@okta/okta-auth-js 5.11.0 → 6.2.0

package/cjs/oidc/renewTokensWithRefresh.js

@@ -1,7 +1,11 @@
 "use strict";
 
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
 exports.renewTokensWithRefresh = renewTokensWithRefresh;
 
+var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
+
 var _errors = require("../errors");
 
 var _oauth = require("./util/oauth");
@@ -33,7 +37,7 @@ async function renewTokensWithRefresh(sdk, tokenParams, refreshTokenObject) {
     throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');
   }
 
-  const renewTokenParams = Object.assign({}, tokenParams, {
+  const renewTokenParams = (0, _assign.default)({}, tokenParams, {
     clientId
   });
   const tokenResponse = await (0, _token.postRefreshToken)(sdk, renewTokenParams, refreshTokenObject);

package/cjs/oidc/renewTokensWithRefresh.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","Object","assign","tokenResponse","urls","tokens","refreshToken","tokenManager","updateRefreshToken"],"mappings":";;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;AACjB,QAAM;AAAEC,IAAAA;AAAF,MAAeH,GAAG,CAACI,OAAzB;;AACA,MAAI,CAACD,QAAL,EAAe;AACb,UAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;AACD;;AAED,QAAMC,gBAA6B,GAAGC,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBP,WAAlB,EAA+B;AACnEE,IAAAA;AADmE,GAA/B,CAAtC;AAGA,QAAMM,aAAa,GAAG,MAAM,6BAAiBT,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;AACA,QAAMQ,IAAI,GAAG,yBAAaV,GAAb,EAAkBC,WAAlB,CAAb;AACA,QAAM;AAAEU,IAAAA;AAAF,MAAa,MAAM,8CAAoBX,GAApB,EAAyBM,gBAAzB,EAA2CG,aAA3C,EAA0DC,IAA1D,CAAzB,CAXiB,CAajB;;AACA,QAAM;AAAEE,IAAAA;AAAF,MAAmBD,MAAzB;;AACA,MAAIC,YAAY,IAAI,CAAC,sCAAmBA,YAAnB,EAAiCV,kBAAjC,CAArB,EAA2E;AACzEF,IAAAA,GAAG,CAACa,YAAJ,CAAiBC,kBAAjB,CAAoCF,YAApC;AACD;;AAED,SAAOD,MAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuth, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuth,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n    clientId,\n  });\n  const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n  // Support rotating refresh tokens\n  const { refreshToken } = tokens;\n  if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n    sdk.tokenManager.updateRefreshToken(refreshToken);\n  }\n\n  return tokens;\n}\n"],"file":"renewTokensWithRefresh.js"}
+{"version":3,"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","tokenResponse","urls","tokens","refreshToken","tokenManager","updateRefreshToken"],"mappings":";;;;;;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;AACjB,QAAM;AAAEC,IAAAA;AAAF,MAAeH,GAAG,CAACI,OAAzB;;AACA,MAAI,CAACD,QAAL,EAAe;AACb,UAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;AACD;;AAED,QAAMC,gBAA6B,GAAG,qBAAc,EAAd,EAAkBL,WAAlB,EAA+B;AACnEE,IAAAA;AADmE,GAA/B,CAAtC;AAGA,QAAMI,aAAa,GAAG,MAAM,6BAAiBP,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;AACA,QAAMM,IAAI,GAAG,yBAAaR,GAAb,EAAkBC,WAAlB,CAAb;AACA,QAAM;AAAEQ,IAAAA;AAAF,MAAa,MAAM,8CAAoBT,GAApB,EAAyBM,gBAAzB,EAA2CC,aAA3C,EAA0DC,IAA1D,CAAzB,CAXiB,CAajB;;AACA,QAAM;AAAEE,IAAAA;AAAF,MAAmBD,MAAzB;;AACA,MAAIC,YAAY,IAAI,CAAC,sCAAmBA,YAAnB,EAAiCR,kBAAjC,CAArB,EAA2E;AACzEF,IAAAA,GAAG,CAACW,YAAJ,CAAiBC,kBAAjB,CAAoCF,YAApC;AACD;;AAED,SAAOD,MAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthInterface, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n    clientId,\n  });\n  const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n  // Support rotating refresh tokens\n  const { refreshToken } = tokens;\n  if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n    sdk.tokenManager.updateRefreshToken(refreshToken);\n  }\n\n  return tokens;\n}\n"],"file":"renewTokensWithRefresh.js"}

package/cjs/oidc/revokeToken.js

@@ -1,9 +1,11 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
 exports.revokeToken = revokeToken;
 
+var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
+
 var _http = require("../http");
 
 var _util = require("../util");
@@ -29,40 +31,41 @@ var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
 
 /* eslint complexity:[0,8] */
 // refresh tokens have precedence to be revoked if no token is specified
-function revokeToken(sdk, token) {
-  return Promise.resolve().then(function () {
-    var accessToken;
-    var refreshToken;
-
-    if (token) {
-      accessToken = token.accessToken;
-      refreshToken = token.refreshToken;
-    }
+async function revokeToken(sdk, token) {
+  var _context;
 
-    if (!accessToken && !refreshToken) {
-      throw new _AuthSdkError.default('A valid access or refresh token object is required');
-    }
+  let accessToken = '';
+  let refreshToken = '';
 
-    var clientId = sdk.options.clientId;
-    var clientSecret = sdk.options.clientSecret;
+  if (token) {
+    accessToken = token.accessToken;
+    refreshToken = token.refreshToken;
+  }
 
-    if (!clientId) {
-      throw new _AuthSdkError.default('A clientId must be specified in the OktaAuth constructor to revoke a token');
-    }
+  if (!accessToken && !refreshToken) {
+    throw new _AuthSdkError.default('A valid access or refresh token object is required');
+  }
 
-    var revokeUrl = (0, _oauth.getOAuthUrls)(sdk).revokeUrl;
-    var args = (0, _util.toQueryString)({
-      // eslint-disable-next-line camelcase
-      token_type_hint: refreshToken ? 'refresh_token' : 'access_token',
-      token: refreshToken || accessToken
-    }).slice(1);
-    var creds = clientSecret ? (0, _crypto.btoa)(`${clientId}:${clientSecret}`) : (0, _crypto.btoa)(clientId);
-    return (0, _http.post)(sdk, revokeUrl, args, {
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded',
-        'Authorization': 'Basic ' + creds
-      }
-    });
+  var clientId = sdk.options.clientId;
+  var clientSecret = sdk.options.clientSecret;
+
+  if (!clientId) {
+    throw new _AuthSdkError.default('A clientId must be specified in the OktaAuth constructor to revoke a token');
+  } // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+
+
+  var revokeUrl = (0, _oauth.getOAuthUrls)(sdk).revokeUrl;
+  var args = (0, _slice.default)(_context = (0, _util.toQueryString)({
+    // eslint-disable-next-line camelcase
+    token_type_hint: refreshToken ? 'refresh_token' : 'access_token',
+    token: refreshToken || accessToken
+  })).call(_context, 1);
+  var creds = clientSecret ? (0, _crypto.btoa)(`${clientId}:${clientSecret}`) : (0, _crypto.btoa)(clientId);
+  return (0, _http.post)(sdk, revokeUrl, args, {
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+      'Authorization': 'Basic ' + creds
+    }
   });
 }
 //# sourceMappingURL=revokeToken.js.map

package/cjs/oidc/revokeToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","Promise","resolve","then","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","slice","creds","headers"],"mappings":";;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,SAASA,WAAT,CAAqBC,GAArB,EAAoCC,KAApC,EAAyE;AAC9E,SAAOC,OAAO,CAACC,OAAR,GACJC,IADI,CACC,YAAY;AAChB,QAAIC,WAAJ;AACA,QAAIC,YAAJ;;AACA,QAAIL,KAAJ,EAAW;AACPI,MAAAA,WAAW,GAAIJ,KAAD,CAAuBI,WAArC;AACAC,MAAAA,YAAY,GAAIL,KAAD,CAAwBK,YAAvC;AACH;;AAED,QAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;AAChC,YAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAIC,QAAQ,GAAGR,GAAG,CAACS,OAAJ,CAAYD,QAA3B;AACA,QAAIE,YAAY,GAAGV,GAAG,CAACS,OAAJ,CAAYC,YAA/B;;AACA,QAAI,CAACF,QAAL,EAAe;AACb,YAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;AACD;;AACD,QAAII,SAAS,GAAG,yBAAaX,GAAb,EAAkBW,SAAlC;AACA,QAAIC,IAAI,GAAG,yBAAc;AACvB;AACAC,MAAAA,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;AAGvBL,MAAAA,KAAK,EAAEK,YAAY,IAAID;AAHA,KAAd,EAIRS,KAJQ,CAIF,CAJE,CAAX;AAKA,QAAIC,KAAK,GAAGL,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;AACA,WAAO,gBAAKR,GAAL,EAAUW,SAAV,EAAqBC,IAArB,EAA2B;AAChCI,MAAAA,OAAO,EAAE;AACP,wBAAgB,mCADT;AAEP,yBAAiB,WAAWD;AAFrB;AADuB,KAA3B,CAAP;AAMD,GA9BI,CAAP;AA+BD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuth,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport function revokeToken(sdk: OktaAuth, token: RevocableToken): Promise<any> {\n  return Promise.resolve()\n    .then(function () {\n      var accessToken: string;\n      var refreshToken: string;\n      if (token) { \n          accessToken = (token as AccessToken).accessToken;\n          refreshToken = (token as RefreshToken).refreshToken;  \n      }\n        \n      if(!accessToken && !refreshToken) { \n        throw new AuthSdkError('A valid access or refresh token object is required');\n      }\n      var clientId = sdk.options.clientId;\n      var clientSecret = sdk.options.clientSecret;\n      if (!clientId) {\n        throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n      }\n      var revokeUrl = getOAuthUrls(sdk).revokeUrl;\n      var args = toQueryString({\n        // eslint-disable-next-line camelcase\n        token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n        token: refreshToken || accessToken,\n      }).slice(1);\n      var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n      return post(sdk, revokeUrl, args, {\n        headers: {\n          'Content-Type': 'application/x-www-form-urlencoded',\n          'Authorization': 'Basic ' + creds\n        }\n      });\n    });\n}"],"file":"revokeToken.js"}
+{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","creds","headers"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAmDC,KAAnD,EAAwF;AAAA;;AAC7F,MAAIC,WAAW,GAAG,EAAlB;AACA,MAAIC,YAAY,GAAG,EAAnB;;AACA,MAAIF,KAAJ,EAAW;AACPC,IAAAA,WAAW,GAAID,KAAD,CAAuBC,WAArC;AACAC,IAAAA,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;AACH;;AACD,MAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;AAChC,UAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,MAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;AACA,MAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;AACA,MAAI,CAACF,QAAL,EAAe;AACb,UAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;AACD,GAd4F,CAe7F;;;AACA,MAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;AACA,MAAIC,IAAI,GAAG,wDAAc;AACvB;AACAC,IAAAA,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;AAGvBF,IAAAA,KAAK,EAAEE,YAAY,IAAID;AAHA,GAAd,kBAIF,CAJE,CAAX;AAKA,MAAIS,KAAK,GAAGJ,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;AACA,SAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;AAChCG,IAAAA,OAAO,EAAE;AACP,sBAAgB,mCADT;AAEP,uBAAiB,WAAWD;AAFrB;AADuB,GAA3B,CAAP;AAMD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuthInterface,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthInterface, token: RevocableToken): Promise<any> {\n  let accessToken = '';\n  let refreshToken = '';\n  if (token) { \n      accessToken = (token as AccessToken).accessToken;\n      refreshToken = (token as RefreshToken).refreshToken;  \n  }\n  if(!accessToken && !refreshToken) { \n    throw new AuthSdkError('A valid access or refresh token object is required');\n  }\n  var clientId = sdk.options.clientId;\n  var clientSecret = sdk.options.clientSecret;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n  }\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n  var args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n    token: refreshToken || accessToken,\n  }).slice(1);\n  var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  return post(sdk, revokeUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + creds\n    }\n  });\n}\n"],"file":"revokeToken.js"}

package/cjs/oidc/util/browser.js

@@ -1,11 +1,15 @@
 "use strict";
 
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
 exports.addListener = addListener;
 exports.removeListener = removeListener;
 exports.loadFrame = loadFrame;
 exports.loadPopup = loadPopup;
 exports.addPostMessageListener = addPostMessageListener;
 
+var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
+
 var _errors = require("../../errors");
 
 /*!
@@ -56,7 +60,7 @@ function loadPopup(src, options) {
 function addPostMessageListener(sdk, timeout, state) {
   var responseHandler;
   var timeoutId;
-  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {
+  var msgReceivedOrTimeout = new _promise.default(function (resolve, reject) {
     responseHandler = function responseHandler(e) {
       if (!e.data || e.data.state !== state) {
         // A message not meant for us

package/cjs/oidc/util/browser.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","Promise","resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"mappings":";;;;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAIO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;;AAEM,SAASG,sBAAT,CAAgCC,GAAhC,EAA+CC,OAA/C,EAAwDC,KAAxD,EAA+D;AACpE,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,IAAIC,OAAJ,CAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEL,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBM,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOR,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIO,CAAC,CAACE,MAAF,KAAaX,GAAG,CAACY,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDN,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBApC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGU,UAAU,CAAC,YAAY;AACjCN,MAAAA,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnBZ,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBU,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACZ,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n  if (eventTarget.addEventListener) {\n    eventTarget.addEventListener(name, fn);\n  } else {\n    eventTarget.attachEvent('on' + name, fn);\n  }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n  if (eventTarget.removeEventListener) {\n    eventTarget.removeEventListener(name, fn);\n  } else {\n    eventTarget.detachEvent('on' + name, fn);\n  }\n}\n\nexport function loadFrame(src) {\n  var iframe = document.createElement('iframe');\n  iframe.style.display = 'none';\n  iframe.src = src;\n\n  return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n  var title = options.popupTitle || 'External Identity Provider User Authentication';\n  var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n    'top=100, left=500, width=600, height=600';\n  return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuth, timeout, state) {\n  var responseHandler;\n  var timeoutId;\n  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n    responseHandler = function responseHandler(e) {\n      if (!e.data || e.data.state !== state) {\n        // A message not meant for us\n        return;\n      }\n\n      // Configuration mismatch between saved token and current app instance\n      // This may happen if apps with different issuers are running on the same host url\n      // If they share the same storage key, they may read and write tokens in the same location.\n      // Common when developing against http://localhost\n      if (e.origin !== sdk.getIssuerOrigin()) {\n        return reject(new AuthSdkError('The request does not match client configuration'));\n      }\n      resolve(e.data);\n    };\n\n    addListener(window, 'message', responseHandler);\n\n    timeoutId = setTimeout(function () {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n\n  return msgReceivedOrTimeout\n    .finally(function () {\n      clearTimeout(timeoutId);\n      removeListener(window, 'message', responseHandler);\n    });\n}\n"],"file":"browser.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"mappings":";;;;;;;;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAIO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;;AAEM,SAASG,sBAAT,CAAgCC,GAAhC,EAAwDC,OAAxD,EAAiEC,KAAjE,EAAwE;AAC7E,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,qBAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEJ,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBK,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOP,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIM,CAAC,CAACE,MAAF,KAAaV,GAAG,CAACW,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDN,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBAnC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGS,UAAU,CAAC,YAAY;AACjCN,MAAAA,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnBX,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBS,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACX,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthInterface } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n  if (eventTarget.addEventListener) {\n    eventTarget.addEventListener(name, fn);\n  } else {\n    eventTarget.attachEvent('on' + name, fn);\n  }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n  if (eventTarget.removeEventListener) {\n    eventTarget.removeEventListener(name, fn);\n  } else {\n    eventTarget.detachEvent('on' + name, fn);\n  }\n}\n\nexport function loadFrame(src) {\n  var iframe = document.createElement('iframe');\n  iframe.style.display = 'none';\n  iframe.src = src;\n\n  return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n  var title = options.popupTitle || 'External Identity Provider User Authentication';\n  var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n    'top=100, left=500, width=600, height=600';\n  return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuthInterface, timeout, state) {\n  var responseHandler;\n  var timeoutId;\n  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n    responseHandler = function responseHandler(e) {\n      if (!e.data || e.data.state !== state) {\n        // A message not meant for us\n        return;\n      }\n\n      // Configuration mismatch between saved token and current app instance\n      // This may happen if apps with different issuers are running on the same host url\n      // If they share the same storage key, they may read and write tokens in the same location.\n      // Common when developing against http://localhost\n      if (e.origin !== sdk.getIssuerOrigin()) {\n        return reject(new AuthSdkError('The request does not match client configuration'));\n      }\n      resolve(e.data);\n    };\n\n    addListener(window, 'message', responseHandler);\n\n    timeoutId = setTimeout(function () {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n\n  return msgReceivedOrTimeout\n    .finally(function () {\n      clearTimeout(timeoutId);\n      removeListener(window, 'message', responseHandler);\n    });\n}\n"],"file":"browser.js"}

package/cjs/oidc/util/defaultTokenParams.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAA2D;AAChE,QAAM;AACJC,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA;AARI,MASFR,GAAG,CAACS,OATR;AAUA,QAAMC,kBAAkB,GAAG,6BAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;AACA,SAAO,sBAAW;AAChBb,IAAAA,IADgB;AAEhBC,IAAAA,QAFgB;AAGhBC,IAAAA,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;AAIhBN,IAAAA,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;AAKhBC,IAAAA,YALgB;AAMhBE,IAAAA,KAAK,EAAEA,KAAK,IAAI,2BANA;AAOhBQ,IAAAA,KAAK,EAAE,2BAPS;AAQhBT,IAAAA,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;AAShBE,IAAAA;AATgB,GAAX,CAAP;AAWD","sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuth, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuth): TokenParams {\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    ignoreSignature\n  } = sdk.options;\n  const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n  return removeNils({\n    pkce,\n    clientId,\n    redirectUri: redirectUri || defaultRedirectUri,\n    responseType: responseType || ['token', 'id_token'],\n    responseMode,\n    state: state || generateState(),\n    nonce: generateNonce(),\n    scopes: scopes || ['openid', 'email'],\n    ignoreSignature\n  });\n}"],"file":"defaultTokenParams.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAAoE;AACzE,QAAM;AACJC,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA;AARI,MASFR,GAAG,CAACS,OATR;AAUA,QAAMC,kBAAkB,GAAG,6BAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;AACA,SAAO,sBAAW;AAChBb,IAAAA,IADgB;AAEhBC,IAAAA,QAFgB;AAGhBC,IAAAA,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;AAIhBN,IAAAA,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;AAKhBC,IAAAA,YALgB;AAMhBE,IAAAA,KAAK,EAAEA,KAAK,IAAI,2BANA;AAOhBQ,IAAAA,KAAK,EAAE,2BAPS;AAQhBT,IAAAA,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;AAShBE,IAAAA;AATgB,GAAX,CAAP;AAWD","sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthInterface, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthInterface): TokenParams {\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    ignoreSignature\n  } = sdk.options;\n  const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n  return removeNils({\n    pkce,\n    clientId,\n    redirectUri: redirectUri || defaultRedirectUri,\n    responseType: responseType || ['token', 'id_token'],\n    responseMode,\n    state: state || generateState(),\n    nonce: generateNonce(),\n    scopes: scopes || ['openid', 'email'],\n    ignoreSignature\n  });\n}"],"file":"defaultTokenParams.js"}

package/cjs/oidc/util/errors.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,QAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAAiDL,KAAjD,EAA+D;AACpE,MAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;AACjC,WAAO,KAAP;AACD;;AACD,QAAMK,YAAY,GAAGN,KAArB,CAJoE,CAKpE;;AACA,QAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;AACA,QAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;AACA,SAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuth } from '../../types';\nimport { OAuthError, AuthApiError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n  if (error.name !== 'OAuthError') {\n    return false;\n  }\n  const oauthError = error as OAuthError;\n  return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuth, error: Error) {\n  if (error.name !== 'AuthApiError') {\n    return false;\n  }\n  const authApiError = error as AuthApiError;\n  // xhr property doesn't seem to match XMLHttpRequest type\n  const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n  const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n  return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n"],"file":"errors.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,QAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAA0DL,KAA1D,EAAwE;AAC7E,MAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;AACjC,WAAO,KAAP;AACD;;AACD,QAAMK,YAAY,GAAGN,KAArB,CAJ6E,CAK7E;;AACA,QAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;AACA,QAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;AACA,SAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthInterface } from '../../types';\nimport { OAuthError, AuthApiError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n  if (error.name !== 'OAuthError') {\n    return false;\n  }\n  const oauthError = error as OAuthError;\n  return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthInterface, error: Error) {\n  if (error.name !== 'AuthApiError') {\n    return false;\n  }\n  const authApiError = error as AuthApiError;\n  // xhr property doesn't seem to match XMLHttpRequest type\n  const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n  const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n  return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n"],"file":"errors.js"}

package/cjs/oidc/util/index.js

@@ -1,6 +1,8 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _Object$keys = require("@babel/runtime-corejs3/core-js-stable/object/keys");
+
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
 var _exportNames = {
   pkce: true
@@ -14,7 +16,7 @@ Object.defineProperty(exports, "pkce", {
 
 var _browser = require("./browser");
 
-Object.keys(_browser).forEach(function (key) {
+_Object$keys(_browser).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _browser[key]) return;
@@ -28,7 +30,7 @@ Object.keys(_browser).forEach(function (key) {
 
 var _defaultTokenParams = require("./defaultTokenParams");
 
-Object.keys(_defaultTokenParams).forEach(function (key) {
+_Object$keys(_defaultTokenParams).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _defaultTokenParams[key]) return;
@@ -42,7 +44,7 @@ Object.keys(_defaultTokenParams).forEach(function (key) {
 
 var _errors = require("./errors");
 
-Object.keys(_errors).forEach(function (key) {
+_Object$keys(_errors).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _errors[key]) return;
@@ -56,7 +58,7 @@ Object.keys(_errors).forEach(function (key) {
 
 var _loginRedirect = require("./loginRedirect");
 
-Object.keys(_loginRedirect).forEach(function (key) {
+_Object$keys(_loginRedirect).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _loginRedirect[key]) return;
@@ -70,7 +72,7 @@ Object.keys(_loginRedirect).forEach(function (key) {
 
 var _oauth = require("./oauth");
 
-Object.keys(_oauth).forEach(function (key) {
+_Object$keys(_oauth).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _oauth[key]) return;
@@ -82,11 +84,25 @@ Object.keys(_oauth).forEach(function (key) {
   });
 });
 
+var _oauthMeta = require("./oauthMeta");
+
+_Object$keys(_oauthMeta).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
+  if (key in exports && exports[key] === _oauthMeta[key]) return;
+  Object.defineProperty(exports, key, {
+    enumerable: true,
+    get: function () {
+      return _oauthMeta[key];
+    }
+  });
+});
+
 var _pkce = _interopRequireDefault(require("./pkce"));
 
 var _prepareTokenParams = require("./prepareTokenParams");
 
-Object.keys(_prepareTokenParams).forEach(function (key) {
+_Object$keys(_prepareTokenParams).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _prepareTokenParams[key]) return;
@@ -100,7 +116,7 @@ Object.keys(_prepareTokenParams).forEach(function (key) {
 
 var _refreshToken = require("./refreshToken");
 
-Object.keys(_refreshToken).forEach(function (key) {
+_Object$keys(_refreshToken).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _refreshToken[key]) return;
@@ -114,7 +130,7 @@ Object.keys(_refreshToken).forEach(function (key) {
 
 var _urlParams = require("./urlParams");
 
-Object.keys(_urlParams).forEach(function (key) {
+_Object$keys(_urlParams).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _urlParams[key]) return;
@@ -128,7 +144,7 @@ Object.keys(_urlParams).forEach(function (key) {
 
 var _validateClaims = require("./validateClaims");
 
-Object.keys(_validateClaims).forEach(function (key) {
+_Object$keys(_validateClaims).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _validateClaims[key]) return;
@@ -142,7 +158,7 @@ Object.keys(_validateClaims).forEach(function (key) {
 
 var _validateToken = require("./validateToken");
 
-Object.keys(_validateToken).forEach(function (key) {
+_Object$keys(_validateToken).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _validateToken[key]) return;

package/cjs/oidc/util/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAcA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAEA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAcA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAEA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}

package/cjs/oidc/util/loginRedirect.js

@@ -1,5 +1,7 @@
 "use strict";
 
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
 exports.hasTokensInHash = hasTokensInHash;
 exports.hasAuthorizationCode = hasAuthorizationCode;
 exports.hasInteractionCode = hasInteractionCode;
@@ -10,6 +12,8 @@ exports.getHashOrSearch = getHashOrSearch;
 exports.isLoginRedirect = isLoginRedirect;
 exports.isInteractionRequired = isInteractionRequired;
 
+var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
+
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -46,7 +50,12 @@ function hasErrorInUrl(hashOrSearch) {
 
 function isRedirectUri(uri, sdk) {
   var authParams = sdk.options;
-  return uri && uri.indexOf(authParams.redirectUri) === 0;
+
+  if (!uri || !authParams.redirectUri) {
+    return false;
+  }
+
+  return (0, _indexOf.default)(uri).call(uri, authParams.redirectUri) === 0;
 }
 
 function isCodeFlow(options) {

package/cjs/oidc/util/loginRedirect.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","indexOf","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":";;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA4D;AACjE,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;AACA,SAAOH,GAAG,IAAIA,GAAG,CAACI,OAAJ,CAAYF,UAAU,CAACG,WAAvB,MAAwC,CAAtD;AACD;;AAEM,SAASC,UAAT,CAAoBH,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACI,IAAR,IAAgBJ,OAAO,CAACK,YAAR,KAAyB,MAAzC,IAAmDL,OAAO,CAACM,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBP,OAAzB,EAAmD;AACxD,MAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAD,CAAzB;AACA,MAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBrB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASuB,eAAT,CAA0Bf,GAA1B,EAAyC;AAC9C;AACA,MAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBhB,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJ6C,CAM9C;;;AACA,MAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIe,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOsB,OAAP;AACD,GAjB6C,CAmB9C;;;AACA,SAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAP,CAAgBrB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAAS0B,qBAAT,CAAgClB,GAAhC,EAA+CL,YAA/C,EAAsE;AAC3E,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,CAACoB,eAAe,CAACf,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuth, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuth): boolean {\n  var authParams = sdk.options;\n  return uri && uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuth) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuth, hashOrSearch?: string) {\n  if (!hashOrSearch) { // web only\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n    hashOrSearch = getHashOrSearch(sdk.options);\n  }\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":";;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAAqE;AAC1E,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;;AACA,MAAI,CAACH,GAAD,IAAQ,CAACE,UAAU,CAACE,WAAxB,EAAqC;AACnC,WAAO,KAAP;AACD;;AACD,SAAO,sBAAAJ,GAAG,MAAH,CAAAA,GAAG,EAASE,UAAU,CAACE,WAApB,CAAH,KAAwC,CAA/C;AACD;;AAEM,SAASC,UAAT,CAAoBF,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACG,IAAR,IAAgBH,OAAO,CAACI,YAAR,KAAyB,MAAzC,IAAmDJ,OAAO,CAACK,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBN,OAAzB,EAAmD;AACxD,MAAIO,QAAQ,GAAGL,UAAU,CAACF,OAAD,CAAzB;AACA,MAAIQ,QAAQ,GAAGD,QAAQ,IAAIP,OAAO,CAACK,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBpB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASsB,eAAT,CAA0Bd,GAA1B,EAAkD;AACvD;AACA,MAAI,CAACF,aAAa,CAACa,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBf,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJsD,CAMvD;;;AACA,MAAIS,QAAQ,GAAGL,UAAU,CAACJ,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIc,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAItB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOqB,OAAP;AACD,GAjBsD,CAmBvD;;;AACA,SAAOzB,eAAe,CAACoB,MAAM,CAACC,QAAP,CAAgBpB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASyB,qBAAT,CAAgCjB,GAAhC,EAAwDL,YAAxD,EAA+E;AACpF,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,CAACmB,eAAe,CAACd,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthInterface, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthInterface): boolean {\n  var authParams = sdk.options;\n  if (!uri || !authParams.redirectUri) {\n    return false;\n  }\n  return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthInterface) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthInterface, hashOrSearch?: string) {\n  if (!hashOrSearch) { // web only\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n    hashOrSearch = getHashOrSearch(sdk.options);\n  }\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}

package/cjs/oidc/util/oauth.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 
 exports.generateState = generateState;
 exports.generateNonce = generateNonce;
@@ -8,6 +8,8 @@ exports.getOAuthBaseUrl = getOAuthBaseUrl;
 exports.getOAuthDomain = getOAuthDomain;
 exports.getOAuthUrls = getOAuthUrls;
 
+var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
+
 var _util = require("../../util");
 
 var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"));
@@ -41,7 +43,7 @@ function getIssuer(sdk, options = {}) {
 
 function getOAuthBaseUrl(sdk, options = {}) {
   const issuer = getIssuer(sdk, options);
-  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';
+  const baseUrl = (0, _indexOf.default)(issuer).call(issuer, '/oauth2') > 0 ? issuer : issuer + '/oauth2';
   return baseUrl;
 }
 

package/cjs/oidc/util/oauth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","indexOf","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAAkCC,OAAmB,GAAG,EAAxD,EAA4D;AAC1D,QAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAwCC,OAAmB,GAAG,EAA9D,EAAkE;AACvE,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMG,OAAO,GAAGF,MAAM,CAACG,OAAP,CAAe,SAAf,IAA4B,CAA5B,GAAgCH,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;;AAEM,SAASE,cAAT,CAAwBN,GAAxB,EAAuCC,OAAmB,GAAG,EAA7D,EAAiE;AACtE,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMM,MAAM,GAAGL,MAAM,CAACM,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBT,GAAtB,EAAqCC,OAArC,EAA2D;AAChE,MAAIS,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,UAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;AACD;;AACDX,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJgE,CAMhE;;AACA,MAAIY,YAAY,GAAG,+BAAoBZ,OAAO,CAACY,YAA5B,KAA6Cb,GAAG,CAACC,OAAJ,CAAYY,YAA5E;AACA,MAAIX,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;AACA,MAAIa,WAAW,GAAG,+BAAoBb,OAAO,CAACa,WAA5B,KAA4Cd,GAAG,CAACC,OAAJ,CAAYa,WAA1E;AACA,MAAIC,QAAQ,GAAG,+BAAoBd,OAAO,CAACc,QAA5B,KAAyCf,GAAG,CAACC,OAAJ,CAAYc,QAApE;AACA,MAAIC,SAAS,GAAG,+BAAoBf,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;AACA,MAAIC,SAAS,GAAG,+BAAoBhB,OAAO,CAACgB,SAA5B,KAA0CjB,GAAG,CAACC,OAAJ,CAAYgB,SAAtE;AAEA,MAAIb,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;AAEAY,EAAAA,YAAY,GAAGA,YAAY,IAAIT,OAAO,GAAG,eAAzC;AACAU,EAAAA,WAAW,GAAGA,WAAW,IAAIV,OAAO,GAAG,cAAvC;AACAW,EAAAA,QAAQ,GAAGA,QAAQ,IAAIX,OAAO,GAAG,WAAjC;AACAa,EAAAA,SAAS,GAAGA,SAAS,IAAIb,OAAO,GAAG,YAAnC;AACAY,EAAAA,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;AAEA,SAAO;AACLF,IAAAA,MAAM,EAAEA,MADH;AAELW,IAAAA,YAAY,EAAEA,YAFT;AAGLC,IAAAA,WAAW,EAAEA,WAHR;AAILC,IAAAA,QAAQ,EAAEA,QAJL;AAKLE,IAAAA,SAAS,EAAEA,SALN;AAMLD,IAAAA,SAAS,EAAEA;AANN,GAAP;AAQD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, CustomUrls } from '../../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuth, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuth, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuth, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuth, options?: CustomUrls) {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"file":"oauth.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAA2CC,OAAmB,GAAG,EAAjE,EAAqE;AACnE,QAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAiDC,OAAmB,GAAG,EAAvE,EAA2E;AAChF,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMG,OAAO,GAAG,sBAAAF,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBL,GAAxB,EAAgDC,OAAmB,GAAG,EAAtE,EAA0E;AAC/E,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMK,MAAM,GAAGJ,MAAM,CAACK,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBR,GAAtB,EAA8CC,OAA9C,EAAgF;AACrF,MAAIQ,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,UAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;AACD;;AACDV,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJqF,CAMrF;;AACA,MAAIW,YAAY,GAAG,+BAAoBX,OAAO,CAACW,YAA5B,KAA6CZ,GAAG,CAACC,OAAJ,CAAYW,YAA5E;AACA,MAAIV,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;AACA,MAAIY,WAAW,GAAG,+BAAoBZ,OAAO,CAACY,WAA5B,KAA4Cb,GAAG,CAACC,OAAJ,CAAYY,WAA1E;AACA,MAAIC,QAAQ,GAAG,+BAAoBb,OAAO,CAACa,QAA5B,KAAyCd,GAAG,CAACC,OAAJ,CAAYa,QAApE;AACA,MAAIC,SAAS,GAAG,+BAAoBd,OAAO,CAACc,SAA5B,KAA0Cf,GAAG,CAACC,OAAJ,CAAYc,SAAtE;AACA,MAAIC,SAAS,GAAG,+BAAoBf,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;AAEA,MAAIZ,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;AAEAW,EAAAA,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;AACAS,EAAAA,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;AACAU,EAAAA,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;AACAY,EAAAA,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;AACAW,EAAAA,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;AAEA,SAAO;AACLF,IAAAA,MAAM,EAAEA,MADH;AAELU,IAAAA,YAAY,EAAEA,YAFT;AAGLC,IAAAA,WAAW,EAAEA,WAHR;AAILC,IAAAA,QAAQ,EAAEA,QAJL;AAKLE,IAAAA,SAAS,EAAEA,SALN;AAMLD,IAAAA,SAAS,EAAEA;AANN,GAAP;AAQD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthInterface, options?: CustomUrls): CustomUrls {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"file":"oauth.js"}

package/cjs/oidc/util/oauthMeta.js

@@ -0,0 +1,36 @@
+"use strict";
+
+exports.createOAuthMeta = createOAuthMeta;
+
+var _oauth = require("./oauth");
+
+/* eslint-disable @typescript-eslint/no-non-null-assertion */
+function createOAuthMeta(sdk, tokenParams) {
+  const issuer = sdk.options.issuer;
+  const urls = (0, _oauth.getOAuthUrls)(sdk, tokenParams);
+  const oauthMeta = {
+    issuer,
+    urls,
+    clientId: tokenParams.clientId,
+    redirectUri: tokenParams.redirectUri,
+    responseType: tokenParams.responseType,
+    responseMode: tokenParams.responseMode,
+    scopes: tokenParams.scopes,
+    state: tokenParams.state,
+    nonce: tokenParams.nonce,
+    ignoreSignature: tokenParams.ignoreSignature
+  };
+
+  if (tokenParams.pkce === false) {
+    // Implicit flow or authorization_code without PKCE
+    return oauthMeta;
+  }
+
+  const pkceMeta = { ...oauthMeta,
+    codeVerifier: tokenParams.codeVerifier,
+    codeChallengeMethod: tokenParams.codeChallengeMethod,
+    codeChallenge: tokenParams.codeChallenge
+  };
+  return pkceMeta;
+}
+//# sourceMappingURL=oauthMeta.js.map

package/cjs/oidc/util/oauthMeta.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;AAC5C,QAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;AACA,QAAME,IAAI,GAAG,yBAAaJ,GAAb,EAAkBC,WAAlB,CAAb;AACA,QAAMI,SAA+B,GAAG;AACtCH,IAAAA,MADsC;AAEtCE,IAAAA,IAFsC;AAGtCE,IAAAA,QAAQ,EAAEL,WAAW,CAACK,QAHgB;AAItCC,IAAAA,WAAW,EAAEN,WAAW,CAACM,WAJa;AAKtCC,IAAAA,YAAY,EAAEP,WAAW,CAACO,YALY;AAMtCC,IAAAA,YAAY,EAAER,WAAW,CAACQ,YANY;AAOtCC,IAAAA,MAAM,EAAET,WAAW,CAACS,MAPkB;AAQtCC,IAAAA,KAAK,EAAEV,WAAW,CAACU,KARmB;AAStCC,IAAAA,KAAK,EAAEX,WAAW,CAACW,KATmB;AAUtCC,IAAAA,eAAe,EAAEZ,WAAW,CAACY;AAVS,GAAxC;;AAaA,MAAIZ,WAAW,CAACa,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOT,SAAP;AACD;;AAED,QAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;AAEpCW,IAAAA,YAAY,EAAEf,WAAW,CAACe,YAFU;AAGpCC,IAAAA,mBAAmB,EAAEhB,WAAW,CAACgB,mBAHG;AAIpCC,IAAAA,aAAa,EAAEjB,WAAW,CAACiB;AAJS,GAAtC;AAOA,SAAOH,QAAP;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n  sdk: OktaAuthInterface, \n  tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n  const issuer = sdk.options.issuer!;\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const oauthMeta: OAuthTransactionMeta = {\n    issuer,\n    urls,\n    clientId: tokenParams.clientId!,\n    redirectUri: tokenParams.redirectUri!,\n    responseType: tokenParams.responseType!,\n    responseMode: tokenParams.responseMode!,\n    scopes: tokenParams.scopes!,\n    state: tokenParams.state!,\n    nonce: tokenParams.nonce!,\n    ignoreSignature: tokenParams.ignoreSignature!,\n  };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return oauthMeta;\n  }\n\n  const pkceMeta: PKCETransactionMeta = {\n    ...oauthMeta,\n    codeVerifier: tokenParams.codeVerifier!,\n    codeChallengeMethod: tokenParams.codeChallengeMethod!,\n    codeChallenge: tokenParams.codeChallenge!,\n  };\n\n  return pkceMeta;\n}\n"],"file":"oauthMeta.js"}

package/cjs/oidc/util/pkce.js

@@ -1,7 +1,13 @@
 "use strict";
 
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
+
 exports.default = void 0;
 
+var _from = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/array/from"));
+
+var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
+
 var _crypto = require("../../crypto");
 
 var _constants = require("../../constants");
@@ -29,18 +35,20 @@ function getRandomString(length) {
 
   _crypto.webcrypto.getRandomValues(a);
 
-  var str = Array.from(a, dec2hex).join('');
-  return str.slice(0, length);
+  var str = (0, _from.default)(a, dec2hex).join('');
+  return (0, _slice.default)(str).call(str, 0, length);
 }
 
 function generateVerifier(prefix) {
+  var _context;
+
   var verifier = prefix || '';
 
   if (verifier.length < _constants.MIN_VERIFIER_LENGTH) {
     verifier = verifier + getRandomString(_constants.MIN_VERIFIER_LENGTH - verifier.length);
   }
 
-  return encodeURIComponent(verifier).slice(0, _constants.MAX_VERIFIER_LENGTH);
+  return (0, _slice.default)(_context = encodeURIComponent(verifier)).call(_context, 0, _constants.MAX_VERIFIER_LENGTH);
 }
 
 function computeChallenge(str) {

package/cjs/oidc/util/pkce.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","Array","from","join","slice","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"mappings":";;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAKD,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;AACAK,oBAAUC,eAAV,CAA0BL,CAA1B;;AACA,MAAIM,GAAG,GAAGC,KAAK,CAACC,IAAN,CAAWR,CAAX,EAAcN,OAAd,EAAuBe,IAAvB,CAA4B,EAA5B,CAAV;AACA,SAAOH,GAAG,CAACI,KAAJ,CAAU,CAAV,EAAaX,MAAb,CAAP;AACD;;AAED,SAASY,gBAAT,CAA0BC,MAA1B,EAAmD;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,CAACd,MAAT,GAAkBe,8BAAtB,EAA2C;AACzCD,IAAAA,QAAQ,GAAGA,QAAQ,GAAGf,eAAe,CAACgB,iCAAsBD,QAAQ,CAACd,MAAhC,CAArC;AACD;;AACD,SAAOgB,kBAAkB,CAACF,QAAD,CAAlB,CAA6BH,KAA7B,CAAmC,CAAnC,EAAsCM,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BX,GAA1B,EAAyD;AACvD,MAAIY,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBd,GAAzB,CAAb;AACA,SAAOF,kBAAUiB,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAI3B,UAAJ,CAAeuB,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;eAEc;AACbC,EAAAA,6BAA6B,EAA7BA,wCADa;AAEbnB,EAAAA,gBAFa;AAGbM,EAAAA;AAHa,C","sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport { webcrypto } from '../../crypto';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"file":"pkce.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;AACAK,oBAAUC,eAAV,CAA0BL,CAA1B;;AACA,MAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;AACA,SAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;AAAA;;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;AACzCD,IAAAA,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,iCAAsBD,QAAQ,CAACX,MAAhC,CAArC;AACD;;AACD,SAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;AACvD,MAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;AACA,SAAOF,kBAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;eAEc;AACbC,EAAAA,6BAA6B,EAA7BA,wCADa;AAEbnB,EAAAA,gBAFa;AAGbM,EAAAA;AAHa,C","sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"file":"pkce.js"}