@okta/okta-auth-js 5.10.0 → 6.1.0

package/cjs/OktaAuth.js

@@ -1,9 +1,21 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _WeakMap = require("@babel/runtime-corejs3/core-js-stable/weak-map");
+
+var _Object$getOwnPropertyDescriptor = require("@babel/runtime-corejs3/core-js-stable/object/get-own-property-descriptor");
+
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
 exports.default = void 0;
 
+var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
+
+var _keys = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/keys"));
+
+var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
+
+var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
+
 var constants = _interopRequireWildcard(require("./constants"));
 
 var _tx = require("./tx");
@@ -16,12 +28,14 @@ var _oidc = require("./oidc");
 
 var features = _interopRequireWildcard(require("./features"));
 
+var crypto = _interopRequireWildcard(require("./crypto"));
+
+var webauthn = _interopRequireWildcard(require("./crypto/webauthn"));
+
 var _browserStorage = _interopRequireDefault(require("./browser/browserStorage"));
 
 var _util = require("./util");
 
-var _builderUtil = require("./builderUtil");
-
 var _TokenManager = require("./TokenManager");
 
 var _http = require("./http");
@@ -32,7 +46,7 @@ var _fingerprint = _interopRequireDefault(require("./browser/fingerprint"));
 
 var _AuthStateManager = require("./AuthStateManager");
 
-var _StorageManager = _interopRequireDefault(require("./StorageManager"));
+var _StorageManager = require("./StorageManager");
 
 var _TransactionManager = _interopRequireDefault(require("./TransactionManager"));
 
@@ -46,9 +60,11 @@ var _OktaUserAgent = require("./OktaUserAgent");
 
 var _parseFromUrl = require("./oidc/parseFromUrl");
 
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+var _transactionMeta = require("./idx/transactionMeta");
+
+function _getRequireWildcardCache(nodeInterop) { if (typeof _WeakMap !== "function") return null; var cacheBabelInterop = new _WeakMap(); var cacheNodeInterop = new _WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && _Object$getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? _Object$getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 
 /* eslint-disable max-statements */
 
@@ -66,32 +82,30 @@ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj &&
  * See the License for the specific language governing permissions and limitations under the License.
  */
 
-/* SDK_VERSION is defined in webpack config */
-
-/* global window, SDK_VERSION */
+/* global window */
+// eslint-disable-next-line import/no-commonjs
 const Emitter = require('tiny-emitter');
 
 class OktaAuth {
-  // keep this field to compatible with released downstream SDK versions
-  // TODO: remove in version 6
-  // JIRA: https://oktainc.atlassian.net/browse/OKTA-419417
   constructor(args) {
-    const options = this.options = (0, _options.buildOptions)(args);
-    this.storageManager = new _StorageManager.default(options.storageManager, options.cookies, options.storageUtil);
-    this.transactionManager = new _TransactionManager.default(Object.assign({
+    const options = this.options = (0, _options.buildOptions)(args); // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+
+    this.storageManager = new _StorageManager.StorageManager(options.storageManager, options.cookies, options.storageUtil);
+    this.transactionManager = new _TransactionManager.default((0, _assign.default)({
       storageManager: this.storageManager
     }, options.transactionManager));
     this._oktaUserAgent = new _OktaUserAgent.OktaUserAgent();
     this.tx = {
       status: _tx.transactionStatus.bind(null, this),
       resume: _tx.resumeTransaction.bind(null, this),
-      exists: Object.assign(_tx.transactionExists.bind(null, this), {
+      exists: (0, _assign.default)(_tx.transactionExists.bind(null, this), {
         _get: name => {
+          // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
           const storage = options.storageUtil.storage;
           return storage.get(name);
         }
       }),
-      introspect: _tx.introspect.bind(null, this)
+      introspect: _tx.introspectAuthn.bind(null, this)
     };
     this.pkce = {
       DEFAULT_CODE_CHALLENGE_METHOD: _pkce.default.DEFAULT_CODE_CHALLENGE_METHOD,
@@ -99,7 +113,7 @@ class OktaAuth {
       computeChallenge: _pkce.default.computeChallenge
     }; // Add shims for compatibility, these will be removed in next major version. OKTA-362589
 
-    Object.assign(this.options.storageUtil, {
+    (0, _assign.default)(this.options.storageUtil, {
       getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),
       getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager)
     });
@@ -108,13 +122,10 @@ class OktaAuth {
     };
 
     if ((0, features.isBrowser)()) {
-      this.options = Object.assign(this.options, {
+      this.options = (0, _assign.default)(this.options, {
         redirectUri: (0, _util.toAbsoluteUrl)(args.redirectUri, window.location.origin) // allow relative URIs
 
       });
-      this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js/${"5.10.0"}`);
-    } else {
-      this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js-server/${"5.10.0"}`);
     } // Digital clocks will drift over time, so the server
     // can misalign with the time reported by the browser.
     // The maxClockSkew allows relaxing the time-based
@@ -142,13 +153,42 @@ class OktaAuth {
       setCookieAndRedirect: _session.setCookieAndRedirect.bind(null, this)
     };
     this._tokenQueue = new _PromiseQueue.default();
+
+    const useQueue = method => {
+      return _PromiseQueue.default.prototype.push.bind(this._tokenQueue, method, null);
+    }; // eslint-disable-next-line max-len
+
+
+    const getWithRedirectFn = useQueue(_oidc.getWithRedirect.bind(null, this));
+    const getWithRedirectApi = (0, _assign.default)(getWithRedirectFn, {
+      // This is exposed so we can set window.location in our tests
+      _setLocation: function (url) {
+        window.location = url;
+      }
+    }); // eslint-disable-next-line max-len
+
+    const parseFromUrlFn = useQueue(_oidc.parseFromUrl.bind(null, this));
+    const parseFromUrlApi = (0, _assign.default)(parseFromUrlFn, {
+      // This is exposed so we can mock getting window.history in our tests
+      _getHistory: function () {
+        return window.history;
+      },
+      // This is exposed so we can mock getting window.location in our tests
+      _getLocation: function () {
+        return window.location;
+      },
+      // This is exposed so we can mock getting window.document in our tests
+      _getDocument: function () {
+        return window.document;
+      }
+    });
     this.token = {
       prepareTokenParams: _oidc.prepareTokenParams.bind(null, this),
       exchangeCodeForTokens: _oidc.exchangeCodeForTokens.bind(null, this),
       getWithoutPrompt: _oidc.getWithoutPrompt.bind(null, this),
       getWithPopup: _oidc.getWithPopup.bind(null, this),
-      getWithRedirect: _oidc.getWithRedirect.bind(null, this),
-      parseFromUrl: _oidc.parseFromUrl.bind(null, this),
+      getWithRedirect: getWithRedirectApi,
+      parseFromUrl: parseFromUrlApi,
       decode: _oidc.decodeToken,
       revoke: _oidc.revokeToken.bind(null, this),
       renew: _oidc.renewToken.bind(null, this),
@@ -159,55 +199,57 @@ class OktaAuth {
       isLoginRedirect: _oidc.isLoginRedirect.bind(null, this)
     }; // Wrap all async token API methods using MethodQueue to avoid issues with concurrency
 
-    const syncMethods = ['decode', 'isLoginRedirect'];
-    Object.keys(this.token).forEach(key => {
-      if (syncMethods.indexOf(key) >= 0) {
+    const syncMethods = [// sync methods
+    'decode', 'isLoginRedirect', // already bound
+    'getWithRedirect', 'parseFromUrl'];
+    (0, _keys.default)(this.token).forEach(key => {
+      if ((0, _indexOf.default)(syncMethods).call(syncMethods, key) >= 0) {
         // sync methods should not be wrapped
         return;
       }
 
       var method = this.token[key];
       this.token[key] = _PromiseQueue.default.prototype.push.bind(this._tokenQueue, method, null);
-    });
-    Object.assign(this.token.getWithRedirect, {
-      // This is exposed so we can set window.location in our tests
-      _setLocation: function (url) {
-        window.location = url;
-      }
-    });
-    Object.assign(this.token.parseFromUrl, {
-      // This is exposed so we can mock getting window.history in our tests
-      _getHistory: function () {
-        return window.history;
-      },
-      // This is exposed so we can mock getting window.location in our tests
-      _getLocation: function () {
-        return window.location;
-      },
-      // This is exposed so we can mock getting window.document in our tests
-      _getDocument: function () {
-        return window.document;
-      }
     }); // IDX
 
+    const boundStartTransaction = _idx.startTransaction.bind(null, this);
+
     this.idx = {
       interact: _idx.interact.bind(null, this),
       introspect: _idx.introspect.bind(null, this),
       authenticate: _idx.authenticate.bind(null, this),
       register: _idx.register.bind(null, this),
+      start: boundStartTransaction,
+      startTransaction: boundStartTransaction,
+      // Use `start` instead. `startTransaction` will be removed in 7.0
       poll: _idx.poll.bind(null, this),
       proceed: _idx.proceed.bind(null, this),
       cancel: _idx.cancel.bind(null, this),
       recoverPassword: _idx.recoverPassword.bind(null, this),
+      // oauth redirect callback
       handleInteractionCodeRedirect: _idx.handleInteractionCodeRedirect.bind(null, this),
-      startTransaction: _idx.startTransaction.bind(null, this),
+      // interaction required callback
+      isInteractionRequired: _oidc.isInteractionRequired.bind(null, this),
+      isInteractionRequiredError: _oidc.isInteractionRequiredError,
+      // email verify callback
+      handleEmailVerifyCallback: _idx.handleEmailVerifyCallback.bind(null, this),
+      isEmailVerifyCallback: _idx.isEmailVerifyCallback,
+      parseEmailVerifyCallback: _idx.parseEmailVerifyCallback,
+      isEmailVerifyCallbackError: _idx.isEmailVerifyCallbackError,
+      getSavedTransactionMeta: _transactionMeta.getSavedTransactionMeta.bind(null, this),
+      createTransactionMeta: _transactionMeta.createTransactionMeta.bind(null, this),
+      getTransactionMeta: _transactionMeta.getTransactionMeta.bind(null, this),
+      saveTransactionMeta: _transactionMeta.saveTransactionMeta.bind(null, this),
+      clearTransactionMeta: _transactionMeta.clearTransactionMeta.bind(null, this),
+      isTransactionMetaValid: _transactionMeta.isTransactionMetaValid,
       setFlow: flow => {
         this.options.flow = flow;
       },
       getFlow: () => {
         return this.options.flow;
       },
-      canProceed: _idx.canProceed.bind(null, this)
+      canProceed: _idx.canProceed.bind(null, this),
+      unlockAccount: _idx.unlockAccount.bind(null, this)
     };
     (0, _headers.setGlobalRequestInterceptor)((0, _headers.createGlobalRequestInterceptor)(this)); // to pass custom headers to IDX endpoints
     // HTTP
@@ -237,34 +279,14 @@ class OktaAuth {
   }
 
   setHeaders(headers) {
-    this.options.headers = Object.assign({}, this.options.headers, headers);
-  } // ES6 module users can use named exports to access all symbols
-  // CommonJS module users (CDN) need all exports on this object
-  // Utility methods for interaction code flow
-
-
-  isInteractionRequired(hashOrSearch) {
-    return (0, _oidc.isInteractionRequired)(this, hashOrSearch);
-  }
-
-  isInteractionRequiredError(error) {
-    return (0, _oidc.isInteractionRequiredError)(error);
-  } // Utility methods for email verify callback
+    this.options.headers = (0, _assign.default)({}, this.options.headers, headers);
+  } // Authn  V1
 
 
-  isEmailVerifyCallback(urlPath) {
-    return (0, _util.isEmailVerifyCallback)(urlPath);
-  }
-
-  parseEmailVerifyCallback(urlPath) {
-    return (0, _util.parseEmailVerifyCallback)(urlPath);
-  }
-
   async signIn(opts) {
-    // TODO: support interaction code flow
-    // Authn V1 flow
     return this.signInWithCredentials(opts);
-  }
+  } // Authn  V1
+
 
   async signInWithCredentials(opts) {
     opts = (0, _util.clone)(opts || {});
@@ -306,7 +328,7 @@ class OktaAuth {
         this.setOriginalUri(originalUri);
       }
 
-      const params = Object.assign({
+      const params = (0, _assign.default)({
         // TODO: remove this line when default scopes are changed OKTA-343294
         scopes: this.options.scopes || ['openid', 'email', 'profile']
       }, additionalParams);
@@ -342,7 +364,7 @@ class OktaAuth {
 
 
     if (!accessToken) {
-      return Promise.resolve(null);
+      return _promise.default.resolve(null);
     }
 
     return this.token.revoke(accessToken);
@@ -358,7 +380,7 @@ class OktaAuth {
 
 
     if (!refreshToken) {
-      return Promise.resolve(null);
+      return _promise.default.resolve(null);
     }
 
     return this.token.revoke(refreshToken);
@@ -402,7 +424,7 @@ class OktaAuth {
 
 
   async signOut(options) {
-    options = Object.assign({}, options); // postLogoutRedirectUri must be whitelisted in Okta Admin UI
+    options = (0, _assign.default)({}, options); // postLogoutRedirectUri must be whitelisted in Okta Admin UI
 
     var defaultUri = window.location.origin;
     var currentUri = window.location.href;
@@ -448,11 +470,11 @@ class OktaAuth {
         }
       });
     } else {
-      if (options.clearTokensAfterRedirect) {
-        this.tokenManager.addPendingRemoveFlags();
-      } else {
+      if (options.clearTokensBeforeRedirect) {
         // Clear all local tokens
         this.tokenManager.clear();
+      } else {
+        this.tokenManager.addPendingRemoveFlags();
       } // Flow ends with logout redirect
 
 
@@ -486,7 +508,7 @@ class OktaAuth {
     } = this.tokenManager.getOptions();
 
     if (accessToken && this.tokenManager.hasExpired(accessToken)) {
-      accessToken = null;
+      accessToken = undefined;
 
       if (autoRenew) {
         try {
@@ -499,7 +521,7 @@ class OktaAuth {
     }
 
     if (idToken && this.tokenManager.hasExpired(idToken)) {
-      idToken = null;
+      idToken = undefined;
 
       if (autoRenew) {
         try {
@@ -584,7 +606,7 @@ class OktaAuth {
 
     const storage = _browserStorage.default.getSessionStorage();
 
-    return storage ? storage.getItem(constants.REFERRER_PATH_STORAGE_KEY) : undefined;
+    return storage ? storage.getItem(constants.REFERRER_PATH_STORAGE_KEY) || undefined : undefined;
   }
 
   removeOriginalUri(state) {
@@ -597,7 +619,7 @@ class OktaAuth {
 
     if (state) {
       const sharedStorage = this.storageManager.getOriginalUriStorage();
-      sharedStorage.removeItem(state);
+      sharedStorage.removeItem && sharedStorage.removeItem(state);
     }
   }
 
@@ -612,11 +634,17 @@ class OktaAuth {
       this.tokenManager.setTokens(tokens);
       originalUri = originalUri || this.getOriginalUri(this.options.state);
     } else if (this.isLoginRedirect()) {
-      // For redirect flow, get state from the URL and use it to retrieve the originalUri
-      const oAuthResponse = await (0, _parseFromUrl.parseOAuthResponseFromUrl)(this, {});
-      state = oAuthResponse.state;
-      originalUri = originalUri || this.getOriginalUri(state);
-      await this.storeTokensFromRedirect();
+      try {
+        // For redirect flow, get state from the URL and use it to retrieve the originalUri
+        const oAuthResponse = await (0, _parseFromUrl.parseOAuthResponseFromUrl)(this, {});
+        state = oAuthResponse.state;
+        originalUri = originalUri || this.getOriginalUri(state);
+        await this.storeTokensFromRedirect();
+      } catch (e) {
+        // auth state should be updated
+        await this.authStateManager.updateAuthState();
+        throw e;
+      }
     } else {
       return; // nothing to do
     } // ensure auth state has been updated
@@ -632,7 +660,7 @@ class OktaAuth {
 
     if (restoreOriginalUri) {
       await restoreOriginalUri(this, originalUri);
-    } else {
+    } else if (originalUri) {
       window.location.replace(originalUri);
     }
   }
@@ -645,7 +673,9 @@ class OktaAuth {
     let hasResponseType = false;
 
     if (Array.isArray(this.options.responseType) && this.options.responseType.length) {
-      hasResponseType = this.options.responseType.indexOf(responseType) >= 0;
+      var _context;
+
+      hasResponseType = (0, _indexOf.default)(_context = this.options.responseType).call(_context, responseType) >= 0;
     } else {
       hasResponseType = this.options.responseType === responseType;
     }
@@ -663,6 +693,7 @@ class OktaAuth {
 
   getIssuerOrigin() {
     // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
     return this.options.issuer.split('/oauth2/')[0];
   } // { username, (relayState) }
 
@@ -679,16 +710,29 @@ class OktaAuth {
 
   verifyRecoveryToken(opts) {
     return (0, _tx.postToTransaction)(this, '/api/v1/authn/recovery/token', opts);
+  } // Escape hatch method to make arbitrary OKTA API call
+
+
+  async invokeApiMethod(options) {
+    if (!options.accessToken) {
+      const accessToken = (await this.tokenManager.getTokens()).accessToken;
+      options.accessToken = accessToken === null || accessToken === void 0 ? void 0 : accessToken.accessToken;
+    }
+
+    return (0, _http.httpRequest)(this, options);
   }
 
 } // Hoist feature detection functions to static type
 
 
-OktaAuth.features = OktaAuth.prototype.features = features; // Also hoist values and utility functions for CommonJS users
+OktaAuth.features = OktaAuth.prototype.features = features; // Hoist crypto utils to static type
+
+OktaAuth.crypto = crypto; // Hoist webauthn utils to static type
+
+OktaAuth.webauthn = webauthn; // Also hoist constants for CommonJS users
 
-Object.assign(OktaAuth, {
-  constants,
-  isInteractionRequiredError: _oidc.isInteractionRequiredError
+(0, _assign.default)(OktaAuth, {
+  constants
 });
 var _default = OktaAuth;
 exports.default = _default;