@okta/okta-auth-js 5.8.0 → 5.9.0

package/esm/idx/run.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/idx/run.ts"],"names":["interact","introspect","remediate","remediators","AuthSdkError","IdxStatus","IdxFeature","getSavedTransactionMeta","getEnabledFeatures","idxResponse","res","actions","neededToProceed","push","PASSWORD_RECOVERY","some","name","REGISTRATION","SOCIAL_IDP","getAvailableSteps","remediations","remediatorMap","Object","values","reduce","map","remediatorClass","remediationName","remediation","T","remediator","getNextStep","run","authClient","options","tokens","nextStep","messages","error","meta","enabledFeatures","availableSteps","status","PENDING","shouldClearTransaction","interactionHandle","metaFromResp","stateTokenExternalId","state","interactResponse","flow","stateHandle","rawIdxState","idxResponseFromResp","nextStepFromResp","terminal","canceled","messagesFromResp","transactionManager","saveIdxResponse","TERMINAL","CANCELED","interactionCode","flowMonitor","isFinished","clientId","codeVerifier","ignoreSignature","redirectUri","urls","scopes","token","exchangeCodeForTokens","SUCCESS","err","FAILURE","clear","_idxResponse"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA,SAASA,QAAT,QAAyB,YAAzB;AACA,SAASC,UAAT,QAA2B,cAA3B;AACA,SAASC,SAAT,QAA0B,aAA1B;AAEA,OAAO,KAAKC,WAAZ,MAA6B,eAA7B;AACA,SAASC,YAAT,QAA6B,WAA7B;AACA,SAGEC,SAHF,EAKEC,UALF,QAOO,UAPP;AASA,SAASC,uBAAT,QAAwC,mBAAxC;;AAUA,SAASC,kBAAT,CAA4BC,WAA5B,EAAoE;AAClE,MAAMC,GAAG,GAAG,EAAZ;AACA,MAAM;AAAEC,IAAAA,OAAF;AAAWC,IAAAA;AAAX,MAA+BH,WAArC;;AAEA,MAAIE,OAAO,CAAC,8BAAD,CAAX,EAA6C;AAC3CD,IAAAA,GAAG,CAACG,IAAJ,CAASP,UAAU,CAACQ,iBAApB;AACD;;AAED,MAAIF,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,uBAAvB;AAAA,GAArB,CAAJ,EAA0E;AACxEN,IAAAA,GAAG,CAACG,IAAJ,CAASP,UAAU,CAACW,YAApB;AACD;;AAED,MAAIL,eAAe,CAACG,IAAhB,CAAqB;AAAA,QAAC;AAAEC,MAAAA;AAAF,KAAD;AAAA,WAAcA,IAAI,KAAK,cAAvB;AAAA,GAArB,CAAJ,EAAiE;AAC/DN,IAAAA,GAAG,CAACG,IAAJ,CAASP,UAAU,CAACY,UAApB;AACD;;AAED,SAAOR,GAAP;AACD;;AAED,SAASS,iBAAT,CAA2BC,YAA3B,EAAuE;AACrE,MAAMV,GAAG,GAAG,EAAZ;AAEA,MAAMW,aAAa,GAAGC,MAAM,CAACC,MAAP,CAAcpB,WAAd,EAA2BqB,MAA3B,CAAkC,CAACC,GAAD,EAAMC,eAAN,KAA0B;AAChF;AACA,QAAIA,eAAe,CAACC,eAApB,EAAqC;AACnCF,MAAAA,GAAG,CAACC,eAAe,CAACC,eAAjB,CAAH,GAAuCD,eAAvC;AACD;;AACD,WAAOD,GAAP;AACD,GANqB,EAMnB,EANmB,CAAtB;;AAQA,OAAK,IAAIG,WAAT,IAAwBR,YAAxB,EAAsC;AACpC,QAAMS,CAAC,GAAGR,aAAa,CAACO,WAAW,CAACZ,IAAb,CAAvB;;AACA,QAAIa,CAAJ,EAAO;AACL,UAAMC,UAAU,GAAG,IAAID,CAAJ,CAAMD,WAAN,CAAnB;AACAlB,MAAAA,GAAG,CAACG,IAAJ,CAAUiB,UAAU,CAACC,WAAX,EAAV;AACD;AACF;;AAED,SAAOrB,GAAP;AACD;;AAED,gBAAsBsB,GAAtB;AAAA;AAAA;;;2BAAO,WACLC,UADK,EAELC,OAFK,EAGoB;AACzB,QAAIC,MAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,QAAJ;AACA,QAAIC,KAAJ;AACA,QAAIC,IAAJ;AACA,QAAIC,eAAJ;AACA,QAAIC,cAAJ;AACA,QAAIC,MAAM,GAAGrC,SAAS,CAACsC,OAAvB;AACA,QAAIC,sBAAsB,GAAG,KAA7B;AACA,QAAInC,WAAJ;AACA,QAAIoC,iBAAJ;AACA,QAAIC,YAAJ;;AAEA,QAAI;AAEF,UAAM;AAAEC,QAAAA,oBAAF;AAAwBC,QAAAA;AAAxB,UAAkCd,OAAxC;;AACA,UAAIa,oBAAJ,EAA0B;AAAA;;AACxB;AACAD,QAAAA,YAAY,GAAGvC,uBAAuB,CAAC0B,UAAD,EAAa;AAAEe,UAAAA;AAAF,SAAb,CAAtC;AACAH,QAAAA,iBAAiB,oBAAGC,YAAH,kDAAG,cAAcD,iBAAlC,CAHwB,CAG6B;AACtD,OAJD,MAIO;AACL;AACA,YAAMI,gBAAgB,SAASjD,QAAQ,CAACiC,UAAD,EAAaC,OAAb,CAAvC;AACAW,QAAAA,iBAAiB,GAAGI,gBAAgB,CAACJ,iBAArC;AACAC,QAAAA,YAAY,GAAGG,gBAAgB,CAACV,IAAhC;AACD,OAZC,CAcF;;;AACA9B,MAAAA,WAAW,SAASR,UAAU,CAACgC,UAAD,EAAa;AAAEY,QAAAA,iBAAF;AAAqBE,QAAAA;AAArB,OAAb,CAA9B;;AAEA,UAAI,CAACb,OAAO,CAACgB,IAAT,IAAiB,CAAChB,OAAO,CAACvB,OAA9B,EAAuC;AACrC;AACA4B,QAAAA,IAAI,GAAGO,YAAP;AACAN,QAAAA,eAAe,GAAGhC,kBAAkB,CAACC,WAAD,CAApC;AACAgC,QAAAA,cAAc,GAAGtB,iBAAiB,CAACV,WAAW,CAACG,eAAb,CAAlC;AACD,OALD,MAKO;AACL,YAAMW,MAAqC,mCACtCW,OADsC;AAEzCiB,UAAAA,WAAW,EAAE1C,WAAW,CAAC2C,WAAZ,CAAwBD;AAFI,UAA3C,CADK,CAML;;;AACA,YAAM;AACJ1C,UAAAA,WAAW,EAAE4C,mBADT;AAEJjB,UAAAA,QAAQ,EAAEkB,gBAFN;AAGJC,UAAAA,QAHI;AAIJC,UAAAA,QAJI;AAKJnB,UAAAA,QAAQ,EAAEoB;AALN,kBAMIvD,SAAS,CAACO,WAAD,EAAcc,MAAd,EAAsBW,OAAtB,CANnB,CAPK,CAeL;;AACAE,QAAAA,QAAQ,GAAGkB,gBAAX;AACAjB,QAAAA,QAAQ,GAAGoB,gBAAX,CAjBK,CAmBL;;AACA,YAAIrB,QAAQ,IAAIiB,mBAAhB,EAAqC;AACnCpB,UAAAA,UAAU,CAACyB,kBAAX,CAA8BC,eAA9B,CAA8CN,mBAAmB,CAACD,WAAlE;AACD;;AAED,YAAIG,QAAJ,EAAc;AACZb,UAAAA,MAAM,GAAGrC,SAAS,CAACuD,QAAnB;AACAhB,UAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAAC,YAAIY,QAAJ,EAAc;AACdd,UAAAA,MAAM,GAAGrC,SAAS,CAACwD,QAAnB;AACAjB,UAAAA,sBAAsB,GAAG,IAAzB;AACD,SAHC,MAGK,IAAIS,mBAAJ,aAAIA,mBAAJ,eAAIA,mBAAmB,CAAES,eAAzB,EAA0C;AAC/C;AACA;AACA,cAAI,QAAQ5B,OAAO,CAAC6B,WAAR,CAAoBC,UAApB,EAAR,CAAJ,EAA+C;AAC7C,kBAAM,IAAI5D,YAAJ,CAAiB,mEAAjB,CAAN;AACD;;AAED,cAAM;AACJ6D,YAAAA,QADI;AAEJC,YAAAA,YAFI;AAGJC,YAAAA,eAHI;AAIJC,YAAAA,WAJI;AAKJC,YAAAA,IALI;AAMJC,YAAAA;AANI,cAOFxB,YAPJ;AAQAX,UAAAA,MAAM,SAASF,UAAU,CAACsC,KAAX,CAAiBC,qBAAjB,CAAuC;AACpDV,YAAAA,eAAe,EAAET,mBAAmB,CAACS,eADe;AAEpDG,YAAAA,QAFoD;AAGpDC,YAAAA,YAHoD;AAIpDC,YAAAA,eAJoD;AAKpDC,YAAAA,WALoD;AAMpDE,YAAAA;AANoD,WAAvC,EAOZD,IAPY,CAAf;AASA3B,UAAAA,MAAM,GAAGrC,SAAS,CAACoE,OAAnB;AACA7B,UAAAA,sBAAsB,GAAG,IAAzB;AACD;AACF;AACF,KAhFD,CAgFE,OAAO8B,GAAP,EAAY;AACZpC,MAAAA,KAAK,GAAGoC,GAAR;AACAhC,MAAAA,MAAM,GAAGrC,SAAS,CAACsE,OAAnB;AACA/B,MAAAA,sBAAsB,GAAG,IAAzB;AACD;;AAED,QAAIA,sBAAJ,EAA4B;AAC1BX,MAAAA,UAAU,CAACyB,kBAAX,CAA8BkB,KAA9B;AACD;;AAED;AACEC,MAAAA,YAAY,EAAEpE,WADhB;AAEEiC,MAAAA;AAFF,OAGMH,IAAI,IAAI;AAAEA,MAAAA;AAAF,KAHd,GAIMC,eAAe,IAAI;AAAEA,MAAAA;AAAF,KAJzB,GAKMC,cAAc,IAAI;AAAEA,MAAAA;AAAF,KALxB,GAMMN,MAAM,IAAI;AAAEA,MAAAA,MAAM,EAAEA,MAAM,CAACA;AAAjB,KANhB,GAOMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KAPlB,GAQMC,QAAQ,IAAI;AAAEA,MAAAA;AAAF,KARlB,GASMC,KAAK,IAAI;AAAEA,MAAAA;AAAF,KATf;AAWD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { FlowMonitor } from './flowMonitors';\nimport * as remediators from './remediators';\nimport { AuthSdkError } from '../errors';\nimport { \n  OktaAuth,\n  IdxOptions,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n} from '../types';\nimport { IdxResponse, IdxRemediation } from './types/idx-js';\nimport { getSavedTransactionMeta } from './transactionMeta';\n\nexport type RemediationFlow = Record<string, typeof remediators.Remediator>;\nexport interface RunOptions {\n  flow?: RemediationFlow;\n  actions?: string[];\n  flowMonitor?: FlowMonitor;\n  stateTokenExternalId?: string;\n}\n\nfunction getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP);\n  }\n\n  return res;\n}\n\nfunction getAvailableSteps(remediations: IdxRemediation[]): NextStep[] {\n  const res = [];\n\n  const remediatorMap = Object.values(remediators).reduce((map, remediatorClass) => {\n    // Only add concrete subclasses to the map\n    if (remediatorClass.remediationName) {\n      map[remediatorClass.remediationName] = remediatorClass;\n    }\n    return map;\n  }, {});\n\n  for (let remediation of remediations) {\n    const T = remediatorMap[remediation.name];\n    if (T) {\n      const remediator = new T(remediation);\n      res.push (remediator.getNextStep());\n    }\n  }\n\n  return res;\n}\n\nexport async function run(\n  authClient: OktaAuth, \n  options: RunOptions & IdxOptions,\n): Promise<IdxTransaction> {\n  let tokens;\n  let nextStep;\n  let messages;\n  let error;\n  let meta;\n  let enabledFeatures;\n  let availableSteps;\n  let status = IdxStatus.PENDING;\n  let shouldClearTransaction = false;\n  let idxResponse;\n  let interactionHandle;\n  let metaFromResp;\n\n  try {\n\n    const { stateTokenExternalId, state } = options;\n    if (stateTokenExternalId) {\n      // Email verify callback: retrieve saved interactionHandle, if possible\n      metaFromResp = getSavedTransactionMeta(authClient, { state });\n      interactionHandle = metaFromResp?.interactionHandle; // may be undefined\n    } else {\n      // Start/resume the flow. Will request a new interactionHandle if none is found in storage.\n      const interactResponse = await interact(authClient, options); \n      interactionHandle = interactResponse.interactionHandle;\n      metaFromResp = interactResponse.meta;\n    }\n\n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { interactionHandle, stateTokenExternalId });\n\n    if (!options.flow && !options.actions) {\n      // handle start transaction\n      meta = metaFromResp;\n      enabledFeatures = getEnabledFeatures(idxResponse);\n      availableSteps = getAvailableSteps(idxResponse.neededToProceed);\n    } else {\n      const values: remediators.RemediationValues = { \n        ...options, \n        stateHandle: idxResponse.rawIdxState.stateHandle \n      };\n\n      // Can we handle the remediations?\n      const { \n        idxResponse: idxResponseFromResp, \n        nextStep: nextStepFromResp,\n        terminal,\n        canceled,\n        messages: messagesFromResp,\n      } = await remediate(idxResponse, values, options);\n\n      // Track fields from remediation response\n      nextStep = nextStepFromResp;\n      messages = messagesFromResp;\n\n      // Save intermediate idx response in storage to reduce introspect call\n      if (nextStep && idxResponseFromResp) {\n        authClient.transactionManager.saveIdxResponse(idxResponseFromResp.rawIdxState);\n      }\n\n      if (terminal) {\n        status = IdxStatus.TERMINAL;\n        shouldClearTransaction = true;\n      } if (canceled) {\n        status = IdxStatus.CANCELED;\n        shouldClearTransaction = true;\n      } else if (idxResponseFromResp?.interactionCode) { \n        // Flows may end with interactionCode before the key remediation being hit\n        // Double check if flow is finished to mitigate confusion with the wrapper methods\n        if (!(await options.flowMonitor.isFinished())) {\n          throw new AuthSdkError('Current flow is not supported, check policy settings in your org.');\n        }\n\n        const {\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          urls,\n          scopes,\n        } = metaFromResp;\n        tokens = await authClient.token.exchangeCodeForTokens({\n          interactionCode: idxResponseFromResp.interactionCode,\n          clientId,\n          codeVerifier,\n          ignoreSignature,\n          redirectUri,\n          scopes\n        }, urls);\n\n        status = IdxStatus.SUCCESS;\n        shouldClearTransaction = true;\n      }\n    }\n  } catch (err) {\n    error = err;\n    status = IdxStatus.FAILURE;\n    shouldClearTransaction = true;\n  }\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear();\n  }\n  \n  return {\n    _idxResponse: idxResponse, \n    status,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens: tokens.tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && { messages }),\n    ...(error && { error }),\n  };\n}\n"],"file":"run.js"}

package/esm/idx/startTransaction.js

@@ -1,27 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * 
- * See the License for the specific language governing permissions and limitations under the License.
- */
-import { run } from './run';
-// This method only resolves { status: IdxStatus.PENDING } if transaction has already started
-export function startTransaction(_x) {
-  return _startTransaction.apply(this, arguments);
-}
-
-function _startTransaction() {
-  _startTransaction = _asyncToGenerator(function* (authClient) {
-    var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-    return run(authClient, options);
-  });
-  return _startTransaction.apply(this, arguments);
-}
-//# sourceMappingURL=startTransaction.js.map

package/esm/idx/startTransaction.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/idx/startTransaction.ts"],"names":["run","startTransaction","authClient","options"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,GAAT,QAAoB,OAApB;AAGA;AACA,gBAAsBC,gBAAtB;AAAA;AAAA;;;wCAAO,WACLC,UADK,EAGoB;AAAA,QADzBC,OACyB,uEADH,EACG;AACzB,WAAOH,GAAG,CAACE,UAAD,EAAaC,OAAb,CAAV;AACD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { OktaAuth, IdxOptions, IdxTransaction } from '../types';\n\n// This method only resolves { status: IdxStatus.PENDING } if transaction has already started\nexport async function startTransaction(\n  authClient: OktaAuth, \n  options: IdxOptions = {}\n): Promise<IdxTransaction> {\n  return run(authClient, options);\n}\n"],"file":"startTransaction.js"}

package/esm/idx/transactionMeta.js

@@ -1,125 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-
-/*!
- * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- */
-import { warn } from '../util';
-import { getOAuthUrls } from '../oidc'; // Calculate new values
-
-export function createTransactionMeta(_x) {
-  return _createTransactionMeta.apply(this, arguments);
-}
-
-function _createTransactionMeta() {
-  _createTransactionMeta = _asyncToGenerator(function* (authClient) {
-    return authClient.token.prepareTokenParams();
-  });
-  return _createTransactionMeta.apply(this, arguments);
-}
-
-export function transactionMetaExist(authClient, options) {
-  if (authClient.transactionManager.exists(options)) {
-    var existing = authClient.transactionManager.load(options);
-
-    if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {
-      return true;
-    }
-  }
-
-  return false;
-} // Returns the saved transaction meta, if it exists and is valid, or undefined
-
-export function getSavedTransactionMeta(authClient, options) {
-  var state = (options === null || options === void 0 ? void 0 : options.state) || authClient.options.state;
-  var existing = authClient.transactionManager.load({
-    state
-  });
-
-  if (existing && isTransactionMetaValid(authClient, existing)) {
-    return existing;
-  }
-}
-export function getTransactionMeta(_x2, _x3) {
-  return _getTransactionMeta.apply(this, arguments);
-}
-
-function _getTransactionMeta() {
-  _getTransactionMeta = _asyncToGenerator(function* (authClient, options) {
-    // Load existing transaction meta from storage
-    if (authClient.transactionManager.exists(options)) {
-      var validExistingMeta = getSavedTransactionMeta(authClient, options);
-
-      if (validExistingMeta) {
-        return validExistingMeta;
-      } // existing meta is not valid for this configuration
-      // this is common when changing configuration in local development environment
-      // in a production environment, this may indicate that two apps are sharing a storage key
-
-
-      warn('Saved transaction meta does not match the current configuration. ' + 'This may indicate that two apps are sharing a storage key.');
-    } // Calculate new values
-
-
-    var tokenParams = yield authClient.token.prepareTokenParams();
-    var urls = getOAuthUrls(authClient, tokenParams);
-    var issuer = authClient.options.issuer;
-    var {
-      pkce,
-      clientId,
-      redirectUri,
-      responseType,
-      responseMode,
-      scopes,
-      state,
-      nonce,
-      ignoreSignature,
-      codeVerifier,
-      codeChallengeMethod,
-      codeChallenge
-    } = tokenParams;
-    var meta = {
-      issuer,
-      pkce,
-      clientId,
-      redirectUri,
-      responseType,
-      responseMode,
-      scopes,
-      state,
-      nonce,
-      urls,
-      ignoreSignature,
-      codeVerifier,
-      codeChallengeMethod,
-      codeChallenge
-    };
-    return meta;
-  });
-  return _getTransactionMeta.apply(this, arguments);
-}
-
-export function saveTransactionMeta(authClient, meta) {
-  authClient.transactionManager.save(meta, {
-    muteWarning: true
-  });
-}
-export function clearTransactionMeta(authClient) {
-  authClient.transactionManager.clear();
-} // returns true if values in meta match current authClient options
-
-export function isTransactionMetaValid(authClient, meta) {
-  var keys = ['issuer', 'clientId', 'redirectUri'];
-  var mismatch = keys.find(key => {
-    return authClient.options[key] !== meta[key];
-  });
-  return !mismatch;
-}
-//# sourceMappingURL=transactionMeta.js.map

package/esm/idx/transactionMeta.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["warn","getOAuthUrls","createTransactionMeta","authClient","token","prepareTokenParams","transactionMetaExist","options","transactionManager","exists","existing","load","isTransactionMetaValid","interactionHandle","getSavedTransactionMeta","state","getTransactionMeta","validExistingMeta","tokenParams","urls","issuer","pkce","clientId","redirectUri","responseType","responseMode","scopes","nonce","ignoreSignature","codeVerifier","codeChallengeMethod","codeChallenge","meta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","mismatch","find","key"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,IAAT,QAAqB,SAArB;AACA,SAASC,YAAT,QAA6B,SAA7B,C,CAEA;;AACA,gBAAsBC,qBAAtB;AAAA;AAAA;;;6CAAO,WAAqCC,UAArC,EAA2D;AAChE,WAAOA,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAAP;AACD,G;;;;AAED,OAAO,SAASC,oBAAT,CAA8BH,UAA9B,EAAoDI,OAApD,EAA+F;AACpG,MAAIJ,UAAU,CAACK,kBAAX,CAA8BC,MAA9B,CAAqCF,OAArC,CAAJ,EAAmD;AACjD,QAAMG,QAAQ,GAAGP,UAAU,CAACK,kBAAX,CAA8BG,IAA9B,CAAmCJ,OAAnC,CAAjB;;AACA,QAAIK,sBAAsB,CAACT,UAAD,EAAaO,QAAb,CAAtB,IAAgDA,QAAQ,CAACG,iBAA7D,EAAgF;AAC9E,aAAO,IAAP;AACD;AACF;;AACD,SAAO,KAAP;AACD,C,CAED;;AACA,OAAO,SAASC,uBAAT,CAAiCX,UAAjC,EAAuDI,OAAvD,EAA6G;AAClH,MAAMQ,KAAK,GAAG,CAAAR,OAAO,SAAP,IAAAA,OAAO,WAAP,YAAAA,OAAO,CAAEQ,KAAT,KAAkBZ,UAAU,CAACI,OAAX,CAAmBQ,KAAnD;AACA,MAAML,QAAQ,GAAGP,UAAU,CAACK,kBAAX,CAA8BG,IAA9B,CAAmC;AAAEI,IAAAA;AAAF,GAAnC,CAAjB;;AACA,MAAIL,QAAQ,IAAIE,sBAAsB,CAACT,UAAD,EAAaO,QAAb,CAAtC,EAA8D;AAC5D,WAAOA,QAAP;AACD;AACF;AAED,gBAAsBM,kBAAtB;AAAA;AAAA;;;0CAAO,WACLb,UADK,EAELI,OAFK,EAGwB;AAC7B;AACA,QAAIJ,UAAU,CAACK,kBAAX,CAA8BC,MAA9B,CAAqCF,OAArC,CAAJ,EAAmD;AACjD,UAAMU,iBAAiB,GAAGH,uBAAuB,CAACX,UAAD,EAAaI,OAAb,CAAjD;;AACA,UAAIU,iBAAJ,EAAuB;AACrB,eAAOA,iBAAP;AACD,OAJgD,CAKjD;AACA;AACA;;;AACAjB,MAAAA,IAAI,CAAC,sEACH,4DADE,CAAJ;AAED,KAZ4B,CAc7B;;;AACA,QAAMkB,WAAW,SAASf,UAAU,CAACC,KAAX,CAAiBC,kBAAjB,EAA1B;AACA,QAAMc,IAAI,GAAGlB,YAAY,CAACE,UAAD,EAAae,WAAb,CAAzB;AACA,QAAME,MAAM,GAAGjB,UAAU,CAACI,OAAX,CAAmBa,MAAlC;AACA,QAAM;AACJC,MAAAA,IADI;AAEJC,MAAAA,QAFI;AAGJC,MAAAA,WAHI;AAIJC,MAAAA,YAJI;AAKJC,MAAAA,YALI;AAMJC,MAAAA,MANI;AAOJX,MAAAA,KAPI;AAQJY,MAAAA,KARI;AASJC,MAAAA,eATI;AAUJC,MAAAA,YAVI;AAWJC,MAAAA,mBAXI;AAYJC,MAAAA;AAZI,QAaFb,WAbJ;AAcA,QAAMc,IAAI,GAAG;AACXZ,MAAAA,MADW;AAEXC,MAAAA,IAFW;AAGXC,MAAAA,QAHW;AAIXC,MAAAA,WAJW;AAKXC,MAAAA,YALW;AAMXC,MAAAA,YANW;AAOXC,MAAAA,MAPW;AAQXX,MAAAA,KARW;AASXY,MAAAA,KATW;AAUXR,MAAAA,IAVW;AAWXS,MAAAA,eAXW;AAYXC,MAAAA,YAZW;AAaXC,MAAAA,mBAbW;AAcXC,MAAAA;AAdW,KAAb;AAgBA,WAAOC,IAAP;AACD,G;;;;AAED,OAAO,SAASC,mBAAT,CAA8B9B,UAA9B,EAAoD6B,IAApD,EAA0D;AAC/D7B,EAAAA,UAAU,CAACK,kBAAX,CAA8B0B,IAA9B,CAAmCF,IAAnC,EAAyC;AAAEG,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;AAED,OAAO,SAASC,oBAAT,CAA+BjC,UAA/B,EAAqD;AAC1DA,EAAAA,UAAU,CAACK,kBAAX,CAA8B6B,KAA9B;AACD,C,CAED;;AACA,OAAO,SAASzB,sBAAT,CAAiCT,UAAjC,EAAuD6B,IAAvD,EAA6D;AAClE,MAAMM,IAAI,GAAG,CAAC,QAAD,EAAW,UAAX,EAAuB,aAAvB,CAAb;AACA,MAAMC,QAAQ,GAAGD,IAAI,CAACE,IAAL,CAAUC,GAAG,IAAI;AAChC,WAAOtC,UAAU,CAACI,OAAX,CAAmBkC,GAAnB,MAA4BT,IAAI,CAACS,GAAD,CAAvC;AACD,GAFgB,CAAjB;AAGA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta, TransactionMetaOptions } from '../types';\nimport { warn } from '../util';\nimport { getOAuthUrls } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(authClient: OktaAuth) {\n  return authClient.token.prepareTokenParams();\n}\n\nexport function transactionMetaExist(authClient: OktaAuth, options?: TransactionMetaOptions): boolean {\n  if (authClient.transactionManager.exists(options)) {\n    const existing = authClient.transactionManager.load(options) as IdxTransactionMeta;\n    if (isTransactionMetaValid(authClient, existing) && existing.interactionHandle) {\n      return true;\n    }\n  }\n  return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid, or undefined\nexport function getSavedTransactionMeta(authClient: OktaAuth, options?: TransactionMetaOptions): IdxTransactionMeta {\n  const state = options?.state || authClient.options.state;\n  const existing = authClient.transactionManager.load({ state }) as IdxTransactionMeta;\n  if (existing && isTransactionMetaValid(authClient, existing)) {\n    return existing;\n  }\n}\n\nexport async function getTransactionMeta(\n  authClient: OktaAuth,\n  options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n  // Load existing transaction meta from storage\n  if (authClient.transactionManager.exists(options)) {\n    const validExistingMeta = getSavedTransactionMeta(authClient, options);\n    if (validExistingMeta) {\n      return validExistingMeta;\n    }\n    // existing meta is not valid for this configuration\n    // this is common when changing configuration in local development environment\n    // in a production environment, this may indicate that two apps are sharing a storage key\n    warn('Saved transaction meta does not match the current configuration. ' + \n      'This may indicate that two apps are sharing a storage key.');\n  }\n\n  // Calculate new values\n  const tokenParams = await authClient.token.prepareTokenParams();\n  const urls = getOAuthUrls(authClient, tokenParams);\n  const issuer = authClient.options.issuer;\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    nonce,\n    ignoreSignature,\n    codeVerifier,\n    codeChallengeMethod,\n    codeChallenge,\n  } = tokenParams;\n  const meta = {\n    issuer,\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    state,\n    nonce,\n    urls,\n    ignoreSignature,\n    codeVerifier,\n    codeChallengeMethod,\n    codeChallenge \n  };\n  return meta;\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta) {\n  authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth) {\n  authClient.transactionManager.clear();\n}\n\n// returns true if values in meta match current authClient options\nexport function isTransactionMetaValid (authClient: OktaAuth, meta) {\n  const keys = ['issuer', 'clientId', 'redirectUri'];\n  const mismatch = keys.find(key => {\n    return authClient.options[key] !== meta[key];\n  });\n  return !mismatch;\n}\n"],"file":"transactionMeta.js"}

package/esm/idx/types/idx-js.js

@@ -1,20 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * 
- * See the License for the specific language governing permissions and limitations under the License.
- */
-// TODO: remove when idx-js provides type information
-// JSON response from the server
-export function isRawIdxResponse(obj) {
-  return obj && obj.version;
-}
-export function isIdxResponse(obj) {
-  return obj && isRawIdxResponse(obj.rawIdxState);
-}
-//# sourceMappingURL=idx-js.js.map

package/esm/idx/types/idx-js.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/idx/types/idx-js.ts"],"names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA;AA2EA;AAaA,OAAO,SAASA,gBAAT,CAA0BC,GAA1B,EAA2D;AAChE,SAAOA,GAAG,IAAIA,GAAG,CAACC,OAAlB;AACD;AAmBD,OAAO,SAASC,aAAT,CAAuBF,GAAvB,EAAqD;AAC1D,SAAOA,GAAG,IAAID,gBAAgB,CAACC,GAAG,CAACG,WAAL,CAA9B;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface IdxAuthenticatorMethod {\n  type: string;\n}\nexport interface IdxAuthenticator {\n  displayName: string;\n  id: string;\n  key: string;\n  methods: IdxAuthenticatorMethod[];\n  type: string;\n  settings?: {\n    complexity?: unknown;\n    age?: unknown;\n  };\n  contextualData?: unknown;\n}\n\nexport interface IdxForm {\n  value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n  value: string | { form: IdxForm };\n  label: string;\n  relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n  id: string;\n  name: string;\n}\n\nexport interface IdxRemediationValue {\n  name: string;\n  type?: string;\n  required?: boolean;\n  secret?: boolean;\n  value?: string;\n  label?: string;\n  form?: IdxForm;\n  options?: IdxOption[];\n  messages?: IdxMessages;\n  minLength?: number;\n  maxLength?: number;\n}\n\nexport interface IdxRemediation {\n  name: string;\n  label?: string;\n  value?: IdxRemediationValue[];\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  idp?: IdpConfig;\n  href?: string;\n  method?: string;\n  type?: string;\n}\n\nexport interface IdxMessage {\n  message: string;\n  class: string;\n  i18n: {\n    key: string;\n    params?: unknown[];\n  };\n}\n\nexport interface IdxMessages {\n  type: 'array';\n  value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n  version: string;\n  stateHandle: string;\n  intent?: string;\n  expiresAt?: string;\n  remediation?: {\n    type: 'array';\n    value: IdxRemediation[];\n  };\n  messages?: IdxMessages;\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n  return obj && obj.version;\n}\n\n\nexport interface IdxActions {\n  [key: string]: Function;\n}\n\n// Object returned from idx-js\nexport interface IdxResponse {\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  toPersist: {\n    interactionHandle?: string;\n  };\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n  return obj && isRawIdxResponse(obj.rawIdxState);\n}\n"],"file":"idx-js.js"}

package/esm/idx/types/index.js

@@ -1,44 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * 
- * See the License for the specific language governing permissions and limitations under the License.
- */
-export { IdxMessage } from './idx-js';
-export { AuthenticationOptions } from '../authenticate';
-export { RegistrationOptions } from '../register';
-export { PasswordRecoveryOptions } from '../recoverPassword';
-export { CancelOptions } from '../cancel';
-export var IdxStatus;
-
-(function (IdxStatus) {
-  IdxStatus["SUCCESS"] = "SUCCESS";
-  IdxStatus["PENDING"] = "PENDING";
-  IdxStatus["FAILURE"] = "FAILURE";
-  IdxStatus["TERMINAL"] = "TERMINAL";
-  IdxStatus["CANCELED"] = "CANCELED";
-})(IdxStatus || (IdxStatus = {}));
-
-export var AuthenticatorKey;
-
-(function (AuthenticatorKey) {
-  AuthenticatorKey["OKTA_PASSWORD"] = "okta_password";
-  AuthenticatorKey["OKTA_EMAIL"] = "okta_email";
-  AuthenticatorKey["OKTA_VERIFIER"] = "okta_verifier";
-  AuthenticatorKey["PHONE_NUMBER"] = "phone_number";
-  AuthenticatorKey["GOOGLE_AUTHENTICATOR"] = "google_otp";
-})(AuthenticatorKey || (AuthenticatorKey = {}));
-
-export var IdxFeature;
-
-(function (IdxFeature) {
-  IdxFeature[IdxFeature["PASSWORD_RECOVERY"] = 0] = "PASSWORD_RECOVERY";
-  IdxFeature[IdxFeature["REGISTRATION"] = 1] = "REGISTRATION";
-  IdxFeature[IdxFeature["SOCIAL_IDP"] = 2] = "SOCIAL_IDP";
-})(IdxFeature || (IdxFeature = {}));
-//# sourceMappingURL=index.js.map

package/esm/idx/types/index.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxMessage","AuthenticationOptions","RegistrationOptions","PasswordRecoveryOptions","CancelOptions","IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,UAAT,QAA2B,UAA3B;AACA,SAASC,qBAAT,QAAsC,iBAAtC;AACA,SAASC,mBAAT,QAAoC,aAApC;AACA,SAASC,uBAAT,QAAwC,oBAAxC;AACA,SAASC,aAAT,QAA8B,WAA9B;AAEA,WAAYC,SAAZ;;WAAYA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,KAAAA,S;;AAQZ,WAAYC,gBAAZ;;WAAYA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,KAAAA,gB;;AAyBZ,WAAYC,UAAZ;;WAAYA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;AAAAA,EAAAA,U,CAAAA,U;GAAAA,U,KAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { APIError, Tokens } from '../../types';\nimport { IdxTransactionMeta } from '../../types/Transaction';\nimport { IdxAuthenticator, IdxMessage, IdxOption, IdxResponse } from './idx-js';\n\nexport { IdxMessage } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { CancelOptions } from '../cancel';\n\nexport enum IdxStatus {\n  SUCCESS = 'SUCCESS',\n  PENDING = 'PENDING',\n  FAILURE = 'FAILURE',\n  TERMINAL = 'TERMINAL',\n  CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n  OKTA_PASSWORD = 'okta_password',\n  OKTA_EMAIL = 'okta_email',\n  OKTA_VERIFIER = 'okta_verifier',\n  PHONE_NUMBER = 'phone_number',\n  GOOGLE_AUTHENTICATOR = 'google_otp',\n}\n\nexport type Input = {\n  name: string;\n  label?: string;\n  value?: string;\n  secret?: boolean;\n  required?: boolean;\n}\n\nexport type NextStep = {\n  name: string;\n  authenticator?: IdxAuthenticator;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  options?: IdxOption[];\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY,\n  REGISTRATION,\n  SOCIAL_IDP,\n}\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  _idxResponse?: IdxResponse; // Temporary for widget conversion. Will not be supported long-term. OKTA-418165\n}\n\nexport type IdxOptions = InteractOptions;\n\nexport type Authenticator = {\n  key: string;\n  methodType?: string;\n  phoneNumber?: string;\n};\n"],"file":"index.js"}

package/esm/oidc/decodeToken.js

@@ -1,31 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { AuthSdkError } from '../errors';
-import { base64UrlToString } from '../crypto';
-export function decodeToken(token) {
-  var jwt = token.split('.');
-  var decodedToken;
-
-  try {
-    decodedToken = {
-      header: JSON.parse(base64UrlToString(jwt[0])),
-      payload: JSON.parse(base64UrlToString(jwt[1])),
-      signature: jwt[2]
-    };
-  } catch (e) {
-    throw new AuthSdkError('Malformed token');
-  }
-
-  return decodedToken;
-}
-//# sourceMappingURL=decodeToken.js.map

package/esm/oidc/decodeToken.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/decodeToken.ts"],"names":["AuthSdkError","base64UrlToString","decodeToken","token","jwt","split","decodedToken","header","JSON","parse","payload","signature","e"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,iBAAT,QAAkC,WAAlC;AAEA,OAAO,SAASC,WAAT,CAAqBC,KAArB,EAA+C;AACpD,MAAIC,GAAG,GAAGD,KAAK,CAACE,KAAN,CAAY,GAAZ,CAAV;AACA,MAAIC,YAAJ;;AAEA,MAAI;AACFA,IAAAA,YAAY,GAAG;AACbC,MAAAA,MAAM,EAAEC,IAAI,CAACC,KAAL,CAAWR,iBAAiB,CAACG,GAAG,CAAC,CAAD,CAAJ,CAA5B,CADK;AAEbM,MAAAA,OAAO,EAAEF,IAAI,CAACC,KAAL,CAAWR,iBAAiB,CAACG,GAAG,CAAC,CAAD,CAAJ,CAA5B,CAFI;AAGbO,MAAAA,SAAS,EAAEP,GAAG,CAAC,CAAD;AAHD,KAAf;AAKD,GAND,CAME,OAAOQ,CAAP,EAAU;AACV,UAAM,IAAIZ,YAAJ,CAAiB,iBAAjB,CAAN;AACD;;AAED,SAAOM,YAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from '../types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n  var jwt = token.split('.');\n  var decodedToken: JWTObject;\n\n  try {\n    decodedToken = {\n      header: JSON.parse(base64UrlToString(jwt[0])),\n      payload: JSON.parse(base64UrlToString(jwt[1])),\n      signature: jwt[2]\n    };\n  } catch (e) {\n    throw new AuthSdkError('Malformed token');\n  }\n\n  return decodedToken;\n}\n"],"file":"decodeToken.js"}

package/esm/oidc/endpoints/authorize.js

@@ -1,61 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * 
- * See the License for the specific language governing permissions and limitations under the License.
- */
-import { isString, removeNils, toQueryString } from '../../util';
-import { AuthSdkError } from '../../errors';
-export function convertTokenParamsToOAuthParams(tokenParams) {
-  // Quick validation
-  if (!tokenParams.clientId) {
-    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');
-  }
-
-  if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {
-    throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');
-  } // Convert our params to their actual OAuth equivalents
-
-
-  var oauthParams = {
-    'client_id': tokenParams.clientId,
-    'code_challenge': tokenParams.codeChallenge,
-    'code_challenge_method': tokenParams.codeChallengeMethod,
-    'display': tokenParams.display,
-    'idp': tokenParams.idp,
-    'idp_scope': tokenParams.idpScope,
-    'login_hint': tokenParams.loginHint,
-    'max_age': tokenParams.maxAge,
-    'nonce': tokenParams.nonce,
-    'prompt': tokenParams.prompt,
-    'redirect_uri': tokenParams.redirectUri,
-    'response_mode': tokenParams.responseMode,
-    'response_type': tokenParams.responseType,
-    'sessionToken': tokenParams.sessionToken,
-    'state': tokenParams.state
-  };
-  oauthParams = removeNils(oauthParams);
-  ['idp_scope', 'response_type'].forEach(function (mayBeArray) {
-    if (Array.isArray(oauthParams[mayBeArray])) {
-      oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');
-    }
-  });
-
-  if (tokenParams.responseType.indexOf('id_token') !== -1 && tokenParams.scopes.indexOf('openid') === -1) {
-    throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');
-  } else {
-    oauthParams.scope = tokenParams.scopes.join(' ');
-  }
-
-  return oauthParams;
-}
-export function buildAuthorizeParams(tokenParams) {
-  var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);
-  return toQueryString(oauthQueryParams);
-}
-//# sourceMappingURL=authorize.js.map

package/esm/oidc/endpoints/authorize.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"names":["isString","removeNils","toQueryString","AuthSdkError","convertTokenParamsToOAuthParams","tokenParams","clientId","responseType","indexOf","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,QAAT,EAAmBC,UAAnB,EAA+BC,aAA/B,QAAoD,YAApD;AACA,SAASC,YAAT,QAA6B,cAA7B;AAGA,OAAO,SAASC,+BAAT,CAAyCC,WAAzC,EAAmE;AACxE;AACA,MAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;AACzB,UAAM,IAAIH,YAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAIH,QAAQ,CAACK,WAAW,CAACE,YAAb,CAAR,IAAsCF,WAAW,CAACE,YAAZ,CAAyBC,OAAzB,CAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;AACtF,UAAM,IAAIL,YAAJ,CAAiB,0DAAjB,CAAN;AACD,GARuE,CAUxE;;;AACA,MAAIM,WAAwB,GAAG;AAC7B,iBAAaJ,WAAW,CAACC,QADI;AAE7B,sBAAkBD,WAAW,CAACK,aAFD;AAG7B,6BAAyBL,WAAW,CAACM,mBAHR;AAI7B,eAAWN,WAAW,CAACO,OAJM;AAK7B,WAAOP,WAAW,CAACQ,GALU;AAM7B,iBAAaR,WAAW,CAACS,QANI;AAO7B,kBAAcT,WAAW,CAACU,SAPG;AAQ7B,eAAWV,WAAW,CAACW,MARM;AAS7B,aAASX,WAAW,CAACY,KATQ;AAU7B,cAAUZ,WAAW,CAACa,MAVO;AAW7B,oBAAgBb,WAAW,CAACc,WAXC;AAY7B,qBAAiBd,WAAW,CAACe,YAZA;AAa7B,qBAAiBf,WAAW,CAACE,YAbA;AAc7B,oBAAgBF,WAAW,CAACgB,YAdC;AAe7B,aAAShB,WAAW,CAACiB;AAfQ,GAA/B;AAiBAb,EAAAA,WAAW,GAAGR,UAAU,CAACQ,WAAD,CAAxB;AAEA,GAAC,WAAD,EAAc,eAAd,EAA+Bc,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;AAC3D,QAAIC,KAAK,CAACC,OAAN,CAAcjB,WAAW,CAACe,UAAD,CAAzB,CAAJ,EAA4C;AAC1Cf,MAAAA,WAAW,CAACe,UAAD,CAAX,GAA0Bf,WAAW,CAACe,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;AACD;AACF,GAJD;;AAMA,MAAItB,WAAW,CAACE,YAAZ,CAAyBC,OAAzB,CAAiC,UAAjC,MAAiD,CAAC,CAAlD,IACFH,WAAW,CAACuB,MAAZ,CAAmBpB,OAAnB,CAA2B,QAA3B,MAAyC,CAAC,CAD5C,EAC+C;AAC7C,UAAM,IAAIL,YAAJ,CAAiB,mFAAjB,CAAN;AACD,GAHD,MAGO;AACLM,IAAAA,WAAW,CAACoB,KAAZ,GAAoBxB,WAAW,CAACuB,MAAZ,CAAmBD,IAAnB,CAAwB,GAAxB,CAApB;AACD;;AAED,SAAOlB,WAAP;AACD;AAED,OAAO,SAASqB,oBAAT,CAA8BzB,WAA9B,EAAwD;AAC7D,MAAI0B,gBAAgB,GAAG3B,+BAA+B,CAACC,WAAD,CAAtD;AACA,SAAOH,aAAa,CAAC6B,gBAAD,CAApB;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n  // Quick validation\n  if (!tokenParams.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n    throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n  }\n\n  // Convert our params to their actual OAuth equivalents\n  var oauthParams: OAuthParams = {\n    'client_id': tokenParams.clientId,\n    'code_challenge': tokenParams.codeChallenge,\n    'code_challenge_method': tokenParams.codeChallengeMethod,\n    'display': tokenParams.display,\n    'idp': tokenParams.idp,\n    'idp_scope': tokenParams.idpScope,\n    'login_hint': tokenParams.loginHint,\n    'max_age': tokenParams.maxAge,\n    'nonce': tokenParams.nonce,\n    'prompt': tokenParams.prompt,\n    'redirect_uri': tokenParams.redirectUri,\n    'response_mode': tokenParams.responseMode,\n    'response_type': tokenParams.responseType,\n    'sessionToken': tokenParams.sessionToken,\n    'state': tokenParams.state,\n  };\n  oauthParams = removeNils(oauthParams) as OAuthParams;\n\n  ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n    if (Array.isArray(oauthParams[mayBeArray])) {\n      oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n    }\n  });\n\n  if (tokenParams.responseType.indexOf('id_token') !== -1 &&\n    tokenParams.scopes.indexOf('openid') === -1) {\n    throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n  } else {\n    oauthParams.scope = tokenParams.scopes.join(' ');\n  }\n\n  return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n  var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n  return toQueryString(oauthQueryParams);\n}\n"],"file":"authorize.js"}

package/esm/oidc/endpoints/index.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/index.ts"],"names":[],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,cAAc,aAAd;AACA,cAAc,SAAd;AACA,cAAc,cAAd","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n"],"file":"index.js"}

package/esm/oidc/endpoints/token.js

@@ -1,97 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * 
- * See the License for the specific language governing permissions and limitations under the License.
- */
-import { AuthSdkError } from '../../errors';
-import { removeNils, toQueryString } from '../../util';
-import { httpRequest } from '../../http';
-
-function validateOptions(options) {
-  // Quick validation
-  if (!options.clientId) {
-    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');
-  }
-
-  if (!options.redirectUri) {
-    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');
-  }
-
-  if (!options.authorizationCode && !options.interactionCode) {
-    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');
-  }
-
-  if (!options.codeVerifier) {
-    throw new AuthSdkError('The "codeVerifier" (generated and saved by your app) must be passed to /token');
-  }
-}
-
-function getPostData(sdk, options) {
-  // Convert Token params to OAuth params, sent to the /token endpoint
-  var params = removeNils({
-    'client_id': options.clientId,
-    'redirect_uri': options.redirectUri,
-    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',
-    'code_verifier': options.codeVerifier
-  });
-
-  if (options.interactionCode) {
-    params['interaction_code'] = options.interactionCode;
-  } else if (options.authorizationCode) {
-    params.code = options.authorizationCode;
-  }
-
-  var {
-    clientSecret
-  } = sdk.options;
-
-  if (clientSecret) {
-    params['client_secret'] = clientSecret;
-  } // Encode as URL string
-
-
-  return toQueryString(params).slice(1);
-} // exchange authorization code for an access token
-
-
-export function postToTokenEndpoint(sdk, options, urls) {
-  validateOptions(options);
-  var data = getPostData(sdk, options);
-  var headers = {
-    'Content-Type': 'application/x-www-form-urlencoded'
-  };
-  return httpRequest(sdk, {
-    url: urls.tokenUrl,
-    method: 'POST',
-    args: data,
-    headers
-  });
-}
-export function postRefreshToken(sdk, options, refreshToken) {
-  return httpRequest(sdk, {
-    url: refreshToken.tokenUrl,
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/x-www-form-urlencoded'
-    },
-    args: Object.entries({
-      client_id: options.clientId,
-      // eslint-disable-line camelcase
-      grant_type: 'refresh_token',
-      // eslint-disable-line camelcase
-      scope: refreshToken.scopes.join(' '),
-      refresh_token: refreshToken.refreshToken // eslint-disable-line camelcase
-
-    }).map(function (_ref) {
-      var [name, value] = _ref;
-      return name + '=' + encodeURIComponent(value);
-    }).join('&')
-  });
-}
-//# sourceMappingURL=token.js.map

package/esm/oidc/endpoints/token.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["AuthSdkError","removeNils","toQueryString","httpRequest","validateOptions","options","clientId","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","slice","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","Object","entries","client_id","grant_type","scope","scopes","join","refresh_token","map","name","value","encodeURIComponent"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA,SAASA,YAAT,QAA6B,cAA7B;AAEA,SAASC,UAAT,EAAqBC,aAArB,QAA0C,YAA1C;AACA,SAASC,WAAT,QAA4B,YAA5B;;AAEA,SAASC,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIN,YAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACK,OAAO,CAACE,WAAb,EAA0B;AACxB,UAAM,IAAIP,YAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACK,OAAO,CAACG,iBAAT,IAA8B,CAACH,OAAO,CAACI,eAA3C,EAA4D;AAC1D,UAAM,IAAIT,YAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACK,OAAO,CAACK,YAAb,EAA2B;AACzB,UAAM,IAAIV,YAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASW,WAAT,CAAqBC,GAArB,EAA0BP,OAA1B,EAAwD;AACtD;AACA,MAAIQ,MAAmB,GAAGZ,UAAU,CAAC;AACnC,iBAAaI,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACE,WAFW;AAGnC,kBAAcF,OAAO,CAACI,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBJ,OAAO,CAACK;AAJU,GAAD,CAApC;;AAOA,MAAIL,OAAO,CAACI,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BR,OAAO,CAACI,eAArC;AACD,GAFD,MAEO,IAAIJ,OAAO,CAACG,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcT,OAAO,CAACG,iBAAtB;AACD;;AAED,MAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACP,OAA7B;;AACA,MAAIU,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAOb,aAAa,CAACW,MAAD,CAAb,CAAsBG,KAAtB,CAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACA,OAAO,SAASC,mBAAT,CAA6BL,GAA7B,EAAkCP,OAAlC,EAAwDa,IAAxD,EAAkG;AACvGd,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIc,IAAI,GAAGR,WAAW,CAACC,GAAD,EAAMP,OAAN,CAAtB;AAEA,MAAMe,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAOjB,WAAW,CAACS,GAAD,EAAM;AACtBS,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAN,CAAlB;AAMD;AAED,OAAO,SAASK,gBAAT,CAA0Bb,GAA1B,EAA+BP,OAA/B,EAAqDqB,YAArD,EAAyG;AAC9G,SAAOvB,WAAW,CAACS,GAAD,EAAM;AACtBS,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAEG,MAAM,CAACC,OAAP,CAAe;AACnBC,MAAAA,SAAS,EAAExB,OAAO,CAACC,QADA;AACU;AAC7BwB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEL,YAAY,CAACM,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAER,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,EAKHS,GALG,CAKC,gBAAyB;AAAA,UAAf,CAACC,IAAD,EAAOC,KAAP,CAAe;AAC9B,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KAPK,EAOHJ,IAPG,CAOE,GAPF;AAPgB,GAAN,CAAlB;AAgBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n  // Quick validation\n  if (!options.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!options.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!options.authorizationCode && !options.interactionCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!options.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n  // Convert Token params to OAuth params, sent to the /token endpoint\n  var params: OAuthParams = removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n    'code_verifier': options.codeVerifier\n  });\n\n  if (options.interactionCode) {\n    params['interaction_code'] = options.interactionCode;\n  } else if (options.authorizationCode) {\n    params.code = options.authorizationCode;\n  }\n\n  const { clientSecret } = sdk.options;\n  if (clientSecret) {\n    params['client_secret'] = clientSecret;\n  }\n\n  // Encode as URL string\n  return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n  validateOptions(options);\n  var data = getPostData(sdk, options);\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded'\n  };\n\n  return httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    headers\n  });\n}\n\nexport function postRefreshToken(sdk, options: TokenParams, refreshToken: RefreshToken): Promise<OAuthResponse> {\n  return httpRequest(sdk, {\n    url: refreshToken.tokenUrl,\n    method: 'POST',\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    },\n\n    args: Object.entries({\n      client_id: options.clientId, // eslint-disable-line camelcase\n      grant_type: 'refresh_token', // eslint-disable-line camelcase\n      scope: refreshToken.scopes.join(' '),\n      refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n    }).map(function ([name, value]) {\n      return name + '=' + encodeURIComponent(value);\n    }).join('&'),\n  });\n}"],"file":"token.js"}

package/esm/oidc/endpoints/well-known.js

@@ -1,58 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { get } from '../../http';
-import { find } from '../../util';
-import AuthSdkError from '../../errors/AuthSdkError';
-export function getWellKnown(sdk, issuer) {
-  var authServerUri = issuer || sdk.options.issuer;
-  return get(sdk, authServerUri + '/.well-known/openid-configuration', {
-    cacheResponse: true
-  });
-}
-export function getKey(sdk, issuer, kid) {
-  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);
-  return getWellKnown(sdk, issuer).then(function (wellKnown) {
-    var jwksUri = wellKnown['jwks_uri']; // Check our kid against the cached version (if it exists and isn't expired)
-
-    var cacheContents = httpCache.getStorage();
-    var cachedResponse = cacheContents[jwksUri];
-
-    if (cachedResponse && Date.now() / 1000 < cachedResponse.expiresAt) {
-      var cachedKey = find(cachedResponse.response.keys, {
-        kid: kid
-      });
-
-      if (cachedKey) {
-        return cachedKey;
-      }
-    } // Remove cache for the key
-
-
-    httpCache.clearStorage(jwksUri); // Pull the latest keys if the key wasn't in the cache
-
-    return get(sdk, jwksUri, {
-      cacheResponse: true
-    }).then(function (res) {
-      var key = find(res.keys, {
-        kid: kid
-      });
-
-      if (key) {
-        return key;
-      }
-
-      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\'s keys');
-    });
-  });
-}
-//# sourceMappingURL=well-known.js.map

package/esm/oidc/endpoints/well-known.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["get","find","AuthSdkError","getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","keys","clearStorage","res","key"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,GAAT,QAAoB,YAApB;AACA,SAASC,IAAT,QAAqB,YAArB;AAEA,OAAOC,YAAP,MAAyB,2BAAzB;AAEA,OAAO,SAASC,YAAT,CAAsBC,GAAtB,EAAqCC,MAArC,EAAkF;AACvF,MAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;AACA,SAAOL,GAAG,CAACI,GAAD,EAAME,aAAa,GAAG,mCAAtB,EAA2D;AACnEE,IAAAA,aAAa,EAAE;AADoD,GAA3D,CAAV;AAGD;AAED,OAAO,SAASC,MAAT,CAAgBL,GAAhB,EAA+BC,MAA/B,EAA+CK,GAA/C,EAA6E;AAClF,MAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;AAEA,SAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;AACxB,QAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;AACA,QAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;AACA,QAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;AACA,QAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;AAChE,UAAIC,SAAS,GAAGvB,IAAI,CAACmB,cAAc,CAACK,QAAf,CAAwBC,IAAzB,EAA+B;AACjDhB,QAAAA,GAAG,EAAEA;AAD4C,OAA/B,CAApB;;AAIA,UAAIc,SAAJ,EAAe;AACb,eAAOA,SAAP;AACD;AACF,KAduB,CAgBxB;;;AACAb,IAAAA,SAAS,CAACgB,YAAV,CAAuBV,OAAvB,EAjBwB,CAmBxB;;AACA,WAAOjB,GAAG,CAACI,GAAD,EAAMa,OAAN,EAAe;AACvBT,MAAAA,aAAa,EAAE;AADQ,KAAf,CAAH,CAGNO,IAHM,CAGD,UAASa,GAAT,EAAc;AAClB,UAAIC,GAAG,GAAG5B,IAAI,CAAC2B,GAAG,CAACF,IAAL,EAAW;AACvBhB,QAAAA,GAAG,EAAEA;AADkB,OAAX,CAAd;;AAIA,UAAImB,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;;AAED,YAAM,IAAI3B,YAAJ,CAAiB,iBAAiBQ,GAAjB,GAAuB,uCAAxC,CAAN;AACD,KAbM,CAAP;AAcD,GAnCM,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuth, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuth, issuer?: string): Promise<WellKnownResponse> {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nexport function getKey(sdk: OktaAuth, issuer: string, kid: string): Promise<string> {\n  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n"],"file":"well-known.js"}