Socket
Socket
Sign inDemoInstall

oidc-client

Package Overview
Dependencies
5
Maintainers
1
Versions
87
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.5.0-beta.1 to 1.5.0-beta.2

6

gulpfile.js
var gulp = require('gulp');
var concat = require('gulp-concat');
var webpackStream = require('webpack-stream');

@@ -82,6 +83,3 @@ var webpack = require('webpack');

var gulp = require('gulp'),
concat = require('gulp-concat');
// this is used to manually build jsrsasign with the fewest modules to reduce its size
var files = [

@@ -88,0 +86,0 @@ 'jsrsasign/header.js'

4

index.d.ts

@@ -85,3 +85,3 @@ /* Provides a namespace for when the library is loaded outside a module loader environment */

validateSigninResponse(state: any, response: any): Promise<SigninResponse>;
validateSignoutResponse(state: any, response: any): Promise<SignoutRespsone>;
validateSignoutResponse(state: any, response: any): Promise<SignoutResponse>;
}

@@ -266,3 +266,3 @@

export interface SignoutRespsone {
export interface SignoutResponse {
new (url: string): SignoutResponse;

@@ -269,0 +269,0 @@

48

index.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
export const Log = require('./src/Log');
export const OidcClient = require('./src/OidcClient');
export const OidcClientSettings = require('./src/OidcClientSettings');
export const WebStorageStateStore = require('./src/WebStorageStateStore');
export const InMemoryWebStorage = require('./src/InMemoryWebStorage');
export const UserManager = require('./src/UserManager');
export const AccessTokenEvents = require('./src/AccessTokenEvents');
export const MetadataService = require('./src/MetadataService');
export const CordovaPopupNavigator = require('./src/CordovaPopupNavigator');
export const CordovaIFrameNavigator = require('./src/CordovaIFrameNavigator');
export const CheckSessionIFrame = require('./src/CheckSessionIFrame');
export const TokenRevocationClient = require('./src/TokenRevocationClient');
export const SessionMonitor = require('./src/SessionMonitor');
export const Global = require('./src/Global');
export const User = require('./src/User');
export default {
Log,
OidcClient,
OidcClientSettings,
WebStorageStateStore,
InMemoryWebStorage,
UserManager,
AccessTokenEvents,
MetadataService,
CordovaPopupNavigator,
CordovaIFrameNavigator,
CheckSessionIFrame,
TokenRevocationClient,
SessionMonitor,
Global,
User
};
export { Log } from './src/Log';
export { OidcClient } from './src/OidcClient';
export { OidcClientSettings } from './src/OidcClientSettings';
export { WebStorageStateStore } from './src/WebStorageStateStore';
export { InMemoryWebStorage } from './src/InMemoryWebStorage';
export { UserManager } from './src/UserManager';
export { AccessTokenEvents } from './src/AccessTokenEvents';
export { MetadataService } from './src/MetadataService';
export { CordovaPopupNavigator } from './src/CordovaPopupNavigator';
export { CordovaIFrameNavigator } from './src/CordovaIFrameNavigator';
export { CheckSessionIFrame } from './src/CheckSessionIFrame';
export { TokenRevocationClient } from './src/TokenRevocationClient';
export { SessionMonitor } from './src/SessionMonitor';
export { Global } from './src/Global';
export { User } from './src/User';

3

package.json
{
"name": "oidc-client",
"version": "1.5.0-beta.1",
"version": "1.5.0-beta.2",
"description": "OpenID Connect (OIDC) & OAuth2 client library",
"main": "lib/oidc-client.min.js",
"module": "index.js",
"scripts": {

@@ -7,0 +8,0 @@ "build": "gulp build",

38

src/AccessTokenEvents.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import Timer from './Timer';
import { Log } from './Log';
import { Timer } from './Timer';
const DefaultAccessTokenExpiringNotificationTime = 60; // seconds
export default class AccessTokenEvents {
export class AccessTokenEvents {

@@ -23,10 +23,6 @@ constructor({

load(container) {
Log.debug("AccessTokenEvents.load");
this._cancelTimers();
// only register events if there's an access token where we care about expiration
if (container.access_token) {
// only register events if there's an access token and it has an expiration
if (container.access_token && container.expires_in !== undefined) {
let duration = container.expires_in;
Log.debug("access token present, remaining duration:", duration);
Log.debug("AccessTokenEvents.load: access token present, remaining duration:", duration);

@@ -39,20 +35,24 @@ if (duration > 0) {

}
Log.debug("registering expiring timer in:", expiring);
Log.debug("AccessTokenEvents.load: registering expiring timer in:", expiring);
this._accessTokenExpiring.init(expiring);
}
else {
Log.debug("AccessTokenEvents.load: canceling existing expiring timer becase we're past expiration.");
this._accessTokenExpiring.cancel();
}
// always register expired. if it's negative, it will still fire
// if it's negative, it will still fire
let expired = duration + 1;
Log.debug("registering expired timer in:", expired);
Log.debug("AccessTokenEvents.load: registering expired timer in:", expired);
this._accessTokenExpired.init(expired);
}
else {
this._accessTokenExpiring.cancel();
this._accessTokenExpired.cancel();
}
}
unload() {
Log.debug("AccessTokenEvents.unload");
this._cancelTimers();
}
_cancelTimers(){
Log.debug("canceling existing access token timers");
Log.debug("AccessTokenEvents.unload: canceling existing access token timers");
this._accessTokenExpiring.cancel();

@@ -59,0 +59,0 @@ this._accessTokenExpired.cancel();

21

src/CheckSessionIFrame.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';
const DefaultInterval = 2000;
export default class CheckSessionIFrame {
constructor(callback, client_id, url, interval) {
export class CheckSessionIFrame {
constructor(callback, client_id, url, interval, stopOnError = true) {
this._callback = callback;

@@ -14,2 +14,3 @@ this._client_id = client_id;

this._interval = interval || DefaultInterval;
this._stopOnError = stopOnError;

@@ -46,7 +47,9 @@ var idx = url.indexOf("/", url.indexOf("//") + 2);

if (e.data === "error") {
Log.error("error message from check session op iframe");
this.stop();
Log.error("CheckSessionIFrame: error message from check session op iframe");
if (this._stopOnError) {
this.stop();
}
}
else if (e.data === "changed") {
Log.debug("changed message from check session op iframe");
Log.debug("CheckSessionIFrame: changed message from check session op iframe");
this.stop();

@@ -56,3 +59,3 @@ this._callback();

else {
Log.debug(e.data + " message from check session op iframe");
Log.debug("CheckSessionIFrame: " + e.data + " message from check session op iframe");
}

@@ -76,7 +79,7 @@ }

stop() {
Log.debug("CheckSessionIFrame.stop");
this._session_state = null;
if (this._timer) {
Log.debug("CheckSessionIFrame.stop");
window.clearInterval(this._timer);

@@ -83,0 +86,0 @@ this._timer = null;

7

src/CordovaIFrameNavigator.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import CordovaPopupWindow from './CordovaPopupWindow';
import { CordovaPopupWindow } from './CordovaPopupWindow';
export default class CordovaIFrameNavigator {
export class CordovaIFrameNavigator {
prepare(params) {

@@ -10,0 +9,0 @@ params.popupWindowFeatures = 'hidden=yes';

7

src/CordovaPopupNavigator.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import CordovaPopupWindow from './CordovaPopupWindow';
import { CordovaPopupWindow } from './CordovaPopupWindow';
export default class CordovaPopupNavigator {
export class CordovaPopupNavigator {
prepare(params) {

@@ -10,0 +9,0 @@ let popup = new CordovaPopupWindow(params);

17

src/CordovaPopupWindow.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';

@@ -9,7 +9,5 @@ const DefaultPopupFeatures = 'location=no,toolbar=no,zoom=no';

export default class CordovaPopupWindow {
export class CordovaPopupWindow {
constructor(params) {
Log.debug("CordovaPopupWindow.ctor");
this._promise = new Promise((resolve, reject) => {

@@ -24,3 +22,3 @@ this._resolve = resolve;

this.redirect_uri = params.startUrl;
Log.debug("redirect_uri: " + this.redirect_uri);
Log.debug("CordovaPopupWindow.ctor: redirect_uri: " + this.redirect_uri);
}

@@ -35,4 +33,2 @@

navigate(params) {
Log.debug("CordovaPopupWindow.navigate");
if (!params || !params.url) {

@@ -51,3 +47,3 @@ this._error("No url provided");

if (this._popup) {
Log.debug("popup successfully created");
Log.debug("CordovaPopupWindow.navigate: popup successfully created");

@@ -82,3 +78,3 @@ this._exitCallbackEvent = this._exitCallback.bind(this);

Log.debug("Successful response from cordova popup window");
Log.debug("CordovaPopupWindow: Successful response from cordova popup window");
this._resolve(data);

@@ -98,5 +94,4 @@ }

_cleanup() {
Log.debug("CordovaPopupWindow._cleanup");
if (this._popup){
Log.debug("CordovaPopupWindow: cleaning up popup");
this._popup.removeEventListener("exit", this._exitCallbackEvent, false);

@@ -103,0 +98,0 @@ this._popup.removeEventListener("loadstart", this._loadStartCallbackEvent, false);

14

src/ErrorResponse.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';
export default class ErrorResponse extends Error {
export class ErrorResponse extends Error {
constructor({error, error_description, error_uri, state}={}

@@ -13,13 +13,13 @@ ) {

}
super(error_description || error);
this.name = "ErrorResponse";
this.name = "ErrorResponse";
this.error = error;
this.error_description = error_description;
this.error_uri = error_uri;
this.state = state;
}
}

6

src/Event.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';
export default class Event {
export class Event {

@@ -25,3 +25,3 @@ constructor(name) {

raise(...params) {
Log.debug("Raising event: " + this._name);
Log.debug("Event: Raising event: " + this._name);
for (let i = 0; i < this._callbacks.length; i++) {

@@ -28,0 +28,0 @@ this._callbacks[i](...params);

10

src/Global.js

@@ -16,3 +16,3 @@ // Copyright (c) Brock Allen & Dominick Baier. All rights reserved.

export default class Global {
export class Global {

@@ -30,3 +30,3 @@ static _testing() {

static get localStorage() {
if (!testing) {
if (!testing && typeof window !== 'undefined') {
return localStorage;

@@ -37,3 +37,3 @@ }

static get sessionStorage() {
if (!testing) {
if (!testing && typeof window !== 'undefined') {
return sessionStorage;

@@ -48,3 +48,3 @@ }

static get XMLHttpRequest() {
if (!testing) {
if (!testing && typeof window !== 'undefined') {
return request || XMLHttpRequest;

@@ -59,2 +59,2 @@ }

}
};
}

6

src/IFrameNavigator.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import IFrameWindow from './IFrameWindow';
import { Log } from './Log';
import { IFrameWindow } from './IFrameWindow';
export default class IFrameNavigator {
export class IFrameNavigator {

@@ -9,0 +9,0 @@ prepare(params) {

26

src/IFrameWindow.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';
const DefaultTimeout = 10000;
export default class IFrameWindow {
export class IFrameWindow {
constructor(params) {
Log.debug("IFrameWindow.ctor");
this._promise = new Promise((resolve, reject) => {

@@ -20,3 +18,3 @@ this._resolve = resolve;

window.addEventListener("message", this._boundMessageEvent, false);
this._frame = window.document.createElement("iframe");

@@ -30,3 +28,3 @@

this._frame.style.height = 0;
window.document.body.appendChild(this._frame);

@@ -36,4 +34,2 @@ }

navigate(params) {
Log.debug("IFrameWindow.navigate");
if (!params || !params.url) {

@@ -44,7 +40,7 @@ this._error("No url provided");

let timeout = params.silentRequestTimeout || DefaultTimeout;
Log.debug("Using timeout of:", timeout);
Log.debug("IFrameWindow.navigate: Using timeout of:", timeout);
this._timer = window.setTimeout(this._timeout.bind(this), timeout);
this._frame.src = params.url;
}
return this.promise;

@@ -60,3 +56,3 @@ }

Log.debug("Successful response from frame window");
Log.debug("IFrameWindow: Successful response from frame window");
this._resolve(data);

@@ -77,3 +73,3 @@ }

if (this._frame) {
Log.debug("IFrameWindow._cleanup");
Log.debug("IFrameWindow: cleanup");

@@ -91,3 +87,3 @@ window.removeEventListener("message", this._boundMessageEvent, false);

_timeout() {
Log.debug("IFrameWindow._timeout");
Log.debug("IFrameWindow.timeout");
this._error("Frame window timed out");

@@ -97,3 +93,3 @@ }

_message(e) {
Log.debug("IFrameWindow._message");
Log.debug("IFrameWindow.message");

@@ -124,3 +120,3 @@ if (this._timer &&

if (url) {
Log.debug("posting url message to parent");
Log.debug("IFrameWindow.notifyParent: posting url message to parent");
window.parent.postMessage(url, location.protocol + "//" + location.host);

@@ -127,0 +123,0 @@ }

18

src/InMemoryWebStorage.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';
export default class InMemoryWebStorage{
export class InMemoryWebStorage{
constructor(){
this._data = {};
}
getItem(key) {

@@ -15,8 +15,8 @@ Log.debug("InMemoryWebStorage.getItem", key);

}
setItem(key, value){
Log.debug("InMemoryWebStorage.setItem", key);
this._data[key] = value;
}
}
removeItem(key){

@@ -26,10 +26,10 @@ Log.debug("InMemoryWebStorage.removeItem", key);

}
get length() {
return Object.getOwnPropertyNames(this._data).length;
}
key(index) {
return Object.getOwnPropertyNames(this._data)[index];
}
}
}

36

src/JoseUtil.js

@@ -6,7 +6,7 @@ // Copyright (c) Brock Allen & Dominick Baier. All rights reserved.

//import { jws, KEYUTIL as KeyUtil, X509, crypto, hextob64u, b64tohex } from 'jsrsasign';
import Log from './Log';
import { Log } from './Log';
const AllowedSigningAlgs = ['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'ES256', 'ES384', 'ES512'];
export default class JoseUtil {
export class JoseUtil {

@@ -40,3 +40,3 @@ static parseJwt(jwt) {

else {
Log.error("RSA key missing key material", key);
Log.error("JoseUtil.validateJwt: RSA key missing key material", key);
return Promise.reject(new Error("RSA key missing key material"));

@@ -50,3 +50,3 @@ }

else {
Log.error("EC key missing key material", key);
Log.error("JoseUtil.validateJwt: EC key missing key material", key);
return Promise.reject(new Error("EC key missing key material"));

@@ -56,3 +56,3 @@ }

else {
Log.error("Unsupported key type", key && key.kty);
Log.error("JoseUtil.validateJwt: Unsupported key type", key && key.kty);
return Promise.reject(new Error("Unsupported key type: " + key && key.kty));

@@ -70,4 +70,2 @@ }

static _validateJwt(jwt, key, issuer, audience, clockSkew, now) {
Log.debug("JoseUtil._validateJwt");
if (!clockSkew) {

@@ -84,7 +82,7 @@ clockSkew = 0;

if (!payload.iss) {
Log.error("issuer was not provided");
Log.error("JoseUtil._validateJwt: issuer was not provided");
return Promise.reject(new Error("issuer was not provided"));
}
if (payload.iss !== issuer) {
Log.error("Invalid issuer in token", payload.iss);
Log.error("JoseUtil._validateJwt: Invalid issuer in token", payload.iss);
return Promise.reject(new Error("Invalid issuer in token: " + payload.iss));

@@ -94,8 +92,8 @@ }

if (!payload.aud) {
Log.error("aud was not provided");
Log.error("JoseUtil._validateJwt: aud was not provided");
return Promise.reject(new Error("aud was not provided"));
}
var validAudience = payload.aud === audience || (Array.isArray(payload.aud) && payload.aud.indexOf(audience) >= 0);
var validAudience = payload.aud === audience || (Array.isArray(payload.aud) && payload.aud.indexOf(audience) >= 0);
if (!validAudience) {
Log.error("Invalid audience in token", payload.aud);
Log.error("JoseUtil._validateJwt: Invalid audience in token", payload.aud);
return Promise.reject(new Error("Invalid audience in token: " + payload.aud));

@@ -108,7 +106,7 @@ }

if (!payload.iat) {
Log.error("iat was not provided");
Log.error("JoseUtil._validateJwt: iat was not provided");
return Promise.reject(new Error("iat was not provided"));
}
if (lowerNow < payload.iat) {
Log.error("iat is in the future", payload.iat);
Log.error("JoseUtil._validateJwt: iat is in the future", payload.iat);
return Promise.reject(new Error("iat is in the future: " + payload.iat));

@@ -118,3 +116,3 @@ }

if (payload.nbf && lowerNow < payload.nbf) {
Log.error("nbf is in the future", payload.nbf);
Log.error("JoseUtil._validateJwt: nbf is in the future", payload.nbf);
return Promise.reject(new Error("nbf is in the future: " + payload.nbf));

@@ -124,7 +122,7 @@ }

if (!payload.exp) {
Log.error("exp was not provided");
Log.error("JoseUtil._validateJwt: exp was not provided");
return Promise.reject(new Error("exp was not provided"));
}
if (payload.exp < upperNow) {
Log.error("exp is in the past", payload.exp);
Log.error("JoseUtil._validateJwt: exp is in the past", payload.exp);
return Promise.reject(new Error("exp is in the past:" + payload.exp));

@@ -135,3 +133,3 @@ }

if (!jws.JWS.verify(jwt, key, AllowedSigningAlgs)) {
Log.error("signature validation failed");
Log.error("JoseUtil._validateJwt: signature validation failed");
return Promise.reject(new Error("signature validation failed"));

@@ -149,3 +147,2 @@ }

static hashString(value, alg) {
Log.debug("JoseUtil.hashString", value, alg);
try {

@@ -160,3 +157,2 @@ return crypto.Util.hashString(value, alg);

static hexToBase64Url(value) {
Log.debug("JoseUtil.hexToBase64Url", value);
try {

@@ -163,0 +159,0 @@ return hextob64u(value);

46

src/JsonService.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import Global from './Global';
import { Log } from './Log';
import { Global } from './Global';
export default class JsonService {
export class JsonService {
constructor(XMLHttpRequestCtor = Global.XMLHttpRequest) {
this._XMLHttpRequest = XMLHttpRequestCtor;
}
getJson(url, token) {
Log.debug("JsonService.getJson", url);
if (!url){
Log.error("No url passed");
Log.error("JsonService.getJson: No url passed");
throw new Error("url");
}
Log.debug("JsonService.getJson, url: ", url);
return new Promise((resolve, reject) => {
var req = new this._XMLHttpRequest();

@@ -26,11 +26,17 @@ req.open('GET', url);

req.onload = function() {
Log.debug("HTTP response received, status", req.status);
Log.debug("JsonService.getJson: HTTP response received, status", req.status);
if (req.status === 200) {
try {
resolve(JSON.parse(req.responseText));
var contentType = req.getResponseHeader("Content-Type");
if (contentType && contentType.startsWith("application/json")) {
try {
resolve(JSON.parse(req.responseText));
}
catch (e) {
Log.error("JsonService.getJson: Error parsing JSON response", e.message);
reject(e);
}
}
catch (e) {
Log.error("Error parsing JSON response", e.message);
reject(e);
else {
reject(Error("Invalid response Content-Type: " + contentType + ", from URL: " + url));
}

@@ -44,8 +50,8 @@ }

req.onerror = function() {
Log.error("network error");
Log.error("JsonService.getJson: network error");
reject(Error("Network Error"));
};
if (token) {
Log.debug("token passed, setting Authorization header");
Log.debug("JsonService.getJson: token passed, setting Authorization header");
req.setRequestHeader("Authorization", "Bearer " + token);

@@ -57,2 +63,2 @@ }

}
}
}

4

src/Log.js

@@ -20,3 +20,3 @@ // Copyright (c) Brock Allen & Dominick Baier. All rights reserved.

export default class Log {
export class Log {
static get NONE() {return NONE};

@@ -84,2 +84,2 @@ static get ERROR() {return ERROR};

Log.reset();
Log.reset();

47

src/MetadataService.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import JsonService from './JsonService';
import { Log } from './Log';
import { JsonService } from './JsonService';
const OidcMetadataUrlPath = '.well-known/openid-configuration';
export default class MetadataService {
export class MetadataService {
constructor(settings, JsonServiceCtor = JsonService) {
if (!settings) {
Log.error("No settings passed to MetadataService");
Log.error("MetadataService: No settings passed to MetadataService");
throw new Error("settings");

@@ -41,6 +41,4 @@ }

getMetadata() {
Log.debug("MetadataService.getMetadata");
if (this._settings.metadata) {
Log.debug("Returning metadata from settings");
Log.debug("MetadataService.getMetadata: Returning metadata from settings");
return Promise.resolve(this._settings.metadata);

@@ -50,11 +48,11 @@ }

if (!this.metadataUrl) {
Log.error("No authority or metadataUrl configured on settings");
Log.error("MetadataService.getMetadata: No authority or metadataUrl configured on settings");
return Promise.reject(new Error("No authority or metadataUrl configured on settings"));
}
Log.debug("getting metadata from", this.metadataUrl);
Log.debug("MetadataService.getMetadata: getting metadata from", this.metadataUrl);
return this._jsonService.getJson(this.metadataUrl)
.then(metadata => {
Log.debug("json received");
Log.debug("MetadataService.getMetadata: json received");
this._settings.metadata = metadata;

@@ -64,5 +62,4 @@ return metadata;

}
getIssuer() {
Log.debug("MetadataService.getIssuer");
return this._getMetadataProperty("issuer");

@@ -72,3 +69,2 @@ }

getAuthorizationEndpoint() {
Log.debug("MetadataService.getAuthorizationEndpoint");
return this._getMetadataProperty("authorization_endpoint");

@@ -78,3 +74,2 @@ }

getUserInfoEndpoint() {
Log.debug("MetadataService.getUserInfoEndpoint");
return this._getMetadataProperty("userinfo_endpoint");

@@ -84,8 +79,6 @@ }

getTokenEndpoint() {
Log.debug("MetadataService.getTokenEndpoint");
return this._getMetadataProperty("token_endpoint", true);
}
getCheckSessionIframe() {
Log.debug("MetadataService.getCheckSessionIframe");
return this._getMetadataProperty("check_session_iframe", true);

@@ -95,3 +88,2 @@ }

getEndSessionEndpoint() {
Log.debug("MetadataService.getEndSessionEndpoint");
return this._getMetadataProperty("end_session_endpoint", true);

@@ -101,3 +93,2 @@ }

getRevocationEndpoint() {
Log.debug("MetadataService.getRevocationEndpoint");
return this._getMetadataProperty("revocation_endpoint", true);

@@ -107,6 +98,6 @@ }

_getMetadataProperty(name, optional=false) {
Log.debug("MetadataService._getMetadataProperty", name);
Log.debug("MetadataService.getMetadataProperty for: " + name);
return this.getMetadata().then(metadata => {
Log.debug("metadata recieved");
Log.debug("MetadataService.getMetadataProperty: metadata recieved");

@@ -116,7 +107,7 @@ if (metadata[name] === undefined) {

if (optional === true) {
Log.warn("Metadata does not contain optional property " + name);
Log.warn("MetadataService.getMetadataProperty: Metadata does not contain optional property " + name);
return undefined;
}
else {
Log.error("Metadata does not contain property " + name);
Log.error("MetadataService.getMetadataProperty: Metadata does not contain property " + name);
throw new Error("Metadata does not contain property " + name);

@@ -131,6 +122,4 @@ }

getSigningKeys() {
Log.debug("MetadataService.getSigningKeys");
if (this._settings.signingKeys) {
Log.debug("Returning signingKeys from settings");
Log.debug("MetadataService.getSigningKeys: Returning signingKeys from settings");
return Promise.resolve(this._settings.signingKeys);

@@ -140,9 +129,9 @@ }

return this._getMetadataProperty("jwks_uri").then(jwks_uri => {
Log.debug("jwks_uri received", jwks_uri);
Log.debug("MetadataService.getSigningKeys: jwks_uri received", jwks_uri);
return this._jsonService.getJson(jwks_uri).then(keySet => {
Log.debug("key set received", keySet);
Log.debug("MetadataService.getSigningKeys: key set received", keySet);
if (!keySet.keys) {
Log.error("Missing keys on keyset");
Log.error("MetadataService.getSigningKeys: Missing keys on keyset");
throw new Error("Missing keys on keyset");

@@ -149,0 +138,0 @@ }

48

src/OidcClient.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import OidcClientSettings from './OidcClientSettings';
import ErrorResponse from './ErrorResponse';
import SigninRequest from './SigninRequest';
import SigninResponse from './SigninResponse';
import SignoutRequest from './SignoutRequest';
import SignoutResponse from './SignoutResponse';
import SigninState from './SigninState';
import State from './State';
import { Log } from './Log';
import { OidcClientSettings } from './OidcClientSettings';
import { ErrorResponse } from './ErrorResponse';
import { SigninRequest } from './SigninRequest';
import { SigninResponse } from './SigninResponse';
import { SignoutRequest } from './SignoutRequest';
import { SignoutResponse } from './SignoutResponse';
import { SigninState } from './SigninState';
import { State } from './State';
export default class OidcClient {
export class OidcClient {
constructor(settings = {}) {

@@ -42,5 +42,5 @@ if (settings instanceof OidcClientSettings) {

createSigninRequest({
response_type, scope, redirect_uri,
response_type, scope, redirect_uri,
// data was meant to be the place a caller could indicate the data to
// have round tripped, but people were getting confused, so i added state (since that matches the spec)
// have round tripped, but people were getting confused, so i added state (since that matches the spec)
// and so now if data is not passed, but state is then state will be used

@@ -66,7 +66,7 @@ data, state, prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values,

extraQueryParams = extraQueryParams || this._settings.extraQueryParams;
let authority = this._settings.authority;
return this._metadataService.getAuthorizationEndpoint().then(url => {
Log.debug("Received authorization endpoint", url);
Log.debug("OidcClient.createSigninRequest: Received authorization endpoint", url);

@@ -100,3 +100,3 @@ let signinRequest = new SigninRequest({

if (!response.state) {
Log.error("No state in response");
Log.error("OidcClient.processSigninResponse: No state in response");
return Promise.reject(new Error("No state in response"));

@@ -109,3 +109,3 @@ }

if (!storedStateString) {
Log.error("No matching state found in storage");
Log.error("OidcClient.processSigninResponse: No matching state found in storage");
throw new Error("No matching state found in storage");

@@ -116,3 +116,3 @@ }

Log.debug("Received state from storage; validating response");
Log.debug("OidcClient.processSigninResponse: Received state from storage; validating response");
return this._validator.validateSigninResponse(state, response);

@@ -131,7 +131,7 @@ });

if (!url) {
Log.error("No end session endpoint url returned");
Log.error("OidcClient.createSignoutRequest: No end session endpoint url returned");
throw new Error("no end session endpoint");
}
Log.debug("Received end session endpoint", url);
Log.debug("OidcClient.createSignoutRequest: Received end session endpoint", url);

@@ -147,3 +147,3 @@ let request = new SignoutRequest({

if (signoutState) {
Log.debug("Signout request has state to persist");
Log.debug("OidcClient.createSignoutRequest: Signout request has state to persist");

@@ -163,6 +163,6 @@ stateStore = stateStore || this._stateStore;

if (!response.state) {
Log.debug("No state in response");
Log.debug("OidcClient.processSignoutResponse: No state in response");
if (response.error) {
Log.warn("Response was error", response.error);
Log.warn("OidcClient.processSignoutResponse: Response was error: ", response.error);
return Promise.reject(new ErrorResponse(response));

@@ -180,3 +180,3 @@ }

if (!storedStateString) {
Log.error("No matching state found in storage");
Log.error("OidcClient.processSignoutResponse: No matching state found in storage");
throw new Error("No matching state found in storage");

@@ -187,3 +187,3 @@ }

Log.debug("Received state from storage; validating response");
Log.debug("OidcClient.processSignoutResponse: Received state from storage; validating response");
return this._validator.validateSignoutResponse(state, response);

@@ -190,0 +190,0 @@ });

14

src/OidcClientSettings.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import WebStorageStateStore from './WebStorageStateStore';
import ResponseValidator from './ResponseValidator';
import MetadataService from './MetadataService';
import { Log } from './Log';
import { WebStorageStateStore } from './WebStorageStateStore';
import { ResponseValidator } from './ResponseValidator';
import { MetadataService } from './MetadataService';

@@ -16,3 +16,3 @@ const OidcMetadataUrlPath = '.well-known/openid-configuration';

export default class OidcClientSettings {
export class OidcClientSettings {
constructor({

@@ -78,3 +78,3 @@ // metadata related

else {
Log.error("client_id has already been assigned.")
Log.error("OidcClientSettings.set_client_id: client_id has already been assigned.")
throw new Error("client_id has already been assigned.")

@@ -131,3 +131,3 @@ }

else {
Log.error("authority has already been assigned.")
Log.error("OidcClientSettings.set_authority: authority has already been assigned.")
throw new Error("authority has already been assigned.")

@@ -134,0 +134,0 @@ }

10

src/PopupNavigator.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import PopupWindow from './PopupWindow';
import { Log } from './Log';
import { PopupWindow } from './PopupWindow';
export default class PopupNavigator {
export class PopupNavigator {
prepare(params) {

@@ -13,3 +13,3 @@ let popup = new PopupWindow(params);

}
callback(url, keepOpen, delimiter) {

@@ -16,0 +16,0 @@ Log.debug("PopupNavigator.callback");

43

src/PopupWindow.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import UrlUtility from './UrlUtility';
import { Log } from './Log';
import { UrlUtility } from './UrlUtility';

@@ -13,7 +13,5 @@ const CheckForPopupClosedInterval = 500;

export default class PopupWindow {
export class PopupWindow {
constructor(params) {
Log.debug("PopupWindow.ctor");
this._promise = new Promise((resolve, reject) => {

@@ -29,3 +27,3 @@ this._resolve = resolve;

if (this._popup) {
Log.debug("popup successfully created");
Log.debug("PopupWindow.ctor: popup successfully created");
this._checkForPopupClosedTimer = window.setInterval(this._checkForPopupClosed.bind(this), CheckForPopupClosedInterval);

@@ -40,12 +38,11 @@ }

navigate(params) {
Log.debug("PopupWindow.navigate");
if (!this._popup) {
this._error("Error opening popup window");
this._error("PopupWindow.navigate: Error opening popup window");
}
else if (!params || !params.url) {
this._error("PopupWindow.navigate: no url provided");
this._error("No url provided");
}
else {
Log.debug("Setting URL in popup");
Log.debug("PopupWindow.navigate: Setting URL in popup");

@@ -67,3 +64,3 @@ this._id = params.id;

Log.debug("Successful response from popup window");
Log.debug("PopupWindow.callback: Successful response from popup window");
this._resolve(data);

@@ -74,2 +71,3 @@ }

Log.debug("PopupWindow.error: ", message);
Log.error(message);

@@ -84,3 +82,3 @@ this._reject(new Error(message));

_cleanup(keepOpen) {
Log.debug("PopupWindow._cleanup");
Log.debug("PopupWindow.cleanup");

@@ -99,6 +97,4 @@ window.clearInterval(this._checkForPopupClosedTimer);

_checkForPopupClosed() {
Log.debug("PopupWindow._checkForPopupClosed");
if (!this._popup || this._popup.closed) {
this._error("Popup window closed");
this._error("PopupWindow.checkForPopupClosed: Popup window closed");
}

@@ -108,10 +104,10 @@ }

_callback(url, keepOpen) {
Log.debug("PopupWindow._callback");
this._cleanup(keepOpen);
if (url) {
Log.debug("PopupWindow.callback success");
this._success({ url: url });
}
else {
Log.debug("PopupWindow.callback: Invalid response from popup");
this._error("Invalid response from popup");

@@ -122,23 +118,20 @@ }

static notifyOpener(url, keepOpen, delimiter) {
Log.debug("PopupWindow.notifyOpener");
if (window.opener) {
url = url || window.location.href;
if (url) {
var data = UrlUtility.parseUrlFragment(url, delimiter);
var data = UrlUtility.parseUrlFragment(url, delimiter);
if (data.state) {
var name = "popupCallback_" + data.state;
var callback = window.opener[name];
var callback = window.opener[name];
if (callback) {
Log.debug("passing url message to opener");
Log.debug("PopupWindow.notifyOpener: passing url message to opener");
callback(url, keepOpen);
}
else {
Log.warn("no matching callback found on opener");
Log.warn("PopupWindow.notifyOpener: no matching callback found on opener");
}
}
else {
Log.warn("no state found in response url");
Log.warn("PopupWindow.notifyOpener: no state found in response url");
}

@@ -145,0 +138,0 @@ }

13

src/RedirectNavigator.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';
export default class RedirectNavigator {
export class RedirectNavigator {
prepare() {

@@ -13,6 +13,4 @@ return Promise.resolve(this);

navigate(params) {
Log.debug("RedirectNavigator.navigate");
if (!params || !params.url) {
Log.error("No url provided");
Log.error("RedirectNavigator.navigate: No url provided");
return Promise.reject(new Error("No url provided"));

@@ -22,3 +20,3 @@ }

window.location = params.url;
return Promise.resolve();

@@ -28,5 +26,4 @@ }

get url() {
Log.debug("RedirectNavigator.url");
return window.location.href;
}
}

155

src/ResponseValidator.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import MetadataService from './MetadataService';
import UserInfoService from './UserInfoService';
import ErrorResponse from './ErrorResponse';
import JoseUtil from './JoseUtil';
import { Log } from './Log';
import { MetadataService } from './MetadataService';
import { UserInfoService } from './UserInfoService';
import { ErrorResponse } from './ErrorResponse';
import { JoseUtil } from './JoseUtil';
const ProtocolClaims = ["nonce", "at_hash", "iat", "nbf", "exp", "aud", "iss", "c_hash"];
export default class ResponseValidator {
export class ResponseValidator {
constructor(settings, MetadataServiceCtor = MetadataService, UserInfoServiceCtor = UserInfoService, joseUtil = JoseUtil) {
if (!settings) {
Log.error("No settings passed to ResponseValidator");
Log.error("ResponseValidator.ctor: No settings passed to ResponseValidator");
throw new Error("settings");

@@ -30,7 +30,7 @@ }

return this._processSigninParams(state, response).then(response => {
Log.debug("state processed");
Log.debug("ResponseValidator.validateSigninResponse: state processed");
return this._validateTokens(state, response).then(response => {
Log.debug("tokens validated");
Log.debug("ResponseValidator.validateSigninResponse: tokens validated");
return this._processClaims(response).then(response => {
Log.debug("claims processed");
Log.debug("ResponseValidator.validateSigninResponse: claims processed");
return response;

@@ -43,6 +43,4 @@ });

validateSignoutResponse(state, response) {
Log.debug("ResponseValidator.validateSignoutResponse");
if (state.id !== response.state) {
Log.error("State does not match");
Log.error("ResponseValidator.validateSignoutResponse: State does not match");
return Promise.reject(new Error("State does not match"));

@@ -54,7 +52,7 @@ }

// this is important for both success & error outcomes
Log.debug("state validated");
Log.debug("ResponseValidator.validateSignoutResponse: state validated");
response.state = state.data;
if (response.error) {
Log.warn("Response was error", response.error);
Log.warn("ResponseValidator.validateSignoutResponse: Response was error", response.error);
return Promise.reject(new ErrorResponse(response));

@@ -67,19 +65,17 @@ }

_processSigninParams(state, response) {
Log.debug("ResponseValidator._processSigninParams");
if (state.id !== response.state) {
Log.error("State does not match");
Log.error("ResponseValidator._processSigninParams: State does not match");
return Promise.reject(new Error("State does not match"));
}
if (!state.client_id) {
Log.error("No client_id on state");
Log.error("ResponseValidator._processSigninParams: No client_id on state");
return Promise.reject(new Error("No client_id on state"));
}
if (!state.authority) {
Log.error("No authority on state");
Log.error("ResponseValidator._processSigninParams: No authority on state");
return Promise.reject(new Error("No authority on state"));
}
// this allows the authority to be loaded from the signin state

@@ -91,3 +87,3 @@ if (!this._settings.authority) {

else if (this._settings.authority && this._settings.authority !== state.authority) {
Log.error("authority mismatch on settings vs. signin state");
Log.error("ResponseValidator._processSigninParams: authority mismatch on settings vs. signin state");
return Promise.reject(new Error("authority mismatch on settings vs. signin state"));

@@ -101,14 +97,14 @@ }

else if (this._settings.client_id && this._settings.client_id !== state.client_id) {
Log.error("client_id mismatch on settings vs. signin state");
Log.error("ResponseValidator._processSigninParams: client_id mismatch on settings vs. signin state");
return Promise.reject(new Error("client_id mismatch on settings vs. signin state"));
}
// now that we know the state matches, take the stored data
// and set it into the response so callers can get their state
// this is important for both success & error outcomes
Log.debug("state validated");
Log.debug("ResponseValidator._processSigninParams: state validated");
response.state = state.data;
if (response.error) {
Log.warn("Response was error", response.error);
Log.warn("ResponseValidator._processSigninParams: Response was error", response.error);
return Promise.reject(new ErrorResponse(response));

@@ -118,3 +114,3 @@ }

if (state.nonce && !response.id_token) {
Log.error("Expecting id_token in response");
Log.error("ResponseValidator._processSigninParams: Expecting id_token in response");
return Promise.reject(new Error("No id_token in response"));

@@ -124,3 +120,3 @@ }

if (!state.nonce && response.id_token) {
Log.error("Not expecting id_token in response");
Log.error("ResponseValidator._processSigninParams: Not expecting id_token in response");
return Promise.reject(new Error("Unexpected id_token in response"));

@@ -133,6 +129,4 @@ }

_processClaims(response) {
Log.debug("ResponseValidator._processClaims");
if (response.isOpenIdConnect) {
Log.debug("response is OIDC, processing claims");
Log.debug("ResponseValidator._processClaims: response is OIDC, processing claims");

@@ -142,9 +136,9 @@ response.profile = this._filterProtocolClaims(response.profile);

if (this._settings.loadUserInfo && response.access_token) {
Log.debug("loading user info");
Log.debug("ResponseValidator._processClaims: loading user info");
return this._userInfoService.getClaims(response.access_token).then(claims => {
Log.debug("user info claims received from user info endpoint");
Log.debug("ResponseValidator._processClaims: user info claims received from user info endpoint");
if (claims.sub !== response.profile.sub) {
Log.error("sub from user info endpoint does not match sub in access_token");
Log.error("ResponseValidator._processClaims: sub from user info endpoint does not match sub in access_token");
return Promise.reject(new Error("sub from user info endpoint does not match sub in access_token"));

@@ -154,3 +148,3 @@ }

response.profile = this._mergeClaims(response.profile, claims);
Log.debug("user info claims received, updated profile:", response.profile);
Log.debug("ResponseValidator._processClaims: user info claims received, updated profile:", response.profile);

@@ -161,7 +155,7 @@ return response;

else {
Log.debug("not loading user info");
Log.debug("ResponseValidator._processClaims: not loading user info");
}
}
else {
Log.debug("response is not OIDC, not processing claims");
Log.debug("ResponseValidator._processClaims: response is not OIDC, not processing claims");
}

@@ -210,6 +204,6 @@

Log.debug("protocol claims filtered", result);
Log.debug("ResponseValidator._filterProtocolClaims: protocol claims filtered", result);
}
else {
Log.debug("protocol claims not filtered")
Log.debug("ResponseValidator._filterProtocolClaims: protocol claims not filtered")
}

@@ -221,16 +215,13 @@

_validateTokens(state, response) {
Log.debug("ResponseValidator._validateTokens");
if (response.id_token) {
if (response.access_token) {
Log.debug("Validating id_token and access_token");
Log.debug("ResponseValidator._validateTokens: Validating id_token and access_token");
return this._validateIdTokenAndAccessToken(state, response);
}
Log.debug("Validating id_token");
Log.debug("ResponseValidator._validateTokens: Validating id_token");
return this._validateIdToken(state, response);
}
Log.debug("No id_token to validate");
Log.debug("ResponseValidator._validateTokens: No id_token to validate");
return Promise.resolve(response);

@@ -240,4 +231,2 @@ }

_validateIdTokenAndAccessToken(state, response) {
Log.debug("ResponseValidator._validateIdTokenAndAccessToken");
return this._validateIdToken(state, response).then(response => {

@@ -249,12 +238,10 @@ return this._validateAccessToken(response);

_validateIdToken(state, response) {
Log.debug("ResponseValidator._validateIdToken");
if (!state.nonce) {
Log.error("No nonce on state");
Log.error("ResponseValidator._validateIdToken: No nonce on state");
return Promise.reject(new Error("No nonce on state"));
}
let jwt = this._joseUtil.parseJwt(response.id_token);
if (!jwt || !jwt.header || !jwt.payload) {
Log.error("Failed to parse id_token", jwt);
Log.error("ResponseValidator._validateIdToken: Failed to parse id_token", jwt);
return Promise.reject(new Error("Failed to parse id_token"));

@@ -264,3 +251,3 @@ }

if (state.nonce !== jwt.payload.nonce) {
Log.error("Invalid nonce in id_token");
Log.error("ResponseValidator._validateIdToken: Invalid nonce in id_token");
return Promise.reject(new Error("Invalid nonce in id_token"));

@@ -272,11 +259,11 @@ }

return this._metadataService.getIssuer().then(issuer => {
Log.debug("Received issuer");
Log.debug("ResponseValidator._validateIdToken: Received issuer");
return this._metadataService.getSigningKeys().then(keys => {
if (!keys) {
Log.error("No signing keys from metadata");
Log.error("ResponseValidator._validateIdToken: No signing keys from metadata");
return Promise.reject(new Error("No signing keys from metadata"));
}
Log.debug("Received signing keys");
Log.debug("ResponseValidator._validateIdToken: Received signing keys");
let key;

@@ -287,5 +274,5 @@ if (!kid) {

if (keys.length > 1) {
Log.error("No kid found in id_token and more than one key found in metadata");
Log.error("ResponseValidator._validateIdToken: No kid found in id_token and more than one key found in metadata");
return Promise.reject(new Error("No kid found in id_token and more than one key found in metadata"));
}
}
else {

@@ -304,3 +291,3 @@ // kid is mandatory only when there are multiple keys in the referenced JWK Set document

if (!key) {
Log.error("No key matching kid or alg found in signing keys");
Log.error("ResponseValidator._validateIdToken: No key matching kid or alg found in signing keys");
return Promise.reject(new Error("No key matching kid or alg found in signing keys"));

@@ -310,11 +297,11 @@ }

let audience = state.client_id;
let clockSkewInSeconds = this._settings.clockSkew;
Log.debug("Validaing JWT; using clock skew (in seconds) of: ", clockSkewInSeconds);
Log.debug("ResponseValidator._validateIdToken: Validaing JWT; using clock skew (in seconds) of: ", clockSkewInSeconds);
return this._joseUtil.validateJwt(response.id_token, key, issuer, audience, clockSkewInSeconds).then(()=>{
Log.debug("JWT validation successful");
Log.debug("ResponseValidator._validateIdToken: JWT validation successful");
if (!jwt.payload.sub) {
Log.error("No sub present in id_token");
Log.error("ResponseValidator._validateIdToken: No sub present in id_token");
return Promise.reject(new Error("No sub present in id_token"));

@@ -324,3 +311,3 @@ }

response.profile = jwt.payload;
return response;

@@ -333,4 +320,2 @@ });

_filterByAlg(keys, alg){
Log.debug("ResponseValidator._filterByAlg", alg);
var kty = null;

@@ -347,8 +332,8 @@ if (alg.startsWith("RS")) {

else {
Log.debug("alg not supported: ", alg);
Log.debug("ResponseValidator._filterByAlg: alg not supported: ", alg);
return [];
}
Log.debug("Looking for keys that match kty: ", kty);
Log.debug("ResponseValidator._filterByAlg: Looking for keys that match kty: ", kty);
keys = keys.filter(key => {

@@ -358,3 +343,3 @@ return key.kty === kty;

Log.debug("Number of keys that match kty: ", kty, keys.length);
Log.debug("ResponseValidator._filterByAlg: Number of keys that match kty: ", kty, keys.length);

@@ -365,6 +350,4 @@ return keys;

_validateAccessToken(response) {
Log.debug("ResponseValidator._validateAccessToken");
if (!response.profile) {
Log.error("No profile loaded from id_token");
Log.error("ResponseValidator._validateAccessToken: No profile loaded from id_token");
return Promise.reject(new Error("No profile loaded from id_token"));

@@ -374,3 +357,3 @@ }

if (!response.profile.at_hash) {
Log.error("No at_hash in id_token");
Log.error("ResponseValidator._validateAccessToken: No at_hash in id_token");
return Promise.reject(new Error("No at_hash in id_token"));

@@ -380,3 +363,3 @@ }

if (!response.id_token) {
Log.error("No id_token");
Log.error("ResponseValidator._validateAccessToken: No id_token");
return Promise.reject(new Error("No id_token"));

@@ -387,3 +370,3 @@ }

if (!jwt || !jwt.header) {
Log.error("Failed to parse id_token", jwt);
Log.error("ResponseValidator._validateAccessToken: Failed to parse id_token", jwt);
return Promise.reject(new Error("Failed to parse id_token"));

@@ -394,3 +377,3 @@ }

if (!hashAlg || hashAlg.length !== 5) {
Log.error("Unsupported alg:", hashAlg);
Log.error("ResponseValidator._validateAccessToken: Unsupported alg:", hashAlg);
return Promise.reject(new Error("Unsupported alg: " + hashAlg));

@@ -401,3 +384,3 @@ }

if (!hashBits) {
Log.error("Unsupported alg:", hashAlg, hashBits);
Log.error("ResponseValidator._validateAccessToken: Unsupported alg:", hashAlg, hashBits);
return Promise.reject(new Error("Unsupported alg: " + hashAlg));

@@ -408,3 +391,3 @@ }

if (hashBits !== 256 && hashBits !== 384 && hashBits !== 512) {
Log.error("Unsupported alg:", hashAlg, hashBits);
Log.error("ResponseValidator._validateAccessToken: Unsupported alg:", hashAlg, hashBits);
return Promise.reject(new Error("Unsupported alg: " + hashAlg));

@@ -416,3 +399,3 @@ }

if (!hash) {
Log.error("access_token hash failed:", sha);
Log.error("ResponseValidator._validateAccessToken: access_token hash failed:", sha);
return Promise.reject(new Error("Failed to validate at_hash"));

@@ -424,8 +407,10 @@ }

if (left_b64u !== response.profile.at_hash) {
Log.error("Failed to validate at_hash", left_b64u, response.profile.at_hash);
Log.error("ResponseValidator._validateAccessToken: Failed to validate at_hash", left_b64u, response.profile.at_hash);
return Promise.reject(new Error("Failed to validate at_hash"));
}
Log.debug("ResponseValidator._validateAccessToken: success");
return Promise.resolve(response);
}
}
}

43

src/SessionMonitor.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import CheckSessionIFrame from './CheckSessionIFrame';
import { Log } from './Log';
import { CheckSessionIFrame } from './CheckSessionIFrame';
export default class SessionMonitor {
export class SessionMonitor {
constructor(userManager, CheckSessionIFrameCtor = CheckSessionIFrame) {
if (!userManager) {
Log.error("No user manager passed to SessionMonitor");
Log.error("SessionMonitor.ctor: No user manager passed to SessionMonitor");
throw new Error("userManager");

@@ -22,2 +22,4 @@ }

this._userManager.getUser().then(user => {
// doing this manually here since calling getUser
// doesn't trigger load event.
if (user) {

@@ -28,3 +30,3 @@ this._start(user);

// catch to suppress errors since we're in a ctor
Log.error("SessionMonitor ctor; error from getUser:", err.message);
Log.error("SessionMonitor ctor: error from getUser:", err.message);
});

@@ -45,2 +47,5 @@ }

}
get _stopCheckSessionOnError() {
return this._settings.stopCheckSessionOnError;
}

@@ -53,3 +58,3 @@ _start(user) {

this._sid = user.profile.sid;
Log.debug("SessionMonitor._start; session_state:", session_state, ", sub:", this._sub);
Log.debug("SessionMonitor._start: session_state:", session_state, ", sub:", this._sub);

@@ -59,8 +64,9 @@ if (!this._checkSessionIFrame) {

if (url) {
Log.debug("Initializing check session iframe")
Log.debug("SessionMonitor._start: Initializing check session iframe")
let client_id = this._client_id;
let interval = this._checkSessionInterval;
let stopOnError = this._stopCheckSessionOnError;
this._checkSessionIFrame = new this._CheckSessionIFrameCtor(this._callback.bind(this), client_id, url, interval);
this._checkSessionIFrame = new this._CheckSessionIFrameCtor(this._callback.bind(this), client_id, url, interval, stopOnError);
this._checkSessionIFrame.load().then(() => {

@@ -71,7 +77,7 @@ this._checkSessionIFrame.start(session_state);

else {
Log.warn("No check session iframe found in the metadata");
Log.warn("SessionMonitor._start: No check session iframe found in the metadata");
}
}).catch(err => {
// catch to suppress errors since we're in non-promise callback
Log.error("Error from getCheckSessionIframe:", err.message);
Log.error("SessionMonitor._start: Error from getCheckSessionIframe:", err.message);
});

@@ -86,4 +92,2 @@ }

_stop() {
Log.debug("SessionMonitor._stop");
this._sub = null;

@@ -93,2 +97,3 @@ this._sid = null;

if (this._checkSessionIFrame) {
Log.debug("SessionMonitor._stop");
this._checkSessionIFrame.stop();

@@ -99,4 +104,2 @@ }

_callback() {
Log.debug("SessionMonitor._callback");
this._userManager.querySessionStatus().then(session => {

@@ -111,6 +114,6 @@ var raiseUserSignedOutEvent = true;

if (session.sid === this._sid) {
Log.debug("Same sub still logged in at OP, restarting check session iframe; session_state:", session.session_state);
Log.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:", session.session_state);
}
else {
Log.debug("Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", session.session_state);
Log.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:", session.session_state);
this._userManager.events._raiseUserSessionChanged();

@@ -120,15 +123,15 @@ }

else {
Log.debug("Different subject signed into OP:", session.sub);
Log.debug("SessionMonitor._callback: Different subject signed into OP:", session.sub);
}
}
else {
Log.debug("Subject no longer signed into OP");
Log.debug("SessionMonitor._callback: Subject no longer signed into OP");
}
if (raiseUserSignedOutEvent) {
Log.debug("SessionMonitor._callback; raising signed out event");
Log.debug("SessionMonitor._callback: SessionMonitor._callback; raising signed out event");
this._userManager.events._raiseUserSignedOut();
}
}).catch(err => {
Log.debug("Error calling queryCurrentSigninSession; raising signed out event", err.message);
Log.debug("SessionMonitor._callback: Error calling queryCurrentSigninSession; raising signed out event", err.message);
this._userManager.events._raiseUserSignedOut();

@@ -135,0 +138,0 @@ });

26

src/SigninRequest.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import UrlUtility from './UrlUtility';
import SigninState from './SigninState';
import { Log } from './Log';
import { UrlUtility } from './UrlUtility';
import { SigninState } from './SigninState';
export default class SigninRequest {
export class SigninRequest {
constructor({

@@ -17,23 +17,23 @@ // mandatory

if (!url) {
Log.error("No url passed to SigninRequest");
Log.error("SigninRequest.ctor: No url passed");
throw new Error("url");
}
if (!client_id) {
Log.error("No client_id passed to SigninRequest");
Log.error("SigninRequest.ctor: No client_id passed");
throw new Error("client_id");
}
if (!redirect_uri) {
Log.error("No redirect_uri passed to SigninRequest");
Log.error("SigninRequest.ctor: No redirect_uri passed");
throw new Error("redirect_uri");
}
if (!response_type) {
Log.error("No response_type passed to SigninRequest");
Log.error("SigninRequest.ctor: No response_type passed");
throw new Error("response_type");
}
if (!scope) {
Log.error("No scope passed to SigninRequest");
Log.error("SigninRequest.ctor: No scope passed");
throw new Error("scope");
}
if (!authority) {
Log.error("No authority passed to SigninRequest");
Log.error("SigninRequest.ctor: No authority passed");
throw new Error("authority");

@@ -49,3 +49,3 @@ }

url = UrlUtility.addQueryParam(url, "scope", scope);
url = UrlUtility.addQueryParam(url, "state", this.state.id);

@@ -76,3 +76,3 @@ if (oidc) {

}
static isOAuth(response_type) {

@@ -84,2 +84,2 @@ var result = response_type.split(/\s+/g).filter(function(item) {

}
}
}

8

src/SigninResponse.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import UrlUtility from './UrlUtility';
import { UrlUtility } from './UrlUtility';
const OidcScope = "openid";
export default class SigninResponse {
export class SigninResponse {
constructor(url) {

@@ -16,3 +16,3 @@

this.error_uri = values.error_uri;
this.state = values.state;

@@ -52,3 +52,3 @@ this.id_token = values.id_token;

}
get isOpenIdConnect() {

@@ -55,0 +55,0 @@ return this.scopes.indexOf(OidcScope) >= 0 || !!this.id_token;

12

src/SigninState.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import State from './State';
import { Log } from './Log';
import { State } from './State';
import random from './random';
export default class SigninState extends State {
export class SigninState extends State {
constructor({nonce, authority, client_id} = {}) {
super(arguments[0]);
if (nonce === true) {

@@ -18,3 +18,3 @@ this._nonce = random();

}
this._authority = authority;

@@ -33,3 +33,3 @@ this._client_id = client_id;

}
toStorageString() {

@@ -36,0 +36,0 @@ Log.debug("SigninState.toStorageString");

18

src/SignoutRequest.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import UrlUtility from './UrlUtility';
import State from './State';
import { Log } from './Log';
import { UrlUtility } from './UrlUtility';
import { State } from './State';
export default class SignoutRequest {
export class SignoutRequest {
constructor({url, id_token_hint, post_logout_redirect_uri, data}) {
if (!url) {
Log.error("No url passed to SignoutRequest");
Log.error("SignoutRequest.ctor: No url passed");
throw new Error("url");

@@ -18,15 +18,15 @@ }

}
if (post_logout_redirect_uri) {
url = UrlUtility.addQueryParam(url, "post_logout_redirect_uri", post_logout_redirect_uri);
if (data) {
this.state = new State({ data });
url = UrlUtility.addQueryParam(url, "state", this.state.id);
}
}
this.url = url;
}
}

6

src/SignoutResponse.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import UrlUtility from './UrlUtility';
import { UrlUtility } from './UrlUtility';
export default class SignoutResponse {
export class SignoutResponse {
constructor(url) {

@@ -17,2 +17,2 @@

}
}
}

14

src/SilentRenewService.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';
export default class SilentRenewService {
export class SilentRenewService {

@@ -16,3 +16,3 @@ constructor(userManager) {

this._userManager.events.addAccessTokenExpiring(this._callback);
// this will trigger loading of the user so the expiring events can be initialized

@@ -23,3 +23,3 @@ this._userManager.getUser().then(user=>{

// catch to suppress errors since we're in a ctor
Log.error("Error from getUser:", err.message);
Log.error("SilentRenewService.start: Error from getUser:", err.message);
});

@@ -37,8 +37,6 @@ }

_tokenExpiring() {
Log.debug("SilentRenewService automatically renewing access token");
this._userManager.signinSilent().then(user => {
Log.debug("Silent token renewal successful");
Log.debug("SilentRenewService._tokenExpiring: Silent token renewal successful");
}, err => {
Log.error("Error from signinSilent:", err.message);
Log.error("SilentRenewService._tokenExpiring: Error from signinSilent:", err.message);
this._userManager.events._raiseSilentRenewError(err);

@@ -45,0 +43,0 @@ });

19

src/State.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';
import random from './random';
export default class State {
export class State {
constructor({id, data, created} = {}) {

@@ -38,3 +38,3 @@ this._id = id || random();

}
static fromStorageString(storageString) {

@@ -46,3 +46,2 @@ Log.debug("State.fromStorageString");

static clearStaleState(storage, age) {
Log.debug("State.clearStaleState");

@@ -52,3 +51,3 @@ var cutoff = Date.now() / 1000 - age;

return storage.getAllKeys().then(keys => {
Log.debug("got keys", keys);
Log.debug("State.clearStaleState: got keys", keys);

@@ -65,3 +64,3 @@ var promises = [];

Log.debug("got item from key: ", key, state.created);
Log.debug("State.clearStaleState: got item from key: ", key, state.created);

@@ -73,3 +72,3 @@ if (state.created <= cutoff) {

catch (e) {
Log.error("Error parsing state for key", key, e.message);
Log.error("State.clearStaleState: Error parsing state for key", key, e.message);
remove = true;

@@ -79,3 +78,3 @@ }

else {
Log.debug("no item in storage for key: ", key);
Log.debug("State.clearStaleState: no item in storage for key: ", key);
remove = true;

@@ -85,3 +84,3 @@ }

if (remove) {
Log.debug("removed item for key: ", key);
Log.debug("State.clearStaleState: removed item for key: ", key);
return storage.remove(key);

@@ -94,3 +93,3 @@ }

Log.debug("waiting on promise count:", promises.length);
Log.debug("State.clearStaleState: waiting on promise count:", promises.length);
return Promise.all(promises);

@@ -97,0 +96,0 @@ });

41

src/Timer.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import Global from './Global';
import Event from './Event';
import { Log } from './Log';
import { Global } from './Global';
import { Event } from './Event';
const TimerDuration = 5; // seconds
export default class Timer extends Event {
export class Timer extends Event {
constructor(name, timer = Global.timer) {
constructor(name, timer = Global.timer, nowFunc = undefined) {
super(name);
this._timer = timer;
this._nowFunc = () => Date.now() / 1000;
if (nowFunc) {
this._nowFunc = nowFunc;
}
else {
this._nowFunc = () => Date.now() / 1000;
}
}

@@ -23,4 +29,2 @@

init(duration) {
this.cancel();
if (duration <= 0) {

@@ -31,7 +35,16 @@ duration = 1;

var expiration = this.now + duration;
if (this.expiration === expiration && this._timerHandle) {
// no need to reinitialize to same expiration, so bail out
Log.debug("Timer.init timer " + this._name + " skipping initialization since already initialized for expiration:", this.expiration);
return;
}
this.cancel();
Log.debug("Timer.init timer " + this._name + " for duration:", duration);
this._expiration = this.now + duration;
this._expiration = expiration;
// we're using a fairly short timer and then checking the expiration in the
// callback to handle scenarios where the browser device sleeps, and then
// we're using a fairly short timer and then checking the expiration in the
// callback to handle scenarios where the browser device sleeps, and then
// the timers end up getting delayed.

@@ -44,2 +57,6 @@ var timerDuration = TimerDuration;

}
get expiration() {
return this._expiration;
}

@@ -56,3 +73,3 @@ cancel() {

var diff = this._expiration - this.now;
Log.debug("Timer._callback; " + this._name + " timer expires in:", diff);
Log.debug("Timer.callback; " + this._name + " timer expires in:", diff);

@@ -59,0 +76,0 @@ if (this._expiration <= this.now) {

30

src/TokenRevocationClient.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import MetadataService from './MetadataService';
import Global from './Global';
import { Log } from './Log';
import { MetadataService } from './MetadataService';
import { Global } from './Global';
const AccessTokenTypeHint = "access_token";
export default class TokenRevocationClient {
export class TokenRevocationClient {
constructor(settings, XMLHttpRequestCtor = Global.XMLHttpRequest, MetadataServiceCtor = MetadataService) {
if (!settings) {
Log.error("No settings provided");
Log.error("TokenRevocationClient.ctor: No settings provided");
throw new Error("No settings provided.");
}
this._settings = settings;

@@ -23,6 +23,4 @@ this._XMLHttpRequestCtor = XMLHttpRequestCtor;

revoke(accessToken, required) {
Log.debug("TokenRevocationClient.revoke");
if (!accessToken) {
Log.error("No accessToken provided");
Log.error("TokenRevocationClient.revoke: No accessToken provided");
throw new Error("No accessToken provided.");

@@ -34,3 +32,3 @@ }

if (required) {
Log.error("Revocation not supported");
Log.error("TokenRevocationClient.revoke: Revocation not supported");
throw new Error("Revocation not supported");

@@ -43,2 +41,3 @@ }

Log.error("TokenRevocationClient.revoke: Revoking access token");
var client_id = this._settings.client_id;

@@ -51,3 +50,2 @@ var client_secret = this._settings.client_secret;

_revoke(url, client_id, client_secret, accessToken) {
Log.debug("Calling revocation endpoint");

@@ -58,6 +56,6 @@ return new Promise((resolve, reject) => {

xhr.open("POST", url);
xhr.onload = () => {
Log.debug("HTTP response received, status", xhr.status);
Log.debug("TokenRevocationClient.revoke: HTTP response received, status", xhr.status);
if (xhr.status === 200) {

@@ -71,3 +69,3 @@ resolve();

var body = "client_id=" + encodeURIComponent(client_id);
var body = "client_id=" + encodeURIComponent(client_id);
if (client_secret) {

@@ -78,3 +76,3 @@ body += "&client_secret=" + encodeURIComponent(client_secret);

body += "&token=" + encodeURIComponent(accessToken);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

@@ -81,0 +79,0 @@ xhr.send(body);

14

src/UrlUtility.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import Global from './Global';
import { Log } from './Log';
import { Global } from './Global';
export default class UrlUtility {
export class UrlUtility {
static addQueryParam(url, name, value) {

@@ -25,4 +25,2 @@ if (url.indexOf('?') < 0) {

static parseUrlFragment(value, delimiter = "#", global = Global) {
Log.debug("UrlUtility.parseUrlFragment");
if (typeof value !== 'string'){

@@ -45,3 +43,3 @@ value = global.location.href;

if (counter++ > 50) {
Log.error("response exceeded expected number of parameters", value);
Log.error("UrlUtility.parseUrlFragment: response exceeded expected number of parameters", value);
return {

@@ -56,5 +54,5 @@ error: "Response exceeded expected number of parameters"

}
return {};
}
}
}

6

src/User.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import { Log } from './Log';
export default class User {
export class User {
constructor({id_token, session_state, access_token, token_type, scope, profile, expires_at, state}) {

@@ -55,2 +55,2 @@ this.id_token = id_token;

}
}
}

18

src/UserInfoService.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import JsonService from './JsonService';
import MetadataService from './MetadataService';
import Log from './Log';
import { JsonService } from './JsonService';
import { MetadataService } from './MetadataService';
import { Log } from './Log';
export default class UserInfoService {
export class UserInfoService {
constructor(settings, JsonServiceCtor = JsonService, MetadataServiceCtor = MetadataService) {
if (!settings) {
Log.error("No settings passed to UserInfoService");
Log.error("UserInfoService.ctor: No settings passed");
throw new Error("settings");

@@ -21,6 +21,4 @@ }

getClaims(token) {
Log.debug("UserInfoService.getClaims");
if (!token) {
Log.error("No token passed");
Log.error("UserInfoService.getClaims: No token passed");
return Promise.reject(new Error("A token is required"));

@@ -30,6 +28,6 @@ }

return this._metadataService.getUserInfoEndpoint().then(url => {
Log.debug("received userinfo url", url);
Log.debug("UserInfoService.getClaims: received userinfo url", url);
return this._jsonService.getJson(url, token).then(claims => {
Log.debug("claims received", claims);
Log.debug("UserInfoService.getClaims: claims received", claims);
return claims;

@@ -36,0 +34,0 @@ });

153

src/UserManager.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import OidcClient from './OidcClient';
import UserManagerSettings from './UserManagerSettings';
import User from './User';
import UserManagerEvents from './UserManagerEvents';
import SilentRenewService from './SilentRenewService';
import SessionMonitor from './SessionMonitor';
import TokenRevocationClient from './TokenRevocationClient';
import { Log } from './Log';
import { OidcClient } from './OidcClient';
import { UserManagerSettings } from './UserManagerSettings';
import { User } from './User';
import { UserManagerEvents } from './UserManagerEvents';
import { SilentRenewService } from './SilentRenewService';
import { SessionMonitor } from './SessionMonitor';
import { TokenRevocationClient } from './TokenRevocationClient';
export default class UserManager extends OidcClient {
export class UserManager extends OidcClient {
constructor(settings = {},

@@ -27,6 +27,6 @@ SilentRenewServiceCtor = SilentRenewService,

this._silentRenewService = new SilentRenewServiceCtor(this);
// order is important for the following properties; these services depend upon the events.
if (this.settings.automaticSilentRenew) {
Log.debug("automaticSilentRenew is configured, setting up silent renew");
Log.debug("UserManager.ctor: automaticSilentRenew is configured, setting up silent renew");
this.startSilentRenew();

@@ -36,3 +36,3 @@ }

if (this.settings.monitorSession) {
Log.debug("monitorSession is configured, setting up session monitor");
Log.debug("UserManager.ctor: monitorSession is configured, setting up session monitor");
this._sessionMonitor = new SessionMonitorCtor(this);

@@ -62,7 +62,5 @@ }

getUser() {
Log.debug("UserManager.getUser");
return this._loadUser().then(user => {
if (user) {
Log.info("user loaded");
Log.info("UserManager.getUser: user loaded");

@@ -74,3 +72,3 @@ this._events.load(user, false);

else {
Log.info("user not found in storage");
Log.info("UserManager.getUser: user not found in storage");
return null;

@@ -82,6 +80,4 @@ }

removeUser() {
Log.debug("UserManager.removeUser");
return this.storeUser(null).then(() => {
Log.info("user removed from storage");
Log.info("UserManager.removeUser: user removed from storage");
this._events.unload();

@@ -92,16 +88,14 @@ });

signinRedirect(args) {
Log.debug("UserManager.signinRedirect");
return this._signinStart(args, this._redirectNavigator).then(()=>{
Log.info("signinRedirect successful");
Log.info("UserManager.signinRedirect: successful");
});
}
signinRedirectCallback(url) {
Log.debug("UserManager.signinRedirectCallback");
return this._signinEnd(url || this._redirectNavigator.url).then(user => {
if (user) {
if (user.profile && user.profile.sub) {
Log.info("signinRedirectCallback successful, signed in sub: ", user.profile.sub);
Log.info("UserManager.signinRedirectCallback: successful, signed in sub: ", user.profile.sub);
}
else {
Log.info("signinRedirectCallback successful");
Log.info("UserManager.signinRedirectCallback: no sub");
}

@@ -113,9 +107,7 @@ }

}
signinPopup(args = {}) {
Log.debug("UserManager.signinPopup");
let url = args.redirect_uri || this.settings.popup_redirect_uri || this.settings.redirect_uri;
if (!url) {
Log.error("No popup_redirect_uri or redirect_uri configured");
Log.error("UserManager.signinPopup: No popup_redirect_uri or redirect_uri configured");
return Promise.reject(new Error("No popup_redirect_uri or redirect_uri configured"));

@@ -134,6 +126,6 @@ }

if (user.profile && user.profile.sub) {
Log.info("signinPopup successful, signed in sub: ", user.profile.sub);
Log.info("UserManager.signinPopup: signinPopup successful, signed in sub: ", user.profile.sub);
}
else {
Log.info("signinPopup successful");
Log.info("UserManager.signinPopup: no sub");
}

@@ -146,10 +138,9 @@ }

signinPopupCallback(url) {
Log.debug("UserManager.signinPopupCallback");
return this._signinCallback(url, this._popupNavigator).then(user => {
if (user) {
if (user.profile && user.profile.sub) {
Log.info("signinPopupCallback successful, signed in sub: ", user.profile.sub);
Log.info("UserManager.signinPopupCallback: successful, signed in sub: ", user.profile.sub);
}
else {
Log.info("signinPopupCallback successful");
Log.info("UserManager.signinPopupCallback: no sub");
}

@@ -163,7 +154,5 @@ }

signinSilent(args = {}) {
Log.debug("UserManager.signinSilent");
let url = args.redirect_uri || this.settings.silent_redirect_uri;
if (!url) {
Log.error("No silent_redirect_uri configured");
Log.error("UserManager.signinSilent: No silent_redirect_uri configured");
return Promise.reject(new Error("No silent_redirect_uri configured"));

@@ -193,6 +182,6 @@ }

if (user.profile && user.profile.sub) {
Log.info("signinSilent successful, signed in sub: ", user.profile.sub);
Log.info("UserManager.signinSilent: successful, signed in sub: ", user.profile.sub);
}
else {
Log.info("signinSilent successful");
Log.info("UserManager.signinSilent: no sub");
}

@@ -205,10 +194,9 @@ }

signinSilentCallback(url) {
Log.debug("UserManager.signinSilentCallback");
return this._signinCallback(url, this._iframeNavigator).then(user => {
if (user) {
if (user.profile && user.profile.sub) {
Log.info("signinSilentCallback successful, signed in sub: ", user.profile.sub);
Log.info("UserManager.signinSilentCallback: successful, signed in sub: ", user.profile.sub);
}
else {
Log.info("signinSilentCallback successful");
Log.info("UserManager.signinSilentCallback: no sub");
}

@@ -222,7 +210,5 @@ }

querySessionStatus(args = {}) {
Log.debug("UserManager.querySessionStatus");
let url = args.redirect_uri || this.settings.silent_redirect_uri;
if (!url) {
Log.error("No silent_redirect_uri configured");
Log.error("UserManager.querySessionStatus: No silent_redirect_uri configured");
return Promise.reject(new Error("No silent_redirect_uri configured"));

@@ -241,6 +227,6 @@ }

return this.processSigninResponse(navResponse.url).then(signinResponse => {
Log.debug("got signin response");
Log.debug("UserManager.querySessionStatus: got signin response");
if (signinResponse.session_state && signinResponse.profile.sub && signinResponse.profile.sid) {
Log.info("querySessionStatus success for sub: ", signinResponse.profile.sub);
Log.info("UserManager.querySessionStatus: querySessionStatus success for sub: ", signinResponse.profile.sub);
return {

@@ -260,3 +246,2 @@ session_state: signinResponse.session_state,

_signin(args, navigator, navigatorParams = {}) {
Log.debug("_signin");
return this._signinStart(args, navigator, navigatorParams).then(navResponse => {

@@ -267,17 +252,16 @@ return this._signinEnd(navResponse.url);

_signinStart(args, navigator, navigatorParams = {}) {
Log.debug("_signinStart");
return navigator.prepare(navigatorParams).then(handle => {
Log.debug("got navigator window handle");
Log.debug("UserManager._signinStart: got navigator window handle");
return this.createSigninRequest(args).then(signinRequest => {
Log.debug("got signin request");
Log.debug("UserManager._signinStart: got signin request");
navigatorParams.url = signinRequest.url;
navigatorParams.id = signinRequest.state.id;
return handle.navigate(navigatorParams);
}).catch(err => {
if (handle.close) {
Log.debug("Error after preparing navigator, closing navigator window");
Log.debug("UserManager._signinStart: Error after preparing navigator, closing navigator window");
handle.close();

@@ -290,6 +274,4 @@ }

_signinEnd(url) {
Log.debug("_signinEnd");
return this.processSigninResponse(url).then(signinResponse => {
Log.debug("got signin response");
Log.debug("UserManager._signinEnd: got signin response");

@@ -299,3 +281,3 @@ let user = new User(signinResponse);

return this.storeUser(user).then(() => {
Log.debug("user stored");
Log.debug("UserManager._signinEnd: user stored");

@@ -309,3 +291,3 @@ this._events.load(user);

_signinCallback(url, navigator) {
Log.debug("_signinCallback");
Log.debug("UserManager._signinCallback");
return navigator.callback(url);

@@ -315,3 +297,2 @@ }

signoutRedirect(args = {}) {
Log.debug("UserManager.signoutRedirect");
let postLogoutRedirectUri = args.post_logout_redirect_uri || this.settings.post_logout_redirect_uri;

@@ -322,9 +303,8 @@ if (postLogoutRedirectUri){

return this._signoutStart(args, this._redirectNavigator).then(()=>{
Log.info("signoutRedirect successful");
Log.info("UserManager.signoutRedirect: successful");
});
}
signoutRedirectCallback(url) {
Log.debug("UserManager.signoutRedirectCallback");
return this._signoutEnd(url || this._redirectNavigator.url).then(response=>{
Log.info("signoutRedirectCallback successful");
Log.info("UserManager.signoutRedirectCallback: successful");
return response;

@@ -335,4 +315,2 @@ });

signoutPopup(args = {}) {
Log.debug("UserManager.signinPopup");
let url = args.post_logout_redirect_uri || this.settings.popup_post_logout_redirect_uri || this.settings.post_logout_redirect_uri;

@@ -342,3 +320,3 @@ args.post_logout_redirect_uri = url;

if (args.post_logout_redirect_uri){
// we're putting a dummy entry in here because we
// we're putting a dummy entry in here because we
// need a unique id from the state for notification

@@ -356,3 +334,3 @@ // to the parent window, which is necessary if we

}).then(() => {
Log.info("signoutPopup successful");
Log.info("UserManager.signinPopup: successful");
});

@@ -365,6 +343,6 @@ }

}
Log.debug("UserManager.signoutPopupCallback");
let delimiter = '?';
return this._popupNavigator.callback(url, keepOpen, delimiter).then(() => {
Log.info("signoutPopupCallback successful");
Log.info("UserManager.signoutPopupCallback: successful");
});

@@ -374,3 +352,2 @@ }

_signout(args, navigator, navigatorParams = {}) {
Log.debug("_signout");
return this._signoutStart(args, navigator, navigatorParams).then(navResponse => {

@@ -381,9 +358,7 @@ return this._signoutEnd(navResponse.url);

_signoutStart(args = {}, navigator, navigatorParams = {}) {
Log.debug("_signoutStart");
return navigator.prepare(navigatorParams).then(handle => {
Log.debug("got navigator window handle");
Log.debug("UserManager._signoutStart: got navigator window handle");
return this._loadUser().then(user => {
Log.debug("loaded current user from storage");
Log.debug("UserManager._signoutStart: loaded current user from storage");

@@ -395,3 +370,3 @@ var revokePromise = this._settings.revokeAccessTokenOnSignout ? this._revokeInternal(user) : Promise.resolve();

if (id_token) {
Log.debug("Setting id_token into signout request");
Log.debug("UserManager._signoutStart: Setting id_token into signout request");
args.id_token_hint = id_token;

@@ -401,6 +376,6 @@ }

return this.removeUser().then(() => {
Log.debug("user removed, creating signout request");
Log.debug("UserManager._signoutStart: user removed, creating signout request");
return this.createSignoutRequest(args).then(signoutRequest => {
Log.debug("got signout request");
Log.debug("UserManager._signoutStart: got signout request");

@@ -417,3 +392,3 @@ navigatorParams.url = signoutRequest.url;

if (handle.close) {
Log.debug("Error after preparing navigator, closing navigator window");
Log.debug("UserManager._signoutStart: Error after preparing navigator, closing navigator window");
handle.close();

@@ -426,6 +401,4 @@ }

_signoutEnd(url) {
Log.debug("_signoutEnd");
return this.processSignoutResponse(url).then(signoutResponse => {
Log.debug("got signout response");
Log.debug("UserManager._signoutEnd: got signout response");

@@ -437,8 +410,6 @@ return signoutResponse;

revokeAccessToken() {
Log.debug("UserManager.revokeAccessToken");
return this._loadUser().then(user => {
return this._revokeInternal(user, true).then(success => {
if (success) {
Log.debug("removing token properties from user and re-storing");
Log.debug("UserManager.revokeAccessToken: removing token properties from user and re-storing");

@@ -450,3 +421,3 @@ user.access_token = null;

return this.storeUser(user).then(() => {
Log.debug("user stored");
Log.debug("UserManager.revokeAccessToken: user stored");
this._events.load(user);

@@ -457,3 +428,3 @@ });

}).then(()=>{
Log.info("access token revoked successfully");
Log.info("UserManager.revokeAccessToken: access token revoked successfully");
});

@@ -463,4 +434,2 @@ }

_revokeInternal(user, required) {
Log.debug("checking if token revocation is necessary");
var access_token = user && user.access_token;

@@ -470,3 +439,3 @@

if (!access_token || access_token.indexOf('.') >= 0) {
Log.debug("no need to revoke due to no user, token, or JWT format");
Log.debug("UserManager.revokeAccessToken: no need to revoke due to no user, token, or JWT format");
return Promise.resolve(false);

@@ -491,11 +460,9 @@ }

_loadUser() {
Log.debug("_loadUser");
return this._userStore.get(this._userStoreKey).then(storageString => {
if (storageString) {
Log.debug("user storageString loaded");
Log.debug("UserManager._loadUser: user storageString loaded");
return User.fromStorageString(storageString);
}
Log.debug("no user storageString");
Log.debug("UserManager._loadUser: no user storageString");
return null;

@@ -507,3 +474,3 @@ });

if (user) {
Log.debug("storeUser storing user");
Log.debug("UserManager.storeUser: storing user");

@@ -514,3 +481,3 @@ var storageString = user.toStorageString();

else {
Log.debug("storeUser removing user storage");
Log.debug("storeUser.storeUser: removing user");
return this._userStore.remove(this._userStoreKey);

@@ -517,0 +484,0 @@ }

10

src/UserManagerEvents.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import AccessTokenEvents from './AccessTokenEvents';
import Event from './Event';
import { Log } from './Log';
import { AccessTokenEvents } from './AccessTokenEvents';
import { Event } from './Event';
export default class UserManagerEvents extends AccessTokenEvents {
export class UserManagerEvents extends AccessTokenEvents {

@@ -38,3 +38,3 @@ constructor(settings) {

}
addUserUnloaded(cb) {

@@ -41,0 +41,0 @@ this._userUnloaded.addHandler(cb);

27

src/UserManagerSettings.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import OidcClientSettings from './OidcClientSettings';
import RedirectNavigator from './RedirectNavigator';
import PopupNavigator from './PopupNavigator';
import IFrameNavigator from './IFrameNavigator';
import WebStorageStateStore from './WebStorageStateStore';
import Global from './Global';
import { Log } from './Log';
import { OidcClientSettings } from './OidcClientSettings';
import { RedirectNavigator } from './RedirectNavigator';
import { PopupNavigator } from './PopupNavigator';
import { IFrameNavigator } from './IFrameNavigator';
import { WebStorageStateStore } from './WebStorageStateStore';
import { Global } from './Global';

@@ -15,3 +15,3 @@ const DefaultAccessTokenExpiringNotificationTime = 60;

export default class UserManagerSettings extends OidcClientSettings {
export class UserManagerSettings extends OidcClientSettings {
constructor({

@@ -28,2 +28,3 @@ popup_redirect_uri,

checkSessionInterval = DefaultCheckSessionInterval,
stopCheckSessionOnError = true,
revokeAccessTokenOnSignout = false,

@@ -42,3 +43,3 @@ accessTokenExpiringNotificationTime = DefaultAccessTokenExpiringNotificationTime,

this._popupWindowTarget = popupWindowTarget;
this._silent_redirect_uri = silent_redirect_uri;

@@ -52,2 +53,3 @@ this._silentRequestTimeout = silentRequestTimeout;

this._checkSessionInterval = checkSessionInterval;
this._stopCheckSessionOnError = stopCheckSessionOnError;
this._revokeAccessTokenOnSignout = revokeAccessTokenOnSignout;

@@ -58,3 +60,3 @@

this._iframeNavigator = iframeNavigator;
this._userStore = userStore;

@@ -98,2 +100,5 @@ }

}
get stopCheckSessionOnError(){
return this._stopCheckSessionOnError;
}
get revokeAccessTokenOnSignout() {

@@ -112,3 +117,3 @@ return this._revokeAccessTokenOnSignout;

}
get userStore() {

@@ -115,0 +120,0 @@ return this._userStore;

16

src/WebStorageStateStore.js
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
import Log from './Log';
import Global from './Global';
import { Log } from './Log';
import { Global } from './Global';
export default class WebStorageStateStore {
export class WebStorageStateStore {
constructor({prefix = "oidc.", store = Global.localStorage} = {}) {

@@ -19,3 +19,3 @@ this._store = store;

this._store.setItem(key, value);
return Promise.resolve();

@@ -30,3 +30,3 @@ }

let item = this._store.getItem(key);
return Promise.resolve(item);

@@ -42,3 +42,3 @@ }

this._store.removeItem(key);
return Promise.resolve(item);

@@ -54,3 +54,3 @@ }

let key = this._store.key(index);
if (key.indexOf(this._prefix) === 0) {

@@ -60,5 +60,5 @@ keys.push(key.substr(this._prefix.length));

}
return Promise.resolve(keys);
}
}
dist/oidc-client.js

Sorry, the diff of this file is too big to display

dist/oidc-client.min.js

Sorry, the diff of this file is too big to display

lib/oidc-client.js

Sorry, the diff of this file is too big to display

lib/oidc-client.min.js

Sorry, the diff of this file is too big to display

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc