npm - @okta/okta-auth-js - Versions diffs - 5.8.0 → 5.10.1 - Mend

@okta/okta-auth-js 5.8.0 → 5.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (417) hide show

package/CHANGELOG.md +45 -0
package/README.md +12 -2
package/cjs/OktaAuth.js +34 -13
package/cjs/OktaAuth.js.map +1 -1
package/cjs/OktaUserAgent.js +2 -2
package/cjs/OktaUserAgent.js.map +1 -1
package/cjs/TokenManager.js +24 -2
package/cjs/TokenManager.js.map +1 -1
package/cjs/TransactionManager.js +6 -2
package/cjs/TransactionManager.js.map +1 -1
package/cjs/features.js +1 -1
package/cjs/features.js.map +1 -1
package/cjs/idx/authenticate.js +3 -18
package/cjs/idx/authenticate.js.map +1 -1
package/cjs/idx/authenticator/Authenticator.js +14 -0
package/cjs/idx/authenticator/Authenticator.js.map +1 -0
package/cjs/idx/authenticator/OktaPassword.js +31 -0
package/cjs/idx/authenticator/OktaPassword.js.map +1 -0
package/cjs/idx/authenticator/OktaVerifyTotp.js +17 -0
package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -0
package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +50 -0
package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -0
package/cjs/idx/authenticator/SecurityQuestionVerification.js +31 -0
package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -0
package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +34 -0
package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -0
package/cjs/idx/authenticator/getAuthenticator.js +42 -0
package/cjs/idx/authenticator/getAuthenticator.js.map +1 -0
package/cjs/idx/authenticator/index.js +80 -0
package/cjs/idx/authenticator/index.js.map +1 -0
package/cjs/idx/cancel.js +5 -0
package/cjs/idx/cancel.js.map +1 -1
package/cjs/idx/flow/AuthenticationFlow.js +32 -0
package/cjs/idx/flow/AuthenticationFlow.js.map +1 -0
package/cjs/idx/flow/FlowSpecification.js +39 -0
package/cjs/idx/flow/FlowSpecification.js.map +1 -0
package/cjs/idx/flow/PasswordRecoveryFlow.js +28 -0
package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -0
package/{esm/crypto/browser.js → cjs/idx/flow/RegistrationFlow.js} +16 -12
package/cjs/idx/flow/RegistrationFlow.js.map +1 -0
package/cjs/idx/flow/RemediationFlow.js +2 -0
package/{esm/types/Cookies.js.map → cjs/idx/flow/RemediationFlow.js.map} +1 -1
package/cjs/idx/flow/index.js +67 -0
package/cjs/idx/flow/index.js.map +1 -0
package/cjs/idx/index.js +39 -0
package/cjs/idx/index.js.map +1 -1
package/cjs/idx/interact.js +8 -2
package/cjs/idx/interact.js.map +1 -1
package/cjs/idx/poll.js +59 -0
package/cjs/idx/poll.js.map +1 -0
package/cjs/idx/proceed.js +49 -0
package/cjs/idx/proceed.js.map +1 -0
package/cjs/idx/recoverPassword.js +3 -17
package/cjs/idx/recoverPassword.js.map +1 -1
package/cjs/idx/register.js +22 -20
package/cjs/idx/register.js.map +1 -1
package/cjs/idx/remediate.js +40 -93
package/cjs/idx/remediate.js.map +1 -1
package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +9 -12
package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
package/cjs/idx/remediators/AuthenticatorVerificationData.js +6 -9
package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
package/cjs/idx/remediators/Base/AuthenticatorData.js +43 -32
package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
package/cjs/idx/remediators/Base/Remediator.js +51 -20
package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
package/cjs/idx/remediators/Base/SelectAuthenticator.js +16 -16
package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
package/cjs/idx/remediators/Base/VerifyAuthenticator.js +8 -28
package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
package/{esm/idx/remediators/RedirectIdp.js → cjs/idx/remediators/ChallengePoll.js} +13 -25
package/cjs/idx/remediators/ChallengePoll.js.map +1 -0
package/cjs/idx/remediators/EnrollPoll.js +56 -0
package/cjs/idx/remediators/EnrollPoll.js.map +1 -0
package/cjs/idx/remediators/Identify.js +4 -36
package/cjs/idx/remediators/Identify.js.map +1 -1
package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +23 -2
package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
package/cjs/idx/remediators/Skip.js +7 -0
package/cjs/idx/remediators/Skip.js.map +1 -1
package/cjs/idx/remediators/index.js +26 -0
package/cjs/idx/remediators/index.js.map +1 -1
package/cjs/idx/run.js +18 -20
package/cjs/idx/run.js.map +1 -1
package/cjs/idx/startTransaction.js +2 -0
package/cjs/idx/startTransaction.js.map +1 -1
package/cjs/idx/transactionMeta.js +67 -42
package/cjs/idx/transactionMeta.js.map +1 -1
package/cjs/idx/types/FlowIdentifier.js +2 -0
package/{esm/types/AuthState.js.map → cjs/idx/types/FlowIdentifier.js.map} +1 -1
package/cjs/idx/types/idx-js.js.map +1 -1
package/cjs/idx/types/index.js +18 -1
package/cjs/idx/types/index.js.map +1 -1
package/cjs/oidc/endpoints/authorize.js +4 -1
package/cjs/oidc/endpoints/authorize.js.map +1 -1
package/cjs/types/Token.js.map +1 -1
package/cjs/types/Transaction.js.map +1 -1
package/dist/okta-auth-js.min.js +1 -1
package/dist/okta-auth-js.min.js.map +1 -1
package/dist/okta-auth-js.umd.js +1 -1
package/dist/okta-auth-js.umd.js.map +1 -1
package/esm/index.js +8580 -16
package/esm/index.js.map +1 -1
package/lib/TokenManager.d.ts +2 -0
package/lib/TransactionManager.d.ts +1 -0
package/lib/idx/authenticator/Authenticator.d.ts +12 -0
package/lib/idx/authenticator/OktaPassword.d.ts +11 -0
package/lib/idx/authenticator/OktaVerifyTotp.d.ts +9 -0
package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +28 -0
package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +14 -0
package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +10 -0
package/lib/idx/authenticator/getAuthenticator.d.ts +3 -0
package/lib/idx/authenticator/index.d.ts +6 -0
package/{esm/crypto/webcrypto.js → lib/idx/flow/AuthenticationFlow.d.ts} +3 -4
package/lib/idx/flow/FlowSpecification.d.ts +8 -0
package/{esm/oidc/endpoints/index.js → lib/idx/flow/PasswordRecoveryFlow.d.ts} +3 -5
package/{esm/tx/TransactionState.js → lib/idx/flow/RegistrationFlow.d.ts} +3 -3
package/{esm/crypto/index.js → lib/idx/flow/RemediationFlow.d.ts} +3 -6
package/lib/idx/{flowMonitors → flow}/index.d.ts +5 -4
package/lib/idx/index.d.ts +3 -0
package/lib/idx/interact.d.ts +1 -0
package/lib/idx/poll.d.ts +13 -0
package/lib/idx/proceed.d.ts +21 -0
package/lib/idx/register.d.ts +1 -1
package/lib/idx/remediators/AuthenticatorEnrollmentData.d.ts +9 -5
package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +0 -1
package/lib/idx/remediators/Base/AuthenticatorData.d.ts +8 -3
package/lib/idx/remediators/Base/Remediator.d.ts +9 -6
package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +5 -4
package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +8 -4
package/lib/idx/remediators/ChallengePoll.d.ts +15 -0
package/{esm/tx/util.js → lib/idx/remediators/EnrollPoll.d.ts} +11 -13
package/lib/idx/remediators/Identify.d.ts +1 -3
package/lib/idx/remediators/SelectAuthenticatorAuthenticate.d.ts +6 -2
package/lib/idx/remediators/Skip.d.ts +3 -0
package/lib/idx/remediators/index.d.ts +2 -0
package/lib/idx/run.d.ts +8 -10
package/lib/idx/transactionMeta.d.ts +24 -1
package/lib/idx/types/FlowIdentifier.d.ts +1 -0
package/lib/idx/types/idx-js.d.ts +52 -1
package/lib/idx/types/index.d.ts +16 -3
package/lib/types/OktaAuthOptions.d.ts +3 -0
package/lib/types/Token.d.ts +1 -0
package/lib/types/Transaction.d.ts +2 -0
package/lib/types/api.d.ts +15 -2
package/package.json +16 -8
package/cjs/idx/flowMonitors/AuthenticationFlowMonitor.js +0 -45
package/cjs/idx/flowMonitors/AuthenticationFlowMonitor.js.map +0 -1
package/cjs/idx/flowMonitors/FlowMonitor.js +0 -69
package/cjs/idx/flowMonitors/FlowMonitor.js.map +0 -1
package/cjs/idx/flowMonitors/PasswordRecoveryFlowMonitor.js +0 -55
package/cjs/idx/flowMonitors/PasswordRecoveryFlowMonitor.js.map +0 -1
package/cjs/idx/flowMonitors/RegistrationFlowMonitor.js +0 -35
package/cjs/idx/flowMonitors/RegistrationFlowMonitor.js.map +0 -1
package/cjs/idx/flowMonitors/index.js +0 -54
package/cjs/idx/flowMonitors/index.js.map +0 -1
package/esm/AuthStateManager.js +0 -214
package/esm/AuthStateManager.js.map +0 -1
package/esm/OktaAuth.js +0 -705
package/esm/OktaAuth.js.map +0 -1
package/esm/OktaUserAgent.js +0 -49
package/esm/OktaUserAgent.js.map +0 -1
package/esm/PromiseQueue.js +0 -71
package/esm/PromiseQueue.js.map +0 -1
package/esm/SavedObject.js +0 -91
package/esm/SavedObject.js.map +0 -1
package/esm/StorageManager.js +0 -190
package/esm/StorageManager.js.map +0 -1
package/esm/TokenManager.js +0 -455
package/esm/TokenManager.js.map +0 -1
package/esm/TransactionManager.js +0 -324
package/esm/TransactionManager.js.map +0 -1
package/esm/browser/browserStorage.js +0 -256
package/esm/browser/browserStorage.js.map +0 -1
package/esm/browser/fingerprint.js +0 -74
package/esm/browser/fingerprint.js.map +0 -1
package/esm/builderUtil.js +0 -56
package/esm/builderUtil.js.map +0 -1
package/esm/clock.js +0 -32
package/esm/clock.js.map +0 -1
package/esm/constants.js +0 -36
package/esm/constants.js.map +0 -1
package/esm/crypto/base64.js +0 -66
package/esm/crypto/base64.js.map +0 -1
package/esm/crypto/browser.js.map +0 -1
package/esm/crypto/index.js.map +0 -1
package/esm/crypto/node.js +0 -54
package/esm/crypto/node.js.map +0 -1
package/esm/crypto/oidcHash.js +0 -27
package/esm/crypto/oidcHash.js.map +0 -1
package/esm/crypto/verifyToken.js +0 -39
package/esm/crypto/verifyToken.js.map +0 -1
package/esm/crypto/webcrypto.js.map +0 -1
package/esm/errors/AuthApiError.js +0 -30
package/esm/errors/AuthApiError.js.map +0 -1
package/esm/errors/AuthPollStopError.js +0 -20
package/esm/errors/AuthPollStopError.js.map +0 -1
package/esm/errors/AuthSdkError.js +0 -29
package/esm/errors/AuthSdkError.js.map +0 -1
package/esm/errors/CustomError.js +0 -21
package/esm/errors/CustomError.js.map +0 -1
package/esm/errors/OAuthError.js +0 -22
package/esm/errors/OAuthError.js.map +0 -1
package/esm/errors/index.js +0 -22
package/esm/errors/index.js.map +0 -1
package/esm/features.js +0 -64
package/esm/features.js.map +0 -1
package/esm/fetch/fetchRequest.js +0 -92
package/esm/fetch/fetchRequest.js.map +0 -1
package/esm/http/headers.js +0 -17
package/esm/http/headers.js.map +0 -1
package/esm/http/index.js +0 -3
package/esm/http/index.js.map +0 -1
package/esm/http/request.js +0 -145
package/esm/http/request.js.map +0 -1
package/esm/idx/authenticate.js +0 -47
package/esm/idx/authenticate.js.map +0 -1
package/esm/idx/cancel.js +0 -32
package/esm/idx/cancel.js.map +0 -1
package/esm/idx/flowMonitors/AuthenticationFlowMonitor.js +0 -41
package/esm/idx/flowMonitors/AuthenticationFlowMonitor.js.map +0 -1
package/esm/idx/flowMonitors/FlowMonitor.js +0 -73
package/esm/idx/flowMonitors/FlowMonitor.js.map +0 -1
package/esm/idx/flowMonitors/PasswordRecoveryFlowMonitor.js +0 -57
package/esm/idx/flowMonitors/PasswordRecoveryFlowMonitor.js.map +0 -1
package/esm/idx/flowMonitors/RegistrationFlowMonitor.js +0 -28
package/esm/idx/flowMonitors/RegistrationFlowMonitor.js.map +0 -1
package/esm/idx/flowMonitors/index.js +0 -16
package/esm/idx/flowMonitors/index.js.map +0 -1
package/esm/idx/handleInteractionCodeRedirect.js +0 -64
package/esm/idx/handleInteractionCodeRedirect.js.map +0 -1
package/esm/idx/headers.js +0 -39
package/esm/idx/headers.js.map +0 -1
package/esm/idx/index.js +0 -20
package/esm/idx/index.js.map +0 -1
package/esm/idx/interact.js +0 -86
package/esm/idx/interact.js.map +0 -1
package/esm/idx/introspect.js +0 -61
package/esm/idx/introspect.js.map +0 -1
package/esm/idx/recoverPassword.js +0 -46
package/esm/idx/recoverPassword.js.map +0 -1
package/esm/idx/register.js +0 -63
package/esm/idx/register.js.map +0 -1
package/esm/idx/remediate.js +0 -302
package/esm/idx/remediate.js.map +0 -1
package/esm/idx/remediators/AuthenticatorEnrollmentData.js +0 -68
package/esm/idx/remediators/AuthenticatorEnrollmentData.js.map +0 -1
package/esm/idx/remediators/AuthenticatorVerificationData.js +0 -66
package/esm/idx/remediators/AuthenticatorVerificationData.js.map +0 -1
package/esm/idx/remediators/Base/AuthenticatorData.js +0 -105
package/esm/idx/remediators/Base/AuthenticatorData.js.map +0 -1
package/esm/idx/remediators/Base/Remediator.js +0 -221
package/esm/idx/remediators/Base/Remediator.js.map +0 -1
package/esm/idx/remediators/Base/SelectAuthenticator.js +0 -140
package/esm/idx/remediators/Base/SelectAuthenticator.js.map +0 -1
package/esm/idx/remediators/Base/VerifyAuthenticator.js +0 -65
package/esm/idx/remediators/Base/VerifyAuthenticator.js.map +0 -1
package/esm/idx/remediators/ChallengeAuthenticator.js +0 -18
package/esm/idx/remediators/ChallengeAuthenticator.js.map +0 -1
package/esm/idx/remediators/EnrollAuthenticator.js +0 -18
package/esm/idx/remediators/EnrollAuthenticator.js.map +0 -1
package/esm/idx/remediators/EnrollProfile.js +0 -79
package/esm/idx/remediators/EnrollProfile.js.map +0 -1
package/esm/idx/remediators/Identify.js +0 -87
package/esm/idx/remediators/Identify.js.map +0 -1
package/esm/idx/remediators/ReEnrollAuthenticator.js +0 -45
package/esm/idx/remediators/ReEnrollAuthenticator.js.map +0 -1
package/esm/idx/remediators/RedirectIdp.js.map +0 -1
package/esm/idx/remediators/ResetAuthenticator.js +0 -18
package/esm/idx/remediators/ResetAuthenticator.js.map +0 -1
package/esm/idx/remediators/SelectAuthenticatorAuthenticate.js +0 -18
package/esm/idx/remediators/SelectAuthenticatorAuthenticate.js.map +0 -1
package/esm/idx/remediators/SelectAuthenticatorEnroll.js +0 -18
package/esm/idx/remediators/SelectAuthenticatorEnroll.js.map +0 -1
package/esm/idx/remediators/SelectEnrollProfile.js +0 -24
package/esm/idx/remediators/SelectEnrollProfile.js.map +0 -1
package/esm/idx/remediators/Skip.js +0 -23
package/esm/idx/remediators/Skip.js.map +0 -1
package/esm/idx/remediators/index.js +0 -26
package/esm/idx/remediators/index.js.map +0 -1
package/esm/idx/remediators/util.js +0 -35
package/esm/idx/remediators/util.js.map +0 -1
package/esm/idx/run.js +0 -222
package/esm/idx/run.js.map +0 -1
package/esm/idx/startTransaction.js +0 -27
package/esm/idx/startTransaction.js.map +0 -1
package/esm/idx/transactionMeta.js +0 -125
package/esm/idx/transactionMeta.js.map +0 -1
package/esm/idx/types/idx-js.js +0 -20
package/esm/idx/types/idx-js.js.map +0 -1
package/esm/idx/types/index.js +0 -44
package/esm/idx/types/index.js.map +0 -1
package/esm/oidc/decodeToken.js +0 -31
package/esm/oidc/decodeToken.js.map +0 -1
package/esm/oidc/endpoints/authorize.js +0 -61
package/esm/oidc/endpoints/authorize.js.map +0 -1
package/esm/oidc/endpoints/index.js.map +0 -1
package/esm/oidc/endpoints/token.js +0 -97
package/esm/oidc/endpoints/token.js.map +0 -1
package/esm/oidc/endpoints/well-known.js +0 -58
package/esm/oidc/endpoints/well-known.js.map +0 -1
package/esm/oidc/exchangeCodeForTokens.js +0 -69
package/esm/oidc/exchangeCodeForTokens.js.map +0 -1
package/esm/oidc/getToken.js +0 -180
package/esm/oidc/getToken.js.map +0 -1
package/esm/oidc/getUserInfo.js +0 -82
package/esm/oidc/getUserInfo.js.map +0 -1
package/esm/oidc/getWithPopup.js +0 -34
package/esm/oidc/getWithPopup.js.map +0 -1
package/esm/oidc/getWithRedirect.js +0 -61
package/esm/oidc/getWithRedirect.js.map +0 -1
package/esm/oidc/getWithoutPrompt.js +0 -29
package/esm/oidc/getWithoutPrompt.js.map +0 -1
package/esm/oidc/handleOAuthResponse.js +0 -148
package/esm/oidc/handleOAuthResponse.js.map +0 -1
package/esm/oidc/index.js +0 -29
package/esm/oidc/index.js.map +0 -1
package/esm/oidc/parseFromUrl.js +0 -144
package/esm/oidc/parseFromUrl.js.map +0 -1
package/esm/oidc/renewToken.js +0 -85
package/esm/oidc/renewToken.js.map +0 -1
package/esm/oidc/renewTokens.js +0 -74
package/esm/oidc/renewTokens.js.map +0 -1
package/esm/oidc/renewTokensWithRefresh.js +0 -55
package/esm/oidc/renewTokensWithRefresh.js.map +0 -1
package/esm/oidc/revokeToken.js +0 -57
package/esm/oidc/revokeToken.js.map +0 -1
package/esm/oidc/util/browser.js +0 -74
package/esm/oidc/util/browser.js.map +0 -1
package/esm/oidc/util/defaultTokenParams.js +0 -42
package/esm/oidc/util/defaultTokenParams.js.map +0 -1
package/esm/oidc/util/errors.js +0 -31
package/esm/oidc/util/errors.js.map +0 -1
package/esm/oidc/util/index.js +0 -25
package/esm/oidc/util/index.js.map +0 -1
package/esm/oidc/util/loginRedirect.js +0 -88
package/esm/oidc/util/loginRedirect.js.map +0 -1
package/esm/oidc/util/oauth.js +0 -70
package/esm/oidc/util/oauth.js.map +0 -1
package/esm/oidc/util/pkce.js +0 -55
package/esm/oidc/util/pkce.js.map +0 -1
package/esm/oidc/util/prepareTokenParams.js +0 -75
package/esm/oidc/util/prepareTokenParams.js.map +0 -1
package/esm/oidc/util/refreshToken.js +0 -24
package/esm/oidc/util/refreshToken.js.map +0 -1
package/esm/oidc/util/urlParams.js +0 -54
package/esm/oidc/util/urlParams.js.map +0 -1
package/esm/oidc/util/validateClaims.js +0 -53
package/esm/oidc/util/validateClaims.js.map +0 -1
package/esm/oidc/util/validateToken.js +0 -21
package/esm/oidc/util/validateToken.js.map +0 -1
package/esm/oidc/verifyToken.js +0 -78
package/esm/oidc/verifyToken.js.map +0 -1
package/esm/options.js +0 -144
package/esm/options.js.map +0 -1
package/esm/server/serverStorage.js +0 -111
package/esm/server/serverStorage.js.map +0 -1
package/esm/services/TokenService.js +0 -103
package/esm/services/TokenService.js.map +0 -1
package/esm/session.js +0 -81
package/esm/session.js.map +0 -1
package/esm/tx/AuthTransaction.js +0 -213
package/esm/tx/AuthTransaction.js.map +0 -1
package/esm/tx/TransactionState.js.map +0 -1
package/esm/tx/api.js +0 -87
package/esm/tx/api.js.map +0 -1
package/esm/tx/index.js +0 -18
package/esm/tx/index.js.map +0 -1
package/esm/tx/poll.js +0 -124
package/esm/tx/poll.js.map +0 -1
package/esm/tx/util.js.map +0 -1
package/esm/types/AuthState.js +0 -3
package/esm/types/Cookies.js +0 -3
package/esm/types/EventEmitter.js +0 -3
package/esm/types/EventEmitter.js.map +0 -1
package/esm/types/JWT.js +0 -3
package/esm/types/JWT.js.map +0 -1
package/esm/types/OAuth.js +0 -3
package/esm/types/OAuth.js.map +0 -1
package/esm/types/OktaAuthOptions.js +0 -3
package/esm/types/OktaAuthOptions.js.map +0 -1
package/esm/types/Storage.js +0 -3
package/esm/types/Storage.js.map +0 -1
package/esm/types/Token.js +0 -29
package/esm/types/Token.js.map +0 -1
package/esm/types/TokenManager.js +0 -3
package/esm/types/TokenManager.js.map +0 -1
package/esm/types/Transaction.js +0 -57
package/esm/types/Transaction.js.map +0 -1
package/esm/types/UserClaims.js +0 -3
package/esm/types/UserClaims.js.map +0 -1
package/esm/types/api.js +0 -3
package/esm/types/api.js.map +0 -1
package/esm/types/http.js +0 -3
package/esm/types/http.js.map +0 -1
package/esm/types/index.js +0 -27
package/esm/types/index.js.map +0 -1
package/esm/util/console.js +0 -53
package/esm/util/console.js.map +0 -1
package/esm/util/emailVerify.js +0 -21
package/esm/util/emailVerify.js.map +0 -1
package/esm/util/index.js +0 -18
package/esm/util/index.js.map +0 -1
package/esm/util/misc.js +0 -33
package/esm/util/misc.js.map +0 -1
package/esm/util/object.js +0 -117
package/esm/util/object.js.map +0 -1
package/esm/util/sharedStorage.js +0 -43
package/esm/util/sharedStorage.js.map +0 -1
package/esm/util/types.js +0 -27
package/esm/util/types.js.map +0 -1
package/esm/util/url.js +0 -64
package/esm/util/url.js.map +0 -1
package/lib/idx/flowMonitors/AuthenticationFlowMonitor.d.ts +0 -15
package/lib/idx/flowMonitors/FlowMonitor.d.ts +0 -23
package/lib/idx/flowMonitors/PasswordRecoveryFlowMonitor.d.ts +0 -16
package/lib/idx/flowMonitors/RegistrationFlowMonitor.d.ts +0 -15

package/esm/oidc/util/prepareTokenParams.js DELETED Viewed

@@ -1,75 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { getWellKnown } from '../endpoints/well-known';
-import { AuthSdkError } from '../../errors';
-import { clone } from '../../util';
-import { getDefaultTokenParams } from './defaultTokenParams';
-import { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';
-import pkce from './pkce'; // Prepares params for a call to /authorize or /token
-export function prepareTokenParams(sdk, tokenParams) {
-  // build params using defaults + options
-  var defaults = getDefaultTokenParams(sdk);
-  tokenParams = Object.assign({}, defaults, clone(tokenParams));
-  if (tokenParams.pkce === false) {
-    // Implicit flow or authorization_code without PKCE
-    return Promise.resolve(tokenParams);
-  } // PKCE flow
-  if (!sdk.features.isPKCESupported()) {
-    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';
-    if (!sdk.features.isHTTPS()) {
-      // eslint-disable-next-line max-len
-      errorMessage += '\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';
-    }
-    if (!sdk.features.hasTextEncoder()) {
-      // eslint-disable-next-line max-len
-      errorMessage += '\n"TextEncoder" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';
-    }
-    return Promise.reject(new AuthSdkError(errorMessage));
-  } // set default code challenge method, if none provided
-  if (!tokenParams.codeChallengeMethod) {
-    tokenParams.codeChallengeMethod = DEFAULT_CODE_CHALLENGE_METHOD;
-  } // responseType is forced
-  tokenParams.responseType = 'code';
-  return getWellKnown(sdk, null).then(function (res) {
-    var methods = res['code_challenge_methods_supported'] || [];
-    if (methods.indexOf(tokenParams.codeChallengeMethod) === -1) {
-      throw new AuthSdkError('Invalid code_challenge_method');
-    }
-  }).then(function () {
-    if (!tokenParams.codeVerifier) {
-      tokenParams.codeVerifier = pkce.generateVerifier();
-    }
-    return pkce.computeChallenge(tokenParams.codeVerifier);
-  }).then(function (codeChallenge) {
-    // Clone/copy the params. Set codeChallenge
-    var clonedParams = clone(tokenParams) || {};
-    Object.assign(clonedParams, tokenParams, {
-      codeChallenge: codeChallenge
-    });
-    return clonedParams;
-  });
-}
-//# sourceMappingURL=prepareTokenParams.js.map

package/esm/oidc/util/prepareTokenParams.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"names":["getWellKnown","AuthSdkError","clone","getDefaultTokenParams","DEFAULT_CODE_CHALLENGE_METHOD","pkce","prepareTokenParams","sdk","tokenParams","defaults","Object","assign","Promise","resolve","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","reject","codeChallengeMethod","responseType","then","res","methods","indexOf","codeVerifier","generateVerifier","computeChallenge","codeChallenge","clonedParams"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,yBAA7B;AACA,SAASC,YAAT,QAA6B,cAA7B;AAEA,SAASC,KAAT,QAAsB,YAAtB;AACA,SAASC,qBAAT,QAAsC,sBAAtC;AACA,SAASC,6BAAT,QAA8C,iBAA9C;AACA,OAAOC,IAAP,MAAiB,QAAjB,C,CAEA;;AACA,OAAO,SAASC,kBAAT,CAA4BC,GAA5B,EAA2CC,WAA3C,EAA4F;AACjG;AACA,MAAMC,QAAQ,GAAGN,qBAAqB,CAACI,GAAD,CAAtC;AACAC,EAAAA,WAAW,GAAGE,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,QAAlB,EAA4BP,KAAK,CAACM,WAAD,CAAjC,CAAd;;AAEA,MAAIA,WAAW,CAACH,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOO,OAAO,CAACC,OAAR,CAAgBL,WAAhB,CAAP;AACD,GARgG,CAUjG;;;AACA,MAAI,CAACD,GAAG,CAACO,QAAJ,CAAaC,eAAb,EAAL,EAAqC;AACnC,QAAIC,YAAY,GAAG,qFAAnB;;AACA,QAAI,CAACT,GAAG,CAACO,QAAJ,CAAaG,OAAb,EAAL,EAA6B;AAC3B;AACAD,MAAAA,YAAY,IAAI,kGAAhB;AACD;;AACD,QAAI,CAACT,GAAG,CAACO,QAAJ,CAAaI,cAAb,EAAL,EAAoC;AAClC;AACAF,MAAAA,YAAY,IAAI,wGAAhB;AACD;;AACD,WAAOJ,OAAO,CAACO,MAAR,CAAe,IAAIlB,YAAJ,CAAiBe,YAAjB,CAAf,CAAP;AACD,GAtBgG,CAwBjG;;;AACA,MAAI,CAACR,WAAW,CAACY,mBAAjB,EAAsC;AACpCZ,IAAAA,WAAW,CAACY,mBAAZ,GAAkChB,6BAAlC;AACD,GA3BgG,CA6BjG;;;AACAI,EAAAA,WAAW,CAACa,YAAZ,GAA2B,MAA3B;AAEA,SAAOrB,YAAY,CAACO,GAAD,EAAM,IAAN,CAAZ,CACJe,IADI,CACC,UAAUC,GAAV,EAAe;AACnB,QAAIC,OAAO,GAAGD,GAAG,CAAC,kCAAD,CAAH,IAA2C,EAAzD;;AACA,QAAIC,OAAO,CAACC,OAAR,CAAgBjB,WAAW,CAACY,mBAA5B,MAAqD,CAAC,CAA1D,EAA6D;AAC3D,YAAM,IAAInB,YAAJ,CAAiB,+BAAjB,CAAN;AACD;AACF,GANI,EAOJqB,IAPI,CAOC,YAAY;AAChB,QAAI,CAACd,WAAW,CAACkB,YAAjB,EAA+B;AAC7BlB,MAAAA,WAAW,CAACkB,YAAZ,GAA2BrB,IAAI,CAACsB,gBAAL,EAA3B;AACD;;AACD,WAAOtB,IAAI,CAACuB,gBAAL,CAAsBpB,WAAW,CAACkB,YAAlC,CAAP;AACD,GAZI,EAaJJ,IAbI,CAaC,UAAUO,aAAV,EAAyB;AAC7B;AACA,QAAIC,YAAY,GAAG5B,KAAK,CAACM,WAAD,CAAL,IAAsB,EAAzC;AACAE,IAAAA,MAAM,CAACC,MAAP,CAAcmB,YAAd,EAA4BtB,WAA5B,EAAyC;AACvCqB,MAAAA,aAAa,EAAEA;AADwB,KAAzC;AAGA,WAAOC,YAAP;AACD,GApBI,CAAP;AAqBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuth, TokenParams } from '../../types';\nimport { clone } from '../../util';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport pkce from './pkce';\n\n// Prepares params for a call to /authorize or /token\nexport function prepareTokenParams(sdk: OktaAuth, tokenParams?: TokenParams): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = Object.assign({}, defaults, clone(tokenParams));\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return Promise.resolve(tokenParams);\n }\n\n // PKCE flow\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n return Promise.reject(new AuthSdkError(errorMessage));\n }\n\n // set default code challenge method, if none provided\n if (!tokenParams.codeChallengeMethod) {\n tokenParams.codeChallengeMethod = DEFAULT_CODE_CHALLENGE_METHOD;\n }\n\n // responseType is forced\n tokenParams.responseType = 'code';\n\n return getWellKnown(sdk, null)\n .then(function (res) {\n var methods = res['code_challenge_methods_supported'] || [];\n if (methods.indexOf(tokenParams.codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n })\n .then(function () {\n if (!tokenParams.codeVerifier) {\n tokenParams.codeVerifier = pkce.generateVerifier();\n }\n return pkce.computeChallenge(tokenParams.codeVerifier);\n })\n .then(function (codeChallenge) {\n // Clone/copy the params. Set codeChallenge\n var clonedParams = clone(tokenParams) || {};\n Object.assign(clonedParams, tokenParams, {\n codeChallenge: codeChallenge,\n });\n return clonedParams;\n });\n}"],"file":"prepareTokenParams.js"}

package/esm/oidc/util/refreshToken.js DELETED Viewed

@@ -1,24 +0,0 @@
-import { isAuthApiError } from '../../errors';
-export function isSameRefreshToken(a, b) {
-  return a.refreshToken === b.refreshToken;
-}
-export function isRefreshTokenError(err) {
-  if (!isAuthApiError(err)) {
-    return false;
-  }
-  if (!err.xhr || !err.xhr.responseJSON) {
-    return false;
-  }
-  var {
-    responseJSON
-  } = err.xhr;
-  if (responseJSON.error === 'invalid_grant') {
-    return true;
-  }
-  return false;
-}
-//# sourceMappingURL=refreshToken.js.map

package/esm/oidc/util/refreshToken.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../lib/oidc/util/refreshToken.ts"],"names":["isAuthApiError","isSameRefreshToken","a","b","refreshToken","isRefreshTokenError","err","xhr","responseJSON","error"],"mappings":"AACA,SAASA,cAAT,QAA+B,cAA/B;AAEA,OAAO,SAASC,kBAAT,CAA4BC,CAA5B,EAA6CC,CAA7C,EAA8D;AACnE,SAAQD,CAAC,CAACE,YAAF,KAAmBD,CAAC,CAACC,YAA7B;AACD;AAED,OAAO,SAASC,mBAAT,CAA6BC,GAA7B,EAAyC;AAC9C,MAAI,CAACN,cAAc,CAACM,GAAD,CAAnB,EAA0B;AACxB,WAAO,KAAP;AACD;;AAED,MAAI,CAACA,GAAG,CAACC,GAAL,IAAY,CAACD,GAAG,CAACC,GAAJ,CAAQC,YAAzB,EAAuC;AACrC,WAAO,KAAP;AACD;;AAED,MAAM;AAAEA,IAAAA;AAAF,MAAmBF,GAAG,CAACC,GAA7B;;AACA,MAAIC,YAAY,CAACC,KAAb,KAAuB,eAA3B,EAA4C;AAC1C,WAAO,IAAP;AACD;;AAED,SAAO,KAAP;AACD","sourcesContent":["import { RefreshToken } from '../../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n if (!isAuthApiError(err)) {\n return false;\n }\n\n if (!err.xhr || !err.xhr.responseJSON) {\n return false;\n }\n\n const { responseJSON } = err.xhr;\n if (responseJSON.error === 'invalid_grant') {\n return true;\n }\n\n return false;\n}"],"file":"refreshToken.js"}

package/esm/oidc/util/urlParams.js DELETED Viewed

@@ -1,54 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-/* eslint-disable complexity, max-statements */
-export function urlParamsToObject(hashOrSearch) {
-  // Predefine regexs for parsing hash
-  var plus2space = /\+/g;
-  var paramSplit = /([^&=]+)=?([^&]*)/g;
-  var fragment = hashOrSearch || ''; // Some hash based routers will automatically add a / character after the hash
-  if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {
-    fragment = fragment.substring(2);
-  } // Remove the leading # or ?
-  if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {
-    fragment = fragment.substring(1);
-  }
-  var obj = {}; // Loop until we have no more params
-  var param;
-  while (true) {
-    // eslint-disable-line no-constant-condition
-    param = paramSplit.exec(fragment);
-    if (!param) {
-      break;
-    }
-    var key = param[1];
-    var value = param[2]; // id_token should remain base64url encoded
-    if (key === 'id_token' || key === 'access_token' || key === 'code') {
-      obj[key] = value;
-    } else {
-      obj[key] = decodeURIComponent(value.replace(plus2space, ' '));
-    }
-  }
-  return obj;
-}
-//# sourceMappingURL=urlParams.js.map

package/esm/oidc/util/urlParams.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../lib/oidc/util/urlParams.ts"],"names":["urlParamsToObject","hashOrSearch","plus2space","paramSplit","fragment","charAt","substring","obj","param","exec","key","value","decodeURIComponent","replace"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAO,SAASA,iBAAT,CAA2BC,YAA3B,EAAiD;AACtD;AACA,MAAIC,UAAU,GAAG,KAAjB;AACA,MAAIC,UAAU,GAAG,oBAAjB;AACA,MAAIC,QAAQ,GAAGH,YAAY,IAAI,EAA/B,CAJsD,CAMtD;;AACA,MAAIG,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD,GATqD,CAWtD;;;AACA,MAAIF,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAvB,IAA8BD,QAAQ,CAACC,MAAT,CAAgB,CAAhB,MAAuB,GAAzD,EAA8D;AAC5DD,IAAAA,QAAQ,GAAGA,QAAQ,CAACE,SAAT,CAAmB,CAAnB,CAAX;AACD;;AAGD,MAAIC,GAAG,GAAG,EAAV,CAjBsD,CAmBtD;;AACA,MAAIC,KAAJ;;AACA,SAAO,IAAP,EAAa;AAAE;AACbA,IAAAA,KAAK,GAAGL,UAAU,CAACM,IAAX,CAAgBL,QAAhB,CAAR;;AACA,QAAI,CAACI,KAAL,EAAY;AAAE;AAAQ;;AAEtB,QAAIE,GAAG,GAAGF,KAAK,CAAC,CAAD,CAAf;AACA,QAAIG,KAAK,GAAGH,KAAK,CAAC,CAAD,CAAjB,CALW,CAOX;;AACA,QAAIE,GAAG,KAAK,UAAR,IAAsBA,GAAG,KAAK,cAA9B,IAAgDA,GAAG,KAAK,MAA5D,EAAoE;AAClEH,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWC,KAAX;AACD,KAFD,MAEO;AACLJ,MAAAA,GAAG,CAACG,GAAD,CAAH,GAAWE,kBAAkB,CAACD,KAAK,CAACE,OAAN,CAAcX,UAAd,EAA0B,GAA1B,CAAD,CAA7B;AACD;AACF;;AACD,SAAOK,GAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nexport function urlParamsToObject(hashOrSearch: string) {\n // Predefine regexs for parsing hash\n var plus2space = /\\+/g;\n var paramSplit = /([^&=]+)=?([^&]*)/g;\n var fragment = hashOrSearch || '';\n\n // Some hash based routers will automatically add a / character after the hash\n if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n fragment = fragment.substring(2);\n }\n\n // Remove the leading # or ?\n if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n fragment = fragment.substring(1);\n }\n\n\n var obj = {};\n\n // Loop until we have no more params\n var param;\n while (true) { // eslint-disable-line no-constant-condition\n param = paramSplit.exec(fragment);\n if (!param) { break; }\n\n var key = param[1];\n var value = param[2];\n\n // id_token should remain base64url encoded\n if (key === 'id_token' || key === 'access_token' || key === 'code') {\n obj[key] = value;\n } else {\n obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n }\n }\n return obj;\n}\n"],"file":"urlParams.js"}

package/esm/oidc/util/validateClaims.js DELETED Viewed

@@ -1,53 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-/* eslint-disable complexity, max-statements */
-import AuthSdkError from '../../errors/AuthSdkError';
-export function validateClaims(sdk, claims, validationParams) {
-  var aud = validationParams.clientId;
-  var iss = validationParams.issuer;
-  var nonce = validationParams.nonce;
-  if (!claims || !iss || !aud) {
-    throw new AuthSdkError('The jwt, iss, and aud arguments are all required');
-  }
-  if (nonce && claims.nonce !== nonce) {
-    throw new AuthSdkError('OAuth flow response nonce doesn\'t match request nonce');
-  }
-  var now = Math.floor(Date.now() / 1000);
-  if (claims.iss !== iss) {
-    throw new AuthSdkError('The issuer [' + claims.iss + '] ' + 'does not match [' + iss + ']');
-  }
-  if (claims.aud !== aud) {
-    throw new AuthSdkError('The audience [' + claims.aud + '] ' + 'does not match [' + aud + ']');
-  }
-  if (claims.iat > claims.exp) {
-    throw new AuthSdkError('The JWT expired before it was issued');
-  }
-  if (!sdk.options.ignoreLifetime) {
-    if (now - sdk.options.maxClockSkew > claims.exp) {
-      throw new AuthSdkError('The JWT expired and is no longer valid');
-    }
-    if (claims.iat > now + sdk.options.maxClockSkew) {
-      throw new AuthSdkError('The JWT was issued in the future');
-    }
-  }
-}
-//# sourceMappingURL=validateClaims.js.map

package/esm/oidc/util/validateClaims.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["AuthSdkError","validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAEA,OAAOA,YAAP,MAAyB,2BAAzB;AAGA,OAAO,SAASC,cAAT,CAAwBC,GAAxB,EAAuCC,MAAvC,EAA2DC,gBAA3D,EAAgG;AACrG,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIL,YAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAIS,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIT,YAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIU,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIP,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIP,YAAJ,CAAiB,iBAAiBG,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIL,YAAJ,CAAiB,mBAAmBG,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACW,GAAP,GAAaX,MAAM,CAACY,GAAxB,EAA6B;AAC3B,UAAM,IAAIf,YAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACE,GAAG,CAACc,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGR,GAAG,CAACc,OAAJ,CAAYE,YAAnB,GAAmCf,MAAM,CAACY,GAA9C,EAAmD;AACjD,YAAM,IAAIf,YAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIG,MAAM,CAACW,GAAP,GAAcJ,GAAG,GAAGR,GAAG,CAACc,OAAJ,CAAYE,YAApC,EAAmD;AACjD,YAAM,IAAIlB,YAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuth, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat > claims.exp) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew) > claims.exp) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat > (now + sdk.options.maxClockSkew)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"file":"validateClaims.js"}

package/esm/oidc/util/validateToken.js DELETED Viewed

@@ -1,21 +0,0 @@
-/* eslint-disable complexity */
-import { AuthSdkError } from '../../errors';
-import { isAccessToken, isIDToken, isRefreshToken } from '../../types';
-export function validateToken(token, type) {
-  if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {
-    throw new AuthSdkError('Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property');
-  }
-  if (type === 'accessToken' && !isAccessToken(token)) {
-    throw new AuthSdkError('invalid accessToken');
-  }
-  if (type === 'idToken' && !isIDToken(token)) {
-    throw new AuthSdkError('invalid idToken');
-  }
-  if (type === 'refreshToken' && !isRefreshToken(token)) {
-    throw new AuthSdkError('invalid refreshToken');
-  }
-}
-//# sourceMappingURL=validateToken.js.map

package/esm/oidc/util/validateToken.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../lib/oidc/util/validateToken.ts"],"names":["AuthSdkError","isAccessToken","isIDToken","isRefreshToken","validateToken","token","type"],"mappings":"AAAA;AAEA,SAASA,YAAT,QAA6B,cAA7B;AACA,SAASC,aAAT,EAAwBC,SAAxB,EAAmCC,cAAnC,QAA2E,aAA3E;AAEA,OAAO,SAASC,aAAT,CAAuBC,KAAvB,EAAqCC,IAArC,EAAuD;AAC5D,MAAI,CAACJ,SAAS,CAACG,KAAD,CAAV,IAAqB,CAACJ,aAAa,CAACI,KAAD,CAAnC,IAA8C,CAACF,cAAc,CAACE,KAAD,CAAjE,EAA0E;AACxE,UAAM,IAAIL,YAAJ,CACJ,+GADI,CAAN;AAGD;;AAED,MAAIM,IAAI,KAAK,aAAT,IAA0B,CAACL,aAAa,CAACI,KAAD,CAA5C,EAAqD;AACnD,UAAM,IAAIL,YAAJ,CAAiB,qBAAjB,CAAN;AACD;;AACD,MAAIM,IAAI,KAAK,SAAT,IAAsB,CAACJ,SAAS,CAACG,KAAD,CAApC,EAA6C;AAC3C,UAAM,IAAIL,YAAJ,CAAiB,iBAAjB,CAAN;AACD;;AAED,MAAIM,IAAI,KAAK,cAAT,IAA2B,CAACH,cAAc,CAACE,KAAD,CAA9C,EAAuD;AACrD,UAAM,IAAIL,YAAJ,CAAiB,sBAAjB,CAAN;AACD;AACF","sourcesContent":["/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n throw new AuthSdkError(\n 'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n );\n }\n \n if (type === 'accessToken' && !isAccessToken(token)) {\n throw new AuthSdkError('invalid accessToken');\n } \n if (type === 'idToken' && !isIDToken(token)) {\n throw new AuthSdkError('invalid idToken');\n }\n\n if (type === 'refreshToken' && !isRefreshToken(token)) {\n throw new AuthSdkError('invalid refreshToken');\n }\n}"],"file":"validateToken.js"}

package/esm/oidc/verifyToken.js DELETED Viewed

@@ -1,78 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-/* eslint-disable max-len */
-/* eslint-disable complexity */
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { getWellKnown, getKey } from './endpoints/well-known';
-import { validateClaims } from './util';
-import { AuthSdkError } from '../errors';
-import { decodeToken } from './decodeToken';
-import * as sdkCrypto from '../crypto'; // Verify the id token
-export function verifyToken(_x, _x2, _x3) {
-  return _verifyToken.apply(this, arguments);
-}
-function _verifyToken() {
-  _verifyToken = _asyncToGenerator(function* (sdk, token, validationParams) {
-    if (!token || !token.idToken) {
-      throw new AuthSdkError('Only idTokens may be verified');
-    } // Decode the Jwt object (may throw)
-    var jwt = decodeToken(token.idToken); // The configured issuer may point to a frontend proxy.
-    // Get the "real" issuer from .well-known/openid-configuration
-    var configuredIssuer = (validationParams === null || validationParams === void 0 ? void 0 : validationParams.issuer) || sdk.options.issuer;
-    var {
-      issuer
-    } = yield getWellKnown(sdk, configuredIssuer);
-    var validationOptions = Object.assign({
-      // base options, can be overridden by params
-      clientId: sdk.options.clientId,
-      ignoreSignature: sdk.options.ignoreSignature
-    }, validationParams, {
-      // final options, cannot be overridden
-      issuer
-    }); // Standard claim validation (may throw)
-    validateClaims(sdk, jwt.payload, validationOptions); // If the browser doesn't support native crypto or we choose not
-    // to verify the signature, bail early
-    if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {
-      return token;
-    }
-    var key = yield getKey(sdk, token.issuer, jwt.header.kid);
-    var valid = yield sdkCrypto.verifyToken(token.idToken, key);
-    if (!valid) {
-      throw new AuthSdkError('The token signature is not valid');
-    }
-    if (validationParams && validationParams.accessToken && token.claims.at_hash) {
-      var hash = yield sdkCrypto.getOidcHash(validationParams.accessToken);
-      if (hash !== token.claims.at_hash) {
-        throw new AuthSdkError('Token hash verification failed');
-      }
-    }
-    return token;
-  });
-  return _verifyToken.apply(this, arguments);
-}
-//# sourceMappingURL=verifyToken.js.map

package/esm/oidc/verifyToken.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../lib/oidc/verifyToken.ts"],"names":["getWellKnown","getKey","validateClaims","AuthSdkError","decodeToken","sdkCrypto","verifyToken","sdk","token","validationParams","idToken","jwt","configuredIssuer","issuer","options","validationOptions","Object","assign","clientId","ignoreSignature","payload","features","isTokenVerifySupported","key","header","kid","valid","accessToken","claims","at_hash","hash","getOidcHash"],"mappings":";;AAAA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,EAAuBC,MAAvB,QAAqC,wBAArC;AACA,SAASC,cAAT,QAA+B,QAA/B;AACA,SAASC,YAAT,QAA6B,WAA7B;AAEA,SAASC,WAAT,QAA4B,eAA5B;AACA,OAAO,KAAKC,SAAZ,MAA2B,WAA3B,C,CAEA;;AACA,gBAAsBC,WAAtB;AAAA;AAAA;;;mCAAO,WAA2BC,GAA3B,EAA0CC,KAA1C,EAA0DC,gBAA1D,EAAiH;AACtH,QAAI,CAACD,KAAD,IAAU,CAACA,KAAK,CAACE,OAArB,EAA8B;AAC5B,YAAM,IAAIP,YAAJ,CAAiB,+BAAjB,CAAN;AACD,KAHqH,CAKtH;;;AACA,QAAIQ,GAAG,GAAGP,WAAW,CAACI,KAAK,CAACE,OAAP,CAArB,CANsH,CAQtH;AACA;;AACA,QAAME,gBAAgB,GAAG,CAAAH,gBAAgB,SAAhB,IAAAA,gBAAgB,WAAhB,YAAAA,gBAAgB,CAAEI,MAAlB,KAA4BN,GAAG,CAACO,OAAJ,CAAYD,MAAjE;AACA,QAAM;AAAEA,MAAAA;AAAF,cAAmBb,YAAY,CAACO,GAAD,EAAMK,gBAAN,CAArC;AAEA,QAAIG,iBAAoC,GAAGC,MAAM,CAACC,MAAP,CAAc;AACvD;AACAC,MAAAA,QAAQ,EAAEX,GAAG,CAACO,OAAJ,CAAYI,QAFiC;AAGvDC,MAAAA,eAAe,EAAEZ,GAAG,CAACO,OAAJ,CAAYK;AAH0B,KAAd,EAIxCV,gBAJwC,EAItB;AACnB;AACAI,MAAAA;AAFmB,KAJsB,CAA3C,CAbsH,CAsBtH;;AACAX,IAAAA,cAAc,CAACK,GAAD,EAAMI,GAAG,CAACS,OAAV,EAAmBL,iBAAnB,CAAd,CAvBsH,CAyBtH;AACA;;AACA,QAAIA,iBAAiB,CAACI,eAAlB,IAAqC,IAArC,IAA6C,CAACZ,GAAG,CAACc,QAAJ,CAAaC,sBAAb,EAAlD,EAAyF;AACvF,aAAOd,KAAP;AACD;;AAED,QAAMe,GAAG,SAAStB,MAAM,CAACM,GAAD,EAAMC,KAAK,CAACK,MAAZ,EAAoBF,GAAG,CAACa,MAAJ,CAAWC,GAA/B,CAAxB;AACA,QAAMC,KAAK,SAASrB,SAAS,CAACC,WAAV,CAAsBE,KAAK,CAACE,OAA5B,EAAqCa,GAArC,CAApB;;AACA,QAAI,CAACG,KAAL,EAAY;AACV,YAAM,IAAIvB,YAAJ,CAAiB,kCAAjB,CAAN;AACD;;AACD,QAAIM,gBAAgB,IAAIA,gBAAgB,CAACkB,WAArC,IAAoDnB,KAAK,CAACoB,MAAN,CAAaC,OAArE,EAA8E;AAC5E,UAAMC,IAAI,SAASzB,SAAS,CAAC0B,WAAV,CAAsBtB,gBAAgB,CAACkB,WAAvC,CAAnB;;AACA,UAAIG,IAAI,KAAKtB,KAAK,CAACoB,MAAN,CAAaC,OAA1B,EAAmC;AACjC,cAAM,IAAI1B,YAAJ,CAAiB,gCAAjB,CAAN;AACD;AACF;;AACD,WAAOK,KAAP;AACD,G","sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuth, TokenVerifyParams } from '../types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuth, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n var jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n var validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n const key = await getKey(sdk, token.issuer, jwt.header.kid);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"file":"verifyToken.js"}

package/esm/options.js DELETED Viewed

@@ -1,144 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- */
-/* eslint-disable complexity */
-import { removeTrailingSlash, warn, removeNils } from './util';
-import { assertValidConfig } from './builderUtil';
-import fetchRequest from './fetch/fetchRequest';
-import browserStorage from './browser/browserStorage';
-import serverStorage from './server/serverStorage';
-import { isBrowser, isHTTPS } from './features';
-var BROWSER_STORAGE = {
-  token: {
-    storageTypes: ['localStorage', 'sessionStorage', 'cookie'],
-    useMultipleCookies: true
-  },
-  cache: {
-    storageTypes: ['localStorage', 'sessionStorage', 'cookie']
-  },
-  transaction: {
-    storageTypes: ['sessionStorage', 'localStorage', 'cookie']
-  },
-  'shared-transaction': {
-    storageTypes: ['localStorage']
-  },
-  'original-uri': {
-    storageTypes: ['localStorage']
-  }
-};
-var SERVER_STORAGE = {
-  token: {
-    storageTypes: ['memory']
-  },
-  cache: {
-    storageTypes: ['memory']
-  },
-  transaction: {
-    storageTypes: ['memory']
-  }
-};
-function getCookieSettings() {
-  var args = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  var isHTTPS = arguments.length > 1 ? arguments[1] : undefined;
-  // Secure cookies will be automatically used on a HTTPS connection
-  // Non-secure cookies will be automatically used on a HTTP connection
-  // secure option can override the automatic behavior
-  var cookieSettings = args.cookies || {};
-  if (typeof cookieSettings.secure === 'undefined') {
-    cookieSettings.secure = isHTTPS;
-  }
-  if (typeof cookieSettings.sameSite === 'undefined') {
-    cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';
-  } // If secure=true, but the connection is not HTTPS, set secure=false.
-  if (cookieSettings.secure && !isHTTPS) {
-    // eslint-disable-next-line no-console
-    warn('The current page is not being served with the HTTPS protocol.\n' + 'For security reasons, we strongly recommend using HTTPS.\n' + 'If you cannot use HTTPS, set "cookies.secure" option to false.');
-    cookieSettings.secure = false;
-  } // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure
-  // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.
-  if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {
-    cookieSettings.sameSite = 'lax';
-  }
-  return cookieSettings;
-}
-export function getDefaultOptions() {
-  var storageUtil = isBrowser() ? browserStorage : serverStorage;
-  var storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;
-  var enableSharedStorage = isBrowser() ? true : false; // localStorage for multi-tab flows (browser only)
-  return {
-    devMode: false,
-    httpRequestClient: fetchRequest,
-    storageUtil,
-    storageManager,
-    transactionManager: {
-      enableSharedStorage
-    }
-  };
-}
-function mergeOptions(options, args) {
-  return Object.assign({}, options, removeNils(args), {
-    storageManager: Object.assign({}, options.storageManager, args.storageManager),
-    transactionManager: Object.assign({}, options.transactionManager, args.transactionManager)
-  });
-}
-export function buildOptions() {
-  var args = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  assertValidConfig(args);
-  args = mergeOptions(getDefaultOptions(), args);
-  return removeNils({
-    // OIDC configuration
-    issuer: removeTrailingSlash(args.issuer),
-    tokenUrl: removeTrailingSlash(args.tokenUrl),
-    authorizeUrl: removeTrailingSlash(args.authorizeUrl),
-    userinfoUrl: removeTrailingSlash(args.userinfoUrl),
-    revokeUrl: removeTrailingSlash(args.revokeUrl),
-    logoutUrl: removeTrailingSlash(args.logoutUrl),
-    clientId: args.clientId,
-    redirectUri: args.redirectUri,
-    state: args.state,
-    scopes: args.scopes,
-    postLogoutRedirectUri: args.postLogoutRedirectUri,
-    responseMode: args.responseMode,
-    responseType: args.responseType,
-    pkce: args.pkce === false ? false : true,
-    // PKCE defaults to true
-    useInteractionCodeFlow: args.useInteractionCodeFlow,
-    // Internal options
-    httpRequestClient: args.httpRequestClient,
-    transformErrorXHR: args.transformErrorXHR,
-    transformAuthState: args.transformAuthState,
-    restoreOriginalUri: args.restoreOriginalUri,
-    storageUtil: args.storageUtil,
-    headers: args.headers,
-    devMode: !!args.devMode,
-    storageManager: args.storageManager,
-    transactionManager: args.transactionManager,
-    cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,
-    // Give the developer the ability to disable token signature validation.
-    ignoreSignature: !!args.ignoreSignature,
-    // Server-side web applications
-    clientSecret: args.clientSecret
-  });
-}
-//# sourceMappingURL=options.js.map

package/esm/options.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../lib/options.ts"],"names":["removeTrailingSlash","warn","removeNils","assertValidConfig","fetchRequest","browserStorage","serverStorage","isBrowser","isHTTPS","BROWSER_STORAGE","token","storageTypes","useMultipleCookies","cache","transaction","SERVER_STORAGE","getCookieSettings","args","cookieSettings","cookies","secure","sameSite","getDefaultOptions","storageUtil","storageManager","enableSharedStorage","devMode","httpRequestClient","transactionManager","mergeOptions","options","Object","assign","buildOptions","issuer","tokenUrl","authorizeUrl","userinfoUrl","revokeUrl","logoutUrl","clientId","redirectUri","state","scopes","postLogoutRedirectUri","responseMode","responseType","pkce","useInteractionCodeFlow","transformErrorXHR","transformAuthState","restoreOriginalUri","headers","ignoreSignature","clientSecret"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,mBAAT,EAA8BC,IAA9B,EAAoCC,UAApC,QAAsD,QAAtD;AACA,SAASC,iBAAT,QAAkC,eAAlC;AAGA,OAAOC,YAAP,MAAyB,sBAAzB;AACA,OAAOC,cAAP,MAA2B,0BAA3B;AACA,OAAOC,aAAP,MAA0B,wBAA1B;AACA,SAASC,SAAT,EAAoBC,OAApB,QAAmC,YAAnC;AAEA,IAAMC,eAAsC,GAAG;AAC7CC,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY,CADT;AAMLC,IAAAA,kBAAkB,EAAE;AANf,GADsC;AAS7CC,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,cADY,EAEZ,gBAFY,EAGZ,QAHY;AADT,GATsC;AAgB7CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,gBADY,EAEZ,cAFY,EAGZ,QAHY;AADH,GAhBgC;AAuB7C,wBAAsB;AACpBA,IAAAA,YAAY,EAAE,CACZ,cADY;AADM,GAvBuB;AA4B7C,kBAAgB;AACdA,IAAAA,YAAY,EAAE,CACZ,cADY;AADA;AA5B6B,CAA/C;AAmCA,IAAMI,cAAqC,GAAG;AAC5CL,EAAAA,KAAK,EAAE;AACLC,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GADqC;AAM5CE,EAAAA,KAAK,EAAE;AACLF,IAAAA,YAAY,EAAE,CACZ,QADY;AADT,GANqC;AAW5CG,EAAAA,WAAW,EAAE;AACXH,IAAAA,YAAY,EAAE,CACZ,QADY;AADH;AAX+B,CAA9C;;AAkBA,SAASK,iBAAT,GAAyE;AAAA,MAA9CC,IAA8C,uEAAtB,EAAsB;AAAA,MAAlBT,OAAkB;AACvE;AACA;AACA;AACA,MAAIU,cAAc,GAAGD,IAAI,CAACE,OAAL,IAAgB,EAArC;;AACA,MAAI,OAAOD,cAAc,CAACE,MAAtB,KAAiC,WAArC,EAAkD;AAChDF,IAAAA,cAAc,CAACE,MAAf,GAAwBZ,OAAxB;AACD;;AACD,MAAI,OAAOU,cAAc,CAACG,QAAtB,KAAmC,WAAvC,EAAoD;AAClDH,IAAAA,cAAc,CAACG,QAAf,GAA0BH,cAAc,CAACE,MAAf,GAAwB,MAAxB,GAAiC,KAA3D;AACD,GAVsE,CAYvE;;;AACA,MAAIF,cAAc,CAACE,MAAf,IAAyB,CAACZ,OAA9B,EAAuC;AACrC;AACAP,IAAAA,IAAI,CACF,oEACA,4DADA,GAEA,gEAHE,CAAJ;AAKAiB,IAAAA,cAAc,CAACE,MAAf,GAAwB,KAAxB;AACD,GArBsE,CAuBvE;AACA;;;AACA,MAAIF,cAAc,CAACG,QAAf,KAA4B,MAA5B,IAAsC,CAACH,cAAc,CAACE,MAA1D,EAAkE;AAChEF,IAAAA,cAAc,CAACG,QAAf,GAA0B,KAA1B;AACD;;AAED,SAAOH,cAAP;AACD;;AAGD,OAAO,SAASI,iBAAT,GAA8C;AACnD,MAAMC,WAAW,GAAGhB,SAAS,KAAKF,cAAL,GAAsBC,aAAnD;AACA,MAAMkB,cAAc,GAAGjB,SAAS,KAAKE,eAAL,GAAuBM,cAAvD;AACA,MAAMU,mBAAmB,GAAGlB,SAAS,KAAK,IAAL,GAAY,KAAjD,CAHmD,CAGK;;AACxD,SAAO;AACLmB,IAAAA,OAAO,EAAE,KADJ;AAELC,IAAAA,iBAAiB,EAAEvB,YAFd;AAGLmB,IAAAA,WAHK;AAILC,IAAAA,cAJK;AAKLI,IAAAA,kBAAkB,EAAE;AAClBH,MAAAA;AADkB;AALf,GAAP;AASD;;AAED,SAASI,YAAT,CAAsBC,OAAtB,EAA+Bb,IAA/B,EAAsD;AACpD,SAAOc,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAlB,EAA2B5B,UAAU,CAACe,IAAD,CAArC,EAA6C;AAClDO,IAAAA,cAAc,EAAEO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACN,cAA1B,EAA0CP,IAAI,CAACO,cAA/C,CADkC;AAElDI,IAAAA,kBAAkB,EAAEG,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBF,OAAO,CAACF,kBAA1B,EAA8CX,IAAI,CAACW,kBAAnD;AAF8B,GAA7C,CAAP;AAID;;AAED,OAAO,SAASK,YAAT,GAAmE;AAAA,MAA7ChB,IAA6C,uEAArB,EAAqB;AACxEd,EAAAA,iBAAiB,CAACc,IAAD,CAAjB;AACAA,EAAAA,IAAI,GAAGY,YAAY,CAACP,iBAAiB,EAAlB,EAAsBL,IAAtB,CAAnB;AACA,SAAOf,UAAU,CAAC;AAChB;AACAgC,IAAAA,MAAM,EAAElC,mBAAmB,CAACiB,IAAI,CAACiB,MAAN,CAFX;AAGhBC,IAAAA,QAAQ,EAAEnC,mBAAmB,CAACiB,IAAI,CAACkB,QAAN,CAHb;AAIhBC,IAAAA,YAAY,EAAEpC,mBAAmB,CAACiB,IAAI,CAACmB,YAAN,CAJjB;AAKhBC,IAAAA,WAAW,EAAErC,mBAAmB,CAACiB,IAAI,CAACoB,WAAN,CALhB;AAMhBC,IAAAA,SAAS,EAAEtC,mBAAmB,CAACiB,IAAI,CAACqB,SAAN,CANd;AAOhBC,IAAAA,SAAS,EAAEvC,mBAAmB,CAACiB,IAAI,CAACsB,SAAN,CAPd;AAQhBC,IAAAA,QAAQ,EAAEvB,IAAI,CAACuB,QARC;AAShBC,IAAAA,WAAW,EAAExB,IAAI,CAACwB,WATF;AAUhBC,IAAAA,KAAK,EAAEzB,IAAI,CAACyB,KAVI;AAWhBC,IAAAA,MAAM,EAAE1B,IAAI,CAAC0B,MAXG;AAYhBC,IAAAA,qBAAqB,EAAE3B,IAAI,CAAC2B,qBAZZ;AAahBC,IAAAA,YAAY,EAAE5B,IAAI,CAAC4B,YAbH;AAchBC,IAAAA,YAAY,EAAE7B,IAAI,CAAC6B,YAdH;AAehBC,IAAAA,IAAI,EAAE9B,IAAI,CAAC8B,IAAL,KAAc,KAAd,GAAsB,KAAtB,GAA8B,IAfpB;AAe0B;AAC1CC,IAAAA,sBAAsB,EAAE/B,IAAI,CAAC+B,sBAhBb;AAkBhB;AACArB,IAAAA,iBAAiB,EAAEV,IAAI,CAACU,iBAnBR;AAoBhBsB,IAAAA,iBAAiB,EAAEhC,IAAI,CAACgC,iBApBR;AAqBhBC,IAAAA,kBAAkB,EAAEjC,IAAI,CAACiC,kBArBT;AAsBhBC,IAAAA,kBAAkB,EAAElC,IAAI,CAACkC,kBAtBT;AAuBhB5B,IAAAA,WAAW,EAAEN,IAAI,CAACM,WAvBF;AAwBhB6B,IAAAA,OAAO,EAAEnC,IAAI,CAACmC,OAxBE;AAyBhB1B,IAAAA,OAAO,EAAE,CAAC,CAACT,IAAI,CAACS,OAzBA;AA0BhBF,IAAAA,cAAc,EAAEP,IAAI,CAACO,cA1BL;AA2BhBI,IAAAA,kBAAkB,EAAEX,IAAI,CAACW,kBA3BT;AA4BhBT,IAAAA,OAAO,EAAEZ,SAAS,KAAKS,iBAAiB,CAACC,IAAD,EAAOT,OAAO,EAAd,CAAtB,GAA0CS,IAAI,CAACE,OA5BjD;AA8BhB;AACAkC,IAAAA,eAAe,EAAE,CAAC,CAACpC,IAAI,CAACoC,eA/BR;AAiChB;AACAC,IAAAA,YAAY,EAAErC,IAAI,CAACqC;AAlCH,GAAD,CAAjB;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { removeTrailingSlash, warn, removeNils } from './util';\nimport { assertValidConfig } from './builderUtil';\nimport { OktaAuthOptions, StorageManagerOptions } from './types';\n\nimport fetchRequest from './fetch/fetchRequest';\nimport browserStorage from './browser/browserStorage';\nimport serverStorage from './server/serverStorage';\nimport { isBrowser, isHTTPS } from './features';\n\nconst BROWSER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ],\n useMultipleCookies: true\n },\n cache: {\n storageTypes: [\n 'localStorage',\n 'sessionStorage',\n 'cookie'\n ]\n },\n transaction: {\n storageTypes: [\n 'sessionStorage',\n 'localStorage',\n 'cookie'\n ]\n },\n 'shared-transaction': {\n storageTypes: [\n 'localStorage'\n ]\n },\n 'original-uri': {\n storageTypes: [\n 'localStorage'\n ]\n }\n};\n\nconst SERVER_STORAGE: StorageManagerOptions = {\n token: {\n storageTypes: [\n 'memory'\n ]\n },\n cache: {\n storageTypes: [\n 'memory'\n ]\n },\n transaction: {\n storageTypes: [\n 'memory'\n ]\n }\n};\n\nfunction getCookieSettings(args: OktaAuthOptions = {}, isHTTPS: boolean) {\n // Secure cookies will be automatically used on a HTTPS connection\n // Non-secure cookies will be automatically used on a HTTP connection\n // secure option can override the automatic behavior\n var cookieSettings = args.cookies || {};\n if (typeof cookieSettings.secure === 'undefined') {\n cookieSettings.secure = isHTTPS;\n }\n if (typeof cookieSettings.sameSite === 'undefined') {\n cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n }\n\n // If secure=true, but the connection is not HTTPS, set secure=false.\n if (cookieSettings.secure && !isHTTPS) {\n // eslint-disable-next-line no-console\n warn(\n 'The current page is not being served with the HTTPS protocol.\\n' +\n 'For security reasons, we strongly recommend using HTTPS.\\n' +\n 'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n );\n cookieSettings.secure = false;\n }\n\n // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n cookieSettings.sameSite = 'lax';\n }\n\n return cookieSettings;\n}\n\n\nexport function getDefaultOptions(): OktaAuthOptions {\n const storageUtil = isBrowser() ? browserStorage : serverStorage;\n const storageManager = isBrowser() ? BROWSER_STORAGE : SERVER_STORAGE;\n const enableSharedStorage = isBrowser() ? true : false; // localStorage for multi-tab flows (browser only)\n return {\n devMode: false,\n httpRequestClient: fetchRequest,\n storageUtil,\n storageManager,\n transactionManager: {\n enableSharedStorage\n }\n };\n}\n\nfunction mergeOptions(options, args): OktaAuthOptions {\n return Object.assign({}, options, removeNils(args), {\n storageManager: Object.assign({}, options.storageManager, args.storageManager),\n transactionManager: Object.assign({}, options.transactionManager, args.transactionManager),\n });\n}\n\nexport function buildOptions(args: OktaAuthOptions = {}): OktaAuthOptions {\n assertValidConfig(args);\n args = mergeOptions(getDefaultOptions(), args);\n return removeNils({\n // OIDC configuration\n issuer: removeTrailingSlash(args.issuer),\n tokenUrl: removeTrailingSlash(args.tokenUrl),\n authorizeUrl: removeTrailingSlash(args.authorizeUrl),\n userinfoUrl: removeTrailingSlash(args.userinfoUrl),\n revokeUrl: removeTrailingSlash(args.revokeUrl),\n logoutUrl: removeTrailingSlash(args.logoutUrl),\n clientId: args.clientId,\n redirectUri: args.redirectUri,\n state: args.state,\n scopes: args.scopes,\n postLogoutRedirectUri: args.postLogoutRedirectUri,\n responseMode: args.responseMode,\n responseType: args.responseType,\n pkce: args.pkce === false ? false : true, // PKCE defaults to true\n useInteractionCodeFlow: args.useInteractionCodeFlow,\n\n // Internal options\n httpRequestClient: args.httpRequestClient,\n transformErrorXHR: args.transformErrorXHR,\n transformAuthState: args.transformAuthState,\n restoreOriginalUri: args.restoreOriginalUri,\n storageUtil: args.storageUtil,\n headers: args.headers,\n devMode: !!args.devMode,\n storageManager: args.storageManager,\n transactionManager: args.transactionManager,\n cookies: isBrowser() ? getCookieSettings(args, isHTTPS()) : args.cookies,\n\n // Give the developer the ability to disable token signature validation.\n ignoreSignature: !!args.ignoreSignature,\n\n // Server-side web applications\n clientSecret: args.clientSecret\n });\n}\n"],"file":"options.js"}

package/esm/server/serverStorage.js DELETED Viewed

@@ -1,111 +0,0 @@
-/*!
- * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { AuthSdkError } from '../errors';
-var NodeCache = require('node-cache'); // commonJS module cannot be imported without esModuleInterop
-// this is a SHARED memory storage to support a stateless http server
-var sharedStorage = typeof NodeCache === 'function' ? new NodeCache() : null;
-class ServerCookies {
-  // NodeCache
-  constructor(nodeCache) {
-    this.nodeCache = nodeCache;
-  }
-  set(name, value, expiresAt) {
-    // eslint-disable-next-line no-extra-boolean-cast
-    if (!!Date.parse(expiresAt)) {
-      // Time to expiration in seconds
-      var ttl = (Date.parse(expiresAt) - Date.now()) / 1000;
-      this.nodeCache.set(name, value, ttl);
-    } else {
-      this.nodeCache.set(name, value);
-    }
-    return this.get(name);
-  }
-  get(name) {
-    return this.nodeCache.get(name);
-  }
-  delete(name) {
-    return this.nodeCache.del(name);
-  }
-} // Building this as an object allows us to mock the functions in our tests
-class ServerStorage {
-  // NodeCache
-  constructor(nodeCache) {
-    this.nodeCache = nodeCache;
-    this.storage = new ServerCookies(nodeCache);
-  }
-  testStorageType(storageType) {
-    var supported = false;
-    switch (storageType) {
-      case 'memory':
-        supported = true;
-        break;
-      default:
-        break;
-    }
-    return supported;
-  }
-  getStorageByType(storageType) {
-    var storageProvider = null;
-    switch (storageType) {
-      case 'memory':
-        storageProvider = this.getStorage();
-        break;
-      default:
-        throw new AuthSdkError("Unrecognized storage option: ".concat(storageType));
-        break;
-    }
-    return storageProvider;
-  }
-  findStorageType() {
-    return 'memory';
-  } // will be removed in next version. OKTA-362589
-  getHttpCache() {
-    return null; // stubbed in server.js
-  } // shared in-memory using node cache
-  getStorage() {
-    return {
-      getItem: this.nodeCache.get,
-      setItem: (key, value) => {
-        this.nodeCache.set(key, value, '2200-01-01T00:00:00.000Z');
-      }
-    };
-  }
-}
-export default new ServerStorage(sharedStorage);
-//# sourceMappingURL=serverStorage.js.map