keycloak-js - npm Package Compare versions

Comparing version 3.1.0 to 3.2.0-cr.1

bower.json

 {
   "name": "keycloak",
-  "version": "3.1.0",
+  "version": "3.2.0-cr.1",
   "main": "dist/keycloak.js",
@@ -5,0 +5,0 @@ "ignore": [

dist/keycloak.d.ts

 /*
- * Copyright 2017 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
+ * MIT License
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * Copyright 2017 Brett Epps <https://github.com/eppsilon>
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+ * associated documentation files (the "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
+ * following conditions:
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * The above copyright notice and this permission notice shall be included in all copies or substantial
+ * portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
-declare module KeycloakModule {
+export as namespace Keycloak;
 
-    export interface Promise {
-        success(callback: Function): Promise;
-        error(callback: Function): Promise;
-    }
+export = Keycloak;
 
-    export type ResponseModes = "query" | "fragment";
-    export type Flows = "standard" | "implicit" | "hybrid";
-    
-    export interface InitOptions {
-        checkLoginIframe?: boolean;
-        checkLoginIframeInterval?: number;
-        onLoad?: string;
-        adapter?: string;
-        responseMode?: ResponseModes;
-        flow?: Flows;
-        token?: string;
-        refreshToken?: string;
-        idToken?: string;
-        timeSkew?: number;
-    }
+/**
+ * Creates a new Keycloak client instance.
+ * @param config Path to a JSON config file or a plain config object.
+ */
+declare function Keycloak(config?: string|{}): Keycloak.KeycloakInstance;
 
-    export interface LoginOptions {
-        redirectUri?: string;
-        prompt?: string;
-        maxAge?: number;
-        loginHint?: string;
-        action?: string;
-        locale?: string;
-    }
+declare namespace Keycloak {
+	type KeycloakAdapterName = 'cordova'|'default';
+	type KeycloakOnLoad = 'login-required'|'check-sso';
+	type KeycloakResponseMode = 'query'|'fragment';
+	type KeycloakResponseType = 'code'|'id_token token'|'code id_token token';
+	type KeycloakFlow = 'standard'|'implicit'|'hybrid';
 
-    export interface RedirectUriOptions {
-        redirectUri?: string;
-    }
+	interface KeycloakInitOptions {
+		/**
+		 * @private Undocumented.
+		 */
+		adapter?: KeycloakAdapterName;
 
-    export interface KeycloakClient {
-        init(options?: InitOptions): Promise;
-        login(options?: LoginOptions): Promise;
-        createLoginUrl(options?: LoginOptions): string;
-        logout(options?: RedirectUriOptions): Promise;
-        createLogoutUrl(options?: RedirectUriOptions): string;
-        register(options?: LoginOptions): Promise;
-        createRegisterUrl(options?: RedirectUriOptions): string;
-        accountManagement(): Promise;
-        createAccountUrl(options?: RedirectUriOptions): string;
-        hasRealmRole(role: string): boolean;
-        hasResourceRole(role: string, resource?: string): boolean;
-        loadUserProfile(): Promise;
-        isTokenExpired(minValidity: number): boolean;
-        updateToken(minValidity: number): Promise;
-        clearToken(): any;
+		/**
+		 * Specifies an action to do on load.
+		 */
+		onLoad?: KeycloakOnLoad;
 
-        realm: string;
-        clientId: string;
-        authServerUrl: string;
+		/**
+		 * Set an initial value for the token.
+		 */
+		token?: string;
 
-        token: string;
-        tokenParsed: any;
-        refreshToken: string;
-        refreshTokenParsed: any;
-        idToken: string;
-        idTokenParsed: any;
-        realmAccess: any;
-        resourceAccess: any;
-        authenticated: boolean;
-        subject: string;
-        timeSkew: number;
-        responseMode: ResponseModes;
-        flow: Flows;
-        responseType: string;
+		/**
+		 * Set an initial value for the refresh token.
+		 */
+		refreshToken?: string;
 
-        onReady: Function;
-        onAuthSuccess: Function;
-        onAuthError: Function;
-        onAuthRefreshSuccess: Function;
-        onAuthRefreshError: Function;
-        onAuthLogout: Function;
-        onTokenExpired: Function;
-    }
+		/**
+		 * Set an initial value for the id token (only together with `token` or
+		 * `refreshToken`).
+		 */
+		idToken?: string;
+
+		/**
+		 * Set an initial value for skew between local time and Keycloak server in
+		 * seconds (only together with `token` or `refreshToken`).
+		 */
+		timeSkew?: number;
+
+		/**
+		 * Set to enable/disable monitoring login state.
+		 * @default true
+		 */
+		checkLoginIframe?: boolean;
+
+		/**
+		 * Set the interval to check login state (in seconds).
+		 * @default 5
+		 */
+		checkLoginIframeInterval?: boolean;
+
+		/**
+		 * Set the OpenID Connect response mode to send to Keycloak upon login.
+		 * @default fragment After successful authentication Keycloak will redirect
+		 *                   to JavaScript application with OpenID Connect parameters
+		 *                   added in URL fragment. This is generally safer and
+		 *                   recommended over query.
+		 */
+		responseMode?: KeycloakResponseMode;
+
+		/**
+		 * Set the OpenID Connect flow.
+		 * @default standard
+		 */
+		flow?: KeycloakFlow;
+	}
+
+	interface KeycloakLoginOptions {
+		/**
+		 * @private Undocumented.
+		 */
+		scope?: string;
+
+		/**
+		 * Specifies the uri to redirect to after login.
+		 */
+		redirectUri?: string;
+
+		/**
+		 * By default the login screen is displayed if the user is not logged into
+		 * Keycloak. To only authenticate to the application if the user is already
+		 * logged in and not display the login page if the user is not logged in, set
+		 * this option to `'none'`. To always require re-authentication and ignore
+		 * SSO, set this option to `'login'`.
+		 */
+		prompt?: 'none'|'login';
+
+		/**
+		 * If value is `'register'` then user is redirected to registration page,
+		 * otherwise to login page.
+		 */
+		action?: 'register';
+
+		/**
+		 * Used just if user is already authenticated. Specifies maximum time since
+		 * the authentication of user happened. If user is already authenticated for
+		 * longer time than `'maxAge'`, the SSO is ignored and he will need to
+		 * authenticate again.
+		 */
+		maxAge?: number;
+
+		/**
+		 * Used to pre-fill the username/email field on the login form.
+		 */
+		loginHint?: string;
+
+		/**
+		 * Used to tell Keycloak which IDP the user wants to authenticate with.
+		 */
+		idpHint?: string;
+
+		/**
+		 * Specifies the desired locale for the UI.
+		 */
+		locale?: string;
+	}
+
+	type KeycloakPromiseCallback<T> = (result: T) => void;
+
+	interface KeycloakPromise<TSuccess, TError> {
+		/**
+		 * Function to call if the promised action succeeds.
+		 */
+		success(callback: KeycloakPromiseCallback<TSuccess>): KeycloakPromise<TSuccess, TError>;
+
+		/**
+		 * Function to call if the promised action throws an error.
+		 */
+		error(callback: KeycloakPromiseCallback<TError>): KeycloakPromise<TSuccess, TError>;
+	}
+
+	interface KeycloakError {
+		error: string;
+		error_description: string;
+	}
+
+	interface KeycloakAdapter {
+		login(options?: KeycloakLoginOptions): KeycloakPromise<void, void>;
+		logout(options?: any): KeycloakPromise<void, void>;
+		register(options?: KeycloakLoginOptions): KeycloakPromise<void, void>;
+		accountManagement(): KeycloakPromise<void, void>;
+		redirectUri(options: { redirectUri: string; }, encodeHash: boolean): string;
+	}
+
+	interface KeycloakProfile {
+		id?: string;
+		username?: string;
+		email?: string;
+		firstName?: string;
+		lastName?: string;
+		enabled?: boolean;
+		emailVerified?: boolean;
+		totp?: boolean;
+		createdTimestamp?: number;
+	}
+
+	// export interface KeycloakUserInfo {}
+
+	/**
+	 * A client for the Keycloak authentication server.
+	 * @see {@link https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/javascript-adapter.html|Keycloak JS adapter documentation}
+	 */
+	interface KeycloakInstance {
+		/**
+		 * Is true if the user is authenticated, false otherwise.
+		 */
+		authenticated?: boolean;
+
+		/**
+		 * The user id.
+		 */
+		subject?: string;
+
+		/**
+		 * Response mode passed in init (default value is `'fragment'`).
+		 */
+		responseMode?: KeycloakResponseMode;
+
+		/**
+		 * Response type sent to Keycloak with login requests. This is determined
+		 * based on the flow value used during initialization, but can be overridden
+		 * by setting this value.
+		 */
+		responseType?: KeycloakResponseType;
+
+		/**
+		 * Flow passed in init.
+		 */
+		flow?: KeycloakFlow;
+
+		/**
+		 * The realm roles associated with the token.
+		 */
+		realmAccess?: { roles: string[] };
+
+		/**
+		 * The resource roles associated with the token.
+		 */
+		resourceAccess?: string[];
+
+		/**
+		 * The base64 encoded token that can be sent in the Authorization header in
+		 * requests to services.
+		 */
+		token?: string;
+
+		/**
+		 * The parsed token as a JavaScript object.
+		 */
+		tokenParsed?: {
+			exp?: number;
+			iat?: number;
+			nonce?: string;
+			sub?: string;
+			session_state?: string;
+			realm_access?: { roles: string[] };
+			resource_access?: string[];
+		};
+
+		/**
+		 * The base64 encoded refresh token that can be used to retrieve a new token.
+		 */
+		refreshToken?: string;
+
+		/**
+		 * The parsed refresh token as a JavaScript object.
+		 */
+		refreshTokenParsed?: { nonce?: string };
+
+		/**
+		 * The base64 encoded ID token.
+		 */
+		idToken?: string;
+
+		/**
+		 * The parsed id token as a JavaScript object.
+		 */
+		idTokenParsed?: { nonce?: string };
+
+		/**
+		 * The estimated time difference between the browser time and the Keycloak
+		 * server in seconds. This value is just an estimation, but is accurate
+		 * enough when determining if a token is expired or not.
+		 */
+		timeSkew?: number;
+
+		/**
+		 * @private Undocumented.
+		 */
+		loginRequired?: boolean;
+
+		/**
+		 * @private Undocumented.
+		 */
+		authServerUrl?: string;
+
+		/**
+		 * @private Undocumented.
+		 */
+		realm?: string;
+
+		/**
+		 * @private Undocumented.
+		 */
+		clientId?: string;
+
+		/**
+		 * @private Undocumented.
+		 */
+		clientSecret?: string;
+
+		/**
+		 * @private Undocumented.
+		 */
+		redirectUri?: string;
+
+		/**
+		 * @private Undocumented.
+		 */
+		sessionId?: string;
+
+		/**
+		 * @private Undocumented.
+		 */
+		profile?: KeycloakProfile;
+
+		/**
+		 * @private Undocumented.
+		 */
+		userInfo?: {}; // KeycloakUserInfo;
+
+		/**
+		 * Called when the adapter is initialized.
+		 */
+		onReady?(authenticated?: boolean): void;
+
+		/**
+		 * Called when a user is successfully authenticated.
+		 */
+		onAuthSuccess?(): void;
+
+		/**
+		 * Called if there was an error during authentication.
+		 */
+		onAuthError?(errorData: KeycloakError): void;
+
+		/**
+		 * Called when the token is refreshed.
+		 */
+		onAuthRefreshSuccess?(): void;
+
+		/**
+		 * Called if there was an error while trying to refresh the token.
+		 */
+		onAuthRefreshError?(): void;
+
+		/**
+		 * Called if the user is logged out (will only be called if the session
+		 * status iframe is enabled, or in Cordova mode).
+		 */
+		onAuthLogout?(): void;
+
+		/**
+		 * Called when the access token is expired. If a refresh token is available
+		 * the token can be refreshed with Keycloak#updateToken, or in cases where
+		 * it's not (ie. with implicit flow) you can redirect to login screen to
+		 * obtain a new access token.
+		 */
+		onTokenExpired?(): void;
+
+		/**
+		 * Called to initialize the adapter.
+		 * @param initOptions Initialization options.
+		 * @returns A promise to set functions to be invoked on success or error.
+		 */
+		init(initOptions: KeycloakInitOptions): KeycloakPromise<boolean, KeycloakError>;
+
+		/**
+		 * Redirects to login form.
+		 * @param options Login options.
+		 */
+		login(options?: KeycloakLoginOptions): KeycloakPromise<void, void>;
+
+		/**
+		 * Redirects to logout.
+		 * @param options Logout options.
+		 * @param options.redirectUri Specifies the uri to redirect to after logout.
+		 */
+		logout(options?: any): KeycloakPromise<void, void>;
+
+		/**
+		 * Redirects to registration form.
+		 * @param options Supports same options as Keycloak#login but `action` is
+		 *                set to `'register'`.
+		 */
+		register(options?: any): KeycloakPromise<void, void>;
+
+		/**
+		 * Redirects to the Account Management Console.
+		 */
+		accountManagement(): KeycloakPromise<void, void>;
+
+		/**
+		 * Returns the URL to login form.
+		 * @param options Supports same options as Keycloak#login.
+		 */
+		createLoginUrl(options?: KeycloakLoginOptions): string;
+
+		/**
+		 * Returns the URL to logout the user.
+		 * @param options Logout options.
+		 * @param options.redirectUri Specifies the uri to redirect to after logout.
+		 */
+		createLogoutUrl(options?: any): string;
+
+		/**
+		 * Returns the URL to registration page.
+		 * @param options Supports same options as Keycloak#createLoginUrl but
+		 *                `action` is set to `'register'`.
+		 */
+		createRegisterUrl(options?: KeycloakLoginOptions): string;
+
+		/**
+		 * Returns the URL to the Account Management Console.
+		 */
+		createAccountUrl(): string;
+
+		/**
+		 * Returns true if the token has less than `minValidity` seconds left before
+		 * it expires.
+		 * @param minValidity If not specified, `0` is used.
+		 */
+		isTokenExpired(minValidity?: number): boolean;
+
+		/**
+		 * If the token expires within `minValidity` seconds, the token is refreshed.
+		 * If the session status iframe is enabled, the session status is also
+		 * checked.
+		 * @returns A promise to set functions that can be invoked if the token is
+		 *          still valid, or if the token is no longer valid.
+		 * @example
+		 * ```js
+		 * keycloak.updateToken(5).success(function(refreshed) {
+		 *   if (refreshed) {
+		 *     alert('Token was successfully refreshed');
+		 *   } else {
+		 *     alert('Token is still valid');
+		 *   }
+		 * }).error(function() {
+		 *   alert('Failed to refresh the token, or the session has expired');
+		 * });
+		 */
+		updateToken(minValidity: number): KeycloakPromise<boolean, boolean>;
+
+		/**
+		 * Clears authentication state, including tokens. This can be useful if
+		 * the application has detected the session was expired, for example if
+		 * updating token fails. Invoking this results in Keycloak#onAuthLogout
+		 * callback listener being invoked.
+		 */
+		clearToken(): void;
+
+		/**
+		 * Returns true if the token has the given realm role.
+		 * @param role A realm role name.
+		 */
+		hasRealmRole(role: string): boolean;
+
+		/**
+		 * Returns true if the token has the given role for the resource.
+		 * @param role A role name.
+		 * @param resource If not specified, `clientId` is used.
+		 */
+		hasResourceRole(role: string, resource?: string): boolean;
+
+		/**
+		 * Loads the user's profile.
+		 * @returns A promise to set functions to be invoked on success or error.
+		 */
+		loadUserProfile(): KeycloakPromise<KeycloakProfile, void>;
+
+		/**
+		 * @private Undocumented.
+		 */
+		loadUserInfo(): KeycloakPromise<{}, void>;
+	}
 }
-
-declare var Keycloak: {
-    new(config?: any): KeycloakModule.KeycloakClient;
-};

dist/keycloak.js

@@ -590,3 +590,3 @@ /*
                     if (req.readyState == 4) {
-                        if (req.status == 200) {
+                        if (req.status == 200 || fileLoaded(req)) {
                             var config = JSON.parse(req.responseText);
@@ -637,2 +637,6 @@
 
+        function fileLoaded(xhr) {
+            return xhr.status == 0 && xhr.responseText && xhr.responseURL.startsWith('file:');
+        }
+
         function setToken(token, refreshToken, idToken, timeLocal) {
@@ -639,0 +643,0 @@ if (kc.tokenTimeoutHandle) {

dist/keycloak.min.js

@@ -1,1 +0,1 @@
-(function(a,c){var b=function(z){if(!(this instanceof b)){return new b(z)}var h=this;var p;var u=[];var f;var v={enable:true,callbackList:[],interval:5};h.init=function(E){h.authenticated=false;f=q();if(E&&E.adapter==="cordova"){p=x("cordova")}else{if(E&&E.adapter==="default"){p=x()}else{if(a.Cordova){p=x("cordova")}else{p=x()}}}if(E){if(typeof E.checkLoginIframe!=="undefined"){v.enable=E.checkLoginIframe}if(E.checkLoginIframeInterval){v.interval=E.checkLoginIframeInterval}if(E.onLoad==="login-required"){h.loginRequired=true}if(E.responseMode){if(E.responseMode==="query"||E.responseMode==="fragment"){h.responseMode=E.responseMode}else{throw"Invalid value for responseMode"}}if(E.flow){switch(E.flow){case"standard":h.responseType="code";break;case"implicit":h.responseType="id_token token";break;case"hybrid":h.responseType="code id_token token";break;default:throw"Invalid value for flow"}h.flow=E.flow}if(E.timeSkew!=null){h.timeSkew=E.timeSkew}}if(!h.responseMode){h.responseMode="fragment"}if(!h.responseType){h.responseType="code";h.flow="standard"}var F=d();var B=d();B.promise.success(function(){h.onReady&&h.onReady(h.authenticated);F.setSuccess(h.authenticated)}).error(function(G){F.setError(G)});var D=j(z);function C(){var H=function(I){if(!I){G.prompt="none"}h.login(G).success(function(){B.setSuccess()}).error(function(){B.setError()})};var G={};switch(E.onLoad){case"check-sso":if(v.enable){y().success(function(){l().success(function(){H(false)}).error(function(){B.setSuccess()})})}else{H(false)}break;case"login-required":H(true);break;default:throw"Invalid value for onLoad"}}function A(){var G=g(a.location.href);if(G){y();a.history.replaceState({},null,G.newUrl);n(G,B);return}else{if(E){if(E.token&&E.refreshToken){t(E.token,E.refreshToken,E.idToken);if(v.enable){y().success(function(){l().success(function(){h.onAuthSuccess&&h.onAuthSuccess();B.setSuccess()}).error(function(){t(null,null,null);B.setSuccess()})})}else{h.updateToken(-1).success(function(){h.onAuthSuccess&&h.onAuthSuccess();B.setSuccess()}).error(function(){h.onAuthError&&h.onAuthError();if(E.onLoad){C()}else{B.setError()}})}}else{if(E.onLoad){C()}else{B.setSuccess()}}}else{B.setSuccess()}}}D.success(A);D.error(function(){F.setError()});return F.promise};h.login=function(A){return p.login(A)};h.createLoginUrl=function(C){var G=e();var E=e();var H=p.redirectUri(C);var A={state:G,nonce:E,redirectUri:encodeURIComponent(H),};if(C&&C.prompt){A.prompt=C.prompt}f.add(A);var F="auth";if(C&&C.action=="register"){F="registrations"}var D=(C&&C.scope)?"openid "+C.scope:"openid";var B=o()+"/protocol/openid-connect/"+F+"?client_id="+encodeURIComponent(h.clientId)+"&redirect_uri="+encodeURIComponent(H)+"&state="+encodeURIComponent(G)+"&nonce="+encodeURIComponent(E)+"&response_mode="+encodeURIComponent(h.responseMode)+"&response_type="+encodeURIComponent(h.responseType)+"&scope="+encodeURIComponent(D);if(C&&C.prompt){B+="&prompt="+encodeURIComponent(C.prompt)}if(C&&C.maxAge){B+="&max_age="+encodeURIComponent(C.maxAge)}if(C&&C.loginHint){B+="&login_hint="+encodeURIComponent(C.loginHint)}if(C&&C.idpHint){B+="&kc_idp_hint="+encodeURIComponent(C.idpHint)}if(C&&C.locale){B+="&ui_locales="+encodeURIComponent(C.locale)}return B};h.logout=function(A){return p.logout(A)};h.createLogoutUrl=function(B){var A=o()+"/protocol/openid-connect/logout?redirect_uri="+encodeURIComponent(p.redirectUri(B,false));return A};h.register=function(A){return p.register(A)};h.createRegisterUrl=function(A){if(!A){A={}}A.action="register";return h.createLoginUrl(A)};h.createAccountUrl=function(B){var A=o()+"/account?referrer="+encodeURIComponent(h.clientId)+"&referrer_uri="+encodeURIComponent(p.redirectUri(B));return A};h.accountManagement=function(){return p.accountManagement()};h.hasRealmRole=function(B){var A=h.realmAccess;return !!A&&A.roles.indexOf(B)>=0};h.hasResourceRole=function(C,B){if(!h.resourceAccess){return false}var A=h.resourceAccess[B||h.clientId];return !!A&&A.roles.indexOf(C)>=0};h.loadUserProfile=function(){var A=o()+"/account";var B=new XMLHttpRequest();B.open("GET",A,true);B.setRequestHeader("Accept","application/json");B.setRequestHeader("Authorization","bearer "+h.token);var C=d();B.onreadystatechange=function(){if(B.readyState==4){if(B.status==200){h.profile=JSON.parse(B.responseText);C.setSuccess(h.profile)}else{C.setError()}}};B.send();return C.promise};h.loadUserInfo=function(){var A=o()+"/protocol/openid-connect/userinfo";var B=new XMLHttpRequest();B.open("GET",A,true);B.setRequestHeader("Accept","application/json");B.setRequestHeader("Authorization","bearer "+h.token);var C=d();B.onreadystatechange=function(){if(B.readyState==4){if(B.status==200){h.userInfo=JSON.parse(B.responseText);C.setSuccess(h.userInfo)}else{C.setError()}}};B.send();return C.promise};h.isTokenExpired=function(A){if(!h.tokenParsed||(!h.refreshToken&&h.flow!="implicit")){throw"Not authenticated"}if(h.timeSkew==null){console.info("[KEYCLOAK] Unable to determine if token is expired as timeskew is not set");return true}var B=h.tokenParsed.exp-Math.ceil(new Date().getTime()/1000)+h.timeSkew;if(A){B-=A}return B<0};h.updateToken=function(A){var D=d();if(!h.refreshToken){D.setError();return D.promise}A=A||5;var B=function(){var G=false;if(A==-1){G=true;console.info("[KEYCLOAK] Refreshing token: forced refresh")}else{if(!h.tokenParsed||h.isTokenExpired(A)){G=true;console.info("[KEYCLOAK] Refreshing token: token expired")}}if(!G){D.setSuccess(false)}else{var I="grant_type=refresh_token&refresh_token="+h.refreshToken;var F=o()+"/protocol/openid-connect/token";u.push(D);if(u.length==1){var H=new XMLHttpRequest();H.open("POST",F,true);H.setRequestHeader("Content-type","application/x-www-form-urlencoded");H.withCredentials=true;if(h.clientId&&h.clientSecret){H.setRequestHeader("Authorization","Basic "+btoa(h.clientId+":"+h.clientSecret))}else{I+="&client_id="+encodeURIComponent(h.clientId)}var E=new Date().getTime();H.onreadystatechange=function(){if(H.readyState==4){if(H.status==200){console.info("[KEYCLOAK] Token refreshed");E=(E+new Date().getTime())/2;var K=JSON.parse(H.responseText);t(K.access_token,K.refresh_token,K.id_token,E);h.onAuthRefreshSuccess&&h.onAuthRefreshSuccess();for(var J=u.pop();J!=null;J=u.pop()){J.setSuccess(true)}}else{console.warn("[KEYCLOAK] Failed to refresh token");h.onAuthRefreshError&&h.onAuthRefreshError();for(var J=u.pop();J!=null;J=u.pop()){J.setError(true)}}}};H.send(I)}}};if(v.enable){var C=l();C.success(function(){B()}).error(function(){D.setError()})}else{B()}return D.promise};h.clearToken=function(){if(h.token){t(null,null,null);h.onAuthLogout&&h.onAuthLogout();if(h.loginRequired){h.login()}}};function o(){if(h.authServerUrl.charAt(h.authServerUrl.length-1)=="/"){return h.authServerUrl+"realms/"+encodeURIComponent(h.realm)}else{return h.authServerUrl+"/realms/"+encodeURIComponent(h.realm)}}function w(){if(!a.location.origin){return a.location.protocol+"//"+a.location.hostname+(a.location.port?":"+a.location.port:"")}else{return a.location.origin}}function n(H,K){var D=H.code;var I=H.error;var E=H.prompt;var C=new Date().getTime();if(I){if(E!="none"){var B={error:I,error_description:H.error_description};h.onAuthError&&h.onAuthError(B);K&&K.setError(B)}else{K&&K.setSuccess()}return}else{if((h.flow!="standard")&&(H.access_token||H.id_token)){G(H.access_token,null,H.id_token,true)}}if((h.flow!="implicit")&&D){var F="code="+D+"&grant_type=authorization_code";var A=o()+"/protocol/openid-connect/token";var J=new XMLHttpRequest();J.open("POST",A,true);J.setRequestHeader("Content-type","application/x-www-form-urlencoded");if(h.clientId&&h.clientSecret){J.setRequestHeader("Authorization","Basic "+btoa(h.clientId+":"+h.clientSecret))}else{F+="&client_id="+encodeURIComponent(h.clientId)}F+="&redirect_uri="+H.redirectUri;J.withCredentials=true;J.onreadystatechange=function(){if(J.readyState==4){if(J.status==200){var L=JSON.parse(J.responseText);G(L.access_token,L.refresh_token,L.id_token,h.flow==="standard")}else{h.onAuthError&&h.onAuthError();K&&K.setError()}}};J.send(F)}function G(L,M,O,N){C=(C+new Date().getTime())/2;t(L,M,O,C);if((h.tokenParsed&&h.tokenParsed.nonce!=H.storedNonce)||(h.refreshTokenParsed&&h.refreshTokenParsed.nonce!=H.storedNonce)||(h.idTokenParsed&&h.idTokenParsed.nonce!=H.storedNonce)){console.info("[KEYCLOAK] Invalid nonce, clearing token");h.clearToken();K&&K.setError()}else{if(N){h.onAuthSuccess&&h.onAuthSuccess();K&&K.setSuccess()}}}}function j(C){var F=d();var B;if(!z){B="keycloak.json"}else{if(typeof z==="string"){B=z}}if(B){var E=new XMLHttpRequest();E.open("GET",B,true);E.setRequestHeader("Accept","application/json");E.onreadystatechange=function(){if(E.readyState==4){if(E.status==200){var G=JSON.parse(E.responseText);h.authServerUrl=G["auth-server-url"];h.realm=G.realm;h.clientId=G.resource;h.clientSecret=(G.credentials||{})["secret"];F.setSuccess()}else{F.setError()}}};E.send()}else{if(!z.url){var A=document.getElementsByTagName("script");for(var D=0;D<A.length;D++){if(A[D].src.match(/.*keycloak\.js/)){z.url=A[D].src.substr(0,A[D].src.indexOf("/js/keycloak.js"));break}}}if(!z.realm){throw"realm missing"}if(!z.clientId){throw"clientId missing"}h.authServerUrl=z.url;h.realm=z.realm;h.clientId=z.clientId;h.clientSecret=(z.credentials||{}).secret;F.setSuccess()}return F.promise}function t(D,C,E,B){if(h.tokenTimeoutHandle){clearTimeout(h.tokenTimeoutHandle);h.tokenTimeoutHandle=null}if(C){h.refreshToken=C;h.refreshTokenParsed=r(C)}else{delete h.refreshToken;delete h.refreshTokenParsed}if(E){h.idToken=E;h.idTokenParsed=r(E)}else{delete h.idToken;delete h.idTokenParsed}if(D){h.token=D;h.tokenParsed=r(D);h.sessionId=h.tokenParsed.session_state;h.authenticated=true;h.subject=h.tokenParsed.sub;h.realmAccess=h.tokenParsed.realm_access;h.resourceAccess=h.tokenParsed.resource_access;if(B){h.timeSkew=Math.floor(B/1000)-h.tokenParsed.iat}if(h.timeSkew!=null){console.info("[KEYCLOAK] Estimated time difference between browser and server is "+h.timeSkew+" seconds");if(h.onTokenExpired){var A=(h.tokenParsed.exp-(new Date().getTime()/1000)+h.timeSkew)*1000;console.info("[KEYCLOAK] Token expires in "+Math.round(A/1000)+" s");if(A<=0){h.onTokenExpired()}else{h.tokenTimeoutHandle=setTimeout(h.onTokenExpired,A)}}}}else{delete h.token;delete h.tokenParsed;delete h.subject;delete h.realmAccess;delete h.resourceAccess;h.authenticated=false}}function r(A){A=A.split(".")[1];A=A.replace("/-/g","+");A=A.replace("/_/g","/");switch(A.length%4){case 0:break;case 2:A+="==";break;case 3:A+="=";break;default:throw"Invalid token"}A=(A+"===").slice(0,A.length+(A.length%4));A=A.replace(/-/g,"+").replace(/_/g,"/");A=decodeURIComponent(escape(atob(A)));A=JSON.parse(A);return A}function e(){var D=[];var A="0123456789abcdef";for(var B=0;B<36;B++){D[B]=A.substr(Math.floor(Math.random()*16),1)}D[14]="4";D[19]=A.substr((D[19]&3)|8,1);D[8]=D[13]=D[18]=D[23]="-";var C=D.join("");return C}h.callback_id=0;function s(){var A="<id: "+(h.callback_id++)+(Math.random())+">";return A}function g(B){var A=new k(B,h.responseMode).parseUri();var C=f.get(A.state);if(C&&(A.code||A.error||A.access_token||A.id_token)){A.redirectUri=C.redirectUri;A.storedNonce=C.nonce;A.prompt=C.prompt;if(A.fragment){A.newUrl+="#"+A.fragment}return A}}function d(){var A={setSuccess:function(B){A.success=true;A.result=B;if(A.successCallback){A.successCallback(B)}},setError:function(B){A.error=true;A.result=B;if(A.errorCallback){A.errorCallback(B)}},promise:{success:function(B){if(A.success){B(A.result)}else{if(!A.error){A.successCallback=B}}return A.promise},error:function(B){if(A.error){B(A.result)}else{if(!A.success){A.errorCallback=B}}return A.promise}}};return A}function y(){var E=d();if(!v.enable){E.setSuccess();return E.promise}if(v.iframe){E.setSuccess();return E.promise}var C=document.createElement("iframe");v.iframe=C;C.onload=function(){var F=o();if(F.charAt(0)==="/"){v.iframeOrigin=w()}else{v.iframeOrigin=F.substring(0,F.indexOf("/",8))}E.setSuccess();setTimeout(A,v.interval*1000)};var D=o()+"/protocol/openid-connect/login-status-iframe.html";C.setAttribute("src",D);C.style.display="none";document.body.appendChild(C);var B=function(H){if((H.origin!==v.iframeOrigin)||(v.iframe.contentWindow!==H.source)){return}if(!(H.data=="unchanged"||H.data=="changed"||H.data=="error")){return}if(H.data!="unchanged"){h.clearToken()}var G=v.callbackList.splice(0,v.callbackList.length);for(var F=G.length-1;F>=0;--F){var I=G[F];if(H.data=="unchanged"){I.setSuccess()}else{I.setError()}}};a.addEventListener("message",B,false);var A=function(){l();if(h.token){setTimeout(A,v.interval*1000)}};return E.promise}function l(){var C=d();if(v.iframe&&v.iframeOrigin){var B=h.clientId+" "+h.sessionId;v.callbackList.push(C);var A=v.iframeOrigin;if(v.callbackList.length==1){v.iframe.contentWindow.postMessage(B,A)}}else{C.setSuccess()}return C.promise}function x(A){if(!A||A=="default"){return{login:function(B){a.location.href=h.createLoginUrl(B);return d().promise},logout:function(B){a.location.href=h.createLogoutUrl(B);return d().promise},register:function(B){a.location.href=h.createRegisterUrl(B);return d().promise},accountManagement:function(){a.location.href=h.createAccountUrl();return d().promise},redirectUri:function(B,C){if(arguments.length==1){C=true}if(B&&B.redirectUri){return B.redirectUri}else{if(h.redirectUri){return h.redirectUri}else{var D=location.href;if(location.hash&&C){D=D.substring(0,location.href.indexOf("#"));D+=(D.indexOf("?")==-1?"?":"&")+"redirect_fragment="+encodeURIComponent(location.hash.substring(1))}return D}}}}}if(A=="cordova"){v.enable=false;return{login:function(B){var G=d();var F="location=no";if(B&&B.prompt=="none"){F+=",hidden=yes"}var E=h.createLoginUrl(B);var D=a.open(E,"_blank",F);var C=false;D.addEventListener("loadstart",function(H){if(H.url.indexOf("http://localhost")==0){var I=g(H.url);n(I,G);D.close();C=true}});D.addEventListener("loaderror",function(H){if(!C){if(H.url.indexOf("http://localhost")==0){var I=g(H.url);n(I,G);D.close();C=true}else{G.setError();D.close()}}});return G.promise},logout:function(D){var F=d();var B=h.createLogoutUrl(D);var E=a.open(B,"_blank","location=no,hidden=yes");var C;E.addEventListener("loadstart",function(G){if(G.url.indexOf("http://localhost")==0){E.close()}});E.addEventListener("loaderror",function(G){if(G.url.indexOf("http://localhost")==0){E.close()}else{C=true;E.close()}});E.addEventListener("exit",function(G){if(C){F.setError()}else{h.clearToken();F.setSuccess()}});return F.promise},register:function(){var B=h.createRegisterUrl();var C=a.open(B,"_blank","location=no");C.addEventListener("loadstart",function(D){if(D.url.indexOf("http://localhost")==0){C.close()}})},accountManagement:function(){var B=h.createAccountUrl();var C=a.open(B,"_blank","location=no");C.addEventListener("loadstart",function(D){if(D.url.indexOf("http://localhost")==0){C.close()}})},redirectUri:function(B){return"http://localhost"}}}throw"invalid adapter type: "+A}var m=function(){if(!(this instanceof m)){return new m()}localStorage.setItem("kc-test","test");localStorage.removeItem("kc-test");var A=this;function B(){var H=new Date().getTime();for(var E=0;E<localStorage.length;E++){var D=localStorage.key(E);if(D&&D.indexOf("kc-callback-")==0){var G=localStorage.getItem(D);if(G){try{var C=JSON.parse(G).expires;if(!C||C<H){localStorage.removeItem(D)}}catch(F){localStorage.removeItem(D)}}}}}A.get=function(E){if(!E){return}var C="kc-callback-"+E;var D=localStorage.getItem(C);if(D){localStorage.removeItem(C);D=JSON.parse(D)}B();return D};A.add=function(D){B();var C="kc-callback-"+D.state;D.expires=new Date().getTime()+(60*60*1000);localStorage.setItem(C,JSON.stringify(D))}};var i=function(){if(!(this instanceof i)){return new i()}var C=this;C.get=function(F){if(!F){return}var E=A("kc-callback-"+F);B("kc-callback-"+F,"",D(-100));if(E){return JSON.parse(E)}};C.add=function(E){B("kc-callback-"+E.state,JSON.stringify(E),D(60))};C.removeItem=function(E){B(E,"",D(-100))};var D=function(E){var F=new Date();F.setTime(F.getTime()+(E*60*1000));return F};var A=function(H){var F=H+"=";var E=document.cookie.split(";");for(var G=0;G<E.length;G++){var I=E[G];while(I.charAt(0)==" "){I=I.substring(1)}if(I.indexOf(F)==0){return I.substring(F.length,I.length)}}return""};var B=function(G,H,E){var F=G+"="+H+"; expires="+E.toUTCString()+"; ";document.cookie=F}};function q(){try{return new m()}catch(A){}return new i()}var k=function(A,D){if(!(this instanceof k)){return new k(A,D)}var F=this;var B=function(){var J=null;var K=null;var I=null;var G=A.indexOf("?");var H=A.indexOf("#",G+1);if(G==-1&&H==-1){J=A}else{if(G!=-1){J=A.substring(0,G);K=A.substring(G+1);if(H!=-1){H=K.indexOf("#");I=K.substring(H+1);K=K.substring(0,H)}}else{J=A.substring(0,H);I=A.substring(H+1)}}return{baseUri:J,queryString:K,fragmentString:I}};var C=function(M){var G={};var L=M.split("&");for(var H=0;H<L.length;H++){var J=L[H].split("=");var I=decodeURIComponent(J[0]);var K=decodeURIComponent(J[1]);G[I]=K}return G};var E=function(J,K,G){var I=["code","state","error","error_description"];for(var H=0;H<I.length;H++){if(J===I[H]){G[J]=K;return true}}return false};F.parseUri=function(){var K=B();var I={};if(K.queryString){I=C(K.queryString)}var G={newUrl:K.baseUri};for(var J in I){switch(J){case"redirect_fragment":G.fragment=I[J];break;default:if(D!="query"||!E(J,I[J],G)){G.newUrl+=(G.newUrl.indexOf("?")==-1?"?":"&")+J+"="+encodeURIComponent(I[J])}break}}if(D==="fragment"){var H={};if(K.fragmentString){H=C(K.fragmentString)}for(var J in H){G[J]=H[J]}}return G}}};if(typeof module==="object"&&module&&typeof module.exports==="object"){module.exports=b}else{a.Keycloak=b;if(typeof define==="function"&&define.amd){define("keycloak",[],function(){return b})}}})(window);
+(function(a,c){var b=function(A){if(!(this instanceof b)){return new b(A)}var h=this;var q;var v=[];var f;var w={enable:true,callbackList:[],interval:5};h.init=function(F){h.authenticated=false;f=r();if(F&&F.adapter==="cordova"){q=y("cordova")}else{if(F&&F.adapter==="default"){q=y()}else{if(a.Cordova){q=y("cordova")}else{q=y()}}}if(F){if(typeof F.checkLoginIframe!=="undefined"){w.enable=F.checkLoginIframe}if(F.checkLoginIframeInterval){w.interval=F.checkLoginIframeInterval}if(F.onLoad==="login-required"){h.loginRequired=true}if(F.responseMode){if(F.responseMode==="query"||F.responseMode==="fragment"){h.responseMode=F.responseMode}else{throw"Invalid value for responseMode"}}if(F.flow){switch(F.flow){case"standard":h.responseType="code";break;case"implicit":h.responseType="id_token token";break;case"hybrid":h.responseType="code id_token token";break;default:throw"Invalid value for flow"}h.flow=F.flow}if(F.timeSkew!=null){h.timeSkew=F.timeSkew}}if(!h.responseMode){h.responseMode="fragment"}if(!h.responseType){h.responseType="code";h.flow="standard"}var G=d();var C=d();C.promise.success(function(){h.onReady&&h.onReady(h.authenticated);G.setSuccess(h.authenticated)}).error(function(H){G.setError(H)});var E=k(A);function D(){var I=function(J){if(!J){H.prompt="none"}h.login(H).success(function(){C.setSuccess()}).error(function(){C.setError()})};var H={};switch(F.onLoad){case"check-sso":if(w.enable){z().success(function(){m().success(function(){I(false)}).error(function(){C.setSuccess()})})}else{I(false)}break;case"login-required":I(true);break;default:throw"Invalid value for onLoad"}}function B(){var H=g(a.location.href);if(H){z();a.history.replaceState({},null,H.newUrl);o(H,C);return}else{if(F){if(F.token&&F.refreshToken){u(F.token,F.refreshToken,F.idToken);if(w.enable){z().success(function(){m().success(function(){h.onAuthSuccess&&h.onAuthSuccess();C.setSuccess()}).error(function(){u(null,null,null);C.setSuccess()})})}else{h.updateToken(-1).success(function(){h.onAuthSuccess&&h.onAuthSuccess();C.setSuccess()}).error(function(){h.onAuthError&&h.onAuthError();if(F.onLoad){D()}else{C.setError()}})}}else{if(F.onLoad){D()}else{C.setSuccess()}}}else{C.setSuccess()}}}E.success(B);E.error(function(){G.setError()});return G.promise};h.login=function(B){return q.login(B)};h.createLoginUrl=function(D){var H=e();var F=e();var I=q.redirectUri(D);var B={state:H,nonce:F,redirectUri:encodeURIComponent(I),};if(D&&D.prompt){B.prompt=D.prompt}f.add(B);var G="auth";if(D&&D.action=="register"){G="registrations"}var E=(D&&D.scope)?"openid "+D.scope:"openid";var C=p()+"/protocol/openid-connect/"+G+"?client_id="+encodeURIComponent(h.clientId)+"&redirect_uri="+encodeURIComponent(I)+"&state="+encodeURIComponent(H)+"&nonce="+encodeURIComponent(F)+"&response_mode="+encodeURIComponent(h.responseMode)+"&response_type="+encodeURIComponent(h.responseType)+"&scope="+encodeURIComponent(E);if(D&&D.prompt){C+="&prompt="+encodeURIComponent(D.prompt)}if(D&&D.maxAge){C+="&max_age="+encodeURIComponent(D.maxAge)}if(D&&D.loginHint){C+="&login_hint="+encodeURIComponent(D.loginHint)}if(D&&D.idpHint){C+="&kc_idp_hint="+encodeURIComponent(D.idpHint)}if(D&&D.locale){C+="&ui_locales="+encodeURIComponent(D.locale)}return C};h.logout=function(B){return q.logout(B)};h.createLogoutUrl=function(C){var B=p()+"/protocol/openid-connect/logout?redirect_uri="+encodeURIComponent(q.redirectUri(C,false));return B};h.register=function(B){return q.register(B)};h.createRegisterUrl=function(B){if(!B){B={}}B.action="register";return h.createLoginUrl(B)};h.createAccountUrl=function(C){var B=p()+"/account?referrer="+encodeURIComponent(h.clientId)+"&referrer_uri="+encodeURIComponent(q.redirectUri(C));return B};h.accountManagement=function(){return q.accountManagement()};h.hasRealmRole=function(C){var B=h.realmAccess;return !!B&&B.roles.indexOf(C)>=0};h.hasResourceRole=function(D,C){if(!h.resourceAccess){return false}var B=h.resourceAccess[C||h.clientId];return !!B&&B.roles.indexOf(D)>=0};h.loadUserProfile=function(){var B=p()+"/account";var C=new XMLHttpRequest();C.open("GET",B,true);C.setRequestHeader("Accept","application/json");C.setRequestHeader("Authorization","bearer "+h.token);var D=d();C.onreadystatechange=function(){if(C.readyState==4){if(C.status==200){h.profile=JSON.parse(C.responseText);D.setSuccess(h.profile)}else{D.setError()}}};C.send();return D.promise};h.loadUserInfo=function(){var B=p()+"/protocol/openid-connect/userinfo";var C=new XMLHttpRequest();C.open("GET",B,true);C.setRequestHeader("Accept","application/json");C.setRequestHeader("Authorization","bearer "+h.token);var D=d();C.onreadystatechange=function(){if(C.readyState==4){if(C.status==200){h.userInfo=JSON.parse(C.responseText);D.setSuccess(h.userInfo)}else{D.setError()}}};C.send();return D.promise};h.isTokenExpired=function(B){if(!h.tokenParsed||(!h.refreshToken&&h.flow!="implicit")){throw"Not authenticated"}if(h.timeSkew==null){console.info("[KEYCLOAK] Unable to determine if token is expired as timeskew is not set");return true}var C=h.tokenParsed.exp-Math.ceil(new Date().getTime()/1000)+h.timeSkew;if(B){C-=B}return C<0};h.updateToken=function(B){var E=d();if(!h.refreshToken){E.setError();return E.promise}B=B||5;var C=function(){var H=false;if(B==-1){H=true;console.info("[KEYCLOAK] Refreshing token: forced refresh")}else{if(!h.tokenParsed||h.isTokenExpired(B)){H=true;console.info("[KEYCLOAK] Refreshing token: token expired")}}if(!H){E.setSuccess(false)}else{var J="grant_type=refresh_token&refresh_token="+h.refreshToken;var G=p()+"/protocol/openid-connect/token";v.push(E);if(v.length==1){var I=new XMLHttpRequest();I.open("POST",G,true);I.setRequestHeader("Content-type","application/x-www-form-urlencoded");I.withCredentials=true;if(h.clientId&&h.clientSecret){I.setRequestHeader("Authorization","Basic "+btoa(h.clientId+":"+h.clientSecret))}else{J+="&client_id="+encodeURIComponent(h.clientId)}var F=new Date().getTime();I.onreadystatechange=function(){if(I.readyState==4){if(I.status==200){console.info("[KEYCLOAK] Token refreshed");F=(F+new Date().getTime())/2;var L=JSON.parse(I.responseText);u(L.access_token,L.refresh_token,L.id_token,F);h.onAuthRefreshSuccess&&h.onAuthRefreshSuccess();for(var K=v.pop();K!=null;K=v.pop()){K.setSuccess(true)}}else{console.warn("[KEYCLOAK] Failed to refresh token");h.onAuthRefreshError&&h.onAuthRefreshError();for(var K=v.pop();K!=null;K=v.pop()){K.setError(true)}}}};I.send(J)}}};if(w.enable){var D=m();D.success(function(){C()}).error(function(){E.setError()})}else{C()}return E.promise};h.clearToken=function(){if(h.token){u(null,null,null);h.onAuthLogout&&h.onAuthLogout();if(h.loginRequired){h.login()}}};function p(){if(h.authServerUrl.charAt(h.authServerUrl.length-1)=="/"){return h.authServerUrl+"realms/"+encodeURIComponent(h.realm)}else{return h.authServerUrl+"/realms/"+encodeURIComponent(h.realm)}}function x(){if(!a.location.origin){return a.location.protocol+"//"+a.location.hostname+(a.location.port?":"+a.location.port:"")}else{return a.location.origin}}function o(I,L){var E=I.code;var J=I.error;var F=I.prompt;var D=new Date().getTime();if(J){if(F!="none"){var C={error:J,error_description:I.error_description};h.onAuthError&&h.onAuthError(C);L&&L.setError(C)}else{L&&L.setSuccess()}return}else{if((h.flow!="standard")&&(I.access_token||I.id_token)){H(I.access_token,null,I.id_token,true)}}if((h.flow!="implicit")&&E){var G="code="+E+"&grant_type=authorization_code";var B=p()+"/protocol/openid-connect/token";var K=new XMLHttpRequest();K.open("POST",B,true);K.setRequestHeader("Content-type","application/x-www-form-urlencoded");if(h.clientId&&h.clientSecret){K.setRequestHeader("Authorization","Basic "+btoa(h.clientId+":"+h.clientSecret))}else{G+="&client_id="+encodeURIComponent(h.clientId)}G+="&redirect_uri="+I.redirectUri;K.withCredentials=true;K.onreadystatechange=function(){if(K.readyState==4){if(K.status==200){var M=JSON.parse(K.responseText);H(M.access_token,M.refresh_token,M.id_token,h.flow==="standard")}else{h.onAuthError&&h.onAuthError();L&&L.setError()}}};K.send(G)}function H(M,N,P,O){D=(D+new Date().getTime())/2;u(M,N,P,D);if((h.tokenParsed&&h.tokenParsed.nonce!=I.storedNonce)||(h.refreshTokenParsed&&h.refreshTokenParsed.nonce!=I.storedNonce)||(h.idTokenParsed&&h.idTokenParsed.nonce!=I.storedNonce)){console.info("[KEYCLOAK] Invalid nonce, clearing token");h.clearToken();L&&L.setError()}else{if(O){h.onAuthSuccess&&h.onAuthSuccess();L&&L.setSuccess()}}}}function k(D){var G=d();var C;if(!A){C="keycloak.json"}else{if(typeof A==="string"){C=A}}if(C){var F=new XMLHttpRequest();F.open("GET",C,true);F.setRequestHeader("Accept","application/json");F.onreadystatechange=function(){if(F.readyState==4){if(F.status==200||i(F)){var H=JSON.parse(F.responseText);h.authServerUrl=H["auth-server-url"];h.realm=H.realm;h.clientId=H.resource;h.clientSecret=(H.credentials||{})["secret"];G.setSuccess()}else{G.setError()}}};F.send()}else{if(!A.url){var B=document.getElementsByTagName("script");for(var E=0;E<B.length;E++){if(B[E].src.match(/.*keycloak\.js/)){A.url=B[E].src.substr(0,B[E].src.indexOf("/js/keycloak.js"));break}}}if(!A.realm){throw"realm missing"}if(!A.clientId){throw"clientId missing"}h.authServerUrl=A.url;h.realm=A.realm;h.clientId=A.clientId;h.clientSecret=(A.credentials||{}).secret;G.setSuccess()}return G.promise}function i(B){return B.status==0&&B.responseText&&B.responseURL.startsWith("file:")}function u(E,D,F,C){if(h.tokenTimeoutHandle){clearTimeout(h.tokenTimeoutHandle);h.tokenTimeoutHandle=null}if(D){h.refreshToken=D;h.refreshTokenParsed=s(D)}else{delete h.refreshToken;delete h.refreshTokenParsed}if(F){h.idToken=F;h.idTokenParsed=s(F)}else{delete h.idToken;delete h.idTokenParsed}if(E){h.token=E;h.tokenParsed=s(E);h.sessionId=h.tokenParsed.session_state;h.authenticated=true;h.subject=h.tokenParsed.sub;h.realmAccess=h.tokenParsed.realm_access;h.resourceAccess=h.tokenParsed.resource_access;if(C){h.timeSkew=Math.floor(C/1000)-h.tokenParsed.iat}if(h.timeSkew!=null){console.info("[KEYCLOAK] Estimated time difference between browser and server is "+h.timeSkew+" seconds");if(h.onTokenExpired){var B=(h.tokenParsed.exp-(new Date().getTime()/1000)+h.timeSkew)*1000;console.info("[KEYCLOAK] Token expires in "+Math.round(B/1000)+" s");if(B<=0){h.onTokenExpired()}else{h.tokenTimeoutHandle=setTimeout(h.onTokenExpired,B)}}}}else{delete h.token;delete h.tokenParsed;delete h.subject;delete h.realmAccess;delete h.resourceAccess;h.authenticated=false}}function s(B){B=B.split(".")[1];B=B.replace("/-/g","+");B=B.replace("/_/g","/");switch(B.length%4){case 0:break;case 2:B+="==";break;case 3:B+="=";break;default:throw"Invalid token"}B=(B+"===").slice(0,B.length+(B.length%4));B=B.replace(/-/g,"+").replace(/_/g,"/");B=decodeURIComponent(escape(atob(B)));B=JSON.parse(B);return B}function e(){var E=[];var B="0123456789abcdef";for(var C=0;C<36;C++){E[C]=B.substr(Math.floor(Math.random()*16),1)}E[14]="4";E[19]=B.substr((E[19]&3)|8,1);E[8]=E[13]=E[18]=E[23]="-";var D=E.join("");return D}h.callback_id=0;function t(){var B="<id: "+(h.callback_id++)+(Math.random())+">";return B}function g(C){var B=new l(C,h.responseMode).parseUri();var D=f.get(B.state);if(D&&(B.code||B.error||B.access_token||B.id_token)){B.redirectUri=D.redirectUri;B.storedNonce=D.nonce;B.prompt=D.prompt;if(B.fragment){B.newUrl+="#"+B.fragment}return B}}function d(){var B={setSuccess:function(C){B.success=true;B.result=C;if(B.successCallback){B.successCallback(C)}},setError:function(C){B.error=true;B.result=C;if(B.errorCallback){B.errorCallback(C)}},promise:{success:function(C){if(B.success){C(B.result)}else{if(!B.error){B.successCallback=C}}return B.promise},error:function(C){if(B.error){C(B.result)}else{if(!B.success){B.errorCallback=C}}return B.promise}}};return B}function z(){var F=d();if(!w.enable){F.setSuccess();return F.promise}if(w.iframe){F.setSuccess();return F.promise}var D=document.createElement("iframe");w.iframe=D;D.onload=function(){var G=p();if(G.charAt(0)==="/"){w.iframeOrigin=x()}else{w.iframeOrigin=G.substring(0,G.indexOf("/",8))}F.setSuccess();setTimeout(B,w.interval*1000)};var E=p()+"/protocol/openid-connect/login-status-iframe.html";D.setAttribute("src",E);D.style.display="none";document.body.appendChild(D);var C=function(I){if((I.origin!==w.iframeOrigin)||(w.iframe.contentWindow!==I.source)){return}if(!(I.data=="unchanged"||I.data=="changed"||I.data=="error")){return}if(I.data!="unchanged"){h.clearToken()}var H=w.callbackList.splice(0,w.callbackList.length);for(var G=H.length-1;G>=0;--G){var J=H[G];if(I.data=="unchanged"){J.setSuccess()}else{J.setError()}}};a.addEventListener("message",C,false);var B=function(){m();if(h.token){setTimeout(B,w.interval*1000)}};return F.promise}function m(){var D=d();if(w.iframe&&w.iframeOrigin){var C=h.clientId+" "+h.sessionId;w.callbackList.push(D);var B=w.iframeOrigin;if(w.callbackList.length==1){w.iframe.contentWindow.postMessage(C,B)}}else{D.setSuccess()}return D.promise}function y(B){if(!B||B=="default"){return{login:function(C){a.location.href=h.createLoginUrl(C);return d().promise},logout:function(C){a.location.href=h.createLogoutUrl(C);return d().promise},register:function(C){a.location.href=h.createRegisterUrl(C);return d().promise},accountManagement:function(){a.location.href=h.createAccountUrl();return d().promise},redirectUri:function(C,D){if(arguments.length==1){D=true}if(C&&C.redirectUri){return C.redirectUri}else{if(h.redirectUri){return h.redirectUri}else{var E=location.href;if(location.hash&&D){E=E.substring(0,location.href.indexOf("#"));E+=(E.indexOf("?")==-1?"?":"&")+"redirect_fragment="+encodeURIComponent(location.hash.substring(1))}return E}}}}}if(B=="cordova"){w.enable=false;return{login:function(C){var H=d();var G="location=no";if(C&&C.prompt=="none"){G+=",hidden=yes"}var F=h.createLoginUrl(C);var E=a.open(F,"_blank",G);var D=false;E.addEventListener("loadstart",function(I){if(I.url.indexOf("http://localhost")==0){var J=g(I.url);o(J,H);E.close();D=true}});E.addEventListener("loaderror",function(I){if(!D){if(I.url.indexOf("http://localhost")==0){var J=g(I.url);o(J,H);E.close();D=true}else{H.setError();E.close()}}});return H.promise},logout:function(E){var G=d();var C=h.createLogoutUrl(E);var F=a.open(C,"_blank","location=no,hidden=yes");var D;F.addEventListener("loadstart",function(H){if(H.url.indexOf("http://localhost")==0){F.close()}});F.addEventListener("loaderror",function(H){if(H.url.indexOf("http://localhost")==0){F.close()}else{D=true;F.close()}});F.addEventListener("exit",function(H){if(D){G.setError()}else{h.clearToken();G.setSuccess()}});return G.promise},register:function(){var C=h.createRegisterUrl();var D=a.open(C,"_blank","location=no");D.addEventListener("loadstart",function(E){if(E.url.indexOf("http://localhost")==0){D.close()}})},accountManagement:function(){var C=h.createAccountUrl();var D=a.open(C,"_blank","location=no");D.addEventListener("loadstart",function(E){if(E.url.indexOf("http://localhost")==0){D.close()}})},redirectUri:function(C){return"http://localhost"}}}throw"invalid adapter type: "+B}var n=function(){if(!(this instanceof n)){return new n()}localStorage.setItem("kc-test","test");localStorage.removeItem("kc-test");var B=this;function C(){var I=new Date().getTime();for(var F=0;F<localStorage.length;F++){var E=localStorage.key(F);if(E&&E.indexOf("kc-callback-")==0){var H=localStorage.getItem(E);if(H){try{var D=JSON.parse(H).expires;if(!D||D<I){localStorage.removeItem(E)}}catch(G){localStorage.removeItem(E)}}}}}B.get=function(F){if(!F){return}var D="kc-callback-"+F;var E=localStorage.getItem(D);if(E){localStorage.removeItem(D);E=JSON.parse(E)}C();return E};B.add=function(E){C();var D="kc-callback-"+E.state;E.expires=new Date().getTime()+(60*60*1000);localStorage.setItem(D,JSON.stringify(E))}};var j=function(){if(!(this instanceof j)){return new j()}var D=this;D.get=function(G){if(!G){return}var F=B("kc-callback-"+G);C("kc-callback-"+G,"",E(-100));if(F){return JSON.parse(F)}};D.add=function(F){C("kc-callback-"+F.state,JSON.stringify(F),E(60))};D.removeItem=function(F){C(F,"",E(-100))};var E=function(F){var G=new Date();G.setTime(G.getTime()+(F*60*1000));return G};var B=function(I){var G=I+"=";var F=document.cookie.split(";");for(var H=0;H<F.length;H++){var J=F[H];while(J.charAt(0)==" "){J=J.substring(1)}if(J.indexOf(G)==0){return J.substring(G.length,J.length)}}return""};var C=function(H,I,F){var G=H+"="+I+"; expires="+F.toUTCString()+"; ";document.cookie=G}};function r(){try{return new n()}catch(B){}return new j()}var l=function(B,E){if(!(this instanceof l)){return new l(B,E)}var G=this;var C=function(){var K=null;var L=null;var J=null;var H=B.indexOf("?");var I=B.indexOf("#",H+1);if(H==-1&&I==-1){K=B}else{if(H!=-1){K=B.substring(0,H);L=B.substring(H+1);if(I!=-1){I=L.indexOf("#");J=L.substring(I+1);L=L.substring(0,I)}}else{K=B.substring(0,I);J=B.substring(I+1)}}return{baseUri:K,queryString:L,fragmentString:J}};var D=function(N){var H={};var M=N.split("&");for(var I=0;I<M.length;I++){var K=M[I].split("=");var J=decodeURIComponent(K[0]);var L=decodeURIComponent(K[1]);H[J]=L}return H};var F=function(K,L,H){var J=["code","state","error","error_description"];for(var I=0;I<J.length;I++){if(K===J[I]){H[K]=L;return true}}return false};G.parseUri=function(){var L=C();var J={};if(L.queryString){J=D(L.queryString)}var H={newUrl:L.baseUri};for(var K in J){switch(K){case"redirect_fragment":H.fragment=J[K];break;default:if(E!="query"||!F(K,J[K],H)){H.newUrl+=(H.newUrl.indexOf("?")==-1?"?":"&")+K+"="+encodeURIComponent(J[K])}break}}if(E==="fragment"){var I={};if(L.fragmentString){I=D(L.fragmentString)}for(var K in I){H[K]=I[K]}}return H}}};if(typeof module==="object"&&module&&typeof module.exports==="object"){module.exports=b}else{a.Keycloak=b;if(typeof define==="function"&&define.amd){define("keycloak",[],function(){return b})}}})(window);

package.json

 {
   "name": "keycloak-js",
-  "version": "3.1.0",
+  "version": "3.2.0-cr.1",
   "description": "Keycloak Adapter",
@@ -5,0 +5,0 @@ "main": "dist/keycloak.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

101914

increased by13.73%

Number of package files

11

increased by10%

Lines of code

1671

increased by28.24%

Worsened metrics

Number of low quality alerts

3

increased by50%

No dependency changes