@okta/okta-auth-js 5.8.0 → 5.10.1

package/CHANGELOG.md

@@ -1,5 +1,50 @@
 # Changelog
 
+## 5.10.1
+
+### Fixes
+
+- [#1054](https://github.com/okta/okta-auth-js/pull/1054) Fixes Typescript build error
+
+## 5.10.0
+
+### Features
+
+- [#1010](https://github.com/okta/okta-auth-js/pull/1010) Supports `clearPendingRemoveTokens` option in `signOut` method. This option can be used to avoid cross tabs sign out issue with Okta's downstream client SDK's `SecureRoute` component
+- [#1035](https://github.com/okta/okta-auth-js/pull/1035) Adds `security question` authenticator support in idx module
+
+### Fixes
+
+- [#1028](https://github.com/okta/okta-auth-js/pull/1028) Any error caught in `token.renew()` will be emitted and contain `tokenKey` property
+- [#1027](https://github.com/okta/okta-auth-js/pull/1027) Don't reject `isAuthenticated()` because of failed token renewal
+- [#1032](https://github.com/okta/okta-auth-js/pull/1032) Fixes idx recover password flow with identifier first org policy
+- [#1048](https://github.com/okta/okta-auth-js/pull/1048) Points browser field to UMD bundle 
+
+## 5.9.1
+
+### Other
+
+- [#1021](https://github.com/okta/okta-auth-js/pull/1021) Removes `type` field in package.json. As okta-auth-js includes multiple bundles (cjs, esm, umd) in the package, explicit `type` field causes error for some type of bundlers. This change fixes [issue](https://github.com/okta/okta-auth-js/issues/1017) with @angular/cli.
+
+## 5.9.0
+
+### Features
+
+- [#1004](https://github.com/okta/okta-auth-js/pull/1004) Allows extra query parameters to be added to the `authorize` url
+
+### Other
+
+- [#1000](https://github.com/okta/okta-auth-js/pull/1000)
+  - Fixes broken ES module bundle
+  - Updates `browser` field in `package.json` to enable bundlers to use the ES module bundle by default
+
+### Fixes
+
+- [#1005](https://github.com/okta/okta-auth-js/pull/1005)
+  - Handles `rememberMe` boolean in IDX Identify remediation adapter
+  - Typescript: Adds `type` field for `Input` type in NextStep object
+- [#1012](https://github.com/okta/okta-auth-js/pull/1012) Fixes null access when crypto is not present
+
 ## 5.8.0
 
 ### Features

package/README.md

@@ -37,13 +37,13 @@ This library uses semantic versioning and follows Okta's [library version policy
 
 ## Release Status
 
-:heavy_check_mark: The current stable major version series is: `4.x`
+:heavy_check_mark: The current stable major version series is: `5.x`
 
 | Version   | Status                           |
 | -------   | -------------------------------- |
 | `5.x`     | :heavy_check_mark: Stable        |
 | `4.x`     | :warning: Retiring on 2022-01-30 |
-| `3.x`     | :warning: Retiring on 2021-05-30 |
+| `3.x`     | :x: Retired                      |
 | `2.x`     | :x: Retired                      |
 | `1.x`     | :x: Retired                      |
 | `0.x`     | :x: Retired                      |
@@ -801,6 +801,10 @@ Defaults to `true`, unless the application origin is `http://localhost`, in whic
 
 Defaults to `none` if the `secure` option is `true`, or `lax` if the `secure` option is false. Allows fine-grained control over the same-site cookie setting. A value of `none` allows embedding within an iframe. A value of `lax` will avoid being blocked by user "3rd party" cookie settings. A value of `strict` will block all cookies when redirecting from Okta and is not recommended.
 
+#### `clearPendingRemoveTokens`
+
+Defaults to `true`, set this option to false if you want to opt-out of the default clearing pendingRemove tokens behaviour when `tokenManager.start()` is called.
+
 ## API Reference
 <!-- no toc -->
 * [start](#start)
@@ -911,6 +915,7 @@ if (authClient.isLoginRedirect()) {
 ### `signOut()`
 
 > :hourglass: async
+> :link: web browser only
 
 Signs the user out of their current [Okta session](https://developer.okta.com/docs/api/resources/sessions) and clears all tokens stored locally in the `TokenManager`. By default, the refresh token (if any) and access token are revoked so they can no longer be used. Some points to consider:
 
@@ -924,6 +929,7 @@ Signs the user out of their current [Okta session](https://developer.okta.com/do
 * `postLogoutRedirectUri` - Setting a value will override the `postLogoutRedirectUri` configured on the SDK.
 * `state` - An optional value, used along with `postLogoutRedirectUri`. If set, this value will be returned as a query parameter during the redirect to the `postLogoutRedirectUri`
 * `idToken` - Specifies the ID token object. By default, `signOut` will look for a token object named `idToken` within the `TokenManager`. If you have stored the id token object in a different location, you should retrieve it first and then pass it here.
+* `clearTokensAfterRedirect` - If `true` (default: `false`) a flag (`pendingRemove`) will be added to local tokens instead of clearing them immediately. Calling `oktaAuth.start()` after logout redirect will clear local tokens if flags are found. This option can be used when work with `SecureRoute` component from Okta's downstream client SDKs to guarantee the local tokens can only be cleared after the Okta SSO session is fully killed.
 * `revokeAccessToken` - If `false` (default: `true`) the access token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application.
 * `revokeRefreshToken` - If `false` (default: `true`) the refresh token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application.  Revoking a refresh token will revoke any access tokens minted by it, even if `revokeAccessToken` is `false`.
 * `accessToken` - Specifies the access token object. By default, `signOut` will look for a token object named `accessToken` within the `TokenManager`. If you have stored the access token object in a different location, you should retrieve it first and then pass it here. This options is ignored if the `revokeAccessToken` option is `false`.
@@ -1590,6 +1596,10 @@ Remove all tokens from the `tokenManager`.
 authClient.tokenManager.clear();
 ```
 
+#### `tokenManager.clearPendingRemoveTokens()`
+
+Remove all tokens with `pendingRemove` flags. This method is called within `tokenManager.start()` by default, you can opt-out of the default behaviour by setting `tokenManager.clearPendingRemoveTokens` option to `false`.
+
 #### `tokenManager.renew(key)`
 
 > :hourglass: async

package/cjs/OktaAuth.js

@@ -112,9 +112,9 @@ class OktaAuth {
         redirectUri: (0, _util.toAbsoluteUrl)(args.redirectUri, window.location.origin) // allow relative URIs
 
       });
-      this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js/${"5.8.0"}`);
+      this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js/${"5.10.1"}`);
     } else {
-      this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js-server/${"5.8.0"}`);
+      this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js-server/${"5.10.1"}`);
     } // Digital clocks will drift over time, so the server
     // can misalign with the time reported by the browser.
     // The maxClockSkew allows relaxing the time-based
@@ -195,10 +195,19 @@ class OktaAuth {
       introspect: _idx.introspect.bind(null, this),
       authenticate: _idx.authenticate.bind(null, this),
       register: _idx.register.bind(null, this),
+      poll: _idx.poll.bind(null, this),
+      proceed: _idx.proceed.bind(null, this),
       cancel: _idx.cancel.bind(null, this),
       recoverPassword: _idx.recoverPassword.bind(null, this),
       handleInteractionCodeRedirect: _idx.handleInteractionCodeRedirect.bind(null, this),
-      startTransaction: _idx.startTransaction.bind(null, this)
+      startTransaction: _idx.startTransaction.bind(null, this),
+      setFlow: flow => {
+        this.options.flow = flow;
+      },
+      getFlow: () => {
+        return this.options.flow;
+      },
+      canProceed: _idx.canProceed.bind(null, this)
     };
     (0, _headers.setGlobalRequestInterceptor)((0, _headers.createGlobalRequestInterceptor)(this)); // to pass custom headers to IDX endpoints
     // HTTP
@@ -309,10 +318,11 @@ class OktaAuth {
 
 
   closeSession() {
-    // Clear all local tokens
-    this.tokenManager.clear();
     return this.session.close() // DELETE /api/v1/sessions/me
-    .catch(function (e) {
+    .then(async () => {
+      // Clear all local tokens
+      this.tokenManager.clear();
+    }).catch(function (e) {
       if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {
         // Session does not exist or has already been closed
         return null;
@@ -412,10 +422,7 @@ class OktaAuth {
 
     if (!options.idToken) {
       options.idToken = this.tokenManager.getTokensSync().idToken;
-    } // Clear all local tokens
-
-
-    this.tokenManager.clear();
+    }
 
     if (revokeRefreshToken && refreshToken) {
       await this.revokeRefreshToken(refreshToken);
@@ -431,6 +438,7 @@ class OktaAuth {
     // Fallback to XHR signOut, then simulate a redirect to the post logout uri
 
     if (!logoutUri) {
+      // local tokens are cleared once session is closed
       return this.closeSession() // can throw if the user cannot be signed out
       .then(function () {
         if (postLogoutRedirectUri === currentUri) {
@@ -440,7 +448,14 @@ class OktaAuth {
         }
       });
     } else {
-      // Flow ends with logout redirect
+      if (options.clearTokensAfterRedirect) {
+        this.tokenManager.addPendingRemoveFlags();
+      } else {
+        // Clear all local tokens
+        this.tokenManager.clear();
+      } // Flow ends with logout redirect
+
+
       window.location.assign(logoutUri);
     }
   }
@@ -474,7 +489,10 @@ class OktaAuth {
       accessToken = null;
 
       if (autoRenew) {
-        accessToken = await this.tokenManager.renew('accessToken');
+        try {
+          accessToken = await this.tokenManager.renew('accessToken');
+        } catch {// Renew errors will emit an "error" event 
+        }
       } else if (autoRemove) {
         this.tokenManager.remove('accessToken');
       }
@@ -484,7 +502,10 @@ class OktaAuth {
       idToken = null;
 
       if (autoRenew) {
-        idToken = await this.tokenManager.renew('idToken');
+        try {
+          idToken = await this.tokenManager.renew('idToken');
+        } catch {// Renew errors will emit an "error" event 
+        }
       } else if (autoRemove) {
         this.tokenManager.remove('idToken');
       }

package/cjs/OktaAuth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["Emitter","require","OktaAuth","constructor","args","options","storageManager","StorageManager","cookies","storageUtil","transactionManager","TransactionManager","Object","assign","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","userAgent","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","getWithRedirect","parseFromUrl","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","verify","verifyToken","isLoginRedirect","syncMethods","keys","forEach","key","indexOf","method","prototype","push","_setLocation","url","_getHistory","history","_getLocation","_getDocument","document","idx","interact","introspectV2","authenticate","register","cancel","recoverPassword","handleInteractionCodeRedirect","startTransaction","http","setRequestHeader","fingerprint","emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","start","updateAuthState","stop","setHeaders","headers","isInteractionRequired","hashOrSearch","isInteractionRequiredError","error","isEmailVerifyCallback","urlPath","parseEmailVerifyCallback","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","Promise","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","hasExpired","getUser","getIdToken","undefined","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","sessionStorage","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","sharedStorage","getOriginalUriStorage","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","oAuthResponse","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","unlockAccount","verifyRecoveryToken","features","constants"],"mappings":";;;;;;AAgBA;;AA+BA;;AAQA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AAQA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAUA;;AACA;;AACA;;;;;;AAlHA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAsGA,MAAMA,OAAO,GAAGC,OAAO,CAAC,cAAD,CAAvB;;AAEA,MAAMC,QAAN,CAA8D;AAM5D;AACA;AACA;AAeAC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AACjC,UAAMC,OAAO,GAAG,KAAKA,OAAL,GAAe,2BAAaD,IAAb,CAA/B;AACA,SAAKE,cAAL,GAAsB,IAAIC,uBAAJ,CAAmBF,OAAO,CAACC,cAA3B,EAA2CD,OAAO,CAACG,OAAnD,EAA4DH,OAAO,CAACI,WAApE,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuBC,MAAM,CAACC,MAAP,CAAc;AAC7DP,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CD,OAAO,CAACK,kBAFsC,CAAvB,CAA1B;AAGA,SAAKI,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAEV,MAAM,CAACC,MAAP,CAAcU,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd,gBAAMC,OAAO,GAAGrB,OAAO,CAACI,WAAR,CAAoBiB,OAApC;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AAJuD,OAAlD,CAHA;AASRG,MAAAA,UAAU,EAAEA,eAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB;AATJ,KAAV;AAYA,SAAKU,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CApBiC,CA0BjC;;AACArB,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAL,CAAaI,WAA3B,EAAwC;AACtCyB,MAAAA,cAAc,EAAE,KAAK5B,cAAL,CAAoB6B,oBAApB,CAAyChB,IAAzC,CAA8C,KAAKb,cAAnD,CADsB;AAEtC8B,MAAAA,YAAY,EAAE,KAAK9B,cAAL,CAAoB8B,YAApB,CAAiCjB,IAAjC,CAAsC,KAAKb,cAA3C;AAFwB,KAAxC;AAKA,SAAK+B,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKjC,OAAL,GAAeO,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAnB,EAA4B;AACzCkC,QAAAA,WAAW,EAAE,yBAAcnC,IAAI,CAACmC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGA,WAAKC,SAAL,GAAiB,+BAAavC,IAAb,EAAoB,gBAAD,OAA4B,EAA/C,CAAjB;AACD,KALD,MAKO;AACL,WAAKuC,SAAL,GAAiB,+BAAavC,IAAb,EAAoB,uBAAD,OAAmC,EAAtD,CAAjB;AACD,KAzCgC,CA2CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACA,IAAI,CAACwC,YAAN,IAAsBxC,IAAI,CAACwC,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAKvC,OAAL,CAAauC,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAKxC,OAAL,CAAauC,YAAb,GAA4BxC,IAAI,CAACwC,YAAjC;AACD,KAtDgC,CAwDjC;AACA;AACA;;;AACA,SAAKvC,OAAL,CAAayC,cAAb,GAA8B,CAAC,CAAC1C,IAAI,CAAC0C,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAa9B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAE4B,uBAAc/B,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAEwB,oBAAWhC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbiC,MAAAA,OAAO,EAAEC,wBAAelC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbmC,MAAAA,oBAAoB,EAAEA,8BAAqBnC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKoC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;AACA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmBvC,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEXwC,MAAAA,qBAAqB,EAAEA,4BAAsBxC,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGXyC,MAAAA,gBAAgB,EAAEA,uBAAiBzC,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX0C,MAAAA,YAAY,EAAEA,mBAAa1C,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKX2C,MAAAA,eAAe,EAAEA,sBAAgB3C,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CALN;AAMX4C,MAAAA,YAAY,EAAEA,mBAAa5C,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CANH;AAOX6C,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAYhD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXiD,MAAAA,KAAK,EAAEC,iBAAWlD,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXmD,MAAAA,sBAAsB,EAAEA,6BAAuBnD,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXoD,MAAAA,WAAW,EAAEA,kBAAYpD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXqD,MAAAA,WAAW,EAAEA,kBAAYrD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaXsD,MAAAA,MAAM,EAAEC,kBAAYvD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXwD,MAAAA,eAAe,EAAEA,sBAAgBxD,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAtEiC,CAsFjC;;AACA,UAAMyD,WAAW,GAAG,CAAC,QAAD,EAAW,iBAAX,CAApB;AACAhE,IAAAA,MAAM,CAACiE,IAAP,CAAY,KAAKpB,KAAjB,EAAwBqB,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAIH,WAAW,CAACI,OAAZ,CAAoBD,GAApB,KAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAIE,MAAM,GAAG,KAAKxB,KAAL,CAAWsB,GAAX,CAAb;AACA,WAAKtB,KAAL,CAAWsB,GAAX,IAAkBvB,sBAAa0B,SAAb,CAAuBC,IAAvB,CAA4BhE,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmD0B,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND;AAQArE,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK4C,KAAL,CAAWK,eAAzB,EAA0C;AACxC;AACAsB,MAAAA,YAAY,EAAE,UAASC,GAAT,EAAc;AAC1B7C,QAAAA,MAAM,CAACC,QAAP,GAAkB4C,GAAlB;AACD;AAJuC,KAA1C;AAMAzE,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK4C,KAAL,CAAWM,YAAzB,EAAuC;AACrC;AACAuB,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO9C,MAAM,CAAC+C,OAAd;AACD,OAJoC;AAMrC;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAOhD,MAAM,CAACC,QAAd;AACD,OAToC;AAWrC;AACAgD,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAOjD,MAAM,CAACkD,QAAd;AACD;AAdoC,KAAvC,EAtGiC,CAuHjC;;AACA,SAAKC,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAASzE,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEiE,gBAAa1E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAFH;AAGT2E,MAAAA,YAAY,EAAEA,kBAAa3E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAIT4E,MAAAA,QAAQ,EAAEA,cAAS5E,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKT6E,MAAAA,MAAM,EAAEA,YAAO7E,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CALC;AAMT8E,MAAAA,eAAe,EAAEA,qBAAgB9E,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CANR;AAOT+E,MAAAA,6BAA6B,EAAEA,mCAA8B/E,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAPtB;AAQTgF,MAAAA,gBAAgB,EAAEA,sBAAiBhF,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AART,KAAX;AAUA,8CAA4B,6CAA+B,IAA/B,CAA5B,EAlIiC,CAkIkC;AAEnE;;AACA,SAAKiF,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiBlF,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CArIiC,CAyIjC;;AACA,SAAKmF,WAAL,GAAmBA,qBAAYnF,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAKoF,OAAL,GAAe,IAAIvG,OAAJ,EAAf,CA5IiC,CA8IjC;;AACA,SAAKwG,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuBrG,IAAI,CAACoG,YAA5B,CAApB,CA/IiC,CAiJjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB;AACD;;AAEDC,EAAAA,KAAK,GAAG;AACN,SAAKJ,YAAL,CAAkBI,KAAlB;;AACA,QAAI,CAAC,KAAKnD,KAAL,CAAWkB,eAAX,EAAL,EAAmC;AACjC,WAAK+B,gBAAL,CAAsBG,eAAtB;AACD;AACF;;AAEDC,EAAAA,IAAI,GAAG;AACL,SAAKN,YAAL,CAAkBM,IAAlB;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAK3G,OAAL,CAAa2G,OAAb,GAAuBpG,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,KAAKR,OAAL,CAAa2G,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GAzL2D,CA2L5D;AACA;AAEA;;;AACAC,EAAAA,qBAAqB,CAACC,YAAD,EAAiC;AACpD,WAAO,iCAAsB,IAAtB,EAA4BA,YAA5B,CAAP;AACD;;AAEDC,EAAAA,0BAA0B,CAACC,KAAD,EAAwB;AAChD,WAAO,sCAA2BA,KAA3B,CAAP;AACD,GArM2D,CAuM5D;;;AACAC,EAAAA,qBAAqB,CAACC,OAAD,EAA2B;AAC9C,WAAO,iCAAsBA,OAAtB,CAAP;AACD;;AAEDC,EAAAA,wBAAwB,CAACD,OAAD,EAA+C;AACrE,WAAO,oCAAyBA,OAAzB,CAAP;AACD;;AAEW,QAANE,MAAM,CAACC,IAAD,EAAgD;AAC1D;AACA;AACA,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD;;AAE0B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAItH,OAAD,IAAc;AACvC,aAAOoH,IAAI,CAACG,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCH,IAAzC,EAA+CpH,OAA/C,CAAP;AACD,KAHD;;AAIA,QAAI,CAACoH,IAAI,CAACG,eAAV,EAA2B;AACzB,aAAOD,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKrB,WAAL,GACNuB,IADM,CACD,UAASvB,WAAT,EAAsB;AAC1B,aAAOqB,kBAAkB,CAAC;AACxBX,QAAAA,OAAO,EAAE;AACP,kCAAwBV;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBwB,kBAAkB,CAACL,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEM,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCP,IAA7C;;AACA,QAAG,KAAKpF,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAIyF,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAGtH,MAAM,CAACC,MAAP,CAAc;AAC3B;AACAsH,QAAAA,MAAM,EAAE,KAAK9H,OAAL,CAAa8H,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAKvE,KAAL,CAAWK,eAAX,CAA2BoE,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAK7F,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GA9P2D,CAgQ5D;;;AACAW,EAAAA,YAAY,GAAoB;AAC9B;AACA,SAAKuD,YAAL,CAAkB4B,KAAlB;AAEA,WAAO,KAAKrF,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACNqF,KADM,CACA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAAC7G,IAAF,KAAW,cAAX,IAA6B6G,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAPM,CAAP;AAQD,GA7Q2D,CA+Q5D;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA6C;AAClE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAKjC,YAAL,CAAkBkC,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAKnC,YAAL,CAAkBoC,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAKpC,YAAL,CAAkBqC,MAAlB,CAAyBF,cAAzB;AACD,KALiE,CAMlE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAOK,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKtF,KAAL,CAAWS,MAAX,CAAkBuE,WAAlB,CAAP;AACD,GA3R2D,CA6R5D;;;AACwB,QAAlBO,kBAAkB,CAACC,YAAD,EAA+C;AACrE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKzC,YAAL,CAAkBkC,SAAlB,EAAP,EAAsCO,YAArD;AACA,YAAMC,eAAe,GAAG,KAAK1C,YAAL,CAAkBoC,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAKpC,YAAL,CAAkBqC,MAAlB,CAAyBK,eAAzB;AACD,KALoE,CAMrE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAOH,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKtF,KAAL,CAAWS,MAAX,CAAkB+E,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAAC9I,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACF+I,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAjJ,OAJJ;;AAKA,QAAI,CAAC+I,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAK5C,YAAL,CAAkB+C,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKhJ,OAAL,CAAagJ,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GAvU2D,CAyU5D;;;AACa,QAAPE,OAAO,CAACvJ,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAGO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBR,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAIwJ,UAAU,GAAGrH,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAIoH,UAAU,GAAGtH,MAAM,CAACC,QAAP,CAAgBsH,IAAjC;AACA,QAAIV,qBAAqB,GAAGhJ,OAAO,CAACgJ,qBAAR,IACvB,KAAKhJ,OAAL,CAAagJ,qBADU,IAEvBQ,UAFL;AAIA,QAAIpB,WAAW,GAAGpI,OAAO,CAACoI,WAA1B;AACA,QAAIQ,YAAY,GAAG5I,OAAO,CAAC4I,YAA3B;AACA,QAAIT,iBAAiB,GAAGnI,OAAO,CAACmI,iBAAR,KAA8B,KAAtD;AACA,QAAIQ,kBAAkB,GAAG3I,OAAO,CAAC2I,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKzC,YAAL,CAAkB+C,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIT,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAKjC,YAAL,CAAkB+C,aAAlB,GAAkCd,WAAhD;AACD;;AAED,QAAI,CAACpI,OAAO,CAAC+I,OAAb,EAAsB;AACpB/I,MAAAA,OAAO,CAAC+I,OAAR,GAAkB,KAAK5C,YAAL,CAAkB+C,aAAlB,GAAkCH,OAApD;AACD,KAzBqC,CA2BtC;;;AACA,SAAK5C,YAAL,CAAkB4B,KAAlB;;AAEA,QAAIY,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIT,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMiB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAG9I,OAAL;AAAcgJ,MAAAA;AAAd,KAA3B,CAAlB,CAtCsC,CAuCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd,aAAO,KAAKzG,YAAL,GAAoB;AAApB,OACN4E,IADM,CACD,YAAW;AACf,YAAIwB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxCtH,UAAAA,MAAM,CAACC,QAAP,CAAgBuH,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACLxH,UAAAA,MAAM,CAACC,QAAP,CAAgB5B,MAAhB,CAAuBwI,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KATD,MASO;AACL;AACA7G,MAAAA,MAAM,CAACC,QAAP,CAAgB5B,MAAhB,CAAuB6I,SAAvB;AACD;AACF;;AAEDO,EAAAA,SAAS,CAACxC,IAAD,EAAwB;AAC/B,QAAIpC,GAAG,GAAG,2BAA2B,yBAAcoC,IAAd,CAArC;AACA,QAAIpH,OAAO,GAAG;AACZ2G,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAU3B,GAAV,EAAehF,OAAf,CAAP;AACD,GA1Y2D,CA4Y5D;AACA;AACA;AAEA;AACA;;;AACqB,QAAf6J,eAAe,GAAqB;AAExC,QAAI;AAAEzB,MAAAA,WAAF;AAAeW,MAAAA;AAAf,QAA2B,KAAK5C,YAAL,CAAkB+C,aAAlB,EAA/B;AACA,UAAM;AAAEY,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAK5D,YAAL,CAAkB6D,UAAlB,EAAlC;;AAEA,QAAI5B,WAAW,IAAI,KAAKjC,YAAL,CAAkB8D,UAAlB,CAA6B7B,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAG,IAAd;;AACA,UAAI0B,SAAJ,EAAe;AACb1B,QAAAA,WAAW,GAAG,MAAM,KAAKjC,YAAL,CAAkBpC,KAAlB,CAAwB,aAAxB,CAApB;AACD,OAFD,MAEO,IAAIgG,UAAJ,EAAgB;AACrB,aAAK5D,YAAL,CAAkBqC,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAIO,OAAO,IAAI,KAAK5C,YAAL,CAAkB8D,UAAlB,CAA6BlB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAG,IAAV;;AACA,UAAIe,SAAJ,EAAe;AACbf,QAAAA,OAAO,GAAG,MAAM,KAAK5C,YAAL,CAAkBpC,KAAlB,CAAwB,SAAxB,CAAhB;AACD,OAFD,MAEO,IAAIgG,UAAJ,EAAgB;AACrB,aAAK5D,YAAL,CAAkBqC,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIW,OAAjB,CAAR;AACD;;AAEY,QAAPmB,OAAO,GAAwB;AACnC,UAAM;AAAEnB,MAAAA,OAAF;AAAWX,MAAAA;AAAX,QAA2B,KAAKjC,YAAL,CAAkB+C,aAAlB,EAAjC;AACA,WAAO,KAAK9F,KAAL,CAAWe,WAAX,CAAuBiE,WAAvB,EAAoCW,OAApC,CAAP;AACD;;AAEDoB,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAEpB,MAAAA;AAAF,QAAc,KAAK5C,YAAL,CAAkB+C,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqBqB,SAAnC;AACD;;AAEDC,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEjC,MAAAA;AAAF,QAAkB,KAAKjC,YAAL,CAAkB+C,aAAlB,EAAxB;AACA,WAAOd,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BgC,SAA/C;AACD;;AAEDE,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAE1B,MAAAA;AAAF,QAAmB,KAAKzC,YAAL,CAAkB+C,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+BwB,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBG,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAKpH,KAAL,CAAWM,YAAX,EAAzB;AACA,SAAKyC,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACD;;AAED5C,EAAAA,cAAc,CAACF,WAAD,EAAsBuB,KAAtB,EAA4C;AACxD;AACA,UAAMyB,cAAc,GAAGC,wBAAeC,iBAAf,EAAvB;;AACAF,IAAAA,cAAc,CAACG,OAAf,CAAuBC,mCAAvB,EAAkDpD,WAAlD,EAHwD,CAKxD;;AACAuB,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjJ,OAAL,CAAaiJ,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAM8B,aAAa,GAAG,KAAK9K,cAAL,CAAoB+K,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACF,OAAd,CAAsB5B,KAAtB,EAA6BvB,WAA7B;AACD;AACF;;AAEDuD,EAAAA,cAAc,CAAChC,KAAD,EAAyB;AACrC;AACAA,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjJ,OAAL,CAAaiJ,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAM8B,aAAa,GAAG,KAAK9K,cAAL,CAAoB+K,qBAApB,EAAtB;AACA,YAAMtD,WAAW,GAAGqD,aAAa,CAACG,OAAd,CAAsBjC,KAAtB,CAApB;;AACA,UAAIvB,WAAJ,EAAiB;AACf,eAAOA,WAAP;AACD;AACF,KAToC,CAWrC;;;AACA,UAAMrG,OAAO,GAAGsJ,wBAAeC,iBAAf,EAAhB;;AACA,WAAOvJ,OAAO,GAAGA,OAAO,CAAC6J,OAAR,CAAgBJ,mCAAhB,CAAH,GAAgDV,SAA9D;AACD;;AAEDe,EAAAA,iBAAiB,CAAClC,KAAD,EAAuB;AACtC;AACA,UAAM5H,OAAO,GAAGsJ,wBAAeC,iBAAf,EAAhB;;AACAvJ,IAAAA,OAAO,CAAC+J,UAAR,CAAmBN,mCAAnB,EAHsC,CAKtC;;AACA7B,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjJ,OAAL,CAAaiJ,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAM8B,aAAa,GAAG,KAAK9K,cAAL,CAAoB+K,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACK,UAAd,CAAyBnC,KAAzB;AACD;AACF;;AAED3E,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnB+G,mBAAmB,CAACb,MAAD,EAAkB9C,WAAlB,EAAuD;AAC9E,QAAIuB,KAAK,GAAG,KAAKjJ,OAAL,CAAaiJ,KAAzB,CAD8E,CAG9E;;AACA,QAAIuB,MAAJ,EAAY;AACV,WAAKrE,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACA9C,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAKuD,cAAL,CAAoB,KAAKjL,OAAL,CAAaiJ,KAAjC,CAA7B;AACD,KAHD,MAGO,IAAI,KAAK3E,eAAL,EAAJ,EAA4B;AACjC;AACA,YAAMgH,aAAa,GAAG,MAAM,6CAA0B,IAA1B,EAAgC,EAAhC,CAA5B;AACArC,MAAAA,KAAK,GAAGqC,aAAa,CAACrC,KAAtB;AACAvB,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAKuD,cAAL,CAAoBhC,KAApB,CAA7B;AACA,YAAM,KAAKsB,uBAAL,EAAN;AACD,KANM,MAMA;AACL,aADK,CACG;AACT,KAf6E,CAiB9E;;;AACA,UAAM,KAAKlE,gBAAL,CAAsBG,eAAtB,EAAN,CAlB8E,CAoB9E;;AACA,SAAK2E,iBAAL,CAAuBlC,KAAvB,EArB8E,CAuB9E;;AACA,UAAM;AAAEsC,MAAAA;AAAF,QAAyB,KAAKvL,OAApC;;AACA,QAAIuL,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAO7D,WAAP,CAAxB;AACD,KAFD,MAEO;AACLvF,MAAAA,MAAM,CAACC,QAAP,CAAgBoJ,OAAhB,CAAwB9D,WAAxB;AACD;AACF;;AAED+D,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAKzL,OAAL,CAAawB,IAAtB;AACD;;AAEDkK,EAAAA,eAAe,CAACC,YAAD,EAAgC;AAC7C,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAK7L,OAAL,CAAa2L,YAA3B,KAA4C,KAAK3L,OAAL,CAAa2L,YAAb,CAA0BG,MAA1E,EAAkF;AAChFJ,MAAAA,eAAe,GAAG,KAAK1L,OAAL,CAAa2L,YAAb,CAA0BhH,OAA1B,CAAkCgH,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAK1L,OAAL,CAAa2L,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GAtiB2D,CAwiB5D;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA,WAAO,KAAKhM,OAAL,CAAaiM,MAAb,CAAoBC,KAApB,CAA0B,UAA1B,EAAsC,CAAtC,CAAP;AACD,GAhjB2D,CAkjB5D;;;AACAC,EAAAA,cAAc,CAAC/E,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GArjB2D,CAujB5D;;;AACAgF,EAAAA,aAAa,CAAChF,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GA1jB2D,CA4jB5D;;;AACAiF,EAAAA,mBAAmB,CAACjF,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD;;AA/jB2D,C,CAkkB9D;;;AACAvH,QAAQ,CAACyM,QAAT,GAAoBzM,QAAQ,CAACgF,SAAT,CAAmByH,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACA/L,MAAM,CAACC,MAAP,CAAcX,QAAd,EAAwB;AACtB0M,EAAAA,SADsB;AAEtBzF,EAAAA,0BAA0B,EAA1BA;AAFsB,CAAxB;eAKejH,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* SDK_VERSION is defined in webpack config */ \n/* global window, SDK_VERSION */\n\nimport { \n  DEFAULT_MAX_CLOCK_SKEW, \n  REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n  OktaAuth as SDKInterface,\n  OktaAuthOptions, \n  AccessToken, \n  IDToken,\n  RefreshToken,\n  TokenAPI, \n  FeaturesAPI, \n  SignoutAPI, \n  FingerprintAPI,\n  UserClaims, \n  SigninWithRedirectOptions,\n  SigninWithCredentialsOptions,\n  SignoutOptions,\n  Tokens,\n  ForgotPasswordOptions,\n  VerifyRecoveryTokenOptions,\n  TransactionAPI,\n  SessionAPI,\n  SigninAPI,\n  PkceAPI,\n  SigninOptions,\n  IdxAPI,\n  SignoutRedirectUrlOptions,\n  HttpAPI,\n} from './types';\nimport {\n  transactionStatus,\n  resumeTransaction,\n  transactionExists,\n  introspect,\n  postToTransaction,\n  AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n  closeSession,\n  sessionExists,\n  getSession,\n  refreshSession,\n  setCookieAndRedirect\n} from './session';\nimport {\n  getOAuthUrls,\n  getWithoutPrompt,\n  getWithPopup,\n  getWithRedirect,\n  isLoginRedirect,\n  parseFromUrl,\n  decodeToken,\n  revokeToken,\n  renewToken,\n  renewTokens,\n  renewTokensWithRefresh,\n  getUserInfo,\n  verifyToken,\n  prepareTokenParams,\n  exchangeCodeForTokens,\n  isInteractionRequiredError,\n  isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport browserStorage from './browser/browserStorage';\nimport { \n  toQueryString, \n  toAbsoluteUrl,\n  clone,\n  isEmailVerifyCallback,\n  EmailVerifyCallbackResponse,\n  parseEmailVerifyCallback\n} from './util';\nimport { getUserAgent } from './builderUtil';\nimport { TokenManager } from './TokenManager';\nimport { get, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport StorageManager from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n  interact,\n  introspect as introspectV2,\n  authenticate,\n  cancel,\n  register,\n  recoverPassword,\n  startTransaction,\n  handleInteractionCodeRedirect,\n} from './idx';\nimport { createGlobalRequestInterceptor, setGlobalRequestInterceptor } from './idx/headers';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\n\nconst Emitter = require('tiny-emitter');\n\nclass OktaAuth implements SDKInterface, SigninAPI, SignoutAPI {\n  options: OktaAuthOptions;\n  storageManager: StorageManager;\n  transactionManager: TransactionManager;\n  tx: TransactionAPI;\n  idx: IdxAPI;\n  // keep this field to compatible with released downstream SDK versions\n  // TODO: remove in version 6\n  // JIRA: https://oktainc.atlassian.net/browse/OKTA-419417\n  userAgent: string;\n  session: SessionAPI;\n  pkce: PkceAPI;\n  static features: FeaturesAPI;\n  features: FeaturesAPI;\n  token: TokenAPI;\n  _tokenQueue: PromiseQueue;\n  emitter: typeof Emitter;\n  tokenManager: TokenManager;\n  authStateManager: AuthStateManager;\n  http: HttpAPI;\n  fingerprint: FingerprintAPI;\n  _oktaUserAgent: OktaUserAgent;\n  _pending: { handleLogin: boolean };\n  constructor(args: OktaAuthOptions) {\n    const options = this.options = buildOptions(args);\n    this.storageManager = new StorageManager(options.storageManager, options.cookies, options.storageUtil);\n    this.transactionManager = new TransactionManager(Object.assign({\n      storageManager: this.storageManager,\n    }, options.transactionManager));\n    this._oktaUserAgent = new OktaUserAgent();\n  \n    this.tx = {\n      status: transactionStatus.bind(null, this),\n      resume: resumeTransaction.bind(null, this),\n      exists: Object.assign(transactionExists.bind(null, this), {\n        _get: (name) => {\n          const storage = options.storageUtil.storage;\n          return storage.get(name);\n        }\n      }),\n      introspect: introspect.bind(null, this)\n    };\n\n    this.pkce = {\n      DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n      generateVerifier: PKCE.generateVerifier,\n      computeChallenge: PKCE.computeChallenge\n    };\n\n    // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n    Object.assign(this.options.storageUtil, {\n      getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n      getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n    });\n\n    this._pending = { handleLogin: false };\n\n    if (isBrowser()) {\n      this.options = Object.assign(this.options, {\n        redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n      });\n      this.userAgent = getUserAgent(args, `okta-auth-js/${SDK_VERSION}`);\n    } else {\n      this.userAgent = getUserAgent(args, `okta-auth-js-server/${SDK_VERSION}`);\n    }\n\n    // Digital clocks will drift over time, so the server\n    // can misalign with the time reported by the browser.\n    // The maxClockSkew allows relaxing the time-based\n    // validation of tokens (in seconds, not milliseconds).\n    // It currently defaults to 300, because 5 min is the\n    // default maximum tolerance allowed by Kerberos.\n    // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n    if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n      this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n    } else {\n      this.options.maxClockSkew = args.maxClockSkew;\n    }\n\n    // As some end user's devices can have their date \n    // and time incorrectly set, allow for the disabling\n    // of the jwt liftetime validation\n    this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n    this.session = {\n      close: closeSession.bind(null, this),\n      exists: sessionExists.bind(null, this),\n      get: getSession.bind(null, this),\n      refresh: refreshSession.bind(null, this),\n      setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n    };\n\n    this._tokenQueue = new PromiseQueue();\n    this.token = {\n      prepareTokenParams: prepareTokenParams.bind(null, this),\n      exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n      getWithoutPrompt: getWithoutPrompt.bind(null, this),\n      getWithPopup: getWithPopup.bind(null, this),\n      getWithRedirect: getWithRedirect.bind(null, this),\n      parseFromUrl: parseFromUrl.bind(null, this),\n      decode: decodeToken,\n      revoke: revokeToken.bind(null, this),\n      renew: renewToken.bind(null, this),\n      renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n      renewTokens: renewTokens.bind(null, this),\n      getUserInfo: getUserInfo.bind(null, this),\n      verify: verifyToken.bind(null, this),\n      isLoginRedirect: isLoginRedirect.bind(null, this)\n    };\n    // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n    const syncMethods = ['decode', 'isLoginRedirect'];\n    Object.keys(this.token).forEach(key => {\n      if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n        return;\n      }\n      var method = this.token[key];\n      this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n    });\n    \n    Object.assign(this.token.getWithRedirect, {\n      // This is exposed so we can set window.location in our tests\n      _setLocation: function(url) {\n        window.location = url;\n      }\n    });\n    Object.assign(this.token.parseFromUrl, {\n      // This is exposed so we can mock getting window.history in our tests\n      _getHistory: function() {\n        return window.history;\n      },\n\n      // This is exposed so we can mock getting window.location in our tests\n      _getLocation: function() {\n        return window.location;\n      },\n\n      // This is exposed so we can mock getting window.document in our tests\n      _getDocument: function() {\n        return window.document;\n      }\n    });\n\n    // IDX\n    this.idx = {\n      interact: interact.bind(null, this),\n      introspect: introspectV2.bind(null, this),\n      authenticate: authenticate.bind(null, this),\n      register: register.bind(null, this),\n      cancel: cancel.bind(null, this),\n      recoverPassword: recoverPassword.bind(null, this),\n      handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n      startTransaction: startTransaction.bind(null, this),\n    };\n    setGlobalRequestInterceptor(createGlobalRequestInterceptor(this)); // to pass custom headers to IDX endpoints\n\n    // HTTP\n    this.http = {\n      setRequestHeader: setRequestHeader.bind(null, this)\n    };\n\n    // Fingerprint API\n    this.fingerprint = fingerprint.bind(null, this);\n\n    this.emitter = new Emitter();\n\n    // TokenManager\n    this.tokenManager = new TokenManager(this, args.tokenManager);\n\n    // AuthStateManager\n    this.authStateManager = new AuthStateManager(this);\n  }\n\n  start() {\n    this.tokenManager.start();\n    if (!this.token.isLoginRedirect()) {\n      this.authStateManager.updateAuthState();\n    }\n  }\n\n  stop() {\n    this.tokenManager.stop();\n  }\n\n  setHeaders(headers) {\n    this.options.headers = Object.assign({}, this.options.headers, headers);\n  }\n\n  // ES6 module users can use named exports to access all symbols\n  // CommonJS module users (CDN) need all exports on this object\n\n  // Utility methods for interaction code flow\n  isInteractionRequired(hashOrSearch?: string): boolean {\n    return isInteractionRequired(this, hashOrSearch);\n  }\n\n  isInteractionRequiredError(error: Error): boolean {\n    return isInteractionRequiredError(error);\n  }\n\n  // Utility methods for email verify callback\n  isEmailVerifyCallback(urlPath: string): boolean {\n    return isEmailVerifyCallback(urlPath);\n  }\n\n  parseEmailVerifyCallback(urlPath: string): EmailVerifyCallbackResponse {\n    return parseEmailVerifyCallback(urlPath);\n  }\n\n  async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n    // TODO: support interaction code flow\n    // Authn V1 flow\n    return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n  }\n\n  async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n    opts = clone(opts || {});\n    const _postToTransaction = (options?) => {\n      delete opts.sendFingerprint;\n      return postToTransaction(this, '/api/v1/authn', opts, options);\n    };\n    if (!opts.sendFingerprint) {\n      return _postToTransaction();\n    }\n    return this.fingerprint()\n    .then(function(fingerprint) {\n      return _postToTransaction({\n        headers: {\n          'X-Device-Fingerprint': fingerprint\n        }\n      });\n    });\n  }\n\n  async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n    const { originalUri, ...additionalParams } = opts;\n    if(this._pending.handleLogin) { \n      // Don't trigger second round\n      return;\n    }\n\n    this._pending.handleLogin = true;\n    try {\n      // Trigger default signIn redirect flow\n      if (originalUri) {\n        this.setOriginalUri(originalUri);\n      }\n      const params = Object.assign({\n        // TODO: remove this line when default scopes are changed OKTA-343294\n        scopes: this.options.scopes || ['openid', 'email', 'profile']\n      }, additionalParams);\n      await this.token.getWithRedirect(params);\n    } finally {\n      this._pending.handleLogin = false;\n    }\n  }\n  \n  // Ends the current Okta SSO session without redirecting to Okta.\n  closeSession(): Promise<object> {\n    // Clear all local tokens\n    this.tokenManager.clear();\n  \n    return this.session.close() // DELETE /api/v1/sessions/me\n    .catch(function(e) {\n      if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n        // Session does not exist or has already been closed\n        return null;\n      }\n      throw e;\n    });\n  }\n  \n  // Revokes the access token for the application session\n  async revokeAccessToken(accessToken?: AccessToken): Promise<object> {\n    if (!accessToken) {\n      accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n      const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n      this.tokenManager.remove(accessTokenKey);\n    }\n    // Access token may have been removed. In this case, we will silently succeed.\n    if (!accessToken) {\n      return Promise.resolve(null);\n    }\n    return this.token.revoke(accessToken);\n  }\n\n  // Revokes the refresh token for the application session\n  async revokeRefreshToken(refreshToken?: RefreshToken): Promise<object> {\n    if (!refreshToken) {\n      refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n      const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n      this.tokenManager.remove(refreshTokenKey);\n    }\n    // Refresh token may have been removed. In this case, we will silently succeed.\n    if (!refreshToken) {\n      return Promise.resolve(null);\n    }\n    return this.token.revoke(refreshToken);\n  }\n\n  getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n    let {\n      idToken,\n      postLogoutRedirectUri,\n      state,\n    } = options;\n    if (!idToken) {\n      idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n    }\n    if (!idToken) {\n      return '';\n    }\n    if (!postLogoutRedirectUri) {\n      postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n    }\n\n    const logoutUrl = getOAuthUrls(this).logoutUrl;\n    const idTokenHint = idToken.idToken; // a string\n    let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n    if (postLogoutRedirectUri) {\n      logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n    } \n    // State allows option parameters to be passed to logout redirect uri\n    if (state) {\n      logoutUri += '&state=' + encodeURIComponent(state);\n    }\n\n    return logoutUri;\n  }\n\n  // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n  async signOut(options?: SignoutOptions) {\n    options = Object.assign({}, options);\n  \n    // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n    var defaultUri = window.location.origin;\n    var currentUri = window.location.href;\n    var postLogoutRedirectUri = options.postLogoutRedirectUri\n      || this.options.postLogoutRedirectUri\n      || defaultUri;\n  \n    var accessToken = options.accessToken;\n    var refreshToken = options.refreshToken;\n    var revokeAccessToken = options.revokeAccessToken !== false;\n    var revokeRefreshToken = options.revokeRefreshToken !== false;\n  \n    if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n      refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n    }\n\n    if (revokeAccessToken && typeof accessToken === 'undefined') {\n      accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n    }\n  \n    if (!options.idToken) {\n      options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n    }\n\n    // Clear all local tokens\n    this.tokenManager.clear();\n\n    if (revokeRefreshToken && refreshToken) {\n      await this.revokeRefreshToken(refreshToken);\n    }\n\n    if (revokeAccessToken && accessToken) {\n      await this.revokeAccessToken(accessToken);\n    }\n\n    const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n    // No logoutUri? This can happen if the storage was cleared.\n    // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n    if (!logoutUri) {\n      return this.closeSession() // can throw if the user cannot be signed out\n      .then(function() {\n        if (postLogoutRedirectUri === currentUri) {\n          window.location.reload(); // force a hard reload if URI is not changing\n        } else {\n          window.location.assign(postLogoutRedirectUri);\n        }\n      });\n    } else {\n      // Flow ends with logout redirect\n      window.location.assign(logoutUri);\n    }\n  }\n\n  webfinger(opts): Promise<object> {\n    var url = '/.well-known/webfinger' + toQueryString(opts);\n    var options = {\n      headers: {\n        'Accept': 'application/jrd+json'\n      }\n    };\n    return get(this, url, options);\n  }\n\n  //\n  // Common Methods from downstream SDKs\n  //\n\n  // Returns true if both accessToken and idToken are not expired\n  // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n  async isAuthenticated(): Promise<boolean> {\n\n    let { accessToken, idToken } = this.tokenManager.getTokensSync();\n    const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n    if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n      accessToken = null;\n      if (autoRenew) {\n        accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n      } else if (autoRemove) {\n        this.tokenManager.remove('accessToken');\n      }\n    }\n\n    if (idToken && this.tokenManager.hasExpired(idToken)) {\n      idToken = null;\n      if (autoRenew) {\n        idToken = await this.tokenManager.renew('idToken') as IDToken;\n      } else if (autoRemove) {\n        this.tokenManager.remove('idToken');\n      }\n    }\n\n    return !!(accessToken && idToken);\n  }\n\n  async getUser(): Promise<UserClaims> {\n    const { idToken, accessToken } = this.tokenManager.getTokensSync();\n    return this.token.getUserInfo(accessToken, idToken);\n  }\n\n  getIdToken(): string | undefined {\n    const { idToken } = this.tokenManager.getTokensSync();\n    return idToken ? idToken.idToken : undefined;\n  }\n\n  getAccessToken(): string | undefined {\n    const { accessToken } = this.tokenManager.getTokensSync();\n    return accessToken ? accessToken.accessToken : undefined;\n  }\n\n  getRefreshToken(): string | undefined {\n    const { refreshToken } = this.tokenManager.getTokensSync();\n    return refreshToken ? refreshToken.refreshToken : undefined;\n  }\n\n  /**\n   * Store parsed tokens from redirect url\n   */\n  async storeTokensFromRedirect(): Promise<void> {\n    const { tokens } = await this.token.parseFromUrl();\n    this.tokenManager.setTokens(tokens);\n  }\n\n  setOriginalUri(originalUri: string, state?: string): void {\n    // always store in session storage\n    const sessionStorage = browserStorage.getSessionStorage();\n    sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n\n    // to support multi-tab flows, set a state in constructor or pass as param\n    state = state || this.options.state;\n    if (state) {\n      const sharedStorage = this.storageManager.getOriginalUriStorage();\n      sharedStorage.setItem(state, originalUri);\n    }\n  }\n\n  getOriginalUri(state?: string): string {\n    // Prefer shared storage (if state is available)\n    state = state || this.options.state;\n    if (state) {\n      const sharedStorage = this.storageManager.getOriginalUriStorage();\n      const originalUri = sharedStorage.getItem(state);\n      if (originalUri) {\n        return originalUri;\n      }\n    }\n\n    // Try to load from session storage\n    const storage = browserStorage.getSessionStorage();\n    return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) : undefined;\n  }\n\n  removeOriginalUri(state?: string): void {\n    // Remove from sessionStorage\n    const storage = browserStorage.getSessionStorage();\n    storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n\n    // Also remove from shared storage\n    state = state || this.options.state;\n    if (state) {\n      const sharedStorage = this.storageManager.getOriginalUriStorage();\n      sharedStorage.removeItem(state);\n    }\n  }\n\n  isLoginRedirect(): boolean {\n    return isLoginRedirect(this);\n  }\n\n  async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n    let state = this.options.state;\n\n    // Store tokens and update AuthState by the emitted events\n    if (tokens) {\n      this.tokenManager.setTokens(tokens);\n      originalUri = originalUri || this.getOriginalUri(this.options.state);\n    } else if (this.isLoginRedirect()) {\n      // For redirect flow, get state from the URL and use it to retrieve the originalUri\n      const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n      state = oAuthResponse.state;\n      originalUri = originalUri || this.getOriginalUri(state);\n      await this.storeTokensFromRedirect();\n    } else {\n      return; // nothing to do\n    }\n    \n    // ensure auth state has been updated\n    await this.authStateManager.updateAuthState();\n\n    // clear originalUri from storage\n    this.removeOriginalUri(state);\n\n    // Redirect to originalUri\n    const { restoreOriginalUri } = this.options;\n    if (restoreOriginalUri) {\n      await restoreOriginalUri(this, originalUri);\n    } else {\n      window.location.replace(originalUri);\n    }\n  }\n\n  isPKCE(): boolean {\n    return !!this.options.pkce;\n  }\n\n  hasResponseType(responseType: string): boolean {\n    let hasResponseType = false;\n    if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n      hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n    } else {\n      hasResponseType = this.options.responseType === responseType;\n    }\n    return hasResponseType;\n  }\n\n  isAuthorizationCodeFlow(): boolean {\n    return this.hasResponseType('code');\n  }\n\n  // { username, password, (relayState), (context) }\n  // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n  //   return postToTransaction(this, '/api/v1/authn', opts);\n  // }\n\n  getIssuerOrigin(): string {\n    // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n    return this.options.issuer.split('/oauth2/')[0];\n  }\n\n  // { username, (relayState) }\n  forgotPassword(opts): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n  }\n\n  // { username, (relayState) }\n  unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n  }\n\n  // { recoveryToken }\n  verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n  }\n}\n\n// Hoist feature detection functions to static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist values and utility functions for CommonJS users\nObject.assign(OktaAuth, {\n  constants,\n  isInteractionRequiredError\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
+{"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["Emitter","require","OktaAuth","constructor","args","options","storageManager","StorageManager","cookies","storageUtil","transactionManager","TransactionManager","Object","assign","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","userAgent","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","getWithRedirect","parseFromUrl","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","verify","verifyToken","isLoginRedirect","syncMethods","keys","forEach","key","indexOf","method","prototype","push","_setLocation","url","_getHistory","history","_getLocation","_getDocument","document","idx","interact","introspectV2","authenticate","register","poll","proceed","cancel","recoverPassword","handleInteractionCodeRedirect","startTransaction","setFlow","flow","getFlow","canProceed","http","setRequestHeader","fingerprint","emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","start","updateAuthState","stop","setHeaders","headers","isInteractionRequired","hashOrSearch","isInteractionRequiredError","error","isEmailVerifyCallback","urlPath","parseEmailVerifyCallback","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","Promise","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","clearTokensAfterRedirect","addPendingRemoveFlags","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","hasExpired","getUser","getIdToken","undefined","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","sessionStorage","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","sharedStorage","getOriginalUriStorage","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","oAuthResponse","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","unlockAccount","verifyRecoveryToken","features","constants"],"mappings":";;;;;;AAgBA;;AAgCA;;AAQA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AAQA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAaA;;AACA;;AACA;;;;;;AAtHA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AA0GA,MAAMA,OAAO,GAAGC,OAAO,CAAC,cAAD,CAAvB;;AAEA,MAAMC,QAAN,CAA8D;AAM5D;AACA;AACA;AAeAC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AACjC,UAAMC,OAAO,GAAG,KAAKA,OAAL,GAAe,2BAAaD,IAAb,CAA/B;AACA,SAAKE,cAAL,GAAsB,IAAIC,uBAAJ,CAAmBF,OAAO,CAACC,cAA3B,EAA2CD,OAAO,CAACG,OAAnD,EAA4DH,OAAO,CAACI,WAApE,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuBC,MAAM,CAACC,MAAP,CAAc;AAC7DP,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CD,OAAO,CAACK,kBAFsC,CAAvB,CAA1B;AAGA,SAAKI,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAEV,MAAM,CAACC,MAAP,CAAcU,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd,gBAAMC,OAAO,GAAGrB,OAAO,CAACI,WAAR,CAAoBiB,OAApC;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AAJuD,OAAlD,CAHA;AASRG,MAAAA,UAAU,EAAEA,eAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB;AATJ,KAAV;AAYA,SAAKU,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CApBiC,CA0BjC;;AACArB,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAL,CAAaI,WAA3B,EAAwC;AACtCyB,MAAAA,cAAc,EAAE,KAAK5B,cAAL,CAAoB6B,oBAApB,CAAyChB,IAAzC,CAA8C,KAAKb,cAAnD,CADsB;AAEtC8B,MAAAA,YAAY,EAAE,KAAK9B,cAAL,CAAoB8B,YAApB,CAAiCjB,IAAjC,CAAsC,KAAKb,cAA3C;AAFwB,KAAxC;AAKA,SAAK+B,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKjC,OAAL,GAAeO,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAnB,EAA4B;AACzCkC,QAAAA,WAAW,EAAE,yBAAcnC,IAAI,CAACmC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGA,WAAKC,SAAL,GAAiB,+BAAavC,IAAb,EAAoB,gBAAD,QAA4B,EAA/C,CAAjB;AACD,KALD,MAKO;AACL,WAAKuC,SAAL,GAAiB,+BAAavC,IAAb,EAAoB,uBAAD,QAAmC,EAAtD,CAAjB;AACD,KAzCgC,CA2CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACA,IAAI,CAACwC,YAAN,IAAsBxC,IAAI,CAACwC,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAKvC,OAAL,CAAauC,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAKxC,OAAL,CAAauC,YAAb,GAA4BxC,IAAI,CAACwC,YAAjC;AACD,KAtDgC,CAwDjC;AACA;AACA;;;AACA,SAAKvC,OAAL,CAAayC,cAAb,GAA8B,CAAC,CAAC1C,IAAI,CAAC0C,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAa9B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAE4B,uBAAc/B,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAEwB,oBAAWhC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbiC,MAAAA,OAAO,EAAEC,wBAAelC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbmC,MAAAA,oBAAoB,EAAEA,8BAAqBnC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKoC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;AACA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmBvC,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEXwC,MAAAA,qBAAqB,EAAEA,4BAAsBxC,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGXyC,MAAAA,gBAAgB,EAAEA,uBAAiBzC,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX0C,MAAAA,YAAY,EAAEA,mBAAa1C,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKX2C,MAAAA,eAAe,EAAEA,sBAAgB3C,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CALN;AAMX4C,MAAAA,YAAY,EAAEA,mBAAa5C,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CANH;AAOX6C,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAYhD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXiD,MAAAA,KAAK,EAAEC,iBAAWlD,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXmD,MAAAA,sBAAsB,EAAEA,6BAAuBnD,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXoD,MAAAA,WAAW,EAAEA,kBAAYpD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXqD,MAAAA,WAAW,EAAEA,kBAAYrD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaXsD,MAAAA,MAAM,EAAEC,kBAAYvD,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXwD,MAAAA,eAAe,EAAEA,sBAAgBxD,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAtEiC,CAsFjC;;AACA,UAAMyD,WAAW,GAAG,CAAC,QAAD,EAAW,iBAAX,CAApB;AACAhE,IAAAA,MAAM,CAACiE,IAAP,CAAY,KAAKpB,KAAjB,EAAwBqB,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAIH,WAAW,CAACI,OAAZ,CAAoBD,GAApB,KAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAIE,MAAM,GAAG,KAAKxB,KAAL,CAAWsB,GAAX,CAAb;AACA,WAAKtB,KAAL,CAAWsB,GAAX,IAAkBvB,sBAAa0B,SAAb,CAAuBC,IAAvB,CAA4BhE,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmD0B,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND;AAQArE,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK4C,KAAL,CAAWK,eAAzB,EAA0C;AACxC;AACAsB,MAAAA,YAAY,EAAE,UAASC,GAAT,EAAc;AAC1B7C,QAAAA,MAAM,CAACC,QAAP,GAAkB4C,GAAlB;AACD;AAJuC,KAA1C;AAMAzE,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAK4C,KAAL,CAAWM,YAAzB,EAAuC;AACrC;AACAuB,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO9C,MAAM,CAAC+C,OAAd;AACD,OAJoC;AAMrC;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAOhD,MAAM,CAACC,QAAd;AACD,OAToC;AAWrC;AACAgD,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAOjD,MAAM,CAACkD,QAAd;AACD;AAdoC,KAAvC,EAtGiC,CAuHjC;;AACA,SAAKC,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAASzE,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEiE,gBAAa1E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAFH;AAGT2E,MAAAA,YAAY,EAAEA,kBAAa3E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAIT4E,MAAAA,QAAQ,EAAEA,cAAS5E,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKT6E,MAAAA,IAAI,EAAEA,UAAK7E,IAAL,CAAU,IAAV,EAAgB,IAAhB,CALG;AAMT8E,MAAAA,OAAO,EAAEA,aAAQ9E,IAAR,CAAa,IAAb,EAAmB,IAAnB,CANA;AAOT+E,MAAAA,MAAM,EAAEA,YAAO/E,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CAPC;AAQTgF,MAAAA,eAAe,EAAEA,qBAAgBhF,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CARR;AASTiF,MAAAA,6BAA6B,EAAEA,mCAA8BjF,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CATtB;AAUTkF,MAAAA,gBAAgB,EAAEA,sBAAiBlF,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAVT;AAWTmF,MAAAA,OAAO,EAAGC,IAAD,IAA0B;AACjC,aAAKlG,OAAL,CAAakG,IAAb,GAAoBA,IAApB;AACD,OAbQ;AAcTC,MAAAA,OAAO,EAAE,MAAsB;AAC7B,eAAO,KAAKnG,OAAL,CAAakG,IAApB;AACD,OAhBQ;AAiBTE,MAAAA,UAAU,EAAEA,gBAAWtF,IAAX,CAAgB,IAAhB,EAAsB,IAAtB;AAjBH,KAAX;AAmBA,8CAA4B,6CAA+B,IAA/B,CAA5B,EA3IiC,CA2IkC;AAEnE;;AACA,SAAKuF,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiBxF,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CA9IiC,CAkJjC;;AACA,SAAKyF,WAAL,GAAmBA,qBAAYzF,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAK0F,OAAL,GAAe,IAAI7G,OAAJ,EAAf,CArJiC,CAuJjC;;AACA,SAAK8G,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuB3G,IAAI,CAAC0G,YAA5B,CAApB,CAxJiC,CA0JjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB;AACD;;AAEDC,EAAAA,KAAK,GAAG;AACN,SAAKJ,YAAL,CAAkBI,KAAlB;;AACA,QAAI,CAAC,KAAKzD,KAAL,CAAWkB,eAAX,EAAL,EAAmC;AACjC,WAAKqC,gBAAL,CAAsBG,eAAtB;AACD;AACF;;AAEDC,EAAAA,IAAI,GAAG;AACL,SAAKN,YAAL,CAAkBM,IAAlB;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAKjH,OAAL,CAAaiH,OAAb,GAAuB1G,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,KAAKR,OAAL,CAAaiH,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GAlM2D,CAoM5D;AACA;AAEA;;;AACAC,EAAAA,qBAAqB,CAACC,YAAD,EAAiC;AACpD,WAAO,iCAAsB,IAAtB,EAA4BA,YAA5B,CAAP;AACD;;AAEDC,EAAAA,0BAA0B,CAACC,KAAD,EAAwB;AAChD,WAAO,sCAA2BA,KAA3B,CAAP;AACD,GA9M2D,CAgN5D;;;AACAC,EAAAA,qBAAqB,CAACC,OAAD,EAA2B;AAC9C,WAAO,iCAAsBA,OAAtB,CAAP;AACD;;AAEDC,EAAAA,wBAAwB,CAACD,OAAD,EAA+C;AACrE,WAAO,oCAAyBA,OAAzB,CAAP;AACD;;AAEW,QAANE,MAAM,CAACC,IAAD,EAAgD;AAC1D;AACA;AACA,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD;;AAE0B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAI5H,OAAD,IAAc;AACvC,aAAO0H,IAAI,CAACG,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCH,IAAzC,EAA+C1H,OAA/C,CAAP;AACD,KAHD;;AAIA,QAAI,CAAC0H,IAAI,CAACG,eAAV,EAA2B;AACzB,aAAOD,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKrB,WAAL,GACNuB,IADM,CACD,UAASvB,WAAT,EAAsB;AAC1B,aAAOqB,kBAAkB,CAAC;AACxBX,QAAAA,OAAO,EAAE;AACP,kCAAwBV;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBwB,kBAAkB,CAACL,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEM,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCP,IAA7C;;AACA,QAAG,KAAK1F,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAI+F,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAG5H,MAAM,CAACC,MAAP,CAAc;AAC3B;AACA4H,QAAAA,MAAM,EAAE,KAAKpI,OAAL,CAAaoI,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAK7E,KAAL,CAAWK,eAAX,CAA2B0E,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAKnG,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GAvQ2D,CAyQ5D;;;AACAW,EAAAA,YAAY,GAAoB;AAC9B,WAAO,KAAKF,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACNmF,IADM,CACD,YAAY;AAChB;AACA,WAAKrB,YAAL,CAAkB4B,KAAlB;AACD,KAJM,EAKNC,KALM,CAKA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAACnH,IAAF,KAAW,cAAX,IAA6BmH,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAXM,CAAP;AAYD,GAvR2D,CAyR5D;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA6C;AAClE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAKjC,YAAL,CAAkBkC,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAKnC,YAAL,CAAkBoC,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAKpC,YAAL,CAAkBqC,MAAlB,CAAyBF,cAAzB;AACD,KALiE,CAMlE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAOK,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAK5F,KAAL,CAAWS,MAAX,CAAkB6E,WAAlB,CAAP;AACD,GArS2D,CAuS5D;;;AACwB,QAAlBO,kBAAkB,CAACC,YAAD,EAA+C;AACrE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKzC,YAAL,CAAkBkC,SAAlB,EAAP,EAAsCO,YAArD;AACA,YAAMC,eAAe,GAAG,KAAK1C,YAAL,CAAkBoC,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAKpC,YAAL,CAAkBqC,MAAlB,CAAyBK,eAAzB;AACD,KALoE,CAMrE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAOH,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAK5F,KAAL,CAAWS,MAAX,CAAkBqF,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAACpJ,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACFqJ,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAvJ,OAJJ;;AAKA,QAAI,CAACqJ,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAK5C,YAAL,CAAkB+C,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKtJ,OAAL,CAAasJ,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GAjV2D,CAmV5D;;;AACa,QAAPE,OAAO,CAAC7J,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAGO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBR,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAI8J,UAAU,GAAG3H,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAI0H,UAAU,GAAG5H,MAAM,CAACC,QAAP,CAAgB4H,IAAjC;AACA,QAAIV,qBAAqB,GAAGtJ,OAAO,CAACsJ,qBAAR,IACvB,KAAKtJ,OAAL,CAAasJ,qBADU,IAEvBQ,UAFL;AAIA,QAAIpB,WAAW,GAAG1I,OAAO,CAAC0I,WAA1B;AACA,QAAIQ,YAAY,GAAGlJ,OAAO,CAACkJ,YAA3B;AACA,QAAIT,iBAAiB,GAAGzI,OAAO,CAACyI,iBAAR,KAA8B,KAAtD;AACA,QAAIQ,kBAAkB,GAAGjJ,OAAO,CAACiJ,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKzC,YAAL,CAAkB+C,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIT,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAKjC,YAAL,CAAkB+C,aAAlB,GAAkCd,WAAhD;AACD;;AAED,QAAI,CAAC1I,OAAO,CAACqJ,OAAb,EAAsB;AACpBrJ,MAAAA,OAAO,CAACqJ,OAAR,GAAkB,KAAK5C,YAAL,CAAkB+C,aAAlB,GAAkCH,OAApD;AACD;;AAED,QAAIJ,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIT,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMiB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAGpJ,OAAL;AAAcsJ,MAAAA;AAAd,KAA3B,CAAlB,CAnCsC,CAoCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd;AACA,aAAO,KAAK/G,YAAL,GAAoB;AAApB,OACNkF,IADM,CACD,YAAW;AACf,YAAIwB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxC5H,UAAAA,MAAM,CAACC,QAAP,CAAgB6H,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACL9H,UAAAA,MAAM,CAACC,QAAP,CAAgB5B,MAAhB,CAAuB8I,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KAVD,MAUO;AACL,UAAItJ,OAAO,CAACkK,wBAAZ,EAAsC;AACpC,aAAKzD,YAAL,CAAkB0D,qBAAlB;AACD,OAFD,MAEO;AACL;AACA,aAAK1D,YAAL,CAAkB4B,KAAlB;AACD,OANI,CAOL;;;AACAlG,MAAAA,MAAM,CAACC,QAAP,CAAgB5B,MAAhB,CAAuBmJ,SAAvB;AACD;AACF;;AAEDS,EAAAA,SAAS,CAAC1C,IAAD,EAAwB;AAC/B,QAAI1C,GAAG,GAAG,2BAA2B,yBAAc0C,IAAd,CAArC;AACA,QAAI1H,OAAO,GAAG;AACZiH,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAUjC,GAAV,EAAehF,OAAf,CAAP;AACD,GAxZ2D,CA0Z5D;AACA;AACA;AAEA;AACA;;;AACqB,QAAfqK,eAAe,GAAqB;AAExC,QAAI;AAAE3B,MAAAA,WAAF;AAAeW,MAAAA;AAAf,QAA2B,KAAK5C,YAAL,CAAkB+C,aAAlB,EAA/B;AACA,UAAM;AAAEc,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAK9D,YAAL,CAAkB+D,UAAlB,EAAlC;;AAEA,QAAI9B,WAAW,IAAI,KAAKjC,YAAL,CAAkBgE,UAAlB,CAA6B/B,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAG,IAAd;;AACA,UAAI4B,SAAJ,EAAe;AACb,YAAI;AACF5B,UAAAA,WAAW,GAAG,MAAM,KAAKjC,YAAL,CAAkB1C,KAAlB,CAAwB,aAAxB,CAApB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAIwG,UAAJ,EAAgB;AACrB,aAAK9D,YAAL,CAAkBqC,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAIO,OAAO,IAAI,KAAK5C,YAAL,CAAkBgE,UAAlB,CAA6BpB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAG,IAAV;;AACA,UAAIiB,SAAJ,EAAe;AACb,YAAI;AACFjB,UAAAA,OAAO,GAAG,MAAM,KAAK5C,YAAL,CAAkB1C,KAAlB,CAAwB,SAAxB,CAAhB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAIwG,UAAJ,EAAgB;AACrB,aAAK9D,YAAL,CAAkBqC,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIW,OAAjB,CAAR;AACD;;AAEY,QAAPqB,OAAO,GAAwB;AACnC,UAAM;AAAErB,MAAAA,OAAF;AAAWX,MAAAA;AAAX,QAA2B,KAAKjC,YAAL,CAAkB+C,aAAlB,EAAjC;AACA,WAAO,KAAKpG,KAAL,CAAWe,WAAX,CAAuBuE,WAAvB,EAAoCW,OAApC,CAAP;AACD;;AAEDsB,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAEtB,MAAAA;AAAF,QAAc,KAAK5C,YAAL,CAAkB+C,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqBuB,SAAnC;AACD;;AAEDC,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEnC,MAAAA;AAAF,QAAkB,KAAKjC,YAAL,CAAkB+C,aAAlB,EAAxB;AACA,WAAOd,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BkC,SAA/C;AACD;;AAEDE,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAE5B,MAAAA;AAAF,QAAmB,KAAKzC,YAAL,CAAkB+C,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+B0B,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBG,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAK5H,KAAL,CAAWM,YAAX,EAAzB;AACA,SAAK+C,YAAL,CAAkBwE,SAAlB,CAA4BD,MAA5B;AACD;;AAED9C,EAAAA,cAAc,CAACF,WAAD,EAAsBuB,KAAtB,EAA4C;AACxD;AACA,UAAM2B,cAAc,GAAGC,wBAAeC,iBAAf,EAAvB;;AACAF,IAAAA,cAAc,CAACG,OAAf,CAAuBC,mCAAvB,EAAkDtD,WAAlD,EAHwD,CAKxD;;AACAuB,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKvJ,OAAL,CAAauJ,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMgC,aAAa,GAAG,KAAKtL,cAAL,CAAoBuL,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACF,OAAd,CAAsB9B,KAAtB,EAA6BvB,WAA7B;AACD;AACF;;AAEDyD,EAAAA,cAAc,CAAClC,KAAD,EAAyB;AACrC;AACAA,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKvJ,OAAL,CAAauJ,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMgC,aAAa,GAAG,KAAKtL,cAAL,CAAoBuL,qBAApB,EAAtB;AACA,YAAMxD,WAAW,GAAGuD,aAAa,CAACG,OAAd,CAAsBnC,KAAtB,CAApB;;AACA,UAAIvB,WAAJ,EAAiB;AACf,eAAOA,WAAP;AACD;AACF,KAToC,CAWrC;;;AACA,UAAM3G,OAAO,GAAG8J,wBAAeC,iBAAf,EAAhB;;AACA,WAAO/J,OAAO,GAAGA,OAAO,CAACqK,OAAR,CAAgBJ,mCAAhB,CAAH,GAAgDV,SAA9D;AACD;;AAEDe,EAAAA,iBAAiB,CAACpC,KAAD,EAAuB;AACtC;AACA,UAAMlI,OAAO,GAAG8J,wBAAeC,iBAAf,EAAhB;;AACA/J,IAAAA,OAAO,CAACuK,UAAR,CAAmBN,mCAAnB,EAHsC,CAKtC;;AACA/B,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKvJ,OAAL,CAAauJ,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMgC,aAAa,GAAG,KAAKtL,cAAL,CAAoBuL,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACK,UAAd,CAAyBrC,KAAzB;AACD;AACF;;AAEDjF,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnBuH,mBAAmB,CAACb,MAAD,EAAkBhD,WAAlB,EAAuD;AAC9E,QAAIuB,KAAK,GAAG,KAAKvJ,OAAL,CAAauJ,KAAzB,CAD8E,CAG9E;;AACA,QAAIyB,MAAJ,EAAY;AACV,WAAKvE,YAAL,CAAkBwE,SAAlB,CAA4BD,MAA5B;AACAhD,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAKyD,cAAL,CAAoB,KAAKzL,OAAL,CAAauJ,KAAjC,CAA7B;AACD,KAHD,MAGO,IAAI,KAAKjF,eAAL,EAAJ,EAA4B;AACjC;AACA,YAAMwH,aAAa,GAAG,MAAM,6CAA0B,IAA1B,EAAgC,EAAhC,CAA5B;AACAvC,MAAAA,KAAK,GAAGuC,aAAa,CAACvC,KAAtB;AACAvB,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAKyD,cAAL,CAAoBlC,KAApB,CAA7B;AACA,YAAM,KAAKwB,uBAAL,EAAN;AACD,KANM,MAMA;AACL,aADK,CACG;AACT,KAf6E,CAiB9E;;;AACA,UAAM,KAAKpE,gBAAL,CAAsBG,eAAtB,EAAN,CAlB8E,CAoB9E;;AACA,SAAK6E,iBAAL,CAAuBpC,KAAvB,EArB8E,CAuB9E;;AACA,UAAM;AAAEwC,MAAAA;AAAF,QAAyB,KAAK/L,OAApC;;AACA,QAAI+L,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAO/D,WAAP,CAAxB;AACD,KAFD,MAEO;AACL7F,MAAAA,MAAM,CAACC,QAAP,CAAgB4J,OAAhB,CAAwBhE,WAAxB;AACD;AACF;;AAEDiE,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAKjM,OAAL,CAAawB,IAAtB;AACD;;AAED0K,EAAAA,eAAe,CAACC,YAAD,EAAgC;AAC7C,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAKrM,OAAL,CAAamM,YAA3B,KAA4C,KAAKnM,OAAL,CAAamM,YAAb,CAA0BG,MAA1E,EAAkF;AAChFJ,MAAAA,eAAe,GAAG,KAAKlM,OAAL,CAAamM,YAAb,CAA0BxH,OAA1B,CAAkCwH,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAKlM,OAAL,CAAamM,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GA5jB2D,CA8jB5D;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA,WAAO,KAAKxM,OAAL,CAAayM,MAAb,CAAoBC,KAApB,CAA0B,UAA1B,EAAsC,CAAtC,CAAP;AACD,GAtkB2D,CAwkB5D;;;AACAC,EAAAA,cAAc,CAACjF,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GA3kB2D,CA6kB5D;;;AACAkF,EAAAA,aAAa,CAAClF,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GAhlB2D,CAklB5D;;;AACAmF,EAAAA,mBAAmB,CAACnF,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD;;AArlB2D,C,CAwlB9D;;;AACA7H,QAAQ,CAACiN,QAAT,GAAoBjN,QAAQ,CAACgF,SAAT,CAAmBiI,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACAvM,MAAM,CAACC,MAAP,CAAcX,QAAd,EAAwB;AACtBkN,EAAAA,SADsB;AAEtB3F,EAAAA,0BAA0B,EAA1BA;AAFsB,CAAxB;eAKevH,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* SDK_VERSION is defined in webpack config */ \n/* global window, SDK_VERSION */\n\nimport { \n  DEFAULT_MAX_CLOCK_SKEW, \n  REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n  OktaAuth as SDKInterface,\n  OktaAuthOptions, \n  AccessToken, \n  IDToken,\n  RefreshToken,\n  TokenAPI, \n  FeaturesAPI, \n  SignoutAPI, \n  FingerprintAPI,\n  UserClaims, \n  SigninWithRedirectOptions,\n  SigninWithCredentialsOptions,\n  SignoutOptions,\n  Tokens,\n  ForgotPasswordOptions,\n  VerifyRecoveryTokenOptions,\n  TransactionAPI,\n  SessionAPI,\n  SigninAPI,\n  PkceAPI,\n  SigninOptions,\n  IdxAPI,\n  SignoutRedirectUrlOptions,\n  HttpAPI,\n  FlowIdentifier,\n} from './types';\nimport {\n  transactionStatus,\n  resumeTransaction,\n  transactionExists,\n  introspect,\n  postToTransaction,\n  AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n  closeSession,\n  sessionExists,\n  getSession,\n  refreshSession,\n  setCookieAndRedirect\n} from './session';\nimport {\n  getOAuthUrls,\n  getWithoutPrompt,\n  getWithPopup,\n  getWithRedirect,\n  isLoginRedirect,\n  parseFromUrl,\n  decodeToken,\n  revokeToken,\n  renewToken,\n  renewTokens,\n  renewTokensWithRefresh,\n  getUserInfo,\n  verifyToken,\n  prepareTokenParams,\n  exchangeCodeForTokens,\n  isInteractionRequiredError,\n  isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport browserStorage from './browser/browserStorage';\nimport { \n  toQueryString, \n  toAbsoluteUrl,\n  clone,\n  isEmailVerifyCallback,\n  EmailVerifyCallbackResponse,\n  parseEmailVerifyCallback\n} from './util';\nimport { getUserAgent } from './builderUtil';\nimport { TokenManager } from './TokenManager';\nimport { get, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport StorageManager from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n  interact,\n  introspect as introspectV2,\n  authenticate,\n  cancel,\n  poll,\n  proceed,\n  register,\n  recoverPassword,\n  startTransaction,\n  handleInteractionCodeRedirect,\n  canProceed,\n} from './idx';\nimport { createGlobalRequestInterceptor, setGlobalRequestInterceptor } from './idx/headers';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\n\nconst Emitter = require('tiny-emitter');\n\nclass OktaAuth implements SDKInterface, SigninAPI, SignoutAPI {\n  options: OktaAuthOptions;\n  storageManager: StorageManager;\n  transactionManager: TransactionManager;\n  tx: TransactionAPI;\n  idx: IdxAPI;\n  // keep this field to compatible with released downstream SDK versions\n  // TODO: remove in version 6\n  // JIRA: https://oktainc.atlassian.net/browse/OKTA-419417\n  userAgent: string;\n  session: SessionAPI;\n  pkce: PkceAPI;\n  static features: FeaturesAPI;\n  features: FeaturesAPI;\n  token: TokenAPI;\n  _tokenQueue: PromiseQueue;\n  emitter: typeof Emitter;\n  tokenManager: TokenManager;\n  authStateManager: AuthStateManager;\n  http: HttpAPI;\n  fingerprint: FingerprintAPI;\n  _oktaUserAgent: OktaUserAgent;\n  _pending: { handleLogin: boolean };\n  constructor(args: OktaAuthOptions) {\n    const options = this.options = buildOptions(args);\n    this.storageManager = new StorageManager(options.storageManager, options.cookies, options.storageUtil);\n    this.transactionManager = new TransactionManager(Object.assign({\n      storageManager: this.storageManager,\n    }, options.transactionManager));\n    this._oktaUserAgent = new OktaUserAgent();\n  \n    this.tx = {\n      status: transactionStatus.bind(null, this),\n      resume: resumeTransaction.bind(null, this),\n      exists: Object.assign(transactionExists.bind(null, this), {\n        _get: (name) => {\n          const storage = options.storageUtil.storage;\n          return storage.get(name);\n        }\n      }),\n      introspect: introspect.bind(null, this)\n    };\n\n    this.pkce = {\n      DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n      generateVerifier: PKCE.generateVerifier,\n      computeChallenge: PKCE.computeChallenge\n    };\n\n    // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n    Object.assign(this.options.storageUtil, {\n      getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n      getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n    });\n\n    this._pending = { handleLogin: false };\n\n    if (isBrowser()) {\n      this.options = Object.assign(this.options, {\n        redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n      });\n      this.userAgent = getUserAgent(args, `okta-auth-js/${SDK_VERSION}`);\n    } else {\n      this.userAgent = getUserAgent(args, `okta-auth-js-server/${SDK_VERSION}`);\n    }\n\n    // Digital clocks will drift over time, so the server\n    // can misalign with the time reported by the browser.\n    // The maxClockSkew allows relaxing the time-based\n    // validation of tokens (in seconds, not milliseconds).\n    // It currently defaults to 300, because 5 min is the\n    // default maximum tolerance allowed by Kerberos.\n    // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n    if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n      this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n    } else {\n      this.options.maxClockSkew = args.maxClockSkew;\n    }\n\n    // As some end user's devices can have their date \n    // and time incorrectly set, allow for the disabling\n    // of the jwt liftetime validation\n    this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n    this.session = {\n      close: closeSession.bind(null, this),\n      exists: sessionExists.bind(null, this),\n      get: getSession.bind(null, this),\n      refresh: refreshSession.bind(null, this),\n      setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n    };\n\n    this._tokenQueue = new PromiseQueue();\n    this.token = {\n      prepareTokenParams: prepareTokenParams.bind(null, this),\n      exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n      getWithoutPrompt: getWithoutPrompt.bind(null, this),\n      getWithPopup: getWithPopup.bind(null, this),\n      getWithRedirect: getWithRedirect.bind(null, this),\n      parseFromUrl: parseFromUrl.bind(null, this),\n      decode: decodeToken,\n      revoke: revokeToken.bind(null, this),\n      renew: renewToken.bind(null, this),\n      renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n      renewTokens: renewTokens.bind(null, this),\n      getUserInfo: getUserInfo.bind(null, this),\n      verify: verifyToken.bind(null, this),\n      isLoginRedirect: isLoginRedirect.bind(null, this)\n    };\n    // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n    const syncMethods = ['decode', 'isLoginRedirect'];\n    Object.keys(this.token).forEach(key => {\n      if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n        return;\n      }\n      var method = this.token[key];\n      this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n    });\n    \n    Object.assign(this.token.getWithRedirect, {\n      // This is exposed so we can set window.location in our tests\n      _setLocation: function(url) {\n        window.location = url;\n      }\n    });\n    Object.assign(this.token.parseFromUrl, {\n      // This is exposed so we can mock getting window.history in our tests\n      _getHistory: function() {\n        return window.history;\n      },\n\n      // This is exposed so we can mock getting window.location in our tests\n      _getLocation: function() {\n        return window.location;\n      },\n\n      // This is exposed so we can mock getting window.document in our tests\n      _getDocument: function() {\n        return window.document;\n      }\n    });\n\n    // IDX\n    this.idx = {\n      interact: interact.bind(null, this),\n      introspect: introspectV2.bind(null, this),\n      authenticate: authenticate.bind(null, this),\n      register: register.bind(null, this),\n      poll: poll.bind(null, this),\n      proceed: proceed.bind(null, this),\n      cancel: cancel.bind(null, this),\n      recoverPassword: recoverPassword.bind(null, this),\n      handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n      startTransaction: startTransaction.bind(null, this),\n      setFlow: (flow: FlowIdentifier) => {\n        this.options.flow = flow;\n      },\n      getFlow: (): FlowIdentifier => {\n        return this.options.flow;\n      },\n      canProceed: canProceed.bind(null, this),\n    };\n    setGlobalRequestInterceptor(createGlobalRequestInterceptor(this)); // to pass custom headers to IDX endpoints\n\n    // HTTP\n    this.http = {\n      setRequestHeader: setRequestHeader.bind(null, this)\n    };\n\n    // Fingerprint API\n    this.fingerprint = fingerprint.bind(null, this);\n\n    this.emitter = new Emitter();\n\n    // TokenManager\n    this.tokenManager = new TokenManager(this, args.tokenManager);\n\n    // AuthStateManager\n    this.authStateManager = new AuthStateManager(this);\n  }\n\n  start() {\n    this.tokenManager.start();\n    if (!this.token.isLoginRedirect()) {\n      this.authStateManager.updateAuthState();\n    }\n  }\n\n  stop() {\n    this.tokenManager.stop();\n  }\n\n  setHeaders(headers) {\n    this.options.headers = Object.assign({}, this.options.headers, headers);\n  }\n\n  // ES6 module users can use named exports to access all symbols\n  // CommonJS module users (CDN) need all exports on this object\n\n  // Utility methods for interaction code flow\n  isInteractionRequired(hashOrSearch?: string): boolean {\n    return isInteractionRequired(this, hashOrSearch);\n  }\n\n  isInteractionRequiredError(error: Error): boolean {\n    return isInteractionRequiredError(error);\n  }\n\n  // Utility methods for email verify callback\n  isEmailVerifyCallback(urlPath: string): boolean {\n    return isEmailVerifyCallback(urlPath);\n  }\n\n  parseEmailVerifyCallback(urlPath: string): EmailVerifyCallbackResponse {\n    return parseEmailVerifyCallback(urlPath);\n  }\n\n  async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n    // TODO: support interaction code flow\n    // Authn V1 flow\n    return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n  }\n\n  async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n    opts = clone(opts || {});\n    const _postToTransaction = (options?) => {\n      delete opts.sendFingerprint;\n      return postToTransaction(this, '/api/v1/authn', opts, options);\n    };\n    if (!opts.sendFingerprint) {\n      return _postToTransaction();\n    }\n    return this.fingerprint()\n    .then(function(fingerprint) {\n      return _postToTransaction({\n        headers: {\n          'X-Device-Fingerprint': fingerprint\n        }\n      });\n    });\n  }\n\n  async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n    const { originalUri, ...additionalParams } = opts;\n    if(this._pending.handleLogin) { \n      // Don't trigger second round\n      return;\n    }\n\n    this._pending.handleLogin = true;\n    try {\n      // Trigger default signIn redirect flow\n      if (originalUri) {\n        this.setOriginalUri(originalUri);\n      }\n      const params = Object.assign({\n        // TODO: remove this line when default scopes are changed OKTA-343294\n        scopes: this.options.scopes || ['openid', 'email', 'profile']\n      }, additionalParams);\n      await this.token.getWithRedirect(params);\n    } finally {\n      this._pending.handleLogin = false;\n    }\n  }\n\n  // Ends the current Okta SSO session without redirecting to Okta.\n  closeSession(): Promise<object> {\n    return this.session.close() // DELETE /api/v1/sessions/me\n    .then(async () => {\n      // Clear all local tokens\n      this.tokenManager.clear();\n    })\n    .catch(function(e) {\n      if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n        // Session does not exist or has already been closed\n        return null;\n      }\n      throw e;\n    });\n  }\n  \n  // Revokes the access token for the application session\n  async revokeAccessToken(accessToken?: AccessToken): Promise<object> {\n    if (!accessToken) {\n      accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n      const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n      this.tokenManager.remove(accessTokenKey);\n    }\n    // Access token may have been removed. In this case, we will silently succeed.\n    if (!accessToken) {\n      return Promise.resolve(null);\n    }\n    return this.token.revoke(accessToken);\n  }\n\n  // Revokes the refresh token for the application session\n  async revokeRefreshToken(refreshToken?: RefreshToken): Promise<object> {\n    if (!refreshToken) {\n      refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n      const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n      this.tokenManager.remove(refreshTokenKey);\n    }\n    // Refresh token may have been removed. In this case, we will silently succeed.\n    if (!refreshToken) {\n      return Promise.resolve(null);\n    }\n    return this.token.revoke(refreshToken);\n  }\n\n  getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n    let {\n      idToken,\n      postLogoutRedirectUri,\n      state,\n    } = options;\n    if (!idToken) {\n      idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n    }\n    if (!idToken) {\n      return '';\n    }\n    if (!postLogoutRedirectUri) {\n      postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n    }\n\n    const logoutUrl = getOAuthUrls(this).logoutUrl;\n    const idTokenHint = idToken.idToken; // a string\n    let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n    if (postLogoutRedirectUri) {\n      logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n    } \n    // State allows option parameters to be passed to logout redirect uri\n    if (state) {\n      logoutUri += '&state=' + encodeURIComponent(state);\n    }\n\n    return logoutUri;\n  }\n\n  // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n  async signOut(options?: SignoutOptions) {\n    options = Object.assign({}, options);\n  \n    // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n    var defaultUri = window.location.origin;\n    var currentUri = window.location.href;\n    var postLogoutRedirectUri = options.postLogoutRedirectUri\n      || this.options.postLogoutRedirectUri\n      || defaultUri;\n  \n    var accessToken = options.accessToken;\n    var refreshToken = options.refreshToken;\n    var revokeAccessToken = options.revokeAccessToken !== false;\n    var revokeRefreshToken = options.revokeRefreshToken !== false;\n  \n    if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n      refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n    }\n\n    if (revokeAccessToken && typeof accessToken === 'undefined') {\n      accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n    }\n  \n    if (!options.idToken) {\n      options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n    }\n\n    if (revokeRefreshToken && refreshToken) {\n      await this.revokeRefreshToken(refreshToken);\n    }\n\n    if (revokeAccessToken && accessToken) {\n      await this.revokeAccessToken(accessToken);\n    }\n\n    const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n    // No logoutUri? This can happen if the storage was cleared.\n    // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n    if (!logoutUri) {\n      // local tokens are cleared once session is closed\n      return this.closeSession() // can throw if the user cannot be signed out\n      .then(function() {\n        if (postLogoutRedirectUri === currentUri) {\n          window.location.reload(); // force a hard reload if URI is not changing\n        } else {\n          window.location.assign(postLogoutRedirectUri);\n        }\n      });\n    } else {\n      if (options.clearTokensAfterRedirect) {\n        this.tokenManager.addPendingRemoveFlags();\n      } else {\n        // Clear all local tokens\n        this.tokenManager.clear();\n      }\n      // Flow ends with logout redirect\n      window.location.assign(logoutUri);\n    }\n  }\n\n  webfinger(opts): Promise<object> {\n    var url = '/.well-known/webfinger' + toQueryString(opts);\n    var options = {\n      headers: {\n        'Accept': 'application/jrd+json'\n      }\n    };\n    return get(this, url, options);\n  }\n\n  //\n  // Common Methods from downstream SDKs\n  //\n\n  // Returns true if both accessToken and idToken are not expired\n  // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n  async isAuthenticated(): Promise<boolean> {\n\n    let { accessToken, idToken } = this.tokenManager.getTokensSync();\n    const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n    if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n      accessToken = null;\n      if (autoRenew) {\n        try {\n          accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n        } catch {\n          // Renew errors will emit an \"error\" event \n        }\n      } else if (autoRemove) {\n        this.tokenManager.remove('accessToken');\n      }\n    }\n\n    if (idToken && this.tokenManager.hasExpired(idToken)) {\n      idToken = null;\n      if (autoRenew) {\n        try {\n          idToken = await this.tokenManager.renew('idToken') as IDToken;\n        } catch {\n          // Renew errors will emit an \"error\" event \n        }\n      } else if (autoRemove) {\n        this.tokenManager.remove('idToken');\n      }\n    }\n\n    return !!(accessToken && idToken);\n  }\n\n  async getUser(): Promise<UserClaims> {\n    const { idToken, accessToken } = this.tokenManager.getTokensSync();\n    return this.token.getUserInfo(accessToken, idToken);\n  }\n\n  getIdToken(): string | undefined {\n    const { idToken } = this.tokenManager.getTokensSync();\n    return idToken ? idToken.idToken : undefined;\n  }\n\n  getAccessToken(): string | undefined {\n    const { accessToken } = this.tokenManager.getTokensSync();\n    return accessToken ? accessToken.accessToken : undefined;\n  }\n\n  getRefreshToken(): string | undefined {\n    const { refreshToken } = this.tokenManager.getTokensSync();\n    return refreshToken ? refreshToken.refreshToken : undefined;\n  }\n\n  /**\n   * Store parsed tokens from redirect url\n   */\n  async storeTokensFromRedirect(): Promise<void> {\n    const { tokens } = await this.token.parseFromUrl();\n    this.tokenManager.setTokens(tokens);\n  }\n\n  setOriginalUri(originalUri: string, state?: string): void {\n    // always store in session storage\n    const sessionStorage = browserStorage.getSessionStorage();\n    sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n\n    // to support multi-tab flows, set a state in constructor or pass as param\n    state = state || this.options.state;\n    if (state) {\n      const sharedStorage = this.storageManager.getOriginalUriStorage();\n      sharedStorage.setItem(state, originalUri);\n    }\n  }\n\n  getOriginalUri(state?: string): string {\n    // Prefer shared storage (if state is available)\n    state = state || this.options.state;\n    if (state) {\n      const sharedStorage = this.storageManager.getOriginalUriStorage();\n      const originalUri = sharedStorage.getItem(state);\n      if (originalUri) {\n        return originalUri;\n      }\n    }\n\n    // Try to load from session storage\n    const storage = browserStorage.getSessionStorage();\n    return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) : undefined;\n  }\n\n  removeOriginalUri(state?: string): void {\n    // Remove from sessionStorage\n    const storage = browserStorage.getSessionStorage();\n    storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n\n    // Also remove from shared storage\n    state = state || this.options.state;\n    if (state) {\n      const sharedStorage = this.storageManager.getOriginalUriStorage();\n      sharedStorage.removeItem(state);\n    }\n  }\n\n  isLoginRedirect(): boolean {\n    return isLoginRedirect(this);\n  }\n\n  async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n    let state = this.options.state;\n\n    // Store tokens and update AuthState by the emitted events\n    if (tokens) {\n      this.tokenManager.setTokens(tokens);\n      originalUri = originalUri || this.getOriginalUri(this.options.state);\n    } else if (this.isLoginRedirect()) {\n      // For redirect flow, get state from the URL and use it to retrieve the originalUri\n      const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n      state = oAuthResponse.state;\n      originalUri = originalUri || this.getOriginalUri(state);\n      await this.storeTokensFromRedirect();\n    } else {\n      return; // nothing to do\n    }\n    \n    // ensure auth state has been updated\n    await this.authStateManager.updateAuthState();\n\n    // clear originalUri from storage\n    this.removeOriginalUri(state);\n\n    // Redirect to originalUri\n    const { restoreOriginalUri } = this.options;\n    if (restoreOriginalUri) {\n      await restoreOriginalUri(this, originalUri);\n    } else {\n      window.location.replace(originalUri);\n    }\n  }\n\n  isPKCE(): boolean {\n    return !!this.options.pkce;\n  }\n\n  hasResponseType(responseType: string): boolean {\n    let hasResponseType = false;\n    if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n      hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n    } else {\n      hasResponseType = this.options.responseType === responseType;\n    }\n    return hasResponseType;\n  }\n\n  isAuthorizationCodeFlow(): boolean {\n    return this.hasResponseType('code');\n  }\n\n  // { username, password, (relayState), (context) }\n  // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n  //   return postToTransaction(this, '/api/v1/authn', opts);\n  // }\n\n  getIssuerOrigin(): string {\n    // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n    return this.options.issuer.split('/oauth2/')[0];\n  }\n\n  // { username, (relayState) }\n  forgotPassword(opts): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n  }\n\n  // { username, (relayState) }\n  unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n  }\n\n  // { recoveryToken }\n  verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n    return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n  }\n}\n\n// Hoist feature detection functions to static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist values and utility functions for CommonJS users\nObject.assign(OktaAuth, {\n  constants,\n  isInteractionRequiredError\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}

package/cjs/OktaUserAgent.js

@@ -21,7 +21,7 @@ var _features = require("./features");
 class OktaUserAgent {
   constructor() {
     // add base sdk env
-    this.environments = [`okta-auth-js/${"5.8.0"}`];
+    this.environments = [`okta-auth-js/${"5.10.1"}`];
   }
 
   addEnvironment(env) {
@@ -36,7 +36,7 @@ class OktaUserAgent {
   }
 
   getVersion() {
-    return "5.8.0";
+    return "5.10.1";
   }
 
   maybeAddNodeEnvironment() {

package/cjs/OktaUserAgent.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../lib/OktaUserAgent.ts"],"names":["OktaUserAgent","constructor","environments","addEnvironment","env","push","getHttpHeader","maybeAddNodeEnvironment","join","getVersion","process","versions","node","version"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAGO,MAAMA,aAAN,CAAoB;AAGzBC,EAAAA,WAAW,GAAG;AACZ;AACA,SAAKC,YAAL,GAAoB,CAAE,gBAAD,OAA4B,EAA7B,CAApB;AACD;;AAEDC,EAAAA,cAAc,CAACC,GAAD,EAAc;AAC1B,SAAKF,YAAL,CAAkBG,IAAlB,CAAuBD,GAAvB;AACD;;AAEDE,EAAAA,aAAa,GAAG;AACd,SAAKC,uBAAL;AACA,WAAO;AAAE,oCAA8B,KAAKL,YAAL,CAAkBM,IAAlB,CAAuB,GAAvB;AAAhC,KAAP;AACD;;AAEDC,EAAAA,UAAU,GAAG;AACX;AACD;;AAEOF,EAAAA,uBAAuB,GAAG;AAChC,QAAI,8BAAe,CAACG,OAAhB,IAA2B,CAACA,OAAO,CAACC,QAAxC,EAAkD;AAChD;AACD;;AACD,UAAM;AAAEC,MAAAA,IAAI,EAAEC;AAAR,QAAoBH,OAAO,CAACC,QAAlC;AACA,SAAKT,YAAL,CAAkBG,IAAlB,CAAwB,UAASQ,OAAQ,EAAzC;AACD;;AA3BwB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global SDK_VERSION */\nimport { isBrowser } from './features';\n\nexport class OktaUserAgent {\n  private environments: string[];\n\n  constructor() {\n    // add base sdk env\n    this.environments = [`okta-auth-js/${SDK_VERSION}`];\n  }\n\n  addEnvironment(env: string) {\n    this.environments.push(env);\n  }\n\n  getHttpHeader() {\n    this.maybeAddNodeEnvironment();\n    return { 'X-Okta-User-Agent-Extended': this.environments.join(' ') };\n  }\n\n  getVersion() {\n    return SDK_VERSION;\n  }\n\n  private maybeAddNodeEnvironment() {\n    if (isBrowser() || !process || !process.versions) {\n      return;\n    }\n    const { node: version } = process.versions;\n    this.environments.push(`nodejs/${version}`);\n  }\n}\n"],"file":"OktaUserAgent.js"}
+{"version":3,"sources":["../../lib/OktaUserAgent.ts"],"names":["OktaUserAgent","constructor","environments","addEnvironment","env","push","getHttpHeader","maybeAddNodeEnvironment","join","getVersion","process","versions","node","version"],"mappings":";;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAGO,MAAMA,aAAN,CAAoB;AAGzBC,EAAAA,WAAW,GAAG;AACZ;AACA,SAAKC,YAAL,GAAoB,CAAE,gBAAD,QAA4B,EAA7B,CAApB;AACD;;AAEDC,EAAAA,cAAc,CAACC,GAAD,EAAc;AAC1B,SAAKF,YAAL,CAAkBG,IAAlB,CAAuBD,GAAvB;AACD;;AAEDE,EAAAA,aAAa,GAAG;AACd,SAAKC,uBAAL;AACA,WAAO;AAAE,oCAA8B,KAAKL,YAAL,CAAkBM,IAAlB,CAAuB,GAAvB;AAAhC,KAAP;AACD;;AAEDC,EAAAA,UAAU,GAAG;AACX;AACD;;AAEOF,EAAAA,uBAAuB,GAAG;AAChC,QAAI,8BAAe,CAACG,OAAhB,IAA2B,CAACA,OAAO,CAACC,QAAxC,EAAkD;AAChD;AACD;;AACD,UAAM;AAAEC,MAAAA,IAAI,EAAEC;AAAR,QAAoBH,OAAO,CAACC,QAAlC;AACA,SAAKT,YAAL,CAAkBG,IAAlB,CAAwB,UAASQ,OAAQ,EAAzC;AACD;;AA3BwB","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global SDK_VERSION */\nimport { isBrowser } from './features';\n\nexport class OktaUserAgent {\n  private environments: string[];\n\n  constructor() {\n    // add base sdk env\n    this.environments = [`okta-auth-js/${SDK_VERSION}`];\n  }\n\n  addEnvironment(env: string) {\n    this.environments.push(env);\n  }\n\n  getHttpHeader() {\n    this.maybeAddNodeEnvironment();\n    return { 'X-Okta-User-Agent-Extended': this.environments.join(' ') };\n  }\n\n  getVersion() {\n    return SDK_VERSION;\n  }\n\n  private maybeAddNodeEnvironment() {\n    if (isBrowser() || !process || !process.versions) {\n      return;\n    }\n    const { node: version } = process.versions;\n    this.environments.push(`nodejs/${version}`);\n  }\n}\n"],"file":"OktaUserAgent.js"}

package/cjs/TokenManager.js

@@ -35,6 +35,7 @@ var _TokenService = require("./services/TokenService");
 const DEFAULT_OPTIONS = {
   autoRenew: true,
   autoRemove: true,
+  clearPendingRemoveTokens: true,
   storage: undefined,
   // will use value from storageManager config
   expireEarlySeconds: 30,
@@ -104,6 +105,10 @@ class TokenManager {
       this.stop();
     }
 
+    if (this.options.clearPendingRemoveTokens) {
+      this.clearPendingRemoveTokens();
+    }
+
     this.service = new _TokenService.TokenService(this, this.getOptions());
     this.service.start();
   }
@@ -416,10 +421,10 @@ class TokenManager {
       if ((0, _util2.isRefreshTokenError)(err) || err.name === 'OAuthError' || err.name === 'AuthSdkError') {
         // remove token from storage
         this.remove(key);
-        err.tokenKey = key;
-        this.emitError(err);
       }
 
+      err.tokenKey = key;
+      this.emitError(err);
       throw err;
     }).finally(() => {
       // Remove existing promise key
@@ -433,6 +438,15 @@ class TokenManager {
     this.storage.clearStorage();
   }
 
+  clearPendingRemoveTokens() {
+    const tokens = this.getTokensSync();
+    Object.keys(tokens).forEach(key => {
+      if (tokens[key].pendingRemove) {
+        this.remove(key);
+      }
+    });
+  }
+
   getTokensFromStorageValue(value) {
     let tokens;
 
@@ -455,6 +469,14 @@ class TokenManager {
     this.storage.setStorage(tokenStorage);
   }
 
+  addPendingRemoveFlags() {
+    const tokens = this.getTokensSync();
+    Object.keys(tokens).forEach(key => {
+      tokens[key].pendingRemove = true;
+    });
+    this.setTokens(tokens);
+  }
+
 }
 
 exports.TokenManager = TokenManager;