UNPKG

piral-oidc

Version:

Plugin to integrate authentication using OpenID connect in Piral.

piral.io

smapiot/piral

1 lines • 289 kB
1
var piralOidc=(()=>{var Ar=Object.create;var Be=Object.defineProperty;var kr=Object.getOwnPropertyDescriptor;var Pr=Object.getOwnPropertyNames;var Cr=Object.getPrototypeOf,Tr=Object.prototype.hasOwnProperty;var Rr=(rt,p)=>()=>(p||rt((p={exports:{}}).exports,p),p.exports),Ir=(rt,p)=>{for(var j in p)Be(rt,j,{get:p[j],enumerable:!0})},cr=(rt,p,j,T)=>{if(p&&typeof p=="object"||typeof p=="function")for(let l of Pr(p))!Tr.call(rt,l)&&l!==j&&Be(rt,l,{get:()=>p[l],enumerable:!(T=kr(p,l))||T.enumerable});return rt};var Dr=(rt,p,j)=>(j=rt!=null?Ar(Cr(rt)):{},cr(p||!rt||!rt.__esModule?Be(j,"default",{value:rt,enumerable:!0}):j,rt)),Lr=rt=>cr(Be({},"__esModule",{value:!0}),rt);var hr=Rr((Te,ze)=>{(function(p,j){if(typeof Te=="object"&&typeof ze=="object")ze.exports=j();else if(typeof define=="function"&&define.amd)define([],j);else{var T=j();for(var l in T)(typeof Te=="object"?Te:p)[l]=T[l]}})(Te,function(){return function(rt){var p={};function j(T){if(p[T])return p[T].exports;var l=p[T]={i:T,l:!1,exports:{}};return rt[T].call(l.exports,l,l.exports,j),l.l=!0,l.exports}return j.m=rt,j.c=p,j.d=function(T,l,k){j.o(T,l)||Object.defineProperty(T,l,{enumerable:!0,get:k})},j.r=function(T){typeof Symbol<"u"&&Symbol.toStringTag&&Object.defineProperty(T,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(T,"__esModule",{value:!0})},j.t=function(T,l){if(1&l&&(T=j(T)),8&l||4&l&&typeof T=="object"&&T&&T.__esModule)return T;var k=Object.create(null);if(j.r(k),Object.defineProperty(k,"default",{enumerable:!0,value:T}),2&l&&typeof T!="string")for(var m in T)j.d(k,m,function(a){return T[a]}.bind(null,m));return k},j.n=function(T){var l=T&&T.__esModule?function(){return T.default}:function(){return T};return j.d(l,"a",l),l},j.o=function(T,l){return Object.prototype.hasOwnProperty.call(T,l)},j.p="",j(j.s=22)}([function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0});var T=function(){function a(u,o){for(var d=0;d<o.length;d++){var P=o[d];P.enumerable=P.enumerable||!1,P.configurable=!0,"value"in P&&(P.writable=!0),Object.defineProperty(u,P.key,P)}}return function(u,o,d){return o&&a(u.prototype,o),d&&a(u,d),u}}(),l={debug:function(){},info:function(){},warn:function(){},error:function(){}},k=void 0,m=void 0;(p.Log=function(){function a(){(function(o,d){if(!(o instanceof d))throw new TypeError("Cannot call a class as a function")})(this,a)}return a.reset=function(){m=3,k=l},a.debug=function(){if(m>=4){for(var o=arguments.length,d=Array(o),P=0;P<o;P++)d[P]=arguments[P];k.debug.apply(k,Array.from(d))}},a.info=function(){if(m>=3){for(var o=arguments.length,d=Array(o),P=0;P<o;P++)d[P]=arguments[P];k.info.apply(k,Array.from(d))}},a.warn=function(){if(m>=2){for(var o=arguments.length,d=Array(o),P=0;P<o;P++)d[P]=arguments[P];k.warn.apply(k,Array.from(d))}},a.error=function(){if(m>=1){for(var o=arguments.length,d=Array(o),P=0;P<o;P++)d[P]=arguments[P];k.error.apply(k,Array.from(d))}},T(a,null,[{key:"NONE",get:function(){return 0}},{key:"ERROR",get:function(){return 1}},{key:"WARN",get:function(){return 2}},{key:"INFO",get:function(){return 3}},{key:"DEBUG",get:function(){return 4}},{key:"level",get:function(){return m},set:function(o){if(!(0<=o&&o<=4))throw new Error("Invalid log level");m=o}},{key:"logger",get:function(){return k},set:function(o){if(!o.debug&&o.info&&(o.debug=o.info),!(o.debug&&o.info&&o.warn&&o.error))throw new Error("Invalid logger");k=o}}]),a}()).reset()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0});var T=function(){function a(u,o){for(var d=0;d<o.length;d++){var P=o[d];P.enumerable=P.enumerable||!1,P.configurable=!0,"value"in P&&(P.writable=!0),Object.defineProperty(u,P.key,P)}}return function(u,o,d){return o&&a(u.prototype,o),d&&a(u,d),u}}(),l={setInterval:function(a){function u(o,d){return a.apply(this,arguments)}return u.toString=function(){return a.toString()},u}(function(a,u){return setInterval(a,u)}),clearInterval:function(a){function u(o){return a.apply(this,arguments)}return u.toString=function(){return a.toString()},u}(function(a){return clearInterval(a)})},k=!1,m=null;p.Global=function(){function a(){(function(o,d){if(!(o instanceof d))throw new TypeError("Cannot call a class as a function")})(this,a)}return a._testing=function(){k=!0},a.setXMLHttpRequest=function(o){m=o},T(a,null,[{key:"location",get:function(){if(!k)return location}},{key:"localStorage",get:function(){if(!k&&typeof window<"u")return localStorage}},{key:"sessionStorage",get:function(){if(!k&&typeof window<"u")return sessionStorage}},{key:"XMLHttpRequest",get:function(){if(!k&&typeof window<"u")return m||XMLHttpRequest}},{key:"timer",get:function(){if(!k)return l}}]),a}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.MetadataService=void 0;var T=function(){function u(o,d){for(var P=0;P<d.length;P++){var b=d[P];b.enumerable=b.enumerable||!1,b.configurable=!0,"value"in b&&(b.writable=!0),Object.defineProperty(o,b.key,b)}}return function(o,d,P){return d&&u(o.prototype,d),P&&u(o,P),o}}(),l=j(0),k=j(7);function m(u,o){if(!(u instanceof o))throw new TypeError("Cannot call a class as a function")}var a=".well-known/openid-configuration";p.MetadataService=function(){function u(o){var d=arguments.length>1&&arguments[1]!==void 0?arguments[1]:k.JsonService;if(m(this,u),!o)throw l.Log.error("MetadataService: No settings passed to MetadataService"),new Error("settings");this._settings=o,this._jsonService=new d(["application/jwk-set+json"])}return u.prototype.resetSigningKeys=function(){this._settings=this._settings||{},this._settings.signingKeys=void 0},u.prototype.getMetadata=function(){var d=this;return this._settings.metadata?(l.Log.debug("MetadataService.getMetadata: Returning metadata from settings"),Promise.resolve(this._settings.metadata)):this.metadataUrl?(l.Log.debug("MetadataService.getMetadata: getting metadata from",this.metadataUrl),this._jsonService.getJson(this.metadataUrl).then(function(P){l.Log.debug("MetadataService.getMetadata: json received");var b=d._settings.metadataSeed||{};return d._settings.metadata=Object.assign({},b,P),d._settings.metadata})):(l.Log.error("MetadataService.getMetadata: No authority or metadataUrl configured on settings"),Promise.reject(new Error("No authority or metadataUrl configured on settings")))},u.prototype.getIssuer=function(){return this._getMetadataProperty("issuer")},u.prototype.getAuthorizationEndpoint=function(){return this._getMetadataProperty("authorization_endpoint")},u.prototype.getUserInfoEndpoint=function(){return this._getMetadataProperty("userinfo_endpoint")},u.prototype.getTokenEndpoint=function(){var d=!(arguments.length>0&&arguments[0]!==void 0)||arguments[0];return this._getMetadataProperty("token_endpoint",d)},u.prototype.getCheckSessionIframe=function(){return this._getMetadataProperty("check_session_iframe",!0)},u.prototype.getEndSessionEndpoint=function(){return this._getMetadataProperty("end_session_endpoint",!0)},u.prototype.getRevocationEndpoint=function(){return this._getMetadataProperty("revocation_endpoint",!0)},u.prototype.getKeysEndpoint=function(){return this._getMetadataProperty("jwks_uri",!0)},u.prototype._getMetadataProperty=function(d){var P=arguments.length>1&&arguments[1]!==void 0&&arguments[1];return l.Log.debug("MetadataService.getMetadataProperty for: "+d),this.getMetadata().then(function(b){if(l.Log.debug("MetadataService.getMetadataProperty: metadata recieved"),b[d]===void 0){if(P===!0)return void l.Log.warn("MetadataService.getMetadataProperty: Metadata does not contain optional property "+d);throw l.Log.error("MetadataService.getMetadataProperty: Metadata does not contain property "+d),new Error("Metadata does not contain property "+d)}return b[d]})},u.prototype.getSigningKeys=function(){var d=this;return this._settings.signingKeys?(l.Log.debug("MetadataService.getSigningKeys: Returning signingKeys from settings"),Promise.resolve(this._settings.signingKeys)):this._getMetadataProperty("jwks_uri").then(function(P){return l.Log.debug("MetadataService.getSigningKeys: jwks_uri received",P),d._jsonService.getJson(P).then(function(b){if(l.Log.debug("MetadataService.getSigningKeys: key set received",b),!b.keys)throw l.Log.error("MetadataService.getSigningKeys: Missing keys on keyset"),new Error("Missing keys on keyset");return d._settings.signingKeys=b.keys,d._settings.signingKeys})})},T(u,[{key:"metadataUrl",get:function(){return this._metadataUrl||(this._settings.metadataUrl?this._metadataUrl=this._settings.metadataUrl:(this._metadataUrl=this._settings.authority,this._metadataUrl&&this._metadataUrl.indexOf(a)<0&&(this._metadataUrl[this._metadataUrl.length-1]!=="/"&&(this._metadataUrl+="/"),this._metadataUrl+=a))),this._metadataUrl}}]),u}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.UrlUtility=void 0;var T=j(0),l=j(1);p.UrlUtility=function(){function k(){(function(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")})(this,k)}return k.addQueryParam=function(a,u,o){return a.indexOf("?")<0&&(a+="?"),a[a.length-1]!=="?"&&(a+="&"),a+=encodeURIComponent(u),a+="=",a+=encodeURIComponent(o)},k.parseUrlFragment=function(a){var u=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"#",o=arguments.length>2&&arguments[2]!==void 0?arguments[2]:l.Global;typeof a!="string"&&(a=o.location.href);var d=a.lastIndexOf(u);d>=0&&(a=a.substr(d+1)),u==="?"&&(d=a.indexOf("#"))>=0&&(a=a.substr(0,d));for(var P,b={},H=/([^&=]+)=([^&]*)/g,C=0;P=H.exec(a);)if(b[decodeURIComponent(P[1])]=decodeURIComponent(P[2].replace(/\+/g," ")),C++>50)return T.Log.error("UrlUtility.parseUrlFragment: response exceeded expected number of parameters",a),{error:"Response exceeded expected number of parameters"};for(var A in b)return b;return{}},k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.JoseUtil=void 0;var T=j(26),l=function(m){return m&&m.__esModule?m:{default:m}}(j(33));p.JoseUtil=(0,l.default)({jws:T.jws,KeyUtil:T.KeyUtil,X509:T.X509,crypto:T.crypto,hextob64u:T.hextob64u,b64tohex:T.b64tohex,AllowedSigningAlgs:T.AllowedSigningAlgs})},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.OidcClientSettings=void 0;var T=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(A){return typeof A}:function(A){return A&&typeof Symbol=="function"&&A.constructor===Symbol&&A!==Symbol.prototype?"symbol":typeof A},l=function(){function A(F,O){for(var Y=0;Y<O.length;Y++){var M=O[Y];M.enumerable=M.enumerable||!1,M.configurable=!0,"value"in M&&(M.writable=!0),Object.defineProperty(F,M.key,M)}}return function(F,O,Y){return O&&A(F.prototype,O),Y&&A(F,Y),F}}(),k=j(0),m=j(23),a=j(6),u=j(24),o=j(2);function d(A,F){if(!(A instanceof F))throw new TypeError("Cannot call a class as a function")}var P=".well-known/openid-configuration",b="id_token",H="openid",C="client_secret_post";p.OidcClientSettings=function(){function A(){var F=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},O=F.authority,Y=F.metadataUrl,M=F.metadata,K=F.signingKeys,I=F.metadataSeed,$=F.client_id,et=F.client_secret,ot=F.response_type,B=ot===void 0?b:ot,nt=F.scope,ft=nt===void 0?H:nt,dt=F.redirect_uri,jt=F.post_logout_redirect_uri,xt=F.client_authentication,Zt=xt===void 0?C:xt,Tt=F.prompt,pt=F.display,vt=F.max_age,At=F.ui_locales,Wt=F.acr_values,Vt=F.resource,zt=F.response_mode,$t=F.filterProtocolClaims,he=$t===void 0||$t,ee=F.loadUserInfo,Ut=ee===void 0||ee,Yt=F.staleStateAge,Kt=Yt===void 0?900:Yt,U=F.clockSkew,c=U===void 0?300:U,h=F.clockService,N=h===void 0?new m.ClockService:h,q=F.userInfoJwtIssuer,J=q===void 0?"OP":q,Z=F.mergeClaims,at=Z!==void 0&&Z,lt=F.stateStore,_t=lt===void 0?new a.WebStorageStateStore:lt,yt=F.ResponseValidatorCtor,Pt=yt===void 0?u.ResponseValidator:yt,Mt=F.MetadataServiceCtor,Gt=Mt===void 0?o.MetadataService:Mt,ie=F.extraQueryParams,ht=ie===void 0?{}:ie,kt=F.extraTokenParams,mt=kt===void 0?{}:kt;d(this,A),this._authority=O,this._metadataUrl=Y,this._metadata=M,this._metadataSeed=I,this._signingKeys=K,this._client_id=$,this._client_secret=et,this._response_type=B,this._scope=ft,this._redirect_uri=dt,this._post_logout_redirect_uri=jt,this._client_authentication=Zt,this._prompt=Tt,this._display=pt,this._max_age=vt,this._ui_locales=At,this._acr_values=Wt,this._resource=Vt,this._response_mode=zt,this._filterProtocolClaims=!!he,this._loadUserInfo=!!Ut,this._staleStateAge=Kt,this._clockSkew=c,this._clockService=N,this._userInfoJwtIssuer=J,this._mergeClaims=!!at,this._stateStore=_t,this._validator=new Pt(this),this._metadataService=new Gt(this),this._extraQueryParams=(ht===void 0?"undefined":T(ht))==="object"?ht:{},this._extraTokenParams=(mt===void 0?"undefined":T(mt))==="object"?mt:{}}return A.prototype.getEpochTime=function(){return this._clockService.getEpochTime()},l(A,[{key:"client_id",get:function(){return this._client_id},set:function(O){if(this._client_id)throw k.Log.error("OidcClientSettings.set_client_id: client_id has already been assigned."),new Error("client_id has already been assigned.");this._client_id=O}},{key:"client_secret",get:function(){return this._client_secret}},{key:"response_type",get:function(){return this._response_type}},{key:"scope",get:function(){return this._scope}},{key:"redirect_uri",get:function(){return this._redirect_uri}},{key:"post_logout_redirect_uri",get:function(){return this._post_logout_redirect_uri}},{key:"client_authentication",get:function(){return this._client_authentication}},{key:"prompt",get:function(){return this._prompt}},{key:"display",get:function(){return this._display}},{key:"max_age",get:function(){return this._max_age}},{key:"ui_locales",get:function(){return this._ui_locales}},{key:"acr_values",get:function(){return this._acr_values}},{key:"resource",get:function(){return this._resource}},{key:"response_mode",get:function(){return this._response_mode}},{key:"authority",get:function(){return this._authority},set:function(O){if(this._authority)throw k.Log.error("OidcClientSettings.set_authority: authority has already been assigned."),new Error("authority has already been assigned.");this._authority=O}},{key:"metadataUrl",get:function(){return this._metadataUrl||(this._metadataUrl=this.authority,this._metadataUrl&&this._metadataUrl.indexOf(P)<0&&(this._metadataUrl[this._metadataUrl.length-1]!=="/"&&(this._metadataUrl+="/"),this._metadataUrl+=P)),this._metadataUrl}},{key:"metadata",get:function(){return this._metadata},set:function(O){this._metadata=O}},{key:"metadataSeed",get:function(){return this._metadataSeed},set:function(O){this._metadataSeed=O}},{key:"signingKeys",get:function(){return this._signingKeys},set:function(O){this._signingKeys=O}},{key:"filterProtocolClaims",get:function(){return this._filterProtocolClaims}},{key:"loadUserInfo",get:function(){return this._loadUserInfo}},{key:"staleStateAge",get:function(){return this._staleStateAge}},{key:"clockSkew",get:function(){return this._clockSkew}},{key:"userInfoJwtIssuer",get:function(){return this._userInfoJwtIssuer}},{key:"mergeClaims",get:function(){return this._mergeClaims}},{key:"stateStore",get:function(){return this._stateStore}},{key:"validator",get:function(){return this._validator}},{key:"metadataService",get:function(){return this._metadataService}},{key:"extraQueryParams",get:function(){return this._extraQueryParams},set:function(O){(O===void 0?"undefined":T(O))==="object"?this._extraQueryParams=O:this._extraQueryParams={}}},{key:"extraTokenParams",get:function(){return this._extraTokenParams},set:function(O){(O===void 0?"undefined":T(O))==="object"?this._extraTokenParams=O:this._extraTokenParams={}}}]),A}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.WebStorageStateStore=void 0;var T=j(0),l=j(1);function k(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")}p.WebStorageStateStore=function(){function m(){var a=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},u=a.prefix,o=u===void 0?"oidc.":u,d=a.store,P=d===void 0?l.Global.localStorage:d;k(this,m),this._store=P,this._prefix=o}return m.prototype.set=function(u,o){return T.Log.debug("WebStorageStateStore.set",u),u=this._prefix+u,this._store.setItem(u,o),Promise.resolve()},m.prototype.get=function(u){T.Log.debug("WebStorageStateStore.get",u),u=this._prefix+u;var o=this._store.getItem(u);return Promise.resolve(o)},m.prototype.remove=function(u){T.Log.debug("WebStorageStateStore.remove",u),u=this._prefix+u;var o=this._store.getItem(u);return this._store.removeItem(u),Promise.resolve(o)},m.prototype.getAllKeys=function(){T.Log.debug("WebStorageStateStore.getAllKeys");for(var u=[],o=0;o<this._store.length;o++){var d=this._store.key(o);d.indexOf(this._prefix)===0&&u.push(d.substr(this._prefix.length))}return Promise.resolve(u)},m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.JsonService=void 0;var T=j(0),l=j(1);function k(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")}p.JsonService=function(){function m(){var a=arguments.length>0&&arguments[0]!==void 0?arguments[0]:null,u=arguments.length>1&&arguments[1]!==void 0?arguments[1]:l.Global.XMLHttpRequest,o=arguments.length>2&&arguments[2]!==void 0?arguments[2]:null;k(this,m),a&&Array.isArray(a)?this._contentTypes=a.slice():this._contentTypes=[],this._contentTypes.push("application/json"),o&&this._contentTypes.push("application/jwt"),this._XMLHttpRequest=u,this._jwtHandler=o}return m.prototype.getJson=function(u,o){var d=this;if(!u)throw T.Log.error("JsonService.getJson: No url passed"),new Error("url");return T.Log.debug("JsonService.getJson, url: ",u),new Promise(function(P,b){var H=new d._XMLHttpRequest;H.open("GET",u);var C=d._contentTypes,A=d._jwtHandler;H.onload=function(){if(T.Log.debug("JsonService.getJson: HTTP response received, status",H.status),H.status===200){var F=H.getResponseHeader("Content-Type");if(F){var O=C.find(function(Y){if(F.startsWith(Y))return!0});if(O=="application/jwt")return void A(H).then(P,b);if(O)try{return void P(JSON.parse(H.responseText))}catch(Y){return T.Log.error("JsonService.getJson: Error parsing JSON response",Y.message),void b(Y)}}b(Error("Invalid response Content-Type: "+F+", from URL: "+u))}else b(Error(H.statusText+" ("+H.status+")"))},H.onerror=function(){T.Log.error("JsonService.getJson: network error"),b(Error("Network Error"))},o&&(T.Log.debug("JsonService.getJson: token passed, setting Authorization header"),H.setRequestHeader("Authorization","Bearer "+o)),H.send()})},m.prototype.postForm=function(u,o,d){var P=this;if(!u)throw T.Log.error("JsonService.postForm: No url passed"),new Error("url");return T.Log.debug("JsonService.postForm, url: ",u),new Promise(function(b,H){var C=new P._XMLHttpRequest;C.open("POST",u);var A=P._contentTypes;C.onload=function(){if(T.Log.debug("JsonService.postForm: HTTP response received, status",C.status),C.status!==200){if(C.status===400&&(K=C.getResponseHeader("Content-Type"))&&A.find(function(I){if(K.startsWith(I))return!0}))try{var M=JSON.parse(C.responseText);if(M&&M.error)return T.Log.error("JsonService.postForm: Error from server: ",M.error),void H(new Error(M.error))}catch(I){return T.Log.error("JsonService.postForm: Error parsing JSON response",I.message),void H(I)}H(Error(C.statusText+" ("+C.status+")"))}else{var K;if((K=C.getResponseHeader("Content-Type"))&&A.find(function(I){if(K.startsWith(I))return!0}))try{return void b(JSON.parse(C.responseText))}catch(I){return T.Log.error("JsonService.postForm: Error parsing JSON response",I.message),void H(I)}H(Error("Invalid response Content-Type: "+K+", from URL: "+u))}},C.onerror=function(){T.Log.error("JsonService.postForm: network error"),H(Error("Network Error"))};var F="";for(var O in o){var Y=o[O];Y&&(F.length>0&&(F+="&"),F+=encodeURIComponent(O),F+="=",F+=encodeURIComponent(Y))}C.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),d!==void 0&&C.setRequestHeader("Authorization","Basic "+btoa(d)),C.send(F)})},m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SigninRequest=void 0;var T=j(0),l=j(3),k=j(13);p.SigninRequest=function(){function m(a){var u=a.url,o=a.client_id,d=a.redirect_uri,P=a.response_type,b=a.scope,H=a.authority,C=a.data,A=a.prompt,F=a.display,O=a.max_age,Y=a.ui_locales,M=a.id_token_hint,K=a.login_hint,I=a.acr_values,$=a.resource,et=a.response_mode,ot=a.request,B=a.request_uri,nt=a.extraQueryParams,ft=a.request_type,dt=a.client_secret,jt=a.extraTokenParams,xt=a.skipUserInfo;if(function(Vt,zt){if(!(Vt instanceof zt))throw new TypeError("Cannot call a class as a function")}(this,m),!u)throw T.Log.error("SigninRequest.ctor: No url passed"),new Error("url");if(!o)throw T.Log.error("SigninRequest.ctor: No client_id passed"),new Error("client_id");if(!d)throw T.Log.error("SigninRequest.ctor: No redirect_uri passed"),new Error("redirect_uri");if(!P)throw T.Log.error("SigninRequest.ctor: No response_type passed"),new Error("response_type");if(!b)throw T.Log.error("SigninRequest.ctor: No scope passed"),new Error("scope");if(!H)throw T.Log.error("SigninRequest.ctor: No authority passed"),new Error("authority");var Zt=m.isOidc(P),Tt=m.isCode(P);et||(et=m.isCode(P)?"query":null),this.state=new k.SigninState({nonce:Zt,data:C,client_id:o,authority:H,redirect_uri:d,code_verifier:Tt,request_type:ft,response_mode:et,client_secret:dt,scope:b,extraTokenParams:jt,skipUserInfo:xt}),u=l.UrlUtility.addQueryParam(u,"client_id",o),u=l.UrlUtility.addQueryParam(u,"redirect_uri",d),u=l.UrlUtility.addQueryParam(u,"response_type",P),u=l.UrlUtility.addQueryParam(u,"scope",b),u=l.UrlUtility.addQueryParam(u,"state",this.state.id),Zt&&(u=l.UrlUtility.addQueryParam(u,"nonce",this.state.nonce)),Tt&&(u=l.UrlUtility.addQueryParam(u,"code_challenge",this.state.code_challenge),u=l.UrlUtility.addQueryParam(u,"code_challenge_method","S256"));var pt={prompt:A,display:F,max_age:O,ui_locales:Y,id_token_hint:M,login_hint:K,acr_values:I,resource:$,request:ot,request_uri:B,response_mode:et};for(var vt in pt)pt[vt]&&(u=l.UrlUtility.addQueryParam(u,vt,pt[vt]));for(var At in nt)u=l.UrlUtility.addQueryParam(u,At,nt[At]);this.url=u}return m.isOidc=function(u){return!!u.split(/\s+/g).filter(function(o){return o==="id_token"})[0]},m.isOAuth=function(u){return!!u.split(/\s+/g).filter(function(o){return o==="token"})[0]},m.isCode=function(u){return!!u.split(/\s+/g).filter(function(o){return o==="code"})[0]},m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.State=void 0;var T=function(){function a(u,o){for(var d=0;d<o.length;d++){var P=o[d];P.enumerable=P.enumerable||!1,P.configurable=!0,"value"in P&&(P.writable=!0),Object.defineProperty(u,P.key,P)}}return function(u,o,d){return o&&a(u.prototype,o),d&&a(u,d),u}}(),l=j(0),k=function(u){return u&&u.__esModule?u:{default:u}}(j(14));function m(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")}p.State=function(){function a(){var u=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},o=u.id,d=u.data,P=u.created,b=u.request_type;m(this,a),this._id=o||(0,k.default)(),this._data=d,this._created=typeof P=="number"&&P>0?P:parseInt(Date.now()/1e3),this._request_type=b}return a.prototype.toStorageString=function(){return l.Log.debug("State.toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type})},a.fromStorageString=function(o){return l.Log.debug("State.fromStorageString"),new a(JSON.parse(o))},a.clearStaleState=function(o,d){var P=Date.now()/1e3-d;return o.getAllKeys().then(function(b){l.Log.debug("State.clearStaleState: got keys",b);for(var H=[],C=function(Y){var M=b[Y];F=o.get(M).then(function(K){var I=!1;if(K)try{var $=a.fromStorageString(K);l.Log.debug("State.clearStaleState: got item from key: ",M,$.created),$.created<=P&&(I=!0)}catch(et){l.Log.error("State.clearStaleState: Error parsing state for key",M,et.message),I=!0}else l.Log.debug("State.clearStaleState: no item in storage for key: ",M),I=!0;if(I)return l.Log.debug("State.clearStaleState: removed item for key: ",M),o.remove(M)}),H.push(F)},A=0;A<b.length;A++){var F;C(A)}return l.Log.debug("State.clearStaleState: waiting on promise count:",H.length),Promise.all(H)})},T(a,[{key:"id",get:function(){return this._id}},{key:"data",get:function(){return this._data}},{key:"created",get:function(){return this._created}},{key:"request_type",get:function(){return this._request_type}}]),a}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.OidcClient=void 0;var T=function(){function C(A,F){for(var O=0;O<F.length;O++){var Y=F[O];Y.enumerable=Y.enumerable||!1,Y.configurable=!0,"value"in Y&&(Y.writable=!0),Object.defineProperty(A,Y.key,Y)}}return function(A,F,O){return F&&C(A.prototype,F),O&&C(A,O),A}}(),l=j(0),k=j(5),m=j(12),a=j(8),u=j(34),o=j(35),d=j(36),P=j(13),b=j(9);function H(C,A){if(!(C instanceof A))throw new TypeError("Cannot call a class as a function")}p.OidcClient=function(){function C(){var A=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};H(this,C),A instanceof k.OidcClientSettings?this._settings=A:this._settings=new k.OidcClientSettings(A)}return C.prototype.createSigninRequest=function(){var F=this,O=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},Y=O.response_type,M=O.scope,K=O.redirect_uri,I=O.data,$=O.state,et=O.prompt,ot=O.display,B=O.max_age,nt=O.ui_locales,ft=O.id_token_hint,dt=O.login_hint,jt=O.acr_values,xt=O.resource,Zt=O.request,Tt=O.request_uri,pt=O.response_mode,vt=O.extraQueryParams,At=O.extraTokenParams,Wt=O.request_type,Vt=O.skipUserInfo,zt=arguments[1];l.Log.debug("OidcClient.createSigninRequest");var $t=this._settings.client_id;Y=Y||this._settings.response_type,M=M||this._settings.scope,K=K||this._settings.redirect_uri,et=et||this._settings.prompt,ot=ot||this._settings.display,B=B||this._settings.max_age,nt=nt||this._settings.ui_locales,jt=jt||this._settings.acr_values,xt=xt||this._settings.resource,pt=pt||this._settings.response_mode,vt=vt||this._settings.extraQueryParams,At=At||this._settings.extraTokenParams;var he=this._settings.authority;return a.SigninRequest.isCode(Y)&&Y!=="code"?Promise.reject(new Error("OpenID Connect hybrid flow is not supported")):this._metadataService.getAuthorizationEndpoint().then(function(ee){l.Log.debug("OidcClient.createSigninRequest: Received authorization endpoint",ee);var Ut=new a.SigninRequest({url:ee,client_id:$t,redirect_uri:K,response_type:Y,scope:M,data:I||$,authority:he,prompt:et,display:ot,max_age:B,ui_locales:nt,id_token_hint:ft,login_hint:dt,acr_values:jt,resource:xt,request:Zt,request_uri:Tt,extraQueryParams:vt,extraTokenParams:At,request_type:Wt,response_mode:pt,client_secret:F._settings.client_secret,skipUserInfo:Vt}),Yt=Ut.state;return(zt=zt||F._stateStore).set(Yt.id,Yt.toStorageString()).then(function(){return Ut})})},C.prototype.readSigninResponseState=function(F,O){var Y=arguments.length>2&&arguments[2]!==void 0&&arguments[2];l.Log.debug("OidcClient.readSigninResponseState");var M=this._settings.response_mode==="query"||!this._settings.response_mode&&a.SigninRequest.isCode(this._settings.response_type),K=M?"?":"#",I=new u.SigninResponse(F,K);if(!I.state)return l.Log.error("OidcClient.readSigninResponseState: No state in response"),Promise.reject(new Error("No state in response"));O=O||this._stateStore;var $=Y?O.remove.bind(O):O.get.bind(O);return $(I.state).then(function(et){if(!et)throw l.Log.error("OidcClient.readSigninResponseState: No matching state found in storage"),new Error("No matching state found in storage");return{state:P.SigninState.fromStorageString(et),response:I}})},C.prototype.processSigninResponse=function(F,O){var Y=this;return l.Log.debug("OidcClient.processSigninResponse"),this.readSigninResponseState(F,O,!0).then(function(M){var K=M.state,I=M.response;return l.Log.debug("OidcClient.processSigninResponse: Received state from storage; validating response"),Y._validator.validateSigninResponse(K,I)})},C.prototype.createSignoutRequest=function(){var F=this,O=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},Y=O.id_token_hint,M=O.data,K=O.state,I=O.post_logout_redirect_uri,$=O.extraQueryParams,et=O.request_type,ot=arguments[1];return l.Log.debug("OidcClient.createSignoutRequest"),I=I||this._settings.post_logout_redirect_uri,$=$||this._settings.extraQueryParams,this._metadataService.getEndSessionEndpoint().then(function(B){if(!B)throw l.Log.error("OidcClient.createSignoutRequest: No end session endpoint url returned"),new Error("no end session endpoint");l.Log.debug("OidcClient.createSignoutRequest: Received end session endpoint",B);var nt=new o.SignoutRequest({url:B,id_token_hint:Y,post_logout_redirect_uri:I,data:M||K,extraQueryParams:$,request_type:et}),ft=nt.state;return ft&&(l.Log.debug("OidcClient.createSignoutRequest: Signout request has state to persist"),(ot=ot||F._stateStore).set(ft.id,ft.toStorageString())),nt})},C.prototype.readSignoutResponseState=function(F,O){var Y=arguments.length>2&&arguments[2]!==void 0&&arguments[2];l.Log.debug("OidcClient.readSignoutResponseState");var M=new d.SignoutResponse(F);if(!M.state)return l.Log.debug("OidcClient.readSignoutResponseState: No state in response"),M.error?(l.Log.warn("OidcClient.readSignoutResponseState: Response was error: ",M.error),Promise.reject(new m.ErrorResponse(M))):Promise.resolve({state:void 0,response:M});var K=M.state;O=O||this._stateStore;var I=Y?O.remove.bind(O):O.get.bind(O);return I(K).then(function($){if(!$)throw l.Log.error("OidcClient.readSignoutResponseState: No matching state found in storage"),new Error("No matching state found in storage");return{state:b.State.fromStorageString($),response:M}})},C.prototype.processSignoutResponse=function(F,O){var Y=this;return l.Log.debug("OidcClient.processSignoutResponse"),this.readSignoutResponseState(F,O,!0).then(function(M){var K=M.state,I=M.response;return K?(l.Log.debug("OidcClient.processSignoutResponse: Received state from storage; validating response"),Y._validator.validateSignoutResponse(K,I)):(l.Log.debug("OidcClient.processSignoutResponse: No state from storage; skipping validating response"),I)})},C.prototype.clearStaleState=function(F){return l.Log.debug("OidcClient.clearStaleState"),F=F||this._stateStore,b.State.clearStaleState(F,this.settings.staleStateAge)},T(C,[{key:"_stateStore",get:function(){return this.settings.stateStore}},{key:"_validator",get:function(){return this.settings.validator}},{key:"_metadataService",get:function(){return this.settings.metadataService}},{key:"settings",get:function(){return this._settings}},{key:"metadataService",get:function(){return this._metadataService}}]),C}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.TokenClient=void 0;var T=j(7),l=j(2),k=j(0);function m(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")}p.TokenClient=function(){function a(u){var o=arguments.length>1&&arguments[1]!==void 0?arguments[1]:T.JsonService,d=arguments.length>2&&arguments[2]!==void 0?arguments[2]:l.MetadataService;if(m(this,a),!u)throw k.Log.error("TokenClient.ctor: No settings passed"),new Error("settings");this._settings=u,this._jsonService=new o,this._metadataService=new d(this._settings)}return a.prototype.exchangeCode=function(){var o=this,d=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(d=Object.assign({},d)).grant_type=d.grant_type||"authorization_code",d.client_id=d.client_id||this._settings.client_id,d.client_secret=d.client_secret||this._settings.client_secret,d.redirect_uri=d.redirect_uri||this._settings.redirect_uri;var P=void 0,b=d._client_authentication||this._settings._client_authentication;return delete d._client_authentication,d.code?d.redirect_uri?d.code_verifier?d.client_id?d.client_secret||b!="client_secret_basic"?(b=="client_secret_basic"&&(P=d.client_id+":"+d.client_secret,delete d.client_id,delete d.client_secret),this._metadataService.getTokenEndpoint(!1).then(function(H){return k.Log.debug("TokenClient.exchangeCode: Received token endpoint"),o._jsonService.postForm(H,d,P).then(function(C){return k.Log.debug("TokenClient.exchangeCode: response received"),C})})):(k.Log.error("TokenClient.exchangeCode: No client_secret passed"),Promise.reject(new Error("A client_secret is required"))):(k.Log.error("TokenClient.exchangeCode: No client_id passed"),Promise.reject(new Error("A client_id is required"))):(k.Log.error("TokenClient.exchangeCode: No code_verifier passed"),Promise.reject(new Error("A code_verifier is required"))):(k.Log.error("TokenClient.exchangeCode: No redirect_uri passed"),Promise.reject(new Error("A redirect_uri is required"))):(k.Log.error("TokenClient.exchangeCode: No code passed"),Promise.reject(new Error("A code is required")))},a.prototype.exchangeRefreshToken=function(){var o=this,d=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(d=Object.assign({},d)).grant_type=d.grant_type||"refresh_token",d.client_id=d.client_id||this._settings.client_id,d.client_secret=d.client_secret||this._settings.client_secret;var P=void 0,b=d._client_authentication||this._settings._client_authentication;return delete d._client_authentication,d.refresh_token?d.client_id?(b=="client_secret_basic"&&(P=d.client_id+":"+d.client_secret,delete d.client_id,delete d.client_secret),this._metadataService.getTokenEndpoint(!1).then(function(H){return k.Log.debug("TokenClient.exchangeRefreshToken: Received token endpoint"),o._jsonService.postForm(H,d,P).then(function(C){return k.Log.debug("TokenClient.exchangeRefreshToken: response received"),C})})):(k.Log.error("TokenClient.exchangeRefreshToken: No client_id passed"),Promise.reject(new Error("A client_id is required"))):(k.Log.error("TokenClient.exchangeRefreshToken: No refresh_token passed"),Promise.reject(new Error("A refresh_token is required")))},a}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.ErrorResponse=void 0;var T=j(0);function l(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")}function k(m,a){if(!m)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!a||typeof a!="object"&&typeof a!="function"?m:a}p.ErrorResponse=function(m){function a(){var u=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},o=u.error,d=u.error_description,P=u.error_uri,b=u.state,H=u.session_state;if(l(this,a),!o)throw T.Log.error("No error passed to ErrorResponse"),new Error("error");var C=k(this,m.call(this,d||o));return C.name="ErrorResponse",C.error=o,C.error_description=d,C.error_uri=P,C.state=b,C.session_state=H,C}return function(o,d){if(typeof d!="function"&&d!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof d);o.prototype=Object.create(d&&d.prototype,{constructor:{value:o,enumerable:!1,writable:!0,configurable:!0}}),d&&(Object.setPrototypeOf?Object.setPrototypeOf(o,d):o.__proto__=d)}(a,m),a}(Error)},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SigninState=void 0;var T=function(){function d(P,b){for(var H=0;H<b.length;H++){var C=b[H];C.enumerable=C.enumerable||!1,C.configurable=!0,"value"in C&&(C.writable=!0),Object.defineProperty(P,C.key,C)}}return function(P,b,H){return b&&d(P.prototype,b),H&&d(P,H),P}}(),l=j(0),k=j(9),m=j(4),a=function(P){return P&&P.__esModule?P:{default:P}}(j(14));function u(d,P){if(!(d instanceof P))throw new TypeError("Cannot call a class as a function")}function o(d,P){if(!d)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!P||typeof P!="object"&&typeof P!="function"?d:P}p.SigninState=function(d){function P(){var b=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},H=b.nonce,C=b.authority,A=b.client_id,F=b.redirect_uri,O=b.code_verifier,Y=b.response_mode,M=b.client_secret,K=b.scope,I=b.extraTokenParams,$=b.skipUserInfo;u(this,P);var et=o(this,d.call(this,arguments[0]));if(H===!0?et._nonce=(0,a.default)():H&&(et._nonce=H),O===!0?et._code_verifier=(0,a.default)()+(0,a.default)()+(0,a.default)():O&&(et._code_verifier=O),et.code_verifier){var ot=m.JoseUtil.hashString(et.code_verifier,"SHA256");et._code_challenge=m.JoseUtil.hexToBase64Url(ot)}return et._redirect_uri=F,et._authority=C,et._client_id=A,et._response_mode=Y,et._client_secret=M,et._scope=K,et._extraTokenParams=I,et._skipUserInfo=$,et}return function(H,C){if(typeof C!="function"&&C!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof C);H.prototype=Object.create(C&&C.prototype,{constructor:{value:H,enumerable:!1,writable:!0,configurable:!0}}),C&&(Object.setPrototypeOf?Object.setPrototypeOf(H,C):H.__proto__=C)}(P,d),P.prototype.toStorageString=function(){return l.Log.debug("SigninState.toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type,nonce:this.nonce,code_verifier:this.code_verifier,redirect_uri:this.redirect_uri,authority:this.authority,client_id:this.client_id,response_mode:this.response_mode,client_secret:this.client_secret,scope:this.scope,extraTokenParams:this.extraTokenParams,skipUserInfo:this.skipUserInfo})},P.fromStorageString=function(H){return l.Log.debug("SigninState.fromStorageString"),new P(JSON.parse(H))},T(P,[{key:"nonce",get:function(){return this._nonce}},{key:"authority",get:function(){return this._authority}},{key:"client_id",get:function(){return this._client_id}},{key:"redirect_uri",get:function(){return this._redirect_uri}},{key:"code_verifier",get:function(){return this._code_verifier}},{key:"code_challenge",get:function(){return this._code_challenge}},{key:"response_mode",get:function(){return this._response_mode}},{key:"client_secret",get:function(){return this._client_secret}},{key:"scope",get:function(){return this._scope}},{key:"extraTokenParams",get:function(){return this._extraTokenParams}},{key:"skipUserInfo",get:function(){return this._skipUserInfo}}]),P}(k.State)},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.default=function(){return(T!="undefined"&&T!==null&&T.getRandomValues!==void 0?l:k)().replace(/-/g,"")};var T=typeof window<"u"?window.crypto||window.msCrypto:null;function l(){return("10000000-1000-4000-8000"+-1e11).replace(/[018]/g,function(m){return(m^T.getRandomValues(new Uint8Array(1))[0]&15>>m/4).toString(16)})}function k(){return("10000000-1000-4000-8000"+-1e11).replace(/[018]/g,function(m){return(m^16*Math.random()>>m/4).toString(16)})}rt.exports=p.default},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.User=void 0;var T=function(){function k(m,a){for(var u=0;u<a.length;u++){var o=a[u];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(m,o.key,o)}}return function(m,a,u){return a&&k(m.prototype,a),u&&k(m,u),m}}(),l=j(0);p.User=function(){function k(m){var a=m.id_token,u=m.session_state,o=m.access_token,d=m.refresh_token,P=m.token_type,b=m.scope,H=m.profile,C=m.expires_at,A=m.state;(function(O,Y){if(!(O instanceof Y))throw new TypeError("Cannot call a class as a function")})(this,k),this.id_token=a,this.session_state=u,this.access_token=o,this.refresh_token=d,this.token_type=P,this.scope=b,this.profile=H,this.expires_at=C,this.state=A}return k.prototype.toStorageString=function(){return l.Log.debug("User.toStorageString"),JSON.stringify({id_token:this.id_token,session_state:this.session_state,access_token:this.access_token,refresh_token:this.refresh_token,token_type:this.token_type,scope:this.scope,profile:this.profile,expires_at:this.expires_at})},k.fromStorageString=function(a){return l.Log.debug("User.fromStorageString"),new k(JSON.parse(a))},T(k,[{key:"expires_in",get:function(){if(this.expires_at){var a=parseInt(Date.now()/1e3);return this.expires_at-a}},set:function(a){var u=parseInt(a);if(typeof u=="number"&&u>0){var o=parseInt(Date.now()/1e3);this.expires_at=o+u}}},{key:"expired",get:function(){var a=this.expires_in;if(a!==void 0)return a<=0}},{key:"scopes",get:function(){return(this.scope||"").split(" ")}}]),k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.AccessTokenEvents=void 0;var T=j(0),l=j(46);function k(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")}p.AccessTokenEvents=function(){function m(){var a=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},u=a.accessTokenExpiringNotificationTime,o=u===void 0?60:u,d=a.accessTokenExpiringTimer,P=d===void 0?new l.Timer("Access token expiring"):d,b=a.accessTokenExpiredTimer,H=b===void 0?new l.Timer("Access token expired"):b;k(this,m),this._accessTokenExpiringNotificationTime=o,this._accessTokenExpiring=P,this._accessTokenExpired=H}return m.prototype.load=function(u){if(u.access_token&&u.expires_in!==void 0){var o=u.expires_in;if(T.Log.debug("AccessTokenEvents.load: access token present, remaining duration:",o),o>0){var d=o-this._accessTokenExpiringNotificationTime;d<=0&&(d=1),T.Log.debug("AccessTokenEvents.load: registering expiring timer in:",d),this._accessTokenExpiring.init(d)}else T.Log.debug("AccessTokenEvents.load: canceling existing expiring timer becase we're past expiration."),this._accessTokenExpiring.cancel();var P=o+1;T.Log.debug("AccessTokenEvents.load: registering expired timer in:",P),this._accessTokenExpired.init(P)}else this._accessTokenExpiring.cancel(),this._accessTokenExpired.cancel()},m.prototype.unload=function(){T.Log.debug("AccessTokenEvents.unload: canceling existing access token timers"),this._accessTokenExpiring.cancel(),this._accessTokenExpired.cancel()},m.prototype.addAccessTokenExpiring=function(u){this._accessTokenExpiring.addHandler(u)},m.prototype.removeAccessTokenExpiring=function(u){this._accessTokenExpiring.removeHandler(u)},m.prototype.addAccessTokenExpired=function(u){this._accessTokenExpired.addHandler(u)},m.prototype.removeAccessTokenExpired=function(u){this._accessTokenExpired.removeHandler(u)},m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.Event=void 0;var T=j(0);p.Event=function(){function l(k){(function(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")})(this,l),this._name=k,this._callbacks=[]}return l.prototype.addHandler=function(m){this._callbacks.push(m)},l.prototype.removeHandler=function(m){var a=this._callbacks.findIndex(function(u){return u===m});a>=0&&this._callbacks.splice(a,1)},l.prototype.raise=function(){T.Log.debug("Event: Raising event: "+this._name);for(var m=0;m<this._callbacks.length;m++){var a;(a=this._callbacks)[m].apply(a,arguments)}},l}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SessionMonitor=void 0;var T=function(){function u(o,d){for(var P=0;P<d.length;P++){var b=d[P];b.enumerable=b.enumerable||!1,b.configurable=!0,"value"in b&&(b.writable=!0),Object.defineProperty(o,b.key,b)}}return function(o,d,P){return d&&u(o.prototype,d),P&&u(o,P),o}}(),l=j(0),k=j(19),m=j(1);function a(u,o){if(!(u instanceof o))throw new TypeError("Cannot call a class as a function")}p.SessionMonitor=function(){function u(o){var d=this,P=arguments.length>1&&arguments[1]!==void 0?arguments[1]:k.CheckSessionIFrame,b=arguments.length>2&&arguments[2]!==void 0?arguments[2]:m.Global.timer;if(a(this,u),!o)throw l.Log.error("SessionMonitor.ctor: No user manager passed to SessionMonitor"),new Error("userManager");this._userManager=o,this._CheckSessionIFrameCtor=P,this._timer=b,this._userManager.events.addUserLoaded(this._start.bind(this)),this._userManager.events.addUserUnloaded(this._stop.bind(this)),Promise.resolve(this._userManager.getUser().then(function(H){H?d._start(H):d._settings.monitorAnonymousSession&&d._userManager.querySessionStatus().then(function(C){var A={session_state:C.session_state};C.sub&&C.sid&&(A.profile={sub:C.sub,sid:C.sid}),d._start(A)}).catch(function(C){l.Log.error("SessionMonitor ctor: error from querySessionStatus:",C.message)})}).catch(function(H){l.Log.error("SessionMonitor ctor: error from getUser:",H.message)}))}return u.prototype._start=function(d){var P=this,b=d.session_state;b&&(d.profile?(this._sub=d.profile.sub,this._sid=d.profile.sid,l.Log.debug("SessionMonitor._start: session_state:",b,", sub:",this._sub)):(this._sub=void 0,this._sid=void 0,l.Log.debug("SessionMonitor._start: session_state:",b,", anonymous user")),this._checkSessionIFrame?this._checkSessionIFrame.start(b):this._metadataService.getCheckSessionIframe().then(function(H){if(H){l.Log.debug("SessionMonitor._start: Initializing check session iframe");var C=P._client_id,A=P._checkSessionInterval,F=P._stopCheckSessionOnError;P._checkSessionIFrame=new P._CheckSessionIFrameCtor(P._callback.bind(P),C,H,A,F),P._checkSessionIFrame.load().then(function(){P._checkSessionIFrame.start(b)})}else l.Log.warn("SessionMonitor._start: No check session iframe found in the metadata")}).catch(function(H){l.Log.error("SessionMonitor._start: Error from getCheckSessionIframe:",H.message)}))},u.prototype._stop=function(){var d=this;if(this._sub=void 0,this._sid=void 0,this._checkSessionIFrame&&(l.Log.debug("SessionMonitor._stop"),this._checkSessionIFrame.stop()),this._settings.monitorAnonymousSession)var P=this._timer.setInterval(function(){d._timer.clearInterval(P),d._userManager.querySessionStatus().then(function(b){var H={session_state:b.session_state};b.sub&&b.sid&&(H.profile={sub:b.sub,sid:b.sid}),d._start(H)}).catch(function(b){l.Log.error("SessionMonitor: error from querySessionStatus:",b.message)})},1e3)},u.prototype._callback=function(){var d=this;this._userManager.querySessionStatus().then(function(P){var b=!0;P?P.sub===d._sub?(b=!1,d._checkSessionIFrame.start(P.session_state),P.sid===d._sid?l.Log.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",P.session_state):(l.Log.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",P.session_state),d._userManager.events._raiseUserSessionChanged())):l.Log.debug("SessionMonitor._callback: Different subject signed into OP:",P.sub):l.Log.debug("SessionMonitor._callback: Subject no longer signed into OP"),b&&(d._sub?(l.Log.debug("SessionMonitor._callback: SessionMonitor._callback; raising signed out event"),d._userManager.events._raiseUserSignedOut()):(l.Log.debug("SessionMonitor._callback: SessionMonitor._callback; raising signed in event"),d._userManager.events._raiseUserSignedIn()))}).catch(function(P){d._sub&&(l.Log.debug("SessionMonitor._callback: Error calling queryCurrentSigninSession; raising signed out event",P.message),d._userManager.events._raiseUserSignedOut())})},T(u,[{key:"_settings",get:function(){return this._userManager.settings}},{key:"_metadataService",get:function(){return this._userManager.metadataService}},{key:"_client_id",get:function(){return this._settings.client_id}},{key:"_checkSessionInterval",get:function(){return this._settings.checkSessionInterval}},{key:"_stopCheckSessionOnError",get:function(){return this._settings.stopCheckSessionOnError}}]),u}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.CheckSessionIFrame=void 0;var T=j(0);function l(k,m){if(!(k instanceof m))throw new TypeError("Cannot call a class as a function")}p.CheckSessionIFrame=function(){function k(m,a,u,o){var d=!(arguments.length>4&&arguments[4]!==void 0)||arguments[4];l(this,k),this._callback=m,this._client_id=a,this._url=u,this._interval=o||2e3,this._stopOnError=d;var P=u.indexOf("/",u.indexOf("//")+2);this._frame_origin=u.substr(0,P),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=u}return k.prototype.load=function(){var a=this;return new Promise(function(u){a._frame.onload=function(){u()},window.document.body.appendChild(a._frame),a._boundMessageEvent=a._message.bind(a),window.addEventListener("message",a._boundMessageEvent,!1)})},k.prototype._message=function(a){a.origin===this._frame_origin&&a.source===this._frame.contentWindow&&(a.data==="error"?(T.Log.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):a.data==="changed"?(T.Log.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):T.Log.debug("CheckSessionIFrame: "+a.data+" message from check session op iframe"))},k.prototype.start=function(a){var u=this;if(this._session_state!==a){T.Log.debug("CheckSessionIFrame.start"),this.stop(),this._session_state=a;var o=function(){u._frame.contentWindow.postMessage(u._client_id+" "+u._session_state,u._frame_origin)};o(),this._timer=window.setInterval(o,this._interval)}},k.prototype.stop=function(){this._session_state=null,this._timer&&(T.Log.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)},k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.TokenRevocationClient=void 0;var T=j(0),l=j(2),k=j(1);function m(o,d){if(!(o instanceof d))throw new TypeError("Cannot call a class as a function")}var a="access_token",u="refresh_token";p.TokenRevocationClient=function(){function o(d){var P=arguments.length>1&&arguments[1]!==void 0?arguments[1]:k.Global.XMLHttpRequest,b=arguments.length>2&&arguments[2]!==void 0?arguments[2]:l.MetadataService;if(m(this,o),!d)throw T.Log.error("TokenRevocationClient.ctor: No settings provided"),new Error("No settings provided.");this._settings=d,this._XMLHttpRequestCtor=P,this._metadataService=new b(this._settings)}return o.prototype.revoke=function(P,b){var H=this,C=arguments.length>2&&arguments[2]!==void 0?arguments[2]:"access_token";if(!P)throw T.Log.error("TokenRevocationClient.revoke: No token provided"),new Error("No token provided.");i