angular-auth-oidc-client
Advanced tools
Comparing version 1.0.0 to 1.0.1
@@ -131,3 +131,2 @@ (function (global, factory) { | ||
| ]; }; | ||
| var encode = require('base64url').encode; | ||
| var OidcSecurityValidation = (function () { | ||
@@ -134,0 +133,0 @@ /** |
@@ -1,2 +0,2 @@ | ||
| !function(global,factory){"object"==typeof exports&&"undefined"!=typeof module?factory(exports,require("@angular/core"),require("@angular/http"),require("rxjs/add/operator/map"),require("rxjs/add/operator/catch"),require("rxjs/Rx"),require("@angular/router"),require("jsrsasign"),require("rxjs/Observable"),require("rxjs/add/observable/throw"),require("rxjs/add/observable/interval"),require("rxjs/add/observable/timer")):"function"==typeof define&&define.amd?define(["exports","@angular/core","@angular/http","rxjs/add/operator/map","rxjs/add/operator/catch","rxjs/Rx","@angular/router","jsrsasign","rxjs/Observable","rxjs/add/observable/throw","rxjs/add/observable/interval","rxjs/add/observable/timer"],factory):factory((global.ng=global.ng||{},global.ng.angularAuthOidcClient=global.ng.angularAuthOidcClient||{}),global.ng.core,global.ng.http,global.Rx,global.Rx,global.Rx,global.ng.router,global.jsrsasign,global.Rx)}(this,function(exports,_angular_core,_angular_http,rxjs_add_operator_map,rxjs_add_operator_catch,rxjs_Rx,_angular_router,jsrsasign,rxjs_Observable){"use strict";var AuthConfiguration=function(){function AuthConfiguration(){this.stsServer="https://localhost:44318",this.redirect_url="https://localhost:44311",this.client_id="angularclient",this.response_type="id_token token",this.resource="",this.scope="openid email profile",this.post_logout_redirect_uri="https://localhost:44311/Unauthorized",this.start_checksession=!1,this.silent_renew=!0,this.startup_route="/dataeventrecords/list",this.forbidden_route="/Forbidden",this.unauthorized_route="/Unauthorized",this.log_console_warning_active=!0,this.log_console_debug_active=!1,this.max_id_token_iat_offset_allowed_in_seconds=3,this.override_well_known_configuration=!1,this.override_well_known_configuration_url="https://localhost:44386/wellknownconfiguration.json"}return AuthConfiguration}();AuthConfiguration.decorators=[{type:_angular_core.Injectable}],AuthConfiguration.ctorParameters=function(){return[]};var OidcSecurityCommon=function(){function OidcSecurityCommon(authConfiguration){this.authConfiguration=authConfiguration,this.storage_access_token="authorizationData",this.storage_id_token="authorizationDataIdToken",this.storage_is_authorized="_isAuthorized",this.storage_user_data="userData",this.storage_auth_nonce="authNonce",this.storage_auth_state_control="authStateControl",this.storage_well_known_endpoints="wellknownendpoints","undefined"!=typeof Storage&&(this.storage=sessionStorage)}return OidcSecurityCommon.prototype.retrieve=function(key){if(this.storage)return JSON.parse(this.storage.getItem(key))},OidcSecurityCommon.prototype.store=function(key,value){this.storage&&this.storage.setItem(key,JSON.stringify(value))},OidcSecurityCommon.prototype.resetStorageData=function(){this.store(this.storage_access_token,""),this.store(this.storage_id_token,""),this.store(this.storage_is_authorized,!1),this.store(this.storage_user_data,"")},OidcSecurityCommon.prototype.getAccessToken=function(){return this.retrieve(this.storage_access_token)},OidcSecurityCommon.prototype.logError=function(message){console.error(message)},OidcSecurityCommon.prototype.logWarning=function(message){this.authConfiguration.log_console_warning_active&&console.warn(message)},OidcSecurityCommon.prototype.logDebug=function(message){this.authConfiguration.log_console_debug_active&&console.log(message)},OidcSecurityCommon}();OidcSecurityCommon.decorators=[{type:_angular_core.Injectable}],OidcSecurityCommon.ctorParameters=function(){return[{type:AuthConfiguration}]};var OidcSecurityValidation=(require("base64url").encode,function(){function OidcSecurityValidation(oidcSecurityCommon){this.oidcSecurityCommon=oidcSecurityCommon}return OidcSecurityValidation.prototype.isTokenExpired=function(token,offsetSeconds){var decoded;return decoded=this.getPayloadFromToken(token,!1),!this.validate_id_token_exp_not_expired(decoded,offsetSeconds)},OidcSecurityValidation.prototype.validate_id_token_exp_not_expired=function(decoded_id_token,offsetSeconds){var tokenExpirationDate=this.getTokenExpirationDate(decoded_id_token);return offsetSeconds=offsetSeconds||0,null!=tokenExpirationDate&&tokenExpirationDate.valueOf()>(new Date).valueOf()+1e3*offsetSeconds},OidcSecurityValidation.prototype.validate_required_id_token=function(dataIdToken){var validated=!0;return dataIdToken.hasOwnProperty("iss")||(validated=!1,this.oidcSecurityCommon.logWarning("iss missing, validatation REQUIRED prorpeties in id_token")),dataIdToken.hasOwnProperty("sub")||(validated=!1,this.oidcSecurityCommon.logWarning("sub missing, validatation REQUIRED prorpeties in id_token")),dataIdToken.hasOwnProperty("aud")||(validated=!1,this.oidcSecurityCommon.logWarning("aud missing, validatation REQUIRED prorpeties in id_token")),dataIdToken.hasOwnProperty("exp")||(validated=!1,this.oidcSecurityCommon.logWarning("exp missing, validatation REQUIRED prorpeties in id_token")),dataIdToken.hasOwnProperty("iat")||(validated=!1,this.oidcSecurityCommon.logWarning("iat missing, validatation REQUIRED prorpeties in id_token")),validated},OidcSecurityValidation.prototype.validate_id_token_iat_max_offset=function(dataIdToken,max_offset_allowed_in_seconds){if(!dataIdToken.hasOwnProperty("iat"))return!1;var dateTime_iat_id_token=new Date(0);return dateTime_iat_id_token.setUTCSeconds(dataIdToken.iat),max_offset_allowed_in_seconds=max_offset_allowed_in_seconds||0,null!=dateTime_iat_id_token&&(this.oidcSecurityCommon.logDebug("validate_id_token_iat_max_offset: "+((new Date).valueOf()-dateTime_iat_id_token.valueOf())+" < "+1e3*max_offset_allowed_in_seconds),(new Date).valueOf()-dateTime_iat_id_token.valueOf()<1e3*max_offset_allowed_in_seconds)},OidcSecurityValidation.prototype.validate_id_token_nonce=function(dataIdToken,local_nonce){return dataIdToken.nonce===local_nonce||(this.oidcSecurityCommon.logDebug("Validate_id_token_nonce failed, dataIdToken.nonce: "+dataIdToken.nonce+" local_nonce:"+local_nonce),!1)},OidcSecurityValidation.prototype.validate_id_token_iss=function(dataIdToken,authWellKnownEndpoints_issuer){return dataIdToken.iss==authWellKnownEndpoints_issuer||(this.oidcSecurityCommon.logDebug("Validate_id_token_iss failed, dataIdToken.iss: "+dataIdToken.iss+" authWellKnownEndpoints issuer:"+authWellKnownEndpoints_issuer),!1)},OidcSecurityValidation.prototype.validate_id_token_aud=function(dataIdToken,aud){return dataIdToken.aud==aud||(this.oidcSecurityCommon.logDebug("Validate_id_token_aud failed, dataIdToken.aud: "+dataIdToken.aud+" client_id:"+aud),!1)},OidcSecurityValidation.prototype.validateStateFromHashCallback=function(state,local_state){return state==local_state||(this.oidcSecurityCommon.logDebug("ValidateStateFromHashCallback failed, state: "+state+" local_state:"+local_state),!1)},OidcSecurityValidation.prototype.validate_userdata_sub_id_token=function(id_token_sub,userdata_sub){return id_token_sub==userdata_sub||(this.oidcSecurityCommon.logDebug("validate_userdata_sub_id_token failed, id_token_sub: "+id_token_sub+" userdata_sub:"+userdata_sub),!1)},OidcSecurityValidation.prototype.getPayloadFromToken=function(token,encode){var data={};if(void 0!==token){var encoded=token.split(".")[1];if(encode)return encoded;data=JSON.parse(this.urlBase64Decode(encoded))}return data},OidcSecurityValidation.prototype.getHeaderFromToken=function(token,encode){var data={};if(void 0!==token){var encoded=token.split(".")[0];if(encode)return encoded;data=JSON.parse(this.urlBase64Decode(encoded))}return data},OidcSecurityValidation.prototype.getSignatureFromToken=function(token,encode){var data={};if(void 0!==token){var encoded=token.split(".")[2];if(encode)return encoded;data=JSON.parse(this.urlBase64Decode(encoded))}return data},OidcSecurityValidation.prototype.validate_signature_id_token=function(id_token,jwtkeys){if(!jwtkeys||!jwtkeys.keys)return!1;var header_data=this.getHeaderFromToken(id_token,!1);if(!this.validate_no_kid_in_header_only_one_allowed_in_jwtkeys(header_data,jwtkeys))return this.oidcSecurityCommon.logWarning("no ID Token kid claim in JOSE header and multiple supplied in jwks_uri"),!1;var kid=header_data.kid;if("RS256"!=header_data.alg)return this.oidcSecurityCommon.logWarning("Only RS256 supported"),!1;var isValid=!1;if(header_data.hasOwnProperty("kid"))for(var _b=0,_c=jwtkeys.keys;_b<_c.length;_b++){var key=_c[_b];if(key.kid==kid){var publickey=jsrsasign.KEYUTIL.getKey(key);return isValid=jsrsasign.KJUR.jws.JWS.verify(id_token,publickey,["RS256"]),isValid||this.oidcSecurityCommon.logWarning("incorrect Signature, validation failed for id_token"),isValid}}else for(var _i=0,_a=jwtkeys.keys;_i<_a.length;_i++){var key=_a[_i],publickey=jsrsasign.KEYUTIL.getKey(key);return isValid=jsrsasign.KJUR.jws.JWS.verify(id_token,publickey,["RS256"]),isValid||this.oidcSecurityCommon.logWarning("incorrect Signature, validation failed for id_token"),isValid}return isValid},OidcSecurityValidation.prototype.config_validate_response_type=function(response_type){return"id_token token"===response_type||"id_token"===response_type||(this.oidcSecurityCommon.logWarning("module configure incorrect, invalid response_type:"+response_type),!1)},OidcSecurityValidation.prototype.validate_no_kid_in_header_only_one_allowed_in_jwtkeys=function(header_data,jwtkeys){return this.oidcSecurityCommon.logDebug("amount of jwtkeys.keys: "+jwtkeys.keys.length),!(!header_data.hasOwnProperty("kid")&&1!=jwtkeys.keys.length)||(this.oidcSecurityCommon.logDebug("jwtkeys.keys.length != 1 and no kid in header"),!1)},OidcSecurityValidation.prototype.validate_id_token_at_hash=function(access_token,at_hash){this.oidcSecurityCommon.logDebug("From the server:"+at_hash);var testdata=this.generate_at_hash(""+access_token);if(this.oidcSecurityCommon.logDebug("client validation not decoded:"+testdata),testdata==at_hash)return!0;var testValue=this.generate_at_hash(""+decodeURIComponent(access_token));return this.oidcSecurityCommon.logDebug("-gen access--"+testValue),testValue==at_hash},OidcSecurityValidation.prototype.generate_at_hash=function(access_token){var hash=jsrsasign.KJUR.crypto.Util.hashString(access_token,"sha256"),first128bits=hash.substr(0,hash.length/2);return jsrsasign.hextob64u(first128bits)},OidcSecurityValidation.prototype.getTokenExpirationDate=function(dataIdToken){if(!dataIdToken.hasOwnProperty("exp"))return new Date;var date=new Date(0);return date.setUTCSeconds(dataIdToken.exp),date},OidcSecurityValidation.prototype.urlBase64Decode=function(str){var output=str.replace("-","+").replace("_","/");switch(output.length%4){case 0:break;case 2:output+="==";break;case 3:output+="=";break;default:throw"Illegal base64url string!"}return window.atob(output)},OidcSecurityValidation}());OidcSecurityValidation.decorators=[{type:_angular_core.Injectable}],OidcSecurityValidation.ctorParameters=function(){return[{type:OidcSecurityCommon}]};var AuthWellKnownEndpoints=function(){function AuthWellKnownEndpoints(http,authConfiguration,oidcSecurityCommon){var _this=this;this.http=http,this.authConfiguration=authConfiguration,this.oidcSecurityCommon=oidcSecurityCommon,this.getWellKnownEndpoints=function(){var headers=new _angular_http.Headers;headers.append("Content-Type","application/json"),headers.append("Accept","application/json");var url=_this.authConfiguration.stsServer+"/.well-known/openid-configuration";return _this.authConfiguration.override_well_known_configuration&&(url=_this.authConfiguration.override_well_known_configuration_url),_this.http.get(url,{headers:headers,body:""}).map(function(res){return res.json()})};var data=this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_well_known_endpoints);this.oidcSecurityCommon.logDebug(data),data&&""!==data?(this.oidcSecurityCommon.logDebug("AuthWellKnownEndpoints already defined"),this.issuer=data.issuer,this.jwks_uri=data.jwks_uri,this.authorization_endpoint=data.authorization_endpoint,this.token_endpoint=data.token_endpoint,this.userinfo_endpoint=data.userinfo_endpoint,data.end_session_endpoint&&(this.end_session_endpoint=data.end_session_endpoint),data.check_session_iframe&&(this.check_session_iframe=data.check_session_iframe),data.revocation_endpoint&&(this.revocation_endpoint=data.revocation_endpoint),data.introspection_endpoint&&(this.introspection_endpoint=data.introspection_endpoint)):(this.oidcSecurityCommon.logDebug("AuthWellKnownEndpoints first time, get from the server"),this.getWellKnownEndpoints().subscribe(function(data){_this.issuer=data.issuer,_this.jwks_uri=data.jwks_uri,_this.authorization_endpoint=data.authorization_endpoint,_this.token_endpoint=data.token_endpoint,_this.userinfo_endpoint=data.userinfo_endpoint,data.end_session_endpoint&&(_this.end_session_endpoint=data.end_session_endpoint),data.check_session_iframe&&(_this.check_session_iframe=data.check_session_iframe),data.revocation_endpoint&&(_this.revocation_endpoint=data.revocation_endpoint),data.introspection_endpoint&&(_this.introspection_endpoint=data.introspection_endpoint),_this.oidcSecurityCommon.store(_this.oidcSecurityCommon.storage_well_known_endpoints,data),_this.oidcSecurityCommon.logDebug(data)}))}return AuthWellKnownEndpoints}();AuthWellKnownEndpoints.decorators=[{type:_angular_core.Injectable}],AuthWellKnownEndpoints.ctorParameters=function(){return[{type:_angular_http.Http},{type:AuthConfiguration},{type:OidcSecurityCommon}]};var OidcSecurityCheckSession=function(){function OidcSecurityCheckSession(authConfiguration,oidcSecurityCommon,authWellKnownEndpoints){this.authConfiguration=authConfiguration,this.oidcSecurityCommon=oidcSecurityCommon,this.authWellKnownEndpoints=authWellKnownEndpoints,this.onCheckSessionChanged=new _angular_core.EventEmitter(!0)}return OidcSecurityCheckSession.prototype.init=function(){var _this=this;return this.sessionIframe=window.document.createElement("iframe"),this.oidcSecurityCommon.logDebug(this.sessionIframe),this.sessionIframe.style.display="none",this.sessionIframe.src=this.authWellKnownEndpoints.check_session_iframe,window.document.body.appendChild(this.sessionIframe),this.iframeMessageEvent=this.messageHandler.bind(this),window.addEventListener("message",this.iframeMessageEvent,!1),rxjs_Observable.Observable.create(function(observer){_this.sessionIframe.onload=function(){observer.next(_this),observer.complete()}})},OidcSecurityCheckSession.prototype.pollServerSession=function(session_state,clientId){var _this=this,source=rxjs_Observable.Observable.timer(3e3,3e3).timeInterval().pluck("interval").take(1e4);source.subscribe(function(){_this.oidcSecurityCommon.logDebug(_this.sessionIframe),_this.sessionIframe.contentWindow.postMessage(clientId+" "+session_state,_this.authConfiguration.stsServer)},function(err){_this.oidcSecurityCommon.logError("pollServerSession error: "+err)},function(){_this.oidcSecurityCommon.logDebug("checksession pollServerSession completed")})},OidcSecurityCheckSession.prototype.messageHandler=function(e){e.origin===this.authConfiguration.stsServer&&e.source===this.sessionIframe.contentWindow&&("error"===e.data?this.oidcSecurityCommon.logWarning("error from checksession messageHandler"):"changed"===e.data?this.onCheckSessionChanged.emit():this.oidcSecurityCommon.logDebug(e.data+" from checksession messageHandler"))},OidcSecurityCheckSession}();OidcSecurityCheckSession.decorators=[{type:_angular_core.Injectable}],OidcSecurityCheckSession.ctorParameters=function(){return[{type:AuthConfiguration},{type:OidcSecurityCommon},{type:AuthWellKnownEndpoints}]},OidcSecurityCheckSession.propDecorators={onCheckSessionChanged:[{type:_angular_core.Output}]};var OidcSecuritySilentRenew=function(){function OidcSecuritySilentRenew(oidcSecurityCommon){this.oidcSecurityCommon=oidcSecurityCommon}return OidcSecuritySilentRenew.prototype.initRenew=function(){this.sessionIframe=window.document.createElement("iframe"),this.oidcSecurityCommon.logDebug(this.sessionIframe),this.sessionIframe.style.display="none",window.document.body.appendChild(this.sessionIframe)},OidcSecuritySilentRenew.prototype.startRenew=function(url){var _this=this;return this.oidcSecurityCommon.logDebug("startRenew for URL:"+url),this.sessionIframe.src=url,rxjs_Observable.Observable.create(function(observer){_this.sessionIframe.onload=function(){observer.next(_this),observer.complete()}})},OidcSecuritySilentRenew}();OidcSecuritySilentRenew.decorators=[{type:_angular_core.Injectable}],OidcSecuritySilentRenew.ctorParameters=function(){return[{type:OidcSecurityCommon}]};var OidcSecurityUserService=function(){function OidcSecurityUserService(http,authConfiguration,oidcSecurityCommon,authWellKnownEndpoints){var _this=this;this.http=http,this.authConfiguration=authConfiguration,this.oidcSecurityCommon=oidcSecurityCommon,this.authWellKnownEndpoints=authWellKnownEndpoints,this.getIdentityUserData=function(){var headers=new _angular_http.Headers;headers.append("Content-Type","application/json"),headers.append("Accept","application/json");var token=_this.oidcSecurityCommon.getAccessToken();return""!==token&&headers.append("Authorization","Bearer "+decodeURIComponent(token)),_this.http.get(_this.authWellKnownEndpoints.userinfo_endpoint,{headers:headers,body:""}).map(function(res){return res.json()})},""!==this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_user_data)&&(this.userData=this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_user_data))}return OidcSecurityUserService.prototype.initUserData=function(){var _this=this;return this.getIdentityUserData().map(function(data){return _this.userData=data})},OidcSecurityUserService.prototype.handleError=function(error){this.oidcSecurityCommon.logError(error)},OidcSecurityUserService}();OidcSecurityUserService.decorators=[{type:_angular_core.Injectable}],OidcSecurityUserService.ctorParameters=function(){return[{type:_angular_http.Http},{type:AuthConfiguration},{type:OidcSecurityCommon},{type:AuthWellKnownEndpoints}]};var OidcSecurityService=function(){function OidcSecurityService(http,authConfiguration,router,oidcSecurityCheckSession,oidcSecuritySilentRenew,oidcSecurityUserService,oidcSecurityCommon,authWellKnownEndpoints){var _this=this;this.http=http,this.authConfiguration=authConfiguration,this.router=router,this.oidcSecurityCheckSession=oidcSecurityCheckSession,this.oidcSecuritySilentRenew=oidcSecuritySilentRenew,this.oidcSecurityUserService=oidcSecurityUserService,this.oidcSecurityCommon=oidcSecurityCommon,this.authWellKnownEndpoints=authWellKnownEndpoints,this.onUserDataLoaded=new _angular_core.EventEmitter(!0),this.oidcSecurityValidation=new OidcSecurityValidation(this.oidcSecurityCommon),this.headers=new _angular_http.Headers,this.headers.append("Content-Type","application/json"),this.headers.append("Accept","application/json"),""!==this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_is_authorized)&&(this.isAuthorized=this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_is_authorized)),this.oidcSecurityCheckSession.onCheckSessionChanged.subscribe(function(){_this.onCheckSessionChanged()})}return OidcSecurityService.prototype.getToken=function(){var token=this.oidcSecurityCommon.getAccessToken();return decodeURIComponent(token)},OidcSecurityService.prototype.getUserData=function(){return this.isAuthorized||this.oidcSecurityCommon.logError("User must be logged in before you can get the user data!"),this.oidcSecurityUserService.userData},OidcSecurityService.prototype.authorize=function(){if(this.oidcSecurityValidation.config_validate_response_type(this.authConfiguration.response_type)){this.resetAuthorizationData(),this.oidcSecurityCommon.logDebug("BEGIN Authorize, no auth data");var nonce="N"+Math.random()+Date.now(),state=Date.now()+""+Math.random();this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_state_control,state),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_nonce,nonce),this.oidcSecurityCommon.logDebug("AuthorizedController created. local state: "+this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_auth_state_control));var url=this.createAuthorizeUrl(nonce,state);window.location.href=url}},OidcSecurityService.prototype.authorizedCallback=function(){var _this=this;this.oidcSecurityCommon.logDebug("BEGIN authorizedCallback, no auth data"),this.resetAuthorizationData();var hash=window.location.hash.substr(1),result=hash.split("&").reduce(function(result,item){var parts=item.split("=");return result[parts[0]]=parts[1],result},{});this.oidcSecurityCommon.logDebug(result),this.oidcSecurityCommon.logDebug("authorizedCallback created, begin token validation");var decoded_id_token,access_token="",id_token="",authResponseIsValid=!1;this.getSigningKeys().subscribe(function(jwtKeys){if(_this.jwtKeys=jwtKeys,!result.error)if(_this.oidcSecurityValidation.validateStateFromHashCallback(result.state,_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_auth_state_control))){"id_token token"===_this.authConfiguration.response_type&&(access_token=result.access_token),id_token=result.id_token;decoded_id_token=_this.oidcSecurityValidation.getPayloadFromToken(id_token,!1),_this.oidcSecurityValidation.getHeaderFromToken(id_token,!1),_this.oidcSecurityValidation.validate_signature_id_token(id_token,_this.jwtKeys)?_this.oidcSecurityValidation.validate_id_token_nonce(decoded_id_token,_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_auth_nonce))?_this.oidcSecurityValidation.validate_required_id_token(decoded_id_token)?_this.oidcSecurityValidation.validate_id_token_iat_max_offset(decoded_id_token,_this.authConfiguration.max_id_token_iat_offset_allowed_in_seconds)?_this.oidcSecurityValidation.validate_id_token_iss(decoded_id_token,_this.authWellKnownEndpoints.issuer)?_this.oidcSecurityValidation.validate_id_token_aud(decoded_id_token,_this.authConfiguration.client_id)?_this.oidcSecurityValidation.validate_id_token_exp_not_expired(decoded_id_token)?"id_token token"===_this.authConfiguration.response_type?_this.oidcSecurityValidation.validate_id_token_at_hash(access_token,decoded_id_token.at_hash)||!access_token?(authResponseIsValid=!0,_this.successful_validation()):_this.oidcSecurityCommon.logWarning("authorizedCallback incorrect at_hash"):(authResponseIsValid=!0,_this.successful_validation()):_this.oidcSecurityCommon.logWarning("authorizedCallback token expired"):_this.oidcSecurityCommon.logWarning("authorizedCallback incorrect aud"):_this.oidcSecurityCommon.logWarning("authorizedCallback incorrect iss does not match authWellKnownEndpoints issuer"):_this.oidcSecurityCommon.logWarning("authorizedCallback Validation, iat rejected id_token was issued too far away from the current time"):_this.oidcSecurityCommon.logDebug("authorizedCallback Validation, one of the REQUIRED properties missing from id_token"):_this.oidcSecurityCommon.logWarning("authorizedCallback incorrect nonce"):_this.oidcSecurityCommon.logDebug("authorizedCallback Signature validation failed id_token")}else _this.oidcSecurityCommon.logWarning("authorizedCallback incorrect state");authResponseIsValid?(_this.setAuthorizationData(access_token,id_token),"id_token token"===_this.authConfiguration.response_type?_this.oidcSecurityUserService.initUserData().subscribe(function(){_this.oidcSecurityCommon.logDebug("authorizedCallback id_token token flow"),_this.oidcSecurityValidation.validate_userdata_sub_id_token(decoded_id_token.sub,_this.oidcSecurityUserService.userData.sub)?(_this.onUserDataLoaded.emit(),_this.oidcSecurityCommon.logDebug(_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_access_token)),_this.oidcSecurityCommon.logDebug(_this.oidcSecurityUserService.userData),_this.authConfiguration.start_checksession&&_this.oidcSecurityCheckSession.init().subscribe(function(){_this.oidcSecurityCheckSession.pollServerSession(result.session_state,_this.authConfiguration.client_id)}),_this.authConfiguration.silent_renew&&_this.oidcSecuritySilentRenew.initRenew(),_this.runTokenValidatation(),_this.router.navigate([_this.authConfiguration.startup_route])):(_this.oidcSecurityCommon.logWarning("authorizedCallback, User data sub does not match sub in id_token"),_this.oidcSecurityCommon.logDebug("authorizedCallback, token(s) validation failed, resetting"),_this.resetAuthorizationData(),_this.router.navigate([_this.authConfiguration.unauthorized_route]))}):(_this.oidcSecurityCommon.logDebug("authorizedCallback id_token flow"),_this.oidcSecurityCommon.logDebug(_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_access_token)),_this.oidcSecurityUserService.userData=decoded_id_token,_this.authConfiguration.start_checksession&&_this.oidcSecurityCheckSession.init().subscribe(function(){_this.oidcSecurityCheckSession.pollServerSession(result.session_state,_this.authConfiguration.client_id)}),_this.authConfiguration.silent_renew&&_this.oidcSecuritySilentRenew.initRenew(),_this.runTokenValidatation(),_this.router.navigate([_this.authConfiguration.startup_route]))):(_this.oidcSecurityCommon.logDebug("authorizedCallback, token(s) validation failed, resetting"),_this.resetAuthorizationData(),_this.router.navigate([_this.authConfiguration.unauthorized_route]))})},OidcSecurityService.prototype.logoff=function(){if(this.oidcSecurityCommon.logDebug("BEGIN Authorize, no auth data"),this.authWellKnownEndpoints.end_session_endpoint){var authorizationEndsessionUrl=this.authWellKnownEndpoints.end_session_endpoint,id_token_hint=this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_id_token),post_logout_redirect_uri=this.authConfiguration.post_logout_redirect_uri,url=authorizationEndsessionUrl+"?id_token_hint="+encodeURI(id_token_hint)+"&post_logout_redirect_uri="+encodeURI(post_logout_redirect_uri);this.resetAuthorizationData(),this.authConfiguration.start_checksession&&this.checkSessionChanged?this.oidcSecurityCommon.logDebug("only local login cleaned up, server session has changed"):window.location.href=url}else this.resetAuthorizationData(),this.oidcSecurityCommon.logDebug("only local login cleaned up, no end_session_endpoint")},OidcSecurityService.prototype.successful_validation=function(){this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_nonce,""),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_state_control,""),this.oidcSecurityCommon.logDebug("AuthorizedCallback token(s) validated, continue")},OidcSecurityService.prototype.refreshSession=function(){this.oidcSecurityCommon.logDebug("BEGIN refresh session Authorize");var nonce="N"+Math.random()+Date.now(),state=Date.now()+""+Math.random();this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_state_control,state),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_nonce,nonce),this.oidcSecurityCommon.logDebug("RefreshSession created. adding myautostate: "+this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_auth_state_control));var url=this.createAuthorizeUrl(nonce,state);this.oidcSecuritySilentRenew.startRenew(url)},OidcSecurityService.prototype.setAuthorizationData=function(access_token,id_token){""!==this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_access_token)&&this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_access_token,""),this.oidcSecurityCommon.logDebug(access_token),this.oidcSecurityCommon.logDebug(id_token),this.oidcSecurityCommon.logDebug("storing to storage, getting the roles"),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_access_token,access_token),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_id_token,id_token),this.isAuthorized=!0,this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_is_authorized,!0)},OidcSecurityService.prototype.createAuthorizeUrl=function(nonce,state){var authorizationUrl=this.authWellKnownEndpoints.authorization_endpoint,client_id=this.authConfiguration.client_id,redirect_uri=this.authConfiguration.redirect_url,response_type=this.authConfiguration.response_type,scope=this.authConfiguration.scope;return authorizationUrl+"?response_type="+encodeURI(response_type)+"&client_id="+encodeURI(client_id)+"&redirect_uri="+encodeURI(redirect_uri)+"&scope="+encodeURI(scope)+"&nonce="+encodeURI(nonce)+"&state="+encodeURI(state)},OidcSecurityService.prototype.resetAuthorizationData=function(){this.isAuthorized=!1,this.oidcSecurityCommon.resetStorageData(),this.checkSessionChanged=!1},OidcSecurityService.prototype.handleError=function(error){this.oidcSecurityCommon.logError(error),403==error.status?this.router.navigate([this.authConfiguration.forbidden_route]):401==error.status&&(this.resetAuthorizationData(),this.router.navigate([this.authConfiguration.unauthorized_route]))},OidcSecurityService.prototype.onCheckSessionChanged=function(){this.oidcSecurityCommon.logDebug("onCheckSessionChanged"),this.checkSessionChanged=!0},OidcSecurityService.prototype.runGetSigningKeys=function(){var _this=this;this.getSigningKeys().subscribe(function(jwtKeys){return _this.jwtKeys=jwtKeys},function(error){return _this.errorMessage=error})},OidcSecurityService.prototype.getSigningKeys=function(){return this.oidcSecurityCommon.logDebug("jwks_uri: "+this.authWellKnownEndpoints.jwks_uri),this.http.get(this.authWellKnownEndpoints.jwks_uri).map(this.extractData).catch(this.handleErrorGetSigningKeys)},OidcSecurityService.prototype.extractData=function(res){return res.json()},OidcSecurityService.prototype.handleErrorGetSigningKeys=function(error){var errMsg;if(error instanceof _angular_http.Response){var body=error.json()||"",err=body.error||JSON.stringify(body);errMsg=error.status+" - "+(error.statusText||"")+" "+err}else errMsg=error.message?error.message:error.toString();return console.error(errMsg),rxjs_Rx.Observable.throw(errMsg)},OidcSecurityService.prototype.runTokenValidatation=function(){var _this=this,source=rxjs_Rx.Observable.timer(3e3,3e3).timeInterval().pluck("interval").take(1e4);source.subscribe(function(){_this.isAuthorized&&_this.oidcSecurityValidation.isTokenExpired(_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_id_token))&&(_this.oidcSecurityCommon.logDebug("IsAuthorized: id_token isTokenExpired, start silent renew if active"),_this.authConfiguration.silent_renew?_this.refreshSession():_this.resetAuthorizationData())},function(err){_this.oidcSecurityCommon.logError("Error: "+err)},function(){_this.oidcSecurityCommon.logDebug("Completed")})},OidcSecurityService}();OidcSecurityService.decorators=[{type:_angular_core.Injectable}],OidcSecurityService.ctorParameters=function(){return[{type:_angular_http.Http},{type:AuthConfiguration},{type:_angular_router.Router},{type:OidcSecurityCheckSession},{type:OidcSecuritySilentRenew},{type:OidcSecurityUserService},{type:OidcSecurityCommon},{type:AuthWellKnownEndpoints}]},OidcSecurityService.propDecorators={onUserDataLoaded:[{type:_angular_core.Output}]};var AuthModule=function(){function AuthModule(){}return AuthModule.forRoot=function(){return{ngModule:AuthModule,providers:[OidcSecurityService,OidcSecurityValidation,OidcSecurityCheckSession,OidcSecuritySilentRenew,OidcSecurityUserService,OidcSecurityCommon,AuthConfiguration,AuthWellKnownEndpoints]}},AuthModule.forChild=function(){return{ngModule:AuthModule,providers:[OidcSecurityService,OidcSecurityValidation,OidcSecurityCheckSession,OidcSecuritySilentRenew,OidcSecurityUserService,OidcSecurityCommon,AuthConfiguration,AuthWellKnownEndpoints]}},AuthModule}();AuthModule.decorators=[{type:_angular_core.NgModule}],AuthModule.ctorParameters=function(){return[]},exports.OidcSecurityService=OidcSecurityService,exports.OidcSecurityValidation=OidcSecurityValidation,exports.OidcSecurityCheckSession=OidcSecurityCheckSession,exports.OidcSecuritySilentRenew=OidcSecuritySilentRenew,exports.OidcSecurityUserService=OidcSecurityUserService,exports.OidcSecurityCommon=OidcSecurityCommon,exports.AuthWellKnownEndpoints=AuthWellKnownEndpoints,exports.AuthConfiguration=AuthConfiguration,exports.AuthModule=AuthModule,Object.defineProperty(exports,"__esModule",{value:!0})}); | ||
| !function(global,factory){"object"==typeof exports&&"undefined"!=typeof module?factory(exports,require("@angular/core"),require("@angular/http"),require("rxjs/add/operator/map"),require("rxjs/add/operator/catch"),require("rxjs/Rx"),require("@angular/router"),require("jsrsasign"),require("rxjs/Observable"),require("rxjs/add/observable/throw"),require("rxjs/add/observable/interval"),require("rxjs/add/observable/timer")):"function"==typeof define&&define.amd?define(["exports","@angular/core","@angular/http","rxjs/add/operator/map","rxjs/add/operator/catch","rxjs/Rx","@angular/router","jsrsasign","rxjs/Observable","rxjs/add/observable/throw","rxjs/add/observable/interval","rxjs/add/observable/timer"],factory):factory((global.ng=global.ng||{},global.ng.angularAuthOidcClient=global.ng.angularAuthOidcClient||{}),global.ng.core,global.ng.http,global.Rx,global.Rx,global.Rx,global.ng.router,global.jsrsasign,global.Rx)}(this,function(exports,_angular_core,_angular_http,rxjs_add_operator_map,rxjs_add_operator_catch,rxjs_Rx,_angular_router,jsrsasign,rxjs_Observable){"use strict";var AuthConfiguration=function(){function AuthConfiguration(){this.stsServer="https://localhost:44318",this.redirect_url="https://localhost:44311",this.client_id="angularclient",this.response_type="id_token token",this.resource="",this.scope="openid email profile",this.post_logout_redirect_uri="https://localhost:44311/Unauthorized",this.start_checksession=!1,this.silent_renew=!0,this.startup_route="/dataeventrecords/list",this.forbidden_route="/Forbidden",this.unauthorized_route="/Unauthorized",this.log_console_warning_active=!0,this.log_console_debug_active=!1,this.max_id_token_iat_offset_allowed_in_seconds=3,this.override_well_known_configuration=!1,this.override_well_known_configuration_url="https://localhost:44386/wellknownconfiguration.json"}return AuthConfiguration}();AuthConfiguration.decorators=[{type:_angular_core.Injectable}],AuthConfiguration.ctorParameters=function(){return[]};var OidcSecurityCommon=function(){function OidcSecurityCommon(authConfiguration){this.authConfiguration=authConfiguration,this.storage_access_token="authorizationData",this.storage_id_token="authorizationDataIdToken",this.storage_is_authorized="_isAuthorized",this.storage_user_data="userData",this.storage_auth_nonce="authNonce",this.storage_auth_state_control="authStateControl",this.storage_well_known_endpoints="wellknownendpoints","undefined"!=typeof Storage&&(this.storage=sessionStorage)}return OidcSecurityCommon.prototype.retrieve=function(key){if(this.storage)return JSON.parse(this.storage.getItem(key))},OidcSecurityCommon.prototype.store=function(key,value){this.storage&&this.storage.setItem(key,JSON.stringify(value))},OidcSecurityCommon.prototype.resetStorageData=function(){this.store(this.storage_access_token,""),this.store(this.storage_id_token,""),this.store(this.storage_is_authorized,!1),this.store(this.storage_user_data,"")},OidcSecurityCommon.prototype.getAccessToken=function(){return this.retrieve(this.storage_access_token)},OidcSecurityCommon.prototype.logError=function(message){console.error(message)},OidcSecurityCommon.prototype.logWarning=function(message){this.authConfiguration.log_console_warning_active&&console.warn(message)},OidcSecurityCommon.prototype.logDebug=function(message){this.authConfiguration.log_console_debug_active&&console.log(message)},OidcSecurityCommon}();OidcSecurityCommon.decorators=[{type:_angular_core.Injectable}],OidcSecurityCommon.ctorParameters=function(){return[{type:AuthConfiguration}]};var OidcSecurityValidation=function(){function OidcSecurityValidation(oidcSecurityCommon){this.oidcSecurityCommon=oidcSecurityCommon}return OidcSecurityValidation.prototype.isTokenExpired=function(token,offsetSeconds){var decoded;return decoded=this.getPayloadFromToken(token,!1),!this.validate_id_token_exp_not_expired(decoded,offsetSeconds)},OidcSecurityValidation.prototype.validate_id_token_exp_not_expired=function(decoded_id_token,offsetSeconds){var tokenExpirationDate=this.getTokenExpirationDate(decoded_id_token);return offsetSeconds=offsetSeconds||0,null!=tokenExpirationDate&&tokenExpirationDate.valueOf()>(new Date).valueOf()+1e3*offsetSeconds},OidcSecurityValidation.prototype.validate_required_id_token=function(dataIdToken){var validated=!0;return dataIdToken.hasOwnProperty("iss")||(validated=!1,this.oidcSecurityCommon.logWarning("iss missing, validatation REQUIRED prorpeties in id_token")),dataIdToken.hasOwnProperty("sub")||(validated=!1,this.oidcSecurityCommon.logWarning("sub missing, validatation REQUIRED prorpeties in id_token")),dataIdToken.hasOwnProperty("aud")||(validated=!1,this.oidcSecurityCommon.logWarning("aud missing, validatation REQUIRED prorpeties in id_token")),dataIdToken.hasOwnProperty("exp")||(validated=!1,this.oidcSecurityCommon.logWarning("exp missing, validatation REQUIRED prorpeties in id_token")),dataIdToken.hasOwnProperty("iat")||(validated=!1,this.oidcSecurityCommon.logWarning("iat missing, validatation REQUIRED prorpeties in id_token")),validated},OidcSecurityValidation.prototype.validate_id_token_iat_max_offset=function(dataIdToken,max_offset_allowed_in_seconds){if(!dataIdToken.hasOwnProperty("iat"))return!1;var dateTime_iat_id_token=new Date(0);return dateTime_iat_id_token.setUTCSeconds(dataIdToken.iat),max_offset_allowed_in_seconds=max_offset_allowed_in_seconds||0,null!=dateTime_iat_id_token&&(this.oidcSecurityCommon.logDebug("validate_id_token_iat_max_offset: "+((new Date).valueOf()-dateTime_iat_id_token.valueOf())+" < "+1e3*max_offset_allowed_in_seconds),(new Date).valueOf()-dateTime_iat_id_token.valueOf()<1e3*max_offset_allowed_in_seconds)},OidcSecurityValidation.prototype.validate_id_token_nonce=function(dataIdToken,local_nonce){return dataIdToken.nonce===local_nonce||(this.oidcSecurityCommon.logDebug("Validate_id_token_nonce failed, dataIdToken.nonce: "+dataIdToken.nonce+" local_nonce:"+local_nonce),!1)},OidcSecurityValidation.prototype.validate_id_token_iss=function(dataIdToken,authWellKnownEndpoints_issuer){return dataIdToken.iss==authWellKnownEndpoints_issuer||(this.oidcSecurityCommon.logDebug("Validate_id_token_iss failed, dataIdToken.iss: "+dataIdToken.iss+" authWellKnownEndpoints issuer:"+authWellKnownEndpoints_issuer),!1)},OidcSecurityValidation.prototype.validate_id_token_aud=function(dataIdToken,aud){return dataIdToken.aud==aud||(this.oidcSecurityCommon.logDebug("Validate_id_token_aud failed, dataIdToken.aud: "+dataIdToken.aud+" client_id:"+aud),!1)},OidcSecurityValidation.prototype.validateStateFromHashCallback=function(state,local_state){return state==local_state||(this.oidcSecurityCommon.logDebug("ValidateStateFromHashCallback failed, state: "+state+" local_state:"+local_state),!1)},OidcSecurityValidation.prototype.validate_userdata_sub_id_token=function(id_token_sub,userdata_sub){return id_token_sub==userdata_sub||(this.oidcSecurityCommon.logDebug("validate_userdata_sub_id_token failed, id_token_sub: "+id_token_sub+" userdata_sub:"+userdata_sub),!1)},OidcSecurityValidation.prototype.getPayloadFromToken=function(token,encode){var data={};if(void 0!==token){var encoded=token.split(".")[1];if(encode)return encoded;data=JSON.parse(this.urlBase64Decode(encoded))}return data},OidcSecurityValidation.prototype.getHeaderFromToken=function(token,encode){var data={};if(void 0!==token){var encoded=token.split(".")[0];if(encode)return encoded;data=JSON.parse(this.urlBase64Decode(encoded))}return data},OidcSecurityValidation.prototype.getSignatureFromToken=function(token,encode){var data={};if(void 0!==token){var encoded=token.split(".")[2];if(encode)return encoded;data=JSON.parse(this.urlBase64Decode(encoded))}return data},OidcSecurityValidation.prototype.validate_signature_id_token=function(id_token,jwtkeys){if(!jwtkeys||!jwtkeys.keys)return!1;var header_data=this.getHeaderFromToken(id_token,!1);if(!this.validate_no_kid_in_header_only_one_allowed_in_jwtkeys(header_data,jwtkeys))return this.oidcSecurityCommon.logWarning("no ID Token kid claim in JOSE header and multiple supplied in jwks_uri"),!1;var kid=header_data.kid;if("RS256"!=header_data.alg)return this.oidcSecurityCommon.logWarning("Only RS256 supported"),!1;var isValid=!1;if(header_data.hasOwnProperty("kid"))for(var _b=0,_c=jwtkeys.keys;_b<_c.length;_b++){var key=_c[_b];if(key.kid==kid){var publickey=jsrsasign.KEYUTIL.getKey(key);return isValid=jsrsasign.KJUR.jws.JWS.verify(id_token,publickey,["RS256"]),isValid||this.oidcSecurityCommon.logWarning("incorrect Signature, validation failed for id_token"),isValid}}else for(var _i=0,_a=jwtkeys.keys;_i<_a.length;_i++){var key=_a[_i],publickey=jsrsasign.KEYUTIL.getKey(key);return isValid=jsrsasign.KJUR.jws.JWS.verify(id_token,publickey,["RS256"]),isValid||this.oidcSecurityCommon.logWarning("incorrect Signature, validation failed for id_token"),isValid}return isValid},OidcSecurityValidation.prototype.config_validate_response_type=function(response_type){return"id_token token"===response_type||"id_token"===response_type||(this.oidcSecurityCommon.logWarning("module configure incorrect, invalid response_type:"+response_type),!1)},OidcSecurityValidation.prototype.validate_no_kid_in_header_only_one_allowed_in_jwtkeys=function(header_data,jwtkeys){return this.oidcSecurityCommon.logDebug("amount of jwtkeys.keys: "+jwtkeys.keys.length),!(!header_data.hasOwnProperty("kid")&&1!=jwtkeys.keys.length)||(this.oidcSecurityCommon.logDebug("jwtkeys.keys.length != 1 and no kid in header"),!1)},OidcSecurityValidation.prototype.validate_id_token_at_hash=function(access_token,at_hash){this.oidcSecurityCommon.logDebug("From the server:"+at_hash);var testdata=this.generate_at_hash(""+access_token);if(this.oidcSecurityCommon.logDebug("client validation not decoded:"+testdata),testdata==at_hash)return!0;var testValue=this.generate_at_hash(""+decodeURIComponent(access_token));return this.oidcSecurityCommon.logDebug("-gen access--"+testValue),testValue==at_hash},OidcSecurityValidation.prototype.generate_at_hash=function(access_token){var hash=jsrsasign.KJUR.crypto.Util.hashString(access_token,"sha256"),first128bits=hash.substr(0,hash.length/2);return jsrsasign.hextob64u(first128bits)},OidcSecurityValidation.prototype.getTokenExpirationDate=function(dataIdToken){if(!dataIdToken.hasOwnProperty("exp"))return new Date;var date=new Date(0);return date.setUTCSeconds(dataIdToken.exp),date},OidcSecurityValidation.prototype.urlBase64Decode=function(str){var output=str.replace("-","+").replace("_","/");switch(output.length%4){case 0:break;case 2:output+="==";break;case 3:output+="=";break;default:throw"Illegal base64url string!"}return window.atob(output)},OidcSecurityValidation}();OidcSecurityValidation.decorators=[{type:_angular_core.Injectable}],OidcSecurityValidation.ctorParameters=function(){return[{type:OidcSecurityCommon}]};var AuthWellKnownEndpoints=function(){function AuthWellKnownEndpoints(http,authConfiguration,oidcSecurityCommon){var _this=this;this.http=http,this.authConfiguration=authConfiguration,this.oidcSecurityCommon=oidcSecurityCommon,this.getWellKnownEndpoints=function(){var headers=new _angular_http.Headers;headers.append("Content-Type","application/json"),headers.append("Accept","application/json");var url=_this.authConfiguration.stsServer+"/.well-known/openid-configuration";return _this.authConfiguration.override_well_known_configuration&&(url=_this.authConfiguration.override_well_known_configuration_url),_this.http.get(url,{headers:headers,body:""}).map(function(res){return res.json()})};var data=this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_well_known_endpoints);this.oidcSecurityCommon.logDebug(data),data&&""!==data?(this.oidcSecurityCommon.logDebug("AuthWellKnownEndpoints already defined"),this.issuer=data.issuer,this.jwks_uri=data.jwks_uri,this.authorization_endpoint=data.authorization_endpoint,this.token_endpoint=data.token_endpoint,this.userinfo_endpoint=data.userinfo_endpoint,data.end_session_endpoint&&(this.end_session_endpoint=data.end_session_endpoint),data.check_session_iframe&&(this.check_session_iframe=data.check_session_iframe),data.revocation_endpoint&&(this.revocation_endpoint=data.revocation_endpoint),data.introspection_endpoint&&(this.introspection_endpoint=data.introspection_endpoint)):(this.oidcSecurityCommon.logDebug("AuthWellKnownEndpoints first time, get from the server"),this.getWellKnownEndpoints().subscribe(function(data){_this.issuer=data.issuer,_this.jwks_uri=data.jwks_uri,_this.authorization_endpoint=data.authorization_endpoint,_this.token_endpoint=data.token_endpoint,_this.userinfo_endpoint=data.userinfo_endpoint,data.end_session_endpoint&&(_this.end_session_endpoint=data.end_session_endpoint),data.check_session_iframe&&(_this.check_session_iframe=data.check_session_iframe),data.revocation_endpoint&&(_this.revocation_endpoint=data.revocation_endpoint),data.introspection_endpoint&&(_this.introspection_endpoint=data.introspection_endpoint),_this.oidcSecurityCommon.store(_this.oidcSecurityCommon.storage_well_known_endpoints,data),_this.oidcSecurityCommon.logDebug(data)}))}return AuthWellKnownEndpoints}();AuthWellKnownEndpoints.decorators=[{type:_angular_core.Injectable}],AuthWellKnownEndpoints.ctorParameters=function(){return[{type:_angular_http.Http},{type:AuthConfiguration},{type:OidcSecurityCommon}]};var OidcSecurityCheckSession=function(){function OidcSecurityCheckSession(authConfiguration,oidcSecurityCommon,authWellKnownEndpoints){this.authConfiguration=authConfiguration,this.oidcSecurityCommon=oidcSecurityCommon,this.authWellKnownEndpoints=authWellKnownEndpoints,this.onCheckSessionChanged=new _angular_core.EventEmitter(!0)}return OidcSecurityCheckSession.prototype.init=function(){var _this=this;return this.sessionIframe=window.document.createElement("iframe"),this.oidcSecurityCommon.logDebug(this.sessionIframe),this.sessionIframe.style.display="none",this.sessionIframe.src=this.authWellKnownEndpoints.check_session_iframe,window.document.body.appendChild(this.sessionIframe),this.iframeMessageEvent=this.messageHandler.bind(this),window.addEventListener("message",this.iframeMessageEvent,!1),rxjs_Observable.Observable.create(function(observer){_this.sessionIframe.onload=function(){observer.next(_this),observer.complete()}})},OidcSecurityCheckSession.prototype.pollServerSession=function(session_state,clientId){var _this=this,source=rxjs_Observable.Observable.timer(3e3,3e3).timeInterval().pluck("interval").take(1e4);source.subscribe(function(){_this.oidcSecurityCommon.logDebug(_this.sessionIframe),_this.sessionIframe.contentWindow.postMessage(clientId+" "+session_state,_this.authConfiguration.stsServer)},function(err){_this.oidcSecurityCommon.logError("pollServerSession error: "+err)},function(){_this.oidcSecurityCommon.logDebug("checksession pollServerSession completed")})},OidcSecurityCheckSession.prototype.messageHandler=function(e){e.origin===this.authConfiguration.stsServer&&e.source===this.sessionIframe.contentWindow&&("error"===e.data?this.oidcSecurityCommon.logWarning("error from checksession messageHandler"):"changed"===e.data?this.onCheckSessionChanged.emit():this.oidcSecurityCommon.logDebug(e.data+" from checksession messageHandler"))},OidcSecurityCheckSession}();OidcSecurityCheckSession.decorators=[{type:_angular_core.Injectable}],OidcSecurityCheckSession.ctorParameters=function(){return[{type:AuthConfiguration},{type:OidcSecurityCommon},{type:AuthWellKnownEndpoints}]},OidcSecurityCheckSession.propDecorators={onCheckSessionChanged:[{type:_angular_core.Output}]};var OidcSecuritySilentRenew=function(){function OidcSecuritySilentRenew(oidcSecurityCommon){this.oidcSecurityCommon=oidcSecurityCommon}return OidcSecuritySilentRenew.prototype.initRenew=function(){this.sessionIframe=window.document.createElement("iframe"),this.oidcSecurityCommon.logDebug(this.sessionIframe),this.sessionIframe.style.display="none",window.document.body.appendChild(this.sessionIframe)},OidcSecuritySilentRenew.prototype.startRenew=function(url){var _this=this;return this.oidcSecurityCommon.logDebug("startRenew for URL:"+url),this.sessionIframe.src=url,rxjs_Observable.Observable.create(function(observer){_this.sessionIframe.onload=function(){observer.next(_this),observer.complete()}})},OidcSecuritySilentRenew}();OidcSecuritySilentRenew.decorators=[{type:_angular_core.Injectable}],OidcSecuritySilentRenew.ctorParameters=function(){return[{type:OidcSecurityCommon}]};var OidcSecurityUserService=function(){function OidcSecurityUserService(http,authConfiguration,oidcSecurityCommon,authWellKnownEndpoints){var _this=this;this.http=http,this.authConfiguration=authConfiguration,this.oidcSecurityCommon=oidcSecurityCommon,this.authWellKnownEndpoints=authWellKnownEndpoints,this.getIdentityUserData=function(){var headers=new _angular_http.Headers;headers.append("Content-Type","application/json"),headers.append("Accept","application/json");var token=_this.oidcSecurityCommon.getAccessToken();return""!==token&&headers.append("Authorization","Bearer "+decodeURIComponent(token)),_this.http.get(_this.authWellKnownEndpoints.userinfo_endpoint,{headers:headers,body:""}).map(function(res){return res.json()})},""!==this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_user_data)&&(this.userData=this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_user_data))}return OidcSecurityUserService.prototype.initUserData=function(){var _this=this;return this.getIdentityUserData().map(function(data){return _this.userData=data})},OidcSecurityUserService.prototype.handleError=function(error){this.oidcSecurityCommon.logError(error)},OidcSecurityUserService}();OidcSecurityUserService.decorators=[{type:_angular_core.Injectable}],OidcSecurityUserService.ctorParameters=function(){return[{type:_angular_http.Http},{type:AuthConfiguration},{type:OidcSecurityCommon},{type:AuthWellKnownEndpoints}]};var OidcSecurityService=function(){function OidcSecurityService(http,authConfiguration,router,oidcSecurityCheckSession,oidcSecuritySilentRenew,oidcSecurityUserService,oidcSecurityCommon,authWellKnownEndpoints){var _this=this;this.http=http,this.authConfiguration=authConfiguration,this.router=router,this.oidcSecurityCheckSession=oidcSecurityCheckSession,this.oidcSecuritySilentRenew=oidcSecuritySilentRenew,this.oidcSecurityUserService=oidcSecurityUserService,this.oidcSecurityCommon=oidcSecurityCommon,this.authWellKnownEndpoints=authWellKnownEndpoints,this.onUserDataLoaded=new _angular_core.EventEmitter(!0),this.oidcSecurityValidation=new OidcSecurityValidation(this.oidcSecurityCommon),this.headers=new _angular_http.Headers,this.headers.append("Content-Type","application/json"),this.headers.append("Accept","application/json"),""!==this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_is_authorized)&&(this.isAuthorized=this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_is_authorized)),this.oidcSecurityCheckSession.onCheckSessionChanged.subscribe(function(){_this.onCheckSessionChanged()})}return OidcSecurityService.prototype.getToken=function(){var token=this.oidcSecurityCommon.getAccessToken();return decodeURIComponent(token)},OidcSecurityService.prototype.getUserData=function(){return this.isAuthorized||this.oidcSecurityCommon.logError("User must be logged in before you can get the user data!"),this.oidcSecurityUserService.userData},OidcSecurityService.prototype.authorize=function(){if(this.oidcSecurityValidation.config_validate_response_type(this.authConfiguration.response_type)){this.resetAuthorizationData(),this.oidcSecurityCommon.logDebug("BEGIN Authorize, no auth data");var nonce="N"+Math.random()+Date.now(),state=Date.now()+""+Math.random();this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_state_control,state),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_nonce,nonce),this.oidcSecurityCommon.logDebug("AuthorizedController created. local state: "+this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_auth_state_control));var url=this.createAuthorizeUrl(nonce,state);window.location.href=url}},OidcSecurityService.prototype.authorizedCallback=function(){var _this=this;this.oidcSecurityCommon.logDebug("BEGIN authorizedCallback, no auth data"),this.resetAuthorizationData();var hash=window.location.hash.substr(1),result=hash.split("&").reduce(function(result,item){var parts=item.split("=");return result[parts[0]]=parts[1],result},{});this.oidcSecurityCommon.logDebug(result),this.oidcSecurityCommon.logDebug("authorizedCallback created, begin token validation");var decoded_id_token,access_token="",id_token="",authResponseIsValid=!1;this.getSigningKeys().subscribe(function(jwtKeys){if(_this.jwtKeys=jwtKeys,!result.error)if(_this.oidcSecurityValidation.validateStateFromHashCallback(result.state,_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_auth_state_control))){"id_token token"===_this.authConfiguration.response_type&&(access_token=result.access_token),id_token=result.id_token;decoded_id_token=_this.oidcSecurityValidation.getPayloadFromToken(id_token,!1),_this.oidcSecurityValidation.getHeaderFromToken(id_token,!1),_this.oidcSecurityValidation.validate_signature_id_token(id_token,_this.jwtKeys)?_this.oidcSecurityValidation.validate_id_token_nonce(decoded_id_token,_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_auth_nonce))?_this.oidcSecurityValidation.validate_required_id_token(decoded_id_token)?_this.oidcSecurityValidation.validate_id_token_iat_max_offset(decoded_id_token,_this.authConfiguration.max_id_token_iat_offset_allowed_in_seconds)?_this.oidcSecurityValidation.validate_id_token_iss(decoded_id_token,_this.authWellKnownEndpoints.issuer)?_this.oidcSecurityValidation.validate_id_token_aud(decoded_id_token,_this.authConfiguration.client_id)?_this.oidcSecurityValidation.validate_id_token_exp_not_expired(decoded_id_token)?"id_token token"===_this.authConfiguration.response_type?_this.oidcSecurityValidation.validate_id_token_at_hash(access_token,decoded_id_token.at_hash)||!access_token?(authResponseIsValid=!0,_this.successful_validation()):_this.oidcSecurityCommon.logWarning("authorizedCallback incorrect at_hash"):(authResponseIsValid=!0,_this.successful_validation()):_this.oidcSecurityCommon.logWarning("authorizedCallback token expired"):_this.oidcSecurityCommon.logWarning("authorizedCallback incorrect aud"):_this.oidcSecurityCommon.logWarning("authorizedCallback incorrect iss does not match authWellKnownEndpoints issuer"):_this.oidcSecurityCommon.logWarning("authorizedCallback Validation, iat rejected id_token was issued too far away from the current time"):_this.oidcSecurityCommon.logDebug("authorizedCallback Validation, one of the REQUIRED properties missing from id_token"):_this.oidcSecurityCommon.logWarning("authorizedCallback incorrect nonce"):_this.oidcSecurityCommon.logDebug("authorizedCallback Signature validation failed id_token")}else _this.oidcSecurityCommon.logWarning("authorizedCallback incorrect state");authResponseIsValid?(_this.setAuthorizationData(access_token,id_token),"id_token token"===_this.authConfiguration.response_type?_this.oidcSecurityUserService.initUserData().subscribe(function(){_this.oidcSecurityCommon.logDebug("authorizedCallback id_token token flow"),_this.oidcSecurityValidation.validate_userdata_sub_id_token(decoded_id_token.sub,_this.oidcSecurityUserService.userData.sub)?(_this.onUserDataLoaded.emit(),_this.oidcSecurityCommon.logDebug(_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_access_token)),_this.oidcSecurityCommon.logDebug(_this.oidcSecurityUserService.userData),_this.authConfiguration.start_checksession&&_this.oidcSecurityCheckSession.init().subscribe(function(){_this.oidcSecurityCheckSession.pollServerSession(result.session_state,_this.authConfiguration.client_id)}),_this.authConfiguration.silent_renew&&_this.oidcSecuritySilentRenew.initRenew(),_this.runTokenValidatation(),_this.router.navigate([_this.authConfiguration.startup_route])):(_this.oidcSecurityCommon.logWarning("authorizedCallback, User data sub does not match sub in id_token"),_this.oidcSecurityCommon.logDebug("authorizedCallback, token(s) validation failed, resetting"),_this.resetAuthorizationData(),_this.router.navigate([_this.authConfiguration.unauthorized_route]))}):(_this.oidcSecurityCommon.logDebug("authorizedCallback id_token flow"),_this.oidcSecurityCommon.logDebug(_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_access_token)),_this.oidcSecurityUserService.userData=decoded_id_token,_this.authConfiguration.start_checksession&&_this.oidcSecurityCheckSession.init().subscribe(function(){_this.oidcSecurityCheckSession.pollServerSession(result.session_state,_this.authConfiguration.client_id)}),_this.authConfiguration.silent_renew&&_this.oidcSecuritySilentRenew.initRenew(),_this.runTokenValidatation(),_this.router.navigate([_this.authConfiguration.startup_route]))):(_this.oidcSecurityCommon.logDebug("authorizedCallback, token(s) validation failed, resetting"),_this.resetAuthorizationData(),_this.router.navigate([_this.authConfiguration.unauthorized_route]))})},OidcSecurityService.prototype.logoff=function(){if(this.oidcSecurityCommon.logDebug("BEGIN Authorize, no auth data"),this.authWellKnownEndpoints.end_session_endpoint){var authorizationEndsessionUrl=this.authWellKnownEndpoints.end_session_endpoint,id_token_hint=this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_id_token),post_logout_redirect_uri=this.authConfiguration.post_logout_redirect_uri,url=authorizationEndsessionUrl+"?id_token_hint="+encodeURI(id_token_hint)+"&post_logout_redirect_uri="+encodeURI(post_logout_redirect_uri);this.resetAuthorizationData(),this.authConfiguration.start_checksession&&this.checkSessionChanged?this.oidcSecurityCommon.logDebug("only local login cleaned up, server session has changed"):window.location.href=url}else this.resetAuthorizationData(),this.oidcSecurityCommon.logDebug("only local login cleaned up, no end_session_endpoint")},OidcSecurityService.prototype.successful_validation=function(){this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_nonce,""),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_state_control,""),this.oidcSecurityCommon.logDebug("AuthorizedCallback token(s) validated, continue")},OidcSecurityService.prototype.refreshSession=function(){this.oidcSecurityCommon.logDebug("BEGIN refresh session Authorize");var nonce="N"+Math.random()+Date.now(),state=Date.now()+""+Math.random();this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_state_control,state),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_auth_nonce,nonce),this.oidcSecurityCommon.logDebug("RefreshSession created. adding myautostate: "+this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_auth_state_control));var url=this.createAuthorizeUrl(nonce,state);this.oidcSecuritySilentRenew.startRenew(url)},OidcSecurityService.prototype.setAuthorizationData=function(access_token,id_token){""!==this.oidcSecurityCommon.retrieve(this.oidcSecurityCommon.storage_access_token)&&this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_access_token,""),this.oidcSecurityCommon.logDebug(access_token),this.oidcSecurityCommon.logDebug(id_token),this.oidcSecurityCommon.logDebug("storing to storage, getting the roles"),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_access_token,access_token),this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_id_token,id_token),this.isAuthorized=!0,this.oidcSecurityCommon.store(this.oidcSecurityCommon.storage_is_authorized,!0)},OidcSecurityService.prototype.createAuthorizeUrl=function(nonce,state){var authorizationUrl=this.authWellKnownEndpoints.authorization_endpoint,client_id=this.authConfiguration.client_id,redirect_uri=this.authConfiguration.redirect_url,response_type=this.authConfiguration.response_type,scope=this.authConfiguration.scope;return authorizationUrl+"?response_type="+encodeURI(response_type)+"&client_id="+encodeURI(client_id)+"&redirect_uri="+encodeURI(redirect_uri)+"&scope="+encodeURI(scope)+"&nonce="+encodeURI(nonce)+"&state="+encodeURI(state)},OidcSecurityService.prototype.resetAuthorizationData=function(){this.isAuthorized=!1,this.oidcSecurityCommon.resetStorageData(),this.checkSessionChanged=!1},OidcSecurityService.prototype.handleError=function(error){this.oidcSecurityCommon.logError(error),403==error.status?this.router.navigate([this.authConfiguration.forbidden_route]):401==error.status&&(this.resetAuthorizationData(),this.router.navigate([this.authConfiguration.unauthorized_route]))},OidcSecurityService.prototype.onCheckSessionChanged=function(){this.oidcSecurityCommon.logDebug("onCheckSessionChanged"),this.checkSessionChanged=!0},OidcSecurityService.prototype.runGetSigningKeys=function(){var _this=this;this.getSigningKeys().subscribe(function(jwtKeys){return _this.jwtKeys=jwtKeys},function(error){return _this.errorMessage=error})},OidcSecurityService.prototype.getSigningKeys=function(){return this.oidcSecurityCommon.logDebug("jwks_uri: "+this.authWellKnownEndpoints.jwks_uri),this.http.get(this.authWellKnownEndpoints.jwks_uri).map(this.extractData).catch(this.handleErrorGetSigningKeys)},OidcSecurityService.prototype.extractData=function(res){return res.json()},OidcSecurityService.prototype.handleErrorGetSigningKeys=function(error){var errMsg;if(error instanceof _angular_http.Response){var body=error.json()||"",err=body.error||JSON.stringify(body);errMsg=error.status+" - "+(error.statusText||"")+" "+err}else errMsg=error.message?error.message:error.toString();return console.error(errMsg),rxjs_Rx.Observable.throw(errMsg)},OidcSecurityService.prototype.runTokenValidatation=function(){var _this=this,source=rxjs_Rx.Observable.timer(3e3,3e3).timeInterval().pluck("interval").take(1e4);source.subscribe(function(){_this.isAuthorized&&_this.oidcSecurityValidation.isTokenExpired(_this.oidcSecurityCommon.retrieve(_this.oidcSecurityCommon.storage_id_token))&&(_this.oidcSecurityCommon.logDebug("IsAuthorized: id_token isTokenExpired, start silent renew if active"),_this.authConfiguration.silent_renew?_this.refreshSession():_this.resetAuthorizationData())},function(err){_this.oidcSecurityCommon.logError("Error: "+err)},function(){_this.oidcSecurityCommon.logDebug("Completed")})},OidcSecurityService}();OidcSecurityService.decorators=[{type:_angular_core.Injectable}],OidcSecurityService.ctorParameters=function(){return[{type:_angular_http.Http},{type:AuthConfiguration},{type:_angular_router.Router},{type:OidcSecurityCheckSession},{type:OidcSecuritySilentRenew},{type:OidcSecurityUserService},{type:OidcSecurityCommon},{type:AuthWellKnownEndpoints}]},OidcSecurityService.propDecorators={onUserDataLoaded:[{type:_angular_core.Output}]};var AuthModule=function(){function AuthModule(){}return AuthModule.forRoot=function(){return{ngModule:AuthModule,providers:[OidcSecurityService,OidcSecurityValidation,OidcSecurityCheckSession,OidcSecuritySilentRenew,OidcSecurityUserService,OidcSecurityCommon,AuthConfiguration,AuthWellKnownEndpoints]}},AuthModule.forChild=function(){return{ngModule:AuthModule,providers:[OidcSecurityService,OidcSecurityValidation,OidcSecurityCheckSession,OidcSecuritySilentRenew,OidcSecurityUserService,OidcSecurityCommon,AuthConfiguration,AuthWellKnownEndpoints]}},AuthModule}();AuthModule.decorators=[{type:_angular_core.NgModule}],AuthModule.ctorParameters=function(){return[]},exports.OidcSecurityService=OidcSecurityService,exports.OidcSecurityValidation=OidcSecurityValidation,exports.OidcSecurityCheckSession=OidcSecurityCheckSession,exports.OidcSecuritySilentRenew=OidcSecuritySilentRenew,exports.OidcSecurityUserService=OidcSecurityUserService,exports.OidcSecurityCommon=OidcSecurityCommon,exports.AuthWellKnownEndpoints=AuthWellKnownEndpoints,exports.AuthConfiguration=AuthConfiguration,exports.AuthModule=AuthModule,Object.defineProperty(exports,"__esModule",{value:!0})}); | ||
| //# sourceMappingURL=angular-auth-oidc-client.umd.min.js.map |
@@ -136,3 +136,2 @@ import { EventEmitter, Injectable, NgModule, Output } from '@angular/core'; | ||
| ]; }; | ||
| var encode = require('base64url').encode; | ||
| var OidcSecurityValidation = (function () { | ||
@@ -139,0 +138,0 @@ /** |
@@ -137,3 +137,2 @@ import { EventEmitter, Injectable, NgModule, Output } from '@angular/core'; | ||
| const encode = require('base64url').encode; | ||
| class OidcSecurityValidation { | ||
@@ -140,0 +139,0 @@ /** |
| { | ||
| "name": "angular-auth-oidc-client", | ||
| "version": "1.0.0", | ||
| "version": "1.0.1", | ||
| "description": "An OpenID Connect Implicit Flow client for Angular", | ||
@@ -5,0 +5,0 @@ "main": "./bundles/angular-auth-oidc-client.umd.js", |
@@ -20,3 +20,3 @@ # angular-auth-oidc-client | ||
| ```typescript | ||
| "angular-auth-oidc-client": "1.0.0" | ||
| "angular-auth-oidc-client": "1.0.1" | ||
| ``` | ||
@@ -23,0 +23,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Worsened metrics
- Total package byte prevSize
- decreased by-0.13%
588519
- Lines of code
- decreased by-0.08%
3972
No dependency changes