@okta/okta-auth-js 5.10.0 → 6.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (396) hide show
  1. package/CHANGELOG.md +60 -0
  2. package/README.md +10 -6
  3. package/cjs/AuthStateManager.js +11 -3
  4. package/cjs/AuthStateManager.js.map +1 -1
  5. package/cjs/OktaAuth.js +139 -95
  6. package/cjs/OktaAuth.js.map +1 -1
  7. package/cjs/OktaUserAgent.js +2 -2
  8. package/cjs/OktaUserAgent.js.map +1 -1
  9. package/cjs/PromiseQueue.js +11 -2
  10. package/cjs/PromiseQueue.js.map +1 -1
  11. package/cjs/SavedObject.js +4 -2
  12. package/cjs/SavedObject.js.map +1 -1
  13. package/cjs/StorageManager.js +16 -9
  14. package/cjs/StorageManager.js.map +1 -1
  15. package/cjs/TokenManager.js +38 -22
  16. package/cjs/TokenManager.js.map +1 -1
  17. package/cjs/TransactionManager.js +26 -7
  18. package/cjs/TransactionManager.js.map +1 -1
  19. package/cjs/browser/browserStorage.js +25 -14
  20. package/cjs/browser/browserStorage.js.map +1 -1
  21. package/cjs/browser/fingerprint.js +12 -4
  22. package/cjs/browser/fingerprint.js.map +1 -1
  23. package/cjs/builderUtil.js +7 -19
  24. package/cjs/builderUtil.js.map +1 -1
  25. package/cjs/clock.js +5 -1
  26. package/cjs/clock.js.map +1 -1
  27. package/cjs/crypto/base64.js +18 -0
  28. package/cjs/crypto/base64.js.map +1 -1
  29. package/cjs/crypto/index.js +6 -4
  30. package/cjs/crypto/index.js.map +1 -1
  31. package/cjs/crypto/oidcHash.js +5 -1
  32. package/cjs/crypto/oidcHash.js.map +1 -1
  33. package/cjs/crypto/webauthn.js +101 -0
  34. package/cjs/crypto/webauthn.js.map +1 -0
  35. package/cjs/crypto/webcrypto.js +3 -1
  36. package/cjs/crypto/webcrypto.js.map +1 -1
  37. package/cjs/errors/AuthApiError.js +1 -1
  38. package/cjs/errors/AuthPollStopError.js +1 -1
  39. package/cjs/errors/AuthSdkError.js +1 -1
  40. package/cjs/errors/CustomError.js +5 -1
  41. package/cjs/errors/CustomError.js.map +1 -1
  42. package/cjs/errors/OAuthError.js +1 -1
  43. package/cjs/errors/index.js +1 -1
  44. package/cjs/features.js +9 -3
  45. package/cjs/features.js.map +1 -1
  46. package/cjs/fetch/fetchRequest.js +19 -6
  47. package/cjs/fetch/fetchRequest.js.map +1 -1
  48. package/cjs/http/headers.js.map +1 -1
  49. package/cjs/http/index.js +4 -2
  50. package/cjs/http/index.js.map +1 -1
  51. package/cjs/http/request.js +11 -5
  52. package/cjs/http/request.js.map +1 -1
  53. package/cjs/idx/authenticate.js +8 -5
  54. package/cjs/idx/authenticate.js.map +1 -1
  55. package/cjs/idx/authenticator/Authenticator.js.map +1 -1
  56. package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
  57. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +1 -1
  58. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
  59. package/cjs/idx/authenticator/SecurityQuestionVerification.js +2 -1
  60. package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
  61. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +2 -2
  62. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
  63. package/cjs/idx/authenticator/WebauthnEnrollment.js +46 -0
  64. package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -0
  65. package/cjs/idx/authenticator/WebauthnVerification.js +55 -0
  66. package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -0
  67. package/cjs/idx/authenticator/getAuthenticator.js +17 -6
  68. package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
  69. package/cjs/idx/authenticator/index.js +34 -6
  70. package/cjs/idx/authenticator/index.js.map +1 -1
  71. package/cjs/idx/cancel.js.map +1 -1
  72. package/cjs/idx/emailVerify.js +73 -0
  73. package/cjs/idx/emailVerify.js.map +1 -0
  74. package/cjs/idx/flow/AccountUnlockFlow.js +30 -0
  75. package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -0
  76. package/cjs/idx/flow/AuthenticationFlow.js +2 -1
  77. package/cjs/idx/flow/AuthenticationFlow.js.map +1 -1
  78. package/cjs/idx/flow/FlowSpecification.js +24 -4
  79. package/cjs/idx/flow/FlowSpecification.js.map +1 -1
  80. package/cjs/idx/flow/PasswordRecoveryFlow.js +4 -1
  81. package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
  82. package/cjs/idx/flow/RegistrationFlow.js +2 -0
  83. package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
  84. package/cjs/idx/flow/index.js +20 -5
  85. package/cjs/idx/flow/index.js.map +1 -1
  86. package/cjs/idx/handleInteractionCodeRedirect.js +6 -1
  87. package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
  88. package/cjs/idx/headers.js +21 -5
  89. package/cjs/idx/headers.js.map +1 -1
  90. package/cjs/idx/idx-js/client.js +91 -0
  91. package/cjs/idx/idx-js/client.js.map +1 -0
  92. package/cjs/idx/idx-js/index.js +162 -0
  93. package/cjs/idx/idx-js/index.js.map +1 -0
  94. package/cjs/idx/idx-js/interact.js +83 -0
  95. package/cjs/idx/idx-js/interact.js.map +1 -0
  96. package/cjs/idx/idx-js/introspect.js +58 -0
  97. package/cjs/idx/idx-js/introspect.js.map +1 -0
  98. package/cjs/idx/idx-js/parsers.js +41 -0
  99. package/cjs/idx/idx-js/parsers.js.map +1 -0
  100. package/cjs/idx/idx-js/util.js +34 -0
  101. package/cjs/idx/idx-js/util.js.map +1 -0
  102. package/cjs/idx/idx-js/v1/actionParser.js +90 -0
  103. package/cjs/idx/idx-js/v1/actionParser.js.map +1 -0
  104. package/cjs/idx/idx-js/v1/generateIdxAction.js +117 -0
  105. package/cjs/idx/idx-js/v1/generateIdxAction.js.map +1 -0
  106. package/cjs/idx/idx-js/v1/idxResponseParser.js +137 -0
  107. package/cjs/idx/idx-js/v1/idxResponseParser.js.map +1 -0
  108. package/cjs/idx/idx-js/v1/makeIdxState.js +64 -0
  109. package/cjs/idx/idx-js/v1/makeIdxState.js.map +1 -0
  110. package/cjs/idx/idx-js/v1/parsers.js +24 -0
  111. package/cjs/idx/idx-js/v1/parsers.js.map +1 -0
  112. package/cjs/idx/idx-js/v1/remediationParser.js +32 -0
  113. package/cjs/idx/idx-js/v1/remediationParser.js.map +1 -0
  114. package/cjs/idx/index.js +121 -109
  115. package/cjs/idx/index.js.map +1 -1
  116. package/cjs/idx/interact.js +53 -36
  117. package/cjs/idx/interact.js.map +1 -1
  118. package/cjs/idx/introspect.js +17 -19
  119. package/cjs/idx/introspect.js.map +1 -1
  120. package/cjs/idx/poll.js +13 -3
  121. package/cjs/idx/poll.js.map +1 -1
  122. package/cjs/idx/proceed.js +4 -7
  123. package/cjs/idx/proceed.js.map +1 -1
  124. package/cjs/idx/recoverPassword.js +1 -1
  125. package/cjs/idx/recoverPassword.js.map +1 -1
  126. package/cjs/idx/register.js +11 -16
  127. package/cjs/idx/register.js.map +1 -1
  128. package/cjs/idx/remediate.js +74 -27
  129. package/cjs/idx/remediate.js.map +1 -1
  130. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +12 -4
  131. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
  132. package/cjs/idx/remediators/AuthenticatorVerificationData.js +13 -7
  133. package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
  134. package/cjs/idx/remediators/Base/AuthenticatorData.js +31 -13
  135. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  136. package/cjs/idx/remediators/Base/Remediator.js +67 -31
  137. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  138. package/cjs/idx/remediators/Base/SelectAuthenticator.js +46 -30
  139. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  140. package/cjs/idx/remediators/Base/VerifyAuthenticator.js +16 -4
  141. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  142. package/cjs/idx/remediators/ChallengeAuthenticator.js +2 -2
  143. package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
  144. package/cjs/idx/remediators/ChallengePoll.js +2 -2
  145. package/cjs/idx/remediators/EnrollAuthenticator.js +2 -2
  146. package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
  147. package/cjs/idx/remediators/EnrollPoll.js +18 -9
  148. package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
  149. package/cjs/idx/remediators/EnrollProfile.js +24 -9
  150. package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
  151. package/cjs/idx/remediators/EnrollmentChannelData.js +96 -0
  152. package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -0
  153. package/cjs/idx/remediators/Identify.js +5 -3
  154. package/cjs/idx/remediators/Identify.js.map +1 -1
  155. package/cjs/idx/remediators/ReEnrollAuthenticator.js +6 -3
  156. package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
  157. package/cjs/idx/remediators/RedirectIdp.js +2 -2
  158. package/cjs/idx/remediators/ResetAuthenticator.js +2 -2
  159. package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
  160. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +7 -5
  161. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
  162. package/cjs/idx/remediators/SelectAuthenticatorEnroll.js +2 -2
  163. package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
  164. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +72 -0
  165. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -0
  166. package/cjs/idx/remediators/SelectEnrollProfile.js +2 -2
  167. package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
  168. package/cjs/idx/remediators/SelectEnrollmentChannel.js +86 -0
  169. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -0
  170. package/cjs/idx/remediators/Skip.js +5 -3
  171. package/cjs/idx/remediators/Skip.js.map +1 -1
  172. package/cjs/idx/remediators/index.js +57 -16
  173. package/cjs/idx/remediators/index.js.map +1 -1
  174. package/cjs/idx/remediators/util.js +18 -3
  175. package/cjs/idx/remediators/util.js.map +1 -1
  176. package/cjs/idx/run.js +139 -49
  177. package/cjs/idx/run.js.map +1 -1
  178. package/cjs/idx/startTransaction.js +4 -2
  179. package/cjs/idx/startTransaction.js.map +1 -1
  180. package/cjs/idx/transactionMeta.js +82 -69
  181. package/cjs/idx/transactionMeta.js.map +1 -1
  182. package/cjs/idx/types/idx-js.js.map +1 -1
  183. package/cjs/idx/types/index.js +59 -7
  184. package/cjs/idx/types/index.js.map +1 -1
  185. package/cjs/idx/unlockAccount.js +48 -0
  186. package/cjs/idx/unlockAccount.js.map +1 -0
  187. package/cjs/index.js +33 -13
  188. package/cjs/index.js.map +1 -1
  189. package/cjs/oidc/endpoints/authorize.js +10 -2
  190. package/cjs/oidc/endpoints/authorize.js.map +1 -1
  191. package/cjs/oidc/endpoints/index.js +5 -3
  192. package/cjs/oidc/endpoints/index.js.map +1 -1
  193. package/cjs/oidc/endpoints/token.js +16 -3
  194. package/cjs/oidc/endpoints/token.js.map +1 -1
  195. package/cjs/oidc/endpoints/well-known.js +7 -3
  196. package/cjs/oidc/endpoints/well-known.js.map +1 -1
  197. package/cjs/oidc/exchangeCodeForTokens.js +12 -4
  198. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  199. package/cjs/oidc/getToken.js +12 -6
  200. package/cjs/oidc/getToken.js.map +1 -1
  201. package/cjs/oidc/getUserInfo.js +7 -3
  202. package/cjs/oidc/getUserInfo.js.map +1 -1
  203. package/cjs/oidc/getWithPopup.js +8 -2
  204. package/cjs/oidc/getWithPopup.js.map +1 -1
  205. package/cjs/oidc/getWithRedirect.js +15 -38
  206. package/cjs/oidc/getWithRedirect.js.map +1 -1
  207. package/cjs/oidc/getWithoutPrompt.js +8 -2
  208. package/cjs/oidc/getWithoutPrompt.js.map +1 -1
  209. package/cjs/oidc/handleOAuthResponse.js +87 -87
  210. package/cjs/oidc/handleOAuthResponse.js.map +1 -1
  211. package/cjs/oidc/index.js +4 -2
  212. package/cjs/oidc/index.js.map +1 -1
  213. package/cjs/oidc/parseFromUrl.js +9 -3
  214. package/cjs/oidc/parseFromUrl.js.map +1 -1
  215. package/cjs/oidc/renewToken.js.map +1 -1
  216. package/cjs/oidc/renewTokens.js +6 -2
  217. package/cjs/oidc/renewTokens.js.map +1 -1
  218. package/cjs/oidc/renewTokensWithRefresh.js +5 -1
  219. package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
  220. package/cjs/oidc/revokeToken.js +34 -31
  221. package/cjs/oidc/revokeToken.js.map +1 -1
  222. package/cjs/oidc/util/browser.js +5 -1
  223. package/cjs/oidc/util/browser.js.map +1 -1
  224. package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
  225. package/cjs/oidc/util/errors.js.map +1 -1
  226. package/cjs/oidc/util/index.js +27 -11
  227. package/cjs/oidc/util/index.js.map +1 -1
  228. package/cjs/oidc/util/loginRedirect.js +10 -1
  229. package/cjs/oidc/util/loginRedirect.js.map +1 -1
  230. package/cjs/oidc/util/oauth.js +4 -2
  231. package/cjs/oidc/util/oauth.js.map +1 -1
  232. package/cjs/oidc/util/oauthMeta.js +36 -0
  233. package/cjs/oidc/util/oauthMeta.js.map +1 -0
  234. package/cjs/oidc/util/pkce.js +11 -3
  235. package/cjs/oidc/util/pkce.js.map +1 -1
  236. package/cjs/oidc/util/prepareTokenParams.js +62 -39
  237. package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
  238. package/cjs/oidc/util/validateClaims.js +3 -1
  239. package/cjs/oidc/util/validateClaims.js.map +1 -1
  240. package/cjs/oidc/verifyToken.js +13 -4
  241. package/cjs/oidc/verifyToken.js.map +1 -1
  242. package/cjs/options.js +12 -6
  243. package/cjs/options.js.map +1 -1
  244. package/cjs/server/serverStorage.js +2 -1
  245. package/cjs/server/serverStorage.js.map +1 -1
  246. package/cjs/services/TokenService.js +3 -0
  247. package/cjs/services/TokenService.js.map +1 -1
  248. package/cjs/tx/AuthTransaction.js +18 -9
  249. package/cjs/tx/AuthTransaction.js.map +1 -1
  250. package/cjs/tx/TransactionState.js +0 -17
  251. package/cjs/tx/TransactionState.js.map +1 -1
  252. package/cjs/tx/api.js +11 -6
  253. package/cjs/tx/api.js.map +1 -1
  254. package/cjs/tx/index.js +7 -5
  255. package/cjs/tx/index.js.map +1 -1
  256. package/cjs/tx/poll.js +6 -4
  257. package/cjs/tx/poll.js.map +1 -1
  258. package/cjs/tx/util.js +5 -1
  259. package/cjs/tx/util.js.map +1 -1
  260. package/cjs/types/Transaction.js +10 -2
  261. package/cjs/types/Transaction.js.map +1 -1
  262. package/cjs/types/index.js +16 -14
  263. package/cjs/types/index.js.map +1 -1
  264. package/cjs/util/index.js +7 -18
  265. package/cjs/util/index.js.map +1 -1
  266. package/cjs/util/misc.js +5 -1
  267. package/cjs/util/misc.js.map +1 -1
  268. package/cjs/util/object.js +16 -6
  269. package/cjs/util/object.js.map +1 -1
  270. package/cjs/util/sharedStorage.js +5 -1
  271. package/cjs/util/sharedStorage.js.map +1 -1
  272. package/cjs/util/url.js.map +1 -1
  273. package/dist/okta-auth-js.min.js +1 -1
  274. package/dist/okta-auth-js.min.js.LICENSE.txt +0 -12
  275. package/dist/okta-auth-js.min.js.map +1 -1
  276. package/dist/okta-auth-js.polyfill.js +1 -1
  277. package/dist/okta-auth-js.polyfill.js.map +1 -1
  278. package/dist/okta-auth-js.umd.js +1 -1
  279. package/dist/okta-auth-js.umd.js.LICENSE.txt +0 -12
  280. package/dist/okta-auth-js.umd.js.map +1 -1
  281. package/esm/index.js +2758 -957
  282. package/esm/index.js.map +1 -1
  283. package/lib/AuthStateManager.d.ts +1 -2
  284. package/lib/OktaAuth.d.ts +10 -13
  285. package/lib/StorageManager.d.ts +2 -2
  286. package/lib/TokenManager.d.ts +4 -4
  287. package/lib/TransactionManager.d.ts +4 -3
  288. package/lib/browser/fingerprint.d.ts +2 -3
  289. package/lib/builderUtil.d.ts +1 -2
  290. package/lib/crypto/base64.d.ts +2 -0
  291. package/lib/crypto/browser.d.ts +1 -1
  292. package/lib/crypto/webauthn.d.ts +25 -0
  293. package/lib/features.d.ts +1 -1
  294. package/lib/http/headers.d.ts +2 -2
  295. package/lib/http/request.d.ts +4 -4
  296. package/lib/idx/authenticate.d.ts +2 -2
  297. package/lib/idx/authenticator/Authenticator.d.ts +4 -5
  298. package/lib/idx/authenticator/OktaPassword.d.ts +7 -9
  299. package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +9 -8
  300. package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +7 -7
  301. package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +6 -2
  302. package/lib/idx/authenticator/WebauthnEnrollment.d.ts +16 -0
  303. package/lib/idx/authenticator/WebauthnVerification.d.ts +17 -0
  304. package/lib/idx/authenticator/getAuthenticator.d.ts +1 -1
  305. package/lib/idx/authenticator/index.d.ts +9 -0
  306. package/lib/idx/cancel.d.ts +2 -2
  307. package/lib/idx/emailVerify.d.ts +26 -0
  308. package/lib/{util/emailVerify.d.ts → idx/flow/AccountUnlockFlow.d.ts} +2 -6
  309. package/lib/idx/flow/FlowSpecification.d.ts +3 -2
  310. package/lib/idx/flow/index.d.ts +1 -0
  311. package/lib/idx/headers.d.ts +3 -2
  312. package/lib/idx/idx-js/client.d.ts +36 -0
  313. package/lib/idx/idx-js/index.d.ts +51 -0
  314. package/lib/idx/idx-js/interact.d.ts +25 -0
  315. package/lib/idx/idx-js/introspect.d.ts +20 -0
  316. package/lib/idx/idx-js/parsers.d.ts +15 -0
  317. package/lib/idx/idx-js/util.d.ts +12 -0
  318. package/lib/idx/idx-js/v1/actionParser.d.ts +16 -0
  319. package/lib/idx/idx-js/v1/generateIdxAction.d.ts +13 -0
  320. package/lib/idx/idx-js/v1/idxResponseParser.d.ts +20 -0
  321. package/lib/idx/idx-js/v1/makeIdxState.d.ts +13 -0
  322. package/lib/idx/idx-js/v1/parsers.d.ts +16 -0
  323. package/lib/idx/idx-js/v1/remediationParser.d.ts +12 -0
  324. package/lib/idx/index.d.ts +12 -10
  325. package/lib/idx/interact.d.ts +7 -13
  326. package/lib/idx/introspect.d.ts +4 -3
  327. package/lib/idx/poll.d.ts +2 -2
  328. package/lib/idx/proceed.d.ts +8 -5
  329. package/lib/idx/recoverPassword.d.ts +2 -2
  330. package/lib/idx/register.d.ts +2 -2
  331. package/lib/idx/remediate.d.ts +10 -4
  332. package/lib/idx/remediators/AuthenticatorEnrollmentData.d.ts +3 -3
  333. package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +3 -3
  334. package/lib/idx/remediators/Base/AuthenticatorData.d.ts +8 -7
  335. package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +10 -7
  336. package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +8 -12
  337. package/lib/idx/remediators/EnrollPoll.d.ts +1 -1
  338. package/lib/idx/remediators/EnrollProfile.d.ts +1 -1
  339. package/lib/idx/remediators/EnrollmentChannelData.d.ts +54 -0
  340. package/lib/idx/remediators/Identify.d.ts +2 -2
  341. package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -2
  342. package/lib/idx/remediators/RedirectIdp.d.ts +3 -3
  343. package/lib/idx/remediators/SelectAuthenticatorUnlockAccount.d.ts +38 -0
  344. package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +40 -0
  345. package/lib/idx/remediators/index.d.ts +3 -0
  346. package/lib/idx/remediators/util.d.ts +2 -2
  347. package/lib/idx/run.d.ts +5 -3
  348. package/lib/idx/startTransaction.d.ts +3 -2
  349. package/lib/idx/transactionMeta.d.ts +10 -31
  350. package/lib/idx/types/FlowIdentifier.d.ts +1 -1
  351. package/lib/idx/types/idx-js.d.ts +44 -1
  352. package/lib/idx/types/index.d.ts +36 -9
  353. package/lib/idx/unlockAccount.d.ts +15 -0
  354. package/lib/index.d.ts +1 -0
  355. package/lib/oidc/endpoints/well-known.d.ts +3 -3
  356. package/lib/oidc/exchangeCodeForTokens.d.ts +14 -2
  357. package/lib/oidc/getToken.d.ts +2 -2
  358. package/lib/oidc/getWithPopup.d.ts +2 -2
  359. package/lib/oidc/getWithRedirect.d.ts +2 -2
  360. package/lib/oidc/getWithoutPrompt.d.ts +2 -2
  361. package/lib/oidc/handleOAuthResponse.d.ts +2 -2
  362. package/lib/oidc/parseFromUrl.d.ts +1 -1
  363. package/lib/oidc/renewToken.d.ts +2 -2
  364. package/lib/oidc/renewTokens.d.ts +1 -1
  365. package/lib/oidc/renewTokensWithRefresh.d.ts +2 -2
  366. package/lib/oidc/revokeToken.d.ts +2 -2
  367. package/lib/oidc/util/browser.d.ts +3 -3
  368. package/lib/oidc/util/defaultTokenParams.d.ts +2 -2
  369. package/lib/oidc/util/errors.d.ts +2 -2
  370. package/lib/oidc/util/index.d.ts +1 -0
  371. package/lib/oidc/util/loginRedirect.d.ts +4 -4
  372. package/lib/oidc/util/oauth.d.ts +4 -11
  373. package/lib/oidc/util/oauthMeta.d.ts +2 -0
  374. package/lib/oidc/util/prepareTokenParams.d.ts +5 -2
  375. package/lib/oidc/util/validateClaims.d.ts +2 -2
  376. package/lib/oidc/verifyToken.d.ts +2 -2
  377. package/lib/server/serverStorage.d.ts +1 -1
  378. package/lib/services/TokenService.d.ts +2 -2
  379. package/lib/tx/AuthTransaction.d.ts +2 -2
  380. package/lib/tx/TransactionState.d.ts +11 -1
  381. package/lib/tx/api.d.ts +6 -6
  382. package/lib/types/OktaAuthOptions.d.ts +6 -8
  383. package/lib/types/Storage.d.ts +3 -3
  384. package/lib/types/Transaction.d.ts +10 -7
  385. package/lib/types/UserClaims.d.ts +3 -3
  386. package/lib/types/api.d.ts +44 -20
  387. package/lib/types/index.d.ts +0 -1
  388. package/lib/util/console.d.ts +1 -1
  389. package/lib/util/index.d.ts +0 -1
  390. package/lib/util/sharedStorage.d.ts +1 -1
  391. package/lib/util/types.d.ts +1 -1
  392. package/lib/util/url.d.ts +2 -2
  393. package/package.json +10 -7
  394. package/polyfill/index.js +1 -0
  395. package/cjs/util/emailVerify.js +0 -28
  396. package/cjs/util/emailVerify.js.map +0 -1
package/cjs/oidc/endpoints/token.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","slice","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","Object","entries","client_id","grant_type","scope","scopes","join","refresh_token","map","name","value","encodeURIComponent"],"mappings":";;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;AACxB,UAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;AAC1D,UAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;AACzB,UAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;AACtD;AACA,MAAIS,MAAmB,GAAG,sBAAW;AACnC,iBAAaT,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACG,WAFW;AAGnC,kBAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBL,OAAO,CAACM;AAJU,GAAX,CAA1B;;AAOA,MAAIN,OAAO,CAACK,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;AACD,GAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;AACD;;AAED,QAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACR,OAA7B;;AACA,MAAIW,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAO,yBAAcF,MAAd,EAAsBG,KAAtB,CAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASC,mBAAT,CAA6BL,GAA7B,EAAkCR,OAAlC,EAAwDc,IAAxD,EAAkG;AACvGf,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIe,IAAI,GAAGR,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;AAEA,QAAMgB,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAO,uBAAYR,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CAA0Bb,GAA1B,EAA+BR,OAA/B,EAAqDsB,YAArD,EAAyG;AAC9G,SAAO,uBAAYd,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAEG,MAAM,CAACC,OAAP,CAAe;AACnBC,MAAAA,SAAS,EAAEzB,OAAO,CAACC,QADA;AACU;AAC7ByB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEL,YAAY,CAACM,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAER,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,EAKHS,GALG,CAKC,UAAU,CAACC,IAAD,EAAOC,KAAP,CAAV,EAAyB;AAC9B,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KAPK,EAOHJ,IAPG,CAOE,GAPF;AAPgB,GAAjB,CAAP;AAgBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const headers = {\n 'Content-Type': 'application/x-www-form-urlencoded'\n };\n\n return httpRequest(sdk, {\n url: urls.tokenUrl,\n method: 'POST',\n args: data,\n headers\n });\n}\n\nexport function postRefreshToken(sdk, options: TokenParams, refreshToken: RefreshToken): Promise<OAuthResponse> {\n return httpRequest(sdk, {\n url: refreshToken.tokenUrl,\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n\n args: Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n return name + '=' + encodeURIComponent(value);\n }).join('&'),\n });\n}"],"file":"token.js"}
1
+ {"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","client_id","grant_type","scope","scopes","join","refresh_token","name","value","encodeURIComponent"],"mappings":";;;;;;;;;;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;AACxB,UAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;AAC1D,UAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;AACzB,UAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;AAAA;;AACtD;AACA,MAAIS,MAAmB,GAAG,sBAAW;AACnC,iBAAaT,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACG,WAFW;AAGnC,kBAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBL,OAAO,CAACM;AAJU,GAAX,CAA1B;;AAOA,MAAIN,OAAO,CAACK,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;AACD,GAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;AACD;;AAED,QAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACR,OAA7B;;AACA,MAAIW,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAO,wDAAcF,MAAd,kBAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASG,mBAAT,CAA6BJ,GAA7B,EAAkCR,OAAlC,EAAwDa,IAAxD,EAAkG;AACvGd,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIc,IAAI,GAAGP,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;AAEA,QAAMe,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAO,uBAAYP,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CAA0BZ,GAA1B,EAA+BR,OAA/B,EAAqDqB,YAArD,EAAyG;AAAA;;AAC9G,SAAO,uBAAYb,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAE,oDAAe;AACnBG,MAAAA,SAAS,EAAEtB,OAAO,CAACC,QADA;AACU;AAC7BsB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEH,YAAY,CAACI,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAEN,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,mBAKC,UAAU,CAACO,IAAD,EAAOC,KAAP,CAAV,EAAyB;AAC9B;AACA,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KARK,EAQHH,IARG,CAQE,GARF;AAPgB,GAAjB,CAAP;AAiBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const headers = {\n 'Content-Type': 'application/x-www-form-urlencoded'\n };\n\n return httpRequest(sdk, {\n url: urls.tokenUrl,\n method: 'POST',\n args: data,\n headers\n });\n}\n\nexport function postRefreshToken(sdk, options: TokenParams, refreshToken: RefreshToken): Promise<OAuthResponse> {\n return httpRequest(sdk, {\n url: refreshToken.tokenUrl,\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n\n args: Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return name + '=' + encodeURIComponent(value!);\n }).join('&'),\n });\n}"],"file":"token.js"}
package/cjs/oidc/endpoints/well-known.js CHANGED
@@ -1,10 +1,14 @@
1
1
  "use strict";
2
2
 
3
- var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
3
+ var _findInstanceProperty = require("@babel/runtime-corejs3/core-js-stable/instance/find");
4
+
5
+ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
6
 
5
7
  exports.getWellKnown = getWellKnown;
6
8
  exports.getKey = getKey;
7
9
 
10
+ var _keys = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/keys"));
11
+
8
12
  var _http = require("../../http");
9
13
 
10
14
  var _util = require("../../util");
@@ -39,7 +43,7 @@ function getKey(sdk, issuer, kid) {
39
43
  var cachedResponse = cacheContents[jwksUri];
40
44
 
41
45
  if (cachedResponse && Date.now() / 1000 < cachedResponse.expiresAt) {
42
- var cachedKey = (0, _util.find)(cachedResponse.response.keys, {
46
+ var cachedKey = (0, _findInstanceProperty(_util))((0, _keys.default)(cachedResponse.response), {
43
47
  kid: kid
44
48
  });
45
49
 
@@ -54,7 +58,7 @@ function getKey(sdk, issuer, kid) {
54
58
  return (0, _http.get)(sdk, jwksUri, {
55
59
  cacheResponse: true
56
60
  }).then(function (res) {
57
- var key = (0, _util.find)(res.keys, {
61
+ var key = (0, _findInstanceProperty(_util))((0, _keys.default)(res), {
58
62
  kid: kid
59
63
  });
60
64
 
package/cjs/oidc/endpoints/well-known.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","keys","clearStorage","res","key","AuthSdkError"],"mappings":";;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAAqCC,MAArC,EAAkF;AACvF,MAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;AACA,SAAO,eAAID,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;AACnEE,IAAAA,aAAa,EAAE;AADoD,GAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBL,GAAhB,EAA+BC,MAA/B,EAA+CK,GAA/C,EAA6E;AAClF,MAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;AAEA,SAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;AACxB,QAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;AACA,QAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;AACA,QAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;AACA,QAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;AAChE,UAAIC,SAAS,GAAG,gBAAKJ,cAAc,CAACK,QAAf,CAAwBC,IAA7B,EAAmC;AACjDhB,QAAAA,GAAG,EAAEA;AAD4C,OAAnC,CAAhB;;AAIA,UAAIc,SAAJ,EAAe;AACb,eAAOA,SAAP;AACD;AACF,KAduB,CAgBxB;;;AACAb,IAAAA,SAAS,CAACgB,YAAV,CAAuBV,OAAvB,EAjBwB,CAmBxB;;AACA,WAAO,eAAIb,GAAJ,EAASa,OAAT,EAAkB;AACvBT,MAAAA,aAAa,EAAE;AADQ,KAAlB,EAGNO,IAHM,CAGD,UAASa,GAAT,EAAc;AAClB,UAAIC,GAAG,GAAG,gBAAKD,GAAG,CAACF,IAAT,EAAe;AACvBhB,QAAAA,GAAG,EAAEA;AADkB,OAAf,CAAV;;AAIA,UAAImB,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;;AAED,YAAM,IAAIC,qBAAJ,CAAiB,iBAAiBpB,GAAjB,GAAuB,uCAAxC,CAAN;AACD,KAbM,CAAP;AAcD,GAnCM,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuth, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuth, issuer?: string): Promise<WellKnownResponse> {\n var authServerUri = (issuer || sdk.options.issuer);\n return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n cacheResponse: true\n });\n}\n\nexport function getKey(sdk: OktaAuth, issuer: string, kid: string): Promise<string> {\n var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n return getWellKnown(sdk, issuer)\n .then(function(wellKnown) {\n var jwksUri = wellKnown['jwks_uri'];\n\n // Check our kid against the cached version (if it exists and isn't expired)\n var cacheContents = httpCache.getStorage();\n var cachedResponse = cacheContents[jwksUri];\n if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n var cachedKey = find(cachedResponse.response.keys, {\n kid: kid\n });\n\n if (cachedKey) {\n return cachedKey;\n }\n }\n\n // Remove cache for the key\n httpCache.clearStorage(jwksUri);\n\n // Pull the latest keys if the key wasn't in the cache\n return get(sdk, jwksUri, {\n cacheResponse: true\n })\n .then(function(res) {\n var key = find(res.keys, {\n kid: kid\n });\n\n if (key) {\n return key;\n }\n\n throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n });\n });\n}\n"],"file":"well-known.js"}
1
+ {"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","clearStorage","res","key","AuthSdkError"],"mappings":";;;;;;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAA8CC,MAA9C,EAA2F;AAChG,MAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;AACA,SAAO,eAAID,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;AACnEE,IAAAA,aAAa,EAAE;AADoD,GAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBL,GAAhB,EAAwCC,MAAxC,EAAwDK,GAAxD,EAAsF;AAC3F,MAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;AAEA,SAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;AACxB,QAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;AACA,QAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;AACA,QAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;AACA,QAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;AAChE,UAAIC,SAAS,GAAG,qDAAKJ,cAAc,CAACK,QAApB,GAAmC;AACjDf,QAAAA,GAAG,EAAEA;AAD4C,OAAnC,CAAhB;;AAIA,UAAIc,SAAJ,EAAe;AACb,eAAOA,SAAP;AACD;AACF,KAduB,CAgBxB;;;AACAb,IAAAA,SAAS,CAACe,YAAV,CAAuBT,OAAvB,EAjBwB,CAmBxB;;AACA,WAAO,eAAIb,GAAJ,EAASa,OAAT,EAAkB;AACvBT,MAAAA,aAAa,EAAE;AADQ,KAAlB,EAGNO,IAHM,CAGD,UAASY,GAAT,EAAc;AAClB,UAAIC,GAAG,GAAG,qDAAKD,GAAL,GAAe;AACvBjB,QAAAA,GAAG,EAAEA;AADkB,OAAf,CAAV;;AAIA,UAAIkB,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;;AAED,YAAM,IAAIC,qBAAJ,CAAiB,iBAAiBnB,GAAjB,GAAuB,uCAAxC,CAAN;AACD,KAbM,CAAP;AAcD,GAnCM,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthInterface, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthInterface, issuer?: string): Promise<WellKnownResponse> {\n var authServerUri = (issuer || sdk.options.issuer);\n return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n cacheResponse: true\n });\n}\n\nexport function getKey(sdk: OktaAuthInterface, issuer: string, kid: string): Promise<string> {\n var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n return getWellKnown(sdk, issuer)\n .then(function(wellKnown) {\n var jwksUri = wellKnown['jwks_uri'];\n\n // Check our kid against the cached version (if it exists and isn't expired)\n var cacheContents = httpCache.getStorage();\n var cachedResponse = cacheContents[jwksUri];\n if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n var cachedKey = find(cachedResponse.response.keys, {\n kid: kid\n });\n\n if (cachedKey) {\n return cachedKey;\n }\n }\n\n // Remove cache for the key\n httpCache.clearStorage(jwksUri);\n\n // Pull the latest keys if the key wasn't in the cache\n return get(sdk, jwksUri, {\n cacheResponse: true\n })\n .then(function(res) {\n var key = find(res.keys, {\n kid: kid\n });\n\n if (key) {\n return key;\n }\n\n throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n });\n });\n}\n"],"file":"well-known.js"}
package/cjs/oidc/exchangeCodeForTokens.js CHANGED
@@ -1,8 +1,12 @@
1
1
  "use strict";
2
2
 
3
+ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
+
3
5
  exports.exchangeCodeForTokens = exchangeCodeForTokens;
4
6
 
5
- var _oidc = require("../oidc");
7
+ var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
8
+
9
+ var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
6
10
 
7
11
  var _util = require("./util");
8
12
 
@@ -12,6 +16,8 @@ var _token = require("./endpoints/token");
12
16
 
13
17
  var _handleOAuthResponse = require("./handleOAuthResponse");
14
18
 
19
+ /* eslint-disable @typescript-eslint/no-non-null-assertion */
20
+
15
21
  /* eslint-disable max-len */
16
22
 
17
23
  /*!
@@ -28,9 +34,9 @@ var _handleOAuthResponse = require("./handleOAuthResponse");
28
34
  */
29
35
  // codeVerifier is required. May pass either an authorizationCode or interactionCode
30
36
  function exchangeCodeForTokens(sdk, tokenParams, urls) {
31
- urls = urls || (0, _oidc.getOAuthUrls)(sdk, tokenParams); // build params using defaults + options
37
+ urls = urls || (0, _util.getOAuthUrls)(sdk, tokenParams); // build params using defaults + options
32
38
 
33
- tokenParams = Object.assign({}, (0, _util.getDefaultTokenParams)(sdk), (0, _util2.clone)(tokenParams));
39
+ tokenParams = (0, _assign.default)({}, (0, _util.getDefaultTokenParams)(sdk), (0, _util2.clone)(tokenParams));
34
40
  const {
35
41
  authorizationCode,
36
42
  interactionCode,
@@ -49,12 +55,14 @@ function exchangeCodeForTokens(sdk, tokenParams, urls) {
49
55
  codeVerifier
50
56
  };
51
57
  return (0, _token.postToTokenEndpoint)(sdk, getTokenOptions, urls).then(response => {
58
+ var _context;
59
+
52
60
  // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints
53
61
  // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`
54
62
  // `responseType` is used to validate that the expected tokens were returned
55
63
  const responseType = ['token']; // an accessToken will always be returned
56
64
 
57
- if (scopes.indexOf('openid') !== -1) {
65
+ if ((0, _indexOf.default)(_context = scopes).call(_context, 'openid') !== -1) {
58
66
  responseType.push('id_token'); // an idToken will be returned if "openid" is in the scopes
59
67
  }
60
68
 
package/cjs/oidc/exchangeCodeForTokens.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","Object","assign","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","indexOf","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":";;;;AAaA;;AAEA;;AACA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAA8CC,WAA9C,EAAwEC,IAAxE,EAAmH;AACxHA,EAAAA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADwH,CAExH;;AACAA,EAAAA,WAAW,GAAGE,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,iCAAsBJ,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;AAEA,QAAM;AACJI,IAAAA,iBADI;AAEJC,IAAAA,eAFI;AAGJC,IAAAA,YAHI;AAIJC,IAAAA,QAJI;AAKJC,IAAAA,WALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,eAPI;AAQJC,IAAAA;AARI,MASFX,WATJ;AAWA,MAAIY,eAAe,GAAG;AACpBL,IAAAA,QADoB;AAEpBC,IAAAA,WAFoB;AAGpBJ,IAAAA,iBAHoB;AAIpBC,IAAAA,eAJoB;AAKpBC,IAAAA;AALoB,GAAtB;AAQA,SAAO,gCAAoBP,GAApB,EAAyBa,eAAzB,EAA0CX,IAA1C,EACJY,IADI,CACEC,QAAD,IAA6B;AAEjC;AACA;AACA;AACA,UAAMC,YAAY,GAAG,CAAC,OAAD,CAArB,CALiC,CAKD;;AAChC,QAAIN,MAAM,CAACO,OAAP,CAAe,QAAf,MAA6B,CAAC,CAAlC,EAAqC;AACnCD,MAAAA,YAAY,CAACE,IAAb,CAAkB,UAAlB,EADmC,CACJ;AAChC;;AACD,UAAMC,qBAAkC,GAAG;AACzCX,MAAAA,QADyC;AAEzCC,MAAAA,WAFyC;AAGzCC,MAAAA,MAHyC;AAIzCM,MAAAA,YAJyC;AAKzCL,MAAAA;AALyC,KAA3C;AAOA,WAAO,8CAAoBX,GAApB,EAAyBmB,qBAAzB,EAAgDJ,QAAhD,EAA0Db,IAA1D,EACJY,IADI,CACEC,QAAD,IAA6B;AACjC;AACAA,MAAAA,QAAQ,CAACK,IAAT,GAAgBf,iBAAhB;AACAU,MAAAA,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;AACA,aAAOG,QAAP;AACD,KANI,CAAP;AAOD,GAxBI,EAyBJM,OAzBI,CAyBI,MAAM;AACbrB,IAAAA,GAAG,CAACsB,kBAAJ,CAAuBC,KAAvB;AACD,GA3BI,CAAP;AA4BD","sourcesContent":["/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getOAuthUrls } from '../oidc';\nimport { CustomUrls, OAuthResponse, OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuth, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state\n } = tokenParams;\n\n var getTokenOptions = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n };\n\n return postToTokenEndpoint(sdk, getTokenOptions, urls)\n .then((response: OAuthResponse) => {\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType = ['token']; // an accessToken will always be returned\n if (scopes.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n };\n return handleOAuthResponse(sdk, handleResponseOptions, response, urls)\n .then((response: TokenResponse) => {\n // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n response.code = authorizationCode;\n response.state = state;\n return response;\n });\n })\n .finally(() => {\n sdk.transactionManager.clear();\n });\n}"],"file":"exchangeCodeForTokens.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":";;;;;;;;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAAuDC,WAAvD,EAAiFC,IAAjF,EAA4H;AACjIA,EAAAA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADiI,CAEjI;;AACAA,EAAAA,WAAW,GAAG,qBAAc,EAAd,EAAkB,iCAAsBD,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;AAEA,QAAM;AACJE,IAAAA,iBADI;AAEJC,IAAAA,eAFI;AAGJC,IAAAA,YAHI;AAIJC,IAAAA,QAJI;AAKJC,IAAAA,WALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,eAPI;AAQJC,IAAAA;AARI,MASFT,WATJ;AAWA,MAAIU,eAAe,GAAG;AACpBL,IAAAA,QADoB;AAEpBC,IAAAA,WAFoB;AAGpBJ,IAAAA,iBAHoB;AAIpBC,IAAAA,eAJoB;AAKpBC,IAAAA;AALoB,GAAtB;AAQA,SAAO,gCAAoBL,GAApB,EAAyBW,eAAzB,EAA0CT,IAA1C,EACJU,IADI,CACEC,QAAD,IAA6B;AAAA;;AAEjC;AACA;AACA;AACA,UAAMC,YAAY,GAAG,CAAC,OAAD,CAArB,CALiC,CAKD;;AAChC,QAAI,iCAAAN,MAAM,MAAN,WAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;AACpCM,MAAAA,YAAY,CAACC,IAAb,CAAkB,UAAlB,EADoC,CACL;AAChC;;AACD,UAAMC,qBAAkC,GAAG;AACzCV,MAAAA,QADyC;AAEzCC,MAAAA,WAFyC;AAGzCC,MAAAA,MAHyC;AAIzCM,MAAAA,YAJyC;AAKzCL,MAAAA;AALyC,KAA3C;AAOA,WAAO,8CAAoBT,GAApB,EAAyBgB,qBAAzB,EAAgDH,QAAhD,EAA0DX,IAA1D,EACJU,IADI,CACEC,QAAD,IAA6B;AACjC;AACAA,MAAAA,QAAQ,CAACI,IAAT,GAAgBd,iBAAhB;AACAU,MAAAA,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;AACA,aAAOG,QAAP;AACD,KANI,CAAP;AAOD,GAxBI,EAyBJK,OAzBI,CAyBI,MAAM;AACblB,IAAAA,GAAG,CAACmB,kBAAJ,CAAuBC,KAAvB;AACD,GA3BI,CAAP;AA4BD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OktaAuthInterface, TokenParams, TokenResponse } from '../types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state\n } = tokenParams;\n\n var getTokenOptions = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n };\n\n return postToTokenEndpoint(sdk, getTokenOptions, urls)\n .then((response: OAuthResponse) => {\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType = ['token']; // an accessToken will always be returned\n if (scopes!.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n };\n return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n .then((response: TokenResponse) => {\n // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n response.code = authorizationCode;\n response.state = state!;\n return response;\n });\n })\n .finally(() => {\n sdk.transactionManager.clear();\n });\n}"],"file":"exchangeCodeForTokens.js"}
package/cjs/oidc/getToken.js CHANGED
@@ -1,9 +1,13 @@
1
1
  "use strict";
2
2
 
3
- var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
3
+ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
4
 
5
5
  exports.getToken = getToken;
6
6
 
7
+ var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
8
+
9
+ var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
10
+
7
11
  var _util = require("./util");
8
12
 
9
13
  var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
@@ -83,7 +87,7 @@ var _handleOAuthResponse = require("./handleOAuthResponse");
83
87
  */
84
88
  function getToken(sdk, options) {
85
89
  if (arguments.length > 2) {
86
- return Promise.reject(new _AuthSdkError.default('As of version 3.0, "getToken" takes only a single set of options'));
90
+ return _promise.default.reject(new _AuthSdkError.default('As of version 3.0, "getToken" takes only a single set of options'));
87
91
  }
88
92
 
89
93
  options = options || {}; // window object cannot be serialized, save for later use
@@ -103,9 +107,9 @@ function getToken(sdk, options) {
103
107
  };
104
108
 
105
109
  if (options.sessionToken) {
106
- Object.assign(tokenParams, sessionTokenOverrides);
110
+ (0, _assign.default)(tokenParams, sessionTokenOverrides);
107
111
  } else if (options.idp) {
108
- Object.assign(tokenParams, idpOverrides);
112
+ (0, _assign.default)(tokenParams, idpOverrides);
109
113
  } // Use the query params to build the authorize url
110
114
 
111
115
 
@@ -134,7 +138,9 @@ function getToken(sdk, options) {
134
138
  return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, tokenParams, res, urls);
135
139
  }).finally(function () {
136
140
  if (document.body.contains(iframeEl)) {
137
- iframeEl.parentElement.removeChild(iframeEl);
141
+ var _iframeEl$parentEleme;
142
+
143
+ (_iframeEl$parentEleme = iframeEl.parentElement) === null || _iframeEl$parentEleme === void 0 ? void 0 : _iframeEl$parentEleme.removeChild(iframeEl);
138
144
  }
139
145
  });
140
146
 
@@ -158,7 +164,7 @@ function getToken(sdk, options) {
158
164
  } // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
159
165
 
160
166
 
161
- var popupPromise = new Promise(function (resolve, reject) {
167
+ var popupPromise = new _promise.default(function (resolve, reject) {
162
168
  var closePoller = setInterval(function () {
163
169
  if (!popupWindow || popupWindow.closed) {
164
170
  clearInterval(closePoller);
package/cjs/oidc/getToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;AAeA;;AAKA;;AAQA;;AACA;;AAEA;;AA9BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,QAAMM,WAAW,GAAGN,OAAO,CAACM,WAA5B;AACAN,EAAAA,OAAO,CAACM,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBR,GAAnB,EAAwBC,OAAxB,EACJQ,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIb,OAAO,CAACe,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIV,OAAO,CAACkB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAatB,GAAb,EAAkBU,WAAlB,CAAP;AACAW,IAAAA,QAAQ,GAAGpB,OAAO,CAACsB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBX,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuB3B,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACb,GAAG,CAACuC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIlC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACDgC,UAAAA,YAAY,GAAG,kCAAuBtC,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAItC,OAAJ,CAAY,UAAUuC,OAAV,EAAmBtC,MAAnB,EAA2B;AACxD,cAAIuC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACAgC,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,YAAAA,MAAM,CAAC4C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI5C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n PopupParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","assign","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;;;;;AAeA;;AAMA;;AASA;;AACA;;AACA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAA0CC,OAA1C,EAA8E;AACnF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CALmF,CAOnF;AACA;;AACA,QAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;AACAL,EAAAA,OAAO,CAACK,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBP,GAAnB,EAAwBC,OAAxB,EACJO,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIZ,OAAO,CAACc,YAAZ,EAA0B;AACxB,2BAAcN,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIT,OAAO,CAACe,GAAZ,EAAiB;AACtB,2BAAcP,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIG,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAanB,GAAb,EAAkBS,WAAlB,CAAP;AACAS,IAAAA,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBT,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIc,QAAJ;;AACA,QAAId,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DU,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAId,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CU,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuBxB,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBhB,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AAAA;;AACpC,qCAAAA,QAAQ,CAACM,aAAT,gFAAwBC,WAAxB,CAAoCP,QAApC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI1B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACZ,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD8B,UAAAA,YAAY,GAAG,kCAAuBnC,GAAvB,EAA4BC,OAAO,CAACwB,OAApC,EAA6ChB,WAAW,CAACiB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAIpB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACgC,QAAZ,CAAqBC,MAArB,CAA4BtB,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIuB,YAAY,GAAG,qBAAY,UAAUC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACrC,WAAD,IAAgBA,WAAW,CAACsC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA8B,UAAAA,YAAY,CACT3B,IADH,CACQ,UAAUoB,GAAV,EAAe;AACnBiB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACb,GAAD,CAAP;AACD,WAJH,EAKGkB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBhC,IADI,CACC,UAAUoB,GAAV,EAAe;AACnB,iBAAO,8CAAoB5B,GAApB,EAAyBS,WAAzB,EAAsCmB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIvB,WAAW,IAAI,CAACA,WAAW,CAACsC,MAAhC,EAAwC;AACtCtC,YAAAA,WAAW,CAAC0C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI3C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuthInterface,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthInterface, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
package/cjs/oidc/getUserInfo.js CHANGED
@@ -1,7 +1,11 @@
1
1
  "use strict";
2
2
 
3
+ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
+
3
5
  exports.getUserInfo = getUserInfo;
4
6
 
7
+ var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
8
+
5
9
  var _util = require("../util");
6
10
 
7
11
  var _errors = require("../errors");
@@ -35,11 +39,11 @@ async function getUserInfo(sdk, accessTokenObject, idTokenObject) {
35
39
  }
36
40
 
37
41
  if (!accessTokenObject || !(0, _types.isAccessToken)(accessTokenObject)) {
38
- return Promise.reject(new _errors.AuthSdkError('getUserInfo requires an access token object'));
42
+ return _promise.default.reject(new _errors.AuthSdkError('getUserInfo requires an access token object'));
39
43
  }
40
44
 
41
45
  if (!idTokenObject || !(0, _types.isIDToken)(idTokenObject)) {
42
- return Promise.reject(new _errors.AuthSdkError('getUserInfo requires an ID token object'));
46
+ return _promise.default.reject(new _errors.AuthSdkError('getUserInfo requires an ID token object'));
43
47
  }
44
48
 
45
49
  return (0, _http.httpRequest)(sdk, {
@@ -52,7 +56,7 @@ async function getUserInfo(sdk, accessTokenObject, idTokenObject) {
52
56
  return userInfo;
53
57
  }
54
58
 
55
- return Promise.reject(new _errors.AuthSdkError('getUserInfo request was rejected due to token mismatch'));
59
+ return _promise.default.reject(new _errors.AuthSdkError('getUserInfo request was rejected due to token mismatch'));
56
60
  }).catch(function (err) {
57
61
  if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {
58
62
  var authenticateHeader;
package/cjs/oidc/getUserInfo.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/getUserInfo.ts"],"names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","Promise","reject","AuthSdkError","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"mappings":";;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,iBAAhC,EAAgEC,aAAhE,EAA6G;AAClH;AACA,MAAI,CAACD,iBAAL,EAAwB;AACtBA,IAAAA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;AACD;;AACD,MAAI,CAACH,aAAL,EAAoB;AAClBA,IAAAA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;AACD;;AAED,MAAI,CAACL,iBAAD,IAAsB,CAAC,0BAAcA,iBAAd,CAA3B,EAA6D;AAC3D,WAAOM,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;AACD;;AAED,MAAI,CAACP,aAAD,IAAkB,CAAC,sBAAUA,aAAV,CAAvB,EAAiD;AAC/C,WAAOK,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;AACD;;AAED,SAAO,uBAAYT,GAAZ,EAAiB;AACtBU,IAAAA,GAAG,EAAET,iBAAiB,CAACU,WADD;AAEtBC,IAAAA,MAAM,EAAE,KAFc;AAGtBP,IAAAA,WAAW,EAAEJ,iBAAiB,CAACI;AAHT,GAAjB,EAKJQ,IALI,CAKCC,QAAQ,IAAI;AAChB;AACA,QAAIA,QAAQ,CAACC,GAAT,KAAiBb,aAAa,CAACc,MAAd,CAAqBD,GAA1C,EAA+C;AAC7C,aAAOD,QAAP;AACD;;AACD,WAAOP,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;AACD,GAXI,EAYJQ,KAZI,CAYE,UAAUC,GAAV,EAAe;AACpB,QAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;AACjE,UAAIC,kBAAJ;;AACA,UAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,sBAAWJ,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAA3B,CAAnB,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;AACjGF,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;AACD,OAFD,MAEO,IAAI,sBAAWL,GAAG,CAACC,GAAJ,CAAQK,iBAAnB,CAAJ,EAA2C;AAChDH,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;AACD;;AACD,UAAIH,kBAAJ,EAAwB;AACtB,YAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;AACA,YAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;AACA,YAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;AACA,YAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;AACA,YAAIC,KAAK,IAAIC,gBAAb,EAA+B;AAC7BX,UAAAA,GAAG,GAAG,IAAIY,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;AACD;AACF;AACF;;AACD,UAAMX,GAAN;AACD,GA/BI,CAAP;AAgCD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken } from '../types';\n\nexport async function getUserInfo(sdk, accessTokenObject: AccessToken, idTokenObject: IDToken): Promise<UserClaims> {\n // If token objects were not passed, attempt to read from the TokenManager\n if (!accessTokenObject) {\n accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n }\n if (!idTokenObject) {\n idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n }\n\n if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n }\n\n if (!idTokenObject || !isIDToken(idTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n }\n\n return httpRequest(sdk, {\n url: accessTokenObject.userinfoUrl,\n method: 'GET',\n accessToken: accessTokenObject.accessToken\n })\n .then(userInfo => {\n // Only return the userinfo response if subjects match to mitigate token substitution attacks\n if (userInfo.sub === idTokenObject.claims.sub) {\n return userInfo;\n }\n return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n })\n .catch(function (err) {\n if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n var authenticateHeader;\n if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n } else if (isFunction(err.xhr.getResponseHeader)) {\n authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n }\n if (authenticateHeader) {\n var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n var error = errorMatches[1];\n var errorDescription = errorDescriptionMatches[1];\n if (error && errorDescription) {\n err = new OAuthError(error, errorDescription);\n }\n }\n }\n throw err;\n });\n}\n"],"file":"getUserInfo.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/getUserInfo.ts"],"names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","reject","AuthSdkError","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,iBAAhC,EAAgEC,aAAhE,EAA6G;AAClH;AACA,MAAI,CAACD,iBAAL,EAAwB;AACtBA,IAAAA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;AACD;;AACD,MAAI,CAACH,aAAL,EAAoB;AAClBA,IAAAA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;AACD;;AAED,MAAI,CAACL,iBAAD,IAAsB,CAAC,0BAAcA,iBAAd,CAA3B,EAA6D;AAC3D,WAAO,iBAAQM,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;AACD;;AAED,MAAI,CAACN,aAAD,IAAkB,CAAC,sBAAUA,aAAV,CAAvB,EAAiD;AAC/C,WAAO,iBAAQK,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;AACD;;AAED,SAAO,uBAAYR,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAER,iBAAiB,CAACS,WADD;AAEtBC,IAAAA,MAAM,EAAE,KAFc;AAGtBN,IAAAA,WAAW,EAAEJ,iBAAiB,CAACI;AAHT,GAAjB,EAKJO,IALI,CAKCC,QAAQ,IAAI;AAChB;AACA,QAAIA,QAAQ,CAACC,GAAT,KAAiBZ,aAAa,CAACa,MAAd,CAAqBD,GAA1C,EAA+C;AAC7C,aAAOD,QAAP;AACD;;AACD,WAAO,iBAAQN,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;AACD,GAXI,EAYJQ,KAZI,CAYE,UAAUC,GAAV,EAAe;AACpB,QAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;AACjE,UAAIC,kBAAJ;;AACA,UAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,sBAAWJ,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAA3B,CAAnB,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;AACjGF,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;AACD,OAFD,MAEO,IAAI,sBAAWL,GAAG,CAACC,GAAJ,CAAQK,iBAAnB,CAAJ,EAA2C;AAChDH,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;AACD;;AACD,UAAIH,kBAAJ,EAAwB;AACtB,YAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;AACA,YAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;AACA,YAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;AACA,YAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;AACA,YAAIC,KAAK,IAAIC,gBAAb,EAA+B;AAC7BX,UAAAA,GAAG,GAAG,IAAIY,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;AACD;AACF;AACF;;AACD,UAAMX,GAAN;AACD,GA/BI,CAAP;AAgCD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken } from '../types';\n\nexport async function getUserInfo(sdk, accessTokenObject: AccessToken, idTokenObject: IDToken): Promise<UserClaims> {\n // If token objects were not passed, attempt to read from the TokenManager\n if (!accessTokenObject) {\n accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n }\n if (!idTokenObject) {\n idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n }\n\n if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n }\n\n if (!idTokenObject || !isIDToken(idTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n }\n\n return httpRequest(sdk, {\n url: accessTokenObject.userinfoUrl,\n method: 'GET',\n accessToken: accessTokenObject.accessToken\n })\n .then(userInfo => {\n // Only return the userinfo response if subjects match to mitigate token substitution attacks\n if (userInfo.sub === idTokenObject.claims.sub) {\n return userInfo;\n }\n return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n })\n .catch(function (err) {\n if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n var authenticateHeader;\n if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n } else if (isFunction(err.xhr.getResponseHeader)) {\n authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n }\n if (authenticateHeader) {\n var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n var error = errorMatches[1];\n var errorDescription = errorDescriptionMatches[1];\n if (error && errorDescription) {\n err = new OAuthError(error, errorDescription);\n }\n }\n }\n throw err;\n });\n}\n"],"file":"getUserInfo.js"}
package/cjs/oidc/getWithPopup.js CHANGED
@@ -1,7 +1,13 @@
1
1
  "use strict";
2
2
 
3
+ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
+
3
5
  exports.getWithPopup = getWithPopup;
4
6
 
7
+ var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
8
+
9
+ var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
10
+
5
11
  var _errors = require("../errors");
6
12
 
7
13
  var _util = require("../util");
@@ -24,7 +30,7 @@ var _util2 = require("./util");
24
30
  */
25
31
  function getWithPopup(sdk, options) {
26
32
  if (arguments.length > 2) {
27
- return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
33
+ return _promise.default.reject(new _errors.AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
28
34
  } // some browsers (safari, firefox) block popup if it's initialed from an async process
29
35
  // here we create the popup window immediately after user interaction
30
36
  // then redirect to the /authorize endpoint when the requestUrl is available
@@ -32,7 +38,7 @@ function getWithPopup(sdk, options) {
32
38
 
33
39
  const popupWindow = (0, _util2.loadPopup)('/', options);
34
40
  options = (0, _util.clone)(options) || {};
35
- Object.assign(options, {
41
+ (0, _assign.default)(options, {
36
42
  display: 'popup',
37
43
  responseMode: 'okta_post_message',
38
44
  popupWindow
package/cjs/oidc/getWithPopup.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","Object","assign","display","responseMode"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHuF,CAKxF;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeN,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACAO,EAAAA,MAAM,CAACC,MAAP,CAAcR,OAAd,EAAuB;AACrBS,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBJ,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASP,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","display","responseMode"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAA8CC,OAA9C,EAA4F;AACjG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHgG,CAKjG;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeL,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBM,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBF,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASN,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthInterface, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
package/cjs/oidc/getWithRedirect.js CHANGED
@@ -1,7 +1,11 @@
1
1
  "use strict";
2
2
 
3
+ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
+
3
5
  exports.getWithRedirect = getWithRedirect;
4
6
 
7
+ var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
8
+
5
9
  var _errors = require("../errors");
6
10
 
7
11
  var _util = require("../util");
@@ -10,6 +14,8 @@ var _util2 = require("./util");
10
14
 
11
15
  var _authorize = require("./endpoints/authorize");
12
16
 
17
+ /* eslint-disable @typescript-eslint/no-non-null-assertion */
18
+
13
19
  /*!
14
20
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
15
21
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -22,48 +28,19 @@ var _authorize = require("./endpoints/authorize");
22
28
  * See the License for the specific language governing permissions and limitations under the License.
23
29
  *
24
30
  */
25
- function getWithRedirect(sdk, options) {
31
+ async function getWithRedirect(sdk, options) {
26
32
  if (arguments.length > 2) {
27
- return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithRedirect" takes only a single set of options'));
33
+ return _promise.default.reject(new _errors.AuthSdkError('As of version 3.0, "getWithRedirect" takes only a single set of options'));
28
34
  }
29
35
 
30
36
  options = (0, _util.clone)(options) || {};
31
- return (0, _util2.prepareTokenParams)(sdk, options).then(function (tokenParams) {
32
- const urls = (0, _util2.getOAuthUrls)(sdk, options);
33
- const requestUrl = urls.authorizeUrl + (0, _authorize.buildAuthorizeParams)(tokenParams);
34
- const issuer = sdk.options.issuer; // Gather the values we want to save in the transaction
35
-
36
- const {
37
- responseType,
38
- state,
39
- nonce,
40
- scopes,
41
- clientId,
42
- ignoreSignature,
43
- redirectUri,
44
- codeVerifier,
45
- codeChallenge,
46
- codeChallengeMethod
47
- } = tokenParams;
48
- const oauthMeta = {
49
- issuer,
50
- responseType,
51
- state,
52
- nonce,
53
- scopes,
54
- clientId,
55
- urls,
56
- ignoreSignature,
57
- redirectUri,
58
- codeVerifier,
59
- codeChallenge,
60
- codeChallengeMethod
61
- };
62
- sdk.transactionManager.save(oauthMeta, {
63
- oauth: true
64
- });
65
-
66
- sdk.token.getWithRedirect._setLocation(requestUrl);
37
+ const tokenParams = await (0, _util2.prepareTokenParams)(sdk, options);
38
+ const meta = (0, _util2.createOAuthMeta)(sdk, tokenParams);
39
+ const requestUrl = meta.urls.authorizeUrl + (0, _authorize.buildAuthorizeParams)(tokenParams);
40
+ sdk.transactionManager.save(meta, {
41
+ oauth: true
67
42
  });
43
+
44
+ sdk.token.getWithRedirect._setLocation(requestUrl);
68
45
  }
69
46
  //# sourceMappingURL=getWithRedirect.js.map
package/cjs/oidc/getWithRedirect.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,SAAO,+BAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,UAAMC,IAAI,GAAG,yBAAaT,GAAb,EAAkBC,OAAlB,CAAb;AACA,UAAMS,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoB,qCAAqBH,WAArB,CAAvC;AACA,UAAMI,MAAM,GAAGZ,GAAG,CAACC,OAAJ,CAAYW,MAA3B,CAHwC,CAKxC;;AACA,UAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ;AAaA,UAAMe,SAA0B,GAAG;AACjCX,MAAAA,MADiC;AAEjCC,MAAAA,YAFiC;AAGjCC,MAAAA,KAHiC;AAIjCC,MAAAA,KAJiC;AAKjCC,MAAAA,MALiC;AAMjCC,MAAAA,QANiC;AAOjCR,MAAAA,IAPiC;AAQjCS,MAAAA,eARiC;AASjCC,MAAAA,WATiC;AAUjCC,MAAAA,YAViC;AAWjCC,MAAAA,aAXiC;AAYjCC,MAAAA;AAZiC,KAAnC;AAeAtB,IAAAA,GAAG,CAACwB,kBAAJ,CAAuBC,IAAvB,CAA4BF,SAA5B,EAAuC;AAAEG,MAAAA,KAAK,EAAE;AAAT,KAAvC;;AACA1B,IAAAA,GAAG,CAAC2B,KAAJ,CAAU5B,eAAV,CAA0B6B,YAA1B,CAAuClB,UAAvC;AACD,GArCI,CAAP;AAsCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TransactionMeta } from '../types';\nimport { clone } from '../util';\nimport { getOAuthUrls, prepareTokenParams } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function getWithRedirect(sdk: OktaAuth, options: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n const urls = getOAuthUrls(sdk, options);\n const requestUrl = urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n const issuer = sdk.options.issuer;\n\n // Gather the values we want to save in the transaction\n const {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n } = tokenParams;\n\n const oauthMeta: TransactionMeta = {\n issuer,\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n sdk.transactionManager.save(oauthMeta, { oauth: true });\n sdk.token.getWithRedirect._setLocation(requestUrl);\n });\n}\n"],"file":"getWithRedirect.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","reject","AuthSdkError","tokenParams","meta","requestUrl","urls","authorizeUrl","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAAuDC,OAAvD,EAA6F;AAClG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,QAAMK,WAAW,GAAG,MAAM,+BAAmBN,GAAnB,EAAwBC,OAAxB,CAA1B;AACA,QAAMM,IAAI,GAAG,4BAAgBP,GAAhB,EAAqBM,WAArB,CAAb;AACA,QAAME,UAAU,GAAGD,IAAI,CAACE,IAAL,CAAUC,YAAV,GAAyB,qCAAqBJ,WAArB,CAA5C;AACAN,EAAAA,GAAG,CAACW,kBAAJ,CAAuBC,IAAvB,CAA4BL,IAA5B,EAAkC;AAAEM,IAAAA,KAAK,EAAE;AAAT,GAAlC;;AACAb,EAAAA,GAAG,CAACc,KAAJ,CAAUf,eAAV,CAA0BgB,YAA1B,CAAuCP,UAAvC;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthInterface, options?: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n const tokenParams = await prepareTokenParams(sdk, options);\n const meta = createOAuthMeta(sdk, tokenParams);\n const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n sdk.transactionManager.save(meta, { oauth: true });\n sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"file":"getWithRedirect.js"}
package/cjs/oidc/getWithoutPrompt.js CHANGED
@@ -1,7 +1,13 @@
1
1
  "use strict";
2
2
 
3
+ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
+
3
5
  exports.getWithoutPrompt = getWithoutPrompt;
4
6
 
7
+ var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
8
+
9
+ var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
10
+
5
11
  var _errors = require("../errors");
6
12
 
7
13
  var _util = require("../util");
@@ -22,11 +28,11 @@ var _getToken = require("./getToken");
22
28
  */
23
29
  function getWithoutPrompt(sdk, options) {
24
30
  if (arguments.length > 2) {
25
- return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithoutPrompt" takes only a single set of options'));
31
+ return _promise.default.reject(new _errors.AuthSdkError('As of version 3.0, "getWithoutPrompt" takes only a single set of options'));
26
32
  }
27
33
 
28
34
  options = (0, _util.clone)(options) || {};
29
- Object.assign(options, {
35
+ (0, _assign.default)(options, {
30
36
  prompt: 'none',
31
37
  responseMode: 'okta_post_message',
32
38
  display: null
package/cjs/oidc/getWithoutPrompt.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"names":["getWithoutPrompt","sdk","options","arguments","length","Promise","reject","AuthSdkError","Object","assign","prompt","responseMode","display"],"mappings":";;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAyCC,OAAzC,EAAuF;AAC5F,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACAM,EAAAA,MAAM,CAACC,MAAP,CAAcP,OAAd,EAAuB;AACrBQ,IAAAA,MAAM,EAAE,MADa;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBC,IAAAA,OAAO,EAAE;AAHY,GAAvB;AAKA,SAAO,wBAASX,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n }\n \n options = clone(options) || {};\n Object.assign(options, {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n });\n return getToken(sdk, options);\n}\n\n"],"file":"getWithoutPrompt.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"names":["getWithoutPrompt","sdk","options","arguments","length","reject","AuthSdkError","prompt","responseMode","display"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAkDC,OAAlD,EAAgG;AACrG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBK,IAAAA,MAAM,EAAE,MADa;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBC,IAAAA,OAAO,EAAE;AAHY,GAAvB;AAKA,SAAO,wBAASR,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthInterface, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n }\n \n options = clone(options) || {};\n Object.assign(options, {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n });\n return getToken(sdk, options);\n}\n\n"],"file":"getWithoutPrompt.js"}