@frontegg/redux-store 6.165.0-alpha.9 → 6.166.0-alpha.0

package/auth/LoginState/index.d.ts

@@ -238,3 +238,4 @@ declare type DispatchedActions = {
 export declare type LoginActions = DispatchedActions;
 export { loginState, reducers as loginReducers, actions as loginActions };
 export { getRedirectUrl, getSearchParam } from './utils';
+export { defaultFronteggRoutes } from './consts';

package/auth/LoginState/index.js

@@ -139,4 +139,5 @@ const actions = {
  */
 const Matcher = {};
 export { loginState, reducers as loginReducers, actions as loginActions };
-export { getRedirectUrl, getSearchParam } from './utils';
+export { getRedirectUrl, getSearchParam } from './utils';
+export { defaultFronteggRoutes } from './consts';

package/auth/LoginState/saga.d.ts

@@ -1,5 +1,5 @@
 import { CallEffect } from 'redux-saga/effects';
-import { ISamlMetadata } from '@frontegg/rest-api';
+import { ISamlMetadata, ResolvedTenantResult } from '@frontegg/rest-api';
 import { AuthState } from '../interfaces';
 export declare function refreshMetadata(): Generator<import("redux-saga/effects").PutEffect<{
     payload: Partial<AuthState>;
@@ -15,6 +15,12 @@ export declare function loadSSOPublicConfigurationFunction(): Generator<import("
 }>;
 export declare function refreshToken(): Generator<import("redux-saga/effects").SelectEffect | CallEffect<any>, void, AuthState>;
 export declare function refreshTokenForSocialLogins(): Generator<import("redux-saga/effects").SelectEffect | CallEffect<any>, void, AuthState>;
+export declare function requestHostedLoginAuthorize(additionalParams?: Record<string, string>): Generator<any, void, {
+    routes: any;
+    context: any;
+    onRedirectTo: any;
+    urlStrategy: any;
+} & string & ResolvedTenantResult>;
 export declare function loginSagas(): Generator<import("redux-saga/effects").ForkEffect<never>, void, unknown>;
 export { afterAuthNavigation } from './sagas/afterAuthNavigation.saga';
 export { mfaWithAuthenticator } from './sagas/mfaWithAuthenticator.saga';

package/auth/LoginState/saga.js

@@ -34,10 +34,11 @@ import { getSearchParam, TENANT_ID_PARAM_KEY, isMfaRequired, isOauthCallbackRout
 import { errorHandler, GTMEventAction, reportGTMEvent } from '../../utils';
 import { authStrategyLoginStepMap } from './consts';
 import { isEntitlementsDeeplyEqual } from '../Entitlements';
-import { customLoginEnabled, loadCustomLoginRoutes } from '../CustomLoginState/saga';
+import { loadCustomLoginRoutes } from '../CustomLoginState/saga';
 import { FronteggNativeModule } from '../../toolkit';
 import { afterAuthenticationStateUpdate, shouldShowPromptPasskeys } from './saga.utils';
-import { afterAuthNavigation, loginWithMfa, preVerifyMFASMSForLogin, verifyMFASMSForLogin, preVerifyMFAWebAuthnForLogin, verifyMFAWebAuthnForLogin, preVerifyMFAEmailCodeForLogin, verifyMFAEmailCodeForLogin } from './sagas';
+import { afterAuthNavigation, loginWithMfa, preVerifyMFASMSForLogin, verifyMFASMSForLogin, preVerifyMFAWebAuthnForLogin, verifyMFAWebAuthnForLogin, preVerifyMFAEmailCodeForLogin, verifyMFAEmailCodeForLogin, afterStepUpAuthNavigation } from './sagas';
+import { SHOULD_STEP_UP_KEY } from '../StepUpState/consts';
 
 /******************************************************************
  ***                                                             ****
@@ -349,17 +350,8 @@ function* requestAuthorize({
   payload: firstTime
 }) {
   const calls = [];
-  const isCustomLoginEnabled = yield call(customLoginEnabled);
-  if (isCustomLoginEnabled) {
-    /*
-    // waiting for refreshToken to be loaded is only necessary for custom login
-    // but doing this will degrade the loading performance in around 500 ms
-    // so we will wait for the refreshToken only if there is tenantResolver
-    */
-    yield call(refreshToken);
-  } else {
-    calls.push(call(refreshToken));
-  }
+  const callsAfterRefresh = [];
+  calls.push(call(refreshToken));
   if (firstTime) {
     yield put(actions.setState({
       isLoading: true
@@ -370,9 +362,17 @@ function* requestAuthorize({
     calls.push(call(loadSSOPublicConfigurationFunction));
     calls.push(call(loadVendorPublicInfo));
     calls.push(call(refreshMetadata));
-    calls.push(call(loadCustomLoginRoutes));
+    /*
+      We will load custom login routes only if custom login is enabled
+      In order to check if custom login is enabled without the tenant alias (search-param/sub-domain)
+      we have to wait for the user state (refreshToken request)
+    */
+    callsAfterRefresh.push(call(loadCustomLoginRoutes));
   }
   yield all(calls);
+  if (callsAfterRefresh.length > 0) {
+    yield all(callsAfterRefresh);
+  }
   yield put(actions.setState({
     isLoading: false
   }));
@@ -510,7 +510,7 @@ function* refreshOrRequestHostedLoginAuthorizeV2({
     yield requestHostedLoginAuthorize(additionalParams);
   }
 }
-function* requestHostedLoginAuthorize(additionalParams) {
+export function* requestHostedLoginAuthorize(additionalParams) {
   const {
     routes,
     context,
@@ -620,7 +620,13 @@ function* handleHostedLoginCallback({
     }));
     console.error('Failed to exchangeOAuthTokens', e);
   } finally {
-    yield afterAuthNavigation();
+    const isStepUpFlow = window.localStorage.getItem(SHOULD_STEP_UP_KEY);
+    window.localStorage.removeItem(SHOULD_STEP_UP_KEY);
+    if (isStepUpFlow) {
+      yield afterStepUpAuthNavigation();
+    } else {
+      yield afterAuthNavigation();
+    }
   }
 }
 function* changePhoneNumberWithVerification(_ref4) {

package/auth/StepUpState/consts.d.ts

@@ -15,3 +15,7 @@ export declare const AMR_ADDITIONAL_VALUE: string[];
  * Used for scenarios when we logout for re-login and then should redirect to step up page
  */
 export declare const SHOULD_STEP_UP_KEY = "SHOULD_STEP_UP";
+/**
+ * The name of the query param that contains the max age of the step up
+ */
+export declare const STEP_UP_MAX_AGE_PARAM_NAME = "maxAge";

package/auth/StepUpState/consts.js

@@ -17,4 +17,9 @@ export const AMR_ADDITIONAL_VALUE = ['otp', 'sms', 'hwk'];
  * SHOULD_STEP_UP_KEY local storage key
  * Used for scenarios when we logout for re-login and then should redirect to step up page
  */
-export const SHOULD_STEP_UP_KEY = 'SHOULD_STEP_UP';
+export const SHOULD_STEP_UP_KEY = 'SHOULD_STEP_UP';
+
+/**
+ * The name of the query param that contains the max age of the step up
+ */
+export const STEP_UP_MAX_AGE_PARAM_NAME = 'maxAge';

package/auth/StepUpState/index.d.ts

@@ -1,5 +1,5 @@
 import { IPreVerifyMFA, IVerifyMFASMS, IVerifyMFAEmailCode } from '@frontegg/rest-api';
-import { IGenerateStepUpSession, IStepUpWithAuthenticator, StepUpState } from './interfaces';
+import { IGenerateStepUpSession, IStepUpHostedLogin, IStepUpWithAuthenticator, StepUpState } from './interfaces';
 import { WithCallback } from '../../interfaces';
 import { IPreVerifyMFAWebAuthNForLoginResponse, IVerifyMFAWebAuthnPayload, WithDeviceId } from '../LoginState/interfaces';
 declare const stepUpState: StepUpState;
@@ -108,6 +108,7 @@ declare const reducers: {
     };
 };
 declare const actions: {
+    stepUpHostedLogin: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[IStepUpHostedLogin], IStepUpHostedLogin, string, never, never>;
     generateStepUpSession: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[WithCallback<IGenerateStepUpSession, boolean>], WithCallback<IGenerateStepUpSession, boolean>, string, never, never>;
     stepUpWithAuthenticator: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[WithCallback<IStepUpWithAuthenticator, boolean>], WithCallback<IStepUpWithAuthenticator, boolean>, string, never, never>;
     preVerifyMFASMSForStepUp: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[WithCallback<WithDeviceId<IPreVerifyMFA>, boolean>], WithCallback<WithDeviceId<IPreVerifyMFA>, boolean>, string, never, never>;
@@ -125,6 +126,7 @@ declare type DispatchedActions = {
     setStepUpState: (state: Partial<StepUpState>) => void;
     resetStepUpState: () => void;
     generateStepUpSession: (payload: WithCallback<IGenerateStepUpSession>) => void;
+    stepUpHostedLogin: (payload: IStepUpHostedLogin) => void;
     stepUpWithAuthenticator: (payload: WithCallback<IStepUpWithAuthenticator>) => void;
     preVerifyMFASMSForStepUp: (payload: WithCallback<WithDeviceId<IPreVerifyMFA>>) => void;
     verifyMFASMSForStepUp: (payload: WithCallback<WithDeviceId<IVerifyMFASMS>>) => void;
@@ -136,3 +138,4 @@ declare type DispatchedActions = {
 export declare type StepUpActions = DispatchedActions;
 export { stepUpState, reducers as stepUpReducers, actions as stepUpActions };
 export * from './utils';
+export { STEP_UP_MAX_AGE_PARAM_NAME, SHOULD_STEP_UP_KEY } from './consts';

package/auth/StepUpState/index.js

@@ -13,6 +13,9 @@ const reducers = {
   })
 };
 const actions = {
+  stepUpHostedLogin: createAction(`${authStoreName}/stepUpHostedLogin`, payload => ({
+    payload
+  })),
   generateStepUpSession: createAction(`${authStoreName}/generateStepUpSession`, payload => ({
     payload
   })),
@@ -51,4 +54,5 @@ const actions = {
  */
 const Matcher = {};
 export { stepUpState, reducers as stepUpReducers, actions as stepUpActions };
-export * from './utils';
+export * from './utils';
+export { STEP_UP_MAX_AGE_PARAM_NAME, SHOULD_STEP_UP_KEY } from './consts';

package/auth/StepUpState/interfaces.d.ts

@@ -21,3 +21,15 @@ export interface IStepUpWithAuthenticator {
     mfaToken: string;
     value: string;
 }
+/**
+ * Step up hosted login options
+ */
+export interface IStepUpHostedLogin {
+    maxAge?: number;
+}
+/**
+ * Step up options (for stepUp function)
+ */
+export interface StepUpOptions {
+    maxAge?: number;
+}

package/auth/StepUpState/saga.js

@@ -5,6 +5,7 @@ import { preVerifyMFASMS, verifyMFASMS } from '../LoginState/sagas/mfaWithSMS.sa
 import { preVerifyMFAWebAuthn, verifyMFAWebAuthn } from '../LoginState/sagas/mfaWithWebAuthn.saga';
 import { verifyMFAEmailCode, preVerifyMFAEmailCode } from '../LoginState/sagas/mfaWithEmailCode.saga';
 import { generateStepUpSession } from './generateStepUpSession.saga';
+import { stepUpHostedLogin } from './stepUpHostedLogin.saga';
 
 /**
  * Step up with authenticator app
@@ -93,6 +94,7 @@ export function* preVerifyMFAEmailCodeForStepUp({
   yield preVerifyMFAEmailCode(payload, actions.setStepUpState);
 }
 export function* stepUpSagas() {
+  yield takeLeading(actions.stepUpHostedLogin, stepUpHostedLogin);
   yield takeLeading(actions.generateStepUpSession, generateStepUpSession);
   yield takeLeading(actions.stepUpWithAuthenticator, stepUpWithAuthenticator);
   yield takeLeading(actions.preVerifyMFASMSForStepUp, preVerifyMFASMSForStepUp);

package/auth/StepUpState/stepUpHostedLogin.saga.d.ts

@@ -0,0 +1,12 @@
+import { PayloadAction } from '@reduxjs/toolkit';
+import { IStepUpHostedLogin } from './interfaces';
+/**
+ * Step up for hosted login apps
+ * @param payload.maxAge
+ */
+export declare function stepUpHostedLogin({ payload }: PayloadAction<IStepUpHostedLogin>): Generator<Generator<any, void, {
+    routes: any;
+    context: any;
+    onRedirectTo: any;
+    urlStrategy: any;
+} & string & import("@frontegg/rest-api").ResolvedTenantResult>, void, unknown>;

package/auth/StepUpState/stepUpHostedLogin.saga.js

@@ -0,0 +1,24 @@
+import { requestHostedLoginAuthorize } from '../LoginState/saga';
+import { ACR_VALUE, SHOULD_STEP_UP_KEY } from './consts';
+import { setAfterAuthRedirectUrlForStepUp } from './utils';
+
+/**
+ * Step up for hosted login apps
+ * @param payload.maxAge
+ */
+export function* stepUpHostedLogin({
+  payload
+}) {
+  const params = {
+    acr_values: ACR_VALUE
+  };
+  const {
+    maxAge
+  } = payload || {};
+  if (maxAge !== undefined) {
+    params.max_age = maxAge.toString();
+  }
+  setAfterAuthRedirectUrlForStepUp();
+  window.localStorage.setItem(SHOULD_STEP_UP_KEY, 'true');
+  yield requestHostedLoginAuthorize(params);
+}

package/auth/StepUpState/utils.d.ts

@@ -1,8 +1,11 @@
-interface IsSteppedUpOptions {
+import { RedirectOptions } from '@frontegg/rest-api';
+export interface IsSteppedUpOptions {
+    maxAge?: number;
+}
+export interface SteppedUpJWTValues {
     amr?: string[];
     acr?: string;
     auth_time?: number;
-    maxAge?: number;
 }
 /**
  * @param options.amr
@@ -11,5 +14,16 @@ interface IsSteppedUpOptions {
  * @param options.maxAge - max age of step up
  * @returns true when the user is stepped up, false otherwise
  */
-export declare const isSteppedUp: ({ amr, acr, auth_time, maxAge }?: IsSteppedUpOptions) => boolean;
-export {};
+export declare const isSteppedUp: (user?: SteppedUpJWTValues | null | undefined, { maxAge }?: IsSteppedUpOptions) => boolean;
+/**
+ * Set the url and query params in the local storage FRONTEGG_AFTER_AUTH_REDIRECT_URL value
+ */
+export declare function setAfterAuthRedirectUrlForStepUp(): void;
+/**
+ * Redirects to the step up url with the max age param and set the redirect url in the local storage
+ * The redirect url will be used after the step up flow is done
+ * @param stepUpUrl - step up url to redirect to
+ * @param onRedirectTo - redirect to function
+ * @param maxAge - max age of step up
+ */
+export declare const redirectByStepUpUrl: (stepUpUrl: string, onRedirectTo: (path: string, opts?: RedirectOptions | undefined) => void, maxAge?: number | undefined) => void;

package/auth/StepUpState/utils.js

@@ -1,4 +1,5 @@
-import { ACR_VALUE, AMR_MFA_VALUE, AMR_ADDITIONAL_VALUE } from './consts';
+import { FRONTEGG_AFTER_AUTH_REDIRECT_URL } from '../../constants';
+import { ACR_VALUE, AMR_MFA_VALUE, AMR_ADDITIONAL_VALUE, STEP_UP_MAX_AGE_PARAM_NAME } from './consts';
 /**
  * @param options.amr
  * @param options.acr
@@ -6,12 +7,15 @@ import { ACR_VALUE, AMR_MFA_VALUE, AMR_ADDITIONAL_VALUE } from './consts';
  * @param options.maxAge - max age of step up
  * @returns true when the user is stepped up, false otherwise
  */
-export const isSteppedUp = ({
-  amr = [],
-  acr = '',
-  auth_time,
+export const isSteppedUp = (user, {
   maxAge
 } = {}) => {
+  if (!user) return false;
+  const {
+    amr = [],
+    acr = '',
+    auth_time
+  } = user;
   if (maxAge && auth_time) {
     // when user is logged in for a long time (more than maxAge, but jwt is still valid because it's not refreshed yet)
     const isMaxAgeValid = Date.now() / 1000 - auth_time <= maxAge;
@@ -21,4 +25,27 @@ export const isSteppedUp = ({
   const isAMRIncludesMFA = amr.indexOf(AMR_MFA_VALUE) !== -1;
   const isAMRIncludesMethod = AMR_ADDITIONAL_VALUE.find(method => amr.indexOf(method)) !== undefined;
   return isACRValid && isAMRIncludesMFA && isAMRIncludesMethod;
+};
+
+/**
+ * Set the url and query params in the local storage FRONTEGG_AFTER_AUTH_REDIRECT_URL value
+ */
+export function setAfterAuthRedirectUrlForStepUp() {
+  const encodedRedirectUrl = window.location.pathname + window.location.search;
+  window.localStorage.setItem(FRONTEGG_AFTER_AUTH_REDIRECT_URL, encodedRedirectUrl);
+}
+
+/**
+ * Redirects to the step up url with the max age param and set the redirect url in the local storage
+ * The redirect url will be used after the step up flow is done
+ * @param stepUpUrl - step up url to redirect to
+ * @param onRedirectTo - redirect to function
+ * @param maxAge - max age of step up
+ */
+export const redirectByStepUpUrl = (stepUpUrl, onRedirectTo, maxAge) => {
+  setAfterAuthRedirectUrlForStepUp();
+  const maxAgePart = maxAge !== undefined ? `?${STEP_UP_MAX_AGE_PARAM_NAME}=${maxAge}` : '';
+  onRedirectTo(`${stepUpUrl}${maxAgePart}`, {
+    refresh: false
+  });
 };

package/auth/index.d.ts

@@ -495,6 +495,7 @@ declare const _default: {
         } | undefined, string, never, never>;
         loginViaSocialLogin: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("./SocialLogins/interfaces").ILoginViaSocialLoginPayload], import("./SocialLogins/interfaces").ILoginViaSocialLoginPayload, string, never, never>;
         setSocialLoginError: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("@frontegg/rest-api").ISetSocialLoginError], import("@frontegg/rest-api").ISetSocialLoginError, string, never, never>;
+        stepUpHostedLogin: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("./StepUpState/interfaces").IStepUpHostedLogin], import("./StepUpState/interfaces").IStepUpHostedLogin, string, never, never>;
         generateStepUpSession: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("..").WithCallback<import("./StepUpState/interfaces").IGenerateStepUpSession, boolean>], import("..").WithCallback<import("./StepUpState/interfaces").IGenerateStepUpSession, boolean>, string, never, never>;
         stepUpWithAuthenticator: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("..").WithCallback<import("./StepUpState/interfaces").IStepUpWithAuthenticator, boolean>], import("..").WithCallback<import("./StepUpState/interfaces").IStepUpWithAuthenticator, boolean>, string, never, never>;
         preVerifyMFASMSForStepUp: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("..").WithCallback<import("./LoginState/interfaces").WithDeviceId<import("@frontegg/rest-api").IPreVerifyMFA>, boolean>], import("..").WithCallback<import("./LoginState/interfaces").WithDeviceId<import("@frontegg/rest-api").IPreVerifyMFA>, boolean>, string, never, never>;

package/auth/reducer.d.ts

@@ -453,6 +453,7 @@ declare const actions: {
     } | undefined, string, never, never>;
     loginViaSocialLogin: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import(".").ILoginViaSocialLoginPayload], import(".").ILoginViaSocialLoginPayload, string, never, never>;
     setSocialLoginError: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("@frontegg/rest-api").ISetSocialLoginError], import("@frontegg/rest-api").ISetSocialLoginError, string, never, never>;
+    stepUpHostedLogin: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import(".").IStepUpHostedLogin], import(".").IStepUpHostedLogin, string, never, never>;
     generateStepUpSession: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("..").WithCallback<import(".").IGenerateStepUpSession, boolean>], import("..").WithCallback<import(".").IGenerateStepUpSession, boolean>, string, never, never>;
     stepUpWithAuthenticator: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("..").WithCallback<import(".").IStepUpWithAuthenticator, boolean>], import("..").WithCallback<import(".").IStepUpWithAuthenticator, boolean>, string, never, never>;
     preVerifyMFASMSForStepUp: import("@reduxjs/toolkit").ActionCreatorWithPreparedPayload<[import("..").WithCallback<import(".").WithDeviceId<import("@frontegg/rest-api").IPreVerifyMFA>, boolean>], import("..").WithCallback<import(".").WithDeviceId<import("@frontegg/rest-api").IPreVerifyMFA>, boolean>, string, never, never>;

package/index.js

@@ -1,4 +1,4 @@
-/** @license Frontegg v6.165.0-alpha.9
+/** @license Frontegg v6.166.0-alpha.0
  *
  * This source code is licensed under the MIT license found in the
  * LICENSE file in the root directory of this source tree.

package/node/auth/LoginState/index.js

@@ -3,6 +3,12 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
+Object.defineProperty(exports, "defaultFronteggRoutes", {
+  enumerable: true,
+  get: function () {
+    return _consts.defaultFronteggRoutes;
+  }
+});
 Object.defineProperty(exports, "getRedirectUrl", {
   enumerable: true,
   get: function () {
@@ -21,6 +27,7 @@ var _interfaces = require("./interfaces");
 var _utils = require("../utils");
 var _constants = require("../../constants");
 var _utils2 = require("./utils");
+var _consts = require("./consts");
 const loginState = {
   flow: _interfaces.LoginFlow.Login,
   step: _interfaces.LoginStep.preLogin,

package/node/auth/LoginState/saga.js

@@ -22,6 +22,7 @@ Object.defineProperty(exports, "mfaWithAuthenticator", {
 exports.refreshMetadata = refreshMetadata;
 exports.refreshToken = refreshToken;
 exports.refreshTokenForSocialLogins = refreshTokenForSocialLogins;
+exports.requestHostedLoginAuthorize = requestHostedLoginAuthorize;
 var _objectWithoutPropertiesLoose2 = _interopRequireDefault(require("@babel/runtime/helpers/objectWithoutPropertiesLoose"));
 var _extends2 = _interopRequireDefault(require("@babel/runtime/helpers/extends"));
 var _effects = require("redux-saga/effects");
@@ -47,6 +48,7 @@ var _saga4 = require("../CustomLoginState/saga");
 var _toolkit = require("../../toolkit");
 var _saga5 = require("./saga.utils");
 var _sagas = require("./sagas");
+var _consts2 = require("../StepUpState/consts");
 var _afterAuthNavigation = require("./sagas/afterAuthNavigation.saga");
 var _mfaWithAuthenticator = require("./sagas/mfaWithAuthenticator.saga");
 const _excluded = ["callback"],
@@ -374,17 +376,8 @@ function* requestAuthorize({
   payload: firstTime
 }) {
   const calls = [];
-  const isCustomLoginEnabled = yield (0, _effects.call)(_saga4.customLoginEnabled);
-  if (isCustomLoginEnabled) {
-    /*
-    // waiting for refreshToken to be loaded is only necessary for custom login
-    // but doing this will degrade the loading performance in around 500 ms
-    // so we will wait for the refreshToken only if there is tenantResolver
-    */
-    yield (0, _effects.call)(refreshToken);
-  } else {
-    calls.push((0, _effects.call)(refreshToken));
-  }
+  const callsAfterRefresh = [];
+  calls.push((0, _effects.call)(refreshToken));
   if (firstTime) {
     yield (0, _effects.put)(_reducer.actions.setState({
       isLoading: true
@@ -395,9 +388,17 @@ function* requestAuthorize({
     calls.push((0, _effects.call)(loadSSOPublicConfigurationFunction));
     calls.push((0, _effects.call)(_saga2.loadVendorPublicInfo));
     calls.push((0, _effects.call)(refreshMetadata));
-    calls.push((0, _effects.call)(_saga4.loadCustomLoginRoutes));
+    /*
+      We will load custom login routes only if custom login is enabled
+      In order to check if custom login is enabled without the tenant alias (search-param/sub-domain)
+      we have to wait for the user state (refreshToken request)
+    */
+    callsAfterRefresh.push((0, _effects.call)(_saga4.loadCustomLoginRoutes));
   }
   yield (0, _effects.all)(calls);
+  if (callsAfterRefresh.length > 0) {
+    yield (0, _effects.all)(callsAfterRefresh);
+  }
   yield (0, _effects.put)(_reducer.actions.setState({
     isLoading: false
   }));
@@ -645,7 +646,13 @@ function* handleHostedLoginCallback({
     }));
     console.error('Failed to exchangeOAuthTokens', e);
   } finally {
-    yield (0, _sagas.afterAuthNavigation)();
+    const isStepUpFlow = window.localStorage.getItem(_consts2.SHOULD_STEP_UP_KEY);
+    window.localStorage.removeItem(_consts2.SHOULD_STEP_UP_KEY);
+    if (isStepUpFlow) {
+      yield (0, _sagas.afterStepUpAuthNavigation)();
+    } else {
+      yield (0, _sagas.afterAuthNavigation)();
+    }
   }
 }
 function* changePhoneNumberWithVerification(_ref4) {

package/node/auth/StepUpState/consts.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.SHOULD_STEP_UP_KEY = exports.AMR_MFA_VALUE = exports.AMR_ADDITIONAL_VALUE = exports.ACR_VALUE = void 0;
+exports.STEP_UP_MAX_AGE_PARAM_NAME = exports.SHOULD_STEP_UP_KEY = exports.AMR_MFA_VALUE = exports.AMR_ADDITIONAL_VALUE = exports.ACR_VALUE = void 0;
 /**
  * The required ACR (Authorization Context Reference) value for the step up flow
  */
@@ -27,4 +27,10 @@ const AMR_ADDITIONAL_VALUE = ['otp', 'sms', 'hwk'];
  */
 exports.AMR_ADDITIONAL_VALUE = AMR_ADDITIONAL_VALUE;
 const SHOULD_STEP_UP_KEY = 'SHOULD_STEP_UP';
-exports.SHOULD_STEP_UP_KEY = SHOULD_STEP_UP_KEY;
+
+/**
+ * The name of the query param that contains the max age of the step up
+ */
+exports.SHOULD_STEP_UP_KEY = SHOULD_STEP_UP_KEY;
+const STEP_UP_MAX_AGE_PARAM_NAME = 'maxAge';
+exports.STEP_UP_MAX_AGE_PARAM_NAME = STEP_UP_MAX_AGE_PARAM_NAME;

package/node/auth/StepUpState/index.js

@@ -6,8 +6,22 @@ Object.defineProperty(exports, "__esModule", {
 var _exportNames = {
   stepUpState: true,
   stepUpReducers: true,
-  stepUpActions: true
+  stepUpActions: true,
+  STEP_UP_MAX_AGE_PARAM_NAME: true,
+  SHOULD_STEP_UP_KEY: true
 };
+Object.defineProperty(exports, "SHOULD_STEP_UP_KEY", {
+  enumerable: true,
+  get: function () {
+    return _consts.SHOULD_STEP_UP_KEY;
+  }
+});
+Object.defineProperty(exports, "STEP_UP_MAX_AGE_PARAM_NAME", {
+  enumerable: true,
+  get: function () {
+    return _consts.STEP_UP_MAX_AGE_PARAM_NAME;
+  }
+});
 exports.stepUpState = exports.stepUpReducers = exports.stepUpActions = void 0;
 var _toolkit = require("@reduxjs/toolkit");
 var _utils = require("../utils");
@@ -24,6 +38,7 @@ Object.keys(_utils2).forEach(function (key) {
     }
   });
 });
+var _consts = require("./consts");
 const stepUpState = {
   loading: false,
   mfaDevices: undefined,
@@ -38,6 +53,9 @@ const reducers = {
 };
 exports.stepUpReducers = reducers;
 const actions = {
+  stepUpHostedLogin: (0, _toolkit.createAction)(`${_constants.authStoreName}/stepUpHostedLogin`, payload => ({
+    payload
+  })),
   generateStepUpSession: (0, _toolkit.createAction)(`${_constants.authStoreName}/generateStepUpSession`, payload => ({
     payload
   })),

package/node/auth/StepUpState/saga.js

@@ -18,6 +18,7 @@ var _mfaWithSMS = require("../LoginState/sagas/mfaWithSMS.saga");
 var _mfaWithWebAuthn = require("../LoginState/sagas/mfaWithWebAuthn.saga");
 var _mfaWithEmailCode = require("../LoginState/sagas/mfaWithEmailCode.saga");
 var _generateStepUpSession = require("./generateStepUpSession.saga");
+var _stepUpHostedLogin = require("./stepUpHostedLogin.saga");
 /**
  * Step up with authenticator app
  * @param payload.callback - callback function to be called after the verification is done
@@ -105,6 +106,7 @@ function* preVerifyMFAEmailCodeForStepUp({
   yield (0, _mfaWithEmailCode.preVerifyMFAEmailCode)(payload, _reducer.actions.setStepUpState);
 }
 function* stepUpSagas() {
+  yield (0, _effects.takeLeading)(_reducer.actions.stepUpHostedLogin, _stepUpHostedLogin.stepUpHostedLogin);
   yield (0, _effects.takeLeading)(_reducer.actions.generateStepUpSession, _generateStepUpSession.generateStepUpSession);
   yield (0, _effects.takeLeading)(_reducer.actions.stepUpWithAuthenticator, stepUpWithAuthenticator);
   yield (0, _effects.takeLeading)(_reducer.actions.preVerifyMFASMSForStepUp, preVerifyMFASMSForStepUp);

package/node/auth/StepUpState/stepUpHostedLogin.saga.js

@@ -0,0 +1,29 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.stepUpHostedLogin = stepUpHostedLogin;
+var _saga = require("../LoginState/saga");
+var _consts = require("./consts");
+var _utils = require("./utils");
+/**
+ * Step up for hosted login apps
+ * @param payload.maxAge
+ */
+function* stepUpHostedLogin({
+  payload
+}) {
+  const params = {
+    acr_values: _consts.ACR_VALUE
+  };
+  const {
+    maxAge
+  } = payload || {};
+  if (maxAge !== undefined) {
+    params.max_age = maxAge.toString();
+  }
+  (0, _utils.setAfterAuthRedirectUrlForStepUp)();
+  window.localStorage.setItem(_consts.SHOULD_STEP_UP_KEY, 'true');
+  yield (0, _saga.requestHostedLoginAuthorize)(params);
+}

package/node/auth/StepUpState/utils.js

@@ -3,7 +3,9 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.isSteppedUp = void 0;
+exports.redirectByStepUpUrl = exports.isSteppedUp = void 0;
+exports.setAfterAuthRedirectUrlForStepUp = setAfterAuthRedirectUrlForStepUp;
+var _constants = require("../../constants");
 var _consts = require("./consts");
 /**
  * @param options.amr
@@ -12,12 +14,15 @@ var _consts = require("./consts");
  * @param options.maxAge - max age of step up
  * @returns true when the user is stepped up, false otherwise
  */
-const isSteppedUp = ({
-  amr = [],
-  acr = '',
-  auth_time,
+const isSteppedUp = (user, {
   maxAge
 } = {}) => {
+  if (!user) return false;
+  const {
+    amr = [],
+    acr = '',
+    auth_time
+  } = user;
   if (maxAge && auth_time) {
     // when user is logged in for a long time (more than maxAge, but jwt is still valid because it's not refreshed yet)
     const isMaxAgeValid = Date.now() / 1000 - auth_time <= maxAge;
@@ -28,4 +33,28 @@ const isSteppedUp = ({
   const isAMRIncludesMethod = _consts.AMR_ADDITIONAL_VALUE.find(method => amr.indexOf(method)) !== undefined;
   return isACRValid && isAMRIncludesMFA && isAMRIncludesMethod;
 };
-exports.isSteppedUp = isSteppedUp;
+
+/**
+ * Set the url and query params in the local storage FRONTEGG_AFTER_AUTH_REDIRECT_URL value
+ */
+exports.isSteppedUp = isSteppedUp;
+function setAfterAuthRedirectUrlForStepUp() {
+  const encodedRedirectUrl = window.location.pathname + window.location.search;
+  window.localStorage.setItem(_constants.FRONTEGG_AFTER_AUTH_REDIRECT_URL, encodedRedirectUrl);
+}
+
+/**
+ * Redirects to the step up url with the max age param and set the redirect url in the local storage
+ * The redirect url will be used after the step up flow is done
+ * @param stepUpUrl - step up url to redirect to
+ * @param onRedirectTo - redirect to function
+ * @param maxAge - max age of step up
+ */
+const redirectByStepUpUrl = (stepUpUrl, onRedirectTo, maxAge) => {
+  setAfterAuthRedirectUrlForStepUp();
+  const maxAgePart = maxAge !== undefined ? `?${_consts.STEP_UP_MAX_AGE_PARAM_NAME}=${maxAge}` : '';
+  onRedirectTo(`${stepUpUrl}${maxAgePart}`, {
+    refresh: false
+  });
+};
+exports.redirectByStepUpUrl = redirectByStepUpUrl;

package/node/index.js

@@ -1,4 +1,4 @@
-/** @license Frontegg v6.165.0-alpha.9
+/** @license Frontegg v6.166.0-alpha.0
  *
  * This source code is licensed under the MIT license found in the
  * LICENSE file in the root directory of this source tree.

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@frontegg/redux-store",
-  "version": "6.165.0-alpha.9",
+  "version": "6.166.0-alpha.0",
   "main": "./node/index.js",
   "license": "MIT",
   "author": "Frontegg LTD",
   "dependencies": {
     "@babel/runtime": "^7.18.6",
     "@frontegg/entitlements-javascript-commons": "1.0.1",
-    "@frontegg/rest-api": "3.1.55",
+    "@frontegg/rest-api": "3.1.56",
     "@reduxjs/toolkit": "1.8.5",
     "fast-deep-equal": "3.1.3",
     "redux-saga": "^1.2.1",