@okta/okta-auth-js 5.8.0 → 5.10.1

package/esm/oidc/endpoints/token.js

@@ -1,97 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * 
- * See the License for the specific language governing permissions and limitations under the License.
- */
-import { AuthSdkError } from '../../errors';
-import { removeNils, toQueryString } from '../../util';
-import { httpRequest } from '../../http';
-
-function validateOptions(options) {
-  // Quick validation
-  if (!options.clientId) {
-    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');
-  }
-
-  if (!options.redirectUri) {
-    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');
-  }
-
-  if (!options.authorizationCode && !options.interactionCode) {
-    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');
-  }
-
-  if (!options.codeVerifier) {
-    throw new AuthSdkError('The "codeVerifier" (generated and saved by your app) must be passed to /token');
-  }
-}
-
-function getPostData(sdk, options) {
-  // Convert Token params to OAuth params, sent to the /token endpoint
-  var params = removeNils({
-    'client_id': options.clientId,
-    'redirect_uri': options.redirectUri,
-    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',
-    'code_verifier': options.codeVerifier
-  });
-
-  if (options.interactionCode) {
-    params['interaction_code'] = options.interactionCode;
-  } else if (options.authorizationCode) {
-    params.code = options.authorizationCode;
-  }
-
-  var {
-    clientSecret
-  } = sdk.options;
-
-  if (clientSecret) {
-    params['client_secret'] = clientSecret;
-  } // Encode as URL string
-
-
-  return toQueryString(params).slice(1);
-} // exchange authorization code for an access token
-
-
-export function postToTokenEndpoint(sdk, options, urls) {
-  validateOptions(options);
-  var data = getPostData(sdk, options);
-  var headers = {
-    'Content-Type': 'application/x-www-form-urlencoded'
-  };
-  return httpRequest(sdk, {
-    url: urls.tokenUrl,
-    method: 'POST',
-    args: data,
-    headers
-  });
-}
-export function postRefreshToken(sdk, options, refreshToken) {
-  return httpRequest(sdk, {
-    url: refreshToken.tokenUrl,
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/x-www-form-urlencoded'
-    },
-    args: Object.entries({
-      client_id: options.clientId,
-      // eslint-disable-line camelcase
-      grant_type: 'refresh_token',
-      // eslint-disable-line camelcase
-      scope: refreshToken.scopes.join(' '),
-      refresh_token: refreshToken.refreshToken // eslint-disable-line camelcase
-
-    }).map(function (_ref) {
-      var [name, value] = _ref;
-      return name + '=' + encodeURIComponent(value);
-    }).join('&')
-  });
-}
-//# sourceMappingURL=token.js.map

package/esm/oidc/endpoints/token.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["AuthSdkError","removeNils","toQueryString","httpRequest","validateOptions","options","clientId","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","slice","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","Object","entries","client_id","grant_type","scope","scopes","join","refresh_token","map","name","value","encodeURIComponent"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,YAAT,QAA6B,cAA7B;AAEA,SAASC,UAAT,EAAqBC,aAArB,QAA0C,YAA1C;AACA,SAASC,WAAT,QAA4B,YAA5B;;AAEA,SAASC,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIN,YAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACK,OAAO,CAACE,WAAb,EAA0B;AACxB,UAAM,IAAIP,YAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACK,OAAO,CAACG,iBAAT,IAA8B,CAACH,OAAO,CAACI,eAA3C,EAA4D;AAC1D,UAAM,IAAIT,YAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACK,OAAO,CAACK,YAAb,EAA2B;AACzB,UAAM,IAAIV,YAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASW,WAAT,CAAqBC,GAArB,EAA0BP,OAA1B,EAAwD;AACtD;AACA,MAAIQ,MAAmB,GAAGZ,UAAU,CAAC;AACnC,iBAAaI,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACE,WAFW;AAGnC,kBAAcF,OAAO,CAACI,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBJ,OAAO,CAACK;AAJU,GAAD,CAApC;;AAOA,MAAIL,OAAO,CAACI,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BR,OAAO,CAACI,eAArC;AACD,GAFD,MAEO,IAAIJ,OAAO,CAACG,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcT,OAAO,CAACG,iBAAtB;AACD;;AAED,MAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACP,OAA7B;;AACA,MAAIU,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAOb,aAAa,CAACW,MAAD,CAAb,CAAsBG,KAAtB,CAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACA,OAAO,SAASC,mBAAT,CAA6BL,GAA7B,EAAkCP,OAAlC,EAAwDa,IAAxD,EAAkG;AACvGd,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIc,IAAI,GAAGR,WAAW,CAACC,GAAD,EAAMP,OAAN,CAAtB;AAEA,MAAMe,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAOjB,WAAW,CAACS,GAAD,EAAM;AACtBS,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAN,CAAlB;AAMD;AAED,OAAO,SAASK,gBAAT,CAA0Bb,GAA1B,EAA+BP,OAA/B,EAAqDqB,YAArD,EAAyG;AAC9G,SAAOvB,WAAW,CAACS,GAAD,EAAM;AACtBS,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAEG,MAAM,CAACC,OAAP,CAAe;AACnBC,MAAAA,SAAS,EAAExB,OAAO,CAACC,QADA;AACU;AAC7BwB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEL,YAAY,CAACM,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAER,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,EAKHS,GALG,CAKC,gBAAyB;AAAA,UAAf,CAACC,IAAD,EAAOC,KAAP,CAAe;AAC9B,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KAPK,EAOHJ,IAPG,CAOE,GAPF;AAPgB,GAAN,CAAlB;AAgBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n  // Quick validation\n  if (!options.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!options.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!options.authorizationCode && !options.interactionCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!options.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n  // Convert Token params to OAuth params, sent to the /token endpoint\n  var params: OAuthParams = removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n    'code_verifier': options.codeVerifier\n  });\n\n  if (options.interactionCode) {\n    params['interaction_code'] = options.interactionCode;\n  } else if (options.authorizationCode) {\n    params.code = options.authorizationCode;\n  }\n\n  const { clientSecret } = sdk.options;\n  if (clientSecret) {\n    params['client_secret'] = clientSecret;\n  }\n\n  // Encode as URL string\n  return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n  validateOptions(options);\n  var data = getPostData(sdk, options);\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded'\n  };\n\n  return httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    headers\n  });\n}\n\nexport function postRefreshToken(sdk, options: TokenParams, refreshToken: RefreshToken): Promise<OAuthResponse> {\n  return httpRequest(sdk, {\n    url: refreshToken.tokenUrl,\n    method: 'POST',\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    },\n\n    args: Object.entries({\n      client_id: options.clientId, // eslint-disable-line camelcase\n      grant_type: 'refresh_token', // eslint-disable-line camelcase\n      scope: refreshToken.scopes.join(' '),\n      refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n    }).map(function ([name, value]) {\n      return name + '=' + encodeURIComponent(value);\n    }).join('&'),\n  });\n}"],"file":"token.js"}

package/esm/oidc/endpoints/well-known.js

@@ -1,58 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { get } from '../../http';
-import { find } from '../../util';
-import AuthSdkError from '../../errors/AuthSdkError';
-export function getWellKnown(sdk, issuer) {
-  var authServerUri = issuer || sdk.options.issuer;
-  return get(sdk, authServerUri + '/.well-known/openid-configuration', {
-    cacheResponse: true
-  });
-}
-export function getKey(sdk, issuer, kid) {
-  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);
-  return getWellKnown(sdk, issuer).then(function (wellKnown) {
-    var jwksUri = wellKnown['jwks_uri']; // Check our kid against the cached version (if it exists and isn't expired)
-
-    var cacheContents = httpCache.getStorage();
-    var cachedResponse = cacheContents[jwksUri];
-
-    if (cachedResponse && Date.now() / 1000 < cachedResponse.expiresAt) {
-      var cachedKey = find(cachedResponse.response.keys, {
-        kid: kid
-      });
-
-      if (cachedKey) {
-        return cachedKey;
-      }
-    } // Remove cache for the key
-
-
-    httpCache.clearStorage(jwksUri); // Pull the latest keys if the key wasn't in the cache
-
-    return get(sdk, jwksUri, {
-      cacheResponse: true
-    }).then(function (res) {
-      var key = find(res.keys, {
-        kid: kid
-      });
-
-      if (key) {
-        return key;
-      }
-
-      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\'s keys');
-    });
-  });
-}
-//# sourceMappingURL=well-known.js.map

package/esm/oidc/endpoints/well-known.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["get","find","AuthSdkError","getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","keys","clearStorage","res","key"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,GAAT,QAAoB,YAApB;AACA,SAASC,IAAT,QAAqB,YAArB;AAEA,OAAOC,YAAP,MAAyB,2BAAzB;AAEA,OAAO,SAASC,YAAT,CAAsBC,GAAtB,EAAqCC,MAArC,EAAkF;AACvF,MAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;AACA,SAAOL,GAAG,CAACI,GAAD,EAAME,aAAa,GAAG,mCAAtB,EAA2D;AACnEE,IAAAA,aAAa,EAAE;AADoD,GAA3D,CAAV;AAGD;AAED,OAAO,SAASC,MAAT,CAAgBL,GAAhB,EAA+BC,MAA/B,EAA+CK,GAA/C,EAA6E;AAClF,MAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;AAEA,SAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;AACxB,QAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;AACA,QAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;AACA,QAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;AACA,QAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;AAChE,UAAIC,SAAS,GAAGvB,IAAI,CAACmB,cAAc,CAACK,QAAf,CAAwBC,IAAzB,EAA+B;AACjDhB,QAAAA,GAAG,EAAEA;AAD4C,OAA/B,CAApB;;AAIA,UAAIc,SAAJ,EAAe;AACb,eAAOA,SAAP;AACD;AACF,KAduB,CAgBxB;;;AACAb,IAAAA,SAAS,CAACgB,YAAV,CAAuBV,OAAvB,EAjBwB,CAmBxB;;AACA,WAAOjB,GAAG,CAACI,GAAD,EAAMa,OAAN,EAAe;AACvBT,MAAAA,aAAa,EAAE;AADQ,KAAf,CAAH,CAGNO,IAHM,CAGD,UAASa,GAAT,EAAc;AAClB,UAAIC,GAAG,GAAG5B,IAAI,CAAC2B,GAAG,CAACF,IAAL,EAAW;AACvBhB,QAAAA,GAAG,EAAEA;AADkB,OAAX,CAAd;;AAIA,UAAImB,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;;AAED,YAAM,IAAI3B,YAAJ,CAAiB,iBAAiBQ,GAAjB,GAAuB,uCAAxC,CAAN;AACD,KAbM,CAAP;AAcD,GAnCM,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuth, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuth, issuer?: string): Promise<WellKnownResponse> {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nexport function getKey(sdk: OktaAuth, issuer: string, kid: string): Promise<string> {\n  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n"],"file":"well-known.js"}

package/esm/oidc/exchangeCodeForTokens.js

@@ -1,69 +0,0 @@
-/* eslint-disable max-len */
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { getOAuthUrls } from '../oidc';
-import { getDefaultTokenParams } from './util';
-import { clone } from '../util';
-import { postToTokenEndpoint } from './endpoints/token';
-import { handleOAuthResponse } from './handleOAuthResponse'; // codeVerifier is required. May pass either an authorizationCode or interactionCode
-
-export function exchangeCodeForTokens(sdk, tokenParams, urls) {
-  urls = urls || getOAuthUrls(sdk, tokenParams); // build params using defaults + options
-
-  tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));
-  var {
-    authorizationCode,
-    interactionCode,
-    codeVerifier,
-    clientId,
-    redirectUri,
-    scopes,
-    ignoreSignature,
-    state
-  } = tokenParams;
-  var getTokenOptions = {
-    clientId,
-    redirectUri,
-    authorizationCode,
-    interactionCode,
-    codeVerifier
-  };
-  return postToTokenEndpoint(sdk, getTokenOptions, urls).then(response => {
-    // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints
-    // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`
-    // `responseType` is used to validate that the expected tokens were returned
-    var responseType = ['token']; // an accessToken will always be returned
-
-    if (scopes.indexOf('openid') !== -1) {
-      responseType.push('id_token'); // an idToken will be returned if "openid" is in the scopes
-    }
-
-    var handleResponseOptions = {
-      clientId,
-      redirectUri,
-      scopes,
-      responseType,
-      ignoreSignature
-    };
-    return handleOAuthResponse(sdk, handleResponseOptions, response, urls).then(response => {
-      // For compatibility, "code" is returned in the TokenResponse. OKTA-326091
-      response.code = authorizationCode;
-      response.state = state;
-      return response;
-    });
-  }).finally(() => {
-    sdk.transactionManager.clear();
-  });
-}
-//# sourceMappingURL=exchangeCodeForTokens.js.map

package/esm/oidc/exchangeCodeForTokens.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["getOAuthUrls","getDefaultTokenParams","clone","postToTokenEndpoint","handleOAuthResponse","exchangeCodeForTokens","sdk","tokenParams","urls","Object","assign","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","indexOf","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":"AAAA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,SAA7B;AAEA,SAASC,qBAAT,QAAsC,QAAtC;AACA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,mBAAT,QAAoC,mBAApC;AACA,SAASC,mBAAT,QAAoC,uBAApC,C,CAEA;;AACA,OAAO,SAASC,qBAAT,CAA+BC,GAA/B,EAA8CC,WAA9C,EAAwEC,IAAxE,EAAmH;AACxHA,EAAAA,IAAI,GAAGA,IAAI,IAAIR,YAAY,CAACM,GAAD,EAAMC,WAAN,CAA3B,CADwH,CAExH;;AACAA,EAAAA,WAAW,GAAGE,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBT,qBAAqB,CAACK,GAAD,CAAvC,EAA8CJ,KAAK,CAACK,WAAD,CAAnD,CAAd;AAEA,MAAM;AACJI,IAAAA,iBADI;AAEJC,IAAAA,eAFI;AAGJC,IAAAA,YAHI;AAIJC,IAAAA,QAJI;AAKJC,IAAAA,WALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,eAPI;AAQJC,IAAAA;AARI,MASFX,WATJ;AAWA,MAAIY,eAAe,GAAG;AACpBL,IAAAA,QADoB;AAEpBC,IAAAA,WAFoB;AAGpBJ,IAAAA,iBAHoB;AAIpBC,IAAAA,eAJoB;AAKpBC,IAAAA;AALoB,GAAtB;AAQA,SAAOV,mBAAmB,CAACG,GAAD,EAAMa,eAAN,EAAuBX,IAAvB,CAAnB,CACJY,IADI,CACEC,QAAD,IAA6B;AAEjC;AACA;AACA;AACA,QAAMC,YAAY,GAAG,CAAC,OAAD,CAArB,CALiC,CAKD;;AAChC,QAAIN,MAAM,CAACO,OAAP,CAAe,QAAf,MAA6B,CAAC,CAAlC,EAAqC;AACnCD,MAAAA,YAAY,CAACE,IAAb,CAAkB,UAAlB,EADmC,CACJ;AAChC;;AACD,QAAMC,qBAAkC,GAAG;AACzCX,MAAAA,QADyC;AAEzCC,MAAAA,WAFyC;AAGzCC,MAAAA,MAHyC;AAIzCM,MAAAA,YAJyC;AAKzCL,MAAAA;AALyC,KAA3C;AAOA,WAAOb,mBAAmB,CAACE,GAAD,EAAMmB,qBAAN,EAA6BJ,QAA7B,EAAuCb,IAAvC,CAAnB,CACJY,IADI,CACEC,QAAD,IAA6B;AACjC;AACAA,MAAAA,QAAQ,CAACK,IAAT,GAAgBf,iBAAhB;AACAU,MAAAA,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;AACA,aAAOG,QAAP;AACD,KANI,CAAP;AAOD,GAxBI,EAyBJM,OAzBI,CAyBI,MAAM;AACbrB,IAAAA,GAAG,CAACsB,kBAAJ,CAAuBC,KAAvB;AACD,GA3BI,CAAP;AA4BD","sourcesContent":["/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getOAuthUrls } from '../oidc';\nimport { CustomUrls, OAuthResponse, OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuth, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n  // build params using defaults + options\n  tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n  const {\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n    clientId,\n    redirectUri,\n    scopes,\n    ignoreSignature,\n    state\n  } = tokenParams;\n\n  var getTokenOptions = {\n    clientId,\n    redirectUri,\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n  };\n\n  return postToTokenEndpoint(sdk, getTokenOptions, urls)\n    .then((response: OAuthResponse) => {\n\n      // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n      // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n      // `responseType` is used to validate that the expected tokens were returned\n      const responseType = ['token']; // an accessToken will always be returned\n      if (scopes.indexOf('openid') !== -1) {\n        responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n      }\n      const handleResponseOptions: TokenParams = {\n        clientId,\n        redirectUri,\n        scopes,\n        responseType,\n        ignoreSignature,\n      };\n      return handleOAuthResponse(sdk, handleResponseOptions, response, urls)\n        .then((response: TokenResponse) => {\n          // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n          response.code = authorizationCode;\n          response.state = state;\n          return response;\n        });\n    })\n    .finally(() => {\n      sdk.transactionManager.clear();\n    });\n}"],"file":"exchangeCodeForTokens.js"}

package/esm/oidc/getToken.js

@@ -1,180 +0,0 @@
-/* global document */
-
-/* eslint-disable complexity, max-statements */
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { getOAuthUrls, loadFrame } from './util';
-import AuthSdkError from '../errors/AuthSdkError';
-import { prepareTokenParams } from './util/prepareTokenParams';
-import { buildAuthorizeParams } from './endpoints/authorize';
-import { addPostMessageListener } from './util';
-import { handleOAuthResponse } from './handleOAuthResponse';
-/*
- * Retrieve an idToken from an Okta or a third party idp
- *
- * Two main flows:
- *
- *  1) Exchange a sessionToken for a token
- *
- *    Required:
- *      clientId: passed via the OktaAuth constructor or into getToken
- *      sessionToken: 'yourtoken'
- *
- *    Optional:
- *      redirectUri: defaults to window.location.href
- *      scopes: defaults to ['openid', 'email']
- *
- *    Forced:
- *      prompt: 'none'
- *      responseMode: 'okta_post_message'
- *      display: undefined
- *
- *  2) Get a token from an idp
- *
- *    Required:
- *      clientId: passed via the OktaAuth constructor or into getToken
- *
- *    Optional:
- *      redirectUri: defaults to window.location.href
- *      scopes: defaults to ['openid', 'email']
- *      idp: defaults to Okta as an idp
- *      prompt: no default. Pass 'none' to throw an error if user is not signed in
- *
- *    Forced:
- *      display: 'popup'
- *
- *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override
- *
- * @param {Object} oauthOptions
- * @param {String} [oauthOptions.clientId] ID of this client
- * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated
- * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)
- * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication
- * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API
- * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.
- *                                       Use 'none' to prevent this behavior
- *
- * @param {Object} options
- * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000
- * @param {String} [options.popupTitle] Title dispayed in the popup.
- *                                      Defaults to 'External Identity Provider User Authentication'
- */
-
-export function getToken(sdk, options) {
-  if (arguments.length > 2) {
-    return Promise.reject(new AuthSdkError('As of version 3.0, "getToken" takes only a single set of options'));
-  }
-
-  options = options || {}; // window object cannot be serialized, save for later use
-  // TODO: move popup related params into a separate options object
-
-  var popupWindow = options.popupWindow;
-  options.popupWindow = undefined;
-  return prepareTokenParams(sdk, options).then(function (tokenParams) {
-    // Start overriding any options that don't make sense
-    var sessionTokenOverrides = {
-      prompt: 'none',
-      responseMode: 'okta_post_message',
-      display: null
-    };
-    var idpOverrides = {
-      display: 'popup'
-    };
-
-    if (options.sessionToken) {
-      Object.assign(tokenParams, sessionTokenOverrides);
-    } else if (options.idp) {
-      Object.assign(tokenParams, idpOverrides);
-    } // Use the query params to build the authorize url
-
-
-    var requestUrl, endpoint, urls; // Get authorizeUrl and issuer
-
-    urls = getOAuthUrls(sdk, tokenParams);
-    endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;
-    requestUrl = endpoint + buildAuthorizeParams(tokenParams); // Determine the flow type
-
-    var flowType;
-
-    if (tokenParams.sessionToken || tokenParams.display === null) {
-      flowType = 'IFRAME';
-    } else if (tokenParams.display === 'popup') {
-      flowType = 'POPUP';
-    } else {
-      flowType = 'IMPLICIT';
-    } // Execute the flow type
-
-
-    switch (flowType) {
-      case 'IFRAME':
-        var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);
-        var iframeEl = loadFrame(requestUrl);
-        return iframePromise.then(function (res) {
-          return handleOAuthResponse(sdk, tokenParams, res, urls);
-        }).finally(function () {
-          if (document.body.contains(iframeEl)) {
-            iframeEl.parentElement.removeChild(iframeEl);
-          }
-        });
-
-      case 'POPUP':
-        var oauthPromise; // resolves with OAuth response
-        // Add listener on postMessage before window creation, so
-        // postMessage isn't triggered before we're listening
-
-        if (tokenParams.responseMode === 'okta_post_message') {
-          if (!sdk.features.isPopupPostMessageSupported()) {
-            throw new AuthSdkError('This browser doesn\'t have full postMessage support');
-          }
-
-          oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);
-        } // Redirect for authorization
-        // popupWindown can be null when popup is blocked
-
-
-        if (popupWindow) {
-          popupWindow.location.assign(requestUrl);
-        } // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
-
-
-        var popupPromise = new Promise(function (resolve, reject) {
-          var closePoller = setInterval(function () {
-            if (!popupWindow || popupWindow.closed) {
-              clearInterval(closePoller);
-              reject(new AuthSdkError('Unable to parse OAuth flow response'));
-            }
-          }, 100); // Proxy the OAuth promise results
-
-          oauthPromise.then(function (res) {
-            clearInterval(closePoller);
-            resolve(res);
-          }).catch(function (err) {
-            clearInterval(closePoller);
-            reject(err);
-          });
-        });
-        return popupPromise.then(function (res) {
-          return handleOAuthResponse(sdk, tokenParams, res, urls);
-        }).finally(function () {
-          if (popupWindow && !popupWindow.closed) {
-            popupWindow.close();
-          }
-        });
-
-      default:
-        throw new AuthSdkError('The full page redirect flow is not supported');
-    }
-  });
-}
-//# sourceMappingURL=getToken.js.map

package/esm/oidc/getToken.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getOAuthUrls","loadFrame","AuthSdkError","prepareTokenParams","buildAuthorizeParams","addPostMessageListener","handleOAuthResponse","getToken","sdk","options","arguments","length","Promise","reject","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":"AACA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SACEA,YADF,EAEEC,SAFF,QAGO,QAHP;AAKA,OAAOC,YAAP,MAAyB,wBAAzB;AAQA,SAASC,kBAAT,QAAmC,2BAAnC;AACA,SAASC,oBAAT,QAAqC,uBAArC;AACA,SAASC,sBAAT,QAAuC,QAAvC;AACA,SAASC,mBAAT,QAAoC,uBAApC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA,OAAO,SAASC,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIX,YAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDO,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,MAAMK,WAAW,GAAGL,OAAO,CAACK,WAA5B;AACAL,EAAAA,OAAO,CAACK,WAAR,GAAsBC,SAAtB;AAEA,SAAOZ,kBAAkB,CAACK,GAAD,EAAMC,OAAN,CAAlB,CACJO,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIZ,OAAO,CAACc,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIT,OAAO,CAACiB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG7B,YAAY,CAACQ,GAAD,EAAMS,WAAN,CAAnB;AACAW,IAAAA,QAAQ,GAAGnB,OAAO,CAACqB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAGxB,oBAAoB,CAACa,WAAD,CAA5C,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG7B,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAAC0B,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAA1C;AACA,YAAIC,QAAQ,GAAGpC,SAAS,CAAC0B,UAAD,CAAxB;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAOhC,mBAAmB,CAACE,GAAD,EAAMS,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACZ,GAAG,CAACsC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAI7C,YAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACD2C,UAAAA,YAAY,GAAGxC,sBAAsB,CAACG,GAAD,EAAMC,OAAO,CAAC0B,OAAd,EAAuBlB,WAAW,CAACmB,KAAnC,CAArC;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAIrC,OAAJ,CAAY,UAAUsC,OAAV,EAAmBrC,MAAnB,EAA2B;AACxD,cAAIsC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,cAAAA,MAAM,CAAC,IAAIX,YAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACA2C,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAtC,YAAAA,MAAM,CAAC2C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAOhC,mBAAmB,CAACE,GAAD,EAAMS,WAAN,EAAmBqB,GAAnB,EAAwBT,IAAxB,CAA1B;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAIvD,YAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuth,\n  TokenParams,\n  PopupParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}"],"file":"getToken.js"}

package/esm/oidc/getUserInfo.js

@@ -1,82 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-
-/* eslint-disable complexity */
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { isFunction } from '../util';
-import { AuthSdkError, OAuthError } from '../errors';
-import { httpRequest } from '../http';
-import { isAccessToken, isIDToken } from '../types';
-export function getUserInfo(_x, _x2, _x3) {
-  return _getUserInfo.apply(this, arguments);
-}
-
-function _getUserInfo() {
-  _getUserInfo = _asyncToGenerator(function* (sdk, accessTokenObject, idTokenObject) {
-    // If token objects were not passed, attempt to read from the TokenManager
-    if (!accessTokenObject) {
-      accessTokenObject = (yield sdk.tokenManager.getTokens()).accessToken;
-    }
-
-    if (!idTokenObject) {
-      idTokenObject = (yield sdk.tokenManager.getTokens()).idToken;
-    }
-
-    if (!accessTokenObject || !isAccessToken(accessTokenObject)) {
-      return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));
-    }
-
-    if (!idTokenObject || !isIDToken(idTokenObject)) {
-      return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));
-    }
-
-    return httpRequest(sdk, {
-      url: accessTokenObject.userinfoUrl,
-      method: 'GET',
-      accessToken: accessTokenObject.accessToken
-    }).then(userInfo => {
-      // Only return the userinfo response if subjects match to mitigate token substitution attacks
-      if (userInfo.sub === idTokenObject.claims.sub) {
-        return userInfo;
-      }
-
-      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));
-    }).catch(function (err) {
-      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {
-        var authenticateHeader;
-
-        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {
-          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');
-        } else if (isFunction(err.xhr.getResponseHeader)) {
-          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');
-        }
-
-        if (authenticateHeader) {
-          var errorMatches = authenticateHeader.match(/error="(.*?)"/) || [];
-          var errorDescriptionMatches = authenticateHeader.match(/error_description="(.*?)"/) || [];
-          var error = errorMatches[1];
-          var errorDescription = errorDescriptionMatches[1];
-
-          if (error && errorDescription) {
-            err = new OAuthError(error, errorDescription);
-          }
-        }
-      }
-
-      throw err;
-    });
-  });
-  return _getUserInfo.apply(this, arguments);
-}
-//# sourceMappingURL=getUserInfo.js.map

package/esm/oidc/getUserInfo.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/getUserInfo.ts"],"names":["isFunction","AuthSdkError","OAuthError","httpRequest","isAccessToken","isIDToken","getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","Promise","reject","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription"],"mappings":";;AAAA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,UAAT,QAA2B,SAA3B;AACA,SAASC,YAAT,EAAuBC,UAAvB,QAAyC,WAAzC;AACA,SAASC,WAAT,QAA4B,SAA5B;AACA,SAA2CC,aAA3C,EAA0DC,SAA1D,QAA2E,UAA3E;AAEA,gBAAsBC,WAAtB;AAAA;AAAA;;;mCAAO,WAA2BC,GAA3B,EAAgCC,iBAAhC,EAAgEC,aAAhE,EAA6G;AAClH;AACA,QAAI,CAACD,iBAAL,EAAwB;AACtBA,MAAAA,iBAAiB,GAAG,OAAOD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;AACD;;AACD,QAAI,CAACH,aAAL,EAAoB;AAClBA,MAAAA,aAAa,GAAG,OAAOF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;AACD;;AAED,QAAI,CAACL,iBAAD,IAAsB,CAACJ,aAAa,CAACI,iBAAD,CAAxC,EAA6D;AAC3D,aAAOM,OAAO,CAACC,MAAR,CAAe,IAAId,YAAJ,CAAiB,6CAAjB,CAAf,CAAP;AACD;;AAED,QAAI,CAACQ,aAAD,IAAkB,CAACJ,SAAS,CAACI,aAAD,CAAhC,EAAiD;AAC/C,aAAOK,OAAO,CAACC,MAAR,CAAe,IAAId,YAAJ,CAAiB,yCAAjB,CAAf,CAAP;AACD;;AAED,WAAOE,WAAW,CAACI,GAAD,EAAM;AACtBS,MAAAA,GAAG,EAAER,iBAAiB,CAACS,WADD;AAEtBC,MAAAA,MAAM,EAAE,KAFc;AAGtBN,MAAAA,WAAW,EAAEJ,iBAAiB,CAACI;AAHT,KAAN,CAAX,CAKJO,IALI,CAKCC,QAAQ,IAAI;AAChB;AACA,UAAIA,QAAQ,CAACC,GAAT,KAAiBZ,aAAa,CAACa,MAAd,CAAqBD,GAA1C,EAA+C;AAC7C,eAAOD,QAAP;AACD;;AACD,aAAON,OAAO,CAACC,MAAR,CAAe,IAAId,YAAJ,CAAiB,wDAAjB,CAAf,CAAP;AACD,KAXI,EAYJsB,KAZI,CAYE,UAAUC,GAAV,EAAe;AACpB,UAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;AACjE,YAAIC,kBAAJ;;AACA,YAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB5B,UAAU,CAACwB,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAjB,CAA7B,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;AACjGF,UAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;AACD,SAFD,MAEO,IAAI7B,UAAU,CAACwB,GAAG,CAACC,GAAJ,CAAQK,iBAAT,CAAd,EAA2C;AAChDH,UAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;AACD;;AACD,YAAIH,kBAAJ,EAAwB;AACtB,cAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;AACA,cAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;AACA,cAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;AACA,cAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;AACA,cAAIC,KAAK,IAAIC,gBAAb,EAA+B;AAC7BX,YAAAA,GAAG,GAAG,IAAItB,UAAJ,CAAegC,KAAf,EAAsBC,gBAAtB,CAAN;AACD;AACF;AACF;;AACD,YAAMX,GAAN;AACD,KA/BI,CAAP;AAgCD,G","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken } from '../types';\n\nexport async function getUserInfo(sdk, accessTokenObject: AccessToken, idTokenObject: IDToken): Promise<UserClaims> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n"],"file":"getUserInfo.js"}

package/esm/oidc/getWithPopup.js

@@ -1,34 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { AuthSdkError } from '../errors';
-import { clone } from '../util';
-import { getToken } from './getToken';
-import { loadPopup } from './util';
-export function getWithPopup(sdk, options) {
-  if (arguments.length > 2) {
-    return Promise.reject(new AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
-  } // some browsers (safari, firefox) block popup if it's initialed from an async process
-  // here we create the popup window immediately after user interaction
-  // then redirect to the /authorize endpoint when the requestUrl is available
-
-
-  var popupWindow = loadPopup('/', options);
-  options = clone(options) || {};
-  Object.assign(options, {
-    display: 'popup',
-    responseMode: 'okta_post_message',
-    popupWindow
-  });
-  return getToken(sdk, options);
-}
-//# sourceMappingURL=getWithPopup.js.map

package/esm/oidc/getWithPopup.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["AuthSdkError","clone","getToken","loadPopup","getWithPopup","sdk","options","arguments","length","Promise","reject","popupWindow","Object","assign","display","responseMode"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,KAAT,QAAsB,SAAtB;AACA,SAASC,QAAT,QAAyB,YAAzB;AACA,SAASC,SAAT,QAA0B,QAA1B;AAEA,OAAO,SAASC,YAAT,CAAsBC,GAAtB,EAAqCC,OAArC,EAAmF;AACxF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIV,YAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHuF,CAKxF;AACA;AACA;;;AACA,MAAMW,WAAW,GAAGR,SAAS,CAAC,GAAD,EAAMG,OAAN,CAA7B;AACAA,EAAAA,OAAO,GAAGL,KAAK,CAACK,OAAD,CAAL,IAAkB,EAA5B;AACAM,EAAAA,MAAM,CAACC,MAAP,CAAcP,OAAd,EAAuB;AACrBQ,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBJ,IAAAA;AAHqB,GAAvB;AAKA,SAAOT,QAAQ,CAACG,GAAD,EAAMC,OAAN,CAAf;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuth, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}