@okta/okta-auth-js 5.11.0 → 6.2.0

package/CHANGELOG.md

@@ -1,5 +1,79 @@
 # Changelog
 
+## 6.2.0
+
+### Features
+
+- [#1113](https://github.com/okta/okta-auth-js/pull/1113) Updates types for `SigninWithCredentialsOptions` and `SignInOptions` to support `SP Initiated Auth`
+- [#1125](https://github.com/okta/okta-auth-js/pull/1125) IDX - Supports auto select methodType (when only one selection is available) for `authenticator-verification-data` remediation
+- [#1114](https://github.com/okta/okta-auth-js/pull/1114) Exposes ESM node bundle
+
+### Fixes
+
+- [#1114](https://github.com/okta/okta-auth-js/pull/1114) Fixes ESM browser bundle issue by only using ESM `import` syntax
+
+### Fixes
+
+- [#1130](https://github.com/okta/okta-auth-js/pull/1130) `state` now stored in session during verifyEmail flow
+
+### Other
+
+- [#1124](https://github.com/okta/okta-auth-js/pull/1124)
+  - Adds multi-tab "leadership" election to prevent all tabs from renewing tokens at the same time
+  - Adds granular configurations for `autoRenew` (active vs passive)
+  - Adds options to `isAuthenticated` to override client configuration
+  - Fixes issue in token renew logic within `isAuthenticated`, tokens are now read from `tokenManager` (not memory) before expiration is checked
+
+## 6.1.0
+
+### Features
+
+- [#1036](https://github.com/okta/okta-auth-js/pull/1036) Adds `webauthn` authenticator support in idx module
+- [#1075](https://github.com/okta/okta-auth-js/pull/1075) Adds top level `invokeApiMethod` method as an escape hatch to make arbitrary OKTA API request
+- [#1093](https://github.com/okta/okta-auth-js/pull/1093) Allows passing device context headers (`X-Forwarded-For`, `User-Agent`, `X-Okta-User-Agent-Extended` and `X-Device-Token`) to `idx.interact`. Follow [setHeaders](README.md#setheaders) section to add headers to http requests.
+
+### Fixes
+
+- [#1071](https://github.com/okta/okta-auth-js/pull/1071) TypeScript: Adds fields for `Input` type in NextStep object
+- [#1094](https://github.com/okta/okta-auth-js/pull/1094) TypeScript: Fixes `SigninOptions.context` type
+- [#1092](https://github.com/okta/okta-auth-js/pull/1092) Call `updateAuthState` when `handleLoginRedirect` fails
+
+### Other
+
+- [#1073](https://github.com/okta/okta-auth-js/pull/1103) Upgrades `cross-fetch` to resolve security vulnerability
+
+## 6.0.0
+
+### Breaking Changes
+
+- [#1003](https://github.com/okta/okta-auth-js/pull/1003) Supports generic UserClaims type. Custom claims should be extended by typescript generics, like `UserClaims<{ groups: string[]; }>`
+- [#1050](https://github.com/okta/okta-auth-js/pull/1050) Removes `userAgent` field from oktaAuth instance
+- [#1014](https://github.com/okta/okta-auth-js/pull/1014) Shared transaction storage is automatically cleared on success and error states. Storage is not cleared for "terminal" state which is neither success nor error.
+- [#1051](https://github.com/okta/okta-auth-js/pull/1051) Removes `useMultipleCookies` from CookieStorage options
+- [#1059](https://github.com/okta/okta-auth-js/pull/1059)
+  - Removes signOut option `clearTokensAfterRedirect`
+  - Adds signOut option `clearTokensBeforeRedirect` (default: `false`) to remove local tokens before logout redirect happen
+- [#1057](https://github.com/okta/okta-auth-js/pull/1057) Strict checks are now enabled in the Typescript compiler options. Some type signatures have been changed to match current behavior.
+- [#1062](https://github.com/okta/okta-auth-js/pull/1062)
+  - Authn method `introspect` is renamed to `introspectAuthn` (still callable as `tx.introspect`)
+  - `IdxFeature` enum is now defined as strings instead of numbers
+
+### Features
+
+- [#1014](https://github.com/okta/okta-auth-js/pull/1014) Updates IDX API to support email verify and recovery/activation
+  - adds new configuration options `recoveryToken` and `activationToken`
+  - email verify callback:
+    - adds support for passing `otp` to idx pipeline
+    - updates samples to display error message with OTP code
+  - idx methods support new options:
+    - `exchangeCodeForTokens`. If false, `interactionCode` will be returned on the transaction at the end of the flow instead of `tokens`.
+    - `autoRemediate`. If false, there will be no attempt to satisfy remediations even if values have been passed.
+  - TransactionManager supports new option:
+    - `saveLastResponse`. If false, IDX responses will not be cached.
+- [#1062](https://github.com/okta/okta-auth-js/pull/1062)
+  - All IDX methods are exported.
+  - `useInteractionCodeFlow` defaults to `true` for sample and test apps.
+
 ## 5.11.0
 
 - [#1064](https://github.com/okta/okta-auth-js/pull/1064) Supports skip authenticator in idx authentication flow

package/README.md

@@ -37,12 +37,13 @@ This library uses semantic versioning and follows Okta's [library version policy
 
 ## Release Status
 
-:heavy_check_mark: The current stable major version series is: `5.x`
+:heavy_check_mark: The current stable major version series is: `6.x`
 
 | Version   | Status                           |
 | -------   | -------------------------------- |
-| `5.x`     | :heavy_check_mark: Stable        |
-| `4.x`     | :warning: Retiring on 2022-01-30 |
+| `6.x`     | :heavy_check_mark: Stable        |
+| `5.x`     | :warning: Retiring on 2022-10-31 |
+| `4.x`     | :x: Retired                      |
 | `3.x`     | :x: Retired                      |
 | `2.x`     | :x: Retired                      |
 | `1.x`     | :x: Retired                      |
@@ -57,7 +58,7 @@ If you run into problems using the SDK, you can:
 * Ask questions on the [Okta Developer Forums][devforum]
 * Post [issues][github-issues] here on GitHub (for code errors)
 
-Users migrating from version 4.x of this SDK should see [Migrating from 4.x](#migrating-from-previous-versions) to learn what changes are necessary.
+Users migrating from previous versions of this SDK should see [Migrating Guide](#migrating-from-previous-versions) to learn what changes are necessary.
 
 ### Browser compatibility / polyfill
 
@@ -233,7 +234,7 @@ var authClient = new OktaAuth(config);
 
 ### Running as a service
 
-By default, creating a new instance of `OktaAuth` will not create any asynchronous side-effects. However, certain features such as [token auto renew](#autorenew), [token auto remove](#autoremove) and [cross-tab synchronization](#syncstorage) require `OktaAuth` to be running as a service. This means timeouts are set in the background which will continue working until the service is stopped.  To start the `OktaAuth` service, simply call the `start` method. To terminate all background processes, call `stop`.
+By default, creating a new instance of `OktaAuth` will not create any asynchronous side-effects. However, certain features such as [token auto renew](#autorenew), [token auto remove](#autoremove) and [cross-tab synchronization](#syncstorage) require `OktaAuth` to be running as a service. This means timeouts are set in the background which will continue working until the service is stopped.  To start the `OktaAuth` service, simply call the `start` method. To terminate all background processes, call `stop`. See [Service Configuration](#services) for more info.
 
 ```javascript
   var authClient = new OktaAuth(config);
@@ -573,7 +574,6 @@ var config = {
         'sessionStorage',
         'cookie'
       ],
-      useMultipleCookies: true // puts each token in its own cookie
     },
     cache: {
       storageTypes: [
@@ -697,18 +697,13 @@ var config = {
 ```
 
 ##### `autoRenew`
+> :warning: Moved to [TokenService](#tokenservice). For backwards compatibility will set `services.tokenService.autoRenew`
 
-> :gear: Requires a [running service](#running-as-a-service)
-
-By default, the `tokenManager` will attempt to renew tokens before they expire. If you wish to manually control token renewal, set `autoRenew` to false to disable this feature. You can listen to [`expired`](#tokenmanageronevent-callback-context) events to know when the token has expired.
+##### `expireEarlySeconds`
 
-```javascript
-tokenManager: {
-  autoRenew: false
-}
-```
+> :warning: DEV ONLY
 
-Renewing tokens slightly early helps ensure a stable user experience. By default, the `expired` event will fire 30 seconds before actual expiration time. If `autoRenew` is set to true, tokens will be renewed within 30 seconds of expiration. You can customize this value by setting the `expireEarlySeconds` option. The value should be large enough to account for network latency and clock drift between the client and Okta's servers.
+To facilitate a more stable user experience, tokens are considered expired 30 seconds before actual expiration time. You can customize this value by setting the `expireEarlySeconds` option. The value should be large enough to account for network latency and clock drift between the client and Okta's servers.
 
 **NOTE** `expireEarlySeconds` option is only allowed in the **DEV** environment (localhost). It will be reset to 30 seconds when running in environments other than **DEV**.
 
@@ -720,23 +715,17 @@ tokenManager: {
 }
 ```
 
-###### `autoRemove`
-
-> :gear: Requires a [running service](#running-as-a-service)
-
-By default, the library will attempt to remove expired tokens during initialization when `autoRenew` is off. If you wish to  to disable auto removal of tokens, set autoRemove to false.
+##### `autoRemove`
+> :warning: Moved to [TokenService](#tokenservice). For backwards compatibility will set `services.tokenService.autoRenew`
 
 ##### `syncStorage`
+> :warning: Moved to [SyncStorageService](#syncstorageservice). For backwards compatibility will set `services.syncStorageService.enable`
 
-> :gear: Requires a [running service](#running-as-a-service)
-
-Automatically syncs tokens across browser tabs when token storage is `localStorage`. To disable this behavior, set `syncStorage` to false.
-
-###### `storageKey`
+##### `storageKey`
 
 By default all tokens will be stored under the key `okta-token-storage`. You may want to change this if you have multiple apps running on a single domain which share the same storage type. Giving each app a unique storage key will prevent them from reading or writing each other's token values.
 
-###### `storage`
+##### `storage`
 
 Specify the [storage type](#storagetype) for tokens. This will override any value set for the `token` section in the [storageManager](#storagemanager) configuration. By default, [localStorage][] will be used. This will fall back to [sessionStorage][] or [cookie][] if the previous type is not available. You may pass an object or a string. If passing an object, it should meet the requirements of a [custom storage provider](#storage). Pass a string to specify one of the built-in storage types:
 
@@ -805,6 +794,39 @@ Defaults to `none` if the `secure` option is `true`, or `lax` if the `secure` op
 
 Defaults to `true`, set this option to false if you want to opt-out of the default clearing pendingRemove tokens behaviour when `tokenManager.start()` is called.
 
+### `services`
+> :gear: Requires a [running service](#running-as-a-service)
+The following configurations require `OktaAuth` to be running as a service. See [running service](#running-as-a-service) for more info.
+
+Default configuration:
+```javascript
+services: {
+  autoRenew: true,
+  autoRemove: true,
+  syncStorage: true,
+}
+```
+
+#### `autoRenew`
+When `true`, the library will attempt to renew tokens before they expire. If you wish to manually control token renewal, set `autoRenew` to `false` to disable this feature. You can listen to [`expired`](#tokenmanageronevent-callback-context) events to know when the token has expired.
+
+> **NOTE** tokens are considered `expired` slightly before their actual expiration time. For more info, see [expireEarlySeconds](#expireearlyseconds).
+
+In version `6.X`, the `autoRenew` configuration was set in `config.tokenManager`. To maintain backwards compatibility, this configuration is still respected but with a slight caveat. `tokenManager.autoRenew` configures 2 token auto renew strategies, `active` and `passive`.
+*  `active` - Network requests are made in the background in an attempt to refresh tokens before they are truly expired to maintain a seamless UX.
+    > :warning: this can cause an unintended side effect where the session never expires because it is constantly being refreshed (extended) before the actual expiration time
+*  `passive` - Token refresh attempts are only made when `oktaAuth.isAuthenticated` is called and the current tokens are determined to be expired.
+
+When `tokenManager.autoRenew` is `true` both renew strategies are enabled. To disable the `active` strategy, set `tokenManager.autoRenew` to `true` and `services.autoRenew` to `false`. To disable both renew strategies set either `tokenManager.autoRenew` or `services.autoRenew` to `false`
+
+#### `autoRemove`
+By default, the library will attempt to remove expired tokens when `autoRenew` is `false`. If you wish to disable auto removal of tokens, set `autoRemove` to `false`.
+
+#### `syncStorage`
+Automatically syncs tokens across browser tabs when token storage is `localStorage`. To disable this behavior, set `syncStorage` to false.
+
+This is accomplished by selecting a single tab to handle the network requests to refresh the tokens and broadcasting to the other tabs. This is done to avoid all tabs sending refresh requests simultaneously, which can cause rate limiting/throttling issues.
+
 ## API Reference
 <!-- no toc -->
 * [start](#start)
@@ -821,7 +843,7 @@ Defaults to `true`, set this option to false if you want to opt-out of the defau
 * [verifyRecoveryToken](#verifyrecoverytokenoptions)
 * [webfinger](#webfingeroptions)
 * [fingerprint](#fingerprintoptions)
-* [isAuthenticated](#isauthenticatedtimeout)
+* [isAuthenticated](#isauthenticatedoptions)
 * [getUser](#getuser)
 * [getIdToken](#getidtoken)
 * [getAccessToken](#getaccesstoken)
@@ -929,7 +951,7 @@ Signs the user out of their current [Okta session](https://developer.okta.com/do
 * `postLogoutRedirectUri` - Setting a value will override the `postLogoutRedirectUri` configured on the SDK.
 * `state` - An optional value, used along with `postLogoutRedirectUri`. If set, this value will be returned as a query parameter during the redirect to the `postLogoutRedirectUri`
 * `idToken` - Specifies the ID token object. By default, `signOut` will look for a token object named `idToken` within the `TokenManager`. If you have stored the id token object in a different location, you should retrieve it first and then pass it here.
-* `clearTokensAfterRedirect` - If `true` (default: `false`) a flag (`pendingRemove`) will be added to local tokens instead of clearing them immediately. Calling `oktaAuth.start()` after logout redirect will clear local tokens if flags are found. This option can be used when work with `SecureRoute` component from Okta's downstream client SDKs to guarantee the local tokens can only be cleared after the Okta SSO session is fully killed.
+* `clearTokensBeforeRedirect` - If `true` (default: `false`) local tokens will be removed before the logout redirect happens. Otherwise a flag (`pendingRemove`) will be added to each local token instead of clearing them immediately. Calling `oktaAuth.start()` after logout redirect will clear local tokens if flags are found. **Use this option with care**: removing local tokens before fully terminating the Okta SSO session can result in logging back in again when using [`@okta/okta-react`](https://www.npmjs.com/package/@okta/okta-react)'s [`SecureRoute`](https://github.com/okta/okta-react#secureroute) component.
 * `revokeAccessToken` - If `false` (default: `true`) the access token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application.
 * `revokeRefreshToken` - If `false` (default: `true`) the refresh token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application.  Revoking a refresh token will revoke any access tokens minted by it, even if `revokeAccessToken` is `false`.
 * `accessToken` - Specifies the access token object. By default, `signOut` will look for a token object named `accessToken` within the `TokenManager`. If you have stored the access token object in a different location, you should retrieve it first and then pass it here. This options is ignored if the `revokeAccessToken` option is `false`.
@@ -1052,12 +1074,20 @@ authClient.fingerprint()
 })
 ```
 
-### `isAuthenticated(timeout?)`
+### `isAuthenticated(options?)`
 
 > :hourglass: async
 
 Resolves with `authState.isAuthenticated` from non-pending [authState](#authstatemanager).
 
+`options`
+*  `expiredTokenBehavior`: `'renew'` (default) | `'remove'` | `'none'`
+  * `'renew'` - attempt to renew token before `Promise` resolves
+  * `'remove'` - removes token
+  * `'none'` - neither renews or removes expired token
+
+> NOTE: `tokenManager.autoRenew` and `tokenManager.autoRemove` determine the default value for `expiredTokenBehavior`
+
 ### `getUser()`
 
 > :hourglass: async
@@ -1838,6 +1868,10 @@ We have implemented a small SPA app, located at `./test/app/` which is used inte
 
 The [CHANGELOG](CHANGELOG.md) contains details for all changes and links to the original PR.
 
+### From 5.x to 6.x
+
+* All async [IDX API](docs/idx.md) methods will either resolve with an IDX transaction object or throw an exception. In the previous version some exceptions were caught and returned as the `error` property on an IDX transaction object.
+
 ### From 4.x to 5.x
 
 * Token auto renew requires [running OktaAuth as a service](#running-as-a-service). To start the service, call [start()](#start). `start` will also call [updateAuthState](#authstatemanagerupdateauthstate) to set an initial [AuthState](#authstatemanager)

package/cjs/AuthStateManager.js

@@ -1,7 +1,15 @@
 "use strict";
 
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
 exports.AuthStateManager = exports.INITIAL_AUTH_STATE = void 0;
 
+var _stringify = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/json/stringify"));
+
+var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
+
+var _pCancelable = _interopRequireDefault(require("p-cancelable"));
+
 var _errors = require("./errors");
 
 var _util = require("./util");
@@ -19,8 +27,8 @@ var _TokenManager = require("./TokenManager");
  * 
  * See the License for the specific language governing permissions and limitations under the License.
  */
-const PCancelable = require('p-cancelable');
-
+// @ts-ignore 
+// Do not use this type in code, so it won't be emitted in the declaration output
 const INITIAL_AUTH_STATE = null;
 exports.INITIAL_AUTH_STATE = INITIAL_AUTH_STATE;
 const DEFAULT_PENDING = {
@@ -36,7 +44,7 @@ const isSameAuthState = (prevState, state) => {
     return false;
   }
 
-  return prevState.isAuthenticated === state.isAuthenticated && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken) && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken) && prevState.error === state.error;
+  return prevState.isAuthenticated === state.isAuthenticated && (0, _stringify.default)(prevState.idToken) === (0, _stringify.default)(state.idToken) && (0, _stringify.default)(prevState.accessToken) === (0, _stringify.default)(state.accessToken) && prevState.error === state.error;
 };
 
 class AuthStateManager {
@@ -49,7 +57,8 @@ class AuthStateManager {
     this._pending = { ...DEFAULT_PENDING
     };
     this._authState = INITIAL_AUTH_STATE;
-    this._logOptions = {}; // Listen on tokenManager events to start updateState process
+    this._logOptions = {};
+    this._prevAuthState = null; // Listen on tokenManager events to start updateState process
     // "added" event is emitted in both add and renew process
     // Only listen on "added" event to update auth state
 
@@ -145,7 +154,7 @@ class AuthStateManager {
     /* eslint-disable complexity */
 
 
-    const cancelablePromise = new PCancelable((resolve, _, onCancel) => {
+    const cancelablePromise = new _pCancelable.default((resolve, _, onCancel) => {
       onCancel.shouldReject = false;
       onCancel(() => {
         this._pending.updateAuthStatePromise = null;
@@ -185,7 +194,7 @@ class AuthStateManager {
           refreshToken,
           isAuthenticated: !!(accessToken && idToken)
         };
-        const promise = transformAuthState ? transformAuthState(this._sdk, authState) : Promise.resolve(authState);
+        const promise = transformAuthState ? transformAuthState(this._sdk, authState) : _promise.default.resolve(authState);
         promise.then(authState => emitAndResolve(authState)).catch(error => emitAndResolve({
           accessToken,
           idToken,

package/cjs/AuthStateManager.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../lib/AuthStateManager.ts"],"names":["PCancelable","require","INITIAL_AUTH_STATE","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","JSON","stringify","idToken","accessToken","error","AuthStateManager","constructor","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","getPreviousAuthState","_prevAuthState","transformAuthState","devMode","log","status","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","then","curPromise","cancel","cancelablePromise","resolve","_","onCancel","shouldReject","emitAndResolve","isCanceled","refreshToken","getTokensSync","promise","Promise","catch","subscribe","handler","unsubscribe","off"],"mappings":";;;;AAaA;;AAGA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,MAAMA,WAAW,GAAGC,OAAO,CAAC,cAAD,CAA3B;;AAEO,MAAMC,kBAAkB,GAAG,IAA3B;;AACP,MAAMC,eAAe,GAAG;AACtBC,EAAAA,sBAAsB,EAAE,IADF;AAEtBC,EAAAA,aAAa,EAAE;AAFO,CAAxB;AAIA,MAAMC,uBAAuB,GAAG,iBAAhC;AACA,MAAMC,wBAAwB,GAAG,EAAjC,C,CAEA;;AACA,MAAMC,eAAe,GAAG,CAACC,SAAD,EAAuBC,KAAvB,KAA4C;AAClE;AACA,MAAI,CAACD,SAAL,EAAgB;AACd,WAAO,KAAP;AACD;;AAED,SAAOA,SAAS,CAACE,eAAV,KAA8BD,KAAK,CAACC,eAApC,IACFC,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACK,OAAzB,MAAsCF,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACI,OAArB,CADpC,IAEFF,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACM,WAAzB,MAA0CH,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACK,WAArB,CAFxC,IAGFN,SAAS,CAACO,KAAV,KAAoBN,KAAK,CAACM,KAH/B;AAID,CAVD;;AAYO,MAAMC,gBAAN,CAAuB;AAW5BC,EAAAA,WAAW,CAACC,GAAD,EAAgB;AACzB,QAAI,CAACA,GAAG,CAACC,OAAT,EAAkB;AAChB,YAAM,IAAIC,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AAED,SAAKC,IAAL,GAAYH,GAAZ;AACA,SAAKI,QAAL,GAAgB,EAAE,GAAGpB;AAAL,KAAhB;AACA,SAAKqB,UAAL,GAAkBtB,kBAAlB;AACA,SAAKuB,WAAL,GAAmB,EAAnB,CARyB,CAUzB;AACA;AACA;;AACAN,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBC,yBAApB,EAAiC,CAACC,GAAD,EAAMC,KAAN,KAAgB;AAC/C,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEJ,yBAAT;AAAsBC,QAAAA,GAAtB;AAA2BC,QAAAA;AAA3B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAIAd,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBO,2BAApB,EAAmC,CAACL,GAAD,EAAMC,KAAN,KAAgB;AACjD,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEE,2BAAT;AAAwBL,QAAAA,GAAxB;AAA6BC,QAAAA;AAA7B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAID;;AAEDF,EAAAA,cAAc,CAACI,OAAD,EAAU;AACtB,SAAKV,WAAL,GAAmBU,OAAnB;AACD;;AAEDC,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKZ,UAAZ;AACD;;AAEDa,EAAAA,oBAAoB,GAAqB;AACvC,WAAO,KAAKC,cAAZ;AACD;;AAEoB,QAAfL,eAAe,GAAuB;AAC1C,UAAM;AAAEM,MAAAA,kBAAF;AAAsBC,MAAAA;AAAtB,QAAkC,KAAKlB,IAAL,CAAUa,OAAlD;;AAEA,UAAMM,GAAG,GAAIC,MAAD,IAAY;AACtB,YAAM;AAAEV,QAAAA,KAAF;AAASH,QAAAA,GAAT;AAAcC,QAAAA;AAAd,UAAwB,KAAKL,WAAnC;AACA,8BAAakB,KAAb,CAAoB,uCAAsCX,KAAM,WAAUU,MAAO,EAAjF;AACA,8BAAaD,GAAb,CAAiBZ,GAAjB,EAAsBC,KAAtB;AACA,8BAAaW,GAAb,CAAiB,mBAAjB,EAAsC,KAAKjB,UAA3C;AACA,8BAAaoB,QAAb,GALsB,CAOtB;;AACA,WAAKnB,WAAL,GAAmB,EAAnB;AACD,KATD;;AAWA,UAAMoB,mBAAmB,GAAIC,SAAD,IAAe;AACzC,UAAItC,eAAe,CAAC,KAAKgB,UAAN,EAAkBsB,SAAlB,CAAnB,EAAiD;AAC/CN,QAAAA,OAAO,IAAIC,GAAG,CAAC,WAAD,CAAd;AACA;AACD;;AACD,WAAKH,cAAL,GAAsB,KAAKd,UAA3B;AACA,WAAKA,UAAL,GAAkBsB,SAAlB,CANyC,CAOzC;;AACA,WAAKxB,IAAL,CAAUF,OAAV,CAAkB2B,IAAlB,CAAuBzC,uBAAvB,EAAgD,EAAE,GAAGwC;AAAL,OAAhD;;AACAN,MAAAA,OAAO,IAAIC,GAAG,CAAC,SAAD,CAAd;AACD,KAVD;;AAYA,UAAMO,YAAY,GAAIC,WAAD,IAAiB;AACpC,aAAO,KAAK1B,QAAL,CAAcnB,sBAAd,CAAqC8C,IAArC,CAA0C,MAAM;AACrD,cAAMC,UAAU,GAAG,KAAK5B,QAAL,CAAcnB,sBAAjC;;AACA,YAAI+C,UAAU,IAAIA,UAAU,KAAKF,WAAjC,EAA8C;AAC5C,iBAAOD,YAAY,CAACG,UAAD,CAAnB;AACD;;AACD,eAAO,KAAKf,YAAL,EAAP;AACD,OANM,CAAP;AAOD,KARD;;AAUA,QAAI,KAAKb,QAAL,CAAcnB,sBAAlB,EAA0C;AACxC,UAAI,KAAKmB,QAAL,CAAclB,aAAd,IAA+BE,wBAAnC,EAA6D;AAC3D;AACA;AACAiC,QAAAA,OAAO,IAAIC,GAAG,CAAC,YAAD,CAAd;AACA,eAAOO,YAAY,CAAC,KAAKzB,QAAL,CAAcnB,sBAAf,CAAnB;AACD,OALD,MAKO;AACL,aAAKmB,QAAL,CAAcnB,sBAAd,CAAqCgD,MAArC;AACD;AACF;AAED;;;AACA,UAAMC,iBAAiB,GAAG,IAAIrD,WAAJ,CAAgB,CAACsD,OAAD,EAAUC,CAAV,EAAaC,QAAb,KAA0B;AAClEA,MAAAA,QAAQ,CAACC,YAAT,GAAwB,KAAxB;AACAD,MAAAA,QAAQ,CAAC,MAAM;AACb,aAAKjC,QAAL,CAAcnB,sBAAd,GAAuC,IAAvC;AACA,aAAKmB,QAAL,CAAclB,aAAd,GAA8B,KAAKkB,QAAL,CAAclB,aAAd,GAA8B,CAA5D;AACAmC,QAAAA,OAAO,IAAIC,GAAG,CAAC,UAAD,CAAd;AACD,OAJO,CAAR;;AAMA,YAAMiB,cAAc,GAAIZ,SAAD,IAAe;AACpC,YAAIO,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD,SAJmC,CAKpC;;;AACAT,QAAAA,mBAAmB,CAACC,SAAD,CAAnB;AACAQ,QAAAA,OAAO,GAP6B,CASpC;;AACA,aAAK/B,QAAL,GAAgB,EAAE,GAAGpB;AAAL,SAAhB;AACD,OAXD;;AAaA,WAAKmB,IAAL,CAAUX,eAAV,GACGuC,IADH,CACQ,MAAM;AACV,YAAIG,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD;;AAED,cAAM;AAAEvC,UAAAA,WAAF;AAAeD,UAAAA,OAAf;AAAwB8C,UAAAA;AAAxB,YAAyC,KAAKtC,IAAL,CAAUI,YAAV,CAAuBmC,aAAvB,EAA/C;;AACA,cAAMf,SAAS,GAAG;AAChB/B,UAAAA,WADgB;AAEhBD,UAAAA,OAFgB;AAGhB8C,UAAAA,YAHgB;AAIhBjD,UAAAA,eAAe,EAAE,CAAC,EAAEI,WAAW,IAAID,OAAjB;AAJF,SAAlB;AAMA,cAAMgD,OAA2B,GAAGvB,kBAAkB,GAClDA,kBAAkB,CAAC,KAAKjB,IAAN,EAAYwB,SAAZ,CADgC,GAElDiB,OAAO,CAACT,OAAR,CAAgBR,SAAhB,CAFJ;AAIAgB,QAAAA,OAAO,CACJZ,IADH,CACQJ,SAAS,IAAIY,cAAc,CAACZ,SAAD,CADnC,EAEGkB,KAFH,CAEShD,KAAK,IAAI0C,cAAc,CAAC;AAC7B3C,UAAAA,WAD6B;AAE7BD,UAAAA,OAF6B;AAG7B8C,UAAAA,YAH6B;AAI7BjD,UAAAA,eAAe,EAAE,KAJY;AAK7BK,UAAAA;AAL6B,SAAD,CAFhC;AASD,OA3BH;AA4BD,KAjDyB,CAA1B;AAkDA;;AACA,SAAKO,QAAL,CAAcnB,sBAAd,GAAuCiD,iBAAvC;AAEA,WAAOL,YAAY,CAACK,iBAAD,CAAnB;AACD;;AAEDY,EAAAA,SAAS,CAACC,OAAD,EAAgB;AACvB,SAAK5C,IAAL,CAAUF,OAAV,CAAkBO,EAAlB,CAAqBrB,uBAArB,EAA8C4D,OAA9C;AACD;;AAEDC,EAAAA,WAAW,CAACD,OAAD,EAAiB;AAC1B,SAAK5C,IAAL,CAAUF,OAAV,CAAkBgD,GAAlB,CAAsB9D,uBAAtB,EAA+C4D,OAA/C;AACD;;AA5J2B","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { AuthState, AuthStateLogOptions } from './types';\nimport { OktaAuth } from '.';\nimport { getConsole } from './util';\nimport { EVENT_ADDED, EVENT_REMOVED } from './TokenManager';\nconst PCancelable = require('p-cancelable');\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n  updateAuthStatePromise: null,\n  canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState, state: AuthState) => {\n  // initial state is null\n  if (!prevState) {\n    return false;\n  }\n\n  return prevState.isAuthenticated === state.isAuthenticated \n    && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n    && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n    && prevState.error === state.error;\n};\n\nexport class AuthStateManager {\n  _sdk: OktaAuth;\n  _pending: { \n    updateAuthStatePromise: typeof PCancelable;\n    canceledTimes: number; \n  };\n  _authState: AuthState | null;\n  _prevAuthState: AuthState | null;\n  _logOptions: AuthStateLogOptions;\n  _lastEventTimestamp: number;\n\n  constructor(sdk: OktaAuth) {\n    if (!sdk.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n    }\n\n    this._sdk = sdk;\n    this._pending = { ...DEFAULT_PENDING };\n    this._authState = INITIAL_AUTH_STATE;\n    this._logOptions = {};\n\n    // Listen on tokenManager events to start updateState process\n    // \"added\" event is emitted in both add and renew process\n    // Only listen on \"added\" event to update auth state\n    sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n      this._setLogOptions({ event: EVENT_ADDED, key, token });\n      this.updateAuthState();\n    });\n    sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n      this._setLogOptions({ event: EVENT_REMOVED, key, token });\n      this.updateAuthState();\n    });\n  }\n\n  _setLogOptions(options) {\n    this._logOptions = options;\n  }\n\n  getAuthState(): AuthState | null {\n    return this._authState;\n  }\n\n  getPreviousAuthState(): AuthState | null {\n    return this._prevAuthState;\n  }\n\n  async updateAuthState(): Promise<AuthState> {\n    const { transformAuthState, devMode } = this._sdk.options;\n\n    const log = (status) => {\n      const { event, key, token } = this._logOptions;\n      getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n      getConsole().log(key, token);\n      getConsole().log('Current authState', this._authState);\n      getConsole().groupEnd();\n      \n      // clear log options after logging\n      this._logOptions = {};\n    };\n\n    const emitAuthStateChange = (authState) => {\n      if (isSameAuthState(this._authState, authState)) {\n        devMode && log('unchanged'); \n        return;\n      }\n      this._prevAuthState = this._authState;\n      this._authState = authState;\n      // emit new authState object\n      this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n      devMode && log('emitted');\n    };\n\n    const finalPromise = (origPromise) => {       \n      return this._pending.updateAuthStatePromise.then(() => {\n        const curPromise = this._pending.updateAuthStatePromise;\n        if (curPromise && curPromise !== origPromise) {\n          return finalPromise(curPromise);\n        }\n        return this.getAuthState();\n      });\n    };\n\n    if (this._pending.updateAuthStatePromise) {\n      if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n        // stop canceling then starting a new promise\n        // let existing promise finish to prevent running into loops\n        devMode && log('terminated');\n        return finalPromise(this._pending.updateAuthStatePromise);\n      } else {\n        this._pending.updateAuthStatePromise.cancel();\n      }\n    }\n\n    /* eslint-disable complexity */\n    const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n      onCancel.shouldReject = false;\n      onCancel(() => {\n        this._pending.updateAuthStatePromise = null;\n        this._pending.canceledTimes = this._pending.canceledTimes + 1;\n        devMode && log('canceled');\n      });\n\n      const emitAndResolve = (authState) => {\n        if (cancelablePromise.isCanceled) {\n          resolve();\n          return;\n        }\n        // emit event and resolve promise \n        emitAuthStateChange(authState);\n        resolve();\n\n        // clear pending states after resolve\n        this._pending = { ...DEFAULT_PENDING };\n      };\n\n      this._sdk.isAuthenticated()\n        .then(() => {\n          if (cancelablePromise.isCanceled) {\n            resolve();\n            return;\n          }\n\n          const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n          const authState = {\n            accessToken,\n            idToken,\n            refreshToken,\n            isAuthenticated: !!(accessToken && idToken)\n          };\n          const promise: Promise<AuthState> = transformAuthState\n            ? transformAuthState(this._sdk, authState)\n            : Promise.resolve(authState);\n\n          promise\n            .then(authState => emitAndResolve(authState))\n            .catch(error => emitAndResolve({\n              accessToken, \n              idToken, \n              refreshToken,\n              isAuthenticated: false, \n              error\n            }));\n        });\n    });\n    /* eslint-enable complexity */\n    this._pending.updateAuthStatePromise = cancelablePromise;\n\n    return finalPromise(cancelablePromise);\n  }\n\n  subscribe(handler): void {\n    this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n  }\n\n  unsubscribe(handler?): void {\n    this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n  }\n}\n"],"file":"AuthStateManager.js"}
+{"version":3,"sources":["../../lib/AuthStateManager.ts"],"names":["INITIAL_AUTH_STATE","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","idToken","accessToken","error","AuthStateManager","constructor","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","_prevAuthState","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","getPreviousAuthState","transformAuthState","devMode","log","status","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","then","curPromise","cancel","cancelablePromise","PCancelable","resolve","_","onCancel","shouldReject","emitAndResolve","isCanceled","refreshToken","getTokensSync","promise","catch","subscribe","handler","unsubscribe","off"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAGA;;AACA;;AAnBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AAQO,MAAMA,kBAAkB,GAAG,IAA3B;;AACP,MAAMC,eAAe,GAAG;AACtBC,EAAAA,sBAAsB,EAAE,IADF;AAEtBC,EAAAA,aAAa,EAAE;AAFO,CAAxB;AAIA,MAAMC,uBAAuB,GAAG,iBAAhC;AACA,MAAMC,wBAAwB,GAAG,EAAjC,C,CAEA;;AACA,MAAMC,eAAe,GAAG,CAACC,SAAD,EAA8BC,KAA9B,KAAmD;AACzE;AACA,MAAI,CAACD,SAAL,EAAgB;AACd,WAAO,KAAP;AACD;;AAED,SAAOA,SAAS,CAACE,eAAV,KAA8BD,KAAK,CAACC,eAApC,IACF,wBAAeF,SAAS,CAACG,OAAzB,MAAsC,wBAAeF,KAAK,CAACE,OAArB,CADpC,IAEF,wBAAeH,SAAS,CAACI,WAAzB,MAA0C,wBAAeH,KAAK,CAACG,WAArB,CAFxC,IAGFJ,SAAS,CAACK,KAAV,KAAoBJ,KAAK,CAACI,KAH/B;AAID,CAVD;;AAYO,MAAMC,gBAAN,CAAuB;AAU5BC,EAAAA,WAAW,CAACC,GAAD,EAAgB;AACzB,QAAI,CAACA,GAAG,CAACC,OAAT,EAAkB;AAChB,YAAM,IAAIC,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AAED,SAAKC,IAAL,GAAYH,GAAZ;AACA,SAAKI,QAAL,GAAgB,EAAE,GAAGlB;AAAL,KAAhB;AACA,SAAKmB,UAAL,GAAkBpB,kBAAlB;AACA,SAAKqB,WAAL,GAAmB,EAAnB;AACA,SAAKC,cAAL,GAAsB,IAAtB,CATyB,CAWzB;AACA;AACA;;AACAP,IAAAA,GAAG,CAACQ,YAAJ,CAAiBC,EAAjB,CAAoBC,yBAApB,EAAiC,CAACC,GAAD,EAAMC,KAAN,KAAgB;AAC/C,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEJ,yBAAT;AAAsBC,QAAAA,GAAtB;AAA2BC,QAAAA;AAA3B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAIAf,IAAAA,GAAG,CAACQ,YAAJ,CAAiBC,EAAjB,CAAoBO,2BAApB,EAAmC,CAACL,GAAD,EAAMC,KAAN,KAAgB;AACjD,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEE,2BAAT;AAAwBL,QAAAA,GAAxB;AAA6BC,QAAAA;AAA7B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAID;;AAEDF,EAAAA,cAAc,CAACI,OAAD,EAAU;AACtB,SAAKX,WAAL,GAAmBW,OAAnB;AACD;;AAEDC,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKb,UAAZ;AACD;;AAEDc,EAAAA,oBAAoB,GAAqB;AACvC,WAAO,KAAKZ,cAAZ;AACD;;AAEoB,QAAfQ,eAAe,GAAuB;AAC1C,UAAM;AAAEK,MAAAA,kBAAF;AAAsBC,MAAAA;AAAtB,QAAkC,KAAKlB,IAAL,CAAUc,OAAlD;;AAEA,UAAMK,GAAG,GAAIC,MAAD,IAAY;AACtB,YAAM;AAAET,QAAAA,KAAF;AAASH,QAAAA,GAAT;AAAcC,QAAAA;AAAd,UAAwB,KAAKN,WAAnC;AACA,8BAAakB,KAAb,CAAoB,uCAAsCV,KAAM,WAAUS,MAAO,EAAjF;AACA,8BAAaD,GAAb,CAAiBX,GAAjB,EAAsBC,KAAtB;AACA,8BAAaU,GAAb,CAAiB,mBAAjB,EAAsC,KAAKjB,UAA3C;AACA,8BAAaoB,QAAb,GALsB,CAOtB;;AACA,WAAKnB,WAAL,GAAmB,EAAnB;AACD,KATD;;AAWA,UAAMoB,mBAAmB,GAAIC,SAAD,IAAe;AACzC,UAAIpC,eAAe,CAAC,KAAKc,UAAN,EAAkBsB,SAAlB,CAAnB,EAAiD;AAC/CN,QAAAA,OAAO,IAAIC,GAAG,CAAC,WAAD,CAAd;AACA;AACD;;AACD,WAAKf,cAAL,GAAsB,KAAKF,UAA3B;AACA,WAAKA,UAAL,GAAkBsB,SAAlB,CANyC,CAOzC;;AACA,WAAKxB,IAAL,CAAUF,OAAV,CAAkB2B,IAAlB,CAAuBvC,uBAAvB,EAAgD,EAAE,GAAGsC;AAAL,OAAhD;;AACAN,MAAAA,OAAO,IAAIC,GAAG,CAAC,SAAD,CAAd;AACD,KAVD;;AAYA,UAAMO,YAAY,GAAIC,WAAD,IAAiB;AACpC,aAAO,KAAK1B,QAAL,CAAcjB,sBAAd,CAAqC4C,IAArC,CAA0C,MAAM;AACrD,cAAMC,UAAU,GAAG,KAAK5B,QAAL,CAAcjB,sBAAjC;;AACA,YAAI6C,UAAU,IAAIA,UAAU,KAAKF,WAAjC,EAA8C;AAC5C,iBAAOD,YAAY,CAACG,UAAD,CAAnB;AACD;;AACD,eAAO,KAAKd,YAAL,EAAP;AACD,OANM,CAAP;AAOD,KARD;;AAUA,QAAI,KAAKd,QAAL,CAAcjB,sBAAlB,EAA0C;AACxC,UAAI,KAAKiB,QAAL,CAAchB,aAAd,IAA+BE,wBAAnC,EAA6D;AAC3D;AACA;AACA+B,QAAAA,OAAO,IAAIC,GAAG,CAAC,YAAD,CAAd;AACA,eAAOO,YAAY,CAAC,KAAKzB,QAAL,CAAcjB,sBAAf,CAAnB;AACD,OALD,MAKO;AACL,aAAKiB,QAAL,CAAcjB,sBAAd,CAAqC8C,MAArC;AACD;AACF;AAED;;;AACA,UAAMC,iBAAiB,GAAG,IAAIC,oBAAJ,CAAgB,CAACC,OAAD,EAAUC,CAAV,EAAaC,QAAb,KAA0B;AAClEA,MAAAA,QAAQ,CAACC,YAAT,GAAwB,KAAxB;AACAD,MAAAA,QAAQ,CAAC,MAAM;AACb,aAAKlC,QAAL,CAAcjB,sBAAd,GAAuC,IAAvC;AACA,aAAKiB,QAAL,CAAchB,aAAd,GAA8B,KAAKgB,QAAL,CAAchB,aAAd,GAA8B,CAA5D;AACAiC,QAAAA,OAAO,IAAIC,GAAG,CAAC,UAAD,CAAd;AACD,OAJO,CAAR;;AAMA,YAAMkB,cAAc,GAAIb,SAAD,IAAe;AACpC,YAAIO,iBAAiB,CAACO,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD,SAJmC,CAKpC;;;AACAV,QAAAA,mBAAmB,CAACC,SAAD,CAAnB;AACAS,QAAAA,OAAO,GAP6B,CASpC;;AACA,aAAKhC,QAAL,GAAgB,EAAE,GAAGlB;AAAL,SAAhB;AACD,OAXD;;AAaA,WAAKiB,IAAL,CAAUT,eAAV,GACGqC,IADH,CACQ,MAAM;AACV,YAAIG,iBAAiB,CAACO,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD;;AAED,cAAM;AAAExC,UAAAA,WAAF;AAAeD,UAAAA,OAAf;AAAwB+C,UAAAA;AAAxB,YAAyC,KAAKvC,IAAL,CAAUK,YAAV,CAAuBmC,aAAvB,EAA/C;;AACA,cAAMhB,SAAS,GAAG;AAChB/B,UAAAA,WADgB;AAEhBD,UAAAA,OAFgB;AAGhB+C,UAAAA,YAHgB;AAIhBhD,UAAAA,eAAe,EAAE,CAAC,EAAEE,WAAW,IAAID,OAAjB;AAJF,SAAlB;AAMA,cAAMiD,OAA2B,GAAGxB,kBAAkB,GAClDA,kBAAkB,CAAC,KAAKjB,IAAN,EAAYwB,SAAZ,CADgC,GAElD,iBAAQS,OAAR,CAAgBT,SAAhB,CAFJ;AAIAiB,QAAAA,OAAO,CACJb,IADH,CACQJ,SAAS,IAAIa,cAAc,CAACb,SAAD,CADnC,EAEGkB,KAFH,CAEShD,KAAK,IAAI2C,cAAc,CAAC;AAC7B5C,UAAAA,WAD6B;AAE7BD,UAAAA,OAF6B;AAG7B+C,UAAAA,YAH6B;AAI7BhD,UAAAA,eAAe,EAAE,KAJY;AAK7BG,UAAAA;AAL6B,SAAD,CAFhC;AASD,OA3BH;AA4BD,KAjDyB,CAA1B;AAkDA;;AACA,SAAKO,QAAL,CAAcjB,sBAAd,GAAuC+C,iBAAvC;AAEA,WAAOL,YAAY,CAACK,iBAAD,CAAnB;AACD;;AAEDY,EAAAA,SAAS,CAACC,OAAD,EAAgB;AACvB,SAAK5C,IAAL,CAAUF,OAAV,CAAkBQ,EAAlB,CAAqBpB,uBAArB,EAA8C0D,OAA9C;AACD;;AAEDC,EAAAA,WAAW,CAACD,OAAD,EAAiB;AAC1B,SAAK5C,IAAL,CAAUF,OAAV,CAAkBgD,GAAlB,CAAsB5D,uBAAtB,EAA+C0D,OAA/C;AACD;;AA5J2B","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n \n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport PCancelable from 'p-cancelable';\nimport { AuthSdkError } from './errors';\nimport { AuthState, AuthStateLogOptions } from './types';\nimport { OktaAuth } from '.';\nimport { getConsole } from './util';\nimport { EVENT_ADDED, EVENT_REMOVED } from './TokenManager';\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n  updateAuthStatePromise: null,\n  canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState | null, state: AuthState) => {\n  // initial state is null\n  if (!prevState) {\n    return false;\n  }\n\n  return prevState.isAuthenticated === state.isAuthenticated \n    && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n    && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n    && prevState.error === state.error;\n};\n\nexport class AuthStateManager {\n  _sdk: OktaAuth;\n  _pending: { \n    updateAuthStatePromise: any;\n    canceledTimes: number; \n  };\n  _authState: AuthState | null;\n  _prevAuthState: AuthState | null;\n  _logOptions: AuthStateLogOptions;\n\n  constructor(sdk: OktaAuth) {\n    if (!sdk.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n    }\n\n    this._sdk = sdk;\n    this._pending = { ...DEFAULT_PENDING };\n    this._authState = INITIAL_AUTH_STATE;\n    this._logOptions = {};\n    this._prevAuthState = null;\n \n    // Listen on tokenManager events to start updateState process\n    // \"added\" event is emitted in both add and renew process\n    // Only listen on \"added\" event to update auth state\n    sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n      this._setLogOptions({ event: EVENT_ADDED, key, token });\n      this.updateAuthState();\n    });\n    sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n      this._setLogOptions({ event: EVENT_REMOVED, key, token });\n      this.updateAuthState();\n    });\n  }\n\n  _setLogOptions(options) {\n    this._logOptions = options;\n  }\n\n  getAuthState(): AuthState | null {\n    return this._authState;\n  }\n\n  getPreviousAuthState(): AuthState | null {\n    return this._prevAuthState;\n  }\n\n  async updateAuthState(): Promise<AuthState> {\n    const { transformAuthState, devMode } = this._sdk.options;\n\n    const log = (status) => {\n      const { event, key, token } = this._logOptions;\n      getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n      getConsole().log(key, token);\n      getConsole().log('Current authState', this._authState);\n      getConsole().groupEnd();\n      \n      // clear log options after logging\n      this._logOptions = {};\n    };\n\n    const emitAuthStateChange = (authState) => {\n      if (isSameAuthState(this._authState, authState)) {\n        devMode && log('unchanged'); \n        return;\n      }\n      this._prevAuthState = this._authState;\n      this._authState = authState;\n      // emit new authState object\n      this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n      devMode && log('emitted');\n    };\n\n    const finalPromise = (origPromise) => {       \n      return this._pending.updateAuthStatePromise.then(() => {\n        const curPromise = this._pending.updateAuthStatePromise;\n        if (curPromise && curPromise !== origPromise) {\n          return finalPromise(curPromise);\n        }\n        return this.getAuthState();\n      });\n    };\n\n    if (this._pending.updateAuthStatePromise) {\n      if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n        // stop canceling then starting a new promise\n        // let existing promise finish to prevent running into loops\n        devMode && log('terminated');\n        return finalPromise(this._pending.updateAuthStatePromise);\n      } else {\n        this._pending.updateAuthStatePromise.cancel();\n      }\n    }\n\n    /* eslint-disable complexity */\n    const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n      onCancel.shouldReject = false;\n      onCancel(() => {\n        this._pending.updateAuthStatePromise = null;\n        this._pending.canceledTimes = this._pending.canceledTimes + 1;\n        devMode && log('canceled');\n      });\n\n      const emitAndResolve = (authState) => {\n        if (cancelablePromise.isCanceled) {\n          resolve();\n          return;\n        }\n        // emit event and resolve promise \n        emitAuthStateChange(authState);\n        resolve();\n\n        // clear pending states after resolve\n        this._pending = { ...DEFAULT_PENDING };\n      };\n\n      this._sdk.isAuthenticated()\n        .then(() => {\n          if (cancelablePromise.isCanceled) {\n            resolve();\n            return;\n          }\n\n          const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n          const authState = {\n            accessToken,\n            idToken,\n            refreshToken,\n            isAuthenticated: !!(accessToken && idToken)\n          };\n          const promise: Promise<AuthState> = transformAuthState\n            ? transformAuthState(this._sdk, authState)\n            : Promise.resolve(authState);\n\n          promise\n            .then(authState => emitAndResolve(authState))\n            .catch(error => emitAndResolve({\n              accessToken, \n              idToken, \n              refreshToken,\n              isAuthenticated: false, \n              error\n            }));\n        });\n    });\n    /* eslint-enable complexity */\n    this._pending.updateAuthStatePromise = cancelablePromise;\n\n    return finalPromise(cancelablePromise);\n  }\n\n  subscribe(handler): void {\n    this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n  }\n\n  unsubscribe(handler?): void {\n    this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n  }\n}\n"],"file":"AuthStateManager.js"}