@okta/okta-auth-js 5.8.0 → 5.10.1

package/esm/oidc/renewTokens.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["AuthSdkError","getWithoutPrompt","renewTokensWithRefresh","getDefaultTokenParams","renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","then","res"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,gBAAT,QAAiC,oBAAjC;AACA,SAASC,sBAAT,QAAuC,0BAAvC;AACA,SAASC,qBAAT,QAAsC,QAAtC,C,CAEA;AACA;;AACA,gBAAsBC,WAAtB;AAAA;AAAA;;;mCAAO,WAA2BC,GAA3B,EAAgCC,OAAhC,EAAuE;AAC5E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,QAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,aAAOR,sBAAsB,CAACG,GAAD,EAAMC,OAAN,EAAeC,MAAM,CAACG,YAAtB,CAA7B;AACD;;AAED,QAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;AAC1C,YAAM,IAAIZ,YAAJ,CAAiB,yDAAjB,CAAN;AACD;;AAED,QAAMW,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;AACA,QAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;AACA,QAAMC,MAAM,GAAGF,WAAW,CAACE,MAAZ,IAAsBD,OAAO,CAACC,MAA7C;;AACA,QAAI,CAACA,MAAL,EAAa;AACX,YAAM,IAAIb,YAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAMc,YAAY,GAAGH,WAAW,CAACG,YAAZ,IAA4BF,OAAO,CAACE,YAAzD;;AACA,QAAI,CAACA,YAAL,EAAmB;AACjB,YAAM,IAAId,YAAJ,CAAiB,0DAAjB,CAAN;AACD;;AACD,QAAMe,WAAW,GAAGJ,WAAW,CAACI,WAAZ,IAA2BV,GAAG,CAACC,OAAJ,CAAYS,WAA3D;AACA,QAAMC,MAAM,GAAGJ,OAAO,CAACI,MAAR,IAAkBX,GAAG,CAACC,OAAJ,CAAYU,MAA7C,CArB4E,CAuB5E;;AACAV,IAAAA,OAAO,GAAGW,MAAM,CAACC,MAAP,CAAc;AACtBL,MAAAA,MADsB;AAEtBC,MAAAA,YAFsB;AAGtBC,MAAAA,WAHsB;AAItBC,MAAAA;AAJsB,KAAd,EAKPV,OALO,CAAV;;AAOA,QAAID,GAAG,CAACC,OAAJ,CAAYa,IAAhB,EAAsB;AACpBb,MAAAA,OAAO,CAACc,YAAR,GAAuB,MAAvB;AACD,KAFD,MAEO;AACL,UAAM;AAAEA,QAAAA;AAAF,UAAmBjB,qBAAqB,CAACE,GAAD,CAA9C;AACAC,MAAAA,OAAO,CAACc,YAAR,GAAuBA,YAAvB;AACD;;AAED,WAAOnB,gBAAgB,CAACI,GAAD,EAAMC,OAAN,CAAhB,CACJe,IADI,CACCC,GAAG,IAAIA,GAAG,CAACf,MADZ,CAAP;AAGD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"file":"renewTokens.js"}

package/esm/oidc/renewTokensWithRefresh.js

@@ -1,55 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { AuthSdkError } from '../errors';
-import { getOAuthUrls } from './util/oauth';
-import { isSameRefreshToken } from './util/refreshToken';
-import { handleOAuthResponse } from './handleOAuthResponse';
-import { postRefreshToken } from './endpoints/token';
-export function renewTokensWithRefresh(_x, _x2, _x3) {
-  return _renewTokensWithRefresh.apply(this, arguments);
-}
-
-function _renewTokensWithRefresh() {
-  _renewTokensWithRefresh = _asyncToGenerator(function* (sdk, tokenParams, refreshTokenObject) {
-    var {
-      clientId
-    } = sdk.options;
-
-    if (!clientId) {
-      throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');
-    }
-
-    var renewTokenParams = Object.assign({}, tokenParams, {
-      clientId
-    });
-    var tokenResponse = yield postRefreshToken(sdk, renewTokenParams, refreshTokenObject);
-    var urls = getOAuthUrls(sdk, tokenParams);
-    var {
-      tokens
-    } = yield handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls); // Support rotating refresh tokens
-
-    var {
-      refreshToken
-    } = tokens;
-
-    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {
-      sdk.tokenManager.updateRefreshToken(refreshToken);
-    }
-
-    return tokens;
-  });
-  return _renewTokensWithRefresh.apply(this, arguments);
-}
-//# sourceMappingURL=renewTokensWithRefresh.js.map

package/esm/oidc/renewTokensWithRefresh.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"names":["AuthSdkError","getOAuthUrls","isSameRefreshToken","handleOAuthResponse","postRefreshToken","renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","renewTokenParams","Object","assign","tokenResponse","urls","tokens","refreshToken","tokenManager","updateRefreshToken"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AACA,SAASC,YAAT,QAA6B,cAA7B;AACA,SAASC,kBAAT,QAAmC,qBAAnC;AAEA,SAASC,mBAAT,QAAoC,uBAApC;AACA,SAASC,gBAAT,QAAiC,mBAAjC;AAEA,gBAAsBC,sBAAtB;AAAA;AAAA;;;8CAAO,WACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;AACjB,QAAM;AAAEC,MAAAA;AAAF,QAAeH,GAAG,CAACI,OAAzB;;AACA,QAAI,CAACD,QAAL,EAAe;AACb,YAAM,IAAIT,YAAJ,CAAiB,0EAAjB,CAAN;AACD;;AAED,QAAMW,gBAA6B,GAAGC,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBN,WAAlB,EAA+B;AACnEE,MAAAA;AADmE,KAA/B,CAAtC;AAGA,QAAMK,aAAa,SAASV,gBAAgB,CAACE,GAAD,EAAMK,gBAAN,EAAwBH,kBAAxB,CAA5C;AACA,QAAMO,IAAI,GAAGd,YAAY,CAACK,GAAD,EAAMC,WAAN,CAAzB;AACA,QAAM;AAAES,MAAAA;AAAF,cAAmBb,mBAAmB,CAACG,GAAD,EAAMK,gBAAN,EAAwBG,aAAxB,EAAuCC,IAAvC,CAA5C,CAXiB,CAajB;;AACA,QAAM;AAAEE,MAAAA;AAAF,QAAmBD,MAAzB;;AACA,QAAIC,YAAY,IAAI,CAACf,kBAAkB,CAACe,YAAD,EAAeT,kBAAf,CAAvC,EAA2E;AACzEF,MAAAA,GAAG,CAACY,YAAJ,CAAiBC,kBAAjB,CAAoCF,YAApC;AACD;;AAED,WAAOD,MAAP;AACD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuth, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuth,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n    clientId,\n  });\n  const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n  // Support rotating refresh tokens\n  const { refreshToken } = tokens;\n  if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n    sdk.tokenManager.updateRefreshToken(refreshToken);\n  }\n\n  return tokens;\n}\n"],"file":"renewTokensWithRefresh.js"}

package/esm/oidc/revokeToken.js

@@ -1,57 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* eslint complexity:[0,8] */
-import { post } from '../http';
-import { toQueryString } from '../util';
-import { getOAuthUrls } from './util/oauth';
-import { btoa } from '../crypto';
-import AuthSdkError from '../errors/AuthSdkError';
-// refresh tokens have precedence to be revoked if no token is specified
-export function revokeToken(sdk, token) {
-  return Promise.resolve().then(function () {
-    var accessToken;
-    var refreshToken;
-
-    if (token) {
-      accessToken = token.accessToken;
-      refreshToken = token.refreshToken;
-    }
-
-    if (!accessToken && !refreshToken) {
-      throw new AuthSdkError('A valid access or refresh token object is required');
-    }
-
-    var clientId = sdk.options.clientId;
-    var clientSecret = sdk.options.clientSecret;
-
-    if (!clientId) {
-      throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');
-    }
-
-    var revokeUrl = getOAuthUrls(sdk).revokeUrl;
-    var args = toQueryString({
-      // eslint-disable-next-line camelcase
-      token_type_hint: refreshToken ? 'refresh_token' : 'access_token',
-      token: refreshToken || accessToken
-    }).slice(1);
-    var creds = clientSecret ? btoa("".concat(clientId, ":").concat(clientSecret)) : btoa(clientId);
-    return post(sdk, revokeUrl, args, {
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded',
-        'Authorization': 'Basic ' + creds
-      }
-    });
-  });
-}
-//# sourceMappingURL=revokeToken.js.map

package/esm/oidc/revokeToken.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["post","toQueryString","getOAuthUrls","btoa","AuthSdkError","revokeToken","sdk","token","Promise","resolve","then","accessToken","refreshToken","clientId","options","clientSecret","revokeUrl","args","token_type_hint","slice","creds","headers"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,SAASA,IAAT,QAAqB,SAArB;AACA,SAASC,aAAT,QAA8B,SAA9B;AACA,SACEC,YADF,QAEO,cAFP;AAGA,SAASC,IAAT,QAAqB,WAArB;AACA,OAAOC,YAAP,MAAyB,wBAAzB;AAQA;AACA,OAAO,SAASC,WAAT,CAAqBC,GAArB,EAAoCC,KAApC,EAAyE;AAC9E,SAAOC,OAAO,CAACC,OAAR,GACJC,IADI,CACC,YAAY;AAChB,QAAIC,WAAJ;AACA,QAAIC,YAAJ;;AACA,QAAIL,KAAJ,EAAW;AACPI,MAAAA,WAAW,GAAIJ,KAAD,CAAuBI,WAArC;AACAC,MAAAA,YAAY,GAAIL,KAAD,CAAwBK,YAAvC;AACH;;AAED,QAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;AAChC,YAAM,IAAIR,YAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAIS,QAAQ,GAAGP,GAAG,CAACQ,OAAJ,CAAYD,QAA3B;AACA,QAAIE,YAAY,GAAGT,GAAG,CAACQ,OAAJ,CAAYC,YAA/B;;AACA,QAAI,CAACF,QAAL,EAAe;AACb,YAAM,IAAIT,YAAJ,CAAiB,4EAAjB,CAAN;AACD;;AACD,QAAIY,SAAS,GAAGd,YAAY,CAACI,GAAD,CAAZ,CAAkBU,SAAlC;AACA,QAAIC,IAAI,GAAGhB,aAAa,CAAC;AACvB;AACAiB,MAAAA,eAAe,EAAEN,YAAY,GAAG,eAAH,GAAqB,cAF3B;AAGvBL,MAAAA,KAAK,EAAEK,YAAY,IAAID;AAHA,KAAD,CAAb,CAIRQ,KAJQ,CAIF,CAJE,CAAX;AAKA,QAAIC,KAAK,GAAGL,YAAY,GAAGZ,IAAI,WAAIU,QAAJ,cAAgBE,YAAhB,EAAP,GAAyCZ,IAAI,CAACU,QAAD,CAArE;AACA,WAAOb,IAAI,CAACM,GAAD,EAAMU,SAAN,EAAiBC,IAAjB,EAAuB;AAChCI,MAAAA,OAAO,EAAE;AACP,wBAAgB,mCADT;AAEP,yBAAiB,WAAWD;AAFrB;AADuB,KAAvB,CAAX;AAMD,GA9BI,CAAP;AA+BD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuth,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport function revokeToken(sdk: OktaAuth, token: RevocableToken): Promise<any> {\n  return Promise.resolve()\n    .then(function () {\n      var accessToken: string;\n      var refreshToken: string;\n      if (token) { \n          accessToken = (token as AccessToken).accessToken;\n          refreshToken = (token as RefreshToken).refreshToken;  \n      }\n        \n      if(!accessToken && !refreshToken) { \n        throw new AuthSdkError('A valid access or refresh token object is required');\n      }\n      var clientId = sdk.options.clientId;\n      var clientSecret = sdk.options.clientSecret;\n      if (!clientId) {\n        throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n      }\n      var revokeUrl = getOAuthUrls(sdk).revokeUrl;\n      var args = toQueryString({\n        // eslint-disable-next-line camelcase\n        token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n        token: refreshToken || accessToken,\n      }).slice(1);\n      var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n      return post(sdk, revokeUrl, args, {\n        headers: {\n          'Content-Type': 'application/x-www-form-urlencoded',\n          'Authorization': 'Basic ' + creds\n        }\n      });\n    });\n}"],"file":"revokeToken.js"}

package/esm/oidc/util/browser.js

@@ -1,74 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* global window, document */
-
-/* eslint-disable complexity, max-statements */
-import { AuthSdkError } from '../../errors';
-export function addListener(eventTarget, name, fn) {
-  if (eventTarget.addEventListener) {
-    eventTarget.addEventListener(name, fn);
-  } else {
-    eventTarget.attachEvent('on' + name, fn);
-  }
-}
-export function removeListener(eventTarget, name, fn) {
-  if (eventTarget.removeEventListener) {
-    eventTarget.removeEventListener(name, fn);
-  } else {
-    eventTarget.detachEvent('on' + name, fn);
-  }
-}
-export function loadFrame(src) {
-  var iframe = document.createElement('iframe');
-  iframe.style.display = 'none';
-  iframe.src = src;
-  return document.body.appendChild(iframe);
-}
-export function loadPopup(src, options) {
-  var title = options.popupTitle || 'External Identity Provider User Authentication';
-  var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' + 'top=100, left=500, width=600, height=600';
-  return window.open(src, title, appearance);
-}
-export function addPostMessageListener(sdk, timeout, state) {
-  var responseHandler;
-  var timeoutId;
-  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {
-    responseHandler = function responseHandler(e) {
-      if (!e.data || e.data.state !== state) {
-        // A message not meant for us
-        return;
-      } // Configuration mismatch between saved token and current app instance
-      // This may happen if apps with different issuers are running on the same host url
-      // If they share the same storage key, they may read and write tokens in the same location.
-      // Common when developing against http://localhost
-
-
-      if (e.origin !== sdk.getIssuerOrigin()) {
-        return reject(new AuthSdkError('The request does not match client configuration'));
-      }
-
-      resolve(e.data);
-    };
-
-    addListener(window, 'message', responseHandler);
-    timeoutId = setTimeout(function () {
-      reject(new AuthSdkError('OAuth flow timed out'));
-    }, timeout || 120000);
-  });
-  return msgReceivedOrTimeout.finally(function () {
-    clearTimeout(timeoutId);
-    removeListener(window, 'message', responseHandler);
-  });
-}
-//# sourceMappingURL=browser.js.map

package/esm/oidc/util/browser.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["AuthSdkError","addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","Promise","resolve","reject","e","data","origin","getIssuerOrigin","setTimeout","finally","clearTimeout"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AACA,SAASA,YAAT,QAA6B,cAA7B;AAGA,OAAO,SAASC,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;AAED,OAAO,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;AAED,OAAO,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;AAED,OAAO,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;AAED,OAAO,SAASG,sBAAT,CAAgCC,GAAhC,EAA+CC,OAA/C,EAAwDC,KAAxD,EAA+D;AACpE,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,IAAIC,OAAJ,CAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEL,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBM,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOR,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIO,CAAC,CAACE,MAAF,KAAaX,GAAG,CAACY,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAInC,YAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDkC,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBApC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGS,UAAU,CAAC,YAAY;AACjCL,MAAAA,MAAM,CAAC,IAAInC,YAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnB4B,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBS,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACX,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n  if (eventTarget.addEventListener) {\n    eventTarget.addEventListener(name, fn);\n  } else {\n    eventTarget.attachEvent('on' + name, fn);\n  }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n  if (eventTarget.removeEventListener) {\n    eventTarget.removeEventListener(name, fn);\n  } else {\n    eventTarget.detachEvent('on' + name, fn);\n  }\n}\n\nexport function loadFrame(src) {\n  var iframe = document.createElement('iframe');\n  iframe.style.display = 'none';\n  iframe.src = src;\n\n  return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n  var title = options.popupTitle || 'External Identity Provider User Authentication';\n  var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n    'top=100, left=500, width=600, height=600';\n  return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuth, timeout, state) {\n  var responseHandler;\n  var timeoutId;\n  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n    responseHandler = function responseHandler(e) {\n      if (!e.data || e.data.state !== state) {\n        // A message not meant for us\n        return;\n      }\n\n      // Configuration mismatch between saved token and current app instance\n      // This may happen if apps with different issuers are running on the same host url\n      // If they share the same storage key, they may read and write tokens in the same location.\n      // Common when developing against http://localhost\n      if (e.origin !== sdk.getIssuerOrigin()) {\n        return reject(new AuthSdkError('The request does not match client configuration'));\n      }\n      resolve(e.data);\n    };\n\n    addListener(window, 'message', responseHandler);\n\n    timeoutId = setTimeout(function () {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n\n  return msgReceivedOrTimeout\n    .finally(function () {\n      clearTimeout(timeoutId);\n      removeListener(window, 'message', responseHandler);\n    });\n}\n"],"file":"browser.js"}

package/esm/oidc/util/defaultTokenParams.js

@@ -1,42 +0,0 @@
-/* global window */
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { generateNonce, generateState } from './oauth';
-import { isBrowser } from '../../features';
-import { removeNils } from '../../util';
-export function getDefaultTokenParams(sdk) {
-  var {
-    pkce,
-    clientId,
-    redirectUri,
-    responseType,
-    responseMode,
-    scopes,
-    state,
-    ignoreSignature
-  } = sdk.options;
-  var defaultRedirectUri = isBrowser() ? window.location.href : undefined;
-  return removeNils({
-    pkce,
-    clientId,
-    redirectUri: redirectUri || defaultRedirectUri,
-    responseType: responseType || ['token', 'id_token'],
-    responseMode,
-    state: state || generateState(),
-    nonce: generateNonce(),
-    scopes: scopes || ['openid', 'email'],
-    ignoreSignature
-  });
-}
-//# sourceMappingURL=defaultTokenParams.js.map

package/esm/oidc/util/defaultTokenParams.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"names":["generateNonce","generateState","isBrowser","removeNils","getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"mappings":"AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,aAAT,EAAwBC,aAAxB,QAA6C,SAA7C;AAEA,SAASC,SAAT,QAA0B,gBAA1B;AACA,SAASC,UAAT,QAA2B,YAA3B;AAEA,OAAO,SAASC,qBAAT,CAA+BC,GAA/B,EAA2D;AAChE,MAAM;AACJC,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA;AARI,MASFR,GAAG,CAACS,OATR;AAUA,MAAMC,kBAAkB,GAAGb,SAAS,KAAKc,MAAM,CAACC,QAAP,CAAgBC,IAArB,GAA4BC,SAAhE;AACA,SAAOhB,UAAU,CAAC;AAChBG,IAAAA,IADgB;AAEhBC,IAAAA,QAFgB;AAGhBC,IAAAA,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;AAIhBN,IAAAA,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;AAKhBC,IAAAA,YALgB;AAMhBE,IAAAA,KAAK,EAAEA,KAAK,IAAIX,aAAa,EANb;AAOhBmB,IAAAA,KAAK,EAAEpB,aAAa,EAPJ;AAQhBW,IAAAA,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;AAShBE,IAAAA;AATgB,GAAD,CAAjB;AAWD","sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuth, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuth): TokenParams {\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    ignoreSignature\n  } = sdk.options;\n  const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n  return removeNils({\n    pkce,\n    clientId,\n    redirectUri: redirectUri || defaultRedirectUri,\n    responseType: responseType || ['token', 'id_token'],\n    responseMode,\n    state: state || generateState(),\n    nonce: generateNonce(),\n    scopes: scopes || ['openid', 'email'],\n    ignoreSignature\n  });\n}"],"file":"defaultTokenParams.js"}

package/esm/oidc/util/errors.js

@@ -1,31 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * 
- * See the License for the specific language governing permissions and limitations under the License.
- */
-export function isInteractionRequiredError(error) {
-  if (error.name !== 'OAuthError') {
-    return false;
-  }
-
-  var oauthError = error;
-  return oauthError.errorCode === 'interaction_required';
-}
-export function isAuthorizationCodeError(sdk, error) {
-  if (error.name !== 'AuthApiError') {
-    return false;
-  }
-
-  var authApiError = error; // xhr property doesn't seem to match XMLHttpRequest type
-
-  var errorResponse = authApiError.xhr;
-  var responseJSON = errorResponse === null || errorResponse === void 0 ? void 0 : errorResponse.responseJSON;
-  return sdk.options.pkce && (responseJSON === null || responseJSON === void 0 ? void 0 : responseJSON.error) === 'invalid_grant';
-}
-//# sourceMappingURL=errors.js.map

package/esm/oidc/util/errors.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,OAAO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,MAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;AAED,OAAO,SAASC,wBAAT,CAAkCC,GAAlC,EAAiDL,KAAjD,EAA+D;AACpE,MAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;AACjC,WAAO,KAAP;AACD;;AACD,MAAMK,YAAY,GAAGN,KAArB,CAJoE,CAKpE;;AACA,MAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;AACA,MAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;AACA,SAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuth } from '../../types';\nimport { OAuthError, AuthApiError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n  if (error.name !== 'OAuthError') {\n    return false;\n  }\n  const oauthError = error as OAuthError;\n  return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuth, error: Error) {\n  if (error.name !== 'AuthApiError') {\n    return false;\n  }\n  const authApiError = error as AuthApiError;\n  // xhr property doesn't seem to match XMLHttpRequest type\n  const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n  const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n  return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n"],"file":"errors.js"}

package/esm/oidc/util/index.js

@@ -1,25 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-export * from './browser';
-export * from './defaultTokenParams';
-export * from './errors';
-export * from './loginRedirect';
-export * from './oauth';
-import pkce from './pkce';
-export { pkce };
-export * from './prepareTokenParams';
-export * from './refreshToken';
-export * from './urlParams';
-export * from './validateClaims';
-export * from './validateToken';
-//# sourceMappingURL=index.js.map

package/esm/oidc/util/index.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":["pkce"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,cAAc,WAAd;AACA,cAAc,sBAAd;AACA,cAAc,UAAd;AACA,cAAc,iBAAd;AACA,cAAc,SAAd;AACA,OAAOA,IAAP,MAAiB,QAAjB;AACA,SAASA,IAAT;AACA,cAAc,sBAAd;AACA,cAAc,gBAAd;AACA,cAAc,aAAd;AACA,cAAc,kBAAd;AACA,cAAc,iBAAd","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}

package/esm/oidc/util/loginRedirect.js

@@ -1,88 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* global window */
-
-/* eslint-disable complexity, max-statements */
-export function hasTokensInHash(hash) {
-  return /((id|access)_token=)/i.test(hash);
-} // authorization_code
-
-export function hasAuthorizationCode(hashOrSearch) {
-  return /(code=)/i.test(hashOrSearch);
-} // interaction_code
-
-export function hasInteractionCode(hashOrSearch) {
-  return /(interaction_code=)/i.test(hashOrSearch);
-}
-export function hasErrorInUrl(hashOrSearch) {
-  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);
-}
-export function isRedirectUri(uri, sdk) {
-  var authParams = sdk.options;
-  return uri && uri.indexOf(authParams.redirectUri) === 0;
-}
-export function isCodeFlow(options) {
-  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';
-}
-export function getHashOrSearch(options) {
-  var codeFlow = isCodeFlow(options);
-  var useQuery = codeFlow && options.responseMode !== 'fragment';
-  return useQuery ? window.location.search : window.location.hash;
-}
-/**
- * Check if tokens or a code have been passed back into the url, which happens in
- * the OIDC (including social auth IDP) redirect flow.
- */
-
-export function isLoginRedirect(sdk) {
-  // First check, is this a redirect URI?
-  if (!isRedirectUri(window.location.href, sdk)) {
-    return false;
-  } // The location contains either a code, token, or an error + error_description
-
-
-  var codeFlow = isCodeFlow(sdk.options);
-  var hashOrSearch = getHashOrSearch(sdk.options);
-
-  if (hasErrorInUrl(hashOrSearch)) {
-    return true;
-  }
-
-  if (codeFlow) {
-    var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);
-    return hasCode;
-  } // implicit flow, will always be hash fragment
-
-
-  return hasTokensInHash(window.location.hash);
-}
-/**
- * Check if error=interaction_required has been passed back in the url, which happens in
- * the social auth IDP redirect flow.
- */
-
-export function isInteractionRequired(sdk, hashOrSearch) {
-  if (!hashOrSearch) {
-    // web only
-    // First check, is this a redirect URI?
-    if (!isLoginRedirect(sdk)) {
-      return false;
-    }
-
-    hashOrSearch = getHashOrSearch(sdk.options);
-  }
-
-  return /(error=interaction_required)/i.test(hashOrSearch);
-}
-//# sourceMappingURL=loginRedirect.js.map

package/esm/oidc/util/loginRedirect.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","indexOf","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGA,OAAO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;AACA,OAAO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;AACA,OAAO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;AAED,OAAO,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;AAED,OAAO,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA4D;AACjE,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;AACA,SAAOH,GAAG,IAAIA,GAAG,CAACI,OAAJ,CAAYF,UAAU,CAACG,WAAvB,MAAwC,CAAtD;AACD;AAED,OAAO,SAASC,UAAT,CAAoBH,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACI,IAAR,IAAgBJ,OAAO,CAACK,YAAR,KAAyB,MAAzC,IAAmDL,OAAO,CAACM,YAAR,KAAyB,OAAnF;AACD;AAED,OAAO,SAASC,eAAT,CAAyBP,OAAzB,EAAmD;AACxD,MAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAD,CAAzB;AACA,MAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBrB,IAA3D;AACD;AAED;AACA;AACA;AACA;;AACA,OAAO,SAASuB,eAAT,CAA0Bf,GAA1B,EAAyC;AAC9C;AACA,MAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBhB,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJ6C,CAM9C;;;AACA,MAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIe,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOsB,OAAP;AACD,GAjB6C,CAmB9C;;;AACA,SAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAP,CAAgBrB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;AACA,OAAO,SAAS0B,qBAAT,CAAgClB,GAAhC,EAA+CL,YAA/C,EAAsE;AAC3E,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,CAACoB,eAAe,CAACf,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuth, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuth): boolean {\n  var authParams = sdk.options;\n  return uri && uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuth) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuth, hashOrSearch?: string) {\n  if (!hashOrSearch) { // web only\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n    hashOrSearch = getHashOrSearch(sdk.options);\n  }\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}

package/esm/oidc/util/oauth.js

@@ -1,70 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* eslint-disable complexity, max-statements */
-import { genRandomString, removeTrailingSlash } from '../../util';
-import AuthSdkError from '../../errors/AuthSdkError';
-export function generateState() {
-  return genRandomString(64);
-}
-export function generateNonce() {
-  return genRandomString(64);
-}
-
-function getIssuer(sdk) {
-  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  var issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;
-  return issuer;
-}
-
-export function getOAuthBaseUrl(sdk) {
-  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  var issuer = getIssuer(sdk, options);
-  var baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';
-  return baseUrl;
-}
-export function getOAuthDomain(sdk) {
-  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  var issuer = getIssuer(sdk, options);
-  var domain = issuer.split('/oauth2')[0];
-  return domain;
-}
-export function getOAuthUrls(sdk, options) {
-  if (arguments.length > 2) {
-    throw new AuthSdkError('As of version 3.0, "getOAuthUrls" takes only a single set of options');
-  }
-
-  options = options || {}; // Get user-supplied arguments
-
-  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;
-  var issuer = getIssuer(sdk, options);
-  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;
-  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;
-  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;
-  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;
-  var baseUrl = getOAuthBaseUrl(sdk, options);
-  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';
-  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';
-  tokenUrl = tokenUrl || baseUrl + '/v1/token';
-  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';
-  logoutUrl = logoutUrl || baseUrl + '/v1/logout';
-  return {
-    issuer: issuer,
-    authorizeUrl: authorizeUrl,
-    userinfoUrl: userinfoUrl,
-    tokenUrl: tokenUrl,
-    revokeUrl: revokeUrl,
-    logoutUrl: logoutUrl
-  };
-}
-//# sourceMappingURL=oauth.js.map

package/esm/oidc/util/oauth.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["genRandomString","removeTrailingSlash","AuthSdkError","generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","indexOf","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AACA,SAASA,eAAT,EAA0BC,mBAA1B,QAAqD,YAArD;AACA,OAAOC,YAAP,MAAyB,2BAAzB;AAGA,OAAO,SAASC,aAAT,GAAyB;AAC9B,SAAOH,eAAe,CAAC,EAAD,CAAtB;AACD;AAED,OAAO,SAASI,aAAT,GAAyB;AAC9B,SAAOJ,eAAe,CAAC,EAAD,CAAtB;AACD;;AAED,SAASK,SAAT,CAAmBC,GAAnB,EAA4D;AAAA,MAA1BC,OAA0B,uEAAJ,EAAI;AAC1D,MAAMC,MAAM,GAAGP,mBAAmB,CAACM,OAAO,CAACC,MAAT,CAAnB,IAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAED,OAAO,SAASC,eAAT,CAAyBH,GAAzB,EAAkE;AAAA,MAA1BC,OAA0B,uEAAJ,EAAI;AACvE,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,MAAMG,OAAO,GAAGF,MAAM,CAACG,OAAP,CAAe,SAAf,IAA4B,CAA5B,GAAgCH,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;AAED,OAAO,SAASE,cAAT,CAAwBN,GAAxB,EAAiE;AAAA,MAA1BC,OAA0B,uEAAJ,EAAI;AACtE,MAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,MAAMM,MAAM,GAAGL,MAAM,CAACM,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;AAED,OAAO,SAASE,YAAT,CAAsBT,GAAtB,EAAqCC,OAArC,EAA2D;AAChE,MAAIS,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,UAAM,IAAIf,YAAJ,CAAiB,sEAAjB,CAAN;AACD;;AACDK,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJgE,CAMhE;;AACA,MAAIW,YAAY,GAAGjB,mBAAmB,CAACM,OAAO,CAACW,YAAT,CAAnB,IAA6CZ,GAAG,CAACC,OAAJ,CAAYW,YAA5E;AACA,MAAIV,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;AACA,MAAIY,WAAW,GAAGlB,mBAAmB,CAACM,OAAO,CAACY,WAAT,CAAnB,IAA4Cb,GAAG,CAACC,OAAJ,CAAYY,WAA1E;AACA,MAAIC,QAAQ,GAAGnB,mBAAmB,CAACM,OAAO,CAACa,QAAT,CAAnB,IAAyCd,GAAG,CAACC,OAAJ,CAAYa,QAApE;AACA,MAAIC,SAAS,GAAGpB,mBAAmB,CAACM,OAAO,CAACc,SAAT,CAAnB,IAA0Cf,GAAG,CAACC,OAAJ,CAAYc,SAAtE;AACA,MAAIC,SAAS,GAAGrB,mBAAmB,CAACM,OAAO,CAACe,SAAT,CAAnB,IAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;AAEA,MAAIZ,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;AAEAW,EAAAA,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;AACAS,EAAAA,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;AACAU,EAAAA,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;AACAY,EAAAA,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;AACAW,EAAAA,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;AAEA,SAAO;AACLF,IAAAA,MAAM,EAAEA,MADH;AAELU,IAAAA,YAAY,EAAEA,YAFT;AAGLC,IAAAA,WAAW,EAAEA,WAHR;AAILC,IAAAA,QAAQ,EAAEA,QAJL;AAKLE,IAAAA,SAAS,EAAEA,SALN;AAMLD,IAAAA,SAAS,EAAEA;AANN,GAAP;AAQD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, CustomUrls } from '../../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuth, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuth, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuth, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuth, options?: CustomUrls) {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n"],"file":"oauth.js"}

package/esm/oidc/util/pkce.js

@@ -1,55 +0,0 @@
-/*!
- * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-
-/* eslint-disable complexity, max-statements */
-import { stringToBase64Url } from '../../crypto';
-import { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';
-import { webcrypto } from '../../crypto';
-
-function dec2hex(dec) {
-  return ('0' + dec.toString(16)).substr(-2);
-}
-
-function getRandomString(length) {
-  var a = new Uint8Array(Math.ceil(length / 2));
-  webcrypto.getRandomValues(a);
-  var str = Array.from(a, dec2hex).join('');
-  return str.slice(0, length);
-}
-
-function generateVerifier(prefix) {
-  var verifier = prefix || '';
-
-  if (verifier.length < MIN_VERIFIER_LENGTH) {
-    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);
-  }
-
-  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);
-}
-
-function computeChallenge(str) {
-  var buffer = new TextEncoder().encode(str);
-  return webcrypto.subtle.digest('SHA-256', buffer).then(function (arrayBuffer) {
-    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));
-    var b64u = stringToBase64Url(hash); // url-safe base64 variant
-
-    return b64u;
-  });
-}
-
-export default {
-  DEFAULT_CODE_CHALLENGE_METHOD,
-  generateVerifier,
-  computeChallenge
-};
-//# sourceMappingURL=pkce.js.map

package/esm/oidc/util/pkce.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["stringToBase64Url","MIN_VERIFIER_LENGTH","MAX_VERIFIER_LENGTH","DEFAULT_CODE_CHALLENGE_METHOD","webcrypto","dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","getRandomValues","str","Array","from","join","slice","generateVerifier","prefix","verifier","encodeURIComponent","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AACD,SAASA,iBAAT,QAAkC,cAAlC;AACA,SAASC,mBAAT,EAA8BC,mBAA9B,EAAmDC,6BAAnD,QAAwF,iBAAxF;AACA,SAASC,SAAT,QAA0B,cAA1B;;AAEA,SAASC,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;AACAN,EAAAA,SAAS,CAACW,eAAV,CAA0BJ,CAA1B;AACA,MAAIK,GAAG,GAAGC,KAAK,CAACC,IAAN,CAAWP,CAAX,EAAcN,OAAd,EAAuBc,IAAvB,CAA4B,EAA5B,CAAV;AACA,SAAOH,GAAG,CAACI,KAAJ,CAAU,CAAV,EAAaV,MAAb,CAAP;AACD;;AAED,SAASW,gBAAT,CAA0BC,MAA1B,EAAmD;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,CAACb,MAAT,GAAkBT,mBAAtB,EAA2C;AACzCsB,IAAAA,QAAQ,GAAGA,QAAQ,GAAGd,eAAe,CAACR,mBAAmB,GAAGsB,QAAQ,CAACb,MAAhC,CAArC;AACD;;AACD,SAAOc,kBAAkB,CAACD,QAAD,CAAlB,CAA6BH,KAA7B,CAAmC,CAAnC,EAAsClB,mBAAtC,CAAP;AACD;;AAED,SAASuB,gBAAT,CAA0BT,GAA1B,EAAyD;AACvD,MAAIU,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBZ,GAAzB,CAAb;AACA,SAAOZ,SAAS,CAACyB,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAGrC,iBAAiB,CAACiC,IAAD,CAA5B,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;AAED,eAAe;AACblC,EAAAA,6BADa;AAEbkB,EAAAA,gBAFa;AAGbI,EAAAA;AAHa,CAAf","sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport { webcrypto } from '../../crypto';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n"],"file":"pkce.js"}