@okta/okta-auth-js 5.4.3 → 5.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +59 -4
- package/README.md +66 -977
- package/cjs/AuthStateManager.js +5 -0
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +74 -29
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/StorageManager.js +16 -0
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TransactionManager.js +44 -8
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +5 -5
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/builderUtil.js +6 -0
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/constants.js +5 -1
- package/cjs/constants.js.map +1 -1
- package/cjs/fetch/fetchRequest.js +10 -3
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/request.js +4 -0
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/interact.js +5 -2
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +24 -7
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/remediate.js +35 -41
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +7 -7
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +13 -7
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +6 -6
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +18 -14
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +14 -0
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/Identify.js +5 -2
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/run.js +28 -6
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/transactionMeta.js +24 -9
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js +5 -0
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +17 -6
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/oidc/getToken.js +14 -9
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getWithPopup.js +9 -2
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js +59 -20
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewTokens.js +28 -5
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/util/browser.js +1 -13
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +9 -5
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/urlParams.js +1 -1
- package/cjs/oidc/util/urlParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +8 -6
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/options.js +15 -2
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +2 -1
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +1 -3
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/api.js +3 -0
- package/cjs/tx/api.js.map +1 -1
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/util/emailVerify.js +28 -0
- package/cjs/util/emailVerify.js.map +1 -0
- package/cjs/util/index.js +13 -0
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/sharedStorage.js +54 -0
- package/cjs/util/sharedStorage.js.map +1 -0
- package/dist/okta-auth-js.min.js +2 -74
- package/dist/okta-auth-js.min.js.LICENSE.txt +32 -0
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.polyfill.js +2 -18
- package/dist/okta-auth-js.polyfill.js.LICENSE.txt +18 -0
- package/dist/okta-auth-js.polyfill.js.map +1 -1
- package/dist/okta-auth-js.umd.js +2 -74
- package/dist/okta-auth-js.umd.js.LICENSE.txt +32 -0
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/AuthStateManager.js +5 -0
- package/esm/AuthStateManager.js.map +1 -1
- package/esm/OktaAuth.js +75 -31
- package/esm/OktaAuth.js.map +1 -1
- package/esm/OktaUserAgent.js +2 -2
- package/esm/StorageManager.js +17 -1
- package/esm/StorageManager.js.map +1 -1
- package/esm/TransactionManager.js +43 -8
- package/esm/TransactionManager.js.map +1 -1
- package/esm/browser/browserStorage.js +5 -5
- package/esm/browser/browserStorage.js.map +1 -1
- package/esm/builderUtil.js +6 -0
- package/esm/builderUtil.js.map +1 -1
- package/esm/constants.js +2 -0
- package/esm/constants.js.map +1 -1
- package/esm/fetch/fetchRequest.js +10 -3
- package/esm/fetch/fetchRequest.js.map +1 -1
- package/esm/http/request.js +4 -0
- package/esm/http/request.js.map +1 -1
- package/esm/idx/interact.js +5 -2
- package/esm/idx/interact.js.map +1 -1
- package/esm/idx/introspect.js +22 -6
- package/esm/idx/introspect.js.map +1 -1
- package/esm/idx/remediate.js +36 -37
- package/esm/idx/remediate.js.map +1 -1
- package/esm/idx/remediators/Base/AuthenticatorData.js +7 -7
- package/esm/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/esm/idx/remediators/Base/Remediator.js +13 -8
- package/esm/idx/remediators/Base/Remediator.js.map +1 -1
- package/esm/idx/remediators/Base/SelectAuthenticator.js +6 -6
- package/esm/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/esm/idx/remediators/Base/VerifyAuthenticator.js +18 -15
- package/esm/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/esm/idx/remediators/EnrollProfile.js +21 -4
- package/esm/idx/remediators/EnrollProfile.js.map +1 -1
- package/esm/idx/remediators/Identify.js +4 -2
- package/esm/idx/remediators/Identify.js.map +1 -1
- package/esm/idx/remediators/ReEnrollAuthenticator.js +1 -1
- package/esm/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/esm/idx/run.js +27 -6
- package/esm/idx/run.js.map +1 -1
- package/esm/idx/transactionMeta.js +23 -10
- package/esm/idx/transactionMeta.js.map +1 -1
- package/esm/idx/types/idx-js.js +3 -0
- package/esm/idx/types/idx-js.js.map +1 -1
- package/esm/idx/types/index.js +15 -5
- package/esm/idx/types/index.js.map +1 -1
- package/esm/oidc/getToken.js +15 -10
- package/esm/oidc/getToken.js.map +1 -1
- package/esm/oidc/getWithPopup.js +8 -2
- package/esm/oidc/getWithPopup.js.map +1 -1
- package/esm/oidc/getWithRedirect.js.map +1 -1
- package/esm/oidc/parseFromUrl.js +59 -17
- package/esm/oidc/parseFromUrl.js.map +1 -1
- package/esm/oidc/renewTokens.js +27 -5
- package/esm/oidc/renewTokens.js.map +1 -1
- package/esm/oidc/util/browser.js +1 -12
- package/esm/oidc/util/browser.js.map +1 -1
- package/esm/oidc/util/loginRedirect.js +9 -5
- package/esm/oidc/util/loginRedirect.js.map +1 -1
- package/esm/oidc/util/urlParams.js +1 -1
- package/esm/oidc/util/urlParams.js.map +1 -1
- package/esm/oidc/util/validateClaims.js +8 -6
- package/esm/oidc/util/validateClaims.js.map +1 -1
- package/esm/options.js +15 -2
- package/esm/options.js.map +1 -1
- package/esm/server/serverStorage.js +2 -1
- package/esm/server/serverStorage.js.map +1 -1
- package/esm/tx/AuthTransaction.js +1 -3
- package/esm/tx/AuthTransaction.js.map +1 -1
- package/esm/tx/api.js +3 -0
- package/esm/tx/api.js.map +1 -1
- package/esm/types/Transaction.js.map +1 -1
- package/esm/util/emailVerify.js +21 -0
- package/esm/util/emailVerify.js.map +1 -0
- package/esm/util/index.js +1 -0
- package/esm/util/index.js.map +1 -1
- package/esm/util/sharedStorage.js +43 -0
- package/esm/util/sharedStorage.js.map +1 -0
- package/lib/AuthStateManager.d.ts +4 -2
- package/lib/OktaAuth.d.ts +9 -5
- package/lib/StorageManager.d.ts +2 -0
- package/lib/TransactionManager.d.ts +5 -1
- package/lib/constants.d.ts +2 -0
- package/lib/crypto/base64.d.ts +2 -2
- package/lib/crypto/oidcHash.d.ts +1 -1
- package/lib/crypto/verifyToken.d.ts +1 -1
- package/lib/idx/introspect.d.ts +2 -1
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +2 -5
- package/lib/idx/remediators/Base/Remediator.d.ts +3 -6
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +3 -6
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +1 -1
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -0
- package/lib/idx/remediators/Identify.d.ts +1 -5
- package/lib/idx/run.d.ts +1 -0
- package/lib/idx/transactionMeta.d.ts +4 -3
- package/lib/idx/types/idx-js.d.ts +2 -0
- package/lib/idx/types/index.d.ts +20 -9
- package/lib/oidc/getToken.d.ts +2 -2
- package/lib/oidc/parseFromUrl.d.ts +4 -1
- package/lib/oidc/renewTokens.d.ts +0 -12
- package/lib/oidc/util/loginRedirect.d.ts +1 -1
- package/lib/types/AuthState.d.ts +1 -0
- package/lib/types/OktaAuthOptions.d.ts +2 -1
- package/lib/types/Storage.d.ts +3 -0
- package/lib/types/Transaction.d.ts +5 -1
- package/lib/types/api.d.ts +9 -4
- package/lib/types/http.d.ts +1 -0
- package/lib/util/emailVerify.d.ts +17 -0
- package/lib/util/index.d.ts +1 -0
- package/lib/util/sharedStorage.d.ts +6 -0
- package/package.json +12 -10
package/esm/oidc/parseFromUrl.js
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
|
|
2
|
+
|
|
1
3
|
/* eslint-disable complexity */
|
|
2
4
|
|
|
3
5
|
/*!
|
|
@@ -45,7 +47,13 @@ function removeSearch(sdk) {
|
|
|
45
47
|
}
|
|
46
48
|
}
|
|
47
49
|
|
|
48
|
-
export function
|
|
50
|
+
export function getResponseMode(sdk) {
|
|
51
|
+
// https://openid.net/specs/openid-connect-core-1_0.html#Authentication
|
|
52
|
+
var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
|
|
53
|
+
var responseMode = sdk.options.responseMode || defaultResponseMode;
|
|
54
|
+
return responseMode;
|
|
55
|
+
}
|
|
56
|
+
export function parseOAuthResponseFromUrl(sdk, options) {
|
|
49
57
|
options = options || {};
|
|
50
58
|
|
|
51
59
|
if (isString(options)) {
|
|
@@ -54,12 +62,10 @@ export function parseFromUrl(sdk, options) {
|
|
|
54
62
|
};
|
|
55
63
|
} else {
|
|
56
64
|
options = options;
|
|
57
|
-
}
|
|
58
|
-
|
|
65
|
+
}
|
|
59
66
|
|
|
60
|
-
var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
|
|
61
67
|
var url = options.url;
|
|
62
|
-
var responseMode = options.responseMode || sdk
|
|
68
|
+
var responseMode = options.responseMode || getResponseMode(sdk);
|
|
63
69
|
|
|
64
70
|
var nativeLoc = sdk.token.parseFromUrl._getLocation();
|
|
65
71
|
|
|
@@ -72,31 +78,67 @@ export function parseFromUrl(sdk, options) {
|
|
|
72
78
|
}
|
|
73
79
|
|
|
74
80
|
if (!paramStr) {
|
|
75
|
-
|
|
81
|
+
throw new AuthSdkError('Unable to parse a token from the url');
|
|
76
82
|
}
|
|
77
83
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
var
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
84
|
+
return urlParamsToObject(paramStr);
|
|
85
|
+
}
|
|
86
|
+
export function cleanOAuthResponseFromUrl(sdk, options) {
|
|
87
|
+
// Clean hash or search from the url
|
|
88
|
+
var responseMode = options.responseMode || getResponseMode(sdk);
|
|
89
|
+
responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);
|
|
90
|
+
}
|
|
91
|
+
export function parseFromUrl(_x, _x2) {
|
|
92
|
+
return _parseFromUrl.apply(this, arguments);
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
function _parseFromUrl() {
|
|
96
|
+
_parseFromUrl = _asyncToGenerator(function* (sdk, options) {
|
|
97
|
+
options = options || {};
|
|
98
|
+
|
|
99
|
+
if (isString(options)) {
|
|
100
|
+
options = {
|
|
101
|
+
url: options
|
|
102
|
+
};
|
|
103
|
+
} else {
|
|
104
|
+
options = options;
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
var res = parseOAuthResponseFromUrl(sdk, options);
|
|
108
|
+
var state = res.state;
|
|
109
|
+
var oauthParams = sdk.transactionManager.load({
|
|
110
|
+
oauth: true,
|
|
111
|
+
pkce: sdk.options.pkce,
|
|
112
|
+
state
|
|
113
|
+
});
|
|
114
|
+
|
|
115
|
+
if (!oauthParams) {
|
|
116
|
+
return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
var urls = oauthParams.urls;
|
|
120
|
+
delete oauthParams.urls;
|
|
121
|
+
|
|
122
|
+
if (!options.url) {
|
|
86
123
|
// Clean hash or search from the url
|
|
87
|
-
|
|
124
|
+
cleanOAuthResponseFromUrl(sdk, options);
|
|
88
125
|
}
|
|
89
126
|
|
|
90
127
|
return handleOAuthResponse(sdk, oauthParams, res, urls).catch(err => {
|
|
91
128
|
if (!isInteractionRequiredError(err)) {
|
|
92
|
-
sdk.transactionManager.clear(
|
|
129
|
+
sdk.transactionManager.clear({
|
|
130
|
+
state
|
|
131
|
+
});
|
|
93
132
|
}
|
|
94
133
|
|
|
95
134
|
throw err;
|
|
96
135
|
}).then(res => {
|
|
97
|
-
sdk.transactionManager.clear(
|
|
136
|
+
sdk.transactionManager.clear({
|
|
137
|
+
state
|
|
138
|
+
});
|
|
98
139
|
return res;
|
|
99
140
|
});
|
|
100
141
|
});
|
|
142
|
+
return _parseFromUrl.apply(this, arguments);
|
|
101
143
|
}
|
|
102
144
|
//# sourceMappingURL=parseFromUrl.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["AuthSdkError","isInteractionRequiredError","urlParamsToObject","isString","handleOAuthResponse","removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["AuthSdkError","isInteractionRequiredError","urlParamsToObject","isString","handleOAuthResponse","removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","indexOf","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","Promise","reject","urls","catch","err","clear","then"],"mappings":";;AAAA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AACA,SAASC,0BAAT,EAAqCC,iBAArC,QAA8D,QAA9D;AAQA,SAASC,QAAT,QAAyB,SAAzB;AACA,SAASC,mBAAT,QAAoC,uBAApC;;AAEA,SAASC,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAED,OAAO,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;AACzD;AACA,MAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AACA,MAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;AACA,SAAOG,YAAP;AACD;AAED,OAAO,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;AACnGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAIpB,QAAQ,CAACoB,OAAD,CAAZ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,MAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;AACA,MAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;AACA,MAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIc,QAAJ;;AAEA,MAAIH,YAAY,KAAK,OAArB,EAA8B;AAC5BG,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLU,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACS,QAAL,EAAe;AACb,UAAM,IAAI5B,YAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,SAAOE,iBAAiB,CAAC0B,QAAD,CAAxB;AACD;AAED,OAAO,SAASG,yBAAT,CAAmCzB,GAAnC,EAAwCiB,OAAxC,EAAsE;AAC3E;AACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;AACAmB,EAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;AAED,gBAAsBG,YAAtB;AAAA;AAAA;;;oCAAO,WAA4BH,GAA5B,EAAiCiB,OAAjC,EAAgG;AACrGA,IAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,QAAIpB,QAAQ,CAACoB,OAAD,CAAZ,EAAuB;AACrBA,MAAAA,OAAO,GAAG;AAAEI,QAAAA,GAAG,EAAEJ;AAAP,OAAV;AACD,KAFD,MAEO;AACLA,MAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,QAAMS,GAAkB,GAAGN,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;AACA,QAAMU,KAAK,GAAGD,GAAG,CAACC,KAAlB;AACA,QAAMC,WAA4B,GAAG5B,GAAG,CAAC6B,kBAAJ,CAAuBC,IAAvB,CAA4B;AAC/DC,MAAAA,KAAK,EAAE,IADwD;AAE/Db,MAAAA,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;AAG/DS,MAAAA;AAH+D,KAA5B,CAArC;;AAKA,QAAI,CAACC,WAAL,EAAkB;AAChB,aAAOI,OAAO,CAACC,MAAR,CAAe,IAAIvC,YAAJ,CAAiB,uDAAjB,CAAf,CAAP;AACD;;AACD,QAAMwC,IAAgB,GAAGN,WAAW,CAACM,IAArC;AACA,WAAON,WAAW,CAACM,IAAnB;;AAEA,QAAI,CAACjB,OAAO,CAACI,GAAb,EAAkB;AAChB;AACAI,MAAAA,yBAAyB,CAACzB,GAAD,EAAMiB,OAAN,CAAzB;AACD;;AAED,WAAOnB,mBAAmB,CAACE,GAAD,EAAM4B,WAAN,EAAmBF,GAAnB,EAAwBQ,IAAxB,CAAnB,CACJC,KADI,CACEC,GAAG,IAAI;AACZ,UAAI,CAACzC,0BAA0B,CAACyC,GAAD,CAA/B,EAAsC;AACpCpC,QAAAA,GAAG,CAAC6B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,UAAAA;AAD2B,SAA7B;AAGD;;AACD,YAAMS,GAAN;AACD,KARI,EASJE,IATI,CASCZ,GAAG,IAAI;AACX1B,MAAAA,GAAG,CAAC6B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,QAAAA;AAD2B,OAA7B;AAGA,aAAOD,GAAP;AACD,KAdI,CAAP;AAgBD,G","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n ParseFromUrlOptions,\n TokenResponse,\n CustomUrls,\n TransactionMeta,\n OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n } else {\n nativeLoc.hash = '';\n }\n}\n\nfunction removeSearch(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n } else {\n nativeLoc.search = '';\n }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n var responseMode = sdk.options.responseMode || defaultResponseMode;\n return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n var url = options.url;\n var responseMode = options.responseMode || getResponseMode(sdk);\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n var paramStr;\n\n if (responseMode === 'query') {\n paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n } else {\n paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n }\n\n if (!paramStr) {\n throw new AuthSdkError('Unable to parse a token from the url');\n }\n\n return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n // Clean hash or search from the url\n const responseMode = options.responseMode || getResponseMode(sdk);\n responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options: string | ParseFromUrlOptions): Promise<TokenResponse> {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n const state = res.state;\n const oauthParams: TransactionMeta = sdk.transactionManager.load({\n oauth: true,\n pkce: sdk.options.pkce,\n state\n });\n if (!oauthParams) {\n return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n }\n const urls: CustomUrls = oauthParams.urls as CustomUrls;\n delete oauthParams.urls;\n\n if (!options.url) {\n // Clean hash or search from the url\n cleanOAuthResponseFromUrl(sdk, options);\n }\n\n return handleOAuthResponse(sdk, oauthParams, res, urls)\n .catch(err => {\n if (!isInteractionRequiredError(err)) {\n sdk.transactionManager.clear({\n state\n });\n }\n throw err;\n })\n .then(res => {\n sdk.transactionManager.clear({\n state\n });\n return res;\n });\n\n}\n"],"file":"parseFromUrl.js"}
|
package/esm/oidc/renewTokens.js
CHANGED
|
@@ -12,9 +12,11 @@ import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
|
|
|
12
12
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
13
13
|
*
|
|
14
14
|
*/
|
|
15
|
+
import { AuthSdkError } from '../errors';
|
|
15
16
|
import { getWithoutPrompt } from './getWithoutPrompt';
|
|
16
17
|
import { renewTokensWithRefresh } from './renewTokensWithRefresh';
|
|
17
18
|
import { getDefaultTokenParams } from './util'; // If we have a refresh token, renew using that, otherwise getWithoutPrompt
|
|
19
|
+
// eslint-disable-next-line complexity
|
|
18
20
|
|
|
19
21
|
export function renewTokens(_x, _x2) {
|
|
20
22
|
return _renewTokens.apply(this, arguments);
|
|
@@ -26,14 +28,34 @@ function _renewTokens() {
|
|
|
26
28
|
|
|
27
29
|
if (tokens.refreshToken) {
|
|
28
30
|
return renewTokensWithRefresh(sdk, options, tokens.refreshToken);
|
|
29
|
-
}
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
if (!tokens.accessToken && !tokens.idToken) {
|
|
34
|
+
throw new AuthSdkError('renewTokens() was called but there is no existing token');
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
var accessToken = tokens.accessToken || {};
|
|
38
|
+
var idToken = tokens.idToken || {};
|
|
39
|
+
var scopes = accessToken.scopes || idToken.scopes;
|
|
40
|
+
|
|
41
|
+
if (!scopes) {
|
|
42
|
+
throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
var authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;
|
|
46
|
+
|
|
47
|
+
if (!authorizeUrl) {
|
|
48
|
+
throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');
|
|
49
|
+
}
|
|
30
50
|
|
|
51
|
+
var userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;
|
|
52
|
+
var issuer = idToken.issuer || sdk.options.issuer; // Get tokens using the SSO cookie
|
|
31
53
|
|
|
32
54
|
options = Object.assign({
|
|
33
|
-
scopes
|
|
34
|
-
authorizeUrl
|
|
35
|
-
userinfoUrl
|
|
36
|
-
issuer
|
|
55
|
+
scopes,
|
|
56
|
+
authorizeUrl,
|
|
57
|
+
userinfoUrl,
|
|
58
|
+
issuer
|
|
37
59
|
}, options);
|
|
38
60
|
|
|
39
61
|
if (sdk.options.pkce) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["getWithoutPrompt","renewTokensWithRefresh","getDefaultTokenParams","renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["AuthSdkError","getWithoutPrompt","renewTokensWithRefresh","getDefaultTokenParams","renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","then","res"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,gBAAT,QAAiC,oBAAjC;AACA,SAASC,sBAAT,QAAuC,0BAAvC;AACA,SAASC,qBAAT,QAAsC,QAAtC,C,CAEA;AACA;;AACA,gBAAsBC,WAAtB;AAAA;AAAA;;;mCAAO,WAA2BC,GAA3B,EAAgCC,OAAhC,EAAuE;AAC5E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,QAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,aAAOR,sBAAsB,CAACG,GAAD,EAAMC,OAAN,EAAeC,MAAM,CAACG,YAAtB,CAA7B;AACD;;AAED,QAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;AAC1C,YAAM,IAAIZ,YAAJ,CAAiB,yDAAjB,CAAN;AACD;;AAED,QAAMW,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;AACA,QAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;AACA,QAAMC,MAAM,GAAGF,WAAW,CAACE,MAAZ,IAAsBD,OAAO,CAACC,MAA7C;;AACA,QAAI,CAACA,MAAL,EAAa;AACX,YAAM,IAAIb,YAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAMc,YAAY,GAAGH,WAAW,CAACG,YAAZ,IAA4BF,OAAO,CAACE,YAAzD;;AACA,QAAI,CAACA,YAAL,EAAmB;AACjB,YAAM,IAAId,YAAJ,CAAiB,0DAAjB,CAAN;AACD;;AACD,QAAMe,WAAW,GAAGJ,WAAW,CAACI,WAAZ,IAA2BV,GAAG,CAACC,OAAJ,CAAYS,WAA3D;AACA,QAAMC,MAAM,GAAGJ,OAAO,CAACI,MAAR,IAAkBX,GAAG,CAACC,OAAJ,CAAYU,MAA7C,CArB4E,CAuB5E;;AACAV,IAAAA,OAAO,GAAGW,MAAM,CAACC,MAAP,CAAc;AACtBL,MAAAA,MADsB;AAEtBC,MAAAA,YAFsB;AAGtBC,MAAAA,WAHsB;AAItBC,MAAAA;AAJsB,KAAd,EAKPV,OALO,CAAV;;AAOA,QAAID,GAAG,CAACC,OAAJ,CAAYa,IAAhB,EAAsB;AACpBb,MAAAA,OAAO,CAACc,YAAR,GAAuB,MAAvB;AACD,KAFD,MAEO;AACL,UAAM;AAAEA,QAAAA;AAAF,UAAmBjB,qBAAqB,CAACE,GAAD,CAA9C;AACAC,MAAAA,OAAO,CAACc,YAAR,GAAuBA,YAAvB;AACD;;AAED,WAAOnB,gBAAgB,CAACI,GAAD,EAAMC,OAAN,CAAhB,CACJe,IADI,CACCC,GAAG,IAAIA,GAAG,CAACf,MADZ,CAAP;AAGD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options: TokenParams): Promise<Tokens> {\n const tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"file":"renewTokens.js"}
|
package/esm/oidc/util/browser.js
CHANGED
|
@@ -15,7 +15,6 @@
|
|
|
15
15
|
|
|
16
16
|
/* eslint-disable complexity, max-statements */
|
|
17
17
|
import { AuthSdkError } from '../../errors';
|
|
18
|
-
import { isIE11OrLess } from '../../features';
|
|
19
18
|
export function addListener(eventTarget, name, fn) {
|
|
20
19
|
if (eventTarget.addEventListener) {
|
|
21
20
|
eventTarget.addEventListener(name, fn);
|
|
@@ -39,17 +38,7 @@ export function loadFrame(src) {
|
|
|
39
38
|
export function loadPopup(src, options) {
|
|
40
39
|
var title = options.popupTitle || 'External Identity Provider User Authentication';
|
|
41
40
|
var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' + 'top=100, left=500, width=600, height=600';
|
|
42
|
-
|
|
43
|
-
if (isIE11OrLess()) {
|
|
44
|
-
// IE<=11 doesn't fully support postMessage at time of writting.
|
|
45
|
-
// the following simple solution happened to solve the issue
|
|
46
|
-
// without adding another proxy layer which makes flow more complecated.
|
|
47
|
-
var winEl = window.open('/', title, appearance);
|
|
48
|
-
winEl.location.href = src;
|
|
49
|
-
return winEl;
|
|
50
|
-
} else {
|
|
51
|
-
return window.open(src, title, appearance);
|
|
52
|
-
}
|
|
41
|
+
return window.open(src, title, appearance);
|
|
53
42
|
}
|
|
54
43
|
export function addPostMessageListener(sdk, timeout, state) {
|
|
55
44
|
var responseHandler;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["AuthSdkError","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["AuthSdkError","addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","Promise","resolve","reject","e","data","origin","getIssuerOrigin","setTimeout","finally","clearTimeout"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AACA,SAASA,YAAT,QAA6B,cAA7B;AAGA,OAAO,SAASC,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;AAED,OAAO,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;AAED,OAAO,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;AAED,OAAO,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;AAED,OAAO,SAASG,sBAAT,CAAgCC,GAAhC,EAA+CC,OAA/C,EAAwDC,KAAxD,EAA+D;AACpE,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,IAAIC,OAAJ,CAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEL,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBM,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOR,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIO,CAAC,CAACE,MAAF,KAAaX,GAAG,CAACY,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAInC,YAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDkC,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBApC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGS,UAAU,CAAC,YAAY;AACjCL,MAAAA,MAAM,CAAC,IAAInC,YAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnB4B,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBS,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACX,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle || 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuth, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data || e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || 120000);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n"],"file":"browser.js"}
|
|
@@ -72,13 +72,17 @@ export function isLoginRedirect(sdk) {
|
|
|
72
72
|
* the social auth IDP redirect flow.
|
|
73
73
|
*/
|
|
74
74
|
|
|
75
|
-
export function isInteractionRequired(sdk) {
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
75
|
+
export function isInteractionRequired(sdk, hashOrSearch) {
|
|
76
|
+
if (!hashOrSearch) {
|
|
77
|
+
// web only
|
|
78
|
+
// First check, is this a redirect URI?
|
|
79
|
+
if (!isLoginRedirect(sdk)) {
|
|
80
|
+
return false;
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
hashOrSearch = getHashOrSearch(sdk.options);
|
|
79
84
|
}
|
|
80
85
|
|
|
81
|
-
var hashOrSearch = getHashOrSearch(sdk.options);
|
|
82
86
|
return /(error=interaction_required)/i.test(hashOrSearch);
|
|
83
87
|
}
|
|
84
88
|
//# sourceMappingURL=loginRedirect.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","indexOf","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGA,OAAO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;AACA,OAAO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;AACA,OAAO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;AAED,OAAO,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;AAED,OAAO,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA4D;AACjE,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;AACA,SAAOH,GAAG,IAAIA,GAAG,CAACI,OAAJ,CAAYF,UAAU,CAACG,WAAvB,MAAwC,CAAtD;AACD;AAED,OAAO,SAASC,UAAT,CAAoBH,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACI,IAAR,IAAgBJ,OAAO,CAACK,YAAR,KAAyB,MAAzC,IAAmDL,OAAO,CAACM,YAAR,KAAyB,OAAnF;AACD;AAED,OAAO,SAASC,eAAT,CAAyBP,OAAzB,EAAmD;AACxD,MAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAD,CAAzB;AACA,MAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBrB,IAA3D;AACD;AAED;AACA;AACA;AACA;;AACA,OAAO,SAASuB,eAAT,CAA0Bf,GAA1B,EAAyC;AAC9C;AACA,MAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBhB,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJ6C,CAM9C;;;AACA,MAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIe,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOsB,OAAP;AACD,GAjB6C,CAmB9C;;;AACA,SAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAP,CAAgBrB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;AACA,OAAO,SAAS0B,qBAAT,CAAgClB,GAAhC,EAA+C;
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","indexOf","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGA,OAAO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;AACA,OAAO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;AACA,OAAO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;AAED,OAAO,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;AAED,OAAO,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA4D;AACjE,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;AACA,SAAOH,GAAG,IAAIA,GAAG,CAACI,OAAJ,CAAYF,UAAU,CAACG,WAAvB,MAAwC,CAAtD;AACD;AAED,OAAO,SAASC,UAAT,CAAoBH,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACI,IAAR,IAAgBJ,OAAO,CAACK,YAAR,KAAyB,MAAzC,IAAmDL,OAAO,CAACM,YAAR,KAAyB,OAAnF;AACD;AAED,OAAO,SAASC,eAAT,CAAyBP,OAAzB,EAAmD;AACxD,MAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAD,CAAzB;AACA,MAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBrB,IAA3D;AACD;AAED;AACA;AACA;AACA;;AACA,OAAO,SAASuB,eAAT,CAA0Bf,GAA1B,EAAyC;AAC9C;AACA,MAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBhB,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJ6C,CAM9C;;;AACA,MAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIe,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOsB,OAAP;AACD,GAjB6C,CAmB9C;;;AACA,SAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAP,CAAgBrB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;AACA,OAAO,SAAS0B,qBAAT,CAAgClB,GAAhC,EAA+CL,YAA/C,EAAsE;AAC3E,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,CAACoB,eAAe,CAACf,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuth, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuth): boolean {\n var authParams = sdk.options;\n return uri && uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuth) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuth, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}
|
|
@@ -16,7 +16,7 @@ export function urlParamsToObject(hashOrSearch) {
|
|
|
16
16
|
// Predefine regexs for parsing hash
|
|
17
17
|
var plus2space = /\+/g;
|
|
18
18
|
var paramSplit = /([^&=]+)=?([^&]*)/g;
|
|
19
|
-
var fragment = hashOrSearch; // Some hash based routers will automatically add a / character after the hash
|
|
19
|
+
var fragment = hashOrSearch || ''; // Some hash based routers will automatically add a / character after the hash
|
|
20
20
|
|
|
21
21
|
if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {
|
|
22
22
|
fragment = fragment.substring(2);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/urlParams.ts"],"names":["urlParamsToObject","hashOrSearch","plus2space","paramSplit","fragment","charAt","substring","obj","param","exec","key","value","decodeURIComponent","replace"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAO,SAASA,iBAAT,CAA2BC,YAA3B,EAAiD;AACtD;AACA,MAAIC,UAAU,GAAG,KAAjB;AACA,MAAIC,UAAU,GAAG,oBAAjB;AACA,MAAIC,QAAQ,GAAGH,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/urlParams.ts"],"names":["urlParamsToObject","hashOrSearch","plus2space","paramSplit","fragment","charAt","substring","obj","param","exec","key","value","decodeURIComponent","replace"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAO,SAASA,iBAAT,CAA2BC,YAA3B,EAAiD;AACtD;AACA,MAAIC,UAAU,GAAG,KAAjB;AACA,MAAIC,UAAU,GAAG,oBAAjB;AACA,MAAIC,QAAQ,GAAGH,YAAY,IAAI,EAA/B,CAJsD,CAMtD;;AACA,MAAIG,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD,GATqD,CAWtD;;;AACA,MAAIF,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD;;AAGD,MAAIC,GAAG,GAAG,EAAV,CAjBsD,CAmBtD;;AACA,MAAIC,KAAJ;;AACA,SAAO,IAAP,EAAa;AAAE;AACbA,IAAAA,KAAK,GAAGL,UAAU,CAACM,IAAX,CAAgBL,QAAhB,CAAR;;AACA,QAAI,CAACI,KAAL,EAAY;AAAE;AAAQ;;AAEtB,QAAIE,GAAG,GAAGF,KAAK,CAAC,CAAD,CAAf;AACA,QAAIG,KAAK,GAAGH,KAAK,CAAC,CAAD,CAAjB,CALW,CAOX;;AACA,QAAIE,GAAG,KAAK,UAAR,IAAsBA,GAAG,KAAK,cAA9B,IAAgDA,GAAG,KAAK,MAA5D,EAAoE;AAClEH,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWC,KAAX;AACD,KAFD,MAEO;AACLJ,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWE,kBAAkB,CAACD,KAAK,CAACE,OAAN,CAAcX,UAAd,EAA0B,GAA1B,CAAD,CAA7B;AACD;AACF;;AACD,SAAOK,GAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nexport function urlParamsToObject(hashOrSearch: string) {\n // Predefine regexs for parsing hash\n var plus2space = /\\+/g;\n var paramSplit = /([^&=]+)=?([^&]*)/g;\n var fragment = hashOrSearch || '';\n\n // Some hash based routers will automatically add a / character after the hash\n if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n fragment = fragment.substring(2);\n }\n\n // Remove the leading # or ?\n if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n fragment = fragment.substring(1);\n }\n\n\n var obj = {};\n\n // Loop until we have no more params\n var param;\n while (true) { // eslint-disable-line no-constant-condition\n param = paramSplit.exec(fragment);\n if (!param) { break; }\n\n var key = param[1];\n var value = param[2];\n\n // id_token should remain base64url encoded\n if (key === 'id_token' || key === 'access_token' || key === 'code') {\n obj[key] = value;\n } else {\n obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n }\n }\n return obj;\n}\n"],"file":"urlParams.js"}
|
|
@@ -40,12 +40,14 @@ export function validateClaims(sdk, claims, validationParams) {
|
|
|
40
40
|
throw new AuthSdkError('The JWT expired before it was issued');
|
|
41
41
|
}
|
|
42
42
|
|
|
43
|
-
if (
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
43
|
+
if (!sdk.options.ignoreLifetime) {
|
|
44
|
+
if (now - sdk.options.maxClockSkew > claims.exp) {
|
|
45
|
+
throw new AuthSdkError('The JWT expired and is no longer valid');
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
if (claims.iat > now + sdk.options.maxClockSkew) {
|
|
49
|
+
throw new AuthSdkError('The JWT was issued in the future');
|
|
50
|
+
}
|
|
49
51
|
}
|
|
50
52
|
}
|
|
51
53
|
//# sourceMappingURL=validateClaims.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["AuthSdkError","validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","now","Math","floor","Date","iat","exp","options","maxClockSkew"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAOA,YAAP,MAAyB,2BAAzB;AAGA,OAAO,SAASC,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIL,YAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAIS,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIT,YAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIU,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIP,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIP,YAAJ,CAAiB,iBAAiBG,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIL,YAAJ,CAAiB,mBAAmBG,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACW,GAAP,GAAaX,MAAM,CAACY,GAAxB,EAA6B;AAC3B,UAAM,IAAIf,YAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["AuthSdkError","validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAOA,YAAP,MAAyB,2BAAzB;AAGA,OAAO,SAASC,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIL,YAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAIS,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIT,YAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIU,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIP,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIP,YAAJ,CAAiB,iBAAiBG,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIL,YAAJ,CAAiB,mBAAmBG,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACW,GAAP,GAAaX,MAAM,CAACY,GAAxB,EAA6B;AAC3B,UAAM,IAAIf,YAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACE,GAAG,CAACc,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGR,GAAG,CAACc,OAAJ,CAAYE,YAAnB,GAAmCf,MAAM,CAACY,GAA9C,EAAmD;AACjD,YAAM,IAAIf,YAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIG,MAAM,CAACW,GAAP,GAAcJ,GAAG,GAAGR,GAAG,CAACc,OAAJ,CAAYE,YAApC,EAAmD;AACjD,YAAM,IAAIlB,YAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuth, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat > claims.exp) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew) > claims.exp) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat > (now + sdk.options.maxClockSkew)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"file":"validateClaims.js"}
|
package/esm/options.js
CHANGED
|
@@ -27,6 +27,12 @@ var BROWSER_STORAGE = {
|
|
|
27
27
|
},
|
|
28
28
|
transaction: {
|
|
29
29
|
storageTypes: ['sessionStorage', 'localStorage', 'cookie']
|
|
30
|
+
},
|
|
31
|
+
'shared-transaction': {
|
|
32
|
+
storageTypes: ['localStorage']
|
|
33
|
+
},
|
|
34
|
+
'original-uri': {
|
|
35
|
+
storageTypes: ['localStorage']
|
|
30
36
|
}
|
|
31
37
|
};
|
|
32
38
|
var SERVER_STORAGE = {
|
|
@@ -76,17 +82,23 @@ function getCookieSettings() {
|
|
|
76
82
|
export function getDefaultOptions() {
|
|
77
83
|
var storageUtil = isBrowser() ? browserStorage : serverStorage;
|
|
78
84
|
var storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;
|
|
85
|
+
var enableSharedStorage = isBrowser() ? true : false; // localStorage for multi-tab flows (browser only)
|
|
86
|
+
|
|
79
87
|
return {
|
|
80
88
|
devMode: false,
|
|
81
89
|
httpRequestClient: fetchRequest,
|
|
82
90
|
storageUtil,
|
|
83
|
-
storageManager
|
|
91
|
+
storageManager,
|
|
92
|
+
transactionManager: {
|
|
93
|
+
enableSharedStorage
|
|
94
|
+
}
|
|
84
95
|
};
|
|
85
96
|
}
|
|
86
97
|
|
|
87
98
|
function mergeOptions(options, args) {
|
|
88
99
|
return Object.assign({}, options, removeNils(args), {
|
|
89
|
-
storageManager: Object.assign({}, options.storageManager, args.storageManager)
|
|
100
|
+
storageManager: Object.assign({}, options.storageManager, args.storageManager),
|
|
101
|
+
transactionManager: Object.assign({}, options.transactionManager, args.transactionManager)
|
|
90
102
|
});
|
|
91
103
|
}
|
|
92
104
|
|
|
@@ -121,6 +133,7 @@ export function buildOptions() {
|
|
|
121
133
|
headers: args.headers,
|
|
122
134
|
devMode: !!args.devMode,
|
|
123
135
|
storageManager: args.storageManager,
|
|
136
|
+
transactionManager: args.transactionManager,
|
|
124
137
|
cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,
|
|
125
138
|
// Give the developer the ability to disable token signature validation.
|
|
126
139
|
ignoreSignature: !!args.ignoreSignature,
|
package/esm/options.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../lib/options.ts"],"names":["removeTrailingSlash","warn","removeNils","assertValidConfig","fetchRequest","browserStorage","serverStorage","isBrowser","isHTTPS","BROWSER_STORAGE","token","storageTypes","useMultipleCookies","cache","transaction","SERVER_STORAGE","getCookieSettings","args","cookieSettings","cookies","secure","sameSite","getDefaultOptions","storageUtil","storageManager","devMode","httpRequestClient","mergeOptions","options","Object","assign","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","ignoreSignature","clientSecret"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,mBAAT,EAA8BC,IAA9B,EAAoCC,UAApC,QAAsD,QAAtD;AACA,SAASC,iBAAT,QAAkC,eAAlC;AAGA,OAAOC,YAAP,MAAyB,sBAAzB;AACA,OAAOC,cAAP,MAA2B,0BAA3B;AACA,OAAOC,aAAP,MAA0B,wBAA1B;AACA,SAASC,SAAT,EAAoBC,OAApB,QAAmC,YAAnC;AAEA,IAAMC,eAAsC,GAAG;AAC7CC,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY,CADT;AAMLC,IAAAA,kBAAkB,EAAE;AANf,GADsC;AAS7CC,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GATsC;AAgB7CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;AADH;AAhBgC,CAA/C;AAyBA,IAAMI,cAAqC,GAAG;AAC5CL,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GADqC;AAM5CE,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GANqC;AAW5CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,QADY;AADH;AAX+B,CAA9C;;AAkBA,SAASK,iBAAT,GAAyE;AAAA,MAA9CC,IAA8C,uEAAtB,EAAsB;AAAA,MAAlBT,OAAkB;AACvE;AACA;AACA;AACA,MAAIU,cAAc,GAAGD,IAAI,CAACE,OAAL,IAAgB,EAArC;;AACA,MAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;AAChDF,IAAAA,cAAc,CAACE,MAAf,GAAwBZ,OAAxB;AACD;;AACD,MAAI,OAAOU,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;AAClDH,IAAAA,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;AACD,GAVsE,CAYvE;;;AACA,MAAIF,cAAc,CAACE,MAAf,IAAyB,CAACZ,OAA9B,EAAuC;AACrC;AACAP,IAAAA,IAAI,CACF,oEACA,4DADA,GAEA,gEAHE,CAAJ;AAKAiB,IAAAA,cAAc,CAACE,MAAf,GAAwB,KAAxB;AACD,GArBsE,CAuBvE;AACA;;;AACA,MAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;AAChEF,IAAAA,cAAc,CAACG,QAAf,GAA0B,KAA1B;AACD;;AAED,SAAOH,cAAP;AACD;;AAGD,OAAO,SAASI,iBAAT,GAA8C;AACnD,MAAMC,WAAW,GAAGhB,SAAS,KAAKF,cAAL,GAAsBC,aAAnD;AACA,MAAMkB,cAAc,GAAGjB,SAAS,KAAKE,eAAL,GAAuBM,cAAvD;AACA,SAAO;AACLU,IAAAA,OAAO,EAAE,KADJ;AAELC,IAAAA,iBAAiB,EAAEtB,YAFd;AAGLmB,IAAAA,WAHK;AAILC,IAAAA;AAJK,GAAP;AAMD;;AAED,SAASG,YAAT,CAAsBC,OAAtB,EAA+BX,IAA/B,EAAsD;AACpD,SAAOY,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAlB,EAA2B1B,UAAU,CAACe,IAAD,CAArC,EAA6C;AAClDO,IAAAA,cAAc,EAAEK,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACJ,cAA1B,EAA0CP,IAAI,CAACO,cAA/C;AADkC,GAA7C,CAAP;AAGD;;AAED,OAAO,SAASO,YAAT,GAAmE;AAAA,MAA7Cd,IAA6C,uEAArB,EAAqB;AACxEd,EAAAA,iBAAiB,CAACc,IAAD,CAAjB;AACAA,EAAAA,IAAI,GAAGU,YAAY,CAACL,iBAAiB,EAAlB,EAAsBL,IAAtB,CAAnB;AACA,SAAOf,UAAU,CAAC;AAChB;AACA8B,IAAAA,MAAM,EAAEhC,mBAAmB,CAACiB,IAAI,CAACe,MAAN,CAFX;AAGhBC,IAAAA,QAAQ,EAAEjC,mBAAmB,CAACiB,IAAI,CAACgB,QAAN,CAHb;AAIhBC,IAAAA,YAAY,EAAElC,mBAAmB,CAACiB,IAAI,CAACiB,YAAN,CAJjB;AAKhBC,IAAAA,WAAW,EAAEnC,mBAAmB,CAACiB,IAAI,CAACkB,WAAN,CALhB;AAMhBC,IAAAA,SAAS,EAAEpC,mBAAmB,CAACiB,IAAI,CAACmB,SAAN,CANd;AAOhBC,IAAAA,SAAS,EAAErC,mBAAmB,CAACiB,IAAI,CAACoB,SAAN,CAPd;AAQhBC,IAAAA,QAAQ,EAAErB,IAAI,CAACqB,QARC;AAShBC,IAAAA,WAAW,EAAEtB,IAAI,CAACsB,WATF;AAUhBC,IAAAA,KAAK,EAAEvB,IAAI,CAACuB,KAVI;AAWhBC,IAAAA,MAAM,EAAExB,IAAI,CAACwB,MAXG;AAYhBC,IAAAA,qBAAqB,EAAEzB,IAAI,CAACyB,qBAZZ;AAahBC,IAAAA,YAAY,EAAE1B,IAAI,CAAC0B,YAbH;AAchBC,IAAAA,YAAY,EAAE3B,IAAI,CAAC2B,YAdH;AAehBC,IAAAA,IAAI,EAAE5B,IAAI,CAAC4B,IAAL,KAAc,KAAd,GAAsB,KAAtB,GAA8B,IAfpB;AAe0B;AAC1CC,IAAAA,sBAAsB,EAAE7B,IAAI,CAAC6B,sBAhBb;AAkBhB;AACApB,IAAAA,iBAAiB,EAAET,IAAI,CAACS,iBAnBR;AAoBhBqB,IAAAA,iBAAiB,EAAE9B,IAAI,CAAC8B,iBApBR;AAqBhBC,IAAAA,kBAAkB,EAAE/B,IAAI,CAAC+B,kBArBT;AAsBhBC,IAAAA,kBAAkB,EAAEhC,IAAI,CAACgC,kBAtBT;AAuBhB1B,IAAAA,WAAW,EAAEN,IAAI,CAACM,WAvBF;AAwBhB2B,IAAAA,OAAO,EAAEjC,IAAI,CAACiC,OAxBE;AAyBhBzB,IAAAA,OAAO,EAAE,CAAC,CAACR,IAAI,CAACQ,OAzBA;AA0BhBD,IAAAA,cAAc,EAAEP,IAAI,CAACO,cA1BL;AA2BhBL,IAAAA,OAAO,EAAEZ,SAAS,KAAKS,iBAAiB,CAACC,IAAD,EAAOT,OAAO,EAAd,CAAtB,GAA0CS,IAAI,CAACE,OA3BjD;AA6BhB;AACAgC,IAAAA,eAAe,EAAE,CAAC,CAAClC,IAAI,CAACkC,eA9BR;AAgChB;AACAC,IAAAA,YAAY,EAAEnC,IAAI,CAACmC;AAjCH,GAAD,CAAjB;AAmCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { removeTrailingSlash, warn, removeNils } from './util';\nimport { assertValidConfig } from './builderUtil';\nimport { OktaAuthOptions, StorageManagerOptions } from './types';\n\nimport fetchRequest from './fetch/fetchRequest';\nimport browserStorage from './browser/browserStorage';\nimport serverStorage from './server/serverStorage';\nimport { isBrowser, isHTTPS } from './features';\n\nconst BROWSER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ],\n useMultipleCookies: true\n },\n cache: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n transaction: {\n storageTypes: [\n 'sessionStorage',\n 'localStorage',\n 'cookie'\n ]\n }\n};\n\nconst SERVER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'memory'\n ]\n },\n cache: {\n storageTypes: [\n 'memory'\n ]\n },\n transaction: {\n storageTypes: [\n 'memory'\n ]\n }\n};\n\nfunction getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n // Secure cookies will be automatically used on a HTTPS connection\n // Non-secure cookies will be automatically used on a HTTP connection\n // secure option can override the automatic behavior\n var cookieSettings = args.cookies || {};\n if (typeof cookieSettings.secure === 'undefined') {\n cookieSettings.secure = isHTTPS;\n }\n if (typeof cookieSettings.sameSite === 'undefined') {\n cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n }\n\n // If secure=true, but the connection is not HTTPS, set secure=false.\n if (cookieSettings.secure && !isHTTPS) {\n // eslint-disable-next-line no-console\n warn(\n 'The current page is not being served with the HTTPS protocol.\\n' +\n 'For security reasons, we strongly recommend using HTTPS.\\n' +\n 'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n );\n cookieSettings.secure = false;\n }\n\n // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n cookieSettings.sameSite = 'lax';\n }\n\n return cookieSettings;\n}\n\n\nexport function getDefaultOptions(): OktaAuthOptions {\n const storageUtil = isBrowser() ? browserStorage : serverStorage;\n const storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;\n return {\n devMode: false,\n httpRequestClient: fetchRequest,\n storageUtil,\n storageManager\n };\n}\n\nfunction mergeOptions(options, args): OktaAuthOptions {\n return Object.assign({}, options, removeNils(args), {\n storageManager: Object.assign({}, options.storageManager, args.storageManager)\n });\n}\n\nexport function buildOptions(args: OktaAuthOptions = {}): OktaAuthOptions {\n assertValidConfig(args);\n args = mergeOptions(getDefaultOptions(), args);\n return removeNils({\n // OIDC configuration\n issuer: removeTrailingSlash(args.issuer),\n tokenUrl: removeTrailingSlash(args.tokenUrl),\n authorizeUrl: removeTrailingSlash(args.authorizeUrl),\n userinfoUrl: removeTrailingSlash(args.userinfoUrl),\n revokeUrl: removeTrailingSlash(args.revokeUrl),\n logoutUrl: removeTrailingSlash(args.logoutUrl),\n clientId: args.clientId,\n redirectUri: args.redirectUri,\n state: args.state,\n scopes: args.scopes,\n postLogoutRedirectUri: args.postLogoutRedirectUri,\n responseMode: args.responseMode,\n responseType: args.responseType,\n pkce: args.pkce === false ? false : true, // PKCE defaults to true\n useInteractionCodeFlow: args.useInteractionCodeFlow,\n\n // Internal options\n httpRequestClient: args.httpRequestClient,\n transformErrorXHR: args.transformErrorXHR,\n transformAuthState: args.transformAuthState,\n restoreOriginalUri: args.restoreOriginalUri,\n storageUtil: args.storageUtil,\n headers: args.headers,\n devMode: !!args.devMode,\n storageManager: args.storageManager,\n cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,\n\n // Give the developer the ability to disable token signature validation.\n ignoreSignature: !!args.ignoreSignature,\n\n // Server-side web applications\n clientSecret: args.clientSecret\n });\n}\n"],"file":"options.js"}
|
|
1
|
+
{"version":3,"sources":["../../lib/options.ts"],"names":["removeTrailingSlash","warn","removeNils","assertValidConfig","fetchRequest","browserStorage","serverStorage","isBrowser","isHTTPS","BROWSER_STORAGE","token","storageTypes","useMultipleCookies","cache","transaction","SERVER_STORAGE","getCookieSettings","args","cookieSettings","cookies","secure","sameSite","getDefaultOptions","storageUtil","storageManager","enableSharedStorage","devMode","httpRequestClient","transactionManager","mergeOptions","options","Object","assign","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","ignoreSignature","clientSecret"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,mBAAT,EAA8BC,IAA9B,EAAoCC,UAApC,QAAsD,QAAtD;AACA,SAASC,iBAAT,QAAkC,eAAlC;AAGA,OAAOC,YAAP,MAAyB,sBAAzB;AACA,OAAOC,cAAP,MAA2B,0BAA3B;AACA,OAAOC,aAAP,MAA0B,wBAA1B;AACA,SAASC,SAAT,EAAoBC,OAApB,QAAmC,YAAnC;AAEA,IAAMC,eAAsC,GAAG;AAC7CC,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY,CADT;AAMLC,IAAAA,kBAAkB,EAAE;AANf,GADsC;AAS7CC,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GATsC;AAgB7CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;AADH,GAhBgC;AAuB7C,wBAAsB;AACpBA,IAAAA,YAAY,EAAE,CACZ,cADY;AADM,GAvBuB;AA4B7C,kBAAgB;AACdA,IAAAA,YAAY,EAAE,CACZ,cADY;AADA;AA5B6B,CAA/C;AAmCA,IAAMI,cAAqC,GAAG;AAC5CL,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GADqC;AAM5CE,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GANqC;AAW5CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,QADY;AADH;AAX+B,CAA9C;;AAkBA,SAASK,iBAAT,GAAyE;AAAA,MAA9CC,IAA8C,uEAAtB,EAAsB;AAAA,MAAlBT,OAAkB;AACvE;AACA;AACA;AACA,MAAIU,cAAc,GAAGD,IAAI,CAACE,OAAL,IAAgB,EAArC;;AACA,MAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;AAChDF,IAAAA,cAAc,CAACE,MAAf,GAAwBZ,OAAxB;AACD;;AACD,MAAI,OAAOU,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;AAClDH,IAAAA,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;AACD,GAVsE,CAYvE;;;AACA,MAAIF,cAAc,CAACE,MAAf,IAAyB,CAACZ,OAA9B,EAAuC;AACrC;AACAP,IAAAA,IAAI,CACF,oEACA,4DADA,GAEA,gEAHE,CAAJ;AAKAiB,IAAAA,cAAc,CAACE,MAAf,GAAwB,KAAxB;AACD,GArBsE,CAuBvE;AACA;;;AACA,MAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;AAChEF,IAAAA,cAAc,CAACG,QAAf,GAA0B,KAA1B;AACD;;AAED,SAAOH,cAAP;AACD;;AAGD,OAAO,SAASI,iBAAT,GAA8C;AACnD,MAAMC,WAAW,GAAGhB,SAAS,KAAKF,cAAL,GAAsBC,aAAnD;AACA,MAAMkB,cAAc,GAAGjB,SAAS,KAAKE,eAAL,GAAuBM,cAAvD;AACA,MAAMU,mBAAmB,GAAGlB,SAAS,KAAK,IAAL,GAAY,KAAjD,CAHmD,CAGK;;AACxD,SAAO;AACLmB,IAAAA,OAAO,EAAE,KADJ;AAELC,IAAAA,iBAAiB,EAAEvB,YAFd;AAGLmB,IAAAA,WAHK;AAILC,IAAAA,cAJK;AAKLI,IAAAA,kBAAkB,EAAE;AAClBH,MAAAA;AADkB;AALf,GAAP;AASD;;AAED,SAASI,YAAT,CAAsBC,OAAtB,EAA+Bb,IAA/B,EAAsD;AACpD,SAAOc,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAlB,EAA2B5B,UAAU,CAACe,IAAD,CAArC,EAA6C;AAClDO,IAAAA,cAAc,EAAEO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACN,cAA1B,EAA0CP,IAAI,CAACO,cAA/C,CADkC;AAElDI,IAAAA,kBAAkB,EAAEG,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACF,kBAA1B,EAA8CX,IAAI,CAACW,kBAAnD;AAF8B,GAA7C,CAAP;AAID;;AAED,OAAO,SAASK,YAAT,GAAmE;AAAA,MAA7ChB,IAA6C,uEAArB,EAAqB;AACxEd,EAAAA,iBAAiB,CAACc,IAAD,CAAjB;AACAA,EAAAA,IAAI,GAAGY,YAAY,CAACP,iBAAiB,EAAlB,EAAsBL,IAAtB,CAAnB;AACA,SAAOf,UAAU,CAAC;AAChB;AACAgC,IAAAA,MAAM,EAAElC,mBAAmB,CAACiB,IAAI,CAACiB,MAAN,CAFX;AAGhBC,IAAAA,QAAQ,EAAEnC,mBAAmB,CAACiB,IAAI,CAACkB,QAAN,CAHb;AAIhBC,IAAAA,YAAY,EAAEpC,mBAAmB,CAACiB,IAAI,CAACmB,YAAN,CAJjB;AAKhBC,IAAAA,WAAW,EAAErC,mBAAmB,CAACiB,IAAI,CAACoB,WAAN,CALhB;AAMhBC,IAAAA,SAAS,EAAEtC,mBAAmB,CAACiB,IAAI,CAACqB,SAAN,CANd;AAOhBC,IAAAA,SAAS,EAAEvC,mBAAmB,CAACiB,IAAI,CAACsB,SAAN,CAPd;AAQhBC,IAAAA,QAAQ,EAAEvB,IAAI,CAACuB,QARC;AAShBC,IAAAA,WAAW,EAAExB,IAAI,CAACwB,WATF;AAUhBC,IAAAA,KAAK,EAAEzB,IAAI,CAACyB,KAVI;AAWhBC,IAAAA,MAAM,EAAE1B,IAAI,CAAC0B,MAXG;AAYhBC,IAAAA,qBAAqB,EAAE3B,IAAI,CAAC2B,qBAZZ;AAahBC,IAAAA,YAAY,EAAE5B,IAAI,CAAC4B,YAbH;AAchBC,IAAAA,YAAY,EAAE7B,IAAI,CAAC6B,YAdH;AAehBC,IAAAA,IAAI,EAAE9B,IAAI,CAAC8B,IAAL,KAAc,KAAd,GAAsB,KAAtB,GAA8B,IAfpB;AAe0B;AAC1CC,IAAAA,sBAAsB,EAAE/B,IAAI,CAAC+B,sBAhBb;AAkBhB;AACArB,IAAAA,iBAAiB,EAAEV,IAAI,CAACU,iBAnBR;AAoBhBsB,IAAAA,iBAAiB,EAAEhC,IAAI,CAACgC,iBApBR;AAqBhBC,IAAAA,kBAAkB,EAAEjC,IAAI,CAACiC,kBArBT;AAsBhBC,IAAAA,kBAAkB,EAAElC,IAAI,CAACkC,kBAtBT;AAuBhB5B,IAAAA,WAAW,EAAEN,IAAI,CAACM,WAvBF;AAwBhB6B,IAAAA,OAAO,EAAEnC,IAAI,CAACmC,OAxBE;AAyBhB1B,IAAAA,OAAO,EAAE,CAAC,CAACT,IAAI,CAACS,OAzBA;AA0BhBF,IAAAA,cAAc,EAAEP,IAAI,CAACO,cA1BL;AA2BhBI,IAAAA,kBAAkB,EAAEX,IAAI,CAACW,kBA3BT;AA4BhBT,IAAAA,OAAO,EAAEZ,SAAS,KAAKS,iBAAiB,CAACC,IAAD,EAAOT,OAAO,EAAd,CAAtB,GAA0CS,IAAI,CAACE,OA5BjD;AA8BhB;AACAkC,IAAAA,eAAe,EAAE,CAAC,CAACpC,IAAI,CAACoC,eA/BR;AAiChB;AACAC,IAAAA,YAAY,EAAErC,IAAI,CAACqC;AAlCH,GAAD,CAAjB;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { removeTrailingSlash, warn, removeNils } from './util';\nimport { assertValidConfig } from './builderUtil';\nimport { OktaAuthOptions, StorageManagerOptions } from './types';\n\nimport fetchRequest from './fetch/fetchRequest';\nimport browserStorage from './browser/browserStorage';\nimport serverStorage from './server/serverStorage';\nimport { isBrowser, isHTTPS } from './features';\n\nconst BROWSER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ],\n useMultipleCookies: true\n },\n cache: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n transaction: {\n storageTypes: [\n 'sessionStorage',\n 'localStorage',\n 'cookie'\n ]\n },\n 'shared-transaction': {\n storageTypes: [\n 'localStorage'\n ]\n },\n 'original-uri': {\n storageTypes: [\n 'localStorage'\n ]\n }\n};\n\nconst SERVER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'memory'\n ]\n },\n cache: {\n storageTypes: [\n 'memory'\n ]\n },\n transaction: {\n storageTypes: [\n 'memory'\n ]\n }\n};\n\nfunction getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n // Secure cookies will be automatically used on a HTTPS connection\n // Non-secure cookies will be automatically used on a HTTP connection\n // secure option can override the automatic behavior\n var cookieSettings = args.cookies || {};\n if (typeof cookieSettings.secure === 'undefined') {\n cookieSettings.secure = isHTTPS;\n }\n if (typeof cookieSettings.sameSite === 'undefined') {\n cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n }\n\n // If secure=true, but the connection is not HTTPS, set secure=false.\n if (cookieSettings.secure && !isHTTPS) {\n // eslint-disable-next-line no-console\n warn(\n 'The current page is not being served with the HTTPS protocol.\\n' +\n 'For security reasons, we strongly recommend using HTTPS.\\n' +\n 'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n );\n cookieSettings.secure = false;\n }\n\n // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n cookieSettings.sameSite = 'lax';\n }\n\n return cookieSettings;\n}\n\n\nexport function getDefaultOptions(): OktaAuthOptions {\n const storageUtil = isBrowser() ? browserStorage : serverStorage;\n const storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;\n const enableSharedStorage = isBrowser() ? true : false; // localStorage for multi-tab flows (browser only)\n return {\n devMode: false,\n httpRequestClient: fetchRequest,\n storageUtil,\n storageManager,\n transactionManager: {\n enableSharedStorage\n }\n };\n}\n\nfunction mergeOptions(options, args): OktaAuthOptions {\n return Object.assign({}, options, removeNils(args), {\n storageManager: Object.assign({}, options.storageManager, args.storageManager),\n transactionManager: Object.assign({}, options.transactionManager, args.transactionManager),\n });\n}\n\nexport function buildOptions(args: OktaAuthOptions = {}): OktaAuthOptions {\n assertValidConfig(args);\n args = mergeOptions(getDefaultOptions(), args);\n return removeNils({\n // OIDC configuration\n issuer: removeTrailingSlash(args.issuer),\n tokenUrl: removeTrailingSlash(args.tokenUrl),\n authorizeUrl: removeTrailingSlash(args.authorizeUrl),\n userinfoUrl: removeTrailingSlash(args.userinfoUrl),\n revokeUrl: removeTrailingSlash(args.revokeUrl),\n logoutUrl: removeTrailingSlash(args.logoutUrl),\n clientId: args.clientId,\n redirectUri: args.redirectUri,\n state: args.state,\n scopes: args.scopes,\n postLogoutRedirectUri: args.postLogoutRedirectUri,\n responseMode: args.responseMode,\n responseType: args.responseType,\n pkce: args.pkce === false ? false : true, // PKCE defaults to true\n useInteractionCodeFlow: args.useInteractionCodeFlow,\n\n // Internal options\n httpRequestClient: args.httpRequestClient,\n transformErrorXHR: args.transformErrorXHR,\n transformAuthState: args.transformAuthState,\n restoreOriginalUri: args.restoreOriginalUri,\n storageUtil: args.storageUtil,\n headers: args.headers,\n devMode: !!args.devMode,\n storageManager: args.storageManager,\n transactionManager: args.transactionManager,\n cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,\n\n // Give the developer the ability to disable token signature validation.\n ignoreSignature: !!args.ignoreSignature,\n\n // Server-side web applications\n clientSecret: args.clientSecret\n });\n}\n"],"file":"options.js"}
|
|
@@ -13,9 +13,10 @@
|
|
|
13
13
|
import { AuthSdkError } from '../errors';
|
|
14
14
|
|
|
15
15
|
var NodeCache = require('node-cache'); // commonJS module cannot be imported without esModuleInterop
|
|
16
|
+
// this is a SHARED memory storage to support a stateless http server
|
|
16
17
|
|
|
17
18
|
|
|
18
|
-
var sharedStorage =
|
|
19
|
+
var sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;
|
|
19
20
|
|
|
20
21
|
class ServerCookies {
|
|
21
22
|
// NodeCache
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/server/serverStorage.ts"],"names":["AuthSdkError","NodeCache","require","sharedStorage","ServerCookies","constructor","nodeCache","set","name","value","expiresAt","Date","parse","ttl","now","get","delete","del","ServerStorage","storage","testStorageType","storageType","supported","getStorageByType","storageProvider","getStorage","findStorageType","getHttpCache","getItem","setItem","key"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,YAAT,QAA6B,WAA7B;;AACA,IAAMC,SAAS,GAAGC,OAAO,CAAC,YAAD,CAAzB,C,CAAyC;;;
|
|
1
|
+
{"version":3,"sources":["../../../lib/server/serverStorage.ts"],"names":["AuthSdkError","NodeCache","require","sharedStorage","ServerCookies","constructor","nodeCache","set","name","value","expiresAt","Date","parse","ttl","now","get","delete","del","ServerStorage","storage","testStorageType","storageType","supported","getStorageByType","storageProvider","getStorage","findStorageType","getHttpCache","getItem","setItem","key"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,YAAT,QAA6B,WAA7B;;AACA,IAAMC,SAAS,GAAGC,OAAO,CAAC,YAAD,CAAzB,C,CAAyC;AAEzC;;;AACA,IAAMC,aAAa,GAAG,OAAOF,SAAP,KAAqB,UAArB,GAAkC,IAAIA,SAAJ,EAAlC,GAAoD,IAA1E;;AAEA,MAAMG,aAAN,CAAuC;AACrB;AAEhBC,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACD;;AAEDC,EAAAA,GAAG,CAACC,IAAD,EAAeC,KAAf,EAA8BC,SAA9B,EAAyD;AAC1D;AACA,QAAI,CAAC,CAAEC,IAAI,CAACC,KAAL,CAAWF,SAAX,CAAP,EAA+B;AAC7B;AACA,UAAIG,GAAG,GAAG,CAACF,IAAI,CAACC,KAAL,CAAWF,SAAX,IAAwBC,IAAI,CAACG,GAAL,EAAzB,IAAuC,IAAjD;AACA,WAAKR,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB,EAAgCI,GAAhC;AACD,KAJD,MAIO;AACL,WAAKP,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB;AACD;;AAED,WAAO,KAAKM,GAAL,CAASP,IAAT,CAAP;AACD;;AAEDO,EAAAA,GAAG,CAACP,IAAD,EAAe;AAChB,WAAO,KAAKF,SAAL,CAAeS,GAAf,CAAmBP,IAAnB,CAAP;AACD;;AAEDQ,EAAAA,MAAM,CAACR,IAAD,EAAO;AACX,WAAO,KAAKF,SAAL,CAAeW,GAAf,CAAmBT,IAAnB,CAAP;AACD;;AA1BoC,C,CA4BvC;;;AACA,MAAMU,aAAN,CAA2C;AACzB;AAEhBb,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACA,SAAKa,OAAL,GAAe,IAAIf,aAAJ,CAAkBE,SAAlB,CAAf;AACD;;AAEDc,EAAAA,eAAe,CAACC,WAAD,EAAoC;AACjD,QAAIC,SAAS,GAAG,KAAhB;;AACA,YAAQD,WAAR;AACE,WAAK,QAAL;AACEC,QAAAA,SAAS,GAAG,IAAZ;AACA;;AACF;AACE;AALJ;;AAOA,WAAOA,SAAP;AACD;;AAEDC,EAAAA,gBAAgB,CAACF,WAAD,EAA0C;AACxD,QAAIG,eAAe,GAAG,IAAtB;;AACA,YAAQH,WAAR;AACE,WAAK,QAAL;AACEG,QAAAA,eAAe,GAAG,KAAKC,UAAL,EAAlB;AACA;;AACF;AACE,cAAM,IAAIzB,YAAJ,wCAAiDqB,WAAjD,EAAN;AACA;AANJ;;AAQA,WAAOG,eAAP;AACD;;AAEDE,EAAAA,eAAe,GAAgB;AAC7B,WAAO,QAAP;AACD,GAnCwC,CAqCzC;;;AACAC,EAAAA,YAAY,GAAG;AACb,WAAO,IAAP,CADa,CACA;AACd,GAxCwC,CA0CzC;;;AACAF,EAAAA,UAAU,GAAkB;AAC1B,WAAO;AACLG,MAAAA,OAAO,EAAE,KAAKtB,SAAL,CAAeS,GADnB;AAELc,MAAAA,OAAO,EAAE,CAACC,GAAD,EAAMrB,KAAN,KAAgB;AACvB,aAAKH,SAAL,CAAeC,GAAf,CAAmBuB,GAAnB,EAAwBrB,KAAxB,EAA+B,0BAA/B;AACD;AAJI,KAAP;AAMD;;AAlDwC;;AAqD3C,eAAe,IAAIS,aAAJ,CAAkBf,aAAlB,CAAf","sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { SimpleStorage, StorageType, StorageUtil, Cookies } from '../types';\nimport { AuthSdkError } from '../errors';\nconst NodeCache = require('node-cache'); // commonJS module cannot be imported without esModuleInterop\n\n// this is a SHARED memory storage to support a stateless http server\nconst sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;\n\nclass ServerCookies implements Cookies {\n nodeCache: any; // NodeCache\n \n constructor(nodeCache) {\n this.nodeCache = nodeCache;\n }\n\n set(name: string, value: string, expiresAt: string): string {\n // eslint-disable-next-line no-extra-boolean-cast\n if (!!(Date.parse(expiresAt))) {\n // Time to expiration in seconds\n var ttl = (Date.parse(expiresAt) - Date.now()) / 1000;\n this.nodeCache.set(name, value, ttl);\n } else {\n this.nodeCache.set(name, value);\n }\n\n return this.get(name);\n }\n\n get(name): string {\n return this.nodeCache.get(name);\n }\n\n delete(name) {\n return this.nodeCache.del(name);\n }\n}\n// Building this as an object allows us to mock the functions in our tests\nclass ServerStorage implements StorageUtil {\n nodeCache: any; // NodeCache\n storage: Cookies;\n constructor(nodeCache) {\n this.nodeCache = nodeCache;\n this.storage = new ServerCookies(nodeCache);\n }\n\n testStorageType(storageType: StorageType): boolean {\n var supported = false;\n switch (storageType) {\n case 'memory':\n supported = true;\n break;\n default:\n break;\n }\n return supported;\n }\n\n getStorageByType(storageType: StorageType): SimpleStorage {\n let storageProvider = null;\n switch (storageType) {\n case 'memory':\n storageProvider = this.getStorage();\n break;\n default:\n throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n break;\n }\n return storageProvider;\n }\n\n findStorageType(): StorageType {\n return 'memory';\n }\n\n // will be removed in next version. OKTA-362589\n getHttpCache() {\n return null; // stubbed in server.js\n }\n\n // shared in-memory using node cache\n getStorage(): SimpleStorage {\n return {\n getItem: this.nodeCache.get,\n setItem: (key, value) => {\n this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');\n }\n };\n }\n}\n\nexport default new ServerStorage(sharedStorage);\n"],"file":"serverStorage.js"}
|
|
@@ -130,9 +130,7 @@ function link2fn(sdk, res, obj, link, ref) {
|
|
|
130
130
|
}
|
|
131
131
|
|
|
132
132
|
var href = link.href + toQueryString(params);
|
|
133
|
-
return postToTransaction(sdk, href, data
|
|
134
|
-
withCredentials: true
|
|
135
|
-
});
|
|
133
|
+
return postToTransaction(sdk, href, data);
|
|
136
134
|
};
|
|
137
135
|
}
|
|
138
136
|
}
|