@okta/okta-auth-js 5.6.0 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. package/CHANGELOG.md +18 -0
  2. package/README.md +28 -1
  3. package/cjs/OktaAuth.js +6 -4
  4. package/cjs/OktaAuth.js.map +1 -1
  5. package/cjs/OktaUserAgent.js +2 -2
  6. package/cjs/builderUtil.js +6 -0
  7. package/cjs/builderUtil.js.map +1 -1
  8. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  9. package/cjs/idx/remediators/Base/VerifyAuthenticator.js +3 -1
  10. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  11. package/cjs/idx/remediators/Identify.js +2 -1
  12. package/cjs/idx/remediators/Identify.js.map +1 -1
  13. package/cjs/idx/types/index.js.map +1 -1
  14. package/cjs/oidc/getToken.js +14 -9
  15. package/cjs/oidc/getToken.js.map +1 -1
  16. package/cjs/oidc/getWithPopup.js +9 -2
  17. package/cjs/oidc/getWithPopup.js.map +1 -1
  18. package/cjs/oidc/renewTokens.js +28 -5
  19. package/cjs/oidc/renewTokens.js.map +1 -1
  20. package/cjs/oidc/util/browser.js +1 -13
  21. package/cjs/oidc/util/browser.js.map +1 -1
  22. package/cjs/tx/AuthTransaction.js +1 -3
  23. package/cjs/tx/AuthTransaction.js.map +1 -1
  24. package/cjs/tx/api.js +3 -0
  25. package/cjs/tx/api.js.map +1 -1
  26. package/dist/okta-auth-js.min.js +7 -7
  27. package/dist/okta-auth-js.min.js.map +1 -1
  28. package/dist/okta-auth-js.umd.js +5 -5
  29. package/dist/okta-auth-js.umd.js.map +1 -1
  30. package/esm/OktaAuth.js +6 -4
  31. package/esm/OktaAuth.js.map +1 -1
  32. package/esm/OktaUserAgent.js +2 -2
  33. package/esm/builderUtil.js +6 -0
  34. package/esm/builderUtil.js.map +1 -1
  35. package/esm/idx/remediators/Base/Remediator.js.map +1 -1
  36. package/esm/idx/remediators/Base/VerifyAuthenticator.js +3 -1
  37. package/esm/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  38. package/esm/idx/remediators/Identify.js +2 -1
  39. package/esm/idx/remediators/Identify.js.map +1 -1
  40. package/esm/idx/types/index.js.map +1 -1
  41. package/esm/oidc/getToken.js +15 -10
  42. package/esm/oidc/getToken.js.map +1 -1
  43. package/esm/oidc/getWithPopup.js +8 -2
  44. package/esm/oidc/getWithPopup.js.map +1 -1
  45. package/esm/oidc/renewTokens.js +27 -5
  46. package/esm/oidc/renewTokens.js.map +1 -1
  47. package/esm/oidc/util/browser.js +1 -12
  48. package/esm/oidc/util/browser.js.map +1 -1
  49. package/esm/tx/AuthTransaction.js +1 -3
  50. package/esm/tx/AuthTransaction.js.map +1 -1
  51. package/esm/tx/api.js +3 -0
  52. package/esm/tx/api.js.map +1 -1
  53. package/lib/OktaAuth.d.ts +1 -0
  54. package/lib/idx/remediators/Base/AuthenticatorData.d.ts +1 -4
  55. package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +1 -4
  56. package/lib/idx/types/index.d.ts +4 -1
  57. package/lib/oidc/getToken.d.ts +2 -2
  58. package/lib/oidc/renewTokens.d.ts +0 -12
  59. package/lib/types/api.d.ts +8 -4
  60. package/package.json +5 -4
package/esm/OktaAuth.js CHANGED
@@ -98,9 +98,9 @@ class OktaAuth {
98
98
  redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin) // allow relative URIs
99
99
 
100
100
  });
101
- this.userAgent = getUserAgent(args, "okta-auth-js/".concat("5.6.0"));
101
+ this.userAgent = getUserAgent(args, "okta-auth-js/".concat("5.7.0"));
102
102
  } else {
103
- this.userAgent = getUserAgent(args, "okta-auth-js-server/".concat("5.6.0"));
103
+ this.userAgent = getUserAgent(args, "okta-auth-js-server/".concat("5.7.0"));
104
104
  } // Digital clocks will drift over time, so the server
105
105
  // can misalign with the time reported by the browser.
106
106
  // The maxClockSkew allows relaxing the time-based
@@ -211,6 +211,10 @@ class OktaAuth {
211
211
 
212
212
  stop() {
213
213
  this.tokenManager.stop();
214
+ }
215
+
216
+ setHeaders(headers) {
217
+ this.options.headers = Object.assign({}, this.options.headers, headers);
214
218
  } // ES6 module users can use named exports to access all symbols
215
219
  // CommonJS module users (CDN) need all exports on this object
216
220
  // Utility methods for interaction code flow
@@ -241,8 +245,6 @@ class OktaAuth {
241
245
  opts = clone(opts || {});
242
246
 
243
247
  var _postToTransaction = options => {
244
- options = options || {};
245
- options.withCredentials = true;
246
248
  delete opts.sendFingerprint;
247
249
  return postToTransaction(_this2, '/api/v1/authn', opts, options);
248
250
  };
package/esm/OktaAuth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["DEFAULT_MAX_CLOCK_SKEW","REFERRER_PATH_STORAGE_KEY","constants","transactionStatus","resumeTransaction","transactionExists","introspect","postToTransaction","PKCE","closeSession","sessionExists","getSession","refreshSession","setCookieAndRedirect","getOAuthUrls","getWithoutPrompt","getWithPopup","getWithRedirect","isLoginRedirect","parseFromUrl","decodeToken","revokeToken","renewToken","renewTokens","renewTokensWithRefresh","getUserInfo","verifyToken","prepareTokenParams","exchangeCodeForTokens","isInteractionRequiredError","isInteractionRequired","isBrowser","features","browserStorage","toQueryString","toAbsoluteUrl","clone","getUserAgent","TokenManager","get","setRequestHeader","PromiseQueue","fingerprint","AuthStateManager","StorageManager","TransactionManager","buildOptions","interact","introspectV2","authenticate","cancel","register","recoverPassword","startTransaction","handleInteractionCodeRedirect","createGlobalRequestInterceptor","setGlobalRequestInterceptor","OktaUserAgent","parseOAuthResponseFromUrl","Emitter","require","OktaAuth","constructor","args","options","storageManager","cookies","storageUtil","transactionManager","Object","assign","_oktaUserAgent","tx","status","bind","resume","exists","_get","name","storage","pkce","DEFAULT_CODE_CHALLENGE_METHOD","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","userAgent","maxClockSkew","ignoreLifetime","session","close","refresh","_tokenQueue","token","decode","revoke","renew","verify","syncMethods","keys","forEach","key","indexOf","method","prototype","push","_setLocation","url","_getHistory","history","_getLocation","_getDocument","document","idx","http","emitter","tokenManager","authStateManager","start","updateAuthState","stop","error","signIn","opts","signInWithCredentials","_postToTransaction","withCredentials","sendFingerprint","then","headers","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","Promise","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","hasExpired","getUser","getIdToken","undefined","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","getSessionStorage","setItem","getOriginalUri","meta","load","oauth","getItem","removeOriginalUri","removeItem","handleLoginRedirect","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","unlockAccount","verifyRecoveryToken"],"mappings":";;;;;;;;;AAAA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAEA,SACEA,sBADF,EAEEC,yBAFF,QAGO,aAHP;AAIA,OAAO,KAAKC,SAAZ,MAA2B,aAA3B;AA4BA,SACEC,iBADF,EAEEC,iBAFF,EAGEC,iBAHF,EAIEC,UAJF,EAKEC,iBALF,QAOO,MAPP;AAQA,OAAOC,IAAP,MAAiB,kBAAjB;AACA,SACEC,YADF,EAEEC,aAFF,EAGEC,UAHF,EAIEC,cAJF,EAKEC,oBALF,QAMO,WANP;AAOA,SACEC,YADF,EAEEC,gBAFF,EAGEC,YAHF,EAIEC,eAJF,EAKEC,eALF,EAMEC,YANF,EAOEC,WAPF,EAQEC,WARF,EASEC,UATF,EAUEC,WAVF,EAWEC,sBAXF,EAYEC,WAZF,EAaEC,WAbF,EAcEC,kBAdF,EAeEC,qBAfF,EAgBEC,0BAhBF,EAiBEC,qBAjBF,QAkBO,QAlBP;AAmBA,SAASC,SAAT,QAA0B,YAA1B;AACA,OAAO,KAAKC,QAAZ,MAA0B,YAA1B;AACA,OAAOC,cAAP,MAA2B,0BAA3B;AACA,SACEC,aADF,EAEEC,aAFF,EAGEC,KAHF,QAIO,QAJP;AAKA,SAASC,YAAT,QAA6B,eAA7B;AACA,SAASC,YAAT,QAA6B,gBAA7B;AACA,SAASC,GAAT,EAAcC,gBAAd,QAAsC,QAAtC;AACA,OAAOC,YAAP,MAAyB,gBAAzB;AACA,OAAOC,WAAP,MAAwB,uBAAxB;AACA,SAASC,gBAAT,QAAiC,oBAAjC;AACA,OAAOC,cAAP,MAA2B,kBAA3B;AACA,OAAOC,kBAAP,MAA+B,sBAA/B;AACA,SAASC,YAAT,QAA6B,WAA7B;AACA,SACEC,QADF,EAEEzC,UAAU,IAAI0C,YAFhB,EAGEC,YAHF,EAIEC,MAJF,EAKEC,QALF,EAMEC,eANF,EAOEC,gBAPF,EAQEC,6BARF,QASO,OATP;AAUA,SAASC,8BAAT,EAAyCC,2BAAzC,QAA4E,eAA5E;AACA,SAASC,aAAT,QAA8B,iBAA9B;AACA,SAASC,yBAAT,QAA0C,qBAA1C;;AAEA,IAAMC,OAAO,GAAGC,OAAO,CAAC,cAAD,CAAvB;;AAEA,MAAMC,QAAN,CAA8D;AAM5D;AACA;AACA;AAeAC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AACjC,SAAKC,OAAL,GAAelB,YAAY,CAACiB,IAAD,CAA3B;AACA,QAAM;AAAEE,MAAAA,cAAF;AAAkBC,MAAAA,OAAlB;AAA2BC,MAAAA;AAA3B,QAA2C,KAAKH,OAAtD;AACA,SAAKC,cAAL,GAAsB,IAAIrB,cAAJ,CAAmBqB,cAAnB,EAAmCC,OAAnC,EAA4CC,WAA5C,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIvB,kBAAJ,CAAuBwB,MAAM,CAACC,MAAP,CAAc;AAC7DL,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CF,IAAI,CAACK,kBAFyC,CAAvB,CAA1B;AAGA,SAAKG,cAAL,GAAsB,IAAId,aAAJ,EAAtB;AAEA,SAAKe,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEtE,iBAAiB,CAACuE,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEvE,iBAAiB,CAACsE,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRE,MAAAA,MAAM,EAAEP,MAAM,CAACC,MAAP,CAAcjE,iBAAiB,CAACqE,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDG,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd,cAAMC,OAAO,GAAGZ,WAAW,CAACY,OAA5B;AACA,iBAAOA,OAAO,CAACxC,GAAR,CAAYuC,IAAZ,CAAP;AACD;AAJuD,OAAlD,CAHA;AASRxE,MAAAA,UAAU,EAAEA,UAAU,CAACoE,IAAX,CAAgB,IAAhB,EAAsB,IAAtB;AATJ,KAAV;AAYA,SAAKM,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEzE,IAAI,CAACyE,6BAD1B;AAEVC,MAAAA,gBAAgB,EAAE1E,IAAI,CAAC0E,gBAFb;AAGVC,MAAAA,gBAAgB,EAAE3E,IAAI,CAAC2E;AAHb,KAAZ,CArBiC,CA2BjC;;AACAd,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAKN,OAAL,CAAaG,WAA3B,EAAwC;AACtCiB,MAAAA,cAAc,EAAE,KAAKnB,cAAL,CAAoBoB,oBAApB,CAAyCX,IAAzC,CAA8C,KAAKT,cAAnD,CADsB;AAEtCqB,MAAAA,YAAY,EAAE,KAAKrB,cAAL,CAAoBqB,YAApB,CAAiCZ,IAAjC,CAAsC,KAAKT,cAA3C;AAFwB,KAAxC;AAKA,SAAKsB,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAIzD,SAAS,EAAb,EAAiB;AACf,WAAKiC,OAAL,GAAeK,MAAM,CAACC,MAAP,CAAc,KAAKN,OAAnB,EAA4B;AACzCyB,QAAAA,WAAW,EAAEtD,aAAa,CAAC4B,IAAI,CAAC0B,WAAN,EAAmBC,MAAM,CAACC,QAAP,CAAgBC,MAAnC,CADe,CAC6B;;AAD7B,OAA5B,CAAf;AAGA,WAAKC,SAAL,GAAiBxD,YAAY,CAAC0B,IAAD,kCAA7B;AACD,KALD,MAKO;AACL,WAAK8B,SAAL,GAAiBxD,YAAY,CAAC0B,IAAD,yCAA7B;AACD,KA1CgC,CA4CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACA,IAAI,CAAC+B,YAAN,IAAsB/B,IAAI,CAAC+B,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAK9B,OAAL,CAAa8B,YAAb,GAA4B9F,sBAA5B;AACD,KAFD,MAEO;AACL,WAAKgE,OAAL,CAAa8B,YAAb,GAA4B/B,IAAI,CAAC+B,YAAjC;AACD,KAvDgC,CAyDjC;AACA;AACA;;;AACA,SAAK9B,OAAL,CAAa+B,cAAb,GAA8B,CAAC,CAAChC,IAAI,CAACgC,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAExF,YAAY,CAACiE,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbE,MAAAA,MAAM,EAAElE,aAAa,CAACgE,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbnC,MAAAA,GAAG,EAAE5B,UAAU,CAAC+D,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbwB,MAAAA,OAAO,EAAEtF,cAAc,CAAC8D,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKb7D,MAAAA,oBAAoB,EAAEA,oBAAoB,CAAC6D,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKyB,WAAL,GAAmB,IAAI1D,YAAJ,EAAnB;AACA,SAAK2D,KAAL,GAAa;AACXzE,MAAAA,kBAAkB,EAAEA,kBAAkB,CAAC+C,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEX9C,MAAAA,qBAAqB,EAAEA,qBAAqB,CAAC8C,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGX3D,MAAAA,gBAAgB,EAAEA,gBAAgB,CAAC2D,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX1D,MAAAA,YAAY,EAAEA,YAAY,CAAC0D,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKXzD,MAAAA,eAAe,EAAEA,eAAe,CAACyD,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CALN;AAMXvD,MAAAA,YAAY,EAAEA,YAAY,CAACuD,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CANH;AAOX2B,MAAAA,MAAM,EAAEjF,WAPG;AAQXkF,MAAAA,MAAM,EAAEjF,WAAW,CAACqD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASX6B,MAAAA,KAAK,EAAEjF,UAAU,CAACoD,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXlD,MAAAA,sBAAsB,EAAEA,sBAAsB,CAACkD,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXnD,MAAAA,WAAW,EAAEA,WAAW,CAACmD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXjD,MAAAA,WAAW,EAAEA,WAAW,CAACiD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaX8B,MAAAA,MAAM,EAAE9E,WAAW,CAACgD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXxD,MAAAA,eAAe,EAAEA,eAAe,CAACwD,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAvEiC,CAuFjC;;AACA,QAAM+B,WAAW,GAAG,CAAC,QAAD,EAAW,iBAAX,CAApB;AACApC,IAAAA,MAAM,CAACqC,IAAP,CAAY,KAAKN,KAAjB,EAAwBO,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAIH,WAAW,CAACI,OAAZ,CAAoBD,GAApB,KAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAIE,MAAM,GAAG,KAAKV,KAAL,CAAWQ,GAAX,CAAb;AACA,WAAKR,KAAL,CAAWQ,GAAX,IAAkBnE,YAAY,CAACsE,SAAb,CAAuBC,IAAvB,CAA4BtC,IAA5B,CAAiC,KAAKyB,WAAtC,EAAmDW,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND;AAQAzC,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK8B,KAAL,CAAWnF,eAAzB,EAA0C;AACxC;AACAgG,MAAAA,YAAY,EAAE,sBAASC,GAAT,EAAc;AAC1BxB,QAAAA,MAAM,CAACC,QAAP,GAAkBuB,GAAlB;AACD;AAJuC,KAA1C;AAMA7C,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK8B,KAAL,CAAWjF,YAAzB,EAAuC;AACrC;AACAgG,MAAAA,WAAW,EAAE,uBAAW;AACtB,eAAOzB,MAAM,CAAC0B,OAAd;AACD,OAJoC;AAMrC;AACAC,MAAAA,YAAY,EAAE,wBAAW;AACvB,eAAO3B,MAAM,CAACC,QAAd;AACD,OAToC;AAWrC;AACA2B,MAAAA,YAAY,EAAE,wBAAW;AACvB,eAAO5B,MAAM,CAAC6B,QAAd;AACD;AAdoC,KAAvC,EAvGiC,CAwHjC;;AACA,SAAKC,GAAL,GAAW;AACTzE,MAAAA,QAAQ,EAAEA,QAAQ,CAAC2B,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETpE,MAAAA,UAAU,EAAE0C,YAAY,CAAC0B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAFH;AAGTzB,MAAAA,YAAY,EAAEA,YAAY,CAACyB,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAITvB,MAAAA,QAAQ,EAAEA,QAAQ,CAACuB,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKTxB,MAAAA,MAAM,EAAEA,MAAM,CAACwB,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CALC;AAMTtB,MAAAA,eAAe,EAAEA,eAAe,CAACsB,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CANR;AAOTpB,MAAAA,6BAA6B,EAAEA,6BAA6B,CAACoB,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAPtB;AAQTrB,MAAAA,gBAAgB,EAAEA,gBAAgB,CAACqB,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AART,KAAX;AAUAlB,IAAAA,2BAA2B,CAACD,8BAA8B,CAAC,IAAD,CAA/B,CAA3B,CAnIiC,CAmIkC;AAEnE;;AACA,SAAKkE,IAAL,GAAY;AACVjF,MAAAA,gBAAgB,EAAEA,gBAAgB,CAACkC,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CAtIiC,CA0IjC;;AACA,SAAKhC,WAAL,GAAmBA,WAAW,CAACgC,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAKgD,OAAL,GAAe,IAAI/D,OAAJ,EAAf,CA7IiC,CA+IjC;;AACA,SAAKgE,YAAL,GAAoB,IAAIrF,YAAJ,CAAiB,IAAjB,EAAuByB,IAAI,CAAC4D,YAA5B,CAApB,CAhJiC,CAkJjC;;AACA,SAAKC,gBAAL,GAAwB,IAAIjF,gBAAJ,CAAqB,IAArB,CAAxB;AACD;;AAEDkF,EAAAA,KAAK,GAAG;AACN,SAAKF,YAAL,CAAkBE,KAAlB;;AACA,QAAI,CAAC,KAAKzB,KAAL,CAAWlF,eAAX,EAAL,EAAmC;AACjC,WAAK0G,gBAAL,CAAsBE,eAAtB;AACD;AACF;;AAEDC,EAAAA,IAAI,GAAG;AACL,SAAKJ,YAAL,CAAkBI,IAAlB;AACD,GAtL2D,CAwL5D;AACA;AAEA;;;AACAjG,EAAAA,qBAAqB,GAAY;AAC/B,WAAOA,qBAAqB,CAAC,IAAD,CAA5B;AACD;;AAEDD,EAAAA,0BAA0B,CAACmG,KAAD,EAAwB;AAChD,WAAOnG,0BAA0B,CAACmG,KAAD,CAAjC;AACD;;AAEKC,EAAAA,MAAM,CAACC,IAAD,EAAgD;AAAA;;AAAA;AAC1D;AACA;AACA,aAAO,KAAI,CAACC,qBAAL,CAA2BD,IAA3B,CAAP;AAH0D;AAI3D;;AAEKC,EAAAA,qBAAqB,CAACD,IAAD,EAA+D;AAAA;;AAAA;AACxFA,MAAAA,IAAI,GAAG9F,KAAK,CAAC8F,IAAI,IAAI,EAAT,CAAZ;;AACA,UAAME,kBAAkB,GAAIpE,OAAD,IAAc;AACvCA,QAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AACAA,QAAAA,OAAO,CAACqE,eAAR,GAA0B,IAA1B;AACA,eAAOH,IAAI,CAACI,eAAZ;AACA,eAAO/H,iBAAiB,CAAC,MAAD,EAAO,eAAP,EAAwB2H,IAAxB,EAA8BlE,OAA9B,CAAxB;AACD,OALD;;AAMA,UAAI,CAACkE,IAAI,CAACI,eAAV,EAA2B;AACzB,eAAOF,kBAAkB,EAAzB;AACD;;AACD,aAAO,MAAI,CAAC1F,WAAL,GACN6F,IADM,CACD,UAAS7F,WAAT,EAAsB;AAC1B,eAAO0F,kBAAkB,CAAC;AACxBI,UAAAA,OAAO,EAAE;AACP,oCAAwB9F;AADjB;AADe,SAAD,CAAzB;AAKD,OAPM,CAAP;AAXwF;AAmBzF;;AAEK+F,EAAAA,kBAAkB,GAAuC;AAAA;AAAA;;AAAA;AAAA,UAAtCP,IAAsC,0EAAJ,EAAI;;AAC7D,UAAM;AAAEQ,QAAAA;AAAF,UAAuCR,IAA7C;AAAA,UAAwBS,gBAAxB,4BAA6CT,IAA7C;;AACA,UAAG,MAAI,CAAC3C,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,MAAA,MAAI,CAACD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,UAAI;AACF;AACA,YAAIkD,WAAJ,EAAiB;AACf,UAAA,MAAI,CAACE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAGxE,MAAM,CAACC,MAAP,CAAc;AAC3B;AACAwE,UAAAA,MAAM,EAAE,MAAI,CAAC9E,OAAL,CAAa8E,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,SAAd,EAGZH,gBAHY,CAAf;AAIA,cAAM,MAAI,CAACvC,KAAL,CAAWnF,eAAX,CAA2B4H,MAA3B,CAAN;AACD,OAVD,SAUU;AACR,QAAA,MAAI,CAACtD,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AApB4D;AAqB9D,GApP2D,CAsP5D;;;AACA/E,EAAAA,YAAY,GAAoB;AAC9B;AACA,SAAKkH,YAAL,CAAkBoB,KAAlB;AAEA,WAAO,KAAK/C,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACN+C,KADM,CACA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAACnE,IAAF,KAAW,cAAX,IAA6BmE,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAPM,CAAP;AAQD,GAnQ2D,CAqQ5D;;;AACME,EAAAA,iBAAiB,CAACC,WAAD,EAA6C;AAAA;;AAAA;AAClE,UAAI,CAACA,WAAL,EAAkB;AAChBA,QAAAA,WAAW,GAAG,OAAO,MAAI,CAACzB,YAAL,CAAkB0B,SAAlB,EAAP,EAAsCD,WAApD;;AACA,YAAME,cAAc,GAAG,MAAI,CAAC3B,YAAL,CAAkB4B,mBAAlB,CAAsC,aAAtC,CAAvB;;AACA,QAAA,MAAI,CAAC5B,YAAL,CAAkB6B,MAAlB,CAAyBF,cAAzB;AACD,OALiE,CAMlE;;;AACA,UAAI,CAACF,WAAL,EAAkB;AAChB,eAAOK,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,aAAO,MAAI,CAACtD,KAAL,CAAWE,MAAX,CAAkB8C,WAAlB,CAAP;AAVkE;AAWnE,GAjR2D,CAmR5D;;;AACMO,EAAAA,kBAAkB,CAACC,YAAD,EAA+C;AAAA;;AAAA;AACrE,UAAI,CAACA,YAAL,EAAmB;AACjBA,QAAAA,YAAY,GAAG,OAAO,MAAI,CAACjC,YAAL,CAAkB0B,SAAlB,EAAP,EAAsCO,YAArD;;AACA,YAAMC,eAAe,GAAG,MAAI,CAAClC,YAAL,CAAkB4B,mBAAlB,CAAsC,cAAtC,CAAxB;;AACA,QAAA,MAAI,CAAC5B,YAAL,CAAkB6B,MAAlB,CAAyBK,eAAzB;AACD,OALoE,CAMrE;;;AACA,UAAI,CAACD,YAAL,EAAmB;AACjB,eAAOH,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,aAAO,MAAI,CAACtD,KAAL,CAAWE,MAAX,CAAkBsD,YAAlB,CAAP;AAVqE;AAWtE;;AAEDE,EAAAA,qBAAqB,GAA0C;AAAA,QAAzC9F,OAAyC,uEAAJ,EAAI;AAC7D,QAAI;AACF+F,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAjG,OAJJ;;AAKA,QAAI,CAAC+F,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKpC,YAAL,CAAkBuC,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKhG,OAAL,CAAagG,qBAArC;AACD;;AAED,QAAMG,SAAS,GAAGrJ,YAAY,CAAC,IAAD,CAAZ,CAAmBqJ,SAArC;AACA,QAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GA7T2D,CA+T5D;;;AACME,EAAAA,OAAO,CAACvG,OAAD,EAA2B;AAAA;;AAAA;AACtCA,MAAAA,OAAO,GAAGK,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBN,OAAlB,CAAV,CADsC,CAGtC;;AACA,UAAIwG,UAAU,GAAG9E,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,UAAI6E,UAAU,GAAG/E,MAAM,CAACC,QAAP,CAAgB+E,IAAjC;AACA,UAAIV,qBAAqB,GAAGhG,OAAO,CAACgG,qBAAR,IACvB,MAAI,CAAChG,OAAL,CAAagG,qBADU,IAEvBQ,UAFL;AAIA,UAAIpB,WAAW,GAAGpF,OAAO,CAACoF,WAA1B;AACA,UAAIQ,YAAY,GAAG5F,OAAO,CAAC4F,YAA3B;AACA,UAAIT,iBAAiB,GAAGnF,OAAO,CAACmF,iBAAR,KAA8B,KAAtD;AACA,UAAIQ,kBAAkB,GAAG3F,OAAO,CAAC2F,kBAAR,KAA+B,KAAxD;;AAEA,UAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,QAAAA,YAAY,GAAG,MAAI,CAACjC,YAAL,CAAkBuC,aAAlB,GAAkCN,YAAjD;AACD;;AAED,UAAIT,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,QAAAA,WAAW,GAAG,MAAI,CAACzB,YAAL,CAAkBuC,aAAlB,GAAkCd,WAAhD;AACD;;AAED,UAAI,CAACpF,OAAO,CAAC+F,OAAb,EAAsB;AACpB/F,QAAAA,OAAO,CAAC+F,OAAR,GAAkB,MAAI,CAACpC,YAAL,CAAkBuC,aAAlB,GAAkCH,OAApD;AACD,OAzBqC,CA2BtC;;;AACA,MAAA,MAAI,CAACpC,YAAL,CAAkBoB,KAAlB;;AAEA,UAAIY,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,cAAM,MAAI,CAACD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,UAAIT,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,cAAM,MAAI,CAACD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMiB,SAAS,GAAG,MAAI,CAACP,qBAAL,iCAAgC9F,OAAhC;AAAyCgG,QAAAA;AAAzC,SAAlB,CAtCsC,CAuCtC;AACA;;;AACA,UAAI,CAACK,SAAL,EAAgB;AACd,eAAO,MAAI,CAAC5J,YAAL,GAAoB;AAApB,SACN8H,IADM,CACD,YAAW;AACf,cAAIyB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxC/E,YAAAA,MAAM,CAACC,QAAP,CAAgBgF,MAAhB,GADwC,CACd;AAC3B,WAFD,MAEO;AACLjF,YAAAA,MAAM,CAACC,QAAP,CAAgBrB,MAAhB,CAAuB0F,qBAAvB;AACD;AACF,SAPM,CAAP;AAQD,OATD,MASO;AACL;AACAtE,QAAAA,MAAM,CAACC,QAAP,CAAgBrB,MAAhB,CAAuB+F,SAAvB;AACD;AArDqC;AAsDvC;;AAEDO,EAAAA,SAAS,CAAC1C,IAAD,EAAwB;AAC/B,QAAIhB,GAAG,GAAG,2BAA2BhF,aAAa,CAACgG,IAAD,CAAlD;AACA,QAAIlE,OAAO,GAAG;AACZwE,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAOjG,GAAG,CAAC,IAAD,EAAO2E,GAAP,EAAYlD,OAAZ,CAAV;AACD,GAhY2D,CAkY5D;AACA;AACA;AAEA;AACA;;;AACM6G,EAAAA,eAAe,GAAqB;AAAA;;AAAA;AAExC,UAAI;AAAEzB,QAAAA,WAAF;AAAeW,QAAAA;AAAf,UAA2B,MAAI,CAACpC,YAAL,CAAkBuC,aAAlB,EAA/B;;AACA,UAAM;AAAEY,QAAAA,SAAF;AAAaC,QAAAA;AAAb,UAA4B,MAAI,CAACpD,YAAL,CAAkBqD,UAAlB,EAAlC;;AAEA,UAAI5B,WAAW,IAAI,MAAI,CAACzB,YAAL,CAAkBsD,UAAlB,CAA6B7B,WAA7B,CAAnB,EAA8D;AAC5DA,QAAAA,WAAW,GAAG,IAAd;;AACA,YAAI0B,SAAJ,EAAe;AACb1B,UAAAA,WAAW,SAAS,MAAI,CAACzB,YAAL,CAAkBpB,KAAlB,CAAwB,aAAxB,CAApB;AACD,SAFD,MAEO,IAAIwE,UAAJ,EAAgB;AACrB,UAAA,MAAI,CAACpD,YAAL,CAAkB6B,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,UAAIO,OAAO,IAAI,MAAI,CAACpC,YAAL,CAAkBsD,UAAlB,CAA6BlB,OAA7B,CAAf,EAAsD;AACpDA,QAAAA,OAAO,GAAG,IAAV;;AACA,YAAIe,SAAJ,EAAe;AACbf,UAAAA,OAAO,SAAS,MAAI,CAACpC,YAAL,CAAkBpB,KAAlB,CAAwB,SAAxB,CAAhB;AACD,SAFD,MAEO,IAAIwE,UAAJ,EAAgB;AACrB,UAAA,MAAI,CAACpD,YAAL,CAAkB6B,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,aAAO,CAAC,EAAEJ,WAAW,IAAIW,OAAjB,CAAR;AAvBwC;AAwBzC;;AAEKmB,EAAAA,OAAO,GAAwB;AAAA;;AAAA;AACnC,UAAM;AAAEnB,QAAAA,OAAF;AAAWX,QAAAA;AAAX,UAA2B,MAAI,CAACzB,YAAL,CAAkBuC,aAAlB,EAAjC;;AACA,aAAO,MAAI,CAAC9D,KAAL,CAAW3E,WAAX,CAAuB2H,WAAvB,EAAoCW,OAApC,CAAP;AAFmC;AAGpC;;AAEDoB,EAAAA,UAAU,GAAuB;AAC/B,QAAM;AAAEpB,MAAAA;AAAF,QAAc,KAAKpC,YAAL,CAAkBuC,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqBqB,SAAnC;AACD;;AAEDC,EAAAA,cAAc,GAAuB;AACnC,QAAM;AAAEjC,MAAAA;AAAF,QAAkB,KAAKzB,YAAL,CAAkBuC,aAAlB,EAAxB;AACA,WAAOd,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BgC,SAA/C;AACD;;AAEDE,EAAAA,eAAe,GAAuB;AACpC,QAAM;AAAE1B,MAAAA;AAAF,QAAmB,KAAKjC,YAAL,CAAkBuC,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+BwB,SAAlD;AACD;AAED;AACF;AACA;;;AACQG,EAAAA,uBAAuB,GAAkB;AAAA;;AAAA;AAC7C,UAAM;AAAEC,QAAAA;AAAF,gBAAmB,MAAI,CAACpF,KAAL,CAAWjF,YAAX,EAAzB;;AACA,MAAA,MAAI,CAACwG,YAAL,CAAkB8D,SAAlB,CAA4BD,MAA5B;AAF6C;AAG9C;;AAED5C,EAAAA,cAAc,CAACF,WAAD,EAA4B;AACxC,QAAM3D,OAAO,GAAG9C,cAAc,CAACyJ,iBAAf,EAAhB;AACA3G,IAAAA,OAAO,CAAC4G,OAAR,CAAgB1L,yBAAhB,EAA2CyI,WAA3C;AACD;;AAEDkD,EAAAA,cAAc,CAAC3B,KAAD,EAAyB;AACrC,QAAIA,KAAJ,EAAW;AACT,UAAM4B,IAAqB,GAAG,KAAKzH,kBAAL,CAAwB0H,IAAxB,CAA6B;AACzDC,QAAAA,KAAK,EAAE,IADkD;AAEzD9B,QAAAA;AAFyD,OAA7B,CAA9B;AAIA,aAAO4B,IAAI,CAACnD,WAAZ;AACD;;AACD,QAAM3D,OAAO,GAAG9C,cAAc,CAACyJ,iBAAf,EAAhB;AACA,QAAMhD,WAAW,GAAG3D,OAAO,GAAGA,OAAO,CAACiH,OAAR,CAAgB/L,yBAAhB,CAAH,GAAgDmL,SAA3E;AACA,WAAO1C,WAAP;AACD;;AAEDuD,EAAAA,iBAAiB,GAAS;AACxB,QAAMlH,OAAO,GAAG9C,cAAc,CAACyJ,iBAAf,EAAhB;AACA3G,IAAAA,OAAO,CAACmH,UAAR,CAAmBjM,yBAAnB;AACD;;AAEDiB,EAAAA,eAAe,GAAY;AACzB,WAAOA,eAAe,CAAC,IAAD,CAAtB;AACD;;AAEKiL,EAAAA,mBAAmB,CAACX,MAAD,EAAkB9C,WAAlB,EAAuD;AAAA;;AAAA;AAC9E;AACA,UAAI8C,MAAJ,EAAY;AACV,QAAA,OAAI,CAAC7D,YAAL,CAAkB8D,SAAlB,CAA4BD,MAA5B;;AACA9C,QAAAA,WAAW,GAAGA,WAAW,IAAI,OAAI,CAACkD,cAAL,EAA7B;AACD,OAHD,MAGO,IAAI,OAAI,CAAC1K,eAAL,EAAJ,EAA4B;AACjC;AACA,YAAM;AAAE+I,UAAAA;AAAF,kBAAkBvG,yBAAyB,CAAC,OAAD,EAAO,EAAP,CAAjD;AACAgF,QAAAA,WAAW,GAAGA,WAAW,IAAI,OAAI,CAACkD,cAAL,CAAoB3B,KAApB,CAA7B;AACA,cAAM,OAAI,CAACsB,uBAAL,EAAN;AACD,OALM,MAKA;AACL,eADK,CACG;AACT,OAZ6E,CAc9E;;;AACA,YAAM,OAAI,CAAC3D,gBAAL,CAAsBE,eAAtB,EAAN,CAf8E,CAiB9E;;AACA,MAAA,OAAI,CAACmE,iBAAL,GAlB8E,CAoB9E;;;AACA,UAAM;AAAEG,QAAAA;AAAF,UAAyB,OAAI,CAACpI,OAApC;;AACA,UAAIoI,kBAAJ,EAAwB;AACtB,cAAMA,kBAAkB,CAAC,OAAD,EAAO1D,WAAP,CAAxB;AACD,OAFD,MAEO;AACLhD,QAAAA,MAAM,CAACC,QAAP,CAAgB0G,OAAhB,CAAwB3D,WAAxB;AACD;AA1B6E;AA2B/E;;AAED4D,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAKtI,OAAL,CAAagB,IAAtB;AACD;;AAEDuH,EAAAA,eAAe,CAACC,YAAD,EAAgC;AAC7C,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAK1I,OAAL,CAAawI,YAA3B,KAA4C,KAAKxI,OAAL,CAAawI,YAAb,CAA0BG,MAA1E,EAAkF;AAChFJ,MAAAA,eAAe,GAAG,KAAKvI,OAAL,CAAawI,YAAb,CAA0B3F,OAA1B,CAAkC2F,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAKvI,OAAL,CAAawI,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GAtgB2D,CAwgB5D;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA,WAAO,KAAK7I,OAAL,CAAa8I,MAAb,CAAoBC,KAApB,CAA0B,UAA1B,EAAsC,CAAtC,CAAP;AACD,GAhhB2D,CAkhB5D;;;AACAC,EAAAA,cAAc,CAAC9E,IAAD,EAAiC;AAC7C,WAAO3H,iBAAiB,CAAC,IAAD,EAAO,iCAAP,EAA0C2H,IAA1C,CAAxB;AACD,GArhB2D,CAuhB5D;;;AACA+E,EAAAA,aAAa,CAAC/E,IAAD,EAAwD;AACnE,WAAO3H,iBAAiB,CAAC,IAAD,EAAO,+BAAP,EAAwC2H,IAAxC,CAAxB;AACD,GA1hB2D,CA4hB5D;;;AACAgF,EAAAA,mBAAmB,CAAChF,IAAD,EAA6D;AAC9E,WAAO3H,iBAAiB,CAAC,IAAD,EAAO,8BAAP,EAAuC2H,IAAvC,CAAxB;AACD;;AA/hB2D,C,CAkiB9D;;;AACArE,QAAQ,CAAC7B,QAAT,GAAoB6B,QAAQ,CAACkD,SAAT,CAAmB/E,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACAqC,MAAM,CAACC,MAAP,CAAcT,QAAd,EAAwB;AACtB3D,EAAAA,SADsB;AAEtB2B,EAAAA;AAFsB,CAAxB;AAKA,eAAegC,QAAf","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* SDK_VERSION is defined in webpack config */ \n/* global window, SDK_VERSION */\n\nimport { \n DEFAULT_MAX_CLOCK_SKEW, \n REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n OktaAuth as SDKInterface,\n OktaAuthOptions, \n AccessToken, \n IDToken,\n RefreshToken,\n TokenAPI, \n FeaturesAPI, \n SignoutAPI, \n FingerprintAPI,\n UserClaims, \n SigninWithRedirectOptions,\n SigninWithCredentialsOptions,\n SignoutOptions,\n Tokens,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n TransactionAPI,\n SessionAPI,\n SigninAPI,\n PkceAPI,\n SigninOptions,\n IdxAPI,\n SignoutRedirectUrlOptions,\n HttpAPI,\n TransactionMeta,\n} from './types';\nimport {\n transactionStatus,\n resumeTransaction,\n transactionExists,\n introspect,\n postToTransaction,\n AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n closeSession,\n sessionExists,\n getSession,\n refreshSession,\n setCookieAndRedirect\n} from './session';\nimport {\n getOAuthUrls,\n getWithoutPrompt,\n getWithPopup,\n getWithRedirect,\n isLoginRedirect,\n parseFromUrl,\n decodeToken,\n revokeToken,\n renewToken,\n renewTokens,\n renewTokensWithRefresh,\n getUserInfo,\n verifyToken,\n prepareTokenParams,\n exchangeCodeForTokens,\n isInteractionRequiredError,\n isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport browserStorage from './browser/browserStorage';\nimport { \n toQueryString, \n toAbsoluteUrl,\n clone\n} from './util';\nimport { getUserAgent } from './builderUtil';\nimport { TokenManager } from './TokenManager';\nimport { get, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport StorageManager from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n interact,\n introspect as introspectV2,\n authenticate,\n cancel,\n register,\n recoverPassword,\n startTransaction,\n handleInteractionCodeRedirect,\n} from './idx';\nimport { createGlobalRequestInterceptor, setGlobalRequestInterceptor } from './idx/headers';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\n\nconst Emitter = require('tiny-emitter');\n\nclass OktaAuth implements SDKInterface, SigninAPI, SignoutAPI {\n options: OktaAuthOptions;\n storageManager: StorageManager;\n transactionManager: TransactionManager;\n tx: TransactionAPI;\n idx: IdxAPI;\n // keep this field to compatible with released downstream SDK versions\n // TODO: remove in version 6\n // JIRA: https://oktainc.atlassian.net/browse/OKTA-419417\n userAgent: string;\n session: SessionAPI;\n pkce: PkceAPI;\n static features: FeaturesAPI;\n features: FeaturesAPI;\n token: TokenAPI;\n _tokenQueue: PromiseQueue;\n emitter: typeof Emitter;\n tokenManager: TokenManager;\n authStateManager: AuthStateManager;\n http: HttpAPI;\n fingerprint: FingerprintAPI;\n _oktaUserAgent: OktaUserAgent;\n _pending: { handleLogin: boolean };\n constructor(args: OktaAuthOptions) {\n this.options = buildOptions(args);\n const { storageManager, cookies, storageUtil } = this.options;\n this.storageManager = new StorageManager(storageManager, cookies, storageUtil);\n this.transactionManager = new TransactionManager(Object.assign({\n storageManager: this.storageManager\n }, args.transactionManager));\n this._oktaUserAgent = new OktaUserAgent();\n \n this.tx = {\n status: transactionStatus.bind(null, this),\n resume: resumeTransaction.bind(null, this),\n exists: Object.assign(transactionExists.bind(null, this), {\n _get: (name) => {\n const storage = storageUtil.storage;\n return storage.get(name);\n }\n }),\n introspect: introspect.bind(null, this)\n };\n\n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n\n // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n Object.assign(this.options.storageUtil, {\n getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n });\n\n this._pending = { handleLogin: false };\n\n if (isBrowser()) {\n this.options = Object.assign(this.options, {\n redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n });\n this.userAgent = getUserAgent(args, `okta-auth-js/${SDK_VERSION}`);\n } else {\n this.userAgent = getUserAgent(args, `okta-auth-js-server/${SDK_VERSION}`);\n }\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.options.maxClockSkew = args.maxClockSkew;\n }\n\n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n this.session = {\n close: closeSession.bind(null, this),\n exists: sessionExists.bind(null, this),\n get: getSession.bind(null, this),\n refresh: refreshSession.bind(null, this),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n };\n\n this._tokenQueue = new PromiseQueue();\n this.token = {\n prepareTokenParams: prepareTokenParams.bind(null, this),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n getWithoutPrompt: getWithoutPrompt.bind(null, this),\n getWithPopup: getWithPopup.bind(null, this),\n getWithRedirect: getWithRedirect.bind(null, this),\n parseFromUrl: parseFromUrl.bind(null, this),\n decode: decodeToken,\n revoke: revokeToken.bind(null, this),\n renew: renewToken.bind(null, this),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n renewTokens: renewTokens.bind(null, this),\n getUserInfo: getUserInfo.bind(null, this),\n verify: verifyToken.bind(null, this),\n isLoginRedirect: isLoginRedirect.bind(null, this)\n };\n // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n const syncMethods = ['decode', 'isLoginRedirect'];\n Object.keys(this.token).forEach(key => {\n if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n return;\n }\n var method = this.token[key];\n this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n });\n \n Object.assign(this.token.getWithRedirect, {\n // This is exposed so we can set window.location in our tests\n _setLocation: function(url) {\n window.location = url;\n }\n });\n Object.assign(this.token.parseFromUrl, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n // IDX\n this.idx = {\n interact: interact.bind(null, this),\n introspect: introspectV2.bind(null, this),\n authenticate: authenticate.bind(null, this),\n register: register.bind(null, this),\n cancel: cancel.bind(null, this),\n recoverPassword: recoverPassword.bind(null, this),\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n startTransaction: startTransaction.bind(null, this),\n };\n setGlobalRequestInterceptor(createGlobalRequestInterceptor(this)); // to pass custom headers to IDX endpoints\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n\n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n\n this.emitter = new Emitter();\n\n // TokenManager\n this.tokenManager = new TokenManager(this, args.tokenManager);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager(this);\n }\n\n start() {\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n this.authStateManager.updateAuthState();\n }\n }\n\n stop() {\n this.tokenManager.stop();\n }\n\n // ES6 module users can use named exports to access all symbols\n // CommonJS module users (CDN) need all exports on this object\n\n // Utility methods for interaction code flow\n isInteractionRequired(): boolean {\n return isInteractionRequired(this);\n }\n\n isInteractionRequiredError(error: Error): boolean {\n return isInteractionRequiredError(error);\n }\n\n async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n // TODO: support interaction code flow\n // Authn V1 flow\n return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n }\n\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n options = options || {};\n options.withCredentials = true;\n delete opts.sendFingerprint;\n return postToTransaction(this, '/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n \n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<object> {\n // Clear all local tokens\n this.tokenManager.clear();\n \n return this.session.close() // DELETE /api/v1/sessions/me\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return null;\n }\n throw e;\n });\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<object> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<object> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (!postLogoutRedirectUri) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n async signOut(options?: SignoutOptions) {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n var defaultUri = window.location.origin;\n var currentUri = window.location.href;\n var postLogoutRedirectUri = options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri;\n \n var accessToken = options.accessToken;\n var refreshToken = options.refreshToken;\n var revokeAccessToken = options.revokeAccessToken !== false;\n var revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n // Clear all local tokens\n this.tokenManager.clear();\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n return this.closeSession() // can throw if the user cannot be signed out\n .then(function() {\n if (postLogoutRedirectUri === currentUri) {\n window.location.reload(); // force a hard reload if URI is not changing\n } else {\n window.location.assign(postLogoutRedirectUri);\n }\n });\n } else {\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n }\n }\n\n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n\n //\n // Common Methods from downstream SDKs\n //\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n async isAuthenticated(): Promise<boolean> {\n\n let { accessToken, idToken } = this.tokenManager.getTokensSync();\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = null;\n if (autoRenew) {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } else if (autoRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = null;\n if (autoRenew) {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } else if (autoRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n async getUser(): Promise<UserClaims> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n\n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n\n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n\n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens } = await this.token.parseFromUrl();\n this.tokenManager.setTokens(tokens);\n }\n\n setOriginalUri(originalUri: string): void {\n const storage = browserStorage.getSessionStorage();\n storage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n }\n\n getOriginalUri(state?: string): string {\n if (state) {\n const meta: TransactionMeta = this.transactionManager.load({\n oauth: true,\n state\n });\n return meta.originalUri;\n }\n const storage = browserStorage.getSessionStorage();\n const originalUri = storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) : undefined;\n return originalUri;\n }\n\n removeOriginalUri(): void {\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri();\n } else if (this.isLoginRedirect()) {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const { state } = await parseOAuthResponseFromUrl(this, {});\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n\n // clear originalUri from storage\n this.removeOriginalUri();\n\n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else {\n window.location.replace(originalUri);\n }\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: string): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // { username, password, (relayState), (context) }\n // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n // return postToTransaction(this, '/api/v1/authn', opts);\n // }\n\n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n return this.options.issuer.split('/oauth2/')[0];\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n }\n}\n\n// Hoist feature detection functions to static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist values and utility functions for CommonJS users\nObject.assign(OktaAuth, {\n constants,\n isInteractionRequiredError\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
1
+ {"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["DEFAULT_MAX_CLOCK_SKEW","REFERRER_PATH_STORAGE_KEY","constants","transactionStatus","resumeTransaction","transactionExists","introspect","postToTransaction","PKCE","closeSession","sessionExists","getSession","refreshSession","setCookieAndRedirect","getOAuthUrls","getWithoutPrompt","getWithPopup","getWithRedirect","isLoginRedirect","parseFromUrl","decodeToken","revokeToken","renewToken","renewTokens","renewTokensWithRefresh","getUserInfo","verifyToken","prepareTokenParams","exchangeCodeForTokens","isInteractionRequiredError","isInteractionRequired","isBrowser","features","browserStorage","toQueryString","toAbsoluteUrl","clone","getUserAgent","TokenManager","get","setRequestHeader","PromiseQueue","fingerprint","AuthStateManager","StorageManager","TransactionManager","buildOptions","interact","introspectV2","authenticate","cancel","register","recoverPassword","startTransaction","handleInteractionCodeRedirect","createGlobalRequestInterceptor","setGlobalRequestInterceptor","OktaUserAgent","parseOAuthResponseFromUrl","Emitter","require","OktaAuth","constructor","args","options","storageManager","cookies","storageUtil","transactionManager","Object","assign","_oktaUserAgent","tx","status","bind","resume","exists","_get","name","storage","pkce","DEFAULT_CODE_CHALLENGE_METHOD","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","userAgent","maxClockSkew","ignoreLifetime","session","close","refresh","_tokenQueue","token","decode","revoke","renew","verify","syncMethods","keys","forEach","key","indexOf","method","prototype","push","_setLocation","url","_getHistory","history","_getLocation","_getDocument","document","idx","http","emitter","tokenManager","authStateManager","start","updateAuthState","stop","setHeaders","headers","error","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","Promise","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","hasExpired","getUser","getIdToken","undefined","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","getSessionStorage","setItem","getOriginalUri","meta","load","oauth","getItem","removeOriginalUri","removeItem","handleLoginRedirect","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","unlockAccount","verifyRecoveryToken"],"mappings":";;;;;;;;;AAAA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAEA,SACEA,sBADF,EAEEC,yBAFF,QAGO,aAHP;AAIA,OAAO,KAAKC,SAAZ,MAA2B,aAA3B;AA4BA,SACEC,iBADF,EAEEC,iBAFF,EAGEC,iBAHF,EAIEC,UAJF,EAKEC,iBALF,QAOO,MAPP;AAQA,OAAOC,IAAP,MAAiB,kBAAjB;AACA,SACEC,YADF,EAEEC,aAFF,EAGEC,UAHF,EAIEC,cAJF,EAKEC,oBALF,QAMO,WANP;AAOA,SACEC,YADF,EAEEC,gBAFF,EAGEC,YAHF,EAIEC,eAJF,EAKEC,eALF,EAMEC,YANF,EAOEC,WAPF,EAQEC,WARF,EASEC,UATF,EAUEC,WAVF,EAWEC,sBAXF,EAYEC,WAZF,EAaEC,WAbF,EAcEC,kBAdF,EAeEC,qBAfF,EAgBEC,0BAhBF,EAiBEC,qBAjBF,QAkBO,QAlBP;AAmBA,SAASC,SAAT,QAA0B,YAA1B;AACA,OAAO,KAAKC,QAAZ,MAA0B,YAA1B;AACA,OAAOC,cAAP,MAA2B,0BAA3B;AACA,SACEC,aADF,EAEEC,aAFF,EAGEC,KAHF,QAIO,QAJP;AAKA,SAASC,YAAT,QAA6B,eAA7B;AACA,SAASC,YAAT,QAA6B,gBAA7B;AACA,SAASC,GAAT,EAAcC,gBAAd,QAAsC,QAAtC;AACA,OAAOC,YAAP,MAAyB,gBAAzB;AACA,OAAOC,WAAP,MAAwB,uBAAxB;AACA,SAASC,gBAAT,QAAiC,oBAAjC;AACA,OAAOC,cAAP,MAA2B,kBAA3B;AACA,OAAOC,kBAAP,MAA+B,sBAA/B;AACA,SAASC,YAAT,QAA6B,WAA7B;AACA,SACEC,QADF,EAEEzC,UAAU,IAAI0C,YAFhB,EAGEC,YAHF,EAIEC,MAJF,EAKEC,QALF,EAMEC,eANF,EAOEC,gBAPF,EAQEC,6BARF,QASO,OATP;AAUA,SAASC,8BAAT,EAAyCC,2BAAzC,QAA4E,eAA5E;AACA,SAASC,aAAT,QAA8B,iBAA9B;AACA,SAASC,yBAAT,QAA0C,qBAA1C;;AAEA,IAAMC,OAAO,GAAGC,OAAO,CAAC,cAAD,CAAvB;;AAEA,MAAMC,QAAN,CAA8D;AAM5D;AACA;AACA;AAeAC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AACjC,SAAKC,OAAL,GAAelB,YAAY,CAACiB,IAAD,CAA3B;AACA,QAAM;AAAEE,MAAAA,cAAF;AAAkBC,MAAAA,OAAlB;AAA2BC,MAAAA;AAA3B,QAA2C,KAAKH,OAAtD;AACA,SAAKC,cAAL,GAAsB,IAAIrB,cAAJ,CAAmBqB,cAAnB,EAAmCC,OAAnC,EAA4CC,WAA5C,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIvB,kBAAJ,CAAuBwB,MAAM,CAACC,MAAP,CAAc;AAC7DL,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CF,IAAI,CAACK,kBAFyC,CAAvB,CAA1B;AAGA,SAAKG,cAAL,GAAsB,IAAId,aAAJ,EAAtB;AAEA,SAAKe,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEtE,iBAAiB,CAACuE,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEvE,iBAAiB,CAACsE,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRE,MAAAA,MAAM,EAAEP,MAAM,CAACC,MAAP,CAAcjE,iBAAiB,CAACqE,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDG,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd,cAAMC,OAAO,GAAGZ,WAAW,CAACY,OAA5B;AACA,iBAAOA,OAAO,CAACxC,GAAR,CAAYuC,IAAZ,CAAP;AACD;AAJuD,OAAlD,CAHA;AASRxE,MAAAA,UAAU,EAAEA,UAAU,CAACoE,IAAX,CAAgB,IAAhB,EAAsB,IAAtB;AATJ,KAAV;AAYA,SAAKM,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEzE,IAAI,CAACyE,6BAD1B;AAEVC,MAAAA,gBAAgB,EAAE1E,IAAI,CAAC0E,gBAFb;AAGVC,MAAAA,gBAAgB,EAAE3E,IAAI,CAAC2E;AAHb,KAAZ,CArBiC,CA2BjC;;AACAd,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAKN,OAAL,CAAaG,WAA3B,EAAwC;AACtCiB,MAAAA,cAAc,EAAE,KAAKnB,cAAL,CAAoBoB,oBAApB,CAAyCX,IAAzC,CAA8C,KAAKT,cAAnD,CADsB;AAEtCqB,MAAAA,YAAY,EAAE,KAAKrB,cAAL,CAAoBqB,YAApB,CAAiCZ,IAAjC,CAAsC,KAAKT,cAA3C;AAFwB,KAAxC;AAKA,SAAKsB,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAIzD,SAAS,EAAb,EAAiB;AACf,WAAKiC,OAAL,GAAeK,MAAM,CAACC,MAAP,CAAc,KAAKN,OAAnB,EAA4B;AACzCyB,QAAAA,WAAW,EAAEtD,aAAa,CAAC4B,IAAI,CAAC0B,WAAN,EAAmBC,MAAM,CAACC,QAAP,CAAgBC,MAAnC,CADe,CAC6B;;AAD7B,OAA5B,CAAf;AAGA,WAAKC,SAAL,GAAiBxD,YAAY,CAAC0B,IAAD,kCAA7B;AACD,KALD,MAKO;AACL,WAAK8B,SAAL,GAAiBxD,YAAY,CAAC0B,IAAD,yCAA7B;AACD,KA1CgC,CA4CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACA,IAAI,CAAC+B,YAAN,IAAsB/B,IAAI,CAAC+B,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAK9B,OAAL,CAAa8B,YAAb,GAA4B9F,sBAA5B;AACD,KAFD,MAEO;AACL,WAAKgE,OAAL,CAAa8B,YAAb,GAA4B/B,IAAI,CAAC+B,YAAjC;AACD,KAvDgC,CAyDjC;AACA;AACA;;;AACA,SAAK9B,OAAL,CAAa+B,cAAb,GAA8B,CAAC,CAAChC,IAAI,CAACgC,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAExF,YAAY,CAACiE,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbE,MAAAA,MAAM,EAAElE,aAAa,CAACgE,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbnC,MAAAA,GAAG,EAAE5B,UAAU,CAAC+D,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbwB,MAAAA,OAAO,EAAEtF,cAAc,CAAC8D,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKb7D,MAAAA,oBAAoB,EAAEA,oBAAoB,CAAC6D,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKyB,WAAL,GAAmB,IAAI1D,YAAJ,EAAnB;AACA,SAAK2D,KAAL,GAAa;AACXzE,MAAAA,kBAAkB,EAAEA,kBAAkB,CAAC+C,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEX9C,MAAAA,qBAAqB,EAAEA,qBAAqB,CAAC8C,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGX3D,MAAAA,gBAAgB,EAAEA,gBAAgB,CAAC2D,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX1D,MAAAA,YAAY,EAAEA,YAAY,CAAC0D,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKXzD,MAAAA,eAAe,EAAEA,eAAe,CAACyD,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CALN;AAMXvD,MAAAA,YAAY,EAAEA,YAAY,CAACuD,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CANH;AAOX2B,MAAAA,MAAM,EAAEjF,WAPG;AAQXkF,MAAAA,MAAM,EAAEjF,WAAW,CAACqD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASX6B,MAAAA,KAAK,EAAEjF,UAAU,CAACoD,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXlD,MAAAA,sBAAsB,EAAEA,sBAAsB,CAACkD,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXnD,MAAAA,WAAW,EAAEA,WAAW,CAACmD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXjD,MAAAA,WAAW,EAAEA,WAAW,CAACiD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaX8B,MAAAA,MAAM,EAAE9E,WAAW,CAACgD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXxD,MAAAA,eAAe,EAAEA,eAAe,CAACwD,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAvEiC,CAuFjC;;AACA,QAAM+B,WAAW,GAAG,CAAC,QAAD,EAAW,iBAAX,CAApB;AACApC,IAAAA,MAAM,CAACqC,IAAP,CAAY,KAAKN,KAAjB,EAAwBO,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAIH,WAAW,CAACI,OAAZ,CAAoBD,GAApB,KAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAIE,MAAM,GAAG,KAAKV,KAAL,CAAWQ,GAAX,CAAb;AACA,WAAKR,KAAL,CAAWQ,GAAX,IAAkBnE,YAAY,CAACsE,SAAb,CAAuBC,IAAvB,CAA4BtC,IAA5B,CAAiC,KAAKyB,WAAtC,EAAmDW,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND;AAQAzC,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK8B,KAAL,CAAWnF,eAAzB,EAA0C;AACxC;AACAgG,MAAAA,YAAY,EAAE,sBAASC,GAAT,EAAc;AAC1BxB,QAAAA,MAAM,CAACC,QAAP,GAAkBuB,GAAlB;AACD;AAJuC,KAA1C;AAMA7C,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK8B,KAAL,CAAWjF,YAAzB,EAAuC;AACrC;AACAgG,MAAAA,WAAW,EAAE,uBAAW;AACtB,eAAOzB,MAAM,CAAC0B,OAAd;AACD,OAJoC;AAMrC;AACAC,MAAAA,YAAY,EAAE,wBAAW;AACvB,eAAO3B,MAAM,CAACC,QAAd;AACD,OAToC;AAWrC;AACA2B,MAAAA,YAAY,EAAE,wBAAW;AACvB,eAAO5B,MAAM,CAAC6B,QAAd;AACD;AAdoC,KAAvC,EAvGiC,CAwHjC;;AACA,SAAKC,GAAL,GAAW;AACTzE,MAAAA,QAAQ,EAAEA,QAAQ,CAAC2B,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETpE,MAAAA,UAAU,EAAE0C,YAAY,CAAC0B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAFH;AAGTzB,MAAAA,YAAY,EAAEA,YAAY,CAACyB,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAITvB,MAAAA,QAAQ,EAAEA,QAAQ,CAACuB,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKTxB,MAAAA,MAAM,EAAEA,MAAM,CAACwB,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CALC;AAMTtB,MAAAA,eAAe,EAAEA,eAAe,CAACsB,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CANR;AAOTpB,MAAAA,6BAA6B,EAAEA,6BAA6B,CAACoB,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAPtB;AAQTrB,MAAAA,gBAAgB,EAAEA,gBAAgB,CAACqB,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AART,KAAX;AAUAlB,IAAAA,2BAA2B,CAACD,8BAA8B,CAAC,IAAD,CAA/B,CAA3B,CAnIiC,CAmIkC;AAEnE;;AACA,SAAKkE,IAAL,GAAY;AACVjF,MAAAA,gBAAgB,EAAEA,gBAAgB,CAACkC,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CAtIiC,CA0IjC;;AACA,SAAKhC,WAAL,GAAmBA,WAAW,CAACgC,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAKgD,OAAL,GAAe,IAAI/D,OAAJ,EAAf,CA7IiC,CA+IjC;;AACA,SAAKgE,YAAL,GAAoB,IAAIrF,YAAJ,CAAiB,IAAjB,EAAuByB,IAAI,CAAC4D,YAA5B,CAApB,CAhJiC,CAkJjC;;AACA,SAAKC,gBAAL,GAAwB,IAAIjF,gBAAJ,CAAqB,IAArB,CAAxB;AACD;;AAEDkF,EAAAA,KAAK,GAAG;AACN,SAAKF,YAAL,CAAkBE,KAAlB;;AACA,QAAI,CAAC,KAAKzB,KAAL,CAAWlF,eAAX,EAAL,EAAmC;AACjC,WAAK0G,gBAAL,CAAsBE,eAAtB;AACD;AACF;;AAEDC,EAAAA,IAAI,GAAG;AACL,SAAKJ,YAAL,CAAkBI,IAAlB;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAKjE,OAAL,CAAaiE,OAAb,GAAuB5D,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,KAAKN,OAAL,CAAaiE,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GA1L2D,CA4L5D;AACA;AAEA;;;AACAnG,EAAAA,qBAAqB,GAAY;AAC/B,WAAOA,qBAAqB,CAAC,IAAD,CAA5B;AACD;;AAEDD,EAAAA,0BAA0B,CAACqG,KAAD,EAAwB;AAChD,WAAOrG,0BAA0B,CAACqG,KAAD,CAAjC;AACD;;AAEKC,EAAAA,MAAM,CAACC,IAAD,EAAgD;AAAA;;AAAA;AAC1D;AACA;AACA,aAAO,KAAI,CAACC,qBAAL,CAA2BD,IAA3B,CAAP;AAH0D;AAI3D;;AAEKC,EAAAA,qBAAqB,CAACD,IAAD,EAA+D;AAAA;;AAAA;AACxFA,MAAAA,IAAI,GAAGhG,KAAK,CAACgG,IAAI,IAAI,EAAT,CAAZ;;AACA,UAAME,kBAAkB,GAAItE,OAAD,IAAc;AACvC,eAAOoE,IAAI,CAACG,eAAZ;AACA,eAAOhI,iBAAiB,CAAC,MAAD,EAAO,eAAP,EAAwB6H,IAAxB,EAA8BpE,OAA9B,CAAxB;AACD,OAHD;;AAIA,UAAI,CAACoE,IAAI,CAACG,eAAV,EAA2B;AACzB,eAAOD,kBAAkB,EAAzB;AACD;;AACD,aAAO,MAAI,CAAC5F,WAAL,GACN8F,IADM,CACD,UAAS9F,WAAT,EAAsB;AAC1B,eAAO4F,kBAAkB,CAAC;AACxBL,UAAAA,OAAO,EAAE;AACP,oCAAwBvF;AADjB;AADe,SAAD,CAAzB;AAKD,OAPM,CAAP;AATwF;AAiBzF;;AAEK+F,EAAAA,kBAAkB,GAAuC;AAAA;AAAA;;AAAA;AAAA,UAAtCL,IAAsC,0EAAJ,EAAI;;AAC7D,UAAM;AAAEM,QAAAA;AAAF,UAAuCN,IAA7C;AAAA,UAAwBO,gBAAxB,4BAA6CP,IAA7C;;AACA,UAAG,MAAI,CAAC7C,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,MAAA,MAAI,CAACD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,UAAI;AACF;AACA,YAAIkD,WAAJ,EAAiB;AACf,UAAA,MAAI,CAACE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAGxE,MAAM,CAACC,MAAP,CAAc;AAC3B;AACAwE,UAAAA,MAAM,EAAE,MAAI,CAAC9E,OAAL,CAAa8E,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,SAAd,EAGZH,gBAHY,CAAf;AAIA,cAAM,MAAI,CAACvC,KAAL,CAAWnF,eAAX,CAA2B4H,MAA3B,CAAN;AACD,OAVD,SAUU;AACR,QAAA,MAAI,CAACtD,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AApB4D;AAqB9D,GAtP2D,CAwP5D;;;AACA/E,EAAAA,YAAY,GAAoB;AAC9B;AACA,SAAKkH,YAAL,CAAkBoB,KAAlB;AAEA,WAAO,KAAK/C,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACN+C,KADM,CACA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAACnE,IAAF,KAAW,cAAX,IAA6BmE,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAPM,CAAP;AAQD,GArQ2D,CAuQ5D;;;AACME,EAAAA,iBAAiB,CAACC,WAAD,EAA6C;AAAA;;AAAA;AAClE,UAAI,CAACA,WAAL,EAAkB;AAChBA,QAAAA,WAAW,GAAG,OAAO,MAAI,CAACzB,YAAL,CAAkB0B,SAAlB,EAAP,EAAsCD,WAApD;;AACA,YAAME,cAAc,GAAG,MAAI,CAAC3B,YAAL,CAAkB4B,mBAAlB,CAAsC,aAAtC,CAAvB;;AACA,QAAA,MAAI,CAAC5B,YAAL,CAAkB6B,MAAlB,CAAyBF,cAAzB;AACD,OALiE,CAMlE;;;AACA,UAAI,CAACF,WAAL,EAAkB;AAChB,eAAOK,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,aAAO,MAAI,CAACtD,KAAL,CAAWE,MAAX,CAAkB8C,WAAlB,CAAP;AAVkE;AAWnE,GAnR2D,CAqR5D;;;AACMO,EAAAA,kBAAkB,CAACC,YAAD,EAA+C;AAAA;;AAAA;AACrE,UAAI,CAACA,YAAL,EAAmB;AACjBA,QAAAA,YAAY,GAAG,OAAO,MAAI,CAACjC,YAAL,CAAkB0B,SAAlB,EAAP,EAAsCO,YAArD;;AACA,YAAMC,eAAe,GAAG,MAAI,CAAClC,YAAL,CAAkB4B,mBAAlB,CAAsC,cAAtC,CAAxB;;AACA,QAAA,MAAI,CAAC5B,YAAL,CAAkB6B,MAAlB,CAAyBK,eAAzB;AACD,OALoE,CAMrE;;;AACA,UAAI,CAACD,YAAL,EAAmB;AACjB,eAAOH,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,aAAO,MAAI,CAACtD,KAAL,CAAWE,MAAX,CAAkBsD,YAAlB,CAAP;AAVqE;AAWtE;;AAEDE,EAAAA,qBAAqB,GAA0C;AAAA,QAAzC9F,OAAyC,uEAAJ,EAAI;AAC7D,QAAI;AACF+F,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAjG,OAJJ;;AAKA,QAAI,CAAC+F,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKpC,YAAL,CAAkBuC,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKhG,OAAL,CAAagG,qBAArC;AACD;;AAED,QAAMG,SAAS,GAAGrJ,YAAY,CAAC,IAAD,CAAZ,CAAmBqJ,SAArC;AACA,QAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GA/T2D,CAiU5D;;;AACME,EAAAA,OAAO,CAACvG,OAAD,EAA2B;AAAA;;AAAA;AACtCA,MAAAA,OAAO,GAAGK,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBN,OAAlB,CAAV,CADsC,CAGtC;;AACA,UAAIwG,UAAU,GAAG9E,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,UAAI6E,UAAU,GAAG/E,MAAM,CAACC,QAAP,CAAgB+E,IAAjC;AACA,UAAIV,qBAAqB,GAAGhG,OAAO,CAACgG,qBAAR,IACvB,MAAI,CAAChG,OAAL,CAAagG,qBADU,IAEvBQ,UAFL;AAIA,UAAIpB,WAAW,GAAGpF,OAAO,CAACoF,WAA1B;AACA,UAAIQ,YAAY,GAAG5F,OAAO,CAAC4F,YAA3B;AACA,UAAIT,iBAAiB,GAAGnF,OAAO,CAACmF,iBAAR,KAA8B,KAAtD;AACA,UAAIQ,kBAAkB,GAAG3F,OAAO,CAAC2F,kBAAR,KAA+B,KAAxD;;AAEA,UAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,QAAAA,YAAY,GAAG,MAAI,CAACjC,YAAL,CAAkBuC,aAAlB,GAAkCN,YAAjD;AACD;;AAED,UAAIT,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,QAAAA,WAAW,GAAG,MAAI,CAACzB,YAAL,CAAkBuC,aAAlB,GAAkCd,WAAhD;AACD;;AAED,UAAI,CAACpF,OAAO,CAAC+F,OAAb,EAAsB;AACpB/F,QAAAA,OAAO,CAAC+F,OAAR,GAAkB,MAAI,CAACpC,YAAL,CAAkBuC,aAAlB,GAAkCH,OAApD;AACD,OAzBqC,CA2BtC;;;AACA,MAAA,MAAI,CAACpC,YAAL,CAAkBoB,KAAlB;;AAEA,UAAIY,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,cAAM,MAAI,CAACD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,UAAIT,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,cAAM,MAAI,CAACD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMiB,SAAS,GAAG,MAAI,CAACP,qBAAL,iCAAgC9F,OAAhC;AAAyCgG,QAAAA;AAAzC,SAAlB,CAtCsC,CAuCtC;AACA;;;AACA,UAAI,CAACK,SAAL,EAAgB;AACd,eAAO,MAAI,CAAC5J,YAAL,GAAoB;AAApB,SACN+H,IADM,CACD,YAAW;AACf,cAAIwB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxC/E,YAAAA,MAAM,CAACC,QAAP,CAAgBgF,MAAhB,GADwC,CACd;AAC3B,WAFD,MAEO;AACLjF,YAAAA,MAAM,CAACC,QAAP,CAAgBrB,MAAhB,CAAuB0F,qBAAvB;AACD;AACF,SAPM,CAAP;AAQD,OATD,MASO;AACL;AACAtE,QAAAA,MAAM,CAACC,QAAP,CAAgBrB,MAAhB,CAAuB+F,SAAvB;AACD;AArDqC;AAsDvC;;AAEDO,EAAAA,SAAS,CAACxC,IAAD,EAAwB;AAC/B,QAAIlB,GAAG,GAAG,2BAA2BhF,aAAa,CAACkG,IAAD,CAAlD;AACA,QAAIpE,OAAO,GAAG;AACZiE,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO1F,GAAG,CAAC,IAAD,EAAO2E,GAAP,EAAYlD,OAAZ,CAAV;AACD,GAlY2D,CAoY5D;AACA;AACA;AAEA;AACA;;;AACM6G,EAAAA,eAAe,GAAqB;AAAA;;AAAA;AAExC,UAAI;AAAEzB,QAAAA,WAAF;AAAeW,QAAAA;AAAf,UAA2B,MAAI,CAACpC,YAAL,CAAkBuC,aAAlB,EAA/B;;AACA,UAAM;AAAEY,QAAAA,SAAF;AAAaC,QAAAA;AAAb,UAA4B,MAAI,CAACpD,YAAL,CAAkBqD,UAAlB,EAAlC;;AAEA,UAAI5B,WAAW,IAAI,MAAI,CAACzB,YAAL,CAAkBsD,UAAlB,CAA6B7B,WAA7B,CAAnB,EAA8D;AAC5DA,QAAAA,WAAW,GAAG,IAAd;;AACA,YAAI0B,SAAJ,EAAe;AACb1B,UAAAA,WAAW,SAAS,MAAI,CAACzB,YAAL,CAAkBpB,KAAlB,CAAwB,aAAxB,CAApB;AACD,SAFD,MAEO,IAAIwE,UAAJ,EAAgB;AACrB,UAAA,MAAI,CAACpD,YAAL,CAAkB6B,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,UAAIO,OAAO,IAAI,MAAI,CAACpC,YAAL,CAAkBsD,UAAlB,CAA6BlB,OAA7B,CAAf,EAAsD;AACpDA,QAAAA,OAAO,GAAG,IAAV;;AACA,YAAIe,SAAJ,EAAe;AACbf,UAAAA,OAAO,SAAS,MAAI,CAACpC,YAAL,CAAkBpB,KAAlB,CAAwB,SAAxB,CAAhB;AACD,SAFD,MAEO,IAAIwE,UAAJ,EAAgB;AACrB,UAAA,MAAI,CAACpD,YAAL,CAAkB6B,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,aAAO,CAAC,EAAEJ,WAAW,IAAIW,OAAjB,CAAR;AAvBwC;AAwBzC;;AAEKmB,EAAAA,OAAO,GAAwB;AAAA;;AAAA;AACnC,UAAM;AAAEnB,QAAAA,OAAF;AAAWX,QAAAA;AAAX,UAA2B,MAAI,CAACzB,YAAL,CAAkBuC,aAAlB,EAAjC;;AACA,aAAO,MAAI,CAAC9D,KAAL,CAAW3E,WAAX,CAAuB2H,WAAvB,EAAoCW,OAApC,CAAP;AAFmC;AAGpC;;AAEDoB,EAAAA,UAAU,GAAuB;AAC/B,QAAM;AAAEpB,MAAAA;AAAF,QAAc,KAAKpC,YAAL,CAAkBuC,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqBqB,SAAnC;AACD;;AAEDC,EAAAA,cAAc,GAAuB;AACnC,QAAM;AAAEjC,MAAAA;AAAF,QAAkB,KAAKzB,YAAL,CAAkBuC,aAAlB,EAAxB;AACA,WAAOd,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BgC,SAA/C;AACD;;AAEDE,EAAAA,eAAe,GAAuB;AACpC,QAAM;AAAE1B,MAAAA;AAAF,QAAmB,KAAKjC,YAAL,CAAkBuC,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+BwB,SAAlD;AACD;AAED;AACF;AACA;;;AACQG,EAAAA,uBAAuB,GAAkB;AAAA;;AAAA;AAC7C,UAAM;AAAEC,QAAAA;AAAF,gBAAmB,MAAI,CAACpF,KAAL,CAAWjF,YAAX,EAAzB;;AACA,MAAA,MAAI,CAACwG,YAAL,CAAkB8D,SAAlB,CAA4BD,MAA5B;AAF6C;AAG9C;;AAED5C,EAAAA,cAAc,CAACF,WAAD,EAA4B;AACxC,QAAM3D,OAAO,GAAG9C,cAAc,CAACyJ,iBAAf,EAAhB;AACA3G,IAAAA,OAAO,CAAC4G,OAAR,CAAgB1L,yBAAhB,EAA2CyI,WAA3C;AACD;;AAEDkD,EAAAA,cAAc,CAAC3B,KAAD,EAAyB;AACrC,QAAIA,KAAJ,EAAW;AACT,UAAM4B,IAAqB,GAAG,KAAKzH,kBAAL,CAAwB0H,IAAxB,CAA6B;AACzDC,QAAAA,KAAK,EAAE,IADkD;AAEzD9B,QAAAA;AAFyD,OAA7B,CAA9B;AAIA,aAAO4B,IAAI,CAACnD,WAAZ;AACD;;AACD,QAAM3D,OAAO,GAAG9C,cAAc,CAACyJ,iBAAf,EAAhB;AACA,QAAMhD,WAAW,GAAG3D,OAAO,GAAGA,OAAO,CAACiH,OAAR,CAAgB/L,yBAAhB,CAAH,GAAgDmL,SAA3E;AACA,WAAO1C,WAAP;AACD;;AAEDuD,EAAAA,iBAAiB,GAAS;AACxB,QAAMlH,OAAO,GAAG9C,cAAc,CAACyJ,iBAAf,EAAhB;AACA3G,IAAAA,OAAO,CAACmH,UAAR,CAAmBjM,yBAAnB;AACD;;AAEDiB,EAAAA,eAAe,GAAY;AACzB,WAAOA,eAAe,CAAC,IAAD,CAAtB;AACD;;AAEKiL,EAAAA,mBAAmB,CAACX,MAAD,EAAkB9C,WAAlB,EAAuD;AAAA;;AAAA;AAC9E;AACA,UAAI8C,MAAJ,EAAY;AACV,QAAA,OAAI,CAAC7D,YAAL,CAAkB8D,SAAlB,CAA4BD,MAA5B;;AACA9C,QAAAA,WAAW,GAAGA,WAAW,IAAI,OAAI,CAACkD,cAAL,EAA7B;AACD,OAHD,MAGO,IAAI,OAAI,CAAC1K,eAAL,EAAJ,EAA4B;AACjC;AACA,YAAM;AAAE+I,UAAAA;AAAF,kBAAkBvG,yBAAyB,CAAC,OAAD,EAAO,EAAP,CAAjD;AACAgF,QAAAA,WAAW,GAAGA,WAAW,IAAI,OAAI,CAACkD,cAAL,CAAoB3B,KAApB,CAA7B;AACA,cAAM,OAAI,CAACsB,uBAAL,EAAN;AACD,OALM,MAKA;AACL,eADK,CACG;AACT,OAZ6E,CAc9E;;;AACA,YAAM,OAAI,CAAC3D,gBAAL,CAAsBE,eAAtB,EAAN,CAf8E,CAiB9E;;AACA,MAAA,OAAI,CAACmE,iBAAL,GAlB8E,CAoB9E;;;AACA,UAAM;AAAEG,QAAAA;AAAF,UAAyB,OAAI,CAACpI,OAApC;;AACA,UAAIoI,kBAAJ,EAAwB;AACtB,cAAMA,kBAAkB,CAAC,OAAD,EAAO1D,WAAP,CAAxB;AACD,OAFD,MAEO;AACLhD,QAAAA,MAAM,CAACC,QAAP,CAAgB0G,OAAhB,CAAwB3D,WAAxB;AACD;AA1B6E;AA2B/E;;AAED4D,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAKtI,OAAL,CAAagB,IAAtB;AACD;;AAEDuH,EAAAA,eAAe,CAACC,YAAD,EAAgC;AAC7C,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAK1I,OAAL,CAAawI,YAA3B,KAA4C,KAAKxI,OAAL,CAAawI,YAAb,CAA0BG,MAA1E,EAAkF;AAChFJ,MAAAA,eAAe,GAAG,KAAKvI,OAAL,CAAawI,YAAb,CAA0B3F,OAA1B,CAAkC2F,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAKvI,OAAL,CAAawI,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GAxgB2D,CA0gB5D;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA,WAAO,KAAK7I,OAAL,CAAa8I,MAAb,CAAoBC,KAApB,CAA0B,UAA1B,EAAsC,CAAtC,CAAP;AACD,GAlhB2D,CAohB5D;;;AACAC,EAAAA,cAAc,CAAC5E,IAAD,EAAiC;AAC7C,WAAO7H,iBAAiB,CAAC,IAAD,EAAO,iCAAP,EAA0C6H,IAA1C,CAAxB;AACD,GAvhB2D,CAyhB5D;;;AACA6E,EAAAA,aAAa,CAAC7E,IAAD,EAAwD;AACnE,WAAO7H,iBAAiB,CAAC,IAAD,EAAO,+BAAP,EAAwC6H,IAAxC,CAAxB;AACD,GA5hB2D,CA8hB5D;;;AACA8E,EAAAA,mBAAmB,CAAC9E,IAAD,EAA6D;AAC9E,WAAO7H,iBAAiB,CAAC,IAAD,EAAO,8BAAP,EAAuC6H,IAAvC,CAAxB;AACD;;AAjiB2D,C,CAoiB9D;;;AACAvE,QAAQ,CAAC7B,QAAT,GAAoB6B,QAAQ,CAACkD,SAAT,CAAmB/E,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACAqC,MAAM,CAACC,MAAP,CAAcT,QAAd,EAAwB;AACtB3D,EAAAA,SADsB;AAEtB2B,EAAAA;AAFsB,CAAxB;AAKA,eAAegC,QAAf","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* SDK_VERSION is defined in webpack config */ \n/* global window, SDK_VERSION */\n\nimport { \n DEFAULT_MAX_CLOCK_SKEW, \n REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n OktaAuth as SDKInterface,\n OktaAuthOptions, \n AccessToken, \n IDToken,\n RefreshToken,\n TokenAPI, \n FeaturesAPI, \n SignoutAPI, \n FingerprintAPI,\n UserClaims, \n SigninWithRedirectOptions,\n SigninWithCredentialsOptions,\n SignoutOptions,\n Tokens,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n TransactionAPI,\n SessionAPI,\n SigninAPI,\n PkceAPI,\n SigninOptions,\n IdxAPI,\n SignoutRedirectUrlOptions,\n HttpAPI,\n TransactionMeta,\n} from './types';\nimport {\n transactionStatus,\n resumeTransaction,\n transactionExists,\n introspect,\n postToTransaction,\n AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n closeSession,\n sessionExists,\n getSession,\n refreshSession,\n setCookieAndRedirect\n} from './session';\nimport {\n getOAuthUrls,\n getWithoutPrompt,\n getWithPopup,\n getWithRedirect,\n isLoginRedirect,\n parseFromUrl,\n decodeToken,\n revokeToken,\n renewToken,\n renewTokens,\n renewTokensWithRefresh,\n getUserInfo,\n verifyToken,\n prepareTokenParams,\n exchangeCodeForTokens,\n isInteractionRequiredError,\n isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport browserStorage from './browser/browserStorage';\nimport { \n toQueryString, \n toAbsoluteUrl,\n clone\n} from './util';\nimport { getUserAgent } from './builderUtil';\nimport { TokenManager } from './TokenManager';\nimport { get, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport StorageManager from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n interact,\n introspect as introspectV2,\n authenticate,\n cancel,\n register,\n recoverPassword,\n startTransaction,\n handleInteractionCodeRedirect,\n} from './idx';\nimport { createGlobalRequestInterceptor, setGlobalRequestInterceptor } from './idx/headers';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\n\nconst Emitter = require('tiny-emitter');\n\nclass OktaAuth implements SDKInterface, SigninAPI, SignoutAPI {\n options: OktaAuthOptions;\n storageManager: StorageManager;\n transactionManager: TransactionManager;\n tx: TransactionAPI;\n idx: IdxAPI;\n // keep this field to compatible with released downstream SDK versions\n // TODO: remove in version 6\n // JIRA: https://oktainc.atlassian.net/browse/OKTA-419417\n userAgent: string;\n session: SessionAPI;\n pkce: PkceAPI;\n static features: FeaturesAPI;\n features: FeaturesAPI;\n token: TokenAPI;\n _tokenQueue: PromiseQueue;\n emitter: typeof Emitter;\n tokenManager: TokenManager;\n authStateManager: AuthStateManager;\n http: HttpAPI;\n fingerprint: FingerprintAPI;\n _oktaUserAgent: OktaUserAgent;\n _pending: { handleLogin: boolean };\n constructor(args: OktaAuthOptions) {\n this.options = buildOptions(args);\n const { storageManager, cookies, storageUtil } = this.options;\n this.storageManager = new StorageManager(storageManager, cookies, storageUtil);\n this.transactionManager = new TransactionManager(Object.assign({\n storageManager: this.storageManager\n }, args.transactionManager));\n this._oktaUserAgent = new OktaUserAgent();\n \n this.tx = {\n status: transactionStatus.bind(null, this),\n resume: resumeTransaction.bind(null, this),\n exists: Object.assign(transactionExists.bind(null, this), {\n _get: (name) => {\n const storage = storageUtil.storage;\n return storage.get(name);\n }\n }),\n introspect: introspect.bind(null, this)\n };\n\n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n\n // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n Object.assign(this.options.storageUtil, {\n getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n });\n\n this._pending = { handleLogin: false };\n\n if (isBrowser()) {\n this.options = Object.assign(this.options, {\n redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n });\n this.userAgent = getUserAgent(args, `okta-auth-js/${SDK_VERSION}`);\n } else {\n this.userAgent = getUserAgent(args, `okta-auth-js-server/${SDK_VERSION}`);\n }\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.options.maxClockSkew = args.maxClockSkew;\n }\n\n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n this.session = {\n close: closeSession.bind(null, this),\n exists: sessionExists.bind(null, this),\n get: getSession.bind(null, this),\n refresh: refreshSession.bind(null, this),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n };\n\n this._tokenQueue = new PromiseQueue();\n this.token = {\n prepareTokenParams: prepareTokenParams.bind(null, this),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n getWithoutPrompt: getWithoutPrompt.bind(null, this),\n getWithPopup: getWithPopup.bind(null, this),\n getWithRedirect: getWithRedirect.bind(null, this),\n parseFromUrl: parseFromUrl.bind(null, this),\n decode: decodeToken,\n revoke: revokeToken.bind(null, this),\n renew: renewToken.bind(null, this),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n renewTokens: renewTokens.bind(null, this),\n getUserInfo: getUserInfo.bind(null, this),\n verify: verifyToken.bind(null, this),\n isLoginRedirect: isLoginRedirect.bind(null, this)\n };\n // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n const syncMethods = ['decode', 'isLoginRedirect'];\n Object.keys(this.token).forEach(key => {\n if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n return;\n }\n var method = this.token[key];\n this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n });\n \n Object.assign(this.token.getWithRedirect, {\n // This is exposed so we can set window.location in our tests\n _setLocation: function(url) {\n window.location = url;\n }\n });\n Object.assign(this.token.parseFromUrl, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n\n // IDX\n this.idx = {\n interact: interact.bind(null, this),\n introspect: introspectV2.bind(null, this),\n authenticate: authenticate.bind(null, this),\n register: register.bind(null, this),\n cancel: cancel.bind(null, this),\n recoverPassword: recoverPassword.bind(null, this),\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n startTransaction: startTransaction.bind(null, this),\n };\n setGlobalRequestInterceptor(createGlobalRequestInterceptor(this)); // to pass custom headers to IDX endpoints\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n\n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n\n this.emitter = new Emitter();\n\n // TokenManager\n this.tokenManager = new TokenManager(this, args.tokenManager);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager(this);\n }\n\n start() {\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n this.authStateManager.updateAuthState();\n }\n }\n\n stop() {\n this.tokenManager.stop();\n }\n\n setHeaders(headers) {\n this.options.headers = Object.assign({}, this.options.headers, headers);\n }\n\n // ES6 module users can use named exports to access all symbols\n // CommonJS module users (CDN) need all exports on this object\n\n // Utility methods for interaction code flow\n isInteractionRequired(): boolean {\n return isInteractionRequired(this);\n }\n\n isInteractionRequiredError(error: Error): boolean {\n return isInteractionRequiredError(error);\n }\n\n async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n // TODO: support interaction code flow\n // Authn V1 flow\n return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n }\n\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return postToTransaction(this, '/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n \n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<object> {\n // Clear all local tokens\n this.tokenManager.clear();\n \n return this.session.close() // DELETE /api/v1/sessions/me\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return null;\n }\n throw e;\n });\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<object> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<object> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (!postLogoutRedirectUri) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n async signOut(options?: SignoutOptions) {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n var defaultUri = window.location.origin;\n var currentUri = window.location.href;\n var postLogoutRedirectUri = options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri;\n \n var accessToken = options.accessToken;\n var refreshToken = options.refreshToken;\n var revokeAccessToken = options.revokeAccessToken !== false;\n var revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n // Clear all local tokens\n this.tokenManager.clear();\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n return this.closeSession() // can throw if the user cannot be signed out\n .then(function() {\n if (postLogoutRedirectUri === currentUri) {\n window.location.reload(); // force a hard reload if URI is not changing\n } else {\n window.location.assign(postLogoutRedirectUri);\n }\n });\n } else {\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n }\n }\n\n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n\n //\n // Common Methods from downstream SDKs\n //\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n async isAuthenticated(): Promise<boolean> {\n\n let { accessToken, idToken } = this.tokenManager.getTokensSync();\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = null;\n if (autoRenew) {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } else if (autoRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = null;\n if (autoRenew) {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } else if (autoRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n async getUser(): Promise<UserClaims> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n\n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n\n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n\n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens } = await this.token.parseFromUrl();\n this.tokenManager.setTokens(tokens);\n }\n\n setOriginalUri(originalUri: string): void {\n const storage = browserStorage.getSessionStorage();\n storage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n }\n\n getOriginalUri(state?: string): string {\n if (state) {\n const meta: TransactionMeta = this.transactionManager.load({\n oauth: true,\n state\n });\n return meta.originalUri;\n }\n const storage = browserStorage.getSessionStorage();\n const originalUri = storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) : undefined;\n return originalUri;\n }\n\n removeOriginalUri(): void {\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri();\n } else if (this.isLoginRedirect()) {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const { state } = await parseOAuthResponseFromUrl(this, {});\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n\n // clear originalUri from storage\n this.removeOriginalUri();\n\n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else {\n window.location.replace(originalUri);\n }\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: string): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // { username, password, (relayState), (context) }\n // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n // return postToTransaction(this, '/api/v1/authn', opts);\n // }\n\n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n return this.options.issuer.split('/oauth2/')[0];\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n }\n}\n\n// Hoist feature detection functions to static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist values and utility functions for CommonJS users\nObject.assign(OktaAuth, {\n constants,\n isInteractionRequiredError\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
package/esm/OktaUserAgent.js CHANGED
@@ -16,7 +16,7 @@ import { isBrowser } from './features';
16
16
  export class OktaUserAgent {
17
17
  constructor() {
18
18
  // add base sdk env
19
- this.environments = ["okta-auth-js/".concat("5.6.0")];
19
+ this.environments = ["okta-auth-js/".concat("5.7.0")];
20
20
  }
21
21
 
22
22
  addEnvironment(env) {
@@ -31,7 +31,7 @@ export class OktaUserAgent {
31
31
  }
32
32
 
33
33
  getVersion() {
34
- return "5.6.0";
34
+ return "5.7.0";
35
35
  }
36
36
 
37
37
  maybeAddNodeEnvironment() {
package/esm/builderUtil.js CHANGED
@@ -15,6 +15,12 @@ import AuthSdkError from './errors/AuthSdkError';
15
15
  // eslint-disable-next-line complexity
16
16
  function assertValidConfig(args) {
17
17
  args = args || {};
18
+ var scopes = args.scopes;
19
+
20
+ if (scopes && !Array.isArray(scopes)) {
21
+ throw new AuthSdkError('scopes must be a array of strings. ' + 'Required usage: new OktaAuth({scopes: ["openid", "email"]})');
22
+ }
23
+
18
24
  var issuer = args.issuer;
19
25
 
20
26
  if (!issuer) {
package/esm/builderUtil.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../lib/builderUtil.ts"],"names":["AuthSdkError","assertValidConfig","args","issuer","isUrlRegex","RegExp","test","indexOf","getUserAgent","sdkValue","userAgent","value","template","replace"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,OAAOA,YAAP,MAAyB,uBAAzB;;AAGA;AACA;AACA,SAASC,iBAAT,CAA2BC,IAA3B,EAAkD;AAChDA,EAAAA,IAAI,GAAGA,IAAI,IAAI,EAAf;AAEA,MAAIC,MAAM,GAAGD,IAAI,CAACC,MAAlB;;AACA,MAAI,CAACA,MAAL,EAAa;AACX,UAAM,IAAIH,YAAJ,CAAiB,sCACrB,8FADI,CAAN;AAED;;AAED,MAAII,UAAU,GAAG,IAAIC,MAAJ,CAAW,eAAX,CAAjB;;AACA,MAAI,CAACD,UAAU,CAACE,IAAX,CAAgBJ,IAAI,CAACC,MAArB,CAAL,EAAmC;AACjC,UAAM,IAAIH,YAAJ,CAAiB,iCACrB,8FADI,CAAN;AAED;;AAED,MAAIG,MAAM,CAACI,OAAP,CAAe,SAAf,MAA8B,CAAC,CAAnC,EAAsC;AACpC,UAAM,IAAIP,YAAJ,CAAiB,sEACrB,uEADI,CAAN;AAED;AACF;;AAED,SAASQ,YAAT,CAAsBN,IAAtB,EAA6CO,QAA7C,EAAuE;AACrE,MAAIC,SAAS,GAAGR,IAAI,CAACQ,SAAL,IAAkB,EAAlC;;AAEA,MAAIA,SAAS,CAACC,KAAd,EAAqB;AACnB,WAAOD,SAAS,CAACC,KAAjB;AACD;;AAED,MAAID,SAAS,CAACE,QAAd,EAAwB;AACtB,WAAOF,SAAS,CAACE,QAAV,CAAmBC,OAAnB,CAA2B,eAA3B,EAA4CJ,QAA5C,CAAP;AACD;;AAED,SAAOA,QAAP;AACD;;AAED,SACER,iBADF,EAEEO,YAFF","sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport AuthSdkError from './errors/AuthSdkError';\nimport { OktaAuthOptions } from './types';\n\n// TODO: use @okta/configuration-validation (move module to this monorepo?)\n// eslint-disable-next-line complexity\nfunction assertValidConfig(args: OktaAuthOptions) {\n args = args || {};\n\n var issuer = args.issuer;\n if (!issuer) {\n throw new AuthSdkError('No issuer passed to constructor. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n var isUrlRegex = new RegExp('^http?s?://.+');\n if (!isUrlRegex.test(args.issuer)) {\n throw new AuthSdkError('Issuer must be a valid URL. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n if (issuer.indexOf('-admin.') !== -1) {\n throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n }\n}\n\nfunction getUserAgent(args: OktaAuthOptions, sdkValue: string): string {\n var userAgent = args.userAgent || {};\n\n if (userAgent.value) {\n return userAgent.value;\n }\n\n if (userAgent.template) {\n return userAgent.template.replace('$OKTA_AUTH_JS', sdkValue);\n }\n\n return sdkValue;\n}\n\nexport {\n assertValidConfig,\n getUserAgent\n};\n"],"file":"builderUtil.js"}
1
+ {"version":3,"sources":["../../lib/builderUtil.ts"],"names":["AuthSdkError","assertValidConfig","args","scopes","Array","isArray","issuer","isUrlRegex","RegExp","test","indexOf","getUserAgent","sdkValue","userAgent","value","template","replace"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,OAAOA,YAAP,MAAyB,uBAAzB;;AAGA;AACA;AACA,SAASC,iBAAT,CAA2BC,IAA3B,EAAkD;AAChDA,EAAAA,IAAI,GAAGA,IAAI,IAAI,EAAf;AAEA,MAAIC,MAAM,GAAGD,IAAI,CAACC,MAAlB;;AACA,MAAIA,MAAM,IAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,MAAd,CAAf,EAAsC;AACpC,UAAM,IAAIH,YAAJ,CAAiB,wCACrB,6DADI,CAAN;AAED;;AAED,MAAIM,MAAM,GAAGJ,IAAI,CAACI,MAAlB;;AACA,MAAI,CAACA,MAAL,EAAa;AACX,UAAM,IAAIN,YAAJ,CAAiB,sCACrB,8FADI,CAAN;AAED;;AAED,MAAIO,UAAU,GAAG,IAAIC,MAAJ,CAAW,eAAX,CAAjB;;AACA,MAAI,CAACD,UAAU,CAACE,IAAX,CAAgBP,IAAI,CAACI,MAArB,CAAL,EAAmC;AACjC,UAAM,IAAIN,YAAJ,CAAiB,iCACrB,8FADI,CAAN;AAED;;AAED,MAAIM,MAAM,CAACI,OAAP,CAAe,SAAf,MAA8B,CAAC,CAAnC,EAAsC;AACpC,UAAM,IAAIV,YAAJ,CAAiB,sEACrB,uEADI,CAAN;AAED;AACF;;AAED,SAASW,YAAT,CAAsBT,IAAtB,EAA6CU,QAA7C,EAAuE;AACrE,MAAIC,SAAS,GAAGX,IAAI,CAACW,SAAL,IAAkB,EAAlC;;AAEA,MAAIA,SAAS,CAACC,KAAd,EAAqB;AACnB,WAAOD,SAAS,CAACC,KAAjB;AACD;;AAED,MAAID,SAAS,CAACE,QAAd,EAAwB;AACtB,WAAOF,SAAS,CAACE,QAAV,CAAmBC,OAAnB,CAA2B,eAA3B,EAA4CJ,QAA5C,CAAP;AACD;;AAED,SAAOA,QAAP;AACD;;AAED,SACEX,iBADF,EAEEU,YAFF","sourcesContent":["/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport AuthSdkError from './errors/AuthSdkError';\nimport { OktaAuthOptions } from './types';\n\n// TODO: use @okta/configuration-validation (move module to this monorepo?)\n// eslint-disable-next-line complexity\nfunction assertValidConfig(args: OktaAuthOptions) {\n args = args || {};\n\n var scopes = args.scopes;\n if (scopes && !Array.isArray(scopes)) {\n throw new AuthSdkError('scopes must be a array of strings. ' +\n 'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n }\n\n var issuer = args.issuer;\n if (!issuer) {\n throw new AuthSdkError('No issuer passed to constructor. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n var isUrlRegex = new RegExp('^http?s?://.+');\n if (!isUrlRegex.test(args.issuer)) {\n throw new AuthSdkError('Issuer must be a valid URL. ' + \n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n }\n\n if (issuer.indexOf('-admin.') !== -1) {\n throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n }\n}\n\nfunction getUserAgent(args: OktaAuthOptions, sdkValue: string): string {\n var userAgent = args.userAgent || {};\n\n if (userAgent.value) {\n return userAgent.value;\n }\n\n if (userAgent.template) {\n return userAgent.template.replace('$OKTA_AUTH_JS', sdkValue);\n }\n\n return sdkValue;\n}\n\nexport {\n assertValidConfig,\n getUserAgent\n};\n"],"file":"builderUtil.js"}
package/esm/idx/remediators/Base/Remediator.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../../lib/idx/remediators/Base/Remediator.ts"],"names":["AuthSdkError","getAllValues","getRequiredValues","titleCase","Remediator","constructor","remediation","values","authenticators","map","authenticator","key","getName","name","canRemediate","required","needed","find","hasData","getData","allValues","res","reduce","data","value","entry","i","length","val","Object","keys","getNextStep","inputs","getInputs","getAuthenticator","type","inputFromRemediation","item","input","aliases","includes","Array","isArray","forEach","push","getMessages","form","messages","field","getValuesAfterProceed","authenticatorKey","filter","relatesTo"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,YAAT,QAA6B,iBAA7B;AAGA,SAASC,YAAT,EAAuBC,iBAAvB,EAA0CC,SAA1C,QAA2D,SAA3D,C,CAEA;;AAQA;AACA,OAAO,MAAMC,UAAN,CAAiB;AAOtBC,EAAAA,WAAW,CAACC,WAAD,EAA8D;AAAA;;AAAA,QAAhCC,MAAgC,uEAAJ,EAAI;AACvE;AACAA,IAAAA,MAAM,CAACC,cAAP,GAAyB,0BAAAD,MAAM,CAACC,cAAP,gFAAuBC,GAAvB,CAA2BC,aAAa,IAAI;AACnE,aAAO,OAAOA,aAAP,KAAyB,QAAzB,GACH;AAAEC,QAAAA,GAAG,EAAED;AAAP,OADG,GACsBA,aAD7B;AAED,KAHwB,MAGnB,EAHN,CAFuE,CAOvE;;AACA,SAAKH,MAAL,GAAcA,MAAd;AACA,SAAKD,WAAL,GAAmBA,WAAnB;AACD;;AAEDM,EAAAA,OAAO,GAAW;AAChB,WAAO,KAAKN,WAAL,CAAiBO,IAAxB;AACD,GArBqB,CAuBtB;;;AACAC,EAAAA,YAAY,GAAY;AACtB,QAAI,CAAC,KAAKL,GAAV,EAAe;AACb,aAAO,KAAP;AACD;;AACD,QAAMM,QAAQ,GAAGb,iBAAiB,CAAC,KAAKI,WAAN,CAAlC;AACA,QAAMU,MAAM,GAAGD,QAAQ,CAACE,IAAT,CAAeN,GAAD,IAAS,CAAC,KAAKO,OAAL,CAAaP,GAAb,CAAxB,CAAf;;AACA,QAAIK,MAAJ,EAAY;AACV,aAAO,KAAP,CADU,CACI;AACf;;AACD,WAAO,IAAP,CATsB,CAST;AACd,GAlCqB,CAoCtB;;;AACAG,EAAAA,OAAO,CAACR,GAAD,EAAe;AAEpB,QAAI,CAACA,GAAL,EAAU;AACR,UAAIS,SAAS,GAAGnB,YAAY,CAAC,KAAKK,WAAN,CAA5B;AACA,UAAIe,GAAG,GAAGD,SAAS,CAACE,MAAV,CAAiB,CAACC,IAAD,EAAOZ,GAAP,KAAe;AACxCY,QAAAA,IAAI,CAACZ,GAAD,CAAJ,GAAY,KAAKQ,OAAL,CAAaR,GAAb,CAAZ,CADwC,CACT;;AAC/B,eAAOY,IAAP;AACD,OAHS,EAGP,EAHO,CAAV;AAIA,aAAOF,GAAP;AACD,KATmB,CAWpB;;;AACA,QAAI,OAAO,kBAAWlB,SAAS,CAACQ,GAAD,CAApB,EAAP,KAAwC,UAA5C,EAAwD;AACtD,aAAO,kBAAWR,SAAS,CAACQ,GAAD,CAApB,GACL,KAAKL,WAAL,CAAiBkB,KAAjB,CAAuBP,IAAvB,CAA4B;AAAA,YAAC;AAACJ,UAAAA;AAAD,SAAD;AAAA,eAAYA,IAAI,KAAKF,GAArB;AAAA,OAA5B,CADK,CAAP;AAGD;;AAED,QAAI,CAAC,KAAKF,GAAV,EAAe;AACb,aAAO,KAAKF,MAAL,CAAYI,GAAZ,CAAP;AACD,KApBmB,CAsBpB;;;AACA,QAAMc,KAAK,GAAG,KAAKhB,GAAL,CAASE,GAAT,CAAd;;AACA,QAAI,CAACc,KAAL,EAAY;AACV,aAAO,KAAKlB,MAAL,CAAYI,GAAZ,CAAP;AACD,KA1BmB,CA4BpB;;;AACA,SAAK,IAAIe,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAGD,KAAK,CAACE,MAA1B,EAAkCD,CAAC,EAAnC,EAAuC;AACrC,UAAIE,GAAG,GAAG,KAAKrB,MAAL,CAAYkB,KAAK,CAACC,CAAD,CAAjB,CAAV;;AACA,UAAIE,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;AACF;AACF;;AAEDV,EAAAA,OAAO,CACLP,GADK,EAGP;AACE;AAEA;AACA,QAAMY,IAAI,GAAG,KAAKJ,OAAL,CAAaR,GAAb,CAAb;;AACA,QAAI,OAAOY,IAAP,KAAgB,QAApB,EAA8B;AAC5B,aAAO,CAAC,CAACM,MAAM,CAACC,IAAP,CAAYP,IAAZ,EAAkBN,IAAlB,CAAuBN,GAAG,IAAI,CAAC,CAACY,IAAI,CAACZ,GAAD,CAApC,CAAT;AACD;;AACD,WAAO,CAAC,CAACY,IAAT;AACD;;AAEDQ,EAAAA,WAAW,GAAa;AACtB,QAAMlB,IAAI,GAAG,KAAKD,OAAL,EAAb;AACA,QAAMoB,MAAM,GAAG,KAAKC,SAAL,EAAf;AACA,QAAMvB,aAAa,GAAG,KAAKwB,gBAAL,EAAtB,CAHsB,CAItB;AACA;;AACA,QAAMC,IAAI,GAAGzB,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEyB,IAA5B;AACA;AACEtB,MAAAA,IADF;AAEEmB,MAAAA;AAFF,OAGMG,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAHd,GAIMzB,aAAa,IAAI;AAAEA,MAAAA;AAAF,KAJvB;AAMD,GArGqB,CAuGtB;;;AACQuB,EAAAA,SAAS,GAAG;AAClB,QAAI,CAAC,KAAKxB,GAAV,EAAe;AACb,aAAO,EAAP;AACD;;AAED,WAAOoB,MAAM,CAACC,IAAP,CAAY,KAAKrB,GAAjB,EAAsBa,MAAtB,CAA6B,CAACU,MAAD,EAASrB,GAAT,KAAiB;AACnD,UAAMyB,oBAAoB,GAAG,KAAK9B,WAAL,CAAiBkB,KAAjB,CAAuBP,IAAvB,CAA4BoB,IAAI,IAAIA,IAAI,CAACxB,IAAL,KAAcF,GAAlD,CAA7B;;AACA,UAAI,CAACyB,oBAAL,EAA2B;AACzB,eAAOJ,MAAP;AACD;;AAED,UAAIM,KAAJ;AACA,UAAMC,OAAO,GAAG,KAAK9B,GAAL,CAASE,GAAT,CAAhB;AACA,UAAM;AAAEwB,QAAAA;AAAF,UAAWC,oBAAjB;;AACA,UAAI,OAAO,uBAAgBjC,SAAS,CAACQ,GAAD,CAAzB,EAAP,KAA6C,UAAjD,EAA6D;AAC3D2B,QAAAA,KAAK,GAAG,uBAAgBnC,SAAS,CAACQ,GAAD,CAAzB,GAAkCyB,oBAAlC,CAAR;AACD,OAFD,MAEO,IAAID,IAAI,KAAK,QAAb,EAAuB;AAC5B;AACA,YAAItB,IAAJ;;AACA,YAAI0B,OAAO,CAACZ,MAAR,KAAmB,CAAvB,EAA0B;AACxBd,UAAAA,IAAI,GAAG0B,OAAO,CAAC,CAAD,CAAd;AACD,SAFD,MAEO;AACL;AACA1B,UAAAA,IAAI,GAAG0B,OAAO,CAACtB,IAAR,CAAaJ,IAAI,IAAIgB,MAAM,CAACC,IAAP,CAAY,KAAKvB,MAAjB,EAAyBiC,QAAzB,CAAkC3B,IAAlC,CAArB,CAAP;AACD;;AACD,YAAIA,IAAJ,EAAU;AACRyB,UAAAA,KAAK,mCAAQF,oBAAR;AAA8BvB,YAAAA;AAA9B,YAAL;AACD;AACF;;AAED,UAAI,CAACyB,KAAL,EAAY;AACV,cAAM,IAAItC,YAAJ,kCAA2CG,SAAS,CAACQ,GAAD,CAApD,oCAAmF,KAAKC,OAAL,EAAnF,EAAN;AACD;;AAED,UAAI6B,KAAK,CAACC,OAAN,CAAcJ,KAAd,CAAJ,EAA0B;AACxBA,QAAAA,KAAK,CAACK,OAAN,CAAcjB,CAAC,IAAIM,MAAM,CAACY,IAAP,CAAYlB,CAAZ,CAAnB;AACD,OAFD,MAEO;AACLM,QAAAA,MAAM,CAACY,IAAP,CAAYN,KAAZ;AACD;;AACD,aAAON,MAAP;AACD,KAnCM,EAmCJ,EAnCI,CAAP;AAoCD,GAjJqB,CAmJtB;;;AACAa,EAAAA,WAAW,GAA6B;AAAA;;AACtC,QAAI,CAAC,KAAKvC,WAAL,CAAiBkB,KAAtB,EAA6B;AAC3B;AACD;;AACD,oCAAO,KAAKlB,WAAL,CAAiBkB,KAAjB,CAAuB,CAAvB,CAAP,oFAAO,sBAA2BsB,IAAlC,2DAAO,uBAAiCtB,KAAjC,CAAuCF,MAAvC,CAA8C,CAACyB,QAAD,EAAWC,KAAX,KAAqB;AACxE,UAAIA,KAAK,CAACD,QAAV,EAAoB;AAClBA,QAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGC,KAAK,CAACD,QAAN,CAAevB,KAAhC,CAAX;AACD;;AACD,aAAOuB,QAAP;AACD,KALM,EAKJ,EALI,CAAP;AAMD,GA9JqB,CAgKtB;AACA;;;AACAE,EAAAA,qBAAqB,GAAY;AAAA;;AAC/B,QAAMC,gBAAgB,4BAAG,KAAKhB,gBAAL,EAAH,0DAAG,sBAAyBvB,GAAlD;AACA,QAAMH,cAAc,4BAAI,KAAKD,MAAL,CAAYC,cAAhB,0DAAG,sBACnB2C,MADmB,CACZzC,aAAa,IAAIA,aAAa,CAACC,GAAd,KAAsBuC,gBAD3B,CAAvB;AAEA,2CAAY,KAAK3C,MAAjB;AAAyBC,MAAAA;AAAzB;AACD;;AAES0B,EAAAA,gBAAgB,GAAiC;AAAA;;AACzD,oCAAO,KAAK5B,WAAL,CAAiB8C,SAAxB,0DAAO,sBAA4B5B,KAAnC;AACD;;AA3KqB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { AuthSdkError } from '../../../errors';\nimport { NextStep, IdxMessage, Authenticator } from '../../types';\nimport { IdxAuthenticator, IdxRemediation } from '../../types/idx-js';\nimport { getAllValues, getRequiredValues, titleCase } from '../util';\n\n// A map from IDX data values (server spec) to RemediationValues (client spec)\nexport type IdxToRemediationValueMap = Record<string, string[]>;\n\nexport interface RemediationValues {\n stateHandle?: string;\n authenticators?: Authenticator[] | string[];\n}\n\n// Base class - DO NOT expose static remediationName\nexport class Remediator {\n static remediationName: string;\n\n remediation: IdxRemediation;\n values: RemediationValues;\n map?: IdxToRemediationValueMap;\n\n constructor(remediation: IdxRemediation, values: RemediationValues = {}) {\n // map authenticators to Authenticator[] type\n values.authenticators = (values.authenticators?.map(authenticator => {\n return typeof authenticator === 'string' \n ? { key: authenticator } : authenticator;\n }) || []) as Authenticator[];\n \n // assign fields to the instance\n this.values = values;\n this.remediation = remediation;\n }\n\n getName(): string {\n return this.remediation.name;\n }\n\n // Override this method to provide custom check\n canRemediate(): boolean {\n if (!this.map) {\n return false;\n }\n const required = getRequiredValues(this.remediation);\n const needed = required.find((key) => !this.hasData(key));\n if (needed) {\n return false; // missing data for a required field\n }\n return true; // all required fields have available data\n }\n\n // returns an object for the entire remediation form, or just a part\n getData(key?: string) {\n\n if (!key) {\n let allValues = getAllValues(this.remediation);\n let res = allValues.reduce((data, key) => {\n data[key] = this.getData(key); // recursive\n return data;\n }, {});\n return res;\n }\n\n // Map value by \"map${Property}\" function in each subClass\n if (typeof this[`map${titleCase(key)}`] === 'function') {\n return this[`map${titleCase(key)}`](\n this.remediation.value.find(({name}) => name === key)\n );\n }\n\n if (!this.map) {\n return this.values[key];\n }\n\n // Handle general primitive types\n const entry = this.map[key];\n if (!entry) {\n return this.values[key];\n }\n\n // find the first aliased property that returns a truthy value\n for (let i = 0; i < entry.length; i++) {\n let val = this.values[entry[i]];\n if (val) {\n return val;\n }\n }\n }\n\n hasData(\n key: string // idx name\n ): boolean \n {\n // no attempt to format, we want simple true/false\n\n // First see if the remediation has a mapping for this vale\n const data = this.getData(key);\n if (typeof data === 'object') {\n return !!Object.keys(data).find(key => !!data[key]);\n }\n return !!data;\n }\n\n getNextStep(): NextStep {\n const name = this.getName();\n const inputs = this.getInputs();\n const authenticator = this.getAuthenticator();\n // TODO: remove type field in the next major version change\n // https://oktainc.atlassian.net/browse/OKTA-431749\n const type = authenticator?.type;\n return { \n name, \n inputs, \n ...(type && { type }),\n ...(authenticator && { authenticator }),\n };\n }\n\n // Get inputs for the next step\n private getInputs() {\n if (!this.map) {\n return [];\n }\n\n return Object.keys(this.map).reduce((inputs, key) => {\n const inputFromRemediation = this.remediation.value.find(item => item.name === key);\n if (!inputFromRemediation) {\n return inputs;\n }\n\n let input;\n const aliases = this.map[key];\n const { type } = inputFromRemediation;\n if (typeof this[`getInput${titleCase(key)}`] === 'function') {\n input = this[`getInput${titleCase(key)}`](inputFromRemediation);\n } else if (type !== 'object') {\n // handle general primitive types\n let name;\n if (aliases.length === 1) {\n name = aliases[0];\n } else {\n // try find key from values\n name = aliases.find(name => Object.keys(this.values).includes(name));\n }\n if (name) {\n input = { ...inputFromRemediation, name };\n }\n } \n\n if (!input) {\n throw new AuthSdkError(`Missing custom getInput${titleCase(key)} method in Remediator: ${this.getName()}`);\n }\n\n if (Array.isArray(input)) {\n input.forEach(i => inputs.push(i));\n } else {\n inputs.push(input);\n }\n return inputs;\n }, []);\n }\n\n // Override this method to grab messages per remediation\n getMessages(): IdxMessage[] | undefined {\n if (!this.remediation.value) {\n return;\n }\n return this.remediation.value[0]?.form?.value.reduce((messages, field) => {\n if (field.messages) {\n messages = [...messages, ...field.messages.value];\n }\n return messages;\n }, []);\n }\n\n // Prepare values for the next remediation\n // In general, remove finished authenticator from list\n getValuesAfterProceed(): unknown {\n const authenticatorKey = this.getAuthenticator()?.key;\n const authenticators = (this.values.authenticators as Authenticator[])\n ?.filter(authenticator => authenticator.key !== authenticatorKey);\n return { ...this.values, authenticators };\n }\n\n protected getAuthenticator(): IdxAuthenticator | undefined {\n return this.remediation.relatesTo?.value;\n }\n\n}\n"],"file":"Remediator.js"}
1
+ {"version":3,"sources":["../../../../../lib/idx/remediators/Base/Remediator.ts"],"names":["AuthSdkError","getAllValues","getRequiredValues","titleCase","Remediator","constructor","remediation","values","authenticators","map","authenticator","key","getName","name","canRemediate","required","needed","find","hasData","getData","allValues","res","reduce","data","value","entry","i","length","val","Object","keys","getNextStep","inputs","getInputs","getAuthenticator","type","inputFromRemediation","item","input","aliases","includes","Array","isArray","forEach","push","getMessages","form","messages","field","getValuesAfterProceed","authenticatorKey","filter","relatesTo"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,YAAT,QAA6B,iBAA7B;AAGA,SAASC,YAAT,EAAuBC,iBAAvB,EAA0CC,SAA1C,QAA2D,SAA3D,C,CAEA;;AAQA;AACA,OAAO,MAAMC,UAAN,CAAiB;AAOtBC,EAAAA,WAAW,CAACC,WAAD,EAA8D;AAAA;;AAAA,QAAhCC,MAAgC,uEAAJ,EAAI;AACvE;AACAA,IAAAA,MAAM,CAACC,cAAP,GAAyB,0BAAAD,MAAM,CAACC,cAAP,gFAAuBC,GAAvB,CAA2BC,aAAa,IAAI;AACnE,aAAO,OAAOA,aAAP,KAAyB,QAAzB,GACH;AAAEC,QAAAA,GAAG,EAAED;AAAP,OADG,GACsBA,aAD7B;AAED,KAHwB,MAGnB,EAHN,CAFuE,CAOvE;;AACA,SAAKH,MAAL,GAAcA,MAAd;AACA,SAAKD,WAAL,GAAmBA,WAAnB;AACD;;AAEDM,EAAAA,OAAO,GAAW;AAChB,WAAO,KAAKN,WAAL,CAAiBO,IAAxB;AACD,GArBqB,CAuBtB;;;AACAC,EAAAA,YAAY,GAAY;AACtB,QAAI,CAAC,KAAKL,GAAV,EAAe;AACb,aAAO,KAAP;AACD;;AACD,QAAMM,QAAQ,GAAGb,iBAAiB,CAAC,KAAKI,WAAN,CAAlC;AACA,QAAMU,MAAM,GAAGD,QAAQ,CAACE,IAAT,CAAeN,GAAD,IAAS,CAAC,KAAKO,OAAL,CAAaP,GAAb,CAAxB,CAAf;;AACA,QAAIK,MAAJ,EAAY;AACV,aAAO,KAAP,CADU,CACI;AACf;;AACD,WAAO,IAAP,CATsB,CAST;AACd,GAlCqB,CAoCtB;;;AACAG,EAAAA,OAAO,CAACR,GAAD,EAAe;AAEpB,QAAI,CAACA,GAAL,EAAU;AACR,UAAIS,SAAS,GAAGnB,YAAY,CAAC,KAAKK,WAAN,CAA5B;AACA,UAAIe,GAAG,GAAGD,SAAS,CAACE,MAAV,CAAiB,CAACC,IAAD,EAAOZ,GAAP,KAAe;AACxCY,QAAAA,IAAI,CAACZ,GAAD,CAAJ,GAAY,KAAKQ,OAAL,CAAaR,GAAb,CAAZ,CADwC,CACT;;AAC/B,eAAOY,IAAP;AACD,OAHS,EAGP,EAHO,CAAV;AAIA,aAAOF,GAAP;AACD,KATmB,CAWpB;;;AACA,QAAI,OAAO,kBAAWlB,SAAS,CAACQ,GAAD,CAApB,EAAP,KAAwC,UAA5C,EAAwD;AACtD,aAAO,kBAAWR,SAAS,CAACQ,GAAD,CAApB,GACL,KAAKL,WAAL,CAAiBkB,KAAjB,CAAuBP,IAAvB,CAA4B;AAAA,YAAC;AAACJ,UAAAA;AAAD,SAAD;AAAA,eAAYA,IAAI,KAAKF,GAArB;AAAA,OAA5B,CADK,CAAP;AAGD;;AAED,QAAI,CAAC,KAAKF,GAAV,EAAe;AACb,aAAO,KAAKF,MAAL,CAAYI,GAAZ,CAAP;AACD,KApBmB,CAsBpB;;;AACA,QAAMc,KAAK,GAAG,KAAKhB,GAAL,CAASE,GAAT,CAAd;;AACA,QAAI,CAACc,KAAL,EAAY;AACV,aAAO,KAAKlB,MAAL,CAAYI,GAAZ,CAAP;AACD,KA1BmB,CA4BpB;;;AACA,SAAK,IAAIe,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAGD,KAAK,CAACE,MAA1B,EAAkCD,CAAC,EAAnC,EAAuC;AACrC,UAAIE,GAAG,GAAG,KAAKrB,MAAL,CAAYkB,KAAK,CAACC,CAAD,CAAjB,CAAV;;AACA,UAAIE,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;AACF;AACF;;AAEDV,EAAAA,OAAO,CACLP,GADK,EAGP;AACE;AAEA;AACA,QAAMY,IAAI,GAAG,KAAKJ,OAAL,CAAaR,GAAb,CAAb;;AACA,QAAI,OAAOY,IAAP,KAAgB,QAApB,EAA8B;AAC5B,aAAO,CAAC,CAACM,MAAM,CAACC,IAAP,CAAYP,IAAZ,EAAkBN,IAAlB,CAAuBN,GAAG,IAAI,CAAC,CAACY,IAAI,CAACZ,GAAD,CAApC,CAAT;AACD;;AACD,WAAO,CAAC,CAACY,IAAT;AACD;;AAEDQ,EAAAA,WAAW,GAAa;AACtB,QAAMlB,IAAI,GAAG,KAAKD,OAAL,EAAb;AACA,QAAMoB,MAAM,GAAG,KAAKC,SAAL,EAAf;AACA,QAAMvB,aAAa,GAAG,KAAKwB,gBAAL,EAAtB,CAHsB,CAItB;AACA;;AACA,QAAMC,IAAI,GAAGzB,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEyB,IAA5B;AACA;AACEtB,MAAAA,IADF;AAEEmB,MAAAA;AAFF,OAGMG,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAHd,GAIMzB,aAAa,IAAI;AAAEA,MAAAA;AAAF,KAJvB;AAMD,GArGqB,CAuGtB;;;AACQuB,EAAAA,SAAS,GAAY;AAC3B,QAAI,CAAC,KAAKxB,GAAV,EAAe;AACb,aAAO,EAAP;AACD;;AAED,WAAOoB,MAAM,CAACC,IAAP,CAAY,KAAKrB,GAAjB,EAAsBa,MAAtB,CAA6B,CAACU,MAAD,EAASrB,GAAT,KAAiB;AACnD,UAAMyB,oBAAoB,GAAG,KAAK9B,WAAL,CAAiBkB,KAAjB,CAAuBP,IAAvB,CAA4BoB,IAAI,IAAIA,IAAI,CAACxB,IAAL,KAAcF,GAAlD,CAA7B;;AACA,UAAI,CAACyB,oBAAL,EAA2B;AACzB,eAAOJ,MAAP;AACD;;AAED,UAAIM,KAAJ;AACA,UAAMC,OAAO,GAAG,KAAK9B,GAAL,CAASE,GAAT,CAAhB;AACA,UAAM;AAAEwB,QAAAA;AAAF,UAAWC,oBAAjB;;AACA,UAAI,OAAO,uBAAgBjC,SAAS,CAACQ,GAAD,CAAzB,EAAP,KAA6C,UAAjD,EAA6D;AAC3D2B,QAAAA,KAAK,GAAG,uBAAgBnC,SAAS,CAACQ,GAAD,CAAzB,GAAkCyB,oBAAlC,CAAR;AACD,OAFD,MAEO,IAAID,IAAI,KAAK,QAAb,EAAuB;AAC5B;AACA,YAAItB,IAAJ;;AACA,YAAI0B,OAAO,CAACZ,MAAR,KAAmB,CAAvB,EAA0B;AACxBd,UAAAA,IAAI,GAAG0B,OAAO,CAAC,CAAD,CAAd;AACD,SAFD,MAEO;AACL;AACA1B,UAAAA,IAAI,GAAG0B,OAAO,CAACtB,IAAR,CAAaJ,IAAI,IAAIgB,MAAM,CAACC,IAAP,CAAY,KAAKvB,MAAjB,EAAyBiC,QAAzB,CAAkC3B,IAAlC,CAArB,CAAP;AACD;;AACD,YAAIA,IAAJ,EAAU;AACRyB,UAAAA,KAAK,mCAAQF,oBAAR;AAA8BvB,YAAAA;AAA9B,YAAL;AACD;AACF;;AAED,UAAI,CAACyB,KAAL,EAAY;AACV,cAAM,IAAItC,YAAJ,kCAA2CG,SAAS,CAACQ,GAAD,CAApD,oCAAmF,KAAKC,OAAL,EAAnF,EAAN;AACD;;AAED,UAAI6B,KAAK,CAACC,OAAN,CAAcJ,KAAd,CAAJ,EAA0B;AACxBA,QAAAA,KAAK,CAACK,OAAN,CAAcjB,CAAC,IAAIM,MAAM,CAACY,IAAP,CAAYlB,CAAZ,CAAnB;AACD,OAFD,MAEO;AACLM,QAAAA,MAAM,CAACY,IAAP,CAAYN,KAAZ;AACD;;AACD,aAAON,MAAP;AACD,KAnCM,EAmCJ,EAnCI,CAAP;AAoCD,GAjJqB,CAmJtB;;;AACAa,EAAAA,WAAW,GAA6B;AAAA;;AACtC,QAAI,CAAC,KAAKvC,WAAL,CAAiBkB,KAAtB,EAA6B;AAC3B;AACD;;AACD,oCAAO,KAAKlB,WAAL,CAAiBkB,KAAjB,CAAuB,CAAvB,CAAP,oFAAO,sBAA2BsB,IAAlC,2DAAO,uBAAiCtB,KAAjC,CAAuCF,MAAvC,CAA8C,CAACyB,QAAD,EAAWC,KAAX,KAAqB;AACxE,UAAIA,KAAK,CAACD,QAAV,EAAoB;AAClBA,QAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGC,KAAK,CAACD,QAAN,CAAevB,KAAhC,CAAX;AACD;;AACD,aAAOuB,QAAP;AACD,KALM,EAKJ,EALI,CAAP;AAMD,GA9JqB,CAgKtB;AACA;;;AACAE,EAAAA,qBAAqB,GAAY;AAAA;;AAC/B,QAAMC,gBAAgB,4BAAG,KAAKhB,gBAAL,EAAH,0DAAG,sBAAyBvB,GAAlD;AACA,QAAMH,cAAc,4BAAI,KAAKD,MAAL,CAAYC,cAAhB,0DAAG,sBACnB2C,MADmB,CACZzC,aAAa,IAAIA,aAAa,CAACC,GAAd,KAAsBuC,gBAD3B,CAAvB;AAEA,2CAAY,KAAK3C,MAAjB;AAAyBC,MAAAA;AAAzB;AACD;;AAES0B,EAAAA,gBAAgB,GAAiC;AAAA;;AACzD,oCAAO,KAAK5B,WAAL,CAAiB8C,SAAxB,0DAAO,sBAA4B5B,KAAnC;AACD;;AA3KqB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { AuthSdkError } from '../../../errors';\nimport { NextStep, IdxMessage, Authenticator, Input } from '../../types';\nimport { IdxAuthenticator, IdxRemediation } from '../../types/idx-js';\nimport { getAllValues, getRequiredValues, titleCase } from '../util';\n\n// A map from IDX data values (server spec) to RemediationValues (client spec)\nexport type IdxToRemediationValueMap = Record<string, string[]>;\n\nexport interface RemediationValues {\n stateHandle?: string;\n authenticators?: Authenticator[] | string[];\n}\n\n// Base class - DO NOT expose static remediationName\nexport class Remediator {\n static remediationName: string;\n\n remediation: IdxRemediation;\n values: RemediationValues;\n map?: IdxToRemediationValueMap;\n\n constructor(remediation: IdxRemediation, values: RemediationValues = {}) {\n // map authenticators to Authenticator[] type\n values.authenticators = (values.authenticators?.map(authenticator => {\n return typeof authenticator === 'string' \n ? { key: authenticator } : authenticator;\n }) || []) as Authenticator[];\n \n // assign fields to the instance\n this.values = values;\n this.remediation = remediation;\n }\n\n getName(): string {\n return this.remediation.name;\n }\n\n // Override this method to provide custom check\n canRemediate(): boolean {\n if (!this.map) {\n return false;\n }\n const required = getRequiredValues(this.remediation);\n const needed = required.find((key) => !this.hasData(key));\n if (needed) {\n return false; // missing data for a required field\n }\n return true; // all required fields have available data\n }\n\n // returns an object for the entire remediation form, or just a part\n getData(key?: string) {\n\n if (!key) {\n let allValues = getAllValues(this.remediation);\n let res = allValues.reduce((data, key) => {\n data[key] = this.getData(key); // recursive\n return data;\n }, {});\n return res;\n }\n\n // Map value by \"map${Property}\" function in each subClass\n if (typeof this[`map${titleCase(key)}`] === 'function') {\n return this[`map${titleCase(key)}`](\n this.remediation.value.find(({name}) => name === key)\n );\n }\n\n if (!this.map) {\n return this.values[key];\n }\n\n // Handle general primitive types\n const entry = this.map[key];\n if (!entry) {\n return this.values[key];\n }\n\n // find the first aliased property that returns a truthy value\n for (let i = 0; i < entry.length; i++) {\n let val = this.values[entry[i]];\n if (val) {\n return val;\n }\n }\n }\n\n hasData(\n key: string // idx name\n ): boolean \n {\n // no attempt to format, we want simple true/false\n\n // First see if the remediation has a mapping for this vale\n const data = this.getData(key);\n if (typeof data === 'object') {\n return !!Object.keys(data).find(key => !!data[key]);\n }\n return !!data;\n }\n\n getNextStep(): NextStep {\n const name = this.getName();\n const inputs = this.getInputs();\n const authenticator = this.getAuthenticator();\n // TODO: remove type field in the next major version change\n // https://oktainc.atlassian.net/browse/OKTA-431749\n const type = authenticator?.type;\n return { \n name, \n inputs, \n ...(type && { type }),\n ...(authenticator && { authenticator }),\n };\n }\n\n // Get inputs for the next step\n private getInputs(): Input[] {\n if (!this.map) {\n return [];\n }\n\n return Object.keys(this.map).reduce((inputs, key) => {\n const inputFromRemediation = this.remediation.value.find(item => item.name === key);\n if (!inputFromRemediation) {\n return inputs;\n }\n\n let input: Input;\n const aliases = this.map[key];\n const { type } = inputFromRemediation;\n if (typeof this[`getInput${titleCase(key)}`] === 'function') {\n input = this[`getInput${titleCase(key)}`](inputFromRemediation);\n } else if (type !== 'object') {\n // handle general primitive types\n let name;\n if (aliases.length === 1) {\n name = aliases[0];\n } else {\n // try find key from values\n name = aliases.find(name => Object.keys(this.values).includes(name));\n }\n if (name) {\n input = { ...inputFromRemediation, name };\n }\n } \n\n if (!input) {\n throw new AuthSdkError(`Missing custom getInput${titleCase(key)} method in Remediator: ${this.getName()}`);\n }\n\n if (Array.isArray(input)) {\n input.forEach(i => inputs.push(i));\n } else {\n inputs.push(input);\n }\n return inputs;\n }, []);\n }\n\n // Override this method to grab messages per remediation\n getMessages(): IdxMessage[] | undefined {\n if (!this.remediation.value) {\n return;\n }\n return this.remediation.value[0]?.form?.value.reduce((messages, field) => {\n if (field.messages) {\n messages = [...messages, ...field.messages.value];\n }\n return messages;\n }, []);\n }\n\n // Prepare values for the next remediation\n // In general, remove finished authenticator from list\n getValuesAfterProceed(): unknown {\n const authenticatorKey = this.getAuthenticator()?.key;\n const authenticators = (this.values.authenticators as Authenticator[])\n ?.filter(authenticator => authenticator.key !== authenticatorKey);\n return { ...this.values, authenticators };\n }\n\n protected getAuthenticator(): IdxAuthenticator | undefined {\n return this.remediation.relatesTo?.value;\n }\n\n}\n"],"file":"Remediator.js"}
package/esm/idx/remediators/Base/VerifyAuthenticator.js CHANGED
@@ -37,9 +37,11 @@ export class VerifyAuthenticator extends Remediator {
37
37
  }
38
38
 
39
39
  getInputCredentials(input) {
40
+ var _input$form;
41
+
40
42
  var challengeType = this.getAuthenticator().type;
41
43
  var name = challengeType === 'password' ? 'password' : 'verificationCode';
42
- return _objectSpread(_objectSpread({}, input.form.value[0]), {}, {
44
+ return _objectSpread(_objectSpread({}, (_input$form = input.form) === null || _input$form === void 0 ? void 0 : _input$form.value[0]), {}, {
43
45
  name,
44
46
  type: 'string',
45
47
  required: input.required
package/esm/idx/remediators/Base/VerifyAuthenticator.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../../lib/idx/remediators/Base/VerifyAuthenticator.ts"],"names":["Remediator","VerifyAuthenticator","canRemediate","values","password","verificationCode","mapCredentials","passcode","getInputCredentials","input","challengeType","getAuthenticator","type","name","form","value","required","getValuesAfterProceed","authenticator"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,UAAT,QAA8C,cAA9C;AAOA;AACA,OAAO,MAAMC,mBAAN,SAAkCD,UAAlC,CAA6C;AAAA;AAAA;;AAAA,iCAI5C;AACJ,qBAAe;AADX,KAJ4C;AAAA;;AAQlDE,EAAAA,YAAY,GAAG;AACb,WAAO,CAAC,EAAE,KAAKC,MAAL,CAAYC,QAAZ,IAAwB,KAAKD,MAAL,CAAYE,gBAAtC,CAAR;AACD;;AAEDC,EAAAA,cAAc,GAAG;AACf,WAAO;AACLC,MAAAA,QAAQ,EAAE,KAAKJ,MAAL,CAAYE,gBAAZ,IAAgC,KAAKF,MAAL,CAAYC;AADjD,KAAP;AAGD;;AAEDI,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AACzB,QAAMC,aAAa,GAAG,KAAKC,gBAAL,GAAwBC,IAA9C;AACA,QAAMC,IAAI,GAAGH,aAAa,KAAK,UAAlB,GAA+B,UAA/B,GAA4C,kBAAzD;AACA,2CACKD,KAAK,CAACK,IAAN,CAAWC,KAAX,CAAiB,CAAjB,CADL;AAEEF,MAAAA,IAFF;AAGED,MAAAA,IAAI,EAAE,QAHR;AAIEI,MAAAA,QAAQ,EAAEP,KAAK,CAACO;AAJlB;AAMD;;AAEDC,EAAAA,qBAAqB,GAAG;AACtB,QAAId,MAAM,GAAG,MAAMc,qBAAN,EAAb;AACA,QAAMC,aAAa,GAAG,KAAKP,gBAAL,EAAtB;;AACA,QAAIO,aAAa,CAACN,IAAd,KAAuB,UAA3B,EAAuC;AACrC,aAAOT,MAAM,CAACC,QAAd;AACD,KAFD,MAEO;AACL,aAAOD,MAAM,CAACE,gBAAd;AACD;;AACD,WAAOF,MAAP;AACD;;AAtCiD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\n\nexport interface VerifyAuthenticatorValues extends RemediationValues {\n verificationCode?: string;\n password?: string;\n}\n\n// Base class - DO NOT expose static remediationName\nexport class VerifyAuthenticator extends Remediator {\n\n values: VerifyAuthenticatorValues;\n\n map = {\n 'credentials': []\n };\n\n canRemediate() {\n return !!(this.values.password || this.values.verificationCode);\n }\n\n mapCredentials() {\n return { \n passcode: this.values.verificationCode || this.values.password\n };\n }\n\n getInputCredentials(input) {\n const challengeType = this.getAuthenticator().type;\n const name = challengeType === 'password' ? 'password' : 'verificationCode';\n return {\n ...input.form.value[0],\n name,\n type: 'string',\n required: input.required\n };\n }\n\n getValuesAfterProceed() {\n let values = super.getValuesAfterProceed() as VerifyAuthenticatorValues;\n const authenticator = this.getAuthenticator();\n if (authenticator.type === 'password') {\n delete values.password;\n } else {\n delete values.verificationCode;\n }\n return values;\n }\n\n}\n"],"file":"VerifyAuthenticator.js"}
1
+ {"version":3,"sources":["../../../../../lib/idx/remediators/Base/VerifyAuthenticator.ts"],"names":["Remediator","VerifyAuthenticator","canRemediate","values","password","verificationCode","mapCredentials","passcode","getInputCredentials","input","challengeType","getAuthenticator","type","name","form","value","required","getValuesAfterProceed","authenticator"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,UAAT,QAA8C,cAA9C;AAOA;AACA,OAAO,MAAMC,mBAAN,SAAkCD,UAAlC,CAA6C;AAAA;AAAA;;AAAA,iCAI5C;AACJ,qBAAe;AADX,KAJ4C;AAAA;;AAQlDE,EAAAA,YAAY,GAAG;AACb,WAAO,CAAC,EAAE,KAAKC,MAAL,CAAYC,QAAZ,IAAwB,KAAKD,MAAL,CAAYE,gBAAtC,CAAR;AACD;;AAEDC,EAAAA,cAAc,GAAG;AACf,WAAO;AACLC,MAAAA,QAAQ,EAAE,KAAKJ,MAAL,CAAYE,gBAAZ,IAAgC,KAAKF,MAAL,CAAYC;AADjD,KAAP;AAGD;;AAEDI,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AAAA;;AACzB,QAAMC,aAAa,GAAG,KAAKC,gBAAL,GAAwBC,IAA9C;AACA,QAAMC,IAAI,GAAGH,aAAa,KAAK,UAAlB,GAA+B,UAA/B,GAA4C,kBAAzD;AACA,0DACKD,KAAK,CAACK,IADX,gDACK,YAAYC,KAAZ,CAAkB,CAAlB,CADL;AAEEF,MAAAA,IAFF;AAGED,MAAAA,IAAI,EAAE,QAHR;AAIEI,MAAAA,QAAQ,EAAEP,KAAK,CAACO;AAJlB;AAMD;;AAEDC,EAAAA,qBAAqB,GAAG;AACtB,QAAId,MAAM,GAAG,MAAMc,qBAAN,EAAb;AACA,QAAMC,aAAa,GAAG,KAAKP,gBAAL,EAAtB;;AACA,QAAIO,aAAa,CAACN,IAAd,KAAuB,UAA3B,EAAuC;AACrC,aAAOT,MAAM,CAACC,QAAd;AACD,KAFD,MAEO;AACL,aAAOD,MAAM,CAACE,gBAAd;AACD;;AACD,WAAOF,MAAP;AACD;;AAtCiD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\n\nexport interface VerifyAuthenticatorValues extends RemediationValues {\n verificationCode?: string;\n password?: string;\n}\n\n// Base class - DO NOT expose static remediationName\nexport class VerifyAuthenticator extends Remediator {\n\n values: VerifyAuthenticatorValues;\n\n map = {\n 'credentials': []\n };\n\n canRemediate() {\n return !!(this.values.password || this.values.verificationCode);\n }\n\n mapCredentials() {\n return { \n passcode: this.values.verificationCode || this.values.password\n };\n }\n\n getInputCredentials(input) {\n const challengeType = this.getAuthenticator().type;\n const name = challengeType === 'password' ? 'password' : 'verificationCode';\n return {\n ...input.form?.value[0],\n name,\n type: 'string',\n required: input.required\n };\n }\n\n getValuesAfterProceed() {\n let values = super.getValuesAfterProceed() as VerifyAuthenticatorValues;\n const authenticator = this.getAuthenticator();\n if (authenticator.type === 'password') {\n delete values.password;\n } else {\n delete values.verificationCode;\n }\n return values;\n }\n\n}\n"],"file":"VerifyAuthenticator.js"}
package/esm/idx/remediators/Identify.js CHANGED
@@ -34,7 +34,8 @@ export class Identify extends Remediator {
34
34
  if (password && !authenticators.some(authenticator => authenticator.type === 'password')) {
35
35
  this.values = _objectSpread(_objectSpread({}, this.values), {}, {
36
36
  authenticators: [{
37
- type: 'password'
37
+ type: 'password',
38
+ key: AuthenticatorKey.OKTA_PASSWORD
38
39
  }, ...authenticators]
39
40
  });
40
41
  }
package/esm/idx/remediators/Identify.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/idx/remediators/Identify.ts"],"names":["Remediator","AuthenticatorKey","Identify","constructor","remediation","values","password","authenticators","some","authenticator","type","canRemediate","identifier","getData","mapCredentials","passcode","getInputCredentials","input","form","value","name","required","getValuesAfterProceed","filter","key","OKTA_PASSWORD"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,UAAT,QAA8C,mBAA9C;AACA,SAAwBC,gBAAxB,QAAgD,UAAhD;AAQA,OAAO,MAAMC,QAAN,SAAuBF,UAAvB,CAAkC;AAUvCG,EAAAA,WAAW,CAACC,WAAD,EAA8BC,MAA9B,EAAuD;AAChE,UAAMD,WAAN,EAAmBC,MAAnB,EADgE,CAGhE;;AAHgE,iCAL5D;AACJ,oBAAc,CAAC,UAAD,CADV;AAEJ,qBAAe;AAFX,KAK4D;;AAIhE,QAAM;AAAEC,MAAAA,QAAF;AAAYC,MAAAA;AAAZ,QAA+B,KAAKF,MAA1C;;AACA,QAAIC,QAAQ,IAAI,CAACC,cAAc,CAACC,IAAf,CAAoBC,aAAa,IAAIA,aAAa,CAACC,IAAd,KAAuB,UAA5D,CAAjB,EAA0F;AACxF,WAAKL,MAAL,mCACK,KAAKA,MADV;AAEEE,QAAAA,cAAc,EAAE,CAAC;AAAEG,UAAAA,IAAI,EAAE;AAAR,SAAD,EAAuB,GAAGH,cAA1B;AAFlB;AAID;AACF;;AAEDI,EAAAA,YAAY,GAAG;AACb,QAAM;AAAEC,MAAAA;AAAF,QAAiB,KAAKC,OAAL,EAAvB;AACA,WAAO,CAAC,CAACD,UAAT;AACD;;AAEDE,EAAAA,cAAc,GAAG;AACf,WAAO;AAAEC,MAAAA,QAAQ,EAAE,KAAKV,MAAL,CAAYC;AAAxB,KAAP;AACD;;AAEDU,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AACzB,2CACKA,KAAK,CAACC,IAAN,CAAWC,KAAX,CAAiB,CAAjB,CADL;AAEEC,MAAAA,IAAI,EAAE,UAFR;AAGEC,MAAAA,QAAQ,EAAEJ,KAAK,CAACI;AAHlB;AAKD;;AAEDC,EAAAA,qBAAqB,GAAG;AACtB;AACA;AACA,QAAI,KAAKlB,WAAL,CAAiBe,KAAjB,CAAuBX,IAAvB,CAA4B;AAAA,UAAC;AAAEY,QAAAA;AAAF,OAAD;AAAA,aAAcA,IAAI,KAAK,aAAvB;AAAA,KAA5B,CAAJ,EAAuE;AAAA;;AACrE,UAAMb,cAAc,4BAAI,KAAKF,MAAL,CAAYE,cAAhB,0DAAG,sBACnBgB,MADmB,CACZd,aAAa,IAAIA,aAAa,CAACe,GAAd,KAAsBvB,gBAAgB,CAACwB,aAD5C,CAAvB;AAEA,6CAAY,KAAKpB,MAAjB;AAAyBE,QAAAA;AAAzB;AACD;;AAED,WAAO,MAAMe,qBAAN,EAAP;AACD;;AAlDsC;;gBAA5BpB,Q,qBACc,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { Authenticator, AuthenticatorKey } from '../types';\nimport { IdxRemediation } from '../types/idx-js';\n\nexport interface IdentifyValues extends RemediationValues {\n username?: string;\n password?: string;\n}\n\nexport class Identify extends Remediator {\n static remediationName = 'identify';\n\n values: IdentifyValues;\n\n map = {\n 'identifier': ['username'],\n 'credentials': []\n };\n\n constructor(remediation: IdxRemediation, values?: IdentifyValues) {\n super(remediation, values);\n\n // add password authenticator to authenticators list if password is provided\n const { password, authenticators } = this.values;\n if (password && !authenticators.some(authenticator => authenticator.type === 'password')) {\n this.values = {\n ...this.values,\n authenticators: [{ type: 'password' }, ...authenticators] as Authenticator[]\n };\n }\n }\n\n canRemediate() {\n const { identifier } = this.getData();\n return !!identifier;\n }\n\n mapCredentials() {\n return { passcode: this.values.password };\n }\n\n getInputCredentials(input) {\n return {\n ...input.form.value[0],\n name: 'password',\n required: input.required\n };\n }\n\n getValuesAfterProceed() {\n // Handle username + password scenario\n // remove \"password\" from authenticator array when remediation is finished\n if (this.remediation.value.some(({ name }) => name === 'credentials')) {\n const authenticators = (this.values.authenticators as Authenticator[])\n ?.filter(authenticator => authenticator.key !== AuthenticatorKey.OKTA_PASSWORD);\n return { ...this.values, authenticators };\n }\n\n return super.getValuesAfterProceed();\n }\n}\n"],"file":"Identify.js"}
1
+ {"version":3,"sources":["../../../../lib/idx/remediators/Identify.ts"],"names":["Remediator","AuthenticatorKey","Identify","constructor","remediation","values","password","authenticators","some","authenticator","type","key","OKTA_PASSWORD","canRemediate","identifier","getData","mapCredentials","passcode","getInputCredentials","input","form","value","name","required","getValuesAfterProceed","filter"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,UAAT,QAA8C,mBAA9C;AACA,SAAwBC,gBAAxB,QAAgD,UAAhD;AAQA,OAAO,MAAMC,QAAN,SAAuBF,UAAvB,CAAkC;AAUvCG,EAAAA,WAAW,CAACC,WAAD,EAA8BC,MAA9B,EAAuD;AAChE,UAAMD,WAAN,EAAmBC,MAAnB,EADgE,CAGhE;;AAHgE,iCAL5D;AACJ,oBAAc,CAAC,UAAD,CADV;AAEJ,qBAAe;AAFX,KAK4D;;AAIhE,QAAM;AAAEC,MAAAA,QAAF;AAAYC,MAAAA;AAAZ,QAA+B,KAAKF,MAA1C;;AACA,QAAIC,QAAQ,IAAI,CAACC,cAAc,CAACC,IAAf,CAAoBC,aAAa,IAAIA,aAAa,CAACC,IAAd,KAAuB,UAA5D,CAAjB,EAA0F;AACxF,WAAKL,MAAL,mCACK,KAAKA,MADV;AAEEE,QAAAA,cAAc,EAAE,CACd;AACEG,UAAAA,IAAI,EAAE,UADR;AAEEC,UAAAA,GAAG,EAAEV,gBAAgB,CAACW;AAFxB,SADc,EAKd,GAAGL,cALW;AAFlB;AAUD;AACF;;AAEDM,EAAAA,YAAY,GAAG;AACb,QAAM;AAAEC,MAAAA;AAAF,QAAiB,KAAKC,OAAL,EAAvB;AACA,WAAO,CAAC,CAACD,UAAT;AACD;;AAEDE,EAAAA,cAAc,GAAG;AACf,WAAO;AAAEC,MAAAA,QAAQ,EAAE,KAAKZ,MAAL,CAAYC;AAAxB,KAAP;AACD;;AAEDY,EAAAA,mBAAmB,CAACC,KAAD,EAAQ;AACzB,2CACKA,KAAK,CAACC,IAAN,CAAWC,KAAX,CAAiB,CAAjB,CADL;AAEEC,MAAAA,IAAI,EAAE,UAFR;AAGEC,MAAAA,QAAQ,EAAEJ,KAAK,CAACI;AAHlB;AAKD;;AAEDC,EAAAA,qBAAqB,GAAG;AACtB;AACA;AACA,QAAI,KAAKpB,WAAL,CAAiBiB,KAAjB,CAAuBb,IAAvB,CAA4B;AAAA,UAAC;AAAEc,QAAAA;AAAF,OAAD;AAAA,aAAcA,IAAI,KAAK,aAAvB;AAAA,KAA5B,CAAJ,EAAuE;AAAA;;AACrE,UAAMf,cAAc,4BAAI,KAAKF,MAAL,CAAYE,cAAhB,0DAAG,sBACnBkB,MADmB,CACZhB,aAAa,IAAIA,aAAa,CAACE,GAAd,KAAsBV,gBAAgB,CAACW,aAD5C,CAAvB;AAEA,6CAAY,KAAKP,MAAjB;AAAyBE,QAAAA;AAAzB;AACD;;AAED,WAAO,MAAMiB,qBAAN,EAAP;AACD;;AAxDsC;;gBAA5BtB,Q,qBACc,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { Authenticator, AuthenticatorKey } from '../types';\nimport { IdxRemediation } from '../types/idx-js';\n\nexport interface IdentifyValues extends RemediationValues {\n username?: string;\n password?: string;\n}\n\nexport class Identify extends Remediator {\n static remediationName = 'identify';\n\n values: IdentifyValues;\n\n map = {\n 'identifier': ['username'],\n 'credentials': []\n };\n\n constructor(remediation: IdxRemediation, values?: IdentifyValues) {\n super(remediation, values);\n\n // add password authenticator to authenticators list if password is provided\n const { password, authenticators } = this.values;\n if (password && !authenticators.some(authenticator => authenticator.type === 'password')) {\n this.values = {\n ...this.values,\n authenticators: [\n { \n type: 'password',\n key: AuthenticatorKey.OKTA_PASSWORD\n }, \n ...authenticators\n ] as Authenticator[]\n };\n }\n }\n\n canRemediate() {\n const { identifier } = this.getData();\n return !!identifier;\n }\n\n mapCredentials() {\n return { passcode: this.values.password };\n }\n\n getInputCredentials(input) {\n return {\n ...input.form.value[0],\n name: 'password',\n required: input.required\n };\n }\n\n getValuesAfterProceed() {\n // Handle username + password scenario\n // remove \"password\" from authenticator array when remediation is finished\n if (this.remediation.value.some(({ name }) => name === 'credentials')) {\n const authenticators = (this.values.authenticators as Authenticator[])\n ?.filter(authenticator => authenticator.key !== AuthenticatorKey.OKTA_PASSWORD);\n return { ...this.values, authenticators };\n }\n\n return super.getValuesAfterProceed();\n }\n}\n"],"file":"Identify.js"}
package/esm/idx/types/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxMessage","AuthenticationOptions","RegistrationOptions","PasswordRecoveryOptions","CancelOptions","IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,UAAT,QAA2B,UAA3B;AACA,SAASC,qBAAT,QAAsC,iBAAtC;AACA,SAASC,mBAAT,QAAoC,aAApC;AACA,SAASC,uBAAT,QAAwC,oBAAxC;AACA,SAASC,aAAT,QAA8B,WAA9B;AAEA,WAAYC,SAAZ;;WAAYA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,KAAAA,S;;AAQZ,WAAYC,gBAAZ;;WAAYA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,KAAAA,gB;;AAsBZ,WAAYC,UAAZ;;WAAYA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;GAAAA,U,KAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { APIError, Tokens } from '../../types';\nimport { IdxTransactionMeta } from '../../types/Transaction';\nimport { IdxAuthenticator, IdxMessage, IdxOption } from './idx-js';\n\nexport { IdxMessage } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { CancelOptions } from '../cancel';\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n OKTA_VERIFIER = 'okta_verifier',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n}\n\ntype Input = {\n name: string;\n required?: boolean;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n options?: IdxOption[];\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY,\n REGISTRATION,\n SOCIAL_IDP,\n}\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n}\n\nexport type IdxOptions = InteractOptions;\n\nexport type Authenticator = {\n key: string;\n methodType?: string;\n phoneNumber?: string;\n};\n"],"file":"index.js"}
1
+ {"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxMessage","AuthenticationOptions","RegistrationOptions","PasswordRecoveryOptions","CancelOptions","IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,UAAT,QAA2B,UAA3B;AACA,SAASC,qBAAT,QAAsC,iBAAtC;AACA,SAASC,mBAAT,QAAoC,aAApC;AACA,SAASC,uBAAT,QAAwC,oBAAxC;AACA,SAASC,aAAT,QAA8B,WAA9B;AAEA,WAAYC,SAAZ;;WAAYA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,KAAAA,S;;AAQZ,WAAYC,gBAAZ;;WAAYA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,KAAAA,gB;;AAyBZ,WAAYC,UAAZ;;WAAYA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;GAAAA,U,KAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { APIError, Tokens } from '../../types';\nimport { IdxTransactionMeta } from '../../types/Transaction';\nimport { IdxAuthenticator, IdxMessage, IdxOption } from './idx-js';\n\nexport { IdxMessage } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { CancelOptions } from '../cancel';\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n OKTA_VERIFIER = 'okta_verifier',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n}\n\nexport type Input = {\n name: string;\n label?: string;\n value?: string;\n secret?: boolean;\n required?: boolean;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n options?: IdxOption[];\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY,\n REGISTRATION,\n SOCIAL_IDP,\n}\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n}\n\nexport type IdxOptions = InteractOptions;\n\nexport type Authenticator = {\n key: string;\n methodType?: string;\n phoneNumber?: string;\n};\n"],"file":"index.js"}
package/esm/oidc/getToken.js CHANGED
@@ -14,7 +14,7 @@
14
14
  * See the License for the specific language governing permissions and limitations under the License.
15
15
  *
16
16
  */
17
- import { getOAuthUrls, loadFrame, loadPopup } from './util';
17
+ import { getOAuthUrls, loadFrame } from './util';
18
18
  import AuthSdkError from '../errors/AuthSdkError';
19
19
  import { prepareTokenParams } from './util/prepareTokenParams';
20
20
  import { buildAuthorizeParams } from './endpoints/authorize';
@@ -76,7 +76,11 @@ export function getToken(sdk, options) {
76
76
  return Promise.reject(new AuthSdkError('As of version 3.0, "getToken" takes only a single set of options'));
77
77
  }
78
78
 
79
- options = options || {};
79
+ options = options || {}; // window object cannot be serialized, save for later use
80
+ // TODO: move popup related params into a separate options object
81
+
82
+ var popupWindow = options.popupWindow;
83
+ options.popupWindow = undefined;
80
84
  return prepareTokenParams(sdk, options).then(function (tokenParams) {
81
85
  // Start overriding any options that don't make sense
82
86
  var sessionTokenOverrides = {
@@ -135,17 +139,18 @@ export function getToken(sdk, options) {
135
139
  }
136
140
 
137
141
  oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);
138
- } // Create the window
142
+ } // Redirect for authorization
143
+ // popupWindown can be null when popup is blocked
144
+
139
145
 
146
+ if (popupWindow) {
147
+ popupWindow.location.assign(requestUrl);
148
+ } // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
140
149
 
141
- var windowOptions = {
142
- popupTitle: options.popupTitle
143
- };
144
- var windowEl = loadPopup(requestUrl, windowOptions); // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
145
150
 
146
151
  var popupPromise = new Promise(function (resolve, reject) {
147
152
  var closePoller = setInterval(function () {
148
- if (!windowEl || windowEl.closed) {
153
+ if (!popupWindow || popupWindow.closed) {
149
154
  clearInterval(closePoller);
150
155
  reject(new AuthSdkError('Unable to parse OAuth flow response'));
151
156
  }
@@ -162,8 +167,8 @@ export function getToken(sdk, options) {
162
167
  return popupPromise.then(function (res) {
163
168
  return handleOAuthResponse(sdk, tokenParams, res, urls);
164
169
  }).finally(function () {
165
- if (windowEl && !windowEl.closed) {
166
- windowEl.close();
170
+ if (popupWindow && !popupWindow.closed) {
171
+ popupWindow.close();
167
172
  }
168
173
  });
169
174
 
package/esm/oidc/getToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getOAuthUrls","loadFrame","loadPopup","AuthSdkError","prepareTokenParams","buildAuthorizeParams","addPostMessageListener","handleOAuthResponse","getToken","sdk","options","arguments","length","Promise","reject","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","windowOptions","popupTitle","windowEl","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":"AACA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SACEA,YADF,EAEEC,SAFF,EAGEC,SAHF,QAIO,QAJP;AAMA,OAAOC,YAAP,MAAyB,wBAAzB;AAOA,SAASC,kBAAT,QAAmC,2BAAnC;AACA,SAASC,oBAAT,QAAqC,uBAArC;AACA,SAASC,sBAAT,QAAuC,QAAvC;AACA,SAASC,mBAAT,QAAoC,uBAApC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA,OAAO,SAASC,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAuD;AAC5D,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AAEA,SAAON,kBAAkB,CAACK,GAAD,EAAMC,OAAN,CAAlB,CACJK,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIV,OAAO,CAACY,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIP,OAAO,CAACe,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG5B,YAAY,CAACS,GAAD,EAAMO,WAAN,CAAnB;AACAW,IAAAA,QAAQ,GAAGjB,OAAO,CAACmB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAGtB,oBAAoB,CAACW,WAAD,CAA5C,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG3B,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAACwB,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAA1C;AACA,YAAIC,QAAQ,GAAGnC,SAAS,CAACyB,UAAD,CAAxB;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO9B,mBAAmB,CAACE,GAAD,EAAMO,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACV,GAAG,CAACoC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAI3C,YAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACDyC,UAAAA,YAAY,GAAGtC,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAACwB,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAArC;AACD,SAVH,CAYE;;;AACA,YAAIY,aAAa,GAAG;AAClBC,UAAAA,UAAU,EAAEtC,OAAO,CAACsC;AADF,SAApB;AAGA,YAAIC,QAAQ,GAAG/C,SAAS,CAACwB,UAAD,EAAaqB,aAAb,CAAxB,CAhBF,CAkBE;;AACA,YAAIG,YAAY,GAAG,IAAIrC,OAAJ,CAAY,UAAUsC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACJ,QAAD,IAAaA,QAAQ,CAACK,MAA1B,EAAkC;AAChCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIX,YAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACAyC,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBkB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACd,GAAD,CAAP;AACD,WAJH,EAKGmB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBnC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO9B,mBAAmB,CAACE,GAAD,EAAMO,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIW,QAAQ,IAAI,CAACA,QAAQ,CAACK,MAA1B,EAAkC;AAChCL,YAAAA,QAAQ,CAACS,KAAT;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAIvD,YAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n loadPopup,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Create the window\n var windowOptions = {\n popupTitle: options.popupTitle\n };\n var windowEl = loadPopup(requestUrl, windowOptions);\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!windowEl || windowEl.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (windowEl && !windowEl.closed) {\n windowEl.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
1
+ {"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getOAuthUrls","loadFrame","AuthSdkError","prepareTokenParams","buildAuthorizeParams","addPostMessageListener","handleOAuthResponse","getToken","sdk","options","arguments","length","Promise","reject","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":"AACA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SACEA,YADF,EAEEC,SAFF,QAGO,QAHP;AAKA,OAAOC,YAAP,MAAyB,wBAAzB;AAQA,SAASC,kBAAT,QAAmC,2BAAnC;AACA,SAASC,oBAAT,QAAqC,uBAArC;AACA,SAASC,sBAAT,QAAuC,QAAvC;AACA,SAASC,mBAAT,QAAoC,uBAApC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA,OAAO,SAASC,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,MAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;AACAL,EAAAA,OAAO,CAACK,WAAR,GAAsBC,SAAtB;AAEA,SAAOZ,kBAAkB,CAACK,GAAD,EAAMC,OAAN,CAAlB,CACJO,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIZ,OAAO,CAACc,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIT,OAAO,CAACiB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG7B,YAAY,CAACQ,GAAD,EAAMS,WAAN,CAAnB;AACAW,IAAAA,QAAQ,GAAGnB,OAAO,CAACqB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAGxB,oBAAoB,CAACa,WAAD,CAA5C,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG7B,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAAC0B,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAA1C;AACA,YAAIC,QAAQ,GAAGpC,SAAS,CAAC0B,UAAD,CAAxB;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAOhC,mBAAmB,CAACE,GAAD,EAAMS,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACZ,GAAG,CAACsC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAI7C,YAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD2C,UAAAA,YAAY,GAAGxC,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAAC0B,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAArC;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAIrC,OAAJ,CAAY,UAAUsC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIX,YAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA2C,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAOhC,mBAAmB,CAACE,GAAD,EAAMS,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAIvD,YAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n PopupParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
package/esm/oidc/getWithPopup.js CHANGED
@@ -13,15 +13,21 @@
13
13
  import { AuthSdkError } from '../errors';
14
14
  import { clone } from '../util';
15
15
  import { getToken } from './getToken';
16
+ import { loadPopup } from './util';
16
17
  export function getWithPopup(sdk, options) {
17
18
  if (arguments.length > 2) {
18
19
  return Promise.reject(new AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
19
- }
20
+ } // some browsers (safari, firefox) block popup if it's initialed from an async process
21
+ // here we create the popup window immediately after user interaction
22
+ // then redirect to the /authorize endpoint when the requestUrl is available
20
23
 
24
+
25
+ var popupWindow = loadPopup('/', options);
21
26
  options = clone(options) || {};
22
27
  Object.assign(options, {
23
28
  display: 'popup',
24
- responseMode: 'okta_post_message'
29
+ responseMode: 'okta_post_message',
30
+ popupWindow
25
31
  });
26
32
  return getToken(sdk, options);
27
33
  }