@okta/okta-auth-js 5.5.0 → 5.9.0

package/cjs/OktaAuth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["Emitter","require","OktaAuth","constructor","args","options","storageManager","cookies","storageUtil","StorageManager","transactionManager","TransactionManager","Object","assign","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","userAgent","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","getWithRedirect","parseFromUrl","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","verify","verifyToken","isLoginRedirect","syncMethods","keys","forEach","key","indexOf","method","prototype","push","_setLocation","url","_getHistory","history","_getLocation","_getDocument","document","idx","interact","introspectV2","authenticate","register","cancel","recoverPassword","handleInteractionCodeRedirect","startTransaction","http","setRequestHeader","fingerprint","emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","start","updateAuthState","stop","isInteractionRequired","isInteractionRequiredError","error","signIn","opts","signInWithCredentials","_postToTransaction","withCredentials","sendFingerprint","then","headers","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","Promise","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","hasExpired","getUser","getIdToken","undefined","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","unlockAccount","verifyRecoveryToken","features","constants"],"mappings":";;;;;;AAgBA;;AA+BA;;AAQA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AAKA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAUA;;AACA;;;;;;AA9GA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAkGA,MAAMA,OAAO,GAAGC,OAAO,CAAC,cAAD,CAAvB;;AAEA,MAAMC,QAAN,CAA8D;AAM5D;AACA;AACA;AAeAC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AACjC,SAAKC,OAAL,GAAe,2BAAaD,IAAb,CAAf;AACA,UAAM;AAAEE,MAAAA,cAAF;AAAkBC,MAAAA,OAAlB;AAA2BC,MAAAA;AAA3B,QAA2C,KAAKH,OAAtD;AACA,SAAKC,cAAL,GAAsB,IAAIG,uBAAJ,CAAmBH,cAAnB,EAAmCC,OAAnC,EAA4CC,WAA5C,CAAtB;AACA,SAAKE,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuBC,MAAM,CAACC,MAAP,CAAc;AAC7DP,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CF,IAAI,CAACM,kBAFyC,CAAvB,CAA1B;AAGA,SAAKI,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAEV,MAAM,CAACC,MAAP,CAAcU,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd,gBAAMC,OAAO,GAAGlB,WAAW,CAACkB,OAA5B;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AAJuD,OAAlD,CAHA;AASRG,MAAAA,UAAU,EAAEA,eAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB;AATJ,KAAV;AAYA,SAAKU,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CArBiC,CA2BjC;;AACArB,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAL,CAAaG,WAA3B,EAAwC;AACtC0B,MAAAA,cAAc,EAAE,KAAK5B,cAAL,CAAoB6B,oBAApB,CAAyChB,IAAzC,CAA8C,KAAKb,cAAnD,CADsB;AAEtC8B,MAAAA,YAAY,EAAE,KAAK9B,cAAL,CAAoB8B,YAApB,CAAiCjB,IAAjC,CAAsC,KAAKb,cAA3C;AAFwB,KAAxC;AAKA,SAAK+B,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKjC,OAAL,GAAeO,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAnB,EAA4B;AACzCkC,QAAAA,WAAW,EAAE,yBAAcnC,IAAI,CAACmC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGA,WAAKC,SAAL,GAAiB,+BAAavC,IAAb,EAAoB,gBAAD,OAA4B,EAA/C,CAAjB;AACD,KALD,MAKO;AACL,WAAKuC,SAAL,GAAiB,+BAAavC,IAAb,EAAoB,uBAAD,OAAmC,EAAtD,CAAjB;AACD,KA1CgC,CA4CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACA,IAAI,CAACwC,YAAN,IAAsBxC,IAAI,CAACwC,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAKvC,OAAL,CAAauC,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAKxC,OAAL,CAAauC,YAAb,GAA4BxC,IAAI,CAACwC,YAAjC;AACD,KAvDgC,CAyDjC;AACA;AACA;;;AACA,SAAKvC,OAAL,CAAayC,cAAb,GAA8B,CAAC,CAAC1C,IAAI,CAAC0C,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAa9B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAE4B,uBAAc/B,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAEwB,oBAAWhC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbiC,MAAAA,OAAO,EAAEC,wBAAelC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbmC,MAAAA,oBAAoB,EAAEA,8BAAqBnC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKoC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;AACA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmBvC,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEXwC,MAAAA,qBAAqB,EAAEA,4BAAsBxC,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGXyC,MAAAA,gBAAgB,EAAEA,uBAAiBzC,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX0C,MAAAA,YAAY,EAAEA,mBAAa1C,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKX2C,MAAAA,eAAe,EAAEA,sBAAgB3C,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CALN;AAMX4C,MAAAA,YAAY,EAAEA,mBAAa5C,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CANH;AAOX6C,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAYhD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXiD,MAAAA,KAAK,EAAEC,iBAAWlD,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXmD,MAAAA,sBAAsB,EAAEA,6BAAuBnD,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXoD,MAAAA,WAAW,EAAEA,kBAAYpD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXqD,MAAAA,WAAW,EAAEA,kBAAYrD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaXsD,MAAAA,MAAM,EAAEC,kBAAYvD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXwD,MAAAA,eAAe,EAAEA,sBAAgBxD,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAvEiC,CAuFjC;;AACA,UAAMyD,WAAW,GAAG,CAAC,QAAD,EAAW,iBAAX,CAApB;AACAhE,IAAAA,MAAM,CAACiE,IAAP,CAAY,KAAKpB,KAAjB,EAAwBqB,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAIH,WAAW,CAACI,OAAZ,CAAoBD,GAApB,KAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAIE,MAAM,GAAG,KAAKxB,KAAL,CAAWsB,GAAX,CAAb;AACA,WAAKtB,KAAL,CAAWsB,GAAX,IAAkBvB,sBAAa0B,SAAb,CAAuBC,IAAvB,CAA4BhE,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmD0B,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND;AAQArE,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK4C,KAAL,CAAWK,eAAzB,EAA0C;AACxC;AACAsB,MAAAA,YAAY,EAAE,UAASC,GAAT,EAAc;AAC1B7C,QAAAA,MAAM,CAACC,QAAP,GAAkB4C,GAAlB;AACD;AAJuC,KAA1C;AAMAzE,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK4C,KAAL,CAAWM,YAAzB,EAAuC;AACrC;AACAuB,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO9C,MAAM,CAAC+C,OAAd;AACD,OAJoC;AAMrC;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAOhD,MAAM,CAACC,QAAd;AACD,OAToC;AAWrC;AACAgD,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAOjD,MAAM,CAACkD,QAAd;AACD;AAdoC,KAAvC,EAvGiC,CAwHjC;;AACA,SAAKC,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAASzE,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEiE,gBAAa1E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAFH;AAGT2E,MAAAA,YAAY,EAAEA,kBAAa3E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAIT4E,MAAAA,QAAQ,EAAEA,cAAS5E,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKT6E,MAAAA,MAAM,EAAEA,YAAO7E,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CALC;AAMT8E,MAAAA,eAAe,EAAEA,qBAAgB9E,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CANR;AAOT+E,MAAAA,6BAA6B,EAAEA,mCAA8B/E,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAPtB;AAQTgF,MAAAA,gBAAgB,EAAEA,sBAAiBhF,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AART,KAAX;AAUA,8CAA4B,6CAA+B,IAA/B,CAA5B,EAnIiC,CAmIkC;AAEnE;;AACA,SAAKiF,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiBlF,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CAtIiC,CA0IjC;;AACA,SAAKmF,WAAL,GAAmBA,qBAAYnF,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAKoF,OAAL,GAAe,IAAIvG,OAAJ,EAAf,CA7IiC,CA+IjC;;AACA,SAAKwG,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuBrG,IAAI,CAACoG,YAA5B,CAApB,CAhJiC,CAkJjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB;AACD;;AAEDC,EAAAA,KAAK,GAAG;AACN,SAAKJ,YAAL,CAAkBI,KAAlB;;AACA,QAAI,CAAC,KAAKnD,KAAL,CAAWkB,eAAX,EAAL,EAAmC;AACjC,WAAK+B,gBAAL,CAAsBG,eAAtB;AACD;AACF;;AAEDC,EAAAA,IAAI,GAAG;AACL,SAAKN,YAAL,CAAkBM,IAAlB;AACD,GAtL2D,CAwL5D;AACA;AAEA;;;AACAC,EAAAA,qBAAqB,GAAY;AAC/B,WAAO,iCAAsB,IAAtB,CAAP;AACD;;AAEDC,EAAAA,0BAA0B,CAACC,KAAD,EAAwB;AAChD,WAAO,sCAA2BA,KAA3B,CAAP;AACD;;AAEW,QAANC,MAAM,CAACC,IAAD,EAAgD;AAC1D;AACA;AACA,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD;;AAE0B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAIhH,OAAD,IAAc;AACvCA,MAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AACAA,MAAAA,OAAO,CAACiH,eAAR,GAA0B,IAA1B;AACA,aAAOH,IAAI,CAACI,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCJ,IAAzC,EAA+C9G,OAA/C,CAAP;AACD,KALD;;AAMA,QAAI,CAAC8G,IAAI,CAACI,eAAV,EAA2B;AACzB,aAAOF,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKf,WAAL,GACNkB,IADM,CACD,UAASlB,WAAT,EAAsB;AAC1B,aAAOe,kBAAkB,CAAC;AACxBI,QAAAA,OAAO,EAAE;AACP,kCAAwBnB;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBoB,kBAAkB,CAACP,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEQ,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCT,IAA7C;;AACA,QAAG,KAAK9E,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAIqF,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAGlH,MAAM,CAACC,MAAP,CAAc;AAC3B;AACAkH,QAAAA,MAAM,EAAE,KAAK1H,OAAL,CAAa0H,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAKnE,KAAL,CAAWK,eAAX,CAA2BgE,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAKzF,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GApP2D,CAsP5D;;;AACAW,EAAAA,YAAY,GAAoB;AAC9B;AACA,SAAKuD,YAAL,CAAkBwB,KAAlB;AAEA,WAAO,KAAKjF,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACNiF,KADM,CACA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAACzG,IAAF,KAAW,cAAX,IAA6ByG,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAPM,CAAP;AAQD,GAnQ2D,CAqQ5D;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA6C;AAClE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAK7B,YAAL,CAAkB8B,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAK/B,YAAL,CAAkBgC,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAKhC,YAAL,CAAkBiC,MAAlB,CAAyBF,cAAzB;AACD,KALiE,CAMlE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAOK,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKlF,KAAL,CAAWS,MAAX,CAAkBmE,WAAlB,CAAP;AACD,GAjR2D,CAmR5D;;;AACwB,QAAlBO,kBAAkB,CAACC,YAAD,EAA+C;AACrE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKrC,YAAL,CAAkB8B,SAAlB,EAAP,EAAsCO,YAArD;AACA,YAAMC,eAAe,GAAG,KAAKtC,YAAL,CAAkBgC,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAKhC,YAAL,CAAkBiC,MAAlB,CAAyBK,eAAzB;AACD,KALoE,CAMrE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAOH,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKlF,KAAL,CAAWS,MAAX,CAAkB2E,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAAC1I,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACF2I,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIA7I,OAJJ;;AAKA,QAAI,CAAC2I,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKxC,YAAL,CAAkB2C,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAK5I,OAAL,CAAa4I,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GA7T2D,CA+T5D;;;AACa,QAAPE,OAAO,CAACnJ,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAGO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBR,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAIoJ,UAAU,GAAGjH,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAIgH,UAAU,GAAGlH,MAAM,CAACC,QAAP,CAAgBkH,IAAjC;AACA,QAAIV,qBAAqB,GAAG5I,OAAO,CAAC4I,qBAAR,IACvB,KAAK5I,OAAL,CAAa4I,qBADU,IAEvBQ,UAFL;AAIA,QAAIpB,WAAW,GAAGhI,OAAO,CAACgI,WAA1B;AACA,QAAIQ,YAAY,GAAGxI,OAAO,CAACwI,YAA3B;AACA,QAAIT,iBAAiB,GAAG/H,OAAO,CAAC+H,iBAAR,KAA8B,KAAtD;AACA,QAAIQ,kBAAkB,GAAGvI,OAAO,CAACuI,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKrC,YAAL,CAAkB2C,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIT,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAK7B,YAAL,CAAkB2C,aAAlB,GAAkCd,WAAhD;AACD;;AAED,QAAI,CAAChI,OAAO,CAAC2I,OAAb,EAAsB;AACpB3I,MAAAA,OAAO,CAAC2I,OAAR,GAAkB,KAAKxC,YAAL,CAAkB2C,aAAlB,GAAkCH,OAApD;AACD,KAzBqC,CA2BtC;;;AACA,SAAKxC,YAAL,CAAkBwB,KAAlB;;AAEA,QAAIY,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIT,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMiB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAG1I,OAAL;AAAc4I,MAAAA;AAAd,KAA3B,CAAlB,CAtCsC,CAuCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd,aAAO,KAAKrG,YAAL,GAAoB;AAApB,OACNuE,IADM,CACD,YAAW;AACf,YAAIyB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxClH,UAAAA,MAAM,CAACC,QAAP,CAAgBmH,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACLpH,UAAAA,MAAM,CAACC,QAAP,CAAgB5B,MAAhB,CAAuBoI,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KATD,MASO;AACL;AACAzG,MAAAA,MAAM,CAACC,QAAP,CAAgB5B,MAAhB,CAAuByI,SAAvB;AACD;AACF;;AAEDO,EAAAA,SAAS,CAAC1C,IAAD,EAAwB;AAC/B,QAAI9B,GAAG,GAAG,2BAA2B,yBAAc8B,IAAd,CAArC;AACA,QAAI9G,OAAO,GAAG;AACZoH,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAUpC,GAAV,EAAehF,OAAf,CAAP;AACD,GAhY2D,CAkY5D;AACA;AACA;AAEA;AACA;;;AACqB,QAAfyJ,eAAe,GAAqB;AAExC,QAAI;AAAEzB,MAAAA,WAAF;AAAeW,MAAAA;AAAf,QAA2B,KAAKxC,YAAL,CAAkB2C,aAAlB,EAA/B;AACA,UAAM;AAAEY,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAKxD,YAAL,CAAkByD,UAAlB,EAAlC;;AAEA,QAAI5B,WAAW,IAAI,KAAK7B,YAAL,CAAkB0D,UAAlB,CAA6B7B,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAG,IAAd;;AACA,UAAI0B,SAAJ,EAAe;AACb1B,QAAAA,WAAW,GAAG,MAAM,KAAK7B,YAAL,CAAkBpC,KAAlB,CAAwB,aAAxB,CAApB;AACD,OAFD,MAEO,IAAI4F,UAAJ,EAAgB;AACrB,aAAKxD,YAAL,CAAkBiC,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAIO,OAAO,IAAI,KAAKxC,YAAL,CAAkB0D,UAAlB,CAA6BlB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAG,IAAV;;AACA,UAAIe,SAAJ,EAAe;AACbf,QAAAA,OAAO,GAAG,MAAM,KAAKxC,YAAL,CAAkBpC,KAAlB,CAAwB,SAAxB,CAAhB;AACD,OAFD,MAEO,IAAI4F,UAAJ,EAAgB;AACrB,aAAKxD,YAAL,CAAkBiC,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIW,OAAjB,CAAR;AACD;;AAEY,QAAPmB,OAAO,GAAwB;AACnC,UAAM;AAAEnB,MAAAA,OAAF;AAAWX,MAAAA;AAAX,QAA2B,KAAK7B,YAAL,CAAkB2C,aAAlB,EAAjC;AACA,WAAO,KAAK1F,KAAL,CAAWe,WAAX,CAAuB6D,WAAvB,EAAoCW,OAApC,CAAP;AACD;;AAEDoB,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAEpB,MAAAA;AAAF,QAAc,KAAKxC,YAAL,CAAkB2C,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqBqB,SAAnC;AACD;;AAEDC,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEjC,MAAAA;AAAF,QAAkB,KAAK7B,YAAL,CAAkB2C,aAAlB,EAAxB;AACA,WAAOd,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BgC,SAA/C;AACD;;AAEDE,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAE1B,MAAAA;AAAF,QAAmB,KAAKrC,YAAL,CAAkB2C,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+BwB,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBG,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAKhH,KAAL,CAAWM,YAAX,EAAzB;AACA,SAAKyC,YAAL,CAAkBkE,SAAlB,CAA4BD,MAA5B;AACD;;AAED5C,EAAAA,cAAc,CAACF,WAAD,EAA4B;AACxC,UAAMjG,OAAO,GAAGiJ,wBAAeC,iBAAf,EAAhB;;AACAlJ,IAAAA,OAAO,CAACmJ,OAAR,CAAgBC,mCAAhB,EAA2CnD,WAA3C;AACD;;AAEDoD,EAAAA,cAAc,GAAW;AACvB,UAAMrJ,OAAO,GAAGiJ,wBAAeC,iBAAf,EAAhB;;AACA,UAAMjD,WAAW,GAAGjG,OAAO,CAACsJ,OAAR,CAAgBF,mCAAhB,CAApB;AACA,WAAOnD,WAAP;AACD;;AAEDsD,EAAAA,iBAAiB,GAAS;AACxB,UAAMvJ,OAAO,GAAGiJ,wBAAeC,iBAAf,EAAhB;;AACAlJ,IAAAA,OAAO,CAACwJ,UAAR,CAAmBJ,mCAAnB;AACD;;AAEDnG,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnBwG,mBAAmB,CAACV,MAAD,EAAiC;AACxD;AACA,QAAIA,MAAJ,EAAY;AACV,WAAKjE,YAAL,CAAkBkE,SAAlB,CAA4BD,MAA5B;AACD,KAFD,MAEO,IAAI,KAAK9F,eAAL,EAAJ,EAA4B;AACjC,YAAM,KAAK6F,uBAAL,EAAN;AACD,KAFM,MAEA;AACL,aADK,CACG;AACT,KARuD,CAUxD;;;AACA,UAAM,KAAK9D,gBAAL,CAAsBG,eAAtB,EAAN,CAXwD,CAaxD;;AACA,UAAMc,WAAW,GAAG,KAAKoD,cAAL,EAApB;AACA,SAAKE,iBAAL,GAfwD,CAiBxD;;AACA,UAAM;AAAEG,MAAAA;AAAF,QAAyB,KAAK/K,OAApC;;AACA,QAAI+K,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAOzD,WAAP,CAAxB;AACD,KAFD,MAEO;AACLnF,MAAAA,MAAM,CAACC,QAAP,CAAgB4I,OAAhB,CAAwB1D,WAAxB;AACD;AACF;;AAED2D,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAKjL,OAAL,CAAawB,IAAtB;AACD;;AAED0J,EAAAA,eAAe,CAACC,YAAD,EAAgC;AAC7C,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAKrL,OAAL,CAAamL,YAA3B,KAA4C,KAAKnL,OAAL,CAAamL,YAAb,CAA0BG,MAA1E,EAAkF;AAChFJ,MAAAA,eAAe,GAAG,KAAKlL,OAAL,CAAamL,YAAb,CAA0BxG,OAA1B,CAAkCwG,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAKlL,OAAL,CAAamL,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GA5f2D,CA8f5D;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA,WAAO,KAAKxL,OAAL,CAAayL,MAAb,CAAoBC,KAApB,CAA0B,UAA1B,EAAsC,CAAtC,CAAP;AACD,GAtgB2D,CAwgB5D;;;AACAC,EAAAA,cAAc,CAAC7E,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GA3gB2D,CA6gB5D;;;AACA8E,EAAAA,aAAa,CAAC9E,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GAhhB2D,CAkhB5D;;;AACA+E,EAAAA,mBAAmB,CAAC/E,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD;;AArhB2D,C,CAwhB9D;;;AACAjH,QAAQ,CAACiM,QAAT,GAAoBjM,QAAQ,CAACgF,SAAT,CAAmBiH,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACAvL,MAAM,CAACC,MAAP,CAAcX,QAAd,EAAwB;AACtBkM,EAAAA,SADsB;AAEtBpF,EAAAA,0BAA0B,EAA1BA;AAFsB,CAAxB;eAKe9G,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* SDK_VERSION is defined in webpack config */ \n/* global window, SDK_VERSION */\n\nimport { \n  DEFAULT_MAX_CLOCK_SKEW, \n  REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n  OktaAuth as SDKInterface,\n  OktaAuthOptions, \n  AccessToken, \n  IDToken,\n  RefreshToken,\n  TokenAPI, \n  FeaturesAPI, \n  SignoutAPI, \n  FingerprintAPI,\n  UserClaims, \n  SigninWithRedirectOptions,\n  SigninWithCredentialsOptions,\n  SignoutOptions,\n  Tokens,\n  ForgotPasswordOptions,\n  VerifyRecoveryTokenOptions,\n  TransactionAPI,\n  SessionAPI,\n  SigninAPI,\n  PkceAPI,\n  SigninOptions,\n  IdxAPI,\n  SignoutRedirectUrlOptions,\n  HttpAPI,\n} from './types';\nimport {\n  transactionStatus,\n  resumeTransaction,\n  transactionExists,\n  introspect,\n  postToTransaction,\n  AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n  closeSession,\n  sessionExists,\n  getSession,\n  refreshSession,\n  setCookieAndRedirect\n} from './session';\nimport {\n  getOAuthUrls,\n  getWithoutPrompt,\n  getWithPopup,\n  getWithRedirect,\n  isLoginRedirect,\n  parseFromUrl,\n  decodeToken,\n  revokeToken,\n  renewToken,\n  renewTokens,\n  renewTokensWithRefresh,\n  getUserInfo,\n  verifyToken,\n  prepareTokenParams,\n  exchangeCodeForTokens,\n  isInteractionRequiredError,\n  isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport browserStorage from './browser/browserStorage';\nimport { \n  toQueryString, \n  toAbsoluteUrl,\n  clone\n} from './util';\nimport { getUserAgent } from './builderUtil';\nimport { TokenManager } from './TokenManager';\nimport { get, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport StorageManager from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n  interact,\n  introspect as introspectV2,\n  authenticate,\n  cancel,\n  register,\n  recoverPassword,\n  startTransaction,\n  handleInteractionCodeRedirect,\n} from './idx';\nimport { createGlobalRequestInterceptor, setGlobalRequestInterceptor } from './idx/headers';\nimport { OktaUserAgent } from './OktaUserAgent';\n\nconst Emitter = require('tiny-emitter');\n\nclass OktaAuth implements SDKInterface, SigninAPI, SignoutAPI {\n  options: OktaAuthOptions;\n  storageManager: StorageManager;\n  transactionManager: TransactionManager;\n  tx: TransactionAPI;\n  idx: IdxAPI;\n  // keep this field to compatible with released downstream SDK versions\n  // TODO: remove in version 6\n  // JIRA: https://oktainc.atlassian.net/browse/OKTA-419417\n  userAgent: string;\n  session: SessionAPI;\n  pkce: PkceAPI;\n  static features: FeaturesAPI;\n  features: FeaturesAPI;\n  token: TokenAPI;\n  _tokenQueue: PromiseQueue;\n  emitter: typeof Emitter;\n  tokenManager: TokenManager;\n  authStateManager: AuthStateManager;\n  http: HttpAPI;\n  fingerprint: FingerprintAPI;\n  _oktaUserAgent: OktaUserAgent;\n  _pending: { handleLogin: boolean };\n  constructor(args: OktaAuthOptions) {\n    this.options = buildOptions(args);\n    const { storageManager, cookies, storageUtil } = this.options;\n    this.storageManager = new StorageManager(storageManager, cookies, storageUtil);\n    this.transactionManager = new TransactionManager(Object.assign({\n      storageManager: this.storageManager\n    }, args.transactionManager));\n    this._oktaUserAgent = new OktaUserAgent();\n  \n    this.tx = {\n      status: transactionStatus.bind(null, this),\n      resume: resumeTransaction.bind(null, this),\n      exists: Object.assign(transactionExists.bind(null, this), {\n        _get: (name) => {\n          const storage = storageUtil.storage;\n          return storage.get(name);\n        }\n      }),\n      introspect: introspect.bind(null, this)\n    };\n\n    this.pkce = {\n      DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n      generateVerifier: PKCE.generateVerifier,\n      computeChallenge: PKCE.computeChallenge\n    };\n\n    // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n    Object.assign(this.options.storageUtil, {\n      getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n      getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n    });\n\n    this._pending = { handleLogin: false };\n\n    if (isBrowser()) {\n      this.options = Object.assign(this.options, {\n        redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n      });\n      this.userAgent = getUserAgent(args, `okta-auth-js/${SDK_VERSION}`);\n    } else {\n      this.userAgent = getUserAgent(args, `okta-auth-js-server/${SDK_VERSION}`);\n    }\n\n    // Digital clocks will drift over time, so the server\n    // can misalign with the time reported by the browser.\n    // The maxClockSkew allows relaxing the time-based\n    // validation of tokens (in seconds, not milliseconds).\n    // It currently defaults to 300, because 5 min is the\n    // default maximum tolerance allowed by Kerberos.\n    // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n    if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n      this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n    } else {\n      this.options.maxClockSkew = args.maxClockSkew;\n    }\n\n    // As some end user's devices can have their date \n    // and time incorrectly set, allow for the disabling\n    // of the jwt liftetime validation\n    this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n    this.session = {\n      close: closeSession.bind(null, this),\n      exists: sessionExists.bind(null, this),\n      get: getSession.bind(null, this),\n      refresh: refreshSession.bind(null, this),\n      setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n    };\n\n    this._tokenQueue = new PromiseQueue();\n    this.token = {\n      prepareTokenParams: prepareTokenParams.bind(null, this),\n      exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n      getWithoutPrompt: getWithoutPrompt.bind(null, this),\n      getWithPopup: getWithPopup.bind(null, this),\n      getWithRedirect: getWithRedirect.bind(null, this),\n      parseFromUrl: parseFromUrl.bind(null, this),\n      decode: decodeToken,\n      revoke: revokeToken.bind(null, this),\n      renew: renewToken.bind(null, this),\n      renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n      renewTokens: renewTokens.bind(null, this),\n      getUserInfo: getUserInfo.bind(null, this),\n      verify: verifyToken.bind(null, this),\n      isLoginRedirect: isLoginRedirect.bind(null, this)\n    };\n    // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n    const syncMethods = ['decode', 'isLoginRedirect'];\n    Object.keys(this.token).forEach(key => {\n      if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n        return;\n      }\n      var method = this.token[key];\n      this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n    });\n    \n    Object.assign(this.token.getWithRedirect, {\n      // This is exposed so we can set window.location in our tests\n      _setLocation: function(url) {\n        window.location = url;\n      }\n    });\n    Object.assign(this.token.parseFromUrl, {\n      // This is exposed so we can mock getting window.history in our tests\n      _getHistory: function() {\n        return window.history;\n      },\n\n      // This is exposed so we can mock getting window.location in our tests\n      _getLocation: function() {\n        return window.location;\n      },\n\n      // This is exposed so we can mock getting window.document in our tests\n      _getDocument: function() {\n        return window.document;\n      }\n    });\n\n    // IDX\n    this.idx = {\n      interact: interact.bind(null, this),\n      introspect: introspectV2.bind(null, this),\n      authenticate: authenticate.bind(null, this),\n      register: register.bind(null, this),\n      cancel: cancel.bind(null, this),\n      recoverPassword: recoverPassword.bind(null, this),\n      handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n      startTransaction: startTransaction.bind(null, this),\n    };\n    setGlobalRequestInterceptor(createGlobalRequestInterceptor(this)); // to pass custom headers to IDX endpoints\n\n    // HTTP\n    this.http = {\n      setRequestHeader: setRequestHeader.bind(null, this)\n    };\n\n    // Fingerprint API\n    this.fingerprint = fingerprint.bind(null, this);\n\n    this.emitter = new Emitter();\n\n    // TokenManager\n    this.tokenManager = new TokenManager(this, args.tokenManager);\n\n    // AuthStateManager\n    this.authStateManager = new AuthStateManager(this);\n  }\n\n  start() {\n    this.tokenManager.start();\n    if (!this.token.isLoginRedirect()) {\n      this.authStateManager.updateAuthState();\n    }\n  }\n\n  stop() {\n    this.tokenManager.stop();\n  }\n\n  // ES6 module users can use named exports to access all symbols\n  // CommonJS module users (CDN) need all exports on this object\n\n  // Utility methods for interaction code flow\n  isInteractionRequired(): boolean {\n    return isInteractionRequired(this);\n  }\n\n  isInteractionRequiredError(error: Error): boolean {\n    return isInteractionRequiredError(error);\n  }\n\n  async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n    // TODO: support interaction code flow\n    // Authn V1 flow\n    return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n  }\n\n  async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n    opts = clone(opts || {});\n    const _postToTransaction = (options?) => {\n      options = options || {};\n      options.withCredentials = true;\n      delete opts.sendFingerprint;\n      return postToTransaction(this, '/api/v1/authn', opts, options);\n    };\n    if (!opts.sendFingerprint) {\n      return _postToTransaction();\n    }\n    return this.fingerprint()\n    .then(function(fingerprint) {\n      return _postToTransaction({\n        headers: {\n          'X-Device-Fingerprint': fingerprint\n        }\n      });\n    });\n  }\n\n  async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n    const { originalUri, ...additionalParams } = opts;\n    if(this._pending.handleLogin) { \n      // Don't trigger second round\n      return;\n    }\n\n    this._pending.handleLogin = true;\n    try {\n      // Trigger default signIn redirect flow\n      if (originalUri) {\n        this.setOriginalUri(originalUri);\n      }\n      const params = Object.assign({\n        // TODO: remove this line when default scopes are changed OKTA-343294\n        scopes: this.options.scopes || ['openid', 'email', 'profile']\n      }, additionalParams);\n      await this.token.getWithRedirect(params);\n    } finally {\n      this._pending.handleLogin = false;\n    }\n  }\n  \n  // Ends the current Okta SSO session without redirecting to Okta.\n  closeSession(): Promise<object> {\n    // Clear all local tokens\n    this.tokenManager.clear();\n  \n    return this.session.close() // DELETE /api/v1/sessions/me\n    .catch(function(e) {\n      if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n        // Session does not exist or has already been closed\n        return null;\n      }\n      throw e;\n    });\n  }\n  \n  // Revokes the access token for the application session\n  async revokeAccessToken(accessToken?: AccessToken): Promise<object> {\n    if (!accessToken) {\n      accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n      const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n      this.tokenManager.remove(accessTokenKey);\n    }\n    // Access token may have been removed. In this case, we will silently succeed.\n    if (!accessToken) {\n      return Promise.resolve(null);\n    }\n    return this.token.revoke(accessToken);\n  }\n\n  // Revokes the refresh token for the application session\n  async revokeRefreshToken(refreshToken?: RefreshToken): Promise<object> {\n    if (!refreshToken) {\n      refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n      const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n      this.tokenManager.remove(refreshTokenKey);\n    }\n    // Refresh token may have been removed. In this case, we will silently succeed.\n    if (!refreshToken) {\n      return Promise.resolve(null);\n    }\n    return this.token.revoke(refreshToken);\n  }\n\n  getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n    let {\n      idToken,\n      postLogoutRedirectUri,\n      state,\n    } = options;\n    if (!idToken) {\n      idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n    }\n    if (!idToken) {\n      return '';\n    }\n    if (!postLogoutRedirectUri) {\n      postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n    }\n\n    const logoutUrl = getOAuthUrls(this).logoutUrl;\n    const idTokenHint = idToken.idToken; // a string\n    let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n    if (postLogoutRedirectUri) {\n      logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n    } \n    // State allows option parameters to be passed to logout redirect uri\n    if (state) {\n      logoutUri += '&state=' + encodeURIComponent(state);\n    }\n\n    return logoutUri;\n  }\n\n  // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n  async signOut(options?: SignoutOptions) {\n    options = Object.assign({}, options);\n  \n    // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n    var defaultUri = window.location.origin;\n    var currentUri = window.location.href;\n    var postLogoutRedirectUri = options.postLogoutRedirectUri\n      || this.options.postLogoutRedirectUri\n      || defaultUri;\n  \n    var accessToken = options.accessToken;\n    var refreshToken = options.refreshToken;\n    var revokeAccessToken = options.revokeAccessToken !== false;\n    var revokeRefreshToken = options.revokeRefreshToken !== false;\n  \n    if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n      refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n    }\n\n    if (revokeAccessToken && typeof accessToken === 'undefined') {\n      accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n    }\n  \n    if (!options.idToken) {\n      options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n    }\n\n    // Clear all local tokens\n    this.tokenManager.clear();\n\n    if (revokeRefreshToken && refreshToken) {\n      await this.revokeRefreshToken(refreshToken);\n    }\n\n    if (revokeAccessToken && accessToken) {\n      await this.revokeAccessToken(accessToken);\n    }\n\n    const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n    // No logoutUri? This can happen if the storage was cleared.\n    // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n    if (!logoutUri) {\n      return this.closeSession() // can throw if the user cannot be signed out\n      .then(function() {\n        if (postLogoutRedirectUri === currentUri) {\n          window.location.reload(); // force a hard reload if URI is not changing\n        } else {\n          window.location.assign(postLogoutRedirectUri);\n        }\n      });\n    } else {\n      // Flow ends with logout redirect\n      window.location.assign(logoutUri);\n    }\n  }\n\n  webfinger(opts): Promise<object> {\n    var url = '/.well-known/webfinger' + toQueryString(opts);\n    var options = {\n      headers: {\n        'Accept': 'application/jrd+json'\n      }\n    };\n    return get(this, url, options);\n  }\n\n  //\n  // Common Methods from downstream SDKs\n  //\n\n  // Returns true if both accessToken and idToken are not expired\n  // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n  async isAuthenticated(): Promise<boolean> {\n\n    let { accessToken, idToken } = this.tokenManager.getTokensSync();\n    const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n    if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n      accessToken = null;\n      if (autoRenew) {\n        accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n      } else if (autoRemove) {\n        this.tokenManager.remove('accessToken');\n      }\n    }\n\n    if (idToken && this.tokenManager.hasExpired(idToken)) {\n      idToken = null;\n      if (autoRenew) {\n        idToken = await this.tokenManager.renew('idToken') as IDToken;\n      } else if (autoRemove) {\n        this.tokenManager.remove('idToken');\n      }\n    }\n\n    return !!(accessToken && idToken);\n  }\n\n  async getUser(): Promise<UserClaims> {\n    const { idToken, accessToken } = this.tokenManager.getTokensSync();\n    return this.token.getUserInfo(accessToken, idToken);\n  }\n\n  getIdToken(): string | undefined {\n    const { idToken } = this.tokenManager.getTokensSync();\n    return idToken ? idToken.idToken : undefined;\n  }\n\n  getAccessToken(): string | undefined {\n    const { accessToken } = this.tokenManager.getTokensSync();\n    return accessToken ? accessToken.accessToken : undefined;\n  }\n\n  getRefreshToken(): string | undefined {\n    const { refreshToken } = this.tokenManager.getTokensSync();\n    return refreshToken ? refreshToken.refreshToken : undefined;\n  }\n\n  /**\n   * Store parsed tokens from redirect url\n   */\n  async storeTokensFromRedirect(): Promise<void> {\n    const { tokens } = await this.token.parseFromUrl();\n    this.tokenManager.setTokens(tokens);\n  }\n\n  setOriginalUri(originalUri: string): void {\n    const storage = browserStorage.getSessionStorage();\n    storage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n  }\n\n  getOriginalUri(): string {\n    const storage = browserStorage.getSessionStorage();\n    const originalUri = storage.getItem(REFERRER_PATH_STORAGE_KEY);\n    return originalUri;\n  }\n\n  removeOriginalUri(): void {\n    const storage = browserStorage.getSessionStorage();\n    storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n  }\n\n  isLoginRedirect(): boolean {\n    return isLoginRedirect(this);\n  }\n\n  async handleLoginRedirect(tokens?: Tokens): Promise<void> {\n    // Store tokens and update AuthState by the emitted events\n    if (tokens) {\n      this.tokenManager.setTokens(tokens);\n    } else if (this.isLoginRedirect()) {\n      await this.storeTokensFromRedirect();\n    } else {\n      return; // nothing to do\n    }\n    \n    // ensure auth state has been updated\n    await this.authStateManager.updateAuthState();\n\n    // Get and clear originalUri from storage\n    const originalUri = this.getOriginalUri();\n    this.removeOriginalUri();\n\n    // Redirect to originalUri\n    const { restoreOriginalUri } = this.options;\n    if (restoreOriginalUri) {\n      await restoreOriginalUri(this, originalUri);\n    } else {\n      window.location.replace(originalUri);\n    }\n  }\n\n  isPKCE(): boolean {\n    return !!this.options.pkce;\n  }\n\n  hasResponseType(responseType: string): boolean {\n    let hasResponseType = false;\n    if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n      hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n    } else {\n      hasResponseType = this.options.responseType === responseType;\n    }\n    return hasResponseType;\n  }\n\n  isAuthorizationCodeFlow(): boolean {\n    return this.hasResponseType('code');\n  }\n\n  // { username, password, (relayState), (context) }\n  // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n  //   return postToTransaction(this, '/api/v1/authn', opts);\n  // }\n\n  getIssuerOrigin(): string {\n    // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n    return this.options.issuer.split('/oauth2/')[0];\n  }\n\n  // { username, (relayState) }\n  forgotPassword(opts): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n  }\n\n  // { username, (relayState) }\n  unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n  }\n\n  // { recoveryToken }\n  verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n  }\n}\n\n// Hoist feature detection functions to static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist values and utility functions for CommonJS users\nObject.assign(OktaAuth, {\n  constants,\n  isInteractionRequiredError\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
+{"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["Emitter","require","OktaAuth","constructor","args","options","storageManager","StorageManager","cookies","storageUtil","transactionManager","TransactionManager","Object","assign","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","userAgent","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","getWithRedirect","parseFromUrl","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","verify","verifyToken","isLoginRedirect","syncMethods","keys","forEach","key","indexOf","method","prototype","push","_setLocation","url","_getHistory","history","_getLocation","_getDocument","document","idx","interact","introspectV2","authenticate","register","proceed","cancel","recoverPassword","handleInteractionCodeRedirect","startTransaction","setFlow","flow","getFlow","canProceed","http","setRequestHeader","fingerprint","emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","start","updateAuthState","stop","setHeaders","headers","isInteractionRequired","hashOrSearch","isInteractionRequiredError","error","isEmailVerifyCallback","urlPath","parseEmailVerifyCallback","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","Promise","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","hasExpired","getUser","getIdToken","undefined","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","sessionStorage","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","sharedStorage","getOriginalUriStorage","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","oAuthResponse","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","unlockAccount","verifyRecoveryToken","features","constants"],"mappings":";;;;;;AAgBA;;AAgCA;;AAQA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AAQA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAYA;;AACA;;AACA;;;;;;AArHA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAyGA,MAAMA,OAAO,GAAGC,OAAO,CAAC,cAAD,CAAvB;;AAEA,MAAMC,QAAN,CAA8D;AAM5D;AACA;AACA;AAeAC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AACjC,UAAMC,OAAO,GAAG,KAAKA,OAAL,GAAe,2BAAaD,IAAb,CAA/B;AACA,SAAKE,cAAL,GAAsB,IAAIC,uBAAJ,CAAmBF,OAAO,CAACC,cAA3B,EAA2CD,OAAO,CAACG,OAAnD,EAA4DH,OAAO,CAACI,WAApE,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuBC,MAAM,CAACC,MAAP,CAAc;AAC7DP,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CD,OAAO,CAACK,kBAFsC,CAAvB,CAA1B;AAGA,SAAKI,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAEV,MAAM,CAACC,MAAP,CAAcU,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd,gBAAMC,OAAO,GAAGrB,OAAO,CAACI,WAAR,CAAoBiB,OAApC;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AAJuD,OAAlD,CAHA;AASRG,MAAAA,UAAU,EAAEA,eAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB;AATJ,KAAV;AAYA,SAAKU,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CApBiC,CA0BjC;;AACArB,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAL,CAAaI,WAA3B,EAAwC;AACtCyB,MAAAA,cAAc,EAAE,KAAK5B,cAAL,CAAoB6B,oBAApB,CAAyChB,IAAzC,CAA8C,KAAKb,cAAnD,CADsB;AAEtC8B,MAAAA,YAAY,EAAE,KAAK9B,cAAL,CAAoB8B,YAApB,CAAiCjB,IAAjC,CAAsC,KAAKb,cAA3C;AAFwB,KAAxC;AAKA,SAAK+B,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKjC,OAAL,GAAeO,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAnB,EAA4B;AACzCkC,QAAAA,WAAW,EAAE,yBAAcnC,IAAI,CAACmC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGA,WAAKC,SAAL,GAAiB,+BAAavC,IAAb,EAAoB,gBAAD,OAA4B,EAA/C,CAAjB;AACD,KALD,MAKO;AACL,WAAKuC,SAAL,GAAiB,+BAAavC,IAAb,EAAoB,uBAAD,OAAmC,EAAtD,CAAjB;AACD,KAzCgC,CA2CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACA,IAAI,CAACwC,YAAN,IAAsBxC,IAAI,CAACwC,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAKvC,OAAL,CAAauC,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAKxC,OAAL,CAAauC,YAAb,GAA4BxC,IAAI,CAACwC,YAAjC;AACD,KAtDgC,CAwDjC;AACA;AACA;;;AACA,SAAKvC,OAAL,CAAayC,cAAb,GAA8B,CAAC,CAAC1C,IAAI,CAAC0C,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAa9B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAE4B,uBAAc/B,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAEwB,oBAAWhC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbiC,MAAAA,OAAO,EAAEC,wBAAelC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbmC,MAAAA,oBAAoB,EAAEA,8BAAqBnC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKoC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;AACA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmBvC,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEXwC,MAAAA,qBAAqB,EAAEA,4BAAsBxC,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGXyC,MAAAA,gBAAgB,EAAEA,uBAAiBzC,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX0C,MAAAA,YAAY,EAAEA,mBAAa1C,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKX2C,MAAAA,eAAe,EAAEA,sBAAgB3C,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CALN;AAMX4C,MAAAA,YAAY,EAAEA,mBAAa5C,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CANH;AAOX6C,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAYhD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXiD,MAAAA,KAAK,EAAEC,iBAAWlD,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXmD,MAAAA,sBAAsB,EAAEA,6BAAuBnD,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXoD,MAAAA,WAAW,EAAEA,kBAAYpD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXqD,MAAAA,WAAW,EAAEA,kBAAYrD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaXsD,MAAAA,MAAM,EAAEC,kBAAYvD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXwD,MAAAA,eAAe,EAAEA,sBAAgBxD,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAtEiC,CAsFjC;;AACA,UAAMyD,WAAW,GAAG,CAAC,QAAD,EAAW,iBAAX,CAApB;AACAhE,IAAAA,MAAM,CAACiE,IAAP,CAAY,KAAKpB,KAAjB,EAAwBqB,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAIH,WAAW,CAACI,OAAZ,CAAoBD,GAApB,KAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAIE,MAAM,GAAG,KAAKxB,KAAL,CAAWsB,GAAX,CAAb;AACA,WAAKtB,KAAL,CAAWsB,GAAX,IAAkBvB,sBAAa0B,SAAb,CAAuBC,IAAvB,CAA4BhE,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmD0B,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND;AAQArE,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK4C,KAAL,CAAWK,eAAzB,EAA0C;AACxC;AACAsB,MAAAA,YAAY,EAAE,UAASC,GAAT,EAAc;AAC1B7C,QAAAA,MAAM,CAACC,QAAP,GAAkB4C,GAAlB;AACD;AAJuC,KAA1C;AAMAzE,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK4C,KAAL,CAAWM,YAAzB,EAAuC;AACrC;AACAuB,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO9C,MAAM,CAAC+C,OAAd;AACD,OAJoC;AAMrC;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAOhD,MAAM,CAACC,QAAd;AACD,OAToC;AAWrC;AACAgD,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAOjD,MAAM,CAACkD,QAAd;AACD;AAdoC,KAAvC,EAtGiC,CAuHjC;;AACA,SAAKC,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAASzE,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEiE,gBAAa1E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAFH;AAGT2E,MAAAA,YAAY,EAAEA,kBAAa3E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAIT4E,MAAAA,QAAQ,EAAEA,cAAS5E,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKT6E,MAAAA,OAAO,EAAEA,aAAQ7E,IAAR,CAAa,IAAb,EAAmB,IAAnB,CALA;AAMT8E,MAAAA,MAAM,EAAEA,YAAO9E,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CANC;AAOT+E,MAAAA,eAAe,EAAEA,qBAAgB/E,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAPR;AAQTgF,MAAAA,6BAA6B,EAAEA,mCAA8BhF,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CARtB;AASTiF,MAAAA,gBAAgB,EAAEA,sBAAiBjF,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CATT;AAUTkF,MAAAA,OAAO,EAAGC,IAAD,IAA0B;AACjC,aAAKjG,OAAL,CAAaiG,IAAb,GAAoBA,IAApB;AACD,OAZQ;AAaTC,MAAAA,OAAO,EAAE,MAAsB;AAC7B,eAAO,KAAKlG,OAAL,CAAaiG,IAApB;AACD,OAfQ;AAgBTE,MAAAA,UAAU,EAAEA,gBAAWrF,IAAX,CAAgB,IAAhB,EAAsB,IAAtB;AAhBH,KAAX;AAkBA,8CAA4B,6CAA+B,IAA/B,CAA5B,EA1IiC,CA0IkC;AAEnE;;AACA,SAAKsF,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiBvF,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CA7IiC,CAiJjC;;AACA,SAAKwF,WAAL,GAAmBA,qBAAYxF,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAKyF,OAAL,GAAe,IAAI5G,OAAJ,EAAf,CApJiC,CAsJjC;;AACA,SAAK6G,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuB1G,IAAI,CAACyG,YAA5B,CAApB,CAvJiC,CAyJjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB;AACD;;AAEDC,EAAAA,KAAK,GAAG;AACN,SAAKJ,YAAL,CAAkBI,KAAlB;;AACA,QAAI,CAAC,KAAKxD,KAAL,CAAWkB,eAAX,EAAL,EAAmC;AACjC,WAAKoC,gBAAL,CAAsBG,eAAtB;AACD;AACF;;AAEDC,EAAAA,IAAI,GAAG;AACL,SAAKN,YAAL,CAAkBM,IAAlB;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAKhH,OAAL,CAAagH,OAAb,GAAuBzG,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,KAAKR,OAAL,CAAagH,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GAjM2D,CAmM5D;AACA;AAEA;;;AACAC,EAAAA,qBAAqB,CAACC,YAAD,EAAiC;AACpD,WAAO,iCAAsB,IAAtB,EAA4BA,YAA5B,CAAP;AACD;;AAEDC,EAAAA,0BAA0B,CAACC,KAAD,EAAwB;AAChD,WAAO,sCAA2BA,KAA3B,CAAP;AACD,GA7M2D,CA+M5D;;;AACAC,EAAAA,qBAAqB,CAACC,OAAD,EAA2B;AAC9C,WAAO,iCAAsBA,OAAtB,CAAP;AACD;;AAEDC,EAAAA,wBAAwB,CAACD,OAAD,EAA+C;AACrE,WAAO,oCAAyBA,OAAzB,CAAP;AACD;;AAEW,QAANE,MAAM,CAACC,IAAD,EAAgD;AAC1D;AACA;AACA,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD;;AAE0B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAI3H,OAAD,IAAc;AACvC,aAAOyH,IAAI,CAACG,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCH,IAAzC,EAA+CzH,OAA/C,CAAP;AACD,KAHD;;AAIA,QAAI,CAACyH,IAAI,CAACG,eAAV,EAA2B;AACzB,aAAOD,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKrB,WAAL,GACNuB,IADM,CACD,UAASvB,WAAT,EAAsB;AAC1B,aAAOqB,kBAAkB,CAAC;AACxBX,QAAAA,OAAO,EAAE;AACP,kCAAwBV;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBwB,kBAAkB,CAACL,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEM,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCP,IAA7C;;AACA,QAAG,KAAKzF,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAI8F,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAG3H,MAAM,CAACC,MAAP,CAAc;AAC3B;AACA2H,QAAAA,MAAM,EAAE,KAAKnI,OAAL,CAAamI,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAK5E,KAAL,CAAWK,eAAX,CAA2ByE,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAKlG,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GAtQ2D,CAwQ5D;;;AACAW,EAAAA,YAAY,GAAoB;AAC9B;AACA,SAAK4D,YAAL,CAAkB4B,KAAlB;AAEA,WAAO,KAAK1F,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACN0F,KADM,CACA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAAClH,IAAF,KAAW,cAAX,IAA6BkH,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAPM,CAAP;AAQD,GArR2D,CAuR5D;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA6C;AAClE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAKjC,YAAL,CAAkBkC,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAKnC,YAAL,CAAkBoC,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAKpC,YAAL,CAAkBqC,MAAlB,CAAyBF,cAAzB;AACD,KALiE,CAMlE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAOK,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAK3F,KAAL,CAAWS,MAAX,CAAkB4E,WAAlB,CAAP;AACD,GAnS2D,CAqS5D;;;AACwB,QAAlBO,kBAAkB,CAACC,YAAD,EAA+C;AACrE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKzC,YAAL,CAAkBkC,SAAlB,EAAP,EAAsCO,YAArD;AACA,YAAMC,eAAe,GAAG,KAAK1C,YAAL,CAAkBoC,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAKpC,YAAL,CAAkBqC,MAAlB,CAAyBK,eAAzB;AACD,KALoE,CAMrE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAOH,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAK3F,KAAL,CAAWS,MAAX,CAAkBoF,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAACnJ,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACFoJ,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAtJ,OAJJ;;AAKA,QAAI,CAACoJ,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAK5C,YAAL,CAAkB+C,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKrJ,OAAL,CAAaqJ,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GA/U2D,CAiV5D;;;AACa,QAAPE,OAAO,CAAC5J,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAGO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBR,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAI6J,UAAU,GAAG1H,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAIyH,UAAU,GAAG3H,MAAM,CAACC,QAAP,CAAgB2H,IAAjC;AACA,QAAIV,qBAAqB,GAAGrJ,OAAO,CAACqJ,qBAAR,IACvB,KAAKrJ,OAAL,CAAaqJ,qBADU,IAEvBQ,UAFL;AAIA,QAAIpB,WAAW,GAAGzI,OAAO,CAACyI,WAA1B;AACA,QAAIQ,YAAY,GAAGjJ,OAAO,CAACiJ,YAA3B;AACA,QAAIT,iBAAiB,GAAGxI,OAAO,CAACwI,iBAAR,KAA8B,KAAtD;AACA,QAAIQ,kBAAkB,GAAGhJ,OAAO,CAACgJ,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKzC,YAAL,CAAkB+C,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIT,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAKjC,YAAL,CAAkB+C,aAAlB,GAAkCd,WAAhD;AACD;;AAED,QAAI,CAACzI,OAAO,CAACoJ,OAAb,EAAsB;AACpBpJ,MAAAA,OAAO,CAACoJ,OAAR,GAAkB,KAAK5C,YAAL,CAAkB+C,aAAlB,GAAkCH,OAApD;AACD,KAzBqC,CA2BtC;;;AACA,SAAK5C,YAAL,CAAkB4B,KAAlB;;AAEA,QAAIY,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIT,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMiB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAGnJ,OAAL;AAAcqJ,MAAAA;AAAd,KAA3B,CAAlB,CAtCsC,CAuCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd,aAAO,KAAK9G,YAAL,GAAoB;AAApB,OACNiF,IADM,CACD,YAAW;AACf,YAAIwB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxC3H,UAAAA,MAAM,CAACC,QAAP,CAAgB4H,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACL7H,UAAAA,MAAM,CAACC,QAAP,CAAgB5B,MAAhB,CAAuB6I,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KATD,MASO;AACL;AACAlH,MAAAA,MAAM,CAACC,QAAP,CAAgB5B,MAAhB,CAAuBkJ,SAAvB;AACD;AACF;;AAEDO,EAAAA,SAAS,CAACxC,IAAD,EAAwB;AAC/B,QAAIzC,GAAG,GAAG,2BAA2B,yBAAcyC,IAAd,CAArC;AACA,QAAIzH,OAAO,GAAG;AACZgH,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAUhC,GAAV,EAAehF,OAAf,CAAP;AACD,GAlZ2D,CAoZ5D;AACA;AACA;AAEA;AACA;;;AACqB,QAAfkK,eAAe,GAAqB;AAExC,QAAI;AAAEzB,MAAAA,WAAF;AAAeW,MAAAA;AAAf,QAA2B,KAAK5C,YAAL,CAAkB+C,aAAlB,EAA/B;AACA,UAAM;AAAEY,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAK5D,YAAL,CAAkB6D,UAAlB,EAAlC;;AAEA,QAAI5B,WAAW,IAAI,KAAKjC,YAAL,CAAkB8D,UAAlB,CAA6B7B,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAG,IAAd;;AACA,UAAI0B,SAAJ,EAAe;AACb1B,QAAAA,WAAW,GAAG,MAAM,KAAKjC,YAAL,CAAkBzC,KAAlB,CAAwB,aAAxB,CAApB;AACD,OAFD,MAEO,IAAIqG,UAAJ,EAAgB;AACrB,aAAK5D,YAAL,CAAkBqC,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAIO,OAAO,IAAI,KAAK5C,YAAL,CAAkB8D,UAAlB,CAA6BlB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAG,IAAV;;AACA,UAAIe,SAAJ,EAAe;AACbf,QAAAA,OAAO,GAAG,MAAM,KAAK5C,YAAL,CAAkBzC,KAAlB,CAAwB,SAAxB,CAAhB;AACD,OAFD,MAEO,IAAIqG,UAAJ,EAAgB;AACrB,aAAK5D,YAAL,CAAkBqC,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIW,OAAjB,CAAR;AACD;;AAEY,QAAPmB,OAAO,GAAwB;AACnC,UAAM;AAAEnB,MAAAA,OAAF;AAAWX,MAAAA;AAAX,QAA2B,KAAKjC,YAAL,CAAkB+C,aAAlB,EAAjC;AACA,WAAO,KAAKnG,KAAL,CAAWe,WAAX,CAAuBsE,WAAvB,EAAoCW,OAApC,CAAP;AACD;;AAEDoB,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAEpB,MAAAA;AAAF,QAAc,KAAK5C,YAAL,CAAkB+C,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqBqB,SAAnC;AACD;;AAEDC,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEjC,MAAAA;AAAF,QAAkB,KAAKjC,YAAL,CAAkB+C,aAAlB,EAAxB;AACA,WAAOd,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BgC,SAA/C;AACD;;AAEDE,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAE1B,MAAAA;AAAF,QAAmB,KAAKzC,YAAL,CAAkB+C,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+BwB,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBG,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAKzH,KAAL,CAAWM,YAAX,EAAzB;AACA,SAAK8C,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACD;;AAED5C,EAAAA,cAAc,CAACF,WAAD,EAAsBuB,KAAtB,EAA4C;AACxD;AACA,UAAMyB,cAAc,GAAGC,wBAAeC,iBAAf,EAAvB;;AACAF,IAAAA,cAAc,CAACG,OAAf,CAAuBC,mCAAvB,EAAkDpD,WAAlD,EAHwD,CAKxD;;AACAuB,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKtJ,OAAL,CAAasJ,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAM8B,aAAa,GAAG,KAAKnL,cAAL,CAAoBoL,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACF,OAAd,CAAsB5B,KAAtB,EAA6BvB,WAA7B;AACD;AACF;;AAEDuD,EAAAA,cAAc,CAAChC,KAAD,EAAyB;AACrC;AACAA,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKtJ,OAAL,CAAasJ,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAM8B,aAAa,GAAG,KAAKnL,cAAL,CAAoBoL,qBAApB,EAAtB;AACA,YAAMtD,WAAW,GAAGqD,aAAa,CAACG,OAAd,CAAsBjC,KAAtB,CAApB;;AACA,UAAIvB,WAAJ,EAAiB;AACf,eAAOA,WAAP;AACD;AACF,KAToC,CAWrC;;;AACA,UAAM1G,OAAO,GAAG2J,wBAAeC,iBAAf,EAAhB;;AACA,WAAO5J,OAAO,GAAGA,OAAO,CAACkK,OAAR,CAAgBJ,mCAAhB,CAAH,GAAgDV,SAA9D;AACD;;AAEDe,EAAAA,iBAAiB,CAAClC,KAAD,EAAuB;AACtC;AACA,UAAMjI,OAAO,GAAG2J,wBAAeC,iBAAf,EAAhB;;AACA5J,IAAAA,OAAO,CAACoK,UAAR,CAAmBN,mCAAnB,EAHsC,CAKtC;;AACA7B,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKtJ,OAAL,CAAasJ,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAM8B,aAAa,GAAG,KAAKnL,cAAL,CAAoBoL,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACK,UAAd,CAAyBnC,KAAzB;AACD;AACF;;AAEDhF,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnBoH,mBAAmB,CAACb,MAAD,EAAkB9C,WAAlB,EAAuD;AAC9E,QAAIuB,KAAK,GAAG,KAAKtJ,OAAL,CAAasJ,KAAzB,CAD8E,CAG9E;;AACA,QAAIuB,MAAJ,EAAY;AACV,WAAKrE,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACA9C,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAKuD,cAAL,CAAoB,KAAKtL,OAAL,CAAasJ,KAAjC,CAA7B;AACD,KAHD,MAGO,IAAI,KAAKhF,eAAL,EAAJ,EAA4B;AACjC;AACA,YAAMqH,aAAa,GAAG,MAAM,6CAA0B,IAA1B,EAAgC,EAAhC,CAA5B;AACArC,MAAAA,KAAK,GAAGqC,aAAa,CAACrC,KAAtB;AACAvB,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAKuD,cAAL,CAAoBhC,KAApB,CAA7B;AACA,YAAM,KAAKsB,uBAAL,EAAN;AACD,KANM,MAMA;AACL,aADK,CACG;AACT,KAf6E,CAiB9E;;;AACA,UAAM,KAAKlE,gBAAL,CAAsBG,eAAtB,EAAN,CAlB8E,CAoB9E;;AACA,SAAK2E,iBAAL,CAAuBlC,KAAvB,EArB8E,CAuB9E;;AACA,UAAM;AAAEsC,MAAAA;AAAF,QAAyB,KAAK5L,OAApC;;AACA,QAAI4L,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAO7D,WAAP,CAAxB;AACD,KAFD,MAEO;AACL5F,MAAAA,MAAM,CAACC,QAAP,CAAgByJ,OAAhB,CAAwB9D,WAAxB;AACD;AACF;;AAED+D,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAK9L,OAAL,CAAawB,IAAtB;AACD;;AAEDuK,EAAAA,eAAe,CAACC,YAAD,EAAgC;AAC7C,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAKlM,OAAL,CAAagM,YAA3B,KAA4C,KAAKhM,OAAL,CAAagM,YAAb,CAA0BG,MAA1E,EAAkF;AAChFJ,MAAAA,eAAe,GAAG,KAAK/L,OAAL,CAAagM,YAAb,CAA0BrH,OAA1B,CAAkCqH,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAK/L,OAAL,CAAagM,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GA9iB2D,CAgjB5D;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA,WAAO,KAAKrM,OAAL,CAAasM,MAAb,CAAoBC,KAApB,CAA0B,UAA1B,EAAsC,CAAtC,CAAP;AACD,GAxjB2D,CA0jB5D;;;AACAC,EAAAA,cAAc,CAAC/E,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GA7jB2D,CA+jB5D;;;AACAgF,EAAAA,aAAa,CAAChF,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GAlkB2D,CAokB5D;;;AACAiF,EAAAA,mBAAmB,CAACjF,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD;;AAvkB2D,C,CA0kB9D;;;AACA5H,QAAQ,CAAC8M,QAAT,GAAoB9M,QAAQ,CAACgF,SAAT,CAAmB8H,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACApM,MAAM,CAACC,MAAP,CAAcX,QAAd,EAAwB;AACtB+M,EAAAA,SADsB;AAEtBzF,EAAAA,0BAA0B,EAA1BA;AAFsB,CAAxB;eAKetH,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* SDK_VERSION is defined in webpack config */ \n/* global window, SDK_VERSION */\n\nimport { \n  DEFAULT_MAX_CLOCK_SKEW, \n  REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n  OktaAuth as SDKInterface,\n  OktaAuthOptions, \n  AccessToken, \n  IDToken,\n  RefreshToken,\n  TokenAPI, \n  FeaturesAPI, \n  SignoutAPI, \n  FingerprintAPI,\n  UserClaims, \n  SigninWithRedirectOptions,\n  SigninWithCredentialsOptions,\n  SignoutOptions,\n  Tokens,\n  ForgotPasswordOptions,\n  VerifyRecoveryTokenOptions,\n  TransactionAPI,\n  SessionAPI,\n  SigninAPI,\n  PkceAPI,\n  SigninOptions,\n  IdxAPI,\n  SignoutRedirectUrlOptions,\n  HttpAPI,\n  FlowIdentifier,\n} from './types';\nimport {\n  transactionStatus,\n  resumeTransaction,\n  transactionExists,\n  introspect,\n  postToTransaction,\n  AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n  closeSession,\n  sessionExists,\n  getSession,\n  refreshSession,\n  setCookieAndRedirect\n} from './session';\nimport {\n  getOAuthUrls,\n  getWithoutPrompt,\n  getWithPopup,\n  getWithRedirect,\n  isLoginRedirect,\n  parseFromUrl,\n  decodeToken,\n  revokeToken,\n  renewToken,\n  renewTokens,\n  renewTokensWithRefresh,\n  getUserInfo,\n  verifyToken,\n  prepareTokenParams,\n  exchangeCodeForTokens,\n  isInteractionRequiredError,\n  isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport browserStorage from './browser/browserStorage';\nimport { \n  toQueryString, \n  toAbsoluteUrl,\n  clone,\n  isEmailVerifyCallback,\n  EmailVerifyCallbackResponse,\n  parseEmailVerifyCallback\n} from './util';\nimport { getUserAgent } from './builderUtil';\nimport { TokenManager } from './TokenManager';\nimport { get, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport StorageManager from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n  interact,\n  introspect as introspectV2,\n  authenticate,\n  cancel,\n  proceed,\n  register,\n  recoverPassword,\n  startTransaction,\n  handleInteractionCodeRedirect,\n  canProceed,\n} from './idx';\nimport { createGlobalRequestInterceptor, setGlobalRequestInterceptor } from './idx/headers';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\n\nconst Emitter = require('tiny-emitter');\n\nclass OktaAuth implements SDKInterface, SigninAPI, SignoutAPI {\n  options: OktaAuthOptions;\n  storageManager: StorageManager;\n  transactionManager: TransactionManager;\n  tx: TransactionAPI;\n  idx: IdxAPI;\n  // keep this field to compatible with released downstream SDK versions\n  // TODO: remove in version 6\n  // JIRA: https://oktainc.atlassian.net/browse/OKTA-419417\n  userAgent: string;\n  session: SessionAPI;\n  pkce: PkceAPI;\n  static features: FeaturesAPI;\n  features: FeaturesAPI;\n  token: TokenAPI;\n  _tokenQueue: PromiseQueue;\n  emitter: typeof Emitter;\n  tokenManager: TokenManager;\n  authStateManager: AuthStateManager;\n  http: HttpAPI;\n  fingerprint: FingerprintAPI;\n  _oktaUserAgent: OktaUserAgent;\n  _pending: { handleLogin: boolean };\n  constructor(args: OktaAuthOptions) {\n    const options = this.options = buildOptions(args);\n    this.storageManager = new StorageManager(options.storageManager, options.cookies, options.storageUtil);\n    this.transactionManager = new TransactionManager(Object.assign({\n      storageManager: this.storageManager,\n    }, options.transactionManager));\n    this._oktaUserAgent = new OktaUserAgent();\n  \n    this.tx = {\n      status: transactionStatus.bind(null, this),\n      resume: resumeTransaction.bind(null, this),\n      exists: Object.assign(transactionExists.bind(null, this), {\n        _get: (name) => {\n          const storage = options.storageUtil.storage;\n          return storage.get(name);\n        }\n      }),\n      introspect: introspect.bind(null, this)\n    };\n\n    this.pkce = {\n      DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n      generateVerifier: PKCE.generateVerifier,\n      computeChallenge: PKCE.computeChallenge\n    };\n\n    // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n    Object.assign(this.options.storageUtil, {\n      getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n      getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n    });\n\n    this._pending = { handleLogin: false };\n\n    if (isBrowser()) {\n      this.options = Object.assign(this.options, {\n        redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n      });\n      this.userAgent = getUserAgent(args, `okta-auth-js/${SDK_VERSION}`);\n    } else {\n      this.userAgent = getUserAgent(args, `okta-auth-js-server/${SDK_VERSION}`);\n    }\n\n    // Digital clocks will drift over time, so the server\n    // can misalign with the time reported by the browser.\n    // The maxClockSkew allows relaxing the time-based\n    // validation of tokens (in seconds, not milliseconds).\n    // It currently defaults to 300, because 5 min is the\n    // default maximum tolerance allowed by Kerberos.\n    // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n    if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n      this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n    } else {\n      this.options.maxClockSkew = args.maxClockSkew;\n    }\n\n    // As some end user's devices can have their date \n    // and time incorrectly set, allow for the disabling\n    // of the jwt liftetime validation\n    this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n    this.session = {\n      close: closeSession.bind(null, this),\n      exists: sessionExists.bind(null, this),\n      get: getSession.bind(null, this),\n      refresh: refreshSession.bind(null, this),\n      setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n    };\n\n    this._tokenQueue = new PromiseQueue();\n    this.token = {\n      prepareTokenParams: prepareTokenParams.bind(null, this),\n      exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n      getWithoutPrompt: getWithoutPrompt.bind(null, this),\n      getWithPopup: getWithPopup.bind(null, this),\n      getWithRedirect: getWithRedirect.bind(null, this),\n      parseFromUrl: parseFromUrl.bind(null, this),\n      decode: decodeToken,\n      revoke: revokeToken.bind(null, this),\n      renew: renewToken.bind(null, this),\n      renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n      renewTokens: renewTokens.bind(null, this),\n      getUserInfo: getUserInfo.bind(null, this),\n      verify: verifyToken.bind(null, this),\n      isLoginRedirect: isLoginRedirect.bind(null, this)\n    };\n    // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n    const syncMethods = ['decode', 'isLoginRedirect'];\n    Object.keys(this.token).forEach(key => {\n      if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n        return;\n      }\n      var method = this.token[key];\n      this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n    });\n    \n    Object.assign(this.token.getWithRedirect, {\n      // This is exposed so we can set window.location in our tests\n      _setLocation: function(url) {\n        window.location = url;\n      }\n    });\n    Object.assign(this.token.parseFromUrl, {\n      // This is exposed so we can mock getting window.history in our tests\n      _getHistory: function() {\n        return window.history;\n      },\n\n      // This is exposed so we can mock getting window.location in our tests\n      _getLocation: function() {\n        return window.location;\n      },\n\n      // This is exposed so we can mock getting window.document in our tests\n      _getDocument: function() {\n        return window.document;\n      }\n    });\n\n    // IDX\n    this.idx = {\n      interact: interact.bind(null, this),\n      introspect: introspectV2.bind(null, this),\n      authenticate: authenticate.bind(null, this),\n      register: register.bind(null, this),\n      proceed: proceed.bind(null, this),\n      cancel: cancel.bind(null, this),\n      recoverPassword: recoverPassword.bind(null, this),\n      handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n      startTransaction: startTransaction.bind(null, this),\n      setFlow: (flow: FlowIdentifier) => {\n        this.options.flow = flow;\n      },\n      getFlow: (): FlowIdentifier => {\n        return this.options.flow;\n      },\n      canProceed: canProceed.bind(null, this),\n    };\n    setGlobalRequestInterceptor(createGlobalRequestInterceptor(this)); // to pass custom headers to IDX endpoints\n\n    // HTTP\n    this.http = {\n      setRequestHeader: setRequestHeader.bind(null, this)\n    };\n\n    // Fingerprint API\n    this.fingerprint = fingerprint.bind(null, this);\n\n    this.emitter = new Emitter();\n\n    // TokenManager\n    this.tokenManager = new TokenManager(this, args.tokenManager);\n\n    // AuthStateManager\n    this.authStateManager = new AuthStateManager(this);\n  }\n\n  start() {\n    this.tokenManager.start();\n    if (!this.token.isLoginRedirect()) {\n      this.authStateManager.updateAuthState();\n    }\n  }\n\n  stop() {\n    this.tokenManager.stop();\n  }\n\n  setHeaders(headers) {\n    this.options.headers = Object.assign({}, this.options.headers, headers);\n  }\n\n  // ES6 module users can use named exports to access all symbols\n  // CommonJS module users (CDN) need all exports on this object\n\n  // Utility methods for interaction code flow\n  isInteractionRequired(hashOrSearch?: string): boolean {\n    return isInteractionRequired(this, hashOrSearch);\n  }\n\n  isInteractionRequiredError(error: Error): boolean {\n    return isInteractionRequiredError(error);\n  }\n\n  // Utility methods for email verify callback\n  isEmailVerifyCallback(urlPath: string): boolean {\n    return isEmailVerifyCallback(urlPath);\n  }\n\n  parseEmailVerifyCallback(urlPath: string): EmailVerifyCallbackResponse {\n    return parseEmailVerifyCallback(urlPath);\n  }\n\n  async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n    // TODO: support interaction code flow\n    // Authn V1 flow\n    return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n  }\n\n  async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n    opts = clone(opts || {});\n    const _postToTransaction = (options?) => {\n      delete opts.sendFingerprint;\n      return postToTransaction(this, '/api/v1/authn', opts, options);\n    };\n    if (!opts.sendFingerprint) {\n      return _postToTransaction();\n    }\n    return this.fingerprint()\n    .then(function(fingerprint) {\n      return _postToTransaction({\n        headers: {\n          'X-Device-Fingerprint': fingerprint\n        }\n      });\n    });\n  }\n\n  async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n    const { originalUri, ...additionalParams } = opts;\n    if(this._pending.handleLogin) { \n      // Don't trigger second round\n      return;\n    }\n\n    this._pending.handleLogin = true;\n    try {\n      // Trigger default signIn redirect flow\n      if (originalUri) {\n        this.setOriginalUri(originalUri);\n      }\n      const params = Object.assign({\n        // TODO: remove this line when default scopes are changed OKTA-343294\n        scopes: this.options.scopes || ['openid', 'email', 'profile']\n      }, additionalParams);\n      await this.token.getWithRedirect(params);\n    } finally {\n      this._pending.handleLogin = false;\n    }\n  }\n  \n  // Ends the current Okta SSO session without redirecting to Okta.\n  closeSession(): Promise<object> {\n    // Clear all local tokens\n    this.tokenManager.clear();\n  \n    return this.session.close() // DELETE /api/v1/sessions/me\n    .catch(function(e) {\n      if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n        // Session does not exist or has already been closed\n        return null;\n      }\n      throw e;\n    });\n  }\n  \n  // Revokes the access token for the application session\n  async revokeAccessToken(accessToken?: AccessToken): Promise<object> {\n    if (!accessToken) {\n      accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n      const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n      this.tokenManager.remove(accessTokenKey);\n    }\n    // Access token may have been removed. In this case, we will silently succeed.\n    if (!accessToken) {\n      return Promise.resolve(null);\n    }\n    return this.token.revoke(accessToken);\n  }\n\n  // Revokes the refresh token for the application session\n  async revokeRefreshToken(refreshToken?: RefreshToken): Promise<object> {\n    if (!refreshToken) {\n      refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n      const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n      this.tokenManager.remove(refreshTokenKey);\n    }\n    // Refresh token may have been removed. In this case, we will silently succeed.\n    if (!refreshToken) {\n      return Promise.resolve(null);\n    }\n    return this.token.revoke(refreshToken);\n  }\n\n  getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n    let {\n      idToken,\n      postLogoutRedirectUri,\n      state,\n    } = options;\n    if (!idToken) {\n      idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n    }\n    if (!idToken) {\n      return '';\n    }\n    if (!postLogoutRedirectUri) {\n      postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n    }\n\n    const logoutUrl = getOAuthUrls(this).logoutUrl;\n    const idTokenHint = idToken.idToken; // a string\n    let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n    if (postLogoutRedirectUri) {\n      logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n    } \n    // State allows option parameters to be passed to logout redirect uri\n    if (state) {\n      logoutUri += '&state=' + encodeURIComponent(state);\n    }\n\n    return logoutUri;\n  }\n\n  // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n  async signOut(options?: SignoutOptions) {\n    options = Object.assign({}, options);\n  \n    // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n    var defaultUri = window.location.origin;\n    var currentUri = window.location.href;\n    var postLogoutRedirectUri = options.postLogoutRedirectUri\n      || this.options.postLogoutRedirectUri\n      || defaultUri;\n  \n    var accessToken = options.accessToken;\n    var refreshToken = options.refreshToken;\n    var revokeAccessToken = options.revokeAccessToken !== false;\n    var revokeRefreshToken = options.revokeRefreshToken !== false;\n  \n    if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n      refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n    }\n\n    if (revokeAccessToken && typeof accessToken === 'undefined') {\n      accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n    }\n  \n    if (!options.idToken) {\n      options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n    }\n\n    // Clear all local tokens\n    this.tokenManager.clear();\n\n    if (revokeRefreshToken && refreshToken) {\n      await this.revokeRefreshToken(refreshToken);\n    }\n\n    if (revokeAccessToken && accessToken) {\n      await this.revokeAccessToken(accessToken);\n    }\n\n    const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n    // No logoutUri? This can happen if the storage was cleared.\n    // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n    if (!logoutUri) {\n      return this.closeSession() // can throw if the user cannot be signed out\n      .then(function() {\n        if (postLogoutRedirectUri === currentUri) {\n          window.location.reload(); // force a hard reload if URI is not changing\n        } else {\n          window.location.assign(postLogoutRedirectUri);\n        }\n      });\n    } else {\n      // Flow ends with logout redirect\n      window.location.assign(logoutUri);\n    }\n  }\n\n  webfinger(opts): Promise<object> {\n    var url = '/.well-known/webfinger' + toQueryString(opts);\n    var options = {\n      headers: {\n        'Accept': 'application/jrd+json'\n      }\n    };\n    return get(this, url, options);\n  }\n\n  //\n  // Common Methods from downstream SDKs\n  //\n\n  // Returns true if both accessToken and idToken are not expired\n  // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n  async isAuthenticated(): Promise<boolean> {\n\n    let { accessToken, idToken } = this.tokenManager.getTokensSync();\n    const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n    if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n      accessToken = null;\n      if (autoRenew) {\n        accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n      } else if (autoRemove) {\n        this.tokenManager.remove('accessToken');\n      }\n    }\n\n    if (idToken && this.tokenManager.hasExpired(idToken)) {\n      idToken = null;\n      if (autoRenew) {\n        idToken = await this.tokenManager.renew('idToken') as IDToken;\n      } else if (autoRemove) {\n        this.tokenManager.remove('idToken');\n      }\n    }\n\n    return !!(accessToken && idToken);\n  }\n\n  async getUser(): Promise<UserClaims> {\n    const { idToken, accessToken } = this.tokenManager.getTokensSync();\n    return this.token.getUserInfo(accessToken, idToken);\n  }\n\n  getIdToken(): string | undefined {\n    const { idToken } = this.tokenManager.getTokensSync();\n    return idToken ? idToken.idToken : undefined;\n  }\n\n  getAccessToken(): string | undefined {\n    const { accessToken } = this.tokenManager.getTokensSync();\n    return accessToken ? accessToken.accessToken : undefined;\n  }\n\n  getRefreshToken(): string | undefined {\n    const { refreshToken } = this.tokenManager.getTokensSync();\n    return refreshToken ? refreshToken.refreshToken : undefined;\n  }\n\n  /**\n   * Store parsed tokens from redirect url\n   */\n  async storeTokensFromRedirect(): Promise<void> {\n    const { tokens } = await this.token.parseFromUrl();\n    this.tokenManager.setTokens(tokens);\n  }\n\n  setOriginalUri(originalUri: string, state?: string): void {\n    // always store in session storage\n    const sessionStorage = browserStorage.getSessionStorage();\n    sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n\n    // to support multi-tab flows, set a state in constructor or pass as param\n    state = state || this.options.state;\n    if (state) {\n      const sharedStorage = this.storageManager.getOriginalUriStorage();\n      sharedStorage.setItem(state, originalUri);\n    }\n  }\n\n  getOriginalUri(state?: string): string {\n    // Prefer shared storage (if state is available)\n    state = state || this.options.state;\n    if (state) {\n      const sharedStorage = this.storageManager.getOriginalUriStorage();\n      const originalUri = sharedStorage.getItem(state);\n      if (originalUri) {\n        return originalUri;\n      }\n    }\n\n    // Try to load from session storage\n    const storage = browserStorage.getSessionStorage();\n    return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) : undefined;\n  }\n\n  removeOriginalUri(state?: string): void {\n    // Remove from sessionStorage\n    const storage = browserStorage.getSessionStorage();\n    storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n\n    // Also remove from shared storage\n    state = state || this.options.state;\n    if (state) {\n      const sharedStorage = this.storageManager.getOriginalUriStorage();\n      sharedStorage.removeItem(state);\n    }\n  }\n\n  isLoginRedirect(): boolean {\n    return isLoginRedirect(this);\n  }\n\n  async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n    let state = this.options.state;\n\n    // Store tokens and update AuthState by the emitted events\n    if (tokens) {\n      this.tokenManager.setTokens(tokens);\n      originalUri = originalUri || this.getOriginalUri(this.options.state);\n    } else if (this.isLoginRedirect()) {\n      // For redirect flow, get state from the URL and use it to retrieve the originalUri\n      const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n      state = oAuthResponse.state;\n      originalUri = originalUri || this.getOriginalUri(state);\n      await this.storeTokensFromRedirect();\n    } else {\n      return; // nothing to do\n    }\n    \n    // ensure auth state has been updated\n    await this.authStateManager.updateAuthState();\n\n    // clear originalUri from storage\n    this.removeOriginalUri(state);\n\n    // Redirect to originalUri\n    const { restoreOriginalUri } = this.options;\n    if (restoreOriginalUri) {\n      await restoreOriginalUri(this, originalUri);\n    } else {\n      window.location.replace(originalUri);\n    }\n  }\n\n  isPKCE(): boolean {\n    return !!this.options.pkce;\n  }\n\n  hasResponseType(responseType: string): boolean {\n    let hasResponseType = false;\n    if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n      hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n    } else {\n      hasResponseType = this.options.responseType === responseType;\n    }\n    return hasResponseType;\n  }\n\n  isAuthorizationCodeFlow(): boolean {\n    return this.hasResponseType('code');\n  }\n\n  // { username, password, (relayState), (context) }\n  // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n  //   return postToTransaction(this, '/api/v1/authn', opts);\n  // }\n\n  getIssuerOrigin(): string {\n    // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n    return this.options.issuer.split('/oauth2/')[0];\n  }\n\n  // { username, (relayState) }\n  forgotPassword(opts): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n  }\n\n  // { username, (relayState) }\n  unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n  }\n\n  // { recoveryToken }\n  verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n  }\n}\n\n// Hoist feature detection functions to static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist values and utility functions for CommonJS users\nObject.assign(OktaAuth, {\n  constants,\n  isInteractionRequiredError\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}

package/cjs/OktaUserAgent.js

@@ -21,7 +21,7 @@ var _features = require("./features");
 class OktaUserAgent {
   constructor() {
     // add base sdk env
-    this.environments = [`okta-auth-js/${"5.5.0"}`];
+    this.environments = [`okta-auth-js/${"5.9.0"}`];
   }
 
   addEnvironment(env) {
@@ -36,7 +36,7 @@ class OktaUserAgent {
   }
 
   getVersion() {
-    return "5.5.0";
+    return "5.9.0";
   }
 
   maybeAddNodeEnvironment() {

package/cjs/StorageManager.js

@@ -85,6 +85,22 @@ class StorageManager {
     const storage = this.getStorage(options);
     const storageKey = options.storageKey || _constants.TRANSACTION_STORAGE_NAME;
     return new _SavedObject.default(storage, storageKey);
+  }
+
+  getSharedTansactionStorage(options) {
+    options = this.getOptionsForSection('shared-transaction', options);
+    logServerSideMemoryStorageWarning(options);
+    const storage = this.getStorage(options);
+    const storageKey = options.storageKey || _constants.SHARED_TRANSACTION_STORAGE_NAME;
+    return new _SavedObject.default(storage, storageKey);
+  }
+
+  getOriginalUriStorage(options) {
+    options = this.getOptionsForSection('original-uri', options);
+    logServerSideMemoryStorageWarning(options);
+    const storage = this.getStorage(options);
+    const storageKey = options.storageKey || _constants.ORIGINAL_URI_STORAGE_NAME;
+    return new _SavedObject.default(storage, storageKey);
   } // intermediate idxResponse
   // store for network traffic optimazation purpose
   // TODO: revisit in auth-js 6.0 epic JIRA: OKTA-399791

package/cjs/StorageManager.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../lib/StorageManager.ts"],"names":["logServerSideMemoryStorageWarning","options","storageProvider","StorageManager","constructor","storageManagerOptions","cookieOptions","storageUtil","getOptionsForSection","sectionName","overrideOptions","Object","assign","getStorage","storageType","storageTypes","sessionCookie","idx","indexOf","slice","findStorageType","getStorageByType","getTransactionStorage","storage","storageKey","TRANSACTION_STORAGE_NAME","SavedObject","getIdxResponseStorage","e","transactionStorage","getItem","key","transaction","setItem","val","AuthSdkError","setStorage","removeItem","IDX_RESPONSE_STORAGE_NAME","getTokenStorage","TOKEN_STORAGE_NAME","getHttpCache","CACHE_STORAGE_NAME","getLegacyPKCEStorage","PKCE_STORAGE_NAME","getLegacyOAuthParamsStorage","REDIRECT_OAUTH_PARAMS_NAME"],"mappings":";;;;;;AAcA;;AAmBA;;AACA;;AACA;;AACA;;AApCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA4BA,SAASA,iCAAT,CAA2CC,OAA3C,EAAoE;AAClE,MAAI,CAAC,0BAAD,IAAgB,CAACA,OAAO,CAACC,eAAzB,IAA4C,CAACD,OAAO,CAACC,eAAzD,EAA0E;AACxE;AACA,oBAAK,6KAAL;AACD;AACF;;AAEc,MAAMC,cAAN,CAAqB;AAKlCC,EAAAA,WAAW,CAACC,qBAAD,EAA+CC,aAA/C,EAA6EC,WAA7E,EAAuG;AAChH,SAAKF,qBAAL,GAA6BA,qBAA7B;AACA,SAAKC,aAAL,GAAqBA,aAArB;AACA,SAAKC,WAAL,GAAmBA,WAAnB;AACD,GATiC,CAWlC;;;AACAC,EAAAA,oBAAoB,CAACC,WAAD,EAAsBC,eAAtB,EAAwD;AAC1E,WAAOC,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,KAAKP,qBAAL,CAA2BI,WAA3B,CAAlB,EAA2DC,eAA3D,CAAP;AACD,GAdiC,CAgBlC;;;AACAG,EAAAA,UAAU,CAACZ,OAAD,EAAyC;AACjDA,IAAAA,OAAO,GAAGU,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,KAAKN,aAAvB,EAAsCL,OAAtC,CAAV,CADiD,CACS;;AAE1D,QAAIA,OAAO,CAACC,eAAZ,EAA6B;AAC3B,aAAOD,OAAO,CAACC,eAAf;AACD;;AAED,QAAI;AAAEY,MAAAA,WAAF;AAAeC,MAAAA;AAAf,QAAgCd,OAApC;;AAEA,QAAGa,WAAW,KAAK,gBAAnB,EAAqC;AACnCb,MAAAA,OAAO,CAACe,aAAR,GAAwB,IAAxB;AACD,KAXgD,CAajD;;;AACA,QAAIF,WAAW,IAAIC,YAAnB,EAAiC;AAC/B,YAAME,GAAG,GAAGF,YAAY,CAACG,OAAb,CAAqBJ,WAArB,CAAZ;;AACA,UAAIG,GAAG,IAAI,CAAX,EAAc;AACZF,QAAAA,YAAY,GAAGA,YAAY,CAACI,KAAb,CAAmBF,GAAnB,CAAf;AACAH,QAAAA,WAAW,GAAG,IAAd;AACD;AACF;;AAED,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,KAAKP,WAAL,CAAiBa,eAAjB,CAAiCL,YAAjC,CAAd;AACD;;AACD,WAAO,KAAKR,WAAL,CAAiBc,gBAAjB,CAAkCP,WAAlC,EAA+Cb,OAA/C,CAAP;AACD,GA3CiC,CA6ClC;;;AACAqB,EAAAA,qBAAqB,CAACrB,OAAD,EAA+C;AAClEA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,aAA1B,EAAyCP,OAAzC,CAAV;AACAD,IAAAA,iCAAiC,CAACC,OAAD,CAAjC;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBC,mCAAzC;AACA,WAAO,IAAIC,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD,GApDiC,CAsDlC;AACA;AACA;;;AACAG,EAAAA,qBAAqB,CAAC1B,OAAD,EAA+C;AAClE,QAAIsB,OAAJ;;AACA,QAAI,0BAAJ,EAAiB;AACf;AACA,UAAI;AACFA,QAAAA,OAAO,GAAG,KAAKhB,WAAL,CAAiBc,gBAAjB,CAAkC,QAAlC,EAA4CpB,OAA5C,CAAV;AACD,OAFD,CAEE,OAAO2B,CAAP,EAAU;AACV;AACA;AACA,wBAAK,yIAAL;AACD;AACF,KATD,MASO;AACL;AACA,YAAMC,kBAAkB,GAAG,KAAKP,qBAAL,CAA2BrB,OAA3B,CAA3B;;AACA,UAAI4B,kBAAJ,EAAwB;AACtBN,QAAAA,OAAO,GAAG;AACRO,UAAAA,OAAO,EAAGC,GAAD,IAAS;AAChB,kBAAMC,WAAW,GAAGH,kBAAkB,CAAChB,UAAnB,EAApB;;AACA,gBAAImB,WAAW,IAAIA,WAAW,CAACD,GAAD,CAA9B,EAAqC;AACnC,qBAAOC,WAAW,CAACD,GAAD,CAAlB;AACD;;AACD,mBAAO,IAAP;AACD,WAPO;AAQRE,UAAAA,OAAO,EAAE,CAACF,GAAD,EAAMG,GAAN,KAAc;AACrB,kBAAMF,WAAW,GAAGH,kBAAkB,CAAChB,UAAnB,EAApB;;AACA,gBAAI,CAACmB,WAAL,EAAkB;AAChB,oBAAM,IAAIG,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AACDH,YAAAA,WAAW,CAACD,GAAD,CAAX,GAAmBG,GAAnB;AACAL,YAAAA,kBAAkB,CAACO,UAAnB,CAA8BJ,WAA9B;AACD,WAfO;AAgBRK,UAAAA,UAAU,EAAGN,GAAD,IAAS;AACnB,kBAAMC,WAAW,GAAGH,kBAAkB,CAAChB,UAAnB,EAApB;;AACA,gBAAI,CAACmB,WAAL,EAAkB;AAChB;AACD;;AACD,mBAAOA,WAAW,CAACD,GAAD,CAAlB;AACAF,YAAAA,kBAAkB,CAACO,UAAnB,CAA8BJ,WAA9B;AACD;AAvBO,SAAV;AAyBD;AACF;;AAED,QAAI,CAACT,OAAL,EAAc;AACZ,aAAO,IAAP;AACD;;AAED,WAAO,IAAIG,oBAAJ,CAAgBH,OAAhB,EAAyBe,oCAAzB,CAAP;AACD,GAzGiC,CA2GlC;;;AACAC,EAAAA,eAAe,CAACtC,OAAD,EAA4C;AACzDA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,OAA1B,EAAmCP,OAAnC,CAAV;AACAD,IAAAA,iCAAiC,CAACC,OAAD,CAAjC;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBgB,6BAAzC;AACA,WAAO,IAAId,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD,GAlHiC,CAoHlC;;;AACAiB,EAAAA,YAAY,CAACxC,OAAD,EAA4C;AACtDA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,OAA1B,EAAmCP,OAAnC,CAAV;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBkB,6BAAzC;AACA,WAAO,IAAIhB,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD,GA1HiC,CA4HlC;;;AACAmB,EAAAA,oBAAoB,CAAC1C,OAAD,EAAwC;AAC1DA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,aAA1B,EAAyCP,OAAzC,CAAV;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBoB,4BAAzC;AACA,WAAO,IAAIlB,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD;;AAEDqB,EAAAA,2BAA2B,CAAC5C,OAAD,EAA4C;AACrEA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,qBAA1B,EAAiDP,OAAjD,CAAV;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBsB,qCAAzC;AACA,WAAO,IAAIpB,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD;;AAzIiC","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n\nimport {\n  PKCE_STORAGE_NAME,\n  TOKEN_STORAGE_NAME,\n  TRANSACTION_STORAGE_NAME,\n  IDX_RESPONSE_STORAGE_NAME,\n  CACHE_STORAGE_NAME,\n  REDIRECT_OAUTH_PARAMS_NAME\n} from './constants';\nimport {\n  StorageUtil,\n  StorageProvider,\n  StorageOptions,\n  PKCEStorage,\n  CookieOptions,\n  TransactionStorage,\n  IdxResponseStorage,\n  StorageManagerOptions,\n  SimpleStorage\n} from './types';\nimport SavedObject from './SavedObject';\nimport { isBrowser } from './features';\nimport { warn } from './util';\nimport { AuthSdkError } from './errors';\n\nfunction logServerSideMemoryStorageWarning(options: StorageOptions) {\n  if (!isBrowser() && !options.storageProvider && !options.storageProvider) {\n    // eslint-disable-next-line max-len\n    warn('Memory storage can only support simple single user use case on server side, please provide custom storageProvider or storageKey if advanced scenarios need to be supported.');\n  }\n}\n\nexport default class StorageManager {\n  storageManagerOptions: StorageManagerOptions;\n  cookieOptions: CookieOptions;\n  storageUtil: StorageUtil;\n\n  constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n    this.storageManagerOptions = storageManagerOptions;\n    this.cookieOptions = cookieOptions;\n    this.storageUtil = storageUtil;\n  }\n\n  // combines defaults in order\n  getOptionsForSection(sectionName: string, overrideOptions?: StorageOptions) {\n    return Object.assign({}, this.storageManagerOptions[sectionName], overrideOptions);\n  }\n \n  // generic method to get any available storage provider\n  getStorage(options: StorageOptions): SimpleStorage {\n    options = Object.assign({}, this.cookieOptions, options); // set defaults\n\n    if (options.storageProvider) {\n      return options.storageProvider;\n    }\n\n    let { storageType, storageTypes } = options;\n\n    if(storageType === 'sessionStorage') {\n      options.sessionCookie = true;\n    }\n\n    // Maintain compatibility. Automatically fallback. May change in next major version. OKTA-362589\n    if (storageType && storageTypes) {\n      const idx = storageTypes.indexOf(storageType);\n      if (idx >= 0) {\n        storageTypes = storageTypes.slice(idx);\n        storageType = null;\n      }\n    }\n\n    if (!storageType) {\n      storageType = this.storageUtil.findStorageType(storageTypes);\n    }\n    return this.storageUtil.getStorageByType(storageType, options);\n  }\n\n  // stateToken, interactionHandle\n  getTransactionStorage(options?: StorageOptions): TransactionStorage {\n    options = this.getOptionsForSection('transaction', options);\n    logServerSideMemoryStorageWarning(options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || TRANSACTION_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  // intermediate idxResponse\n  // store for network traffic optimazation purpose\n  // TODO: revisit in auth-js 6.0 epic JIRA: OKTA-399791\n  getIdxResponseStorage(options?: StorageOptions): IdxResponseStorage {\n    let storage;\n    if (isBrowser()) {\n      // on browser side only use memory storage \n      try {\n        storage = this.storageUtil.getStorageByType('memory', options);\n      } catch (e) {\n        // it's ok to miss response storage\n        // eslint-disable-next-line max-len\n        warn('No response storage found, you may want to provide custom implementation for intermediate idx responses to optimize the network traffic');\n      }\n    } else {\n      // on server side re-use transaction custom storage\n      const transactionStorage = this.getTransactionStorage(options);\n      if (transactionStorage) {\n        storage = {\n          getItem: (key) => {\n            const transaction = transactionStorage.getStorage();\n            if (transaction && transaction[key]) {\n              return transaction[key];\n            }\n            return null;\n          },\n          setItem: (key, val) => {\n            const transaction = transactionStorage.getStorage();\n            if (!transaction) {\n              throw new AuthSdkError('Transaction has been cleared, failed to save idxState');\n            }\n            transaction[key] = val;\n            transactionStorage.setStorage(transaction);\n          },\n          removeItem: (key) => {\n            const transaction = transactionStorage.getStorage();\n            if (!transaction) {\n              return;\n            }\n            delete transaction[key];\n            transactionStorage.setStorage(transaction);\n          }\n        };\n      }\n    }\n\n    if (!storage) {\n      return null;\n    }\n\n    return new SavedObject(storage, IDX_RESPONSE_STORAGE_NAME);\n  }\n\n  // access_token, id_token, refresh_token\n  getTokenStorage(options?: StorageOptions): StorageProvider {\n    options = this.getOptionsForSection('token', options);\n    logServerSideMemoryStorageWarning(options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || TOKEN_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  // caches well-known response, among others\n  getHttpCache(options?: StorageOptions): StorageProvider {\n    options = this.getOptionsForSection('cache', options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || CACHE_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  // Will be removed in an upcoming major version. OKTA-362589\n  getLegacyPKCEStorage(options?: StorageOptions): PKCEStorage {\n    options = this.getOptionsForSection('legacy-pkce', options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || PKCE_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  getLegacyOAuthParamsStorage(options?: StorageOptions): StorageProvider {\n    options = this.getOptionsForSection('legacy-oauth-params', options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || REDIRECT_OAUTH_PARAMS_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n}\n"],"file":"StorageManager.js"}
+{"version":3,"sources":["../../lib/StorageManager.ts"],"names":["logServerSideMemoryStorageWarning","options","storageProvider","StorageManager","constructor","storageManagerOptions","cookieOptions","storageUtil","getOptionsForSection","sectionName","overrideOptions","Object","assign","getStorage","storageType","storageTypes","sessionCookie","idx","indexOf","slice","findStorageType","getStorageByType","getTransactionStorage","storage","storageKey","TRANSACTION_STORAGE_NAME","SavedObject","getSharedTansactionStorage","SHARED_TRANSACTION_STORAGE_NAME","getOriginalUriStorage","ORIGINAL_URI_STORAGE_NAME","getIdxResponseStorage","e","transactionStorage","getItem","key","transaction","setItem","val","AuthSdkError","setStorage","removeItem","IDX_RESPONSE_STORAGE_NAME","getTokenStorage","TOKEN_STORAGE_NAME","getHttpCache","CACHE_STORAGE_NAME","getLegacyPKCEStorage","PKCE_STORAGE_NAME","getLegacyOAuthParamsStorage","REDIRECT_OAUTH_PARAMS_NAME"],"mappings":";;;;;;AAcA;;AAqBA;;AACA;;AACA;;AACA;;AAtCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA8BA,SAASA,iCAAT,CAA2CC,OAA3C,EAAoE;AAClE,MAAI,CAAC,0BAAD,IAAgB,CAACA,OAAO,CAACC,eAAzB,IAA4C,CAACD,OAAO,CAACC,eAAzD,EAA0E;AACxE;AACA,oBAAK,6KAAL;AACD;AACF;;AAEc,MAAMC,cAAN,CAAqB;AAKlCC,EAAAA,WAAW,CAACC,qBAAD,EAA+CC,aAA/C,EAA6EC,WAA7E,EAAuG;AAChH,SAAKF,qBAAL,GAA6BA,qBAA7B;AACA,SAAKC,aAAL,GAAqBA,aAArB;AACA,SAAKC,WAAL,GAAmBA,WAAnB;AACD,GATiC,CAWlC;;;AACAC,EAAAA,oBAAoB,CAACC,WAAD,EAAsBC,eAAtB,EAAwD;AAC1E,WAAOC,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,KAAKP,qBAAL,CAA2BI,WAA3B,CAAlB,EAA2DC,eAA3D,CAAP;AACD,GAdiC,CAgBlC;;;AACAG,EAAAA,UAAU,CAACZ,OAAD,EAAyC;AACjDA,IAAAA,OAAO,GAAGU,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,KAAKN,aAAvB,EAAsCL,OAAtC,CAAV,CADiD,CACS;;AAE1D,QAAIA,OAAO,CAACC,eAAZ,EAA6B;AAC3B,aAAOD,OAAO,CAACC,eAAf;AACD;;AAED,QAAI;AAAEY,MAAAA,WAAF;AAAeC,MAAAA;AAAf,QAAgCd,OAApC;;AAEA,QAAGa,WAAW,KAAK,gBAAnB,EAAqC;AACnCb,MAAAA,OAAO,CAACe,aAAR,GAAwB,IAAxB;AACD,KAXgD,CAajD;;;AACA,QAAIF,WAAW,IAAIC,YAAnB,EAAiC;AAC/B,YAAME,GAAG,GAAGF,YAAY,CAACG,OAAb,CAAqBJ,WAArB,CAAZ;;AACA,UAAIG,GAAG,IAAI,CAAX,EAAc;AACZF,QAAAA,YAAY,GAAGA,YAAY,CAACI,KAAb,CAAmBF,GAAnB,CAAf;AACAH,QAAAA,WAAW,GAAG,IAAd;AACD;AACF;;AAED,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,KAAKP,WAAL,CAAiBa,eAAjB,CAAiCL,YAAjC,CAAd;AACD;;AACD,WAAO,KAAKR,WAAL,CAAiBc,gBAAjB,CAAkCP,WAAlC,EAA+Cb,OAA/C,CAAP;AACD,GA3CiC,CA6ClC;;;AACAqB,EAAAA,qBAAqB,CAACrB,OAAD,EAA+C;AAClEA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,aAA1B,EAAyCP,OAAzC,CAAV;AACAD,IAAAA,iCAAiC,CAACC,OAAD,CAAjC;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBC,mCAAzC;AACA,WAAO,IAAIC,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD;;AAEDG,EAAAA,0BAA0B,CAAC1B,OAAD,EAA+C;AACvEA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,oBAA1B,EAAgDP,OAAhD,CAAV;AACAD,IAAAA,iCAAiC,CAACC,OAAD,CAAjC;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBI,0CAAzC;AACA,WAAO,IAAIF,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD;;AAEDK,EAAAA,qBAAqB,CAAC5B,OAAD,EAA+C;AAClEA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,cAA1B,EAA0CP,OAA1C,CAAV;AACAD,IAAAA,iCAAiC,CAACC,OAAD,CAAjC;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBM,oCAAzC;AACA,WAAO,IAAIJ,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD,GApEiC,CAsElC;AACA;AACA;;;AACAO,EAAAA,qBAAqB,CAAC9B,OAAD,EAA+C;AAClE,QAAIsB,OAAJ;;AACA,QAAI,0BAAJ,EAAiB;AACf;AACA,UAAI;AACFA,QAAAA,OAAO,GAAG,KAAKhB,WAAL,CAAiBc,gBAAjB,CAAkC,QAAlC,EAA4CpB,OAA5C,CAAV;AACD,OAFD,CAEE,OAAO+B,CAAP,EAAU;AACV;AACA;AACA,wBAAK,yIAAL;AACD;AACF,KATD,MASO;AACL;AACA,YAAMC,kBAAkB,GAAG,KAAKX,qBAAL,CAA2BrB,OAA3B,CAA3B;;AACA,UAAIgC,kBAAJ,EAAwB;AACtBV,QAAAA,OAAO,GAAG;AACRW,UAAAA,OAAO,EAAGC,GAAD,IAAS;AAChB,kBAAMC,WAAW,GAAGH,kBAAkB,CAACpB,UAAnB,EAApB;;AACA,gBAAIuB,WAAW,IAAIA,WAAW,CAACD,GAAD,CAA9B,EAAqC;AACnC,qBAAOC,WAAW,CAACD,GAAD,CAAlB;AACD;;AACD,mBAAO,IAAP;AACD,WAPO;AAQRE,UAAAA,OAAO,EAAE,CAACF,GAAD,EAAMG,GAAN,KAAc;AACrB,kBAAMF,WAAW,GAAGH,kBAAkB,CAACpB,UAAnB,EAApB;;AACA,gBAAI,CAACuB,WAAL,EAAkB;AAChB,oBAAM,IAAIG,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AACDH,YAAAA,WAAW,CAACD,GAAD,CAAX,GAAmBG,GAAnB;AACAL,YAAAA,kBAAkB,CAACO,UAAnB,CAA8BJ,WAA9B;AACD,WAfO;AAgBRK,UAAAA,UAAU,EAAGN,GAAD,IAAS;AACnB,kBAAMC,WAAW,GAAGH,kBAAkB,CAACpB,UAAnB,EAApB;;AACA,gBAAI,CAACuB,WAAL,EAAkB;AAChB;AACD;;AACD,mBAAOA,WAAW,CAACD,GAAD,CAAlB;AACAF,YAAAA,kBAAkB,CAACO,UAAnB,CAA8BJ,WAA9B;AACD;AAvBO,SAAV;AAyBD;AACF;;AAED,QAAI,CAACb,OAAL,EAAc;AACZ,aAAO,IAAP;AACD;;AAED,WAAO,IAAIG,oBAAJ,CAAgBH,OAAhB,EAAyBmB,oCAAzB,CAAP;AACD,GAzHiC,CA2HlC;;;AACAC,EAAAA,eAAe,CAAC1C,OAAD,EAA4C;AACzDA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,OAA1B,EAAmCP,OAAnC,CAAV;AACAD,IAAAA,iCAAiC,CAACC,OAAD,CAAjC;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBoB,6BAAzC;AACA,WAAO,IAAIlB,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD,GAlIiC,CAoIlC;;;AACAqB,EAAAA,YAAY,CAAC5C,OAAD,EAA4C;AACtDA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,OAA1B,EAAmCP,OAAnC,CAAV;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBsB,6BAAzC;AACA,WAAO,IAAIpB,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD,GA1IiC,CA4IlC;;;AACAuB,EAAAA,oBAAoB,CAAC9C,OAAD,EAAwC;AAC1DA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,aAA1B,EAAyCP,OAAzC,CAAV;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsBwB,4BAAzC;AACA,WAAO,IAAItB,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD;;AAEDyB,EAAAA,2BAA2B,CAAChD,OAAD,EAA4C;AACrEA,IAAAA,OAAO,GAAG,KAAKO,oBAAL,CAA0B,qBAA1B,EAAiDP,OAAjD,CAAV;AACA,UAAMsB,OAAO,GAAG,KAAKV,UAAL,CAAgBZ,OAAhB,CAAhB;AACA,UAAMuB,UAAU,GAAGvB,OAAO,CAACuB,UAAR,IAAsB0B,qCAAzC;AACA,WAAO,IAAIxB,oBAAJ,CAAgBH,OAAhB,EAAyBC,UAAzB,CAAP;AACD;;AAzJiC","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n\nimport {\n  PKCE_STORAGE_NAME,\n  TOKEN_STORAGE_NAME,\n  TRANSACTION_STORAGE_NAME,\n  SHARED_TRANSACTION_STORAGE_NAME,\n  ORIGINAL_URI_STORAGE_NAME,\n  IDX_RESPONSE_STORAGE_NAME,\n  CACHE_STORAGE_NAME,\n  REDIRECT_OAUTH_PARAMS_NAME\n} from './constants';\nimport {\n  StorageUtil,\n  StorageProvider,\n  StorageOptions,\n  PKCEStorage,\n  CookieOptions,\n  TransactionStorage,\n  IdxResponseStorage,\n  StorageManagerOptions,\n  SimpleStorage\n} from './types';\nimport SavedObject from './SavedObject';\nimport { isBrowser } from './features';\nimport { warn } from './util';\nimport { AuthSdkError } from './errors';\n\nfunction logServerSideMemoryStorageWarning(options: StorageOptions) {\n  if (!isBrowser() && !options.storageProvider && !options.storageProvider) {\n    // eslint-disable-next-line max-len\n    warn('Memory storage can only support simple single user use case on server side, please provide custom storageProvider or storageKey if advanced scenarios need to be supported.');\n  }\n}\n\nexport default class StorageManager {\n  storageManagerOptions: StorageManagerOptions;\n  cookieOptions: CookieOptions;\n  storageUtil: StorageUtil;\n\n  constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n    this.storageManagerOptions = storageManagerOptions;\n    this.cookieOptions = cookieOptions;\n    this.storageUtil = storageUtil;\n  }\n\n  // combines defaults in order\n  getOptionsForSection(sectionName: string, overrideOptions?: StorageOptions) {\n    return Object.assign({}, this.storageManagerOptions[sectionName], overrideOptions);\n  }\n \n  // generic method to get any available storage provider\n  getStorage(options: StorageOptions): SimpleStorage {\n    options = Object.assign({}, this.cookieOptions, options); // set defaults\n\n    if (options.storageProvider) {\n      return options.storageProvider;\n    }\n\n    let { storageType, storageTypes } = options;\n\n    if(storageType === 'sessionStorage') {\n      options.sessionCookie = true;\n    }\n\n    // Maintain compatibility. Automatically fallback. May change in next major version. OKTA-362589\n    if (storageType && storageTypes) {\n      const idx = storageTypes.indexOf(storageType);\n      if (idx >= 0) {\n        storageTypes = storageTypes.slice(idx);\n        storageType = null;\n      }\n    }\n\n    if (!storageType) {\n      storageType = this.storageUtil.findStorageType(storageTypes);\n    }\n    return this.storageUtil.getStorageByType(storageType, options);\n  }\n\n  // stateToken, interactionHandle\n  getTransactionStorage(options?: StorageOptions): TransactionStorage {\n    options = this.getOptionsForSection('transaction', options);\n    logServerSideMemoryStorageWarning(options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || TRANSACTION_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  getSharedTansactionStorage(options?: StorageOptions): TransactionStorage {\n    options = this.getOptionsForSection('shared-transaction', options);\n    logServerSideMemoryStorageWarning(options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || SHARED_TRANSACTION_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  getOriginalUriStorage(options?: StorageOptions): TransactionStorage {\n    options = this.getOptionsForSection('original-uri', options);\n    logServerSideMemoryStorageWarning(options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || ORIGINAL_URI_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  // intermediate idxResponse\n  // store for network traffic optimazation purpose\n  // TODO: revisit in auth-js 6.0 epic JIRA: OKTA-399791\n  getIdxResponseStorage(options?: StorageOptions): IdxResponseStorage {\n    let storage;\n    if (isBrowser()) {\n      // on browser side only use memory storage \n      try {\n        storage = this.storageUtil.getStorageByType('memory', options);\n      } catch (e) {\n        // it's ok to miss response storage\n        // eslint-disable-next-line max-len\n        warn('No response storage found, you may want to provide custom implementation for intermediate idx responses to optimize the network traffic');\n      }\n    } else {\n      // on server side re-use transaction custom storage\n      const transactionStorage = this.getTransactionStorage(options);\n      if (transactionStorage) {\n        storage = {\n          getItem: (key) => {\n            const transaction = transactionStorage.getStorage();\n            if (transaction && transaction[key]) {\n              return transaction[key];\n            }\n            return null;\n          },\n          setItem: (key, val) => {\n            const transaction = transactionStorage.getStorage();\n            if (!transaction) {\n              throw new AuthSdkError('Transaction has been cleared, failed to save idxState');\n            }\n            transaction[key] = val;\n            transactionStorage.setStorage(transaction);\n          },\n          removeItem: (key) => {\n            const transaction = transactionStorage.getStorage();\n            if (!transaction) {\n              return;\n            }\n            delete transaction[key];\n            transactionStorage.setStorage(transaction);\n          }\n        };\n      }\n    }\n\n    if (!storage) {\n      return null;\n    }\n\n    return new SavedObject(storage, IDX_RESPONSE_STORAGE_NAME);\n  }\n\n  // access_token, id_token, refresh_token\n  getTokenStorage(options?: StorageOptions): StorageProvider {\n    options = this.getOptionsForSection('token', options);\n    logServerSideMemoryStorageWarning(options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || TOKEN_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  // caches well-known response, among others\n  getHttpCache(options?: StorageOptions): StorageProvider {\n    options = this.getOptionsForSection('cache', options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || CACHE_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  // Will be removed in an upcoming major version. OKTA-362589\n  getLegacyPKCEStorage(options?: StorageOptions): PKCEStorage {\n    options = this.getOptionsForSection('legacy-pkce', options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || PKCE_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  getLegacyOAuthParamsStorage(options?: StorageOptions): StorageProvider {\n    options = this.getOptionsForSection('legacy-oauth-params', options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || REDIRECT_OAUTH_PARAMS_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n}\n"],"file":"StorageManager.js"}

package/cjs/TransactionManager.js

@@ -12,6 +12,8 @@ var _idxJs = require("./idx/types/idx-js");
 
 var _util = require("./util");
 
+var _sharedStorage = require("./util/sharedStorage");
+
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -30,14 +32,27 @@ class TransactionManager {
     this.saveNonceCookie = options.saveNonceCookie === false ? false : true;
     this.saveStateCookie = options.saveStateCookie === false ? false : true;
     this.saveParamsCookie = options.saveParamsCookie === false ? false : true;
+    this.enableSharedStorage = options.enableSharedStorage === false ? false : true;
     this.options = options;
-  }
+  } // eslint-disable-next-line complexity
+
 
   clear(options = {}) {
     const transactionStorage = this.storageManager.getTransactionStorage();
-    transactionStorage.clearStorage();
-    const idxStateStorage = this.storageManager.getIdxResponseStorage();
-    idxStateStorage === null || idxStateStorage === void 0 ? void 0 : idxStateStorage.clearStorage();
+    const meta = transactionStorage.getStorage(); // Clear primary storage (by default, sessionStorage on browser)
+
+    transactionStorage.clearStorage(); // clear IDX response storage
+
+    this.clearIdxResponse(); // Usually we do NOT want to clear shared storage because another tab may need it to continue/complete a flow
+    // It can be cleared after a user succcesfully signs in and receives tokens
+
+    if (this.enableSharedStorage && options.clearSharedStorage) {
+      const state = options.state || (meta === null || meta === void 0 ? void 0 : meta.state);
+
+      if (state) {
+        (0, _sharedStorage.clearTransactionFromSharedStorage)(this.storageManager, state);
+      }
+    }
 
     if (!this.legacyWidgetSupport) {
       return;
@@ -59,18 +74,25 @@ class TransactionManager {
     // Before saving, check to see if a transaction is already stored.
     // An existing transaction indicates a concurrency/race/overlap condition
     let storage = this.storageManager.getTransactionStorage();
-    const obj = storage.getStorage();
+    const obj = storage.getStorage(); // oie process may need to update transaction in the middle of process for tracking purpose
+    // false alarm might be caused 
+    // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919
 
-    if ((0, _types.isTransactionMeta)(obj)) {
+    if ((0, _types.isTransactionMeta)(obj) && !options.muteWarning) {
       // eslint-disable-next-line max-len
       (0, _util.warn)('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');
     }
 
-    storage.setStorage(meta);
+    storage.setStorage(meta); // Shared storage allows continuation of transaction in another tab
+
+    if (this.enableSharedStorage && meta.state) {
+      (0, _sharedStorage.saveTransactionToSharedStorage)(this.storageManager, meta.state, meta);
+    }
 
     if (!options.oauth) {
       return;
-    }
+    } // Legacy cookie storage
+
 
     if (this.saveNonceCookie || this.saveStateCookie || this.saveParamsCookie) {
       const cookieStorage = this.storageManager.getStorage({
@@ -119,11 +141,24 @@ class TransactionManager {
       return false;
     }
   } // load transaction meta from storage
+  // eslint-disable-next-line complexity,max-statements
 
 
   load(options = {}) {
+    let meta; // If state was passed, try loading transaction data from shared storage
+
+    if (this.enableSharedStorage && options.state) {
+      (0, _sharedStorage.pruneSharedStorage)(this.storageManager); // prune before load
+
+      meta = (0, _sharedStorage.loadTransactionFromSharedStorage)(this.storageManager, options.state);
+
+      if ((0, _types.isTransactionMeta)(meta)) {
+        return meta;
+      }
+    }
+
     let storage = this.storageManager.getTransactionStorage();
-    let meta = storage.getStorage();
+    meta = storage.getStorage();
 
     if ((0, _types.isTransactionMeta)(meta)) {
       // if we have meta in the new location, there is no need to go further
@@ -289,6 +324,11 @@ class TransactionManager {
     return idxResponse;
   }
 
+  clearIdxResponse() {
+    const storage = this.storageManager.getIdxResponseStorage();
+    storage === null || storage === void 0 ? void 0 : storage.clearStorage();
+  }
+
 }
 
 exports.default = TransactionManager;

package/cjs/TransactionManager.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../lib/TransactionManager.ts"],"names":["TransactionManager","constructor","options","storageManager","legacyWidgetSupport","saveNonceCookie","saveStateCookie","saveParamsCookie","clear","transactionStorage","getTransactionStorage","clearStorage","idxStateStorage","getIdxResponseStorage","oauth","clearLegacyOAuthParams","pkce","clearLegacyPKCE","save","meta","storage","obj","getStorage","setStorage","cookieStorage","storageType","responseType","state","nonce","scopes","clientId","urls","ignoreSignature","oauthParams","setItem","REDIRECT_OAUTH_PARAMS_NAME","JSON","stringify","REDIRECT_NONCE_COOKIE_NAME","REDIRECT_STATE_COOKIE_NAME","exists","load","loadLegacyOAuthParams","Object","assign","pkceMeta","loadLegacyPKCE","storageUtil","testStorageType","getLegacyPKCEStorage","codeVerifier","AuthSdkError","getLegacyOAuthParamsStorage","saveIdxResponse","idxResponse","loadIdxResponse"],"mappings":";;;;AAaA;;AACA;;AAEA;;AAWA;;AACA;;AA5BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAoBe,MAAMA,kBAAN,CAAyB;AAQtCC,EAAAA,WAAW,CAACC,OAAD,EAAqC;AAC9C,SAAKC,cAAL,GAAsBD,OAAO,CAACC,cAA9B;AACA,SAAKC,mBAAL,GAA2BF,OAAO,CAACE,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKC,eAAL,GAAuBH,OAAO,CAACG,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,eAAL,GAAuBJ,OAAO,CAACI,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,gBAAL,GAAwBL,OAAO,CAACK,gBAAR,KAA6B,KAA7B,GAAqC,KAArC,GAA6C,IAArE;AACA,SAAKL,OAAL,GAAeA,OAAf;AACD;;AAEDM,EAAAA,KAAK,CAACN,OAA+B,GAAG,EAAnC,EAAuC;AAC1C,UAAMO,kBAAmC,GAAG,KAAKN,cAAL,CAAoBO,qBAApB,EAA5C;AACAD,IAAAA,kBAAkB,CAACE,YAAnB;AAEA,UAAMC,eAAgC,GAAG,KAAKT,cAAL,CAAoBU,qBAApB,EAAzC;AACAD,IAAAA,eAAe,SAAf,IAAAA,eAAe,WAAf,YAAAA,eAAe,CAAED,YAAjB;;AAEA,QAAI,CAAC,KAAKP,mBAAV,EAA+B;AAC7B;AACD,KATyC,CAW1C;;;AACA,QAAIF,OAAO,CAACY,KAAZ,EAAmB;AACjB,WAAKC,sBAAL;AACD;;AAED,QAAIb,OAAO,CAACc,IAAZ,EAAkB;AAChB,WAAKC,eAAL;AACD;AACF,GApCqC,CAsCtC;;;AACAC,EAAAA,IAAI,CAACC,IAAD,EAAwBjB,OAA+B,GAAG,EAA1D,EAA8D;AAChE;AACA;AACA;AAEA,QAAIkB,OAAwB,GAAG,KAAKjB,cAAL,CAAoBO,qBAApB,EAA/B;AACA,UAAMW,GAAG,GAAGD,OAAO,CAACE,UAAR,EAAZ;;AACA,QAAI,8BAAkBD,GAAlB,CAAJ,EAA4B;AAC1B;AACA,sBAAK,yGAAL;AACD;;AAEDD,IAAAA,OAAO,CAACG,UAAR,CAAmBJ,IAAnB;;AAEA,QAAI,CAACjB,OAAO,CAACY,KAAb,EAAoB;AAClB;AACD;;AAED,QAAI,KAAKT,eAAL,IAAwB,KAAKC,eAA7B,IAAgD,KAAKC,gBAAzD,EAA2E;AACzE,YAAMiB,aAA4B,GAAG,KAAKrB,cAAL,CAAoBmB,UAApB,CAA+B;AAAEG,QAAAA,WAAW,EAAE;AAAf,OAA/B,CAArC;;AAEA,UAAI,KAAKlB,gBAAT,EAA2B;AACzB,cAAM;AACJmB,UAAAA,YADI;AAEJC,UAAAA,KAFI;AAGJC,UAAAA,KAHI;AAIJC,UAAAA,MAJI;AAKJC,UAAAA,QALI;AAMJC,UAAAA,IANI;AAOJC,UAAAA;AAPI,YAQFb,IARJ;AASA,cAAMc,WAAW,GAAG;AAClBP,UAAAA,YADkB;AAElBC,UAAAA,KAFkB;AAGlBC,UAAAA,KAHkB;AAIlBC,UAAAA,MAJkB;AAKlBC,UAAAA,QALkB;AAMlBC,UAAAA,IANkB;AAOlBC,UAAAA;AAPkB,SAApB;AASAR,QAAAA,aAAa,CAACU,OAAd,CAAsBC,qCAAtB,EAAkDC,IAAI,CAACC,SAAL,CAAeJ,WAAf,CAAlD,EAA+E,IAA/E;AACD;;AAED,UAAI,KAAK5B,eAAL,IAAwBc,IAAI,CAACS,KAAjC,EAAwC;AACtC;AACAJ,QAAAA,aAAa,CAACU,OAAd,CAAsBI,qCAAtB,EAAkDnB,IAAI,CAACS,KAAvD,EAA8D,IAA9D;AACD;;AAED,UAAI,KAAKtB,eAAL,IAAwBa,IAAI,CAACQ,KAAjC,EAAwC;AACtC;AACAH,QAAAA,aAAa,CAACU,OAAd,CAAsBK,qCAAtB,EAAkDpB,IAAI,CAACQ,KAAvD,EAA8D,IAA9D;AACD;AACF;AACF;;AAEDa,EAAAA,MAAM,CAACtC,OAA+B,GAAG,EAAnC,EAAgD;AACpD,QAAI;AACF,YAAMiB,IAAqB,GAAG,KAAKsB,IAAL,CAAUvC,OAAV,CAA9B;AACA,aAAO,CAAC,CAACiB,IAAT;AACD,KAHD,CAGE,MAAM;AACN,aAAO,KAAP;AACD;AACF,GArGqC,CAuGtC;;;AACAsB,EAAAA,IAAI,CAACvC,OAA+B,GAAG,EAAnC,EAAwD;AAC1D,QAAIkB,OAAwB,GAAG,KAAKjB,cAAL,CAAoBO,qBAApB,EAA/B;AACA,QAAIS,IAAI,GAAGC,OAAO,CAACE,UAAR,EAAX;;AACA,QAAI,8BAAkBH,IAAlB,CAAJ,EAA6B;AAC3B;AACA,aAAOA,IAAP;AACD;;AAED,QAAI,CAAC,KAAKf,mBAAV,EAA+B;AAC7B,aAAO,IAAP;AACD,KAVyD,CAY1D;;;AACA,QAAIF,OAAO,CAACY,KAAZ,EAAmB;AACjB,UAAI;AACF,cAAMmB,WAAW,GAAG,KAAKS,qBAAL,EAApB;AACAC,QAAAA,MAAM,CAACC,MAAP,CAAczB,IAAd,EAAoBc,WAApB;AACD,OAHD,SAGU;AACR,aAAKlB,sBAAL;AACD;AACF;;AAED,QAAIb,OAAO,CAACc,IAAZ,EAAkB;AAChB,UAAI;AACF,cAAM6B,QAA6B,GAAG,KAAKC,cAAL,EAAtC;AACAH,QAAAA,MAAM,CAACC,MAAP,CAAczB,IAAd,EAAoB0B,QAApB;AACD,OAHD,SAGU;AACR,aAAK5B,eAAL;AACD;AACF;;AAED,QAAI,8BAAkBE,IAAlB,CAAJ,EAA6B;AAC3B,aAAOA,IAAP;AACD;;AACD,WAAO,IAAP;AACD,GA3IqC,CA6ItC;;;AACAF,EAAAA,eAAe,GAAS;AACtB;AACA,QAAIG,OAAJ;;AAEA,QAAI,KAAKjB,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnE5B,MAAAA,OAAO,GAAG,KAAKjB,cAAL,CAAoB8C,oBAApB,CAAyC;AAAExB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;;AAED,QAAI,KAAKR,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrE5B,MAAAA,OAAO,GAAG,KAAKjB,cAAL,CAAoB8C,oBAApB,CAAyC;AAAExB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;AACF;;AAEDmC,EAAAA,cAAc,GAAwB;AACpC,QAAI1B,OAAJ;AACA,QAAIC,GAAJ,CAFoC,CAIpC;;AACA,QAAI,KAAKlB,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnE5B,MAAAA,OAAO,GAAG,KAAKjB,cAAL,CAAoB8C,oBAApB,CAAyC;AAAExB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACE,UAAR,EAAN;;AACA,UAAID,GAAG,IAAIA,GAAG,CAAC6B,YAAf,EAA6B;AAC3B,eAAO7B,GAAP;AACD;AACF,KAXmC,CAapC;;;AACA,QAAI,KAAKlB,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrE5B,MAAAA,OAAO,GAAG,KAAKjB,cAAL,CAAoB8C,oBAApB,CAAyC;AAAExB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACE,UAAR,EAAN;;AACA,UAAID,GAAG,IAAIA,GAAG,CAAC6B,YAAf,EAA6B;AAC3B,eAAO7B,GAAP;AACD;AACF,KApBmC,CAsBpC;AACA;AACA;;;AACA,UAAM,IAAI8B,oBAAJ,CAAiB,yJAAjB,EAA4K,IAA5K,CAAN;AACD;;AAEDpC,EAAAA,sBAAsB,GAAS;AAC7B;AACA,QAAIK,OAAJ;;AAEA,QAAI,KAAKjB,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrE5B,MAAAA,OAAO,GAAG,KAAKjB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAE3B,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;;AAED,QAAI,KAAKR,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7D5B,MAAAA,OAAO,GAAG,KAAKjB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAE3B,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;AACF;;AAED+B,EAAAA,qBAAqB,GAAyB;AAC5C,QAAItB,OAAJ;AACA,QAAIa,WAAJ,CAF4C,CAI5C;;AACA,QAAI,KAAK9B,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrE5B,MAAAA,OAAO,GAAG,KAAKjB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAE3B,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAQ,MAAAA,WAAW,GAAGb,OAAO,CAACE,UAAR,EAAd;AACD;;AACD,QAAI,mCAAuBW,WAAvB,CAAJ,EAAyC;AACvC,aAAOA,WAAP;AACD,KAX2C,CAa5C;;;AACA,QAAI,KAAK9B,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7D5B,MAAAA,OAAO,GAAG,KAAKjB,cAAL,CAAoBiD,2BAApB,CAAgD;AAAE3B,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAQ,MAAAA,WAAW,GAAGb,OAAO,CAACE,UAAR,EAAd;AACD;;AAED,QAAI,mCAAuBW,WAAvB,CAAJ,EAAyC;AACvC,aAAOA,WAAP;AACD;;AAGD,UAAM,IAAIkB,oBAAJ,CAAiB,uDAAjB,CAAN,CAxB4C,CA0B5C;AACA;AACD;;AAEDE,EAAAA,eAAe,CAACC,WAAD,EAAoC;AACjD,UAAMlC,OAAwB,GAAG,KAAKjB,cAAL,CAAoBU,qBAApB,EAAjC;;AACA,QAAI,CAACO,OAAL,EAAc;AACZ;AACD;;AACDA,IAAAA,OAAO,CAACG,UAAR,CAAmB+B,WAAnB;AACD;;AAEDC,EAAAA,eAAe,GAAmB;AAChC,UAAMnC,OAAwB,GAAG,KAAKjB,cAAL,CAAoBU,qBAApB,EAAjC;;AACA,QAAI,CAACO,OAAL,EAAc;AACZ,aAAO,IAAP;AACD;;AACD,UAAMkC,WAAW,GAAGlC,OAAO,CAACE,UAAR,EAApB;;AACA,QAAI,CAAC,6BAAiBgC,WAAjB,CAAL,EAAoC;AAClC,aAAO,IAAP;AACD;;AACD,WAAOA,WAAP;AACD;;AAxPqC","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME } from './constants';\nimport StorageManager from './StorageManager';\nimport {\n  StorageProvider,\n  TransactionMeta,\n  isTransactionMeta,\n  isOAuthTransactionMeta,\n  PKCETransactionMeta,\n  OAuthTransactionMeta,\n  TransactionMetaOptions,\n  TransactionManagerOptions,\n  CookieStorage\n} from './types';\nimport { RawIdxResponse, isRawIdxResponse } from './idx/types/idx-js';\nimport { warn } from './util';\n\nexport default class TransactionManager {\n  options: TransactionManagerOptions;\n  storageManager: StorageManager;\n  legacyWidgetSupport: boolean;\n  saveNonceCookie: boolean;\n  saveStateCookie: boolean;\n  saveParamsCookie: boolean;\n\n  constructor(options: TransactionManagerOptions) {\n    this.storageManager = options.storageManager;\n    this.legacyWidgetSupport = options.legacyWidgetSupport === false ? false : true;\n    this.saveNonceCookie = options.saveNonceCookie === false ? false : true;\n    this.saveStateCookie = options.saveStateCookie === false ? false : true;\n    this.saveParamsCookie = options.saveParamsCookie === false ? false : true;\n    this.options = options;\n  }\n\n  clear(options: TransactionMetaOptions = {}) {\n    const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n    transactionStorage.clearStorage();\n\n    const idxStateStorage: StorageProvider = this.storageManager.getIdxResponseStorage();\n    idxStateStorage?.clearStorage();\n\n    if (!this.legacyWidgetSupport) {\n      return;\n    }\n\n    // This is for compatibility with older versions of the signin widget. OKTA-304806\n    if (options.oauth) {\n      this.clearLegacyOAuthParams();\n    }\n\n    if (options.pkce) {\n      this.clearLegacyPKCE();\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  save(meta: TransactionMeta, options: TransactionMetaOptions = {}) {\n    // There must be only one transaction executing at a time.\n    // Before saving, check to see if a transaction is already stored.\n    // An existing transaction indicates a concurrency/race/overlap condition\n\n    let storage: StorageProvider = this.storageManager.getTransactionStorage();\n    const obj = storage.getStorage();\n    if (isTransactionMeta(obj)) {\n      // eslint-disable-next-line max-len\n      warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n    }\n\n    storage.setStorage(meta);\n\n    if (!options.oauth) {\n      return;\n    }\n  \n    if (this.saveNonceCookie || this.saveStateCookie || this.saveParamsCookie) {\n      const cookieStorage: CookieStorage = this.storageManager.getStorage({ storageType: 'cookie' }) as CookieStorage;\n\n      if (this.saveParamsCookie) {\n        const { \n          responseType,\n          state,\n          nonce,\n          scopes,\n          clientId,\n          urls,\n          ignoreSignature\n        } = meta;\n        const oauthParams = {\n          responseType,\n          state,\n          nonce,\n          scopes,\n          clientId,\n          urls,\n          ignoreSignature\n        };\n        cookieStorage.setItem(REDIRECT_OAUTH_PARAMS_NAME, JSON.stringify(oauthParams), null);\n      }\n\n      if (this.saveNonceCookie && meta.nonce) {\n        // Set nonce cookie for servers to validate nonce in id_token\n        cookieStorage.setItem(REDIRECT_NONCE_COOKIE_NAME, meta.nonce, null);\n      }\n\n      if (this.saveStateCookie && meta.state) {\n        // Set state cookie for servers to validate state\n        cookieStorage.setItem(REDIRECT_STATE_COOKIE_NAME, meta.state, null);\n      }\n    }\n  }\n\n  exists(options: TransactionMetaOptions = {}): boolean {\n    try {\n      const meta: TransactionMeta = this.load(options);\n      return !!meta;\n    } catch {\n      return false;\n    }\n  }\n\n  // load transaction meta from storage\n  load(options: TransactionMetaOptions = {}): TransactionMeta {\n    let storage: StorageProvider = this.storageManager.getTransactionStorage();\n    let meta = storage.getStorage();\n    if (isTransactionMeta(meta)) {\n      // if we have meta in the new location, there is no need to go further\n      return meta;\n    }\n\n    if (!this.legacyWidgetSupport) {\n      return null;\n    }\n\n    // This is for compatibility with older versions of the signin widget. OKTA-304806\n    if (options.oauth) {\n      try {\n        const oauthParams = this.loadLegacyOAuthParams();\n        Object.assign(meta, oauthParams);\n      } finally {\n        this.clearLegacyOAuthParams();\n      }\n    }\n\n    if (options.pkce) {\n      try {\n        const pkceMeta: PKCETransactionMeta = this.loadLegacyPKCE();\n        Object.assign(meta, pkceMeta);\n      } finally {\n        this.clearLegacyPKCE();\n      }\n    }\n\n    if (isTransactionMeta(meta)) {\n      return meta;\n    }\n    return null;\n  }\n\n  // This is for compatibility with older versions of the signin widget. OKTA-304806\n  clearLegacyPKCE(): void {\n    // clear storages\n    let storage: StorageProvider;\n\n    if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n      storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n      storage.clearStorage();\n    }\n\n    if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n      storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n      storage.clearStorage();\n    }\n  }\n\n  loadLegacyPKCE(): PKCETransactionMeta {\n    let storage: StorageProvider;\n    let obj;\n    \n    // Try reading from localStorage first.\n    if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n      storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n      obj = storage.getStorage();\n      if (obj && obj.codeVerifier) {\n        return obj;\n      }\n    }\n\n    // If meta is not valid, read from sessionStorage. This is expected for more recent versions of the widget.\n    if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n      storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n      obj = storage.getStorage();\n      if (obj && obj.codeVerifier) {\n        return obj;\n      }\n    }\n\n    // If meta is not valid, throw an exception to avoid misleading server-side error\n    // The most likely cause of this error is trying to handle a callback twice\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', null);\n  }\n\n  clearLegacyOAuthParams(): void {\n    // clear storages\n    let storage: StorageProvider;\n\n    if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n      storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n      storage.clearStorage();\n    }\n\n    if (this.storageManager.storageUtil.testStorageType('cookie')) {\n      storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n      storage.clearStorage();\n    }\n  }\n\n  loadLegacyOAuthParams(): OAuthTransactionMeta {\n    let storage: StorageProvider;\n    let oauthParams;\n  \n    // load first from session storage\n    if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n      storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n      oauthParams = storage.getStorage();\n    }\n    if (isOAuthTransactionMeta(oauthParams)) {\n      return oauthParams;\n    }\n\n    // try to load from cookie\n    if (this.storageManager.storageUtil.testStorageType('cookie')) {\n      storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n      oauthParams = storage.getStorage();\n    }\n\n    if (isOAuthTransactionMeta(oauthParams)) {\n      return oauthParams;\n    }\n\n\n    throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n\n    // Something is there but we don't recognize it\n    // throw new AuthSdkError('Unable to parse the ' + REDIRECT_OAUTH_PARAMS_NAME + ' value from storage');\n  }\n\n  saveIdxResponse(idxResponse: RawIdxResponse): void {\n    const storage: StorageProvider = this.storageManager.getIdxResponseStorage();\n    if (!storage) {\n      return;\n    }\n    storage.setStorage(idxResponse);\n  }\n\n  loadIdxResponse(): RawIdxResponse {\n    const storage: StorageProvider = this.storageManager.getIdxResponseStorage();\n    if (!storage) {\n      return null;\n    }\n    const idxResponse = storage.getStorage();\n    if (!isRawIdxResponse(idxResponse)) {\n      return null;\n    }\n    return idxResponse;\n  }\n}"],"file":"TransactionManager.js"}
+{"version":3,"sources":["../../lib/TransactionManager.ts"],"names":["TransactionManager","constructor","options","storageManager","legacyWidgetSupport","saveNonceCookie","saveStateCookie","saveParamsCookie","enableSharedStorage","clear","transactionStorage","getTransactionStorage","meta","getStorage","clearStorage","clearIdxResponse","clearSharedStorage","state","oauth","clearLegacyOAuthParams","pkce","clearLegacyPKCE","save","storage","obj","muteWarning","setStorage","cookieStorage","storageType","responseType","nonce","scopes","clientId","urls","ignoreSignature","oauthParams","setItem","REDIRECT_OAUTH_PARAMS_NAME","JSON","stringify","REDIRECT_NONCE_COOKIE_NAME","REDIRECT_STATE_COOKIE_NAME","exists","load","loadLegacyOAuthParams","Object","assign","pkceMeta","loadLegacyPKCE","storageUtil","testStorageType","getLegacyPKCEStorage","codeVerifier","AuthSdkError","getLegacyOAuthParamsStorage","saveIdxResponse","idxResponse","getIdxResponseStorage","loadIdxResponse"],"mappings":";;;;AAaA;;AACA;;AAEA;;AAWA;;AACA;;AACA;;AA7BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA6Be,MAAMA,kBAAN,CAAyB;AAStCC,EAAAA,WAAW,CAACC,OAAD,EAAqC;AAC9C,SAAKC,cAAL,GAAsBD,OAAO,CAACC,cAA9B;AACA,SAAKC,mBAAL,GAA2BF,OAAO,CAACE,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKC,eAAL,GAAuBH,OAAO,CAACG,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,eAAL,GAAuBJ,OAAO,CAACI,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,gBAAL,GAAwBL,OAAO,CAACK,gBAAR,KAA6B,KAA7B,GAAqC,KAArC,GAA6C,IAArE;AACA,SAAKC,mBAAL,GAA2BN,OAAO,CAACM,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKN,OAAL,GAAeA,OAAf;AACD,GAjBqC,CAmBtC;;;AACAO,EAAAA,KAAK,CAACP,OAAoC,GAAG,EAAxC,EAA4C;AAC/C,UAAMQ,kBAAmC,GAAG,KAAKP,cAAL,CAAoBQ,qBAApB,EAA5C;AACA,UAAMC,IAAI,GAAGF,kBAAkB,CAACG,UAAnB,EAAb,CAF+C,CAI/C;;AACAH,IAAAA,kBAAkB,CAACI,YAAnB,GAL+C,CAO/C;;AACA,SAAKC,gBAAL,GAR+C,CAU/C;AACA;;AACA,QAAI,KAAKP,mBAAL,IAA4BN,OAAO,CAACc,kBAAxC,EAA4D;AAC1D,YAAMC,KAAK,GAAGf,OAAO,CAACe,KAAR,KAAiBL,IAAjB,aAAiBA,IAAjB,uBAAiBA,IAAI,CAAEK,KAAvB,CAAd;;AACA,UAAIA,KAAJ,EAAW;AACT,8DAAkC,KAAKd,cAAvC,EAAuDc,KAAvD;AACD;AACF;;AAED,QAAI,CAAC,KAAKb,mBAAV,EAA+B;AAC7B;AACD,KArB8C,CAuB/C;;;AACA,QAAIF,OAAO,CAACgB,KAAZ,EAAmB;AACjB,WAAKC,sBAAL;AACD;;AAED,QAAIjB,OAAO,CAACkB,IAAZ,EAAkB;AAChB,WAAKC,eAAL;AACD;AACF,GAnDqC,CAqDtC;;;AACAC,EAAAA,IAAI,CAACV,IAAD,EAAwBV,OAA+B,GAAG,EAA1D,EAA8D;AAChE;AACA;AACA;AAEA,QAAIqB,OAAwB,GAAG,KAAKpB,cAAL,CAAoBQ,qBAApB,EAA/B;AACA,UAAMa,GAAG,GAAGD,OAAO,CAACV,UAAR,EAAZ,CANgE,CAOhE;AACA;AACA;;AACA,QAAI,8BAAkBW,GAAlB,KAA0B,CAACtB,OAAO,CAACuB,WAAvC,EAAoD;AAClD;AACA,sBAAK,yGAAL;AACD;;AAEDF,IAAAA,OAAO,CAACG,UAAR,CAAmBd,IAAnB,EAfgE,CAiBhE;;AACA,QAAI,KAAKJ,mBAAL,IAA4BI,IAAI,CAACK,KAArC,EAA4C;AAC1C,yDAA+B,KAAKd,cAApC,EAAoDS,IAAI,CAACK,KAAzD,EAAgEL,IAAhE;AACD;;AAED,QAAI,CAACV,OAAO,CAACgB,KAAb,EAAoB;AAClB;AACD,KAxB+D,CA0BhE;;;AACA,QAAI,KAAKb,eAAL,IAAwB,KAAKC,eAA7B,IAAgD,KAAKC,gBAAzD,EAA2E;AACzE,YAAMoB,aAA4B,GAAG,KAAKxB,cAAL,CAAoBU,UAApB,CAA+B;AAAEe,QAAAA,WAAW,EAAE;AAAf,OAA/B,CAArC;;AAEA,UAAI,KAAKrB,gBAAT,EAA2B;AACzB,cAAM;AACJsB,UAAAA,YADI;AAEJZ,UAAAA,KAFI;AAGJa,UAAAA,KAHI;AAIJC,UAAAA,MAJI;AAKJC,UAAAA,QALI;AAMJC,UAAAA,IANI;AAOJC,UAAAA;AAPI,YAQFtB,IARJ;AASA,cAAMuB,WAAW,GAAG;AAClBN,UAAAA,YADkB;AAElBZ,UAAAA,KAFkB;AAGlBa,UAAAA,KAHkB;AAIlBC,UAAAA,MAJkB;AAKlBC,UAAAA,QALkB;AAMlBC,UAAAA,IANkB;AAOlBC,UAAAA;AAPkB,SAApB;AASAP,QAAAA,aAAa,CAACS,OAAd,CAAsBC,qCAAtB,EAAkDC,IAAI,CAACC,SAAL,CAAeJ,WAAf,CAAlD,EAA+E,IAA/E;AACD;;AAED,UAAI,KAAK9B,eAAL,IAAwBO,IAAI,CAACkB,KAAjC,EAAwC;AACtC;AACAH,QAAAA,aAAa,CAACS,OAAd,CAAsBI,qCAAtB,EAAkD5B,IAAI,CAACkB,KAAvD,EAA8D,IAA9D;AACD;;AAED,UAAI,KAAKxB,eAAL,IAAwBM,IAAI,CAACK,KAAjC,EAAwC;AACtC;AACAU,QAAAA,aAAa,CAACS,OAAd,CAAsBK,qCAAtB,EAAkD7B,IAAI,CAACK,KAAvD,EAA8D,IAA9D;AACD;AACF;AACF;;AAEDyB,EAAAA,MAAM,CAACxC,OAA+B,GAAG,EAAnC,EAAgD;AACpD,QAAI;AACF,YAAMU,IAAqB,GAAG,KAAK+B,IAAL,CAAUzC,OAAV,CAA9B;AACA,aAAO,CAAC,CAACU,IAAT;AACD,KAHD,CAGE,MAAM;AACN,aAAO,KAAP;AACD;AACF,GA7HqC,CA+HtC;AACA;;;AACA+B,EAAAA,IAAI,CAACzC,OAA+B,GAAG,EAAnC,EAAwD;AAE1D,QAAIU,IAAJ,CAF0D,CAI1D;;AACA,QAAI,KAAKJ,mBAAL,IAA4BN,OAAO,CAACe,KAAxC,EAA+C;AAC7C,6CAAmB,KAAKd,cAAxB,EAD6C,CACJ;;AACzCS,MAAAA,IAAI,GAAG,qDAAiC,KAAKT,cAAtC,EAAsDD,OAAO,CAACe,KAA9D,CAAP;;AACA,UAAI,8BAAkBL,IAAlB,CAAJ,EAA6B;AAC3B,eAAOA,IAAP;AACD;AACF;;AAED,QAAIW,OAAwB,GAAG,KAAKpB,cAAL,CAAoBQ,qBAApB,EAA/B;AACAC,IAAAA,IAAI,GAAGW,OAAO,CAACV,UAAR,EAAP;;AACA,QAAI,8BAAkBD,IAAlB,CAAJ,EAA6B;AAC3B;AACA,aAAOA,IAAP;AACD;;AAED,QAAI,CAAC,KAAKR,mBAAV,EAA+B;AAC7B,aAAO,IAAP;AACD,KAtByD,CAwB1D;;;AACA,QAAIF,OAAO,CAACgB,KAAZ,EAAmB;AACjB,UAAI;AACF,cAAMiB,WAAW,GAAG,KAAKS,qBAAL,EAApB;AACAC,QAAAA,MAAM,CAACC,MAAP,CAAclC,IAAd,EAAoBuB,WAApB;AACD,OAHD,SAGU;AACR,aAAKhB,sBAAL;AACD;AACF;;AAED,QAAIjB,OAAO,CAACkB,IAAZ,EAAkB;AAChB,UAAI;AACF,cAAM2B,QAA6B,GAAG,KAAKC,cAAL,EAAtC;AACAH,QAAAA,MAAM,CAACC,MAAP,CAAclC,IAAd,EAAoBmC,QAApB;AACD,OAHD,SAGU;AACR,aAAK1B,eAAL;AACD;AACF;;AAED,QAAI,8BAAkBT,IAAlB,CAAJ,EAA6B;AAC3B,aAAOA,IAAP;AACD;;AACD,WAAO,IAAP;AACD,GAhLqC,CAkLtC;;;AACAS,EAAAA,eAAe,GAAS;AACtB;AACA,QAAIE,OAAJ;;AAEA,QAAI,KAAKpB,cAAL,CAAoB8C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnE3B,MAAAA,OAAO,GAAG,KAAKpB,cAAL,CAAoBgD,oBAApB,CAAyC;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;;AAED,QAAI,KAAKX,cAAL,CAAoB8C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrE3B,MAAAA,OAAO,GAAG,KAAKpB,cAAL,CAAoBgD,oBAApB,CAAyC;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;AACF;;AAEDkC,EAAAA,cAAc,GAAwB;AACpC,QAAIzB,OAAJ;AACA,QAAIC,GAAJ,CAFoC,CAIpC;;AACA,QAAI,KAAKrB,cAAL,CAAoB8C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnE3B,MAAAA,OAAO,GAAG,KAAKpB,cAAL,CAAoBgD,oBAApB,CAAyC;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACV,UAAR,EAAN;;AACA,UAAIW,GAAG,IAAIA,GAAG,CAAC4B,YAAf,EAA6B;AAC3B,eAAO5B,GAAP;AACD;AACF,KAXmC,CAapC;;;AACA,QAAI,KAAKrB,cAAL,CAAoB8C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrE3B,MAAAA,OAAO,GAAG,KAAKpB,cAAL,CAAoBgD,oBAApB,CAAyC;AAAEvB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACV,UAAR,EAAN;;AACA,UAAIW,GAAG,IAAIA,GAAG,CAAC4B,YAAf,EAA6B;AAC3B,eAAO5B,GAAP;AACD;AACF,KApBmC,CAsBpC;AACA;AACA;;;AACA,UAAM,IAAI6B,oBAAJ,CAAiB,yJAAjB,EAA4K,IAA5K,CAAN;AACD;;AAEDlC,EAAAA,sBAAsB,GAAS;AAC7B;AACA,QAAII,OAAJ;;AAEA,QAAI,KAAKpB,cAAL,CAAoB8C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrE3B,MAAAA,OAAO,GAAG,KAAKpB,cAAL,CAAoBmD,2BAApB,CAAgD;AAAE1B,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;;AAED,QAAI,KAAKX,cAAL,CAAoB8C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7D3B,MAAAA,OAAO,GAAG,KAAKpB,cAAL,CAAoBmD,2BAApB,CAAgD;AAAE1B,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACT,YAAR;AACD;AACF;;AAED8B,EAAAA,qBAAqB,GAAyB;AAC5C,QAAIrB,OAAJ;AACA,QAAIY,WAAJ,CAF4C,CAI5C;;AACA,QAAI,KAAKhC,cAAL,CAAoB8C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrE3B,MAAAA,OAAO,GAAG,KAAKpB,cAAL,CAAoBmD,2BAApB,CAAgD;AAAE1B,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGZ,OAAO,CAACV,UAAR,EAAd;AACD;;AACD,QAAI,mCAAuBsB,WAAvB,CAAJ,EAAyC;AACvC,aAAOA,WAAP;AACD,KAX2C,CAa5C;;;AACA,QAAI,KAAKhC,cAAL,CAAoB8C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7D3B,MAAAA,OAAO,GAAG,KAAKpB,cAAL,CAAoBmD,2BAApB,CAAgD;AAAE1B,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGZ,OAAO,CAACV,UAAR,EAAd;AACD;;AAED,QAAI,mCAAuBsB,WAAvB,CAAJ,EAAyC;AACvC,aAAOA,WAAP;AACD;;AAGD,UAAM,IAAIkB,oBAAJ,CAAiB,uDAAjB,CAAN,CAxB4C,CA0B5C;AACA;AACD;;AAEDE,EAAAA,eAAe,CAACC,WAAD,EAAoC;AACjD,UAAMjC,OAAwB,GAAG,KAAKpB,cAAL,CAAoBsD,qBAApB,EAAjC;;AACA,QAAI,CAAClC,OAAL,EAAc;AACZ;AACD;;AACDA,IAAAA,OAAO,CAACG,UAAR,CAAmB8B,WAAnB;AACD;;AAEDE,EAAAA,eAAe,GAAmB;AAChC,UAAMnC,OAAwB,GAAG,KAAKpB,cAAL,CAAoBsD,qBAApB,EAAjC;;AACA,QAAI,CAAClC,OAAL,EAAc;AACZ,aAAO,IAAP;AACD;;AACD,UAAMiC,WAAW,GAAGjC,OAAO,CAACV,UAAR,EAApB;;AACA,QAAI,CAAC,6BAAiB2C,WAAjB,CAAL,EAAoC;AAClC,aAAO,IAAP;AACD;;AACD,WAAOA,WAAP;AACD;;AAEDzC,EAAAA,gBAAgB,GAAS;AACvB,UAAMQ,OAAwB,GAAG,KAAKpB,cAAL,CAAoBsD,qBAApB,EAAjC;AACAlC,IAAAA,OAAO,SAAP,IAAAA,OAAO,WAAP,YAAAA,OAAO,CAAET,YAAT;AACD;;AAlSqC","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME } from './constants';\nimport StorageManager from './StorageManager';\nimport {\n  StorageProvider,\n  TransactionMeta,\n  isTransactionMeta,\n  isOAuthTransactionMeta,\n  PKCETransactionMeta,\n  OAuthTransactionMeta,\n  TransactionMetaOptions,\n  TransactionManagerOptions,\n  CookieStorage\n} from './types';\nimport { RawIdxResponse, isRawIdxResponse } from './idx/types/idx-js';\nimport { warn } from './util';\nimport {\n  clearTransactionFromSharedStorage,\n  loadTransactionFromSharedStorage,\n  pruneSharedStorage,\n  saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\nexport interface ClearTransactionMetaOptions extends TransactionMetaOptions {\n  clearSharedStorage?: boolean;\n}\nexport default class TransactionManager {\n  options: TransactionManagerOptions;\n  storageManager: StorageManager;\n  legacyWidgetSupport: boolean;\n  saveNonceCookie: boolean;\n  saveStateCookie: boolean;\n  saveParamsCookie: boolean;\n  enableSharedStorage: boolean;\n\n  constructor(options: TransactionManagerOptions) {\n    this.storageManager = options.storageManager;\n    this.legacyWidgetSupport = options.legacyWidgetSupport === false ? false : true;\n    this.saveNonceCookie = options.saveNonceCookie === false ? false : true;\n    this.saveStateCookie = options.saveStateCookie === false ? false : true;\n    this.saveParamsCookie = options.saveParamsCookie === false ? false : true;\n    this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n    this.options = options;\n  }\n\n  // eslint-disable-next-line complexity\n  clear(options: ClearTransactionMetaOptions = {}) {\n    const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n    const meta = transactionStorage.getStorage();\n\n    // Clear primary storage (by default, sessionStorage on browser)\n    transactionStorage.clearStorage();\n\n    // clear IDX response storage\n    this.clearIdxResponse();\n\n    // Usually we do NOT want to clear shared storage because another tab may need it to continue/complete a flow\n    // It can be cleared after a user succcesfully signs in and receives tokens\n    if (this.enableSharedStorage && options.clearSharedStorage) {\n      const state = options.state || meta?.state;\n      if (state) {\n        clearTransactionFromSharedStorage(this.storageManager, state);\n      }\n    }\n  \n    if (!this.legacyWidgetSupport) {\n      return;\n    }\n\n    // This is for compatibility with older versions of the signin widget. OKTA-304806\n    if (options.oauth) {\n      this.clearLegacyOAuthParams();\n    }\n\n    if (options.pkce) {\n      this.clearLegacyPKCE();\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  save(meta: TransactionMeta, options: TransactionMetaOptions = {}) {\n    // There must be only one transaction executing at a time.\n    // Before saving, check to see if a transaction is already stored.\n    // An existing transaction indicates a concurrency/race/overlap condition\n\n    let storage: StorageProvider = this.storageManager.getTransactionStorage();\n    const obj = storage.getStorage();\n    // oie process may need to update transaction in the middle of process for tracking purpose\n    // false alarm might be caused \n    // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n    if (isTransactionMeta(obj) && !options.muteWarning) {\n      // eslint-disable-next-line max-len\n      warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n    }\n\n    storage.setStorage(meta);\n\n    // Shared storage allows continuation of transaction in another tab\n    if (this.enableSharedStorage && meta.state) {\n      saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n    }\n\n    if (!options.oauth) {\n      return;\n    }\n  \n    // Legacy cookie storage\n    if (this.saveNonceCookie || this.saveStateCookie || this.saveParamsCookie) {\n      const cookieStorage: CookieStorage = this.storageManager.getStorage({ storageType: 'cookie' }) as CookieStorage;\n\n      if (this.saveParamsCookie) {\n        const { \n          responseType,\n          state,\n          nonce,\n          scopes,\n          clientId,\n          urls,\n          ignoreSignature\n        } = meta;\n        const oauthParams = {\n          responseType,\n          state,\n          nonce,\n          scopes,\n          clientId,\n          urls,\n          ignoreSignature\n        };\n        cookieStorage.setItem(REDIRECT_OAUTH_PARAMS_NAME, JSON.stringify(oauthParams), null);\n      }\n\n      if (this.saveNonceCookie && meta.nonce) {\n        // Set nonce cookie for servers to validate nonce in id_token\n        cookieStorage.setItem(REDIRECT_NONCE_COOKIE_NAME, meta.nonce, null);\n      }\n\n      if (this.saveStateCookie && meta.state) {\n        // Set state cookie for servers to validate state\n        cookieStorage.setItem(REDIRECT_STATE_COOKIE_NAME, meta.state, null);\n      }\n    }\n  }\n\n  exists(options: TransactionMetaOptions = {}): boolean {\n    try {\n      const meta: TransactionMeta = this.load(options);\n      return !!meta;\n    } catch {\n      return false;\n    }\n  }\n\n  // load transaction meta from storage\n  // eslint-disable-next-line complexity,max-statements\n  load(options: TransactionMetaOptions = {}): TransactionMeta {\n\n    let meta: TransactionMeta;\n\n    // If state was passed, try loading transaction data from shared storage\n    if (this.enableSharedStorage && options.state) {\n      pruneSharedStorage(this.storageManager); // prune before load\n      meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n      if (isTransactionMeta(meta)) {\n        return meta;\n      }\n    }\n\n    let storage: StorageProvider = this.storageManager.getTransactionStorage();\n    meta = storage.getStorage();\n    if (isTransactionMeta(meta)) {\n      // if we have meta in the new location, there is no need to go further\n      return meta;\n    }\n\n    if (!this.legacyWidgetSupport) {\n      return null;\n    }\n\n    // This is for compatibility with older versions of the signin widget. OKTA-304806\n    if (options.oauth) {\n      try {\n        const oauthParams = this.loadLegacyOAuthParams();\n        Object.assign(meta, oauthParams);\n      } finally {\n        this.clearLegacyOAuthParams();\n      }\n    }\n\n    if (options.pkce) {\n      try {\n        const pkceMeta: PKCETransactionMeta = this.loadLegacyPKCE();\n        Object.assign(meta, pkceMeta);\n      } finally {\n        this.clearLegacyPKCE();\n      }\n    }\n\n    if (isTransactionMeta(meta)) {\n      return meta;\n    }\n    return null;\n  }\n\n  // This is for compatibility with older versions of the signin widget. OKTA-304806\n  clearLegacyPKCE(): void {\n    // clear storages\n    let storage: StorageProvider;\n\n    if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n      storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n      storage.clearStorage();\n    }\n\n    if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n      storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n      storage.clearStorage();\n    }\n  }\n\n  loadLegacyPKCE(): PKCETransactionMeta {\n    let storage: StorageProvider;\n    let obj;\n    \n    // Try reading from localStorage first.\n    if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n      storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n      obj = storage.getStorage();\n      if (obj && obj.codeVerifier) {\n        return obj;\n      }\n    }\n\n    // If meta is not valid, read from sessionStorage. This is expected for more recent versions of the widget.\n    if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n      storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n      obj = storage.getStorage();\n      if (obj && obj.codeVerifier) {\n        return obj;\n      }\n    }\n\n    // If meta is not valid, throw an exception to avoid misleading server-side error\n    // The most likely cause of this error is trying to handle a callback twice\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', null);\n  }\n\n  clearLegacyOAuthParams(): void {\n    // clear storages\n    let storage: StorageProvider;\n\n    if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n      storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n      storage.clearStorage();\n    }\n\n    if (this.storageManager.storageUtil.testStorageType('cookie')) {\n      storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n      storage.clearStorage();\n    }\n  }\n\n  loadLegacyOAuthParams(): OAuthTransactionMeta {\n    let storage: StorageProvider;\n    let oauthParams;\n  \n    // load first from session storage\n    if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n      storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n      oauthParams = storage.getStorage();\n    }\n    if (isOAuthTransactionMeta(oauthParams)) {\n      return oauthParams;\n    }\n\n    // try to load from cookie\n    if (this.storageManager.storageUtil.testStorageType('cookie')) {\n      storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n      oauthParams = storage.getStorage();\n    }\n\n    if (isOAuthTransactionMeta(oauthParams)) {\n      return oauthParams;\n    }\n\n\n    throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n\n    // Something is there but we don't recognize it\n    // throw new AuthSdkError('Unable to parse the ' + REDIRECT_OAUTH_PARAMS_NAME + ' value from storage');\n  }\n\n  saveIdxResponse(idxResponse: RawIdxResponse): void {\n    const storage: StorageProvider = this.storageManager.getIdxResponseStorage();\n    if (!storage) {\n      return;\n    }\n    storage.setStorage(idxResponse);\n  }\n\n  loadIdxResponse(): RawIdxResponse {\n    const storage: StorageProvider = this.storageManager.getIdxResponseStorage();\n    if (!storage) {\n      return null;\n    }\n    const idxResponse = storage.getStorage();\n    if (!isRawIdxResponse(idxResponse)) {\n      return null;\n    }\n    return idxResponse;\n  }\n\n  clearIdxResponse(): void {\n    const storage: StorageProvider = this.storageManager.getIdxResponseStorage();\n    storage?.clearStorage();\n  }\n}"],"file":"TransactionManager.js"}

package/cjs/builderUtil.js

@@ -22,6 +22,12 @@ var _AuthSdkError = _interopRequireDefault(require("./errors/AuthSdkError"));
 // eslint-disable-next-line complexity
 function assertValidConfig(args) {
   args = args || {};
+  var scopes = args.scopes;
+
+  if (scopes && !Array.isArray(scopes)) {
+    throw new _AuthSdkError.default('scopes must be a array of strings. ' + 'Required usage: new OktaAuth({scopes: ["openid", "email"]})');
+  }
+
   var issuer = args.issuer;
 
   if (!issuer) {

package/cjs/builderUtil.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../lib/builderUtil.ts"],"names":["assertValidConfig","args","issuer","AuthSdkError","isUrlRegex","RegExp","test","indexOf","getUserAgent","sdkValue","userAgent","value","template","replace"],"mappings":";;;;;;;AAYA;;AAZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKA;AACA;AACA,SAASA,iBAAT,CAA2BC,IAA3B,EAAkD;AAChDA,EAAAA,IAAI,GAAGA,IAAI,IAAI,EAAf;AAEA,MAAIC,MAAM,GAAGD,IAAI,CAACC,MAAlB;;AACA,MAAI,CAACA,MAAL,EAAa;AACX,UAAM,IAAIC,qBAAJ,CAAiB,sCACrB,8FADI,CAAN;AAED;;AAED,MAAIC,UAAU,GAAG,IAAIC,MAAJ,CAAW,eAAX,CAAjB;;AACA,MAAI,CAACD,UAAU,CAACE,IAAX,CAAgBL,IAAI,CAACC,MAArB,CAAL,EAAmC;AACjC,UAAM,IAAIC,qBAAJ,CAAiB,iCACrB,8FADI,CAAN;AAED;;AAED,MAAID,MAAM,CAACK,OAAP,CAAe,SAAf,MAA8B,CAAC,CAAnC,EAAsC;AACpC,UAAM,IAAIJ,qBAAJ,CAAiB,sEACrB,uEADI,CAAN;AAED;AACF;;AAED,SAASK,YAAT,CAAsBP,IAAtB,EAA6CQ,QAA7C,EAAuE;AACrE,MAAIC,SAAS,GAAGT,IAAI,CAACS,SAAL,IAAkB,EAAlC;;AAEA,MAAIA,SAAS,CAACC,KAAd,EAAqB;AACnB,WAAOD,SAAS,CAACC,KAAjB;AACD;;AAED,MAAID,SAAS,CAACE,QAAd,EAAwB;AACtB,WAAOF,SAAS,CAACE,QAAV,CAAmBC,OAAnB,CAA2B,eAA3B,EAA4CJ,QAA5C,CAAP;AACD;;AAED,SAAOA,QAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport AuthSdkError from './errors/AuthSdkError';\nimport { OktaAuthOptions } from './types';\n\n// TODO: use @okta/configuration-validation (move module to this monorepo?)\n// eslint-disable-next-line complexity\nfunction assertValidConfig(args: OktaAuthOptions) {\n  args = args || {};\n\n  var issuer = args.issuer;\n  if (!issuer) {\n    throw new AuthSdkError('No issuer passed to constructor. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  var isUrlRegex = new RegExp('^http?s?://.+');\n  if (!isUrlRegex.test(args.issuer)) {\n    throw new AuthSdkError('Issuer must be a valid URL. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  if (issuer.indexOf('-admin.') !== -1) {\n    throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n  }\n}\n\nfunction getUserAgent(args: OktaAuthOptions, sdkValue: string): string {\n  var userAgent = args.userAgent || {};\n\n  if (userAgent.value) {\n    return userAgent.value;\n  }\n\n  if (userAgent.template) {\n    return userAgent.template.replace('$OKTA_AUTH_JS', sdkValue);\n  }\n\n  return sdkValue;\n}\n\nexport {\n  assertValidConfig,\n  getUserAgent\n};\n"],"file":"builderUtil.js"}
+{"version":3,"sources":["../../lib/builderUtil.ts"],"names":["assertValidConfig","args","scopes","Array","isArray","AuthSdkError","issuer","isUrlRegex","RegExp","test","indexOf","getUserAgent","sdkValue","userAgent","value","template","replace"],"mappings":";;;;;;;AAYA;;AAZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAKA;AACA;AACA,SAASA,iBAAT,CAA2BC,IAA3B,EAAkD;AAChDA,EAAAA,IAAI,GAAGA,IAAI,IAAI,EAAf;AAEA,MAAIC,MAAM,GAAGD,IAAI,CAACC,MAAlB;;AACA,MAAIA,MAAM,IAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,MAAd,CAAf,EAAsC;AACpC,UAAM,IAAIG,qBAAJ,CAAiB,wCACrB,6DADI,CAAN;AAED;;AAED,MAAIC,MAAM,GAAGL,IAAI,CAACK,MAAlB;;AACA,MAAI,CAACA,MAAL,EAAa;AACX,UAAM,IAAID,qBAAJ,CAAiB,sCACrB,8FADI,CAAN;AAED;;AAED,MAAIE,UAAU,GAAG,IAAIC,MAAJ,CAAW,eAAX,CAAjB;;AACA,MAAI,CAACD,UAAU,CAACE,IAAX,CAAgBR,IAAI,CAACK,MAArB,CAAL,EAAmC;AACjC,UAAM,IAAID,qBAAJ,CAAiB,iCACrB,8FADI,CAAN;AAED;;AAED,MAAIC,MAAM,CAACI,OAAP,CAAe,SAAf,MAA8B,CAAC,CAAnC,EAAsC;AACpC,UAAM,IAAIL,qBAAJ,CAAiB,sEACrB,uEADI,CAAN;AAED;AACF;;AAED,SAASM,YAAT,CAAsBV,IAAtB,EAA6CW,QAA7C,EAAuE;AACrE,MAAIC,SAAS,GAAGZ,IAAI,CAACY,SAAL,IAAkB,EAAlC;;AAEA,MAAIA,SAAS,CAACC,KAAd,EAAqB;AACnB,WAAOD,SAAS,CAACC,KAAjB;AACD;;AAED,MAAID,SAAS,CAACE,QAAd,EAAwB;AACtB,WAAOF,SAAS,CAACE,QAAV,CAAmBC,OAAnB,CAA2B,eAA3B,EAA4CJ,QAA5C,CAAP;AACD;;AAED,SAAOA,QAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport AuthSdkError from './errors/AuthSdkError';\nimport { OktaAuthOptions } from './types';\n\n// TODO: use @okta/configuration-validation (move module to this monorepo?)\n// eslint-disable-next-line complexity\nfunction assertValidConfig(args: OktaAuthOptions) {\n  args = args || {};\n\n  var scopes = args.scopes;\n  if (scopes && !Array.isArray(scopes)) {\n    throw new AuthSdkError('scopes must be a array of strings. ' +\n      'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n  }\n\n  var issuer = args.issuer;\n  if (!issuer) {\n    throw new AuthSdkError('No issuer passed to constructor. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  var isUrlRegex = new RegExp('^http?s?://.+');\n  if (!isUrlRegex.test(args.issuer)) {\n    throw new AuthSdkError('Issuer must be a valid URL. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  if (issuer.indexOf('-admin.') !== -1) {\n    throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n  }\n}\n\nfunction getUserAgent(args: OktaAuthOptions, sdkValue: string): string {\n  var userAgent = args.userAgent || {};\n\n  if (userAgent.value) {\n    return userAgent.value;\n  }\n\n  if (userAgent.template) {\n    return userAgent.template.replace('$OKTA_AUTH_JS', sdkValue);\n  }\n\n  return sdkValue;\n}\n\nexport {\n  assertValidConfig,\n  getUserAgent\n};\n"],"file":"builderUtil.js"}

package/cjs/constants.js

@@ -1,6 +1,6 @@
 "use strict";
 
-exports.IDX_API_VERSION = exports.DEFAULT_CODE_CHALLENGE_METHOD = exports.MAX_VERIFIER_LENGTH = exports.MIN_VERIFIER_LENGTH = exports.REFERRER_PATH_STORAGE_KEY = exports.REFRESH_TOKEN_STORAGE_KEY = exports.ID_TOKEN_STORAGE_KEY = exports.ACCESS_TOKEN_STORAGE_KEY = exports.IDX_RESPONSE_STORAGE_NAME = exports.TRANSACTION_STORAGE_NAME = exports.PKCE_STORAGE_NAME = exports.CACHE_STORAGE_NAME = exports.TOKEN_STORAGE_NAME = exports.REDIRECT_NONCE_COOKIE_NAME = exports.REDIRECT_STATE_COOKIE_NAME = exports.REDIRECT_OAUTH_PARAMS_NAME = exports.DEFAULT_CACHE_DURATION = exports.DEFAULT_MAX_CLOCK_SKEW = exports.DEFAULT_POLLING_DELAY = exports.STATE_TOKEN_KEY_NAME = void 0;
+exports.IDX_API_VERSION = exports.DEFAULT_CODE_CHALLENGE_METHOD = exports.MAX_VERIFIER_LENGTH = exports.MIN_VERIFIER_LENGTH = exports.REFERRER_PATH_STORAGE_KEY = exports.REFRESH_TOKEN_STORAGE_KEY = exports.ID_TOKEN_STORAGE_KEY = exports.ACCESS_TOKEN_STORAGE_KEY = exports.IDX_RESPONSE_STORAGE_NAME = exports.ORIGINAL_URI_STORAGE_NAME = exports.SHARED_TRANSACTION_STORAGE_NAME = exports.TRANSACTION_STORAGE_NAME = exports.PKCE_STORAGE_NAME = exports.CACHE_STORAGE_NAME = exports.TOKEN_STORAGE_NAME = exports.REDIRECT_NONCE_COOKIE_NAME = exports.REDIRECT_STATE_COOKIE_NAME = exports.REDIRECT_OAUTH_PARAMS_NAME = exports.DEFAULT_CACHE_DURATION = exports.DEFAULT_MAX_CLOCK_SKEW = exports.DEFAULT_POLLING_DELAY = exports.STATE_TOKEN_KEY_NAME = void 0;
 
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
@@ -35,6 +35,10 @@ const PKCE_STORAGE_NAME = 'okta-pkce-storage';
 exports.PKCE_STORAGE_NAME = PKCE_STORAGE_NAME;
 const TRANSACTION_STORAGE_NAME = 'okta-transaction-storage';
 exports.TRANSACTION_STORAGE_NAME = TRANSACTION_STORAGE_NAME;
+const SHARED_TRANSACTION_STORAGE_NAME = 'okta-shared-transaction-storage';
+exports.SHARED_TRANSACTION_STORAGE_NAME = SHARED_TRANSACTION_STORAGE_NAME;
+const ORIGINAL_URI_STORAGE_NAME = 'okta-original-uri-storage';
+exports.ORIGINAL_URI_STORAGE_NAME = ORIGINAL_URI_STORAGE_NAME;
 const IDX_RESPONSE_STORAGE_NAME = 'okta-idx-response-storage';
 exports.IDX_RESPONSE_STORAGE_NAME = IDX_RESPONSE_STORAGE_NAME;
 const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';

package/cjs/constants.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../lib/constants.ts"],"names":["STATE_TOKEN_KEY_NAME","DEFAULT_POLLING_DELAY","DEFAULT_MAX_CLOCK_SKEW","DEFAULT_CACHE_DURATION","REDIRECT_OAUTH_PARAMS_NAME","REDIRECT_STATE_COOKIE_NAME","REDIRECT_NONCE_COOKIE_NAME","TOKEN_STORAGE_NAME","CACHE_STORAGE_NAME","PKCE_STORAGE_NAME","TRANSACTION_STORAGE_NAME","IDX_RESPONSE_STORAGE_NAME","ACCESS_TOKEN_STORAGE_KEY","ID_TOKEN_STORAGE_KEY","REFRESH_TOKEN_STORAGE_KEY","REFERRER_PATH_STORAGE_KEY","MIN_VERIFIER_LENGTH","MAX_VERIFIER_LENGTH","DEFAULT_CODE_CHALLENGE_METHOD","IDX_API_VERSION"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEO,MAAMA,oBAAoB,GAAG,gBAA7B;;AACA,MAAMC,qBAAqB,GAAG,GAA9B;;AACA,MAAMC,sBAAsB,GAAG,GAA/B;;AACA,MAAMC,sBAAsB,GAAG,KAA/B;;AACA,MAAMC,0BAA0B,GAAG,4BAAnC;;AACA,MAAMC,0BAA0B,GAAG,kBAAnC;;AACA,MAAMC,0BAA0B,GAAG,kBAAnC;;AACA,MAAMC,kBAAkB,GAAG,oBAA3B;;AACA,MAAMC,kBAAkB,GAAG,oBAA3B;;AACA,MAAMC,iBAAiB,GAAG,mBAA1B;;AACA,MAAMC,wBAAwB,GAAG,0BAAjC;;AACA,MAAMC,yBAAyB,GAAG,2BAAlC;;AACA,MAAMC,wBAAwB,GAAG,aAAjC;;AACA,MAAMC,oBAAoB,GAAI,SAA9B;;AACA,MAAMC,yBAAyB,GAAI,cAAnC;;AACA,MAAMC,yBAAyB,GAAG,cAAlC,C,CAEP;AACA;;;AACO,MAAMC,mBAAmB,GAAG,EAA5B;;AACA,MAAMC,mBAAmB,GAAG,GAA5B;;AACA,MAAMC,6BAA6B,GAAG,MAAtC;;AAEA,MAAMC,eAAe,GAAG,OAAxB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport const STATE_TOKEN_KEY_NAME = 'oktaStateToken';\nexport const DEFAULT_POLLING_DELAY = 500;\nexport const DEFAULT_MAX_CLOCK_SKEW = 300;\nexport const DEFAULT_CACHE_DURATION = 86400;\nexport const REDIRECT_OAUTH_PARAMS_NAME = 'okta-oauth-redirect-params';\nexport const REDIRECT_STATE_COOKIE_NAME = 'okta-oauth-state';\nexport const REDIRECT_NONCE_COOKIE_NAME = 'okta-oauth-nonce';\nexport const TOKEN_STORAGE_NAME = 'okta-token-storage';\nexport const CACHE_STORAGE_NAME = 'okta-cache-storage';\nexport const PKCE_STORAGE_NAME = 'okta-pkce-storage';\nexport const TRANSACTION_STORAGE_NAME = 'okta-transaction-storage';\nexport const IDX_RESPONSE_STORAGE_NAME = 'okta-idx-response-storage';\nexport const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';\nexport const ID_TOKEN_STORAGE_KEY =  'idToken';\nexport const REFRESH_TOKEN_STORAGE_KEY =  'refreshToken';\nexport const REFERRER_PATH_STORAGE_KEY = 'referrerPath';\n\n// Code verifier: Random URL-safe string with a minimum length of 43 characters.\n// Code challenge: Base64 URL-encoded SHA-256 hash of the code verifier.\nexport const MIN_VERIFIER_LENGTH = 43;\nexport const MAX_VERIFIER_LENGTH = 128;\nexport const DEFAULT_CODE_CHALLENGE_METHOD = 'S256';\n\nexport const IDX_API_VERSION = '1.0.0';"],"file":"constants.js"}
+{"version":3,"sources":["../../lib/constants.ts"],"names":["STATE_TOKEN_KEY_NAME","DEFAULT_POLLING_DELAY","DEFAULT_MAX_CLOCK_SKEW","DEFAULT_CACHE_DURATION","REDIRECT_OAUTH_PARAMS_NAME","REDIRECT_STATE_COOKIE_NAME","REDIRECT_NONCE_COOKIE_NAME","TOKEN_STORAGE_NAME","CACHE_STORAGE_NAME","PKCE_STORAGE_NAME","TRANSACTION_STORAGE_NAME","SHARED_TRANSACTION_STORAGE_NAME","ORIGINAL_URI_STORAGE_NAME","IDX_RESPONSE_STORAGE_NAME","ACCESS_TOKEN_STORAGE_KEY","ID_TOKEN_STORAGE_KEY","REFRESH_TOKEN_STORAGE_KEY","REFERRER_PATH_STORAGE_KEY","MIN_VERIFIER_LENGTH","MAX_VERIFIER_LENGTH","DEFAULT_CODE_CHALLENGE_METHOD","IDX_API_VERSION"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEO,MAAMA,oBAAoB,GAAG,gBAA7B;;AACA,MAAMC,qBAAqB,GAAG,GAA9B;;AACA,MAAMC,sBAAsB,GAAG,GAA/B;;AACA,MAAMC,sBAAsB,GAAG,KAA/B;;AACA,MAAMC,0BAA0B,GAAG,4BAAnC;;AACA,MAAMC,0BAA0B,GAAG,kBAAnC;;AACA,MAAMC,0BAA0B,GAAG,kBAAnC;;AACA,MAAMC,kBAAkB,GAAG,oBAA3B;;AACA,MAAMC,kBAAkB,GAAG,oBAA3B;;AACA,MAAMC,iBAAiB,GAAG,mBAA1B;;AACA,MAAMC,wBAAwB,GAAG,0BAAjC;;AACA,MAAMC,+BAA+B,GAAG,iCAAxC;;AACA,MAAMC,yBAAyB,GAAG,2BAAlC;;AACA,MAAMC,yBAAyB,GAAG,2BAAlC;;AACA,MAAMC,wBAAwB,GAAG,aAAjC;;AACA,MAAMC,oBAAoB,GAAI,SAA9B;;AACA,MAAMC,yBAAyB,GAAI,cAAnC;;AACA,MAAMC,yBAAyB,GAAG,cAAlC,C,CAEP;AACA;;;AACO,MAAMC,mBAAmB,GAAG,EAA5B;;AACA,MAAMC,mBAAmB,GAAG,GAA5B;;AACA,MAAMC,6BAA6B,GAAG,MAAtC;;AAEA,MAAMC,eAAe,GAAG,OAAxB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport const STATE_TOKEN_KEY_NAME = 'oktaStateToken';\nexport const DEFAULT_POLLING_DELAY = 500;\nexport const DEFAULT_MAX_CLOCK_SKEW = 300;\nexport const DEFAULT_CACHE_DURATION = 86400;\nexport const REDIRECT_OAUTH_PARAMS_NAME = 'okta-oauth-redirect-params';\nexport const REDIRECT_STATE_COOKIE_NAME = 'okta-oauth-state';\nexport const REDIRECT_NONCE_COOKIE_NAME = 'okta-oauth-nonce';\nexport const TOKEN_STORAGE_NAME = 'okta-token-storage';\nexport const CACHE_STORAGE_NAME = 'okta-cache-storage';\nexport const PKCE_STORAGE_NAME = 'okta-pkce-storage';\nexport const TRANSACTION_STORAGE_NAME = 'okta-transaction-storage';\nexport const SHARED_TRANSACTION_STORAGE_NAME = 'okta-shared-transaction-storage';\nexport const ORIGINAL_URI_STORAGE_NAME = 'okta-original-uri-storage';\nexport const IDX_RESPONSE_STORAGE_NAME = 'okta-idx-response-storage';\nexport const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';\nexport const ID_TOKEN_STORAGE_KEY =  'idToken';\nexport const REFRESH_TOKEN_STORAGE_KEY =  'refreshToken';\nexport const REFERRER_PATH_STORAGE_KEY = 'referrerPath';\n\n// Code verifier: Random URL-safe string with a minimum length of 43 characters.\n// Code challenge: Base64 URL-encoded SHA-256 hash of the code verifier.\nexport const MIN_VERIFIER_LENGTH = 43;\nexport const MAX_VERIFIER_LENGTH = 128;\nexport const DEFAULT_CODE_CHALLENGE_METHOD = 'S256';\n\nexport const IDX_API_VERSION = '1.0.0';"],"file":"constants.js"}

package/cjs/features.js

@@ -62,7 +62,7 @@ function isPopupPostMessageSupported() {
 }
 
 function isTokenVerifySupported() {
-  return typeof _crypto.webcrypto !== 'undefined' && typeof _crypto.webcrypto.subtle !== 'undefined' && typeof Uint8Array !== 'undefined';
+  return typeof _crypto.webcrypto !== 'undefined' && _crypto.webcrypto !== null && typeof _crypto.webcrypto.subtle !== 'undefined' && typeof Uint8Array !== 'undefined';
 }
 
 function hasTextEncoder() {