@okta/okta-auth-js 5.5.0 → 5.9.0

package/cjs/oidc/parseFromUrl.js

@@ -1,5 +1,8 @@
 "use strict";
 
+exports.getResponseMode = getResponseMode;
+exports.parseOAuthResponseFromUrl = parseOAuthResponseFromUrl;
+exports.cleanOAuthResponseFromUrl = cleanOAuthResponseFromUrl;
 exports.parseFromUrl = parseFromUrl;
 
 var _errors = require("../errors");
@@ -52,7 +55,14 @@ function removeSearch(sdk) {
   }
 }
 
-function parseFromUrl(sdk, options) {
+function getResponseMode(sdk) {
+  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication
+  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
+  var responseMode = sdk.options.responseMode || defaultResponseMode;
+  return responseMode;
+}
+
+function parseOAuthResponseFromUrl(sdk, options) {
   options = options || {};
 
   if ((0, _util2.isString)(options)) {
@@ -61,12 +71,10 @@ function parseFromUrl(sdk, options) {
     };
   } else {
     options = options;
-  } // https://openid.net/specs/openid-connect-core-1_0.html#Authentication
-
+  }
 
-  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
   var url = options.url;
-  var responseMode = options.responseMode || sdk.options.responseMode || defaultResponseMode;
+  var responseMode = options.responseMode || getResponseMode(sdk);
 
   var nativeLoc = sdk.token.parseFromUrl._getLocation();
 
@@ -79,31 +87,62 @@ function parseFromUrl(sdk, options) {
   }
 
   if (!paramStr) {
-    return Promise.reject(new _errors.AuthSdkError('Unable to parse a token from the url'));
+    throw new _errors.AuthSdkError('Unable to parse a token from the url');
   }
 
+  return (0, _util.urlParamsToObject)(paramStr);
+}
+
+function cleanOAuthResponseFromUrl(sdk, options) {
+  // Clean hash or search from the url
+  const responseMode = options.responseMode || getResponseMode(sdk);
+  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);
+}
+
+async function parseFromUrl(sdk, options) {
+  options = options || {};
+
+  if ((0, _util2.isString)(options)) {
+    options = {
+      url: options
+    };
+  } else {
+    options = options;
+  }
+
+  const res = parseOAuthResponseFromUrl(sdk, options);
+  const state = res.state;
   const oauthParams = sdk.transactionManager.load({
     oauth: true,
-    pkce: sdk.options.pkce
+    pkce: sdk.options.pkce,
+    state
   });
+
+  if (!oauthParams) {
+    return Promise.reject(new _errors.AuthSdkError('Unable to retrieve OAuth redirect params from storage'));
+  }
+
   const urls = oauthParams.urls;
   delete oauthParams.urls;
-  return Promise.resolve((0, _util.urlParamsToObject)(paramStr)).then(function (res) {
-    if (!url) {
-      // Clean hash or search from the url
-      responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);
-    }
 
-    return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, oauthParams, res, urls).catch(err => {
-      if (!(0, _util.isInteractionRequiredError)(err)) {
-        sdk.transactionManager.clear();
-      }
+  if (!options.url) {
+    // Clean hash or search from the url
+    cleanOAuthResponseFromUrl(sdk, options);
+  }
+
+  return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, oauthParams, res, urls).catch(err => {
+    if (!(0, _util.isInteractionRequiredError)(err)) {
+      sdk.transactionManager.clear({
+        state
+      });
+    }
 
-      throw err;
-    }).then(res => {
-      sdk.transactionManager.clear();
-      return res;
+    throw err;
+  }).then(res => {
+    sdk.transactionManager.clear({
+      state
     });
+    return res;
   });
 }
 //# sourceMappingURL=parseFromUrl.js.map

package/cjs/oidc/parseFromUrl.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","options","url","defaultResponseMode","pkce","responseMode","paramStr","substring","indexOf","Promise","reject","AuthSdkError","oauthParams","transactionManager","load","oauth","urls","resolve","then","res","catch","err","clear"],"mappings":";;;;AAaA;;AACA;;AAEA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAGM,SAAST,YAAT,CAAsBH,GAAtB,EAA2Be,OAA3B,EAA0F;AAC/FA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEC,MAAAA,GAAG,EAAED;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD,GAN8F,CAO/F;;;AACA,MAAIE,mBAAmB,GAAGjB,GAAG,CAACe,OAAJ,CAAYG,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AAEA,MAAIF,GAAG,GAAGD,OAAO,CAACC,GAAlB;AACA,MAAIG,YAAY,GAAGJ,OAAO,CAACI,YAAR,IAAwBnB,GAAG,CAACe,OAAJ,CAAYI,YAApC,IAAoDF,mBAAvE;;AACA,MAAIV,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIY,QAAJ;;AAEA,MAAID,YAAY,KAAK,OAArB,EAA8B;AAC5BC,IAAAA,QAAQ,GAAGJ,GAAG,GAAGA,GAAG,CAACK,SAAJ,CAAcL,GAAG,CAACM,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCf,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLQ,IAAAA,QAAQ,GAAGJ,GAAG,GAAGA,GAAG,CAACK,SAAJ,CAAcL,GAAG,CAACM,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCf,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACO,QAAL,EAAe;AACb,WAAOG,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sCAAjB,CAAf,CAAP;AACD;;AAED,QAAMC,WAA4B,GAAG1B,GAAG,CAAC2B,kBAAJ,CAAuBC,IAAvB,CAA4B;AAC/DC,IAAAA,KAAK,EAAE,IADwD;AAE/DX,IAAAA,IAAI,EAAElB,GAAG,CAACe,OAAJ,CAAYG;AAF6C,GAA5B,CAArC;AAIA,QAAMY,IAAgB,GAAGJ,WAAW,CAACI,IAArC;AACA,SAAOJ,WAAW,CAACI,IAAnB;AAEA,SAAOP,OAAO,CAACQ,OAAR,CAAgB,6BAAkBX,QAAlB,CAAhB,EACJY,IADI,CACC,UAAUC,GAAV,EAAe;AACnB,QAAI,CAACjB,GAAL,EAAU;AACR;AACAG,MAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AACD,WAAO,8CAAoBA,GAApB,EAAyB0B,WAAzB,EAAsCO,GAAtC,EAA2CH,IAA3C,EACJI,KADI,CACEC,GAAG,IAAI;AACZ,UAAI,CAAC,sCAA2BA,GAA3B,CAAL,EAAsC;AACpCnC,QAAAA,GAAG,CAAC2B,kBAAJ,CAAuBS,KAAvB;AACD;;AACD,YAAMD,GAAN;AACD,KANI,EAOJH,IAPI,CAOCC,GAAG,IAAI;AACXjC,MAAAA,GAAG,CAAC2B,kBAAJ,CAAuBS,KAAvB;AACA,aAAOH,GAAP;AACD,KAVI,CAAP;AAWD,GAjBI,CAAP;AAkBD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport { ParseFromUrlOptions, TokenResponse, CustomUrls, TransactionMeta } from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\n\nexport function parseFromUrl(sdk, options: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n\n  var url = options.url;\n  var responseMode = options.responseMode || sdk.options.responseMode || defaultResponseMode;\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    return Promise.reject(new AuthSdkError('Unable to parse a token from the url'));\n  }\n\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    oauth: true,\n    pkce: sdk.options.pkce\n  });\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  return Promise.resolve(urlParamsToObject(paramStr))\n    .then(function (res) {\n      if (!url) {\n        // Clean hash or search from the url\n        responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n      }\n      return handleOAuthResponse(sdk, oauthParams, res, urls)\n        .catch(err => {\n          if (!isInteractionRequiredError(err)) {\n            sdk.transactionManager.clear();\n          }\n          throw err;\n        })\n        .then(res => {\n          sdk.transactionManager.clear();\n          return res;\n        });\n    });\n}\n"],"file":"parseFromUrl.js"}
+{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","indexOf","AuthSdkError","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","Promise","reject","urls","catch","err","clear","then"],"mappings":";;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;AACzD;AACA,MAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AACA,MAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;AACA,SAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;AACnGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,MAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;AACA,MAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;AACA,MAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIc,QAAJ;;AAEA,MAAIH,YAAY,KAAK,OAArB,EAA8B;AAC5BG,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLU,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACS,QAAL,EAAe;AACb,UAAM,IAAIG,oBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,SAAO,6BAAkBH,QAAlB,CAAP;AACD;;AAEM,SAASI,yBAAT,CAAmC1B,GAAnC,EAAwCiB,OAAxC,EAAsE;AAC3E;AACA,QAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;AACAmB,EAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAgG;AACrGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,QAAMU,GAAkB,GAAGP,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;AACA,QAAMW,KAAK,GAAGD,GAAG,CAACC,KAAlB;AACA,QAAMC,WAA4B,GAAG7B,GAAG,CAAC8B,kBAAJ,CAAuBC,IAAvB,CAA4B;AAC/DC,IAAAA,KAAK,EAAE,IADwD;AAE/Dd,IAAAA,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;AAG/DU,IAAAA;AAH+D,GAA5B,CAArC;;AAKA,MAAI,CAACC,WAAL,EAAkB;AAChB,WAAOI,OAAO,CAACC,MAAR,CAAe,IAAIT,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;AACD;;AACD,QAAMU,IAAgB,GAAGN,WAAW,CAACM,IAArC;AACA,SAAON,WAAW,CAACM,IAAnB;;AAEA,MAAI,CAAClB,OAAO,CAACI,GAAb,EAAkB;AAChB;AACAK,IAAAA,yBAAyB,CAAC1B,GAAD,EAAMiB,OAAN,CAAzB;AACD;;AAED,SAAO,8CAAoBjB,GAApB,EAAyB6B,WAAzB,EAAsCF,GAAtC,EAA2CQ,IAA3C,EACJC,KADI,CACEC,GAAG,IAAI;AACZ,QAAI,CAAC,sCAA2BA,GAA3B,CAAL,EAAsC;AACpCrC,MAAAA,GAAG,CAAC8B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,QAAAA;AAD2B,OAA7B;AAGD;;AACD,UAAMS,GAAN;AACD,GARI,EASJE,IATI,CASCZ,GAAG,IAAI;AACX3B,IAAAA,GAAG,CAAC8B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,MAAAA;AAD2B,KAA7B;AAGA,WAAOD,GAAP;AACD,GAdI,CAAP;AAgBD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    oauth: true,\n    pkce: sdk.options.pkce,\n    state\n  });\n  if (!oauthParams) {\n    return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"file":"parseFromUrl.js"}

package/cjs/oidc/renewTokens.js

@@ -2,6 +2,8 @@
 
 exports.renewTokens = renewTokens;
 
+var _errors = require("../errors");
+
 var _getWithoutPrompt = require("./getWithoutPrompt");
 
 var _renewTokensWithRefresh = require("./renewTokensWithRefresh");
@@ -21,19 +23,40 @@ var _util = require("./util");
  *
  */
 // If we have a refresh token, renew using that, otherwise getWithoutPrompt
+// eslint-disable-next-line complexity
 async function renewTokens(sdk, options) {
   const tokens = sdk.tokenManager.getTokensSync();
 
   if (tokens.refreshToken) {
     return (0, _renewTokensWithRefresh.renewTokensWithRefresh)(sdk, options, tokens.refreshToken);
-  } // Get tokens using the SSO cookie
+  }
+
+  if (!tokens.accessToken && !tokens.idToken) {
+    throw new _errors.AuthSdkError('renewTokens() was called but there is no existing token');
+  }
+
+  const accessToken = tokens.accessToken || {};
+  const idToken = tokens.idToken || {};
+  const scopes = accessToken.scopes || idToken.scopes;
+
+  if (!scopes) {
+    throw new _errors.AuthSdkError('renewTokens: invalid tokens: could not read scopes');
+  }
+
+  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;
+
+  if (!authorizeUrl) {
+    throw new _errors.AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');
+  }
 
+  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;
+  const issuer = idToken.issuer || sdk.options.issuer; // Get tokens using the SSO cookie
 
   options = Object.assign({
-    scopes: sdk.options.scopes,
-    authorizeUrl: sdk.options.authorizeUrl,
-    userinfoUrl: sdk.options.userinfoUrl,
-    issuer: sdk.options.issuer
+    scopes,
+    authorizeUrl,
+    userinfoUrl,
+    issuer
   }, options);
 
   if (sdk.options.pkce) {

package/cjs/oidc/renewTokens.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","Object","assign","scopes","authorizeUrl","userinfoUrl","issuer","pkce","responseType","then","res"],"mappings":";;;;AAaA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAuE;AAC5E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,MAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,WAAO,oDAAuBL,GAAvB,EAA4BC,OAA5B,EAAqCC,MAAM,CAACG,YAA5C,CAAP;AACD,GAJ2E,CAM5E;;;AACAJ,EAAAA,OAAO,GAAGK,MAAM,CAACC,MAAP,CAAc;AACtBC,IAAAA,MAAM,EAAER,GAAG,CAACC,OAAJ,CAAYO,MADE;AAEtBC,IAAAA,YAAY,EAAET,GAAG,CAACC,OAAJ,CAAYQ,YAFJ;AAGtBC,IAAAA,WAAW,EAAEV,GAAG,CAACC,OAAJ,CAAYS,WAHH;AAItBC,IAAAA,MAAM,EAAEX,GAAG,CAACC,OAAJ,CAAYU;AAJE,GAAd,EAKPV,OALO,CAAV;;AAOA,MAAID,GAAG,CAACC,OAAJ,CAAYW,IAAhB,EAAsB;AACpBX,IAAAA,OAAO,CAACY,YAAR,GAAuB,MAAvB;AACD,GAFD,MAEO;AACL,UAAM;AAAEA,MAAAA;AAAF,QAAmB,iCAAsBb,GAAtB,CAAzB;AACAC,IAAAA,OAAO,CAACY,YAAR,GAAuBA,YAAvB;AACD;;AAED,SAAO,wCAAiBb,GAAjB,EAAsBC,OAAtB,EACJa,IADI,CACCC,GAAG,IAAIA,GAAG,CAACb,MADZ,CAAP;AAGD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewTokens(sdk, options: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options, tokens.refreshToken);\n  }\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes: sdk.options.scopes,\n    authorizeUrl: sdk.options.authorizeUrl,\n    userinfoUrl: sdk.options.userinfoUrl,\n    issuer: sdk.options.issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"file":"renewTokens.js"}
+{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","then","res"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAuE;AAC5E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,MAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,WAAO,oDAAuBL,GAAvB,EAA4BC,OAA5B,EAAqCC,MAAM,CAACG,YAA5C,CAAP;AACD;;AAED,MAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;AAC1C,UAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;AACD;;AAED,QAAMF,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;AACA,QAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;AACA,QAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;AACA,MAAI,CAACA,MAAL,EAAa;AACX,UAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;AACA,MAAI,CAACA,YAAL,EAAmB;AACjB,UAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;AACD;;AACD,QAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BX,GAAG,CAACC,OAAJ,CAAYU,WAA3D;AACA,QAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBZ,GAAG,CAACC,OAAJ,CAAYW,MAA7C,CArB4E,CAuB5E;;AACAX,EAAAA,OAAO,GAAGY,MAAM,CAACC,MAAP,CAAc;AACtBL,IAAAA,MADsB;AAEtBC,IAAAA,YAFsB;AAGtBC,IAAAA,WAHsB;AAItBC,IAAAA;AAJsB,GAAd,EAKPX,OALO,CAAV;;AAOA,MAAID,GAAG,CAACC,OAAJ,CAAYc,IAAhB,EAAsB;AACpBd,IAAAA,OAAO,CAACe,YAAR,GAAuB,MAAvB;AACD,GAFD,MAEO;AACL,UAAM;AAAEA,MAAAA;AAAF,QAAmB,iCAAsBhB,GAAtB,CAAzB;AACAC,IAAAA,OAAO,CAACe,YAAR,GAAuBA,YAAvB;AACD;;AAED,SAAO,wCAAiBhB,GAAjB,EAAsBC,OAAtB,EACJgB,IADI,CACCC,GAAG,IAAIA,GAAG,CAAChB,MADZ,CAAP;AAGD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"file":"renewTokens.js"}

package/cjs/oidc/util/browser.js

@@ -8,8 +8,6 @@ exports.addPostMessageListener = addPostMessageListener;
 
 var _errors = require("../../errors");
 
-var _features = require("../../features");
-
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -52,17 +50,7 @@ function loadFrame(src) {
 function loadPopup(src, options) {
   var title = options.popupTitle || 'External Identity Provider User Authentication';
   var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' + 'top=100, left=500, width=600, height=600';
-
-  if ((0, _features.isIE11OrLess)()) {
-    // IE<=11 doesn't fully support postMessage at time of writting.
-    // the following simple solution happened to solve the issue
-    // without adding another proxy layer which makes flow more complecated.
-    var winEl = window.open('/', title, appearance);
-    winEl.location.href = src;
-    return winEl;
-  } else {
-    return window.open(src, title, appearance);
-  }
+  return window.open(src, title, appearance);
 }
 
 function addPostMessageListener(sdk, timeout, state) {

package/cjs/oidc/util/browser.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","winEl","window","open","location","href","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","Promise","resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"mappings":";;;;;;;;AAcA;;AAEA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAKO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;;AAGA,MAAI,6BAAJ,EAAoB;AAClB;AACA;AACA;AACA,QAAIC,KAAK,GAAGC,MAAM,CAACC,IAAP,CAAY,GAAZ,EAAiBL,KAAjB,EAAwBE,UAAxB,CAAZ;AACAC,IAAAA,KAAK,CAACG,QAAN,CAAeC,IAAf,GAAsBjB,GAAtB;AACA,WAAOa,KAAP;AACD,GAPD,MAOO;AACL,WAAOC,MAAM,CAACC,IAAP,CAAYf,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;AACF;;AAEM,SAASM,sBAAT,CAAgCC,GAAhC,EAA+CC,OAA/C,EAAwDC,KAAxD,EAA+D;AACpE,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,IAAIC,OAAJ,CAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEL,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBM,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOR,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIO,CAAC,CAACE,MAAF,KAAaX,GAAG,CAACY,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDN,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBAvC,IAAAA,WAAW,CAACwB,MAAD,EAAS,SAAT,EAAoBQ,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGU,UAAU,CAAC,YAAY;AACjCN,MAAAA,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnBZ,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBU,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACZ,SAAD,CAAZ;AACA3B,IAAAA,cAAc,CAACkB,MAAD,EAAS,SAAT,EAAoBQ,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth } from '../../types';\nimport { isIE11OrLess } from '../../features';\n\nexport function addListener(eventTarget, name, fn) {\n  if (eventTarget.addEventListener) {\n    eventTarget.addEventListener(name, fn);\n  } else {\n    eventTarget.attachEvent('on' + name, fn);\n  }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n  if (eventTarget.removeEventListener) {\n    eventTarget.removeEventListener(name, fn);\n  } else {\n    eventTarget.detachEvent('on' + name, fn);\n  }\n}\n\nexport function loadFrame(src) {\n  var iframe = document.createElement('iframe');\n  iframe.style.display = 'none';\n  iframe.src = src;\n\n  return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n  var title = options.popupTitle || 'External Identity Provider User Authentication';\n  var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n    'top=100, left=500, width=600, height=600';\n\n  if (isIE11OrLess()) {\n    // IE<=11 doesn't fully support postMessage at time of writting.\n    // the following simple solution happened to solve the issue\n    // without adding another proxy layer which makes flow more complecated.\n    var winEl = window.open('/', title, appearance);\n    winEl.location.href = src;\n    return winEl;\n  } else {\n    return window.open(src, title, appearance);\n  }\n}\n\nexport function addPostMessageListener(sdk: OktaAuth, timeout, state) {\n  var responseHandler;\n  var timeoutId;\n  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n    responseHandler = function responseHandler(e) {\n      if (!e.data || e.data.state !== state) {\n        // A message not meant for us\n        return;\n      }\n\n      // Configuration mismatch between saved token and current app instance\n      // This may happen if apps with different issuers are running on the same host url\n      // If they share the same storage key, they may read and write tokens in the same location.\n      // Common when developing against http://localhost\n      if (e.origin !== sdk.getIssuerOrigin()) {\n        return reject(new AuthSdkError('The request does not match client configuration'));\n      }\n      resolve(e.data);\n    };\n\n    addListener(window, 'message', responseHandler);\n\n    timeoutId = setTimeout(function () {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n\n  return msgReceivedOrTimeout\n    .finally(function () {\n      clearTimeout(timeoutId);\n      removeListener(window, 'message', responseHandler);\n    });\n}\n"],"file":"browser.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","Promise","resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"mappings":";;;;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAIO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;;AAEM,SAASG,sBAAT,CAAgCC,GAAhC,EAA+CC,OAA/C,EAAwDC,KAAxD,EAA+D;AACpE,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,IAAIC,OAAJ,CAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEL,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBM,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOR,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIO,CAAC,CAACE,MAAF,KAAaX,GAAG,CAACY,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDN,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBApC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGU,UAAU,CAAC,YAAY;AACjCN,MAAAA,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnBZ,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBU,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACZ,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n  if (eventTarget.addEventListener) {\n    eventTarget.addEventListener(name, fn);\n  } else {\n    eventTarget.attachEvent('on' + name, fn);\n  }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n  if (eventTarget.removeEventListener) {\n    eventTarget.removeEventListener(name, fn);\n  } else {\n    eventTarget.detachEvent('on' + name, fn);\n  }\n}\n\nexport function loadFrame(src) {\n  var iframe = document.createElement('iframe');\n  iframe.style.display = 'none';\n  iframe.src = src;\n\n  return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n  var title = options.popupTitle || 'External Identity Provider User Authentication';\n  var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n    'top=100, left=500, width=600, height=600';\n  return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuth, timeout, state) {\n  var responseHandler;\n  var timeoutId;\n  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n    responseHandler = function responseHandler(e) {\n      if (!e.data || e.data.state !== state) {\n        // A message not meant for us\n        return;\n      }\n\n      // Configuration mismatch between saved token and current app instance\n      // This may happen if apps with different issuers are running on the same host url\n      // If they share the same storage key, they may read and write tokens in the same location.\n      // Common when developing against http://localhost\n      if (e.origin !== sdk.getIssuerOrigin()) {\n        return reject(new AuthSdkError('The request does not match client configuration'));\n      }\n      resolve(e.data);\n    };\n\n    addListener(window, 'message', responseHandler);\n\n    timeoutId = setTimeout(function () {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n\n  return msgReceivedOrTimeout\n    .finally(function () {\n      clearTimeout(timeoutId);\n      removeListener(window, 'message', responseHandler);\n    });\n}\n"],"file":"browser.js"}

package/cjs/oidc/util/loginRedirect.js

@@ -92,13 +92,17 @@ function isLoginRedirect(sdk) {
  */
 
 
-function isInteractionRequired(sdk) {
-  // First check, is this a redirect URI?
-  if (!isLoginRedirect(sdk)) {
-    return false;
+function isInteractionRequired(sdk, hashOrSearch) {
+  if (!hashOrSearch) {
+    // web only
+    // First check, is this a redirect URI?
+    if (!isLoginRedirect(sdk)) {
+      return false;
+    }
+
+    hashOrSearch = getHashOrSearch(sdk.options);
   }
 
-  var hashOrSearch = getHashOrSearch(sdk.options);
   return /(error=interaction_required)/i.test(hashOrSearch);
 }
 //# sourceMappingURL=loginRedirect.js.map

package/cjs/oidc/util/loginRedirect.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","indexOf","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":";;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA4D;AACjE,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;AACA,SAAOH,GAAG,IAAIA,GAAG,CAACI,OAAJ,CAAYF,UAAU,CAACG,WAAvB,MAAwC,CAAtD;AACD;;AAEM,SAASC,UAAT,CAAoBH,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACI,IAAR,IAAgBJ,OAAO,CAACK,YAAR,KAAyB,MAAzC,IAAmDL,OAAO,CAACM,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBP,OAAzB,EAAmD;AACxD,MAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAD,CAAzB;AACA,MAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBrB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASuB,eAAT,CAA0Bf,GAA1B,EAAyC;AAC9C;AACA,MAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBhB,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJ6C,CAM9C;;;AACA,MAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIe,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOsB,OAAP;AACD,GAjB6C,CAmB9C;;;AACA,SAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAP,CAAgBrB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAAS0B,qBAAT,CAAgClB,GAAhC,EAA+C;AAClD;AACA,MAAI,CAACe,eAAe,CAACf,GAAD,CAApB,EAA0B;AACxB,WAAO,KAAP;AACD;;AAEH,MAAIL,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;AACA,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuth, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuth): boolean {\n  var authParams = sdk.options;\n  return uri && uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuth) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuth) {\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n  var hashOrSearch = getHashOrSearch(sdk.options);\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","indexOf","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":";;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA4D;AACjE,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;AACA,SAAOH,GAAG,IAAIA,GAAG,CAACI,OAAJ,CAAYF,UAAU,CAACG,WAAvB,MAAwC,CAAtD;AACD;;AAEM,SAASC,UAAT,CAAoBH,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACI,IAAR,IAAgBJ,OAAO,CAACK,YAAR,KAAyB,MAAzC,IAAmDL,OAAO,CAACM,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBP,OAAzB,EAAmD;AACxD,MAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAD,CAAzB;AACA,MAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBrB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASuB,eAAT,CAA0Bf,GAA1B,EAAyC;AAC9C;AACA,MAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBhB,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJ6C,CAM9C;;;AACA,MAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIe,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOsB,OAAP;AACD,GAjB6C,CAmB9C;;;AACA,SAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAP,CAAgBrB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAAS0B,qBAAT,CAAgClB,GAAhC,EAA+CL,YAA/C,EAAsE;AAC3E,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,CAACoB,eAAe,CAACf,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuth, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuth): boolean {\n  var authParams = sdk.options;\n  return uri && uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuth) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuth, hashOrSearch?: string) {\n  if (!hashOrSearch) { // web only\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n    hashOrSearch = getHashOrSearch(sdk.options);\n  }\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}

package/cjs/oidc/util/urlParams.js

@@ -20,7 +20,7 @@ function urlParamsToObject(hashOrSearch) {
   // Predefine regexs for parsing hash
   var plus2space = /\+/g;
   var paramSplit = /([^&=]+)=?([^&]*)/g;
-  var fragment = hashOrSearch; // Some hash based routers will automatically add a / character after the hash
+  var fragment = hashOrSearch || ''; // Some hash based routers will automatically add a / character after the hash
 
   if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {
     fragment = fragment.substring(2);

package/cjs/oidc/util/urlParams.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../lib/oidc/util/urlParams.ts"],"names":["urlParamsToObject","hashOrSearch","plus2space","paramSplit","fragment","charAt","substring","obj","param","exec","key","value","decodeURIComponent","replace"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEO,SAASA,iBAAT,CAA2BC,YAA3B,EAAiD;AACtD;AACA,MAAIC,UAAU,GAAG,KAAjB;AACA,MAAIC,UAAU,GAAG,oBAAjB;AACA,MAAIC,QAAQ,GAAGH,YAAf,CAJsD,CAMtD;;AACA,MAAIG,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD,GATqD,CAWtD;;;AACA,MAAIF,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD;;AAGD,MAAIC,GAAG,GAAG,EAAV,CAjBsD,CAmBtD;;AACA,MAAIC,KAAJ;;AACA,SAAO,IAAP,EAAa;AAAE;AACbA,IAAAA,KAAK,GAAGL,UAAU,CAACM,IAAX,CAAgBL,QAAhB,CAAR;;AACA,QAAI,CAACI,KAAL,EAAY;AAAE;AAAQ;;AAEtB,QAAIE,GAAG,GAAGF,KAAK,CAAC,CAAD,CAAf;AACA,QAAIG,KAAK,GAAGH,KAAK,CAAC,CAAD,CAAjB,CALW,CAOX;;AACA,QAAIE,GAAG,KAAK,UAAR,IAAsBA,GAAG,KAAK,cAA9B,IAAgDA,GAAG,KAAK,MAA5D,EAAoE;AAClEH,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWC,KAAX;AACD,KAFD,MAEO;AACLJ,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWE,kBAAkB,CAACD,KAAK,CAACE,OAAN,CAAcX,UAAd,EAA0B,GAA1B,CAAD,CAA7B;AACD;AACF;;AACD,SAAOK,GAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nexport function urlParamsToObject(hashOrSearch: string) {\n  // Predefine regexs for parsing hash\n  var plus2space = /\\+/g;\n  var paramSplit = /([^&=]+)=?([^&]*)/g;\n  var fragment = hashOrSearch;\n\n  // Some hash based routers will automatically add a / character after the hash\n  if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n    fragment = fragment.substring(2);\n  }\n\n  // Remove the leading # or ?\n  if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n    fragment = fragment.substring(1);\n  }\n\n\n  var obj = {};\n\n  // Loop until we have no more params\n  var param;\n  while (true) { // eslint-disable-line no-constant-condition\n    param = paramSplit.exec(fragment);\n    if (!param) { break; }\n\n    var key = param[1];\n    var value = param[2];\n\n    // id_token should remain base64url encoded\n    if (key === 'id_token' || key === 'access_token' || key === 'code') {\n      obj[key] = value;\n    } else {\n      obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n    }\n  }\n  return obj;\n}\n"],"file":"urlParams.js"}
+{"version":3,"sources":["../../../../lib/oidc/util/urlParams.ts"],"names":["urlParamsToObject","hashOrSearch","plus2space","paramSplit","fragment","charAt","substring","obj","param","exec","key","value","decodeURIComponent","replace"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEO,SAASA,iBAAT,CAA2BC,YAA3B,EAAiD;AACtD;AACA,MAAIC,UAAU,GAAG,KAAjB;AACA,MAAIC,UAAU,GAAG,oBAAjB;AACA,MAAIC,QAAQ,GAAGH,YAAY,IAAI,EAA/B,CAJsD,CAMtD;;AACA,MAAIG,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD,GATqD,CAWtD;;;AACA,MAAIF,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD;;AAGD,MAAIC,GAAG,GAAG,EAAV,CAjBsD,CAmBtD;;AACA,MAAIC,KAAJ;;AACA,SAAO,IAAP,EAAa;AAAE;AACbA,IAAAA,KAAK,GAAGL,UAAU,CAACM,IAAX,CAAgBL,QAAhB,CAAR;;AACA,QAAI,CAACI,KAAL,EAAY;AAAE;AAAQ;;AAEtB,QAAIE,GAAG,GAAGF,KAAK,CAAC,CAAD,CAAf;AACA,QAAIG,KAAK,GAAGH,KAAK,CAAC,CAAD,CAAjB,CALW,CAOX;;AACA,QAAIE,GAAG,KAAK,UAAR,IAAsBA,GAAG,KAAK,cAA9B,IAAgDA,GAAG,KAAK,MAA5D,EAAoE;AAClEH,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWC,KAAX;AACD,KAFD,MAEO;AACLJ,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWE,kBAAkB,CAACD,KAAK,CAACE,OAAN,CAAcX,UAAd,EAA0B,GAA1B,CAAD,CAA7B;AACD;AACF;;AACD,SAAOK,GAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nexport function urlParamsToObject(hashOrSearch: string) {\n  // Predefine regexs for parsing hash\n  var plus2space = /\\+/g;\n  var paramSplit = /([^&=]+)=?([^&]*)/g;\n  var fragment = hashOrSearch || '';\n\n  // Some hash based routers will automatically add a / character after the hash\n  if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n    fragment = fragment.substring(2);\n  }\n\n  // Remove the leading # or ?\n  if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n    fragment = fragment.substring(1);\n  }\n\n\n  var obj = {};\n\n  // Loop until we have no more params\n  var param;\n  while (true) { // eslint-disable-line no-constant-condition\n    param = paramSplit.exec(fragment);\n    if (!param) { break; }\n\n    var key = param[1];\n    var value = param[2];\n\n    // id_token should remain base64url encoded\n    if (key === 'id_token' || key === 'access_token' || key === 'code') {\n      obj[key] = value;\n    } else {\n      obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n    }\n  }\n  return obj;\n}\n"],"file":"urlParams.js"}

package/cjs/options.js

@@ -40,6 +40,12 @@ const BROWSER_STORAGE = {
   },
   transaction: {
     storageTypes: ['sessionStorage', 'localStorage', 'cookie']
+  },
+  'shared-transaction': {
+    storageTypes: ['localStorage']
+  },
+  'original-uri': {
+    storageTypes: ['localStorage']
   }
 };
 const SERVER_STORAGE = {
@@ -87,17 +93,23 @@ function getCookieSettings(args = {}, isHTTPS) {
 function getDefaultOptions() {
   const storageUtil = (0, _features.isBrowser)() ? _browserStorage.default : _serverStorage.default;
   const storageManager = (0, _features.isBrowser)() ? BROWSER_STORAGE : SERVER_STORAGE;
+  const enableSharedStorage = (0, _features.isBrowser)() ? true : false; // localStorage for multi-tab flows (browser only)
+
   return {
     devMode: false,
     httpRequestClient: _fetchRequest.default,
     storageUtil,
-    storageManager
+    storageManager,
+    transactionManager: {
+      enableSharedStorage
+    }
   };
 }
 
 function mergeOptions(options, args) {
   return Object.assign({}, options, (0, _util.removeNils)(args), {
-    storageManager: Object.assign({}, options.storageManager, args.storageManager)
+    storageManager: Object.assign({}, options.storageManager, args.storageManager),
+    transactionManager: Object.assign({}, options.transactionManager, args.transactionManager)
   });
 }
 
@@ -131,6 +143,7 @@ function buildOptions(args = {}) {
     headers: args.headers,
     devMode: !!args.devMode,
     storageManager: args.storageManager,
+    transactionManager: args.transactionManager,
     cookies: (0, _features.isBrowser)() ? getCookieSettings(args, (0, _features.isHTTPS)()) : args.cookies,
     // Give the developer the ability to disable token signature validation.
     ignoreSignature: !!args.ignoreSignature,

package/cjs/options.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../lib/options.ts"],"names":["BROWSER_STORAGE","token","storageTypes","useMultipleCookies","cache","transaction","SERVER_STORAGE","getCookieSettings","args","isHTTPS","cookieSettings","cookies","secure","sameSite","getDefaultOptions","storageUtil","browserStorage","serverStorage","storageManager","devMode","httpRequestClient","fetchRequest","mergeOptions","options","Object","assign","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","ignoreSignature","clientSecret"],"mappings":";;;;;;;AAcA;;AACA;;AAGA;;AACA;;AACA;;AACA;;AArBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAUA,MAAMA,eAAsC,GAAG;AAC7CC,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY,CADT;AAMLC,IAAAA,kBAAkB,EAAE;AANf,GADsC;AAS7CC,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GATsC;AAgB7CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;AADH;AAhBgC,CAA/C;AAyBA,MAAMI,cAAqC,GAAG;AAC5CL,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GADqC;AAM5CE,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GANqC;AAW5CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,QADY;AADH;AAX+B,CAA9C;;AAkBA,SAASK,iBAAT,CAA2BC,IAAqB,GAAG,EAAnD,EAAuDC,OAAvD,EAAyE;AACvE;AACA;AACA;AACA,MAAIC,cAAc,GAAGF,IAAI,CAACG,OAAL,IAAgB,EAArC;;AACA,MAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;AAChDF,IAAAA,cAAc,CAACE,MAAf,GAAwBH,OAAxB;AACD;;AACD,MAAI,OAAOC,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;AAClDH,IAAAA,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;AACD,GAVsE,CAYvE;;;AACA,MAAIF,cAAc,CAACE,MAAf,IAAyB,CAACH,OAA9B,EAAuC;AACrC;AACA,oBACE,oEACA,4DADA,GAEA,gEAHF;AAKAC,IAAAA,cAAc,CAACE,MAAf,GAAwB,KAAxB;AACD,GArBsE,CAuBvE;AACA;;;AACA,MAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;AAChEF,IAAAA,cAAc,CAACG,QAAf,GAA0B,KAA1B;AACD;;AAED,SAAOH,cAAP;AACD;;AAGM,SAASI,iBAAT,GAA8C;AACnD,QAAMC,WAAW,GAAG,6BAAcC,uBAAd,GAA+BC,sBAAnD;AACA,QAAMC,cAAc,GAAG,6BAAclB,eAAd,GAAgCM,cAAvD;AACA,SAAO;AACLa,IAAAA,OAAO,EAAE,KADJ;AAELC,IAAAA,iBAAiB,EAAEC,qBAFd;AAGLN,IAAAA,WAHK;AAILG,IAAAA;AAJK,GAAP;AAMD;;AAED,SAASI,YAAT,CAAsBC,OAAtB,EAA+Bf,IAA/B,EAAsD;AACpD,SAAOgB,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAlB,EAA2B,sBAAWf,IAAX,CAA3B,EAA6C;AAClDU,IAAAA,cAAc,EAAEM,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACL,cAA1B,EAA0CV,IAAI,CAACU,cAA/C;AADkC,GAA7C,CAAP;AAGD;;AAEM,SAASQ,YAAT,CAAsBlB,IAAqB,GAAG,EAA9C,EAAmE;AACxE,sCAAkBA,IAAlB;AACAA,EAAAA,IAAI,GAAGc,YAAY,CAACR,iBAAiB,EAAlB,EAAsBN,IAAtB,CAAnB;AACA,SAAO,sBAAW;AAChB;AACAmB,IAAAA,MAAM,EAAE,+BAAoBnB,IAAI,CAACmB,MAAzB,CAFQ;AAGhBC,IAAAA,QAAQ,EAAE,+BAAoBpB,IAAI,CAACoB,QAAzB,CAHM;AAIhBC,IAAAA,YAAY,EAAE,+BAAoBrB,IAAI,CAACqB,YAAzB,CAJE;AAKhBC,IAAAA,WAAW,EAAE,+BAAoBtB,IAAI,CAACsB,WAAzB,CALG;AAMhBC,IAAAA,SAAS,EAAE,+BAAoBvB,IAAI,CAACuB,SAAzB,CANK;AAOhBC,IAAAA,SAAS,EAAE,+BAAoBxB,IAAI,CAACwB,SAAzB,CAPK;AAQhBC,IAAAA,QAAQ,EAAEzB,IAAI,CAACyB,QARC;AAShBC,IAAAA,WAAW,EAAE1B,IAAI,CAAC0B,WATF;AAUhBC,IAAAA,KAAK,EAAE3B,IAAI,CAAC2B,KAVI;AAWhBC,IAAAA,MAAM,EAAE5B,IAAI,CAAC4B,MAXG;AAYhBC,IAAAA,qBAAqB,EAAE7B,IAAI,CAAC6B,qBAZZ;AAahBC,IAAAA,YAAY,EAAE9B,IAAI,CAAC8B,YAbH;AAchBC,IAAAA,YAAY,EAAE/B,IAAI,CAAC+B,YAdH;AAehBC,IAAAA,IAAI,EAAEhC,IAAI,CAACgC,IAAL,KAAc,KAAd,GAAsB,KAAtB,GAA8B,IAfpB;AAe0B;AAC1CC,IAAAA,sBAAsB,EAAEjC,IAAI,CAACiC,sBAhBb;AAkBhB;AACArB,IAAAA,iBAAiB,EAAEZ,IAAI,CAACY,iBAnBR;AAoBhBsB,IAAAA,iBAAiB,EAAElC,IAAI,CAACkC,iBApBR;AAqBhBC,IAAAA,kBAAkB,EAAEnC,IAAI,CAACmC,kBArBT;AAsBhBC,IAAAA,kBAAkB,EAAEpC,IAAI,CAACoC,kBAtBT;AAuBhB7B,IAAAA,WAAW,EAAEP,IAAI,CAACO,WAvBF;AAwBhB8B,IAAAA,OAAO,EAAErC,IAAI,CAACqC,OAxBE;AAyBhB1B,IAAAA,OAAO,EAAE,CAAC,CAACX,IAAI,CAACW,OAzBA;AA0BhBD,IAAAA,cAAc,EAAEV,IAAI,CAACU,cA1BL;AA2BhBP,IAAAA,OAAO,EAAE,6BAAcJ,iBAAiB,CAACC,IAAD,EAAO,wBAAP,CAA/B,GAAmDA,IAAI,CAACG,OA3BjD;AA6BhB;AACAmC,IAAAA,eAAe,EAAE,CAAC,CAACtC,IAAI,CAACsC,eA9BR;AAgChB;AACAC,IAAAA,YAAY,EAAEvC,IAAI,CAACuC;AAjCH,GAAX,CAAP;AAmCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { removeTrailingSlash, warn, removeNils } from './util';\nimport { assertValidConfig } from './builderUtil';\nimport { OktaAuthOptions, StorageManagerOptions } from './types';\n\nimport fetchRequest from './fetch/fetchRequest';\nimport browserStorage from './browser/browserStorage';\nimport serverStorage from './server/serverStorage';\nimport { isBrowser, isHTTPS } from './features';\n\nconst BROWSER_STORAGE: StorageManagerOptions = {\n  token: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ],\n    useMultipleCookies: true\n  },\n  cache: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ]\n  },\n  transaction: {\n    storageTypes: [\n      'sessionStorage',\n      'localStorage',\n      'cookie'\n    ]\n  }\n};\n\nconst SERVER_STORAGE: StorageManagerOptions = {\n  token: {\n    storageTypes: [\n      'memory'\n    ]\n  },\n  cache: {\n    storageTypes: [\n      'memory'\n    ]\n  },\n  transaction: {\n    storageTypes: [\n      'memory'\n    ]\n  }\n};\n\nfunction getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n  // Secure cookies will be automatically used on a HTTPS connection\n  // Non-secure cookies will be automatically used on a HTTP connection\n  // secure option can override the automatic behavior\n  var cookieSettings = args.cookies || {};\n  if (typeof cookieSettings.secure === 'undefined') {\n    cookieSettings.secure = isHTTPS;\n  }\n  if (typeof cookieSettings.sameSite === 'undefined') {\n    cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n  }\n\n  // If secure=true, but the connection is not HTTPS, set secure=false.\n  if (cookieSettings.secure && !isHTTPS) {\n    // eslint-disable-next-line no-console\n    warn(\n      'The current page is not being served with the HTTPS protocol.\\n' +\n      'For security reasons, we strongly recommend using HTTPS.\\n' +\n      'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n    );\n    cookieSettings.secure = false;\n  }\n\n  // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n  // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n  if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n    cookieSettings.sameSite = 'lax';\n  }\n\n  return cookieSettings;\n}\n\n\nexport function getDefaultOptions(): OktaAuthOptions {\n  const storageUtil = isBrowser() ? browserStorage : serverStorage;\n  const storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;\n  return {\n    devMode: false,\n    httpRequestClient: fetchRequest,\n    storageUtil,\n    storageManager\n  };\n}\n\nfunction mergeOptions(options, args): OktaAuthOptions {\n  return Object.assign({}, options, removeNils(args), {\n    storageManager: Object.assign({}, options.storageManager, args.storageManager)\n  });\n}\n\nexport function buildOptions(args: OktaAuthOptions = {}): OktaAuthOptions {\n  assertValidConfig(args);\n  args = mergeOptions(getDefaultOptions(), args);\n  return removeNils({\n    // OIDC configuration\n    issuer: removeTrailingSlash(args.issuer),\n    tokenUrl: removeTrailingSlash(args.tokenUrl),\n    authorizeUrl: removeTrailingSlash(args.authorizeUrl),\n    userinfoUrl: removeTrailingSlash(args.userinfoUrl),\n    revokeUrl: removeTrailingSlash(args.revokeUrl),\n    logoutUrl: removeTrailingSlash(args.logoutUrl),\n    clientId: args.clientId,\n    redirectUri: args.redirectUri,\n    state: args.state,\n    scopes: args.scopes,\n    postLogoutRedirectUri: args.postLogoutRedirectUri,\n    responseMode: args.responseMode,\n    responseType: args.responseType,\n    pkce: args.pkce === false ? false : true, // PKCE defaults to true\n    useInteractionCodeFlow: args.useInteractionCodeFlow,\n\n    // Internal options\n    httpRequestClient: args.httpRequestClient,\n    transformErrorXHR: args.transformErrorXHR,\n    transformAuthState: args.transformAuthState,\n    restoreOriginalUri: args.restoreOriginalUri,\n    storageUtil: args.storageUtil,\n    headers: args.headers,\n    devMode: !!args.devMode,\n    storageManager: args.storageManager,\n    cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,\n\n    // Give the developer the ability to disable token signature validation.\n    ignoreSignature: !!args.ignoreSignature,\n\n    // Server-side web applications\n    clientSecret: args.clientSecret\n  });\n}\n"],"file":"options.js"}
+{"version":3,"sources":["../../lib/options.ts"],"names":["BROWSER_STORAGE","token","storageTypes","useMultipleCookies","cache","transaction","SERVER_STORAGE","getCookieSettings","args","isHTTPS","cookieSettings","cookies","secure","sameSite","getDefaultOptions","storageUtil","browserStorage","serverStorage","storageManager","enableSharedStorage","devMode","httpRequestClient","fetchRequest","transactionManager","mergeOptions","options","Object","assign","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","ignoreSignature","clientSecret"],"mappings":";;;;;;;AAcA;;AACA;;AAGA;;AACA;;AACA;;AACA;;AArBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AAUA,MAAMA,eAAsC,GAAG;AAC7CC,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY,CADT;AAMLC,IAAAA,kBAAkB,EAAE;AANf,GADsC;AAS7CC,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GATsC;AAgB7CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;AADH,GAhBgC;AAuB7C,wBAAsB;AACpBA,IAAAA,YAAY,EAAE,CACZ,cADY;AADM,GAvBuB;AA4B7C,kBAAgB;AACdA,IAAAA,YAAY,EAAE,CACZ,cADY;AADA;AA5B6B,CAA/C;AAmCA,MAAMI,cAAqC,GAAG;AAC5CL,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GADqC;AAM5CE,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GANqC;AAW5CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,QADY;AADH;AAX+B,CAA9C;;AAkBA,SAASK,iBAAT,CAA2BC,IAAqB,GAAG,EAAnD,EAAuDC,OAAvD,EAAyE;AACvE;AACA;AACA;AACA,MAAIC,cAAc,GAAGF,IAAI,CAACG,OAAL,IAAgB,EAArC;;AACA,MAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;AAChDF,IAAAA,cAAc,CAACE,MAAf,GAAwBH,OAAxB;AACD;;AACD,MAAI,OAAOC,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;AAClDH,IAAAA,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;AACD,GAVsE,CAYvE;;;AACA,MAAIF,cAAc,CAACE,MAAf,IAAyB,CAACH,OAA9B,EAAuC;AACrC;AACA,oBACE,oEACA,4DADA,GAEA,gEAHF;AAKAC,IAAAA,cAAc,CAACE,MAAf,GAAwB,KAAxB;AACD,GArBsE,CAuBvE;AACA;;;AACA,MAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;AAChEF,IAAAA,cAAc,CAACG,QAAf,GAA0B,KAA1B;AACD;;AAED,SAAOH,cAAP;AACD;;AAGM,SAASI,iBAAT,GAA8C;AACnD,QAAMC,WAAW,GAAG,6BAAcC,uBAAd,GAA+BC,sBAAnD;AACA,QAAMC,cAAc,GAAG,6BAAclB,eAAd,GAAgCM,cAAvD;AACA,QAAMa,mBAAmB,GAAG,6BAAc,IAAd,GAAqB,KAAjD,CAHmD,CAGK;;AACxD,SAAO;AACLC,IAAAA,OAAO,EAAE,KADJ;AAELC,IAAAA,iBAAiB,EAAEC,qBAFd;AAGLP,IAAAA,WAHK;AAILG,IAAAA,cAJK;AAKLK,IAAAA,kBAAkB,EAAE;AAClBJ,MAAAA;AADkB;AALf,GAAP;AASD;;AAED,SAASK,YAAT,CAAsBC,OAAtB,EAA+BjB,IAA/B,EAAsD;AACpD,SAAOkB,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAlB,EAA2B,sBAAWjB,IAAX,CAA3B,EAA6C;AAClDU,IAAAA,cAAc,EAAEQ,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACP,cAA1B,EAA0CV,IAAI,CAACU,cAA/C,CADkC;AAElDK,IAAAA,kBAAkB,EAAEG,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACF,kBAA1B,EAA8Cf,IAAI,CAACe,kBAAnD;AAF8B,GAA7C,CAAP;AAID;;AAEM,SAASK,YAAT,CAAsBpB,IAAqB,GAAG,EAA9C,EAAmE;AACxE,sCAAkBA,IAAlB;AACAA,EAAAA,IAAI,GAAGgB,YAAY,CAACV,iBAAiB,EAAlB,EAAsBN,IAAtB,CAAnB;AACA,SAAO,sBAAW;AAChB;AACAqB,IAAAA,MAAM,EAAE,+BAAoBrB,IAAI,CAACqB,MAAzB,CAFQ;AAGhBC,IAAAA,QAAQ,EAAE,+BAAoBtB,IAAI,CAACsB,QAAzB,CAHM;AAIhBC,IAAAA,YAAY,EAAE,+BAAoBvB,IAAI,CAACuB,YAAzB,CAJE;AAKhBC,IAAAA,WAAW,EAAE,+BAAoBxB,IAAI,CAACwB,WAAzB,CALG;AAMhBC,IAAAA,SAAS,EAAE,+BAAoBzB,IAAI,CAACyB,SAAzB,CANK;AAOhBC,IAAAA,SAAS,EAAE,+BAAoB1B,IAAI,CAAC0B,SAAzB,CAPK;AAQhBC,IAAAA,QAAQ,EAAE3B,IAAI,CAAC2B,QARC;AAShBC,IAAAA,WAAW,EAAE5B,IAAI,CAAC4B,WATF;AAUhBC,IAAAA,KAAK,EAAE7B,IAAI,CAAC6B,KAVI;AAWhBC,IAAAA,MAAM,EAAE9B,IAAI,CAAC8B,MAXG;AAYhBC,IAAAA,qBAAqB,EAAE/B,IAAI,CAAC+B,qBAZZ;AAahBC,IAAAA,YAAY,EAAEhC,IAAI,CAACgC,YAbH;AAchBC,IAAAA,YAAY,EAAEjC,IAAI,CAACiC,YAdH;AAehBC,IAAAA,IAAI,EAAElC,IAAI,CAACkC,IAAL,KAAc,KAAd,GAAsB,KAAtB,GAA8B,IAfpB;AAe0B;AAC1CC,IAAAA,sBAAsB,EAAEnC,IAAI,CAACmC,sBAhBb;AAkBhB;AACAtB,IAAAA,iBAAiB,EAAEb,IAAI,CAACa,iBAnBR;AAoBhBuB,IAAAA,iBAAiB,EAAEpC,IAAI,CAACoC,iBApBR;AAqBhBC,IAAAA,kBAAkB,EAAErC,IAAI,CAACqC,kBArBT;AAsBhBC,IAAAA,kBAAkB,EAAEtC,IAAI,CAACsC,kBAtBT;AAuBhB/B,IAAAA,WAAW,EAAEP,IAAI,CAACO,WAvBF;AAwBhBgC,IAAAA,OAAO,EAAEvC,IAAI,CAACuC,OAxBE;AAyBhB3B,IAAAA,OAAO,EAAE,CAAC,CAACZ,IAAI,CAACY,OAzBA;AA0BhBF,IAAAA,cAAc,EAAEV,IAAI,CAACU,cA1BL;AA2BhBK,IAAAA,kBAAkB,EAAEf,IAAI,CAACe,kBA3BT;AA4BhBZ,IAAAA,OAAO,EAAE,6BAAcJ,iBAAiB,CAACC,IAAD,EAAO,wBAAP,CAA/B,GAAmDA,IAAI,CAACG,OA5BjD;AA8BhB;AACAqC,IAAAA,eAAe,EAAE,CAAC,CAACxC,IAAI,CAACwC,eA/BR;AAiChB;AACAC,IAAAA,YAAY,EAAEzC,IAAI,CAACyC;AAlCH,GAAX,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { removeTrailingSlash, warn, removeNils } from './util';\nimport { assertValidConfig } from './builderUtil';\nimport { OktaAuthOptions, StorageManagerOptions } from './types';\n\nimport fetchRequest from './fetch/fetchRequest';\nimport browserStorage from './browser/browserStorage';\nimport serverStorage from './server/serverStorage';\nimport { isBrowser, isHTTPS } from './features';\n\nconst BROWSER_STORAGE: StorageManagerOptions = {\n  token: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ],\n    useMultipleCookies: true\n  },\n  cache: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ]\n  },\n  transaction: {\n    storageTypes: [\n      'sessionStorage',\n      'localStorage',\n      'cookie'\n    ]\n  },\n  'shared-transaction': {\n    storageTypes: [\n      'localStorage'\n    ]\n  },\n  'original-uri': {\n    storageTypes: [\n      'localStorage'\n    ]\n  }\n};\n\nconst SERVER_STORAGE: StorageManagerOptions = {\n  token: {\n    storageTypes: [\n      'memory'\n    ]\n  },\n  cache: {\n    storageTypes: [\n      'memory'\n    ]\n  },\n  transaction: {\n    storageTypes: [\n      'memory'\n    ]\n  }\n};\n\nfunction getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n  // Secure cookies will be automatically used on a HTTPS connection\n  // Non-secure cookies will be automatically used on a HTTP connection\n  // secure option can override the automatic behavior\n  var cookieSettings = args.cookies || {};\n  if (typeof cookieSettings.secure === 'undefined') {\n    cookieSettings.secure = isHTTPS;\n  }\n  if (typeof cookieSettings.sameSite === 'undefined') {\n    cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n  }\n\n  // If secure=true, but the connection is not HTTPS, set secure=false.\n  if (cookieSettings.secure && !isHTTPS) {\n    // eslint-disable-next-line no-console\n    warn(\n      'The current page is not being served with the HTTPS protocol.\\n' +\n      'For security reasons, we strongly recommend using HTTPS.\\n' +\n      'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n    );\n    cookieSettings.secure = false;\n  }\n\n  // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n  // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n  if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n    cookieSettings.sameSite = 'lax';\n  }\n\n  return cookieSettings;\n}\n\n\nexport function getDefaultOptions(): OktaAuthOptions {\n  const storageUtil = isBrowser() ? browserStorage : serverStorage;\n  const storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;\n  const enableSharedStorage = isBrowser() ? true : false; // localStorage for multi-tab flows (browser only)\n  return {\n    devMode: false,\n    httpRequestClient: fetchRequest,\n    storageUtil,\n    storageManager,\n    transactionManager: {\n      enableSharedStorage\n    }\n  };\n}\n\nfunction mergeOptions(options, args): OktaAuthOptions {\n  return Object.assign({}, options, removeNils(args), {\n    storageManager: Object.assign({}, options.storageManager, args.storageManager),\n    transactionManager: Object.assign({}, options.transactionManager, args.transactionManager),\n  });\n}\n\nexport function buildOptions(args: OktaAuthOptions = {}): OktaAuthOptions {\n  assertValidConfig(args);\n  args = mergeOptions(getDefaultOptions(), args);\n  return removeNils({\n    // OIDC configuration\n    issuer: removeTrailingSlash(args.issuer),\n    tokenUrl: removeTrailingSlash(args.tokenUrl),\n    authorizeUrl: removeTrailingSlash(args.authorizeUrl),\n    userinfoUrl: removeTrailingSlash(args.userinfoUrl),\n    revokeUrl: removeTrailingSlash(args.revokeUrl),\n    logoutUrl: removeTrailingSlash(args.logoutUrl),\n    clientId: args.clientId,\n    redirectUri: args.redirectUri,\n    state: args.state,\n    scopes: args.scopes,\n    postLogoutRedirectUri: args.postLogoutRedirectUri,\n    responseMode: args.responseMode,\n    responseType: args.responseType,\n    pkce: args.pkce === false ? false : true, // PKCE defaults to true\n    useInteractionCodeFlow: args.useInteractionCodeFlow,\n\n    // Internal options\n    httpRequestClient: args.httpRequestClient,\n    transformErrorXHR: args.transformErrorXHR,\n    transformAuthState: args.transformAuthState,\n    restoreOriginalUri: args.restoreOriginalUri,\n    storageUtil: args.storageUtil,\n    headers: args.headers,\n    devMode: !!args.devMode,\n    storageManager: args.storageManager,\n    transactionManager: args.transactionManager,\n    cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,\n\n    // Give the developer the ability to disable token signature validation.\n    ignoreSignature: !!args.ignoreSignature,\n\n    // Server-side web applications\n    clientSecret: args.clientSecret\n  });\n}\n"],"file":"options.js"}

package/cjs/server/serverStorage.js

@@ -17,9 +17,10 @@ var _errors = require("../errors");
  *
  */
 const NodeCache = require('node-cache'); // commonJS module cannot be imported without esModuleInterop
+// this is a SHARED memory storage to support a stateless http server
 
 
-const sharedStorage = new NodeCache(); // this is a SHARED memory storage to support a stateless http server
+const sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;
 
 class ServerCookies {
   // NodeCache

package/cjs/server/serverStorage.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../lib/server/serverStorage.ts"],"names":["NodeCache","require","sharedStorage","ServerCookies","constructor","nodeCache","set","name","value","expiresAt","Date","parse","ttl","now","get","delete","del","ServerStorage","storage","testStorageType","storageType","supported","getStorageByType","storageProvider","getStorage","AuthSdkError","findStorageType","getHttpCache","getItem","setItem","key"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAIA,MAAMA,SAAS,GAAGC,OAAO,CAAC,YAAD,CAAzB,C,CAAyC;;;AACzC,MAAMC,aAAa,GAAG,IAAIF,SAAJ,EAAtB,C,CAAuC;;AAEvC,MAAMG,aAAN,CAAuC;AACrB;AAEhBC,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACD;;AAEDC,EAAAA,GAAG,CAACC,IAAD,EAAeC,KAAf,EAA8BC,SAA9B,EAAyD;AAC1D;AACA,QAAI,CAAC,CAAEC,IAAI,CAACC,KAAL,CAAWF,SAAX,CAAP,EAA+B;AAC7B;AACA,UAAIG,GAAG,GAAG,CAACF,IAAI,CAACC,KAAL,CAAWF,SAAX,IAAwBC,IAAI,CAACG,GAAL,EAAzB,IAAuC,IAAjD;AACA,WAAKR,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB,EAAgCI,GAAhC;AACD,KAJD,MAIO;AACL,WAAKP,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB;AACD;;AAED,WAAO,KAAKM,GAAL,CAASP,IAAT,CAAP;AACD;;AAEDO,EAAAA,GAAG,CAACP,IAAD,EAAe;AAChB,WAAO,KAAKF,SAAL,CAAeS,GAAf,CAAmBP,IAAnB,CAAP;AACD;;AAEDQ,EAAAA,MAAM,CAACR,IAAD,EAAO;AACX,WAAO,KAAKF,SAAL,CAAeW,GAAf,CAAmBT,IAAnB,CAAP;AACD;;AA1BoC,C,CA4BvC;;;AACA,MAAMU,aAAN,CAA2C;AACzB;AAEhBb,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACA,SAAKa,OAAL,GAAe,IAAIf,aAAJ,CAAkBE,SAAlB,CAAf;AACD;;AAEDc,EAAAA,eAAe,CAACC,WAAD,EAAoC;AACjD,QAAIC,SAAS,GAAG,KAAhB;;AACA,YAAQD,WAAR;AACE,WAAK,QAAL;AACEC,QAAAA,SAAS,GAAG,IAAZ;AACA;;AACF;AACE;AALJ;;AAOA,WAAOA,SAAP;AACD;;AAEDC,EAAAA,gBAAgB,CAACF,WAAD,EAA0C;AACxD,QAAIG,eAAe,GAAG,IAAtB;;AACA,YAAQH,WAAR;AACE,WAAK,QAAL;AACEG,QAAAA,eAAe,GAAG,KAAKC,UAAL,EAAlB;AACA;;AACF;AACE,cAAM,IAAIC,oBAAJ,CAAkB,gCAA+BL,WAAY,EAA7D,CAAN;AACA;AANJ;;AAQA,WAAOG,eAAP;AACD;;AAEDG,EAAAA,eAAe,GAAgB;AAC7B,WAAO,QAAP;AACD,GAnCwC,CAqCzC;;;AACAC,EAAAA,YAAY,GAAG;AACb,WAAO,IAAP,CADa,CACA;AACd,GAxCwC,CA0CzC;;;AACAH,EAAAA,UAAU,GAAkB;AAC1B,WAAO;AACLI,MAAAA,OAAO,EAAE,KAAKvB,SAAL,CAAeS,GADnB;AAELe,MAAAA,OAAO,EAAE,CAACC,GAAD,EAAMtB,KAAN,KAAgB;AACvB,aAAKH,SAAL,CAAeC,GAAf,CAAmBwB,GAAnB,EAAwBtB,KAAxB,EAA+B,0BAA/B;AACD;AAJI,KAAP;AAMD;;AAlDwC;;eAqD5B,IAAIS,aAAJ,CAAkBf,aAAlB,C","sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { SimpleStorage, StorageType, StorageUtil, Cookies } from '../types';\nimport { AuthSdkError } from '../errors';\nconst NodeCache = require('node-cache'); // commonJS module cannot be imported without esModuleInterop\nconst sharedStorage = new NodeCache(); // this is a SHARED memory storage to support a stateless http server\n\nclass ServerCookies implements Cookies {\n  nodeCache: any; // NodeCache\n  \n  constructor(nodeCache) {\n    this.nodeCache = nodeCache;\n  }\n\n  set(name: string, value: string, expiresAt: string): string {\n    // eslint-disable-next-line no-extra-boolean-cast\n    if (!!(Date.parse(expiresAt))) {\n      // Time to expiration in seconds\n      var ttl = (Date.parse(expiresAt) - Date.now()) / 1000;\n      this.nodeCache.set(name, value, ttl);\n    } else {\n      this.nodeCache.set(name, value);\n    }\n\n    return this.get(name);\n  }\n\n  get(name): string {\n    return this.nodeCache.get(name);\n  }\n\n  delete(name) {\n    return this.nodeCache.del(name);\n  }\n}\n// Building this as an object allows us to mock the functions in our tests\nclass ServerStorage implements StorageUtil {\n  nodeCache: any; // NodeCache\n  storage: Cookies;\n  constructor(nodeCache) {\n    this.nodeCache = nodeCache;\n    this.storage = new ServerCookies(nodeCache);\n  }\n\n  testStorageType(storageType: StorageType): boolean {\n    var supported = false;\n    switch (storageType) {\n      case 'memory':\n        supported = true;\n        break;\n      default:\n        break;\n    }\n    return supported;\n  }\n\n  getStorageByType(storageType: StorageType): SimpleStorage {\n    let storageProvider = null;\n    switch (storageType) {\n      case 'memory':\n        storageProvider = this.getStorage();\n        break;\n      default:\n        throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n        break;\n    }\n    return storageProvider;\n  }\n\n  findStorageType(): StorageType {\n    return 'memory';\n  }\n\n  // will be removed in next version. OKTA-362589\n  getHttpCache() {\n    return null; // stubbed in server.js\n  }\n\n  // shared in-memory using node cache\n  getStorage(): SimpleStorage {\n    return {\n      getItem: this.nodeCache.get,\n      setItem: (key, value) => {\n        this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');\n      }\n    };\n  }\n}\n\nexport default new ServerStorage(sharedStorage);\n"],"file":"serverStorage.js"}
+{"version":3,"sources":["../../../lib/server/serverStorage.ts"],"names":["NodeCache","require","sharedStorage","ServerCookies","constructor","nodeCache","set","name","value","expiresAt","Date","parse","ttl","now","get","delete","del","ServerStorage","storage","testStorageType","storageType","supported","getStorageByType","storageProvider","getStorage","AuthSdkError","findStorageType","getHttpCache","getItem","setItem","key"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAIA,MAAMA,SAAS,GAAGC,OAAO,CAAC,YAAD,CAAzB,C,CAAyC;AAEzC;;;AACA,MAAMC,aAAa,GAAG,OAAOF,SAAP,KAAqB,UAArB,GAAkC,IAAIA,SAAJ,EAAlC,GAAoD,IAA1E;;AAEA,MAAMG,aAAN,CAAuC;AACrB;AAEhBC,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACD;;AAEDC,EAAAA,GAAG,CAACC,IAAD,EAAeC,KAAf,EAA8BC,SAA9B,EAAyD;AAC1D;AACA,QAAI,CAAC,CAAEC,IAAI,CAACC,KAAL,CAAWF,SAAX,CAAP,EAA+B;AAC7B;AACA,UAAIG,GAAG,GAAG,CAACF,IAAI,CAACC,KAAL,CAAWF,SAAX,IAAwBC,IAAI,CAACG,GAAL,EAAzB,IAAuC,IAAjD;AACA,WAAKR,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB,EAAgCI,GAAhC;AACD,KAJD,MAIO;AACL,WAAKP,SAAL,CAAeC,GAAf,CAAmBC,IAAnB,EAAyBC,KAAzB;AACD;;AAED,WAAO,KAAKM,GAAL,CAASP,IAAT,CAAP;AACD;;AAEDO,EAAAA,GAAG,CAACP,IAAD,EAAe;AAChB,WAAO,KAAKF,SAAL,CAAeS,GAAf,CAAmBP,IAAnB,CAAP;AACD;;AAEDQ,EAAAA,MAAM,CAACR,IAAD,EAAO;AACX,WAAO,KAAKF,SAAL,CAAeW,GAAf,CAAmBT,IAAnB,CAAP;AACD;;AA1BoC,C,CA4BvC;;;AACA,MAAMU,aAAN,CAA2C;AACzB;AAEhBb,EAAAA,WAAW,CAACC,SAAD,EAAY;AACrB,SAAKA,SAAL,GAAiBA,SAAjB;AACA,SAAKa,OAAL,GAAe,IAAIf,aAAJ,CAAkBE,SAAlB,CAAf;AACD;;AAEDc,EAAAA,eAAe,CAACC,WAAD,EAAoC;AACjD,QAAIC,SAAS,GAAG,KAAhB;;AACA,YAAQD,WAAR;AACE,WAAK,QAAL;AACEC,QAAAA,SAAS,GAAG,IAAZ;AACA;;AACF;AACE;AALJ;;AAOA,WAAOA,SAAP;AACD;;AAEDC,EAAAA,gBAAgB,CAACF,WAAD,EAA0C;AACxD,QAAIG,eAAe,GAAG,IAAtB;;AACA,YAAQH,WAAR;AACE,WAAK,QAAL;AACEG,QAAAA,eAAe,GAAG,KAAKC,UAAL,EAAlB;AACA;;AACF;AACE,cAAM,IAAIC,oBAAJ,CAAkB,gCAA+BL,WAAY,EAA7D,CAAN;AACA;AANJ;;AAQA,WAAOG,eAAP;AACD;;AAEDG,EAAAA,eAAe,GAAgB;AAC7B,WAAO,QAAP;AACD,GAnCwC,CAqCzC;;;AACAC,EAAAA,YAAY,GAAG;AACb,WAAO,IAAP,CADa,CACA;AACd,GAxCwC,CA0CzC;;;AACAH,EAAAA,UAAU,GAAkB;AAC1B,WAAO;AACLI,MAAAA,OAAO,EAAE,KAAKvB,SAAL,CAAeS,GADnB;AAELe,MAAAA,OAAO,EAAE,CAACC,GAAD,EAAMtB,KAAN,KAAgB;AACvB,aAAKH,SAAL,CAAeC,GAAf,CAAmBwB,GAAnB,EAAwBtB,KAAxB,EAA+B,0BAA/B;AACD;AAJI,KAAP;AAMD;;AAlDwC;;eAqD5B,IAAIS,aAAJ,CAAkBf,aAAlB,C","sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { SimpleStorage, StorageType, StorageUtil, Cookies } from '../types';\nimport { AuthSdkError } from '../errors';\nconst NodeCache = require('node-cache'); // commonJS module cannot be imported without esModuleInterop\n\n// this is a SHARED memory storage to support a stateless http server\nconst sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;\n\nclass ServerCookies implements Cookies {\n  nodeCache: any; // NodeCache\n  \n  constructor(nodeCache) {\n    this.nodeCache = nodeCache;\n  }\n\n  set(name: string, value: string, expiresAt: string): string {\n    // eslint-disable-next-line no-extra-boolean-cast\n    if (!!(Date.parse(expiresAt))) {\n      // Time to expiration in seconds\n      var ttl = (Date.parse(expiresAt) - Date.now()) / 1000;\n      this.nodeCache.set(name, value, ttl);\n    } else {\n      this.nodeCache.set(name, value);\n    }\n\n    return this.get(name);\n  }\n\n  get(name): string {\n    return this.nodeCache.get(name);\n  }\n\n  delete(name) {\n    return this.nodeCache.del(name);\n  }\n}\n// Building this as an object allows us to mock the functions in our tests\nclass ServerStorage implements StorageUtil {\n  nodeCache: any; // NodeCache\n  storage: Cookies;\n  constructor(nodeCache) {\n    this.nodeCache = nodeCache;\n    this.storage = new ServerCookies(nodeCache);\n  }\n\n  testStorageType(storageType: StorageType): boolean {\n    var supported = false;\n    switch (storageType) {\n      case 'memory':\n        supported = true;\n        break;\n      default:\n        break;\n    }\n    return supported;\n  }\n\n  getStorageByType(storageType: StorageType): SimpleStorage {\n    let storageProvider = null;\n    switch (storageType) {\n      case 'memory':\n        storageProvider = this.getStorage();\n        break;\n      default:\n        throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n        break;\n    }\n    return storageProvider;\n  }\n\n  findStorageType(): StorageType {\n    return 'memory';\n  }\n\n  // will be removed in next version. OKTA-362589\n  getHttpCache() {\n    return null; // stubbed in server.js\n  }\n\n  // shared in-memory using node cache\n  getStorage(): SimpleStorage {\n    return {\n      getItem: this.nodeCache.get,\n      setItem: (key, value) => {\n        this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');\n      }\n    };\n  }\n}\n\nexport default new ServerStorage(sharedStorage);\n"],"file":"serverStorage.js"}

package/cjs/tx/AuthTransaction.js

@@ -142,9 +142,7 @@ function link2fn(sdk, res, obj, link, ref) {
           }
 
           var href = link.href + (0, _util.toQueryString)(params);
-          return (0, _api.postToTransaction)(sdk, href, data, {
-            withCredentials: true
-          });
+          return (0, _api.postToTransaction)(sdk, href, data);
         };
     }
   }