@okta/okta-auth-js 5.10.0 → 6.1.0

package/cjs/idx/run.js

@@ -1,22 +1,36 @@
 "use strict";
 
+var _WeakMap = require("@babel/runtime-corejs3/core-js-stable/weak-map");
+
+var _Object$getOwnPropertyDescriptor = require("@babel/runtime-corejs3/core-js-stable/object/get-own-property-descriptor");
+
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
 exports.run = run;
 
+var _reduce = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/reduce"));
+
+var _values = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/values"));
+
 var _interact = require("./interact");
 
 var _introspect = require("./introspect");
 
 var _remediate = require("./remediate");
 
+var _flow = require("./flow");
+
 var remediators = _interopRequireWildcard(require("./remediators"));
 
 var _types = require("../types");
 
+var _idxJs = require("./types/idx-js");
+
 var _transactionMeta = require("./transactionMeta");
 
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _getRequireWildcardCache(nodeInterop) { if (typeof _WeakMap !== "function") return null; var cacheBabelInterop = new _WeakMap(); var cacheNodeInterop = new _WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && _Object$getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? _Object$getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
@@ -54,12 +68,20 @@ function getEnabledFeatures(idxResponse) {
     res.push(_types.IdxFeature.SOCIAL_IDP);
   }
 
+  if (neededToProceed.some(({
+    name
+  }) => name === 'unlock-account')) {
+    res.push(_types.IdxFeature.ACCOUNT_UNLOCK);
+  }
+
   return res;
 }
 
-function getAvailableSteps(remediations) {
+function getAvailableSteps(idxResponse) {
+  var _context;
+
   const res = [];
-  const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {
+  const remediatorMap = (0, _reduce.default)(_context = (0, _values.default)(remediators)).call(_context, (map, remediatorClass) => {
     // Only add concrete subclasses to the map
     if (remediatorClass.remediationName) {
       map[remediatorClass.remediationName] = remediatorClass;
@@ -68,12 +90,12 @@ function getAvailableSteps(remediations) {
     return map;
   }, {});
 
-  for (let remediation of remediations) {
+  for (let remediation of idxResponse.neededToProceed) {
     const T = remediatorMap[remediation.name];
 
     if (T) {
       const remediator = new T(remediation);
-      res.push(remediator.getNextStep());
+      res.push(remediator.getNextStep(idxResponse.context));
     }
   }
 
@@ -90,49 +112,78 @@ async function run(authClient, options = {}) {
   let availableSteps;
   let status = _types.IdxStatus.PENDING;
   let shouldClearTransaction = false;
+  let clearSharedStorage = true;
   let idxResponse;
   let interactionHandle;
   let metaFromResp;
+  let interactionCode;
 
   try {
     var _metaFromResp;
 
-    const {
+    let {
       flow,
-      stateTokenExternalId,
-      state
+      state,
+      scopes,
+      version,
+      remediators,
+      actions,
+      withCredentials,
+      exchangeCodeForTokens,
+      autoRemediate,
+      step,
+      recoveryToken,
+      activationToken
     } = options; // Only one flow can be operating at a time
 
+    flow = flow || authClient.idx.getFlow() || 'default';
+
     if (flow) {
       authClient.idx.setFlow(flow);
+      const flowSpec = (0, _flow.getFlowSpecification)(authClient, flow); // Favor option values over flow spec
+
+      withCredentials = typeof withCredentials !== 'undefined' ? withCredentials : flowSpec.withCredentials;
+      remediators = remediators || flowSpec.remediators;
+      actions = actions || flowSpec.actions;
     } // Try to resume saved transaction
 
 
     metaFromResp = (0, _transactionMeta.getSavedTransactionMeta)(authClient, {
-      state
+      state,
+      recoveryToken,
+      activationToken
     });
     interactionHandle = (_metaFromResp = metaFromResp) === null || _metaFromResp === void 0 ? void 0 : _metaFromResp.interactionHandle; // may be undefined
 
-    if (!interactionHandle && !stateTokenExternalId) {
+    if (!interactionHandle) {
       // start a new transaction
       authClient.transactionManager.clear();
-      const interactResponse = await (0, _interact.interact)(authClient, options);
+      const interactResponse = await (0, _interact.interact)(authClient, {
+        withCredentials,
+        state,
+        scopes,
+        activationToken,
+        recoveryToken
+      });
       interactionHandle = interactResponse.interactionHandle;
       metaFromResp = interactResponse.meta;
+      withCredentials = metaFromResp.withCredentials;
     } // Introspect to get idx response
 
 
     idxResponse = await (0, _introspect.introspect)(authClient, {
-      interactionHandle,
-      stateTokenExternalId
+      withCredentials,
+      version,
+      interactionHandle
     });
+    enabledFeatures = getEnabledFeatures(idxResponse);
+    availableSteps = getAvailableSteps(idxResponse); // Include meta in the transaction response
+
+    meta = metaFromResp;
+
+    if (autoRemediate !== false && (remediators || actions)) {
+      var _idxResponse;
 
-    if (!options.remediators && !options.actions) {
-      // handle start transaction
-      meta = metaFromResp;
-      enabledFeatures = getEnabledFeatures(idxResponse);
-      availableSteps = getAvailableSteps(idxResponse.neededToProceed);
-    } else {
       const values = { ...options,
         stateHandle: idxResponse.rawIdxState.stateHandle
       }; // Can we handle the remediations?
@@ -143,56 +194,87 @@ async function run(authClient, options = {}) {
         terminal,
         canceled,
         messages: messagesFromResp
-      } = await (0, _remediate.remediate)(idxResponse, values, options); // Track fields from remediation response
+      } = await (0, _remediate.remediate)(idxResponse, values, {
+        remediators,
+        actions,
+        flow,
+        step
+      });
+      idxResponse = idxResponseFromResp || idxResponse; // Track fields from remediation response
 
       nextStep = nextStepFromResp;
       messages = messagesFromResp; // Save intermediate idx response in storage to reduce introspect call
 
-      if (nextStep && idxResponseFromResp) {
-        authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);
+      if (nextStep) {
+        authClient.transactionManager.saveIdxResponse(idxResponse.rawIdxState);
+        availableSteps = getAvailableSteps(idxResponse);
       }
 
       if (terminal) {
         status = _types.IdxStatus.TERMINAL;
         shouldClearTransaction = true;
+        clearSharedStorage = false; // transaction may be continued in another tab
       }
 
       if (canceled) {
         status = _types.IdxStatus.CANCELED;
         shouldClearTransaction = true;
-      } else if (idxResponseFromResp !== null && idxResponseFromResp !== void 0 && idxResponseFromResp.interactionCode) {
-        const {
-          clientId,
-          codeVerifier,
-          ignoreSignature,
-          redirectUri,
-          urls,
-          scopes
-        } = metaFromResp;
-        tokens = await authClient.token.exchangeCodeForTokens({
-          interactionCode: idxResponseFromResp.interactionCode,
-          clientId,
-          codeVerifier,
-          ignoreSignature,
-          redirectUri,
-          scopes
-        }, urls);
-        status = _types.IdxStatus.SUCCESS;
-        shouldClearTransaction = true;
+      } else if ((_idxResponse = idxResponse) !== null && _idxResponse !== void 0 && _idxResponse.interactionCode) {
+        interactionCode = idxResponse.interactionCode;
+
+        if (exchangeCodeForTokens === false) {
+          status = _types.IdxStatus.SUCCESS;
+          shouldClearTransaction = false;
+        } else {
+          // exchange the interaction code for tokens
+          const {
+            clientId,
+            codeVerifier,
+            ignoreSignature,
+            redirectUri,
+            urls,
+            scopes
+          } = metaFromResp;
+          tokens = await authClient.token.exchangeCodeForTokens({
+            interactionCode,
+            clientId,
+            codeVerifier,
+            ignoreSignature,
+            redirectUri,
+            scopes
+          }, urls);
+          status = _types.IdxStatus.SUCCESS;
+          shouldClearTransaction = true;
+        }
       }
     }
   } catch (err) {
-    error = err;
-    status = _types.IdxStatus.FAILURE;
-    shouldClearTransaction = true;
+    // current version of idx-js will throw/reject IDX responses. Handle these differently than regular errors
+    if ((0, _idxJs.isIdxResponse)(err)) {
+      error = err;
+      status = _types.IdxStatus.FAILURE;
+      shouldClearTransaction = true;
+    } else {
+      // error is not an IDX response, throw it like a regular error
+      throw err;
+    }
   }
 
   if (shouldClearTransaction) {
-    authClient.transactionManager.clear();
-  }
+    authClient.transactionManager.clear({
+      clearSharedStorage
+    });
+  } // from idx-js, used by the widget
+
 
+  const {
+    actions,
+    context,
+    neededToProceed,
+    proceed,
+    rawIdxState
+  } = idxResponse || {};
   return {
-    _idxResponse: idxResponse,
     status,
     ...(meta && {
       meta
@@ -214,7 +296,15 @@ async function run(authClient, options = {}) {
     }),
     ...(error && {
       error
-    })
+    }),
+    interactionCode,
+    // if options.exchangeCodeForTokens is false
+    // from idx-js
+    actions,
+    context,
+    neededToProceed,
+    proceed,
+    rawIdxState
   };
 }
 //# sourceMappingURL=run.js.map

package/cjs/idx/run.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","IdxFeature","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediations","remediatorMap","Object","values","remediators","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","IdxStatus","PENDING","shouldClearTransaction","interactionHandle","metaFromResp","flow","stateTokenExternalId","state","idx","setFlow","transactionManager","clear","interactResponse","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","saveIdxResponse","TERMINAL","CANCELED","interactionCode","clientId","codeVerifier","ignoreSignature","redirectUri","urls","scopes","token","exchangeCodeForTokens","SUCCESS","err","FAILURE","_idxResponse"],"mappings":";;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;AASA;;;;;;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAwBA,SAASA,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,QAAMC,GAAG,GAAG,EAAZ;AACA,QAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWC,iBAApB;AACD;;AAED,MAAIH,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,uBAA5C,CAAJ,EAA0E;AACxEP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWI,YAApB;AACD;;AAED,MAAIN,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,cAA5C,CAAJ,EAAiE;AAC/DP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWK,UAApB;AACD;;AAED,SAAOT,GAAP;AACD;;AAED,SAASU,iBAAT,CAA2BC,YAA3B,EAAuE;AACrE,QAAMX,GAAG,GAAG,EAAZ;AAEA,QAAMY,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcC,WAAd,EAA2BC,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBT,YAAxB,EAAsC;AACpC,UAAMU,CAAC,GAAGT,aAAa,CAACQ,WAAW,CAACb,IAAb,CAAvB;;AACA,QAAIc,CAAJ,EAAO;AACL,YAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACApB,MAAAA,GAAG,CAACG,IAAJ,CAAUmB,UAAU,CAACC,WAAX,EAAV;AACD;AACF;;AAED,SAAOvB,GAAP;AACD;;AAEM,eAAewB,GAAf,CACLC,UADK,EAELC,OAAmB,GAAG,EAFjB,EAGoB;AACzB,MAAIC,MAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,KAAJ;AACA,MAAIC,IAAJ;AACA,MAAIC,eAAJ;AACA,MAAIC,cAAJ;AACA,MAAIC,MAAM,GAAGC,iBAAUC,OAAvB;AACA,MAAIC,sBAAsB,GAAG,KAA7B;AACA,MAAItC,WAAJ;AACA,MAAIuC,iBAAJ;AACA,MAAIC,YAAJ;;AAEA,MAAI;AAAA;;AAEF,UAAM;AAAEC,MAAAA,IAAF;AAAQC,MAAAA,oBAAR;AAA8BC,MAAAA;AAA9B,QAAwChB,OAA9C,CAFE,CAIF;;AACA,QAAIc,IAAJ,EAAU;AACRf,MAAAA,UAAU,CAACkB,GAAX,CAAeC,OAAf,CAAuBJ,IAAvB;AACD,KAPC,CASF;;;AACAD,IAAAA,YAAY,GAAG,8CAAwBd,UAAxB,EAAoC;AAAEiB,MAAAA;AAAF,KAApC,CAAf;AACAJ,IAAAA,iBAAiB,oBAAGC,YAAH,kDAAG,cAAcD,iBAAlC,CAXE,CAWmD;;AAErD,QAAI,CAACA,iBAAD,IAAsB,CAACG,oBAA3B,EAAiD;AAC/C;AACAhB,MAAAA,UAAU,CAACoB,kBAAX,CAA8BC,KAA9B;AACA,YAAMC,gBAAgB,GAAG,MAAM,wBAAStB,UAAT,EAAqBC,OAArB,CAA/B;AACAY,MAAAA,iBAAiB,GAAGS,gBAAgB,CAACT,iBAArC;AACAC,MAAAA,YAAY,GAAGQ,gBAAgB,CAAChB,IAAhC;AACD,KAnBC,CAqBF;;;AACAhC,IAAAA,WAAW,GAAG,MAAM,4BAAW0B,UAAX,EAAuB;AAAEa,MAAAA,iBAAF;AAAqBG,MAAAA;AAArB,KAAvB,CAApB;;AAEA,QAAI,CAACf,OAAO,CAACX,WAAT,IAAwB,CAACW,OAAO,CAACzB,OAArC,EAA8C;AAC5C;AACA8B,MAAAA,IAAI,GAAGQ,YAAP;AACAP,MAAAA,eAAe,GAAGlC,kBAAkB,CAACC,WAAD,CAApC;AACAkC,MAAAA,cAAc,GAAGvB,iBAAiB,CAACX,WAAW,CAACG,eAAb,CAAlC;AACD,KALD,MAKO;AACL,YAAMY,MAAqC,GAAG,EAC5C,GAAGY,OADyC;AAE5CsB,QAAAA,WAAW,EAAEjD,WAAW,CAACkD,WAAZ,CAAwBD;AAFO,OAA9C,CADK,CAML;;AACA,YAAM;AACJjD,QAAAA,WAAW,EAAEmD,mBADT;AAEJtB,QAAAA,QAAQ,EAAEuB,gBAFN;AAGJC,QAAAA,QAHI;AAIJC,QAAAA,QAJI;AAKJxB,QAAAA,QAAQ,EAAEyB;AALN,UAMF,MAAM,0BAAUvD,WAAV,EAAuBe,MAAvB,EAA+BY,OAA/B,CANV,CAPK,CAeL;;AACAE,MAAAA,QAAQ,GAAGuB,gBAAX;AACAtB,MAAAA,QAAQ,GAAGyB,gBAAX,CAjBK,CAmBL;;AACA,UAAI1B,QAAQ,IAAIsB,mBAAhB,EAAqC;AACnCzB,QAAAA,UAAU,CAACoB,kBAAX,CAA8BU,eAA9B,CAA8CL,mBAAmB,CAACD,WAAlE;AACD;;AAED,UAAIG,QAAJ,EAAc;AACZlB,QAAAA,MAAM,GAAGC,iBAAUqB,QAAnB;AACAnB,QAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAAC,UAAIgB,QAAJ,EAAc;AACdnB,QAAAA,MAAM,GAAGC,iBAAUsB,QAAnB;AACApB,QAAAA,sBAAsB,GAAG,IAAzB;AACD,OAHC,MAGK,IAAIa,mBAAJ,aAAIA,mBAAJ,eAAIA,mBAAmB,CAAEQ,eAAzB,EAA0C;AAC/C,cAAM;AACJC,UAAAA,QADI;AAEJC,UAAAA,YAFI;AAGJC,UAAAA,eAHI;AAIJC,UAAAA,WAJI;AAKJC,UAAAA,IALI;AAMJC,UAAAA;AANI,YAOFzB,YAPJ;AAQAZ,QAAAA,MAAM,GAAG,MAAMF,UAAU,CAACwC,KAAX,CAAiBC,qBAAjB,CAAuC;AACpDR,UAAAA,eAAe,EAAER,mBAAmB,CAACQ,eADe;AAEpDC,UAAAA,QAFoD;AAGpDC,UAAAA,YAHoD;AAIpDC,UAAAA,eAJoD;AAKpDC,UAAAA,WALoD;AAMpDE,UAAAA;AANoD,SAAvC,EAOZD,IAPY,CAAf;AASA7B,QAAAA,MAAM,GAAGC,iBAAUgC,OAAnB;AACA9B,QAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF,GAjFD,CAiFE,OAAO+B,GAAP,EAAY;AACZtC,IAAAA,KAAK,GAAGsC,GAAR;AACAlC,IAAAA,MAAM,GAAGC,iBAAUkC,OAAnB;AACAhC,IAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAED,MAAIA,sBAAJ,EAA4B;AAC1BZ,IAAAA,UAAU,CAACoB,kBAAX,CAA8BC,KAA9B;AACD;;AAED,SAAO;AACLwB,IAAAA,YAAY,EAAEvE,WADT;AAELmC,IAAAA,MAFK;AAGL,QAAIH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAAZ,CAHK;AAIL,QAAIC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAAvB,CAJK;AAKL,QAAIC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KAAtB,CALK;AAML,QAAIN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KAAd,CANK;AAOL,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CAPK;AAQL,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CARK;AASL,QAAIC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KAAb;AATK,GAAP;AAWD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { RemediationFlow } from './flow';\nimport * as remediators from './remediators';\nimport { \n  OktaAuth,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n  FlowIdentifier,\n} from '../types';\nimport { IdxResponse, IdxRemediation } from './types/idx-js';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { ProceedOptions } from './proceed';\n\nexport type RunOptions = ProceedOptions & {\n  flow?: FlowIdentifier;\n  remediators?: RemediationFlow;\n  actions?: string[];\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP);\n  }\n\n  return res;\n}\n\nfunction getAvailableSteps(remediations: IdxRemediation[]): NextStep[] {\n  const res = [];\n\n  const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n    // Only add concrete subclasses to the map\n    if (remediatorClass.remediationName) {\n      map[remediatorClass.remediationName] = remediatorClass;\n    }\n    return map;\n  }, {});\n\n  for (let remediation of remediations) {\n    const T = remediatorMap[remediation.name];\n    if (T) {\n      const remediator = new T(remediation);\n      res.push (remediator.getNextStep());\n    }\n  }\n\n  return res;\n}\n\nexport async function run(\n  authClient: OktaAuth, \n  options: RunOptions = {},\n): Promise<IdxTransaction> {\n  let tokens;\n  let nextStep;\n  let messages;\n  let error;\n  let meta;\n  let enabledFeatures;\n  let availableSteps;\n  let status = IdxStatus.PENDING;\n  let shouldClearTransaction = false;\n  let idxResponse;\n  let interactionHandle;\n  let metaFromResp;\n\n  try {\n\n    const { flow, stateTokenExternalId, state } = options;\n\n    // Only one flow can be operating at a time\n    if (flow) {\n      authClient.idx.setFlow(flow);\n    }\n\n    // Try to resume saved transaction\n    metaFromResp = getSavedTransactionMeta(authClient, { state });\n    interactionHandle = metaFromResp?.interactionHandle; // may be undefined\n\n    if (!interactionHandle && !stateTokenExternalId) {\n      // start a new transaction\n      authClient.transactionManager.clear();\n      const interactResponse = await interact(authClient, options); \n      interactionHandle = interactResponse.interactionHandle;\n      metaFromResp = interactResponse.meta;\n    }\n\n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { interactionHandle, stateTokenExternalId });\n\n    if (!options.remediators && !options.actions) {\n      // handle start transaction\n      meta = metaFromResp;\n      enabledFeatures = getEnabledFeatures(idxResponse);\n      availableSteps = getAvailableSteps(idxResponse.neededToProceed);\n    } else {\n      const values: remediators.RemediationValues = { \n        ...options, \n        stateHandle: idxResponse.rawIdxState.stateHandle \n      };\n\n      // Can we handle the remediations?\n      const { \n        idxResponse: idxResponseFromResp, \n        nextStep: nextStepFromResp,\n        terminal,\n        canceled,\n        messages: messagesFromResp,\n      } = await remediate(idxResponse, values, options);\n\n      // Track fields from remediation response\n      nextStep = nextStepFromResp;\n      messages = messagesFromResp;\n\n      // Save intermediate idx response in storage to reduce introspect call\n      if (nextStep && idxResponseFromResp) {\n        authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);\n      }\n\n      if (terminal) {\n        status = IdxStatus.TERMINAL;\n        shouldClearTransaction = true;\n      } if (canceled) {\n        status = IdxStatus.CANCELED;\n        shouldClearTransaction = true;\n      } else if (idxResponseFromResp?.interactionCode) { \n        const {\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          urls,\n          scopes,\n        } = metaFromResp;\n        tokens = await authClient.token.exchangeCodeForTokens({\n          interactionCode: idxResponseFromResp.interactionCode,\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          scopes\n        }, urls);\n\n        status = IdxStatus.SUCCESS;\n        shouldClearTransaction = true;\n      }\n    }\n  } catch (err) {\n    error = err;\n    status = IdxStatus.FAILURE;\n    shouldClearTransaction = true;\n  }\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear();\n  }\n  \n  return {\n    _idxResponse: idxResponse, \n    status,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens: tokens.tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && { messages }),\n    ...(error && { error }),\n  };\n}\n"],"file":"run.js"}
+{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","IdxFeature","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","ACCOUNT_UNLOCK","getAvailableSteps","remediatorMap","remediators","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","context","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","IdxStatus","PENDING","shouldClearTransaction","clearSharedStorage","interactionHandle","metaFromResp","interactionCode","flow","state","scopes","version","withCredentials","exchangeCodeForTokens","autoRemediate","step","recoveryToken","activationToken","idx","getFlow","setFlow","flowSpec","transactionManager","clear","interactResponse","values","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","saveIdxResponse","TERMINAL","CANCELED","SUCCESS","clientId","codeVerifier","ignoreSignature","redirectUri","urls","token","err","FAILURE","proceed"],"mappings":";;;;;;;;;;;;;;AAcA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAQA;;AACA;;;;;;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAyBA,SAASA,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,QAAMC,GAAG,GAAG,EAAZ;AACA,QAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWC,iBAApB;AACD;;AAED,MAAIH,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,uBAA5C,CAAJ,EAA0E;AACxEP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWI,YAApB;AACD;;AAED,MAAIN,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,cAA5C,CAAJ,EAAiE;AAC/DP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWK,UAApB;AACD;;AAED,MAAIP,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,gBAA5C,CAAJ,EAAmE;AACjEP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWM,cAApB;AACD;;AAED,SAAOV,GAAP;AACD;;AAED,SAASW,iBAAT,CAA2BZ,WAA3B,EAAiE;AAAA;;AAC/D,QAAMC,GAAG,GAAG,EAAZ;AAEA,QAAMY,aAAa,GAAG,qDAAcC,WAAd,kBAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBlB,WAAW,CAACG,eAApC,EAAqD;AACnD,UAAMgB,CAAC,GAAGN,aAAa,CAACK,WAAW,CAACV,IAAb,CAAvB;;AACA,QAAIW,CAAJ,EAAO;AACL,YAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACAjB,MAAAA,GAAG,CAACG,IAAJ,CAAUgB,UAAU,CAACC,WAAX,CAAuBrB,WAAW,CAACsB,OAAnC,CAAV;AACD;AACF;;AAED,SAAOrB,GAAP;AACD;;AAEM,eAAesB,GAAf,CACLC,UADK,EAELC,OAAmB,GAAG,EAFjB,EAGoB;AACzB,MAAIC,MAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,KAAJ;AACA,MAAIC,IAAJ;AACA,MAAIC,eAAJ;AACA,MAAIC,cAAJ;AACA,MAAIC,MAAM,GAAGC,iBAAUC,OAAvB;AACA,MAAIC,sBAAsB,GAAG,KAA7B;AACA,MAAIC,kBAAkB,GAAG,IAAzB;AACA,MAAIrC,WAAJ;AACA,MAAIsC,iBAAJ;AACA,MAAIC,YAAJ;AACA,MAAIC,eAAJ;;AAEA,MAAI;AAAA;;AAEF,QAAI;AACFC,MAAAA,IADE;AAEFC,MAAAA,KAFE;AAGFC,MAAAA,MAHE;AAIFC,MAAAA,OAJE;AAKF9B,MAAAA,WALE;AAMFZ,MAAAA,OANE;AAOF2C,MAAAA,eAPE;AAQFC,MAAAA,qBARE;AASFC,MAAAA,aATE;AAUFC,MAAAA,IAVE;AAWFC,MAAAA,aAXE;AAYFC,MAAAA;AAZE,QAaAzB,OAbJ,CAFE,CAiBF;;AACAgB,IAAAA,IAAI,GAAGA,IAAI,IAAIjB,UAAU,CAAC2B,GAAX,CAAeC,OAAf,EAAR,IAAoC,SAA3C;;AACA,QAAIX,IAAJ,EAAU;AACRjB,MAAAA,UAAU,CAAC2B,GAAX,CAAeE,OAAf,CAAuBZ,IAAvB;AACA,YAAMa,QAAQ,GAAG,gCAAqB9B,UAArB,EAAiCiB,IAAjC,CAAjB,CAFQ,CAGR;;AACAI,MAAAA,eAAe,GAAI,OAAOA,eAAP,KAA2B,WAA5B,GAA2CA,eAA3C,GAA6DS,QAAQ,CAACT,eAAxF;AACA/B,MAAAA,WAAW,GAAGA,WAAW,IAAIwC,QAAQ,CAACxC,WAAtC;AACAZ,MAAAA,OAAO,GAAGA,OAAO,IAAIoD,QAAQ,CAACpD,OAA9B;AACD,KA1BC,CA4BF;;;AACAqC,IAAAA,YAAY,GAAG,8CAAwBf,UAAxB,EAAoC;AAAEkB,MAAAA,KAAF;AAASO,MAAAA,aAAT;AAAwBC,MAAAA;AAAxB,KAApC,CAAf;AACAZ,IAAAA,iBAAiB,oBAAGC,YAAH,kDAAG,cAAcD,iBAAlC,CA9BE,CA8BmD;;AAErD,QAAI,CAACA,iBAAL,EAAwB;AACtB;AACAd,MAAAA,UAAU,CAAC+B,kBAAX,CAA8BC,KAA9B;AACA,YAAMC,gBAAgB,GAAG,MAAM,wBAASjC,UAAT,EAAqB;AAClDqB,QAAAA,eADkD;AAElDH,QAAAA,KAFkD;AAGlDC,QAAAA,MAHkD;AAIlDO,QAAAA,eAJkD;AAKlDD,QAAAA;AALkD,OAArB,CAA/B;AAOAX,MAAAA,iBAAiB,GAAGmB,gBAAgB,CAACnB,iBAArC;AACAC,MAAAA,YAAY,GAAGkB,gBAAgB,CAAC3B,IAAhC;AACAe,MAAAA,eAAe,GAAGN,YAAY,CAACM,eAA/B;AACD,KA7CC,CA+CF;;;AACA7C,IAAAA,WAAW,GAAG,MAAM,4BAAWwB,UAAX,EAAuB;AAAEqB,MAAAA,eAAF;AAAmBD,MAAAA,OAAnB;AAA4BN,MAAAA;AAA5B,KAAvB,CAApB;AACAP,IAAAA,eAAe,GAAGhC,kBAAkB,CAACC,WAAD,CAApC;AACAgC,IAAAA,cAAc,GAAGpB,iBAAiB,CAACZ,WAAD,CAAlC,CAlDE,CAoDF;;AACA8B,IAAAA,IAAI,GAAGS,YAAP;;AAEA,QAAIQ,aAAa,KAAK,KAAlB,KAA4BjC,WAAW,IAAIZ,OAA3C,CAAJ,EAAyD;AAAA;;AACvD,YAAMwD,MAAqC,GAAG,EAC5C,GAAGjC,OADyC;AAE5CkC,QAAAA,WAAW,EAAE3D,WAAW,CAAC4D,WAAZ,CAAwBD;AAFO,OAA9C,CADuD,CAMvD;;AACA,YAAM;AACJ3D,QAAAA,WAAW,EAAE6D,mBADT;AAEJlC,QAAAA,QAAQ,EAAEmC,gBAFN;AAGJC,QAAAA,QAHI;AAIJC,QAAAA,QAJI;AAKJpC,QAAAA,QAAQ,EAAEqC;AALN,UAMF,MAAM,0BAAUjE,WAAV,EAAuB0D,MAAvB,EAA+B;AAAE5C,QAAAA,WAAF;AAAeZ,QAAAA,OAAf;AAAwBuC,QAAAA,IAAxB;AAA8BO,QAAAA;AAA9B,OAA/B,CANV;AAOAhD,MAAAA,WAAW,GAAG6D,mBAAmB,IAAI7D,WAArC,CAduD,CAgBvD;;AACA2B,MAAAA,QAAQ,GAAGmC,gBAAX;AACAlC,MAAAA,QAAQ,GAAGqC,gBAAX,CAlBuD,CAoBvD;;AACA,UAAItC,QAAJ,EAAc;AACZH,QAAAA,UAAU,CAAC+B,kBAAX,CAA8BW,eAA9B,CAA8ClE,WAAW,CAAC4D,WAA1D;AACA5B,QAAAA,cAAc,GAAGpB,iBAAiB,CAACZ,WAAD,CAAlC;AACD;;AAED,UAAI+D,QAAJ,EAAc;AACZ9B,QAAAA,MAAM,GAAGC,iBAAUiC,QAAnB;AACA/B,QAAAA,sBAAsB,GAAG,IAAzB;AACAC,QAAAA,kBAAkB,GAAG,KAArB,CAHY,CAGgB;AAC7B;;AAAC,UAAI2B,QAAJ,EAAc;AACd/B,QAAAA,MAAM,GAAGC,iBAAUkC,QAAnB;AACAhC,QAAAA,sBAAsB,GAAG,IAAzB;AACD,OAHC,MAGK,oBAAIpC,WAAJ,yCAAI,aAAawC,eAAjB,EAAkC;AACvCA,QAAAA,eAAe,GAAGxC,WAAW,CAACwC,eAA9B;;AAEA,YAAIM,qBAAqB,KAAK,KAA9B,EAAqC;AACnCb,UAAAA,MAAM,GAAGC,iBAAUmC,OAAnB;AACAjC,UAAAA,sBAAsB,GAAG,KAAzB;AACD,SAHD,MAGO;AACL;AACA,gBAAM;AACJkC,YAAAA,QADI;AAEJC,YAAAA,YAFI;AAGJC,YAAAA,eAHI;AAIJC,YAAAA,WAJI;AAKJC,YAAAA,IALI;AAMJ/B,YAAAA;AANI,cAOFJ,YAPJ;AAQAb,UAAAA,MAAM,GAAG,MAAMF,UAAU,CAACmD,KAAX,CAAiB7B,qBAAjB,CAAuC;AACpDN,YAAAA,eADoD;AAEpD8B,YAAAA,QAFoD;AAGpDC,YAAAA,YAHoD;AAIpDC,YAAAA,eAJoD;AAKpDC,YAAAA,WALoD;AAMpD9B,YAAAA;AANoD,WAAvC,EAOZ+B,IAPY,CAAf;AASAzC,UAAAA,MAAM,GAAGC,iBAAUmC,OAAnB;AACAjC,UAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF;AACF,GAtHD,CAsHE,OAAOwC,GAAP,EAAY;AACZ;AACA,QAAI,0BAAcA,GAAd,CAAJ,EAAwB;AACtB/C,MAAAA,KAAK,GAAG+C,GAAR;AACA3C,MAAAA,MAAM,GAAGC,iBAAU2C,OAAnB;AACAzC,MAAAA,sBAAsB,GAAG,IAAzB;AACD,KAJD,MAIO;AACL;AACA,YAAMwC,GAAN;AACD;AAEF;;AAED,MAAIxC,sBAAJ,EAA4B;AAC1BZ,IAAAA,UAAU,CAAC+B,kBAAX,CAA8BC,KAA9B,CAAoC;AAAEnB,MAAAA;AAAF,KAApC;AACD,GArJwB,CAuJzB;;;AACA,QAAM;AAAEnC,IAAAA,OAAF;AAAWoB,IAAAA,OAAX;AAAoBnB,IAAAA,eAApB;AAAqC2E,IAAAA,OAArC;AAA8ClB,IAAAA;AAA9C,MAA8D5D,WAAW,IAAI,EAAnF;AACA,SAAO;AACLiC,IAAAA,MADK;AAEL,QAAIH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAAZ,CAFK;AAGL,QAAIC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAAvB,CAHK;AAIL,QAAIC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KAAtB,CAJK;AAKL,QAAIN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KAAd,CALK;AAML,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CANK;AAOL,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CAPK;AAQL,QAAIC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KAAb,CARK;AASLW,IAAAA,eATK;AASY;AAEjB;AACAtC,IAAAA,OAZK;AAaLoB,IAAAA,OAbK;AAcLnB,IAAAA,eAdK;AAeL2E,IAAAA,OAfK;AAgBLlB,IAAAA;AAhBK,GAAP;AAkBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate, RemediateOptions } from './remediate';\nimport { getFlowSpecification, RemediationFlow } from './flow';\nimport * as remediators from './remediators';\nimport { \n  OktaAuthInterface,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n  FlowIdentifier,\n} from '../types';\nimport { IdxResponse, isIdxResponse } from './types/idx-js';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { ProceedOptions } from './proceed';\n\nexport type RunOptions = ProceedOptions & RemediateOptions & {\n  flow?: FlowIdentifier;\n  remediators?: RemediationFlow;\n  actions?: string[];\n  withCredentials?: boolean;\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n    res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n  }\n\n  return res;\n}\n\nfunction getAvailableSteps(idxResponse: IdxResponse): NextStep[] {\n  const res = [];\n\n  const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n    // Only add concrete subclasses to the map\n    if (remediatorClass.remediationName) {\n      map[remediatorClass.remediationName] = remediatorClass;\n    }\n    return map;\n  }, {});\n\n  for (let remediation of idxResponse.neededToProceed) {\n    const T = remediatorMap[remediation.name];\n    if (T) {\n      const remediator = new T(remediation);\n      res.push (remediator.getNextStep(idxResponse.context) as never);\n    }\n  }\n\n  return res;\n}\n\nexport async function run(\n  authClient: OktaAuthInterface, \n  options: RunOptions = {},\n): Promise<IdxTransaction> {\n  let tokens;\n  let nextStep;\n  let messages;\n  let error;\n  let meta;\n  let enabledFeatures;\n  let availableSteps;\n  let status = IdxStatus.PENDING;\n  let shouldClearTransaction = false;\n  let clearSharedStorage = true;\n  let idxResponse;\n  let interactionHandle;\n  let metaFromResp;\n  let interactionCode;\n\n  try {\n\n    let {\n      flow,\n      state,\n      scopes,\n      version,\n      remediators,\n      actions,\n      withCredentials,\n      exchangeCodeForTokens,\n      autoRemediate,\n      step,\n      recoveryToken,\n      activationToken\n    } = options;\n\n    // Only one flow can be operating at a time\n    flow = flow || authClient.idx.getFlow() || 'default';\n    if (flow) {\n      authClient.idx.setFlow(flow);\n      const flowSpec = getFlowSpecification(authClient, flow);\n      // Favor option values over flow spec\n      withCredentials = (typeof withCredentials !== 'undefined') ? withCredentials : flowSpec.withCredentials;\n      remediators = remediators || flowSpec.remediators;\n      actions = actions || flowSpec.actions;\n    }\n\n    // Try to resume saved transaction\n    metaFromResp = getSavedTransactionMeta(authClient, { state, recoveryToken, activationToken });\n    interactionHandle = metaFromResp?.interactionHandle; // may be undefined\n\n    if (!interactionHandle) {\n      // start a new transaction\n      authClient.transactionManager.clear();\n      const interactResponse = await interact(authClient, {\n        withCredentials,\n        state,\n        scopes,\n        activationToken,\n        recoveryToken\n      }); \n      interactionHandle = interactResponse.interactionHandle;\n      metaFromResp = interactResponse.meta;\n      withCredentials = metaFromResp.withCredentials;\n    }\n\n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { withCredentials, version, interactionHandle });\n    enabledFeatures = getEnabledFeatures(idxResponse);\n    availableSteps = getAvailableSteps(idxResponse);\n    \n    // Include meta in the transaction response\n    meta = metaFromResp;\n\n    if (autoRemediate !== false && (remediators || actions)) {\n      const values: remediators.RemediationValues = { \n        ...options, \n        stateHandle: idxResponse.rawIdxState.stateHandle \n      };\n\n      // Can we handle the remediations?\n      const { \n        idxResponse: idxResponseFromResp, \n        nextStep: nextStepFromResp,\n        terminal,\n        canceled,\n        messages: messagesFromResp,\n      } = await remediate(idxResponse, values, { remediators, actions, flow, step });\n      idxResponse = idxResponseFromResp || idxResponse;\n\n      // Track fields from remediation response\n      nextStep = nextStepFromResp;\n      messages = messagesFromResp;\n\n      // Save intermediate idx response in storage to reduce introspect call\n      if (nextStep) {\n        authClient.transactionManager.saveIdxResponse(idxResponse.rawIdxState);\n        availableSteps = getAvailableSteps(idxResponse);\n      }\n\n      if (terminal) {\n        status = IdxStatus.TERMINAL;\n        shouldClearTransaction = true;\n        clearSharedStorage = false; // transaction may be continued in another tab\n      } if (canceled) {\n        status = IdxStatus.CANCELED;\n        shouldClearTransaction = true;\n      } else if (idxResponse?.interactionCode) { \n        interactionCode = idxResponse.interactionCode;\n\n        if (exchangeCodeForTokens === false) {\n          status = IdxStatus.SUCCESS;\n          shouldClearTransaction = false;\n        } else {\n          // exchange the interaction code for tokens\n          const {\n            clientId,\n            codeVerifier,\n            ignoreSignature,\n            redirectUri,\n            urls,\n            scopes,\n          } = metaFromResp;\n          tokens = await authClient.token.exchangeCodeForTokens({\n            interactionCode,\n            clientId,\n            codeVerifier,\n            ignoreSignature,\n            redirectUri,\n            scopes\n          }, urls);\n\n          status = IdxStatus.SUCCESS;\n          shouldClearTransaction = true;\n        }\n      }\n    }\n  } catch (err) {\n    // current version of idx-js will throw/reject IDX responses. Handle these differently than regular errors\n    if (isIdxResponse(err)) {\n      error = err;\n      status = IdxStatus.FAILURE;\n      shouldClearTransaction = true;\n    } else {\n      // error is not an IDX response, throw it like a regular error\n      throw err;\n    }\n\n  }\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear({ clearSharedStorage });\n  }\n  \n  // from idx-js, used by the widget\n  const { actions, context, neededToProceed, proceed, rawIdxState } = idxResponse || {};\n  return {\n    status,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens: tokens.tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && { messages }),\n    ...(error && { error }),\n    interactionCode, // if options.exchangeCodeForTokens is false\n\n    // from idx-js\n    actions,\n    context,\n    neededToProceed,\n    proceed,\n    rawIdxState,\n  };\n}\n"],"file":"run.js"}

package/cjs/idx/startTransaction.js

@@ -15,10 +15,12 @@ var _run = require("./run");
  * 
  * See the License for the specific language governing permissions and limitations under the License.
  */
-// This method only resolves { status: IdxStatus.PENDING } if transaction has already started
 async function startTransaction(authClient, options = {}) {
   // Clear IDX response cache and saved transaction meta (if any)
   authClient.transactionManager.clear();
-  return (0, _run.run)(authClient, options);
+  return (0, _run.run)(authClient, {
+    exchangeCodeForTokens: false,
+    ...options
+  });
 }
 //# sourceMappingURL=startTransaction.js.map

package/cjs/idx/startTransaction.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/startTransaction.ts"],"names":["startTransaction","authClient","options","transactionManager","clear"],"mappings":";;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,gBAAf,CACLC,UADK,EAELC,OAAmB,GAAG,EAFjB,EAGoB;AACzB;AACAD,EAAAA,UAAU,CAACE,kBAAX,CAA8BC,KAA9B;AAEA,SAAO,cAAIH,UAAJ,EAAgBC,OAAhB,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { OktaAuth, IdxOptions, IdxTransaction } from '../types';\n\n// This method only resolves { status: IdxStatus.PENDING } if transaction has already started\nexport async function startTransaction(\n  authClient: OktaAuth, \n  options: IdxOptions = {}\n): Promise<IdxTransaction> {\n  // Clear IDX response cache and saved transaction meta (if any)\n  authClient.transactionManager.clear();\n\n  return run(authClient, options);\n}\n"],"file":"startTransaction.js"}
+{"version":3,"sources":["../../../lib/idx/startTransaction.ts"],"names":["startTransaction","authClient","options","transactionManager","clear","exchangeCodeForTokens"],"mappings":";;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,gBAAf,CACLC,UADK,EAELC,OAAmB,GAAG,EAFjB,EAGoB;AACzB;AACAD,EAAAA,UAAU,CAACE,kBAAX,CAA8BC,KAA9B;AAEA,SAAO,cAAIH,UAAJ,EAAgB;AACrBI,IAAAA,qBAAqB,EAAE,KADF;AAErB,OAAGH;AAFkB,GAAhB,CAAP;AAID","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run, RunOptions } from './run';\nimport { OktaAuthInterface, IdxTransaction } from '../types';\n\nexport async function startTransaction(\n  authClient: OktaAuthInterface, \n  options: RunOptions = {}\n): Promise<IdxTransaction> {\n  // Clear IDX response cache and saved transaction meta (if any)\n  authClient.transactionManager.clear();\n\n  return run(authClient, {\n    exchangeCodeForTokens: false,\n    ...options\n  });\n}\n"],"file":"startTransaction.js"}

package/cjs/idx/transactionMeta.js

@@ -1,17 +1,21 @@
 "use strict";
 
 exports.createTransactionMeta = createTransactionMeta;
-exports.transactionMetaExist = transactionMetaExist;
+exports.hasSavedInteractionHandle = hasSavedInteractionHandle;
 exports.getSavedTransactionMeta = getSavedTransactionMeta;
 exports.getTransactionMeta = getTransactionMeta;
 exports.saveTransactionMeta = saveTransactionMeta;
 exports.clearTransactionMeta = clearTransactionMeta;
 exports.isTransactionMetaValid = isTransactionMetaValid;
+exports.isTransactionMetaValidForFlow = isTransactionMetaValidForFlow;
+exports.isTransactionMetaValidForOptions = isTransactionMetaValidForOptions;
 
 var _util = require("../util");
 
 var _oidc = require("../oidc");
 
+/* eslint-disable @typescript-eslint/no-non-null-assertion */
+
 /*!
  * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -24,83 +28,78 @@ var _oidc = require("../oidc");
  * See the License for the specific language governing permissions and limitations under the License.
  */
 // Calculate new values
-async function createTransactionMeta(authClient, options) {
+async function createTransactionMeta(authClient, options = {}) {
   const tokenParams = await authClient.token.prepareTokenParams(options);
-  const {
-    pkce,
-    clientId,
-    redirectUri,
-    responseType,
-    responseMode,
-    scopes,
-    state,
-    nonce,
-    ignoreSignature,
-    codeVerifier,
-    codeChallengeMethod,
-    codeChallenge
-  } = tokenParams;
-  const urls = (0, _oidc.getOAuthUrls)(authClient, tokenParams);
-  const flow = authClient.idx.getFlow() || 'default';
-  const issuer = authClient.options.issuer;
-  const meta = {
+  const pkceMeta = (0, _oidc.createOAuthMeta)(authClient, tokenParams);
+  let {
+    flow = 'default',
+    withCredentials = true,
+    activationToken = undefined,
+    recoveryToken = undefined
+  } = { ...authClient.options,
+    ...options
+  }; // local options override SDK options
+
+  const meta = { ...pkceMeta,
     flow,
-    issuer,
-    pkce,
-    clientId,
-    redirectUri,
-    responseType,
-    responseMode,
-    scopes,
-    state,
-    nonce,
-    urls,
-    ignoreSignature,
-    codeVerifier,
-    codeChallengeMethod,
-    codeChallenge
+    withCredentials,
+    activationToken,
+    recoveryToken
   };
   return meta;
 }
 
-function transactionMetaExist(authClient, options) {
-  if (authClient.transactionManager.exists(options)) {
-    const existing = authClient.transactionManager.load(options);
+function hasSavedInteractionHandle(authClient, options) {
+  const savedMeta = getSavedTransactionMeta(authClient, options);
 
-    if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {
-      return true;
-    }
+  if (savedMeta !== null && savedMeta !== void 0 && savedMeta.interactionHandle) {
+    return true;
   }
 
   return false;
-} // Returns the saved transaction meta, if it exists and is valid, or undefined
+} // Returns the saved transaction meta, if it exists and is valid
 
 
 function getSavedTransactionMeta(authClient, options) {
-  const state = (options === null || options === void 0 ? void 0 : options.state) || authClient.options.state;
-  const existing = authClient.transactionManager.load({
-    state
-  });
+  options = (0, _util.removeNils)(options);
+  options = { ...authClient.options,
+    ...options
+  }; // local options override SDK options
+
+  let savedMeta;
 
-  if (existing && isTransactionMetaValid(authClient, existing)) {
-    return existing;
+  try {
+    savedMeta = authClient.transactionManager.load(options);
+  } catch (e) {// ignore errors here
   }
+
+  if (!savedMeta) {
+    return;
+  }
+
+  if (isTransactionMetaValid(savedMeta, options)) {
+    return savedMeta;
+  } // existing meta is not valid for this configuration
+  // this is common when changing configuration in local development environment
+  // in a production environment, this may indicate that two apps are sharing a storage key
+
+
+  (0, _util.warn)('Saved transaction meta does not match the current configuration. ' + 'This may indicate that two apps are sharing a storage key.');
 }
 
 async function getTransactionMeta(authClient, options) {
+  options = (0, _util.removeNils)(options);
+  options = { ...authClient.options,
+    ...options
+  }; // local options override SDK options
   // Load existing transaction meta from storage
-  if (authClient.transactionManager.exists(options)) {
-    const validExistingMeta = getSavedTransactionMeta(authClient, options);
 
-    if (validExistingMeta) {
-      return validExistingMeta;
-    } // existing meta is not valid for this configuration
-    // this is common when changing configuration in local development environment
-    // in a production environment, this may indicate that two apps are sharing a storage key
+  const validExistingMeta = getSavedTransactionMeta(authClient, options);
 
+  if (validExistingMeta) {
+    return validExistingMeta;
+  } // No existing? Create new transaction meta.
 
-    (0, _util.warn)('Saved transaction meta does not match the current configuration. ' + 'This may indicate that two apps are sharing a storage key.');
-  }
 
   return createTransactionMeta(authClient, options);
 }
@@ -113,29 +112,30 @@ function saveTransactionMeta(authClient, meta) {
 
 function clearTransactionMeta(authClient) {
   authClient.transactionManager.clear();
-} // returns true if values in meta match current authClient options
-// eslint-disable-next-line complexity
-
+}
 
-function isTransactionMetaValid(authClient, meta) {
-  // First validate against required config
-  const keys = ['issuer', 'clientId', 'redirectUri'];
+function isTransactionMetaValid(meta, options = {}) {
+  // Validate against certain options. If these exist in options, they must match in meta
+  const keys = ['issuer', 'clientId', 'redirectUri', 'state', 'codeChallenge', 'codeChallengeMethod', 'activationToken', 'recoveryToken'];
 
-  if (keys.some(key => authClient.options[key] !== meta[key])) {
+  if (isTransactionMetaValidForOptions(meta, options, keys) === false) {
     return false;
-  } // Validate optional config
+  } // Validate configured flow
 
 
   const {
-    flow,
-    state
-  } = authClient.options; // If state is specified, it must match meta to be valid
+    flow
+  } = options;
 
-  if (state && state !== meta.state) {
+  if (isTransactionMetaValidForFlow(meta, flow) === false) {
     return false;
-  } // Specific flows should not share transaction data
+  }
 
+  return true;
+}
 
+function isTransactionMetaValidForFlow(meta, flow) {
+  // Specific flows should not share transaction data
   const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';
 
   if (shouldValidateFlow) {
@@ -147,4 +147,17 @@ function isTransactionMetaValid(authClient, meta) {
 
   return true;
 }
+
+function isTransactionMetaValidForOptions(meta, options, keys) {
+  // returns false if values in meta do not match options
+  // if the option does not have a value for a specific key, it is ignored
+  const mismatch = keys.some(key => {
+    const value = options[key];
+
+    if (value && value !== meta[key]) {
+      return true;
+    }
+  });
+  return !mismatch;
+}
 //# sourceMappingURL=transactionMeta.js.map