@okta/okta-auth-js 5.4.3 → 5.8.0

package/cjs/idx/remediators/Identify.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/remediators/Identify.ts"],"names":["Identify","Remediator","constructor","remediation","values","password","authenticators","some","authenticator","type","canRemediate","identifier","getData","mapCredentials","passcode","getInputCredentials","input","form","value","name","required","getValuesAfterProceed","filter"],"mappings":";;;;;;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYO,MAAMA,QAAN,SAAuBC,sBAAvB,CAAkC;AAUvCC,EAAAA,WAAW,CAACC,WAAD,EAA8BC,MAA9B,EAAuD;AAChE,UAAMD,WAAN,EAAmBC,MAAnB,EADgE,CAGhE;;AAHgE,+CAL5D;AACJ,oBAAc,CAAC,UAAD,CADV;AAEJ,qBAAe;AAFX,KAK4D;AAIhE,UAAM;AAAEC,MAAAA,QAAF;AAAYC,MAAAA;AAAZ,QAA+B,KAAKF,MAA1C;;AACA,QAAIC,QAAQ,IAAI,CAACC,cAAc,CAACC,IAAf,CAAoBC,aAAa,IAAIA,aAAa,CAACC,IAAd,KAAuB,UAA5D,CAAjB,EAA0F;AACxF,WAAKL,MAAL,GAAc,EACZ,GAAG,KAAKA,MADI;AAEZE,QAAAA,cAAc,EAAE,CAAC;AAAEG,UAAAA,IAAI,EAAE;AAAR,SAAD,EAAuB,GAAGH,cAA1B;AAFJ,OAAd;AAID;AACF;;AAEDI,EAAAA,YAAY,GAAG;AACb,UAAM;AAAEC,MAAAA;AAAF,QAAiB,KAAKC,OAAL,EAAvB;AACA,WAAO,CAAC,CAACD,UAAT;AACD;;AAEDE,EAAAA,cAAc,GAAG;AACf,WAAO;AAAEC,MAAAA,QAAQ,EAAE,KAAKV,MAAL,CAAYC;AAAxB,KAAP;AACD;;AAEDU,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AACzB,WAAO,EACL,GAAGA,KAAK,CAACC,IAAN,CAAWC,KAAX,CAAiB,CAAjB,CADE;AAELC,MAAAA,IAAI,EAAE,UAFD;AAGLC,MAAAA,QAAQ,EAAEJ,KAAK,CAACI;AAHX,KAAP;AAKD;;AAEDC,EAAAA,qBAAqB,GAAG;AACtB;AACA;AACA,QAAI,KAAKlB,WAAL,CAAiBe,KAAjB,CAAuBX,IAAvB,CAA4B,CAAC;AAAEY,MAAAA;AAAF,KAAD,KAAcA,IAAI,KAAK,aAAnD,CAAJ,EAAuE;AAAA;;AACrE,YAAMb,cAAc,4BAAI,KAAKF,MAAL,CAAYE,cAAhB,0DAAG,sBACnBgB,MADmB,CACZd,aAAa,IAAIA,aAAa,CAACC,IAAd,KAAuB,UAD5B,CAAvB;AAEA,aAAO,EAAE,GAAG,KAAKL,MAAV;AAAkBE,QAAAA;AAAlB,OAAP;AACD;;AAED,WAAO,MAAMe,qBAAN,EAAP;AACD;;AAlDsC;;;8BAA5BrB,Q,qBACc,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { Authenticator } from '../types';\nimport { IdxRemediation } from '../types/idx-js';\n\nexport interface IdentifyValues extends RemediationValues {\n  username?: string;\n  password?: string;\n}\n\nexport class Identify extends Remediator {\n  static remediationName = 'identify';\n\n  values: IdentifyValues;\n\n  map = {\n    'identifier': ['username'],\n    'credentials': []\n  };\n\n  constructor(remediation: IdxRemediation, values?: IdentifyValues) {\n    super(remediation, values);\n\n    // add password authenticator to authenticators list if password is provided\n    const { password, authenticators } = this.values;\n    if (password && !authenticators.some(authenticator => authenticator.type === 'password')) {\n      this.values = {\n        ...this.values,\n        authenticators: [{ type: 'password' }, ...authenticators] as Authenticator[]\n      };\n    }\n  }\n\n  canRemediate() {\n    const { identifier } = this.getData();\n    return !!identifier;\n  }\n\n  mapCredentials() {\n    return { passcode: this.values.password };\n  }\n\n  getInputCredentials(input) {\n    return {\n      ...input.form.value[0],\n      name: 'password',\n      required: input.required\n    };\n  }\n\n  getValuesAfterProceed() {\n    // Handle username + password scenario\n    // remove \"password\" from authenticator array when remediation is finished\n    if (this.remediation.value.some(({ name }) => name === 'credentials')) {\n      const authenticators = (this.values.authenticators as Authenticator[])\n        ?.filter(authenticator => authenticator.type !== 'password');\n      return { ...this.values, authenticators };\n    }\n\n    return super.getValuesAfterProceed();\n  }\n}\n"],"file":"Identify.js"}
+{"version":3,"sources":["../../../../lib/idx/remediators/Identify.ts"],"names":["Identify","Remediator","constructor","remediation","values","password","authenticators","some","authenticator","type","key","AuthenticatorKey","OKTA_PASSWORD","canRemediate","identifier","getData","mapCredentials","passcode","getInputCredentials","input","form","value","name","required","getValuesAfterProceed","filter"],"mappings":";;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAYO,MAAMA,QAAN,SAAuBC,sBAAvB,CAAkC;AAUvCC,EAAAA,WAAW,CAACC,WAAD,EAA8BC,MAA9B,EAAuD;AAChE,UAAMD,WAAN,EAAmBC,MAAnB,EADgE,CAGhE;;AAHgE,+CAL5D;AACJ,oBAAc,CAAC,UAAD,CADV;AAEJ,qBAAe;AAFX,KAK4D;AAIhE,UAAM;AAAEC,MAAAA,QAAF;AAAYC,MAAAA;AAAZ,QAA+B,KAAKF,MAA1C;;AACA,QAAIC,QAAQ,IAAI,CAACC,cAAc,CAACC,IAAf,CAAoBC,aAAa,IAAIA,aAAa,CAACC,IAAd,KAAuB,UAA5D,CAAjB,EAA0F;AACxF,WAAKL,MAAL,GAAc,EACZ,GAAG,KAAKA,MADI;AAEZE,QAAAA,cAAc,EAAE,CACd;AACEG,UAAAA,IAAI,EAAE,UADR;AAEEC,UAAAA,GAAG,EAAEC,wBAAiBC;AAFxB,SADc,EAKd,GAAGN,cALW;AAFJ,OAAd;AAUD;AACF;;AAEDO,EAAAA,YAAY,GAAG;AACb,UAAM;AAAEC,MAAAA;AAAF,QAAiB,KAAKC,OAAL,EAAvB;AACA,WAAO,CAAC,CAACD,UAAT;AACD;;AAEDE,EAAAA,cAAc,GAAG;AACf,WAAO;AAAEC,MAAAA,QAAQ,EAAE,KAAKb,MAAL,CAAYC;AAAxB,KAAP;AACD;;AAEDa,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AACzB,WAAO,EACL,GAAGA,KAAK,CAACC,IAAN,CAAWC,KAAX,CAAiB,CAAjB,CADE;AAELC,MAAAA,IAAI,EAAE,UAFD;AAGLC,MAAAA,QAAQ,EAAEJ,KAAK,CAACI;AAHX,KAAP;AAKD;;AAEDC,EAAAA,qBAAqB,GAAG;AACtB;AACA;AACA,QAAI,KAAKrB,WAAL,CAAiBkB,KAAjB,CAAuBd,IAAvB,CAA4B,CAAC;AAAEe,MAAAA;AAAF,KAAD,KAAcA,IAAI,KAAK,aAAnD,CAAJ,EAAuE;AAAA;;AACrE,YAAMhB,cAAc,4BAAI,KAAKF,MAAL,CAAYE,cAAhB,0DAAG,sBACnBmB,MADmB,CACZjB,aAAa,IAAIA,aAAa,CAACE,GAAd,KAAsBC,wBAAiBC,aAD5C,CAAvB;AAEA,aAAO,EAAE,GAAG,KAAKR,MAAV;AAAkBE,QAAAA;AAAlB,OAAP;AACD;;AAED,WAAO,MAAMkB,qBAAN,EAAP;AACD;;AAxDsC;;;8BAA5BxB,Q,qBACc,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { Authenticator, AuthenticatorKey } from '../types';\nimport { IdxRemediation } from '../types/idx-js';\n\nexport interface IdentifyValues extends RemediationValues {\n  username?: string;\n  password?: string;\n}\n\nexport class Identify extends Remediator {\n  static remediationName = 'identify';\n\n  values: IdentifyValues;\n\n  map = {\n    'identifier': ['username'],\n    'credentials': []\n  };\n\n  constructor(remediation: IdxRemediation, values?: IdentifyValues) {\n    super(remediation, values);\n\n    // add password authenticator to authenticators list if password is provided\n    const { password, authenticators } = this.values;\n    if (password && !authenticators.some(authenticator => authenticator.type === 'password')) {\n      this.values = {\n        ...this.values,\n        authenticators: [\n          { \n            type: 'password',\n            key: AuthenticatorKey.OKTA_PASSWORD\n          }, \n          ...authenticators\n        ] as Authenticator[]\n      };\n    }\n  }\n\n  canRemediate() {\n    const { identifier } = this.getData();\n    return !!identifier;\n  }\n\n  mapCredentials() {\n    return { passcode: this.values.password };\n  }\n\n  getInputCredentials(input) {\n    return {\n      ...input.form.value[0],\n      name: 'password',\n      required: input.required\n    };\n  }\n\n  getValuesAfterProceed() {\n    // Handle username + password scenario\n    // remove \"password\" from authenticator array when remediation is finished\n    if (this.remediation.value.some(({ name }) => name === 'credentials')) {\n      const authenticators = (this.values.authenticators as Authenticator[])\n        ?.filter(authenticator => authenticator.key !== AuthenticatorKey.OKTA_PASSWORD);\n      return { ...this.values, authenticators };\n    }\n\n    return super.getValuesAfterProceed();\n  }\n}\n"],"file":"Identify.js"}

package/cjs/idx/remediators/ReEnrollAuthenticator.js

@@ -34,7 +34,7 @@ class ReEnrollAuthenticator extends _Remediator.Remediator {
   }
 
   getInputCredentials(input) {
-    const challengeType = this.getRelatesToType();
+    const challengeType = this.getAuthenticator().type;
     const name = challengeType === 'password' ? 'newPassword' : 'verificationCode';
     return { ...input.form.value[0],
       name

package/cjs/idx/remediators/ReEnrollAuthenticator.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/remediators/ReEnrollAuthenticator.ts"],"names":["ReEnrollAuthenticator","Remediator","mapCredentials","passcode","values","newPassword","getInputCredentials","input","challengeType","getRelatesToType","name","form","value"],"mappings":";;;;;;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,MAAMA,qBAAN,SAAoCC,sBAApC,CAA+C;AAAA;AAAA;AAAA,+CAK9C;AACJ,qBAAe;AADX,KAL8C;AAAA;;AASpDC,EAAAA,cAAc,GAAG;AACf,WAAO;AACLC,MAAAA,QAAQ,EAAE,KAAKC,MAAL,CAAYC;AADjB,KAAP;AAGD;;AAEDC,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AACzB,UAAMC,aAAa,GAAG,KAAKC,gBAAL,EAAtB;AACA,UAAMC,IAAI,GAAGF,aAAa,KAAK,UAAlB,GAA+B,aAA/B,GAA+C,kBAA5D;AACA,WAAO,EACL,GAAGD,KAAK,CAACI,IAAN,CAAWC,KAAX,CAAiB,CAAjB,CADE;AAELF,MAAAA;AAFK,KAAP;AAID;;AAtBmD;;;8BAAzCV,qB,qBACc,wB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface ReEnrollAuthenticatorValues extends RemediationValues {\n  newPassword?: string;\n}\n\nexport class ReEnrollAuthenticator extends Remediator {\n  static remediationName = 'reenroll-authenticator';\n\n  values: ReEnrollAuthenticatorValues;\n\n  map = {\n    'credentials': []\n  };\n\n  mapCredentials() {\n    return { \n      passcode: this.values.newPassword,\n    };\n  }\n\n  getInputCredentials(input) {\n    const challengeType = this.getRelatesToType();\n    const name = challengeType === 'password' ? 'newPassword' : 'verificationCode';\n    return {\n      ...input.form.value[0],\n      name\n    };\n  }\n\n}\n"],"file":"ReEnrollAuthenticator.js"}
+{"version":3,"sources":["../../../../lib/idx/remediators/ReEnrollAuthenticator.ts"],"names":["ReEnrollAuthenticator","Remediator","mapCredentials","passcode","values","newPassword","getInputCredentials","input","challengeType","getAuthenticator","type","name","form","value"],"mappings":";;;;;;;;AAaA;;AAbA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AASO,MAAMA,qBAAN,SAAoCC,sBAApC,CAA+C;AAAA;AAAA;AAAA,+CAK9C;AACJ,qBAAe;AADX,KAL8C;AAAA;;AASpDC,EAAAA,cAAc,GAAG;AACf,WAAO;AACLC,MAAAA,QAAQ,EAAE,KAAKC,MAAL,CAAYC;AADjB,KAAP;AAGD;;AAEDC,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AACzB,UAAMC,aAAa,GAAG,KAAKC,gBAAL,GAAwBC,IAA9C;AACA,UAAMC,IAAI,GAAGH,aAAa,KAAK,UAAlB,GAA+B,aAA/B,GAA+C,kBAA5D;AACA,WAAO,EACL,GAAGD,KAAK,CAACK,IAAN,CAAWC,KAAX,CAAiB,CAAjB,CADE;AAELF,MAAAA;AAFK,KAAP;AAID;;AAtBmD;;;8BAAzCX,qB,qBACc,wB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface ReEnrollAuthenticatorValues extends RemediationValues {\n  newPassword?: string;\n}\n\nexport class ReEnrollAuthenticator extends Remediator {\n  static remediationName = 'reenroll-authenticator';\n\n  values: ReEnrollAuthenticatorValues;\n\n  map = {\n    'credentials': []\n  };\n\n  mapCredentials() {\n    return { \n      passcode: this.values.newPassword,\n    };\n  }\n\n  getInputCredentials(input) {\n    const challengeType = this.getAuthenticator().type;\n    const name = challengeType === 'password' ? 'newPassword' : 'verificationCode';\n    return {\n      ...input.form.value[0],\n      name\n    };\n  }\n\n}\n"],"file":"ReEnrollAuthenticator.js"}

package/cjs/idx/run.js

@@ -14,6 +14,8 @@ var _errors = require("../errors");
 
 var _types = require("../types");
 
+var _transactionMeta = require("./transactionMeta");
+
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
@@ -90,16 +92,35 @@ async function run(authClient, options) {
   let availableSteps;
   let status = _types.IdxStatus.PENDING;
   let shouldClearTransaction = false;
+  let idxResponse;
+  let interactionHandle;
+  let metaFromResp;
 
   try {
-    // Start/resume the flow
     const {
-      interactionHandle,
-      meta: metaFromResp
-    } = await (0, _interact.interact)(authClient, options); // Introspect to get idx response
+      stateTokenExternalId,
+      state
+    } = options;
+
+    if (stateTokenExternalId) {
+      var _metaFromResp;
+
+      // Email verify callback: retrieve saved interactionHandle, if possible
+      metaFromResp = (0, _transactionMeta.getSavedTransactionMeta)(authClient, {
+        state
+      });
+      interactionHandle = (_metaFromResp = metaFromResp) === null || _metaFromResp === void 0 ? void 0 : _metaFromResp.interactionHandle; // may be undefined
+    } else {
+      // Start/resume the flow. Will request a new interactionHandle if none is found in storage.
+      const interactResponse = await (0, _interact.interact)(authClient, options);
+      interactionHandle = interactResponse.interactionHandle;
+      metaFromResp = interactResponse.meta;
+    } // Introspect to get idx response
 
-    const idxResponse = await (0, _introspect.introspect)(authClient, {
-      interactionHandle
+
+    idxResponse = await (0, _introspect.introspect)(authClient, {
+      interactionHandle,
+      stateTokenExternalId
     });
 
     if (!options.flow && !options.actions) {
@@ -173,6 +194,7 @@ async function run(authClient, options) {
   }
 
   return {
+    _idxResponse: idxResponse,
     status,
     ...(meta && {
       meta

package/cjs/idx/run.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","IdxFeature","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediations","remediatorMap","Object","values","remediators","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","IdxStatus","PENDING","shouldClearTransaction","interactionHandle","metaFromResp","flow","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","transactionManager","saveIdxResponse","TERMINAL","CANCELED","interactionCode","flowMonitor","isFinished","AuthSdkError","clientId","codeVerifier","ignoreSignature","redirectUri","urls","scopes","token","exchangeCodeForTokens","SUCCESS","err","FAILURE","clear"],"mappings":";;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;AACA;;;;;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAwBA,SAASA,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,QAAMC,GAAG,GAAG,EAAZ;AACA,QAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWC,iBAApB;AACD;;AAED,MAAIH,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,uBAA5C,CAAJ,EAA0E;AACxEP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWI,YAApB;AACD;;AAED,MAAIN,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,cAA5C,CAAJ,EAAiE;AAC/DP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWK,UAApB;AACD;;AAED,SAAOT,GAAP;AACD;;AAED,SAASU,iBAAT,CAA2BC,YAA3B,EAAuE;AACrE,QAAMX,GAAG,GAAG,EAAZ;AAEA,QAAMY,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcC,WAAd,EAA2BC,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBT,YAAxB,EAAsC;AACpC,UAAMU,CAAC,GAAGT,aAAa,CAACQ,WAAW,CAACb,IAAb,CAAvB;;AACA,QAAIc,CAAJ,EAAO;AACL,YAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACApB,MAAAA,GAAG,CAACG,IAAJ,CAAUmB,UAAU,CAACC,WAAX,EAAV;AACD;AACF;;AAED,SAAOvB,GAAP;AACD;;AAEM,eAAewB,GAAf,CACLC,UADK,EAELC,OAFK,EAGoB;AACzB,MAAIC,MAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,KAAJ;AACA,MAAIC,IAAJ;AACA,MAAIC,eAAJ;AACA,MAAIC,cAAJ;AACA,MAAIC,MAAM,GAAGC,iBAAUC,OAAvB;AACA,MAAIC,sBAAsB,GAAG,KAA7B;;AAEA,MAAI;AACF;AACA,UAAM;AAAEC,MAAAA,iBAAF;AAAqBP,MAAAA,IAAI,EAAEQ;AAA3B,QAA4C,MAAM,wBAASd,UAAT,EAAqBC,OAArB,CAAxD,CAFE,CAIF;;AACA,UAAM3B,WAAW,GAAG,MAAM,4BAAW0B,UAAX,EAAuB;AAAEa,MAAAA;AAAF,KAAvB,CAA1B;;AAEA,QAAI,CAACZ,OAAO,CAACc,IAAT,IAAiB,CAACd,OAAO,CAACzB,OAA9B,EAAuC;AACrC;AACA8B,MAAAA,IAAI,GAAGQ,YAAP;AACAP,MAAAA,eAAe,GAAGlC,kBAAkB,CAACC,WAAD,CAApC;AACAkC,MAAAA,cAAc,GAAGvB,iBAAiB,CAACX,WAAW,CAACG,eAAb,CAAlC;AACD,KALD,MAKO;AACL,YAAMY,MAAqC,GAAG,EAC5C,GAAGY,OADyC;AAE5Ce,QAAAA,WAAW,EAAE1C,WAAW,CAAC2C,WAAZ,CAAwBD;AAFO,OAA9C,CADK,CAML;;AACA,YAAM;AACJ1C,QAAAA,WAAW,EAAE4C,mBADT;AAEJf,QAAAA,QAAQ,EAAEgB,gBAFN;AAGJC,QAAAA,QAHI;AAIJC,QAAAA,QAJI;AAKJjB,QAAAA,QAAQ,EAAEkB;AALN,UAMF,MAAM,0BAAUhD,WAAV,EAAuBe,MAAvB,EAA+BY,OAA/B,CANV,CAPK,CAeL;;AACAE,MAAAA,QAAQ,GAAGgB,gBAAX;AACAf,MAAAA,QAAQ,GAAGkB,gBAAX,CAjBK,CAmBL;;AACA,UAAInB,QAAQ,IAAIe,mBAAhB,EAAqC;AACnClB,QAAAA,UAAU,CAACuB,kBAAX,CAA8BC,eAA9B,CAA8CN,mBAAmB,CAACD,WAAlE;AACD;;AAED,UAAIG,QAAJ,EAAc;AACZX,QAAAA,MAAM,GAAGC,iBAAUe,QAAnB;AACAb,QAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAAC,UAAIS,QAAJ,EAAc;AACdZ,QAAAA,MAAM,GAAGC,iBAAUgB,QAAnB;AACAd,QAAAA,sBAAsB,GAAG,IAAzB;AACD,OAHC,MAGK,IAAIM,mBAAJ,aAAIA,mBAAJ,eAAIA,mBAAmB,CAAES,eAAzB,EAA0C;AAC/C;AACA;AACA,YAAI,EAAE,MAAM1B,OAAO,CAAC2B,WAAR,CAAoBC,UAApB,EAAR,CAAJ,EAA+C;AAC7C,gBAAM,IAAIC,oBAAJ,CAAiB,mEAAjB,CAAN;AACD;;AAED,cAAM;AACJC,UAAAA,QADI;AAEJC,UAAAA,YAFI;AAGJC,UAAAA,eAHI;AAIJC,UAAAA,WAJI;AAKJC,UAAAA,IALI;AAMJC,UAAAA;AANI,YAOFtB,YAPJ;AAQAZ,QAAAA,MAAM,GAAG,MAAMF,UAAU,CAACqC,KAAX,CAAiBC,qBAAjB,CAAuC;AACpDX,UAAAA,eAAe,EAAET,mBAAmB,CAACS,eADe;AAEpDI,UAAAA,QAFoD;AAGpDC,UAAAA,YAHoD;AAIpDC,UAAAA,eAJoD;AAKpDC,UAAAA,WALoD;AAMpDE,UAAAA;AANoD,SAAvC,EAOZD,IAPY,CAAf;AASA1B,QAAAA,MAAM,GAAGC,iBAAU6B,OAAnB;AACA3B,QAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF,GAtED,CAsEE,OAAO4B,GAAP,EAAY;AACZnC,IAAAA,KAAK,GAAGmC,GAAR;AACA/B,IAAAA,MAAM,GAAGC,iBAAU+B,OAAnB;AACA7B,IAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAED,MAAIA,sBAAJ,EAA4B;AAC1BZ,IAAAA,UAAU,CAACuB,kBAAX,CAA8BmB,KAA9B;AACD;;AAED,SAAO;AACLjC,IAAAA,MADK;AAEL,QAAIH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAAZ,CAFK;AAGL,QAAIC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAAvB,CAHK;AAIL,QAAIC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KAAtB,CAJK;AAKL,QAAIN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KAAd,CALK;AAML,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CANK;AAOL,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CAPK;AAQL,QAAIC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KAAb;AARK,GAAP;AAUD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { FlowMonitor } from './flowMonitors';\nimport * as remediators from './remediators';\nimport { AuthSdkError } from '../errors';\nimport { \n  OktaAuth,\n  IdxOptions,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n} from '../types';\nimport { IdxResponse, IdxRemediation } from './types/idx-js';\n\nexport type RemediationFlow = Record<string, typeof remediators.Remediator>;\nexport interface RunOptions {\n  flow?: RemediationFlow;\n  actions?: string[];\n  flowMonitor?: FlowMonitor;\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP);\n  }\n\n  return res;\n}\n\nfunction getAvailableSteps(remediations: IdxRemediation[]): NextStep[] {\n  const res = [];\n\n  const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n    // Only add concrete subclasses to the map\n    if (remediatorClass.remediationName) {\n      map[remediatorClass.remediationName] = remediatorClass;\n    }\n    return map;\n  }, {});\n\n  for (let remediation of remediations) {\n    const T = remediatorMap[remediation.name];\n    if (T) {\n      const remediator = new T(remediation);\n      res.push (remediator.getNextStep());\n    }\n  }\n\n  return res;\n}\n\nexport async function run(\n  authClient: OktaAuth, \n  options: RunOptions & IdxOptions,\n): Promise<IdxTransaction> {\n  let tokens;\n  let nextStep;\n  let messages;\n  let error;\n  let meta;\n  let enabledFeatures;\n  let availableSteps;\n  let status = IdxStatus.PENDING;\n  let shouldClearTransaction = false;\n\n  try {\n    // Start/resume the flow\n    const { interactionHandle, meta: metaFromResp } = await interact(authClient, options); \n\n    // Introspect to get idx response\n    const idxResponse = await introspect(authClient, { interactionHandle });\n\n    if (!options.flow && !options.actions) {\n      // handle start transaction\n      meta = metaFromResp;\n      enabledFeatures = getEnabledFeatures(idxResponse);\n      availableSteps = getAvailableSteps(idxResponse.neededToProceed);\n    } else {\n      const values: remediators.RemediationValues = { \n        ...options, \n        stateHandle: idxResponse.rawIdxState.stateHandle \n      };\n\n      // Can we handle the remediations?\n      const { \n        idxResponse: idxResponseFromResp, \n        nextStep: nextStepFromResp,\n        terminal,\n        canceled,\n        messages: messagesFromResp,\n      } = await remediate(idxResponse, values, options);\n\n      // Track fields from remediation response\n      nextStep = nextStepFromResp;\n      messages = messagesFromResp;\n\n      // Save intermediate idx response in storage to reduce introspect call\n      if (nextStep && idxResponseFromResp) {\n        authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);\n      }\n\n      if (terminal) {\n        status = IdxStatus.TERMINAL;\n        shouldClearTransaction = true;\n      } if (canceled) {\n        status = IdxStatus.CANCELED;\n        shouldClearTransaction = true;\n      } else if (idxResponseFromResp?.interactionCode) { \n        // Flows may end with interactionCode before the key remediation being hit\n        // Double check if flow is finished to mitigate confusion with the wrapper methods\n        if (!(await options.flowMonitor.isFinished())) {\n          throw new AuthSdkError('Current flow is not supported, check policy settings in your org.');\n        }\n\n        const {\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          urls,\n          scopes,\n        } = metaFromResp;\n        tokens = await authClient.token.exchangeCodeForTokens({\n          interactionCode: idxResponseFromResp.interactionCode,\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          scopes\n        }, urls);\n\n        status = IdxStatus.SUCCESS;\n        shouldClearTransaction = true;\n      }\n    }\n  } catch (err) {\n    error = err;\n    status = IdxStatus.FAILURE;\n    shouldClearTransaction = true;\n  }\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear();\n  }\n  \n  return {\n    status,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens: tokens.tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && { messages }),\n    ...(error && { error }),\n  };\n}\n"],"file":"run.js"}
+{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","IdxFeature","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediations","remediatorMap","Object","values","remediators","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","IdxStatus","PENDING","shouldClearTransaction","interactionHandle","metaFromResp","stateTokenExternalId","state","interactResponse","flow","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","transactionManager","saveIdxResponse","TERMINAL","CANCELED","interactionCode","flowMonitor","isFinished","AuthSdkError","clientId","codeVerifier","ignoreSignature","redirectUri","urls","scopes","token","exchangeCodeForTokens","SUCCESS","err","FAILURE","clear","_idxResponse"],"mappings":";;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;AACA;;AASA;;;;;;AA7BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AA0BA,SAASA,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,QAAMC,GAAG,GAAG,EAAZ;AACA,QAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWC,iBAApB;AACD;;AAED,MAAIH,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,uBAA5C,CAAJ,EAA0E;AACxEP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWI,YAApB;AACD;;AAED,MAAIN,eAAe,CAACI,IAAhB,CAAqB,CAAC;AAAEC,IAAAA;AAAF,GAAD,KAAcA,IAAI,KAAK,cAA5C,CAAJ,EAAiE;AAC/DP,IAAAA,GAAG,CAACG,IAAJ,CAASC,kBAAWK,UAApB;AACD;;AAED,SAAOT,GAAP;AACD;;AAED,SAASU,iBAAT,CAA2BC,YAA3B,EAAuE;AACrE,QAAMX,GAAG,GAAG,EAAZ;AAEA,QAAMY,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcC,WAAd,EAA2BC,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBT,YAAxB,EAAsC;AACpC,UAAMU,CAAC,GAAGT,aAAa,CAACQ,WAAW,CAACb,IAAb,CAAvB;;AACA,QAAIc,CAAJ,EAAO;AACL,YAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACApB,MAAAA,GAAG,CAACG,IAAJ,CAAUmB,UAAU,CAACC,WAAX,EAAV;AACD;AACF;;AAED,SAAOvB,GAAP;AACD;;AAEM,eAAewB,GAAf,CACLC,UADK,EAELC,OAFK,EAGoB;AACzB,MAAIC,MAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,QAAJ;AACA,MAAIC,KAAJ;AACA,MAAIC,IAAJ;AACA,MAAIC,eAAJ;AACA,MAAIC,cAAJ;AACA,MAAIC,MAAM,GAAGC,iBAAUC,OAAvB;AACA,MAAIC,sBAAsB,GAAG,KAA7B;AACA,MAAItC,WAAJ;AACA,MAAIuC,iBAAJ;AACA,MAAIC,YAAJ;;AAEA,MAAI;AAEF,UAAM;AAAEC,MAAAA,oBAAF;AAAwBC,MAAAA;AAAxB,QAAkCf,OAAxC;;AACA,QAAIc,oBAAJ,EAA0B;AAAA;;AACxB;AACAD,MAAAA,YAAY,GAAG,8CAAwBd,UAAxB,EAAoC;AAAEgB,QAAAA;AAAF,OAApC,CAAf;AACAH,MAAAA,iBAAiB,oBAAGC,YAAH,kDAAG,cAAcD,iBAAlC,CAHwB,CAG6B;AACtD,KAJD,MAIO;AACL;AACA,YAAMI,gBAAgB,GAAG,MAAM,wBAASjB,UAAT,EAAqBC,OAArB,CAA/B;AACAY,MAAAA,iBAAiB,GAAGI,gBAAgB,CAACJ,iBAArC;AACAC,MAAAA,YAAY,GAAGG,gBAAgB,CAACX,IAAhC;AACD,KAZC,CAcF;;;AACAhC,IAAAA,WAAW,GAAG,MAAM,4BAAW0B,UAAX,EAAuB;AAAEa,MAAAA,iBAAF;AAAqBE,MAAAA;AAArB,KAAvB,CAApB;;AAEA,QAAI,CAACd,OAAO,CAACiB,IAAT,IAAiB,CAACjB,OAAO,CAACzB,OAA9B,EAAuC;AACrC;AACA8B,MAAAA,IAAI,GAAGQ,YAAP;AACAP,MAAAA,eAAe,GAAGlC,kBAAkB,CAACC,WAAD,CAApC;AACAkC,MAAAA,cAAc,GAAGvB,iBAAiB,CAACX,WAAW,CAACG,eAAb,CAAlC;AACD,KALD,MAKO;AACL,YAAMY,MAAqC,GAAG,EAC5C,GAAGY,OADyC;AAE5CkB,QAAAA,WAAW,EAAE7C,WAAW,CAAC8C,WAAZ,CAAwBD;AAFO,OAA9C,CADK,CAML;;AACA,YAAM;AACJ7C,QAAAA,WAAW,EAAE+C,mBADT;AAEJlB,QAAAA,QAAQ,EAAEmB,gBAFN;AAGJC,QAAAA,QAHI;AAIJC,QAAAA,QAJI;AAKJpB,QAAAA,QAAQ,EAAEqB;AALN,UAMF,MAAM,0BAAUnD,WAAV,EAAuBe,MAAvB,EAA+BY,OAA/B,CANV,CAPK,CAeL;;AACAE,MAAAA,QAAQ,GAAGmB,gBAAX;AACAlB,MAAAA,QAAQ,GAAGqB,gBAAX,CAjBK,CAmBL;;AACA,UAAItB,QAAQ,IAAIkB,mBAAhB,EAAqC;AACnCrB,QAAAA,UAAU,CAAC0B,kBAAX,CAA8BC,eAA9B,CAA8CN,mBAAmB,CAACD,WAAlE;AACD;;AAED,UAAIG,QAAJ,EAAc;AACZd,QAAAA,MAAM,GAAGC,iBAAUkB,QAAnB;AACAhB,QAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAAC,UAAIY,QAAJ,EAAc;AACdf,QAAAA,MAAM,GAAGC,iBAAUmB,QAAnB;AACAjB,QAAAA,sBAAsB,GAAG,IAAzB;AACD,OAHC,MAGK,IAAIS,mBAAJ,aAAIA,mBAAJ,eAAIA,mBAAmB,CAAES,eAAzB,EAA0C;AAC/C;AACA;AACA,YAAI,EAAE,MAAM7B,OAAO,CAAC8B,WAAR,CAAoBC,UAApB,EAAR,CAAJ,EAA+C;AAC7C,gBAAM,IAAIC,oBAAJ,CAAiB,mEAAjB,CAAN;AACD;;AAED,cAAM;AACJC,UAAAA,QADI;AAEJC,UAAAA,YAFI;AAGJC,UAAAA,eAHI;AAIJC,UAAAA,WAJI;AAKJC,UAAAA,IALI;AAMJC,UAAAA;AANI,YAOFzB,YAPJ;AAQAZ,QAAAA,MAAM,GAAG,MAAMF,UAAU,CAACwC,KAAX,CAAiBC,qBAAjB,CAAuC;AACpDX,UAAAA,eAAe,EAAET,mBAAmB,CAACS,eADe;AAEpDI,UAAAA,QAFoD;AAGpDC,UAAAA,YAHoD;AAIpDC,UAAAA,eAJoD;AAKpDC,UAAAA,WALoD;AAMpDE,UAAAA;AANoD,SAAvC,EAOZD,IAPY,CAAf;AASA7B,QAAAA,MAAM,GAAGC,iBAAUgC,OAAnB;AACA9B,QAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF,GAhFD,CAgFE,OAAO+B,GAAP,EAAY;AACZtC,IAAAA,KAAK,GAAGsC,GAAR;AACAlC,IAAAA,MAAM,GAAGC,iBAAUkC,OAAnB;AACAhC,IAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAED,MAAIA,sBAAJ,EAA4B;AAC1BZ,IAAAA,UAAU,CAAC0B,kBAAX,CAA8BmB,KAA9B;AACD;;AAED,SAAO;AACLC,IAAAA,YAAY,EAAExE,WADT;AAELmC,IAAAA,MAFK;AAGL,QAAIH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAAZ,CAHK;AAIL,QAAIC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAAvB,CAJK;AAKL,QAAIC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KAAtB,CALK;AAML,QAAIN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KAAd,CANK;AAOL,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CAPK;AAQL,QAAIC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAAhB,CARK;AASL,QAAIC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KAAb;AATK,GAAP;AAWD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { FlowMonitor } from './flowMonitors';\nimport * as remediators from './remediators';\nimport { AuthSdkError } from '../errors';\nimport { \n  OktaAuth,\n  IdxOptions,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n} from '../types';\nimport { IdxResponse, IdxRemediation } from './types/idx-js';\nimport { getSavedTransactionMeta } from './transactionMeta';\n\nexport type RemediationFlow = Record<string, typeof remediators.Remediator>;\nexport interface RunOptions {\n  flow?: RemediationFlow;\n  actions?: string[];\n  flowMonitor?: FlowMonitor;\n  stateTokenExternalId?: string;\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP);\n  }\n\n  return res;\n}\n\nfunction getAvailableSteps(remediations: IdxRemediation[]): NextStep[] {\n  const res = [];\n\n  const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n    // Only add concrete subclasses to the map\n    if (remediatorClass.remediationName) {\n      map[remediatorClass.remediationName] = remediatorClass;\n    }\n    return map;\n  }, {});\n\n  for (let remediation of remediations) {\n    const T = remediatorMap[remediation.name];\n    if (T) {\n      const remediator = new T(remediation);\n      res.push (remediator.getNextStep());\n    }\n  }\n\n  return res;\n}\n\nexport async function run(\n  authClient: OktaAuth, \n  options: RunOptions & IdxOptions,\n): Promise<IdxTransaction> {\n  let tokens;\n  let nextStep;\n  let messages;\n  let error;\n  let meta;\n  let enabledFeatures;\n  let availableSteps;\n  let status = IdxStatus.PENDING;\n  let shouldClearTransaction = false;\n  let idxResponse;\n  let interactionHandle;\n  let metaFromResp;\n\n  try {\n\n    const { stateTokenExternalId, state } = options;\n    if (stateTokenExternalId) {\n      // Email verify callback: retrieve saved interactionHandle, if possible\n      metaFromResp = getSavedTransactionMeta(authClient, { state });\n      interactionHandle = metaFromResp?.interactionHandle; // may be undefined\n    } else {\n      // Start/resume the flow. Will request a new interactionHandle if none is found in storage.\n      const interactResponse = await interact(authClient, options); \n      interactionHandle = interactResponse.interactionHandle;\n      metaFromResp = interactResponse.meta;\n    }\n\n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { interactionHandle, stateTokenExternalId });\n\n    if (!options.flow && !options.actions) {\n      // handle start transaction\n      meta = metaFromResp;\n      enabledFeatures = getEnabledFeatures(idxResponse);\n      availableSteps = getAvailableSteps(idxResponse.neededToProceed);\n    } else {\n      const values: remediators.RemediationValues = { \n        ...options, \n        stateHandle: idxResponse.rawIdxState.stateHandle \n      };\n\n      // Can we handle the remediations?\n      const { \n        idxResponse: idxResponseFromResp, \n        nextStep: nextStepFromResp,\n        terminal,\n        canceled,\n        messages: messagesFromResp,\n      } = await remediate(idxResponse, values, options);\n\n      // Track fields from remediation response\n      nextStep = nextStepFromResp;\n      messages = messagesFromResp;\n\n      // Save intermediate idx response in storage to reduce introspect call\n      if (nextStep && idxResponseFromResp) {\n        authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);\n      }\n\n      if (terminal) {\n        status = IdxStatus.TERMINAL;\n        shouldClearTransaction = true;\n      } if (canceled) {\n        status = IdxStatus.CANCELED;\n        shouldClearTransaction = true;\n      } else if (idxResponseFromResp?.interactionCode) { \n        // Flows may end with interactionCode before the key remediation being hit\n        // Double check if flow is finished to mitigate confusion with the wrapper methods\n        if (!(await options.flowMonitor.isFinished())) {\n          throw new AuthSdkError('Current flow is not supported, check policy settings in your org.');\n        }\n\n        const {\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          urls,\n          scopes,\n        } = metaFromResp;\n        tokens = await authClient.token.exchangeCodeForTokens({\n          interactionCode: idxResponseFromResp.interactionCode,\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          scopes\n        }, urls);\n\n        status = IdxStatus.SUCCESS;\n        shouldClearTransaction = true;\n      }\n    }\n  } catch (err) {\n    error = err;\n    status = IdxStatus.FAILURE;\n    shouldClearTransaction = true;\n  }\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear();\n  }\n  \n  return {\n    _idxResponse: idxResponse, \n    status,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens: tokens.tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && { messages }),\n    ...(error && { error }),\n  };\n}\n"],"file":"run.js"}

package/cjs/idx/transactionMeta.js

@@ -2,6 +2,7 @@
 
 exports.createTransactionMeta = createTransactionMeta;
 exports.transactionMetaExist = transactionMetaExist;
+exports.getSavedTransactionMeta = getSavedTransactionMeta;
 exports.getTransactionMeta = getTransactionMeta;
 exports.saveTransactionMeta = saveTransactionMeta;
 exports.clearTransactionMeta = clearTransactionMeta;
@@ -27,9 +28,9 @@ async function createTransactionMeta(authClient) {
   return authClient.token.prepareTokenParams();
 }
 
-function transactionMetaExist(authClient) {
-  if (authClient.transactionManager.exists()) {
-    const existing = authClient.transactionManager.load();
+function transactionMetaExist(authClient, options) {
+  if (authClient.transactionManager.exists(options)) {
+    const existing = authClient.transactionManager.load(options);
 
     if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {
       return true;
@@ -37,15 +38,27 @@ function transactionMetaExist(authClient) {
   }
 
   return false;
+} // Returns the saved transaction meta, if it exists and is valid, or undefined
+
+
+function getSavedTransactionMeta(authClient, options) {
+  const state = (options === null || options === void 0 ? void 0 : options.state) || authClient.options.state;
+  const existing = authClient.transactionManager.load({
+    state
+  });
+
+  if (existing && isTransactionMetaValid(authClient, existing)) {
+    return existing;
+  }
 }
 
-async function getTransactionMeta(authClient) {
+async function getTransactionMeta(authClient, options) {
   // Load existing transaction meta from storage
-  if (authClient.transactionManager.exists()) {
-    const existing = authClient.transactionManager.load();
+  if (authClient.transactionManager.exists(options)) {
+    const validExistingMeta = getSavedTransactionMeta(authClient, options);
 
-    if (isTransactionMetaValid(authClient, existing)) {
-      return existing;
+    if (validExistingMeta) {
+      return validExistingMeta;
     } // existing meta is not valid for this configuration
     // this is common when changing configuration in local development environment
     // in a production environment, this may indicate that two apps are sharing a storage key
@@ -92,7 +105,9 @@ async function getTransactionMeta(authClient) {
 }
 
 function saveTransactionMeta(authClient, meta) {
-  authClient.transactionManager.save(meta);
+  authClient.transactionManager.save(meta, {
+    muteWarning: true
+  });
 }
 
 function clearTransactionMeta(authClient) {

package/cjs/idx/transactionMeta.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","token","prepareTokenParams","transactionMetaExist","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getTransactionMeta","tokenParams","urls","issuer","options","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","codeVerifier","codeChallengeMethod","codeChallenge","meta","saveTransactionMeta","save","clearTransactionMeta","clear","keys","mismatch","find","key"],"mappings":";;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,qBAAf,CAAqCC,UAArC,EAA2D;AAChE,SAAOA,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAAP;AACD;;AAEM,SAASC,oBAAT,CAA8BH,UAA9B,EAA6D;AAClE,MAAIA,UAAU,CAACI,kBAAX,CAA8BC,MAA9B,EAAJ,EAA4C;AAC1C,UAAMC,QAAQ,GAAGN,UAAU,CAACI,kBAAX,CAA8BG,IAA9B,EAAjB;;AACA,QAAIC,sBAAsB,CAACR,UAAD,EAAaM,QAAb,CAAtB,IAAgDA,QAAQ,CAACG,iBAA7D,EAAgF;AAC9E,aAAO,IAAP;AACD;AACF;;AACD,SAAO,KAAP;AACD;;AAEM,eAAeC,kBAAf,CAAkCV,UAAlC,EAAqF;AAC1F;AACA,MAAIA,UAAU,CAACI,kBAAX,CAA8BC,MAA9B,EAAJ,EAA4C;AAC1C,UAAMC,QAAQ,GAAGN,UAAU,CAACI,kBAAX,CAA8BG,IAA9B,EAAjB;;AACA,QAAIC,sBAAsB,CAACR,UAAD,EAAaM,QAAb,CAA1B,EAAkD;AAChD,aAAOA,QAAP;AACD,KAJyC,CAK1C;AACA;AACA;;;AACA,oBAAK,sEACH,4DADF;AAED,GAZyF,CAc1F;;;AACA,QAAMK,WAAW,GAAG,MAAMX,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAA1B;AACA,QAAMU,IAAI,GAAG,wBAAaZ,UAAb,EAAyBW,WAAzB,CAAb;AACA,QAAME,MAAM,GAAGb,UAAU,CAACc,OAAX,CAAmBD,MAAlC;AACA,QAAM;AACJE,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA,KARI;AASJC,IAAAA,eATI;AAUJC,IAAAA,YAVI;AAWJC,IAAAA,mBAXI;AAYJC,IAAAA;AAZI,MAaFf,WAbJ;AAcA,QAAMgB,IAAI,GAAG;AACXd,IAAAA,MADW;AAEXE,IAAAA,IAFW;AAGXC,IAAAA,QAHW;AAIXC,IAAAA,WAJW;AAKXC,IAAAA,YALW;AAMXC,IAAAA,YANW;AAOXC,IAAAA,MAPW;AAQXC,IAAAA,KARW;AASXC,IAAAA,KATW;AAUXV,IAAAA,IAVW;AAWXW,IAAAA,eAXW;AAYXC,IAAAA,YAZW;AAaXC,IAAAA,mBAbW;AAcXC,IAAAA;AAdW,GAAb;AAgBA,SAAOC,IAAP;AACD;;AAEM,SAASC,mBAAT,CAA8B5B,UAA9B,EAAoD2B,IAApD,EAA0D;AAC/D3B,EAAAA,UAAU,CAACI,kBAAX,CAA8ByB,IAA9B,CAAmCF,IAAnC;AACD;;AAEM,SAASG,oBAAT,CAA+B9B,UAA/B,EAAqD;AAC1DA,EAAAA,UAAU,CAACI,kBAAX,CAA8B2B,KAA9B;AACD,C,CAED;;;AACO,SAASvB,sBAAT,CAAiCR,UAAjC,EAAuD2B,IAAvD,EAA6D;AAClE,QAAMK,IAAI,GAAG,CAAC,QAAD,EAAW,UAAX,EAAuB,aAAvB,CAAb;AACA,QAAMC,QAAQ,GAAGD,IAAI,CAACE,IAAL,CAAUC,GAAG,IAAI;AAChC,WAAOnC,UAAU,CAACc,OAAX,CAAmBqB,GAAnB,MAA4BR,IAAI,CAACQ,GAAD,CAAvC;AACD,GAFgB,CAAjB;AAGA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta } from '../types';\nimport { warn } from '../util';\nimport { getOAuthUrls } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(authClient: OktaAuth) {\n  return authClient.token.prepareTokenParams();\n}\n\nexport function transactionMetaExist(authClient: OktaAuth): boolean {\n  if (authClient.transactionManager.exists()) {\n    const existing = authClient.transactionManager.load() as IdxTransactionMeta;\n    if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {\n      return true;\n    }\n  }\n  return false;\n}\n\nexport async function getTransactionMeta(authClient: OktaAuth): Promise<IdxTransactionMeta> {\n  // Load existing transaction meta from storage\n  if (authClient.transactionManager.exists()) {\n    const existing = authClient.transactionManager.load();\n    if (isTransactionMetaValid(authClient, existing)) {\n      return existing as IdxTransactionMeta;\n    }\n    // existing meta is not valid for this configuration\n    // this is common when changing configuration in local development environment\n    // in a production environment, this may indicate that two apps are sharing a storage key\n    warn('Saved transaction meta does not match the current configuration. ' + \n      'This may indicate that two apps are sharing a storage key.');\n  }\n\n  // Calculate new values\n  const tokenParams = await authClient.token.prepareTokenParams();\n  const urls = getOAuthUrls(authClient, tokenParams);\n  const issuer = authClient.options.issuer;\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    nonce,\n    ignoreSignature,\n    codeVerifier,\n    codeChallengeMethod,\n    codeChallenge,\n  } = tokenParams;\n  const meta = {\n    issuer,\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    nonce,\n    urls,\n    ignoreSignature,\n    codeVerifier,\n    codeChallengeMethod,\n    codeChallenge \n  };\n  return meta;\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta) {\n  authClient.transactionManager.save(meta);\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth) {\n  authClient.transactionManager.clear();\n}\n\n// returns true if values in meta match current authClient options\nexport function isTransactionMetaValid (authClient: OktaAuth, meta) {\n  const keys = ['issuer', 'clientId', 'redirectUri'];\n  const mismatch = keys.find(key => {\n    return authClient.options[key] !== meta[key];\n  });\n  return !mismatch;\n}\n"],"file":"transactionMeta.js"}
+{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","token","prepareTokenParams","transactionMetaExist","options","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getSavedTransactionMeta","state","getTransactionMeta","validExistingMeta","tokenParams","urls","issuer","pkce","clientId","redirectUri","responseType","responseMode","scopes","nonce","ignoreSignature","codeVerifier","codeChallengeMethod","codeChallenge","meta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","mismatch","find","key"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,qBAAf,CAAqCC,UAArC,EAA2D;AAChE,SAAOA,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAAP;AACD;;AAEM,SAASC,oBAAT,CAA8BH,UAA9B,EAAoDI,OAApD,EAA+F;AACpG,MAAIJ,UAAU,CAACK,kBAAX,CAA8BC,MAA9B,CAAqCF,OAArC,CAAJ,EAAmD;AACjD,UAAMG,QAAQ,GAAGP,UAAU,CAACK,kBAAX,CAA8BG,IAA9B,CAAmCJ,OAAnC,CAAjB;;AACA,QAAIK,sBAAsB,CAACT,UAAD,EAAaO,QAAb,CAAtB,IAAgDA,QAAQ,CAACG,iBAA7D,EAAgF;AAC9E,aAAO,IAAP;AACD;AACF;;AACD,SAAO,KAAP;AACD,C,CAED;;;AACO,SAASC,uBAAT,CAAiCX,UAAjC,EAAuDI,OAAvD,EAA6G;AAClH,QAAMQ,KAAK,GAAG,CAAAR,OAAO,SAAP,IAAAA,OAAO,WAAP,YAAAA,OAAO,CAAEQ,KAAT,KAAkBZ,UAAU,CAACI,OAAX,CAAmBQ,KAAnD;AACA,QAAML,QAAQ,GAAGP,UAAU,CAACK,kBAAX,CAA8BG,IAA9B,CAAmC;AAAEI,IAAAA;AAAF,GAAnC,CAAjB;;AACA,MAAIL,QAAQ,IAAIE,sBAAsB,CAACT,UAAD,EAAaO,QAAb,CAAtC,EAA8D;AAC5D,WAAOA,QAAP;AACD;AACF;;AAEM,eAAeM,kBAAf,CACLb,UADK,EAELI,OAFK,EAGwB;AAC7B;AACA,MAAIJ,UAAU,CAACK,kBAAX,CAA8BC,MAA9B,CAAqCF,OAArC,CAAJ,EAAmD;AACjD,UAAMU,iBAAiB,GAAGH,uBAAuB,CAACX,UAAD,EAAaI,OAAb,CAAjD;;AACA,QAAIU,iBAAJ,EAAuB;AACrB,aAAOA,iBAAP;AACD,KAJgD,CAKjD;AACA;AACA;;;AACA,oBAAK,sEACH,4DADF;AAED,GAZ4B,CAc7B;;;AACA,QAAMC,WAAW,GAAG,MAAMf,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAA1B;AACA,QAAMc,IAAI,GAAG,wBAAahB,UAAb,EAAyBe,WAAzB,CAAb;AACA,QAAME,MAAM,GAAGjB,UAAU,CAACI,OAAX,CAAmBa,MAAlC;AACA,QAAM;AACJC,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJX,IAAAA,KAPI;AAQJY,IAAAA,KARI;AASJC,IAAAA,eATI;AAUJC,IAAAA,YAVI;AAWJC,IAAAA,mBAXI;AAYJC,IAAAA;AAZI,MAaFb,WAbJ;AAcA,QAAMc,IAAI,GAAG;AACXZ,IAAAA,MADW;AAEXC,IAAAA,IAFW;AAGXC,IAAAA,QAHW;AAIXC,IAAAA,WAJW;AAKXC,IAAAA,YALW;AAMXC,IAAAA,YANW;AAOXC,IAAAA,MAPW;AAQXX,IAAAA,KARW;AASXY,IAAAA,KATW;AAUXR,IAAAA,IAVW;AAWXS,IAAAA,eAXW;AAYXC,IAAAA,YAZW;AAaXC,IAAAA,mBAbW;AAcXC,IAAAA;AAdW,GAAb;AAgBA,SAAOC,IAAP;AACD;;AAEM,SAASC,mBAAT,CAA8B9B,UAA9B,EAAoD6B,IAApD,EAA0D;AAC/D7B,EAAAA,UAAU,CAACK,kBAAX,CAA8B0B,IAA9B,CAAmCF,IAAnC,EAAyC;AAAEG,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;;AAEM,SAASC,oBAAT,CAA+BjC,UAA/B,EAAqD;AAC1DA,EAAAA,UAAU,CAACK,kBAAX,CAA8B6B,KAA9B;AACD,C,CAED;;;AACO,SAASzB,sBAAT,CAAiCT,UAAjC,EAAuD6B,IAAvD,EAA6D;AAClE,QAAMM,IAAI,GAAG,CAAC,QAAD,EAAW,UAAX,EAAuB,aAAvB,CAAb;AACA,QAAMC,QAAQ,GAAGD,IAAI,CAACE,IAAL,CAAUC,GAAG,IAAI;AAChC,WAAOtC,UAAU,CAACI,OAAX,CAAmBkC,GAAnB,MAA4BT,IAAI,CAACS,GAAD,CAAvC;AACD,GAFgB,CAAjB;AAGA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta, TransactionMetaOptions } from '../types';\nimport { warn } from '../util';\nimport { getOAuthUrls } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(authClient: OktaAuth) {\n  return authClient.token.prepareTokenParams();\n}\n\nexport function transactionMetaExist(authClient: OktaAuth, options?: TransactionMetaOptions): boolean {\n  if (authClient.transactionManager.exists(options)) {\n    const existing = authClient.transactionManager.load(options) as IdxTransactionMeta;\n    if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {\n      return true;\n    }\n  }\n  return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid, or undefined\nexport function getSavedTransactionMeta(authClient: OktaAuth, options?: TransactionMetaOptions): IdxTransactionMeta {\n  const state = options?.state || authClient.options.state;\n  const existing = authClient.transactionManager.load({ state }) as IdxTransactionMeta;\n  if (existing && isTransactionMetaValid(authClient, existing)) {\n    return existing;\n  }\n}\n\nexport async function getTransactionMeta(\n  authClient: OktaAuth,\n  options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n  // Load existing transaction meta from storage\n  if (authClient.transactionManager.exists(options)) {\n    const validExistingMeta = getSavedTransactionMeta(authClient, options);\n    if (validExistingMeta) {\n      return validExistingMeta;\n    }\n    // existing meta is not valid for this configuration\n    // this is common when changing configuration in local development environment\n    // in a production environment, this may indicate that two apps are sharing a storage key\n    warn('Saved transaction meta does not match the current configuration. ' + \n      'This may indicate that two apps are sharing a storage key.');\n  }\n\n  // Calculate new values\n  const tokenParams = await authClient.token.prepareTokenParams();\n  const urls = getOAuthUrls(authClient, tokenParams);\n  const issuer = authClient.options.issuer;\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    nonce,\n    ignoreSignature,\n    codeVerifier,\n    codeChallengeMethod,\n    codeChallenge,\n  } = tokenParams;\n  const meta = {\n    issuer,\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    nonce,\n    urls,\n    ignoreSignature,\n    codeVerifier,\n    codeChallengeMethod,\n    codeChallenge \n  };\n  return meta;\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta) {\n  authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth) {\n  authClient.transactionManager.clear();\n}\n\n// returns true if values in meta match current authClient options\nexport function isTransactionMetaValid (authClient: OktaAuth, meta) {\n  const keys = ['issuer', 'clientId', 'redirectUri'];\n  const mismatch = keys.find(key => {\n    return authClient.options[key] !== meta[key];\n  });\n  return !mismatch;\n}\n"],"file":"transactionMeta.js"}

package/cjs/idx/types/idx-js.js

@@ -1,6 +1,7 @@
 "use strict";
 
 exports.isRawIdxResponse = isRawIdxResponse;
+exports.isIdxResponse = isIdxResponse;
 
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
@@ -18,4 +19,8 @@ exports.isRawIdxResponse = isRawIdxResponse;
 function isRawIdxResponse(obj) {
   return obj && obj.version;
 }
+
+function isIdxResponse(obj) {
+  return obj && isRawIdxResponse(obj.rawIdxState);
+}
 //# sourceMappingURL=idx-js.js.map

package/cjs/idx/types/idx-js.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/types/idx-js.ts"],"names":["isRawIdxResponse","obj","version"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA;AA0EA;AAaO,SAASA,gBAAT,CAA0BC,GAA1B,EAA2D;AAChE,SAAOA,GAAG,IAAIA,GAAG,CAACC,OAAlB;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface IdxAuthenticatorMethod {\n  type: string;\n}\nexport interface IdxAuthenticator {\n  displayName: string;\n  id: string;\n  key: string;\n  methods: IdxAuthenticatorMethod[];\n  type: string;\n  settings?: {\n    complexity?: unknown;\n    age?: unknown;\n  };\n}\n\nexport interface IdxForm {\n  value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n  value: string | { form: IdxForm };\n  label: string;\n  relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n  id: string;\n  name: string;\n}\n\nexport interface IdxRemediationValue {\n  name: string;\n  type?: string;\n  required?: boolean;\n  secret?: boolean;\n  value?: string;\n  label?: string;\n  form?: IdxForm;\n  options?: IdxOption[];\n  messages?: IdxMessages;\n  minLength?: number;\n  maxLength?: number;\n}\n\nexport interface IdxRemediation {\n  name: string;\n  label?: string;\n  value?: IdxRemediationValue[];\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  idp?: IdpConfig;\n  href?: string;\n  method?: string;\n  type?: string;\n}\n\nexport interface IdxMessage {\n  message: string;\n  class: string;\n  i18n: {\n    key: string;\n    params?: unknown[];\n  };\n}\n\nexport interface IdxMessages {\n  type: 'array';\n  value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n  version: string;\n  stateHandle: string;\n  intent?: string;\n  expiresAt?: string;\n  remediation?: {\n    type: 'array';\n    value: IdxRemediation[];\n  };\n  messages?: IdxMessages;\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n  return obj && obj.version;\n}\n\n\nexport interface IdxActions {\n  [key: string]: Function;\n}\n\n// Object returned from idx-js\nexport interface IdxResponse {\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  toPersist: {\n    interactionHandle?: string;\n  };\n}\n"],"file":"idx-js.js"}
+{"version":3,"sources":["../../../../lib/idx/types/idx-js.ts"],"names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA;AA2EA;AAaO,SAASA,gBAAT,CAA0BC,GAA1B,EAA2D;AAChE,SAAOA,GAAG,IAAIA,GAAG,CAACC,OAAlB;AACD;;AAmBM,SAASC,aAAT,CAAuBF,GAAvB,EAAqD;AAC1D,SAAOA,GAAG,IAAID,gBAAgB,CAACC,GAAG,CAACG,WAAL,CAA9B;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface IdxAuthenticatorMethod {\n  type: string;\n}\nexport interface IdxAuthenticator {\n  displayName: string;\n  id: string;\n  key: string;\n  methods: IdxAuthenticatorMethod[];\n  type: string;\n  settings?: {\n    complexity?: unknown;\n    age?: unknown;\n  };\n  contextualData?: unknown;\n}\n\nexport interface IdxForm {\n  value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n  value: string | { form: IdxForm };\n  label: string;\n  relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n  id: string;\n  name: string;\n}\n\nexport interface IdxRemediationValue {\n  name: string;\n  type?: string;\n  required?: boolean;\n  secret?: boolean;\n  value?: string;\n  label?: string;\n  form?: IdxForm;\n  options?: IdxOption[];\n  messages?: IdxMessages;\n  minLength?: number;\n  maxLength?: number;\n}\n\nexport interface IdxRemediation {\n  name: string;\n  label?: string;\n  value?: IdxRemediationValue[];\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  idp?: IdpConfig;\n  href?: string;\n  method?: string;\n  type?: string;\n}\n\nexport interface IdxMessage {\n  message: string;\n  class: string;\n  i18n: {\n    key: string;\n    params?: unknown[];\n  };\n}\n\nexport interface IdxMessages {\n  type: 'array';\n  value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n  version: string;\n  stateHandle: string;\n  intent?: string;\n  expiresAt?: string;\n  remediation?: {\n    type: 'array';\n    value: IdxRemediation[];\n  };\n  messages?: IdxMessages;\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n  return obj && obj.version;\n}\n\n\nexport interface IdxActions {\n  [key: string]: Function;\n}\n\n// Object returned from idx-js\nexport interface IdxResponse {\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  toPersist: {\n    interactionHandle?: string;\n  };\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n  return obj && isRawIdxResponse(obj.rawIdxState);\n}\n"],"file":"idx-js.js"}

package/cjs/idx/types/index.js

@@ -30,7 +30,7 @@ Object.defineProperty(exports, "CancelOptions", {
     return _cancel.CancelOptions;
   }
 });
-exports.IdxFeature = exports.IdxStatus = void 0;
+exports.IdxFeature = exports.AuthenticatorKey = exports.IdxStatus = void 0;
 
 var _idxJs = require("./idx-js");
 
@@ -57,13 +57,24 @@ let IdxStatus;
 exports.IdxStatus = IdxStatus;
 
 (function (IdxStatus) {
-  IdxStatus[IdxStatus["SUCCESS"] = 0] = "SUCCESS";
-  IdxStatus[IdxStatus["PENDING"] = 1] = "PENDING";
-  IdxStatus[IdxStatus["FAILURE"] = 2] = "FAILURE";
-  IdxStatus[IdxStatus["TERMINAL"] = 3] = "TERMINAL";
-  IdxStatus[IdxStatus["CANCELED"] = 4] = "CANCELED";
+  IdxStatus["SUCCESS"] = "SUCCESS";
+  IdxStatus["PENDING"] = "PENDING";
+  IdxStatus["FAILURE"] = "FAILURE";
+  IdxStatus["TERMINAL"] = "TERMINAL";
+  IdxStatus["CANCELED"] = "CANCELED";
 })(IdxStatus || (exports.IdxStatus = IdxStatus = {}));
 
+let AuthenticatorKey;
+exports.AuthenticatorKey = AuthenticatorKey;
+
+(function (AuthenticatorKey) {
+  AuthenticatorKey["OKTA_PASSWORD"] = "okta_password";
+  AuthenticatorKey["OKTA_EMAIL"] = "okta_email";
+  AuthenticatorKey["OKTA_VERIFIER"] = "okta_verifier";
+  AuthenticatorKey["PHONE_NUMBER"] = "phone_number";
+  AuthenticatorKey["GOOGLE_AUTHENTICATOR"] = "google_otp";
+})(AuthenticatorKey || (exports.AuthenticatorKey = AuthenticatorKey = {}));
+
 let IdxFeature;
 exports.IdxFeature = IdxFeature;
 

package/cjs/idx/types/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxStatus","IdxFeature"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA;;AACA;;AACA;;AACA;;AACA;;AAtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IAcYA,S;;;WAAAA,S;AAAAA,EAAAA,S,CAAAA,S;AAAAA,EAAAA,S,CAAAA,S;AAAAA,EAAAA,S,CAAAA,S;AAAAA,EAAAA,S,CAAAA,S;AAAAA,EAAAA,S,CAAAA,S;GAAAA,S,yBAAAA,S;;IAsBAC,U;;;WAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;GAAAA,U,0BAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { APIError, Tokens } from '../../types';\nimport { IdxTransactionMeta } from '../../types/Transaction';\nimport { IdxMessage, IdxOption } from './idx-js';\n\nexport { IdxMessage } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { CancelOptions } from '../cancel';\n\nexport enum IdxStatus {\n  SUCCESS,\n  PENDING,\n  FAILURE,\n  TERMINAL,\n  CANCELED,\n}\n\ntype Input = {\n  name: string;\n  required?: boolean;\n}\n\nexport type NextStep = {\n  name: string;\n  type?: string;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  options?: IdxOption[];\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY,\n  REGISTRATION,\n  SOCIAL_IDP,\n}\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n}\n\nexport type IdxOptions = InteractOptions;\n\nexport type Authenticator = {\n  type: string;\n  methodType?: string;\n  phoneNumber?: string;\n};\n"],"file":"index.js"}
+{"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA;;AACA;;AACA;;AACA;;AACA;;AAtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IAcYA,S;;;WAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,yBAAAA,S;;IAQAC,gB;;;WAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,gCAAAA,gB;;IAyBAC,U;;;WAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;GAAAA,U,0BAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { APIError, Tokens } from '../../types';\nimport { IdxTransactionMeta } from '../../types/Transaction';\nimport { IdxAuthenticator, IdxMessage, IdxOption, IdxResponse } from './idx-js';\n\nexport { IdxMessage } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { CancelOptions } from '../cancel';\n\nexport enum IdxStatus {\n  SUCCESS = 'SUCCESS',\n  PENDING = 'PENDING',\n  FAILURE = 'FAILURE',\n  TERMINAL = 'TERMINAL',\n  CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n  OKTA_PASSWORD = 'okta_password',\n  OKTA_EMAIL = 'okta_email',\n  OKTA_VERIFIER = 'okta_verifier',\n  PHONE_NUMBER = 'phone_number',\n  GOOGLE_AUTHENTICATOR = 'google_otp',\n}\n\nexport type Input = {\n  name: string;\n  label?: string;\n  value?: string;\n  secret?: boolean;\n  required?: boolean;\n}\n\nexport type NextStep = {\n  name: string;\n  authenticator?: IdxAuthenticator;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  options?: IdxOption[];\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY,\n  REGISTRATION,\n  SOCIAL_IDP,\n}\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  _idxResponse?: IdxResponse; // Temporary for widget conversion. Will not be supported long-term. OKTA-418165\n}\n\nexport type IdxOptions = InteractOptions;\n\nexport type Authenticator = {\n  key: string;\n  methodType?: string;\n  phoneNumber?: string;\n};\n"],"file":"index.js"}

package/cjs/oidc/getToken.js

@@ -86,7 +86,11 @@ function getToken(sdk, options) {
     return Promise.reject(new _AuthSdkError.default('As of version 3.0, "getToken" takes only a single set of options'));
   }
 
-  options = options || {};
+  options = options || {}; // window object cannot be serialized, save for later use
+  // TODO: move popup related params into a separate options object
+
+  const popupWindow = options.popupWindow;
+  options.popupWindow = undefined;
   return (0, _prepareTokenParams.prepareTokenParams)(sdk, options).then(function (tokenParams) {
     // Start overriding any options that don't make sense
     var sessionTokenOverrides = {
@@ -145,17 +149,18 @@ function getToken(sdk, options) {
           }
 
           oauthPromise = (0, _util.addPostMessageListener)(sdk, options.timeout, tokenParams.state);
-        } // Create the window
+        } // Redirect for authorization
+        // popupWindown can be null when popup is blocked
+
 
+        if (popupWindow) {
+          popupWindow.location.assign(requestUrl);
+        } // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
 
-        var windowOptions = {
-          popupTitle: options.popupTitle
-        };
-        var windowEl = (0, _util.loadPopup)(requestUrl, windowOptions); // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
 
         var popupPromise = new Promise(function (resolve, reject) {
           var closePoller = setInterval(function () {
-            if (!windowEl || windowEl.closed) {
+            if (!popupWindow || popupWindow.closed) {
               clearInterval(closePoller);
               reject(new _AuthSdkError.default('Unable to parse OAuth flow response'));
             }
@@ -172,8 +177,8 @@ function getToken(sdk, options) {
         return popupPromise.then(function (res) {
           return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, tokenParams, res, urls);
         }).finally(function () {
-          if (windowEl && !windowEl.closed) {
-            windowEl.close();
+          if (popupWindow && !popupWindow.closed) {
+            popupWindow.close();
           }
         });
 

package/cjs/oidc/getToken.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","windowOptions","popupTitle","windowEl","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;AAeA;;AAMA;;AAOA;;AACA;;AAEA;;AA9BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAuD;AAC5D,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AAEA,SAAO,4CAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIX,OAAO,CAACa,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIR,OAAO,CAACgB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAapB,GAAb,EAAkBQ,WAAlB,CAAP;AACAW,IAAAA,QAAQ,GAAGlB,OAAO,CAACoB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBX,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuBzB,GAAvB,EAA4BC,OAAO,CAACyB,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB7B,GAApB,EAAyBQ,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACX,GAAG,CAACqC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD8B,UAAAA,YAAY,GAAG,kCAAuBpC,GAAvB,EAA4BC,OAAO,CAACyB,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAAf;AACD,SAVH,CAYE;;;AACA,YAAIY,aAAa,GAAG;AAClBC,UAAAA,UAAU,EAAEvC,OAAO,CAACuC;AADF,SAApB;AAGA,YAAIC,QAAQ,GAAG,qBAAUvB,UAAV,EAAsBqB,aAAtB,CAAf,CAhBF,CAkBE;;AACA,YAAIG,YAAY,GAAG,IAAItC,OAAJ,CAAY,UAAUuC,OAAV,EAAmBtC,MAAnB,EAA2B;AACxD,cAAIuC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACJ,QAAD,IAAaA,QAAQ,CAACK,MAA1B,EAAkC;AAChCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA8B,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBkB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACd,GAAD,CAAP;AACD,WAJH,EAKGmB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,YAAAA,MAAM,CAAC4C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBnC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB7B,GAApB,EAAyBQ,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIW,QAAQ,IAAI,CAACA,QAAQ,CAACK,MAA1B,EAAkC;AAChCL,YAAAA,QAAQ,CAACS,KAAT;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI5C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  loadPopup,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuth,\n  TokenParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Create the window\n          var windowOptions = {\n            popupTitle: options.popupTitle\n          };\n          var windowEl = loadPopup(requestUrl, windowOptions);\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!windowEl || windowEl.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res, urls);\n            })\n            .finally(function () {\n              if (windowEl && !windowEl.closed) {\n                windowEl.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"file":"getToken.js"}
+{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;AAeA;;AAKA;;AAQA;;AACA;;AAEA;;AA9BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,QAAMM,WAAW,GAAGN,OAAO,CAACM,WAA5B;AACAN,EAAAA,OAAO,CAACM,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBR,GAAnB,EAAwBC,OAAxB,EACJQ,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIb,OAAO,CAACe,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIV,OAAO,CAACkB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAatB,GAAb,EAAkBU,WAAlB,CAAP;AACAW,IAAAA,QAAQ,GAAGpB,OAAO,CAACsB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBX,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuB3B,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACb,GAAG,CAACuC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIlC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACDgC,UAAAA,YAAY,GAAG,kCAAuBtC,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAItC,OAAJ,CAAY,UAAUuC,OAAV,EAAmBtC,MAAnB,EAA2B;AACxD,cAAIuC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACAgC,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,YAAAA,MAAM,CAAC4C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI5C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuth,\n  TokenParams,\n  PopupParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"file":"getToken.js"}

package/cjs/oidc/getWithPopup.js

@@ -8,6 +8,8 @@ var _util = require("../util");
 
 var _getToken = require("./getToken");
 
+var _util2 = require("./util");
+
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -23,12 +25,17 @@ var _getToken = require("./getToken");
 function getWithPopup(sdk, options) {
   if (arguments.length > 2) {
     return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
-  }
+  } // some browsers (safari, firefox) block popup if it's initialed from an async process
+  // here we create the popup window immediately after user interaction
+  // then redirect to the /authorize endpoint when the requestUrl is available
+
 
+  const popupWindow = (0, _util2.loadPopup)('/', options);
   options = (0, _util.clone)(options) || {};
   Object.assign(options, {
     display: 'popup',
-    responseMode: 'okta_post_message'
+    responseMode: 'okta_post_message',
+    popupWindow
   });
   return (0, _getToken.getToken)(sdk, options);
 }

package/cjs/oidc/getWithPopup.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","Object","assign","display","responseMode"],"mappings":";;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACAM,EAAAA,MAAM,CAACC,MAAP,CAAcP,OAAd,EAAuB;AACrBQ,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE;AAFO,GAAvB;AAIA,SAAO,wBAASV,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithPopup(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message'\n  });\n  return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
+{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","Object","assign","display","responseMode"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHuF,CAKxF;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeN,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACAO,EAAAA,MAAM,CAACC,MAAP,CAAcR,OAAd,EAAuB;AACrBS,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBJ,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASP,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}

package/cjs/oidc/getWithRedirect.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,SAAO,+BAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,UAAMC,IAAI,GAAG,yBAAaT,GAAb,EAAkBC,OAAlB,CAAb;AACA,UAAMS,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoB,qCAAqBH,WAArB,CAAvC;AACA,UAAMI,MAAM,GAAGZ,GAAG,CAACC,OAAJ,CAAYW,MAA3B,CAHwC,CAKxC;;AACA,UAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ;AAaA,UAAMe,SAA0B,GAAG;AACjCX,MAAAA,MADiC;AAEjCC,MAAAA,YAFiC;AAGjCC,MAAAA,KAHiC;AAIjCC,MAAAA,KAJiC;AAKjCC,MAAAA,MALiC;AAMjCC,MAAAA,QANiC;AAOjCR,MAAAA,IAPiC;AAQjCS,MAAAA,eARiC;AASjCC,MAAAA,WATiC;AAUjCC,MAAAA,YAViC;AAWjCC,MAAAA,aAXiC;AAYjCC,MAAAA;AAZiC,KAAnC;AAeAtB,IAAAA,GAAG,CAACwB,kBAAJ,CAAuBC,IAAvB,CAA4BF,SAA5B,EAAuC;AAAEG,MAAAA,KAAK,EAAE;AAAT,KAAvC;;AACA1B,IAAAA,GAAG,CAAC2B,KAAJ,CAAU5B,eAAV,CAA0B6B,YAA1B,CAAuClB,UAAvC;AACD,GArCI,CAAP;AAsCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TransactionMeta } from '../types';\nimport { clone } from '../util';\nimport { getOAuthUrls, prepareTokenParams } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function getWithRedirect(sdk: OktaAuth, options: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n      const urls = getOAuthUrls(sdk, options);\n      const requestUrl = urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n      const issuer = sdk.options.issuer;\n\n      // Gather the values we want to save in the transaction\n      const {\n        responseType,\n        state,\n        nonce,\n        scopes,\n        clientId,\n        ignoreSignature,\n        redirectUri,\n        codeVerifier,\n        codeChallenge,\n        codeChallengeMethod,\n      } = tokenParams;\n\n      const oauthMeta: TransactionMeta = {\n        issuer,\n        responseType,\n        state,\n        nonce,\n        scopes,\n        clientId,\n        urls,\n        ignoreSignature,\n        redirectUri,\n        codeVerifier,\n        codeChallenge,\n        codeChallengeMethod,\n      };\n\n      sdk.transactionManager.save(oauthMeta, { oauth: true });\n      sdk.token.getWithRedirect._setLocation(requestUrl);\n    });\n}\n"],"file":"getWithRedirect.js"}
+{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,SAAO,+BAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,UAAMC,IAAI,GAAG,yBAAaT,GAAb,EAAkBC,OAAlB,CAAb;AACA,UAAMS,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoB,qCAAqBH,WAArB,CAAvC;AACA,UAAMI,MAAM,GAAGZ,GAAG,CAACC,OAAJ,CAAYW,MAA3B,CAHwC,CAKxC;;AACA,UAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ;AAaA,UAAMe,SAA0B,GAAG;AACjCX,MAAAA,MADiC;AAEjCC,MAAAA,YAFiC;AAGjCC,MAAAA,KAHiC;AAIjCC,MAAAA,KAJiC;AAKjCC,MAAAA,MALiC;AAMjCC,MAAAA,QANiC;AAOjCR,MAAAA,IAPiC;AAQjCS,MAAAA,eARiC;AASjCC,MAAAA,WATiC;AAUjCC,MAAAA,YAViC;AAWjCC,MAAAA,aAXiC;AAYjCC,MAAAA;AAZiC,KAAnC;AAeAtB,IAAAA,GAAG,CAACwB,kBAAJ,CAAuBC,IAAvB,CAA4BF,SAA5B,EAAuC;AAAEG,MAAAA,KAAK,EAAE;AAAT,KAAvC;;AACA1B,IAAAA,GAAG,CAAC2B,KAAJ,CAAU5B,eAAV,CAA0B6B,YAA1B,CAAuClB,UAAvC;AACD,GArCI,CAAP;AAsCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TransactionMeta } from '../types';\nimport { clone } from '../util';\nimport { getOAuthUrls, prepareTokenParams } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function getWithRedirect(sdk: OktaAuth, options: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n      const urls = getOAuthUrls(sdk, options);\n      const requestUrl = urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n      const issuer = sdk.options.issuer;\n\n      // Gather the values we want to save in the transaction\n      const {\n        responseType,\n        state,\n        nonce,\n        scopes,\n        clientId,\n        ignoreSignature,\n        redirectUri,\n        codeVerifier,\n        codeChallenge,\n        codeChallengeMethod,\n      } = tokenParams;\n\n      const oauthMeta: TransactionMeta = {\n        issuer,\n        responseType,\n        state,\n        nonce,\n        scopes,\n        clientId,\n        urls,\n        ignoreSignature,\n        redirectUri,\n        codeVerifier,\n        codeChallenge,\n        codeChallengeMethod\n      };\n\n      sdk.transactionManager.save(oauthMeta, { oauth: true });\n      sdk.token.getWithRedirect._setLocation(requestUrl);\n    });\n}\n"],"file":"getWithRedirect.js"}