@node-c/domain-iam-okta 1.0.0-beta0

package/LICENSE

@@ -0,0 +1 @@
+MIT

package/README.md

@@ -0,0 +1,4 @@
+# Node-C / Domain: IAM Okta 
+This is a plugin for Node-C's "Domain: IAM" package. It adds Okta auth to the standard set of authentication methods provided by the "Domain: IAM" package.
+
+The documentation can be found on the [Node-C Github repo homepage](https://github.com/RazorDude/node-c).

package/dist/index.d.ts

@@ -0,0 +1 @@
+export * from './services';

package/dist/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./services"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B"}

package/dist/services/authenticationOkta/iam.authenticationOkta.definitions.d.ts

@@ -0,0 +1,23 @@
+import { IAMAuthenticationGetUserDataFromExternalTokenPayloadsData, IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult, IAMAuthenticationOAuth2CompleteData, IAMAuthenticationOAuth2CompleteOptions, IAMAuthenticationOAuth2CompleteResult, IAMAuthenticationOAuth2GetUserCreateAccessTokenConfigResult, IAMAuthenticationOAuth2InitiateData, IAMAuthenticationOAuth2InitiateOptions, IAMAuthenticationOAuth2InitiateResult, IAMAuthenticationRefreshExternalAccessTokenData, IAMAuthenticationRefreshExternalAccessTokenResult } from '@node-c/domain-iam';
+export type IAMAuthenticationOktaCompleteData = IAMAuthenticationOAuth2CompleteData;
+export type IAMAuthenticationOktaCompleteOptions<Context extends object> = IAMAuthenticationOAuth2CompleteOptions<Context>;
+export interface IAMAuthenticationOktaCompleteResult extends IAMAuthenticationOAuth2CompleteResult {
+    idToken: string;
+    refreshToken: string;
+}
+export type IAMAuthenticationOktaGetUserCreateAccessTokenConfigResult = IAMAuthenticationOAuth2GetUserCreateAccessTokenConfigResult;
+export type IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsData = IAMAuthenticationGetUserDataFromExternalTokenPayloadsData;
+export type IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsResult = IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult;
+export interface IAMAuthenticationOktaInitiateData extends IAMAuthenticationOAuth2InitiateData {
+    scope: string;
+}
+export type IAMAuthenticationOktaInitiateOptions<Context extends object> = Omit<IAMAuthenticationOAuth2InitiateOptions<Context>, 'generateNonce' | 'withPCKE'>;
+export interface IAMAuthenticationOktaInitiateResult extends IAMAuthenticationOAuth2InitiateResult {
+    authorizationCodeRequestURL: string;
+    codeChallenge: string;
+    codeVerifier: string;
+    nonce: string;
+    state: string;
+}
+export type IAMAuthenticationOktaRefreshExternalAccessTokenData = IAMAuthenticationRefreshExternalAccessTokenData;
+export type IAMAuthenticationOktaRefreshExternalAccessTokenResult = IAMAuthenticationRefreshExternalAccessTokenResult;

package/dist/services/authenticationOkta/iam.authenticationOkta.definitions.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=iam.authenticationOkta.definitions.js.map

package/dist/services/authenticationOkta/iam.authenticationOkta.definitions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iam.authenticationOkta.definitions.js","sourceRoot":"","sources":["../../../src/services/authenticationOkta/iam.authenticationOkta.definitions.ts"],"names":[],"mappings":""}

package/dist/services/authenticationOkta/iam.authenticationOkta.service.d.ts

@@ -0,0 +1,14 @@
+import { ConfigProviderService } from '@node-c/core';
+import { IAMAuthenticationOAuth2Service } from '@node-c/domain-iam';
+import { IAMAuthenticationOktaCompleteData, IAMAuthenticationOktaCompleteOptions, IAMAuthenticationOktaCompleteResult, IAMAuthenticationOktaGetUserCreateAccessTokenConfigResult, IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsData, IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsResult, IAMAuthenticationOktaInitiateData, IAMAuthenticationOktaInitiateOptions, IAMAuthenticationOktaInitiateResult, IAMAuthenticationOktaRefreshExternalAccessTokenData, IAMAuthenticationOktaRefreshExternalAccessTokenResult } from './iam.authenticationOkta.definitions';
+export declare class IAMAuthenticationOktaService<CompleteContext extends object, InitiateContext extends object> extends IAMAuthenticationOAuth2Service<CompleteContext, InitiateContext> {
+    protected configProvider: ConfigProviderService;
+    protected moduleName: string;
+    protected serviceName: string;
+    constructor(configProvider: ConfigProviderService, moduleName: string, serviceName: string);
+    complete(data: IAMAuthenticationOktaCompleteData, options: IAMAuthenticationOktaCompleteOptions<CompleteContext>): Promise<IAMAuthenticationOktaCompleteResult>;
+    getUserDataFromExternalTokenPayloads(data: IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsData): Promise<IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsResult | null>;
+    getUserCreateAccessTokenConfig(): IAMAuthenticationOktaGetUserCreateAccessTokenConfigResult;
+    initiate(data: IAMAuthenticationOktaInitiateData, options: IAMAuthenticationOktaInitiateOptions<InitiateContext>): Promise<IAMAuthenticationOktaInitiateResult>;
+    refreshExternalAccessToken(_data: IAMAuthenticationOktaRefreshExternalAccessTokenData): Promise<IAMAuthenticationOktaRefreshExternalAccessTokenResult>;
+}

package/dist/services/authenticationOkta/iam.authenticationOkta.service.js

@@ -0,0 +1,103 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IAMAuthenticationOktaService = void 0;
+const core_1 = require("@node-c/core");
+const domain_iam_1 = require("@node-c/domain-iam");
+const lodash_1 = __importDefault(require("lodash"));
+class IAMAuthenticationOktaService extends domain_iam_1.IAMAuthenticationOAuth2Service {
+    constructor(configProvider, moduleName, serviceName) {
+        super(configProvider, moduleName, serviceName);
+        this.configProvider = configProvider;
+        this.moduleName = moduleName;
+        this.serviceName = serviceName;
+    }
+    complete(data, options) {
+        const _super = Object.create(null, {
+            complete: { get: () => super.complete }
+        });
+        return __awaiter(this, void 0, void 0, function* () {
+            return _super.complete.call(this, data, options);
+        });
+    }
+    getUserDataFromExternalTokenPayloads(data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { idTokenPayload } = data;
+            if (!idTokenPayload) {
+                return null;
+            }
+            const nameData = idTokenPayload.name.split(' ');
+            return { email: idTokenPayload.email, firstName: nameData[0], lastName: nameData[nameData.length - 1] };
+        });
+    }
+    getUserCreateAccessTokenConfig() {
+        const { configProvider, moduleName, serviceName } = this;
+        const moduleConfig = configProvider.config.domain[moduleName];
+        const { steps } = moduleConfig.authServiceSettings[serviceName];
+        const defaultConfig = {
+            [core_1.AppConfigDomainIAMAuthenticationStep.Complete]: {
+                authReturnsTokens: true,
+                cache: {
+                    settings: {
+                        cacheFieldName: 'state',
+                        inputFieldName: 'data.state'
+                    },
+                    use: {
+                        data: { overwrite: true, use: true }
+                    }
+                },
+                createUser: true,
+                decodeReturnedTokens: true,
+                findUser: true,
+                findUserBeforeAuth: false,
+                findUserInAuthResultBy: {
+                    userFieldName: 'email',
+                    resultFieldName: 'idTokenPayload.email'
+                },
+                useReturnedTokens: true,
+                validWithoutUser: false
+            },
+            [core_1.AppConfigDomainIAMAuthenticationStep.Initiate]: {
+                cache: {
+                    populate: {
+                        data: [{ cacheFieldName: 'codeVerifier', inputFieldName: 'result.codeVerifier' }]
+                    },
+                    settings: {
+                        cacheFieldName: 'state',
+                        inputFieldName: 'result.state'
+                    }
+                },
+                findUser: false,
+                stepResultPublicFields: ['authorizationCodeRequestURL'],
+                validWithoutUser: true
+            }
+        };
+        return lodash_1.default.merge(defaultConfig, steps);
+    }
+    initiate(data, options) {
+        const _super = Object.create(null, {
+            initiate: { get: () => super.initiate }
+        });
+        return __awaiter(this, void 0, void 0, function* () {
+            return _super.initiate.call(this, data, Object.assign(Object.assign({}, options), { generateNonce: true, withPCKE: true }));
+        });
+    }
+    refreshExternalAccessToken(_data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            throw new core_1.ApplicationError(`[${this.moduleName}][${this.serviceName}}]: Method "refreshExternalAccessToken" not implemented.`);
+        });
+    }
+}
+exports.IAMAuthenticationOktaService = IAMAuthenticationOktaService;
+//# sourceMappingURL=iam.authenticationOkta.service.js.map

package/dist/services/authenticationOkta/iam.authenticationOkta.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iam.authenticationOkta.service.js","sourceRoot":"","sources":["../../../src/services/authenticationOkta/iam.authenticationOkta.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,uCAKsB;AACtB,mDAAoE;AAEpE,oDAAwB;AAmBxB,MAAa,4BAGX,SAAQ,2CAAgE;IACxE,YACY,cAAqC,EACrC,UAAkB,EAClB,WAAmB;QAE7B,KAAK,CAAC,cAAc,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QAJrC,mBAAc,GAAd,cAAc,CAAuB;QACrC,eAAU,GAAV,UAAU,CAAQ;QAClB,gBAAW,GAAX,WAAW,CAAQ;IAG/B,CAAC;IAEK,QAAQ,CACZ,IAAuC,EACvC,OAA8D;;;;;YAE9D,OAAO,OAAM,QAAQ,YAAC,IAAI,EAAE,OAAO,CAAiD,CAAC;QACvF,CAAC;KAAA;IAEK,oCAAoC,CACxC,IAAmE;;YAEnE,MAAM,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC;YAChC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,OAAO,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;QAC1G,CAAC;KAAA;IAGD,8BAA8B;QAC5B,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;QACzD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;QACpF,MAAM,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,mBAAoB,CAAC,WAAW,CAAC,CAAC;QACjE,MAAM,aAAa,GAA8D;YAC/E,CAAC,2CAAoC,CAAC,QAAQ,CAAC,EAAE;gBAC/C,iBAAiB,EAAE,IAAI;gBACvB,KAAK,EAAE;oBACL,QAAQ,EAAE;wBACR,cAAc,EAAE,OAAO;wBACvB,cAAc,EAAE,YAAY;qBAC7B;oBACD,GAAG,EAAE;wBACH,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE;qBACrC;iBACF;gBACD,UAAU,EAAE,IAAI;gBAChB,oBAAoB,EAAE,IAAI;gBAC1B,QAAQ,EAAE,IAAI;gBACd,kBAAkB,EAAE,KAAK;gBACzB,sBAAsB,EAAE;oBACtB,aAAa,EAAE,OAAO;oBACtB,eAAe,EAAE,sBAAsB;iBACxC;gBACD,iBAAiB,EAAE,IAAI;gBACvB,gBAAgB,EAAE,KAAK;aACxB;YACD,CAAC,2CAAoC,CAAC,QAAQ,CAAC,EAAE;gBAC/C,KAAK,EAAE;oBACL,QAAQ,EAAE;wBACR,IAAI,EAAE,CAAC,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,qBAAqB,EAAE,CAAC;qBAClF;oBACD,QAAQ,EAAE;wBACR,cAAc,EAAE,OAAO;wBACvB,cAAc,EAAE,cAAc;qBAC/B;iBACF;gBACD,QAAQ,EAAE,KAAK;gBACf,sBAAsB,EAAE,CAAC,6BAA6B,CAAC;gBACvD,gBAAgB,EAAE,IAAI;aACvB;SACF,CAAC;QACF,OAAO,gBAAE,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IACxC,CAAC;IAEK,QAAQ,CACZ,IAAuC,EACvC,OAA8D;;;;;YAE9D,OAAO,OAAM,QAAQ,YAAC,IAAI,kCACrB,OAAO,KACV,aAAa,EAAE,IAAI,EACnB,QAAQ,EAAE,IAAI,IACkC,CAAC;QACrD,CAAC;KAAA;IAGK,0BAA0B,CAE9B,KAA0D;;YAE1D,MAAM,IAAI,uBAAgB,CACxB,IAAI,IAAI,CAAC,UAAU,KAAK,IAAI,CAAC,WAAW,0DAA0D,CACnG,CAAC;QACJ,CAAC;KAAA;CACF;AAhGD,oEAgGC"}

package/dist/services/authenticationOkta/index.d.ts

@@ -0,0 +1,2 @@
+export * from './iam.authenticationOkta.definitions';
+export * from './iam.authenticationOkta.service';

package/dist/services/authenticationOkta/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./iam.authenticationOkta.definitions"), exports);
+__exportStar(require("./iam.authenticationOkta.service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/services/authenticationOkta/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/authenticationOkta/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uEAAqD;AACrD,mEAAiD"}

package/dist/services/index.d.ts

@@ -0,0 +1 @@
+export * from './authenticationOkta';

package/dist/services/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./authenticationOkta"), exports);
+//# sourceMappingURL=index.js.map

package/dist/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAqC"}

package/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "@node-c/domain-iam-okta",
+  "version": "1.0.0-beta0",
+  "license": "MIT",
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "build:clean": "rm -rf dist/* && rm -f *.tsbuildinfo && npm run build",
+    "check-types": "tsc -p tsconfig.build.json --noEmit",
+    "dev": "tsc -p tsconfig.build.json --watch",
+    "lint": "eslint src",
+    "publish-package": "npm run build:clean && npm publish --access public",
+    "test": "vitest --config src/vitest.config.ts",
+    "test:coverage": "vitest --config src/vitest.config.ts --coverage"
+  },
+  "dependencies": {
+    "@nestjs/common": "^11.1.16",
+    "@node-c/core": "^1.0.0-beta0",
+    "@node-c/domain-iam": "^1.0.0-beta0"
+  }
+}

package/src/index.ts

@@ -0,0 +1 @@
+export * from './services';

package/src/services/authenticationOkta/iam.authenticationOkta.definitions.ts

@@ -0,0 +1,52 @@
+import {
+  IAMAuthenticationGetUserDataFromExternalTokenPayloadsData,
+  IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult,
+  IAMAuthenticationOAuth2CompleteData,
+  IAMAuthenticationOAuth2CompleteOptions,
+  IAMAuthenticationOAuth2CompleteResult,
+  IAMAuthenticationOAuth2GetUserCreateAccessTokenConfigResult,
+  IAMAuthenticationOAuth2InitiateData,
+  IAMAuthenticationOAuth2InitiateOptions,
+  IAMAuthenticationOAuth2InitiateResult,
+  IAMAuthenticationRefreshExternalAccessTokenData,
+  IAMAuthenticationRefreshExternalAccessTokenResult
+} from '@node-c/domain-iam';
+
+export type IAMAuthenticationOktaCompleteData = IAMAuthenticationOAuth2CompleteData;
+
+export type IAMAuthenticationOktaCompleteOptions<Context extends object> =
+  IAMAuthenticationOAuth2CompleteOptions<Context>;
+
+export interface IAMAuthenticationOktaCompleteResult extends IAMAuthenticationOAuth2CompleteResult {
+  idToken: string;
+  refreshToken: string;
+}
+
+export type IAMAuthenticationOktaGetUserCreateAccessTokenConfigResult =
+  IAMAuthenticationOAuth2GetUserCreateAccessTokenConfigResult;
+
+export type IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsData =
+  IAMAuthenticationGetUserDataFromExternalTokenPayloadsData;
+
+export type IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsResult =
+  IAMAuthenticationGetUserDataFromExternalTokenPayloadsResult;
+
+export interface IAMAuthenticationOktaInitiateData extends IAMAuthenticationOAuth2InitiateData {
+  scope: string;
+}
+
+export type IAMAuthenticationOktaInitiateOptions<Context extends object> = Omit<
+  IAMAuthenticationOAuth2InitiateOptions<Context>,
+  'generateNonce' | 'withPCKE'
+>;
+
+export interface IAMAuthenticationOktaInitiateResult extends IAMAuthenticationOAuth2InitiateResult {
+  authorizationCodeRequestURL: string;
+  codeChallenge: string;
+  codeVerifier: string;
+  nonce: string;
+  state: string;
+}
+
+export type IAMAuthenticationOktaRefreshExternalAccessTokenData = IAMAuthenticationRefreshExternalAccessTokenData;
+export type IAMAuthenticationOktaRefreshExternalAccessTokenResult = IAMAuthenticationRefreshExternalAccessTokenResult;

package/src/services/authenticationOkta/iam.authenticationOkta.service.ts

@@ -0,0 +1,124 @@
+import {
+  AppConfigDomainIAM,
+  AppConfigDomainIAMAuthenticationStep,
+  ApplicationError,
+  ConfigProviderService
+} from '@node-c/core';
+import { IAMAuthenticationOAuth2Service } from '@node-c/domain-iam';
+
+import ld from 'lodash';
+
+import {
+  IAMAuthenticationOktaCompleteData,
+  IAMAuthenticationOktaCompleteOptions,
+  IAMAuthenticationOktaCompleteResult,
+  IAMAuthenticationOktaGetUserCreateAccessTokenConfigResult,
+  IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsData,
+  IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsResult,
+  IAMAuthenticationOktaInitiateData,
+  IAMAuthenticationOktaInitiateOptions,
+  IAMAuthenticationOktaInitiateResult,
+  IAMAuthenticationOktaRefreshExternalAccessTokenData,
+  IAMAuthenticationOktaRefreshExternalAccessTokenResult
+} from './iam.authenticationOkta.definitions';
+
+/*
+ * A service for integrating Okta OIDC auth. It extends the Domain-IAM-OAuth2.
+ */
+export class IAMAuthenticationOktaService<
+  CompleteContext extends object,
+  InitiateContext extends object
+> extends IAMAuthenticationOAuth2Service<CompleteContext, InitiateContext> {
+  constructor(
+    protected configProvider: ConfigProviderService,
+    protected moduleName: string,
+    protected serviceName: string
+  ) {
+    super(configProvider, moduleName, serviceName);
+  }
+
+  async complete(
+    data: IAMAuthenticationOktaCompleteData,
+    options: IAMAuthenticationOktaCompleteOptions<CompleteContext>
+  ): Promise<IAMAuthenticationOktaCompleteResult> {
+    return super.complete(data, options) as Promise<IAMAuthenticationOktaCompleteResult>;
+  }
+
+  async getUserDataFromExternalTokenPayloads(
+    data: IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsData
+  ): Promise<IAMAuthenticationOktaGetUserDataFromExternalTokenPayloadsResult | null> {
+    const { idTokenPayload } = data;
+    if (!idTokenPayload) {
+      return null;
+    }
+    const nameData = idTokenPayload.name.split(' ');
+    return { email: idTokenPayload.email, firstName: nameData[0], lastName: nameData[nameData.length - 1] };
+  }
+
+  // Okta Auth via OIDC
+  getUserCreateAccessTokenConfig(): IAMAuthenticationOktaGetUserCreateAccessTokenConfigResult {
+    const { configProvider, moduleName, serviceName } = this;
+    const moduleConfig = configProvider.config.domain[moduleName] as AppConfigDomainIAM;
+    const { steps } = moduleConfig.authServiceSettings![serviceName];
+    const defaultConfig: IAMAuthenticationOktaGetUserCreateAccessTokenConfigResult = {
+      [AppConfigDomainIAMAuthenticationStep.Complete]: {
+        authReturnsTokens: true,
+        cache: {
+          settings: {
+            cacheFieldName: 'state',
+            inputFieldName: 'data.state'
+          },
+          use: {
+            data: { overwrite: true, use: true }
+          }
+        },
+        createUser: true,
+        decodeReturnedTokens: true,
+        findUser: true,
+        findUserBeforeAuth: false,
+        findUserInAuthResultBy: {
+          userFieldName: 'email',
+          resultFieldName: 'idTokenPayload.email'
+        },
+        useReturnedTokens: true,
+        validWithoutUser: false
+      },
+      [AppConfigDomainIAMAuthenticationStep.Initiate]: {
+        cache: {
+          populate: {
+            data: [{ cacheFieldName: 'codeVerifier', inputFieldName: 'result.codeVerifier' }]
+          },
+          settings: {
+            cacheFieldName: 'state',
+            inputFieldName: 'result.state'
+          }
+        },
+        findUser: false,
+        stepResultPublicFields: ['authorizationCodeRequestURL'],
+        validWithoutUser: true
+      }
+    };
+    return ld.merge(defaultConfig, steps);
+  }
+
+  async initiate(
+    data: IAMAuthenticationOktaInitiateData,
+    options: IAMAuthenticationOktaInitiateOptions<InitiateContext>
+  ): Promise<IAMAuthenticationOktaInitiateResult> {
+    return super.initiate(data, {
+      ...options,
+      generateNonce: true,
+      withPCKE: true
+    }) as Promise<IAMAuthenticationOktaInitiateResult>;
+  }
+
+  // TODO: this
+  async refreshExternalAccessToken(
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    _data: IAMAuthenticationOktaRefreshExternalAccessTokenData
+  ): Promise<IAMAuthenticationOktaRefreshExternalAccessTokenResult> {
+    throw new ApplicationError(
+      `[${this.moduleName}][${this.serviceName}}]: Method "refreshExternalAccessToken" not implemented.`
+    );
+  }
+}

package/src/services/authenticationOkta/index.ts

@@ -0,0 +1,2 @@
+export * from './iam.authenticationOkta.definitions';
+export * from './iam.authenticationOkta.service';

package/src/services/index.ts

@@ -0,0 +1 @@
+export * from './authenticationOkta';

package/tsconfig.build.json

@@ -0,0 +1,9 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src"],
+  "exclude": ["node_modules", "dist", "src/**/*/*.spec.ts", "src/*.spec.ts", "src/vitest.config.ts"]
+}

package/tsconfig.json

@@ -0,0 +1,9 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src"],
+  "exclude": ["node_modules", "dist"]
+}