@okta/okta-auth-js 5.4.2 → 5.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +60 -5
- package/README.md +66 -977
- package/cjs/AuthStateManager.js +5 -0
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +32 -11
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/StorageManager.js +8 -0
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TransactionManager.js +32 -4
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +5 -5
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/builderUtil.js +6 -0
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/constants.js +3 -1
- package/cjs/constants.js.map +1 -1
- package/cjs/fetch/fetchRequest.js +10 -3
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/request.js +4 -0
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/remediate.js +33 -23
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +7 -7
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +13 -7
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +6 -6
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +18 -14
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +14 -0
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/Identify.js +5 -2
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/transactionMeta.js +3 -1
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +17 -6
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/index.js +6 -6
- package/cjs/index.js.map +1 -1
- package/cjs/oidc/getToken.js +14 -9
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getWithPopup.js +9 -2
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +6 -2
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js +59 -20
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewTokens.js +28 -5
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/util/browser.js +1 -13
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +8 -6
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/options.js +3 -0
- package/cjs/options.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +1 -3
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/api.js +3 -0
- package/cjs/tx/api.js.map +1 -1
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/util/sharedStorage.js +54 -0
- package/cjs/util/sharedStorage.js.map +1 -0
- package/dist/okta-auth-js.min.js +8 -8
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.umd.js +8 -8
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/AuthStateManager.js +5 -0
- package/esm/AuthStateManager.js.map +1 -1
- package/esm/OktaAuth.js +32 -12
- package/esm/OktaAuth.js.map +1 -1
- package/esm/OktaUserAgent.js +2 -2
- package/esm/StorageManager.js +9 -1
- package/esm/StorageManager.js.map +1 -1
- package/esm/TransactionManager.js +31 -4
- package/esm/TransactionManager.js.map +1 -1
- package/esm/browser/browserStorage.js +5 -5
- package/esm/browser/browserStorage.js.map +1 -1
- package/esm/builderUtil.js +6 -0
- package/esm/builderUtil.js.map +1 -1
- package/esm/constants.js +1 -0
- package/esm/constants.js.map +1 -1
- package/esm/fetch/fetchRequest.js +10 -3
- package/esm/fetch/fetchRequest.js.map +1 -1
- package/esm/http/request.js +4 -0
- package/esm/http/request.js.map +1 -1
- package/esm/idx/remediate.js +41 -29
- package/esm/idx/remediate.js.map +1 -1
- package/esm/idx/remediators/Base/AuthenticatorData.js +7 -7
- package/esm/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/esm/idx/remediators/Base/Remediator.js +13 -8
- package/esm/idx/remediators/Base/Remediator.js.map +1 -1
- package/esm/idx/remediators/Base/SelectAuthenticator.js +6 -6
- package/esm/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/esm/idx/remediators/Base/VerifyAuthenticator.js +18 -15
- package/esm/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/esm/idx/remediators/EnrollProfile.js +21 -4
- package/esm/idx/remediators/EnrollProfile.js.map +1 -1
- package/esm/idx/remediators/Identify.js +4 -2
- package/esm/idx/remediators/Identify.js.map +1 -1
- package/esm/idx/remediators/ReEnrollAuthenticator.js +1 -1
- package/esm/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/esm/idx/transactionMeta.js +3 -1
- package/esm/idx/transactionMeta.js.map +1 -1
- package/esm/idx/types/idx-js.js.map +1 -1
- package/esm/idx/types/index.js +15 -5
- package/esm/idx/types/index.js.map +1 -1
- package/esm/index.js +2 -2
- package/esm/index.js.map +1 -1
- package/esm/oidc/getToken.js +15 -10
- package/esm/oidc/getToken.js.map +1 -1
- package/esm/oidc/getWithPopup.js +8 -2
- package/esm/oidc/getWithPopup.js.map +1 -1
- package/esm/oidc/getWithRedirect.js +6 -2
- package/esm/oidc/getWithRedirect.js.map +1 -1
- package/esm/oidc/parseFromUrl.js +59 -17
- package/esm/oidc/parseFromUrl.js.map +1 -1
- package/esm/oidc/renewTokens.js +27 -5
- package/esm/oidc/renewTokens.js.map +1 -1
- package/esm/oidc/util/browser.js +1 -12
- package/esm/oidc/util/browser.js.map +1 -1
- package/esm/oidc/util/validateClaims.js +8 -6
- package/esm/oidc/util/validateClaims.js.map +1 -1
- package/esm/options.js +3 -0
- package/esm/options.js.map +1 -1
- package/esm/tx/AuthTransaction.js +1 -3
- package/esm/tx/AuthTransaction.js.map +1 -1
- package/esm/tx/api.js +3 -0
- package/esm/tx/api.js.map +1 -1
- package/esm/types/Transaction.js.map +1 -1
- package/esm/util/sharedStorage.js +43 -0
- package/esm/util/sharedStorage.js.map +1 -0
- package/lib/AuthStateManager.d.ts +4 -2
- package/lib/OktaAuth.d.ts +3 -2
- package/lib/StorageManager.d.ts +1 -0
- package/lib/TransactionManager.d.ts +1 -0
- package/lib/constants.d.ts +1 -0
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +2 -5
- package/lib/idx/remediators/Base/Remediator.d.ts +3 -6
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +3 -6
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +1 -1
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -0
- package/lib/idx/remediators/Identify.d.ts +1 -5
- package/lib/idx/types/idx-js.d.ts +1 -0
- package/lib/idx/types/index.d.ts +19 -9
- package/lib/index.d.ts +2 -1
- package/lib/oidc/getToken.d.ts +2 -2
- package/lib/oidc/parseFromUrl.d.ts +4 -1
- package/lib/oidc/renewTokens.d.ts +0 -12
- package/lib/types/AuthState.d.ts +1 -0
- package/lib/types/OktaAuthOptions.d.ts +2 -1
- package/lib/types/Storage.d.ts +3 -0
- package/lib/types/Transaction.d.ts +5 -1
- package/lib/types/api.d.ts +9 -4
- package/lib/types/http.d.ts +1 -0
- package/lib/util/sharedStorage.d.ts +6 -0
- package/package.json +5 -4
package/cjs/oidc/getToken.js
CHANGED
|
@@ -86,7 +86,11 @@ function getToken(sdk, options) {
|
|
|
86
86
|
return Promise.reject(new _AuthSdkError.default('As of version 3.0, "getToken" takes only a single set of options'));
|
|
87
87
|
}
|
|
88
88
|
|
|
89
|
-
options = options || {};
|
|
89
|
+
options = options || {}; // window object cannot be serialized, save for later use
|
|
90
|
+
// TODO: move popup related params into a separate options object
|
|
91
|
+
|
|
92
|
+
const popupWindow = options.popupWindow;
|
|
93
|
+
options.popupWindow = undefined;
|
|
90
94
|
return (0, _prepareTokenParams.prepareTokenParams)(sdk, options).then(function (tokenParams) {
|
|
91
95
|
// Start overriding any options that don't make sense
|
|
92
96
|
var sessionTokenOverrides = {
|
|
@@ -145,17 +149,18 @@ function getToken(sdk, options) {
|
|
|
145
149
|
}
|
|
146
150
|
|
|
147
151
|
oauthPromise = (0, _util.addPostMessageListener)(sdk, options.timeout, tokenParams.state);
|
|
148
|
-
} //
|
|
152
|
+
} // Redirect for authorization
|
|
153
|
+
// popupWindown can be null when popup is blocked
|
|
154
|
+
|
|
149
155
|
|
|
156
|
+
if (popupWindow) {
|
|
157
|
+
popupWindow.location.assign(requestUrl);
|
|
158
|
+
} // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
|
|
150
159
|
|
|
151
|
-
var windowOptions = {
|
|
152
|
-
popupTitle: options.popupTitle
|
|
153
|
-
};
|
|
154
|
-
var windowEl = (0, _util.loadPopup)(requestUrl, windowOptions); // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
|
|
155
160
|
|
|
156
161
|
var popupPromise = new Promise(function (resolve, reject) {
|
|
157
162
|
var closePoller = setInterval(function () {
|
|
158
|
-
if (!
|
|
163
|
+
if (!popupWindow || popupWindow.closed) {
|
|
159
164
|
clearInterval(closePoller);
|
|
160
165
|
reject(new _AuthSdkError.default('Unable to parse OAuth flow response'));
|
|
161
166
|
}
|
|
@@ -172,8 +177,8 @@ function getToken(sdk, options) {
|
|
|
172
177
|
return popupPromise.then(function (res) {
|
|
173
178
|
return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, tokenParams, res, urls);
|
|
174
179
|
}).finally(function () {
|
|
175
|
-
if (
|
|
176
|
-
|
|
180
|
+
if (popupWindow && !popupWindow.closed) {
|
|
181
|
+
popupWindow.close();
|
|
177
182
|
}
|
|
178
183
|
});
|
|
179
184
|
|
package/cjs/oidc/getToken.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","windowOptions","popupTitle","windowEl","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;AAeA;;AAMA;;AAOA;;AACA;;AAEA;;AA9BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAuD;AAC5D,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AAEA,SAAO,4CAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIX,OAAO,CAACa,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIR,OAAO,CAACgB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAapB,GAAb,EAAkBQ,WAAlB,CAAP;AACAW,IAAAA,QAAQ,GAAGlB,OAAO,CAACoB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBX,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuBzB,GAAvB,EAA4BC,OAAO,CAACyB,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB7B,GAApB,EAAyBQ,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACX,GAAG,CAACqC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD8B,UAAAA,YAAY,GAAG,kCAAuBpC,GAAvB,EAA4BC,OAAO,CAACyB,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAAf;AACD,SAVH,CAYE;;;AACA,YAAIY,aAAa,GAAG;AAClBC,UAAAA,UAAU,EAAEvC,OAAO,CAACuC;AADF,SAApB;AAGA,YAAIC,QAAQ,GAAG,qBAAUvB,UAAV,EAAsBqB,aAAtB,CAAf,CAhBF,CAkBE;;AACA,YAAIG,YAAY,GAAG,IAAItC,OAAJ,CAAY,UAAUuC,OAAV,EAAmBtC,MAAnB,EAA2B;AACxD,cAAIuC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACJ,QAAD,IAAaA,QAAQ,CAACK,MAA1B,EAAkC;AAChCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA8B,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBkB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACd,GAAD,CAAP;AACD,WAJH,EAKGmB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,YAAAA,MAAM,CAAC4C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBnC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB7B,GAApB,EAAyBQ,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIW,QAAQ,IAAI,CAACA,QAAQ,CAACK,MAA1B,EAAkC;AAChCL,YAAAA,QAAQ,CAACS,KAAT;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI5C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n loadPopup,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Create the window\n var windowOptions = {\n popupTitle: options.popupTitle\n };\n var windowEl = loadPopup(requestUrl, windowOptions);\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!windowEl || windowEl.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (windowEl && !windowEl.closed) {\n windowEl.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;AAeA;;AAKA;;AAQA;;AACA;;AAEA;;AA9BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,QAAMM,WAAW,GAAGN,OAAO,CAACM,WAA5B;AACAN,EAAAA,OAAO,CAACM,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBR,GAAnB,EAAwBC,OAAxB,EACJQ,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIb,OAAO,CAACe,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIV,OAAO,CAACkB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAatB,GAAb,EAAkBU,WAAlB,CAAP;AACAW,IAAAA,QAAQ,GAAGpB,OAAO,CAACsB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBX,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuB3B,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACb,GAAG,CAACuC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIlC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACDgC,UAAAA,YAAY,GAAG,kCAAuBtC,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAItC,OAAJ,CAAY,UAAUuC,OAAV,EAAmBtC,MAAnB,EAA2B;AACxD,cAAIuC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACAgC,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,YAAAA,MAAM,CAAC4C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI5C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n PopupParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
|
package/cjs/oidc/getWithPopup.js
CHANGED
|
@@ -8,6 +8,8 @@ var _util = require("../util");
|
|
|
8
8
|
|
|
9
9
|
var _getToken = require("./getToken");
|
|
10
10
|
|
|
11
|
+
var _util2 = require("./util");
|
|
12
|
+
|
|
11
13
|
/*!
|
|
12
14
|
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
13
15
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -23,12 +25,17 @@ var _getToken = require("./getToken");
|
|
|
23
25
|
function getWithPopup(sdk, options) {
|
|
24
26
|
if (arguments.length > 2) {
|
|
25
27
|
return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
|
|
26
|
-
}
|
|
28
|
+
} // some browsers (safari, firefox) block popup if it's initialed from an async process
|
|
29
|
+
// here we create the popup window immediately after user interaction
|
|
30
|
+
// then redirect to the /authorize endpoint when the requestUrl is available
|
|
31
|
+
|
|
27
32
|
|
|
33
|
+
const popupWindow = (0, _util2.loadPopup)('/', options);
|
|
28
34
|
options = (0, _util.clone)(options) || {};
|
|
29
35
|
Object.assign(options, {
|
|
30
36
|
display: 'popup',
|
|
31
|
-
responseMode: 'okta_post_message'
|
|
37
|
+
responseMode: 'okta_post_message',
|
|
38
|
+
popupWindow
|
|
32
39
|
});
|
|
33
40
|
return (0, _getToken.getToken)(sdk, options);
|
|
34
41
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","Object","assign","display","responseMode"],"mappings":";;;;AAYA;;AAEA;;AACA;;
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","Object","assign","display","responseMode"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHuF,CAKxF;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeN,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACAO,EAAAA,MAAM,CAACC,MAAP,CAAcR,OAAd,EAAuB;AACrBS,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBJ,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASP,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
|
|
@@ -44,7 +44,10 @@ function getWithRedirect(sdk, options) {
|
|
|
44
44
|
codeVerifier,
|
|
45
45
|
codeChallenge,
|
|
46
46
|
codeChallengeMethod
|
|
47
|
-
} = tokenParams;
|
|
47
|
+
} = tokenParams; // Also store the originalUri (if any) in the transaction meta.
|
|
48
|
+
// This is needed to support continue flow in another tab.
|
|
49
|
+
|
|
50
|
+
const originalUri = sdk.getOriginalUri();
|
|
48
51
|
const oauthMeta = {
|
|
49
52
|
issuer,
|
|
50
53
|
responseType,
|
|
@@ -57,7 +60,8 @@ function getWithRedirect(sdk, options) {
|
|
|
57
60
|
redirectUri,
|
|
58
61
|
codeVerifier,
|
|
59
62
|
codeChallenge,
|
|
60
|
-
codeChallengeMethod
|
|
63
|
+
codeChallengeMethod,
|
|
64
|
+
originalUri
|
|
61
65
|
};
|
|
62
66
|
sdk.transactionManager.save(oauthMeta, {
|
|
63
67
|
oauth: true
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,SAAO,+BAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,UAAMC,IAAI,GAAG,yBAAaT,GAAb,EAAkBC,OAAlB,CAAb;AACA,UAAMS,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoB,qCAAqBH,WAArB,CAAvC;AACA,UAAMI,MAAM,GAAGZ,GAAG,CAACC,OAAJ,CAAYW,MAA3B,CAHwC,CAKxC;;AACA,UAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ;
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","originalUri","getOriginalUri","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,SAAO,+BAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,UAAMC,IAAI,GAAG,yBAAaT,GAAb,EAAkBC,OAAlB,CAAb;AACA,UAAMS,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoB,qCAAqBH,WAArB,CAAvC;AACA,UAAMI,MAAM,GAAGZ,GAAG,CAACC,OAAJ,CAAYW,MAA3B,CAHwC,CAKxC;;AACA,UAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ,CANwC,CAmBxC;AACA;;AACA,UAAMe,WAAW,GAAGvB,GAAG,CAACwB,cAAJ,EAApB;AAEA,UAAMC,SAA0B,GAAG;AACjCb,MAAAA,MADiC;AAEjCC,MAAAA,YAFiC;AAGjCC,MAAAA,KAHiC;AAIjCC,MAAAA,KAJiC;AAKjCC,MAAAA,MALiC;AAMjCC,MAAAA,QANiC;AAOjCR,MAAAA,IAPiC;AAQjCS,MAAAA,eARiC;AASjCC,MAAAA,WATiC;AAUjCC,MAAAA,YAViC;AAWjCC,MAAAA,aAXiC;AAYjCC,MAAAA,mBAZiC;AAajCC,MAAAA;AAbiC,KAAnC;AAgBAvB,IAAAA,GAAG,CAAC0B,kBAAJ,CAAuBC,IAAvB,CAA4BF,SAA5B,EAAuC;AAAEG,MAAAA,KAAK,EAAE;AAAT,KAAvC;;AACA5B,IAAAA,GAAG,CAAC6B,KAAJ,CAAU9B,eAAV,CAA0B+B,YAA1B,CAAuCpB,UAAvC;AACD,GA1CI,CAAP;AA2CD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TransactionMeta } from '../types';\nimport { clone } from '../util';\nimport { getOAuthUrls, prepareTokenParams } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function getWithRedirect(sdk: OktaAuth, options: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n const urls = getOAuthUrls(sdk, options);\n const requestUrl = urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n const issuer = sdk.options.issuer;\n\n // Gather the values we want to save in the transaction\n const {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n } = tokenParams;\n\n // Also store the originalUri (if any) in the transaction meta.\n // This is needed to support continue flow in another tab.\n const originalUri = sdk.getOriginalUri();\n\n const oauthMeta: TransactionMeta = {\n issuer,\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n originalUri,\n };\n\n sdk.transactionManager.save(oauthMeta, { oauth: true });\n sdk.token.getWithRedirect._setLocation(requestUrl);\n });\n}\n"],"file":"getWithRedirect.js"}
|
package/cjs/oidc/parseFromUrl.js
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
exports.getResponseMode = getResponseMode;
|
|
4
|
+
exports.parseOAuthResponseFromUrl = parseOAuthResponseFromUrl;
|
|
5
|
+
exports.cleanOAuthResponseFromUrl = cleanOAuthResponseFromUrl;
|
|
3
6
|
exports.parseFromUrl = parseFromUrl;
|
|
4
7
|
|
|
5
8
|
var _errors = require("../errors");
|
|
@@ -52,7 +55,14 @@ function removeSearch(sdk) {
|
|
|
52
55
|
}
|
|
53
56
|
}
|
|
54
57
|
|
|
55
|
-
function
|
|
58
|
+
function getResponseMode(sdk) {
|
|
59
|
+
// https://openid.net/specs/openid-connect-core-1_0.html#Authentication
|
|
60
|
+
var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
|
|
61
|
+
var responseMode = sdk.options.responseMode || defaultResponseMode;
|
|
62
|
+
return responseMode;
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
function parseOAuthResponseFromUrl(sdk, options) {
|
|
56
66
|
options = options || {};
|
|
57
67
|
|
|
58
68
|
if ((0, _util2.isString)(options)) {
|
|
@@ -61,12 +71,10 @@ function parseFromUrl(sdk, options) {
|
|
|
61
71
|
};
|
|
62
72
|
} else {
|
|
63
73
|
options = options;
|
|
64
|
-
}
|
|
65
|
-
|
|
74
|
+
}
|
|
66
75
|
|
|
67
|
-
var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
|
|
68
76
|
var url = options.url;
|
|
69
|
-
var responseMode = options.responseMode || sdk
|
|
77
|
+
var responseMode = options.responseMode || getResponseMode(sdk);
|
|
70
78
|
|
|
71
79
|
var nativeLoc = sdk.token.parseFromUrl._getLocation();
|
|
72
80
|
|
|
@@ -79,31 +87,62 @@ function parseFromUrl(sdk, options) {
|
|
|
79
87
|
}
|
|
80
88
|
|
|
81
89
|
if (!paramStr) {
|
|
82
|
-
|
|
90
|
+
throw new _errors.AuthSdkError('Unable to parse a token from the url');
|
|
83
91
|
}
|
|
84
92
|
|
|
93
|
+
return (0, _util.urlParamsToObject)(paramStr);
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
function cleanOAuthResponseFromUrl(sdk, options) {
|
|
97
|
+
// Clean hash or search from the url
|
|
98
|
+
const responseMode = options.responseMode || getResponseMode(sdk);
|
|
99
|
+
responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
async function parseFromUrl(sdk, options) {
|
|
103
|
+
options = options || {};
|
|
104
|
+
|
|
105
|
+
if ((0, _util2.isString)(options)) {
|
|
106
|
+
options = {
|
|
107
|
+
url: options
|
|
108
|
+
};
|
|
109
|
+
} else {
|
|
110
|
+
options = options;
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
const res = parseOAuthResponseFromUrl(sdk, options);
|
|
114
|
+
const state = res.state;
|
|
85
115
|
const oauthParams = sdk.transactionManager.load({
|
|
86
116
|
oauth: true,
|
|
87
|
-
pkce: sdk.options.pkce
|
|
117
|
+
pkce: sdk.options.pkce,
|
|
118
|
+
state
|
|
88
119
|
});
|
|
120
|
+
|
|
121
|
+
if (!oauthParams) {
|
|
122
|
+
return Promise.reject(new _errors.AuthSdkError('Unable to retrieve OAuth redirect params from storage'));
|
|
123
|
+
}
|
|
124
|
+
|
|
89
125
|
const urls = oauthParams.urls;
|
|
90
126
|
delete oauthParams.urls;
|
|
91
|
-
return Promise.resolve((0, _util.urlParamsToObject)(paramStr)).then(function (res) {
|
|
92
|
-
if (!url) {
|
|
93
|
-
// Clean hash or search from the url
|
|
94
|
-
responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);
|
|
95
|
-
}
|
|
96
127
|
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
128
|
+
if (!options.url) {
|
|
129
|
+
// Clean hash or search from the url
|
|
130
|
+
cleanOAuthResponseFromUrl(sdk, options);
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, oauthParams, res, urls).catch(err => {
|
|
134
|
+
if (!(0, _util.isInteractionRequiredError)(err)) {
|
|
135
|
+
sdk.transactionManager.clear({
|
|
136
|
+
state
|
|
137
|
+
});
|
|
138
|
+
}
|
|
101
139
|
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
140
|
+
throw err;
|
|
141
|
+
}).then(res => {
|
|
142
|
+
sdk.transactionManager.clear({
|
|
143
|
+
state
|
|
106
144
|
});
|
|
145
|
+
return res;
|
|
107
146
|
});
|
|
108
147
|
}
|
|
109
148
|
//# sourceMappingURL=parseFromUrl.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","indexOf","AuthSdkError","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","Promise","reject","urls","catch","err","clear","then"],"mappings":";;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;AACzD;AACA,MAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AACA,MAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;AACA,SAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;AACnGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,MAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;AACA,MAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;AACA,MAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIc,QAAJ;;AAEA,MAAIH,YAAY,KAAK,OAArB,EAA8B;AAC5BG,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLU,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACS,QAAL,EAAe;AACb,UAAM,IAAIG,oBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,SAAO,6BAAkBH,QAAlB,CAAP;AACD;;AAEM,SAASI,yBAAT,CAAmC1B,GAAnC,EAAwCiB,OAAxC,EAAsE;AAC3E;AACA,QAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;AACAmB,EAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAgG;AACrGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,QAAMU,GAAkB,GAAGP,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;AACA,QAAMW,KAAK,GAAGD,GAAG,CAACC,KAAlB;AACA,QAAMC,WAA4B,GAAG7B,GAAG,CAAC8B,kBAAJ,CAAuBC,IAAvB,CAA4B;AAC/DC,IAAAA,KAAK,EAAE,IADwD;AAE/Dd,IAAAA,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;AAG/DU,IAAAA;AAH+D,GAA5B,CAArC;;AAKA,MAAI,CAACC,WAAL,EAAkB;AAChB,WAAOI,OAAO,CAACC,MAAR,CAAe,IAAIT,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;AACD;;AACD,QAAMU,IAAgB,GAAGN,WAAW,CAACM,IAArC;AACA,SAAON,WAAW,CAACM,IAAnB;;AAEA,MAAI,CAAClB,OAAO,CAACI,GAAb,EAAkB;AAChB;AACAK,IAAAA,yBAAyB,CAAC1B,GAAD,EAAMiB,OAAN,CAAzB;AACD;;AAED,SAAO,8CAAoBjB,GAApB,EAAyB6B,WAAzB,EAAsCF,GAAtC,EAA2CQ,IAA3C,EACJC,KADI,CACEC,GAAG,IAAI;AACZ,QAAI,CAAC,sCAA2BA,GAA3B,CAAL,EAAsC;AACpCrC,MAAAA,GAAG,CAAC8B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,QAAAA;AAD2B,OAA7B;AAGD;;AACD,UAAMS,GAAN;AACD,GARI,EASJE,IATI,CASCZ,GAAG,IAAI;AACX3B,IAAAA,GAAG,CAAC8B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,MAAAA;AAD2B,KAA7B;AAGA,WAAOD,GAAP;AACD,GAdI,CAAP;AAgBD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n ParseFromUrlOptions,\n TokenResponse,\n CustomUrls,\n TransactionMeta,\n OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n } else {\n nativeLoc.hash = '';\n }\n}\n\nfunction removeSearch(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n } else {\n nativeLoc.search = '';\n }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n var responseMode = sdk.options.responseMode || defaultResponseMode;\n return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n var url = options.url;\n var responseMode = options.responseMode || getResponseMode(sdk);\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n var paramStr;\n\n if (responseMode === 'query') {\n paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n } else {\n paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n }\n\n if (!paramStr) {\n throw new AuthSdkError('Unable to parse a token from the url');\n }\n\n return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n // Clean hash or search from the url\n const responseMode = options.responseMode || getResponseMode(sdk);\n responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options: string | ParseFromUrlOptions): Promise<TokenResponse> {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n const state = res.state;\n const oauthParams: TransactionMeta = sdk.transactionManager.load({\n oauth: true,\n pkce: sdk.options.pkce,\n state\n });\n if (!oauthParams) {\n return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n }\n const urls: CustomUrls = oauthParams.urls as CustomUrls;\n delete oauthParams.urls;\n\n if (!options.url) {\n // Clean hash or search from the url\n cleanOAuthResponseFromUrl(sdk, options);\n }\n\n return handleOAuthResponse(sdk, oauthParams, res, urls)\n .catch(err => {\n if (!isInteractionRequiredError(err)) {\n sdk.transactionManager.clear({\n state\n });\n }\n throw err;\n })\n .then(res => {\n sdk.transactionManager.clear({\n state\n });\n return res;\n });\n\n}\n"],"file":"parseFromUrl.js"}
|
package/cjs/oidc/renewTokens.js
CHANGED
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
exports.renewTokens = renewTokens;
|
|
4
4
|
|
|
5
|
+
var _errors = require("../errors");
|
|
6
|
+
|
|
5
7
|
var _getWithoutPrompt = require("./getWithoutPrompt");
|
|
6
8
|
|
|
7
9
|
var _renewTokensWithRefresh = require("./renewTokensWithRefresh");
|
|
@@ -21,19 +23,40 @@ var _util = require("./util");
|
|
|
21
23
|
*
|
|
22
24
|
*/
|
|
23
25
|
// If we have a refresh token, renew using that, otherwise getWithoutPrompt
|
|
26
|
+
// eslint-disable-next-line complexity
|
|
24
27
|
async function renewTokens(sdk, options) {
|
|
25
28
|
const tokens = sdk.tokenManager.getTokensSync();
|
|
26
29
|
|
|
27
30
|
if (tokens.refreshToken) {
|
|
28
31
|
return (0, _renewTokensWithRefresh.renewTokensWithRefresh)(sdk, options, tokens.refreshToken);
|
|
29
|
-
}
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
if (!tokens.accessToken && !tokens.idToken) {
|
|
35
|
+
throw new _errors.AuthSdkError('renewTokens() was called but there is no existing token');
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
const accessToken = tokens.accessToken || {};
|
|
39
|
+
const idToken = tokens.idToken || {};
|
|
40
|
+
const scopes = accessToken.scopes || idToken.scopes;
|
|
41
|
+
|
|
42
|
+
if (!scopes) {
|
|
43
|
+
throw new _errors.AuthSdkError('renewTokens: invalid tokens: could not read scopes');
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;
|
|
47
|
+
|
|
48
|
+
if (!authorizeUrl) {
|
|
49
|
+
throw new _errors.AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');
|
|
50
|
+
}
|
|
30
51
|
|
|
52
|
+
const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;
|
|
53
|
+
const issuer = idToken.issuer || sdk.options.issuer; // Get tokens using the SSO cookie
|
|
31
54
|
|
|
32
55
|
options = Object.assign({
|
|
33
|
-
scopes
|
|
34
|
-
authorizeUrl
|
|
35
|
-
userinfoUrl
|
|
36
|
-
issuer
|
|
56
|
+
scopes,
|
|
57
|
+
authorizeUrl,
|
|
58
|
+
userinfoUrl,
|
|
59
|
+
issuer
|
|
37
60
|
}, options);
|
|
38
61
|
|
|
39
62
|
if (sdk.options.pkce) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","then","res"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAuE;AAC5E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,MAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,WAAO,oDAAuBL,GAAvB,EAA4BC,OAA5B,EAAqCC,MAAM,CAACG,YAA5C,CAAP;AACD;;AAED,MAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;AAC1C,UAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;AACD;;AAED,QAAMF,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;AACA,QAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;AACA,QAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;AACA,MAAI,CAACA,MAAL,EAAa;AACX,UAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;AACA,MAAI,CAACA,YAAL,EAAmB;AACjB,UAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;AACD;;AACD,QAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BX,GAAG,CAACC,OAAJ,CAAYU,WAA3D;AACA,QAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBZ,GAAG,CAACC,OAAJ,CAAYW,MAA7C,CArB4E,CAuB5E;;AACAX,EAAAA,OAAO,GAAGY,MAAM,CAACC,MAAP,CAAc;AACtBL,IAAAA,MADsB;AAEtBC,IAAAA,YAFsB;AAGtBC,IAAAA,WAHsB;AAItBC,IAAAA;AAJsB,GAAd,EAKPX,OALO,CAAV;;AAOA,MAAID,GAAG,CAACC,OAAJ,CAAYc,IAAhB,EAAsB;AACpBd,IAAAA,OAAO,CAACe,YAAR,GAAuB,MAAvB;AACD,GAFD,MAEO;AACL,UAAM;AAAEA,MAAAA;AAAF,QAAmB,iCAAsBhB,GAAtB,CAAzB;AACAC,IAAAA,OAAO,CAACe,YAAR,GAAuBA,YAAvB;AACD;;AAED,SAAO,wCAAiBhB,GAAjB,EAAsBC,OAAtB,EACJgB,IADI,CACCC,GAAG,IAAIA,GAAG,CAAChB,MADZ,CAAP;AAGD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options: TokenParams): Promise<Tokens> {\n const tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"file":"renewTokens.js"}
|
package/cjs/oidc/util/browser.js
CHANGED
|
@@ -8,8 +8,6 @@ exports.addPostMessageListener = addPostMessageListener;
|
|
|
8
8
|
|
|
9
9
|
var _errors = require("../../errors");
|
|
10
10
|
|
|
11
|
-
var _features = require("../../features");
|
|
12
|
-
|
|
13
11
|
/*!
|
|
14
12
|
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
15
13
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -52,17 +50,7 @@ function loadFrame(src) {
|
|
|
52
50
|
function loadPopup(src, options) {
|
|
53
51
|
var title = options.popupTitle || 'External Identity Provider User Authentication';
|
|
54
52
|
var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' + 'top=100, left=500, width=600, height=600';
|
|
55
|
-
|
|
56
|
-
if ((0, _features.isIE11OrLess)()) {
|
|
57
|
-
// IE<=11 doesn't fully support postMessage at time of writting.
|
|
58
|
-
// the following simple solution happened to solve the issue
|
|
59
|
-
// without adding another proxy layer which makes flow more complecated.
|
|
60
|
-
var winEl = window.open('/', title, appearance);
|
|
61
|
-
winEl.location.href = src;
|
|
62
|
-
return winEl;
|
|
63
|
-
} else {
|
|
64
|
-
return window.open(src, title, appearance);
|
|
65
|
-
}
|
|
53
|
+
return window.open(src, title, appearance);
|
|
66
54
|
}
|
|
67
55
|
|
|
68
56
|
function addPostMessageListener(sdk, timeout, state) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","Promise","resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"mappings":";;;;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAIO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;;AAEM,SAASG,sBAAT,CAAgCC,GAAhC,EAA+CC,OAA/C,EAAwDC,KAAxD,EAA+D;AACpE,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,IAAIC,OAAJ,CAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEL,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBM,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOR,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIO,CAAC,CAACE,MAAF,KAAaX,GAAG,CAACY,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDN,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBApC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGU,UAAU,CAAC,YAAY;AACjCN,MAAAA,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnBZ,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBU,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACZ,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle || 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuth, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data || e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || 120000);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n"],"file":"browser.js"}
|
|
@@ -47,12 +47,14 @@ function validateClaims(sdk, claims, validationParams) {
|
|
|
47
47
|
throw new _AuthSdkError.default('The JWT expired before it was issued');
|
|
48
48
|
}
|
|
49
49
|
|
|
50
|
-
if (
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
50
|
+
if (!sdk.options.ignoreLifetime) {
|
|
51
|
+
if (now - sdk.options.maxClockSkew > claims.exp) {
|
|
52
|
+
throw new _AuthSdkError.default('The JWT expired and is no longer valid');
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
if (claims.iat > now + sdk.options.maxClockSkew) {
|
|
56
|
+
throw new _AuthSdkError.default('The JWT was issued in the future');
|
|
57
|
+
}
|
|
56
58
|
}
|
|
57
59
|
}
|
|
58
60
|
//# sourceMappingURL=validateClaims.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","maxClockSkew"],"mappings":";;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACY,GAAP,GAAaZ,MAAM,CAACa,GAAxB,EAA6B;AAC3B,UAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":";;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACY,GAAP,GAAaZ,MAAM,CAACa,GAAxB,EAA6B;AAC3B,UAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACR,GAAG,CAACe,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAAnB,GAAmChB,MAAM,CAACa,GAA9C,EAAmD;AACjD,YAAM,IAAIN,qBAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIP,MAAM,CAACY,GAAP,GAAcJ,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAApC,EAAmD;AACjD,YAAM,IAAIT,qBAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuth, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat > claims.exp) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew) > claims.exp) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat > (now + sdk.options.maxClockSkew)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"file":"validateClaims.js"}
|
package/cjs/options.js
CHANGED
package/cjs/options.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../lib/options.ts"],"names":["BROWSER_STORAGE","token","storageTypes","useMultipleCookies","cache","transaction","SERVER_STORAGE","getCookieSettings","args","isHTTPS","cookieSettings","cookies","secure","sameSite","getDefaultOptions","storageUtil","browserStorage","serverStorage","storageManager","devMode","httpRequestClient","fetchRequest","mergeOptions","options","Object","assign","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","ignoreSignature","clientSecret"],"mappings":";;;;;;;AAcA;;AACA;;AAGA;;AACA;;AACA;;AACA;;AArBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAUA,MAAMA,eAAsC,GAAG;AAC7CC,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY,CADT;AAMLC,IAAAA,kBAAkB,EAAE;AANf,GADsC;AAS7CC,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GATsC;AAgB7CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;AADH;
|
|
1
|
+
{"version":3,"sources":["../../lib/options.ts"],"names":["BROWSER_STORAGE","token","storageTypes","useMultipleCookies","cache","transaction","SERVER_STORAGE","getCookieSettings","args","isHTTPS","cookieSettings","cookies","secure","sameSite","getDefaultOptions","storageUtil","browserStorage","serverStorage","storageManager","devMode","httpRequestClient","fetchRequest","mergeOptions","options","Object","assign","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","ignoreSignature","clientSecret"],"mappings":";;;;;;;AAcA;;AACA;;AAGA;;AACA;;AACA;;AACA;;AArBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAUA,MAAMA,eAAsC,GAAG;AAC7CC,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY,CADT;AAMLC,IAAAA,kBAAkB,EAAE;AANf,GADsC;AAS7CC,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GATsC;AAgB7CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;AADH,GAhBgC;AAuB7C,wBAAsB;AACpBA,IAAAA,YAAY,EAAE,CACZ,cADY;AADM;AAvBuB,CAA/C;AA8BA,MAAMI,cAAqC,GAAG;AAC5CL,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GADqC;AAM5CE,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GANqC;AAW5CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,QADY;AADH;AAX+B,CAA9C;;AAkBA,SAASK,iBAAT,CAA2BC,IAAqB,GAAG,EAAnD,EAAuDC,OAAvD,EAAyE;AACvE;AACA;AACA;AACA,MAAIC,cAAc,GAAGF,IAAI,CAACG,OAAL,IAAgB,EAArC;;AACA,MAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;AAChDF,IAAAA,cAAc,CAACE,MAAf,GAAwBH,OAAxB;AACD;;AACD,MAAI,OAAOC,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;AAClDH,IAAAA,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;AACD,GAVsE,CAYvE;;;AACA,MAAIF,cAAc,CAACE,MAAf,IAAyB,CAACH,OAA9B,EAAuC;AACrC;AACA,oBACE,oEACA,4DADA,GAEA,gEAHF;AAKAC,IAAAA,cAAc,CAACE,MAAf,GAAwB,KAAxB;AACD,GArBsE,CAuBvE;AACA;;;AACA,MAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;AAChEF,IAAAA,cAAc,CAACG,QAAf,GAA0B,KAA1B;AACD;;AAED,SAAOH,cAAP;AACD;;AAGM,SAASI,iBAAT,GAA8C;AACnD,QAAMC,WAAW,GAAG,6BAAcC,uBAAd,GAA+BC,sBAAnD;AACA,QAAMC,cAAc,GAAG,6BAAclB,eAAd,GAAgCM,cAAvD;AACA,SAAO;AACLa,IAAAA,OAAO,EAAE,KADJ;AAELC,IAAAA,iBAAiB,EAAEC,qBAFd;AAGLN,IAAAA,WAHK;AAILG,IAAAA;AAJK,GAAP;AAMD;;AAED,SAASI,YAAT,CAAsBC,OAAtB,EAA+Bf,IAA/B,EAAsD;AACpD,SAAOgB,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAlB,EAA2B,sBAAWf,IAAX,CAA3B,EAA6C;AAClDU,IAAAA,cAAc,EAAEM,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACL,cAA1B,EAA0CV,IAAI,CAACU,cAA/C;AADkC,GAA7C,CAAP;AAGD;;AAEM,SAASQ,YAAT,CAAsBlB,IAAqB,GAAG,EAA9C,EAAmE;AACxE,sCAAkBA,IAAlB;AACAA,EAAAA,IAAI,GAAGc,YAAY,CAACR,iBAAiB,EAAlB,EAAsBN,IAAtB,CAAnB;AACA,SAAO,sBAAW;AAChB;AACAmB,IAAAA,MAAM,EAAE,+BAAoBnB,IAAI,CAACmB,MAAzB,CAFQ;AAGhBC,IAAAA,QAAQ,EAAE,+BAAoBpB,IAAI,CAACoB,QAAzB,CAHM;AAIhBC,IAAAA,YAAY,EAAE,+BAAoBrB,IAAI,CAACqB,YAAzB,CAJE;AAKhBC,IAAAA,WAAW,EAAE,+BAAoBtB,IAAI,CAACsB,WAAzB,CALG;AAMhBC,IAAAA,SAAS,EAAE,+BAAoBvB,IAAI,CAACuB,SAAzB,CANK;AAOhBC,IAAAA,SAAS,EAAE,+BAAoBxB,IAAI,CAACwB,SAAzB,CAPK;AAQhBC,IAAAA,QAAQ,EAAEzB,IAAI,CAACyB,QARC;AAShBC,IAAAA,WAAW,EAAE1B,IAAI,CAAC0B,WATF;AAUhBC,IAAAA,KAAK,EAAE3B,IAAI,CAAC2B,KAVI;AAWhBC,IAAAA,MAAM,EAAE5B,IAAI,CAAC4B,MAXG;AAYhBC,IAAAA,qBAAqB,EAAE7B,IAAI,CAAC6B,qBAZZ;AAahBC,IAAAA,YAAY,EAAE9B,IAAI,CAAC8B,YAbH;AAchBC,IAAAA,YAAY,EAAE/B,IAAI,CAAC+B,YAdH;AAehBC,IAAAA,IAAI,EAAEhC,IAAI,CAACgC,IAAL,KAAc,KAAd,GAAsB,KAAtB,GAA8B,IAfpB;AAe0B;AAC1CC,IAAAA,sBAAsB,EAAEjC,IAAI,CAACiC,sBAhBb;AAkBhB;AACArB,IAAAA,iBAAiB,EAAEZ,IAAI,CAACY,iBAnBR;AAoBhBsB,IAAAA,iBAAiB,EAAElC,IAAI,CAACkC,iBApBR;AAqBhBC,IAAAA,kBAAkB,EAAEnC,IAAI,CAACmC,kBArBT;AAsBhBC,IAAAA,kBAAkB,EAAEpC,IAAI,CAACoC,kBAtBT;AAuBhB7B,IAAAA,WAAW,EAAEP,IAAI,CAACO,WAvBF;AAwBhB8B,IAAAA,OAAO,EAAErC,IAAI,CAACqC,OAxBE;AAyBhB1B,IAAAA,OAAO,EAAE,CAAC,CAACX,IAAI,CAACW,OAzBA;AA0BhBD,IAAAA,cAAc,EAAEV,IAAI,CAACU,cA1BL;AA2BhBP,IAAAA,OAAO,EAAE,6BAAcJ,iBAAiB,CAACC,IAAD,EAAO,wBAAP,CAA/B,GAAmDA,IAAI,CAACG,OA3BjD;AA6BhB;AACAmC,IAAAA,eAAe,EAAE,CAAC,CAACtC,IAAI,CAACsC,eA9BR;AAgChB;AACAC,IAAAA,YAAY,EAAEvC,IAAI,CAACuC;AAjCH,GAAX,CAAP;AAmCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { removeTrailingSlash, warn, removeNils } from './util';\nimport { assertValidConfig } from './builderUtil';\nimport { OktaAuthOptions, StorageManagerOptions } from './types';\n\nimport fetchRequest from './fetch/fetchRequest';\nimport browserStorage from './browser/browserStorage';\nimport serverStorage from './server/serverStorage';\nimport { isBrowser, isHTTPS } from './features';\n\nconst BROWSER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ],\n useMultipleCookies: true\n },\n cache: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n transaction: {\n storageTypes: [\n 'sessionStorage',\n 'localStorage',\n 'cookie'\n ]\n },\n 'shared-transaction': {\n storageTypes: [\n 'localStorage'\n ]\n }\n};\n\nconst SERVER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'memory'\n ]\n },\n cache: {\n storageTypes: [\n 'memory'\n ]\n },\n transaction: {\n storageTypes: [\n 'memory'\n ]\n }\n};\n\nfunction getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n // Secure cookies will be automatically used on a HTTPS connection\n // Non-secure cookies will be automatically used on a HTTP connection\n // secure option can override the automatic behavior\n var cookieSettings = args.cookies || {};\n if (typeof cookieSettings.secure === 'undefined') {\n cookieSettings.secure = isHTTPS;\n }\n if (typeof cookieSettings.sameSite === 'undefined') {\n cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n }\n\n // If secure=true, but the connection is not HTTPS, set secure=false.\n if (cookieSettings.secure && !isHTTPS) {\n // eslint-disable-next-line no-console\n warn(\n 'The current page is not being served with the HTTPS protocol.\\n' +\n 'For security reasons, we strongly recommend using HTTPS.\\n' +\n 'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n );\n cookieSettings.secure = false;\n }\n\n // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n cookieSettings.sameSite = 'lax';\n }\n\n return cookieSettings;\n}\n\n\nexport function getDefaultOptions(): OktaAuthOptions {\n const storageUtil = isBrowser() ? browserStorage : serverStorage;\n const storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;\n return {\n devMode: false,\n httpRequestClient: fetchRequest,\n storageUtil,\n storageManager\n };\n}\n\nfunction mergeOptions(options, args): OktaAuthOptions {\n return Object.assign({}, options, removeNils(args), {\n storageManager: Object.assign({}, options.storageManager, args.storageManager)\n });\n}\n\nexport function buildOptions(args: OktaAuthOptions = {}): OktaAuthOptions {\n assertValidConfig(args);\n args = mergeOptions(getDefaultOptions(), args);\n return removeNils({\n // OIDC configuration\n issuer: removeTrailingSlash(args.issuer),\n tokenUrl: removeTrailingSlash(args.tokenUrl),\n authorizeUrl: removeTrailingSlash(args.authorizeUrl),\n userinfoUrl: removeTrailingSlash(args.userinfoUrl),\n revokeUrl: removeTrailingSlash(args.revokeUrl),\n logoutUrl: removeTrailingSlash(args.logoutUrl),\n clientId: args.clientId,\n redirectUri: args.redirectUri,\n state: args.state,\n scopes: args.scopes,\n postLogoutRedirectUri: args.postLogoutRedirectUri,\n responseMode: args.responseMode,\n responseType: args.responseType,\n pkce: args.pkce === false ? false : true, // PKCE defaults to true\n useInteractionCodeFlow: args.useInteractionCodeFlow,\n\n // Internal options\n httpRequestClient: args.httpRequestClient,\n transformErrorXHR: args.transformErrorXHR,\n transformAuthState: args.transformAuthState,\n restoreOriginalUri: args.restoreOriginalUri,\n storageUtil: args.storageUtil,\n headers: args.headers,\n devMode: !!args.devMode,\n storageManager: args.storageManager,\n cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,\n\n // Give the developer the ability to disable token signature validation.\n ignoreSignature: !!args.ignoreSignature,\n\n // Server-side web applications\n clientSecret: args.clientSecret\n });\n}\n"],"file":"options.js"}
|