@okta/okta-auth-js 5.9.1 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +56 -0
- package/README.md +16 -3
- package/cjs/AuthStateManager.js +2 -1
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +95 -78
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/OktaUserAgent.js.map +1 -1
- package/cjs/PromiseQueue.js +6 -1
- package/cjs/PromiseQueue.js.map +1 -1
- package/cjs/StorageManager.js +3 -1
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TokenManager.js +33 -5
- package/cjs/TokenManager.js.map +1 -1
- package/cjs/TransactionManager.js +17 -4
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +7 -5
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/browser/fingerprint.js +3 -1
- package/cjs/browser/fingerprint.js.map +1 -1
- package/cjs/builderUtil.js +3 -17
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/crypto/oidcHash.js.map +1 -1
- package/cjs/features.js +9 -3
- package/cjs/features.js.map +1 -1
- package/cjs/fetch/fetchRequest.js +2 -1
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/request.js +2 -0
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/authenticate.js +8 -5
- package/cjs/idx/authenticate.js.map +1 -1
- package/cjs/idx/authenticator/Authenticator.js +14 -0
- package/cjs/idx/authenticator/Authenticator.js.map +1 -0
- package/cjs/idx/authenticator/OktaPassword.js +31 -0
- package/cjs/idx/authenticator/OktaPassword.js.map +1 -0
- package/cjs/idx/authenticator/OktaVerifyTotp.js +17 -0
- package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -0
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +50 -0
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -0
- package/cjs/idx/authenticator/SecurityQuestionVerification.js +32 -0
- package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -0
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +34 -0
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -0
- package/cjs/idx/authenticator/getAuthenticator.js +41 -0
- package/cjs/idx/authenticator/getAuthenticator.js.map +1 -0
- package/cjs/idx/authenticator/index.js +80 -0
- package/cjs/idx/authenticator/index.js.map +1 -0
- package/cjs/idx/cancel.js +5 -0
- package/cjs/idx/cancel.js.map +1 -1
- package/cjs/idx/emailVerify.js +73 -0
- package/cjs/idx/emailVerify.js.map +1 -0
- package/cjs/idx/flow/AuthenticationFlow.js +4 -1
- package/cjs/idx/flow/AuthenticationFlow.js.map +1 -1
- package/cjs/idx/flow/FlowSpecification.js +16 -14
- package/cjs/idx/flow/FlowSpecification.js.map +1 -1
- package/cjs/idx/flow/RegistrationFlow.js +3 -0
- package/cjs/idx/flow/RegistrationFlow.js.map +1 -1
- package/cjs/idx/flow/index.js +0 -52
- package/cjs/idx/flow/index.js.map +1 -1
- package/cjs/idx/handleInteractionCodeRedirect.js +1 -0
- package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
- package/cjs/idx/index.js +26 -0
- package/cjs/idx/index.js.map +1 -1
- package/cjs/idx/interact.js +47 -29
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +12 -14
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/poll.js +59 -0
- package/cjs/idx/poll.js.map +1 -0
- package/cjs/idx/proceed.js +4 -7
- package/cjs/idx/proceed.js.map +1 -1
- package/cjs/idx/recoverPassword.js +1 -1
- package/cjs/idx/recoverPassword.js.map +1 -1
- package/cjs/idx/register.js +16 -14
- package/cjs/idx/register.js.map +1 -1
- package/cjs/idx/remediate.js +55 -92
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +11 -12
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js +8 -9
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +48 -35
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +53 -20
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +20 -19
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +8 -28
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengeAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengePoll.js +26 -0
- package/cjs/idx/remediators/ChallengePoll.js.map +1 -0
- package/cjs/idx/remediators/EnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/EnrollPoll.js +55 -0
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -0
- package/cjs/idx/remediators/EnrollProfile.js +4 -1
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js +80 -0
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -0
- package/cjs/idx/remediators/Identify.js +2 -35
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +1 -0
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ResetAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +23 -2
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/SelectEnrollmentChannel.js +74 -0
- package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -0
- package/cjs/idx/remediators/Skip.js +7 -0
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/remediators/index.js +52 -0
- package/cjs/idx/remediators/index.js.map +1 -1
- package/cjs/idx/remediators/util.js +7 -2
- package/cjs/idx/remediators/util.js.map +1 -1
- package/cjs/idx/run.js +110 -52
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/startTransaction.js +4 -2
- package/cjs/idx/startTransaction.js.map +1 -1
- package/cjs/idx/transactionMeta.js +82 -69
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +21 -4
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/index.js +14 -0
- package/cjs/index.js.map +1 -1
- package/cjs/oidc/endpoints/authorize.js +2 -0
- package/cjs/oidc/endpoints/authorize.js.map +1 -1
- package/cjs/oidc/endpoints/token.js +1 -0
- package/cjs/oidc/endpoints/token.js.map +1 -1
- package/cjs/oidc/exchangeCodeForTokens.js +3 -3
- package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
- package/cjs/oidc/getToken.js +3 -1
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +10 -37
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/handleOAuthResponse.js +80 -86
- package/cjs/oidc/handleOAuthResponse.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewToken.js.map +1 -1
- package/cjs/oidc/renewTokens.js +1 -1
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/revokeToken.js +28 -29
- package/cjs/oidc/revokeToken.js.map +1 -1
- package/cjs/oidc/util/index.js +14 -0
- package/cjs/oidc/util/index.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +6 -1
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/oauth.js.map +1 -1
- package/cjs/oidc/util/oauthMeta.js +36 -0
- package/cjs/oidc/util/oauthMeta.js.map +1 -0
- package/cjs/oidc/util/pkce.js.map +1 -1
- package/cjs/oidc/util/prepareTokenParams.js +57 -36
- package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +2 -0
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/oidc/verifyToken.js +2 -1
- package/cjs/oidc/verifyToken.js.map +1 -1
- package/cjs/options.js +6 -2
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +1 -1
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/services/TokenService.js +3 -0
- package/cjs/services/TokenService.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +3 -0
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/TransactionState.js +0 -17
- package/cjs/tx/TransactionState.js.map +1 -1
- package/cjs/tx/api.js +3 -2
- package/cjs/tx/api.js.map +1 -1
- package/cjs/types/Token.js.map +1 -1
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/util/index.js +0 -13
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/url.js.map +1 -1
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/index.js +2603 -1814
- package/esm/index.js.map +1 -1
- package/lib/AuthStateManager.d.ts +1 -2
- package/lib/OktaAuth.d.ts +4 -10
- package/lib/StorageManager.d.ts +1 -1
- package/lib/TokenManager.d.ts +4 -2
- package/lib/TransactionManager.d.ts +3 -2
- package/lib/browser/fingerprint.d.ts +1 -1
- package/lib/builderUtil.d.ts +1 -2
- package/lib/crypto/browser.d.ts +1 -1
- package/lib/features.d.ts +1 -1
- package/lib/idx/authenticate.d.ts +1 -1
- package/lib/idx/authenticator/Authenticator.d.ts +12 -0
- package/lib/idx/authenticator/OktaPassword.d.ts +11 -0
- package/lib/idx/authenticator/OktaVerifyTotp.d.ts +9 -0
- package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +28 -0
- package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +14 -0
- package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +10 -0
- package/lib/idx/authenticator/getAuthenticator.d.ts +3 -0
- package/lib/idx/authenticator/index.d.ts +6 -0
- package/lib/idx/cancel.d.ts +1 -1
- package/lib/{util → idx}/emailVerify.d.ts +10 -1
- package/lib/idx/flow/FlowSpecification.d.ts +1 -2
- package/lib/idx/flow/index.d.ts +0 -4
- package/lib/idx/index.d.ts +2 -0
- package/lib/idx/interact.d.ts +5 -11
- package/lib/idx/introspect.d.ts +3 -2
- package/lib/idx/{flow/AuthenticationFlowMonitor.d.ts → poll.d.ts} +3 -5
- package/lib/idx/proceed.d.ts +4 -1
- package/lib/idx/recoverPassword.d.ts +1 -1
- package/lib/idx/register.d.ts +1 -1
- package/lib/idx/remediate.d.ts +10 -4
- package/lib/idx/remediators/AuthenticatorEnrollmentData.d.ts +12 -8
- package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +3 -4
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +13 -8
- package/lib/idx/remediators/Base/Remediator.d.ts +9 -6
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +9 -8
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +10 -5
- package/lib/idx/{flow/RegistrationFlowMonitor.d.ts → remediators/ChallengePoll.d.ts} +3 -3
- package/lib/idx/{flow/PasswordRecoveryFlowMonitor.d.ts → remediators/EnrollPoll.d.ts} +12 -4
- package/lib/idx/remediators/EnrollProfile.d.ts +1 -1
- package/lib/idx/remediators/EnrollmentChannelData.d.ts +53 -0
- package/lib/idx/remediators/Identify.d.ts +2 -5
- package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -2
- package/lib/idx/remediators/RedirectIdp.d.ts +3 -3
- package/lib/idx/remediators/SelectAuthenticatorAuthenticate.d.ts +6 -2
- package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +39 -0
- package/lib/idx/remediators/Skip.d.ts +3 -0
- package/lib/idx/remediators/index.d.ts +4 -0
- package/lib/idx/remediators/util.d.ts +2 -2
- package/lib/idx/run.d.ts +4 -3
- package/lib/idx/startTransaction.d.ts +3 -2
- package/lib/idx/transactionMeta.d.ts +6 -27
- package/lib/idx/types/idx-js.d.ts +57 -2
- package/lib/idx/types/index.d.ts +25 -8
- package/lib/index.d.ts +1 -0
- package/lib/oidc/exchangeCodeForTokens.d.ts +12 -0
- package/lib/oidc/getWithRedirect.d.ts +1 -1
- package/lib/oidc/handleOAuthResponse.d.ts +1 -1
- package/lib/oidc/parseFromUrl.d.ts +1 -1
- package/lib/oidc/renewToken.d.ts +1 -1
- package/lib/oidc/renewTokens.d.ts +1 -1
- package/lib/oidc/util/browser.d.ts +1 -1
- package/lib/oidc/util/errors.d.ts +1 -1
- package/lib/oidc/util/index.d.ts +1 -0
- package/lib/oidc/util/oauth.d.ts +1 -8
- package/lib/oidc/util/oauthMeta.d.ts +2 -0
- package/lib/oidc/util/prepareTokenParams.d.ts +3 -0
- package/lib/server/serverStorage.d.ts +1 -1
- package/lib/services/TokenService.d.ts +2 -2
- package/lib/tx/AuthTransaction.d.ts +2 -2
- package/lib/tx/TransactionState.d.ts +11 -1
- package/lib/tx/api.d.ts +6 -6
- package/lib/types/OktaAuthOptions.d.ts +6 -6
- package/lib/types/Storage.d.ts +3 -3
- package/lib/types/Token.d.ts +1 -0
- package/lib/types/Transaction.d.ts +11 -0
- package/lib/types/UserClaims.d.ts +3 -3
- package/lib/types/api.d.ts +31 -17
- package/lib/util/console.d.ts +1 -1
- package/lib/util/index.d.ts +0 -1
- package/lib/util/types.d.ts +1 -1
- package/lib/util/url.d.ts +2 -2
- package/package.json +6 -8
- package/cjs/idx/flow/AuthenticationFlowMonitor.js +0 -45
- package/cjs/idx/flow/AuthenticationFlowMonitor.js.map +0 -1
- package/cjs/idx/flow/FlowMonitor.js +0 -69
- package/cjs/idx/flow/FlowMonitor.js.map +0 -1
- package/cjs/idx/flow/PasswordRecoveryFlowMonitor.js +0 -55
- package/cjs/idx/flow/PasswordRecoveryFlowMonitor.js.map +0 -1
- package/cjs/idx/flow/RegistrationFlowMonitor.js +0 -35
- package/cjs/idx/flow/RegistrationFlowMonitor.js.map +0 -1
- package/cjs/util/emailVerify.js +0 -28
- package/cjs/util/emailVerify.js.map +0 -1
- package/lib/idx/flow/FlowMonitor.d.ts +0 -23
|
@@ -12,7 +12,9 @@ var _exchangeCodeForTokens = require("./exchangeCodeForTokens");
|
|
|
12
12
|
|
|
13
13
|
var _verifyToken = require("./verifyToken");
|
|
14
14
|
|
|
15
|
-
var
|
|
15
|
+
var _util2 = require("./util");
|
|
16
|
+
|
|
17
|
+
/* eslint-disable @typescript-eslint/no-non-null-assertion */
|
|
16
18
|
|
|
17
19
|
/* eslint-disable complexity, max-statements */
|
|
18
20
|
|
|
@@ -29,17 +31,16 @@ var _ = require(".");
|
|
|
29
31
|
*
|
|
30
32
|
*/
|
|
31
33
|
function validateResponse(res, oauthParams) {
|
|
32
|
-
if (res['error']
|
|
34
|
+
if (res['error'] && res['error_description']) {
|
|
33
35
|
throw new _errors.OAuthError(res['error'], res['error_description']);
|
|
34
36
|
}
|
|
35
37
|
|
|
36
38
|
if (res.state !== oauthParams.state) {
|
|
37
39
|
throw new _errors.AuthSdkError('OAuth flow response state doesn\'t match request state');
|
|
38
40
|
}
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
+
}
|
|
41
42
|
|
|
42
|
-
function handleOAuthResponse(sdk, tokenParams, res, urls) {
|
|
43
|
+
async function handleOAuthResponse(sdk, tokenParams, res, urls) {
|
|
43
44
|
var pkce = sdk.options.pkce !== false; // The result contains an authorization_code and PKCE is enabled
|
|
44
45
|
// `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result
|
|
45
46
|
|
|
@@ -50,9 +51,9 @@ function handleOAuthResponse(sdk, tokenParams, res, urls) {
|
|
|
50
51
|
}), urls);
|
|
51
52
|
}
|
|
52
53
|
|
|
53
|
-
tokenParams = tokenParams || (0,
|
|
54
|
+
tokenParams = tokenParams || (0, _util2.getDefaultTokenParams)(sdk);
|
|
54
55
|
urls = urls || (0, _oauth.getOAuthUrls)(sdk, tokenParams);
|
|
55
|
-
var responseType = tokenParams.responseType;
|
|
56
|
+
var responseType = tokenParams.responseType || [];
|
|
56
57
|
|
|
57
58
|
if (!Array.isArray(responseType)) {
|
|
58
59
|
responseType = [responseType];
|
|
@@ -68,90 +69,83 @@ function handleOAuthResponse(sdk, tokenParams, res, urls) {
|
|
|
68
69
|
|
|
69
70
|
var clientId = tokenParams.clientId || sdk.options.clientId; // Handling the result from implicit flow or PKCE token exchange
|
|
70
71
|
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
};
|
|
93
|
-
}
|
|
72
|
+
validateResponse(res, tokenParams);
|
|
73
|
+
var tokenDict = {};
|
|
74
|
+
var expiresIn = res.expires_in;
|
|
75
|
+
var tokenType = res.token_type;
|
|
76
|
+
var accessToken = res.access_token;
|
|
77
|
+
var idToken = res.id_token;
|
|
78
|
+
var refreshToken = res.refresh_token;
|
|
79
|
+
var now = Math.floor(Date.now() / 1000);
|
|
80
|
+
|
|
81
|
+
if (accessToken) {
|
|
82
|
+
var accessJwt = sdk.token.decode(accessToken);
|
|
83
|
+
tokenDict.accessToken = {
|
|
84
|
+
accessToken: accessToken,
|
|
85
|
+
claims: accessJwt.payload,
|
|
86
|
+
expiresAt: Number(expiresIn) + now,
|
|
87
|
+
tokenType: tokenType,
|
|
88
|
+
scopes: scopes,
|
|
89
|
+
authorizeUrl: urls.authorizeUrl,
|
|
90
|
+
userinfoUrl: urls.userinfoUrl
|
|
91
|
+
};
|
|
92
|
+
}
|
|
94
93
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
94
|
+
if (refreshToken) {
|
|
95
|
+
tokenDict.refreshToken = {
|
|
96
|
+
refreshToken: refreshToken,
|
|
97
|
+
// should not be used, this is the accessToken expire time
|
|
98
|
+
// TODO: remove "expiresAt" in the next major version OKTA-407224
|
|
99
|
+
expiresAt: Number(expiresIn) + now,
|
|
100
|
+
scopes: scopes,
|
|
101
|
+
tokenUrl: urls.tokenUrl,
|
|
102
|
+
authorizeUrl: urls.authorizeUrl,
|
|
103
|
+
issuer: urls.issuer
|
|
104
|
+
};
|
|
105
|
+
}
|
|
107
106
|
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
if (tokenParams.ignoreSignature !== undefined) {
|
|
128
|
-
validationParams.ignoreSignature = tokenParams.ignoreSignature;
|
|
129
|
-
}
|
|
130
|
-
|
|
131
|
-
return (0, _verifyToken.verifyToken)(sdk, idTokenObj, validationParams).then(function () {
|
|
132
|
-
tokenDict.idToken = idTokenObj;
|
|
133
|
-
return tokenDict;
|
|
134
|
-
});
|
|
135
|
-
}
|
|
107
|
+
if (idToken) {
|
|
108
|
+
var idJwt = sdk.token.decode(idToken);
|
|
109
|
+
var idTokenObj = {
|
|
110
|
+
idToken: idToken,
|
|
111
|
+
claims: idJwt.payload,
|
|
112
|
+
expiresAt: idJwt.payload.exp - idJwt.payload.iat + now,
|
|
113
|
+
// adjusting expiresAt to be in local time
|
|
114
|
+
scopes: scopes,
|
|
115
|
+
authorizeUrl: urls.authorizeUrl,
|
|
116
|
+
issuer: urls.issuer,
|
|
117
|
+
clientId: clientId
|
|
118
|
+
};
|
|
119
|
+
var validationParams = {
|
|
120
|
+
clientId: clientId,
|
|
121
|
+
issuer: urls.issuer,
|
|
122
|
+
nonce: tokenParams.nonce,
|
|
123
|
+
accessToken: accessToken
|
|
124
|
+
};
|
|
136
125
|
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
// Validate received tokens against requested response types
|
|
140
|
-
if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {
|
|
141
|
-
// eslint-disable-next-line max-len
|
|
142
|
-
throw new _errors.AuthSdkError('Unable to parse OAuth flow response: response type "token" was requested but "access_token" was not returned.');
|
|
126
|
+
if (tokenParams.ignoreSignature !== undefined) {
|
|
127
|
+
validationParams.ignoreSignature = tokenParams.ignoreSignature;
|
|
143
128
|
}
|
|
144
129
|
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
}
|
|
130
|
+
await (0, _verifyToken.verifyToken)(sdk, idTokenObj, validationParams);
|
|
131
|
+
tokenDict.idToken = idTokenObj;
|
|
132
|
+
} // Validate received tokens against requested response types
|
|
149
133
|
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
134
|
+
|
|
135
|
+
if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {
|
|
136
|
+
// eslint-disable-next-line max-len
|
|
137
|
+
throw new _errors.AuthSdkError('Unable to parse OAuth flow response: response type "token" was requested but "access_token" was not returned.');
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {
|
|
141
|
+
// eslint-disable-next-line max-len
|
|
142
|
+
throw new _errors.AuthSdkError('Unable to parse OAuth flow response: response type "id_token" was requested but "id_token" was not returned.');
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
return {
|
|
146
|
+
tokens: tokenDict,
|
|
147
|
+
state: res.state,
|
|
148
|
+
code: res.code
|
|
149
|
+
};
|
|
156
150
|
}
|
|
157
151
|
//# sourceMappingURL=handleOAuthResponse.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","Object","assign","authorizationCode","interactionCode","responseType","Array","isArray","scopes","scope","split","clientId","Promise","resolve","then","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","token","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","indexOf","tokens"],"mappings":";;;;AAcA;;AACA;;AAGA;;AAWA;;AACA;;AACA;;AA9BA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAoBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;AACtE,MAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;AAC5C,UAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;AACD;;AAED,MAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;AACnC,UAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;AACD;AACF,C,CAED;;;AACO,SAASC,mBAAT,CAA6BC,GAA7B,EAA4CC,WAA5C,EAAsEP,GAAtE,EAA0FQ,IAA1F,EAAoI;AACzI,MAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADyI,CAGzI;AACA;;AACA,MAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;AAC9C,WAAO,kDAAsBN,GAAtB,EAA2BO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBP,WAAlB,EAA+B;AAC/DQ,MAAAA,iBAAiB,EAAEf,GAAG,CAACW,IADwC;AAE/DK,MAAAA,eAAe,EAAEhB,GAAG,CAACY;AAF0C,KAA/B,CAA3B,EAGHJ,IAHG,CAAP;AAID;;AAEDD,EAAAA,WAAW,GAAGA,WAAW,IAAI,6BAAsBD,GAAtB,CAA7B;AACAE,EAAAA,IAAI,GAAGA,IAAI,IAAI,yBAAaF,GAAb,EAAkBC,WAAlB,CAAf;AAEA,MAAIU,YAAY,GAAGV,WAAW,CAACU,YAA/B;;AACA,MAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;AAChCA,IAAAA,YAAY,GAAG,CAACA,YAAD,CAAf;AACD;;AAED,MAAIG,MAAJ;;AACA,MAAIpB,GAAG,CAACqB,KAAR,EAAe;AACbD,IAAAA,MAAM,GAAGpB,GAAG,CAACqB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;AACD,GAFD,MAEO;AACLF,IAAAA,MAAM,GAAG,iBAAMb,WAAW,CAACa,MAAlB,CAAT;AACD;;AACD,MAAIG,QAAQ,GAAGhB,WAAW,CAACgB,QAAZ,IAAwBjB,GAAG,CAACI,OAAJ,CAAYa,QAAnD,CA1ByI,CA4BzI;;AACA,SAAOC,OAAO,CAACC,OAAR,GACJC,IADI,CACC,YAAY;AAChB3B,IAAAA,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;AACD,GAHI,EAGFmB,IAHE,CAGG,YAAY;AAClB,QAAIC,SAAS,GAAG,EAAhB;AACA,QAAIC,SAAS,GAAG5B,GAAG,CAAC6B,UAApB;AACA,QAAIC,SAAS,GAAG9B,GAAG,CAAC+B,UAApB;AACA,QAAIC,WAAW,GAAGhC,GAAG,CAACiC,YAAtB;AACA,QAAIC,OAAO,GAAGlC,GAAG,CAACmC,QAAlB;AACA,QAAIC,YAAY,GAAGpC,GAAG,CAACqC,aAAvB;AACA,QAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,QAAIN,WAAJ,EAAiB;AACf,UAAIU,SAAS,GAAGpC,GAAG,CAACqC,KAAJ,CAAUC,MAAV,CAAiBZ,WAAjB,CAAhB;AACAL,MAAAA,SAAS,CAACK,WAAV,GAAwB;AACtBA,QAAAA,WAAW,EAAEA,WADS;AAEtBa,QAAAA,MAAM,EAAEH,SAAS,CAACI,OAFI;AAGtBC,QAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAHT;AAItBR,QAAAA,SAAS,EAAEA,SAJW;AAKtBV,QAAAA,MAAM,EAAEA,MALc;AAMtB6B,QAAAA,YAAY,EAAEzC,IAAI,CAACyC,YANG;AAOtBC,QAAAA,WAAW,EAAE1C,IAAI,CAAC0C;AAPI,OAAxB;AASD;;AAED,QAAId,YAAJ,EAAkB;AAChBT,MAAAA,SAAS,CAACS,YAAV,GAAyB;AACvBA,QAAAA,YAAY,EAAEA,YADS;AAEvB;AACA;AACAW,QAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAJR;AAKvBlB,QAAAA,MAAM,EAAEA,MALe;AAMvB+B,QAAAA,QAAQ,EAAE3C,IAAI,CAAC2C,QANQ;AAOvBF,QAAAA,YAAY,EAAEzC,IAAI,CAACyC,YAPI;AAQvBG,QAAAA,MAAM,EAAE5C,IAAI,CAAC4C;AARU,OAAzB;AAUD;;AAED,QAAIlB,OAAJ,EAAa;AACX,UAAImB,KAAK,GAAG/C,GAAG,CAACqC,KAAJ,CAAUC,MAAV,CAAiBV,OAAjB,CAAZ;AAEA,UAAIoB,UAAmB,GAAG;AACxBpB,QAAAA,OAAO,EAAEA,OADe;AAExBW,QAAAA,MAAM,EAAEQ,KAAK,CAACP,OAFU;AAGxBC,QAAAA,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAoBF,KAAK,CAACP,OAAN,CAAcU,GAAlC,GAAwClB,GAH3B;AAGgC;AACxDlB,QAAAA,MAAM,EAAEA,MAJgB;AAKxB6B,QAAAA,YAAY,EAAEzC,IAAI,CAACyC,YALK;AAMxBG,QAAAA,MAAM,EAAE5C,IAAI,CAAC4C,MANW;AAOxB7B,QAAAA,QAAQ,EAAEA;AAPc,OAA1B;AAUA,UAAIkC,gBAAmC,GAAG;AACxClC,QAAAA,QAAQ,EAAEA,QAD8B;AAExC6B,QAAAA,MAAM,EAAE5C,IAAI,CAAC4C,MAF2B;AAGxCM,QAAAA,KAAK,EAAEnD,WAAW,CAACmD,KAHqB;AAIxC1B,QAAAA,WAAW,EAAEA;AAJ2B,OAA1C;;AAOA,UAAIzB,WAAW,CAACoD,eAAZ,KAAgCC,SAApC,EAA+C;AAC7CH,QAAAA,gBAAgB,CAACE,eAAjB,GAAmCpD,WAAW,CAACoD,eAA/C;AACD;;AAED,aAAO,8BAAYrD,GAAZ,EAAiBgD,UAAjB,EAA6BG,gBAA7B,EACJ/B,IADI,CACC,YAAY;AAChBC,QAAAA,SAAS,CAACO,OAAV,GAAoBoB,UAApB;AACA,eAAO3B,SAAP;AACD,OAJI,CAAP;AAKD;;AAED,WAAOA,SAAP;AACD,GAtEI,EAuEJD,IAvEI,CAuEC,UAAUC,SAAV,EAAoC;AACxC;AACA,QAAIV,YAAY,CAAC4C,OAAb,CAAqB,OAArB,MAAkC,CAAC,CAAnC,IAAwC,CAAClC,SAAS,CAACK,WAAvD,EAAoE;AAClE;AACA,YAAM,IAAI5B,oBAAJ,CAAiB,+GAAjB,CAAN;AACD;;AACD,QAAIa,YAAY,CAAC4C,OAAb,CAAqB,UAArB,MAAqC,CAAC,CAAtC,IAA2C,CAAClC,SAAS,CAACO,OAA1D,EAAmE;AACjE;AACA,YAAM,IAAI9B,oBAAJ,CAAiB,8GAAjB,CAAN;AACD;;AAED,WAAO;AACL0D,MAAAA,MAAM,EAAEnC,SADH;AAELxB,MAAAA,KAAK,EAAEH,GAAG,CAACG,KAFN;AAGLQ,MAAAA,IAAI,EAAEX,GAAG,CAACW;AAHL,KAAP;AAKD,GAvFI,CAAP;AAwFD","sourcesContent":["\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuth,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from '../types';\nimport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from '.';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] || res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n}\n\n// eslint-disable-next-line max-len\nexport function handleOAuthResponse(sdk: OktaAuth, tokenParams: TokenParams, res: OAuthResponse, urls: CustomUrls): Promise<TokenResponse> {\n var pkce = sdk.options.pkce !== false;\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return exchangeCodeForTokens(sdk, Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n var responseType = tokenParams.responseType;\n if (!Array.isArray(responseType)) {\n responseType = [responseType];\n }\n\n var scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n var clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n return Promise.resolve()\n .then(function () {\n validateResponse(res, tokenParams);\n }).then(function () {\n var tokenDict = {} as Tokens;\n var expiresIn = res.expires_in;\n var tokenType = res.token_type;\n var accessToken = res.access_token;\n var idToken = res.id_token;\n var refreshToken = res.refresh_token;\n var now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n var accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken = {\n accessToken: accessToken,\n claims: accessJwt.payload,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl,\n userinfoUrl: urls.userinfoUrl\n };\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl,\n authorizeUrl: urls.authorizeUrl,\n issuer: urls.issuer,\n };\n }\n\n if (idToken) {\n var idJwt = sdk.token.decode(idToken);\n\n var idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp - idJwt.payload.iat + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl,\n issuer: urls.issuer,\n clientId: clientId\n };\n\n var validationParams: TokenVerifyParams = {\n clientId: clientId,\n issuer: urls.issuer,\n nonce: tokenParams.nonce,\n accessToken: accessToken\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n return verifyToken(sdk, idTokenObj, validationParams)\n .then(function () {\n tokenDict.idToken = idTokenObj;\n return tokenDict;\n });\n }\n\n return tokenDict;\n })\n .then(function (tokenDict): TokenResponse {\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state,\n code: res.code\n };\n });\n}"],"file":"handleOAuthResponse.js"}
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","Object","assign","authorizationCode","interactionCode","responseType","Array","isArray","scopes","scope","split","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","token","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","indexOf","tokens"],"mappings":";;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AACA;;AAhCA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAoBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;AACtE,MAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;AAC5C,UAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;AACD;;AAED,MAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;AACnC,UAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;AACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;AACxB,MAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;AACA;;AACA,MAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;AAC9C,WAAO,kDAAsBN,GAAtB,EAA2BO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBP,WAAlB,EAA+B;AAC/DQ,MAAAA,iBAAiB,EAAEf,GAAG,CAACW,IADwC;AAE/DK,MAAAA,eAAe,EAAEhB,GAAG,CAACY;AAF0C,KAA/B,CAA3B,EAGHJ,IAHG,CAAP;AAID;;AAEDD,EAAAA,WAAW,GAAGA,WAAW,IAAI,kCAAsBD,GAAtB,CAA7B;AACAE,EAAAA,IAAI,GAAGA,IAAI,IAAI,yBAAaF,GAAb,EAAkBC,WAAlB,CAAf;AAEA,MAAIU,YAAY,GAAGV,WAAW,CAACU,YAAZ,IAA4B,EAA/C;;AACA,MAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;AAChCA,IAAAA,YAAY,GAAG,CAACA,YAAD,CAAf;AACD;;AAED,MAAIG,MAAJ;;AACA,MAAIpB,GAAG,CAACqB,KAAR,EAAe;AACbD,IAAAA,MAAM,GAAGpB,GAAG,CAACqB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;AACD,GAFD,MAEO;AACLF,IAAAA,MAAM,GAAG,iBAAMb,WAAW,CAACa,MAAlB,CAAT;AACD;;AACD,MAAIG,QAAQ,GAAGhB,WAAW,CAACgB,QAAZ,IAAwBjB,GAAG,CAACI,OAAJ,CAAYa,QAAnD,CA1BwB,CA4BxB;;AACAxB,EAAAA,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;AAEA,MAAIiB,SAAS,GAAG,EAAhB;AACA,MAAIC,SAAS,GAAGzB,GAAG,CAAC0B,UAApB;AACA,MAAIC,SAAS,GAAG3B,GAAG,CAAC4B,UAApB;AACA,MAAIC,WAAW,GAAG7B,GAAG,CAAC8B,YAAtB;AACA,MAAIC,OAAO,GAAG/B,GAAG,CAACgC,QAAlB;AACA,MAAIC,YAAY,GAAGjC,GAAG,CAACkC,aAAvB;AACA,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIN,WAAJ,EAAiB;AACf,QAAIU,SAAS,GAAGjC,GAAG,CAACkC,KAAJ,CAAUC,MAAV,CAAiBZ,WAAjB,CAAhB;AACAL,IAAAA,SAAS,CAACK,WAAV,GAAwB;AACtBA,MAAAA,WAAW,EAAEA,WADS;AAEtBa,MAAAA,MAAM,EAAEH,SAAS,CAACI,OAFI;AAGtBC,MAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAHT;AAItBR,MAAAA,SAAS,EAAEA,SAJW;AAKtBP,MAAAA,MAAM,EAAEA,MALc;AAMtB0B,MAAAA,YAAY,EAAEtC,IAAI,CAACsC,YANG;AAOtBC,MAAAA,WAAW,EAAEvC,IAAI,CAACuC;AAPI,KAAxB;AASD;;AAED,MAAId,YAAJ,EAAkB;AAChBT,IAAAA,SAAS,CAACS,YAAV,GAAyB;AACvBA,MAAAA,YAAY,EAAEA,YADS;AAEvB;AACA;AACAW,MAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAJR;AAKvBf,MAAAA,MAAM,EAAEA,MALe;AAMvB4B,MAAAA,QAAQ,EAAExC,IAAI,CAACwC,QANQ;AAOvBF,MAAAA,YAAY,EAAEtC,IAAI,CAACsC,YAPI;AAQvBG,MAAAA,MAAM,EAAEzC,IAAI,CAACyC;AARU,KAAzB;AAUD;;AAED,MAAIlB,OAAJ,EAAa;AACX,QAAImB,KAAK,GAAG5C,GAAG,CAACkC,KAAJ,CAAUC,MAAV,CAAiBV,OAAjB,CAAZ;AACA,QAAIoB,UAAmB,GAAG;AACxBpB,MAAAA,OAAO,EAAEA,OADe;AAExBW,MAAAA,MAAM,EAAEQ,KAAK,CAACP,OAFU;AAGxBC,MAAAA,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0ClB,GAH7B;AAGkC;AAC1Df,MAAAA,MAAM,EAAEA,MAJgB;AAKxB0B,MAAAA,YAAY,EAAEtC,IAAI,CAACsC,YALK;AAMxBG,MAAAA,MAAM,EAAEzC,IAAI,CAACyC,MANW;AAOxB1B,MAAAA,QAAQ,EAAEA;AAPc,KAA1B;AAUA,QAAI+B,gBAAmC,GAAG;AACxC/B,MAAAA,QAAQ,EAAEA,QAD8B;AAExC0B,MAAAA,MAAM,EAAEzC,IAAI,CAACyC,MAF2B;AAGxCM,MAAAA,KAAK,EAAEhD,WAAW,CAACgD,KAHqB;AAIxC1B,MAAAA,WAAW,EAAEA;AAJ2B,KAA1C;;AAOA,QAAItB,WAAW,CAACiD,eAAZ,KAAgCC,SAApC,EAA+C;AAC7CH,MAAAA,gBAAgB,CAACE,eAAjB,GAAmCjD,WAAW,CAACiD,eAA/C;AACD;;AAED,UAAM,8BAAYlD,GAAZ,EAAiB6C,UAAjB,EAA6BG,gBAA7B,CAAN;AACA9B,IAAAA,SAAS,CAACO,OAAV,GAAoBoB,UAApB;AACD,GA1FuB,CA4FxB;;;AACA,MAAIlC,YAAY,CAACyC,OAAb,CAAqB,OAArB,MAAkC,CAAC,CAAnC,IAAwC,CAAClC,SAAS,CAACK,WAAvD,EAAoE;AAClE;AACA,UAAM,IAAIzB,oBAAJ,CAAiB,+GAAjB,CAAN;AACD;;AACD,MAAIa,YAAY,CAACyC,OAAb,CAAqB,UAArB,MAAqC,CAAC,CAAtC,IAA2C,CAAClC,SAAS,CAACO,OAA1D,EAAmE;AACjE;AACA,UAAM,IAAI3B,oBAAJ,CAAiB,8GAAjB,CAAN;AACD;;AAED,SAAO;AACLuD,IAAAA,MAAM,EAAEnC,SADH;AAELrB,IAAAA,KAAK,EAAEH,GAAG,CAACG,KAFN;AAGLQ,IAAAA,IAAI,EAAEX,GAAG,CAACW;AAHL,GAAP;AAMD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuth,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from '../types';\nimport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuth,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n var pkce = sdk.options.pkce !== false;\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return exchangeCodeForTokens(sdk, Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n var responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType)) {\n responseType = [responseType];\n }\n\n var scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n var clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n validateResponse(res, tokenParams);\n\n var tokenDict = {} as Tokens;\n var expiresIn = res.expires_in;\n var tokenType = res.token_type;\n var accessToken = res.access_token;\n var idToken = res.id_token;\n var refreshToken = res.refresh_token;\n var now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n var accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken = {\n accessToken: accessToken,\n claims: accessJwt.payload,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n }\n\n if (idToken) {\n var idJwt = sdk.token.decode(idToken);\n var idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n var validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code\n };\n \n}"],"file":"handleOAuthResponse.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","indexOf","AuthSdkError","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","Promise","reject","urls","catch","err","clear","then"],"mappings":";;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;AACzD;AACA,MAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AACA,MAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;AACA,SAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;AACnGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,MAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;AACA,MAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;AACA,MAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIc,QAAJ;;AAEA,MAAIH,YAAY,KAAK,OAArB,EAA8B;AAC5BG,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLU,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACS,QAAL,EAAe;AACb,UAAM,IAAIG,oBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,SAAO,6BAAkBH,QAAlB,CAAP;AACD;;AAEM,SAASI,yBAAT,CAAmC1B,GAAnC,EAAwCiB,OAAxC,EAAsE;AAC3E;AACA,QAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;AACAmB,EAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","indexOf","AuthSdkError","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","Promise","reject","urls","catch","err","clear","then"],"mappings":";;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;AACzD;AACA,MAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AACA,MAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;AACA,SAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;AACnGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,MAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;AACA,MAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;AACA,MAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIc,QAAJ;;AAEA,MAAIH,YAAY,KAAK,OAArB,EAA8B;AAC5BG,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLU,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAcF,GAAG,CAACG,OAAJ,CAAY,GAAZ,CAAd,CAAH,GAAqCjB,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACS,QAAL,EAAe;AACb,UAAM,IAAIG,oBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,SAAO,6BAAkBH,QAAlB,CAAP;AACD;;AAEM,SAASI,yBAAT,CAAmC1B,GAAnC,EAAwCiB,OAAxC,EAAsE;AAC3E;AACA,QAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;AACAmB,EAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;AACtGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,QAAMU,GAAkB,GAAGP,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;AACA,QAAMW,KAAK,GAAGD,GAAG,CAACC,KAAlB;AACA,QAAMC,WAA4B,GAAG7B,GAAG,CAAC8B,kBAAJ,CAAuBC,IAAvB,CAA4B;AAC/DC,IAAAA,KAAK,EAAE,IADwD;AAE/Dd,IAAAA,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;AAG/DU,IAAAA;AAH+D,GAA5B,CAArC;;AAKA,MAAI,CAACC,WAAL,EAAkB;AAChB,WAAOI,OAAO,CAACC,MAAR,CAAe,IAAIT,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;AACD;;AACD,QAAMU,IAAgB,GAAGN,WAAW,CAACM,IAArC;AACA,SAAON,WAAW,CAACM,IAAnB;;AAEA,MAAI,CAAClB,OAAO,CAACI,GAAb,EAAkB;AAChB;AACAK,IAAAA,yBAAyB,CAAC1B,GAAD,EAAMiB,OAAN,CAAzB;AACD;;AAED,SAAO,8CAAoBjB,GAApB,EAAyB6B,WAAzB,EAAsCF,GAAtC,EAA2CQ,IAA3C,EACJC,KADI,CACEC,GAAG,IAAI;AACZ,QAAI,CAAC,sCAA2BA,GAA3B,CAAL,EAAsC;AACpCrC,MAAAA,GAAG,CAAC8B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,QAAAA;AAD2B,OAA7B;AAGD;;AACD,UAAMS,GAAN;AACD,GARI,EASJE,IATI,CASCZ,GAAG,IAAI;AACX3B,IAAAA,GAAG,CAAC8B,kBAAJ,CAAuBQ,KAAvB,CAA6B;AAC3BV,MAAAA;AAD2B,KAA7B;AAGA,WAAOD,GAAP;AACD,GAdI,CAAP;AAgBD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n ParseFromUrlOptions,\n TokenResponse,\n CustomUrls,\n TransactionMeta,\n OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n } else {\n nativeLoc.hash = '';\n }\n}\n\nfunction removeSearch(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n } else {\n nativeLoc.search = '';\n }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n var responseMode = sdk.options.responseMode || defaultResponseMode;\n return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n var url = options.url;\n var responseMode = options.responseMode || getResponseMode(sdk);\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n var paramStr;\n\n if (responseMode === 'query') {\n paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n } else {\n paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n }\n\n if (!paramStr) {\n throw new AuthSdkError('Unable to parse a token from the url');\n }\n\n return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n // Clean hash or search from the url\n const responseMode = options.responseMode || getResponseMode(sdk);\n responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n const state = res.state;\n const oauthParams: TransactionMeta = sdk.transactionManager.load({\n oauth: true,\n pkce: sdk.options.pkce,\n state\n });\n if (!oauthParams) {\n return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n }\n const urls: CustomUrls = oauthParams.urls as CustomUrls;\n delete oauthParams.urls;\n\n if (!options.url) {\n // Clean hash or search from the url\n cleanOAuthResponseFromUrl(sdk, options);\n }\n\n return handleOAuthResponse(sdk, oauthParams, res, urls)\n .catch(err => {\n if (!isInteractionRequiredError(err)) {\n sdk.transactionManager.clear({\n state\n });\n }\n throw err;\n })\n .then(res => {\n sdk.transactionManager.clear({\n state\n });\n return res;\n });\n\n}\n"],"file":"parseFromUrl.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/renewToken.ts"],"names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;AAChC,QAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;AAC5D,MAAI,sBAAUD,aAAV,CAAJ,EAA8B;AAC5B,WAAOC,MAAM,CAACC,OAAd;AACD;;AACD,MAAI,0BAAcF,aAAd,CAAJ,EAAkC;AAChC,WAAOC,MAAM,CAACE,WAAd;AACD;;AACDN,EAAAA,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,EAAyCC,KAAzC,
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/renewToken.ts"],"names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;AAChC,QAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;AAC5D,MAAI,sBAAUD,aAAV,CAAJ,EAA8B;AAC5B,WAAOC,MAAM,CAACC,OAAd;AACD;;AACD,MAAI,0BAAcF,aAAd,CAAJ,EAAkC;AAChC,WAAOC,MAAM,CAACE,WAAd;AACD;;AACDN,EAAAA,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,EAAyCC,KAAzC,EAAmF;AACxF,MAAI,CAAC,sBAAUA,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAA1B,EAAgD;AAC9CT,IAAAA,sBAAsB;AACvB;;AAED,MAAII,MAAM,GAAGI,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;AACA,MAAIP,MAAM,CAACQ,YAAX,EAAyB;AACvBR,IAAAA,MAAM,GAAG,MAAM,oDAAuBI,GAAvB,EAA4B;AACzCK,MAAAA,MAAM,EAAEJ,KAAK,CAACI;AAD2B,KAA5B,EAEZT,MAAM,CAACQ,YAFK,CAAf;AAGA,WAAOV,cAAc,CAACO,KAAD,EAAQL,MAAR,CAArB;AACD;;AAED,MAAIU,YAAJ;;AACA,MAAIN,GAAG,CAACO,OAAJ,CAAYC,IAAhB,EAAsB;AACpBF,IAAAA,YAAY,GAAG,MAAf;AACD,GAFD,MAEO,IAAI,0BAAcL,KAAd,CAAJ,EAA0B;AAC/BK,IAAAA,YAAY,GAAG,OAAf;AACD,GAFM,MAEA;AACLA,IAAAA,YAAY,GAAG,UAAf;AACD;;AAED,QAAM;AAAED,IAAAA,MAAF;AAAUI,IAAAA,YAAV;AAAwBC,IAAAA,WAAxB;AAAqCC,IAAAA;AAArC,MAAgDV,KAAtD;AACA,SAAO,wCAAiBD,GAAjB,EAAsB;AAC3BM,IAAAA,YAD2B;AAE3BD,IAAAA,MAF2B;AAG3BI,IAAAA,YAH2B;AAI3BC,IAAAA,WAJ2B;AAK3BC,IAAAA;AAL2B,GAAtB,EAOJC,IAPI,CAOC,UAAUC,GAAV,EAAe;AACnB,WAAOnB,cAAc,CAACO,KAAD,EAAQY,GAAG,CAACjB,MAAZ,CAArB;AACD,GATI,CAAP;AAUD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuth, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n throw new AuthSdkError(\n 'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n if (isIDToken(originalToken)) {\n return tokens.idToken;\n }\n if (isAccessToken(originalToken)) {\n return tokens.accessToken;\n }\n throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuth, token: Token): Promise<Token | undefined> {\n if (!isIDToken(token) && !isAccessToken(token)) {\n throwInvalidTokenError();\n }\n\n let tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n tokens = await renewTokensWithRefresh(sdk, {\n scopes: token.scopes,\n }, tokens.refreshToken);\n return getSingleToken(token, tokens);\n }\n\n var responseType;\n if (sdk.options.pkce) {\n responseType = 'code';\n } else if (isAccessToken(token)) {\n responseType = 'token';\n } else {\n responseType = 'id_token';\n }\n\n const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n return getWithoutPrompt(sdk, {\n responseType,\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n })\n .then(function (res) {\n return getSingleToken(token, res.tokens);\n });\n}\n"],"file":"renewToken.js"}
|
package/cjs/oidc/renewTokens.js
CHANGED
|
@@ -28,7 +28,7 @@ async function renewTokens(sdk, options) {
|
|
|
28
28
|
const tokens = sdk.tokenManager.getTokensSync();
|
|
29
29
|
|
|
30
30
|
if (tokens.refreshToken) {
|
|
31
|
-
return (0, _renewTokensWithRefresh.renewTokensWithRefresh)(sdk, options, tokens.refreshToken);
|
|
31
|
+
return (0, _renewTokensWithRefresh.renewTokensWithRefresh)(sdk, options || {}, tokens.refreshToken);
|
|
32
32
|
}
|
|
33
33
|
|
|
34
34
|
if (!tokens.accessToken && !tokens.idToken) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","then","res"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","Object","assign","pkce","responseType","then","res"],"mappings":";;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;AAC7E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,MAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,WAAO,oDAAuBL,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;AACD;;AAED,MAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;AAC1C,UAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;AACD;;AAED,QAAMF,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;AACA,QAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;AACA,QAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;AACA,MAAI,CAACA,MAAL,EAAa;AACX,UAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;AACA,MAAI,CAACA,YAAL,EAAmB;AACjB,UAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;AACD;;AACD,QAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BX,GAAG,CAACC,OAAJ,CAAYU,WAA3D;AACA,QAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBZ,GAAG,CAACC,OAAJ,CAAYW,MAA7C,CArB6E,CAuB7E;;AACAX,EAAAA,OAAO,GAAGY,MAAM,CAACC,MAAP,CAAc;AACtBL,IAAAA,MADsB;AAEtBC,IAAAA,YAFsB;AAGtBC,IAAAA,WAHsB;AAItBC,IAAAA;AAJsB,GAAd,EAKPX,OALO,CAAV;;AAOA,MAAID,GAAG,CAACC,OAAJ,CAAYc,IAAhB,EAAsB;AACpBd,IAAAA,OAAO,CAACe,YAAR,GAAuB,MAAvB;AACD,GAFD,MAEO;AACL,UAAM;AAAEA,MAAAA;AAAF,QAAmB,iCAAsBhB,GAAtB,CAAzB;AACAC,IAAAA,OAAO,CAACe,YAAR,GAAuBA,YAAvB;AACD;;AAED,SAAO,wCAAiBhB,GAAjB,EAAsBC,OAAtB,EACJgB,IADI,CACCC,GAAG,IAAIA,GAAG,CAAChB,MADZ,CAAP;AAGD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n const tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"file":"renewTokens.js"}
|
package/cjs/oidc/revokeToken.js
CHANGED
|
@@ -29,40 +29,39 @@ var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
|
|
|
29
29
|
|
|
30
30
|
/* eslint complexity:[0,8] */
|
|
31
31
|
// refresh tokens have precedence to be revoked if no token is specified
|
|
32
|
-
function revokeToken(sdk, token) {
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
var refreshToken;
|
|
32
|
+
async function revokeToken(sdk, token) {
|
|
33
|
+
let accessToken = '';
|
|
34
|
+
let refreshToken = '';
|
|
36
35
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
36
|
+
if (token) {
|
|
37
|
+
accessToken = token.accessToken;
|
|
38
|
+
refreshToken = token.refreshToken;
|
|
39
|
+
}
|
|
41
40
|
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
41
|
+
if (!accessToken && !refreshToken) {
|
|
42
|
+
throw new _AuthSdkError.default('A valid access or refresh token object is required');
|
|
43
|
+
}
|
|
45
44
|
|
|
46
|
-
|
|
47
|
-
|
|
45
|
+
var clientId = sdk.options.clientId;
|
|
46
|
+
var clientSecret = sdk.options.clientSecret;
|
|
48
47
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
48
|
+
if (!clientId) {
|
|
49
|
+
throw new _AuthSdkError.default('A clientId must be specified in the OktaAuth constructor to revoke a token');
|
|
50
|
+
} // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
52
51
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
}
|
|
52
|
+
|
|
53
|
+
var revokeUrl = (0, _oauth.getOAuthUrls)(sdk).revokeUrl;
|
|
54
|
+
var args = (0, _util.toQueryString)({
|
|
55
|
+
// eslint-disable-next-line camelcase
|
|
56
|
+
token_type_hint: refreshToken ? 'refresh_token' : 'access_token',
|
|
57
|
+
token: refreshToken || accessToken
|
|
58
|
+
}).slice(1);
|
|
59
|
+
var creds = clientSecret ? (0, _crypto.btoa)(`${clientId}:${clientSecret}`) : (0, _crypto.btoa)(clientId);
|
|
60
|
+
return (0, _http.post)(sdk, revokeUrl, args, {
|
|
61
|
+
headers: {
|
|
62
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
63
|
+
'Authorization': 'Basic ' + creds
|
|
64
|
+
}
|
|
66
65
|
});
|
|
67
66
|
}
|
|
68
67
|
//# sourceMappingURL=revokeToken.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","slice","creds","headers"],"mappings":";;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAA0CC,KAA1C,EAA+E;AACpF,MAAIC,WAAW,GAAG,EAAlB;AACA,MAAIC,YAAY,GAAG,EAAnB;;AACA,MAAIF,KAAJ,EAAW;AACPC,IAAAA,WAAW,GAAID,KAAD,CAAuBC,WAArC;AACAC,IAAAA,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;AACH;;AACD,MAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;AAChC,UAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,MAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;AACA,MAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;AACA,MAAI,CAACF,QAAL,EAAe;AACb,UAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;AACD,GAdmF,CAepF;;;AACA,MAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;AACA,MAAIC,IAAI,GAAG,yBAAc;AACvB;AACAC,IAAAA,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;AAGvBF,IAAAA,KAAK,EAAEE,YAAY,IAAID;AAHA,GAAd,EAIRS,KAJQ,CAIF,CAJE,CAAX;AAKA,MAAIC,KAAK,GAAGL,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;AACA,SAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;AAChCI,IAAAA,OAAO,EAAE;AACP,sBAAgB,mCADT;AAEP,uBAAiB,WAAWD;AAFrB;AADuB,GAA3B,CAAP;AAMD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n OktaAuth,\n RevocableToken,\n AccessToken,\n RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuth, token: RevocableToken): Promise<any> {\n let accessToken = '';\n let refreshToken = '';\n if (token) { \n accessToken = (token as AccessToken).accessToken;\n refreshToken = (token as RefreshToken).refreshToken; \n }\n if(!accessToken && !refreshToken) { \n throw new AuthSdkError('A valid access or refresh token object is required');\n }\n var clientId = sdk.options.clientId;\n var clientSecret = sdk.options.clientSecret;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n }\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n var args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n token: refreshToken || accessToken,\n }).slice(1);\n var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n return post(sdk, revokeUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + creds\n }\n });\n}\n"],"file":"revokeToken.js"}
|
package/cjs/oidc/util/index.js
CHANGED
|
@@ -82,6 +82,20 @@ Object.keys(_oauth).forEach(function (key) {
|
|
|
82
82
|
});
|
|
83
83
|
});
|
|
84
84
|
|
|
85
|
+
var _oauthMeta = require("./oauthMeta");
|
|
86
|
+
|
|
87
|
+
Object.keys(_oauthMeta).forEach(function (key) {
|
|
88
|
+
if (key === "default" || key === "__esModule") return;
|
|
89
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
90
|
+
if (key in exports && exports[key] === _oauthMeta[key]) return;
|
|
91
|
+
Object.defineProperty(exports, key, {
|
|
92
|
+
enumerable: true,
|
|
93
|
+
get: function () {
|
|
94
|
+
return _oauthMeta[key];
|
|
95
|
+
}
|
|
96
|
+
});
|
|
97
|
+
});
|
|
98
|
+
|
|
85
99
|
var _pkce = _interopRequireDefault(require("./pkce"));
|
|
86
100
|
|
|
87
101
|
var _prepareTokenParams = require("./prepareTokenParams");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAcA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAEA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAcA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAEA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}
|
|
@@ -46,7 +46,12 @@ function hasErrorInUrl(hashOrSearch) {
|
|
|
46
46
|
|
|
47
47
|
function isRedirectUri(uri, sdk) {
|
|
48
48
|
var authParams = sdk.options;
|
|
49
|
-
|
|
49
|
+
|
|
50
|
+
if (!uri || !authParams.redirectUri) {
|
|
51
|
+
return false;
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
return uri.indexOf(authParams.redirectUri) === 0;
|
|
50
55
|
}
|
|
51
56
|
|
|
52
57
|
function isCodeFlow(options) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","indexOf","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":";;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAA4D;AACjE,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;;AACA,MAAI,CAACH,GAAD,IAAQ,CAACE,UAAU,CAACE,WAAxB,EAAqC;AACnC,WAAO,KAAP;AACD;;AACD,SAAOJ,GAAG,CAACK,OAAJ,CAAYH,UAAU,CAACE,WAAvB,MAAwC,CAA/C;AACD;;AAEM,SAASE,UAAT,CAAoBH,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACI,IAAR,IAAgBJ,OAAO,CAACK,YAAR,KAAyB,MAAzC,IAAmDL,OAAO,CAACM,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBP,OAAzB,EAAmD;AACxD,MAAIQ,QAAQ,GAAGL,UAAU,CAACH,OAAD,CAAzB;AACA,MAAIS,QAAQ,GAAGD,QAAQ,IAAIR,OAAO,CAACM,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBrB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASuB,eAAT,CAA0Bf,GAA1B,EAAyC;AAC9C;AACA,MAAI,CAACF,aAAa,CAACc,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBhB,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJ6C,CAM9C;;;AACA,MAAIU,QAAQ,GAAGL,UAAU,CAACL,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIe,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAIvB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOsB,OAAP;AACD,GAjB6C,CAmB9C;;;AACA,SAAO1B,eAAe,CAACqB,MAAM,CAACC,QAAP,CAAgBrB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAAS0B,qBAAT,CAAgClB,GAAhC,EAA+CL,YAA/C,EAAsE;AAC3E,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,CAACoB,eAAe,CAACf,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,GAAGc,eAAe,CAACT,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuth, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuth): boolean {\n var authParams = sdk.options;\n if (!uri || !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuth) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuth, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","indexOf","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAAkCC,OAAmB,GAAG,EAAxD,EAA4D;AAC1D,QAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAwCC,OAAmB,GAAG,EAA9D,EAAkE;AACvE,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMG,OAAO,GAAGF,MAAM,CAACG,OAAP,CAAe,SAAf,IAA4B,CAA5B,GAAgCH,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;;AAEM,SAASE,cAAT,CAAwBN,GAAxB,EAAuCC,OAAmB,GAAG,EAA7D,EAAiE;AACtE,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMM,MAAM,GAAGL,MAAM,CAACM,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBT,GAAtB,EAAqCC,OAArC,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","indexOf","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":";;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAAkCC,OAAmB,GAAG,EAAxD,EAA4D;AAC1D,QAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAwCC,OAAmB,GAAG,EAA9D,EAAkE;AACvE,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMG,OAAO,GAAGF,MAAM,CAACG,OAAP,CAAe,SAAf,IAA4B,CAA5B,GAAgCH,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;;AAEM,SAASE,cAAT,CAAwBN,GAAxB,EAAuCC,OAAmB,GAAG,EAA7D,EAAiE;AACtE,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMM,MAAM,GAAGL,MAAM,CAACM,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBT,GAAtB,EAAqCC,OAArC,EAAuE;AAC5E,MAAIS,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,UAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;AACD;;AACDX,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJ4E,CAM5E;;AACA,MAAIY,YAAY,GAAG,+BAAoBZ,OAAO,CAACY,YAA5B,KAA6Cb,GAAG,CAACC,OAAJ,CAAYY,YAA5E;AACA,MAAIX,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;AACA,MAAIa,WAAW,GAAG,+BAAoBb,OAAO,CAACa,WAA5B,KAA4Cd,GAAG,CAACC,OAAJ,CAAYa,WAA1E;AACA,MAAIC,QAAQ,GAAG,+BAAoBd,OAAO,CAACc,QAA5B,KAAyCf,GAAG,CAACC,OAAJ,CAAYc,QAApE;AACA,MAAIC,SAAS,GAAG,+BAAoBf,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;AACA,MAAIC,SAAS,GAAG,+BAAoBhB,OAAO,CAACgB,SAA5B,KAA0CjB,GAAG,CAACC,OAAJ,CAAYgB,SAAtE;AAEA,MAAIb,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;AAEAY,EAAAA,YAAY,GAAGA,YAAY,IAAIT,OAAO,GAAG,eAAzC;AACAU,EAAAA,WAAW,GAAGA,WAAW,IAAIV,OAAO,GAAG,cAAvC;AACAW,EAAAA,QAAQ,GAAGA,QAAQ,IAAIX,OAAO,GAAG,WAAjC;AACAa,EAAAA,SAAS,GAAGA,SAAS,IAAIb,OAAO,GAAG,YAAnC;AACAY,EAAAA,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;AAEA,SAAO;AACLF,IAAAA,MAAM,EAAEA,MADH;AAELW,IAAAA,YAAY,EAAEA,YAFT;AAGLC,IAAAA,WAAW,EAAEA,WAHR;AAILC,IAAAA,QAAQ,EAAEA,QAJL;AAKLE,IAAAA,SAAS,EAAEA,SALN;AAMLD,IAAAA,SAAS,EAAEA;AANN,GAAP;AAQD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuth, CustomUrls } from '../../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuth, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuth, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuth, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuth, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options || {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl || baseUrl + '/v1/token';\n revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n"],"file":"oauth.js"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
exports.createOAuthMeta = createOAuthMeta;
|
|
4
|
+
|
|
5
|
+
var _oauth = require("./oauth");
|
|
6
|
+
|
|
7
|
+
/* eslint-disable @typescript-eslint/no-non-null-assertion */
|
|
8
|
+
function createOAuthMeta(sdk, tokenParams) {
|
|
9
|
+
const issuer = sdk.options.issuer;
|
|
10
|
+
const urls = (0, _oauth.getOAuthUrls)(sdk, tokenParams);
|
|
11
|
+
const oauthMeta = {
|
|
12
|
+
issuer,
|
|
13
|
+
urls,
|
|
14
|
+
clientId: tokenParams.clientId,
|
|
15
|
+
redirectUri: tokenParams.redirectUri,
|
|
16
|
+
responseType: tokenParams.responseType,
|
|
17
|
+
responseMode: tokenParams.responseMode,
|
|
18
|
+
scopes: tokenParams.scopes,
|
|
19
|
+
state: tokenParams.state,
|
|
20
|
+
nonce: tokenParams.nonce,
|
|
21
|
+
ignoreSignature: tokenParams.ignoreSignature
|
|
22
|
+
};
|
|
23
|
+
|
|
24
|
+
if (tokenParams.pkce === false) {
|
|
25
|
+
// Implicit flow or authorization_code without PKCE
|
|
26
|
+
return oauthMeta;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
const pkceMeta = { ...oauthMeta,
|
|
30
|
+
codeVerifier: tokenParams.codeVerifier,
|
|
31
|
+
codeChallengeMethod: tokenParams.codeChallengeMethod,
|
|
32
|
+
codeChallenge: tokenParams.codeChallenge
|
|
33
|
+
};
|
|
34
|
+
return pkceMeta;
|
|
35
|
+
}
|
|
36
|
+
//# sourceMappingURL=oauthMeta.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CAAyBC,GAAzB,EAAwCC,WAAxC,EAA8G;AACnH,QAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;AACA,QAAME,IAAI,GAAG,yBAAaJ,GAAb,EAAkBC,WAAlB,CAAb;AACA,QAAMI,SAA+B,GAAG;AACtCH,IAAAA,MADsC;AAEtCE,IAAAA,IAFsC;AAGtCE,IAAAA,QAAQ,EAAEL,WAAW,CAACK,QAHgB;AAItCC,IAAAA,WAAW,EAAEN,WAAW,CAACM,WAJa;AAKtCC,IAAAA,YAAY,EAAEP,WAAW,CAACO,YALY;AAMtCC,IAAAA,YAAY,EAAER,WAAW,CAACQ,YANY;AAOtCC,IAAAA,MAAM,EAAET,WAAW,CAACS,MAPkB;AAQtCC,IAAAA,KAAK,EAAEV,WAAW,CAACU,KARmB;AAStCC,IAAAA,KAAK,EAAEX,WAAW,CAACW,KATmB;AAUtCC,IAAAA,eAAe,EAAEZ,WAAW,CAACY;AAVS,GAAxC;;AAaA,MAAIZ,WAAW,CAACa,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOT,SAAP;AACD;;AAED,QAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;AAEpCW,IAAAA,YAAY,EAAEf,WAAW,CAACe,YAFU;AAGpCC,IAAAA,mBAAmB,EAAEhB,WAAW,CAACgB,mBAHG;AAIpCC,IAAAA,aAAa,EAAEjB,WAAW,CAACiB;AAJS,GAAtC;AAOA,SAAOH,QAAP;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuth, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(sdk: OktaAuth, tokenParams: TokenParams): OAuthTransactionMeta | PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n"],"file":"oauthMeta.js"}
|