@okta/okta-auth-js 5.11.0 → 6.0.0

package/cjs/idx/run.js

@@ -8,10 +8,14 @@ var _introspect = require("./introspect");
 
 var _remediate = require("./remediate");
 
+var _flow = require("./flow");
+
 var remediators = _interopRequireWildcard(require("./remediators"));
 
 var _types = require("../types");
 
+var _idxJs = require("./types/idx-js");
+
 var _transactionMeta = require("./transactionMeta");
 
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
@@ -57,7 +61,7 @@ function getEnabledFeatures(idxResponse) {
   return res;
 }
 
-function getAvailableSteps(remediations) {
+function getAvailableSteps(idxResponse) {
   const res = [];
   const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {
     // Only add concrete subclasses to the map
@@ -68,12 +72,12 @@ function getAvailableSteps(remediations) {
     return map;
   }, {});
 
-  for (let remediation of remediations) {
+  for (let remediation of idxResponse.neededToProceed) {
     const T = remediatorMap[remediation.name];
 
     if (T) {
       const remediator = new T(remediation);
-      res.push(remediator.getNextStep());
+      res.push(remediator.getNextStep(idxResponse.context));
     }
   }
 
@@ -90,21 +94,37 @@ async function run(authClient, options = {}) {
   let availableSteps;
   let status = _types.IdxStatus.PENDING;
   let shouldClearTransaction = false;
+  let clearSharedStorage = true;
   let idxResponse;
   let interactionHandle;
   let metaFromResp;
+  let interactionCode;
 
   try {
     var _metaFromResp;
 
-    const {
+    let {
       flow,
-      stateTokenExternalId,
-      state
+      state,
+      scopes,
+      version,
+      remediators,
+      actions,
+      withCredentials,
+      exchangeCodeForTokens,
+      autoRemediate,
+      step
     } = options; // Only one flow can be operating at a time
 
+    flow = flow || authClient.idx.getFlow() || 'default';
+
     if (flow) {
       authClient.idx.setFlow(flow);
+      const flowSpec = (0, _flow.getFlowSpecification)(authClient, flow); // Favor option values over flow spec
+
+      withCredentials = typeof withCredentials !== 'undefined' ? withCredentials : flowSpec.withCredentials;
+      remediators = remediators || flowSpec.remediators;
+      actions = actions || flowSpec.actions;
     } // Try to resume saved transaction
 
 
@@ -113,26 +133,33 @@ async function run(authClient, options = {}) {
     });
     interactionHandle = (_metaFromResp = metaFromResp) === null || _metaFromResp === void 0 ? void 0 : _metaFromResp.interactionHandle; // may be undefined
 
-    if (!interactionHandle && !stateTokenExternalId) {
+    if (!interactionHandle) {
       // start a new transaction
       authClient.transactionManager.clear();
-      const interactResponse = await (0, _interact.interact)(authClient, options);
+      const interactResponse = await (0, _interact.interact)(authClient, {
+        withCredentials,
+        state,
+        scopes
+      });
       interactionHandle = interactResponse.interactionHandle;
       metaFromResp = interactResponse.meta;
+      withCredentials = metaFromResp.withCredentials;
     } // Introspect to get idx response
 
 
     idxResponse = await (0, _introspect.introspect)(authClient, {
-      interactionHandle,
-      stateTokenExternalId
+      withCredentials,
+      version,
+      interactionHandle
     });
+    enabledFeatures = getEnabledFeatures(idxResponse);
+    availableSteps = getAvailableSteps(idxResponse); // Include meta in the transaction response
+
+    meta = metaFromResp;
+
+    if (autoRemediate !== false && (remediators || actions)) {
+      var _idxResponse;
 
-    if (!options.remediators && !options.actions) {
-      // handle start transaction
-      meta = metaFromResp;
-      enabledFeatures = getEnabledFeatures(idxResponse);
-      availableSteps = getAvailableSteps(idxResponse.neededToProceed);
-    } else {
       const values = { ...options,
         stateHandle: idxResponse.rawIdxState.stateHandle
       }; // Can we handle the remediations?
@@ -143,56 +170,87 @@ async function run(authClient, options = {}) {
         terminal,
         canceled,
         messages: messagesFromResp
-      } = await (0, _remediate.remediate)(idxResponse, values, options); // Track fields from remediation response
+      } = await (0, _remediate.remediate)(idxResponse, values, {
+        remediators,
+        actions,
+        flow,
+        step
+      });
+      idxResponse = idxResponseFromResp || idxResponse; // Track fields from remediation response
 
       nextStep = nextStepFromResp;
       messages = messagesFromResp; // Save intermediate idx response in storage to reduce introspect call
 
-      if (nextStep && idxResponseFromResp) {
-        authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);
+      if (nextStep) {
+        authClient.transactionManager.saveIdxResponse(idxResponse.rawIdxState);
+        availableSteps = getAvailableSteps(idxResponse);
       }
 
       if (terminal) {
         status = _types.IdxStatus.TERMINAL;
         shouldClearTransaction = true;
+        clearSharedStorage = false; // transaction may be continued in another tab
       }
 
       if (canceled) {
         status = _types.IdxStatus.CANCELED;
         shouldClearTransaction = true;
-      } else if (idxResponseFromResp !== null && idxResponseFromResp !== void 0 && idxResponseFromResp.interactionCode) {
-        const {
-          clientId,
-          codeVerifier,
-          ignoreSignature,
-          redirectUri,
-          urls,
-          scopes
-        } = metaFromResp;
-        tokens = await authClient.token.exchangeCodeForTokens({
-          interactionCode: idxResponseFromResp.interactionCode,
-          clientId,
-          codeVerifier,
-          ignoreSignature,
-          redirectUri,
-          scopes
-        }, urls);
-        status = _types.IdxStatus.SUCCESS;
-        shouldClearTransaction = true;
+      } else if ((_idxResponse = idxResponse) !== null && _idxResponse !== void 0 && _idxResponse.interactionCode) {
+        interactionCode = idxResponse.interactionCode;
+
+        if (exchangeCodeForTokens === false) {
+          status = _types.IdxStatus.SUCCESS;
+          shouldClearTransaction = false;
+        } else {
+          // exchange the interaction code for tokens
+          const {
+            clientId,
+            codeVerifier,
+            ignoreSignature,
+            redirectUri,
+            urls,
+            scopes
+          } = metaFromResp;
+          tokens = await authClient.token.exchangeCodeForTokens({
+            interactionCode,
+            clientId,
+            codeVerifier,
+            ignoreSignature,
+            redirectUri,
+            scopes
+          }, urls);
+          status = _types.IdxStatus.SUCCESS;
+          shouldClearTransaction = true;
+        }
       }
     }
   } catch (err) {
-    error = err;
-    status = _types.IdxStatus.FAILURE;
-    shouldClearTransaction = true;
+    // current version of idx-js will throw/reject IDX responses. Handle these differently than regular errors
+    if ((0, _idxJs.isIdxResponse)(err)) {
+      error = err;
+      status = _types.IdxStatus.FAILURE;
+      shouldClearTransaction = true;
+    } else {
+      // error is not an IDX response, throw it like a regular error
+      throw err;
+    }
   }
 
   if (shouldClearTransaction) {
-    authClient.transactionManager.clear();
-  }
+    authClient.transactionManager.clear({
+      clearSharedStorage
+    });
+  } // from idx-js, used by the widget
+
 
+  const {
+    actions,
+    context,
+    neededToProceed,
+    proceed,
+    rawIdxState
+  } = idxResponse || {};
   return {
-    _idxResponse: idxResponse,
     status,
     ...(meta && {
       meta
@@ -214,7 +272,15 @@ async function run(authClient, options = {}) {
     }),
     ...(error && {
       error
-    })
+    }),
+    interactionCode,
+    // if options.exchangeCodeForTokens is false
+    // from idx-js
+    actions,
+    context,
+    neededToProceed,
+    proceed,
+    rawIdxState
   };
 }
 //# sourceMappingURL=run.js.map

package/cjs/idx/run.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","IdxFeature","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediations","remediatorMap","Object","values","remediators","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","IdxStatus","PENDING","shouldClearTransaction","interactionHandle","metaFromResp","flow","stateTokenExternalId","state","idx","setFlow","transactionManager","clear","interactResponse","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","saveIdxResponse","TERMINAL","CANCELED","interactionCode","clientId","codeVerifier","ignoreSignature","redirectUri","urls","scopes","token","exchangeCodeForTokens","SUCCESS","err","FAILURE","_idxResponse"],"mappings":";;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;AASA;;;;;;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAwBA,SAASA,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,QAAMC,GAAG,GAAG,EAAZ;AACA,QAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWC,iBAApB;AACD;;AAED,MAAIH,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,uBAA5C,CAAJ,EAA0E;AACxEP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWI,YAApB;AACD;;AAED,MAAIN,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,cAA5C,CAAJ,EAAiE;AAC/DP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWK,UAApB;AACD;;AAED,SAAOT,GAAP;AACD;;AAED,SAASU,iBAAT,CAA2BC,YAA3B,EAAuE;AACrE,QAAMX,GAAG,GAAG,EAAZ;AAEA,QAAMY,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcC,WAAd,EAA2BC,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBT,YAAxB,EAAsC;AACpC,UAAMU,CAAC,GAAGT,aAAa,CAACQ,WAAW,CAACb,IAAb,CAAvB;;AACA,QAAIc,CAAJ,EAAO;AACL,YAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACApB,MAAAA,GAAG,CAACG,IAAJ,CAAUmB,UAAU,CAACC,WAAX,EAAV;AACD;AACF;;AAED,SAAOvB,GAAP;AACD;;AAEM,eAAewB,GAAf,CACLC,UADK,EAELC,OAAmB,GAAG,EAFjB,EAGoB;AACzB,MAAIC,MAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,KAAJ;AACA,MAAIC,IAAJ;AACA,MAAIC,eAAJ;AACA,MAAIC,cAAJ;AACA,MAAIC,MAAM,GAAGC,iBAAUC,OAAvB;AACA,MAAIC,sBAAsB,GAAG,KAA7B;AACA,MAAItC,WAAJ;AACA,MAAIuC,iBAAJ;AACA,MAAIC,YAAJ;;AAEA,MAAI;AAAA;;AAEF,UAAM;AAAEC,MAAAA,IAAF;AAAQC,MAAAA,oBAAR;AAA8BC,MAAAA;AAA9B,QAAwChB,OAA9C,CAFE,CAIF;;AACA,QAAIc,IAAJ,EAAU;AACRf,MAAAA,UAAU,CAACkB,GAAX,CAAeC,OAAf,CAAuBJ,IAAvB;AACD,KAPC,CASF;;;AACAD,IAAAA,YAAY,GAAG,8CAAwBd,UAAxB,EAAoC;AAAEiB,MAAAA;AAAF,KAApC,CAAf;AACAJ,IAAAA,iBAAiB,oBAAGC,YAAH,kDAAG,cAAcD,iBAAlC,CAXE,CAWmD;;AAErD,QAAI,CAACA,iBAAD,IAAsB,CAACG,oBAA3B,EAAiD;AAC/C;AACAhB,MAAAA,UAAU,CAACoB,kBAAX,CAA8BC,KAA9B;AACA,YAAMC,gBAAgB,GAAG,MAAM,wBAAStB,UAAT,EAAqBC,OAArB,CAA/B;AACAY,MAAAA,iBAAiB,GAAGS,gBAAgB,CAACT,iBAArC;AACAC,MAAAA,YAAY,GAAGQ,gBAAgB,CAAChB,IAAhC;AACD,KAnBC,CAqBF;;;AACAhC,IAAAA,WAAW,GAAG,MAAM,4BAAW0B,UAAX,EAAuB;AAAEa,MAAAA,iBAAF;AAAqBG,MAAAA;AAArB,KAAvB,CAApB;;AAEA,QAAI,CAACf,OAAO,CAACX,WAAT,IAAwB,CAACW,OAAO,CAACzB,OAArC,EAA8C;AAC5C;AACA8B,MAAAA,IAAI,GAAGQ,YAAP;AACAP,MAAAA,eAAe,GAAGlC,kBAAkB,CAACC,WAAD,CAApC;AACAkC,MAAAA,cAAc,GAAGvB,iBAAiB,CAACX,WAAW,CAACG,eAAb,CAAlC;AACD,KALD,MAKO;AACL,YAAMY,MAAqC,GAAG,EAC5C,GAAGY,OADyC;AAE5CsB,QAAAA,WAAW,EAAEjD,WAAW,CAACkD,WAAZ,CAAwBD;AAFO,OAA9C,CADK,CAML;;AACA,YAAM;AACJjD,QAAAA,WAAW,EAAEmD,mBADT;AAEJtB,QAAAA,QAAQ,EAAEuB,gBAFN;AAGJC,QAAAA,QAHI;AAIJC,QAAAA,QAJI;AAKJxB,QAAAA,QAAQ,EAAEyB;AALN,UAMF,MAAM,0BAAUvD,WAAV,EAAuBe,MAAvB,EAA+BY,OAA/B,CANV,CAPK,CAeL;;AACAE,MAAAA,QAAQ,GAAGuB,gBAAX;AACAtB,MAAAA,QAAQ,GAAGyB,gBAAX,CAjBK,CAmBL;;AACA,UAAI1B,QAAQ,IAAIsB,mBAAhB,EAAqC;AACnCzB,QAAAA,UAAU,CAACoB,kBAAX,CAA8BU,eAA9B,CAA8CL,mBAAmB,CAACD,WAAlE;AACD;;AAED,UAAIG,QAAJ,EAAc;AACZlB,QAAAA,MAAM,GAAGC,iBAAUqB,QAAnB;AACAnB,QAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAAC,UAAIgB,QAAJ,EAAc;AACdnB,QAAAA,MAAM,GAAGC,iBAAUsB,QAAnB;AACApB,QAAAA,sBAAsB,GAAG,IAAzB;AACD,OAHC,MAGK,IAAIa,mBAAJ,aAAIA,mBAAJ,eAAIA,mBAAmB,CAAEQ,eAAzB,EAA0C;AAC/C,cAAM;AACJC,UAAAA,QADI;AAEJC,UAAAA,YAFI;AAGJC,UAAAA,eAHI;AAIJC,UAAAA,WAJI;AAKJC,UAAAA,IALI;AAMJC,UAAAA;AANI,YAOFzB,YAPJ;AAQAZ,QAAAA,MAAM,GAAG,MAAMF,UAAU,CAACwC,KAAX,CAAiBC,qBAAjB,CAAuC;AACpDR,UAAAA,eAAe,EAAER,mBAAmB,CAACQ,eADe;AAEpDC,UAAAA,QAFoD;AAGpDC,UAAAA,YAHoD;AAIpDC,UAAAA,eAJoD;AAKpDC,UAAAA,WALoD;AAMpDE,UAAAA;AANoD,SAAvC,EAOZD,IAPY,CAAf;AASA7B,QAAAA,MAAM,GAAGC,iBAAUgC,OAAnB;AACA9B,QAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF,GAjFD,CAiFE,OAAO+B,GAAP,EAAY;AACZtC,IAAAA,KAAK,GAAGsC,GAAR;AACAlC,IAAAA,MAAM,GAAGC,iBAAUkC,OAAnB;AACAhC,IAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAED,MAAIA,sBAAJ,EAA4B;AAC1BZ,IAAAA,UAAU,CAACoB,kBAAX,CAA8BC,KAA9B;AACD;;AAED,SAAO;AACLwB,IAAAA,YAAY,EAAEvE,WADT;AAELmC,IAAAA,MAFK;AAGL,QAAIH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAAZ,CAHK;AAIL,QAAIC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAAvB,CAJK;AAKL,QAAIC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KAAtB,CALK;AAML,QAAIN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KAAd,CANK;AAOL,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CAPK;AAQL,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CARK;AASL,QAAIC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KAAb;AATK,GAAP;AAWD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { RemediationFlow } from './flow';\nimport * as remediators from './remediators';\nimport { \n  OktaAuth,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n  FlowIdentifier,\n} from '../types';\nimport { IdxResponse, IdxRemediation } from './types/idx-js';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { ProceedOptions } from './proceed';\n\nexport type RunOptions = ProceedOptions & {\n  flow?: FlowIdentifier;\n  remediators?: RemediationFlow;\n  actions?: string[];\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP);\n  }\n\n  return res;\n}\n\nfunction getAvailableSteps(remediations: IdxRemediation[]): NextStep[] {\n  const res = [];\n\n  const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n    // Only add concrete subclasses to the map\n    if (remediatorClass.remediationName) {\n      map[remediatorClass.remediationName] = remediatorClass;\n    }\n    return map;\n  }, {});\n\n  for (let remediation of remediations) {\n    const T = remediatorMap[remediation.name];\n    if (T) {\n      const remediator = new T(remediation);\n      res.push (remediator.getNextStep());\n    }\n  }\n\n  return res;\n}\n\nexport async function run(\n  authClient: OktaAuth, \n  options: RunOptions = {},\n): Promise<IdxTransaction> {\n  let tokens;\n  let nextStep;\n  let messages;\n  let error;\n  let meta;\n  let enabledFeatures;\n  let availableSteps;\n  let status = IdxStatus.PENDING;\n  let shouldClearTransaction = false;\n  let idxResponse;\n  let interactionHandle;\n  let metaFromResp;\n\n  try {\n\n    const { flow, stateTokenExternalId, state } = options;\n\n    // Only one flow can be operating at a time\n    if (flow) {\n      authClient.idx.setFlow(flow);\n    }\n\n    // Try to resume saved transaction\n    metaFromResp = getSavedTransactionMeta(authClient, { state });\n    interactionHandle = metaFromResp?.interactionHandle; // may be undefined\n\n    if (!interactionHandle && !stateTokenExternalId) {\n      // start a new transaction\n      authClient.transactionManager.clear();\n      const interactResponse = await interact(authClient, options); \n      interactionHandle = interactResponse.interactionHandle;\n      metaFromResp = interactResponse.meta;\n    }\n\n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { interactionHandle, stateTokenExternalId });\n\n    if (!options.remediators && !options.actions) {\n      // handle start transaction\n      meta = metaFromResp;\n      enabledFeatures = getEnabledFeatures(idxResponse);\n      availableSteps = getAvailableSteps(idxResponse.neededToProceed);\n    } else {\n      const values: remediators.RemediationValues = { \n        ...options, \n        stateHandle: idxResponse.rawIdxState.stateHandle \n      };\n\n      // Can we handle the remediations?\n      const { \n        idxResponse: idxResponseFromResp, \n        nextStep: nextStepFromResp,\n        terminal,\n        canceled,\n        messages: messagesFromResp,\n      } = await remediate(idxResponse, values, options);\n\n      // Track fields from remediation response\n      nextStep = nextStepFromResp;\n      messages = messagesFromResp;\n\n      // Save intermediate idx response in storage to reduce introspect call\n      if (nextStep && idxResponseFromResp) {\n        authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);\n      }\n\n      if (terminal) {\n        status = IdxStatus.TERMINAL;\n        shouldClearTransaction = true;\n      } if (canceled) {\n        status = IdxStatus.CANCELED;\n        shouldClearTransaction = true;\n      } else if (idxResponseFromResp?.interactionCode) { \n        const {\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          urls,\n          scopes,\n        } = metaFromResp;\n        tokens = await authClient.token.exchangeCodeForTokens({\n          interactionCode: idxResponseFromResp.interactionCode,\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          scopes\n        }, urls);\n\n        status = IdxStatus.SUCCESS;\n        shouldClearTransaction = true;\n      }\n    }\n  } catch (err) {\n    error = err;\n    status = IdxStatus.FAILURE;\n    shouldClearTransaction = true;\n  }\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear();\n  }\n  \n  return {\n    _idxResponse: idxResponse, \n    status,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens: tokens.tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && { messages }),\n    ...(error && { error }),\n  };\n}\n"],"file":"run.js"}
+{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","IdxFeature","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediatorMap","Object","values","remediators","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","context","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","IdxStatus","PENDING","shouldClearTransaction","clearSharedStorage","interactionHandle","metaFromResp","interactionCode","flow","state","scopes","version","withCredentials","exchangeCodeForTokens","autoRemediate","step","idx","getFlow","setFlow","flowSpec","transactionManager","clear","interactResponse","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","saveIdxResponse","TERMINAL","CANCELED","SUCCESS","clientId","codeVerifier","ignoreSignature","redirectUri","urls","token","err","FAILURE","proceed"],"mappings":";;;;AAcA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAQA;;AACA;;;;;;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAyBA,SAASA,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,QAAMC,GAAG,GAAG,EAAZ;AACA,QAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWC,iBAApB;AACD;;AAED,MAAIH,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,uBAA5C,CAAJ,EAA0E;AACxEP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWI,YAApB;AACD;;AAED,MAAIN,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,cAA5C,CAAJ,EAAiE;AAC/DP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWK,UAApB;AACD;;AAED,SAAOT,GAAP;AACD;;AAED,SAASU,iBAAT,CAA2BX,WAA3B,EAAiE;AAC/D,QAAMC,GAAG,GAAG,EAAZ;AAEA,QAAMW,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcC,WAAd,EAA2BC,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBpB,WAAW,CAACG,eAApC,EAAqD;AACnD,UAAMkB,CAAC,GAAGT,aAAa,CAACQ,WAAW,CAACZ,IAAb,CAAvB;;AACA,QAAIa,CAAJ,EAAO;AACL,YAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACAnB,MAAAA,GAAG,CAACG,IAAJ,CAAUkB,UAAU,CAACC,WAAX,CAAuBvB,WAAW,CAACwB,OAAnC,CAAV;AACD;AACF;;AAED,SAAOvB,GAAP;AACD;;AAEM,eAAewB,GAAf,CACLC,UADK,EAELC,OAAmB,GAAG,EAFjB,EAGoB;AACzB,MAAIC,MAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,KAAJ;AACA,MAAIC,IAAJ;AACA,MAAIC,eAAJ;AACA,MAAIC,cAAJ;AACA,MAAIC,MAAM,GAAGC,iBAAUC,OAAvB;AACA,MAAIC,sBAAsB,GAAG,KAA7B;AACA,MAAIC,kBAAkB,GAAG,IAAzB;AACA,MAAIvC,WAAJ;AACA,MAAIwC,iBAAJ;AACA,MAAIC,YAAJ;AACA,MAAIC,eAAJ;;AAEA,MAAI;AAAA;;AAEF,QAAI;AACFC,MAAAA,IADE;AAEFC,MAAAA,KAFE;AAGFC,MAAAA,MAHE;AAIFC,MAAAA,OAJE;AAKF/B,MAAAA,WALE;AAMFb,MAAAA,OANE;AAOF6C,MAAAA,eAPE;AAQFC,MAAAA,qBARE;AASFC,MAAAA,aATE;AAUFC,MAAAA;AAVE,QAWAvB,OAXJ,CAFE,CAeF;;AACAgB,IAAAA,IAAI,GAAGA,IAAI,IAAIjB,UAAU,CAACyB,GAAX,CAAeC,OAAf,EAAR,IAAoC,SAA3C;;AACA,QAAIT,IAAJ,EAAU;AACRjB,MAAAA,UAAU,CAACyB,GAAX,CAAeE,OAAf,CAAuBV,IAAvB;AACA,YAAMW,QAAQ,GAAG,gCAAqB5B,UAArB,EAAiCiB,IAAjC,CAAjB,CAFQ,CAGR;;AACAI,MAAAA,eAAe,GAAI,OAAOA,eAAP,KAA2B,WAA5B,GAA2CA,eAA3C,GAA6DO,QAAQ,CAACP,eAAxF;AACAhC,MAAAA,WAAW,GAAGA,WAAW,IAAIuC,QAAQ,CAACvC,WAAtC;AACAb,MAAAA,OAAO,GAAGA,OAAO,IAAIoD,QAAQ,CAACpD,OAA9B;AACD,KAxBC,CA0BF;;;AACAuC,IAAAA,YAAY,GAAG,8CAAwBf,UAAxB,EAAoC;AAAEkB,MAAAA;AAAF,KAApC,CAAf;AACAJ,IAAAA,iBAAiB,oBAAGC,YAAH,kDAAG,cAAcD,iBAAlC,CA5BE,CA4BmD;;AAErD,QAAI,CAACA,iBAAL,EAAwB;AACtB;AACAd,MAAAA,UAAU,CAAC6B,kBAAX,CAA8BC,KAA9B;AACA,YAAMC,gBAAgB,GAAG,MAAM,wBAAS/B,UAAT,EAAqB;AAAEqB,QAAAA,eAAF;AAAmBH,QAAAA,KAAnB;AAA0BC,QAAAA;AAA1B,OAArB,CAA/B;AACAL,MAAAA,iBAAiB,GAAGiB,gBAAgB,CAACjB,iBAArC;AACAC,MAAAA,YAAY,GAAGgB,gBAAgB,CAACzB,IAAhC;AACAe,MAAAA,eAAe,GAAGN,YAAY,CAACM,eAA/B;AACD,KArCC,CAuCF;;;AACA/C,IAAAA,WAAW,GAAG,MAAM,4BAAW0B,UAAX,EAAuB;AAAEqB,MAAAA,eAAF;AAAmBD,MAAAA,OAAnB;AAA4BN,MAAAA;AAA5B,KAAvB,CAApB;AACAP,IAAAA,eAAe,GAAGlC,kBAAkB,CAACC,WAAD,CAApC;AACAkC,IAAAA,cAAc,GAAGvB,iBAAiB,CAACX,WAAD,CAAlC,CA1CE,CA4CF;;AACAgC,IAAAA,IAAI,GAAGS,YAAP;;AAEA,QAAIQ,aAAa,KAAK,KAAlB,KAA4BlC,WAAW,IAAIb,OAA3C,CAAJ,EAAyD;AAAA;;AACvD,YAAMY,MAAqC,GAAG,EAC5C,GAAGa,OADyC;AAE5C+B,QAAAA,WAAW,EAAE1D,WAAW,CAAC2D,WAAZ,CAAwBD;AAFO,OAA9C,CADuD,CAMvD;;AACA,YAAM;AACJ1D,QAAAA,WAAW,EAAE4D,mBADT;AAEJ/B,QAAAA,QAAQ,EAAEgC,gBAFN;AAGJC,QAAAA,QAHI;AAIJC,QAAAA,QAJI;AAKJjC,QAAAA,QAAQ,EAAEkC;AALN,UAMF,MAAM,0BAAUhE,WAAV,EAAuBc,MAAvB,EAA+B;AAAEC,QAAAA,WAAF;AAAeb,QAAAA,OAAf;AAAwByC,QAAAA,IAAxB;AAA8BO,QAAAA;AAA9B,OAA/B,CANV;AAOAlD,MAAAA,WAAW,GAAG4D,mBAAmB,IAAI5D,WAArC,CAduD,CAgBvD;;AACA6B,MAAAA,QAAQ,GAAGgC,gBAAX;AACA/B,MAAAA,QAAQ,GAAGkC,gBAAX,CAlBuD,CAoBvD;;AACA,UAAInC,QAAJ,EAAc;AACZH,QAAAA,UAAU,CAAC6B,kBAAX,CAA8BU,eAA9B,CAA8CjE,WAAW,CAAC2D,WAA1D;AACAzB,QAAAA,cAAc,GAAGvB,iBAAiB,CAACX,WAAD,CAAlC;AACD;;AAED,UAAI8D,QAAJ,EAAc;AACZ3B,QAAAA,MAAM,GAAGC,iBAAU8B,QAAnB;AACA5B,QAAAA,sBAAsB,GAAG,IAAzB;AACAC,QAAAA,kBAAkB,GAAG,KAArB,CAHY,CAGgB;AAC7B;;AAAC,UAAIwB,QAAJ,EAAc;AACd5B,QAAAA,MAAM,GAAGC,iBAAU+B,QAAnB;AACA7B,QAAAA,sBAAsB,GAAG,IAAzB;AACD,OAHC,MAGK,oBAAItC,WAAJ,yCAAI,aAAa0C,eAAjB,EAAkC;AACvCA,QAAAA,eAAe,GAAG1C,WAAW,CAAC0C,eAA9B;;AAEA,YAAIM,qBAAqB,KAAK,KAA9B,EAAqC;AACnCb,UAAAA,MAAM,GAAGC,iBAAUgC,OAAnB;AACA9B,UAAAA,sBAAsB,GAAG,KAAzB;AACD,SAHD,MAGO;AACL;AACA,gBAAM;AACJ+B,YAAAA,QADI;AAEJC,YAAAA,YAFI;AAGJC,YAAAA,eAHI;AAIJC,YAAAA,WAJI;AAKJC,YAAAA,IALI;AAMJ5B,YAAAA;AANI,cAOFJ,YAPJ;AAQAb,UAAAA,MAAM,GAAG,MAAMF,UAAU,CAACgD,KAAX,CAAiB1B,qBAAjB,CAAuC;AACpDN,YAAAA,eADoD;AAEpD2B,YAAAA,QAFoD;AAGpDC,YAAAA,YAHoD;AAIpDC,YAAAA,eAJoD;AAKpDC,YAAAA,WALoD;AAMpD3B,YAAAA;AANoD,WAAvC,EAOZ4B,IAPY,CAAf;AASAtC,UAAAA,MAAM,GAAGC,iBAAUgC,OAAnB;AACA9B,UAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF;AACF,GA9GD,CA8GE,OAAOqC,GAAP,EAAY;AACZ;AACA,QAAI,0BAAcA,GAAd,CAAJ,EAAwB;AACtB5C,MAAAA,KAAK,GAAG4C,GAAR;AACAxC,MAAAA,MAAM,GAAGC,iBAAUwC,OAAnB;AACAtC,MAAAA,sBAAsB,GAAG,IAAzB;AACD,KAJD,MAIO;AACL;AACA,YAAMqC,GAAN;AACD;AAEF;;AAED,MAAIrC,sBAAJ,EAA4B;AAC1BZ,IAAAA,UAAU,CAAC6B,kBAAX,CAA8BC,KAA9B,CAAoC;AAAEjB,MAAAA;AAAF,KAApC;AACD,GA7IwB,CA+IzB;;;AACA,QAAM;AAAErC,IAAAA,OAAF;AAAWsB,IAAAA,OAAX;AAAoBrB,IAAAA,eAApB;AAAqC0E,IAAAA,OAArC;AAA8ClB,IAAAA;AAA9C,MAA8D3D,WAAW,IAAI,EAAnF;AACA,SAAO;AACLmC,IAAAA,MADK;AAEL,QAAIH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAAZ,CAFK;AAGL,QAAIC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAAvB,CAHK;AAIL,QAAIC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KAAtB,CAJK;AAKL,QAAIN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KAAd,CALK;AAML,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CANK;AAOL,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CAPK;AAQL,QAAIC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KAAb,CARK;AASLW,IAAAA,eATK;AASY;AAEjB;AACAxC,IAAAA,OAZK;AAaLsB,IAAAA,OAbK;AAcLrB,IAAAA,eAdK;AAeL0E,IAAAA,OAfK;AAgBLlB,IAAAA;AAhBK,GAAP;AAkBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate, RemediateOptions } from './remediate';\nimport { getFlowSpecification, RemediationFlow } from './flow';\nimport * as remediators from './remediators';\nimport { \n  OktaAuth,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n  FlowIdentifier,\n} from '../types';\nimport { IdxResponse, isIdxResponse } from './types/idx-js';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { ProceedOptions } from './proceed';\n\nexport type RunOptions = ProceedOptions & RemediateOptions & {\n  flow?: FlowIdentifier;\n  remediators?: RemediationFlow;\n  actions?: string[];\n  withCredentials?: boolean;\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP as never);\n  }\n\n  return res;\n}\n\nfunction getAvailableSteps(idxResponse: IdxResponse): NextStep[] {\n  const res = [];\n\n  const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n    // Only add concrete subclasses to the map\n    if (remediatorClass.remediationName) {\n      map[remediatorClass.remediationName] = remediatorClass;\n    }\n    return map;\n  }, {});\n\n  for (let remediation of idxResponse.neededToProceed) {\n    const T = remediatorMap[remediation.name];\n    if (T) {\n      const remediator = new T(remediation);\n      res.push (remediator.getNextStep(idxResponse.context) as never);\n    }\n  }\n\n  return res;\n}\n\nexport async function run(\n  authClient: OktaAuth, \n  options: RunOptions = {},\n): Promise<IdxTransaction> {\n  let tokens;\n  let nextStep;\n  let messages;\n  let error;\n  let meta;\n  let enabledFeatures;\n  let availableSteps;\n  let status = IdxStatus.PENDING;\n  let shouldClearTransaction = false;\n  let clearSharedStorage = true;\n  let idxResponse;\n  let interactionHandle;\n  let metaFromResp;\n  let interactionCode;\n\n  try {\n\n    let {\n      flow,\n      state,\n      scopes,\n      version,\n      remediators,\n      actions,\n      withCredentials,\n      exchangeCodeForTokens,\n      autoRemediate,\n      step\n    } = options;\n\n    // Only one flow can be operating at a time\n    flow = flow || authClient.idx.getFlow() || 'default';\n    if (flow) {\n      authClient.idx.setFlow(flow);\n      const flowSpec = getFlowSpecification(authClient, flow);\n      // Favor option values over flow spec\n      withCredentials = (typeof withCredentials !== 'undefined') ? withCredentials : flowSpec.withCredentials;\n      remediators = remediators || flowSpec.remediators;\n      actions = actions || flowSpec.actions;\n    }\n\n    // Try to resume saved transaction\n    metaFromResp = getSavedTransactionMeta(authClient, { state });\n    interactionHandle = metaFromResp?.interactionHandle; // may be undefined\n\n    if (!interactionHandle) {\n      // start a new transaction\n      authClient.transactionManager.clear();\n      const interactResponse = await interact(authClient, { withCredentials, state, scopes }); \n      interactionHandle = interactResponse.interactionHandle;\n      metaFromResp = interactResponse.meta;\n      withCredentials = metaFromResp.withCredentials;\n    }\n\n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { withCredentials, version, interactionHandle });\n    enabledFeatures = getEnabledFeatures(idxResponse);\n    availableSteps = getAvailableSteps(idxResponse);\n    \n    // Include meta in the transaction response\n    meta = metaFromResp;\n\n    if (autoRemediate !== false && (remediators || actions)) {\n      const values: remediators.RemediationValues = { \n        ...options, \n        stateHandle: idxResponse.rawIdxState.stateHandle \n      };\n\n      // Can we handle the remediations?\n      const { \n        idxResponse: idxResponseFromResp, \n        nextStep: nextStepFromResp,\n        terminal,\n        canceled,\n        messages: messagesFromResp,\n      } = await remediate(idxResponse, values, { remediators, actions, flow, step });\n      idxResponse = idxResponseFromResp || idxResponse;\n\n      // Track fields from remediation response\n      nextStep = nextStepFromResp;\n      messages = messagesFromResp;\n\n      // Save intermediate idx response in storage to reduce introspect call\n      if (nextStep) {\n        authClient.transactionManager.saveIdxResponse(idxResponse.rawIdxState);\n        availableSteps = getAvailableSteps(idxResponse);\n      }\n\n      if (terminal) {\n        status = IdxStatus.TERMINAL;\n        shouldClearTransaction = true;\n        clearSharedStorage = false; // transaction may be continued in another tab\n      } if (canceled) {\n        status = IdxStatus.CANCELED;\n        shouldClearTransaction = true;\n      } else if (idxResponse?.interactionCode) { \n        interactionCode = idxResponse.interactionCode;\n\n        if (exchangeCodeForTokens === false) {\n          status = IdxStatus.SUCCESS;\n          shouldClearTransaction = false;\n        } else {\n          // exchange the interaction code for tokens\n          const {\n            clientId,\n            codeVerifier,\n            ignoreSignature,\n            redirectUri,\n            urls,\n            scopes,\n          } = metaFromResp;\n          tokens = await authClient.token.exchangeCodeForTokens({\n            interactionCode,\n            clientId,\n            codeVerifier,\n            ignoreSignature,\n            redirectUri,\n            scopes\n          }, urls);\n\n          status = IdxStatus.SUCCESS;\n          shouldClearTransaction = true;\n        }\n      }\n    }\n  } catch (err) {\n    // current version of idx-js will throw/reject IDX responses. Handle these differently than regular errors\n    if (isIdxResponse(err)) {\n      error = err;\n      status = IdxStatus.FAILURE;\n      shouldClearTransaction = true;\n    } else {\n      // error is not an IDX response, throw it like a regular error\n      throw err;\n    }\n\n  }\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear({ clearSharedStorage });\n  }\n  \n  // from idx-js, used by the widget\n  const { actions, context, neededToProceed, proceed, rawIdxState } = idxResponse || {};\n  return {\n    status,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens: tokens.tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && { messages }),\n    ...(error && { error }),\n    interactionCode, // if options.exchangeCodeForTokens is false\n\n    // from idx-js\n    actions,\n    context,\n    neededToProceed,\n    proceed,\n    rawIdxState,\n  };\n}\n"],"file":"run.js"}

package/cjs/idx/startTransaction.js

@@ -15,10 +15,12 @@ var _run = require("./run");
  * 
  * See the License for the specific language governing permissions and limitations under the License.
  */
-// This method only resolves { status: IdxStatus.PENDING } if transaction has already started
 async function startTransaction(authClient, options = {}) {
   // Clear IDX response cache and saved transaction meta (if any)
   authClient.transactionManager.clear();
-  return (0, _run.run)(authClient, options);
+  return (0, _run.run)(authClient, {
+    exchangeCodeForTokens: false,
+    ...options
+  });
 }
 //# sourceMappingURL=startTransaction.js.map

package/cjs/idx/startTransaction.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/startTransaction.ts"],"names":["startTransaction","authClient","options","transactionManager","clear"],"mappings":";;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,gBAAf,CACLC,UADK,EAELC,OAAmB,GAAG,EAFjB,EAGoB;AACzB;AACAD,EAAAA,UAAU,CAACE,kBAAX,CAA8BC,KAA9B;AAEA,SAAO,cAAIH,UAAJ,EAAgBC,OAAhB,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { OktaAuth, IdxOptions, IdxTransaction } from '../types';\n\n// This method only resolves { status: IdxStatus.PENDING } if transaction has already started\nexport async function startTransaction(\n  authClient: OktaAuth, \n  options: IdxOptions = {}\n): Promise<IdxTransaction> {\n  // Clear IDX response cache and saved transaction meta (if any)\n  authClient.transactionManager.clear();\n\n  return run(authClient, options);\n}\n"],"file":"startTransaction.js"}
+{"version":3,"sources":["../../../lib/idx/startTransaction.ts"],"names":["startTransaction","authClient","options","transactionManager","clear","exchangeCodeForTokens"],"mappings":";;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,gBAAf,CACLC,UADK,EAELC,OAAmB,GAAG,EAFjB,EAGoB;AACzB;AACAD,EAAAA,UAAU,CAACE,kBAAX,CAA8BC,KAA9B;AAEA,SAAO,cAAIH,UAAJ,EAAgB;AACrBI,IAAAA,qBAAqB,EAAE,KADF;AAErB,OAAGH;AAFkB,GAAhB,CAAP;AAID","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run, RunOptions } from './run';\nimport { OktaAuth, IdxTransaction } from '../types';\n\nexport async function startTransaction(\n  authClient: OktaAuth, \n  options: RunOptions = {}\n): Promise<IdxTransaction> {\n  // Clear IDX response cache and saved transaction meta (if any)\n  authClient.transactionManager.clear();\n\n  return run(authClient, {\n    exchangeCodeForTokens: false,\n    ...options\n  });\n}\n"],"file":"startTransaction.js"}

package/cjs/idx/transactionMeta.js

@@ -1,17 +1,21 @@
 "use strict";
 
 exports.createTransactionMeta = createTransactionMeta;
-exports.transactionMetaExist = transactionMetaExist;
+exports.hasSavedInteractionHandle = hasSavedInteractionHandle;
 exports.getSavedTransactionMeta = getSavedTransactionMeta;
 exports.getTransactionMeta = getTransactionMeta;
 exports.saveTransactionMeta = saveTransactionMeta;
 exports.clearTransactionMeta = clearTransactionMeta;
 exports.isTransactionMetaValid = isTransactionMetaValid;
+exports.isTransactionMetaValidForFlow = isTransactionMetaValidForFlow;
+exports.isTransactionMetaValidForOptions = isTransactionMetaValidForOptions;
 
 var _util = require("../util");
 
 var _oidc = require("../oidc");
 
+/* eslint-disable @typescript-eslint/no-non-null-assertion */
+
 /*!
  * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -24,83 +28,78 @@ var _oidc = require("../oidc");
  * See the License for the specific language governing permissions and limitations under the License.
  */
 // Calculate new values
-async function createTransactionMeta(authClient, options) {
+async function createTransactionMeta(authClient, options = {}) {
   const tokenParams = await authClient.token.prepareTokenParams(options);
-  const {
-    pkce,
-    clientId,
-    redirectUri,
-    responseType,
-    responseMode,
-    scopes,
-    state,
-    nonce,
-    ignoreSignature,
-    codeVerifier,
-    codeChallengeMethod,
-    codeChallenge
-  } = tokenParams;
-  const urls = (0, _oidc.getOAuthUrls)(authClient, tokenParams);
-  const flow = authClient.idx.getFlow() || 'default';
-  const issuer = authClient.options.issuer;
-  const meta = {
+  const pkceMeta = (0, _oidc.createOAuthMeta)(authClient, tokenParams);
+  let {
+    flow = 'default',
+    withCredentials = true,
+    activationToken = undefined,
+    recoveryToken = undefined
+  } = { ...authClient.options,
+    ...options
+  }; // local options override SDK options
+
+  const meta = { ...pkceMeta,
     flow,
-    issuer,
-    pkce,
-    clientId,
-    redirectUri,
-    responseType,
-    responseMode,
-    scopes,
-    state,
-    nonce,
-    urls,
-    ignoreSignature,
-    codeVerifier,
-    codeChallengeMethod,
-    codeChallenge
+    withCredentials,
+    activationToken,
+    recoveryToken
   };
   return meta;
 }
 
-function transactionMetaExist(authClient, options) {
-  if (authClient.transactionManager.exists(options)) {
-    const existing = authClient.transactionManager.load(options);
+function hasSavedInteractionHandle(authClient, options) {
+  const savedMeta = getSavedTransactionMeta(authClient, options);
 
-    if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {
-      return true;
-    }
+  if (savedMeta !== null && savedMeta !== void 0 && savedMeta.interactionHandle) {
+    return true;
   }
 
   return false;
-} // Returns the saved transaction meta, if it exists and is valid, or undefined
+} // Returns the saved transaction meta, if it exists and is valid
 
 
 function getSavedTransactionMeta(authClient, options) {
-  const state = (options === null || options === void 0 ? void 0 : options.state) || authClient.options.state;
-  const existing = authClient.transactionManager.load({
-    state
-  });
+  options = (0, _util.removeNils)(options);
+  options = { ...authClient.options,
+    ...options
+  }; // local options override SDK options
+
+  let savedMeta;
 
-  if (existing && isTransactionMetaValid(authClient, existing)) {
-    return existing;
+  try {
+    savedMeta = authClient.transactionManager.load(options);
+  } catch (e) {// ignore errors here
   }
+
+  if (!savedMeta) {
+    return;
+  }
+
+  if (isTransactionMetaValid(savedMeta, options)) {
+    return savedMeta;
+  } // existing meta is not valid for this configuration
+  // this is common when changing configuration in local development environment
+  // in a production environment, this may indicate that two apps are sharing a storage key
+
+
+  (0, _util.warn)('Saved transaction meta does not match the current configuration. ' + 'This may indicate that two apps are sharing a storage key.');
 }
 
 async function getTransactionMeta(authClient, options) {
+  options = (0, _util.removeNils)(options);
+  options = { ...authClient.options,
+    ...options
+  }; // local options override SDK options
   // Load existing transaction meta from storage
-  if (authClient.transactionManager.exists(options)) {
-    const validExistingMeta = getSavedTransactionMeta(authClient, options);
 
-    if (validExistingMeta) {
-      return validExistingMeta;
-    } // existing meta is not valid for this configuration
-    // this is common when changing configuration in local development environment
-    // in a production environment, this may indicate that two apps are sharing a storage key
+  const validExistingMeta = getSavedTransactionMeta(authClient, options);
 
+  if (validExistingMeta) {
+    return validExistingMeta;
+  } // No existing? Create new transaction meta.
 
-    (0, _util.warn)('Saved transaction meta does not match the current configuration. ' + 'This may indicate that two apps are sharing a storage key.');
-  }
 
   return createTransactionMeta(authClient, options);
 }
@@ -113,29 +112,30 @@ function saveTransactionMeta(authClient, meta) {
 
 function clearTransactionMeta(authClient) {
   authClient.transactionManager.clear();
-} // returns true if values in meta match current authClient options
-// eslint-disable-next-line complexity
-
+}
 
-function isTransactionMetaValid(authClient, meta) {
-  // First validate against required config
-  const keys = ['issuer', 'clientId', 'redirectUri'];
+function isTransactionMetaValid(meta, options = {}) {
+  // Validate against certain options. If these exist in options, they must match in meta
+  const keys = ['issuer', 'clientId', 'redirectUri', 'state', 'codeChallenge', 'codeChallengeMethod', 'activationToken', 'recoveryToken'];
 
-  if (keys.some(key => authClient.options[key] !== meta[key])) {
+  if (isTransactionMetaValidForOptions(meta, options, keys) === false) {
     return false;
-  } // Validate optional config
+  } // Validate configured flow
 
 
   const {
-    flow,
-    state
-  } = authClient.options; // If state is specified, it must match meta to be valid
+    flow
+  } = options;
 
-  if (state && state !== meta.state) {
+  if (isTransactionMetaValidForFlow(meta, flow) === false) {
     return false;
-  } // Specific flows should not share transaction data
+  }
 
+  return true;
+}
 
+function isTransactionMetaValidForFlow(meta, flow) {
+  // Specific flows should not share transaction data
   const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';
 
   if (shouldValidateFlow) {
@@ -147,4 +147,17 @@ function isTransactionMetaValid(authClient, meta) {
 
   return true;
 }
+
+function isTransactionMetaValidForOptions(meta, options, keys) {
+  // returns false if values in meta do not match options
+  // if the option does not have a value for a specific key, it is ignored
+  const mismatch = keys.some(key => {
+    const value = options[key];
+
+    if (value && value !== meta[key]) {
+      return true;
+    }
+  });
+  return !mismatch;
+}
 //# sourceMappingURL=transactionMeta.js.map

package/cjs/idx/transactionMeta.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","options","tokenParams","token","prepareTokenParams","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","codeVerifier","codeChallengeMethod","codeChallenge","urls","flow","idx","getFlow","issuer","meta","transactionMetaExist","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getSavedTransactionMeta","getTransactionMeta","validExistingMeta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","some","key","shouldValidateFlow"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,qBAAf,CAAqCC,UAArC,EAA2DC,OAA3D,EAA6F;AAClG,QAAMC,WAAW,GAAG,MAAMF,UAAU,CAACG,KAAX,CAAiBC,kBAAjB,CAAoCH,OAApC,CAA1B;AACA,QAAM;AACJI,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA,KARI;AASJC,IAAAA,eATI;AAUJC,IAAAA,YAVI;AAWJC,IAAAA,mBAXI;AAYJC,IAAAA;AAZI,MAaFd,WAbJ;AAcA,QAAMe,IAAI,GAAG,wBAAajB,UAAb,EAAyBE,WAAzB,CAAb;AACA,QAAMgB,IAAI,GAAGlB,UAAU,CAACmB,GAAX,CAAeC,OAAf,MAA4B,SAAzC;AACA,QAAMC,MAAM,GAAGrB,UAAU,CAACC,OAAX,CAAmBoB,MAAlC;AACA,QAAMC,IAAI,GAAG;AACXJ,IAAAA,IADW;AAEXG,IAAAA,MAFW;AAGXhB,IAAAA,IAHW;AAIXC,IAAAA,QAJW;AAKXC,IAAAA,WALW;AAMXC,IAAAA,YANW;AAOXC,IAAAA,YAPW;AAQXC,IAAAA,MARW;AASXC,IAAAA,KATW;AAUXC,IAAAA,KAVW;AAWXK,IAAAA,IAXW;AAYXJ,IAAAA,eAZW;AAaXC,IAAAA,YAbW;AAcXC,IAAAA,mBAdW;AAeXC,IAAAA;AAfW,GAAb;AAiBA,SAAOM,IAAP;AACD;;AAEM,SAASC,oBAAT,CAA8BvB,UAA9B,EAAoDC,OAApD,EAA+F;AACpG,MAAID,UAAU,CAACwB,kBAAX,CAA8BC,MAA9B,CAAqCxB,OAArC,CAAJ,EAAmD;AACjD,UAAMyB,QAAQ,GAAG1B,UAAU,CAACwB,kBAAX,CAA8BG,IAA9B,CAAmC1B,OAAnC,CAAjB;;AACA,QAAI2B,sBAAsB,CAAC5B,UAAD,EAAa0B,QAAb,CAAtB,IAAgDA,QAAQ,CAACG,iBAA7D,EAAgF;AAC9E,aAAO,IAAP;AACD;AACF;;AACD,SAAO,KAAP;AACD,C,CAED;;;AACO,SAASC,uBAAT,CAAiC9B,UAAjC,EAAuDC,OAAvD,EAA6G;AAClH,QAAMU,KAAK,GAAG,CAAAV,OAAO,SAAP,IAAAA,OAAO,WAAP,YAAAA,OAAO,CAAEU,KAAT,KAAkBX,UAAU,CAACC,OAAX,CAAmBU,KAAnD;AACA,QAAMe,QAAQ,GAAG1B,UAAU,CAACwB,kBAAX,CAA8BG,IAA9B,CAAmC;AAAEhB,IAAAA;AAAF,GAAnC,CAAjB;;AACA,MAAIe,QAAQ,IAAIE,sBAAsB,CAAC5B,UAAD,EAAa0B,QAAb,CAAtC,EAA8D;AAC5D,WAAOA,QAAP;AACD;AACF;;AAEM,eAAeK,kBAAf,CACL/B,UADK,EAELC,OAFK,EAGwB;AAC7B;AACA,MAAID,UAAU,CAACwB,kBAAX,CAA8BC,MAA9B,CAAqCxB,OAArC,CAAJ,EAAmD;AACjD,UAAM+B,iBAAiB,GAAGF,uBAAuB,CAAC9B,UAAD,EAAaC,OAAb,CAAjD;;AACA,QAAI+B,iBAAJ,EAAuB;AACrB,aAAOA,iBAAP;AACD,KAJgD,CAKjD;AACA;AACA;;;AACA,oBAAK,sEACH,4DADF;AAED;;AAED,SAAOjC,qBAAqB,CAACC,UAAD,EAAaC,OAAb,CAA5B;AACD;;AAEM,SAASgC,mBAAT,CAA8BjC,UAA9B,EAAoDsB,IAApD,EAA0D;AAC/DtB,EAAAA,UAAU,CAACwB,kBAAX,CAA8BU,IAA9B,CAAmCZ,IAAnC,EAAyC;AAAEa,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;;AAEM,SAASC,oBAAT,CAA+BpC,UAA/B,EAAqD;AAC1DA,EAAAA,UAAU,CAACwB,kBAAX,CAA8Ba,KAA9B;AACD,C,CAED;AACA;;;AACO,SAAST,sBAAT,CAAiC5B,UAAjC,EAAuDsB,IAAvD,EAA6D;AAClE;AACA,QAAMgB,IAAI,GAAG,CAAC,QAAD,EAAW,UAAX,EAAuB,aAAvB,CAAb;;AACA,MAAIA,IAAI,CAACC,IAAL,CAAUC,GAAG,IAAIxC,UAAU,CAACC,OAAX,CAAmBuC,GAAnB,MAA4BlB,IAAI,CAACkB,GAAD,CAAjD,CAAJ,EAA6D;AAC3D,WAAO,KAAP;AACD,GALiE,CAOlE;;;AACA,QAAM;AAAEtB,IAAAA,IAAF;AAAQP,IAAAA;AAAR,MAAkBX,UAAU,CAACC,OAAnC,CARkE,CAUlE;;AACA,MAAIU,KAAK,IAAIA,KAAK,KAAKW,IAAI,CAACX,KAA5B,EAAmC;AACjC,WAAO,KAAP;AACD,GAbiE,CAelE;;;AACA,QAAM8B,kBAAkB,GAAGvB,IAAI,IAAIA,IAAI,KAAK,SAAjB,IAA8BA,IAAI,KAAK,SAAlE;;AACA,MAAIuB,kBAAJ,EAAwB;AACtB,QAAIvB,IAAI,KAAKI,IAAI,CAACJ,IAAlB,EAAwB;AACtB;AACA,aAAO,KAAP;AACD;AACF;;AAED,SAAO,IAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta, TransactionMetaOptions } from '../types';\nimport { warn } from '../util';\nimport { getOAuthUrls } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(authClient: OktaAuth, options?: TransactionMetaOptions) {\n  const tokenParams = await authClient.token.prepareTokenParams(options);\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    nonce,\n    ignoreSignature,\n    codeVerifier,\n    codeChallengeMethod,\n    codeChallenge,\n  } = tokenParams;\n  const urls = getOAuthUrls(authClient, tokenParams);\n  const flow = authClient.idx.getFlow() || 'default';\n  const issuer = authClient.options.issuer;\n  const meta = {\n    flow,\n    issuer,\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    nonce,\n    urls,\n    ignoreSignature,\n    codeVerifier,\n    codeChallengeMethod,\n    codeChallenge \n  };\n  return meta;\n}\n\nexport function transactionMetaExist(authClient: OktaAuth, options?: TransactionMetaOptions): boolean {\n  if (authClient.transactionManager.exists(options)) {\n    const existing = authClient.transactionManager.load(options) as IdxTransactionMeta;\n    if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {\n      return true;\n    }\n  }\n  return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid, or undefined\nexport function getSavedTransactionMeta(authClient: OktaAuth, options?: TransactionMetaOptions): IdxTransactionMeta {\n  const state = options?.state || authClient.options.state;\n  const existing = authClient.transactionManager.load({ state }) as IdxTransactionMeta;\n  if (existing && isTransactionMetaValid(authClient, existing)) {\n    return existing;\n  }\n}\n\nexport async function getTransactionMeta(\n  authClient: OktaAuth,\n  options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n  // Load existing transaction meta from storage\n  if (authClient.transactionManager.exists(options)) {\n    const validExistingMeta = getSavedTransactionMeta(authClient, options);\n    if (validExistingMeta) {\n      return validExistingMeta;\n    }\n    // existing meta is not valid for this configuration\n    // this is common when changing configuration in local development environment\n    // in a production environment, this may indicate that two apps are sharing a storage key\n    warn('Saved transaction meta does not match the current configuration. ' + \n      'This may indicate that two apps are sharing a storage key.');\n  }\n\n  return createTransactionMeta(authClient, options);\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta) {\n  authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth) {\n  authClient.transactionManager.clear();\n}\n\n// returns true if values in meta match current authClient options\n// eslint-disable-next-line complexity\nexport function isTransactionMetaValid (authClient: OktaAuth, meta) {\n  // First validate against required config\n  const keys = ['issuer', 'clientId', 'redirectUri'];\n  if (keys.some(key => authClient.options[key] !== meta[key])) {\n    return false;\n  }\n\n  // Validate optional config\n  const { flow, state } = authClient.options;\n  \n  // If state is specified, it must match meta to be valid\n  if (state && state !== meta.state) {\n    return false;\n  }\n\n  // Specific flows should not share transaction data\n  const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';\n  if (shouldValidateFlow) {\n    if (flow !== meta.flow) {\n      // The flow has changed; abandon the old transaction\n      return false;\n    }\n  }\n\n  return true;\n}\n"],"file":"transactionMeta.js"}
+{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","options","tokenParams","token","prepareTokenParams","pkceMeta","flow","withCredentials","activationToken","undefined","recoveryToken","meta","hasSavedInteractionHandle","savedMeta","getSavedTransactionMeta","interactionHandle","transactionManager","load","e","isTransactionMetaValid","getTransactionMeta","validExistingMeta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","isTransactionMetaValidForOptions","isTransactionMetaValidForFlow","shouldValidateFlow","mismatch","some","key","value"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,qBAAf,CACLC,UADK,EAELC,OAA+B,GAAG,EAF7B,EAGwB;AAC7B,QAAMC,WAAW,GAAG,MAAMF,UAAU,CAACG,KAAX,CAAiBC,kBAAjB,CAAoCH,OAApC,CAA1B;AACA,QAAMI,QAAQ,GAAG,2BAAgBL,UAAhB,EAA4BE,WAA5B,CAAjB;AACA,MAAI;AACFI,IAAAA,IAAI,GAAG,SADL;AAEFC,IAAAA,eAAe,GAAG,IAFhB;AAGFC,IAAAA,eAAe,GAAGC,SAHhB;AAIFC,IAAAA,aAAa,GAAGD;AAJd,MAKA,EAAE,GAAGT,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GALJ,CAH6B,CAQc;;AAE3C,QAAMU,IAAwB,GAAG,EAC/B,GAAGN,QAD4B;AAE/BC,IAAAA,IAF+B;AAG/BC,IAAAA,eAH+B;AAI/BC,IAAAA,eAJ+B;AAK/BE,IAAAA;AAL+B,GAAjC;AAOA,SAAOC,IAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCZ,UAAnC,EAAyDC,OAAzD,EAAoG;AACzG,QAAMY,SAAS,GAAGC,uBAAuB,CAACd,UAAD,EAAaC,OAAb,CAAzC;;AACA,MAAIY,SAAJ,aAAIA,SAAJ,eAAIA,SAAS,CAAEE,iBAAf,EAAkC;AAChC,WAAO,IAAP;AACD;;AACD,SAAO,KAAP;AACD,C,CAED;;;AACO,SAASD,uBAAT,CACLd,UADK,EAELC,OAFK,EAG2B;AAChCA,EAAAA,OAAO,GAAG,sBAAWA,OAAX,CAAV;AACAA,EAAAA,OAAO,GAAG,EAAE,GAAGD,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GAAV,CAFgC,CAEiB;;AACjD,MAAIY,SAAJ;;AACA,MAAI;AACFA,IAAAA,SAAS,GAAGb,UAAU,CAACgB,kBAAX,CAA8BC,IAA9B,CAAmChB,OAAnC,CAAZ;AACD,GAFD,CAEE,OAAOiB,CAAP,EAAU,CACV;AACD;;AAED,MAAI,CAACL,SAAL,EAAgB;AACd;AACD;;AAED,MAAIM,sBAAsB,CAACN,SAAD,EAAYZ,OAAZ,CAA1B,EAAgD;AAC9C,WAAOY,SAAP;AACD,GAhB+B,CAkBhC;AACA;AACA;;;AACA,kBAAK,sEACH,4DADF;AAGD;;AAEM,eAAeO,kBAAf,CACLpB,UADK,EAELC,OAFK,EAGwB;AAC7BA,EAAAA,OAAO,GAAG,sBAAWA,OAAX,CAAV;AACAA,EAAAA,OAAO,GAAG,EAAE,GAAGD,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GAAV,CAF6B,CAEoB;AACjD;;AACA,QAAMoB,iBAAiB,GAAGP,uBAAuB,CAACd,UAAD,EAAaC,OAAb,CAAjD;;AACA,MAAIoB,iBAAJ,EAAuB;AACrB,WAAOA,iBAAP;AACD,GAP4B,CAQ7B;;;AACA,SAAOtB,qBAAqB,CAACC,UAAD,EAAaC,OAAb,CAA5B;AACD;;AAEM,SAASqB,mBAAT,CAA8BtB,UAA9B,EAAoDW,IAApD,EAAgE;AACrEX,EAAAA,UAAU,CAACgB,kBAAX,CAA8BO,IAA9B,CAAmCZ,IAAnC,EAAyC;AAAEa,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;;AAEM,SAASC,oBAAT,CAA+BzB,UAA/B,EAA2D;AAChEA,EAAAA,UAAU,CAACgB,kBAAX,CAA8BU,KAA9B;AACD;;AAEM,SAASP,sBAAT,CAAiCR,IAAjC,EAAuCV,OAA+B,GAAI,EAA1E,EAAuF;AAC5F;AACA,QAAM0B,IAAI,GAAG,CACX,QADW,EAEX,UAFW,EAGX,aAHW,EAIX,OAJW,EAKX,eALW,EAMX,qBANW,EAOX,iBAPW,EAQX,eARW,CAAb;;AAUA,MAAIC,gCAAgC,CAACjB,IAAD,EAAOV,OAAP,EAAgB0B,IAAhB,CAAhC,KAA0D,KAA9D,EAAqE;AACnE,WAAO,KAAP;AACD,GAd2F,CAgB5F;;;AACA,QAAM;AAAErB,IAAAA;AAAF,MAAWL,OAAjB;;AACA,MAAI4B,6BAA6B,CAAClB,IAAD,EAAOL,IAAP,CAA7B,KAA8C,KAAlD,EAAyD;AACvD,WAAO,KAAP;AACD;;AAED,SAAO,IAAP;AACD;;AAEM,SAASuB,6BAAT,CAAuClB,IAAvC,EAA6CL,IAA7C,EAAmD;AACxD;AACA,QAAMwB,kBAAkB,GAAGxB,IAAI,IAAIA,IAAI,KAAK,SAAjB,IAA8BA,IAAI,KAAK,SAAlE;;AACA,MAAIwB,kBAAJ,EAAwB;AACtB,QAAIxB,IAAI,KAAKK,IAAI,CAACL,IAAlB,EAAwB;AACtB;AACA,aAAO,KAAP;AACD;AACF;;AACD,SAAO,IAAP;AACD;;AAEM,SAASsB,gCAAT,CAA0CjB,IAA1C,EAAgDV,OAAhD,EAAyD0B,IAAzD,EAA+D;AACpE;AACA;AACA,QAAMI,QAAQ,GAAGJ,IAAI,CAACK,IAAL,CAAUC,GAAG,IAAI;AAChC,UAAMC,KAAK,GAAGjC,OAAO,CAACgC,GAAD,CAArB;;AACA,QAAIC,KAAK,IAAIA,KAAK,KAAKvB,IAAI,CAACsB,GAAD,CAA3B,EAAkC;AAChC,aAAO,IAAP;AACD;AACF,GALgB,CAAjB;AAMA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta, TransactionMetaOptions, PKCETransactionMeta } from '../types';\nimport { removeNils, warn } from '../util';\nimport { createOAuthMeta } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(\n  authClient: OktaAuth,\n  options: TransactionMetaOptions = {}\n): Promise<IdxTransactionMeta> {\n  const tokenParams = await authClient.token.prepareTokenParams(options);\n  const pkceMeta = createOAuthMeta(authClient, tokenParams) as PKCETransactionMeta;\n  let {\n    flow = 'default',\n    withCredentials = true,\n    activationToken = undefined,\n    recoveryToken = undefined,\n  } = { ...authClient.options, ...options }; // local options override SDK options\n\n  const meta: IdxTransactionMeta = {\n    ...pkceMeta,\n    flow,\n    withCredentials,\n    activationToken,\n    recoveryToken,\n  };\n  return meta;\n}\n\nexport function hasSavedInteractionHandle(authClient: OktaAuth, options?: TransactionMetaOptions): boolean {\n  const savedMeta = getSavedTransactionMeta(authClient, options);\n  if (savedMeta?.interactionHandle) {\n    return true;\n  }\n  return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid\nexport function getSavedTransactionMeta(\n  authClient: OktaAuth,\n  options?: TransactionMetaOptions\n): IdxTransactionMeta | undefined {\n  options = removeNils(options);\n  options = { ...authClient.options, ...options }; // local options override SDK options\n  let savedMeta;\n  try {\n    savedMeta = authClient.transactionManager.load(options) as IdxTransactionMeta;\n  } catch (e) {\n    // ignore errors here\n  }\n\n  if (!savedMeta) {\n    return;\n  }\n\n  if (isTransactionMetaValid(savedMeta, options)) {\n    return savedMeta;\n  }\n\n  // existing meta is not valid for this configuration\n  // this is common when changing configuration in local development environment\n  // in a production environment, this may indicate that two apps are sharing a storage key\n  warn('Saved transaction meta does not match the current configuration. ' + \n    'This may indicate that two apps are sharing a storage key.');\n\n}\n\nexport async function getTransactionMeta(\n  authClient: OktaAuth,\n  options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n  options = removeNils(options);\n  options = { ...authClient.options, ...options }; // local options override SDK options\n  // Load existing transaction meta from storage\n  const validExistingMeta = getSavedTransactionMeta(authClient, options);\n  if (validExistingMeta) {\n    return validExistingMeta;\n  }\n  // No existing? Create new transaction meta.\n  return createTransactionMeta(authClient, options);\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta): void {\n  authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth): void {\n  authClient.transactionManager.clear();\n}\n\nexport function isTransactionMetaValid (meta, options: TransactionMetaOptions  = {}): boolean {\n  // Validate against certain options. If these exist in options, they must match in meta\n  const keys = [\n    'issuer',\n    'clientId',\n    'redirectUri',\n    'state',\n    'codeChallenge',\n    'codeChallengeMethod',\n    'activationToken',\n    'recoveryToken'\n  ];\n  if (isTransactionMetaValidForOptions(meta, options, keys) === false) {\n    return false;\n  }\n\n  // Validate configured flow\n  const { flow } = options;\n  if (isTransactionMetaValidForFlow(meta, flow) === false) {\n    return false;\n  }\n\n  return true;\n}\n\nexport function isTransactionMetaValidForFlow(meta, flow) {\n  // Specific flows should not share transaction data\n  const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';\n  if (shouldValidateFlow) {\n    if (flow !== meta.flow) {\n      // The flow has changed; abandon the old transaction\n      return false;\n    }\n  }\n  return true;\n}\n\nexport function isTransactionMetaValidForOptions(meta, options, keys) {\n  // returns false if values in meta do not match options\n  // if the option does not have a value for a specific key, it is ignored\n  const mismatch = keys.some(key => {\n    const value = options[key];\n    if (value && value !== meta[key]) {\n      return true;\n    }\n  });\n  return !mismatch;\n}\n"],"file":"transactionMeta.js"}