@okta/okta-auth-js 5.5.0 → 5.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +66 -4
- package/README.md +61 -15
- package/cjs/AuthStateManager.js +5 -0
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +78 -29
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/StorageManager.js +16 -0
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TransactionManager.js +49 -9
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/builderUtil.js +6 -0
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/constants.js +5 -1
- package/cjs/constants.js.map +1 -1
- package/cjs/features.js +1 -1
- package/cjs/features.js.map +1 -1
- package/cjs/idx/authenticate.js +3 -18
- package/cjs/idx/authenticate.js.map +1 -1
- package/cjs/idx/flow/AuthenticationFlow.js +30 -0
- package/cjs/idx/flow/AuthenticationFlow.js.map +1 -0
- package/cjs/idx/{flowMonitors → flow}/AuthenticationFlowMonitor.js +0 -0
- package/cjs/idx/flow/AuthenticationFlowMonitor.js.map +1 -0
- package/cjs/idx/{flowMonitors → flow}/FlowMonitor.js +0 -0
- package/cjs/idx/flow/FlowMonitor.js.map +1 -0
- package/cjs/idx/flow/FlowSpecification.js +49 -0
- package/cjs/idx/flow/FlowSpecification.js.map +1 -0
- package/cjs/idx/flow/PasswordRecoveryFlow.js +28 -0
- package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -0
- package/cjs/idx/{flowMonitors → flow}/PasswordRecoveryFlowMonitor.js +0 -0
- package/cjs/idx/flow/PasswordRecoveryFlowMonitor.js.map +1 -0
- package/{esm/crypto/browser.js → cjs/idx/flow/RegistrationFlow.js} +15 -12
- package/cjs/idx/flow/RegistrationFlow.js.map +1 -0
- package/cjs/idx/{flowMonitors → flow}/RegistrationFlowMonitor.js +0 -0
- package/cjs/idx/flow/RegistrationFlowMonitor.js.map +1 -0
- package/cjs/idx/flow/RemediationFlow.js +2 -0
- package/{esm/types/Cookies.js.map → cjs/idx/flow/RemediationFlow.js.map} +1 -1
- package/cjs/idx/flow/index.js +119 -0
- package/cjs/idx/flow/index.js.map +1 -0
- package/cjs/idx/index.js +26 -0
- package/cjs/idx/index.js.map +1 -1
- package/cjs/idx/interact.js +5 -2
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +24 -7
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/proceed.js +49 -0
- package/cjs/idx/proceed.js.map +1 -0
- package/cjs/idx/recoverPassword.js +3 -17
- package/cjs/idx/recoverPassword.js.map +1 -1
- package/cjs/idx/register.js +7 -16
- package/cjs/idx/register.js.map +1 -1
- package/cjs/idx/remediate.js +46 -52
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +7 -7
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +13 -7
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +6 -6
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +18 -14
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +14 -0
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/Identify.js +7 -3
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/run.js +36 -8
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/startTransaction.js +2 -0
- package/cjs/idx/startTransaction.js.map +1 -1
- package/cjs/idx/transactionMeta.js +80 -40
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/FlowIdentifier.js +2 -0
- package/{esm/types/AuthState.js.map → cjs/idx/types/FlowIdentifier.js.map} +1 -1
- package/cjs/idx/types/idx-js.js +5 -0
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +33 -6
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/oidc/endpoints/authorize.js +4 -1
- package/cjs/oidc/endpoints/authorize.js.map +1 -1
- package/cjs/oidc/getToken.js +14 -9
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getWithPopup.js +9 -2
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js +59 -20
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewTokens.js +28 -5
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/util/browser.js +1 -13
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +9 -5
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/urlParams.js +1 -1
- package/cjs/oidc/util/urlParams.js.map +1 -1
- package/cjs/options.js +15 -2
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +2 -1
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +1 -3
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/api.js +3 -0
- package/cjs/tx/api.js.map +1 -1
- package/cjs/types/Transaction.js.map +1 -1
- package/{esm/clock.js → cjs/util/emailVerify.js} +14 -18
- package/cjs/util/emailVerify.js.map +1 -0
- package/cjs/util/index.js +13 -0
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/sharedStorage.js +54 -0
- package/cjs/util/sharedStorage.js.map +1 -0
- package/dist/okta-auth-js.min.js +2 -74
- package/dist/okta-auth-js.min.js.LICENSE.txt +32 -0
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.polyfill.js +2 -18
- package/{esm/crypto/webcrypto.js → dist/okta-auth-js.polyfill.js.LICENSE.txt} +8 -4
- package/dist/okta-auth-js.polyfill.js.map +1 -1
- package/dist/okta-auth-js.umd.js +2 -74
- package/dist/okta-auth-js.umd.js.LICENSE.txt +32 -0
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/index.js +8368 -16
- package/esm/index.js.map +1 -1
- package/lib/AuthStateManager.d.ts +4 -2
- package/lib/OktaAuth.d.ts +9 -5
- package/lib/StorageManager.d.ts +2 -0
- package/lib/TransactionManager.d.ts +6 -1
- package/lib/constants.d.ts +2 -0
- package/lib/crypto/base64.d.ts +2 -2
- package/lib/crypto/oidcHash.d.ts +1 -1
- package/lib/crypto/verifyToken.d.ts +1 -1
- package/{esm/oidc/endpoints/index.js → lib/idx/flow/AuthenticationFlow.d.ts} +3 -5
- package/lib/idx/{flowMonitors → flow}/AuthenticationFlowMonitor.d.ts +0 -0
- package/lib/idx/{flowMonitors → flow}/FlowMonitor.d.ts +0 -0
- package/lib/idx/flow/FlowSpecification.d.ts +10 -0
- package/{esm/crypto/index.js → lib/idx/flow/PasswordRecoveryFlow.d.ts} +3 -6
- package/lib/idx/{flowMonitors → flow}/PasswordRecoveryFlowMonitor.d.ts +0 -0
- package/{esm/tx/TransactionState.js → lib/idx/flow/RegistrationFlow.d.ts} +3 -3
- package/lib/idx/{flowMonitors → flow}/RegistrationFlowMonitor.d.ts +0 -0
- package/lib/idx/flow/RemediationFlow.d.ts +13 -0
- package/lib/idx/{flowMonitors → flow}/index.d.ts +7 -2
- package/lib/idx/index.d.ts +2 -0
- package/lib/idx/introspect.d.ts +2 -1
- package/{esm/errors/AuthApiError.js → lib/idx/proceed.d.ts} +9 -19
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +2 -5
- package/lib/idx/remediators/Base/Remediator.d.ts +3 -6
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +3 -6
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +1 -1
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -0
- package/lib/idx/remediators/Identify.d.ts +2 -5
- package/lib/idx/run.d.ts +9 -9
- package/lib/idx/transactionMeta.d.ts +28 -4
- package/lib/idx/types/FlowIdentifier.d.ts +1 -0
- package/lib/idx/types/idx-js.d.ts +5 -0
- package/lib/idx/types/index.d.ts +28 -10
- package/lib/oidc/getToken.d.ts +2 -2
- package/lib/oidc/parseFromUrl.d.ts +4 -1
- package/lib/oidc/renewTokens.d.ts +0 -12
- package/lib/oidc/util/loginRedirect.d.ts +1 -1
- package/lib/types/AuthState.d.ts +1 -0
- package/lib/types/OktaAuthOptions.d.ts +3 -1
- package/lib/types/Transaction.d.ts +7 -1
- package/lib/types/api.d.ts +21 -5
- package/{esm/errors/AuthPollStopError.js → lib/util/emailVerify.d.ts} +5 -8
- package/lib/util/index.d.ts +1 -0
- package/lib/util/sharedStorage.d.ts +6 -0
- package/package.json +26 -13
- package/cjs/idx/flowMonitors/AuthenticationFlowMonitor.js.map +0 -1
- package/cjs/idx/flowMonitors/FlowMonitor.js.map +0 -1
- package/cjs/idx/flowMonitors/PasswordRecoveryFlowMonitor.js.map +0 -1
- package/cjs/idx/flowMonitors/RegistrationFlowMonitor.js.map +0 -1
- package/cjs/idx/flowMonitors/index.js +0 -54
- package/cjs/idx/flowMonitors/index.js.map +0 -1
- package/esm/AuthStateManager.js +0 -209
- package/esm/AuthStateManager.js.map +0 -1
- package/esm/OktaAuth.js +0 -665
- package/esm/OktaAuth.js.map +0 -1
- package/esm/OktaUserAgent.js +0 -49
- package/esm/OktaUserAgent.js.map +0 -1
- package/esm/PromiseQueue.js +0 -71
- package/esm/PromiseQueue.js.map +0 -1
- package/esm/SavedObject.js +0 -91
- package/esm/SavedObject.js.map +0 -1
- package/esm/StorageManager.js +0 -174
- package/esm/StorageManager.js.map +0 -1
- package/esm/TokenManager.js +0 -455
- package/esm/TokenManager.js.map +0 -1
- package/esm/TransactionManager.js +0 -289
- package/esm/TransactionManager.js.map +0 -1
- package/esm/browser/browserStorage.js +0 -256
- package/esm/browser/browserStorage.js.map +0 -1
- package/esm/browser/fingerprint.js +0 -74
- package/esm/browser/fingerprint.js.map +0 -1
- package/esm/builderUtil.js +0 -50
- package/esm/builderUtil.js.map +0 -1
- package/esm/clock.js.map +0 -1
- package/esm/constants.js +0 -34
- package/esm/constants.js.map +0 -1
- package/esm/crypto/base64.js +0 -66
- package/esm/crypto/base64.js.map +0 -1
- package/esm/crypto/browser.js.map +0 -1
- package/esm/crypto/index.js.map +0 -1
- package/esm/crypto/node.js +0 -54
- package/esm/crypto/node.js.map +0 -1
- package/esm/crypto/oidcHash.js +0 -27
- package/esm/crypto/oidcHash.js.map +0 -1
- package/esm/crypto/verifyToken.js +0 -39
- package/esm/crypto/verifyToken.js.map +0 -1
- package/esm/crypto/webcrypto.js.map +0 -1
- package/esm/errors/AuthApiError.js.map +0 -1
- package/esm/errors/AuthPollStopError.js.map +0 -1
- package/esm/errors/AuthSdkError.js +0 -29
- package/esm/errors/AuthSdkError.js.map +0 -1
- package/esm/errors/CustomError.js +0 -21
- package/esm/errors/CustomError.js.map +0 -1
- package/esm/errors/OAuthError.js +0 -22
- package/esm/errors/OAuthError.js.map +0 -1
- package/esm/errors/index.js +0 -22
- package/esm/errors/index.js.map +0 -1
- package/esm/features.js +0 -64
- package/esm/features.js.map +0 -1
- package/esm/fetch/fetchRequest.js +0 -92
- package/esm/fetch/fetchRequest.js.map +0 -1
- package/esm/http/headers.js +0 -17
- package/esm/http/headers.js.map +0 -1
- package/esm/http/index.js +0 -3
- package/esm/http/index.js.map +0 -1
- package/esm/http/request.js +0 -145
- package/esm/http/request.js.map +0 -1
- package/esm/idx/authenticate.js +0 -47
- package/esm/idx/authenticate.js.map +0 -1
- package/esm/idx/cancel.js +0 -32
- package/esm/idx/cancel.js.map +0 -1
- package/esm/idx/flowMonitors/AuthenticationFlowMonitor.js +0 -41
- package/esm/idx/flowMonitors/AuthenticationFlowMonitor.js.map +0 -1
- package/esm/idx/flowMonitors/FlowMonitor.js +0 -73
- package/esm/idx/flowMonitors/FlowMonitor.js.map +0 -1
- package/esm/idx/flowMonitors/PasswordRecoveryFlowMonitor.js +0 -57
- package/esm/idx/flowMonitors/PasswordRecoveryFlowMonitor.js.map +0 -1
- package/esm/idx/flowMonitors/RegistrationFlowMonitor.js +0 -28
- package/esm/idx/flowMonitors/RegistrationFlowMonitor.js.map +0 -1
- package/esm/idx/flowMonitors/index.js +0 -16
- package/esm/idx/flowMonitors/index.js.map +0 -1
- package/esm/idx/handleInteractionCodeRedirect.js +0 -64
- package/esm/idx/handleInteractionCodeRedirect.js.map +0 -1
- package/esm/idx/headers.js +0 -39
- package/esm/idx/headers.js.map +0 -1
- package/esm/idx/index.js +0 -20
- package/esm/idx/index.js.map +0 -1
- package/esm/idx/interact.js +0 -83
- package/esm/idx/interact.js.map +0 -1
- package/esm/idx/introspect.js +0 -45
- package/esm/idx/introspect.js.map +0 -1
- package/esm/idx/recoverPassword.js +0 -46
- package/esm/idx/recoverPassword.js.map +0 -1
- package/esm/idx/register.js +0 -63
- package/esm/idx/register.js.map +0 -1
- package/esm/idx/remediate.js +0 -303
- package/esm/idx/remediate.js.map +0 -1
- package/esm/idx/remediators/AuthenticatorEnrollmentData.js +0 -68
- package/esm/idx/remediators/AuthenticatorEnrollmentData.js.map +0 -1
- package/esm/idx/remediators/AuthenticatorVerificationData.js +0 -66
- package/esm/idx/remediators/AuthenticatorVerificationData.js.map +0 -1
- package/esm/idx/remediators/Base/AuthenticatorData.js +0 -105
- package/esm/idx/remediators/Base/AuthenticatorData.js.map +0 -1
- package/esm/idx/remediators/Base/Remediator.js +0 -216
- package/esm/idx/remediators/Base/Remediator.js.map +0 -1
- package/esm/idx/remediators/Base/SelectAuthenticator.js +0 -140
- package/esm/idx/remediators/Base/SelectAuthenticator.js.map +0 -1
- package/esm/idx/remediators/Base/VerifyAuthenticator.js +0 -62
- package/esm/idx/remediators/Base/VerifyAuthenticator.js.map +0 -1
- package/esm/idx/remediators/ChallengeAuthenticator.js +0 -18
- package/esm/idx/remediators/ChallengeAuthenticator.js.map +0 -1
- package/esm/idx/remediators/EnrollAuthenticator.js +0 -18
- package/esm/idx/remediators/EnrollAuthenticator.js.map +0 -1
- package/esm/idx/remediators/EnrollProfile.js +0 -62
- package/esm/idx/remediators/EnrollProfile.js.map +0 -1
- package/esm/idx/remediators/Identify.js +0 -85
- package/esm/idx/remediators/Identify.js.map +0 -1
- package/esm/idx/remediators/ReEnrollAuthenticator.js +0 -45
- package/esm/idx/remediators/ReEnrollAuthenticator.js.map +0 -1
- package/esm/idx/remediators/RedirectIdp.js +0 -38
- package/esm/idx/remediators/RedirectIdp.js.map +0 -1
- package/esm/idx/remediators/ResetAuthenticator.js +0 -18
- package/esm/idx/remediators/ResetAuthenticator.js.map +0 -1
- package/esm/idx/remediators/SelectAuthenticatorAuthenticate.js +0 -18
- package/esm/idx/remediators/SelectAuthenticatorAuthenticate.js.map +0 -1
- package/esm/idx/remediators/SelectAuthenticatorEnroll.js +0 -18
- package/esm/idx/remediators/SelectAuthenticatorEnroll.js.map +0 -1
- package/esm/idx/remediators/SelectEnrollProfile.js +0 -24
- package/esm/idx/remediators/SelectEnrollProfile.js.map +0 -1
- package/esm/idx/remediators/Skip.js +0 -23
- package/esm/idx/remediators/Skip.js.map +0 -1
- package/esm/idx/remediators/index.js +0 -26
- package/esm/idx/remediators/index.js.map +0 -1
- package/esm/idx/remediators/util.js +0 -35
- package/esm/idx/remediators/util.js.map +0 -1
- package/esm/idx/run.js +0 -201
- package/esm/idx/run.js.map +0 -1
- package/esm/idx/startTransaction.js +0 -27
- package/esm/idx/startTransaction.js.map +0 -1
- package/esm/idx/transactionMeta.js +0 -112
- package/esm/idx/transactionMeta.js.map +0 -1
- package/esm/idx/types/idx-js.js +0 -17
- package/esm/idx/types/idx-js.js.map +0 -1
- package/esm/idx/types/index.js +0 -34
- package/esm/idx/types/index.js.map +0 -1
- package/esm/oidc/decodeToken.js +0 -31
- package/esm/oidc/decodeToken.js.map +0 -1
- package/esm/oidc/endpoints/authorize.js +0 -61
- package/esm/oidc/endpoints/authorize.js.map +0 -1
- package/esm/oidc/endpoints/index.js.map +0 -1
- package/esm/oidc/endpoints/token.js +0 -97
- package/esm/oidc/endpoints/token.js.map +0 -1
- package/esm/oidc/endpoints/well-known.js +0 -58
- package/esm/oidc/endpoints/well-known.js.map +0 -1
- package/esm/oidc/exchangeCodeForTokens.js +0 -69
- package/esm/oidc/exchangeCodeForTokens.js.map +0 -1
- package/esm/oidc/getToken.js +0 -175
- package/esm/oidc/getToken.js.map +0 -1
- package/esm/oidc/getUserInfo.js +0 -82
- package/esm/oidc/getUserInfo.js.map +0 -1
- package/esm/oidc/getWithPopup.js +0 -28
- package/esm/oidc/getWithPopup.js.map +0 -1
- package/esm/oidc/getWithRedirect.js +0 -61
- package/esm/oidc/getWithRedirect.js.map +0 -1
- package/esm/oidc/getWithoutPrompt.js +0 -29
- package/esm/oidc/getWithoutPrompt.js.map +0 -1
- package/esm/oidc/handleOAuthResponse.js +0 -148
- package/esm/oidc/handleOAuthResponse.js.map +0 -1
- package/esm/oidc/index.js +0 -29
- package/esm/oidc/index.js.map +0 -1
- package/esm/oidc/parseFromUrl.js +0 -102
- package/esm/oidc/parseFromUrl.js.map +0 -1
- package/esm/oidc/renewToken.js +0 -85
- package/esm/oidc/renewToken.js.map +0 -1
- package/esm/oidc/renewTokens.js +0 -52
- package/esm/oidc/renewTokens.js.map +0 -1
- package/esm/oidc/renewTokensWithRefresh.js +0 -55
- package/esm/oidc/renewTokensWithRefresh.js.map +0 -1
- package/esm/oidc/revokeToken.js +0 -57
- package/esm/oidc/revokeToken.js.map +0 -1
- package/esm/oidc/util/browser.js +0 -85
- package/esm/oidc/util/browser.js.map +0 -1
- package/esm/oidc/util/defaultTokenParams.js +0 -42
- package/esm/oidc/util/defaultTokenParams.js.map +0 -1
- package/esm/oidc/util/errors.js +0 -31
- package/esm/oidc/util/errors.js.map +0 -1
- package/esm/oidc/util/index.js +0 -25
- package/esm/oidc/util/index.js.map +0 -1
- package/esm/oidc/util/loginRedirect.js +0 -84
- package/esm/oidc/util/loginRedirect.js.map +0 -1
- package/esm/oidc/util/oauth.js +0 -70
- package/esm/oidc/util/oauth.js.map +0 -1
- package/esm/oidc/util/pkce.js +0 -55
- package/esm/oidc/util/pkce.js.map +0 -1
- package/esm/oidc/util/prepareTokenParams.js +0 -75
- package/esm/oidc/util/prepareTokenParams.js.map +0 -1
- package/esm/oidc/util/refreshToken.js +0 -24
- package/esm/oidc/util/refreshToken.js.map +0 -1
- package/esm/oidc/util/urlParams.js +0 -54
- package/esm/oidc/util/urlParams.js.map +0 -1
- package/esm/oidc/util/validateClaims.js +0 -53
- package/esm/oidc/util/validateClaims.js.map +0 -1
- package/esm/oidc/util/validateToken.js +0 -21
- package/esm/oidc/util/validateToken.js.map +0 -1
- package/esm/oidc/verifyToken.js +0 -78
- package/esm/oidc/verifyToken.js.map +0 -1
- package/esm/options.js +0 -131
- package/esm/options.js.map +0 -1
- package/esm/server/serverStorage.js +0 -110
- package/esm/server/serverStorage.js.map +0 -1
- package/esm/services/TokenService.js +0 -103
- package/esm/services/TokenService.js.map +0 -1
- package/esm/session.js +0 -81
- package/esm/session.js.map +0 -1
- package/esm/tx/AuthTransaction.js +0 -215
- package/esm/tx/AuthTransaction.js.map +0 -1
- package/esm/tx/TransactionState.js.map +0 -1
- package/esm/tx/api.js +0 -84
- package/esm/tx/api.js.map +0 -1
- package/esm/tx/index.js +0 -18
- package/esm/tx/index.js.map +0 -1
- package/esm/tx/poll.js +0 -124
- package/esm/tx/poll.js.map +0 -1
- package/esm/tx/util.js +0 -26
- package/esm/tx/util.js.map +0 -1
- package/esm/types/AuthState.js +0 -3
- package/esm/types/Cookies.js +0 -3
- package/esm/types/EventEmitter.js +0 -3
- package/esm/types/EventEmitter.js.map +0 -1
- package/esm/types/JWT.js +0 -3
- package/esm/types/JWT.js.map +0 -1
- package/esm/types/OAuth.js +0 -3
- package/esm/types/OAuth.js.map +0 -1
- package/esm/types/OktaAuthOptions.js +0 -3
- package/esm/types/OktaAuthOptions.js.map +0 -1
- package/esm/types/Storage.js +0 -3
- package/esm/types/Storage.js.map +0 -1
- package/esm/types/Token.js +0 -29
- package/esm/types/Token.js.map +0 -1
- package/esm/types/TokenManager.js +0 -3
- package/esm/types/TokenManager.js.map +0 -1
- package/esm/types/Transaction.js +0 -57
- package/esm/types/Transaction.js.map +0 -1
- package/esm/types/UserClaims.js +0 -3
- package/esm/types/UserClaims.js.map +0 -1
- package/esm/types/api.js +0 -3
- package/esm/types/api.js.map +0 -1
- package/esm/types/http.js +0 -3
- package/esm/types/http.js.map +0 -1
- package/esm/types/index.js +0 -27
- package/esm/types/index.js.map +0 -1
- package/esm/util/console.js +0 -53
- package/esm/util/console.js.map +0 -1
- package/esm/util/index.js +0 -17
- package/esm/util/index.js.map +0 -1
- package/esm/util/misc.js +0 -33
- package/esm/util/misc.js.map +0 -1
- package/esm/util/object.js +0 -117
- package/esm/util/object.js.map +0 -1
- package/esm/util/types.js +0 -27
- package/esm/util/types.js.map +0 -1
- package/esm/util/url.js +0 -64
- package/esm/util/url.js.map +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,67 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 5.9.0
|
|
4
|
+
|
|
5
|
+
### Features
|
|
6
|
+
|
|
7
|
+
- [#1004](https://github.com/okta/okta-auth-js/pull/1004) Allows extra query parameters to be added to the `authorize` url
|
|
8
|
+
|
|
9
|
+
### Other
|
|
10
|
+
|
|
11
|
+
- [#1000](https://github.com/okta/okta-auth-js/pull/1000)
|
|
12
|
+
- Fixes broken ES module bundle
|
|
13
|
+
- Updates `browser` field in `package.json` to enable bundlers to use the ES module bundle by default
|
|
14
|
+
|
|
15
|
+
### Fixes
|
|
16
|
+
|
|
17
|
+
- [#1005](https://github.com/okta/okta-auth-js/pull/1005)
|
|
18
|
+
- Handles `rememberMe` boolean in IDX Identify remediation adapter
|
|
19
|
+
- Typescript: Adds `type` field for `Input` type in NextStep object
|
|
20
|
+
- [#1012](https://github.com/okta/okta-auth-js/pull/1012) Fixes null access when crypto is not present
|
|
21
|
+
|
|
22
|
+
## 5.8.0
|
|
23
|
+
|
|
24
|
+
### Features
|
|
25
|
+
|
|
26
|
+
- [#990](https://github.com/okta/okta-auth-js/pull/990) Supports email verify callback
|
|
27
|
+
|
|
28
|
+
## 5.7.0
|
|
29
|
+
|
|
30
|
+
### Features
|
|
31
|
+
|
|
32
|
+
- [#983](https://github.com/okta/okta-auth-js/pull/983) Adds new method `setHeaders`
|
|
33
|
+
- [#990](https://github.com/okta/okta-auth-js/pull/990) Supports email verify callback
|
|
34
|
+
|
|
35
|
+
### Fixes
|
|
36
|
+
|
|
37
|
+
- [#988](https://github.com/okta/okta-auth-js/pull/988) Fixes Safari & Firefox browsers block `getWithPopup` issue
|
|
38
|
+
- [#995](https://github.com/okta/okta-auth-js/pull/995) Sends cookie for `authn` related requests
|
|
39
|
+
- [#985](https://github.com/okta/okta-auth-js/pull/985) Fixes issue with renewTokens that would drop scopes passed to `getToken`
|
|
40
|
+
|
|
41
|
+
### Other
|
|
42
|
+
|
|
43
|
+
- [#981](https://github.com/okta/okta-auth-js/pull/981) TypeScript: Allows optional paramters for IDX methods
|
|
44
|
+
- [#986](https://github.com/okta/okta-auth-js/pull/986) TypeScript: Interface `SignInWithRedirectOptions` should extend `TokenParams`
|
|
45
|
+
- [#992](https://github.com/okta/okta-auth-js/pull/992) TypeScript: Adds fields for `Input` type in NextStep object
|
|
46
|
+
- [#997](https://github.com/okta/okta-auth-js/pull/997) Validates `scopes` config param is an `array`
|
|
47
|
+
|
|
48
|
+
## 5.6.0
|
|
49
|
+
|
|
50
|
+
### Features
|
|
51
|
+
|
|
52
|
+
- [#963](https://github.com/okta/okta-auth-js/pull/963)
|
|
53
|
+
- Adds `getPreviousAuthState` method to `AuthStateManager`
|
|
54
|
+
- Allows null type for authState related methods / fields
|
|
55
|
+
- [#948](https://github.com/okta/okta-auth-js/pull/948) Adds `Google Authenticator` support in idx module
|
|
56
|
+
|
|
57
|
+
### Other
|
|
58
|
+
|
|
59
|
+
- [#947](https://github.com/okta/okta-auth-js/pull/947) TypeScript: Allow custom keys in `AuthState` interface
|
|
60
|
+
|
|
61
|
+
### Bug Fixes
|
|
62
|
+
|
|
63
|
+
- [#967](https://github.com/okta/okta-auth-js/pull/967) Throw error in `parseFromUrl` if can't load transaction meta
|
|
64
|
+
|
|
3
65
|
## 5.5.0
|
|
4
66
|
|
|
5
67
|
### Features
|
|
@@ -324,7 +386,7 @@
|
|
|
324
386
|
- `autoRemove`
|
|
325
387
|
- `devMode`
|
|
326
388
|
- [#469](https://github.com/okta/okta-auth-js/pull/469) Adds "rate limiting" logic to token autoRenew process to prevent too many requests be sent out which may cause application rate limit issue.
|
|
327
|
-
- [#503](https://github.com/okta/okta-auth-js/pull/503) Supports relative uri for [options.redirectUri](README.md#
|
|
389
|
+
- [#503](https://github.com/okta/okta-auth-js/pull/503) Supports relative uri for [options.redirectUri](README.md#configuration-options)
|
|
328
390
|
- [#478](https://github.com/okta/okta-auth-js/pull/478) Adds cross tabs communication to sync `AuthState`.
|
|
329
391
|
- [#525](https://github.com/okta/okta-auth-js/pull/525) Adds new methods `hasResponseType`, `isPKCE`, `isAuthorizationCodeFlow`. The option `responseType` is now accepted in the constructor.
|
|
330
392
|
|
|
@@ -364,7 +426,7 @@
|
|
|
364
426
|
|
|
365
427
|
- [#444](https://github.com/okta/okta-auth-js/pull/444)
|
|
366
428
|
- Implements "active" autoRenew. Previously tokens would be renewed or removed when calling `tokenManager.get`. Now they will be renewed or removed in the background. If autoRenew is true, tokens will be renewed before expiration. If autoRenew is false, tokens will be removed from storage on expiration.
|
|
367
|
-
- `onSessionExpired` option has been removed. [TokenManager events](#tokenmanageronevent-callback-context) can be used to detect and handle token renewal errors.
|
|
429
|
+
- `onSessionExpired` option has been removed. [TokenManager events](README.md#tokenmanageronevent-callback-context) can be used to detect and handle token renewal errors.
|
|
368
430
|
- `tokenManager.get` no longer implements autoRenew functionality (autoRenew is done by a separate process within `TokenManager`). Even with `autoRenew`, it is possible that the token returned from the TokenManager may be expired, since renewal is an asynchronous process. New method `tokenManager.hasExpired` can be used to test the token and avoid this potential race condition.
|
|
369
431
|
|
|
370
432
|
## 3.2.6
|
|
@@ -463,7 +525,7 @@
|
|
|
463
525
|
|
|
464
526
|
### Features
|
|
465
527
|
|
|
466
|
-
New [option](README.md#
|
|
528
|
+
New [option](README.md#configuration-options) `cookies` allows overriding default `secure` and `sameSite` values.
|
|
467
529
|
|
|
468
530
|
### Breaking Changes
|
|
469
531
|
|
|
@@ -483,7 +545,7 @@ New [option](README.md#additional-options) `cookies` allows overriding default `
|
|
|
483
545
|
|
|
484
546
|
- [#316](https://github.com/okta/okta-auth-js/pull/316) - Option `issuer` is [required](README.md#configuration-reference). Option `url` has been deprecated and is no longer used.
|
|
485
547
|
|
|
486
|
-
- [#317](https://github.com/okta/okta-auth-js/pull/317) - `pkce` [option](README.md#
|
|
548
|
+
- [#317](https://github.com/okta/okta-auth-js/pull/317) - `pkce` [option](README.md#configuration-options) is now `true` by default. `grantType` option is removed.
|
|
487
549
|
|
|
488
550
|
- [#320](https://github.com/okta/okta-auth-js/pull/320) - `getWithRedirect`, `getWithPopup`, and `getWithoutPrompt` previously took 2 sets of option objects as parameters, a set of "oauthOptions" and additional options. These methods now take a single options object which can hold all [available options](README.md#authorize-options). Passing a second options object will cause an exception to be thrown.
|
|
489
551
|
|
package/README.md
CHANGED
|
@@ -428,11 +428,11 @@ Default value is `true` which enables the [PKCE OAuth Flow](#pkce-oauth-20-flow)
|
|
|
428
428
|
|
|
429
429
|
#### responseMode
|
|
430
430
|
|
|
431
|
-
When requesting tokens using [token.getWithRedirect](#tokengetwithredirectoptions) values will be returned as parameters appended to the [redirectUri](#
|
|
431
|
+
When requesting tokens using [token.getWithRedirect](#tokengetwithredirectoptions) values will be returned as parameters appended to the [redirectUri](#configuration-options).
|
|
432
432
|
|
|
433
433
|
In most cases you will not need to set a value for `responseMode`. Defaults are set according to the [OpenID Connect 1.0 specification](https://openid.net/specs/openid-connect-core-1_0.html#Authentication).
|
|
434
434
|
|
|
435
|
-
* For [PKCE OAuth Flow](#pkce-oauth-20-flow)), the authorization code will be in search query of the URL. Clients using the PKCE flow can opt to instead receive the authorization code in the hash fragment by setting the [responseMode](#
|
|
435
|
+
* For [PKCE OAuth Flow](#pkce-oauth-20-flow)), the authorization code will be in search query of the URL. Clients using the PKCE flow can opt to instead receive the authorization code in the hash fragment by setting the [responseMode](#configuration-options) option to "fragment".
|
|
436
436
|
|
|
437
437
|
* For [Implicit OAuth Flow](#implicit-oauth-20-flow)), tokens will be in the hash fragment of the URL. This cannot be changed.
|
|
438
438
|
|
|
@@ -512,7 +512,11 @@ const config = {
|
|
|
512
512
|
|
|
513
513
|
const oktaAuth = new OktaAuth(config);
|
|
514
514
|
if (oktaAuth.isLoginRedirect()) {
|
|
515
|
-
|
|
515
|
+
try {
|
|
516
|
+
await oktaAuth.handleLoginRedirect();
|
|
517
|
+
} catch (e) {
|
|
518
|
+
// log or display error details
|
|
519
|
+
}
|
|
516
520
|
}
|
|
517
521
|
```
|
|
518
522
|
|
|
@@ -819,10 +823,11 @@ Defaults to `none` if the `secure` option is `true`, or `lax` if the `secure` op
|
|
|
819
823
|
* [getAccessToken](#getaccesstoken)
|
|
820
824
|
* [storeTokensFromRedirect](#storetokensfromredirect)
|
|
821
825
|
* [setOriginalUri](#setoriginaluriuri)
|
|
822
|
-
* [getOriginalUri](#
|
|
826
|
+
* [getOriginalUri](#getoriginaluristate)
|
|
823
827
|
* [removeOriginalUri](#removeoriginaluri)
|
|
824
828
|
* [isLoginRedirect](#isloginredirect)
|
|
825
829
|
* [handleLoginRedirect](#handleloginredirecttokens)
|
|
830
|
+
* [setHeaders](#setheaders)
|
|
826
831
|
* [tx.resume](#txresume)
|
|
827
832
|
* [tx.exists](#txexists)
|
|
828
833
|
* [transaction.status](#transactionstatus)
|
|
@@ -883,13 +888,18 @@ See [authn API](docs/authn.md#signinwithcredentials).
|
|
|
883
888
|
### `signInWithRedirect(options)`
|
|
884
889
|
|
|
885
890
|
> :link: web browser only <br>
|
|
891
|
+
> :hourglass: async
|
|
886
892
|
|
|
887
893
|
Starts the full-page redirect to Okta with [optional request parameters](#authorize-options). In this flow, there is a originalUri parameter in options to track the route before the user signIn, and the addtional params are mapped to the [Authorize options](#authorize-options).
|
|
888
|
-
You can use [storeTokensFromRedirect](#storetokensfromredirect) to store tokens and [getOriginalUri](#
|
|
894
|
+
You can use [storeTokensFromRedirect](#storetokensfromredirect) to store tokens and [getOriginalUri](#getoriginaluristate) to clear the intermediate state (the originalUri) after successful authentication.
|
|
889
895
|
|
|
890
896
|
```javascript
|
|
891
897
|
if (authClient.isLoginRedirect()) {
|
|
892
|
-
|
|
898
|
+
try {
|
|
899
|
+
await authClient.handleLoginRedirect();
|
|
900
|
+
} catch (e) {
|
|
901
|
+
// log or display error details
|
|
902
|
+
}
|
|
893
903
|
} else if (!await authClient.isAuthenticated()) {
|
|
894
904
|
// Start the browser based oidc flow, then parse tokens from the redirect callback url
|
|
895
905
|
authClient.signInWithRedirect();
|
|
@@ -1064,11 +1074,11 @@ Parses tokens from the redirect url and stores them.
|
|
|
1064
1074
|
|
|
1065
1075
|
### `setOriginalUri(uri?)`
|
|
1066
1076
|
|
|
1067
|
-
Stores the current URL state before a redirect occurs.
|
|
1077
|
+
Stores the current URL state before a redirect occurs.
|
|
1068
1078
|
|
|
1069
|
-
### `getOriginalUri()`
|
|
1079
|
+
### `getOriginalUri(state?)`
|
|
1070
1080
|
|
|
1071
|
-
Returns the stored URI string stored by [setOriginal](#setoriginaluriuri).
|
|
1081
|
+
Returns the stored URI string stored by [setOriginal](#setoriginaluriuri). An OAuth `state` parameter is optional. If no value is passed for `state`, the URI is retrieved from isolated session storage and will work in a single browser. If a valid OAuth `state` is passed this method can return the URI stored from another browser tab.
|
|
1072
1082
|
|
|
1073
1083
|
### `removeOriginalUri()`
|
|
1074
1084
|
|
|
@@ -1083,17 +1093,49 @@ Check `window.location` to verify if the app is in OAuth callback state or not.
|
|
|
1083
1093
|
```javascript
|
|
1084
1094
|
if (authClient.isLoginRedirect()) {
|
|
1085
1095
|
// callback flow
|
|
1086
|
-
|
|
1096
|
+
try {
|
|
1097
|
+
await authClient.handleLoginRedirect();
|
|
1098
|
+
} catch (e) {
|
|
1099
|
+
// log or display error details
|
|
1100
|
+
}
|
|
1087
1101
|
} else {
|
|
1088
1102
|
// normal app flow
|
|
1089
1103
|
}
|
|
1090
1104
|
```
|
|
1091
1105
|
|
|
1092
|
-
### `handleLoginRedirect(tokens?)`
|
|
1106
|
+
### `handleLoginRedirect(tokens?, originalUri?)`
|
|
1093
1107
|
|
|
1094
1108
|
> :link: web browser only <br>
|
|
1109
|
+
> :hourglass: async
|
|
1110
|
+
|
|
1111
|
+
Stores passed in tokens or tokens from redirect url into storage, then redirect users back to the [originalUri](#setoriginaluriuri). When using `PKCE` authorization code flow, this method also exchanges authorization code for tokens. By default it calls `window.location.replace` for the redirection. The default behavior can be overrided by providing [options.restoreOriginalUri](#configuration-options). By default, [originalUri](#getoriginaluristate) will be retrieved from storage, but this can be overridden by passing a value fro `originalUri` to this function in the 2nd parameter.
|
|
1095
1112
|
|
|
1096
|
-
|
|
1113
|
+
> **Note:** `handleLoginRedirect` throws `OAuthError` or `AuthSdkError` in case there are errors during token retrieval.
|
|
1114
|
+
|
|
1115
|
+
### `setHeaders()`
|
|
1116
|
+
|
|
1117
|
+
Can set (or unset) request headers after construction.
|
|
1118
|
+
|
|
1119
|
+
```javascript
|
|
1120
|
+
const authClient = new OktaAuth({
|
|
1121
|
+
issuer: 'https://{yourOktaDomain}',
|
|
1122
|
+
|
|
1123
|
+
// headers can be set during construction
|
|
1124
|
+
headers: {
|
|
1125
|
+
foo: 'bar'
|
|
1126
|
+
}
|
|
1127
|
+
});
|
|
1128
|
+
|
|
1129
|
+
// Headers can be set (or modified) after construction
|
|
1130
|
+
authClient.setHeaders({
|
|
1131
|
+
foo: 'baz'
|
|
1132
|
+
});
|
|
1133
|
+
|
|
1134
|
+
// Headers can be removed
|
|
1135
|
+
authClient.setHeaders({
|
|
1136
|
+
foo: undefined
|
|
1137
|
+
})
|
|
1138
|
+
```
|
|
1097
1139
|
|
|
1098
1140
|
### `tx.resume()`
|
|
1099
1141
|
|
|
@@ -1273,7 +1315,7 @@ authClient.token.getWithPopup(options)
|
|
|
1273
1315
|
> :link: web browser only <br>
|
|
1274
1316
|
> :hourglass: async
|
|
1275
1317
|
|
|
1276
|
-
Create token using a redirect. After a successful authentication, the browser will be redirected to the configured [redirectUri](#
|
|
1318
|
+
Create token using a redirect. After a successful authentication, the browser will be redirected to the configured [redirectUri](#configuration-options). The authorization code, access, or ID Tokens will be available as parameters appended to this URL. Values will be returned in either the search query or hash fragment portion of the URL depending on the [responseMode](#responsemode)
|
|
1277
1319
|
|
|
1278
1320
|
* `options` - See [Authorize options](#authorize-options)
|
|
1279
1321
|
|
|
@@ -1318,7 +1360,7 @@ authClient.token.parseFromUrl()
|
|
|
1318
1360
|
});
|
|
1319
1361
|
```
|
|
1320
1362
|
|
|
1321
|
-
After reading values, this method will rewrite either the hash fragment or search query portion of the URL (depending on the [responseMode](#responsemode)) so that the code or tokens are no longer present or visible to the user. For this reason, it is recommended to use a dedicated route or path for the [redirectUri](#
|
|
1363
|
+
After reading values, this method will rewrite either the hash fragment or search query portion of the URL (depending on the [responseMode](#responsemode)) so that the code or tokens are no longer present or visible to the user. For this reason, it is recommended to use a dedicated route or path for the [redirectUri](#configuration-options) so that this URL rewrite does not interfere with other URL parameters which may be used by your application. A complete login flow will usually save the current URL before calling `getWithRedirect` and restore the URL after saving tokens from `parseFromUrl`.
|
|
1322
1364
|
|
|
1323
1365
|
```javascript
|
|
1324
1366
|
// On any page while unauthenticated. Begin login flow
|
|
@@ -1643,6 +1685,10 @@ authClient.authStateManager.subscribe((authState) => {
|
|
|
1643
1685
|
|
|
1644
1686
|
Gets latest evaluated `authState` from the `authStateManager`. The `authState` (a unique new object) is re-evaluated when `authStateManager.updateAuthState()` is called. If `updateAuthState` has not been called, or it has not finished calculating an initial state, `getAuthState` will return `null`.
|
|
1645
1687
|
|
|
1688
|
+
#### `authStateManager.getPreviousAuthState()`
|
|
1689
|
+
|
|
1690
|
+
Gets the previous evaluated `authState` from the `authStateManager`. This state can be used to tell when the new authState is evaluated. For example, the `authState` is evaluated duing app initialization if the `previousAuthState` is `null`, and the `authState` is evaluated during tokens auto renew process if the `previousAuthState` exists.
|
|
1691
|
+
|
|
1646
1692
|
#### `authStateManager.updateAuthState()`
|
|
1647
1693
|
|
|
1648
1694
|
Produces a unique `authState` object and emits an `authStateChange` event. The [authState](#authstatemanager) object contains tokens from the `tokenManager` and a calculated `isAuthenticated` value. By default, `authState.isAuthenticated` will be true if both `idToken` and `accessToken` are present. This logic can be customized by defining a custom [transformAuthState](#transformauthstate) function.
|
|
@@ -1834,4 +1880,4 @@ const OktaAuth = require('@okta/okta-auth-js').OktaAuth;
|
|
|
1834
1880
|
|
|
1835
1881
|
## Contributing
|
|
1836
1882
|
|
|
1837
|
-
We're happy to accept contributions and PRs! Please see the [contribution guide](
|
|
1883
|
+
We're happy to accept contributions and PRs! Please see the [contribution guide](CONTRIBUTING.md) to understand how to structure a contribution.
|
package/cjs/AuthStateManager.js
CHANGED
|
@@ -81,6 +81,10 @@ class AuthStateManager {
|
|
|
81
81
|
return this._authState;
|
|
82
82
|
}
|
|
83
83
|
|
|
84
|
+
getPreviousAuthState() {
|
|
85
|
+
return this._prevAuthState;
|
|
86
|
+
}
|
|
87
|
+
|
|
84
88
|
async updateAuthState() {
|
|
85
89
|
const {
|
|
86
90
|
transformAuthState,
|
|
@@ -107,6 +111,7 @@ class AuthStateManager {
|
|
|
107
111
|
return;
|
|
108
112
|
}
|
|
109
113
|
|
|
114
|
+
this._prevAuthState = this._authState;
|
|
110
115
|
this._authState = authState; // emit new authState object
|
|
111
116
|
|
|
112
117
|
this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../lib/AuthStateManager.ts"],"names":["PCancelable","require","INITIAL_AUTH_STATE","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","JSON","stringify","idToken","accessToken","error","AuthStateManager","constructor","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","transformAuthState","devMode","log","status","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","then","curPromise","cancel","cancelablePromise","resolve","_","onCancel","shouldReject","emitAndResolve","isCanceled","refreshToken","getTokensSync","promise","Promise","catch","subscribe","handler","unsubscribe","off"],"mappings":";;;;AAaA;;AAGA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,MAAMA,WAAW,GAAGC,OAAO,CAAC,cAAD,CAA3B;;AAEO,MAAMC,kBAAkB,GAAG,IAA3B;;AACP,MAAMC,eAAe,GAAG;AACtBC,EAAAA,sBAAsB,EAAE,IADF;AAEtBC,EAAAA,aAAa,EAAE;AAFO,CAAxB;AAIA,MAAMC,uBAAuB,GAAG,iBAAhC;AACA,MAAMC,wBAAwB,GAAG,EAAjC,C,CAEA;;AACA,MAAMC,eAAe,GAAG,CAACC,SAAD,EAAuBC,KAAvB,KAA4C;AAClE;AACA,MAAI,CAACD,SAAL,EAAgB;AACd,WAAO,KAAP;AACD;;AAED,SAAOA,SAAS,CAACE,eAAV,KAA8BD,KAAK,CAACC,eAApC,IACFC,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACK,OAAzB,MAAsCF,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACI,OAArB,CADpC,IAEFF,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACM,WAAzB,MAA0CH,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACK,WAArB,CAFxC,IAGFN,SAAS,CAACO,KAAV,KAAoBN,KAAK,CAACM,KAH/B;AAID,CAVD;;AAYO,MAAMC,gBAAN,CAAuB;AAU5BC,EAAAA,WAAW,CAACC,GAAD,EAAgB;AACzB,QAAI,CAACA,GAAG,CAACC,OAAT,EAAkB;AAChB,YAAM,IAAIC,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AAED,SAAKC,IAAL,GAAYH,GAAZ;AACA,SAAKI,QAAL,GAAgB,EAAE,GAAGpB;AAAL,KAAhB;AACA,SAAKqB,UAAL,GAAkBtB,kBAAlB;AACA,SAAKuB,WAAL,GAAmB,EAAnB,CARyB,CAUzB;AACA;AACA;;AACAN,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBC,yBAApB,EAAiC,CAACC,GAAD,EAAMC,KAAN,KAAgB;AAC/C,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEJ,yBAAT;AAAsBC,QAAAA,GAAtB;AAA2BC,QAAAA;AAA3B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAIAd,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBO,2BAApB,EAAmC,CAACL,GAAD,EAAMC,KAAN,KAAgB;AACjD,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEE,2BAAT;AAAwBL,QAAAA,GAAxB;AAA6BC,QAAAA;AAA7B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAID;;AAEDF,EAAAA,cAAc,CAACI,OAAD,EAAU;AACtB,SAAKV,WAAL,GAAmBU,OAAnB;AACD;;AAEDC,EAAAA,YAAY,GAAc;AACxB,WAAO,KAAKZ,UAAZ;AACD;;AAEoB,QAAfS,eAAe,GAAuB;AAC1C,UAAM;AAAEI,MAAAA,kBAAF;AAAsBC,MAAAA;AAAtB,QAAkC,KAAKhB,IAAL,CAAUa,OAAlD;;AAEA,UAAMI,GAAG,GAAIC,MAAD,IAAY;AACtB,YAAM;AAAER,QAAAA,KAAF;AAASH,QAAAA,GAAT;AAAcC,QAAAA;AAAd,UAAwB,KAAKL,WAAnC;AACA,8BAAagB,KAAb,CAAoB,uCAAsCT,KAAM,WAAUQ,MAAO,EAAjF;AACA,8BAAaD,GAAb,CAAiBV,GAAjB,EAAsBC,KAAtB;AACA,8BAAaS,GAAb,CAAiB,mBAAjB,EAAsC,KAAKf,UAA3C;AACA,8BAAakB,QAAb,GALsB,CAOtB;;AACA,WAAKjB,WAAL,GAAmB,EAAnB;AACD,KATD;;AAWA,UAAMkB,mBAAmB,GAAIC,SAAD,IAAe;AACzC,UAAIpC,eAAe,CAAC,KAAKgB,UAAN,EAAkBoB,SAAlB,CAAnB,EAAiD;AAC/CN,QAAAA,OAAO,IAAIC,GAAG,CAAC,WAAD,CAAd;AACA;AACD;;AACD,WAAKf,UAAL,GAAkBoB,SAAlB,CALyC,CAMzC;;AACA,WAAKtB,IAAL,CAAUF,OAAV,CAAkByB,IAAlB,CAAuBvC,uBAAvB,EAAgD,EAAE,GAAGsC;AAAL,OAAhD;;AACAN,MAAAA,OAAO,IAAIC,GAAG,CAAC,SAAD,CAAd;AACD,KATD;;AAWA,UAAMO,YAAY,GAAIC,WAAD,IAAiB;AACpC,aAAO,KAAKxB,QAAL,CAAcnB,sBAAd,CAAqC4C,IAArC,CAA0C,MAAM;AACrD,cAAMC,UAAU,GAAG,KAAK1B,QAAL,CAAcnB,sBAAjC;;AACA,YAAI6C,UAAU,IAAIA,UAAU,KAAKF,WAAjC,EAA8C;AAC5C,iBAAOD,YAAY,CAACG,UAAD,CAAnB;AACD;;AACD,eAAO,KAAKb,YAAL,EAAP;AACD,OANM,CAAP;AAOD,KARD;;AAUA,QAAI,KAAKb,QAAL,CAAcnB,sBAAlB,EAA0C;AACxC,UAAI,KAAKmB,QAAL,CAAclB,aAAd,IAA+BE,wBAAnC,EAA6D;AAC3D;AACA;AACA+B,QAAAA,OAAO,IAAIC,GAAG,CAAC,YAAD,CAAd;AACA,eAAOO,YAAY,CAAC,KAAKvB,QAAL,CAAcnB,sBAAf,CAAnB;AACD,OALD,MAKO;AACL,aAAKmB,QAAL,CAAcnB,sBAAd,CAAqC8C,MAArC;AACD;AACF;AAED;;;AACA,UAAMC,iBAAiB,GAAG,IAAInD,WAAJ,CAAgB,CAACoD,OAAD,EAAUC,CAAV,EAAaC,QAAb,KAA0B;AAClEA,MAAAA,QAAQ,CAACC,YAAT,GAAwB,KAAxB;AACAD,MAAAA,QAAQ,CAAC,MAAM;AACb,aAAK/B,QAAL,CAAcnB,sBAAd,GAAuC,IAAvC;AACA,aAAKmB,QAAL,CAAclB,aAAd,GAA8B,KAAKkB,QAAL,CAAclB,aAAd,GAA8B,CAA5D;AACAiC,QAAAA,OAAO,IAAIC,GAAG,CAAC,UAAD,CAAd;AACD,OAJO,CAAR;;AAMA,YAAMiB,cAAc,GAAIZ,SAAD,IAAe;AACpC,YAAIO,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD,SAJmC,CAKpC;;;AACAT,QAAAA,mBAAmB,CAACC,SAAD,CAAnB;AACAQ,QAAAA,OAAO,GAP6B,CASpC;;AACA,aAAK7B,QAAL,GAAgB,EAAE,GAAGpB;AAAL,SAAhB;AACD,OAXD;;AAaA,WAAKmB,IAAL,CAAUX,eAAV,GACGqC,IADH,CACQ,MAAM;AACV,YAAIG,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD;;AAED,cAAM;AAAErC,UAAAA,WAAF;AAAeD,UAAAA,OAAf;AAAwB4C,UAAAA;AAAxB,YAAyC,KAAKpC,IAAL,CAAUI,YAAV,CAAuBiC,aAAvB,EAA/C;;AACA,cAAMf,SAAS,GAAG;AAChB7B,UAAAA,WADgB;AAEhBD,UAAAA,OAFgB;AAGhB4C,UAAAA,YAHgB;AAIhB/C,UAAAA,eAAe,EAAE,CAAC,EAAEI,WAAW,IAAID,OAAjB;AAJF,SAAlB;AAMA,cAAM8C,OAA2B,GAAGvB,kBAAkB,GAClDA,kBAAkB,CAAC,KAAKf,IAAN,EAAYsB,SAAZ,CADgC,GAElDiB,OAAO,CAACT,OAAR,CAAgBR,SAAhB,CAFJ;AAIAgB,QAAAA,OAAO,CACJZ,IADH,CACQJ,SAAS,IAAIY,cAAc,CAACZ,SAAD,CADnC,EAEGkB,KAFH,CAES9C,KAAK,IAAIwC,cAAc,CAAC;AAC7BzC,UAAAA,WAD6B;AAE7BD,UAAAA,OAF6B;AAG7B4C,UAAAA,YAH6B;AAI7B/C,UAAAA,eAAe,EAAE,KAJY;AAK7BK,UAAAA;AAL6B,SAAD,CAFhC;AASD,OA3BH;AA4BD,KAjDyB,CAA1B;AAkDA;;AACA,SAAKO,QAAL,CAAcnB,sBAAd,GAAuC+C,iBAAvC;AAEA,WAAOL,YAAY,CAACK,iBAAD,CAAnB;AACD;;AAEDY,EAAAA,SAAS,CAACC,OAAD,EAAgB;AACvB,SAAK1C,IAAL,CAAUF,OAAV,CAAkBO,EAAlB,CAAqBrB,uBAArB,EAA8C0D,OAA9C;AACD;;AAEDC,EAAAA,WAAW,CAACD,OAAD,EAAiB;AAC1B,SAAK1C,IAAL,CAAUF,OAAV,CAAkB8C,GAAlB,CAAsB5D,uBAAtB,EAA+C0D,OAA/C;AACD;;AAtJ2B","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { AuthState, AuthStateLogOptions } from './types';\nimport { OktaAuth } from '.';\nimport { getConsole } from './util';\nimport { EVENT_ADDED, EVENT_REMOVED } from './TokenManager';\nconst PCancelable = require('p-cancelable');\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\nexport class AuthStateManager {\n _sdk: OktaAuth;\n _pending: { \n updateAuthStatePromise: typeof PCancelable;\n canceledTimes: number; \n };\n _authState: AuthState;\n _logOptions: AuthStateLogOptions;\n _lastEventTimestamp: number;\n\n constructor(sdk: OktaAuth) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n\n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState {\n return this._authState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n /* eslint-disable complexity */\n const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n onCancel.shouldReject = false;\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve();\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then(() => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated: !!(accessToken && idToken)\n };\n const promise: Promise<AuthState> = transformAuthState\n ? transformAuthState(this._sdk, authState)\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n /* eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n"],"file":"AuthStateManager.js"}
|
|
1
|
+
{"version":3,"sources":["../../lib/AuthStateManager.ts"],"names":["PCancelable","require","INITIAL_AUTH_STATE","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","JSON","stringify","idToken","accessToken","error","AuthStateManager","constructor","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","getPreviousAuthState","_prevAuthState","transformAuthState","devMode","log","status","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","then","curPromise","cancel","cancelablePromise","resolve","_","onCancel","shouldReject","emitAndResolve","isCanceled","refreshToken","getTokensSync","promise","Promise","catch","subscribe","handler","unsubscribe","off"],"mappings":";;;;AAaA;;AAGA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,MAAMA,WAAW,GAAGC,OAAO,CAAC,cAAD,CAA3B;;AAEO,MAAMC,kBAAkB,GAAG,IAA3B;;AACP,MAAMC,eAAe,GAAG;AACtBC,EAAAA,sBAAsB,EAAE,IADF;AAEtBC,EAAAA,aAAa,EAAE;AAFO,CAAxB;AAIA,MAAMC,uBAAuB,GAAG,iBAAhC;AACA,MAAMC,wBAAwB,GAAG,EAAjC,C,CAEA;;AACA,MAAMC,eAAe,GAAG,CAACC,SAAD,EAAuBC,KAAvB,KAA4C;AAClE;AACA,MAAI,CAACD,SAAL,EAAgB;AACd,WAAO,KAAP;AACD;;AAED,SAAOA,SAAS,CAACE,eAAV,KAA8BD,KAAK,CAACC,eAApC,IACFC,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACK,OAAzB,MAAsCF,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACI,OAArB,CADpC,IAEFF,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACM,WAAzB,MAA0CH,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACK,WAArB,CAFxC,IAGFN,SAAS,CAACO,KAAV,KAAoBN,KAAK,CAACM,KAH/B;AAID,CAVD;;AAYO,MAAMC,gBAAN,CAAuB;AAW5BC,EAAAA,WAAW,CAACC,GAAD,EAAgB;AACzB,QAAI,CAACA,GAAG,CAACC,OAAT,EAAkB;AAChB,YAAM,IAAIC,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AAED,SAAKC,IAAL,GAAYH,GAAZ;AACA,SAAKI,QAAL,GAAgB,EAAE,GAAGpB;AAAL,KAAhB;AACA,SAAKqB,UAAL,GAAkBtB,kBAAlB;AACA,SAAKuB,WAAL,GAAmB,EAAnB,CARyB,CAUzB;AACA;AACA;;AACAN,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBC,yBAApB,EAAiC,CAACC,GAAD,EAAMC,KAAN,KAAgB;AAC/C,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEJ,yBAAT;AAAsBC,QAAAA,GAAtB;AAA2BC,QAAAA;AAA3B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAIAd,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBO,2BAApB,EAAmC,CAACL,GAAD,EAAMC,KAAN,KAAgB;AACjD,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEE,2BAAT;AAAwBL,QAAAA,GAAxB;AAA6BC,QAAAA;AAA7B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAID;;AAEDF,EAAAA,cAAc,CAACI,OAAD,EAAU;AACtB,SAAKV,WAAL,GAAmBU,OAAnB;AACD;;AAEDC,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKZ,UAAZ;AACD;;AAEDa,EAAAA,oBAAoB,GAAqB;AACvC,WAAO,KAAKC,cAAZ;AACD;;AAEoB,QAAfL,eAAe,GAAuB;AAC1C,UAAM;AAAEM,MAAAA,kBAAF;AAAsBC,MAAAA;AAAtB,QAAkC,KAAKlB,IAAL,CAAUa,OAAlD;;AAEA,UAAMM,GAAG,GAAIC,MAAD,IAAY;AACtB,YAAM;AAAEV,QAAAA,KAAF;AAASH,QAAAA,GAAT;AAAcC,QAAAA;AAAd,UAAwB,KAAKL,WAAnC;AACA,8BAAakB,KAAb,CAAoB,uCAAsCX,KAAM,WAAUU,MAAO,EAAjF;AACA,8BAAaD,GAAb,CAAiBZ,GAAjB,EAAsBC,KAAtB;AACA,8BAAaW,GAAb,CAAiB,mBAAjB,EAAsC,KAAKjB,UAA3C;AACA,8BAAaoB,QAAb,GALsB,CAOtB;;AACA,WAAKnB,WAAL,GAAmB,EAAnB;AACD,KATD;;AAWA,UAAMoB,mBAAmB,GAAIC,SAAD,IAAe;AACzC,UAAItC,eAAe,CAAC,KAAKgB,UAAN,EAAkBsB,SAAlB,CAAnB,EAAiD;AAC/CN,QAAAA,OAAO,IAAIC,GAAG,CAAC,WAAD,CAAd;AACA;AACD;;AACD,WAAKH,cAAL,GAAsB,KAAKd,UAA3B;AACA,WAAKA,UAAL,GAAkBsB,SAAlB,CANyC,CAOzC;;AACA,WAAKxB,IAAL,CAAUF,OAAV,CAAkB2B,IAAlB,CAAuBzC,uBAAvB,EAAgD,EAAE,GAAGwC;AAAL,OAAhD;;AACAN,MAAAA,OAAO,IAAIC,GAAG,CAAC,SAAD,CAAd;AACD,KAVD;;AAYA,UAAMO,YAAY,GAAIC,WAAD,IAAiB;AACpC,aAAO,KAAK1B,QAAL,CAAcnB,sBAAd,CAAqC8C,IAArC,CAA0C,MAAM;AACrD,cAAMC,UAAU,GAAG,KAAK5B,QAAL,CAAcnB,sBAAjC;;AACA,YAAI+C,UAAU,IAAIA,UAAU,KAAKF,WAAjC,EAA8C;AAC5C,iBAAOD,YAAY,CAACG,UAAD,CAAnB;AACD;;AACD,eAAO,KAAKf,YAAL,EAAP;AACD,OANM,CAAP;AAOD,KARD;;AAUA,QAAI,KAAKb,QAAL,CAAcnB,sBAAlB,EAA0C;AACxC,UAAI,KAAKmB,QAAL,CAAclB,aAAd,IAA+BE,wBAAnC,EAA6D;AAC3D;AACA;AACAiC,QAAAA,OAAO,IAAIC,GAAG,CAAC,YAAD,CAAd;AACA,eAAOO,YAAY,CAAC,KAAKzB,QAAL,CAAcnB,sBAAf,CAAnB;AACD,OALD,MAKO;AACL,aAAKmB,QAAL,CAAcnB,sBAAd,CAAqCgD,MAArC;AACD;AACF;AAED;;;AACA,UAAMC,iBAAiB,GAAG,IAAIrD,WAAJ,CAAgB,CAACsD,OAAD,EAAUC,CAAV,EAAaC,QAAb,KAA0B;AAClEA,MAAAA,QAAQ,CAACC,YAAT,GAAwB,KAAxB;AACAD,MAAAA,QAAQ,CAAC,MAAM;AACb,aAAKjC,QAAL,CAAcnB,sBAAd,GAAuC,IAAvC;AACA,aAAKmB,QAAL,CAAclB,aAAd,GAA8B,KAAKkB,QAAL,CAAclB,aAAd,GAA8B,CAA5D;AACAmC,QAAAA,OAAO,IAAIC,GAAG,CAAC,UAAD,CAAd;AACD,OAJO,CAAR;;AAMA,YAAMiB,cAAc,GAAIZ,SAAD,IAAe;AACpC,YAAIO,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD,SAJmC,CAKpC;;;AACAT,QAAAA,mBAAmB,CAACC,SAAD,CAAnB;AACAQ,QAAAA,OAAO,GAP6B,CASpC;;AACA,aAAK/B,QAAL,GAAgB,EAAE,GAAGpB;AAAL,SAAhB;AACD,OAXD;;AAaA,WAAKmB,IAAL,CAAUX,eAAV,GACGuC,IADH,CACQ,MAAM;AACV,YAAIG,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD;;AAED,cAAM;AAAEvC,UAAAA,WAAF;AAAeD,UAAAA,OAAf;AAAwB8C,UAAAA;AAAxB,YAAyC,KAAKtC,IAAL,CAAUI,YAAV,CAAuBmC,aAAvB,EAA/C;;AACA,cAAMf,SAAS,GAAG;AAChB/B,UAAAA,WADgB;AAEhBD,UAAAA,OAFgB;AAGhB8C,UAAAA,YAHgB;AAIhBjD,UAAAA,eAAe,EAAE,CAAC,EAAEI,WAAW,IAAID,OAAjB;AAJF,SAAlB;AAMA,cAAMgD,OAA2B,GAAGvB,kBAAkB,GAClDA,kBAAkB,CAAC,KAAKjB,IAAN,EAAYwB,SAAZ,CADgC,GAElDiB,OAAO,CAACT,OAAR,CAAgBR,SAAhB,CAFJ;AAIAgB,QAAAA,OAAO,CACJZ,IADH,CACQJ,SAAS,IAAIY,cAAc,CAACZ,SAAD,CADnC,EAEGkB,KAFH,CAEShD,KAAK,IAAI0C,cAAc,CAAC;AAC7B3C,UAAAA,WAD6B;AAE7BD,UAAAA,OAF6B;AAG7B8C,UAAAA,YAH6B;AAI7BjD,UAAAA,eAAe,EAAE,KAJY;AAK7BK,UAAAA;AAL6B,SAAD,CAFhC;AASD,OA3BH;AA4BD,KAjDyB,CAA1B;AAkDA;;AACA,SAAKO,QAAL,CAAcnB,sBAAd,GAAuCiD,iBAAvC;AAEA,WAAOL,YAAY,CAACK,iBAAD,CAAnB;AACD;;AAEDY,EAAAA,SAAS,CAACC,OAAD,EAAgB;AACvB,SAAK5C,IAAL,CAAUF,OAAV,CAAkBO,EAAlB,CAAqBrB,uBAArB,EAA8C4D,OAA9C;AACD;;AAEDC,EAAAA,WAAW,CAACD,OAAD,EAAiB;AAC1B,SAAK5C,IAAL,CAAUF,OAAV,CAAkBgD,GAAlB,CAAsB9D,uBAAtB,EAA+C4D,OAA/C;AACD;;AA5J2B","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { AuthState, AuthStateLogOptions } from './types';\nimport { OktaAuth } from '.';\nimport { getConsole } from './util';\nimport { EVENT_ADDED, EVENT_REMOVED } from './TokenManager';\nconst PCancelable = require('p-cancelable');\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\nexport class AuthStateManager {\n _sdk: OktaAuth;\n _pending: { \n updateAuthStatePromise: typeof PCancelable;\n canceledTimes: number; \n };\n _authState: AuthState | null;\n _prevAuthState: AuthState | null;\n _logOptions: AuthStateLogOptions;\n _lastEventTimestamp: number;\n\n constructor(sdk: OktaAuth) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n\n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState | null {\n return this._authState;\n }\n\n getPreviousAuthState(): AuthState | null {\n return this._prevAuthState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._prevAuthState = this._authState;\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n /* eslint-disable complexity */\n const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n onCancel.shouldReject = false;\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve();\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then(() => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated: !!(accessToken && idToken)\n };\n const promise: Promise<AuthState> = transformAuthState\n ? transformAuthState(this._sdk, authState)\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n /* eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n"],"file":"AuthStateManager.js"}
|
package/cjs/OktaAuth.js
CHANGED
|
@@ -44,6 +44,8 @@ var _headers = require("./idx/headers");
|
|
|
44
44
|
|
|
45
45
|
var _OktaUserAgent = require("./OktaUserAgent");
|
|
46
46
|
|
|
47
|
+
var _parseFromUrl = require("./oidc/parseFromUrl");
|
|
48
|
+
|
|
47
49
|
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
48
50
|
|
|
49
51
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
@@ -74,23 +76,18 @@ class OktaAuth {
|
|
|
74
76
|
// TODO: remove in version 6
|
|
75
77
|
// JIRA: https://oktainc.atlassian.net/browse/OKTA-419417
|
|
76
78
|
constructor(args) {
|
|
77
|
-
this.options = (0, _options.buildOptions)(args);
|
|
78
|
-
|
|
79
|
-
storageManager,
|
|
80
|
-
cookies,
|
|
81
|
-
storageUtil
|
|
82
|
-
} = this.options;
|
|
83
|
-
this.storageManager = new _StorageManager.default(storageManager, cookies, storageUtil);
|
|
79
|
+
const options = this.options = (0, _options.buildOptions)(args);
|
|
80
|
+
this.storageManager = new _StorageManager.default(options.storageManager, options.cookies, options.storageUtil);
|
|
84
81
|
this.transactionManager = new _TransactionManager.default(Object.assign({
|
|
85
82
|
storageManager: this.storageManager
|
|
86
|
-
},
|
|
83
|
+
}, options.transactionManager));
|
|
87
84
|
this._oktaUserAgent = new _OktaUserAgent.OktaUserAgent();
|
|
88
85
|
this.tx = {
|
|
89
86
|
status: _tx.transactionStatus.bind(null, this),
|
|
90
87
|
resume: _tx.resumeTransaction.bind(null, this),
|
|
91
88
|
exists: Object.assign(_tx.transactionExists.bind(null, this), {
|
|
92
89
|
_get: name => {
|
|
93
|
-
const storage = storageUtil.storage;
|
|
90
|
+
const storage = options.storageUtil.storage;
|
|
94
91
|
return storage.get(name);
|
|
95
92
|
}
|
|
96
93
|
}),
|
|
@@ -115,9 +112,9 @@ class OktaAuth {
|
|
|
115
112
|
redirectUri: (0, _util.toAbsoluteUrl)(args.redirectUri, window.location.origin) // allow relative URIs
|
|
116
113
|
|
|
117
114
|
});
|
|
118
|
-
this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js/${"5.
|
|
115
|
+
this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js/${"5.9.0"}`);
|
|
119
116
|
} else {
|
|
120
|
-
this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js-server/${"5.
|
|
117
|
+
this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js-server/${"5.9.0"}`);
|
|
121
118
|
} // Digital clocks will drift over time, so the server
|
|
122
119
|
// can misalign with the time reported by the browser.
|
|
123
120
|
// The maxClockSkew allows relaxing the time-based
|
|
@@ -198,10 +195,18 @@ class OktaAuth {
|
|
|
198
195
|
introspect: _idx.introspect.bind(null, this),
|
|
199
196
|
authenticate: _idx.authenticate.bind(null, this),
|
|
200
197
|
register: _idx.register.bind(null, this),
|
|
198
|
+
proceed: _idx.proceed.bind(null, this),
|
|
201
199
|
cancel: _idx.cancel.bind(null, this),
|
|
202
200
|
recoverPassword: _idx.recoverPassword.bind(null, this),
|
|
203
201
|
handleInteractionCodeRedirect: _idx.handleInteractionCodeRedirect.bind(null, this),
|
|
204
|
-
startTransaction: _idx.startTransaction.bind(null, this)
|
|
202
|
+
startTransaction: _idx.startTransaction.bind(null, this),
|
|
203
|
+
setFlow: flow => {
|
|
204
|
+
this.options.flow = flow;
|
|
205
|
+
},
|
|
206
|
+
getFlow: () => {
|
|
207
|
+
return this.options.flow;
|
|
208
|
+
},
|
|
209
|
+
canProceed: _idx.canProceed.bind(null, this)
|
|
205
210
|
};
|
|
206
211
|
(0, _headers.setGlobalRequestInterceptor)((0, _headers.createGlobalRequestInterceptor)(this)); // to pass custom headers to IDX endpoints
|
|
207
212
|
// HTTP
|
|
@@ -228,17 +233,30 @@ class OktaAuth {
|
|
|
228
233
|
|
|
229
234
|
stop() {
|
|
230
235
|
this.tokenManager.stop();
|
|
236
|
+
}
|
|
237
|
+
|
|
238
|
+
setHeaders(headers) {
|
|
239
|
+
this.options.headers = Object.assign({}, this.options.headers, headers);
|
|
231
240
|
} // ES6 module users can use named exports to access all symbols
|
|
232
241
|
// CommonJS module users (CDN) need all exports on this object
|
|
233
242
|
// Utility methods for interaction code flow
|
|
234
243
|
|
|
235
244
|
|
|
236
|
-
isInteractionRequired() {
|
|
237
|
-
return (0, _oidc.isInteractionRequired)(this);
|
|
245
|
+
isInteractionRequired(hashOrSearch) {
|
|
246
|
+
return (0, _oidc.isInteractionRequired)(this, hashOrSearch);
|
|
238
247
|
}
|
|
239
248
|
|
|
240
249
|
isInteractionRequiredError(error) {
|
|
241
250
|
return (0, _oidc.isInteractionRequiredError)(error);
|
|
251
|
+
} // Utility methods for email verify callback
|
|
252
|
+
|
|
253
|
+
|
|
254
|
+
isEmailVerifyCallback(urlPath) {
|
|
255
|
+
return (0, _util.isEmailVerifyCallback)(urlPath);
|
|
256
|
+
}
|
|
257
|
+
|
|
258
|
+
parseEmailVerifyCallback(urlPath) {
|
|
259
|
+
return (0, _util.parseEmailVerifyCallback)(urlPath);
|
|
242
260
|
}
|
|
243
261
|
|
|
244
262
|
async signIn(opts) {
|
|
@@ -251,8 +269,6 @@ class OktaAuth {
|
|
|
251
269
|
opts = (0, _util.clone)(opts || {});
|
|
252
270
|
|
|
253
271
|
const _postToTransaction = options => {
|
|
254
|
-
options = options || {};
|
|
255
|
-
options.withCredentials = true;
|
|
256
272
|
delete opts.sendFingerprint;
|
|
257
273
|
return (0, _tx.postToTransaction)(this, '/api/v1/authn', opts, options);
|
|
258
274
|
};
|
|
@@ -525,44 +541,77 @@ class OktaAuth {
|
|
|
525
541
|
this.tokenManager.setTokens(tokens);
|
|
526
542
|
}
|
|
527
543
|
|
|
528
|
-
setOriginalUri(originalUri) {
|
|
529
|
-
|
|
544
|
+
setOriginalUri(originalUri, state) {
|
|
545
|
+
// always store in session storage
|
|
546
|
+
const sessionStorage = _browserStorage.default.getSessionStorage();
|
|
547
|
+
|
|
548
|
+
sessionStorage.setItem(constants.REFERRER_PATH_STORAGE_KEY, originalUri); // to support multi-tab flows, set a state in constructor or pass as param
|
|
549
|
+
|
|
550
|
+
state = state || this.options.state;
|
|
530
551
|
|
|
531
|
-
|
|
552
|
+
if (state) {
|
|
553
|
+
const sharedStorage = this.storageManager.getOriginalUriStorage();
|
|
554
|
+
sharedStorage.setItem(state, originalUri);
|
|
555
|
+
}
|
|
532
556
|
}
|
|
533
557
|
|
|
534
|
-
getOriginalUri() {
|
|
558
|
+
getOriginalUri(state) {
|
|
559
|
+
// Prefer shared storage (if state is available)
|
|
560
|
+
state = state || this.options.state;
|
|
561
|
+
|
|
562
|
+
if (state) {
|
|
563
|
+
const sharedStorage = this.storageManager.getOriginalUriStorage();
|
|
564
|
+
const originalUri = sharedStorage.getItem(state);
|
|
565
|
+
|
|
566
|
+
if (originalUri) {
|
|
567
|
+
return originalUri;
|
|
568
|
+
}
|
|
569
|
+
} // Try to load from session storage
|
|
570
|
+
|
|
571
|
+
|
|
535
572
|
const storage = _browserStorage.default.getSessionStorage();
|
|
536
573
|
|
|
537
|
-
|
|
538
|
-
return originalUri;
|
|
574
|
+
return storage ? storage.getItem(constants.REFERRER_PATH_STORAGE_KEY) : undefined;
|
|
539
575
|
}
|
|
540
576
|
|
|
541
|
-
removeOriginalUri() {
|
|
577
|
+
removeOriginalUri(state) {
|
|
578
|
+
// Remove from sessionStorage
|
|
542
579
|
const storage = _browserStorage.default.getSessionStorage();
|
|
543
580
|
|
|
544
|
-
storage.removeItem(constants.REFERRER_PATH_STORAGE_KEY);
|
|
581
|
+
storage.removeItem(constants.REFERRER_PATH_STORAGE_KEY); // Also remove from shared storage
|
|
582
|
+
|
|
583
|
+
state = state || this.options.state;
|
|
584
|
+
|
|
585
|
+
if (state) {
|
|
586
|
+
const sharedStorage = this.storageManager.getOriginalUriStorage();
|
|
587
|
+
sharedStorage.removeItem(state);
|
|
588
|
+
}
|
|
545
589
|
}
|
|
546
590
|
|
|
547
591
|
isLoginRedirect() {
|
|
548
592
|
return (0, _oidc.isLoginRedirect)(this);
|
|
549
593
|
}
|
|
550
594
|
|
|
551
|
-
async handleLoginRedirect(tokens) {
|
|
552
|
-
// Store tokens and update AuthState by the emitted events
|
|
595
|
+
async handleLoginRedirect(tokens, originalUri) {
|
|
596
|
+
let state = this.options.state; // Store tokens and update AuthState by the emitted events
|
|
597
|
+
|
|
553
598
|
if (tokens) {
|
|
554
599
|
this.tokenManager.setTokens(tokens);
|
|
600
|
+
originalUri = originalUri || this.getOriginalUri(this.options.state);
|
|
555
601
|
} else if (this.isLoginRedirect()) {
|
|
602
|
+
// For redirect flow, get state from the URL and use it to retrieve the originalUri
|
|
603
|
+
const oAuthResponse = await (0, _parseFromUrl.parseOAuthResponseFromUrl)(this, {});
|
|
604
|
+
state = oAuthResponse.state;
|
|
605
|
+
originalUri = originalUri || this.getOriginalUri(state);
|
|
556
606
|
await this.storeTokensFromRedirect();
|
|
557
607
|
} else {
|
|
558
608
|
return; // nothing to do
|
|
559
609
|
} // ensure auth state has been updated
|
|
560
610
|
|
|
561
611
|
|
|
562
|
-
await this.authStateManager.updateAuthState(); //
|
|
612
|
+
await this.authStateManager.updateAuthState(); // clear originalUri from storage
|
|
563
613
|
|
|
564
|
-
|
|
565
|
-
this.removeOriginalUri(); // Redirect to originalUri
|
|
614
|
+
this.removeOriginalUri(state); // Redirect to originalUri
|
|
566
615
|
|
|
567
616
|
const {
|
|
568
617
|
restoreOriginalUri
|