@okta/okta-auth-js 5.9.1 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +56 -0
- package/README.md +16 -3
- package/cjs/AuthStateManager.js +2 -1
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +95 -78
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/OktaUserAgent.js.map +1 -1
- package/cjs/PromiseQueue.js +6 -1
- package/cjs/PromiseQueue.js.map +1 -1
- package/cjs/StorageManager.js +3 -1
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TokenManager.js +33 -5
- package/cjs/TokenManager.js.map +1 -1
- package/cjs/TransactionManager.js +17 -4
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +7 -5
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/browser/fingerprint.js +3 -1
- package/cjs/browser/fingerprint.js.map +1 -1
- package/cjs/builderUtil.js +3 -17
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/crypto/oidcHash.js.map +1 -1
- package/cjs/features.js +9 -3
- package/cjs/features.js.map +1 -1
- package/cjs/fetch/fetchRequest.js +2 -1
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/request.js +2 -0
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/authenticate.js +8 -5
- package/cjs/idx/authenticate.js.map +1 -1
- package/cjs/idx/authenticator/Authenticator.js +14 -0
- package/cjs/idx/authenticator/Authenticator.js.map +1 -0
- package/cjs/idx/authenticator/OktaPassword.js +31 -0
- package/cjs/idx/authenticator/OktaPassword.js.map +1 -0
- package/cjs/idx/authenticator/OktaVerifyTotp.js +17 -0
- package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -0
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +50 -0
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -0
- package/cjs/idx/authenticator/SecurityQuestionVerification.js +32 -0
- package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -0
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +34 -0
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -0
- package/cjs/idx/authenticator/getAuthenticator.js +41 -0
- package/cjs/idx/authenticator/getAuthenticator.js.map +1 -0
- package/cjs/idx/authenticator/index.js +80 -0
- package/cjs/idx/authenticator/index.js.map +1 -0
- package/cjs/idx/cancel.js +5 -0
- package/cjs/idx/cancel.js.map +1 -1
- package/cjs/idx/emailVerify.js +73 -0
- package/cjs/idx/emailVerify.js.map +1 -0
- package/cjs/idx/flow/AuthenticationFlow.js +4 -1
- package/cjs/idx/flow/AuthenticationFlow.js.map +1 -1
- package/cjs/idx/flow/FlowSpecification.js +16 -14
- package/cjs/idx/flow/FlowSpecification.js.map +1 -1
- package/cjs/idx/flow/RegistrationFlow.js +3 -0
- package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
- package/cjs/idx/flow/index.js +0 -52
- package/cjs/idx/flow/index.js.map +1 -1
- package/cjs/idx/handleInteractionCodeRedirect.js +1 -0
- package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
- package/cjs/idx/index.js +26 -0
- package/cjs/idx/index.js.map +1 -1
- package/cjs/idx/interact.js +47 -29
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +12 -14
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/poll.js +59 -0
- package/cjs/idx/poll.js.map +1 -0
- package/cjs/idx/proceed.js +4 -7
- package/cjs/idx/proceed.js.map +1 -1
- package/cjs/idx/recoverPassword.js +1 -1
- package/cjs/idx/recoverPassword.js.map +1 -1
- package/cjs/idx/register.js +16 -14
- package/cjs/idx/register.js.map +1 -1
- package/cjs/idx/remediate.js +55 -92
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +11 -12
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js +8 -9
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +48 -35
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +53 -20
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +20 -19
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +8 -28
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengePoll.js +26 -0
- package/cjs/idx/remediators/ChallengePoll.js.map +1 -0
- package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollPoll.js +55 -0
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -0
- package/cjs/idx/remediators/EnrollProfile.js +4 -1
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js +80 -0
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -0
- package/cjs/idx/remediators/Identify.js +2 -35
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -0
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +23 -2
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollmentChannel.js +74 -0
- package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -0
- package/cjs/idx/remediators/Skip.js +7 -0
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/remediators/index.js +52 -0
- package/cjs/idx/remediators/index.js.map +1 -1
- package/cjs/idx/remediators/util.js +7 -2
- package/cjs/idx/remediators/util.js.map +1 -1
- package/cjs/idx/run.js +110 -52
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/startTransaction.js +4 -2
- package/cjs/idx/startTransaction.js.map +1 -1
- package/cjs/idx/transactionMeta.js +82 -69
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +21 -4
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/index.js +14 -0
- package/cjs/index.js.map +1 -1
- package/cjs/oidc/endpoints/authorize.js +2 -0
- package/cjs/oidc/endpoints/authorize.js.map +1 -1
- package/cjs/oidc/endpoints/token.js +1 -0
- package/cjs/oidc/endpoints/token.js.map +1 -1
- package/cjs/oidc/exchangeCodeForTokens.js +3 -3
- package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
- package/cjs/oidc/getToken.js +3 -1
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +10 -37
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/handleOAuthResponse.js +80 -86
- package/cjs/oidc/handleOAuthResponse.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewToken.js.map +1 -1
- package/cjs/oidc/renewTokens.js +1 -1
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/revokeToken.js +28 -29
- package/cjs/oidc/revokeToken.js.map +1 -1
- package/cjs/oidc/util/index.js +14 -0
- package/cjs/oidc/util/index.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +6 -1
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/oauth.js.map +1 -1
- package/cjs/oidc/util/oauthMeta.js +36 -0
- package/cjs/oidc/util/oauthMeta.js.map +1 -0
- package/cjs/oidc/util/pkce.js.map +1 -1
- package/cjs/oidc/util/prepareTokenParams.js +57 -36
- package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +2 -0
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/oidc/verifyToken.js +2 -1
- package/cjs/oidc/verifyToken.js.map +1 -1
- package/cjs/options.js +6 -2
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +1 -1
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/services/TokenService.js +3 -0
- package/cjs/services/TokenService.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +3 -0
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/TransactionState.js +0 -17
- package/cjs/tx/TransactionState.js.map +1 -1
- package/cjs/tx/api.js +3 -2
- package/cjs/tx/api.js.map +1 -1
- package/cjs/types/Token.js.map +1 -1
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/util/index.js +0 -13
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/url.js.map +1 -1
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/index.js +2603 -1814
- package/esm/index.js.map +1 -1
- package/lib/AuthStateManager.d.ts +1 -2
- package/lib/OktaAuth.d.ts +4 -10
- package/lib/StorageManager.d.ts +1 -1
- package/lib/TokenManager.d.ts +4 -2
- package/lib/TransactionManager.d.ts +3 -2
- package/lib/browser/fingerprint.d.ts +1 -1
- package/lib/builderUtil.d.ts +1 -2
- package/lib/crypto/browser.d.ts +1 -1
- package/lib/features.d.ts +1 -1
- package/lib/idx/authenticate.d.ts +1 -1
- package/lib/idx/authenticator/Authenticator.d.ts +12 -0
- package/lib/idx/authenticator/OktaPassword.d.ts +11 -0
- package/lib/idx/authenticator/OktaVerifyTotp.d.ts +9 -0
- package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +28 -0
- package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +14 -0
- package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +10 -0
- package/lib/idx/authenticator/getAuthenticator.d.ts +3 -0
- package/lib/idx/authenticator/index.d.ts +6 -0
- package/lib/idx/cancel.d.ts +1 -1
- package/lib/{util → idx}/emailVerify.d.ts +10 -1
- package/lib/idx/flow/FlowSpecification.d.ts +1 -2
- package/lib/idx/flow/index.d.ts +0 -4
- package/lib/idx/index.d.ts +2 -0
- package/lib/idx/interact.d.ts +5 -11
- package/lib/idx/introspect.d.ts +3 -2
- package/lib/idx/{flow/AuthenticationFlowMonitor.d.ts → poll.d.ts} +3 -5
- package/lib/idx/proceed.d.ts +4 -1
- package/lib/idx/recoverPassword.d.ts +1 -1
- package/lib/idx/register.d.ts +1 -1
- package/lib/idx/remediate.d.ts +10 -4
- package/lib/idx/remediators/AuthenticatorEnrollmentData.d.ts +12 -8
- package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +3 -4
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +13 -8
- package/lib/idx/remediators/Base/Remediator.d.ts +9 -6
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +9 -8
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +10 -5
- package/lib/idx/{flow/RegistrationFlowMonitor.d.ts → remediators/ChallengePoll.d.ts} +3 -3
- package/lib/idx/{flow/PasswordRecoveryFlowMonitor.d.ts → remediators/EnrollPoll.d.ts} +12 -4
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -1
- package/lib/idx/remediators/EnrollmentChannelData.d.ts +53 -0
- package/lib/idx/remediators/Identify.d.ts +2 -5
- package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -2
- package/lib/idx/remediators/RedirectIdp.d.ts +3 -3
- package/lib/idx/remediators/SelectAuthenticatorAuthenticate.d.ts +6 -2
- package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +39 -0
- package/lib/idx/remediators/Skip.d.ts +3 -0
- package/lib/idx/remediators/index.d.ts +4 -0
- package/lib/idx/remediators/util.d.ts +2 -2
- package/lib/idx/run.d.ts +4 -3
- package/lib/idx/startTransaction.d.ts +3 -2
- package/lib/idx/transactionMeta.d.ts +6 -27
- package/lib/idx/types/idx-js.d.ts +57 -2
- package/lib/idx/types/index.d.ts +25 -8
- package/lib/index.d.ts +1 -0
- package/lib/oidc/exchangeCodeForTokens.d.ts +12 -0
- package/lib/oidc/getWithRedirect.d.ts +1 -1
- package/lib/oidc/handleOAuthResponse.d.ts +1 -1
- package/lib/oidc/parseFromUrl.d.ts +1 -1
- package/lib/oidc/renewToken.d.ts +1 -1
- package/lib/oidc/renewTokens.d.ts +1 -1
- package/lib/oidc/util/browser.d.ts +1 -1
- package/lib/oidc/util/errors.d.ts +1 -1
- package/lib/oidc/util/index.d.ts +1 -0
- package/lib/oidc/util/oauth.d.ts +1 -8
- package/lib/oidc/util/oauthMeta.d.ts +2 -0
- package/lib/oidc/util/prepareTokenParams.d.ts +3 -0
- package/lib/server/serverStorage.d.ts +1 -1
- package/lib/services/TokenService.d.ts +2 -2
- package/lib/tx/AuthTransaction.d.ts +2 -2
- package/lib/tx/TransactionState.d.ts +11 -1
- package/lib/tx/api.d.ts +6 -6
- package/lib/types/OktaAuthOptions.d.ts +6 -6
- package/lib/types/Storage.d.ts +3 -3
- package/lib/types/Token.d.ts +1 -0
- package/lib/types/Transaction.d.ts +11 -0
- package/lib/types/UserClaims.d.ts +3 -3
- package/lib/types/api.d.ts +31 -17
- package/lib/util/console.d.ts +1 -1
- package/lib/util/index.d.ts +0 -1
- package/lib/util/types.d.ts +1 -1
- package/lib/util/url.d.ts +2 -2
- package/package.json +6 -8
- package/cjs/idx/flow/AuthenticationFlowMonitor.js +0 -45
- package/cjs/idx/flow/AuthenticationFlowMonitor.js.map +0 -1
- package/cjs/idx/flow/FlowMonitor.js +0 -69
- package/cjs/idx/flow/FlowMonitor.js.map +0 -1
- package/cjs/idx/flow/PasswordRecoveryFlowMonitor.js +0 -55
- package/cjs/idx/flow/PasswordRecoveryFlowMonitor.js.map +0 -1
- package/cjs/idx/flow/RegistrationFlowMonitor.js +0 -35
- package/cjs/idx/flow/RegistrationFlowMonitor.js.map +0 -1
- package/cjs/util/emailVerify.js +0 -28
- package/cjs/util/emailVerify.js.map +0 -1
- package/lib/idx/flow/FlowMonitor.d.ts +0 -23
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,61 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 6.0.0
|
|
4
|
+
|
|
5
|
+
### Breaking Changes
|
|
6
|
+
|
|
7
|
+
- [#1003](https://github.com/okta/okta-auth-js/pull/1003) Supports generic UserClaims type. Custom claims should be extended by typescript generics, like `UserClaims<{ groups: string[]; }>`
|
|
8
|
+
- [#1050](https://github.com/okta/okta-auth-js/pull/1050) Removes `userAgent` field from oktaAuth instance
|
|
9
|
+
- [#1014](https://github.com/okta/okta-auth-js/pull/1014) Shared transaction storage is automatically cleared on success and error states. Storage is not cleared for "terminal" state which is neither success nor error.
|
|
10
|
+
- [#1051](https://github.com/okta/okta-auth-js/pull/1051) Removes `useMultipleCookies` from CookieStorage options
|
|
11
|
+
- [#1059](https://github.com/okta/okta-auth-js/pull/1059)
|
|
12
|
+
- Removes signOut option `clearTokensAfterRedirect`
|
|
13
|
+
- Adds signOut option `clearTokensBeforeRedirect` (default: `false`) to remove local tokens before logout redirect happen
|
|
14
|
+
- [#1057](https://github.com/okta/okta-auth-js/pull/1057) Strict checks are now enabled in the Typescript compiler options. Some type signatures have been changed to match current behavior.
|
|
15
|
+
- [#1062](https://github.com/okta/okta-auth-js/pull/1062)
|
|
16
|
+
- Authn method `introspect` is renamed to `introspectAuthn` (still callable as `tx.introspect`)
|
|
17
|
+
- `IdxFeature` enum is now defined as strings instead of numbers
|
|
18
|
+
|
|
19
|
+
### Features
|
|
20
|
+
|
|
21
|
+
- [#1014](https://github.com/okta/okta-auth-js/pull/1014) Updates IDX API to support email verify and recovery/activation
|
|
22
|
+
- adds new configuration options `recoveryToken` and `activationToken`
|
|
23
|
+
- email verify callback:
|
|
24
|
+
- adds support for passing `otp` to idx pipeline
|
|
25
|
+
- updates samples to display error message with OTP code
|
|
26
|
+
- idx methods support new options:
|
|
27
|
+
- `exchangeCodeForTokens`. If false, `interactionCode` will be returned on the transaction at the end of the flow instead of `tokens`.
|
|
28
|
+
- `autoRemediate`. If false, there will be no attempt to satisfy remediations even if values have been passed.
|
|
29
|
+
- TransactionManager supports new option:
|
|
30
|
+
- `saveLastResponse`. If false, IDX responses will not be cached.
|
|
31
|
+
- [#1062](https://github.com/okta/okta-auth-js/pull/1062)
|
|
32
|
+
- All IDX methods are exported.
|
|
33
|
+
- `useInteractionCodeFlow` defaults to `true` for sample and test apps.
|
|
34
|
+
|
|
35
|
+
## 5.11.0
|
|
36
|
+
|
|
37
|
+
- [#1064](https://github.com/okta/okta-auth-js/pull/1064) Supports skip authenticator in idx authentication flow
|
|
38
|
+
|
|
39
|
+
## 5.10.1
|
|
40
|
+
|
|
41
|
+
### Fixes
|
|
42
|
+
|
|
43
|
+
- [#1054](https://github.com/okta/okta-auth-js/pull/1054) Fixes Typescript build error
|
|
44
|
+
|
|
45
|
+
## 5.10.0
|
|
46
|
+
|
|
47
|
+
### Features
|
|
48
|
+
|
|
49
|
+
- [#1010](https://github.com/okta/okta-auth-js/pull/1010) Supports `clearPendingRemoveTokens` option in `signOut` method. This option can be used to avoid cross tabs sign out issue with Okta's downstream client SDK's `SecureRoute` component
|
|
50
|
+
- [#1035](https://github.com/okta/okta-auth-js/pull/1035) Adds `security question` authenticator support in idx module
|
|
51
|
+
|
|
52
|
+
### Fixes
|
|
53
|
+
|
|
54
|
+
- [#1028](https://github.com/okta/okta-auth-js/pull/1028) Any error caught in `token.renew()` will be emitted and contain `tokenKey` property
|
|
55
|
+
- [#1027](https://github.com/okta/okta-auth-js/pull/1027) Don't reject `isAuthenticated()` because of failed token renewal
|
|
56
|
+
- [#1032](https://github.com/okta/okta-auth-js/pull/1032) Fixes idx recover password flow with identifier first org policy
|
|
57
|
+
- [#1048](https://github.com/okta/okta-auth-js/pull/1048) Points browser field to UMD bundle
|
|
58
|
+
|
|
3
59
|
## 5.9.1
|
|
4
60
|
|
|
5
61
|
### Other
|
package/README.md
CHANGED
|
@@ -37,13 +37,13 @@ This library uses semantic versioning and follows Okta's [library version policy
|
|
|
37
37
|
|
|
38
38
|
## Release Status
|
|
39
39
|
|
|
40
|
-
:heavy_check_mark: The current stable major version series is: `
|
|
40
|
+
:heavy_check_mark: The current stable major version series is: `5.x`
|
|
41
41
|
|
|
42
42
|
| Version | Status |
|
|
43
43
|
| ------- | -------------------------------- |
|
|
44
44
|
| `5.x` | :heavy_check_mark: Stable |
|
|
45
45
|
| `4.x` | :warning: Retiring on 2022-01-30 |
|
|
46
|
-
| `3.x` | :
|
|
46
|
+
| `3.x` | :x: Retired |
|
|
47
47
|
| `2.x` | :x: Retired |
|
|
48
48
|
| `1.x` | :x: Retired |
|
|
49
49
|
| `0.x` | :x: Retired |
|
|
@@ -573,7 +573,6 @@ var config = {
|
|
|
573
573
|
'sessionStorage',
|
|
574
574
|
'cookie'
|
|
575
575
|
],
|
|
576
|
-
useMultipleCookies: true // puts each token in its own cookie
|
|
577
576
|
},
|
|
578
577
|
cache: {
|
|
579
578
|
storageTypes: [
|
|
@@ -801,6 +800,10 @@ Defaults to `true`, unless the application origin is `http://localhost`, in whic
|
|
|
801
800
|
|
|
802
801
|
Defaults to `none` if the `secure` option is `true`, or `lax` if the `secure` option is false. Allows fine-grained control over the same-site cookie setting. A value of `none` allows embedding within an iframe. A value of `lax` will avoid being blocked by user "3rd party" cookie settings. A value of `strict` will block all cookies when redirecting from Okta and is not recommended.
|
|
803
802
|
|
|
803
|
+
#### `clearPendingRemoveTokens`
|
|
804
|
+
|
|
805
|
+
Defaults to `true`, set this option to false if you want to opt-out of the default clearing pendingRemove tokens behaviour when `tokenManager.start()` is called.
|
|
806
|
+
|
|
804
807
|
## API Reference
|
|
805
808
|
<!-- no toc -->
|
|
806
809
|
* [start](#start)
|
|
@@ -911,6 +914,7 @@ if (authClient.isLoginRedirect()) {
|
|
|
911
914
|
### `signOut()`
|
|
912
915
|
|
|
913
916
|
> :hourglass: async
|
|
917
|
+
> :link: web browser only
|
|
914
918
|
|
|
915
919
|
Signs the user out of their current [Okta session](https://developer.okta.com/docs/api/resources/sessions) and clears all tokens stored locally in the `TokenManager`. By default, the refresh token (if any) and access token are revoked so they can no longer be used. Some points to consider:
|
|
916
920
|
|
|
@@ -924,6 +928,7 @@ Signs the user out of their current [Okta session](https://developer.okta.com/do
|
|
|
924
928
|
* `postLogoutRedirectUri` - Setting a value will override the `postLogoutRedirectUri` configured on the SDK.
|
|
925
929
|
* `state` - An optional value, used along with `postLogoutRedirectUri`. If set, this value will be returned as a query parameter during the redirect to the `postLogoutRedirectUri`
|
|
926
930
|
* `idToken` - Specifies the ID token object. By default, `signOut` will look for a token object named `idToken` within the `TokenManager`. If you have stored the id token object in a different location, you should retrieve it first and then pass it here.
|
|
931
|
+
* `clearTokensBeforeRedirect` - If `true` (default: `false`) local tokens will be removed before the logout redirect happens. Otherwise a flag (`pendingRemove`) will be added to each local token instead of clearing them immediately. Calling `oktaAuth.start()` after logout redirect will clear local tokens if flags are found. **Use this option with care**: removing local tokens before fully terminating the Okta SSO session can result in logging back in again when using [`@okta/okta-react`](https://www.npmjs.com/package/@okta/okta-react)'s [`SecureRoute`](https://github.com/okta/okta-react#secureroute) component.
|
|
927
932
|
* `revokeAccessToken` - If `false` (default: `true`) the access token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application.
|
|
928
933
|
* `revokeRefreshToken` - If `false` (default: `true`) the refresh token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application. Revoking a refresh token will revoke any access tokens minted by it, even if `revokeAccessToken` is `false`.
|
|
929
934
|
* `accessToken` - Specifies the access token object. By default, `signOut` will look for a token object named `accessToken` within the `TokenManager`. If you have stored the access token object in a different location, you should retrieve it first and then pass it here. This options is ignored if the `revokeAccessToken` option is `false`.
|
|
@@ -1590,6 +1595,10 @@ Remove all tokens from the `tokenManager`.
|
|
|
1590
1595
|
authClient.tokenManager.clear();
|
|
1591
1596
|
```
|
|
1592
1597
|
|
|
1598
|
+
#### `tokenManager.clearPendingRemoveTokens()`
|
|
1599
|
+
|
|
1600
|
+
Remove all tokens with `pendingRemove` flags. This method is called within `tokenManager.start()` by default, you can opt-out of the default behaviour by setting `tokenManager.clearPendingRemoveTokens` option to `false`.
|
|
1601
|
+
|
|
1593
1602
|
#### `tokenManager.renew(key)`
|
|
1594
1603
|
|
|
1595
1604
|
> :hourglass: async
|
|
@@ -1828,6 +1837,10 @@ We have implemented a small SPA app, located at `./test/app/` which is used inte
|
|
|
1828
1837
|
|
|
1829
1838
|
The [CHANGELOG](CHANGELOG.md) contains details for all changes and links to the original PR.
|
|
1830
1839
|
|
|
1840
|
+
### From 5.x to 6.x
|
|
1841
|
+
|
|
1842
|
+
* All async [IDX API](docs/idx.md) methods will either resolve with an IDX transaction object or throw an exception. In the previous version some exceptions were caught and returned as the `error` property on an IDX transaction object.
|
|
1843
|
+
|
|
1831
1844
|
### From 4.x to 5.x
|
|
1832
1845
|
|
|
1833
1846
|
* Token auto renew requires [running OktaAuth as a service](#running-as-a-service). To start the service, call [start()](#start). `start` will also call [updateAuthState](#authstatemanagerupdateauthstate) to set an initial [AuthState](#authstatemanager)
|
package/cjs/AuthStateManager.js
CHANGED
|
@@ -49,7 +49,8 @@ class AuthStateManager {
|
|
|
49
49
|
this._pending = { ...DEFAULT_PENDING
|
|
50
50
|
};
|
|
51
51
|
this._authState = INITIAL_AUTH_STATE;
|
|
52
|
-
this._logOptions = {};
|
|
52
|
+
this._logOptions = {};
|
|
53
|
+
this._prevAuthState = null; // Listen on tokenManager events to start updateState process
|
|
53
54
|
// "added" event is emitted in both add and renew process
|
|
54
55
|
// Only listen on "added" event to update auth state
|
|
55
56
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../lib/AuthStateManager.ts"],"names":["PCancelable","require","INITIAL_AUTH_STATE","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","JSON","stringify","idToken","accessToken","error","AuthStateManager","constructor","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","getPreviousAuthState","_prevAuthState","transformAuthState","devMode","log","status","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","then","curPromise","cancel","cancelablePromise","resolve","_","onCancel","shouldReject","emitAndResolve","isCanceled","refreshToken","getTokensSync","promise","Promise","catch","subscribe","handler","unsubscribe","off"],"mappings":";;;;AAaA;;AAGA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,MAAMA,WAAW,GAAGC,OAAO,CAAC,cAAD,CAA3B;;AAEO,MAAMC,kBAAkB,GAAG,IAA3B;;AACP,MAAMC,eAAe,GAAG;AACtBC,EAAAA,sBAAsB,EAAE,IADF;AAEtBC,EAAAA,aAAa,EAAE;AAFO,CAAxB;AAIA,MAAMC,uBAAuB,GAAG,iBAAhC;AACA,MAAMC,wBAAwB,GAAG,EAAjC,C,CAEA;;AACA,MAAMC,eAAe,GAAG,CAACC,SAAD,EAAuBC,KAAvB,KAA4C;AAClE;AACA,MAAI,CAACD,SAAL,EAAgB;AACd,WAAO,KAAP;AACD;;AAED,SAAOA,SAAS,CAACE,eAAV,KAA8BD,KAAK,CAACC,eAApC,IACFC,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACK,OAAzB,MAAsCF,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACI,OAArB,CADpC,IAEFF,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACM,WAAzB,MAA0CH,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACK,WAArB,CAFxC,IAGFN,SAAS,CAACO,KAAV,KAAoBN,KAAK,CAACM,KAH/B;AAID,CAVD;;AAYO,MAAMC,gBAAN,CAAuB;AAW5BC,EAAAA,WAAW,CAACC,GAAD,EAAgB;AACzB,QAAI,CAACA,GAAG,CAACC,OAAT,EAAkB;AAChB,YAAM,IAAIC,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AAED,SAAKC,IAAL,GAAYH,GAAZ;AACA,SAAKI,QAAL,GAAgB,EAAE,GAAGpB;AAAL,KAAhB;AACA,SAAKqB,UAAL,GAAkBtB,kBAAlB;AACA,SAAKuB,WAAL,GAAmB,EAAnB,CARyB,CAUzB;AACA;AACA;;AACAN,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBC,yBAApB,EAAiC,CAACC,GAAD,EAAMC,KAAN,KAAgB;AAC/C,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEJ,yBAAT;AAAsBC,QAAAA,GAAtB;AAA2BC,QAAAA;AAA3B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAIAd,IAAAA,GAAG,CAACO,YAAJ,CAAiBC,EAAjB,CAAoBO,2BAApB,EAAmC,CAACL,GAAD,EAAMC,KAAN,KAAgB;AACjD,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEE,2BAAT;AAAwBL,QAAAA,GAAxB;AAA6BC,QAAAA;AAA7B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAID;;AAEDF,EAAAA,cAAc,CAACI,OAAD,EAAU;AACtB,SAAKV,WAAL,GAAmBU,OAAnB;AACD;;AAEDC,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKZ,UAAZ;AACD;;AAEDa,EAAAA,oBAAoB,GAAqB;AACvC,WAAO,KAAKC,cAAZ;AACD;;AAEoB,QAAfL,eAAe,GAAuB;AAC1C,UAAM;AAAEM,MAAAA,kBAAF;AAAsBC,MAAAA;AAAtB,QAAkC,KAAKlB,IAAL,CAAUa,OAAlD;;AAEA,UAAMM,GAAG,GAAIC,MAAD,IAAY;AACtB,YAAM;AAAEV,QAAAA,KAAF;AAASH,QAAAA,GAAT;AAAcC,QAAAA;AAAd,UAAwB,KAAKL,WAAnC;AACA,8BAAakB,KAAb,CAAoB,uCAAsCX,KAAM,WAAUU,MAAO,EAAjF;AACA,8BAAaD,GAAb,CAAiBZ,GAAjB,EAAsBC,KAAtB;AACA,8BAAaW,GAAb,CAAiB,mBAAjB,EAAsC,KAAKjB,UAA3C;AACA,8BAAaoB,QAAb,GALsB,CAOtB;;AACA,WAAKnB,WAAL,GAAmB,EAAnB;AACD,KATD;;AAWA,UAAMoB,mBAAmB,GAAIC,SAAD,IAAe;AACzC,UAAItC,eAAe,CAAC,KAAKgB,UAAN,EAAkBsB,SAAlB,CAAnB,EAAiD;AAC/CN,QAAAA,OAAO,IAAIC,GAAG,CAAC,WAAD,CAAd;AACA;AACD;;AACD,WAAKH,cAAL,GAAsB,KAAKd,UAA3B;AACA,WAAKA,UAAL,GAAkBsB,SAAlB,CANyC,CAOzC;;AACA,WAAKxB,IAAL,CAAUF,OAAV,CAAkB2B,IAAlB,CAAuBzC,uBAAvB,EAAgD,EAAE,GAAGwC;AAAL,OAAhD;;AACAN,MAAAA,OAAO,IAAIC,GAAG,CAAC,SAAD,CAAd;AACD,KAVD;;AAYA,UAAMO,YAAY,GAAIC,WAAD,IAAiB;AACpC,aAAO,KAAK1B,QAAL,CAAcnB,sBAAd,CAAqC8C,IAArC,CAA0C,MAAM;AACrD,cAAMC,UAAU,GAAG,KAAK5B,QAAL,CAAcnB,sBAAjC;;AACA,YAAI+C,UAAU,IAAIA,UAAU,KAAKF,WAAjC,EAA8C;AAC5C,iBAAOD,YAAY,CAACG,UAAD,CAAnB;AACD;;AACD,eAAO,KAAKf,YAAL,EAAP;AACD,OANM,CAAP;AAOD,KARD;;AAUA,QAAI,KAAKb,QAAL,CAAcnB,sBAAlB,EAA0C;AACxC,UAAI,KAAKmB,QAAL,CAAclB,aAAd,IAA+BE,wBAAnC,EAA6D;AAC3D;AACA;AACAiC,QAAAA,OAAO,IAAIC,GAAG,CAAC,YAAD,CAAd;AACA,eAAOO,YAAY,CAAC,KAAKzB,QAAL,CAAcnB,sBAAf,CAAnB;AACD,OALD,MAKO;AACL,aAAKmB,QAAL,CAAcnB,sBAAd,CAAqCgD,MAArC;AACD;AACF;AAED;;;AACA,UAAMC,iBAAiB,GAAG,IAAIrD,WAAJ,CAAgB,CAACsD,OAAD,EAAUC,CAAV,EAAaC,QAAb,KAA0B;AAClEA,MAAAA,QAAQ,CAACC,YAAT,GAAwB,KAAxB;AACAD,MAAAA,QAAQ,CAAC,MAAM;AACb,aAAKjC,QAAL,CAAcnB,sBAAd,GAAuC,IAAvC;AACA,aAAKmB,QAAL,CAAclB,aAAd,GAA8B,KAAKkB,QAAL,CAAclB,aAAd,GAA8B,CAA5D;AACAmC,QAAAA,OAAO,IAAIC,GAAG,CAAC,UAAD,CAAd;AACD,OAJO,CAAR;;AAMA,YAAMiB,cAAc,GAAIZ,SAAD,IAAe;AACpC,YAAIO,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD,SAJmC,CAKpC;;;AACAT,QAAAA,mBAAmB,CAACC,SAAD,CAAnB;AACAQ,QAAAA,OAAO,GAP6B,CASpC;;AACA,aAAK/B,QAAL,GAAgB,EAAE,GAAGpB;AAAL,SAAhB;AACD,OAXD;;AAaA,WAAKmB,IAAL,CAAUX,eAAV,GACGuC,IADH,CACQ,MAAM;AACV,YAAIG,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD;;AAED,cAAM;AAAEvC,UAAAA,WAAF;AAAeD,UAAAA,OAAf;AAAwB8C,UAAAA;AAAxB,YAAyC,KAAKtC,IAAL,CAAUI,YAAV,CAAuBmC,aAAvB,EAA/C;;AACA,cAAMf,SAAS,GAAG;AAChB/B,UAAAA,WADgB;AAEhBD,UAAAA,OAFgB;AAGhB8C,UAAAA,YAHgB;AAIhBjD,UAAAA,eAAe,EAAE,CAAC,EAAEI,WAAW,IAAID,OAAjB;AAJF,SAAlB;AAMA,cAAMgD,OAA2B,GAAGvB,kBAAkB,GAClDA,kBAAkB,CAAC,KAAKjB,IAAN,EAAYwB,SAAZ,CADgC,GAElDiB,OAAO,CAACT,OAAR,CAAgBR,SAAhB,CAFJ;AAIAgB,QAAAA,OAAO,CACJZ,IADH,CACQJ,SAAS,IAAIY,cAAc,CAACZ,SAAD,CADnC,EAEGkB,KAFH,CAEShD,KAAK,IAAI0C,cAAc,CAAC;AAC7B3C,UAAAA,WAD6B;AAE7BD,UAAAA,OAF6B;AAG7B8C,UAAAA,YAH6B;AAI7BjD,UAAAA,eAAe,EAAE,KAJY;AAK7BK,UAAAA;AAL6B,SAAD,CAFhC;AASD,OA3BH;AA4BD,KAjDyB,CAA1B;AAkDA;;AACA,SAAKO,QAAL,CAAcnB,sBAAd,GAAuCiD,iBAAvC;AAEA,WAAOL,YAAY,CAACK,iBAAD,CAAnB;AACD;;AAEDY,EAAAA,SAAS,CAACC,OAAD,EAAgB;AACvB,SAAK5C,IAAL,CAAUF,OAAV,CAAkBO,EAAlB,CAAqBrB,uBAArB,EAA8C4D,OAA9C;AACD;;AAEDC,EAAAA,WAAW,CAACD,OAAD,EAAiB;AAC1B,SAAK5C,IAAL,CAAUF,OAAV,CAAkBgD,GAAlB,CAAsB9D,uBAAtB,EAA+C4D,OAA/C;AACD;;AA5J2B","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { AuthState, AuthStateLogOptions } from './types';\nimport { OktaAuth } from '.';\nimport { getConsole } from './util';\nimport { EVENT_ADDED, EVENT_REMOVED } from './TokenManager';\nconst PCancelable = require('p-cancelable');\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\nexport class AuthStateManager {\n _sdk: OktaAuth;\n _pending: { \n updateAuthStatePromise: typeof PCancelable;\n canceledTimes: number; \n };\n _authState: AuthState | null;\n _prevAuthState: AuthState | null;\n _logOptions: AuthStateLogOptions;\n _lastEventTimestamp: number;\n\n constructor(sdk: OktaAuth) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n\n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState | null {\n return this._authState;\n }\n\n getPreviousAuthState(): AuthState | null {\n return this._prevAuthState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._prevAuthState = this._authState;\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n /* eslint-disable complexity */\n const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n onCancel.shouldReject = false;\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve();\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then(() => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated: !!(accessToken && idToken)\n };\n const promise: Promise<AuthState> = transformAuthState\n ? transformAuthState(this._sdk, authState)\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n /* eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n"],"file":"AuthStateManager.js"}
|
|
1
|
+
{"version":3,"sources":["../../lib/AuthStateManager.ts"],"names":["PCancelable","require","INITIAL_AUTH_STATE","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","MAX_PROMISE_CANCEL_TIMES","isSameAuthState","prevState","state","isAuthenticated","JSON","stringify","idToken","accessToken","error","AuthStateManager","constructor","sdk","emitter","AuthSdkError","_sdk","_pending","_authState","_logOptions","_prevAuthState","tokenManager","on","EVENT_ADDED","key","token","_setLogOptions","event","updateAuthState","EVENT_REMOVED","options","getAuthState","getPreviousAuthState","transformAuthState","devMode","log","status","group","groupEnd","emitAuthStateChange","authState","emit","finalPromise","origPromise","then","curPromise","cancel","cancelablePromise","resolve","_","onCancel","shouldReject","emitAndResolve","isCanceled","refreshToken","getTokensSync","promise","Promise","catch","subscribe","handler","unsubscribe","off"],"mappings":";;;;AAaA;;AAGA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,MAAMA,WAAW,GAAGC,OAAO,CAAC,cAAD,CAA3B;;AAEO,MAAMC,kBAAkB,GAAG,IAA3B;;AACP,MAAMC,eAAe,GAAG;AACtBC,EAAAA,sBAAsB,EAAE,IADF;AAEtBC,EAAAA,aAAa,EAAE;AAFO,CAAxB;AAIA,MAAMC,uBAAuB,GAAG,iBAAhC;AACA,MAAMC,wBAAwB,GAAG,EAAjC,C,CAEA;;AACA,MAAMC,eAAe,GAAG,CAACC,SAAD,EAA8BC,KAA9B,KAAmD;AACzE;AACA,MAAI,CAACD,SAAL,EAAgB;AACd,WAAO,KAAP;AACD;;AAED,SAAOA,SAAS,CAACE,eAAV,KAA8BD,KAAK,CAACC,eAApC,IACFC,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACK,OAAzB,MAAsCF,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACI,OAArB,CADpC,IAEFF,IAAI,CAACC,SAAL,CAAeJ,SAAS,CAACM,WAAzB,MAA0CH,IAAI,CAACC,SAAL,CAAeH,KAAK,CAACK,WAArB,CAFxC,IAGFN,SAAS,CAACO,KAAV,KAAoBN,KAAK,CAACM,KAH/B;AAID,CAVD;;AAYO,MAAMC,gBAAN,CAAuB;AAU5BC,EAAAA,WAAW,CAACC,GAAD,EAAgB;AACzB,QAAI,CAACA,GAAG,CAACC,OAAT,EAAkB;AAChB,YAAM,IAAIC,oBAAJ,CAAiB,uDAAjB,CAAN;AACD;;AAED,SAAKC,IAAL,GAAYH,GAAZ;AACA,SAAKI,QAAL,GAAgB,EAAE,GAAGpB;AAAL,KAAhB;AACA,SAAKqB,UAAL,GAAkBtB,kBAAlB;AACA,SAAKuB,WAAL,GAAmB,EAAnB;AACA,SAAKC,cAAL,GAAsB,IAAtB,CATyB,CAWzB;AACA;AACA;;AACAP,IAAAA,GAAG,CAACQ,YAAJ,CAAiBC,EAAjB,CAAoBC,yBAApB,EAAiC,CAACC,GAAD,EAAMC,KAAN,KAAgB;AAC/C,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEJ,yBAAT;AAAsBC,QAAAA,GAAtB;AAA2BC,QAAAA;AAA3B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAIAf,IAAAA,GAAG,CAACQ,YAAJ,CAAiBC,EAAjB,CAAoBO,2BAApB,EAAmC,CAACL,GAAD,EAAMC,KAAN,KAAgB;AACjD,WAAKC,cAAL,CAAoB;AAAEC,QAAAA,KAAK,EAAEE,2BAAT;AAAwBL,QAAAA,GAAxB;AAA6BC,QAAAA;AAA7B,OAApB;;AACA,WAAKG,eAAL;AACD,KAHD;AAID;;AAEDF,EAAAA,cAAc,CAACI,OAAD,EAAU;AACtB,SAAKX,WAAL,GAAmBW,OAAnB;AACD;;AAEDC,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKb,UAAZ;AACD;;AAEDc,EAAAA,oBAAoB,GAAqB;AACvC,WAAO,KAAKZ,cAAZ;AACD;;AAEoB,QAAfQ,eAAe,GAAuB;AAC1C,UAAM;AAAEK,MAAAA,kBAAF;AAAsBC,MAAAA;AAAtB,QAAkC,KAAKlB,IAAL,CAAUc,OAAlD;;AAEA,UAAMK,GAAG,GAAIC,MAAD,IAAY;AACtB,YAAM;AAAET,QAAAA,KAAF;AAASH,QAAAA,GAAT;AAAcC,QAAAA;AAAd,UAAwB,KAAKN,WAAnC;AACA,8BAAakB,KAAb,CAAoB,uCAAsCV,KAAM,WAAUS,MAAO,EAAjF;AACA,8BAAaD,GAAb,CAAiBX,GAAjB,EAAsBC,KAAtB;AACA,8BAAaU,GAAb,CAAiB,mBAAjB,EAAsC,KAAKjB,UAA3C;AACA,8BAAaoB,QAAb,GALsB,CAOtB;;AACA,WAAKnB,WAAL,GAAmB,EAAnB;AACD,KATD;;AAWA,UAAMoB,mBAAmB,GAAIC,SAAD,IAAe;AACzC,UAAItC,eAAe,CAAC,KAAKgB,UAAN,EAAkBsB,SAAlB,CAAnB,EAAiD;AAC/CN,QAAAA,OAAO,IAAIC,GAAG,CAAC,WAAD,CAAd;AACA;AACD;;AACD,WAAKf,cAAL,GAAsB,KAAKF,UAA3B;AACA,WAAKA,UAAL,GAAkBsB,SAAlB,CANyC,CAOzC;;AACA,WAAKxB,IAAL,CAAUF,OAAV,CAAkB2B,IAAlB,CAAuBzC,uBAAvB,EAAgD,EAAE,GAAGwC;AAAL,OAAhD;;AACAN,MAAAA,OAAO,IAAIC,GAAG,CAAC,SAAD,CAAd;AACD,KAVD;;AAYA,UAAMO,YAAY,GAAIC,WAAD,IAAiB;AACpC,aAAO,KAAK1B,QAAL,CAAcnB,sBAAd,CAAqC8C,IAArC,CAA0C,MAAM;AACrD,cAAMC,UAAU,GAAG,KAAK5B,QAAL,CAAcnB,sBAAjC;;AACA,YAAI+C,UAAU,IAAIA,UAAU,KAAKF,WAAjC,EAA8C;AAC5C,iBAAOD,YAAY,CAACG,UAAD,CAAnB;AACD;;AACD,eAAO,KAAKd,YAAL,EAAP;AACD,OANM,CAAP;AAOD,KARD;;AAUA,QAAI,KAAKd,QAAL,CAAcnB,sBAAlB,EAA0C;AACxC,UAAI,KAAKmB,QAAL,CAAclB,aAAd,IAA+BE,wBAAnC,EAA6D;AAC3D;AACA;AACAiC,QAAAA,OAAO,IAAIC,GAAG,CAAC,YAAD,CAAd;AACA,eAAOO,YAAY,CAAC,KAAKzB,QAAL,CAAcnB,sBAAf,CAAnB;AACD,OALD,MAKO;AACL,aAAKmB,QAAL,CAAcnB,sBAAd,CAAqCgD,MAArC;AACD;AACF;AAED;;;AACA,UAAMC,iBAAiB,GAAG,IAAIrD,WAAJ,CAAgB,CAACsD,OAAD,EAAUC,CAAV,EAAaC,QAAb,KAA0B;AAClEA,MAAAA,QAAQ,CAACC,YAAT,GAAwB,KAAxB;AACAD,MAAAA,QAAQ,CAAC,MAAM;AACb,aAAKjC,QAAL,CAAcnB,sBAAd,GAAuC,IAAvC;AACA,aAAKmB,QAAL,CAAclB,aAAd,GAA8B,KAAKkB,QAAL,CAAclB,aAAd,GAA8B,CAA5D;AACAmC,QAAAA,OAAO,IAAIC,GAAG,CAAC,UAAD,CAAd;AACD,OAJO,CAAR;;AAMA,YAAMiB,cAAc,GAAIZ,SAAD,IAAe;AACpC,YAAIO,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD,SAJmC,CAKpC;;;AACAT,QAAAA,mBAAmB,CAACC,SAAD,CAAnB;AACAQ,QAAAA,OAAO,GAP6B,CASpC;;AACA,aAAK/B,QAAL,GAAgB,EAAE,GAAGpB;AAAL,SAAhB;AACD,OAXD;;AAaA,WAAKmB,IAAL,CAAUX,eAAV,GACGuC,IADH,CACQ,MAAM;AACV,YAAIG,iBAAiB,CAACM,UAAtB,EAAkC;AAChCL,UAAAA,OAAO;AACP;AACD;;AAED,cAAM;AAAEvC,UAAAA,WAAF;AAAeD,UAAAA,OAAf;AAAwB8C,UAAAA;AAAxB,YAAyC,KAAKtC,IAAL,CAAUK,YAAV,CAAuBkC,aAAvB,EAA/C;;AACA,cAAMf,SAAS,GAAG;AAChB/B,UAAAA,WADgB;AAEhBD,UAAAA,OAFgB;AAGhB8C,UAAAA,YAHgB;AAIhBjD,UAAAA,eAAe,EAAE,CAAC,EAAEI,WAAW,IAAID,OAAjB;AAJF,SAAlB;AAMA,cAAMgD,OAA2B,GAAGvB,kBAAkB,GAClDA,kBAAkB,CAAC,KAAKjB,IAAN,EAAYwB,SAAZ,CADgC,GAElDiB,OAAO,CAACT,OAAR,CAAgBR,SAAhB,CAFJ;AAIAgB,QAAAA,OAAO,CACJZ,IADH,CACQJ,SAAS,IAAIY,cAAc,CAACZ,SAAD,CADnC,EAEGkB,KAFH,CAEShD,KAAK,IAAI0C,cAAc,CAAC;AAC7B3C,UAAAA,WAD6B;AAE7BD,UAAAA,OAF6B;AAG7B8C,UAAAA,YAH6B;AAI7BjD,UAAAA,eAAe,EAAE,KAJY;AAK7BK,UAAAA;AAL6B,SAAD,CAFhC;AASD,OA3BH;AA4BD,KAjDyB,CAA1B;AAkDA;;AACA,SAAKO,QAAL,CAAcnB,sBAAd,GAAuCiD,iBAAvC;AAEA,WAAOL,YAAY,CAACK,iBAAD,CAAnB;AACD;;AAEDY,EAAAA,SAAS,CAACC,OAAD,EAAgB;AACvB,SAAK5C,IAAL,CAAUF,OAAV,CAAkBQ,EAAlB,CAAqBtB,uBAArB,EAA8C4D,OAA9C;AACD;;AAEDC,EAAAA,WAAW,CAACD,OAAD,EAAiB;AAC1B,SAAK5C,IAAL,CAAUF,OAAV,CAAkBgD,GAAlB,CAAsB9D,uBAAtB,EAA+C4D,OAA/C;AACD;;AA5J2B","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from './errors';\nimport { AuthState, AuthStateLogOptions } from './types';\nimport { OktaAuth } from '.';\nimport { getConsole } from './util';\nimport { EVENT_ADDED, EVENT_REMOVED } from './TokenManager';\nconst PCancelable = require('p-cancelable');\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n updateAuthStatePromise: null,\n canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState | null, state: AuthState) => {\n // initial state is null\n if (!prevState) {\n return false;\n }\n\n return prevState.isAuthenticated === state.isAuthenticated \n && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n && prevState.error === state.error;\n};\n\nexport class AuthStateManager {\n _sdk: OktaAuth;\n _pending: { \n updateAuthStatePromise: typeof PCancelable;\n canceledTimes: number; \n };\n _authState: AuthState | null;\n _prevAuthState: AuthState | null;\n _logOptions: AuthStateLogOptions;\n\n constructor(sdk: OktaAuth) {\n if (!sdk.emitter) {\n throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n }\n\n this._sdk = sdk;\n this._pending = { ...DEFAULT_PENDING };\n this._authState = INITIAL_AUTH_STATE;\n this._logOptions = {};\n this._prevAuthState = null;\n \n // Listen on tokenManager events to start updateState process\n // \"added\" event is emitted in both add and renew process\n // Only listen on \"added\" event to update auth state\n sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n this._setLogOptions({ event: EVENT_ADDED, key, token });\n this.updateAuthState();\n });\n sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n this._setLogOptions({ event: EVENT_REMOVED, key, token });\n this.updateAuthState();\n });\n }\n\n _setLogOptions(options) {\n this._logOptions = options;\n }\n\n getAuthState(): AuthState | null {\n return this._authState;\n }\n\n getPreviousAuthState(): AuthState | null {\n return this._prevAuthState;\n }\n\n async updateAuthState(): Promise<AuthState> {\n const { transformAuthState, devMode } = this._sdk.options;\n\n const log = (status) => {\n const { event, key, token } = this._logOptions;\n getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n getConsole().log(key, token);\n getConsole().log('Current authState', this._authState);\n getConsole().groupEnd();\n \n // clear log options after logging\n this._logOptions = {};\n };\n\n const emitAuthStateChange = (authState) => {\n if (isSameAuthState(this._authState, authState)) {\n devMode && log('unchanged'); \n return;\n }\n this._prevAuthState = this._authState;\n this._authState = authState;\n // emit new authState object\n this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n devMode && log('emitted');\n };\n\n const finalPromise = (origPromise) => { \n return this._pending.updateAuthStatePromise.then(() => {\n const curPromise = this._pending.updateAuthStatePromise;\n if (curPromise && curPromise !== origPromise) {\n return finalPromise(curPromise);\n }\n return this.getAuthState();\n });\n };\n\n if (this._pending.updateAuthStatePromise) {\n if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n // stop canceling then starting a new promise\n // let existing promise finish to prevent running into loops\n devMode && log('terminated');\n return finalPromise(this._pending.updateAuthStatePromise);\n } else {\n this._pending.updateAuthStatePromise.cancel();\n }\n }\n\n /* eslint-disable complexity */\n const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n onCancel.shouldReject = false;\n onCancel(() => {\n this._pending.updateAuthStatePromise = null;\n this._pending.canceledTimes = this._pending.canceledTimes + 1;\n devMode && log('canceled');\n });\n\n const emitAndResolve = (authState) => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n // emit event and resolve promise \n emitAuthStateChange(authState);\n resolve();\n\n // clear pending states after resolve\n this._pending = { ...DEFAULT_PENDING };\n };\n\n this._sdk.isAuthenticated()\n .then(() => {\n if (cancelablePromise.isCanceled) {\n resolve();\n return;\n }\n\n const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n const authState = {\n accessToken,\n idToken,\n refreshToken,\n isAuthenticated: !!(accessToken && idToken)\n };\n const promise: Promise<AuthState> = transformAuthState\n ? transformAuthState(this._sdk, authState)\n : Promise.resolve(authState);\n\n promise\n .then(authState => emitAndResolve(authState))\n .catch(error => emitAndResolve({\n accessToken, \n idToken, \n refreshToken,\n isAuthenticated: false, \n error\n }));\n });\n });\n /* eslint-enable complexity */\n this._pending.updateAuthStatePromise = cancelablePromise;\n\n return finalPromise(cancelablePromise);\n }\n\n subscribe(handler): void {\n this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n }\n\n unsubscribe(handler?): void {\n this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n }\n}\n"],"file":"AuthStateManager.js"}
|
package/cjs/OktaAuth.js
CHANGED
|
@@ -20,8 +20,6 @@ var _browserStorage = _interopRequireDefault(require("./browser/browserStorage")
|
|
|
20
20
|
|
|
21
21
|
var _util = require("./util");
|
|
22
22
|
|
|
23
|
-
var _builderUtil = require("./builderUtil");
|
|
24
|
-
|
|
25
23
|
var _TokenManager = require("./TokenManager");
|
|
26
24
|
|
|
27
25
|
var _http = require("./http");
|
|
@@ -46,6 +44,8 @@ var _OktaUserAgent = require("./OktaUserAgent");
|
|
|
46
44
|
|
|
47
45
|
var _parseFromUrl = require("./oidc/parseFromUrl");
|
|
48
46
|
|
|
47
|
+
var _transactionMeta = require("./idx/transactionMeta");
|
|
48
|
+
|
|
49
49
|
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
50
50
|
|
|
51
51
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
@@ -66,17 +66,13 @@ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj &&
|
|
|
66
66
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
67
67
|
*/
|
|
68
68
|
|
|
69
|
-
/*
|
|
70
|
-
|
|
71
|
-
/* global window, SDK_VERSION */
|
|
69
|
+
/* global window */
|
|
72
70
|
const Emitter = require('tiny-emitter');
|
|
73
71
|
|
|
74
72
|
class OktaAuth {
|
|
75
|
-
// keep this field to compatible with released downstream SDK versions
|
|
76
|
-
// TODO: remove in version 6
|
|
77
|
-
// JIRA: https://oktainc.atlassian.net/browse/OKTA-419417
|
|
78
73
|
constructor(args) {
|
|
79
|
-
const options = this.options = (0, _options.buildOptions)(args);
|
|
74
|
+
const options = this.options = (0, _options.buildOptions)(args); // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
75
|
+
|
|
80
76
|
this.storageManager = new _StorageManager.default(options.storageManager, options.cookies, options.storageUtil);
|
|
81
77
|
this.transactionManager = new _TransactionManager.default(Object.assign({
|
|
82
78
|
storageManager: this.storageManager
|
|
@@ -87,11 +83,12 @@ class OktaAuth {
|
|
|
87
83
|
resume: _tx.resumeTransaction.bind(null, this),
|
|
88
84
|
exists: Object.assign(_tx.transactionExists.bind(null, this), {
|
|
89
85
|
_get: name => {
|
|
86
|
+
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
90
87
|
const storage = options.storageUtil.storage;
|
|
91
88
|
return storage.get(name);
|
|
92
89
|
}
|
|
93
90
|
}),
|
|
94
|
-
introspect: _tx.
|
|
91
|
+
introspect: _tx.introspectAuthn.bind(null, this)
|
|
95
92
|
};
|
|
96
93
|
this.pkce = {
|
|
97
94
|
DEFAULT_CODE_CHALLENGE_METHOD: _pkce.default.DEFAULT_CODE_CHALLENGE_METHOD,
|
|
@@ -112,9 +109,6 @@ class OktaAuth {
|
|
|
112
109
|
redirectUri: (0, _util.toAbsoluteUrl)(args.redirectUri, window.location.origin) // allow relative URIs
|
|
113
110
|
|
|
114
111
|
});
|
|
115
|
-
this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js/${"5.9.1"}`);
|
|
116
|
-
} else {
|
|
117
|
-
this.userAgent = (0, _builderUtil.getUserAgent)(args, `okta-auth-js-server/${"5.9.1"}`);
|
|
118
112
|
} // Digital clocks will drift over time, so the server
|
|
119
113
|
// can misalign with the time reported by the browser.
|
|
120
114
|
// The maxClockSkew allows relaxing the time-based
|
|
@@ -142,13 +136,42 @@ class OktaAuth {
|
|
|
142
136
|
setCookieAndRedirect: _session.setCookieAndRedirect.bind(null, this)
|
|
143
137
|
};
|
|
144
138
|
this._tokenQueue = new _PromiseQueue.default();
|
|
139
|
+
|
|
140
|
+
const useQueue = method => {
|
|
141
|
+
return _PromiseQueue.default.prototype.push.bind(this._tokenQueue, method, null);
|
|
142
|
+
}; // eslint-disable-next-line max-len
|
|
143
|
+
|
|
144
|
+
|
|
145
|
+
const getWithRedirectFn = useQueue(_oidc.getWithRedirect.bind(null, this));
|
|
146
|
+
const getWithRedirectApi = Object.assign(getWithRedirectFn, {
|
|
147
|
+
// This is exposed so we can set window.location in our tests
|
|
148
|
+
_setLocation: function (url) {
|
|
149
|
+
window.location = url;
|
|
150
|
+
}
|
|
151
|
+
}); // eslint-disable-next-line max-len
|
|
152
|
+
|
|
153
|
+
const parseFromUrlFn = useQueue(_oidc.parseFromUrl.bind(null, this));
|
|
154
|
+
const parseFromUrlApi = Object.assign(parseFromUrlFn, {
|
|
155
|
+
// This is exposed so we can mock getting window.history in our tests
|
|
156
|
+
_getHistory: function () {
|
|
157
|
+
return window.history;
|
|
158
|
+
},
|
|
159
|
+
// This is exposed so we can mock getting window.location in our tests
|
|
160
|
+
_getLocation: function () {
|
|
161
|
+
return window.location;
|
|
162
|
+
},
|
|
163
|
+
// This is exposed so we can mock getting window.document in our tests
|
|
164
|
+
_getDocument: function () {
|
|
165
|
+
return window.document;
|
|
166
|
+
}
|
|
167
|
+
});
|
|
145
168
|
this.token = {
|
|
146
169
|
prepareTokenParams: _oidc.prepareTokenParams.bind(null, this),
|
|
147
170
|
exchangeCodeForTokens: _oidc.exchangeCodeForTokens.bind(null, this),
|
|
148
171
|
getWithoutPrompt: _oidc.getWithoutPrompt.bind(null, this),
|
|
149
172
|
getWithPopup: _oidc.getWithPopup.bind(null, this),
|
|
150
|
-
getWithRedirect:
|
|
151
|
-
parseFromUrl:
|
|
173
|
+
getWithRedirect: getWithRedirectApi,
|
|
174
|
+
parseFromUrl: parseFromUrlApi,
|
|
152
175
|
decode: _oidc.decodeToken,
|
|
153
176
|
revoke: _oidc.revokeToken.bind(null, this),
|
|
154
177
|
renew: _oidc.renewToken.bind(null, this),
|
|
@@ -159,7 +182,9 @@ class OktaAuth {
|
|
|
159
182
|
isLoginRedirect: _oidc.isLoginRedirect.bind(null, this)
|
|
160
183
|
}; // Wrap all async token API methods using MethodQueue to avoid issues with concurrency
|
|
161
184
|
|
|
162
|
-
const syncMethods = [
|
|
185
|
+
const syncMethods = [// sync methods
|
|
186
|
+
'decode', 'isLoginRedirect', // already bound
|
|
187
|
+
'getWithRedirect', 'parseFromUrl'];
|
|
163
188
|
Object.keys(this.token).forEach(key => {
|
|
164
189
|
if (syncMethods.indexOf(key) >= 0) {
|
|
165
190
|
// sync methods should not be wrapped
|
|
@@ -168,38 +193,38 @@ class OktaAuth {
|
|
|
168
193
|
|
|
169
194
|
var method = this.token[key];
|
|
170
195
|
this.token[key] = _PromiseQueue.default.prototype.push.bind(this._tokenQueue, method, null);
|
|
171
|
-
});
|
|
172
|
-
Object.assign(this.token.getWithRedirect, {
|
|
173
|
-
// This is exposed so we can set window.location in our tests
|
|
174
|
-
_setLocation: function (url) {
|
|
175
|
-
window.location = url;
|
|
176
|
-
}
|
|
177
|
-
});
|
|
178
|
-
Object.assign(this.token.parseFromUrl, {
|
|
179
|
-
// This is exposed so we can mock getting window.history in our tests
|
|
180
|
-
_getHistory: function () {
|
|
181
|
-
return window.history;
|
|
182
|
-
},
|
|
183
|
-
// This is exposed so we can mock getting window.location in our tests
|
|
184
|
-
_getLocation: function () {
|
|
185
|
-
return window.location;
|
|
186
|
-
},
|
|
187
|
-
// This is exposed so we can mock getting window.document in our tests
|
|
188
|
-
_getDocument: function () {
|
|
189
|
-
return window.document;
|
|
190
|
-
}
|
|
191
196
|
}); // IDX
|
|
192
197
|
|
|
198
|
+
const boundStartTransaction = _idx.startTransaction.bind(null, this);
|
|
199
|
+
|
|
193
200
|
this.idx = {
|
|
194
201
|
interact: _idx.interact.bind(null, this),
|
|
195
202
|
introspect: _idx.introspect.bind(null, this),
|
|
196
203
|
authenticate: _idx.authenticate.bind(null, this),
|
|
197
204
|
register: _idx.register.bind(null, this),
|
|
205
|
+
start: boundStartTransaction,
|
|
206
|
+
startTransaction: boundStartTransaction,
|
|
207
|
+
// Use `start` instead. `startTransaction` will be removed in 7.0
|
|
208
|
+
poll: _idx.poll.bind(null, this),
|
|
198
209
|
proceed: _idx.proceed.bind(null, this),
|
|
199
210
|
cancel: _idx.cancel.bind(null, this),
|
|
200
211
|
recoverPassword: _idx.recoverPassword.bind(null, this),
|
|
212
|
+
// oauth redirect callback
|
|
201
213
|
handleInteractionCodeRedirect: _idx.handleInteractionCodeRedirect.bind(null, this),
|
|
202
|
-
|
|
214
|
+
// interaction required callback
|
|
215
|
+
isInteractionRequired: _oidc.isInteractionRequired.bind(null, this),
|
|
216
|
+
isInteractionRequiredError: _oidc.isInteractionRequiredError,
|
|
217
|
+
// email verify callback
|
|
218
|
+
handleEmailVerifyCallback: _idx.handleEmailVerifyCallback.bind(null, this),
|
|
219
|
+
isEmailVerifyCallback: _idx.isEmailVerifyCallback,
|
|
220
|
+
parseEmailVerifyCallback: _idx.parseEmailVerifyCallback,
|
|
221
|
+
isEmailVerifyCallbackError: _idx.isEmailVerifyCallbackError,
|
|
222
|
+
getSavedTransactionMeta: _transactionMeta.getSavedTransactionMeta.bind(null, this),
|
|
223
|
+
createTransactionMeta: _transactionMeta.createTransactionMeta.bind(null, this),
|
|
224
|
+
getTransactionMeta: _transactionMeta.getTransactionMeta.bind(null, this),
|
|
225
|
+
saveTransactionMeta: _transactionMeta.saveTransactionMeta.bind(null, this),
|
|
226
|
+
clearTransactionMeta: _transactionMeta.clearTransactionMeta.bind(null, this),
|
|
227
|
+
isTransactionMetaValid: _transactionMeta.isTransactionMetaValid,
|
|
203
228
|
setFlow: flow => {
|
|
204
229
|
this.options.flow = flow;
|
|
205
230
|
},
|
|
@@ -237,33 +262,13 @@ class OktaAuth {
|
|
|
237
262
|
|
|
238
263
|
setHeaders(headers) {
|
|
239
264
|
this.options.headers = Object.assign({}, this.options.headers, headers);
|
|
240
|
-
} //
|
|
241
|
-
// CommonJS module users (CDN) need all exports on this object
|
|
242
|
-
// Utility methods for interaction code flow
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
isInteractionRequired(hashOrSearch) {
|
|
246
|
-
return (0, _oidc.isInteractionRequired)(this, hashOrSearch);
|
|
247
|
-
}
|
|
265
|
+
} // Authn V1
|
|
248
266
|
|
|
249
|
-
isInteractionRequiredError(error) {
|
|
250
|
-
return (0, _oidc.isInteractionRequiredError)(error);
|
|
251
|
-
} // Utility methods for email verify callback
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
isEmailVerifyCallback(urlPath) {
|
|
255
|
-
return (0, _util.isEmailVerifyCallback)(urlPath);
|
|
256
|
-
}
|
|
257
|
-
|
|
258
|
-
parseEmailVerifyCallback(urlPath) {
|
|
259
|
-
return (0, _util.parseEmailVerifyCallback)(urlPath);
|
|
260
|
-
}
|
|
261
267
|
|
|
262
268
|
async signIn(opts) {
|
|
263
|
-
// TODO: support interaction code flow
|
|
264
|
-
// Authn V1 flow
|
|
265
269
|
return this.signInWithCredentials(opts);
|
|
266
|
-
}
|
|
270
|
+
} // Authn V1
|
|
271
|
+
|
|
267
272
|
|
|
268
273
|
async signInWithCredentials(opts) {
|
|
269
274
|
opts = (0, _util.clone)(opts || {});
|
|
@@ -317,10 +322,11 @@ class OktaAuth {
|
|
|
317
322
|
|
|
318
323
|
|
|
319
324
|
closeSession() {
|
|
320
|
-
// Clear all local tokens
|
|
321
|
-
this.tokenManager.clear();
|
|
322
325
|
return this.session.close() // DELETE /api/v1/sessions/me
|
|
323
|
-
.
|
|
326
|
+
.then(async () => {
|
|
327
|
+
// Clear all local tokens
|
|
328
|
+
this.tokenManager.clear();
|
|
329
|
+
}).catch(function (e) {
|
|
324
330
|
if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {
|
|
325
331
|
// Session does not exist or has already been closed
|
|
326
332
|
return null;
|
|
@@ -420,10 +426,7 @@ class OktaAuth {
|
|
|
420
426
|
|
|
421
427
|
if (!options.idToken) {
|
|
422
428
|
options.idToken = this.tokenManager.getTokensSync().idToken;
|
|
423
|
-
}
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
this.tokenManager.clear();
|
|
429
|
+
}
|
|
427
430
|
|
|
428
431
|
if (revokeRefreshToken && refreshToken) {
|
|
429
432
|
await this.revokeRefreshToken(refreshToken);
|
|
@@ -439,6 +442,7 @@ class OktaAuth {
|
|
|
439
442
|
// Fallback to XHR signOut, then simulate a redirect to the post logout uri
|
|
440
443
|
|
|
441
444
|
if (!logoutUri) {
|
|
445
|
+
// local tokens are cleared once session is closed
|
|
442
446
|
return this.closeSession() // can throw if the user cannot be signed out
|
|
443
447
|
.then(function () {
|
|
444
448
|
if (postLogoutRedirectUri === currentUri) {
|
|
@@ -448,7 +452,14 @@ class OktaAuth {
|
|
|
448
452
|
}
|
|
449
453
|
});
|
|
450
454
|
} else {
|
|
451
|
-
|
|
455
|
+
if (options.clearTokensBeforeRedirect) {
|
|
456
|
+
// Clear all local tokens
|
|
457
|
+
this.tokenManager.clear();
|
|
458
|
+
} else {
|
|
459
|
+
this.tokenManager.addPendingRemoveFlags();
|
|
460
|
+
} // Flow ends with logout redirect
|
|
461
|
+
|
|
462
|
+
|
|
452
463
|
window.location.assign(logoutUri);
|
|
453
464
|
}
|
|
454
465
|
}
|
|
@@ -479,20 +490,26 @@ class OktaAuth {
|
|
|
479
490
|
} = this.tokenManager.getOptions();
|
|
480
491
|
|
|
481
492
|
if (accessToken && this.tokenManager.hasExpired(accessToken)) {
|
|
482
|
-
accessToken =
|
|
493
|
+
accessToken = undefined;
|
|
483
494
|
|
|
484
495
|
if (autoRenew) {
|
|
485
|
-
|
|
496
|
+
try {
|
|
497
|
+
accessToken = await this.tokenManager.renew('accessToken');
|
|
498
|
+
} catch {// Renew errors will emit an "error" event
|
|
499
|
+
}
|
|
486
500
|
} else if (autoRemove) {
|
|
487
501
|
this.tokenManager.remove('accessToken');
|
|
488
502
|
}
|
|
489
503
|
}
|
|
490
504
|
|
|
491
505
|
if (idToken && this.tokenManager.hasExpired(idToken)) {
|
|
492
|
-
idToken =
|
|
506
|
+
idToken = undefined;
|
|
493
507
|
|
|
494
508
|
if (autoRenew) {
|
|
495
|
-
|
|
509
|
+
try {
|
|
510
|
+
idToken = await this.tokenManager.renew('idToken');
|
|
511
|
+
} catch {// Renew errors will emit an "error" event
|
|
512
|
+
}
|
|
496
513
|
} else if (autoRemove) {
|
|
497
514
|
this.tokenManager.remove('idToken');
|
|
498
515
|
}
|
|
@@ -571,7 +588,7 @@ class OktaAuth {
|
|
|
571
588
|
|
|
572
589
|
const storage = _browserStorage.default.getSessionStorage();
|
|
573
590
|
|
|
574
|
-
return storage ? storage.getItem(constants.REFERRER_PATH_STORAGE_KEY) : undefined;
|
|
591
|
+
return storage ? storage.getItem(constants.REFERRER_PATH_STORAGE_KEY) || undefined : undefined;
|
|
575
592
|
}
|
|
576
593
|
|
|
577
594
|
removeOriginalUri(state) {
|
|
@@ -584,7 +601,7 @@ class OktaAuth {
|
|
|
584
601
|
|
|
585
602
|
if (state) {
|
|
586
603
|
const sharedStorage = this.storageManager.getOriginalUriStorage();
|
|
587
|
-
sharedStorage.removeItem(state);
|
|
604
|
+
sharedStorage.removeItem && sharedStorage.removeItem(state);
|
|
588
605
|
}
|
|
589
606
|
}
|
|
590
607
|
|
|
@@ -619,7 +636,7 @@ class OktaAuth {
|
|
|
619
636
|
|
|
620
637
|
if (restoreOriginalUri) {
|
|
621
638
|
await restoreOriginalUri(this, originalUri);
|
|
622
|
-
} else {
|
|
639
|
+
} else if (originalUri) {
|
|
623
640
|
window.location.replace(originalUri);
|
|
624
641
|
}
|
|
625
642
|
}
|
|
@@ -650,6 +667,7 @@ class OktaAuth {
|
|
|
650
667
|
|
|
651
668
|
getIssuerOrigin() {
|
|
652
669
|
// Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}
|
|
670
|
+
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
653
671
|
return this.options.issuer.split('/oauth2/')[0];
|
|
654
672
|
} // { username, (relayState) }
|
|
655
673
|
|
|
@@ -671,11 +689,10 @@ class OktaAuth {
|
|
|
671
689
|
} // Hoist feature detection functions to static type
|
|
672
690
|
|
|
673
691
|
|
|
674
|
-
OktaAuth.features = OktaAuth.prototype.features = features; // Also hoist
|
|
692
|
+
OktaAuth.features = OktaAuth.prototype.features = features; // Also hoist constants for CommonJS users
|
|
675
693
|
|
|
676
694
|
Object.assign(OktaAuth, {
|
|
677
|
-
constants
|
|
678
|
-
isInteractionRequiredError: _oidc.isInteractionRequiredError
|
|
695
|
+
constants
|
|
679
696
|
});
|
|
680
697
|
var _default = OktaAuth;
|
|
681
698
|
exports.default = _default;
|