@okta/okta-auth-js 5.5.0 → 5.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (424) hide show
  1. package/CHANGELOG.md +66 -4
  2. package/README.md +61 -15
  3. package/cjs/AuthStateManager.js +5 -0
  4. package/cjs/AuthStateManager.js.map +1 -1
  5. package/cjs/OktaAuth.js +78 -29
  6. package/cjs/OktaAuth.js.map +1 -1
  7. package/cjs/OktaUserAgent.js +2 -2
  8. package/cjs/StorageManager.js +16 -0
  9. package/cjs/StorageManager.js.map +1 -1
  10. package/cjs/TransactionManager.js +49 -9
  11. package/cjs/TransactionManager.js.map +1 -1
  12. package/cjs/builderUtil.js +6 -0
  13. package/cjs/builderUtil.js.map +1 -1
  14. package/cjs/constants.js +5 -1
  15. package/cjs/constants.js.map +1 -1
  16. package/cjs/features.js +1 -1
  17. package/cjs/features.js.map +1 -1
  18. package/cjs/idx/authenticate.js +3 -18
  19. package/cjs/idx/authenticate.js.map +1 -1
  20. package/cjs/idx/flow/AuthenticationFlow.js +30 -0
  21. package/cjs/idx/flow/AuthenticationFlow.js.map +1 -0
  22. package/cjs/idx/{flowMonitors → flow}/AuthenticationFlowMonitor.js +0 -0
  23. package/cjs/idx/flow/AuthenticationFlowMonitor.js.map +1 -0
  24. package/cjs/idx/{flowMonitors → flow}/FlowMonitor.js +0 -0
  25. package/cjs/idx/flow/FlowMonitor.js.map +1 -0
  26. package/cjs/idx/flow/FlowSpecification.js +49 -0
  27. package/cjs/idx/flow/FlowSpecification.js.map +1 -0
  28. package/cjs/idx/flow/PasswordRecoveryFlow.js +28 -0
  29. package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -0
  30. package/cjs/idx/{flowMonitors → flow}/PasswordRecoveryFlowMonitor.js +0 -0
  31. package/cjs/idx/flow/PasswordRecoveryFlowMonitor.js.map +1 -0
  32. package/{esm/crypto/browser.js → cjs/idx/flow/RegistrationFlow.js} +15 -12
  33. package/cjs/idx/flow/RegistrationFlow.js.map +1 -0
  34. package/cjs/idx/{flowMonitors → flow}/RegistrationFlowMonitor.js +0 -0
  35. package/cjs/idx/flow/RegistrationFlowMonitor.js.map +1 -0
  36. package/cjs/idx/flow/RemediationFlow.js +2 -0
  37. package/{esm/types/Cookies.js.map → cjs/idx/flow/RemediationFlow.js.map} +1 -1
  38. package/cjs/idx/flow/index.js +119 -0
  39. package/cjs/idx/flow/index.js.map +1 -0
  40. package/cjs/idx/index.js +26 -0
  41. package/cjs/idx/index.js.map +1 -1
  42. package/cjs/idx/interact.js +5 -2
  43. package/cjs/idx/interact.js.map +1 -1
  44. package/cjs/idx/introspect.js +24 -7
  45. package/cjs/idx/introspect.js.map +1 -1
  46. package/cjs/idx/proceed.js +49 -0
  47. package/cjs/idx/proceed.js.map +1 -0
  48. package/cjs/idx/recoverPassword.js +3 -17
  49. package/cjs/idx/recoverPassword.js.map +1 -1
  50. package/cjs/idx/register.js +7 -16
  51. package/cjs/idx/register.js.map +1 -1
  52. package/cjs/idx/remediate.js +46 -52
  53. package/cjs/idx/remediate.js.map +1 -1
  54. package/cjs/idx/remediators/Base/AuthenticatorData.js +7 -7
  55. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  56. package/cjs/idx/remediators/Base/Remediator.js +13 -7
  57. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  58. package/cjs/idx/remediators/Base/SelectAuthenticator.js +6 -6
  59. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  60. package/cjs/idx/remediators/Base/VerifyAuthenticator.js +18 -14
  61. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  62. package/cjs/idx/remediators/EnrollProfile.js +14 -0
  63. package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
  64. package/cjs/idx/remediators/Identify.js +7 -3
  65. package/cjs/idx/remediators/Identify.js.map +1 -1
  66. package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -1
  67. package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
  68. package/cjs/idx/run.js +36 -8
  69. package/cjs/idx/run.js.map +1 -1
  70. package/cjs/idx/startTransaction.js +2 -0
  71. package/cjs/idx/startTransaction.js.map +1 -1
  72. package/cjs/idx/transactionMeta.js +80 -40
  73. package/cjs/idx/transactionMeta.js.map +1 -1
  74. package/cjs/idx/types/FlowIdentifier.js +2 -0
  75. package/{esm/types/AuthState.js.map → cjs/idx/types/FlowIdentifier.js.map} +1 -1
  76. package/cjs/idx/types/idx-js.js +5 -0
  77. package/cjs/idx/types/idx-js.js.map +1 -1
  78. package/cjs/idx/types/index.js +33 -6
  79. package/cjs/idx/types/index.js.map +1 -1
  80. package/cjs/oidc/endpoints/authorize.js +4 -1
  81. package/cjs/oidc/endpoints/authorize.js.map +1 -1
  82. package/cjs/oidc/getToken.js +14 -9
  83. package/cjs/oidc/getToken.js.map +1 -1
  84. package/cjs/oidc/getWithPopup.js +9 -2
  85. package/cjs/oidc/getWithPopup.js.map +1 -1
  86. package/cjs/oidc/getWithRedirect.js.map +1 -1
  87. package/cjs/oidc/parseFromUrl.js +59 -20
  88. package/cjs/oidc/parseFromUrl.js.map +1 -1
  89. package/cjs/oidc/renewTokens.js +28 -5
  90. package/cjs/oidc/renewTokens.js.map +1 -1
  91. package/cjs/oidc/util/browser.js +1 -13
  92. package/cjs/oidc/util/browser.js.map +1 -1
  93. package/cjs/oidc/util/loginRedirect.js +9 -5
  94. package/cjs/oidc/util/loginRedirect.js.map +1 -1
  95. package/cjs/oidc/util/urlParams.js +1 -1
  96. package/cjs/oidc/util/urlParams.js.map +1 -1
  97. package/cjs/options.js +15 -2
  98. package/cjs/options.js.map +1 -1
  99. package/cjs/server/serverStorage.js +2 -1
  100. package/cjs/server/serverStorage.js.map +1 -1
  101. package/cjs/tx/AuthTransaction.js +1 -3
  102. package/cjs/tx/AuthTransaction.js.map +1 -1
  103. package/cjs/tx/api.js +3 -0
  104. package/cjs/tx/api.js.map +1 -1
  105. package/cjs/types/Transaction.js.map +1 -1
  106. package/{esm/clock.js → cjs/util/emailVerify.js} +14 -18
  107. package/cjs/util/emailVerify.js.map +1 -0
  108. package/cjs/util/index.js +13 -0
  109. package/cjs/util/index.js.map +1 -1
  110. package/cjs/util/sharedStorage.js +54 -0
  111. package/cjs/util/sharedStorage.js.map +1 -0
  112. package/dist/okta-auth-js.min.js +2 -74
  113. package/dist/okta-auth-js.min.js.LICENSE.txt +32 -0
  114. package/dist/okta-auth-js.min.js.map +1 -1
  115. package/dist/okta-auth-js.polyfill.js +2 -18
  116. package/{esm/crypto/webcrypto.js → dist/okta-auth-js.polyfill.js.LICENSE.txt} +8 -4
  117. package/dist/okta-auth-js.polyfill.js.map +1 -1
  118. package/dist/okta-auth-js.umd.js +2 -74
  119. package/dist/okta-auth-js.umd.js.LICENSE.txt +32 -0
  120. package/dist/okta-auth-js.umd.js.map +1 -1
  121. package/esm/index.js +8368 -16
  122. package/esm/index.js.map +1 -1
  123. package/lib/AuthStateManager.d.ts +4 -2
  124. package/lib/OktaAuth.d.ts +9 -5
  125. package/lib/StorageManager.d.ts +2 -0
  126. package/lib/TransactionManager.d.ts +6 -1
  127. package/lib/constants.d.ts +2 -0
  128. package/lib/crypto/base64.d.ts +2 -2
  129. package/lib/crypto/oidcHash.d.ts +1 -1
  130. package/lib/crypto/verifyToken.d.ts +1 -1
  131. package/{esm/oidc/endpoints/index.js → lib/idx/flow/AuthenticationFlow.d.ts} +3 -5
  132. package/lib/idx/{flowMonitors → flow}/AuthenticationFlowMonitor.d.ts +0 -0
  133. package/lib/idx/{flowMonitors → flow}/FlowMonitor.d.ts +0 -0
  134. package/lib/idx/flow/FlowSpecification.d.ts +10 -0
  135. package/{esm/crypto/index.js → lib/idx/flow/PasswordRecoveryFlow.d.ts} +3 -6
  136. package/lib/idx/{flowMonitors → flow}/PasswordRecoveryFlowMonitor.d.ts +0 -0
  137. package/{esm/tx/TransactionState.js → lib/idx/flow/RegistrationFlow.d.ts} +3 -3
  138. package/lib/idx/{flowMonitors → flow}/RegistrationFlowMonitor.d.ts +0 -0
  139. package/lib/idx/flow/RemediationFlow.d.ts +13 -0
  140. package/lib/idx/{flowMonitors → flow}/index.d.ts +7 -2
  141. package/lib/idx/index.d.ts +2 -0
  142. package/lib/idx/introspect.d.ts +2 -1
  143. package/{esm/errors/AuthApiError.js → lib/idx/proceed.d.ts} +9 -19
  144. package/lib/idx/remediators/Base/AuthenticatorData.d.ts +2 -5
  145. package/lib/idx/remediators/Base/Remediator.d.ts +3 -6
  146. package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +3 -6
  147. package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +1 -1
  148. package/lib/idx/remediators/EnrollProfile.d.ts +1 -0
  149. package/lib/idx/remediators/Identify.d.ts +2 -5
  150. package/lib/idx/run.d.ts +9 -9
  151. package/lib/idx/transactionMeta.d.ts +28 -4
  152. package/lib/idx/types/FlowIdentifier.d.ts +1 -0
  153. package/lib/idx/types/idx-js.d.ts +5 -0
  154. package/lib/idx/types/index.d.ts +28 -10
  155. package/lib/oidc/getToken.d.ts +2 -2
  156. package/lib/oidc/parseFromUrl.d.ts +4 -1
  157. package/lib/oidc/renewTokens.d.ts +0 -12
  158. package/lib/oidc/util/loginRedirect.d.ts +1 -1
  159. package/lib/types/AuthState.d.ts +1 -0
  160. package/lib/types/OktaAuthOptions.d.ts +3 -1
  161. package/lib/types/Transaction.d.ts +7 -1
  162. package/lib/types/api.d.ts +21 -5
  163. package/{esm/errors/AuthPollStopError.js → lib/util/emailVerify.d.ts} +5 -8
  164. package/lib/util/index.d.ts +1 -0
  165. package/lib/util/sharedStorage.d.ts +6 -0
  166. package/package.json +26 -13
  167. package/cjs/idx/flowMonitors/AuthenticationFlowMonitor.js.map +0 -1
  168. package/cjs/idx/flowMonitors/FlowMonitor.js.map +0 -1
  169. package/cjs/idx/flowMonitors/PasswordRecoveryFlowMonitor.js.map +0 -1
  170. package/cjs/idx/flowMonitors/RegistrationFlowMonitor.js.map +0 -1
  171. package/cjs/idx/flowMonitors/index.js +0 -54
  172. package/cjs/idx/flowMonitors/index.js.map +0 -1
  173. package/esm/AuthStateManager.js +0 -209
  174. package/esm/AuthStateManager.js.map +0 -1
  175. package/esm/OktaAuth.js +0 -665
  176. package/esm/OktaAuth.js.map +0 -1
  177. package/esm/OktaUserAgent.js +0 -49
  178. package/esm/OktaUserAgent.js.map +0 -1
  179. package/esm/PromiseQueue.js +0 -71
  180. package/esm/PromiseQueue.js.map +0 -1
  181. package/esm/SavedObject.js +0 -91
  182. package/esm/SavedObject.js.map +0 -1
  183. package/esm/StorageManager.js +0 -174
  184. package/esm/StorageManager.js.map +0 -1
  185. package/esm/TokenManager.js +0 -455
  186. package/esm/TokenManager.js.map +0 -1
  187. package/esm/TransactionManager.js +0 -289
  188. package/esm/TransactionManager.js.map +0 -1
  189. package/esm/browser/browserStorage.js +0 -256
  190. package/esm/browser/browserStorage.js.map +0 -1
  191. package/esm/browser/fingerprint.js +0 -74
  192. package/esm/browser/fingerprint.js.map +0 -1
  193. package/esm/builderUtil.js +0 -50
  194. package/esm/builderUtil.js.map +0 -1
  195. package/esm/clock.js.map +0 -1
  196. package/esm/constants.js +0 -34
  197. package/esm/constants.js.map +0 -1
  198. package/esm/crypto/base64.js +0 -66
  199. package/esm/crypto/base64.js.map +0 -1
  200. package/esm/crypto/browser.js.map +0 -1
  201. package/esm/crypto/index.js.map +0 -1
  202. package/esm/crypto/node.js +0 -54
  203. package/esm/crypto/node.js.map +0 -1
  204. package/esm/crypto/oidcHash.js +0 -27
  205. package/esm/crypto/oidcHash.js.map +0 -1
  206. package/esm/crypto/verifyToken.js +0 -39
  207. package/esm/crypto/verifyToken.js.map +0 -1
  208. package/esm/crypto/webcrypto.js.map +0 -1
  209. package/esm/errors/AuthApiError.js.map +0 -1
  210. package/esm/errors/AuthPollStopError.js.map +0 -1
  211. package/esm/errors/AuthSdkError.js +0 -29
  212. package/esm/errors/AuthSdkError.js.map +0 -1
  213. package/esm/errors/CustomError.js +0 -21
  214. package/esm/errors/CustomError.js.map +0 -1
  215. package/esm/errors/OAuthError.js +0 -22
  216. package/esm/errors/OAuthError.js.map +0 -1
  217. package/esm/errors/index.js +0 -22
  218. package/esm/errors/index.js.map +0 -1
  219. package/esm/features.js +0 -64
  220. package/esm/features.js.map +0 -1
  221. package/esm/fetch/fetchRequest.js +0 -92
  222. package/esm/fetch/fetchRequest.js.map +0 -1
  223. package/esm/http/headers.js +0 -17
  224. package/esm/http/headers.js.map +0 -1
  225. package/esm/http/index.js +0 -3
  226. package/esm/http/index.js.map +0 -1
  227. package/esm/http/request.js +0 -145
  228. package/esm/http/request.js.map +0 -1
  229. package/esm/idx/authenticate.js +0 -47
  230. package/esm/idx/authenticate.js.map +0 -1
  231. package/esm/idx/cancel.js +0 -32
  232. package/esm/idx/cancel.js.map +0 -1
  233. package/esm/idx/flowMonitors/AuthenticationFlowMonitor.js +0 -41
  234. package/esm/idx/flowMonitors/AuthenticationFlowMonitor.js.map +0 -1
  235. package/esm/idx/flowMonitors/FlowMonitor.js +0 -73
  236. package/esm/idx/flowMonitors/FlowMonitor.js.map +0 -1
  237. package/esm/idx/flowMonitors/PasswordRecoveryFlowMonitor.js +0 -57
  238. package/esm/idx/flowMonitors/PasswordRecoveryFlowMonitor.js.map +0 -1
  239. package/esm/idx/flowMonitors/RegistrationFlowMonitor.js +0 -28
  240. package/esm/idx/flowMonitors/RegistrationFlowMonitor.js.map +0 -1
  241. package/esm/idx/flowMonitors/index.js +0 -16
  242. package/esm/idx/flowMonitors/index.js.map +0 -1
  243. package/esm/idx/handleInteractionCodeRedirect.js +0 -64
  244. package/esm/idx/handleInteractionCodeRedirect.js.map +0 -1
  245. package/esm/idx/headers.js +0 -39
  246. package/esm/idx/headers.js.map +0 -1
  247. package/esm/idx/index.js +0 -20
  248. package/esm/idx/index.js.map +0 -1
  249. package/esm/idx/interact.js +0 -83
  250. package/esm/idx/interact.js.map +0 -1
  251. package/esm/idx/introspect.js +0 -45
  252. package/esm/idx/introspect.js.map +0 -1
  253. package/esm/idx/recoverPassword.js +0 -46
  254. package/esm/idx/recoverPassword.js.map +0 -1
  255. package/esm/idx/register.js +0 -63
  256. package/esm/idx/register.js.map +0 -1
  257. package/esm/idx/remediate.js +0 -303
  258. package/esm/idx/remediate.js.map +0 -1
  259. package/esm/idx/remediators/AuthenticatorEnrollmentData.js +0 -68
  260. package/esm/idx/remediators/AuthenticatorEnrollmentData.js.map +0 -1
  261. package/esm/idx/remediators/AuthenticatorVerificationData.js +0 -66
  262. package/esm/idx/remediators/AuthenticatorVerificationData.js.map +0 -1
  263. package/esm/idx/remediators/Base/AuthenticatorData.js +0 -105
  264. package/esm/idx/remediators/Base/AuthenticatorData.js.map +0 -1
  265. package/esm/idx/remediators/Base/Remediator.js +0 -216
  266. package/esm/idx/remediators/Base/Remediator.js.map +0 -1
  267. package/esm/idx/remediators/Base/SelectAuthenticator.js +0 -140
  268. package/esm/idx/remediators/Base/SelectAuthenticator.js.map +0 -1
  269. package/esm/idx/remediators/Base/VerifyAuthenticator.js +0 -62
  270. package/esm/idx/remediators/Base/VerifyAuthenticator.js.map +0 -1
  271. package/esm/idx/remediators/ChallengeAuthenticator.js +0 -18
  272. package/esm/idx/remediators/ChallengeAuthenticator.js.map +0 -1
  273. package/esm/idx/remediators/EnrollAuthenticator.js +0 -18
  274. package/esm/idx/remediators/EnrollAuthenticator.js.map +0 -1
  275. package/esm/idx/remediators/EnrollProfile.js +0 -62
  276. package/esm/idx/remediators/EnrollProfile.js.map +0 -1
  277. package/esm/idx/remediators/Identify.js +0 -85
  278. package/esm/idx/remediators/Identify.js.map +0 -1
  279. package/esm/idx/remediators/ReEnrollAuthenticator.js +0 -45
  280. package/esm/idx/remediators/ReEnrollAuthenticator.js.map +0 -1
  281. package/esm/idx/remediators/RedirectIdp.js +0 -38
  282. package/esm/idx/remediators/RedirectIdp.js.map +0 -1
  283. package/esm/idx/remediators/ResetAuthenticator.js +0 -18
  284. package/esm/idx/remediators/ResetAuthenticator.js.map +0 -1
  285. package/esm/idx/remediators/SelectAuthenticatorAuthenticate.js +0 -18
  286. package/esm/idx/remediators/SelectAuthenticatorAuthenticate.js.map +0 -1
  287. package/esm/idx/remediators/SelectAuthenticatorEnroll.js +0 -18
  288. package/esm/idx/remediators/SelectAuthenticatorEnroll.js.map +0 -1
  289. package/esm/idx/remediators/SelectEnrollProfile.js +0 -24
  290. package/esm/idx/remediators/SelectEnrollProfile.js.map +0 -1
  291. package/esm/idx/remediators/Skip.js +0 -23
  292. package/esm/idx/remediators/Skip.js.map +0 -1
  293. package/esm/idx/remediators/index.js +0 -26
  294. package/esm/idx/remediators/index.js.map +0 -1
  295. package/esm/idx/remediators/util.js +0 -35
  296. package/esm/idx/remediators/util.js.map +0 -1
  297. package/esm/idx/run.js +0 -201
  298. package/esm/idx/run.js.map +0 -1
  299. package/esm/idx/startTransaction.js +0 -27
  300. package/esm/idx/startTransaction.js.map +0 -1
  301. package/esm/idx/transactionMeta.js +0 -112
  302. package/esm/idx/transactionMeta.js.map +0 -1
  303. package/esm/idx/types/idx-js.js +0 -17
  304. package/esm/idx/types/idx-js.js.map +0 -1
  305. package/esm/idx/types/index.js +0 -34
  306. package/esm/idx/types/index.js.map +0 -1
  307. package/esm/oidc/decodeToken.js +0 -31
  308. package/esm/oidc/decodeToken.js.map +0 -1
  309. package/esm/oidc/endpoints/authorize.js +0 -61
  310. package/esm/oidc/endpoints/authorize.js.map +0 -1
  311. package/esm/oidc/endpoints/index.js.map +0 -1
  312. package/esm/oidc/endpoints/token.js +0 -97
  313. package/esm/oidc/endpoints/token.js.map +0 -1
  314. package/esm/oidc/endpoints/well-known.js +0 -58
  315. package/esm/oidc/endpoints/well-known.js.map +0 -1
  316. package/esm/oidc/exchangeCodeForTokens.js +0 -69
  317. package/esm/oidc/exchangeCodeForTokens.js.map +0 -1
  318. package/esm/oidc/getToken.js +0 -175
  319. package/esm/oidc/getToken.js.map +0 -1
  320. package/esm/oidc/getUserInfo.js +0 -82
  321. package/esm/oidc/getUserInfo.js.map +0 -1
  322. package/esm/oidc/getWithPopup.js +0 -28
  323. package/esm/oidc/getWithPopup.js.map +0 -1
  324. package/esm/oidc/getWithRedirect.js +0 -61
  325. package/esm/oidc/getWithRedirect.js.map +0 -1
  326. package/esm/oidc/getWithoutPrompt.js +0 -29
  327. package/esm/oidc/getWithoutPrompt.js.map +0 -1
  328. package/esm/oidc/handleOAuthResponse.js +0 -148
  329. package/esm/oidc/handleOAuthResponse.js.map +0 -1
  330. package/esm/oidc/index.js +0 -29
  331. package/esm/oidc/index.js.map +0 -1
  332. package/esm/oidc/parseFromUrl.js +0 -102
  333. package/esm/oidc/parseFromUrl.js.map +0 -1
  334. package/esm/oidc/renewToken.js +0 -85
  335. package/esm/oidc/renewToken.js.map +0 -1
  336. package/esm/oidc/renewTokens.js +0 -52
  337. package/esm/oidc/renewTokens.js.map +0 -1
  338. package/esm/oidc/renewTokensWithRefresh.js +0 -55
  339. package/esm/oidc/renewTokensWithRefresh.js.map +0 -1
  340. package/esm/oidc/revokeToken.js +0 -57
  341. package/esm/oidc/revokeToken.js.map +0 -1
  342. package/esm/oidc/util/browser.js +0 -85
  343. package/esm/oidc/util/browser.js.map +0 -1
  344. package/esm/oidc/util/defaultTokenParams.js +0 -42
  345. package/esm/oidc/util/defaultTokenParams.js.map +0 -1
  346. package/esm/oidc/util/errors.js +0 -31
  347. package/esm/oidc/util/errors.js.map +0 -1
  348. package/esm/oidc/util/index.js +0 -25
  349. package/esm/oidc/util/index.js.map +0 -1
  350. package/esm/oidc/util/loginRedirect.js +0 -84
  351. package/esm/oidc/util/loginRedirect.js.map +0 -1
  352. package/esm/oidc/util/oauth.js +0 -70
  353. package/esm/oidc/util/oauth.js.map +0 -1
  354. package/esm/oidc/util/pkce.js +0 -55
  355. package/esm/oidc/util/pkce.js.map +0 -1
  356. package/esm/oidc/util/prepareTokenParams.js +0 -75
  357. package/esm/oidc/util/prepareTokenParams.js.map +0 -1
  358. package/esm/oidc/util/refreshToken.js +0 -24
  359. package/esm/oidc/util/refreshToken.js.map +0 -1
  360. package/esm/oidc/util/urlParams.js +0 -54
  361. package/esm/oidc/util/urlParams.js.map +0 -1
  362. package/esm/oidc/util/validateClaims.js +0 -53
  363. package/esm/oidc/util/validateClaims.js.map +0 -1
  364. package/esm/oidc/util/validateToken.js +0 -21
  365. package/esm/oidc/util/validateToken.js.map +0 -1
  366. package/esm/oidc/verifyToken.js +0 -78
  367. package/esm/oidc/verifyToken.js.map +0 -1
  368. package/esm/options.js +0 -131
  369. package/esm/options.js.map +0 -1
  370. package/esm/server/serverStorage.js +0 -110
  371. package/esm/server/serverStorage.js.map +0 -1
  372. package/esm/services/TokenService.js +0 -103
  373. package/esm/services/TokenService.js.map +0 -1
  374. package/esm/session.js +0 -81
  375. package/esm/session.js.map +0 -1
  376. package/esm/tx/AuthTransaction.js +0 -215
  377. package/esm/tx/AuthTransaction.js.map +0 -1
  378. package/esm/tx/TransactionState.js.map +0 -1
  379. package/esm/tx/api.js +0 -84
  380. package/esm/tx/api.js.map +0 -1
  381. package/esm/tx/index.js +0 -18
  382. package/esm/tx/index.js.map +0 -1
  383. package/esm/tx/poll.js +0 -124
  384. package/esm/tx/poll.js.map +0 -1
  385. package/esm/tx/util.js +0 -26
  386. package/esm/tx/util.js.map +0 -1
  387. package/esm/types/AuthState.js +0 -3
  388. package/esm/types/Cookies.js +0 -3
  389. package/esm/types/EventEmitter.js +0 -3
  390. package/esm/types/EventEmitter.js.map +0 -1
  391. package/esm/types/JWT.js +0 -3
  392. package/esm/types/JWT.js.map +0 -1
  393. package/esm/types/OAuth.js +0 -3
  394. package/esm/types/OAuth.js.map +0 -1
  395. package/esm/types/OktaAuthOptions.js +0 -3
  396. package/esm/types/OktaAuthOptions.js.map +0 -1
  397. package/esm/types/Storage.js +0 -3
  398. package/esm/types/Storage.js.map +0 -1
  399. package/esm/types/Token.js +0 -29
  400. package/esm/types/Token.js.map +0 -1
  401. package/esm/types/TokenManager.js +0 -3
  402. package/esm/types/TokenManager.js.map +0 -1
  403. package/esm/types/Transaction.js +0 -57
  404. package/esm/types/Transaction.js.map +0 -1
  405. package/esm/types/UserClaims.js +0 -3
  406. package/esm/types/UserClaims.js.map +0 -1
  407. package/esm/types/api.js +0 -3
  408. package/esm/types/api.js.map +0 -1
  409. package/esm/types/http.js +0 -3
  410. package/esm/types/http.js.map +0 -1
  411. package/esm/types/index.js +0 -27
  412. package/esm/types/index.js.map +0 -1
  413. package/esm/util/console.js +0 -53
  414. package/esm/util/console.js.map +0 -1
  415. package/esm/util/index.js +0 -17
  416. package/esm/util/index.js.map +0 -1
  417. package/esm/util/misc.js +0 -33
  418. package/esm/util/misc.js.map +0 -1
  419. package/esm/util/object.js +0 -117
  420. package/esm/util/object.js.map +0 -1
  421. package/esm/util/types.js +0 -27
  422. package/esm/util/types.js.map +0 -1
  423. package/esm/util/url.js +0 -64
  424. package/esm/util/url.js.map +0 -1
package/cjs/idx/transactionMeta.js CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  exports.createTransactionMeta = createTransactionMeta;
4
4
  exports.transactionMetaExist = transactionMetaExist;
5
+ exports.getSavedTransactionMeta = getSavedTransactionMeta;
5
6
  exports.getTransactionMeta = getTransactionMeta;
6
7
  exports.saveTransactionMeta = saveTransactionMeta;
7
8
  exports.clearTransactionMeta = clearTransactionMeta;
@@ -23,41 +24,8 @@ var _oidc = require("../oidc");
23
24
  * See the License for the specific language governing permissions and limitations under the License.
24
25
  */
25
26
  // Calculate new values
26
- async function createTransactionMeta(authClient) {
27
- return authClient.token.prepareTokenParams();
28
- }
29
-
30
- function transactionMetaExist(authClient) {
31
- if (authClient.transactionManager.exists()) {
32
- const existing = authClient.transactionManager.load();
33
-
34
- if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {
35
- return true;
36
- }
37
- }
38
-
39
- return false;
40
- }
41
-
42
- async function getTransactionMeta(authClient) {
43
- // Load existing transaction meta from storage
44
- if (authClient.transactionManager.exists()) {
45
- const existing = authClient.transactionManager.load();
46
-
47
- if (isTransactionMetaValid(authClient, existing)) {
48
- return existing;
49
- } // existing meta is not valid for this configuration
50
- // this is common when changing configuration in local development environment
51
- // in a production environment, this may indicate that two apps are sharing a storage key
52
-
53
-
54
- (0, _util.warn)('Saved transaction meta does not match the current configuration. ' + 'This may indicate that two apps are sharing a storage key.');
55
- } // Calculate new values
56
-
57
-
58
- const tokenParams = await authClient.token.prepareTokenParams();
59
- const urls = (0, _oidc.getOAuthUrls)(authClient, tokenParams);
60
- const issuer = authClient.options.issuer;
27
+ async function createTransactionMeta(authClient, options) {
28
+ const tokenParams = await authClient.token.prepareTokenParams(options);
61
29
  const {
62
30
  pkce,
63
31
  clientId,
@@ -72,7 +40,11 @@ async function getTransactionMeta(authClient) {
72
40
  codeChallengeMethod,
73
41
  codeChallenge
74
42
  } = tokenParams;
43
+ const urls = (0, _oidc.getOAuthUrls)(authClient, tokenParams);
44
+ const flow = authClient.idx.getFlow() || 'default';
45
+ const issuer = authClient.options.issuer;
75
46
  const meta = {
47
+ flow,
76
48
  issuer,
77
49
  pkce,
78
50
  clientId,
@@ -91,20 +63,88 @@ async function getTransactionMeta(authClient) {
91
63
  return meta;
92
64
  }
93
65
 
66
+ function transactionMetaExist(authClient, options) {
67
+ if (authClient.transactionManager.exists(options)) {
68
+ const existing = authClient.transactionManager.load(options);
69
+
70
+ if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {
71
+ return true;
72
+ }
73
+ }
74
+
75
+ return false;
76
+ } // Returns the saved transaction meta, if it exists and is valid, or undefined
77
+
78
+
79
+ function getSavedTransactionMeta(authClient, options) {
80
+ const state = (options === null || options === void 0 ? void 0 : options.state) || authClient.options.state;
81
+ const existing = authClient.transactionManager.load({
82
+ state
83
+ });
84
+
85
+ if (existing && isTransactionMetaValid(authClient, existing)) {
86
+ return existing;
87
+ }
88
+ }
89
+
90
+ async function getTransactionMeta(authClient, options) {
91
+ // Load existing transaction meta from storage
92
+ if (authClient.transactionManager.exists(options)) {
93
+ const validExistingMeta = getSavedTransactionMeta(authClient, options);
94
+
95
+ if (validExistingMeta) {
96
+ return validExistingMeta;
97
+ } // existing meta is not valid for this configuration
98
+ // this is common when changing configuration in local development environment
99
+ // in a production environment, this may indicate that two apps are sharing a storage key
100
+
101
+
102
+ (0, _util.warn)('Saved transaction meta does not match the current configuration. ' + 'This may indicate that two apps are sharing a storage key.');
103
+ }
104
+
105
+ return createTransactionMeta(authClient, options);
106
+ }
107
+
94
108
  function saveTransactionMeta(authClient, meta) {
95
- authClient.transactionManager.save(meta);
109
+ authClient.transactionManager.save(meta, {
110
+ muteWarning: true
111
+ });
96
112
  }
97
113
 
98
114
  function clearTransactionMeta(authClient) {
99
115
  authClient.transactionManager.clear();
100
116
  } // returns true if values in meta match current authClient options
117
+ // eslint-disable-next-line complexity
101
118
 
102
119
 
103
120
  function isTransactionMetaValid(authClient, meta) {
121
+ // First validate against required config
104
122
  const keys = ['issuer', 'clientId', 'redirectUri'];
105
- const mismatch = keys.find(key => {
106
- return authClient.options[key] !== meta[key];
107
- });
108
- return !mismatch;
123
+
124
+ if (keys.some(key => authClient.options[key] !== meta[key])) {
125
+ return false;
126
+ } // Validate optional config
127
+
128
+
129
+ const {
130
+ flow,
131
+ state
132
+ } = authClient.options; // If state is specified, it must match meta to be valid
133
+
134
+ if (state && state !== meta.state) {
135
+ return false;
136
+ } // Specific flows should not share transaction data
137
+
138
+
139
+ const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';
140
+
141
+ if (shouldValidateFlow) {
142
+ if (flow !== meta.flow) {
143
+ // The flow has changed; abandon the old transaction
144
+ return false;
145
+ }
146
+ }
147
+
148
+ return true;
109
149
  }
110
150
  //# sourceMappingURL=transactionMeta.js.map
package/cjs/idx/transactionMeta.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","token","prepareTokenParams","transactionMetaExist","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getTransactionMeta","tokenParams","urls","issuer","options","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","codeVerifier","codeChallengeMethod","codeChallenge","meta","saveTransactionMeta","save","clearTransactionMeta","clear","keys","mismatch","find","key"],"mappings":";;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,qBAAf,CAAqCC,UAArC,EAA2D;AAChE,SAAOA,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAAP;AACD;;AAEM,SAASC,oBAAT,CAA8BH,UAA9B,EAA6D;AAClE,MAAIA,UAAU,CAACI,kBAAX,CAA8BC,MAA9B,EAAJ,EAA4C;AAC1C,UAAMC,QAAQ,GAAGN,UAAU,CAACI,kBAAX,CAA8BG,IAA9B,EAAjB;;AACA,QAAIC,sBAAsB,CAACR,UAAD,EAAaM,QAAb,CAAtB,IAAgDA,QAAQ,CAACG,iBAA7D,EAAgF;AAC9E,aAAO,IAAP;AACD;AACF;;AACD,SAAO,KAAP;AACD;;AAEM,eAAeC,kBAAf,CAAkCV,UAAlC,EAAqF;AAC1F;AACA,MAAIA,UAAU,CAACI,kBAAX,CAA8BC,MAA9B,EAAJ,EAA4C;AAC1C,UAAMC,QAAQ,GAAGN,UAAU,CAACI,kBAAX,CAA8BG,IAA9B,EAAjB;;AACA,QAAIC,sBAAsB,CAACR,UAAD,EAAaM,QAAb,CAA1B,EAAkD;AAChD,aAAOA,QAAP;AACD,KAJyC,CAK1C;AACA;AACA;;;AACA,oBAAK,sEACH,4DADF;AAED,GAZyF,CAc1F;;;AACA,QAAMK,WAAW,GAAG,MAAMX,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAA1B;AACA,QAAMU,IAAI,GAAG,wBAAaZ,UAAb,EAAyBW,WAAzB,CAAb;AACA,QAAME,MAAM,GAAGb,UAAU,CAACc,OAAX,CAAmBD,MAAlC;AACA,QAAM;AACJE,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA,KARI;AASJC,IAAAA,eATI;AAUJC,IAAAA,YAVI;AAWJC,IAAAA,mBAXI;AAYJC,IAAAA;AAZI,MAaFf,WAbJ;AAcA,QAAMgB,IAAI,GAAG;AACXd,IAAAA,MADW;AAEXE,IAAAA,IAFW;AAGXC,IAAAA,QAHW;AAIXC,IAAAA,WAJW;AAKXC,IAAAA,YALW;AAMXC,IAAAA,YANW;AAOXC,IAAAA,MAPW;AAQXC,IAAAA,KARW;AASXC,IAAAA,KATW;AAUXV,IAAAA,IAVW;AAWXW,IAAAA,eAXW;AAYXC,IAAAA,YAZW;AAaXC,IAAAA,mBAbW;AAcXC,IAAAA;AAdW,GAAb;AAgBA,SAAOC,IAAP;AACD;;AAEM,SAASC,mBAAT,CAA8B5B,UAA9B,EAAoD2B,IAApD,EAA0D;AAC/D3B,EAAAA,UAAU,CAACI,kBAAX,CAA8ByB,IAA9B,CAAmCF,IAAnC;AACD;;AAEM,SAASG,oBAAT,CAA+B9B,UAA/B,EAAqD;AAC1DA,EAAAA,UAAU,CAACI,kBAAX,CAA8B2B,KAA9B;AACD,C,CAED;;;AACO,SAASvB,sBAAT,CAAiCR,UAAjC,EAAuD2B,IAAvD,EAA6D;AAClE,QAAMK,IAAI,GAAG,CAAC,QAAD,EAAW,UAAX,EAAuB,aAAvB,CAAb;AACA,QAAMC,QAAQ,GAAGD,IAAI,CAACE,IAAL,CAAUC,GAAG,IAAI;AAChC,WAAOnC,UAAU,CAACc,OAAX,CAAmBqB,GAAnB,MAA4BR,IAAI,CAACQ,GAAD,CAAvC;AACD,GAFgB,CAAjB;AAGA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta } from '../types';\nimport { warn } from '../util';\nimport { getOAuthUrls } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(authClient: OktaAuth) {\n return authClient.token.prepareTokenParams();\n}\n\nexport function transactionMetaExist(authClient: OktaAuth): boolean {\n if (authClient.transactionManager.exists()) {\n const existing = authClient.transactionManager.load() as IdxTransactionMeta;\n if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {\n return true;\n }\n }\n return false;\n}\n\nexport async function getTransactionMeta(authClient: OktaAuth): Promise<IdxTransactionMeta> {\n // Load existing transaction meta from storage\n if (authClient.transactionManager.exists()) {\n const existing = authClient.transactionManager.load();\n if (isTransactionMetaValid(authClient, existing)) {\n return existing as IdxTransactionMeta;\n }\n // existing meta is not valid for this configuration\n // this is common when changing configuration in local development environment\n // in a production environment, this may indicate that two apps are sharing a storage key\n warn('Saved transaction meta does not match the current configuration. ' + \n 'This may indicate that two apps are sharing a storage key.');\n }\n\n // Calculate new values\n const tokenParams = await authClient.token.prepareTokenParams();\n const urls = getOAuthUrls(authClient, tokenParams);\n const issuer = authClient.options.issuer;\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n nonce,\n ignoreSignature,\n codeVerifier,\n codeChallengeMethod,\n codeChallenge,\n } = tokenParams;\n const meta = {\n issuer,\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n nonce,\n urls,\n ignoreSignature,\n codeVerifier,\n codeChallengeMethod,\n codeChallenge \n };\n return meta;\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta) {\n authClient.transactionManager.save(meta);\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth) {\n authClient.transactionManager.clear();\n}\n\n// returns true if values in meta match current authClient options\nexport function isTransactionMetaValid (authClient: OktaAuth, meta) {\n const keys = ['issuer', 'clientId', 'redirectUri'];\n const mismatch = keys.find(key => {\n return authClient.options[key] !== meta[key];\n });\n return !mismatch;\n}\n"],"file":"transactionMeta.js"}
1
+ {"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","options","tokenParams","token","prepareTokenParams","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","codeVerifier","codeChallengeMethod","codeChallenge","urls","flow","idx","getFlow","issuer","meta","transactionMetaExist","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getSavedTransactionMeta","getTransactionMeta","validExistingMeta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","some","key","shouldValidateFlow"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,qBAAf,CAAqCC,UAArC,EAA2DC,OAA3D,EAA6F;AAClG,QAAMC,WAAW,GAAG,MAAMF,UAAU,CAACG,KAAX,CAAiBC,kBAAjB,CAAoCH,OAApC,CAA1B;AACA,QAAM;AACJI,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA,KARI;AASJC,IAAAA,eATI;AAUJC,IAAAA,YAVI;AAWJC,IAAAA,mBAXI;AAYJC,IAAAA;AAZI,MAaFd,WAbJ;AAcA,QAAMe,IAAI,GAAG,wBAAajB,UAAb,EAAyBE,WAAzB,CAAb;AACA,QAAMgB,IAAI,GAAGlB,UAAU,CAACmB,GAAX,CAAeC,OAAf,MAA4B,SAAzC;AACA,QAAMC,MAAM,GAAGrB,UAAU,CAACC,OAAX,CAAmBoB,MAAlC;AACA,QAAMC,IAAI,GAAG;AACXJ,IAAAA,IADW;AAEXG,IAAAA,MAFW;AAGXhB,IAAAA,IAHW;AAIXC,IAAAA,QAJW;AAKXC,IAAAA,WALW;AAMXC,IAAAA,YANW;AAOXC,IAAAA,YAPW;AAQXC,IAAAA,MARW;AASXC,IAAAA,KATW;AAUXC,IAAAA,KAVW;AAWXK,IAAAA,IAXW;AAYXJ,IAAAA,eAZW;AAaXC,IAAAA,YAbW;AAcXC,IAAAA,mBAdW;AAeXC,IAAAA;AAfW,GAAb;AAiBA,SAAOM,IAAP;AACD;;AAEM,SAASC,oBAAT,CAA8BvB,UAA9B,EAAoDC,OAApD,EAA+F;AACpG,MAAID,UAAU,CAACwB,kBAAX,CAA8BC,MAA9B,CAAqCxB,OAArC,CAAJ,EAAmD;AACjD,UAAMyB,QAAQ,GAAG1B,UAAU,CAACwB,kBAAX,CAA8BG,IAA9B,CAAmC1B,OAAnC,CAAjB;;AACA,QAAI2B,sBAAsB,CAAC5B,UAAD,EAAa0B,QAAb,CAAtB,IAAgDA,QAAQ,CAACG,iBAA7D,EAAgF;AAC9E,aAAO,IAAP;AACD;AACF;;AACD,SAAO,KAAP;AACD,C,CAED;;;AACO,SAASC,uBAAT,CAAiC9B,UAAjC,EAAuDC,OAAvD,EAA6G;AAClH,QAAMU,KAAK,GAAG,CAAAV,OAAO,SAAP,IAAAA,OAAO,WAAP,YAAAA,OAAO,CAAEU,KAAT,KAAkBX,UAAU,CAACC,OAAX,CAAmBU,KAAnD;AACA,QAAMe,QAAQ,GAAG1B,UAAU,CAACwB,kBAAX,CAA8BG,IAA9B,CAAmC;AAAEhB,IAAAA;AAAF,GAAnC,CAAjB;;AACA,MAAIe,QAAQ,IAAIE,sBAAsB,CAAC5B,UAAD,EAAa0B,QAAb,CAAtC,EAA8D;AAC5D,WAAOA,QAAP;AACD;AACF;;AAEM,eAAeK,kBAAf,CACL/B,UADK,EAELC,OAFK,EAGwB;AAC7B;AACA,MAAID,UAAU,CAACwB,kBAAX,CAA8BC,MAA9B,CAAqCxB,OAArC,CAAJ,EAAmD;AACjD,UAAM+B,iBAAiB,GAAGF,uBAAuB,CAAC9B,UAAD,EAAaC,OAAb,CAAjD;;AACA,QAAI+B,iBAAJ,EAAuB;AACrB,aAAOA,iBAAP;AACD,KAJgD,CAKjD;AACA;AACA;;;AACA,oBAAK,sEACH,4DADF;AAED;;AAED,SAAOjC,qBAAqB,CAACC,UAAD,EAAaC,OAAb,CAA5B;AACD;;AAEM,SAASgC,mBAAT,CAA8BjC,UAA9B,EAAoDsB,IAApD,EAA0D;AAC/DtB,EAAAA,UAAU,CAACwB,kBAAX,CAA8BU,IAA9B,CAAmCZ,IAAnC,EAAyC;AAAEa,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;;AAEM,SAASC,oBAAT,CAA+BpC,UAA/B,EAAqD;AAC1DA,EAAAA,UAAU,CAACwB,kBAAX,CAA8Ba,KAA9B;AACD,C,CAED;AACA;;;AACO,SAAST,sBAAT,CAAiC5B,UAAjC,EAAuDsB,IAAvD,EAA6D;AAClE;AACA,QAAMgB,IAAI,GAAG,CAAC,QAAD,EAAW,UAAX,EAAuB,aAAvB,CAAb;;AACA,MAAIA,IAAI,CAACC,IAAL,CAAUC,GAAG,IAAIxC,UAAU,CAACC,OAAX,CAAmBuC,GAAnB,MAA4BlB,IAAI,CAACkB,GAAD,CAAjD,CAAJ,EAA6D;AAC3D,WAAO,KAAP;AACD,GALiE,CAOlE;;;AACA,QAAM;AAAEtB,IAAAA,IAAF;AAAQP,IAAAA;AAAR,MAAkBX,UAAU,CAACC,OAAnC,CARkE,CAUlE;;AACA,MAAIU,KAAK,IAAIA,KAAK,KAAKW,IAAI,CAACX,KAA5B,EAAmC;AACjC,WAAO,KAAP;AACD,GAbiE,CAelE;;;AACA,QAAM8B,kBAAkB,GAAGvB,IAAI,IAAIA,IAAI,KAAK,SAAjB,IAA8BA,IAAI,KAAK,SAAlE;;AACA,MAAIuB,kBAAJ,EAAwB;AACtB,QAAIvB,IAAI,KAAKI,IAAI,CAACJ,IAAlB,EAAwB;AACtB;AACA,aAAO,KAAP;AACD;AACF;;AAED,SAAO,IAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta, TransactionMetaOptions } from '../types';\nimport { warn } from '../util';\nimport { getOAuthUrls } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(authClient: OktaAuth, options?: TransactionMetaOptions) {\n const tokenParams = await authClient.token.prepareTokenParams(options);\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n nonce,\n ignoreSignature,\n codeVerifier,\n codeChallengeMethod,\n codeChallenge,\n } = tokenParams;\n const urls = getOAuthUrls(authClient, tokenParams);\n const flow = authClient.idx.getFlow() || 'default';\n const issuer = authClient.options.issuer;\n const meta = {\n flow,\n issuer,\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n nonce,\n urls,\n ignoreSignature,\n codeVerifier,\n codeChallengeMethod,\n codeChallenge \n };\n return meta;\n}\n\nexport function transactionMetaExist(authClient: OktaAuth, options?: TransactionMetaOptions): boolean {\n if (authClient.transactionManager.exists(options)) {\n const existing = authClient.transactionManager.load(options) as IdxTransactionMeta;\n if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {\n return true;\n }\n }\n return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid, or undefined\nexport function getSavedTransactionMeta(authClient: OktaAuth, options?: TransactionMetaOptions): IdxTransactionMeta {\n const state = options?.state || authClient.options.state;\n const existing = authClient.transactionManager.load({ state }) as IdxTransactionMeta;\n if (existing && isTransactionMetaValid(authClient, existing)) {\n return existing;\n }\n}\n\nexport async function getTransactionMeta(\n authClient: OktaAuth,\n options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n // Load existing transaction meta from storage\n if (authClient.transactionManager.exists(options)) {\n const validExistingMeta = getSavedTransactionMeta(authClient, options);\n if (validExistingMeta) {\n return validExistingMeta;\n }\n // existing meta is not valid for this configuration\n // this is common when changing configuration in local development environment\n // in a production environment, this may indicate that two apps are sharing a storage key\n warn('Saved transaction meta does not match the current configuration. ' + \n 'This may indicate that two apps are sharing a storage key.');\n }\n\n return createTransactionMeta(authClient, options);\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta) {\n authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth) {\n authClient.transactionManager.clear();\n}\n\n// returns true if values in meta match current authClient options\n// eslint-disable-next-line complexity\nexport function isTransactionMetaValid (authClient: OktaAuth, meta) {\n // First validate against required config\n const keys = ['issuer', 'clientId', 'redirectUri'];\n if (keys.some(key => authClient.options[key] !== meta[key])) {\n return false;\n }\n\n // Validate optional config\n const { flow, state } = authClient.options;\n \n // If state is specified, it must match meta to be valid\n if (state && state !== meta.state) {\n return false;\n }\n\n // Specific flows should not share transaction data\n const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';\n if (shouldValidateFlow) {\n if (flow !== meta.flow) {\n // The flow has changed; abandon the old transaction\n return false;\n }\n }\n\n return true;\n}\n"],"file":"transactionMeta.js"}
package/cjs/idx/types/FlowIdentifier.js ADDED
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ //# sourceMappingURL=FlowIdentifier.js.map
package/{esm/types/AuthState.js.map → cjs/idx/types/FlowIdentifier.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":[],"names":[],"mappings":"","sourcesContent":[],"file":"AuthState.js"}
1
+ {"version":3,"sources":[],"names":[],"mappings":"","sourcesContent":[],"file":"FlowIdentifier.js"}
package/cjs/idx/types/idx-js.js CHANGED
@@ -1,6 +1,7 @@
1
1
  "use strict";
2
2
 
3
3
  exports.isRawIdxResponse = isRawIdxResponse;
4
+ exports.isIdxResponse = isIdxResponse;
4
5
 
5
6
  /*!
6
7
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
@@ -18,4 +19,8 @@ exports.isRawIdxResponse = isRawIdxResponse;
18
19
  function isRawIdxResponse(obj) {
19
20
  return obj && obj.version;
20
21
  }
22
+
23
+ function isIdxResponse(obj) {
24
+ return obj && isRawIdxResponse(obj.rawIdxState);
25
+ }
21
26
  //# sourceMappingURL=idx-js.js.map
package/cjs/idx/types/idx-js.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/idx/types/idx-js.ts"],"names":["isRawIdxResponse","obj","version"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA;AA0EA;AAaO,SAASA,gBAAT,CAA0BC,GAA1B,EAA2D;AAChE,SAAOA,GAAG,IAAIA,GAAG,CAACC,OAAlB;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface IdxAuthenticatorMethod {\n type: string;\n}\nexport interface IdxAuthenticator {\n displayName: string;\n id: string;\n key: string;\n methods: IdxAuthenticatorMethod[];\n type: string;\n settings?: {\n complexity?: unknown;\n age?: unknown;\n };\n}\n\nexport interface IdxForm {\n value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n value: string | { form: IdxForm };\n label: string;\n relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n id: string;\n name: string;\n}\n\nexport interface IdxRemediationValue {\n name: string;\n type?: string;\n required?: boolean;\n secret?: boolean;\n value?: string;\n label?: string;\n form?: IdxForm;\n options?: IdxOption[];\n messages?: IdxMessages;\n minLength?: number;\n maxLength?: number;\n}\n\nexport interface IdxRemediation {\n name: string;\n label?: string;\n value?: IdxRemediationValue[];\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n idp?: IdpConfig;\n href?: string;\n method?: string;\n type?: string;\n}\n\nexport interface IdxMessage {\n message: string;\n class: string;\n i18n: {\n key: string;\n params?: unknown[];\n };\n}\n\nexport interface IdxMessages {\n type: 'array';\n value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n version: string;\n stateHandle: string;\n intent?: string;\n expiresAt?: string;\n remediation?: {\n type: 'array';\n value: IdxRemediation[];\n };\n messages?: IdxMessages;\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n return obj && obj.version;\n}\n\n\nexport interface IdxActions {\n [key: string]: Function;\n}\n\n// Object returned from idx-js\nexport interface IdxResponse {\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n toPersist: {\n interactionHandle?: string;\n };\n}\n"],"file":"idx-js.js"}
1
+ {"version":3,"sources":["../../../../lib/idx/types/idx-js.ts"],"names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA;AA8EA;AAaO,SAASA,gBAAT,CAA0BC,GAA1B,EAA2D;AAChE,SAAOA,GAAG,IAAIA,GAAG,CAACC,OAAlB;AACD;;AAmBM,SAASC,aAAT,CAAuBF,GAAvB,EAAqD;AAC1D,SAAOA,GAAG,IAAID,gBAAgB,CAACC,GAAG,CAACG,WAAL,CAA9B;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface IdxAuthenticatorMethod {\n type: string;\n}\nexport interface IdxAuthenticator {\n displayName: string;\n id: string;\n key: string;\n methods: IdxAuthenticatorMethod[];\n type: string;\n settings?: {\n complexity?: unknown;\n age?: unknown;\n };\n contextualData?: unknown;\n}\n\nexport interface IdxForm {\n value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n value: string | { form: IdxForm };\n label: string;\n relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n id: string;\n name: string;\n}\n\nexport interface IdxRemediationValue {\n name: string;\n type?: string;\n required?: boolean;\n secret?: boolean;\n visible?: boolean;\n mutable?: boolean;\n value?: string;\n label?: string;\n form?: IdxForm;\n options?: IdxOption[];\n messages?: IdxMessages;\n minLength?: number;\n maxLength?: number;\n}\n\nexport interface IdxRemediation {\n name: string;\n label?: string;\n value?: IdxRemediationValue[];\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n idp?: IdpConfig;\n href?: string;\n method?: string;\n type?: string;\n accepts?: string;\n}\n\nexport interface IdxMessage {\n message: string;\n class: string;\n i18n: {\n key: string;\n params?: unknown[];\n };\n}\n\nexport interface IdxMessages {\n type: 'array';\n value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n version: string;\n stateHandle: string;\n intent?: string;\n expiresAt?: string;\n remediation?: {\n type: 'array';\n value: IdxRemediation[];\n };\n messages?: IdxMessages;\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n return obj && obj.version;\n}\n\n\nexport interface IdxActions {\n [key: string]: Function;\n}\n\n// Object returned from idx-js\nexport interface IdxResponse {\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n toPersist: {\n interactionHandle?: string;\n };\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n return obj && isRawIdxResponse(obj.rawIdxState);\n}\n"],"file":"idx-js.js"}
package/cjs/idx/types/index.js CHANGED
@@ -1,5 +1,11 @@
1
1
  "use strict";
2
2
 
3
+ Object.defineProperty(exports, "FlowIdentifier", {
4
+ enumerable: true,
5
+ get: function () {
6
+ return _FlowIdentifier.FlowIdentifier;
7
+ }
8
+ });
3
9
  Object.defineProperty(exports, "IdxMessage", {
4
10
  enumerable: true,
5
11
  get: function () {
@@ -24,13 +30,21 @@ Object.defineProperty(exports, "PasswordRecoveryOptions", {
24
30
  return _recoverPassword.PasswordRecoveryOptions;
25
31
  }
26
32
  });
33
+ Object.defineProperty(exports, "ProceedOptions", {
34
+ enumerable: true,
35
+ get: function () {
36
+ return _proceed.ProceedOptions;
37
+ }
38
+ });
27
39
  Object.defineProperty(exports, "CancelOptions", {
28
40
  enumerable: true,
29
41
  get: function () {
30
42
  return _cancel.CancelOptions;
31
43
  }
32
44
  });
33
- exports.IdxFeature = exports.IdxStatus = void 0;
45
+ exports.IdxFeature = exports.AuthenticatorKey = exports.IdxStatus = void 0;
46
+
47
+ var _FlowIdentifier = require("./FlowIdentifier");
34
48
 
35
49
  var _idxJs = require("./idx-js");
36
50
 
@@ -40,6 +54,8 @@ var _register = require("../register");
40
54
 
41
55
  var _recoverPassword = require("../recoverPassword");
42
56
 
57
+ var _proceed = require("../proceed");
58
+
43
59
  var _cancel = require("../cancel");
44
60
 
45
61
  /*!
@@ -57,13 +73,24 @@ let IdxStatus;
57
73
  exports.IdxStatus = IdxStatus;
58
74
 
59
75
  (function (IdxStatus) {
60
- IdxStatus[IdxStatus["SUCCESS"] = 0] = "SUCCESS";
61
- IdxStatus[IdxStatus["PENDING"] = 1] = "PENDING";
62
- IdxStatus[IdxStatus["FAILURE"] = 2] = "FAILURE";
63
- IdxStatus[IdxStatus["TERMINAL"] = 3] = "TERMINAL";
64
- IdxStatus[IdxStatus["CANCELED"] = 4] = "CANCELED";
76
+ IdxStatus["SUCCESS"] = "SUCCESS";
77
+ IdxStatus["PENDING"] = "PENDING";
78
+ IdxStatus["FAILURE"] = "FAILURE";
79
+ IdxStatus["TERMINAL"] = "TERMINAL";
80
+ IdxStatus["CANCELED"] = "CANCELED";
65
81
  })(IdxStatus || (exports.IdxStatus = IdxStatus = {}));
66
82
 
83
+ let AuthenticatorKey;
84
+ exports.AuthenticatorKey = AuthenticatorKey;
85
+
86
+ (function (AuthenticatorKey) {
87
+ AuthenticatorKey["OKTA_PASSWORD"] = "okta_password";
88
+ AuthenticatorKey["OKTA_EMAIL"] = "okta_email";
89
+ AuthenticatorKey["OKTA_VERIFIER"] = "okta_verifier";
90
+ AuthenticatorKey["PHONE_NUMBER"] = "phone_number";
91
+ AuthenticatorKey["GOOGLE_AUTHENTICATOR"] = "google_otp";
92
+ })(AuthenticatorKey || (exports.AuthenticatorKey = AuthenticatorKey = {}));
93
+
67
94
  let IdxFeature;
68
95
  exports.IdxFeature = IdxFeature;
69
96
 
package/cjs/idx/types/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxStatus","IdxFeature"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA;;AACA;;AACA;;AACA;;AACA;;AAtBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IAcYA,S;;;WAAAA,S;AAAAA,EAAAA,S,CAAAA,S;AAAAA,EAAAA,S,CAAAA,S;AAAAA,EAAAA,S,CAAAA,S;AAAAA,EAAAA,S,CAAAA,S;AAAAA,EAAAA,S,CAAAA,S;GAAAA,S,yBAAAA,S;;IAsBAC,U;;;WAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;GAAAA,U,0BAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { APIError, Tokens } from '../../types';\nimport { IdxTransactionMeta } from '../../types/Transaction';\nimport { IdxMessage, IdxOption } from './idx-js';\n\nexport { IdxMessage } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { CancelOptions } from '../cancel';\n\nexport enum IdxStatus {\n SUCCESS,\n PENDING,\n FAILURE,\n TERMINAL,\n CANCELED,\n}\n\ntype Input = {\n name: string;\n required?: boolean;\n}\n\nexport type NextStep = {\n name: string;\n type?: string;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n options?: IdxOption[];\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY,\n REGISTRATION,\n SOCIAL_IDP,\n}\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n}\n\nexport type IdxOptions = InteractOptions;\n\nexport type Authenticator = {\n type: string;\n methodType?: string;\n phoneNumber?: string;\n};\n"],"file":"index.js"}
1
+ {"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAzBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IAkBYA,S;;;WAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,yBAAAA,S;;IAQAC,gB;;;WAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,gCAAAA,gB;;IA0BAC,U;;;WAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;GAAAA,U,0BAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { IntrospectOptions } from '../introspect';\nimport { APIError, Tokens } from '../../types';\nimport { IdxTransactionMeta } from '../../types/Transaction';\nimport { IdxAuthenticator, IdxMessage, IdxOption, IdxResponse } from './idx-js';\nimport { FlowIdentifier } from './FlowIdentifier';\n\nexport { IdxMessage } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { ProceedOptions } from '../proceed';\nexport { CancelOptions } from '../cancel';\nexport { FlowIdentifier };\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n OKTA_VERIFIER = 'okta_verifier',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n}\n\nexport type Input = {\n name: string;\n type?: string;\n label?: string;\n value?: string;\n secret?: boolean;\n required?: boolean;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n options?: IdxOption[];\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY,\n REGISTRATION,\n SOCIAL_IDP,\n}\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n _idxResponse?: IdxResponse; // Temporary for widget conversion. Will not be supported long-term. OKTA-418165\n}\n\nexport type IdxOptions = InteractOptions & IntrospectOptions & {\n flow?: FlowIdentifier;\n};\n\nexport type Authenticator = {\n key: string;\n methodType?: string;\n phoneNumber?: string;\n};\n"],"file":"index.js"}
package/cjs/oidc/endpoints/authorize.js CHANGED
@@ -64,6 +64,9 @@ function convertTokenParamsToOAuthParams(tokenParams) {
64
64
 
65
65
  function buildAuthorizeParams(tokenParams) {
66
66
  var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);
67
- return (0, _util.toQueryString)(oauthQueryParams);
67
+ return (0, _util.toQueryString)({ ...oauthQueryParams,
68
+ ...(tokenParams.extraParams && { ...tokenParams.extraParams
69
+ })
70
+ });
68
71
  }
69
72
  //# sourceMappingURL=authorize.js.map
package/cjs/oidc/endpoints/authorize.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","indexOf","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams"],"mappings":";;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,+BAAT,CAAyCC,WAAzC,EAAmE;AACxE;AACA,MAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;AACzB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,oBAASF,WAAW,CAACG,YAArB,KAAsCH,WAAW,CAACG,YAAZ,CAAyBC,OAAzB,CAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;AACtF,UAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;AACD,GARuE,CAUxE;;;AACA,MAAIG,WAAwB,GAAG;AAC7B,iBAAaL,WAAW,CAACC,QADI;AAE7B,sBAAkBD,WAAW,CAACM,aAFD;AAG7B,6BAAyBN,WAAW,CAACO,mBAHR;AAI7B,eAAWP,WAAW,CAACQ,OAJM;AAK7B,WAAOR,WAAW,CAACS,GALU;AAM7B,iBAAaT,WAAW,CAACU,QANI;AAO7B,kBAAcV,WAAW,CAACW,SAPG;AAQ7B,eAAWX,WAAW,CAACY,MARM;AAS7B,aAASZ,WAAW,CAACa,KATQ;AAU7B,cAAUb,WAAW,CAACc,MAVO;AAW7B,oBAAgBd,WAAW,CAACe,WAXC;AAY7B,qBAAiBf,WAAW,CAACgB,YAZA;AAa7B,qBAAiBhB,WAAW,CAACG,YAbA;AAc7B,oBAAgBH,WAAW,CAACiB,YAdC;AAe7B,aAASjB,WAAW,CAACkB;AAfQ,GAA/B;AAiBAb,EAAAA,WAAW,GAAG,sBAAWA,WAAX,CAAd;AAEA,GAAC,WAAD,EAAc,eAAd,EAA+Bc,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;AAC3D,QAAIC,KAAK,CAACC,OAAN,CAAcjB,WAAW,CAACe,UAAD,CAAzB,CAAJ,EAA4C;AAC1Cf,MAAAA,WAAW,CAACe,UAAD,CAAX,GAA0Bf,WAAW,CAACe,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;AACD;AACF,GAJD;;AAMA,MAAIvB,WAAW,CAACG,YAAZ,CAAyBC,OAAzB,CAAiC,UAAjC,MAAiD,CAAC,CAAlD,IACFJ,WAAW,CAACwB,MAAZ,CAAmBpB,OAAnB,CAA2B,QAA3B,MAAyC,CAAC,CAD5C,EAC+C;AAC7C,UAAM,IAAIF,oBAAJ,CAAiB,mFAAjB,CAAN;AACD,GAHD,MAGO;AACLG,IAAAA,WAAW,CAACoB,KAAZ,GAAoBzB,WAAW,CAACwB,MAAZ,CAAmBD,IAAnB,CAAwB,GAAxB,CAApB;AACD;;AAED,SAAOlB,WAAP;AACD;;AAEM,SAASqB,oBAAT,CAA8B1B,WAA9B,EAAwD;AAC7D,MAAI2B,gBAAgB,GAAG5B,+BAA+B,CAACC,WAAD,CAAtD;AACA,SAAO,yBAAc2B,gBAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n // Quick validation\n if (!tokenParams.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n }\n\n // Convert our params to their actual OAuth equivalents\n var oauthParams: OAuthParams = {\n 'client_id': tokenParams.clientId,\n 'code_challenge': tokenParams.codeChallenge,\n 'code_challenge_method': tokenParams.codeChallengeMethod,\n 'display': tokenParams.display,\n 'idp': tokenParams.idp,\n 'idp_scope': tokenParams.idpScope,\n 'login_hint': tokenParams.loginHint,\n 'max_age': tokenParams.maxAge,\n 'nonce': tokenParams.nonce,\n 'prompt': tokenParams.prompt,\n 'redirect_uri': tokenParams.redirectUri,\n 'response_mode': tokenParams.responseMode,\n 'response_type': tokenParams.responseType,\n 'sessionToken': tokenParams.sessionToken,\n 'state': tokenParams.state,\n };\n oauthParams = removeNils(oauthParams) as OAuthParams;\n\n ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n if (Array.isArray(oauthParams[mayBeArray])) {\n oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n }\n });\n\n if (tokenParams.responseType.indexOf('id_token') !== -1 &&\n tokenParams.scopes.indexOf('openid') === -1) {\n throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n } else {\n oauthParams.scope = tokenParams.scopes.join(' ');\n }\n\n return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n return toQueryString(oauthQueryParams);\n}\n"],"file":"authorize.js"}
1
+ {"version":3,"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","indexOf","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","extraParams"],"mappings":";;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,+BAAT,CAAyCC,WAAzC,EAAmE;AACxE;AACA,MAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;AACzB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,oBAASF,WAAW,CAACG,YAArB,KAAsCH,WAAW,CAACG,YAAZ,CAAyBC,OAAzB,CAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;AACtF,UAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;AACD,GARuE,CAUxE;;;AACA,MAAIG,WAAwB,GAAG;AAC7B,iBAAaL,WAAW,CAACC,QADI;AAE7B,sBAAkBD,WAAW,CAACM,aAFD;AAG7B,6BAAyBN,WAAW,CAACO,mBAHR;AAI7B,eAAWP,WAAW,CAACQ,OAJM;AAK7B,WAAOR,WAAW,CAACS,GALU;AAM7B,iBAAaT,WAAW,CAACU,QANI;AAO7B,kBAAcV,WAAW,CAACW,SAPG;AAQ7B,eAAWX,WAAW,CAACY,MARM;AAS7B,aAASZ,WAAW,CAACa,KATQ;AAU7B,cAAUb,WAAW,CAACc,MAVO;AAW7B,oBAAgBd,WAAW,CAACe,WAXC;AAY7B,qBAAiBf,WAAW,CAACgB,YAZA;AAa7B,qBAAiBhB,WAAW,CAACG,YAbA;AAc7B,oBAAgBH,WAAW,CAACiB,YAdC;AAe7B,aAASjB,WAAW,CAACkB;AAfQ,GAA/B;AAiBAb,EAAAA,WAAW,GAAG,sBAAWA,WAAX,CAAd;AAEA,GAAC,WAAD,EAAc,eAAd,EAA+Bc,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;AAC3D,QAAIC,KAAK,CAACC,OAAN,CAAcjB,WAAW,CAACe,UAAD,CAAzB,CAAJ,EAA4C;AAC1Cf,MAAAA,WAAW,CAACe,UAAD,CAAX,GAA0Bf,WAAW,CAACe,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;AACD;AACF,GAJD;;AAMA,MAAIvB,WAAW,CAACG,YAAZ,CAAyBC,OAAzB,CAAiC,UAAjC,MAAiD,CAAC,CAAlD,IACFJ,WAAW,CAACwB,MAAZ,CAAmBpB,OAAnB,CAA2B,QAA3B,MAAyC,CAAC,CAD5C,EAC+C;AAC7C,UAAM,IAAIF,oBAAJ,CAAiB,mFAAjB,CAAN;AACD,GAHD,MAGO;AACLG,IAAAA,WAAW,CAACoB,KAAZ,GAAoBzB,WAAW,CAACwB,MAAZ,CAAmBD,IAAnB,CAAwB,GAAxB,CAApB;AACD;;AAED,SAAOlB,WAAP;AACD;;AAEM,SAASqB,oBAAT,CAA8B1B,WAA9B,EAAwD;AAC7D,MAAI2B,gBAAgB,GAAG5B,+BAA+B,CAACC,WAAD,CAAtD;AACA,SAAO,yBAAc,EACnB,GAAG2B,gBADgB;AAEnB,QAAI3B,WAAW,CAAC4B,WAAZ,IAA2B,EAAE,GAAG5B,WAAW,CAAC4B;AAAjB,KAA/B;AAFmB,GAAd,CAAP;AAID","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n // Quick validation\n if (!tokenParams.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n }\n\n // Convert our params to their actual OAuth equivalents\n var oauthParams: OAuthParams = {\n 'client_id': tokenParams.clientId,\n 'code_challenge': tokenParams.codeChallenge,\n 'code_challenge_method': tokenParams.codeChallengeMethod,\n 'display': tokenParams.display,\n 'idp': tokenParams.idp,\n 'idp_scope': tokenParams.idpScope,\n 'login_hint': tokenParams.loginHint,\n 'max_age': tokenParams.maxAge,\n 'nonce': tokenParams.nonce,\n 'prompt': tokenParams.prompt,\n 'redirect_uri': tokenParams.redirectUri,\n 'response_mode': tokenParams.responseMode,\n 'response_type': tokenParams.responseType,\n 'sessionToken': tokenParams.sessionToken,\n 'state': tokenParams.state,\n };\n oauthParams = removeNils(oauthParams) as OAuthParams;\n\n ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n if (Array.isArray(oauthParams[mayBeArray])) {\n oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n }\n });\n\n if (tokenParams.responseType.indexOf('id_token') !== -1 &&\n tokenParams.scopes.indexOf('openid') === -1) {\n throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n } else {\n oauthParams.scope = tokenParams.scopes.join(' ');\n }\n\n return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n return toQueryString({ \n ...oauthQueryParams, \n ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n });\n}\n"],"file":"authorize.js"}
package/cjs/oidc/getToken.js CHANGED
@@ -86,7 +86,11 @@ function getToken(sdk, options) {
86
86
  return Promise.reject(new _AuthSdkError.default('As of version 3.0, "getToken" takes only a single set of options'));
87
87
  }
88
88
 
89
- options = options || {};
89
+ options = options || {}; // window object cannot be serialized, save for later use
90
+ // TODO: move popup related params into a separate options object
91
+
92
+ const popupWindow = options.popupWindow;
93
+ options.popupWindow = undefined;
90
94
  return (0, _prepareTokenParams.prepareTokenParams)(sdk, options).then(function (tokenParams) {
91
95
  // Start overriding any options that don't make sense
92
96
  var sessionTokenOverrides = {
@@ -145,17 +149,18 @@ function getToken(sdk, options) {
145
149
  }
146
150
 
147
151
  oauthPromise = (0, _util.addPostMessageListener)(sdk, options.timeout, tokenParams.state);
148
- } // Create the window
152
+ } // Redirect for authorization
153
+ // popupWindown can be null when popup is blocked
154
+
149
155
 
156
+ if (popupWindow) {
157
+ popupWindow.location.assign(requestUrl);
158
+ } // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
150
159
 
151
- var windowOptions = {
152
- popupTitle: options.popupTitle
153
- };
154
- var windowEl = (0, _util.loadPopup)(requestUrl, windowOptions); // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
155
160
 
156
161
  var popupPromise = new Promise(function (resolve, reject) {
157
162
  var closePoller = setInterval(function () {
158
- if (!windowEl || windowEl.closed) {
163
+ if (!popupWindow || popupWindow.closed) {
159
164
  clearInterval(closePoller);
160
165
  reject(new _AuthSdkError.default('Unable to parse OAuth flow response'));
161
166
  }
@@ -172,8 +177,8 @@ function getToken(sdk, options) {
172
177
  return popupPromise.then(function (res) {
173
178
  return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, tokenParams, res, urls);
174
179
  }).finally(function () {
175
- if (windowEl && !windowEl.closed) {
176
- windowEl.close();
180
+ if (popupWindow && !popupWindow.closed) {
181
+ popupWindow.close();
177
182
  }
178
183
  });
179
184
 
package/cjs/oidc/getToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","windowOptions","popupTitle","windowEl","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;AAeA;;AAMA;;AAOA;;AACA;;AAEA;;AA9BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAuD;AAC5D,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AAEA,SAAO,4CAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIX,OAAO,CAACa,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIR,OAAO,CAACgB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAapB,GAAb,EAAkBQ,WAAlB,CAAP;AACAW,IAAAA,QAAQ,GAAGlB,OAAO,CAACoB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBX,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuBzB,GAAvB,EAA4BC,OAAO,CAACyB,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB7B,GAApB,EAAyBQ,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACX,GAAG,CAACqC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIhC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD8B,UAAAA,YAAY,GAAG,kCAAuBpC,GAAvB,EAA4BC,OAAO,CAACyB,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAAf;AACD,SAVH,CAYE;;;AACA,YAAIY,aAAa,GAAG;AAClBC,UAAAA,UAAU,EAAEvC,OAAO,CAACuC;AADF,SAApB;AAGA,YAAIC,QAAQ,GAAG,qBAAUvB,UAAV,EAAsBqB,aAAtB,CAAf,CAhBF,CAkBE;;AACA,YAAIG,YAAY,GAAG,IAAItC,OAAJ,CAAY,UAAUuC,OAAV,EAAmBtC,MAAnB,EAA2B;AACxD,cAAIuC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACJ,QAAD,IAAaA,QAAQ,CAACK,MAA1B,EAAkC;AAChCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA8B,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBkB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACd,GAAD,CAAP;AACD,WAJH,EAKGmB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,YAAAA,MAAM,CAAC4C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBnC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB7B,GAApB,EAAyBQ,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIW,QAAQ,IAAI,CAACA,QAAQ,CAACK,MAA1B,EAAkC;AAChCL,YAAAA,QAAQ,CAACS,KAAT;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI5C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n loadPopup,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Create the window\n var windowOptions = {\n popupTitle: options.popupTitle\n };\n var windowEl = loadPopup(requestUrl, windowOptions);\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!windowEl || windowEl.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (windowEl && !windowEl.closed) {\n windowEl.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;AAeA;;AAKA;;AAQA;;AACA;;AAEA;;AA9BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,QAAMM,WAAW,GAAGN,OAAO,CAACM,WAA5B;AACAN,EAAAA,OAAO,CAACM,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBR,GAAnB,EAAwBC,OAAxB,EACJQ,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIb,OAAO,CAACe,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIV,OAAO,CAACkB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAatB,GAAb,EAAkBU,WAAlB,CAAP;AACAW,IAAAA,QAAQ,GAAGpB,OAAO,CAACsB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBX,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuB3B,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACb,GAAG,CAACuC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIlC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACDgC,UAAAA,YAAY,GAAG,kCAAuBtC,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAItC,OAAJ,CAAY,UAAUuC,OAAV,EAAmBtC,MAAnB,EAA2B;AACxD,cAAIuC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACAgC,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,YAAAA,MAAM,CAAC4C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI5C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n PopupParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
package/cjs/oidc/getWithPopup.js CHANGED
@@ -8,6 +8,8 @@ var _util = require("../util");
8
8
 
9
9
  var _getToken = require("./getToken");
10
10
 
11
+ var _util2 = require("./util");
12
+
11
13
  /*!
12
14
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
13
15
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -23,12 +25,17 @@ var _getToken = require("./getToken");
23
25
  function getWithPopup(sdk, options) {
24
26
  if (arguments.length > 2) {
25
27
  return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
26
- }
28
+ } // some browsers (safari, firefox) block popup if it's initialed from an async process
29
+ // here we create the popup window immediately after user interaction
30
+ // then redirect to the /authorize endpoint when the requestUrl is available
31
+
27
32
 
33
+ const popupWindow = (0, _util2.loadPopup)('/', options);
28
34
  options = (0, _util.clone)(options) || {};
29
35
  Object.assign(options, {
30
36
  display: 'popup',
31
- responseMode: 'okta_post_message'
37
+ responseMode: 'okta_post_message',
38
+ popupWindow
32
39
  });
33
40
  return (0, _getToken.getToken)(sdk, options);
34
41
  }
package/cjs/oidc/getWithPopup.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","Object","assign","display","responseMode"],"mappings":";;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACAM,EAAAA,MAAM,CAACC,MAAP,CAAcP,OAAd,EAAuB;AACrBQ,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE;AAFO,GAAvB;AAIA,SAAO,wBAASV,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithPopup(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message'\n });\n return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","Object","assign","display","responseMode"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHuF,CAKxF;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeN,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACAO,EAAAA,MAAM,CAACC,MAAP,CAAcR,OAAd,EAAuB;AACrBS,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBJ,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASP,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
package/cjs/oidc/getWithRedirect.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,SAAO,+BAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,UAAMC,IAAI,GAAG,yBAAaT,GAAb,EAAkBC,OAAlB,CAAb;AACA,UAAMS,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoB,qCAAqBH,WAArB,CAAvC;AACA,UAAMI,MAAM,GAAGZ,GAAG,CAACC,OAAJ,CAAYW,MAA3B,CAHwC,CAKxC;;AACA,UAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ;AAaA,UAAMe,SAA0B,GAAG;AACjCX,MAAAA,MADiC;AAEjCC,MAAAA,YAFiC;AAGjCC,MAAAA,KAHiC;AAIjCC,MAAAA,KAJiC;AAKjCC,MAAAA,MALiC;AAMjCC,MAAAA,QANiC;AAOjCR,MAAAA,IAPiC;AAQjCS,MAAAA,eARiC;AASjCC,MAAAA,WATiC;AAUjCC,MAAAA,YAViC;AAWjCC,MAAAA,aAXiC;AAYjCC,MAAAA;AAZiC,KAAnC;AAeAtB,IAAAA,GAAG,CAACwB,kBAAJ,CAAuBC,IAAvB,CAA4BF,SAA5B,EAAuC;AAAEG,MAAAA,KAAK,EAAE;AAAT,KAAvC;;AACA1B,IAAAA,GAAG,CAAC2B,KAAJ,CAAU5B,eAAV,CAA0B6B,YAA1B,CAAuClB,UAAvC;AACD,GArCI,CAAP;AAsCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TransactionMeta } from '../types';\nimport { clone } from '../util';\nimport { getOAuthUrls, prepareTokenParams } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function getWithRedirect(sdk: OktaAuth, options: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n const urls = getOAuthUrls(sdk, options);\n const requestUrl = urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n const issuer = sdk.options.issuer;\n\n // Gather the values we want to save in the transaction\n const {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n } = tokenParams;\n\n const oauthMeta: TransactionMeta = {\n issuer,\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n };\n\n sdk.transactionManager.save(oauthMeta, { oauth: true });\n sdk.token.getWithRedirect._setLocation(requestUrl);\n });\n}\n"],"file":"getWithRedirect.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","then","tokenParams","urls","requestUrl","authorizeUrl","issuer","responseType","state","nonce","scopes","clientId","ignoreSignature","redirectUri","codeVerifier","codeChallenge","codeChallengeMethod","oauthMeta","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,eAAT,CAAyBC,GAAzB,EAAwCC,OAAxC,EAA6E;AAClF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,SAAO,+BAAmBD,GAAnB,EAAwBC,OAAxB,EACJM,IADI,CACC,UAAUC,WAAV,EAAoC;AACxC,UAAMC,IAAI,GAAG,yBAAaT,GAAb,EAAkBC,OAAlB,CAAb;AACA,UAAMS,UAAU,GAAGD,IAAI,CAACE,YAAL,GAAoB,qCAAqBH,WAArB,CAAvC;AACA,UAAMI,MAAM,GAAGZ,GAAG,CAACC,OAAJ,CAAYW,MAA3B,CAHwC,CAKxC;;AACA,UAAM;AACJC,MAAAA,YADI;AAEJC,MAAAA,KAFI;AAGJC,MAAAA,KAHI;AAIJC,MAAAA,MAJI;AAKJC,MAAAA,QALI;AAMJC,MAAAA,eANI;AAOJC,MAAAA,WAPI;AAQJC,MAAAA,YARI;AASJC,MAAAA,aATI;AAUJC,MAAAA;AAVI,QAWFd,WAXJ;AAaA,UAAMe,SAA0B,GAAG;AACjCX,MAAAA,MADiC;AAEjCC,MAAAA,YAFiC;AAGjCC,MAAAA,KAHiC;AAIjCC,MAAAA,KAJiC;AAKjCC,MAAAA,MALiC;AAMjCC,MAAAA,QANiC;AAOjCR,MAAAA,IAPiC;AAQjCS,MAAAA,eARiC;AASjCC,MAAAA,WATiC;AAUjCC,MAAAA,YAViC;AAWjCC,MAAAA,aAXiC;AAYjCC,MAAAA;AAZiC,KAAnC;AAeAtB,IAAAA,GAAG,CAACwB,kBAAJ,CAAuBC,IAAvB,CAA4BF,SAA5B,EAAuC;AAAEG,MAAAA,KAAK,EAAE;AAAT,KAAvC;;AACA1B,IAAAA,GAAG,CAAC2B,KAAJ,CAAU5B,eAAV,CAA0B6B,YAA1B,CAAuClB,UAAvC;AACD,GArCI,CAAP;AAsCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TransactionMeta } from '../types';\nimport { clone } from '../util';\nimport { getOAuthUrls, prepareTokenParams } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function getWithRedirect(sdk: OktaAuth, options: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n const urls = getOAuthUrls(sdk, options);\n const requestUrl = urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n const issuer = sdk.options.issuer;\n\n // Gather the values we want to save in the transaction\n const {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod,\n } = tokenParams;\n\n const oauthMeta: TransactionMeta = {\n issuer,\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature,\n redirectUri,\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n sdk.transactionManager.save(oauthMeta, { oauth: true });\n sdk.token.getWithRedirect._setLocation(requestUrl);\n });\n}\n"],"file":"getWithRedirect.js"}