@okta/okta-auth-js 5.6.0 → 5.9.1

package/esm/oidc/util/errors.js

@@ -1,31 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * 
- * See the License for the specific language governing permissions and limitations under the License.
- */
-export function isInteractionRequiredError(error) {
-  if (error.name !== 'OAuthError') {
-    return false;
-  }
-
-  var oauthError = error;
-  return oauthError.errorCode === 'interaction_required';
-}
-export function isAuthorizationCodeError(sdk, error) {
-  if (error.name !== 'AuthApiError') {
-    return false;
-  }
-
-  var authApiError = error; // xhr property doesn't seem to match XMLHttpRequest type
-
-  var errorResponse = authApiError.xhr;
-  var responseJSON = errorResponse === null || errorResponse === void 0 ? void 0 : errorResponse.responseJSON;
-  return sdk.options.pkce && (responseJSON === null || responseJSON === void 0 ? void 0 : responseJSON.error) === 'invalid_grant';
-}
-//# sourceMappingURL=errors.js.map

package/esm/oidc/util/errors.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,OAAO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,MAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;AAED,OAAO,SAASC,wBAAT,CAAkCC,GAAlC,EAAiDL,KAAjD,EAA+D;AACpE,MAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;AACjC,WAAO,KAAP;AACD;;AACD,MAAMK,YAAY,GAAGN,KAArB,CAJoE,CAKpE;;AACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;AACA,MAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;AACA,SAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuth } from '../../types';\nimport { OAuthError, AuthApiError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n  if (error.name !== 'OAuthError') {\n    return false;\n  }\n  const oauthError = error as OAuthError;\n  return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuth, error: Error) {\n  if (error.name !== 'AuthApiError') {\n    return false;\n  }\n  const authApiError = error as AuthApiError;\n  // xhr property doesn't seem to match XMLHttpRequest type\n  const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n  const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n  return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n"],"file":"errors.js"}

package/esm/oidc/util/index.js

@@ -1,25 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-export * from './browser';
-export * from './defaultTokenParams';
-export * from './errors';
-export * from './loginRedirect';
-export * from './oauth';
-import pkce from './pkce';
-export { pkce };
-export * from './prepareTokenParams';
-export * from './refreshToken';
-export * from './urlParams';
-export * from './validateClaims';
-export * from './validateToken';
-//# sourceMappingURL=index.js.map

package/esm/oidc/util/index.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":["pkce"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,cAAc,WAAd;AACA,cAAc,sBAAd;AACA,cAAc,UAAd;AACA,cAAc,iBAAd;AACA,cAAc,SAAd;AACA,OAAOA,IAAP,MAAiB,QAAjB;AACA,SAASA,IAAT;AACA,cAAc,sBAAd;AACA,cAAc,gBAAd;AACA,cAAc,aAAd;AACA,cAAc,kBAAd;AACA,cAAc,iBAAd","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}

package/esm/oidc/util/loginRedirect.js

@@ -1,84 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* global window */
-
-/* eslint-disable complexity, max-statements */
-export function hasTokensInHash(hash) {
-  return /((id|access)_token=)/i.test(hash);
-} // authorization_code
-
-export function hasAuthorizationCode(hashOrSearch) {
-  return /(code=)/i.test(hashOrSearch);
-} // interaction_code
-
-export function hasInteractionCode(hashOrSearch) {
-  return /(interaction_code=)/i.test(hashOrSearch);
-}
-export function hasErrorInUrl(hashOrSearch) {
-  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);
-}
-export function isRedirectUri(uri, sdk) {
-  var authParams = sdk.options;
-  return uri && uri.indexOf(authParams.redirectUri) === 0;
-}
-export function isCodeFlow(options) {
-  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';
-}
-export function getHashOrSearch(options) {
-  var codeFlow = isCodeFlow(options);
-  var useQuery = codeFlow && options.responseMode !== 'fragment';
-  return useQuery ? window.location.search : window.location.hash;
-}
-/**
- * Check if tokens or a code have been passed back into the url, which happens in
- * the OIDC (including social auth IDP) redirect flow.
- */
-
-export function isLoginRedirect(sdk) {
-  // First check, is this a redirect URI?
-  if (!isRedirectUri(window.location.href, sdk)) {
-    return false;
-  } // The location contains either a code, token, or an error + error_description
-
-
-  var codeFlow = isCodeFlow(sdk.options);
-  var hashOrSearch = getHashOrSearch(sdk.options);
-
-  if (hasErrorInUrl(hashOrSearch)) {
-    return true;
-  }
-
-  if (codeFlow) {
-    var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);
-    return hasCode;
-  } // implicit flow, will always be hash fragment
-
-
-  return hasTokensInHash(window.location.hash);
-}
-/**
- * Check if error=interaction_required has been passed back in the url, which happens in
- * the social auth IDP redirect flow.
- */
-
-export function isInteractionRequired(sdk) {
-  // First check, is this a redirect URI?
-  if (!isLoginRedirect(sdk)) {
-    return false;
-  }
-
-  var hashOrSearch = getHashOrSearch(sdk.options);
-  return /(error=interaction_required)/i.test(hashOrSearch);
-}
-//# sourceMappingURL=loginRedirect.js.map

package/esm/oidc/util/loginRedirect.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","indexOf","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGA,OAAO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;AACA,OAAO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;AACA,OAAO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;AAED,OAAO,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;AAED,OAAO,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA4D;AACjE,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;AACA,SAAOH,GAAG,IAAIA,GAAG,CAACI,OAAJ,CAAYF,UAAU,CAACG,WAAvB,MAAwC,CAAtD;AACD;AAED,OAAO,SAASC,UAAT,CAAoBH,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACI,IAAR,IAAgBJ,OAAO,CAACK,YAAR,KAAyB,MAAzC,IAAmDL,OAAO,CAACM,YAAR,KAAyB,OAAnF;AACD;AAED,OAAO,SAASC,eAAT,CAAyBP,OAAzB,EAAmD;AACxD,MAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAD,CAAzB;AACA,MAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBrB,IAA3D;AACD;AAED;AACA;AACA;AACA;;AACA,OAAO,SAASuB,eAAT,CAA0Bf,GAA1B,EAAyC;AAC9C;AACA,MAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBhB,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJ6C,CAM9C;;;AACA,MAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIe,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOsB,OAAP;AACD,GAjB6C,CAmB9C;;;AACA,SAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAP,CAAgBrB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;AACA,OAAO,SAAS0B,qBAAT,CAAgClB,GAAhC,EAA+C;AAClD;AACA,MAAI,CAACe,eAAe,CAACf,GAAD,CAApB,EAA0B;AACxB,WAAO,KAAP;AACD;;AAEH,MAAIL,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;AACA,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuth, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuth): boolean {\n  var authParams = sdk.options;\n  return uri && uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuth) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuth) {\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n  var hashOrSearch = getHashOrSearch(sdk.options);\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}

package/esm/oidc/util/oauth.js

@@ -1,70 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* eslint-disable complexity, max-statements */
-import { genRandomString, removeTrailingSlash } from '../../util';
-import AuthSdkError from '../../errors/AuthSdkError';
-export function generateState() {
-  return genRandomString(64);
-}
-export function generateNonce() {
-  return genRandomString(64);
-}
-
-function getIssuer(sdk) {
-  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  var issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;
-  return issuer;
-}
-
-export function getOAuthBaseUrl(sdk) {
-  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  var issuer = getIssuer(sdk, options);
-  var baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';
-  return baseUrl;
-}
-export function getOAuthDomain(sdk) {
-  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  var issuer = getIssuer(sdk, options);
-  var domain = issuer.split('/oauth2')[0];
-  return domain;
-}
-export function getOAuthUrls(sdk, options) {
-  if (arguments.length > 2) {
-    throw new AuthSdkError('As of version 3.0, "getOAuthUrls" takes only a single set of options');
-  }
-
-  options = options || {}; // Get user-supplied arguments
-
-  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;
-  var issuer = getIssuer(sdk, options);
-  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;
-  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;
-  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;
-  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;
-  var baseUrl = getOAuthBaseUrl(sdk, options);
-  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';
-  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';
-  tokenUrl = tokenUrl || baseUrl + '/v1/token';
-  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';
-  logoutUrl = logoutUrl || baseUrl + '/v1/logout';
-  return {
-    issuer: issuer,
-    authorizeUrl: authorizeUrl,
-    userinfoUrl: userinfoUrl,
-    tokenUrl: tokenUrl,
-    revokeUrl: revokeUrl,
-    logoutUrl: logoutUrl
-  };
-}
-//# sourceMappingURL=oauth.js.map

package/esm/oidc/util/oauth.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["genRandomString","removeTrailingSlash","AuthSdkError","generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","indexOf","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AACA,SAASA,eAAT,EAA0BC,mBAA1B,QAAqD,YAArD;AACA,OAAOC,YAAP,MAAyB,2BAAzB;AAGA,OAAO,SAASC,aAAT,GAAyB;AAC9B,SAAOH,eAAe,CAAC,EAAD,CAAtB;AACD;AAED,OAAO,SAASI,aAAT,GAAyB;AAC9B,SAAOJ,eAAe,CAAC,EAAD,CAAtB;AACD;;AAED,SAASK,SAAT,CAAmBC,GAAnB,EAA4D;AAAA,MAA1BC,OAA0B,uEAAJ,EAAI;AAC1D,MAAMC,MAAM,GAAGP,mBAAmB,CAACM,OAAO,CAACC,MAAT,CAAnB,IAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAED,OAAO,SAASC,eAAT,CAAyBH,GAAzB,EAAkE;AAAA,MAA1BC,OAA0B,uEAAJ,EAAI;AACvE,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,MAAMG,OAAO,GAAGF,MAAM,CAACG,OAAP,CAAe,SAAf,IAA4B,CAA5B,GAAgCH,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;AAED,OAAO,SAASE,cAAT,CAAwBN,GAAxB,EAAiE;AAAA,MAA1BC,OAA0B,uEAAJ,EAAI;AACtE,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,MAAMM,MAAM,GAAGL,MAAM,CAACM,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;AAED,OAAO,SAASE,YAAT,CAAsBT,GAAtB,EAAqCC,OAArC,EAA2D;AAChE,MAAIS,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,UAAM,IAAIf,YAAJ,CAAiB,sEAAjB,CAAN;AACD;;AACDK,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJgE,CAMhE;;AACA,MAAIW,YAAY,GAAGjB,mBAAmB,CAACM,OAAO,CAACW,YAAT,CAAnB,IAA6CZ,GAAG,CAACC,OAAJ,CAAYW,YAA5E;AACA,MAAIV,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;AACA,MAAIY,WAAW,GAAGlB,mBAAmB,CAACM,OAAO,CAACY,WAAT,CAAnB,IAA4Cb,GAAG,CAACC,OAAJ,CAAYY,WAA1E;AACA,MAAIC,QAAQ,GAAGnB,mBAAmB,CAACM,OAAO,CAACa,QAAT,CAAnB,IAAyCd,GAAG,CAACC,OAAJ,CAAYa,QAApE;AACA,MAAIC,SAAS,GAAGpB,mBAAmB,CAACM,OAAO,CAACc,SAAT,CAAnB,IAA0Cf,GAAG,CAACC,OAAJ,CAAYc,SAAtE;AACA,MAAIC,SAAS,GAAGrB,mBAAmB,CAACM,OAAO,CAACe,SAAT,CAAnB,IAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;AAEA,MAAIZ,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;AAEAW,EAAAA,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;AACAS,EAAAA,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;AACAU,EAAAA,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;AACAY,EAAAA,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;AACAW,EAAAA,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;AAEA,SAAO;AACLF,IAAAA,MAAM,EAAEA,MADH;AAELU,IAAAA,YAAY,EAAEA,YAFT;AAGLC,IAAAA,WAAW,EAAEA,WAHR;AAILC,IAAAA,QAAQ,EAAEA,QAJL;AAKLE,IAAAA,SAAS,EAAEA,SALN;AAMLD,IAAAA,SAAS,EAAEA;AANN,GAAP;AAQD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, CustomUrls } from '../../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuth, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuth, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuth, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuth, options?: CustomUrls) {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"file":"oauth.js"}

package/esm/oidc/util/pkce.js

@@ -1,55 +0,0 @@
-/*!
- * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* eslint-disable complexity, max-statements */
-import { stringToBase64Url } from '../../crypto';
-import { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';
-import { webcrypto } from '../../crypto';
-
-function dec2hex(dec) {
-  return ('0' + dec.toString(16)).substr(-2);
-}
-
-function getRandomString(length) {
-  var a = new Uint8Array(Math.ceil(length / 2));
-  webcrypto.getRandomValues(a);
-  var str = Array.from(a, dec2hex).join('');
-  return str.slice(0, length);
-}
-
-function generateVerifier(prefix) {
-  var verifier = prefix || '';
-
-  if (verifier.length < MIN_VERIFIER_LENGTH) {
-    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);
-  }
-
-  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);
-}
-
-function computeChallenge(str) {
-  var buffer = new TextEncoder().encode(str);
-  return webcrypto.subtle.digest('SHA-256', buffer).then(function (arrayBuffer) {
-    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));
-    var b64u = stringToBase64Url(hash); // url-safe base64 variant
-
-    return b64u;
-  });
-}
-
-export default {
-  DEFAULT_CODE_CHALLENGE_METHOD,
-  generateVerifier,
-  computeChallenge
-};
-//# sourceMappingURL=pkce.js.map

package/esm/oidc/util/pkce.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["stringToBase64Url","MIN_VERIFIER_LENGTH","MAX_VERIFIER_LENGTH","DEFAULT_CODE_CHALLENGE_METHOD","webcrypto","dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","getRandomValues","str","Array","from","join","slice","generateVerifier","prefix","verifier","encodeURIComponent","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AACD,SAASA,iBAAT,QAAkC,cAAlC;AACA,SAASC,mBAAT,EAA8BC,mBAA9B,EAAmDC,6BAAnD,QAAwF,iBAAxF;AACA,SAASC,SAAT,QAA0B,cAA1B;;AAEA,SAASC,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;AACAN,EAAAA,SAAS,CAACW,eAAV,CAA0BJ,CAA1B;AACA,MAAIK,GAAG,GAAGC,KAAK,CAACC,IAAN,CAAWP,CAAX,EAAcN,OAAd,EAAuBc,IAAvB,CAA4B,EAA5B,CAAV;AACA,SAAOH,GAAG,CAACI,KAAJ,CAAU,CAAV,EAAaV,MAAb,CAAP;AACD;;AAED,SAASW,gBAAT,CAA0BC,MAA1B,EAAmD;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,CAACb,MAAT,GAAkBT,mBAAtB,EAA2C;AACzCsB,IAAAA,QAAQ,GAAGA,QAAQ,GAAGd,eAAe,CAACR,mBAAmB,GAAGsB,QAAQ,CAACb,MAAhC,CAArC;AACD;;AACD,SAAOc,kBAAkB,CAACD,QAAD,CAAlB,CAA6BH,KAA7B,CAAmC,CAAnC,EAAsClB,mBAAtC,CAAP;AACD;;AAED,SAASuB,gBAAT,CAA0BT,GAA1B,EAAyD;AACvD,MAAIU,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBZ,GAAzB,CAAb;AACA,SAAOZ,SAAS,CAACyB,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAGrC,iBAAiB,CAACiC,IAAD,CAA5B,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;AAED,eAAe;AACblC,EAAAA,6BADa;AAEbkB,EAAAA,gBAFa;AAGbI,EAAAA;AAHa,CAAf","sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport { webcrypto } from '../../crypto';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"file":"pkce.js"}

package/esm/oidc/util/prepareTokenParams.js

@@ -1,75 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { getWellKnown } from '../endpoints/well-known';
-import { AuthSdkError } from '../../errors';
-import { clone } from '../../util';
-import { getDefaultTokenParams } from './defaultTokenParams';
-import { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';
-import pkce from './pkce'; // Prepares params for a call to /authorize or /token
-
-export function prepareTokenParams(sdk, tokenParams) {
-  // build params using defaults + options
-  var defaults = getDefaultTokenParams(sdk);
-  tokenParams = Object.assign({}, defaults, clone(tokenParams));
-
-  if (tokenParams.pkce === false) {
-    // Implicit flow or authorization_code without PKCE
-    return Promise.resolve(tokenParams);
-  } // PKCE flow
-
-
-  if (!sdk.features.isPKCESupported()) {
-    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';
-
-    if (!sdk.features.isHTTPS()) {
-      // eslint-disable-next-line max-len
-      errorMessage += '\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';
-    }
-
-    if (!sdk.features.hasTextEncoder()) {
-      // eslint-disable-next-line max-len
-      errorMessage += '\n"TextEncoder" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';
-    }
-
-    return Promise.reject(new AuthSdkError(errorMessage));
-  } // set default code challenge method, if none provided
-
-
-  if (!tokenParams.codeChallengeMethod) {
-    tokenParams.codeChallengeMethod = DEFAULT_CODE_CHALLENGE_METHOD;
-  } // responseType is forced
-
-
-  tokenParams.responseType = 'code';
-  return getWellKnown(sdk, null).then(function (res) {
-    var methods = res['code_challenge_methods_supported'] || [];
-
-    if (methods.indexOf(tokenParams.codeChallengeMethod) === -1) {
-      throw new AuthSdkError('Invalid code_challenge_method');
-    }
-  }).then(function () {
-    if (!tokenParams.codeVerifier) {
-      tokenParams.codeVerifier = pkce.generateVerifier();
-    }
-
-    return pkce.computeChallenge(tokenParams.codeVerifier);
-  }).then(function (codeChallenge) {
-    // Clone/copy the params. Set codeChallenge
-    var clonedParams = clone(tokenParams) || {};
-    Object.assign(clonedParams, tokenParams, {
-      codeChallenge: codeChallenge
-    });
-    return clonedParams;
-  });
-}
-//# sourceMappingURL=prepareTokenParams.js.map

package/esm/oidc/util/prepareTokenParams.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"names":["getWellKnown","AuthSdkError","clone","getDefaultTokenParams","DEFAULT_CODE_CHALLENGE_METHOD","pkce","prepareTokenParams","sdk","tokenParams","defaults","Object","assign","Promise","resolve","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","reject","codeChallengeMethod","responseType","then","res","methods","indexOf","codeVerifier","generateVerifier","computeChallenge","codeChallenge","clonedParams"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,yBAA7B;AACA,SAASC,YAAT,QAA6B,cAA7B;AAEA,SAASC,KAAT,QAAsB,YAAtB;AACA,SAASC,qBAAT,QAAsC,sBAAtC;AACA,SAASC,6BAAT,QAA8C,iBAA9C;AACA,OAAOC,IAAP,MAAiB,QAAjB,C,CAEA;;AACA,OAAO,SAASC,kBAAT,CAA4BC,GAA5B,EAA2CC,WAA3C,EAA4F;AACjG;AACA,MAAMC,QAAQ,GAAGN,qBAAqB,CAACI,GAAD,CAAtC;AACAC,EAAAA,WAAW,GAAGE,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,QAAlB,EAA4BP,KAAK,CAACM,WAAD,CAAjC,CAAd;;AAEA,MAAIA,WAAW,CAACH,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOO,OAAO,CAACC,OAAR,CAAgBL,WAAhB,CAAP;AACD,GARgG,CAUjG;;;AACA,MAAI,CAACD,GAAG,CAACO,QAAJ,CAAaC,eAAb,EAAL,EAAqC;AACnC,QAAIC,YAAY,GAAG,qFAAnB;;AACA,QAAI,CAACT,GAAG,CAACO,QAAJ,CAAaG,OAAb,EAAL,EAA6B;AAC3B;AACAD,MAAAA,YAAY,IAAI,kGAAhB;AACD;;AACD,QAAI,CAACT,GAAG,CAACO,QAAJ,CAAaI,cAAb,EAAL,EAAoC;AAClC;AACAF,MAAAA,YAAY,IAAI,wGAAhB;AACD;;AACD,WAAOJ,OAAO,CAACO,MAAR,CAAe,IAAIlB,YAAJ,CAAiBe,YAAjB,CAAf,CAAP;AACD,GAtBgG,CAwBjG;;;AACA,MAAI,CAACR,WAAW,CAACY,mBAAjB,EAAsC;AACpCZ,IAAAA,WAAW,CAACY,mBAAZ,GAAkChB,6BAAlC;AACD,GA3BgG,CA6BjG;;;AACAI,EAAAA,WAAW,CAACa,YAAZ,GAA2B,MAA3B;AAEA,SAAOrB,YAAY,CAACO,GAAD,EAAM,IAAN,CAAZ,CACJe,IADI,CACC,UAAUC,GAAV,EAAe;AACnB,QAAIC,OAAO,GAAGD,GAAG,CAAC,kCAAD,CAAH,IAA2C,EAAzD;;AACA,QAAIC,OAAO,CAACC,OAAR,CAAgBjB,WAAW,CAACY,mBAA5B,MAAqD,CAAC,CAA1D,EAA6D;AAC3D,YAAM,IAAInB,YAAJ,CAAiB,+BAAjB,CAAN;AACD;AACF,GANI,EAOJqB,IAPI,CAOC,YAAY;AAChB,QAAI,CAACd,WAAW,CAACkB,YAAjB,EAA+B;AAC7BlB,MAAAA,WAAW,CAACkB,YAAZ,GAA2BrB,IAAI,CAACsB,gBAAL,EAA3B;AACD;;AACD,WAAOtB,IAAI,CAACuB,gBAAL,CAAsBpB,WAAW,CAACkB,YAAlC,CAAP;AACD,GAZI,EAaJJ,IAbI,CAaC,UAAUO,aAAV,EAAyB;AAC7B;AACA,QAAIC,YAAY,GAAG5B,KAAK,CAACM,WAAD,CAAL,IAAsB,EAAzC;AACAE,IAAAA,MAAM,CAACC,MAAP,CAAcmB,YAAd,EAA4BtB,WAA5B,EAAyC;AACvCqB,MAAAA,aAAa,EAAEA;AADwB,KAAzC;AAGA,WAAOC,YAAP;AACD,GApBI,CAAP;AAqBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth, TokenParams } from '../../types';\nimport { clone } from '../../util';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport pkce from './pkce';\n\n// Prepares params for a call to /authorize or /token\nexport function prepareTokenParams(sdk: OktaAuth, tokenParams?: TokenParams): Promise<TokenParams> {\n  // build params using defaults + options\n  const defaults = getDefaultTokenParams(sdk);\n  tokenParams = Object.assign({}, defaults, clone(tokenParams));\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return Promise.resolve(tokenParams);\n  }\n\n  // PKCE flow\n  if (!sdk.features.isPKCESupported()) {\n    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n    if (!sdk.features.isHTTPS()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n    }\n    if (!sdk.features.hasTextEncoder()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n    }\n    return Promise.reject(new AuthSdkError(errorMessage));\n  }\n\n  // set default code challenge method, if none provided\n  if (!tokenParams.codeChallengeMethod) {\n    tokenParams.codeChallengeMethod = DEFAULT_CODE_CHALLENGE_METHOD;\n  }\n\n  // responseType is forced\n  tokenParams.responseType = 'code';\n\n  return getWellKnown(sdk, null)\n    .then(function (res) {\n      var methods = res['code_challenge_methods_supported'] || [];\n      if (methods.indexOf(tokenParams.codeChallengeMethod) === -1) {\n        throw new AuthSdkError('Invalid code_challenge_method');\n      }\n    })\n    .then(function () {\n      if (!tokenParams.codeVerifier) {\n        tokenParams.codeVerifier = pkce.generateVerifier();\n      }\n      return pkce.computeChallenge(tokenParams.codeVerifier);\n    })\n    .then(function (codeChallenge) {\n      // Clone/copy the params. Set codeChallenge\n      var clonedParams = clone(tokenParams) || {};\n      Object.assign(clonedParams, tokenParams, {\n        codeChallenge: codeChallenge,\n      });\n      return clonedParams;\n    });\n}"],"file":"prepareTokenParams.js"}

package/esm/oidc/util/refreshToken.js

@@ -1,24 +0,0 @@
-import { isAuthApiError } from '../../errors';
-export function isSameRefreshToken(a, b) {
-  return a.refreshToken === b.refreshToken;
-}
-export function isRefreshTokenError(err) {
-  if (!isAuthApiError(err)) {
-    return false;
-  }
-
-  if (!err.xhr || !err.xhr.responseJSON) {
-    return false;
-  }
-
-  var {
-    responseJSON
-  } = err.xhr;
-
-  if (responseJSON.error === 'invalid_grant') {
-    return true;
-  }
-
-  return false;
-}
-//# sourceMappingURL=refreshToken.js.map

package/esm/oidc/util/refreshToken.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/refreshToken.ts"],"names":["isAuthApiError","isSameRefreshToken","a","b","refreshToken","isRefreshTokenError","err","xhr","responseJSON","error"],"mappings":"AACA,SAASA,cAAT,QAA+B,cAA/B;AAEA,OAAO,SAASC,kBAAT,CAA4BC,CAA5B,EAA6CC,CAA7C,EAA8D;AACnE,SAAQD,CAAC,CAACE,YAAF,KAAmBD,CAAC,CAACC,YAA7B;AACD;AAED,OAAO,SAASC,mBAAT,CAA6BC,GAA7B,EAAyC;AAC9C,MAAI,CAACN,cAAc,CAACM,GAAD,CAAnB,EAA0B;AACxB,WAAO,KAAP;AACD;;AAED,MAAI,CAACA,GAAG,CAACC,GAAL,IAAY,CAACD,GAAG,CAACC,GAAJ,CAAQC,YAAzB,EAAuC;AACrC,WAAO,KAAP;AACD;;AAED,MAAM;AAAEA,IAAAA;AAAF,MAAmBF,GAAG,CAACC,GAA7B;;AACA,MAAIC,YAAY,CAACC,KAAb,KAAuB,eAA3B,EAA4C;AAC1C,WAAO,IAAP;AACD;;AAED,SAAO,KAAP;AACD","sourcesContent":["import { RefreshToken } from '../../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n  return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n  if (!isAuthApiError(err)) {\n    return false;\n  }\n\n  if (!err.xhr || !err.xhr.responseJSON) {\n    return false;\n  }\n\n  const { responseJSON } = err.xhr;\n  if (responseJSON.error === 'invalid_grant') {\n    return true;\n  }\n\n  return false;\n}"],"file":"refreshToken.js"}

package/esm/oidc/util/urlParams.js

@@ -1,54 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* eslint-disable complexity, max-statements */
-export function urlParamsToObject(hashOrSearch) {
-  // Predefine regexs for parsing hash
-  var plus2space = /\+/g;
-  var paramSplit = /([^&=]+)=?([^&]*)/g;
-  var fragment = hashOrSearch; // Some hash based routers will automatically add a / character after the hash
-
-  if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {
-    fragment = fragment.substring(2);
-  } // Remove the leading # or ?
-
-
-  if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {
-    fragment = fragment.substring(1);
-  }
-
-  var obj = {}; // Loop until we have no more params
-
-  var param;
-
-  while (true) {
-    // eslint-disable-line no-constant-condition
-    param = paramSplit.exec(fragment);
-
-    if (!param) {
-      break;
-    }
-
-    var key = param[1];
-    var value = param[2]; // id_token should remain base64url encoded
-
-    if (key === 'id_token' || key === 'access_token' || key === 'code') {
-      obj[key] = value;
-    } else {
-      obj[key] = decodeURIComponent(value.replace(plus2space, ' '));
-    }
-  }
-
-  return obj;
-}
-//# sourceMappingURL=urlParams.js.map

package/esm/oidc/util/urlParams.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/urlParams.ts"],"names":["urlParamsToObject","hashOrSearch","plus2space","paramSplit","fragment","charAt","substring","obj","param","exec","key","value","decodeURIComponent","replace"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAO,SAASA,iBAAT,CAA2BC,YAA3B,EAAiD;AACtD;AACA,MAAIC,UAAU,GAAG,KAAjB;AACA,MAAIC,UAAU,GAAG,oBAAjB;AACA,MAAIC,QAAQ,GAAGH,YAAf,CAJsD,CAMtD;;AACA,MAAIG,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD,GATqD,CAWtD;;;AACA,MAAIF,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD;;AAGD,MAAIC,GAAG,GAAG,EAAV,CAjBsD,CAmBtD;;AACA,MAAIC,KAAJ;;AACA,SAAO,IAAP,EAAa;AAAE;AACbA,IAAAA,KAAK,GAAGL,UAAU,CAACM,IAAX,CAAgBL,QAAhB,CAAR;;AACA,QAAI,CAACI,KAAL,EAAY;AAAE;AAAQ;;AAEtB,QAAIE,GAAG,GAAGF,KAAK,CAAC,CAAD,CAAf;AACA,QAAIG,KAAK,GAAGH,KAAK,CAAC,CAAD,CAAjB,CALW,CAOX;;AACA,QAAIE,GAAG,KAAK,UAAR,IAAsBA,GAAG,KAAK,cAA9B,IAAgDA,GAAG,KAAK,MAA5D,EAAoE;AAClEH,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWC,KAAX;AACD,KAFD,MAEO;AACLJ,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWE,kBAAkB,CAACD,KAAK,CAACE,OAAN,CAAcX,UAAd,EAA0B,GAA1B,CAAD,CAA7B;AACD;AACF;;AACD,SAAOK,GAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nexport function urlParamsToObject(hashOrSearch: string) {\n  // Predefine regexs for parsing hash\n  var plus2space = /\\+/g;\n  var paramSplit = /([^&=]+)=?([^&]*)/g;\n  var fragment = hashOrSearch;\n\n  // Some hash based routers will automatically add a / character after the hash\n  if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n    fragment = fragment.substring(2);\n  }\n\n  // Remove the leading # or ?\n  if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n    fragment = fragment.substring(1);\n  }\n\n\n  var obj = {};\n\n  // Loop until we have no more params\n  var param;\n  while (true) { // eslint-disable-line no-constant-condition\n    param = paramSplit.exec(fragment);\n    if (!param) { break; }\n\n    var key = param[1];\n    var value = param[2];\n\n    // id_token should remain base64url encoded\n    if (key === 'id_token' || key === 'access_token' || key === 'code') {\n      obj[key] = value;\n    } else {\n      obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n    }\n  }\n  return obj;\n}\n"],"file":"urlParams.js"}

package/esm/oidc/util/validateClaims.js

@@ -1,53 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* eslint-disable complexity, max-statements */
-import AuthSdkError from '../../errors/AuthSdkError';
-export function validateClaims(sdk, claims, validationParams) {
-  var aud = validationParams.clientId;
-  var iss = validationParams.issuer;
-  var nonce = validationParams.nonce;
-
-  if (!claims || !iss || !aud) {
-    throw new AuthSdkError('The jwt, iss, and aud arguments are all required');
-  }
-
-  if (nonce && claims.nonce !== nonce) {
-    throw new AuthSdkError('OAuth flow response nonce doesn\'t match request nonce');
-  }
-
-  var now = Math.floor(Date.now() / 1000);
-
-  if (claims.iss !== iss) {
-    throw new AuthSdkError('The issuer [' + claims.iss + '] ' + 'does not match [' + iss + ']');
-  }
-
-  if (claims.aud !== aud) {
-    throw new AuthSdkError('The audience [' + claims.aud + '] ' + 'does not match [' + aud + ']');
-  }
-
-  if (claims.iat > claims.exp) {
-    throw new AuthSdkError('The JWT expired before it was issued');
-  }
-
-  if (!sdk.options.ignoreLifetime) {
-    if (now - sdk.options.maxClockSkew > claims.exp) {
-      throw new AuthSdkError('The JWT expired and is no longer valid');
-    }
-
-    if (claims.iat > now + sdk.options.maxClockSkew) {
-      throw new AuthSdkError('The JWT was issued in the future');
-    }
-  }
-}
-//# sourceMappingURL=validateClaims.js.map

package/esm/oidc/util/validateClaims.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["AuthSdkError","validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAOA,YAAP,MAAyB,2BAAzB;AAGA,OAAO,SAASC,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIL,YAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAIS,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIT,YAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIU,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIP,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIP,YAAJ,CAAiB,iBAAiBG,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIL,YAAJ,CAAiB,mBAAmBG,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACW,GAAP,GAAaX,MAAM,CAACY,GAAxB,EAA6B;AAC3B,UAAM,IAAIf,YAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACE,GAAG,CAACc,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGR,GAAG,CAACc,OAAJ,CAAYE,YAAnB,GAAmCf,MAAM,CAACY,GAA9C,EAAmD;AACjD,YAAM,IAAIf,YAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIG,MAAM,CAACW,GAAP,GAAcJ,GAAG,GAAGR,GAAG,CAACc,OAAJ,CAAYE,YAApC,EAAmD;AACjD,YAAM,IAAIlB,YAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuth, claims: UserClaims, validationParams: TokenVerifyParams) {\n  var aud = validationParams.clientId;\n  var iss = validationParams.issuer;\n  var nonce = validationParams.nonce;\n\n  if (!claims || !iss || !aud) {\n    throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n  }\n\n  if (nonce && claims.nonce !== nonce) {\n    throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n  }\n\n  var now = Math.floor(Date.now()/1000);\n\n  if (claims.iss !== iss) {\n    throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n      'does not match [' + iss + ']');\n  }\n\n  if (claims.aud !== aud) {\n    throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n      'does not match [' + aud + ']');\n  }\n\n  if (claims.iat > claims.exp) {\n    throw new AuthSdkError('The JWT expired before it was issued');\n  }\n\n  if (!sdk.options.ignoreLifetime) {\n    if ((now - sdk.options.maxClockSkew) > claims.exp) {\n      throw new AuthSdkError('The JWT expired and is no longer valid');\n    }\n\n    if (claims.iat > (now + sdk.options.maxClockSkew)) {\n      throw new AuthSdkError('The JWT was issued in the future');\n    }\n  }\n}\n"],"file":"validateClaims.js"}

package/esm/oidc/util/validateToken.js

@@ -1,21 +0,0 @@
-/* eslint-disable complexity */
-import { AuthSdkError } from '../../errors';
-import { isAccessToken, isIDToken, isRefreshToken } from '../../types';
-export function validateToken(token, type) {
-  if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {
-    throw new AuthSdkError('Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property');
-  }
-
-  if (type === 'accessToken' && !isAccessToken(token)) {
-    throw new AuthSdkError('invalid accessToken');
-  }
-
-  if (type === 'idToken' && !isIDToken(token)) {
-    throw new AuthSdkError('invalid idToken');
-  }
-
-  if (type === 'refreshToken' && !isRefreshToken(token)) {
-    throw new AuthSdkError('invalid refreshToken');
-  }
-}
-//# sourceMappingURL=validateToken.js.map

package/esm/oidc/util/validateToken.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/validateToken.ts"],"names":["AuthSdkError","isAccessToken","isIDToken","isRefreshToken","validateToken","token","type"],"mappings":"AAAA;AAEA,SAASA,YAAT,QAA6B,cAA7B;AACA,SAASC,aAAT,EAAwBC,SAAxB,EAAmCC,cAAnC,QAA2E,aAA3E;AAEA,OAAO,SAASC,aAAT,CAAuBC,KAAvB,EAAqCC,IAArC,EAAuD;AAC5D,MAAI,CAACJ,SAAS,CAACG,KAAD,CAAV,IAAqB,CAACJ,aAAa,CAACI,KAAD,CAAnC,IAA8C,CAACF,cAAc,CAACE,KAAD,CAAjE,EAA0E;AACxE,UAAM,IAAIL,YAAJ,CACJ,+GADI,CAAN;AAGD;;AAED,MAAIM,IAAI,KAAK,aAAT,IAA0B,CAACL,aAAa,CAACI,KAAD,CAA5C,EAAqD;AACnD,UAAM,IAAIL,YAAJ,CAAiB,qBAAjB,CAAN;AACD;;AACD,MAAIM,IAAI,KAAK,SAAT,IAAsB,CAACJ,SAAS,CAACG,KAAD,CAApC,EAA6C;AAC3C,UAAM,IAAIL,YAAJ,CAAiB,iBAAjB,CAAN;AACD;;AAED,MAAIM,IAAI,KAAK,cAAT,IAA2B,CAACH,cAAc,CAACE,KAAD,CAA9C,EAAuD;AACrD,UAAM,IAAIL,YAAJ,CAAiB,sBAAjB,CAAN;AACD;AACF","sourcesContent":["/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n  if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n    throw new AuthSdkError(\n      'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n    );\n  }\n  \n  if (type === 'accessToken' && !isAccessToken(token)) {\n    throw new AuthSdkError('invalid accessToken');\n  } \n  if (type === 'idToken' && !isIDToken(token)) {\n    throw new AuthSdkError('invalid idToken');\n  }\n\n  if (type === 'refreshToken' && !isRefreshToken(token)) {\n    throw new AuthSdkError('invalid refreshToken');\n  }\n}"],"file":"validateToken.js"}