@okta/okta-auth-js 6.0.0 → 6.1.0

package/esm/index.js

@@ -22,19 +22,19 @@ import _regeneratorRuntime from '@babel/runtime/regenerator';
 import _typeof from '@babel/runtime/helpers/typeof';
 import _slicedToArray from '@babel/runtime/helpers/slicedToArray';
 import crossFetch from 'cross-fetch';
-import idx from '@okta/okta-idx-js';
 import _toConsumableArray from '@babel/runtime/helpers/toConsumableArray';
-import _defineProperty from '@babel/runtime/helpers/defineProperty';
+import { JSONPath } from 'jsonpath-plus';
 import _get from '@babel/runtime/helpers/get';
+import _defineProperty from '@babel/runtime/helpers/defineProperty';
 
-function _createSuper$u(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$u(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$x(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$x(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$u() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$x() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 
 var CustomError = /*#__PURE__*/function (_Error) {
   _inherits(CustomError, _Error);
 
-  var _super = _createSuper$u(CustomError);
+  var _super = _createSuper$x(CustomError);
 
   function CustomError(message) {
     var _this;
@@ -49,14 +49,14 @@ var CustomError = /*#__PURE__*/function (_Error) {
   return CustomError;
 }( /*#__PURE__*/_wrapNativeSuper(Error));
 
-function _createSuper$t(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$t(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$w(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$w(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$t() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$w() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 
 var AuthApiError = /*#__PURE__*/function (_CustomError) {
   _inherits(AuthApiError, _CustomError);
 
-  var _super = _createSuper$t(AuthApiError);
+  var _super = _createSuper$w(AuthApiError);
 
   function AuthApiError(err, xhr) {
     var _this;
@@ -82,14 +82,14 @@ var AuthApiError = /*#__PURE__*/function (_CustomError) {
   return AuthApiError;
 }(CustomError);
 
-function _createSuper$s(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$s(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$v(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$v(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$s() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$v() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 
 var AuthPollStopError = /*#__PURE__*/function (_CustomError) {
   _inherits(AuthPollStopError, _CustomError);
 
-  var _super = _createSuper$s(AuthPollStopError);
+  var _super = _createSuper$v(AuthPollStopError);
 
   function AuthPollStopError() {
     _classCallCheck(this, AuthPollStopError);
@@ -101,14 +101,14 @@ var AuthPollStopError = /*#__PURE__*/function (_CustomError) {
   return AuthPollStopError;
 }(CustomError);
 
-function _createSuper$r(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$r(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$u(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$u(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$r() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$u() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 
 var AuthSdkError = /*#__PURE__*/function (_CustomError) {
   _inherits(AuthSdkError, _CustomError);
 
-  var _super = _createSuper$r(AuthSdkError);
+  var _super = _createSuper$u(AuthSdkError);
 
   function AuthSdkError(msg, xhr) {
     var _this;
@@ -133,14 +133,14 @@ var AuthSdkError = /*#__PURE__*/function (_CustomError) {
   return AuthSdkError;
 }(CustomError);
 
-function _createSuper$q(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$q(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$t(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$t(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$q() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$t() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 
 var OAuthError = /*#__PURE__*/function (_CustomError) {
   _inherits(OAuthError, _CustomError);
 
-  var _super = _createSuper$q(OAuthError);
+  var _super = _createSuper$t(OAuthError);
 
   function OAuthError(errorCode, summary) {
     var _this;
@@ -220,6 +220,16 @@ function stringToBuffer(str) {
 function base64UrlDecode(str) {
   return a(base64UrlToBase64(str));
 }
+function base64UrlToBuffer(b64u) {
+  return Uint8Array.from(base64UrlDecode(b64u), function (c) {
+    return c.charCodeAt(0);
+  });
+}
+function bufferToBase64Url(bin) {
+  return b(new Uint8Array(bin).reduce(function (s, byte) {
+    return s + String.fromCharCode(byte);
+  }, ''));
+}
 
 function getOidcHash(str) {
   var buffer = new TextEncoder().encode(str);
@@ -478,7 +488,7 @@ function verifyToken$1(idToken, key) {
   });
 }
 
-var index = /*#__PURE__*/Object.freeze({
+var crypto$1 = /*#__PURE__*/Object.freeze({
   __proto__: null,
   stringToBase64Url: stringToBase64Url,
   base64ToBase64Url: base64ToBase64Url,
@@ -486,6 +496,8 @@ var index = /*#__PURE__*/Object.freeze({
   base64UrlToString: base64UrlToString,
   stringToBuffer: stringToBuffer,
   base64UrlDecode: base64UrlDecode,
+  base64UrlToBuffer: base64UrlToBuffer,
+  bufferToBase64Url: bufferToBase64Url,
   getOidcHash: getOidcHash,
   verifyToken: verifyToken$1,
   atob: a,
@@ -1731,7 +1743,7 @@ function _prepareTokenParams() {
           case 0:
             tokenParams = _args3.length > 1 && _args3[1] !== undefined ? _args3[1] : {};
             defaults = getDefaultTokenParams(sdk);
-            tokenParams = Object.assign({}, defaults, clone(tokenParams));
+            tokenParams = Object.assign(Object.assign({}, defaults), tokenParams);
 
             if (!(tokenParams.pkce === false)) {
               _context3.next = 5;
@@ -1914,6 +1926,7 @@ var AuthenticatorKey;
   AuthenticatorKey["GOOGLE_AUTHENTICATOR"] = "google_otp";
   AuthenticatorKey["SECURITY_QUESTION"] = "security_question";
   AuthenticatorKey["OKTA_VERIFY"] = "okta_verify";
+  AuthenticatorKey["WEBAUTHN"] = "webauthn";
 })(AuthenticatorKey || (AuthenticatorKey = {}));
 
 var IdxFeature;
@@ -1922,6 +1935,7 @@ var IdxFeature;
   IdxFeature["PASSWORD_RECOVERY"] = "recover-password";
   IdxFeature["REGISTRATION"] = "enroll-profile";
   IdxFeature["SOCIAL_IDP"] = "redirect-idp";
+  IdxFeature["ACCOUNT_UNLOCK"] = "unlock-account";
 })(IdxFeature || (IdxFeature = {}));
 
 function isToken(obj) {
@@ -2937,6 +2951,79 @@ function _parseFromUrl() {
   return _parseFromUrl.apply(this, arguments);
 }
 
+var getEnrolledCredentials = function getEnrolledCredentials() {
+  var authenticatorEnrollments = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : [];
+  var credentials = [];
+  authenticatorEnrollments.forEach(function (enrollement) {
+    if (enrollement.key === 'webauthn') {
+      credentials.push({
+        type: 'public-key',
+        id: base64UrlToBuffer(enrollement.credentialId)
+      });
+    }
+  });
+  return credentials;
+};
+
+var buildCredentialCreationOptions = function buildCredentialCreationOptions(activationData, authenticatorEnrollments) {
+  return {
+    publicKey: {
+      rp: activationData.rp,
+      user: {
+        id: base64UrlToBuffer(activationData.user.id),
+        name: activationData.user.name,
+        displayName: activationData.user.displayName
+      },
+      challenge: base64UrlToBuffer(activationData.challenge),
+      pubKeyCredParams: activationData.pubKeyCredParams,
+      attestation: activationData.attestation,
+      authenticatorSelection: activationData.authenticatorSelection,
+      excludeCredentials: getEnrolledCredentials(authenticatorEnrollments)
+    }
+  };
+};
+var buildCredentialRequestOptions = function buildCredentialRequestOptions(challengeData, authenticatorEnrollments) {
+  return {
+    publicKey: {
+      challenge: base64UrlToBuffer(challengeData.challenge),
+      userVerification: challengeData.userVerification,
+      allowCredentials: getEnrolledCredentials(authenticatorEnrollments)
+    }
+  };
+};
+var getAttestation = function getAttestation(credential) {
+  var response = credential.response;
+  var id = credential.id;
+  var clientData = bufferToBase64Url(response.clientDataJSON);
+  var attestation = bufferToBase64Url(response.attestationObject);
+  return {
+    id: id,
+    clientData: clientData,
+    attestation: attestation
+  };
+};
+var getAssertion = function getAssertion(credential) {
+  var response = credential.response;
+  var id = credential.id;
+  var clientData = bufferToBase64Url(response.clientDataJSON);
+  var authenticatorData = bufferToBase64Url(response.authenticatorData);
+  var signatureData = bufferToBase64Url(response.signature);
+  return {
+    id: id,
+    clientData: clientData,
+    authenticatorData: authenticatorData,
+    signatureData: signatureData
+  };
+};
+
+var webauthn = /*#__PURE__*/Object.freeze({
+  __proto__: null,
+  buildCredentialCreationOptions: buildCredentialCreationOptions,
+  buildCredentialRequestOptions: buildCredentialRequestOptions,
+  getAttestation: getAttestation,
+  getAssertion: getAssertion
+});
+
 var Cookies = require('js-cookie');
 
 var storageUtil = {
@@ -3738,9 +3825,7 @@ var TokenManager = /*#__PURE__*/function () {
 
         return tokens[tokenType];
       }).catch(function (err) {
-        if (isRefreshTokenError(err) || err.name === 'OAuthError' || err.name === 'AuthSdkError') {
-          _this4.remove(key);
-        }
+        _this4.remove(key);
 
         err.tokenKey = key;
 
@@ -4787,11 +4872,11 @@ function assertValidConfig(args) {
   }
 }
 
-function _createForOfIteratorHelper$4(o, allowArrayLike) { var it = typeof Symbol !== "undefined" && o[Symbol.iterator] || o["@@iterator"]; if (!it) { if (Array.isArray(o) || (it = _unsupportedIterableToArray$4(o)) || allowArrayLike && o && typeof o.length === "number") { if (it) o = it; var i = 0; var F = function F() {}; return { s: F, n: function n() { if (i >= o.length) return { done: true }; return { done: false, value: o[i++] }; }, e: function e(_e) { throw _e; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var normalCompletion = true, didErr = false, err; return { s: function s() { it = it.call(o); }, n: function n() { var step = it.next(); normalCompletion = step.done; return step; }, e: function e(_e2) { didErr = true; err = _e2; }, f: function f() { try { if (!normalCompletion && it.return != null) it.return(); } finally { if (didErr) throw err; } } }; }
+function _createForOfIteratorHelper$5(o, allowArrayLike) { var it = typeof Symbol !== "undefined" && o[Symbol.iterator] || o["@@iterator"]; if (!it) { if (Array.isArray(o) || (it = _unsupportedIterableToArray$5(o)) || allowArrayLike && o && typeof o.length === "number") { if (it) o = it; var i = 0; var F = function F() {}; return { s: F, n: function n() { if (i >= o.length) return { done: true }; return { done: false, value: o[i++] }; }, e: function e(_e) { throw _e; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var normalCompletion = true, didErr = false, err; return { s: function s() { it = it.call(o); }, n: function n() { var step = it.next(); normalCompletion = step.done; return step; }, e: function e(_e2) { didErr = true; err = _e2; }, f: function f() { try { if (!normalCompletion && it.return != null) it.return(); } finally { if (didErr) throw err; } } }; }
 
-function _unsupportedIterableToArray$4(o, minLen) { if (!o) return; if (typeof o === "string") return _arrayLikeToArray$4(o, minLen); var n = Object.prototype.toString.call(o).slice(8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return Array.from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray$4(o, minLen); }
+function _unsupportedIterableToArray$5(o, minLen) { if (!o) return; if (typeof o === "string") return _arrayLikeToArray$5(o, minLen); var n = Object.prototype.toString.call(o).slice(8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return Array.from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray$5(o, minLen); }
 
-function _arrayLikeToArray$4(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) { arr2[i] = arr[i]; } return arr2; }
+function _arrayLikeToArray$5(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) { arr2[i] = arr[i]; } return arr2; }
 
 function readData(response) {
   if (response.headers.get('Content-Type') && response.headers.get('Content-Type').toLowerCase().indexOf('application/json') >= 0) {
@@ -4810,7 +4895,7 @@ function formatResult(status, data, response) {
   var isObject = _typeof(data) === 'object';
   var headers = {};
 
-  var _iterator = _createForOfIteratorHelper$4(response.headers.entries()),
+  var _iterator = _createForOfIteratorHelper$5(response.headers.entries()),
       _step;
 
   try {
@@ -5096,171 +5181,904 @@ function buildOptions() {
   });
 }
 
-function createTransactionMeta(_x) {
-  return _createTransactionMeta.apply(this, arguments);
-}
+var Interceptor = /*#__PURE__*/function () {
+  function Interceptor() {
+    _classCallCheck(this, Interceptor);
 
-function _createTransactionMeta() {
-  _createTransactionMeta = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(authClient) {
-    var options,
-        tokenParams,
-        pkceMeta,
-        _Object$assign,
-        _Object$assign$flow,
-        flow,
-        _Object$assign$withCr,
-        withCredentials,
-        _Object$assign$activa,
-        activationToken,
-        _Object$assign$recove,
-        recoveryToken,
-        meta,
-        _args = arguments;
+    this.handlers = [];
+  }
+
+  _createClass(Interceptor, [{
+    key: "use",
+    value: function use(before) {
+      this.handlers.push({
+        before: before
+      });
+    }
+  }, {
+    key: "clear",
+    value: function clear() {
+      this.handlers = [];
+    }
+  }]);
+
+  return Interceptor;
+}();
+var HttpClient = {
+  interceptors: {
+    request: new Interceptor()
+  }
+};
+var request = /*#__PURE__*/function () {
+  var _ref2 = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(target, _ref) {
+    var _ref$method, method, _ref$headers, headers, _ref$credentials, credentials, body, requestOptions, url;
 
     return _regeneratorRuntime.wrap(function _callee$(_context) {
       while (1) {
         switch (_context.prev = _context.next) {
           case 0:
-            options = _args.length > 1 && _args[1] !== undefined ? _args[1] : {};
-            _context.next = 3;
-            return authClient.token.prepareTokenParams(options);
+            _ref$method = _ref.method, method = _ref$method === void 0 ? 'POST' : _ref$method, _ref$headers = _ref.headers, headers = _ref$headers === void 0 ? {} : _ref$headers, _ref$credentials = _ref.credentials, credentials = _ref$credentials === void 0 ? 'include' : _ref$credentials, body = _ref.body;
+            requestOptions = {
+              url: target,
+              method: method,
+              headers: Object.assign({}, headers),
+              credentials: credentials,
+              body: body
+            };
 
-          case 3:
-            tokenParams = _context.sent;
-            pkceMeta = createOAuthMeta(authClient, tokenParams);
-            _Object$assign = Object.assign(Object.assign({}, authClient.options), options), _Object$assign$flow = _Object$assign.flow, flow = _Object$assign$flow === void 0 ? 'default' : _Object$assign$flow, _Object$assign$withCr = _Object$assign.withCredentials, withCredentials = _Object$assign$withCr === void 0 ? true : _Object$assign$withCr, _Object$assign$activa = _Object$assign.activationToken, activationToken = _Object$assign$activa === void 0 ? undefined : _Object$assign$activa, _Object$assign$recove = _Object$assign.recoveryToken, recoveryToken = _Object$assign$recove === void 0 ? undefined : _Object$assign$recove;
-            meta = Object.assign(Object.assign({}, pkceMeta), {
-              flow: flow,
-              withCredentials: withCredentials,
-              activationToken: activationToken,
-              recoveryToken: recoveryToken
-            });
-            return _context.abrupt("return", meta);
+            if (HttpClient.interceptors) {
+              HttpClient.interceptors.request.handlers.forEach(function (interceptor) {
+                interceptor.before(requestOptions);
+              });
+            }
 
-          case 8:
+            url = requestOptions.url;
+            delete requestOptions.url;
+            return _context.abrupt("return", crossFetch(url, requestOptions));
+
+          case 6:
           case "end":
             return _context.stop();
         }
       }
     }, _callee);
   }));
-  return _createTransactionMeta.apply(this, arguments);
-}
 
-function hasSavedInteractionHandle(authClient, options) {
-  var savedMeta = getSavedTransactionMeta(authClient, options);
+  return function request(_x, _x2) {
+    return _ref2.apply(this, arguments);
+  };
+}();
 
-  if (savedMeta === null || savedMeta === void 0 ? void 0 : savedMeta.interactionHandle) {
-    return true;
+function _createForOfIteratorHelper$4(o, allowArrayLike) { var it = typeof Symbol !== "undefined" && o[Symbol.iterator] || o["@@iterator"]; if (!it) { if (Array.isArray(o) || (it = _unsupportedIterableToArray$4(o)) || allowArrayLike && o && typeof o.length === "number") { if (it) o = it; var i = 0; var F = function F() {}; return { s: F, n: function n() { if (i >= o.length) return { done: true }; return { done: false, value: o[i++] }; }, e: function e(_e) { throw _e; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var normalCompletion = true, didErr = false, err; return { s: function s() { it = it.call(o); }, n: function n() { var step = it.next(); normalCompletion = step.done; return step; }, e: function e(_e2) { didErr = true; err = _e2; }, f: function f() { try { if (!normalCompletion && it.return != null) it.return(); } finally { if (didErr) throw err; } } }; }
+
+function _unsupportedIterableToArray$4(o, minLen) { if (!o) return; if (typeof o === "string") return _arrayLikeToArray$4(o, minLen); var n = Object.prototype.toString.call(o).slice(8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return Array.from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray$4(o, minLen); }
+
+function _arrayLikeToArray$4(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) { arr2[i] = arr[i]; } return arr2; }
+
+var isFieldMutable = function isFieldMutable(field) {
+  return field.mutable !== false;
+};
+
+var divideSingleActionParamsByMutability = function divideSingleActionParamsByMutability(action) {
+  var _a, _b;
+
+  var defaultParamsForAction = {};
+  var neededParamsForAction = [];
+  var immutableParamsForAction = {};
+
+  if (!action.value) {
+    neededParamsForAction.push(action);
+    return {
+      defaultParamsForAction: defaultParamsForAction,
+      neededParamsForAction: neededParamsForAction,
+      immutableParamsForAction: immutableParamsForAction
+    };
   }
 
-  return false;
-}
-function getSavedTransactionMeta(authClient, options) {
-  options = removeNils(options);
-  options = Object.assign(Object.assign({}, authClient.options), options);
-  var savedMeta;
+  var _iterator = _createForOfIteratorHelper$4(action.value),
+      _step;
 
   try {
-    savedMeta = authClient.transactionManager.load(options);
-  } catch (e) {}
+    for (_iterator.s(); !(_step = _iterator.n()).done;) {
+      var field = _step.value;
 
-  if (!savedMeta) {
-    return;
-  }
+      if (isFieldMutable(field)) {
+        neededParamsForAction.push(field);
 
-  if (isTransactionMetaValid(savedMeta, options)) {
-    return savedMeta;
+        if ((_a = field.value) !== null && _a !== void 0 ? _a : false) {
+          defaultParamsForAction[field.name] = field.value;
+        }
+      } else {
+        immutableParamsForAction[field.name] = (_b = field.value) !== null && _b !== void 0 ? _b : '';
+      }
+    }
+  } catch (err) {
+    _iterator.e(err);
+  } finally {
+    _iterator.f();
   }
 
-  warn('Saved transaction meta does not match the current configuration. ' + 'This may indicate that two apps are sharing a storage key.');
-}
-function getTransactionMeta(_x2, _x3) {
-  return _getTransactionMeta.apply(this, arguments);
-}
+  return {
+    defaultParamsForAction: defaultParamsForAction,
+    neededParamsForAction: neededParamsForAction,
+    immutableParamsForAction: immutableParamsForAction
+  };
+};
 
-function _getTransactionMeta() {
-  _getTransactionMeta = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee2(authClient, options) {
-    var validExistingMeta;
-    return _regeneratorRuntime.wrap(function _callee2$(_context2) {
-      while (1) {
-        switch (_context2.prev = _context2.next) {
-          case 0:
-            options = removeNils(options);
-            options = Object.assign(Object.assign({}, authClient.options), options);
-            validExistingMeta = getSavedTransactionMeta(authClient, options);
+var divideActionParamsByMutability = function divideActionParamsByMutability(actionList) {
+  actionList = Array.isArray(actionList) ? actionList : [actionList];
+  var neededParams = [];
+  var defaultParams = {};
+  var immutableParams = {};
 
-            if (!validExistingMeta) {
-              _context2.next = 5;
-              break;
-            }
+  var _iterator2 = _createForOfIteratorHelper$4(actionList),
+      _step2;
 
-            return _context2.abrupt("return", validExistingMeta);
+  try {
+    for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
+      var action = _step2.value;
 
-          case 5:
-            return _context2.abrupt("return", createTransactionMeta(authClient, options));
+      var _divideSingleActionPa = divideSingleActionParamsByMutability(action),
+          defaultParamsForAction = _divideSingleActionPa.defaultParamsForAction,
+          neededParamsForAction = _divideSingleActionPa.neededParamsForAction,
+          immutableParamsForAction = _divideSingleActionPa.immutableParamsForAction;
 
-          case 6:
-          case "end":
-            return _context2.stop();
+      neededParams.push(neededParamsForAction);
+      defaultParams[action.name] = defaultParamsForAction;
+      immutableParams[action.name] = immutableParamsForAction;
+    }
+  } catch (err) {
+    _iterator2.e(err);
+  } finally {
+    _iterator2.f();
+  }
+
+  return {
+    defaultParams: defaultParams,
+    neededParams: neededParams,
+    immutableParams: immutableParams
+  };
+};
+
+var generateDirectFetch = function generateDirectFetch(_ref) {
+  var actionDefinition = _ref.actionDefinition,
+      _ref$defaultParamsFor = _ref.defaultParamsForAction,
+      defaultParamsForAction = _ref$defaultParamsFor === void 0 ? {} : _ref$defaultParamsFor,
+      _ref$immutableParamsF = _ref.immutableParamsForAction,
+      immutableParamsForAction = _ref$immutableParamsF === void 0 ? {} : _ref$immutableParamsF,
+      toPersist = _ref.toPersist;
+  var target = actionDefinition.href;
+  return /*#__PURE__*/function () {
+    var _ref2 = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(params) {
+      var headers, body, credentials;
+      return _regeneratorRuntime.wrap(function _callee$(_context) {
+        while (1) {
+          switch (_context.prev = _context.next) {
+            case 0:
+              headers = {
+                'content-type': 'application/json',
+                'accept': actionDefinition.accepts || 'application/ion+json'
+              };
+              body = JSON.stringify(Object.assign(Object.assign(Object.assign({}, defaultParamsForAction), params), immutableParamsForAction));
+              credentials = toPersist && toPersist.withCredentials === false ? 'omit' : 'include';
+              return _context.abrupt("return", request(target, {
+                method: actionDefinition.method,
+                headers: headers,
+                body: body,
+                credentials: credentials
+              }).then(function (response) {
+                var respJson = response.json();
+
+                if (response.ok) {
+                  return respJson;
+                } else if (response.status === 401 && response.headers.get('WWW-Authenticate') === 'Oktadevicejwt realm="Okta Device"') {
+                  return respJson.then(function (err) {
+                    var ms = makeIdxState$1(err, toPersist);
+                    ms.stepUp = true;
+                    return Promise.reject(ms);
+                  });
+                }
+
+                return respJson.then(function (err) {
+                  return Promise.reject(makeIdxState$1(err, toPersist));
+                });
+              }).then(function (idxResponse) {
+                return makeIdxState$1(idxResponse, toPersist);
+              }));
+
+            case 4:
+            case "end":
+              return _context.stop();
+          }
         }
-      }
-    }, _callee2);
-  }));
-  return _getTransactionMeta.apply(this, arguments);
-}
+      }, _callee);
+    }));
 
-function saveTransactionMeta(authClient, meta) {
-  authClient.transactionManager.save(meta, {
-    muteWarning: true
-  });
-}
-function clearTransactionMeta(authClient) {
-  authClient.transactionManager.clear();
-}
-function isTransactionMetaValid(meta) {
-  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  var keys = ['issuer', 'clientId', 'redirectUri', 'state', 'codeChallenge', 'codeChallengeMethod', 'activationToken', 'recoveryToken'];
+    return function (_x) {
+      return _ref2.apply(this, arguments);
+    };
+  }();
+};
 
-  if (isTransactionMetaValidForOptions(meta, options, keys) === false) {
-    return false;
-  }
+var generateIdxAction = function generateIdxAction(actionDefinition, toPersist) {
+  var generator = generateDirectFetch;
 
-  var flow = options.flow;
+  var _divideActionParamsBy = divideActionParamsByMutability(actionDefinition),
+      defaultParams = _divideActionParamsBy.defaultParams,
+      neededParams = _divideActionParamsBy.neededParams,
+      immutableParams = _divideActionParamsBy.immutableParams;
 
-  if (isTransactionMetaValidForFlow(meta, flow) === false) {
-    return false;
-  }
+  var action = generator({
+    actionDefinition: actionDefinition,
+    defaultParamsForAction: defaultParams[actionDefinition.name],
+    immutableParamsForAction: immutableParams[actionDefinition.name],
+    toPersist: toPersist
+  });
+  action.neededParams = neededParams;
+  return action;
+};
 
-  return true;
-}
-function isTransactionMetaValidForFlow(meta, flow) {
-  var shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';
+var generateRemediationFunctions = function generateRemediationFunctions(remediationValue) {
+  var toPersist = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  return Object.fromEntries(remediationValue.map(function (remediation) {
+    return [remediation.name, generateIdxAction(remediation, toPersist)];
+  }));
+};
 
-  if (shouldValidateFlow) {
-    if (flow !== meta.flow) {
-      return false;
+var SKIP_FIELDS = Object.fromEntries(['remediation', 'context'].map(function (field) {
+  return [field, !!'skip this field'];
+}));
+var parseNonRemediations = function parseNonRemediations(idxResponse) {
+  var toPersist = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  var actions = {};
+  var context = {};
+  Object.keys(idxResponse).filter(function (field) {
+    return !SKIP_FIELDS[field];
+  }).forEach(function (field) {
+    var fieldIsObject = _typeof(idxResponse[field]) === 'object' && !!idxResponse[field];
+
+    if (!fieldIsObject) {
+      context[field] = idxResponse[field];
+      return;
     }
-  }
 
-  return true;
-}
-function isTransactionMetaValidForOptions(meta, options, keys) {
-  var mismatch = keys.some(function (key) {
-    var value = options[key];
+    if (idxResponse[field].rel) {
+      actions[idxResponse[field].name] = generateIdxAction(idxResponse[field], toPersist);
+      return;
+    }
 
-    if (value && value !== meta[key]) {
-      return true;
+    var _a = idxResponse[field],
+        fieldValue = _a.value,
+        type = _a.type,
+        info = __rest(_a, ["value", "type"]);
+
+    context[field] = Object.assign({
+      type: type
+    }, info);
+
+    if (type !== 'object') {
+      context[field].value = fieldValue;
+      return;
     }
-  });
-  return !mismatch;
-}
 
-function getResponse(meta) {
+    context[field].value = {};
+    Object.entries(fieldValue).forEach(function (_ref) {
+      var _ref2 = _slicedToArray(_ref, 2),
+          subField = _ref2[0],
+          value = _ref2[1];
+
+      if (value.rel) {
+        actions["".concat(field, "-").concat(subField.name || subField)] = generateIdxAction(value, toPersist);
+      } else {
+        context[field].value[subField] = value;
+      }
+    });
+  });
   return {
-    meta: meta,
-    interactionHandle: meta.interactionHandle,
-    state: meta.state
+    context: context,
+    actions: actions
+  };
+};
+
+var expandRelatesTo = function expandRelatesTo(idxResponse, value) {
+  Object.keys(value).forEach(function (k) {
+    if (k === 'relatesTo') {
+      var query = Array.isArray(value[k]) ? value[k][0] : value[k];
+
+      if (typeof query === 'string') {
+        var result = JSONPath({
+          path: query,
+          json: idxResponse
+        })[0];
+
+        if (result) {
+          value[k] = result;
+          return;
+        }
+      }
+    }
+
+    if (Array.isArray(value[k])) {
+      value[k].forEach(function (innerValue) {
+        return expandRelatesTo(idxResponse, innerValue);
+      });
+    }
+  });
+};
+
+var convertRemediationAction = function convertRemediationAction(remediation, toPersist) {
+  var remediationActions = generateRemediationFunctions([remediation], toPersist);
+  var actionFn = remediationActions[remediation.name];
+  return Object.assign(Object.assign({}, remediation), {
+    action: actionFn
+  });
+};
+
+var parseIdxResponse = function parseIdxResponse(idxResponse) {
+  var toPersist = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+
+  var _a;
+
+  var remediationData = ((_a = idxResponse.remediation) === null || _a === void 0 ? void 0 : _a.value) || [];
+  remediationData.forEach(function (remediation) {
+    return expandRelatesTo(idxResponse, remediation);
+  });
+  var remediations = remediationData.map(function (remediation) {
+    return convertRemediationAction(remediation, toPersist);
+  });
+
+  var _parseNonRemediations = parseNonRemediations(idxResponse, toPersist),
+      context = _parseNonRemediations.context,
+      actions = _parseNonRemediations.actions;
+
+  return {
+    remediations: remediations,
+    context: context,
+    actions: actions
+  };
+};
+
+function makeIdxState$1(idxResponse, toPersist) {
+  var _a;
+
+  var rawIdxResponse = idxResponse;
+
+  var _parseIdxResponse = parseIdxResponse(idxResponse, toPersist),
+      remediations = _parseIdxResponse.remediations,
+      context = _parseIdxResponse.context,
+      actions = _parseIdxResponse.actions;
+
+  var neededToProceed = _toConsumableArray(remediations);
+
+  var proceed = /*#__PURE__*/function () {
+    var _ref = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(remediationChoice) {
+      var paramsFromUser,
+          remediationChoiceObject,
+          _args = arguments;
+      return _regeneratorRuntime.wrap(function _callee$(_context) {
+        while (1) {
+          switch (_context.prev = _context.next) {
+            case 0:
+              paramsFromUser = _args.length > 1 && _args[1] !== undefined ? _args[1] : {};
+              remediationChoiceObject = remediations.find(function (remediation) {
+                return remediation.name === remediationChoice;
+              });
+
+              if (remediationChoiceObject) {
+                _context.next = 4;
+                break;
+              }
+
+              return _context.abrupt("return", Promise.reject("Unknown remediation choice: [".concat(remediationChoice, "]")));
+
+            case 4:
+              return _context.abrupt("return", remediationChoiceObject.action(paramsFromUser));
+
+            case 5:
+            case "end":
+              return _context.stop();
+          }
+        }
+      }, _callee);
+    }));
+
+    return function proceed(_x) {
+      return _ref.apply(this, arguments);
+    };
+  }();
+
+  var findCode = function findCode(item) {
+    return item.name === 'interaction_code';
+  };
+
+  var interactionCode = (_a = rawIdxResponse.successWithInteractionCode) === null || _a === void 0 ? void 0 : _a.value.find(findCode).value;
+  return {
+    proceed: proceed,
+    neededToProceed: neededToProceed,
+    actions: actions,
+    context: context,
+    rawIdxState: rawIdxResponse,
+    interactionCode: interactionCode,
+    toPersist: toPersist
+  };
+}
+
+var v1 = {
+  makeIdxState: makeIdxState$1
+};
+
+var parsersForVersion = function parsersForVersion(version) {
+  switch (version) {
+    case '1.0.0':
+      return v1;
+
+    case undefined:
+    case null:
+      throw new Error('Api version is required');
+
+    default:
+      throw new Error("Unknown api version: ".concat(version, ".  Use an exact semver version."));
+  }
+};
+
+function validateVersionConfig(version) {
+  if (!version) {
+    throw new Error('version is required');
+  }
+
+  var cleanVersion = (version !== null && version !== void 0 ? version : '').replace(/[^0-9a-zA-Z._-]/, '');
+
+  if (cleanVersion !== version || !version) {
+    throw new Error('invalid version supplied - version is required and uses semver syntax');
+  }
+
+  parsersForVersion(version);
+}
+
+var parseAndReject$1 = function parseAndReject(response) {
+  return response.json().then(function (err) {
+    return Promise.reject(err);
+  });
+};
+
+var introspect$1 = /*#__PURE__*/function () {
+  var _introspect = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(_ref) {
+    var withCredentials, domain, interactionHandle, stateHandle, version, target, body, headers, credentials;
+    return _regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) {
+        switch (_context.prev = _context.next) {
+          case 0:
+            withCredentials = _ref.withCredentials, domain = _ref.domain, interactionHandle = _ref.interactionHandle, stateHandle = _ref.stateHandle, version = _ref.version;
+            validateVersionConfig(version);
+            target = "".concat(domain, "/idp/idx/introspect");
+            body = stateHandle ? {
+              stateToken: stateHandle
+            } : {
+              interactionHandle: interactionHandle
+            };
+            headers = {
+              'content-type': "application/ion+json; okta-version=".concat(version),
+              accept: "application/ion+json; okta-version=".concat(version)
+            };
+            credentials = withCredentials === false ? 'omit' : 'include';
+            return _context.abrupt("return", request(target, {
+              credentials: credentials,
+              headers: headers,
+              body: JSON.stringify(body)
+            }).then(function (response) {
+              return response.ok ? response.json() : parseAndReject$1(response);
+            }));
+
+          case 7:
+          case "end":
+            return _context.stop();
+        }
+      }
+    }, _callee);
+  }));
+
+  function introspect(_x) {
+    return _introspect.apply(this, arguments);
+  }
+
+  return introspect;
+}();
+
+var parseAndReject = function parseAndReject(response) {
+  return response.json().then(function (err) {
+    return Promise.reject(err);
+  });
+};
+
+var interact$1 = /*#__PURE__*/function () {
+  var _interact = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(_ref) {
+    var withCredentials, clientId, baseUrl, _ref$scopes, scopes, redirectUri, codeChallenge, codeChallengeMethod, state, activationToken, recoveryToken, clientSecret, target, params, body, headers, credentials;
+
+    return _regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) {
+        switch (_context.prev = _context.next) {
+          case 0:
+            withCredentials = _ref.withCredentials, clientId = _ref.clientId, baseUrl = _ref.baseUrl, _ref$scopes = _ref.scopes, scopes = _ref$scopes === void 0 ? ['openid', 'email'] : _ref$scopes, redirectUri = _ref.redirectUri, codeChallenge = _ref.codeChallenge, codeChallengeMethod = _ref.codeChallengeMethod, state = _ref.state, activationToken = _ref.activationToken, recoveryToken = _ref.recoveryToken, clientSecret = _ref.clientSecret;
+            target = "".concat(baseUrl, "/v1/interact");
+            params = {
+              client_id: clientId,
+              scope: scopes.join(' '),
+              redirect_uri: redirectUri,
+              code_challenge: codeChallenge,
+              code_challenge_method: codeChallengeMethod,
+              state: state
+            };
+
+            if (activationToken) {
+              params.activation_token = activationToken;
+            }
+
+            if (recoveryToken) {
+              params.recovery_token = recoveryToken;
+            }
+
+            if (clientSecret) {
+              params.client_secret = clientSecret;
+            }
+
+            body = Object.entries(params).map(function (_ref2) {
+              var _ref3 = _slicedToArray(_ref2, 2),
+                  param = _ref3[0],
+                  value = _ref3[1];
+
+              return "".concat(param, "=").concat(encodeURIComponent(value));
+            }).join('&');
+            headers = {
+              'content-type': 'application/x-www-form-urlencoded'
+            };
+            credentials = withCredentials === false ? 'omit' : 'include';
+            return _context.abrupt("return", request(target, {
+              credentials: credentials,
+              headers: headers,
+              body: body
+            }).then(function (response) {
+              return response.ok ? response.json() : parseAndReject(response);
+            }).then(function (data) {
+              return data.interaction_handle;
+            }));
+
+          case 10:
+          case "end":
+            return _context.stop();
+        }
+      }
+    }, _callee);
+  }));
+
+  function interact(_x) {
+    return _interact.apply(this, arguments);
+  }
+
+  return interact;
+}();
+
+var LATEST_SUPPORTED_IDX_API_VERSION = '1.0.0';
+
+var start = /*#__PURE__*/function () {
+  var _start = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(_ref) {
+    var withCredentials, clientId, domain, issuer, stateHandle, interactionHandle, version, redirectUri, state, scopes, codeChallenge, codeChallengeMethod, activationToken, recoveryToken, baseUrl, toPersist, interactParams, interaction_handle, _parsersForVersion, _makeIdxState, idxResponse, idxState;
+
+    return _regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) {
+        switch (_context.prev = _context.next) {
+          case 0:
+            withCredentials = _ref.withCredentials, clientId = _ref.clientId, domain = _ref.domain, issuer = _ref.issuer, stateHandle = _ref.stateHandle, interactionHandle = _ref.interactionHandle, version = _ref.version, redirectUri = _ref.redirectUri, state = _ref.state, scopes = _ref.scopes, codeChallenge = _ref.codeChallenge, codeChallengeMethod = _ref.codeChallengeMethod, activationToken = _ref.activationToken, recoveryToken = _ref.recoveryToken;
+            issuer = issuer === null || issuer === void 0 ? void 0 : issuer.replace(/\/+$/, '');
+            baseUrl = (issuer === null || issuer === void 0 ? void 0 : issuer.indexOf('/oauth2')) > 0 ? issuer : issuer + '/oauth2';
+            toPersist = {
+              baseUrl: baseUrl,
+              clientId: clientId,
+              state: state,
+              withCredentials: withCredentials
+            };
+
+            if (!(!domain && !issuer)) {
+              _context.next = 6;
+              break;
+            }
+
+            return _context.abrupt("return", Promise.reject({
+              error: 'issuer is required'
+            }));
+
+          case 6:
+            if (!(!stateHandle && !clientId)) {
+              _context.next = 8;
+              break;
+            }
+
+            return _context.abrupt("return", Promise.reject({
+              error: 'clientId is required'
+            }));
+
+          case 8:
+            if (!(!stateHandle && !redirectUri)) {
+              _context.next = 10;
+              break;
+            }
+
+            return _context.abrupt("return", Promise.reject({
+              error: 'redirectUri is required'
+            }));
+
+          case 10:
+            if (!(!stateHandle && !(codeChallenge && codeChallengeMethod))) {
+              _context.next = 12;
+              break;
+            }
+
+            return _context.abrupt("return", Promise.reject({
+              error: 'PKCE params (codeChallenge, codeChallengeMethod) are required'
+            }));
+
+          case 12:
+            if (!domain) {
+              domain = new URL(issuer).origin;
+            }
+
+            validateVersionConfig(version);
+
+            if (!(!stateHandle && !interactionHandle)) {
+              _context.next = 27;
+              break;
+            }
+
+            _context.prev = 15;
+            interactParams = {
+              withCredentials: withCredentials,
+              clientId: clientId,
+              baseUrl: baseUrl,
+              scopes: scopes,
+              redirectUri: redirectUri,
+              codeChallenge: codeChallenge,
+              codeChallengeMethod: codeChallengeMethod,
+              state: state,
+              activationToken: activationToken,
+              recoveryToken: recoveryToken
+            };
+            _context.next = 19;
+            return interact$1(interactParams);
+
+          case 19:
+            interaction_handle = _context.sent;
+            interactionHandle = interaction_handle;
+            toPersist.interactionHandle = interactionHandle;
+            _context.next = 27;
+            break;
+
+          case 24:
+            _context.prev = 24;
+            _context.t0 = _context["catch"](15);
+            return _context.abrupt("return", Promise.reject({
+              error: _context.t0
+            }));
+
+          case 27:
+            _context.prev = 27;
+            _parsersForVersion = parsersForVersion(version), _makeIdxState = _parsersForVersion.makeIdxState;
+            _context.next = 31;
+            return introspect$1({
+              withCredentials: withCredentials,
+              domain: domain,
+              interactionHandle: interactionHandle,
+              stateHandle: stateHandle,
+              version: version
+            }).catch(function (err) {
+              return Promise.reject({
+                error: 'introspect call failed',
+                details: _makeIdxState(err, toPersist)
+              });
+            });
+
+          case 31:
+            idxResponse = _context.sent;
+            idxState = _makeIdxState(idxResponse, toPersist);
+            return _context.abrupt("return", idxState);
+
+          case 36:
+            _context.prev = 36;
+            _context.t1 = _context["catch"](27);
+            return _context.abrupt("return", Promise.reject({
+              error: _context.t1
+            }));
+
+          case 39:
+          case "end":
+            return _context.stop();
+        }
+      }
+    }, _callee, null, [[15, 24], [27, 36]]);
+  }));
+
+  function start(_x) {
+    return _start.apply(this, arguments);
+  }
+
+  return start;
+}();
+
+var _parsersForVersion2 = parsersForVersion(LATEST_SUPPORTED_IDX_API_VERSION),
+    makeIdxState = _parsersForVersion2.makeIdxState;
+
+var idx = {
+  start: start,
+  introspect: introspect$1,
+  interact: interact$1,
+  makeIdxState: makeIdxState,
+  client: HttpClient,
+  LATEST_SUPPORTED_IDX_API_VERSION: LATEST_SUPPORTED_IDX_API_VERSION
+};
+
+function createTransactionMeta(_x) {
+  return _createTransactionMeta.apply(this, arguments);
+}
+
+function _createTransactionMeta() {
+  _createTransactionMeta = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(authClient) {
+    var options,
+        tokenParams,
+        pkceMeta,
+        _Object$assign,
+        _Object$assign$flow,
+        flow,
+        _Object$assign$withCr,
+        withCredentials,
+        _Object$assign$activa,
+        activationToken,
+        _Object$assign$recove,
+        recoveryToken,
+        meta,
+        _args = arguments;
+
+    return _regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) {
+        switch (_context.prev = _context.next) {
+          case 0:
+            options = _args.length > 1 && _args[1] !== undefined ? _args[1] : {};
+            _context.next = 3;
+            return authClient.token.prepareTokenParams(options);
+
+          case 3:
+            tokenParams = _context.sent;
+            pkceMeta = createOAuthMeta(authClient, tokenParams);
+            _Object$assign = Object.assign(Object.assign({}, authClient.options), options), _Object$assign$flow = _Object$assign.flow, flow = _Object$assign$flow === void 0 ? 'default' : _Object$assign$flow, _Object$assign$withCr = _Object$assign.withCredentials, withCredentials = _Object$assign$withCr === void 0 ? true : _Object$assign$withCr, _Object$assign$activa = _Object$assign.activationToken, activationToken = _Object$assign$activa === void 0 ? undefined : _Object$assign$activa, _Object$assign$recove = _Object$assign.recoveryToken, recoveryToken = _Object$assign$recove === void 0 ? undefined : _Object$assign$recove;
+            meta = Object.assign(Object.assign({}, pkceMeta), {
+              flow: flow,
+              withCredentials: withCredentials,
+              activationToken: activationToken,
+              recoveryToken: recoveryToken
+            });
+            return _context.abrupt("return", meta);
+
+          case 8:
+          case "end":
+            return _context.stop();
+        }
+      }
+    }, _callee);
+  }));
+  return _createTransactionMeta.apply(this, arguments);
+}
+
+function hasSavedInteractionHandle(authClient, options) {
+  var savedMeta = getSavedTransactionMeta(authClient, options);
+
+  if (savedMeta === null || savedMeta === void 0 ? void 0 : savedMeta.interactionHandle) {
+    return true;
+  }
+
+  return false;
+}
+function getSavedTransactionMeta(authClient, options) {
+  options = removeNils(options);
+  options = Object.assign(Object.assign({}, authClient.options), options);
+  var savedMeta;
+
+  try {
+    savedMeta = authClient.transactionManager.load(options);
+  } catch (e) {}
+
+  if (!savedMeta) {
+    return;
+  }
+
+  if (isTransactionMetaValid(savedMeta, options)) {
+    return savedMeta;
+  }
+
+  warn('Saved transaction meta does not match the current configuration. ' + 'This may indicate that two apps are sharing a storage key.');
+}
+function getTransactionMeta(_x2, _x3) {
+  return _getTransactionMeta.apply(this, arguments);
+}
+
+function _getTransactionMeta() {
+  _getTransactionMeta = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee2(authClient, options) {
+    var validExistingMeta;
+    return _regeneratorRuntime.wrap(function _callee2$(_context2) {
+      while (1) {
+        switch (_context2.prev = _context2.next) {
+          case 0:
+            options = removeNils(options);
+            options = Object.assign(Object.assign({}, authClient.options), options);
+            validExistingMeta = getSavedTransactionMeta(authClient, options);
+
+            if (!validExistingMeta) {
+              _context2.next = 5;
+              break;
+            }
+
+            return _context2.abrupt("return", validExistingMeta);
+
+          case 5:
+            return _context2.abrupt("return", createTransactionMeta(authClient, options));
+
+          case 6:
+          case "end":
+            return _context2.stop();
+        }
+      }
+    }, _callee2);
+  }));
+  return _getTransactionMeta.apply(this, arguments);
+}
+
+function saveTransactionMeta(authClient, meta) {
+  authClient.transactionManager.save(meta, {
+    muteWarning: true
+  });
+}
+function clearTransactionMeta(authClient) {
+  authClient.transactionManager.clear();
+}
+function isTransactionMetaValid(meta) {
+  var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  var keys = ['issuer', 'clientId', 'redirectUri', 'state', 'codeChallenge', 'codeChallengeMethod', 'activationToken', 'recoveryToken'];
+
+  if (isTransactionMetaValidForOptions(meta, options, keys) === false) {
+    return false;
+  }
+
+  var flow = options.flow;
+
+  if (isTransactionMetaValidForFlow(meta, flow) === false) {
+    return false;
+  }
+
+  return true;
+}
+function isTransactionMetaValidForFlow(meta, flow) {
+  var shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';
+
+  if (shouldValidateFlow) {
+    if (flow !== meta.flow) {
+      return false;
+    }
+  }
+
+  return true;
+}
+function isTransactionMetaValidForOptions(meta, options, keys) {
+  var mismatch = keys.some(function (key) {
+    var value = options[key];
+
+    if (value && value !== meta[key]) {
+      return true;
+    }
+  });
+  return !mismatch;
+}
+
+function getResponse(meta) {
+  return {
+    meta: meta,
+    interactionHandle: meta.interactionHandle,
+    state: meta.state
   };
 }
 
@@ -5283,6 +6101,7 @@ function _interact() {
         codeChallengeMethod,
         activationToken,
         recoveryToken,
+        clientSecret,
         interactionHandle,
         newMeta,
         _args = arguments;
@@ -5310,7 +6129,8 @@ function _interact() {
             meta = _context.sent;
             baseUrl = getOAuthBaseUrl(authClient);
             _meta = meta, clientId = _meta.clientId, redirectUri = _meta.redirectUri, state = _meta.state, scopes = _meta.scopes, withCredentials = _meta.withCredentials, codeChallenge = _meta.codeChallenge, codeChallengeMethod = _meta.codeChallengeMethod, activationToken = _meta.activationToken, recoveryToken = _meta.recoveryToken;
-            _context.next = 12;
+            clientSecret = options.clientSecret || authClient.options.clientSecret;
+            _context.next = 13;
             return idx.interact({
               withCredentials: withCredentials,
               clientId: clientId,
@@ -5321,10 +6141,11 @@ function _interact() {
               codeChallenge: codeChallenge,
               codeChallengeMethod: codeChallengeMethod,
               activationToken: activationToken,
-              recoveryToken: recoveryToken
+              recoveryToken: recoveryToken,
+              clientSecret: clientSecret
             });
 
-          case 12:
+          case 13:
             interactionHandle = _context.sent;
             newMeta = Object.assign(Object.assign({}, meta), {
               interactionHandle: interactionHandle,
@@ -5337,7 +6158,7 @@ function _interact() {
             saveTransactionMeta(authClient, newMeta);
             return _context.abrupt("return", getResponse(newMeta));
 
-          case 16:
+          case 17:
           case "end":
             return _context.stop();
         }
@@ -5704,13 +6525,13 @@ var Authenticator = function Authenticator(authenticator) {
   this.meta = authenticator;
 };
 
-function _createSuper$p(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$p(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$s(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$s(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$p() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$s() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var VerificationCodeAuthenticator = /*#__PURE__*/function (_Authenticator) {
   _inherits(VerificationCodeAuthenticator, _Authenticator);
 
-  var _super = _createSuper$p(VerificationCodeAuthenticator);
+  var _super = _createSuper$s(VerificationCodeAuthenticator);
 
   function VerificationCodeAuthenticator() {
     _classCallCheck(this, VerificationCodeAuthenticator);
@@ -5721,7 +6542,7 @@ var VerificationCodeAuthenticator = /*#__PURE__*/function (_Authenticator) {
   _createClass(VerificationCodeAuthenticator, [{
     key: "canVerify",
     value: function canVerify(values) {
-      return values.verificationCode || values.otp;
+      return !!(values.verificationCode || values.otp);
     }
   }, {
     key: "mapCredentials",
@@ -5746,13 +6567,13 @@ var VerificationCodeAuthenticator = /*#__PURE__*/function (_Authenticator) {
   return VerificationCodeAuthenticator;
 }(Authenticator);
 
-function _createSuper$o(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$o(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$r(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$r(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$o() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$r() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var OktaVerifyTotp = /*#__PURE__*/function (_VerificationCodeAuth) {
   _inherits(OktaVerifyTotp, _VerificationCodeAuth);
 
-  var _super = _createSuper$o(OktaVerifyTotp);
+  var _super = _createSuper$r(OktaVerifyTotp);
 
   function OktaVerifyTotp() {
     _classCallCheck(this, OktaVerifyTotp);
@@ -5772,13 +6593,13 @@ var OktaVerifyTotp = /*#__PURE__*/function (_VerificationCodeAuth) {
   return OktaVerifyTotp;
 }(VerificationCodeAuthenticator);
 
-function _createSuper$n(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$n(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$q(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$q(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$n() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$q() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var OktaPassword = /*#__PURE__*/function (_Authenticator) {
   _inherits(OktaPassword, _Authenticator);
 
-  var _super = _createSuper$n(OktaPassword);
+  var _super = _createSuper$q(OktaPassword);
 
   function OktaPassword() {
     _classCallCheck(this, OktaPassword);
@@ -5814,13 +6635,13 @@ var OktaPassword = /*#__PURE__*/function (_Authenticator) {
   return OktaPassword;
 }(Authenticator);
 
-function _createSuper$m(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$m(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$p(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$p(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$m() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$p() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var SecurityQuestionEnrollment = /*#__PURE__*/function (_Authenticator) {
   _inherits(SecurityQuestionEnrollment, _Authenticator);
 
-  var _super = _createSuper$m(SecurityQuestionEnrollment);
+  var _super = _createSuper$p(SecurityQuestionEnrollment);
 
   function SecurityQuestionEnrollment() {
     _classCallCheck(this, SecurityQuestionEnrollment);
@@ -5834,7 +6655,7 @@ var SecurityQuestionEnrollment = /*#__PURE__*/function (_Authenticator) {
       var questionKey = values.questionKey,
           question = values.question,
           answer = values.answer;
-      return questionKey && answer || question && answer;
+      return !!(questionKey && answer) || !!(question && answer);
     }
   }, {
     key: "mapCredentials",
@@ -5871,13 +6692,13 @@ var SecurityQuestionEnrollment = /*#__PURE__*/function (_Authenticator) {
   return SecurityQuestionEnrollment;
 }(Authenticator);
 
-function _createSuper$l(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$l(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$o(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$o(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$l() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$o() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var SecurityQuestionVerification = /*#__PURE__*/function (_Authenticator) {
   _inherits(SecurityQuestionVerification, _Authenticator);
 
-  var _super = _createSuper$l(SecurityQuestionVerification);
+  var _super = _createSuper$o(SecurityQuestionVerification);
 
   function SecurityQuestionVerification() {
     _classCallCheck(this, SecurityQuestionVerification);
@@ -5888,7 +6709,7 @@ var SecurityQuestionVerification = /*#__PURE__*/function (_Authenticator) {
   _createClass(SecurityQuestionVerification, [{
     key: "canVerify",
     value: function canVerify(values) {
-      return values.answer;
+      return !!values.answer;
     }
   }, {
     key: "mapCredentials",
@@ -5913,8 +6734,123 @@ var SecurityQuestionVerification = /*#__PURE__*/function (_Authenticator) {
   return SecurityQuestionVerification;
 }(Authenticator);
 
+function _createSuper$n(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$n(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+
+function _isNativeReflectConstruct$n() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+var WebauthnEnrollment = /*#__PURE__*/function (_Authenticator) {
+  _inherits(WebauthnEnrollment, _Authenticator);
+
+  var _super = _createSuper$n(WebauthnEnrollment);
+
+  function WebauthnEnrollment() {
+    _classCallCheck(this, WebauthnEnrollment);
+
+    return _super.apply(this, arguments);
+  }
+
+  _createClass(WebauthnEnrollment, [{
+    key: "canVerify",
+    value: function canVerify(values) {
+      var clientData = values.clientData,
+          attestation = values.attestation;
+      return !!(clientData && attestation);
+    }
+  }, {
+    key: "mapCredentials",
+    value: function mapCredentials(values) {
+      var clientData = values.clientData,
+          attestation = values.attestation;
+      return {
+        clientData: clientData,
+        attestation: attestation
+      };
+    }
+  }, {
+    key: "getInputs",
+    value: function getInputs() {
+      return [{
+        name: 'clientData',
+        type: 'string',
+        required: true,
+        visible: false,
+        label: 'Client Data'
+      }, {
+        name: 'attestation',
+        type: 'string',
+        required: true,
+        visible: false,
+        label: 'Attestation'
+      }];
+    }
+  }]);
+
+  return WebauthnEnrollment;
+}(Authenticator);
+
+function _createSuper$m(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$m(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+
+function _isNativeReflectConstruct$m() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+var WebauthnVerification = /*#__PURE__*/function (_Authenticator) {
+  _inherits(WebauthnVerification, _Authenticator);
+
+  var _super = _createSuper$m(WebauthnVerification);
+
+  function WebauthnVerification() {
+    _classCallCheck(this, WebauthnVerification);
+
+    return _super.apply(this, arguments);
+  }
+
+  _createClass(WebauthnVerification, [{
+    key: "canVerify",
+    value: function canVerify(values) {
+      var clientData = values.clientData,
+          authenticatorData = values.authenticatorData,
+          signatureData = values.signatureData;
+      return !!(clientData && authenticatorData && signatureData);
+    }
+  }, {
+    key: "mapCredentials",
+    value: function mapCredentials(values) {
+      var authenticatorData = values.authenticatorData,
+          clientData = values.clientData,
+          signatureData = values.signatureData;
+      return {
+        authenticatorData: authenticatorData,
+        clientData: clientData,
+        signatureData: signatureData
+      };
+    }
+  }, {
+    key: "getInputs",
+    value: function getInputs() {
+      return [{
+        name: 'authenticatorData',
+        type: 'string',
+        label: 'Authenticator Data',
+        required: true,
+        visible: false
+      }, {
+        name: 'clientData',
+        type: 'string',
+        label: 'Client Data',
+        required: true,
+        visible: false
+      }, {
+        name: 'signatureData',
+        type: 'string',
+        label: 'Signature Data',
+        required: true,
+        visible: false
+      }];
+    }
+  }]);
+
+  return WebauthnVerification;
+}(Authenticator);
+
 function getAuthenticator(remediation) {
-  var _a;
+  var _a, _b;
 
   var relatesTo = remediation.relatesTo;
   var value = (relatesTo === null || relatesTo === void 0 ? void 0 : relatesTo.value) || {};
@@ -5933,18 +6869,25 @@ function getAuthenticator(remediation) {
     case AuthenticatorKey.OKTA_VERIFY:
       return new OktaVerifyTotp(value);
 
+    case AuthenticatorKey.WEBAUTHN:
+      if ((_b = value.contextualData) === null || _b === void 0 ? void 0 : _b.challengeData) {
+        return new WebauthnVerification(value);
+      } else {
+        return new WebauthnEnrollment(value);
+      }
+
     default:
       return new VerificationCodeAuthenticator(value);
   }
 }
 
-function _createSuper$k(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$k(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$l(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$l(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$k() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$l() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var VerifyAuthenticator = /*#__PURE__*/function (_Remediator) {
   _inherits(VerifyAuthenticator, _Remediator);
 
-  var _super = _createSuper$k(VerifyAuthenticator);
+  var _super = _createSuper$l(VerifyAuthenticator);
 
   function VerifyAuthenticator(remediation) {
     var _this;
@@ -5962,6 +6905,18 @@ var VerifyAuthenticator = /*#__PURE__*/function (_Remediator) {
   }
 
   _createClass(VerifyAuthenticator, [{
+    key: "getNextStep",
+    value: function getNextStep(context) {
+      var _a;
+
+      var nextStep = _get(_getPrototypeOf(VerifyAuthenticator.prototype), "getNextStep", this).call(this, context);
+
+      var authenticatorEnrollments = (_a = context === null || context === void 0 ? void 0 : context.authenticatorEnrollments) === null || _a === void 0 ? void 0 : _a.value;
+      return Object.assign(Object.assign({}, nextStep), {
+        authenticatorEnrollments: authenticatorEnrollments
+      });
+    }
+  }, {
     key: "canRemediate",
     value: function canRemediate() {
       return this.authenticator.canVerify(this.values);
@@ -5981,13 +6936,13 @@ var VerifyAuthenticator = /*#__PURE__*/function (_Remediator) {
   return VerifyAuthenticator;
 }(Remediator);
 
-function _createSuper$j(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$j(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$k(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$k(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$j() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$k() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var EnrollAuthenticator = /*#__PURE__*/function (_VerifyAuthenticator) {
   _inherits(EnrollAuthenticator, _VerifyAuthenticator);
 
-  var _super = _createSuper$j(EnrollAuthenticator);
+  var _super = _createSuper$k(EnrollAuthenticator);
 
   function EnrollAuthenticator() {
     _classCallCheck(this, EnrollAuthenticator);
@@ -5999,13 +6954,13 @@ var EnrollAuthenticator = /*#__PURE__*/function (_VerifyAuthenticator) {
 }(VerifyAuthenticator);
 EnrollAuthenticator.remediationName = 'enroll-authenticator';
 
-function _createSuper$i(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$i(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$j(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$j(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$i() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$j() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var EnrollPoll = /*#__PURE__*/function (_Remediator) {
   _inherits(EnrollPoll, _Remediator);
 
-  var _super = _createSuper$i(EnrollPoll);
+  var _super = _createSuper$j(EnrollPoll);
 
   function EnrollPoll() {
     _classCallCheck(this, EnrollPoll);
@@ -6055,13 +7010,13 @@ var EnrollPoll = /*#__PURE__*/function (_Remediator) {
 }(Remediator);
 EnrollPoll.remediationName = 'enroll-poll';
 
-function _createSuper$h(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$h(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$i(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$i(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$h() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$i() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var SelectEnrollmentChannel = /*#__PURE__*/function (_Remediator) {
   _inherits(SelectEnrollmentChannel, _Remediator);
 
-  var _super = _createSuper$h(SelectEnrollmentChannel);
+  var _super = _createSuper$i(SelectEnrollmentChannel);
 
   function SelectEnrollmentChannel() {
     _classCallCheck(this, SelectEnrollmentChannel);
@@ -6129,13 +7084,13 @@ var SelectEnrollmentChannel = /*#__PURE__*/function (_Remediator) {
 }(Remediator);
 SelectEnrollmentChannel.remediationName = 'select-enrollment-channel';
 
-function _createSuper$g(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$g(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$h(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$h(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$g() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$h() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var EnrollmentChannelData = /*#__PURE__*/function (_Remediator) {
   _inherits(EnrollmentChannelData, _Remediator);
 
-  var _super = _createSuper$g(EnrollmentChannelData);
+  var _super = _createSuper$h(EnrollmentChannelData);
 
   function EnrollmentChannelData() {
     var _this;
@@ -6212,13 +7167,13 @@ var EnrollmentChannelData = /*#__PURE__*/function (_Remediator) {
 }(Remediator);
 EnrollmentChannelData.remediationName = 'enrollment-channel-data';
 
-function _createSuper$f(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$f(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$g(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$g(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$f() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$g() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var ChallengeAuthenticator = /*#__PURE__*/function (_VerifyAuthenticator) {
   _inherits(ChallengeAuthenticator, _VerifyAuthenticator);
 
-  var _super = _createSuper$f(ChallengeAuthenticator);
+  var _super = _createSuper$g(ChallengeAuthenticator);
 
   function ChallengeAuthenticator() {
     _classCallCheck(this, ChallengeAuthenticator);
@@ -6230,13 +7185,13 @@ var ChallengeAuthenticator = /*#__PURE__*/function (_VerifyAuthenticator) {
 }(VerifyAuthenticator);
 ChallengeAuthenticator.remediationName = 'challenge-authenticator';
 
-function _createSuper$e(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$e(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$f(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$f(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$e() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$f() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var ChallengePoll = /*#__PURE__*/function (_EnrollPoll) {
   _inherits(ChallengePoll, _EnrollPoll);
 
-  var _super = _createSuper$e(ChallengePoll);
+  var _super = _createSuper$f(ChallengePoll);
 
   function ChallengePoll() {
     _classCallCheck(this, ChallengePoll);
@@ -6248,13 +7203,13 @@ var ChallengePoll = /*#__PURE__*/function (_EnrollPoll) {
 }(EnrollPoll);
 ChallengePoll.remediationName = 'challenge-poll';
 
-function _createSuper$d(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$d(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$e(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$e(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$d() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$e() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var ResetAuthenticator = /*#__PURE__*/function (_VerifyAuthenticator) {
   _inherits(ResetAuthenticator, _VerifyAuthenticator);
 
-  var _super = _createSuper$d(ResetAuthenticator);
+  var _super = _createSuper$e(ResetAuthenticator);
 
   function ResetAuthenticator() {
     _classCallCheck(this, ResetAuthenticator);
@@ -6266,13 +7221,13 @@ var ResetAuthenticator = /*#__PURE__*/function (_VerifyAuthenticator) {
 }(VerifyAuthenticator);
 ResetAuthenticator.remediationName = 'reset-authenticator';
 
-function _createSuper$c(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$c(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$d(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$d(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$c() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$d() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var EnrollProfile = /*#__PURE__*/function (_Remediator) {
   _inherits(EnrollProfile, _Remediator);
 
-  var _super = _createSuper$c(EnrollProfile);
+  var _super = _createSuper$d(EnrollProfile);
 
   function EnrollProfile() {
     var _this;
@@ -6338,13 +7293,13 @@ var EnrollProfile = /*#__PURE__*/function (_Remediator) {
 }(Remediator);
 EnrollProfile.remediationName = 'enroll-profile';
 
-function _createSuper$b(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$b(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$c(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$c(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$b() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$c() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var Identify = /*#__PURE__*/function (_Remediator) {
   _inherits(Identify, _Remediator);
 
-  var _super = _createSuper$b(Identify);
+  var _super = _createSuper$c(Identify);
 
   function Identify() {
     var _this;
@@ -6389,13 +7344,13 @@ var Identify = /*#__PURE__*/function (_Remediator) {
 }(Remediator);
 Identify.remediationName = 'identify';
 
-function _createSuper$a(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$a(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$b(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$b(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$a() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$b() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var ReEnrollAuthenticator = /*#__PURE__*/function (_Remediator) {
   _inherits(ReEnrollAuthenticator, _Remediator);
 
-  var _super = _createSuper$a(ReEnrollAuthenticator);
+  var _super = _createSuper$b(ReEnrollAuthenticator);
 
   function ReEnrollAuthenticator() {
     var _this;
@@ -6431,13 +7386,13 @@ var ReEnrollAuthenticator = /*#__PURE__*/function (_Remediator) {
 }(Remediator);
 ReEnrollAuthenticator.remediationName = 'reenroll-authenticator';
 
-function _createSuper$9(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$9(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$a(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$a(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$9() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$a() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var RedirectIdp = /*#__PURE__*/function (_Remediator) {
   _inherits(RedirectIdp, _Remediator);
 
-  var _super = _createSuper$9(RedirectIdp);
+  var _super = _createSuper$a(RedirectIdp);
 
   function RedirectIdp() {
     _classCallCheck(this, RedirectIdp);
@@ -6471,53 +7426,19 @@ var RedirectIdp = /*#__PURE__*/function (_Remediator) {
 }(Remediator);
 RedirectIdp.remediationName = 'redirect-idp';
 
-function _createSuper$8(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$8(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
-
-function _isNativeReflectConstruct$8() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
-
 function _createForOfIteratorHelper$2(o, allowArrayLike) { var it = typeof Symbol !== "undefined" && o[Symbol.iterator] || o["@@iterator"]; if (!it) { if (Array.isArray(o) || (it = _unsupportedIterableToArray$2(o)) || allowArrayLike && o && typeof o.length === "number") { if (it) o = it; var i = 0; var F = function F() {}; return { s: F, n: function n() { if (i >= o.length) return { done: true }; return { done: false, value: o[i++] }; }, e: function e(_e) { throw _e; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var normalCompletion = true, didErr = false, err; return { s: function s() { it = it.call(o); }, n: function n() { var step = it.next(); normalCompletion = step.done; return step; }, e: function e(_e2) { didErr = true; err = _e2; }, f: function f() { try { if (!normalCompletion && it.return != null) it.return(); } finally { if (didErr) throw err; } } }; }
 
 function _unsupportedIterableToArray$2(o, minLen) { if (!o) return; if (typeof o === "string") return _arrayLikeToArray$2(o, minLen); var n = Object.prototype.toString.call(o).slice(8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return Array.from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray$2(o, minLen); }
 
 function _arrayLikeToArray$2(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) { arr2[i] = arr[i]; } return arr2; }
 
-function findMatchedOption(authenticators, options) {
-  var option;
-
-  var _iterator = _createForOfIteratorHelper$2(authenticators),
-      _step;
-
-  try {
-    var _loop = function _loop() {
-      var authenticator = _step.value;
-      option = options.find(function (_ref) {
-        var relatesTo = _ref.relatesTo;
-        return relatesTo.key === authenticator.key;
-      });
-
-      if (option) {
-        return "break";
-      }
-    };
-
-    for (_iterator.s(); !(_step = _iterator.n()).done;) {
-      var _ret = _loop();
-
-      if (_ret === "break") break;
-    }
-  } catch (err) {
-    _iterator.e(err);
-  } finally {
-    _iterator.f();
-  }
-
-  return option;
-}
+function _createSuper$9(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$9(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
+function _isNativeReflectConstruct$9() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var SelectAuthenticator = /*#__PURE__*/function (_Remediator) {
   _inherits(SelectAuthenticator, _Remediator);
 
-  var _super = _createSuper$8(SelectAuthenticator);
+  var _super = _createSuper$9(SelectAuthenticator);
 
   function SelectAuthenticator() {
     var _this;
@@ -6532,6 +7453,40 @@ var SelectAuthenticator = /*#__PURE__*/function (_Remediator) {
   }
 
   _createClass(SelectAuthenticator, [{
+    key: "findMatchedOption",
+    value: function findMatchedOption(authenticators, options) {
+      var option;
+
+      var _iterator = _createForOfIteratorHelper$2(authenticators),
+          _step;
+
+      try {
+        var _loop = function _loop() {
+          var authenticator = _step.value;
+          option = options.find(function (_ref) {
+            var relatesTo = _ref.relatesTo;
+            return relatesTo.key === authenticator.key;
+          });
+
+          if (option) {
+            return "break";
+          }
+        };
+
+        for (_iterator.s(); !(_step = _iterator.n()).done;) {
+          var _ret = _loop();
+
+          if (_ret === "break") break;
+        }
+      } catch (err) {
+        _iterator.e(err);
+      } finally {
+        _iterator.f();
+      }
+
+      return option;
+    }
+  }, {
     key: "canRemediate",
     value: function canRemediate() {
       var authenticators = this.values.authenticators;
@@ -6542,7 +7497,7 @@ var SelectAuthenticator = /*#__PURE__*/function (_Remediator) {
         return false;
       }
 
-      var matchedOption = findMatchedOption(authenticators, options);
+      var matchedOption = this.findMatchedOption(authenticators, options);
 
       if (matchedOption) {
         return true;
@@ -6574,8 +7529,9 @@ var SelectAuthenticator = /*#__PURE__*/function (_Remediator) {
     value: function mapAuthenticator(remediationValue) {
       var authenticators = this.values.authenticators;
       var options = remediationValue.options;
-      var selectedOption = findMatchedOption(authenticators, options);
+      var selectedOption = this.findMatchedOption(authenticators, options);
       this.selectedAuthenticator = selectedOption.relatesTo;
+      this.selectedOption = selectedOption;
       return {
         id: selectedOption === null || selectedOption === void 0 ? void 0 : selectedOption.value.form.value.find(function (_ref2) {
           var name = _ref2.name;
@@ -6609,13 +7565,13 @@ var SelectAuthenticator = /*#__PURE__*/function (_Remediator) {
   return SelectAuthenticator;
 }(Remediator);
 
-function _createSuper$7(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$7(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$8(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$8(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$7() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$8() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var SelectAuthenticatorAuthenticate = /*#__PURE__*/function (_SelectAuthenticator) {
   _inherits(SelectAuthenticatorAuthenticate, _SelectAuthenticator);
 
-  var _super = _createSuper$7(SelectAuthenticatorAuthenticate);
+  var _super = _createSuper$8(SelectAuthenticatorAuthenticate);
 
   function SelectAuthenticatorAuthenticate(remediation) {
     var _this;
@@ -6645,13 +7601,13 @@ var SelectAuthenticatorAuthenticate = /*#__PURE__*/function (_SelectAuthenticato
 }(SelectAuthenticator);
 SelectAuthenticatorAuthenticate.remediationName = 'select-authenticator-authenticate';
 
-function _createSuper$6(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$6(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _createSuper$7(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$7(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
-function _isNativeReflectConstruct$6() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _isNativeReflectConstruct$7() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 var SelectAuthenticatorEnroll = /*#__PURE__*/function (_SelectAuthenticator) {
   _inherits(SelectAuthenticatorEnroll, _SelectAuthenticator);
 
-  var _super = _createSuper$6(SelectAuthenticatorEnroll);
+  var _super = _createSuper$7(SelectAuthenticatorEnroll);
 
   function SelectAuthenticatorEnroll() {
     _classCallCheck(this, SelectAuthenticatorEnroll);
@@ -6663,6 +7619,68 @@ var SelectAuthenticatorEnroll = /*#__PURE__*/function (_SelectAuthenticator) {
 }(SelectAuthenticator);
 SelectAuthenticatorEnroll.remediationName = 'select-authenticator-enroll';
 
+function _createSuper$6(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$6(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+
+function _isNativeReflectConstruct$6() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+var SelectAuthenticatorUnlockAccount = /*#__PURE__*/function (_SelectAuthenticator) {
+  _inherits(SelectAuthenticatorUnlockAccount, _SelectAuthenticator);
+
+  var _super = _createSuper$6(SelectAuthenticatorUnlockAccount);
+
+  function SelectAuthenticatorUnlockAccount() {
+    var _this;
+
+    _classCallCheck(this, SelectAuthenticatorUnlockAccount);
+
+    _this = _super.apply(this, arguments);
+    _this.map = {
+      authenticator: [],
+      identifier: ['username']
+    };
+    return _this;
+  }
+
+  _createClass(SelectAuthenticatorUnlockAccount, [{
+    key: "canRemediate",
+    value: function canRemediate() {
+      var identifier = this.getData('identifier');
+      return !!identifier && _get(_getPrototypeOf(SelectAuthenticatorUnlockAccount.prototype), "canRemediate", this).call(this);
+    }
+  }, {
+    key: "mapAuthenticator",
+    value: function mapAuthenticator(remediationValue) {
+      var _a, _b, _c;
+
+      var authenticatorMap = _get(_getPrototypeOf(SelectAuthenticatorUnlockAccount.prototype), "mapAuthenticator", this).call(this, remediationValue);
+
+      var methodTypeOption = (_a = this.selectedOption) === null || _a === void 0 ? void 0 : _a.value.form.value.find(function (_ref) {
+        var name = _ref.name;
+        return name === 'methodType';
+      });
+      var methodTypeValue = this.values.methodType || (methodTypeOption === null || methodTypeOption === void 0 ? void 0 : methodTypeOption.value) || ((_c = (_b = methodTypeOption === null || methodTypeOption === void 0 ? void 0 : methodTypeOption.options) === null || _b === void 0 ? void 0 : _b[0]) === null || _c === void 0 ? void 0 : _c.value);
+
+      if (methodTypeValue) {
+        return Object.assign(Object.assign({}, authenticatorMap), {
+          methodType: methodTypeValue
+        });
+      }
+
+      return authenticatorMap;
+    }
+  }, {
+    key: "getInputUsername",
+    value: function getInputUsername() {
+      return {
+        name: 'username',
+        key: 'string'
+      };
+    }
+  }]);
+
+  return SelectAuthenticatorUnlockAccount;
+}(SelectAuthenticator);
+SelectAuthenticatorUnlockAccount.remediationName = 'select-authenticator-unlock-account';
+
 function _createSuper$5(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct$5(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
 
 function _isNativeReflectConstruct$5() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
@@ -6980,6 +7998,7 @@ var remediators = /*#__PURE__*/Object.freeze({
   RedirectIdp: RedirectIdp,
   SelectAuthenticatorAuthenticate: SelectAuthenticatorAuthenticate,
   SelectAuthenticatorEnroll: SelectAuthenticatorEnroll,
+  SelectAuthenticatorUnlockAccount: SelectAuthenticatorUnlockAccount,
   SelectEnrollProfile: SelectEnrollProfile,
   AuthenticatorVerificationData: AuthenticatorVerificationData,
   AuthenticatorEnrollmentData: AuthenticatorEnrollmentData,
@@ -7143,21 +8162,21 @@ function remediate(_x, _x2, _x3) {
 
 function _remediate() {
   _remediate = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(idxResponse, values, options) {
-    var _idxResponse, neededToProceed, interactionCode, remediators, flow, terminal, messages, remediator, nextStep, actionFromValues, actions, _iterator3, _step3, action, valuesWithoutExecutedAction, _nextStep, name, data;
+    var _idxResponse, neededToProceed, interactionCode, remediators, flow, terminal, messages, actionFromValues, actions, _iterator3, _step3, _loop, _ret, remediator, nextStep, _nextStep, name, data;
 
-    return _regeneratorRuntime.wrap(function _callee$(_context) {
+    return _regeneratorRuntime.wrap(function _callee$(_context2) {
       while (1) {
-        switch (_context.prev = _context.next) {
+        switch (_context2.prev = _context2.next) {
           case 0:
             _idxResponse = idxResponse, neededToProceed = _idxResponse.neededToProceed, interactionCode = _idxResponse.interactionCode;
             remediators = options.remediators, flow = options.flow;
 
             if (!interactionCode) {
-              _context.next = 4;
+              _context2.next = 4;
               break;
             }
 
-            return _context.abrupt("return", {
+            return _context2.abrupt("return", {
               idxResponse: idxResponse
             });
 
@@ -7166,160 +8185,223 @@ function _remediate() {
             messages = getIdxMessages(idxResponse);
 
             if (!terminal) {
-              _context.next = 8;
+              _context2.next = 8;
               break;
             }
 
-            return _context.abrupt("return", {
+            return _context2.abrupt("return", {
               terminal: terminal,
               messages: messages
             });
 
           case 8:
-            remediator = getRemediator(neededToProceed, values, options);
+            actionFromValues = getActionFromValues(values, idxResponse);
+            actions = [].concat(_toConsumableArray(options.actions || []), _toConsumableArray(actionFromValues && [actionFromValues] || []));
 
-            if (!(!remediator && flow === 'default')) {
-              _context.next = 11;
+            if (!actions) {
+              _context2.next = 30;
               break;
             }
 
-            return _context.abrupt("return", {
-              idxResponse: idxResponse
-            });
+            _iterator3 = _createForOfIteratorHelper$1(actions);
+            _context2.prev = 12;
+            _loop = /*#__PURE__*/_regeneratorRuntime.mark(function _loop() {
+              var action, valuesWithoutExecutedAction, remediationAction;
+              return _regeneratorRuntime.wrap(function _loop$(_context) {
+                while (1) {
+                  switch (_context.prev = _context.next) {
+                    case 0:
+                      action = _step3.value;
+                      valuesWithoutExecutedAction = removeActionFromValues(values);
+
+                      if (!(typeof idxResponse.actions[action] === 'function')) {
+                        _context.next = 15;
+                        break;
+                      }
+
+                      _context.prev = 3;
+                      _context.next = 6;
+                      return idxResponse.actions[action]();
+
+                    case 6:
+                      idxResponse = _context.sent;
+                      _context.next = 12;
+                      break;
+
+                    case 9:
+                      _context.prev = 9;
+                      _context.t0 = _context["catch"](3);
+                      return _context.abrupt("return", {
+                        v: handleIdxError(_context.t0, remediators)
+                      });
 
-          case 11:
-            if (remediator) {
-              _context.next = 13;
-              break;
-            }
+                    case 12:
+                      if (!(action === 'cancel')) {
+                        _context.next = 14;
+                        break;
+                      }
 
-            throw new AuthSdkError("\n      No remediation can match current flow, check policy settings in your org.\n      Remediations: [".concat(neededToProceed.reduce(function (acc, curr) {
-              return acc ? acc + ' ,' + curr.name : curr.name;
-            }, ''), "]\n    "));
+                      return _context.abrupt("return", {
+                        v: {
+                          canceled: true
+                        }
+                      });
 
-          case 13:
-            if (!messages.length) {
-              _context.next = 16;
-              break;
-            }
+                    case 14:
+                      return _context.abrupt("return", {
+                        v: remediate(idxResponse, valuesWithoutExecutedAction, options)
+                      });
 
-            nextStep = getNextStep(remediator, idxResponse);
-            return _context.abrupt("return", {
-              nextStep: nextStep,
-              messages: messages
-            });
+                    case 15:
+                      remediationAction = neededToProceed.find(function (_ref3) {
+                        var name = _ref3.name;
+                        return name === action;
+                      });
 
-          case 16:
-            actionFromValues = getActionFromValues(values, idxResponse);
-            actions = [].concat(_toConsumableArray(options.actions || []), _toConsumableArray(actionFromValues && [actionFromValues] || []));
+                      if (!remediationAction) {
+                        _context.next = 27;
+                        break;
+                      }
+
+                      _context.prev = 17;
+                      _context.next = 20;
+                      return idxResponse.proceed(action, {});
+
+                    case 20:
+                      idxResponse = _context.sent;
+                      _context.next = 26;
+                      break;
+
+                    case 23:
+                      _context.prev = 23;
+                      _context.t1 = _context["catch"](17);
+                      return _context.abrupt("return", {
+                        v: handleIdxError(_context.t1, remediators)
+                      });
 
-            if (!actions) {
-              _context.next = 48;
-              break;
-            }
+                    case 26:
+                      return _context.abrupt("return", {
+                        v: remediate(idxResponse, values, options)
+                      });
 
-            _iterator3 = _createForOfIteratorHelper$1(actions);
-            _context.prev = 20;
+                    case 27:
+                    case "end":
+                      return _context.stop();
+                  }
+                }
+              }, _loop, null, [[3, 9], [17, 23]]);
+            });
 
             _iterator3.s();
 
-          case 22:
+          case 15:
             if ((_step3 = _iterator3.n()).done) {
-              _context.next = 40;
+              _context2.next = 22;
               break;
             }
 
-            action = _step3.value;
-            valuesWithoutExecutedAction = removeActionFromValues(values);
+            return _context2.delegateYield(_loop(), "t0", 17);
+
+          case 17:
+            _ret = _context2.t0;
 
-            if (!(typeof idxResponse.actions[action] === 'function')) {
-              _context.next = 38;
+            if (!(_typeof(_ret) === "object")) {
+              _context2.next = 20;
               break;
             }
 
-            _context.prev = 26;
-            _context.next = 29;
-            return idxResponse.actions[action]();
+            return _context2.abrupt("return", _ret.v);
 
-          case 29:
-            idxResponse = _context.sent;
-            _context.next = 35;
+          case 20:
+            _context2.next = 15;
             break;
 
-          case 32:
-            _context.prev = 32;
-            _context.t0 = _context["catch"](26);
-            return _context.abrupt("return", handleIdxError(_context.t0, remediators));
+          case 22:
+            _context2.next = 27;
+            break;
 
-          case 35:
-            if (!(action === 'cancel')) {
-              _context.next = 37;
-              break;
-            }
+          case 24:
+            _context2.prev = 24;
+            _context2.t1 = _context2["catch"](12);
 
-            return _context.abrupt("return", {
-              canceled: true
-            });
+            _iterator3.e(_context2.t1);
 
-          case 37:
-            return _context.abrupt("return", remediate(idxResponse, valuesWithoutExecutedAction, options));
+          case 27:
+            _context2.prev = 27;
 
-          case 38:
-            _context.next = 22;
-            break;
+            _iterator3.f();
 
-          case 40:
-            _context.next = 45;
-            break;
+            return _context2.finish(27);
 
-          case 42:
-            _context.prev = 42;
-            _context.t1 = _context["catch"](20);
+          case 30:
+            remediator = getRemediator(neededToProceed, values, options);
 
-            _iterator3.e(_context.t1);
+            if (!(!remediator && flow === 'default')) {
+              _context2.next = 33;
+              break;
+            }
 
-          case 45:
-            _context.prev = 45;
+            return _context2.abrupt("return", {
+              idxResponse: idxResponse
+            });
 
-            _iterator3.f();
+          case 33:
+            if (remediator) {
+              _context2.next = 35;
+              break;
+            }
+
+            throw new AuthSdkError("\n      No remediation can match current flow, check policy settings in your org.\n      Remediations: [".concat(neededToProceed.reduce(function (acc, curr) {
+              return acc ? acc + ' ,' + curr.name : curr.name;
+            }, ''), "]\n    "));
+
+          case 35:
+            if (!messages.length) {
+              _context2.next = 38;
+              break;
+            }
 
-            return _context.finish(45);
+            nextStep = getNextStep(remediator, idxResponse);
+            return _context2.abrupt("return", {
+              nextStep: nextStep,
+              messages: messages
+            });
 
-          case 48:
+          case 38:
             if (remediator.canRemediate()) {
-              _context.next = 51;
+              _context2.next = 41;
               break;
             }
 
             _nextStep = getNextStep(remediator, idxResponse);
-            return _context.abrupt("return", {
+            return _context2.abrupt("return", {
               idxResponse: idxResponse,
               nextStep: _nextStep
             });
 
-          case 51:
+          case 41:
             name = remediator.getName();
             data = remediator.getData();
-            _context.prev = 53;
-            _context.next = 56;
+            _context2.prev = 43;
+            _context2.next = 46;
             return idxResponse.proceed(name, data);
 
-          case 56:
-            idxResponse = _context.sent;
+          case 46:
+            idxResponse = _context2.sent;
             values = remediator.getValuesAfterProceed();
-            return _context.abrupt("return", remediate(idxResponse, values, options));
+            return _context2.abrupt("return", remediate(idxResponse, values, options));
 
-          case 61:
-            _context.prev = 61;
-            _context.t2 = _context["catch"](53);
-            return _context.abrupt("return", handleIdxError(_context.t2, remediator));
+          case 51:
+            _context2.prev = 51;
+            _context2.t2 = _context2["catch"](43);
+            return _context2.abrupt("return", handleIdxError(_context2.t2, remediator));
 
-          case 64:
+          case 54:
           case "end":
-            return _context.stop();
+            return _context2.stop();
         }
       }
-    }, _callee, null, [[20, 42, 45, 48], [26, 32], [53, 61]]);
+    }, _callee, null, [[12, 24, 27, 30], [43, 51]]);
   }));
   return _remediate.apply(this, arguments);
 }
@@ -7343,10 +8425,13 @@ var PasswordRecoveryFlow = {
   'identify': Identify,
   'identify-recovery': Identify,
   'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,
+  'select-authenticator-enroll': SelectAuthenticatorEnroll,
   'challenge-authenticator': ChallengeAuthenticator,
   'authenticator-verification-data': AuthenticatorVerificationData,
+  'authenticator-enrollment-data': AuthenticatorEnrollmentData,
   'reset-authenticator': ResetAuthenticator,
-  'reenroll-authenticator': ReEnrollAuthenticator
+  'reenroll-authenticator': ReEnrollAuthenticator,
+  'enroll-poll': EnrollPoll
 };
 
 var RegistrationFlow = {
@@ -7361,6 +8446,15 @@ var RegistrationFlow = {
   'skip': Skip
 };
 
+var AccountUnlockFlow = {
+  'identify': Identify,
+  'select-authenticator-unlock-account': SelectAuthenticatorUnlockAccount,
+  'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,
+  'challenge-authenticator': ChallengeAuthenticator,
+  'challenge-poll': ChallengePoll,
+  'authenticator-verification-data': AuthenticatorVerificationData
+};
+
 function getFlowSpecification(oktaAuth) {
   var flow = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 'default';
   var remediators,
@@ -7382,6 +8476,12 @@ function getFlowSpecification(oktaAuth) {
       withCredentials = false;
       break;
 
+    case 'unlockAccount':
+      remediators = AccountUnlockFlow;
+      withCredentials = false;
+      actions = ['unlock-account'];
+      break;
+
     case 'authenticate':
     case 'login':
     case 'signin':
@@ -7430,6 +8530,13 @@ function getEnabledFeatures(idxResponse) {
     res.push(IdxFeature.SOCIAL_IDP);
   }
 
+  if (neededToProceed.some(function (_ref3) {
+    var name = _ref3.name;
+    return name === 'unlock-account';
+  })) {
+    res.push(IdxFeature.ACCOUNT_UNLOCK);
+  }
+
   return res;
 }
 
@@ -7496,6 +8603,8 @@ function _run() {
         exchangeCodeForTokens,
         autoRemediate,
         step,
+        recoveryToken,
+        activationToken,
         flowSpec,
         interactResponse,
         values,
@@ -7512,7 +8621,7 @@ function _run() {
         redirectUri,
         urls,
         _scopes,
-        _ref3,
+        _ref4,
         actions,
         context,
         neededToProceed,
@@ -7529,7 +8638,7 @@ function _run() {
             shouldClearTransaction = false;
             clearSharedStorage = true;
             _context.prev = 4;
-            flow = options.flow, state = options.state, scopes = options.scopes, version = options.version, _remediators = options.remediators, _actions = options.actions, withCredentials = options.withCredentials, exchangeCodeForTokens = options.exchangeCodeForTokens, autoRemediate = options.autoRemediate, step = options.step;
+            flow = options.flow, state = options.state, scopes = options.scopes, version = options.version, _remediators = options.remediators, _actions = options.actions, withCredentials = options.withCredentials, exchangeCodeForTokens = options.exchangeCodeForTokens, autoRemediate = options.autoRemediate, step = options.step, recoveryToken = options.recoveryToken, activationToken = options.activationToken;
             flow = flow || authClient.idx.getFlow() || 'default';
 
             if (flow) {
@@ -7541,7 +8650,9 @@ function _run() {
             }
 
             metaFromResp = getSavedTransactionMeta(authClient, {
-              state: state
+              state: state,
+              recoveryToken: recoveryToken,
+              activationToken: activationToken
             });
             interactionHandle = metaFromResp === null || metaFromResp === void 0 ? void 0 : metaFromResp.interactionHandle;
 
@@ -7555,7 +8666,9 @@ function _run() {
             return interact(authClient, {
               withCredentials: withCredentials,
               state: state,
-              scopes: scopes
+              scopes: scopes,
+              activationToken: activationToken,
+              recoveryToken: recoveryToken
             });
 
           case 14:
@@ -7690,7 +8803,7 @@ function _run() {
               });
             }
 
-            _ref3 = idxResponse || {}, actions = _ref3.actions, context = _ref3.context, neededToProceed = _ref3.neededToProceed, proceed = _ref3.proceed, rawIdxState = _ref3.rawIdxState;
+            _ref4 = idxResponse || {}, actions = _ref4.actions, context = _ref4.context, neededToProceed = _ref4.neededToProceed, proceed = _ref4.proceed, rawIdxState = _ref4.rawIdxState;
             return _context.abrupt("return", Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({
               status: status
             }, meta && {
@@ -8194,6 +9307,58 @@ function _handleInteractionCodeRedirect() {
   return _handleInteractionCodeRedirect.apply(this, arguments);
 }
 
+function unlockAccount(_x) {
+  return _unlockAccount.apply(this, arguments);
+}
+
+function _unlockAccount() {
+  _unlockAccount = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(authClient) {
+    var options,
+        _yield$startTransacti,
+        enabledFeatures,
+        _args = arguments;
+
+    return _regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) {
+        switch (_context.prev = _context.next) {
+          case 0:
+            options = _args.length > 1 && _args[1] !== undefined ? _args[1] : {};
+            options.flow = 'unlockAccount';
+
+            if (hasSavedInteractionHandle(authClient)) {
+              _context.next = 9;
+              break;
+            }
+
+            _context.next = 5;
+            return startTransaction(authClient, Object.assign(Object.assign({}, options), {
+              autoRemediate: false
+            }));
+
+          case 5:
+            _yield$startTransacti = _context.sent;
+            enabledFeatures = _yield$startTransacti.enabledFeatures;
+
+            if (!(enabledFeatures && !enabledFeatures.includes(IdxFeature.ACCOUNT_UNLOCK))) {
+              _context.next = 9;
+              break;
+            }
+
+            throw new AuthSdkError('Self Service Account Unlock is not supported based on your current org configuration.');
+
+          case 9:
+            return _context.abrupt("return", run(authClient, Object.assign({}, options)));
+
+          case 10:
+          case "end":
+            return _context.stop();
+        }
+      }
+    }, _callee);
+  }));
+  return _unlockAccount.apply(this, arguments);
+}
+
 function setGlobalRequestInterceptor(fn) {
   idx.client.interceptors.request.use(fn);
 }
@@ -8203,6 +9368,10 @@ function createGlobalRequestInterceptor(sdk) {
 
     var headers = Object.assign(Object.assign({}, oktaUserAgentHeader), sdk.options.headers);
     Object.keys(headers).forEach(function (name) {
+      if (!sdk.options.clientSecret && name === 'X-Device-Token') {
+        return;
+      }
+
       requestConfig.headers[name] = headers[name];
     });
   };
@@ -8212,7 +9381,7 @@ var OktaUserAgent = /*#__PURE__*/function () {
   function OktaUserAgent() {
     _classCallCheck(this, OktaUserAgent);
 
-    this.environments = ["okta-auth-js/".concat("6.0.0")];
+    this.environments = ["okta-auth-js/".concat("6.1.0")];
   }
 
   _createClass(OktaUserAgent, [{
@@ -8231,7 +9400,7 @@ var OktaUserAgent = /*#__PURE__*/function () {
   }, {
     key: "getVersion",
     value: function getVersion() {
-      return "6.0.0";
+      return "6.1.0";
     }
   }, {
     key: "maybeAddNodeEnvironment",
@@ -8386,7 +9555,8 @@ var OktaAuth = /*#__PURE__*/function () {
       getFlow: function getFlow() {
         return _this.options.flow;
       },
-      canProceed: canProceed.bind(null, this)
+      canProceed: canProceed.bind(null, this),
+      unlockAccount: unlockAccount.bind(null, this)
     };
     setGlobalRequestInterceptor(createGlobalRequestInterceptor(this));
     this.http = {
@@ -9045,63 +10215,77 @@ var OktaAuth = /*#__PURE__*/function () {
 
                 this.tokenManager.setTokens(tokens);
                 originalUri = originalUri || this.getOriginalUri(this.options.state);
-                _context11.next = 17;
+                _context11.next = 25;
                 break;
 
               case 6:
                 if (!this.isLoginRedirect()) {
-                  _context11.next = 16;
+                  _context11.next = 24;
                   break;
                 }
 
-                _context11.next = 9;
+                _context11.prev = 7;
+                _context11.next = 10;
                 return parseOAuthResponseFromUrl(this, {});
 
-              case 9:
+              case 10:
                 oAuthResponse = _context11.sent;
                 state = oAuthResponse.state;
                 originalUri = originalUri || this.getOriginalUri(state);
-                _context11.next = 14;
+                _context11.next = 15;
                 return this.storeTokensFromRedirect();
 
-              case 14:
-                _context11.next = 17;
+              case 15:
+                _context11.next = 22;
                 break;
 
-              case 16:
+              case 17:
+                _context11.prev = 17;
+                _context11.t0 = _context11["catch"](7);
+                _context11.next = 21;
+                return this.authStateManager.updateAuthState();
+
+              case 21:
+                throw _context11.t0;
+
+              case 22:
+                _context11.next = 25;
+                break;
+
+              case 24:
                 return _context11.abrupt("return");
 
-              case 17:
-                _context11.next = 19;
+              case 25:
+                _context11.next = 27;
                 return this.authStateManager.updateAuthState();
 
-              case 19:
+              case 27:
                 this.removeOriginalUri(state);
                 restoreOriginalUri = this.options.restoreOriginalUri;
 
                 if (!restoreOriginalUri) {
-                  _context11.next = 26;
+                  _context11.next = 34;
                   break;
                 }
 
-                _context11.next = 24;
+                _context11.next = 32;
                 return restoreOriginalUri(this, originalUri);
 
-              case 24:
-                _context11.next = 27;
+              case 32:
+                _context11.next = 35;
                 break;
 
-              case 26:
+              case 34:
                 if (originalUri) {
                   window.location.replace(originalUri);
                 }
 
-              case 27:
+              case 35:
               case "end":
                 return _context11.stop();
             }
           }
-        }, _callee11, this);
+        }, _callee11, this, [[7, 17]]);
       }));
 
       function handleLoginRedirect(_x6, _x7) {
@@ -9153,15 +10337,55 @@ var OktaAuth = /*#__PURE__*/function () {
     value: function verifyRecoveryToken(opts) {
       return postToTransaction(this, '/api/v1/authn/recovery/token', opts);
     }
+  }, {
+    key: "invokeApiMethod",
+    value: function () {
+      var _invokeApiMethod = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee12(options) {
+        var accessToken;
+        return _regeneratorRuntime.wrap(function _callee12$(_context12) {
+          while (1) {
+            switch (_context12.prev = _context12.next) {
+              case 0:
+                if (options.accessToken) {
+                  _context12.next = 5;
+                  break;
+                }
+
+                _context12.next = 3;
+                return this.tokenManager.getTokens();
+
+              case 3:
+                accessToken = _context12.sent.accessToken;
+                options.accessToken = accessToken === null || accessToken === void 0 ? void 0 : accessToken.accessToken;
+
+              case 5:
+                return _context12.abrupt("return", httpRequest(this, options));
+
+              case 6:
+              case "end":
+                return _context12.stop();
+            }
+          }
+        }, _callee12, this);
+      }));
+
+      function invokeApiMethod(_x8) {
+        return _invokeApiMethod.apply(this, arguments);
+      }
+
+      return invokeApiMethod;
+    }()
   }]);
 
   return OktaAuth;
 }();
 
 OktaAuth.features = OktaAuth.prototype.features = features;
+OktaAuth.crypto = crypto$1;
+OktaAuth.webauthn = webauthn;
 Object.assign(OktaAuth, {
   constants: constants
 });
 
-export { ACCESS_TOKEN_STORAGE_KEY, AuthApiError, AuthPollStopError, AuthSdkError, AuthStateManager, AuthTransaction, AuthenticatorKey, CACHE_STORAGE_NAME, DEFAULT_CACHE_DURATION, DEFAULT_CODE_CHALLENGE_METHOD, DEFAULT_MAX_CLOCK_SKEW, DEFAULT_POLLING_DELAY, EVENT_ADDED, EVENT_ERROR, EVENT_EXPIRED, EVENT_REMOVED, EVENT_RENEWED, EmailVerifyCallbackError, IDX_API_VERSION, IDX_RESPONSE_STORAGE_NAME, ID_TOKEN_STORAGE_KEY, INITIAL_AUTH_STATE, IdxFeature, IdxStatus, MAX_VERIFIER_LENGTH, MIN_VERIFIER_LENGTH, OAuthError, ORIGINAL_URI_STORAGE_NAME, OktaAuth, PKCE_STORAGE_NAME, REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME, REFERRER_PATH_STORAGE_KEY, REFRESH_TOKEN_STORAGE_KEY, SHARED_TRANSACTION_STORAGE_NAME, STATE_TOKEN_KEY_NAME, TOKEN_STORAGE_NAME, TRANSACTION_STORAGE_NAME, TokenManager, addListener, addPostMessageListener, addStateToken, assertPKCESupport, authenticate, bind, buildAuthorizeParams, canProceed, cancel, clearTransactionMeta, clone, convertTokenParamsToOAuthParams, createOAuthMeta, createTransactionMeta, index as crypto, decodeToken, delay, deprecate, deprecateWrap, exchangeCodeForTokens, extend, find, genRandomString, generateNonce, generateState, getConsole, getDefaultTokenParams, getHashOrSearch, getKey, getLink, getNativeConsole, getOAuthBaseUrl, getOAuthDomain, getOAuthUrls, getPollFn, getSavedTransactionMeta, getStateToken, getToken, getTransactionMeta, getUserInfo, getWellKnown, getWithPopup, getWithRedirect, getWithoutPrompt, handleEmailVerifyCallback, handleInteractionCodeRedirect, handleOAuthResponse, hasAuthorizationCode, hasErrorInUrl, hasInteractionCode, hasSavedInteractionHandle, hasTokensInHash, interact, introspect, introspectAuthn, isAbsoluteUrl, isAccessToken, isAuthApiError, isAuthorizationCodeError, isCodeFlow, isCustomAuthTransactionMeta, isEmailVerifyCallback, isEmailVerifyCallbackError, isFunction, isIDToken, isIdxTransactionMeta, isInteractionRequired, isInteractionRequiredError, isLoginRedirect, isNumber, isOAuthTransactionMeta, isObject, isPKCETransactionMeta, isPromise, isRedirectUri, isRefreshToken, isRefreshTokenError, isSameRefreshToken, isString, isToken, isTransactionMeta, isTransactionMetaValid, isTransactionMetaValidForFlow, isTransactionMetaValidForOptions, isoToUTCString, loadFrame, loadPopup, omit, parseEmailVerifyCallback, parseFromUrl, PKCE as pkce, poll, postRefreshToken, postToTokenEndpoint, postToTransaction, preparePKCE, prepareTokenParams, proceed, recoverPassword, register, removeListener, removeNils, removeTrailingSlash, renewToken, renewTokens, renewTokensWithRefresh, resumeTransaction, revokeToken, saveTransactionMeta, startTransaction, toAbsoluteUrl, toQueryString, toRelativeUrl, transactionExists, transactionStatus, transactionStep, urlParamsToObject, validateClaims, validateCodeChallengeMethod, validateToken, verifyToken, warn };
+export { ACCESS_TOKEN_STORAGE_KEY, AuthApiError, AuthPollStopError, AuthSdkError, AuthStateManager, AuthTransaction, AuthenticatorKey, CACHE_STORAGE_NAME, DEFAULT_CACHE_DURATION, DEFAULT_CODE_CHALLENGE_METHOD, DEFAULT_MAX_CLOCK_SKEW, DEFAULT_POLLING_DELAY, EVENT_ADDED, EVENT_ERROR, EVENT_EXPIRED, EVENT_REMOVED, EVENT_RENEWED, IDX_API_VERSION, IDX_RESPONSE_STORAGE_NAME, ID_TOKEN_STORAGE_KEY, INITIAL_AUTH_STATE, IdxFeature, IdxStatus, MAX_VERIFIER_LENGTH, MIN_VERIFIER_LENGTH, OAuthError, ORIGINAL_URI_STORAGE_NAME, OktaAuth, PKCE_STORAGE_NAME, REDIRECT_NONCE_COOKIE_NAME, REDIRECT_OAUTH_PARAMS_NAME, REDIRECT_STATE_COOKIE_NAME, REFERRER_PATH_STORAGE_KEY, REFRESH_TOKEN_STORAGE_KEY, SHARED_TRANSACTION_STORAGE_NAME, STATE_TOKEN_KEY_NAME, StorageManager, TOKEN_STORAGE_NAME, TRANSACTION_STORAGE_NAME, TokenManager, addListener, addPostMessageListener, addStateToken, assertPKCESupport, authenticate, bind, buildAuthorizeParams, canProceed, cancel, clearTransactionMeta, clone, convertTokenParamsToOAuthParams, createOAuthMeta, createTransactionMeta, crypto$1 as crypto, decodeToken, delay, deprecate, deprecateWrap, exchangeCodeForTokens, extend, find, genRandomString, generateNonce, generateState, getConsole, getDefaultTokenParams, getHashOrSearch, getKey, getLink, getNativeConsole, getOAuthBaseUrl, getOAuthDomain, getOAuthUrls, getPollFn, getSavedTransactionMeta, getStateToken, getToken, getTransactionMeta, getUserInfo, getWellKnown, getWithPopup, getWithRedirect, getWithoutPrompt, handleEmailVerifyCallback, handleInteractionCodeRedirect, handleOAuthResponse, hasAuthorizationCode, hasErrorInUrl, hasInteractionCode, hasSavedInteractionHandle, hasTokensInHash, interact, introspect, introspectAuthn, isAbsoluteUrl, isAccessToken, isAuthApiError, isAuthorizationCodeError, isCodeFlow, isCustomAuthTransactionMeta, isEmailVerifyCallback, isEmailVerifyCallbackError, isFunction, isIDToken, isIdxTransactionMeta, isInteractionRequired, isInteractionRequiredError, isLoginRedirect, isNumber, isOAuthTransactionMeta, isObject, isPKCETransactionMeta, isPromise, isRedirectUri, isRefreshToken, isRefreshTokenError, isSameRefreshToken, isString, isToken, isTransactionMeta, isTransactionMetaValid, isTransactionMetaValidForFlow, isTransactionMetaValidForOptions, isoToUTCString, loadFrame, loadPopup, omit, parseEmailVerifyCallback, parseFromUrl, PKCE as pkce, poll, postRefreshToken, postToTokenEndpoint, postToTransaction, preparePKCE, prepareTokenParams, proceed, recoverPassword, register, removeListener, removeNils, removeTrailingSlash, renewToken, renewTokens, renewTokensWithRefresh, resumeTransaction, revokeToken, saveTransactionMeta, startTransaction, toAbsoluteUrl, toQueryString, toRelativeUrl, transactionExists, transactionStatus, transactionStep, unlockAccount, urlParamsToObject, validateClaims, validateCodeChallengeMethod, validateToken, verifyToken, warn };
 //# sourceMappingURL=index.js.map