(s,this).clientId,`oidcProvider`in _(s,this)?await v(c,this,ae).call(this,_(s,this).oidcProvider):(this.authServerUrl=_(s,this).url,this.realm=_(s,this).realm,v(c,this,x).call(this))}function x(){this.endpoints={authorize:()=>v(c,this,M).call(this)+`/protocol/openid-connect/auth`,token:()=>v(c,this,M).call(this)+`/protocol/openid-connect/token`,logout:()=>v(c,this,M).call(this)+`/protocol/openid-connect/logout`,checkSessionIframe:()=>v(c,this,M).call(this)+`/protocol/openid-connect/login-status-iframe.html`,thirdPartyCookiesIframe:()=>v(c,this,M).call(this)+`/protocol/openid-connect/3p-cookies/step1.html`,register:()=>v(c,this,M).call(this)+`/protocol/openid-connect/registrations`,userinfo:()=>v(c,this,M).call(this)+`/protocol/openid-connect/userinfo`}}async function ae(e){if(typeof e==`string`){let t=await _e(`${Q(e)}/.well-known/openid-configuration`);v(c,this,S).call(this,t)}else v(c,this,S).call(this,e)}function S(e){this.endpoints={authorize(){return e.authorization_endpoint},token(){return e.token_endpoint},logout(){if(!e.end_session_endpoint)throw Error(`Not supported by the OIDC server`);return e.end_session_endpoint},checkSessionIframe(){if(!e.check_session_iframe)throw Error(`Not supported by the OIDC server`);return e.check_session_iframe},register(){throw Error(`Redirection to "Register user" page not supported in standard OIDC mode`)},userinfo(){if(!e.userinfo_endpoint)throw Error(`Not supported by the OIDC server`);return e.userinfo_endpoint}}}async function oe(){if(!_(o,this).enable&&!this.silentCheckSsoRedirectUri||typeof this.endpoints.thirdPartyCookiesIframe!=`function`)return;let e=document.createElement(`iframe`);return e.setAttribute(`src`,this.endpoints.thirdPartyCookiesIframe()),e.setAttribute(`sandbox`,`allow-storage-access-by-user-activation allow-scripts allow-same-origin`),e.setAttribute(`title`,`keycloak-3p-check-iframe`),e.style.display=`none`,document.body.appendChild(e),await z(new Promise(t=>{let n=r=>{e.contentWindow===r.source&&(r.data!==`supported`&&r.data!==`unsupported`||(r.data===`unsupported`&&(_(a,this).call(this,`[KEYCLOAK] Your browser is blocking access to 3rd-party cookies, this means: - It is not possible to retrieve tokens without redirecting to the Keycloak server (a.k.a. no support for silent authentication). - It is not possible to automatically detect changes to the session status (such as the user logging out in another tab). For more information see: https://www.keycloak.org/securing-apps/javascript-adapter#_modern_browsers`),_(o,this).enable=!1,this.silentCheckSsoFallback&&(this.silentCheckSsoRedirectUri=void 0)),document.body.removeChild(e),window.removeEventListener(`message`,n),t()))};window.addEventListener(`message`,n,!1)}),this.messageReceiveTimeout,`Timeout when waiting for 3rd party check iframe message.`)}async function C(e){let t=v(c,this,D).call(this,window.location.href);if(t?.newUrl&&window.history.replaceState(window.history.state,``,t.newUrl),t&&t.valid){await v(c,this,w).call(this),await v(c,this,k).call(this,t);return}let n=async t=>{let n={};t||(n.prompt=`none`),e.locale&&(n.locale=e.locale),await this.login(n)},r=async()=>{switch(e.onLoad){case`check-sso`:_(o,this).enable?(await v(c,this,w).call(this),await v(c,this,T).call(this)||(this.silentCheckSsoRedirectUri?await v(c,this,E).call(this):await n(!1))):this.silentCheckSsoRedirectUri?await v(c,this,E).call(this):await n(!1);break;case`login-required`:await n(!0);break;default:throw Error(`Invalid value for onLoad`)}};if(e.token&&e.refreshToken)if(v(c,this,j).call(this,e.token,e.refreshToken,e.idToken),_(o,this).enable)await v(c,this,w).call(this),await v(c,this,T).call(this)&&(this.onAuthSuccess?.(),v(c,this,A).call(this));else try{await this.updateToken(-1),this.onAuthSuccess?.()}catch(t){if(this.onAuthError?.(),e.onLoad)await r();else throw t}else e.onLoad&&await r()}async function w(){if(!_(o,this).enable||_(o,this).iframe)return;let e=document.createElement(`iframe`);_(o,this).iframe=e,e.setAttribute(`src`,this.endpoints.checkSessionIframe()),e.setAttribute(`sandbox`,`allow-storage-access-by-user-activation allow-scripts allow-same-origin`),e.setAttribute(`title`,`keycloak-session-iframe`),e.style.display=`none`,document.body.appendChild(e),window.addEventListener(`message`,e=>{if(e.origin!==_(o,this).iframeOrigin||_(o,this).iframe?.contentWindow!==e.source||!(e.data===`unchanged`||e.data===`changed`||e.data===`error`))return;e.data!==`unchanged`&&this.clearToken();let t=_(o,this).callbackList;_(o,this).callbackList=[];for(let n of t.reverse())e.data===`error`?n(Error(`Error while checking login iframe`)):n(null,e.data===`unchanged`)},!1),await new Promise(t=>{e.addEventListener(`load`,()=>{let e=this.endpoints.authorize();e.startsWith(`/`)?_(o,this).iframeOrigin=globalThis.location.origin:_(o,this).iframeOrigin=new URL(e).origin,t()})})}async function T(){if(!_(o,this).iframe||!_(o,this).iframeOrigin)return;let e=`${this.clientId} ${this.sessionId?this.sessionId:``}`,t=_(o,this).iframeOrigin;return await new Promise((n,r)=>{_(o,this).callbackList.push((e,t)=>e?r(e):n(t)),_(o,this).callbackList.length===1&&_(o,this).iframe?.contentWindow?.postMessage(e,t)})}async function E(){let e=document.createElement(`iframe`),t=await this.createLoginUrl({prompt:`none`,redirectUri:this.silentCheckSsoRedirectUri});return e.setAttribute(`src`,t),e.setAttribute(`sandbox`,`allow-storage-access-by-user-activation allow-scripts allow-same-origin`),e.setAttribute(`title`,`keycloak-silent-check-sso`),e.style.display=`none`,document.body.appendChild(e),await new Promise((t,n)=>{let r=async i=>{if(i.origin!==window.location.origin||e.contentWindow!==i.source)return;let a=v(c,this,D).call(this,i.data);try{await v(c,this,k).call(this,a),t()}catch(e){n(e)}document.body.removeChild(e),window.removeEventListener(`message`,r)};window.addEventListener(`message`,r)})}function D(e){let t=v(c,this,se).call(this,e);if(!t)return;let n=_(r,this).get(t.state);return n&&(t.valid=!0,t.redirectUri=n.redirectUri,t.storedNonce=n.nonce,t.prompt=n.prompt,t.pkceCodeVerifier=n.pkceCodeVerifier,t.loginOptions=n.loginOptions),t}function se(e){let t=[];switch(this.flow){case`standard`:t=[`code`,`state`,`session_state`,`kc_action_status`,`kc_action`,`iss`];break;case`implicit`:t=[`access_token`,`token_type`,`id_token`,`state`,`session_state`,`expires_in`,`kc_action_status`,`kc_action`,`iss`];break;case`hybrid`:t=[`access_token`,`token_type`,`id_token`,`code`,`state`,`session_state`,`expires_in`,`kc_action_status`,`kc_action`,`iss`];break}t.push(`error`),t.push(`error_description`),t.push(`error_uri`);let n=new URL(e),r=``,i;if(this.responseMode===`query`&&n.searchParams.size>0?(i=v(c,this,O).call(this,n.search,t),n.search=i.paramsString,r=n.toString()):this.responseMode===`fragment`&&n.hash.length>0&&(i=v(c,this,O).call(this,n.hash.substring(1),t),n.hash=i.paramsString,r=n.toString()),i?.oauthParams){if(this.flow===`standard`||this.flow===`hybrid`){if((i.oauthParams.code||i.oauthParams.error)&&i.oauthParams.state)return i.oauthParams.newUrl=r,i.oauthParams}else if(this.flow===`implicit`&&(i.oauthParams.access_token||i.oauthParams.error)&&i.oauthParams.state)return i.oauthParams.newUrl=r,i.oauthParams}}function O(e,t){let n=new URLSearchParams(e),r={};for(let[e,i]of Array.from(n.entries()))t.includes(e)&&(r[e]=i,n.delete(e));return{paramsString:n.toString(),oauthParams:r}}async function k(e){let{code:t,error:r,prompt:a}=e,o=new Date().getTime(),s=(t,r,a)=>{if(o=(o+new Date().getTime())/2,v(c,this,j).call(this,t,r,a,o),_(n,this)&&this.idTokenParsed&&this.idTokenParsed.nonce!==e.storedNonce)throw _(i,this).call(this,`[KEYCLOAK] Invalid nonce, clearing token`),this.clearToken(),Error(`Invalid nonce.`)};if(e.kc_action_status&&this.onActionUpdate&&this.onActionUpdate(e.kc_action_status,e.kc_action),r){if(a!==`none`)if(e.error_description&&e.error_description===`authentication_expired`)await this.login(e.loginOptions);else{let t={error:r,error_description:e.error_description};throw this.onAuthError?.(t),t}return}else this.flow!==`standard`&&(e.access_token||e.id_token)&&(s(e.access_token,void 0,e.id_token),this.onAuthSuccess?.());if(this.flow!==`implicit`&&t)try{let n=await ve(this.endpoints.token(),t,this.clientId,e.redirectUri,e.pkceCodeVerifier);s(n.access_token,n.refresh_token,n.id_token),this.flow===`standard`&&this.onAuthSuccess?.(),v(c,this,A).call(this)}catch(e){throw this.onAuthError?.(),e}}async function A(){_(o,this).enable&&this.token&&(await xe(_(o,this).interval*1e3),await v(c,this,T).call(this)&&await v(c,this,A).call(this))}function j(e,t,n,r){if(this.tokenTimeoutHandle&&=(clearTimeout(this.tokenTimeoutHandle),void 0),t?(this.refreshToken=t,this.refreshTokenParsed=J(t)):(delete this.refreshToken,delete this.refreshTokenParsed),n?(this.idToken=n,this.idTokenParsed=J(n)):(delete this.idToken,delete this.idTokenParsed),e){if(this.token=e,this.tokenParsed=J(e),this.sessionId=this.tokenParsed.sid,this.authenticated=!0,this.subject=this.tokenParsed.sub,this.realmAccess=this.tokenParsed.realm_access,this.resourceAccess=this.tokenParsed.resource_access,r&&(this.timeSkew=Math.floor(r/1e3)-this.tokenParsed.iat),this.timeSkew!==null&&(_(i,this).call(this,`[KEYCLOAK] Estimated time difference between browser and server is `+this.timeSkew+` seconds`),this.onTokenExpired)){let e=(this.tokenParsed.exp-new Date().getTime()/1e3+this.timeSkew)*1e3;_(i,this).call(this,`[KEYCLOAK] Token expires in `+Math.round(e/1e3)+` s`),e<=0?this.onTokenExpired():this.tokenTimeoutHandle=window.setTimeout(this.onTokenExpired,e)}}else delete this.token,delete this.tokenParsed,delete this.subject,delete this.realmAccess,delete this.resourceAccess,this.authenticated=!1}function M(){if(this.authServerUrl!==void 0)return`${Q(this.authServerUrl)}/realms/${encodeURIComponent(this.realm)}`}function N(e){return t=>{this.enableLogging&&e.call(console,t)}}function P(){if(typeof crypto>`u`||crypto.randomUUID===void 0)throw Error(`Web Crypto API is not available.`);return crypto.randomUUID()}function ce(e){return JSON.stringify({id_token:{acr:e}})}function F(e){return L(e,`ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`)}async function I(e,t){if(e!==`S256`)throw TypeError(`Invalid value for 'pkceMethod', expected 'S256' but got '${e}'.`);return fe(new Uint8Array(await pe(t))).replace(/\+/g,`-`).replace(/\//g,`_`).replace(/=/g,``)}function L(e,t){let n=R(e),r=Array(e);for(let i=0;i<e;i++)r[i]=t.charCodeAt(n[i]%t.length);return String.fromCharCode.apply(null,r)}function R(e){if(typeof crypto>`u`||crypto.getRandomValues===void 0)throw Error(`Web Crypto API is not available.`);return crypto.getRandomValues(new Uint8Array(e))}function z(e,t,n){let r,i=new Promise(function(e,i){r=window.setTimeout(function(){i(Error(n||`Promise is not settled within timeout of `+t+`ms`))},t)});return Promise.race([e,i]).finally(function(){clearTimeout(r)})}function B(){try{return new H}catch{return new ue}}const V=`kc-callback-`;var H=(l=new WeakSet,class{constructor(){d(this,l),globalThis.localStorage.setItem(`kc-test`,`test`),globalThis.localStorage.removeItem(`kc-test`)}get(e){if(!e)return null;v(l,this,U).call(this);let t=V+e,n=globalThis.localStorage.getItem(t);return n?(globalThis.localStorage.removeItem(t),JSON.parse(n)):null}add(e){v(l,this,U).call(this);let t=V+e.state,n=JSON.stringify({...e,expires:Date.now()+3600*1e3});try{globalThis.localStorage.setItem(t,n)}catch{v(l,this,W).call(this),globalThis.localStorage.setItem(t,n)}}});function U(){let e=Date.now();for(let[t,n]of v(l,this,G).call(this)){let r=v(l,this,le).call(this,n);(r===null||r<e)&&globalThis.localStorage.removeItem(t)}}function W(){for(let[e]of v(l,this,G).call(this))globalThis.localStorage.removeItem(e)}function G(){return Object.entries(globalThis.localStorage).filter(([e])=>e.startsWith(V))}function le(e){let t;try{t=JSON.parse(e)}catch{return null}return Y(t)&&`expires`in t&&typeof t.expires==`number`?t.expires:null}var ue=(u=new WeakSet,class{constructor(){d(this,u)}get(e){if(!e)return null;let t=v(u,this,de).call(this,V+e);return v(u,this,K).call(this,V+e,``,v(u,this,q).call(this,-100)),t?JSON.parse(t):null}add(e){v(u,this,K).call(this,V+e.state,JSON.stringify(e),v(u,this,q).call(this,60))}});function de(e){let t=e+`=`,n=document.cookie.split(`;`);for(let e=0;e<n.length;e++){let r=n[e];for(;r.charAt(0)===` `;)r=r.substring(1);if(r.indexOf(t)===0)return r.substring(t.length,r.length)}return``}function K(e,t,n){let r=e+`=`+t+`; expires=`+n.toUTCString()+`; `;document.cookie=r}function q(e){let t=new Date;return t.setTime(t.getTime()+e*60*1e3),t}function fe(e){let t=String.fromCodePoint(...e);return btoa(t)}async function pe(e){let t=new TextEncoder().encode(e);if(typeof crypto>`u`||crypto.subtle===void 0)throw Error(`Web Crypto API is not available.`);return await crypto.subtle.digest(`SHA-256`,t)}function J(e){let[,t]=e.split(`.`);if(typeof t!=`string`)throw Error(`Unable to decode token, payload not found.`);let n;try{n=me(t)}catch(e){throw Error(`Unable to decode token, payload is not a valid Base64URL value.`,{cause:e})}try{return JSON.parse(n)}catch(e){throw Error(`Unable to decode token, payload is not a valid JSON value.`,{cause:e})}}function me(e){let t=e.replaceAll(`-`,`+`).replaceAll(`_`,`/`);switch(t.length%4){case 0:break;case 2:t+=`==`;break;case 3:t+=`=`;break;default:throw Error(`Input is not of the correct length.`)}try{return he(t)}catch{return atob(t)}}function he(e){return decodeURIComponent(atob(e).replace(/(.)/g,(e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n=`0`+n),`%`+n}))}function Y(e){return typeof e==`object`&&!!e}async function ge(e){return await X(e)}async function _e(e){return await X(e)}async function ve(e,t,n,r,i){let a=new URLSearchParams([[`code`,t],[`grant_type`,`authorization_code`],[`client_id`,n],[`redirect_uri`,r]]);return i&&a.append(`code_verifier`,i),await X(e,{method:`POST`,credentials:`include`,body:a})}async function ye(e,t,n){return await X(e,{method:`POST`,credentials:`include`,body:new URLSearchParams([[`grant_type`,`refresh_token`],[`refresh_token`,t],[`client_id`,n]])})}async function X(e,t={}){let n=new Headers(t.headers);return n.set(`Accept`,`application/json`),await(await be(e,{...t,headers:n})).json()}async function be(e,t){let n=await fetch(e,t);if(!n.ok)throw new $(`Server responded with an invalid status.`,{response:n});return n}function Z(e){if(!e)throw Error(`Unable to build authorization header, token is not set, make sure the user is authenticated.`);return[`Authorization`,`bearer ${e}`]}function Q(e){return e.endsWith(`/`)?e.slice(0,-1):e}var $=class extends Error{constructor(e,t){super(e,t),f(this,`response`,void 0),this.response=t.response}};const xe=e=>new Promise(t=>setTimeout(t,e));export{te as default}; //# sourceMappingURL=keycloak.DiQe4ZQ4.js.map