npm - @okta/okta-auth-js - Versions diffs - 5.11.0 → 6.0.0 - Mend

@okta/okta-auth-js 5.11.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

package/CHANGELOG.md +32 -0
package/README.md +5 -2
package/cjs/AuthStateManager.js +2 -1
package/cjs/AuthStateManager.js.map +1 -1
package/cjs/OktaAuth.js +75 -71
package/cjs/OktaAuth.js.map +1 -1
package/cjs/OktaUserAgent.js +2 -2
package/cjs/OktaUserAgent.js.map +1 -1
package/cjs/PromiseQueue.js +6 -1
package/cjs/PromiseQueue.js.map +1 -1
package/cjs/StorageManager.js +3 -1
package/cjs/StorageManager.js.map +1 -1
package/cjs/TokenManager.js +9 -3
package/cjs/TokenManager.js.map +1 -1
package/cjs/TransactionManager.js +17 -4
package/cjs/TransactionManager.js.map +1 -1
package/cjs/browser/browserStorage.js +7 -5
package/cjs/browser/browserStorage.js.map +1 -1
package/cjs/browser/fingerprint.js +3 -1
package/cjs/browser/fingerprint.js.map +1 -1
package/cjs/builderUtil.js +3 -17
package/cjs/builderUtil.js.map +1 -1
package/cjs/crypto/oidcHash.js.map +1 -1
package/cjs/features.js +9 -3
package/cjs/features.js.map +1 -1
package/cjs/fetch/fetchRequest.js +2 -1
package/cjs/fetch/fetchRequest.js.map +1 -1
package/cjs/http/request.js +2 -0
package/cjs/http/request.js.map +1 -1
package/cjs/idx/authenticate.js +8 -5
package/cjs/idx/authenticate.js.map +1 -1
package/cjs/idx/authenticator/SecurityQuestionVerification.js +1 -0
package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +2 -2
package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
package/cjs/idx/authenticator/getAuthenticator.js +5 -6
package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
package/cjs/idx/cancel.js.map +1 -1
package/cjs/idx/emailVerify.js +73 -0
package/cjs/idx/emailVerify.js.map +1 -0
package/cjs/idx/flow/FlowSpecification.js +16 -4
package/cjs/idx/flow/FlowSpecification.js.map +1 -1
package/cjs/idx/flow/RegistrationFlow.js +2 -0
package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
package/cjs/idx/handleInteractionCodeRedirect.js +1 -0
package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
package/cjs/idx/index.js +13 -0
package/cjs/idx/index.js.map +1 -1
package/cjs/idx/interact.js +46 -34
package/cjs/idx/interact.js.map +1 -1
package/cjs/idx/introspect.js +12 -14
package/cjs/idx/introspect.js.map +1 -1
package/cjs/idx/proceed.js +4 -7
package/cjs/idx/proceed.js.map +1 -1
package/cjs/idx/recoverPassword.js +1 -1
package/cjs/idx/recoverPassword.js.map +1 -1
package/cjs/idx/register.js +6 -15
package/cjs/idx/register.js.map +1 -1
package/cjs/idx/remediate.js +21 -5
package/cjs/idx/remediate.js.map +1 -1
package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +2 -0
package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
package/cjs/idx/remediators/AuthenticatorVerificationData.js +5 -3
package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
package/cjs/idx/remediators/Base/AuthenticatorData.js +5 -3
package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
package/cjs/idx/remediators/Base/Remediator.js +2 -0
package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
package/cjs/idx/remediators/Base/SelectAuthenticator.js +4 -3
package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
package/cjs/idx/remediators/EnrollPoll.js +2 -3
package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
package/cjs/idx/remediators/EnrollProfile.js +4 -1
package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
package/cjs/idx/remediators/EnrollmentChannelData.js +80 -0
package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -0
package/cjs/idx/remediators/Identify.js.map +1 -1
package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -0
package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +2 -2
package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
package/cjs/idx/remediators/SelectEnrollmentChannel.js +74 -0
package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -0
package/cjs/idx/remediators/Skip.js.map +1 -1
package/cjs/idx/remediators/index.js +26 -0
package/cjs/idx/remediators/index.js.map +1 -1
package/cjs/idx/remediators/util.js +7 -2
package/cjs/idx/remediators/util.js.map +1 -1
package/cjs/idx/run.js +111 -45
package/cjs/idx/run.js.map +1 -1
package/cjs/idx/startTransaction.js +4 -2
package/cjs/idx/startTransaction.js.map +1 -1
package/cjs/idx/transactionMeta.js +82 -69
package/cjs/idx/transactionMeta.js.map +1 -1
package/cjs/idx/types/idx-js.js.map +1 -1
package/cjs/idx/types/index.js +19 -3
package/cjs/idx/types/index.js.map +1 -1
package/cjs/index.js +14 -0
package/cjs/index.js.map +1 -1
package/cjs/oidc/endpoints/authorize.js +2 -0
package/cjs/oidc/endpoints/authorize.js.map +1 -1
package/cjs/oidc/endpoints/token.js +1 -0
package/cjs/oidc/endpoints/token.js.map +1 -1
package/cjs/oidc/exchangeCodeForTokens.js +3 -3
package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
package/cjs/oidc/getToken.js +3 -1
package/cjs/oidc/getToken.js.map +1 -1
package/cjs/oidc/getWithRedirect.js +10 -37
package/cjs/oidc/getWithRedirect.js.map +1 -1
package/cjs/oidc/handleOAuthResponse.js +80 -86
package/cjs/oidc/handleOAuthResponse.js.map +1 -1
package/cjs/oidc/parseFromUrl.js.map +1 -1
package/cjs/oidc/renewToken.js.map +1 -1
package/cjs/oidc/renewTokens.js +1 -1
package/cjs/oidc/renewTokens.js.map +1 -1
package/cjs/oidc/revokeToken.js +28 -29
package/cjs/oidc/revokeToken.js.map +1 -1
package/cjs/oidc/util/index.js +14 -0
package/cjs/oidc/util/index.js.map +1 -1
package/cjs/oidc/util/loginRedirect.js +6 -1
package/cjs/oidc/util/loginRedirect.js.map +1 -1
package/cjs/oidc/util/oauth.js.map +1 -1
package/cjs/oidc/util/oauthMeta.js +36 -0
package/cjs/oidc/util/oauthMeta.js.map +1 -0
package/cjs/oidc/util/pkce.js.map +1 -1
package/cjs/oidc/util/prepareTokenParams.js +57 -36
package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
package/cjs/oidc/util/validateClaims.js +2 -0
package/cjs/oidc/util/validateClaims.js.map +1 -1
package/cjs/oidc/verifyToken.js +2 -1
package/cjs/oidc/verifyToken.js.map +1 -1
package/cjs/options.js +6 -2
package/cjs/options.js.map +1 -1
package/cjs/server/serverStorage.js +1 -1
package/cjs/server/serverStorage.js.map +1 -1
package/cjs/services/TokenService.js +3 -0
package/cjs/services/TokenService.js.map +1 -1
package/cjs/tx/AuthTransaction.js +3 -0
package/cjs/tx/AuthTransaction.js.map +1 -1
package/cjs/tx/TransactionState.js +0 -17
package/cjs/tx/TransactionState.js.map +1 -1
package/cjs/tx/api.js +3 -2
package/cjs/tx/api.js.map +1 -1
package/cjs/types/Transaction.js.map +1 -1
package/cjs/util/index.js +0 -13
package/cjs/util/index.js.map +1 -1
package/cjs/util/url.js.map +1 -1
package/dist/okta-auth-js.min.js +1 -1
package/dist/okta-auth-js.min.js.map +1 -1
package/dist/okta-auth-js.umd.js +1 -1
package/dist/okta-auth-js.umd.js.map +1 -1
package/esm/index.js +1334 -758
package/esm/index.js.map +1 -1
package/lib/AuthStateManager.d.ts +1 -2
package/lib/OktaAuth.d.ts +4 -10
package/lib/StorageManager.d.ts +1 -1
package/lib/TokenManager.d.ts +2 -2
package/lib/TransactionManager.d.ts +3 -2
package/lib/browser/fingerprint.d.ts +1 -1
package/lib/builderUtil.d.ts +1 -2
package/lib/crypto/browser.d.ts +1 -1
package/lib/features.d.ts +1 -1
package/lib/idx/authenticate.d.ts +1 -1
package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +1 -1
package/lib/idx/cancel.d.ts +1 -1
package/lib/{util → idx}/emailVerify.d.ts +10 -1
package/lib/idx/flow/FlowSpecification.d.ts +1 -0
package/lib/idx/index.d.ts +1 -0
package/lib/idx/interact.d.ts +4 -11
package/lib/idx/introspect.d.ts +3 -2
package/lib/idx/proceed.d.ts +4 -2
package/lib/idx/recoverPassword.d.ts +1 -1
package/lib/idx/remediate.d.ts +10 -4
package/lib/idx/remediators/AuthenticatorEnrollmentData.d.ts +3 -3
package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +3 -3
package/lib/idx/remediators/Base/AuthenticatorData.d.ts +7 -7
package/lib/idx/remediators/Base/Remediator.d.ts +1 -1
package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +7 -7
package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +2 -1
package/lib/idx/remediators/EnrollProfile.d.ts +1 -1
package/lib/idx/remediators/EnrollmentChannelData.d.ts +53 -0
package/lib/idx/remediators/Identify.d.ts +2 -2
package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -2
package/lib/idx/remediators/RedirectIdp.d.ts +3 -3
package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +39 -0
package/lib/idx/remediators/index.d.ts +2 -0
package/lib/idx/remediators/util.d.ts +2 -2
package/lib/idx/run.d.ts +3 -1
package/lib/idx/startTransaction.d.ts +3 -2
package/lib/idx/transactionMeta.d.ts +6 -27
package/lib/idx/types/idx-js.d.ts +8 -1
package/lib/idx/types/index.d.ts +17 -6
package/lib/index.d.ts +1 -0
package/lib/oidc/exchangeCodeForTokens.d.ts +12 -0
package/lib/oidc/getWithRedirect.d.ts +1 -1
package/lib/oidc/handleOAuthResponse.d.ts +1 -1
package/lib/oidc/parseFromUrl.d.ts +1 -1
package/lib/oidc/renewToken.d.ts +1 -1
package/lib/oidc/renewTokens.d.ts +1 -1
package/lib/oidc/util/browser.d.ts +1 -1
package/lib/oidc/util/errors.d.ts +1 -1
package/lib/oidc/util/index.d.ts +1 -0
package/lib/oidc/util/oauth.d.ts +1 -8
package/lib/oidc/util/oauthMeta.d.ts +2 -0
package/lib/oidc/util/prepareTokenParams.d.ts +3 -0
package/lib/server/serverStorage.d.ts +1 -1
package/lib/services/TokenService.d.ts +2 -2
package/lib/tx/AuthTransaction.d.ts +2 -2
package/lib/tx/TransactionState.d.ts +11 -1
package/lib/tx/api.d.ts +6 -6
package/lib/types/OktaAuthOptions.d.ts +5 -6
package/lib/types/Storage.d.ts +3 -3
package/lib/types/Transaction.d.ts +11 -0
package/lib/types/UserClaims.d.ts +3 -3
package/lib/types/api.d.ts +28 -16
package/lib/util/console.d.ts +1 -1
package/lib/util/index.d.ts +0 -1
package/lib/util/types.d.ts +1 -1
package/lib/util/url.d.ts +2 -2
package/package.json +5 -5
package/cjs/util/emailVerify.js +0 -28
package/cjs/util/emailVerify.js.map +0 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,37 @@
 # Changelog
+## 6.0.0
+### Breaking Changes
+- [#1003](https://github.com/okta/okta-auth-js/pull/1003) Supports generic UserClaims type. Custom claims should be extended by typescript generics, like `UserClaims<{ groups: string[]; }>`
+- [#1050](https://github.com/okta/okta-auth-js/pull/1050) Removes `userAgent` field from oktaAuth instance
+- [#1014](https://github.com/okta/okta-auth-js/pull/1014) Shared transaction storage is automatically cleared on success and error states. Storage is not cleared for "terminal" state which is neither success nor error.
+- [#1051](https://github.com/okta/okta-auth-js/pull/1051) Removes `useMultipleCookies` from CookieStorage options
+- [#1059](https://github.com/okta/okta-auth-js/pull/1059)
+  - Removes signOut option `clearTokensAfterRedirect`
+  - Adds signOut option `clearTokensBeforeRedirect` (default: `false`) to remove local tokens before logout redirect happen
+- [#1057](https://github.com/okta/okta-auth-js/pull/1057) Strict checks are now enabled in the Typescript compiler options. Some type signatures have been changed to match current behavior.
+- [#1062](https://github.com/okta/okta-auth-js/pull/1062)
+  - Authn method `introspect` is renamed to `introspectAuthn` (still callable as `tx.introspect`)
+  - `IdxFeature` enum is now defined as strings instead of numbers
+### Features
+- [#1014](https://github.com/okta/okta-auth-js/pull/1014) Updates IDX API to support email verify and recovery/activation
+  - adds new configuration options `recoveryToken` and `activationToken`
+  - email verify callback:
+    - adds support for passing `otp` to idx pipeline
+    - updates samples to display error message with OTP code
+  - idx methods support new options:
+    - `exchangeCodeForTokens`. If false, `interactionCode` will be returned on the transaction at the end of the flow instead of `tokens`.
+    - `autoRemediate`. If false, there will be no attempt to satisfy remediations even if values have been passed.
+  - TransactionManager supports new option:
+    - `saveLastResponse`. If false, IDX responses will not be cached.
+- [#1062](https://github.com/okta/okta-auth-js/pull/1062)
+  - All IDX methods are exported.
+  - `useInteractionCodeFlow` defaults to `true` for sample and test apps.
 ## 5.11.0
 - [#1064](https://github.com/okta/okta-auth-js/pull/1064) Supports skip authenticator in idx authentication flow

package/README.md CHANGED Viewed

@@ -573,7 +573,6 @@ var config = {
         'sessionStorage',
         'cookie'
       ],
-      useMultipleCookies: true // puts each token in its own cookie
     },
     cache: {
       storageTypes: [
@@ -929,7 +928,7 @@ Signs the user out of their current [Okta session](https://developer.okta.com/do
 * `postLogoutRedirectUri` - Setting a value will override the `postLogoutRedirectUri` configured on the SDK.
 * `state` - An optional value, used along with `postLogoutRedirectUri`. If set, this value will be returned as a query parameter during the redirect to the `postLogoutRedirectUri`
 * `idToken` - Specifies the ID token object. By default, `signOut` will look for a token object named `idToken` within the `TokenManager`. If you have stored the id token object in a different location, you should retrieve it first and then pass it here.
-* `clearTokensAfterRedirect` - If `true` (default: `false`) a flag (`pendingRemove`) will be added to local tokens instead of clearing them immediately. Calling `oktaAuth.start()` after logout redirect will clear local tokens if flags are found. This option can be used when work with `SecureRoute` component from Okta's downstream client SDKs to guarantee the local tokens can only be cleared after the Okta SSO session is fully killed.
+* `clearTokensBeforeRedirect` - If `true` (default: `false`) local tokens will be removed before the logout redirect happens. Otherwise a flag (`pendingRemove`) will be added to each local token instead of clearing them immediately. Calling `oktaAuth.start()` after logout redirect will clear local tokens if flags are found. **Use this option with care**: removing local tokens before fully terminating the Okta SSO session can result in logging back in again when using [`@okta/okta-react`](https://www.npmjs.com/package/@okta/okta-react)'s [`SecureRoute`](https://github.com/okta/okta-react#secureroute) component.
 * `revokeAccessToken` - If `false` (default: `true`) the access token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application.
 * `revokeRefreshToken` - If `false` (default: `true`) the refresh token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application.  Revoking a refresh token will revoke any access tokens minted by it, even if `revokeAccessToken` is `false`.
 * `accessToken` - Specifies the access token object. By default, `signOut` will look for a token object named `accessToken` within the `TokenManager`. If you have stored the access token object in a different location, you should retrieve it first and then pass it here. This options is ignored if the `revokeAccessToken` option is `false`.
@@ -1838,6 +1837,10 @@ We have implemented a small SPA app, located at `./test/app/` which is used inte
 The [CHANGELOG](CHANGELOG.md) contains details for all changes and links to the original PR.
+### From 5.x to 6.x
+* All async [IDX API](docs/idx.md) methods will either resolve with an IDX transaction object or throw an exception. In the previous version some exceptions were caught and returned as the `error` property on an IDX transaction object.
 ### From 4.x to 5.x
 * Token auto renew requires [running OktaAuth as a service](#running-as-a-service). To start the service, call [start()](#start). `start` will also call [updateAuthState](#authstatemanagerupdateauthstate) to set an initial [AuthState](#authstatemanager)

package/cjs/AuthStateManager.js CHANGED Viewed

@@ -49,7 +49,8 @@ class AuthStateManager {
     this._pending = { ...DEFAULT_PENDING
     };
     this._authState = INITIAL_AUTH_STATE;
-    this._logOptions = {}; // Listen on tokenManager events to start updateState process
+    this._logOptions = {};
+    this._prevAuthState = null; // Listen on tokenManager events to start updateState process
     // "added" event is emitted in both add and renew process
     // Only listen on "added" event to update auth state

package/cjs/AuthStateManager.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../lib/AuthStateManager.ts"],"names":["PCancelable","require","INITIAL_AUTH_STATE","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","JSON","stringify","idToken","accessToken","error","AuthStateManager","constructor","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","getPreviousAuthState","_prevAuthState","transformAuthState","devMode","log","status","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","then","curPromise","cancel","cancelablePromise","resolve","_","onCancel","shouldReject","emitAndResolve","isCanceled","refreshToken","getTokensSync","promise","Promise","catch","subscribe","handler","unsubscribe","off"],"mappings":";;;;AAaA;;AAGA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,MAAMA,WAAW,GAAGC,OAAO,CAAC,cAAD,CAA3B;;AAEO,MAAMC,kBAAkB,GAAG,IAA3B;;AACP,MAAMC,eAAe,GAAG;AACtBC,EAAAA,sBAAsB,EAAE,IADF;AAEtBC,EAAAA,aAAa,EAAE;AAFO,CAAxB;AAIA,MAAMC,uBAAuB,GAAG,iBAAhC;AACA,MAAMC,wBAAwB,GAAG,EAAjC,C,CAEA;;AACA,MAAMC,eAAe,GAAG,CAACC,SAAD,EAAuBC,KAAvB,KAA4C;AAClE;AACA,MAAI,CAACD,SAAL,EAAgB;AACd,WAAO,KAAP;AACD;;AAED,SAAOA,SAAS,CAACE,eAAV,KAA8BD,KAAK,CAACC,eAApC,IACFC,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACK,OAAzB,MAAsCF,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACI,OAArB,CADpC,IAEFF,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACM,WAAzB,MAA0CH,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACK,WAArB,CAFxC,IAGFN,SAAS,CAACO,KAAV,KAAoBN,KAAK,CAACM,KAH/B;AAID,CAVD;;AAYO,MAAMC,gBAAN,CAAuB;AAW5BC,EAAAA,WAAW,CAACC,GAAD,EAAgB;AACzB,QAAI,CAACA,GAAG,CAACC,OAAT,EAAkB;AAChB,YAAM,IAAIC,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AAED,SAAKC,IAAL,GAAYH,GAAZ;AACA,SAAKI,QAAL,GAAgB,EAAE,GAAGpB;AAAL,KAAhB;AACA,SAAKqB,UAAL,GAAkBtB,kBAAlB;AACA,SAAKuB,WAAL,GAAmB,EAAnB,CARyB,CAUzB;AACA;AACA;;AACAN,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBC,yBAApB,EAAiC,CAACC,GAAD,EAAMC,KAAN,KAAgB;AAC/C,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEJ,yBAAT;AAAsBC,QAAAA,GAAtB;AAA2BC,QAAAA;AAA3B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAIAd,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBO,2BAApB,EAAmC,CAACL,GAAD,EAAMC,KAAN,KAAgB;AACjD,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEE,2BAAT;AAAwBL,QAAAA,GAAxB;AAA6BC,QAAAA;AAA7B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAID;;AAEDF,EAAAA,cAAc,CAACI,OAAD,EAAU;AACtB,SAAKV,WAAL,GAAmBU,OAAnB;AACD;;AAEDC,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKZ,UAAZ;AACD;;AAEDa,EAAAA,oBAAoB,GAAqB;AACvC,WAAO,KAAKC,cAAZ;AACD;;AAEoB,QAAfL,eAAe,GAAuB;AAC1C,UAAM;AAAEM,MAAAA,kBAAF;AAAsBC,MAAAA;AAAtB,QAAkC,KAAKlB,IAAL,CAAUa,OAAlD;;AAEA,UAAMM,GAAG,GAAIC,MAAD,IAAY;AACtB,YAAM;AAAEV,QAAAA,KAAF;AAASH,QAAAA,GAAT;AAAcC,QAAAA;AAAd,UAAwB,KAAKL,WAAnC;AACA,8BAAakB,KAAb,CAAoB,uCAAsCX,KAAM,WAAUU,MAAO,EAAjF;AACA,8BAAaD,GAAb,CAAiBZ,GAAjB,EAAsBC,KAAtB;AACA,8BAAaW,GAAb,CAAiB,mBAAjB,EAAsC,KAAKjB,UAA3C;AACA,8BAAaoB,QAAb,GALsB,CAOtB;;AACA,WAAKnB,WAAL,GAAmB,EAAnB;AACD,KATD;;AAWA,UAAMoB,mBAAmB,GAAIC,SAAD,IAAe;AACzC,UAAItC,eAAe,CAAC,KAAKgB,UAAN,EAAkBsB,SAAlB,CAAnB,EAAiD;AAC/CN,QAAAA,OAAO,IAAIC,GAAG,CAAC,WAAD,CAAd;AACA;AACD;;AACD,WAAKH,cAAL,GAAsB,KAAKd,UAA3B;AACA,WAAKA,UAAL,GAAkBsB,SAAlB,CANyC,CAOzC;;AACA,WAAKxB,IAAL,CAAUF,OAAV,CAAkB2B,IAAlB,CAAuBzC,uBAAvB,EAAgD,EAAE,GAAGwC;AAAL,OAAhD;;AACAN,MAAAA,OAAO,IAAIC,GAAG,CAAC,SAAD,CAAd;AACD,KAVD;;AAYA,UAAMO,YAAY,GAAIC,WAAD,IAAiB;AACpC,aAAO,KAAK1B,QAAL,CAAcnB,sBAAd,CAAqC8C,IAArC,CAA0C,MAAM;AACrD,cAAMC,UAAU,GAAG,KAAK5B,QAAL,CAAcnB,sBAAjC;;AACA,YAAI+C,UAAU,IAAIA,UAAU,KAAKF,WAAjC,EAA8C;AAC5C,iBAAOD,YAAY,CAACG,UAAD,CAAnB;AACD;;AACD,eAAO,KAAKf,YAAL,EAAP;AACD,OANM,CAAP;AAOD,KARD;;AAUA,QAAI,KAAKb,QAAL,CAAcnB,sBAAlB,EAA0C;AACxC,UAAI,KAAKmB,QAAL,CAAclB,aAAd,IAA+BE,wBAAnC,EAA6D;AAC3D;AACA;AACAiC,QAAAA,OAAO,IAAIC,GAAG,CAAC,YAAD,CAAd;AACA,eAAOO,YAAY,CAAC,KAAKzB,QAAL,CAAcnB,sBAAf,CAAnB;AACD,OALD,MAKO;AACL,aAAKmB,QAAL,CAAcnB,sBAAd,CAAqCgD,MAArC;AACD;AACF;AAED;;;AACA,UAAMC,iBAAiB,GAAG,IAAIrD,WAAJ,CAAgB,CAACsD,OAAD,EAAUC,CAAV,EAAaC,QAAb,KAA0B;AAClEA,MAAAA,QAAQ,CAACC,YAAT,GAAwB,KAAxB;AACAD,MAAAA,QAAQ,CAAC,MAAM;AACb,aAAKjC,QAAL,CAAcnB,sBAAd,GAAuC,IAAvC;AACA,aAAKmB,QAAL,CAAclB,aAAd,GAA8B,KAAKkB,QAAL,CAAclB,aAAd,GAA8B,CAA5D;AACAmC,QAAAA,OAAO,IAAIC,GAAG,CAAC,UAAD,CAAd;AACD,OAJO,CAAR;;AAMA,YAAMiB,cAAc,GAAIZ,SAAD,IAAe;AACpC,YAAIO,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD,SAJmC,CAKpC;;;AACAT,QAAAA,mBAAmB,CAACC,SAAD,CAAnB;AACAQ,QAAAA,OAAO,GAP6B,CASpC;;AACA,aAAK/B,QAAL,GAAgB,EAAE,GAAGpB;AAAL,SAAhB;AACD,OAXD;;AAaA,WAAKmB,IAAL,CAAUX,eAAV,GACGuC,IADH,CACQ,MAAM;AACV,YAAIG,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD;;AAED,cAAM;AAAEvC,UAAAA,WAAF;AAAeD,UAAAA,OAAf;AAAwB8C,UAAAA;AAAxB,YAAyC,KAAKtC,IAAL,CAAUI,YAAV,CAAuBmC,aAAvB,EAA/C;;AACA,cAAMf,SAAS,GAAG;AAChB/B,UAAAA,WADgB;AAEhBD,UAAAA,OAFgB;AAGhB8C,UAAAA,YAHgB;AAIhBjD,UAAAA,eAAe,EAAE,CAAC,EAAEI,WAAW,IAAID,OAAjB;AAJF,SAAlB;AAMA,cAAMgD,OAA2B,GAAGvB,kBAAkB,GAClDA,kBAAkB,CAAC,KAAKjB,IAAN,EAAYwB,SAAZ,CADgC,GAElDiB,OAAO,CAACT,OAAR,CAAgBR,SAAhB,CAFJ;AAIAgB,QAAAA,OAAO,CACJZ,IADH,CACQJ,SAAS,IAAIY,cAAc,CAACZ,SAAD,CADnC,EAEGkB,KAFH,CAEShD,KAAK,IAAI0C,cAAc,CAAC;AAC7B3C,UAAAA,WAD6B;AAE7BD,UAAAA,OAF6B;AAG7B8C,UAAAA,YAH6B;AAI7BjD,UAAAA,eAAe,EAAE,KAJY;AAK7BK,UAAAA;AAL6B,SAAD,CAFhC;AASD,OA3BH;AA4BD,KAjDyB,CAA1B;AAkDA;;AACA,SAAKO,QAAL,CAAcnB,sBAAd,GAAuCiD,iBAAvC;AAEA,WAAOL,YAAY,CAACK,iBAAD,CAAnB;AACD;;AAEDY,EAAAA,SAAS,CAACC,OAAD,EAAgB;AACvB,SAAK5C,IAAL,CAAUF,OAAV,CAAkBO,EAAlB,CAAqBrB,uBAArB,EAA8C4D,OAA9C;AACD;;AAEDC,EAAAA,WAAW,CAACD,OAAD,EAAiB;AAC1B,SAAK5C,IAAL,CAAUF,OAAV,CAAkBgD,GAAlB,CAAsB9D,uBAAtB,EAA+C4D,OAA/C;AACD;;AA5J2B","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n /\n\n\nimport { AuthSdkError } from './errors';\nimport { AuthState, AuthStateLogOptions } from './types';\nimport { OktaAuth } from '.';\nimport { getConsole } from './util';\nimport { EVENT_ADDED, EVENT_REMOVED } from './TokenManager';\nconst PCancelable = require('p-cancelable');\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\nexport class AuthStateManager {\n _sdk: OktaAuth;\n _pending: { \n updateAuthStatePromise: typeof PCancelable;\n canceledTimes: number; \n };\n _authState: AuthState \| null;\n _prevAuthState: AuthState \| null;\n _logOptions: AuthStateLogOptions;\n _lastEventTimestamp: number;\n\n constructor(sdk: OktaAuth) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n\n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState \| null {\n return this._authState;\n }\n\n getPreviousAuthState(): AuthState \| null {\n return this._prevAuthState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._prevAuthState = this._authState;\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n / eslint-disable complexity /\n const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n onCancel.shouldReject = false;\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve();\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then(() => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated: !!(accessToken && idToken)\n };\n const promise: Promise<AuthState> = transformAuthState\n ? transformAuthState(this._sdk, authState)\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n / eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n"],"file":"AuthStateManager.js"}
1	+ {"version":3,"sources":["../../lib/AuthStateManager.ts"],"names":["PCancelable","require","INITIAL_AUTH_STATE","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","JSON","stringify","idToken","accessToken","error","AuthStateManager","constructor","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","_prevAuthState","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","getPreviousAuthState","transformAuthState","devMode","log","status","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","then","curPromise","cancel","cancelablePromise","resolve","_","onCancel","shouldReject","emitAndResolve","isCanceled","refreshToken","getTokensSync","promise","Promise","catch","subscribe","handler","unsubscribe","off"],"mappings":";;;;AAaA;;AAGA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,MAAMA,WAAW,GAAGC,OAAO,CAAC,cAAD,CAA3B;;AAEO,MAAMC,kBAAkB,GAAG,IAA3B;;AACP,MAAMC,eAAe,GAAG;AACtBC,EAAAA,sBAAsB,EAAE,IADF;AAEtBC,EAAAA,aAAa,EAAE;AAFO,CAAxB;AAIA,MAAMC,uBAAuB,GAAG,iBAAhC;AACA,MAAMC,wBAAwB,GAAG,EAAjC,C,CAEA;;AACA,MAAMC,eAAe,GAAG,CAACC,SAAD,EAA8BC,KAA9B,KAAmD;AACzE;AACA,MAAI,CAACD,SAAL,EAAgB;AACd,WAAO,KAAP;AACD;;AAED,SAAOA,SAAS,CAACE,eAAV,KAA8BD,KAAK,CAACC,eAApC,IACFC,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACK,OAAzB,MAAsCF,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACI,OAArB,CADpC,IAEFF,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACM,WAAzB,MAA0CH,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACK,WAArB,CAFxC,IAGFN,SAAS,CAACO,KAAV,KAAoBN,KAAK,CAACM,KAH/B;AAID,CAVD;;AAYO,MAAMC,gBAAN,CAAuB;AAU5BC,EAAAA,WAAW,CAACC,GAAD,EAAgB;AACzB,QAAI,CAACA,GAAG,CAACC,OAAT,EAAkB;AAChB,YAAM,IAAIC,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AAED,SAAKC,IAAL,GAAYH,GAAZ;AACA,SAAKI,QAAL,GAAgB,EAAE,GAAGpB;AAAL,KAAhB;AACA,SAAKqB,UAAL,GAAkBtB,kBAAlB;AACA,SAAKuB,WAAL,GAAmB,EAAnB;AACA,SAAKC,cAAL,GAAsB,IAAtB,CATyB,CAWzB;AACA;AACA;;AACAP,IAAAA,GAAG,CAACQ,YAAJ,CAAiBC,EAAjB,CAAoBC,yBAApB,EAAiC,CAACC,GAAD,EAAMC,KAAN,KAAgB;AAC/C,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEJ,yBAAT;AAAsBC,QAAAA,GAAtB;AAA2BC,QAAAA;AAA3B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAIAf,IAAAA,GAAG,CAACQ,YAAJ,CAAiBC,EAAjB,CAAoBO,2BAApB,EAAmC,CAACL,GAAD,EAAMC,KAAN,KAAgB;AACjD,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEE,2BAAT;AAAwBL,QAAAA,GAAxB;AAA6BC,QAAAA;AAA7B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAID;;AAEDF,EAAAA,cAAc,CAACI,OAAD,EAAU;AACtB,SAAKX,WAAL,GAAmBW,OAAnB;AACD;;AAEDC,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKb,UAAZ;AACD;;AAEDc,EAAAA,oBAAoB,GAAqB;AACvC,WAAO,KAAKZ,cAAZ;AACD;;AAEoB,QAAfQ,eAAe,GAAuB;AAC1C,UAAM;AAAEK,MAAAA,kBAAF;AAAsBC,MAAAA;AAAtB,QAAkC,KAAKlB,IAAL,CAAUc,OAAlD;;AAEA,UAAMK,GAAG,GAAIC,MAAD,IAAY;AACtB,YAAM;AAAET,QAAAA,KAAF;AAASH,QAAAA,GAAT;AAAcC,QAAAA;AAAd,UAAwB,KAAKN,WAAnC;AACA,8BAAakB,KAAb,CAAoB,uCAAsCV,KAAM,WAAUS,MAAO,EAAjF;AACA,8BAAaD,GAAb,CAAiBX,GAAjB,EAAsBC,KAAtB;AACA,8BAAaU,GAAb,CAAiB,mBAAjB,EAAsC,KAAKjB,UAA3C;AACA,8BAAaoB,QAAb,GALsB,CAOtB;;AACA,WAAKnB,WAAL,GAAmB,EAAnB;AACD,KATD;;AAWA,UAAMoB,mBAAmB,GAAIC,SAAD,IAAe;AACzC,UAAItC,eAAe,CAAC,KAAKgB,UAAN,EAAkBsB,SAAlB,CAAnB,EAAiD;AAC/CN,QAAAA,OAAO,IAAIC,GAAG,CAAC,WAAD,CAAd;AACA;AACD;;AACD,WAAKf,cAAL,GAAsB,KAAKF,UAA3B;AACA,WAAKA,UAAL,GAAkBsB,SAAlB,CANyC,CAOzC;;AACA,WAAKxB,IAAL,CAAUF,OAAV,CAAkB2B,IAAlB,CAAuBzC,uBAAvB,EAAgD,EAAE,GAAGwC;AAAL,OAAhD;;AACAN,MAAAA,OAAO,IAAIC,GAAG,CAAC,SAAD,CAAd;AACD,KAVD;;AAYA,UAAMO,YAAY,GAAIC,WAAD,IAAiB;AACpC,aAAO,KAAK1B,QAAL,CAAcnB,sBAAd,CAAqC8C,IAArC,CAA0C,MAAM;AACrD,cAAMC,UAAU,GAAG,KAAK5B,QAAL,CAAcnB,sBAAjC;;AACA,YAAI+C,UAAU,IAAIA,UAAU,KAAKF,WAAjC,EAA8C;AAC5C,iBAAOD,YAAY,CAACG,UAAD,CAAnB;AACD;;AACD,eAAO,KAAKd,YAAL,EAAP;AACD,OANM,CAAP;AAOD,KARD;;AAUA,QAAI,KAAKd,QAAL,CAAcnB,sBAAlB,EAA0C;AACxC,UAAI,KAAKmB,QAAL,CAAclB,aAAd,IAA+BE,wBAAnC,EAA6D;AAC3D;AACA;AACAiC,QAAAA,OAAO,IAAIC,GAAG,CAAC,YAAD,CAAd;AACA,eAAOO,YAAY,CAAC,KAAKzB,QAAL,CAAcnB,sBAAf,CAAnB;AACD,OALD,MAKO;AACL,aAAKmB,QAAL,CAAcnB,sBAAd,CAAqCgD,MAArC;AACD;AACF;AAED;;;AACA,UAAMC,iBAAiB,GAAG,IAAIrD,WAAJ,CAAgB,CAACsD,OAAD,EAAUC,CAAV,EAAaC,QAAb,KAA0B;AAClEA,MAAAA,QAAQ,CAACC,YAAT,GAAwB,KAAxB;AACAD,MAAAA,QAAQ,CAAC,MAAM;AACb,aAAKjC,QAAL,CAAcnB,sBAAd,GAAuC,IAAvC;AACA,aAAKmB,QAAL,CAAclB,aAAd,GAA8B,KAAKkB,QAAL,CAAclB,aAAd,GAA8B,CAA5D;AACAmC,QAAAA,OAAO,IAAIC,GAAG,CAAC,UAAD,CAAd;AACD,OAJO,CAAR;;AAMA,YAAMiB,cAAc,GAAIZ,SAAD,IAAe;AACpC,YAAIO,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD,SAJmC,CAKpC;;;AACAT,QAAAA,mBAAmB,CAACC,SAAD,CAAnB;AACAQ,QAAAA,OAAO,GAP6B,CASpC;;AACA,aAAK/B,QAAL,GAAgB,EAAE,GAAGpB;AAAL,SAAhB;AACD,OAXD;;AAaA,WAAKmB,IAAL,CAAUX,eAAV,GACGuC,IADH,CACQ,MAAM;AACV,YAAIG,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD;;AAED,cAAM;AAAEvC,UAAAA,WAAF;AAAeD,UAAAA,OAAf;AAAwB8C,UAAAA;AAAxB,YAAyC,KAAKtC,IAAL,CAAUK,YAAV,CAAuBkC,aAAvB,EAA/C;;AACA,cAAMf,SAAS,GAAG;AAChB/B,UAAAA,WADgB;AAEhBD,UAAAA,OAFgB;AAGhB8C,UAAAA,YAHgB;AAIhBjD,UAAAA,eAAe,EAAE,CAAC,EAAEI,WAAW,IAAID,OAAjB;AAJF,SAAlB;AAMA,cAAMgD,OAA2B,GAAGvB,kBAAkB,GAClDA,kBAAkB,CAAC,KAAKjB,IAAN,EAAYwB,SAAZ,CADgC,GAElDiB,OAAO,CAACT,OAAR,CAAgBR,SAAhB,CAFJ;AAIAgB,QAAAA,OAAO,CACJZ,IADH,CACQJ,SAAS,IAAIY,cAAc,CAACZ,SAAD,CADnC,EAEGkB,KAFH,CAEShD,KAAK,IAAI0C,cAAc,CAAC;AAC7B3C,UAAAA,WAD6B;AAE7BD,UAAAA,OAF6B;AAG7B8C,UAAAA,YAH6B;AAI7BjD,UAAAA,eAAe,EAAE,KAJY;AAK7BK,UAAAA;AAL6B,SAAD,CAFhC;AASD,OA3BH;AA4BD,KAjDyB,CAA1B;AAkDA;;AACA,SAAKO,QAAL,CAAcnB,sBAAd,GAAuCiD,iBAAvC;AAEA,WAAOL,YAAY,CAACK,iBAAD,CAAnB;AACD;;AAEDY,EAAAA,SAAS,CAACC,OAAD,EAAgB;AACvB,SAAK5C,IAAL,CAAUF,OAAV,CAAkBQ,EAAlB,CAAqBtB,uBAArB,EAA8C4D,OAA9C;AACD;;AAEDC,EAAAA,WAAW,CAACD,OAAD,EAAiB;AAC1B,SAAK5C,IAAL,CAAUF,OAAV,CAAkBgD,GAAlB,CAAsB9D,uBAAtB,EAA+C4D,OAA/C;AACD;;AA5J2B","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n /\n\n\nimport { AuthSdkError } from './errors';\nimport { AuthState, AuthStateLogOptions } from './types';\nimport { OktaAuth } from '.';\nimport { getConsole } from './util';\nimport { EVENT_ADDED, EVENT_REMOVED } from './TokenManager';\nconst PCancelable = require('p-cancelable');\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState \| null, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\nexport class AuthStateManager {\n _sdk: OktaAuth;\n _pending: { \n updateAuthStatePromise: typeof PCancelable;\n canceledTimes: number; \n };\n _authState: AuthState \| null;\n _prevAuthState: AuthState \| null;\n _logOptions: AuthStateLogOptions;\n\n constructor(sdk: OktaAuth) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n this._prevAuthState = null;\n \n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState \| null {\n return this._authState;\n }\n\n getPreviousAuthState(): AuthState \| null {\n return this._prevAuthState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._prevAuthState = this._authState;\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n / eslint-disable complexity /\n const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n onCancel.shouldReject = false;\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve();\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then(() => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated: !!(accessToken && idToken)\n };\n const promise: Promise<AuthState> = transformAuthState\n ? transformAuthState(this._sdk, authState)\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n / eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n"],"file":"AuthStateManager.js"}

package/cjs/OktaAuth.js CHANGED Viewed

@@ -20,8 +20,6 @@ var _browserStorage = _interopRequireDefault(require("./browser/browserStorage")
 var _util = require("./util");
-var _builderUtil = require("./builderUtil");
 var _TokenManager = require("./TokenManager");
 var _http = require("./http");
@@ -46,6 +44,8 @@ var _OktaUserAgent = require("./OktaUserAgent");
 var _parseFromUrl = require("./oidc/parseFromUrl");
+var _transactionMeta = require("./idx/transactionMeta");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
@@ -66,17 +66,13 @@ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj &&
  * See the License for the specific language governing permissions and limitations under the License.
  */
-/* SDK_VERSION is defined in webpack config */
-/* global window, SDK_VERSION */
+/* global window */
 const Emitter = require('tiny-emitter');
 class OktaAuth {
-  // keep this field to compatible with released downstream SDK versions
-  // TODO: remove in version 6
-  // JIRA: https://oktainc.atlassian.net/browse/OKTA-419417
   constructor(args) {
-    const options = this.options = (0, _options.buildOptions)(args);
+    const options = this.options = (0, _options.buildOptions)(args); // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
     this.storageManager = new _StorageManager.default(options.storageManager, options.cookies, options.storageUtil);
     this.transactionManager = new _TransactionManager.default(Object.assign({
       storageManager: this.storageManager
@@ -87,11 +83,12 @@ class OktaAuth {
       resume: _tx.resumeTransaction.bind(null, this),
       exists: Object.assign(_tx.transactionExists.bind(null, this), {
         _get: name => {
+          // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
           const storage = options.storageUtil.storage;
           return storage.get(name);
         }
       }),
-      introspect: _tx.introspect.bind(null, this)
+      introspect: _tx.introspectAuthn.bind(null, this)
     };
     this.pkce = {
       DEFAULT_CODE_CHALLENGE_METHOD: _pkce.default.DEFAULT_CODE_CHALLENGE_METHOD,
@@ -112,9 +109,6 @@ class OktaAuth {
         redirectUri: (0, _util.toAbsoluteUrl)(args.redirectUri, window.location.origin) // allow relative URIs
       });
-      this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js/${"5.11.0"}`);
-    } else {
-      this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js-server/${"5.11.0"}`);
     } // Digital clocks will drift over time, so the server
     // can misalign with the time reported by the browser.
     // The maxClockSkew allows relaxing the time-based
@@ -142,13 +136,42 @@ class OktaAuth {
       setCookieAndRedirect: _session.setCookieAndRedirect.bind(null, this)
     };
     this._tokenQueue = new _PromiseQueue.default();
+    const useQueue = method => {
+      return _PromiseQueue.default.prototype.push.bind(this._tokenQueue, method, null);
+    }; // eslint-disable-next-line max-len
+    const getWithRedirectFn = useQueue(_oidc.getWithRedirect.bind(null, this));
+    const getWithRedirectApi = Object.assign(getWithRedirectFn, {
+      // This is exposed so we can set window.location in our tests
+      _setLocation: function (url) {
+        window.location = url;
+      }
+    }); // eslint-disable-next-line max-len
+    const parseFromUrlFn = useQueue(_oidc.parseFromUrl.bind(null, this));
+    const parseFromUrlApi = Object.assign(parseFromUrlFn, {
+      // This is exposed so we can mock getting window.history in our tests
+      _getHistory: function () {
+        return window.history;
+      },
+      // This is exposed so we can mock getting window.location in our tests
+      _getLocation: function () {
+        return window.location;
+      },
+      // This is exposed so we can mock getting window.document in our tests
+      _getDocument: function () {
+        return window.document;
+      }
+    });
     this.token = {
       prepareTokenParams: _oidc.prepareTokenParams.bind(null, this),
       exchangeCodeForTokens: _oidc.exchangeCodeForTokens.bind(null, this),
       getWithoutPrompt: _oidc.getWithoutPrompt.bind(null, this),
       getWithPopup: _oidc.getWithPopup.bind(null, this),
-      getWithRedirect: _oidc.getWithRedirect.bind(null, this),
-      parseFromUrl: _oidc.parseFromUrl.bind(null, this),
+      getWithRedirect: getWithRedirectApi,
+      parseFromUrl: parseFromUrlApi,
       decode: _oidc.decodeToken,
       revoke: _oidc.revokeToken.bind(null, this),
       renew: _oidc.renewToken.bind(null, this),
@@ -159,7 +182,9 @@ class OktaAuth {
       isLoginRedirect: _oidc.isLoginRedirect.bind(null, this)
     }; // Wrap all async token API methods using MethodQueue to avoid issues with concurrency
-    const syncMethods = ['decode', 'isLoginRedirect'];
+    const syncMethods = [// sync methods
+    'decode', 'isLoginRedirect', // already bound
+    'getWithRedirect', 'parseFromUrl'];
     Object.keys(this.token).forEach(key => {
       if (syncMethods.indexOf(key) >= 0) {
         // sync methods should not be wrapped
@@ -168,39 +193,38 @@ class OktaAuth {
       var method = this.token[key];
       this.token[key] = _PromiseQueue.default.prototype.push.bind(this._tokenQueue, method, null);
-    });
-    Object.assign(this.token.getWithRedirect, {
-      // This is exposed so we can set window.location in our tests
-      _setLocation: function (url) {
-        window.location = url;
-      }
-    });
-    Object.assign(this.token.parseFromUrl, {
-      // This is exposed so we can mock getting window.history in our tests
-      _getHistory: function () {
-        return window.history;
-      },
-      // This is exposed so we can mock getting window.location in our tests
-      _getLocation: function () {
-        return window.location;
-      },
-      // This is exposed so we can mock getting window.document in our tests
-      _getDocument: function () {
-        return window.document;
-      }
     }); // IDX
+    const boundStartTransaction = _idx.startTransaction.bind(null, this);
     this.idx = {
       interact: _idx.interact.bind(null, this),
       introspect: _idx.introspect.bind(null, this),
       authenticate: _idx.authenticate.bind(null, this),
       register: _idx.register.bind(null, this),
+      start: boundStartTransaction,
+      startTransaction: boundStartTransaction,
+      // Use `start` instead. `startTransaction` will be removed in 7.0
       poll: _idx.poll.bind(null, this),
       proceed: _idx.proceed.bind(null, this),
       cancel: _idx.cancel.bind(null, this),
       recoverPassword: _idx.recoverPassword.bind(null, this),
+      // oauth redirect callback
       handleInteractionCodeRedirect: _idx.handleInteractionCodeRedirect.bind(null, this),
-      startTransaction: _idx.startTransaction.bind(null, this),
+      // interaction required callback
+      isInteractionRequired: _oidc.isInteractionRequired.bind(null, this),
+      isInteractionRequiredError: _oidc.isInteractionRequiredError,
+      // email verify callback
+      handleEmailVerifyCallback: _idx.handleEmailVerifyCallback.bind(null, this),
+      isEmailVerifyCallback: _idx.isEmailVerifyCallback,
+      parseEmailVerifyCallback: _idx.parseEmailVerifyCallback,
+      isEmailVerifyCallbackError: _idx.isEmailVerifyCallbackError,
+      getSavedTransactionMeta: _transactionMeta.getSavedTransactionMeta.bind(null, this),
+      createTransactionMeta: _transactionMeta.createTransactionMeta.bind(null, this),
+      getTransactionMeta: _transactionMeta.getTransactionMeta.bind(null, this),
+      saveTransactionMeta: _transactionMeta.saveTransactionMeta.bind(null, this),
+      clearTransactionMeta: _transactionMeta.clearTransactionMeta.bind(null, this),
+      isTransactionMetaValid: _transactionMeta.isTransactionMetaValid,
       setFlow: flow => {
         this.options.flow = flow;
       },
@@ -238,33 +262,13 @@ class OktaAuth {
   setHeaders(headers) {
     this.options.headers = Object.assign({}, this.options.headers, headers);
-  } // ES6 module users can use named exports to access all symbols
-  // CommonJS module users (CDN) need all exports on this object
-  // Utility methods for interaction code flow
+  } // Authn  V1
-  isInteractionRequired(hashOrSearch) {
-    return (0, _oidc.isInteractionRequired)(this, hashOrSearch);
-  }
-  isInteractionRequiredError(error) {
-    return (0, _oidc.isInteractionRequiredError)(error);
-  } // Utility methods for email verify callback
-  isEmailVerifyCallback(urlPath) {
-    return (0, _util.isEmailVerifyCallback)(urlPath);
-  }
-  parseEmailVerifyCallback(urlPath) {
-    return (0, _util.parseEmailVerifyCallback)(urlPath);
-  }
   async signIn(opts) {
-    // TODO: support interaction code flow
-    // Authn V1 flow
     return this.signInWithCredentials(opts);
-  }
+  } // Authn  V1
   async signInWithCredentials(opts) {
     opts = (0, _util.clone)(opts || {});
@@ -448,11 +452,11 @@ class OktaAuth {
         }
       });
     } else {
-      if (options.clearTokensAfterRedirect) {
-        this.tokenManager.addPendingRemoveFlags();
-      } else {
+      if (options.clearTokensBeforeRedirect) {
         // Clear all local tokens
         this.tokenManager.clear();
+      } else {
+        this.tokenManager.addPendingRemoveFlags();
       } // Flow ends with logout redirect
@@ -486,7 +490,7 @@ class OktaAuth {
     } = this.tokenManager.getOptions();
     if (accessToken && this.tokenManager.hasExpired(accessToken)) {
-      accessToken = null;
+      accessToken = undefined;
       if (autoRenew) {
         try {
@@ -499,7 +503,7 @@ class OktaAuth {
     }
     if (idToken && this.tokenManager.hasExpired(idToken)) {
-      idToken = null;
+      idToken = undefined;
       if (autoRenew) {
         try {
@@ -584,7 +588,7 @@ class OktaAuth {
     const storage = _browserStorage.default.getSessionStorage();
-    return storage ? storage.getItem(constants.REFERRER_PATH_STORAGE_KEY) : undefined;
+    return storage ? storage.getItem(constants.REFERRER_PATH_STORAGE_KEY) || undefined : undefined;
   }
   removeOriginalUri(state) {
@@ -597,7 +601,7 @@ class OktaAuth {
     if (state) {
       const sharedStorage = this.storageManager.getOriginalUriStorage();
-      sharedStorage.removeItem(state);
+      sharedStorage.removeItem && sharedStorage.removeItem(state);
     }
   }
@@ -632,7 +636,7 @@ class OktaAuth {
     if (restoreOriginalUri) {
       await restoreOriginalUri(this, originalUri);
-    } else {
+    } else if (originalUri) {
       window.location.replace(originalUri);
     }
   }
@@ -663,6 +667,7 @@ class OktaAuth {
   getIssuerOrigin() {
     // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
     return this.options.issuer.split('/oauth2/')[0];
   } // { username, (relayState) }
@@ -684,11 +689,10 @@ class OktaAuth {
 } // Hoist feature detection functions to static type
-OktaAuth.features = OktaAuth.prototype.features = features; // Also hoist values and utility functions for CommonJS users
+OktaAuth.features = OktaAuth.prototype.features = features; // Also hoist constants for CommonJS users
 Object.assign(OktaAuth, {
-  constants,
-  isInteractionRequiredError: _oidc.isInteractionRequiredError
+  constants
 });
 var _default = OktaAuth;
 exports.default = _default;