@okta/okta-auth-js 5.4.2 → 5.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +60 -5
- package/README.md +66 -977
- package/cjs/AuthStateManager.js +5 -0
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +32 -11
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/StorageManager.js +8 -0
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TransactionManager.js +32 -4
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +5 -5
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/builderUtil.js +6 -0
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/constants.js +3 -1
- package/cjs/constants.js.map +1 -1
- package/cjs/fetch/fetchRequest.js +10 -3
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/request.js +4 -0
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/remediate.js +33 -23
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +7 -7
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +13 -7
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +6 -6
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +18 -14
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +14 -0
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/Identify.js +5 -2
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/transactionMeta.js +3 -1
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +17 -6
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/index.js +6 -6
- package/cjs/index.js.map +1 -1
- package/cjs/oidc/getToken.js +14 -9
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getWithPopup.js +9 -2
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +6 -2
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js +59 -20
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewTokens.js +28 -5
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/util/browser.js +1 -13
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +8 -6
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/options.js +3 -0
- package/cjs/options.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +1 -3
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/api.js +3 -0
- package/cjs/tx/api.js.map +1 -1
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/util/sharedStorage.js +54 -0
- package/cjs/util/sharedStorage.js.map +1 -0
- package/dist/okta-auth-js.min.js +8 -8
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.umd.js +8 -8
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/AuthStateManager.js +5 -0
- package/esm/AuthStateManager.js.map +1 -1
- package/esm/OktaAuth.js +32 -12
- package/esm/OktaAuth.js.map +1 -1
- package/esm/OktaUserAgent.js +2 -2
- package/esm/StorageManager.js +9 -1
- package/esm/StorageManager.js.map +1 -1
- package/esm/TransactionManager.js +31 -4
- package/esm/TransactionManager.js.map +1 -1
- package/esm/browser/browserStorage.js +5 -5
- package/esm/browser/browserStorage.js.map +1 -1
- package/esm/builderUtil.js +6 -0
- package/esm/builderUtil.js.map +1 -1
- package/esm/constants.js +1 -0
- package/esm/constants.js.map +1 -1
- package/esm/fetch/fetchRequest.js +10 -3
- package/esm/fetch/fetchRequest.js.map +1 -1
- package/esm/http/request.js +4 -0
- package/esm/http/request.js.map +1 -1
- package/esm/idx/remediate.js +41 -29
- package/esm/idx/remediate.js.map +1 -1
- package/esm/idx/remediators/Base/AuthenticatorData.js +7 -7
- package/esm/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/esm/idx/remediators/Base/Remediator.js +13 -8
- package/esm/idx/remediators/Base/Remediator.js.map +1 -1
- package/esm/idx/remediators/Base/SelectAuthenticator.js +6 -6
- package/esm/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/esm/idx/remediators/Base/VerifyAuthenticator.js +18 -15
- package/esm/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/esm/idx/remediators/EnrollProfile.js +21 -4
- package/esm/idx/remediators/EnrollProfile.js.map +1 -1
- package/esm/idx/remediators/Identify.js +4 -2
- package/esm/idx/remediators/Identify.js.map +1 -1
- package/esm/idx/remediators/ReEnrollAuthenticator.js +1 -1
- package/esm/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/esm/idx/transactionMeta.js +3 -1
- package/esm/idx/transactionMeta.js.map +1 -1
- package/esm/idx/types/idx-js.js.map +1 -1
- package/esm/idx/types/index.js +15 -5
- package/esm/idx/types/index.js.map +1 -1
- package/esm/index.js +2 -2
- package/esm/index.js.map +1 -1
- package/esm/oidc/getToken.js +15 -10
- package/esm/oidc/getToken.js.map +1 -1
- package/esm/oidc/getWithPopup.js +8 -2
- package/esm/oidc/getWithPopup.js.map +1 -1
- package/esm/oidc/getWithRedirect.js +6 -2
- package/esm/oidc/getWithRedirect.js.map +1 -1
- package/esm/oidc/parseFromUrl.js +59 -17
- package/esm/oidc/parseFromUrl.js.map +1 -1
- package/esm/oidc/renewTokens.js +27 -5
- package/esm/oidc/renewTokens.js.map +1 -1
- package/esm/oidc/util/browser.js +1 -12
- package/esm/oidc/util/browser.js.map +1 -1
- package/esm/oidc/util/validateClaims.js +8 -6
- package/esm/oidc/util/validateClaims.js.map +1 -1
- package/esm/options.js +3 -0
- package/esm/options.js.map +1 -1
- package/esm/tx/AuthTransaction.js +1 -3
- package/esm/tx/AuthTransaction.js.map +1 -1
- package/esm/tx/api.js +3 -0
- package/esm/tx/api.js.map +1 -1
- package/esm/types/Transaction.js.map +1 -1
- package/esm/util/sharedStorage.js +43 -0
- package/esm/util/sharedStorage.js.map +1 -0
- package/lib/AuthStateManager.d.ts +4 -2
- package/lib/OktaAuth.d.ts +3 -2
- package/lib/StorageManager.d.ts +1 -0
- package/lib/TransactionManager.d.ts +1 -0
- package/lib/constants.d.ts +1 -0
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +2 -5
- package/lib/idx/remediators/Base/Remediator.d.ts +3 -6
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +3 -6
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +1 -1
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -0
- package/lib/idx/remediators/Identify.d.ts +1 -5
- package/lib/idx/types/idx-js.d.ts +1 -0
- package/lib/idx/types/index.d.ts +19 -9
- package/lib/index.d.ts +2 -1
- package/lib/oidc/getToken.d.ts +2 -2
- package/lib/oidc/parseFromUrl.d.ts +4 -1
- package/lib/oidc/renewTokens.d.ts +0 -12
- package/lib/types/AuthState.d.ts +1 -0
- package/lib/types/OktaAuthOptions.d.ts +2 -1
- package/lib/types/Storage.d.ts +3 -0
- package/lib/types/Transaction.d.ts +5 -1
- package/lib/types/api.d.ts +9 -4
- package/lib/types/http.d.ts +1 -0
- package/lib/util/sharedStorage.d.ts +6 -0
- package/package.json +5 -4
package/esm/index.js
CHANGED
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
11
11
|
*
|
|
12
12
|
*/
|
|
13
|
+
import * as crypto from './crypto';
|
|
13
14
|
export { default as OktaAuth } from './OktaAuth';
|
|
14
15
|
export * from './constants';
|
|
15
16
|
export * from './types';
|
|
@@ -21,6 +22,5 @@ export * from './TransactionManager';
|
|
|
21
22
|
export * from './TokenManager';
|
|
22
23
|
export * from './AuthStateManager';
|
|
23
24
|
export * from './util';
|
|
24
|
-
|
|
25
|
-
export { _crypto as crypto };
|
|
25
|
+
export { crypto };
|
|
26
26
|
//# sourceMappingURL=index.js.map
|
package/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../lib/index.ts"],"names":["
|
|
1
|
+
{"version":3,"sources":["../../lib/index.ts"],"names":["crypto","default","OktaAuth"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,OAAO,KAAKA,MAAZ,MAAwB,UAAxB;AAEA,SAASC,OAAO,IAAIC,QAApB,QAAoC,YAApC;AACA,cAAc,aAAd;AACA,cAAc,SAAd;AACA,cAAc,MAAd;AACA,cAAc,UAAd;AACA,cAAc,QAAd;AACA,cAAc,kBAAd;AACA,cAAc,sBAAd;AACA,cAAc,gBAAd;AACA,cAAc,oBAAd;AACA,cAAc,QAAd;AACA,SAASF,MAAT","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport * as crypto from './crypto';\n\nexport { default as OktaAuth } from './OktaAuth';\nexport * from './constants';\nexport * from './types';\nexport * from './tx';\nexport * from './errors';\nexport * from './oidc';\nexport * from './StorageManager';\nexport * from './TransactionManager';\nexport * from './TokenManager';\nexport * from './AuthStateManager';\nexport * from './util';\nexport { crypto };\n"],"file":"index.js"}
|
package/esm/oidc/getToken.js
CHANGED
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
15
15
|
*
|
|
16
16
|
*/
|
|
17
|
-
import { getOAuthUrls, loadFrame
|
|
17
|
+
import { getOAuthUrls, loadFrame } from './util';
|
|
18
18
|
import AuthSdkError from '../errors/AuthSdkError';
|
|
19
19
|
import { prepareTokenParams } from './util/prepareTokenParams';
|
|
20
20
|
import { buildAuthorizeParams } from './endpoints/authorize';
|
|
@@ -76,7 +76,11 @@ export function getToken(sdk, options) {
|
|
|
76
76
|
return Promise.reject(new AuthSdkError('As of version 3.0, "getToken" takes only a single set of options'));
|
|
77
77
|
}
|
|
78
78
|
|
|
79
|
-
options = options || {};
|
|
79
|
+
options = options || {}; // window object cannot be serialized, save for later use
|
|
80
|
+
// TODO: move popup related params into a separate options object
|
|
81
|
+
|
|
82
|
+
var popupWindow = options.popupWindow;
|
|
83
|
+
options.popupWindow = undefined;
|
|
80
84
|
return prepareTokenParams(sdk, options).then(function (tokenParams) {
|
|
81
85
|
// Start overriding any options that don't make sense
|
|
82
86
|
var sessionTokenOverrides = {
|
|
@@ -135,17 +139,18 @@ export function getToken(sdk, options) {
|
|
|
135
139
|
}
|
|
136
140
|
|
|
137
141
|
oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);
|
|
138
|
-
} //
|
|
142
|
+
} // Redirect for authorization
|
|
143
|
+
// popupWindown can be null when popup is blocked
|
|
144
|
+
|
|
139
145
|
|
|
146
|
+
if (popupWindow) {
|
|
147
|
+
popupWindow.location.assign(requestUrl);
|
|
148
|
+
} // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
|
|
140
149
|
|
|
141
|
-
var windowOptions = {
|
|
142
|
-
popupTitle: options.popupTitle
|
|
143
|
-
};
|
|
144
|
-
var windowEl = loadPopup(requestUrl, windowOptions); // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
|
|
145
150
|
|
|
146
151
|
var popupPromise = new Promise(function (resolve, reject) {
|
|
147
152
|
var closePoller = setInterval(function () {
|
|
148
|
-
if (!
|
|
153
|
+
if (!popupWindow || popupWindow.closed) {
|
|
149
154
|
clearInterval(closePoller);
|
|
150
155
|
reject(new AuthSdkError('Unable to parse OAuth flow response'));
|
|
151
156
|
}
|
|
@@ -162,8 +167,8 @@ export function getToken(sdk, options) {
|
|
|
162
167
|
return popupPromise.then(function (res) {
|
|
163
168
|
return handleOAuthResponse(sdk, tokenParams, res, urls);
|
|
164
169
|
}).finally(function () {
|
|
165
|
-
if (
|
|
166
|
-
|
|
170
|
+
if (popupWindow && !popupWindow.closed) {
|
|
171
|
+
popupWindow.close();
|
|
167
172
|
}
|
|
168
173
|
});
|
|
169
174
|
|
package/esm/oidc/getToken.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getOAuthUrls","loadFrame","loadPopup","AuthSdkError","prepareTokenParams","buildAuthorizeParams","addPostMessageListener","handleOAuthResponse","getToken","sdk","options","arguments","length","Promise","reject","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","windowOptions","popupTitle","windowEl","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":"AACA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SACEA,YADF,EAEEC,SAFF,EAGEC,SAHF,QAIO,QAJP;AAMA,OAAOC,YAAP,MAAyB,wBAAzB;AAOA,SAASC,kBAAT,QAAmC,2BAAnC;AACA,SAASC,oBAAT,QAAqC,uBAArC;AACA,SAASC,sBAAT,QAAuC,QAAvC;AACA,SAASC,mBAAT,QAAoC,uBAApC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA,OAAO,SAASC,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAuD;AAC5D,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AAEA,SAAON,kBAAkB,CAACK,GAAD,EAAMC,OAAN,CAAlB,CACJK,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIV,OAAO,CAACY,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIP,OAAO,CAACe,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG5B,YAAY,CAACS,GAAD,EAAMO,WAAN,CAAnB;AACAW,IAAAA,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAGtB,oBAAoB,CAACW,WAAD,CAA5C,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG3B,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAACwB,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAA1C;AACA,YAAIC,QAAQ,GAAGnC,SAAS,CAACyB,UAAD,CAAxB;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO9B,mBAAmB,CAACE,GAAD,EAAMO,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACV,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAI3C,YAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACDyC,UAAAA,YAAY,GAAGtC,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAACwB,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAArC;AACD,SAVH,CAYE;;;AACA,YAAIY,aAAa,GAAG;AAClBC,UAAAA,UAAU,EAAEtC,OAAO,CAACsC;AADF,SAApB;AAGA,YAAIC,QAAQ,GAAG/C,SAAS,CAACwB,UAAD,EAAaqB,aAAb,CAAxB,CAhBF,CAkBE;;AACA,YAAIG,YAAY,GAAG,IAAIrC,OAAJ,CAAY,UAAUsC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACJ,QAAD,IAAaA,QAAQ,CAACK,MAA1B,EAAkC;AAChCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIX,YAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACAyC,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBkB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACd,GAAD,CAAP;AACD,WAJH,EAKGmB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBnC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO9B,mBAAmB,CAACE,GAAD,EAAMO,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIW,QAAQ,IAAI,CAACA,QAAQ,CAACK,MAA1B,EAAkC;AAChCL,YAAAA,QAAQ,CAACS,KAAT;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAIvD,YAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n loadPopup,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Create the window\n var windowOptions = {\n popupTitle: options.popupTitle\n };\n var windowEl = loadPopup(requestUrl, windowOptions);\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!windowEl || windowEl.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (windowEl && !windowEl.closed) {\n windowEl.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getOAuthUrls","loadFrame","AuthSdkError","prepareTokenParams","buildAuthorizeParams","addPostMessageListener","handleOAuthResponse","getToken","sdk","options","arguments","length","Promise","reject","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":"AACA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SACEA,YADF,EAEEC,SAFF,QAGO,QAHP;AAKA,OAAOC,YAAP,MAAyB,wBAAzB;AAQA,SAASC,kBAAT,QAAmC,2BAAnC;AACA,SAASC,oBAAT,QAAqC,uBAArC;AACA,SAASC,sBAAT,QAAuC,QAAvC;AACA,SAASC,mBAAT,QAAoC,uBAApC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA,OAAO,SAASC,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,MAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;AACAL,EAAAA,OAAO,CAACK,WAAR,GAAsBC,SAAtB;AAEA,SAAOZ,kBAAkB,CAACK,GAAD,EAAMC,OAAN,CAAlB,CACJO,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIZ,OAAO,CAACc,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIT,OAAO,CAACiB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG7B,YAAY,CAACQ,GAAD,EAAMS,WAAN,CAAnB;AACAW,IAAAA,QAAQ,GAAGnB,OAAO,CAACqB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAGxB,oBAAoB,CAACa,WAAD,CAA5C,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG7B,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAAC0B,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAA1C;AACA,YAAIC,QAAQ,GAAGpC,SAAS,CAAC0B,UAAD,CAAxB;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAOhC,mBAAmB,CAACE,GAAD,EAAMS,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACZ,GAAG,CAACsC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAI7C,YAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD2C,UAAAA,YAAY,GAAGxC,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAAC0B,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAArC;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAIrC,OAAJ,CAAY,UAAUsC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIX,YAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA2C,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAOhC,mBAAmB,CAACE,GAAD,EAAMS,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAIvD,YAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n PopupParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
|
package/esm/oidc/getWithPopup.js
CHANGED
|
@@ -13,15 +13,21 @@
|
|
|
13
13
|
import { AuthSdkError } from '../errors';
|
|
14
14
|
import { clone } from '../util';
|
|
15
15
|
import { getToken } from './getToken';
|
|
16
|
+
import { loadPopup } from './util';
|
|
16
17
|
export function getWithPopup(sdk, options) {
|
|
17
18
|
if (arguments.length > 2) {
|
|
18
19
|
return Promise.reject(new AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
|
|
19
|
-
}
|
|
20
|
+
} // some browsers (safari, firefox) block popup if it's initialed from an async process
|
|
21
|
+
// here we create the popup window immediately after user interaction
|
|
22
|
+
// then redirect to the /authorize endpoint when the requestUrl is available
|
|
20
23
|
|
|
24
|
+
|
|
25
|
+
var popupWindow = loadPopup('/', options);
|
|
21
26
|
options = clone(options) || {};
|
|
22
27
|
Object.assign(options, {
|
|
23
28
|
display: 'popup',
|
|
24
|
-
responseMode: 'okta_post_message'
|
|
29
|
+
responseMode: 'okta_post_message',
|
|
30
|
+
popupWindow
|
|
25
31
|
});
|
|
26
32
|
return getToken(sdk, options);
|
|
27
33
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["AuthSdkError","clone","getToken","getWithPopup","sdk","options","arguments","length","Promise","reject","Object","assign","display","responseMode"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,QAAT,QAAyB,YAAzB;AAEA,OAAO,SAASC,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["AuthSdkError","clone","getToken","loadPopup","getWithPopup","sdk","options","arguments","length","Promise","reject","popupWindow","Object","assign","display","responseMode"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,QAAT,QAAyB,YAAzB;AACA,SAASC,SAAT,QAA0B,QAA1B;AAEA,OAAO,SAASC,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIV,YAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHuF,CAKxF;AACA;AACA;;;AACA,MAAMW,WAAW,GAAGR,SAAS,CAAC,GAAD,EAAMG,OAAN,CAA7B;AACAA,EAAAA,OAAO,GAAGL,KAAK,CAACK,OAAD,CAAL,IAAkB,EAA5B;AACAM,EAAAA,MAAM,CAACC,MAAP,CAAcP,OAAd,EAAuB;AACrBQ,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBJ,IAAAA;AAHqB,GAAvB;AAKA,SAAOT,QAAQ,CAACG,GAAD,EAAMC,OAAN,CAAf;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
|
|
@@ -36,7 +36,10 @@ export function getWithRedirect(sdk, options) {
|
|
|
36
36
|
codeVerifier,
|
|
37
37
|
codeChallenge,
|
|
38
38
|
codeChallengeMethod
|
|
39
|
-
} = tokenParams;
|
|
39
|
+
} = tokenParams; // Also store the originalUri (if any) in the transaction meta.
|
|
40
|
+
// This is needed to support continue flow in another tab.
|
|
41
|
+
|
|
42
|
+
var originalUri = sdk.getOriginalUri();
|
|
40
43
|
var oauthMeta = {
|
|
41
44
|
issuer,
|
|
42
45
|
responseType,
|
|
@@ -49,7 +52,8 @@ export function getWithRedirect(sdk, options) {
|
|
|
49
52
|
redirectUri,
|
|
50
53
|
codeVerifier,
|
|
51
54
|
codeChallenge,
|
|
52
|
-
codeChallengeMethod
|
|
55
|
+
codeChallengeMethod,
|
|
56
|
+
originalUri
|
|
53
57
|
};
|
|
54
58
|
sdk.transactionManager.save(oauthMeta, {
|
|
55
59
|
oauth: true
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["AuthSdkError","clone","getOAuthUrls","prepareTokenParams","buildAuthorizeParams","getWithRedirect","sdk","options","arguments","length","Promise","reject","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,YAAT,EAAuBC,kBAAvB,QAAiD,QAAjD;AACA,SAASC,oBAAT,QAAqC,uBAArC;AAEA,OAAO,SAASC,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGN,KAAK,CAACM,OAAD,CAAL,IAAkB,EAA5B;AAEA,SAAOJ,kBAAkB,CAACG,GAAD,EAAMC,OAAN,CAAlB,CACJK,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,QAAMC,IAAI,GAAGZ,YAAY,CAACI,GAAD,EAAMC,OAAN,CAAzB;AACA,QAAMQ,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoBZ,oBAAoB,CAACS,WAAD,CAA3D;AACA,QAAMI,MAAM,GAAGX,GAAG,CAACC,OAAJ,CAAYU,MAA3B,CAHwC,CAKxC;;AACA,QAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ;
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["AuthSdkError","clone","getOAuthUrls","prepareTokenParams","buildAuthorizeParams","getWithRedirect","sdk","options","arguments","length","Promise","reject","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","originalUri","getOriginalUri","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,YAAT,EAAuBC,kBAAvB,QAAiD,QAAjD;AACA,SAASC,oBAAT,QAAqC,uBAArC;AAEA,OAAO,SAASC,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGN,KAAK,CAACM,OAAD,CAAL,IAAkB,EAA5B;AAEA,SAAOJ,kBAAkB,CAACG,GAAD,EAAMC,OAAN,CAAlB,CACJK,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,QAAMC,IAAI,GAAGZ,YAAY,CAACI,GAAD,EAAMC,OAAN,CAAzB;AACA,QAAMQ,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoBZ,oBAAoB,CAACS,WAAD,CAA3D;AACA,QAAMI,MAAM,GAAGX,GAAG,CAACC,OAAJ,CAAYU,MAA3B,CAHwC,CAKxC;;AACA,QAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ,CANwC,CAmBxC;AACA;;AACA,QAAMe,WAAW,GAAGtB,GAAG,CAACuB,cAAJ,EAApB;AAEA,QAAMC,SAA0B,GAAG;AACjCb,MAAAA,MADiC;AAEjCC,MAAAA,YAFiC;AAGjCC,MAAAA,KAHiC;AAIjCC,MAAAA,KAJiC;AAKjCC,MAAAA,MALiC;AAMjCC,MAAAA,QANiC;AAOjCR,MAAAA,IAPiC;AAQjCS,MAAAA,eARiC;AASjCC,MAAAA,WATiC;AAUjCC,MAAAA,YAViC;AAWjCC,MAAAA,aAXiC;AAYjCC,MAAAA,mBAZiC;AAajCC,MAAAA;AAbiC,KAAnC;AAgBAtB,IAAAA,GAAG,CAACyB,kBAAJ,CAAuBC,IAAvB,CAA4BF,SAA5B,EAAuC;AAAEG,MAAAA,KAAK,EAAE;AAAT,KAAvC;;AACA3B,IAAAA,GAAG,CAAC4B,KAAJ,CAAU7B,eAAV,CAA0B8B,YAA1B,CAAuCpB,UAAvC;AACD,GA1CI,CAAP;AA2CD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TransactionMeta } from '../types';\nimport { clone } from '../util';\nimport { getOAuthUrls, prepareTokenParams } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function getWithRedirect(sdk: OktaAuth, options: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n const urls = getOAuthUrls(sdk, options);\n const requestUrl = urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n const issuer = sdk.options.issuer;\n\n // Gather the values we want to save in the transaction\n const {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n } = tokenParams;\n\n // Also store the originalUri (if any) in the transaction meta.\n // This is needed to support continue flow in another tab.\n const originalUri = sdk.getOriginalUri();\n\n const oauthMeta: TransactionMeta = {\n issuer,\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n originalUri,\n };\n\n sdk.transactionManager.save(oauthMeta, { oauth: true });\n sdk.token.getWithRedirect._setLocation(requestUrl);\n });\n}\n"],"file":"getWithRedirect.js"}
|
package/esm/oidc/parseFromUrl.js
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
|
|
2
|
+
|
|
1
3
|
/* eslint-disable complexity */
|
|
2
4
|
|
|
3
5
|
/*!
|
|
@@ -45,7 +47,13 @@ function removeSearch(sdk) {
|
|
|
45
47
|
}
|
|
46
48
|
}
|
|
47
49
|
|
|
48
|
-
export function
|
|
50
|
+
export function getResponseMode(sdk) {
|
|
51
|
+
// https://openid.net/specs/openid-connect-core-1_0.html#Authentication
|
|
52
|
+
var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
|
|
53
|
+
var responseMode = sdk.options.responseMode || defaultResponseMode;
|
|
54
|
+
return responseMode;
|
|
55
|
+
}
|
|
56
|
+
export function parseOAuthResponseFromUrl(sdk, options) {
|
|
49
57
|
options = options || {};
|
|
50
58
|
|
|
51
59
|
if (isString(options)) {
|
|
@@ -54,12 +62,10 @@ export function parseFromUrl(sdk, options) {
|
|
|
54
62
|
};
|
|
55
63
|
} else {
|
|
56
64
|
options = options;
|
|
57
|
-
}
|
|
58
|
-
|
|
65
|
+
}
|
|
59
66
|
|
|
60
|
-
var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
|
|
61
67
|
var url = options.url;
|
|
62
|
-
var responseMode = options.responseMode || sdk
|
|
68
|
+
var responseMode = options.responseMode || getResponseMode(sdk);
|
|
63
69
|
|
|
64
70
|
var nativeLoc = sdk.token.parseFromUrl._getLocation();
|
|
65
71
|
|
|
@@ -72,31 +78,67 @@ export function parseFromUrl(sdk, options) {
|
|
|
72
78
|
}
|
|
73
79
|
|
|
74
80
|
if (!paramStr) {
|
|
75
|
-
|
|
81
|
+
throw new AuthSdkError('Unable to parse a token from the url');
|
|
76
82
|
}
|
|
77
83
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
var
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
84
|
+
return urlParamsToObject(paramStr);
|
|
85
|
+
}
|
|
86
|
+
export function cleanOAuthResponseFromUrl(sdk, options) {
|
|
87
|
+
// Clean hash or search from the url
|
|
88
|
+
var responseMode = options.responseMode || getResponseMode(sdk);
|
|
89
|
+
responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);
|
|
90
|
+
}
|
|
91
|
+
export function parseFromUrl(_x, _x2) {
|
|
92
|
+
return _parseFromUrl.apply(this, arguments);
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
function _parseFromUrl() {
|
|
96
|
+
_parseFromUrl = _asyncToGenerator(function* (sdk, options) {
|
|
97
|
+
options = options || {};
|
|
98
|
+
|
|
99
|
+
if (isString(options)) {
|
|
100
|
+
options = {
|
|
101
|
+
url: options
|
|
102
|
+
};
|
|
103
|
+
} else {
|
|
104
|
+
options = options;
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
var res = parseOAuthResponseFromUrl(sdk, options);
|
|
108
|
+
var state = res.state;
|
|
109
|
+
var oauthParams = sdk.transactionManager.load({
|
|
110
|
+
oauth: true,
|
|
111
|
+
pkce: sdk.options.pkce,
|
|
112
|
+
state
|
|
113
|
+
});
|
|
114
|
+
|
|
115
|
+
if (!oauthParams) {
|
|
116
|
+
return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
var urls = oauthParams.urls;
|
|
120
|
+
delete oauthParams.urls;
|
|
121
|
+
|
|
122
|
+
if (!options.url) {
|
|
86
123
|
// Clean hash or search from the url
|
|
87
|
-
|
|
124
|
+
cleanOAuthResponseFromUrl(sdk, options);
|
|
88
125
|
}
|
|
89
126
|
|
|
90
127
|
return handleOAuthResponse(sdk, oauthParams, res, urls).catch(err => {
|
|
91
128
|
if (!isInteractionRequiredError(err)) {
|
|
92
|
-
sdk.transactionManager.clear(
|
|
129
|
+
sdk.transactionManager.clear({
|
|
130
|
+
state
|
|
131
|
+
});
|
|
93
132
|
}
|
|
94
133
|
|
|
95
134
|
throw err;
|
|
96
135
|
}).then(res => {
|
|
97
|
-
sdk.transactionManager.clear(
|
|
136
|
+
sdk.transactionManager.clear({
|
|
137
|
+
state
|
|
138
|
+
});
|
|
98
139
|
return res;
|
|
99
140
|
});
|
|
100
141
|
});
|
|
142
|
+
return _parseFromUrl.apply(this, arguments);
|
|
101
143
|
}
|
|
102
144
|
//# sourceMappingURL=parseFromUrl.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["AuthSdkError","isInteractionRequiredError","urlParamsToObject","isString","handleOAuthResponse","removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["AuthSdkError","isInteractionRequiredError","urlParamsToObject","isString","handleOAuthResponse","removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","indexOf","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","Promise","reject","urls","catch","err","clear","then"],"mappings":";;AAAA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AACA,SAASC,0BAAT,EAAqCC,iBAArC,QAA8D,QAA9D;AAQA,SAASC,QAAT,QAAyB,SAAzB;AACA,SAASC,mBAAT,QAAoC,uBAApC;;AAEA,SAASC,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAED,OAAO,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;AACzD;AACA,MAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AACA,MAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;AACA,SAAOG,YAAP;AACD;AAED,OAAO,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;AACnGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAIpB,QAAQ,CAACoB,OAAD,CAAZ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,MAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;AACA,MAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;AACA,MAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIc,QAAJ;;AAEA,MAAIH,YAAY,KAAK,OAArB,EAA8B;AAC5BG,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLU,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACS,QAAL,EAAe;AACb,UAAM,IAAI5B,YAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,SAAOE,iBAAiB,CAAC0B,QAAD,CAAxB;AACD;AAED,OAAO,SAASG,yBAAT,CAAmCzB,GAAnC,EAAwCiB,OAAxC,EAAsE;AAC3E;AACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;AACAmB,EAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;AAED,gBAAsBG,YAAtB;AAAA;AAAA;;;oCAAO,WAA4BH,GAA5B,EAAiCiB,OAAjC,EAAgG;AACrGA,IAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,QAAIpB,QAAQ,CAACoB,OAAD,CAAZ,EAAuB;AACrBA,MAAAA,OAAO,GAAG;AAAEI,QAAAA,GAAG,EAAEJ;AAAP,OAAV;AACD,KAFD,MAEO;AACLA,MAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,QAAMS,GAAkB,GAAGN,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;AACA,QAAMU,KAAK,GAAGD,GAAG,CAACC,KAAlB;AACA,QAAMC,WAA4B,GAAG5B,GAAG,CAAC6B,kBAAJ,CAAuBC,IAAvB,CAA4B;AAC/DC,MAAAA,KAAK,EAAE,IADwD;AAE/Db,MAAAA,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;AAG/DS,MAAAA;AAH+D,KAA5B,CAArC;;AAKA,QAAI,CAACC,WAAL,EAAkB;AAChB,aAAOI,OAAO,CAACC,MAAR,CAAe,IAAIvC,YAAJ,CAAiB,uDAAjB,CAAf,CAAP;AACD;;AACD,QAAMwC,IAAgB,GAAGN,WAAW,CAACM,IAArC;AACA,WAAON,WAAW,CAACM,IAAnB;;AAEA,QAAI,CAACjB,OAAO,CAACI,GAAb,EAAkB;AAChB;AACAI,MAAAA,yBAAyB,CAACzB,GAAD,EAAMiB,OAAN,CAAzB;AACD;;AAED,WAAOnB,mBAAmB,CAACE,GAAD,EAAM4B,WAAN,EAAmBF,GAAnB,EAAwBQ,IAAxB,CAAnB,CACJC,KADI,CACEC,GAAG,IAAI;AACZ,UAAI,CAACzC,0BAA0B,CAACyC,GAAD,CAA/B,EAAsC;AACpCpC,QAAAA,GAAG,CAAC6B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,UAAAA;AAD2B,SAA7B;AAGD;;AACD,YAAMS,GAAN;AACD,KARI,EASJE,IATI,CASCZ,GAAG,IAAI;AACX1B,MAAAA,GAAG,CAAC6B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,QAAAA;AAD2B,OAA7B;AAGA,aAAOD,GAAP;AACD,KAdI,CAAP;AAgBD,G","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n ParseFromUrlOptions,\n TokenResponse,\n CustomUrls,\n TransactionMeta,\n OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n } else {\n nativeLoc.hash = '';\n }\n}\n\nfunction removeSearch(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n } else {\n nativeLoc.search = '';\n }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n var responseMode = sdk.options.responseMode || defaultResponseMode;\n return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n var url = options.url;\n var responseMode = options.responseMode || getResponseMode(sdk);\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n var paramStr;\n\n if (responseMode === 'query') {\n paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n } else {\n paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n }\n\n if (!paramStr) {\n throw new AuthSdkError('Unable to parse a token from the url');\n }\n\n return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n // Clean hash or search from the url\n const responseMode = options.responseMode || getResponseMode(sdk);\n responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options: string | ParseFromUrlOptions): Promise<TokenResponse> {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n const state = res.state;\n const oauthParams: TransactionMeta = sdk.transactionManager.load({\n oauth: true,\n pkce: sdk.options.pkce,\n state\n });\n if (!oauthParams) {\n return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n }\n const urls: CustomUrls = oauthParams.urls as CustomUrls;\n delete oauthParams.urls;\n\n if (!options.url) {\n // Clean hash or search from the url\n cleanOAuthResponseFromUrl(sdk, options);\n }\n\n return handleOAuthResponse(sdk, oauthParams, res, urls)\n .catch(err => {\n if (!isInteractionRequiredError(err)) {\n sdk.transactionManager.clear({\n state\n });\n }\n throw err;\n })\n .then(res => {\n sdk.transactionManager.clear({\n state\n });\n return res;\n });\n\n}\n"],"file":"parseFromUrl.js"}
|
package/esm/oidc/renewTokens.js
CHANGED
|
@@ -12,9 +12,11 @@ import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
|
|
|
12
12
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
13
13
|
*
|
|
14
14
|
*/
|
|
15
|
+
import { AuthSdkError } from '../errors';
|
|
15
16
|
import { getWithoutPrompt } from './getWithoutPrompt';
|
|
16
17
|
import { renewTokensWithRefresh } from './renewTokensWithRefresh';
|
|
17
18
|
import { getDefaultTokenParams } from './util'; // If we have a refresh token, renew using that, otherwise getWithoutPrompt
|
|
19
|
+
// eslint-disable-next-line complexity
|
|
18
20
|
|
|
19
21
|
export function renewTokens(_x, _x2) {
|
|
20
22
|
return _renewTokens.apply(this, arguments);
|
|
@@ -26,14 +28,34 @@ function _renewTokens() {
|
|
|
26
28
|
|
|
27
29
|
if (tokens.refreshToken) {
|
|
28
30
|
return renewTokensWithRefresh(sdk, options, tokens.refreshToken);
|
|
29
|
-
}
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
if (!tokens.accessToken && !tokens.idToken) {
|
|
34
|
+
throw new AuthSdkError('renewTokens() was called but there is no existing token');
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
var accessToken = tokens.accessToken || {};
|
|
38
|
+
var idToken = tokens.idToken || {};
|
|
39
|
+
var scopes = accessToken.scopes || idToken.scopes;
|
|
40
|
+
|
|
41
|
+
if (!scopes) {
|
|
42
|
+
throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
var authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;
|
|
46
|
+
|
|
47
|
+
if (!authorizeUrl) {
|
|
48
|
+
throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');
|
|
49
|
+
}
|
|
30
50
|
|
|
51
|
+
var userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;
|
|
52
|
+
var issuer = idToken.issuer || sdk.options.issuer; // Get tokens using the SSO cookie
|
|
31
53
|
|
|
32
54
|
options = Object.assign({
|
|
33
|
-
scopes
|
|
34
|
-
authorizeUrl
|
|
35
|
-
userinfoUrl
|
|
36
|
-
issuer
|
|
55
|
+
scopes,
|
|
56
|
+
authorizeUrl,
|
|
57
|
+
userinfoUrl,
|
|
58
|
+
issuer
|
|
37
59
|
}, options);
|
|
38
60
|
|
|
39
61
|
if (sdk.options.pkce) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["getWithoutPrompt","renewTokensWithRefresh","getDefaultTokenParams","renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["AuthSdkError","getWithoutPrompt","renewTokensWithRefresh","getDefaultTokenParams","renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","then","res"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,gBAAT,QAAiC,oBAAjC;AACA,SAASC,sBAAT,QAAuC,0BAAvC;AACA,SAASC,qBAAT,QAAsC,QAAtC,C,CAEA;AACA;;AACA,gBAAsBC,WAAtB;AAAA;AAAA;;;mCAAO,WAA2BC,GAA3B,EAAgCC,OAAhC,EAAuE;AAC5E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,QAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,aAAOR,sBAAsB,CAACG,GAAD,EAAMC,OAAN,EAAeC,MAAM,CAACG,YAAtB,CAA7B;AACD;;AAED,QAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;AAC1C,YAAM,IAAIZ,YAAJ,CAAiB,yDAAjB,CAAN;AACD;;AAED,QAAMW,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;AACA,QAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;AACA,QAAMC,MAAM,GAAGF,WAAW,CAACE,MAAZ,IAAsBD,OAAO,CAACC,MAA7C;;AACA,QAAI,CAACA,MAAL,EAAa;AACX,YAAM,IAAIb,YAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAMc,YAAY,GAAGH,WAAW,CAACG,YAAZ,IAA4BF,OAAO,CAACE,YAAzD;;AACA,QAAI,CAACA,YAAL,EAAmB;AACjB,YAAM,IAAId,YAAJ,CAAiB,0DAAjB,CAAN;AACD;;AACD,QAAMe,WAAW,GAAGJ,WAAW,CAACI,WAAZ,IAA2BV,GAAG,CAACC,OAAJ,CAAYS,WAA3D;AACA,QAAMC,MAAM,GAAGJ,OAAO,CAACI,MAAR,IAAkBX,GAAG,CAACC,OAAJ,CAAYU,MAA7C,CArB4E,CAuB5E;;AACAV,IAAAA,OAAO,GAAGW,MAAM,CAACC,MAAP,CAAc;AACtBL,MAAAA,MADsB;AAEtBC,MAAAA,YAFsB;AAGtBC,MAAAA,WAHsB;AAItBC,MAAAA;AAJsB,KAAd,EAKPV,OALO,CAAV;;AAOA,QAAID,GAAG,CAACC,OAAJ,CAAYa,IAAhB,EAAsB;AACpBb,MAAAA,OAAO,CAACc,YAAR,GAAuB,MAAvB;AACD,KAFD,MAEO;AACL,UAAM;AAAEA,QAAAA;AAAF,UAAmBjB,qBAAqB,CAACE,GAAD,CAA9C;AACAC,MAAAA,OAAO,CAACc,YAAR,GAAuBA,YAAvB;AACD;;AAED,WAAOnB,gBAAgB,CAACI,GAAD,EAAMC,OAAN,CAAhB,CACJe,IADI,CACCC,GAAG,IAAIA,GAAG,CAACf,MADZ,CAAP;AAGD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options: TokenParams): Promise<Tokens> {\n const tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"file":"renewTokens.js"}
|
package/esm/oidc/util/browser.js
CHANGED
|
@@ -15,7 +15,6 @@
|
|
|
15
15
|
|
|
16
16
|
/* eslint-disable complexity, max-statements */
|
|
17
17
|
import { AuthSdkError } from '../../errors';
|
|
18
|
-
import { isIE11OrLess } from '../../features';
|
|
19
18
|
export function addListener(eventTarget, name, fn) {
|
|
20
19
|
if (eventTarget.addEventListener) {
|
|
21
20
|
eventTarget.addEventListener(name, fn);
|
|
@@ -39,17 +38,7 @@ export function loadFrame(src) {
|
|
|
39
38
|
export function loadPopup(src, options) {
|
|
40
39
|
var title = options.popupTitle || 'External Identity Provider User Authentication';
|
|
41
40
|
var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' + 'top=100, left=500, width=600, height=600';
|
|
42
|
-
|
|
43
|
-
if (isIE11OrLess()) {
|
|
44
|
-
// IE<=11 doesn't fully support postMessage at time of writting.
|
|
45
|
-
// the following simple solution happened to solve the issue
|
|
46
|
-
// without adding another proxy layer which makes flow more complecated.
|
|
47
|
-
var winEl = window.open('/', title, appearance);
|
|
48
|
-
winEl.location.href = src;
|
|
49
|
-
return winEl;
|
|
50
|
-
} else {
|
|
51
|
-
return window.open(src, title, appearance);
|
|
52
|
-
}
|
|
41
|
+
return window.open(src, title, appearance);
|
|
53
42
|
}
|
|
54
43
|
export function addPostMessageListener(sdk, timeout, state) {
|
|
55
44
|
var responseHandler;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["AuthSdkError","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["AuthSdkError","addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","Promise","resolve","reject","e","data","origin","getIssuerOrigin","setTimeout","finally","clearTimeout"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AACA,SAASA,YAAT,QAA6B,cAA7B;AAGA,OAAO,SAASC,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;AAED,OAAO,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;AAED,OAAO,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;AAED,OAAO,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;AAED,OAAO,SAASG,sBAAT,CAAgCC,GAAhC,EAA+CC,OAA/C,EAAwDC,KAAxD,EAA+D;AACpE,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,IAAIC,OAAJ,CAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEL,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBM,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOR,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIO,CAAC,CAACE,MAAF,KAAaX,GAAG,CAACY,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAInC,YAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDkC,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBApC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGS,UAAU,CAAC,YAAY;AACjCL,MAAAA,MAAM,CAAC,IAAInC,YAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnB4B,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBS,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACX,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle || 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuth, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data || e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || 120000);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n"],"file":"browser.js"}
|
|
@@ -40,12 +40,14 @@ export function validateClaims(sdk, claims, validationParams) {
|
|
|
40
40
|
throw new AuthSdkError('The JWT expired before it was issued');
|
|
41
41
|
}
|
|
42
42
|
|
|
43
|
-
if (
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
43
|
+
if (!sdk.options.ignoreLifetime) {
|
|
44
|
+
if (now - sdk.options.maxClockSkew > claims.exp) {
|
|
45
|
+
throw new AuthSdkError('The JWT expired and is no longer valid');
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
if (claims.iat > now + sdk.options.maxClockSkew) {
|
|
49
|
+
throw new AuthSdkError('The JWT was issued in the future');
|
|
50
|
+
}
|
|
49
51
|
}
|
|
50
52
|
}
|
|
51
53
|
//# sourceMappingURL=validateClaims.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["AuthSdkError","validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","now","Math","floor","Date","iat","exp","options","maxClockSkew"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAOA,YAAP,MAAyB,2BAAzB;AAGA,OAAO,SAASC,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIL,YAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAIS,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIT,YAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIU,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIP,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIP,YAAJ,CAAiB,iBAAiBG,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIL,YAAJ,CAAiB,mBAAmBG,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACW,GAAP,GAAaX,MAAM,CAACY,GAAxB,EAA6B;AAC3B,UAAM,IAAIf,YAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["AuthSdkError","validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAOA,YAAP,MAAyB,2BAAzB;AAGA,OAAO,SAASC,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIL,YAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAIS,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIT,YAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIU,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIP,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIP,YAAJ,CAAiB,iBAAiBG,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIL,YAAJ,CAAiB,mBAAmBG,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACW,GAAP,GAAaX,MAAM,CAACY,GAAxB,EAA6B;AAC3B,UAAM,IAAIf,YAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACE,GAAG,CAACc,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGR,GAAG,CAACc,OAAJ,CAAYE,YAAnB,GAAmCf,MAAM,CAACY,GAA9C,EAAmD;AACjD,YAAM,IAAIf,YAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIG,MAAM,CAACW,GAAP,GAAcJ,GAAG,GAAGR,GAAG,CAACc,OAAJ,CAAYE,YAApC,EAAmD;AACjD,YAAM,IAAIlB,YAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuth, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat > claims.exp) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew) > claims.exp) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat > (now + sdk.options.maxClockSkew)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"file":"validateClaims.js"}
|