@okta/okta-auth-js 5.9.1 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +56 -0
- package/README.md +16 -3
- package/cjs/AuthStateManager.js +2 -1
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +95 -78
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/OktaUserAgent.js.map +1 -1
- package/cjs/PromiseQueue.js +6 -1
- package/cjs/PromiseQueue.js.map +1 -1
- package/cjs/StorageManager.js +3 -1
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TokenManager.js +33 -5
- package/cjs/TokenManager.js.map +1 -1
- package/cjs/TransactionManager.js +17 -4
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +7 -5
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/browser/fingerprint.js +3 -1
- package/cjs/browser/fingerprint.js.map +1 -1
- package/cjs/builderUtil.js +3 -17
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/crypto/oidcHash.js.map +1 -1
- package/cjs/features.js +9 -3
- package/cjs/features.js.map +1 -1
- package/cjs/fetch/fetchRequest.js +2 -1
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/request.js +2 -0
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/authenticate.js +8 -5
- package/cjs/idx/authenticate.js.map +1 -1
- package/cjs/idx/authenticator/Authenticator.js +14 -0
- package/cjs/idx/authenticator/Authenticator.js.map +1 -0
- package/cjs/idx/authenticator/OktaPassword.js +31 -0
- package/cjs/idx/authenticator/OktaPassword.js.map +1 -0
- package/cjs/idx/authenticator/OktaVerifyTotp.js +17 -0
- package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -0
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +50 -0
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -0
- package/cjs/idx/authenticator/SecurityQuestionVerification.js +32 -0
- package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -0
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +34 -0
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -0
- package/cjs/idx/authenticator/getAuthenticator.js +41 -0
- package/cjs/idx/authenticator/getAuthenticator.js.map +1 -0
- package/cjs/idx/authenticator/index.js +80 -0
- package/cjs/idx/authenticator/index.js.map +1 -0
- package/cjs/idx/cancel.js +5 -0
- package/cjs/idx/cancel.js.map +1 -1
- package/cjs/idx/emailVerify.js +73 -0
- package/cjs/idx/emailVerify.js.map +1 -0
- package/cjs/idx/flow/AuthenticationFlow.js +4 -1
- package/cjs/idx/flow/AuthenticationFlow.js.map +1 -1
- package/cjs/idx/flow/FlowSpecification.js +16 -14
- package/cjs/idx/flow/FlowSpecification.js.map +1 -1
- package/cjs/idx/flow/RegistrationFlow.js +3 -0
- package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
- package/cjs/idx/flow/index.js +0 -52
- package/cjs/idx/flow/index.js.map +1 -1
- package/cjs/idx/handleInteractionCodeRedirect.js +1 -0
- package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
- package/cjs/idx/index.js +26 -0
- package/cjs/idx/index.js.map +1 -1
- package/cjs/idx/interact.js +47 -29
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +12 -14
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/poll.js +59 -0
- package/cjs/idx/poll.js.map +1 -0
- package/cjs/idx/proceed.js +4 -7
- package/cjs/idx/proceed.js.map +1 -1
- package/cjs/idx/recoverPassword.js +1 -1
- package/cjs/idx/recoverPassword.js.map +1 -1
- package/cjs/idx/register.js +16 -14
- package/cjs/idx/register.js.map +1 -1
- package/cjs/idx/remediate.js +55 -92
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +11 -12
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js +8 -9
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +48 -35
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +53 -20
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +20 -19
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +8 -28
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengePoll.js +26 -0
- package/cjs/idx/remediators/ChallengePoll.js.map +1 -0
- package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollPoll.js +55 -0
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -0
- package/cjs/idx/remediators/EnrollProfile.js +4 -1
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js +80 -0
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -0
- package/cjs/idx/remediators/Identify.js +2 -35
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -0
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +23 -2
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollmentChannel.js +74 -0
- package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -0
- package/cjs/idx/remediators/Skip.js +7 -0
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/remediators/index.js +52 -0
- package/cjs/idx/remediators/index.js.map +1 -1
- package/cjs/idx/remediators/util.js +7 -2
- package/cjs/idx/remediators/util.js.map +1 -1
- package/cjs/idx/run.js +110 -52
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/startTransaction.js +4 -2
- package/cjs/idx/startTransaction.js.map +1 -1
- package/cjs/idx/transactionMeta.js +82 -69
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +21 -4
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/index.js +14 -0
- package/cjs/index.js.map +1 -1
- package/cjs/oidc/endpoints/authorize.js +2 -0
- package/cjs/oidc/endpoints/authorize.js.map +1 -1
- package/cjs/oidc/endpoints/token.js +1 -0
- package/cjs/oidc/endpoints/token.js.map +1 -1
- package/cjs/oidc/exchangeCodeForTokens.js +3 -3
- package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
- package/cjs/oidc/getToken.js +3 -1
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +10 -37
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/handleOAuthResponse.js +80 -86
- package/cjs/oidc/handleOAuthResponse.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewToken.js.map +1 -1
- package/cjs/oidc/renewTokens.js +1 -1
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/revokeToken.js +28 -29
- package/cjs/oidc/revokeToken.js.map +1 -1
- package/cjs/oidc/util/index.js +14 -0
- package/cjs/oidc/util/index.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +6 -1
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/oauth.js.map +1 -1
- package/cjs/oidc/util/oauthMeta.js +36 -0
- package/cjs/oidc/util/oauthMeta.js.map +1 -0
- package/cjs/oidc/util/pkce.js.map +1 -1
- package/cjs/oidc/util/prepareTokenParams.js +57 -36
- package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +2 -0
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/oidc/verifyToken.js +2 -1
- package/cjs/oidc/verifyToken.js.map +1 -1
- package/cjs/options.js +6 -2
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +1 -1
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/services/TokenService.js +3 -0
- package/cjs/services/TokenService.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +3 -0
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/TransactionState.js +0 -17
- package/cjs/tx/TransactionState.js.map +1 -1
- package/cjs/tx/api.js +3 -2
- package/cjs/tx/api.js.map +1 -1
- package/cjs/types/Token.js.map +1 -1
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/util/index.js +0 -13
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/url.js.map +1 -1
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/index.js +2603 -1814
- package/esm/index.js.map +1 -1
- package/lib/AuthStateManager.d.ts +1 -2
- package/lib/OktaAuth.d.ts +4 -10
- package/lib/StorageManager.d.ts +1 -1
- package/lib/TokenManager.d.ts +4 -2
- package/lib/TransactionManager.d.ts +3 -2
- package/lib/browser/fingerprint.d.ts +1 -1
- package/lib/builderUtil.d.ts +1 -2
- package/lib/crypto/browser.d.ts +1 -1
- package/lib/features.d.ts +1 -1
- package/lib/idx/authenticate.d.ts +1 -1
- package/lib/idx/authenticator/Authenticator.d.ts +12 -0
- package/lib/idx/authenticator/OktaPassword.d.ts +11 -0
- package/lib/idx/authenticator/OktaVerifyTotp.d.ts +9 -0
- package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +28 -0
- package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +14 -0
- package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +10 -0
- package/lib/idx/authenticator/getAuthenticator.d.ts +3 -0
- package/lib/idx/authenticator/index.d.ts +6 -0
- package/lib/idx/cancel.d.ts +1 -1
- package/lib/{util → idx}/emailVerify.d.ts +10 -1
- package/lib/idx/flow/FlowSpecification.d.ts +1 -2
- package/lib/idx/flow/index.d.ts +0 -4
- package/lib/idx/index.d.ts +2 -0
- package/lib/idx/interact.d.ts +5 -11
- package/lib/idx/introspect.d.ts +3 -2
- package/lib/idx/{flow/AuthenticationFlowMonitor.d.ts → poll.d.ts} +3 -5
- package/lib/idx/proceed.d.ts +4 -1
- package/lib/idx/recoverPassword.d.ts +1 -1
- package/lib/idx/register.d.ts +1 -1
- package/lib/idx/remediate.d.ts +10 -4
- package/lib/idx/remediators/AuthenticatorEnrollmentData.d.ts +12 -8
- package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +3 -4
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +13 -8
- package/lib/idx/remediators/Base/Remediator.d.ts +9 -6
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +9 -8
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +10 -5
- package/lib/idx/{flow/RegistrationFlowMonitor.d.ts → remediators/ChallengePoll.d.ts} +3 -3
- package/lib/idx/{flow/PasswordRecoveryFlowMonitor.d.ts → remediators/EnrollPoll.d.ts} +12 -4
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -1
- package/lib/idx/remediators/EnrollmentChannelData.d.ts +53 -0
- package/lib/idx/remediators/Identify.d.ts +2 -5
- package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -2
- package/lib/idx/remediators/RedirectIdp.d.ts +3 -3
- package/lib/idx/remediators/SelectAuthenticatorAuthenticate.d.ts +6 -2
- package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +39 -0
- package/lib/idx/remediators/Skip.d.ts +3 -0
- package/lib/idx/remediators/index.d.ts +4 -0
- package/lib/idx/remediators/util.d.ts +2 -2
- package/lib/idx/run.d.ts +4 -3
- package/lib/idx/startTransaction.d.ts +3 -2
- package/lib/idx/transactionMeta.d.ts +6 -27
- package/lib/idx/types/idx-js.d.ts +57 -2
- package/lib/idx/types/index.d.ts +25 -8
- package/lib/index.d.ts +1 -0
- package/lib/oidc/exchangeCodeForTokens.d.ts +12 -0
- package/lib/oidc/getWithRedirect.d.ts +1 -1
- package/lib/oidc/handleOAuthResponse.d.ts +1 -1
- package/lib/oidc/parseFromUrl.d.ts +1 -1
- package/lib/oidc/renewToken.d.ts +1 -1
- package/lib/oidc/renewTokens.d.ts +1 -1
- package/lib/oidc/util/browser.d.ts +1 -1
- package/lib/oidc/util/errors.d.ts +1 -1
- package/lib/oidc/util/index.d.ts +1 -0
- package/lib/oidc/util/oauth.d.ts +1 -8
- package/lib/oidc/util/oauthMeta.d.ts +2 -0
- package/lib/oidc/util/prepareTokenParams.d.ts +3 -0
- package/lib/server/serverStorage.d.ts +1 -1
- package/lib/services/TokenService.d.ts +2 -2
- package/lib/tx/AuthTransaction.d.ts +2 -2
- package/lib/tx/TransactionState.d.ts +11 -1
- package/lib/tx/api.d.ts +6 -6
- package/lib/types/OktaAuthOptions.d.ts +6 -6
- package/lib/types/Storage.d.ts +3 -3
- package/lib/types/Token.d.ts +1 -0
- package/lib/types/Transaction.d.ts +11 -0
- package/lib/types/UserClaims.d.ts +3 -3
- package/lib/types/api.d.ts +31 -17
- package/lib/util/console.d.ts +1 -1
- package/lib/util/index.d.ts +0 -1
- package/lib/util/types.d.ts +1 -1
- package/lib/util/url.d.ts +2 -2
- package/package.json +6 -8
- package/cjs/idx/flow/AuthenticationFlowMonitor.js +0 -45
- package/cjs/idx/flow/AuthenticationFlowMonitor.js.map +0 -1
- package/cjs/idx/flow/FlowMonitor.js +0 -69
- package/cjs/idx/flow/FlowMonitor.js.map +0 -1
- package/cjs/idx/flow/PasswordRecoveryFlowMonitor.js +0 -55
- package/cjs/idx/flow/PasswordRecoveryFlowMonitor.js.map +0 -1
- package/cjs/idx/flow/RegistrationFlowMonitor.js +0 -35
- package/cjs/idx/flow/RegistrationFlowMonitor.js.map +0 -1
- package/cjs/util/emailVerify.js +0 -28
- package/cjs/util/emailVerify.js.map +0 -1
- package/lib/idx/flow/FlowMonitor.d.ts +0 -23
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","options","tokenParams","token","prepareTokenParams","
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/transactionMeta.ts"],"names":["createTransactionMeta","authClient","options","tokenParams","token","prepareTokenParams","pkceMeta","flow","withCredentials","activationToken","undefined","recoveryToken","meta","hasSavedInteractionHandle","savedMeta","getSavedTransactionMeta","interactionHandle","transactionManager","load","e","isTransactionMetaValid","getTransactionMeta","validExistingMeta","saveTransactionMeta","save","muteWarning","clearTransactionMeta","clear","keys","isTransactionMetaValidForOptions","isTransactionMetaValidForFlow","shouldValidateFlow","mismatch","some","key","value"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA;AACO,eAAeA,qBAAf,CACLC,UADK,EAELC,OAA+B,GAAG,EAF7B,EAGwB;AAC7B,QAAMC,WAAW,GAAG,MAAMF,UAAU,CAACG,KAAX,CAAiBC,kBAAjB,CAAoCH,OAApC,CAA1B;AACA,QAAMI,QAAQ,GAAG,2BAAgBL,UAAhB,EAA4BE,WAA5B,CAAjB;AACA,MAAI;AACFI,IAAAA,IAAI,GAAG,SADL;AAEFC,IAAAA,eAAe,GAAG,IAFhB;AAGFC,IAAAA,eAAe,GAAGC,SAHhB;AAIFC,IAAAA,aAAa,GAAGD;AAJd,MAKA,EAAE,GAAGT,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GALJ,CAH6B,CAQc;;AAE3C,QAAMU,IAAwB,GAAG,EAC/B,GAAGN,QAD4B;AAE/BC,IAAAA,IAF+B;AAG/BC,IAAAA,eAH+B;AAI/BC,IAAAA,eAJ+B;AAK/BE,IAAAA;AAL+B,GAAjC;AAOA,SAAOC,IAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCZ,UAAnC,EAAyDC,OAAzD,EAAoG;AACzG,QAAMY,SAAS,GAAGC,uBAAuB,CAACd,UAAD,EAAaC,OAAb,CAAzC;;AACA,MAAIY,SAAJ,aAAIA,SAAJ,eAAIA,SAAS,CAAEE,iBAAf,EAAkC;AAChC,WAAO,IAAP;AACD;;AACD,SAAO,KAAP;AACD,C,CAED;;;AACO,SAASD,uBAAT,CACLd,UADK,EAELC,OAFK,EAG2B;AAChCA,EAAAA,OAAO,GAAG,sBAAWA,OAAX,CAAV;AACAA,EAAAA,OAAO,GAAG,EAAE,GAAGD,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GAAV,CAFgC,CAEiB;;AACjD,MAAIY,SAAJ;;AACA,MAAI;AACFA,IAAAA,SAAS,GAAGb,UAAU,CAACgB,kBAAX,CAA8BC,IAA9B,CAAmChB,OAAnC,CAAZ;AACD,GAFD,CAEE,OAAOiB,CAAP,EAAU,CACV;AACD;;AAED,MAAI,CAACL,SAAL,EAAgB;AACd;AACD;;AAED,MAAIM,sBAAsB,CAACN,SAAD,EAAYZ,OAAZ,CAA1B,EAAgD;AAC9C,WAAOY,SAAP;AACD,GAhB+B,CAkBhC;AACA;AACA;;;AACA,kBAAK,sEACH,4DADF;AAGD;;AAEM,eAAeO,kBAAf,CACLpB,UADK,EAELC,OAFK,EAGwB;AAC7BA,EAAAA,OAAO,GAAG,sBAAWA,OAAX,CAAV;AACAA,EAAAA,OAAO,GAAG,EAAE,GAAGD,UAAU,CAACC,OAAhB;AAAyB,OAAGA;AAA5B,GAAV,CAF6B,CAEoB;AACjD;;AACA,QAAMoB,iBAAiB,GAAGP,uBAAuB,CAACd,UAAD,EAAaC,OAAb,CAAjD;;AACA,MAAIoB,iBAAJ,EAAuB;AACrB,WAAOA,iBAAP;AACD,GAP4B,CAQ7B;;;AACA,SAAOtB,qBAAqB,CAACC,UAAD,EAAaC,OAAb,CAA5B;AACD;;AAEM,SAASqB,mBAAT,CAA8BtB,UAA9B,EAAoDW,IAApD,EAAgE;AACrEX,EAAAA,UAAU,CAACgB,kBAAX,CAA8BO,IAA9B,CAAmCZ,IAAnC,EAAyC;AAAEa,IAAAA,WAAW,EAAE;AAAf,GAAzC;AACD;;AAEM,SAASC,oBAAT,CAA+BzB,UAA/B,EAA2D;AAChEA,EAAAA,UAAU,CAACgB,kBAAX,CAA8BU,KAA9B;AACD;;AAEM,SAASP,sBAAT,CAAiCR,IAAjC,EAAuCV,OAA+B,GAAI,EAA1E,EAAuF;AAC5F;AACA,QAAM0B,IAAI,GAAG,CACX,QADW,EAEX,UAFW,EAGX,aAHW,EAIX,OAJW,EAKX,eALW,EAMX,qBANW,EAOX,iBAPW,EAQX,eARW,CAAb;;AAUA,MAAIC,gCAAgC,CAACjB,IAAD,EAAOV,OAAP,EAAgB0B,IAAhB,CAAhC,KAA0D,KAA9D,EAAqE;AACnE,WAAO,KAAP;AACD,GAd2F,CAgB5F;;;AACA,QAAM;AAAErB,IAAAA;AAAF,MAAWL,OAAjB;;AACA,MAAI4B,6BAA6B,CAAClB,IAAD,EAAOL,IAAP,CAA7B,KAA8C,KAAlD,EAAyD;AACvD,WAAO,KAAP;AACD;;AAED,SAAO,IAAP;AACD;;AAEM,SAASuB,6BAAT,CAAuClB,IAAvC,EAA6CL,IAA7C,EAAmD;AACxD;AACA,QAAMwB,kBAAkB,GAAGxB,IAAI,IAAIA,IAAI,KAAK,SAAjB,IAA8BA,IAAI,KAAK,SAAlE;;AACA,MAAIwB,kBAAJ,EAAwB;AACtB,QAAIxB,IAAI,KAAKK,IAAI,CAACL,IAAlB,EAAwB;AACtB;AACA,aAAO,KAAP;AACD;AACF;;AACD,SAAO,IAAP;AACD;;AAEM,SAASsB,gCAAT,CAA0CjB,IAA1C,EAAgDV,OAAhD,EAAyD0B,IAAzD,EAA+D;AACpE;AACA;AACA,QAAMI,QAAQ,GAAGJ,IAAI,CAACK,IAAL,CAAUC,GAAG,IAAI;AAChC,UAAMC,KAAK,GAAGjC,OAAO,CAACgC,GAAD,CAArB;;AACA,QAAIC,KAAK,IAAIA,KAAK,KAAKvB,IAAI,CAACsB,GAAD,CAA3B,EAAkC;AAChC,aAAO,IAAP;AACD;AACF,GALgB,CAAjB;AAMA,SAAO,CAACF,QAAR;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuth, IdxTransactionMeta, TransactionMetaOptions, PKCETransactionMeta } from '../types';\nimport { removeNils, warn } from '../util';\nimport { createOAuthMeta } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(\n authClient: OktaAuth,\n options: TransactionMetaOptions = {}\n): Promise<IdxTransactionMeta> {\n const tokenParams = await authClient.token.prepareTokenParams(options);\n const pkceMeta = createOAuthMeta(authClient, tokenParams) as PKCETransactionMeta;\n let {\n flow = 'default',\n withCredentials = true,\n activationToken = undefined,\n recoveryToken = undefined,\n } = { ...authClient.options, ...options }; // local options override SDK options\n\n const meta: IdxTransactionMeta = {\n ...pkceMeta,\n flow,\n withCredentials,\n activationToken,\n recoveryToken,\n };\n return meta;\n}\n\nexport function hasSavedInteractionHandle(authClient: OktaAuth, options?: TransactionMetaOptions): boolean {\n const savedMeta = getSavedTransactionMeta(authClient, options);\n if (savedMeta?.interactionHandle) {\n return true;\n }\n return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid\nexport function getSavedTransactionMeta(\n authClient: OktaAuth,\n options?: TransactionMetaOptions\n): IdxTransactionMeta | undefined {\n options = removeNils(options);\n options = { ...authClient.options, ...options }; // local options override SDK options\n let savedMeta;\n try {\n savedMeta = authClient.transactionManager.load(options) as IdxTransactionMeta;\n } catch (e) {\n // ignore errors here\n }\n\n if (!savedMeta) {\n return;\n }\n\n if (isTransactionMetaValid(savedMeta, options)) {\n return savedMeta;\n }\n\n // existing meta is not valid for this configuration\n // this is common when changing configuration in local development environment\n // in a production environment, this may indicate that two apps are sharing a storage key\n warn('Saved transaction meta does not match the current configuration. ' + \n 'This may indicate that two apps are sharing a storage key.');\n\n}\n\nexport async function getTransactionMeta(\n authClient: OktaAuth,\n options?: TransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n options = removeNils(options);\n options = { ...authClient.options, ...options }; // local options override SDK options\n // Load existing transaction meta from storage\n const validExistingMeta = getSavedTransactionMeta(authClient, options);\n if (validExistingMeta) {\n return validExistingMeta;\n }\n // No existing? Create new transaction meta.\n return createTransactionMeta(authClient, options);\n}\n\nexport function saveTransactionMeta (authClient: OktaAuth, meta): void {\n authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuth): void {\n authClient.transactionManager.clear();\n}\n\nexport function isTransactionMetaValid (meta, options: TransactionMetaOptions = {}): boolean {\n // Validate against certain options. If these exist in options, they must match in meta\n const keys = [\n 'issuer',\n 'clientId',\n 'redirectUri',\n 'state',\n 'codeChallenge',\n 'codeChallengeMethod',\n 'activationToken',\n 'recoveryToken'\n ];\n if (isTransactionMetaValidForOptions(meta, options, keys) === false) {\n return false;\n }\n\n // Validate configured flow\n const { flow } = options;\n if (isTransactionMetaValidForFlow(meta, flow) === false) {\n return false;\n }\n\n return true;\n}\n\nexport function isTransactionMetaValidForFlow(meta, flow) {\n // Specific flows should not share transaction data\n const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';\n if (shouldValidateFlow) {\n if (flow !== meta.flow) {\n // The flow has changed; abandon the old transaction\n return false;\n }\n }\n return true;\n}\n\nexport function isTransactionMetaValidForOptions(meta, options, keys) {\n // returns false if values in meta do not match options\n // if the option does not have a value for a specific key, it is ignored\n const mismatch = keys.some(key => {\n const value = options[key];\n if (value && value !== meta[key]) {\n return true;\n }\n });\n return !mismatch;\n}\n"],"file":"transactionMeta.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/types/idx-js.ts"],"names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA;
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/types/idx-js.ts"],"names":["isRawIdxResponse","obj","version","isIdxResponse","rawIdxState"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGA;AAsIA;AAaO,SAASA,gBAAT,CAA0BC,GAA1B,EAA2D;AAChE,SAAOA,GAAG,IAAIA,GAAG,CAACC,OAAlB;AACD;;AAoBM,SAASC,aAAT,CAAuBF,GAAvB,EAAqD;AAC1D,SAAOA,GAAG,IAAID,gBAAgB,CAACC,GAAG,CAACG,WAAL,CAA9B;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface IdxAuthenticatorMethod {\n type: string;\n}\nexport interface IdxAuthenticator {\n displayName: string;\n id: string;\n key: string;\n methods: IdxAuthenticatorMethod[];\n type: string;\n settings?: {\n complexity?: unknown;\n age?: unknown;\n };\n contextualData?: {\n enrolledQuestion?: {\n question: string;\n questionKey: string;\n };\n qrcode?: { \n href: string; \n method: string; \n type: string; \n };\n sharedSecret?: string;\n questions?: {\n questionKey: string;\n question: string;\n }[];\n questionKeys?: string[];\n selectedChannel?: string;\n };\n}\n\nexport interface IdxForm {\n value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n value: string | { form: IdxForm };\n label: string;\n relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n id: string;\n name: string;\n}\n\nexport interface IdxRemediationValueForm {\n form: IdxForm;\n}\n\nexport interface IdxRemediationValue {\n name: string;\n type?: string;\n required?: boolean;\n secret?: boolean;\n visible?: boolean;\n mutable?: boolean;\n value?: string | IdxRemediationValueForm;\n label?: string;\n form?: IdxForm;\n options?: IdxOption[];\n messages?: IdxMessages;\n minLength?: number;\n maxLength?: number;\n}\n\nexport interface IdxRemediation {\n name: string;\n label?: string;\n value?: IdxRemediationValue[];\n relatesTo?: {\n type?: string;\n value: IdxAuthenticator;\n };\n idp?: IdpConfig;\n href?: string;\n method?: string;\n type?: string;\n accepts?: string;\n refresh?: number;\n}\n\nexport interface IdxContext {\n version: string;\n stateHandle: string;\n expiresAt: string;\n intent: string;\n currentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n authenticators: {\n type: string;\n value: IdxAuthenticator[];\n };\n authenticatorEnrollments: {\n type: string;\n value: IdxAuthenticator[];\n };\n enrollmentAuthenticator: {\n type: string;\n value: IdxAuthenticator;\n };\n user: {\n type: string;\n value: Record<string, unknown>;\n };\n app: {\n type: string;\n value: Record<string, unknown>;\n };\n messages?: IdxMessages;\n success?: IdxRemediation;\n failure?: IdxRemediation;\n}\n\nexport interface IdxMessage {\n message: string;\n class: string;\n i18n: {\n key: string;\n params?: unknown[];\n };\n}\n\nexport interface IdxMessages {\n type: 'array';\n value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n version: string;\n stateHandle: string;\n intent?: string;\n expiresAt?: string;\n remediation?: {\n type: 'array';\n value: IdxRemediation[];\n };\n messages?: IdxMessages;\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n return obj && obj.version;\n}\n\n\nexport interface IdxActions {\n [key: string]: Function;\n}\n\n// Object returned from idx-js\nexport interface IdxResponse {\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n toPersist: {\n interactionHandle?: string;\n };\n context?: IdxContext;\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n return obj && isRawIdxResponse(obj.rawIdxState);\n}\n"],"file":"idx-js.js"}
|
package/cjs/idx/types/index.js
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
Object.defineProperty(exports, "IdxTransactionMeta", {
|
|
4
|
+
enumerable: true,
|
|
5
|
+
get: function () {
|
|
6
|
+
return _Transaction.IdxTransactionMeta;
|
|
7
|
+
}
|
|
8
|
+
});
|
|
3
9
|
Object.defineProperty(exports, "FlowIdentifier", {
|
|
4
10
|
enumerable: true,
|
|
5
11
|
get: function () {
|
|
@@ -42,8 +48,16 @@ Object.defineProperty(exports, "CancelOptions", {
|
|
|
42
48
|
return _cancel.CancelOptions;
|
|
43
49
|
}
|
|
44
50
|
});
|
|
51
|
+
Object.defineProperty(exports, "EmailVerifyCallbackResponse", {
|
|
52
|
+
enumerable: true,
|
|
53
|
+
get: function () {
|
|
54
|
+
return _emailVerify.EmailVerifyCallbackResponse;
|
|
55
|
+
}
|
|
56
|
+
});
|
|
45
57
|
exports.IdxFeature = exports.AuthenticatorKey = exports.IdxStatus = void 0;
|
|
46
58
|
|
|
59
|
+
var _Transaction = require("../../types/Transaction");
|
|
60
|
+
|
|
47
61
|
var _FlowIdentifier = require("./FlowIdentifier");
|
|
48
62
|
|
|
49
63
|
var _idxJs = require("./idx-js");
|
|
@@ -58,6 +72,8 @@ var _proceed = require("../proceed");
|
|
|
58
72
|
|
|
59
73
|
var _cancel = require("../cancel");
|
|
60
74
|
|
|
75
|
+
var _emailVerify = require("../emailVerify");
|
|
76
|
+
|
|
61
77
|
/*!
|
|
62
78
|
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
63
79
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -86,17 +102,18 @@ exports.AuthenticatorKey = AuthenticatorKey;
|
|
|
86
102
|
(function (AuthenticatorKey) {
|
|
87
103
|
AuthenticatorKey["OKTA_PASSWORD"] = "okta_password";
|
|
88
104
|
AuthenticatorKey["OKTA_EMAIL"] = "okta_email";
|
|
89
|
-
AuthenticatorKey["OKTA_VERIFIER"] = "okta_verifier";
|
|
90
105
|
AuthenticatorKey["PHONE_NUMBER"] = "phone_number";
|
|
91
106
|
AuthenticatorKey["GOOGLE_AUTHENTICATOR"] = "google_otp";
|
|
107
|
+
AuthenticatorKey["SECURITY_QUESTION"] = "security_question";
|
|
108
|
+
AuthenticatorKey["OKTA_VERIFY"] = "okta_verify";
|
|
92
109
|
})(AuthenticatorKey || (exports.AuthenticatorKey = AuthenticatorKey = {}));
|
|
93
110
|
|
|
94
111
|
let IdxFeature;
|
|
95
112
|
exports.IdxFeature = IdxFeature;
|
|
96
113
|
|
|
97
114
|
(function (IdxFeature) {
|
|
98
|
-
IdxFeature[
|
|
99
|
-
IdxFeature[
|
|
100
|
-
IdxFeature[
|
|
115
|
+
IdxFeature["PASSWORD_RECOVERY"] = "recover-password";
|
|
116
|
+
IdxFeature["REGISTRATION"] = "enroll-profile";
|
|
117
|
+
IdxFeature["SOCIAL_IDP"] = "redirect-idp";
|
|
101
118
|
})(IdxFeature || (exports.IdxFeature = IdxFeature = {}));
|
|
102
119
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgBA;;AAYA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAGA;;AAtCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IA8BYA,S;;;WAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,yBAAAA,S;;IAQAC,gB;;;WAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,gCAAAA,gB;;IA4BAC,U;;;WAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;GAAAA,U,0BAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { IntrospectOptions } from '../introspect';\nimport { APIError, Tokens } from '../../types';\nimport { IdxTransactionMeta } from '../../types/Transaction';\nimport { \n IdxActions, \n IdxAuthenticator, \n IdxContext,\n IdxForm,\n IdxMessage, \n IdxOption, \n IdxRemediation, \n IdxResponse, \n RawIdxResponse \n} from './idx-js';\nimport { FlowIdentifier } from './FlowIdentifier';\n\nexport { IdxMessage } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { ProceedOptions } from '../proceed';\nexport { CancelOptions } from '../cancel';\nexport { FlowIdentifier };\nexport { IdxTransactionMeta };\nexport { EmailVerifyCallbackResponse } from '../emailVerify';\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n SECURITY_QUESTION = 'security_question',\n OKTA_VERIFY = 'okta_verify'\n}\n\nexport type Input = {\n name: string;\n type?: string;\n label?: string;\n value?: string | {form: IdxForm};\n secret?: boolean;\n required?: boolean;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n options?: IdxOption[];\n poll?: IdxPollOptions;\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY = 'recover-password',\n REGISTRATION = 'enroll-profile',\n SOCIAL_IDP = 'redirect-idp',\n}\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n\n // from idx-js, used by signin widget\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n context: IdxContext;\n}\n\nexport type IdxOptions = InteractOptions & IntrospectOptions & {\n flow?: FlowIdentifier;\n exchangeCodeForTokens?: boolean;\n autoRemediate?: boolean;\n};\n\nexport interface IdxPollOptions {\n required?: boolean;\n refresh?: number;\n}\n\nexport type Authenticator = {\n key: string;\n methodType?: string;\n phoneNumber?: string;\n};\n"],"file":"index.js"}
|
package/cjs/index.js
CHANGED
|
@@ -34,6 +34,20 @@ Object.keys(_constants).forEach(function (key) {
|
|
|
34
34
|
});
|
|
35
35
|
});
|
|
36
36
|
|
|
37
|
+
var _idx = require("./idx");
|
|
38
|
+
|
|
39
|
+
Object.keys(_idx).forEach(function (key) {
|
|
40
|
+
if (key === "default" || key === "__esModule") return;
|
|
41
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
42
|
+
if (key in exports && exports[key] === _idx[key]) return;
|
|
43
|
+
Object.defineProperty(exports, key, {
|
|
44
|
+
enumerable: true,
|
|
45
|
+
get: function () {
|
|
46
|
+
return _idx[key];
|
|
47
|
+
}
|
|
48
|
+
});
|
|
49
|
+
});
|
|
50
|
+
|
|
37
51
|
var _types = require("./types");
|
|
38
52
|
|
|
39
53
|
Object.keys(_types).forEach(function (key) {
|
package/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../lib/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAaA;;;;AAEA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport * as crypto from './crypto';\n\nexport { default as OktaAuth } from './OktaAuth';\nexport * from './constants';\nexport * from './types';\nexport * from './tx';\nexport * from './errors';\nexport * from './oidc';\nexport * from './StorageManager';\nexport * from './TransactionManager';\nexport * from './TokenManager';\nexport * from './AuthStateManager';\nexport * from './util';\nexport { crypto };\n"],"file":"index.js"}
|
|
1
|
+
{"version":3,"sources":["../../lib/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAaA;;;;AAEA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport * as crypto from './crypto';\n\nexport { default as OktaAuth } from './OktaAuth';\nexport * from './constants';\nexport * from './idx';\nexport * from './types';\nexport * from './tx';\nexport * from './errors';\nexport * from './oidc';\nexport * from './StorageManager';\nexport * from './TransactionManager';\nexport * from './TokenManager';\nexport * from './AuthStateManager';\nexport * from './util';\nexport { crypto };\n"],"file":"index.js"}
|
|
@@ -7,6 +7,8 @@ var _util = require("../../util");
|
|
|
7
7
|
|
|
8
8
|
var _errors = require("../../errors");
|
|
9
9
|
|
|
10
|
+
/* eslint-disable @typescript-eslint/no-non-null-assertion */
|
|
11
|
+
|
|
10
12
|
/*!
|
|
11
13
|
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
12
14
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","indexOf","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","extraParams"],"mappings":";;;;;
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","indexOf","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","extraParams"],"mappings":";;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,+BAAT,CAAyCC,WAAzC,EAAmE;AACxE;AACA,MAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;AACzB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,oBAASF,WAAW,CAACG,YAArB,KAAsCH,WAAW,CAACG,YAAZ,CAAyBC,OAAzB,CAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;AACtF,UAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;AACD,GARuE,CAUxE;;;AACA,MAAIG,WAAwB,GAAG;AAC7B,iBAAaL,WAAW,CAACC,QADI;AAE7B,sBAAkBD,WAAW,CAACM,aAFD;AAG7B,6BAAyBN,WAAW,CAACO,mBAHR;AAI7B,eAAWP,WAAW,CAACQ,OAJM;AAK7B,WAAOR,WAAW,CAACS,GALU;AAM7B,iBAAaT,WAAW,CAACU,QANI;AAO7B,kBAAcV,WAAW,CAACW,SAPG;AAQ7B,eAAWX,WAAW,CAACY,MARM;AAS7B,aAASZ,WAAW,CAACa,KATQ;AAU7B,cAAUb,WAAW,CAACc,MAVO;AAW7B,oBAAgBd,WAAW,CAACe,WAXC;AAY7B,qBAAiBf,WAAW,CAACgB,YAZA;AAa7B,qBAAiBhB,WAAW,CAACG,YAbA;AAc7B,oBAAgBH,WAAW,CAACiB,YAdC;AAe7B,aAASjB,WAAW,CAACkB;AAfQ,GAA/B;AAiBAb,EAAAA,WAAW,GAAG,sBAAWA,WAAX,CAAd;AAEA,GAAC,WAAD,EAAc,eAAd,EAA+Bc,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;AAC3D,QAAIC,KAAK,CAACC,OAAN,CAAcjB,WAAW,CAACe,UAAD,CAAzB,CAAJ,EAA4C;AAC1Cf,MAAAA,WAAW,CAACe,UAAD,CAAX,GAA0Bf,WAAW,CAACe,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;AACD;AACF,GAJD;;AAMA,MAAIvB,WAAW,CAACG,YAAZ,CAA0BC,OAA1B,CAAkC,UAAlC,MAAkD,CAAC,CAAnD,IACFJ,WAAW,CAACwB,MAAZ,CAAoBpB,OAApB,CAA4B,QAA5B,MAA0C,CAAC,CAD7C,EACgD;AAC9C,UAAM,IAAIF,oBAAJ,CAAiB,mFAAjB,CAAN;AACD,GAHD,MAGO;AACLG,IAAAA,WAAW,CAACoB,KAAZ,GAAoBzB,WAAW,CAACwB,MAAZ,CAAoBD,IAApB,CAAyB,GAAzB,CAApB;AACD;;AAED,SAAOlB,WAAP;AACD;;AAEM,SAASqB,oBAAT,CAA8B1B,WAA9B,EAAwD;AAC7D,MAAI2B,gBAAgB,GAAG5B,+BAA+B,CAACC,WAAD,CAAtD;AACA,SAAO,yBAAc,EACnB,GAAG2B,gBADgB;AAEnB,QAAI3B,WAAW,CAAC4B,WAAZ,IAA2B,EAAE,GAAG5B,WAAW,CAAC4B;AAAjB,KAA/B;AAFmB,GAAd,CAAP;AAID","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n // Quick validation\n if (!tokenParams.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n }\n\n // Convert our params to their actual OAuth equivalents\n var oauthParams: OAuthParams = {\n 'client_id': tokenParams.clientId,\n 'code_challenge': tokenParams.codeChallenge,\n 'code_challenge_method': tokenParams.codeChallengeMethod,\n 'display': tokenParams.display,\n 'idp': tokenParams.idp,\n 'idp_scope': tokenParams.idpScope,\n 'login_hint': tokenParams.loginHint,\n 'max_age': tokenParams.maxAge,\n 'nonce': tokenParams.nonce,\n 'prompt': tokenParams.prompt,\n 'redirect_uri': tokenParams.redirectUri,\n 'response_mode': tokenParams.responseMode,\n 'response_type': tokenParams.responseType,\n 'sessionToken': tokenParams.sessionToken,\n 'state': tokenParams.state,\n };\n oauthParams = removeNils(oauthParams) as OAuthParams;\n\n ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n if (Array.isArray(oauthParams[mayBeArray])) {\n oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n }\n });\n\n if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n tokenParams.scopes!.indexOf('openid') === -1) {\n throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n } else {\n oauthParams.scope = tokenParams.scopes!.join(' ');\n }\n\n return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n return toQueryString({ \n ...oauthQueryParams, \n ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n });\n}\n"],"file":"authorize.js"}
|
|
@@ -97,6 +97,7 @@ function postRefreshToken(sdk, options, refreshToken) {
|
|
|
97
97
|
refresh_token: refreshToken.refreshToken // eslint-disable-line camelcase
|
|
98
98
|
|
|
99
99
|
}).map(function ([name, value]) {
|
|
100
|
+
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
100
101
|
return name + '=' + encodeURIComponent(value);
|
|
101
102
|
}).join('&')
|
|
102
103
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","slice","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","Object","entries","client_id","grant_type","scope","scopes","join","refresh_token","map","name","value","encodeURIComponent"],"mappings":";;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;AACxB,UAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;AAC1D,UAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;AACzB,UAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;AACtD;AACA,MAAIS,MAAmB,GAAG,sBAAW;AACnC,iBAAaT,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACG,WAFW;AAGnC,kBAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBL,OAAO,CAACM;AAJU,GAAX,CAA1B;;AAOA,MAAIN,OAAO,CAACK,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;AACD,GAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;AACD;;AAED,QAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACR,OAA7B;;AACA,MAAIW,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAO,yBAAcF,MAAd,EAAsBG,KAAtB,CAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASC,mBAAT,CAA6BL,GAA7B,EAAkCR,OAAlC,EAAwDc,IAAxD,EAAkG;AACvGf,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIe,IAAI,GAAGR,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;AAEA,QAAMgB,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAO,uBAAYR,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CAA0Bb,GAA1B,EAA+BR,OAA/B,EAAqDsB,YAArD,EAAyG;AAC9G,SAAO,uBAAYd,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAEG,MAAM,CAACC,OAAP,CAAe;AACnBC,MAAAA,SAAS,EAAEzB,OAAO,CAACC,QADA;AACU;AAC7ByB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEL,YAAY,CAACM,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAER,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,EAKHS,GALG,CAKC,UAAU,CAACC,IAAD,EAAOC,KAAP,CAAV,EAAyB;AAC9B,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","slice","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","Object","entries","client_id","grant_type","scope","scopes","join","refresh_token","map","name","value","encodeURIComponent"],"mappings":";;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;AACxB,UAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;AAC1D,UAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;AACzB,UAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;AACtD;AACA,MAAIS,MAAmB,GAAG,sBAAW;AACnC,iBAAaT,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACG,WAFW;AAGnC,kBAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBL,OAAO,CAACM;AAJU,GAAX,CAA1B;;AAOA,MAAIN,OAAO,CAACK,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;AACD,GAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;AACD;;AAED,QAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACR,OAA7B;;AACA,MAAIW,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAO,yBAAcF,MAAd,EAAsBG,KAAtB,CAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASC,mBAAT,CAA6BL,GAA7B,EAAkCR,OAAlC,EAAwDc,IAAxD,EAAkG;AACvGf,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIe,IAAI,GAAGR,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;AAEA,QAAMgB,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAO,uBAAYR,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CAA0Bb,GAA1B,EAA+BR,OAA/B,EAAqDsB,YAArD,EAAyG;AAC9G,SAAO,uBAAYd,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAEG,MAAM,CAACC,OAAP,CAAe;AACnBC,MAAAA,SAAS,EAAEzB,OAAO,CAACC,QADA;AACU;AAC7ByB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEL,YAAY,CAACM,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAER,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,EAKHS,GALG,CAKC,UAAU,CAACC,IAAD,EAAOC,KAAP,CAAV,EAAyB;AAC9B;AACA,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KARK,EAQHJ,IARG,CAQE,GARF;AAPgB,GAAjB,CAAP;AAiBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const headers = {\n 'Content-Type': 'application/x-www-form-urlencoded'\n };\n\n return httpRequest(sdk, {\n url: urls.tokenUrl,\n method: 'POST',\n args: data,\n headers\n });\n}\n\nexport function postRefreshToken(sdk, options: TokenParams, refreshToken: RefreshToken): Promise<OAuthResponse> {\n return httpRequest(sdk, {\n url: refreshToken.tokenUrl,\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n\n args: Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return name + '=' + encodeURIComponent(value!);\n }).join('&'),\n });\n}"],"file":"token.js"}
|
|
@@ -2,8 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
exports.exchangeCodeForTokens = exchangeCodeForTokens;
|
|
4
4
|
|
|
5
|
-
var _oidc = require("../oidc");
|
|
6
|
-
|
|
7
5
|
var _util = require("./util");
|
|
8
6
|
|
|
9
7
|
var _util2 = require("../util");
|
|
@@ -12,6 +10,8 @@ var _token = require("./endpoints/token");
|
|
|
12
10
|
|
|
13
11
|
var _handleOAuthResponse = require("./handleOAuthResponse");
|
|
14
12
|
|
|
13
|
+
/* eslint-disable @typescript-eslint/no-non-null-assertion */
|
|
14
|
+
|
|
15
15
|
/* eslint-disable max-len */
|
|
16
16
|
|
|
17
17
|
/*!
|
|
@@ -28,7 +28,7 @@ var _handleOAuthResponse = require("./handleOAuthResponse");
|
|
|
28
28
|
*/
|
|
29
29
|
// codeVerifier is required. May pass either an authorizationCode or interactionCode
|
|
30
30
|
function exchangeCodeForTokens(sdk, tokenParams, urls) {
|
|
31
|
-
urls = urls || (0,
|
|
31
|
+
urls = urls || (0, _util.getOAuthUrls)(sdk, tokenParams); // build params using defaults + options
|
|
32
32
|
|
|
33
33
|
tokenParams = Object.assign({}, (0, _util.getDefaultTokenParams)(sdk), (0, _util2.clone)(tokenParams));
|
|
34
34
|
const {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","Object","assign","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","indexOf","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":";;;;
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","Object","assign","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","indexOf","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":";;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAA8CC,WAA9C,EAAwEC,IAAxE,EAAmH;AACxHA,EAAAA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADwH,CAExH;;AACAA,EAAAA,WAAW,GAAGE,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,iCAAsBJ,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;AAEA,QAAM;AACJI,IAAAA,iBADI;AAEJC,IAAAA,eAFI;AAGJC,IAAAA,YAHI;AAIJC,IAAAA,QAJI;AAKJC,IAAAA,WALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,eAPI;AAQJC,IAAAA;AARI,MASFX,WATJ;AAWA,MAAIY,eAAe,GAAG;AACpBL,IAAAA,QADoB;AAEpBC,IAAAA,WAFoB;AAGpBJ,IAAAA,iBAHoB;AAIpBC,IAAAA,eAJoB;AAKpBC,IAAAA;AALoB,GAAtB;AAQA,SAAO,gCAAoBP,GAApB,EAAyBa,eAAzB,EAA0CX,IAA1C,EACJY,IADI,CACEC,QAAD,IAA6B;AAEjC;AACA;AACA;AACA,UAAMC,YAAY,GAAG,CAAC,OAAD,CAArB,CALiC,CAKD;;AAChC,QAAIN,MAAM,CAAEO,OAAR,CAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;AACpCD,MAAAA,YAAY,CAACE,IAAb,CAAkB,UAAlB,EADoC,CACL;AAChC;;AACD,UAAMC,qBAAkC,GAAG;AACzCX,MAAAA,QADyC;AAEzCC,MAAAA,WAFyC;AAGzCC,MAAAA,MAHyC;AAIzCM,MAAAA,YAJyC;AAKzCL,MAAAA;AALyC,KAA3C;AAOA,WAAO,8CAAoBX,GAApB,EAAyBmB,qBAAzB,EAAgDJ,QAAhD,EAA0Db,IAA1D,EACJY,IADI,CACEC,QAAD,IAA6B;AACjC;AACAA,MAAAA,QAAQ,CAACK,IAAT,GAAgBf,iBAAhB;AACAU,MAAAA,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;AACA,aAAOG,QAAP;AACD,KANI,CAAP;AAOD,GAxBI,EAyBJM,OAzBI,CAyBI,MAAM;AACbrB,IAAAA,GAAG,CAACsB,kBAAJ,CAAuBC,KAAvB;AACD,GA3BI,CAAP;AA4BD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OktaAuth, TokenParams, TokenResponse } from '../types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuth, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state\n } = tokenParams;\n\n var getTokenOptions = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n };\n\n return postToTokenEndpoint(sdk, getTokenOptions, urls)\n .then((response: OAuthResponse) => {\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType = ['token']; // an accessToken will always be returned\n if (scopes!.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n };\n return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n .then((response: TokenResponse) => {\n // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n response.code = authorizationCode;\n response.state = state!;\n return response;\n });\n })\n .finally(() => {\n sdk.transactionManager.clear();\n });\n}"],"file":"exchangeCodeForTokens.js"}
|
package/cjs/oidc/getToken.js
CHANGED
|
@@ -134,7 +134,9 @@ function getToken(sdk, options) {
|
|
|
134
134
|
return (0, _handleOAuthResponse.handleOAuthResponse)(sdk, tokenParams, res, urls);
|
|
135
135
|
}).finally(function () {
|
|
136
136
|
if (document.body.contains(iframeEl)) {
|
|
137
|
-
|
|
137
|
+
var _iframeEl$parentEleme;
|
|
138
|
+
|
|
139
|
+
(_iframeEl$parentEleme = iframeEl.parentElement) === null || _iframeEl$parentEleme === void 0 ? void 0 : _iframeEl$parentEleme.removeChild(iframeEl);
|
|
138
140
|
}
|
|
139
141
|
});
|
|
140
142
|
|
package/cjs/oidc/getToken.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;AAeA;;AAKA;;AAQA;;AACA;;AAEA;;AA9BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,QAAMM,WAAW,GAAGN,OAAO,CAACM,WAA5B;AACAN,EAAAA,OAAO,CAACM,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBR,GAAnB,EAAwBC,OAAxB,EACJQ,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIb,OAAO,CAACe,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIV,OAAO,CAACkB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAatB,GAAb,EAAkBU,WAAlB,CAAP;AACAW,IAAAA,QAAQ,GAAGpB,OAAO,CAACsB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBX,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuB3B,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AACpCA,YAAAA,QAAQ,CAACM,aAAT,CAAuBC,WAAvB,CAAmCP,QAAnC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACb,GAAG,CAACuC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIlC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACDgC,UAAAA,YAAY,GAAG,kCAAuBtC,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAItC,OAAJ,CAAY,UAAUuC,OAAV,EAAmBtC,MAAnB,EAA2B;AACxD,cAAIuC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACAgC,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,YAAAA,MAAM,CAAC4C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA2CT,IAA3C,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI5C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n PopupParams,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getToken.ts"],"names":["getToken","sdk","options","arguments","length","Promise","reject","AuthSdkError","popupWindow","undefined","then","tokenParams","sessionTokenOverrides","prompt","responseMode","display","idpOverrides","sessionToken","Object","assign","idp","requestUrl","endpoint","urls","codeVerifier","tokenUrl","authorizeUrl","flowType","iframePromise","timeout","state","iframeEl","res","finally","document","body","contains","parentElement","removeChild","oauthPromise","features","isPopupPostMessageSupported","location","popupPromise","resolve","closePoller","setInterval","closed","clearInterval","catch","err","close"],"mappings":";;;;;;AAeA;;AAKA;;AASA;;AACA;;AAEA;;AA/BA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,QAAT,CAAkBC,GAAlB,EAAiCC,OAAjC,EAAqE;AAC1E,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,qBAAJ,CAAiB,kEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAL0E,CAO1E;AACA;;AACA,QAAMM,WAAW,GAAGN,OAAO,CAACM,WAA5B;AACAN,EAAAA,OAAO,CAACM,WAAR,GAAsBC,SAAtB;AAEA,SAAO,4CAAmBR,GAAnB,EAAwBC,OAAxB,EACJQ,IADI,CACC,UAAUC,WAAV,EAAoC;AAExC;AACA,QAAIC,qBAAqB,GAAG;AAC1BC,MAAAA,MAAM,EAAE,MADkB;AAE1BC,MAAAA,YAAY,EAAE,mBAFY;AAG1BC,MAAAA,OAAO,EAAE;AAHiB,KAA5B;AAMA,QAAIC,YAAY,GAAG;AACjBD,MAAAA,OAAO,EAAE;AADQ,KAAnB;;AAIA,QAAIb,OAAO,CAACe,YAAZ,EAA0B;AACxBC,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BC,qBAA3B;AACD,KAFD,MAEO,IAAIV,OAAO,CAACkB,GAAZ,EAAiB;AACtBF,MAAAA,MAAM,CAACC,MAAP,CAAcR,WAAd,EAA2BK,YAA3B;AACD,KAjBuC,CAmBxC;;;AACA,QAAIK,UAAJ,EACEC,QADF,EAEEC,IAFF,CApBwC,CAwBxC;;AACAA,IAAAA,IAAI,GAAG,wBAAatB,GAAb,EAAkBU,WAAlB,CAAP;AACAW,IAAAA,QAAQ,GAAGpB,OAAO,CAACsB,YAAR,GAAuBD,IAAI,CAACE,QAA5B,GAAuCF,IAAI,CAACG,YAAvD;AACAL,IAAAA,UAAU,GAAGC,QAAQ,GAAG,qCAAqBX,WAArB,CAAxB,CA3BwC,CA6BxC;;AACA,QAAIgB,QAAJ;;AACA,QAAIhB,WAAW,CAACM,YAAZ,IAA4BN,WAAW,CAACI,OAAZ,KAAwB,IAAxD,EAA8D;AAC5DY,MAAAA,QAAQ,GAAG,QAAX;AACD,KAFD,MAEO,IAAIhB,WAAW,CAACI,OAAZ,KAAwB,OAA5B,EAAqC;AAC1CY,MAAAA,QAAQ,GAAG,OAAX;AACD,KAFM,MAEA;AACLA,MAAAA,QAAQ,GAAG,UAAX;AACD,KArCuC,CAuCxC;;;AACA,YAAQA,QAAR;AACE,WAAK,QAAL;AACE,YAAIC,aAAa,GAAG,kCAAuB3B,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAApB;AACA,YAAIC,QAAQ,GAAG,qBAAUV,UAAV,CAAf;AACA,eAAOO,aAAa,CACjBlB,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIC,QAAQ,CAACC,IAAT,CAAcC,QAAd,CAAuBL,QAAvB,CAAJ,EAAsC;AAAA;;AACpC,qCAAAA,QAAQ,CAACM,aAAT,gFAAwBC,WAAxB,CAAoCP,QAApC;AACD;AACF,SARI,CAAP;;AAUF,WAAK,OAAL;AACE,YAAIQ,YAAJ,CADF,CACoB;AAElB;AACA;;AACA,YAAI5B,WAAW,CAACG,YAAZ,KAA6B,mBAAjC,EAAsD;AACpD,cAAI,CAACb,GAAG,CAACuC,QAAJ,CAAaC,2BAAb,EAAL,EAAiD;AAC/C,kBAAM,IAAIlC,qBAAJ,CAAiB,qDAAjB,CAAN;AACD;;AACDgC,UAAAA,YAAY,GAAG,kCAAuBtC,GAAvB,EAA4BC,OAAO,CAAC2B,OAApC,EAA6ClB,WAAW,CAACmB,KAAzD,CAAf;AACD,SAVH,CAYE;AACA;;;AACA,YAAItB,WAAJ,EAAiB;AACfA,UAAAA,WAAW,CAACkC,QAAZ,CAAqBvB,MAArB,CAA4BE,UAA5B;AACD,SAhBH,CAkBE;;;AACA,YAAIsB,YAAY,GAAG,IAAItC,OAAJ,CAAY,UAAUuC,OAAV,EAAmBtC,MAAnB,EAA2B;AACxD,cAAIuC,WAAW,GAAGC,WAAW,CAAC,YAAY;AACxC,gBAAI,CAACtC,WAAD,IAAgBA,WAAW,CAACuC,MAAhC,EAAwC;AACtCC,cAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,cAAAA,MAAM,CAAC,IAAIC,qBAAJ,CAAiB,qCAAjB,CAAD,CAAN;AACD;AACF,WAL4B,EAK1B,GAL0B,CAA7B,CADwD,CAQxD;;AACAgC,UAAAA,YAAY,CACT7B,IADH,CACQ,UAAUsB,GAAV,EAAe;AACnBgB,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAD,YAAAA,OAAO,CAACZ,GAAD,CAAP;AACD,WAJH,EAKGiB,KALH,CAKS,UAAUC,GAAV,EAAe;AACpBF,YAAAA,aAAa,CAACH,WAAD,CAAb;AACAvC,YAAAA,MAAM,CAAC4C,GAAD,CAAN;AACD,WARH;AASD,SAlBkB,CAAnB;AAoBA,eAAOP,YAAY,CAChBjC,IADI,CACC,UAAUsB,GAAV,EAAe;AACnB,iBAAO,8CAAoB/B,GAApB,EAAyBU,WAAzB,EAAsCqB,GAAtC,EAA4DT,IAA5D,CAAP;AACD,SAHI,EAIJU,OAJI,CAII,YAAY;AACnB,cAAIzB,WAAW,IAAI,CAACA,WAAW,CAACuC,MAAhC,EAAwC;AACtCvC,YAAAA,WAAW,CAAC2C,KAAZ;AACD;AACF,SARI,CAAP;;AAUF;AACE,cAAM,IAAI5C,qBAAJ,CAAiB,8CAAjB,CAAN;AAhEJ;AAkED,GA3GI,CAAP;AA4GD","sourcesContent":["\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n getOAuthUrls,\n loadFrame,\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n OktaAuth,\n TokenParams,\n PopupParams,\n OAuthResponse,\n} from '../types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { addPostMessageListener } from './util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n * 1) Exchange a sessionToken for a token\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n * sessionToken: 'yourtoken'\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n *\n * Forced:\n * prompt: 'none'\n * responseMode: 'okta_post_message'\n * display: undefined\n *\n * 2) Get a token from an idp\n *\n * Required:\n * clientId: passed via the OktaAuth constructor or into getToken\n *\n * Optional:\n * redirectUri: defaults to window.location.href\n * scopes: defaults to ['openid', 'email']\n * idp: defaults to Okta as an idp\n * prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n * Forced:\n * display: 'popup'\n *\n * Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n * Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n * Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuth, options: TokenParams & PopupParams) {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n }\n\n options = options || {};\n\n // window object cannot be serialized, save for later use\n // TODO: move popup related params into a separate options object\n const popupWindow = options.popupWindow;\n options.popupWindow = undefined;\n\n return prepareTokenParams(sdk, options)\n .then(function (tokenParams: TokenParams) {\n\n // Start overriding any options that don't make sense\n var sessionTokenOverrides = {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n };\n\n var idpOverrides = {\n display: 'popup'\n };\n\n if (options.sessionToken) {\n Object.assign(tokenParams, sessionTokenOverrides);\n } else if (options.idp) {\n Object.assign(tokenParams, idpOverrides);\n }\n\n // Use the query params to build the authorize url\n var requestUrl,\n endpoint,\n urls;\n\n // Get authorizeUrl and issuer\n urls = getOAuthUrls(sdk, tokenParams);\n endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n // Determine the flow type\n var flowType;\n if (tokenParams.sessionToken || tokenParams.display === null) {\n flowType = 'IFRAME';\n } else if (tokenParams.display === 'popup') {\n flowType = 'POPUP';\n } else {\n flowType = 'IMPLICIT';\n }\n\n // Execute the flow type\n switch (flowType) {\n case 'IFRAME':\n var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n var iframeEl = loadFrame(requestUrl);\n return iframePromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (document.body.contains(iframeEl)) {\n iframeEl.parentElement?.removeChild(iframeEl);\n }\n });\n\n case 'POPUP':\n var oauthPromise; // resolves with OAuth response\n\n // Add listener on postMessage before window creation, so\n // postMessage isn't triggered before we're listening\n if (tokenParams.responseMode === 'okta_post_message') {\n if (!sdk.features.isPopupPostMessageSupported()) {\n throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n }\n oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n }\n\n // Redirect for authorization\n // popupWindown can be null when popup is blocked\n if (popupWindow) { \n popupWindow.location.assign(requestUrl);\n }\n\n // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n var popupPromise = new Promise(function (resolve, reject) {\n var closePoller = setInterval(function () {\n if (!popupWindow || popupWindow.closed) {\n clearInterval(closePoller);\n reject(new AuthSdkError('Unable to parse OAuth flow response'));\n }\n }, 100);\n\n // Proxy the OAuth promise results\n oauthPromise\n .then(function (res) {\n clearInterval(closePoller);\n resolve(res);\n })\n .catch(function (err) {\n clearInterval(closePoller);\n reject(err);\n });\n });\n\n return popupPromise\n .then(function (res) {\n return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n })\n .finally(function () {\n if (popupWindow && !popupWindow.closed) {\n popupWindow.close();\n }\n });\n\n default:\n throw new AuthSdkError('The full page redirect flow is not supported');\n }\n });\n}"],"file":"getToken.js"}
|
|
@@ -10,6 +10,8 @@ var _util2 = require("./util");
|
|
|
10
10
|
|
|
11
11
|
var _authorize = require("./endpoints/authorize");
|
|
12
12
|
|
|
13
|
+
/* eslint-disable @typescript-eslint/no-non-null-assertion */
|
|
14
|
+
|
|
13
15
|
/*!
|
|
14
16
|
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
15
17
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -22,48 +24,19 @@ var _authorize = require("./endpoints/authorize");
|
|
|
22
24
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
23
25
|
*
|
|
24
26
|
*/
|
|
25
|
-
function getWithRedirect(sdk, options) {
|
|
27
|
+
async function getWithRedirect(sdk, options) {
|
|
26
28
|
if (arguments.length > 2) {
|
|
27
29
|
return Promise.reject(new _errors.AuthSdkError('As of version 3.0, "getWithRedirect" takes only a single set of options'));
|
|
28
30
|
}
|
|
29
31
|
|
|
30
32
|
options = (0, _util.clone)(options) || {};
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
const {
|
|
37
|
-
responseType,
|
|
38
|
-
state,
|
|
39
|
-
nonce,
|
|
40
|
-
scopes,
|
|
41
|
-
clientId,
|
|
42
|
-
ignoreSignature,
|
|
43
|
-
redirectUri,
|
|
44
|
-
codeVerifier,
|
|
45
|
-
codeChallenge,
|
|
46
|
-
codeChallengeMethod
|
|
47
|
-
} = tokenParams;
|
|
48
|
-
const oauthMeta = {
|
|
49
|
-
issuer,
|
|
50
|
-
responseType,
|
|
51
|
-
state,
|
|
52
|
-
nonce,
|
|
53
|
-
scopes,
|
|
54
|
-
clientId,
|
|
55
|
-
urls,
|
|
56
|
-
ignoreSignature,
|
|
57
|
-
redirectUri,
|
|
58
|
-
codeVerifier,
|
|
59
|
-
codeChallenge,
|
|
60
|
-
codeChallengeMethod
|
|
61
|
-
};
|
|
62
|
-
sdk.transactionManager.save(oauthMeta, {
|
|
63
|
-
oauth: true
|
|
64
|
-
});
|
|
65
|
-
|
|
66
|
-
sdk.token.getWithRedirect._setLocation(requestUrl);
|
|
33
|
+
const tokenParams = await (0, _util2.prepareTokenParams)(sdk, options);
|
|
34
|
+
const meta = (0, _util2.createOAuthMeta)(sdk, tokenParams);
|
|
35
|
+
const requestUrl = meta.urls.authorizeUrl + (0, _authorize.buildAuthorizeParams)(tokenParams);
|
|
36
|
+
sdk.transactionManager.save(meta, {
|
|
37
|
+
oauth: true
|
|
67
38
|
});
|
|
39
|
+
|
|
40
|
+
sdk.token.getWithRedirect._setLocation(requestUrl);
|
|
68
41
|
}
|
|
69
42
|
//# sourceMappingURL=getWithRedirect.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","Promise","reject","AuthSdkError","tokenParams","meta","requestUrl","urls","authorizeUrl","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAA8CC,OAA9C,EAAoF;AACzF,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAOC,OAAO,CAACC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDL,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,QAAMM,WAAW,GAAG,MAAM,+BAAmBP,GAAnB,EAAwBC,OAAxB,CAA1B;AACA,QAAMO,IAAI,GAAG,4BAAgBR,GAAhB,EAAqBO,WAArB,CAAb;AACA,QAAME,UAAU,GAAGD,IAAI,CAACE,IAAL,CAAUC,YAAV,GAAyB,qCAAqBJ,WAArB,CAA5C;AACAP,EAAAA,GAAG,CAACY,kBAAJ,CAAuBC,IAAvB,CAA4BL,IAA5B,EAAkC;AAAEM,IAAAA,KAAK,EAAE;AAAT,GAAlC;;AACAd,EAAAA,GAAG,CAACe,KAAJ,CAAUhB,eAAV,CAA0BiB,YAA1B,CAAuCP,UAAvC;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuth, options?: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n const tokenParams = await prepareTokenParams(sdk, options);\n const meta = createOAuthMeta(sdk, tokenParams);\n const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n sdk.transactionManager.save(meta, { oauth: true });\n sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"file":"getWithRedirect.js"}
|