@okta/okta-auth-js 6.0.0 → 6.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -0
- package/README.md +5 -4
- package/cjs/AuthStateManager.js +9 -2
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +67 -27
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/PromiseQueue.js +5 -1
- package/cjs/PromiseQueue.js.map +1 -1
- package/cjs/SavedObject.js +4 -2
- package/cjs/SavedObject.js.map +1 -1
- package/cjs/StorageManager.js +13 -8
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TokenManager.js +29 -19
- package/cjs/TokenManager.js.map +1 -1
- package/cjs/TransactionManager.js +9 -3
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +18 -9
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/browser/fingerprint.js +9 -3
- package/cjs/browser/fingerprint.js.map +1 -1
- package/cjs/builderUtil.js +4 -2
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/clock.js +5 -1
- package/cjs/clock.js.map +1 -1
- package/cjs/crypto/base64.js +18 -0
- package/cjs/crypto/base64.js.map +1 -1
- package/cjs/crypto/index.js +6 -4
- package/cjs/crypto/index.js.map +1 -1
- package/cjs/crypto/oidcHash.js +5 -1
- package/cjs/crypto/oidcHash.js.map +1 -1
- package/cjs/crypto/webauthn.js +101 -0
- package/cjs/crypto/webauthn.js.map +1 -0
- package/cjs/crypto/webcrypto.js +3 -1
- package/cjs/crypto/webcrypto.js.map +1 -1
- package/cjs/errors/AuthApiError.js +1 -1
- package/cjs/errors/AuthPollStopError.js +1 -1
- package/cjs/errors/AuthSdkError.js +1 -1
- package/cjs/errors/CustomError.js +5 -1
- package/cjs/errors/CustomError.js.map +1 -1
- package/cjs/errors/OAuthError.js +1 -1
- package/cjs/errors/index.js +1 -1
- package/cjs/fetch/fetchRequest.js +18 -6
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/headers.js.map +1 -1
- package/cjs/http/index.js +4 -2
- package/cjs/http/index.js.map +1 -1
- package/cjs/http/request.js +9 -5
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/authenticate.js.map +1 -1
- package/cjs/idx/authenticator/Authenticator.js.map +1 -1
- package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +1 -1
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionVerification.js +1 -1
- package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +1 -1
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/WebauthnEnrollment.js +46 -0
- package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -0
- package/cjs/idx/authenticator/WebauthnVerification.js +55 -0
- package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -0
- package/cjs/idx/authenticator/getAuthenticator.js +13 -1
- package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/index.js +34 -6
- package/cjs/idx/authenticator/index.js.map +1 -1
- package/cjs/idx/cancel.js.map +1 -1
- package/cjs/idx/emailVerify.js +1 -1
- package/cjs/idx/emailVerify.js.map +1 -1
- package/cjs/idx/flow/AccountUnlockFlow.js +30 -0
- package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -0
- package/cjs/idx/flow/FlowSpecification.js +8 -0
- package/cjs/idx/flow/FlowSpecification.js.map +1 -1
- package/cjs/idx/flow/PasswordRecoveryFlow.js +4 -1
- package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
- package/cjs/idx/flow/index.js +20 -5
- package/cjs/idx/flow/index.js.map +1 -1
- package/cjs/idx/handleInteractionCodeRedirect.js +5 -1
- package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
- package/cjs/idx/headers.js +21 -5
- package/cjs/idx/headers.js.map +1 -1
- package/cjs/idx/idx-js/client.js +91 -0
- package/cjs/idx/idx-js/client.js.map +1 -0
- package/cjs/idx/idx-js/index.js +162 -0
- package/cjs/idx/idx-js/index.js.map +1 -0
- package/cjs/idx/idx-js/interact.js +83 -0
- package/cjs/idx/idx-js/interact.js.map +1 -0
- package/cjs/idx/idx-js/introspect.js +58 -0
- package/cjs/idx/idx-js/introspect.js.map +1 -0
- package/cjs/idx/idx-js/parsers.js +41 -0
- package/cjs/idx/idx-js/parsers.js.map +1 -0
- package/cjs/idx/idx-js/util.js +34 -0
- package/cjs/idx/idx-js/util.js.map +1 -0
- package/cjs/idx/idx-js/v1/actionParser.js +90 -0
- package/cjs/idx/idx-js/v1/actionParser.js.map +1 -0
- package/cjs/idx/idx-js/v1/generateIdxAction.js +117 -0
- package/cjs/idx/idx-js/v1/generateIdxAction.js.map +1 -0
- package/cjs/idx/idx-js/v1/idxResponseParser.js +137 -0
- package/cjs/idx/idx-js/v1/idxResponseParser.js.map +1 -0
- package/cjs/idx/idx-js/v1/makeIdxState.js +64 -0
- package/cjs/idx/idx-js/v1/makeIdxState.js.map +1 -0
- package/cjs/idx/idx-js/v1/parsers.js +24 -0
- package/cjs/idx/idx-js/v1/parsers.js.map +1 -0
- package/cjs/idx/idx-js/v1/remediationParser.js +32 -0
- package/cjs/idx/idx-js/v1/remediationParser.js.map +1 -0
- package/cjs/idx/index.js +120 -121
- package/cjs/idx/index.js.map +1 -1
- package/cjs/idx/interact.js +9 -4
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +6 -6
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/poll.js +13 -3
- package/cjs/idx/poll.js.map +1 -1
- package/cjs/idx/proceed.js.map +1 -1
- package/cjs/idx/recoverPassword.js.map +1 -1
- package/cjs/idx/register.js +5 -1
- package/cjs/idx/register.js.map +1 -1
- package/cjs/idx/remediate.js +60 -29
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +10 -4
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js +10 -6
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +28 -12
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +65 -31
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +42 -27
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +16 -4
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengeAuthenticator.js +2 -2
- package/cjs/idx/remediators/ChallengePoll.js +2 -2
- package/cjs/idx/remediators/EnrollAuthenticator.js +2 -2
- package/cjs/idx/remediators/EnrollPoll.js +16 -6
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +20 -8
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js +25 -9
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
- package/cjs/idx/remediators/Identify.js +5 -3
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +5 -3
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/RedirectIdp.js +2 -2
- package/cjs/idx/remediators/ResetAuthenticator.js +2 -2
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +6 -4
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js +2 -2
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +72 -0
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -0
- package/cjs/idx/remediators/SelectEnrollProfile.js +2 -2
- package/cjs/idx/remediators/SelectEnrollmentChannel.js +22 -10
- package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
- package/cjs/idx/remediators/Skip.js +5 -3
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/remediators/index.js +33 -18
- package/cjs/idx/remediators/index.js.map +1 -1
- package/cjs/idx/remediators/util.js +13 -3
- package/cjs/idx/remediators/util.js.map +1 -1
- package/cjs/idx/run.js +30 -6
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/startTransaction.js.map +1 -1
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +45 -9
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/idx/unlockAccount.js +48 -0
- package/cjs/idx/unlockAccount.js.map +1 -0
- package/cjs/index.js +20 -14
- package/cjs/index.js.map +1 -1
- package/cjs/oidc/endpoints/authorize.js +8 -2
- package/cjs/oidc/endpoints/authorize.js.map +1 -1
- package/cjs/oidc/endpoints/index.js +5 -3
- package/cjs/oidc/endpoints/index.js.map +1 -1
- package/cjs/oidc/endpoints/token.js +15 -3
- package/cjs/oidc/endpoints/token.js.map +1 -1
- package/cjs/oidc/endpoints/well-known.js +7 -3
- package/cjs/oidc/endpoints/well-known.js.map +1 -1
- package/cjs/oidc/exchangeCodeForTokens.js +10 -2
- package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
- package/cjs/oidc/getToken.js +9 -5
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getUserInfo.js +7 -3
- package/cjs/oidc/getUserInfo.js.map +1 -1
- package/cjs/oidc/getWithPopup.js +8 -2
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +5 -1
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/getWithoutPrompt.js +8 -2
- package/cjs/oidc/getWithoutPrompt.js.map +1 -1
- package/cjs/oidc/handleOAuthResponse.js +9 -3
- package/cjs/oidc/handleOAuthResponse.js.map +1 -1
- package/cjs/oidc/index.js +4 -2
- package/cjs/oidc/index.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js +9 -3
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewToken.js.map +1 -1
- package/cjs/oidc/renewTokens.js +5 -1
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/renewTokensWithRefresh.js +5 -1
- package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
- package/cjs/oidc/revokeToken.js +7 -3
- package/cjs/oidc/revokeToken.js.map +1 -1
- package/cjs/oidc/util/browser.js +5 -1
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
- package/cjs/oidc/util/errors.js.map +1 -1
- package/cjs/oidc/util/index.js +14 -12
- package/cjs/oidc/util/index.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +5 -1
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/oauth.js +4 -2
- package/cjs/oidc/util/oauth.js.map +1 -1
- package/cjs/oidc/util/oauthMeta.js.map +1 -1
- package/cjs/oidc/util/pkce.js +11 -3
- package/cjs/oidc/util/pkce.js.map +1 -1
- package/cjs/oidc/util/prepareTokenParams.js +7 -5
- package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +1 -1
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/oidc/verifyToken.js +11 -3
- package/cjs/oidc/verifyToken.js.map +1 -1
- package/cjs/options.js +6 -4
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +1 -0
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/tx/AuthTransaction.js +15 -9
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/api.js +8 -4
- package/cjs/tx/api.js.map +1 -1
- package/cjs/tx/index.js +7 -5
- package/cjs/tx/index.js.map +1 -1
- package/cjs/tx/poll.js +6 -4
- package/cjs/tx/poll.js.map +1 -1
- package/cjs/tx/util.js +5 -1
- package/cjs/tx/util.js.map +1 -1
- package/cjs/types/Transaction.js +10 -2
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/types/index.js +16 -14
- package/cjs/types/index.js.map +1 -1
- package/cjs/util/index.js +7 -5
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/misc.js +5 -1
- package/cjs/util/misc.js.map +1 -1
- package/cjs/util/object.js +16 -6
- package/cjs/util/object.js.map +1 -1
- package/cjs/util/sharedStorage.js +5 -1
- package/cjs/util/sharedStorage.js.map +1 -1
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.LICENSE.txt +0 -12
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.polyfill.js +1 -1
- package/dist/okta-auth-js.polyfill.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.LICENSE.txt +0 -12
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/index.js +1601 -377
- package/esm/index.js.map +1 -1
- package/lib/OktaAuth.d.ts +6 -3
- package/lib/StorageManager.d.ts +1 -1
- package/lib/TokenManager.d.ts +2 -2
- package/lib/TransactionManager.d.ts +1 -1
- package/lib/browser/fingerprint.d.ts +2 -3
- package/lib/crypto/base64.d.ts +2 -0
- package/lib/crypto/webauthn.d.ts +25 -0
- package/lib/http/headers.d.ts +2 -2
- package/lib/http/request.d.ts +4 -4
- package/lib/idx/authenticate.d.ts +2 -2
- package/lib/idx/authenticator/Authenticator.d.ts +4 -5
- package/lib/idx/authenticator/OktaPassword.d.ts +7 -9
- package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +9 -8
- package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +7 -7
- package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +6 -2
- package/lib/idx/authenticator/WebauthnEnrollment.d.ts +16 -0
- package/lib/idx/authenticator/WebauthnVerification.d.ts +17 -0
- package/lib/idx/authenticator/getAuthenticator.d.ts +1 -1
- package/lib/idx/authenticator/index.d.ts +9 -0
- package/lib/idx/cancel.d.ts +2 -2
- package/lib/idx/emailVerify.d.ts +2 -2
- package/lib/idx/flow/AccountUnlockFlow.d.ts +13 -0
- package/lib/idx/flow/FlowSpecification.d.ts +2 -2
- package/lib/idx/flow/index.d.ts +1 -0
- package/lib/idx/headers.d.ts +3 -2
- package/lib/idx/idx-js/client.d.ts +36 -0
- package/lib/idx/idx-js/index.d.ts +51 -0
- package/lib/idx/idx-js/interact.d.ts +25 -0
- package/lib/idx/idx-js/introspect.d.ts +20 -0
- package/lib/idx/idx-js/parsers.d.ts +15 -0
- package/lib/idx/idx-js/util.d.ts +12 -0
- package/lib/idx/idx-js/v1/actionParser.d.ts +16 -0
- package/lib/idx/idx-js/v1/generateIdxAction.d.ts +13 -0
- package/lib/idx/idx-js/v1/idxResponseParser.d.ts +20 -0
- package/lib/idx/idx-js/v1/makeIdxState.d.ts +13 -0
- package/lib/idx/idx-js/v1/parsers.d.ts +16 -0
- package/lib/idx/idx-js/v1/remediationParser.d.ts +12 -0
- package/lib/idx/index.d.ts +12 -11
- package/lib/idx/interact.d.ts +3 -2
- package/lib/idx/introspect.d.ts +2 -2
- package/lib/idx/poll.d.ts +2 -2
- package/lib/idx/proceed.d.ts +5 -4
- package/lib/idx/recoverPassword.d.ts +2 -2
- package/lib/idx/register.d.ts +2 -2
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +2 -1
- package/lib/idx/remediators/Base/Remediator.d.ts +1 -1
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +3 -0
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +7 -12
- package/lib/idx/remediators/EnrollmentChannelData.d.ts +1 -0
- package/lib/idx/remediators/SelectAuthenticatorUnlockAccount.d.ts +38 -0
- package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +1 -0
- package/lib/idx/remediators/index.d.ts +1 -0
- package/lib/idx/run.d.ts +2 -2
- package/lib/idx/startTransaction.d.ts +2 -2
- package/lib/idx/transactionMeta.d.ts +7 -7
- package/lib/idx/types/FlowIdentifier.d.ts +1 -1
- package/lib/idx/types/idx-js.d.ts +36 -0
- package/lib/idx/types/index.d.ts +21 -5
- package/lib/idx/unlockAccount.d.ts +15 -0
- package/lib/oidc/endpoints/well-known.d.ts +3 -3
- package/lib/oidc/exchangeCodeForTokens.d.ts +2 -2
- package/lib/oidc/getToken.d.ts +2 -2
- package/lib/oidc/getWithPopup.d.ts +2 -2
- package/lib/oidc/getWithRedirect.d.ts +2 -2
- package/lib/oidc/getWithoutPrompt.d.ts +2 -2
- package/lib/oidc/handleOAuthResponse.d.ts +2 -2
- package/lib/oidc/renewToken.d.ts +2 -2
- package/lib/oidc/renewTokensWithRefresh.d.ts +2 -2
- package/lib/oidc/revokeToken.d.ts +2 -2
- package/lib/oidc/util/browser.d.ts +2 -2
- package/lib/oidc/util/defaultTokenParams.d.ts +2 -2
- package/lib/oidc/util/errors.d.ts +2 -2
- package/lib/oidc/util/loginRedirect.d.ts +4 -4
- package/lib/oidc/util/oauth.d.ts +4 -4
- package/lib/oidc/util/oauthMeta.d.ts +2 -2
- package/lib/oidc/util/prepareTokenParams.d.ts +5 -5
- package/lib/oidc/util/validateClaims.d.ts +2 -2
- package/lib/oidc/verifyToken.d.ts +2 -2
- package/lib/types/OktaAuthOptions.d.ts +1 -2
- package/lib/types/Transaction.d.ts +2 -10
- package/lib/types/api.d.ts +17 -5
- package/lib/types/index.d.ts +0 -1
- package/lib/util/sharedStorage.d.ts +1 -1
- package/package.json +10 -7
- package/polyfill/index.js +1 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/types/index.ts"],"names":["IdxStatus","AuthenticatorKey","IdxFeature"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA;;AAWA;;AAGA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAGA;;AACA;;AACA;;AAzCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;IAiCYA,S;;;WAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;AAAAA,EAAAA,S;GAAAA,S,yBAAAA,S;;IAQAC,gB;;;WAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;AAAAA,EAAAA,gB;GAAAA,gB,gCAAAA,gB;;IAgCAC,U;;;WAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;AAAAA,EAAAA,U;GAAAA,U,0BAAAA,U","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { InteractOptions } from '../interact';\nimport { IntrospectOptions } from '../introspect';\nimport { APIError, Tokens } from '../../types';\nimport { PKCETransactionMeta } from '../../types/Transaction';\nimport { \n IdxActions, \n IdxAuthenticator, \n IdxContext,\n IdxForm,\n IdxMessage, \n IdxOption, \n IdxRemediation, \n IdxResponse, \n RawIdxResponse \n} from './idx-js';\nimport { FlowIdentifier } from './FlowIdentifier';\n\nexport { IdxMessage, ChallengeData, ActivationData } from './idx-js';\nexport { AuthenticationOptions } from '../authenticate';\nexport { RegistrationOptions } from '../register';\nexport { PasswordRecoveryOptions } from '../recoverPassword';\nexport { AccountUnlockOptions } from '../unlockAccount';\nexport { ProceedOptions } from '../proceed';\nexport { CancelOptions } from '../cancel';\nexport { FlowIdentifier };\nexport { IdxAuthenticator };\nexport { EmailVerifyCallbackResponse } from '../emailVerify';\nexport { WebauthnEnrollValues } from '../authenticator/WebauthnEnrollment';\nexport { WebauthnVerificationValues } from '../authenticator/WebauthnVerification';\n\nexport enum IdxStatus {\n SUCCESS = 'SUCCESS',\n PENDING = 'PENDING',\n FAILURE = 'FAILURE',\n TERMINAL = 'TERMINAL',\n CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n OKTA_PASSWORD = 'okta_password',\n OKTA_EMAIL = 'okta_email',\n PHONE_NUMBER = 'phone_number',\n GOOGLE_AUTHENTICATOR = 'google_otp',\n SECURITY_QUESTION = 'security_question',\n OKTA_VERIFY = 'okta_verify',\n WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n name: string;\n type?: string;\n label?: string;\n value?: string | {form: IdxForm};\n minLength?: number;\n maxLength?: number;\n secret?: boolean;\n required?: boolean;\n}\n\nexport type NextStep = {\n name: string;\n authenticator?: IdxAuthenticator;\n canSkip?: boolean;\n canResend?: boolean;\n inputs?: Input[];\n options?: IdxOption[];\n poll?: IdxPollOptions;\n authenticatorEnrollments?: IdxAuthenticator[];\n}\n\nexport enum IdxFeature {\n PASSWORD_RECOVERY = 'recover-password',\n REGISTRATION = 'enroll-profile',\n SOCIAL_IDP = 'redirect-idp',\n ACCOUNT_UNLOCK = 'unlock-account',\n}\n\nexport interface IdxTransactionMeta extends PKCETransactionMeta {\n interactionHandle?: string;\n remediations?: string[];\n flow?: FlowIdentifier;\n withCredentials?: boolean;\n activationToken?: string;\n recoveryToken?: string;\n}\n\nexport interface IdxTransaction {\n status: IdxStatus;\n tokens?: Tokens;\n nextStep?: NextStep;\n messages?: IdxMessage[];\n error?: APIError;\n meta?: IdxTransactionMeta;\n enabledFeatures?: IdxFeature[];\n availableSteps?: NextStep[];\n\n // from idx-js, used by signin widget\n proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n neededToProceed: IdxRemediation[];\n rawIdxState: RawIdxResponse;\n interactionCode?: string;\n actions: IdxActions;\n context: IdxContext;\n}\n\nexport type IdxOptions = InteractOptions & IntrospectOptions & {\n flow?: FlowIdentifier;\n exchangeCodeForTokens?: boolean;\n autoRemediate?: boolean;\n};\n\nexport interface IdxPollOptions {\n required?: boolean;\n refresh?: number;\n}\n\nexport type Authenticator = {\n key: string;\n methodType?: string;\n phoneNumber?: string;\n};\n"],"file":"index.js"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
5
|
+
exports.unlockAccount = unlockAccount;
|
|
6
|
+
|
|
7
|
+
var _includes = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/includes"));
|
|
8
|
+
|
|
9
|
+
var _run = require("./run");
|
|
10
|
+
|
|
11
|
+
var _transactionMeta = require("./transactionMeta");
|
|
12
|
+
|
|
13
|
+
var _startTransaction = require("./startTransaction");
|
|
14
|
+
|
|
15
|
+
var _errors = require("../errors");
|
|
16
|
+
|
|
17
|
+
var _types = require("../types");
|
|
18
|
+
|
|
19
|
+
/*!
|
|
20
|
+
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
21
|
+
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
22
|
+
*
|
|
23
|
+
* You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
|
|
24
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
25
|
+
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
26
|
+
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
27
|
+
*
|
|
28
|
+
* See the License for the specific language governing permissions and limitations under the License.
|
|
29
|
+
*/
|
|
30
|
+
async function unlockAccount(authClient, options = {}) {
|
|
31
|
+
options.flow = 'unlockAccount'; // Only check at the beginning of the transaction
|
|
32
|
+
|
|
33
|
+
if (!(0, _transactionMeta.hasSavedInteractionHandle)(authClient)) {
|
|
34
|
+
const {
|
|
35
|
+
enabledFeatures
|
|
36
|
+
} = await (0, _startTransaction.startTransaction)(authClient, { ...options,
|
|
37
|
+
autoRemediate: false
|
|
38
|
+
});
|
|
39
|
+
|
|
40
|
+
if (enabledFeatures && !(0, _includes.default)(enabledFeatures).call(enabledFeatures, _types.IdxFeature.ACCOUNT_UNLOCK)) {
|
|
41
|
+
throw new _errors.AuthSdkError('Self Service Account Unlock is not supported based on your current org configuration.');
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
return (0, _run.run)(authClient, { ...options
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=unlockAccount.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../lib/idx/unlockAccount.ts"],"names":["unlockAccount","authClient","options","flow","enabledFeatures","autoRemediate","IdxFeature","ACCOUNT_UNLOCK","AuthSdkError"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AAQA;;AACA;;AAxBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AA4BO,eAAeA,aAAf,CACLC,UADK,EAC0BC,OAA6B,GAAG,EAD1D,EAEoB;AACzBA,EAAAA,OAAO,CAACC,IAAR,GAAe,eAAf,CADyB,CAGzB;;AACA,MAAI,CAAC,gDAA0BF,UAA1B,CAAL,EAA4C;AAC1C,UAAM;AAAEG,MAAAA;AAAF,QAAsB,MAAM,wCAAiBH,UAAjB,EAA6B,EAAE,GAAGC,OAAL;AAAcG,MAAAA,aAAa,EAAE;AAA7B,KAA7B,CAAlC;;AACA,QAAID,eAAe,IAAI,CAAC,uBAAAA,eAAe,MAAf,CAAAA,eAAe,EAAUE,kBAAWC,cAArB,CAAvC,EAA6E;AAC3E,YAAM,IAAIC,oBAAJ,CACJ,uFADI,CAAN;AAGD;AACF;;AAED,SAAO,cAAIP,UAAJ,EAAgB,EAAE,GAAGC;AAAL,GAAhB,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { hasSavedInteractionHandle } from './transactionMeta';\nimport { startTransaction } from './startTransaction';\nimport {\n IdentifyValues,\n SelectAuthenticatorUnlockAccountValues,\n SelectAuthenticatorAuthenticateValues,\n ChallengeAuthenticatorValues,\n AuthenticatorVerificationDataValues\n} from './remediators';\nimport { AuthSdkError } from '../errors';\nimport { \n OktaAuthInterface, \n IdxOptions, \n IdxTransaction,\n IdxFeature,\n} from '../types';\n\nexport type AccountUnlockOptions = IdxOptions\n & IdentifyValues\n & SelectAuthenticatorUnlockAccountValues\n & SelectAuthenticatorAuthenticateValues\n & ChallengeAuthenticatorValues\n & AuthenticatorVerificationDataValues;\n\nexport async function unlockAccount(\n authClient: OktaAuthInterface, options: AccountUnlockOptions = {}\n): Promise<IdxTransaction> {\n options.flow = 'unlockAccount';\n\n // Only check at the beginning of the transaction\n if (!hasSavedInteractionHandle(authClient)) {\n const { enabledFeatures } = await startTransaction(authClient, { ...options, autoRemediate: false });\n if (enabledFeatures && !enabledFeatures.includes(IdxFeature.ACCOUNT_UNLOCK)) {\n throw new AuthSdkError(\n 'Self Service Account Unlock is not supported based on your current org configuration.'\n );\n }\n }\n\n return run(authClient, { ...options });\n}\n"],"file":"unlockAccount.js"}
|
package/cjs/index.js
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var _WeakMap = require("@babel/runtime-corejs3/core-js-stable/weak-map");
|
|
4
|
+
|
|
5
|
+
var _Object$getOwnPropertyDescriptor = require("@babel/runtime-corejs3/core-js-stable/object/get-own-property-descriptor");
|
|
6
|
+
|
|
7
|
+
var _Object$keys = require("@babel/runtime-corejs3/core-js-stable/object/keys");
|
|
8
|
+
|
|
9
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
10
|
|
|
5
11
|
var _exportNames = {
|
|
6
12
|
crypto: true,
|
|
@@ -22,7 +28,7 @@ var _OktaAuth = _interopRequireDefault(require("./OktaAuth"));
|
|
|
22
28
|
|
|
23
29
|
var _constants = require("./constants");
|
|
24
30
|
|
|
25
|
-
|
|
31
|
+
_Object$keys(_constants).forEach(function (key) {
|
|
26
32
|
if (key === "default" || key === "__esModule") return;
|
|
27
33
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
28
34
|
if (key in exports && exports[key] === _constants[key]) return;
|
|
@@ -36,7 +42,7 @@ Object.keys(_constants).forEach(function (key) {
|
|
|
36
42
|
|
|
37
43
|
var _idx = require("./idx");
|
|
38
44
|
|
|
39
|
-
|
|
45
|
+
_Object$keys(_idx).forEach(function (key) {
|
|
40
46
|
if (key === "default" || key === "__esModule") return;
|
|
41
47
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
42
48
|
if (key in exports && exports[key] === _idx[key]) return;
|
|
@@ -50,7 +56,7 @@ Object.keys(_idx).forEach(function (key) {
|
|
|
50
56
|
|
|
51
57
|
var _types = require("./types");
|
|
52
58
|
|
|
53
|
-
|
|
59
|
+
_Object$keys(_types).forEach(function (key) {
|
|
54
60
|
if (key === "default" || key === "__esModule") return;
|
|
55
61
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
56
62
|
if (key in exports && exports[key] === _types[key]) return;
|
|
@@ -64,7 +70,7 @@ Object.keys(_types).forEach(function (key) {
|
|
|
64
70
|
|
|
65
71
|
var _tx = require("./tx");
|
|
66
72
|
|
|
67
|
-
|
|
73
|
+
_Object$keys(_tx).forEach(function (key) {
|
|
68
74
|
if (key === "default" || key === "__esModule") return;
|
|
69
75
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
70
76
|
if (key in exports && exports[key] === _tx[key]) return;
|
|
@@ -78,7 +84,7 @@ Object.keys(_tx).forEach(function (key) {
|
|
|
78
84
|
|
|
79
85
|
var _errors = require("./errors");
|
|
80
86
|
|
|
81
|
-
|
|
87
|
+
_Object$keys(_errors).forEach(function (key) {
|
|
82
88
|
if (key === "default" || key === "__esModule") return;
|
|
83
89
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
84
90
|
if (key in exports && exports[key] === _errors[key]) return;
|
|
@@ -92,7 +98,7 @@ Object.keys(_errors).forEach(function (key) {
|
|
|
92
98
|
|
|
93
99
|
var _oidc = require("./oidc");
|
|
94
100
|
|
|
95
|
-
|
|
101
|
+
_Object$keys(_oidc).forEach(function (key) {
|
|
96
102
|
if (key === "default" || key === "__esModule") return;
|
|
97
103
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
98
104
|
if (key in exports && exports[key] === _oidc[key]) return;
|
|
@@ -106,7 +112,7 @@ Object.keys(_oidc).forEach(function (key) {
|
|
|
106
112
|
|
|
107
113
|
var _StorageManager = require("./StorageManager");
|
|
108
114
|
|
|
109
|
-
|
|
115
|
+
_Object$keys(_StorageManager).forEach(function (key) {
|
|
110
116
|
if (key === "default" || key === "__esModule") return;
|
|
111
117
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
112
118
|
if (key in exports && exports[key] === _StorageManager[key]) return;
|
|
@@ -120,7 +126,7 @@ Object.keys(_StorageManager).forEach(function (key) {
|
|
|
120
126
|
|
|
121
127
|
var _TransactionManager = require("./TransactionManager");
|
|
122
128
|
|
|
123
|
-
|
|
129
|
+
_Object$keys(_TransactionManager).forEach(function (key) {
|
|
124
130
|
if (key === "default" || key === "__esModule") return;
|
|
125
131
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
126
132
|
if (key in exports && exports[key] === _TransactionManager[key]) return;
|
|
@@ -134,7 +140,7 @@ Object.keys(_TransactionManager).forEach(function (key) {
|
|
|
134
140
|
|
|
135
141
|
var _TokenManager = require("./TokenManager");
|
|
136
142
|
|
|
137
|
-
|
|
143
|
+
_Object$keys(_TokenManager).forEach(function (key) {
|
|
138
144
|
if (key === "default" || key === "__esModule") return;
|
|
139
145
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
140
146
|
if (key in exports && exports[key] === _TokenManager[key]) return;
|
|
@@ -148,7 +154,7 @@ Object.keys(_TokenManager).forEach(function (key) {
|
|
|
148
154
|
|
|
149
155
|
var _AuthStateManager = require("./AuthStateManager");
|
|
150
156
|
|
|
151
|
-
|
|
157
|
+
_Object$keys(_AuthStateManager).forEach(function (key) {
|
|
152
158
|
if (key === "default" || key === "__esModule") return;
|
|
153
159
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
154
160
|
if (key in exports && exports[key] === _AuthStateManager[key]) return;
|
|
@@ -162,7 +168,7 @@ Object.keys(_AuthStateManager).forEach(function (key) {
|
|
|
162
168
|
|
|
163
169
|
var _util = require("./util");
|
|
164
170
|
|
|
165
|
-
|
|
171
|
+
_Object$keys(_util).forEach(function (key) {
|
|
166
172
|
if (key === "default" || key === "__esModule") return;
|
|
167
173
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
168
174
|
if (key in exports && exports[key] === _util[key]) return;
|
|
@@ -174,7 +180,7 @@ Object.keys(_util).forEach(function (key) {
|
|
|
174
180
|
});
|
|
175
181
|
});
|
|
176
182
|
|
|
177
|
-
function _getRequireWildcardCache(nodeInterop) { if (typeof
|
|
183
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof _WeakMap !== "function") return null; var cacheBabelInterop = new _WeakMap(); var cacheNodeInterop = new _WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
178
184
|
|
|
179
|
-
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty &&
|
|
185
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && _Object$getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? _Object$getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
180
186
|
//# sourceMappingURL=index.js.map
|
package/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../lib/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../lib/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAaA;;;;AAEA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport * as crypto from './crypto';\n\nexport { default as OktaAuth } from './OktaAuth';\nexport * from './constants';\nexport * from './idx';\nexport * from './types';\nexport * from './tx';\nexport * from './errors';\nexport * from './oidc';\nexport * from './StorageManager';\nexport * from './TransactionManager';\nexport * from './TokenManager';\nexport * from './AuthStateManager';\nexport * from './util';\nexport { crypto };\n"],"file":"index.js"}
|
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.convertTokenParamsToOAuthParams = convertTokenParamsToOAuthParams;
|
|
4
6
|
exports.buildAuthorizeParams = buildAuthorizeParams;
|
|
5
7
|
|
|
8
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
9
|
+
|
|
6
10
|
var _util = require("../../util");
|
|
7
11
|
|
|
8
12
|
var _errors = require("../../errors");
|
|
@@ -21,12 +25,14 @@ var _errors = require("../../errors");
|
|
|
21
25
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
22
26
|
*/
|
|
23
27
|
function convertTokenParamsToOAuthParams(tokenParams) {
|
|
28
|
+
var _context, _context2, _context3;
|
|
29
|
+
|
|
24
30
|
// Quick validation
|
|
25
31
|
if (!tokenParams.clientId) {
|
|
26
32
|
throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');
|
|
27
33
|
}
|
|
28
34
|
|
|
29
|
-
if ((0, _util.isString)(tokenParams.responseType) && tokenParams.responseType.
|
|
35
|
+
if ((0, _util.isString)(tokenParams.responseType) && (0, _indexOf.default)(_context = tokenParams.responseType).call(_context, ' ') !== -1) {
|
|
30
36
|
throw new _errors.AuthSdkError('Multiple OAuth responseTypes must be defined as an array');
|
|
31
37
|
} // Convert our params to their actual OAuth equivalents
|
|
32
38
|
|
|
@@ -55,7 +61,7 @@ function convertTokenParamsToOAuthParams(tokenParams) {
|
|
|
55
61
|
}
|
|
56
62
|
});
|
|
57
63
|
|
|
58
|
-
if (tokenParams.responseType.
|
|
64
|
+
if ((0, _indexOf.default)(_context2 = tokenParams.responseType).call(_context2, 'id_token') !== -1 && (0, _indexOf.default)(_context3 = tokenParams.scopes).call(_context3, 'openid') === -1) {
|
|
59
65
|
throw new _errors.AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');
|
|
60
66
|
} else {
|
|
61
67
|
oauthParams.scope = tokenParams.scopes.join(' ');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/endpoints/authorize.ts"],"names":["convertTokenParamsToOAuthParams","tokenParams","clientId","AuthSdkError","responseType","oauthParams","codeChallenge","codeChallengeMethod","display","idp","idpScope","loginHint","maxAge","nonce","prompt","redirectUri","responseMode","sessionToken","state","forEach","mayBeArray","Array","isArray","join","scopes","scope","buildAuthorizeParams","oauthQueryParams","extraParams"],"mappings":";;;;;;;;;AAcA;;AACA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,+BAAT,CAAyCC,WAAzC,EAAmE;AAAA;;AACxE;AACA,MAAI,CAACA,WAAW,CAACC,QAAjB,EAA2B;AACzB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,oBAASF,WAAW,CAACG,YAArB,KAAsC,iCAAAH,WAAW,CAACG,YAAZ,iBAAiC,GAAjC,MAA0C,CAAC,CAArF,EAAwF;AACtF,UAAM,IAAID,oBAAJ,CAAiB,0DAAjB,CAAN;AACD,GARuE,CAUxE;;;AACA,MAAIE,WAAwB,GAAG;AAC7B,iBAAaJ,WAAW,CAACC,QADI;AAE7B,sBAAkBD,WAAW,CAACK,aAFD;AAG7B,6BAAyBL,WAAW,CAACM,mBAHR;AAI7B,eAAWN,WAAW,CAACO,OAJM;AAK7B,WAAOP,WAAW,CAACQ,GALU;AAM7B,iBAAaR,WAAW,CAACS,QANI;AAO7B,kBAAcT,WAAW,CAACU,SAPG;AAQ7B,eAAWV,WAAW,CAACW,MARM;AAS7B,aAASX,WAAW,CAACY,KATQ;AAU7B,cAAUZ,WAAW,CAACa,MAVO;AAW7B,oBAAgBb,WAAW,CAACc,WAXC;AAY7B,qBAAiBd,WAAW,CAACe,YAZA;AAa7B,qBAAiBf,WAAW,CAACG,YAbA;AAc7B,oBAAgBH,WAAW,CAACgB,YAdC;AAe7B,aAAShB,WAAW,CAACiB;AAfQ,GAA/B;AAiBAb,EAAAA,WAAW,GAAG,sBAAWA,WAAX,CAAd;AAEA,GAAC,WAAD,EAAc,eAAd,EAA+Bc,OAA/B,CAAuC,UAAUC,UAAV,EAAsB;AAC3D,QAAIC,KAAK,CAACC,OAAN,CAAcjB,WAAW,CAACe,UAAD,CAAzB,CAAJ,EAA4C;AAC1Cf,MAAAA,WAAW,CAACe,UAAD,CAAX,GAA0Bf,WAAW,CAACe,UAAD,CAAX,CAAwBG,IAAxB,CAA6B,GAA7B,CAA1B;AACD;AACF,GAJD;;AAMA,MAAI,kCAAAtB,WAAW,CAACG,YAAZ,kBAAkC,UAAlC,MAAkD,CAAC,CAAnD,IACF,kCAAAH,WAAW,CAACuB,MAAZ,kBAA4B,QAA5B,MAA0C,CAAC,CAD7C,EACgD;AAC9C,UAAM,IAAIrB,oBAAJ,CAAiB,mFAAjB,CAAN;AACD,GAHD,MAGO;AACLE,IAAAA,WAAW,CAACoB,KAAZ,GAAoBxB,WAAW,CAACuB,MAAZ,CAAoBD,IAApB,CAAyB,GAAzB,CAApB;AACD;;AAED,SAAOlB,WAAP;AACD;;AAEM,SAASqB,oBAAT,CAA8BzB,WAA9B,EAAwD;AAC7D,MAAI0B,gBAAgB,GAAG3B,+BAA+B,CAACC,WAAD,CAAtD;AACA,SAAO,yBAAc,EACnB,GAAG0B,gBADgB;AAEnB,QAAI1B,WAAW,CAAC2B,WAAZ,IAA2B,EAAE,GAAG3B,WAAW,CAAC2B;AAAjB,KAA/B;AAFmB,GAAd,CAAP;AAID","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n // Quick validation\n if (!tokenParams.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n }\n\n // Convert our params to their actual OAuth equivalents\n var oauthParams: OAuthParams = {\n 'client_id': tokenParams.clientId,\n 'code_challenge': tokenParams.codeChallenge,\n 'code_challenge_method': tokenParams.codeChallengeMethod,\n 'display': tokenParams.display,\n 'idp': tokenParams.idp,\n 'idp_scope': tokenParams.idpScope,\n 'login_hint': tokenParams.loginHint,\n 'max_age': tokenParams.maxAge,\n 'nonce': tokenParams.nonce,\n 'prompt': tokenParams.prompt,\n 'redirect_uri': tokenParams.redirectUri,\n 'response_mode': tokenParams.responseMode,\n 'response_type': tokenParams.responseType,\n 'sessionToken': tokenParams.sessionToken,\n 'state': tokenParams.state,\n };\n oauthParams = removeNils(oauthParams) as OAuthParams;\n\n ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n if (Array.isArray(oauthParams[mayBeArray])) {\n oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n }\n });\n\n if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n tokenParams.scopes!.indexOf('openid') === -1) {\n throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n } else {\n oauthParams.scope = tokenParams.scopes!.join(' ');\n }\n\n return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n return toQueryString({ \n ...oauthQueryParams, \n ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n });\n}\n"],"file":"authorize.js"}
|
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _Object$keys = require("@babel/runtime-corejs3/core-js-stable/object/keys");
|
|
4
|
+
|
|
3
5
|
var _authorize = require("./authorize");
|
|
4
6
|
|
|
5
|
-
|
|
7
|
+
_Object$keys(_authorize).forEach(function (key) {
|
|
6
8
|
if (key === "default" || key === "__esModule") return;
|
|
7
9
|
if (key in exports && exports[key] === _authorize[key]) return;
|
|
8
10
|
Object.defineProperty(exports, key, {
|
|
@@ -15,7 +17,7 @@ Object.keys(_authorize).forEach(function (key) {
|
|
|
15
17
|
|
|
16
18
|
var _token = require("./token");
|
|
17
19
|
|
|
18
|
-
|
|
20
|
+
_Object$keys(_token).forEach(function (key) {
|
|
19
21
|
if (key === "default" || key === "__esModule") return;
|
|
20
22
|
if (key in exports && exports[key] === _token[key]) return;
|
|
21
23
|
Object.defineProperty(exports, key, {
|
|
@@ -28,7 +30,7 @@ Object.keys(_token).forEach(function (key) {
|
|
|
28
30
|
|
|
29
31
|
var _wellKnown = require("./well-known");
|
|
30
32
|
|
|
31
|
-
|
|
33
|
+
_Object$keys(_wellKnown).forEach(function (key) {
|
|
32
34
|
if (key === "default" || key === "__esModule") return;
|
|
33
35
|
if (key in exports && exports[key] === _wellKnown[key]) return;
|
|
34
36
|
Object.defineProperty(exports, key, {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/endpoints/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/endpoints/index.ts"],"names":[],"mappings":";;;;AAaA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nexport * from './authorize';\nexport * from './token';\nexport * from './well-known';\n"],"file":"index.js"}
|
|
@@ -1,8 +1,16 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.postToTokenEndpoint = postToTokenEndpoint;
|
|
4
6
|
exports.postRefreshToken = postRefreshToken;
|
|
5
7
|
|
|
8
|
+
var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
|
|
9
|
+
|
|
10
|
+
var _map = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/map"));
|
|
11
|
+
|
|
12
|
+
var _entries = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/entries"));
|
|
13
|
+
|
|
6
14
|
var _errors = require("../../errors");
|
|
7
15
|
|
|
8
16
|
var _util = require("../../util");
|
|
@@ -40,6 +48,8 @@ function validateOptions(options) {
|
|
|
40
48
|
}
|
|
41
49
|
|
|
42
50
|
function getPostData(sdk, options) {
|
|
51
|
+
var _context;
|
|
52
|
+
|
|
43
53
|
// Convert Token params to OAuth params, sent to the /token endpoint
|
|
44
54
|
var params = (0, _util.removeNils)({
|
|
45
55
|
'client_id': options.clientId,
|
|
@@ -63,7 +73,7 @@ function getPostData(sdk, options) {
|
|
|
63
73
|
} // Encode as URL string
|
|
64
74
|
|
|
65
75
|
|
|
66
|
-
return (0, _util.toQueryString)(params).
|
|
76
|
+
return (0, _slice.default)(_context = (0, _util.toQueryString)(params)).call(_context, 1);
|
|
67
77
|
} // exchange authorization code for an access token
|
|
68
78
|
|
|
69
79
|
|
|
@@ -82,13 +92,15 @@ function postToTokenEndpoint(sdk, options, urls) {
|
|
|
82
92
|
}
|
|
83
93
|
|
|
84
94
|
function postRefreshToken(sdk, options, refreshToken) {
|
|
95
|
+
var _context2;
|
|
96
|
+
|
|
85
97
|
return (0, _http.httpRequest)(sdk, {
|
|
86
98
|
url: refreshToken.tokenUrl,
|
|
87
99
|
method: 'POST',
|
|
88
100
|
headers: {
|
|
89
101
|
'Content-Type': 'application/x-www-form-urlencoded'
|
|
90
102
|
},
|
|
91
|
-
args:
|
|
103
|
+
args: (0, _map.default)(_context2 = (0, _entries.default)({
|
|
92
104
|
client_id: options.clientId,
|
|
93
105
|
// eslint-disable-line camelcase
|
|
94
106
|
grant_type: 'refresh_token',
|
|
@@ -96,7 +108,7 @@ function postRefreshToken(sdk, options, refreshToken) {
|
|
|
96
108
|
scope: refreshToken.scopes.join(' '),
|
|
97
109
|
refresh_token: refreshToken.refreshToken // eslint-disable-line camelcase
|
|
98
110
|
|
|
99
|
-
}).
|
|
111
|
+
})).call(_context2, function ([name, value]) {
|
|
100
112
|
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
101
113
|
return name + '=' + encodeURIComponent(value);
|
|
102
114
|
}).join('&')
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/endpoints/token.ts"],"names":["validateOptions","options","clientId","AuthSdkError","redirectUri","authorizationCode","interactionCode","codeVerifier","getPostData","sdk","params","code","clientSecret","postToTokenEndpoint","urls","data","headers","url","tokenUrl","method","args","postRefreshToken","refreshToken","client_id","grant_type","scope","scopes","join","refresh_token","name","value","encodeURIComponent"],"mappings":";;;;;;;;;;;;;AAaA;;AAEA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA,SAASA,eAAT,CAAyBC,OAAzB,EAA+C;AAC7C;AACA,MAAI,CAACA,OAAO,CAACC,QAAb,EAAuB;AACrB,UAAM,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACG,WAAb,EAA0B;AACxB,UAAM,IAAID,oBAAJ,CAAiB,oEAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACI,iBAAT,IAA8B,CAACJ,OAAO,CAACK,eAA3C,EAA4D;AAC1D,UAAM,IAAIH,oBAAJ,CAAiB,2EAAjB,CAAN;AACD;;AAED,MAAI,CAACF,OAAO,CAACM,YAAb,EAA2B;AACzB,UAAM,IAAIJ,oBAAJ,CAAiB,+EAAjB,CAAN;AACD;AACF;;AAED,SAASK,WAAT,CAAqBC,GAArB,EAA0BR,OAA1B,EAAwD;AAAA;;AACtD;AACA,MAAIS,MAAmB,GAAG,sBAAW;AACnC,iBAAaT,OAAO,CAACC,QADc;AAEnC,oBAAgBD,OAAO,CAACG,WAFW;AAGnC,kBAAcH,OAAO,CAACK,eAAR,GAA0B,kBAA1B,GAA+C,oBAH1B;AAInC,qBAAiBL,OAAO,CAACM;AAJU,GAAX,CAA1B;;AAOA,MAAIN,OAAO,CAACK,eAAZ,EAA6B;AAC3BI,IAAAA,MAAM,CAAC,kBAAD,CAAN,GAA6BT,OAAO,CAACK,eAArC;AACD,GAFD,MAEO,IAAIL,OAAO,CAACI,iBAAZ,EAA+B;AACpCK,IAAAA,MAAM,CAACC,IAAP,GAAcV,OAAO,CAACI,iBAAtB;AACD;;AAED,QAAM;AAAEO,IAAAA;AAAF,MAAmBH,GAAG,CAACR,OAA7B;;AACA,MAAIW,YAAJ,EAAkB;AAChBF,IAAAA,MAAM,CAAC,eAAD,CAAN,GAA0BE,YAA1B;AACD,GAlBqD,CAoBtD;;;AACA,SAAO,wDAAcF,MAAd,kBAA4B,CAA5B,CAAP;AACD,C,CAED;;;AACO,SAASG,mBAAT,CAA6BJ,GAA7B,EAAkCR,OAAlC,EAAwDa,IAAxD,EAAkG;AACvGd,EAAAA,eAAe,CAACC,OAAD,CAAf;AACA,MAAIc,IAAI,GAAGP,WAAW,CAACC,GAAD,EAAMR,OAAN,CAAtB;AAEA,QAAMe,OAAO,GAAG;AACd,oBAAgB;AADF,GAAhB;AAIA,SAAO,uBAAYP,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEH,IAAI,CAACI,QADY;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBC,IAAAA,IAAI,EAAEL,IAHgB;AAItBC,IAAAA;AAJsB,GAAjB,CAAP;AAMD;;AAEM,SAASK,gBAAT,CAA0BZ,GAA1B,EAA+BR,OAA/B,EAAqDqB,YAArD,EAAyG;AAAA;;AAC9G,SAAO,uBAAYb,GAAZ,EAAiB;AACtBQ,IAAAA,GAAG,EAAEK,YAAY,CAACJ,QADI;AAEtBC,IAAAA,MAAM,EAAE,MAFc;AAGtBH,IAAAA,OAAO,EAAE;AACP,sBAAgB;AADT,KAHa;AAOtBI,IAAAA,IAAI,EAAE,oDAAe;AACnBG,MAAAA,SAAS,EAAEtB,OAAO,CAACC,QADA;AACU;AAC7BsB,MAAAA,UAAU,EAAE,eAFO;AAEU;AAC7BC,MAAAA,KAAK,EAAEH,YAAY,CAACI,MAAb,CAAoBC,IAApB,CAAyB,GAAzB,CAHY;AAInBC,MAAAA,aAAa,EAAEN,YAAY,CAACA,YAJT,CAIuB;;AAJvB,KAAf,mBAKC,UAAU,CAACO,IAAD,EAAOC,KAAP,CAAV,EAAyB;AAC9B;AACA,aAAOD,IAAI,GAAG,GAAP,GAAaE,kBAAkB,CAACD,KAAD,CAAtC;AACD,KARK,EAQHH,IARG,CAQE,GARF;AAPgB,GAAjB,CAAP;AAiBD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n // Quick validation\n if (!options.clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n }\n\n if (!options.redirectUri) {\n throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n }\n\n if (!options.authorizationCode && !options.interactionCode) {\n throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n }\n\n if (!options.codeVerifier) {\n throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n // Convert Token params to OAuth params, sent to the /token endpoint\n var params: OAuthParams = removeNils({\n 'client_id': options.clientId,\n 'redirect_uri': options.redirectUri,\n 'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n 'code_verifier': options.codeVerifier\n });\n\n if (options.interactionCode) {\n params['interaction_code'] = options.interactionCode;\n } else if (options.authorizationCode) {\n params.code = options.authorizationCode;\n }\n\n const { clientSecret } = sdk.options;\n if (clientSecret) {\n params['client_secret'] = clientSecret;\n }\n\n // Encode as URL string\n return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n validateOptions(options);\n var data = getPostData(sdk, options);\n\n const headers = {\n 'Content-Type': 'application/x-www-form-urlencoded'\n };\n\n return httpRequest(sdk, {\n url: urls.tokenUrl,\n method: 'POST',\n args: data,\n headers\n });\n}\n\nexport function postRefreshToken(sdk, options: TokenParams, refreshToken: RefreshToken): Promise<OAuthResponse> {\n return httpRequest(sdk, {\n url: refreshToken.tokenUrl,\n method: 'POST',\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n\n args: Object.entries({\n client_id: options.clientId, // eslint-disable-line camelcase\n grant_type: 'refresh_token', // eslint-disable-line camelcase\n scope: refreshToken.scopes.join(' '),\n refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n }).map(function ([name, value]) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return name + '=' + encodeURIComponent(value!);\n }).join('&'),\n });\n}"],"file":"token.js"}
|
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var _findInstanceProperty = require("@babel/runtime-corejs3/core-js-stable/instance/find");
|
|
4
|
+
|
|
5
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
6
|
|
|
5
7
|
exports.getWellKnown = getWellKnown;
|
|
6
8
|
exports.getKey = getKey;
|
|
7
9
|
|
|
10
|
+
var _keys = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/keys"));
|
|
11
|
+
|
|
8
12
|
var _http = require("../../http");
|
|
9
13
|
|
|
10
14
|
var _util = require("../../util");
|
|
@@ -39,7 +43,7 @@ function getKey(sdk, issuer, kid) {
|
|
|
39
43
|
var cachedResponse = cacheContents[jwksUri];
|
|
40
44
|
|
|
41
45
|
if (cachedResponse && Date.now() / 1000 < cachedResponse.expiresAt) {
|
|
42
|
-
var cachedKey = (0, _util.
|
|
46
|
+
var cachedKey = (0, _findInstanceProperty(_util))((0, _keys.default)(cachedResponse.response), {
|
|
43
47
|
kid: kid
|
|
44
48
|
});
|
|
45
49
|
|
|
@@ -54,7 +58,7 @@ function getKey(sdk, issuer, kid) {
|
|
|
54
58
|
return (0, _http.get)(sdk, jwksUri, {
|
|
55
59
|
cacheResponse: true
|
|
56
60
|
}).then(function (res) {
|
|
57
|
-
var key = (0, _util.
|
|
61
|
+
var key = (0, _findInstanceProperty(_util))((0, _keys.default)(res), {
|
|
58
62
|
kid: kid
|
|
59
63
|
});
|
|
60
64
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/endpoints/well-known.ts"],"names":["getWellKnown","sdk","issuer","authServerUri","options","cacheResponse","getKey","kid","httpCache","storageManager","getHttpCache","cookies","then","wellKnown","jwksUri","cacheContents","getStorage","cachedResponse","Date","now","expiresAt","cachedKey","response","clearStorage","res","key","AuthSdkError"],"mappings":";;;;;;;;;;;AAYA;;AACA;;AAEA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,YAAT,CAAsBC,GAAtB,EAA8CC,MAA9C,EAA2F;AAChG,MAAIC,aAAa,GAAID,MAAM,IAAID,GAAG,CAACG,OAAJ,CAAYF,MAA3C;AACA,SAAO,eAAID,GAAJ,EAASE,aAAa,GAAG,mCAAzB,EAA8D;AACnEE,IAAAA,aAAa,EAAE;AADoD,GAA9D,CAAP;AAGD;;AAEM,SAASC,MAAT,CAAgBL,GAAhB,EAAwCC,MAAxC,EAAwDK,GAAxD,EAAsF;AAC3F,MAAIC,SAAS,GAAGP,GAAG,CAACQ,cAAJ,CAAmBC,YAAnB,CAAgCT,GAAG,CAACG,OAAJ,CAAYO,OAA5C,CAAhB;AAEA,SAAOX,YAAY,CAACC,GAAD,EAAMC,MAAN,CAAZ,CACNU,IADM,CACD,UAASC,SAAT,EAAoB;AACxB,QAAIC,OAAO,GAAGD,SAAS,CAAC,UAAD,CAAvB,CADwB,CAGxB;;AACA,QAAIE,aAAa,GAAGP,SAAS,CAACQ,UAAV,EAApB;AACA,QAAIC,cAAc,GAAGF,aAAa,CAACD,OAAD,CAAlC;;AACA,QAAIG,cAAc,IAAIC,IAAI,CAACC,GAAL,KAAW,IAAX,GAAkBF,cAAc,CAACG,SAAvD,EAAkE;AAChE,UAAIC,SAAS,GAAG,qDAAKJ,cAAc,CAACK,QAApB,GAAmC;AACjDf,QAAAA,GAAG,EAAEA;AAD4C,OAAnC,CAAhB;;AAIA,UAAIc,SAAJ,EAAe;AACb,eAAOA,SAAP;AACD;AACF,KAduB,CAgBxB;;;AACAb,IAAAA,SAAS,CAACe,YAAV,CAAuBT,OAAvB,EAjBwB,CAmBxB;;AACA,WAAO,eAAIb,GAAJ,EAASa,OAAT,EAAkB;AACvBT,MAAAA,aAAa,EAAE;AADQ,KAAlB,EAGNO,IAHM,CAGD,UAASY,GAAT,EAAc;AAClB,UAAIC,GAAG,GAAG,qDAAKD,GAAL,GAAe;AACvBjB,QAAAA,GAAG,EAAEA;AADkB,OAAf,CAAV;;AAIA,UAAIkB,GAAJ,EAAS;AACP,eAAOA,GAAP;AACD;;AAED,YAAM,IAAIC,qBAAJ,CAAiB,iBAAiBnB,GAAjB,GAAuB,uCAAxC,CAAN;AACD,KAbM,CAAP;AAcD,GAnCM,CAAP;AAoCD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthInterface, WellKnownResponse } from '../../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthInterface, issuer?: string): Promise<WellKnownResponse> {\n var authServerUri = (issuer || sdk.options.issuer);\n return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n cacheResponse: true\n });\n}\n\nexport function getKey(sdk: OktaAuthInterface, issuer: string, kid: string): Promise<string> {\n var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n return getWellKnown(sdk, issuer)\n .then(function(wellKnown) {\n var jwksUri = wellKnown['jwks_uri'];\n\n // Check our kid against the cached version (if it exists and isn't expired)\n var cacheContents = httpCache.getStorage();\n var cachedResponse = cacheContents[jwksUri];\n if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n var cachedKey = find(cachedResponse.response.keys, {\n kid: kid\n });\n\n if (cachedKey) {\n return cachedKey;\n }\n }\n\n // Remove cache for the key\n httpCache.clearStorage(jwksUri);\n\n // Pull the latest keys if the key wasn't in the cache\n return get(sdk, jwksUri, {\n cacheResponse: true\n })\n .then(function(res) {\n var key = find(res.keys, {\n kid: kid\n });\n\n if (key) {\n return key;\n }\n\n throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n });\n });\n}\n"],"file":"well-known.js"}
|
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.exchangeCodeForTokens = exchangeCodeForTokens;
|
|
4
6
|
|
|
7
|
+
var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
|
|
8
|
+
|
|
9
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
10
|
+
|
|
5
11
|
var _util = require("./util");
|
|
6
12
|
|
|
7
13
|
var _util2 = require("../util");
|
|
@@ -30,7 +36,7 @@ var _handleOAuthResponse = require("./handleOAuthResponse");
|
|
|
30
36
|
function exchangeCodeForTokens(sdk, tokenParams, urls) {
|
|
31
37
|
urls = urls || (0, _util.getOAuthUrls)(sdk, tokenParams); // build params using defaults + options
|
|
32
38
|
|
|
33
|
-
tokenParams =
|
|
39
|
+
tokenParams = (0, _assign.default)({}, (0, _util.getDefaultTokenParams)(sdk), (0, _util2.clone)(tokenParams));
|
|
34
40
|
const {
|
|
35
41
|
authorizationCode,
|
|
36
42
|
interactionCode,
|
|
@@ -49,12 +55,14 @@ function exchangeCodeForTokens(sdk, tokenParams, urls) {
|
|
|
49
55
|
codeVerifier
|
|
50
56
|
};
|
|
51
57
|
return (0, _token.postToTokenEndpoint)(sdk, getTokenOptions, urls).then(response => {
|
|
58
|
+
var _context;
|
|
59
|
+
|
|
52
60
|
// `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints
|
|
53
61
|
// Here we modify the response from `/token` so that it more closely matches a response from `/authorize`
|
|
54
62
|
// `responseType` is used to validate that the expected tokens were returned
|
|
55
63
|
const responseType = ['token']; // an accessToken will always be returned
|
|
56
64
|
|
|
57
|
-
if (scopes.
|
|
65
|
+
if ((0, _indexOf.default)(_context = scopes).call(_context, 'openid') !== -1) {
|
|
58
66
|
responseType.push('id_token'); // an idToken will be returned if "openid" is in the scopes
|
|
59
67
|
}
|
|
60
68
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/exchangeCodeForTokens.ts"],"names":["exchangeCodeForTokens","sdk","tokenParams","urls","authorizationCode","interactionCode","codeVerifier","clientId","redirectUri","scopes","ignoreSignature","state","getTokenOptions","then","response","responseType","push","handleResponseOptions","code","finally","transactionManager","clear"],"mappings":";;;;;;;;;;AAeA;;AACA;;AACA;;AACA;;AAlBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACO,SAASA,qBAAT,CAA+BC,GAA/B,EAAuDC,WAAvD,EAAiFC,IAAjF,EAA4H;AACjIA,EAAAA,IAAI,GAAGA,IAAI,IAAI,wBAAaF,GAAb,EAAkBC,WAAlB,CAAf,CADiI,CAEjI;;AACAA,EAAAA,WAAW,GAAG,qBAAc,EAAd,EAAkB,iCAAsBD,GAAtB,CAAlB,EAA8C,kBAAMC,WAAN,CAA9C,CAAd;AAEA,QAAM;AACJE,IAAAA,iBADI;AAEJC,IAAAA,eAFI;AAGJC,IAAAA,YAHI;AAIJC,IAAAA,QAJI;AAKJC,IAAAA,WALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,eAPI;AAQJC,IAAAA;AARI,MASFT,WATJ;AAWA,MAAIU,eAAe,GAAG;AACpBL,IAAAA,QADoB;AAEpBC,IAAAA,WAFoB;AAGpBJ,IAAAA,iBAHoB;AAIpBC,IAAAA,eAJoB;AAKpBC,IAAAA;AALoB,GAAtB;AAQA,SAAO,gCAAoBL,GAApB,EAAyBW,eAAzB,EAA0CT,IAA1C,EACJU,IADI,CACEC,QAAD,IAA6B;AAAA;;AAEjC;AACA;AACA;AACA,UAAMC,YAAY,GAAG,CAAC,OAAD,CAArB,CALiC,CAKD;;AAChC,QAAI,iCAAAN,MAAM,MAAN,WAAgB,QAAhB,MAA8B,CAAC,CAAnC,EAAsC;AACpCM,MAAAA,YAAY,CAACC,IAAb,CAAkB,UAAlB,EADoC,CACL;AAChC;;AACD,UAAMC,qBAAkC,GAAG;AACzCV,MAAAA,QADyC;AAEzCC,MAAAA,WAFyC;AAGzCC,MAAAA,MAHyC;AAIzCM,MAAAA,YAJyC;AAKzCL,MAAAA;AALyC,KAA3C;AAOA,WAAO,8CAAoBT,GAApB,EAAyBgB,qBAAzB,EAAgDH,QAAhD,EAA0DX,IAA1D,EACJU,IADI,CACEC,QAAD,IAA6B;AACjC;AACAA,MAAAA,QAAQ,CAACI,IAAT,GAAgBd,iBAAhB;AACAU,MAAAA,QAAQ,CAACH,KAAT,GAAiBA,KAAjB;AACA,aAAOG,QAAP;AACD,KANI,CAAP;AAOD,GAxBI,EAyBJK,OAzBI,CAyBI,MAAM;AACblB,IAAAA,GAAG,CAACmB,kBAAJ,CAAuBC,KAAvB;AACD,GA3BI,CAAP;AA4BD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OktaAuthInterface, TokenParams, TokenResponse } from '../types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n urls = urls || getOAuthUrls(sdk, tokenParams);\n // build params using defaults + options\n tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n const {\n authorizationCode,\n interactionCode,\n codeVerifier,\n clientId,\n redirectUri,\n scopes,\n ignoreSignature,\n state\n } = tokenParams;\n\n var getTokenOptions = {\n clientId,\n redirectUri,\n authorizationCode,\n interactionCode,\n codeVerifier,\n };\n\n return postToTokenEndpoint(sdk, getTokenOptions, urls)\n .then((response: OAuthResponse) => {\n\n // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n // `responseType` is used to validate that the expected tokens were returned\n const responseType = ['token']; // an accessToken will always be returned\n if (scopes!.indexOf('openid') !== -1) {\n responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n }\n const handleResponseOptions: TokenParams = {\n clientId,\n redirectUri,\n scopes,\n responseType,\n ignoreSignature,\n };\n return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n .then((response: TokenResponse) => {\n // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n response.code = authorizationCode;\n response.state = state!;\n return response;\n });\n })\n .finally(() => {\n sdk.transactionManager.clear();\n });\n}"],"file":"exchangeCodeForTokens.js"}
|
package/cjs/oidc/getToken.js
CHANGED
|
@@ -1,9 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
4
|
|
|
5
5
|
exports.getToken = getToken;
|
|
6
6
|
|
|
7
|
+
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
8
|
+
|
|
9
|
+
var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
|
|
10
|
+
|
|
7
11
|
var _util = require("./util");
|
|
8
12
|
|
|
9
13
|
var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
|
|
@@ -83,7 +87,7 @@ var _handleOAuthResponse = require("./handleOAuthResponse");
|
|
|
83
87
|
*/
|
|
84
88
|
function getToken(sdk, options) {
|
|
85
89
|
if (arguments.length > 2) {
|
|
86
|
-
return
|
|
90
|
+
return _promise.default.reject(new _AuthSdkError.default('As of version 3.0, "getToken" takes only a single set of options'));
|
|
87
91
|
}
|
|
88
92
|
|
|
89
93
|
options = options || {}; // window object cannot be serialized, save for later use
|
|
@@ -103,9 +107,9 @@ function getToken(sdk, options) {
|
|
|
103
107
|
};
|
|
104
108
|
|
|
105
109
|
if (options.sessionToken) {
|
|
106
|
-
|
|
110
|
+
(0, _assign.default)(tokenParams, sessionTokenOverrides);
|
|
107
111
|
} else if (options.idp) {
|
|
108
|
-
|
|
112
|
+
(0, _assign.default)(tokenParams, idpOverrides);
|
|
109
113
|
} // Use the query params to build the authorize url
|
|
110
114
|
|
|
111
115
|
|
|
@@ -160,7 +164,7 @@ function getToken(sdk, options) {
|
|
|
160
164
|
} // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.
|
|
161
165
|
|
|
162
166
|
|
|
163
|
-
var popupPromise = new
|
|
167
|
+
var popupPromise = new _promise.default(function (resolve, reject) {
|
|
164
168
|
var closePoller = setInterval(function () {
|
|
165
169
|
if (!popupWindow || popupWindow.closed) {
|
|
166
170
|
clearInterval(closePoller);
|