angular-auth-oidc-client/bundles/angular-auth-oidc-client.umd.min.js

An OpenID Connect Code Flow with PKCE,Implicit Flow client for Angular

!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("@angular/common"),require("jsrsasign"),require("@angular/common/http"),require("@angular/router"),require("rxjs"),require("@angular/core"),require("rxjs/operators")):"function"==typeof define&&define.amd?define("angular-auth-oidc-client",["exports","@angular/common","jsrsasign","@angular/common/http","@angular/router","rxjs","@angular/core","rxjs/operators"],t):t(e["angular-auth-oidc-client"]={},e.ng.common,e.jsrsasign,e.ng.common.http,e.ng.router,e.rxjs,e.ng.core,e.rxjs.operators)}(this,function(e,t,C,l,i,p,o,f){"use strict";function n(){this.keys=[]}function r(){this.kty="",this.use="",this.kid="",this.x5t="",this.e="",this.n="",this.x5c=[]}var a=function ie(e,t){this.authorizationState=e,this.validationResult=t},u={authorized:"authorized",forbidden:"forbidden",unauthorized:"unauthorized"},c={NotSet:"NotSet",StatesDoNotMatch:"StatesDoNotMatch",SignatureFailed:"SignatureFailed",IncorrectNonce:"IncorrectNonce",RequiredPropertyMissing:"RequiredPropertyMissing",MaxOffsetExpired:"MaxOffsetExpired",IssDoesNotMatchIssuer:"IssDoesNotMatchIssuer",NoAuthWellKnownEndPoints:"NoAuthWellKnownEndPoints",IncorrectAud:"IncorrectAud",TokenExpired:"TokenExpired",IncorrectAtHash:"IncorrectAtHash",Ok:"Ok",LoginRequired:"LoginRequired",SecureTokenServerError:"SecureTokenServerError"},s=function oe(e,t,i,o,n){void 0===e&&(e=""),void 0===t&&(t=""),void 0===i&&(i=!1),void 0===o&&(o={}),void 0===n&&(n=c.NotSet),this.access_token=e,this.id_token=t,this.authResponseIsValid=i,this.decoded_id_token=o,this.state=n},d=(g.prototype.getWellknownEndpoints=function(e){var t=new l.HttpHeaders;return t=t.set("Accept","application/json"),this.httpClient.get(e,{headers:t})},g.prototype.getIdentityUserData=function(e,t){var i=new l.HttpHeaders;return i=(i=i.set("Accept","application/json")).set("Authorization","Bearer "+decodeURIComponent(t)),this.httpClient.get(e,{headers:i})},g.prototype.get=function(e){var t=new l.HttpHeaders;return t=t.set("Accept","application/json"),this.httpClient.get(e,{headers:t})},g.decorators=[{type:o.Injectable}],g.ctorParameters=function(){return[{type:l.HttpClient}]},g);function g(e){this.httpClient=e}var h=function(){return(h=Object.assign||function(e){for(var t,i=1,o=arguments.length;i<o;i++)for(var n in t=arguments[i])Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n]);return e}).apply(this,arguments)};function b(e){var t="function"==typeof Symbol&&e[Symbol.iterator],i=0;return t?t.call(e):{next:function(){return e&&i>=e.length&&(e=void 0),{value:e&&e[i++],done:!e}}}}var _=(Object.defineProperty(v.prototype,"isBrowser",{get:function(){return t.isPlatformBrowser(this.platformId)},enumerable:!0,configurable:!0}),v.decorators=[{type:o.Injectable,args:[{providedIn:"root"}]}],v.ctorParameters=function(){return[{type:Object,decorators:[{type:o.Inject,args:[o.PLATFORM_ID]}]}]},v.ngInjectableDef=o.defineInjectable({factory:function(){return new v(o.inject(o.PLATFORM_ID))},token:v,providedIn:"root"}),v);function v(e){this.platformId=e}var S=(Object.defineProperty(y.prototype,"openIDConfiguration",{get:function(){return this.mergedOpenIdConfiguration},enumerable:!0,configurable:!0}),Object.defineProperty(y.prototype,"wellKnownEndpoints",{get:function(){return this.authWellKnownEndpoints},enumerable:!0,configurable:!0}),Object.defineProperty(y.prototype,"onConfigurationChange",{get:function(){return this.onConfigurationChangeInternal.asObservable()},enumerable:!0,configurable:!0}),y.prototype.setup=function(e,t){this.mergedOpenIdConfiguration=h({},this.mergedOpenIdConfiguration,e),this.setSpecialCases(this.mergedOpenIdConfiguration),this.authWellKnownEndpoints=h({},t),this.onConfigurationChangeInternal.next(h({},this.mergedOpenIdConfiguration))},y.prototype.setSpecialCases=function(e){this.platformProvider.isBrowser||(e.start_checksession=!1,e.silent_renew=!1)},y.decorators=[{type:o.Injectable,args:[{providedIn:"root"}]}],y.ctorParameters=function(){return[{type:_}]},y.ngInjectableDef=o.defineInjectable({factory:function(){return new y(o.inject(_))},token:y,providedIn:"root"}),y);function y(e){this.platformProvider=e,this.DEFAULT_CONFIG={stsServer:"https://please_set",redirect_url:"https://please_set",client_id:"please_set",response_type:"code",scope:"openid email profile",hd_param:"",post_logout_redirect_uri:"https://please_set",start_checksession:!1,silent_renew:!1,silent_renew_url:"https://please_set",silent_renew_offset_in_seconds:0,post_login_route:"/",forbidden_route:"/forbidden",unauthorized_route:"/unauthorized",auto_userinfo:!0,auto_clean_state_after_authentication:!0,trigger_authorization_result_event:!1,log_console_warning_active:!0,log_console_debug_active:!1,iss_validation_off:!1,history_cleanup_off:!1,max_id_token_iat_offset_allowed_in_seconds:3,disable_iat_offset_validation:!1,storage:"undefined"!=typeof Storage?sessionStorage:null},this.INITIAL_AUTHWELLKNOWN={issuer:"",jwks_uri:"",authorization_endpoint:"",token_endpoint:"",userinfo_endpoint:"",end_session_endpoint:"",check_session_iframe:"",revocation_endpoint:"",introspection_endpoint:""},this.mergedOpenIdConfiguration=this.DEFAULT_CONFIG,this.authWellKnownEndpoints=this.INITIAL_AUTHWELLKNOWN,this.onConfigurationChangeInternal=new p.Subject}var m=(k.prototype.logError=function(e){console.error(e)},k.prototype.logWarning=function(e){this.configurationProvider.openIDConfiguration.log_console_warning_active&&console.warn(e)},k.prototype.logDebug=function(e){this.configurationProvider.openIDConfiguration.log_console_debug_active&&console.log(e)},k.decorators=[{type:o.Injectable}],k.ctorParameters=function(){return[{type:S}]},k);function k(e){this.configurationProvider=e}var w=(I.prototype.getExistingIFrame=function(e){var t=this.getIFrameFromParentWindow(e);return t||this.getIFrameFromWindow(e)},I.prototype.addIFrameToWindowBody=function(e){var t=window.document.createElement("iframe");return t.id=e,this.loggerService.logDebug(t),t.style.display="none",window.document.body.appendChild(t),t},I.prototype.getIFrameFromParentWindow=function(e){try{return window.parent.document.getElementById(e)}catch(t){return null}},I.prototype.getIFrameFromWindow=function(e){return window.document.getElementById(e)},I.decorators=[{type:o.Injectable}],I.ctorParameters=function(){return[{type:m}]},I);function I(e){this.loggerService=e}var D=(P.prototype.areEqual=function(e,t){if(!e||!t)return!1;if(this.bothValuesAreArrays(e,t))return this.arraysEqual(e,t);if(this.bothValuesAreStrings(e,t))return e===t;if(this.bothValuesAreObjects(e,t))return JSON.stringify(e).toLowerCase()===JSON.stringify(t).toLowerCase();if(this.oneValueIsStringAndTheOtherIsArray(e,t)){if(Array.isArray(e)&&this.valueIsString(t))return e[0]===t;if(Array.isArray(t)&&this.valueIsString(e))return t[0]===e}},P.prototype.oneValueIsStringAndTheOtherIsArray=function(e,t){return Array.isArray(e)&&this.valueIsString(t)||Array.isArray(t)&&this.valueIsString(e)},P.prototype.bothValuesAreObjects=function(e,t){return this.valueIsObject(e)&&this.valueIsObject(t)},P.prototype.bothValuesAreStrings=function(e,t){return this.valueIsString(e)&&this.valueIsString(t)},P.prototype.bothValuesAreArrays=function(e,t){return Array.isArray(e)&&Array.isArray(t)},P.prototype.valueIsString=function(e){return"string"==typeof e||e instanceof String},P.prototype.valueIsObject=function(e){return"object"==typeof e},P.prototype.arraysEqual=function(e,t){if(e.length!==t.length)return!1;for(var i=e.length;i--;)if(e[i]!==t[i])return!1;return!0},P.decorators=[{type:o.Injectable}],P);function P(){}var E=(z.prototype.getTokenExpirationDate=function(e){if(!e.hasOwnProperty("exp"))return new Date;var t=new Date(0);return t.setUTCSeconds(e.exp),t},z.prototype.getHeaderFromToken=function(e,t){return this.tokenIsValid(e)?this.getPartOfToken(e,0,t):{}},z.prototype.getPayloadFromToken=function(e,t){return this.tokenIsValid(e)?this.getPartOfToken(e,1,t):{}},z.prototype.getSignatureFromToken=function(e,t){return this.tokenIsValid(e)?this.getPartOfToken(e,2,t):{}},z.prototype.getPartOfToken=function(e,t,i){var o=this.extractPartOfToken(e,t);if(i)return o;var n=this.urlBase64Decode(o);return JSON.parse(n)},z.prototype.urlBase64Decode=function(e){var t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw Error("Illegal base64url string!")}var i="undefined"!=typeof window?window.atob(t):new Buffer(t,"base64").toString("binary");try{return decodeURIComponent(i.split("").map(function(e){return"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)}).join(""))}catch(o){return i}},z.prototype.tokenIsValid=function(e){return e?e.includes(".")?e.split(".").length===this.PARTS_OF_TOKEN||(this.loggerService.logError("token '"+e+"' is not valid --\x3e token has t have exact three dots"),!1):(this.loggerService.logError("token '"+e+"' is not valid --\x3e no dots included"),!1):(this.loggerService.logError("token '"+e+"' is not valid --\x3e token falsy"),!1)},z.prototype.extractPartOfToken=function(e,t){return e.split(".")[t]},z.decorators=[{type:o.Injectable}],z.ctorParameters=function(){return[{type:m}]},z);function z(e){this.loggerService=e,this.PARTS_OF_TOKEN=3}var R=(A.decorators=[{type:o.Injectable}],A);function A(){}var O=(T.prototype.read=function(e){if(this.hasStorage)return JSON.parse(this.configProvider.openIDConfiguration.storage.getItem(e+"_"+this.configProvider.openIDConfiguration.client_id))},T.prototype.write=function(e,t){this.hasStorage&&(t=t===undefined?null:t,this.configProvider.openIDConfiguration.storage.setItem(e+"_"+this.configProvider.openIDConfiguration.client_id,JSON.stringify(t)))},T.decorators=[{type:o.Injectable}],T.ctorParameters=function(){return[{type:S}]},T);function T(e){this.configProvider=e,this.hasStorage="undefined"!=typeof Storage}var x=(Object.defineProperty(j.prototype,"authResult",{get:function(){return this.retrieve(this.storage_auth_result)},set:function(e){this.store(this.storage_auth_result,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"accessToken",{get:function(){return this.retrieve(this.storage_access_token)||""},set:function(e){this.store(this.storage_access_token,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"idToken",{get:function(){return this.retrieve(this.storage_id_token)||""},set:function(e){this.store(this.storage_id_token,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"isAuthorized",{get:function(){return this.retrieve(this.storage_is_authorized)},set:function(e){this.store(this.storage_is_authorized,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"userData",{get:function(){return this.retrieve(this.storage_user_data)},set:function(e){this.store(this.storage_user_data,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"authNonce",{get:function(){return this.retrieve(this.storage_auth_nonce)||""},set:function(e){this.store(this.storage_auth_nonce,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"code_verifier",{get:function(){return this.retrieve(this.storage_code_verifier)||""},set:function(e){this.store(this.storage_code_verifier,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"authStateControl",{get:function(){return this.retrieve(this.storage_auth_state_control)||""},set:function(e){this.store(this.storage_auth_state_control,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"sessionState",{get:function(){return this.retrieve(this.storage_session_state)},set:function(e){this.store(this.storage_session_state,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"silentRenewRunning",{get:function(){return this.retrieve(this.storage_silent_renew_running)||""},set:function(e){this.store(this.storage_silent_renew_running,e)},enumerable:!0,configurable:!0}),Object.defineProperty(j.prototype,"customRequestParams",{get:function(){return this.retrieve(this.storage_custom_request_params)},set:function(e){this.store(this.storage_custom_request_params,e)},enumerable:!0,configurable:!0}),j.prototype.retrieve=function(e){return this.oidcSecurityStorage.read(e)},j.prototype.store=function(e,t){this.oidcSecurityStorage.write(e,t)},j.prototype.resetStorageData=function(e){e||(this.store(this.storage_auth_result,""),this.store(this.storage_session_state,""),this.store(this.storage_silent_renew_running,""),this.store(this.storage_is_authorized,!1),this.store(this.storage_access_token,""),this.store(this.storage_id_token,""),this.store(this.storage_user_data,""),this.store(this.storage_code_verifier,""))},j.prototype.getAccessToken=function(){return this.retrieve(this.storage_access_token)},j.prototype.getIdToken=function(){return this.retrieve(this.storage_id_token)},j.decorators=[{type:o.Injectable}],j.ctorParameters=function(){return[{type:R}]},j);function j(e){this.oidcSecurityStorage=e,this.storage_auth_result="authorizationResult",this.storage_access_token="authorizationData",this.storage_id_token="authorizationDataIdToken",this.storage_is_authorized="_isAuthorized",this.storage_user_data="userData",this.storage_auth_nonce="authNonce",this.storage_code_verifier="code_verifier",this.storage_auth_state_control="authStateControl",this.storage_session_state="session_state",this.storage_silent_renew_running="storage_silent_renew_running",this.storage_custom_request_params="storage_custom_request_params"}var W=(U.prototype.isTokenExpired=function(e,t){var i;return i=this.tokenHelperService.getPayloadFromToken(e,!1),!this.validate_id_token_exp_not_expired(i,t)},U.prototype.validate_id_token_exp_not_expired=function(e,t){var i=this.tokenHelperService.getTokenExpirationDate(e);if(t=t||0,!i)return!1;var o=i.valueOf(),n=(new Date).valueOf()+1e3*t,r=n<o;return this.loggerService.logDebug("Token not expired?: "+o+" > "+n+"  ("+r+")"),r},U.prototype.validate_required_id_token=function(e){var t=!0;return e.hasOwnProperty("iss")||(t=!1,this.loggerService.logWarning("iss is missing, this is required in the id_token")),e.hasOwnProperty("sub")||(t=!1,this.loggerService.logWarning("sub is missing, this is required in the id_token")),e.hasOwnProperty("aud")||(t=!1,this.loggerService.logWarning("aud is missing, this is required in the id_token")),e.hasOwnProperty("exp")||(t=!1,this.loggerService.logWarning("exp is missing, this is required in the id_token")),e.hasOwnProperty("iat")||(t=!1,this.loggerService.logWarning("iat is missing, this is required in the id_token")),t},U.prototype.validate_id_token_iat_max_offset=function(e,t,i){if(i)return!0;if(!e.hasOwnProperty("iat"))return!1;var o=new Date(0);return o.setUTCSeconds(e.iat),t=t||0,null!=o&&(this.loggerService.logDebug("validate_id_token_iat_max_offset: "+((new Date).valueOf()-o.valueOf())+" < "+1e3*t),(new Date).valueOf()-o.valueOf()<1e3*t)},U.prototype.validate_id_token_nonce=function(e,t){return e.nonce===t||(this.loggerService.logDebug("Validate_id_token_nonce failed, dataIdToken.nonce: "+e.nonce+" local_nonce:"+t),!1)},U.prototype.validate_id_token_iss=function(e,t){return e.iss===t||(this.loggerService.logDebug("Validate_id_token_iss failed, dataIdToken.iss: "+e.iss+" authWellKnownEndpoints issuer:"+t),!1)},U.prototype.validate_id_token_aud=function(e,t){return e.aud instanceof Array?!!this.arrayHelperService.areEqual(e.aud,t)||(this.loggerService.logDebug("Validate_id_token_aud  array failed, dataIdToken.aud: "+e.aud+" client_id:"+t),!1):e.aud===t||(this.loggerService.logDebug("Validate_id_token_aud failed, dataIdToken.aud: "+e.aud+" client_id:"+t),!1)},U.prototype.validateStateFromHashCallback=function(e,t){return e===t||(this.loggerService.logDebug("ValidateStateFromHashCallback failed, state: "+e+" local_state:"+t),!1)},U.prototype.validate_userdata_sub_id_token=function(e,t){return e===t||(this.loggerService.logDebug("validate_userdata_sub_id_token failed, id_token_sub: "+e+" userdata_sub:"+t),!1)},U.prototype.validate_signature_id_token=function(e,t){var i,o,n,r,s,a;if(!t||!t.keys)return!1;var u=this.tokenHelperService.getHeaderFromToken(e,!1);if(0===Object.keys(u).length&&u.constructor===Object)return this.loggerService.logWarning("id token has no header data"),!1;var c=u.kid;if("RS256"!==u.alg)return this.loggerService.logWarning("Only RS256 supported"),!1;var d=!1;if(u.hasOwnProperty("kid"))try{for(var l=b(t.keys),g=l.next();!g.done;g=l.next())if((S=g.value).kid===c)return y=C.KEYUTIL.getKey(S),(d=C.KJUR.jws.JWS.verify(e,y,["RS256"]))||this.loggerService.logWarning("incorrect Signature, validation failed for id_token"),d}catch(m){s={error:m}}finally{try{g&&!g.done&&(a=l["return"])&&a.call(l)}finally{if(s)throw s.error}}else{var h=0;try{for(var p=b(t.keys),f=p.next();!f.done;f=p.next())"RSA"===(S=f.value).kty&&"sig"===S.use&&(h+=1)}catch(k){i={error:k}}finally{try{f&&!f.done&&(o=p["return"])&&o.call(p)}finally{if(i)throw i.error}}if(0===h)return this.loggerService.logWarning("no keys found, incorrect Signature, validation failed for id_token"),!1;if(1<h)return this.loggerService.logWarning("no ID Token kid claim in JOSE header and multiple supplied in jwks_uri"),!1;try{for(var _=b(t.keys),v=_.next();!v.done;v=_.next()){var S;if("RSA"===(S=v.value).kty&&"sig"===S.use){var y=C.KEYUTIL.getKey(S);return(d=C.KJUR.jws.JWS.verify(e,y,["RS256"]))||this.loggerService.logWarning("incorrect Signature, validation failed for id_token"),d}}}catch(w){n={error:w}}finally{try{v&&!v.done&&(r=_["return"])&&r.call(_)}finally{if(n)throw n.error}}}return d},U.prototype.config_validate_response_type=function(e){return"id_token token"===e||"id_token"===e||"code"===e||(this.loggerService.logWarning("module configure incorrect, invalid response_type:"+e),!1)},U.prototype.validate_id_token_at_hash=function(e,t,i){if(this.loggerService.logDebug("at_hash from the server:"+t),i&&!t)return this.loggerService.logDebug("Code Flow active, and no at_hash in the id_token, skipping check!"),!0;var o=this.generate_at_hash(""+e);if(this.loggerService.logDebug("at_hash client validation not decoded:"+o),o===t)return!0;var n=this.generate_at_hash(""+decodeURIComponent(e));return this.loggerService.logDebug("-gen access--"+n),n===t},U.prototype.generate_at_hash=function(e){var t=C.KJUR.crypto.Util.hashString(e,"sha256"),i=t.substr(0,t.length/2);return C.hextob64u(i)},U.prototype.generate_code_verifier=function(e){var t=C.KJUR.crypto.Util.hashString(e,"sha256");return C.hextob64u(t)},U.decorators=[{type:o.Injectable}],U.ctorParameters=function(){return[{type:D},{type:E},{type:m}]},U);function U(e,t,i){this.arrayHelperService=e,this.tokenHelperService=t,this.loggerService=i}var V=(K.prototype.validateState=function(e,t){var i=new s;if(!this.oidcSecurityValidation.validateStateFromHashCallback(e.state,this.oidcSecurityCommon.authStateControl))return this.loggerService.logWarning("authorizedCallback incorrect state"),i.state=c.StatesDoNotMatch,this.handleUnsuccessfulValidation(),i;if("id_token token"!==this.configurationProvider.openIDConfiguration.response_type&&"code"!==this.configurationProvider.openIDConfiguration.response_type||(i.access_token=e.access_token),i.id_token=e.id_token,i.decoded_id_token=this.tokenHelperService.getPayloadFromToken(i.id_token,!1),!this.oidcSecurityValidation.validate_signature_id_token(i.id_token,t))return this.loggerService.logDebug("authorizedCallback Signature validation failed id_token"),i.state=c.SignatureFailed,this.handleUnsuccessfulValidation(),i;if(!this.oidcSecurityValidation.validate_id_token_nonce(i.decoded_id_token,this.oidcSecurityCommon.authNonce))return this.loggerService.logWarning("authorizedCallback incorrect nonce"),i.state=c.IncorrectNonce,this.handleUnsuccessfulValidation(),i;if(!this.oidcSecurityValidation.validate_required_id_token(i.decoded_id_token))return this.loggerService.logDebug("authorizedCallback Validation, one of the REQUIRED properties missing from id_token"),i.state=c.RequiredPropertyMissing,this.handleUnsuccessfulValidation(),i;if(!this.oidcSecurityValidation.validate_id_token_iat_max_offset(i.decoded_id_token,this.configurationProvider.openIDConfiguration.max_id_token_iat_offset_allowed_in_seconds,this.configurationProvider.openIDConfiguration.disable_iat_offset_validation))return this.loggerService.logWarning("authorizedCallback Validation, iat rejected id_token was issued too far away from the current time"),i.state=c.MaxOffsetExpired,this.handleUnsuccessfulValidation(),i;if(!this.configurationProvider.wellKnownEndpoints)return this.loggerService.logWarning("authWellKnownEndpoints is undefined"),i.state=c.NoAuthWellKnownEndPoints,this.handleUnsuccessfulValidation(),i;if(this.configurationProvider.openIDConfiguration.iss_validation_off)this.loggerService.logDebug("iss validation is turned off, this is not recommended!");else if(!this.configurationProvider.openIDConfiguration.iss_validation_off&&!this.oidcSecurityValidation.validate_id_token_iss(i.decoded_id_token,this.configurationProvider.wellKnownEndpoints.issuer))return this.loggerService.logWarning("authorizedCallback incorrect iss does not match authWellKnownEndpoints issuer"),i.state=c.IssDoesNotMatchIssuer,this.handleUnsuccessfulValidation(),i;return this.oidcSecurityValidation.validate_id_token_aud(i.decoded_id_token,this.configurationProvider.openIDConfiguration.client_id)?this.oidcSecurityValidation.validate_id_token_exp_not_expired(i.decoded_id_token)?"id_token token"!==this.configurationProvider.openIDConfiguration.response_type&&"code"!==this.configurationProvider.openIDConfiguration.response_type?(i.authResponseIsValid=!0,i.state=c.Ok,this.handleSuccessfulValidation(),this.handleUnsuccessfulValidation()):this.oidcSecurityValidation.validate_id_token_at_hash(i.access_token,i.decoded_id_token.at_hash,"code"===this.configurationProvider.openIDConfiguration.response_type)&&i.access_token?(i.authResponseIsValid=!0,i.state=c.Ok,this.handleSuccessfulValidation()):(this.loggerService.logWarning("authorizedCallback incorrect at_hash"),i.state=c.IncorrectAtHash,this.handleUnsuccessfulValidation()):(this.loggerService.logWarning("authorizedCallback token expired"),i.state=c.TokenExpired,this.handleUnsuccessfulValidation()):(this.loggerService.logWarning("authorizedCallback incorrect aud"),i.state=c.IncorrectAud,this.handleUnsuccessfulValidation()),i},K.prototype.handleSuccessfulValidation=function(){this.oidcSecurityCommon.authNonce="",this.configurationProvider.openIDConfiguration.auto_clean_state_after_authentication&&(this.oidcSecurityCommon.authStateControl=""),this.loggerService.logDebug("AuthorizedCallback token(s) validated, continue")},K.prototype.handleUnsuccessfulValidation=function(){this.oidcSecurityCommon.authNonce="",this.configurationProvider.openIDConfiguration.auto_clean_state_after_authentication&&(this.oidcSecurityCommon.authStateControl=""),this.loggerService.logDebug("AuthorizedCallback token(s) invalid")},K.decorators=[{type:o.Injectable}],K.ctorParameters=function(){return[{type:x},{type:W},{type:E},{type:m},{type:S}]},K);function K(e,t,i,o,n){this.oidcSecurityCommon=e,this.oidcSecurityValidation=t,this.tokenHelperService=i,this.loggerService=o,this.configurationProvider=n}var F="myiFrameForCheckSession",H=(Object.defineProperty(N.prototype,"onCheckSessionChanged",{get:function(){return this._onCheckSessionChanged.asObservable()},enumerable:!0,configurable:!0}),N.prototype.doesSessionExist=function(){var e=this.iFrameService.getExistingIFrame(F);return!!e&&(this.sessionIframe=e,!0)},N.prototype.init=function(){var t=this;return this.lastIFrameRefresh+this.iframeRefreshInterval>Date.now()?p.from([this]):(this.doesSessionExist()||(this.sessionIframe=this.iFrameService.addIFrameToWindowBody(F),this.iframeMessageEvent=this.messageHandler.bind(this),window.addEventListener("message",this.iframeMessageEvent,!1)),this.configurationProvider.wellKnownEndpoints?(this.configurationProvider.wellKnownEndpoints.check_session_iframe?this.sessionIframe.contentWindow.location.replace(this.configurationProvider.wellKnownEndpoints.check_session_iframe):this.loggerService.logWarning("init check session: authWellKnownEndpoints is undefined"),p.Observable.create(function(e){t.sessionIframe.onload=function(){t.lastIFrameRefresh=Date.now(),e.next(t),e.complete()}})):void this.loggerService.logWarning("init check session: authWellKnownEndpoints is undefined. Returning."))},N.prototype.startCheckingSession=function(e){this.scheduledHeartBeat||this.pollServerSession(e)},N.prototype.stopCheckingSession=function(){this.scheduledHeartBeat&&this.clearScheduledHeartBeat()},N.prototype.pollServerSession=function(t){var i=this,o=function(){i.init().pipe(f.take(1)).subscribe(function(){if(i.sessionIframe&&t){i.loggerService.logDebug(i.sessionIframe);var e=i.oidcSecurityCommon.sessionState;e?(i.outstandingMessages++,i.sessionIframe.contentWindow.postMessage(t+" "+e,i.configurationProvider.openIDConfiguration.stsServer)):(i.loggerService.logDebug("OidcSecurityCheckSession pollServerSession session_state is blank"),i._onCheckSessionChanged.next())}else i.loggerService.logWarning("OidcSecurityCheckSession pollServerSession sessionIframe does not exist"),i.loggerService.logDebug(t),i.loggerService.logDebug(i.sessionIframe);3<i.outstandingMessages&&(i.loggerService.logError("OidcSecurityCheckSession not receiving check session response messages. Outstanding messages: "+i.outstandingMessages+". Server unreachable?"),i._onCheckSessionChanged.next()),i.scheduledHeartBeat=setTimeout(o,i.heartBeatInterval)})};this.outstandingMessages=0,this.zone.runOutsideAngular(function(){i.scheduledHeartBeat=setTimeout(o,i.heartBeatInterval)})},N.prototype.clearScheduledHeartBeat=function(){clearTimeout(this.scheduledHeartBeat),this.scheduledHeartBeat=null},N.prototype.messageHandler=function(e){this.outstandingMessages=0,this.sessionIframe&&e.origin===this.configurationProvider.openIDConfiguration.stsServer&&e.source===this.sessionIframe.contentWindow&&("error"===e.data?this.loggerService.logWarning("error from checksession messageHandler"):"changed"===e.data?this._onCheckSessionChanged.next():this.loggerService.logDebug(e.data+" from checksession messageHandler"))},N.decorators=[{type:o.Injectable}],N.ctorParameters=function(){return[{type:x},{type:m},{type:w},{type:o.NgZone},{type:S}]},N);function N(e,t,i,o,n){this.oidcSecurityCommon=e,this.loggerService=t,this.iFrameService=i,this.zone=o,this.configurationProvider=n,this.lastIFrameRefresh=0,this.outstandingMessages=0,this.heartBeatInterval=3e3,this.iframeRefreshInterval=6e4,this._onCheckSessionChanged=new p.Subject}var M=(Object.defineProperty(q.prototype,"onConfigurationLoaded",{get:function(){return this.configurationLoadedInternal.asObservable()},enumerable:!0,configurable:!0}),q.prototype.load=function(t){var i=this;return this.httpClient.get(t).pipe(f.switchMap(function(e){return i.loadUsingConfiguration(e)}),f.catchError(function(e){return console.error("OidcConfigService 'load' threw an error on calling "+t,e),i.configurationLoadedInternal.next(undefined),p.of(!1)})).toPromise()},q.prototype.load_using_stsServer=function(e){return this.loadUsingConfiguration({stsServer:e}).toPromise()},q.prototype.load_using_custom_stsServer=function(t){var i=this;return this.httpClient.get(t).pipe(f.switchMap(function(e){return i.configurationLoadedInternal.next({authWellknownEndpoints:e,customConfig:{stsServer:t}}),p.of(!0)}),f.catchError(function(e){return console.error("OidcConfigService 'load_using_custom_stsServer' threw an error on calling "+t,e),i.configurationLoadedInternal.next(undefined),p.of(!1)})).toPromise()},q.prototype.loadUsingConfiguration=function(t){var i=this;if(!t.stsServer)throw console.error("Property 'stsServer' is not present of passed config "+JSON.stringify(t),t),new Error("Property 'stsServer' is not present of passed config "+JSON.stringify(t));var o=t.stsServer+"/.well-known/openid-configuration";return this.httpClient.get(o).pipe(f.switchMap(function(e){return i.configurationLoadedInternal.next({authWellknownEndpoints:e,customConfig:t}),p.of(!0)}),f.catchError(function(e){return console.error("OidcConfigService 'load_using_stsServer' threw an error on calling "+o,e),i.configurationLoadedInternal.next(undefined),p.of(!1)}))},q.decorators=[{type:o.Injectable}],q.ctorParameters=function(){return[{type:l.HttpClient}]},q);function q(e){this.httpClient=e,this.configurationLoadedInternal=new p.ReplaySubject(1)}var B="myiFrameForSilentRenew",L=(J.prototype.initRenew=function(){this.iFrameService.getExistingIFrame(B)||this.iFrameService.addIFrameToWindowBody(B),this.isRenewInitialized=!0},J.prototype.startRenew=function(e){var t=this;return this.isRenewInitialized||this.initRenew(),this.sessionIframe=this.iFrameService.getExistingIFrame(B),this.loggerService.logDebug("startRenew for URL:"+e),this.sessionIframe.contentWindow.location.replace(e),p.Observable.create(function(e){t.sessionIframe.onload=function(){e.next(t),e.complete()}})},J.decorators=[{type:o.Injectable}],J.ctorParameters=function(){return[{type:m},{type:w}]},J);function J(e,t){this.loggerService=e,this.iFrameService=t,this.isRenewInitialized=!1}var G=(Y.prototype.initUserData=function(){var t=this;return this.getIdentityUserData().pipe(f.map(function(e){return t.userData=e}))},Y.prototype.getUserData=function(){if(!this.userData)throw Error("UserData is not set!");return this.userData},Y.prototype.setUserData=function(e){this.userData=e},Y.prototype.getIdentityUserData=function(){var e=this.oidcSecurityCommon.getAccessToken();if(!this.configurationProvider.wellKnownEndpoints)throw this.loggerService.logWarning("init check session: authWellKnownEndpoints is undefined"),Error("authWellKnownEndpoints is undefined");if(!this.configurationProvider.wellKnownEndpoints||!this.configurationProvider.wellKnownEndpoints.userinfo_endpoint)throw this.loggerService.logError("init check session: authWellKnownEndpoints.userinfo_endpoint is undefined; set auto_userinfo = false in config"),Error("authWellKnownEndpoints.userinfo_endpoint is undefined");return this.oidcDataService.getIdentityUserData(this.configurationProvider.wellKnownEndpoints.userinfo_endpoint||"",e)},Y.decorators=[{type:o.Injectable}],Y.ctorParameters=function(){return[{type:d},{type:x},{type:m},{type:S}]},Y);function Y(e,t,i,o){this.oidcDataService=e,this.oidcSecurityCommon=t,this.loggerService=i,this.configurationProvider=o,this.userData=""}var Z=(Q.prototype.encodeKey=function(e){return encodeURIComponent(e)},Q.prototype.encodeValue=function(e){return encodeURIComponent(e)},Q.prototype.decodeKey=function(e){return decodeURIComponent(e)},Q.prototype.decodeValue=function(e){return decodeURIComponent(e)},Q);function Q(){}var X=(Object.defineProperty($.prototype,"onModuleSetup",{get:function(){return this._onModuleSetup.asObservable()},enumerable:!0,configurable:!0}),Object.defineProperty($.prototype,"onAuthorizationResult",{get:function(){return this._onAuthorizationResult.asObservable()},enumerable:!0,configurable:!0}),Object.defineProperty($.prototype,"onCheckSessionChanged",{get:function(){return this._onCheckSessionChanged.asObservable()},enumerable:!0,configurable:!0}),Object.defineProperty($.prototype,"onConfigurationChange",{get:function(){return this.configurationProvider.onConfigurationChange},enumerable:!0,configurable:!0}),$.prototype.setupModule=function(e,t){var i=this;this.configurationProvider.setup(e,t),this.oidcSecurityCheckSession.onCheckSessionChanged.subscribe(function(){i.loggerService.logDebug("onCheckSessionChanged"),i.checkSessionChanged=!0,i._onCheckSessionChanged.next(i.checkSessionChanged)});var o=this.oidcSecurityCommon.userData;o&&this.setUserData(o);var n=this.oidcSecurityCommon.isAuthorized;if(n&&(this.loggerService.logDebug("IsAuthorized setup module"),this.loggerService.logDebug(this.oidcSecurityCommon.idToken),this.oidcSecurityValidation.isTokenExpired(this.oidcSecurityCommon.idToken,this.configurationProvider.openIDConfiguration.silent_renew_offset_in_seconds)?this.loggerService.logDebug("IsAuthorized setup module; id_token isTokenExpired"):(this.loggerService.logDebug("IsAuthorized setup module; id_token is valid"),this.setIsAuthorized(n)),this.runTokenValidation()),this.loggerService.logDebug("STS server: "+this.configurationProvider.openIDConfiguration.stsServer),this._onModuleSetup.next(),this.configurationProvider.openIDConfiguration.silent_renew){this.oidcSecuritySilentRenew.initRenew(),this.boundSilentRenewEvent=this.silentRenewEventHandler.bind(this);var r=Math.random(),s=function(e){e.detail!==r&&(window.removeEventListener("oidc-silent-renew-message",i.boundSilentRenewEvent),window.removeEventListener("oidc-silent-renew-init",s))}.bind(this);window.addEventListener("oidc-silent-renew-init",s,!1),window.addEventListener("oidc-silent-renew-message",this.boundSilentRenewEvent,!1),window.dispatchEvent(new CustomEvent("oidc-silent-renew-init",{detail:r}))}},$.prototype.getUserData=function(){return this._userData.asObservable()},$.prototype.getIsModuleSetup=function(){return this._isModuleSetup.asObservable()},$.prototype.getIsAuthorized=function(){return this._isSetupAndAuthorized},$.prototype.getToken=function(){if(!this._isAuthorized.getValue())return"";var e=this.oidcSecurityCommon.getAccessToken();return decodeURIComponent(e)},$.prototype.getIdToken=function(){if(!this._isAuthorized.getValue())return"";var e=this.oidcSecurityCommon.getIdToken();return decodeURIComponent(e)},$.prototype.getPayloadFromIdToken=function(e){void 0===e&&(e=!1);var t=this.getIdToken();return this.tokenHelperService.getPayloadFromToken(t,e)},$.prototype.setState=function(e){this.oidcSecurityCommon.authStateControl=e},$.prototype.getState=function(){return this.oidcSecurityCommon.authStateControl},$.prototype.setCustomRequestParameters=function(e){this.oidcSecurityCommon.customRequestParams=e},$.prototype.authorize=function(e){if(this.configurationProvider.wellKnownEndpoints&&(this.authWellKnownEndpointsLoaded=!0),this.authWellKnownEndpointsLoaded){if(this.oidcSecurityValidation.config_validate_response_type(this.configurationProvider.openIDConfiguration.response_type)){this.resetAuthorizationData(!1),this.loggerService.logDebug("BEGIN Authorize Code Flow, no auth data");var t=this.oidcSecurityCommon.authStateControl;t||(t=Date.now()+""+Math.random()+Math.random(),this.oidcSecurityCommon.authStateControl=t);var i="N"+Math.random()+Date.now();this.oidcSecurityCommon.authNonce=i,this.loggerService.logDebug("AuthorizedController created. local state: "+this.oidcSecurityCommon.authStateControl);var o="";if("code"===this.configurationProvider.openIDConfiguration.response_type){var n="C"+Math.random()+Date.now()+Date.now()+Math.random(),r=this.oidcSecurityValidation.generate_code_verifier(n);this.oidcSecurityCommon.code_verifier=n,this.configurationProvider.wellKnownEndpoints?o=this.createAuthorizeUrl(!0,r,this.configurationProvider.openIDConfiguration.redirect_url,i,t,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||""):this.loggerService.logError("authWellKnownEndpoints is undefined")}else this.configurationProvider.wellKnownEndpoints?o=this.createAuthorizeUrl(!1,"",this.configurationProvider.openIDConfiguration.redirect_url,i,t,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||""):this.loggerService.logError("authWellKnownEndpoints is undefined");e?e(o):this.redirectTo(o)}}else this.loggerService.logError("Well known endpoints must be loaded before user can login!")},$.prototype.authorizedCallbackWithCode=function(e){var t=e.split("?"),i=new l.HttpParams({fromString:t[1]}),o=i.get("code"),n=i.get("state"),r=i.get("session_state");o&&n&&this.requestTokensWithCode(o,n,r)},$.prototype.requestTokensWithCode=function(e,t,i){var o=this;this._isModuleSetup.pipe(f.filter(function(e){return e}),f.take(1)).subscribe(function(){o.requestTokensWithCodeProcedure(e,t,i)})},$.prototype.requestTokensWithCodeProcedure=function(e,i,o){var n=this,t="";if(this.configurationProvider.wellKnownEndpoints&&this.configurationProvider.wellKnownEndpoints.token_endpoint&&(t=""+this.configurationProvider.wellKnownEndpoints.token_endpoint),this.oidcSecurityValidation.validateStateFromHashCallback(i,this.oidcSecurityCommon.authStateControl)){var r=new l.HttpHeaders;r=r.set("Content-Type","application/x-www-form-urlencoded");var s="grant_type=authorization_code&client_id="+this.configurationProvider.openIDConfiguration.client_id+"&code_verifier="+this.oidcSecurityCommon.code_verifier+"&code="+e+"&redirect_uri="+this.configurationProvider.openIDConfiguration.redirect_url;"running"===this.oidcSecurityCommon.silentRenewRunning&&(s="grant_type=authorization_code&client_id="+this.configurationProvider.openIDConfiguration.client_id+"&code_verifier="+this.oidcSecurityCommon.code_verifier+"&code="+e+"&redirect_uri="+this.configurationProvider.openIDConfiguration.silent_renew_url),this.httpClient.post(t,s,{headers:r}).pipe(f.map(function(e){var t=new Object;(t=e).state=i,t.session_state=o,n.authorizedCodeFlowCallbackProcedure(t)}),f.catchError(function(e){return n.loggerService.logError(e),n.loggerService.logError("OidcService code request "+n.configurationProvider.openIDConfiguration.stsServer),p.of(!1)})).subscribe()}else this.loggerService.logWarning("authorizedCallback incorrect state")},$.prototype.authorizedCodeFlowCallbackProcedure=function(e){var t="running"===this.oidcSecurityCommon.silentRenewRunning;this.loggerService.logDebug("BEGIN authorized Code Flow Callback, no auth data"),this.resetAuthorizationData(t),this.authorizedCallbackProcedure(e,t)},$.prototype.authorizedImplicitFlowCallbackProcedure=function(e){var t="running"===this.oidcSecurityCommon.silentRenewRunning;this.loggerService.logDebug("BEGIN authorizedCallback, no auth data"),this.resetAuthorizationData(t);var i=(e=e||window.location.hash.substr(1)).split("&").reduce(function(e,t){var i=t.split("=");return e[i.shift()]=i.join("="),e},{});this.authorizedCallbackProcedure(i,t)},$.prototype.authorizedImplicitFlowCallback=function(e){var t=this;this._isModuleSetup.pipe(f.filter(function(e){return e}),f.take(1)).subscribe(function(){t.authorizedImplicitFlowCallbackProcedure(e)})},$.prototype.redirectTo=function(e){window.location.href=e},$.prototype.authorizedCallbackProcedure=function(i,o){var n=this;this.oidcSecurityCommon.authResult=i,this.configurationProvider.openIDConfiguration.history_cleanup_off||o?this.loggerService.logDebug("history clean up inactive"):window.history.replaceState({},window.document.title,window.location.origin+window.location.pathname),i.error?(o?this.loggerService.logDebug(i):this.loggerService.logWarning(i),"login_required"===i.error?this._onAuthorizationResult.next(new a(u.unauthorized,c.LoginRequired)):this._onAuthorizationResult.next(new a(u.unauthorized,c.SecureTokenServerError)),this.resetAuthorizationData(!1),this.oidcSecurityCommon.authNonce="",this.configurationProvider.openIDConfiguration.trigger_authorization_result_event||o||this.router.navigate([this.configurationProvider.openIDConfiguration.unauthorized_route])):(this.loggerService.logDebug(i),this.loggerService.logDebug("authorizedCallback created, begin token validation"),this.getSigningKeys().subscribe(function(e){var t=n.getValidatedStateResult(i,e);t.authResponseIsValid?(n.setAuthorizationData(t.access_token,t.id_token),n.oidcSecurityCommon.silentRenewRunning="",n.configurationProvider.openIDConfiguration.auto_userinfo?n.getUserinfo(o,i,t.id_token,t.decoded_id_token).subscribe(function(e){e?(n._onAuthorizationResult.next(new a(u.authorized,t.state)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||o||n.router.navigate([n.configurationProvider.openIDConfiguration.post_login_route])):(n._onAuthorizationResult.next(new a(u.unauthorized,t.state)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||o||n.router.navigate([n.configurationProvider.openIDConfiguration.unauthorized_route]))},function(e){n.loggerService.logWarning("Failed to retreive user info with error: "+JSON.stringify(e))}):(o||(n.oidcSecurityUserService.setUserData(t.decoded_id_token),n.setUserData(n.oidcSecurityUserService.getUserData())),n.runTokenValidation(),n._onAuthorizationResult.next(new a(u.authorized,t.state)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||o||n.router.navigate([n.configurationProvider.openIDConfiguration.post_login_route]))):(n.loggerService.logWarning("authorizedCallback, token(s) validation failed, resetting"),n.loggerService.logWarning(window.location.hash),n.resetAuthorizationData(!1),n.oidcSecurityCommon.silentRenewRunning="",n._onAuthorizationResult.next(new a(u.unauthorized,t.state)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||o||n.router.navigate([n.configurationProvider.openIDConfiguration.unauthorized_route]))},function(e){n.loggerService.logWarning("Failed to retreive siging key with error: "+JSON.stringify(e)),n.oidcSecurityCommon.silentRenewRunning=""}))},$.prototype.getUserinfo=function(e,i,t,o){var n=this;return void 0===e&&(e=!1),i=i||this.oidcSecurityCommon.authResult,t=t||this.oidcSecurityCommon.idToken,o=o||this.tokenHelperService.getPayloadFromToken(t,!1),new p.Observable(function(t){"id_token token"===n.configurationProvider.openIDConfiguration.response_type||"code"===n.configurationProvider.openIDConfiguration.response_type?e&&n._userData.value?(n.oidcSecurityCommon.sessionState=i.session_state,t.next(!0),t.complete()):n.oidcSecurityUserService.initUserData().subscribe(function(){n.loggerService.logDebug("authorizedCallback (id_token token || code) flow");var e=n.oidcSecurityUserService.getUserData();n.oidcSecurityValidation.validate_userdata_sub_id_token(o.sub,e.sub)?(n.setUserData(e),n.loggerService.logDebug(n.oidcSecurityCommon.accessToken),n.loggerService.logDebug(n.oidcSecurityUserService.getUserData()),n.oidcSecurityCommon.sessionState=i.session_state,n.runTokenValidation(),t.next(!0)):(n.loggerService.logWarning("authorizedCallback, User data sub does not match sub in id_token"),n.loggerService.logDebug("authorizedCallback, token(s) validation failed, resetting"),n.resetAuthorizationData(!1),t.next(!1)),t.complete()}):(n.loggerService.logDebug("authorizedCallback id_token flow"),n.loggerService.logDebug(n.oidcSecurityCommon.accessToken),n.oidcSecurityUserService.setUserData(o),n.setUserData(n.oidcSecurityUserService.getUserData()),n.oidcSecurityCommon.sessionState=i.session_state,n.runTokenValidation(),t.next(!0),t.complete())})},$.prototype.logoff=function(e){if(this.loggerService.logDebug("BEGIN Authorize, no auth data"),this.configurationProvider.wellKnownEndpoints)if(this.configurationProvider.wellKnownEndpoints.end_session_endpoint){var t=this.configurationProvider.wellKnownEndpoints.end_session_endpoint,i=this.oidcSecurityCommon.idToken,o=this.createEndSessionUrl(t,i);this.resetAuthorizationData(!1),this.configurationProvider.openIDConfiguration.start_checksession&&this.checkSessionChanged?this.loggerService.logDebug("only local login cleaned up, server session has changed"):e?e(o):this.redirectTo(o)}else this.resetAuthorizationData(!1),this.loggerService.logDebug("only local login cleaned up, no end_session_endpoint");else this.loggerService.logWarning("authWellKnownEndpoints is undefined")},$.prototype.refreshSession=function(){if(!this.configurationProvider.openIDConfiguration.silent_renew)return p.from([!1]);this.loggerService.logDebug("BEGIN refresh session Authorize");var e=this.oidcSecurityCommon.authStateControl;""!==e&&null!==e||(e=Date.now()+""+Math.random()+Math.random(),this.oidcSecurityCommon.authStateControl=e);var t="N"+Math.random()+Date.now();this.oidcSecurityCommon.authNonce=t,this.loggerService.logDebug("RefreshSession created. adding myautostate: "+this.oidcSecurityCommon.authStateControl);var i="";if("code"===this.configurationProvider.openIDConfiguration.response_type){var o="C"+Math.random()+Date.now()+Date.now()+Math.random(),n=this.oidcSecurityValidation.generate_code_verifier(o);this.oidcSecurityCommon.code_verifier=o,this.configurationProvider.wellKnownEndpoints?i=this.createAuthorizeUrl(!0,n,this.configurationProvider.openIDConfiguration.silent_renew_url,t,e,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||"","none"):this.loggerService.logWarning("authWellKnownEndpoints is undefined")}else this.configurationProvider.wellKnownEndpoints?i=this.createAuthorizeUrl(!1,"",this.configurationProvider.openIDConfiguration.silent_renew_url,t,e,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||"","none"):this.loggerService.logWarning("authWellKnownEndpoints is undefined");return this.oidcSecurityCommon.silentRenewRunning="running",this.oidcSecuritySilentRenew.startRenew(i)},$.prototype.handleError=function(e){if(this.loggerService.logError(e),403===e.status||"403"===e.status)this.configurationProvider.openIDConfiguration.trigger_authorization_result_event?this._onAuthorizationResult.next(new a(u.unauthorized,c.NotSet)):this.router.navigate([this.configurationProvider.openIDConfiguration.forbidden_route]);else if(401===e.status||"401"===e.status){var t=this.oidcSecurityCommon.silentRenewRunning;this.resetAuthorizationData(!!t),this.configurationProvider.openIDConfiguration.trigger_authorization_result_event?this._onAuthorizationResult.next(new a(u.unauthorized,c.NotSet)):this.router.navigate([this.configurationProvider.openIDConfiguration.unauthorized_route])}},$.prototype.startCheckingSilentRenew=function(){this.runTokenValidation()},$.prototype.stopCheckingSilentRenew=function(){this._scheduledHeartBeat&&(clearTimeout(this._scheduledHeartBeat),this._scheduledHeartBeat=null,this.runTokenValidationRunning=!1)},$.prototype.resetAuthorizationData=function(e){e||(this.configurationProvider.openIDConfiguration.auto_userinfo&&this.setUserData(""),this.oidcSecurityCommon.resetStorageData(e),this.checkSessionChanged=!1,this.setIsAuthorized(!1))},$.prototype.getEndSessionUrl=function(){if(this.configurationProvider.wellKnownEndpoints&&this.configurationProvider.wellKnownEndpoints.end_session_endpoint){var e=this.configurationProvider.wellKnownEndpoints.end_session_endpoint,t=this.oidcSecurityCommon.idToken;return this.createEndSessionUrl(e,t)}},$.prototype.getValidatedStateResult=function(e,t){return e.error?new s("","",!1,{}):this.stateValidationService.validateState(e,t)},$.prototype.setUserData=function(e){this.oidcSecurityCommon.userData=e,this._userData.next(e)},$.prototype.setIsAuthorized=function(e){this._isAuthorized.next(e)},$.prototype.setAuthorizationData=function(e,t){""!==this.oidcSecurityCommon.accessToken&&(this.oidcSecurityCommon.accessToken=""),this.loggerService.logDebug(e),this.loggerService.logDebug(t),this.loggerService.logDebug("storing to storage, getting the roles"),this.oidcSecurityCommon.accessToken=e,this.oidcSecurityCommon.idToken=t,this.setIsAuthorized(!0),this.oidcSecurityCommon.isAuthorized=!0},$.prototype.createAuthorizeUrl=function(e,t,i,o,n,r,s){var a=r.split("?"),u=a[0],c=new l.HttpParams({fromString:a[1],encoder:new Z});c=(c=(c=(c=(c=(c=c.set("client_id",this.configurationProvider.openIDConfiguration.client_id)).append("redirect_uri",i)).append("response_type",this.configurationProvider.openIDConfiguration.response_type)).append("scope",this.configurationProvider.openIDConfiguration.scope)).append("nonce",o)).append("state",n),e&&(c=(c=c.append("code_challenge",t)).append("code_challenge_method","S256")),s&&(c=c.append("prompt",s)),this.configurationProvider.openIDConfiguration.hd_param&&(c=c.append("hd",this.configurationProvider.openIDConfiguration.hd_param));var d=Object.assign({},this.oidcSecurityCommon.customRequestParams);return Object.keys(d).forEach(function(e){c=c.append(e,d[e].toString())}),u+"?"+c},$.prototype.createEndSessionUrl=function(e,t){var i=e.split("?"),o=i[0],n=new l.HttpParams({fromString:i[1],encoder:new Z});return o+"?"+(n=(n=n.set("id_token_hint",t)).append("post_logout_redirect_uri",this.configurationProvider.openIDConfiguration.post_logout_redirect_uri))},$.prototype.getSigningKeys=function(){return this.configurationProvider.wellKnownEndpoints?(this.loggerService.logDebug("jwks_uri: "+this.configurationProvider.wellKnownEndpoints.jwks_uri),this.oidcDataService.get(this.configurationProvider.wellKnownEndpoints.jwks_uri||"").pipe(f.catchError(this.handleErrorGetSigningKeys))):(this.loggerService.logWarning("getSigningKeys: authWellKnownEndpoints is undefined"),this.oidcDataService.get("undefined").pipe(f.catchError(this.handleErrorGetSigningKeys)))},$.prototype.handleErrorGetSigningKeys=function(e){var t;if(e instanceof Response){var i=e.json()||{},o=JSON.stringify(i);t=e.status+" - "+(e.statusText||"")+" "+o}else t=e.message?e.message:e.toString();return console.error(t),p.throwError(t)},$.prototype.runTokenValidation=function(){var t=this;if(!this.runTokenValidationRunning&&this.configurationProvider.openIDConfiguration.silent_renew){this.runTokenValidationRunning=!0,this.loggerService.logDebug("runTokenValidation silent-renew running");var i=function(){if(t.loggerService.logDebug("silentRenewHeartBeatCheck\r\n\tsilentRenewRunning: "+("running"===t.oidcSecurityCommon.silentRenewRunning)+"\r\n\tidToken: "+!!t.getIdToken()+"\r\n\t_userData.value: "+!!t._userData.value),t._userData.value&&"running"!==t.oidcSecurityCommon.silentRenewRunning&&t.getIdToken()&&t.oidcSecurityValidation.isTokenExpired(t.oidcSecurityCommon.idToken,t.configurationProvider.openIDConfiguration.silent_renew_offset_in_seconds)){if(t.loggerService.logDebug("IsAuthorized: id_token isTokenExpired, start silent renew if active"),t.configurationProvider.openIDConfiguration.silent_renew)return void t.refreshSession().subscribe(function(){t._scheduledHeartBeat=setTimeout(i,3e3)},function(e){t.loggerService.logError("Error: "+e),t._scheduledHeartBeat=setTimeout(i,3e3)});t.resetAuthorizationData(!1)}t._scheduledHeartBeat=setTimeout(i,3e3)}