@okta/okta-auth-js 5.10.0 → 6.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +60 -0
- package/README.md +10 -6
- package/cjs/AuthStateManager.js +11 -3
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +139 -95
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/OktaUserAgent.js.map +1 -1
- package/cjs/PromiseQueue.js +11 -2
- package/cjs/PromiseQueue.js.map +1 -1
- package/cjs/SavedObject.js +4 -2
- package/cjs/SavedObject.js.map +1 -1
- package/cjs/StorageManager.js +16 -9
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TokenManager.js +38 -22
- package/cjs/TokenManager.js.map +1 -1
- package/cjs/TransactionManager.js +26 -7
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +25 -14
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/browser/fingerprint.js +12 -4
- package/cjs/browser/fingerprint.js.map +1 -1
- package/cjs/builderUtil.js +7 -19
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/clock.js +5 -1
- package/cjs/clock.js.map +1 -1
- package/cjs/crypto/base64.js +18 -0
- package/cjs/crypto/base64.js.map +1 -1
- package/cjs/crypto/index.js +6 -4
- package/cjs/crypto/index.js.map +1 -1
- package/cjs/crypto/oidcHash.js +5 -1
- package/cjs/crypto/oidcHash.js.map +1 -1
- package/cjs/crypto/webauthn.js +101 -0
- package/cjs/crypto/webauthn.js.map +1 -0
- package/cjs/crypto/webcrypto.js +3 -1
- package/cjs/crypto/webcrypto.js.map +1 -1
- package/cjs/errors/AuthApiError.js +1 -1
- package/cjs/errors/AuthPollStopError.js +1 -1
- package/cjs/errors/AuthSdkError.js +1 -1
- package/cjs/errors/CustomError.js +5 -1
- package/cjs/errors/CustomError.js.map +1 -1
- package/cjs/errors/OAuthError.js +1 -1
- package/cjs/errors/index.js +1 -1
- package/cjs/features.js +9 -3
- package/cjs/features.js.map +1 -1
- package/cjs/fetch/fetchRequest.js +19 -6
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/headers.js.map +1 -1
- package/cjs/http/index.js +4 -2
- package/cjs/http/index.js.map +1 -1
- package/cjs/http/request.js +11 -5
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/authenticate.js +8 -5
- package/cjs/idx/authenticate.js.map +1 -1
- package/cjs/idx/authenticator/Authenticator.js.map +1 -1
- package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +1 -1
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionVerification.js +2 -1
- package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +2 -2
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/WebauthnEnrollment.js +46 -0
- package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -0
- package/cjs/idx/authenticator/WebauthnVerification.js +55 -0
- package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -0
- package/cjs/idx/authenticator/getAuthenticator.js +17 -6
- package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/index.js +34 -6
- package/cjs/idx/authenticator/index.js.map +1 -1
- package/cjs/idx/cancel.js.map +1 -1
- package/cjs/idx/emailVerify.js +73 -0
- package/cjs/idx/emailVerify.js.map +1 -0
- package/cjs/idx/flow/AccountUnlockFlow.js +30 -0
- package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -0
- package/cjs/idx/flow/AuthenticationFlow.js +2 -1
- package/cjs/idx/flow/AuthenticationFlow.js.map +1 -1
- package/cjs/idx/flow/FlowSpecification.js +24 -4
- package/cjs/idx/flow/FlowSpecification.js.map +1 -1
- package/cjs/idx/flow/PasswordRecoveryFlow.js +4 -1
- package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
- package/cjs/idx/flow/RegistrationFlow.js +2 -0
- package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
- package/cjs/idx/flow/index.js +20 -5
- package/cjs/idx/flow/index.js.map +1 -1
- package/cjs/idx/handleInteractionCodeRedirect.js +6 -1
- package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
- package/cjs/idx/headers.js +21 -5
- package/cjs/idx/headers.js.map +1 -1
- package/cjs/idx/idx-js/client.js +91 -0
- package/cjs/idx/idx-js/client.js.map +1 -0
- package/cjs/idx/idx-js/index.js +162 -0
- package/cjs/idx/idx-js/index.js.map +1 -0
- package/cjs/idx/idx-js/interact.js +83 -0
- package/cjs/idx/idx-js/interact.js.map +1 -0
- package/cjs/idx/idx-js/introspect.js +58 -0
- package/cjs/idx/idx-js/introspect.js.map +1 -0
- package/cjs/idx/idx-js/parsers.js +41 -0
- package/cjs/idx/idx-js/parsers.js.map +1 -0
- package/cjs/idx/idx-js/util.js +34 -0
- package/cjs/idx/idx-js/util.js.map +1 -0
- package/cjs/idx/idx-js/v1/actionParser.js +90 -0
- package/cjs/idx/idx-js/v1/actionParser.js.map +1 -0
- package/cjs/idx/idx-js/v1/generateIdxAction.js +117 -0
- package/cjs/idx/idx-js/v1/generateIdxAction.js.map +1 -0
- package/cjs/idx/idx-js/v1/idxResponseParser.js +137 -0
- package/cjs/idx/idx-js/v1/idxResponseParser.js.map +1 -0
- package/cjs/idx/idx-js/v1/makeIdxState.js +64 -0
- package/cjs/idx/idx-js/v1/makeIdxState.js.map +1 -0
- package/cjs/idx/idx-js/v1/parsers.js +24 -0
- package/cjs/idx/idx-js/v1/parsers.js.map +1 -0
- package/cjs/idx/idx-js/v1/remediationParser.js +32 -0
- package/cjs/idx/idx-js/v1/remediationParser.js.map +1 -0
- package/cjs/idx/index.js +121 -109
- package/cjs/idx/index.js.map +1 -1
- package/cjs/idx/interact.js +53 -36
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +17 -19
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/poll.js +13 -3
- package/cjs/idx/poll.js.map +1 -1
- package/cjs/idx/proceed.js +4 -7
- package/cjs/idx/proceed.js.map +1 -1
- package/cjs/idx/recoverPassword.js +1 -1
- package/cjs/idx/recoverPassword.js.map +1 -1
- package/cjs/idx/register.js +11 -16
- package/cjs/idx/register.js.map +1 -1
- package/cjs/idx/remediate.js +74 -27
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +12 -4
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js +13 -7
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +31 -13
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +67 -31
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +46 -30
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +16 -4
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengeAuthenticator.js +2 -2
- package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengePoll.js +2 -2
- package/cjs/idx/remediators/EnrollAuthenticator.js +2 -2
- package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollPoll.js +18 -9
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +24 -9
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js +96 -0
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -0
- package/cjs/idx/remediators/Identify.js +5 -3
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +6 -3
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/RedirectIdp.js +2 -2
- package/cjs/idx/remediators/ResetAuthenticator.js +2 -2
- package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +7 -5
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js +2 -2
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +72 -0
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -0
- package/cjs/idx/remediators/SelectEnrollProfile.js +2 -2
- package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollmentChannel.js +86 -0
- package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -0
- package/cjs/idx/remediators/Skip.js +5 -3
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/remediators/index.js +57 -16
- package/cjs/idx/remediators/index.js.map +1 -1
- package/cjs/idx/remediators/util.js +18 -3
- package/cjs/idx/remediators/util.js.map +1 -1
- package/cjs/idx/run.js +139 -49
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/startTransaction.js +4 -2
- package/cjs/idx/startTransaction.js.map +1 -1
- package/cjs/idx/transactionMeta.js +82 -69
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +59 -7
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/idx/unlockAccount.js +48 -0
- package/cjs/idx/unlockAccount.js.map +1 -0
- package/cjs/index.js +33 -13
- package/cjs/index.js.map +1 -1
- package/cjs/oidc/endpoints/authorize.js +10 -2
- package/cjs/oidc/endpoints/authorize.js.map +1 -1
- package/cjs/oidc/endpoints/index.js +5 -3
- package/cjs/oidc/endpoints/index.js.map +1 -1
- package/cjs/oidc/endpoints/token.js +16 -3
- package/cjs/oidc/endpoints/token.js.map +1 -1
- package/cjs/oidc/endpoints/well-known.js +7 -3
- package/cjs/oidc/endpoints/well-known.js.map +1 -1
- package/cjs/oidc/exchangeCodeForTokens.js +12 -4
- package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
- package/cjs/oidc/getToken.js +12 -6
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getUserInfo.js +7 -3
- package/cjs/oidc/getUserInfo.js.map +1 -1
- package/cjs/oidc/getWithPopup.js +8 -2
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +15 -38
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/getWithoutPrompt.js +8 -2
- package/cjs/oidc/getWithoutPrompt.js.map +1 -1
- package/cjs/oidc/handleOAuthResponse.js +87 -87
- package/cjs/oidc/handleOAuthResponse.js.map +1 -1
- package/cjs/oidc/index.js +4 -2
- package/cjs/oidc/index.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js +9 -3
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewToken.js.map +1 -1
- package/cjs/oidc/renewTokens.js +6 -2
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/renewTokensWithRefresh.js +5 -1
- package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
- package/cjs/oidc/revokeToken.js +34 -31
- package/cjs/oidc/revokeToken.js.map +1 -1
- package/cjs/oidc/util/browser.js +5 -1
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
- package/cjs/oidc/util/errors.js.map +1 -1
- package/cjs/oidc/util/index.js +27 -11
- package/cjs/oidc/util/index.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +10 -1
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/oauth.js +4 -2
- package/cjs/oidc/util/oauth.js.map +1 -1
- package/cjs/oidc/util/oauthMeta.js +36 -0
- package/cjs/oidc/util/oauthMeta.js.map +1 -0
- package/cjs/oidc/util/pkce.js +11 -3
- package/cjs/oidc/util/pkce.js.map +1 -1
- package/cjs/oidc/util/prepareTokenParams.js +62 -39
- package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +3 -1
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/oidc/verifyToken.js +13 -4
- package/cjs/oidc/verifyToken.js.map +1 -1
- package/cjs/options.js +12 -6
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +2 -1
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/services/TokenService.js +3 -0
- package/cjs/services/TokenService.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +18 -9
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/TransactionState.js +0 -17
- package/cjs/tx/TransactionState.js.map +1 -1
- package/cjs/tx/api.js +11 -6
- package/cjs/tx/api.js.map +1 -1
- package/cjs/tx/index.js +7 -5
- package/cjs/tx/index.js.map +1 -1
- package/cjs/tx/poll.js +6 -4
- package/cjs/tx/poll.js.map +1 -1
- package/cjs/tx/util.js +5 -1
- package/cjs/tx/util.js.map +1 -1
- package/cjs/types/Transaction.js +10 -2
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/types/index.js +16 -14
- package/cjs/types/index.js.map +1 -1
- package/cjs/util/index.js +7 -18
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/misc.js +5 -1
- package/cjs/util/misc.js.map +1 -1
- package/cjs/util/object.js +16 -6
- package/cjs/util/object.js.map +1 -1
- package/cjs/util/sharedStorage.js +5 -1
- package/cjs/util/sharedStorage.js.map +1 -1
- package/cjs/util/url.js.map +1 -1
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.LICENSE.txt +0 -12
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.polyfill.js +1 -1
- package/dist/okta-auth-js.polyfill.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.LICENSE.txt +0 -12
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/index.js +2758 -957
- package/esm/index.js.map +1 -1
- package/lib/AuthStateManager.d.ts +1 -2
- package/lib/OktaAuth.d.ts +10 -13
- package/lib/StorageManager.d.ts +2 -2
- package/lib/TokenManager.d.ts +4 -4
- package/lib/TransactionManager.d.ts +4 -3
- package/lib/browser/fingerprint.d.ts +2 -3
- package/lib/builderUtil.d.ts +1 -2
- package/lib/crypto/base64.d.ts +2 -0
- package/lib/crypto/browser.d.ts +1 -1
- package/lib/crypto/webauthn.d.ts +25 -0
- package/lib/features.d.ts +1 -1
- package/lib/http/headers.d.ts +2 -2
- package/lib/http/request.d.ts +4 -4
- package/lib/idx/authenticate.d.ts +2 -2
- package/lib/idx/authenticator/Authenticator.d.ts +4 -5
- package/lib/idx/authenticator/OktaPassword.d.ts +7 -9
- package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +9 -8
- package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +7 -7
- package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +6 -2
- package/lib/idx/authenticator/WebauthnEnrollment.d.ts +16 -0
- package/lib/idx/authenticator/WebauthnVerification.d.ts +17 -0
- package/lib/idx/authenticator/getAuthenticator.d.ts +1 -1
- package/lib/idx/authenticator/index.d.ts +9 -0
- package/lib/idx/cancel.d.ts +2 -2
- package/lib/idx/emailVerify.d.ts +26 -0
- package/lib/{util/emailVerify.d.ts → idx/flow/AccountUnlockFlow.d.ts} +2 -6
- package/lib/idx/flow/FlowSpecification.d.ts +3 -2
- package/lib/idx/flow/index.d.ts +1 -0
- package/lib/idx/headers.d.ts +3 -2
- package/lib/idx/idx-js/client.d.ts +36 -0
- package/lib/idx/idx-js/index.d.ts +51 -0
- package/lib/idx/idx-js/interact.d.ts +25 -0
- package/lib/idx/idx-js/introspect.d.ts +20 -0
- package/lib/idx/idx-js/parsers.d.ts +15 -0
- package/lib/idx/idx-js/util.d.ts +12 -0
- package/lib/idx/idx-js/v1/actionParser.d.ts +16 -0
- package/lib/idx/idx-js/v1/generateIdxAction.d.ts +13 -0
- package/lib/idx/idx-js/v1/idxResponseParser.d.ts +20 -0
- package/lib/idx/idx-js/v1/makeIdxState.d.ts +13 -0
- package/lib/idx/idx-js/v1/parsers.d.ts +16 -0
- package/lib/idx/idx-js/v1/remediationParser.d.ts +12 -0
- package/lib/idx/index.d.ts +12 -10
- package/lib/idx/interact.d.ts +7 -13
- package/lib/idx/introspect.d.ts +4 -3
- package/lib/idx/poll.d.ts +2 -2
- package/lib/idx/proceed.d.ts +8 -5
- package/lib/idx/recoverPassword.d.ts +2 -2
- package/lib/idx/register.d.ts +2 -2
- package/lib/idx/remediate.d.ts +10 -4
- package/lib/idx/remediators/AuthenticatorEnrollmentData.d.ts +3 -3
- package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +3 -3
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +8 -7
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +10 -7
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +8 -12
- package/lib/idx/remediators/EnrollPoll.d.ts +1 -1
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -1
- package/lib/idx/remediators/EnrollmentChannelData.d.ts +54 -0
- package/lib/idx/remediators/Identify.d.ts +2 -2
- package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -2
- package/lib/idx/remediators/RedirectIdp.d.ts +3 -3
- package/lib/idx/remediators/SelectAuthenticatorUnlockAccount.d.ts +38 -0
- package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +40 -0
- package/lib/idx/remediators/index.d.ts +3 -0
- package/lib/idx/remediators/util.d.ts +2 -2
- package/lib/idx/run.d.ts +5 -3
- package/lib/idx/startTransaction.d.ts +3 -2
- package/lib/idx/transactionMeta.d.ts +10 -31
- package/lib/idx/types/FlowIdentifier.d.ts +1 -1
- package/lib/idx/types/idx-js.d.ts +44 -1
- package/lib/idx/types/index.d.ts +36 -9
- package/lib/idx/unlockAccount.d.ts +15 -0
- package/lib/index.d.ts +1 -0
- package/lib/oidc/endpoints/well-known.d.ts +3 -3
- package/lib/oidc/exchangeCodeForTokens.d.ts +14 -2
- package/lib/oidc/getToken.d.ts +2 -2
- package/lib/oidc/getWithPopup.d.ts +2 -2
- package/lib/oidc/getWithRedirect.d.ts +2 -2
- package/lib/oidc/getWithoutPrompt.d.ts +2 -2
- package/lib/oidc/handleOAuthResponse.d.ts +2 -2
- package/lib/oidc/parseFromUrl.d.ts +1 -1
- package/lib/oidc/renewToken.d.ts +2 -2
- package/lib/oidc/renewTokens.d.ts +1 -1
- package/lib/oidc/renewTokensWithRefresh.d.ts +2 -2
- package/lib/oidc/revokeToken.d.ts +2 -2
- package/lib/oidc/util/browser.d.ts +3 -3
- package/lib/oidc/util/defaultTokenParams.d.ts +2 -2
- package/lib/oidc/util/errors.d.ts +2 -2
- package/lib/oidc/util/index.d.ts +1 -0
- package/lib/oidc/util/loginRedirect.d.ts +4 -4
- package/lib/oidc/util/oauth.d.ts +4 -11
- package/lib/oidc/util/oauthMeta.d.ts +2 -0
- package/lib/oidc/util/prepareTokenParams.d.ts +5 -2
- package/lib/oidc/util/validateClaims.d.ts +2 -2
- package/lib/oidc/verifyToken.d.ts +2 -2
- package/lib/server/serverStorage.d.ts +1 -1
- package/lib/services/TokenService.d.ts +2 -2
- package/lib/tx/AuthTransaction.d.ts +2 -2
- package/lib/tx/TransactionState.d.ts +11 -1
- package/lib/tx/api.d.ts +6 -6
- package/lib/types/OktaAuthOptions.d.ts +6 -8
- package/lib/types/Storage.d.ts +3 -3
- package/lib/types/Transaction.d.ts +10 -7
- package/lib/types/UserClaims.d.ts +3 -3
- package/lib/types/api.d.ts +44 -20
- package/lib/types/index.d.ts +0 -1
- package/lib/util/console.d.ts +1 -1
- package/lib/util/index.d.ts +0 -1
- package/lib/util/sharedStorage.d.ts +1 -1
- package/lib/util/types.d.ts +1 -1
- package/lib/util/url.d.ts +2 -2
- package/package.json +10 -7
- package/polyfill/index.js +1 -0
- package/cjs/util/emailVerify.js +0 -28
- package/cjs/util/emailVerify.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","creds","headers"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAmDC,KAAnD,EAAwF;AAAA;;AAC7F,MAAIC,WAAW,GAAG,EAAlB;AACA,MAAIC,YAAY,GAAG,EAAnB;;AACA,MAAIF,KAAJ,EAAW;AACPC,IAAAA,WAAW,GAAID,KAAD,CAAuBC,WAArC;AACAC,IAAAA,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;AACH;;AACD,MAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;AAChC,UAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,MAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;AACA,MAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;AACA,MAAI,CAACF,QAAL,EAAe;AACb,UAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;AACD,GAd4F,CAe7F;;;AACA,MAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;AACA,MAAIC,IAAI,GAAG,wDAAc;AACvB;AACAC,IAAAA,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;AAGvBF,IAAAA,KAAK,EAAEE,YAAY,IAAID;AAHA,GAAd,kBAIF,CAJE,CAAX;AAKA,MAAIS,KAAK,GAAGJ,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;AACA,SAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;AAChCG,IAAAA,OAAO,EAAE;AACP,sBAAgB,mCADT;AAEP,uBAAiB,WAAWD;AAFrB;AADuB,GAA3B,CAAP;AAMD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n OktaAuthInterface,\n RevocableToken,\n AccessToken,\n RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthInterface, token: RevocableToken): Promise<any> {\n let accessToken = '';\n let refreshToken = '';\n if (token) { \n accessToken = (token as AccessToken).accessToken;\n refreshToken = (token as RefreshToken).refreshToken; \n }\n if(!accessToken && !refreshToken) { \n throw new AuthSdkError('A valid access or refresh token object is required');\n }\n var clientId = sdk.options.clientId;\n var clientSecret = sdk.options.clientSecret;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n }\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n var args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n token: refreshToken || accessToken,\n }).slice(1);\n var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n return post(sdk, revokeUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + creds\n }\n });\n}\n"],"file":"revokeToken.js"}
|
package/cjs/oidc/util/browser.js
CHANGED
|
@@ -1,11 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.addListener = addListener;
|
|
4
6
|
exports.removeListener = removeListener;
|
|
5
7
|
exports.loadFrame = loadFrame;
|
|
6
8
|
exports.loadPopup = loadPopup;
|
|
7
9
|
exports.addPostMessageListener = addPostMessageListener;
|
|
8
10
|
|
|
11
|
+
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
12
|
+
|
|
9
13
|
var _errors = require("../../errors");
|
|
10
14
|
|
|
11
15
|
/*!
|
|
@@ -56,7 +60,7 @@ function loadPopup(src, options) {
|
|
|
56
60
|
function addPostMessageListener(sdk, timeout, state) {
|
|
57
61
|
var responseHandler;
|
|
58
62
|
var timeoutId;
|
|
59
|
-
var msgReceivedOrTimeout = new
|
|
63
|
+
var msgReceivedOrTimeout = new _promise.default(function (resolve, reject) {
|
|
60
64
|
responseHandler = function responseHandler(e) {
|
|
61
65
|
if (!e.data || e.data.state !== state) {
|
|
62
66
|
// A message not meant for us
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"mappings":";;;;;;;;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAIO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;;AAEM,SAASG,sBAAT,CAAgCC,GAAhC,EAAwDC,OAAxD,EAAiEC,KAAjE,EAAwE;AAC7E,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,qBAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEJ,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBK,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOP,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIM,CAAC,CAACE,MAAF,KAAaV,GAAG,CAACW,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDN,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBAnC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGS,UAAU,CAAC,YAAY;AACjCN,MAAAA,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnBX,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBS,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACX,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthInterface } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle || 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuthInterface, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data || e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || 120000);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n"],"file":"browser.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAAoE;AACzE,QAAM;AACJC,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA;AARI,MASFR,GAAG,CAACS,OATR;AAUA,QAAMC,kBAAkB,GAAG,6BAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;AACA,SAAO,sBAAW;AAChBb,IAAAA,IADgB;AAEhBC,IAAAA,QAFgB;AAGhBC,IAAAA,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;AAIhBN,IAAAA,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;AAKhBC,IAAAA,YALgB;AAMhBE,IAAAA,KAAK,EAAEA,KAAK,IAAI,2BANA;AAOhBQ,IAAAA,KAAK,EAAE,2BAPS;AAQhBT,IAAAA,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;AAShBE,IAAAA;AATgB,GAAX,CAAP;AAWD","sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthInterface, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n ignoreSignature\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseType: responseType || ['token', 'id_token'],\n responseMode,\n state: state || generateState(),\n nonce: generateNonce(),\n scopes: scopes || ['openid', 'email'],\n ignoreSignature\n });\n}"],"file":"defaultTokenParams.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,QAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,QAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAA0DL,KAA1D,EAAwE;AAC7E,MAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;AACjC,WAAO,KAAP;AACD;;AACD,QAAMK,YAAY,GAAGN,KAArB,CAJ6E,CAK7E;;AACA,QAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;AACA,QAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;AACA,SAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthInterface } from '../../types';\nimport { OAuthError, AuthApiError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n"],"file":"errors.js"}
|
package/cjs/oidc/util/index.js
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var _Object$keys = require("@babel/runtime-corejs3/core-js-stable/object/keys");
|
|
4
|
+
|
|
5
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
6
|
|
|
5
7
|
var _exportNames = {
|
|
6
8
|
pkce: true
|
|
@@ -14,7 +16,7 @@ Object.defineProperty(exports, "pkce", {
|
|
|
14
16
|
|
|
15
17
|
var _browser = require("./browser");
|
|
16
18
|
|
|
17
|
-
|
|
19
|
+
_Object$keys(_browser).forEach(function (key) {
|
|
18
20
|
if (key === "default" || key === "__esModule") return;
|
|
19
21
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
20
22
|
if (key in exports && exports[key] === _browser[key]) return;
|
|
@@ -28,7 +30,7 @@ Object.keys(_browser).forEach(function (key) {
|
|
|
28
30
|
|
|
29
31
|
var _defaultTokenParams = require("./defaultTokenParams");
|
|
30
32
|
|
|
31
|
-
|
|
33
|
+
_Object$keys(_defaultTokenParams).forEach(function (key) {
|
|
32
34
|
if (key === "default" || key === "__esModule") return;
|
|
33
35
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
34
36
|
if (key in exports && exports[key] === _defaultTokenParams[key]) return;
|
|
@@ -42,7 +44,7 @@ Object.keys(_defaultTokenParams).forEach(function (key) {
|
|
|
42
44
|
|
|
43
45
|
var _errors = require("./errors");
|
|
44
46
|
|
|
45
|
-
|
|
47
|
+
_Object$keys(_errors).forEach(function (key) {
|
|
46
48
|
if (key === "default" || key === "__esModule") return;
|
|
47
49
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
48
50
|
if (key in exports && exports[key] === _errors[key]) return;
|
|
@@ -56,7 +58,7 @@ Object.keys(_errors).forEach(function (key) {
|
|
|
56
58
|
|
|
57
59
|
var _loginRedirect = require("./loginRedirect");
|
|
58
60
|
|
|
59
|
-
|
|
61
|
+
_Object$keys(_loginRedirect).forEach(function (key) {
|
|
60
62
|
if (key === "default" || key === "__esModule") return;
|
|
61
63
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
62
64
|
if (key in exports && exports[key] === _loginRedirect[key]) return;
|
|
@@ -70,7 +72,7 @@ Object.keys(_loginRedirect).forEach(function (key) {
|
|
|
70
72
|
|
|
71
73
|
var _oauth = require("./oauth");
|
|
72
74
|
|
|
73
|
-
|
|
75
|
+
_Object$keys(_oauth).forEach(function (key) {
|
|
74
76
|
if (key === "default" || key === "__esModule") return;
|
|
75
77
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
76
78
|
if (key in exports && exports[key] === _oauth[key]) return;
|
|
@@ -82,11 +84,25 @@ Object.keys(_oauth).forEach(function (key) {
|
|
|
82
84
|
});
|
|
83
85
|
});
|
|
84
86
|
|
|
87
|
+
var _oauthMeta = require("./oauthMeta");
|
|
88
|
+
|
|
89
|
+
_Object$keys(_oauthMeta).forEach(function (key) {
|
|
90
|
+
if (key === "default" || key === "__esModule") return;
|
|
91
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
92
|
+
if (key in exports && exports[key] === _oauthMeta[key]) return;
|
|
93
|
+
Object.defineProperty(exports, key, {
|
|
94
|
+
enumerable: true,
|
|
95
|
+
get: function () {
|
|
96
|
+
return _oauthMeta[key];
|
|
97
|
+
}
|
|
98
|
+
});
|
|
99
|
+
});
|
|
100
|
+
|
|
85
101
|
var _pkce = _interopRequireDefault(require("./pkce"));
|
|
86
102
|
|
|
87
103
|
var _prepareTokenParams = require("./prepareTokenParams");
|
|
88
104
|
|
|
89
|
-
|
|
105
|
+
_Object$keys(_prepareTokenParams).forEach(function (key) {
|
|
90
106
|
if (key === "default" || key === "__esModule") return;
|
|
91
107
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
92
108
|
if (key in exports && exports[key] === _prepareTokenParams[key]) return;
|
|
@@ -100,7 +116,7 @@ Object.keys(_prepareTokenParams).forEach(function (key) {
|
|
|
100
116
|
|
|
101
117
|
var _refreshToken = require("./refreshToken");
|
|
102
118
|
|
|
103
|
-
|
|
119
|
+
_Object$keys(_refreshToken).forEach(function (key) {
|
|
104
120
|
if (key === "default" || key === "__esModule") return;
|
|
105
121
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
106
122
|
if (key in exports && exports[key] === _refreshToken[key]) return;
|
|
@@ -114,7 +130,7 @@ Object.keys(_refreshToken).forEach(function (key) {
|
|
|
114
130
|
|
|
115
131
|
var _urlParams = require("./urlParams");
|
|
116
132
|
|
|
117
|
-
|
|
133
|
+
_Object$keys(_urlParams).forEach(function (key) {
|
|
118
134
|
if (key === "default" || key === "__esModule") return;
|
|
119
135
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
120
136
|
if (key in exports && exports[key] === _urlParams[key]) return;
|
|
@@ -128,7 +144,7 @@ Object.keys(_urlParams).forEach(function (key) {
|
|
|
128
144
|
|
|
129
145
|
var _validateClaims = require("./validateClaims");
|
|
130
146
|
|
|
131
|
-
|
|
147
|
+
_Object$keys(_validateClaims).forEach(function (key) {
|
|
132
148
|
if (key === "default" || key === "__esModule") return;
|
|
133
149
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
134
150
|
if (key in exports && exports[key] === _validateClaims[key]) return;
|
|
@@ -142,7 +158,7 @@ Object.keys(_validateClaims).forEach(function (key) {
|
|
|
142
158
|
|
|
143
159
|
var _validateToken = require("./validateToken");
|
|
144
160
|
|
|
145
|
-
|
|
161
|
+
_Object$keys(_validateToken).forEach(function (key) {
|
|
146
162
|
if (key === "default" || key === "__esModule") return;
|
|
147
163
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
148
164
|
if (key in exports && exports[key] === _validateToken[key]) return;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAcA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAEA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.hasTokensInHash = hasTokensInHash;
|
|
4
6
|
exports.hasAuthorizationCode = hasAuthorizationCode;
|
|
5
7
|
exports.hasInteractionCode = hasInteractionCode;
|
|
@@ -10,6 +12,8 @@ exports.getHashOrSearch = getHashOrSearch;
|
|
|
10
12
|
exports.isLoginRedirect = isLoginRedirect;
|
|
11
13
|
exports.isInteractionRequired = isInteractionRequired;
|
|
12
14
|
|
|
15
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
16
|
+
|
|
13
17
|
/*!
|
|
14
18
|
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
15
19
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -46,7 +50,12 @@ function hasErrorInUrl(hashOrSearch) {
|
|
|
46
50
|
|
|
47
51
|
function isRedirectUri(uri, sdk) {
|
|
48
52
|
var authParams = sdk.options;
|
|
49
|
-
|
|
53
|
+
|
|
54
|
+
if (!uri || !authParams.redirectUri) {
|
|
55
|
+
return false;
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
return (0, _indexOf.default)(uri).call(uri, authParams.redirectUri) === 0;
|
|
50
59
|
}
|
|
51
60
|
|
|
52
61
|
function isCodeFlow(options) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":";;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAAqE;AAC1E,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;;AACA,MAAI,CAACH,GAAD,IAAQ,CAACE,UAAU,CAACE,WAAxB,EAAqC;AACnC,WAAO,KAAP;AACD;;AACD,SAAO,sBAAAJ,GAAG,MAAH,CAAAA,GAAG,EAASE,UAAU,CAACE,WAApB,CAAH,KAAwC,CAA/C;AACD;;AAEM,SAASC,UAAT,CAAoBF,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACG,IAAR,IAAgBH,OAAO,CAACI,YAAR,KAAyB,MAAzC,IAAmDJ,OAAO,CAACK,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBN,OAAzB,EAAmD;AACxD,MAAIO,QAAQ,GAAGL,UAAU,CAACF,OAAD,CAAzB;AACA,MAAIQ,QAAQ,GAAGD,QAAQ,IAAIP,OAAO,CAACK,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBpB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASsB,eAAT,CAA0Bd,GAA1B,EAAkD;AACvD;AACA,MAAI,CAACF,aAAa,CAACa,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBf,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJsD,CAMvD;;;AACA,MAAIS,QAAQ,GAAGL,UAAU,CAACJ,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIc,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAItB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOqB,OAAP;AACD,GAjBsD,CAmBvD;;;AACA,SAAOzB,eAAe,CAACoB,MAAM,CAACC,QAAP,CAAgBpB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASyB,qBAAT,CAAgCjB,GAAhC,EAAwDL,YAAxD,EAA+E;AACpF,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,CAACmB,eAAe,CAACd,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthInterface, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthInterface): boolean {\n var authParams = sdk.options;\n if (!uri || !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthInterface) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthInterface, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}
|
package/cjs/oidc/util/oauth.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
4
|
|
|
5
5
|
exports.generateState = generateState;
|
|
6
6
|
exports.generateNonce = generateNonce;
|
|
@@ -8,6 +8,8 @@ exports.getOAuthBaseUrl = getOAuthBaseUrl;
|
|
|
8
8
|
exports.getOAuthDomain = getOAuthDomain;
|
|
9
9
|
exports.getOAuthUrls = getOAuthUrls;
|
|
10
10
|
|
|
11
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
12
|
+
|
|
11
13
|
var _util = require("../../util");
|
|
12
14
|
|
|
13
15
|
var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"));
|
|
@@ -41,7 +43,7 @@ function getIssuer(sdk, options = {}) {
|
|
|
41
43
|
|
|
42
44
|
function getOAuthBaseUrl(sdk, options = {}) {
|
|
43
45
|
const issuer = getIssuer(sdk, options);
|
|
44
|
-
const baseUrl = issuer.
|
|
46
|
+
const baseUrl = (0, _indexOf.default)(issuer).call(issuer, '/oauth2') > 0 ? issuer : issuer + '/oauth2';
|
|
45
47
|
return baseUrl;
|
|
46
48
|
}
|
|
47
49
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAA2CC,OAAmB,GAAG,EAAjE,EAAqE;AACnE,QAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAiDC,OAAmB,GAAG,EAAvE,EAA2E;AAChF,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMG,OAAO,GAAG,sBAAAF,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBL,GAAxB,EAAgDC,OAAmB,GAAG,EAAtE,EAA0E;AAC/E,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMK,MAAM,GAAGJ,MAAM,CAACK,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBR,GAAtB,EAA8CC,OAA9C,EAAgF;AACrF,MAAIQ,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,UAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;AACD;;AACDV,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJqF,CAMrF;;AACA,MAAIW,YAAY,GAAG,+BAAoBX,OAAO,CAACW,YAA5B,KAA6CZ,GAAG,CAACC,OAAJ,CAAYW,YAA5E;AACA,MAAIV,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;AACA,MAAIY,WAAW,GAAG,+BAAoBZ,OAAO,CAACY,WAA5B,KAA4Cb,GAAG,CAACC,OAAJ,CAAYY,WAA1E;AACA,MAAIC,QAAQ,GAAG,+BAAoBb,OAAO,CAACa,QAA5B,KAAyCd,GAAG,CAACC,OAAJ,CAAYa,QAApE;AACA,MAAIC,SAAS,GAAG,+BAAoBd,OAAO,CAACc,SAA5B,KAA0Cf,GAAG,CAACC,OAAJ,CAAYc,SAAtE;AACA,MAAIC,SAAS,GAAG,+BAAoBf,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;AAEA,MAAIZ,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;AAEAW,EAAAA,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;AACAS,EAAAA,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;AACAU,EAAAA,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;AACAY,EAAAA,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;AACAW,EAAAA,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;AAEA,SAAO;AACLF,IAAAA,MAAM,EAAEA,MADH;AAELU,IAAAA,YAAY,EAAEA,YAFT;AAGLC,IAAAA,WAAW,EAAEA,WAHR;AAILC,IAAAA,QAAQ,EAAEA,QAJL;AAKLE,IAAAA,SAAS,EAAEA,SALN;AAMLD,IAAAA,SAAS,EAAEA;AANN,GAAP;AAQD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthInterface, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options || {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl || baseUrl + '/v1/token';\n revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n"],"file":"oauth.js"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
exports.createOAuthMeta = createOAuthMeta;
|
|
4
|
+
|
|
5
|
+
var _oauth = require("./oauth");
|
|
6
|
+
|
|
7
|
+
/* eslint-disable @typescript-eslint/no-non-null-assertion */
|
|
8
|
+
function createOAuthMeta(sdk, tokenParams) {
|
|
9
|
+
const issuer = sdk.options.issuer;
|
|
10
|
+
const urls = (0, _oauth.getOAuthUrls)(sdk, tokenParams);
|
|
11
|
+
const oauthMeta = {
|
|
12
|
+
issuer,
|
|
13
|
+
urls,
|
|
14
|
+
clientId: tokenParams.clientId,
|
|
15
|
+
redirectUri: tokenParams.redirectUri,
|
|
16
|
+
responseType: tokenParams.responseType,
|
|
17
|
+
responseMode: tokenParams.responseMode,
|
|
18
|
+
scopes: tokenParams.scopes,
|
|
19
|
+
state: tokenParams.state,
|
|
20
|
+
nonce: tokenParams.nonce,
|
|
21
|
+
ignoreSignature: tokenParams.ignoreSignature
|
|
22
|
+
};
|
|
23
|
+
|
|
24
|
+
if (tokenParams.pkce === false) {
|
|
25
|
+
// Implicit flow or authorization_code without PKCE
|
|
26
|
+
return oauthMeta;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
const pkceMeta = { ...oauthMeta,
|
|
30
|
+
codeVerifier: tokenParams.codeVerifier,
|
|
31
|
+
codeChallengeMethod: tokenParams.codeChallengeMethod,
|
|
32
|
+
codeChallenge: tokenParams.codeChallenge
|
|
33
|
+
};
|
|
34
|
+
return pkceMeta;
|
|
35
|
+
}
|
|
36
|
+
//# sourceMappingURL=oauthMeta.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;AAC5C,QAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;AACA,QAAME,IAAI,GAAG,yBAAaJ,GAAb,EAAkBC,WAAlB,CAAb;AACA,QAAMI,SAA+B,GAAG;AACtCH,IAAAA,MADsC;AAEtCE,IAAAA,IAFsC;AAGtCE,IAAAA,QAAQ,EAAEL,WAAW,CAACK,QAHgB;AAItCC,IAAAA,WAAW,EAAEN,WAAW,CAACM,WAJa;AAKtCC,IAAAA,YAAY,EAAEP,WAAW,CAACO,YALY;AAMtCC,IAAAA,YAAY,EAAER,WAAW,CAACQ,YANY;AAOtCC,IAAAA,MAAM,EAAET,WAAW,CAACS,MAPkB;AAQtCC,IAAAA,KAAK,EAAEV,WAAW,CAACU,KARmB;AAStCC,IAAAA,KAAK,EAAEX,WAAW,CAACW,KATmB;AAUtCC,IAAAA,eAAe,EAAEZ,WAAW,CAACY;AAVS,GAAxC;;AAaA,MAAIZ,WAAW,CAACa,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOT,SAAP;AACD;;AAED,QAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;AAEpCW,IAAAA,YAAY,EAAEf,WAAW,CAACe,YAFU;AAGpCC,IAAAA,mBAAmB,EAAEhB,WAAW,CAACgB,mBAHG;AAIpCC,IAAAA,aAAa,EAAEjB,WAAW,CAACiB;AAJS,GAAtC;AAOA,SAAOH,QAAP;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n sdk: OktaAuthInterface, \n tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n"],"file":"oauthMeta.js"}
|
package/cjs/oidc/util/pkce.js
CHANGED
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.default = void 0;
|
|
4
6
|
|
|
7
|
+
var _from = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/array/from"));
|
|
8
|
+
|
|
9
|
+
var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
|
|
10
|
+
|
|
5
11
|
var _crypto = require("../../crypto");
|
|
6
12
|
|
|
7
13
|
var _constants = require("../../constants");
|
|
@@ -29,18 +35,20 @@ function getRandomString(length) {
|
|
|
29
35
|
|
|
30
36
|
_crypto.webcrypto.getRandomValues(a);
|
|
31
37
|
|
|
32
|
-
var str =
|
|
33
|
-
return str.
|
|
38
|
+
var str = (0, _from.default)(a, dec2hex).join('');
|
|
39
|
+
return (0, _slice.default)(str).call(str, 0, length);
|
|
34
40
|
}
|
|
35
41
|
|
|
36
42
|
function generateVerifier(prefix) {
|
|
43
|
+
var _context;
|
|
44
|
+
|
|
37
45
|
var verifier = prefix || '';
|
|
38
46
|
|
|
39
47
|
if (verifier.length < _constants.MIN_VERIFIER_LENGTH) {
|
|
40
48
|
verifier = verifier + getRandomString(_constants.MIN_VERIFIER_LENGTH - verifier.length);
|
|
41
49
|
}
|
|
42
50
|
|
|
43
|
-
return encodeURIComponent(verifier).
|
|
51
|
+
return (0, _slice.default)(_context = encodeURIComponent(verifier)).call(_context, 0, _constants.MAX_VERIFIER_LENGTH);
|
|
44
52
|
}
|
|
45
53
|
|
|
46
54
|
function computeChallenge(str) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;AACAK,oBAAUC,eAAV,CAA0BL,CAA1B;;AACA,MAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;AACA,SAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;AAAA;;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;AACzCD,IAAAA,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,iCAAsBD,QAAQ,CAACX,MAAhC,CAArC;AACD;;AACD,SAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;AACvD,MAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;AACA,SAAOF,kBAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;eAEc;AACbC,EAAAA,6BAA6B,EAA7BA,wCADa;AAEbnB,EAAAA,gBAFa;AAGbM,EAAAA;AAHa,C","sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix || '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n"],"file":"pkce.js"}
|
|
@@ -1,21 +1,26 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
4
|
|
|
5
|
+
exports.assertPKCESupport = assertPKCESupport;
|
|
6
|
+
exports.validateCodeChallengeMethod = validateCodeChallengeMethod;
|
|
7
|
+
exports.preparePKCE = preparePKCE;
|
|
5
8
|
exports.prepareTokenParams = prepareTokenParams;
|
|
6
9
|
|
|
10
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
11
|
+
|
|
7
12
|
var _wellKnown = require("../endpoints/well-known");
|
|
8
13
|
|
|
9
14
|
var _errors = require("../../errors");
|
|
10
15
|
|
|
11
|
-
var _util = require("../../util");
|
|
12
|
-
|
|
13
16
|
var _defaultTokenParams = require("./defaultTokenParams");
|
|
14
17
|
|
|
15
18
|
var _constants = require("../../constants");
|
|
16
19
|
|
|
17
20
|
var _pkce = _interopRequireDefault(require("./pkce"));
|
|
18
21
|
|
|
22
|
+
/* eslint-disable complexity */
|
|
23
|
+
|
|
19
24
|
/*!
|
|
20
25
|
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
21
26
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -28,18 +33,7 @@ var _pkce = _interopRequireDefault(require("./pkce"));
|
|
|
28
33
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
29
34
|
*
|
|
30
35
|
*/
|
|
31
|
-
|
|
32
|
-
function prepareTokenParams(sdk, tokenParams) {
|
|
33
|
-
// build params using defaults + options
|
|
34
|
-
const defaults = (0, _defaultTokenParams.getDefaultTokenParams)(sdk);
|
|
35
|
-
tokenParams = Object.assign({}, defaults, (0, _util.clone)(tokenParams));
|
|
36
|
-
|
|
37
|
-
if (tokenParams.pkce === false) {
|
|
38
|
-
// Implicit flow or authorization_code without PKCE
|
|
39
|
-
return Promise.resolve(tokenParams);
|
|
40
|
-
} // PKCE flow
|
|
41
|
-
|
|
42
|
-
|
|
36
|
+
function assertPKCESupport(sdk) {
|
|
43
37
|
if (!sdk.features.isPKCESupported()) {
|
|
44
38
|
var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';
|
|
45
39
|
|
|
@@ -53,35 +47,64 @@ function prepareTokenParams(sdk, tokenParams) {
|
|
|
53
47
|
errorMessage += '\n"TextEncoder" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';
|
|
54
48
|
}
|
|
55
49
|
|
|
56
|
-
|
|
57
|
-
}
|
|
50
|
+
throw new _errors.AuthSdkError(errorMessage);
|
|
51
|
+
}
|
|
52
|
+
}
|
|
58
53
|
|
|
54
|
+
async function validateCodeChallengeMethod(sdk, codeChallengeMethod) {
|
|
55
|
+
// set default code challenge method, if none provided
|
|
56
|
+
codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || _constants.DEFAULT_CODE_CHALLENGE_METHOD; // validate against .well-known/openid-configuration
|
|
59
57
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
} // responseType is forced
|
|
58
|
+
const wellKnownResponse = await (0, _wellKnown.getWellKnown)(sdk);
|
|
59
|
+
var methods = wellKnownResponse['code_challenge_methods_supported'] || [];
|
|
63
60
|
|
|
61
|
+
if ((0, _indexOf.default)(methods).call(methods, codeChallengeMethod) === -1) {
|
|
62
|
+
throw new _errors.AuthSdkError('Invalid code_challenge_method');
|
|
63
|
+
}
|
|
64
64
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
var methods = res['code_challenge_methods_supported'] || [];
|
|
65
|
+
return codeChallengeMethod;
|
|
66
|
+
}
|
|
68
67
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
68
|
+
async function preparePKCE(sdk, tokenParams) {
|
|
69
|
+
let {
|
|
70
|
+
codeVerifier,
|
|
71
|
+
codeChallenge,
|
|
72
|
+
codeChallengeMethod
|
|
73
|
+
} = tokenParams; // PKCE calculations can be avoided by passing a codeChallenge
|
|
74
|
+
|
|
75
|
+
codeChallenge = codeChallenge || sdk.options.codeChallenge;
|
|
76
|
+
|
|
77
|
+
if (!codeChallenge) {
|
|
78
|
+
assertPKCESupport(sdk);
|
|
79
|
+
codeVerifier = codeVerifier || _pkce.default.generateVerifier();
|
|
80
|
+
codeChallenge = await _pkce.default.computeChallenge(codeVerifier);
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod); // Clone/copy the params. Set PKCE values
|
|
84
|
+
|
|
85
|
+
tokenParams = { ...tokenParams,
|
|
86
|
+
responseType: 'code',
|
|
87
|
+
// responseType is forced
|
|
88
|
+
codeVerifier,
|
|
89
|
+
codeChallenge,
|
|
90
|
+
codeChallengeMethod
|
|
91
|
+
};
|
|
92
|
+
return tokenParams;
|
|
93
|
+
} // Prepares params for a call to /authorize or /token
|
|
94
|
+
|
|
95
|
+
|
|
96
|
+
async function prepareTokenParams(sdk, tokenParams = {}) {
|
|
97
|
+
// build params using defaults + options
|
|
98
|
+
const defaults = (0, _defaultTokenParams.getDefaultTokenParams)(sdk);
|
|
99
|
+
tokenParams = { ...defaults,
|
|
100
|
+
...tokenParams
|
|
101
|
+
};
|
|
102
|
+
|
|
103
|
+
if (tokenParams.pkce === false) {
|
|
104
|
+
// Implicit flow or authorization_code without PKCE
|
|
105
|
+
return tokenParams;
|
|
106
|
+
}
|
|
76
107
|
|
|
77
|
-
|
|
78
|
-
}).then(function (codeChallenge) {
|
|
79
|
-
// Clone/copy the params. Set codeChallenge
|
|
80
|
-
var clonedParams = (0, _util.clone)(tokenParams) || {};
|
|
81
|
-
Object.assign(clonedParams, tokenParams, {
|
|
82
|
-
codeChallenge: codeChallenge
|
|
83
|
-
});
|
|
84
|
-
return clonedParams;
|
|
85
|
-
});
|
|
108
|
+
return preparePKCE(sdk, tokenParams);
|
|
86
109
|
}
|
|
87
110
|
//# sourceMappingURL=prepareTokenParams.js.map
|