Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
angular-auth-oidc-client
Advanced tools
angular-auth-oidc-client - npm Package Compare versions
Comparing version 10.0.12 to 10.0.13
@@ -1,2 +0,2 @@ | ||
| !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("@angular/common"),require("jsrsasign-reduced"),require("@angular/common/http"),require("@angular/router"),require("rxjs"),require("rxjs/operators"),require("@angular/core"),require("common-tags")):"function"==typeof define&&define.amd?define("angular-auth-oidc-client",["exports","@angular/common","jsrsasign-reduced","@angular/common/http","@angular/router","rxjs","rxjs/operators","@angular/core","common-tags"],t):t(e["angular-auth-oidc-client"]={},e.ng.common,e["jsrsasign-reduced"],e.ng.common.http,e.ng.router,e.rxjs,e.rxjs.operators,e.ng.core,e.commonTags)}(this,function(e,t,C,l,o,p,v,i,a){"use strict";function n(){this.keys=[]}function r(){this.kty="",this.use="",this.kid="",this.x5t="",this.e="",this.n="",this.x5c=[]}var u=function ce(e,t,o){void 0===o&&(o=!1),this.authorizationState=e,this.validationResult=t,this.isRenewProcess=o},c={authorized:"authorized",forbidden:"forbidden",unauthorized:"unauthorized"},d={NotSet:"NotSet",StatesDoNotMatch:"StatesDoNotMatch",SignatureFailed:"SignatureFailed",IncorrectNonce:"IncorrectNonce",RequiredPropertyMissing:"RequiredPropertyMissing",MaxOffsetExpired:"MaxOffsetExpired",IssDoesNotMatchIssuer:"IssDoesNotMatchIssuer",NoAuthWellKnownEndPoints:"NoAuthWellKnownEndPoints",IncorrectAud:"IncorrectAud",TokenExpired:"TokenExpired",IncorrectAtHash:"IncorrectAtHash",Ok:"Ok",LoginRequired:"LoginRequired",SecureTokenServerError:"SecureTokenServerError"},s=function de(e,t,o,i,n){void 0===e&&(e=""),void 0===t&&(t=""),void 0===o&&(o=!1),void 0===i&&(i={}),void 0===n&&(n=d.NotSet),this.access_token=e,this.id_token=t,this.authResponseIsValid=o,this.decoded_id_token=i,this.state=n},g=(h.prototype.getWellknownEndpoints=function(e){var t=new l.HttpHeaders;return t=t.set("Accept","application/json"),this.httpClient.get(e,{headers:t})},h.prototype.getIdentityUserData=function(e,t){var o=new l.HttpHeaders;return o=(o=o.set("Accept","application/json")).set("Authorization","Bearer "+decodeURIComponent(t)),this.httpClient.get(e,{headers:o})},h.prototype.get=function(e){var t=new l.HttpHeaders;return t=t.set("Accept","application/json"),this.httpClient.get(e,{headers:t})},h.decorators=[{type:i.Injectable}],h.ctorParameters=function(){return[{type:l.HttpClient}]},h);function h(e){this.httpClient=e}var f=function(){return(f=Object.assign||function(e){for(var t,o=1,i=arguments.length;o<i;o++)for(var n in t=arguments[o])Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n]);return e}).apply(this,arguments)};function b(e){var t="function"==typeof Symbol&&e[Symbol.iterator],o=0;return t?t.call(e):{next:function(){return e&&o>=e.length&&(e=void 0),{value:e&&e[o++],done:!e}}}}function S(e,t){var o="function"==typeof Symbol&&e[Symbol.iterator];if(!o)return e;var i,n,r=o.call(e),s=[];try{for(;(void 0===t||0<t--)&&!(i=r.next()).done;)s.push(i.value)}catch(a){n={error:a}}finally{try{i&&!i.done&&(o=r["return"])&&o.call(r)}finally{if(n)throw n.error}}return s}function _(e,t){return Object.defineProperty?Object.defineProperty(e,"raw",{value:t}):e.raw=t,e}var y=(Object.defineProperty(m.prototype,"isBrowser",{get:function(){return t.isPlatformBrowser(this.platformId)},enumerable:!0,configurable:!0}),m.decorators=[{type:i.Injectable,args:[{providedIn:"root"}]}],m.ctorParameters=function(){return[{type:Object,decorators:[{type:i.Inject,args:[i.PLATFORM_ID]}]}]},m.ngInjectableDef=i.defineInjectable({factory:function(){return new m(i.inject(i.PLATFORM_ID))},token:m,providedIn:"root"}),m);function m(e){this.platformId=e}var k=(Object.defineProperty(w.prototype,"openIDConfiguration",{get:function(){return this.mergedOpenIdConfiguration},enumerable:!0,configurable:!0}),Object.defineProperty(w.prototype,"wellKnownEndpoints",{get:function(){return this.authWellKnownEndpoints},enumerable:!0,configurable:!0}),Object.defineProperty(w.prototype,"onConfigurationChange",{get:function(){return this.onConfigurationChangeInternal.asObservable()},enumerable:!0,configurable:!0}),w.prototype.setup=function(e,t){this.mergedOpenIdConfiguration=f({},this.mergedOpenIdConfiguration,e),this.setSpecialCases(this.mergedOpenIdConfiguration),this.authWellKnownEndpoints=f({},t),this.onConfigurationChangeInternal.next(f({},this.mergedOpenIdConfiguration))},w.prototype.setSpecialCases=function(e){this.platformProvider.isBrowser||(e.start_checksession=!1,e.silent_renew=!1,e.use_refresh_token=!1)},w.decorators=[{type:i.Injectable,args:[{providedIn:"root"}]}],w.ctorParameters=function(){return[{type:y}]},w.ngInjectableDef=i.defineInjectable({factory:function(){return new w(i.inject(y))},token:w,providedIn:"root"}),w);function w(e){this.platformProvider=e,this.DEFAULT_CONFIG={stsServer:"https://please_set",redirect_url:"https://please_set",client_id:"please_set",response_type:"code",scope:"openid email profile",hd_param:"",post_logout_redirect_uri:"https://please_set",start_checksession:!1,silent_renew:!1,silent_renew_url:"https://please_set",silent_renew_offset_in_seconds:0,use_refresh_token:!1,ignore_nonce_after_refresh:!1,post_login_route:"/",forbidden_route:"/forbidden",unauthorized_route:"/unauthorized",auto_userinfo:!0,auto_clean_state_after_authentication:!0,trigger_authorization_result_event:!1,log_console_warning_active:!0,log_console_debug_active:!1,iss_validation_off:!1,history_cleanup_off:!1,max_id_token_iat_offset_allowed_in_seconds:3,isauthorizedrace_timeout_in_seconds:5,disable_iat_offset_validation:!1,storage:"undefined"!=typeof Storage?sessionStorage:null},this.INITIAL_AUTHWELLKNOWN={issuer:"",jwks_uri:"",authorization_endpoint:"",token_endpoint:"",userinfo_endpoint:"",end_session_endpoint:"",check_session_iframe:"",revocation_endpoint:"",introspection_endpoint:""},this.mergedOpenIdConfiguration=this.DEFAULT_CONFIG,this.authWellKnownEndpoints=this.INITIAL_AUTHWELLKNOWN,this.onConfigurationChangeInternal=new p.Subject}var I=(D.prototype.logError=function(e){for(var t=[],o=1;o<arguments.length;o++)t[o-1]=arguments[o];console.error.apply(console,function i(){for(var e=[],t=0;t<arguments.length;t++)e=e.concat(S(arguments[t]));return e}([e],t))},D.prototype.logWarning=function(e){this.configurationProvider.openIDConfiguration.log_console_warning_active&&console.warn(e)},D.prototype.logDebug=function(e){this.configurationProvider.openIDConfiguration.log_console_debug_active&&console.log(e)},D.decorators=[{type:i.Injectable}],D.ctorParameters=function(){return[{type:k}]},D);function D(e){this.configurationProvider=e}var P=(E.prototype.getExistingIFrame=function(e){var t=this.getIFrameFromParentWindow(e);if(this.isIFrameElement(t))return t;var o=this.getIFrameFromWindow(e);return this.isIFrameElement(o)?o:null},E.prototype.addIFrameToWindowBody=function(e){var t=window.document.createElement("iframe");return t.id=e,this.loggerService.logDebug(t),t.style.display="none",window.document.body.appendChild(t),t},E.prototype.getIFrameFromParentWindow=function(e){try{var t=window.parent.document.getElementById(e);return this.isIFrameElement(t)?t:null}catch(o){return null}},E.prototype.getIFrameFromWindow=function(e){var t=window.document.getElementById(e);return this.isIFrameElement(t)?t:null},E.prototype.isIFrameElement=function(e){return!!e&&e instanceof HTMLIFrameElement},E.decorators=[{type:i.Injectable}],E.ctorParameters=function(){return[{type:I}]},E);function E(e){this.loggerService=e}var R=(z.prototype.areEqual=function(e,t){if(!e||!t)return!1;if(this.bothValuesAreArrays(e,t))return this.arraysEqual(e,t);if(this.bothValuesAreStrings(e,t))return e===t;if(this.bothValuesAreObjects(e,t))return JSON.stringify(e).toLowerCase()===JSON.stringify(t).toLowerCase();if(this.oneValueIsStringAndTheOtherIsArray(e,t)){if(Array.isArray(e)&&this.valueIsString(t))return e[0]===t;if(Array.isArray(t)&&this.valueIsString(e))return t[0]===e}},z.prototype.oneValueIsStringAndTheOtherIsArray=function(e,t){return Array.isArray(e)&&this.valueIsString(t)||Array.isArray(t)&&this.valueIsString(e)},z.prototype.bothValuesAreObjects=function(e,t){return this.valueIsObject(e)&&this.valueIsObject(t)},z.prototype.bothValuesAreStrings=function(e,t){return this.valueIsString(e)&&this.valueIsString(t)},z.prototype.bothValuesAreArrays=function(e,t){return Array.isArray(e)&&Array.isArray(t)},z.prototype.valueIsString=function(e){return"string"==typeof e||e instanceof String},z.prototype.valueIsObject=function(e){return"object"==typeof e},z.prototype.arraysEqual=function(e,t){if(e.length!==t.length)return!1;for(var o=e.length;o--;)if(e[o]!==t[o])return!1;return!0},z.decorators=[{type:i.Injectable}],z);function z(){}var A=(T.prototype.getTokenExpirationDate=function(e){if(!e.hasOwnProperty("exp"))return new Date;var t=new Date(0);return t.setUTCSeconds(e.exp),t},T.prototype.getHeaderFromToken=function(e,t){return this.tokenIsValid(e)?this.getPartOfToken(e,0,t):{}},T.prototype.getPayloadFromToken=function(e,t){return this.tokenIsValid(e)?this.getPartOfToken(e,1,t):{}},T.prototype.getSignatureFromToken=function(e,t){return this.tokenIsValid(e)?this.getPartOfToken(e,2,t):{}},T.prototype.getPartOfToken=function(e,t,o){var i=this.extractPartOfToken(e,t);if(o)return i;var n=this.urlBase64Decode(i);return JSON.parse(n)},T.prototype.urlBase64Decode=function(e){var t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw Error("Illegal base64url string!")}var o="undefined"!=typeof window?window.atob(t):new Buffer(t,"base64").toString("binary");try{return decodeURIComponent(o.split("").map(function(e){return"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)}).join(""))}catch(i){return o}},T.prototype.tokenIsValid=function(e){return e?e.includes(".")?e.split(".").length===this.PARTS_OF_TOKEN||(this.loggerService.logError("token '"+e+"' is not valid --\x3e token has to have exactly "+this.PARTS_OF_TOKEN+" dots"),!1):(this.loggerService.logError("token '"+e+"' is not valid --\x3e no dots included"),!1):(this.loggerService.logError("token '"+e+"' is not valid --\x3e token falsy"),!1)},T.prototype.extractPartOfToken=function(e,t){return e.split(".")[t]},T.decorators=[{type:i.Injectable}],T.ctorParameters=function(){return[{type:I}]},T);function T(e){this.loggerService=e,this.PARTS_OF_TOKEN=3}var O=(x.decorators=[{type:i.Injectable}],x);function x(){}var j=(W.prototype.read=function(e){if(this.hasStorage)return JSON.parse(this.configProvider.openIDConfiguration.storage.getItem(e+"_"+this.configProvider.openIDConfiguration.client_id))},W.prototype.write=function(e,t){this.hasStorage&&(t=t===undefined?null:t,this.configProvider.openIDConfiguration.storage.setItem(e+"_"+this.configProvider.openIDConfiguration.client_id,JSON.stringify(t)))},W.decorators=[{type:i.Injectable}],W.ctorParameters=function(){return[{type:k}]},W);function W(e){this.configProvider=e,this.hasStorage="undefined"!=typeof Storage}var U=(Object.defineProperty(V.prototype,"authResult",{get:function(){return this.retrieve(this.storageAuthResult)},set:function(e){this.store(this.storageAuthResult,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"accessToken",{get:function(){return this.retrieve(this.storageAccessToken)||""},set:function(e){this.store(this.storageAccessToken,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"idToken",{get:function(){return this.retrieve(this.storageIdToken)||""},set:function(e){this.store(this.storageIdToken,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"isAuthorized",{get:function(){return this.retrieve(this.storageIsAuthorized)},set:function(e){this.store(this.storageIsAuthorized,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"userData",{get:function(){return this.retrieve(this.storageUserData)},set:function(e){this.store(this.storageUserData,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"authNonce",{get:function(){return this.retrieve(this.storageAuthNonce)||""},set:function(e){this.store(this.storageAuthNonce,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"code_verifier",{get:function(){return this.retrieve(this.storageCodeVerifier)||""},set:function(e){this.store(this.storageCodeVerifier,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"authStateControl",{get:function(){return this.retrieve(this.storageAuthStateControl)||""},set:function(e){this.store(this.storageAuthStateControl,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"sessionState",{get:function(){return this.retrieve(this.storageSessionState)},set:function(e){this.store(this.storageSessionState,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"silentRenewRunning",{get:function(){return this.retrieve(this.storageSilentRenewRunning)||""},set:function(e){this.store(this.storageSilentRenewRunning,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"customRequestParams",{get:function(){return this.retrieve(this.storageCustomRequestParams)},set:function(e){this.store(this.storageCustomRequestParams,e)},enumerable:!0,configurable:!0}),V.prototype.retrieve=function(e){return this.oidcSecurityStorage.read(e)},V.prototype.store=function(e,t){this.oidcSecurityStorage.write(e,t)},V.prototype.resetStorageData=function(e){e||(this.store(this.storageAuthResult,""),this.store(this.storageSessionState,""),this.store(this.storageSilentRenewRunning,""),this.store(this.storageIsAuthorized,!1),this.store(this.storageAccessToken,""),this.store(this.storageIdToken,""),this.store(this.storageUserData,""),this.store(this.storageCodeVerifier,""))},V.prototype.getAccessToken=function(){return this.retrieve(this.storageAccessToken)},V.prototype.getIdToken=function(){return this.retrieve(this.storageIdToken)},V.prototype.getRefreshToken=function(){return this.authResult.refresh_token},V.decorators=[{type:i.Injectable}],V.ctorParameters=function(){return[{type:O}]},V);function V(e){this.oidcSecurityStorage=e,this.storageAuthResult="authorizationResult",this.storageAccessToken="authorizationData",this.storageIdToken="authorizationDataIdToken",this.storageIsAuthorized="_isAuthorized",this.storageUserData="userData",this.storageAuthNonce="authNonce",this.storageCodeVerifier="code_verifier",this.storageAuthStateControl="authStateControl",this.storageSessionState="session_state",this.storageSilentRenewRunning="storage_silent_renew_running",this.storageCustomRequestParams="storage_custom_request_params"}var K=(F.prototype.isTokenExpired=function(e,t){var o;return o=this.tokenHelperService.getPayloadFromToken(e,!1),!this.validate_id_token_exp_not_expired(o,t)},F.prototype.validate_id_token_exp_not_expired=function(e,t){var o=this.tokenHelperService.getTokenExpirationDate(e);if(t=t||0,!o)return!1;var i=o.valueOf(),n=(new Date).valueOf()+1e3*t,r=n<i;return this.loggerService.logDebug("Token not expired?: "+i+" > "+n+" ("+r+")"),r},F.prototype.validate_required_id_token=function(e){var t=!0;return e.hasOwnProperty("iss")||(t=!1,this.loggerService.logWarning("iss is missing, this is required in the id_token")),e.hasOwnProperty("sub")||(t=!1,this.loggerService.logWarning("sub is missing, this is required in the id_token")),e.hasOwnProperty("aud")||(t=!1,this.loggerService.logWarning("aud is missing, this is required in the id_token")),e.hasOwnProperty("exp")||(t=!1,this.loggerService.logWarning("exp is missing, this is required in the id_token")),e.hasOwnProperty("iat")||(t=!1,this.loggerService.logWarning("iat is missing, this is required in the id_token")),t},F.prototype.validate_id_token_iat_max_offset=function(e,t,o){if(o)return!0;if(!e.hasOwnProperty("iat"))return!1;var i=new Date(0);return i.setUTCSeconds(e.iat),t=t||0,null!=i&&(this.loggerService.logDebug("validate_id_token_iat_max_offset: "+((new Date).valueOf()-i.valueOf())+" < "+1e3*t),(new Date).valueOf()-i.valueOf()<1e3*t)},F.prototype.validate_id_token_nonce=function(e,t,o){return!((e.nonce!==undefined&&!o||t!==F.RefreshTokenNoncePlaceholder)&&e.nonce!==t&&(this.loggerService.logDebug("Validate_id_token_nonce failed, dataIdToken.nonce: "+e.nonce+" local_nonce:"+t),1))},F.prototype.validate_id_token_iss=function(e,t){return e.iss===t||(this.loggerService.logDebug("Validate_id_token_iss failed, dataIdToken.iss: "+e.iss+" authWellKnownEndpoints issuer:"+t),!1)},F.prototype.validate_id_token_aud=function(e,t){return e.aud instanceof Array?!!this.arrayHelperService.areEqual(e.aud,t)||(this.loggerService.logDebug("Validate_id_token_aud array failed, dataIdToken.aud: "+e.aud+" client_id:"+t),!1):e.aud===t||(this.loggerService.logDebug("Validate_id_token_aud failed, dataIdToken.aud: "+e.aud+" client_id:"+t),!1)},F.prototype.validateStateFromHashCallback=function(e,t){return e===t||(this.loggerService.logDebug("ValidateStateFromHashCallback failed, state: "+e+" local_state:"+t),!1)},F.prototype.validate_userdata_sub_id_token=function(e,t){return e===t||(this.loggerService.logDebug("validate_userdata_sub_id_token failed, id_token_sub: "+e+" userdata_sub:"+t),!1)},F.prototype.validate_signature_id_token=function(e,t){var o,i,n,r,s,a;if(!t||!t.keys)return!1;var u=this.tokenHelperService.getHeaderFromToken(e,!1);if(0===Object.keys(u).length&&u.constructor===Object)return this.loggerService.logWarning("id token has no header data"),!1;var c=u.kid;if("RS256"!==u.alg)return this.loggerService.logWarning("Only RS256 supported"),!1;var d=!1;if(u.hasOwnProperty("kid"))try{for(var l=b(t.keys),g=l.next();!g.done;g=l.next())if((_=g.value).kid===c)return y=C.KEYUTIL.getKey(_),(d=C.KJUR.jws.JWS.verify(e,y,["RS256"]))||this.loggerService.logWarning("incorrect Signature, validation failed for id_token"),d}catch(m){s={error:m}}finally{try{g&&!g.done&&(a=l["return"])&&a.call(l)}finally{if(s)throw s.error}}else{var h=0;try{for(var f=b(t.keys),p=f.next();!p.done;p=f.next())"RSA"===(_=p.value).kty&&"sig"===_.use&&(h+=1)}catch(k){o={error:k}}finally{try{p&&!p.done&&(i=f["return"])&&i.call(f)}finally{if(o)throw o.error}}if(0===h)return this.loggerService.logWarning("no keys found, incorrect Signature, validation failed for id_token"),!1;if(1<h)return this.loggerService.logWarning("no ID Token kid claim in JOSE header and multiple supplied in jwks_uri"),!1;try{for(var v=b(t.keys),S=v.next();!S.done;S=v.next()){var _;if("RSA"===(_=S.value).kty&&"sig"===_.use){var y=C.KEYUTIL.getKey(_);return(d=C.KJUR.jws.JWS.verify(e,y,["RS256"]))||this.loggerService.logWarning("incorrect Signature, validation failed for id_token"),d}}}catch(w){n={error:w}}finally{try{S&&!S.done&&(r=v["return"])&&r.call(v)}finally{if(n)throw n.error}}}return d},F.prototype.config_validate_response_type=function(e){return"id_token token"===e||"id_token"===e||"code"===e||(this.loggerService.logWarning("module configure incorrect, invalid response_type:"+e),!1)},F.prototype.validate_id_token_at_hash=function(e,t,o){if(this.loggerService.logDebug("at_hash from the server:"+t),o&&!t)return this.loggerService.logDebug("Code Flow active, and no at_hash in the id_token, skipping check!"),!0;var i=this.generate_at_hash(""+e);if(this.loggerService.logDebug("at_hash client validation not decoded:"+i),i===t)return!0;var n=this.generate_at_hash(""+decodeURIComponent(e));return this.loggerService.logDebug("-gen access--"+n),n===t},F.prototype.generate_at_hash=function(e){var t=C.KJUR.crypto.Util.hashString(e,"sha256"),o=t.substr(0,t.length/2);return C.hextob64u(o)},F.prototype.generate_code_verifier=function(e){var t=C.KJUR.crypto.Util.hashString(e,"sha256");return C.hextob64u(t)},F.RefreshTokenNoncePlaceholder="--RefreshToken--",F.decorators=[{type:i.Injectable}],F.ctorParameters=function(){return[{type:R},{type:A},{type:I}]},F);function F(e,t,o){this.arrayHelperService=e,this.tokenHelperService=t,this.loggerService=o}var N=(H.prototype.validateState=function(e,t){var o=new s;if(!this.oidcSecurityValidation.validateStateFromHashCallback(e.state,this.oidcSecurityCommon.authStateControl))return this.loggerService.logWarning("authorizedCallback incorrect state"),o.state=d.StatesDoNotMatch,this.handleUnsuccessfulValidation(),o;if("id_token token"!==this.configurationProvider.openIDConfiguration.response_type&&"code"!==this.configurationProvider.openIDConfiguration.response_type||(o.access_token=e.access_token),e.id_token){if(o.id_token=e.id_token,o.decoded_id_token=this.tokenHelperService.getPayloadFromToken(o.id_token,!1),!this.oidcSecurityValidation.validate_signature_id_token(o.id_token,t))return this.loggerService.logDebug("authorizedCallback Signature validation failed id_token"),o.state=d.SignatureFailed,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_id_token_nonce(o.decoded_id_token,this.oidcSecurityCommon.authNonce,this.configurationProvider.openIDConfiguration.ignore_nonce_after_refresh))return this.loggerService.logWarning("authorizedCallback incorrect nonce"),o.state=d.IncorrectNonce,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_required_id_token(o.decoded_id_token))return this.loggerService.logDebug("authorizedCallback Validation, one of the REQUIRED properties missing from id_token"),o.state=d.RequiredPropertyMissing,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_id_token_iat_max_offset(o.decoded_id_token,this.configurationProvider.openIDConfiguration.max_id_token_iat_offset_allowed_in_seconds,this.configurationProvider.openIDConfiguration.disable_iat_offset_validation))return this.loggerService.logWarning("authorizedCallback Validation, iat rejected id_token was issued too far away from the current time"),o.state=d.MaxOffsetExpired,this.handleUnsuccessfulValidation(),o;if(!this.configurationProvider.wellKnownEndpoints)return this.loggerService.logWarning("authWellKnownEndpoints is undefined"),o.state=d.NoAuthWellKnownEndPoints,this.handleUnsuccessfulValidation(),o;if(this.configurationProvider.openIDConfiguration.iss_validation_off)this.loggerService.logDebug("iss validation is turned off, this is not recommended!");else if(!this.configurationProvider.openIDConfiguration.iss_validation_off&&!this.oidcSecurityValidation.validate_id_token_iss(o.decoded_id_token,this.configurationProvider.wellKnownEndpoints.issuer))return this.loggerService.logWarning("authorizedCallback incorrect iss does not match authWellKnownEndpoints issuer"),o.state=d.IssDoesNotMatchIssuer,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_id_token_aud(o.decoded_id_token,this.configurationProvider.openIDConfiguration.client_id))return this.loggerService.logWarning("authorizedCallback incorrect aud"),o.state=d.IncorrectAud,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_id_token_exp_not_expired(o.decoded_id_token))return this.loggerService.logWarning("authorizedCallback token expired"),o.state=d.TokenExpired,this.handleUnsuccessfulValidation(),o}else this.loggerService.logDebug("No id_token found, skipping id_token validation");return"id_token token"!==this.configurationProvider.openIDConfiguration.response_type&&"code"!==this.configurationProvider.openIDConfiguration.response_type?(o.authResponseIsValid=!0,o.state=d.Ok,this.handleSuccessfulValidation(),this.handleUnsuccessfulValidation()):this.oidcSecurityValidation.validate_id_token_at_hash(o.access_token,o.decoded_id_token.at_hash,"code"===this.configurationProvider.openIDConfiguration.response_type)&&o.access_token?(o.authResponseIsValid=!0,o.state=d.Ok,this.handleSuccessfulValidation()):(this.loggerService.logWarning("authorizedCallback incorrect at_hash"),o.state=d.IncorrectAtHash,this.handleUnsuccessfulValidation()),o},H.prototype.handleSuccessfulValidation=function(){this.oidcSecurityCommon.authNonce="",this.configurationProvider.openIDConfiguration.auto_clean_state_after_authentication&&(this.oidcSecurityCommon.authStateControl=""),this.loggerService.logDebug("AuthorizedCallback token(s) validated, continue")},H.prototype.handleUnsuccessfulValidation=function(){this.oidcSecurityCommon.authNonce="",this.configurationProvider.openIDConfiguration.auto_clean_state_after_authentication&&(this.oidcSecurityCommon.authStateControl=""),this.loggerService.logDebug("AuthorizedCallback token(s) invalid")},H.decorators=[{type:i.Injectable}],H.ctorParameters=function(){return[{type:U},{type:K},{type:A},{type:I},{type:k}]},H);function H(e,t,o,i,n){this.oidcSecurityCommon=e,this.oidcSecurityValidation=t,this.tokenHelperService=o,this.loggerService=i,this.configurationProvider=n}var M="myiFrameForCheckSession",q=(Object.defineProperty(L.prototype,"onCheckSessionChanged",{get:function(){return this.checkSessionChanged.asObservable()},enumerable:!0,configurable:!0}),L.prototype.doesSessionExist=function(){var e=this.iFrameService.getExistingIFrame(M);return!!e&&(this.sessionIframe=e,!0)},L.prototype.init=function(){var t=this;return this.lastIFrameRefresh+this.iframeRefreshInterval>Date.now()?p.from([this]):(this.doesSessionExist()||(this.sessionIframe=this.iFrameService.addIFrameToWindowBody(M),this.iframeMessageEvent=this.messageHandler.bind(this),window.addEventListener("message",this.iframeMessageEvent,!1)),this.configurationProvider.wellKnownEndpoints?(this.configurationProvider.wellKnownEndpoints.check_session_iframe?this.sessionIframe.contentWindow.location.replace(this.configurationProvider.wellKnownEndpoints.check_session_iframe):this.loggerService.logWarning("init check session: authWellKnownEndpoints is undefined"),p.Observable.create(function(e){t.sessionIframe.onload=function(){t.lastIFrameRefresh=Date.now(),e.next(t),e.complete()}})):void this.loggerService.logWarning("init check session: authWellKnownEndpoints is undefined. Returning."))},L.prototype.startCheckingSession=function(e){this.scheduledHeartBeat||this.pollServerSession(e)},L.prototype.stopCheckingSession=function(){this.scheduledHeartBeat&&this.clearScheduledHeartBeat()},L.prototype.pollServerSession=function(t){var o=this,i=function(){o.init().pipe(v.take(1)).subscribe(function(){if(o.sessionIframe&&t){o.loggerService.logDebug(o.sessionIframe);var e=o.oidcSecurityCommon.sessionState;e?(o.outstandingMessages++,o.sessionIframe.contentWindow.postMessage(t+" "+e,o.configurationProvider.openIDConfiguration.stsServer)):(o.loggerService.logDebug("OidcSecurityCheckSession pollServerSession session_state is blank"),o.checkSessionChanged.next())}else o.loggerService.logWarning("OidcSecurityCheckSession pollServerSession sessionIframe does not exist"),o.loggerService.logDebug(t),o.loggerService.logDebug(o.sessionIframe);3<o.outstandingMessages&&(o.loggerService.logError("OidcSecurityCheckSession not receiving check session response messages.\n Outstanding messages: "+o.outstandingMessages+". Server unreachable?"),o.checkSessionChanged.next()),o.scheduledHeartBeat=setTimeout(i,o.heartBeatInterval)})};this.outstandingMessages=0,this.zone.runOutsideAngular(function(){o.scheduledHeartBeat=setTimeout(i,o.heartBeatInterval)})},L.prototype.clearScheduledHeartBeat=function(){clearTimeout(this.scheduledHeartBeat),this.scheduledHeartBeat=null},L.prototype.messageHandler=function(e){this.outstandingMessages=0,this.sessionIframe&&e.origin===this.configurationProvider.openIDConfiguration.stsServer&&e.source===this.sessionIframe.contentWindow&&("error"===e.data?this.loggerService.logWarning("error from checksession messageHandler"):"changed"===e.data?this.checkSessionChanged.next():this.loggerService.logDebug(e.data+" from checksession messageHandler"))},L.decorators=[{type:i.Injectable}],L.ctorParameters=function(){return[{type:U},{type:I},{type:P},{type:i.NgZone},{type:k}]},L);function L(e,t,o,i,n){this.oidcSecurityCommon=e,this.loggerService=t,this.iFrameService=o,this.zone=i,this.configurationProvider=n,this.lastIFrameRefresh=0,this.outstandingMessages=0,this.heartBeatInterval=3e3,this.iframeRefreshInterval=6e4,this.checkSessionChanged=new p.Subject}var B=(Object.defineProperty(J.prototype,"onConfigurationLoaded",{get:function(){return this.configurationLoadedInternal.asObservable()},enumerable:!0,configurable:!0}),J.prototype.load=function(t){var o=this;return this.httpClient.get(t).pipe(v.switchMap(function(e){return o.loadUsingConfiguration(e)}),v.catchError(function(e){return o.loggerService.logError("OidcConfigService 'load' threw an error on calling "+t,e),o.configurationLoadedInternal.next(undefined),p.of(!1)})).toPromise()},J.prototype.load_using_stsServer=function(e){return this.loadUsingConfiguration({stsServer:e}).toPromise()},J.prototype.load_using_custom_stsServer=function(t){var o=this;return this.httpClient.get(t).pipe(v.switchMap(function(e){return o.configurationLoadedInternal.next({authWellknownEndpoints:e,customConfig:{stsServer:t}}),p.of(!0)}),v.catchError(function(e){return o.loggerService.logError("OidcConfigService 'load_using_custom_stsServer' threw an error on calling "+t,e),o.configurationLoadedInternal.next(undefined),p.of(!1)})).toPromise()},J.prototype.loadUsingConfiguration=function(t){var o=this;if(!t.stsServer)throw this.loggerService.logError("Property 'stsServer' is not present of passed config "+JSON.stringify(t),t),new Error("Property 'stsServer' is not present of passed config "+JSON.stringify(t));var i=t.stsServer+"/.well-known/openid-configuration";return this.httpClient.get(i).pipe(v.switchMap(function(e){return o.configurationLoadedInternal.next({authWellknownEndpoints:e,customConfig:t}),p.of(!0)}),v.catchError(function(e){return o.loggerService.logError("OidcConfigService 'load_using_stsServer' threw an error on calling "+i,e),o.configurationLoadedInternal.next(undefined),p.of(!1)}))},J.decorators=[{type:i.Injectable}],J.ctorParameters=function(){return[{type:I},{type:l.HttpClient}]},J);function J(e,t){this.loggerService=e,this.httpClient=t,this.configurationLoadedInternal=new p.ReplaySubject(1)}var G="myiFrameForSilentRenew",$=(Y.prototype.initRenew=function(){var e=this.iFrameService.getExistingIFrame(G);return e||this.iFrameService.addIFrameToWindowBody(G)},Y.prototype.startRenew=function(o){var i=this.initRenew();return this.loggerService.logDebug("startRenew for URL:"+o),new p.Observable(function(e){var t=function(){i.removeEventListener("load",t),e.next(undefined),e.complete()};return i.addEventListener("load",t),i.src=o,function(){i.removeEventListener("load",t)}})},Y.decorators=[{type:i.Injectable}],Y.ctorParameters=function(){return[{type:I},{type:P}]},Y);function Y(e,t){this.loggerService=e,this.iFrameService=t}var Z=(Q.prototype.initUserData=function(){var t=this;return this.getIdentityUserData().pipe(v.map(function(e){return t.userData=e}))},Q.prototype.getUserData=function(){if(!this.userData)throw Error("UserData is not set!");return this.userData},Q.prototype.setUserData=function(e){this.userData=e},Q.prototype.getIdentityUserData=function(){var e=this.oidcSecurityCommon.getAccessToken();if(!this.configurationProvider.wellKnownEndpoints)throw this.loggerService.logWarning("init check session: authWellKnownEndpoints is undefined"),Error("authWellKnownEndpoints is undefined");if(!this.configurationProvider.wellKnownEndpoints||!this.configurationProvider.wellKnownEndpoints.userinfo_endpoint)throw this.loggerService.logError("init check session: authWellKnownEndpoints.userinfo_endpoint is undefined; set auto_userinfo = false in config"),Error("authWellKnownEndpoints.userinfo_endpoint is undefined");return this.oidcDataService.getIdentityUserData(this.configurationProvider.wellKnownEndpoints.userinfo_endpoint||"",e)},Q.decorators=[{type:i.Injectable}],Q.ctorParameters=function(){return[{type:g},{type:U},{type:I},{type:k}]},Q);function Q(e,t,o,i){this.oidcDataService=e,this.oidcSecurityCommon=t,this.loggerService=o,this.configurationProvider=i,this.userData=""}var X=(ee.prototype.encodeKey=function(e){return encodeURIComponent(e)},ee.prototype.encodeValue=function(e){return encodeURIComponent(e)},ee.prototype.decodeKey=function(e){return decodeURIComponent(e)},ee.prototype.decodeValue=function(e){return decodeURIComponent(e)},ee);function ee(){}var te=(oe.prototype.getUrlParameter=function(e,t){if(!e)return"";if(!t)return"";t=t.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");var o=new RegExp("[\\?&]"+t+"=([^&#]*)").exec(e);return null===o?"":decodeURIComponent(o[1])},oe.decorators=[{type:i.Injectable,args:[{providedIn:"root"}]}],oe.ngInjectableDef=i.defineInjectable({factory:function(){return new oe},token:oe,providedIn:"root"}),oe);function oe(){}var ie,ne,re=(Object.defineProperty(se.prototype,"onModuleSetup",{get:function(){return this._onModuleSetup.asObservable()},enumerable:!0,configurable:!0}),Object.defineProperty(se.prototype,"onAuthorizationResult",{get:function(){return this._onAuthorizationResult.asObservable()},enumerable:!0,configurable:!0}),Object.defineProperty(se.prototype,"onCheckSessionChanged",{get:function(){return this._onCheckSessionChanged.asObservable()},enumerable:!0,configurable:!0}),Object.defineProperty(se.prototype,"onConfigurationChange",{get:function(){return this.configurationProvider.onConfigurationChange},enumerable:!0,configurable:!0}),se.prototype.setupModule=function(e,t){var o=this;this.configurationProvider.setup(e,t),this.oidcSecurityCheckSession.onCheckSessionChanged.subscribe(function(){o.loggerService.logDebug("onCheckSessionChanged"),o.checkSessionChanged=!0,o._onCheckSessionChanged.next(o.checkSessionChanged)});var i=this.oidcSecurityCommon.userData;i&&this.setUserData(i);var n=this.oidcSecurityCommon.isAuthorized;if(n&&(this.loggerService.logDebug("IsAuthorized setup module"),this.loggerService.logDebug(this.oidcSecurityCommon.idToken),this.oidcSecurityValidation.isTokenExpired(this.oidcSecurityCommon.idToken||this.oidcSecurityCommon.accessToken,this.configurationProvider.openIDConfiguration.silent_renew_offset_in_seconds)?this.loggerService.logDebug("IsAuthorized setup module; id_token isTokenExpired"):(this.loggerService.logDebug("IsAuthorized setup module; id_token is valid"),this.setIsAuthorized(n)),this.runTokenValidation()),this.loggerService.logDebug("STS server: "+this.configurationProvider.openIDConfiguration.stsServer),this._onModuleSetup.next(),this.configurationProvider.openIDConfiguration.silent_renew){this.oidcSecuritySilentRenew.initRenew(),this.boundSilentRenewEvent=this.silentRenewEventHandler.bind(this);var r=Math.random(),s=function(e){e.detail!==r&&(window.removeEventListener("oidc-silent-renew-message",o.boundSilentRenewEvent),window.removeEventListener("oidc-silent-renew-init",s))}.bind(this);window.addEventListener("oidc-silent-renew-init",s,!1),window.addEventListener("oidc-silent-renew-message",this.boundSilentRenewEvent,!1),window.dispatchEvent(new CustomEvent("oidc-silent-renew-init",{detail:r}))}},se.prototype.getUserData=function(){return this._userData.asObservable()},se.prototype.getIsModuleSetup=function(){return this._isModuleSetup.asObservable()},se.prototype.getIsAuthorized=function(){return this._isSetupAndAuthorized},se.prototype.getToken=function(){if(!this._isAuthorized.getValue())return"";var e=this.oidcSecurityCommon.getAccessToken();return decodeURIComponent(e)},se.prototype.getIdToken=function(){if(!this._isAuthorized.getValue())return"";var e=this.oidcSecurityCommon.getIdToken();return decodeURIComponent(e)},se.prototype.getRefreshToken=function(){if(!this._isAuthorized.getValue())return"";var e=this.oidcSecurityCommon.getRefreshToken();return decodeURIComponent(e)},se.prototype.getPayloadFromIdToken=function(e){void 0===e&&(e=!1);var t=this.getIdToken();return this.tokenHelperService.getPayloadFromToken(t,e)},se.prototype.setState=function(e){this.oidcSecurityCommon.authStateControl=e},se.prototype.getState=function(){return this.oidcSecurityCommon.authStateControl},se.prototype.setCustomRequestParameters=function(e){this.oidcSecurityCommon.customRequestParams=e},se.prototype.authorize=function(e){if(this.configurationProvider.wellKnownEndpoints&&(this.authWellKnownEndpointsLoaded=!0),this.authWellKnownEndpointsLoaded){if(this.oidcSecurityValidation.config_validate_response_type(this.configurationProvider.openIDConfiguration.response_type)){this.resetAuthorizationData(!1),this.loggerService.logDebug("BEGIN Authorize Code Flow, no auth data");var t=this.oidcSecurityCommon.authStateControl;t||(t=Date.now()+""+Math.random()+Math.random(),this.oidcSecurityCommon.authStateControl=t);var o="N"+Math.random()+Date.now();this.oidcSecurityCommon.authNonce=o,this.loggerService.logDebug("AuthorizedController created. local state: "+this.oidcSecurityCommon.authStateControl);var i="";if("code"===this.configurationProvider.openIDConfiguration.response_type){var n="C"+Math.random()+Date.now()+Date.now()+Math.random(),r=this.oidcSecurityValidation.generate_code_verifier(n);this.oidcSecurityCommon.code_verifier=n,this.configurationProvider.wellKnownEndpoints?i=this.createAuthorizeUrl(!0,r,this.configurationProvider.openIDConfiguration.redirect_url,o,t,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||""):this.loggerService.logError("authWellKnownEndpoints is undefined")}else this.configurationProvider.wellKnownEndpoints?i=this.createAuthorizeUrl(!1,"",this.configurationProvider.openIDConfiguration.redirect_url,o,t,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||""):this.loggerService.logError("authWellKnownEndpoints is undefined");e?e(i):this.redirectTo(i)}}else this.loggerService.logError("Well known endpoints must be loaded before user can login!")},se.prototype.authorizedCallbackWithCode=function(e){this.authorizedCallbackWithCode$(e).subscribe()},se.prototype.authorizedCallbackWithCode$=function(e){var t=this.urlParserService.getUrlParameter(e,"code"),o=this.urlParserService.getUrlParameter(e,"state"),i=this.urlParserService.getUrlParameter(e,"session_state")||null;return o?t?(this.loggerService.logDebug("running validation for callback"+e),this.requestTokensWithCode$(t,o,i)):(this.loggerService.logDebug("no code in url"),p.of()):(this.loggerService.logDebug("no state in url"),p.of())},se.prototype.requestTokensWithCode=function(e,t,o){this.requestTokensWithCode$(e,t,o).subscribe()},se.prototype.requestTokensWithCode$=function(e,t,o){var i=this;return this._isModuleSetup.pipe(v.filter(function(e){return!!e}),v.take(1),v.switchMap(function(){return i.requestTokensWithCodeProcedure$(e,t,o)}))},se.prototype.refreshTokensWithCodeProcedure=function(e,o){var i=this,t="";this.configurationProvider.wellKnownEndpoints&&this.configurationProvider.wellKnownEndpoints.token_endpoint&&(t=""+this.configurationProvider.wellKnownEndpoints.token_endpoint);var n=new l.HttpHeaders;n=n.set("Content-Type","application/x-www-form-urlencoded");var r="grant_type=refresh_token&client_id="+this.configurationProvider.openIDConfiguration.client_id+"&refresh_token="+e;return this.httpClient.post(t,r,{headers:n}).pipe(v.map(function(e){i.loggerService.logDebug("token refresh response: "+JSON.stringify(e));var t=new Object;(t=e).state=o,i.authorizedCodeFlowCallbackProcedure(t)}),v.catchError(function(e){return i.loggerService.logError(e),i.loggerService.logError("OidcService code request "+i.configurationProvider.openIDConfiguration.stsServer),p.of(!1)}))},se.prototype.requestTokensWithCodeProcedure=function(e,t,o){this.requestTokensWithCodeProcedure$(e,t,o).subscribe()},se.prototype.requestTokensWithCodeProcedure$=function(e,o,i){var n=this,t="";if(this.configurationProvider.wellKnownEndpoints&&this.configurationProvider.wellKnownEndpoints.token_endpoint&&(t=""+this.configurationProvider.wellKnownEndpoints.token_endpoint),!this.oidcSecurityValidation.validateStateFromHashCallback(o,this.oidcSecurityCommon.authStateControl))return this.loggerService.logWarning("authorizedCallback incorrect state"),p.throwError(new Error("incorrect state"));var r=new l.HttpHeaders;r=r.set("Content-Type","application/x-www-form-urlencoded");var s=a.oneLineTrim(ie=ie||_(["grant_type=authorization_code&client_id=","\n &code_verifier=","\n &code=","&redirect_uri=",""],["grant_type=authorization_code&client_id=","\n &code_verifier=","\n &code=","&redirect_uri=",""]),this.configurationProvider.openIDConfiguration.client_id,this.oidcSecurityCommon.code_verifier,e,this.configurationProvider.openIDConfiguration.redirect_url);return"running"===this.oidcSecurityCommon.silentRenewRunning&&(s=a.oneLineTrim(ne=ne||_(["grant_type=authorization_code&client_id=","\n &code_verifier=","\n &code=","\n &redirect_uri=",""],["grant_type=authorization_code&client_id=","\n &code_verifier=","\n &code=","\n &redirect_uri=",""]),this.configurationProvider.openIDConfiguration.client_id,this.oidcSecurityCommon.code_verifier,e,this.configurationProvider.openIDConfiguration.silent_renew_url)),this.httpClient.post(t,s,{headers:r}).pipe(v.map(function(e){var t=new Object;return(t=e).state=o,t.session_state=i,n.authorizedCodeFlowCallbackProcedure(t),undefined}),v.catchError(function(e){return n.loggerService.logError(e),n.loggerService.logError("OidcService code request "+n.configurationProvider.openIDConfiguration.stsServer),p.throwError(e)}))},se.prototype.authorizedCodeFlowCallbackProcedure=function(e){var t="running"===this.oidcSecurityCommon.silentRenewRunning;this.loggerService.logDebug("BEGIN authorized Code Flow Callback, no auth data"),this.resetAuthorizationData(t),this.authorizedCallbackProcedure(e,t)},se.prototype.authorizedImplicitFlowCallbackProcedure=function(e){var t="running"===this.oidcSecurityCommon.silentRenewRunning;this.loggerService.logDebug("BEGIN authorizedCallback, no auth data"),this.resetAuthorizationData(t);var o=(e=e||window.location.hash.substr(1)).split("&").reduce(function(e,t){var o=t.split("=");return e[o.shift()]=o.join("="),e},{});this.authorizedCallbackProcedure(o,t)},se.prototype.authorizedImplicitFlowCallback=function(e){var t=this;this._isModuleSetup.pipe(v.filter(function(e){return e}),v.take(1)).subscribe(function(){t.authorizedImplicitFlowCallbackProcedure(e)})},se.prototype.redirectTo=function(e){window.location.href=e},se.prototype.authorizedCallbackProcedure=function(o,i){var n=this;this.oidcSecurityCommon.authResult=o,this.configurationProvider.openIDConfiguration.history_cleanup_off||i?this.loggerService.logDebug("history clean up inactive"):window.history.replaceState({},window.document.title,window.location.origin+window.location.pathname),o.error?(i?this.loggerService.logDebug(o):this.loggerService.logWarning(o),"login_required"===o.error?this._onAuthorizationResult.next(new u(c.unauthorized,d.LoginRequired,i)):this._onAuthorizationResult.next(new u(c.unauthorized,d.SecureTokenServerError,i)),this.resetAuthorizationData(!1),this.oidcSecurityCommon.authNonce="",this.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||this.router.navigate([this.configurationProvider.openIDConfiguration.unauthorized_route])):(this.loggerService.logDebug(o),this.loggerService.logDebug("authorizedCallback created, begin token validation"),this.getSigningKeys().subscribe(function(e){var t=n.getValidatedStateResult(o,e);t.authResponseIsValid?(n.setAuthorizationData(t.access_token,t.id_token),n.oidcSecurityCommon.silentRenewRunning="",n.configurationProvider.openIDConfiguration.auto_userinfo?n.getUserinfo(i,o,t.id_token,t.decoded_id_token).subscribe(function(e){e?(n._onAuthorizationResult.next(new u(c.authorized,t.state,i)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||n.router.navigate([n.configurationProvider.openIDConfiguration.post_login_route])):(n._onAuthorizationResult.next(new u(c.unauthorized,t.state,i)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||n.router.navigate([n.configurationProvider.openIDConfiguration.unauthorized_route]))},function(e){n.loggerService.logWarning("Failed to retreive user info with error: "+JSON.stringify(e))}):(i||(n.oidcSecurityUserService.setUserData(t.decoded_id_token),n.setUserData(n.oidcSecurityUserService.getUserData())),n.runTokenValidation(),n._onAuthorizationResult.next(new u(c.authorized,t.state,i)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||n.router.navigate([n.configurationProvider.openIDConfiguration.post_login_route]))):(n.loggerService.logWarning("authorizedCallback, token(s) validation failed, resetting"),n.loggerService.logWarning(window.location.hash),n.resetAuthorizationData(!1),n.oidcSecurityCommon.silentRenewRunning="",n._onAuthorizationResult.next(new u(c.unauthorized,t.state,i)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||n.router.navigate([n.configurationProvider.openIDConfiguration.unauthorized_route]))},function(e){n.loggerService.logWarning("Failed to retreive siging key with error: "+JSON.stringify(e)),n.oidcSecurityCommon.silentRenewRunning=""}))},se.prototype.getUserinfo=function(e,o,t,i){var n=this;return void 0===e&&(e=!1),o=o||this.oidcSecurityCommon.authResult,t=t||this.oidcSecurityCommon.idToken,i=i||this.tokenHelperService.getPayloadFromToken(t,!1),new p.Observable(function(t){"id_token token"===n.configurationProvider.openIDConfiguration.response_type||"code"===n.configurationProvider.openIDConfiguration.response_type?e&&n._userData.value?(n.oidcSecurityCommon.sessionState=o.session_state,t.next(!0),t.complete()):n.oidcSecurityUserService.initUserData().subscribe(function(){n.loggerService.logDebug("authorizedCallback (id_token token || code) flow");var e=n.oidcSecurityUserService.getUserData();n.oidcSecurityValidation.validate_userdata_sub_id_token(i.sub,e.sub)?(n.setUserData(e),n.loggerService.logDebug(n.oidcSecurityCommon.accessToken),n.loggerService.logDebug(n.oidcSecurityUserService.getUserData()),n.oidcSecurityCommon.sessionState=o.session_state,n.runTokenValidation(),t.next(!0)):(n.loggerService.logWarning("authorizedCallback, User data sub does not match sub in id_token"),n.loggerService.logDebug("authorizedCallback, token(s) validation failed, resetting"),n.resetAuthorizationData(!1),t.next(!1)),t.complete()}):(n.loggerService.logDebug("authorizedCallback id_token flow"),n.loggerService.logDebug(n.oidcSecurityCommon.accessToken),n.oidcSecurityUserService.setUserData(i),n.setUserData(n.oidcSecurityUserService.getUserData()),n.oidcSecurityCommon.sessionState=o.session_state,n.runTokenValidation(),t.next(!0),t.complete())})},se.prototype.logoff=function(e){if(this.loggerService.logDebug("BEGIN Authorize, no auth data"),this.configurationProvider.wellKnownEndpoints)if(this.configurationProvider.wellKnownEndpoints.end_session_endpoint){var t=this.configurationProvider.wellKnownEndpoints.end_session_endpoint,o=this.oidcSecurityCommon.idToken,i=this.createEndSessionUrl(t,o);this.resetAuthorizationData(!1),this.configurationProvider.openIDConfiguration.start_checksession&&this.checkSessionChanged?this.loggerService.logDebug("only local login cleaned up, server session has changed"):e?e(i):this.redirectTo(i)}else this.resetAuthorizationData(!1),this.loggerService.logDebug("only local login cleaned up, no end_session_endpoint");else this.loggerService.logWarning("authWellKnownEndpoints is undefined")},se.prototype.refreshSession=function(){if(!this.configurationProvider.openIDConfiguration.silent_renew)return p.of(!1);this.loggerService.logDebug("BEGIN refresh session Authorize"),this.oidcSecurityCommon.silentRenewRunning="running";var e=this.oidcSecurityCommon.authStateControl;""!==e&&null!==e||(e=Date.now()+""+Math.random()+Math.random(),this.oidcSecurityCommon.authStateControl=e);var t="N"+Math.random()+Date.now();this.oidcSecurityCommon.authNonce=t,this.loggerService.logDebug("RefreshSession created. adding myautostate: "+this.oidcSecurityCommon.authStateControl);var o="";if("code"===this.configurationProvider.openIDConfiguration.response_type){if(this.configurationProvider.openIDConfiguration.use_refresh_token){var i=this.oidcSecurityCommon.getRefreshToken();if(i)return this.loggerService.logDebug("found refresh code, obtaining new credentials with refresh code"),this.oidcSecurityCommon.authNonce=K.RefreshTokenNoncePlaceholder,this.refreshTokensWithCodeProcedure(i,e);this.loggerService.logDebug("no refresh token found, using silent renew")}var n="C"+Math.random()+Date.now()+Date.now()+Math.random(),r=this.oidcSecurityValidation.generate_code_verifier(n);this.oidcSecurityCommon.code_verifier=n,this.configurationProvider.wellKnownEndpoints?o=this.createAuthorizeUrl(!0,r,this.configurationProvider.openIDConfiguration.silent_renew_url,t,e,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||"","none"):this.loggerService.logWarning("authWellKnownEndpoints is undefined")}else this.configurationProvider.wellKnownEndpoints?o=this.createAuthorizeUrl(!1,"",this.configurationProvider.openIDConfiguration.silent_renew_url,t,e,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||"","none"):this.loggerService.logWarning("authWellKnownEndpoints is undefined");return this.oidcSecuritySilentRenew.startRenew(o).pipe(v.map(function(){return!0}))},se.prototype.handleError=function(e){var t="running"===this.oidcSecurityCommon.silentRenewRunning;if(this.loggerService.logError(e),403===e.status||"403"===e.status)this.configurationProvider.openIDConfiguration.trigger_authorization_result_event?this._onAuthorizationResult.next(new u(c.unauthorized,d.NotSet,t)):this.router.navigate([this.configurationProvider.openIDConfiguration.forbidden_route]);else if(401===e.status||"401"===e.status){var o=this.oidcSecurityCommon.silentRenewRunning;this.resetAuthorizationData(!!o),this.configurationProvider.openIDConfiguration.trigger_authorization_result_event?this._onAuthorizationResult.next(new u(c.unauthorized,d.NotSet,t)):this.router.navigate([this.configurationProvider.openIDConfiguration.unauthorized_route])}},se.prototype.startCheckingSilentRenew=function(){this.runTokenValidation()},se.prototype.stopCheckingSilentRenew=function(){this._scheduledHeartBeat&&(clearTimeout(this._scheduledHeartBeat),this._scheduledHeartBeat=null,this.runTokenValidationRunning=!1)},se.prototype.resetAuthorizationData=function(e){e||(this.configurationProvider.openIDConfiguration.auto_userinfo&&this.setUserData(""),this.oidcSecurityCommon.resetStorageData(e),this.checkSessionChanged=!1,this.setIsAuthorized(!1))},se.prototype.getEndSessionUrl=function(){if(this.configurationProvider.wellKnownEndpoints&&this.configurationProvider.wellKnownEndpoints.end_session_endpoint){var e=this.configurationProvider.wellKnownEndpoints.end_session_endpoint,t=this.oidcSecurityCommon.idToken;return this.createEndSessionUrl(e,t)}},se.prototype.getValidatedStateResult=function(e,t){return e.error?new s("","",!1,{}):this.stateValidationService.validateState(e,t)},se.prototype.setUserData=function(e){this.oidcSecurityCommon.userData=e,this._userData.next(e)},se.prototype.setIsAuthorized=function(e){this._isAuthorized.next(e)},se.prototype.setAuthorizationData=function(e,t){""!==this.oidcSecurityCommon.accessToken&&(this.oidcSecurityCommon.accessToken=""),this.loggerService.logDebug(e),this.loggerService.logDebug(t),this.loggerService.logDebug("storing to storage, getting the roles"),this.oidcSecurityCommon.accessToken=e,this.oidcSecurityCommon.idToken=t,this.setIsAuthorized(!0),this.oidcSecurityCommon.isAuthorized=!0},se.prototype.createAuthorizeUrl=function(e,t,o,i,n,r,s){var a=r.split("?"),u=a[0],c=new l.HttpParams({fromString:a[1],encoder:new X});c=(c=(c=(c=(c=(c=c.set("client_id",this.configurationProvider.openIDConfiguration.client_id)).append("redirect_uri",o)).append("response_type",this.configurationProvider.openIDConfiguration.response_type)).append("scope",this.configurationProvider.openIDConfiguration.scope)).append("nonce",i)).append("state",n),e&&(c=(c=c.append("code_challenge",t)).append("code_challenge_method","S256")),s&&(c=c.append("prompt",s)),this.configurationProvider.openIDConfiguration.hd_param&&(c=c.append("hd",this.configurationProvider.openIDConfiguration.hd_param));var d=Object.assign({},this.oidcSecurityCommon.customRequestParams);return Object.keys(d).forEach(function(e){c=c.append(e,d[e].toString())}),u+"?"+c},se.prototype.createEndSessionUrl=function(e,t){var o=e.split("?"),i=o[0],n=new l.HttpParams({fromString:o[1],encoder:new X});return i+"?"+(n=(n=n.set("id_token_hint",t)).append("post_logout_redirect_uri",this.configurationProvider.openIDConfiguration.post_logout_redirect_uri))},se.prototype.getSigningKeys=function(){return this.configurationProvider.wellKnownEndpoints?(this.loggerService.logDebug("jwks_uri: "+this.configurationProvider.wellKnownEndpoints.jwks_uri),this.oidcDataService.get(this.configurationProvider.wellKnownEndpoints.jwks_uri||"").pipe(v.catchError(this.handleErrorGetSigningKeys))):(this.loggerService.logWarning("getSigningKeys: authWellKnownEndpoints is undefined"),this.oidcDataService.get("undefined").pipe(v.catchError(this.handleErrorGetSigningKeys)))},se.prototype.handleErrorGetSigningKeys=function(e){var t;if(e instanceof Response){var o=e.json()||{},i=JSON.stringify(o);t=e.status+" - "+(e.statusText||"")+" "+i}else t=e.message?e.message:e.toString();return this.loggerService.logError(t),p.throwError(t)},se.prototype.runTokenValidation=function(){var t=this;if(!this.runTokenValidationRunning&&this.configurationProvider.openIDConfiguration.silent_renew){this.runTokenValidationRunning=!0,this.loggerService.logDebug("runTokenValidation silent-renew running");var o=function(){if(t.loggerService.logDebug("silentRenewHeartBeatCheck\r\n\tsilentRenewRunning: "+("running"===t.oidcSecurityCommon.silentRenewRunning)+"\r\n\tidToken: "+!!t.getIdToken()+"\r\n\t_userData.value: "+!!t._userData.value),t._userData.value&&"running"!==t.oidcSecurityCommon.silentRenewRunning&&t.getIdToken()&&t.oidcSecurityValidation.isTokenExpired(t.oidcSecurityCommon.idToken,t.configurationProvider.openIDConfiguration.silent_renew_offset_in_seconds)){if(t.loggerService.logDebug("IsAuthorized: id_token isTokenExpired, start silent renew if active"),t.configurationProvider.openIDConfiguration.silent_renew)return void t.refreshSession().subscribe(function(){t._scheduledHeartBeat=setTimeout(o,3e3)},function(e){t.loggerService.logError("Error: "+e),t._scheduledHeartBeat=setTimeout(o,3e3)});t.resetAuthorizationData(!1)}t._scheduledHeartBeat=setTimeout(o,3e3)};this.zone.runOutsideAngular(function(){t._scheduledHeartBeat=setTimeout(o,1e4)})}},se.prototype.silentRenewEventHandler=function(e){if(this.loggerService.logDebug("silentRenewEventHandler"),"code"===this.configurationProvider.openIDConfiguration.response_type){var t=e.detail.toString().split("?"),o=new l.HttpParams({fromString:t[1]}),i=o.get("code"),n=o.get("state"),r=o.get("session_state"),s=o.get("error");i&&n&&this.requestTokensWithCodeProcedure(i,n,r),s&&(this._onAuthorizationResult.next(new u(c.unauthorized,d.LoginRequired,!0)),this.resetAuthorizationData(!1),this.oidcSecurityCommon.authNonce="",this.loggerService.logDebug(e.detail.toString()))}else this.authorizedImplicitFlowCallback(e.detail)},se.decorators=[{type:i.Injectable}],se.ctorParameters=function(){return[{type:g},{type:N},{type:o.Router},{type:q},{type:$},{type:Z},{type:U},{type:K},{type:A},{type:I},{type:i.NgZone},{type:l.HttpClient},{type:k},{type:te}]},se);function se(e,t,o,i,n,r,s,a,u,c,d,l,g,h){var f=this;this.oidcDataService=e,this.stateValidationService=t,this.router=o,this.oidcSecurityCheckSession=i,this.oidcSecuritySilentRenew=n,this.oidcSecurityUserService=r,this.oidcSecurityCommon=s,this.oidcSecurityValidation=a,this.tokenHelperService=u,this.loggerService=c,this.zone=d,this.httpClient=l,this.configurationProvider=g,this.urlParserService=h,this._onModuleSetup=new p.Subject,this._onCheckSessionChanged=new p.Subject,this._onAuthorizationResult=new p.Subject,this.checkSessionChanged=!1,this.moduleSetup=!1,this._isModuleSetup=new p.BehaviorSubject(!1),this._isAuthorized=new p.BehaviorSubject(!1),this._userData=new p.BehaviorSubject(""),this.authWellKnownEndpointsLoaded=!1,this.runTokenValidationRunning=!1,this.onModuleSetup.pipe(v.take(1)).subscribe(function(){f.moduleSetup=!0,f._isModuleSetup.next(!0)}),this._isSetupAndAuthorized=this._isModuleSetup.pipe(v.filter(function(e){return e}),v.switchMap(function(){if(!f.configurationProvider.openIDConfiguration.silent_renew)return f.loggerService.logDebug("IsAuthorizedRace: Silent Renew Not Active. Emitting."),p.from([!0]);var e=f._isAuthorized.asObservable().pipe(v.filter(function(e){return e}),v.take(1),v.tap(function(){return f.loggerService.logDebug("IsAuthorizedRace: Existing token is still authorized.")}),v.race(f._onAuthorizationResult.pipe(v.take(1),v.tap(function(){return f.loggerService.logDebug("IsAuthorizedRace: Silent Renew Refresh Session Complete")}),v.map(function(){return!0})),p.timer(1e3*f.configurationProvider.openIDConfiguration.isauthorizedrace_timeout_in_seconds).pipe(v.tap(function(){f.resetAuthorizationData(!1),f.oidcSecurityCommon.authNonce="",f.loggerService.logWarning("IsAuthorizedRace: Timeout reached. Emitting.")}),v.map(function(){return!0}))));return f.loggerService.logDebug("Silent Renew is active, check if token in storage is active"),""!==f.oidcSecurityCommon.authNonce&&f.oidcSecurityCommon.authNonce!==undefined||(f.loggerService.logDebug("Silent Renew or login not running, try to refresh the session"),f.refreshSession().subscribe()),e}),v.tap(function(){return f.loggerService.logDebug("IsAuthorizedRace: Completed")}),v.switchMapTo(this._isAuthorized.asObservable()),v.tap(function(e){return f.loggerService.logDebug("getIsAuthorized: "+e)}),v.shareReplay(1)),this._isSetupAndAuthorized.pipe(v.filter(function(){return f.configurationProvider.openIDConfiguration.start_checksession})).subscribe(function(e){e?f.oidcSecurityCheckSession.startCheckingSession(f.configurationProvider.openIDConfiguration.client_id):f.oidcSecurityCheckSession.stopCheckingSession()})}var ae=(ue.forRoot=function(e){return void 0===e&&(e={}),{ngModule:ue,providers:[B,re,K,q,$,Z,U,A,I,P,R,g,N,{provide:O,useClass:e.storage||j}]}},ue.decorators=[{type:i.NgModule}],ue);function ue(){}e.AuthorizationResult=u,e.AuthorizationState=c,e.JwtKeys=n,e.JwtKey=r,e.ValidateStateResult=s,e.ValidationResult=d,e.AuthModule=ae,e.TokenHelperService=A,e.OidcConfigService=B,e.OidcSecurityService=re,e.OidcSecurityStorage=O,e.BrowserStorage=j,e.OidcSecurityValidation=K,e.LoggerService=I,e.ɵc=g,e.ɵa=k,e.ɵh=P,e.ɵf=R,e.ɵd=N,e.ɵg=q,e.ɵe=U,e.ɵi=$,e.ɵj=Z,e.ɵb=y,e.ɵk=te,Object.defineProperty(e,"__esModule",{value:!0})}); | ||
| !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("@angular/common"),require("jsrsasign-reduced"),require("@angular/common/http"),require("@angular/router"),require("rxjs"),require("rxjs/operators"),require("@angular/core"),require("common-tags")):"function"==typeof define&&define.amd?define("angular-auth-oidc-client",["exports","@angular/common","jsrsasign-reduced","@angular/common/http","@angular/router","rxjs","rxjs/operators","@angular/core","common-tags"],t):t(e["angular-auth-oidc-client"]={},e.ng.common,e["jsrsasign-reduced"],e.ng.common.http,e.ng.router,e.rxjs,e.rxjs.operators,e.ng.core,e["common-tags"])}(this,function(e,t,C,l,o,p,v,i,a){"use strict";function n(){this.keys=[]}function r(){this.kty="",this.use="",this.kid="",this.x5t="",this.e="",this.n="",this.x5c=[]}var u=function ce(e,t,o){void 0===o&&(o=!1),this.authorizationState=e,this.validationResult=t,this.isRenewProcess=o},c={authorized:"authorized",forbidden:"forbidden",unauthorized:"unauthorized"},d={NotSet:"NotSet",StatesDoNotMatch:"StatesDoNotMatch",SignatureFailed:"SignatureFailed",IncorrectNonce:"IncorrectNonce",RequiredPropertyMissing:"RequiredPropertyMissing",MaxOffsetExpired:"MaxOffsetExpired",IssDoesNotMatchIssuer:"IssDoesNotMatchIssuer",NoAuthWellKnownEndPoints:"NoAuthWellKnownEndPoints",IncorrectAud:"IncorrectAud",TokenExpired:"TokenExpired",IncorrectAtHash:"IncorrectAtHash",Ok:"Ok",LoginRequired:"LoginRequired",SecureTokenServerError:"SecureTokenServerError"},s=function de(e,t,o,i,n){void 0===e&&(e=""),void 0===t&&(t=""),void 0===o&&(o=!1),void 0===i&&(i={}),void 0===n&&(n=d.NotSet),this.access_token=e,this.id_token=t,this.authResponseIsValid=o,this.decoded_id_token=i,this.state=n},g=(h.prototype.getWellknownEndpoints=function(e){var t=new l.HttpHeaders;return t=t.set("Accept","application/json"),this.httpClient.get(e,{headers:t})},h.prototype.getIdentityUserData=function(e,t){var o=new l.HttpHeaders;return o=(o=o.set("Accept","application/json")).set("Authorization","Bearer "+decodeURIComponent(t)),this.httpClient.get(e,{headers:o})},h.prototype.get=function(e){var t=new l.HttpHeaders;return t=t.set("Accept","application/json"),this.httpClient.get(e,{headers:t})},h.decorators=[{type:i.Injectable}],h.ctorParameters=function(){return[{type:l.HttpClient}]},h);function h(e){this.httpClient=e}var f=function(){return(f=Object.assign||function(e){for(var t,o=1,i=arguments.length;o<i;o++)for(var n in t=arguments[o])Object.prototype.hasOwnProperty.call(t,n)&&(e[n]=t[n]);return e}).apply(this,arguments)};function b(e){var t="function"==typeof Symbol&&e[Symbol.iterator],o=0;return t?t.call(e):{next:function(){return e&&o>=e.length&&(e=void 0),{value:e&&e[o++],done:!e}}}}function S(e,t){var o="function"==typeof Symbol&&e[Symbol.iterator];if(!o)return e;var i,n,r=o.call(e),s=[];try{for(;(void 0===t||0<t--)&&!(i=r.next()).done;)s.push(i.value)}catch(a){n={error:a}}finally{try{i&&!i.done&&(o=r["return"])&&o.call(r)}finally{if(n)throw n.error}}return s}function _(e,t){return Object.defineProperty?Object.defineProperty(e,"raw",{value:t}):e.raw=t,e}var y=(Object.defineProperty(m.prototype,"isBrowser",{get:function(){return t.isPlatformBrowser(this.platformId)},enumerable:!0,configurable:!0}),m.decorators=[{type:i.Injectable,args:[{providedIn:"root"}]}],m.ctorParameters=function(){return[{type:Object,decorators:[{type:i.Inject,args:[i.PLATFORM_ID]}]}]},m.ngInjectableDef=i.defineInjectable({factory:function(){return new m(i.inject(i.PLATFORM_ID))},token:m,providedIn:"root"}),m);function m(e){this.platformId=e}var k=(Object.defineProperty(w.prototype,"openIDConfiguration",{get:function(){return this.mergedOpenIdConfiguration},enumerable:!0,configurable:!0}),Object.defineProperty(w.prototype,"wellKnownEndpoints",{get:function(){return this.authWellKnownEndpoints},enumerable:!0,configurable:!0}),Object.defineProperty(w.prototype,"onConfigurationChange",{get:function(){return this.onConfigurationChangeInternal.asObservable()},enumerable:!0,configurable:!0}),w.prototype.setup=function(e,t){this.mergedOpenIdConfiguration=f({},this.mergedOpenIdConfiguration,e),this.setSpecialCases(this.mergedOpenIdConfiguration),this.authWellKnownEndpoints=f({},t),this.onConfigurationChangeInternal.next(f({},this.mergedOpenIdConfiguration))},w.prototype.setSpecialCases=function(e){this.platformProvider.isBrowser||(e.start_checksession=!1,e.silent_renew=!1,e.use_refresh_token=!1)},w.decorators=[{type:i.Injectable,args:[{providedIn:"root"}]}],w.ctorParameters=function(){return[{type:y}]},w.ngInjectableDef=i.defineInjectable({factory:function(){return new w(i.inject(y))},token:w,providedIn:"root"}),w);function w(e){this.platformProvider=e,this.DEFAULT_CONFIG={stsServer:"https://please_set",redirect_url:"https://please_set",client_id:"please_set",response_type:"code",scope:"openid email profile",hd_param:"",post_logout_redirect_uri:"https://please_set",start_checksession:!1,silent_renew:!1,silent_renew_url:"https://please_set",silent_renew_offset_in_seconds:0,use_refresh_token:!1,ignore_nonce_after_refresh:!1,post_login_route:"/",forbidden_route:"/forbidden",unauthorized_route:"/unauthorized",auto_userinfo:!0,auto_clean_state_after_authentication:!0,trigger_authorization_result_event:!1,log_console_warning_active:!0,log_console_debug_active:!1,iss_validation_off:!1,history_cleanup_off:!1,max_id_token_iat_offset_allowed_in_seconds:3,isauthorizedrace_timeout_in_seconds:5,disable_iat_offset_validation:!1,storage:"undefined"!=typeof Storage?sessionStorage:null},this.INITIAL_AUTHWELLKNOWN={issuer:"",jwks_uri:"",authorization_endpoint:"",token_endpoint:"",userinfo_endpoint:"",end_session_endpoint:"",check_session_iframe:"",revocation_endpoint:"",introspection_endpoint:""},this.mergedOpenIdConfiguration=this.DEFAULT_CONFIG,this.authWellKnownEndpoints=this.INITIAL_AUTHWELLKNOWN,this.onConfigurationChangeInternal=new p.Subject}var I=(D.prototype.logError=function(e){for(var t=[],o=1;o<arguments.length;o++)t[o-1]=arguments[o];console.error.apply(console,function i(){for(var e=[],t=0;t<arguments.length;t++)e=e.concat(S(arguments[t]));return e}([e],t))},D.prototype.logWarning=function(e){this.configurationProvider.openIDConfiguration.log_console_warning_active&&console.warn(e)},D.prototype.logDebug=function(e){this.configurationProvider.openIDConfiguration.log_console_debug_active&&console.log(e)},D.decorators=[{type:i.Injectable}],D.ctorParameters=function(){return[{type:k}]},D);function D(e){this.configurationProvider=e}var P=(E.prototype.getExistingIFrame=function(e){var t=this.getIFrameFromParentWindow(e);if(this.isIFrameElement(t))return t;var o=this.getIFrameFromWindow(e);return this.isIFrameElement(o)?o:null},E.prototype.addIFrameToWindowBody=function(e){var t=window.document.createElement("iframe");return t.id=e,this.loggerService.logDebug(t),t.style.display="none",window.document.body.appendChild(t),t},E.prototype.getIFrameFromParentWindow=function(e){try{var t=window.parent.document.getElementById(e);return this.isIFrameElement(t)?t:null}catch(o){return null}},E.prototype.getIFrameFromWindow=function(e){var t=window.document.getElementById(e);return this.isIFrameElement(t)?t:null},E.prototype.isIFrameElement=function(e){return!!e&&e instanceof HTMLIFrameElement},E.decorators=[{type:i.Injectable}],E.ctorParameters=function(){return[{type:I}]},E);function E(e){this.loggerService=e}var R=(z.prototype.areEqual=function(e,t){if(!e||!t)return!1;if(this.bothValuesAreArrays(e,t))return this.arraysEqual(e,t);if(this.bothValuesAreStrings(e,t))return e===t;if(this.bothValuesAreObjects(e,t))return JSON.stringify(e).toLowerCase()===JSON.stringify(t).toLowerCase();if(this.oneValueIsStringAndTheOtherIsArray(e,t)){if(Array.isArray(e)&&this.valueIsString(t))return e[0]===t;if(Array.isArray(t)&&this.valueIsString(e))return t[0]===e}},z.prototype.oneValueIsStringAndTheOtherIsArray=function(e,t){return Array.isArray(e)&&this.valueIsString(t)||Array.isArray(t)&&this.valueIsString(e)},z.prototype.bothValuesAreObjects=function(e,t){return this.valueIsObject(e)&&this.valueIsObject(t)},z.prototype.bothValuesAreStrings=function(e,t){return this.valueIsString(e)&&this.valueIsString(t)},z.prototype.bothValuesAreArrays=function(e,t){return Array.isArray(e)&&Array.isArray(t)},z.prototype.valueIsString=function(e){return"string"==typeof e||e instanceof String},z.prototype.valueIsObject=function(e){return"object"==typeof e},z.prototype.arraysEqual=function(e,t){if(e.length!==t.length)return!1;for(var o=e.length;o--;)if(e[o]!==t[o])return!1;return!0},z.decorators=[{type:i.Injectable}],z);function z(){}var A=(T.prototype.getTokenExpirationDate=function(e){if(!e.hasOwnProperty("exp"))return new Date;var t=new Date(0);return t.setUTCSeconds(e.exp),t},T.prototype.getHeaderFromToken=function(e,t){return this.tokenIsValid(e)?this.getPartOfToken(e,0,t):{}},T.prototype.getPayloadFromToken=function(e,t){return this.tokenIsValid(e)?this.getPartOfToken(e,1,t):{}},T.prototype.getSignatureFromToken=function(e,t){return this.tokenIsValid(e)?this.getPartOfToken(e,2,t):{}},T.prototype.getPartOfToken=function(e,t,o){var i=this.extractPartOfToken(e,t);if(o)return i;var n=this.urlBase64Decode(i);return JSON.parse(n)},T.prototype.urlBase64Decode=function(e){var t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw Error("Illegal base64url string!")}var o="undefined"!=typeof window?window.atob(t):new Buffer(t,"base64").toString("binary");try{return decodeURIComponent(o.split("").map(function(e){return"%"+("00"+e.charCodeAt(0).toString(16)).slice(-2)}).join(""))}catch(i){return o}},T.prototype.tokenIsValid=function(e){return e?e.includes(".")?e.split(".").length===this.PARTS_OF_TOKEN||(this.loggerService.logError("token '"+e+"' is not valid --\x3e token has to have exactly "+this.PARTS_OF_TOKEN+" dots"),!1):(this.loggerService.logError("token '"+e+"' is not valid --\x3e no dots included"),!1):(this.loggerService.logError("token '"+e+"' is not valid --\x3e token falsy"),!1)},T.prototype.extractPartOfToken=function(e,t){return e.split(".")[t]},T.decorators=[{type:i.Injectable}],T.ctorParameters=function(){return[{type:I}]},T);function T(e){this.loggerService=e,this.PARTS_OF_TOKEN=3}var O=(x.decorators=[{type:i.Injectable}],x);function x(){}var j=(W.prototype.read=function(e){if(this.hasStorage)return JSON.parse(this.configProvider.openIDConfiguration.storage.getItem(e+"_"+this.configProvider.openIDConfiguration.client_id))},W.prototype.write=function(e,t){this.hasStorage&&(t=t===undefined?null:t,this.configProvider.openIDConfiguration.storage.setItem(e+"_"+this.configProvider.openIDConfiguration.client_id,JSON.stringify(t)))},W.decorators=[{type:i.Injectable}],W.ctorParameters=function(){return[{type:k}]},W);function W(e){this.configProvider=e,this.hasStorage="undefined"!=typeof Storage}var U=(Object.defineProperty(V.prototype,"authResult",{get:function(){return this.retrieve(this.storageAuthResult)},set:function(e){this.store(this.storageAuthResult,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"accessToken",{get:function(){return this.retrieve(this.storageAccessToken)||""},set:function(e){this.store(this.storageAccessToken,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"idToken",{get:function(){return this.retrieve(this.storageIdToken)||""},set:function(e){this.store(this.storageIdToken,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"isAuthorized",{get:function(){return this.retrieve(this.storageIsAuthorized)},set:function(e){this.store(this.storageIsAuthorized,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"userData",{get:function(){return this.retrieve(this.storageUserData)},set:function(e){this.store(this.storageUserData,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"authNonce",{get:function(){return this.retrieve(this.storageAuthNonce)||""},set:function(e){this.store(this.storageAuthNonce,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"code_verifier",{get:function(){return this.retrieve(this.storageCodeVerifier)||""},set:function(e){this.store(this.storageCodeVerifier,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"authStateControl",{get:function(){return this.retrieve(this.storageAuthStateControl)||""},set:function(e){this.store(this.storageAuthStateControl,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"sessionState",{get:function(){return this.retrieve(this.storageSessionState)},set:function(e){this.store(this.storageSessionState,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"silentRenewRunning",{get:function(){return this.retrieve(this.storageSilentRenewRunning)||""},set:function(e){this.store(this.storageSilentRenewRunning,e)},enumerable:!0,configurable:!0}),Object.defineProperty(V.prototype,"customRequestParams",{get:function(){return this.retrieve(this.storageCustomRequestParams)},set:function(e){this.store(this.storageCustomRequestParams,e)},enumerable:!0,configurable:!0}),V.prototype.retrieve=function(e){return this.oidcSecurityStorage.read(e)},V.prototype.store=function(e,t){this.oidcSecurityStorage.write(e,t)},V.prototype.resetStorageData=function(e){e||(this.store(this.storageAuthResult,""),this.store(this.storageSessionState,""),this.store(this.storageSilentRenewRunning,""),this.store(this.storageIsAuthorized,!1),this.store(this.storageAccessToken,""),this.store(this.storageIdToken,""),this.store(this.storageUserData,""),this.store(this.storageCodeVerifier,""))},V.prototype.getAccessToken=function(){return this.retrieve(this.storageAccessToken)},V.prototype.getIdToken=function(){return this.retrieve(this.storageIdToken)},V.prototype.getRefreshToken=function(){return this.authResult.refresh_token},V.decorators=[{type:i.Injectable}],V.ctorParameters=function(){return[{type:O}]},V);function V(e){this.oidcSecurityStorage=e,this.storageAuthResult="authorizationResult",this.storageAccessToken="authorizationData",this.storageIdToken="authorizationDataIdToken",this.storageIsAuthorized="_isAuthorized",this.storageUserData="userData",this.storageAuthNonce="authNonce",this.storageCodeVerifier="code_verifier",this.storageAuthStateControl="authStateControl",this.storageSessionState="session_state",this.storageSilentRenewRunning="storage_silent_renew_running",this.storageCustomRequestParams="storage_custom_request_params"}var K=(F.prototype.isTokenExpired=function(e,t){var o;return o=this.tokenHelperService.getPayloadFromToken(e,!1),!this.validate_id_token_exp_not_expired(o,t)},F.prototype.validate_id_token_exp_not_expired=function(e,t){var o=this.tokenHelperService.getTokenExpirationDate(e);if(t=t||0,!o)return!1;var i=o.valueOf(),n=(new Date).valueOf()+1e3*t,r=n<i;return this.loggerService.logDebug("Token not expired?: "+i+" > "+n+" ("+r+")"),r},F.prototype.validate_required_id_token=function(e){var t=!0;return e.hasOwnProperty("iss")||(t=!1,this.loggerService.logWarning("iss is missing, this is required in the id_token")),e.hasOwnProperty("sub")||(t=!1,this.loggerService.logWarning("sub is missing, this is required in the id_token")),e.hasOwnProperty("aud")||(t=!1,this.loggerService.logWarning("aud is missing, this is required in the id_token")),e.hasOwnProperty("exp")||(t=!1,this.loggerService.logWarning("exp is missing, this is required in the id_token")),e.hasOwnProperty("iat")||(t=!1,this.loggerService.logWarning("iat is missing, this is required in the id_token")),t},F.prototype.validate_id_token_iat_max_offset=function(e,t,o){if(o)return!0;if(!e.hasOwnProperty("iat"))return!1;var i=new Date(0);return i.setUTCSeconds(e.iat),t=t||0,null!=i&&(this.loggerService.logDebug("validate_id_token_iat_max_offset: "+((new Date).valueOf()-i.valueOf())+" < "+1e3*t),(new Date).valueOf()-i.valueOf()<1e3*t)},F.prototype.validate_id_token_nonce=function(e,t,o){return!((e.nonce!==undefined&&!o||t!==F.RefreshTokenNoncePlaceholder)&&e.nonce!==t&&(this.loggerService.logDebug("Validate_id_token_nonce failed, dataIdToken.nonce: "+e.nonce+" local_nonce:"+t),1))},F.prototype.validate_id_token_iss=function(e,t){return e.iss===t||(this.loggerService.logDebug("Validate_id_token_iss failed, dataIdToken.iss: "+e.iss+" authWellKnownEndpoints issuer:"+t),!1)},F.prototype.validate_id_token_aud=function(e,t){return e.aud instanceof Array?!!this.arrayHelperService.areEqual(e.aud,t)||(this.loggerService.logDebug("Validate_id_token_aud array failed, dataIdToken.aud: "+e.aud+" client_id:"+t),!1):e.aud===t||(this.loggerService.logDebug("Validate_id_token_aud failed, dataIdToken.aud: "+e.aud+" client_id:"+t),!1)},F.prototype.validateStateFromHashCallback=function(e,t){return e===t||(this.loggerService.logDebug("ValidateStateFromHashCallback failed, state: "+e+" local_state:"+t),!1)},F.prototype.validate_userdata_sub_id_token=function(e,t){return e===t||(this.loggerService.logDebug("validate_userdata_sub_id_token failed, id_token_sub: "+e+" userdata_sub:"+t),!1)},F.prototype.validate_signature_id_token=function(e,t){var o,i,n,r,s,a;if(!t||!t.keys)return!1;var u=this.tokenHelperService.getHeaderFromToken(e,!1);if(0===Object.keys(u).length&&u.constructor===Object)return this.loggerService.logWarning("id token has no header data"),!1;var c=u.kid;if("RS256"!==u.alg)return this.loggerService.logWarning("Only RS256 supported"),!1;var d=!1;if(u.hasOwnProperty("kid"))try{for(var l=b(t.keys),g=l.next();!g.done;g=l.next())if((_=g.value).kid===c)return y=C.KEYUTIL.getKey(_),(d=C.KJUR.jws.JWS.verify(e,y,["RS256"]))||this.loggerService.logWarning("incorrect Signature, validation failed for id_token"),d}catch(m){s={error:m}}finally{try{g&&!g.done&&(a=l["return"])&&a.call(l)}finally{if(s)throw s.error}}else{var h=0;try{for(var f=b(t.keys),p=f.next();!p.done;p=f.next())"RSA"===(_=p.value).kty&&"sig"===_.use&&(h+=1)}catch(k){o={error:k}}finally{try{p&&!p.done&&(i=f["return"])&&i.call(f)}finally{if(o)throw o.error}}if(0===h)return this.loggerService.logWarning("no keys found, incorrect Signature, validation failed for id_token"),!1;if(1<h)return this.loggerService.logWarning("no ID Token kid claim in JOSE header and multiple supplied in jwks_uri"),!1;try{for(var v=b(t.keys),S=v.next();!S.done;S=v.next()){var _;if("RSA"===(_=S.value).kty&&"sig"===_.use){var y=C.KEYUTIL.getKey(_);return(d=C.KJUR.jws.JWS.verify(e,y,["RS256"]))||this.loggerService.logWarning("incorrect Signature, validation failed for id_token"),d}}}catch(w){n={error:w}}finally{try{S&&!S.done&&(r=v["return"])&&r.call(v)}finally{if(n)throw n.error}}}return d},F.prototype.config_validate_response_type=function(e){return"id_token token"===e||"id_token"===e||"code"===e||(this.loggerService.logWarning("module configure incorrect, invalid response_type:"+e),!1)},F.prototype.validate_id_token_at_hash=function(e,t,o){if(this.loggerService.logDebug("at_hash from the server:"+t),o&&!t)return this.loggerService.logDebug("Code Flow active, and no at_hash in the id_token, skipping check!"),!0;var i=this.generate_at_hash(""+e);if(this.loggerService.logDebug("at_hash client validation not decoded:"+i),i===t)return!0;var n=this.generate_at_hash(""+decodeURIComponent(e));return this.loggerService.logDebug("-gen access--"+n),n===t},F.prototype.generate_at_hash=function(e){var t=C.KJUR.crypto.Util.hashString(e,"sha256"),o=t.substr(0,t.length/2);return C.hextob64u(o)},F.prototype.generate_code_verifier=function(e){var t=C.KJUR.crypto.Util.hashString(e,"sha256");return C.hextob64u(t)},F.RefreshTokenNoncePlaceholder="--RefreshToken--",F.decorators=[{type:i.Injectable}],F.ctorParameters=function(){return[{type:R},{type:A},{type:I}]},F);function F(e,t,o){this.arrayHelperService=e,this.tokenHelperService=t,this.loggerService=o}var N=(H.prototype.validateState=function(e,t){var o=new s;if(!this.oidcSecurityValidation.validateStateFromHashCallback(e.state,this.oidcSecurityCommon.authStateControl))return this.loggerService.logWarning("authorizedCallback incorrect state"),o.state=d.StatesDoNotMatch,this.handleUnsuccessfulValidation(),o;if("id_token token"!==this.configurationProvider.openIDConfiguration.response_type&&"code"!==this.configurationProvider.openIDConfiguration.response_type||(o.access_token=e.access_token),e.id_token){if(o.id_token=e.id_token,o.decoded_id_token=this.tokenHelperService.getPayloadFromToken(o.id_token,!1),!this.oidcSecurityValidation.validate_signature_id_token(o.id_token,t))return this.loggerService.logDebug("authorizedCallback Signature validation failed id_token"),o.state=d.SignatureFailed,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_id_token_nonce(o.decoded_id_token,this.oidcSecurityCommon.authNonce,this.configurationProvider.openIDConfiguration.ignore_nonce_after_refresh))return this.loggerService.logWarning("authorizedCallback incorrect nonce"),o.state=d.IncorrectNonce,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_required_id_token(o.decoded_id_token))return this.loggerService.logDebug("authorizedCallback Validation, one of the REQUIRED properties missing from id_token"),o.state=d.RequiredPropertyMissing,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_id_token_iat_max_offset(o.decoded_id_token,this.configurationProvider.openIDConfiguration.max_id_token_iat_offset_allowed_in_seconds,this.configurationProvider.openIDConfiguration.disable_iat_offset_validation))return this.loggerService.logWarning("authorizedCallback Validation, iat rejected id_token was issued too far away from the current time"),o.state=d.MaxOffsetExpired,this.handleUnsuccessfulValidation(),o;if(!this.configurationProvider.wellKnownEndpoints)return this.loggerService.logWarning("authWellKnownEndpoints is undefined"),o.state=d.NoAuthWellKnownEndPoints,this.handleUnsuccessfulValidation(),o;if(this.configurationProvider.openIDConfiguration.iss_validation_off)this.loggerService.logDebug("iss validation is turned off, this is not recommended!");else if(!this.configurationProvider.openIDConfiguration.iss_validation_off&&!this.oidcSecurityValidation.validate_id_token_iss(o.decoded_id_token,this.configurationProvider.wellKnownEndpoints.issuer))return this.loggerService.logWarning("authorizedCallback incorrect iss does not match authWellKnownEndpoints issuer"),o.state=d.IssDoesNotMatchIssuer,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_id_token_aud(o.decoded_id_token,this.configurationProvider.openIDConfiguration.client_id))return this.loggerService.logWarning("authorizedCallback incorrect aud"),o.state=d.IncorrectAud,this.handleUnsuccessfulValidation(),o;if(!this.oidcSecurityValidation.validate_id_token_exp_not_expired(o.decoded_id_token))return this.loggerService.logWarning("authorizedCallback token expired"),o.state=d.TokenExpired,this.handleUnsuccessfulValidation(),o}else this.loggerService.logDebug("No id_token found, skipping id_token validation");return"id_token token"!==this.configurationProvider.openIDConfiguration.response_type&&"code"!==this.configurationProvider.openIDConfiguration.response_type?(o.authResponseIsValid=!0,o.state=d.Ok,this.handleSuccessfulValidation(),this.handleUnsuccessfulValidation()):this.oidcSecurityValidation.validate_id_token_at_hash(o.access_token,o.decoded_id_token.at_hash,"code"===this.configurationProvider.openIDConfiguration.response_type)&&o.access_token?(o.authResponseIsValid=!0,o.state=d.Ok,this.handleSuccessfulValidation()):(this.loggerService.logWarning("authorizedCallback incorrect at_hash"),o.state=d.IncorrectAtHash,this.handleUnsuccessfulValidation()),o},H.prototype.handleSuccessfulValidation=function(){this.oidcSecurityCommon.authNonce="",this.configurationProvider.openIDConfiguration.auto_clean_state_after_authentication&&(this.oidcSecurityCommon.authStateControl=""),this.loggerService.logDebug("AuthorizedCallback token(s) validated, continue")},H.prototype.handleUnsuccessfulValidation=function(){this.oidcSecurityCommon.authNonce="",this.configurationProvider.openIDConfiguration.auto_clean_state_after_authentication&&(this.oidcSecurityCommon.authStateControl=""),this.loggerService.logDebug("AuthorizedCallback token(s) invalid")},H.decorators=[{type:i.Injectable}],H.ctorParameters=function(){return[{type:U},{type:K},{type:A},{type:I},{type:k}]},H);function H(e,t,o,i,n){this.oidcSecurityCommon=e,this.oidcSecurityValidation=t,this.tokenHelperService=o,this.loggerService=i,this.configurationProvider=n}var M="myiFrameForCheckSession",q=(Object.defineProperty(L.prototype,"onCheckSessionChanged",{get:function(){return this.checkSessionChanged.asObservable()},enumerable:!0,configurable:!0}),L.prototype.doesSessionExist=function(){var e=this.iFrameService.getExistingIFrame(M);return!!e&&(this.sessionIframe=e,!0)},L.prototype.init=function(){var t=this;return this.lastIFrameRefresh+this.iframeRefreshInterval>Date.now()?p.from([this]):(this.doesSessionExist()||(this.sessionIframe=this.iFrameService.addIFrameToWindowBody(M),this.iframeMessageEvent=this.messageHandler.bind(this),window.addEventListener("message",this.iframeMessageEvent,!1)),this.configurationProvider.wellKnownEndpoints?(this.configurationProvider.wellKnownEndpoints.check_session_iframe?this.sessionIframe.contentWindow.location.replace(this.configurationProvider.wellKnownEndpoints.check_session_iframe):this.loggerService.logWarning("init check session: authWellKnownEndpoints is undefined"),p.Observable.create(function(e){t.sessionIframe.onload=function(){t.lastIFrameRefresh=Date.now(),e.next(t),e.complete()}})):void this.loggerService.logWarning("init check session: authWellKnownEndpoints is undefined. Returning."))},L.prototype.startCheckingSession=function(e){this.scheduledHeartBeat||this.pollServerSession(e)},L.prototype.stopCheckingSession=function(){this.scheduledHeartBeat&&this.clearScheduledHeartBeat()},L.prototype.pollServerSession=function(t){var o=this,i=function(){o.init().pipe(v.take(1)).subscribe(function(){if(o.sessionIframe&&t){o.loggerService.logDebug(o.sessionIframe);var e=o.oidcSecurityCommon.sessionState;e?(o.outstandingMessages++,o.sessionIframe.contentWindow.postMessage(t+" "+e,o.configurationProvider.openIDConfiguration.stsServer)):(o.loggerService.logDebug("OidcSecurityCheckSession pollServerSession session_state is blank"),o.checkSessionChanged.next())}else o.loggerService.logWarning("OidcSecurityCheckSession pollServerSession sessionIframe does not exist"),o.loggerService.logDebug(t),o.loggerService.logDebug(o.sessionIframe);3<o.outstandingMessages&&(o.loggerService.logError("OidcSecurityCheckSession not receiving check session response messages.\n Outstanding messages: "+o.outstandingMessages+". Server unreachable?"),o.checkSessionChanged.next()),o.scheduledHeartBeat=setTimeout(i,o.heartBeatInterval)})};this.outstandingMessages=0,this.zone.runOutsideAngular(function(){o.scheduledHeartBeat=setTimeout(i,o.heartBeatInterval)})},L.prototype.clearScheduledHeartBeat=function(){clearTimeout(this.scheduledHeartBeat),this.scheduledHeartBeat=null},L.prototype.messageHandler=function(e){this.outstandingMessages=0,this.sessionIframe&&e.origin===this.configurationProvider.openIDConfiguration.stsServer&&e.source===this.sessionIframe.contentWindow&&("error"===e.data?this.loggerService.logWarning("error from checksession messageHandler"):"changed"===e.data?this.checkSessionChanged.next():this.loggerService.logDebug(e.data+" from checksession messageHandler"))},L.decorators=[{type:i.Injectable}],L.ctorParameters=function(){return[{type:U},{type:I},{type:P},{type:i.NgZone},{type:k}]},L);function L(e,t,o,i,n){this.oidcSecurityCommon=e,this.loggerService=t,this.iFrameService=o,this.zone=i,this.configurationProvider=n,this.lastIFrameRefresh=0,this.outstandingMessages=0,this.heartBeatInterval=3e3,this.iframeRefreshInterval=6e4,this.checkSessionChanged=new p.Subject}var B=(Object.defineProperty(J.prototype,"onConfigurationLoaded",{get:function(){return this.configurationLoadedInternal.asObservable()},enumerable:!0,configurable:!0}),J.prototype.load=function(t){var o=this;return this.httpClient.get(t).pipe(v.switchMap(function(e){return o.loadUsingConfiguration(e)}),v.catchError(function(e){return o.loggerService.logError("OidcConfigService 'load' threw an error on calling "+t,e),o.configurationLoadedInternal.next(undefined),p.of(!1)})).toPromise()},J.prototype.load_using_stsServer=function(e){return this.loadUsingConfiguration({stsServer:e}).toPromise()},J.prototype.load_using_custom_stsServer=function(t){var o=this;return this.httpClient.get(t).pipe(v.switchMap(function(e){return o.configurationLoadedInternal.next({authWellknownEndpoints:e,customConfig:{stsServer:t}}),p.of(!0)}),v.catchError(function(e){return o.loggerService.logError("OidcConfigService 'load_using_custom_stsServer' threw an error on calling "+t,e),o.configurationLoadedInternal.next(undefined),p.of(!1)})).toPromise()},J.prototype.loadUsingConfiguration=function(t){var o=this;if(!t.stsServer)throw this.loggerService.logError("Property 'stsServer' is not present of passed config "+JSON.stringify(t),t),new Error("Property 'stsServer' is not present of passed config "+JSON.stringify(t));var i=t.stsServer+"/.well-known/openid-configuration";return this.httpClient.get(i).pipe(v.switchMap(function(e){return o.configurationLoadedInternal.next({authWellknownEndpoints:e,customConfig:t}),p.of(!0)}),v.catchError(function(e){return o.loggerService.logError("OidcConfigService 'load_using_stsServer' threw an error on calling "+i,e),o.configurationLoadedInternal.next(undefined),p.of(!1)}))},J.decorators=[{type:i.Injectable}],J.ctorParameters=function(){return[{type:I},{type:l.HttpClient}]},J);function J(e,t){this.loggerService=e,this.httpClient=t,this.configurationLoadedInternal=new p.ReplaySubject(1)}var G="myiFrameForSilentRenew",$=(Y.prototype.initRenew=function(){var e=this.iFrameService.getExistingIFrame(G);return e||this.iFrameService.addIFrameToWindowBody(G)},Y.prototype.startRenew=function(o){var i=this.initRenew();return this.loggerService.logDebug("startRenew for URL:"+o),new p.Observable(function(e){var t=function(){i.removeEventListener("load",t),e.next(undefined),e.complete()};return i.addEventListener("load",t),i.src=o,function(){i.removeEventListener("load",t)}})},Y.decorators=[{type:i.Injectable}],Y.ctorParameters=function(){return[{type:I},{type:P}]},Y);function Y(e,t){this.loggerService=e,this.iFrameService=t}var Z=(Q.prototype.initUserData=function(){var t=this;return this.getIdentityUserData().pipe(v.map(function(e){return t.userData=e}))},Q.prototype.getUserData=function(){if(!this.userData)throw Error("UserData is not set!");return this.userData},Q.prototype.setUserData=function(e){this.userData=e},Q.prototype.getIdentityUserData=function(){var e=this.oidcSecurityCommon.getAccessToken();if(!this.configurationProvider.wellKnownEndpoints)throw this.loggerService.logWarning("init check session: authWellKnownEndpoints is undefined"),Error("authWellKnownEndpoints is undefined");if(!this.configurationProvider.wellKnownEndpoints||!this.configurationProvider.wellKnownEndpoints.userinfo_endpoint)throw this.loggerService.logError("init check session: authWellKnownEndpoints.userinfo_endpoint is undefined; set auto_userinfo = false in config"),Error("authWellKnownEndpoints.userinfo_endpoint is undefined");return this.oidcDataService.getIdentityUserData(this.configurationProvider.wellKnownEndpoints.userinfo_endpoint||"",e)},Q.decorators=[{type:i.Injectable}],Q.ctorParameters=function(){return[{type:g},{type:U},{type:I},{type:k}]},Q);function Q(e,t,o,i){this.oidcDataService=e,this.oidcSecurityCommon=t,this.loggerService=o,this.configurationProvider=i,this.userData=""}var X=(ee.prototype.encodeKey=function(e){return encodeURIComponent(e)},ee.prototype.encodeValue=function(e){return encodeURIComponent(e)},ee.prototype.decodeKey=function(e){return decodeURIComponent(e)},ee.prototype.decodeValue=function(e){return decodeURIComponent(e)},ee);function ee(){}var te=(oe.prototype.getUrlParameter=function(e,t){if(!e)return"";if(!t)return"";t=t.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");var o=new RegExp("[\\?&]"+t+"=([^&#]*)").exec(e);return null===o?"":decodeURIComponent(o[1])},oe.decorators=[{type:i.Injectable,args:[{providedIn:"root"}]}],oe.ngInjectableDef=i.defineInjectable({factory:function(){return new oe},token:oe,providedIn:"root"}),oe);function oe(){}var ie,ne,re=(Object.defineProperty(se.prototype,"onModuleSetup",{get:function(){return this._onModuleSetup.asObservable()},enumerable:!0,configurable:!0}),Object.defineProperty(se.prototype,"onAuthorizationResult",{get:function(){return this._onAuthorizationResult.asObservable()},enumerable:!0,configurable:!0}),Object.defineProperty(se.prototype,"onCheckSessionChanged",{get:function(){return this._onCheckSessionChanged.asObservable()},enumerable:!0,configurable:!0}),Object.defineProperty(se.prototype,"onConfigurationChange",{get:function(){return this.configurationProvider.onConfigurationChange},enumerable:!0,configurable:!0}),se.prototype.setupModule=function(e,t){var o=this;this.configurationProvider.setup(e,t),this.oidcSecurityCheckSession.onCheckSessionChanged.subscribe(function(){o.loggerService.logDebug("onCheckSessionChanged"),o.checkSessionChanged=!0,o._onCheckSessionChanged.next(o.checkSessionChanged)});var i=this.oidcSecurityCommon.userData;i&&this.setUserData(i);var n=this.oidcSecurityCommon.isAuthorized;if(n&&(this.loggerService.logDebug("IsAuthorized setup module"),this.loggerService.logDebug(this.oidcSecurityCommon.idToken),this.oidcSecurityValidation.isTokenExpired(this.oidcSecurityCommon.idToken||this.oidcSecurityCommon.accessToken,this.configurationProvider.openIDConfiguration.silent_renew_offset_in_seconds)?this.loggerService.logDebug("IsAuthorized setup module; id_token isTokenExpired"):(this.loggerService.logDebug("IsAuthorized setup module; id_token is valid"),this.setIsAuthorized(n)),this.runTokenValidation()),this.loggerService.logDebug("STS server: "+this.configurationProvider.openIDConfiguration.stsServer),this._onModuleSetup.next(),this.configurationProvider.openIDConfiguration.silent_renew){this.oidcSecuritySilentRenew.initRenew(),this.boundSilentRenewEvent=this.silentRenewEventHandler.bind(this);var r=Math.random(),s=function(e){e.detail!==r&&(window.removeEventListener("oidc-silent-renew-message",o.boundSilentRenewEvent),window.removeEventListener("oidc-silent-renew-init",s))}.bind(this);window.addEventListener("oidc-silent-renew-init",s,!1),window.addEventListener("oidc-silent-renew-message",this.boundSilentRenewEvent,!1),window.dispatchEvent(new CustomEvent("oidc-silent-renew-init",{detail:r}))}},se.prototype.getUserData=function(){return this._userData.asObservable()},se.prototype.getIsModuleSetup=function(){return this._isModuleSetup.asObservable()},se.prototype.getIsAuthorized=function(){return this._isSetupAndAuthorized},se.prototype.getToken=function(){if(!this._isAuthorized.getValue())return"";var e=this.oidcSecurityCommon.getAccessToken();return decodeURIComponent(e)},se.prototype.getIdToken=function(){if(!this._isAuthorized.getValue())return"";var e=this.oidcSecurityCommon.getIdToken();return decodeURIComponent(e)},se.prototype.getRefreshToken=function(){if(!this._isAuthorized.getValue())return"";var e=this.oidcSecurityCommon.getRefreshToken();return decodeURIComponent(e)},se.prototype.getPayloadFromIdToken=function(e){void 0===e&&(e=!1);var t=this.getIdToken();return this.tokenHelperService.getPayloadFromToken(t,e)},se.prototype.setState=function(e){this.oidcSecurityCommon.authStateControl=e},se.prototype.getState=function(){return this.oidcSecurityCommon.authStateControl},se.prototype.setCustomRequestParameters=function(e){this.oidcSecurityCommon.customRequestParams=e},se.prototype.authorize=function(e){if(this.configurationProvider.wellKnownEndpoints&&(this.authWellKnownEndpointsLoaded=!0),this.authWellKnownEndpointsLoaded){if(this.oidcSecurityValidation.config_validate_response_type(this.configurationProvider.openIDConfiguration.response_type)){this.resetAuthorizationData(!1),this.loggerService.logDebug("BEGIN Authorize Code Flow, no auth data");var t=this.oidcSecurityCommon.authStateControl;t||(t=Date.now()+""+Math.random()+Math.random(),this.oidcSecurityCommon.authStateControl=t);var o="N"+Math.random()+Date.now();this.oidcSecurityCommon.authNonce=o,this.loggerService.logDebug("AuthorizedController created. local state: "+this.oidcSecurityCommon.authStateControl);var i="";if("code"===this.configurationProvider.openIDConfiguration.response_type){var n="C"+Math.random()+Date.now()+Date.now()+Math.random(),r=this.oidcSecurityValidation.generate_code_verifier(n);this.oidcSecurityCommon.code_verifier=n,this.configurationProvider.wellKnownEndpoints?i=this.createAuthorizeUrl(!0,r,this.configurationProvider.openIDConfiguration.redirect_url,o,t,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||""):this.loggerService.logError("authWellKnownEndpoints is undefined")}else this.configurationProvider.wellKnownEndpoints?i=this.createAuthorizeUrl(!1,"",this.configurationProvider.openIDConfiguration.redirect_url,o,t,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||""):this.loggerService.logError("authWellKnownEndpoints is undefined");e?e(i):this.redirectTo(i)}}else this.loggerService.logError("Well known endpoints must be loaded before user can login!")},se.prototype.authorizedCallbackWithCode=function(e){this.authorizedCallbackWithCode$(e).subscribe()},se.prototype.authorizedCallbackWithCode$=function(e){var t=this.urlParserService.getUrlParameter(e,"code"),o=this.urlParserService.getUrlParameter(e,"state"),i=this.urlParserService.getUrlParameter(e,"session_state")||null;return o?t?(this.loggerService.logDebug("running validation for callback"+e),this.requestTokensWithCode$(t,o,i)):(this.loggerService.logDebug("no code in url"),p.of()):(this.loggerService.logDebug("no state in url"),p.of())},se.prototype.requestTokensWithCode=function(e,t,o){this.requestTokensWithCode$(e,t,o).subscribe()},se.prototype.requestTokensWithCode$=function(e,t,o){var i=this;return this._isModuleSetup.pipe(v.filter(function(e){return!!e}),v.take(1),v.switchMap(function(){return i.requestTokensWithCodeProcedure$(e,t,o)}))},se.prototype.refreshTokensWithCodeProcedure=function(e,o){var i=this,t="";this.configurationProvider.wellKnownEndpoints&&this.configurationProvider.wellKnownEndpoints.token_endpoint&&(t=""+this.configurationProvider.wellKnownEndpoints.token_endpoint);var n=new l.HttpHeaders;n=n.set("Content-Type","application/x-www-form-urlencoded");var r="grant_type=refresh_token&client_id="+this.configurationProvider.openIDConfiguration.client_id+"&refresh_token="+e;return this.httpClient.post(t,r,{headers:n}).pipe(v.map(function(e){i.loggerService.logDebug("token refresh response: "+JSON.stringify(e));var t=new Object;(t=e).state=o,i.authorizedCodeFlowCallbackProcedure(t)}),v.catchError(function(e){return i.loggerService.logError(e),i.loggerService.logError("OidcService code request "+i.configurationProvider.openIDConfiguration.stsServer),p.of(!1)}))},se.prototype.requestTokensWithCodeProcedure=function(e,t,o){this.requestTokensWithCodeProcedure$(e,t,o).subscribe()},se.prototype.requestTokensWithCodeProcedure$=function(e,o,i){var n=this,t="";if(this.configurationProvider.wellKnownEndpoints&&this.configurationProvider.wellKnownEndpoints.token_endpoint&&(t=""+this.configurationProvider.wellKnownEndpoints.token_endpoint),!this.oidcSecurityValidation.validateStateFromHashCallback(o,this.oidcSecurityCommon.authStateControl))return this.loggerService.logWarning("authorizedCallback incorrect state"),p.throwError(new Error("incorrect state"));var r=new l.HttpHeaders;r=r.set("Content-Type","application/x-www-form-urlencoded");var s=a.oneLineTrim(ie=ie||_(["grant_type=authorization_code&client_id=","\n &code_verifier=","\n &code=","&redirect_uri=",""],["grant_type=authorization_code&client_id=","\n &code_verifier=","\n &code=","&redirect_uri=",""]),this.configurationProvider.openIDConfiguration.client_id,this.oidcSecurityCommon.code_verifier,e,this.configurationProvider.openIDConfiguration.redirect_url);return"running"===this.oidcSecurityCommon.silentRenewRunning&&(s=a.oneLineTrim(ne=ne||_(["grant_type=authorization_code&client_id=","\n &code_verifier=","\n &code=","\n &redirect_uri=",""],["grant_type=authorization_code&client_id=","\n &code_verifier=","\n &code=","\n &redirect_uri=",""]),this.configurationProvider.openIDConfiguration.client_id,this.oidcSecurityCommon.code_verifier,e,this.configurationProvider.openIDConfiguration.silent_renew_url)),this.httpClient.post(t,s,{headers:r}).pipe(v.map(function(e){var t=new Object;return(t=e).state=o,t.session_state=i,n.authorizedCodeFlowCallbackProcedure(t),undefined}),v.catchError(function(e){return n.loggerService.logError(e),n.loggerService.logError("OidcService code request "+n.configurationProvider.openIDConfiguration.stsServer),p.throwError(e)}))},se.prototype.authorizedCodeFlowCallbackProcedure=function(e){var t="running"===this.oidcSecurityCommon.silentRenewRunning;this.loggerService.logDebug("BEGIN authorized Code Flow Callback, no auth data"),this.resetAuthorizationData(t),this.authorizedCallbackProcedure(e,t)},se.prototype.authorizedImplicitFlowCallbackProcedure=function(e){var t="running"===this.oidcSecurityCommon.silentRenewRunning;this.loggerService.logDebug("BEGIN authorizedCallback, no auth data"),this.resetAuthorizationData(t);var o=(e=e||window.location.hash.substr(1)).split("&").reduce(function(e,t){var o=t.split("=");return e[o.shift()]=o.join("="),e},{});this.authorizedCallbackProcedure(o,t)},se.prototype.authorizedImplicitFlowCallback=function(e){var t=this;this._isModuleSetup.pipe(v.filter(function(e){return e}),v.take(1)).subscribe(function(){t.authorizedImplicitFlowCallbackProcedure(e)})},se.prototype.redirectTo=function(e){window.location.href=e},se.prototype.authorizedCallbackProcedure=function(o,i){var n=this;this.oidcSecurityCommon.authResult=o,this.configurationProvider.openIDConfiguration.history_cleanup_off||i?this.loggerService.logDebug("history clean up inactive"):window.history.replaceState({},window.document.title,window.location.origin+window.location.pathname),o.error?(i?this.loggerService.logDebug(o):this.loggerService.logWarning(o),"login_required"===o.error?this._onAuthorizationResult.next(new u(c.unauthorized,d.LoginRequired,i)):this._onAuthorizationResult.next(new u(c.unauthorized,d.SecureTokenServerError,i)),this.resetAuthorizationData(!1),this.oidcSecurityCommon.authNonce="",this.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||this.router.navigate([this.configurationProvider.openIDConfiguration.unauthorized_route])):(this.loggerService.logDebug(o),this.loggerService.logDebug("authorizedCallback created, begin token validation"),this.getSigningKeys().subscribe(function(e){var t=n.getValidatedStateResult(o,e);t.authResponseIsValid?(n.setAuthorizationData(t.access_token,t.id_token),n.oidcSecurityCommon.silentRenewRunning="",n.configurationProvider.openIDConfiguration.auto_userinfo?n.getUserinfo(i,o,t.id_token,t.decoded_id_token).subscribe(function(e){e?(n._onAuthorizationResult.next(new u(c.authorized,t.state,i)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||n.router.navigate([n.configurationProvider.openIDConfiguration.post_login_route])):(n._onAuthorizationResult.next(new u(c.unauthorized,t.state,i)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||n.router.navigate([n.configurationProvider.openIDConfiguration.unauthorized_route]))},function(e){n.loggerService.logWarning("Failed to retreive user info with error: "+JSON.stringify(e))}):(i||(n.oidcSecurityUserService.setUserData(t.decoded_id_token),n.setUserData(n.oidcSecurityUserService.getUserData())),n.runTokenValidation(),n._onAuthorizationResult.next(new u(c.authorized,t.state,i)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||n.router.navigate([n.configurationProvider.openIDConfiguration.post_login_route]))):(n.loggerService.logWarning("authorizedCallback, token(s) validation failed, resetting"),n.loggerService.logWarning(window.location.hash),n.resetAuthorizationData(!1),n.oidcSecurityCommon.silentRenewRunning="",n._onAuthorizationResult.next(new u(c.unauthorized,t.state,i)),n.configurationProvider.openIDConfiguration.trigger_authorization_result_event||i||n.router.navigate([n.configurationProvider.openIDConfiguration.unauthorized_route]))},function(e){n.loggerService.logWarning("Failed to retreive siging key with error: "+JSON.stringify(e)),n.oidcSecurityCommon.silentRenewRunning=""}))},se.prototype.getUserinfo=function(e,o,t,i){var n=this;return void 0===e&&(e=!1),o=o||this.oidcSecurityCommon.authResult,t=t||this.oidcSecurityCommon.idToken,i=i||this.tokenHelperService.getPayloadFromToken(t,!1),new p.Observable(function(t){"id_token token"===n.configurationProvider.openIDConfiguration.response_type||"code"===n.configurationProvider.openIDConfiguration.response_type?e&&n._userData.value?(n.oidcSecurityCommon.sessionState=o.session_state,t.next(!0),t.complete()):n.oidcSecurityUserService.initUserData().subscribe(function(){n.loggerService.logDebug("authorizedCallback (id_token token || code) flow");var e=n.oidcSecurityUserService.getUserData();n.oidcSecurityValidation.validate_userdata_sub_id_token(i.sub,e.sub)?(n.setUserData(e),n.loggerService.logDebug(n.oidcSecurityCommon.accessToken),n.loggerService.logDebug(n.oidcSecurityUserService.getUserData()),n.oidcSecurityCommon.sessionState=o.session_state,n.runTokenValidation(),t.next(!0)):(n.loggerService.logWarning("authorizedCallback, User data sub does not match sub in id_token"),n.loggerService.logDebug("authorizedCallback, token(s) validation failed, resetting"),n.resetAuthorizationData(!1),t.next(!1)),t.complete()}):(n.loggerService.logDebug("authorizedCallback id_token flow"),n.loggerService.logDebug(n.oidcSecurityCommon.accessToken),n.oidcSecurityUserService.setUserData(i),n.setUserData(n.oidcSecurityUserService.getUserData()),n.oidcSecurityCommon.sessionState=o.session_state,n.runTokenValidation(),t.next(!0),t.complete())})},se.prototype.logoff=function(e){if(this.loggerService.logDebug("BEGIN Authorize, no auth data"),this.configurationProvider.wellKnownEndpoints)if(this.configurationProvider.wellKnownEndpoints.end_session_endpoint){var t=this.configurationProvider.wellKnownEndpoints.end_session_endpoint,o=this.oidcSecurityCommon.idToken,i=this.createEndSessionUrl(t,o);this.resetAuthorizationData(!1),this.configurationProvider.openIDConfiguration.start_checksession&&this.checkSessionChanged?this.loggerService.logDebug("only local login cleaned up, server session has changed"):e?e(i):this.redirectTo(i)}else this.resetAuthorizationData(!1),this.loggerService.logDebug("only local login cleaned up, no end_session_endpoint");else this.loggerService.logWarning("authWellKnownEndpoints is undefined")},se.prototype.refreshSession=function(){if(!this.configurationProvider.openIDConfiguration.silent_renew)return p.of(!1);this.loggerService.logDebug("BEGIN refresh session Authorize"),this.oidcSecurityCommon.silentRenewRunning="running";var e=this.oidcSecurityCommon.authStateControl;""!==e&&null!==e||(e=Date.now()+""+Math.random()+Math.random(),this.oidcSecurityCommon.authStateControl=e);var t="N"+Math.random()+Date.now();this.oidcSecurityCommon.authNonce=t,this.loggerService.logDebug("RefreshSession created. adding myautostate: "+this.oidcSecurityCommon.authStateControl);var o="";if("code"===this.configurationProvider.openIDConfiguration.response_type){if(this.configurationProvider.openIDConfiguration.use_refresh_token){var i=this.oidcSecurityCommon.getRefreshToken();if(i)return this.loggerService.logDebug("found refresh code, obtaining new credentials with refresh code"),this.oidcSecurityCommon.authNonce=K.RefreshTokenNoncePlaceholder,this.refreshTokensWithCodeProcedure(i,e);this.loggerService.logDebug("no refresh token found, using silent renew")}var n="C"+Math.random()+Date.now()+Date.now()+Math.random(),r=this.oidcSecurityValidation.generate_code_verifier(n);this.oidcSecurityCommon.code_verifier=n,this.configurationProvider.wellKnownEndpoints?o=this.createAuthorizeUrl(!0,r,this.configurationProvider.openIDConfiguration.silent_renew_url,t,e,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||"","none"):this.loggerService.logWarning("authWellKnownEndpoints is undefined")}else this.configurationProvider.wellKnownEndpoints?o=this.createAuthorizeUrl(!1,"",this.configurationProvider.openIDConfiguration.silent_renew_url,t,e,this.configurationProvider.wellKnownEndpoints.authorization_endpoint||"","none"):this.loggerService.logWarning("authWellKnownEndpoints is undefined");return this.oidcSecuritySilentRenew.startRenew(o).pipe(v.map(function(){return!0}))},se.prototype.handleError=function(e){var t="running"===this.oidcSecurityCommon.silentRenewRunning;if(this.loggerService.logError(e),403===e.status||"403"===e.status)this.configurationProvider.openIDConfiguration.trigger_authorization_result_event?this._onAuthorizationResult.next(new u(c.unauthorized,d.NotSet,t)):this.router.navigate([this.configurationProvider.openIDConfiguration.forbidden_route]);else if(401===e.status||"401"===e.status){var o=this.oidcSecurityCommon.silentRenewRunning;this.resetAuthorizationData(!!o),this.configurationProvider.openIDConfiguration.trigger_authorization_result_event?this._onAuthorizationResult.next(new u(c.unauthorized,d.NotSet,t)):this.router.navigate([this.configurationProvider.openIDConfiguration.unauthorized_route])}},se.prototype.startCheckingSilentRenew=function(){this.runTokenValidation()},se.prototype.stopCheckingSilentRenew=function(){this._scheduledHeartBeat&&(clearTimeout(this._scheduledHeartBeat),this._scheduledHeartBeat=null,this.runTokenValidationRunning=!1)},se.prototype.resetAuthorizationData=function(e){e||(this.configurationProvider.openIDConfiguration.auto_userinfo&&this.setUserData(""),this.oidcSecurityCommon.resetStorageData(e),this.checkSessionChanged=!1,this.setIsAuthorized(!1))},se.prototype.getEndSessionUrl=function(){if(this.configurationProvider.wellKnownEndpoints&&this.configurationProvider.wellKnownEndpoints.end_session_endpoint){var e=this.configurationProvider.wellKnownEndpoints.end_session_endpoint,t=this.oidcSecurityCommon.idToken;return this.createEndSessionUrl(e,t)}},se.prototype.getValidatedStateResult=function(e,t){return e.error?new s("","",!1,{}):this.stateValidationService.validateState(e,t)},se.prototype.setUserData=function(e){this.oidcSecurityCommon.userData=e,this._userData.next(e)},se.prototype.setIsAuthorized=function(e){this._isAuthorized.next(e)},se.prototype.setAuthorizationData=function(e,t){""!==this.oidcSecurityCommon.accessToken&&(this.oidcSecurityCommon.accessToken=""),this.loggerService.logDebug(e),this.loggerService.logDebug(t),this.loggerService.logDebug("storing to storage, getting the roles"),this.oidcSecurityCommon.accessToken=e,this.oidcSecurityCommon.idToken=t,this.setIsAuthorized(!0),this.oidcSecurityCommon.isAuthorized=!0},se.prototype.createAuthorizeUrl=function(e,t,o,i,n,r,s){var a=r.split("?"),u=a[0],c=new l.HttpParams({fromString:a[1],encoder:new X});c=(c=(c=(c=(c=(c=c.set("client_id",this.configurationProvider.openIDConfiguration.client_id)).append("redirect_uri",o)).append("response_type",this.configurationProvider.openIDConfiguration.response_type)).append("scope",this.configurationProvider.openIDConfiguration.scope)).append("nonce",i)).append("state",n),e&&(c=(c=c.append("code_challenge",t)).append("code_challenge_method","S256")),s&&(c=c.append("prompt",s)),this.configurationProvider.openIDConfiguration.hd_param&&(c=c.append("hd",this.configurationProvider.openIDConfiguration.hd_param));var d=Object.assign({},this.oidcSecurityCommon.customRequestParams);return Object.keys(d).forEach(function(e){c=c.append(e,d[e].toString())}),u+"?"+c},se.prototype.createEndSessionUrl=function(e,t){var o=e.split("?"),i=o[0],n=new l.HttpParams({fromString:o[1],encoder:new X});return i+"?"+(n=(n=n.set("id_token_hint",t)).append("post_logout_redirect_uri",this.configurationProvider.openIDConfiguration.post_logout_redirect_uri))},se.prototype.getSigningKeys=function(){return this.configurationProvider.wellKnownEndpoints?(this.loggerService.logDebug("jwks_uri: "+this.configurationProvider.wellKnownEndpoints.jwks_uri),this.oidcDataService.get(this.configurationProvider.wellKnownEndpoints.jwks_uri||"").pipe(v.catchError(this.handleErrorGetSigningKeys))):(this.loggerService.logWarning("getSigningKeys: authWellKnownEndpoints is undefined"),this.oidcDataService.get("undefined").pipe(v.catchError(this.handleErrorGetSigningKeys)))},se.prototype.handleErrorGetSigningKeys=function(e){var t;if(e instanceof Response){var o=e.json()||{},i=JSON.stringify(o);t=e.status+" - "+(e.statusText||"")+" "+i}else t=e.message?e.message:e.toString();return this.loggerService.logError(t),p.throwError(t)},se.prototype.runTokenValidation=function(){var t=this;if(!this.runTokenValidationRunning&&this.configurationProvider.openIDConfiguration.silent_renew){this.runTokenValidationRunning=!0,this.loggerService.logDebug("runTokenValidation silent-renew running");var o=function(){if(t.loggerService.logDebug("silentRenewHeartBeatCheck\r\n\tsilentRenewRunning: "+("running"===t.oidcSecurityCommon.silentRenewRunning)+"\r\n\tidToken: "+!!t.getIdToken()+"\r\n\t_userData.value: "+!!t._userData.value),t._userData.value&&"running"!==t.oidcSecurityCommon.silentRenewRunning&&t.getIdToken()&&t.oidcSecurityValidation.isTokenExpired(t.oidcSecurityCommon.idToken,t.configurationProvider.openIDConfiguration.silent_renew_offset_in_seconds)){if(t.loggerService.logDebug("IsAuthorized: id_token isTokenExpired, start silent renew if active"),t.configurationProvider.openIDConfiguration.silent_renew)return void t.refreshSession().subscribe(function(){t._scheduledHeartBeat=setTimeout(o,3e3)},function(e){t.loggerService.logError("Error: "+e),t._scheduledHeartBeat=setTimeout(o,3e3)});t.resetAuthorizationData(!1)}t._scheduledHeartBeat=setTimeout(o,3e3)};this.zone.runOutsideAngular(function(){t._scheduledHeartBeat=setTimeout(o,1e4)})}},se.prototype.silentRenewEventHandler=function(e){if(this.loggerService.logDebug("silentRenewEventHandler"),"code"===this.configurationProvider.openIDConfiguration.response_type){var t=e.detail.toString().split("?"),o=new l.HttpParams({fromString:t[1]}),i=o.get("code"),n=o.get("state"),r=o.get("session_state"),s=o.get("error");i&&n&&this.requestTokensWithCodeProcedure(i,n,r),s&&(this._onAuthorizationResult.next(new u(c.unauthorized,d.LoginRequired,!0)),this.resetAuthorizationData(!1),this.oidcSecurityCommon.authNonce="",this.loggerService.logDebug(e.detail.toString()))}else this.authorizedImplicitFlowCallback(e.detail)},se.decorators=[{type:i.Injectable}],se.ctorParameters=function(){return[{type:g},{type:N},{type:o.Router},{type:q},{type:$},{type:Z},{type:U},{type:K},{type:A},{type:I},{type:i.NgZone},{type:l.HttpClient},{type:k},{type:te}]},se);function se(e,t,o,i,n,r,s,a,u,c,d,l,g,h){var f=this;this.oidcDataService=e,this.stateValidationService=t,this.router=o,this.oidcSecurityCheckSession=i,this.oidcSecuritySilentRenew=n,this.oidcSecurityUserService=r,this.oidcSecurityCommon=s,this.oidcSecurityValidation=a,this.tokenHelperService=u,this.loggerService=c,this.zone=d,this.httpClient=l,this.configurationProvider=g,this.urlParserService=h,this._onModuleSetup=new p.Subject,this._onCheckSessionChanged=new p.Subject,this._onAuthorizationResult=new p.Subject,this.checkSessionChanged=!1,this.moduleSetup=!1,this._isModuleSetup=new p.BehaviorSubject(!1),this._isAuthorized=new p.BehaviorSubject(!1),this._userData=new p.BehaviorSubject(""),this.authWellKnownEndpointsLoaded=!1,this.runTokenValidationRunning=!1,this.onModuleSetup.pipe(v.take(1)).subscribe(function(){f.moduleSetup=!0,f._isModuleSetup.next(!0)}),this._isSetupAndAuthorized=this._isModuleSetup.pipe(v.filter(function(e){return e}),v.switchMap(function(){if(!f.configurationProvider.openIDConfiguration.silent_renew)return f.loggerService.logDebug("IsAuthorizedRace: Silent Renew Not Active. Emitting."),p.from([!0]);var e=f._isAuthorized.asObservable().pipe(v.filter(function(e){return e}),v.take(1),v.tap(function(){return f.loggerService.logDebug("IsAuthorizedRace: Existing token is still authorized.")}),v.race(f._onAuthorizationResult.pipe(v.take(1),v.tap(function(){return f.loggerService.logDebug("IsAuthorizedRace: Silent Renew Refresh Session Complete")}),v.map(function(){return!0})),p.timer(1e3*f.configurationProvider.openIDConfiguration.isauthorizedrace_timeout_in_seconds).pipe(v.tap(function(){f.resetAuthorizationData(!1),f.oidcSecurityCommon.authNonce="",f.loggerService.logWarning("IsAuthorizedRace: Timeout reached. Emitting.")}),v.map(function(){return!0}))));return f.loggerService.logDebug("Silent Renew is active, check if token in storage is active"),""!==f.oidcSecurityCommon.authNonce&&f.oidcSecurityCommon.authNonce!==undefined||(f.loggerService.logDebug("Silent Renew or login not running, try to refresh the session"),f.refreshSession().subscribe()),e}),v.tap(function(){return f.loggerService.logDebug("IsAuthorizedRace: Completed")}),v.switchMapTo(this._isAuthorized.asObservable()),v.tap(function(e){return f.loggerService.logDebug("getIsAuthorized: "+e)}),v.shareReplay(1)),this._isSetupAndAuthorized.pipe(v.filter(function(){return f.configurationProvider.openIDConfiguration.start_checksession})).subscribe(function(e){e?f.oidcSecurityCheckSession.startCheckingSession(f.configurationProvider.openIDConfiguration.client_id):f.oidcSecurityCheckSession.stopCheckingSession()})}var ae=(ue.forRoot=function(e){return void 0===e&&(e={}),{ngModule:ue,providers:[B,re,K,q,$,Z,U,A,I,P,R,g,N,{provide:O,useClass:e.storage||j}]}},ue.decorators=[{type:i.NgModule}],ue);function ue(){}e.AuthorizationResult=u,e.AuthorizationState=c,e.JwtKeys=n,e.JwtKey=r,e.ValidateStateResult=s,e.ValidationResult=d,e.AuthModule=ae,e.TokenHelperService=A,e.OidcConfigService=B,e.OidcSecurityService=re,e.OidcSecurityStorage=O,e.BrowserStorage=j,e.OidcSecurityValidation=K,e.LoggerService=I,e.ɵc=g,e.ɵa=k,e.ɵh=P,e.ɵf=R,e.ɵd=N,e.ɵg=q,e.ɵe=U,e.ɵi=$,e.ɵj=Z,e.ɵb=y,e.ɵk=te,Object.defineProperty(e,"__esModule",{value:!0})}); | ||
| //# sourceMappingURL=angular-auth-oidc-client.umd.min.js.map |
@@ -30,3 +30,3 @@ { | ||
| "license": "MIT", | ||
| "version": "10.0.12", | ||
| "version": "10.0.13", | ||
| "description": "An OpenID Connect Code Flow with PKCE,Implicit Flow client for Angular", | ||
@@ -33,0 +33,0 @@ "main": "bundles/angular-auth-oidc-client.umd.js", |
@@ -42,3 +42,3 @@ # Angular Lib for OpenID Connect Code Flow with PKCE and Implicit Flow | ||
| ```typescript | ||
| "angular-auth-oidc-client": "^10.0.12" | ||
| "angular-auth-oidc-client": "^10.0.13" | ||
| ``` | ||
@@ -45,0 +45,0 @@ |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
2203032
No dependency changes