@okta/okta-auth-js 5.8.0 → 5.9.0

package/esm/oidc/handleOAuthResponse.js

@@ -1,148 +0,0 @@
-/* eslint-disable complexity, max-statements */
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { clone } from '../util';
-import { getOAuthUrls } from './util/oauth';
-import { AuthSdkError, OAuthError } from '../errors';
-import { exchangeCodeForTokens } from './exchangeCodeForTokens';
-import { verifyToken } from './verifyToken';
-import { getDefaultTokenParams } from '.';
-
-function validateResponse(res, oauthParams) {
-  if (res['error'] || res['error_description']) {
-    throw new OAuthError(res['error'], res['error_description']);
-  }
-
-  if (res.state !== oauthParams.state) {
-    throw new AuthSdkError('OAuth flow response state doesn\'t match request state');
-  }
-} // eslint-disable-next-line max-len
-
-
-export function handleOAuthResponse(sdk, tokenParams, res, urls) {
-  var pkce = sdk.options.pkce !== false; // The result contains an authorization_code and PKCE is enabled 
-  // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result
-
-  if (pkce && (res.code || res.interaction_code)) {
-    return exchangeCodeForTokens(sdk, Object.assign({}, tokenParams, {
-      authorizationCode: res.code,
-      interactionCode: res.interaction_code
-    }), urls);
-  }
-
-  tokenParams = tokenParams || getDefaultTokenParams(sdk);
-  urls = urls || getOAuthUrls(sdk, tokenParams);
-  var responseType = tokenParams.responseType;
-
-  if (!Array.isArray(responseType)) {
-    responseType = [responseType];
-  }
-
-  var scopes;
-
-  if (res.scope) {
-    scopes = res.scope.split(' ');
-  } else {
-    scopes = clone(tokenParams.scopes);
-  }
-
-  var clientId = tokenParams.clientId || sdk.options.clientId; // Handling the result from implicit flow or PKCE token exchange
-
-  return Promise.resolve().then(function () {
-    validateResponse(res, tokenParams);
-  }).then(function () {
-    var tokenDict = {};
-    var expiresIn = res.expires_in;
-    var tokenType = res.token_type;
-    var accessToken = res.access_token;
-    var idToken = res.id_token;
-    var refreshToken = res.refresh_token;
-    var now = Math.floor(Date.now() / 1000);
-
-    if (accessToken) {
-      var accessJwt = sdk.token.decode(accessToken);
-      tokenDict.accessToken = {
-        accessToken: accessToken,
-        claims: accessJwt.payload,
-        expiresAt: Number(expiresIn) + now,
-        tokenType: tokenType,
-        scopes: scopes,
-        authorizeUrl: urls.authorizeUrl,
-        userinfoUrl: urls.userinfoUrl
-      };
-    }
-
-    if (refreshToken) {
-      tokenDict.refreshToken = {
-        refreshToken: refreshToken,
-        // should not be used, this is the accessToken expire time
-        // TODO: remove "expiresAt" in the next major version OKTA-407224
-        expiresAt: Number(expiresIn) + now,
-        scopes: scopes,
-        tokenUrl: urls.tokenUrl,
-        authorizeUrl: urls.authorizeUrl,
-        issuer: urls.issuer
-      };
-    }
-
-    if (idToken) {
-      var idJwt = sdk.token.decode(idToken);
-      var idTokenObj = {
-        idToken: idToken,
-        claims: idJwt.payload,
-        expiresAt: idJwt.payload.exp - idJwt.payload.iat + now,
-        // adjusting expiresAt to be in local time
-        scopes: scopes,
-        authorizeUrl: urls.authorizeUrl,
-        issuer: urls.issuer,
-        clientId: clientId
-      };
-      var validationParams = {
-        clientId: clientId,
-        issuer: urls.issuer,
-        nonce: tokenParams.nonce,
-        accessToken: accessToken
-      };
-
-      if (tokenParams.ignoreSignature !== undefined) {
-        validationParams.ignoreSignature = tokenParams.ignoreSignature;
-      }
-
-      return verifyToken(sdk, idTokenObj, validationParams).then(function () {
-        tokenDict.idToken = idTokenObj;
-        return tokenDict;
-      });
-    }
-
-    return tokenDict;
-  }).then(function (tokenDict) {
-    // Validate received tokens against requested response types 
-    if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {
-      // eslint-disable-next-line max-len
-      throw new AuthSdkError('Unable to parse OAuth flow response: response type "token" was requested but "access_token" was not returned.');
-    }
-
-    if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {
-      // eslint-disable-next-line max-len
-      throw new AuthSdkError('Unable to parse OAuth flow response: response type "id_token" was requested but "id_token" was not returned.');
-    }
-
-    return {
-      tokens: tokenDict,
-      state: res.state,
-      code: res.code
-    };
-  });
-}
-//# sourceMappingURL=handleOAuthResponse.js.map

package/esm/oidc/handleOAuthResponse.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"names":["clone","getOAuthUrls","AuthSdkError","OAuthError","exchangeCodeForTokens","verifyToken","getDefaultTokenParams","validateResponse","res","oauthParams","state","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","Object","assign","authorizationCode","interactionCode","responseType","Array","isArray","scopes","scope","split","clientId","Promise","resolve","then","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","token","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","indexOf","tokens"],"mappings":"AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,KAAT,QAAsB,SAAtB;AACA,SACEC,YADF,QAEO,cAFP;AAGA,SAASC,YAAT,EAAuBC,UAAvB,QAAyC,WAAzC;AAWA,SAASC,qBAAT,QAAsC,yBAAtC;AACA,SAASC,WAAT,QAA4B,eAA5B;AACA,SAASC,qBAAT,QAAsC,GAAtC;;AAEA,SAASC,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;AACtE,MAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;AAC5C,UAAM,IAAIL,UAAJ,CAAeK,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;AACD;;AAED,MAAIA,GAAG,CAACE,KAAJ,KAAcD,WAAW,CAACC,KAA9B,EAAqC;AACnC,UAAM,IAAIR,YAAJ,CAAiB,wDAAjB,CAAN;AACD;AACF,C,CAED;;;AACA,OAAO,SAASS,mBAAT,CAA6BC,GAA7B,EAA4CC,WAA5C,EAAsEL,GAAtE,EAA0FM,IAA1F,EAAoI;AACzI,MAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADyI,CAGzI;AACA;;AACA,MAAIA,IAAI,KAAKP,GAAG,CAACS,IAAJ,IAAYT,GAAG,CAACU,gBAArB,CAAR,EAAgD;AAC9C,WAAOd,qBAAqB,CAACQ,GAAD,EAAMO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBP,WAAlB,EAA+B;AAC/DQ,MAAAA,iBAAiB,EAAEb,GAAG,CAACS,IADwC;AAE/DK,MAAAA,eAAe,EAAEd,GAAG,CAACU;AAF0C,KAA/B,CAAN,EAGxBJ,IAHwB,CAA5B;AAID;;AAEDD,EAAAA,WAAW,GAAGA,WAAW,IAAIP,qBAAqB,CAACM,GAAD,CAAlD;AACAE,EAAAA,IAAI,GAAGA,IAAI,IAAIb,YAAY,CAACW,GAAD,EAAMC,WAAN,CAA3B;AAEA,MAAIU,YAAY,GAAGV,WAAW,CAACU,YAA/B;;AACA,MAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;AAChCA,IAAAA,YAAY,GAAG,CAACA,YAAD,CAAf;AACD;;AAED,MAAIG,MAAJ;;AACA,MAAIlB,GAAG,CAACmB,KAAR,EAAe;AACbD,IAAAA,MAAM,GAAGlB,GAAG,CAACmB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;AACD,GAFD,MAEO;AACLF,IAAAA,MAAM,GAAG1B,KAAK,CAACa,WAAW,CAACa,MAAb,CAAd;AACD;;AACD,MAAIG,QAAQ,GAAGhB,WAAW,CAACgB,QAAZ,IAAwBjB,GAAG,CAACI,OAAJ,CAAYa,QAAnD,CA1ByI,CA4BzI;;AACA,SAAOC,OAAO,CAACC,OAAR,GACJC,IADI,CACC,YAAY;AAChBzB,IAAAA,gBAAgB,CAACC,GAAD,EAAMK,WAAN,CAAhB;AACD,GAHI,EAGFmB,IAHE,CAGG,YAAY;AAClB,QAAIC,SAAS,GAAG,EAAhB;AACA,QAAIC,SAAS,GAAG1B,GAAG,CAAC2B,UAApB;AACA,QAAIC,SAAS,GAAG5B,GAAG,CAAC6B,UAApB;AACA,QAAIC,WAAW,GAAG9B,GAAG,CAAC+B,YAAtB;AACA,QAAIC,OAAO,GAAGhC,GAAG,CAACiC,QAAlB;AACA,QAAIC,YAAY,GAAGlC,GAAG,CAACmC,aAAvB;AACA,QAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,QAAIN,WAAJ,EAAiB;AACf,UAAIU,SAAS,GAAGpC,GAAG,CAACqC,KAAJ,CAAUC,MAAV,CAAiBZ,WAAjB,CAAhB;AACAL,MAAAA,SAAS,CAACK,WAAV,GAAwB;AACtBA,QAAAA,WAAW,EAAEA,WADS;AAEtBa,QAAAA,MAAM,EAAEH,SAAS,CAACI,OAFI;AAGtBC,QAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAHT;AAItBR,QAAAA,SAAS,EAAEA,SAJW;AAKtBV,QAAAA,MAAM,EAAEA,MALc;AAMtB6B,QAAAA,YAAY,EAAEzC,IAAI,CAACyC,YANG;AAOtBC,QAAAA,WAAW,EAAE1C,IAAI,CAAC0C;AAPI,OAAxB;AASD;;AAED,QAAId,YAAJ,EAAkB;AAChBT,MAAAA,SAAS,CAACS,YAAV,GAAyB;AACvBA,QAAAA,YAAY,EAAEA,YADS;AAEvB;AACA;AACAW,QAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAJR;AAKvBlB,QAAAA,MAAM,EAAEA,MALe;AAMvB+B,QAAAA,QAAQ,EAAE3C,IAAI,CAAC2C,QANQ;AAOvBF,QAAAA,YAAY,EAAEzC,IAAI,CAACyC,YAPI;AAQvBG,QAAAA,MAAM,EAAE5C,IAAI,CAAC4C;AARU,OAAzB;AAUD;;AAED,QAAIlB,OAAJ,EAAa;AACX,UAAImB,KAAK,GAAG/C,GAAG,CAACqC,KAAJ,CAAUC,MAAV,CAAiBV,OAAjB,CAAZ;AAEA,UAAIoB,UAAmB,GAAG;AACxBpB,QAAAA,OAAO,EAAEA,OADe;AAExBW,QAAAA,MAAM,EAAEQ,KAAK,CAACP,OAFU;AAGxBC,QAAAA,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAoBF,KAAK,CAACP,OAAN,CAAcU,GAAlC,GAAwClB,GAH3B;AAGgC;AACxDlB,QAAAA,MAAM,EAAEA,MAJgB;AAKxB6B,QAAAA,YAAY,EAAEzC,IAAI,CAACyC,YALK;AAMxBG,QAAAA,MAAM,EAAE5C,IAAI,CAAC4C,MANW;AAOxB7B,QAAAA,QAAQ,EAAEA;AAPc,OAA1B;AAUA,UAAIkC,gBAAmC,GAAG;AACxClC,QAAAA,QAAQ,EAAEA,QAD8B;AAExC6B,QAAAA,MAAM,EAAE5C,IAAI,CAAC4C,MAF2B;AAGxCM,QAAAA,KAAK,EAAEnD,WAAW,CAACmD,KAHqB;AAIxC1B,QAAAA,WAAW,EAAEA;AAJ2B,OAA1C;;AAOA,UAAIzB,WAAW,CAACoD,eAAZ,KAAgCC,SAApC,EAA+C;AAC7CH,QAAAA,gBAAgB,CAACE,eAAjB,GAAmCpD,WAAW,CAACoD,eAA/C;AACD;;AAED,aAAO5D,WAAW,CAACO,GAAD,EAAMgD,UAAN,EAAkBG,gBAAlB,CAAX,CACJ/B,IADI,CACC,YAAY;AAChBC,QAAAA,SAAS,CAACO,OAAV,GAAoBoB,UAApB;AACA,eAAO3B,SAAP;AACD,OAJI,CAAP;AAKD;;AAED,WAAOA,SAAP;AACD,GAtEI,EAuEJD,IAvEI,CAuEC,UAAUC,SAAV,EAAoC;AACxC;AACA,QAAIV,YAAY,CAAC4C,OAAb,CAAqB,OAArB,MAAkC,CAAC,CAAnC,IAAwC,CAAClC,SAAS,CAACK,WAAvD,EAAoE;AAClE;AACA,YAAM,IAAIpC,YAAJ,CAAiB,+GAAjB,CAAN;AACD;;AACD,QAAIqB,YAAY,CAAC4C,OAAb,CAAqB,UAArB,MAAqC,CAAC,CAAtC,IAA2C,CAAClC,SAAS,CAACO,OAA1D,EAAmE;AACjE;AACA,YAAM,IAAItC,YAAJ,CAAiB,8GAAjB,CAAN;AACD;;AAED,WAAO;AACLkE,MAAAA,MAAM,EAAEnC,SADH;AAELvB,MAAAA,KAAK,EAAEF,GAAG,CAACE,KAFN;AAGLO,MAAAA,IAAI,EAAET,GAAG,CAACS;AAHL,KAAP;AAKD,GAvFI,CAAP;AAwFD","sourcesContent":["\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n  OktaAuth,\n  TokenVerifyParams,\n  IDToken,\n  OAuthResponse,\n  TokenParams,\n  TokenResponse,\n  CustomUrls,\n  Tokens,\n} from '../types';\nimport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from '.';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n  if (res['error'] || res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\n// eslint-disable-next-line max-len\nexport function handleOAuthResponse(sdk: OktaAuth, tokenParams: TokenParams, res: OAuthResponse, urls: CustomUrls): Promise<TokenResponse> {\n  var pkce = sdk.options.pkce !== false;\n\n  // The result contains an authorization_code and PKCE is enabled \n  // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n  if (pkce && (res.code || res.interaction_code)) {\n    return exchangeCodeForTokens(sdk, Object.assign({}, tokenParams, {\n      authorizationCode: res.code,\n      interactionCode: res.interaction_code\n    }), urls);\n  }\n\n  tokenParams = tokenParams || getDefaultTokenParams(sdk);\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n\n  var responseType = tokenParams.responseType;\n  if (!Array.isArray(responseType)) {\n    responseType = [responseType];\n  }\n\n  var scopes;\n  if (res.scope) {\n    scopes = res.scope.split(' ');\n  } else {\n    scopes = clone(tokenParams.scopes);\n  }\n  var clientId = tokenParams.clientId || sdk.options.clientId;\n\n  // Handling the result from implicit flow or PKCE token exchange\n  return Promise.resolve()\n    .then(function () {\n      validateResponse(res, tokenParams);\n    }).then(function () {\n      var tokenDict = {} as Tokens;\n      var expiresIn = res.expires_in;\n      var tokenType = res.token_type;\n      var accessToken = res.access_token;\n      var idToken = res.id_token;\n      var refreshToken = res.refresh_token;\n      var now = Math.floor(Date.now()/1000);\n\n      if (accessToken) {\n        var accessJwt = sdk.token.decode(accessToken);\n        tokenDict.accessToken = {\n          accessToken: accessToken,\n          claims: accessJwt.payload,\n          expiresAt: Number(expiresIn) + now,\n          tokenType: tokenType,\n          scopes: scopes,\n          authorizeUrl: urls.authorizeUrl,\n          userinfoUrl: urls.userinfoUrl\n        };\n      }\n\n      if (refreshToken) {\n        tokenDict.refreshToken = {\n          refreshToken: refreshToken,\n          // should not be used, this is the accessToken expire time\n          // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n          expiresAt: Number(expiresIn) + now, \n          scopes: scopes,\n          tokenUrl: urls.tokenUrl,\n          authorizeUrl: urls.authorizeUrl,\n          issuer: urls.issuer,\n        };\n      }\n\n      if (idToken) {\n        var idJwt = sdk.token.decode(idToken);\n\n        var idTokenObj: IDToken = {\n          idToken: idToken,\n          claims: idJwt.payload,\n          expiresAt: idJwt.payload.exp - idJwt.payload.iat + now, // adjusting expiresAt to be in local time\n          scopes: scopes,\n          authorizeUrl: urls.authorizeUrl,\n          issuer: urls.issuer,\n          clientId: clientId\n        };\n\n        var validationParams: TokenVerifyParams = {\n          clientId: clientId,\n          issuer: urls.issuer,\n          nonce: tokenParams.nonce,\n          accessToken: accessToken\n        };\n\n        if (tokenParams.ignoreSignature !== undefined) {\n          validationParams.ignoreSignature = tokenParams.ignoreSignature;\n        }\n\n        return verifyToken(sdk, idTokenObj, validationParams)\n          .then(function () {\n            tokenDict.idToken = idTokenObj;\n            return tokenDict;\n          });\n      }\n\n      return tokenDict;\n    })\n    .then(function (tokenDict): TokenResponse {\n      // Validate received tokens against requested response types \n      if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n        // eslint-disable-next-line max-len\n        throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n      }\n      if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n        // eslint-disable-next-line max-len\n        throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n      }\n\n      return {\n        tokens: tokenDict,\n        state: res.state,\n        code: res.code\n      };\n    });\n}"],"file":"handleOAuthResponse.js"}

package/esm/oidc/index.js

@@ -1,29 +0,0 @@
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-export * from './endpoints';
-export * from './util';
-export { decodeToken } from './decodeToken';
-export { revokeToken } from './revokeToken';
-export { renewToken } from './renewToken';
-export { renewTokensWithRefresh } from './renewTokensWithRefresh';
-export { renewTokens } from './renewTokens';
-export { verifyToken } from './verifyToken';
-export { getUserInfo } from './getUserInfo';
-export { handleOAuthResponse } from './handleOAuthResponse';
-export { exchangeCodeForTokens } from './exchangeCodeForTokens';
-export { getToken } from './getToken';
-export { getWithoutPrompt } from './getWithoutPrompt';
-export { getWithPopup } from './getWithPopup';
-export { getWithRedirect } from './getWithRedirect';
-export { parseFromUrl } from './parseFromUrl';
-//# sourceMappingURL=index.js.map

package/esm/oidc/index.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/index.ts"],"names":["decodeToken","revokeToken","renewToken","renewTokensWithRefresh","renewTokens","verifyToken","getUserInfo","handleOAuthResponse","exchangeCodeForTokens","getToken","getWithoutPrompt","getWithPopup","getWithRedirect","parseFromUrl"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,aAAd;AACA,cAAc,QAAd;AAEA,SAASA,WAAT,QAA4B,eAA5B;AACA,SAASC,WAAT,QAA4B,eAA5B;AACA,SAASC,UAAT,QAA2B,cAA3B;AACA,SAASC,sBAAT,QAAuC,0BAAvC;AACA,SAASC,WAAT,QAA4B,eAA5B;AACA,SAASC,WAAT,QAA4B,eAA5B;AACA,SAASC,WAAT,QAA4B,eAA5B;AACA,SAASC,mBAAT,QAAoC,uBAApC;AACA,SAASC,qBAAT,QAAsC,yBAAtC;AACA,SAASC,QAAT,QAAyB,YAAzB;AACA,SAASC,gBAAT,QAAiC,oBAAjC;AACA,SAASC,YAAT,QAA6B,gBAA7B;AACA,SAASC,eAAT,QAAgC,mBAAhC;AACA,SAASC,YAAT,QAA6B,gBAA7B","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './endpoints';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\n"],"file":"index.js"}

package/esm/oidc/parseFromUrl.js

@@ -1,144 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-
-/* eslint-disable complexity */
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { AuthSdkError } from '../errors';
-import { isInteractionRequiredError, urlParamsToObject } from './util';
-import { isString } from '../util';
-import { handleOAuthResponse } from './handleOAuthResponse';
-
-function removeHash(sdk) {
-  var nativeHistory = sdk.token.parseFromUrl._getHistory();
-
-  var nativeDoc = sdk.token.parseFromUrl._getDocument();
-
-  var nativeLoc = sdk.token.parseFromUrl._getLocation();
-
-  if (nativeHistory && nativeHistory.replaceState) {
-    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);
-  } else {
-    nativeLoc.hash = '';
-  }
-}
-
-function removeSearch(sdk) {
-  var nativeHistory = sdk.token.parseFromUrl._getHistory();
-
-  var nativeDoc = sdk.token.parseFromUrl._getDocument();
-
-  var nativeLoc = sdk.token.parseFromUrl._getLocation();
-
-  if (nativeHistory && nativeHistory.replaceState) {
-    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);
-  } else {
-    nativeLoc.search = '';
-  }
-}
-
-export function getResponseMode(sdk) {
-  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication
-  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';
-  var responseMode = sdk.options.responseMode || defaultResponseMode;
-  return responseMode;
-}
-export function parseOAuthResponseFromUrl(sdk, options) {
-  options = options || {};
-
-  if (isString(options)) {
-    options = {
-      url: options
-    };
-  } else {
-    options = options;
-  }
-
-  var url = options.url;
-  var responseMode = options.responseMode || getResponseMode(sdk);
-
-  var nativeLoc = sdk.token.parseFromUrl._getLocation();
-
-  var paramStr;
-
-  if (responseMode === 'query') {
-    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;
-  } else {
-    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;
-  }
-
-  if (!paramStr) {
-    throw new AuthSdkError('Unable to parse a token from the url');
-  }
-
-  return urlParamsToObject(paramStr);
-}
-export function cleanOAuthResponseFromUrl(sdk, options) {
-  // Clean hash or search from the url
-  var responseMode = options.responseMode || getResponseMode(sdk);
-  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);
-}
-export function parseFromUrl(_x, _x2) {
-  return _parseFromUrl.apply(this, arguments);
-}
-
-function _parseFromUrl() {
-  _parseFromUrl = _asyncToGenerator(function* (sdk, options) {
-    options = options || {};
-
-    if (isString(options)) {
-      options = {
-        url: options
-      };
-    } else {
-      options = options;
-    }
-
-    var res = parseOAuthResponseFromUrl(sdk, options);
-    var state = res.state;
-    var oauthParams = sdk.transactionManager.load({
-      oauth: true,
-      pkce: sdk.options.pkce,
-      state
-    });
-
-    if (!oauthParams) {
-      return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));
-    }
-
-    var urls = oauthParams.urls;
-    delete oauthParams.urls;
-
-    if (!options.url) {
-      // Clean hash or search from the url
-      cleanOAuthResponseFromUrl(sdk, options);
-    }
-
-    return handleOAuthResponse(sdk, oauthParams, res, urls).catch(err => {
-      if (!isInteractionRequiredError(err)) {
-        sdk.transactionManager.clear({
-          state
-        });
-      }
-
-      throw err;
-    }).then(res => {
-      sdk.transactionManager.clear({
-        state
-      });
-      return res;
-    });
-  });
-  return _parseFromUrl.apply(this, arguments);
-}
-//# sourceMappingURL=parseFromUrl.js.map

package/esm/oidc/parseFromUrl.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["AuthSdkError","isInteractionRequiredError","urlParamsToObject","isString","handleOAuthResponse","removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","indexOf","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","Promise","reject","urls","catch","err","clear","then"],"mappings":";;AAAA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AACA,SAASC,0BAAT,EAAqCC,iBAArC,QAA8D,QAA9D;AAQA,SAASC,QAAT,QAAyB,SAAzB;AACA,SAASC,mBAAT,QAAoC,uBAApC;;AAEA,SAASC,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAED,OAAO,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;AACzD;AACA,MAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AACA,MAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;AACA,SAAOG,YAAP;AACD;AAED,OAAO,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;AACnGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAIpB,QAAQ,CAACoB,OAAD,CAAZ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,MAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;AACA,MAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;AACA,MAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIc,QAAJ;;AAEA,MAAIH,YAAY,KAAK,OAArB,EAA8B;AAC5BG,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLU,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACS,QAAL,EAAe;AACb,UAAM,IAAI5B,YAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,SAAOE,iBAAiB,CAAC0B,QAAD,CAAxB;AACD;AAED,OAAO,SAASG,yBAAT,CAAmCzB,GAAnC,EAAwCiB,OAAxC,EAAsE;AAC3E;AACA,MAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;AACAmB,EAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;AAED,gBAAsBG,YAAtB;AAAA;AAAA;;;oCAAO,WAA4BH,GAA5B,EAAiCiB,OAAjC,EAAgG;AACrGA,IAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,QAAIpB,QAAQ,CAACoB,OAAD,CAAZ,EAAuB;AACrBA,MAAAA,OAAO,GAAG;AAAEI,QAAAA,GAAG,EAAEJ;AAAP,OAAV;AACD,KAFD,MAEO;AACLA,MAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,QAAMS,GAAkB,GAAGN,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;AACA,QAAMU,KAAK,GAAGD,GAAG,CAACC,KAAlB;AACA,QAAMC,WAA4B,GAAG5B,GAAG,CAAC6B,kBAAJ,CAAuBC,IAAvB,CAA4B;AAC/DC,MAAAA,KAAK,EAAE,IADwD;AAE/Db,MAAAA,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;AAG/DS,MAAAA;AAH+D,KAA5B,CAArC;;AAKA,QAAI,CAACC,WAAL,EAAkB;AAChB,aAAOI,OAAO,CAACC,MAAR,CAAe,IAAIvC,YAAJ,CAAiB,uDAAjB,CAAf,CAAP;AACD;;AACD,QAAMwC,IAAgB,GAAGN,WAAW,CAACM,IAArC;AACA,WAAON,WAAW,CAACM,IAAnB;;AAEA,QAAI,CAACjB,OAAO,CAACI,GAAb,EAAkB;AAChB;AACAI,MAAAA,yBAAyB,CAACzB,GAAD,EAAMiB,OAAN,CAAzB;AACD;;AAED,WAAOnB,mBAAmB,CAACE,GAAD,EAAM4B,WAAN,EAAmBF,GAAnB,EAAwBQ,IAAxB,CAAnB,CACJC,KADI,CACEC,GAAG,IAAI;AACZ,UAAI,CAACzC,0BAA0B,CAACyC,GAAD,CAA/B,EAAsC;AACpCpC,QAAAA,GAAG,CAAC6B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,UAAAA;AAD2B,SAA7B;AAGD;;AACD,YAAMS,GAAN;AACD,KARI,EASJE,IATI,CASCZ,GAAG,IAAI;AACX1B,MAAAA,GAAG,CAAC6B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,QAAAA;AAD2B,OAA7B;AAGA,aAAOD,GAAP;AACD,KAdI,CAAP;AAgBD,G","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    oauth: true,\n    pkce: sdk.options.pkce,\n    state\n  });\n  if (!oauthParams) {\n    return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n"],"file":"parseFromUrl.js"}

package/esm/oidc/renewToken.js

@@ -1,85 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { AuthSdkError } from '../errors';
-import { isAccessToken, isIDToken } from '../types';
-import { getWithoutPrompt } from './getWithoutPrompt';
-import { renewTokensWithRefresh } from './renewTokensWithRefresh';
-
-function throwInvalidTokenError() {
-  throw new AuthSdkError('Renew must be passed a token with an array of scopes and an accessToken or idToken');
-} // Multiple tokens may have come back. Return only the token which was requested.
-
-
-function getSingleToken(originalToken, tokens) {
-  if (isIDToken(originalToken)) {
-    return tokens.idToken;
-  }
-
-  if (isAccessToken(originalToken)) {
-    return tokens.accessToken;
-  }
-
-  throwInvalidTokenError();
-} // If we have a refresh token, renew using that, otherwise getWithoutPrompt
-
-
-export function renewToken(_x, _x2) {
-  return _renewToken.apply(this, arguments);
-}
-
-function _renewToken() {
-  _renewToken = _asyncToGenerator(function* (sdk, token) {
-    if (!isIDToken(token) && !isAccessToken(token)) {
-      throwInvalidTokenError();
-    }
-
-    var tokens = sdk.tokenManager.getTokensSync();
-
-    if (tokens.refreshToken) {
-      tokens = yield renewTokensWithRefresh(sdk, {
-        scopes: token.scopes
-      }, tokens.refreshToken);
-      return getSingleToken(token, tokens);
-    }
-
-    var responseType;
-
-    if (sdk.options.pkce) {
-      responseType = 'code';
-    } else if (isAccessToken(token)) {
-      responseType = 'token';
-    } else {
-      responseType = 'id_token';
-    }
-
-    var {
-      scopes,
-      authorizeUrl,
-      userinfoUrl,
-      issuer
-    } = token;
-    return getWithoutPrompt(sdk, {
-      responseType,
-      scopes,
-      authorizeUrl,
-      userinfoUrl,
-      issuer
-    }).then(function (res) {
-      return getSingleToken(token, res.tokens);
-    });
-  });
-  return _renewToken.apply(this, arguments);
-}
-//# sourceMappingURL=renewToken.js.map

package/esm/oidc/renewToken.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/renewToken.ts"],"names":["AuthSdkError","isAccessToken","isIDToken","getWithoutPrompt","renewTokensWithRefresh","throwInvalidTokenError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AACA,SAAkCC,aAAlC,EAAuEC,SAAvE,QAAwF,UAAxF;AACA,SAASC,gBAAT,QAAiC,oBAAjC;AACA,SAASC,sBAAT,QAAuC,0BAAvC;;AAEA,SAASC,sBAAT,GAAkC;AAChC,QAAM,IAAIL,YAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASM,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;AAC5D,MAAIN,SAAS,CAACK,aAAD,CAAb,EAA8B;AAC5B,WAAOC,MAAM,CAACC,OAAd;AACD;;AACD,MAAIR,aAAa,CAACM,aAAD,CAAjB,EAAkC;AAChC,WAAOC,MAAM,CAACE,WAAd;AACD;;AACDL,EAAAA,sBAAsB;AACvB,C,CAED;;;AACA,gBAAsBM,UAAtB;AAAA;AAAA;;;kCAAO,WAA0BC,GAA1B,EAAyCC,KAAzC,EAAuE;AAC5E,QAAI,CAACX,SAAS,CAACW,KAAD,CAAV,IAAqB,CAACZ,aAAa,CAACY,KAAD,CAAvC,EAAgD;AAC9CR,MAAAA,sBAAsB;AACvB;;AAED,QAAIG,MAAM,GAAGI,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;AACA,QAAIP,MAAM,CAACQ,YAAX,EAAyB;AACvBR,MAAAA,MAAM,SAASJ,sBAAsB,CAACQ,GAAD,EAAM;AACzCK,QAAAA,MAAM,EAAEJ,KAAK,CAACI;AAD2B,OAAN,EAElCT,MAAM,CAACQ,YAF2B,CAArC;AAGA,aAAOV,cAAc,CAACO,KAAD,EAAQL,MAAR,CAArB;AACD;;AAED,QAAIU,YAAJ;;AACA,QAAIN,GAAG,CAACO,OAAJ,CAAYC,IAAhB,EAAsB;AACpBF,MAAAA,YAAY,GAAG,MAAf;AACD,KAFD,MAEO,IAAIjB,aAAa,CAACY,KAAD,CAAjB,EAA0B;AAC/BK,MAAAA,YAAY,GAAG,OAAf;AACD,KAFM,MAEA;AACLA,MAAAA,YAAY,GAAG,UAAf;AACD;;AAED,QAAM;AAAED,MAAAA,MAAF;AAAUI,MAAAA,YAAV;AAAwBC,MAAAA,WAAxB;AAAqCC,MAAAA;AAArC,QAAgDV,KAAtD;AACA,WAAOV,gBAAgB,CAACS,GAAD,EAAM;AAC3BM,MAAAA,YAD2B;AAE3BD,MAAAA,MAF2B;AAG3BI,MAAAA,YAH2B;AAI3BC,MAAAA,WAJ2B;AAK3BC,MAAAA;AAL2B,KAAN,CAAhB,CAOJC,IAPI,CAOC,UAAUC,GAAV,EAAe;AACnB,aAAOnB,cAAc,CAACO,KAAD,EAAQY,GAAG,CAACjB,MAAZ,CAArB;AACD,KATI,CAAP;AAUD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuth, token: Token): Promise<Token> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n"],"file":"renewToken.js"}

package/esm/oidc/renewTokens.js

@@ -1,74 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { AuthSdkError } from '../errors';
-import { getWithoutPrompt } from './getWithoutPrompt';
-import { renewTokensWithRefresh } from './renewTokensWithRefresh';
-import { getDefaultTokenParams } from './util'; // If we have a refresh token, renew using that, otherwise getWithoutPrompt
-// eslint-disable-next-line complexity
-
-export function renewTokens(_x, _x2) {
-  return _renewTokens.apply(this, arguments);
-}
-
-function _renewTokens() {
-  _renewTokens = _asyncToGenerator(function* (sdk, options) {
-    var tokens = sdk.tokenManager.getTokensSync();
-
-    if (tokens.refreshToken) {
-      return renewTokensWithRefresh(sdk, options, tokens.refreshToken);
-    }
-
-    if (!tokens.accessToken && !tokens.idToken) {
-      throw new AuthSdkError('renewTokens() was called but there is no existing token');
-    }
-
-    var accessToken = tokens.accessToken || {};
-    var idToken = tokens.idToken || {};
-    var scopes = accessToken.scopes || idToken.scopes;
-
-    if (!scopes) {
-      throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');
-    }
-
-    var authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;
-
-    if (!authorizeUrl) {
-      throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');
-    }
-
-    var userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;
-    var issuer = idToken.issuer || sdk.options.issuer; // Get tokens using the SSO cookie
-
-    options = Object.assign({
-      scopes,
-      authorizeUrl,
-      userinfoUrl,
-      issuer
-    }, options);
-
-    if (sdk.options.pkce) {
-      options.responseType = 'code';
-    } else {
-      var {
-        responseType
-      } = getDefaultTokenParams(sdk);
-      options.responseType = responseType;
-    }
-
-    return getWithoutPrompt(sdk, options).then(res => res.tokens);
-  });
-  return _renewTokens.apply(this, arguments);
-}
-//# sourceMappingURL=renewTokens.js.map

package/esm/oidc/renewTokens.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["AuthSdkError","getWithoutPrompt","renewTokensWithRefresh","getDefaultTokenParams","renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","then","res"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AAEA,SAASC,gBAAT,QAAiC,oBAAjC;AACA,SAASC,sBAAT,QAAuC,0BAAvC;AACA,SAASC,qBAAT,QAAsC,QAAtC,C,CAEA;AACA;;AACA,gBAAsBC,WAAtB;AAAA;AAAA;;;mCAAO,WAA2BC,GAA3B,EAAgCC,OAAhC,EAAuE;AAC5E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,QAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,aAAOR,sBAAsB,CAACG,GAAD,EAAMC,OAAN,EAAeC,MAAM,CAACG,YAAtB,CAA7B;AACD;;AAED,QAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;AAC1C,YAAM,IAAIZ,YAAJ,CAAiB,yDAAjB,CAAN;AACD;;AAED,QAAMW,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;AACA,QAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;AACA,QAAMC,MAAM,GAAGF,WAAW,CAACE,MAAZ,IAAsBD,OAAO,CAACC,MAA7C;;AACA,QAAI,CAACA,MAAL,EAAa;AACX,YAAM,IAAIb,YAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAMc,YAAY,GAAGH,WAAW,CAACG,YAAZ,IAA4BF,OAAO,CAACE,YAAzD;;AACA,QAAI,CAACA,YAAL,EAAmB;AACjB,YAAM,IAAId,YAAJ,CAAiB,0DAAjB,CAAN;AACD;;AACD,QAAMe,WAAW,GAAGJ,WAAW,CAACI,WAAZ,IAA2BV,GAAG,CAACC,OAAJ,CAAYS,WAA3D;AACA,QAAMC,MAAM,GAAGJ,OAAO,CAACI,MAAR,IAAkBX,GAAG,CAACC,OAAJ,CAAYU,MAA7C,CArB4E,CAuB5E;;AACAV,IAAAA,OAAO,GAAGW,MAAM,CAACC,MAAP,CAAc;AACtBL,MAAAA,MADsB;AAEtBC,MAAAA,YAFsB;AAGtBC,MAAAA,WAHsB;AAItBC,MAAAA;AAJsB,KAAd,EAKPV,OALO,CAAV;;AAOA,QAAID,GAAG,CAACC,OAAJ,CAAYa,IAAhB,EAAsB;AACpBb,MAAAA,OAAO,CAACc,YAAR,GAAuB,MAAvB;AACD,KAFD,MAEO;AACL,UAAM;AAAEA,QAAAA;AAAF,UAAmBjB,qBAAqB,CAACE,GAAD,CAA9C;AACAC,MAAAA,OAAO,CAACc,YAAR,GAAuBA,YAAvB;AACD;;AAED,WAAOnB,gBAAgB,CAACI,GAAD,EAAMC,OAAN,CAAhB,CACJe,IADI,CACCC,GAAG,IAAIA,GAAG,CAACf,MADZ,CAAP;AAGD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options: TokenParams): Promise<Tokens> {\n  const tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n"],"file":"renewTokens.js"}

package/esm/oidc/renewTokensWithRefresh.js

@@ -1,55 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-
-/*!
- * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
- * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
- *
- * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- * See the License for the specific language governing permissions and limitations under the License.
- *
- */
-import { AuthSdkError } from '../errors';
-import { getOAuthUrls } from './util/oauth';
-import { isSameRefreshToken } from './util/refreshToken';
-import { handleOAuthResponse } from './handleOAuthResponse';
-import { postRefreshToken } from './endpoints/token';
-export function renewTokensWithRefresh(_x, _x2, _x3) {
-  return _renewTokensWithRefresh.apply(this, arguments);
-}
-
-function _renewTokensWithRefresh() {
-  _renewTokensWithRefresh = _asyncToGenerator(function* (sdk, tokenParams, refreshTokenObject) {
-    var {
-      clientId
-    } = sdk.options;
-
-    if (!clientId) {
-      throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');
-    }
-
-    var renewTokenParams = Object.assign({}, tokenParams, {
-      clientId
-    });
-    var tokenResponse = yield postRefreshToken(sdk, renewTokenParams, refreshTokenObject);
-    var urls = getOAuthUrls(sdk, tokenParams);
-    var {
-      tokens
-    } = yield handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls); // Support rotating refresh tokens
-
-    var {
-      refreshToken
-    } = tokens;
-
-    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {
-      sdk.tokenManager.updateRefreshToken(refreshToken);
-    }
-
-    return tokens;
-  });
-  return _renewTokensWithRefresh.apply(this, arguments);
-}
-//# sourceMappingURL=renewTokensWithRefresh.js.map

package/esm/oidc/renewTokensWithRefresh.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"names":["AuthSdkError","getOAuthUrls","isSameRefreshToken","handleOAuthResponse","postRefreshToken","renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","renewTokenParams","Object","assign","tokenResponse","urls","tokens","refreshToken","tokenManager","updateRefreshToken"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,YAAT,QAA6B,WAA7B;AACA,SAASC,YAAT,QAA6B,cAA7B;AACA,SAASC,kBAAT,QAAmC,qBAAnC;AAEA,SAASC,mBAAT,QAAoC,uBAApC;AACA,SAASC,gBAAT,QAAiC,mBAAjC;AAEA,gBAAsBC,sBAAtB;AAAA;AAAA;;;8CAAO,WACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;AACjB,QAAM;AAAEC,MAAAA;AAAF,QAAeH,GAAG,CAACI,OAAzB;;AACA,QAAI,CAACD,QAAL,EAAe;AACb,YAAM,IAAIT,YAAJ,CAAiB,0EAAjB,CAAN;AACD;;AAED,QAAMW,gBAA6B,GAAGC,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBN,WAAlB,EAA+B;AACnEE,MAAAA;AADmE,KAA/B,CAAtC;AAGA,QAAMK,aAAa,SAASV,gBAAgB,CAACE,GAAD,EAAMK,gBAAN,EAAwBH,kBAAxB,CAA5C;AACA,QAAMO,IAAI,GAAGd,YAAY,CAACK,GAAD,EAAMC,WAAN,CAAzB;AACA,QAAM;AAAES,MAAAA;AAAF,cAAmBb,mBAAmB,CAACG,GAAD,EAAMK,gBAAN,EAAwBG,aAAxB,EAAuCC,IAAvC,CAA5C,CAXiB,CAajB;;AACA,QAAM;AAAEE,MAAAA;AAAF,QAAmBD,MAAzB;;AACA,QAAIC,YAAY,IAAI,CAACf,kBAAkB,CAACe,YAAD,EAAeT,kBAAf,CAAvC,EAA2E;AACzEF,MAAAA,GAAG,CAACY,YAAJ,CAAiBC,kBAAjB,CAAoCF,YAApC;AACD;;AAED,WAAOD,MAAP;AACD,G","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuth, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuth,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n    clientId,\n  });\n  const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n  // Support rotating refresh tokens\n  const { refreshToken } = tokens;\n  if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n    sdk.tokenManager.updateRefreshToken(refreshToken);\n  }\n\n  return tokens;\n}\n"],"file":"renewTokensWithRefresh.js"}