@okta/okta-auth-js 5.7.0 → 5.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/cjs/OktaAuth.js +56 -32
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/StorageManager.js +8 -0
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TransactionManager.js +19 -11
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/constants.js +3 -1
- package/cjs/constants.js.map +1 -1
- package/cjs/idx/interact.js +5 -2
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +24 -7
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/remediate.js +21 -25
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/run.js +28 -6
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/transactionMeta.js +21 -8
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js +5 -0
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +2 -6
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +9 -5
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/urlParams.js +1 -1
- package/cjs/oidc/util/urlParams.js.map +1 -1
- package/cjs/options.js +12 -2
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +2 -1
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/util/emailVerify.js +28 -0
- package/cjs/util/emailVerify.js.map +1 -0
- package/cjs/util/index.js +13 -0
- package/cjs/util/index.js.map +1 -1
- package/dist/okta-auth-js.min.js +2 -74
- package/dist/okta-auth-js.min.js.LICENSE.txt +32 -0
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.polyfill.js +2 -18
- package/dist/okta-auth-js.polyfill.js.LICENSE.txt +18 -0
- package/dist/okta-auth-js.polyfill.js.map +1 -1
- package/dist/okta-auth-js.umd.js +2 -74
- package/dist/okta-auth-js.umd.js.LICENSE.txt +32 -0
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/OktaAuth.js +57 -33
- package/esm/OktaAuth.js.map +1 -1
- package/esm/OktaUserAgent.js +2 -2
- package/esm/StorageManager.js +9 -1
- package/esm/StorageManager.js.map +1 -1
- package/esm/TransactionManager.js +19 -11
- package/esm/TransactionManager.js.map +1 -1
- package/esm/constants.js +1 -0
- package/esm/constants.js.map +1 -1
- package/esm/idx/interact.js +5 -2
- package/esm/idx/interact.js.map +1 -1
- package/esm/idx/introspect.js +22 -6
- package/esm/idx/introspect.js.map +1 -1
- package/esm/idx/remediate.js +22 -22
- package/esm/idx/remediate.js.map +1 -1
- package/esm/idx/run.js +27 -6
- package/esm/idx/run.js.map +1 -1
- package/esm/idx/transactionMeta.js +20 -9
- package/esm/idx/transactionMeta.js.map +1 -1
- package/esm/idx/types/idx-js.js +3 -0
- package/esm/idx/types/idx-js.js.map +1 -1
- package/esm/idx/types/index.js.map +1 -1
- package/esm/oidc/getWithRedirect.js +2 -6
- package/esm/oidc/getWithRedirect.js.map +1 -1
- package/esm/oidc/util/loginRedirect.js +9 -5
- package/esm/oidc/util/loginRedirect.js.map +1 -1
- package/esm/oidc/util/urlParams.js +1 -1
- package/esm/oidc/util/urlParams.js.map +1 -1
- package/esm/options.js +12 -2
- package/esm/options.js.map +1 -1
- package/esm/server/serverStorage.js +2 -1
- package/esm/server/serverStorage.js.map +1 -1
- package/esm/util/emailVerify.js +21 -0
- package/esm/util/emailVerify.js.map +1 -0
- package/esm/util/index.js +1 -0
- package/esm/util/index.js.map +1 -1
- package/lib/OktaAuth.d.ts +6 -3
- package/lib/StorageManager.d.ts +1 -0
- package/lib/TransactionManager.d.ts +4 -1
- package/lib/constants.d.ts +1 -0
- package/lib/crypto/base64.d.ts +2 -2
- package/lib/crypto/oidcHash.d.ts +1 -1
- package/lib/crypto/verifyToken.d.ts +1 -1
- package/lib/idx/introspect.d.ts +2 -1
- package/lib/idx/run.d.ts +1 -0
- package/lib/idx/transactionMeta.d.ts +4 -3
- package/lib/idx/types/idx-js.d.ts +1 -0
- package/lib/idx/types/index.d.ts +2 -1
- package/lib/oidc/util/loginRedirect.d.ts +1 -1
- package/lib/util/emailVerify.d.ts +17 -0
- package/lib/util/index.d.ts +1 -0
- package/package.json +11 -10
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../lib/TransactionManager.ts"],"names":["AuthSdkError","REDIRECT_NONCE_COOKIE_NAME","REDIRECT_OAUTH_PARAMS_NAME","REDIRECT_STATE_COOKIE_NAME","isTransactionMeta","isOAuthTransactionMeta","isRawIdxResponse","warn","clearTransactionFromSharedStorage","loadTransactionFromSharedStorage","pruneSharedStorage","saveTransactionToSharedStorage","TransactionManager","constructor","options","storageManager","legacyWidgetSupport","saveNonceCookie","saveStateCookie","saveParamsCookie","enableSharedStorage","clear","transactionStorage","getTransactionStorage","clearStorage","idxStateStorage","getIdxResponseStorage","state","oauth","clearLegacyOAuthParams","pkce","clearLegacyPKCE","save","meta","storage","obj","getStorage","muteWarning","setStorage","cookieStorage","storageType","responseType","nonce","scopes","clientId","urls","ignoreSignature","oauthParams","setItem","JSON","stringify","exists","load","loadLegacyOAuthParams","Object","assign","pkceMeta","loadLegacyPKCE","storageUtil","testStorageType","getLegacyPKCEStorage","codeVerifier","getLegacyOAuthParamsStorage","saveIdxResponse","idxResponse","loadIdxResponse"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,YAAT,QAA6B,UAA7B;AACA,SAASC,0BAAT,EAAqCC,0BAArC,EAAiEC,0BAAjE,QAAmG,aAAnG;AAEA,SAGEC,iBAHF,EAIEC,sBAJF,QAUO,SAVP;AAWA,SAAyBC,gBAAzB,QAAiD,oBAAjD;AACA,SAASC,IAAT,QAAqB,QAArB;AACA,SACEC,iCADF,EAEEC,gCAFF,EAGEC,kBAHF,EAIEC,8BAJF,QAKO,sBALP;AAMA,eAAe,MAAMC,kBAAN,CAAyB;AAStCC,EAAAA,WAAW,CAACC,OAAD,EAAqC;AAC9C,SAAKC,cAAL,GAAsBD,OAAO,CAACC,cAA9B;AACA,SAAKC,mBAAL,GAA2BF,OAAO,CAACE,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKC,eAAL,GAAuBH,OAAO,CAACG,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,eAAL,GAAuBJ,OAAO,CAACI,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,gBAAL,GAAwBL,OAAO,CAACK,gBAAR,KAA6B,KAA7B,GAAqC,KAArC,GAA6C,IAArE;AACA,SAAKC,mBAAL,GAA2BN,OAAO,CAACM,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKN,OAAL,GAAeA,OAAf;AACD;;AAEDO,EAAAA,KAAK,GAAuC;AAAA,QAAtCP,OAAsC,uEAAJ,EAAI;AAC1C,QAAMQ,kBAAmC,GAAG,KAAKP,cAAL,CAAoBQ,qBAApB,EAA5C;AACAD,IAAAA,kBAAkB,CAACE,YAAnB;AAEA,QAAMC,eAAgC,GAAG,KAAKV,cAAL,CAAoBW,qBAApB,EAAzC;AACAD,IAAAA,eAAe,SAAf,IAAAA,eAAe,WAAf,YAAAA,eAAe,CAAED,YAAjB;;AAEA,QAAI,KAAKJ,mBAAL,IAA4BN,OAAO,CAACa,KAAxC,EAA+C;AAC7CnB,MAAAA,iCAAiC,CAAC,KAAKO,cAAN,EAAsBD,OAAO,CAACa,KAA9B,CAAjC;AACD;;AAED,QAAI,CAAC,KAAKX,mBAAV,EAA+B;AAC7B;AACD,KAbyC,CAe1C;;;AACA,QAAIF,OAAO,CAACc,KAAZ,EAAmB;AACjB,WAAKC,sBAAL;AACD;;AAED,QAAIf,OAAO,CAACgB,IAAZ,EAAkB;AAChB,WAAKC,eAAL;AACD;AACF,GA1CqC,CA4CtC;;;AACAC,EAAAA,IAAI,CAACC,IAAD,EAA8D;AAAA,QAAtCnB,OAAsC,uEAAJ,EAAI;AAChE;AACA;AACA;AAEA,QAAIoB,OAAwB,GAAG,KAAKnB,cAAL,CAAoBQ,qBAApB,EAA/B;AACA,QAAMY,GAAG,GAAGD,OAAO,CAACE,UAAR,EAAZ,CANgE,CAOhE;AACA;AACA;;AACA,QAAIhC,iBAAiB,CAAC+B,GAAD,CAAjB,IAA0B,CAACrB,OAAO,CAACuB,WAAvC,EAAoD;AAClD;AACA9B,MAAAA,IAAI,CAAC,yGAAD,CAAJ;AACD;;AAED2B,IAAAA,OAAO,CAACI,UAAR,CAAmBL,IAAnB;;AAEA,QAAI,CAACnB,OAAO,CAACc,KAAb,EAAoB;AAClB;AACD,KAnB+D,CAqBhE;;;AACA,QAAI,KAAKX,eAAL,IAAwB,KAAKC,eAA7B,IAAgD,KAAKC,gBAAzD,EAA2E;AACzE,UAAMoB,aAA4B,GAAG,KAAKxB,cAAL,CAAoBqB,UAApB,CAA+B;AAAEI,QAAAA,WAAW,EAAE;AAAf,OAA/B,CAArC;;AAEA,UAAI,KAAKrB,gBAAT,EAA2B;AACzB,YAAM;AACJsB,UAAAA,YADI;AAEJd,UAAAA,KAFI;AAGJe,UAAAA,KAHI;AAIJC,UAAAA,MAJI;AAKJC,UAAAA,QALI;AAMJC,UAAAA,IANI;AAOJC,UAAAA;AAPI,YAQFb,IARJ;AASA,YAAMc,WAAW,GAAG;AAClBN,UAAAA,YADkB;AAElBd,UAAAA,KAFkB;AAGlBe,UAAAA,KAHkB;AAIlBC,UAAAA,MAJkB;AAKlBC,UAAAA,QALkB;AAMlBC,UAAAA,IANkB;AAOlBC,UAAAA;AAPkB,SAApB;AASAP,QAAAA,aAAa,CAACS,OAAd,CAAsB9C,0BAAtB,EAAkD+C,IAAI,CAACC,SAAL,CAAeH,WAAf,CAAlD,EAA+E,IAA/E;AACD;;AAED,UAAI,KAAK9B,eAAL,IAAwBgB,IAAI,CAACS,KAAjC,EAAwC;AACtC;AACAH,QAAAA,aAAa,CAACS,OAAd,CAAsB/C,0BAAtB,EAAkDgC,IAAI,CAACS,KAAvD,EAA8D,IAA9D;AACD;;AAED,UAAI,KAAKxB,eAAL,IAAwBe,IAAI,CAACN,KAAjC,EAAwC;AACtC;AACAY,QAAAA,aAAa,CAACS,OAAd,CAAsB7C,0BAAtB,EAAkD8B,IAAI,CAACN,KAAvD,EAA8D,IAA9D;AACD;AACF,KAxD+D,CA0DhE;;;AACA,QAAI,KAAKP,mBAAL,IAA4Ba,IAAI,CAACN,KAArC,EAA4C;AAC1ChB,MAAAA,8BAA8B,CAAC,KAAKI,cAAN,EAAsBkB,IAAI,CAACN,KAA3B,EAAkCM,IAAlC,CAA9B;AACD;AACF;;AAEDkB,EAAAA,MAAM,GAAgD;AAAA,QAA/CrC,OAA+C,uEAAb,EAAa;;AACpD,QAAI;AACF,UAAMmB,IAAqB,GAAG,KAAKmB,IAAL,CAAUtC,OAAV,CAA9B;AACA,aAAO,CAAC,CAACmB,IAAT;AACD,KAHD,CAGE,gBAAM;AACN,aAAO,KAAP;AACD;AACF,GApHqC,CAsHtC;AACA;;;AACAmB,EAAAA,IAAI,GAAwD;AAAA,QAAvDtC,OAAuD,uEAArB,EAAqB;AAE1D,QAAImB,IAAJ,CAF0D,CAI1D;;AACA,QAAI,KAAKb,mBAAL,IAA4BN,OAAO,CAACa,KAAxC,EAA+C;AAC7CjB,MAAAA,kBAAkB,CAAC,KAAKK,cAAN,CAAlB,CAD6C,CACJ;;AACzCkB,MAAAA,IAAI,GAAGxB,gCAAgC,CAAC,KAAKM,cAAN,EAAsBD,OAAO,CAACa,KAA9B,CAAvC;;AACA,UAAIvB,iBAAiB,CAAC6B,IAAD,CAArB,EAA6B;AAC3B,eAAOA,IAAP;AACD;AACF;;AAED,QAAIC,OAAwB,GAAG,KAAKnB,cAAL,CAAoBQ,qBAApB,EAA/B;AACAU,IAAAA,IAAI,GAAGC,OAAO,CAACE,UAAR,EAAP;;AACA,QAAIhC,iBAAiB,CAAC6B,IAAD,CAArB,EAA6B;AAC3B;AACA,aAAOA,IAAP;AACD;;AAED,QAAI,CAAC,KAAKjB,mBAAV,EAA+B;AAC7B,aAAO,IAAP;AACD,KAtByD,CAwB1D;;;AACA,QAAIF,OAAO,CAACc,KAAZ,EAAmB;AACjB,UAAI;AACF,YAAMmB,WAAW,GAAG,KAAKM,qBAAL,EAApB;AACAC,QAAAA,MAAM,CAACC,MAAP,CAActB,IAAd,EAAoBc,WAApB;AACD,OAHD,SAGU;AACR,aAAKlB,sBAAL;AACD;AACF;;AAED,QAAIf,OAAO,CAACgB,IAAZ,EAAkB;AAChB,UAAI;AACF,YAAM0B,QAA6B,GAAG,KAAKC,cAAL,EAAtC;AACAH,QAAAA,MAAM,CAACC,MAAP,CAActB,IAAd,EAAoBuB,QAApB;AACD,OAHD,SAGU;AACR,aAAKzB,eAAL;AACD;AACF;;AAED,QAAI3B,iBAAiB,CAAC6B,IAAD,CAArB,EAA6B;AAC3B,aAAOA,IAAP;AACD;;AACD,WAAO,IAAP;AACD,GAvKqC,CAyKtC;;;AACAF,EAAAA,eAAe,GAAS;AACtB;AACA,QAAIG,OAAJ;;AAEA,QAAI,KAAKnB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnEzB,MAAAA,OAAO,GAAG,KAAKnB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEpB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAN,MAAAA,OAAO,CAACV,YAAR;AACD;;AAED,QAAI,KAAKT,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEzB,MAAAA,OAAO,GAAG,KAAKnB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEpB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAN,MAAAA,OAAO,CAACV,YAAR;AACD;AACF;;AAEDiC,EAAAA,cAAc,GAAwB;AACpC,QAAIvB,OAAJ;AACA,QAAIC,GAAJ,CAFoC,CAIpC;;AACA,QAAI,KAAKpB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnEzB,MAAAA,OAAO,GAAG,KAAKnB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEpB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,GAAG,GAAGD,OAAO,CAACE,UAAR,EAAN;;AACA,UAAID,GAAG,IAAIA,GAAG,CAAC0B,YAAf,EAA6B;AAC3B,eAAO1B,GAAP;AACD;AACF,KAXmC,CAapC;;;AACA,QAAI,KAAKpB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEzB,MAAAA,OAAO,GAAG,KAAKnB,cAAL,CAAoB6C,oBAApB,CAAyC;AAAEpB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,GAAG,GAAGD,OAAO,CAACE,UAAR,EAAN;;AACA,UAAID,GAAG,IAAIA,GAAG,CAAC0B,YAAf,EAA6B;AAC3B,eAAO1B,GAAP;AACD;AACF,KApBmC,CAsBpC;AACA;AACA;;;AACA,UAAM,IAAInC,YAAJ,CAAiB,yJAAjB,EAA4K,IAA5K,CAAN;AACD;;AAED6B,EAAAA,sBAAsB,GAAS;AAC7B;AACA,QAAIK,OAAJ;;AAEA,QAAI,KAAKnB,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEzB,MAAAA,OAAO,GAAG,KAAKnB,cAAL,CAAoB+C,2BAApB,CAAgD;AAAEtB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAN,MAAAA,OAAO,CAACV,YAAR;AACD;;AAED,QAAI,KAAKT,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7DzB,MAAAA,OAAO,GAAG,KAAKnB,cAAL,CAAoB+C,2BAApB,CAAgD;AAAEtB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAN,MAAAA,OAAO,CAACV,YAAR;AACD;AACF;;AAED6B,EAAAA,qBAAqB,GAAyB;AAC5C,QAAInB,OAAJ;AACA,QAAIa,WAAJ,CAF4C,CAI5C;;AACA,QAAI,KAAKhC,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrEzB,MAAAA,OAAO,GAAG,KAAKnB,cAAL,CAAoB+C,2BAApB,CAAgD;AAAEtB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGb,OAAO,CAACE,UAAR,EAAd;AACD;;AACD,QAAI/B,sBAAsB,CAAC0C,WAAD,CAA1B,EAAyC;AACvC,aAAOA,WAAP;AACD,KAX2C,CAa5C;;;AACA,QAAI,KAAKhC,cAAL,CAAoB2C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7DzB,MAAAA,OAAO,GAAG,KAAKnB,cAAL,CAAoB+C,2BAApB,CAAgD;AAAEtB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGb,OAAO,CAACE,UAAR,EAAd;AACD;;AAED,QAAI/B,sBAAsB,CAAC0C,WAAD,CAA1B,EAAyC;AACvC,aAAOA,WAAP;AACD;;AAGD,UAAM,IAAI/C,YAAJ,CAAiB,uDAAjB,CAAN,CAxB4C,CA0B5C;AACA;AACD;;AAED+D,EAAAA,eAAe,CAACC,WAAD,EAAoC;AACjD,QAAM9B,OAAwB,GAAG,KAAKnB,cAAL,CAAoBW,qBAApB,EAAjC;;AACA,QAAI,CAACQ,OAAL,EAAc;AACZ;AACD;;AACDA,IAAAA,OAAO,CAACI,UAAR,CAAmB0B,WAAnB;AACD;;AAEDC,EAAAA,eAAe,GAAmB;AAChC,QAAM/B,OAAwB,GAAG,KAAKnB,cAAL,CAAoBW,qBAApB,EAAjC;;AACA,QAAI,CAACQ,OAAL,EAAc;AACZ,aAAO,IAAP;AACD;;AACD,QAAM8B,WAAW,GAAG9B,OAAO,CAACE,UAAR,EAApB;;AACA,QAAI,CAAC9B,gBAAgB,CAAC0D,WAAD,CAArB,EAAoC;AAClC,aAAO,IAAP;AACD;;AACD,WAAOA,WAAP;AACD;;AApRqC","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME } from './constants';\nimport StorageManager from './StorageManager';\nimport {\n StorageProvider,\n TransactionMeta,\n isTransactionMeta,\n isOAuthTransactionMeta,\n PKCETransactionMeta,\n OAuthTransactionMeta,\n TransactionMetaOptions,\n TransactionManagerOptions,\n CookieStorage\n} from './types';\nimport { RawIdxResponse, isRawIdxResponse } from './idx/types/idx-js';\nimport { warn } from './util';\nimport {\n clearTransactionFromSharedStorage,\n loadTransactionFromSharedStorage,\n pruneSharedStorage,\n saveTransactionToSharedStorage\n} from './util/sharedStorage';\nexport default class TransactionManager {\n options: TransactionManagerOptions;\n storageManager: StorageManager;\n legacyWidgetSupport: boolean;\n saveNonceCookie: boolean;\n saveStateCookie: boolean;\n saveParamsCookie: boolean;\n enableSharedStorage: boolean;\n\n constructor(options: TransactionManagerOptions) {\n this.storageManager = options.storageManager;\n this.legacyWidgetSupport = options.legacyWidgetSupport === false ? false : true;\n this.saveNonceCookie = options.saveNonceCookie === false ? false : true;\n this.saveStateCookie = options.saveStateCookie === false ? false : true;\n this.saveParamsCookie = options.saveParamsCookie === false ? false : true;\n this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n this.options = options;\n }\n\n clear(options: TransactionMetaOptions = {}) {\n const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n transactionStorage.clearStorage();\n\n const idxStateStorage: StorageProvider = this.storageManager.getIdxResponseStorage();\n idxStateStorage?.clearStorage();\n\n if (this.enableSharedStorage && options.state) {\n clearTransactionFromSharedStorage(this.storageManager, options.state);\n }\n \n if (!this.legacyWidgetSupport) {\n return;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n if (options.oauth) {\n this.clearLegacyOAuthParams();\n }\n\n if (options.pkce) {\n this.clearLegacyPKCE();\n }\n }\n\n // eslint-disable-next-line complexity\n save(meta: TransactionMeta, options: TransactionMetaOptions = {}) {\n // There must be only one transaction executing at a time.\n // Before saving, check to see if a transaction is already stored.\n // An existing transaction indicates a concurrency/race/overlap condition\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n const obj = storage.getStorage();\n // oie process may need to update transaction in the middle of process for tracking purpose\n // false alarm might be caused \n // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n if (isTransactionMeta(obj) && !options.muteWarning) {\n // eslint-disable-next-line max-len\n warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n }\n\n storage.setStorage(meta);\n\n if (!options.oauth) {\n return;\n }\n \n // Legacy cookie storage\n if (this.saveNonceCookie || this.saveStateCookie || this.saveParamsCookie) {\n const cookieStorage: CookieStorage = this.storageManager.getStorage({ storageType: 'cookie' }) as CookieStorage;\n\n if (this.saveParamsCookie) {\n const { \n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature\n } = meta;\n const oauthParams = {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature\n };\n cookieStorage.setItem(REDIRECT_OAUTH_PARAMS_NAME, JSON.stringify(oauthParams), null);\n }\n\n if (this.saveNonceCookie && meta.nonce) {\n // Set nonce cookie for servers to validate nonce in id_token\n cookieStorage.setItem(REDIRECT_NONCE_COOKIE_NAME, meta.nonce, null);\n }\n\n if (this.saveStateCookie && meta.state) {\n // Set state cookie for servers to validate state\n cookieStorage.setItem(REDIRECT_STATE_COOKIE_NAME, meta.state, null);\n }\n }\n\n // Shared storage allows continuation of transaction in another tab\n if (this.enableSharedStorage && meta.state) {\n saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n }\n }\n\n exists(options: TransactionMetaOptions = {}): boolean {\n try {\n const meta: TransactionMeta = this.load(options);\n return !!meta;\n } catch {\n return false;\n }\n }\n\n // load transaction meta from storage\n // eslint-disable-next-line complexity,max-statements\n load(options: TransactionMetaOptions = {}): TransactionMeta {\n\n let meta: TransactionMeta;\n\n // If state was passed, try loading transaction data from shared storage\n if (this.enableSharedStorage && options.state) {\n pruneSharedStorage(this.storageManager); // prune before load\n meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n if (isTransactionMeta(meta)) {\n return meta;\n }\n }\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n meta = storage.getStorage();\n if (isTransactionMeta(meta)) {\n // if we have meta in the new location, there is no need to go further\n return meta;\n }\n\n if (!this.legacyWidgetSupport) {\n return null;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n if (options.oauth) {\n try {\n const oauthParams = this.loadLegacyOAuthParams();\n Object.assign(meta, oauthParams);\n } finally {\n this.clearLegacyOAuthParams();\n }\n }\n\n if (options.pkce) {\n try {\n const pkceMeta: PKCETransactionMeta = this.loadLegacyPKCE();\n Object.assign(meta, pkceMeta);\n } finally {\n this.clearLegacyPKCE();\n }\n }\n\n if (isTransactionMeta(meta)) {\n return meta;\n }\n return null;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n clearLegacyPKCE(): void {\n // clear storages\n let storage: StorageProvider;\n\n if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n storage.clearStorage();\n }\n\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n storage.clearStorage();\n }\n }\n\n loadLegacyPKCE(): PKCETransactionMeta {\n let storage: StorageProvider;\n let obj;\n \n // Try reading from localStorage first.\n if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n obj = storage.getStorage();\n if (obj && obj.codeVerifier) {\n return obj;\n }\n }\n\n // If meta is not valid, read from sessionStorage. This is expected for more recent versions of the widget.\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n obj = storage.getStorage();\n if (obj && obj.codeVerifier) {\n return obj;\n }\n }\n\n // If meta is not valid, throw an exception to avoid misleading server-side error\n // The most likely cause of this error is trying to handle a callback twice\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', null);\n }\n\n clearLegacyOAuthParams(): void {\n // clear storages\n let storage: StorageProvider;\n\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n storage.clearStorage();\n }\n\n if (this.storageManager.storageUtil.testStorageType('cookie')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n storage.clearStorage();\n }\n }\n\n loadLegacyOAuthParams(): OAuthTransactionMeta {\n let storage: StorageProvider;\n let oauthParams;\n \n // load first from session storage\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n oauthParams = storage.getStorage();\n }\n if (isOAuthTransactionMeta(oauthParams)) {\n return oauthParams;\n }\n\n // try to load from cookie\n if (this.storageManager.storageUtil.testStorageType('cookie')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n oauthParams = storage.getStorage();\n }\n\n if (isOAuthTransactionMeta(oauthParams)) {\n return oauthParams;\n }\n\n\n throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n\n // Something is there but we don't recognize it\n // throw new AuthSdkError('Unable to parse the ' + REDIRECT_OAUTH_PARAMS_NAME + ' value from storage');\n }\n\n saveIdxResponse(idxResponse: RawIdxResponse): void {\n const storage: StorageProvider = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return;\n }\n storage.setStorage(idxResponse);\n }\n\n loadIdxResponse(): RawIdxResponse {\n const storage: StorageProvider = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return null;\n }\n const idxResponse = storage.getStorage();\n if (!isRawIdxResponse(idxResponse)) {\n return null;\n }\n return idxResponse;\n }\n}"],"file":"TransactionManager.js"}
|
|
1
|
+
{"version":3,"sources":["../../lib/TransactionManager.ts"],"names":["AuthSdkError","REDIRECT_NONCE_COOKIE_NAME","REDIRECT_OAUTH_PARAMS_NAME","REDIRECT_STATE_COOKIE_NAME","isTransactionMeta","isOAuthTransactionMeta","isRawIdxResponse","warn","clearTransactionFromSharedStorage","loadTransactionFromSharedStorage","pruneSharedStorage","saveTransactionToSharedStorage","TransactionManager","constructor","options","storageManager","legacyWidgetSupport","saveNonceCookie","saveStateCookie","saveParamsCookie","enableSharedStorage","clear","transactionStorage","getTransactionStorage","meta","getStorage","clearStorage","idxStateStorage","getIdxResponseStorage","clearSharedStorage","state","oauth","clearLegacyOAuthParams","pkce","clearLegacyPKCE","save","storage","obj","muteWarning","setStorage","cookieStorage","storageType","responseType","nonce","scopes","clientId","urls","ignoreSignature","oauthParams","setItem","JSON","stringify","exists","load","loadLegacyOAuthParams","Object","assign","pkceMeta","loadLegacyPKCE","storageUtil","testStorageType","getLegacyPKCEStorage","codeVerifier","getLegacyOAuthParamsStorage","saveIdxResponse","idxResponse","loadIdxResponse"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,YAAT,QAA6B,UAA7B;AACA,SAASC,0BAAT,EAAqCC,0BAArC,EAAiEC,0BAAjE,QAAmG,aAAnG;AAEA,SAGEC,iBAHF,EAIEC,sBAJF,QAUO,SAVP;AAWA,SAAyBC,gBAAzB,QAAiD,oBAAjD;AACA,SAASC,IAAT,QAAqB,QAArB;AACA,SACEC,iCADF,EAEEC,gCAFF,EAGEC,kBAHF,EAIEC,8BAJF,QAKO,sBALP;AAUA,eAAe,MAAMC,kBAAN,CAAyB;AAStCC,EAAAA,WAAW,CAACC,OAAD,EAAqC;AAC9C,SAAKC,cAAL,GAAsBD,OAAO,CAACC,cAA9B;AACA,SAAKC,mBAAL,GAA2BF,OAAO,CAACE,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKC,eAAL,GAAuBH,OAAO,CAACG,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,eAAL,GAAuBJ,OAAO,CAACI,eAAR,KAA4B,KAA5B,GAAoC,KAApC,GAA4C,IAAnE;AACA,SAAKC,gBAAL,GAAwBL,OAAO,CAACK,gBAAR,KAA6B,KAA7B,GAAqC,KAArC,GAA6C,IAArE;AACA,SAAKC,mBAAL,GAA2BN,OAAO,CAACM,mBAAR,KAAgC,KAAhC,GAAwC,KAAxC,GAAgD,IAA3E;AACA,SAAKN,OAAL,GAAeA,OAAf;AACD,GAjBqC,CAmBtC;;;AACAO,EAAAA,KAAK,GAA4C;AAAA,QAA3CP,OAA2C,uEAAJ,EAAI;AAC/C,QAAMQ,kBAAmC,GAAG,KAAKP,cAAL,CAAoBQ,qBAApB,EAA5C;AACA,QAAMC,IAAI,GAAGF,kBAAkB,CAACG,UAAnB,EAAb,CAF+C,CAI/C;;AACAH,IAAAA,kBAAkB,CAACI,YAAnB,GAL+C,CAO/C;;AACA,QAAMC,eAAgC,GAAG,KAAKZ,cAAL,CAAoBa,qBAApB,EAAzC;AACAD,IAAAA,eAAe,SAAf,IAAAA,eAAe,WAAf,YAAAA,eAAe,CAAED,YAAjB,GAT+C,CAW/C;AACA;;AACA,QAAI,KAAKN,mBAAL,IAA4BN,OAAO,CAACe,kBAAxC,EAA4D;AAC1D,UAAMC,KAAK,GAAGhB,OAAO,CAACgB,KAAR,KAAiBN,IAAjB,aAAiBA,IAAjB,uBAAiBA,IAAI,CAAEM,KAAvB,CAAd;;AACA,UAAIA,KAAJ,EAAW;AACTtB,QAAAA,iCAAiC,CAAC,KAAKO,cAAN,EAAsBe,KAAtB,CAAjC;AACD;AACF;;AAED,QAAI,CAAC,KAAKd,mBAAV,EAA+B;AAC7B;AACD,KAtB8C,CAwB/C;;;AACA,QAAIF,OAAO,CAACiB,KAAZ,EAAmB;AACjB,WAAKC,sBAAL;AACD;;AAED,QAAIlB,OAAO,CAACmB,IAAZ,EAAkB;AAChB,WAAKC,eAAL;AACD;AACF,GApDqC,CAsDtC;;;AACAC,EAAAA,IAAI,CAACX,IAAD,EAA8D;AAAA,QAAtCV,OAAsC,uEAAJ,EAAI;AAChE;AACA;AACA;AAEA,QAAIsB,OAAwB,GAAG,KAAKrB,cAAL,CAAoBQ,qBAApB,EAA/B;AACA,QAAMc,GAAG,GAAGD,OAAO,CAACX,UAAR,EAAZ,CANgE,CAOhE;AACA;AACA;;AACA,QAAIrB,iBAAiB,CAACiC,GAAD,CAAjB,IAA0B,CAACvB,OAAO,CAACwB,WAAvC,EAAoD;AAClD;AACA/B,MAAAA,IAAI,CAAC,yGAAD,CAAJ;AACD;;AAED6B,IAAAA,OAAO,CAACG,UAAR,CAAmBf,IAAnB,EAfgE,CAiBhE;;AACA,QAAI,KAAKJ,mBAAL,IAA4BI,IAAI,CAACM,KAArC,EAA4C;AAC1CnB,MAAAA,8BAA8B,CAAC,KAAKI,cAAN,EAAsBS,IAAI,CAACM,KAA3B,EAAkCN,IAAlC,CAA9B;AACD;;AAED,QAAI,CAACV,OAAO,CAACiB,KAAb,EAAoB;AAClB;AACD,KAxB+D,CA0BhE;;;AACA,QAAI,KAAKd,eAAL,IAAwB,KAAKC,eAA7B,IAAgD,KAAKC,gBAAzD,EAA2E;AACzE,UAAMqB,aAA4B,GAAG,KAAKzB,cAAL,CAAoBU,UAApB,CAA+B;AAAEgB,QAAAA,WAAW,EAAE;AAAf,OAA/B,CAArC;;AAEA,UAAI,KAAKtB,gBAAT,EAA2B;AACzB,YAAM;AACJuB,UAAAA,YADI;AAEJZ,UAAAA,KAFI;AAGJa,UAAAA,KAHI;AAIJC,UAAAA,MAJI;AAKJC,UAAAA,QALI;AAMJC,UAAAA,IANI;AAOJC,UAAAA;AAPI,YAQFvB,IARJ;AASA,YAAMwB,WAAW,GAAG;AAClBN,UAAAA,YADkB;AAElBZ,UAAAA,KAFkB;AAGlBa,UAAAA,KAHkB;AAIlBC,UAAAA,MAJkB;AAKlBC,UAAAA,QALkB;AAMlBC,UAAAA,IANkB;AAOlBC,UAAAA;AAPkB,SAApB;AASAP,QAAAA,aAAa,CAACS,OAAd,CAAsB/C,0BAAtB,EAAkDgD,IAAI,CAACC,SAAL,CAAeH,WAAf,CAAlD,EAA+E,IAA/E;AACD;;AAED,UAAI,KAAK/B,eAAL,IAAwBO,IAAI,CAACmB,KAAjC,EAAwC;AACtC;AACAH,QAAAA,aAAa,CAACS,OAAd,CAAsBhD,0BAAtB,EAAkDuB,IAAI,CAACmB,KAAvD,EAA8D,IAA9D;AACD;;AAED,UAAI,KAAKzB,eAAL,IAAwBM,IAAI,CAACM,KAAjC,EAAwC;AACtC;AACAU,QAAAA,aAAa,CAACS,OAAd,CAAsB9C,0BAAtB,EAAkDqB,IAAI,CAACM,KAAvD,EAA8D,IAA9D;AACD;AACF;AACF;;AAEDsB,EAAAA,MAAM,GAAgD;AAAA,QAA/CtC,OAA+C,uEAAb,EAAa;;AACpD,QAAI;AACF,UAAMU,IAAqB,GAAG,KAAK6B,IAAL,CAAUvC,OAAV,CAA9B;AACA,aAAO,CAAC,CAACU,IAAT;AACD,KAHD,CAGE,gBAAM;AACN,aAAO,KAAP;AACD;AACF,GA9HqC,CAgItC;AACA;;;AACA6B,EAAAA,IAAI,GAAwD;AAAA,QAAvDvC,OAAuD,uEAArB,EAAqB;AAE1D,QAAIU,IAAJ,CAF0D,CAI1D;;AACA,QAAI,KAAKJ,mBAAL,IAA4BN,OAAO,CAACgB,KAAxC,EAA+C;AAC7CpB,MAAAA,kBAAkB,CAAC,KAAKK,cAAN,CAAlB,CAD6C,CACJ;;AACzCS,MAAAA,IAAI,GAAGf,gCAAgC,CAAC,KAAKM,cAAN,EAAsBD,OAAO,CAACgB,KAA9B,CAAvC;;AACA,UAAI1B,iBAAiB,CAACoB,IAAD,CAArB,EAA6B;AAC3B,eAAOA,IAAP;AACD;AACF;;AAED,QAAIY,OAAwB,GAAG,KAAKrB,cAAL,CAAoBQ,qBAApB,EAA/B;AACAC,IAAAA,IAAI,GAAGY,OAAO,CAACX,UAAR,EAAP;;AACA,QAAIrB,iBAAiB,CAACoB,IAAD,CAArB,EAA6B;AAC3B;AACA,aAAOA,IAAP;AACD;;AAED,QAAI,CAAC,KAAKR,mBAAV,EAA+B;AAC7B,aAAO,IAAP;AACD,KAtByD,CAwB1D;;;AACA,QAAIF,OAAO,CAACiB,KAAZ,EAAmB;AACjB,UAAI;AACF,YAAMiB,WAAW,GAAG,KAAKM,qBAAL,EAApB;AACAC,QAAAA,MAAM,CAACC,MAAP,CAAchC,IAAd,EAAoBwB,WAApB;AACD,OAHD,SAGU;AACR,aAAKhB,sBAAL;AACD;AACF;;AAED,QAAIlB,OAAO,CAACmB,IAAZ,EAAkB;AAChB,UAAI;AACF,YAAMwB,QAA6B,GAAG,KAAKC,cAAL,EAAtC;AACAH,QAAAA,MAAM,CAACC,MAAP,CAAchC,IAAd,EAAoBiC,QAApB;AACD,OAHD,SAGU;AACR,aAAKvB,eAAL;AACD;AACF;;AAED,QAAI9B,iBAAiB,CAACoB,IAAD,CAArB,EAA6B;AAC3B,aAAOA,IAAP;AACD;;AACD,WAAO,IAAP;AACD,GAjLqC,CAmLtC;;;AACAU,EAAAA,eAAe,GAAS;AACtB;AACA,QAAIE,OAAJ;;AAEA,QAAI,KAAKrB,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnExB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB8C,oBAApB,CAAyC;AAAEpB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACV,YAAR;AACD;;AAED,QAAI,KAAKX,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrExB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB8C,oBAApB,CAAyC;AAAEpB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAL,MAAAA,OAAO,CAACV,YAAR;AACD;AACF;;AAEDgC,EAAAA,cAAc,GAAwB;AACpC,QAAItB,OAAJ;AACA,QAAIC,GAAJ,CAFoC,CAIpC;;AACA,QAAI,KAAKtB,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,cAAhD,CAAJ,EAAqE;AACnExB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB8C,oBAApB,CAAyC;AAAEpB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACX,UAAR,EAAN;;AACA,UAAIY,GAAG,IAAIA,GAAG,CAACyB,YAAf,EAA6B;AAC3B,eAAOzB,GAAP;AACD;AACF,KAXmC,CAapC;;;AACA,QAAI,KAAKtB,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrExB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoB8C,oBAApB,CAAyC;AAAEpB,QAAAA,WAAW,EAAE;AAAf,OAAzC,CAAV;AACAJ,MAAAA,GAAG,GAAGD,OAAO,CAACX,UAAR,EAAN;;AACA,UAAIY,GAAG,IAAIA,GAAG,CAACyB,YAAf,EAA6B;AAC3B,eAAOzB,GAAP;AACD;AACF,KApBmC,CAsBpC;AACA;AACA;;;AACA,UAAM,IAAIrC,YAAJ,CAAiB,yJAAjB,EAA4K,IAA5K,CAAN;AACD;;AAEDgC,EAAAA,sBAAsB,GAAS;AAC7B;AACA,QAAII,OAAJ;;AAEA,QAAI,KAAKrB,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrExB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBgD,2BAApB,CAAgD;AAAEtB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACV,YAAR;AACD;;AAED,QAAI,KAAKX,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7DxB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBgD,2BAApB,CAAgD;AAAEtB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAL,MAAAA,OAAO,CAACV,YAAR;AACD;AACF;;AAED4B,EAAAA,qBAAqB,GAAyB;AAC5C,QAAIlB,OAAJ;AACA,QAAIY,WAAJ,CAF4C,CAI5C;;AACA,QAAI,KAAKjC,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,gBAAhD,CAAJ,EAAuE;AACrExB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBgD,2BAApB,CAAgD;AAAEtB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGZ,OAAO,CAACX,UAAR,EAAd;AACD;;AACD,QAAIpB,sBAAsB,CAAC2C,WAAD,CAA1B,EAAyC;AACvC,aAAOA,WAAP;AACD,KAX2C,CAa5C;;;AACA,QAAI,KAAKjC,cAAL,CAAoB4C,WAApB,CAAgCC,eAAhC,CAAgD,QAAhD,CAAJ,EAA+D;AAC7DxB,MAAAA,OAAO,GAAG,KAAKrB,cAAL,CAAoBgD,2BAApB,CAAgD;AAAEtB,QAAAA,WAAW,EAAE;AAAf,OAAhD,CAAV;AACAO,MAAAA,WAAW,GAAGZ,OAAO,CAACX,UAAR,EAAd;AACD;;AAED,QAAIpB,sBAAsB,CAAC2C,WAAD,CAA1B,EAAyC;AACvC,aAAOA,WAAP;AACD;;AAGD,UAAM,IAAIhD,YAAJ,CAAiB,uDAAjB,CAAN,CAxB4C,CA0B5C;AACA;AACD;;AAEDgE,EAAAA,eAAe,CAACC,WAAD,EAAoC;AACjD,QAAM7B,OAAwB,GAAG,KAAKrB,cAAL,CAAoBa,qBAApB,EAAjC;;AACA,QAAI,CAACQ,OAAL,EAAc;AACZ;AACD;;AACDA,IAAAA,OAAO,CAACG,UAAR,CAAmB0B,WAAnB;AACD;;AAEDC,EAAAA,eAAe,GAAmB;AAChC,QAAM9B,OAAwB,GAAG,KAAKrB,cAAL,CAAoBa,qBAApB,EAAjC;;AACA,QAAI,CAACQ,OAAL,EAAc;AACZ,aAAO,IAAP;AACD;;AACD,QAAM6B,WAAW,GAAG7B,OAAO,CAACX,UAAR,EAApB;;AACA,QAAI,CAACnB,gBAAgB,CAAC2D,WAAD,CAArB,EAAoC;AAClC,aAAO,IAAP;AACD;;AACD,WAAOA,WAAP;AACD;;AA9RqC","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME } from './constants';\nimport StorageManager from './StorageManager';\nimport {\n StorageProvider,\n TransactionMeta,\n isTransactionMeta,\n isOAuthTransactionMeta,\n PKCETransactionMeta,\n OAuthTransactionMeta,\n TransactionMetaOptions,\n TransactionManagerOptions,\n CookieStorage\n} from './types';\nimport { RawIdxResponse, isRawIdxResponse } from './idx/types/idx-js';\nimport { warn } from './util';\nimport {\n clearTransactionFromSharedStorage,\n loadTransactionFromSharedStorage,\n pruneSharedStorage,\n saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\nexport interface ClearTransactionMetaOptions extends TransactionMetaOptions {\n clearSharedStorage?: boolean;\n}\nexport default class TransactionManager {\n options: TransactionManagerOptions;\n storageManager: StorageManager;\n legacyWidgetSupport: boolean;\n saveNonceCookie: boolean;\n saveStateCookie: boolean;\n saveParamsCookie: boolean;\n enableSharedStorage: boolean;\n\n constructor(options: TransactionManagerOptions) {\n this.storageManager = options.storageManager;\n this.legacyWidgetSupport = options.legacyWidgetSupport === false ? false : true;\n this.saveNonceCookie = options.saveNonceCookie === false ? false : true;\n this.saveStateCookie = options.saveStateCookie === false ? false : true;\n this.saveParamsCookie = options.saveParamsCookie === false ? false : true;\n this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n this.options = options;\n }\n\n // eslint-disable-next-line complexity\n clear(options: ClearTransactionMetaOptions = {}) {\n const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n const meta = transactionStorage.getStorage();\n\n // Clear primary storage (by default, sessionStorage on browser)\n transactionStorage.clearStorage();\n\n // clear IDX response storage\n const idxStateStorage: StorageProvider = this.storageManager.getIdxResponseStorage();\n idxStateStorage?.clearStorage();\n\n // Usually we do NOT want to clear shared storage because another tab may need it to continue/complete a flow\n // It can be cleared after a user succcesfully signs in and receives tokens\n if (this.enableSharedStorage && options.clearSharedStorage) {\n const state = options.state || meta?.state;\n if (state) {\n clearTransactionFromSharedStorage(this.storageManager, state);\n }\n }\n \n if (!this.legacyWidgetSupport) {\n return;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n if (options.oauth) {\n this.clearLegacyOAuthParams();\n }\n\n if (options.pkce) {\n this.clearLegacyPKCE();\n }\n }\n\n // eslint-disable-next-line complexity\n save(meta: TransactionMeta, options: TransactionMetaOptions = {}) {\n // There must be only one transaction executing at a time.\n // Before saving, check to see if a transaction is already stored.\n // An existing transaction indicates a concurrency/race/overlap condition\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n const obj = storage.getStorage();\n // oie process may need to update transaction in the middle of process for tracking purpose\n // false alarm might be caused \n // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n if (isTransactionMeta(obj) && !options.muteWarning) {\n // eslint-disable-next-line max-len\n warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n }\n\n storage.setStorage(meta);\n\n // Shared storage allows continuation of transaction in another tab\n if (this.enableSharedStorage && meta.state) {\n saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n }\n\n if (!options.oauth) {\n return;\n }\n \n // Legacy cookie storage\n if (this.saveNonceCookie || this.saveStateCookie || this.saveParamsCookie) {\n const cookieStorage: CookieStorage = this.storageManager.getStorage({ storageType: 'cookie' }) as CookieStorage;\n\n if (this.saveParamsCookie) {\n const { \n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature\n } = meta;\n const oauthParams = {\n responseType,\n state,\n nonce,\n scopes,\n clientId,\n urls,\n ignoreSignature\n };\n cookieStorage.setItem(REDIRECT_OAUTH_PARAMS_NAME, JSON.stringify(oauthParams), null);\n }\n\n if (this.saveNonceCookie && meta.nonce) {\n // Set nonce cookie for servers to validate nonce in id_token\n cookieStorage.setItem(REDIRECT_NONCE_COOKIE_NAME, meta.nonce, null);\n }\n\n if (this.saveStateCookie && meta.state) {\n // Set state cookie for servers to validate state\n cookieStorage.setItem(REDIRECT_STATE_COOKIE_NAME, meta.state, null);\n }\n }\n }\n\n exists(options: TransactionMetaOptions = {}): boolean {\n try {\n const meta: TransactionMeta = this.load(options);\n return !!meta;\n } catch {\n return false;\n }\n }\n\n // load transaction meta from storage\n // eslint-disable-next-line complexity,max-statements\n load(options: TransactionMetaOptions = {}): TransactionMeta {\n\n let meta: TransactionMeta;\n\n // If state was passed, try loading transaction data from shared storage\n if (this.enableSharedStorage && options.state) {\n pruneSharedStorage(this.storageManager); // prune before load\n meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n if (isTransactionMeta(meta)) {\n return meta;\n }\n }\n\n let storage: StorageProvider = this.storageManager.getTransactionStorage();\n meta = storage.getStorage();\n if (isTransactionMeta(meta)) {\n // if we have meta in the new location, there is no need to go further\n return meta;\n }\n\n if (!this.legacyWidgetSupport) {\n return null;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n if (options.oauth) {\n try {\n const oauthParams = this.loadLegacyOAuthParams();\n Object.assign(meta, oauthParams);\n } finally {\n this.clearLegacyOAuthParams();\n }\n }\n\n if (options.pkce) {\n try {\n const pkceMeta: PKCETransactionMeta = this.loadLegacyPKCE();\n Object.assign(meta, pkceMeta);\n } finally {\n this.clearLegacyPKCE();\n }\n }\n\n if (isTransactionMeta(meta)) {\n return meta;\n }\n return null;\n }\n\n // This is for compatibility with older versions of the signin widget. OKTA-304806\n clearLegacyPKCE(): void {\n // clear storages\n let storage: StorageProvider;\n\n if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n storage.clearStorage();\n }\n\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n storage.clearStorage();\n }\n }\n\n loadLegacyPKCE(): PKCETransactionMeta {\n let storage: StorageProvider;\n let obj;\n \n // Try reading from localStorage first.\n if (this.storageManager.storageUtil.testStorageType('localStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'localStorage' });\n obj = storage.getStorage();\n if (obj && obj.codeVerifier) {\n return obj;\n }\n }\n\n // If meta is not valid, read from sessionStorage. This is expected for more recent versions of the widget.\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyPKCEStorage({ storageType: 'sessionStorage' });\n obj = storage.getStorage();\n if (obj && obj.codeVerifier) {\n return obj;\n }\n }\n\n // If meta is not valid, throw an exception to avoid misleading server-side error\n // The most likely cause of this error is trying to handle a callback twice\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', null);\n }\n\n clearLegacyOAuthParams(): void {\n // clear storages\n let storage: StorageProvider;\n\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n storage.clearStorage();\n }\n\n if (this.storageManager.storageUtil.testStorageType('cookie')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n storage.clearStorage();\n }\n }\n\n loadLegacyOAuthParams(): OAuthTransactionMeta {\n let storage: StorageProvider;\n let oauthParams;\n \n // load first from session storage\n if (this.storageManager.storageUtil.testStorageType('sessionStorage')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'sessionStorage' });\n oauthParams = storage.getStorage();\n }\n if (isOAuthTransactionMeta(oauthParams)) {\n return oauthParams;\n }\n\n // try to load from cookie\n if (this.storageManager.storageUtil.testStorageType('cookie')) {\n storage = this.storageManager.getLegacyOAuthParamsStorage({ storageType: 'cookie' });\n oauthParams = storage.getStorage();\n }\n\n if (isOAuthTransactionMeta(oauthParams)) {\n return oauthParams;\n }\n\n\n throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n\n // Something is there but we don't recognize it\n // throw new AuthSdkError('Unable to parse the ' + REDIRECT_OAUTH_PARAMS_NAME + ' value from storage');\n }\n\n saveIdxResponse(idxResponse: RawIdxResponse): void {\n const storage: StorageProvider = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return;\n }\n storage.setStorage(idxResponse);\n }\n\n loadIdxResponse(): RawIdxResponse {\n const storage: StorageProvider = this.storageManager.getIdxResponseStorage();\n if (!storage) {\n return null;\n }\n const idxResponse = storage.getStorage();\n if (!isRawIdxResponse(idxResponse)) {\n return null;\n }\n return idxResponse;\n }\n}"],"file":"TransactionManager.js"}
|
package/esm/constants.js
CHANGED
|
@@ -21,6 +21,7 @@ export var CACHE_STORAGE_NAME = 'okta-cache-storage';
|
|
|
21
21
|
export var PKCE_STORAGE_NAME = 'okta-pkce-storage';
|
|
22
22
|
export var TRANSACTION_STORAGE_NAME = 'okta-transaction-storage';
|
|
23
23
|
export var SHARED_TRANSACTION_STORAGE_NAME = 'okta-shared-transaction-storage';
|
|
24
|
+
export var ORIGINAL_URI_STORAGE_NAME = 'okta-original-uri-storage';
|
|
24
25
|
export var IDX_RESPONSE_STORAGE_NAME = 'okta-idx-response-storage';
|
|
25
26
|
export var ACCESS_TOKEN_STORAGE_KEY = 'accessToken';
|
|
26
27
|
export var ID_TOKEN_STORAGE_KEY = 'idToken';
|
package/esm/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../lib/constants.ts"],"names":["STATE_TOKEN_KEY_NAME","DEFAULT_POLLING_DELAY","DEFAULT_MAX_CLOCK_SKEW","DEFAULT_CACHE_DURATION","REDIRECT_OAUTH_PARAMS_NAME","REDIRECT_STATE_COOKIE_NAME","REDIRECT_NONCE_COOKIE_NAME","TOKEN_STORAGE_NAME","CACHE_STORAGE_NAME","PKCE_STORAGE_NAME","TRANSACTION_STORAGE_NAME","SHARED_TRANSACTION_STORAGE_NAME","IDX_RESPONSE_STORAGE_NAME","ACCESS_TOKEN_STORAGE_KEY","ID_TOKEN_STORAGE_KEY","REFRESH_TOKEN_STORAGE_KEY","REFERRER_PATH_STORAGE_KEY","MIN_VERIFIER_LENGTH","MAX_VERIFIER_LENGTH","DEFAULT_CODE_CHALLENGE_METHOD","IDX_API_VERSION"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,OAAO,IAAMA,oBAAoB,GAAG,gBAA7B;AACP,OAAO,IAAMC,qBAAqB,GAAG,GAA9B;AACP,OAAO,IAAMC,sBAAsB,GAAG,GAA/B;AACP,OAAO,IAAMC,sBAAsB,GAAG,KAA/B;AACP,OAAO,IAAMC,0BAA0B,GAAG,4BAAnC;AACP,OAAO,IAAMC,0BAA0B,GAAG,kBAAnC;AACP,OAAO,IAAMC,0BAA0B,GAAG,kBAAnC;AACP,OAAO,IAAMC,kBAAkB,GAAG,oBAA3B;AACP,OAAO,IAAMC,kBAAkB,GAAG,oBAA3B;AACP,OAAO,IAAMC,iBAAiB,GAAG,mBAA1B;AACP,OAAO,IAAMC,wBAAwB,GAAG,0BAAjC;AACP,OAAO,IAAMC,+BAA+B,GAAG,iCAAxC;AACP,OAAO,IAAMC,yBAAyB,GAAG,2BAAlC;AACP,OAAO,IAAMC,wBAAwB,GAAG,aAAjC;AACP,OAAO,IAAMC,oBAAoB,GAAI,SAA9B;AACP,OAAO,IAAMC,yBAAyB,GAAI,cAAnC;AACP,OAAO,IAAMC,yBAAyB,GAAG,cAAlC,C,CAEP;AACA;;AACA,OAAO,IAAMC,mBAAmB,GAAG,EAA5B;AACP,OAAO,IAAMC,mBAAmB,GAAG,GAA5B;AACP,OAAO,IAAMC,6BAA6B,GAAG,MAAtC;AAEP,OAAO,IAAMC,eAAe,GAAG,OAAxB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport const STATE_TOKEN_KEY_NAME = 'oktaStateToken';\nexport const DEFAULT_POLLING_DELAY = 500;\nexport const DEFAULT_MAX_CLOCK_SKEW = 300;\nexport const DEFAULT_CACHE_DURATION = 86400;\nexport const REDIRECT_OAUTH_PARAMS_NAME = 'okta-oauth-redirect-params';\nexport const REDIRECT_STATE_COOKIE_NAME = 'okta-oauth-state';\nexport const REDIRECT_NONCE_COOKIE_NAME = 'okta-oauth-nonce';\nexport const TOKEN_STORAGE_NAME = 'okta-token-storage';\nexport const CACHE_STORAGE_NAME = 'okta-cache-storage';\nexport const PKCE_STORAGE_NAME = 'okta-pkce-storage';\nexport const TRANSACTION_STORAGE_NAME = 'okta-transaction-storage';\nexport const SHARED_TRANSACTION_STORAGE_NAME = 'okta-shared-transaction-storage';\nexport const IDX_RESPONSE_STORAGE_NAME = 'okta-idx-response-storage';\nexport const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';\nexport const ID_TOKEN_STORAGE_KEY = 'idToken';\nexport const REFRESH_TOKEN_STORAGE_KEY = 'refreshToken';\nexport const REFERRER_PATH_STORAGE_KEY = 'referrerPath';\n\n// Code verifier: Random URL-safe string with a minimum length of 43 characters.\n// Code challenge: Base64 URL-encoded SHA-256 hash of the code verifier.\nexport const MIN_VERIFIER_LENGTH = 43;\nexport const MAX_VERIFIER_LENGTH = 128;\nexport const DEFAULT_CODE_CHALLENGE_METHOD = 'S256';\n\nexport const IDX_API_VERSION = '1.0.0';"],"file":"constants.js"}
|
|
1
|
+
{"version":3,"sources":["../../lib/constants.ts"],"names":["STATE_TOKEN_KEY_NAME","DEFAULT_POLLING_DELAY","DEFAULT_MAX_CLOCK_SKEW","DEFAULT_CACHE_DURATION","REDIRECT_OAUTH_PARAMS_NAME","REDIRECT_STATE_COOKIE_NAME","REDIRECT_NONCE_COOKIE_NAME","TOKEN_STORAGE_NAME","CACHE_STORAGE_NAME","PKCE_STORAGE_NAME","TRANSACTION_STORAGE_NAME","SHARED_TRANSACTION_STORAGE_NAME","ORIGINAL_URI_STORAGE_NAME","IDX_RESPONSE_STORAGE_NAME","ACCESS_TOKEN_STORAGE_KEY","ID_TOKEN_STORAGE_KEY","REFRESH_TOKEN_STORAGE_KEY","REFERRER_PATH_STORAGE_KEY","MIN_VERIFIER_LENGTH","MAX_VERIFIER_LENGTH","DEFAULT_CODE_CHALLENGE_METHOD","IDX_API_VERSION"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,OAAO,IAAMA,oBAAoB,GAAG,gBAA7B;AACP,OAAO,IAAMC,qBAAqB,GAAG,GAA9B;AACP,OAAO,IAAMC,sBAAsB,GAAG,GAA/B;AACP,OAAO,IAAMC,sBAAsB,GAAG,KAA/B;AACP,OAAO,IAAMC,0BAA0B,GAAG,4BAAnC;AACP,OAAO,IAAMC,0BAA0B,GAAG,kBAAnC;AACP,OAAO,IAAMC,0BAA0B,GAAG,kBAAnC;AACP,OAAO,IAAMC,kBAAkB,GAAG,oBAA3B;AACP,OAAO,IAAMC,kBAAkB,GAAG,oBAA3B;AACP,OAAO,IAAMC,iBAAiB,GAAG,mBAA1B;AACP,OAAO,IAAMC,wBAAwB,GAAG,0BAAjC;AACP,OAAO,IAAMC,+BAA+B,GAAG,iCAAxC;AACP,OAAO,IAAMC,yBAAyB,GAAG,2BAAlC;AACP,OAAO,IAAMC,yBAAyB,GAAG,2BAAlC;AACP,OAAO,IAAMC,wBAAwB,GAAG,aAAjC;AACP,OAAO,IAAMC,oBAAoB,GAAI,SAA9B;AACP,OAAO,IAAMC,yBAAyB,GAAI,cAAnC;AACP,OAAO,IAAMC,yBAAyB,GAAG,cAAlC,C,CAEP;AACA;;AACA,OAAO,IAAMC,mBAAmB,GAAG,EAA5B;AACP,OAAO,IAAMC,mBAAmB,GAAG,GAA5B;AACP,OAAO,IAAMC,6BAA6B,GAAG,MAAtC;AAEP,OAAO,IAAMC,eAAe,GAAG,OAAxB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport const STATE_TOKEN_KEY_NAME = 'oktaStateToken';\nexport const DEFAULT_POLLING_DELAY = 500;\nexport const DEFAULT_MAX_CLOCK_SKEW = 300;\nexport const DEFAULT_CACHE_DURATION = 86400;\nexport const REDIRECT_OAUTH_PARAMS_NAME = 'okta-oauth-redirect-params';\nexport const REDIRECT_STATE_COOKIE_NAME = 'okta-oauth-state';\nexport const REDIRECT_NONCE_COOKIE_NAME = 'okta-oauth-nonce';\nexport const TOKEN_STORAGE_NAME = 'okta-token-storage';\nexport const CACHE_STORAGE_NAME = 'okta-cache-storage';\nexport const PKCE_STORAGE_NAME = 'okta-pkce-storage';\nexport const TRANSACTION_STORAGE_NAME = 'okta-transaction-storage';\nexport const SHARED_TRANSACTION_STORAGE_NAME = 'okta-shared-transaction-storage';\nexport const ORIGINAL_URI_STORAGE_NAME = 'okta-original-uri-storage';\nexport const IDX_RESPONSE_STORAGE_NAME = 'okta-idx-response-storage';\nexport const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';\nexport const ID_TOKEN_STORAGE_KEY = 'idToken';\nexport const REFRESH_TOKEN_STORAGE_KEY = 'refreshToken';\nexport const REFERRER_PATH_STORAGE_KEY = 'referrerPath';\n\n// Code verifier: Random URL-safe string with a minimum length of 43 characters.\n// Code challenge: Base64 URL-encoded SHA-256 hash of the code verifier.\nexport const MIN_VERIFIER_LENGTH = 43;\nexport const MAX_VERIFIER_LENGTH = 128;\nexport const DEFAULT_CODE_CHALLENGE_METHOD = 'S256';\n\nexport const IDX_API_VERSION = '1.0.0';"],"file":"constants.js"}
|
package/esm/idx/interact.js
CHANGED
|
@@ -36,7 +36,10 @@ export function interact(_x) {
|
|
|
36
36
|
function _interact() {
|
|
37
37
|
_interact = _asyncToGenerator(function* (authClient) {
|
|
38
38
|
var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
|
|
39
|
-
var
|
|
39
|
+
var state = options.state || authClient.options.state;
|
|
40
|
+
var meta = yield getTransactionMeta(authClient, {
|
|
41
|
+
state
|
|
42
|
+
}); // Saved transaction, return meta
|
|
40
43
|
|
|
41
44
|
if (meta.interactionHandle) {
|
|
42
45
|
return getResponse(meta);
|
|
@@ -53,7 +56,7 @@ function _interact() {
|
|
|
53
56
|
redirectUri
|
|
54
57
|
} = authClient.options; // These properties can be set in options, but also have a default value in global configuration.
|
|
55
58
|
|
|
56
|
-
|
|
59
|
+
state = state || meta.state;
|
|
57
60
|
var scopes = options.scopes || authClient.options.scopes || meta.scopes;
|
|
58
61
|
var baseUrl = getOAuthBaseUrl(authClient);
|
|
59
62
|
return idx.interact({
|
package/esm/idx/interact.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/interact.ts"],"names":["idx","getTransactionMeta","saveTransactionMeta","getOAuthBaseUrl","getResponse","meta","interactionHandle","state","interact","authClient","options","codeChallenge","codeChallengeMethod","clientId","redirectUri","scopes","baseUrl","then","newMeta"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,OAAOA,GAAP,MAAgB,mBAAhB;AAEA,SAASC,kBAAT,EAA6BC,mBAA7B,QAAwD,mBAAxD;AACA,SAASC,eAAT,QAAgC,SAAhC;;AAaA,SAASC,WAAT,CAAqBC,IAArB,EAAiE;AAC/D,SAAO;AACLA,IAAAA,IADK;AAELC,IAAAA,iBAAiB,EAAED,IAAI,CAACC,iBAFnB;AAGLC,IAAAA,KAAK,EAAEF,IAAI,CAACE;AAHP,GAAP;AAKD,C,CAED;;;AACA,gBAAsBC,QAAtB;AAAA;AAAA;;;gCAAO,WAAyBC,UAAzB,EAAyG;AAAA,QAA1DC,OAA0D,uEAA/B,EAA+B;AAC9G,
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/interact.ts"],"names":["idx","getTransactionMeta","saveTransactionMeta","getOAuthBaseUrl","getResponse","meta","interactionHandle","state","interact","authClient","options","codeChallenge","codeChallengeMethod","clientId","redirectUri","scopes","baseUrl","then","newMeta"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,OAAOA,GAAP,MAAgB,mBAAhB;AAEA,SAASC,kBAAT,EAA6BC,mBAA7B,QAAwD,mBAAxD;AACA,SAASC,eAAT,QAAgC,SAAhC;;AAaA,SAASC,WAAT,CAAqBC,IAArB,EAAiE;AAC/D,SAAO;AACLA,IAAAA,IADK;AAELC,IAAAA,iBAAiB,EAAED,IAAI,CAACC,iBAFnB;AAGLC,IAAAA,KAAK,EAAEF,IAAI,CAACE;AAHP,GAAP;AAKD,C,CAED;;;AACA,gBAAsBC,QAAtB;AAAA;AAAA;;;gCAAO,WAAyBC,UAAzB,EAAyG;AAAA,QAA1DC,OAA0D,uEAA/B,EAA+B;AAC9G,QAAIH,KAAK,GAAGG,OAAO,CAACH,KAAR,IAAiBE,UAAU,CAACC,OAAX,CAAmBH,KAAhD;AACA,QAAMF,IAAI,SAASJ,kBAAkB,CAACQ,UAAD,EAAa;AAAEF,MAAAA;AAAF,KAAb,CAArC,CAF8G,CAI9G;;AACA,QAAIF,IAAI,CAACC,iBAAT,EAA4B;AAC1B,aAAOF,WAAW,CAACC,IAAD,CAAlB;AACD,KAP6G,CAS9G;;;AACA,QAAM;AAAEM,MAAAA,aAAF;AAAiBC,MAAAA;AAAjB,QAAyCP,IAA/C,CAV8G,CAY9G;;AACA,QAAM;AAAEQ,MAAAA,QAAF;AAAYC,MAAAA;AAAZ,QAA4BL,UAAU,CAACC,OAA7C,CAb8G,CAe9G;;AACAH,IAAAA,KAAK,GAAGA,KAAK,IAAIF,IAAI,CAACE,KAAtB;AACA,QAAMQ,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBN,UAAU,CAACC,OAAX,CAAmBK,MAArC,IAA+CV,IAAI,CAACU,MAAnE;AAEA,QAAMC,OAAO,GAAGb,eAAe,CAACM,UAAD,CAA/B;AACA,WAAOT,GAAG,CAACQ,QAAJ,CAAa;AAClB;AACAK,MAAAA,QAFkB;AAGlBG,MAAAA,OAHkB;AAIlBD,MAAAA,MAJkB;AAKlBR,MAAAA,KALkB;AAMlBO,MAAAA,WANkB;AAQlB;AACAH,MAAAA,aATkB;AAUlBC,MAAAA;AAVkB,KAAb,EAWJK,IAXI,CAWCX,iBAAiB,IAAI;AAC3B,UAAMY,OAAO,mCAAQb,IAAR;AAAcC,QAAAA,iBAAd;AAAiCC,QAAAA,KAAjC;AAAwCQ,QAAAA;AAAxC,QAAb,CAD2B,CAE3B;;;AACAb,MAAAA,mBAAmB,CAACO,UAAD,EAAaS,OAAb,CAAnB;AAEA,aAAOd,WAAW,CAACc,OAAD,CAAlB;AACD,KAjBM,CAAP;AAkBD,G","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport idx from '@okta/okta-idx-js';\nimport { OktaAuth, IdxTransactionMeta } from '../types';\nimport { getTransactionMeta, saveTransactionMeta } from './transactionMeta';\nimport { getOAuthBaseUrl } from '../oidc';\n\nexport interface InteractOptions {\n state?: string;\n scopes?: string[];\n}\n\nexport interface InteractResponse {\n state?: string;\n interactionHandle: string;\n meta: IdxTransactionMeta;\n}\n\nfunction getResponse(meta: IdxTransactionMeta): InteractResponse {\n return {\n meta,\n interactionHandle: meta.interactionHandle,\n state: meta.state\n };\n}\n\n// Begin or resume a transaction. Returns an interaction handle\nexport async function interact (authClient: OktaAuth, options: InteractOptions = {}): Promise<InteractResponse> {\n let state = options.state || authClient.options.state;\n const meta = await getTransactionMeta(authClient, { state });\n\n // Saved transaction, return meta\n if (meta.interactionHandle) {\n return getResponse(meta);\n }\n\n // These properties are always loaded from meta (or calculated fresh)\n const { codeChallenge, codeChallengeMethod } = meta;\n\n // These properties are defined by global configuration\n const { clientId, redirectUri } = authClient.options;\n\n // These properties can be set in options, but also have a default value in global configuration.\n state = state || meta.state;\n const scopes = options.scopes || authClient.options.scopes || meta.scopes;\n\n const baseUrl = getOAuthBaseUrl(authClient);\n return idx.interact({\n // OAuth\n clientId, \n baseUrl,\n scopes,\n state,\n redirectUri,\n\n // PKCE\n codeChallenge,\n codeChallengeMethod\n }).then(interactionHandle => {\n const newMeta = { ...meta, interactionHandle, state, scopes };\n // Save transaction meta so it can be resumed\n saveTransactionMeta(authClient, newMeta);\n\n return getResponse(newMeta);\n });\n}\n"],"file":"interact.js"}
|
package/esm/idx/introspect.js
CHANGED
|
@@ -17,6 +17,7 @@ function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { va
|
|
|
17
17
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
18
18
|
*/
|
|
19
19
|
import idx from '@okta/okta-idx-js';
|
|
20
|
+
import { isRawIdxResponse } from './types/idx-js';
|
|
20
21
|
import { getOAuthDomain } from '../oidc';
|
|
21
22
|
import { IDX_API_VERSION } from '../constants';
|
|
22
23
|
export function introspect(_x, _x2) {
|
|
@@ -25,17 +26,32 @@ export function introspect(_x, _x2) {
|
|
|
25
26
|
|
|
26
27
|
function _introspect() {
|
|
27
28
|
_introspect = _asyncToGenerator(function* (authClient, options) {
|
|
28
|
-
var
|
|
29
|
+
var useLastResponse = !options.stateTokenExternalId; // email verify callback: must make a new response
|
|
30
|
+
|
|
31
|
+
var rawIdxResponse;
|
|
32
|
+
|
|
33
|
+
if (useLastResponse) {
|
|
34
|
+
// try load from storage first
|
|
35
|
+
rawIdxResponse = authClient.transactionManager.loadIdxResponse();
|
|
36
|
+
} // call idx.introspect if no existing idx response available in storage
|
|
29
37
|
|
|
30
|
-
rawIdxResponse = authClient.transactionManager.loadIdxResponse(); // call idx.introspect if no existing idx response available in storage
|
|
31
38
|
|
|
32
39
|
if (!rawIdxResponse) {
|
|
33
40
|
var version = IDX_API_VERSION;
|
|
34
41
|
var domain = getOAuthDomain(authClient);
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
42
|
+
|
|
43
|
+
try {
|
|
44
|
+
rawIdxResponse = yield idx.introspect(_objectSpread({
|
|
45
|
+
domain,
|
|
46
|
+
version
|
|
47
|
+
}, options));
|
|
48
|
+
} catch (err) {
|
|
49
|
+
if (isRawIdxResponse(err)) {
|
|
50
|
+
rawIdxResponse = err;
|
|
51
|
+
} else {
|
|
52
|
+
throw err;
|
|
53
|
+
}
|
|
54
|
+
}
|
|
39
55
|
}
|
|
40
56
|
|
|
41
57
|
return idx.makeIdxState(rawIdxResponse);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/introspect.ts"],"names":["idx","getOAuthDomain","IDX_API_VERSION","introspect","authClient","options","rawIdxResponse","transactionManager","loadIdxResponse","version","domain","makeIdxState"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,OAAOA,GAAP,MAAgB,mBAAhB;
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/introspect.ts"],"names":["idx","isRawIdxResponse","getOAuthDomain","IDX_API_VERSION","introspect","authClient","options","useLastResponse","stateTokenExternalId","rawIdxResponse","transactionManager","loadIdxResponse","version","domain","err","makeIdxState"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,OAAOA,GAAP,MAAgB,mBAAhB;AAEA,SAAsBC,gBAAtB,QAA8D,gBAA9D;AACA,SAASC,cAAT,QAA+B,SAA/B;AACA,SAASC,eAAT,QAAgC,cAAhC;AAQA,gBAAsBC,UAAtB;AAAA;AAAA;;;kCAAO,WAA2BC,UAA3B,EAAiDC,OAAjD,EAAmG;AACxG,QAAMC,eAAe,GAAG,CAACD,OAAO,CAACE,oBAAjC,CADwG,CACjD;;AACvD,QAAIC,cAAJ;;AAEA,QAAIF,eAAJ,EAAqB;AACnB;AACAE,MAAAA,cAAc,GAAGJ,UAAU,CAACK,kBAAX,CAA8BC,eAA9B,EAAjB;AACD,KAPuG,CASxG;;;AACA,QAAI,CAACF,cAAL,EAAqB;AACnB,UAAMG,OAAO,GAAGT,eAAhB;AACA,UAAMU,MAAM,GAAGX,cAAc,CAACG,UAAD,CAA7B;;AACA,UAAI;AACFI,QAAAA,cAAc,SAAST,GAAG,CAACI,UAAJ;AAAiBS,UAAAA,MAAjB;AAAyBD,UAAAA;AAAzB,WAAqCN,OAArC,EAAvB;AACD,OAFD,CAEE,OAAOQ,GAAP,EAAY;AACZ,YAAIb,gBAAgB,CAACa,GAAD,CAApB,EAA2B;AACzBL,UAAAA,cAAc,GAAGK,GAAjB;AACD,SAFD,MAEO;AACL,gBAAMA,GAAN;AACD;AACF;AACF;;AAED,WAAOd,GAAG,CAACe,YAAJ,CAAiBN,cAAjB,CAAP;AACD,G","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport idx from '@okta/okta-idx-js';\nimport { OktaAuth } from '../types';\nimport { IdxResponse, isRawIdxResponse, RawIdxResponse } from './types/idx-js';\nimport { getOAuthDomain } from '../oidc';\nimport { IDX_API_VERSION } from '../constants';\n\nexport interface IntrospectOptions {\n interactionHandle?: string;\n stateHandle?: string;\n stateTokenExternalId?: string;\n}\n\nexport async function introspect (authClient: OktaAuth, options: IntrospectOptions): Promise<IdxResponse> {\n const useLastResponse = !options.stateTokenExternalId; // email verify callback: must make a new response\n let rawIdxResponse: RawIdxResponse;\n \n if (useLastResponse) {\n // try load from storage first\n rawIdxResponse = authClient.transactionManager.loadIdxResponse();\n }\n \n // call idx.introspect if no existing idx response available in storage\n if (!rawIdxResponse) {\n const version = IDX_API_VERSION;\n const domain = getOAuthDomain(authClient);\n try {\n rawIdxResponse = await idx.introspect({ domain, version, ...options });\n } catch (err) {\n if (isRawIdxResponse(err)) {\n rawIdxResponse = err;\n } else {\n throw err;\n }\n }\n }\n\n return idx.makeIdxState(rawIdxResponse);\n}\n"],"file":"introspect.js"}
|
package/esm/idx/remediate.js
CHANGED
|
@@ -18,9 +18,8 @@ function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { va
|
|
|
18
18
|
*/
|
|
19
19
|
|
|
20
20
|
/* eslint-disable max-statements, max-depth, complexity */
|
|
21
|
-
import idx from '@okta/okta-idx-js';
|
|
22
21
|
import { AuthSdkError } from '../errors';
|
|
23
|
-
import {
|
|
22
|
+
import { isIdxResponse } from './types/idx-js';
|
|
24
23
|
// Return first match idxRemediation in allowed remediators
|
|
25
24
|
export function getRemediator(idxRemediations, values, options) {
|
|
26
25
|
var {
|
|
@@ -139,28 +138,29 @@ function getNextStep(remediator, idxResponse) {
|
|
|
139
138
|
|
|
140
139
|
function handleIdxError(e, flow, remediator) {
|
|
141
140
|
// Handle idx messages
|
|
142
|
-
|
|
143
|
-
var idxState = idx.makeIdxState(e);
|
|
144
|
-
var terminal = isTerminalResponse(idxState);
|
|
145
|
-
var messages = getIdxMessages(idxState, flow);
|
|
146
|
-
|
|
147
|
-
if (terminal) {
|
|
148
|
-
return {
|
|
149
|
-
terminal,
|
|
150
|
-
messages
|
|
151
|
-
};
|
|
152
|
-
} else {
|
|
153
|
-
var nextStep = remediator && getNextStep(remediator, idxState);
|
|
154
|
-
return _objectSpread({
|
|
155
|
-
messages
|
|
156
|
-
}, nextStep && {
|
|
157
|
-
nextStep
|
|
158
|
-
});
|
|
159
|
-
}
|
|
160
|
-
} // Thrown error terminates the interaction with idx
|
|
141
|
+
var idxState = isIdxResponse(e) ? e : null;
|
|
161
142
|
|
|
143
|
+
if (!idxState) {
|
|
144
|
+
// Thrown error terminates the interaction with idx
|
|
145
|
+
throw e;
|
|
146
|
+
}
|
|
162
147
|
|
|
163
|
-
|
|
148
|
+
var terminal = isTerminalResponse(idxState);
|
|
149
|
+
var messages = getIdxMessages(idxState, flow);
|
|
150
|
+
|
|
151
|
+
if (terminal) {
|
|
152
|
+
return {
|
|
153
|
+
terminal,
|
|
154
|
+
messages
|
|
155
|
+
};
|
|
156
|
+
} else {
|
|
157
|
+
var nextStep = remediator && getNextStep(remediator, idxState);
|
|
158
|
+
return _objectSpread({
|
|
159
|
+
messages
|
|
160
|
+
}, nextStep && {
|
|
161
|
+
nextStep
|
|
162
|
+
});
|
|
163
|
+
}
|
|
164
164
|
}
|
|
165
165
|
|
|
166
166
|
function getActionFromValues(values, idxResponse) {
|
package/esm/idx/remediate.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/remediate.ts"],"names":["idx","AuthSdkError","isRawIdxResponse","getRemediator","idxRemediations","values","options","flow","flowMonitor","remediator","remediatorCandidates","remediation","isRemeditionInFlow","Object","keys","includes","name","T","isRemediatorCandidate","canRemediate","push","isTerminalResponse","idxResponse","neededToProceed","interactionCode","length","canSkipFn","some","canResendFn","actions","actionName","getIdxMessages","messages","rawIdxState","globalMessages","value","map","message","fieldMessages","getMessages","getNextStep","nextStep","canSkip","canResend","handleIdxError","e","idxState","makeIdxState","terminal","getActionFromValues","find","action","resend","removeActionFromValues","undefined","remediate","actionFromValues","valuesWithoutExecutedAction","canceled","reduce","acc","curr","loopDetected","getName","data","getData","proceed","trackRemediations","getValuesAfterProceed"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,OAAOA,GAAP,MAAgB,mBAAhB;AACA,SAASC,YAAT,QAA6B,WAA7B;AAIA,SAEEC,gBAFF,QAIO,gBAJP;AAaA;AACA,OAAO,SAASC,aAAT,CACLC,eADK,EAELC,MAFK,EAGLC,OAHK,EAIO;AACZ,MAAM;AAAEC,IAAAA,IAAF;AAAQC,IAAAA;AAAR,MAAwBF,OAA9B;AAEA,MAAIG,UAAJ;AACA,MAAMC,oBAAoB,GAAG,EAA7B;;AACA,OAAK,IAAIC,WAAT,IAAwBP,eAAxB,EAAyC;AACvC,QAAMQ,kBAAkB,GAAGC,MAAM,CAACC,IAAP,CAAYP,IAAZ,EAAkBQ,QAAlB,CAA2BJ,WAAW,CAACK,IAAvC,CAA3B;;AACA,QAAI,CAACJ,kBAAL,EAAyB;AACvB;AACD;;AAED,QAAMK,CAAC,GAAGV,IAAI,CAACI,WAAW,CAACK,IAAb,CAAd;AACAP,IAAAA,UAAU,GAAG,IAAIQ,CAAJ,CAAMN,WAAN,EAAmBN,MAAnB,CAAb;;AACA,QAAIG,WAAW,CAACU,qBAAZ,CAAkCT,UAAlC,EAA8CL,eAA9C,EAA+DC,MAA/D,CAAJ,EAA4E;AAC1E,UAAII,UAAU,CAACU,YAAX,EAAJ,EAA+B;AAC7B;AACA,eAAOV,UAAP;AACD,OAJyE,CAK1E;AACA;;;AACAC,MAAAA,oBAAoB,CAACU,IAArB,CAA0BX,UAA1B;AACD;AACF,GAtBW,CAwBZ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AAEA,SAAOC,oBAAoB,CAAC,CAAD,CAA3B;AACD;;AAED,SAASW,kBAAT,CAA4BC,WAA5B,EAAsD;AACpD,MAAM;AAAEC,IAAAA,eAAF;AAAmBC,IAAAA;AAAnB,MAAuCF,WAA7C;AACA,SAAO,CAACC,eAAe,CAACE,MAAjB,IAA2B,CAACD,eAAnC;AACD;;AAED,SAASE,SAAT,CAAmBJ,WAAnB,EAA6C;AAC3C,SAAOA,WAAW,CAACC,eAAZ,CAA4BI,IAA5B,CAAiC;AAAA,QAAC;AAAEX,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,MAAvB;AAAA,GAAjC,CAAP;AACD;;AAED,SAASY,WAAT,CAAqBN,WAArB,EAA+C;AAC7C,SAAOT,MAAM,CAACC,IAAP,CAAYQ,WAAW,CAACO,OAAxB,EAAiCF,IAAjC,CAAsCG,UAAU,IAAIA,UAAU,CAACf,QAAX,CAAoB,QAApB,CAApD,CAAP;AACD;;AAED,SAASgB,cAAT,CACET,WADF,EAC4Bf,IAD5B,EAEgB;AAAA;;AACd,MAAIyB,QAAQ,GAAG,EAAf;;AACA,MAAI,CAACzB,IAAL,EAAW;AACT,WAAOyB,QAAP;AACD;;AAED,MAAM;AAAEC,IAAAA,WAAF;AAAeV,IAAAA;AAAf,MAAmCD,WAAzC,CANc,CAQd;;AACA,MAAMY,cAAc,4BAAGD,WAAW,CAACD,QAAf,0DAAG,sBAAsBG,KAAtB,CAA4BC,GAA5B,CAAgCC,OAAO,IAAIA,OAA3C,CAAvB;;AACA,MAAIH,cAAJ,EAAoB;AAClBF,IAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGE,cAAjB,CAAX;AACD,GAZa,CAcd;;;AACA,OAAK,IAAIvB,WAAT,IAAwBY,eAAxB,EAAyC;AACvC,QAAMN,CAAC,GAAGV,IAAI,CAACI,WAAW,CAACK,IAAb,CAAd;;AACA,QAAI,CAACC,CAAL,EAAQ;AACN;AACD;;AACD,QAAMR,UAAU,GAAG,IAAIQ,CAAJ,CAAMN,WAAN,CAAnB;AACA,QAAM2B,aAAa,GAAG7B,UAAU,CAAC8B,WAAX,EAAtB;;AACA,QAAID,aAAJ,EAAmB;AACjBN,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGM,aAAjB,CAAX;AACD;AACF;;AAED,SAAON,QAAP;AACD;;AAED,SAASQ,WAAT,CACE/B,UADF,EAC0Ba,WAD1B,EAEY;AACV,MAAMmB,QAAQ,GAAGhC,UAAU,CAAC+B,WAAX,EAAjB;AACA,MAAME,OAAO,GAAGhB,SAAS,CAACJ,WAAD,CAAzB;AACA,MAAMqB,SAAS,GAAGf,WAAW,CAACN,WAAD,CAA7B;AACA,uDACKmB,QADL,GAEMC,OAAO,IAAI;AAACA,IAAAA;AAAD,GAFjB,GAGMC,SAAS,IAAI;AAACA,IAAAA;AAAD,GAHnB;AAKD;;AAED,SAASC,cAAT,CAAwBC,CAAxB,EAA2BtC,IAA3B,EAAiCE,UAAjC,EAA8C;AAC5C;AACA,MAAIP,gBAAgB,CAAC2C,CAAD,CAApB,EAAyB;AACvB,QAAMC,QAAQ,GAAG9C,GAAG,CAAC+C,YAAJ,CAAiBF,CAAjB,CAAjB;AACA,QAAMG,QAAQ,GAAG3B,kBAAkB,CAACyB,QAAD,CAAnC;AACA,QAAMd,QAAQ,GAAGD,cAAc,CAACe,QAAD,EAAWvC,IAAX,CAA/B;;AACA,QAAIyC,QAAJ,EAAc;AACZ,aAAO;AAAEA,QAAAA,QAAF;AAAYhB,QAAAA;AAAZ,OAAP;AACD,KAFD,MAEO;AACL,UAAMS,QAAQ,GAAGhC,UAAU,IAAI+B,WAAW,CAAC/B,UAAD,EAAaqC,QAAb,CAA1C;AACA;AACEd,QAAAA;AADF,SAEMS,QAAQ,IAAI;AAAEA,QAAAA;AAAF,OAFlB;AAID;AACF,GAf2C,CAgB5C;;;AACA,QAAMI,CAAN;AACD;;AAED,SAASI,mBAAT,CAA6B5C,MAA7B,EAAqCiB,WAArC,EAAmF;AACjF;AACA,SAAOT,MAAM,CAACC,IAAP,CAAYQ,WAAW,CAACO,OAAxB,EAAiCqB,IAAjC,CAAsCC,MAAM,IAAI,CAAC,CAAC9C,MAAM,CAAC+C,MAAT,IAAmBD,MAAM,CAACpC,QAAP,CAAgB,SAAhB,CAAnE,CAAP;AACD;;AAED,SAASsC,sBAAT,CAAgChD,MAAhC,EAAwC;AACtC;AACAA,EAAAA,MAAM,CAAC+C,MAAP,GAAgBE,SAAhB;AACA,SAAOjD,MAAP;AACD,C,CAED;;;AACA,gBAAsBkD,SAAtB;AAAA;AAAA;;;iCAAO,WACLjC,WADK,EAELjB,MAFK,EAGLC,OAHK,EAIyB;AAC9B,QAAI;AAAEiB,MAAAA,eAAF;AAAmBC,MAAAA;AAAnB,QAAuCF,WAA3C;AACA,QAAM;AAAEf,MAAAA,IAAF;AAAQC,MAAAA;AAAR,QAAwBF,OAA9B,CAF8B,CAI9B;;AACA,QAAIkB,eAAJ,EAAqB;AACnB,aAAO;AAAEF,QAAAA;AAAF,OAAP;AACD,KAP6B,CAS9B;;;AACA,QAAM0B,QAAQ,GAAG3B,kBAAkB,CAACC,WAAD,CAAnC;AACA,QAAMU,QAAQ,GAAGD,cAAc,CAACT,WAAD,EAAcf,IAAd,CAA/B;;AACA,QAAIyC,QAAJ,EAAc;AACZ,aAAO;AAAEA,QAAAA,QAAF;AAAYhB,QAAAA;AAAZ,OAAP;AACD,KAd6B,CAgB9B;;;AACA,QAAMwB,gBAAgB,GAAGP,mBAAmB,CAAC5C,MAAD,EAASiB,WAAT,CAA5C;AACA,QAAMO,OAAO,GAAG,CACd,IAAGvB,OAAO,CAACuB,OAAR,IAAmB,EAAtB,CADc,EAEd,IAAI2B,gBAAgB,IAAI,CAACA,gBAAD,CAApB,IAA0C,EAA9C,CAFc,CAAhB;;AAIA,QAAI3B,OAAJ,EAAa;AACX,WAAK,IAAIsB,MAAT,IAAmBtB,OAAnB,EAA4B;AAC1B,YAAI4B,2BAA2B,GAAGJ,sBAAsB,CAAChD,MAAD,CAAxD;;AACA,YAAI,OAAOiB,WAAW,CAACO,OAAZ,CAAoBsB,MAApB,CAAP,KAAuC,UAA3C,EAAuD;AACrD,cAAI;AACF7B,YAAAA,WAAW,SAASA,WAAW,CAACO,OAAZ,CAAoBsB,MAApB,GAApB;AACD,WAFD,CAEE,OAAON,CAAP,EAAU;AACV,mBAAOD,cAAc,CAACC,CAAD,EAAItC,IAAJ,CAArB;AACD;;AACD,cAAI4C,MAAM,KAAK,QAAf,EAAyB;AACvB,mBAAO;AAAEO,cAAAA,QAAQ,EAAE;AAAZ,aAAP;AACD;;AACD,iBAAOH,SAAS,CAACjC,WAAD,EAAcmC,2BAAd,EAA2CnD,OAA3C,CAAhB,CATqD,CASgB;AACtE;AACF;AACF;;AAED,QAAMG,UAAU,GAAGN,aAAa,CAACoB,eAAD,EAAkBlB,MAAlB,EAA0BC,OAA1B,CAAhC;;AAEA,QAAI,CAACG,UAAL,EAAiB;AACf,YAAM,IAAIR,YAAJ,mHAEasB,eAAe,CAACoC,MAAhB,CAAuB,CAACC,GAAD,EAAMC,IAAN,KAAeD,GAAG,GAAGA,GAAG,GAAG,IAAN,GAAaC,IAAI,CAAC7C,IAArB,GAA4B6C,IAAI,CAAC7C,IAA1E,EAAgF,EAAhF,CAFb,aAAN;AAID;;AAED,QAAIR,WAAW,CAACsD,YAAZ,CAAyBrD,UAAzB,CAAJ,EAA0C;AACxC,YAAM,IAAIR,YAAJ,oEAC+CQ,UAAU,CAACsD,OAAX,EAD/C,YAAN;AAGD,KApD6B,CAsD9B;AACA;;;AACA,QAAI,CAACtD,UAAU,CAACU,YAAX,EAAL,EAAgC;AAC9B,UAAMsB,QAAQ,GAAGD,WAAW,CAAC/B,UAAD,EAAaa,WAAb,CAA5B;AACA,aAAO;AAAEA,QAAAA,WAAF;AAAemB,QAAAA;AAAf,OAAP;AACD;;AAED,QAAMzB,IAAI,GAAGP,UAAU,CAACsD,OAAX,EAAb;AACA,QAAMC,IAAI,GAAGvD,UAAU,CAACwD,OAAX,EAAb;;AACA,QAAI;AACF3C,MAAAA,WAAW,SAASA,WAAW,CAAC4C,OAAZ,CAAoBlD,IAApB,EAA0BgD,IAA1B,CAApB,CADE,CAGF;;AACA,YAAMxD,WAAW,CAAC2D,iBAAZ,CAA8BnD,IAA9B,CAAN,CAJE,CAMF;;AACA,UAAIM,WAAW,CAACE,eAAhB,EAAiC;AAC/B,eAAO;AAAEF,UAAAA;AAAF,SAAP;AACD,OATC,CAWF;;;AACA,UAAM0B,SAAQ,GAAG3B,kBAAkB,CAACC,WAAD,CAAnC;;AACA,UAAMU,SAAQ,GAAGD,cAAc,CAACT,WAAD,EAAcf,IAAd,CAA/B;;AACA,UAAIyC,SAAJ,EAAc;AACZ,eAAO;AAAEA,UAAAA,QAAQ,EAARA,SAAF;AAAYhB,UAAAA,QAAQ,EAARA;AAAZ,SAAP;AACD,OAhBC,CAkBF;;;AACA,UAAIA,SAAQ,CAACP,MAAb,EAAqB;AACnB,YAAMgB,SAAQ,GAAGD,WAAW,CAAC/B,UAAD,EAAaa,WAAb,CAA5B;;AACA,eAAO;AAAEmB,UAAAA,QAAQ,EAARA,SAAF;AAAYT,UAAAA,QAAQ,EAARA;AAAZ,SAAP;AACD,OAtBC,CAwBF;AACA;;;AACA3B,MAAAA,MAAM,GAAGI,UAAU,CAAC2D,qBAAX,EAAT;AACA,aAAOb,SAAS,CAACjC,WAAD,EAAcjB,MAAd,EAAsBC,OAAtB,CAAhB,CA3BE,CA2B8C;AACjD,KA5BD,CA4BE,OAAOuC,CAAP,EAAU;AACV,aAAOD,cAAc,CAACC,CAAD,EAAItC,IAAJ,EAAUE,UAAV,CAArB;AACD;AACF,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, max-depth, complexity */\nimport idx from '@okta/okta-idx-js';\nimport { AuthSdkError } from '../errors';\nimport { Remediator, RemediationValues } from './remediators';\nimport { RunOptions, RemediationFlow } from './run';\nimport { NextStep, IdxMessage } from './types';\nimport { \n IdxResponse, \n isRawIdxResponse, \n IdxRemediation, \n} from './types/idx-js';\n\ninterface RemediationResponse {\n idxResponse?: IdxResponse;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n terminal?: boolean;\n canceled?: boolean;\n}\n// Return first match idxRemediation in allowed remediators\nexport function getRemediator(\n idxRemediations: IdxRemediation[],\n values: RemediationValues,\n options: RunOptions,\n): Remediator {\n const { flow, flowMonitor } = options;\n\n let remediator;\n const remediatorCandidates = [];\n for (let remediation of idxRemediations) {\n const isRemeditionInFlow = Object.keys(flow).includes(remediation.name);\n if (!isRemeditionInFlow) {\n continue;\n }\n \n const T = flow[remediation.name];\n remediator = new T(remediation, values);\n if (flowMonitor.isRemediatorCandidate(remediator, idxRemediations, values)) {\n if (remediator.canRemediate()) {\n // found the remediator\n return remediator;\n }\n // remediator cannot handle the current values\n // maybe return for next step\n remediatorCandidates.push(remediator); \n }\n }\n \n // TODO: why is it a problem to have multiple remediations? \n // JIRA: https://oktainc.atlassian.net/browse/OKTA-400758\n // if (remediatorCandidates.length > 1) {\n // const remediationNames = remediatorCandidates.reduce((acc, curr) => {\n // const name = curr.getName();\n // return acc ? `${acc}, ${name}` : name;\n // }, '');\n // throw new AuthSdkError(`\n // More than one remediation can match the current input, remediations: ${remediationNames}\n // `);\n // }\n\n return remediatorCandidates[0];\n}\n\nfunction isTerminalResponse(idxResponse: IdxResponse) {\n const { neededToProceed, interactionCode } = idxResponse;\n return !neededToProceed.length && !interactionCode;\n}\n\nfunction canSkipFn(idxResponse: IdxResponse) {\n return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nfunction canResendFn(idxResponse: IdxResponse) {\n return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nfunction getIdxMessages(\n idxResponse: IdxResponse, flow: RemediationFlow\n): IdxMessage[] {\n let messages = [];\n if (!flow) {\n return messages;\n }\n\n const { rawIdxState, neededToProceed } = idxResponse;\n\n // Handle global messages\n const globalMessages = rawIdxState.messages?.value.map(message => message);\n if (globalMessages) {\n messages = [...messages, ...globalMessages];\n }\n\n // Handle field messages for current flow\n for (let remediation of neededToProceed) {\n const T = flow[remediation.name];\n if (!T) {\n continue;\n }\n const remediator = new T(remediation);\n const fieldMessages = remediator.getMessages();\n if (fieldMessages) {\n messages = [...messages, ...fieldMessages];\n }\n }\n\n return messages;\n}\n\nfunction getNextStep(\n remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n const nextStep = remediator.getNextStep();\n const canSkip = canSkipFn(idxResponse);\n const canResend = canResendFn(idxResponse);\n return {\n ...nextStep,\n ...(canSkip && {canSkip}),\n ...(canResend && {canResend}),\n };\n}\n\nfunction handleIdxError(e, flow, remediator?) {\n // Handle idx messages\n if (isRawIdxResponse(e)) {\n const idxState = idx.makeIdxState(e);\n const terminal = isTerminalResponse(idxState);\n const messages = getIdxMessages(idxState, flow);\n if (terminal) {\n return { terminal, messages };\n } else {\n const nextStep = remediator && getNextStep(remediator, idxState);\n return { \n messages, \n ...(nextStep && { nextStep }) \n };\n }\n }\n // Thrown error terminates the interaction with idx\n throw e;\n}\n\nfunction getActionFromValues(values, idxResponse: IdxResponse): string | undefined {\n // Currently support resend actions only\n return Object.keys(idxResponse.actions).find(action => !!values.resend && action.includes('-resend'));\n}\n\nfunction removeActionFromValues(values) {\n // Currently support resend actions only\n values.resend = undefined;\n return values;\n}\n\n// This function is called recursively until it reaches success or cannot be remediated\nexport async function remediate(\n idxResponse: IdxResponse,\n values: RemediationValues,\n options: RunOptions\n): Promise<RemediationResponse> {\n let { neededToProceed, interactionCode } = idxResponse;\n const { flow, flowMonitor } = options;\n\n // If the response contains an interaction code, there is no need to remediate\n if (interactionCode) {\n return { idxResponse };\n }\n\n // Reach to terminal state\n const terminal = isTerminalResponse(idxResponse);\n const messages = getIdxMessages(idxResponse, flow);\n if (terminal) {\n return { terminal, messages };\n }\n \n // Try actions in idxResponse first\n const actionFromValues = getActionFromValues(values, idxResponse);\n const actions = [\n ...options.actions || [],\n ...(actionFromValues && [actionFromValues] || []),\n ];\n if (actions) {\n for (let action of actions) {\n let valuesWithoutExecutedAction = removeActionFromValues(values);\n if (typeof idxResponse.actions[action] === 'function') {\n try {\n idxResponse = await idxResponse.actions[action]();\n } catch (e) {\n return handleIdxError(e, flow);\n }\n if (action === 'cancel') {\n return { canceled: true };\n }\n return remediate(idxResponse, valuesWithoutExecutedAction, options); // recursive call\n }\n }\n }\n\n const remediator = getRemediator(neededToProceed, values, options);\n \n if (!remediator) {\n throw new AuthSdkError(`\n No remediation can match current flow, check policy settings in your org.\n Remediations: [${neededToProceed.reduce((acc, curr) => acc ? acc + ' ,' + curr.name : curr.name, '')}]\n `);\n }\n\n if (flowMonitor.loopDetected(remediator)) {\n throw new AuthSdkError(`\n Remediation run into loop, break!!! remediation: ${remediator.getName()}\n `);\n }\n\n // Recursive loop breaker\n // Return next step to the caller\n if (!remediator.canRemediate()) {\n const nextStep = getNextStep(remediator, idxResponse);\n return { idxResponse, nextStep };\n }\n\n const name = remediator.getName();\n const data = remediator.getData();\n try {\n idxResponse = await idxResponse.proceed(name, data);\n\n // Track succeed remediations in the current transaction\n await flowMonitor.trackRemediations(name);\n \n // Successfully get interaction code\n if (idxResponse.interactionCode) {\n return { idxResponse };\n }\n\n // Reach to terminal state\n const terminal = isTerminalResponse(idxResponse);\n const messages = getIdxMessages(idxResponse, flow);\n if (terminal) {\n return { terminal, messages };\n }\n\n // Handle idx message in nextStep\n if (messages.length) {\n const nextStep = getNextStep(remediator, idxResponse);\n return { nextStep, messages };\n }\n \n // We may want to trim the values bag for the next remediation\n // Let the remediator decide what the values should be (default to current values)\n values = remediator.getValuesAfterProceed();\n return remediate(idxResponse, values, options); // recursive call\n } catch (e) {\n return handleIdxError(e, flow, remediator);\n }\n}\n"],"file":"remediate.js"}
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/remediate.ts"],"names":["AuthSdkError","isIdxResponse","getRemediator","idxRemediations","values","options","flow","flowMonitor","remediator","remediatorCandidates","remediation","isRemeditionInFlow","Object","keys","includes","name","T","isRemediatorCandidate","canRemediate","push","isTerminalResponse","idxResponse","neededToProceed","interactionCode","length","canSkipFn","some","canResendFn","actions","actionName","getIdxMessages","messages","rawIdxState","globalMessages","value","map","message","fieldMessages","getMessages","getNextStep","nextStep","canSkip","canResend","handleIdxError","e","idxState","terminal","getActionFromValues","find","action","resend","removeActionFromValues","undefined","remediate","actionFromValues","valuesWithoutExecutedAction","canceled","reduce","acc","curr","loopDetected","getName","data","getData","proceed","trackRemediations","getValuesAfterProceed"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAIA,SAGEC,aAHF,QAIO,gBAJP;AAaA;AACA,OAAO,SAASC,aAAT,CACLC,eADK,EAELC,MAFK,EAGLC,OAHK,EAIO;AACZ,MAAM;AAAEC,IAAAA,IAAF;AAAQC,IAAAA;AAAR,MAAwBF,OAA9B;AAEA,MAAIG,UAAJ;AACA,MAAMC,oBAAoB,GAAG,EAA7B;;AACA,OAAK,IAAIC,WAAT,IAAwBP,eAAxB,EAAyC;AACvC,QAAMQ,kBAAkB,GAAGC,MAAM,CAACC,IAAP,CAAYP,IAAZ,EAAkBQ,QAAlB,CAA2BJ,WAAW,CAACK,IAAvC,CAA3B;;AACA,QAAI,CAACJ,kBAAL,EAAyB;AACvB;AACD;;AAED,QAAMK,CAAC,GAAGV,IAAI,CAACI,WAAW,CAACK,IAAb,CAAd;AACAP,IAAAA,UAAU,GAAG,IAAIQ,CAAJ,CAAMN,WAAN,EAAmBN,MAAnB,CAAb;;AACA,QAAIG,WAAW,CAACU,qBAAZ,CAAkCT,UAAlC,EAA8CL,eAA9C,EAA+DC,MAA/D,CAAJ,EAA4E;AAC1E,UAAII,UAAU,CAACU,YAAX,EAAJ,EAA+B;AAC7B;AACA,eAAOV,UAAP;AACD,OAJyE,CAK1E;AACA;;;AACAC,MAAAA,oBAAoB,CAACU,IAArB,CAA0BX,UAA1B;AACD;AACF,GAtBW,CAwBZ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AAEA,SAAOC,oBAAoB,CAAC,CAAD,CAA3B;AACD;;AAED,SAASW,kBAAT,CAA4BC,WAA5B,EAAsD;AACpD,MAAM;AAAEC,IAAAA,eAAF;AAAmBC,IAAAA;AAAnB,MAAuCF,WAA7C;AACA,SAAO,CAACC,eAAe,CAACE,MAAjB,IAA2B,CAACD,eAAnC;AACD;;AAED,SAASE,SAAT,CAAmBJ,WAAnB,EAA6C;AAC3C,SAAOA,WAAW,CAACC,eAAZ,CAA4BI,IAA5B,CAAiC;AAAA,QAAC;AAAEX,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,MAAvB;AAAA,GAAjC,CAAP;AACD;;AAED,SAASY,WAAT,CAAqBN,WAArB,EAA+C;AAC7C,SAAOT,MAAM,CAACC,IAAP,CAAYQ,WAAW,CAACO,OAAxB,EAAiCF,IAAjC,CAAsCG,UAAU,IAAIA,UAAU,CAACf,QAAX,CAAoB,QAApB,CAApD,CAAP;AACD;;AAED,SAASgB,cAAT,CACET,WADF,EAC4Bf,IAD5B,EAEgB;AAAA;;AACd,MAAIyB,QAAQ,GAAG,EAAf;;AACA,MAAI,CAACzB,IAAL,EAAW;AACT,WAAOyB,QAAP;AACD;;AAED,MAAM;AAAEC,IAAAA,WAAF;AAAeV,IAAAA;AAAf,MAAmCD,WAAzC,CANc,CAQd;;AACA,MAAMY,cAAc,4BAAGD,WAAW,CAACD,QAAf,0DAAG,sBAAsBG,KAAtB,CAA4BC,GAA5B,CAAgCC,OAAO,IAAIA,OAA3C,CAAvB;;AACA,MAAIH,cAAJ,EAAoB;AAClBF,IAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGE,cAAjB,CAAX;AACD,GAZa,CAcd;;;AACA,OAAK,IAAIvB,WAAT,IAAwBY,eAAxB,EAAyC;AACvC,QAAMN,CAAC,GAAGV,IAAI,CAACI,WAAW,CAACK,IAAb,CAAd;;AACA,QAAI,CAACC,CAAL,EAAQ;AACN;AACD;;AACD,QAAMR,UAAU,GAAG,IAAIQ,CAAJ,CAAMN,WAAN,CAAnB;AACA,QAAM2B,aAAa,GAAG7B,UAAU,CAAC8B,WAAX,EAAtB;;AACA,QAAID,aAAJ,EAAmB;AACjBN,MAAAA,QAAQ,GAAG,CAAC,GAAGA,QAAJ,EAAc,GAAGM,aAAjB,CAAX;AACD;AACF;;AAED,SAAON,QAAP;AACD;;AAED,SAASQ,WAAT,CACE/B,UADF,EAC0Ba,WAD1B,EAEY;AACV,MAAMmB,QAAQ,GAAGhC,UAAU,CAAC+B,WAAX,EAAjB;AACA,MAAME,OAAO,GAAGhB,SAAS,CAACJ,WAAD,CAAzB;AACA,MAAMqB,SAAS,GAAGf,WAAW,CAACN,WAAD,CAA7B;AACA,uDACKmB,QADL,GAEMC,OAAO,IAAI;AAACA,IAAAA;AAAD,GAFjB,GAGMC,SAAS,IAAI;AAACA,IAAAA;AAAD,GAHnB;AAKD;;AAED,SAASC,cAAT,CAAwBC,CAAxB,EAA2BtC,IAA3B,EAAiCE,UAAjC,EAA8C;AAC5C;AACA,MAAMqC,QAAqB,GAAG5C,aAAa,CAAC2C,CAAD,CAAb,GAAmBA,CAAnB,GAAuB,IAArD;;AACA,MAAI,CAACC,QAAL,EAAe;AACb;AACA,UAAMD,CAAN;AACD;;AACD,MAAME,QAAQ,GAAG1B,kBAAkB,CAACyB,QAAD,CAAnC;AACA,MAAMd,QAAQ,GAAGD,cAAc,CAACe,QAAD,EAAWvC,IAAX,CAA/B;;AACA,MAAIwC,QAAJ,EAAc;AACZ,WAAO;AAAEA,MAAAA,QAAF;AAAYf,MAAAA;AAAZ,KAAP;AACD,GAFD,MAEO;AACL,QAAMS,QAAQ,GAAGhC,UAAU,IAAI+B,WAAW,CAAC/B,UAAD,EAAaqC,QAAb,CAA1C;AACA;AACEd,MAAAA;AADF,OAEMS,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAFlB;AAID;AACF;;AAED,SAASO,mBAAT,CAA6B3C,MAA7B,EAAqCiB,WAArC,EAAmF;AACjF;AACA,SAAOT,MAAM,CAACC,IAAP,CAAYQ,WAAW,CAACO,OAAxB,EAAiCoB,IAAjC,CAAsCC,MAAM,IAAI,CAAC,CAAC7C,MAAM,CAAC8C,MAAT,IAAmBD,MAAM,CAACnC,QAAP,CAAgB,SAAhB,CAAnE,CAAP;AACD;;AAED,SAASqC,sBAAT,CAAgC/C,MAAhC,EAAwC;AACtC;AACAA,EAAAA,MAAM,CAAC8C,MAAP,GAAgBE,SAAhB;AACA,SAAOhD,MAAP;AACD,C,CAED;;;AACA,gBAAsBiD,SAAtB;AAAA;AAAA;;;iCAAO,WACLhC,WADK,EAELjB,MAFK,EAGLC,OAHK,EAIyB;AAC9B,QAAI;AAAEiB,MAAAA,eAAF;AAAmBC,MAAAA;AAAnB,QAAuCF,WAA3C;AACA,QAAM;AAAEf,MAAAA,IAAF;AAAQC,MAAAA;AAAR,QAAwBF,OAA9B,CAF8B,CAI9B;;AACA,QAAIkB,eAAJ,EAAqB;AACnB,aAAO;AAAEF,QAAAA;AAAF,OAAP;AACD,KAP6B,CAS9B;;;AACA,QAAMyB,QAAQ,GAAG1B,kBAAkB,CAACC,WAAD,CAAnC;AACA,QAAMU,QAAQ,GAAGD,cAAc,CAACT,WAAD,EAAcf,IAAd,CAA/B;;AACA,QAAIwC,QAAJ,EAAc;AACZ,aAAO;AAAEA,QAAAA,QAAF;AAAYf,QAAAA;AAAZ,OAAP;AACD,KAd6B,CAgB9B;;;AACA,QAAMuB,gBAAgB,GAAGP,mBAAmB,CAAC3C,MAAD,EAASiB,WAAT,CAA5C;AACA,QAAMO,OAAO,GAAG,CACd,IAAGvB,OAAO,CAACuB,OAAR,IAAmB,EAAtB,CADc,EAEd,IAAI0B,gBAAgB,IAAI,CAACA,gBAAD,CAApB,IAA0C,EAA9C,CAFc,CAAhB;;AAIA,QAAI1B,OAAJ,EAAa;AACX,WAAK,IAAIqB,MAAT,IAAmBrB,OAAnB,EAA4B;AAC1B,YAAI2B,2BAA2B,GAAGJ,sBAAsB,CAAC/C,MAAD,CAAxD;;AACA,YAAI,OAAOiB,WAAW,CAACO,OAAZ,CAAoBqB,MAApB,CAAP,KAAuC,UAA3C,EAAuD;AACrD,cAAI;AACF5B,YAAAA,WAAW,SAASA,WAAW,CAACO,OAAZ,CAAoBqB,MAApB,GAApB;AACD,WAFD,CAEE,OAAOL,CAAP,EAAU;AACV,mBAAOD,cAAc,CAACC,CAAD,EAAItC,IAAJ,CAArB;AACD;;AACD,cAAI2C,MAAM,KAAK,QAAf,EAAyB;AACvB,mBAAO;AAAEO,cAAAA,QAAQ,EAAE;AAAZ,aAAP;AACD;;AACD,iBAAOH,SAAS,CAAChC,WAAD,EAAckC,2BAAd,EAA2ClD,OAA3C,CAAhB,CATqD,CASgB;AACtE;AACF;AACF;;AAED,QAAMG,UAAU,GAAGN,aAAa,CAACoB,eAAD,EAAkBlB,MAAlB,EAA0BC,OAA1B,CAAhC;;AAEA,QAAI,CAACG,UAAL,EAAiB;AACf,YAAM,IAAIR,YAAJ,mHAEasB,eAAe,CAACmC,MAAhB,CAAuB,CAACC,GAAD,EAAMC,IAAN,KAAeD,GAAG,GAAGA,GAAG,GAAG,IAAN,GAAaC,IAAI,CAAC5C,IAArB,GAA4B4C,IAAI,CAAC5C,IAA1E,EAAgF,EAAhF,CAFb,aAAN;AAID;;AAED,QAAIR,WAAW,CAACqD,YAAZ,CAAyBpD,UAAzB,CAAJ,EAA0C;AACxC,YAAM,IAAIR,YAAJ,oEAC+CQ,UAAU,CAACqD,OAAX,EAD/C,YAAN;AAGD,KApD6B,CAsD9B;AACA;;;AACA,QAAI,CAACrD,UAAU,CAACU,YAAX,EAAL,EAAgC;AAC9B,UAAMsB,QAAQ,GAAGD,WAAW,CAAC/B,UAAD,EAAaa,WAAb,CAA5B;AACA,aAAO;AAAEA,QAAAA,WAAF;AAAemB,QAAAA;AAAf,OAAP;AACD;;AAED,QAAMzB,IAAI,GAAGP,UAAU,CAACqD,OAAX,EAAb;AACA,QAAMC,IAAI,GAAGtD,UAAU,CAACuD,OAAX,EAAb;;AACA,QAAI;AACF1C,MAAAA,WAAW,SAASA,WAAW,CAAC2C,OAAZ,CAAoBjD,IAApB,EAA0B+C,IAA1B,CAApB,CADE,CAGF;;AACA,YAAMvD,WAAW,CAAC0D,iBAAZ,CAA8BlD,IAA9B,CAAN,CAJE,CAMF;;AACA,UAAIM,WAAW,CAACE,eAAhB,EAAiC;AAC/B,eAAO;AAAEF,UAAAA;AAAF,SAAP;AACD,OATC,CAWF;;;AACA,UAAMyB,SAAQ,GAAG1B,kBAAkB,CAACC,WAAD,CAAnC;;AACA,UAAMU,SAAQ,GAAGD,cAAc,CAACT,WAAD,EAAcf,IAAd,CAA/B;;AACA,UAAIwC,SAAJ,EAAc;AACZ,eAAO;AAAEA,UAAAA,QAAQ,EAARA,SAAF;AAAYf,UAAAA,QAAQ,EAARA;AAAZ,SAAP;AACD,OAhBC,CAkBF;;;AACA,UAAIA,SAAQ,CAACP,MAAb,EAAqB;AACnB,YAAMgB,SAAQ,GAAGD,WAAW,CAAC/B,UAAD,EAAaa,WAAb,CAA5B;;AACA,eAAO;AAAEmB,UAAAA,QAAQ,EAARA,SAAF;AAAYT,UAAAA,QAAQ,EAARA;AAAZ,SAAP;AACD,OAtBC,CAwBF;AACA;;;AACA3B,MAAAA,MAAM,GAAGI,UAAU,CAAC0D,qBAAX,EAAT;AACA,aAAOb,SAAS,CAAChC,WAAD,EAAcjB,MAAd,EAAsBC,OAAtB,CAAhB,CA3BE,CA2B8C;AACjD,KA5BD,CA4BE,OAAOuC,CAAP,EAAU;AACV,aAAOD,cAAc,CAACC,CAAD,EAAItC,IAAJ,EAAUE,UAAV,CAArB;AACD;AACF,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, max-depth, complexity */\nimport { AuthSdkError } from '../errors';\nimport { Remediator, RemediationValues } from './remediators';\nimport { RunOptions, RemediationFlow } from './run';\nimport { NextStep, IdxMessage } from './types';\nimport { \n IdxResponse, \n IdxRemediation,\n isIdxResponse, \n} from './types/idx-js';\n\ninterface RemediationResponse {\n idxResponse?: IdxResponse;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n terminal?: boolean;\n canceled?: boolean;\n}\n// Return first match idxRemediation in allowed remediators\nexport function getRemediator(\n idxRemediations: IdxRemediation[],\n values: RemediationValues,\n options: RunOptions,\n): Remediator {\n const { flow, flowMonitor } = options;\n\n let remediator;\n const remediatorCandidates = [];\n for (let remediation of idxRemediations) {\n const isRemeditionInFlow = Object.keys(flow).includes(remediation.name);\n if (!isRemeditionInFlow) {\n continue;\n }\n \n const T = flow[remediation.name];\n remediator = new T(remediation, values);\n if (flowMonitor.isRemediatorCandidate(remediator, idxRemediations, values)) {\n if (remediator.canRemediate()) {\n // found the remediator\n return remediator;\n }\n // remediator cannot handle the current values\n // maybe return for next step\n remediatorCandidates.push(remediator); \n }\n }\n \n // TODO: why is it a problem to have multiple remediations? \n // JIRA: https://oktainc.atlassian.net/browse/OKTA-400758\n // if (remediatorCandidates.length > 1) {\n // const remediationNames = remediatorCandidates.reduce((acc, curr) => {\n // const name = curr.getName();\n // return acc ? `${acc}, ${name}` : name;\n // }, '');\n // throw new AuthSdkError(`\n // More than one remediation can match the current input, remediations: ${remediationNames}\n // `);\n // }\n\n return remediatorCandidates[0];\n}\n\nfunction isTerminalResponse(idxResponse: IdxResponse) {\n const { neededToProceed, interactionCode } = idxResponse;\n return !neededToProceed.length && !interactionCode;\n}\n\nfunction canSkipFn(idxResponse: IdxResponse) {\n return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nfunction canResendFn(idxResponse: IdxResponse) {\n return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nfunction getIdxMessages(\n idxResponse: IdxResponse, flow: RemediationFlow\n): IdxMessage[] {\n let messages = [];\n if (!flow) {\n return messages;\n }\n\n const { rawIdxState, neededToProceed } = idxResponse;\n\n // Handle global messages\n const globalMessages = rawIdxState.messages?.value.map(message => message);\n if (globalMessages) {\n messages = [...messages, ...globalMessages];\n }\n\n // Handle field messages for current flow\n for (let remediation of neededToProceed) {\n const T = flow[remediation.name];\n if (!T) {\n continue;\n }\n const remediator = new T(remediation);\n const fieldMessages = remediator.getMessages();\n if (fieldMessages) {\n messages = [...messages, ...fieldMessages];\n }\n }\n\n return messages;\n}\n\nfunction getNextStep(\n remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n const nextStep = remediator.getNextStep();\n const canSkip = canSkipFn(idxResponse);\n const canResend = canResendFn(idxResponse);\n return {\n ...nextStep,\n ...(canSkip && {canSkip}),\n ...(canResend && {canResend}),\n };\n}\n\nfunction handleIdxError(e, flow, remediator?) {\n // Handle idx messages\n const idxState: IdxResponse = isIdxResponse(e) ? e : null;\n if (!idxState) {\n // Thrown error terminates the interaction with idx\n throw e;\n }\n const terminal = isTerminalResponse(idxState);\n const messages = getIdxMessages(idxState, flow);\n if (terminal) {\n return { terminal, messages };\n } else {\n const nextStep = remediator && getNextStep(remediator, idxState);\n return { \n messages, \n ...(nextStep && { nextStep }) \n };\n }\n}\n\nfunction getActionFromValues(values, idxResponse: IdxResponse): string | undefined {\n // Currently support resend actions only\n return Object.keys(idxResponse.actions).find(action => !!values.resend && action.includes('-resend'));\n}\n\nfunction removeActionFromValues(values) {\n // Currently support resend actions only\n values.resend = undefined;\n return values;\n}\n\n// This function is called recursively until it reaches success or cannot be remediated\nexport async function remediate(\n idxResponse: IdxResponse,\n values: RemediationValues,\n options: RunOptions\n): Promise<RemediationResponse> {\n let { neededToProceed, interactionCode } = idxResponse;\n const { flow, flowMonitor } = options;\n\n // If the response contains an interaction code, there is no need to remediate\n if (interactionCode) {\n return { idxResponse };\n }\n\n // Reach to terminal state\n const terminal = isTerminalResponse(idxResponse);\n const messages = getIdxMessages(idxResponse, flow);\n if (terminal) {\n return { terminal, messages };\n }\n \n // Try actions in idxResponse first\n const actionFromValues = getActionFromValues(values, idxResponse);\n const actions = [\n ...options.actions || [],\n ...(actionFromValues && [actionFromValues] || []),\n ];\n if (actions) {\n for (let action of actions) {\n let valuesWithoutExecutedAction = removeActionFromValues(values);\n if (typeof idxResponse.actions[action] === 'function') {\n try {\n idxResponse = await idxResponse.actions[action]();\n } catch (e) {\n return handleIdxError(e, flow);\n }\n if (action === 'cancel') {\n return { canceled: true };\n }\n return remediate(idxResponse, valuesWithoutExecutedAction, options); // recursive call\n }\n }\n }\n\n const remediator = getRemediator(neededToProceed, values, options);\n \n if (!remediator) {\n throw new AuthSdkError(`\n No remediation can match current flow, check policy settings in your org.\n Remediations: [${neededToProceed.reduce((acc, curr) => acc ? acc + ' ,' + curr.name : curr.name, '')}]\n `);\n }\n\n if (flowMonitor.loopDetected(remediator)) {\n throw new AuthSdkError(`\n Remediation run into loop, break!!! remediation: ${remediator.getName()}\n `);\n }\n\n // Recursive loop breaker\n // Return next step to the caller\n if (!remediator.canRemediate()) {\n const nextStep = getNextStep(remediator, idxResponse);\n return { idxResponse, nextStep };\n }\n\n const name = remediator.getName();\n const data = remediator.getData();\n try {\n idxResponse = await idxResponse.proceed(name, data);\n\n // Track succeed remediations in the current transaction\n await flowMonitor.trackRemediations(name);\n \n // Successfully get interaction code\n if (idxResponse.interactionCode) {\n return { idxResponse };\n }\n\n // Reach to terminal state\n const terminal = isTerminalResponse(idxResponse);\n const messages = getIdxMessages(idxResponse, flow);\n if (terminal) {\n return { terminal, messages };\n }\n\n // Handle idx message in nextStep\n if (messages.length) {\n const nextStep = getNextStep(remediator, idxResponse);\n return { nextStep, messages };\n }\n \n // We may want to trim the values bag for the next remediation\n // Let the remediator decide what the values should be (default to current values)\n values = remediator.getValuesAfterProceed();\n return remediate(idxResponse, values, options); // recursive call\n } catch (e) {\n return handleIdxError(e, flow, remediator);\n }\n}\n"],"file":"remediate.js"}
|
package/esm/idx/run.js
CHANGED
|
@@ -24,6 +24,7 @@ import { remediate } from './remediate';
|
|
|
24
24
|
import * as remediators from './remediators';
|
|
25
25
|
import { AuthSdkError } from '../errors';
|
|
26
26
|
import { IdxStatus, IdxFeature } from '../types';
|
|
27
|
+
import { getSavedTransactionMeta } from './transactionMeta';
|
|
27
28
|
|
|
28
29
|
function getEnabledFeatures(idxResponse) {
|
|
29
30
|
var res = [];
|
|
@@ -95,16 +96,35 @@ function _run() {
|
|
|
95
96
|
var availableSteps;
|
|
96
97
|
var status = IdxStatus.PENDING;
|
|
97
98
|
var shouldClearTransaction = false;
|
|
99
|
+
var idxResponse;
|
|
100
|
+
var interactionHandle;
|
|
101
|
+
var metaFromResp;
|
|
98
102
|
|
|
99
103
|
try {
|
|
100
|
-
// Start/resume the flow
|
|
101
104
|
var {
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
} =
|
|
105
|
+
stateTokenExternalId,
|
|
106
|
+
state
|
|
107
|
+
} = options;
|
|
108
|
+
|
|
109
|
+
if (stateTokenExternalId) {
|
|
110
|
+
var _metaFromResp;
|
|
111
|
+
|
|
112
|
+
// Email verify callback: retrieve saved interactionHandle, if possible
|
|
113
|
+
metaFromResp = getSavedTransactionMeta(authClient, {
|
|
114
|
+
state
|
|
115
|
+
});
|
|
116
|
+
interactionHandle = (_metaFromResp = metaFromResp) === null || _metaFromResp === void 0 ? void 0 : _metaFromResp.interactionHandle; // may be undefined
|
|
117
|
+
} else {
|
|
118
|
+
// Start/resume the flow. Will request a new interactionHandle if none is found in storage.
|
|
119
|
+
var interactResponse = yield interact(authClient, options);
|
|
120
|
+
interactionHandle = interactResponse.interactionHandle;
|
|
121
|
+
metaFromResp = interactResponse.meta;
|
|
122
|
+
} // Introspect to get idx response
|
|
105
123
|
|
|
106
|
-
|
|
107
|
-
|
|
124
|
+
|
|
125
|
+
idxResponse = yield introspect(authClient, {
|
|
126
|
+
interactionHandle,
|
|
127
|
+
stateTokenExternalId
|
|
108
128
|
});
|
|
109
129
|
|
|
110
130
|
if (!options.flow && !options.actions) {
|
|
@@ -179,6 +199,7 @@ function _run() {
|
|
|
179
199
|
}
|
|
180
200
|
|
|
181
201
|
return _objectSpread(_objectSpread(_objectSpread(_objectSpread(_objectSpread(_objectSpread(_objectSpread({
|
|
202
|
+
_idxResponse: idxResponse,
|
|
182
203
|
status
|
|
183
204
|
}, meta && {
|
|
184
205
|
meta
|
package/esm/idx/run.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["interact","introspect","remediate","remediators","AuthSdkError","IdxStatus","IdxFeature","getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediations","remediatorMap","Object","values","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","PENDING","shouldClearTransaction","interactionHandle","metaFromResp","flow","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","transactionManager","saveIdxResponse","TERMINAL","CANCELED","interactionCode","flowMonitor","isFinished","clientId","codeVerifier","ignoreSignature","redirectUri","urls","scopes","token","exchangeCodeForTokens","SUCCESS","err","FAILURE","clear"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,QAAT,QAAyB,YAAzB;AACA,SAASC,UAAT,QAA2B,cAA3B;AACA,SAASC,SAAT,QAA0B,aAA1B;AAEA,OAAO,KAAKC,WAAZ,MAA6B,eAA7B;AACA,SAASC,YAAT,QAA6B,WAA7B;AACA,SAGEC,SAHF,EAKEC,UALF,QAOO,UAPP;;AAiBA,SAASC,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,MAAMC,GAAG,GAAG,EAAZ;AACA,MAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASN,UAAU,CAACO,iBAApB;AACD;;AAED,MAAIF,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,uBAAvB;AAAA,GAArB,CAAJ,EAA0E;AACxEN,IAAAA,GAAG,CAACG,IAAJ,CAASN,UAAU,CAACU,YAApB;AACD;;AAED,MAAIL,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,cAAvB;AAAA,GAArB,CAAJ,EAAiE;AAC/DN,IAAAA,GAAG,CAACG,IAAJ,CAASN,UAAU,CAACW,UAApB;AACD;;AAED,SAAOR,GAAP;AACD;;AAED,SAASS,iBAAT,CAA2BC,YAA3B,EAAuE;AACrE,MAAMV,GAAG,GAAG,EAAZ;AAEA,MAAMW,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcnB,WAAd,EAA2BoB,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBR,YAAxB,EAAsC;AACpC,QAAMS,CAAC,GAAGR,aAAa,CAACO,WAAW,CAACZ,IAAb,CAAvB;;AACA,QAAIa,CAAJ,EAAO;AACL,UAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACAlB,MAAAA,GAAG,CAACG,IAAJ,CAAUiB,UAAU,CAACC,WAAX,EAAV;AACD;AACF;;AAED,SAAOrB,GAAP;AACD;;AAED,gBAAsBsB,GAAtB;AAAA;AAAA;;;2BAAO,WACLC,UADK,EAELC,OAFK,EAGoB;AACzB,QAAIC,MAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,KAAJ;AACA,QAAIC,IAAJ;AACA,QAAIC,eAAJ;AACA,QAAIC,cAAJ;AACA,QAAIC,MAAM,GAAGpC,SAAS,CAACqC,OAAvB;AACA,QAAIC,sBAAsB,GAAG,KAA7B;;AAEA,QAAI;AACF;AACA,UAAM;AAAEC,QAAAA,iBAAF;AAAqBN,QAAAA,IAAI,EAAEO;AAA3B,gBAAkD7C,QAAQ,CAACgC,UAAD,EAAaC,OAAb,CAAhE,CAFE,CAIF;;AACA,UAAMzB,WAAW,SAASP,UAAU,CAAC+B,UAAD,EAAa;AAAEY,QAAAA;AAAF,OAAb,CAApC;;AAEA,UAAI,CAACX,OAAO,CAACa,IAAT,IAAiB,CAACb,OAAO,CAACvB,OAA9B,EAAuC;AACrC;AACA4B,QAAAA,IAAI,GAAGO,YAAP;AACAN,QAAAA,eAAe,GAAGhC,kBAAkB,CAACC,WAAD,CAApC;AACAgC,QAAAA,cAAc,GAAGtB,iBAAiB,CAACV,WAAW,CAACG,eAAb,CAAlC;AACD,OALD,MAKO;AACL,YAAMW,MAAqC,mCACtCW,OADsC;AAEzCc,UAAAA,WAAW,EAAEvC,WAAW,CAACwC,WAAZ,CAAwBD;AAFI,UAA3C,CADK,CAML;;;AACA,YAAM;AACJvC,UAAAA,WAAW,EAAEyC,mBADT;AAEJd,UAAAA,QAAQ,EAAEe,gBAFN;AAGJC,UAAAA,QAHI;AAIJC,UAAAA,QAJI;AAKJhB,UAAAA,QAAQ,EAAEiB;AALN,kBAMInD,SAAS,CAACM,WAAD,EAAcc,MAAd,EAAsBW,OAAtB,CANnB,CAPK,CAeL;;AACAE,QAAAA,QAAQ,GAAGe,gBAAX;AACAd,QAAAA,QAAQ,GAAGiB,gBAAX,CAjBK,CAmBL;;AACA,YAAIlB,QAAQ,IAAIc,mBAAhB,EAAqC;AACnCjB,UAAAA,UAAU,CAACsB,kBAAX,CAA8BC,eAA9B,CAA8CN,mBAAmB,CAACD,WAAlE;AACD;;AAED,YAAIG,QAAJ,EAAc;AACZV,UAAAA,MAAM,GAAGpC,SAAS,CAACmD,QAAnB;AACAb,UAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAAC,YAAIS,QAAJ,EAAc;AACdX,UAAAA,MAAM,GAAGpC,SAAS,CAACoD,QAAnB;AACAd,UAAAA,sBAAsB,GAAG,IAAzB;AACD,SAHC,MAGK,IAAIM,mBAAJ,aAAIA,mBAAJ,eAAIA,mBAAmB,CAAES,eAAzB,EAA0C;AAC/C;AACA;AACA,cAAI,QAAQzB,OAAO,CAAC0B,WAAR,CAAoBC,UAApB,EAAR,CAAJ,EAA+C;AAC7C,kBAAM,IAAIxD,YAAJ,CAAiB,mEAAjB,CAAN;AACD;;AAED,cAAM;AACJyD,YAAAA,QADI;AAEJC,YAAAA,YAFI;AAGJC,YAAAA,eAHI;AAIJC,YAAAA,WAJI;AAKJC,YAAAA,IALI;AAMJC,YAAAA;AANI,cAOFrB,YAPJ;AAQAX,UAAAA,MAAM,SAASF,UAAU,CAACmC,KAAX,CAAiBC,qBAAjB,CAAuC;AACpDV,YAAAA,eAAe,EAAET,mBAAmB,CAACS,eADe;AAEpDG,YAAAA,QAFoD;AAGpDC,YAAAA,YAHoD;AAIpDC,YAAAA,eAJoD;AAKpDC,YAAAA,WALoD;AAMpDE,YAAAA;AANoD,WAAvC,EAOZD,IAPY,CAAf;AASAxB,UAAAA,MAAM,GAAGpC,SAAS,CAACgE,OAAnB;AACA1B,UAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF,KAtED,CAsEE,OAAO2B,GAAP,EAAY;AACZjC,MAAAA,KAAK,GAAGiC,GAAR;AACA7B,MAAAA,MAAM,GAAGpC,SAAS,CAACkE,OAAnB;AACA5B,MAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAED,QAAIA,sBAAJ,EAA4B;AAC1BX,MAAAA,UAAU,CAACsB,kBAAX,CAA8BkB,KAA9B;AACD;;AAED;AACE/B,MAAAA;AADF,OAEMH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAFd,GAGMC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAHzB,GAIMC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KAJxB,GAKMN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KALhB,GAMMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KANlB,GAOMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAPlB,GAQMC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KARf;AAUD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { FlowMonitor } from './flowMonitors';\nimport * as remediators from './remediators';\nimport { AuthSdkError } from '../errors';\nimport { \n OktaAuth,\n IdxOptions,\n IdxStatus,\n IdxTransaction,\n IdxFeature,\n NextStep,\n} from '../types';\nimport { IdxResponse, IdxRemediation } from './types/idx-js';\n\nexport type RemediationFlow = Record<string, typeof remediators.Remediator>;\nexport interface RunOptions {\n flow?: RemediationFlow;\n actions?: string[];\n flowMonitor?: FlowMonitor;\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n const res = [];\n const { actions, neededToProceed } = idxResponse;\n\n if (actions['currentAuthenticator-recover']) {\n res.push(IdxFeature.PASSWORD_RECOVERY);\n }\n\n if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n res.push(IdxFeature.REGISTRATION);\n }\n\n if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n res.push(IdxFeature.SOCIAL_IDP);\n }\n\n return res;\n}\n\nfunction getAvailableSteps(remediations: IdxRemediation[]): NextStep[] {\n const res = [];\n\n const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n // Only add concrete subclasses to the map\n if (remediatorClass.remediationName) {\n map[remediatorClass.remediationName] = remediatorClass;\n }\n return map;\n }, {});\n\n for (let remediation of remediations) {\n const T = remediatorMap[remediation.name];\n if (T) {\n const remediator = new T(remediation);\n res.push (remediator.getNextStep());\n }\n }\n\n return res;\n}\n\nexport async function run(\n authClient: OktaAuth, \n options: RunOptions & IdxOptions,\n): Promise<IdxTransaction> {\n let tokens;\n let nextStep;\n let messages;\n let error;\n let meta;\n let enabledFeatures;\n let availableSteps;\n let status = IdxStatus.PENDING;\n let shouldClearTransaction = false;\n\n try {\n // Start/resume the flow\n const { interactionHandle, meta: metaFromResp } = await interact(authClient, options); \n\n // Introspect to get idx response\n const idxResponse = await introspect(authClient, { interactionHandle });\n\n if (!options.flow && !options.actions) {\n // handle start transaction\n meta = metaFromResp;\n enabledFeatures = getEnabledFeatures(idxResponse);\n availableSteps = getAvailableSteps(idxResponse.neededToProceed);\n } else {\n const values: remediators.RemediationValues = { \n ...options, \n stateHandle: idxResponse.rawIdxState.stateHandle \n };\n\n // Can we handle the remediations?\n const { \n idxResponse: idxResponseFromResp, \n nextStep: nextStepFromResp,\n terminal,\n canceled,\n messages: messagesFromResp,\n } = await remediate(idxResponse, values, options);\n\n // Track fields from remediation response\n nextStep = nextStepFromResp;\n messages = messagesFromResp;\n\n // Save intermediate idx response in storage to reduce introspect call\n if (nextStep && idxResponseFromResp) {\n authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);\n }\n\n if (terminal) {\n status = IdxStatus.TERMINAL;\n shouldClearTransaction = true;\n } if (canceled) {\n status = IdxStatus.CANCELED;\n shouldClearTransaction = true;\n } else if (idxResponseFromResp?.interactionCode) { \n // Flows may end with interactionCode before the key remediation being hit\n // Double check if flow is finished to mitigate confusion with the wrapper methods\n if (!(await options.flowMonitor.isFinished())) {\n throw new AuthSdkError('Current flow is not supported, check policy settings in your org.');\n }\n\n const {\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n urls,\n scopes,\n } = metaFromResp;\n tokens = await authClient.token.exchangeCodeForTokens({\n interactionCode: idxResponseFromResp.interactionCode,\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n scopes\n }, urls);\n\n status = IdxStatus.SUCCESS;\n shouldClearTransaction = true;\n }\n }\n } catch (err) {\n error = err;\n status = IdxStatus.FAILURE;\n shouldClearTransaction = true;\n }\n\n if (shouldClearTransaction) {\n authClient.transactionManager.clear();\n }\n \n return {\n status,\n ...(meta && { meta }),\n ...(enabledFeatures && { enabledFeatures }),\n ...(availableSteps && { availableSteps }),\n ...(tokens && { tokens: tokens.tokens }),\n ...(nextStep && { nextStep }),\n ...(messages && { messages }),\n ...(error && { error }),\n };\n}\n"],"file":"run.js"}
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["interact","introspect","remediate","remediators","AuthSdkError","IdxStatus","IdxFeature","getSavedTransactionMeta","getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediations","remediatorMap","Object","values","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","PENDING","shouldClearTransaction","interactionHandle","metaFromResp","stateTokenExternalId","state","interactResponse","flow","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","transactionManager","saveIdxResponse","TERMINAL","CANCELED","interactionCode","flowMonitor","isFinished","clientId","codeVerifier","ignoreSignature","redirectUri","urls","scopes","token","exchangeCodeForTokens","SUCCESS","err","FAILURE","clear","_idxResponse"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,QAAT,QAAyB,YAAzB;AACA,SAASC,UAAT,QAA2B,cAA3B;AACA,SAASC,SAAT,QAA0B,aAA1B;AAEA,OAAO,KAAKC,WAAZ,MAA6B,eAA7B;AACA,SAASC,YAAT,QAA6B,WAA7B;AACA,SAGEC,SAHF,EAKEC,UALF,QAOO,UAPP;AASA,SAASC,uBAAT,QAAwC,mBAAxC;;AAUA,SAASC,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,MAAMC,GAAG,GAAG,EAAZ;AACA,MAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASP,UAAU,CAACQ,iBAApB;AACD;;AAED,MAAIF,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,uBAAvB;AAAA,GAArB,CAAJ,EAA0E;AACxEN,IAAAA,GAAG,CAACG,IAAJ,CAASP,UAAU,CAACW,YAApB;AACD;;AAED,MAAIL,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,cAAvB;AAAA,GAArB,CAAJ,EAAiE;AAC/DN,IAAAA,GAAG,CAACG,IAAJ,CAASP,UAAU,CAACY,UAApB;AACD;;AAED,SAAOR,GAAP;AACD;;AAED,SAASS,iBAAT,CAA2BC,YAA3B,EAAuE;AACrE,MAAMV,GAAG,GAAG,EAAZ;AAEA,MAAMW,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcpB,WAAd,EAA2BqB,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBR,YAAxB,EAAsC;AACpC,QAAMS,CAAC,GAAGR,aAAa,CAACO,WAAW,CAACZ,IAAb,CAAvB;;AACA,QAAIa,CAAJ,EAAO;AACL,UAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACAlB,MAAAA,GAAG,CAACG,IAAJ,CAAUiB,UAAU,CAACC,WAAX,EAAV;AACD;AACF;;AAED,SAAOrB,GAAP;AACD;;AAED,gBAAsBsB,GAAtB;AAAA;AAAA;;;2BAAO,WACLC,UADK,EAELC,OAFK,EAGoB;AACzB,QAAIC,MAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,KAAJ;AACA,QAAIC,IAAJ;AACA,QAAIC,eAAJ;AACA,QAAIC,cAAJ;AACA,QAAIC,MAAM,GAAGrC,SAAS,CAACsC,OAAvB;AACA,QAAIC,sBAAsB,GAAG,KAA7B;AACA,QAAInC,WAAJ;AACA,QAAIoC,iBAAJ;AACA,QAAIC,YAAJ;;AAEA,QAAI;AAEF,UAAM;AAAEC,QAAAA,oBAAF;AAAwBC,QAAAA;AAAxB,UAAkCd,OAAxC;;AACA,UAAIa,oBAAJ,EAA0B;AAAA;;AACxB;AACAD,QAAAA,YAAY,GAAGvC,uBAAuB,CAAC0B,UAAD,EAAa;AAAEe,UAAAA;AAAF,SAAb,CAAtC;AACAH,QAAAA,iBAAiB,oBAAGC,YAAH,kDAAG,cAAcD,iBAAlC,CAHwB,CAG6B;AACtD,OAJD,MAIO;AACL;AACA,YAAMI,gBAAgB,SAASjD,QAAQ,CAACiC,UAAD,EAAaC,OAAb,CAAvC;AACAW,QAAAA,iBAAiB,GAAGI,gBAAgB,CAACJ,iBAArC;AACAC,QAAAA,YAAY,GAAGG,gBAAgB,CAACV,IAAhC;AACD,OAZC,CAcF;;;AACA9B,MAAAA,WAAW,SAASR,UAAU,CAACgC,UAAD,EAAa;AAAEY,QAAAA,iBAAF;AAAqBE,QAAAA;AAArB,OAAb,CAA9B;;AAEA,UAAI,CAACb,OAAO,CAACgB,IAAT,IAAiB,CAAChB,OAAO,CAACvB,OAA9B,EAAuC;AACrC;AACA4B,QAAAA,IAAI,GAAGO,YAAP;AACAN,QAAAA,eAAe,GAAGhC,kBAAkB,CAACC,WAAD,CAApC;AACAgC,QAAAA,cAAc,GAAGtB,iBAAiB,CAACV,WAAW,CAACG,eAAb,CAAlC;AACD,OALD,MAKO;AACL,YAAMW,MAAqC,mCACtCW,OADsC;AAEzCiB,UAAAA,WAAW,EAAE1C,WAAW,CAAC2C,WAAZ,CAAwBD;AAFI,UAA3C,CADK,CAML;;;AACA,YAAM;AACJ1C,UAAAA,WAAW,EAAE4C,mBADT;AAEJjB,UAAAA,QAAQ,EAAEkB,gBAFN;AAGJC,UAAAA,QAHI;AAIJC,UAAAA,QAJI;AAKJnB,UAAAA,QAAQ,EAAEoB;AALN,kBAMIvD,SAAS,CAACO,WAAD,EAAcc,MAAd,EAAsBW,OAAtB,CANnB,CAPK,CAeL;;AACAE,QAAAA,QAAQ,GAAGkB,gBAAX;AACAjB,QAAAA,QAAQ,GAAGoB,gBAAX,CAjBK,CAmBL;;AACA,YAAIrB,QAAQ,IAAIiB,mBAAhB,EAAqC;AACnCpB,UAAAA,UAAU,CAACyB,kBAAX,CAA8BC,eAA9B,CAA8CN,mBAAmB,CAACD,WAAlE;AACD;;AAED,YAAIG,QAAJ,EAAc;AACZb,UAAAA,MAAM,GAAGrC,SAAS,CAACuD,QAAnB;AACAhB,UAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAAC,YAAIY,QAAJ,EAAc;AACdd,UAAAA,MAAM,GAAGrC,SAAS,CAACwD,QAAnB;AACAjB,UAAAA,sBAAsB,GAAG,IAAzB;AACD,SAHC,MAGK,IAAIS,mBAAJ,aAAIA,mBAAJ,eAAIA,mBAAmB,CAAES,eAAzB,EAA0C;AAC/C;AACA;AACA,cAAI,QAAQ5B,OAAO,CAAC6B,WAAR,CAAoBC,UAApB,EAAR,CAAJ,EAA+C;AAC7C,kBAAM,IAAI5D,YAAJ,CAAiB,mEAAjB,CAAN;AACD;;AAED,cAAM;AACJ6D,YAAAA,QADI;AAEJC,YAAAA,YAFI;AAGJC,YAAAA,eAHI;AAIJC,YAAAA,WAJI;AAKJC,YAAAA,IALI;AAMJC,YAAAA;AANI,cAOFxB,YAPJ;AAQAX,UAAAA,MAAM,SAASF,UAAU,CAACsC,KAAX,CAAiBC,qBAAjB,CAAuC;AACpDV,YAAAA,eAAe,EAAET,mBAAmB,CAACS,eADe;AAEpDG,YAAAA,QAFoD;AAGpDC,YAAAA,YAHoD;AAIpDC,YAAAA,eAJoD;AAKpDC,YAAAA,WALoD;AAMpDE,YAAAA;AANoD,WAAvC,EAOZD,IAPY,CAAf;AASA3B,UAAAA,MAAM,GAAGrC,SAAS,CAACoE,OAAnB;AACA7B,UAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF,KAhFD,CAgFE,OAAO8B,GAAP,EAAY;AACZpC,MAAAA,KAAK,GAAGoC,GAAR;AACAhC,MAAAA,MAAM,GAAGrC,SAAS,CAACsE,OAAnB;AACA/B,MAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAED,QAAIA,sBAAJ,EAA4B;AAC1BX,MAAAA,UAAU,CAACyB,kBAAX,CAA8BkB,KAA9B;AACD;;AAED;AACEC,MAAAA,YAAY,EAAEpE,WADhB;AAEEiC,MAAAA;AAFF,OAGMH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAHd,GAIMC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAJzB,GAKMC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KALxB,GAMMN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KANhB,GAOMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAPlB,GAQMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KARlB,GASMC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KATf;AAWD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { FlowMonitor } from './flowMonitors';\nimport * as remediators from './remediators';\nimport { AuthSdkError } from '../errors';\nimport { \n OktaAuth,\n IdxOptions,\n IdxStatus,\n IdxTransaction,\n IdxFeature,\n NextStep,\n} from '../types';\nimport { IdxResponse, IdxRemediation } from './types/idx-js';\nimport { getSavedTransactionMeta } from './transactionMeta';\n\nexport type RemediationFlow = Record<string, typeof remediators.Remediator>;\nexport interface RunOptions {\n flow?: RemediationFlow;\n actions?: string[];\n flowMonitor?: FlowMonitor;\n stateTokenExternalId?: string;\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n const res = [];\n const { actions, neededToProceed } = idxResponse;\n\n if (actions['currentAuthenticator-recover']) {\n res.push(IdxFeature.PASSWORD_RECOVERY);\n }\n\n if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n res.push(IdxFeature.REGISTRATION);\n }\n\n if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n res.push(IdxFeature.SOCIAL_IDP);\n }\n\n return res;\n}\n\nfunction getAvailableSteps(remediations: IdxRemediation[]): NextStep[] {\n const res = [];\n\n const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n // Only add concrete subclasses to the map\n if (remediatorClass.remediationName) {\n map[remediatorClass.remediationName] = remediatorClass;\n }\n return map;\n }, {});\n\n for (let remediation of remediations) {\n const T = remediatorMap[remediation.name];\n if (T) {\n const remediator = new T(remediation);\n res.push (remediator.getNextStep());\n }\n }\n\n return res;\n}\n\nexport async function run(\n authClient: OktaAuth, \n options: RunOptions & IdxOptions,\n): Promise<IdxTransaction> {\n let tokens;\n let nextStep;\n let messages;\n let error;\n let meta;\n let enabledFeatures;\n let availableSteps;\n let status = IdxStatus.PENDING;\n let shouldClearTransaction = false;\n let idxResponse;\n let interactionHandle;\n let metaFromResp;\n\n try {\n\n const { stateTokenExternalId, state } = options;\n if (stateTokenExternalId) {\n // Email verify callback: retrieve saved interactionHandle, if possible\n metaFromResp = getSavedTransactionMeta(authClient, { state });\n interactionHandle = metaFromResp?.interactionHandle; // may be undefined\n } else {\n // Start/resume the flow. Will request a new interactionHandle if none is found in storage.\n const interactResponse = await interact(authClient, options); \n interactionHandle = interactResponse.interactionHandle;\n metaFromResp = interactResponse.meta;\n }\n\n // Introspect to get idx response\n idxResponse = await introspect(authClient, { interactionHandle, stateTokenExternalId });\n\n if (!options.flow && !options.actions) {\n // handle start transaction\n meta = metaFromResp;\n enabledFeatures = getEnabledFeatures(idxResponse);\n availableSteps = getAvailableSteps(idxResponse.neededToProceed);\n } else {\n const values: remediators.RemediationValues = { \n ...options, \n stateHandle: idxResponse.rawIdxState.stateHandle \n };\n\n // Can we handle the remediations?\n const { \n idxResponse: idxResponseFromResp, \n nextStep: nextStepFromResp,\n terminal,\n canceled,\n messages: messagesFromResp,\n } = await remediate(idxResponse, values, options);\n\n // Track fields from remediation response\n nextStep = nextStepFromResp;\n messages = messagesFromResp;\n\n // Save intermediate idx response in storage to reduce introspect call\n if (nextStep && idxResponseFromResp) {\n authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);\n }\n\n if (terminal) {\n status = IdxStatus.TERMINAL;\n shouldClearTransaction = true;\n } if (canceled) {\n status = IdxStatus.CANCELED;\n shouldClearTransaction = true;\n } else if (idxResponseFromResp?.interactionCode) { \n // Flows may end with interactionCode before the key remediation being hit\n // Double check if flow is finished to mitigate confusion with the wrapper methods\n if (!(await options.flowMonitor.isFinished())) {\n throw new AuthSdkError('Current flow is not supported, check policy settings in your org.');\n }\n\n const {\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n urls,\n scopes,\n } = metaFromResp;\n tokens = await authClient.token.exchangeCodeForTokens({\n interactionCode: idxResponseFromResp.interactionCode,\n clientId,\n codeVerifier,\n ignoreSignature,\n redirectUri,\n scopes\n }, urls);\n\n status = IdxStatus.SUCCESS;\n shouldClearTransaction = true;\n }\n }\n } catch (err) {\n error = err;\n status = IdxStatus.FAILURE;\n shouldClearTransaction = true;\n }\n\n if (shouldClearTransaction) {\n authClient.transactionManager.clear();\n }\n \n return {\n _idxResponse: idxResponse, \n status,\n ...(meta && { meta }),\n ...(enabledFeatures && { enabledFeatures }),\n ...(availableSteps && { availableSteps }),\n ...(tokens && { tokens: tokens.tokens }),\n ...(nextStep && { nextStep }),\n ...(messages && { messages }),\n ...(error && { error }),\n };\n}\n"],"file":"run.js"}
|
|
@@ -25,9 +25,9 @@ function _createTransactionMeta() {
|
|
|
25
25
|
return _createTransactionMeta.apply(this, arguments);
|
|
26
26
|
}
|
|
27
27
|
|
|
28
|
-
export function transactionMetaExist(authClient) {
|
|
29
|
-
if (authClient.transactionManager.exists()) {
|
|
30
|
-
var existing = authClient.transactionManager.load();
|
|
28
|
+
export function transactionMetaExist(authClient, options) {
|
|
29
|
+
if (authClient.transactionManager.exists(options)) {
|
|
30
|
+
var existing = authClient.transactionManager.load(options);
|
|
31
31
|
|
|
32
32
|
if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {
|
|
33
33
|
return true;
|
|
@@ -35,19 +35,30 @@ export function transactionMetaExist(authClient) {
|
|
|
35
35
|
}
|
|
36
36
|
|
|
37
37
|
return false;
|
|
38
|
+
} // Returns the saved transaction meta, if it exists and is valid, or undefined
|
|
39
|
+
|
|
40
|
+
export function getSavedTransactionMeta(authClient, options) {
|
|
41
|
+
var state = (options === null || options === void 0 ? void 0 : options.state) || authClient.options.state;
|
|
42
|
+
var existing = authClient.transactionManager.load({
|
|
43
|
+
state
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
if (existing && isTransactionMetaValid(authClient, existing)) {
|
|
47
|
+
return existing;
|
|
48
|
+
}
|
|
38
49
|
}
|
|
39
|
-
export function getTransactionMeta(_x2) {
|
|
50
|
+
export function getTransactionMeta(_x2, _x3) {
|
|
40
51
|
return _getTransactionMeta.apply(this, arguments);
|
|
41
52
|
}
|
|
42
53
|
|
|
43
54
|
function _getTransactionMeta() {
|
|
44
|
-
_getTransactionMeta = _asyncToGenerator(function* (authClient) {
|
|
55
|
+
_getTransactionMeta = _asyncToGenerator(function* (authClient, options) {
|
|
45
56
|
// Load existing transaction meta from storage
|
|
46
|
-
if (authClient.transactionManager.exists()) {
|
|
47
|
-
var
|
|
57
|
+
if (authClient.transactionManager.exists(options)) {
|
|
58
|
+
var validExistingMeta = getSavedTransactionMeta(authClient, options);
|
|
48
59
|
|
|
49
|
-
if (
|
|
50
|
-
return
|
|
60
|
+
if (validExistingMeta) {
|
|
61
|
+
return validExistingMeta;
|
|
51
62
|
} // existing meta is not valid for this configuration
|
|
52
63
|
// this is common when changing configuration in local development environment
|
|
53
64
|
// in a production environment, this may indicate that two apps are sharing a storage key
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["warn","getOAuthUrls","createTransactionMeta","authClient","token","prepareTokenParams","transactionMetaExist","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getTransactionMeta","tokenParams","urls","issuer","
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["warn","getOAuthUrls","createTransactionMeta","authClient","token","prepareTokenParams","transactionMetaExist","options","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getSavedTransactionMeta","state","getTransactionMeta","validExistingMeta","tokenParams","urls","issuer","pkce","clientId","redirectUri","responseType","responseMode","scopes","nonce","ignoreSignature","codeVerifier","codeChallengeMethod","codeChallenge","meta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","mismatch","find","key"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,IAAT,QAAqB,SAArB;AACA,SAASC,YAAT,QAA6B,SAA7B,C,CAEA;;AACA,gBAAsBC,qBAAtB;AAAA;AAAA;;;6CAAO,WAAqCC,UAArC,EAA2D;AAChE,WAAOA,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAAP;AACD,G;;;;AAED,OAAO,SAASC,oBAAT,CAA8BH,UAA9B,EAAoDI,OAApD,EAA+F;AACpG,MAAIJ,UAAU,CAACK,kBAAX,CAA8BC,MAA9B,CAAqCF,OAArC,CAAJ,EAAmD;AACjD,QAAMG,QAAQ,GAAGP,UAAU,CAACK,kBAAX,CAA8BG,IAA9B,CAAmCJ,OAAnC,CAAjB;;AACA,QAAIK,sBAAsB,CAACT,UAAD,EAAaO,QAAb,CAAtB,IAAgDA,QAAQ,CAACG,iBAA7D,EAAgF;AAC9E,aAAO,IAAP;AACD;AACF;;AACD,SAAO,KAAP;AACD,C,CAED;;AACA,OAAO,SAASC,uBAAT,CAAiCX,UAAjC,EAAuDI,OAAvD,EAA6G;AAClH,MAAMQ,KAAK,GAAG,CAAAR,OAAO,SAAP,IAAAA,OAAO,WAAP,YAAAA,OAAO,CAAEQ,KAAT,KAAkBZ,UAAU,CAACI,OAAX,CAAmBQ,KAAnD;AACA,MAAML,QAAQ,GAAGP,UAAU,CAACK,kBAAX,CAA8BG,IAA9B,CAAmC;AAAEI,IAAAA;AAAF,GAAnC,CAAjB;;AACA,MAAIL,QAAQ,IAAIE,sBAAsB,CAACT,UAAD,EAAaO,QAAb,CAAtC,EAA8D;AAC5D,WAAOA,QAAP;AACD;AACF;AAED,gBAAsBM,kBAAtB;AAAA;AAAA;;;0CAAO,WACLb,UADK,EAELI,OAFK,EAGwB;AAC7B;AACA,QAAIJ,UAAU,CAACK,kBAAX,CAA8BC,MAA9B,CAAqCF,OAArC,CAAJ,EAAmD;AACjD,UAAMU,iBAAiB,GAAGH,uBAAuB,CAACX,UAAD,EAAaI,OAAb,CAAjD;;AACA,UAAIU,iBAAJ,EAAuB;AACrB,eAAOA,iBAAP;AACD,OAJgD,CAKjD;AACA;AACA;;;AACAjB,MAAAA,IAAI,CAAC,sEACH,4DADE,CAAJ;AAED,KAZ4B,CAc7B;;;AACA,QAAMkB,WAAW,SAASf,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAA1B;AACA,QAAMc,IAAI,GAAGlB,YAAY,CAACE,UAAD,EAAae,WAAb,CAAzB;AACA,QAAME,MAAM,GAAGjB,UAAU,CAACI,OAAX,CAAmBa,MAAlC;AACA,QAAM;AACJC,MAAAA,IADI;AAEJC,MAAAA,QAFI;AAGJC,MAAAA,WAHI;AAIJC,MAAAA,YAJI;AAKJC,MAAAA,YALI;AAMJC,MAAAA,MANI;AAOJX,MAAAA,KAPI;AAQJY,MAAAA,KARI;AASJC,MAAAA,eATI;AAUJC,MAAAA,YAVI;AAWJC,MAAAA,mBAXI;AAYJC,MAAAA;AAZI,QAaFb,WAbJ;AAcA,QAAMc,IAAI,GAAG;AACXZ,MAAAA,MADW;AAEXC,MAAAA,IAFW;AAGXC,MAAAA,QAHW;AAIXC,MAAAA,WAJW;AAKXC,MAAAA,YALW;AAMXC,MAAAA,YANW;AAOXC,MAAAA,MAPW;AAQXX,MAAAA,KARW;AASXY,MAAAA,KATW;AAUXR,MAAAA,IAVW;AAWXS,MAAAA,eAXW;AAYXC,MAAAA,YAZW;AAaXC,MAAAA,mBAbW;AAcXC,MAAAA;AAdW,KAAb;AAgBA,WAAOC,IAAP;AACD,G;;;;AAED,OAAO,SAASC,mBAAT,CAA8B9B,UAA9B,EAAoD6B,IAApD,EAA0D;AAC/D7B,EAAAA,UAAU,CAACK,kBAAX,CAA8B0B,IAA9B,CAAmCF,IAAnC,EAAyC;AAAEG,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;AAED,OAAO,SAASC,oBAAT,CAA+BjC,UAA/B,EAAqD;AAC1DA,EAAAA,UAAU,CAACK,kBAAX,CAA8B6B,KAA9B;AACD,C,CAED;;AACA,OAAO,SAASzB,sBAAT,CAAiCT,UAAjC,EAAuD6B,IAAvD,EAA6D;AAClE,MAAMM,IAAI,GAAG,CAAC,QAAD,EAAW,UAAX,EAAuB,aAAvB,CAAb;AACA,MAAMC,QAAQ,GAAGD,IAAI,CAACE,IAAL,CAAUC,GAAG,IAAI;AAChC,WAAOtC,UAAU,CAACI,OAAX,CAAmBkC,GAAnB,MAA4BT,IAAI,CAACS,GAAD,CAAvC;AACD,GAFgB,CAAjB;AAGA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta, TransactionMetaOptions } from '../types';\nimport { warn } from '../util';\nimport { getOAuthUrls } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(authClient: OktaAuth) {\n return authClient.token.prepareTokenParams();\n}\n\nexport function transactionMetaExist(authClient: OktaAuth, options?: TransactionMetaOptions): boolean {\n if (authClient.transactionManager.exists(options)) {\n const existing = authClient.transactionManager.load(options) as IdxTransactionMeta;\n if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {\n return true;\n }\n }\n return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid, or undefined\nexport function getSavedTransactionMeta(authClient: OktaAuth, options?: TransactionMetaOptions): IdxTransactionMeta {\n const state = options?.state || authClient.options.state;\n const existing = authClient.transactionManager.load({ state }) as IdxTransactionMeta;\n if (existing && isTransactionMetaValid(authClient, existing)) {\n return existing;\n }\n}\n\nexport async function getTransactionMeta(\n authClient: OktaAuth,\n options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n // Load existing transaction meta from storage\n if (authClient.transactionManager.exists(options)) {\n const validExistingMeta = getSavedTransactionMeta(authClient, options);\n if (validExistingMeta) {\n return validExistingMeta;\n }\n // existing meta is not valid for this configuration\n // this is common when changing configuration in local development environment\n // in a production environment, this may indicate that two apps are sharing a storage key\n warn('Saved transaction meta does not match the current configuration. ' + \n 'This may indicate that two apps are sharing a storage key.');\n }\n\n // Calculate new values\n const tokenParams = await authClient.token.prepareTokenParams();\n const urls = getOAuthUrls(authClient, tokenParams);\n const issuer = authClient.options.issuer;\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n nonce,\n ignoreSignature,\n codeVerifier,\n codeChallengeMethod,\n codeChallenge,\n } = tokenParams;\n const meta = {\n issuer,\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n nonce,\n urls,\n ignoreSignature,\n codeVerifier,\n codeChallengeMethod,\n codeChallenge \n };\n return meta;\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta) {\n authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth) {\n authClient.transactionManager.clear();\n}\n\n// returns true if values in meta match current authClient options\nexport function isTransactionMetaValid (authClient: OktaAuth, meta) {\n const keys = ['issuer', 'clientId', 'redirectUri'];\n const mismatch = keys.find(key => {\n return authClient.options[key] !== meta[key];\n });\n return !mismatch;\n}\n"],"file":"transactionMeta.js"}
|