@okta/okta-auth-js 5.4.3 → 5.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +59 -4
- package/README.md +66 -977
- package/cjs/AuthStateManager.js +5 -0
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +74 -29
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/StorageManager.js +16 -0
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TransactionManager.js +44 -8
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +5 -5
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/builderUtil.js +6 -0
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/constants.js +5 -1
- package/cjs/constants.js.map +1 -1
- package/cjs/fetch/fetchRequest.js +10 -3
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/request.js +4 -0
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/interact.js +5 -2
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +24 -7
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/remediate.js +35 -41
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +7 -7
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +13 -7
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +6 -6
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +18 -14
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +14 -0
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/Identify.js +5 -2
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/run.js +28 -6
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/transactionMeta.js +24 -9
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js +5 -0
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +17 -6
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/oidc/getToken.js +14 -9
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getWithPopup.js +9 -2
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js +59 -20
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewTokens.js +28 -5
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/util/browser.js +1 -13
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +9 -5
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/urlParams.js +1 -1
- package/cjs/oidc/util/urlParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +8 -6
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/options.js +15 -2
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +2 -1
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +1 -3
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/api.js +3 -0
- package/cjs/tx/api.js.map +1 -1
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/util/emailVerify.js +28 -0
- package/cjs/util/emailVerify.js.map +1 -0
- package/cjs/util/index.js +13 -0
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/sharedStorage.js +54 -0
- package/cjs/util/sharedStorage.js.map +1 -0
- package/dist/okta-auth-js.min.js +2 -74
- package/dist/okta-auth-js.min.js.LICENSE.txt +32 -0
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.polyfill.js +2 -18
- package/dist/okta-auth-js.polyfill.js.LICENSE.txt +18 -0
- package/dist/okta-auth-js.polyfill.js.map +1 -1
- package/dist/okta-auth-js.umd.js +2 -74
- package/dist/okta-auth-js.umd.js.LICENSE.txt +32 -0
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/AuthStateManager.js +5 -0
- package/esm/AuthStateManager.js.map +1 -1
- package/esm/OktaAuth.js +75 -31
- package/esm/OktaAuth.js.map +1 -1
- package/esm/OktaUserAgent.js +2 -2
- package/esm/StorageManager.js +17 -1
- package/esm/StorageManager.js.map +1 -1
- package/esm/TransactionManager.js +43 -8
- package/esm/TransactionManager.js.map +1 -1
- package/esm/browser/browserStorage.js +5 -5
- package/esm/browser/browserStorage.js.map +1 -1
- package/esm/builderUtil.js +6 -0
- package/esm/builderUtil.js.map +1 -1
- package/esm/constants.js +2 -0
- package/esm/constants.js.map +1 -1
- package/esm/fetch/fetchRequest.js +10 -3
- package/esm/fetch/fetchRequest.js.map +1 -1
- package/esm/http/request.js +4 -0
- package/esm/http/request.js.map +1 -1
- package/esm/idx/interact.js +5 -2
- package/esm/idx/interact.js.map +1 -1
- package/esm/idx/introspect.js +22 -6
- package/esm/idx/introspect.js.map +1 -1
- package/esm/idx/remediate.js +36 -37
- package/esm/idx/remediate.js.map +1 -1
- package/esm/idx/remediators/Base/AuthenticatorData.js +7 -7
- package/esm/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/esm/idx/remediators/Base/Remediator.js +13 -8
- package/esm/idx/remediators/Base/Remediator.js.map +1 -1
- package/esm/idx/remediators/Base/SelectAuthenticator.js +6 -6
- package/esm/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/esm/idx/remediators/Base/VerifyAuthenticator.js +18 -15
- package/esm/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/esm/idx/remediators/EnrollProfile.js +21 -4
- package/esm/idx/remediators/EnrollProfile.js.map +1 -1
- package/esm/idx/remediators/Identify.js +4 -2
- package/esm/idx/remediators/Identify.js.map +1 -1
- package/esm/idx/remediators/ReEnrollAuthenticator.js +1 -1
- package/esm/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/esm/idx/run.js +27 -6
- package/esm/idx/run.js.map +1 -1
- package/esm/idx/transactionMeta.js +23 -10
- package/esm/idx/transactionMeta.js.map +1 -1
- package/esm/idx/types/idx-js.js +3 -0
- package/esm/idx/types/idx-js.js.map +1 -1
- package/esm/idx/types/index.js +15 -5
- package/esm/idx/types/index.js.map +1 -1
- package/esm/oidc/getToken.js +15 -10
- package/esm/oidc/getToken.js.map +1 -1
- package/esm/oidc/getWithPopup.js +8 -2
- package/esm/oidc/getWithPopup.js.map +1 -1
- package/esm/oidc/getWithRedirect.js.map +1 -1
- package/esm/oidc/parseFromUrl.js +59 -17
- package/esm/oidc/parseFromUrl.js.map +1 -1
- package/esm/oidc/renewTokens.js +27 -5
- package/esm/oidc/renewTokens.js.map +1 -1
- package/esm/oidc/util/browser.js +1 -12
- package/esm/oidc/util/browser.js.map +1 -1
- package/esm/oidc/util/loginRedirect.js +9 -5
- package/esm/oidc/util/loginRedirect.js.map +1 -1
- package/esm/oidc/util/urlParams.js +1 -1
- package/esm/oidc/util/urlParams.js.map +1 -1
- package/esm/oidc/util/validateClaims.js +8 -6
- package/esm/oidc/util/validateClaims.js.map +1 -1
- package/esm/options.js +15 -2
- package/esm/options.js.map +1 -1
- package/esm/server/serverStorage.js +2 -1
- package/esm/server/serverStorage.js.map +1 -1
- package/esm/tx/AuthTransaction.js +1 -3
- package/esm/tx/AuthTransaction.js.map +1 -1
- package/esm/tx/api.js +3 -0
- package/esm/tx/api.js.map +1 -1
- package/esm/types/Transaction.js.map +1 -1
- package/esm/util/emailVerify.js +21 -0
- package/esm/util/emailVerify.js.map +1 -0
- package/esm/util/index.js +1 -0
- package/esm/util/index.js.map +1 -1
- package/esm/util/sharedStorage.js +43 -0
- package/esm/util/sharedStorage.js.map +1 -0
- package/lib/AuthStateManager.d.ts +4 -2
- package/lib/OktaAuth.d.ts +9 -5
- package/lib/StorageManager.d.ts +2 -0
- package/lib/TransactionManager.d.ts +5 -1
- package/lib/constants.d.ts +2 -0
- package/lib/crypto/base64.d.ts +2 -2
- package/lib/crypto/oidcHash.d.ts +1 -1
- package/lib/crypto/verifyToken.d.ts +1 -1
- package/lib/idx/introspect.d.ts +2 -1
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +2 -5
- package/lib/idx/remediators/Base/Remediator.d.ts +3 -6
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +3 -6
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +1 -1
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -0
- package/lib/idx/remediators/Identify.d.ts +1 -5
- package/lib/idx/run.d.ts +1 -0
- package/lib/idx/transactionMeta.d.ts +4 -3
- package/lib/idx/types/idx-js.d.ts +2 -0
- package/lib/idx/types/index.d.ts +20 -9
- package/lib/oidc/getToken.d.ts +2 -2
- package/lib/oidc/parseFromUrl.d.ts +4 -1
- package/lib/oidc/renewTokens.d.ts +0 -12
- package/lib/oidc/util/loginRedirect.d.ts +1 -1
- package/lib/types/AuthState.d.ts +1 -0
- package/lib/types/OktaAuthOptions.d.ts +2 -1
- package/lib/types/Storage.d.ts +3 -0
- package/lib/types/Transaction.d.ts +5 -1
- package/lib/types/api.d.ts +9 -4
- package/lib/types/http.d.ts +1 -0
- package/lib/util/emailVerify.d.ts +17 -0
- package/lib/util/index.d.ts +1 -0
- package/lib/util/sharedStorage.d.ts +6 -0
- package/package.json +12 -10
|
@@ -16,6 +16,7 @@ function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { va
|
|
|
16
16
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
17
17
|
*/
|
|
18
18
|
import { Remediator } from './Base/Remediator';
|
|
19
|
+
import { AuthenticatorKey } from '../types';
|
|
19
20
|
export class Identify extends Remediator {
|
|
20
21
|
constructor(remediation, values) {
|
|
21
22
|
super(remediation, values); // add password authenticator to authenticators list if password is provided
|
|
@@ -33,7 +34,8 @@ export class Identify extends Remediator {
|
|
|
33
34
|
if (password && !authenticators.some(authenticator => authenticator.type === 'password')) {
|
|
34
35
|
this.values = _objectSpread(_objectSpread({}, this.values), {}, {
|
|
35
36
|
authenticators: [{
|
|
36
|
-
type: 'password'
|
|
37
|
+
type: 'password',
|
|
38
|
+
key: AuthenticatorKey.OKTA_PASSWORD
|
|
37
39
|
}, ...authenticators]
|
|
38
40
|
});
|
|
39
41
|
}
|
|
@@ -70,7 +72,7 @@ export class Identify extends Remediator {
|
|
|
70
72
|
})) {
|
|
71
73
|
var _this$values$authenti;
|
|
72
74
|
|
|
73
|
-
var authenticators = (_this$values$authenti = this.values.authenticators) === null || _this$values$authenti === void 0 ? void 0 : _this$values$authenti.filter(authenticator => authenticator.
|
|
75
|
+
var authenticators = (_this$values$authenti = this.values.authenticators) === null || _this$values$authenti === void 0 ? void 0 : _this$values$authenti.filter(authenticator => authenticator.key !== AuthenticatorKey.OKTA_PASSWORD);
|
|
74
76
|
return _objectSpread(_objectSpread({}, this.values), {}, {
|
|
75
77
|
authenticators
|
|
76
78
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/remediators/Identify.ts"],"names":["Remediator","Identify","constructor","remediation","values","password","authenticators","some","authenticator","type","canRemediate","identifier","getData","mapCredentials","passcode","getInputCredentials","input","form","value","name","required","getValuesAfterProceed","filter"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,UAAT,QAA8C,mBAA9C;
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/remediators/Identify.ts"],"names":["Remediator","AuthenticatorKey","Identify","constructor","remediation","values","password","authenticators","some","authenticator","type","key","OKTA_PASSWORD","canRemediate","identifier","getData","mapCredentials","passcode","getInputCredentials","input","form","value","name","required","getValuesAfterProceed","filter"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,UAAT,QAA8C,mBAA9C;AACA,SAAwBC,gBAAxB,QAAgD,UAAhD;AAQA,OAAO,MAAMC,QAAN,SAAuBF,UAAvB,CAAkC;AAUvCG,EAAAA,WAAW,CAACC,WAAD,EAA8BC,MAA9B,EAAuD;AAChE,UAAMD,WAAN,EAAmBC,MAAnB,EADgE,CAGhE;;AAHgE,iCAL5D;AACJ,oBAAc,CAAC,UAAD,CADV;AAEJ,qBAAe;AAFX,KAK4D;;AAIhE,QAAM;AAAEC,MAAAA,QAAF;AAAYC,MAAAA;AAAZ,QAA+B,KAAKF,MAA1C;;AACA,QAAIC,QAAQ,IAAI,CAACC,cAAc,CAACC,IAAf,CAAoBC,aAAa,IAAIA,aAAa,CAACC,IAAd,KAAuB,UAA5D,CAAjB,EAA0F;AACxF,WAAKL,MAAL,mCACK,KAAKA,MADV;AAEEE,QAAAA,cAAc,EAAE,CACd;AACEG,UAAAA,IAAI,EAAE,UADR;AAEEC,UAAAA,GAAG,EAAEV,gBAAgB,CAACW;AAFxB,SADc,EAKd,GAAGL,cALW;AAFlB;AAUD;AACF;;AAEDM,EAAAA,YAAY,GAAG;AACb,QAAM;AAAEC,MAAAA;AAAF,QAAiB,KAAKC,OAAL,EAAvB;AACA,WAAO,CAAC,CAACD,UAAT;AACD;;AAEDE,EAAAA,cAAc,GAAG;AACf,WAAO;AAAEC,MAAAA,QAAQ,EAAE,KAAKZ,MAAL,CAAYC;AAAxB,KAAP;AACD;;AAEDY,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AACzB,2CACKA,KAAK,CAACC,IAAN,CAAWC,KAAX,CAAiB,CAAjB,CADL;AAEEC,MAAAA,IAAI,EAAE,UAFR;AAGEC,MAAAA,QAAQ,EAAEJ,KAAK,CAACI;AAHlB;AAKD;;AAEDC,EAAAA,qBAAqB,GAAG;AACtB;AACA;AACA,QAAI,KAAKpB,WAAL,CAAiBiB,KAAjB,CAAuBb,IAAvB,CAA4B;AAAA,UAAC;AAAEc,QAAAA;AAAF,OAAD;AAAA,aAAcA,IAAI,KAAK,aAAvB;AAAA,KAA5B,CAAJ,EAAuE;AAAA;;AACrE,UAAMf,cAAc,4BAAI,KAAKF,MAAL,CAAYE,cAAhB,0DAAG,sBACnBkB,MADmB,CACZhB,aAAa,IAAIA,aAAa,CAACE,GAAd,KAAsBV,gBAAgB,CAACW,aAD5C,CAAvB;AAEA,6CAAY,KAAKP,MAAjB;AAAyBE,QAAAA;AAAzB;AACD;;AAED,WAAO,MAAMiB,qBAAN,EAAP;AACD;;AAxDsC;;gBAA5BtB,Q,qBACc,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { Authenticator, AuthenticatorKey } from '../types';\nimport { IdxRemediation } from '../types/idx-js';\n\nexport interface IdentifyValues extends RemediationValues {\n username?: string;\n password?: string;\n}\n\nexport class Identify extends Remediator {\n static remediationName = 'identify';\n\n values: IdentifyValues;\n\n map = {\n 'identifier': ['username'],\n 'credentials': []\n };\n\n constructor(remediation: IdxRemediation, values?: IdentifyValues) {\n super(remediation, values);\n\n // add password authenticator to authenticators list if password is provided\n const { password, authenticators } = this.values;\n if (password && !authenticators.some(authenticator => authenticator.type === 'password')) {\n this.values = {\n ...this.values,\n authenticators: [\n { \n type: 'password',\n key: AuthenticatorKey.OKTA_PASSWORD\n }, \n ...authenticators\n ] as Authenticator[]\n };\n }\n }\n\n canRemediate() {\n const { identifier } = this.getData();\n return !!identifier;\n }\n\n mapCredentials() {\n return { passcode: this.values.password };\n }\n\n getInputCredentials(input) {\n return {\n ...input.form.value[0],\n name: 'password',\n required: input.required\n };\n }\n\n getValuesAfterProceed() {\n // Handle username + password scenario\n // remove \"password\" from authenticator array when remediation is finished\n if (this.remediation.value.some(({ name }) => name === 'credentials')) {\n const authenticators = (this.values.authenticators as Authenticator[])\n ?.filter(authenticator => authenticator.key !== AuthenticatorKey.OKTA_PASSWORD);\n return { ...this.values, authenticators };\n }\n\n return super.getValuesAfterProceed();\n }\n}\n"],"file":"Identify.js"}
|
|
@@ -32,7 +32,7 @@ export class ReEnrollAuthenticator extends Remediator {
|
|
|
32
32
|
}
|
|
33
33
|
|
|
34
34
|
getInputCredentials(input) {
|
|
35
|
-
var challengeType = this.
|
|
35
|
+
var challengeType = this.getAuthenticator().type;
|
|
36
36
|
var name = challengeType === 'password' ? 'newPassword' : 'verificationCode';
|
|
37
37
|
return _objectSpread(_objectSpread({}, input.form.value[0]), {}, {
|
|
38
38
|
name
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/remediators/ReEnrollAuthenticator.ts"],"names":["Remediator","ReEnrollAuthenticator","mapCredentials","passcode","values","newPassword","getInputCredentials","input","challengeType","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/remediators/ReEnrollAuthenticator.ts"],"names":["Remediator","ReEnrollAuthenticator","mapCredentials","passcode","values","newPassword","getInputCredentials","input","challengeType","getAuthenticator","type","name","form","value"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,UAAT,QAA8C,mBAA9C;AAMA,OAAO,MAAMC,qBAAN,SAAoCD,UAApC,CAA+C;AAAA;AAAA;;AAAA,iCAK9C;AACJ,qBAAe;AADX,KAL8C;AAAA;;AASpDE,EAAAA,cAAc,GAAG;AACf,WAAO;AACLC,MAAAA,QAAQ,EAAE,KAAKC,MAAL,CAAYC;AADjB,KAAP;AAGD;;AAEDC,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AACzB,QAAMC,aAAa,GAAG,KAAKC,gBAAL,GAAwBC,IAA9C;AACA,QAAMC,IAAI,GAAGH,aAAa,KAAK,UAAlB,GAA+B,aAA/B,GAA+C,kBAA5D;AACA,2CACKD,KAAK,CAACK,IAAN,CAAWC,KAAX,CAAiB,CAAjB,CADL;AAEEF,MAAAA;AAFF;AAID;;AAtBmD;;gBAAzCV,qB,qBACc,wB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface ReEnrollAuthenticatorValues extends RemediationValues {\n newPassword?: string;\n}\n\nexport class ReEnrollAuthenticator extends Remediator {\n static remediationName = 'reenroll-authenticator';\n\n values: ReEnrollAuthenticatorValues;\n\n map = {\n 'credentials': []\n };\n\n mapCredentials() {\n return { \n passcode: this.values.newPassword,\n };\n }\n\n getInputCredentials(input) {\n const challengeType = this.getAuthenticator().type;\n const name = challengeType === 'password' ? 'newPassword' : 'verificationCode';\n return {\n ...input.form.value[0],\n name\n };\n }\n\n}\n"],"file":"ReEnrollAuthenticator.js"}
|
package/esm/idx/run.js
CHANGED
|
@@ -24,6 +24,7 @@ import { remediate } from './remediate';
|
|
|
24
24
|
import * as remediators from './remediators';
|
|
25
25
|
import { AuthSdkError } from '../errors';
|
|
26
26
|
import { IdxStatus, IdxFeature } from '../types';
|
|
27
|
+
import { getSavedTransactionMeta } from './transactionMeta';
|
|
27
28
|
|
|
28
29
|
function getEnabledFeatures(idxResponse) {
|
|
29
30
|
var res = [];
|
|
@@ -95,16 +96,35 @@ function _run() {
|
|
|
95
96
|
var availableSteps;
|
|
96
97
|
var status = IdxStatus.PENDING;
|
|
97
98
|
var shouldClearTransaction = false;
|
|
99
|
+
var idxResponse;
|
|
100
|
+
var interactionHandle;
|
|
101
|
+
var metaFromResp;
|
|
98
102
|
|
|
99
103
|
try {
|
|
100
|
-
// Start/resume the flow
|
|
101
104
|
var {
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
} =
|
|
105
|
+
stateTokenExternalId,
|
|
106
|
+
state
|
|
107
|
+
} = options;
|
|
108
|
+
|
|
109
|
+
if (stateTokenExternalId) {
|
|
110
|
+
var _metaFromResp;
|
|
111
|
+
|
|
112
|
+
// Email verify callback: retrieve saved interactionHandle, if possible
|
|
113
|
+
metaFromResp = getSavedTransactionMeta(authClient, {
|
|
114
|
+
state
|
|
115
|
+
});
|
|
116
|
+
interactionHandle = (_metaFromResp = metaFromResp) === null || _metaFromResp === void 0 ? void 0 : _metaFromResp.interactionHandle; // may be undefined
|
|
117
|
+
} else {
|
|
118
|
+
// Start/resume the flow. Will request a new interactionHandle if none is found in storage.
|
|
119
|
+
var interactResponse = yield interact(authClient, options);
|
|
120
|
+
interactionHandle = interactResponse.interactionHandle;
|
|
121
|
+
metaFromResp = interactResponse.meta;
|
|
122
|
+
} // Introspect to get idx response
|
|
105
123
|
|
|
106
|
-
|
|
107
|
-
|
|
124
|
+
|
|
125
|
+
idxResponse = yield introspect(authClient, {
|
|
126
|
+
interactionHandle,
|
|
127
|
+
stateTokenExternalId
|
|
108
128
|
});
|
|
109
129
|
|
|
110
130
|
if (!options.flow && !options.actions) {
|
|
@@ -179,6 +199,7 @@ function _run() {
|
|
|
179
199
|
}
|
|
180
200
|
|
|
181
201
|
return _objectSpread(_objectSpread(_objectSpread(_objectSpread(_objectSpread(_objectSpread(_objectSpread({
|
|
202
|
+
_idxResponse: idxResponse,
|
|
182
203
|
status
|
|
183
204
|
}, meta && {
|
|
184
205
|
meta
|
package/esm/idx/run.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["interact","introspect","remediate","remediators","AuthSdkError","IdxStatus","IdxFeature","getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediations","remediatorMap","Object","values","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","PENDING","shouldClearTransaction","interactionHandle","metaFromResp","flow","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","transactionManager","saveIdxResponse","TERMINAL","CANCELED","interactionCode","flowMonitor","isFinished","clientId","codeVerifier","ignoreSignature","redirectUri","urls","scopes","token","exchangeCodeForTokens","SUCCESS","err","FAILURE","clear"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,QAAT,QAAyB,YAAzB;AACA,SAASC,UAAT,QAA2B,cAA3B;AACA,SAASC,SAAT,QAA0B,aAA1B;AAEA,OAAO,KAAKC,WAAZ,MAA6B,eAA7B;AACA,SAASC,YAAT,QAA6B,WAA7B;AACA,SAGEC,SAHF,EAKEC,UALF,QAOO,UAPP;;AAiBA,SAASC,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,MAAMC,GAAG,GAAG,EAAZ;AACA,MAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASN,UAAU,CAACO,iBAApB;AACD;;AAED,MAAIF,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,uBAAvB;AAAA,GAArB,CAAJ,EAA0E;AACxEN,IAAAA,GAAG,CAACG,IAAJ,CAASN,UAAU,CAACU,YAApB;AACD;;AAED,MAAIL,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,cAAvB;AAAA,GAArB,CAAJ,EAAiE;AAC/DN,IAAAA,GAAG,CAACG,IAAJ,CAASN,UAAU,CAACW,UAApB;AACD;;AAED,SAAOR,GAAP;AACD;;AAED,SAASS,iBAAT,CAA2BC,YAA3B,EAAuE;AACrE,MAAMV,GAAG,GAAG,EAAZ;AAEA,MAAMW,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcnB,WAAd,EAA2BoB,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBR,YAAxB,EAAsC;AACpC,QAAMS,CAAC,GAAGR,aAAa,CAACO,WAAW,CAACZ,IAAb,CAAvB;;AACA,QAAIa,CAAJ,EAAO;AACL,UAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACAlB,MAAAA,GAAG,CAACG,IAAJ,CAAUiB,UAAU,CAACC,WAAX,EAAV;AACD;AACF;;AAED,SAAOrB,GAAP;AACD;;AAED,gBAAsBsB,GAAtB;AAAA;AAAA;;;2BAAO,WACLC,UADK,EAELC,OAFK,EAGoB;AACzB,QAAIC,MAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,KAAJ;AACA,QAAIC,IAAJ;AACA,QAAIC,eAAJ;AACA,QAAIC,cAAJ;AACA,QAAIC,MAAM,GAAGpC,SAAS,CAACqC,OAAvB;AACA,QAAIC,sBAAsB,GAAG,KAA7B;;AAEA,QAAI;AACF;AACA,UAAM;AAAEC,QAAAA,iBAAF;AAAqBN,QAAAA,IAAI,EAAEO;AAA3B,gBAAkD7C,QAAQ,CAACgC,UAAD,EAAaC,OAAb,CAAhE,CAFE,CAIF;;AACA,UAAMzB,WAAW,SAASP,UAAU,CAAC+B,UAAD,EAAa;AAAEY,QAAAA;AAAF,OAAb,CAApC;;AAEA,UAAI,CAACX,OAAO,CAACa,IAAT,IAAiB,CAACb,OAAO,CAACvB,OAA9B,EAAuC;AACrC;AACA4B,QAAAA,IAAI,GAAGO,YAAP;AACAN,QAAAA,eAAe,GAAGhC,kBAAkB,CAACC,WAAD,CAApC;AACAgC,QAAAA,cAAc,GAAGtB,iBAAiB,CAACV,WAAW,CAACG,eAAb,CAAlC;AACD,OALD,MAKO;AACL,YAAMW,MAAqC,mCACtCW,OADsC;AAEzCc,UAAAA,WAAW,EAAEvC,WAAW,CAACwC,WAAZ,CAAwBD;AAFI,UAA3C,CADK,CAML;;;AACA,YAAM;AACJvC,UAAAA,WAAW,EAAEyC,mBADT;AAEJd,UAAAA,QAAQ,EAAEe,gBAFN;AAGJC,UAAAA,QAHI;AAIJC,UAAAA,QAJI;AAKJhB,UAAAA,QAAQ,EAAEiB;AALN,kBAMInD,SAAS,CAACM,WAAD,EAAcc,MAAd,EAAsBW,OAAtB,CANnB,CAPK,CAeL;;AACAE,QAAAA,QAAQ,GAAGe,gBAAX;AACAd,QAAAA,QAAQ,GAAGiB,gBAAX,CAjBK,CAmBL;;AACA,YAAIlB,QAAQ,IAAIc,mBAAhB,EAAqC;AACnCjB,UAAAA,UAAU,CAACsB,kBAAX,CAA8BC,eAA9B,CAA8CN,mBAAmB,CAACD,WAAlE;AACD;;AAED,YAAIG,QAAJ,EAAc;AACZV,UAAAA,MAAM,GAAGpC,SAAS,CAACmD,QAAnB;AACAb,UAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAAC,YAAIS,QAAJ,EAAc;AACdX,UAAAA,MAAM,GAAGpC,SAAS,CAACoD,QAAnB;AACAd,UAAAA,sBAAsB,GAAG,IAAzB;AACD,SAHC,MAGK,IAAIM,mBAAJ,aAAIA,mBAAJ,eAAIA,mBAAmB,CAAES,eAAzB,EAA0C;AAC/C;AACA;AACA,cAAI,QAAQzB,OAAO,CAAC0B,WAAR,CAAoBC,UAApB,EAAR,CAAJ,EAA+C;AAC7C,kBAAM,IAAIxD,YAAJ,CAAiB,mEAAjB,CAAN;AACD;;AAED,cAAM;AACJyD,YAAAA,QADI;AAEJC,YAAAA,YAFI;AAGJC,YAAAA,eAHI;AAIJC,YAAAA,WAJI;AAKJC,YAAAA,IALI;AAMJC,YAAAA;AANI,cAOFrB,YAPJ;AAQAX,UAAAA,MAAM,SAASF,UAAU,CAACmC,KAAX,CAAiBC,qBAAjB,CAAuC;AACpDV,YAAAA,eAAe,EAAET,mBAAmB,CAACS,eADe;AAEpDG,YAAAA,QAFoD;AAGpDC,YAAAA,YAHoD;AAIpDC,YAAAA,eAJoD;AAKpDC,YAAAA,WALoD;AAMpDE,YAAAA;AANoD,WAAvC,EAOZD,IAPY,CAAf;AASAxB,UAAAA,MAAM,GAAGpC,SAAS,CAACgE,OAAnB;AACA1B,UAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF,KAtED,CAsEE,OAAO2B,GAAP,EAAY;AACZjC,MAAAA,KAAK,GAAGiC,GAAR;AACA7B,MAAAA,MAAM,GAAGpC,SAAS,CAACkE,OAAnB;AACA5B,MAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAED,QAAIA,sBAAJ,EAA4B;AAC1BX,MAAAA,UAAU,CAACsB,kBAAX,CAA8BkB,KAA9B;AACD;;AAED;AACE/B,MAAAA;AADF,OAEMH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAFd,GAGMC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAHzB,GAIMC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KAJxB,GAKMN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KALhB,GAMMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KANlB,GAOMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAPlB,GAQMC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KARf;AAUD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { FlowMonitor } from './flowMonitors';\nimport * as remediators from './remediators';\nimport { AuthSdkError } from '../errors';\nimport { \n OktaAuth,\n IdxOptions,\n IdxStatus,\n IdxTransaction,\n IdxFeature,\n NextStep,\n} from '../types';\nimport { IdxResponse, IdxRemediation } from './types/idx-js';\n\nexport type RemediationFlow = Record<string, typeof remediators.Remediator>;\nexport interface RunOptions {\n flow?: RemediationFlow;\n actions?: string[];\n flowMonitor?: FlowMonitor;\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n const res = [];\n const { actions, neededToProceed } = idxResponse;\n\n if (actions['currentAuthenticator-recover']) {\n res.push(IdxFeature.PASSWORD_RECOVERY);\n }\n\n if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n res.push(IdxFeature.REGISTRATION);\n }\n\n if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n res.push(IdxFeature.SOCIAL_IDP);\n }\n\n return res;\n}\n\nfunction getAvailableSteps(remediations: IdxRemediation[]): NextStep[] {\n const res = [];\n\n const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n // Only add concrete subclasses to the map\n if (remediatorClass.remediationName) {\n map[remediatorClass.remediationName] = remediatorClass;\n }\n return map;\n }, {});\n\n for (let remediation of remediations) {\n const T = remediatorMap[remediation.name];\n if (T) {\n const remediator = new T(remediation);\n res.push (remediator.getNextStep());\n }\n }\n\n return res;\n}\n\nexport async function run(\n authClient: OktaAuth, \n options: RunOptions & IdxOptions,\n): Promise<IdxTransaction> {\n let tokens;\n let nextStep;\n let messages;\n let error;\n let meta;\n let enabledFeatures;\n let availableSteps;\n let status = IdxStatus.PENDING;\n let shouldClearTransaction = false;\n\n try {\n // Start/resume the flow\n const { interactionHandle, meta: metaFromResp } = await interact(authClient, options); \n\n // Introspect to get idx response\n const idxResponse = await introspect(authClient, { interactionHandle });\n\n if (!options.flow && !options.actions) {\n // handle start transaction\n meta = metaFromResp;\n enabledFeatures = getEnabledFeatures(idxResponse);\n availableSteps = getAvailableSteps(idxResponse.neededToProceed);\n } else {\n const values: remediators.RemediationValues = { \n ...options, \n stateHandle: idxResponse.rawIdxState.stateHandle \n };\n\n // Can we handle the remediations?\n const { \n idxResponse: idxResponseFromResp, \n nextStep: nextStepFromResp,\n terminal,\n canceled,\n messages: messagesFromResp,\n } = await remediate(idxResponse, values, options);\n\n // Track fields from remediation response\n nextStep = nextStepFromResp;\n messages = messagesFromResp;\n\n // Save intermediate idx response in storage to reduce introspect call\n if (nextStep && idxResponseFromResp) {\n authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);\n }\n\n if (terminal) {\n status = IdxStatus.TERMINAL;\n shouldClearTransaction = true;\n } if (canceled) {\n status = IdxStatus.CANCELED;\n shouldClearTransaction = true;\n } else if (idxResponseFromResp?.interactionCode) { \n // Flows may end with interactionCode before the key remediation being hit\n // Double check if flow is finished to mitigate confusion with the wrapper methods\n if (!(await options.flowMonitor.isFinished())) {\n throw new AuthSdkError('Current flow is not supported, check policy settings in your org.');\n }\n\n const {\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n urls,\n scopes,\n } = metaFromResp;\n tokens = await authClient.token.exchangeCodeForTokens({\n interactionCode: idxResponseFromResp.interactionCode,\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n scopes\n }, urls);\n\n status = IdxStatus.SUCCESS;\n shouldClearTransaction = true;\n }\n }\n } catch (err) {\n error = err;\n status = IdxStatus.FAILURE;\n shouldClearTransaction = true;\n }\n\n if (shouldClearTransaction) {\n authClient.transactionManager.clear();\n }\n \n return {\n status,\n ...(meta && { meta }),\n ...(enabledFeatures && { enabledFeatures }),\n ...(availableSteps && { availableSteps }),\n ...(tokens && { tokens: tokens.tokens }),\n ...(nextStep && { nextStep }),\n ...(messages && { messages }),\n ...(error && { error }),\n };\n}\n"],"file":"run.js"}
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["interact","introspect","remediate","remediators","AuthSdkError","IdxStatus","IdxFeature","getSavedTransactionMeta","getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediations","remediatorMap","Object","values","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","PENDING","shouldClearTransaction","interactionHandle","metaFromResp","stateTokenExternalId","state","interactResponse","flow","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","transactionManager","saveIdxResponse","TERMINAL","CANCELED","interactionCode","flowMonitor","isFinished","clientId","codeVerifier","ignoreSignature","redirectUri","urls","scopes","token","exchangeCodeForTokens","SUCCESS","err","FAILURE","clear","_idxResponse"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,QAAT,QAAyB,YAAzB;AACA,SAASC,UAAT,QAA2B,cAA3B;AACA,SAASC,SAAT,QAA0B,aAA1B;AAEA,OAAO,KAAKC,WAAZ,MAA6B,eAA7B;AACA,SAASC,YAAT,QAA6B,WAA7B;AACA,SAGEC,SAHF,EAKEC,UALF,QAOO,UAPP;AASA,SAASC,uBAAT,QAAwC,mBAAxC;;AAUA,SAASC,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,MAAMC,GAAG,GAAG,EAAZ;AACA,MAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASP,UAAU,CAACQ,iBAApB;AACD;;AAED,MAAIF,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,uBAAvB;AAAA,GAArB,CAAJ,EAA0E;AACxEN,IAAAA,GAAG,CAACG,IAAJ,CAASP,UAAU,CAACW,YAApB;AACD;;AAED,MAAIL,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,cAAvB;AAAA,GAArB,CAAJ,EAAiE;AAC/DN,IAAAA,GAAG,CAACG,IAAJ,CAASP,UAAU,CAACY,UAApB;AACD;;AAED,SAAOR,GAAP;AACD;;AAED,SAASS,iBAAT,CAA2BC,YAA3B,EAAuE;AACrE,MAAMV,GAAG,GAAG,EAAZ;AAEA,MAAMW,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcpB,WAAd,EAA2BqB,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBR,YAAxB,EAAsC;AACpC,QAAMS,CAAC,GAAGR,aAAa,CAACO,WAAW,CAACZ,IAAb,CAAvB;;AACA,QAAIa,CAAJ,EAAO;AACL,UAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACAlB,MAAAA,GAAG,CAACG,IAAJ,CAAUiB,UAAU,CAACC,WAAX,EAAV;AACD;AACF;;AAED,SAAOrB,GAAP;AACD;;AAED,gBAAsBsB,GAAtB;AAAA;AAAA;;;2BAAO,WACLC,UADK,EAELC,OAFK,EAGoB;AACzB,QAAIC,MAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,KAAJ;AACA,QAAIC,IAAJ;AACA,QAAIC,eAAJ;AACA,QAAIC,cAAJ;AACA,QAAIC,MAAM,GAAGrC,SAAS,CAACsC,OAAvB;AACA,QAAIC,sBAAsB,GAAG,KAA7B;AACA,QAAInC,WAAJ;AACA,QAAIoC,iBAAJ;AACA,QAAIC,YAAJ;;AAEA,QAAI;AAEF,UAAM;AAAEC,QAAAA,oBAAF;AAAwBC,QAAAA;AAAxB,UAAkCd,OAAxC;;AACA,UAAIa,oBAAJ,EAA0B;AAAA;;AACxB;AACAD,QAAAA,YAAY,GAAGvC,uBAAuB,CAAC0B,UAAD,EAAa;AAAEe,UAAAA;AAAF,SAAb,CAAtC;AACAH,QAAAA,iBAAiB,oBAAGC,YAAH,kDAAG,cAAcD,iBAAlC,CAHwB,CAG6B;AACtD,OAJD,MAIO;AACL;AACA,YAAMI,gBAAgB,SAASjD,QAAQ,CAACiC,UAAD,EAAaC,OAAb,CAAvC;AACAW,QAAAA,iBAAiB,GAAGI,gBAAgB,CAACJ,iBAArC;AACAC,QAAAA,YAAY,GAAGG,gBAAgB,CAACV,IAAhC;AACD,OAZC,CAcF;;;AACA9B,MAAAA,WAAW,SAASR,UAAU,CAACgC,UAAD,EAAa;AAAEY,QAAAA,iBAAF;AAAqBE,QAAAA;AAArB,OAAb,CAA9B;;AAEA,UAAI,CAACb,OAAO,CAACgB,IAAT,IAAiB,CAAChB,OAAO,CAACvB,OAA9B,EAAuC;AACrC;AACA4B,QAAAA,IAAI,GAAGO,YAAP;AACAN,QAAAA,eAAe,GAAGhC,kBAAkB,CAACC,WAAD,CAApC;AACAgC,QAAAA,cAAc,GAAGtB,iBAAiB,CAACV,WAAW,CAACG,eAAb,CAAlC;AACD,OALD,MAKO;AACL,YAAMW,MAAqC,mCACtCW,OADsC;AAEzCiB,UAAAA,WAAW,EAAE1C,WAAW,CAAC2C,WAAZ,CAAwBD;AAFI,UAA3C,CADK,CAML;;;AACA,YAAM;AACJ1C,UAAAA,WAAW,EAAE4C,mBADT;AAEJjB,UAAAA,QAAQ,EAAEkB,gBAFN;AAGJC,UAAAA,QAHI;AAIJC,UAAAA,QAJI;AAKJnB,UAAAA,QAAQ,EAAEoB;AALN,kBAMIvD,SAAS,CAACO,WAAD,EAAcc,MAAd,EAAsBW,OAAtB,CANnB,CAPK,CAeL;;AACAE,QAAAA,QAAQ,GAAGkB,gBAAX;AACAjB,QAAAA,QAAQ,GAAGoB,gBAAX,CAjBK,CAmBL;;AACA,YAAIrB,QAAQ,IAAIiB,mBAAhB,EAAqC;AACnCpB,UAAAA,UAAU,CAACyB,kBAAX,CAA8BC,eAA9B,CAA8CN,mBAAmB,CAACD,WAAlE;AACD;;AAED,YAAIG,QAAJ,EAAc;AACZb,UAAAA,MAAM,GAAGrC,SAAS,CAACuD,QAAnB;AACAhB,UAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAAC,YAAIY,QAAJ,EAAc;AACdd,UAAAA,MAAM,GAAGrC,SAAS,CAACwD,QAAnB;AACAjB,UAAAA,sBAAsB,GAAG,IAAzB;AACD,SAHC,MAGK,IAAIS,mBAAJ,aAAIA,mBAAJ,eAAIA,mBAAmB,CAAES,eAAzB,EAA0C;AAC/C;AACA;AACA,cAAI,QAAQ5B,OAAO,CAAC6B,WAAR,CAAoBC,UAApB,EAAR,CAAJ,EAA+C;AAC7C,kBAAM,IAAI5D,YAAJ,CAAiB,mEAAjB,CAAN;AACD;;AAED,cAAM;AACJ6D,YAAAA,QADI;AAEJC,YAAAA,YAFI;AAGJC,YAAAA,eAHI;AAIJC,YAAAA,WAJI;AAKJC,YAAAA,IALI;AAMJC,YAAAA;AANI,cAOFxB,YAPJ;AAQAX,UAAAA,MAAM,SAASF,UAAU,CAACsC,KAAX,CAAiBC,qBAAjB,CAAuC;AACpDV,YAAAA,eAAe,EAAET,mBAAmB,CAACS,eADe;AAEpDG,YAAAA,QAFoD;AAGpDC,YAAAA,YAHoD;AAIpDC,YAAAA,eAJoD;AAKpDC,YAAAA,WALoD;AAMpDE,YAAAA;AANoD,WAAvC,EAOZD,IAPY,CAAf;AASA3B,UAAAA,MAAM,GAAGrC,SAAS,CAACoE,OAAnB;AACA7B,UAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF,KAhFD,CAgFE,OAAO8B,GAAP,EAAY;AACZpC,MAAAA,KAAK,GAAGoC,GAAR;AACAhC,MAAAA,MAAM,GAAGrC,SAAS,CAACsE,OAAnB;AACA/B,MAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAED,QAAIA,sBAAJ,EAA4B;AAC1BX,MAAAA,UAAU,CAACyB,kBAAX,CAA8BkB,KAA9B;AACD;;AAED;AACEC,MAAAA,YAAY,EAAEpE,WADhB;AAEEiC,MAAAA;AAFF,OAGMH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAHd,GAIMC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAJzB,GAKMC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KALxB,GAMMN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KANhB,GAOMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAPlB,GAQMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KARlB,GASMC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KATf;AAWD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { FlowMonitor } from './flowMonitors';\nimport * as remediators from './remediators';\nimport { AuthSdkError } from '../errors';\nimport { \n OktaAuth,\n IdxOptions,\n IdxStatus,\n IdxTransaction,\n IdxFeature,\n NextStep,\n} from '../types';\nimport { IdxResponse, IdxRemediation } from './types/idx-js';\nimport { getSavedTransactionMeta } from './transactionMeta';\n\nexport type RemediationFlow = Record<string, typeof remediators.Remediator>;\nexport interface RunOptions {\n flow?: RemediationFlow;\n actions?: string[];\n flowMonitor?: FlowMonitor;\n stateTokenExternalId?: string;\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n const res = [];\n const { actions, neededToProceed } = idxResponse;\n\n if (actions['currentAuthenticator-recover']) {\n res.push(IdxFeature.PASSWORD_RECOVERY);\n }\n\n if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n res.push(IdxFeature.REGISTRATION);\n }\n\n if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n res.push(IdxFeature.SOCIAL_IDP);\n }\n\n return res;\n}\n\nfunction getAvailableSteps(remediations: IdxRemediation[]): NextStep[] {\n const res = [];\n\n const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n // Only add concrete subclasses to the map\n if (remediatorClass.remediationName) {\n map[remediatorClass.remediationName] = remediatorClass;\n }\n return map;\n }, {});\n\n for (let remediation of remediations) {\n const T = remediatorMap[remediation.name];\n if (T) {\n const remediator = new T(remediation);\n res.push (remediator.getNextStep());\n }\n }\n\n return res;\n}\n\nexport async function run(\n authClient: OktaAuth, \n options: RunOptions & IdxOptions,\n): Promise<IdxTransaction> {\n let tokens;\n let nextStep;\n let messages;\n let error;\n let meta;\n let enabledFeatures;\n let availableSteps;\n let status = IdxStatus.PENDING;\n let shouldClearTransaction = false;\n let idxResponse;\n let interactionHandle;\n let metaFromResp;\n\n try {\n\n const { stateTokenExternalId, state } = options;\n if (stateTokenExternalId) {\n // Email verify callback: retrieve saved interactionHandle, if possible\n metaFromResp = getSavedTransactionMeta(authClient, { state });\n interactionHandle = metaFromResp?.interactionHandle; // may be undefined\n } else {\n // Start/resume the flow. Will request a new interactionHandle if none is found in storage.\n const interactResponse = await interact(authClient, options); \n interactionHandle = interactResponse.interactionHandle;\n metaFromResp = interactResponse.meta;\n }\n\n // Introspect to get idx response\n idxResponse = await introspect(authClient, { interactionHandle, stateTokenExternalId });\n\n if (!options.flow && !options.actions) {\n // handle start transaction\n meta = metaFromResp;\n enabledFeatures = getEnabledFeatures(idxResponse);\n availableSteps = getAvailableSteps(idxResponse.neededToProceed);\n } else {\n const values: remediators.RemediationValues = { \n ...options, \n stateHandle: idxResponse.rawIdxState.stateHandle \n };\n\n // Can we handle the remediations?\n const { \n idxResponse: idxResponseFromResp, \n nextStep: nextStepFromResp,\n terminal,\n canceled,\n messages: messagesFromResp,\n } = await remediate(idxResponse, values, options);\n\n // Track fields from remediation response\n nextStep = nextStepFromResp;\n messages = messagesFromResp;\n\n // Save intermediate idx response in storage to reduce introspect call\n if (nextStep && idxResponseFromResp) {\n authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);\n }\n\n if (terminal) {\n status = IdxStatus.TERMINAL;\n shouldClearTransaction = true;\n } if (canceled) {\n status = IdxStatus.CANCELED;\n shouldClearTransaction = true;\n } else if (idxResponseFromResp?.interactionCode) { \n // Flows may end with interactionCode before the key remediation being hit\n // Double check if flow is finished to mitigate confusion with the wrapper methods\n if (!(await options.flowMonitor.isFinished())) {\n throw new AuthSdkError('Current flow is not supported, check policy settings in your org.');\n }\n\n const {\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n urls,\n scopes,\n } = metaFromResp;\n tokens = await authClient.token.exchangeCodeForTokens({\n interactionCode: idxResponseFromResp.interactionCode,\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n scopes\n }, urls);\n\n status = IdxStatus.SUCCESS;\n shouldClearTransaction = true;\n }\n }\n } catch (err) {\n error = err;\n status = IdxStatus.FAILURE;\n shouldClearTransaction = true;\n }\n\n if (shouldClearTransaction) {\n authClient.transactionManager.clear();\n }\n \n return {\n _idxResponse: idxResponse, \n status,\n ...(meta && { meta }),\n ...(enabledFeatures && { enabledFeatures }),\n ...(availableSteps && { availableSteps }),\n ...(tokens && { tokens: tokens.tokens }),\n ...(nextStep && { nextStep }),\n ...(messages && { messages }),\n ...(error && { error }),\n };\n}\n"],"file":"run.js"}
|
|
@@ -25,9 +25,9 @@ function _createTransactionMeta() {
|
|
|
25
25
|
return _createTransactionMeta.apply(this, arguments);
|
|
26
26
|
}
|
|
27
27
|
|
|
28
|
-
export function transactionMetaExist(authClient) {
|
|
29
|
-
if (authClient.transactionManager.exists()) {
|
|
30
|
-
var existing = authClient.transactionManager.load();
|
|
28
|
+
export function transactionMetaExist(authClient, options) {
|
|
29
|
+
if (authClient.transactionManager.exists(options)) {
|
|
30
|
+
var existing = authClient.transactionManager.load(options);
|
|
31
31
|
|
|
32
32
|
if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {
|
|
33
33
|
return true;
|
|
@@ -35,19 +35,30 @@ export function transactionMetaExist(authClient) {
|
|
|
35
35
|
}
|
|
36
36
|
|
|
37
37
|
return false;
|
|
38
|
+
} // Returns the saved transaction meta, if it exists and is valid, or undefined
|
|
39
|
+
|
|
40
|
+
export function getSavedTransactionMeta(authClient, options) {
|
|
41
|
+
var state = (options === null || options === void 0 ? void 0 : options.state) || authClient.options.state;
|
|
42
|
+
var existing = authClient.transactionManager.load({
|
|
43
|
+
state
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
if (existing && isTransactionMetaValid(authClient, existing)) {
|
|
47
|
+
return existing;
|
|
48
|
+
}
|
|
38
49
|
}
|
|
39
|
-
export function getTransactionMeta(_x2) {
|
|
50
|
+
export function getTransactionMeta(_x2, _x3) {
|
|
40
51
|
return _getTransactionMeta.apply(this, arguments);
|
|
41
52
|
}
|
|
42
53
|
|
|
43
54
|
function _getTransactionMeta() {
|
|
44
|
-
_getTransactionMeta = _asyncToGenerator(function* (authClient) {
|
|
55
|
+
_getTransactionMeta = _asyncToGenerator(function* (authClient, options) {
|
|
45
56
|
// Load existing transaction meta from storage
|
|
46
|
-
if (authClient.transactionManager.exists()) {
|
|
47
|
-
var
|
|
57
|
+
if (authClient.transactionManager.exists(options)) {
|
|
58
|
+
var validExistingMeta = getSavedTransactionMeta(authClient, options);
|
|
48
59
|
|
|
49
|
-
if (
|
|
50
|
-
return
|
|
60
|
+
if (validExistingMeta) {
|
|
61
|
+
return validExistingMeta;
|
|
51
62
|
} // existing meta is not valid for this configuration
|
|
52
63
|
// this is common when changing configuration in local development environment
|
|
53
64
|
// in a production environment, this may indicate that two apps are sharing a storage key
|
|
@@ -96,7 +107,9 @@ function _getTransactionMeta() {
|
|
|
96
107
|
}
|
|
97
108
|
|
|
98
109
|
export function saveTransactionMeta(authClient, meta) {
|
|
99
|
-
authClient.transactionManager.save(meta
|
|
110
|
+
authClient.transactionManager.save(meta, {
|
|
111
|
+
muteWarning: true
|
|
112
|
+
});
|
|
100
113
|
}
|
|
101
114
|
export function clearTransactionMeta(authClient) {
|
|
102
115
|
authClient.transactionManager.clear();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["warn","getOAuthUrls","createTransactionMeta","authClient","token","prepareTokenParams","transactionMetaExist","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getTransactionMeta","tokenParams","urls","issuer","
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["warn","getOAuthUrls","createTransactionMeta","authClient","token","prepareTokenParams","transactionMetaExist","options","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getSavedTransactionMeta","state","getTransactionMeta","validExistingMeta","tokenParams","urls","issuer","pkce","clientId","redirectUri","responseType","responseMode","scopes","nonce","ignoreSignature","codeVerifier","codeChallengeMethod","codeChallenge","meta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","mismatch","find","key"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,IAAT,QAAqB,SAArB;AACA,SAASC,YAAT,QAA6B,SAA7B,C,CAEA;;AACA,gBAAsBC,qBAAtB;AAAA;AAAA;;;6CAAO,WAAqCC,UAArC,EAA2D;AAChE,WAAOA,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAAP;AACD,G;;;;AAED,OAAO,SAASC,oBAAT,CAA8BH,UAA9B,EAAoDI,OAApD,EAA+F;AACpG,MAAIJ,UAAU,CAACK,kBAAX,CAA8BC,MAA9B,CAAqCF,OAArC,CAAJ,EAAmD;AACjD,QAAMG,QAAQ,GAAGP,UAAU,CAACK,kBAAX,CAA8BG,IAA9B,CAAmCJ,OAAnC,CAAjB;;AACA,QAAIK,sBAAsB,CAACT,UAAD,EAAaO,QAAb,CAAtB,IAAgDA,QAAQ,CAACG,iBAA7D,EAAgF;AAC9E,aAAO,IAAP;AACD;AACF;;AACD,SAAO,KAAP;AACD,C,CAED;;AACA,OAAO,SAASC,uBAAT,CAAiCX,UAAjC,EAAuDI,OAAvD,EAA6G;AAClH,MAAMQ,KAAK,GAAG,CAAAR,OAAO,SAAP,IAAAA,OAAO,WAAP,YAAAA,OAAO,CAAEQ,KAAT,KAAkBZ,UAAU,CAACI,OAAX,CAAmBQ,KAAnD;AACA,MAAML,QAAQ,GAAGP,UAAU,CAACK,kBAAX,CAA8BG,IAA9B,CAAmC;AAAEI,IAAAA;AAAF,GAAnC,CAAjB;;AACA,MAAIL,QAAQ,IAAIE,sBAAsB,CAACT,UAAD,EAAaO,QAAb,CAAtC,EAA8D;AAC5D,WAAOA,QAAP;AACD;AACF;AAED,gBAAsBM,kBAAtB;AAAA;AAAA;;;0CAAO,WACLb,UADK,EAELI,OAFK,EAGwB;AAC7B;AACA,QAAIJ,UAAU,CAACK,kBAAX,CAA8BC,MAA9B,CAAqCF,OAArC,CAAJ,EAAmD;AACjD,UAAMU,iBAAiB,GAAGH,uBAAuB,CAACX,UAAD,EAAaI,OAAb,CAAjD;;AACA,UAAIU,iBAAJ,EAAuB;AACrB,eAAOA,iBAAP;AACD,OAJgD,CAKjD;AACA;AACA;;;AACAjB,MAAAA,IAAI,CAAC,sEACH,4DADE,CAAJ;AAED,KAZ4B,CAc7B;;;AACA,QAAMkB,WAAW,SAASf,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAA1B;AACA,QAAMc,IAAI,GAAGlB,YAAY,CAACE,UAAD,EAAae,WAAb,CAAzB;AACA,QAAME,MAAM,GAAGjB,UAAU,CAACI,OAAX,CAAmBa,MAAlC;AACA,QAAM;AACJC,MAAAA,IADI;AAEJC,MAAAA,QAFI;AAGJC,MAAAA,WAHI;AAIJC,MAAAA,YAJI;AAKJC,MAAAA,YALI;AAMJC,MAAAA,MANI;AAOJX,MAAAA,KAPI;AAQJY,MAAAA,KARI;AASJC,MAAAA,eATI;AAUJC,MAAAA,YAVI;AAWJC,MAAAA,mBAXI;AAYJC,MAAAA;AAZI,QAaFb,WAbJ;AAcA,QAAMc,IAAI,GAAG;AACXZ,MAAAA,MADW;AAEXC,MAAAA,IAFW;AAGXC,MAAAA,QAHW;AAIXC,MAAAA,WAJW;AAKXC,MAAAA,YALW;AAMXC,MAAAA,YANW;AAOXC,MAAAA,MAPW;AAQXX,MAAAA,KARW;AASXY,MAAAA,KATW;AAUXR,MAAAA,IAVW;AAWXS,MAAAA,eAXW;AAYXC,MAAAA,YAZW;AAaXC,MAAAA,mBAbW;AAcXC,MAAAA;AAdW,KAAb;AAgBA,WAAOC,IAAP;AACD,G;;;;AAED,OAAO,SAASC,mBAAT,CAA8B9B,UAA9B,EAAoD6B,IAApD,EAA0D;AAC/D7B,EAAAA,UAAU,CAACK,kBAAX,CAA8B0B,IAA9B,CAAmCF,IAAnC,EAAyC;AAAEG,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;AAED,OAAO,SAASC,oBAAT,CAA+BjC,UAA/B,EAAqD;AAC1DA,EAAAA,UAAU,CAACK,kBAAX,CAA8B6B,KAA9B;AACD,C,CAED;;AACA,OAAO,SAASzB,sBAAT,CAAiCT,UAAjC,EAAuD6B,IAAvD,EAA6D;AAClE,MAAMM,IAAI,GAAG,CAAC,QAAD,EAAW,UAAX,EAAuB,aAAvB,CAAb;AACA,MAAMC,QAAQ,GAAGD,IAAI,CAACE,IAAL,CAAUC,GAAG,IAAI;AAChC,WAAOtC,UAAU,CAACI,OAAX,CAAmBkC,GAAnB,MAA4BT,IAAI,CAACS,GAAD,CAAvC;AACD,GAFgB,CAAjB;AAGA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta, TransactionMetaOptions } from '../types';\nimport { warn } from '../util';\nimport { getOAuthUrls } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(authClient: OktaAuth) {\n return authClient.token.prepareTokenParams();\n}\n\nexport function transactionMetaExist(authClient: OktaAuth, options?: TransactionMetaOptions): boolean {\n if (authClient.transactionManager.exists(options)) {\n const existing = authClient.transactionManager.load(options) as IdxTransactionMeta;\n if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {\n return true;\n }\n }\n return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid, or undefined\nexport function getSavedTransactionMeta(authClient: OktaAuth, options?: TransactionMetaOptions): IdxTransactionMeta {\n const state = options?.state || authClient.options.state;\n const existing = authClient.transactionManager.load({ state }) as IdxTransactionMeta;\n if (existing && isTransactionMetaValid(authClient, existing)) {\n return existing;\n }\n}\n\nexport async function getTransactionMeta(\n authClient: OktaAuth,\n options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n // Load existing transaction meta from storage\n if (authClient.transactionManager.exists(options)) {\n const validExistingMeta = getSavedTransactionMeta(authClient, options);\n if (validExistingMeta) {\n return validExistingMeta;\n }\n // existing meta is not valid for this configuration\n // this is common when changing configuration in local development environment\n // in a production environment, this may indicate that two apps are sharing a storage key\n warn('Saved transaction meta does not match the current configuration. ' + \n 'This may indicate that two apps are sharing a storage key.');\n }\n\n // Calculate new values\n const tokenParams = await authClient.token.prepareTokenParams();\n const urls = getOAuthUrls(authClient, tokenParams);\n const issuer = authClient.options.issuer;\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n nonce,\n ignoreSignature,\n codeVerifier,\n codeChallengeMethod,\n codeChallenge,\n } = tokenParams;\n const meta = {\n issuer,\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n nonce,\n urls,\n ignoreSignature,\n codeVerifier,\n codeChallengeMethod,\n codeChallenge \n };\n return meta;\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta) {\n authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth) {\n authClient.transactionManager.clear();\n}\n\n// returns true if values in meta match current authClient options\nexport function isTransactionMetaValid (authClient: OktaAuth, meta) {\n const keys = ['issuer', 'clientId', 'redirectUri'];\n const mismatch = keys.find(key => {\n return authClient.options[key] !== meta[key];\n });\n return !mismatch;\n}\n"],"file":"transactionMeta.js"}
|
package/esm/idx/types/idx-js.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/types/idx-js.ts"],"names":["isRawIdxResponse","obj","version"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA;
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/types/idx-js.ts"],"names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA;AA2EA;AAaA,OAAO,SAASA,gBAAT,CAA0BC,GAA1B,EAA2D;AAChE,SAAOA,GAAG,IAAIA,GAAG,CAACC,OAAlB;AACD;AAmBD,OAAO,SAASC,aAAT,CAAuBF,GAAvB,EAAqD;AAC1D,SAAOA,GAAG,IAAID,gBAAgB,CAACC,GAAG,CAACG,WAAL,CAA9B;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface IdxAuthenticatorMethod {\n type: string;\n}\nexport interface IdxAuthenticator {\n displayName: string;\n id: string;\n key: string;\n methods: IdxAuthenticatorMethod[];\n type: string;\n settings?: {\n complexity?: unknown;\n age?: unknown;\n };\n contextualData?: unknown;\n}\n\nexport interface IdxForm {\n value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n value: string | { form: IdxForm };\n label: string;\n relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n id: string;\n name: string;\n}\n\nexport interface IdxRemediationValue {\n name: string;\n type?: string;\n required?: boolean;\n secret?: boolean;\n value?: string;\n label?: string;\n form?: IdxForm;\n options?: IdxOption[];\n messages?: IdxMessages;\n minLength?: number;\n maxLength?: number;\n}\n\nexport interface IdxRemediation {\n name: string;\n label?: string;\n value?: IdxRemediationValue[];\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n idp?: IdpConfig;\n href?: string;\n method?: string;\n type?: string;\n}\n\nexport interface IdxMessage {\n message: string;\n class: string;\n i18n: {\n key: string;\n params?: unknown[];\n };\n}\n\nexport interface IdxMessages {\n type: 'array';\n value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n version: string;\n stateHandle: string;\n intent?: string;\n expiresAt?: string;\n remediation?: {\n type: 'array';\n value: IdxRemediation[];\n };\n messages?: IdxMessages;\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n return obj && obj.version;\n}\n\n\nexport interface IdxActions {\n [key: string]: Function;\n}\n\n// Object returned from idx-js\nexport interface IdxResponse {\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n toPersist: {\n interactionHandle?: string;\n };\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n return obj && isRawIdxResponse(obj.rawIdxState);\n}\n"],"file":"idx-js.js"}
|
package/esm/idx/types/index.js
CHANGED
|
@@ -17,13 +17,23 @@ export { CancelOptions } from '../cancel';
|
|
|
17
17
|
export var IdxStatus;
|
|
18
18
|
|
|
19
19
|
(function (IdxStatus) {
|
|
20
|
-
IdxStatus[
|
|
21
|
-
IdxStatus[
|
|
22
|
-
IdxStatus[
|
|
23
|
-
IdxStatus[
|
|
24
|
-
IdxStatus[
|
|
20
|
+
IdxStatus["SUCCESS"] = "SUCCESS";
|
|
21
|
+
IdxStatus["PENDING"] = "PENDING";
|
|
22
|
+
IdxStatus["FAILURE"] = "FAILURE";
|
|
23
|
+
IdxStatus["TERMINAL"] = "TERMINAL";
|
|
24
|
+
IdxStatus["CANCELED"] = "CANCELED";
|
|
25
25
|
})(IdxStatus || (IdxStatus = {}));
|
|
26
26
|
|
|
27
|
+
export var AuthenticatorKey;
|
|
28
|
+
|
|
29
|
+
(function (AuthenticatorKey) {
|
|
30
|
+
AuthenticatorKey["OKTA_PASSWORD"] = "okta_password";
|
|
31
|
+
AuthenticatorKey["OKTA_EMAIL"] = "okta_email";
|
|
32
|
+
AuthenticatorKey["OKTA_VERIFIER"] = "okta_verifier";
|
|
33
|
+
AuthenticatorKey["PHONE_NUMBER"] = "phone_number";
|
|
34
|
+
AuthenticatorKey["GOOGLE_AUTHENTICATOR"] = "google_otp";
|
|
35
|
+
})(AuthenticatorKey || (AuthenticatorKey = {}));
|
|
36
|
+
|
|
27
37
|
export var IdxFeature;
|
|
28
38
|
|
|
29
39
|
(function (IdxFeature) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxMessage","AuthenticationOptions","RegistrationOptions","PasswordRecoveryOptions","CancelOptions","IdxStatus","IdxFeature"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,UAAT,QAA2B,UAA3B;AACA,SAASC,qBAAT,QAAsC,iBAAtC;AACA,SAASC,mBAAT,QAAoC,aAApC;AACA,SAASC,uBAAT,QAAwC,oBAAxC;AACA,SAASC,aAAT,QAA8B,WAA9B;AAEA,WAAYC,SAAZ;;WAAYA,S;AAAAA,EAAAA,S,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxMessage","AuthenticationOptions","RegistrationOptions","PasswordRecoveryOptions","CancelOptions","IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,UAAT,QAA2B,UAA3B;AACA,SAASC,qBAAT,QAAsC,iBAAtC;AACA,SAASC,mBAAT,QAAoC,aAApC;AACA,SAASC,uBAAT,QAAwC,oBAAxC;AACA,SAASC,aAAT,QAA8B,WAA9B;AAEA,WAAYC,SAAZ;;WAAYA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,KAAAA,S;;AAQZ,WAAYC,gBAAZ;;WAAYA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,KAAAA,gB;;AAyBZ,WAAYC,UAAZ;;WAAYA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;GAAAA,U,KAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { APIError, Tokens } from '../../types';\nimport { IdxTransactionMeta } from '../../types/Transaction';\nimport { IdxAuthenticator, IdxMessage, IdxOption, IdxResponse } from './idx-js';\n\nexport { IdxMessage } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { CancelOptions } from '../cancel';\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n OKTA_VERIFIER = 'okta_verifier',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n}\n\nexport type Input = {\n name: string;\n label?: string;\n value?: string;\n secret?: boolean;\n required?: boolean;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n options?: IdxOption[];\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY,\n REGISTRATION,\n SOCIAL_IDP,\n}\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n _idxResponse?: IdxResponse; // Temporary for widget conversion. Will not be supported long-term. OKTA-418165\n}\n\nexport type IdxOptions = InteractOptions;\n\nexport type Authenticator = {\n key: string;\n methodType?: string;\n phoneNumber?: string;\n};\n"],"file":"index.js"}
|
package/esm/oidc/getToken.js
CHANGED
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
15
15
|
*
|
|
16
16
|
*/
|
|
17
|
-
import { getOAuthUrls, loadFrame
|
|
17
|
+
import { getOAuthUrls, loadFrame } from './util';
|
|
18
18
|
import AuthSdkError from '../errors/AuthSdkError';
|
|
19
19
|
import { prepareTokenParams } from './util/prepareTokenParams';
|
|
20
20
|
import { buildAuthorizeParams } from './endpoints/authorize';
|
|
@@ -76,7 +76,11 @@ export function getToken(sdk, options) {
|
|
|
76
76
|
return Promise.reject(new AuthSdkError('As of version 3.0, "getToken" takes only a single set of options'));
|
|
77
77
|
}
|
|
78
78
|
|
|
79
|
-
options = options || {};
|
|
79
|
+
options = options || {}; // window object cannot be serialized, save for later use
|
|
80
|
+
// TODO: move popup related params into a separate options object
|
|
81
|
+
|
|
82
|
+
var popupWindow = options.popupWindow;
|
|
83
|
+
options.popupWindow = undefined;
|
|
80
84
|
return prepareTokenParams(sdk, options).then(function (tokenParams) {
|
|
81
85
|
// Start overriding any options that don't make sense
|
|
82
86
|
var sessionTokenOverrides = {
|
|
@@ -135,17 +139,18 @@ export function getToken(sdk, options) {
|
|
|
135
139
|
}
|
|
136
140
|
|
|
137
141
|
oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);
|
|
138
|
-
} //
|
|
142
|
+
} // Redirect for authorization
|
|
143
|
+
// popupWindown can be null when popup is blocked
|
|
144
|
+
|
|
139
145
|
|
|
146
|
+
if (popupWindow) {
|
|
147
|
+
popupWindow.location.assign(requestUrl);
|
|
148
|
+
} // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
|
|
140
149
|
|
|
141
|
-
var windowOptions = {
|
|
142
|
-
popupTitle: options.popupTitle
|
|
143
|
-
};
|
|
144
|
-
var windowEl = loadPopup(requestUrl, windowOptions); // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
|
|
145
150
|
|
|
146
151
|
var popupPromise = new Promise(function (resolve, reject) {
|
|
147
152
|
var closePoller = setInterval(function () {
|
|
148
|
-
if (!
|
|
153
|
+
if (!popupWindow || popupWindow.closed) {
|
|
149
154
|
clearInterval(closePoller);
|
|
150
155
|
reject(new AuthSdkError('Unable to parse OAuth flow response'));
|
|
151
156
|
}
|
|
@@ -162,8 +167,8 @@ export function getToken(sdk, options) {
|
|
|
162
167
|
return popupPromise.then(function (res) {
|
|
163
168
|
return handleOAuthResponse(sdk, tokenParams, res, urls);
|
|
164
169
|
}).finally(function () {
|
|
165
|
-
if (
|
|
166
|
-
|
|
170
|
+
if (popupWindow && !popupWindow.closed) {
|
|
171
|
+
popupWindow.close();
|
|
167
172
|
}
|
|
168
173
|
});
|
|
169
174
|
|
package/esm/oidc/getToken.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getOAuthUrls","loadFrame","loadPopup","AuthSdkError","prepareTokenParams","buildAuthorizeParams","addPostMessageListener","handleOAuthResponse","getToken","sdk","options","arguments","length","Promise","reject","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","windowOptions","popupTitle","windowEl","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":"AACA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SACEA,YADF,EAEEC,SAFF,EAGEC,SAHF,QAIO,QAJP;AAMA,OAAOC,YAAP,MAAyB,wBAAzB;AAOA,SAASC,kBAAT,QAAmC,2BAAnC;AACA,SAASC,oBAAT,QAAqC,uBAArC;AACA,SAASC,sBAAT,QAAuC,QAAvC;AACA,SAASC,mBAAT,QAAoC,uBAApC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA,OAAO,SAASC,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAuD;AAC5D,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AAEA,SAAON,kBAAkB,CAACK,GAAD,EAAMC,OAAN,CAAlB,CACJK,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIV,OAAO,CAACY,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIP,OAAO,CAACe,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG5B,YAAY,CAACS,GAAD,EAAMO,WAAN,CAAnB;AACAW,IAAAA,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAGtB,oBAAoB,CAACW,WAAD,CAA5C,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG3B,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAACwB,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAA1C;AACA,YAAIC,QAAQ,GAAGnC,SAAS,CAACyB,UAAD,CAAxB;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO9B,mBAAmB,CAACE,GAAD,EAAMO,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACV,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAI3C,YAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACDyC,UAAAA,YAAY,GAAGtC,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAACwB,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAArC;AACD,SAVH,CAYE;;;AACA,YAAIY,aAAa,GAAG;AAClBC,UAAAA,UAAU,EAAEtC,OAAO,CAACsC;AADF,SAApB;AAGA,YAAIC,QAAQ,GAAG/C,SAAS,CAACwB,UAAD,EAAaqB,aAAb,CAAxB,CAhBF,CAkBE;;AACA,YAAIG,YAAY,GAAG,IAAIrC,OAAJ,CAAY,UAAUsC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACJ,QAAD,IAAaA,QAAQ,CAACK,MAA1B,EAAkC;AAChCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIX,YAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACAyC,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBkB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACd,GAAD,CAAP;AACD,WAJH,EAKGmB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBnC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO9B,mBAAmB,CAACE,GAAD,EAAMO,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIW,QAAQ,IAAI,CAACA,QAAQ,CAACK,MAA1B,EAAkC;AAChCL,YAAAA,QAAQ,CAACS,KAAT;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAIvD,YAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n loadPopup,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Create the window\n var windowOptions = {\n popupTitle: options.popupTitle\n };\n var windowEl = loadPopup(requestUrl, windowOptions);\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!windowEl || windowEl.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (windowEl && !windowEl.closed) {\n windowEl.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getOAuthUrls","loadFrame","AuthSdkError","prepareTokenParams","buildAuthorizeParams","addPostMessageListener","handleOAuthResponse","getToken","sdk","options","arguments","length","Promise","reject","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":"AACA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SACEA,YADF,EAEEC,SAFF,QAGO,QAHP;AAKA,OAAOC,YAAP,MAAyB,wBAAzB;AAQA,SAASC,kBAAT,QAAmC,2BAAnC;AACA,SAASC,oBAAT,QAAqC,uBAArC;AACA,SAASC,sBAAT,QAAuC,QAAvC;AACA,SAASC,mBAAT,QAAoC,uBAApC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA,OAAO,SAASC,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,MAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;AACAL,EAAAA,OAAO,CAACK,WAAR,GAAsBC,SAAtB;AAEA,SAAOZ,kBAAkB,CAACK,GAAD,EAAMC,OAAN,CAAlB,CACJO,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIZ,OAAO,CAACc,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIT,OAAO,CAACiB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG7B,YAAY,CAACQ,GAAD,EAAMS,WAAN,CAAnB;AACAW,IAAAA,QAAQ,GAAGnB,OAAO,CAACqB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAGxB,oBAAoB,CAACa,WAAD,CAA5C,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG7B,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAAC0B,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAA1C;AACA,YAAIC,QAAQ,GAAGpC,SAAS,CAAC0B,UAAD,CAAxB;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAOhC,mBAAmB,CAACE,GAAD,EAAMS,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACZ,GAAG,CAACsC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAI7C,YAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD2C,UAAAA,YAAY,GAAGxC,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAAC0B,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAArC;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAIrC,OAAJ,CAAY,UAAUsC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIX,YAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA2C,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAOhC,mBAAmB,CAACE,GAAD,EAAMS,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAIvD,YAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n PopupParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
|
package/esm/oidc/getWithPopup.js
CHANGED
|
@@ -13,15 +13,21 @@
|
|
|
13
13
|
import { AuthSdkError } from '../errors';
|
|
14
14
|
import { clone } from '../util';
|
|
15
15
|
import { getToken } from './getToken';
|
|
16
|
+
import { loadPopup } from './util';
|
|
16
17
|
export function getWithPopup(sdk, options) {
|
|
17
18
|
if (arguments.length > 2) {
|
|
18
19
|
return Promise.reject(new AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
|
|
19
|
-
}
|
|
20
|
+
} // some browsers (safari, firefox) block popup if it's initialed from an async process
|
|
21
|
+
// here we create the popup window immediately after user interaction
|
|
22
|
+
// then redirect to the /authorize endpoint when the requestUrl is available
|
|
20
23
|
|
|
24
|
+
|
|
25
|
+
var popupWindow = loadPopup('/', options);
|
|
21
26
|
options = clone(options) || {};
|
|
22
27
|
Object.assign(options, {
|
|
23
28
|
display: 'popup',
|
|
24
|
-
responseMode: 'okta_post_message'
|
|
29
|
+
responseMode: 'okta_post_message',
|
|
30
|
+
popupWindow
|
|
25
31
|
});
|
|
26
32
|
return getToken(sdk, options);
|
|
27
33
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["AuthSdkError","clone","getToken","getWithPopup","sdk","options","arguments","length","Promise","reject","Object","assign","display","responseMode"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,QAAT,QAAyB,YAAzB;AAEA,OAAO,SAASC,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["AuthSdkError","clone","getToken","loadPopup","getWithPopup","sdk","options","arguments","length","Promise","reject","popupWindow","Object","assign","display","responseMode"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,QAAT,QAAyB,YAAzB;AACA,SAASC,SAAT,QAA0B,QAA1B;AAEA,OAAO,SAASC,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIV,YAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHuF,CAKxF;AACA;AACA;;;AACA,MAAMW,WAAW,GAAGR,SAAS,CAAC,GAAD,EAAMG,OAAN,CAA7B;AACAA,EAAAA,OAAO,GAAGL,KAAK,CAACK,OAAD,CAAL,IAAkB,EAA5B;AACAM,EAAAA,MAAM,CAACC,MAAP,CAAcP,OAAd,EAAuB;AACrBQ,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBJ,IAAAA;AAHqB,GAAvB;AAKA,SAAOT,QAAQ,CAACG,GAAD,EAAMC,OAAN,CAAf;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["AuthSdkError","clone","getOAuthUrls","prepareTokenParams","buildAuthorizeParams","getWithRedirect","sdk","options","arguments","length","Promise","reject","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,YAAT,EAAuBC,kBAAvB,QAAiD,QAAjD;AACA,SAASC,oBAAT,QAAqC,uBAArC;AAEA,OAAO,SAASC,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGN,KAAK,CAACM,OAAD,CAAL,IAAkB,EAA5B;AAEA,SAAOJ,kBAAkB,CAACG,GAAD,EAAMC,OAAN,CAAlB,CACJK,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,QAAMC,IAAI,GAAGZ,YAAY,CAACI,GAAD,EAAMC,OAAN,CAAzB;AACA,QAAMQ,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoBZ,oBAAoB,CAACS,WAAD,CAA3D;AACA,QAAMI,MAAM,GAAGX,GAAG,CAACC,OAAJ,CAAYU,MAA3B,CAHwC,CAKxC;;AACA,QAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ;AAaA,QAAMe,SAA0B,GAAG;AACjCX,MAAAA,MADiC;AAEjCC,MAAAA,YAFiC;AAGjCC,MAAAA,KAHiC;AAIjCC,MAAAA,KAJiC;AAKjCC,MAAAA,MALiC;AAMjCC,MAAAA,QANiC;AAOjCR,MAAAA,IAPiC;AAQjCS,MAAAA,eARiC;AASjCC,MAAAA,WATiC;AAUjCC,MAAAA,YAViC;AAWjCC,MAAAA,aAXiC;AAYjCC,MAAAA;AAZiC,KAAnC;AAeArB,IAAAA,GAAG,CAACuB,kBAAJ,CAAuBC,IAAvB,CAA4BF,SAA5B,EAAuC;AAAEG,MAAAA,KAAK,EAAE;AAAT,KAAvC;;AACAzB,IAAAA,GAAG,CAAC0B,KAAJ,CAAU3B,eAAV,CAA0B4B,YAA1B,CAAuClB,UAAvC;AACD,GArCI,CAAP;AAsCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TransactionMeta } from '../types';\nimport { clone } from '../util';\nimport { getOAuthUrls, prepareTokenParams } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function getWithRedirect(sdk: OktaAuth, options: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n const urls = getOAuthUrls(sdk, options);\n const requestUrl = urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n const issuer = sdk.options.issuer;\n\n // Gather the values we want to save in the transaction\n const {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n } = tokenParams;\n\n const oauthMeta: TransactionMeta = {\n issuer,\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["AuthSdkError","clone","getOAuthUrls","prepareTokenParams","buildAuthorizeParams","getWithRedirect","sdk","options","arguments","length","Promise","reject","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,YAAT,EAAuBC,kBAAvB,QAAiD,QAAjD;AACA,SAASC,oBAAT,QAAqC,uBAArC;AAEA,OAAO,SAASC,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGN,KAAK,CAACM,OAAD,CAAL,IAAkB,EAA5B;AAEA,SAAOJ,kBAAkB,CAACG,GAAD,EAAMC,OAAN,CAAlB,CACJK,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,QAAMC,IAAI,GAAGZ,YAAY,CAACI,GAAD,EAAMC,OAAN,CAAzB;AACA,QAAMQ,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoBZ,oBAAoB,CAACS,WAAD,CAA3D;AACA,QAAMI,MAAM,GAAGX,GAAG,CAACC,OAAJ,CAAYU,MAA3B,CAHwC,CAKxC;;AACA,QAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ;AAaA,QAAMe,SAA0B,GAAG;AACjCX,MAAAA,MADiC;AAEjCC,MAAAA,YAFiC;AAGjCC,MAAAA,KAHiC;AAIjCC,MAAAA,KAJiC;AAKjCC,MAAAA,MALiC;AAMjCC,MAAAA,QANiC;AAOjCR,MAAAA,IAPiC;AAQjCS,MAAAA,eARiC;AASjCC,MAAAA,WATiC;AAUjCC,MAAAA,YAViC;AAWjCC,MAAAA,aAXiC;AAYjCC,MAAAA;AAZiC,KAAnC;AAeArB,IAAAA,GAAG,CAACuB,kBAAJ,CAAuBC,IAAvB,CAA4BF,SAA5B,EAAuC;AAAEG,MAAAA,KAAK,EAAE;AAAT,KAAvC;;AACAzB,IAAAA,GAAG,CAAC0B,KAAJ,CAAU3B,eAAV,CAA0B4B,YAA1B,CAAuClB,UAAvC;AACD,GArCI,CAAP;AAsCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TransactionMeta } from '../types';\nimport { clone } from '../util';\nimport { getOAuthUrls, prepareTokenParams } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function getWithRedirect(sdk: OktaAuth, options: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n const urls = getOAuthUrls(sdk, options);\n const requestUrl = urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n const issuer = sdk.options.issuer;\n\n // Gather the values we want to save in the transaction\n const {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n } = tokenParams;\n\n const oauthMeta: TransactionMeta = {\n issuer,\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n sdk.transactionManager.save(oauthMeta, { oauth: true });\n sdk.token.getWithRedirect._setLocation(requestUrl);\n });\n}\n"],"file":"getWithRedirect.js"}
|