npm - @okta/okta-auth-js - Versions diffs - 6.0.0 → 6.1.0 - Mend

@okta/okta-auth-js 6.0.0 → 6.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (344) hide show

package/CHANGELOG.md +18 -0
package/README.md +5 -4
package/cjs/AuthStateManager.js +9 -2
package/cjs/AuthStateManager.js.map +1 -1
package/cjs/OktaAuth.js +67 -27
package/cjs/OktaAuth.js.map +1 -1
package/cjs/OktaUserAgent.js +2 -2
package/cjs/PromiseQueue.js +5 -1
package/cjs/PromiseQueue.js.map +1 -1
package/cjs/SavedObject.js +4 -2
package/cjs/SavedObject.js.map +1 -1
package/cjs/StorageManager.js +13 -8
package/cjs/StorageManager.js.map +1 -1
package/cjs/TokenManager.js +29 -19
package/cjs/TokenManager.js.map +1 -1
package/cjs/TransactionManager.js +9 -3
package/cjs/TransactionManager.js.map +1 -1
package/cjs/browser/browserStorage.js +18 -9
package/cjs/browser/browserStorage.js.map +1 -1
package/cjs/browser/fingerprint.js +9 -3
package/cjs/browser/fingerprint.js.map +1 -1
package/cjs/builderUtil.js +4 -2
package/cjs/builderUtil.js.map +1 -1
package/cjs/clock.js +5 -1
package/cjs/clock.js.map +1 -1
package/cjs/crypto/base64.js +18 -0
package/cjs/crypto/base64.js.map +1 -1
package/cjs/crypto/index.js +6 -4
package/cjs/crypto/index.js.map +1 -1
package/cjs/crypto/oidcHash.js +5 -1
package/cjs/crypto/oidcHash.js.map +1 -1
package/cjs/crypto/webauthn.js +101 -0
package/cjs/crypto/webauthn.js.map +1 -0
package/cjs/crypto/webcrypto.js +3 -1
package/cjs/crypto/webcrypto.js.map +1 -1
package/cjs/errors/AuthApiError.js +1 -1
package/cjs/errors/AuthPollStopError.js +1 -1
package/cjs/errors/AuthSdkError.js +1 -1
package/cjs/errors/CustomError.js +5 -1
package/cjs/errors/CustomError.js.map +1 -1
package/cjs/errors/OAuthError.js +1 -1
package/cjs/errors/index.js +1 -1
package/cjs/fetch/fetchRequest.js +18 -6
package/cjs/fetch/fetchRequest.js.map +1 -1
package/cjs/http/headers.js.map +1 -1
package/cjs/http/index.js +4 -2
package/cjs/http/index.js.map +1 -1
package/cjs/http/request.js +9 -5
package/cjs/http/request.js.map +1 -1
package/cjs/idx/authenticate.js.map +1 -1
package/cjs/idx/authenticator/Authenticator.js.map +1 -1
package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +1 -1
package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
package/cjs/idx/authenticator/SecurityQuestionVerification.js +1 -1
package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +1 -1
package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
package/cjs/idx/authenticator/WebauthnEnrollment.js +46 -0
package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -0
package/cjs/idx/authenticator/WebauthnVerification.js +55 -0
package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -0
package/cjs/idx/authenticator/getAuthenticator.js +13 -1
package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
package/cjs/idx/authenticator/index.js +34 -6
package/cjs/idx/authenticator/index.js.map +1 -1
package/cjs/idx/cancel.js.map +1 -1
package/cjs/idx/emailVerify.js +1 -1
package/cjs/idx/emailVerify.js.map +1 -1
package/cjs/idx/flow/AccountUnlockFlow.js +30 -0
package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -0
package/cjs/idx/flow/FlowSpecification.js +8 -0
package/cjs/idx/flow/FlowSpecification.js.map +1 -1
package/cjs/idx/flow/PasswordRecoveryFlow.js +4 -1
package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
package/cjs/idx/flow/index.js +20 -5
package/cjs/idx/flow/index.js.map +1 -1
package/cjs/idx/handleInteractionCodeRedirect.js +5 -1
package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
package/cjs/idx/headers.js +21 -5
package/cjs/idx/headers.js.map +1 -1
package/cjs/idx/idx-js/client.js +91 -0
package/cjs/idx/idx-js/client.js.map +1 -0
package/cjs/idx/idx-js/index.js +162 -0
package/cjs/idx/idx-js/index.js.map +1 -0
package/cjs/idx/idx-js/interact.js +83 -0
package/cjs/idx/idx-js/interact.js.map +1 -0
package/cjs/idx/idx-js/introspect.js +58 -0
package/cjs/idx/idx-js/introspect.js.map +1 -0
package/cjs/idx/idx-js/parsers.js +41 -0
package/cjs/idx/idx-js/parsers.js.map +1 -0
package/cjs/idx/idx-js/util.js +34 -0
package/cjs/idx/idx-js/util.js.map +1 -0
package/cjs/idx/idx-js/v1/actionParser.js +90 -0
package/cjs/idx/idx-js/v1/actionParser.js.map +1 -0
package/cjs/idx/idx-js/v1/generateIdxAction.js +117 -0
package/cjs/idx/idx-js/v1/generateIdxAction.js.map +1 -0
package/cjs/idx/idx-js/v1/idxResponseParser.js +137 -0
package/cjs/idx/idx-js/v1/idxResponseParser.js.map +1 -0
package/cjs/idx/idx-js/v1/makeIdxState.js +64 -0
package/cjs/idx/idx-js/v1/makeIdxState.js.map +1 -0
package/cjs/idx/idx-js/v1/parsers.js +24 -0
package/cjs/idx/idx-js/v1/parsers.js.map +1 -0
package/cjs/idx/idx-js/v1/remediationParser.js +32 -0
package/cjs/idx/idx-js/v1/remediationParser.js.map +1 -0
package/cjs/idx/index.js +120 -121
package/cjs/idx/index.js.map +1 -1
package/cjs/idx/interact.js +9 -4
package/cjs/idx/interact.js.map +1 -1
package/cjs/idx/introspect.js +6 -6
package/cjs/idx/introspect.js.map +1 -1
package/cjs/idx/poll.js +13 -3
package/cjs/idx/poll.js.map +1 -1
package/cjs/idx/proceed.js.map +1 -1
package/cjs/idx/recoverPassword.js.map +1 -1
package/cjs/idx/register.js +5 -1
package/cjs/idx/register.js.map +1 -1
package/cjs/idx/remediate.js +60 -29
package/cjs/idx/remediate.js.map +1 -1
package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +10 -4
package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
package/cjs/idx/remediators/AuthenticatorVerificationData.js +10 -6
package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
package/cjs/idx/remediators/Base/AuthenticatorData.js +28 -12
package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
package/cjs/idx/remediators/Base/Remediator.js +65 -31
package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
package/cjs/idx/remediators/Base/SelectAuthenticator.js +42 -27
package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
package/cjs/idx/remediators/Base/VerifyAuthenticator.js +16 -4
package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
package/cjs/idx/remediators/ChallengeAuthenticator.js +2 -2
package/cjs/idx/remediators/ChallengePoll.js +2 -2
package/cjs/idx/remediators/EnrollAuthenticator.js +2 -2
package/cjs/idx/remediators/EnrollPoll.js +16 -6
package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
package/cjs/idx/remediators/EnrollProfile.js +20 -8
package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
package/cjs/idx/remediators/EnrollmentChannelData.js +25 -9
package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
package/cjs/idx/remediators/Identify.js +5 -3
package/cjs/idx/remediators/Identify.js.map +1 -1
package/cjs/idx/remediators/ReEnrollAuthenticator.js +5 -3
package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
package/cjs/idx/remediators/RedirectIdp.js +2 -2
package/cjs/idx/remediators/ResetAuthenticator.js +2 -2
package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +6 -4
package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
package/cjs/idx/remediators/SelectAuthenticatorEnroll.js +2 -2
package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +72 -0
package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -0
package/cjs/idx/remediators/SelectEnrollProfile.js +2 -2
package/cjs/idx/remediators/SelectEnrollmentChannel.js +22 -10
package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
package/cjs/idx/remediators/Skip.js +5 -3
package/cjs/idx/remediators/Skip.js.map +1 -1
package/cjs/idx/remediators/index.js +33 -18
package/cjs/idx/remediators/index.js.map +1 -1
package/cjs/idx/remediators/util.js +13 -3
package/cjs/idx/remediators/util.js.map +1 -1
package/cjs/idx/run.js +30 -6
package/cjs/idx/run.js.map +1 -1
package/cjs/idx/startTransaction.js.map +1 -1
package/cjs/idx/transactionMeta.js.map +1 -1
package/cjs/idx/types/idx-js.js.map +1 -1
package/cjs/idx/types/index.js +45 -9
package/cjs/idx/types/index.js.map +1 -1
package/cjs/idx/unlockAccount.js +48 -0
package/cjs/idx/unlockAccount.js.map +1 -0
package/cjs/index.js +20 -14
package/cjs/index.js.map +1 -1
package/cjs/oidc/endpoints/authorize.js +8 -2
package/cjs/oidc/endpoints/authorize.js.map +1 -1
package/cjs/oidc/endpoints/index.js +5 -3
package/cjs/oidc/endpoints/index.js.map +1 -1
package/cjs/oidc/endpoints/token.js +15 -3
package/cjs/oidc/endpoints/token.js.map +1 -1
package/cjs/oidc/endpoints/well-known.js +7 -3
package/cjs/oidc/endpoints/well-known.js.map +1 -1
package/cjs/oidc/exchangeCodeForTokens.js +10 -2
package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
package/cjs/oidc/getToken.js +9 -5
package/cjs/oidc/getToken.js.map +1 -1
package/cjs/oidc/getUserInfo.js +7 -3
package/cjs/oidc/getUserInfo.js.map +1 -1
package/cjs/oidc/getWithPopup.js +8 -2
package/cjs/oidc/getWithPopup.js.map +1 -1
package/cjs/oidc/getWithRedirect.js +5 -1
package/cjs/oidc/getWithRedirect.js.map +1 -1
package/cjs/oidc/getWithoutPrompt.js +8 -2
package/cjs/oidc/getWithoutPrompt.js.map +1 -1
package/cjs/oidc/handleOAuthResponse.js +9 -3
package/cjs/oidc/handleOAuthResponse.js.map +1 -1
package/cjs/oidc/index.js +4 -2
package/cjs/oidc/index.js.map +1 -1
package/cjs/oidc/parseFromUrl.js +9 -3
package/cjs/oidc/parseFromUrl.js.map +1 -1
package/cjs/oidc/renewToken.js.map +1 -1
package/cjs/oidc/renewTokens.js +5 -1
package/cjs/oidc/renewTokens.js.map +1 -1
package/cjs/oidc/renewTokensWithRefresh.js +5 -1
package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
package/cjs/oidc/revokeToken.js +7 -3
package/cjs/oidc/revokeToken.js.map +1 -1
package/cjs/oidc/util/browser.js +5 -1
package/cjs/oidc/util/browser.js.map +1 -1
package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
package/cjs/oidc/util/errors.js.map +1 -1
package/cjs/oidc/util/index.js +14 -12
package/cjs/oidc/util/index.js.map +1 -1
package/cjs/oidc/util/loginRedirect.js +5 -1
package/cjs/oidc/util/loginRedirect.js.map +1 -1
package/cjs/oidc/util/oauth.js +4 -2
package/cjs/oidc/util/oauth.js.map +1 -1
package/cjs/oidc/util/oauthMeta.js.map +1 -1
package/cjs/oidc/util/pkce.js +11 -3
package/cjs/oidc/util/pkce.js.map +1 -1
package/cjs/oidc/util/prepareTokenParams.js +7 -5
package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
package/cjs/oidc/util/validateClaims.js +1 -1
package/cjs/oidc/util/validateClaims.js.map +1 -1
package/cjs/oidc/verifyToken.js +11 -3
package/cjs/oidc/verifyToken.js.map +1 -1
package/cjs/options.js +6 -4
package/cjs/options.js.map +1 -1
package/cjs/server/serverStorage.js +1 -0
package/cjs/server/serverStorage.js.map +1 -1
package/cjs/tx/AuthTransaction.js +15 -9
package/cjs/tx/AuthTransaction.js.map +1 -1
package/cjs/tx/api.js +8 -4
package/cjs/tx/api.js.map +1 -1
package/cjs/tx/index.js +7 -5
package/cjs/tx/index.js.map +1 -1
package/cjs/tx/poll.js +6 -4
package/cjs/tx/poll.js.map +1 -1
package/cjs/tx/util.js +5 -1
package/cjs/tx/util.js.map +1 -1
package/cjs/types/Transaction.js +10 -2
package/cjs/types/Transaction.js.map +1 -1
package/cjs/types/index.js +16 -14
package/cjs/types/index.js.map +1 -1
package/cjs/util/index.js +7 -5
package/cjs/util/index.js.map +1 -1
package/cjs/util/misc.js +5 -1
package/cjs/util/misc.js.map +1 -1
package/cjs/util/object.js +16 -6
package/cjs/util/object.js.map +1 -1
package/cjs/util/sharedStorage.js +5 -1
package/cjs/util/sharedStorage.js.map +1 -1
package/dist/okta-auth-js.min.js +1 -1
package/dist/okta-auth-js.min.js.LICENSE.txt +0 -12
package/dist/okta-auth-js.min.js.map +1 -1
package/dist/okta-auth-js.polyfill.js +1 -1
package/dist/okta-auth-js.polyfill.js.map +1 -1
package/dist/okta-auth-js.umd.js +1 -1
package/dist/okta-auth-js.umd.js.LICENSE.txt +0 -12
package/dist/okta-auth-js.umd.js.map +1 -1
package/esm/index.js +1601 -377
package/esm/index.js.map +1 -1
package/lib/OktaAuth.d.ts +6 -3
package/lib/StorageManager.d.ts +1 -1
package/lib/TokenManager.d.ts +2 -2
package/lib/TransactionManager.d.ts +1 -1
package/lib/browser/fingerprint.d.ts +2 -3
package/lib/crypto/base64.d.ts +2 -0
package/lib/crypto/webauthn.d.ts +25 -0
package/lib/http/headers.d.ts +2 -2
package/lib/http/request.d.ts +4 -4
package/lib/idx/authenticate.d.ts +2 -2
package/lib/idx/authenticator/Authenticator.d.ts +4 -5
package/lib/idx/authenticator/OktaPassword.d.ts +7 -9
package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +9 -8
package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +7 -7
package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +6 -2
package/lib/idx/authenticator/WebauthnEnrollment.d.ts +16 -0
package/lib/idx/authenticator/WebauthnVerification.d.ts +17 -0
package/lib/idx/authenticator/getAuthenticator.d.ts +1 -1
package/lib/idx/authenticator/index.d.ts +9 -0
package/lib/idx/cancel.d.ts +2 -2
package/lib/idx/emailVerify.d.ts +2 -2
package/lib/idx/flow/AccountUnlockFlow.d.ts +13 -0
package/lib/idx/flow/FlowSpecification.d.ts +2 -2
package/lib/idx/flow/index.d.ts +1 -0
package/lib/idx/headers.d.ts +3 -2
package/lib/idx/idx-js/client.d.ts +36 -0
package/lib/idx/idx-js/index.d.ts +51 -0
package/lib/idx/idx-js/interact.d.ts +25 -0
package/lib/idx/idx-js/introspect.d.ts +20 -0
package/lib/idx/idx-js/parsers.d.ts +15 -0
package/lib/idx/idx-js/util.d.ts +12 -0
package/lib/idx/idx-js/v1/actionParser.d.ts +16 -0
package/lib/idx/idx-js/v1/generateIdxAction.d.ts +13 -0
package/lib/idx/idx-js/v1/idxResponseParser.d.ts +20 -0
package/lib/idx/idx-js/v1/makeIdxState.d.ts +13 -0
package/lib/idx/idx-js/v1/parsers.d.ts +16 -0
package/lib/idx/idx-js/v1/remediationParser.d.ts +12 -0
package/lib/idx/index.d.ts +12 -11
package/lib/idx/interact.d.ts +3 -2
package/lib/idx/introspect.d.ts +2 -2
package/lib/idx/poll.d.ts +2 -2
package/lib/idx/proceed.d.ts +5 -4
package/lib/idx/recoverPassword.d.ts +2 -2
package/lib/idx/register.d.ts +2 -2
package/lib/idx/remediators/Base/AuthenticatorData.d.ts +2 -1
package/lib/idx/remediators/Base/Remediator.d.ts +1 -1
package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +3 -0
package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +7 -12
package/lib/idx/remediators/EnrollmentChannelData.d.ts +1 -0
package/lib/idx/remediators/SelectAuthenticatorUnlockAccount.d.ts +38 -0
package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +1 -0
package/lib/idx/remediators/index.d.ts +1 -0
package/lib/idx/run.d.ts +2 -2
package/lib/idx/startTransaction.d.ts +2 -2
package/lib/idx/transactionMeta.d.ts +7 -7
package/lib/idx/types/FlowIdentifier.d.ts +1 -1
package/lib/idx/types/idx-js.d.ts +36 -0
package/lib/idx/types/index.d.ts +21 -5
package/lib/idx/unlockAccount.d.ts +15 -0
package/lib/oidc/endpoints/well-known.d.ts +3 -3
package/lib/oidc/exchangeCodeForTokens.d.ts +2 -2
package/lib/oidc/getToken.d.ts +2 -2
package/lib/oidc/getWithPopup.d.ts +2 -2
package/lib/oidc/getWithRedirect.d.ts +2 -2
package/lib/oidc/getWithoutPrompt.d.ts +2 -2
package/lib/oidc/handleOAuthResponse.d.ts +2 -2
package/lib/oidc/renewToken.d.ts +2 -2
package/lib/oidc/renewTokensWithRefresh.d.ts +2 -2
package/lib/oidc/revokeToken.d.ts +2 -2
package/lib/oidc/util/browser.d.ts +2 -2
package/lib/oidc/util/defaultTokenParams.d.ts +2 -2
package/lib/oidc/util/errors.d.ts +2 -2
package/lib/oidc/util/loginRedirect.d.ts +4 -4
package/lib/oidc/util/oauth.d.ts +4 -4
package/lib/oidc/util/oauthMeta.d.ts +2 -2
package/lib/oidc/util/prepareTokenParams.d.ts +5 -5
package/lib/oidc/util/validateClaims.d.ts +2 -2
package/lib/oidc/verifyToken.d.ts +2 -2
package/lib/types/OktaAuthOptions.d.ts +1 -2
package/lib/types/Transaction.d.ts +2 -10
package/lib/types/api.d.ts +17 -5
package/lib/types/index.d.ts +0 -1
package/lib/util/sharedStorage.d.ts +1 -1
package/package.json +10 -7
package/polyfill/index.js +1 -0

package/cjs/oidc/revokeToken.js CHANGED Viewed

@@ -1,9 +1,11 @@
 "use strict";
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 exports.revokeToken = revokeToken;
+var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
 var _http = require("../http");
 var _util = require("../util");
@@ -30,6 +32,8 @@ var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
 /* eslint complexity:[0,8] */
 // refresh tokens have precedence to be revoked if no token is specified
 async function revokeToken(sdk, token) {
+  var _context;
   let accessToken = '';
   let refreshToken = '';
@@ -51,11 +55,11 @@ async function revokeToken(sdk, token) {
   var revokeUrl = (0, _oauth.getOAuthUrls)(sdk).revokeUrl;
-  var args = (0, _util.toQueryString)({
+  var args = (0, _slice.default)(_context = (0, _util.toQueryString)({
     // eslint-disable-next-line camelcase
     token_type_hint: refreshToken ? 'refresh_token' : 'access_token',
     token: refreshToken || accessToken
-  }).slice(1);
+  })).call(_context, 1);
   var creds = clientSecret ? (0, _crypto.btoa)(`${clientId}:${clientSecret}`) : (0, _crypto.btoa)(clientId);
   return (0, _http.post)(sdk, revokeUrl, args, {
     headers: {

package/cjs/oidc/revokeToken.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","~~slice","~~creds","headers"],"mappings":"~~;;;;;;~~AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,~~EAA0CC~~,~~KAA1C~~,~~EAA+E~~;~~AACpF~~,MAAIC,WAAW,GAAG,EAAlB;AACA,MAAIC,YAAY,GAAG,EAAnB;;AACA,MAAIF,KAAJ,EAAW;AACPC,IAAAA,WAAW,GAAID,KAAD,CAAuBC,WAArC;AACAC,IAAAA,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;AACH;;AACD,MAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;AAChC,UAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,MAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;AACA,MAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;AACA,MAAI,CAACF,QAAL,EAAe;AACb,UAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;AACD,~~GAdmF~~,~~CAepF~~;;;AACA,MAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;AACA,MAAIC,IAAI,GAAG,~~yBAAc~~;AACvB;AACAC,IAAAA,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;AAGvBF,IAAAA,KAAK,EAAEE,YAAY,IAAID;AAHA,GAAd,~~EAIRS~~,~~KAJQ,CAIF,~~CAJE,CAAX;AAKA,~~MAAIC~~,KAAK,~~GAAGL~~,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;AACA,SAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;~~AAChCI~~,IAAAA,OAAO,EAAE;AACP,sBAAgB,mCADT;AAEP,uBAAiB,WAAWD;AAFrB;AADuB,GAA3B,CAAP;AAMD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n ~~OktaAuth~~,\n RevocableToken,\n AccessToken,\n RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: ~~OktaAuth~~, token: RevocableToken): Promise<any> {\n let accessToken = '';\n let refreshToken = '';\n if (token) { \n accessToken = (token as AccessToken).accessToken;\n refreshToken = (token as RefreshToken).refreshToken; \n }\n if(!accessToken && !refreshToken) { \n throw new AuthSdkError('A valid access or refresh token object is required');\n }\n var clientId = sdk.options.clientId;\n var clientSecret = sdk.options.clientSecret;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n }\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n var args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n token: refreshToken \|\| accessToken,\n }).slice(1);\n var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n return post(sdk, revokeUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + creds\n }\n });\n}\n"],"file":"revokeToken.js"}
1	+ {"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","creds","headers"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAmDC,KAAnD,EAAwF;AAAA;;AAC7F,MAAIC,WAAW,GAAG,EAAlB;AACA,MAAIC,YAAY,GAAG,EAAnB;;AACA,MAAIF,KAAJ,EAAW;AACPC,IAAAA,WAAW,GAAID,KAAD,CAAuBC,WAArC;AACAC,IAAAA,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;AACH;;AACD,MAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;AAChC,UAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,MAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;AACA,MAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;AACA,MAAI,CAACF,QAAL,EAAe;AACb,UAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;AACD,GAd4F,CAe7F;;;AACA,MAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;AACA,MAAIC,IAAI,GAAG,wDAAc;AACvB;AACAC,IAAAA,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;AAGvBF,IAAAA,KAAK,EAAEE,YAAY,IAAID;AAHA,GAAd,kBAIF,CAJE,CAAX;AAKA,MAAIS,KAAK,GAAGJ,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;AACA,SAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;AAChCG,IAAAA,OAAO,EAAE;AACP,sBAAgB,mCADT;AAEP,uBAAiB,WAAWD;AAFrB;AADuB,GAA3B,CAAP;AAMD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n OktaAuthInterface,\n RevocableToken,\n AccessToken,\n RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthInterface, token: RevocableToken): Promise<any> {\n let accessToken = '';\n let refreshToken = '';\n if (token) { \n accessToken = (token as AccessToken).accessToken;\n refreshToken = (token as RefreshToken).refreshToken; \n }\n if(!accessToken && !refreshToken) { \n throw new AuthSdkError('A valid access or refresh token object is required');\n }\n var clientId = sdk.options.clientId;\n var clientSecret = sdk.options.clientSecret;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n }\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n var args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n token: refreshToken \|\| accessToken,\n }).slice(1);\n var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n return post(sdk, revokeUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + creds\n }\n });\n}\n"],"file":"revokeToken.js"}

package/cjs/oidc/util/browser.js CHANGED Viewed

@@ -1,11 +1,15 @@
 "use strict";
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 exports.addListener = addListener;
 exports.removeListener = removeListener;
 exports.loadFrame = loadFrame;
 exports.loadPopup = loadPopup;
 exports.addPostMessageListener = addPostMessageListener;
+var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
 var _errors = require("../../errors");
 /*!
@@ -56,7 +60,7 @@ function loadPopup(src, options) {
 function addPostMessageListener(sdk, timeout, state) {
   var responseHandler;
   var timeoutId;
-  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {
+  var msgReceivedOrTimeout = new _promise.default(function (resolve, reject) {
     responseHandler = function responseHandler(e) {
       if (!e.data || e.data.state !== state) {
         // A message not meant for us

package/cjs/oidc/util/browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","~~Promise","~~resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"mappings":"~~;;;;;;;;~~AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAIO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;;AAEM,SAASG,sBAAT,CAAgCC,GAAhC,~~EAA+CC~~,~~OAA/C~~,~~EAAwDC~~,~~KAAxD~~,~~EAA+D~~;~~AACpE~~,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,~~IAAIC~~,~~OAAJ,CAAY,~~UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;~~AAEhEL~~,IAAAA,eAAe,GAAG,SAASA,eAAT,~~CAAyBM~~,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,~~CAAOR~~,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,~~UAAIO~~,CAAC,CAACE,MAAF,~~KAAaX~~,GAAG,~~CAACY~~,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDN,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;~~AAgBApC~~,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,~~GAAGU~~,UAAU,CAAC,YAAY;AACjCN,MAAAA,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,~~EAEnBZ~~,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,~~CACxBU~~,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,~~CAACZ~~,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n/* global window, document /\n/ eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { ~~OktaAuth~~ } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle \|\| 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: ~~OktaAuth~~, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data \|\| e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout \|\| 120000);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n"],"file":"browser.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"mappings":";;;;;;;;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAIO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;;AAEM,SAASG,sBAAT,CAAgCC,GAAhC,EAAwDC,OAAxD,EAAiEC,KAAjE,EAAwE;AAC7E,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,qBAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEJ,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBK,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOP,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIM,CAAC,CAACE,MAAF,KAAaV,GAAG,CAACW,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDN,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBAnC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGS,UAAU,CAAC,YAAY;AACjCN,MAAAA,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnBX,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBS,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACX,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n/* global window, document /\n/ eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthInterface } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle \|\| 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuthInterface, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data \|\| e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout \|\| 120000);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n"],"file":"browser.js"}

package/cjs/oidc/util/defaultTokenParams.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,~~EAA2D~~;~~AAChE~~,QAAM;AACJC,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA;AARI,MASFR,GAAG,CAACS,OATR;AAUA,QAAMC,kBAAkB,GAAG,6BAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;AACA,SAAO,sBAAW;AAChBb,IAAAA,IADgB;AAEhBC,IAAAA,QAFgB;AAGhBC,IAAAA,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;AAIhBN,IAAAA,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;AAKhBC,IAAAA,YALgB;AAMhBE,IAAAA,KAAK,EAAEA,KAAK,IAAI,2BANA;AAOhBQ,IAAAA,KAAK,EAAE,2BAPS;AAQhBT,IAAAA,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;AAShBE,IAAAA;AATgB,GAAX,CAAP;AAWD","sourcesContent":["\n/* global window /\n/!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\nimport { generateNonce, generateState } from './oauth';\nimport { ~~OktaAuth~~, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: ~~OktaAuth~~): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n ignoreSignature\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri \|\| defaultRedirectUri,\n responseType: responseType \|\| ['token', 'id_token'],\n responseMode,\n state: state \|\| generateState(),\n nonce: generateNonce(),\n scopes: scopes \|\| ['openid', 'email'],\n ignoreSignature\n });\n}"],"file":"defaultTokenParams.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAAoE;AACzE,QAAM;AACJC,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA;AARI,MASFR,GAAG,CAACS,OATR;AAUA,QAAMC,kBAAkB,GAAG,6BAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;AACA,SAAO,sBAAW;AAChBb,IAAAA,IADgB;AAEhBC,IAAAA,QAFgB;AAGhBC,IAAAA,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;AAIhBN,IAAAA,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;AAKhBC,IAAAA,YALgB;AAMhBE,IAAAA,KAAK,EAAEA,KAAK,IAAI,2BANA;AAOhBQ,IAAAA,KAAK,EAAE,2BAPS;AAQhBT,IAAAA,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;AAShBE,IAAAA;AATgB,GAAX,CAAP;AAWD","sourcesContent":["\n/* global window /\n/!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthInterface, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n ignoreSignature\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri \|\| defaultRedirectUri,\n responseType: responseType \|\| ['token', 'id_token'],\n responseMode,\n state: state \|\| generateState(),\n nonce: generateNonce(),\n scopes: scopes \|\| ['openid', 'email'],\n ignoreSignature\n });\n}"],"file":"defaultTokenParams.js"}

package/cjs/oidc/util/errors.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,QAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,~~EAAiDL~~,~~KAAjD~~,~~EAA+D~~;~~AACpE~~,MAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;AACjC,WAAO,KAAP;AACD;;AACD,QAAMK,YAAY,GAAGN,KAArB,~~CAJoE~~,~~CAKpE~~;;AACA,QAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;AACA,QAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;AACA,SAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ~~OktaAuth~~ } from '../../types';\nimport { OAuthError, AuthApiError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: ~~OktaAuth~~, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n"],"file":"errors.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,QAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAA0DL,KAA1D,EAAwE;AAC7E,MAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;AACjC,WAAO,KAAP;AACD;;AACD,QAAMK,YAAY,GAAGN,KAArB,CAJ6E,CAK7E;;AACA,QAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;AACA,QAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;AACA,SAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthInterface } from '../../types';\nimport { OAuthError, AuthApiError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n"],"file":"errors.js"}

package/cjs/oidc/util/index.js CHANGED Viewed

@@ -1,6 +1,8 @@
 "use strict";
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _Object$keys = require("@babel/runtime-corejs3/core-js-stable/object/keys");
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 var _exportNames = {
   pkce: true
@@ -14,7 +16,7 @@ Object.defineProperty(exports, "pkce", {
 var _browser = require("./browser");
-Object.keys(_browser).forEach(function (key) {
+_Object$keys(_browser).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _browser[key]) return;
@@ -28,7 +30,7 @@ Object.keys(_browser).forEach(function (key) {
 var _defaultTokenParams = require("./defaultTokenParams");
-Object.keys(_defaultTokenParams).forEach(function (key) {
+_Object$keys(_defaultTokenParams).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _defaultTokenParams[key]) return;
@@ -42,7 +44,7 @@ Object.keys(_defaultTokenParams).forEach(function (key) {
 var _errors = require("./errors");
-Object.keys(_errors).forEach(function (key) {
+_Object$keys(_errors).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _errors[key]) return;
@@ -56,7 +58,7 @@ Object.keys(_errors).forEach(function (key) {
 var _loginRedirect = require("./loginRedirect");
-Object.keys(_loginRedirect).forEach(function (key) {
+_Object$keys(_loginRedirect).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _loginRedirect[key]) return;
@@ -70,7 +72,7 @@ Object.keys(_loginRedirect).forEach(function (key) {
 var _oauth = require("./oauth");
-Object.keys(_oauth).forEach(function (key) {
+_Object$keys(_oauth).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _oauth[key]) return;
@@ -84,7 +86,7 @@ Object.keys(_oauth).forEach(function (key) {
 var _oauthMeta = require("./oauthMeta");
-Object.keys(_oauthMeta).forEach(function (key) {
+_Object$keys(_oauthMeta).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _oauthMeta[key]) return;
@@ -100,7 +102,7 @@ var _pkce = _interopRequireDefault(require("./pkce"));
 var _prepareTokenParams = require("./prepareTokenParams");
-Object.keys(_prepareTokenParams).forEach(function (key) {
+_Object$keys(_prepareTokenParams).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _prepareTokenParams[key]) return;
@@ -114,7 +116,7 @@ Object.keys(_prepareTokenParams).forEach(function (key) {
 var _refreshToken = require("./refreshToken");
-Object.keys(_refreshToken).forEach(function (key) {
+_Object$keys(_refreshToken).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _refreshToken[key]) return;
@@ -128,7 +130,7 @@ Object.keys(_refreshToken).forEach(function (key) {
 var _urlParams = require("./urlParams");
-Object.keys(_urlParams).forEach(function (key) {
+_Object$keys(_urlParams).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _urlParams[key]) return;
@@ -142,7 +144,7 @@ Object.keys(_urlParams).forEach(function (key) {
 var _validateClaims = require("./validateClaims");
-Object.keys(_validateClaims).forEach(function (key) {
+_Object$keys(_validateClaims).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _validateClaims[key]) return;
@@ -156,7 +158,7 @@ Object.keys(_validateClaims).forEach(function (key) {
 var _validateToken = require("./validateToken");
-Object.keys(_validateToken).forEach(function (key) {
+_Object$keys(_validateToken).forEach(function (key) {
   if (key === "default" || key === "__esModule") return;
   if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
   if (key in exports && exports[key] === _validateToken[key]) return;

package/cjs/oidc/util/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":"~~;;;;;;;;;;;;;;~~AAcA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAEA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAcA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAEA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}

package/cjs/oidc/util/loginRedirect.js CHANGED Viewed

@@ -1,5 +1,7 @@
 "use strict";
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 exports.hasTokensInHash = hasTokensInHash;
 exports.hasAuthorizationCode = hasAuthorizationCode;
 exports.hasInteractionCode = hasInteractionCode;
@@ -10,6 +12,8 @@ exports.getHashOrSearch = getHashOrSearch;
 exports.isLoginRedirect = isLoginRedirect;
 exports.isInteractionRequired = isInteractionRequired;
+var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
 /*!
  * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
  * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
@@ -51,7 +55,7 @@ function isRedirectUri(uri, sdk) {
     return false;
   }
-  return uri.indexOf(authParams.redirectUri) === 0;
+  return (0, _indexOf.default)(uri).call(uri, authParams.redirectUri) === 0;
 }
 function isCodeFlow(options) {

package/cjs/oidc/util/loginRedirect.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","~~indexOf","~~isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":"~~;;;;;;;;;;;;~~AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,~~EAA4D~~;~~AACjE~~,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;;AACA,MAAI,CAACH,GAAD,IAAQ,CAACE,UAAU,CAACE,WAAxB,EAAqC;AACnC,WAAO,KAAP;AACD;;AACD,~~SAAOJ~~,GAAG,~~CAACK~~,~~OAAJ~~,~~CAAYH~~,UAAU,CAACE,~~WAAvB~~,~~MAAwC~~,CAA/C;AACD;;AAEM,~~SAASE~~,UAAT,~~CAAoBH~~,OAApB,EAA8C;AACnD,SAAOA,OAAO,~~CAACI~~,IAAR,~~IAAgBJ~~,OAAO,~~CAACK~~,YAAR,KAAyB,MAAzC,~~IAAmDL~~,OAAO,~~CAACM~~,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,~~CAAyBP~~,OAAzB,EAAmD;AACxD,~~MAAIQ~~,QAAQ,GAAGL,UAAU,~~CAACH~~,OAAD,CAAzB;AACA,~~MAAIS~~,QAAQ,GAAGD,QAAQ,~~IAAIR~~,OAAO,~~CAACM~~,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,~~CAAgBrB~~,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,~~SAASuB~~,eAAT,~~CAA0Bf~~,GAA1B,~~EAAyC~~;~~AAC9C~~;AACA,MAAI,CAACF,aAAa,~~CAACc~~,MAAM,CAACC,QAAP,CAAgBG,IAAjB,~~EAAuBhB~~,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,~~GAJ6C~~,~~CAM9C~~;;;AACA,~~MAAIU~~,QAAQ,GAAGL,UAAU,~~CAACL~~,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,~~GAAGc~~,eAAe,~~CAACT~~,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,~~MAAIe~~,QAAJ,EAAc;AACZ,QAAIO,OAAO,~~GAAIvB~~,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,~~WAAOsB~~,OAAP;AACD,~~GAjB6C~~,~~CAmB9C~~;;;AACA,~~SAAO1B~~,eAAe,~~CAACqB~~,MAAM,CAACC,QAAP,~~CAAgBrB~~,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,~~SAAS0B~~,qBAAT,~~CAAgClB~~,GAAhC,EAA+~~CL,YAA/C,EAAsE~~;~~AAC3E~~,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,~~CAACoB~~,eAAe,~~CAACf~~,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,~~GAAGc~~,eAAe,~~CAACT~~,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n/* global window /\n/ eslint-disable complexity, max-statements /\nimport { ~~OktaAuth~~, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /((id\|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /(error=)/i.test(hashOrSearch) \|\| /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: ~~OktaAuth~~): boolean {\n var authParams = sdk.options;\n if (!uri \|\| !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n return options.pkce \|\| options.responseType === 'code' \|\| options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/\n Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n /\nexport function isLoginRedirect (sdk: ~~OktaAuth~~) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) \|\| hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/\n Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: ~~OktaAuth~~, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":";;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAAqE;AAC1E,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;;AACA,MAAI,CAACH,GAAD,IAAQ,CAACE,UAAU,CAACE,WAAxB,EAAqC;AACnC,WAAO,KAAP;AACD;;AACD,SAAO,sBAAAJ,GAAG,MAAH,CAAAA,GAAG,EAASE,UAAU,CAACE,WAApB,CAAH,KAAwC,CAA/C;AACD;;AAEM,SAASC,UAAT,CAAoBF,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACG,IAAR,IAAgBH,OAAO,CAACI,YAAR,KAAyB,MAAzC,IAAmDJ,OAAO,CAACK,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBN,OAAzB,EAAmD;AACxD,MAAIO,QAAQ,GAAGL,UAAU,CAACF,OAAD,CAAzB;AACA,MAAIQ,QAAQ,GAAGD,QAAQ,IAAIP,OAAO,CAACK,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBpB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASsB,eAAT,CAA0Bd,GAA1B,EAAkD;AACvD;AACA,MAAI,CAACF,aAAa,CAACa,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBf,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJsD,CAMvD;;;AACA,MAAIS,QAAQ,GAAGL,UAAU,CAACJ,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIc,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAItB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOqB,OAAP;AACD,GAjBsD,CAmBvD;;;AACA,SAAOzB,eAAe,CAACoB,MAAM,CAACC,QAAP,CAAgBpB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASyB,qBAAT,CAAgCjB,GAAhC,EAAwDL,YAAxD,EAA+E;AACpF,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,CAACmB,eAAe,CAACd,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n/* global window /\n/ eslint-disable complexity, max-statements /\nimport { OktaAuthInterface, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /((id\|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /(error=)/i.test(hashOrSearch) \|\| /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthInterface): boolean {\n var authParams = sdk.options;\n if (!uri \|\| !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n return options.pkce \|\| options.responseType === 'code' \|\| options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/\n Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n /\nexport function isLoginRedirect (sdk: OktaAuthInterface) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) \|\| hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/\n Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthInterface, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}

package/cjs/oidc/util/oauth.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 exports.generateState = generateState;
 exports.generateNonce = generateNonce;
@@ -8,6 +8,8 @@ exports.getOAuthBaseUrl = getOAuthBaseUrl;
 exports.getOAuthDomain = getOAuthDomain;
 exports.getOAuthUrls = getOAuthUrls;
+var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
 var _util = require("../../util");
 var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"));
@@ -41,7 +43,7 @@ function getIssuer(sdk, options = {}) {
 function getOAuthBaseUrl(sdk, options = {}) {
   const issuer = getIssuer(sdk, options);
-  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';
+  const baseUrl = (0, _indexOf.default)(issuer).call(issuer, '/oauth2') > 0 ? issuer : issuer + '/oauth2';
   return baseUrl;
 }

package/cjs/oidc/util/oauth.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","~~indexOf","~~getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":"~~;;;;;;;;;;~~AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,~~EAAkCC~~,OAAmB,GAAG,~~EAAxD~~,~~EAA4D~~;~~AAC1D~~,QAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,~~EAAwCC~~,OAAmB,GAAG,~~EAA9D~~,~~EAAkE~~;~~AACvE~~,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMG,OAAO,~~GAAGF~~,MAAM,~~CAACG~~,~~OAAP~~,~~CAAe~~,~~SAAf~~,~~IAA4B~~,CAA5B,~~GAAgCH~~,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;;AAEM,~~SAASE~~,cAAT,~~CAAwBN~~,GAAxB,~~EAAuCC~~,OAAmB,GAAG,~~EAA7D~~,~~EAAiE~~;~~AACtE~~,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,~~QAAMM~~,MAAM,~~GAAGL~~,MAAM,~~CAACM~~,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,~~CAAsBT~~,GAAtB,~~EAAqCC~~,~~OAArC~~,~~EAAuE~~;~~AAC5E~~,~~MAAIS~~,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,UAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;AACD;;~~AACDX~~,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,~~CAJ4E~~,~~CAM5E~~;;AACA,~~MAAIY~~,YAAY,GAAG,+~~BAAoBZ~~,OAAO,~~CAACY~~,YAA5B,~~KAA6Cb~~,GAAG,CAACC,OAAJ,~~CAAYY~~,YAA5E;AACA,~~MAAIX~~,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;AACA,~~MAAIa~~,WAAW,GAAG,+~~BAAoBb~~,OAAO,~~CAACa~~,WAA5B,~~KAA4Cd~~,GAAG,CAACC,OAAJ,~~CAAYa~~,WAA1E;AACA,MAAIC,QAAQ,GAAG,+~~BAAoBd~~,OAAO,~~CAACc~~,QAA5B,~~KAAyCf~~,GAAG,CAACC,OAAJ,~~CAAYc~~,QAApE;AACA,MAAIC,SAAS,GAAG,+~~BAAoBf~~,OAAO,~~CAACe~~,SAA5B,~~KAA0ChB~~,GAAG,CAACC,OAAJ,~~CAAYe~~,SAAtE;AACA,MAAIC,SAAS,GAAG,+~~BAAoBhB~~,OAAO,~~CAACgB~~,SAA5B,~~KAA0CjB~~,GAAG,CAACC,OAAJ,~~CAAYgB~~,SAAtE;AAEA,~~MAAIb~~,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;~~AAEAY~~,EAAAA,YAAY,GAAGA,YAAY,~~IAAIT~~,OAAO,GAAG,eAAzC;~~AACAU~~,EAAAA,WAAW,GAAGA,WAAW,~~IAAIV~~,OAAO,GAAG,cAAvC;~~AACAW~~,EAAAA,QAAQ,GAAGA,QAAQ,~~IAAIX~~,OAAO,GAAG,WAAjC;~~AACAa~~,EAAAA,SAAS,GAAGA,SAAS,~~IAAIb~~,OAAO,GAAG,YAAnC;~~AACAY~~,EAAAA,SAAS,GAAGA,SAAS,~~IAAIZ~~,OAAO,GAAG,YAAnC;AAEA,SAAO;AACLF,IAAAA,MAAM,EAAEA,MADH;~~AAELW~~,IAAAA,YAAY,EAAEA,YAFT;AAGLC,IAAAA,WAAW,EAAEA,WAHR;AAILC,IAAAA,QAAQ,EAAEA,QAJL;AAKLE,IAAAA,SAAS,EAAEA,SALN;AAMLD,IAAAA,SAAS,EAAEA;AANN,GAAP;AAQD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { ~~OktaAuth~~, CustomUrls } from '../../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: ~~OktaAuth~~, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) \|\| sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: ~~OktaAuth~~, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: ~~OktaAuth~~, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: ~~OktaAuth~~, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options \|\| {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) \|\| sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) \|\| sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) \|\| sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) \|\| sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) \|\| sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl \|\| baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl \|\| baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl \|\| baseUrl + '/v1/token';\n revokeUrl = revokeUrl \|\| baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl \|\| baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n"],"file":"oauth.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAA2CC,OAAmB,GAAG,EAAjE,EAAqE;AACnE,QAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAiDC,OAAmB,GAAG,EAAvE,EAA2E;AAChF,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMG,OAAO,GAAG,sBAAAF,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBL,GAAxB,EAAgDC,OAAmB,GAAG,EAAtE,EAA0E;AAC/E,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMK,MAAM,GAAGJ,MAAM,CAACK,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBR,GAAtB,EAA8CC,OAA9C,EAAgF;AACrF,MAAIQ,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,UAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;AACD;;AACDV,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJqF,CAMrF;;AACA,MAAIW,YAAY,GAAG,+BAAoBX,OAAO,CAACW,YAA5B,KAA6CZ,GAAG,CAACC,OAAJ,CAAYW,YAA5E;AACA,MAAIV,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;AACA,MAAIY,WAAW,GAAG,+BAAoBZ,OAAO,CAACY,WAA5B,KAA4Cb,GAAG,CAACC,OAAJ,CAAYY,WAA1E;AACA,MAAIC,QAAQ,GAAG,+BAAoBb,OAAO,CAACa,QAA5B,KAAyCd,GAAG,CAACC,OAAJ,CAAYa,QAApE;AACA,MAAIC,SAAS,GAAG,+BAAoBd,OAAO,CAACc,SAA5B,KAA0Cf,GAAG,CAACC,OAAJ,CAAYc,SAAtE;AACA,MAAIC,SAAS,GAAG,+BAAoBf,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;AAEA,MAAIZ,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;AAEAW,EAAAA,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;AACAS,EAAAA,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;AACAU,EAAAA,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;AACAY,EAAAA,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;AACAW,EAAAA,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;AAEA,SAAO;AACLF,IAAAA,MAAM,EAAEA,MADH;AAELU,IAAAA,YAAY,EAAEA,YAFT;AAGLC,IAAAA,WAAW,EAAEA,WAHR;AAILC,IAAAA,QAAQ,EAAEA,QAJL;AAKLE,IAAAA,SAAS,EAAEA,SALN;AAMLD,IAAAA,SAAS,EAAEA;AANN,GAAP;AAQD","sourcesContent":["/!\n Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) \|\| sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthInterface, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options \|\| {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) \|\| sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) \|\| sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) \|\| sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) \|\| sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) \|\| sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl \|\| baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl \|\| baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl \|\| baseUrl + '/v1/token';\n revokeUrl = revokeUrl \|\| baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl \|\| baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n"],"file":"oauth.js"}

package/cjs/oidc/util/oauthMeta.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,~~CAAyBC~~,~~GAAzB~~,~~EAAwCC~~,~~WAAxC~~,~~EAA8G~~;~~AACnH~~,QAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;AACA,QAAME,IAAI,GAAG,yBAAaJ,GAAb,EAAkBC,WAAlB,CAAb;AACA,QAAMI,SAA+B,GAAG;AACtCH,IAAAA,MADsC;AAEtCE,IAAAA,IAFsC;AAGtCE,IAAAA,QAAQ,EAAEL,WAAW,CAACK,QAHgB;AAItCC,IAAAA,WAAW,EAAEN,WAAW,CAACM,WAJa;AAKtCC,IAAAA,YAAY,EAAEP,WAAW,CAACO,YALY;AAMtCC,IAAAA,YAAY,EAAER,WAAW,CAACQ,YANY;AAOtCC,IAAAA,MAAM,EAAET,WAAW,CAACS,MAPkB;AAQtCC,IAAAA,KAAK,EAAEV,WAAW,CAACU,KARmB;AAStCC,IAAAA,KAAK,EAAEX,WAAW,CAACW,KATmB;AAUtCC,IAAAA,eAAe,EAAEZ,WAAW,CAACY;AAVS,GAAxC;;AAaA,MAAIZ,WAAW,CAACa,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOT,SAAP;AACD;;AAED,QAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;AAEpCW,IAAAA,YAAY,EAAEf,WAAW,CAACe,YAFU;AAGpCC,IAAAA,mBAAmB,EAAEhB,WAAW,CAACgB,mBAHG;AAIpCC,IAAAA,aAAa,EAAEjB,WAAW,CAACiB;AAJS,GAAtC;AAOA,SAAOH,QAAP;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, ~~OktaAuth~~, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(sdk: ~~OktaAuth~~, tokenParams: TokenParams): OAuthTransactionMeta \| PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n"],"file":"oauthMeta.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;AAC5C,QAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;AACA,QAAME,IAAI,GAAG,yBAAaJ,GAAb,EAAkBC,WAAlB,CAAb;AACA,QAAMI,SAA+B,GAAG;AACtCH,IAAAA,MADsC;AAEtCE,IAAAA,IAFsC;AAGtCE,IAAAA,QAAQ,EAAEL,WAAW,CAACK,QAHgB;AAItCC,IAAAA,WAAW,EAAEN,WAAW,CAACM,WAJa;AAKtCC,IAAAA,YAAY,EAAEP,WAAW,CAACO,YALY;AAMtCC,IAAAA,YAAY,EAAER,WAAW,CAACQ,YANY;AAOtCC,IAAAA,MAAM,EAAET,WAAW,CAACS,MAPkB;AAQtCC,IAAAA,KAAK,EAAEV,WAAW,CAACU,KARmB;AAStCC,IAAAA,KAAK,EAAEX,WAAW,CAACW,KATmB;AAUtCC,IAAAA,eAAe,EAAEZ,WAAW,CAACY;AAVS,GAAxC;;AAaA,MAAIZ,WAAW,CAACa,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOT,SAAP;AACD;;AAED,QAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;AAEpCW,IAAAA,YAAY,EAAEf,WAAW,CAACe,YAFU;AAGpCC,IAAAA,mBAAmB,EAAEhB,WAAW,CAACgB,mBAHG;AAIpCC,IAAAA,aAAa,EAAEjB,WAAW,CAACiB;AAJS,GAAtC;AAOA,SAAOH,QAAP;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n sdk: OktaAuthInterface, \n tokenParams: TokenParams\n): OAuthTransactionMeta \| PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n"],"file":"oauthMeta.js"}

package/cjs/oidc/util/pkce.js CHANGED Viewed

@@ -1,7 +1,13 @@
 "use strict";
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 exports.default = void 0;
+var _from = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/array/from"));
+var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
 var _crypto = require("../../crypto");
 var _constants = require("../../constants");
@@ -29,18 +35,20 @@ function getRandomString(length) {
   _crypto.webcrypto.getRandomValues(a);
-  var str = Array.from(a, dec2hex).join('');
-  return str.slice(0, length);
+  var str = (0, _from.default)(a, dec2hex).join('');
+  return (0, _slice.default)(str).call(str, 0, length);
 }
 function generateVerifier(prefix) {
+  var _context;
   var verifier = prefix || '';
   if (verifier.length < _constants.MIN_VERIFIER_LENGTH) {
     verifier = verifier + getRandomString(_constants.MIN_VERIFIER_LENGTH - verifier.length);
   }
-  return encodeURIComponent(verifier).slice(0, _constants.MAX_VERIFIER_LENGTH);
+  return (0, _slice.default)(_context = encodeURIComponent(verifier)).call(_context, 0, _constants.MAX_VERIFIER_LENGTH);
 }
 function computeChallenge(str) {

package/cjs/oidc/util/pkce.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","~~Array","from","~~join","~~slice","~~generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"mappings":"~~;;;;~~AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;~~AAKD~~,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;AACAK,oBAAUC,eAAV,CAA0BL,CAA1B;;AACA,MAAIM,GAAG,~~GAAGC~~,~~KAAK~~,~~CAACC,IAAN,CAAWR,~~CAAX,EAAcN,OAAd,~~EAAuBe~~,IAAvB,CAA4B,EAA5B,CAAV;AACA,~~SAAOH~~,GAAG,~~CAACI~~,~~KAAJ~~,~~CAAU~~,~~CAAV~~,~~EAAaX~~,~~MAAb~~,~~CAAP~~;AACD;;AAED,~~SAASY~~,gBAAT,CAA0BC,MAA1B,EAAmD;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,~~CAACd~~,MAAT,~~GAAkBe~~,8BAAtB,EAA2C;AACzCD,IAAAA,QAAQ,GAAGA,QAAQ,~~GAAGf~~,eAAe,~~CAACgB~~,iCAAsBD,QAAQ,~~CAACd~~,MAAhC,CAArC;AACD;;AACD,~~SAAOgB~~,kBAAkB,CAACF,QAAD,CAAlB,~~CAA6BH~~,~~KAA7B,CAAmC,~~CAAnC,~~EAAsCM~~,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,~~CAA0BX~~,GAA1B,EAAyD;AACvD,~~MAAIY~~,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,~~CAAyBd~~,GAAzB,CAAb;AACA,SAAOF,~~kBAAUiB~~,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,~~IAAI3B~~,UAAJ,~~CAAeuB~~,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;eAEc;AACbC,EAAAA,6BAA6B,EAA7BA,wCADa;AAEbnB,EAAAA,gBAFa;AAGbM,EAAAA;AAHa,C","sourcesContent":["/!\n Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\~~nimport { webcrypto } from '../../crypto';\~~n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix \|\| '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n"],"file":"pkce.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;AACAK,oBAAUC,eAAV,CAA0BL,CAA1B;;AACA,MAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;AACA,SAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;AAAA;;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;AACzCD,IAAAA,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,iCAAsBD,QAAQ,CAACX,MAAhC,CAArC;AACD;;AACD,SAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;AACvD,MAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;AACA,SAAOF,kBAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;eAEc;AACbC,EAAAA,6BAA6B,EAA7BA,wCADa;AAEbnB,EAAAA,gBAFa;AAGbM,EAAAA;AAHa,C","sourcesContent":["/!\n Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix \|\| '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n"],"file":"pkce.js"}

package/cjs/oidc/util/prepareTokenParams.js CHANGED Viewed

@@ -1,18 +1,18 @@
 "use strict";
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 exports.assertPKCESupport = assertPKCESupport;
 exports.validateCodeChallengeMethod = validateCodeChallengeMethod;
 exports.preparePKCE = preparePKCE;
 exports.prepareTokenParams = prepareTokenParams;
+var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
 var _wellKnown = require("../endpoints/well-known");
 var _errors = require("../../errors");
-var _util = require("../../util");
 var _defaultTokenParams = require("./defaultTokenParams");
 var _constants = require("../../constants");
@@ -58,7 +58,7 @@ async function validateCodeChallengeMethod(sdk, codeChallengeMethod) {
   const wellKnownResponse = await (0, _wellKnown.getWellKnown)(sdk);
   var methods = wellKnownResponse['code_challenge_methods_supported'] || [];
-  if (methods.indexOf(codeChallengeMethod) === -1) {
+  if ((0, _indexOf.default)(methods).call(methods, codeChallengeMethod) === -1) {
     throw new _errors.AuthSdkError('Invalid code_challenge_method');
   }
@@ -96,7 +96,9 @@ async function preparePKCE(sdk, tokenParams) {
 async function prepareTokenParams(sdk, tokenParams = {}) {
   // build params using defaults + options
   const defaults = (0, _defaultTokenParams.getDefaultTokenParams)(sdk);
-  tokenParams = Object.assign({}, defaults, (0, _util.clone)(tokenParams));
+  tokenParams = { ...defaults,
+    ...tokenParams
+  };
   if (tokenParams.pkce === false) {
     // Implicit flow or authorization_code without PKCE

package/cjs/oidc/util/prepareTokenParams.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","methods","~~indexOf","~~preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","~~Object","assign","~~pkce"],"mappings":"~~;;;;;;;;;~~AAaA;;AACA;;AAEA;;AACA;;AACA;;~~AACA~~;;~~AAnBA;;~~AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;~~AASO~~,SAASA,iBAAT,CAA2BC,GAA3B,~~EAA0C~~;~~AAC/C~~,MAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;AACnC,QAAIC,YAAY,GAAG,qFAAnB;;AACA,QAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;AAC3B;AACAD,MAAAA,YAAY,IAAI,kGAAhB;AACD;;AACD,QAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;AAClC;AACAF,MAAAA,YAAY,IAAI,wGAAhB;AACD;;AACD,UAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;AACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,~~EAA0DQ~~,~~mBAA1D~~,~~EAAwF~~;~~AAC7F~~;AACAA,EAAAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,~~CAF6F~~,~~CAI7F~~;;AACA,QAAMC,iBAAiB,GAAG,MAAM,6BAAaX,GAAb,CAAhC;AACA,MAAIY,OAAO,GAAGD,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;AACA,~~MAAIC~~,OAAO,~~CAACC~~,~~OAAR~~,~~CAAgBL~~,~~mBAAhB~~,~~MAAyC~~,CAAC,CAA9C,EAAiD;AAC/C,UAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;AACD;;AACD,SAAOE,mBAAP;AACD;;AAEM,~~eAAeM~~,WAAf,~~CACLd~~,GADK,~~EAELe~~,WAFK,EAGiB;AACtB,MAAI;AACFC,IAAAA,YADE;AAEFC,IAAAA,aAFE;~~AAGFT~~,IAAAA;AAHE,~~MAIAO~~,WAJJ,CADsB,CAOtB;;AACAE,EAAAA,aAAa,GAAGA,aAAa,~~IAAIjB~~,GAAG,CAACS,OAAJ,~~CAAYQ~~,aAA7C;;AACA,MAAI,CAACA,aAAL,EAAoB;~~AAClBlB~~,IAAAA,iBAAiB,CAACC,GAAD,CAAjB;~~AACAgB~~,IAAAA,YAAY,GAAGA,YAAY,IAAIE,cAAKC,gBAAL,EAA/B;AACAF,IAAAA,aAAa,GAAG,MAAMC,cAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;AACD;;~~AACDR~~,EAAAA,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;~~AACAO~~,EAAAA,WAAW,GAAG,EACZ,GAAGA,WADS;AAEZM,IAAAA,YAAY,EAAE,MAFF;AAEU;AACtBL,IAAAA,YAHY;AAIZC,IAAAA,aAJY;~~AAKZT~~,IAAAA;AALY,GAAd;AAQA,~~SAAOO~~,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,~~CACLtB~~,GADK,~~EAELe~~,WAAwB,GAAG,EAFtB,EAGiB;AACtB;AACA,QAAMQ,QAAQ,GAAG,+~~CAAsBvB~~,GAAtB,CAAjB;~~AACAe~~,EAAAA,WAAW,~~GAAGS~~,~~MAAM~~,~~CAACC~~,~~MAAP~~,~~CAAc~~,~~EAAd,EAAkBF,QAAlB,EAA4B,iBAAMR,WAAN,CAA5B,CAAd~~;;AAEA,MAAIA,WAAW,~~CAACW~~,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,~~WAAOX~~,WAAP;AACD;;AAED,SAAOD,WAAW,~~CAACd~~,GAAD,~~EAAMe~~,WAAN,CAAlB;AACD","sourcesContent":["/* eslint-disable complexity /\n/!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { ~~OktaAuth~~, TokenParams } from '../../types';\nimport { ~~clone } from '../../util';\nimport {~~ getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: ~~OktaAuth~~) {\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n throw new AuthSdkError(errorMessage);\n }\n}\n\nexport async function validateCodeChallengeMethod(sdk: ~~OktaAuth~~, codeChallengeMethod?: string) {\n // set default code challenge method, if none provided\n codeChallengeMethod = codeChallengeMethod \|\| sdk.options.codeChallengeMethod \|\| DEFAULT_CODE_CHALLENGE_METHOD;\n\n // validate against .well-known/openid-configuration\n const wellKnownResponse = await getWellKnown(sdk);\n var methods = wellKnownResponse['code_challenge_methods_supported'] \|\| [];\n if (methods.indexOf(codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n sdk: ~~OktaAuth~~, \n tokenParams: TokenParams\n): Promise<TokenParams> {\n let {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n } = tokenParams;\n\n // PKCE calculations can be avoided by passing a codeChallenge\n codeChallenge = codeChallenge \|\| sdk.options.codeChallenge;\n if (!codeChallenge) {\n assertPKCESupport(sdk);\n codeVerifier = codeVerifier \|\| PKCE.generateVerifier();\n codeChallenge = await PKCE.computeChallenge(codeVerifier);\n }\n codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n // Clone/copy the params. Set PKCE values\n tokenParams = {\n ...tokenParams,\n responseType: 'code', // responseType is forced\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n sdk: ~~OktaAuth~~,\n tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = ~~Object.assign(~~{}, defaults, ~~clone(~~tokenParams));\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return tokenParams;\n }\n\n return preparePKCE(sdk, tokenParams);\n}"],"file":"prepareTokenParams.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","methods","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","pkce"],"mappings":";;;;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,SAASA,iBAAT,CAA2BC,GAA3B,EAAmD;AACxD,MAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;AACnC,QAAIC,YAAY,GAAG,qFAAnB;;AACA,QAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;AAC3B;AACAD,MAAAA,YAAY,IAAI,kGAAhB;AACD;;AACD,QAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;AAClC;AACAF,MAAAA,YAAY,IAAI,wGAAhB;AACD;;AACD,UAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;AACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAAmEQ,mBAAnE,EAAiG;AACtG;AACAA,EAAAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAFsG,CAItG;;AACA,QAAMC,iBAAiB,GAAG,MAAM,6BAAaX,GAAb,CAAhC;AACA,MAAIY,OAAO,GAAGD,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;AACA,MAAI,sBAAAC,OAAO,MAAP,CAAAA,OAAO,EAASJ,mBAAT,CAAP,KAAyC,CAAC,CAA9C,EAAiD;AAC/C,UAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;AACD;;AACD,SAAOE,mBAAP;AACD;;AAEM,eAAeK,WAAf,CACLb,GADK,EAELc,WAFK,EAGiB;AACtB,MAAI;AACFC,IAAAA,YADE;AAEFC,IAAAA,aAFE;AAGFR,IAAAA;AAHE,MAIAM,WAJJ,CADsB,CAOtB;;AACAE,EAAAA,aAAa,GAAGA,aAAa,IAAIhB,GAAG,CAACS,OAAJ,CAAYO,aAA7C;;AACA,MAAI,CAACA,aAAL,EAAoB;AAClBjB,IAAAA,iBAAiB,CAACC,GAAD,CAAjB;AACAe,IAAAA,YAAY,GAAGA,YAAY,IAAIE,cAAKC,gBAAL,EAA/B;AACAF,IAAAA,aAAa,GAAG,MAAMC,cAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;AACD;;AACDP,EAAAA,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;AACAM,EAAAA,WAAW,GAAG,EACZ,GAAGA,WADS;AAEZM,IAAAA,YAAY,EAAE,MAFF;AAEU;AACtBL,IAAAA,YAHY;AAIZC,IAAAA,aAJY;AAKZR,IAAAA;AALY,GAAd;AAQA,SAAOM,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLrB,GADK,EAELc,WAAwB,GAAG,EAFtB,EAGiB;AACtB;AACA,QAAMQ,QAAQ,GAAG,+CAAsBtB,GAAtB,CAAjB;AACAc,EAAAA,WAAW,GAAG,EAAE,GAAGQ,QAAL;AAAe,OAAGR;AAAlB,GAAd;;AAEA,MAAIA,WAAW,CAACS,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOT,WAAP;AACD;;AAED,SAAOD,WAAW,CAACb,GAAD,EAAMc,WAAN,CAAlB;AACD","sourcesContent":["/* eslint-disable complexity /\n/!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthInterface, TokenParams } from '../../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: OktaAuthInterface) {\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n throw new AuthSdkError(errorMessage);\n }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthInterface, codeChallengeMethod?: string) {\n // set default code challenge method, if none provided\n codeChallengeMethod = codeChallengeMethod \|\| sdk.options.codeChallengeMethod \|\| DEFAULT_CODE_CHALLENGE_METHOD;\n\n // validate against .well-known/openid-configuration\n const wellKnownResponse = await getWellKnown(sdk);\n var methods = wellKnownResponse['code_challenge_methods_supported'] \|\| [];\n if (methods.indexOf(codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n sdk: OktaAuthInterface, \n tokenParams: TokenParams\n): Promise<TokenParams> {\n let {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n } = tokenParams;\n\n // PKCE calculations can be avoided by passing a codeChallenge\n codeChallenge = codeChallenge \|\| sdk.options.codeChallenge;\n if (!codeChallenge) {\n assertPKCESupport(sdk);\n codeVerifier = codeVerifier \|\| PKCE.generateVerifier();\n codeChallenge = await PKCE.computeChallenge(codeVerifier);\n }\n codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n // Clone/copy the params. Set PKCE values\n tokenParams = {\n ...tokenParams,\n responseType: 'code', // responseType is forced\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n sdk: OktaAuthInterface,\n tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = { ...defaults, ...tokenParams };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return tokenParams;\n }\n\n return preparePKCE(sdk, tokenParams);\n}"],"file":"prepareTokenParams.js"}

package/cjs/oidc/util/validateClaims.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
-var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
+var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
 exports.validateClaims = validateClaims;

package/cjs/oidc/util/validateClaims.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":";;;;;;AAeA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,~~EAAuCC~~,~~MAAvC~~,~~EAA2DC~~,~~gBAA3D~~,~~EAAgG~~;~~AACrG~~,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACY,GAAP,GAAcZ,MAAM,CAACa,GAAzB,EAA+B;AAC7B,UAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACR,GAAG,CAACe,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAAnB,GAAoChB,MAAM,CAACa,GAA/C,EAAqD;AACnD,YAAM,IAAIN,qBAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIP,MAAM,CAACY,GAAP,GAAeJ,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAArC,EAAqD;AACnD,YAAM,IAAIT,qBAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion /\n/!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { ~~OktaAuth~~, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: ~~OktaAuth~~, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims \|\| !iss \|\| !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"file":"validateClaims.js"}
1	+ {"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":";;;;;;AAeA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,EAAgDC,MAAhD,EAAoEC,gBAApE,EAAyG;AAC9G,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACY,GAAP,GAAcZ,MAAM,CAACa,GAAzB,EAA+B;AAC7B,UAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACR,GAAG,CAACe,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAAnB,GAAoChB,MAAM,CAACa,GAA/C,EAAqD;AACnD,YAAM,IAAIN,qBAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIP,MAAM,CAACY,GAAP,GAAeJ,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAArC,EAAqD;AACnD,YAAM,IAAIT,qBAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion /\n/!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n \n You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n \n See the License for the specific language governing permissions and limitations under the License.\n \n /\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthInterface, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims \|\| !iss \|\| !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"file":"validateClaims.js"}