@okta/okta-auth-js 6.0.0 → 6.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +65 -0
- package/README.md +58 -27
- package/cjs/AuthStateManager.js +21 -7
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +96 -40
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/PromiseQueue.js +14 -3
- package/cjs/PromiseQueue.js.map +1 -1
- package/cjs/SavedObject.js +4 -2
- package/cjs/SavedObject.js.map +1 -1
- package/cjs/ServiceManager.js +195 -0
- package/cjs/ServiceManager.js.map +1 -0
- package/cjs/StorageManager.js +13 -8
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TokenManager.js +34 -32
- package/cjs/TokenManager.js.map +1 -1
- package/cjs/TransactionManager.js +17 -5
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +48 -33
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/browser/fingerprint.js +9 -3
- package/cjs/browser/fingerprint.js.map +1 -1
- package/cjs/builderUtil.js +4 -2
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/clock.js +5 -1
- package/cjs/clock.js.map +1 -1
- package/cjs/crypto/base64.js +18 -0
- package/cjs/crypto/base64.js.map +1 -1
- package/cjs/crypto/index.js +6 -4
- package/cjs/crypto/index.js.map +1 -1
- package/cjs/crypto/node.js +19 -13
- package/cjs/crypto/node.js.map +1 -1
- package/cjs/crypto/oidcHash.js +5 -1
- package/cjs/crypto/oidcHash.js.map +1 -1
- package/cjs/crypto/webauthn.js +101 -0
- package/cjs/crypto/webauthn.js.map +1 -0
- package/cjs/crypto/webcrypto.js +3 -1
- package/cjs/crypto/webcrypto.js.map +1 -1
- package/cjs/errors/AuthApiError.js +1 -1
- package/cjs/errors/AuthPollStopError.js +1 -1
- package/cjs/errors/AuthSdkError.js +1 -1
- package/cjs/errors/CustomError.js +5 -1
- package/cjs/errors/CustomError.js.map +1 -1
- package/cjs/errors/OAuthError.js +1 -1
- package/cjs/errors/index.js +1 -1
- package/cjs/fetch/fetchRequest.js +18 -6
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/headers.js.map +1 -1
- package/cjs/http/index.js +4 -2
- package/cjs/http/index.js.map +1 -1
- package/cjs/http/request.js +9 -5
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/authenticate.js.map +1 -1
- package/cjs/idx/authenticator/Authenticator.js.map +1 -1
- package/cjs/idx/authenticator/OktaPassword.js +12 -3
- package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
- package/cjs/idx/authenticator/OktaVerifyTotp.js +9 -1
- package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +15 -2
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionVerification.js +10 -2
- package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +13 -3
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/WebauthnEnrollment.js +51 -0
- package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -0
- package/cjs/idx/authenticator/WebauthnVerification.js +60 -0
- package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -0
- package/cjs/idx/authenticator/getAuthenticator.js +13 -1
- package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/index.js +34 -6
- package/cjs/idx/authenticator/index.js.map +1 -1
- package/cjs/idx/authenticator/util.js +64 -0
- package/cjs/idx/authenticator/util.js.map +1 -0
- package/cjs/idx/cancel.js.map +1 -1
- package/cjs/idx/emailVerify.js +1 -1
- package/cjs/idx/emailVerify.js.map +1 -1
- package/cjs/idx/flow/AccountUnlockFlow.js +30 -0
- package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -0
- package/cjs/idx/flow/FlowSpecification.js +8 -0
- package/cjs/idx/flow/FlowSpecification.js.map +1 -1
- package/cjs/idx/flow/PasswordRecoveryFlow.js +4 -1
- package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
- package/cjs/idx/flow/index.js +20 -5
- package/cjs/idx/flow/index.js.map +1 -1
- package/cjs/idx/handleInteractionCodeRedirect.js +5 -1
- package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
- package/cjs/idx/headers.js +21 -5
- package/cjs/idx/headers.js.map +1 -1
- package/cjs/idx/idx-js/client.js +91 -0
- package/cjs/idx/idx-js/client.js.map +1 -0
- package/cjs/idx/idx-js/index.js +40 -0
- package/cjs/idx/idx-js/index.js.map +1 -0
- package/cjs/idx/idx-js/interact.js +83 -0
- package/cjs/idx/idx-js/interact.js.map +1 -0
- package/cjs/idx/idx-js/introspect.js +62 -0
- package/cjs/idx/idx-js/introspect.js.map +1 -0
- package/cjs/idx/idx-js/parsers.js +41 -0
- package/cjs/idx/idx-js/parsers.js.map +1 -0
- package/cjs/idx/idx-js/util.js +34 -0
- package/cjs/idx/idx-js/util.js.map +1 -0
- package/cjs/idx/idx-js/v1/actionParser.js +90 -0
- package/cjs/idx/idx-js/v1/actionParser.js.map +1 -0
- package/cjs/idx/idx-js/v1/generateIdxAction.js +111 -0
- package/cjs/idx/idx-js/v1/generateIdxAction.js.map +1 -0
- package/cjs/idx/idx-js/v1/idxResponseParser.js +137 -0
- package/cjs/idx/idx-js/v1/idxResponseParser.js.map +1 -0
- package/cjs/idx/idx-js/v1/makeIdxState.js +65 -0
- package/cjs/idx/idx-js/v1/makeIdxState.js.map +1 -0
- package/cjs/idx/idx-js/v1/parsers.js +24 -0
- package/cjs/idx/idx-js/v1/parsers.js.map +1 -0
- package/cjs/idx/idx-js/v1/remediationParser.js +32 -0
- package/cjs/idx/idx-js/v1/remediationParser.js.map +1 -0
- package/cjs/idx/index.js +120 -121
- package/cjs/idx/index.js.map +1 -1
- package/cjs/idx/interact.js +9 -4
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +19 -9
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/poll.js +13 -3
- package/cjs/idx/poll.js.map +1 -1
- package/cjs/idx/proceed.js +14 -11
- package/cjs/idx/proceed.js.map +1 -1
- package/cjs/idx/recoverPassword.js.map +1 -1
- package/cjs/idx/register.js +5 -1
- package/cjs/idx/register.js.map +1 -1
- package/cjs/idx/remediate.js +112 -88
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +16 -6
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js +61 -16
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +44 -20
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +116 -82
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +58 -34
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +30 -7
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengeAuthenticator.js +2 -2
- package/cjs/idx/remediators/ChallengePoll.js +10 -3
- package/cjs/idx/remediators/ChallengePoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollAuthenticator.js +2 -2
- package/cjs/idx/remediators/EnrollPoll.js +16 -6
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +34 -16
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js +25 -17
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
- package/cjs/idx/remediators/Identify.js +16 -7
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +13 -10
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/RedirectIdp.js +2 -2
- package/cjs/idx/remediators/ResetAuthenticator.js +2 -2
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +9 -6
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js +2 -2
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +71 -0
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -0
- package/cjs/idx/remediators/SelectEnrollProfile.js +2 -2
- package/cjs/idx/remediators/SelectEnrollmentChannel.js +22 -10
- package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
- package/cjs/idx/remediators/Skip.js +5 -10
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/remediators/index.js +33 -18
- package/cjs/idx/remediators/index.js.map +1 -1
- package/cjs/idx/remediators/util.js +13 -3
- package/cjs/idx/remediators/util.js.map +1 -1
- package/cjs/idx/run.js +276 -177
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/startTransaction.js.map +1 -1
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +82 -9
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/idx/unlockAccount.js +48 -0
- package/cjs/idx/unlockAccount.js.map +1 -0
- package/cjs/idx/util.js +198 -0
- package/cjs/idx/util.js.map +1 -0
- package/cjs/index.js +20 -14
- package/cjs/index.js.map +1 -1
- package/cjs/oidc/endpoints/authorize.js +8 -2
- package/cjs/oidc/endpoints/authorize.js.map +1 -1
- package/cjs/oidc/endpoints/index.js +5 -3
- package/cjs/oidc/endpoints/index.js.map +1 -1
- package/cjs/oidc/endpoints/token.js +15 -3
- package/cjs/oidc/endpoints/token.js.map +1 -1
- package/cjs/oidc/endpoints/well-known.js +7 -3
- package/cjs/oidc/endpoints/well-known.js.map +1 -1
- package/cjs/oidc/exchangeCodeForTokens.js +10 -2
- package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
- package/cjs/oidc/getToken.js +9 -5
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getUserInfo.js +7 -3
- package/cjs/oidc/getUserInfo.js.map +1 -1
- package/cjs/oidc/getWithPopup.js +8 -2
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +5 -1
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/getWithoutPrompt.js +8 -2
- package/cjs/oidc/getWithoutPrompt.js.map +1 -1
- package/cjs/oidc/handleOAuthResponse.js +9 -3
- package/cjs/oidc/handleOAuthResponse.js.map +1 -1
- package/cjs/oidc/index.js +4 -2
- package/cjs/oidc/index.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js +9 -3
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewToken.js.map +1 -1
- package/cjs/oidc/renewTokens.js +5 -1
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/renewTokensWithRefresh.js +5 -1
- package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
- package/cjs/oidc/revokeToken.js +7 -3
- package/cjs/oidc/revokeToken.js.map +1 -1
- package/cjs/oidc/util/browser.js +5 -1
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
- package/cjs/oidc/util/errors.js.map +1 -1
- package/cjs/oidc/util/index.js +14 -12
- package/cjs/oidc/util/index.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +5 -1
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/oauth.js +4 -2
- package/cjs/oidc/util/oauth.js.map +1 -1
- package/cjs/oidc/util/oauthMeta.js.map +1 -1
- package/cjs/oidc/util/pkce.js +11 -3
- package/cjs/oidc/util/pkce.js.map +1 -1
- package/cjs/oidc/util/prepareTokenParams.js +7 -5
- package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +1 -1
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/oidc/verifyToken.js +11 -3
- package/cjs/oidc/verifyToken.js.map +1 -1
- package/cjs/options/browser.js +86 -0
- package/cjs/options/browser.js.map +1 -0
- package/cjs/options/index.js +94 -0
- package/cjs/options/index.js.map +1 -0
- package/cjs/options/node.js +45 -0
- package/cjs/options/node.js.map +1 -0
- package/cjs/options.js +17 -5
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +8 -4
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/services/AutoRenewService.js +94 -0
- package/cjs/services/AutoRenewService.js.map +1 -0
- package/cjs/services/SyncStorageService.js +93 -0
- package/cjs/services/SyncStorageService.js.map +1 -0
- package/cjs/services/index.js +30 -0
- package/cjs/services/index.js.map +1 -0
- package/cjs/tx/AuthTransaction.js +15 -9
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/api.js +8 -4
- package/cjs/tx/api.js.map +1 -1
- package/cjs/tx/index.js +7 -5
- package/cjs/tx/index.js.map +1 -1
- package/cjs/tx/poll.js +6 -4
- package/cjs/tx/poll.js.map +1 -1
- package/cjs/tx/util.js +5 -1
- package/cjs/tx/util.js.map +1 -1
- package/cjs/types/Service.js +2 -0
- package/cjs/types/Service.js.map +1 -0
- package/cjs/types/Transaction.js +10 -2
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/types/index.js +29 -14
- package/cjs/types/index.js.map +1 -1
- package/cjs/util/index.js +7 -5
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/misc.js +5 -1
- package/cjs/util/misc.js.map +1 -1
- package/cjs/util/object.js +16 -6
- package/cjs/util/object.js.map +1 -1
- package/cjs/util/sharedStorage.js +5 -1
- package/cjs/util/sharedStorage.js.map +1 -1
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.LICENSE.txt +0 -20
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.polyfill.js +1 -1
- package/dist/okta-auth-js.polyfill.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.LICENSE.txt +1 -19
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/{index.js → esm.browser.js} +2978 -2585
- package/esm/esm.browser.js.map +1 -0
- package/esm/esm.node.mjs +9595 -0
- package/esm/esm.node.mjs.map +1 -0
- package/lib/AuthStateManager.d.ts +3 -3
- package/lib/OktaAuth.d.ts +10 -6
- package/lib/PromiseQueue.d.ts +6 -2
- package/lib/ServiceManager.d.ts +38 -0
- package/lib/StorageManager.d.ts +1 -1
- package/lib/TokenManager.d.ts +2 -3
- package/lib/TransactionManager.d.ts +4 -5
- package/lib/browser/fingerprint.d.ts +2 -3
- package/lib/crypto/base64.d.ts +2 -0
- package/lib/crypto/webauthn.d.ts +25 -0
- package/lib/http/headers.d.ts +2 -2
- package/lib/http/request.d.ts +4 -4
- package/lib/idx/authenticate.d.ts +2 -2
- package/lib/idx/authenticator/Authenticator.d.ts +4 -5
- package/lib/idx/authenticator/OktaPassword.d.ts +8 -9
- package/lib/idx/authenticator/OktaVerifyTotp.d.ts +1 -1
- package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +11 -12
- package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +7 -7
- package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +8 -3
- package/lib/idx/authenticator/WebauthnEnrollment.d.ts +16 -0
- package/lib/idx/authenticator/WebauthnVerification.d.ts +17 -0
- package/lib/idx/authenticator/getAuthenticator.d.ts +1 -1
- package/lib/idx/authenticator/index.d.ts +9 -0
- package/lib/idx/authenticator/util.d.ts +4 -0
- package/lib/idx/cancel.d.ts +2 -2
- package/lib/idx/emailVerify.d.ts +2 -2
- package/lib/idx/flow/AccountUnlockFlow.d.ts +13 -0
- package/lib/idx/flow/FlowSpecification.d.ts +2 -2
- package/lib/idx/flow/index.d.ts +1 -0
- package/lib/idx/headers.d.ts +3 -2
- package/lib/idx/idx-js/client.d.ts +36 -0
- package/lib/idx/idx-js/index.d.ts +35 -0
- package/lib/idx/idx-js/interact.d.ts +25 -0
- package/lib/idx/idx-js/introspect.d.ts +21 -0
- package/lib/idx/idx-js/parsers.d.ts +15 -0
- package/lib/idx/idx-js/util.d.ts +12 -0
- package/lib/idx/idx-js/v1/actionParser.d.ts +16 -0
- package/lib/idx/idx-js/v1/generateIdxAction.d.ts +13 -0
- package/lib/idx/idx-js/v1/idxResponseParser.d.ts +20 -0
- package/lib/idx/idx-js/v1/makeIdxState.d.ts +13 -0
- package/lib/idx/idx-js/v1/parsers.d.ts +16 -0
- package/lib/idx/idx-js/v1/remediationParser.d.ts +12 -0
- package/lib/idx/index.d.ts +12 -11
- package/lib/idx/interact.d.ts +3 -2
- package/lib/idx/introspect.d.ts +2 -2
- package/lib/idx/poll.d.ts +2 -2
- package/lib/idx/proceed.d.ts +5 -6
- package/lib/idx/recoverPassword.d.ts +2 -2
- package/lib/idx/register.d.ts +2 -2
- package/lib/idx/remediate.d.ts +2 -2
- package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +6 -5
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +5 -8
- package/lib/idx/remediators/Base/Remediator.d.ts +6 -5
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +9 -8
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +9 -16
- package/lib/idx/remediators/ChallengePoll.d.ts +1 -0
- package/lib/idx/remediators/EnrollProfile.d.ts +0 -3
- package/lib/idx/remediators/EnrollmentChannelData.d.ts +1 -4
- package/lib/idx/remediators/Identify.d.ts +3 -5
- package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -5
- package/lib/idx/remediators/SelectAuthenticatorAuthenticate.d.ts +2 -1
- package/lib/idx/remediators/SelectAuthenticatorUnlockAccount.d.ts +37 -0
- package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +1 -0
- package/lib/idx/remediators/Skip.d.ts +0 -3
- package/lib/idx/remediators/index.d.ts +1 -0
- package/lib/idx/run.d.ts +2 -2
- package/lib/idx/startTransaction.d.ts +2 -2
- package/lib/idx/transactionMeta.d.ts +7 -7
- package/lib/idx/types/FlowIdentifier.d.ts +1 -1
- package/lib/idx/types/idx-js.d.ts +41 -1
- package/lib/idx/types/index.d.ts +27 -7
- package/lib/idx/unlockAccount.d.ts +15 -0
- package/lib/idx/util.d.ts +11 -0
- package/lib/oidc/endpoints/well-known.d.ts +3 -3
- package/lib/oidc/exchangeCodeForTokens.d.ts +2 -2
- package/lib/oidc/getToken.d.ts +2 -2
- package/lib/oidc/getWithPopup.d.ts +2 -2
- package/lib/oidc/getWithRedirect.d.ts +2 -2
- package/lib/oidc/getWithoutPrompt.d.ts +2 -2
- package/lib/oidc/handleOAuthResponse.d.ts +2 -2
- package/lib/oidc/renewToken.d.ts +2 -2
- package/lib/oidc/renewTokensWithRefresh.d.ts +2 -2
- package/lib/oidc/revokeToken.d.ts +2 -2
- package/lib/oidc/util/browser.d.ts +2 -2
- package/lib/oidc/util/defaultTokenParams.d.ts +2 -2
- package/lib/oidc/util/errors.d.ts +2 -2
- package/lib/oidc/util/loginRedirect.d.ts +4 -4
- package/lib/oidc/util/oauth.d.ts +4 -4
- package/lib/oidc/util/oauthMeta.d.ts +2 -2
- package/lib/oidc/util/prepareTokenParams.d.ts +5 -5
- package/lib/oidc/util/validateClaims.d.ts +2 -2
- package/lib/oidc/verifyToken.d.ts +2 -2
- package/lib/options/browser.d.ts +16 -0
- package/lib/options/index.d.ts +14 -0
- package/lib/options/node.d.ts +16 -0
- package/lib/services/AutoRenewService.d.ts +27 -0
- package/lib/services/{TokenService.d.ts → SyncStorageService.d.ts} +8 -5
- package/lib/services/index.d.ts +13 -0
- package/lib/types/OktaAuthOptions.d.ts +6 -2
- package/lib/types/Service.d.ts +23 -0
- package/lib/types/Storage.d.ts +7 -5
- package/lib/types/Transaction.d.ts +2 -10
- package/lib/types/api.d.ts +23 -10
- package/lib/types/index.d.ts +1 -1
- package/lib/util/sharedStorage.d.ts +1 -1
- package/package.json +32 -14
- package/polyfill/index.js +1 -0
- package/cjs/services/TokenService.js +0 -111
- package/cjs/services/TokenService.js.map +0 -1
- package/esm/index.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getUserInfo.ts"],"names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getUserInfo.ts"],"names":["getUserInfo","sdk","accessTokenObject","idTokenObject","tokenManager","getTokens","accessToken","idToken","reject","AuthSdkError","url","userinfoUrl","method","then","userInfo","sub","claims","catch","err","xhr","status","authenticateHeader","headers","get","getResponseHeader","errorMatches","match","errorDescriptionMatches","error","errorDescription","OAuthError"],"mappings":";;;;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,iBAAhC,EAAgEC,aAAhE,EAA6G;AAClH;AACA,MAAI,CAACD,iBAAL,EAAwB;AACtBA,IAAAA,iBAAiB,GAAG,CAAC,MAAMD,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCC,WAAzD;AACD;;AACD,MAAI,CAACH,aAAL,EAAoB;AAClBA,IAAAA,aAAa,GAAG,CAAC,MAAMF,GAAG,CAACG,YAAJ,CAAiBC,SAAjB,EAAP,EAAqCE,OAArD;AACD;;AAED,MAAI,CAACL,iBAAD,IAAsB,CAAC,0BAAcA,iBAAd,CAA3B,EAA6D;AAC3D,WAAO,iBAAQM,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,6CAAjB,CAAf,CAAP;AACD;;AAED,MAAI,CAACN,aAAD,IAAkB,CAAC,sBAAUA,aAAV,CAAvB,EAAiD;AAC/C,WAAO,iBAAQK,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yCAAjB,CAAf,CAAP;AACD;;AAED,SAAO,uBAAYR,GAAZ,EAAiB;AACtBS,IAAAA,GAAG,EAAER,iBAAiB,CAACS,WADD;AAEtBC,IAAAA,MAAM,EAAE,KAFc;AAGtBN,IAAAA,WAAW,EAAEJ,iBAAiB,CAACI;AAHT,GAAjB,EAKJO,IALI,CAKCC,QAAQ,IAAI;AAChB;AACA,QAAIA,QAAQ,CAACC,GAAT,KAAiBZ,aAAa,CAACa,MAAd,CAAqBD,GAA1C,EAA+C;AAC7C,aAAOD,QAAP;AACD;;AACD,WAAO,iBAAQN,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAf,CAAP;AACD,GAXI,EAYJQ,KAZI,CAYE,UAAUC,GAAV,EAAe;AACpB,QAAIA,GAAG,CAACC,GAAJ,KAAYD,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAnB,IAA0BF,GAAG,CAACC,GAAJ,CAAQC,MAAR,KAAmB,GAAzD,CAAJ,EAAmE;AACjE,UAAIC,kBAAJ;;AACA,UAAIH,GAAG,CAACC,GAAJ,CAAQG,OAAR,IAAmB,sBAAWJ,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAA3B,CAAnB,IAAsDL,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAA1D,EAAmG;AACjGF,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQG,OAAR,CAAgBC,GAAhB,CAAoB,kBAApB,CAArB;AACD,OAFD,MAEO,IAAI,sBAAWL,GAAG,CAACC,GAAJ,CAAQK,iBAAnB,CAAJ,EAA2C;AAChDH,QAAAA,kBAAkB,GAAGH,GAAG,CAACC,GAAJ,CAAQK,iBAAR,CAA0B,kBAA1B,CAArB;AACD;;AACD,UAAIH,kBAAJ,EAAwB;AACtB,YAAII,YAAY,GAAGJ,kBAAkB,CAACK,KAAnB,CAAyB,eAAzB,KAA6C,EAAhE;AACA,YAAIC,uBAAuB,GAAGN,kBAAkB,CAACK,KAAnB,CAAyB,2BAAzB,KAAyD,EAAvF;AACA,YAAIE,KAAK,GAAGH,YAAY,CAAC,CAAD,CAAxB;AACA,YAAII,gBAAgB,GAAGF,uBAAuB,CAAC,CAAD,CAA9C;;AACA,YAAIC,KAAK,IAAIC,gBAAb,EAA+B;AAC7BX,UAAAA,GAAG,GAAG,IAAIY,kBAAJ,CAAeF,KAAf,EAAsBC,gBAAtB,CAAN;AACD;AACF;AACF;;AACD,UAAMX,GAAN;AACD,GA/BI,CAAP;AAgCD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken } from '../types';\n\nexport async function getUserInfo(sdk, accessTokenObject: AccessToken, idTokenObject: IDToken): Promise<UserClaims> {\n // If token objects were not passed, attempt to read from the TokenManager\n if (!accessTokenObject) {\n accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n }\n if (!idTokenObject) {\n idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n }\n\n if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n }\n\n if (!idTokenObject || !isIDToken(idTokenObject)) {\n return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n }\n\n return httpRequest(sdk, {\n url: accessTokenObject.userinfoUrl,\n method: 'GET',\n accessToken: accessTokenObject.accessToken\n })\n .then(userInfo => {\n // Only return the userinfo response if subjects match to mitigate token substitution attacks\n if (userInfo.sub === idTokenObject.claims.sub) {\n return userInfo;\n }\n return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n })\n .catch(function (err) {\n if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n var authenticateHeader;\n if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n } else if (isFunction(err.xhr.getResponseHeader)) {\n authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n }\n if (authenticateHeader) {\n var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n var error = errorMatches[1];\n var errorDescription = errorDescriptionMatches[1];\n if (error && errorDescription) {\n err = new OAuthError(error, errorDescription);\n }\n }\n }\n throw err;\n });\n}\n"],"file":"getUserInfo.js"}
|
package/cjs/oidc/getWithPopup.js
CHANGED
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.getWithPopup = getWithPopup;
|
|
4
6
|
|
|
7
|
+
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
8
|
+
|
|
9
|
+
var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
|
|
10
|
+
|
|
5
11
|
var _errors = require("../errors");
|
|
6
12
|
|
|
7
13
|
var _util = require("../util");
|
|
@@ -24,7 +30,7 @@ var _util2 = require("./util");
|
|
|
24
30
|
*/
|
|
25
31
|
function getWithPopup(sdk, options) {
|
|
26
32
|
if (arguments.length > 2) {
|
|
27
|
-
return
|
|
33
|
+
return _promise.default.reject(new _errors.AuthSdkError('As of version 3.0, "getWithPopup" takes only a single set of options'));
|
|
28
34
|
} // some browsers (safari, firefox) block popup if it's initialed from an async process
|
|
29
35
|
// here we create the popup window immediately after user interaction
|
|
30
36
|
// then redirect to the /authorize endpoint when the requestUrl is available
|
|
@@ -32,7 +38,7 @@ function getWithPopup(sdk, options) {
|
|
|
32
38
|
|
|
33
39
|
const popupWindow = (0, _util2.loadPopup)('/', options);
|
|
34
40
|
options = (0, _util.clone)(options) || {};
|
|
35
|
-
|
|
41
|
+
(0, _assign.default)(options, {
|
|
36
42
|
display: 'popup',
|
|
37
43
|
responseMode: 'okta_post_message',
|
|
38
44
|
popupWindow
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithPopup.ts"],"names":["getWithPopup","sdk","options","arguments","length","reject","AuthSdkError","popupWindow","display","responseMode"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,SAASA,YAAT,CAAsBC,GAAtB,EAA8CC,OAA9C,EAA4F;AACjG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,sEAAjB,CAAf,CAAP;AACD,GAHgG,CAKjG;AACA;AACA;;;AACA,QAAMC,WAAW,GAAG,sBAAU,GAAV,EAAeL,OAAf,CAApB;AACAA,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBM,IAAAA,OAAO,EAAE,OADY;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBF,IAAAA;AAHqB,GAAvB;AAKA,SAAO,wBAASN,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthInterface, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n }\n\n // some browsers (safari, firefox) block popup if it's initialed from an async process\n // here we create the popup window immediately after user interaction\n // then redirect to the /authorize endpoint when the requestUrl is available\n const popupWindow = loadPopup('/', options);\n options = clone(options) || {};\n Object.assign(options, {\n display: 'popup',\n responseMode: 'okta_post_message',\n popupWindow\n });\n return getToken(sdk, options);\n}\n"],"file":"getWithPopup.js"}
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.getWithRedirect = getWithRedirect;
|
|
4
6
|
|
|
7
|
+
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
8
|
+
|
|
5
9
|
var _errors = require("../errors");
|
|
6
10
|
|
|
7
11
|
var _util = require("../util");
|
|
@@ -26,7 +30,7 @@ var _authorize = require("./endpoints/authorize");
|
|
|
26
30
|
*/
|
|
27
31
|
async function getWithRedirect(sdk, options) {
|
|
28
32
|
if (arguments.length > 2) {
|
|
29
|
-
return
|
|
33
|
+
return _promise.default.reject(new _errors.AuthSdkError('As of version 3.0, "getWithRedirect" takes only a single set of options'));
|
|
30
34
|
}
|
|
31
35
|
|
|
32
36
|
options = (0, _util.clone)(options) || {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithRedirect.ts"],"names":["getWithRedirect","sdk","options","arguments","length","reject","AuthSdkError","tokenParams","meta","requestUrl","urls","authorizeUrl","transactionManager","save","oauth","token","_setLocation"],"mappings":";;;;;;;;AAaA;;AAEA;;AACA;;AACA;;AAjBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOO,eAAeA,eAAf,CAA+BC,GAA/B,EAAuDC,OAAvD,EAA6F;AAClG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,yEAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AAEA,QAAMK,WAAW,GAAG,MAAM,+BAAmBN,GAAnB,EAAwBC,OAAxB,CAA1B;AACA,QAAMM,IAAI,GAAG,4BAAgBP,GAAhB,EAAqBM,WAArB,CAAb;AACA,QAAME,UAAU,GAAGD,IAAI,CAACE,IAAL,CAAUC,YAAV,GAAyB,qCAAqBJ,WAArB,CAA5C;AACAN,EAAAA,GAAG,CAACW,kBAAJ,CAAuBC,IAAvB,CAA4BL,IAA5B,EAAkC;AAAEM,IAAAA,KAAK,EAAE;AAAT,GAAlC;;AACAb,EAAAA,GAAG,CAACc,KAAJ,CAAUf,eAAV,CAA0BgB,YAA1B,CAAuCP,UAAvC;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, TokenParams } from '../types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthInterface, options?: TokenParams): Promise<void> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n }\n\n options = clone(options) || {};\n\n const tokenParams = await prepareTokenParams(sdk, options);\n const meta = createOAuthMeta(sdk, tokenParams);\n const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n sdk.transactionManager.save(meta, { oauth: true });\n sdk.token.getWithRedirect._setLocation(requestUrl);\n}\n"],"file":"getWithRedirect.js"}
|
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.getWithoutPrompt = getWithoutPrompt;
|
|
4
6
|
|
|
7
|
+
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
8
|
+
|
|
9
|
+
var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
|
|
10
|
+
|
|
5
11
|
var _errors = require("../errors");
|
|
6
12
|
|
|
7
13
|
var _util = require("../util");
|
|
@@ -22,11 +28,11 @@ var _getToken = require("./getToken");
|
|
|
22
28
|
*/
|
|
23
29
|
function getWithoutPrompt(sdk, options) {
|
|
24
30
|
if (arguments.length > 2) {
|
|
25
|
-
return
|
|
31
|
+
return _promise.default.reject(new _errors.AuthSdkError('As of version 3.0, "getWithoutPrompt" takes only a single set of options'));
|
|
26
32
|
}
|
|
27
33
|
|
|
28
34
|
options = (0, _util.clone)(options) || {};
|
|
29
|
-
|
|
35
|
+
(0, _assign.default)(options, {
|
|
30
36
|
prompt: 'none',
|
|
31
37
|
responseMode: 'okta_post_message',
|
|
32
38
|
display: null
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"names":["getWithoutPrompt","sdk","options","arguments","length","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/getWithoutPrompt.ts"],"names":["getWithoutPrompt","sdk","options","arguments","length","reject","AuthSdkError","prompt","responseMode","display"],"mappings":";;;;;;;;;;AAYA;;AAEA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,gBAAT,CAA0BC,GAA1B,EAAkDC,OAAlD,EAAgG;AACrG,MAAIC,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,WAAO,iBAAQC,MAAR,CAAe,IAAIC,oBAAJ,CAAiB,0EAAjB,CAAf,CAAP;AACD;;AAEDJ,EAAAA,OAAO,GAAG,iBAAMA,OAAN,KAAkB,EAA5B;AACA,uBAAcA,OAAd,EAAuB;AACrBK,IAAAA,MAAM,EAAE,MADa;AAErBC,IAAAA,YAAY,EAAE,mBAFO;AAGrBC,IAAAA,OAAO,EAAE;AAHY,GAAvB;AAKA,SAAO,wBAASR,GAAT,EAAcC,OAAd,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, TokenParams, TokenResponse } from '../types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthInterface, options: TokenParams): Promise<TokenResponse> {\n if (arguments.length > 2) {\n return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n }\n \n options = clone(options) || {};\n Object.assign(options, {\n prompt: 'none',\n responseMode: 'okta_post_message',\n display: null\n });\n return getToken(sdk, options);\n}\n\n"],"file":"getWithoutPrompt.js"}
|
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.handleOAuthResponse = handleOAuthResponse;
|
|
4
6
|
|
|
7
|
+
var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
|
|
8
|
+
|
|
9
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
10
|
+
|
|
5
11
|
var _util = require("../util");
|
|
6
12
|
|
|
7
13
|
var _oauth = require("./util/oauth");
|
|
@@ -45,7 +51,7 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
|
|
|
45
51
|
// `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result
|
|
46
52
|
|
|
47
53
|
if (pkce && (res.code || res.interaction_code)) {
|
|
48
|
-
return (0, _exchangeCodeForTokens.exchangeCodeForTokens)(sdk,
|
|
54
|
+
return (0, _exchangeCodeForTokens.exchangeCodeForTokens)(sdk, (0, _assign.default)({}, tokenParams, {
|
|
49
55
|
authorizationCode: res.code,
|
|
50
56
|
interactionCode: res.interaction_code
|
|
51
57
|
}), urls);
|
|
@@ -132,12 +138,12 @@ async function handleOAuthResponse(sdk, tokenParams, res, urls) {
|
|
|
132
138
|
} // Validate received tokens against requested response types
|
|
133
139
|
|
|
134
140
|
|
|
135
|
-
if (responseType.
|
|
141
|
+
if ((0, _indexOf.default)(responseType).call(responseType, 'token') !== -1 && !tokenDict.accessToken) {
|
|
136
142
|
// eslint-disable-next-line max-len
|
|
137
143
|
throw new _errors.AuthSdkError('Unable to parse OAuth flow response: response type "token" was requested but "access_token" was not returned.');
|
|
138
144
|
}
|
|
139
145
|
|
|
140
|
-
if (responseType.
|
|
146
|
+
if ((0, _indexOf.default)(responseType).call(responseType, 'id_token') !== -1 && !tokenDict.idToken) {
|
|
141
147
|
// eslint-disable-next-line max-len
|
|
142
148
|
throw new _errors.AuthSdkError('Unable to parse OAuth flow response: response type "id_token" was requested but "id_token" was not returned.');
|
|
143
149
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/handleOAuthResponse.ts"],"names":["validateResponse","res","oauthParams","OAuthError","state","AuthSdkError","handleOAuthResponse","sdk","tokenParams","urls","pkce","options","code","interaction_code","authorizationCode","interactionCode","responseType","Array","isArray","scopes","scope","split","clientId","tokenDict","expiresIn","expires_in","tokenType","token_type","accessToken","access_token","idToken","id_token","refreshToken","refresh_token","now","Math","floor","Date","accessJwt","token","decode","claims","payload","expiresAt","Number","authorizeUrl","userinfoUrl","tokenUrl","issuer","idJwt","idTokenObj","exp","iat","validationParams","nonce","ignoreSignature","undefined","tokens"],"mappings":";;;;;;;;;;AAeA;;AACA;;AAGA;;AAWA;;AACA;;AACA;;AAhCA;;AAEA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAoBA,SAASA,gBAAT,CAA0BC,GAA1B,EAA8CC,WAA9C,EAAwE;AACtE,MAAID,GAAG,CAAC,OAAD,CAAH,IAAgBA,GAAG,CAAC,mBAAD,CAAvB,EAA8C;AAC5C,UAAM,IAAIE,kBAAJ,CAAeF,GAAG,CAAC,OAAD,CAAlB,EAA6BA,GAAG,CAAC,mBAAD,CAAhC,CAAN;AACD;;AAED,MAAIA,GAAG,CAACG,KAAJ,KAAcF,WAAW,CAACE,KAA9B,EAAqC;AACnC,UAAM,IAAIC,oBAAJ,CAAiB,wDAAjB,CAAN;AACD;AACF;;AAEM,eAAeC,mBAAf,CACLC,GADK,EAELC,WAFK,EAGLP,GAHK,EAILQ,IAJK,EAKmB;AACxB,MAAIC,IAAI,GAAGH,GAAG,CAACI,OAAJ,CAAYD,IAAZ,KAAqB,KAAhC,CADwB,CAGxB;AACA;;AACA,MAAIA,IAAI,KAAKT,GAAG,CAACW,IAAJ,IAAYX,GAAG,CAACY,gBAArB,CAAR,EAAgD;AAC9C,WAAO,kDAAsBN,GAAtB,EAA2B,qBAAc,EAAd,EAAkBC,WAAlB,EAA+B;AAC/DM,MAAAA,iBAAiB,EAAEb,GAAG,CAACW,IADwC;AAE/DG,MAAAA,eAAe,EAAEd,GAAG,CAACY;AAF0C,KAA/B,CAA3B,EAGHJ,IAHG,CAAP;AAID;;AAEDD,EAAAA,WAAW,GAAGA,WAAW,IAAI,kCAAsBD,GAAtB,CAA7B;AACAE,EAAAA,IAAI,GAAGA,IAAI,IAAI,yBAAaF,GAAb,EAAkBC,WAAlB,CAAf;AAEA,MAAIQ,YAAY,GAAGR,WAAW,CAACQ,YAAZ,IAA4B,EAA/C;;AACA,MAAI,CAACC,KAAK,CAACC,OAAN,CAAcF,YAAd,CAAL,EAAkC;AAChCA,IAAAA,YAAY,GAAG,CAACA,YAAD,CAAf;AACD;;AAED,MAAIG,MAAJ;;AACA,MAAIlB,GAAG,CAACmB,KAAR,EAAe;AACbD,IAAAA,MAAM,GAAGlB,GAAG,CAACmB,KAAJ,CAAUC,KAAV,CAAgB,GAAhB,CAAT;AACD,GAFD,MAEO;AACLF,IAAAA,MAAM,GAAG,iBAAMX,WAAW,CAACW,MAAlB,CAAT;AACD;;AACD,MAAIG,QAAQ,GAAGd,WAAW,CAACc,QAAZ,IAAwBf,GAAG,CAACI,OAAJ,CAAYW,QAAnD,CA1BwB,CA4BxB;;AACAtB,EAAAA,gBAAgB,CAACC,GAAD,EAAMO,WAAN,CAAhB;AAEA,MAAIe,SAAS,GAAG,EAAhB;AACA,MAAIC,SAAS,GAAGvB,GAAG,CAACwB,UAApB;AACA,MAAIC,SAAS,GAAGzB,GAAG,CAAC0B,UAApB;AACA,MAAIC,WAAW,GAAG3B,GAAG,CAAC4B,YAAtB;AACA,MAAIC,OAAO,GAAG7B,GAAG,CAAC8B,QAAlB;AACA,MAAIC,YAAY,GAAG/B,GAAG,CAACgC,aAAvB;AACA,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIN,WAAJ,EAAiB;AACf,QAAIU,SAAS,GAAG/B,GAAG,CAACgC,KAAJ,CAAUC,MAAV,CAAiBZ,WAAjB,CAAhB;AACAL,IAAAA,SAAS,CAACK,WAAV,GAAwB;AACtBA,MAAAA,WAAW,EAAEA,WADS;AAEtBa,MAAAA,MAAM,EAAEH,SAAS,CAACI,OAFI;AAGtBC,MAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAHT;AAItBR,MAAAA,SAAS,EAAEA,SAJW;AAKtBP,MAAAA,MAAM,EAAEA,MALc;AAMtB0B,MAAAA,YAAY,EAAEpC,IAAI,CAACoC,YANG;AAOtBC,MAAAA,WAAW,EAAErC,IAAI,CAACqC;AAPI,KAAxB;AASD;;AAED,MAAId,YAAJ,EAAkB;AAChBT,IAAAA,SAAS,CAACS,YAAV,GAAyB;AACvBA,MAAAA,YAAY,EAAEA,YADS;AAEvB;AACA;AACAW,MAAAA,SAAS,EAAEC,MAAM,CAACpB,SAAD,CAAN,GAAoBU,GAJR;AAKvBf,MAAAA,MAAM,EAAEA,MALe;AAMvB4B,MAAAA,QAAQ,EAAEtC,IAAI,CAACsC,QANQ;AAOvBF,MAAAA,YAAY,EAAEpC,IAAI,CAACoC,YAPI;AAQvBG,MAAAA,MAAM,EAAEvC,IAAI,CAACuC;AARU,KAAzB;AAUD;;AAED,MAAIlB,OAAJ,EAAa;AACX,QAAImB,KAAK,GAAG1C,GAAG,CAACgC,KAAJ,CAAUC,MAAV,CAAiBV,OAAjB,CAAZ;AACA,QAAIoB,UAAmB,GAAG;AACxBpB,MAAAA,OAAO,EAAEA,OADe;AAExBW,MAAAA,MAAM,EAAEQ,KAAK,CAACP,OAFU;AAGxBC,MAAAA,SAAS,EAAEM,KAAK,CAACP,OAAN,CAAcS,GAAd,GAAqBF,KAAK,CAACP,OAAN,CAAcU,GAAnC,GAA0ClB,GAH7B;AAGkC;AAC1Df,MAAAA,MAAM,EAAEA,MAJgB;AAKxB0B,MAAAA,YAAY,EAAEpC,IAAI,CAACoC,YALK;AAMxBG,MAAAA,MAAM,EAAEvC,IAAI,CAACuC,MANW;AAOxB1B,MAAAA,QAAQ,EAAEA;AAPc,KAA1B;AAUA,QAAI+B,gBAAmC,GAAG;AACxC/B,MAAAA,QAAQ,EAAEA,QAD8B;AAExC0B,MAAAA,MAAM,EAAEvC,IAAI,CAACuC,MAF2B;AAGxCM,MAAAA,KAAK,EAAE9C,WAAW,CAAC8C,KAHqB;AAIxC1B,MAAAA,WAAW,EAAEA;AAJ2B,KAA1C;;AAOA,QAAIpB,WAAW,CAAC+C,eAAZ,KAAgCC,SAApC,EAA+C;AAC7CH,MAAAA,gBAAgB,CAACE,eAAjB,GAAmC/C,WAAW,CAAC+C,eAA/C;AACD;;AAED,UAAM,8BAAYhD,GAAZ,EAAiB2C,UAAjB,EAA6BG,gBAA7B,CAAN;AACA9B,IAAAA,SAAS,CAACO,OAAV,GAAoBoB,UAApB;AACD,GA1FuB,CA4FxB;;;AACA,MAAI,sBAAAlC,YAAY,MAAZ,CAAAA,YAAY,EAAS,OAAT,CAAZ,KAAkC,CAAC,CAAnC,IAAwC,CAACO,SAAS,CAACK,WAAvD,EAAoE;AAClE;AACA,UAAM,IAAIvB,oBAAJ,CAAiB,+GAAjB,CAAN;AACD;;AACD,MAAI,sBAAAW,YAAY,MAAZ,CAAAA,YAAY,EAAS,UAAT,CAAZ,KAAqC,CAAC,CAAtC,IAA2C,CAACO,SAAS,CAACO,OAA1D,EAAmE;AACjE;AACA,UAAM,IAAIzB,oBAAJ,CAAiB,8GAAjB,CAAN;AACD;;AAED,SAAO;AACLoD,IAAAA,MAAM,EAAElC,SADH;AAELnB,IAAAA,KAAK,EAAEH,GAAG,CAACG,KAFN;AAGLQ,IAAAA,IAAI,EAAEX,GAAG,CAACW;AAHL,GAAP;AAMD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n OktaAuthInterface,\n TokenVerifyParams,\n IDToken,\n OAuthResponse,\n TokenParams,\n TokenResponse,\n CustomUrls,\n Tokens,\n} from '../types';\nimport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n if (res['error'] && res['error_description']) {\n throw new OAuthError(res['error'], res['error_description']);\n }\n\n if (res.state !== oauthParams.state) {\n throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n }\n}\n\nexport async function handleOAuthResponse(\n sdk: OktaAuthInterface,\n tokenParams: TokenParams,\n res: OAuthResponse,\n urls?: CustomUrls\n): Promise<TokenResponse> {\n var pkce = sdk.options.pkce !== false;\n\n // The result contains an authorization_code and PKCE is enabled \n // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n if (pkce && (res.code || res.interaction_code)) {\n return exchangeCodeForTokens(sdk, Object.assign({}, tokenParams, {\n authorizationCode: res.code,\n interactionCode: res.interaction_code\n }), urls);\n }\n\n tokenParams = tokenParams || getDefaultTokenParams(sdk);\n urls = urls || getOAuthUrls(sdk, tokenParams);\n\n var responseType = tokenParams.responseType || [];\n if (!Array.isArray(responseType)) {\n responseType = [responseType];\n }\n\n var scopes;\n if (res.scope) {\n scopes = res.scope.split(' ');\n } else {\n scopes = clone(tokenParams.scopes);\n }\n var clientId = tokenParams.clientId || sdk.options.clientId;\n\n // Handling the result from implicit flow or PKCE token exchange\n validateResponse(res, tokenParams);\n\n var tokenDict = {} as Tokens;\n var expiresIn = res.expires_in;\n var tokenType = res.token_type;\n var accessToken = res.access_token;\n var idToken = res.id_token;\n var refreshToken = res.refresh_token;\n var now = Math.floor(Date.now()/1000);\n\n if (accessToken) {\n var accessJwt = sdk.token.decode(accessToken);\n tokenDict.accessToken = {\n accessToken: accessToken,\n claims: accessJwt.payload,\n expiresAt: Number(expiresIn) + now,\n tokenType: tokenType!,\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n userinfoUrl: urls.userinfoUrl!\n };\n }\n\n if (refreshToken) {\n tokenDict.refreshToken = {\n refreshToken: refreshToken,\n // should not be used, this is the accessToken expire time\n // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n expiresAt: Number(expiresIn) + now, \n scopes: scopes,\n tokenUrl: urls.tokenUrl!,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n };\n }\n\n if (idToken) {\n var idJwt = sdk.token.decode(idToken);\n var idTokenObj: IDToken = {\n idToken: idToken,\n claims: idJwt.payload,\n expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n scopes: scopes,\n authorizeUrl: urls.authorizeUrl!,\n issuer: urls.issuer!,\n clientId: clientId!\n };\n\n var validationParams: TokenVerifyParams = {\n clientId: clientId!,\n issuer: urls.issuer!,\n nonce: tokenParams.nonce,\n accessToken: accessToken\n };\n\n if (tokenParams.ignoreSignature !== undefined) {\n validationParams.ignoreSignature = tokenParams.ignoreSignature;\n }\n\n await verifyToken(sdk, idTokenObj, validationParams);\n tokenDict.idToken = idTokenObj;\n }\n\n // Validate received tokens against requested response types \n if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n }\n if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n // eslint-disable-next-line max-len\n throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n }\n\n return {\n tokens: tokenDict,\n state: res.state!,\n code: res.code\n };\n \n}"],"file":"handleOAuthResponse.js"}
|
package/cjs/oidc/index.js
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _Object$keys = require("@babel/runtime-corejs3/core-js-stable/object/keys");
|
|
4
|
+
|
|
3
5
|
var _exportNames = {
|
|
4
6
|
decodeToken: true,
|
|
5
7
|
revokeToken: true,
|
|
@@ -103,7 +105,7 @@ Object.defineProperty(exports, "parseFromUrl", {
|
|
|
103
105
|
|
|
104
106
|
var _endpoints = require("./endpoints");
|
|
105
107
|
|
|
106
|
-
|
|
108
|
+
_Object$keys(_endpoints).forEach(function (key) {
|
|
107
109
|
if (key === "default" || key === "__esModule") return;
|
|
108
110
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
109
111
|
if (key in exports && exports[key] === _endpoints[key]) return;
|
|
@@ -117,7 +119,7 @@ Object.keys(_endpoints).forEach(function (key) {
|
|
|
117
119
|
|
|
118
120
|
var _util = require("./util");
|
|
119
121
|
|
|
120
|
-
|
|
122
|
+
_Object$keys(_util).forEach(function (key) {
|
|
121
123
|
if (key === "default" || key === "__esModule") return;
|
|
122
124
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
123
125
|
if (key in exports && exports[key] === _util[key]) return;
|
package/cjs/oidc/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nexport * from './endpoints';\nexport * from './util';\n\nexport { decodeToken } from './decodeToken';\nexport { revokeToken } from './revokeToken';\nexport { renewToken } from './renewToken';\nexport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nexport { renewTokens } from './renewTokens';\nexport { verifyToken } from './verifyToken';\nexport { getUserInfo } from './getUserInfo';\nexport { handleOAuthResponse } from './handleOAuthResponse';\nexport { exchangeCodeForTokens } from './exchangeCodeForTokens';\nexport { getToken } from './getToken';\nexport { getWithoutPrompt } from './getWithoutPrompt';\nexport { getWithPopup } from './getWithPopup';\nexport { getWithRedirect } from './getWithRedirect';\nexport { parseFromUrl } from './parseFromUrl';\n"],"file":"index.js"}
|
package/cjs/oidc/parseFromUrl.js
CHANGED
|
@@ -1,10 +1,16 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.getResponseMode = getResponseMode;
|
|
4
6
|
exports.parseOAuthResponseFromUrl = parseOAuthResponseFromUrl;
|
|
5
7
|
exports.cleanOAuthResponseFromUrl = cleanOAuthResponseFromUrl;
|
|
6
8
|
exports.parseFromUrl = parseFromUrl;
|
|
7
9
|
|
|
10
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
11
|
+
|
|
12
|
+
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
13
|
+
|
|
8
14
|
var _errors = require("../errors");
|
|
9
15
|
|
|
10
16
|
var _util = require("./util");
|
|
@@ -81,9 +87,9 @@ function parseOAuthResponseFromUrl(sdk, options) {
|
|
|
81
87
|
var paramStr;
|
|
82
88
|
|
|
83
89
|
if (responseMode === 'query') {
|
|
84
|
-
paramStr = url ? url.substring(url.
|
|
90
|
+
paramStr = url ? url.substring((0, _indexOf.default)(url).call(url, '?')) : nativeLoc.search;
|
|
85
91
|
} else {
|
|
86
|
-
paramStr = url ? url.substring(url.
|
|
92
|
+
paramStr = url ? url.substring((0, _indexOf.default)(url).call(url, '#')) : nativeLoc.hash;
|
|
87
93
|
}
|
|
88
94
|
|
|
89
95
|
if (!paramStr) {
|
|
@@ -119,7 +125,7 @@ async function parseFromUrl(sdk, options) {
|
|
|
119
125
|
});
|
|
120
126
|
|
|
121
127
|
if (!oauthParams) {
|
|
122
|
-
return
|
|
128
|
+
return _promise.default.reject(new _errors.AuthSdkError('Unable to retrieve OAuth redirect params from storage'));
|
|
123
129
|
}
|
|
124
130
|
|
|
125
131
|
const urls = oauthParams.urls;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/parseFromUrl.ts"],"names":["removeHash","sdk","nativeHistory","token","parseFromUrl","_getHistory","nativeDoc","_getDocument","nativeLoc","_getLocation","replaceState","title","pathname","search","hash","removeSearch","getResponseMode","defaultResponseMode","options","pkce","responseMode","parseOAuthResponseFromUrl","url","paramStr","substring","AuthSdkError","cleanOAuthResponseFromUrl","res","state","oauthParams","transactionManager","load","oauth","reject","urls","catch","err","clear","then"],"mappings":";;;;;;;;;;;;;AAaA;;AACA;;AAQA;;AACA;;AAvBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAaA,SAASA,UAAT,CAAoBC,GAApB,EAAyB;AACvB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACK,MAAjF;AACD,GAFD,MAEO;AACLL,IAAAA,SAAS,CAACM,IAAV,GAAiB,EAAjB;AACD;AACF;;AAED,SAASC,YAAT,CAAsBd,GAAtB,EAA2B;AACzB,MAAIC,aAAa,GAAGD,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBC,WAAvB,EAApB;;AACA,MAAIC,SAAS,GAAGL,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBG,YAAvB,EAAhB;;AACA,MAAIC,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIP,aAAa,IAAIA,aAAa,CAACQ,YAAnC,EAAiD;AAC/CR,IAAAA,aAAa,CAACQ,YAAd,CAA2B,IAA3B,EAAiCJ,SAAS,CAACK,KAA3C,EAAkDH,SAAS,CAACI,QAAV,GAAqBJ,SAAS,CAACM,IAAjF;AACD,GAFD,MAEO;AACLN,IAAAA,SAAS,CAACK,MAAV,GAAmB,EAAnB;AACD;AACF;;AAEM,SAASG,eAAT,CAAyBf,GAAzB,EAAoD;AACzD;AACA,MAAIgB,mBAAmB,GAAGhB,GAAG,CAACiB,OAAJ,CAAYC,IAAZ,GAAmB,OAAnB,GAA6B,UAAvD;AACA,MAAIC,YAAY,GAAGnB,GAAG,CAACiB,OAAJ,CAAYE,YAAZ,IAA4BH,mBAA/C;AACA,SAAOG,YAAP;AACD;;AAEM,SAASC,yBAAT,CAAmCpB,GAAnC,EAAwCiB,OAAxC,EAA8F;AACnGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,MAAII,GAAG,GAAGJ,OAAO,CAACI,GAAlB;AACA,MAAIF,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA1D;;AACA,MAAIO,SAAS,GAAGP,GAAG,CAACE,KAAJ,CAAUC,YAAV,CAAuBK,YAAvB,EAAhB;;AACA,MAAIc,QAAJ;;AAEA,MAAIH,YAAY,KAAK,OAArB,EAA8B;AAC5BG,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACK,MAA7D;AACD,GAFD,MAEO;AACLU,IAAAA,QAAQ,GAAGD,GAAG,GAAGA,GAAG,CAACE,SAAJ,CAAc,sBAAAF,GAAG,MAAH,CAAAA,GAAG,EAAS,GAAT,CAAjB,CAAH,GAAqCd,SAAS,CAACM,IAA7D;AACD;;AAED,MAAI,CAACS,QAAL,EAAe;AACb,UAAM,IAAIE,oBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,SAAO,6BAAkBF,QAAlB,CAAP;AACD;;AAEM,SAASG,yBAAT,CAAmCzB,GAAnC,EAAwCiB,OAAxC,EAAsE;AAC3E;AACA,QAAME,YAAY,GAAGF,OAAO,CAACE,YAAR,IAAwBJ,eAAe,CAACf,GAAD,CAA5D;AACAmB,EAAAA,YAAY,KAAK,OAAjB,GAA2BL,YAAY,CAACd,GAAD,CAAvC,GAA+CD,UAAU,CAACC,GAAD,CAAzD;AACD;;AAEM,eAAeG,YAAf,CAA4BH,GAA5B,EAAiCiB,OAAjC,EAAiG;AACtGA,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;;AACA,MAAI,qBAASA,OAAT,CAAJ,EAAuB;AACrBA,IAAAA,OAAO,GAAG;AAAEI,MAAAA,GAAG,EAAEJ;AAAP,KAAV;AACD,GAFD,MAEO;AACLA,IAAAA,OAAO,GAAGA,OAAV;AACD;;AAED,QAAMS,GAAkB,GAAGN,yBAAyB,CAACpB,GAAD,EAAMiB,OAAN,CAApD;AACA,QAAMU,KAAK,GAAGD,GAAG,CAACC,KAAlB;AACA,QAAMC,WAA4B,GAAG5B,GAAG,CAAC6B,kBAAJ,CAAuBC,IAAvB,CAA4B;AAC/DC,IAAAA,KAAK,EAAE,IADwD;AAE/Db,IAAAA,IAAI,EAAElB,GAAG,CAACiB,OAAJ,CAAYC,IAF6C;AAG/DS,IAAAA;AAH+D,GAA5B,CAArC;;AAKA,MAAI,CAACC,WAAL,EAAkB;AAChB,WAAO,iBAAQI,MAAR,CAAe,IAAIR,oBAAJ,CAAiB,uDAAjB,CAAf,CAAP;AACD;;AACD,QAAMS,IAAgB,GAAGL,WAAW,CAACK,IAArC;AACA,SAAOL,WAAW,CAACK,IAAnB;;AAEA,MAAI,CAAChB,OAAO,CAACI,GAAb,EAAkB;AAChB;AACAI,IAAAA,yBAAyB,CAACzB,GAAD,EAAMiB,OAAN,CAAzB;AACD;;AAED,SAAO,8CAAoBjB,GAApB,EAAyB4B,WAAzB,EAAsCF,GAAtC,EAA2CO,IAA3C,EACJC,KADI,CACEC,GAAG,IAAI;AACZ,QAAI,CAAC,sCAA2BA,GAA3B,CAAL,EAAsC;AACpCnC,MAAAA,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;AAC3BT,QAAAA;AAD2B,OAA7B;AAGD;;AACD,UAAMQ,GAAN;AACD,GARI,EASJE,IATI,CASCX,GAAG,IAAI;AACX1B,IAAAA,GAAG,CAAC6B,kBAAJ,CAAuBO,KAAvB,CAA6B;AAC3BT,MAAAA;AAD2B,KAA7B;AAGA,WAAOD,GAAP;AACD,GAdI,CAAP;AAgBD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n ParseFromUrlOptions,\n TokenResponse,\n CustomUrls,\n TransactionMeta,\n OAuthResponse\n} from '../types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n } else {\n nativeLoc.hash = '';\n }\n}\n\nfunction removeSearch(sdk) {\n var nativeHistory = sdk.token.parseFromUrl._getHistory();\n var nativeDoc = sdk.token.parseFromUrl._getDocument();\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n if (nativeHistory && nativeHistory.replaceState) {\n nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n } else {\n nativeLoc.search = '';\n }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n var responseMode = sdk.options.responseMode || defaultResponseMode;\n return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n var url = options.url;\n var responseMode = options.responseMode || getResponseMode(sdk);\n var nativeLoc = sdk.token.parseFromUrl._getLocation();\n var paramStr;\n\n if (responseMode === 'query') {\n paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n } else {\n paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n }\n\n if (!paramStr) {\n throw new AuthSdkError('Unable to parse a token from the url');\n }\n\n return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n // Clean hash or search from the url\n const responseMode = options.responseMode || getResponseMode(sdk);\n responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n options = options || {};\n if (isString(options)) {\n options = { url: options } as ParseFromUrlOptions;\n } else {\n options = options as ParseFromUrlOptions;\n }\n\n const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n const state = res.state;\n const oauthParams: TransactionMeta = sdk.transactionManager.load({\n oauth: true,\n pkce: sdk.options.pkce,\n state\n });\n if (!oauthParams) {\n return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params from storage'));\n }\n const urls: CustomUrls = oauthParams.urls as CustomUrls;\n delete oauthParams.urls;\n\n if (!options.url) {\n // Clean hash or search from the url\n cleanOAuthResponseFromUrl(sdk, options);\n }\n\n return handleOAuthResponse(sdk, oauthParams, res, urls)\n .catch(err => {\n if (!isInteractionRequiredError(err)) {\n sdk.transactionManager.clear({\n state\n });\n }\n throw err;\n })\n .then(res => {\n sdk.transactionManager.clear({\n state\n });\n return res;\n });\n\n}\n"],"file":"parseFromUrl.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/renewToken.ts"],"names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;AAChC,QAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;AAC5D,MAAI,sBAAUD,aAAV,CAAJ,EAA8B;AAC5B,WAAOC,MAAM,CAACC,OAAd;AACD;;AACD,MAAI,0BAAcF,aAAd,CAAJ,EAAkC;AAChC,WAAOC,MAAM,CAACE,WAAd;AACD;;AACDN,EAAAA,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/renewToken.ts"],"names":["throwInvalidTokenError","AuthSdkError","getSingleToken","originalToken","tokens","idToken","accessToken","renewToken","sdk","token","tokenManager","getTokensSync","refreshToken","scopes","responseType","options","pkce","authorizeUrl","userinfoUrl","issuer","then","res"],"mappings":";;;;AAYA;;AACA;;AACA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMA,SAASA,sBAAT,GAAkC;AAChC,QAAM,IAAIC,oBAAJ,CACJ,oFADI,CAAN;AAGD,C,CAED;;;AACA,SAASC,cAAT,CAAwBC,aAAxB,EAA8CC,MAA9C,EAA8D;AAC5D,MAAI,sBAAUD,aAAV,CAAJ,EAA8B;AAC5B,WAAOC,MAAM,CAACC,OAAd;AACD;;AACD,MAAI,0BAAcF,aAAd,CAAJ,EAAkC;AAChC,WAAOC,MAAM,CAACE,WAAd;AACD;;AACDN,EAAAA,sBAAsB;AACvB,C,CAED;;;AACO,eAAeO,UAAf,CAA0BC,GAA1B,EAAkDC,KAAlD,EAA4F;AACjG,MAAI,CAAC,sBAAUA,KAAV,CAAD,IAAqB,CAAC,0BAAcA,KAAd,CAA1B,EAAgD;AAC9CT,IAAAA,sBAAsB;AACvB;;AAED,MAAII,MAAM,GAAGI,GAAG,CAACE,YAAJ,CAAiBC,aAAjB,EAAb;;AACA,MAAIP,MAAM,CAACQ,YAAX,EAAyB;AACvBR,IAAAA,MAAM,GAAG,MAAM,oDAAuBI,GAAvB,EAA4B;AACzCK,MAAAA,MAAM,EAAEJ,KAAK,CAACI;AAD2B,KAA5B,EAEZT,MAAM,CAACQ,YAFK,CAAf;AAGA,WAAOV,cAAc,CAACO,KAAD,EAAQL,MAAR,CAArB;AACD;;AAED,MAAIU,YAAJ;;AACA,MAAIN,GAAG,CAACO,OAAJ,CAAYC,IAAhB,EAAsB;AACpBF,IAAAA,YAAY,GAAG,MAAf;AACD,GAFD,MAEO,IAAI,0BAAcL,KAAd,CAAJ,EAA0B;AAC/BK,IAAAA,YAAY,GAAG,OAAf;AACD,GAFM,MAEA;AACLA,IAAAA,YAAY,GAAG,UAAf;AACD;;AAED,QAAM;AAAED,IAAAA,MAAF;AAAUI,IAAAA,YAAV;AAAwBC,IAAAA,WAAxB;AAAqCC,IAAAA;AAArC,MAAgDV,KAAtD;AACA,SAAO,wCAAiBD,GAAjB,EAAsB;AAC3BM,IAAAA,YAD2B;AAE3BD,IAAAA,MAF2B;AAG3BI,IAAAA,YAH2B;AAI3BC,IAAAA,WAJ2B;AAK3BC,IAAAA;AAL2B,GAAtB,EAOJC,IAPI,CAOC,UAAUC,GAAV,EAAe;AACnB,WAAOnB,cAAc,CAACO,KAAD,EAAQY,GAAG,CAACjB,MAAZ,CAArB;AACD,GATI,CAAP;AAUD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n throw new AuthSdkError(\n 'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n if (isIDToken(originalToken)) {\n return tokens.idToken;\n }\n if (isAccessToken(originalToken)) {\n return tokens.accessToken;\n }\n throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthInterface, token: Token): Promise<Token | undefined> {\n if (!isIDToken(token) && !isAccessToken(token)) {\n throwInvalidTokenError();\n }\n\n let tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n tokens = await renewTokensWithRefresh(sdk, {\n scopes: token.scopes,\n }, tokens.refreshToken);\n return getSingleToken(token, tokens);\n }\n\n var responseType;\n if (sdk.options.pkce) {\n responseType = 'code';\n } else if (isAccessToken(token)) {\n responseType = 'token';\n } else {\n responseType = 'id_token';\n }\n\n const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n return getWithoutPrompt(sdk, {\n responseType,\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n })\n .then(function (res) {\n return getSingleToken(token, res.tokens);\n });\n}\n"],"file":"renewToken.js"}
|
package/cjs/oidc/renewTokens.js
CHANGED
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.renewTokens = renewTokens;
|
|
4
6
|
|
|
7
|
+
var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
|
|
8
|
+
|
|
5
9
|
var _errors = require("../errors");
|
|
6
10
|
|
|
7
11
|
var _getWithoutPrompt = require("./getWithoutPrompt");
|
|
@@ -52,7 +56,7 @@ async function renewTokens(sdk, options) {
|
|
|
52
56
|
const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;
|
|
53
57
|
const issuer = idToken.issuer || sdk.options.issuer; // Get tokens using the SSO cookie
|
|
54
58
|
|
|
55
|
-
options =
|
|
59
|
+
options = (0, _assign.default)({
|
|
56
60
|
scopes,
|
|
57
61
|
authorizeUrl,
|
|
58
62
|
userinfoUrl,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/renewTokens.ts"],"names":["renewTokens","sdk","options","tokens","tokenManager","getTokensSync","refreshToken","accessToken","idToken","AuthSdkError","scopes","authorizeUrl","userinfoUrl","issuer","pkce","responseType","then","res"],"mappings":";;;;;;;;AAYA;;AAEA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAOA;AACA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAgCC,OAAhC,EAAwE;AAC7E,QAAMC,MAAM,GAAGF,GAAG,CAACG,YAAJ,CAAiBC,aAAjB,EAAf;;AACA,MAAIF,MAAM,CAACG,YAAX,EAAyB;AACvB,WAAO,oDAAuBL,GAAvB,EAA4BC,OAAO,IAAI,EAAvC,EAA2CC,MAAM,CAACG,YAAlD,CAAP;AACD;;AAED,MAAI,CAACH,MAAM,CAACI,WAAR,IAAuB,CAACJ,MAAM,CAACK,OAAnC,EAA4C;AAC1C,UAAM,IAAIC,oBAAJ,CAAiB,yDAAjB,CAAN;AACD;;AAED,QAAMF,WAAW,GAAGJ,MAAM,CAACI,WAAP,IAAsB,EAA1C;AACA,QAAMC,OAAO,GAAGL,MAAM,CAACK,OAAP,IAAkB,EAAlC;AACA,QAAME,MAAM,GAAGH,WAAW,CAACG,MAAZ,IAAsBF,OAAO,CAACE,MAA7C;;AACA,MAAI,CAACA,MAAL,EAAa;AACX,UAAM,IAAID,oBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,QAAME,YAAY,GAAGJ,WAAW,CAACI,YAAZ,IAA4BH,OAAO,CAACG,YAAzD;;AACA,MAAI,CAACA,YAAL,EAAmB;AACjB,UAAM,IAAIF,oBAAJ,CAAiB,0DAAjB,CAAN;AACD;;AACD,QAAMG,WAAW,GAAGL,WAAW,CAACK,WAAZ,IAA2BX,GAAG,CAACC,OAAJ,CAAYU,WAA3D;AACA,QAAMC,MAAM,GAAGL,OAAO,CAACK,MAAR,IAAkBZ,GAAG,CAACC,OAAJ,CAAYW,MAA7C,CArB6E,CAuB7E;;AACAX,EAAAA,OAAO,GAAG,qBAAc;AACtBQ,IAAAA,MADsB;AAEtBC,IAAAA,YAFsB;AAGtBC,IAAAA,WAHsB;AAItBC,IAAAA;AAJsB,GAAd,EAKPX,OALO,CAAV;;AAOA,MAAID,GAAG,CAACC,OAAJ,CAAYY,IAAhB,EAAsB;AACpBZ,IAAAA,OAAO,CAACa,YAAR,GAAuB,MAAvB;AACD,GAFD,MAEO;AACL,UAAM;AAAEA,MAAAA;AAAF,QAAmB,iCAAsBd,GAAtB,CAAzB;AACAC,IAAAA,OAAO,CAACa,YAAR,GAAuBA,YAAvB;AACD;;AAED,SAAO,wCAAiBd,GAAjB,EAAsBC,OAAtB,EACJc,IADI,CACCC,GAAG,IAAIA,GAAG,CAACd,MADZ,CAAP;AAGD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { TokenParams, Tokens } from '../types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: TokenParams): Promise<Tokens> {\n const tokens = sdk.tokenManager.getTokensSync();\n if (tokens.refreshToken) {\n return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n }\n\n if (!tokens.accessToken && !tokens.idToken) {\n throw new AuthSdkError('renewTokens() was called but there is no existing token');\n }\n\n const accessToken = tokens.accessToken || {};\n const idToken = tokens.idToken || {};\n const scopes = accessToken.scopes || idToken.scopes;\n if (!scopes) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n }\n const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n if (!authorizeUrl) {\n throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n }\n const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n const issuer = idToken.issuer || sdk.options.issuer;\n\n // Get tokens using the SSO cookie\n options = Object.assign({\n scopes,\n authorizeUrl,\n userinfoUrl,\n issuer\n }, options);\n\n if (sdk.options.pkce) {\n options.responseType = 'code';\n } else {\n const { responseType } = getDefaultTokenParams(sdk);\n options.responseType = responseType;\n }\n\n return getWithoutPrompt(sdk, options)\n .then(res => res.tokens);\n \n}\n"],"file":"renewTokens.js"}
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.renewTokensWithRefresh = renewTokensWithRefresh;
|
|
4
6
|
|
|
7
|
+
var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
|
|
8
|
+
|
|
5
9
|
var _errors = require("../errors");
|
|
6
10
|
|
|
7
11
|
var _oauth = require("./util/oauth");
|
|
@@ -33,7 +37,7 @@ async function renewTokensWithRefresh(sdk, tokenParams, refreshTokenObject) {
|
|
|
33
37
|
throw new _errors.AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');
|
|
34
38
|
}
|
|
35
39
|
|
|
36
|
-
const renewTokenParams =
|
|
40
|
+
const renewTokenParams = (0, _assign.default)({}, tokenParams, {
|
|
37
41
|
clientId
|
|
38
42
|
});
|
|
39
43
|
const tokenResponse = await (0, _token.postRefreshToken)(sdk, renewTokenParams, refreshTokenObject);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/renewTokensWithRefresh.ts"],"names":["renewTokensWithRefresh","sdk","tokenParams","refreshTokenObject","clientId","options","AuthSdkError","renewTokenParams","tokenResponse","urls","tokens","refreshToken","tokenManager","updateRefreshToken"],"mappings":";;;;;;;;AAYA;;AACA;;AACA;;AAEA;;AACA;;AAjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,eAAeA,sBAAf,CACLC,GADK,EAELC,WAFK,EAGLC,kBAHK,EAIY;AACjB,QAAM;AAAEC,IAAAA;AAAF,MAAeH,GAAG,CAACI,OAAzB;;AACA,MAAI,CAACD,QAAL,EAAe;AACb,UAAM,IAAIE,oBAAJ,CAAiB,0EAAjB,CAAN;AACD;;AAED,QAAMC,gBAA6B,GAAG,qBAAc,EAAd,EAAkBL,WAAlB,EAA+B;AACnEE,IAAAA;AADmE,GAA/B,CAAtC;AAGA,QAAMI,aAAa,GAAG,MAAM,6BAAiBP,GAAjB,EAAsBM,gBAAtB,EAAwCJ,kBAAxC,CAA5B;AACA,QAAMM,IAAI,GAAG,yBAAaR,GAAb,EAAkBC,WAAlB,CAAb;AACA,QAAM;AAAEQ,IAAAA;AAAF,MAAa,MAAM,8CAAoBT,GAApB,EAAyBM,gBAAzB,EAA2CC,aAA3C,EAA0DC,IAA1D,CAAzB,CAXiB,CAajB;;AACA,QAAM;AAAEE,IAAAA;AAAF,MAAmBD,MAAzB;;AACA,MAAIC,YAAY,IAAI,CAAC,sCAAmBA,YAAnB,EAAiCR,kBAAjC,CAArB,EAA2E;AACzEF,IAAAA,GAAG,CAACW,YAAJ,CAAiBC,kBAAjB,CAAoCF,YAApC;AACD;;AAED,SAAOD,MAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthInterface, TokenParams, RefreshToken, Tokens } from '../types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\n\nexport async function renewTokensWithRefresh(\n sdk: OktaAuthInterface,\n tokenParams: TokenParams,\n refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n const { clientId } = sdk.options;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n }\n\n const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n clientId,\n });\n const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n const urls = getOAuthUrls(sdk, tokenParams);\n const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n // Support rotating refresh tokens\n const { refreshToken } = tokens;\n if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n sdk.tokenManager.updateRefreshToken(refreshToken);\n }\n\n return tokens;\n}\n"],"file":"renewTokensWithRefresh.js"}
|
package/cjs/oidc/revokeToken.js
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
4
|
|
|
5
5
|
exports.revokeToken = revokeToken;
|
|
6
6
|
|
|
7
|
+
var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
|
|
8
|
+
|
|
7
9
|
var _http = require("../http");
|
|
8
10
|
|
|
9
11
|
var _util = require("../util");
|
|
@@ -30,6 +32,8 @@ var _AuthSdkError = _interopRequireDefault(require("../errors/AuthSdkError"));
|
|
|
30
32
|
/* eslint complexity:[0,8] */
|
|
31
33
|
// refresh tokens have precedence to be revoked if no token is specified
|
|
32
34
|
async function revokeToken(sdk, token) {
|
|
35
|
+
var _context;
|
|
36
|
+
|
|
33
37
|
let accessToken = '';
|
|
34
38
|
let refreshToken = '';
|
|
35
39
|
|
|
@@ -51,11 +55,11 @@ async function revokeToken(sdk, token) {
|
|
|
51
55
|
|
|
52
56
|
|
|
53
57
|
var revokeUrl = (0, _oauth.getOAuthUrls)(sdk).revokeUrl;
|
|
54
|
-
var args = (0, _util.toQueryString)({
|
|
58
|
+
var args = (0, _slice.default)(_context = (0, _util.toQueryString)({
|
|
55
59
|
// eslint-disable-next-line camelcase
|
|
56
60
|
token_type_hint: refreshToken ? 'refresh_token' : 'access_token',
|
|
57
61
|
token: refreshToken || accessToken
|
|
58
|
-
}).
|
|
62
|
+
})).call(_context, 1);
|
|
59
63
|
var creds = clientSecret ? (0, _crypto.btoa)(`${clientId}:${clientSecret}`) : (0, _crypto.btoa)(clientId);
|
|
60
64
|
return (0, _http.post)(sdk, revokeUrl, args, {
|
|
61
65
|
headers: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/revokeToken.ts"],"names":["revokeToken","sdk","token","accessToken","refreshToken","AuthSdkError","clientId","options","clientSecret","revokeUrl","args","token_type_hint","creds","headers"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAGA;;AACA;;AApBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AAeA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAmDC,KAAnD,EAAwF;AAAA;;AAC7F,MAAIC,WAAW,GAAG,EAAlB;AACA,MAAIC,YAAY,GAAG,EAAnB;;AACA,MAAIF,KAAJ,EAAW;AACPC,IAAAA,WAAW,GAAID,KAAD,CAAuBC,WAArC;AACAC,IAAAA,YAAY,GAAIF,KAAD,CAAwBE,YAAvC;AACH;;AACD,MAAG,CAACD,WAAD,IAAgB,CAACC,YAApB,EAAkC;AAChC,UAAM,IAAIC,qBAAJ,CAAiB,oDAAjB,CAAN;AACD;;AACD,MAAIC,QAAQ,GAAGL,GAAG,CAACM,OAAJ,CAAYD,QAA3B;AACA,MAAIE,YAAY,GAAGP,GAAG,CAACM,OAAJ,CAAYC,YAA/B;;AACA,MAAI,CAACF,QAAL,EAAe;AACb,UAAM,IAAID,qBAAJ,CAAiB,4EAAjB,CAAN;AACD,GAd4F,CAe7F;;;AACA,MAAII,SAAS,GAAG,yBAAaR,GAAb,EAAkBQ,SAAlC;AACA,MAAIC,IAAI,GAAG,wDAAc;AACvB;AACAC,IAAAA,eAAe,EAAEP,YAAY,GAAG,eAAH,GAAqB,cAF3B;AAGvBF,IAAAA,KAAK,EAAEE,YAAY,IAAID;AAHA,GAAd,kBAIF,CAJE,CAAX;AAKA,MAAIS,KAAK,GAAGJ,YAAY,GAAG,kBAAM,GAAEF,QAAS,IAAGE,YAAa,EAAjC,CAAH,GAAyC,kBAAKF,QAAL,CAAjE;AACA,SAAO,gBAAKL,GAAL,EAAUQ,SAAV,EAAqBC,IAArB,EAA2B;AAChCG,IAAAA,OAAO,EAAE;AACP,sBAAgB,mCADT;AAEP,uBAAiB,WAAWD;AAFrB;AADuB,GAA3B,CAAP;AAMD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n OktaAuthInterface,\n RevocableToken,\n AccessToken,\n RefreshToken\n} from '../types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthInterface, token: RevocableToken): Promise<any> {\n let accessToken = '';\n let refreshToken = '';\n if (token) { \n accessToken = (token as AccessToken).accessToken;\n refreshToken = (token as RefreshToken).refreshToken; \n }\n if(!accessToken && !refreshToken) { \n throw new AuthSdkError('A valid access or refresh token object is required');\n }\n var clientId = sdk.options.clientId;\n var clientSecret = sdk.options.clientSecret;\n if (!clientId) {\n throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n }\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n var args = toQueryString({\n // eslint-disable-next-line camelcase\n token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n token: refreshToken || accessToken,\n }).slice(1);\n var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n return post(sdk, revokeUrl, args, {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n 'Authorization': 'Basic ' + creds\n }\n });\n}\n"],"file":"revokeToken.js"}
|
package/cjs/oidc/util/browser.js
CHANGED
|
@@ -1,11 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.addListener = addListener;
|
|
4
6
|
exports.removeListener = removeListener;
|
|
5
7
|
exports.loadFrame = loadFrame;
|
|
6
8
|
exports.loadPopup = loadPopup;
|
|
7
9
|
exports.addPostMessageListener = addPostMessageListener;
|
|
8
10
|
|
|
11
|
+
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
12
|
+
|
|
9
13
|
var _errors = require("../../errors");
|
|
10
14
|
|
|
11
15
|
/*!
|
|
@@ -56,7 +60,7 @@ function loadPopup(src, options) {
|
|
|
56
60
|
function addPostMessageListener(sdk, timeout, state) {
|
|
57
61
|
var responseHandler;
|
|
58
62
|
var timeoutId;
|
|
59
|
-
var msgReceivedOrTimeout = new
|
|
63
|
+
var msgReceivedOrTimeout = new _promise.default(function (resolve, reject) {
|
|
60
64
|
responseHandler = function responseHandler(e) {
|
|
61
65
|
if (!e.data || e.data.state !== state) {
|
|
62
66
|
// A message not meant for us
|