@okta/okta-auth-js 6.0.0 → 6.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +65 -0
- package/README.md +58 -27
- package/cjs/AuthStateManager.js +21 -7
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaAuth.js +96 -40
- package/cjs/OktaAuth.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/PromiseQueue.js +14 -3
- package/cjs/PromiseQueue.js.map +1 -1
- package/cjs/SavedObject.js +4 -2
- package/cjs/SavedObject.js.map +1 -1
- package/cjs/ServiceManager.js +195 -0
- package/cjs/ServiceManager.js.map +1 -0
- package/cjs/StorageManager.js +13 -8
- package/cjs/StorageManager.js.map +1 -1
- package/cjs/TokenManager.js +34 -32
- package/cjs/TokenManager.js.map +1 -1
- package/cjs/TransactionManager.js +17 -5
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +48 -33
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/browser/fingerprint.js +9 -3
- package/cjs/browser/fingerprint.js.map +1 -1
- package/cjs/builderUtil.js +4 -2
- package/cjs/builderUtil.js.map +1 -1
- package/cjs/clock.js +5 -1
- package/cjs/clock.js.map +1 -1
- package/cjs/crypto/base64.js +18 -0
- package/cjs/crypto/base64.js.map +1 -1
- package/cjs/crypto/index.js +6 -4
- package/cjs/crypto/index.js.map +1 -1
- package/cjs/crypto/node.js +19 -13
- package/cjs/crypto/node.js.map +1 -1
- package/cjs/crypto/oidcHash.js +5 -1
- package/cjs/crypto/oidcHash.js.map +1 -1
- package/cjs/crypto/webauthn.js +101 -0
- package/cjs/crypto/webauthn.js.map +1 -0
- package/cjs/crypto/webcrypto.js +3 -1
- package/cjs/crypto/webcrypto.js.map +1 -1
- package/cjs/errors/AuthApiError.js +1 -1
- package/cjs/errors/AuthPollStopError.js +1 -1
- package/cjs/errors/AuthSdkError.js +1 -1
- package/cjs/errors/CustomError.js +5 -1
- package/cjs/errors/CustomError.js.map +1 -1
- package/cjs/errors/OAuthError.js +1 -1
- package/cjs/errors/index.js +1 -1
- package/cjs/fetch/fetchRequest.js +18 -6
- package/cjs/fetch/fetchRequest.js.map +1 -1
- package/cjs/http/headers.js.map +1 -1
- package/cjs/http/index.js +4 -2
- package/cjs/http/index.js.map +1 -1
- package/cjs/http/request.js +9 -5
- package/cjs/http/request.js.map +1 -1
- package/cjs/idx/authenticate.js.map +1 -1
- package/cjs/idx/authenticator/Authenticator.js.map +1 -1
- package/cjs/idx/authenticator/OktaPassword.js +12 -3
- package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
- package/cjs/idx/authenticator/OktaVerifyTotp.js +9 -1
- package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +15 -2
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionVerification.js +10 -2
- package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +13 -3
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/WebauthnEnrollment.js +51 -0
- package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -0
- package/cjs/idx/authenticator/WebauthnVerification.js +60 -0
- package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -0
- package/cjs/idx/authenticator/getAuthenticator.js +13 -1
- package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/index.js +34 -6
- package/cjs/idx/authenticator/index.js.map +1 -1
- package/cjs/idx/authenticator/util.js +64 -0
- package/cjs/idx/authenticator/util.js.map +1 -0
- package/cjs/idx/cancel.js.map +1 -1
- package/cjs/idx/emailVerify.js +1 -1
- package/cjs/idx/emailVerify.js.map +1 -1
- package/cjs/idx/flow/AccountUnlockFlow.js +30 -0
- package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -0
- package/cjs/idx/flow/FlowSpecification.js +8 -0
- package/cjs/idx/flow/FlowSpecification.js.map +1 -1
- package/cjs/idx/flow/PasswordRecoveryFlow.js +4 -1
- package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
- package/cjs/idx/flow/index.js +20 -5
- package/cjs/idx/flow/index.js.map +1 -1
- package/cjs/idx/handleInteractionCodeRedirect.js +5 -1
- package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
- package/cjs/idx/headers.js +21 -5
- package/cjs/idx/headers.js.map +1 -1
- package/cjs/idx/idx-js/client.js +91 -0
- package/cjs/idx/idx-js/client.js.map +1 -0
- package/cjs/idx/idx-js/index.js +40 -0
- package/cjs/idx/idx-js/index.js.map +1 -0
- package/cjs/idx/idx-js/interact.js +83 -0
- package/cjs/idx/idx-js/interact.js.map +1 -0
- package/cjs/idx/idx-js/introspect.js +62 -0
- package/cjs/idx/idx-js/introspect.js.map +1 -0
- package/cjs/idx/idx-js/parsers.js +41 -0
- package/cjs/idx/idx-js/parsers.js.map +1 -0
- package/cjs/idx/idx-js/util.js +34 -0
- package/cjs/idx/idx-js/util.js.map +1 -0
- package/cjs/idx/idx-js/v1/actionParser.js +90 -0
- package/cjs/idx/idx-js/v1/actionParser.js.map +1 -0
- package/cjs/idx/idx-js/v1/generateIdxAction.js +111 -0
- package/cjs/idx/idx-js/v1/generateIdxAction.js.map +1 -0
- package/cjs/idx/idx-js/v1/idxResponseParser.js +137 -0
- package/cjs/idx/idx-js/v1/idxResponseParser.js.map +1 -0
- package/cjs/idx/idx-js/v1/makeIdxState.js +65 -0
- package/cjs/idx/idx-js/v1/makeIdxState.js.map +1 -0
- package/cjs/idx/idx-js/v1/parsers.js +24 -0
- package/cjs/idx/idx-js/v1/parsers.js.map +1 -0
- package/cjs/idx/idx-js/v1/remediationParser.js +32 -0
- package/cjs/idx/idx-js/v1/remediationParser.js.map +1 -0
- package/cjs/idx/index.js +120 -121
- package/cjs/idx/index.js.map +1 -1
- package/cjs/idx/interact.js +9 -4
- package/cjs/idx/interact.js.map +1 -1
- package/cjs/idx/introspect.js +19 -9
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/poll.js +13 -3
- package/cjs/idx/poll.js.map +1 -1
- package/cjs/idx/proceed.js +14 -11
- package/cjs/idx/proceed.js.map +1 -1
- package/cjs/idx/recoverPassword.js.map +1 -1
- package/cjs/idx/register.js +5 -1
- package/cjs/idx/register.js.map +1 -1
- package/cjs/idx/remediate.js +112 -88
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +16 -6
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js +61 -16
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +44 -20
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +116 -82
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +58 -34
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +30 -7
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengeAuthenticator.js +2 -2
- package/cjs/idx/remediators/ChallengePoll.js +10 -3
- package/cjs/idx/remediators/ChallengePoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollAuthenticator.js +2 -2
- package/cjs/idx/remediators/EnrollPoll.js +16 -6
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +34 -16
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js +25 -17
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
- package/cjs/idx/remediators/Identify.js +16 -7
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +13 -10
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/RedirectIdp.js +2 -2
- package/cjs/idx/remediators/ResetAuthenticator.js +2 -2
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +9 -6
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorEnroll.js +2 -2
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +71 -0
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -0
- package/cjs/idx/remediators/SelectEnrollProfile.js +2 -2
- package/cjs/idx/remediators/SelectEnrollmentChannel.js +22 -10
- package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
- package/cjs/idx/remediators/Skip.js +5 -10
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/remediators/index.js +33 -18
- package/cjs/idx/remediators/index.js.map +1 -1
- package/cjs/idx/remediators/util.js +13 -3
- package/cjs/idx/remediators/util.js.map +1 -1
- package/cjs/idx/run.js +276 -177
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/startTransaction.js.map +1 -1
- package/cjs/idx/transactionMeta.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +82 -9
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/idx/unlockAccount.js +48 -0
- package/cjs/idx/unlockAccount.js.map +1 -0
- package/cjs/idx/util.js +198 -0
- package/cjs/idx/util.js.map +1 -0
- package/cjs/index.js +20 -14
- package/cjs/index.js.map +1 -1
- package/cjs/oidc/endpoints/authorize.js +8 -2
- package/cjs/oidc/endpoints/authorize.js.map +1 -1
- package/cjs/oidc/endpoints/index.js +5 -3
- package/cjs/oidc/endpoints/index.js.map +1 -1
- package/cjs/oidc/endpoints/token.js +15 -3
- package/cjs/oidc/endpoints/token.js.map +1 -1
- package/cjs/oidc/endpoints/well-known.js +7 -3
- package/cjs/oidc/endpoints/well-known.js.map +1 -1
- package/cjs/oidc/exchangeCodeForTokens.js +10 -2
- package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
- package/cjs/oidc/getToken.js +9 -5
- package/cjs/oidc/getToken.js.map +1 -1
- package/cjs/oidc/getUserInfo.js +7 -3
- package/cjs/oidc/getUserInfo.js.map +1 -1
- package/cjs/oidc/getWithPopup.js +8 -2
- package/cjs/oidc/getWithPopup.js.map +1 -1
- package/cjs/oidc/getWithRedirect.js +5 -1
- package/cjs/oidc/getWithRedirect.js.map +1 -1
- package/cjs/oidc/getWithoutPrompt.js +8 -2
- package/cjs/oidc/getWithoutPrompt.js.map +1 -1
- package/cjs/oidc/handleOAuthResponse.js +9 -3
- package/cjs/oidc/handleOAuthResponse.js.map +1 -1
- package/cjs/oidc/index.js +4 -2
- package/cjs/oidc/index.js.map +1 -1
- package/cjs/oidc/parseFromUrl.js +9 -3
- package/cjs/oidc/parseFromUrl.js.map +1 -1
- package/cjs/oidc/renewToken.js.map +1 -1
- package/cjs/oidc/renewTokens.js +5 -1
- package/cjs/oidc/renewTokens.js.map +1 -1
- package/cjs/oidc/renewTokensWithRefresh.js +5 -1
- package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
- package/cjs/oidc/revokeToken.js +7 -3
- package/cjs/oidc/revokeToken.js.map +1 -1
- package/cjs/oidc/util/browser.js +5 -1
- package/cjs/oidc/util/browser.js.map +1 -1
- package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
- package/cjs/oidc/util/errors.js.map +1 -1
- package/cjs/oidc/util/index.js +14 -12
- package/cjs/oidc/util/index.js.map +1 -1
- package/cjs/oidc/util/loginRedirect.js +5 -1
- package/cjs/oidc/util/loginRedirect.js.map +1 -1
- package/cjs/oidc/util/oauth.js +4 -2
- package/cjs/oidc/util/oauth.js.map +1 -1
- package/cjs/oidc/util/oauthMeta.js.map +1 -1
- package/cjs/oidc/util/pkce.js +11 -3
- package/cjs/oidc/util/pkce.js.map +1 -1
- package/cjs/oidc/util/prepareTokenParams.js +7 -5
- package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
- package/cjs/oidc/util/validateClaims.js +1 -1
- package/cjs/oidc/util/validateClaims.js.map +1 -1
- package/cjs/oidc/verifyToken.js +11 -3
- package/cjs/oidc/verifyToken.js.map +1 -1
- package/cjs/options/browser.js +86 -0
- package/cjs/options/browser.js.map +1 -0
- package/cjs/options/index.js +94 -0
- package/cjs/options/index.js.map +1 -0
- package/cjs/options/node.js +45 -0
- package/cjs/options/node.js.map +1 -0
- package/cjs/options.js +17 -5
- package/cjs/options.js.map +1 -1
- package/cjs/server/serverStorage.js +8 -4
- package/cjs/server/serverStorage.js.map +1 -1
- package/cjs/services/AutoRenewService.js +94 -0
- package/cjs/services/AutoRenewService.js.map +1 -0
- package/cjs/services/SyncStorageService.js +93 -0
- package/cjs/services/SyncStorageService.js.map +1 -0
- package/cjs/services/index.js +30 -0
- package/cjs/services/index.js.map +1 -0
- package/cjs/tx/AuthTransaction.js +15 -9
- package/cjs/tx/AuthTransaction.js.map +1 -1
- package/cjs/tx/api.js +8 -4
- package/cjs/tx/api.js.map +1 -1
- package/cjs/tx/index.js +7 -5
- package/cjs/tx/index.js.map +1 -1
- package/cjs/tx/poll.js +6 -4
- package/cjs/tx/poll.js.map +1 -1
- package/cjs/tx/util.js +5 -1
- package/cjs/tx/util.js.map +1 -1
- package/cjs/types/Service.js +2 -0
- package/cjs/types/Service.js.map +1 -0
- package/cjs/types/Transaction.js +10 -2
- package/cjs/types/Transaction.js.map +1 -1
- package/cjs/types/index.js +29 -14
- package/cjs/types/index.js.map +1 -1
- package/cjs/util/index.js +7 -5
- package/cjs/util/index.js.map +1 -1
- package/cjs/util/misc.js +5 -1
- package/cjs/util/misc.js.map +1 -1
- package/cjs/util/object.js +16 -6
- package/cjs/util/object.js.map +1 -1
- package/cjs/util/sharedStorage.js +5 -1
- package/cjs/util/sharedStorage.js.map +1 -1
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.LICENSE.txt +0 -20
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.polyfill.js +1 -1
- package/dist/okta-auth-js.polyfill.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.LICENSE.txt +1 -19
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/{index.js → esm.browser.js} +2978 -2585
- package/esm/esm.browser.js.map +1 -0
- package/esm/esm.node.mjs +9595 -0
- package/esm/esm.node.mjs.map +1 -0
- package/lib/AuthStateManager.d.ts +3 -3
- package/lib/OktaAuth.d.ts +10 -6
- package/lib/PromiseQueue.d.ts +6 -2
- package/lib/ServiceManager.d.ts +38 -0
- package/lib/StorageManager.d.ts +1 -1
- package/lib/TokenManager.d.ts +2 -3
- package/lib/TransactionManager.d.ts +4 -5
- package/lib/browser/fingerprint.d.ts +2 -3
- package/lib/crypto/base64.d.ts +2 -0
- package/lib/crypto/webauthn.d.ts +25 -0
- package/lib/http/headers.d.ts +2 -2
- package/lib/http/request.d.ts +4 -4
- package/lib/idx/authenticate.d.ts +2 -2
- package/lib/idx/authenticator/Authenticator.d.ts +4 -5
- package/lib/idx/authenticator/OktaPassword.d.ts +8 -9
- package/lib/idx/authenticator/OktaVerifyTotp.d.ts +1 -1
- package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +11 -12
- package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +7 -7
- package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +8 -3
- package/lib/idx/authenticator/WebauthnEnrollment.d.ts +16 -0
- package/lib/idx/authenticator/WebauthnVerification.d.ts +17 -0
- package/lib/idx/authenticator/getAuthenticator.d.ts +1 -1
- package/lib/idx/authenticator/index.d.ts +9 -0
- package/lib/idx/authenticator/util.d.ts +4 -0
- package/lib/idx/cancel.d.ts +2 -2
- package/lib/idx/emailVerify.d.ts +2 -2
- package/lib/idx/flow/AccountUnlockFlow.d.ts +13 -0
- package/lib/idx/flow/FlowSpecification.d.ts +2 -2
- package/lib/idx/flow/index.d.ts +1 -0
- package/lib/idx/headers.d.ts +3 -2
- package/lib/idx/idx-js/client.d.ts +36 -0
- package/lib/idx/idx-js/index.d.ts +35 -0
- package/lib/idx/idx-js/interact.d.ts +25 -0
- package/lib/idx/idx-js/introspect.d.ts +21 -0
- package/lib/idx/idx-js/parsers.d.ts +15 -0
- package/lib/idx/idx-js/util.d.ts +12 -0
- package/lib/idx/idx-js/v1/actionParser.d.ts +16 -0
- package/lib/idx/idx-js/v1/generateIdxAction.d.ts +13 -0
- package/lib/idx/idx-js/v1/idxResponseParser.d.ts +20 -0
- package/lib/idx/idx-js/v1/makeIdxState.d.ts +13 -0
- package/lib/idx/idx-js/v1/parsers.d.ts +16 -0
- package/lib/idx/idx-js/v1/remediationParser.d.ts +12 -0
- package/lib/idx/index.d.ts +12 -11
- package/lib/idx/interact.d.ts +3 -2
- package/lib/idx/introspect.d.ts +2 -2
- package/lib/idx/poll.d.ts +2 -2
- package/lib/idx/proceed.d.ts +5 -6
- package/lib/idx/recoverPassword.d.ts +2 -2
- package/lib/idx/register.d.ts +2 -2
- package/lib/idx/remediate.d.ts +2 -2
- package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +6 -5
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +5 -8
- package/lib/idx/remediators/Base/Remediator.d.ts +6 -5
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +9 -8
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +9 -16
- package/lib/idx/remediators/ChallengePoll.d.ts +1 -0
- package/lib/idx/remediators/EnrollProfile.d.ts +0 -3
- package/lib/idx/remediators/EnrollmentChannelData.d.ts +1 -4
- package/lib/idx/remediators/Identify.d.ts +3 -5
- package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -5
- package/lib/idx/remediators/SelectAuthenticatorAuthenticate.d.ts +2 -1
- package/lib/idx/remediators/SelectAuthenticatorUnlockAccount.d.ts +37 -0
- package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +1 -0
- package/lib/idx/remediators/Skip.d.ts +0 -3
- package/lib/idx/remediators/index.d.ts +1 -0
- package/lib/idx/run.d.ts +2 -2
- package/lib/idx/startTransaction.d.ts +2 -2
- package/lib/idx/transactionMeta.d.ts +7 -7
- package/lib/idx/types/FlowIdentifier.d.ts +1 -1
- package/lib/idx/types/idx-js.d.ts +41 -1
- package/lib/idx/types/index.d.ts +27 -7
- package/lib/idx/unlockAccount.d.ts +15 -0
- package/lib/idx/util.d.ts +11 -0
- package/lib/oidc/endpoints/well-known.d.ts +3 -3
- package/lib/oidc/exchangeCodeForTokens.d.ts +2 -2
- package/lib/oidc/getToken.d.ts +2 -2
- package/lib/oidc/getWithPopup.d.ts +2 -2
- package/lib/oidc/getWithRedirect.d.ts +2 -2
- package/lib/oidc/getWithoutPrompt.d.ts +2 -2
- package/lib/oidc/handleOAuthResponse.d.ts +2 -2
- package/lib/oidc/renewToken.d.ts +2 -2
- package/lib/oidc/renewTokensWithRefresh.d.ts +2 -2
- package/lib/oidc/revokeToken.d.ts +2 -2
- package/lib/oidc/util/browser.d.ts +2 -2
- package/lib/oidc/util/defaultTokenParams.d.ts +2 -2
- package/lib/oidc/util/errors.d.ts +2 -2
- package/lib/oidc/util/loginRedirect.d.ts +4 -4
- package/lib/oidc/util/oauth.d.ts +4 -4
- package/lib/oidc/util/oauthMeta.d.ts +2 -2
- package/lib/oidc/util/prepareTokenParams.d.ts +5 -5
- package/lib/oidc/util/validateClaims.d.ts +2 -2
- package/lib/oidc/verifyToken.d.ts +2 -2
- package/lib/options/browser.d.ts +16 -0
- package/lib/options/index.d.ts +14 -0
- package/lib/options/node.d.ts +16 -0
- package/lib/services/AutoRenewService.d.ts +27 -0
- package/lib/services/{TokenService.d.ts → SyncStorageService.d.ts} +8 -5
- package/lib/services/index.d.ts +13 -0
- package/lib/types/OktaAuthOptions.d.ts +6 -2
- package/lib/types/Service.d.ts +23 -0
- package/lib/types/Storage.d.ts +7 -5
- package/lib/types/Transaction.d.ts +2 -10
- package/lib/types/api.d.ts +23 -10
- package/lib/types/index.d.ts +1 -1
- package/lib/util/sharedStorage.d.ts +1 -1
- package/package.json +32 -14
- package/polyfill/index.js +1 -0
- package/cjs/services/TokenService.js +0 -111
- package/cjs/services/TokenService.js.map +0 -1
- package/esm/index.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/browser.ts"],"names":["addListener","eventTarget","name","fn","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","document","createElement","style","display","body","appendChild","loadPopup","options","title","popupTitle","appearance","window","open","addPostMessageListener","sdk","timeout","state","responseHandler","timeoutId","msgReceivedOrTimeout","resolve","reject","e","data","origin","getIssuerOrigin","AuthSdkError","setTimeout","finally","clearTimeout"],"mappings":";;;;;;;;;;;;AAcA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAIO,SAASA,WAAT,CAAqBC,WAArB,EAAkCC,IAAlC,EAAwCC,EAAxC,EAA4C;AACjD,MAAIF,WAAW,CAACG,gBAAhB,EAAkC;AAChCH,IAAAA,WAAW,CAACG,gBAAZ,CAA6BF,IAA7B,EAAmCC,EAAnC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACI,WAAZ,CAAwB,OAAOH,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASG,cAAT,CAAwBL,WAAxB,EAAqCC,IAArC,EAA2CC,EAA3C,EAA+C;AACpD,MAAIF,WAAW,CAACM,mBAAhB,EAAqC;AACnCN,IAAAA,WAAW,CAACM,mBAAZ,CAAgCL,IAAhC,EAAsCC,EAAtC;AACD,GAFD,MAEO;AACLF,IAAAA,WAAW,CAACO,WAAZ,CAAwB,OAAON,IAA/B,EAAqCC,EAArC;AACD;AACF;;AAEM,SAASM,SAAT,CAAmBC,GAAnB,EAAwB;AAC7B,MAAIC,MAAM,GAAGC,QAAQ,CAACC,aAAT,CAAuB,QAAvB,CAAb;AACAF,EAAAA,MAAM,CAACG,KAAP,CAAaC,OAAb,GAAuB,MAAvB;AACAJ,EAAAA,MAAM,CAACD,GAAP,GAAaA,GAAb;AAEA,SAAOE,QAAQ,CAACI,IAAT,CAAcC,WAAd,CAA0BN,MAA1B,CAAP;AACD;;AAEM,SAASO,SAAT,CAAmBR,GAAnB,EAAwBS,OAAxB,EAAiC;AACtC,MAAIC,KAAK,GAAGD,OAAO,CAACE,UAAR,IAAsB,gDAAlC;AACA,MAAIC,UAAU,GAAG,gDACf,0CADF;AAEA,SAAOC,MAAM,CAACC,IAAP,CAAYd,GAAZ,EAAiBU,KAAjB,EAAwBE,UAAxB,CAAP;AACD;;AAEM,SAASG,sBAAT,CAAgCC,GAAhC,EAAwDC,OAAxD,EAAiEC,KAAjE,EAAwE;AAC7E,MAAIC,eAAJ;AACA,MAAIC,SAAJ;AACA,MAAIC,oBAAoB,GAAG,qBAAY,UAAUC,OAAV,EAAmBC,MAAnB,EAA2B;AAEhEJ,IAAAA,eAAe,GAAG,SAASA,eAAT,CAAyBK,CAAzB,EAA4B;AAC5C,UAAI,CAACA,CAAC,CAACC,IAAH,IAAWD,CAAC,CAACC,IAAF,CAAOP,KAAP,KAAiBA,KAAhC,EAAuC;AACrC;AACA;AACD,OAJ2C,CAM5C;AACA;AACA;AACA;;;AACA,UAAIM,CAAC,CAACE,MAAF,KAAaV,GAAG,CAACW,eAAJ,EAAjB,EAAwC;AACtC,eAAOJ,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,iDAAjB,CAAD,CAAb;AACD;;AACDN,MAAAA,OAAO,CAACE,CAAC,CAACC,IAAH,CAAP;AACD,KAdD;;AAgBAnC,IAAAA,WAAW,CAACuB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAX;AAEAC,IAAAA,SAAS,GAAGS,UAAU,CAAC,YAAY;AACjCN,MAAAA,MAAM,CAAC,IAAIK,oBAAJ,CAAiB,sBAAjB,CAAD,CAAN;AACD,KAFqB,EAEnBX,OAAO,IAAI,MAFQ,CAAtB;AAGD,GAvB0B,CAA3B;AAyBA,SAAOI,oBAAoB,CACxBS,OADI,CACI,YAAY;AACnBC,IAAAA,YAAY,CAACX,SAAD,CAAZ;AACAxB,IAAAA,cAAc,CAACiB,MAAD,EAAS,SAAT,EAAoBM,eAApB,CAAd;AACD,GAJI,CAAP;AAKD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthInterface } from '../../types';\n\nexport function addListener(eventTarget, name, fn) {\n if (eventTarget.addEventListener) {\n eventTarget.addEventListener(name, fn);\n } else {\n eventTarget.attachEvent('on' + name, fn);\n }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n if (eventTarget.removeEventListener) {\n eventTarget.removeEventListener(name, fn);\n } else {\n eventTarget.detachEvent('on' + name, fn);\n }\n}\n\nexport function loadFrame(src) {\n var iframe = document.createElement('iframe');\n iframe.style.display = 'none';\n iframe.src = src;\n\n return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n var title = options.popupTitle || 'External Identity Provider User Authentication';\n var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n 'top=100, left=500, width=600, height=600';\n return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuthInterface, timeout, state) {\n var responseHandler;\n var timeoutId;\n var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n responseHandler = function responseHandler(e) {\n if (!e.data || e.data.state !== state) {\n // A message not meant for us\n return;\n }\n\n // Configuration mismatch between saved token and current app instance\n // This may happen if apps with different issuers are running on the same host url\n // If they share the same storage key, they may read and write tokens in the same location.\n // Common when developing against http://localhost\n if (e.origin !== sdk.getIssuerOrigin()) {\n return reject(new AuthSdkError('The request does not match client configuration'));\n }\n resolve(e.data);\n };\n\n addListener(window, 'message', responseHandler);\n\n timeoutId = setTimeout(function () {\n reject(new AuthSdkError('OAuth flow timed out'));\n }, timeout || 120000);\n });\n\n return msgReceivedOrTimeout\n .finally(function () {\n clearTimeout(timeoutId);\n removeListener(window, 'message', responseHandler);\n });\n}\n"],"file":"browser.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/defaultTokenParams.ts"],"names":["getDefaultTokenParams","sdk","pkce","clientId","redirectUri","responseType","responseMode","scopes","state","ignoreSignature","options","defaultRedirectUri","window","location","href","undefined","nonce"],"mappings":";;;;AAcA;;AAEA;;AACA;;AAhBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,qBAAT,CAA+BC,GAA/B,EAAoE;AACzE,QAAM;AACJC,IAAAA,IADI;AAEJC,IAAAA,QAFI;AAGJC,IAAAA,WAHI;AAIJC,IAAAA,YAJI;AAKJC,IAAAA,YALI;AAMJC,IAAAA,MANI;AAOJC,IAAAA,KAPI;AAQJC,IAAAA;AARI,MASFR,GAAG,CAACS,OATR;AAUA,QAAMC,kBAAkB,GAAG,6BAAcC,MAAM,CAACC,QAAP,CAAgBC,IAA9B,GAAqCC,SAAhE;AACA,SAAO,sBAAW;AAChBb,IAAAA,IADgB;AAEhBC,IAAAA,QAFgB;AAGhBC,IAAAA,WAAW,EAAEA,WAAW,IAAIO,kBAHZ;AAIhBN,IAAAA,YAAY,EAAEA,YAAY,IAAI,CAAC,OAAD,EAAU,UAAV,CAJd;AAKhBC,IAAAA,YALgB;AAMhBE,IAAAA,KAAK,EAAEA,KAAK,IAAI,2BANA;AAOhBQ,IAAAA,KAAK,EAAE,2BAPS;AAQhBT,IAAAA,MAAM,EAAEA,MAAM,IAAI,CAAC,QAAD,EAAW,OAAX,CARF;AAShBE,IAAAA;AATgB,GAAX,CAAP;AAWD","sourcesContent":["\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthInterface, TokenParams } from '../../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthInterface): TokenParams {\n const {\n pkce,\n clientId,\n redirectUri,\n responseType,\n responseMode,\n scopes,\n state,\n ignoreSignature\n } = sdk.options;\n const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n return removeNils({\n pkce,\n clientId,\n redirectUri: redirectUri || defaultRedirectUri,\n responseType: responseType || ['token', 'id_token'],\n responseMode,\n state: state || generateState(),\n nonce: generateNonce(),\n scopes: scopes || ['openid', 'email'],\n ignoreSignature\n });\n}"],"file":"defaultTokenParams.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,QAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/errors.ts"],"names":["isInteractionRequiredError","error","name","oauthError","errorCode","isAuthorizationCodeError","sdk","authApiError","errorResponse","xhr","responseJSON","options","pkce"],"mappings":";;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAMO,SAASA,0BAAT,CAAoCC,KAApC,EAAkD;AACvD,MAAIA,KAAK,CAACC,IAAN,KAAe,YAAnB,EAAiC;AAC/B,WAAO,KAAP;AACD;;AACD,QAAMC,UAAU,GAAGF,KAAnB;AACA,SAAQE,UAAU,CAACC,SAAX,KAAyB,sBAAjC;AACD;;AAEM,SAASC,wBAAT,CAAkCC,GAAlC,EAA0DL,KAA1D,EAAwE;AAC7E,MAAIA,KAAK,CAACC,IAAN,KAAe,cAAnB,EAAmC;AACjC,WAAO,KAAP;AACD;;AACD,QAAMK,YAAY,GAAGN,KAArB,CAJ6E,CAK7E;;AACA,QAAMO,aAAa,GAAGD,YAAY,CAACE,GAAnC;AACA,QAAMC,YAAY,GAAGF,aAAH,aAAGA,aAAH,uBAAGA,aAAa,CAAEE,YAApC;AACA,SAAOJ,GAAG,CAACK,OAAJ,CAAYC,IAAZ,IAAqB,CAAAF,YAAY,SAAZ,IAAAA,YAAY,WAAZ,YAAAA,YAAY,CAAET,KAAd,MAAkC,eAA9D;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthInterface } from '../../types';\nimport { OAuthError, AuthApiError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n if (error.name !== 'OAuthError') {\n return false;\n }\n const oauthError = error as OAuthError;\n return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthInterface, error: Error) {\n if (error.name !== 'AuthApiError') {\n return false;\n }\n const authApiError = error as AuthApiError;\n // xhr property doesn't seem to match XMLHttpRequest type\n const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n"],"file":"errors.js"}
|
package/cjs/oidc/util/index.js
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var _Object$keys = require("@babel/runtime-corejs3/core-js-stable/object/keys");
|
|
4
|
+
|
|
5
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
6
|
|
|
5
7
|
var _exportNames = {
|
|
6
8
|
pkce: true
|
|
@@ -14,7 +16,7 @@ Object.defineProperty(exports, "pkce", {
|
|
|
14
16
|
|
|
15
17
|
var _browser = require("./browser");
|
|
16
18
|
|
|
17
|
-
|
|
19
|
+
_Object$keys(_browser).forEach(function (key) {
|
|
18
20
|
if (key === "default" || key === "__esModule") return;
|
|
19
21
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
20
22
|
if (key in exports && exports[key] === _browser[key]) return;
|
|
@@ -28,7 +30,7 @@ Object.keys(_browser).forEach(function (key) {
|
|
|
28
30
|
|
|
29
31
|
var _defaultTokenParams = require("./defaultTokenParams");
|
|
30
32
|
|
|
31
|
-
|
|
33
|
+
_Object$keys(_defaultTokenParams).forEach(function (key) {
|
|
32
34
|
if (key === "default" || key === "__esModule") return;
|
|
33
35
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
34
36
|
if (key in exports && exports[key] === _defaultTokenParams[key]) return;
|
|
@@ -42,7 +44,7 @@ Object.keys(_defaultTokenParams).forEach(function (key) {
|
|
|
42
44
|
|
|
43
45
|
var _errors = require("./errors");
|
|
44
46
|
|
|
45
|
-
|
|
47
|
+
_Object$keys(_errors).forEach(function (key) {
|
|
46
48
|
if (key === "default" || key === "__esModule") return;
|
|
47
49
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
48
50
|
if (key in exports && exports[key] === _errors[key]) return;
|
|
@@ -56,7 +58,7 @@ Object.keys(_errors).forEach(function (key) {
|
|
|
56
58
|
|
|
57
59
|
var _loginRedirect = require("./loginRedirect");
|
|
58
60
|
|
|
59
|
-
|
|
61
|
+
_Object$keys(_loginRedirect).forEach(function (key) {
|
|
60
62
|
if (key === "default" || key === "__esModule") return;
|
|
61
63
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
62
64
|
if (key in exports && exports[key] === _loginRedirect[key]) return;
|
|
@@ -70,7 +72,7 @@ Object.keys(_loginRedirect).forEach(function (key) {
|
|
|
70
72
|
|
|
71
73
|
var _oauth = require("./oauth");
|
|
72
74
|
|
|
73
|
-
|
|
75
|
+
_Object$keys(_oauth).forEach(function (key) {
|
|
74
76
|
if (key === "default" || key === "__esModule") return;
|
|
75
77
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
76
78
|
if (key in exports && exports[key] === _oauth[key]) return;
|
|
@@ -84,7 +86,7 @@ Object.keys(_oauth).forEach(function (key) {
|
|
|
84
86
|
|
|
85
87
|
var _oauthMeta = require("./oauthMeta");
|
|
86
88
|
|
|
87
|
-
|
|
89
|
+
_Object$keys(_oauthMeta).forEach(function (key) {
|
|
88
90
|
if (key === "default" || key === "__esModule") return;
|
|
89
91
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
90
92
|
if (key in exports && exports[key] === _oauthMeta[key]) return;
|
|
@@ -100,7 +102,7 @@ var _pkce = _interopRequireDefault(require("./pkce"));
|
|
|
100
102
|
|
|
101
103
|
var _prepareTokenParams = require("./prepareTokenParams");
|
|
102
104
|
|
|
103
|
-
|
|
105
|
+
_Object$keys(_prepareTokenParams).forEach(function (key) {
|
|
104
106
|
if (key === "default" || key === "__esModule") return;
|
|
105
107
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
106
108
|
if (key in exports && exports[key] === _prepareTokenParams[key]) return;
|
|
@@ -114,7 +116,7 @@ Object.keys(_prepareTokenParams).forEach(function (key) {
|
|
|
114
116
|
|
|
115
117
|
var _refreshToken = require("./refreshToken");
|
|
116
118
|
|
|
117
|
-
|
|
119
|
+
_Object$keys(_refreshToken).forEach(function (key) {
|
|
118
120
|
if (key === "default" || key === "__esModule") return;
|
|
119
121
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
120
122
|
if (key in exports && exports[key] === _refreshToken[key]) return;
|
|
@@ -128,7 +130,7 @@ Object.keys(_refreshToken).forEach(function (key) {
|
|
|
128
130
|
|
|
129
131
|
var _urlParams = require("./urlParams");
|
|
130
132
|
|
|
131
|
-
|
|
133
|
+
_Object$keys(_urlParams).forEach(function (key) {
|
|
132
134
|
if (key === "default" || key === "__esModule") return;
|
|
133
135
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
134
136
|
if (key in exports && exports[key] === _urlParams[key]) return;
|
|
@@ -142,7 +144,7 @@ Object.keys(_urlParams).forEach(function (key) {
|
|
|
142
144
|
|
|
143
145
|
var _validateClaims = require("./validateClaims");
|
|
144
146
|
|
|
145
|
-
|
|
147
|
+
_Object$keys(_validateClaims).forEach(function (key) {
|
|
146
148
|
if (key === "default" || key === "__esModule") return;
|
|
147
149
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
148
150
|
if (key in exports && exports[key] === _validateClaims[key]) return;
|
|
@@ -156,7 +158,7 @@ Object.keys(_validateClaims).forEach(function (key) {
|
|
|
156
158
|
|
|
157
159
|
var _validateToken = require("./validateToken");
|
|
158
160
|
|
|
159
|
-
|
|
161
|
+
_Object$keys(_validateToken).forEach(function (key) {
|
|
160
162
|
if (key === "default" || key === "__esModule") return;
|
|
161
163
|
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
162
164
|
if (key in exports && exports[key] === _validateToken[key]) return;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAcA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAEA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AACA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nexport * from './browser';\nexport * from './defaultTokenParams';\nexport * from './errors';\nexport * from './loginRedirect';\nexport * from './oauth';\nexport * from './oauthMeta';\nimport pkce from './pkce';\nexport { pkce };\nexport * from './prepareTokenParams';\nexport * from './refreshToken';\nexport * from './urlParams';\nexport * from './validateClaims';\nexport * from './validateToken';\n"],"file":"index.js"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.hasTokensInHash = hasTokensInHash;
|
|
4
6
|
exports.hasAuthorizationCode = hasAuthorizationCode;
|
|
5
7
|
exports.hasInteractionCode = hasInteractionCode;
|
|
@@ -10,6 +12,8 @@ exports.getHashOrSearch = getHashOrSearch;
|
|
|
10
12
|
exports.isLoginRedirect = isLoginRedirect;
|
|
11
13
|
exports.isInteractionRequired = isInteractionRequired;
|
|
12
14
|
|
|
15
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
16
|
+
|
|
13
17
|
/*!
|
|
14
18
|
* Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
15
19
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -51,7 +55,7 @@ function isRedirectUri(uri, sdk) {
|
|
|
51
55
|
return false;
|
|
52
56
|
}
|
|
53
57
|
|
|
54
|
-
return uri.
|
|
58
|
+
return (0, _indexOf.default)(uri).call(uri, authParams.redirectUri) === 0;
|
|
55
59
|
}
|
|
56
60
|
|
|
57
61
|
function isCodeFlow(options) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/loginRedirect.ts"],"names":["hasTokensInHash","hash","test","hasAuthorizationCode","hashOrSearch","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","sdk","authParams","options","redirectUri","isCodeFlow","pkce","responseType","responseMode","getHashOrSearch","codeFlow","useQuery","window","location","search","isLoginRedirect","href","hasCode","isInteractionRequired"],"mappings":";;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;;AACA;AAGO,SAASA,eAAT,CAAyBC,IAAzB,EAAgD;AACrD,SAAO,wBAAwBC,IAAxB,CAA6BD,IAA7B,CAAP;AACD,C,CAED;;;AACO,SAASE,oBAAT,CAA8BC,YAA9B,EAA6D;AAClE,SAAO,WAAWF,IAAX,CAAgBE,YAAhB,CAAP;AACD,C,CAED;;;AACO,SAASC,kBAAT,CAA4BD,YAA5B,EAA2D;AAChE,SAAO,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAP;AACD;;AAEM,SAASE,aAAT,CAAuBF,YAAvB,EAAsD;AAC3D,SAAO,YAAYF,IAAZ,CAAiBE,YAAjB,KAAkC,uBAAuBF,IAAvB,CAA4BE,YAA5B,CAAzC;AACD;;AAEM,SAASG,aAAT,CAAuBC,GAAvB,EAAoCC,GAApC,EAAqE;AAC1E,MAAIC,UAAU,GAAGD,GAAG,CAACE,OAArB;;AACA,MAAI,CAACH,GAAD,IAAQ,CAACE,UAAU,CAACE,WAAxB,EAAqC;AACnC,WAAO,KAAP;AACD;;AACD,SAAO,sBAAAJ,GAAG,MAAH,CAAAA,GAAG,EAASE,UAAU,CAACE,WAApB,CAAH,KAAwC,CAA/C;AACD;;AAEM,SAASC,UAAT,CAAoBF,OAApB,EAA8C;AACnD,SAAOA,OAAO,CAACG,IAAR,IAAgBH,OAAO,CAACI,YAAR,KAAyB,MAAzC,IAAmDJ,OAAO,CAACK,YAAR,KAAyB,OAAnF;AACD;;AAEM,SAASC,eAAT,CAAyBN,OAAzB,EAAmD;AACxD,MAAIO,QAAQ,GAAGL,UAAU,CAACF,OAAD,CAAzB;AACA,MAAIQ,QAAQ,GAAGD,QAAQ,IAAIP,OAAO,CAACK,YAAR,KAAyB,UAApD;AACA,SAAOG,QAAQ,GAAGC,MAAM,CAACC,QAAP,CAAgBC,MAAnB,GAA4BF,MAAM,CAACC,QAAP,CAAgBpB,IAA3D;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASsB,eAAT,CAA0Bd,GAA1B,EAAkD;AACvD;AACA,MAAI,CAACF,aAAa,CAACa,MAAM,CAACC,QAAP,CAAgBG,IAAjB,EAAuBf,GAAvB,CAAlB,EAA8C;AAC5C,WAAO,KAAP;AACD,GAJsD,CAMvD;;;AACA,MAAIS,QAAQ,GAAGL,UAAU,CAACJ,GAAG,CAACE,OAAL,CAAzB;AACA,MAAIP,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAAlC;;AAEA,MAAIL,aAAa,CAACF,YAAD,CAAjB,EAAiC;AAC/B,WAAO,IAAP;AACD;;AAED,MAAIc,QAAJ,EAAc;AACZ,QAAIO,OAAO,GAAItB,oBAAoB,CAACC,YAAD,CAApB,IAAsCC,kBAAkB,CAACD,YAAD,CAAvE;AACA,WAAOqB,OAAP;AACD,GAjBsD,CAmBvD;;;AACA,SAAOzB,eAAe,CAACoB,MAAM,CAACC,QAAP,CAAgBpB,IAAjB,CAAtB;AACD;AAED;AACA;AACA;AACA;;;AACO,SAASyB,qBAAT,CAAgCjB,GAAhC,EAAwDL,YAAxD,EAA+E;AACpF,MAAI,CAACA,YAAL,EAAmB;AAAE;AACnB;AACA,QAAI,CAACmB,eAAe,CAACd,GAAD,CAApB,EAA0B;AACxB,aAAO,KAAP;AACD;;AAEDL,IAAAA,YAAY,GAAGa,eAAe,CAACR,GAAG,CAACE,OAAL,CAA9B;AACD;;AACD,SAAO,gCAAgCT,IAAhC,CAAqCE,YAArC,CAAP;AACD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthInterface, OktaAuthOptions } from '../../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthInterface): boolean {\n var authParams = sdk.options;\n if (!uri || !authParams.redirectUri) {\n return false;\n }\n return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOptions) {\n return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOptions) {\n var codeFlow = isCodeFlow(options);\n var useQuery = codeFlow && options.responseMode !== 'fragment';\n return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthInterface) {\n // First check, is this a redirect URI?\n if (!isRedirectUri(window.location.href, sdk)){\n return false;\n }\n\n // The location contains either a code, token, or an error + error_description\n var codeFlow = isCodeFlow(sdk.options);\n var hashOrSearch = getHashOrSearch(sdk.options);\n\n if (hasErrorInUrl(hashOrSearch)) {\n return true;\n }\n\n if (codeFlow) {\n var hasCode = hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n return hasCode;\n }\n\n // implicit flow, will always be hash fragment\n return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthInterface, hashOrSearch?: string) {\n if (!hashOrSearch) { // web only\n // First check, is this a redirect URI?\n if (!isLoginRedirect(sdk)){\n return false;\n }\n \n hashOrSearch = getHashOrSearch(sdk.options);\n }\n return /(error=interaction_required)/i.test(hashOrSearch);\n}"],"file":"loginRedirect.js"}
|
package/cjs/oidc/util/oauth.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
4
|
|
|
5
5
|
exports.generateState = generateState;
|
|
6
6
|
exports.generateNonce = generateNonce;
|
|
@@ -8,6 +8,8 @@ exports.getOAuthBaseUrl = getOAuthBaseUrl;
|
|
|
8
8
|
exports.getOAuthDomain = getOAuthDomain;
|
|
9
9
|
exports.getOAuthUrls = getOAuthUrls;
|
|
10
10
|
|
|
11
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
12
|
+
|
|
11
13
|
var _util = require("../../util");
|
|
12
14
|
|
|
13
15
|
var _AuthSdkError = _interopRequireDefault(require("../../errors/AuthSdkError"));
|
|
@@ -41,7 +43,7 @@ function getIssuer(sdk, options = {}) {
|
|
|
41
43
|
|
|
42
44
|
function getOAuthBaseUrl(sdk, options = {}) {
|
|
43
45
|
const issuer = getIssuer(sdk, options);
|
|
44
|
-
const baseUrl = issuer.
|
|
46
|
+
const baseUrl = (0, _indexOf.default)(issuer).call(issuer, '/oauth2') > 0 ? issuer : issuer + '/oauth2';
|
|
45
47
|
return baseUrl;
|
|
46
48
|
}
|
|
47
49
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/oauth.ts"],"names":["generateState","generateNonce","getIssuer","sdk","options","issuer","getOAuthBaseUrl","baseUrl","getOAuthDomain","domain","split","getOAuthUrls","arguments","length","AuthSdkError","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl"],"mappings":";;;;;;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAEM,SAASC,aAAT,GAAyB;AAC9B,SAAO,2BAAgB,EAAhB,CAAP;AACD;;AAED,SAASC,SAAT,CAAmBC,GAAnB,EAA2CC,OAAmB,GAAG,EAAjE,EAAqE;AACnE,QAAMC,MAAM,GAAG,+BAAoBD,OAAO,CAACC,MAA5B,KAAuCF,GAAG,CAACC,OAAJ,CAAYC,MAAlE;AACA,SAAOA,MAAP;AACD;;AAEM,SAASC,eAAT,CAAyBH,GAAzB,EAAiDC,OAAmB,GAAG,EAAvE,EAA2E;AAChF,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMG,OAAO,GAAG,sBAAAF,MAAM,MAAN,CAAAA,MAAM,EAAS,SAAT,CAAN,GAA4B,CAA5B,GAAgCA,MAAhC,GAAyCA,MAAM,GAAG,SAAlE;AACA,SAAOE,OAAP;AACD;;AAEM,SAASC,cAAT,CAAwBL,GAAxB,EAAgDC,OAAmB,GAAG,EAAtE,EAA0E;AAC/E,QAAMC,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAxB;AACA,QAAMK,MAAM,GAAGJ,MAAM,CAACK,KAAP,CAAa,SAAb,EAAwB,CAAxB,CAAf;AACA,SAAOD,MAAP;AACD;;AAEM,SAASE,YAAT,CAAsBR,GAAtB,EAA8CC,OAA9C,EAAgF;AACrF,MAAIQ,SAAS,CAACC,MAAV,GAAmB,CAAvB,EAA0B;AACxB,UAAM,IAAIC,qBAAJ,CAAiB,sEAAjB,CAAN;AACD;;AACDV,EAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB,CAJqF,CAMrF;;AACA,MAAIW,YAAY,GAAG,+BAAoBX,OAAO,CAACW,YAA5B,KAA6CZ,GAAG,CAACC,OAAJ,CAAYW,YAA5E;AACA,MAAIV,MAAM,GAAGH,SAAS,CAACC,GAAD,EAAMC,OAAN,CAAtB;AACA,MAAIY,WAAW,GAAG,+BAAoBZ,OAAO,CAACY,WAA5B,KAA4Cb,GAAG,CAACC,OAAJ,CAAYY,WAA1E;AACA,MAAIC,QAAQ,GAAG,+BAAoBb,OAAO,CAACa,QAA5B,KAAyCd,GAAG,CAACC,OAAJ,CAAYa,QAApE;AACA,MAAIC,SAAS,GAAG,+BAAoBd,OAAO,CAACc,SAA5B,KAA0Cf,GAAG,CAACC,OAAJ,CAAYc,SAAtE;AACA,MAAIC,SAAS,GAAG,+BAAoBf,OAAO,CAACe,SAA5B,KAA0ChB,GAAG,CAACC,OAAJ,CAAYe,SAAtE;AAEA,MAAIZ,OAAO,GAAGD,eAAe,CAACH,GAAD,EAAMC,OAAN,CAA7B;AAEAW,EAAAA,YAAY,GAAGA,YAAY,IAAIR,OAAO,GAAG,eAAzC;AACAS,EAAAA,WAAW,GAAGA,WAAW,IAAIT,OAAO,GAAG,cAAvC;AACAU,EAAAA,QAAQ,GAAGA,QAAQ,IAAIV,OAAO,GAAG,WAAjC;AACAY,EAAAA,SAAS,GAAGA,SAAS,IAAIZ,OAAO,GAAG,YAAnC;AACAW,EAAAA,SAAS,GAAGA,SAAS,IAAIX,OAAO,GAAG,YAAnC;AAEA,SAAO;AACLF,IAAAA,MAAM,EAAEA,MADH;AAELU,IAAAA,YAAY,EAAEA,YAFT;AAGLC,IAAAA,WAAW,EAAEA,WAHR;AAILC,IAAAA,QAAQ,EAAEA,QAJL;AAKLE,IAAAA,SAAS,EAAEA,SALN;AAMLD,IAAAA,SAAS,EAAEA;AANN,GAAP;AAQD","sourcesContent":["/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthInterface, CustomUrls } from '../../types';\n\nexport function generateState() {\n return genRandomString(64);\n}\n\nexport function generateNonce() {\n return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthInterface, options: CustomUrls = {}) {\n const issuer = getIssuer(sdk, options);\n const domain = issuer.split('/oauth2')[0];\n return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthInterface, options?: CustomUrls): CustomUrls {\n if (arguments.length > 2) {\n throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n }\n options = options || {};\n\n // Get user-supplied arguments\n var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n var issuer = getIssuer(sdk, options);\n var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n var baseUrl = getOAuthBaseUrl(sdk, options);\n\n authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n tokenUrl = tokenUrl || baseUrl + '/v1/token';\n revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n return {\n issuer: issuer,\n authorizeUrl: authorizeUrl,\n userinfoUrl: userinfoUrl,\n tokenUrl: tokenUrl,\n revokeUrl: revokeUrl,\n logoutUrl: logoutUrl\n };\n}\n"],"file":"oauth.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/oauthMeta.ts"],"names":["createOAuthMeta","sdk","tokenParams","issuer","options","urls","oauthMeta","clientId","redirectUri","responseType","responseMode","scopes","state","nonce","ignoreSignature","pkce","pkceMeta","codeVerifier","codeChallengeMethod","codeChallenge"],"mappings":";;;;AAEA;;AAFA;AAIO,SAASA,eAAT,CACLC,GADK,EAELC,WAFK,EAGuC;AAC5C,QAAMC,MAAM,GAAGF,GAAG,CAACG,OAAJ,CAAYD,MAA3B;AACA,QAAME,IAAI,GAAG,yBAAaJ,GAAb,EAAkBC,WAAlB,CAAb;AACA,QAAMI,SAA+B,GAAG;AACtCH,IAAAA,MADsC;AAEtCE,IAAAA,IAFsC;AAGtCE,IAAAA,QAAQ,EAAEL,WAAW,CAACK,QAHgB;AAItCC,IAAAA,WAAW,EAAEN,WAAW,CAACM,WAJa;AAKtCC,IAAAA,YAAY,EAAEP,WAAW,CAACO,YALY;AAMtCC,IAAAA,YAAY,EAAER,WAAW,CAACQ,YANY;AAOtCC,IAAAA,MAAM,EAAET,WAAW,CAACS,MAPkB;AAQtCC,IAAAA,KAAK,EAAEV,WAAW,CAACU,KARmB;AAStCC,IAAAA,KAAK,EAAEX,WAAW,CAACW,KATmB;AAUtCC,IAAAA,eAAe,EAAEZ,WAAW,CAACY;AAVS,GAAxC;;AAaA,MAAIZ,WAAW,CAACa,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOT,SAAP;AACD;;AAED,QAAMU,QAA6B,GAAG,EACpC,GAAGV,SADiC;AAEpCW,IAAAA,YAAY,EAAEf,WAAW,CAACe,YAFU;AAGpCC,IAAAA,mBAAmB,EAAEhB,WAAW,CAACgB,mBAHG;AAIpCC,IAAAA,aAAa,EAAEjB,WAAW,CAACiB;AAJS,GAAtC;AAOA,SAAOH,QAAP;AACD","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthInterface, PKCETransactionMeta, TokenParams } from '../../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n sdk: OktaAuthInterface, \n tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n const issuer = sdk.options.issuer!;\n const urls = getOAuthUrls(sdk, tokenParams);\n const oauthMeta: OAuthTransactionMeta = {\n issuer,\n urls,\n clientId: tokenParams.clientId!,\n redirectUri: tokenParams.redirectUri!,\n responseType: tokenParams.responseType!,\n responseMode: tokenParams.responseMode!,\n scopes: tokenParams.scopes!,\n state: tokenParams.state!,\n nonce: tokenParams.nonce!,\n ignoreSignature: tokenParams.ignoreSignature!,\n };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return oauthMeta;\n }\n\n const pkceMeta: PKCETransactionMeta = {\n ...oauthMeta,\n codeVerifier: tokenParams.codeVerifier!,\n codeChallengeMethod: tokenParams.codeChallengeMethod!,\n codeChallenge: tokenParams.codeChallenge!,\n };\n\n return pkceMeta;\n}\n"],"file":"oauthMeta.js"}
|
package/cjs/oidc/util/pkce.js
CHANGED
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
3
5
|
exports.default = void 0;
|
|
4
6
|
|
|
7
|
+
var _from = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/array/from"));
|
|
8
|
+
|
|
9
|
+
var _slice = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/slice"));
|
|
10
|
+
|
|
5
11
|
var _crypto = require("../../crypto");
|
|
6
12
|
|
|
7
13
|
var _constants = require("../../constants");
|
|
@@ -29,18 +35,20 @@ function getRandomString(length) {
|
|
|
29
35
|
|
|
30
36
|
_crypto.webcrypto.getRandomValues(a);
|
|
31
37
|
|
|
32
|
-
var str =
|
|
33
|
-
return str.
|
|
38
|
+
var str = (0, _from.default)(a, dec2hex).join('');
|
|
39
|
+
return (0, _slice.default)(str).call(str, 0, length);
|
|
34
40
|
}
|
|
35
41
|
|
|
36
42
|
function generateVerifier(prefix) {
|
|
43
|
+
var _context;
|
|
44
|
+
|
|
37
45
|
var verifier = prefix || '';
|
|
38
46
|
|
|
39
47
|
if (verifier.length < _constants.MIN_VERIFIER_LENGTH) {
|
|
40
48
|
verifier = verifier + getRandomString(_constants.MIN_VERIFIER_LENGTH - verifier.length);
|
|
41
49
|
}
|
|
42
50
|
|
|
43
|
-
return encodeURIComponent(verifier).
|
|
51
|
+
return (0, _slice.default)(_context = encodeURIComponent(verifier)).call(_context, 0, _constants.MAX_VERIFIER_LENGTH);
|
|
44
52
|
}
|
|
45
53
|
|
|
46
54
|
function computeChallenge(str) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/pkce.ts"],"names":["dec2hex","dec","toString","substr","getRandomString","length","a","Uint8Array","Math","ceil","webcrypto","getRandomValues","str","join","generateVerifier","prefix","verifier","MIN_VERIFIER_LENGTH","encodeURIComponent","MAX_VERIFIER_LENGTH","computeChallenge","buffer","TextEncoder","encode","subtle","digest","then","arrayBuffer","hash","String","fromCharCode","apply","b64u","DEFAULT_CODE_CHALLENGE_METHOD"],"mappings":";;;;;;;;;;AAcA;;AACA;;AAfA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEC;AAID,SAASA,OAAT,CAAkBC,GAAlB,EAAuB;AACrB,SAAO,CAAC,MAAMA,GAAG,CAACC,QAAJ,CAAa,EAAb,CAAP,EAAyBC,MAAzB,CAAgC,CAAC,CAAjC,CAAP;AACD;;AAED,SAASC,eAAT,CAAyBC,MAAzB,EAAiC;AAC/B,MAAIC,CAAC,GAAG,IAAIC,UAAJ,CAAeC,IAAI,CAACC,IAAL,CAAUJ,MAAM,GAAG,CAAnB,CAAf,CAAR;;AACAK,oBAAUC,eAAV,CAA0BL,CAA1B;;AACA,MAAIM,GAAG,GAAG,mBAAWN,CAAX,EAAcN,OAAd,EAAuBa,IAAvB,CAA4B,EAA5B,CAAV;AACA,SAAO,oBAAAD,GAAG,MAAH,CAAAA,GAAG,EAAO,CAAP,EAAUP,MAAV,CAAV;AACD;;AAED,SAASS,gBAAT,CAA0BC,MAA1B,EAAmD;AAAA;;AACjD,MAAIC,QAAQ,GAAGD,MAAM,IAAI,EAAzB;;AACA,MAAIC,QAAQ,CAACX,MAAT,GAAkBY,8BAAtB,EAA2C;AACzCD,IAAAA,QAAQ,GAAGA,QAAQ,GAAGZ,eAAe,CAACa,iCAAsBD,QAAQ,CAACX,MAAhC,CAArC;AACD;;AACD,SAAO,+BAAAa,kBAAkB,CAACF,QAAD,CAAlB,iBAAmC,CAAnC,EAAsCG,8BAAtC,CAAP;AACD;;AAED,SAASC,gBAAT,CAA0BR,GAA1B,EAAyD;AACvD,MAAIS,MAAM,GAAG,IAAIC,WAAJ,GAAkBC,MAAlB,CAAyBX,GAAzB,CAAb;AACA,SAAOF,kBAAUc,MAAV,CAAiBC,MAAjB,CAAwB,SAAxB,EAAmCJ,MAAnC,EAA2CK,IAA3C,CAAgD,UAASC,WAAT,EAAsB;AAC3E,QAAIC,IAAI,GAAGC,MAAM,CAACC,YAAP,CAAoBC,KAApB,CAA0B,IAA1B,EAAgC,IAAIxB,UAAJ,CAAeoB,WAAf,CAAhC,CAAX;AACA,QAAIK,IAAI,GAAG,+BAAkBJ,IAAlB,CAAX,CAF2E,CAEvC;;AACpC,WAAOI,IAAP;AACD,GAJM,CAAP;AAKD;;eAEc;AACbC,EAAAA,6BAA6B,EAA7BA,wCADa;AAEbnB,EAAAA,gBAFa;AAGbM,EAAAA;AAHa,C","sourcesContent":["/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n var a = new Uint8Array(Math.ceil(length / 2));\n webcrypto.getRandomValues(a);\n var str = Array.from(a, dec2hex).join('');\n return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n var verifier = prefix || '';\n if (verifier.length < MIN_VERIFIER_LENGTH) {\n verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n }\n return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> { \n var buffer = new TextEncoder().encode(str);\n return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n var b64u = stringToBase64Url(hash); // url-safe base64 variant\n return b64u;\n });\n}\n\nexport default {\n DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier,\n computeChallenge\n};\n"],"file":"pkce.js"}
|
|
@@ -1,18 +1,18 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
4
|
|
|
5
5
|
exports.assertPKCESupport = assertPKCESupport;
|
|
6
6
|
exports.validateCodeChallengeMethod = validateCodeChallengeMethod;
|
|
7
7
|
exports.preparePKCE = preparePKCE;
|
|
8
8
|
exports.prepareTokenParams = prepareTokenParams;
|
|
9
9
|
|
|
10
|
+
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
11
|
+
|
|
10
12
|
var _wellKnown = require("../endpoints/well-known");
|
|
11
13
|
|
|
12
14
|
var _errors = require("../../errors");
|
|
13
15
|
|
|
14
|
-
var _util = require("../../util");
|
|
15
|
-
|
|
16
16
|
var _defaultTokenParams = require("./defaultTokenParams");
|
|
17
17
|
|
|
18
18
|
var _constants = require("../../constants");
|
|
@@ -58,7 +58,7 @@ async function validateCodeChallengeMethod(sdk, codeChallengeMethod) {
|
|
|
58
58
|
const wellKnownResponse = await (0, _wellKnown.getWellKnown)(sdk);
|
|
59
59
|
var methods = wellKnownResponse['code_challenge_methods_supported'] || [];
|
|
60
60
|
|
|
61
|
-
if (methods.
|
|
61
|
+
if ((0, _indexOf.default)(methods).call(methods, codeChallengeMethod) === -1) {
|
|
62
62
|
throw new _errors.AuthSdkError('Invalid code_challenge_method');
|
|
63
63
|
}
|
|
64
64
|
|
|
@@ -96,7 +96,9 @@ async function preparePKCE(sdk, tokenParams) {
|
|
|
96
96
|
async function prepareTokenParams(sdk, tokenParams = {}) {
|
|
97
97
|
// build params using defaults + options
|
|
98
98
|
const defaults = (0, _defaultTokenParams.getDefaultTokenParams)(sdk);
|
|
99
|
-
tokenParams =
|
|
99
|
+
tokenParams = { ...defaults,
|
|
100
|
+
...tokenParams
|
|
101
|
+
};
|
|
100
102
|
|
|
101
103
|
if (tokenParams.pkce === false) {
|
|
102
104
|
// Implicit flow or authorization_code without PKCE
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","methods","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/prepareTokenParams.ts"],"names":["assertPKCESupport","sdk","features","isPKCESupported","errorMessage","isHTTPS","hasTextEncoder","AuthSdkError","validateCodeChallengeMethod","codeChallengeMethod","options","DEFAULT_CODE_CHALLENGE_METHOD","wellKnownResponse","methods","preparePKCE","tokenParams","codeVerifier","codeChallenge","PKCE","generateVerifier","computeChallenge","responseType","prepareTokenParams","defaults","pkce"],"mappings":";;;;;;;;;;;AAaA;;AACA;;AAEA;;AACA;;AACA;;AAlBA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQO,SAASA,iBAAT,CAA2BC,GAA3B,EAAmD;AACxD,MAAI,CAACA,GAAG,CAACC,QAAJ,CAAaC,eAAb,EAAL,EAAqC;AACnC,QAAIC,YAAY,GAAG,qFAAnB;;AACA,QAAI,CAACH,GAAG,CAACC,QAAJ,CAAaG,OAAb,EAAL,EAA6B;AAC3B;AACAD,MAAAA,YAAY,IAAI,kGAAhB;AACD;;AACD,QAAI,CAACH,GAAG,CAACC,QAAJ,CAAaI,cAAb,EAAL,EAAoC;AAClC;AACAF,MAAAA,YAAY,IAAI,wGAAhB;AACD;;AACD,UAAM,IAAIG,oBAAJ,CAAiBH,YAAjB,CAAN;AACD;AACF;;AAEM,eAAeI,2BAAf,CAA2CP,GAA3C,EAAmEQ,mBAAnE,EAAiG;AACtG;AACAA,EAAAA,mBAAmB,GAAGA,mBAAmB,IAAIR,GAAG,CAACS,OAAJ,CAAYD,mBAAnC,IAA0DE,wCAAhF,CAFsG,CAItG;;AACA,QAAMC,iBAAiB,GAAG,MAAM,6BAAaX,GAAb,CAAhC;AACA,MAAIY,OAAO,GAAGD,iBAAiB,CAAC,kCAAD,CAAjB,IAAyD,EAAvE;;AACA,MAAI,sBAAAC,OAAO,MAAP,CAAAA,OAAO,EAASJ,mBAAT,CAAP,KAAyC,CAAC,CAA9C,EAAiD;AAC/C,UAAM,IAAIF,oBAAJ,CAAiB,+BAAjB,CAAN;AACD;;AACD,SAAOE,mBAAP;AACD;;AAEM,eAAeK,WAAf,CACLb,GADK,EAELc,WAFK,EAGiB;AACtB,MAAI;AACFC,IAAAA,YADE;AAEFC,IAAAA,aAFE;AAGFR,IAAAA;AAHE,MAIAM,WAJJ,CADsB,CAOtB;;AACAE,EAAAA,aAAa,GAAGA,aAAa,IAAIhB,GAAG,CAACS,OAAJ,CAAYO,aAA7C;;AACA,MAAI,CAACA,aAAL,EAAoB;AAClBjB,IAAAA,iBAAiB,CAACC,GAAD,CAAjB;AACAe,IAAAA,YAAY,GAAGA,YAAY,IAAIE,cAAKC,gBAAL,EAA/B;AACAF,IAAAA,aAAa,GAAG,MAAMC,cAAKE,gBAAL,CAAsBJ,YAAtB,CAAtB;AACD;;AACDP,EAAAA,mBAAmB,GAAG,MAAMD,2BAA2B,CAACP,GAAD,EAAMQ,mBAAN,CAAvD,CAdsB,CAgBtB;;AACAM,EAAAA,WAAW,GAAG,EACZ,GAAGA,WADS;AAEZM,IAAAA,YAAY,EAAE,MAFF;AAEU;AACtBL,IAAAA,YAHY;AAIZC,IAAAA,aAJY;AAKZR,IAAAA;AALY,GAAd;AAQA,SAAOM,WAAP;AACD,C,CAED;;;AACO,eAAeO,kBAAf,CACLrB,GADK,EAELc,WAAwB,GAAG,EAFtB,EAGiB;AACtB;AACA,QAAMQ,QAAQ,GAAG,+CAAsBtB,GAAtB,CAAjB;AACAc,EAAAA,WAAW,GAAG,EAAE,GAAGQ,QAAL;AAAe,OAAGR;AAAlB,GAAd;;AAEA,MAAIA,WAAW,CAACS,IAAZ,KAAqB,KAAzB,EAAgC;AAC9B;AACA,WAAOT,WAAP;AACD;;AAED,SAAOD,WAAW,CAACb,GAAD,EAAMc,WAAN,CAAlB;AACD","sourcesContent":["/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthInterface, TokenParams } from '../../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\n\nexport function assertPKCESupport(sdk: OktaAuthInterface) {\n if (!sdk.features.isPKCESupported()) {\n var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n if (!sdk.features.isHTTPS()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n }\n if (!sdk.features.hasTextEncoder()) {\n // eslint-disable-next-line max-len\n errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n }\n throw new AuthSdkError(errorMessage);\n }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthInterface, codeChallengeMethod?: string) {\n // set default code challenge method, if none provided\n codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n // validate against .well-known/openid-configuration\n const wellKnownResponse = await getWellKnown(sdk);\n var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n if (methods.indexOf(codeChallengeMethod) === -1) {\n throw new AuthSdkError('Invalid code_challenge_method');\n }\n return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n sdk: OktaAuthInterface, \n tokenParams: TokenParams\n): Promise<TokenParams> {\n let {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n } = tokenParams;\n\n // PKCE calculations can be avoided by passing a codeChallenge\n codeChallenge = codeChallenge || sdk.options.codeChallenge;\n if (!codeChallenge) {\n assertPKCESupport(sdk);\n codeVerifier = codeVerifier || PKCE.generateVerifier();\n codeChallenge = await PKCE.computeChallenge(codeVerifier);\n }\n codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n // Clone/copy the params. Set PKCE values\n tokenParams = {\n ...tokenParams,\n responseType: 'code', // responseType is forced\n codeVerifier,\n codeChallenge,\n codeChallengeMethod\n };\n\n return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n sdk: OktaAuthInterface,\n tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n // build params using defaults + options\n const defaults = getDefaultTokenParams(sdk);\n tokenParams = { ...defaults, ...tokenParams };\n\n if (tokenParams.pkce === false) {\n // Implicit flow or authorization_code without PKCE\n return tokenParams;\n }\n\n return preparePKCE(sdk, tokenParams);\n}"],"file":"prepareTokenParams.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":";;;;;;AAeA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/oidc/util/validateClaims.ts"],"names":["validateClaims","sdk","claims","validationParams","aud","clientId","iss","issuer","nonce","AuthSdkError","now","Math","floor","Date","iat","exp","options","ignoreLifetime","maxClockSkew"],"mappings":";;;;;;AAeA;;AAfA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAKO,SAASA,cAAT,CAAwBC,GAAxB,EAAgDC,MAAhD,EAAoEC,gBAApE,EAAyG;AAC9G,MAAIC,GAAG,GAAGD,gBAAgB,CAACE,QAA3B;AACA,MAAIC,GAAG,GAAGH,gBAAgB,CAACI,MAA3B;AACA,MAAIC,KAAK,GAAGL,gBAAgB,CAACK,KAA7B;;AAEA,MAAI,CAACN,MAAD,IAAW,CAACI,GAAZ,IAAmB,CAACF,GAAxB,EAA6B;AAC3B,UAAM,IAAIK,qBAAJ,CAAiB,kDAAjB,CAAN;AACD;;AAED,MAAID,KAAK,IAAIN,MAAM,CAACM,KAAP,KAAiBA,KAA9B,EAAqC;AACnC,UAAM,IAAIC,qBAAJ,CAAiB,wDAAjB,CAAN;AACD;;AAED,MAAIC,GAAG,GAAGC,IAAI,CAACC,KAAL,CAAWC,IAAI,CAACH,GAAL,KAAW,IAAtB,CAAV;;AAEA,MAAIR,MAAM,CAACI,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIG,qBAAJ,CAAiB,iBAAiBP,MAAM,CAACI,GAAxB,GAA8B,IAA9B,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIJ,MAAM,CAACE,GAAP,KAAeA,GAAnB,EAAwB;AACtB,UAAM,IAAIK,qBAAJ,CAAiB,mBAAmBP,MAAM,CAACE,GAA1B,GAAgC,IAAhC,GACrB,kBADqB,GACAA,GADA,GACM,GADvB,CAAN;AAED;;AAED,MAAIF,MAAM,CAACY,GAAP,GAAcZ,MAAM,CAACa,GAAzB,EAA+B;AAC7B,UAAM,IAAIN,qBAAJ,CAAiB,sCAAjB,CAAN;AACD;;AAED,MAAI,CAACR,GAAG,CAACe,OAAJ,CAAYC,cAAjB,EAAiC;AAC/B,QAAKP,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAAnB,GAAoChB,MAAM,CAACa,GAA/C,EAAqD;AACnD,YAAM,IAAIN,qBAAJ,CAAiB,wCAAjB,CAAN;AACD;;AAED,QAAIP,MAAM,CAACY,GAAP,GAAeJ,GAAG,GAAGT,GAAG,CAACe,OAAJ,CAAYE,YAArC,EAAqD;AACnD,YAAM,IAAIT,qBAAJ,CAAiB,kCAAjB,CAAN;AACD;AACF;AACF","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthInterface, TokenVerifyParams, UserClaims } from '../../types';\n\nexport function validateClaims(sdk: OktaAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n var aud = validationParams.clientId;\n var iss = validationParams.issuer;\n var nonce = validationParams.nonce;\n\n if (!claims || !iss || !aud) {\n throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n }\n\n if (nonce && claims.nonce !== nonce) {\n throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n }\n\n var now = Math.floor(Date.now()/1000);\n\n if (claims.iss !== iss) {\n throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n 'does not match [' + iss + ']');\n }\n\n if (claims.aud !== aud) {\n throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n 'does not match [' + aud + ']');\n }\n\n if (claims.iat! > claims.exp!) {\n throw new AuthSdkError('The JWT expired before it was issued');\n }\n\n if (!sdk.options.ignoreLifetime) {\n if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n throw new AuthSdkError('The JWT expired and is no longer valid');\n }\n\n if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n throw new AuthSdkError('The JWT was issued in the future');\n }\n }\n}\n"],"file":"validateClaims.js"}
|
package/cjs/oidc/verifyToken.js
CHANGED
|
@@ -1,7 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _WeakMap = require("@babel/runtime-corejs3/core-js-stable/weak-map");
|
|
4
|
+
|
|
5
|
+
var _Object$getOwnPropertyDescriptor = require("@babel/runtime-corejs3/core-js-stable/object/get-own-property-descriptor");
|
|
6
|
+
|
|
7
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
8
|
+
|
|
3
9
|
exports.verifyToken = verifyToken;
|
|
4
10
|
|
|
11
|
+
var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
|
|
12
|
+
|
|
5
13
|
var _wellKnown = require("./endpoints/well-known");
|
|
6
14
|
|
|
7
15
|
var _util = require("./util");
|
|
@@ -12,9 +20,9 @@ var _decodeToken = require("./decodeToken");
|
|
|
12
20
|
|
|
13
21
|
var sdkCrypto = _interopRequireWildcard(require("../crypto"));
|
|
14
22
|
|
|
15
|
-
function _getRequireWildcardCache(nodeInterop) { if (typeof
|
|
23
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof _WeakMap !== "function") return null; var cacheBabelInterop = new _WeakMap(); var cacheNodeInterop = new _WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
16
24
|
|
|
17
|
-
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty &&
|
|
25
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && _Object$getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? _Object$getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
18
26
|
|
|
19
27
|
/* eslint-disable max-len */
|
|
20
28
|
|
|
@@ -46,7 +54,7 @@ async function verifyToken(sdk, token, validationParams) {
|
|
|
46
54
|
const {
|
|
47
55
|
issuer
|
|
48
56
|
} = await (0, _wellKnown.getWellKnown)(sdk, configuredIssuer);
|
|
49
|
-
var validationOptions =
|
|
57
|
+
var validationOptions = (0, _assign.default)({
|
|
50
58
|
// base options, can be overridden by params
|
|
51
59
|
clientId: sdk.options.clientId,
|
|
52
60
|
ignoreSignature: sdk.options.ignoreSignature
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../lib/oidc/verifyToken.ts"],"names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","configuredIssuer","issuer","options","validationOptions","
|
|
1
|
+
{"version":3,"sources":["../../../lib/oidc/verifyToken.ts"],"names":["verifyToken","sdk","token","validationParams","idToken","AuthSdkError","jwt","configuredIssuer","issuer","options","validationOptions","clientId","ignoreSignature","payload","features","isTokenVerifySupported","key","header","kid","valid","sdkCrypto","accessToken","claims","at_hash","hash","getOidcHash"],"mappings":";;;;;;;;;;;;AAcA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAnBA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAQA;AACO,eAAeA,WAAf,CAA2BC,GAA3B,EAAmDC,KAAnD,EAAmEC,gBAAnE,EAA0H;AAC/H,MAAI,CAACD,KAAD,IAAU,CAACA,KAAK,CAACE,OAArB,EAA8B;AAC5B,UAAM,IAAIC,oBAAJ,CAAiB,+BAAjB,CAAN;AACD,GAH8H,CAK/H;;;AACA,MAAIC,GAAG,GAAG,8BAAYJ,KAAK,CAACE,OAAlB,CAAV,CAN+H,CAQ/H;AACA;;AACA,QAAMG,gBAAgB,GAAG,CAAAJ,gBAAgB,SAAhB,IAAAA,gBAAgB,WAAhB,YAAAA,gBAAgB,CAAEK,MAAlB,KAA4BP,GAAG,CAACQ,OAAJ,CAAYD,MAAjE;AACA,QAAM;AAAEA,IAAAA;AAAF,MAAa,MAAM,6BAAaP,GAAb,EAAkBM,gBAAlB,CAAzB;AAEA,MAAIG,iBAAoC,GAAG,qBAAc;AACvD;AACAC,IAAAA,QAAQ,EAAEV,GAAG,CAACQ,OAAJ,CAAYE,QAFiC;AAGvDC,IAAAA,eAAe,EAAEX,GAAG,CAACQ,OAAJ,CAAYG;AAH0B,GAAd,EAIxCT,gBAJwC,EAItB;AACnB;AACAK,IAAAA;AAFmB,GAJsB,CAA3C,CAb+H,CAsB/H;;AACA,4BAAeP,GAAf,EAAoBK,GAAG,CAACO,OAAxB,EAAiCH,iBAAjC,EAvB+H,CAyB/H;AACA;;AACA,MAAIA,iBAAiB,CAACE,eAAlB,IAAqC,IAArC,IAA6C,CAACX,GAAG,CAACa,QAAJ,CAAaC,sBAAb,EAAlD,EAAyF;AACvF,WAAOb,KAAP;AACD,GA7B8H,CA+B/H;;;AACA,QAAMc,GAAG,GAAG,MAAM,uBAAOf,GAAP,EAAYC,KAAK,CAACM,MAAlB,EAA0BF,GAAG,CAACW,MAAJ,CAAWC,GAArC,CAAlB;AACA,QAAMC,KAAK,GAAG,MAAMC,SAAS,CAACpB,WAAV,CAAsBE,KAAK,CAACE,OAA5B,EAAqCY,GAArC,CAApB;;AACA,MAAI,CAACG,KAAL,EAAY;AACV,UAAM,IAAId,oBAAJ,CAAiB,kCAAjB,CAAN;AACD;;AACD,MAAIF,gBAAgB,IAAIA,gBAAgB,CAACkB,WAArC,IAAoDnB,KAAK,CAACoB,MAAN,CAAaC,OAArE,EAA8E;AAC5E,UAAMC,IAAI,GAAG,MAAMJ,SAAS,CAACK,WAAV,CAAsBtB,gBAAgB,CAACkB,WAAvC,CAAnB;;AACA,QAAIG,IAAI,KAAKtB,KAAK,CAACoB,MAAN,CAAaC,OAA1B,EAAmC;AACjC,YAAM,IAAIlB,oBAAJ,CAAiB,gCAAjB,CAAN;AACD;AACF;;AACD,SAAOH,KAAP;AACD","sourcesContent":["/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthInterface, TokenVerifyParams } from '../types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n if (!token || !token.idToken) {\n throw new AuthSdkError('Only idTokens may be verified');\n }\n\n // Decode the Jwt object (may throw)\n var jwt = decodeToken(token.idToken);\n\n // The configured issuer may point to a frontend proxy.\n // Get the \"real\" issuer from .well-known/openid-configuration\n const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n var validationOptions: TokenVerifyParams = Object.assign({\n // base options, can be overridden by params\n clientId: sdk.options.clientId,\n ignoreSignature: sdk.options.ignoreSignature\n }, validationParams, {\n // final options, cannot be overridden\n issuer\n });\n\n // Standard claim validation (may throw)\n validateClaims(sdk, jwt.payload, validationOptions);\n\n // If the browser doesn't support native crypto or we choose not\n // to verify the signature, bail early\n if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n return token;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n const valid = await sdkCrypto.verifyToken(token.idToken, key);\n if (!valid) {\n throw new AuthSdkError('The token signature is not valid');\n }\n if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n if (hash !== token.claims.at_hash) {\n throw new AuthSdkError('Token hash verification failed');\n }\n }\n return token;\n}\n"],"file":"verifyToken.js"}
|