oidc-client-ts - npm Package Compare versions

Comparing version 2.0.4 to 2.0.5

dist/browser/oidc-client-ts.min.js

@@ -1,2 +0,2 @@
-var oidc=(()=>{var Ze=Object.create;var ae=Object.defineProperty;var et=Object.getOwnPropertyDescriptor;var tt=Object.getOwnPropertyNames;var rt=Object.getPrototypeOf,it=Object.prototype.hasOwnProperty;var Oe=(c=>typeof require!="undefined"?require:typeof Proxy!="undefined"?new Proxy(c,{get:(e,t)=>(typeof require!="undefined"?require:e)[t]}):c)(function(c){if(typeof require!="undefined")return require.apply(this,arguments);throw new Error('Dynamic require of "'+c+'" is not supported')});var re=(c,e)=>()=>(e||c((e={exports:{}}).exports,e),e.exports),st=(c,e)=>{for(var t in e)ae(c,t,{get:e[t],enumerable:!0})},Me=(c,e,t,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of tt(e))!it.call(c,i)&&i!==t&&ae(c,i,{get:()=>e[i],enumerable:!(r=et(e,i))||r.enumerable});return c};var ce=(c,e,t)=>(t=c!=null?Ze(rt(c)):{},Me(e||!c||!c.__esModule?ae(t,"default",{value:c,enumerable:!0}):t,c)),nt=c=>Me(ae({},"__esModule",{value:!0}),c);var qe=re(()=>{});var ie=re((le,Ne)=>{(function(c,e){typeof le=="object"?Ne.exports=le=e():typeof define=="function"&&define.amd?define([],e):c.CryptoJS=e()})(le,function(){var c=c||function(e,t){var r;if(typeof window<"u"&&window.crypto&&(r=window.crypto),typeof self<"u"&&self.crypto&&(r=self.crypto),typeof globalThis<"u"&&globalThis.crypto&&(r=globalThis.crypto),!r&&typeof window<"u"&&window.msCrypto&&(r=window.msCrypto),!r&&typeof global<"u"&&global.crypto&&(r=global.crypto),!r&&typeof Oe=="function")try{r=qe()}catch{}var i=function(){if(r){if(typeof r.getRandomValues=="function")try{return r.getRandomValues(new Uint32Array(1))[0]}catch{}if(typeof r.randomBytes=="function")try{return r.randomBytes(4).readInt32LE()}catch{}}throw new Error("Native crypto module could not be used to get secure random number.")},s=Object.create||function(){function a(){}return function(g){var w;return a.prototype=g,w=new a,a.prototype=null,w}}(),o={},n=o.lib={},l=n.Base=function(){return{extend:function(a){var g=s(this);return a&&g.mixIn(a),(!g.hasOwnProperty("init")||this.init===g.init)&&(g.init=function(){g.$super.init.apply(this,arguments)}),g.init.prototype=g,g.$super=this,g},create:function(){var a=this.extend();return a.init.apply(a,arguments),a},init:function(){},mixIn:function(a){for(var g in a)a.hasOwnProperty(g)&&(this[g]=a[g]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}}}(),u=n.WordArray=l.extend({init:function(a,g){a=this.words=a||[],g!=t?this.sigBytes=g:this.sigBytes=a.length*4},toString:function(a){return(a||h).stringify(this)},concat:function(a){var g=this.words,w=a.words,b=this.sigBytes,v=a.sigBytes;if(this.clamp(),b%4)for(var S=0;S<v;S++){var R=w[S>>>2]>>>24-S%4*8&255;g[b+S>>>2]|=R<<24-(b+S)%4*8}else for(var P=0;P<v;P+=4)g[b+P>>>2]=w[P>>>2];return this.sigBytes+=v,this},clamp:function(){var a=this.words,g=this.sigBytes;a[g>>>2]&=4294967295<<32-g%4*8,a.length=e.ceil(g/4)},clone:function(){var a=l.clone.call(this);return a.words=this.words.slice(0),a},random:function(a){for(var g=[],w=0;w<a;w+=4)g.push(i());return new u.init(g,a)}}),f=o.enc={},h=f.Hex={stringify:function(a){for(var g=a.words,w=a.sigBytes,b=[],v=0;v<w;v++){var S=g[v>>>2]>>>24-v%4*8&255;b.push((S>>>4).toString(16)),b.push((S&15).toString(16))}return b.join("")},parse:function(a){for(var g=a.length,w=[],b=0;b<g;b+=2)w[b>>>3]|=parseInt(a.substr(b,2),16)<<24-b%8*4;return new u.init(w,g/2)}},p=f.Latin1={stringify:function(a){for(var g=a.words,w=a.sigBytes,b=[],v=0;v<w;v++){var S=g[v>>>2]>>>24-v%4*8&255;b.push(String.fromCharCode(S))}return b.join("")},parse:function(a){for(var g=a.length,w=[],b=0;b<g;b++)w[b>>>2]|=(a.charCodeAt(b)&255)<<24-b%4*8;return new u.init(w,g)}},m=f.Utf8={stringify:function(a){try{return decodeURIComponent(escape(p.stringify(a)))}catch{throw new Error("Malformed UTF-8 data")}},parse:function(a){return p.parse(unescape(encodeURIComponent(a)))}},_=n.BufferedBlockAlgorithm=l.extend({reset:function(){this._data=new u.init,this._nDataBytes=0},_append:function(a){typeof a=="string"&&(a=m.parse(a)),this._data.concat(a),this._nDataBytes+=a.sigBytes},_process:function(a){var g,w=this._data,b=w.words,v=w.sigBytes,S=this.blockSize,R=S*4,P=v/R;a?P=e.ceil(P):P=e.max((P|0)-this._minBufferSize,0);var T=P*S,F=e.min(T*4,v);if(T){for(var B=0;B<T;B+=S)this._doProcessBlock(b,B);g=b.splice(0,T),w.sigBytes-=F}return new u.init(g,F)},clone:function(){var a=l.clone.call(this);return a._data=this._data.clone(),a},_minBufferSize:0}),k=n.Hasher=_.extend({cfg:l.extend(),init:function(a){this.cfg=this.cfg.extend(a),this.reset()},reset:function(){_.reset.call(this),this._doReset()},update:function(a){return this._append(a),this._process(),this},finalize:function(a){a&&this._append(a);var g=this._doFinalize();return g},blockSize:512/32,_createHelper:function(a){return function(g,w){return new a.init(w).finalize(g)}},_createHmacHelper:function(a){return function(g,w){return new y.HMAC.init(a,w).finalize(g)}}}),y=o.algo={};return o}(Math);return c})});var Le=re((de,We)=>{(function(c,e){typeof de=="object"?We.exports=de=e(ie()):typeof define=="function"&&define.amd?define(["./core"],e):e(c.CryptoJS)})(de,function(c){return function(e){var t=c,r=t.lib,i=r.WordArray,s=r.Hasher,o=t.algo,n=[],l=[];(function(){function h(k){for(var y=e.sqrt(k),a=2;a<=y;a++)if(!(k%a))return!1;return!0}function p(k){return(k-(k|0))*4294967296|0}for(var m=2,_=0;_<64;)h(m)&&(_<8&&(n[_]=p(e.pow(m,1/2))),l[_]=p(e.pow(m,1/3)),_++),m++})();var u=[],f=o.SHA256=s.extend({_doReset:function(){this._hash=new i.init(n.slice(0))},_doProcessBlock:function(h,p){for(var m=this._hash.words,_=m[0],k=m[1],y=m[2],a=m[3],g=m[4],w=m[5],b=m[6],v=m[7],S=0;S<64;S++){if(S<16)u[S]=h[p+S]|0;else{var R=u[S-15],P=(R<<25|R>>>7)^(R<<14|R>>>18)^R>>>3,T=u[S-2],F=(T<<15|T>>>17)^(T<<13|T>>>19)^T>>>10;u[S]=P+u[S-7]+F+u[S-16]}var B=g&w^~g&b,xe=_&k^_&y^k&y,Pe=(_<<30|_>>>2)^(_<<19|_>>>13)^(_<<10|_>>>22),Ye=(g<<26|g>>>6)^(g<<21|g>>>11)^(g<<7|g>>>25),Ae=v+Ye+B+l[S]+u[S],Xe=Pe+xe;v=b,b=w,w=g,g=a+Ae|0,a=y,y=k,k=_,_=Ae+Xe|0}m[0]=m[0]+_|0,m[1]=m[1]+k|0,m[2]=m[2]+y|0,m[3]=m[3]+a|0,m[4]=m[4]+g|0,m[5]=m[5]+w|0,m[6]=m[6]+b|0,m[7]=m[7]+v|0},_doFinalize:function(){var h=this._data,p=h.words,m=this._nDataBytes*8,_=h.sigBytes*8;return p[_>>>5]|=128<<24-_%32,p[(_+64>>>9<<4)+14]=e.floor(m/4294967296),p[(_+64>>>9<<4)+15]=m,h.sigBytes=p.length*4,this._process(),this._hash},clone:function(){var h=s.clone.call(this);return h._hash=this._hash.clone(),h}});t.SHA256=s._createHelper(f),t.HmacSHA256=s._createHmacHelper(f)}(Math),c.SHA256})});var He=re((ge,je)=>{(function(c,e){typeof ge=="object"?je.exports=ge=e(ie()):typeof define=="function"&&define.amd?define(["./core"],e):e(c.CryptoJS)})(ge,function(c){return function(){var e=c,t=e.lib,r=t.WordArray,i=e.enc,s=i.Base64={stringify:function(n){var l=n.words,u=n.sigBytes,f=this._map;n.clamp();for(var h=[],p=0;p<u;p+=3)for(var m=l[p>>>2]>>>24-p%4*8&255,_=l[p+1>>>2]>>>24-(p+1)%4*8&255,k=l[p+2>>>2]>>>24-(p+2)%4*8&255,y=m<<16|_<<8|k,a=0;a<4&&p+a*.75<u;a++)h.push(f.charAt(y>>>6*(3-a)&63));var g=f.charAt(64);if(g)for(;h.length%4;)h.push(g);return h.join("")},parse:function(n){var l=n.length,u=this._map,f=this._reverseMap;if(!f){f=this._reverseMap=[];for(var h=0;h<u.length;h++)f[u.charCodeAt(h)]=h}var p=u.charAt(64);if(p){var m=n.indexOf(p);m!==-1&&(l=m)}return o(n,l,f)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="};function o(n,l,u){for(var f=[],h=0,p=0;p<l;p++)if(p%4){var m=u[n.charCodeAt(p-1)]<<p%4*2,_=u[n.charCodeAt(p)]>>>6-p%4*2,k=m|_;f[h>>>2]|=k<<24-h%4*8,h++}return r.create(f,h)}}(),c.enc.Base64})});var Be=re((ue,Fe)=>{(function(c,e){typeof ue=="object"?Fe.exports=ue=e(ie()):typeof define=="function"&&define.amd?define(["./core"],e):e(c.CryptoJS)})(ue,function(c){return c.enc.Utf8})});var vt={};st(vt,{AccessTokenEvents:()=>Q,CheckSessionIFrame:()=>V,ErrorResponse:()=>C,ErrorTimeout:()=>M,InMemoryWebStorage:()=>W,Log:()=>J,Logger:()=>d,MetadataService:()=>G,OidcClient:()=>ne,OidcClientSettingsStore:()=>H,SessionMonitor:()=>Z,SigninResponse:()=>$,SigninState:()=>q,SignoutResponse:()=>X,State:()=>U,User:()=>N,UserManager:()=>Te,UserManagerSettingsStore:()=>te,Version:()=>Ge,WebStorageStateStore:()=>j});var Je=ce(ie()),De=ce(Le()),Re=ce(He()),Ke=ce(Be());var ot={debug:()=>{},info:()=>{},warn:()=>{},error:()=>{}},A,O,J=(s=>(s[s.NONE=0]="NONE",s[s.ERROR=1]="ERROR",s[s.WARN=2]="WARN",s[s.INFO=3]="INFO",s[s.DEBUG=4]="DEBUG",s))(J||{});(r=>{function c(){A=3,O=ot}r.reset=c;function e(i){if(!(0<=i&&i<=4))throw new Error("Invalid log level");A=i}r.setLevel=e;function t(i){O=i}r.setLogger=t})(J||(J={}));var d=class{constructor(e){this._name=e}debug(...e){A>=4&&O.debug(d._format(this._name,this._method),...e)}info(...e){A>=3&&O.info(d._format(this._name,this._method),...e)}warn(...e){A>=2&&O.warn(d._format(this._name,this._method),...e)}error(...e){A>=1&&O.error(d._format(this._name,this._method),...e)}throw(e){throw this.error(e),e}create(e){let t=Object.create(this);return t._method=e,t.debug("begin"),t}static createStatic(e,t){let r=new d(`${e}.${t}`);return r.debug("begin"),r}static _format(e,t){let r=`[${e}]`;return t?`${r} ${t}:`:r}static debug(e,...t){A>=4&&O.debug(d._format(e),...t)}static info(e,...t){A>=3&&O.info(d._format(e),...t)}static warn(e,...t){A>=2&&O.warn(d._format(e),...t)}static error(e,...t){A>=1&&O.error(d._format(e),...t)}};J.reset();var at="10000000-1000-4000-8000-100000000000",I=class{static _randomWord(){return Je.default.lib.WordArray.random(1).words[0]}static generateUUIDv4(){return at.replace(/[018]/g,t=>(+t^I._randomWord()&15>>+t/4).toString(16)).replace(/-/g,"")}static generateCodeVerifier(){return I.generateUUIDv4()+I.generateUUIDv4()+I.generateUUIDv4()}static generateCodeChallenge(e){try{let t=(0,De.default)(e);return Re.default.stringify(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}catch(t){throw d.error("CryptoUtils.generateCodeChallenge",t),t}}static generateBasicAuth(e,t){let r=Ke.default.parse([e,t].join(":"));return Re.default.stringify(r)}};var E=class{constructor(e){this._name=e;this._logger=new d(`Event('${this._name}')`);this._callbacks=[]}addHandler(e){return this._callbacks.push(e),()=>this.removeHandler(e)}removeHandler(e){let t=this._callbacks.lastIndexOf(e);t>=0&&this._callbacks.splice(t,1)}raise(...e){this._logger.debug("raise:",...e);for(let t of this._callbacks)t(...e)}};function Ie(c){this.message=c}Ie.prototype=new Error,Ie.prototype.name="InvalidCharacterError";var $e=typeof window<"u"&&window.atob&&window.atob.bind(window)||function(c){var e=String(c).replace(/=+$/,"");if(e.length%4==1)throw new Ie("'atob' failed: The string to be decoded is not correctly encoded.");for(var t,r,i=0,s=0,o="";r=e.charAt(s++);~r&&(t=i%4?64*t+r:r,i++%4)?o+=String.fromCharCode(255&t>>(-2*i&6)):0)r="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(r);return o};function ct(c){var e=c.replace(/-/g,"+").replace(/_/g,"/");switch(e.length%4){case 0:break;case 2:e+="==";break;case 3:e+="=";break;default:throw"Illegal base64url string!"}try{return function(t){return decodeURIComponent($e(t).replace(/(.)/g,function(r,i){var s=i.charCodeAt(0).toString(16).toUpperCase();return s.length<2&&(s="0"+s),"%"+s}))}(e)}catch{return $e(e)}}function pe(c){this.message=c}function lt(c,e){if(typeof c!="string")throw new pe("Invalid token specified");var t=(e=e||{}).header===!0?0:1;try{return JSON.parse(ct(c.split(".")[t]))}catch(r){throw new pe("Invalid token specified: "+r.message)}}pe.prototype=new Error,pe.prototype.name="InvalidTokenError";var ze=lt;var D=class{static decode(e){try{return ze(e)}catch(t){throw d.error("JwtUtils.decode",t),t}}};var se=class{static center({...e}){var t,r,i;return e.width==null&&(e.width=(t=[800,720,600,480].find(s=>s<=window.outerWidth/1.618))!=null?t:360),(r=e.left)!=null||(e.left=Math.max(0,Math.round(window.screenX+(window.outerWidth-e.width)/2))),e.height!=null&&((i=e.top)!=null||(e.top=Math.max(0,Math.round(window.screenY+(window.outerHeight-e.height)/2)))),e}static serialize(e){return Object.entries(e).filter(([,t])=>t!=null).map(([t,r])=>`${t}=${typeof r!="boolean"?r:r?"yes":"no"}`).join(",")}};var x=class extends E{constructor(){super(...arguments);this._logger=new d(`Timer('${this._name}')`);this._timerHandle=null;this._expiration=0;this._callback=()=>{let t=this._expiration-x.getEpochTime();this._logger.debug("timer completes in",t),this._expiration<=x.getEpochTime()&&(this.cancel(),super.raise())}}static getEpochTime(){return Math.floor(Date.now()/1e3)}init(t){let r=this._logger.create("init");t=Math.max(Math.floor(t),1);let i=x.getEpochTime()+t;if(this.expiration===i&&this._timerHandle){r.debug("skipping since already initialized for expiration at",this.expiration);return}this.cancel(),r.debug("using duration",t),this._expiration=i;let s=Math.min(t,5);this._timerHandle=setInterval(this._callback,s*1e3)}get expiration(){return this._expiration}cancel(){this._logger.create("cancel"),this._timerHandle&&(clearInterval(this._timerHandle),this._timerHandle=null)}};var K=class{static readParams(e,t="query"){let i=new URL(e)[t==="fragment"?"hash":"search"];return new URLSearchParams(i.slice(1))}};var C=class extends Error{constructor(t,r){var i,s,o;super(t.error_description||t.error||"");this.form=r;this.name="ErrorResponse";if(!t.error)throw d.error("ErrorResponse","No error passed"),new Error("No error passed");this.error=t.error,this.error_description=(i=t.error_description)!=null?i:null,this.error_uri=(s=t.error_uri)!=null?s:null,this.state=t.userState,this.session_state=(o=t.session_state)!=null?o:null}};var M=class extends Error{constructor(t){super(t);this.name="ErrorTimeout"}};var Q=class{constructor(e){this._logger=new d("AccessTokenEvents");this._expiringTimer=new x("Access token expiring");this._expiredTimer=new x("Access token expired");this._expiringNotificationTimeInSeconds=e.expiringNotificationTimeInSeconds}load(e){let t=this._logger.create("load");if(e.access_token&&e.expires_in!==void 0){let r=e.expires_in;if(t.debug("access token present, remaining duration:",r),r>0){let s=r-this._expiringNotificationTimeInSeconds;s<=0&&(s=1),t.debug("registering expiring timer, raising in",s,"seconds"),this._expiringTimer.init(s)}else t.debug("canceling existing expiring timer because we're past expiration."),this._expiringTimer.cancel();let i=r+1;t.debug("registering expired timer, raising in",i,"seconds"),this._expiredTimer.init(i)}else this._expiringTimer.cancel(),this._expiredTimer.cancel()}unload(){this._logger.debug("unload: canceling existing access token timers"),this._expiringTimer.cancel(),this._expiredTimer.cancel()}addAccessTokenExpiring(e){return this._expiringTimer.addHandler(e)}removeAccessTokenExpiring(e){this._expiringTimer.removeHandler(e)}addAccessTokenExpired(e){return this._expiredTimer.addHandler(e)}removeAccessTokenExpired(e){this._expiredTimer.removeHandler(e)}};var V=class{constructor(e,t,r,i,s){this._callback=e;this._client_id=t;this._intervalInSeconds=i;this._stopOnError=s;this._logger=new d("CheckSessionIFrame");this._timer=null;this._session_state=null;this._message=e=>{e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(this._logger.error("error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(this._logger.debug("changed message from check session op iframe"),this.stop(),this._callback()):this._logger.debug(e.data+" message from check session op iframe"))};let o=new URL(r);this._frame_origin=o.origin,this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="fixed",this._frame.style.left="-1000px",this._frame.style.top="0",this._frame.width="0",this._frame.height="0",this._frame.src=o.href}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),window.addEventListener("message",this._message,!1)})}start(e){if(this._session_state===e)return;this._logger.create("start"),this.stop(),this._session_state=e;let t=()=>{!this._frame.contentWindow||!this._session_state||this._frame.contentWindow.postMessage(this._client_id+" "+this._session_state,this._frame_origin)};t(),this._timer=setInterval(t,this._intervalInSeconds*1e3)}stop(){this._logger.create("stop"),this._session_state=null,this._timer&&(clearInterval(this._timer),this._timer=null)}};var W=class{constructor(){this._logger=new d("InMemoryWebStorage");this._data={}}clear(){this._logger.create("clear"),this._data={}}getItem(e){return this._logger.create(`getItem('${e}')`),this._data[e]}setItem(e,t){this._logger.create(`setItem('${e}')`),this._data[e]=t}removeItem(e){this._logger.create(`removeItem('${e}')`),delete this._data[e]}get length(){return Object.getOwnPropertyNames(this._data).length}key(e){return Object.getOwnPropertyNames(this._data)[e]}};var L=class{constructor(e=[],t=null){this._jwtHandler=t;this._logger=new d("JsonService");this._contentTypes=[];this._contentTypes.push(...e,"application/json"),t&&this._contentTypes.push("application/jwt")}async fetchWithTimeout(e,t={}){let{timeoutInSeconds:r,...i}=t;if(!r)return await fetch(e,i);let s=new AbortController,o=setTimeout(()=>s.abort(),r*1e3);try{return await fetch(e,{...t,signal:s.signal})}catch(n){throw n instanceof DOMException&&n.name==="AbortError"?new M("Network timed out"):n}finally{clearTimeout(o)}}async getJson(e,{token:t}={}){let r=this._logger.create("getJson"),i={Accept:this._contentTypes.join(", ")};t&&(r.debug("token passed, setting Authorization header"),i.Authorization="Bearer "+t);let s;try{r.debug("url:",e),s=await this.fetchWithTimeout(e,{method:"GET",headers:i})}catch(l){throw r.error("Network Error"),l}r.debug("HTTP response received, status",s.status);let o=s.headers.get("Content-Type");if(o&&!this._contentTypes.find(l=>o.startsWith(l))&&r.throw(new Error(`Invalid response Content-Type: ${o!=null?o:"undefined"}, from URL: ${e}`)),s.ok&&this._jwtHandler&&(o==null?void 0:o.startsWith("application/jwt")))return await this._jwtHandler(await s.text());let n;try{n=await s.json()}catch(l){throw r.error("Error parsing JSON response",l),s.ok?l:new Error(`${s.statusText} (${s.status})`)}if(!s.ok)throw r.error("Error from server:",n),n.error?new C(n):new Error(`${s.statusText} (${s.status}): ${JSON.stringify(n)}`);return n}async postForm(e,{body:t,basicAuth:r,timeoutInSeconds:i}){let s=this._logger.create("postForm"),o={Accept:this._contentTypes.join(", "),"Content-Type":"application/x-www-form-urlencoded"};r!==void 0&&(o.Authorization="Basic "+r);let n;try{s.debug("url:",e),n=await this.fetchWithTimeout(e,{method:"POST",headers:o,body:t,timeoutInSeconds:i})}catch(h){throw s.error("Network error"),h}s.debug("HTTP response received, status",n.status);let l=n.headers.get("Content-Type");if(l&&!this._contentTypes.find(h=>l.startsWith(h)))throw new Error(`Invalid response Content-Type: ${l!=null?l:"undefined"}, from URL: ${e}`);let u=await n.text(),f={};if(u)try{f=JSON.parse(u)}catch(h){throw s.error("Error parsing JSON response",h),n.ok?h:new Error(`${n.statusText} (${n.status})`)}if(!n.ok)throw s.error("Error from server:",f),f.error?new C(f,t):new Error(`${n.statusText} (${n.status}): ${JSON.stringify(f)}`);return f}};var G=class{constructor(e){this._settings=e;this._logger=new d("MetadataService");this._jsonService=new L(["application/jwk-set+json"]);this._signingKeys=null;this._metadata=null;this._metadataUrl=this._settings.metadataUrl,this._settings.signingKeys&&(this._logger.debug("using signingKeys from settings"),this._signingKeys=this._settings.signingKeys),this._settings.metadata&&(this._logger.debug("using metadata from settings"),this._metadata=this._settings.metadata)}resetSigningKeys(){this._signingKeys=null}async getMetadata(){let e=this._logger.create("getMetadata");if(this._metadata)return e.debug("using cached values"),this._metadata;if(!this._metadataUrl)throw e.throw(new Error("No authority or metadataUrl configured on settings")),null;e.debug("getting metadata from",this._metadataUrl);let t=await this._jsonService.getJson(this._metadataUrl);return e.debug("merging remote JSON with seed metadata"),this._metadata=Object.assign({},this._settings.metadataSeed,t),this._metadata}getIssuer(){return this._getMetadataProperty("issuer")}getAuthorizationEndpoint(){return this._getMetadataProperty("authorization_endpoint")}getUserInfoEndpoint(){return this._getMetadataProperty("userinfo_endpoint")}getTokenEndpoint(e=!0){return this._getMetadataProperty("token_endpoint",e)}getCheckSessionIframe(){return this._getMetadataProperty("check_session_iframe",!0)}getEndSessionEndpoint(){return this._getMetadataProperty("end_session_endpoint",!0)}getRevocationEndpoint(e=!0){return this._getMetadataProperty("revocation_endpoint",e)}getKeysEndpoint(e=!0){return this._getMetadataProperty("jwks_uri",e)}async _getMetadataProperty(e,t=!1){let r=this._logger.create(`_getMetadataProperty('${e}')`),i=await this.getMetadata();if(r.debug("resolved"),i[e]===void 0){if(t===!0){r.warn("Metadata does not contain optional property");return}r.throw(new Error("Metadata does not contain property "+e))}return i[e]}async getSigningKeys(){let e=this._logger.create("getSigningKeys");if(this._signingKeys)return e.debug("returning signingKeys from cache"),this._signingKeys;let t=await this.getKeysEndpoint(!1);e.debug("got jwks_uri",t);let r=await this._jsonService.getJson(t);if(e.debug("got key set",r),!Array.isArray(r.keys))throw e.throw(new Error("Missing keys on keyset")),null;return this._signingKeys=r.keys,this._signingKeys}};var j=class{constructor({prefix:e="oidc.",store:t=localStorage}={}){this._logger=new d("WebStorageStateStore");this._store=t,this._prefix=e}set(e,t){return this._logger.create(`set('${e}')`),e=this._prefix+e,this._store.setItem(e,t),Promise.resolve()}get(e){this._logger.create(`get('${e}')`),e=this._prefix+e;let t=this._store.getItem(e);return Promise.resolve(t)}remove(e){this._logger.create(`remove('${e}')`),e=this._prefix+e;let t=this._store.getItem(e);return this._store.removeItem(e),Promise.resolve(t)}getAllKeys(){this._logger.create("getAllKeys");let e=[];for(let t=0;t<this._store.length;t++){let r=this._store.key(t);r&&r.indexOf(this._prefix)===0&&e.push(r.substr(this._prefix.length))}return Promise.resolve(e)}};var dt="code",gt="openid",ut="client_secret_post",pt="query",ht=60*15,mt=60*5,H=class{constructor({authority:e,metadataUrl:t,metadata:r,signingKeys:i,metadataSeed:s,client_id:o,client_secret:n,response_type:l=dt,scope:u=gt,redirect_uri:f,post_logout_redirect_uri:h,client_authentication:p=ut,prompt:m,display:_,max_age:k,ui_locales:y,acr_values:a,resource:g,response_mode:w=pt,filterProtocolClaims:b=!0,loadUserInfo:v=!1,staleStateAgeInSeconds:S=ht,clockSkewInSeconds:R=mt,userInfoJwtIssuer:P="OP",mergeClaims:T=!1,stateStore:F,extraQueryParams:B={},extraTokenParams:xe={}}){if(this.authority=e,t?this.metadataUrl=t:(this.metadataUrl=e,e&&(this.metadataUrl.endsWith("/")||(this.metadataUrl+="/"),this.metadataUrl+=".well-known/openid-configuration")),this.metadata=r,this.metadataSeed=s,this.signingKeys=i,this.client_id=o,this.client_secret=n,this.response_type=l,this.scope=u,this.redirect_uri=f,this.post_logout_redirect_uri=h,this.client_authentication=p,this.prompt=m,this.display=_,this.max_age=k,this.ui_locales=y,this.acr_values=a,this.resource=g,this.response_mode=w,this.filterProtocolClaims=!!b,this.loadUserInfo=!!v,this.staleStateAgeInSeconds=S,this.clockSkewInSeconds=R,this.userInfoJwtIssuer=P,this.mergeClaims=!!T,F)this.stateStore=F;else{let Pe=typeof window!="undefined"?window.localStorage:new W;this.stateStore=new j({store:Pe})}this.extraQueryParams=B,this.extraTokenParams=xe}};var he=class{constructor(e){this._metadataService=e;this._logger=new d("UserInfoService");this._getClaimsFromJwt=async e=>{let t=this._logger.create("_getClaimsFromJwt");try{let r=D.decode(e);return t.debug("JWT decoding successful"),r}catch(r){throw t.error("Error parsing JWT response"),r}};this._jsonService=new L(void 0,this._getClaimsFromJwt)}async getClaims(e){let t=this._logger.create("getClaims");e||this._logger.throw(new Error("No token passed"));let r=await this._metadataService.getUserInfoEndpoint();t.debug("got userinfo url",r);let i=await this._jsonService.getJson(r,{token:e});return t.debug("got claims",i),i}};var Y=class{constructor(e,t){this._settings=e;this._metadataService=t;this._logger=new d("TokenClient");this._jsonService=new L}async exchangeCode({grant_type:e="authorization_code",redirect_uri:t=this._settings.redirect_uri,client_id:r=this._settings.client_id,client_secret:i=this._settings.client_secret,...s}){let o=this._logger.create("exchangeCode");r||o.throw(new Error("A client_id is required")),t||o.throw(new Error("A redirect_uri is required")),s.code||o.throw(new Error("A code is required")),s.code_verifier||o.throw(new Error("A code_verifier is required"));let n=new URLSearchParams({grant_type:e,redirect_uri:t});for(let[h,p]of Object.entries(s))p!=null&&n.set(h,p);let l;switch(this._settings.client_authentication){case"client_secret_basic":if(!i)throw o.throw(new Error("A client_secret is required")),null;l=I.generateBasicAuth(r,i);break;case"client_secret_post":n.append("client_id",r),i&&n.append("client_secret",i);break}let u=await this._metadataService.getTokenEndpoint(!1);o.debug("got token endpoint");let f=await this._jsonService.postForm(u,{body:n,basicAuth:l});return o.debug("got response"),f}async exchangeRefreshToken({grant_type:e="refresh_token",client_id:t=this._settings.client_id,client_secret:r=this._settings.client_secret,timeoutInSeconds:i,...s}){let o=this._logger.create("exchangeRefreshToken");t||o.throw(new Error("A client_id is required")),s.refresh_token||o.throw(new Error("A refresh_token is required"));let n=new URLSearchParams({grant_type:e});for(let[h,p]of Object.entries(s))p!=null&&n.set(h,p);let l;switch(this._settings.client_authentication){case"client_secret_basic":if(!r)throw o.throw(new Error("A client_secret is required")),null;l=I.generateBasicAuth(t,r);break;case"client_secret_post":n.append("client_id",t),r&&n.append("client_secret",r);break}let u=await this._metadataService.getTokenEndpoint(!1);o.debug("got token endpoint");let f=await this._jsonService.postForm(u,{body:n,basicAuth:l,timeoutInSeconds:i});return o.debug("got response"),f}async revoke(e){var s;let t=this._logger.create("revoke");e.token||t.throw(new Error("A token is required"));let r=await this._metadataService.getRevocationEndpoint(!1);t.debug(`got revocation endpoint, revoking ${(s=e.token_type_hint)!=null?s:"default token type"}`);let i=new URLSearchParams;for(let[o,n]of Object.entries(e))n!=null&&i.set(o,n);i.set("client_id",this._settings.client_id),this._settings.client_secret&&i.set("client_secret",this._settings.client_secret),await this._jsonService.postForm(r,{body:i}),t.debug("got response")}};var ft=["iss","aud","exp","nbf","iat","jti","auth_time","nonce","acr","amr","azp","at_hash"],me=class{constructor(e,t){this._settings=e;this._metadataService=t;this._logger=new d("ResponseValidator");this._userInfoService=new he(this._metadataService);this._tokenClient=new Y(this._settings,this._metadataService)}async validateSigninResponse(e,t){let r=this._logger.create("validateSigninResponse");this._processSigninState(e,t),r.debug("state processed"),await this._processCode(e,t),r.debug("code processed"),e.isOpenId&&this._validateIdTokenAttributes(e),r.debug("tokens validated"),await this._processClaims(e,t==null?void 0:t.skipUserInfo,e.isOpenId),r.debug("claims processed")}async validateRefreshResponse(e,t){var s;let r=this._logger.create("validateRefreshResponse");e.userState=t.data,(s=e.scope)!=null||(e.scope=t.scope);let i=e.isOpenId&&!!e.id_token;i&&(this._validateIdTokenAttributes(e,t.id_token),r.debug("ID Token validated")),await this._processClaims(e,!1,i),r.debug("claims processed")}validateSignoutResponse(e,t){let r=this._logger.create("validateSignoutResponse");if(t.id!==e.state&&r.throw(new Error("State does not match")),r.debug("state validated"),e.userState=t.data,e.error)throw r.warn("Response was error",e.error),new C(e)}_processSigninState(e,t){var i;let r=this._logger.create("_processSigninState");if(t.id!==e.state&&r.throw(new Error("State does not match")),t.client_id||r.throw(new Error("No client_id on state")),t.authority||r.throw(new Error("No authority on state")),this._settings.authority!==t.authority&&r.throw(new Error("authority mismatch on settings vs. signin state")),this._settings.client_id&&this._settings.client_id!==t.client_id&&r.throw(new Error("client_id mismatch on settings vs. signin state")),r.debug("state validated"),e.userState=t.data,(i=e.scope)!=null||(e.scope=t.scope),e.error)throw r.warn("Response was error",e.error),new C(e);t.code_verifier&&!e.code&&r.throw(new Error("Expected code in response")),!t.code_verifier&&e.code&&r.throw(new Error("Unexpected code in response"))}async _processClaims(e,t=!1,r=!0){let i=this._logger.create("_processClaims");if(e.profile=this._filterProtocolClaims(e.profile),t||!this._settings.loadUserInfo||!e.access_token){i.debug("not loading user info");return}i.debug("loading user info");let s=await this._userInfoService.getClaims(e.access_token);i.debug("user info claims received from user info endpoint"),r&&s.sub!==e.profile.sub&&i.throw(new Error("subject from UserInfo response does not match subject in ID Token")),e.profile=this._mergeClaims(e.profile,this._filterProtocolClaims(s)),i.debug("user info claims received, updated profile:",e.profile)}_mergeClaims(e,t){let r={...e};for(let[i,s]of Object.entries(t))for(let o of Array.isArray(s)?s:[s]){let n=r[i];n?Array.isArray(n)?n.includes(o)||n.push(o):r[i]!==o&&(typeof o=="object"&&this._settings.mergeClaims?r[i]=this._mergeClaims(n,o):r[i]=[n,o]):r[i]=o}return r}_filterProtocolClaims(e){let t={...e};if(this._settings.filterProtocolClaims)for(let r of ft)delete t[r];return t}async _processCode(e,t){let r=this._logger.create("_processCode");if(e.code){r.debug("Validating code");let i=await this._tokenClient.exchangeCode({client_id:t.client_id,client_secret:t.client_secret,code:e.code,redirect_uri:t.redirect_uri,code_verifier:t.code_verifier,...t.extraTokenParams});Object.assign(e,i)}else r.debug("No code to process")}_validateIdTokenAttributes(e,t){var s;let r=this._logger.create("_validateIdTokenAttributes");r.debug("decoding ID Token JWT");let i=D.decode((s=e.id_token)!=null?s:"");if(i.sub||r.throw(new Error("ID Token is missing a subject claim")),t){let o=D.decode(t);o.sub!==i.sub&&r.throw(new Error("sub in id_token does not match current sub")),o.auth_time&&o.auth_time!==i.auth_time&&r.throw(new Error("auth_time in id_token does not match original auth_time")),o.azp&&o.azp!==i.azp&&r.throw(new Error("azp in id_token does not match original azp")),!o.azp&&i.azp&&r.throw(new Error("azp not in id_token, but present in original id_token"))}e.profile=i}};var U=class{constructor(e){this.id=e.id||I.generateUUIDv4(),this.data=e.data,e.created&&e.created>0?this.created=e.created:this.created=x.getEpochTime(),this.request_type=e.request_type}toStorageString(){return new d("State").create("toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type})}static fromStorageString(e){return d.createStatic("State","fromStorageString"),new U(JSON.parse(e))}static async clearStaleState(e,t){let r=d.createStatic("State","clearStaleState"),i=x.getEpochTime()-t,s=await e.getAllKeys();r.debug("got keys",s);for(let o=0;o<s.length;o++){let n=s[o],l=await e.get(n),u=!1;if(l)try{let f=U.fromStorageString(l);r.debug("got item from key:",n,f.created),f.created<=i&&(u=!0)}catch(f){r.error("Error parsing state for key:",n,f),u=!0}else r.debug("no item in storage for key:",n),u=!0;u&&(r.debug("removed item for key:",n),e.remove(n))}}};var q=class extends U{constructor(t){super(t);t.code_verifier===!0?this.code_verifier=I.generateCodeVerifier():t.code_verifier&&(this.code_verifier=t.code_verifier),this.code_verifier&&(this.code_challenge=I.generateCodeChallenge(this.code_verifier)),this.authority=t.authority,this.client_id=t.client_id,this.redirect_uri=t.redirect_uri,this.scope=t.scope,this.client_secret=t.client_secret,this.extraTokenParams=t.extraTokenParams,this.response_mode=t.response_mode,this.skipUserInfo=t.skipUserInfo}toStorageString(){return new d("SigninState").create("toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type,code_verifier:this.code_verifier,authority:this.authority,client_id:this.client_id,redirect_uri:this.redirect_uri,scope:this.scope,client_secret:this.client_secret,extraTokenParams:this.extraTokenParams,response_mode:this.response_mode,skipUserInfo:this.skipUserInfo})}static fromStorageString(t){d.createStatic("SigninState","fromStorageString");let r=JSON.parse(t);return new q(r)}};var fe=class{constructor({url:e,authority:t,client_id:r,redirect_uri:i,response_type:s,scope:o,state_data:n,response_mode:l,request_type:u,client_secret:f,nonce:h,skipUserInfo:p,extraQueryParams:m,extraTokenParams:_,...k}){this._logger=new d("SigninRequest");if(!e)throw this._logger.error("ctor: No url passed"),new Error("url");if(!r)throw this._logger.error("ctor: No client_id passed"),new Error("client_id");if(!i)throw this._logger.error("ctor: No redirect_uri passed"),new Error("redirect_uri");if(!s)throw this._logger.error("ctor: No response_type passed"),new Error("response_type");if(!o)throw this._logger.error("ctor: No scope passed"),new Error("scope");if(!t)throw this._logger.error("ctor: No authority passed"),new Error("authority");this.state=new q({data:n,request_type:u,code_verifier:!0,client_id:r,authority:t,redirect_uri:i,response_mode:l,client_secret:f,scope:o,extraTokenParams:_,skipUserInfo:p});let y=new URL(e);y.searchParams.append("client_id",r),y.searchParams.append("redirect_uri",i),y.searchParams.append("response_type",s),y.searchParams.append("scope",o),h&&y.searchParams.append("nonce",h),y.searchParams.append("state",this.state.id),this.state.code_challenge&&(y.searchParams.append("code_challenge",this.state.code_challenge),y.searchParams.append("code_challenge_method","S256"));for(let[a,g]of Object.entries({response_mode:l,...k,...m}))g!=null&&y.searchParams.append(a,g.toString());this.url=y.href}};var _t="openid",$=class{constructor(e){this.access_token="";this.token_type="";this.profile={};this.state=e.get("state"),this.session_state=e.get("session_state"),this.error=e.get("error"),this.error_description=e.get("error_description"),this.error_uri=e.get("error_uri"),this.code=e.get("code")}get expires_in(){if(this.expires_at!==void 0)return this.expires_at-x.getEpochTime()}set expires_in(e){typeof e=="string"&&(e=Number(e)),e!==void 0&&e>=0&&(this.expires_at=Math.floor(e)+x.getEpochTime())}get isOpenId(){var e;return((e=this.scope)==null?void 0:e.split(" ").includes(_t))||!!this.id_token}};var _e=class{constructor({url:e,state_data:t,id_token_hint:r,post_logout_redirect_uri:i,extraQueryParams:s,request_type:o}){this._logger=new d("SignoutRequest");if(!e)throw this._logger.error("ctor: No url passed"),new Error("url");let n=new URL(e);r&&n.searchParams.append("id_token_hint",r),i&&(n.searchParams.append("post_logout_redirect_uri",i),t&&(this.state=new U({data:t,request_type:o}),n.searchParams.append("state",this.state.id)));for(let[l,u]of Object.entries({...s}))u!=null&&n.searchParams.append(l,u.toString());this.url=n.href}};var X=class{constructor(e){this.state=e.get("state"),this.error=e.get("error"),this.error_description=e.get("error_description"),this.error_uri=e.get("error_uri")}};var ne=class{constructor(e){this._logger=new d("OidcClient");this.settings=new H(e),this.metadataService=new G(this.settings),this._validator=new me(this.settings,this.metadataService),this._tokenClient=new Y(this.settings,this.metadataService)}async createSigninRequest({state:e,request:t,request_uri:r,request_type:i,id_token_hint:s,login_hint:o,skipUserInfo:n,nonce:l,response_type:u=this.settings.response_type,scope:f=this.settings.scope,redirect_uri:h=this.settings.redirect_uri,prompt:p=this.settings.prompt,display:m=this.settings.display,max_age:_=this.settings.max_age,ui_locales:k=this.settings.ui_locales,acr_values:y=this.settings.acr_values,resource:a=this.settings.resource,response_mode:g=this.settings.response_mode,extraQueryParams:w=this.settings.extraQueryParams,extraTokenParams:b=this.settings.extraTokenParams}){let v=this._logger.create("createSigninRequest");if(u!=="code")throw new Error("Only the Authorization Code flow (with PKCE) is supported");let S=await this.metadataService.getAuthorizationEndpoint();v.debug("Received authorization endpoint",S);let R=new fe({url:S,authority:this.settings.authority,client_id:this.settings.client_id,redirect_uri:h,response_type:u,scope:f,state_data:e,prompt:p,display:m,max_age:_,ui_locales:k,id_token_hint:s,login_hint:o,acr_values:y,resource:a,request:t,request_uri:r,extraQueryParams:w,extraTokenParams:b,request_type:i,response_mode:g,client_secret:this.settings.client_secret,skipUserInfo:n,nonce:l}),P=R.state;return await this.settings.stateStore.set(P.id,P.toStorageString()),R}async readSigninResponseState(e,t=!1){let r=this._logger.create("readSigninResponseState"),i=new $(K.readParams(e,this.settings.response_mode));if(!i.state)throw r.throw(new Error("No state in response")),null;let s=await this.settings.stateStore[t?"remove":"get"](i.state);if(!s)throw r.throw(new Error("No matching state found in storage")),null;return{state:q.fromStorageString(s),response:i}}async processSigninResponse(e){let t=this._logger.create("processSigninResponse"),{state:r,response:i}=await this.readSigninResponseState(e,!0);return t.debug("received state from storage; validating response"),await this._validator.validateSigninResponse(i,r),i}async useRefreshToken({state:e,timeoutInSeconds:t}){let r=this._logger.create("useRefreshToken"),i=await this._tokenClient.exchangeRefreshToken({refresh_token:e.refresh_token,scope:e.scope,timeoutInSeconds:t}),s=new $(new URLSearchParams);return Object.assign(s,i),r.debug("validating response",s),await this._validator.validateRefreshResponse(s,e),s}async createSignoutRequest({state:e,id_token_hint:t,request_type:r,post_logout_redirect_uri:i=this.settings.post_logout_redirect_uri,extraQueryParams:s=this.settings.extraQueryParams}={}){let o=this._logger.create("createSignoutRequest"),n=await this.metadataService.getEndSessionEndpoint();if(!n)throw o.throw(new Error("No end session endpoint")),null;o.debug("Received end session endpoint",n);let l=new _e({url:n,id_token_hint:t,post_logout_redirect_uri:i,state_data:e,extraQueryParams:s,request_type:r}),u=l.state;return u&&(o.debug("Signout request has state to persist"),await this.settings.stateStore.set(u.id,u.toStorageString())),l}async readSignoutResponseState(e,t=!1){let r=this._logger.create("readSignoutResponseState"),i=new X(K.readParams(e,this.settings.response_mode));if(!i.state){if(r.debug("No state in response"),i.error)throw r.warn("Response was error:",i.error),new C(i);return{state:void 0,response:i}}let s=await this.settings.stateStore[t?"remove":"get"](i.state);if(!s)throw r.throw(new Error("No matching state found in storage")),null;return{state:U.fromStorageString(s),response:i}}async processSignoutResponse(e){let t=this._logger.create("processSignoutResponse"),{state:r,response:i}=await this.readSignoutResponseState(e,!0);return r?(t.debug("Received state from storage; validating response"),this._validator.validateSignoutResponse(i,r)):t.debug("No state from storage; skipping response validation"),i}clearStaleState(){return this._logger.create("clearStaleState"),U.clearStaleState(this.settings.stateStore,this.settings.staleStateAgeInSeconds)}async revokeToken(e,t){return this._logger.create("revokeToken"),await this._tokenClient.revoke({token:e,token_type_hint:t})}};var Z=class{constructor(e){this._userManager=e;this._logger=new d("SessionMonitor");this._start=async e=>{let t=e.session_state;if(!t)return;let r=this._logger.create("_start");if(e.profile?(this._sub=e.profile.sub,this._sid=e.profile.sid,r.debug("session_state",t,", sub",this._sub)):(this._sub=void 0,this._sid=void 0,r.debug("session_state",t,", anonymous user")),this._checkSessionIFrame){this._checkSessionIFrame.start(t);return}try{let i=await this._userManager.metadataService.getCheckSessionIframe();if(i){r.debug("initializing check session iframe");let s=this._userManager.settings.client_id,o=this._userManager.settings.checkSessionIntervalInSeconds,n=this._userManager.settings.stopCheckSessionOnError,l=new V(this._callback,s,i,o,n);await l.load(),this._checkSessionIFrame=l,l.start(t)}else r.warn("no check session iframe found in the metadata")}catch(i){r.error("Error from getCheckSessionIframe:",i instanceof Error?i.message:i)}};this._stop=()=>{let e=this._logger.create("_stop");if(this._sub=void 0,this._sid=void 0,this._checkSessionIFrame&&this._checkSessionIFrame.stop(),this._userManager.settings.monitorAnonymousSession){let t=setInterval(async()=>{clearInterval(t);try{let r=await this._userManager.querySessionStatus();if(r){let i={session_state:r.session_state,profile:r.sub&&r.sid?{sub:r.sub,sid:r.sid}:null};this._start(i)}}catch(r){e.error("error from querySessionStatus",r instanceof Error?r.message:r)}},1e3)}};this._callback=async()=>{let e=this._logger.create("_callback");try{let t=await this._userManager.querySessionStatus(),r=!0;t&&this._checkSessionIFrame?t.sub===this._sub?(r=!1,this._checkSessionIFrame.start(t.session_state),t.sid===this._sid?e.debug("same sub still logged in at OP, restarting check session iframe; session_state",t.session_state):(e.debug("same sub still logged in at OP, session state has changed, restarting check session iframe; session_state",t.session_state),this._userManager.events._raiseUserSessionChanged())):e.debug("different subject signed into OP",t.sub):e.debug("subject no longer signed into OP"),r?this._sub?this._userManager.events._raiseUserSignedOut():this._userManager.events._raiseUserSignedIn():e.debug("no change in session detected, no event to raise")}catch(t){this._sub&&(e.debug("Error calling queryCurrentSigninSession; raising signed out event",t),this._userManager.events._raiseUserSignedOut())}};e||this._logger.throw(new Error("No user manager passed")),this._userManager.events.addUserLoaded(this._start),this._userManager.events.addUserUnloaded(this._stop),this._init().catch(t=>{this._logger.error(t)})}async _init(){this._logger.create("_init");let e=await this._userManager.getUser();if(e)this._start(e);else if(this._userManager.settings.monitorAnonymousSession){let t=await this._userManager.querySessionStatus();if(t){let r={session_state:t.session_state,profile:t.sub&&t.sid?{sub:t.sub,sid:t.sid}:null};this._start(r)}}}};var N=class{constructor(e){var t;this.id_token=e.id_token,this.session_state=(t=e.session_state)!=null?t:null,this.access_token=e.access_token,this.refresh_token=e.refresh_token,this.token_type=e.token_type,this.scope=e.scope,this.profile=e.profile,this.expires_at=e.expires_at,this.state=e.userState}get expires_in(){if(this.expires_at!==void 0)return this.expires_at-x.getEpochTime()}set expires_in(e){e!==void 0&&(this.expires_at=Math.floor(e)+x.getEpochTime())}get expired(){let e=this.expires_in;if(e!==void 0)return e<=0}get scopes(){var e,t;return(t=(e=this.scope)==null?void 0:e.split(" "))!=null?t:[]}toStorageString(){return new d("User").create("toStorageString"),JSON.stringify({id_token:this.id_token,session_state:this.session_state,access_token:this.access_token,refresh_token:this.refresh_token,token_type:this.token_type,scope:this.scope,profile:this.profile,expires_at:this.expires_at})}static fromStorageString(e){return d.createStatic("User","fromStorageString"),new N(JSON.parse(e))}};var Qe="oidc-client",ee=class{constructor(){this._abort=new E("Window navigation aborted");this._disposeHandlers=new Set;this._window=null}async navigate(e){let t=this._logger.create("navigate");if(!this._window)throw new Error("Attempted to navigate on a disposed window");t.debug("setting URL in window"),this._window.location.replace(e.url);let{url:r,keepOpen:i}=await new Promise((s,o)=>{let n=l=>{var h;let u=l.data,f=(h=e.scriptOrigin)!=null?h:window.location.origin;if(!(l.origin!==f||(u==null?void 0:u.source)!==Qe)){try{let p=K.readParams(u.url,e.response_mode).get("state");if(p||t.warn("no state found in response url"),l.source!==this._window&&p!==e.state)return}catch{this._dispose(),o(new Error("Invalid response from window"))}s(u)}};window.addEventListener("message",n,!1),this._disposeHandlers.add(()=>window.removeEventListener("message",n,!1)),this._disposeHandlers.add(this._abort.addHandler(l=>{this._dispose(),o(l)}))});return t.debug("got response from window"),this._dispose(),i||this.close(),{url:r}}_dispose(){this._logger.create("_dispose");for(let e of this._disposeHandlers)e();this._disposeHandlers.clear()}static _notifyParent(e,t,r=!1,i=window.location.origin){e.postMessage({source:Qe,url:t,keepOpen:r},i)}};var Ce={location:!1,toolbar:!1,height:640},Ue="_blank",wt=60,bt=2,Ee=10,te=class extends H{constructor(t){let{popup_redirect_uri:r=t.redirect_uri,popup_post_logout_redirect_uri:i=t.post_logout_redirect_uri,popupWindowFeatures:s=Ce,popupWindowTarget:o=Ue,redirectMethod:n="assign",iframeNotifyParentOrigin:l=t.iframeNotifyParentOrigin,iframeScriptOrigin:u=t.iframeScriptOrigin,silent_redirect_uri:f=t.redirect_uri,silentRequestTimeoutInSeconds:h=Ee,automaticSilentRenew:p=!0,validateSubOnSilentRenew:m=!0,includeIdTokenInSilentRenew:_=!1,monitorSession:k=!1,monitorAnonymousSession:y=!1,checkSessionIntervalInSeconds:a=bt,query_status_response_type:g="code",stopCheckSessionOnError:w=!0,revokeTokenTypes:b=["access_token","refresh_token"],revokeTokensOnSignout:v=!1,accessTokenExpiringNotificationTimeInSeconds:S=wt,userStore:R}=t;super(t);if(this.popup_redirect_uri=r,this.popup_post_logout_redirect_uri=i,this.popupWindowFeatures=s,this.popupWindowTarget=o,this.redirectMethod=n,this.iframeNotifyParentOrigin=l,this.iframeScriptOrigin=u,this.silent_redirect_uri=f,this.silentRequestTimeoutInSeconds=h,this.automaticSilentRenew=p,this.validateSubOnSilentRenew=m,this.includeIdTokenInSilentRenew=_,this.monitorSession=k,this.monitorAnonymousSession=y,this.checkSessionIntervalInSeconds=a,this.stopCheckSessionOnError=w,this.query_status_response_type=g,this.revokeTokenTypes=b,this.revokeTokensOnSignout=v,this.accessTokenExpiringNotificationTimeInSeconds=S,R)this.userStore=R;else{let P=typeof window!="undefined"?window.sessionStorage:new W;this.userStore=new j({store:P})}}};var z=class extends ee{constructor({silentRequestTimeoutInSeconds:t=Ee}){super();this._logger=new d("IFrameWindow");this._timeoutInSeconds=t,this._frame=z.createHiddenIframe(),this._window=this._frame.contentWindow}static createHiddenIframe(){let t=window.document.createElement("iframe");return t.style.visibility="hidden",t.style.position="fixed",t.style.left="-1000px",t.style.top="0",t.width="0",t.height="0",t.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms"),window.document.body.appendChild(t),t}async navigate(t){this._logger.debug("navigate: Using timeout of:",this._timeoutInSeconds);let r=setTimeout(()=>this._abort.raise(new M("IFrame timed out without a response")),this._timeoutInSeconds*1e3);return this._disposeHandlers.add(()=>clearTimeout(r)),await super.navigate(t)}close(){var t;this._frame&&(this._frame.parentNode&&(this._frame.addEventListener("load",r=>{var s;let i=r.target;(s=i.parentNode)==null||s.removeChild(i),this._abort.raise(new Error("IFrame removed from DOM"))},!0),(t=this._frame.contentWindow)==null||t.location.replace("about:blank")),this._frame=null),this._window=null}static notifyParent(t,r){return super._notifyParent(window.parent,t,!1,r)}};var we=class{constructor(e){this._settings=e;this._logger=new d("IFrameNavigator")}async prepare({silentRequestTimeoutInSeconds:e=this._settings.silentRequestTimeoutInSeconds}){return new z({silentRequestTimeoutInSeconds:e})}async callback(e){this._logger.create("callback"),z.notifyParent(e,this._settings.iframeNotifyParentOrigin)}};var St=500,oe=class extends ee{constructor({popupWindowTarget:t=Ue,popupWindowFeatures:r={}}){super();this._logger=new d("PopupWindow");let i=se.center({...Ce,...r});this._window=window.open(void 0,t,se.serialize(i))}async navigate(t){var i;(i=this._window)==null||i.focus();let r=setInterval(()=>{(!this._window||this._window.closed)&&this._abort.raise(new Error("Popup closed by user"))},St);return this._disposeHandlers.add(()=>clearInterval(r)),await super.navigate(t)}close(){this._window&&(this._window.closed||(this._window.close(),this._abort.raise(new Error("Popup closed")))),this._window=null}static notifyOpener(t,r){if(!window.opener)throw new Error("No window.opener. Can't complete notification.");return super._notifyParent(window.opener,t,r)}};var be=class{constructor(e){this._settings=e;this._logger=new d("PopupNavigator")}async prepare({popupWindowFeatures:e=this._settings.popupWindowFeatures,popupWindowTarget:t=this._settings.popupWindowTarget}){return new oe({popupWindowFeatures:e,popupWindowTarget:t})}async callback(e,t=!1){this._logger.create("callback"),oe.notifyOpener(e,t)}};var Se=class{constructor(e){this._settings=e;this._logger=new d("RedirectNavigator")}async prepare({redirectMethod:e=this._settings.redirectMethod}){this._logger.create("prepare");let t=window.location[e].bind(window.location),r;return{navigate:async i=>{this._logger.create("navigate");let s=new Promise((o,n)=>{r=n});return t(i.url),await s},close:()=>{this._logger.create("close"),r==null||r(new Error("Redirect aborted")),window.stop()}}}};var ye=class extends Q{constructor(t){super({expiringNotificationTimeInSeconds:t.accessTokenExpiringNotificationTimeInSeconds});this._logger=new d("UserManagerEvents");this._userLoaded=new E("User loaded");this._userUnloaded=new E("User unloaded");this._silentRenewError=new E("Silent renew error");this._userSignedIn=new E("User signed in");this._userSignedOut=new E("User signed out");this._userSessionChanged=new E("User session changed")}load(t,r=!0){super.load(t),r&&this._userLoaded.raise(t)}unload(){super.unload(),this._userUnloaded.raise()}addUserLoaded(t){return this._userLoaded.addHandler(t)}removeUserLoaded(t){return this._userLoaded.removeHandler(t)}addUserUnloaded(t){return this._userUnloaded.addHandler(t)}removeUserUnloaded(t){return this._userUnloaded.removeHandler(t)}addSilentRenewError(t){return this._silentRenewError.addHandler(t)}removeSilentRenewError(t){return this._silentRenewError.removeHandler(t)}_raiseSilentRenewError(t){this._silentRenewError.raise(t)}addUserSignedIn(t){return this._userSignedIn.addHandler(t)}removeUserSignedIn(t){this._userSignedIn.removeHandler(t)}_raiseUserSignedIn(){this._userSignedIn.raise()}addUserSignedOut(t){return this._userSignedOut.addHandler(t)}removeUserSignedOut(t){this._userSignedOut.removeHandler(t)}_raiseUserSignedOut(){this._userSignedOut.raise()}addUserSessionChanged(t){return this._userSessionChanged.addHandler(t)}removeUserSessionChanged(t){this._userSessionChanged.removeHandler(t)}_raiseUserSessionChanged(){this._userSessionChanged.raise()}};var ve=class{constructor(e){this._userManager=e;this._logger=new d("SilentRenewService");this._isStarted=!1;this._retryTimer=new x("Retry Silent Renew");this._tokenExpiring=async()=>{let e=this._logger.create("_tokenExpiring");try{await this._userManager.signinSilent(),e.debug("silent token renewal successful")}catch(t){if(t instanceof M){e.warn("ErrorTimeout from signinSilent:",t,"retry in 5s"),this._retryTimer.init(5);return}e.error("Error from signinSilent:",t),this._userManager.events._raiseSilentRenewError(t)}}}async start(){let e=this._logger.create("start");if(!this._isStarted){this._isStarted=!0,this._userManager.events.addAccessTokenExpiring(this._tokenExpiring),this._retryTimer.addHandler(this._tokenExpiring);try{await this._userManager.getUser()}catch(t){e.error("getUser error",t)}}}stop(){this._isStarted&&(this._retryTimer.cancel(),this._retryTimer.removeHandler(this._tokenExpiring),this._userManager.events.removeAccessTokenExpiring(this._tokenExpiring),this._isStarted=!1)}};var ke=class{constructor(e){this.refresh_token=e.refresh_token,this.id_token=e.id_token,this.scope=e.scope,this.data=e.state}};var Te=class{constructor(e){this._logger=new d("UserManager");this.settings=new te(e),this._client=new ne(e),this._redirectNavigator=new Se(this.settings),this._popupNavigator=new be(this.settings),this._iframeNavigator=new we(this.settings),this._events=new ye(this.settings),this._silentRenewService=new ve(this),this.settings.automaticSilentRenew&&this.startSilentRenew(),this._sessionMonitor=null,this.settings.monitorSession&&(this._sessionMonitor=new Z(this))}get events(){return this._events}get metadataService(){return this._client.metadataService}async getUser(){let e=this._logger.create("getUser"),t=await this._loadUser();return t?(e.info("user loaded"),this._events.load(t,!1),t):(e.info("user not found in storage"),null)}async removeUser(){let e=this._logger.create("removeUser");await this.storeUser(null),e.info("user removed from storage"),this._events.unload()}async signinRedirect(e={}){this._logger.create("signinRedirect");let{redirectMethod:t,...r}=e,i=await this._redirectNavigator.prepare({redirectMethod:t});await this._signinStart({request_type:"si:r",...r},i)}async signinRedirectCallback(e=window.location.href){let t=this._logger.create("signinRedirectCallback"),r=await this._signinEnd(e);return r.profile&&r.profile.sub?t.info("success, signed in subject",r.profile.sub):t.info("no subject"),r}async signinPopup(e={}){let t=this._logger.create("signinPopup"),{popupWindowFeatures:r,popupWindowTarget:i,...s}=e,o=this.settings.popup_redirect_uri;o||t.throw(new Error("No popup_redirect_uri configured"));let n=await this._popupNavigator.prepare({popupWindowFeatures:r,popupWindowTarget:i}),l=await this._signin({request_type:"si:p",redirect_uri:o,display:"popup",...s},n);return l&&(l.profile&&l.profile.sub?t.info("success, signed in subject",l.profile.sub):t.info("no subject")),l}async signinPopupCallback(e=window.location.href,t=!1){let r=this._logger.create("signinPopupCallback");await this._popupNavigator.callback(e,t),r.info("success")}async signinSilent(e={}){var u;let t=this._logger.create("signinSilent"),{silentRequestTimeoutInSeconds:r,...i}=e,s=await this._loadUser();if(s!=null&&s.refresh_token){t.debug("using refresh token");let f=new ke(s);return await this._useRefreshToken(f)}let o=this.settings.silent_redirect_uri;o||t.throw(new Error("No silent_redirect_uri configured"));let n;s&&this.settings.validateSubOnSilentRenew&&(t.debug("subject prior to silent renew:",s.profile.sub),n=s.profile.sub);let l=await this._iframeNavigator.prepare({silentRequestTimeoutInSeconds:r});return s=await this._signin({request_type:"si:s",redirect_uri:o,prompt:"none",id_token_hint:this.settings.includeIdTokenInSilentRenew?s==null?void 0:s.id_token:void 0,...i},l,n),s&&((u=s.profile)!=null&&u.sub?t.info("success, signed in subject",s.profile.sub):t.info("no subject")),s}async _useRefreshToken(e){let t=await this._client.useRefreshToken({state:e,timeoutInSeconds:this.settings.silentRequestTimeoutInSeconds}),r=new N({...e,...t});return await this.storeUser(r),this._events.load(r),r}async signinSilentCallback(e=window.location.href){let t=this._logger.create("signinSilentCallback");await this._iframeNavigator.callback(e),t.info("success")}async signinCallback(e=window.location.href){let{state:t}=await this._client.readSigninResponseState(e);switch(t.request_type){case"si:r":return await this.signinRedirectCallback(e);case"si:p":return await this.signinPopupCallback(e);case"si:s":return await this.signinSilentCallback(e);default:throw new Error("invalid response_type in state")}}async signoutCallback(e=window.location.href,t=!1){let{state:r}=await this._client.readSignoutResponseState(e);if(!!r)switch(r.request_type){case"so:r":await this.signoutRedirectCallback(e);break;case"so:p":await this.signoutPopupCallback(e,t);break;default:throw new Error("invalid response_type in state")}}async querySessionStatus(e={}){let t=this._logger.create("querySessionStatus"),{silentRequestTimeoutInSeconds:r,...i}=e,s=this.settings.silent_redirect_uri;s||t.throw(new Error("No silent_redirect_uri configured"));let o=await this._iframeNavigator.prepare({silentRequestTimeoutInSeconds:r}),n=await this._signinStart({request_type:"si:s",redirect_uri:s,prompt:"none",response_type:this.settings.query_status_response_type,scope:"openid",skipUserInfo:!0,...i},o);try{let l=await this._client.processSigninResponse(n.url);return t.debug("got signin response"),l.session_state&&l.profile.sub?(t.info("success for subject",l.profile.sub),{session_state:l.session_state,sub:l.profile.sub,sid:l.profile.sid}):(t.info("success, user not authenticated"),null)}catch(l){if(this.settings.monitorAnonymousSession&&l instanceof C)switch(l.error){case"login_required":case"consent_required":case"interaction_required":case"account_selection_required":return t.info("success for anonymous user"),{session_state:l.session_state}}throw l}}async _signin(e,t,r){let i=await this._signinStart(e,t);return await this._signinEnd(i.url,r)}async _signinStart(e,t){let r=this._logger.create("_signinStart");try{let i=await this._client.createSigninRequest(e);return r.debug("got signin request"),await t.navigate({url:i.url,state:i.state.id,response_mode:i.state.response_mode,scriptOrigin:this.settings.iframeScriptOrigin})}catch(i){throw r.debug("error after preparing navigator, closing navigator window"),t.close(),i}}async _signinEnd(e,t){let r=this._logger.create("_signinEnd"),i=await this._client.processSigninResponse(e);r.debug("got signin response");let s=new N(i);if(t){if(t!==s.profile.sub)throw r.debug("current user does not match user returned from signin. sub from signin:",s.profile.sub),new C({...i,error:"login_required"});r.debug("current user matches user returned from signin")}return await this.storeUser(s),r.debug("user stored"),this._events.load(s),s}async signoutRedirect(e={}){let t=this._logger.create("signoutRedirect"),{redirectMethod:r,...i}=e,s=await this._redirectNavigator.prepare({redirectMethod:r});await this._signoutStart({request_type:"so:r",post_logout_redirect_uri:this.settings.post_logout_redirect_uri,...i},s),t.info("success")}async signoutRedirectCallback(e=window.location.href){let t=this._logger.create("signoutRedirectCallback"),r=await this._signoutEnd(e);return t.info("success"),r}async signoutPopup(e={}){let t=this._logger.create("signoutPopup"),{popupWindowFeatures:r,popupWindowTarget:i,...s}=e,o=this.settings.popup_post_logout_redirect_uri,n=await this._popupNavigator.prepare({popupWindowFeatures:r,popupWindowTarget:i});await this._signout({request_type:"so:p",post_logout_redirect_uri:o,state:o==null?void 0:{},...s},n),t.info("success")}async signoutPopupCallback(e=window.location.href,t=!1){let r=this._logger.create("signoutPopupCallback");await this._popupNavigator.callback(e,t),r.info("success")}async _signout(e,t){let r=await this._signoutStart(e,t);return await this._signoutEnd(r.url)}async _signoutStart(e={},t){var i;let r=this._logger.create("_signoutStart");try{let s=await this._loadUser();r.debug("loaded current user from storage"),this.settings.revokeTokensOnSignout&&await this._revokeInternal(s);let o=e.id_token_hint||s&&s.id_token;o&&(r.debug("setting id_token_hint in signout request"),e.id_token_hint=o),await this.removeUser(),r.debug("user removed, creating signout request");let n=await this._client.createSignoutRequest(e);return r.debug("got signout request"),await t.navigate({url:n.url,state:(i=n.state)==null?void 0:i.id})}catch(s){throw r.debug("error after preparing navigator, closing navigator window"),t.close(),s}}async _signoutEnd(e){let t=this._logger.create("_signoutEnd"),r=await this._client.processSignoutResponse(e);return t.debug("got signout response"),r}async revokeTokens(e){let t=await this._loadUser();await this._revokeInternal(t,e)}async _revokeInternal(e,t=this.settings.revokeTokenTypes){let r=this._logger.create("_revokeInternal");if(!e)return;let i=t.filter(s=>typeof e[s]=="string");if(!i.length){r.debug("no need to revoke due to no token(s)");return}for(let s of i)await this._client.revokeToken(e[s],s),r.info(`${s} revoked successfully`),s!=="access_token"&&(e[s]=null);await this.storeUser(e),r.debug("user stored"),this._events.load(e)}startSilentRenew(){this._logger.create("startSilentRenew"),this._silentRenewService.start()}stopSilentRenew(){this._silentRenewService.stop()}get _userStoreKey(){return`user:${this.settings.authority}:${this.settings.client_id}`}async _loadUser(){let e=this._logger.create("_loadUser"),t=await this.settings.userStore.get(this._userStoreKey);return t?(e.debug("user storageString loaded"),N.fromStorageString(t)):(e.debug("no user storageString"),null)}async storeUser(e){let t=this._logger.create("storeUser");if(e){t.debug("storing user");let r=e.toStorageString();await this.settings.userStore.set(this._userStoreKey,r)}else this._logger.debug("removing user"),await this.settings.userStore.remove(this._userStoreKey)}async clearStaleState(){await this._client.clearStaleState()}};var Ve="2.0.4";var Ge=Ve;return nt(vt);})();
+var oidc=(()=>{var Ze=Object.create;var ae=Object.defineProperty;var et=Object.getOwnPropertyDescriptor;var tt=Object.getOwnPropertyNames;var rt=Object.getPrototypeOf,it=Object.prototype.hasOwnProperty;var Oe=(l=>typeof require!="undefined"?require:typeof Proxy!="undefined"?new Proxy(l,{get:(e,t)=>(typeof require!="undefined"?require:e)[t]}):l)(function(l){if(typeof require!="undefined")return require.apply(this,arguments);throw new Error('Dynamic require of "'+l+'" is not supported')});var re=(l,e)=>()=>(e||l((e={exports:{}}).exports,e),e.exports),st=(l,e)=>{for(var t in e)ae(l,t,{get:e[t],enumerable:!0})},Me=(l,e,t,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of tt(e))!it.call(l,i)&&i!==t&&ae(l,i,{get:()=>e[i],enumerable:!(r=et(e,i))||r.enumerable});return l};var ce=(l,e,t)=>(t=l!=null?Ze(rt(l)):{},Me(e||!l||!l.__esModule?ae(t,"default",{value:l,enumerable:!0}):t,l)),nt=l=>Me(ae({},"__esModule",{value:!0}),l);var qe=re(()=>{});var ie=re((le,Ne)=>{(function(l,e){typeof le=="object"?Ne.exports=le=e():typeof define=="function"&&define.amd?define([],e):l.CryptoJS=e()})(le,function(){var l=l||function(e,t){var r;if(typeof window<"u"&&window.crypto&&(r=window.crypto),typeof self<"u"&&self.crypto&&(r=self.crypto),typeof globalThis<"u"&&globalThis.crypto&&(r=globalThis.crypto),!r&&typeof window<"u"&&window.msCrypto&&(r=window.msCrypto),!r&&typeof global<"u"&&global.crypto&&(r=global.crypto),!r&&typeof Oe=="function")try{r=qe()}catch{}var i=function(){if(r){if(typeof r.getRandomValues=="function")try{return r.getRandomValues(new Uint32Array(1))[0]}catch{}if(typeof r.randomBytes=="function")try{return r.randomBytes(4).readInt32LE()}catch{}}throw new Error("Native crypto module could not be used to get secure random number.")},s=Object.create||function(){function a(){}return function(g){var w;return a.prototype=g,w=new a,a.prototype=null,w}}(),n={},o=n.lib={},c=o.Base=function(){return{extend:function(a){var g=s(this);return a&&g.mixIn(a),(!g.hasOwnProperty("init")||this.init===g.init)&&(g.init=function(){g.$super.init.apply(this,arguments)}),g.init.prototype=g,g.$super=this,g},create:function(){var a=this.extend();return a.init.apply(a,arguments),a},init:function(){},mixIn:function(a){for(var g in a)a.hasOwnProperty(g)&&(this[g]=a[g]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}}}(),u=o.WordArray=c.extend({init:function(a,g){a=this.words=a||[],g!=t?this.sigBytes=g:this.sigBytes=a.length*4},toString:function(a){return(a||h).stringify(this)},concat:function(a){var g=this.words,w=a.words,b=this.sigBytes,v=a.sigBytes;if(this.clamp(),b%4)for(var S=0;S<v;S++){var R=w[S>>>2]>>>24-S%4*8&255;g[b+S>>>2]|=R<<24-(b+S)%4*8}else for(var x=0;x<v;x+=4)g[b+x>>>2]=w[x>>>2];return this.sigBytes+=v,this},clamp:function(){var a=this.words,g=this.sigBytes;a[g>>>2]&=4294967295<<32-g%4*8,a.length=e.ceil(g/4)},clone:function(){var a=c.clone.call(this);return a.words=this.words.slice(0),a},random:function(a){for(var g=[],w=0;w<a;w+=4)g.push(i());return new u.init(g,a)}}),m=n.enc={},h=m.Hex={stringify:function(a){for(var g=a.words,w=a.sigBytes,b=[],v=0;v<w;v++){var S=g[v>>>2]>>>24-v%4*8&255;b.push((S>>>4).toString(16)),b.push((S&15).toString(16))}return b.join("")},parse:function(a){for(var g=a.length,w=[],b=0;b<g;b+=2)w[b>>>3]|=parseInt(a.substr(b,2),16)<<24-b%8*4;return new u.init(w,g/2)}},p=m.Latin1={stringify:function(a){for(var g=a.words,w=a.sigBytes,b=[],v=0;v<w;v++){var S=g[v>>>2]>>>24-v%4*8&255;b.push(String.fromCharCode(S))}return b.join("")},parse:function(a){for(var g=a.length,w=[],b=0;b<g;b++)w[b>>>2]|=(a.charCodeAt(b)&255)<<24-b%4*8;return new u.init(w,g)}},f=m.Utf8={stringify:function(a){try{return decodeURIComponent(escape(p.stringify(a)))}catch{throw new Error("Malformed UTF-8 data")}},parse:function(a){return p.parse(unescape(encodeURIComponent(a)))}},_=o.BufferedBlockAlgorithm=c.extend({reset:function(){this._data=new u.init,this._nDataBytes=0},_append:function(a){typeof a=="string"&&(a=f.parse(a)),this._data.concat(a),this._nDataBytes+=a.sigBytes},_process:function(a){var g,w=this._data,b=w.words,v=w.sigBytes,S=this.blockSize,R=S*4,x=v/R;a?x=e.ceil(x):x=e.max((x|0)-this._minBufferSize,0);var C=x*S,F=e.min(C*4,v);if(C){for(var B=0;B<C;B+=S)this._doProcessBlock(b,B);g=b.splice(0,C),w.sigBytes-=F}return new u.init(g,F)},clone:function(){var a=c.clone.call(this);return a._data=this._data.clone(),a},_minBufferSize:0}),k=o.Hasher=_.extend({cfg:c.extend(),init:function(a){this.cfg=this.cfg.extend(a),this.reset()},reset:function(){_.reset.call(this),this._doReset()},update:function(a){return this._append(a),this._process(),this},finalize:function(a){a&&this._append(a);var g=this._doFinalize();return g},blockSize:512/32,_createHelper:function(a){return function(g,w){return new a.init(w).finalize(g)}},_createHmacHelper:function(a){return function(g,w){return new y.HMAC.init(a,w).finalize(g)}}}),y=n.algo={};return n}(Math);return l})});var Le=re((de,We)=>{(function(l,e){typeof de=="object"?We.exports=de=e(ie()):typeof define=="function"&&define.amd?define(["./core"],e):e(l.CryptoJS)})(de,function(l){return function(e){var t=l,r=t.lib,i=r.WordArray,s=r.Hasher,n=t.algo,o=[],c=[];(function(){function h(k){for(var y=e.sqrt(k),a=2;a<=y;a++)if(!(k%a))return!1;return!0}function p(k){return(k-(k|0))*4294967296|0}for(var f=2,_=0;_<64;)h(f)&&(_<8&&(o[_]=p(e.pow(f,1/2))),c[_]=p(e.pow(f,1/3)),_++),f++})();var u=[],m=n.SHA256=s.extend({_doReset:function(){this._hash=new i.init(o.slice(0))},_doProcessBlock:function(h,p){for(var f=this._hash.words,_=f[0],k=f[1],y=f[2],a=f[3],g=f[4],w=f[5],b=f[6],v=f[7],S=0;S<64;S++){if(S<16)u[S]=h[p+S]|0;else{var R=u[S-15],x=(R<<25|R>>>7)^(R<<14|R>>>18)^R>>>3,C=u[S-2],F=(C<<15|C>>>17)^(C<<13|C>>>19)^C>>>10;u[S]=x+u[S-7]+F+u[S-16]}var B=g&w^~g&b,xe=_&k^_&y^k&y,Pe=(_<<30|_>>>2)^(_<<19|_>>>13)^(_<<10|_>>>22),Ye=(g<<26|g>>>6)^(g<<21|g>>>11)^(g<<7|g>>>25),Ae=v+Ye+B+c[S]+u[S],Xe=Pe+xe;v=b,b=w,w=g,g=a+Ae|0,a=y,y=k,k=_,_=Ae+Xe|0}f[0]=f[0]+_|0,f[1]=f[1]+k|0,f[2]=f[2]+y|0,f[3]=f[3]+a|0,f[4]=f[4]+g|0,f[5]=f[5]+w|0,f[6]=f[6]+b|0,f[7]=f[7]+v|0},_doFinalize:function(){var h=this._data,p=h.words,f=this._nDataBytes*8,_=h.sigBytes*8;return p[_>>>5]|=128<<24-_%32,p[(_+64>>>9<<4)+14]=e.floor(f/4294967296),p[(_+64>>>9<<4)+15]=f,h.sigBytes=p.length*4,this._process(),this._hash},clone:function(){var h=s.clone.call(this);return h._hash=this._hash.clone(),h}});t.SHA256=s._createHelper(m),t.HmacSHA256=s._createHmacHelper(m)}(Math),l.SHA256})});var He=re((ge,je)=>{(function(l,e){typeof ge=="object"?je.exports=ge=e(ie()):typeof define=="function"&&define.amd?define(["./core"],e):e(l.CryptoJS)})(ge,function(l){return function(){var e=l,t=e.lib,r=t.WordArray,i=e.enc,s=i.Base64={stringify:function(o){var c=o.words,u=o.sigBytes,m=this._map;o.clamp();for(var h=[],p=0;p<u;p+=3)for(var f=c[p>>>2]>>>24-p%4*8&255,_=c[p+1>>>2]>>>24-(p+1)%4*8&255,k=c[p+2>>>2]>>>24-(p+2)%4*8&255,y=f<<16|_<<8|k,a=0;a<4&&p+a*.75<u;a++)h.push(m.charAt(y>>>6*(3-a)&63));var g=m.charAt(64);if(g)for(;h.length%4;)h.push(g);return h.join("")},parse:function(o){var c=o.length,u=this._map,m=this._reverseMap;if(!m){m=this._reverseMap=[];for(var h=0;h<u.length;h++)m[u.charCodeAt(h)]=h}var p=u.charAt(64);if(p){var f=o.indexOf(p);f!==-1&&(c=f)}return n(o,c,m)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="};function n(o,c,u){for(var m=[],h=0,p=0;p<c;p++)if(p%4){var f=u[o.charCodeAt(p-1)]<<p%4*2,_=u[o.charCodeAt(p)]>>>6-p%4*2,k=f|_;m[h>>>2]|=k<<24-h%4*8,h++}return r.create(m,h)}}(),l.enc.Base64})});var Be=re((ue,Fe)=>{(function(l,e){typeof ue=="object"?Fe.exports=ue=e(ie()):typeof define=="function"&&define.amd?define(["./core"],e):e(l.CryptoJS)})(ue,function(l){return l.enc.Utf8})});var vt={};st(vt,{AccessTokenEvents:()=>Q,CheckSessionIFrame:()=>V,ErrorResponse:()=>U,ErrorTimeout:()=>M,InMemoryWebStorage:()=>W,Log:()=>J,Logger:()=>d,MetadataService:()=>G,OidcClient:()=>ne,OidcClientSettingsStore:()=>H,SessionMonitor:()=>Z,SigninResponse:()=>$,SigninState:()=>q,SignoutResponse:()=>X,State:()=>E,User:()=>N,UserManager:()=>Te,UserManagerSettingsStore:()=>te,Version:()=>Ge,WebStorageStateStore:()=>j});var Je=ce(ie()),De=ce(Le()),Re=ce(He()),Ke=ce(Be());var ot={debug:()=>{},info:()=>{},warn:()=>{},error:()=>{}},A,O,J=(s=>(s[s.NONE=0]="NONE",s[s.ERROR=1]="ERROR",s[s.WARN=2]="WARN",s[s.INFO=3]="INFO",s[s.DEBUG=4]="DEBUG",s))(J||{});(r=>{function l(){A=3,O=ot}r.reset=l;function e(i){if(!(0<=i&&i<=4))throw new Error("Invalid log level");A=i}r.setLevel=e;function t(i){O=i}r.setLogger=t})(J||(J={}));var d=class{constructor(e){this._name=e}debug(...e){A>=4&&O.debug(d._format(this._name,this._method),...e)}info(...e){A>=3&&O.info(d._format(this._name,this._method),...e)}warn(...e){A>=2&&O.warn(d._format(this._name,this._method),...e)}error(...e){A>=1&&O.error(d._format(this._name,this._method),...e)}throw(e){throw this.error(e),e}create(e){let t=Object.create(this);return t._method=e,t.debug("begin"),t}static createStatic(e,t){let r=new d(`${e}.${t}`);return r.debug("begin"),r}static _format(e,t){let r=`[${e}]`;return t?`${r} ${t}:`:r}static debug(e,...t){A>=4&&O.debug(d._format(e),...t)}static info(e,...t){A>=3&&O.info(d._format(e),...t)}static warn(e,...t){A>=2&&O.warn(d._format(e),...t)}static error(e,...t){A>=1&&O.error(d._format(e),...t)}};J.reset();var at="10000000-1000-4000-8000-100000000000",I=class{static _randomWord(){return Je.default.lib.WordArray.random(1).words[0]}static generateUUIDv4(){return at.replace(/[018]/g,t=>(+t^I._randomWord()&15>>+t/4).toString(16)).replace(/-/g,"")}static generateCodeVerifier(){return I.generateUUIDv4()+I.generateUUIDv4()+I.generateUUIDv4()}static generateCodeChallenge(e){try{let t=(0,De.default)(e);return Re.default.stringify(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}catch(t){throw d.error("CryptoUtils.generateCodeChallenge",t),t}}static generateBasicAuth(e,t){let r=Ke.default.parse([e,t].join(":"));return Re.default.stringify(r)}};var T=class{constructor(e){this._name=e;this._logger=new d(`Event('${this._name}')`);this._callbacks=[]}addHandler(e){return this._callbacks.push(e),()=>this.removeHandler(e)}removeHandler(e){let t=this._callbacks.lastIndexOf(e);t>=0&&this._callbacks.splice(t,1)}raise(...e){this._logger.debug("raise:",...e);for(let t of this._callbacks)t(...e)}};function Ie(l){this.message=l}Ie.prototype=new Error,Ie.prototype.name="InvalidCharacterError";var $e=typeof window<"u"&&window.atob&&window.atob.bind(window)||function(l){var e=String(l).replace(/=+$/,"");if(e.length%4==1)throw new Ie("'atob' failed: The string to be decoded is not correctly encoded.");for(var t,r,i=0,s=0,n="";r=e.charAt(s++);~r&&(t=i%4?64*t+r:r,i++%4)?n+=String.fromCharCode(255&t>>(-2*i&6)):0)r="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(r);return n};function ct(l){var e=l.replace(/-/g,"+").replace(/_/g,"/");switch(e.length%4){case 0:break;case 2:e+="==";break;case 3:e+="=";break;default:throw"Illegal base64url string!"}try{return function(t){return decodeURIComponent($e(t).replace(/(.)/g,function(r,i){var s=i.charCodeAt(0).toString(16).toUpperCase();return s.length<2&&(s="0"+s),"%"+s}))}(e)}catch{return $e(e)}}function pe(l){this.message=l}function lt(l,e){if(typeof l!="string")throw new pe("Invalid token specified");var t=(e=e||{}).header===!0?0:1;try{return JSON.parse(ct(l.split(".")[t]))}catch(r){throw new pe("Invalid token specified: "+r.message)}}pe.prototype=new Error,pe.prototype.name="InvalidTokenError";var ze=lt;var D=class{static decode(e){try{return ze(e)}catch(t){throw d.error("JwtUtils.decode",t),t}}};var se=class{static center({...e}){var t,r,i;return e.width==null&&(e.width=(t=[800,720,600,480].find(s=>s<=window.outerWidth/1.618))!=null?t:360),(r=e.left)!=null||(e.left=Math.max(0,Math.round(window.screenX+(window.outerWidth-e.width)/2))),e.height!=null&&((i=e.top)!=null||(e.top=Math.max(0,Math.round(window.screenY+(window.outerHeight-e.height)/2)))),e}static serialize(e){return Object.entries(e).filter(([,t])=>t!=null).map(([t,r])=>`${t}=${typeof r!="boolean"?r:r?"yes":"no"}`).join(",")}};var P=class extends T{constructor(){super(...arguments);this._logger=new d(`Timer('${this._name}')`);this._timerHandle=null;this._expiration=0;this._callback=()=>{let t=this._expiration-P.getEpochTime();this._logger.debug("timer completes in",t),this._expiration<=P.getEpochTime()&&(this.cancel(),super.raise())}}static getEpochTime(){return Math.floor(Date.now()/1e3)}init(t){let r=this._logger.create("init");t=Math.max(Math.floor(t),1);let i=P.getEpochTime()+t;if(this.expiration===i&&this._timerHandle){r.debug("skipping since already initialized for expiration at",this.expiration);return}this.cancel(),r.debug("using duration",t),this._expiration=i;let s=Math.min(t,5);this._timerHandle=setInterval(this._callback,s*1e3)}get expiration(){return this._expiration}cancel(){this._logger.create("cancel"),this._timerHandle&&(clearInterval(this._timerHandle),this._timerHandle=null)}};var K=class{static readParams(e,t="query"){if(!e)throw new TypeError("Invalid URL");let i=new URL(e,window.location.origin)[t==="fragment"?"hash":"search"];return new URLSearchParams(i.slice(1))}};var U=class extends Error{constructor(t,r){var i,s,n;super(t.error_description||t.error||"");this.form=r;this.name="ErrorResponse";if(!t.error)throw d.error("ErrorResponse","No error passed"),new Error("No error passed");this.error=t.error,this.error_description=(i=t.error_description)!=null?i:null,this.error_uri=(s=t.error_uri)!=null?s:null,this.state=t.userState,this.session_state=(n=t.session_state)!=null?n:null}};var M=class extends Error{constructor(t){super(t);this.name="ErrorTimeout"}};var Q=class{constructor(e){this._logger=new d("AccessTokenEvents");this._expiringTimer=new P("Access token expiring");this._expiredTimer=new P("Access token expired");this._expiringNotificationTimeInSeconds=e.expiringNotificationTimeInSeconds}load(e){let t=this._logger.create("load");if(e.access_token&&e.expires_in!==void 0){let r=e.expires_in;if(t.debug("access token present, remaining duration:",r),r>0){let s=r-this._expiringNotificationTimeInSeconds;s<=0&&(s=1),t.debug("registering expiring timer, raising in",s,"seconds"),this._expiringTimer.init(s)}else t.debug("canceling existing expiring timer because we're past expiration."),this._expiringTimer.cancel();let i=r+1;t.debug("registering expired timer, raising in",i,"seconds"),this._expiredTimer.init(i)}else this._expiringTimer.cancel(),this._expiredTimer.cancel()}unload(){this._logger.debug("unload: canceling existing access token timers"),this._expiringTimer.cancel(),this._expiredTimer.cancel()}addAccessTokenExpiring(e){return this._expiringTimer.addHandler(e)}removeAccessTokenExpiring(e){this._expiringTimer.removeHandler(e)}addAccessTokenExpired(e){return this._expiredTimer.addHandler(e)}removeAccessTokenExpired(e){this._expiredTimer.removeHandler(e)}};var V=class{constructor(e,t,r,i,s){this._callback=e;this._client_id=t;this._intervalInSeconds=i;this._stopOnError=s;this._logger=new d("CheckSessionIFrame");this._timer=null;this._session_state=null;this._message=e=>{e.origin===this._frame_origin&&e.source===this._frame.contentWindow&&(e.data==="error"?(this._logger.error("error message from check session op iframe"),this._stopOnError&&this.stop()):e.data==="changed"?(this._logger.debug("changed message from check session op iframe"),this.stop(),this._callback()):this._logger.debug(e.data+" message from check session op iframe"))};let n=new URL(r);this._frame_origin=n.origin,this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="fixed",this._frame.style.left="-1000px",this._frame.style.top="0",this._frame.width="0",this._frame.height="0",this._frame.src=n.href}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),window.addEventListener("message",this._message,!1)})}start(e){if(this._session_state===e)return;this._logger.create("start"),this.stop(),this._session_state=e;let t=()=>{!this._frame.contentWindow||!this._session_state||this._frame.contentWindow.postMessage(this._client_id+" "+this._session_state,this._frame_origin)};t(),this._timer=setInterval(t,this._intervalInSeconds*1e3)}stop(){this._logger.create("stop"),this._session_state=null,this._timer&&(clearInterval(this._timer),this._timer=null)}};var W=class{constructor(){this._logger=new d("InMemoryWebStorage");this._data={}}clear(){this._logger.create("clear"),this._data={}}getItem(e){return this._logger.create(`getItem('${e}')`),this._data[e]}setItem(e,t){this._logger.create(`setItem('${e}')`),this._data[e]=t}removeItem(e){this._logger.create(`removeItem('${e}')`),delete this._data[e]}get length(){return Object.getOwnPropertyNames(this._data).length}key(e){return Object.getOwnPropertyNames(this._data)[e]}};var L=class{constructor(e=[],t=null){this._jwtHandler=t;this._logger=new d("JsonService");this._contentTypes=[];this._contentTypes.push(...e,"application/json"),t&&this._contentTypes.push("application/jwt")}async fetchWithTimeout(e,t={}){let{timeoutInSeconds:r,...i}=t;if(!r)return await fetch(e,i);let s=new AbortController,n=setTimeout(()=>s.abort(),r*1e3);try{return await fetch(e,{...t,signal:s.signal})}catch(o){throw o instanceof DOMException&&o.name==="AbortError"?new M("Network timed out"):o}finally{clearTimeout(n)}}async getJson(e,{token:t}={}){let r=this._logger.create("getJson"),i={Accept:this._contentTypes.join(", ")};t&&(r.debug("token passed, setting Authorization header"),i.Authorization="Bearer "+t);let s;try{r.debug("url:",e),s=await this.fetchWithTimeout(e,{method:"GET",headers:i})}catch(c){throw r.error("Network Error"),c}r.debug("HTTP response received, status",s.status);let n=s.headers.get("Content-Type");if(n&&!this._contentTypes.find(c=>n.startsWith(c))&&r.throw(new Error(`Invalid response Content-Type: ${n!=null?n:"undefined"}, from URL: ${e}`)),s.ok&&this._jwtHandler&&(n==null?void 0:n.startsWith("application/jwt")))return await this._jwtHandler(await s.text());let o;try{o=await s.json()}catch(c){throw r.error("Error parsing JSON response",c),s.ok?c:new Error(`${s.statusText} (${s.status})`)}if(!s.ok)throw r.error("Error from server:",o),o.error?new U(o):new Error(`${s.statusText} (${s.status}): ${JSON.stringify(o)}`);return o}async postForm(e,{body:t,basicAuth:r,timeoutInSeconds:i}){let s=this._logger.create("postForm"),n={Accept:this._contentTypes.join(", "),"Content-Type":"application/x-www-form-urlencoded"};r!==void 0&&(n.Authorization="Basic "+r);let o;try{s.debug("url:",e),o=await this.fetchWithTimeout(e,{method:"POST",headers:n,body:t,timeoutInSeconds:i})}catch(h){throw s.error("Network error"),h}s.debug("HTTP response received, status",o.status);let c=o.headers.get("Content-Type");if(c&&!this._contentTypes.find(h=>c.startsWith(h)))throw new Error(`Invalid response Content-Type: ${c!=null?c:"undefined"}, from URL: ${e}`);let u=await o.text(),m={};if(u)try{m=JSON.parse(u)}catch(h){throw s.error("Error parsing JSON response",h),o.ok?h:new Error(`${o.statusText} (${o.status})`)}if(!o.ok)throw s.error("Error from server:",m),m.error?new U(m,t):new Error(`${o.statusText} (${o.status}): ${JSON.stringify(m)}`);return m}};var G=class{constructor(e){this._settings=e;this._logger=new d("MetadataService");this._jsonService=new L(["application/jwk-set+json"]);this._signingKeys=null;this._metadata=null;this._metadataUrl=this._settings.metadataUrl,this._settings.signingKeys&&(this._logger.debug("using signingKeys from settings"),this._signingKeys=this._settings.signingKeys),this._settings.metadata&&(this._logger.debug("using metadata from settings"),this._metadata=this._settings.metadata)}resetSigningKeys(){this._signingKeys=null}async getMetadata(){let e=this._logger.create("getMetadata");if(this._metadata)return e.debug("using cached values"),this._metadata;if(!this._metadataUrl)throw e.throw(new Error("No authority or metadataUrl configured on settings")),null;e.debug("getting metadata from",this._metadataUrl);let t=await this._jsonService.getJson(this._metadataUrl);return e.debug("merging remote JSON with seed metadata"),this._metadata=Object.assign({},this._settings.metadataSeed,t),this._metadata}getIssuer(){return this._getMetadataProperty("issuer")}getAuthorizationEndpoint(){return this._getMetadataProperty("authorization_endpoint")}getUserInfoEndpoint(){return this._getMetadataProperty("userinfo_endpoint")}getTokenEndpoint(e=!0){return this._getMetadataProperty("token_endpoint",e)}getCheckSessionIframe(){return this._getMetadataProperty("check_session_iframe",!0)}getEndSessionEndpoint(){return this._getMetadataProperty("end_session_endpoint",!0)}getRevocationEndpoint(e=!0){return this._getMetadataProperty("revocation_endpoint",e)}getKeysEndpoint(e=!0){return this._getMetadataProperty("jwks_uri",e)}async _getMetadataProperty(e,t=!1){let r=this._logger.create(`_getMetadataProperty('${e}')`),i=await this.getMetadata();if(r.debug("resolved"),i[e]===void 0){if(t===!0){r.warn("Metadata does not contain optional property");return}r.throw(new Error("Metadata does not contain property "+e))}return i[e]}async getSigningKeys(){let e=this._logger.create("getSigningKeys");if(this._signingKeys)return e.debug("returning signingKeys from cache"),this._signingKeys;let t=await this.getKeysEndpoint(!1);e.debug("got jwks_uri",t);let r=await this._jsonService.getJson(t);if(e.debug("got key set",r),!Array.isArray(r.keys))throw e.throw(new Error("Missing keys on keyset")),null;return this._signingKeys=r.keys,this._signingKeys}};var j=class{constructor({prefix:e="oidc.",store:t=localStorage}={}){this._logger=new d("WebStorageStateStore");this._store=t,this._prefix=e}set(e,t){return this._logger.create(`set('${e}')`),e=this._prefix+e,this._store.setItem(e,t),Promise.resolve()}get(e){this._logger.create(`get('${e}')`),e=this._prefix+e;let t=this._store.getItem(e);return Promise.resolve(t)}remove(e){this._logger.create(`remove('${e}')`),e=this._prefix+e;let t=this._store.getItem(e);return this._store.removeItem(e),Promise.resolve(t)}getAllKeys(){this._logger.create("getAllKeys");let e=[];for(let t=0;t<this._store.length;t++){let r=this._store.key(t);r&&r.indexOf(this._prefix)===0&&e.push(r.substr(this._prefix.length))}return Promise.resolve(e)}};var dt="code",gt="openid",ut="client_secret_post",pt="query",ht=60*15,ft=60*5,H=class{constructor({authority:e,metadataUrl:t,metadata:r,signingKeys:i,metadataSeed:s,client_id:n,client_secret:o,response_type:c=dt,scope:u=gt,redirect_uri:m,post_logout_redirect_uri:h,client_authentication:p=ut,prompt:f,display:_,max_age:k,ui_locales:y,acr_values:a,resource:g,response_mode:w=pt,filterProtocolClaims:b=!0,loadUserInfo:v=!1,staleStateAgeInSeconds:S=ht,clockSkewInSeconds:R=ft,userInfoJwtIssuer:x="OP",mergeClaims:C=!1,stateStore:F,extraQueryParams:B={},extraTokenParams:xe={}}){if(this.authority=e,t?this.metadataUrl=t:(this.metadataUrl=e,e&&(this.metadataUrl.endsWith("/")||(this.metadataUrl+="/"),this.metadataUrl+=".well-known/openid-configuration")),this.metadata=r,this.metadataSeed=s,this.signingKeys=i,this.client_id=n,this.client_secret=o,this.response_type=c,this.scope=u,this.redirect_uri=m,this.post_logout_redirect_uri=h,this.client_authentication=p,this.prompt=f,this.display=_,this.max_age=k,this.ui_locales=y,this.acr_values=a,this.resource=g,this.response_mode=w,this.filterProtocolClaims=!!b,this.loadUserInfo=!!v,this.staleStateAgeInSeconds=S,this.clockSkewInSeconds=R,this.userInfoJwtIssuer=x,this.mergeClaims=!!C,F)this.stateStore=F;else{let Pe=typeof window!="undefined"?window.localStorage:new W;this.stateStore=new j({store:Pe})}this.extraQueryParams=B,this.extraTokenParams=xe}};var he=class{constructor(e){this._metadataService=e;this._logger=new d("UserInfoService");this._getClaimsFromJwt=async e=>{let t=this._logger.create("_getClaimsFromJwt");try{let r=D.decode(e);return t.debug("JWT decoding successful"),r}catch(r){throw t.error("Error parsing JWT response"),r}};this._jsonService=new L(void 0,this._getClaimsFromJwt)}async getClaims(e){let t=this._logger.create("getClaims");e||this._logger.throw(new Error("No token passed"));let r=await this._metadataService.getUserInfoEndpoint();t.debug("got userinfo url",r);let i=await this._jsonService.getJson(r,{token:e});return t.debug("got claims",i),i}};var Y=class{constructor(e,t){this._settings=e;this._metadataService=t;this._logger=new d("TokenClient");this._jsonService=new L}async exchangeCode({grant_type:e="authorization_code",redirect_uri:t=this._settings.redirect_uri,client_id:r=this._settings.client_id,client_secret:i=this._settings.client_secret,...s}){let n=this._logger.create("exchangeCode");r||n.throw(new Error("A client_id is required")),t||n.throw(new Error("A redirect_uri is required")),s.code||n.throw(new Error("A code is required")),s.code_verifier||n.throw(new Error("A code_verifier is required"));let o=new URLSearchParams({grant_type:e,redirect_uri:t});for(let[h,p]of Object.entries(s))p!=null&&o.set(h,p);let c;switch(this._settings.client_authentication){case"client_secret_basic":if(!i)throw n.throw(new Error("A client_secret is required")),null;c=I.generateBasicAuth(r,i);break;case"client_secret_post":o.append("client_id",r),i&&o.append("client_secret",i);break}let u=await this._metadataService.getTokenEndpoint(!1);n.debug("got token endpoint");let m=await this._jsonService.postForm(u,{body:o,basicAuth:c});return n.debug("got response"),m}async exchangeRefreshToken({grant_type:e="refresh_token",client_id:t=this._settings.client_id,client_secret:r=this._settings.client_secret,timeoutInSeconds:i,...s}){let n=this._logger.create("exchangeRefreshToken");t||n.throw(new Error("A client_id is required")),s.refresh_token||n.throw(new Error("A refresh_token is required"));let o=new URLSearchParams({grant_type:e});for(let[h,p]of Object.entries(s))p!=null&&o.set(h,p);let c;switch(this._settings.client_authentication){case"client_secret_basic":if(!r)throw n.throw(new Error("A client_secret is required")),null;c=I.generateBasicAuth(t,r);break;case"client_secret_post":o.append("client_id",t),r&&o.append("client_secret",r);break}let u=await this._metadataService.getTokenEndpoint(!1);n.debug("got token endpoint");let m=await this._jsonService.postForm(u,{body:o,basicAuth:c,timeoutInSeconds:i});return n.debug("got response"),m}async revoke(e){var s;let t=this._logger.create("revoke");e.token||t.throw(new Error("A token is required"));let r=await this._metadataService.getRevocationEndpoint(!1);t.debug(`got revocation endpoint, revoking ${(s=e.token_type_hint)!=null?s:"default token type"}`);let i=new URLSearchParams;for(let[n,o]of Object.entries(e))o!=null&&i.set(n,o);i.set("client_id",this._settings.client_id),this._settings.client_secret&&i.set("client_secret",this._settings.client_secret),await this._jsonService.postForm(r,{body:i}),t.debug("got response")}};var mt=["iss","aud","exp","nbf","iat","jti","auth_time","nonce","acr","amr","azp","at_hash"],fe=class{constructor(e,t){this._settings=e;this._metadataService=t;this._logger=new d("ResponseValidator");this._userInfoService=new he(this._metadataService);this._tokenClient=new Y(this._settings,this._metadataService)}async validateSigninResponse(e,t){let r=this._logger.create("validateSigninResponse");this._processSigninState(e,t),r.debug("state processed"),await this._processCode(e,t),r.debug("code processed"),e.isOpenId&&this._validateIdTokenAttributes(e),r.debug("tokens validated"),await this._processClaims(e,t==null?void 0:t.skipUserInfo,e.isOpenId),r.debug("claims processed")}async validateRefreshResponse(e,t){var s,n;let r=this._logger.create("validateRefreshResponse");e.userState=t.data,(s=e.session_state)!=null||(e.session_state=t.session_state),(n=e.scope)!=null||(e.scope=t.scope);let i=e.isOpenId&&!!e.id_token;i&&(this._validateIdTokenAttributes(e,t.id_token),r.debug("ID Token validated")),await this._processClaims(e,!1,i),r.debug("claims processed")}validateSignoutResponse(e,t){let r=this._logger.create("validateSignoutResponse");if(t.id!==e.state&&r.throw(new Error("State does not match")),r.debug("state validated"),e.userState=t.data,e.error)throw r.warn("Response was error",e.error),new U(e)}_processSigninState(e,t){var i;let r=this._logger.create("_processSigninState");if(t.id!==e.state&&r.throw(new Error("State does not match")),t.client_id||r.throw(new Error("No client_id on state")),t.authority||r.throw(new Error("No authority on state")),this._settings.authority!==t.authority&&r.throw(new Error("authority mismatch on settings vs. signin state")),this._settings.client_id&&this._settings.client_id!==t.client_id&&r.throw(new Error("client_id mismatch on settings vs. signin state")),r.debug("state validated"),e.userState=t.data,(i=e.scope)!=null||(e.scope=t.scope),e.error)throw r.warn("Response was error",e.error),new U(e);t.code_verifier&&!e.code&&r.throw(new Error("Expected code in response")),!t.code_verifier&&e.code&&r.throw(new Error("Unexpected code in response"))}async _processClaims(e,t=!1,r=!0){let i=this._logger.create("_processClaims");if(e.profile=this._filterProtocolClaims(e.profile),t||!this._settings.loadUserInfo||!e.access_token){i.debug("not loading user info");return}i.debug("loading user info");let s=await this._userInfoService.getClaims(e.access_token);i.debug("user info claims received from user info endpoint"),r&&s.sub!==e.profile.sub&&i.throw(new Error("subject from UserInfo response does not match subject in ID Token")),e.profile=this._mergeClaims(e.profile,this._filterProtocolClaims(s)),i.debug("user info claims received, updated profile:",e.profile)}_mergeClaims(e,t){let r={...e};for(let[i,s]of Object.entries(t))for(let n of Array.isArray(s)?s:[s]){let o=r[i];o?Array.isArray(o)?o.includes(n)||o.push(n):r[i]!==n&&(typeof n=="object"&&this._settings.mergeClaims?r[i]=this._mergeClaims(o,n):r[i]=[o,n]):r[i]=n}return r}_filterProtocolClaims(e){let t={...e};if(this._settings.filterProtocolClaims)for(let r of mt)delete t[r];return t}async _processCode(e,t){let r=this._logger.create("_processCode");if(e.code){r.debug("Validating code");let i=await this._tokenClient.exchangeCode({client_id:t.client_id,client_secret:t.client_secret,code:e.code,redirect_uri:t.redirect_uri,code_verifier:t.code_verifier,...t.extraTokenParams});Object.assign(e,i)}else r.debug("No code to process")}_validateIdTokenAttributes(e,t){var s;let r=this._logger.create("_validateIdTokenAttributes");r.debug("decoding ID Token JWT");let i=D.decode((s=e.id_token)!=null?s:"");if(i.sub||r.throw(new Error("ID Token is missing a subject claim")),t){let n=D.decode(t);n.sub!==i.sub&&r.throw(new Error("sub in id_token does not match current sub")),n.auth_time&&n.auth_time!==i.auth_time&&r.throw(new Error("auth_time in id_token does not match original auth_time")),n.azp&&n.azp!==i.azp&&r.throw(new Error("azp in id_token does not match original azp")),!n.azp&&i.azp&&r.throw(new Error("azp not in id_token, but present in original id_token"))}e.profile=i}};var E=class{constructor(e){this.id=e.id||I.generateUUIDv4(),this.data=e.data,e.created&&e.created>0?this.created=e.created:this.created=P.getEpochTime(),this.request_type=e.request_type}toStorageString(){return new d("State").create("toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type})}static fromStorageString(e){return d.createStatic("State","fromStorageString"),new E(JSON.parse(e))}static async clearStaleState(e,t){let r=d.createStatic("State","clearStaleState"),i=P.getEpochTime()-t,s=await e.getAllKeys();r.debug("got keys",s);for(let n=0;n<s.length;n++){let o=s[n],c=await e.get(o),u=!1;if(c)try{let m=E.fromStorageString(c);r.debug("got item from key:",o,m.created),m.created<=i&&(u=!0)}catch(m){r.error("Error parsing state for key:",o,m),u=!0}else r.debug("no item in storage for key:",o),u=!0;u&&(r.debug("removed item for key:",o),e.remove(o))}}};var q=class extends E{constructor(t){super(t);t.code_verifier===!0?this.code_verifier=I.generateCodeVerifier():t.code_verifier&&(this.code_verifier=t.code_verifier),this.code_verifier&&(this.code_challenge=I.generateCodeChallenge(this.code_verifier)),this.authority=t.authority,this.client_id=t.client_id,this.redirect_uri=t.redirect_uri,this.scope=t.scope,this.client_secret=t.client_secret,this.extraTokenParams=t.extraTokenParams,this.response_mode=t.response_mode,this.skipUserInfo=t.skipUserInfo}toStorageString(){return new d("SigninState").create("toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type,code_verifier:this.code_verifier,authority:this.authority,client_id:this.client_id,redirect_uri:this.redirect_uri,scope:this.scope,client_secret:this.client_secret,extraTokenParams:this.extraTokenParams,response_mode:this.response_mode,skipUserInfo:this.skipUserInfo})}static fromStorageString(t){d.createStatic("SigninState","fromStorageString");let r=JSON.parse(t);return new q(r)}};var me=class{constructor({url:e,authority:t,client_id:r,redirect_uri:i,response_type:s,scope:n,state_data:o,response_mode:c,request_type:u,client_secret:m,nonce:h,skipUserInfo:p,extraQueryParams:f,extraTokenParams:_,...k}){this._logger=new d("SigninRequest");if(!e)throw this._logger.error("ctor: No url passed"),new Error("url");if(!r)throw this._logger.error("ctor: No client_id passed"),new Error("client_id");if(!i)throw this._logger.error("ctor: No redirect_uri passed"),new Error("redirect_uri");if(!s)throw this._logger.error("ctor: No response_type passed"),new Error("response_type");if(!n)throw this._logger.error("ctor: No scope passed"),new Error("scope");if(!t)throw this._logger.error("ctor: No authority passed"),new Error("authority");this.state=new q({data:o,request_type:u,code_verifier:!0,client_id:r,authority:t,redirect_uri:i,response_mode:c,client_secret:m,scope:n,extraTokenParams:_,skipUserInfo:p});let y=new URL(e);y.searchParams.append("client_id",r),y.searchParams.append("redirect_uri",i),y.searchParams.append("response_type",s),y.searchParams.append("scope",n),h&&y.searchParams.append("nonce",h),y.searchParams.append("state",this.state.id),this.state.code_challenge&&(y.searchParams.append("code_challenge",this.state.code_challenge),y.searchParams.append("code_challenge_method","S256"));for(let[a,g]of Object.entries({response_mode:c,...k,...f}))g!=null&&y.searchParams.append(a,g.toString());this.url=y.href}};var _t="openid",$=class{constructor(e){this.access_token="";this.token_type="";this.profile={};this.state=e.get("state"),this.session_state=e.get("session_state"),this.error=e.get("error"),this.error_description=e.get("error_description"),this.error_uri=e.get("error_uri"),this.code=e.get("code")}get expires_in(){if(this.expires_at!==void 0)return this.expires_at-P.getEpochTime()}set expires_in(e){typeof e=="string"&&(e=Number(e)),e!==void 0&&e>=0&&(this.expires_at=Math.floor(e)+P.getEpochTime())}get isOpenId(){var e;return((e=this.scope)==null?void 0:e.split(" ").includes(_t))||!!this.id_token}};var _e=class{constructor({url:e,state_data:t,id_token_hint:r,post_logout_redirect_uri:i,extraQueryParams:s,request_type:n}){this._logger=new d("SignoutRequest");if(!e)throw this._logger.error("ctor: No url passed"),new Error("url");let o=new URL(e);r&&o.searchParams.append("id_token_hint",r),i&&(o.searchParams.append("post_logout_redirect_uri",i),t&&(this.state=new E({data:t,request_type:n}),o.searchParams.append("state",this.state.id)));for(let[c,u]of Object.entries({...s}))u!=null&&o.searchParams.append(c,u.toString());this.url=o.href}};var X=class{constructor(e){this.state=e.get("state"),this.error=e.get("error"),this.error_description=e.get("error_description"),this.error_uri=e.get("error_uri")}};var ne=class{constructor(e){this._logger=new d("OidcClient");this.settings=new H(e),this.metadataService=new G(this.settings),this._validator=new fe(this.settings,this.metadataService),this._tokenClient=new Y(this.settings,this.metadataService)}async createSigninRequest({state:e,request:t,request_uri:r,request_type:i,id_token_hint:s,login_hint:n,skipUserInfo:o,nonce:c,response_type:u=this.settings.response_type,scope:m=this.settings.scope,redirect_uri:h=this.settings.redirect_uri,prompt:p=this.settings.prompt,display:f=this.settings.display,max_age:_=this.settings.max_age,ui_locales:k=this.settings.ui_locales,acr_values:y=this.settings.acr_values,resource:a=this.settings.resource,response_mode:g=this.settings.response_mode,extraQueryParams:w=this.settings.extraQueryParams,extraTokenParams:b=this.settings.extraTokenParams}){let v=this._logger.create("createSigninRequest");if(u!=="code")throw new Error("Only the Authorization Code flow (with PKCE) is supported");let S=await this.metadataService.getAuthorizationEndpoint();v.debug("Received authorization endpoint",S);let R=new me({url:S,authority:this.settings.authority,client_id:this.settings.client_id,redirect_uri:h,response_type:u,scope:m,state_data:e,prompt:p,display:f,max_age:_,ui_locales:k,id_token_hint:s,login_hint:n,acr_values:y,resource:a,request:t,request_uri:r,extraQueryParams:w,extraTokenParams:b,request_type:i,response_mode:g,client_secret:this.settings.client_secret,skipUserInfo:o,nonce:c});await this.clearStaleState();let x=R.state;return await this.settings.stateStore.set(x.id,x.toStorageString()),R}async readSigninResponseState(e,t=!1){let r=this._logger.create("readSigninResponseState"),i=new $(K.readParams(e,this.settings.response_mode));if(!i.state)throw r.throw(new Error("No state in response")),null;let s=await this.settings.stateStore[t?"remove":"get"](i.state);if(!s)throw r.throw(new Error("No matching state found in storage")),null;return{state:q.fromStorageString(s),response:i}}async processSigninResponse(e){let t=this._logger.create("processSigninResponse"),{state:r,response:i}=await this.readSigninResponseState(e,!0);return t.debug("received state from storage; validating response"),await this._validator.validateSigninResponse(i,r),i}async useRefreshToken({state:e,timeoutInSeconds:t}){let r=this._logger.create("useRefreshToken"),i=await this._tokenClient.exchangeRefreshToken({refresh_token:e.refresh_token,scope:e.scope,timeoutInSeconds:t}),s=new $(new URLSearchParams);return Object.assign(s,i),r.debug("validating response",s),await this._validator.validateRefreshResponse(s,e),s}async createSignoutRequest({state:e,id_token_hint:t,request_type:r,post_logout_redirect_uri:i=this.settings.post_logout_redirect_uri,extraQueryParams:s=this.settings.extraQueryParams}={}){let n=this._logger.create("createSignoutRequest"),o=await this.metadataService.getEndSessionEndpoint();if(!o)throw n.throw(new Error("No end session endpoint")),null;n.debug("Received end session endpoint",o);let c=new _e({url:o,id_token_hint:t,post_logout_redirect_uri:i,state_data:e,extraQueryParams:s,request_type:r});await this.clearStaleState();let u=c.state;return u&&(n.debug("Signout request has state to persist"),await this.settings.stateStore.set(u.id,u.toStorageString())),c}async readSignoutResponseState(e,t=!1){let r=this._logger.create("readSignoutResponseState"),i=new X(K.readParams(e,this.settings.response_mode));if(!i.state){if(r.debug("No state in response"),i.error)throw r.warn("Response was error:",i.error),new U(i);return{state:void 0,response:i}}let s=await this.settings.stateStore[t?"remove":"get"](i.state);if(!s)throw r.throw(new Error("No matching state found in storage")),null;return{state:E.fromStorageString(s),response:i}}async processSignoutResponse(e){let t=this._logger.create("processSignoutResponse"),{state:r,response:i}=await this.readSignoutResponseState(e,!0);return r?(t.debug("Received state from storage; validating response"),this._validator.validateSignoutResponse(i,r)):t.debug("No state from storage; skipping response validation"),i}clearStaleState(){return this._logger.create("clearStaleState"),E.clearStaleState(this.settings.stateStore,this.settings.staleStateAgeInSeconds)}async revokeToken(e,t){return this._logger.create("revokeToken"),await this._tokenClient.revoke({token:e,token_type_hint:t})}};var Z=class{constructor(e){this._userManager=e;this._logger=new d("SessionMonitor");this._start=async e=>{let t=e.session_state;if(!t)return;let r=this._logger.create("_start");if(e.profile?(this._sub=e.profile.sub,this._sid=e.profile.sid,r.debug("session_state",t,", sub",this._sub)):(this._sub=void 0,this._sid=void 0,r.debug("session_state",t,", anonymous user")),this._checkSessionIFrame){this._checkSessionIFrame.start(t);return}try{let i=await this._userManager.metadataService.getCheckSessionIframe();if(i){r.debug("initializing check session iframe");let s=this._userManager.settings.client_id,n=this._userManager.settings.checkSessionIntervalInSeconds,o=this._userManager.settings.stopCheckSessionOnError,c=new V(this._callback,s,i,n,o);await c.load(),this._checkSessionIFrame=c,c.start(t)}else r.warn("no check session iframe found in the metadata")}catch(i){r.error("Error from getCheckSessionIframe:",i instanceof Error?i.message:i)}};this._stop=()=>{let e=this._logger.create("_stop");if(this._sub=void 0,this._sid=void 0,this._checkSessionIFrame&&this._checkSessionIFrame.stop(),this._userManager.settings.monitorAnonymousSession){let t=setInterval(async()=>{clearInterval(t);try{let r=await this._userManager.querySessionStatus();if(r){let i={session_state:r.session_state,profile:r.sub&&r.sid?{sub:r.sub,sid:r.sid}:null};this._start(i)}}catch(r){e.error("error from querySessionStatus",r instanceof Error?r.message:r)}},1e3)}};this._callback=async()=>{let e=this._logger.create("_callback");try{let t=await this._userManager.querySessionStatus(),r=!0;t&&this._checkSessionIFrame?t.sub===this._sub?(r=!1,this._checkSessionIFrame.start(t.session_state),t.sid===this._sid?e.debug("same sub still logged in at OP, restarting check session iframe; session_state",t.session_state):(e.debug("same sub still logged in at OP, session state has changed, restarting check session iframe; session_state",t.session_state),this._userManager.events._raiseUserSessionChanged())):e.debug("different subject signed into OP",t.sub):e.debug("subject no longer signed into OP"),r?this._sub?this._userManager.events._raiseUserSignedOut():this._userManager.events._raiseUserSignedIn():e.debug("no change in session detected, no event to raise")}catch(t){this._sub&&(e.debug("Error calling queryCurrentSigninSession; raising signed out event",t),this._userManager.events._raiseUserSignedOut())}};e||this._logger.throw(new Error("No user manager passed")),this._userManager.events.addUserLoaded(this._start),this._userManager.events.addUserUnloaded(this._stop),this._init().catch(t=>{this._logger.error(t)})}async _init(){this._logger.create("_init");let e=await this._userManager.getUser();if(e)this._start(e);else if(this._userManager.settings.monitorAnonymousSession){let t=await this._userManager.querySessionStatus();if(t){let r={session_state:t.session_state,profile:t.sub&&t.sid?{sub:t.sub,sid:t.sid}:null};this._start(r)}}}};var N=class{constructor(e){var t;this.id_token=e.id_token,this.session_state=(t=e.session_state)!=null?t:null,this.access_token=e.access_token,this.refresh_token=e.refresh_token,this.token_type=e.token_type,this.scope=e.scope,this.profile=e.profile,this.expires_at=e.expires_at,this.state=e.userState}get expires_in(){if(this.expires_at!==void 0)return this.expires_at-P.getEpochTime()}set expires_in(e){e!==void 0&&(this.expires_at=Math.floor(e)+P.getEpochTime())}get expired(){let e=this.expires_in;if(e!==void 0)return e<=0}get scopes(){var e,t;return(t=(e=this.scope)==null?void 0:e.split(" "))!=null?t:[]}toStorageString(){return new d("User").create("toStorageString"),JSON.stringify({id_token:this.id_token,session_state:this.session_state,access_token:this.access_token,refresh_token:this.refresh_token,token_type:this.token_type,scope:this.scope,profile:this.profile,expires_at:this.expires_at})}static fromStorageString(e){return d.createStatic("User","fromStorageString"),new N(JSON.parse(e))}};var Qe="oidc-client",ee=class{constructor(){this._abort=new T("Window navigation aborted");this._disposeHandlers=new Set;this._window=null}async navigate(e){let t=this._logger.create("navigate");if(!this._window)throw new Error("Attempted to navigate on a disposed window");t.debug("setting URL in window"),this._window.location.replace(e.url);let{url:r,keepOpen:i}=await new Promise((s,n)=>{let o=c=>{var h;let u=c.data,m=(h=e.scriptOrigin)!=null?h:window.location.origin;if(!(c.origin!==m||(u==null?void 0:u.source)!==Qe)){try{let p=K.readParams(u.url,e.response_mode).get("state");if(p||t.warn("no state found in response url"),c.source!==this._window&&p!==e.state)return}catch{this._dispose(),n(new Error("Invalid response from window"))}s(u)}};window.addEventListener("message",o,!1),this._disposeHandlers.add(()=>window.removeEventListener("message",o,!1)),this._disposeHandlers.add(this._abort.addHandler(c=>{this._dispose(),n(c)}))});return t.debug("got response from window"),this._dispose(),i||this.close(),{url:r}}_dispose(){this._logger.create("_dispose");for(let e of this._disposeHandlers)e();this._disposeHandlers.clear()}static _notifyParent(e,t,r=!1,i=window.location.origin){e.postMessage({source:Qe,url:t,keepOpen:r},i)}};var Ue={location:!1,toolbar:!1,height:640},Ce="_blank",wt=60,bt=2,Ee=10,te=class extends H{constructor(t){let{popup_redirect_uri:r=t.redirect_uri,popup_post_logout_redirect_uri:i=t.post_logout_redirect_uri,popupWindowFeatures:s=Ue,popupWindowTarget:n=Ce,redirectMethod:o="assign",redirectTarget:c="self",iframeNotifyParentOrigin:u=t.iframeNotifyParentOrigin,iframeScriptOrigin:m=t.iframeScriptOrigin,silent_redirect_uri:h=t.redirect_uri,silentRequestTimeoutInSeconds:p=Ee,automaticSilentRenew:f=!0,validateSubOnSilentRenew:_=!0,includeIdTokenInSilentRenew:k=!1,monitorSession:y=!1,monitorAnonymousSession:a=!1,checkSessionIntervalInSeconds:g=bt,query_status_response_type:w="code",stopCheckSessionOnError:b=!0,revokeTokenTypes:v=["access_token","refresh_token"],revokeTokensOnSignout:S=!1,accessTokenExpiringNotificationTimeInSeconds:R=wt,userStore:x}=t;super(t);if(this.popup_redirect_uri=r,this.popup_post_logout_redirect_uri=i,this.popupWindowFeatures=s,this.popupWindowTarget=n,this.redirectMethod=o,this.redirectTarget=c,this.iframeNotifyParentOrigin=u,this.iframeScriptOrigin=m,this.silent_redirect_uri=h,this.silentRequestTimeoutInSeconds=p,this.automaticSilentRenew=f,this.validateSubOnSilentRenew=_,this.includeIdTokenInSilentRenew=k,this.monitorSession=y,this.monitorAnonymousSession=a,this.checkSessionIntervalInSeconds=g,this.stopCheckSessionOnError=b,this.query_status_response_type=w,this.revokeTokenTypes=v,this.revokeTokensOnSignout=S,this.accessTokenExpiringNotificationTimeInSeconds=R,x)this.userStore=x;else{let C=typeof window!="undefined"?window.sessionStorage:new W;this.userStore=new j({store:C})}}};var z=class extends ee{constructor({silentRequestTimeoutInSeconds:t=Ee}){super();this._logger=new d("IFrameWindow");this._timeoutInSeconds=t,this._frame=z.createHiddenIframe(),this._window=this._frame.contentWindow}static createHiddenIframe(){let t=window.document.createElement("iframe");return t.style.visibility="hidden",t.style.position="fixed",t.style.left="-1000px",t.style.top="0",t.width="0",t.height="0",t.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms"),window.document.body.appendChild(t),t}async navigate(t){this._logger.debug("navigate: Using timeout of:",this._timeoutInSeconds);let r=setTimeout(()=>this._abort.raise(new M("IFrame timed out without a response")),this._timeoutInSeconds*1e3);return this._disposeHandlers.add(()=>clearTimeout(r)),await super.navigate(t)}close(){var t;this._frame&&(this._frame.parentNode&&(this._frame.addEventListener("load",r=>{var s;let i=r.target;(s=i.parentNode)==null||s.removeChild(i),this._abort.raise(new Error("IFrame removed from DOM"))},!0),(t=this._frame.contentWindow)==null||t.location.replace("about:blank")),this._frame=null),this._window=null}static notifyParent(t,r){return super._notifyParent(window.parent,t,!1,r)}};var we=class{constructor(e){this._settings=e;this._logger=new d("IFrameNavigator")}async prepare({silentRequestTimeoutInSeconds:e=this._settings.silentRequestTimeoutInSeconds}){return new z({silentRequestTimeoutInSeconds:e})}async callback(e){this._logger.create("callback"),z.notifyParent(e,this._settings.iframeNotifyParentOrigin)}};var St=500,oe=class extends ee{constructor({popupWindowTarget:t=Ce,popupWindowFeatures:r={}}){super();this._logger=new d("PopupWindow");let i=se.center({...Ue,...r});this._window=window.open(void 0,t,se.serialize(i))}async navigate(t){var i;(i=this._window)==null||i.focus();let r=setInterval(()=>{(!this._window||this._window.closed)&&this._abort.raise(new Error("Popup closed by user"))},St);return this._disposeHandlers.add(()=>clearInterval(r)),await super.navigate(t)}close(){this._window&&(this._window.closed||(this._window.close(),this._abort.raise(new Error("Popup closed")))),this._window=null}static notifyOpener(t,r){if(!window.opener)throw new Error("No window.opener. Can't complete notification.");return super._notifyParent(window.opener,t,r)}};var be=class{constructor(e){this._settings=e;this._logger=new d("PopupNavigator")}async prepare({popupWindowFeatures:e=this._settings.popupWindowFeatures,popupWindowTarget:t=this._settings.popupWindowTarget}){return new oe({popupWindowFeatures:e,popupWindowTarget:t})}async callback(e,t=!1){this._logger.create("callback"),oe.notifyOpener(e,t)}};var Se=class{constructor(e){this._settings=e;this._logger=new d("RedirectNavigator")}async prepare({redirectMethod:e=this._settings.redirectMethod,redirectTarget:t=this._settings.redirectTarget}){var n;this._logger.create("prepare");let r=window.self;t==="top"&&(r=(n=window.top)!=null?n:window.self);let i=r.location[e].bind(r.location),s;return{navigate:async o=>{this._logger.create("navigate");let c=new Promise((u,m)=>{s=m});return i(o.url),await c},close:()=>{this._logger.create("close"),s==null||s(new Error("Redirect aborted")),r.stop()}}}};var ye=class extends Q{constructor(t){super({expiringNotificationTimeInSeconds:t.accessTokenExpiringNotificationTimeInSeconds});this._logger=new d("UserManagerEvents");this._userLoaded=new T("User loaded");this._userUnloaded=new T("User unloaded");this._silentRenewError=new T("Silent renew error");this._userSignedIn=new T("User signed in");this._userSignedOut=new T("User signed out");this._userSessionChanged=new T("User session changed")}load(t,r=!0){super.load(t),r&&this._userLoaded.raise(t)}unload(){super.unload(),this._userUnloaded.raise()}addUserLoaded(t){return this._userLoaded.addHandler(t)}removeUserLoaded(t){return this._userLoaded.removeHandler(t)}addUserUnloaded(t){return this._userUnloaded.addHandler(t)}removeUserUnloaded(t){return this._userUnloaded.removeHandler(t)}addSilentRenewError(t){return this._silentRenewError.addHandler(t)}removeSilentRenewError(t){return this._silentRenewError.removeHandler(t)}_raiseSilentRenewError(t){this._silentRenewError.raise(t)}addUserSignedIn(t){return this._userSignedIn.addHandler(t)}removeUserSignedIn(t){this._userSignedIn.removeHandler(t)}_raiseUserSignedIn(){this._userSignedIn.raise()}addUserSignedOut(t){return this._userSignedOut.addHandler(t)}removeUserSignedOut(t){this._userSignedOut.removeHandler(t)}_raiseUserSignedOut(){this._userSignedOut.raise()}addUserSessionChanged(t){return this._userSessionChanged.addHandler(t)}removeUserSessionChanged(t){this._userSessionChanged.removeHandler(t)}_raiseUserSessionChanged(){this._userSessionChanged.raise()}};var ve=class{constructor(e){this._userManager=e;this._logger=new d("SilentRenewService");this._isStarted=!1;this._retryTimer=new P("Retry Silent Renew");this._tokenExpiring=async()=>{let e=this._logger.create("_tokenExpiring");try{await this._userManager.signinSilent(),e.debug("silent token renewal successful")}catch(t){if(t instanceof M){e.warn("ErrorTimeout from signinSilent:",t,"retry in 5s"),this._retryTimer.init(5);return}e.error("Error from signinSilent:",t),this._userManager.events._raiseSilentRenewError(t)}}}async start(){let e=this._logger.create("start");if(!this._isStarted){this._isStarted=!0,this._userManager.events.addAccessTokenExpiring(this._tokenExpiring),this._retryTimer.addHandler(this._tokenExpiring);try{await this._userManager.getUser()}catch(t){e.error("getUser error",t)}}}stop(){this._isStarted&&(this._retryTimer.cancel(),this._retryTimer.removeHandler(this._tokenExpiring),this._userManager.events.removeAccessTokenExpiring(this._tokenExpiring),this._isStarted=!1)}};var ke=class{constructor(e){this.refresh_token=e.refresh_token,this.id_token=e.id_token,this.session_state=e.session_state,this.scope=e.scope,this.data=e.state}};var Te=class{constructor(e){this._logger=new d("UserManager");this.settings=new te(e),this._client=new ne(e),this._redirectNavigator=new Se(this.settings),this._popupNavigator=new be(this.settings),this._iframeNavigator=new we(this.settings),this._events=new ye(this.settings),this._silentRenewService=new ve(this),this.settings.automaticSilentRenew&&this.startSilentRenew(),this._sessionMonitor=null,this.settings.monitorSession&&(this._sessionMonitor=new Z(this))}get events(){return this._events}get metadataService(){return this._client.metadataService}async getUser(){let e=this._logger.create("getUser"),t=await this._loadUser();return t?(e.info("user loaded"),this._events.load(t,!1),t):(e.info("user not found in storage"),null)}async removeUser(){let e=this._logger.create("removeUser");await this.storeUser(null),e.info("user removed from storage"),this._events.unload()}async signinRedirect(e={}){this._logger.create("signinRedirect");let{redirectMethod:t,...r}=e,i=await this._redirectNavigator.prepare({redirectMethod:t});await this._signinStart({request_type:"si:r",...r},i)}async signinRedirectCallback(e=window.location.href){let t=this._logger.create("signinRedirectCallback"),r=await this._signinEnd(e);return r.profile&&r.profile.sub?t.info("success, signed in subject",r.profile.sub):t.info("no subject"),r}async signinPopup(e={}){let t=this._logger.create("signinPopup"),{popupWindowFeatures:r,popupWindowTarget:i,...s}=e,n=this.settings.popup_redirect_uri;n||t.throw(new Error("No popup_redirect_uri configured"));let o=await this._popupNavigator.prepare({popupWindowFeatures:r,popupWindowTarget:i}),c=await this._signin({request_type:"si:p",redirect_uri:n,display:"popup",...s},o);return c&&(c.profile&&c.profile.sub?t.info("success, signed in subject",c.profile.sub):t.info("no subject")),c}async signinPopupCallback(e=window.location.href,t=!1){let r=this._logger.create("signinPopupCallback");await this._popupNavigator.callback(e,t),r.info("success")}async signinSilent(e={}){var u;let t=this._logger.create("signinSilent"),{silentRequestTimeoutInSeconds:r,...i}=e,s=await this._loadUser();if(s!=null&&s.refresh_token){t.debug("using refresh token");let m=new ke(s);return await this._useRefreshToken(m)}let n=this.settings.silent_redirect_uri;n||t.throw(new Error("No silent_redirect_uri configured"));let o;s&&this.settings.validateSubOnSilentRenew&&(t.debug("subject prior to silent renew:",s.profile.sub),o=s.profile.sub);let c=await this._iframeNavigator.prepare({silentRequestTimeoutInSeconds:r});return s=await this._signin({request_type:"si:s",redirect_uri:n,prompt:"none",id_token_hint:this.settings.includeIdTokenInSilentRenew?s==null?void 0:s.id_token:void 0,...i},c,o),s&&((u=s.profile)!=null&&u.sub?t.info("success, signed in subject",s.profile.sub):t.info("no subject")),s}async _useRefreshToken(e){let t=await this._client.useRefreshToken({state:e,timeoutInSeconds:this.settings.silentRequestTimeoutInSeconds}),r=new N({...e,...t});return await this.storeUser(r),this._events.load(r),r}async signinSilentCallback(e=window.location.href){let t=this._logger.create("signinSilentCallback");await this._iframeNavigator.callback(e),t.info("success")}async signinCallback(e=window.location.href){let{state:t}=await this._client.readSigninResponseState(e);switch(t.request_type){case"si:r":return await this.signinRedirectCallback(e);case"si:p":return await this.signinPopupCallback(e);case"si:s":return await this.signinSilentCallback(e);default:throw new Error("invalid response_type in state")}}async signoutCallback(e=window.location.href,t=!1){let{state:r}=await this._client.readSignoutResponseState(e);if(!!r)switch(r.request_type){case"so:r":await this.signoutRedirectCallback(e);break;case"so:p":await this.signoutPopupCallback(e,t);break;default:throw new Error("invalid response_type in state")}}async querySessionStatus(e={}){let t=this._logger.create("querySessionStatus"),{silentRequestTimeoutInSeconds:r,...i}=e,s=this.settings.silent_redirect_uri;s||t.throw(new Error("No silent_redirect_uri configured"));let n=await this._iframeNavigator.prepare({silentRequestTimeoutInSeconds:r}),o=await this._signinStart({request_type:"si:s",redirect_uri:s,prompt:"none",response_type:this.settings.query_status_response_type,scope:"openid",skipUserInfo:!0,...i},n);try{let c=await this._client.processSigninResponse(o.url);return t.debug("got signin response"),c.session_state&&c.profile.sub?(t.info("success for subject",c.profile.sub),{session_state:c.session_state,sub:c.profile.sub,sid:c.profile.sid}):(t.info("success, user not authenticated"),null)}catch(c){if(this.settings.monitorAnonymousSession&&c instanceof U)switch(c.error){case"login_required":case"consent_required":case"interaction_required":case"account_selection_required":return t.info("success for anonymous user"),{session_state:c.session_state}}throw c}}async _signin(e,t,r){let i=await this._signinStart(e,t);return await this._signinEnd(i.url,r)}async _signinStart(e,t){let r=this._logger.create("_signinStart");try{let i=await this._client.createSigninRequest(e);return r.debug("got signin request"),await t.navigate({url:i.url,state:i.state.id,response_mode:i.state.response_mode,scriptOrigin:this.settings.iframeScriptOrigin})}catch(i){throw r.debug("error after preparing navigator, closing navigator window"),t.close(),i}}async _signinEnd(e,t){let r=this._logger.create("_signinEnd"),i=await this._client.processSigninResponse(e);r.debug("got signin response");let s=new N(i);if(t){if(t!==s.profile.sub)throw r.debug("current user does not match user returned from signin. sub from signin:",s.profile.sub),new U({...i,error:"login_required"});r.debug("current user matches user returned from signin")}return await this.storeUser(s),r.debug("user stored"),this._events.load(s),s}async signoutRedirect(e={}){let t=this._logger.create("signoutRedirect"),{redirectMethod:r,...i}=e,s=await this._redirectNavigator.prepare({redirectMethod:r});await this._signoutStart({request_type:"so:r",post_logout_redirect_uri:this.settings.post_logout_redirect_uri,...i},s),t.info("success")}async signoutRedirectCallback(e=window.location.href){let t=this._logger.create("signoutRedirectCallback"),r=await this._signoutEnd(e);return t.info("success"),r}async signoutPopup(e={}){let t=this._logger.create("signoutPopup"),{popupWindowFeatures:r,popupWindowTarget:i,...s}=e,n=this.settings.popup_post_logout_redirect_uri,o=await this._popupNavigator.prepare({popupWindowFeatures:r,popupWindowTarget:i});await this._signout({request_type:"so:p",post_logout_redirect_uri:n,state:n==null?void 0:{},...s},o),t.info("success")}async signoutPopupCallback(e=window.location.href,t=!1){let r=this._logger.create("signoutPopupCallback");await this._popupNavigator.callback(e,t),r.info("success")}async _signout(e,t){let r=await this._signoutStart(e,t);return await this._signoutEnd(r.url)}async _signoutStart(e={},t){var i;let r=this._logger.create("_signoutStart");try{let s=await this._loadUser();r.debug("loaded current user from storage"),this.settings.revokeTokensOnSignout&&await this._revokeInternal(s);let n=e.id_token_hint||s&&s.id_token;n&&(r.debug("setting id_token_hint in signout request"),e.id_token_hint=n),await this.removeUser(),r.debug("user removed, creating signout request");let o=await this._client.createSignoutRequest(e);return r.debug("got signout request"),await t.navigate({url:o.url,state:(i=o.state)==null?void 0:i.id})}catch(s){throw r.debug("error after preparing navigator, closing navigator window"),t.close(),s}}async _signoutEnd(e){let t=this._logger.create("_signoutEnd"),r=await this._client.processSignoutResponse(e);return t.debug("got signout response"),r}async revokeTokens(e){let t=await this._loadUser();await this._revokeInternal(t,e)}async _revokeInternal(e,t=this.settings.revokeTokenTypes){let r=this._logger.create("_revokeInternal");if(!e)return;let i=t.filter(s=>typeof e[s]=="string");if(!i.length){r.debug("no need to revoke due to no token(s)");return}for(let s of i)await this._client.revokeToken(e[s],s),r.info(`${s} revoked successfully`),s!=="access_token"&&(e[s]=null);await this.storeUser(e),r.debug("user stored"),this._events.load(e)}startSilentRenew(){this._logger.create("startSilentRenew"),this._silentRenewService.start()}stopSilentRenew(){this._silentRenewService.stop()}get _userStoreKey(){return`user:${this.settings.authority}:${this.settings.client_id}`}async _loadUser(){let e=this._logger.create("_loadUser"),t=await this.settings.userStore.get(this._userStoreKey);return t?(e.debug("user storageString loaded"),N.fromStorageString(t)):(e.debug("no user storageString"),null)}async storeUser(e){let t=this._logger.create("storeUser");if(e){t.debug("storing user");let r=e.toStorageString();await this.settings.userStore.set(this._userStoreKey,r)}else this._logger.debug("removing user"),await this.settings.userStore.remove(this._userStoreKey)}async clearStaleState(){await this._client.clearStaleState()}};var Ve="2.0.5";var Ge=Ve;return nt(vt);})();
 //# sourceMappingURL=oidc-client-ts.min.js.map

dist/types/oidc-client-ts.d.ts

@@ -200,3 +200,3 @@ /**
  */
-export declare type ExtraSigninRequestArgs = Pick<CreateSigninRequestArgs, "nonce" | "extraQueryParams" | "extraTokenParams" | "state" | "redirect_uri">;
+export declare type ExtraSigninRequestArgs = Pick<CreateSigninRequestArgs, "nonce" | "extraQueryParams" | "extraTokenParams" | "state" | "redirect_uri" | "prompt">;
 
@@ -538,4 +538,5 @@ /**
     staleStateAgeInSeconds?: number;
-    /** The window of time (in seconds) to allow the current time to deviate when validating token's iat, nbf, and exp values (default: 300) */
+    /** @deprecated Unused */
     clockSkewInSeconds?: number;
+    /** @deprecated Unused */
     userInfoJwtIssuer?: "ANY" | "OP" | string;
@@ -746,3 +747,3 @@ /**
     constructor(_settings: UserManagerSettingsStore);
-    prepare({ redirectMethod, }: RedirectParams): Promise<IWindow>;
+    prepare({ redirectMethod, redirectTarget, }: RedirectParams): Promise<IWindow>;
 }
@@ -755,2 +756,3 @@
     redirectMethod?: "replace" | "assign";
+    redirectTarget?: "top" | "self";
 }
@@ -767,8 +769,10 @@
     readonly refresh_token: string;
-    readonly id_token: string;
-    readonly scope: string;
+    readonly id_token?: string;
+    readonly session_state: string | null;
+    readonly scope?: string;
     constructor(args: {
         refresh_token: string;
-        id_token: string;
-        scope: string;
+        id_token?: string;
+        session_state: string | null;
+        scope?: string;
         state?: unknown;
@@ -908,3 +912,3 @@ });
     /** @see {@link User.session_state} */
-    readonly session_state: string | null;
+    session_state: string | null;
     /** @see {@link ErrorResponse.error} */
@@ -1327,7 +1331,8 @@ readonly error: string | null;
     /**
-     * Add callback: Raised when the user is signed in.
+     * Add callback: Raised when the user is signed in (when `monitorSession` is set).
+     * @see {@link UserManagerSettings.monitorSession}
      */
     addUserSignedIn(cb: UserSignedInCallback): () => void;
     /**
-     * Remove callback: Raised when the user is signed in.
+     * Remove callback: Raised when the user is signed in (when `monitorSession` is set).
      */
@@ -1340,7 +1345,8 @@ removeUserSignedIn(cb: UserSignedInCallback): void;
     /**
-     * Add callback: Raised when the user's sign-in status at the OP has changed.
+     * Add callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).
+     * @see {@link UserManagerSettings.monitorSession}
      */
     addUserSignedOut(cb: UserSignedOutCallback): () => void;
     /**
-     * Remove callback: Raised when the user's sign-in status at the OP has changed.
+     * Remove callback: Raised when the user's sign-in status at the OP has changed (when `monitorSession` is set).
      */
@@ -1353,7 +1359,8 @@ removeUserSignedOut(cb: UserSignedOutCallback): void;
     /**
-     * Add callback: Raised when the user session changed (when `monitorSession` is set)
+     * Add callback: Raised when the user session changed (when `monitorSession` is set).
+     * @see {@link UserManagerSettings.monitorSession}
      */
     addUserSessionChanged(cb: UserSessionChangedCallback): () => void;
     /**
-     * Remove callback: Raised when the user session changed (when `monitorSession` is set)
+     * Remove callback: Raised when the user session changed (when `monitorSession` is set).
      */
@@ -1386,2 +1393,4 @@ removeUserSessionChanged(cb: UserSessionChangedCallback): void;
     redirectMethod?: "replace" | "assign";
+    /** The methods target window being redirected (default: "self") */
+    redirectTarget?: "top" | "self";
     /** The target to pass while calling postMessage inside iframe for callback (default: window.location.origin) */
@@ -1437,2 +1446,3 @@ iframeNotifyParentOrigin?: string;
     readonly redirectMethod: "replace" | "assign";
+    readonly redirectTarget: "top" | "self";
     readonly iframeNotifyParentOrigin: string | undefined;
@@ -1439,0 +1449,0 @@ readonly iframeScriptOrigin: string | undefined;

dist/types/tsdoc-metadata.json

@@ -8,5 +8,5 @@ // This file is read by tools that parse documentation comments conforming to the TSDoc standard.
       "packageName": "@microsoft/api-extractor",
-      "packageVersion": "7.23.2"
+      "packageVersion": "7.25.0"
     }
   ]
 }

package.json

 {
   "name": "oidc-client-ts",
-  "version": "2.0.4",
+  "version": "2.0.5",
   "description": "OpenID Connect (OIDC) & OAuth2 client library",
@@ -15,2 +15,3 @@ "repository": {
     ".": {
+      "types": "./dist/types/oidc-client-ts.d.ts",
       "import": "./dist/esm/oidc-client-ts.js",
@@ -21,6 +22,2 @@ "require": "./dist/umd/oidc-client-ts.js"
   },
-  "workspaces": [
-    "samples/*",
-    "website"
-  ],
   "files": [
@@ -64,3 +61,3 @@ "dist"
     "jest-mock": "^27.4.2",
-    "lint-staged": "^12.0.2",
+    "lint-staged": "^13.0.0",
     "ts-jest": "^27.0.5",
@@ -67,0 +64,0 @@ "typedoc": "^0.22.7",

README.md

@@ -59,3 +59,5 @@ # oidc-client-ts
 ```sh
-$ npm run -w parcel-sample start
+$ cd samples/Parcel
+$ npm install
+$ npm run start
 ```
@@ -62,0 +64,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1374096

increased by1.18%

Lines of code

9998

increased by0.53%

Number of lines in readme file

85

increased by2.41%

No dependency changes