@okta/okta-auth-js 5.11.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (228) hide show
  1. package/CHANGELOG.md +32 -0
  2. package/README.md +5 -2
  3. package/cjs/AuthStateManager.js +2 -1
  4. package/cjs/AuthStateManager.js.map +1 -1
  5. package/cjs/OktaAuth.js +75 -71
  6. package/cjs/OktaAuth.js.map +1 -1
  7. package/cjs/OktaUserAgent.js +2 -2
  8. package/cjs/OktaUserAgent.js.map +1 -1
  9. package/cjs/PromiseQueue.js +6 -1
  10. package/cjs/PromiseQueue.js.map +1 -1
  11. package/cjs/StorageManager.js +3 -1
  12. package/cjs/StorageManager.js.map +1 -1
  13. package/cjs/TokenManager.js +9 -3
  14. package/cjs/TokenManager.js.map +1 -1
  15. package/cjs/TransactionManager.js +17 -4
  16. package/cjs/TransactionManager.js.map +1 -1
  17. package/cjs/browser/browserStorage.js +7 -5
  18. package/cjs/browser/browserStorage.js.map +1 -1
  19. package/cjs/browser/fingerprint.js +3 -1
  20. package/cjs/browser/fingerprint.js.map +1 -1
  21. package/cjs/builderUtil.js +3 -17
  22. package/cjs/builderUtil.js.map +1 -1
  23. package/cjs/crypto/oidcHash.js.map +1 -1
  24. package/cjs/features.js +9 -3
  25. package/cjs/features.js.map +1 -1
  26. package/cjs/fetch/fetchRequest.js +2 -1
  27. package/cjs/fetch/fetchRequest.js.map +1 -1
  28. package/cjs/http/request.js +2 -0
  29. package/cjs/http/request.js.map +1 -1
  30. package/cjs/idx/authenticate.js +8 -5
  31. package/cjs/idx/authenticate.js.map +1 -1
  32. package/cjs/idx/authenticator/SecurityQuestionVerification.js +1 -0
  33. package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
  34. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +2 -2
  35. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
  36. package/cjs/idx/authenticator/getAuthenticator.js +5 -6
  37. package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
  38. package/cjs/idx/cancel.js.map +1 -1
  39. package/cjs/idx/emailVerify.js +73 -0
  40. package/cjs/idx/emailVerify.js.map +1 -0
  41. package/cjs/idx/flow/FlowSpecification.js +16 -4
  42. package/cjs/idx/flow/FlowSpecification.js.map +1 -1
  43. package/cjs/idx/flow/RegistrationFlow.js +2 -0
  44. package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
  45. package/cjs/idx/handleInteractionCodeRedirect.js +1 -0
  46. package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
  47. package/cjs/idx/index.js +13 -0
  48. package/cjs/idx/index.js.map +1 -1
  49. package/cjs/idx/interact.js +46 -34
  50. package/cjs/idx/interact.js.map +1 -1
  51. package/cjs/idx/introspect.js +12 -14
  52. package/cjs/idx/introspect.js.map +1 -1
  53. package/cjs/idx/proceed.js +4 -7
  54. package/cjs/idx/proceed.js.map +1 -1
  55. package/cjs/idx/recoverPassword.js +1 -1
  56. package/cjs/idx/recoverPassword.js.map +1 -1
  57. package/cjs/idx/register.js +6 -15
  58. package/cjs/idx/register.js.map +1 -1
  59. package/cjs/idx/remediate.js +21 -5
  60. package/cjs/idx/remediate.js.map +1 -1
  61. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +2 -0
  62. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
  63. package/cjs/idx/remediators/AuthenticatorVerificationData.js +5 -3
  64. package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
  65. package/cjs/idx/remediators/Base/AuthenticatorData.js +5 -3
  66. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  67. package/cjs/idx/remediators/Base/Remediator.js +2 -0
  68. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  69. package/cjs/idx/remediators/Base/SelectAuthenticator.js +4 -3
  70. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  71. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  72. package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
  73. package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
  74. package/cjs/idx/remediators/EnrollPoll.js +2 -3
  75. package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
  76. package/cjs/idx/remediators/EnrollProfile.js +4 -1
  77. package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
  78. package/cjs/idx/remediators/EnrollmentChannelData.js +80 -0
  79. package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -0
  80. package/cjs/idx/remediators/Identify.js.map +1 -1
  81. package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -0
  82. package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
  83. package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
  84. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +2 -2
  85. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
  86. package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
  87. package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
  88. package/cjs/idx/remediators/SelectEnrollmentChannel.js +74 -0
  89. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -0
  90. package/cjs/idx/remediators/Skip.js.map +1 -1
  91. package/cjs/idx/remediators/index.js +26 -0
  92. package/cjs/idx/remediators/index.js.map +1 -1
  93. package/cjs/idx/remediators/util.js +7 -2
  94. package/cjs/idx/remediators/util.js.map +1 -1
  95. package/cjs/idx/run.js +111 -45
  96. package/cjs/idx/run.js.map +1 -1
  97. package/cjs/idx/startTransaction.js +4 -2
  98. package/cjs/idx/startTransaction.js.map +1 -1
  99. package/cjs/idx/transactionMeta.js +82 -69
  100. package/cjs/idx/transactionMeta.js.map +1 -1
  101. package/cjs/idx/types/idx-js.js.map +1 -1
  102. package/cjs/idx/types/index.js +19 -3
  103. package/cjs/idx/types/index.js.map +1 -1
  104. package/cjs/index.js +14 -0
  105. package/cjs/index.js.map +1 -1
  106. package/cjs/oidc/endpoints/authorize.js +2 -0
  107. package/cjs/oidc/endpoints/authorize.js.map +1 -1
  108. package/cjs/oidc/endpoints/token.js +1 -0
  109. package/cjs/oidc/endpoints/token.js.map +1 -1
  110. package/cjs/oidc/exchangeCodeForTokens.js +3 -3
  111. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  112. package/cjs/oidc/getToken.js +3 -1
  113. package/cjs/oidc/getToken.js.map +1 -1
  114. package/cjs/oidc/getWithRedirect.js +10 -37
  115. package/cjs/oidc/getWithRedirect.js.map +1 -1
  116. package/cjs/oidc/handleOAuthResponse.js +80 -86
  117. package/cjs/oidc/handleOAuthResponse.js.map +1 -1
  118. package/cjs/oidc/parseFromUrl.js.map +1 -1
  119. package/cjs/oidc/renewToken.js.map +1 -1
  120. package/cjs/oidc/renewTokens.js +1 -1
  121. package/cjs/oidc/renewTokens.js.map +1 -1
  122. package/cjs/oidc/revokeToken.js +28 -29
  123. package/cjs/oidc/revokeToken.js.map +1 -1
  124. package/cjs/oidc/util/index.js +14 -0
  125. package/cjs/oidc/util/index.js.map +1 -1
  126. package/cjs/oidc/util/loginRedirect.js +6 -1
  127. package/cjs/oidc/util/loginRedirect.js.map +1 -1
  128. package/cjs/oidc/util/oauth.js.map +1 -1
  129. package/cjs/oidc/util/oauthMeta.js +36 -0
  130. package/cjs/oidc/util/oauthMeta.js.map +1 -0
  131. package/cjs/oidc/util/pkce.js.map +1 -1
  132. package/cjs/oidc/util/prepareTokenParams.js +57 -36
  133. package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
  134. package/cjs/oidc/util/validateClaims.js +2 -0
  135. package/cjs/oidc/util/validateClaims.js.map +1 -1
  136. package/cjs/oidc/verifyToken.js +2 -1
  137. package/cjs/oidc/verifyToken.js.map +1 -1
  138. package/cjs/options.js +6 -2
  139. package/cjs/options.js.map +1 -1
  140. package/cjs/server/serverStorage.js +1 -1
  141. package/cjs/server/serverStorage.js.map +1 -1
  142. package/cjs/services/TokenService.js +3 -0
  143. package/cjs/services/TokenService.js.map +1 -1
  144. package/cjs/tx/AuthTransaction.js +3 -0
  145. package/cjs/tx/AuthTransaction.js.map +1 -1
  146. package/cjs/tx/TransactionState.js +0 -17
  147. package/cjs/tx/TransactionState.js.map +1 -1
  148. package/cjs/tx/api.js +3 -2
  149. package/cjs/tx/api.js.map +1 -1
  150. package/cjs/types/Transaction.js.map +1 -1
  151. package/cjs/util/index.js +0 -13
  152. package/cjs/util/index.js.map +1 -1
  153. package/cjs/util/url.js.map +1 -1
  154. package/dist/okta-auth-js.min.js +1 -1
  155. package/dist/okta-auth-js.min.js.map +1 -1
  156. package/dist/okta-auth-js.umd.js +1 -1
  157. package/dist/okta-auth-js.umd.js.map +1 -1
  158. package/esm/index.js +1334 -758
  159. package/esm/index.js.map +1 -1
  160. package/lib/AuthStateManager.d.ts +1 -2
  161. package/lib/OktaAuth.d.ts +4 -10
  162. package/lib/StorageManager.d.ts +1 -1
  163. package/lib/TokenManager.d.ts +2 -2
  164. package/lib/TransactionManager.d.ts +3 -2
  165. package/lib/browser/fingerprint.d.ts +1 -1
  166. package/lib/builderUtil.d.ts +1 -2
  167. package/lib/crypto/browser.d.ts +1 -1
  168. package/lib/features.d.ts +1 -1
  169. package/lib/idx/authenticate.d.ts +1 -1
  170. package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +1 -1
  171. package/lib/idx/cancel.d.ts +1 -1
  172. package/lib/{util → idx}/emailVerify.d.ts +10 -1
  173. package/lib/idx/flow/FlowSpecification.d.ts +1 -0
  174. package/lib/idx/index.d.ts +1 -0
  175. package/lib/idx/interact.d.ts +4 -11
  176. package/lib/idx/introspect.d.ts +3 -2
  177. package/lib/idx/proceed.d.ts +4 -2
  178. package/lib/idx/recoverPassword.d.ts +1 -1
  179. package/lib/idx/remediate.d.ts +10 -4
  180. package/lib/idx/remediators/AuthenticatorEnrollmentData.d.ts +3 -3
  181. package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +3 -3
  182. package/lib/idx/remediators/Base/AuthenticatorData.d.ts +7 -7
  183. package/lib/idx/remediators/Base/Remediator.d.ts +1 -1
  184. package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +7 -7
  185. package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +2 -1
  186. package/lib/idx/remediators/EnrollProfile.d.ts +1 -1
  187. package/lib/idx/remediators/EnrollmentChannelData.d.ts +53 -0
  188. package/lib/idx/remediators/Identify.d.ts +2 -2
  189. package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -2
  190. package/lib/idx/remediators/RedirectIdp.d.ts +3 -3
  191. package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +39 -0
  192. package/lib/idx/remediators/index.d.ts +2 -0
  193. package/lib/idx/remediators/util.d.ts +2 -2
  194. package/lib/idx/run.d.ts +3 -1
  195. package/lib/idx/startTransaction.d.ts +3 -2
  196. package/lib/idx/transactionMeta.d.ts +6 -27
  197. package/lib/idx/types/idx-js.d.ts +8 -1
  198. package/lib/idx/types/index.d.ts +17 -6
  199. package/lib/index.d.ts +1 -0
  200. package/lib/oidc/exchangeCodeForTokens.d.ts +12 -0
  201. package/lib/oidc/getWithRedirect.d.ts +1 -1
  202. package/lib/oidc/handleOAuthResponse.d.ts +1 -1
  203. package/lib/oidc/parseFromUrl.d.ts +1 -1
  204. package/lib/oidc/renewToken.d.ts +1 -1
  205. package/lib/oidc/renewTokens.d.ts +1 -1
  206. package/lib/oidc/util/browser.d.ts +1 -1
  207. package/lib/oidc/util/errors.d.ts +1 -1
  208. package/lib/oidc/util/index.d.ts +1 -0
  209. package/lib/oidc/util/oauth.d.ts +1 -8
  210. package/lib/oidc/util/oauthMeta.d.ts +2 -0
  211. package/lib/oidc/util/prepareTokenParams.d.ts +3 -0
  212. package/lib/server/serverStorage.d.ts +1 -1
  213. package/lib/services/TokenService.d.ts +2 -2
  214. package/lib/tx/AuthTransaction.d.ts +2 -2
  215. package/lib/tx/TransactionState.d.ts +11 -1
  216. package/lib/tx/api.d.ts +6 -6
  217. package/lib/types/OktaAuthOptions.d.ts +5 -6
  218. package/lib/types/Storage.d.ts +3 -3
  219. package/lib/types/Transaction.d.ts +11 -0
  220. package/lib/types/UserClaims.d.ts +3 -3
  221. package/lib/types/api.d.ts +28 -16
  222. package/lib/util/console.d.ts +1 -1
  223. package/lib/util/index.d.ts +0 -1
  224. package/lib/util/types.d.ts +1 -1
  225. package/lib/util/url.d.ts +2 -2
  226. package/package.json +5 -5
  227. package/cjs/util/emailVerify.js +0 -28
  228. package/cjs/util/emailVerify.js.map +0 -1
package/cjs/oidc/util/pkce.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","Array","from","join","slice","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"mappings":";;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAKD,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;AACAK,oBAAUC,eAAV,CAA0BL,CAA1B;;AACA,MAAIM,GAAG,GAAGC,KAAK,CAACC,IAAN,CAAWR,CAAX,EAAcN,OAAd,EAAuBe,IAAvB,CAA4B,EAA5B,CAAV;AACA,SAAOH,GAAG,CAACI,KAAJ,CAAU,CAAV,EAAaX,MAAb,CAAP;AACD;;AAED,SAASY,gBAAT,CAA0BC,MAA1B,EAAmD;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,CAACd,MAAT,GAAkBe,8BAAtB,EAA2C;AACzCD,IAAAA,QAAQ,GAAGA,QAAQ,GAAGf,eAAe,CAACgB,iCAAsBD,QAAQ,CAACd,MAAhC,CAArC;AACD;;AACD,SAAOgB,kBAAkB,CAACF,QAAD,CAAlB,CAA6BH,KAA7B,CAAmC,CAAnC,EAAsCM,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BX,GAA1B,EAAyD;AACvD,MAAIY,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBd,GAAzB,CAAb;AACA,SAAOF,kBAAUiB,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAI3B,UAAJ,CAAeuB,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;eAEc;AACbC,EAAAA,6BAA6B,EAA7BA,wCADa;AAEbnB,EAAAA,gBAFa;AAGbM,EAAAA;AAHa,C","sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport { webcrypto } from '../../crypto';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix || '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n"],"file":"pkce.js"}
1
+ {"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","Array","from","join","slice","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"mappings":";;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAKD,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;AACAK,oBAAUC,eAAV,CAA0BL,CAA1B;;AACA,MAAIM,GAAG,GAAGC,KAAK,CAACC,IAAN,CAAWR,CAAX,EAAcN,OAAd,EAAuBe,IAAvB,CAA4B,EAA5B,CAAV;AACA,SAAOH,GAAG,CAACI,KAAJ,CAAU,CAAV,EAAaX,MAAb,CAAP;AACD;;AAED,SAASY,gBAAT,CAA0BC,MAA1B,EAAmD;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,CAACd,MAAT,GAAkBe,8BAAtB,EAA2C;AACzCD,IAAAA,QAAQ,GAAGA,QAAQ,GAAGf,eAAe,CAACgB,iCAAsBD,QAAQ,CAACd,MAAhC,CAArC;AACD;;AACD,SAAOgB,kBAAkB,CAACF,QAAD,CAAlB,CAA6BH,KAA7B,CAAmC,CAAnC,EAAsCM,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BX,GAA1B,EAAyD;AACvD,MAAIY,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBd,GAAzB,CAAb;AACA,SAAOF,kBAAUiB,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAI3B,UAAJ,CAAeuB,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;eAEc;AACbC,EAAAA,6BAA6B,EAA7BA,wCADa;AAEbnB,EAAAA,gBAFa;AAGbM,EAAAA;AAHa,C","sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport { webcrypto } from '../../crypto';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix || '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n"],"file":"pkce.js"}
package/cjs/oidc/util/prepareTokenParams.js CHANGED
@@ -2,6 +2,9 @@
2
2
 
3
3
  var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
4
4
 
5
+ exports.assertPKCESupport = assertPKCESupport;
6
+ exports.validateCodeChallengeMethod = validateCodeChallengeMethod;
7
+ exports.preparePKCE = preparePKCE;
5
8
  exports.prepareTokenParams = prepareTokenParams;
6
9
 
7
10
  var _wellKnown = require("../endpoints/well-known");
@@ -16,6 +19,8 @@ var _constants = require("../../constants");
16
19
 
17
20
  var _pkce = _interopRequireDefault(require("./pkce"));
18
21
 
22
+ /* eslint-disable complexity */
23
+
19
24
  /*!
20
25
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
21
26
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -28,18 +33,7 @@ var _pkce = _interopRequireDefault(require("./pkce"));
28
33
  * See the License for the specific language governing permissions and limitations under the License.
29
34
  *
30
35
  */
31
- // Prepares params for a call to /authorize or /token
32
- function prepareTokenParams(sdk, tokenParams) {
33
- // build params using defaults + options
34
- const defaults = (0, _defaultTokenParams.getDefaultTokenParams)(sdk);
35
- tokenParams = Object.assign({}, defaults, (0, _util.clone)(tokenParams));
36
-
37
- if (tokenParams.pkce === false) {
38
- // Implicit flow or authorization_code without PKCE
39
- return Promise.resolve(tokenParams);
40
- } // PKCE flow
41
-
42
-
36
+ function assertPKCESupport(sdk) {
43
37
  if (!sdk.features.isPKCESupported()) {
44
38
  var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';
45
39
 
@@ -53,35 +47,62 @@ function prepareTokenParams(sdk, tokenParams) {
53
47
  errorMessage += '\n"TextEncoder" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';
54
48
  }
55
49
 
56
- return Promise.reject(new _errors.AuthSdkError(errorMessage));
57
- } // set default code challenge method, if none provided
50
+ throw new _errors.AuthSdkError(errorMessage);
51
+ }
52
+ }
58
53
 
54
+ async function validateCodeChallengeMethod(sdk, codeChallengeMethod) {
55
+ // set default code challenge method, if none provided
56
+ codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || _constants.DEFAULT_CODE_CHALLENGE_METHOD; // validate against .well-known/openid-configuration
59
57
 
60
- if (!tokenParams.codeChallengeMethod) {
61
- tokenParams.codeChallengeMethod = _constants.DEFAULT_CODE_CHALLENGE_METHOD;
62
- } // responseType is forced
58
+ const wellKnownResponse = await (0, _wellKnown.getWellKnown)(sdk);
59
+ var methods = wellKnownResponse['code_challenge_methods_supported'] || [];
63
60
 
61
+ if (methods.indexOf(codeChallengeMethod) === -1) {
62
+ throw new _errors.AuthSdkError('Invalid code_challenge_method');
63
+ }
64
64
 
65
- tokenParams.responseType = 'code';
66
- return (0, _wellKnown.getWellKnown)(sdk, null).then(function (res) {
67
- var methods = res['code_challenge_methods_supported'] || [];
65
+ return codeChallengeMethod;
66
+ }
68
67
 
69
- if (methods.indexOf(tokenParams.codeChallengeMethod) === -1) {
70
- throw new _errors.AuthSdkError('Invalid code_challenge_method');
71
- }
72
- }).then(function () {
73
- if (!tokenParams.codeVerifier) {
74
- tokenParams.codeVerifier = _pkce.default.generateVerifier();
75
- }
68
+ async function preparePKCE(sdk, tokenParams) {
69
+ let {
70
+ codeVerifier,
71
+ codeChallenge,
72
+ codeChallengeMethod
73
+ } = tokenParams; // PKCE calculations can be avoided by passing a codeChallenge
74
+
75
+ codeChallenge = codeChallenge || sdk.options.codeChallenge;
76
+
77
+ if (!codeChallenge) {
78
+ assertPKCESupport(sdk);
79
+ codeVerifier = codeVerifier || _pkce.default.generateVerifier();
80
+ codeChallenge = await _pkce.default.computeChallenge(codeVerifier);
81
+ }
82
+
83
+ codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod); // Clone/copy the params. Set PKCE values
84
+
85
+ tokenParams = { ...tokenParams,
86
+ responseType: 'code',
87
+ // responseType is forced
88
+ codeVerifier,
89
+ codeChallenge,
90
+ codeChallengeMethod
91
+ };
92
+ return tokenParams;
93
+ } // Prepares params for a call to /authorize or /token
94
+
95
+
96
+ async function prepareTokenParams(sdk, tokenParams = {}) {
97
+ // build params using defaults + options
98
+ const defaults = (0, _defaultTokenParams.getDefaultTokenParams)(sdk);
99
+ tokenParams = Object.assign({}, defaults, (0, _util.clone)(tokenParams));
100
+
101
+ if (tokenParams.pkce === false) {
102
+ // Implicit flow or authorization_code without PKCE
103
+ return tokenParams;
104
+ }
76
105
 
77
- return _pkce.default.computeChallenge(tokenParams.codeVerifier);
78
- }).then(function (codeChallenge) {
79
- // Clone/copy the params. Set codeChallenge
80
- var clonedParams = (0, _util.clone)(tokenParams) || {};
81
- Object.assign(clonedParams, tokenParams, {
82
- codeChallenge: codeChallenge
83
- });
84
- return clonedParams;
85
- });
106
+ return preparePKCE(sdk, tokenParams);
86
107
  }
87
108
  //# sourceMappingURL=prepareTokenParams.js.map
package/cjs/oidc/util/prepareTokenParams.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"names":["prepareTokenParams","sdk","tokenParams","defaults","Object","assign","pkce","Promise","resolve","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","reject","AuthSdkError","codeChallengeMethod","DEFAULT_CODE_CHALLENGE_METHOD","responseType","then","res","methods","indexOf","codeVerifier","generateVerifier","computeChallenge","codeChallenge","clonedParams"],"mappings":";;;;;;AAYA;;AACA;;AAEA;;AACA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASA;AACO,SAASA,kBAAT,CAA4BC,GAA5B,EAA2CC,WAA3C,EAA4F;AACjG;AACA,QAAMC,QAAQ,GAAG,+CAAsBF,GAAtB,CAAjB;AACAC,EAAAA,WAAW,GAAGE,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,QAAlB,EAA4B,iBAAMD,WAAN,CAA5B,CAAd;;AAEA,MAAIA,WAAW,CAACI,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOC,OAAO,CAACC,OAAR,CAAgBN,WAAhB,CAAP;AACD,GARgG,CAUjG;;;AACA,MAAI,CAACD,GAAG,CAACQ,QAAJ,CAAaC,eAAb,EAAL,EAAqC;AACnC,QAAIC,YAAY,GAAG,qFAAnB;;AACA,QAAI,CAACV,GAAG,CAACQ,QAAJ,CAAaG,OAAb,EAAL,EAA6B;AAC3B;AACAD,MAAAA,YAAY,IAAI,kGAAhB;AACD;;AACD,QAAI,CAACV,GAAG,CAACQ,QAAJ,CAAaI,cAAb,EAAL,EAAoC;AAClC;AACAF,MAAAA,YAAY,IAAI,wGAAhB;AACD;;AACD,WAAOJ,OAAO,CAACO,MAAR,CAAe,IAAIC,oBAAJ,CAAiBJ,YAAjB,CAAf,CAAP;AACD,GAtBgG,CAwBjG;;;AACA,MAAI,CAACT,WAAW,CAACc,mBAAjB,EAAsC;AACpCd,IAAAA,WAAW,CAACc,mBAAZ,GAAkCC,wCAAlC;AACD,GA3BgG,CA6BjG;;;AACAf,EAAAA,WAAW,CAACgB,YAAZ,GAA2B,MAA3B;AAEA,SAAO,6BAAajB,GAAb,EAAkB,IAAlB,EACJkB,IADI,CACC,UAAUC,GAAV,EAAe;AACnB,QAAIC,OAAO,GAAGD,GAAG,CAAC,kCAAD,CAAH,IAA2C,EAAzD;;AACA,QAAIC,OAAO,CAACC,OAAR,CAAgBpB,WAAW,CAACc,mBAA5B,MAAqD,CAAC,CAA1D,EAA6D;AAC3D,YAAM,IAAID,oBAAJ,CAAiB,+BAAjB,CAAN;AACD;AACF,GANI,EAOJI,IAPI,CAOC,YAAY;AAChB,QAAI,CAACjB,WAAW,CAACqB,YAAjB,EAA+B;AAC7BrB,MAAAA,WAAW,CAACqB,YAAZ,GAA2BjB,cAAKkB,gBAAL,EAA3B;AACD;;AACD,WAAOlB,cAAKmB,gBAAL,CAAsBvB,WAAW,CAACqB,YAAlC,CAAP;AACD,GAZI,EAaJJ,IAbI,CAaC,UAAUO,aAAV,EAAyB;AAC7B;AACA,QAAIC,YAAY,GAAG,iBAAMzB,WAAN,KAAsB,EAAzC;AACAE,IAAAA,MAAM,CAACC,MAAP,CAAcsB,YAAd,EAA4BzB,WAA5B,EAAyC;AACvCwB,MAAAA,aAAa,EAAEA;AADwB,KAAzC;AAGA,WAAOC,YAAP;AACD,GApBI,CAAP;AAqBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth, TokenParams } from '../../types';\nimport { clone } from '../../util';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport pkce from './pkce';\n\n// Prepares params for a call to /authorize or /token\nexport function prepareTokenParams(sdk: OktaAuth, tokenParams?: TokenParams): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = Object.assign({}, defaults, clone(tokenParams));\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return Promise.resolve(tokenParams);\n }\n\n // PKCE flow\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n return Promise.reject(new AuthSdkError(errorMessage));\n }\n\n // set default code challenge method, if none provided\n if (!tokenParams.codeChallengeMethod) {\n tokenParams.codeChallengeMethod = DEFAULT_CODE_CHALLENGE_METHOD;\n }\n\n // responseType is forced\n tokenParams.responseType = 'code';\n\n return getWellKnown(sdk, null)\n .then(function (res) {\n var methods = res['code_challenge_methods_supported'] || [];\n if (methods.indexOf(tokenParams.codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n })\n .then(function () {\n if (!tokenParams.codeVerifier) {\n tokenParams.codeVerifier = pkce.generateVerifier();\n }\n return pkce.computeChallenge(tokenParams.codeVerifier);\n })\n .then(function (codeChallenge) {\n // Clone/copy the params. Set codeChallenge\n var clonedParams = clone(tokenParams) || {};\n Object.assign(clonedParams, tokenParams, {\n codeChallenge: codeChallenge,\n });\n return clonedParams;\n });\n}"],"file":"prepareTokenParams.js"}
1
+ {"version":3,"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","methods","indexOf","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","Object","assign","pkce"],"mappings":";;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AACA;;AAnBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,SAASA,iBAAT,CAA2BC,GAA3B,EAA0C;AAC/C,MAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;AACnC,QAAIC,YAAY,GAAG,qFAAnB;;AACA,QAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;AAC3B;AACAD,MAAAA,YAAY,IAAI,kGAAhB;AACD;;AACD,QAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;AAClC;AACAF,MAAAA,YAAY,IAAI,wGAAhB;AACD;;AACD,UAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;AACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAA0DQ,mBAA1D,EAAwF;AAC7F;AACAA,EAAAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAF6F,CAI7F;;AACA,QAAMC,iBAAiB,GAAG,MAAM,6BAAaX,GAAb,CAAhC;AACA,MAAIY,OAAO,GAAGD,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;AACA,MAAIC,OAAO,CAACC,OAAR,CAAgBL,mBAAhB,MAAyC,CAAC,CAA9C,EAAiD;AAC/C,UAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;AACD;;AACD,SAAOE,mBAAP;AACD;;AAEM,eAAeM,WAAf,CACLd,GADK,EAELe,WAFK,EAGiB;AACtB,MAAI;AACFC,IAAAA,YADE;AAEFC,IAAAA,aAFE;AAGFT,IAAAA;AAHE,MAIAO,WAJJ,CADsB,CAOtB;;AACAE,EAAAA,aAAa,GAAGA,aAAa,IAAIjB,GAAG,CAACS,OAAJ,CAAYQ,aAA7C;;AACA,MAAI,CAACA,aAAL,EAAoB;AAClBlB,IAAAA,iBAAiB,CAACC,GAAD,CAAjB;AACAgB,IAAAA,YAAY,GAAGA,YAAY,IAAIE,cAAKC,gBAAL,EAA/B;AACAF,IAAAA,aAAa,GAAG,MAAMC,cAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;AACD;;AACDR,EAAAA,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;AACAO,EAAAA,WAAW,GAAG,EACZ,GAAGA,WADS;AAEZM,IAAAA,YAAY,EAAE,MAFF;AAEU;AACtBL,IAAAA,YAHY;AAIZC,IAAAA,aAJY;AAKZT,IAAAA;AALY,GAAd;AAQA,SAAOO,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLtB,GADK,EAELe,WAAwB,GAAG,EAFtB,EAGiB;AACtB;AACA,QAAMQ,QAAQ,GAAG,+CAAsBvB,GAAtB,CAAjB;AACAe,EAAAA,WAAW,GAAGS,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,QAAlB,EAA4B,iBAAMR,WAAN,CAA5B,CAAd;;AAEA,MAAIA,WAAW,CAACW,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOX,WAAP;AACD;;AAED,SAAOD,WAAW,CAACd,GAAD,EAAMe,WAAN,CAAlB;AACD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth, TokenParams } from '../../types';\nimport { clone } from '../../util';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: OktaAuth) {\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n throw new AuthSdkError(errorMessage);\n }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuth, codeChallengeMethod?: string) {\n // set default code challenge method, if none provided\n codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n // validate against .well-known/openid-configuration\n const wellKnownResponse = await getWellKnown(sdk);\n var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n if (methods.indexOf(codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n sdk: OktaAuth, \n tokenParams: TokenParams\n): Promise<TokenParams> {\n let {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n } = tokenParams;\n\n // PKCE calculations can be avoided by passing a codeChallenge\n codeChallenge = codeChallenge || sdk.options.codeChallenge;\n if (!codeChallenge) {\n assertPKCESupport(sdk);\n codeVerifier = codeVerifier || PKCE.generateVerifier();\n codeChallenge = await PKCE.computeChallenge(codeVerifier);\n }\n codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n // Clone/copy the params. Set PKCE values\n tokenParams = {\n ...tokenParams,\n responseType: 'code', // responseType is forced\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n sdk: OktaAuth,\n tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = Object.assign({}, defaults, clone(tokenParams));\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return tokenParams;\n }\n\n return preparePKCE(sdk, tokenParams);\n}"],"file":"prepareTokenParams.js"}
package/cjs/oidc/util/validateClaims.js CHANGED
@@ -6,6 +6,8 @@ exports.validateClaims = validateClaims;
6
6
 
7
7
  var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"));
8
8
 
9
+ /* eslint-disable @typescript-eslint/no-non-null-assertion */
10
+
9
11
  /*!
10
12
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
11
13
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
package/cjs/oidc/util/validateClaims.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":";;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACY,GAAP,GAAaZ,MAAM,CAACa,GAAxB,EAA6B;AAC3B,UAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACR,GAAG,CAACe,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAAnB,GAAmChB,MAAM,CAACa,GAA9C,EAAmD;AACjD,YAAM,IAAIN,qBAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIP,MAAM,CAACY,GAAP,GAAcJ,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAApC,EAAmD;AACjD,YAAM,IAAIT,qBAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuth, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat > claims.exp) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew) > claims.exp) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat > (now + sdk.options.maxClockSkew)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"file":"validateClaims.js"}
1
+ {"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":";;;;;;AAeA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACY,GAAP,GAAcZ,MAAM,CAACa,GAAzB,EAA+B;AAC7B,UAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACR,GAAG,CAACe,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAAnB,GAAoChB,MAAM,CAACa,GAA/C,EAAqD;AACnD,YAAM,IAAIN,qBAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIP,MAAM,CAACY,GAAP,GAAeJ,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAArC,EAAqD;AACnD,YAAM,IAAIT,qBAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuth, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"file":"validateClaims.js"}
package/cjs/oidc/verifyToken.js CHANGED
@@ -60,7 +60,8 @@ async function verifyToken(sdk, token, validationParams) {
60
60
 
61
61
  if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {
62
62
  return token;
63
- }
63
+ } // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
64
+
64
65
 
65
66
  const key = await (0, _wellKnown.getKey)(sdk, token.issuer, jwt.header.kid);
66
67
  const valid = await sdkCrypto.verifyToken(token.idToken, key);
package/cjs/oidc/verifyToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/verifyToken.ts"],"names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","configuredIssuer","issuer","options","validationOptions","Object","assign","clientId","ignoreSignature","payload","features","isTokenVerifySupported","key","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"mappings":";;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAnBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAA0CC,KAA1C,EAA0DC,gBAA1D,EAAiH;AACtH,MAAI,CAACD,KAAD,IAAU,CAACA,KAAK,CAACE,OAArB,EAA8B;AAC5B,UAAM,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAN;AACD,GAHqH,CAKtH;;;AACA,MAAIC,GAAG,GAAG,8BAAYJ,KAAK,CAACE,OAAlB,CAAV,CANsH,CAQtH;AACA;;AACA,QAAMG,gBAAgB,GAAG,CAAAJ,gBAAgB,SAAhB,IAAAA,gBAAgB,WAAhB,YAAAA,gBAAgB,CAAEK,MAAlB,KAA4BP,GAAG,CAACQ,OAAJ,CAAYD,MAAjE;AACA,QAAM;AAAEA,IAAAA;AAAF,MAAa,MAAM,6BAAaP,GAAb,EAAkBM,gBAAlB,CAAzB;AAEA,MAAIG,iBAAoC,GAAGC,MAAM,CAACC,MAAP,CAAc;AACvD;AACAC,IAAAA,QAAQ,EAAEZ,GAAG,CAACQ,OAAJ,CAAYI,QAFiC;AAGvDC,IAAAA,eAAe,EAAEb,GAAG,CAACQ,OAAJ,CAAYK;AAH0B,GAAd,EAIxCX,gBAJwC,EAItB;AACnB;AACAK,IAAAA;AAFmB,GAJsB,CAA3C,CAbsH,CAsBtH;;AACA,4BAAeP,GAAf,EAAoBK,GAAG,CAACS,OAAxB,EAAiCL,iBAAjC,EAvBsH,CAyBtH;AACA;;AACA,MAAIA,iBAAiB,CAACI,eAAlB,IAAqC,IAArC,IAA6C,CAACb,GAAG,CAACe,QAAJ,CAAaC,sBAAb,EAAlD,EAAyF;AACvF,WAAOf,KAAP;AACD;;AAED,QAAMgB,GAAG,GAAG,MAAM,uBAAOjB,GAAP,EAAYC,KAAK,CAACM,MAAlB,EAA0BF,GAAG,CAACa,MAAJ,CAAWC,GAArC,CAAlB;AACA,QAAMC,KAAK,GAAG,MAAMC,SAAS,CAACtB,WAAV,CAAsBE,KAAK,CAACE,OAA5B,EAAqCc,GAArC,CAApB;;AACA,MAAI,CAACG,KAAL,EAAY;AACV,UAAM,IAAIhB,oBAAJ,CAAiB,kCAAjB,CAAN;AACD;;AACD,MAAIF,gBAAgB,IAAIA,gBAAgB,CAACoB,WAArC,IAAoDrB,KAAK,CAACsB,MAAN,CAAaC,OAArE,EAA8E;AAC5E,UAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAV,CAAsBxB,gBAAgB,CAACoB,WAAvC,CAAnB;;AACA,QAAIG,IAAI,KAAKxB,KAAK,CAACsB,MAAN,CAAaC,OAA1B,EAAmC;AACjC,YAAM,IAAIpB,oBAAJ,CAAiB,gCAAjB,CAAN;AACD;AACF;;AACD,SAAOH,KAAP;AACD","sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuth, TokenVerifyParams } from '../types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuth, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n var jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n var validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n const key = await getKey(sdk, token.issuer, jwt.header.kid);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"file":"verifyToken.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/verifyToken.ts"],"names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","configuredIssuer","issuer","options","validationOptions","Object","assign","clientId","ignoreSignature","payload","features","isTokenVerifySupported","key","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"mappings":";;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAnBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAA0CC,KAA1C,EAA0DC,gBAA1D,EAAiH;AACtH,MAAI,CAACD,KAAD,IAAU,CAACA,KAAK,CAACE,OAArB,EAA8B;AAC5B,UAAM,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAN;AACD,GAHqH,CAKtH;;;AACA,MAAIC,GAAG,GAAG,8BAAYJ,KAAK,CAACE,OAAlB,CAAV,CANsH,CAQtH;AACA;;AACA,QAAMG,gBAAgB,GAAG,CAAAJ,gBAAgB,SAAhB,IAAAA,gBAAgB,WAAhB,YAAAA,gBAAgB,CAAEK,MAAlB,KAA4BP,GAAG,CAACQ,OAAJ,CAAYD,MAAjE;AACA,QAAM;AAAEA,IAAAA;AAAF,MAAa,MAAM,6BAAaP,GAAb,EAAkBM,gBAAlB,CAAzB;AAEA,MAAIG,iBAAoC,GAAGC,MAAM,CAACC,MAAP,CAAc;AACvD;AACAC,IAAAA,QAAQ,EAAEZ,GAAG,CAACQ,OAAJ,CAAYI,QAFiC;AAGvDC,IAAAA,eAAe,EAAEb,GAAG,CAACQ,OAAJ,CAAYK;AAH0B,GAAd,EAIxCX,gBAJwC,EAItB;AACnB;AACAK,IAAAA;AAFmB,GAJsB,CAA3C,CAbsH,CAsBtH;;AACA,4BAAeP,GAAf,EAAoBK,GAAG,CAACS,OAAxB,EAAiCL,iBAAjC,EAvBsH,CAyBtH;AACA;;AACA,MAAIA,iBAAiB,CAACI,eAAlB,IAAqC,IAArC,IAA6C,CAACb,GAAG,CAACe,QAAJ,CAAaC,sBAAb,EAAlD,EAAyF;AACvF,WAAOf,KAAP;AACD,GA7BqH,CA+BtH;;;AACA,QAAMgB,GAAG,GAAG,MAAM,uBAAOjB,GAAP,EAAYC,KAAK,CAACM,MAAlB,EAA0BF,GAAG,CAACa,MAAJ,CAAWC,GAArC,CAAlB;AACA,QAAMC,KAAK,GAAG,MAAMC,SAAS,CAACtB,WAAV,CAAsBE,KAAK,CAACE,OAA5B,EAAqCc,GAArC,CAApB;;AACA,MAAI,CAACG,KAAL,EAAY;AACV,UAAM,IAAIhB,oBAAJ,CAAiB,kCAAjB,CAAN;AACD;;AACD,MAAIF,gBAAgB,IAAIA,gBAAgB,CAACoB,WAArC,IAAoDrB,KAAK,CAACsB,MAAN,CAAaC,OAArE,EAA8E;AAC5E,UAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAV,CAAsBxB,gBAAgB,CAACoB,WAAvC,CAAnB;;AACA,QAAIG,IAAI,KAAKxB,KAAK,CAACsB,MAAN,CAAaC,OAA1B,EAAmC;AACjC,YAAM,IAAIpB,oBAAJ,CAAiB,gCAAjB,CAAN;AACD;AACF;;AACD,SAAOH,KAAP;AACD","sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuth, TokenVerifyParams } from '../types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuth, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n var jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n var validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"file":"verifyToken.js"}
package/cjs/options.js CHANGED
@@ -32,8 +32,7 @@ var _features = require("./features");
32
32
  /* eslint-disable complexity */
33
33
  const BROWSER_STORAGE = {
34
34
  token: {
35
- storageTypes: ['localStorage', 'sessionStorage', 'cookie'],
36
- useMultipleCookies: true
35
+ storageTypes: ['localStorage', 'sessionStorage', 'cookie']
37
36
  },
38
37
  cache: {
39
38
  storageTypes: ['localStorage', 'sessionStorage', 'cookie']
@@ -145,6 +144,11 @@ function buildOptions(args = {}) {
145
144
  storageManager: args.storageManager,
146
145
  transactionManager: args.transactionManager,
147
146
  cookies: (0, _features.isBrowser)() ? getCookieSettings(args, (0, _features.isHTTPS)()) : args.cookies,
147
+ flow: args.flow,
148
+ codeChallenge: args.codeChallenge,
149
+ codeChallengeMethod: args.codeChallengeMethod,
150
+ recoveryToken: args.recoveryToken,
151
+ activationToken: args.activationToken,
148
152
  // Give the developer the ability to disable token signature validation.
149
153
  ignoreSignature: !!args.ignoreSignature,
150
154
  // Server-side web applications
package/cjs/options.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../lib/options.ts"],"names":["BROWSER_STORAGE","token","storageTypes","useMultipleCookies","cache","transaction","SERVER_STORAGE","getCookieSettings","args","isHTTPS","cookieSettings","cookies","secure","sameSite","getDefaultOptions","storageUtil","browserStorage","serverStorage","storageManager","enableSharedStorage","devMode","httpRequestClient","fetchRequest","transactionManager","mergeOptions","options","Object","assign","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","ignoreSignature","clientSecret"],"mappings":";;;;;;;AAcA;;AACA;;AAGA;;AACA;;AACA;;AACA;;AArBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAUA,MAAMA,eAAsC,GAAG;AAC7CC,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY,CADT;AAMLC,IAAAA,kBAAkB,EAAE;AANf,GADsC;AAS7CC,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GATsC;AAgB7CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;AADH,GAhBgC;AAuB7C,wBAAsB;AACpBA,IAAAA,YAAY,EAAE,CACZ,cADY;AADM,GAvBuB;AA4B7C,kBAAgB;AACdA,IAAAA,YAAY,EAAE,CACZ,cADY;AADA;AA5B6B,CAA/C;AAmCA,MAAMI,cAAqC,GAAG;AAC5CL,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GADqC;AAM5CE,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GANqC;AAW5CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,QADY;AADH;AAX+B,CAA9C;;AAkBA,SAASK,iBAAT,CAA2BC,IAAqB,GAAG,EAAnD,EAAuDC,OAAvD,EAAyE;AACvE;AACA;AACA;AACA,MAAIC,cAAc,GAAGF,IAAI,CAACG,OAAL,IAAgB,EAArC;;AACA,MAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;AAChDF,IAAAA,cAAc,CAACE,MAAf,GAAwBH,OAAxB;AACD;;AACD,MAAI,OAAOC,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;AAClDH,IAAAA,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;AACD,GAVsE,CAYvE;;;AACA,MAAIF,cAAc,CAACE,MAAf,IAAyB,CAACH,OAA9B,EAAuC;AACrC;AACA,oBACE,oEACA,4DADA,GAEA,gEAHF;AAKAC,IAAAA,cAAc,CAACE,MAAf,GAAwB,KAAxB;AACD,GArBsE,CAuBvE;AACA;;;AACA,MAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;AAChEF,IAAAA,cAAc,CAACG,QAAf,GAA0B,KAA1B;AACD;;AAED,SAAOH,cAAP;AACD;;AAGM,SAASI,iBAAT,GAA8C;AACnD,QAAMC,WAAW,GAAG,6BAAcC,uBAAd,GAA+BC,sBAAnD;AACA,QAAMC,cAAc,GAAG,6BAAclB,eAAd,GAAgCM,cAAvD;AACA,QAAMa,mBAAmB,GAAG,6BAAc,IAAd,GAAqB,KAAjD,CAHmD,CAGK;;AACxD,SAAO;AACLC,IAAAA,OAAO,EAAE,KADJ;AAELC,IAAAA,iBAAiB,EAAEC,qBAFd;AAGLP,IAAAA,WAHK;AAILG,IAAAA,cAJK;AAKLK,IAAAA,kBAAkB,EAAE;AAClBJ,MAAAA;AADkB;AALf,GAAP;AASD;;AAED,SAASK,YAAT,CAAsBC,OAAtB,EAA+BjB,IAA/B,EAAsD;AACpD,SAAOkB,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAlB,EAA2B,sBAAWjB,IAAX,CAA3B,EAA6C;AAClDU,IAAAA,cAAc,EAAEQ,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACP,cAA1B,EAA0CV,IAAI,CAACU,cAA/C,CADkC;AAElDK,IAAAA,kBAAkB,EAAEG,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACF,kBAA1B,EAA8Cf,IAAI,CAACe,kBAAnD;AAF8B,GAA7C,CAAP;AAID;;AAEM,SAASK,YAAT,CAAsBpB,IAAqB,GAAG,EAA9C,EAAmE;AACxE,sCAAkBA,IAAlB;AACAA,EAAAA,IAAI,GAAGgB,YAAY,CAACV,iBAAiB,EAAlB,EAAsBN,IAAtB,CAAnB;AACA,SAAO,sBAAW;AAChB;AACAqB,IAAAA,MAAM,EAAE,+BAAoBrB,IAAI,CAACqB,MAAzB,CAFQ;AAGhBC,IAAAA,QAAQ,EAAE,+BAAoBtB,IAAI,CAACsB,QAAzB,CAHM;AAIhBC,IAAAA,YAAY,EAAE,+BAAoBvB,IAAI,CAACuB,YAAzB,CAJE;AAKhBC,IAAAA,WAAW,EAAE,+BAAoBxB,IAAI,CAACwB,WAAzB,CALG;AAMhBC,IAAAA,SAAS,EAAE,+BAAoBzB,IAAI,CAACyB,SAAzB,CANK;AAOhBC,IAAAA,SAAS,EAAE,+BAAoB1B,IAAI,CAAC0B,SAAzB,CAPK;AAQhBC,IAAAA,QAAQ,EAAE3B,IAAI,CAAC2B,QARC;AAShBC,IAAAA,WAAW,EAAE5B,IAAI,CAAC4B,WATF;AAUhBC,IAAAA,KAAK,EAAE7B,IAAI,CAAC6B,KAVI;AAWhBC,IAAAA,MAAM,EAAE9B,IAAI,CAAC8B,MAXG;AAYhBC,IAAAA,qBAAqB,EAAE/B,IAAI,CAAC+B,qBAZZ;AAahBC,IAAAA,YAAY,EAAEhC,IAAI,CAACgC,YAbH;AAchBC,IAAAA,YAAY,EAAEjC,IAAI,CAACiC,YAdH;AAehBC,IAAAA,IAAI,EAAElC,IAAI,CAACkC,IAAL,KAAc,KAAd,GAAsB,KAAtB,GAA8B,IAfpB;AAe0B;AAC1CC,IAAAA,sBAAsB,EAAEnC,IAAI,CAACmC,sBAhBb;AAkBhB;AACAtB,IAAAA,iBAAiB,EAAEb,IAAI,CAACa,iBAnBR;AAoBhBuB,IAAAA,iBAAiB,EAAEpC,IAAI,CAACoC,iBApBR;AAqBhBC,IAAAA,kBAAkB,EAAErC,IAAI,CAACqC,kBArBT;AAsBhBC,IAAAA,kBAAkB,EAAEtC,IAAI,CAACsC,kBAtBT;AAuBhB/B,IAAAA,WAAW,EAAEP,IAAI,CAACO,WAvBF;AAwBhBgC,IAAAA,OAAO,EAAEvC,IAAI,CAACuC,OAxBE;AAyBhB3B,IAAAA,OAAO,EAAE,CAAC,CAACZ,IAAI,CAACY,OAzBA;AA0BhBF,IAAAA,cAAc,EAAEV,IAAI,CAACU,cA1BL;AA2BhBK,IAAAA,kBAAkB,EAAEf,IAAI,CAACe,kBA3BT;AA4BhBZ,IAAAA,OAAO,EAAE,6BAAcJ,iBAAiB,CAACC,IAAD,EAAO,wBAAP,CAA/B,GAAmDA,IAAI,CAACG,OA5BjD;AA8BhB;AACAqC,IAAAA,eAAe,EAAE,CAAC,CAACxC,IAAI,CAACwC,eA/BR;AAiChB;AACAC,IAAAA,YAAY,EAAEzC,IAAI,CAACyC;AAlCH,GAAX,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { removeTrailingSlash, warn, removeNils } from './util';\nimport { assertValidConfig } from './builderUtil';\nimport { OktaAuthOptions, StorageManagerOptions } from './types';\n\nimport fetchRequest from './fetch/fetchRequest';\nimport browserStorage from './browser/browserStorage';\nimport serverStorage from './server/serverStorage';\nimport { isBrowser, isHTTPS } from './features';\n\nconst BROWSER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ],\n useMultipleCookies: true\n },\n cache: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n transaction: {\n storageTypes: [\n 'sessionStorage',\n 'localStorage',\n 'cookie'\n ]\n },\n 'shared-transaction': {\n storageTypes: [\n 'localStorage'\n ]\n },\n 'original-uri': {\n storageTypes: [\n 'localStorage'\n ]\n }\n};\n\nconst SERVER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'memory'\n ]\n },\n cache: {\n storageTypes: [\n 'memory'\n ]\n },\n transaction: {\n storageTypes: [\n 'memory'\n ]\n }\n};\n\nfunction getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n // Secure cookies will be automatically used on a HTTPS connection\n // Non-secure cookies will be automatically used on a HTTP connection\n // secure option can override the automatic behavior\n var cookieSettings = args.cookies || {};\n if (typeof cookieSettings.secure === 'undefined') {\n cookieSettings.secure = isHTTPS;\n }\n if (typeof cookieSettings.sameSite === 'undefined') {\n cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n }\n\n // If secure=true, but the connection is not HTTPS, set secure=false.\n if (cookieSettings.secure && !isHTTPS) {\n // eslint-disable-next-line no-console\n warn(\n 'The current page is not being served with the HTTPS protocol.\\n' +\n 'For security reasons, we strongly recommend using HTTPS.\\n' +\n 'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n );\n cookieSettings.secure = false;\n }\n\n // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n cookieSettings.sameSite = 'lax';\n }\n\n return cookieSettings;\n}\n\n\nexport function getDefaultOptions(): OktaAuthOptions {\n const storageUtil = isBrowser() ? browserStorage : serverStorage;\n const storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;\n const enableSharedStorage = isBrowser() ? true : false; // localStorage for multi-tab flows (browser only)\n return {\n devMode: false,\n httpRequestClient: fetchRequest,\n storageUtil,\n storageManager,\n transactionManager: {\n enableSharedStorage\n }\n };\n}\n\nfunction mergeOptions(options, args): OktaAuthOptions {\n return Object.assign({}, options, removeNils(args), {\n storageManager: Object.assign({}, options.storageManager, args.storageManager),\n transactionManager: Object.assign({}, options.transactionManager, args.transactionManager),\n });\n}\n\nexport function buildOptions(args: OktaAuthOptions = {}): OktaAuthOptions {\n assertValidConfig(args);\n args = mergeOptions(getDefaultOptions(), args);\n return removeNils({\n // OIDC configuration\n issuer: removeTrailingSlash(args.issuer),\n tokenUrl: removeTrailingSlash(args.tokenUrl),\n authorizeUrl: removeTrailingSlash(args.authorizeUrl),\n userinfoUrl: removeTrailingSlash(args.userinfoUrl),\n revokeUrl: removeTrailingSlash(args.revokeUrl),\n logoutUrl: removeTrailingSlash(args.logoutUrl),\n clientId: args.clientId,\n redirectUri: args.redirectUri,\n state: args.state,\n scopes: args.scopes,\n postLogoutRedirectUri: args.postLogoutRedirectUri,\n responseMode: args.responseMode,\n responseType: args.responseType,\n pkce: args.pkce === false ? false : true, // PKCE defaults to true\n useInteractionCodeFlow: args.useInteractionCodeFlow,\n\n // Internal options\n httpRequestClient: args.httpRequestClient,\n transformErrorXHR: args.transformErrorXHR,\n transformAuthState: args.transformAuthState,\n restoreOriginalUri: args.restoreOriginalUri,\n storageUtil: args.storageUtil,\n headers: args.headers,\n devMode: !!args.devMode,\n storageManager: args.storageManager,\n transactionManager: args.transactionManager,\n cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,\n\n // Give the developer the ability to disable token signature validation.\n ignoreSignature: !!args.ignoreSignature,\n\n // Server-side web applications\n clientSecret: args.clientSecret\n });\n}\n"],"file":"options.js"}
1
+ {"version":3,"sources":["../../lib/options.ts"],"names":["BROWSER_STORAGE","token","storageTypes","cache","transaction","SERVER_STORAGE","getCookieSettings","args","isHTTPS","cookieSettings","cookies","secure","sameSite","getDefaultOptions","storageUtil","browserStorage","serverStorage","storageManager","enableSharedStorage","devMode","httpRequestClient","fetchRequest","transactionManager","mergeOptions","options","Object","assign","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","flow","codeChallenge","codeChallengeMethod","recoveryToken","activationToken","ignoreSignature","clientSecret"],"mappings":";;;;;;;AAcA;;AACA;;AAGA;;AACA;;AACA;;AACA;;AArBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAUA,MAAMA,eAAsC,GAAG;AAC7CC,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GADsC;AAQ7CC,EAAAA,KAAK,EAAE;AACLD,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GARsC;AAe7CE,EAAAA,WAAW,EAAE;AACXF,IAAAA,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;AADH,GAfgC;AAsB7C,wBAAsB;AACpBA,IAAAA,YAAY,EAAE,CACZ,cADY;AADM,GAtBuB;AA2B7C,kBAAgB;AACdA,IAAAA,YAAY,EAAE,CACZ,cADY;AADA;AA3B6B,CAA/C;AAkCA,MAAMG,cAAqC,GAAG;AAC5CJ,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GADqC;AAM5CC,EAAAA,KAAK,EAAE;AACLD,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GANqC;AAW5CE,EAAAA,WAAW,EAAE;AACXF,IAAAA,YAAY,EAAE,CACZ,QADY;AADH;AAX+B,CAA9C;;AAkBA,SAASI,iBAAT,CAA2BC,IAAqB,GAAG,EAAnD,EAAuDC,OAAvD,EAAyE;AACvE;AACA;AACA;AACA,MAAIC,cAAc,GAAGF,IAAI,CAACG,OAAL,IAAgB,EAArC;;AACA,MAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;AAChDF,IAAAA,cAAc,CAACE,MAAf,GAAwBH,OAAxB;AACD;;AACD,MAAI,OAAOC,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;AAClDH,IAAAA,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;AACD,GAVsE,CAYvE;;;AACA,MAAIF,cAAc,CAACE,MAAf,IAAyB,CAACH,OAA9B,EAAuC;AACrC;AACA,oBACE,oEACA,4DADA,GAEA,gEAHF;AAKAC,IAAAA,cAAc,CAACE,MAAf,GAAwB,KAAxB;AACD,GArBsE,CAuBvE;AACA;;;AACA,MAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;AAChEF,IAAAA,cAAc,CAACG,QAAf,GAA0B,KAA1B;AACD;;AAED,SAAOH,cAAP;AACD;;AAGM,SAASI,iBAAT,GAA8C;AACnD,QAAMC,WAAW,GAAG,6BAAcC,uBAAd,GAA+BC,sBAAnD;AACA,QAAMC,cAAc,GAAG,6BAAcjB,eAAd,GAAgCK,cAAvD;AACA,QAAMa,mBAAmB,GAAG,6BAAc,IAAd,GAAqB,KAAjD,CAHmD,CAGK;;AACxD,SAAO;AACLC,IAAAA,OAAO,EAAE,KADJ;AAELC,IAAAA,iBAAiB,EAAEC,qBAFd;AAGLP,IAAAA,WAHK;AAILG,IAAAA,cAJK;AAKLK,IAAAA,kBAAkB,EAAE;AAClBJ,MAAAA;AADkB;AALf,GAAP;AASD;;AAED,SAASK,YAAT,CAAsBC,OAAtB,EAA+BjB,IAA/B,EAAsD;AACpD,SAAOkB,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAlB,EAA2B,sBAAWjB,IAAX,CAA3B,EAA6C;AAClDU,IAAAA,cAAc,EAAEQ,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACP,cAA1B,EAA0CV,IAAI,CAACU,cAA/C,CADkC;AAElDK,IAAAA,kBAAkB,EAAEG,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACF,kBAA1B,EAA8Cf,IAAI,CAACe,kBAAnD;AAF8B,GAA7C,CAAP;AAID;;AAEM,SAASK,YAAT,CAAsBpB,IAAqB,GAAG,EAA9C,EAAmE;AACxE,sCAAkBA,IAAlB;AACAA,EAAAA,IAAI,GAAGgB,YAAY,CAACV,iBAAiB,EAAlB,EAAsBN,IAAtB,CAAnB;AACA,SAAO,sBAAW;AAChB;AACAqB,IAAAA,MAAM,EAAE,+BAAoBrB,IAAI,CAACqB,MAAzB,CAFQ;AAGhBC,IAAAA,QAAQ,EAAE,+BAAoBtB,IAAI,CAACsB,QAAzB,CAHM;AAIhBC,IAAAA,YAAY,EAAE,+BAAoBvB,IAAI,CAACuB,YAAzB,CAJE;AAKhBC,IAAAA,WAAW,EAAE,+BAAoBxB,IAAI,CAACwB,WAAzB,CALG;AAMhBC,IAAAA,SAAS,EAAE,+BAAoBzB,IAAI,CAACyB,SAAzB,CANK;AAOhBC,IAAAA,SAAS,EAAE,+BAAoB1B,IAAI,CAAC0B,SAAzB,CAPK;AAQhBC,IAAAA,QAAQ,EAAE3B,IAAI,CAAC2B,QARC;AAShBC,IAAAA,WAAW,EAAE5B,IAAI,CAAC4B,WATF;AAUhBC,IAAAA,KAAK,EAAE7B,IAAI,CAAC6B,KAVI;AAWhBC,IAAAA,MAAM,EAAE9B,IAAI,CAAC8B,MAXG;AAYhBC,IAAAA,qBAAqB,EAAE/B,IAAI,CAAC+B,qBAZZ;AAahBC,IAAAA,YAAY,EAAEhC,IAAI,CAACgC,YAbH;AAchBC,IAAAA,YAAY,EAAEjC,IAAI,CAACiC,YAdH;AAehBC,IAAAA,IAAI,EAAElC,IAAI,CAACkC,IAAL,KAAc,KAAd,GAAsB,KAAtB,GAA8B,IAfpB;AAe0B;AAC1CC,IAAAA,sBAAsB,EAAEnC,IAAI,CAACmC,sBAhBb;AAkBhB;AACAtB,IAAAA,iBAAiB,EAAEb,IAAI,CAACa,iBAnBR;AAoBhBuB,IAAAA,iBAAiB,EAAEpC,IAAI,CAACoC,iBApBR;AAqBhBC,IAAAA,kBAAkB,EAAErC,IAAI,CAACqC,kBArBT;AAsBhBC,IAAAA,kBAAkB,EAAEtC,IAAI,CAACsC,kBAtBT;AAuBhB/B,IAAAA,WAAW,EAAEP,IAAI,CAACO,WAvBF;AAwBhBgC,IAAAA,OAAO,EAAEvC,IAAI,CAACuC,OAxBE;AAyBhB3B,IAAAA,OAAO,EAAE,CAAC,CAACZ,IAAI,CAACY,OAzBA;AA0BhBF,IAAAA,cAAc,EAAEV,IAAI,CAACU,cA1BL;AA2BhBK,IAAAA,kBAAkB,EAAEf,IAAI,CAACe,kBA3BT;AA4BhBZ,IAAAA,OAAO,EAAE,6BAAcJ,iBAAiB,CAACC,IAAD,EAAO,wBAAP,CAA/B,GAAmDA,IAAI,CAACG,OA5BjD;AA6BhBqC,IAAAA,IAAI,EAAExC,IAAI,CAACwC,IA7BK;AA8BhBC,IAAAA,aAAa,EAAEzC,IAAI,CAACyC,aA9BJ;AA+BhBC,IAAAA,mBAAmB,EAAE1C,IAAI,CAAC0C,mBA/BV;AAgChBC,IAAAA,aAAa,EAAE3C,IAAI,CAAC2C,aAhCJ;AAiChBC,IAAAA,eAAe,EAAE5C,IAAI,CAAC4C,eAjCN;AAmChB;AACAC,IAAAA,eAAe,EAAE,CAAC,CAAC7C,IAAI,CAAC6C,eApCR;AAsChB;AACAC,IAAAA,YAAY,EAAE9C,IAAI,CAAC8C;AAvCH,GAAX,CAAP;AAyCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { removeTrailingSlash, warn, removeNils } from './util';\nimport { assertValidConfig } from './builderUtil';\nimport { OktaAuthOptions, StorageManagerOptions } from './types';\n\nimport fetchRequest from './fetch/fetchRequest';\nimport browserStorage from './browser/browserStorage';\nimport serverStorage from './server/serverStorage';\nimport { isBrowser, isHTTPS } from './features';\n\nconst BROWSER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n cache: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n transaction: {\n storageTypes: [\n 'sessionStorage',\n 'localStorage',\n 'cookie'\n ]\n },\n 'shared-transaction': {\n storageTypes: [\n 'localStorage'\n ]\n },\n 'original-uri': {\n storageTypes: [\n 'localStorage'\n ]\n }\n};\n\nconst SERVER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'memory'\n ]\n },\n cache: {\n storageTypes: [\n 'memory'\n ]\n },\n transaction: {\n storageTypes: [\n 'memory'\n ]\n }\n};\n\nfunction getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n // Secure cookies will be automatically used on a HTTPS connection\n // Non-secure cookies will be automatically used on a HTTP connection\n // secure option can override the automatic behavior\n var cookieSettings = args.cookies || {};\n if (typeof cookieSettings.secure === 'undefined') {\n cookieSettings.secure = isHTTPS;\n }\n if (typeof cookieSettings.sameSite === 'undefined') {\n cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n }\n\n // If secure=true, but the connection is not HTTPS, set secure=false.\n if (cookieSettings.secure && !isHTTPS) {\n // eslint-disable-next-line no-console\n warn(\n 'The current page is not being served with the HTTPS protocol.\\n' +\n 'For security reasons, we strongly recommend using HTTPS.\\n' +\n 'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n );\n cookieSettings.secure = false;\n }\n\n // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n cookieSettings.sameSite = 'lax';\n }\n\n return cookieSettings;\n}\n\n\nexport function getDefaultOptions(): OktaAuthOptions {\n const storageUtil = isBrowser() ? browserStorage : serverStorage;\n const storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;\n const enableSharedStorage = isBrowser() ? true : false; // localStorage for multi-tab flows (browser only)\n return {\n devMode: false,\n httpRequestClient: fetchRequest,\n storageUtil,\n storageManager,\n transactionManager: {\n enableSharedStorage\n }\n };\n}\n\nfunction mergeOptions(options, args): OktaAuthOptions {\n return Object.assign({}, options, removeNils(args), {\n storageManager: Object.assign({}, options.storageManager, args.storageManager),\n transactionManager: Object.assign({}, options.transactionManager, args.transactionManager),\n });\n}\n\nexport function buildOptions(args: OktaAuthOptions = {}): OktaAuthOptions {\n assertValidConfig(args);\n args = mergeOptions(getDefaultOptions(), args);\n return removeNils({\n // OIDC configuration\n issuer: removeTrailingSlash(args.issuer),\n tokenUrl: removeTrailingSlash(args.tokenUrl),\n authorizeUrl: removeTrailingSlash(args.authorizeUrl),\n userinfoUrl: removeTrailingSlash(args.userinfoUrl),\n revokeUrl: removeTrailingSlash(args.revokeUrl),\n logoutUrl: removeTrailingSlash(args.logoutUrl),\n clientId: args.clientId,\n redirectUri: args.redirectUri,\n state: args.state,\n scopes: args.scopes,\n postLogoutRedirectUri: args.postLogoutRedirectUri,\n responseMode: args.responseMode,\n responseType: args.responseType,\n pkce: args.pkce === false ? false : true, // PKCE defaults to true\n useInteractionCodeFlow: args.useInteractionCodeFlow,\n\n // Internal options\n httpRequestClient: args.httpRequestClient,\n transformErrorXHR: args.transformErrorXHR,\n transformAuthState: args.transformAuthState,\n restoreOriginalUri: args.restoreOriginalUri,\n storageUtil: args.storageUtil,\n headers: args.headers,\n devMode: !!args.devMode,\n storageManager: args.storageManager,\n transactionManager: args.transactionManager,\n cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,\n flow: args.flow,\n codeChallenge: args.codeChallenge,\n codeChallengeMethod: args.codeChallengeMethod,\n recoveryToken: args.recoveryToken,\n activationToken: args.activationToken,\n \n // Give the developer the ability to disable token signature validation.\n ignoreSignature: !!args.ignoreSignature,\n\n // Server-side web applications\n clientSecret: args.clientSecret\n });\n}\n"],"file":"options.js"}
package/cjs/server/serverStorage.js CHANGED
@@ -75,7 +75,7 @@ class ServerStorage {
75
75
  }
76
76
 
77
77
  getStorageByType(storageType) {
78
- let storageProvider = null;
78
+ let storageProvider;
79
79
 
80
80
  switch (storageType) {
81
81
  case 'memory':
package/cjs/server/serverStorage.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/server/serverStorage.ts"],"names":["NodeCache","require","sharedStorage","ServerCookies","constructor","nodeCache","set","name","value","expiresAt","Date","parse","ttl","now","get","delete","del","ServerStorage","storage","testStorageType","storageType","supported","getStorageByType","storageProvider","getStorage","AuthSdkError","findStorageType","getHttpCache","getItem","setItem","key"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAIA,MAAMA,SAAS,GAAGC,OAAO,CAAC,YAAD,CAAzB,C,CAAyC;AAEzC;;;AACA,MAAMC,aAAa,GAAG,OAAOF,SAAP,KAAqB,UAArB,GAAkC,IAAIA,SAAJ,EAAlC,GAAoD,IAA1E;;AAEA,MAAMG,aAAN,CAAuC;AACrB;AAEhBC,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACD;;AAEDC,EAAAA,GAAG,CAACC,IAAD,EAAeC,KAAf,EAA8BC,SAA9B,EAAyD;AAC1D;AACA,QAAI,CAAC,CAAEC,IAAI,CAACC,KAAL,CAAWF,SAAX,CAAP,EAA+B;AAC7B;AACA,UAAIG,GAAG,GAAG,CAACF,IAAI,CAACC,KAAL,CAAWF,SAAX,IAAwBC,IAAI,CAACG,GAAL,EAAzB,IAAuC,IAAjD;AACA,WAAKR,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB,EAAgCI,GAAhC;AACD,KAJD,MAIO;AACL,WAAKP,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB;AACD;;AAED,WAAO,KAAKM,GAAL,CAASP,IAAT,CAAP;AACD;;AAEDO,EAAAA,GAAG,CAACP,IAAD,EAAe;AAChB,WAAO,KAAKF,SAAL,CAAeS,GAAf,CAAmBP,IAAnB,CAAP;AACD;;AAEDQ,EAAAA,MAAM,CAACR,IAAD,EAAO;AACX,WAAO,KAAKF,SAAL,CAAeW,GAAf,CAAmBT,IAAnB,CAAP;AACD;;AA1BoC,C,CA4BvC;;;AACA,MAAMU,aAAN,CAA2C;AACzB;AAEhBb,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACA,SAAKa,OAAL,GAAe,IAAIf,aAAJ,CAAkBE,SAAlB,CAAf;AACD;;AAEDc,EAAAA,eAAe,CAACC,WAAD,EAAoC;AACjD,QAAIC,SAAS,GAAG,KAAhB;;AACA,YAAQD,WAAR;AACE,WAAK,QAAL;AACEC,QAAAA,SAAS,GAAG,IAAZ;AACA;;AACF;AACE;AALJ;;AAOA,WAAOA,SAAP;AACD;;AAEDC,EAAAA,gBAAgB,CAACF,WAAD,EAA0C;AACxD,QAAIG,eAAe,GAAG,IAAtB;;AACA,YAAQH,WAAR;AACE,WAAK,QAAL;AACEG,QAAAA,eAAe,GAAG,KAAKC,UAAL,EAAlB;AACA;;AACF;AACE,cAAM,IAAIC,oBAAJ,CAAkB,gCAA+BL,WAAY,EAA7D,CAAN;AACA;AANJ;;AAQA,WAAOG,eAAP;AACD;;AAEDG,EAAAA,eAAe,GAAgB;AAC7B,WAAO,QAAP;AACD,GAnCwC,CAqCzC;;;AACAC,EAAAA,YAAY,GAAG;AACb,WAAO,IAAP,CADa,CACA;AACd,GAxCwC,CA0CzC;;;AACAH,EAAAA,UAAU,GAAkB;AAC1B,WAAO;AACLI,MAAAA,OAAO,EAAE,KAAKvB,SAAL,CAAeS,GADnB;AAELe,MAAAA,OAAO,EAAE,CAACC,GAAD,EAAMtB,KAAN,KAAgB;AACvB,aAAKH,SAAL,CAAeC,GAAf,CAAmBwB,GAAnB,EAAwBtB,KAAxB,EAA+B,0BAA/B;AACD;AAJI,KAAP;AAMD;;AAlDwC;;eAqD5B,IAAIS,aAAJ,CAAkBf,aAAlB,C","sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { SimpleStorage, StorageType, StorageUtil, Cookies } from '../types';\nimport { AuthSdkError } from '../errors';\nconst NodeCache = require('node-cache'); // commonJS module cannot be imported without esModuleInterop\n\n// this is a SHARED memory storage to support a stateless http server\nconst sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;\n\nclass ServerCookies implements Cookies {\n nodeCache: any; // NodeCache\n \n constructor(nodeCache) {\n this.nodeCache = nodeCache;\n }\n\n set(name: string, value: string, expiresAt: string): string {\n // eslint-disable-next-line no-extra-boolean-cast\n if (!!(Date.parse(expiresAt))) {\n // Time to expiration in seconds\n var ttl = (Date.parse(expiresAt) - Date.now()) / 1000;\n this.nodeCache.set(name, value, ttl);\n } else {\n this.nodeCache.set(name, value);\n }\n\n return this.get(name);\n }\n\n get(name): string {\n return this.nodeCache.get(name);\n }\n\n delete(name) {\n return this.nodeCache.del(name);\n }\n}\n// Building this as an object allows us to mock the functions in our tests\nclass ServerStorage implements StorageUtil {\n nodeCache: any; // NodeCache\n storage: Cookies;\n constructor(nodeCache) {\n this.nodeCache = nodeCache;\n this.storage = new ServerCookies(nodeCache);\n }\n\n testStorageType(storageType: StorageType): boolean {\n var supported = false;\n switch (storageType) {\n case 'memory':\n supported = true;\n break;\n default:\n break;\n }\n return supported;\n }\n\n getStorageByType(storageType: StorageType): SimpleStorage {\n let storageProvider = null;\n switch (storageType) {\n case 'memory':\n storageProvider = this.getStorage();\n break;\n default:\n throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n break;\n }\n return storageProvider;\n }\n\n findStorageType(): StorageType {\n return 'memory';\n }\n\n // will be removed in next version. OKTA-362589\n getHttpCache() {\n return null; // stubbed in server.js\n }\n\n // shared in-memory using node cache\n getStorage(): SimpleStorage {\n return {\n getItem: this.nodeCache.get,\n setItem: (key, value) => {\n this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');\n }\n };\n }\n}\n\nexport default new ServerStorage(sharedStorage);\n"],"file":"serverStorage.js"}
1
+ {"version":3,"sources":["../../../lib/server/serverStorage.ts"],"names":["NodeCache","require","sharedStorage","ServerCookies","constructor","nodeCache","set","name","value","expiresAt","Date","parse","ttl","now","get","delete","del","ServerStorage","storage","testStorageType","storageType","supported","getStorageByType","storageProvider","getStorage","AuthSdkError","findStorageType","getHttpCache","getItem","setItem","key"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAIA,MAAMA,SAAS,GAAGC,OAAO,CAAC,YAAD,CAAzB,C,CAAyC;AAEzC;;;AACA,MAAMC,aAAa,GAAG,OAAOF,SAAP,KAAqB,UAArB,GAAkC,IAAIA,SAAJ,EAAlC,GAAoD,IAA1E;;AAEA,MAAMG,aAAN,CAAuC;AACrB;AAEhBC,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACD;;AAEDC,EAAAA,GAAG,CAACC,IAAD,EAAeC,KAAf,EAA8BC,SAA9B,EAAyD;AAC1D;AACA,QAAI,CAAC,CAAEC,IAAI,CAACC,KAAL,CAAWF,SAAX,CAAP,EAA+B;AAC7B;AACA,UAAIG,GAAG,GAAG,CAACF,IAAI,CAACC,KAAL,CAAWF,SAAX,IAAwBC,IAAI,CAACG,GAAL,EAAzB,IAAuC,IAAjD;AACA,WAAKR,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB,EAAgCI,GAAhC;AACD,KAJD,MAIO;AACL,WAAKP,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB;AACD;;AAED,WAAO,KAAKM,GAAL,CAASP,IAAT,CAAP;AACD;;AAEDO,EAAAA,GAAG,CAACP,IAAD,EAAe;AAChB,WAAO,KAAKF,SAAL,CAAeS,GAAf,CAAmBP,IAAnB,CAAP;AACD;;AAEDQ,EAAAA,MAAM,CAACR,IAAD,EAAO;AACX,WAAO,KAAKF,SAAL,CAAeW,GAAf,CAAmBT,IAAnB,CAAP;AACD;;AA1BoC,C,CA4BvC;;;AACA,MAAMU,aAAN,CAA2C;AACzB;AAEhBb,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACA,SAAKa,OAAL,GAAe,IAAIf,aAAJ,CAAkBE,SAAlB,CAAf;AACD;;AAEDc,EAAAA,eAAe,CAACC,WAAD,EAAoC;AACjD,QAAIC,SAAS,GAAG,KAAhB;;AACA,YAAQD,WAAR;AACE,WAAK,QAAL;AACEC,QAAAA,SAAS,GAAG,IAAZ;AACA;;AACF;AACE;AALJ;;AAOA,WAAOA,SAAP;AACD;;AAEDC,EAAAA,gBAAgB,CAACF,WAAD,EAA0C;AACxD,QAAIG,eAAJ;;AACA,YAAQH,WAAR;AACE,WAAK,QAAL;AACEG,QAAAA,eAAe,GAAG,KAAKC,UAAL,EAAlB;AACA;;AACF;AACE,cAAM,IAAIC,oBAAJ,CAAkB,gCAA+BL,WAAY,EAA7D,CAAN;AACA;AANJ;;AAQA,WAAOG,eAAP;AACD;;AAEDG,EAAAA,eAAe,GAAgB;AAC7B,WAAO,QAAP;AACD,GAnCwC,CAqCzC;;;AACAC,EAAAA,YAAY,GAAG;AACb,WAAO,IAAP,CADa,CACA;AACd,GAxCwC,CA0CzC;;;AACAH,EAAAA,UAAU,GAAkB;AAC1B,WAAO;AACLI,MAAAA,OAAO,EAAE,KAAKvB,SAAL,CAAeS,GADnB;AAELe,MAAAA,OAAO,EAAE,CAACC,GAAD,EAAMtB,KAAN,KAAgB;AACvB,aAAKH,SAAL,CAAeC,GAAf,CAAmBwB,GAAnB,EAAwBtB,KAAxB,EAA+B,0BAA/B;AACD;AAJI,KAAP;AAMD;;AAlDwC;;eAqD5B,IAAIS,aAAJ,CAAkBf,aAAlB,C","sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { SimpleStorage, StorageType, StorageUtil, Cookies } from '../types';\nimport { AuthSdkError } from '../errors';\nconst NodeCache = require('node-cache'); // commonJS module cannot be imported without esModuleInterop\n\n// this is a SHARED memory storage to support a stateless http server\nconst sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;\n\nclass ServerCookies implements Cookies {\n nodeCache: any; // NodeCache\n \n constructor(nodeCache) {\n this.nodeCache = nodeCache;\n }\n\n set(name: string, value: string, expiresAt: string): string {\n // eslint-disable-next-line no-extra-boolean-cast\n if (!!(Date.parse(expiresAt))) {\n // Time to expiration in seconds\n var ttl = (Date.parse(expiresAt) - Date.now()) / 1000;\n this.nodeCache.set(name, value, ttl);\n } else {\n this.nodeCache.set(name, value);\n }\n\n return this.get(name);\n }\n\n get(name): string {\n return this.nodeCache.get(name);\n }\n\n delete(name) {\n return this.nodeCache.del(name);\n }\n}\n// Building this as an object allows us to mock the functions in our tests\nclass ServerStorage implements StorageUtil {\n nodeCache: any; // NodeCache\n storage: Cookies;\n constructor(nodeCache) {\n this.nodeCache = nodeCache;\n this.storage = new ServerCookies(nodeCache);\n }\n\n testStorageType(storageType: StorageType): boolean {\n var supported = false;\n switch (storageType) {\n case 'memory':\n supported = true;\n break;\n default:\n break;\n }\n return supported;\n }\n\n getStorageByType(storageType: StorageType): SimpleStorage {\n let storageProvider;\n switch (storageType) {\n case 'memory':\n storageProvider = this.getStorage();\n break;\n default:\n throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n break;\n }\n return storageProvider;\n }\n\n findStorageType(): StorageType {\n return 'memory';\n }\n\n // will be removed in next version. OKTA-362589\n getHttpCache() {\n return null; // stubbed in server.js\n }\n\n // shared in-memory using node cache\n getStorage(): SimpleStorage {\n return {\n getItem: this.nodeCache.get,\n setItem: (key, value) => {\n this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');\n }\n };\n }\n}\n\nexport default new ServerStorage(sharedStorage);\n"],"file":"serverStorage.js"}
package/cjs/services/TokenService.js CHANGED
@@ -39,6 +39,8 @@ class TokenService {
39
39
  constructor(tokenManager, options = {}) {
40
40
  this.tokenManager = tokenManager;
41
41
  this.options = options;
42
+ this.storageListener = undefined;
43
+ this.onTokenExpiredHandler = undefined;
42
44
  }
43
45
 
44
46
  start() {
@@ -97,6 +99,7 @@ class TokenService {
97
99
  this.tokenManager.off(_TokenManager.EVENT_EXPIRED, this.onTokenExpiredHandler);
98
100
 
99
101
  if (this.options.syncStorage && (0, _features.isBrowser)()) {
102
+ // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
100
103
  window.removeEventListener('storage', this.storageListener);
101
104
  clearTimeout(this.syncTimeout);
102
105
  }
package/cjs/services/TokenService.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/services/TokenService.ts"],"names":["shouldThrottleRenew","renewTimeQueue","res","push","Date","now","length","firstTime","shift","lastTime","TokenService","constructor","tokenManager","options","start","onTokenExpiredHandler","key","autoRenew","error","AuthSdkError","emitError","renew","catch","autoRemove","remove","on","EVENT_EXPIRED","setExpireEventTimeoutAll","syncStorage","storageListener","newValue","oldValue","handleCrossTabsStorageChange","resetExpireEventTimeoutAll","emitEventsForCrossTabsStorageUpdate","storageKey","syncTimeout","setTimeout","_storageEventDelay","window","addEventListener","stop","clearExpireEventTimeoutAll","off","removeEventListener","clearTimeout"],"mappings":";;;;AAcA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAMA,SAASA,mBAAT,CAA6BC,cAA7B,EAA6C;AAC3C,MAAIC,GAAG,GAAG,KAAV;AACAD,EAAAA,cAAc,CAACE,IAAf,CAAoBC,IAAI,CAACC,GAAL,EAApB;;AACA,MAAIJ,cAAc,CAACK,MAAf,IAAyB,EAA7B,EAAiC;AAC/B;AACA,UAAMC,SAAS,GAAGN,cAAc,CAACO,KAAf,EAAlB;AACA,UAAMC,QAAQ,GAAGR,cAAc,CAACA,cAAc,CAACK,MAAf,GAAwB,CAAzB,CAA/B;AACAJ,IAAAA,GAAG,GAAGO,QAAQ,GAAGF,SAAX,GAAuB,KAAK,IAAlC;AACD;;AACD,SAAOL,GAAP;AACD;;AAEM,MAAMQ,YAAN,CAAmB;AAOxBC,EAAAA,WAAW,CAACC,YAAD,EAA6BC,OAA4B,GAAG,EAA5D,EAAgE;AACzE,SAAKD,YAAL,GAAoBA,YAApB;AACA,SAAKC,OAAL,GAAeA,OAAf;AACD;;AAEDC,EAAAA,KAAK,GAAG;AACN,UAAMb,cAAc,GAAG,EAAvB;;AACA,SAAKc,qBAAL,GAA8BC,GAAD,IAAS;AACpC,UAAI,KAAKH,OAAL,CAAaI,SAAjB,EAA4B;AAC1B,YAAIjB,mBAAmB,CAACC,cAAD,CAAvB,EAAyC;AACvC,gBAAMiB,KAAK,GAAG,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAd;AACA,eAAKP,YAAL,CAAkBQ,SAAlB,CAA4BF,KAA5B;AACD,SAHD,MAGO;AACL,eAAKN,YAAL,CAAkBS,KAAlB,CAAwBL,GAAxB,EAA6BM,KAA7B,CAAmC,MAAM,CAAE,CAA3C,EADK,CACyC;AAC/C;AACF,OAPD,MAOO,IAAI,KAAKT,OAAL,CAAaU,UAAjB,EAA6B;AAClC,aAAKX,YAAL,CAAkBY,MAAlB,CAAyBR,GAAzB;AACD;AACF,KAXD;;AAYA,SAAKJ,YAAL,CAAkBa,EAAlB,CAAqBC,2BAArB,EAAoC,KAAKX,qBAAzC;AAEA,SAAKH,YAAL,CAAkBe,wBAAlB;;AAEA,QAAI,KAAKd,OAAL,CAAae,WAAb,IAA4B,0BAAhC,EAA6C;AAC3C;AACA;AACA;AACA;AAEA,WAAKC,eAAL,GAAuB,CAAC;AAAEb,QAAAA,GAAF;AAAOc,QAAAA,QAAP;AAAiBC,QAAAA;AAAjB,OAAD,KAA+C;AACpE,cAAMC,4BAA4B,GAAG,MAAM;AACzC,eAAKpB,YAAL,CAAkBqB,0BAAlB;AACA,eAAKrB,YAAL,CAAkBsB,mCAAlB,CAAsDJ,QAAtD,EAAgEC,QAAhE;AACD,SAHD,CADoE,CAMpE;AACA;AACA;AACA;;;AACA,YAAIf,GAAG,KAAKA,GAAG,KAAK,KAAKH,OAAL,CAAasB,UAArB,IAAmCL,QAAQ,KAAKC,QAArD,CAAP,EAAuE;AACrE;AACD,SAZmE,CAcpE;AACA;;;AACA,aAAKK,WAAL,GAAmBC,UAAU,CAAC,MAAML,4BAA4B,EAAnC,EAAuC,KAAKnB,OAAL,CAAayB,kBAApD,CAA7B;AACD,OAjBD;;AAmBAC,MAAAA,MAAM,CAACC,gBAAP,CAAwB,SAAxB,EAAmC,KAAKX,eAAxC;AACD;AACF;;AAEDY,EAAAA,IAAI,GAAG;AACL,SAAK7B,YAAL,CAAkB8B,0BAAlB;AACA,SAAK9B,YAAL,CAAkB+B,GAAlB,CAAsBjB,2BAAtB,EAAqC,KAAKX,qBAA1C;;AACA,QAAI,KAAKF,OAAL,CAAae,WAAb,IAA4B,0BAAhC,EAA6C;AAC3CW,MAAAA,MAAM,CAACK,mBAAP,CAA2B,SAA3B,EAAsC,KAAKf,eAA3C;AACAgB,MAAAA,YAAY,CAAC,KAAKT,WAAN,CAAZ;AACD;AACF;;AAlEuB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* global window */\nimport { TokenManager, EVENT_EXPIRED } from '../TokenManager';\nimport { AuthSdkError } from '../errors';\nimport { isBrowser } from '../features';\nimport { TokenManagerOptions } from '../types';\n\nfunction shouldThrottleRenew(renewTimeQueue) {\n let res = false;\n renewTimeQueue.push(Date.now());\n if (renewTimeQueue.length >= 10) {\n // get and remove first item from queue\n const firstTime = renewTimeQueue.shift();\n const lastTime = renewTimeQueue[renewTimeQueue.length - 1];\n res = lastTime - firstTime < 30 * 1000;\n }\n return res;\n}\n\nexport class TokenService {\n private tokenManager: TokenManager;\n private options: TokenManagerOptions;\n private storageListener: (event: StorageEvent) => void;\n private onTokenExpiredHandler: (key: string) => void;\n private syncTimeout: unknown;\n\n constructor(tokenManager: TokenManager, options: TokenManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n }\n\n start() {\n const renewTimeQueue = [];\n this.onTokenExpiredHandler = (key) => {\n if (this.options.autoRenew) {\n if (shouldThrottleRenew(renewTimeQueue)) {\n const error = new AuthSdkError('Too many token renew requests');\n this.tokenManager.emitError(error);\n } else {\n this.tokenManager.renew(key).catch(() => {}); // Renew errors will emit an \"error\" event \n }\n } else if (this.options.autoRemove) {\n this.tokenManager.remove(key);\n }\n };\n this.tokenManager.on(EVENT_EXPIRED, this.onTokenExpiredHandler);\n\n this.tokenManager.setExpireEventTimeoutAll();\n\n if (this.options.syncStorage && isBrowser()) {\n // Sync authState cross multiple tabs when localStorage is used as the storageProvider\n // A StorageEvent is sent to a window when a storage area it has access to is changed \n // within the context of another document.\n // https://developer.mozilla.org/en-US/docs/Web/API/StorageEvent\n\n this.storageListener = ({ key, newValue, oldValue }: StorageEvent) => {\n const handleCrossTabsStorageChange = () => {\n this.tokenManager.resetExpireEventTimeoutAll();\n this.tokenManager.emitEventsForCrossTabsStorageUpdate(newValue, oldValue);\n };\n\n // Skip if:\n // not from localStorage.clear (event.key is null)\n // event.key is not the storageKey\n // oldValue === newValue\n if (key && (key !== this.options.storageKey || newValue === oldValue)) {\n return;\n }\n\n // LocalStorage cross tabs update is not synced in IE, set a 1s timer by default to read latest value\n // https://stackoverflow.com/questions/24077117/localstorage-in-win8-1-ie11-does-not-synchronize\n this.syncTimeout = setTimeout(() => handleCrossTabsStorageChange(), this.options._storageEventDelay);\n };\n\n window.addEventListener('storage', this.storageListener);\n }\n }\n\n stop() {\n this.tokenManager.clearExpireEventTimeoutAll();\n this.tokenManager.off(EVENT_EXPIRED, this.onTokenExpiredHandler);\n if (this.options.syncStorage && isBrowser()) {\n window.removeEventListener('storage', this.storageListener);\n clearTimeout(this.syncTimeout as any);\n }\n }\n}"],"file":"TokenService.js"}
1
+ {"version":3,"sources":["../../../lib/services/TokenService.ts"],"names":["shouldThrottleRenew","renewTimeQueue","res","push","Date","now","length","firstTime","shift","lastTime","TokenService","constructor","tokenManager","options","storageListener","undefined","onTokenExpiredHandler","start","key","autoRenew","error","AuthSdkError","emitError","renew","catch","autoRemove","remove","on","EVENT_EXPIRED","setExpireEventTimeoutAll","syncStorage","newValue","oldValue","handleCrossTabsStorageChange","resetExpireEventTimeoutAll","emitEventsForCrossTabsStorageUpdate","storageKey","syncTimeout","setTimeout","_storageEventDelay","window","addEventListener","stop","clearExpireEventTimeoutAll","off","removeEventListener","clearTimeout"],"mappings":";;;;AAcA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAMA,SAASA,mBAAT,CAA6BC,cAA7B,EAA6C;AAC3C,MAAIC,GAAG,GAAG,KAAV;AACAD,EAAAA,cAAc,CAACE,IAAf,CAAoBC,IAAI,CAACC,GAAL,EAApB;;AACA,MAAIJ,cAAc,CAACK,MAAf,IAAyB,EAA7B,EAAiC;AAC/B;AACA,UAAMC,SAAS,GAAGN,cAAc,CAACO,KAAf,EAAlB;AACA,UAAMC,QAAQ,GAAGR,cAAc,CAACA,cAAc,CAACK,MAAf,GAAwB,CAAzB,CAA/B;AACAJ,IAAAA,GAAG,GAAGO,QAAQ,GAAGF,SAAX,GAAuB,KAAK,IAAlC;AACD;;AACD,SAAOL,GAAP;AACD;;AAEM,MAAMQ,YAAN,CAAmB;AAOxBC,EAAAA,WAAW,CAACC,YAAD,EAA6BC,OAA4B,GAAG,EAA5D,EAAgE;AACzE,SAAKD,YAAL,GAAoBA,YAApB;AACA,SAAKC,OAAL,GAAeA,OAAf;AACA,SAAKC,eAAL,GAAuBC,SAAvB;AACA,SAAKC,qBAAL,GAA6BD,SAA7B;AACD;;AAEDE,EAAAA,KAAK,GAAG;AACN,UAAMhB,cAAc,GAAG,EAAvB;;AACA,SAAKe,qBAAL,GAA8BE,GAAD,IAAS;AACpC,UAAI,KAAKL,OAAL,CAAaM,SAAjB,EAA4B;AAC1B,YAAInB,mBAAmB,CAACC,cAAD,CAAvB,EAAyC;AACvC,gBAAMmB,KAAK,GAAG,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAd;AACA,eAAKT,YAAL,CAAkBU,SAAlB,CAA4BF,KAA5B;AACD,SAHD,MAGO;AACL,eAAKR,YAAL,CAAkBW,KAAlB,CAAwBL,GAAxB,EAA6BM,KAA7B,CAAmC,MAAM,CAAE,CAA3C,EADK,CACyC;AAC/C;AACF,OAPD,MAOO,IAAI,KAAKX,OAAL,CAAaY,UAAjB,EAA6B;AAClC,aAAKb,YAAL,CAAkBc,MAAlB,CAAyBR,GAAzB;AACD;AACF,KAXD;;AAYA,SAAKN,YAAL,CAAkBe,EAAlB,CAAqBC,2BAArB,EAAoC,KAAKZ,qBAAzC;AAEA,SAAKJ,YAAL,CAAkBiB,wBAAlB;;AAEA,QAAI,KAAKhB,OAAL,CAAaiB,WAAb,IAA4B,0BAAhC,EAA6C;AAC3C;AACA;AACA;AACA;AAEA,WAAKhB,eAAL,GAAuB,CAAC;AAAEI,QAAAA,GAAF;AAAOa,QAAAA,QAAP;AAAiBC,QAAAA;AAAjB,OAAD,KAA+C;AACpE,cAAMC,4BAA4B,GAAG,MAAM;AACzC,eAAKrB,YAAL,CAAkBsB,0BAAlB;AACA,eAAKtB,YAAL,CAAkBuB,mCAAlB,CAAsDJ,QAAtD,EAAgEC,QAAhE;AACD,SAHD,CADoE,CAMpE;AACA;AACA;AACA;;;AACA,YAAId,GAAG,KAAKA,GAAG,KAAK,KAAKL,OAAL,CAAauB,UAArB,IAAmCL,QAAQ,KAAKC,QAArD,CAAP,EAAuE;AACrE;AACD,SAZmE,CAcpE;AACA;;;AACA,aAAKK,WAAL,GAAmBC,UAAU,CAAC,MAAML,4BAA4B,EAAnC,EAAuC,KAAKpB,OAAL,CAAa0B,kBAApD,CAA7B;AACD,OAjBD;;AAmBAC,MAAAA,MAAM,CAACC,gBAAP,CAAwB,SAAxB,EAAmC,KAAK3B,eAAxC;AACD;AACF;;AAED4B,EAAAA,IAAI,GAAG;AACL,SAAK9B,YAAL,CAAkB+B,0BAAlB;AACA,SAAK/B,YAAL,CAAkBgC,GAAlB,CAAsBhB,2BAAtB,EAAqC,KAAKZ,qBAA1C;;AACA,QAAI,KAAKH,OAAL,CAAaiB,WAAb,IAA4B,0BAAhC,EAA6C;AAC3C;AACAU,MAAAA,MAAM,CAACK,mBAAP,CAA2B,SAA3B,EAAsC,KAAK/B,eAA3C;AACAgC,MAAAA,YAAY,CAAC,KAAKT,WAAN,CAAZ;AACD;AACF;;AArEuB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* global window */\nimport { TokenManager, EVENT_EXPIRED } from '../TokenManager';\nimport { AuthSdkError } from '../errors';\nimport { isBrowser } from '../features';\nimport { TokenManagerOptions } from '../types';\n\nfunction shouldThrottleRenew(renewTimeQueue) {\n let res = false;\n renewTimeQueue.push(Date.now());\n if (renewTimeQueue.length >= 10) {\n // get and remove first item from queue\n const firstTime = renewTimeQueue.shift();\n const lastTime = renewTimeQueue[renewTimeQueue.length - 1];\n res = lastTime - firstTime < 30 * 1000;\n }\n return res;\n}\n\nexport class TokenService {\n private tokenManager: TokenManager;\n private options: TokenManagerOptions;\n private storageListener?: (event: StorageEvent) => void;\n private onTokenExpiredHandler?: (key: string) => void;\n private syncTimeout: unknown;\n\n constructor(tokenManager: TokenManager, options: TokenManagerOptions = {}) {\n this.tokenManager = tokenManager;\n this.options = options;\n this.storageListener = undefined;\n this.onTokenExpiredHandler = undefined;\n }\n\n start() {\n const renewTimeQueue = [];\n this.onTokenExpiredHandler = (key) => {\n if (this.options.autoRenew) {\n if (shouldThrottleRenew(renewTimeQueue)) {\n const error = new AuthSdkError('Too many token renew requests');\n this.tokenManager.emitError(error);\n } else {\n this.tokenManager.renew(key).catch(() => {}); // Renew errors will emit an \"error\" event \n }\n } else if (this.options.autoRemove) {\n this.tokenManager.remove(key);\n }\n };\n this.tokenManager.on(EVENT_EXPIRED, this.onTokenExpiredHandler);\n\n this.tokenManager.setExpireEventTimeoutAll();\n\n if (this.options.syncStorage && isBrowser()) {\n // Sync authState cross multiple tabs when localStorage is used as the storageProvider\n // A StorageEvent is sent to a window when a storage area it has access to is changed \n // within the context of another document.\n // https://developer.mozilla.org/en-US/docs/Web/API/StorageEvent\n\n this.storageListener = ({ key, newValue, oldValue }: StorageEvent) => {\n const handleCrossTabsStorageChange = () => {\n this.tokenManager.resetExpireEventTimeoutAll();\n this.tokenManager.emitEventsForCrossTabsStorageUpdate(newValue, oldValue);\n };\n\n // Skip if:\n // not from localStorage.clear (event.key is null)\n // event.key is not the storageKey\n // oldValue === newValue\n if (key && (key !== this.options.storageKey || newValue === oldValue)) {\n return;\n }\n\n // LocalStorage cross tabs update is not synced in IE, set a 1s timer by default to read latest value\n // https://stackoverflow.com/questions/24077117/localstorage-in-win8-1-ie11-does-not-synchronize\n this.syncTimeout = setTimeout(() => handleCrossTabsStorageChange(), this.options._storageEventDelay);\n };\n\n window.addEventListener('storage', this.storageListener);\n }\n }\n\n stop() {\n this.tokenManager.clearExpireEventTimeoutAll();\n this.tokenManager.off(EVENT_EXPIRED, this.onTokenExpiredHandler);\n if (this.options.syncStorage && isBrowser()) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n window.removeEventListener('storage', this.storageListener!);\n clearTimeout(this.syncTimeout as any);\n }\n }\n}"],"file":"TokenService.js"}
package/cjs/tx/AuthTransaction.js CHANGED
@@ -30,6 +30,9 @@ var _api = require("./api");
30
30
  */
31
31
  class AuthTransaction {
32
32
  constructor(sdk, res = null) {
33
+ this.data = undefined;
34
+ this.status = undefined;
35
+
33
36
  if (res) {
34
37
  this.data = res;
35
38
 
package/cjs/tx/AuthTransaction.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/tx/AuthTransaction.ts"],"names":["AuthTransaction","constructor","sdk","res","data","interactionHandle","status","Object","assign","flattenEmbedded","stateToken","_links","cancel","Promise","resolve","link2fn","obj","link","ref","Array","isArray","name","opts","AuthSdkError","lk","hints","allow","length","method","href","withCredentials","isPolling","factorType","provider","params","autoPush","undefined","e","reject","rememberDevice","profile","updatePhone","links2fns","fns","linkName","prototype","hasOwnProperty","call","type","poll","fn","objArr","o","ol","push","embedded","_embedded","key"],"mappings":";;;;;;AAaA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAyCO,MAAMA,eAAN,CAA4E;AA0BjFC,EAAAA,WAAW,CAACC,GAAD,EAAMC,GAAG,GAAG,IAAZ,EAAkB;AAC3B,QAAIA,GAAJ,EAAS;AACP,WAAKC,IAAL,GAAYD,GAAZ;;AAEA,UAAI,KAAKC,IAAL,CAAUC,iBAAd,EAAiC;AAC/B,aAAKC,MAAL,GAAcH,GAAG,CAACG,MAAlB;AACA;AACD,OANM,CAQP;;;AACAC,MAAAA,MAAM,CAACC,MAAP,CAAc,IAAd,EAAoBC,eAAe,CAACP,GAAD,EAAMC,GAAN,EAAWA,GAAX,EAAgB,EAAhB,CAAnC;AACA,aAAO,KAAKO,UAAZ,CAVO,CAYP;AACA;AACA;AACA;;AACA,UAAIP,GAAG,CAACG,MAAJ,KAAe,oBAAf,IAAuC,CAACH,GAAG,CAACQ,MAAhD,EAAwD;AACtD,aAAKC,MAAL,GAAc,YAAW;AACvB,iBAAOC,OAAO,CAACC,OAAR,CAAgB,IAAId,eAAJ,CAAoBE,GAApB,CAAhB,CAAP;AACD,SAFD;AAGD;AACF;AACF;;AAjDgF;;;;AAoDnF,SAASa,OAAT,CAAiBb,GAAjB,EAAsBC,GAAtB,EAA2Ba,GAA3B,EAAgCC,IAAhC,EAAsCC,GAAtC,EAA2C;AACzC,MAAIC,KAAK,CAACC,OAAN,CAAcH,IAAd,CAAJ,EAAyB;AACvB,WAAO,UAASI,IAAT,EAAeC,IAAf,EAAsB;AAC3B,UAAI,CAACD,IAAL,EAAW;AACT,cAAM,IAAIE,qBAAJ,CAAiB,0BAAjB,CAAN;AACD;;AAED,UAAIC,EAAE,GAAG,gBAAKP,IAAL,EAAW;AAACI,QAAAA,IAAI,EAAEA;AAAP,OAAX,CAAT;;AACA,UAAI,CAACG,EAAL,EAAS;AACP,cAAM,IAAID,qBAAJ,CAAiB,6BAAjB,CAAN;AACD;;AAED,aAAOR,OAAO,CAACb,GAAD,EAAMC,GAAN,EAAWa,GAAX,EAAgBQ,EAAhB,EAAoBN,GAApB,CAAP,CAAgCI,IAAhC,CAAP;AACD,KAXD;AAaD,GAdD,MAcO,IAAIL,IAAI,CAACQ,KAAL,IACPR,IAAI,CAACQ,KAAL,CAAWC,KADJ,IAEPT,IAAI,CAACQ,KAAL,CAAWC,KAAX,CAAiBC,MAAjB,KAA4B,CAFzB,EAE4B;AACjC,QAAIC,MAAM,GAAGX,IAAI,CAACQ,KAAL,CAAWC,KAAX,CAAiB,CAAjB,CAAb;;AACA,YAAQE,MAAR;AAEE,WAAK,KAAL;AACE,eAAO,YAAW;AAChB,iBAAO,eAAI1B,GAAJ,EAASe,IAAI,CAACY,IAAd,EAAoB;AAAEC,YAAAA,eAAe,EAAE;AAAnB,WAApB,CAAP;AACD,SAFD;;AAIF,WAAK,MAAL;AACE;AACA,eAAO,UAASR,IAAT,EAAiC;AACtC,cAAIJ,GAAG,IAAIA,GAAG,CAACa,SAAf,EAA0B;AACxBb,YAAAA,GAAG,CAACa,SAAJ,GAAgB,KAAhB;AACD;;AAED,cAAI3B,IAAI,GAAG,0BAAcD,GAAd,EAAmBmB,IAAnB,CAAX;;AAEA,cAAInB,GAAG,CAACG,MAAJ,KAAe,YAAf,IAA+BH,GAAG,CAACG,MAAJ,KAAe,eAAlD,EAAmE;AACjE;AACAC,YAAAA,MAAM,CAACC,MAAP,CAAcJ,IAAd,EAAoB;AAClB4B,cAAAA,UAAU,EAAEhB,GAAG,CAACgB,UADE;AAElBC,cAAAA,QAAQ,EAAEjB,GAAG,CAACiB;AAFI,aAApB;AAID;;AAED,cAAIC,MAAM,GAAG,EAAb;AACA,cAAIC,QAAQ,GAAG/B,IAAI,CAAC+B,QAApB;;AACA,cAAIA,QAAQ,KAAKC,SAAjB,EAA4B;AAC1B,gBAAI,OAAOD,QAAP,KAAoB,UAAxB,EAAoC;AAClC,kBAAI;AACFD,gBAAAA,MAAM,CAACC,QAAP,GAAkB,CAAC,CAACA,QAAQ,EAA5B;AACD,eAFD,CAGA,OAAOE,CAAP,EAAU;AACR,uBAAOxB,OAAO,CAACyB,MAAR,CAAe,IAAIf,qBAAJ,CAAiB,gCAAjB,CAAf,CAAP;AACD;AACF,aAPD,MAQK,IAAIY,QAAQ,KAAK,IAAjB,EAAuB;AAC1BD,cAAAA,MAAM,CAACC,QAAP,GAAkB,CAAC,CAACA,QAApB;AACD;;AACD/B,YAAAA,IAAI,GAAG,gBAAKA,IAAL,EAAW,UAAX,CAAP;AACD;;AAED,cAAImC,cAAc,GAAGnC,IAAI,CAACmC,cAA1B;;AACA,cAAIA,cAAc,KAAKH,SAAvB,EAAkC;AAChC,gBAAI,OAAOG,cAAP,KAA0B,UAA9B,EAA0C;AACxC,kBAAI;AACFL,gBAAAA,MAAM,CAACK,cAAP,GAAwB,CAAC,CAACA,cAAc,EAAxC;AACD,eAFD,CAGA,OAAOF,CAAP,EAAU;AACR,uBAAOxB,OAAO,CAACyB,MAAR,CAAe,IAAIf,qBAAJ,CAAiB,sCAAjB,CAAf,CAAP;AACD;AACF,aAPD,MAQK,IAAIgB,cAAc,KAAK,IAAvB,EAA6B;AAChCL,cAAAA,MAAM,CAACK,cAAP,GAAwB,CAAC,CAACA,cAA1B;AACD;;AACDnC,YAAAA,IAAI,GAAG,gBAAKA,IAAL,EAAW,gBAAX,CAAP;AAED,WAdD,MAcO,IAAIA,IAAI,CAACoC,OAAL,IACDpC,IAAI,CAACoC,OAAL,CAAaC,WAAb,KAA6BL,SADhC,EAC2C;AAChD,gBAAIhC,IAAI,CAACoC,OAAL,CAAaC,WAAjB,EAA8B;AAC5BP,cAAAA,MAAM,CAACO,WAAP,GAAqB,IAArB;AACD;;AACDrC,YAAAA,IAAI,CAACoC,OAAL,GAAe,gBAAKpC,IAAI,CAACoC,OAAV,EAAmB,aAAnB,CAAf;AACD;;AACD,cAAIX,IAAI,GAAGZ,IAAI,CAACY,IAAL,GAAY,yBAAcK,MAAd,CAAvB;AACA,iBAAO,4BAAkBhC,GAAlB,EAAuB2B,IAAvB,EAA6BzB,IAA7B,CAAP;AACD,SAxDD;AATJ;AAmED;AACF;;AAED,SAASsC,SAAT,CAAmBxC,GAAnB,EAAwBC,GAAxB,EAA6Ba,GAA7B,EAAkCE,GAAlC,EAAuC;AACrC,MAAIyB,GAAG,GAAG,EAAV;;AACA,OAAK,IAAIC,QAAT,IAAqB5B,GAAG,CAACL,MAAzB,EAAiC;AAC/B,QAAI,CAACJ,MAAM,CAACsC,SAAP,CAAiBC,cAAjB,CAAgCC,IAAhC,CAAqC/B,GAAG,CAACL,MAAzC,EAAiDiC,QAAjD,CAAL,EAAiE;AAC/D;AACD;;AAED,QAAI3B,IAAI,GAAGD,GAAG,CAACL,MAAJ,CAAWiC,QAAX,CAAX;;AAEA,QAAIA,QAAQ,KAAK,MAAjB,EAAyB;AACvBA,MAAAA,QAAQ,GAAG3B,IAAI,CAACI,IAAhB;AACD;;AAED,QAAIJ,IAAI,CAAC+B,IAAT,EAAe;AACbL,MAAAA,GAAG,CAACC,QAAD,CAAH,GAAgB3B,IAAhB;AACA;AACD;;AAED,YAAQ2B,QAAR;AACE;AACA;AACA,WAAK,MAAL;AACED,QAAAA,GAAG,CAACM,IAAJ,GAAW,qBAAU/C,GAAV,EAAeC,GAAf,EAAoBe,GAApB,CAAX;AACA;;AAEF;AACE,YAAIgC,EAAE,GAAGnC,OAAO,CAACb,GAAD,EAAMC,GAAN,EAAWa,GAAX,EAAgBC,IAAhB,EAAsBC,GAAtB,CAAhB;;AACA,YAAIgC,EAAJ,EAAQ;AACNP,UAAAA,GAAG,CAACC,QAAD,CAAH,GAAgBM,EAAhB;AACD;;AAXL;AAaD;;AACD,SAAOP,GAAP;AACD,C,CAED;;;AACA,SAASlC,eAAT,CAAyBP,GAAzB,EAA8BC,GAA9B,EAAmCa,GAAnC,EAAwCE,GAAxC,EAA6C;AAC3CF,EAAAA,GAAG,GAAGA,GAAG,IAAIb,GAAb;AACAa,EAAAA,GAAG,GAAG,iBAAMA,GAAN,CAAN;;AAEA,MAAIG,KAAK,CAACC,OAAN,CAAcJ,GAAd,CAAJ,EAAwB;AACtB,QAAImC,MAAM,GAAG,EAAb;;AACA,SAAK,IAAIC,CAAC,GAAG,CAAR,EAAWC,EAAE,GAAGrC,GAAG,CAACW,MAAzB,EAAiCyB,CAAC,GAAGC,EAArC,EAAyCD,CAAC,EAA1C,EAA8C;AAC5CD,MAAAA,MAAM,CAACG,IAAP,CAAY7C,eAAe,CAACP,GAAD,EAAMC,GAAN,EAAWa,GAAG,CAACoC,CAAD,CAAd,EAAmBlC,GAAnB,CAA3B;AACD;;AACD,WAAOiC,MAAP;AACD;;AAED,MAAII,QAAQ,GAAGvC,GAAG,CAACwC,SAAJ,IAAiB,EAAhC;;AAEA,OAAK,IAAIC,GAAT,IAAgBF,QAAhB,EAA0B;AACxB,QAAI,CAAChD,MAAM,CAACsC,SAAP,CAAiBC,cAAjB,CAAgCC,IAAhC,CAAqCQ,QAArC,EAA+CE,GAA/C,CAAL,EAA0D;AACxD;AACD,KAHuB,CAKxB;;;AACA,QAAI,oBAASF,QAAQ,CAACE,GAAD,CAAjB,KAA2BtC,KAAK,CAACC,OAAN,CAAcmC,QAAQ,CAACE,GAAD,CAAtB,CAA/B,EAA6D;AAC3DF,MAAAA,QAAQ,CAACE,GAAD,CAAR,GAAgBhD,eAAe,CAACP,GAAD,EAAMC,GAAN,EAAWoD,QAAQ,CAACE,GAAD,CAAnB,EAA0BvC,GAA1B,CAA/B;AACD;AACF,GAvB0C,CAyB3C;;;AACA,MAAIyB,GAAG,GAAGD,SAAS,CAACxC,GAAD,EAAMC,GAAN,EAAWa,GAAX,EAAgBE,GAAhB,CAAnB;AACAX,EAAAA,MAAM,CAACC,MAAP,CAAc+C,QAAd,EAAwBZ,GAAxB;AAEA3B,EAAAA,GAAG,GAAG,gBAAKA,GAAL,EAAU,WAAV,EAAuB,QAAvB,CAAN;AACAT,EAAAA,MAAM,CAACC,MAAP,CAAcQ,GAAd,EAAmBuC,QAAnB;AACA,SAAOvC,GAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { get } from '../http';\nimport { find, omit, toQueryString, clone, isObject } from '../util';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { TransactionState } from './TransactionState';\nimport { addStateToken } from './util';\nimport { getPollFn } from './poll';\nimport { postToTransaction } from './api';\nimport { IdxStatus } from '../idx/types';\n\ninterface PostToTransactionParams {\n autoPush?: boolean;\n rememberDevice?: boolean;\n updatePhone?: boolean;\n}\n\ntype AuthTransactionFunction = (obj?: any) => Promise<AuthTransaction>;\n\ninterface AuthTransactionFunctions {\n // common\n next?: AuthTransactionFunction;\n cancel?: AuthTransactionFunction;\n skip?: AuthTransactionFunction;\n // locked_out\n unlock?: AuthTransactionFunction;\n // password\n changePassword?: AuthTransactionFunction;\n resetPassword?: AuthTransactionFunction;\n // recovery\n answer?: AuthTransactionFunction;\n recovery?: AuthTransactionFunction;\n // recovery_challenge\n verify?: AuthTransactionFunction;\n resend?: AuthTransactionFunction;\n // mfa_enroll_activate\n activate?: AuthTransactionFunction;\n poll?: AuthTransactionFunction;\n prev?: AuthTransactionFunction;\n}\n\nexport class AuthTransaction implements TransactionState, AuthTransactionFunctions {\n next?: AuthTransactionFunction;\n cancel?: AuthTransactionFunction;\n skip?: AuthTransactionFunction;\n unlock?: AuthTransactionFunction;\n changePassword?: AuthTransactionFunction;\n resetPassword?: AuthTransactionFunction;\n answer?: AuthTransactionFunction;\n recovery?: AuthTransactionFunction;\n verify?: AuthTransactionFunction;\n resend?: AuthTransactionFunction;\n activate?: AuthTransactionFunction;\n poll?: AuthTransactionFunction;\n prev?: AuthTransactionFunction;\n\n data: TransactionState;\n stateToken?: string;\n sessionToken?: string;\n status: string | IdxStatus;\n user?: Record<string, any>;\n factor?: Record<string, any>;\n factors?: Array<Record<string, any> >;\n policy?: Record<string, any>;\n scopes?: Array<Record<string, any> >;\n target?: Record<string, any>;\n authentication?: Record<string, any>;\n constructor(sdk, res = null) {\n if (res) {\n this.data = res;\n\n if (this.data.interactionHandle) {\n this.status = res.status;\n return;\n }\n\n // Parse response from Authn V1\n Object.assign(this, flattenEmbedded(sdk, res, res, {}));\n delete this.stateToken;\n\n // RECOVERY_CHALLENGE has some responses without _links.\n // Without _links, we emulate cancel to make it intuitive\n // to return to the starting state. We may remove this\n // when OKTA-75434 is resolved\n if (res.status === 'RECOVERY_CHALLENGE' && !res._links) {\n this.cancel = function() {\n return Promise.resolve(new AuthTransaction(sdk));\n };\n }\n }\n }\n}\n\nfunction link2fn(sdk, res, obj, link, ref) {\n if (Array.isArray(link)) {\n return function(name, opts?) {\n if (!name) {\n throw new AuthSdkError('Must provide a link name');\n }\n\n var lk = find(link, {name: name});\n if (!lk) {\n throw new AuthSdkError('No link found for that name');\n }\n\n return link2fn(sdk, res, obj, lk, ref)(opts);\n };\n\n } else if (link.hints &&\n link.hints.allow &&\n link.hints.allow.length === 1) {\n var method = link.hints.allow[0];\n switch (method) {\n\n case 'GET':\n return function() {\n return get(sdk, link.href, { withCredentials: true });\n };\n\n case 'POST':\n // eslint-disable-next-line max-statements,complexity\n return function(opts: TransactionState) {\n if (ref && ref.isPolling) {\n ref.isPolling = false;\n }\n\n var data = addStateToken(res, opts);\n\n if (res.status === 'MFA_ENROLL' || res.status === 'FACTOR_ENROLL') {\n // Add factorType and provider\n Object.assign(data, {\n factorType: obj.factorType,\n provider: obj.provider\n });\n }\n\n var params = {} as PostToTransactionParams;\n var autoPush = data.autoPush;\n if (autoPush !== undefined) {\n if (typeof autoPush === 'function') {\n try {\n params.autoPush = !!autoPush();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n }\n }\n else if (autoPush !== null) {\n params.autoPush = !!autoPush;\n }\n data = omit(data, 'autoPush');\n }\n\n var rememberDevice = data.rememberDevice;\n if (rememberDevice !== undefined) {\n if (typeof rememberDevice === 'function') {\n try {\n params.rememberDevice = !!rememberDevice();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n }\n }\n else if (rememberDevice !== null) {\n params.rememberDevice = !!rememberDevice;\n }\n data = omit(data, 'rememberDevice');\n\n } else if (data.profile &&\n data.profile.updatePhone !== undefined) {\n if (data.profile.updatePhone) {\n params.updatePhone = true;\n }\n data.profile = omit(data.profile, 'updatePhone');\n }\n var href = link.href + toQueryString(params);\n return postToTransaction(sdk, href, data);\n };\n }\n }\n}\n\nfunction links2fns(sdk, res, obj, ref) {\n var fns = {} as AuthTransactionFunctions;\n for (var linkName in obj._links) {\n if (!Object.prototype.hasOwnProperty.call(obj._links, linkName)) {\n continue;\n }\n\n var link = obj._links[linkName];\n \n if (linkName === 'next') {\n linkName = link.name;\n }\n\n if (link.type) {\n fns[linkName] = link;\n continue;\n }\n\n switch (linkName) {\n // poll is only found at the transaction\n // level, so we don't need to pass the link\n case 'poll':\n fns.poll = getPollFn(sdk, res, ref);\n break;\n\n default:\n var fn = link2fn(sdk, res, obj, link, ref);\n if (fn) {\n fns[linkName] = fn;\n }\n }\n }\n return fns;\n}\n\n// eslint-disable-next-line complexity\nfunction flattenEmbedded(sdk, res, obj, ref) {\n obj = obj || res;\n obj = clone(obj);\n\n if (Array.isArray(obj)) {\n var objArr = [];\n for (var o = 0, ol = obj.length; o < ol; o++) {\n objArr.push(flattenEmbedded(sdk, res, obj[o], ref));\n }\n return objArr;\n }\n\n var embedded = obj._embedded || {};\n\n for (var key in embedded) {\n if (!Object.prototype.hasOwnProperty.call(embedded, key)) {\n continue;\n }\n\n // Flatten any nested _embedded objects\n if (isObject(embedded[key]) || Array.isArray(embedded[key])) {\n embedded[key] = flattenEmbedded(sdk, res, embedded[key], ref);\n }\n }\n\n // Convert any links on the embedded object\n var fns = links2fns(sdk, res, obj, ref);\n Object.assign(embedded, fns);\n\n obj = omit(obj, '_embedded', '_links');\n Object.assign(obj, embedded);\n return obj;\n}\n"],"file":"AuthTransaction.js"}
1
+ {"version":3,"sources":["../../../lib/tx/AuthTransaction.ts"],"names":["AuthTransaction","constructor","sdk","res","data","undefined","status","interactionHandle","Object","assign","flattenEmbedded","stateToken","_links","cancel","Promise","resolve","link2fn","obj","link","ref","Array","isArray","name","opts","AuthSdkError","lk","hints","allow","length","method","href","withCredentials","isPolling","factorType","provider","params","autoPush","e","reject","rememberDevice","profile","updatePhone","links2fns","fns","linkName","prototype","hasOwnProperty","call","type","poll","fn","objArr","o","ol","push","embedded","_embedded","key"],"mappings":";;;;;;AAaA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAyCO,MAAMA,eAAN,CAA4E;AA0BjFC,EAAAA,WAAW,CAACC,GAAD,EAAMC,GAA4B,GAAG,IAArC,EAA2C;AACpD,SAAKC,IAAL,GAAYC,SAAZ;AACA,SAAKC,MAAL,GAAcD,SAAd;;AACA,QAAIF,GAAJ,EAAS;AACP,WAAKC,IAAL,GAAYD,GAAZ;;AAEA,UAAI,KAAKC,IAAL,CAAUG,iBAAd,EAAiC;AAC/B,aAAKD,MAAL,GAAcH,GAAG,CAACG,MAAlB;AACA;AACD,OANM,CAQP;;;AACAE,MAAAA,MAAM,CAACC,MAAP,CAAc,IAAd,EAAoBC,eAAe,CAACR,GAAD,EAAMC,GAAN,EAAWA,GAAX,EAAgB,EAAhB,CAAnC;AACA,aAAO,KAAKQ,UAAZ,CAVO,CAYP;AACA;AACA;AACA;;AACA,UAAIR,GAAG,CAACG,MAAJ,KAAe,oBAAf,IAAuC,CAACH,GAAG,CAACS,MAAhD,EAAwD;AACtD,aAAKC,MAAL,GAAc,YAAW;AACvB,iBAAOC,OAAO,CAACC,OAAR,CAAgB,IAAIf,eAAJ,CAAoBE,GAApB,CAAhB,CAAP;AACD,SAFD;AAGD;AACF;AACF;;AAnDgF;;;;AAsDnF,SAASc,OAAT,CAAiBd,GAAjB,EAAsBC,GAAtB,EAA2Bc,GAA3B,EAAgCC,IAAhC,EAAsCC,GAAtC,EAA2C;AACzC,MAAIC,KAAK,CAACC,OAAN,CAAcH,IAAd,CAAJ,EAAyB;AACvB,WAAO,UAASI,IAAT,EAAeC,IAAf,EAAsB;AAC3B,UAAI,CAACD,IAAL,EAAW;AACT,cAAM,IAAIE,qBAAJ,CAAiB,0BAAjB,CAAN;AACD;;AAED,UAAIC,EAAE,GAAG,gBAAKP,IAAL,EAAW;AAACI,QAAAA,IAAI,EAAEA;AAAP,OAAX,CAAT;;AACA,UAAI,CAACG,EAAL,EAAS;AACP,cAAM,IAAID,qBAAJ,CAAiB,6BAAjB,CAAN;AACD;;AAED,aAAOR,OAAO,CAACd,GAAD,EAAMC,GAAN,EAAWc,GAAX,EAAgBQ,EAAhB,EAAoBN,GAApB,CAAP,CAAgCI,IAAhC,CAAP;AACD,KAXD;AAaD,GAdD,MAcO,IAAIL,IAAI,CAACQ,KAAL,IACPR,IAAI,CAACQ,KAAL,CAAWC,KADJ,IAEPT,IAAI,CAACQ,KAAL,CAAWC,KAAX,CAAiBC,MAAjB,KAA4B,CAFzB,EAE4B;AACjC,QAAIC,MAAM,GAAGX,IAAI,CAACQ,KAAL,CAAWC,KAAX,CAAiB,CAAjB,CAAb;;AACA,YAAQE,MAAR;AAEE,WAAK,KAAL;AACE,eAAO,YAAW;AAChB,iBAAO,eAAI3B,GAAJ,EAASgB,IAAI,CAACY,IAAd,EAAoB;AAAEC,YAAAA,eAAe,EAAE;AAAnB,WAApB,CAAP;AACD,SAFD;;AAIF,WAAK,MAAL;AACE;AACA,eAAO,UAASR,IAAT,EAAiC;AACtC,cAAIJ,GAAG,IAAIA,GAAG,CAACa,SAAf,EAA0B;AACxBb,YAAAA,GAAG,CAACa,SAAJ,GAAgB,KAAhB;AACD;;AAED,cAAI5B,IAAI,GAAG,0BAAcD,GAAd,EAAmBoB,IAAnB,CAAX;;AAEA,cAAIpB,GAAG,CAACG,MAAJ,KAAe,YAAf,IAA+BH,GAAG,CAACG,MAAJ,KAAe,eAAlD,EAAmE;AACjE;AACAE,YAAAA,MAAM,CAACC,MAAP,CAAcL,IAAd,EAAoB;AAClB6B,cAAAA,UAAU,EAAEhB,GAAG,CAACgB,UADE;AAElBC,cAAAA,QAAQ,EAAEjB,GAAG,CAACiB;AAFI,aAApB;AAID;;AAED,cAAIC,MAAM,GAAG,EAAb;AACA,cAAIC,QAAQ,GAAGhC,IAAI,CAACgC,QAApB;;AACA,cAAIA,QAAQ,KAAK/B,SAAjB,EAA4B;AAC1B,gBAAI,OAAO+B,QAAP,KAAoB,UAAxB,EAAoC;AAClC,kBAAI;AACFD,gBAAAA,MAAM,CAACC,QAAP,GAAkB,CAAC,CAACA,QAAQ,EAA5B;AACD,eAFD,CAGA,OAAOC,CAAP,EAAU;AACR,uBAAOvB,OAAO,CAACwB,MAAR,CAAe,IAAId,qBAAJ,CAAiB,gCAAjB,CAAf,CAAP;AACD;AACF,aAPD,MAQK,IAAIY,QAAQ,KAAK,IAAjB,EAAuB;AAC1BD,cAAAA,MAAM,CAACC,QAAP,GAAkB,CAAC,CAACA,QAApB;AACD;;AACDhC,YAAAA,IAAI,GAAG,gBAAKA,IAAL,EAAW,UAAX,CAAP;AACD;;AAED,cAAImC,cAAc,GAAGnC,IAAI,CAACmC,cAA1B;;AACA,cAAIA,cAAc,KAAKlC,SAAvB,EAAkC;AAChC,gBAAI,OAAOkC,cAAP,KAA0B,UAA9B,EAA0C;AACxC,kBAAI;AACFJ,gBAAAA,MAAM,CAACI,cAAP,GAAwB,CAAC,CAACA,cAAc,EAAxC;AACD,eAFD,CAGA,OAAOF,CAAP,EAAU;AACR,uBAAOvB,OAAO,CAACwB,MAAR,CAAe,IAAId,qBAAJ,CAAiB,sCAAjB,CAAf,CAAP;AACD;AACF,aAPD,MAQK,IAAIe,cAAc,KAAK,IAAvB,EAA6B;AAChCJ,cAAAA,MAAM,CAACI,cAAP,GAAwB,CAAC,CAACA,cAA1B;AACD;;AACDnC,YAAAA,IAAI,GAAG,gBAAKA,IAAL,EAAW,gBAAX,CAAP;AAED,WAdD,MAcO,IAAIA,IAAI,CAACoC,OAAL,IACDpC,IAAI,CAACoC,OAAL,CAAaC,WAAb,KAA6BpC,SADhC,EAC2C;AAChD,gBAAID,IAAI,CAACoC,OAAL,CAAaC,WAAjB,EAA8B;AAC5BN,cAAAA,MAAM,CAACM,WAAP,GAAqB,IAArB;AACD;;AACDrC,YAAAA,IAAI,CAACoC,OAAL,GAAe,gBAAKpC,IAAI,CAACoC,OAAV,EAAmB,aAAnB,CAAf;AACD;;AACD,cAAIV,IAAI,GAAGZ,IAAI,CAACY,IAAL,GAAY,yBAAcK,MAAd,CAAvB;AACA,iBAAO,4BAAkBjC,GAAlB,EAAuB4B,IAAvB,EAA6B1B,IAA7B,CAAP;AACD,SAxDD;AATJ;AAmED;AACF;;AAED,SAASsC,SAAT,CAAmBxC,GAAnB,EAAwBC,GAAxB,EAA6Bc,GAA7B,EAAkCE,GAAlC,EAAuC;AACrC,MAAIwB,GAAG,GAAG,EAAV;;AACA,OAAK,IAAIC,QAAT,IAAqB3B,GAAG,CAACL,MAAzB,EAAiC;AAC/B,QAAI,CAACJ,MAAM,CAACqC,SAAP,CAAiBC,cAAjB,CAAgCC,IAAhC,CAAqC9B,GAAG,CAACL,MAAzC,EAAiDgC,QAAjD,CAAL,EAAiE;AAC/D;AACD;;AAED,QAAI1B,IAAI,GAAGD,GAAG,CAACL,MAAJ,CAAWgC,QAAX,CAAX;;AAEA,QAAIA,QAAQ,KAAK,MAAjB,EAAyB;AACvBA,MAAAA,QAAQ,GAAG1B,IAAI,CAACI,IAAhB;AACD;;AAED,QAAIJ,IAAI,CAAC8B,IAAT,EAAe;AACbL,MAAAA,GAAG,CAACC,QAAD,CAAH,GAAgB1B,IAAhB;AACA;AACD;;AAED,YAAQ0B,QAAR;AACE;AACA;AACA,WAAK,MAAL;AACED,QAAAA,GAAG,CAACM,IAAJ,GAAW,qBAAU/C,GAAV,EAAeC,GAAf,EAAoBgB,GAApB,CAAX;AACA;;AAEF;AACE,YAAI+B,EAAE,GAAGlC,OAAO,CAACd,GAAD,EAAMC,GAAN,EAAWc,GAAX,EAAgBC,IAAhB,EAAsBC,GAAtB,CAAhB;;AACA,YAAI+B,EAAJ,EAAQ;AACNP,UAAAA,GAAG,CAACC,QAAD,CAAH,GAAgBM,EAAhB;AACD;;AAXL;AAaD;;AACD,SAAOP,GAAP;AACD,C,CAED;;;AACA,SAASjC,eAAT,CAAyBR,GAAzB,EAA8BC,GAA9B,EAAmCc,GAAnC,EAAwCE,GAAxC,EAA6C;AAC3CF,EAAAA,GAAG,GAAGA,GAAG,IAAId,GAAb;AACAc,EAAAA,GAAG,GAAG,iBAAMA,GAAN,CAAN;;AAEA,MAAIG,KAAK,CAACC,OAAN,CAAcJ,GAAd,CAAJ,EAAwB;AACtB,QAAIkC,MAAM,GAAG,EAAb;;AACA,SAAK,IAAIC,CAAC,GAAG,CAAR,EAAWC,EAAE,GAAGpC,GAAG,CAACW,MAAzB,EAAiCwB,CAAC,GAAGC,EAArC,EAAyCD,CAAC,EAA1C,EAA8C;AAC5CD,MAAAA,MAAM,CAACG,IAAP,CAAY5C,eAAe,CAACR,GAAD,EAAMC,GAAN,EAAWc,GAAG,CAACmC,CAAD,CAAd,EAAmBjC,GAAnB,CAA3B;AACD;;AACD,WAAOgC,MAAP;AACD;;AAED,MAAII,QAAQ,GAAGtC,GAAG,CAACuC,SAAJ,IAAiB,EAAhC;;AAEA,OAAK,IAAIC,GAAT,IAAgBF,QAAhB,EAA0B;AACxB,QAAI,CAAC/C,MAAM,CAACqC,SAAP,CAAiBC,cAAjB,CAAgCC,IAAhC,CAAqCQ,QAArC,EAA+CE,GAA/C,CAAL,EAA0D;AACxD;AACD,KAHuB,CAKxB;;;AACA,QAAI,oBAASF,QAAQ,CAACE,GAAD,CAAjB,KAA2BrC,KAAK,CAACC,OAAN,CAAckC,QAAQ,CAACE,GAAD,CAAtB,CAA/B,EAA6D;AAC3DF,MAAAA,QAAQ,CAACE,GAAD,CAAR,GAAgB/C,eAAe,CAACR,GAAD,EAAMC,GAAN,EAAWoD,QAAQ,CAACE,GAAD,CAAnB,EAA0BtC,GAA1B,CAA/B;AACD;AACF,GAvB0C,CAyB3C;;;AACA,MAAIwB,GAAG,GAAGD,SAAS,CAACxC,GAAD,EAAMC,GAAN,EAAWc,GAAX,EAAgBE,GAAhB,CAAnB;AACAX,EAAAA,MAAM,CAACC,MAAP,CAAc8C,QAAd,EAAwBZ,GAAxB;AAEA1B,EAAAA,GAAG,GAAG,gBAAKA,GAAL,EAAU,WAAV,EAAuB,QAAvB,CAAN;AACAT,EAAAA,MAAM,CAACC,MAAP,CAAcQ,GAAd,EAAmBsC,QAAnB;AACA,SAAOtC,GAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { get } from '../http';\nimport { find, omit, toQueryString, clone, isObject } from '../util';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { TransactionState } from './TransactionState';\nimport { addStateToken } from './util';\nimport { getPollFn } from './poll';\nimport { postToTransaction } from './api';\nimport { IdxStatus } from '../idx/types';\n\ninterface PostToTransactionParams {\n autoPush?: boolean;\n rememberDevice?: boolean;\n updatePhone?: boolean;\n}\n\ntype AuthTransactionFunction = (obj?: any) => Promise<AuthTransaction>;\n\ninterface AuthTransactionFunctions {\n // common\n next?: AuthTransactionFunction;\n cancel?: AuthTransactionFunction;\n skip?: AuthTransactionFunction;\n // locked_out\n unlock?: AuthTransactionFunction;\n // password\n changePassword?: AuthTransactionFunction;\n resetPassword?: AuthTransactionFunction;\n // recovery\n answer?: AuthTransactionFunction;\n recovery?: AuthTransactionFunction;\n // recovery_challenge\n verify?: AuthTransactionFunction;\n resend?: AuthTransactionFunction;\n // mfa_enroll_activate\n activate?: AuthTransactionFunction;\n poll?: AuthTransactionFunction;\n prev?: AuthTransactionFunction;\n}\n\nexport class AuthTransaction implements TransactionState, AuthTransactionFunctions {\n next?: AuthTransactionFunction;\n cancel?: AuthTransactionFunction;\n skip?: AuthTransactionFunction;\n unlock?: AuthTransactionFunction;\n changePassword?: AuthTransactionFunction;\n resetPassword?: AuthTransactionFunction;\n answer?: AuthTransactionFunction;\n recovery?: AuthTransactionFunction;\n verify?: AuthTransactionFunction;\n resend?: AuthTransactionFunction;\n activate?: AuthTransactionFunction;\n poll?: AuthTransactionFunction;\n prev?: AuthTransactionFunction;\n\n data?: TransactionState;\n stateToken?: string;\n sessionToken?: string;\n status: string | IdxStatus;\n user?: Record<string, any>;\n factor?: Record<string, any>;\n factors?: Array<Record<string, any> >;\n policy?: Record<string, any>;\n scopes?: Array<Record<string, any> >;\n target?: Record<string, any>;\n authentication?: Record<string, any>;\n constructor(sdk, res: TransactionState | null = null) {\n this.data = undefined;\n this.status = undefined as unknown as string;\n if (res) {\n this.data = res;\n\n if (this.data.interactionHandle) {\n this.status = res.status;\n return;\n }\n\n // Parse response from Authn V1\n Object.assign(this, flattenEmbedded(sdk, res, res, {}));\n delete this.stateToken;\n\n // RECOVERY_CHALLENGE has some responses without _links.\n // Without _links, we emulate cancel to make it intuitive\n // to return to the starting state. We may remove this\n // when OKTA-75434 is resolved\n if (res.status === 'RECOVERY_CHALLENGE' && !res._links) {\n this.cancel = function() {\n return Promise.resolve(new AuthTransaction(sdk));\n };\n }\n }\n }\n}\n\nfunction link2fn(sdk, res, obj, link, ref) {\n if (Array.isArray(link)) {\n return function(name, opts?) {\n if (!name) {\n throw new AuthSdkError('Must provide a link name');\n }\n\n var lk = find(link, {name: name});\n if (!lk) {\n throw new AuthSdkError('No link found for that name');\n }\n\n return link2fn(sdk, res, obj, lk, ref)(opts);\n };\n\n } else if (link.hints &&\n link.hints.allow &&\n link.hints.allow.length === 1) {\n var method = link.hints.allow[0];\n switch (method) {\n\n case 'GET':\n return function() {\n return get(sdk, link.href, { withCredentials: true });\n };\n\n case 'POST':\n // eslint-disable-next-line max-statements,complexity\n return function(opts: TransactionState) {\n if (ref && ref.isPolling) {\n ref.isPolling = false;\n }\n\n var data = addStateToken(res, opts);\n\n if (res.status === 'MFA_ENROLL' || res.status === 'FACTOR_ENROLL') {\n // Add factorType and provider\n Object.assign(data, {\n factorType: obj.factorType,\n provider: obj.provider\n });\n }\n\n var params = {} as PostToTransactionParams;\n var autoPush = data.autoPush;\n if (autoPush !== undefined) {\n if (typeof autoPush === 'function') {\n try {\n params.autoPush = !!autoPush();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n }\n }\n else if (autoPush !== null) {\n params.autoPush = !!autoPush;\n }\n data = omit(data, 'autoPush');\n }\n\n var rememberDevice = data.rememberDevice;\n if (rememberDevice !== undefined) {\n if (typeof rememberDevice === 'function') {\n try {\n params.rememberDevice = !!rememberDevice();\n }\n catch (e) {\n return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n }\n }\n else if (rememberDevice !== null) {\n params.rememberDevice = !!rememberDevice;\n }\n data = omit(data, 'rememberDevice');\n\n } else if (data.profile &&\n data.profile.updatePhone !== undefined) {\n if (data.profile.updatePhone) {\n params.updatePhone = true;\n }\n data.profile = omit(data.profile, 'updatePhone');\n }\n var href = link.href + toQueryString(params);\n return postToTransaction(sdk, href, data);\n };\n }\n }\n}\n\nfunction links2fns(sdk, res, obj, ref) {\n var fns = {} as AuthTransactionFunctions;\n for (var linkName in obj._links) {\n if (!Object.prototype.hasOwnProperty.call(obj._links, linkName)) {\n continue;\n }\n\n var link = obj._links[linkName];\n \n if (linkName === 'next') {\n linkName = link.name;\n }\n\n if (link.type) {\n fns[linkName] = link;\n continue;\n }\n\n switch (linkName) {\n // poll is only found at the transaction\n // level, so we don't need to pass the link\n case 'poll':\n fns.poll = getPollFn(sdk, res, ref);\n break;\n\n default:\n var fn = link2fn(sdk, res, obj, link, ref);\n if (fn) {\n fns[linkName] = fn;\n }\n }\n }\n return fns;\n}\n\n// eslint-disable-next-line complexity\nfunction flattenEmbedded(sdk, res, obj, ref) {\n obj = obj || res;\n obj = clone(obj);\n\n if (Array.isArray(obj)) {\n var objArr = [];\n for (var o = 0, ol = obj.length; o < ol; o++) {\n objArr.push(flattenEmbedded(sdk, res, obj[o], ref) as never);\n }\n return objArr;\n }\n\n var embedded = obj._embedded || {};\n\n for (var key in embedded) {\n if (!Object.prototype.hasOwnProperty.call(embedded, key)) {\n continue;\n }\n\n // Flatten any nested _embedded objects\n if (isObject(embedded[key]) || Array.isArray(embedded[key])) {\n embedded[key] = flattenEmbedded(sdk, res, embedded[key], ref);\n }\n }\n\n // Convert any links on the embedded object\n var fns = links2fns(sdk, res, obj, ref);\n Object.assign(embedded, fns);\n\n obj = omit(obj, '_embedded', '_links');\n Object.assign(obj, embedded);\n return obj;\n}\n"],"file":"AuthTransaction.js"}
package/cjs/tx/TransactionState.js CHANGED
@@ -1,19 +1,2 @@
1
1
  "use strict";
2
-
3
- exports.TransactionState = void 0;
4
-
5
- /*!
6
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
7
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
8
- *
9
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
10
- * Unless required by applicable law or agreed to in writing, software
11
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- *
14
- * See the License for the specific language governing permissions and limitations under the License.
15
- */
16
- class TransactionState {}
17
-
18
- exports.TransactionState = TransactionState;
19
2
  //# sourceMappingURL=TransactionState.js.map
package/cjs/tx/TransactionState.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/tx/TransactionState.ts"],"names":["TransactionState"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGO,MAAMA,gBAAN,CAAuB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport class TransactionState {\n interactionHandle?: string;\n\n// Authn V1 only\n stateToken?: string;\n type?: string;\n expiresAt?: string;\n relayState?: string;\n factorResult?: string;\n factorType?: string;\n recoveryToken?: string;\n recoveryType?: string;\n autoPush?: boolean | (() => boolean);\n rememberDevice?: boolean | (() => boolean);\n profile?: {\n updatePhone?: boolean;\n };\n}"],"file":"TransactionState.js"}
1
+ {"version":3,"sources":[],"names":[],"mappings":"","sourcesContent":[],"file":"TransactionState.js"}
package/cjs/tx/api.js CHANGED
@@ -4,9 +4,10 @@ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefau
4
4
 
5
5
  exports.transactionStatus = transactionStatus;
6
6
  exports.resumeTransaction = resumeTransaction;
7
+ exports.introspectAuthn = introspectAuthn;
8
+ exports.transactionStep = transactionStep;
7
9
  exports.transactionExists = transactionExists;
8
10
  exports.postToTransaction = postToTransaction;
9
- exports.introspect = introspect;
10
11
 
11
12
  var _http = require("../http");
12
13
 
@@ -57,7 +58,7 @@ function resumeTransaction(sdk, args) {
57
58
  });
58
59
  }
59
60
 
60
- function introspect(sdk, args) {
61
+ function introspectAuthn(sdk, args) {
61
62
  if (!args || !args.stateToken) {
62
63
  var stateToken = sdk.tx.exists._get(_constants.STATE_TOKEN_KEY_NAME);
63
64
 
package/cjs/tx/api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/tx/api.ts"],"names":["transactionStatus","sdk","args","getIssuerOrigin","withCredentials","resumeTransaction","stateToken","tx","exists","_get","STATE_TOKEN_KEY_NAME","Promise","reject","AuthSdkError","status","then","res","AuthTransaction","introspect","transactionStep","transactionExists","postToTransaction","url","options","Object","assign"],"mappings":";;;;;;;;;;AAcA;;AACA;;AACA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAOA,SAASA,iBAAT,CAA2BC,GAA3B,EAAgCC,IAAhC,EAAsC;AACpCA,EAAAA,IAAI,GAAG,yBAAcD,GAAd,EAAmBC,IAAnB,CAAP;AACA,SAAO,gBAAKD,GAAL,EAAUA,GAAG,CAACE,eAAJ,KAAwB,eAAlC,EAAmDD,IAAnD,EAAyD;AAAEE,IAAAA,eAAe,EAAE;AAAnB,GAAzD,CAAP;AACD;;AAED,SAASC,iBAAT,CAA2BJ,GAA3B,EAAgCC,IAAhC,EAAsC;AACpC,MAAI,CAACA,IAAD,IAAS,CAACA,IAAI,CAACI,UAAnB,EAA+B;AAC7B,QAAIA,UAAU,GAAGL,GAAG,CAACM,EAAJ,CAAOC,MAAP,CAAcC,IAAd,CAAmBC,+BAAnB,CAAjB;;AACA,QAAIJ,UAAJ,EAAgB;AACdJ,MAAAA,IAAI,GAAG;AACLI,QAAAA,UAAU,EAAEA;AADP,OAAP;AAGD,KAJD,MAIO;AACL,aAAOK,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,0BAAjB,CAAf,CAAP;AACD;AACF;;AACD,SAAOZ,GAAG,CAACM,EAAJ,CAAOO,MAAP,CAAcZ,IAAd,EACJa,IADI,CACC,UAASC,GAAT,EAAc;AAClB,WAAO,IAAIC,gCAAJ,CAAoBhB,GAApB,EAAyBe,GAAzB,CAAP;AACD,GAHI,CAAP;AAID;;AAED,SAASE,UAAT,CAAqBjB,GAArB,EAA0BC,IAA1B,EAAgC;AAC9B,MAAI,CAACA,IAAD,IAAS,CAACA,IAAI,CAACI,UAAnB,EAA+B;AAC7B,QAAIA,UAAU,GAAGL,GAAG,CAACM,EAAJ,CAAOC,MAAP,CAAcC,IAAd,CAAmBC,+BAAnB,CAAjB;;AACA,QAAIJ,UAAJ,EAAgB;AACdJ,MAAAA,IAAI,GAAG;AACLI,QAAAA,UAAU,EAAEA;AADP,OAAP;AAGD,KAJD,MAIO;AACL,aAAOK,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,4BAAjB,CAAf,CAAP;AACD;AACF;;AACD,SAAOM,eAAe,CAAClB,GAAD,EAAMC,IAAN,CAAf,CACJa,IADI,CACC,UAAUC,GAAV,EAAe;AACnB,WAAO,IAAIC,gCAAJ,CAAoBhB,GAApB,EAAyBe,GAAzB,CAAP;AACD,GAHI,CAAP;AAID;;AAED,SAASG,eAAT,CAAyBlB,GAAzB,EAA8BC,IAA9B,EAAoC;AAClCA,EAAAA,IAAI,GAAG,yBAAcD,GAAd,EAAmBC,IAAnB,CAAP,CADkC,CAElC;;AACA,SAAO,gBAAKD,GAAL,EAAUA,GAAG,CAACE,eAAJ,KAAwB,0BAAlC,EAA8DD,IAA9D,EAAoE;AAAEE,IAAAA,eAAe,EAAE;AAAnB,GAApE,CAAP;AACD;;AAED,SAASgB,iBAAT,CAA2BnB,GAA3B,EAAgC;AAC9B;AACA,SAAO,CAAC,CAACA,GAAG,CAACM,EAAJ,CAAOC,MAAP,CAAcC,IAAd,CAAmBC,+BAAnB,CAAT;AACD;;AAED,SAASW,iBAAT,CAA2BpB,GAA3B,EAAgCqB,GAAhC,EAAqCpB,IAArC,EAA2CqB,OAA3C,EAAqD;AACnDA,EAAAA,OAAO,GAAGC,MAAM,CAACC,MAAP,CAAc;AAAErB,IAAAA,eAAe,EAAE;AAAnB,GAAd,EAAyCmB,OAAzC,CAAV;AACA,SAAO,gBAAKtB,GAAL,EAAUqB,GAAV,EAAepB,IAAf,EAAqBqB,OAArB,EACJR,IADI,CACC,UAASC,GAAT,EAAc;AAClB,WAAO,IAAIC,gCAAJ,CAAoBhB,GAApB,EAAyBe,GAAzB,CAAP;AACD,GAHI,CAAP;AAID","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity, max-statements */\nimport { post } from '../http';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { STATE_TOKEN_KEY_NAME } from '../constants';\nimport { addStateToken } from './util';\nimport { AuthTransaction } from './AuthTransaction';\n\nfunction transactionStatus(sdk, args) {\n args = addStateToken(sdk, args);\n return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn', args, { withCredentials: true });\n}\n\nfunction resumeTransaction(sdk, args) {\n if (!args || !args.stateToken) {\n var stateToken = sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);\n if (stateToken) {\n args = {\n stateToken: stateToken\n };\n } else {\n return Promise.reject(new AuthSdkError('No transaction to resume'));\n }\n }\n return sdk.tx.status(args)\n .then(function(res) {\n return new AuthTransaction(sdk, res);\n });\n}\n\nfunction introspect (sdk, args) {\n if (!args || !args.stateToken) {\n var stateToken = sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);\n if (stateToken) {\n args = {\n stateToken: stateToken\n };\n } else {\n return Promise.reject(new AuthSdkError('No transaction to evaluate'));\n }\n }\n return transactionStep(sdk, args)\n .then(function (res) {\n return new AuthTransaction(sdk, res);\n });\n}\n\nfunction transactionStep(sdk, args) {\n args = addStateToken(sdk, args);\n // v1 pipeline introspect API\n return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn/introspect', args, { withCredentials: true });\n}\n\nfunction transactionExists(sdk) {\n // We have a cookie state token\n return !!sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);\n}\n\nfunction postToTransaction(sdk, url, args, options?) {\n options = Object.assign({ withCredentials: true }, options);\n return post(sdk, url, args, options)\n .then(function(res) {\n return new AuthTransaction(sdk, res);\n });\n}\n\nexport {\n transactionStatus,\n resumeTransaction,\n transactionExists,\n postToTransaction,\n introspect,\n};\n"],"file":"api.js"}
1
+ {"version":3,"sources":["../../../lib/tx/api.ts"],"names":["transactionStatus","sdk","args","getIssuerOrigin","withCredentials","resumeTransaction","stateToken","tx","exists","_get","STATE_TOKEN_KEY_NAME","Promise","reject","AuthSdkError","status","then","res","AuthTransaction","introspectAuthn","transactionStep","transactionExists","postToTransaction","url","options","Object","assign"],"mappings":";;;;;;;;;;;AAcA;;AACA;;AACA;;AACA;;AACA;;AAlBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAOO,SAASA,iBAAT,CAA2BC,GAA3B,EAAgCC,IAAhC,EAAsC;AAC3CA,EAAAA,IAAI,GAAG,yBAAcD,GAAd,EAAmBC,IAAnB,CAAP;AACA,SAAO,gBAAKD,GAAL,EAAUA,GAAG,CAACE,eAAJ,KAAwB,eAAlC,EAAmDD,IAAnD,EAAyD;AAAEE,IAAAA,eAAe,EAAE;AAAnB,GAAzD,CAAP;AACD;;AAEM,SAASC,iBAAT,CAA2BJ,GAA3B,EAAgCC,IAAhC,EAAsC;AAC3C,MAAI,CAACA,IAAD,IAAS,CAACA,IAAI,CAACI,UAAnB,EAA+B;AAC7B,QAAIA,UAAU,GAAGL,GAAG,CAACM,EAAJ,CAAOC,MAAP,CAAcC,IAAd,CAAmBC,+BAAnB,CAAjB;;AACA,QAAIJ,UAAJ,EAAgB;AACdJ,MAAAA,IAAI,GAAG;AACLI,QAAAA,UAAU,EAAEA;AADP,OAAP;AAGD,KAJD,MAIO;AACL,aAAOK,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,0BAAjB,CAAf,CAAP;AACD;AACF;;AACD,SAAOZ,GAAG,CAACM,EAAJ,CAAOO,MAAP,CAAcZ,IAAd,EACJa,IADI,CACC,UAASC,GAAT,EAAc;AAClB,WAAO,IAAIC,gCAAJ,CAAoBhB,GAApB,EAAyBe,GAAzB,CAAP;AACD,GAHI,CAAP;AAID;;AAEM,SAASE,eAAT,CAA0BjB,GAA1B,EAA+BC,IAA/B,EAAqC;AAC1C,MAAI,CAACA,IAAD,IAAS,CAACA,IAAI,CAACI,UAAnB,EAA+B;AAC7B,QAAIA,UAAU,GAAGL,GAAG,CAACM,EAAJ,CAAOC,MAAP,CAAcC,IAAd,CAAmBC,+BAAnB,CAAjB;;AACA,QAAIJ,UAAJ,EAAgB;AACdJ,MAAAA,IAAI,GAAG;AACLI,QAAAA,UAAU,EAAEA;AADP,OAAP;AAGD,KAJD,MAIO;AACL,aAAOK,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,4BAAjB,CAAf,CAAP;AACD;AACF;;AACD,SAAOM,eAAe,CAAClB,GAAD,EAAMC,IAAN,CAAf,CACJa,IADI,CACC,UAAUC,GAAV,EAAe;AACnB,WAAO,IAAIC,gCAAJ,CAAoBhB,GAApB,EAAyBe,GAAzB,CAAP;AACD,GAHI,CAAP;AAID;;AAEM,SAASG,eAAT,CAAyBlB,GAAzB,EAA8BC,IAA9B,EAAoC;AACzCA,EAAAA,IAAI,GAAG,yBAAcD,GAAd,EAAmBC,IAAnB,CAAP,CADyC,CAEzC;;AACA,SAAO,gBAAKD,GAAL,EAAUA,GAAG,CAACE,eAAJ,KAAwB,0BAAlC,EAA8DD,IAA9D,EAAoE;AAAEE,IAAAA,eAAe,EAAE;AAAnB,GAApE,CAAP;AACD;;AAEM,SAASgB,iBAAT,CAA2BnB,GAA3B,EAAgC;AACrC;AACA,SAAO,CAAC,CAACA,GAAG,CAACM,EAAJ,CAAOC,MAAP,CAAcC,IAAd,CAAmBC,+BAAnB,CAAT;AACD;;AAEM,SAASW,iBAAT,CAA2BpB,GAA3B,EAAgCqB,GAAhC,EAAqCpB,IAArC,EAA2CqB,OAA3C,EAAqD;AAC1DA,EAAAA,OAAO,GAAGC,MAAM,CAACC,MAAP,CAAc;AAAErB,IAAAA,eAAe,EAAE;AAAnB,GAAd,EAAyCmB,OAAzC,CAAV;AACA,SAAO,gBAAKtB,GAAL,EAAUqB,GAAV,EAAepB,IAAf,EAAqBqB,OAArB,EACJR,IADI,CACC,UAASC,GAAT,EAAc;AAClB,WAAO,IAAIC,gCAAJ,CAAoBhB,GAApB,EAAyBe,GAAzB,CAAP;AACD,GAHI,CAAP;AAID","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity, max-statements */\nimport { post } from '../http';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { STATE_TOKEN_KEY_NAME } from '../constants';\nimport { addStateToken } from './util';\nimport { AuthTransaction } from './AuthTransaction';\n\nexport function transactionStatus(sdk, args) {\n args = addStateToken(sdk, args);\n return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn', args, { withCredentials: true });\n}\n\nexport function resumeTransaction(sdk, args) {\n if (!args || !args.stateToken) {\n var stateToken = sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);\n if (stateToken) {\n args = {\n stateToken: stateToken\n };\n } else {\n return Promise.reject(new AuthSdkError('No transaction to resume'));\n }\n }\n return sdk.tx.status(args)\n .then(function(res) {\n return new AuthTransaction(sdk, res);\n });\n}\n\nexport function introspectAuthn (sdk, args) {\n if (!args || !args.stateToken) {\n var stateToken = sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);\n if (stateToken) {\n args = {\n stateToken: stateToken\n };\n } else {\n return Promise.reject(new AuthSdkError('No transaction to evaluate'));\n }\n }\n return transactionStep(sdk, args)\n .then(function (res) {\n return new AuthTransaction(sdk, res);\n });\n}\n\nexport function transactionStep(sdk, args) {\n args = addStateToken(sdk, args);\n // v1 pipeline introspect API\n return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn/introspect', args, { withCredentials: true });\n}\n\nexport function transactionExists(sdk) {\n // We have a cookie state token\n return !!sdk.tx.exists._get(STATE_TOKEN_KEY_NAME);\n}\n\nexport function postToTransaction(sdk, url, args, options?) {\n options = Object.assign({ withCredentials: true }, options);\n return post(sdk, url, args, options)\n .then(function(res) {\n return new AuthTransaction(sdk, res);\n });\n}\n"],"file":"api.js"}