@okta/okta-auth-js 5.10.0 → 6.1.0

package/cjs/idx/authenticator/getAuthenticator.js

@@ -12,21 +12,25 @@ var _SecurityQuestionEnrollment = require("./SecurityQuestionEnrollment");
 
 var _SecurityQuestionVerification = require("./SecurityQuestionVerification");
 
+var _WebauthnEnrollment = require("./WebauthnEnrollment");
+
+var _WebauthnVerification = require("./WebauthnVerification");
+
 var _types = require("../types");
 
+/* eslint complexity:[0,8] */
 function getAuthenticator(remediation) {
-  const {
-    relatesTo: {
-      value
-    } = {}
-  } = remediation;
+  var _value$contextualData, _value$contextualData2;
+
+  const relatesTo = remediation.relatesTo;
+  const value = (relatesTo === null || relatesTo === void 0 ? void 0 : relatesTo.value) || {};
 
   switch (value.key) {
     case _types.AuthenticatorKey.OKTA_PASSWORD:
       return new _OktaPassword.OktaPassword(value);
 
     case _types.AuthenticatorKey.SECURITY_QUESTION:
-      if (value.contextualData.enrolledQuestion) {
+      if ((_value$contextualData = value.contextualData) !== null && _value$contextualData !== void 0 && _value$contextualData.enrolledQuestion) {
         return new _SecurityQuestionVerification.SecurityQuestionVerification(value);
       } else {
         return new _SecurityQuestionEnrollment.SecurityQuestionEnrollment(value);
@@ -35,6 +39,13 @@ function getAuthenticator(remediation) {
     case _types.AuthenticatorKey.OKTA_VERIFY:
       return new _OktaVerifyTotp.OktaVerifyTotp(value);
 
+    case _types.AuthenticatorKey.WEBAUTHN:
+      if ((_value$contextualData2 = value.contextualData) !== null && _value$contextualData2 !== void 0 && _value$contextualData2.challengeData) {
+        return new _WebauthnVerification.WebauthnVerification(value);
+      } else {
+        return new _WebauthnEnrollment.WebauthnEnrollment(value);
+      }
+
     default:
       return new _VerificationCodeAuthenticator.VerificationCodeAuthenticator(value);
   }

package/cjs/idx/authenticator/getAuthenticator.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/authenticator/getAuthenticator.ts"],"names":["getAuthenticator","remediation","relatesTo","value","key","AuthenticatorKey","OKTA_PASSWORD","OktaPassword","SECURITY_QUESTION","contextualData","enrolledQuestion","SecurityQuestionVerification","SecurityQuestionEnrollment","OKTA_VERIFY","OktaVerifyTotp","VerificationCodeAuthenticator"],"mappings":";;;;AAAA;;AAEA;;AACA;;AACA;;AACA;;AAEA;;AAEO,SAASA,gBAAT,CAA0BC,WAA1B,EAAsE;AAC3E,QAAM;AAAEC,IAAAA,SAAS,EAAE;AAAEC,MAAAA;AAAF,QAAY;AAAzB,MAAgCF,WAAtC;;AACA,UAAQE,KAAK,CAACC,GAAd;AACE,SAAKC,wBAAiBC,aAAtB;AACE,aAAO,IAAIC,0BAAJ,CAAiBJ,KAAjB,CAAP;;AACF,SAAKE,wBAAiBG,iBAAtB;AACE,UAAIL,KAAK,CAACM,cAAN,CAAqBC,gBAAzB,EAA2C;AACzC,eAAO,IAAIC,0DAAJ,CAAiCR,KAAjC,CAAP;AACD,OAFD,MAEO;AACL,eAAO,IAAIS,sDAAJ,CAA+BT,KAA/B,CAAP;AACD;;AACH,SAAKE,wBAAiBQ,WAAtB;AACE,aAAO,IAAIC,8BAAJ,CAAmBX,KAAnB,CAAP;;AACF;AACE,aAAO,IAAIY,4DAAJ,CAAkCZ,KAAlC,CAAP;AAZJ;AAcD","sourcesContent":["import { OktaVerifyTotp } from './OktaVerifyTotp';\nimport { Authenticator } from './Authenticator';\nimport { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator';\nimport { OktaPassword } from './OktaPassword';\nimport { SecurityQuestionEnrollment } from './SecurityQuestionEnrollment';\nimport { SecurityQuestionVerification } from './SecurityQuestionVerification';\nimport { IdxRemediation } from '../types/idx-js';\nimport { AuthenticatorKey } from '../types';\n\nexport function getAuthenticator(remediation: IdxRemediation): Authenticator {\n  const { relatesTo: { value } = {} } = remediation;\n  switch (value.key) {\n    case AuthenticatorKey.OKTA_PASSWORD:\n      return new OktaPassword(value);\n    case AuthenticatorKey.SECURITY_QUESTION:\n      if (value.contextualData.enrolledQuestion) {\n        return new SecurityQuestionVerification(value);\n      } else {\n        return new SecurityQuestionEnrollment(value);\n      }\n    case AuthenticatorKey.OKTA_VERIFY:\n      return new OktaVerifyTotp(value);\n    default:\n      return new VerificationCodeAuthenticator(value);\n  }\n}\n"],"file":"getAuthenticator.js"}
+{"version":3,"sources":["../../../../lib/idx/authenticator/getAuthenticator.ts"],"names":["getAuthenticator","remediation","relatesTo","value","key","AuthenticatorKey","OKTA_PASSWORD","OktaPassword","SECURITY_QUESTION","contextualData","enrolledQuestion","SecurityQuestionVerification","SecurityQuestionEnrollment","OKTA_VERIFY","OktaVerifyTotp","WEBAUTHN","challengeData","WebauthnVerification","WebauthnEnrollment","VerificationCodeAuthenticator"],"mappings":";;;;AAAA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAEA;;AAEA;AACO,SAASA,gBAAT,CAA0BC,WAA1B,EAA2E;AAAA;;AAChF,QAAMC,SAAS,GAAGD,WAAW,CAACC,SAA9B;AACA,QAAMC,KAAK,GAAG,CAAAD,SAAS,SAAT,IAAAA,SAAS,WAAT,YAAAA,SAAS,CAAEC,KAAX,KAAoB,EAAlC;;AACA,UAAQA,KAAK,CAACC,GAAd;AACE,SAAKC,wBAAiBC,aAAtB;AACE,aAAO,IAAIC,0BAAJ,CAAiBJ,KAAjB,CAAP;;AACF,SAAKE,wBAAiBG,iBAAtB;AACE,mCAAIL,KAAK,CAACM,cAAV,kDAAI,sBAAsBC,gBAA1B,EAA4C;AAC1C,eAAO,IAAIC,0DAAJ,CAAiCR,KAAjC,CAAP;AACD,OAFD,MAEO;AACL,eAAO,IAAIS,sDAAJ,CAA+BT,KAA/B,CAAP;AACD;;AACH,SAAKE,wBAAiBQ,WAAtB;AACE,aAAO,IAAIC,8BAAJ,CAAmBX,KAAnB,CAAP;;AACF,SAAKE,wBAAiBU,QAAtB;AACE,oCAAIZ,KAAK,CAACM,cAAV,mDAAI,uBAAsBO,aAA1B,EAAyC;AACvC,eAAO,IAAIC,0CAAJ,CAAyBd,KAAzB,CAAP;AACD,OAFD,MAEO;AACL,eAAO,IAAIe,sCAAJ,CAAuBf,KAAvB,CAAP;AACD;;AACH;AACE,aAAO,IAAIgB,4DAAJ,CAAkChB,KAAlC,CAAP;AAlBJ;AAoBD","sourcesContent":["import { OktaVerifyTotp } from './OktaVerifyTotp';\nimport { Authenticator } from './Authenticator';\nimport { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator';\nimport { OktaPassword } from './OktaPassword';\nimport { SecurityQuestionEnrollment } from './SecurityQuestionEnrollment';\nimport { SecurityQuestionVerification } from './SecurityQuestionVerification';\nimport { WebauthnEnrollment } from './WebauthnEnrollment';\nimport { WebauthnVerification } from './WebauthnVerification';\nimport { IdxAuthenticator, IdxRemediation } from '../types/idx-js';\nimport { AuthenticatorKey } from '../types';\n\n/* eslint complexity:[0,8] */\nexport function getAuthenticator(remediation: IdxRemediation): Authenticator<any> {\n  const relatesTo = remediation.relatesTo;\n  const value = relatesTo?.value || {} as IdxAuthenticator;\n  switch (value.key) {\n    case AuthenticatorKey.OKTA_PASSWORD:\n      return new OktaPassword(value);\n    case AuthenticatorKey.SECURITY_QUESTION:\n      if (value.contextualData?.enrolledQuestion) {\n        return new SecurityQuestionVerification(value);\n      } else {\n        return new SecurityQuestionEnrollment(value);\n      }\n    case AuthenticatorKey.OKTA_VERIFY:\n      return new OktaVerifyTotp(value);\n    case AuthenticatorKey.WEBAUTHN:\n      if (value.contextualData?.challengeData) {\n        return new WebauthnVerification(value);\n      } else {\n        return new WebauthnEnrollment(value);\n      }\n    default:\n      return new VerificationCodeAuthenticator(value);\n  }\n}\n"],"file":"getAuthenticator.js"}

package/cjs/idx/authenticator/index.js

@@ -1,8 +1,10 @@
 "use strict";
 
+var _Object$keys = require("@babel/runtime-corejs3/core-js-stable/object/keys");
+
 var _getAuthenticator = require("./getAuthenticator");
 
-Object.keys(_getAuthenticator).forEach(function (key) {
+_Object$keys(_getAuthenticator).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _getAuthenticator[key]) return;
   Object.defineProperty(exports, key, {
@@ -15,7 +17,7 @@ Object.keys(_getAuthenticator).forEach(function (key) {
 
 var _Authenticator = require("./Authenticator");
 
-Object.keys(_Authenticator).forEach(function (key) {
+_Object$keys(_Authenticator).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _Authenticator[key]) return;
   Object.defineProperty(exports, key, {
@@ -28,7 +30,7 @@ Object.keys(_Authenticator).forEach(function (key) {
 
 var _VerificationCodeAuthenticator = require("./VerificationCodeAuthenticator");
 
-Object.keys(_VerificationCodeAuthenticator).forEach(function (key) {
+_Object$keys(_VerificationCodeAuthenticator).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _VerificationCodeAuthenticator[key]) return;
   Object.defineProperty(exports, key, {
@@ -41,7 +43,7 @@ Object.keys(_VerificationCodeAuthenticator).forEach(function (key) {
 
 var _OktaPassword = require("./OktaPassword");
 
-Object.keys(_OktaPassword).forEach(function (key) {
+_Object$keys(_OktaPassword).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _OktaPassword[key]) return;
   Object.defineProperty(exports, key, {
@@ -54,7 +56,7 @@ Object.keys(_OktaPassword).forEach(function (key) {
 
 var _SecurityQuestionEnrollment = require("./SecurityQuestionEnrollment");
 
-Object.keys(_SecurityQuestionEnrollment).forEach(function (key) {
+_Object$keys(_SecurityQuestionEnrollment).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _SecurityQuestionEnrollment[key]) return;
   Object.defineProperty(exports, key, {
@@ -67,7 +69,7 @@ Object.keys(_SecurityQuestionEnrollment).forEach(function (key) {
 
 var _SecurityQuestionVerification = require("./SecurityQuestionVerification");
 
-Object.keys(_SecurityQuestionVerification).forEach(function (key) {
+_Object$keys(_SecurityQuestionVerification).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _SecurityQuestionVerification[key]) return;
   Object.defineProperty(exports, key, {
@@ -77,4 +79,30 @@ Object.keys(_SecurityQuestionVerification).forEach(function (key) {
     }
   });
 });
+
+var _WebauthnEnrollment = require("./WebauthnEnrollment");
+
+_Object$keys(_WebauthnEnrollment).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (key in exports && exports[key] === _WebauthnEnrollment[key]) return;
+  Object.defineProperty(exports, key, {
+    enumerable: true,
+    get: function () {
+      return _WebauthnEnrollment[key];
+    }
+  });
+});
+
+var _WebauthnVerification = require("./WebauthnVerification");
+
+_Object$keys(_WebauthnVerification).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (key in exports && exports[key] === _WebauthnVerification[key]) return;
+  Object.defineProperty(exports, key, {
+    enumerable: true,
+    get: function () {
+      return _WebauthnVerification[key];
+    }
+  });
+});
 //# sourceMappingURL=index.js.map

package/cjs/idx/authenticator/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/authenticator/index.ts"],"names":[],"mappings":";;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["export * from './getAuthenticator';\nexport * from './Authenticator';\nexport * from './VerificationCodeAuthenticator';\nexport * from './OktaPassword';\nexport * from './SecurityQuestionEnrollment';\nexport * from './SecurityQuestionVerification';\n"],"file":"index.js"}
+{"version":3,"sources":["../../../../lib/idx/authenticator/index.ts"],"names":[],"mappings":";;;;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["export * from './getAuthenticator';\nexport * from './Authenticator';\nexport * from './VerificationCodeAuthenticator';\nexport * from './OktaPassword';\nexport * from './SecurityQuestionEnrollment';\nexport * from './SecurityQuestionVerification';\nexport * from './WebauthnEnrollment';\nexport * from './WebauthnVerification';\n\nimport { OktaPasswordInputValues } from './OktaPassword';\nimport { SecurityQuestionEnrollValues } from './SecurityQuestionEnrollment';\nimport { SecurityQuestionVerificationValues } from './SecurityQuestionVerification';\nimport { VerificationCodeValues } from './VerificationCodeAuthenticator';\nimport { WebauthnEnrollValues } from './WebauthnEnrollment';\nimport { WebauthnVerificationValues } from './WebauthnVerification';\n\nexport type AuthenticatorValues = OktaPasswordInputValues\n  & SecurityQuestionEnrollValues\n  & SecurityQuestionVerificationValues\n  & VerificationCodeValues\n  & WebauthnEnrollValues\n  & WebauthnVerificationValues;\n"],"file":"index.js"}

package/cjs/idx/cancel.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/cancel.ts"],"names":["cancel","authClient","options","meta","transactionManager","load","flowSpec","flow","actions"],"mappings":";;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,eAAeA,MAAf,CAAuBC,UAAvB,EAA6CC,OAA7C,EAAqE;AAC1E,QAAMC,IAAI,GAAGF,UAAU,CAACG,kBAAX,CAA8BC,IAA9B,EAAb;AACA,QAAMC,QAAQ,GAAG,gCAAqBL,UAArB,EAAiCE,IAAI,CAACI,IAAtC,CAAjB;AACA,SAAO,cAAIN,UAAJ,EAAgB,EACrB,GAAGC,OADkB;AAErB,OAAGI,QAFkB;AAGrBE,IAAAA,OAAO,EAAE,CAAC,QAAD;AAHY,GAAhB,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxOptions, IdxTransactionMeta } from '../types';\nimport { run } from './run';\nimport { getFlowSpecification } from './flow';\n\nexport type CancelOptions = IdxOptions;\n\nexport async function cancel (authClient: OktaAuth, options: CancelOptions) {\n  const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n  const flowSpec = getFlowSpecification(authClient, meta.flow);\n  return run(authClient, {\n    ...options,\n    ...flowSpec,\n    actions: ['cancel']\n  });\n}\n"],"file":"cancel.js"}
+{"version":3,"sources":["../../../lib/idx/cancel.ts"],"names":["cancel","authClient","options","meta","transactionManager","load","flowSpec","flow","actions"],"mappings":";;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,eAAeA,MAAf,CAAuBC,UAAvB,EAAsDC,OAAtD,EAA+E;AACpF,QAAMC,IAAI,GAAGF,UAAU,CAACG,kBAAX,CAA8BC,IAA9B,EAAb;AACA,QAAMC,QAAQ,GAAG,gCAAqBL,UAArB,EAAiCE,IAAI,CAACI,IAAtC,CAAjB;AACA,SAAO,cAAIN,UAAJ,EAAgB,EACrB,GAAGC,OADkB;AAErB,OAAGI,QAFkB;AAGrBE,IAAAA,OAAO,EAAE,CAAC,QAAD;AAHY,GAAhB,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthInterface, IdxOptions, IdxTransactionMeta } from '../types';\nimport { run } from './run';\nimport { getFlowSpecification } from './flow';\n\nexport type CancelOptions = IdxOptions;\n\nexport async function cancel (authClient: OktaAuthInterface, options?: CancelOptions) {\n  const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n  const flowSpec = getFlowSpecification(authClient, meta.flow);\n  return run(authClient, {\n    ...options,\n    ...flowSpec,\n    actions: ['cancel']\n  });\n}\n"],"file":"cancel.js"}

package/cjs/idx/emailVerify.js

@@ -0,0 +1,73 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
+exports.isEmailVerifyCallbackError = isEmailVerifyCallbackError;
+exports.isEmailVerifyCallback = isEmailVerifyCallback;
+exports.parseEmailVerifyCallback = parseEmailVerifyCallback;
+exports.handleEmailVerifyCallback = handleEmailVerifyCallback;
+exports.EmailVerifyCallbackError = void 0;
+
+var _CustomError = _interopRequireDefault(require("../errors/CustomError"));
+
+var _urlParams = require("../oidc/util/urlParams");
+
+/*!
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
+ *
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ * See the License for the specific language governing permissions and limitations under the License.
+ */
+class EmailVerifyCallbackError extends _CustomError.default {
+  constructor(state, otp) {
+    super(`Enter the OTP code in the originating client: ${otp}`);
+    this.name = 'EmailVerifyCallbackError';
+    this.state = state;
+    this.otp = otp;
+  }
+
+}
+
+exports.EmailVerifyCallbackError = EmailVerifyCallbackError;
+
+function isEmailVerifyCallbackError(error) {
+  return error.name === 'EmailVerifyCallbackError';
+} // Check if state && otp have been passed back in the url
+
+
+function isEmailVerifyCallback(urlPath) {
+  return /(otp=)/i.test(urlPath) && /(state=)/i.test(urlPath);
+} // Parse state and otp from a urlPath (should be either a search or fragment from the URL)
+
+
+function parseEmailVerifyCallback(urlPath) {
+  return (0, _urlParams.urlParamsToObject)(urlPath);
+}
+
+async function handleEmailVerifyCallback(authClient, search) {
+  if (isEmailVerifyCallback(search)) {
+    const {
+      state,
+      otp
+    } = parseEmailVerifyCallback(search);
+
+    if (authClient.idx.canProceed({
+      state
+    })) {
+      // same browser / device
+      return await authClient.idx.proceed({
+        state,
+        otp
+      });
+    } else {
+      // different browser or device
+      throw new EmailVerifyCallbackError(state, otp);
+    }
+  }
+}
+//# sourceMappingURL=emailVerify.js.map

package/cjs/idx/emailVerify.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../lib/idx/emailVerify.ts"],"names":["EmailVerifyCallbackError","CustomError","constructor","state","otp","name","isEmailVerifyCallbackError","error","isEmailVerifyCallback","urlPath","test","parseEmailVerifyCallback","handleEmailVerifyCallback","authClient","search","idx","canProceed","proceed"],"mappings":";;;;;;;;;;AAeA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYO,MAAMA,wBAAN,SAAuCC,oBAAvC,CAAmD;AAIxDC,EAAAA,WAAW,CAACC,KAAD,EAAgBC,GAAhB,EAA6B;AACtC,UAAO,iDAAgDA,GAAI,EAA3D;AACA,SAAKC,IAAL,GAAY,0BAAZ;AACA,SAAKF,KAAL,GAAaA,KAAb;AACA,SAAKC,GAAL,GAAWA,GAAX;AACD;;AATuD;;;;AAYnD,SAASE,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,SAAQA,KAAK,CAACF,IAAN,KAAe,0BAAvB;AACD,C,CAED;;;AACO,SAASG,qBAAT,CAAgCC,OAAhC,EAA0D;AAC/D,SAAO,UAAUC,IAAV,CAAeD,OAAf,KAA2B,YAAYC,IAAZ,CAAiBD,OAAjB,CAAlC;AACD,C,CAED;;;AACO,SAASE,wBAAT,CAAkCF,OAAlC,EAAgF;AACrF,SAAO,kCAAkBA,OAAlB,CAAP;AACD;;AAEM,eAAeG,yBAAf,CAAyCC,UAAzC,EAAwEC,MAAxE,EAAwF;AAC7F,MAAIN,qBAAqB,CAACM,MAAD,CAAzB,EAAmC;AACjC,UAAM;AAAEX,MAAAA,KAAF;AAASC,MAAAA;AAAT,QAAiBO,wBAAwB,CAACG,MAAD,CAA/C;;AACA,QAAID,UAAU,CAACE,GAAX,CAAeC,UAAf,CAA0B;AAAEb,MAAAA;AAAF,KAA1B,CAAJ,EAA0C;AACxC;AACA,aAAO,MAAMU,UAAU,CAACE,GAAX,CAAeE,OAAf,CAAuB;AAAEd,QAAAA,KAAF;AAASC,QAAAA;AAAT,OAAvB,CAAb;AACD,KAHD,MAGO;AACL;AACA,YAAM,IAAIJ,wBAAJ,CAA6BG,KAA7B,EAAoCC,GAApC,CAAN;AACD;AACF;AACF","sourcesContent":["\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthInterface } from '../types';\n\nimport CustomError from '../errors/CustomError';\nimport { urlParamsToObject  } from '../oidc/util/urlParams';\n\nexport interface EmailVerifyCallbackResponse {\n  state: string;\n  otp: string;\n}\n\nexport class EmailVerifyCallbackError extends CustomError {\n  state: string;\n  otp: string;\n\n  constructor(state: string, otp: string) {\n    super(`Enter the OTP code in the originating client: ${otp}`);\n    this.name = 'EmailVerifyCallbackError';\n    this.state = state;\n    this.otp = otp;\n  }\n}\n\nexport function isEmailVerifyCallbackError(error: Error) {\n  return (error.name === 'EmailVerifyCallbackError');\n}\n\n// Check if state && otp have been passed back in the url\nexport function isEmailVerifyCallback (urlPath: string): boolean {\n  return /(otp=)/i.test(urlPath) && /(state=)/i.test(urlPath);\n}\n\n// Parse state and otp from a urlPath (should be either a search or fragment from the URL)\nexport function parseEmailVerifyCallback(urlPath: string): EmailVerifyCallbackResponse {\n  return urlParamsToObject(urlPath) as EmailVerifyCallbackResponse;\n}\n\nexport async function handleEmailVerifyCallback(authClient: OktaAuthInterface, search: string) {\n  if (isEmailVerifyCallback(search)) {\n    const { state, otp } = parseEmailVerifyCallback(search);\n    if (authClient.idx.canProceed({ state })) {\n      // same browser / device\n      return await authClient.idx.proceed({ state, otp });\n    } else {\n      // different browser or device\n      throw new EmailVerifyCallbackError(state, otp);\n    }\n  }\n}\n"],"file":"emailVerify.js"}

package/cjs/idx/flow/AccountUnlockFlow.js

@@ -0,0 +1,30 @@
+"use strict";
+
+exports.AccountUnlockFlow = void 0;
+
+var _remediators = require("../remediators");
+
+/*!
+ * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
+ * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
+ *
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * 
+ * See the License for the specific language governing permissions and limitations under the License.
+ */
+const AccountUnlockFlow = {
+  'identify': _remediators.Identify,
+  // NOTE: unlock-account is purposely not included. Handled as action
+  // because it's a rememdiation which requires no input
+  // 'unlock-account': UnlockAccount,
+  'select-authenticator-unlock-account': _remediators.SelectAuthenticatorUnlockAccount,
+  'select-authenticator-authenticate': _remediators.SelectAuthenticatorAuthenticate,
+  'challenge-authenticator': _remediators.ChallengeAuthenticator,
+  'challenge-poll': _remediators.ChallengePoll,
+  'authenticator-verification-data': _remediators.AuthenticatorVerificationData
+};
+exports.AccountUnlockFlow = AccountUnlockFlow;
+//# sourceMappingURL=AccountUnlockFlow.js.map

package/cjs/idx/flow/AccountUnlockFlow.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../lib/idx/flow/AccountUnlockFlow.ts"],"names":["AccountUnlockFlow","Identify","SelectAuthenticatorUnlockAccount","SelectAuthenticatorAuthenticate","ChallengeAuthenticator","ChallengePoll","AuthenticatorVerificationData"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaO,MAAMA,iBAAkC,GAAG;AAChD,cAAYC,qBADoC;AAEhD;AACA;AACA;AACA,yCAAuCC,6CALS;AAMhD,uCAAqCC,4CANW;AAOhD,6BAA2BC,mCAPqB;AAQhD,oBAAkBC,0BAR8B;AAShD,qCAAmCC;AATa,CAA3C","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport {\n  Identify,\n  SelectAuthenticatorUnlockAccount,\n  SelectAuthenticatorAuthenticate,\n  ChallengeAuthenticator,\n  ChallengePoll,\n  AuthenticatorVerificationData\n} from '../remediators';\n\nexport const AccountUnlockFlow: RemediationFlow = {\n  'identify': Identify,\n  // NOTE: unlock-account is purposely not included. Handled as action\n  // because it's a rememdiation which requires no input\n  // 'unlock-account': UnlockAccount,\n  'select-authenticator-unlock-account': SelectAuthenticatorUnlockAccount,\n  'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n  'challenge-authenticator': ChallengeAuthenticator,\n  'challenge-poll': ChallengePoll,\n  'authenticator-verification-data': AuthenticatorVerificationData,\n};\n"],"file":"AccountUnlockFlow.js"}

package/cjs/idx/flow/AuthenticationFlow.js

@@ -26,7 +26,8 @@ const AuthenticationFlow = {
   'challenge-poll': _remediators.ChallengePoll,
   'reenroll-authenticator': _remediators.ReEnrollAuthenticator,
   'enroll-poll': _remediators.EnrollPoll,
-  'redirect-idp': _remediators.RedirectIdp
+  'redirect-idp': _remediators.RedirectIdp,
+  'skip': _remediators.Skip
 };
 exports.AuthenticationFlow = AuthenticationFlow;
 //# sourceMappingURL=AuthenticationFlow.js.map

package/cjs/idx/flow/AuthenticationFlow.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/flow/AuthenticationFlow.ts"],"names":["AuthenticationFlow","Identify","SelectAuthenticatorAuthenticate","SelectAuthenticatorEnroll","AuthenticatorEnrollmentData","AuthenticatorVerificationData","EnrollAuthenticator","ChallengeAuthenticator","ChallengePoll","ReEnrollAuthenticator","EnrollPoll","RedirectIdp"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAkBO,MAAMA,kBAAmC,GAAG;AACjD,cAAYC,qBADqC;AAEjD,uCAAqCC,4CAFY;AAGjD,iCAA+BC,sCAHkB;AAIjD,mCAAiCC,wCAJgB;AAKjD,qCAAmCC,0CALc;AAMjD,0BAAwBC,gCANyB;AAOjD,6BAA2BC,mCAPsB;AAQjD,oBAAkBC,0BAR+B;AASjD,4BAA0BC,kCATuB;AAUjD,iBAAeC,uBAVkC;AAWjD,kBAAgBC;AAXiC,CAA5C","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n  Identify,\n  SelectAuthenticatorAuthenticate,\n  ChallengeAuthenticator,\n  ReEnrollAuthenticator,\n  RedirectIdp,\n  AuthenticatorEnrollmentData,\n  SelectAuthenticatorEnroll,\n  EnrollAuthenticator,\n  AuthenticatorVerificationData,\n  EnrollPoll,\n  ChallengePoll\n} from '../remediators';\n\nexport const AuthenticationFlow: RemediationFlow = {\n  'identify': Identify,\n  'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n  'select-authenticator-enroll': SelectAuthenticatorEnroll,\n  'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n  'authenticator-verification-data': AuthenticatorVerificationData,\n  'enroll-authenticator': EnrollAuthenticator,\n  'challenge-authenticator': ChallengeAuthenticator,\n  'challenge-poll': ChallengePoll,\n  'reenroll-authenticator': ReEnrollAuthenticator,\n  'enroll-poll': EnrollPoll,\n  'redirect-idp': RedirectIdp\n};\n"],"file":"AuthenticationFlow.js"}
+{"version":3,"sources":["../../../../lib/idx/flow/AuthenticationFlow.ts"],"names":["AuthenticationFlow","Identify","SelectAuthenticatorAuthenticate","SelectAuthenticatorEnroll","AuthenticatorEnrollmentData","AuthenticatorVerificationData","EnrollAuthenticator","ChallengeAuthenticator","ChallengePoll","ReEnrollAuthenticator","EnrollPoll","RedirectIdp","Skip"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAkBO,MAAMA,kBAAmC,GAAG;AACjD,cAAYC,qBADqC;AAEjD,uCAAqCC,4CAFY;AAGjD,iCAA+BC,sCAHkB;AAIjD,mCAAiCC,wCAJgB;AAKjD,qCAAmCC,0CALc;AAMjD,0BAAwBC,gCANyB;AAOjD,6BAA2BC,mCAPsB;AAQjD,oBAAkBC,0BAR+B;AASjD,4BAA0BC,kCATuB;AAUjD,iBAAeC,uBAVkC;AAWjD,kBAAgBC,wBAXiC;AAYjD,UAAQC;AAZyC,CAA5C","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n  Identify,\n  SelectAuthenticatorAuthenticate,\n  ChallengeAuthenticator,\n  ReEnrollAuthenticator,\n  RedirectIdp,\n  AuthenticatorEnrollmentData,\n  SelectAuthenticatorEnroll,\n  EnrollAuthenticator,\n  AuthenticatorVerificationData,\n  EnrollPoll,\n  ChallengePoll, Skip\n} from '../remediators';\n\nexport const AuthenticationFlow: RemediationFlow = {\n  'identify': Identify,\n  'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n  'select-authenticator-enroll': SelectAuthenticatorEnroll,\n  'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n  'authenticator-verification-data': AuthenticatorVerificationData,\n  'enroll-authenticator': EnrollAuthenticator,\n  'challenge-authenticator': ChallengeAuthenticator,\n  'challenge-poll': ChallengePoll,\n  'reenroll-authenticator': ReEnrollAuthenticator,\n  'enroll-poll': EnrollPoll,\n  'redirect-idp': RedirectIdp,\n  'skip': Skip,\n};\n"],"file":"AuthenticationFlow.js"}

package/cjs/idx/flow/FlowSpecification.js

@@ -8,24 +8,43 @@ var _PasswordRecoveryFlow = require("./PasswordRecoveryFlow");
 
 var _RegistrationFlow = require("./RegistrationFlow");
 
-function getFlowSpecification(oktaAuth, flow = 'proceed') {
-  let remediators, actions;
+var _AccountUnlockFlow = require("./AccountUnlockFlow");
+
+// eslint-disable-next-line complexity
+function getFlowSpecification(oktaAuth, flow = 'default') {
+  let remediators,
+      actions,
+      withCredentials = true;
 
   switch (flow) {
     case 'register':
     case 'signup':
     case 'enrollProfile':
       remediators = _RegistrationFlow.RegistrationFlow;
+      withCredentials = false;
       break;
 
     case 'recoverPassword':
     case 'resetPassword':
       remediators = _PasswordRecoveryFlow.PasswordRecoveryFlow;
       actions = ['currentAuthenticator-recover', 'currentAuthenticatorEnrollment-recover'];
+      withCredentials = false;
+      break;
+
+    case 'unlockAccount':
+      remediators = _AccountUnlockFlow.AccountUnlockFlow;
+      withCredentials = false;
+      actions = ['unlock-account'];
+      break;
+
+    case 'authenticate':
+    case 'login':
+    case 'signin':
+      remediators = _AuthenticationFlow.AuthenticationFlow;
       break;
 
     default:
-      // authenticate
+      // default case has no flow monitor
       remediators = _AuthenticationFlow.AuthenticationFlow;
       break;
   }
@@ -33,7 +52,8 @@ function getFlowSpecification(oktaAuth, flow = 'proceed') {
   return {
     flow,
     remediators,
-    actions
+    actions,
+    withCredentials
   };
 }
 //# sourceMappingURL=FlowSpecification.js.map

package/cjs/idx/flow/FlowSpecification.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/flow/FlowSpecification.ts"],"names":["getFlowSpecification","oktaAuth","flow","remediators","actions","RegistrationFlow","PasswordRecoveryFlow","AuthenticationFlow"],"mappings":";;;;AACA;;AACA;;AACA;;AASO,SAASA,oBAAT,CAA8BC,QAA9B,EAAkDC,IAAoB,GAAG,SAAzE,EAAuG;AAC5G,MAAIC,WAAJ,EAAiBC,OAAjB;;AACA,UAAQF,IAAR;AACE,SAAK,UAAL;AACA,SAAK,QAAL;AACA,SAAK,eAAL;AACEC,MAAAA,WAAW,GAAGE,kCAAd;AACA;;AACF,SAAK,iBAAL;AACA,SAAK,eAAL;AACEF,MAAAA,WAAW,GAAGG,0CAAd;AACAF,MAAAA,OAAO,GAAG,CACR,8BADQ,EAER,wCAFQ,CAAV;AAIA;;AACF;AACE;AACAD,MAAAA,WAAW,GAAGI,sCAAd;AACA;AAjBJ;;AAmBA,SAAO;AAAEL,IAAAA,IAAF;AAAQC,IAAAA,WAAR;AAAqBC,IAAAA;AAArB,GAAP;AACD","sourcesContent":["import { OktaAuth, FlowIdentifier } from '../../types';\nimport { AuthenticationFlow } from './AuthenticationFlow';\nimport { PasswordRecoveryFlow } from './PasswordRecoveryFlow';\nimport { RegistrationFlow } from './RegistrationFlow';\nimport { RemediationFlow } from './RemediationFlow';\n\nexport interface FlowSpecification {\n  flow: FlowIdentifier;\n  remediators: RemediationFlow;\n  actions?: string[];\n}\n\nexport function getFlowSpecification(oktaAuth: OktaAuth, flow: FlowIdentifier = 'proceed'): FlowSpecification {\n  let remediators, actions;\n  switch (flow) {\n    case 'register':\n    case 'signup':\n    case 'enrollProfile':\n      remediators = RegistrationFlow;\n      break;\n    case 'recoverPassword':\n    case 'resetPassword':\n      remediators = PasswordRecoveryFlow;\n      actions = [\n        'currentAuthenticator-recover', \n        'currentAuthenticatorEnrollment-recover'\n      ];\n      break;\n    default:\n      // authenticate\n      remediators = AuthenticationFlow;\n      break;\n  }\n  return { flow, remediators, actions };\n}\n"],"file":"FlowSpecification.js"}
+{"version":3,"sources":["../../../../lib/idx/flow/FlowSpecification.ts"],"names":["getFlowSpecification","oktaAuth","flow","remediators","actions","withCredentials","RegistrationFlow","PasswordRecoveryFlow","AccountUnlockFlow","AuthenticationFlow"],"mappings":";;;;AACA;;AACA;;AACA;;AACA;;AAUA;AACO,SAASA,oBAAT,CAA8BC,QAA9B,EAA2DC,IAAoB,GAAG,SAAlF,EAAgH;AACrH,MAAIC,WAAJ;AAAA,MAAiBC,OAAjB;AAAA,MAA0BC,eAAe,GAAG,IAA5C;;AACA,UAAQH,IAAR;AACE,SAAK,UAAL;AACA,SAAK,QAAL;AACA,SAAK,eAAL;AACEC,MAAAA,WAAW,GAAGG,kCAAd;AACAD,MAAAA,eAAe,GAAG,KAAlB;AACA;;AACF,SAAK,iBAAL;AACA,SAAK,eAAL;AACEF,MAAAA,WAAW,GAAGI,0CAAd;AACAH,MAAAA,OAAO,GAAG,CACR,8BADQ,EAER,wCAFQ,CAAV;AAIAC,MAAAA,eAAe,GAAG,KAAlB;AACA;;AACF,SAAK,eAAL;AACEF,MAAAA,WAAW,GAAGK,oCAAd;AACAH,MAAAA,eAAe,GAAG,KAAlB;AACAD,MAAAA,OAAO,GAAG,CACR,gBADQ,CAAV;AAGA;;AACF,SAAK,cAAL;AACA,SAAK,OAAL;AACA,SAAK,QAAL;AACED,MAAAA,WAAW,GAAGM,sCAAd;AACA;;AACF;AACE;AACAN,MAAAA,WAAW,GAAGM,sCAAd;AACA;AA/BJ;;AAiCA,SAAO;AAAEP,IAAAA,IAAF;AAAQC,IAAAA,WAAR;AAAqBC,IAAAA,OAArB;AAA8BC,IAAAA;AAA9B,GAAP;AACD","sourcesContent":["import { OktaAuthInterface, FlowIdentifier } from '../../types';\nimport { AuthenticationFlow } from './AuthenticationFlow';\nimport { PasswordRecoveryFlow } from './PasswordRecoveryFlow';\nimport { RegistrationFlow } from './RegistrationFlow';\nimport { AccountUnlockFlow } from './AccountUnlockFlow';\nimport { RemediationFlow } from './RemediationFlow';\n\nexport interface FlowSpecification {\n  flow: FlowIdentifier;\n  remediators: RemediationFlow;\n  actions?: string[];\n  withCredentials?: boolean;\n}\n\n// eslint-disable-next-line complexity\nexport function getFlowSpecification(oktaAuth: OktaAuthInterface, flow: FlowIdentifier = 'default'): FlowSpecification {\n  let remediators, actions, withCredentials = true;\n  switch (flow) {\n    case 'register':\n    case 'signup':\n    case 'enrollProfile':\n      remediators = RegistrationFlow;\n      withCredentials = false;\n      break;\n    case 'recoverPassword':\n    case 'resetPassword':\n      remediators = PasswordRecoveryFlow;\n      actions = [\n        'currentAuthenticator-recover', \n        'currentAuthenticatorEnrollment-recover'\n      ];\n      withCredentials = false;\n      break;\n    case 'unlockAccount':\n      remediators = AccountUnlockFlow;\n      withCredentials = false;\n      actions = [\n        'unlock-account'\n      ];\n      break;\n    case 'authenticate':\n    case 'login':\n    case 'signin':\n      remediators = AuthenticationFlow;\n      break;\n    default:\n      // default case has no flow monitor\n      remediators = AuthenticationFlow;\n      break;\n  }\n  return { flow, remediators, actions, withCredentials };\n}\n"],"file":"FlowSpecification.js"}

package/cjs/idx/flow/PasswordRecoveryFlow.js

@@ -19,10 +19,13 @@ const PasswordRecoveryFlow = {
   'identify': _remediators.Identify,
   'identify-recovery': _remediators.Identify,
   'select-authenticator-authenticate': _remediators.SelectAuthenticatorAuthenticate,
+  'select-authenticator-enroll': _remediators.SelectAuthenticatorEnroll,
   'challenge-authenticator': _remediators.ChallengeAuthenticator,
   'authenticator-verification-data': _remediators.AuthenticatorVerificationData,
+  'authenticator-enrollment-data': _remediators.AuthenticatorEnrollmentData,
   'reset-authenticator': _remediators.ResetAuthenticator,
-  'reenroll-authenticator': _remediators.ReEnrollAuthenticator
+  'reenroll-authenticator': _remediators.ReEnrollAuthenticator,
+  'enroll-poll': _remediators.EnrollPoll
 };
 exports.PasswordRecoveryFlow = PasswordRecoveryFlow;
 //# sourceMappingURL=PasswordRecoveryFlow.js.map

package/cjs/idx/flow/PasswordRecoveryFlow.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/flow/PasswordRecoveryFlow.ts"],"names":["PasswordRecoveryFlow","Identify","SelectAuthenticatorAuthenticate","ChallengeAuthenticator","AuthenticatorVerificationData","ResetAuthenticator","ReEnrollAuthenticator"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaO,MAAMA,oBAAqC,GAAG;AACnD,cAAYC,qBADuC;AAEnD,uBAAqBA,qBAF8B;AAGnD,uCAAqCC,4CAHc;AAInD,6BAA2BC,mCAJwB;AAKnD,qCAAmCC,0CALgB;AAMnD,yBAAuBC,+BAN4B;AAOnD,4BAA0BC;AAPyB,CAA9C","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport {\n  Identify,\n  SelectAuthenticatorAuthenticate,\n  ChallengeAuthenticator,\n  AuthenticatorVerificationData,\n  ResetAuthenticator,\n  ReEnrollAuthenticator,\n} from '../remediators';\n\nexport const PasswordRecoveryFlow: RemediationFlow = {\n  'identify': Identify,\n  'identify-recovery': Identify,\n  'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n  'challenge-authenticator': ChallengeAuthenticator,\n  'authenticator-verification-data': AuthenticatorVerificationData,\n  'reset-authenticator': ResetAuthenticator,\n  'reenroll-authenticator': ReEnrollAuthenticator,\n};\n"],"file":"PasswordRecoveryFlow.js"}
+{"version":3,"sources":["../../../../lib/idx/flow/PasswordRecoveryFlow.ts"],"names":["PasswordRecoveryFlow","Identify","SelectAuthenticatorAuthenticate","SelectAuthenticatorEnroll","ChallengeAuthenticator","AuthenticatorVerificationData","AuthenticatorEnrollmentData","ResetAuthenticator","ReEnrollAuthenticator","EnrollPoll"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAgBO,MAAMA,oBAAqC,GAAG;AACnD,cAAYC,qBADuC;AAEnD,uBAAqBA,qBAF8B;AAGnD,uCAAqCC,4CAHc;AAInD,iCAA+BC,sCAJoB;AAKnD,6BAA2BC,mCALwB;AAMnD,qCAAmCC,0CANgB;AAOnD,mCAAiCC,wCAPkB;AAQnD,yBAAuBC,+BAR4B;AASnD,4BAA0BC,kCATyB;AAUnD,iBAAeC;AAVoC,CAA9C","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport {\n  Identify,\n  SelectAuthenticatorAuthenticate,\n  ChallengeAuthenticator,\n  AuthenticatorVerificationData,\n  ResetAuthenticator,\n  ReEnrollAuthenticator,\n  SelectAuthenticatorEnroll,\n  AuthenticatorEnrollmentData,\n  EnrollPoll\n} from '../remediators';\n\nexport const PasswordRecoveryFlow: RemediationFlow = {\n  'identify': Identify,\n  'identify-recovery': Identify,\n  'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n  'select-authenticator-enroll': SelectAuthenticatorEnroll,\n  'challenge-authenticator': ChallengeAuthenticator,\n  'authenticator-verification-data': AuthenticatorVerificationData,\n  'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n  'reset-authenticator': ResetAuthenticator,\n  'reenroll-authenticator': ReEnrollAuthenticator,\n  'enroll-poll': EnrollPoll,\n};\n"],"file":"PasswordRecoveryFlow.js"}

package/cjs/idx/flow/RegistrationFlow.js

@@ -21,6 +21,8 @@ const RegistrationFlow = {
   'authenticator-enrollment-data': _remediators.AuthenticatorEnrollmentData,
   'select-authenticator-enroll': _remediators.SelectAuthenticatorEnroll,
   'enroll-poll': _remediators.EnrollPoll,
+  'select-enrollment-channel': _remediators.SelectEnrollmentChannel,
+  'enrollment-channel-data': _remediators.EnrollmentChannelData,
   'enroll-authenticator': _remediators.EnrollAuthenticator,
   'skip': _remediators.Skip
 };

package/cjs/idx/flow/RegistrationFlow.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/flow/RegistrationFlow.ts"],"names":["RegistrationFlow","SelectEnrollProfile","EnrollProfile","AuthenticatorEnrollmentData","SelectAuthenticatorEnroll","EnrollPoll","EnrollAuthenticator","Skip"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAcO,MAAMA,gBAAiC,GAAG;AAC/C,2BAAyBC,gCADsB;AAE/C,oBAAkBC,0BAF6B;AAG/C,mCAAiCC,wCAHc;AAI/C,iCAA+BC,sCAJgB;AAK/C,iBAAeC,uBALgC;AAM/C,0BAAwBC,gCANuB;AAO/C,UAAQC;AAPuC,CAA1C","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n  SelectEnrollProfile,\n  EnrollPoll,\n  EnrollProfile,\n  SelectAuthenticatorEnroll,\n  EnrollAuthenticator,\n  AuthenticatorEnrollmentData,\n  Skip,\n} from '../remediators';\n\nexport const RegistrationFlow: RemediationFlow = {\n  'select-enroll-profile': SelectEnrollProfile,\n  'enroll-profile': EnrollProfile,\n  'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n  'select-authenticator-enroll': SelectAuthenticatorEnroll,\n  'enroll-poll': EnrollPoll,\n  'enroll-authenticator': EnrollAuthenticator,\n  'skip': Skip,\n};\n"],"file":"RegistrationFlow.js"}
+{"version":3,"sources":["../../../../lib/idx/flow/RegistrationFlow.ts"],"names":["RegistrationFlow","SelectEnrollProfile","EnrollProfile","AuthenticatorEnrollmentData","SelectAuthenticatorEnroll","EnrollPoll","SelectEnrollmentChannel","EnrollmentChannelData","EnrollAuthenticator","Skip"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAgBO,MAAMA,gBAAiC,GAAG;AAC/C,2BAAyBC,gCADsB;AAE/C,oBAAkBC,0BAF6B;AAG/C,mCAAiCC,wCAHc;AAI/C,iCAA+BC,sCAJgB;AAK/C,iBAAeC,uBALgC;AAM/C,+BAA6BC,oCANkB;AAO/C,6BAA2BC,kCAPoB;AAQ/C,0BAAwBC,gCARuB;AAS/C,UAAQC;AATuC,CAA1C","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n  SelectEnrollProfile,\n  EnrollPoll,\n  SelectEnrollmentChannel,\n  EnrollmentChannelData,\n  EnrollProfile,\n  SelectAuthenticatorEnroll,\n  EnrollAuthenticator,\n  AuthenticatorEnrollmentData,\n  Skip,\n} from '../remediators';\n\nexport const RegistrationFlow: RemediationFlow = {\n  'select-enroll-profile': SelectEnrollProfile,\n  'enroll-profile': EnrollProfile,\n  'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n  'select-authenticator-enroll': SelectAuthenticatorEnroll,\n  'enroll-poll': EnrollPoll,\n  'select-enrollment-channel': SelectEnrollmentChannel,\n  'enrollment-channel-data': EnrollmentChannelData,\n  'enroll-authenticator': EnrollAuthenticator,\n  'skip': Skip,\n};\n"],"file":"RegistrationFlow.js"}

package/cjs/idx/flow/index.js

@@ -1,8 +1,10 @@
 "use strict";
 
+var _Object$keys = require("@babel/runtime-corejs3/core-js-stable/object/keys");
+
 var _AuthenticationFlow = require("./AuthenticationFlow");
 
-Object.keys(_AuthenticationFlow).forEach(function (key) {
+_Object$keys(_AuthenticationFlow).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _AuthenticationFlow[key]) return;
   Object.defineProperty(exports, key, {
@@ -15,7 +17,7 @@ Object.keys(_AuthenticationFlow).forEach(function (key) {
 
 var _FlowSpecification = require("./FlowSpecification");
 
-Object.keys(_FlowSpecification).forEach(function (key) {
+_Object$keys(_FlowSpecification).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _FlowSpecification[key]) return;
   Object.defineProperty(exports, key, {
@@ -28,7 +30,7 @@ Object.keys(_FlowSpecification).forEach(function (key) {
 
 var _PasswordRecoveryFlow = require("./PasswordRecoveryFlow");
 
-Object.keys(_PasswordRecoveryFlow).forEach(function (key) {
+_Object$keys(_PasswordRecoveryFlow).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _PasswordRecoveryFlow[key]) return;
   Object.defineProperty(exports, key, {
@@ -41,7 +43,7 @@ Object.keys(_PasswordRecoveryFlow).forEach(function (key) {
 
 var _RegistrationFlow = require("./RegistrationFlow");
 
-Object.keys(_RegistrationFlow).forEach(function (key) {
+_Object$keys(_RegistrationFlow).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _RegistrationFlow[key]) return;
   Object.defineProperty(exports, key, {
@@ -52,9 +54,22 @@ Object.keys(_RegistrationFlow).forEach(function (key) {
   });
 });
 
+var _AccountUnlockFlow = require("./AccountUnlockFlow");
+
+_Object$keys(_AccountUnlockFlow).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (key in exports && exports[key] === _AccountUnlockFlow[key]) return;
+  Object.defineProperty(exports, key, {
+    enumerable: true,
+    get: function () {
+      return _AccountUnlockFlow[key];
+    }
+  });
+});
+
 var _RemediationFlow = require("./RemediationFlow");
 
-Object.keys(_RemediationFlow).forEach(function (key) {
+_Object$keys(_RemediationFlow).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (key in exports && exports[key] === _RemediationFlow[key]) return;
   Object.defineProperty(exports, key, {

package/cjs/idx/flow/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/flow/index.ts"],"names":[],"mappings":";;AAYA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport * from './AuthenticationFlow';\nexport * from './FlowSpecification';\nexport * from './PasswordRecoveryFlow';\nexport * from './RegistrationFlow';\nexport * from './RemediationFlow';\n"],"file":"index.js"}
+{"version":3,"sources":["../../../../lib/idx/flow/index.ts"],"names":[],"mappings":";;;;AAYA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport * from './AuthenticationFlow';\nexport * from './FlowSpecification';\nexport * from './PasswordRecoveryFlow';\nexport * from './RegistrationFlow';\nexport * from './AccountUnlockFlow';\nexport * from './RemediationFlow';\n"],"file":"index.js"}

package/cjs/idx/handleInteractionCodeRedirect.js

@@ -1,7 +1,11 @@
 "use strict";
 
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
 exports.handleInteractionCodeRedirect = handleInteractionCodeRedirect;
 
+var _url = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/url"));
+
 var _errors = require("../errors");
 
 /*!
@@ -30,13 +34,14 @@ async function handleInteractionCodeRedirect(authClient, url) {
     searchParams // URL API has been added to the polyfill
     // eslint-disable-next-line compat/compat
 
-  } = new URL(url);
+  } = new _url.default(url);
   const state = searchParams.get('state');
   const interactionCode = searchParams.get('interaction_code'); // Error handling
 
   const error = searchParams.get('error');
 
   if (error) {
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
     throw new _errors.OAuthError(error, searchParams.get('error_description'));
   }
 

package/cjs/idx/handleInteractionCodeRedirect.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/handleInteractionCodeRedirect.ts"],"names":["handleInteractionCodeRedirect","authClient","url","meta","transactionManager","load","AuthSdkError","codeVerifier","state","savedState","searchParams","URL","get","interactionCode","error","OAuthError","tokens","token","exchangeCodeForTokens","tokenManager","setTokens"],"mappings":";;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,6BAAf,CACLC,UADK,EAELC,GAFK,EAGU;AACf,QAAMC,IAAI,GAAGF,UAAU,CAACG,kBAAX,CAA8BC,IAA9B,EAAb;;AACA,MAAI,CAACF,IAAL,EAAW;AACT,UAAM,IAAIG,oBAAJ,CAAiB,0CAAjB,CAAN;AACD;;AAED,QAAM;AACJC,IAAAA,YADI;AAEJC,IAAAA,KAAK,EAAEC;AAFH,MAGFN,IAHJ;AAIA,QAAM;AACJO,IAAAA,YADI,CAEN;AACA;;AAHM,MAIF,IAAIC,GAAJ,CAAQT,GAAR,CAJJ;AAKA,QAAMM,KAAK,GAAGE,YAAY,CAACE,GAAb,CAAiB,OAAjB,CAAd;AACA,QAAMC,eAAe,GAAGH,YAAY,CAACE,GAAb,CAAiB,kBAAjB,CAAxB,CAhBe,CAkBf;;AACA,QAAME,KAAK,GAAGJ,YAAY,CAACE,GAAb,CAAiB,OAAjB,CAAd;;AACA,MAAIE,KAAJ,EAAW;AACT,UAAM,IAAIC,kBAAJ,CAAeD,KAAf,EAAsBJ,YAAY,CAACE,GAAb,CAAiB,mBAAjB,CAAtB,CAAN;AACD;;AACD,MAAIJ,KAAK,KAAKC,UAAd,EAA0B;AACxB,UAAM,IAAIH,oBAAJ,CAAiB,6DAAjB,CAAN;AACD;;AACD,MAAI,CAACO,eAAL,EAAsB;AACpB,UAAM,IAAIP,oBAAJ,CAAiB,+CAAjB,CAAN;AACD,GA5Bc,CA8Bf;;;AACA,QAAM;AAAEU,IAAAA;AAAF,MAAa,MAAMf,UAAU,CAACgB,KAAX,CAAiBC,qBAAjB,CAAuC;AAAEL,IAAAA,eAAF;AAAmBN,IAAAA;AAAnB,GAAvC,CAAzB;AACAN,EAAAA,UAAU,CAACkB,YAAX,CAAwBC,SAAxB,CAAkCJ,MAAlC;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { OktaAuth } from '..';\nimport {IdxTransactionMeta} from '../types';\n\nexport async function handleInteractionCodeRedirect(\n  authClient: OktaAuth, \n  url: string\n): Promise<void> {\n  const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n  if (!meta) {\n    throw new AuthSdkError('No transaction data was found in storage');\n  }\n\n  const { \n    codeVerifier,\n    state: savedState \n  } = meta;\n  const { \n    searchParams\n  // URL API has been added to the polyfill\n  // eslint-disable-next-line compat/compat\n  } = new URL(url); \n  const state = searchParams.get('state');\n  const interactionCode = searchParams.get('interaction_code');\n\n  // Error handling\n  const error = searchParams.get('error');\n  if (error) {\n    throw new OAuthError(error, searchParams.get('error_description'));\n  }\n  if (state !== savedState) {\n    throw new AuthSdkError('State in redirect uri does not match with transaction state');\n  }\n  if (!interactionCode) {\n    throw new AuthSdkError('Unable to parse interaction_code from the url');\n  }\n  \n  // Save tokens to storage\n  const { tokens } = await authClient.token.exchangeCodeForTokens({ interactionCode, codeVerifier });\n  authClient.tokenManager.setTokens(tokens);\n}"],"file":"handleInteractionCodeRedirect.js"}
+{"version":3,"sources":["../../../lib/idx/handleInteractionCodeRedirect.ts"],"names":["handleInteractionCodeRedirect","authClient","url","meta","transactionManager","load","AuthSdkError","codeVerifier","state","savedState","searchParams","get","interactionCode","error","OAuthError","tokens","token","exchangeCodeForTokens","tokenManager","setTokens"],"mappings":";;;;;;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,6BAAf,CACLC,UADK,EAELC,GAFK,EAGU;AACf,QAAMC,IAAI,GAAGF,UAAU,CAACG,kBAAX,CAA8BC,IAA9B,EAAb;;AACA,MAAI,CAACF,IAAL,EAAW;AACT,UAAM,IAAIG,oBAAJ,CAAiB,0CAAjB,CAAN;AACD;;AAED,QAAM;AACJC,IAAAA,YADI;AAEJC,IAAAA,KAAK,EAAEC;AAFH,MAGFN,IAHJ;AAIA,QAAM;AACJO,IAAAA,YADI,CAEN;AACA;;AAHM,MAIF,iBAAQR,GAAR,CAJJ;AAKA,QAAMM,KAAK,GAAGE,YAAY,CAACC,GAAb,CAAiB,OAAjB,CAAd;AACA,QAAMC,eAAe,GAAGF,YAAY,CAACC,GAAb,CAAiB,kBAAjB,CAAxB,CAhBe,CAkBf;;AACA,QAAME,KAAK,GAAGH,YAAY,CAACC,GAAb,CAAiB,OAAjB,CAAd;;AACA,MAAIE,KAAJ,EAAW;AACT;AACA,UAAM,IAAIC,kBAAJ,CAAeD,KAAf,EAAsBH,YAAY,CAACC,GAAb,CAAiB,mBAAjB,CAAtB,CAAN;AACD;;AACD,MAAIH,KAAK,KAAKC,UAAd,EAA0B;AACxB,UAAM,IAAIH,oBAAJ,CAAiB,6DAAjB,CAAN;AACD;;AACD,MAAI,CAACM,eAAL,EAAsB;AACpB,UAAM,IAAIN,oBAAJ,CAAiB,+CAAjB,CAAN;AACD,GA7Bc,CA+Bf;;;AACA,QAAM;AAAES,IAAAA;AAAF,MAAa,MAAMd,UAAU,CAACe,KAAX,CAAiBC,qBAAjB,CAAuC;AAAEL,IAAAA,eAAF;AAAmBL,IAAAA;AAAnB,GAAvC,CAAzB;AACAN,EAAAA,UAAU,CAACiB,YAAX,CAAwBC,SAAxB,CAAkCJ,MAAlC;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { OktaAuth } from '..';\nimport {IdxTransactionMeta} from '../types';\n\nexport async function handleInteractionCodeRedirect(\n  authClient: OktaAuth, \n  url: string\n): Promise<void> {\n  const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n  if (!meta) {\n    throw new AuthSdkError('No transaction data was found in storage');\n  }\n\n  const { \n    codeVerifier,\n    state: savedState \n  } = meta;\n  const { \n    searchParams\n  // URL API has been added to the polyfill\n  // eslint-disable-next-line compat/compat\n  } = new URL(url); \n  const state = searchParams.get('state');\n  const interactionCode = searchParams.get('interaction_code');\n\n  // Error handling\n  const error = searchParams.get('error');\n  if (error) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    throw new OAuthError(error, searchParams.get('error_description')!);\n  }\n  if (state !== savedState) {\n    throw new AuthSdkError('State in redirect uri does not match with transaction state');\n  }\n  if (!interactionCode) {\n    throw new AuthSdkError('Unable to parse interaction_code from the url');\n  }\n  \n  // Save tokens to storage\n  const { tokens } = await authClient.token.exchangeCodeForTokens({ interactionCode, codeVerifier });\n  authClient.tokenManager.setTokens(tokens);\n}"],"file":"handleInteractionCodeRedirect.js"}

package/cjs/idx/headers.js

@@ -1,11 +1,16 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
 exports.setGlobalRequestInterceptor = setGlobalRequestInterceptor;
+exports.clearGlobalRequestInterceptor = clearGlobalRequestInterceptor;
 exports.createGlobalRequestInterceptor = createGlobalRequestInterceptor;
 
-var _oktaIdxJs = _interopRequireDefault(require("@okta/okta-idx-js"));
+var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
+
+var _keys = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/keys"));
+
+var _idxJs = _interopRequireDefault(require("./idx-js"));
 
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
@@ -24,7 +29,11 @@ var _oktaIdxJs = _interopRequireDefault(require("@okta/okta-idx-js"));
 // This means that multiple instances of OktaAuth will see the same header modifications
 // TODO: use AuthJS http agent for IDX API requests. OKTA-417473
 function setGlobalRequestInterceptor(fn) {
-  _oktaIdxJs.default.client.interceptors.request.use(fn);
+  _idxJs.default.client.interceptors.request.use(fn);
+}
+
+function clearGlobalRequestInterceptor() {
+  _idxJs.default.client.interceptors.request.clear();
 } // A factory which returns a function that can be passed to `setGlobalRequestInterceptor`
 
 
@@ -33,9 +42,16 @@ function createGlobalRequestInterceptor(sdk) {
     // Set user-agent and any other custom headers set in the options
     var oktaUserAgentHeader = sdk._oktaUserAgent.getHttpHeader();
 
-    const headers = Object.assign({ ...oktaUserAgentHeader
+    const headers = (0, _assign.default)({ ...oktaUserAgentHeader
     }, sdk.options.headers);
-    Object.keys(headers).forEach(name => {
+    (0, _keys.default)(headers).forEach(name => {
+      // X-Device-Token may only be specified if the /interact request includes a `client_secret`
+      // which indicates a trusted client which is allowed to present this information on behalf of the end user. 
+      // https://oktainc.atlassian.net/browse/OKTA-441021
+      if (!sdk.options.clientSecret && name === 'X-Device-Token') {
+        return;
+      }
+
       requestConfig.headers[name] = headers[name];
     });
   };