@okta/okta-auth-js 6.0.0 → 6.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (398) hide show
  1. package/CHANGELOG.md +65 -0
  2. package/README.md +58 -27
  3. package/cjs/AuthStateManager.js +21 -7
  4. package/cjs/AuthStateManager.js.map +1 -1
  5. package/cjs/OktaAuth.js +96 -40
  6. package/cjs/OktaAuth.js.map +1 -1
  7. package/cjs/OktaUserAgent.js +2 -2
  8. package/cjs/PromiseQueue.js +14 -3
  9. package/cjs/PromiseQueue.js.map +1 -1
  10. package/cjs/SavedObject.js +4 -2
  11. package/cjs/SavedObject.js.map +1 -1
  12. package/cjs/ServiceManager.js +195 -0
  13. package/cjs/ServiceManager.js.map +1 -0
  14. package/cjs/StorageManager.js +13 -8
  15. package/cjs/StorageManager.js.map +1 -1
  16. package/cjs/TokenManager.js +34 -32
  17. package/cjs/TokenManager.js.map +1 -1
  18. package/cjs/TransactionManager.js +17 -5
  19. package/cjs/TransactionManager.js.map +1 -1
  20. package/cjs/browser/browserStorage.js +48 -33
  21. package/cjs/browser/browserStorage.js.map +1 -1
  22. package/cjs/browser/fingerprint.js +9 -3
  23. package/cjs/browser/fingerprint.js.map +1 -1
  24. package/cjs/builderUtil.js +4 -2
  25. package/cjs/builderUtil.js.map +1 -1
  26. package/cjs/clock.js +5 -1
  27. package/cjs/clock.js.map +1 -1
  28. package/cjs/crypto/base64.js +18 -0
  29. package/cjs/crypto/base64.js.map +1 -1
  30. package/cjs/crypto/index.js +6 -4
  31. package/cjs/crypto/index.js.map +1 -1
  32. package/cjs/crypto/node.js +19 -13
  33. package/cjs/crypto/node.js.map +1 -1
  34. package/cjs/crypto/oidcHash.js +5 -1
  35. package/cjs/crypto/oidcHash.js.map +1 -1
  36. package/cjs/crypto/webauthn.js +101 -0
  37. package/cjs/crypto/webauthn.js.map +1 -0
  38. package/cjs/crypto/webcrypto.js +3 -1
  39. package/cjs/crypto/webcrypto.js.map +1 -1
  40. package/cjs/errors/AuthApiError.js +1 -1
  41. package/cjs/errors/AuthPollStopError.js +1 -1
  42. package/cjs/errors/AuthSdkError.js +1 -1
  43. package/cjs/errors/CustomError.js +5 -1
  44. package/cjs/errors/CustomError.js.map +1 -1
  45. package/cjs/errors/OAuthError.js +1 -1
  46. package/cjs/errors/index.js +1 -1
  47. package/cjs/fetch/fetchRequest.js +18 -6
  48. package/cjs/fetch/fetchRequest.js.map +1 -1
  49. package/cjs/http/headers.js.map +1 -1
  50. package/cjs/http/index.js +4 -2
  51. package/cjs/http/index.js.map +1 -1
  52. package/cjs/http/request.js +9 -5
  53. package/cjs/http/request.js.map +1 -1
  54. package/cjs/idx/authenticate.js.map +1 -1
  55. package/cjs/idx/authenticator/Authenticator.js.map +1 -1
  56. package/cjs/idx/authenticator/OktaPassword.js +12 -3
  57. package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
  58. package/cjs/idx/authenticator/OktaVerifyTotp.js +9 -1
  59. package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -1
  60. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +15 -2
  61. package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
  62. package/cjs/idx/authenticator/SecurityQuestionVerification.js +10 -2
  63. package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
  64. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +13 -3
  65. package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
  66. package/cjs/idx/authenticator/WebauthnEnrollment.js +51 -0
  67. package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -0
  68. package/cjs/idx/authenticator/WebauthnVerification.js +60 -0
  69. package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -0
  70. package/cjs/idx/authenticator/getAuthenticator.js +13 -1
  71. package/cjs/idx/authenticator/getAuthenticator.js.map +1 -1
  72. package/cjs/idx/authenticator/index.js +34 -6
  73. package/cjs/idx/authenticator/index.js.map +1 -1
  74. package/cjs/idx/authenticator/util.js +64 -0
  75. package/cjs/idx/authenticator/util.js.map +1 -0
  76. package/cjs/idx/cancel.js.map +1 -1
  77. package/cjs/idx/emailVerify.js +1 -1
  78. package/cjs/idx/emailVerify.js.map +1 -1
  79. package/cjs/idx/flow/AccountUnlockFlow.js +30 -0
  80. package/cjs/idx/flow/AccountUnlockFlow.js.map +1 -0
  81. package/cjs/idx/flow/FlowSpecification.js +8 -0
  82. package/cjs/idx/flow/FlowSpecification.js.map +1 -1
  83. package/cjs/idx/flow/PasswordRecoveryFlow.js +4 -1
  84. package/cjs/idx/flow/PasswordRecoveryFlow.js.map +1 -1
  85. package/cjs/idx/flow/index.js +20 -5
  86. package/cjs/idx/flow/index.js.map +1 -1
  87. package/cjs/idx/handleInteractionCodeRedirect.js +5 -1
  88. package/cjs/idx/handleInteractionCodeRedirect.js.map +1 -1
  89. package/cjs/idx/headers.js +21 -5
  90. package/cjs/idx/headers.js.map +1 -1
  91. package/cjs/idx/idx-js/client.js +91 -0
  92. package/cjs/idx/idx-js/client.js.map +1 -0
  93. package/cjs/idx/idx-js/index.js +40 -0
  94. package/cjs/idx/idx-js/index.js.map +1 -0
  95. package/cjs/idx/idx-js/interact.js +83 -0
  96. package/cjs/idx/idx-js/interact.js.map +1 -0
  97. package/cjs/idx/idx-js/introspect.js +62 -0
  98. package/cjs/idx/idx-js/introspect.js.map +1 -0
  99. package/cjs/idx/idx-js/parsers.js +41 -0
  100. package/cjs/idx/idx-js/parsers.js.map +1 -0
  101. package/cjs/idx/idx-js/util.js +34 -0
  102. package/cjs/idx/idx-js/util.js.map +1 -0
  103. package/cjs/idx/idx-js/v1/actionParser.js +90 -0
  104. package/cjs/idx/idx-js/v1/actionParser.js.map +1 -0
  105. package/cjs/idx/idx-js/v1/generateIdxAction.js +111 -0
  106. package/cjs/idx/idx-js/v1/generateIdxAction.js.map +1 -0
  107. package/cjs/idx/idx-js/v1/idxResponseParser.js +137 -0
  108. package/cjs/idx/idx-js/v1/idxResponseParser.js.map +1 -0
  109. package/cjs/idx/idx-js/v1/makeIdxState.js +65 -0
  110. package/cjs/idx/idx-js/v1/makeIdxState.js.map +1 -0
  111. package/cjs/idx/idx-js/v1/parsers.js +24 -0
  112. package/cjs/idx/idx-js/v1/parsers.js.map +1 -0
  113. package/cjs/idx/idx-js/v1/remediationParser.js +32 -0
  114. package/cjs/idx/idx-js/v1/remediationParser.js.map +1 -0
  115. package/cjs/idx/index.js +120 -121
  116. package/cjs/idx/index.js.map +1 -1
  117. package/cjs/idx/interact.js +9 -4
  118. package/cjs/idx/interact.js.map +1 -1
  119. package/cjs/idx/introspect.js +19 -9
  120. package/cjs/idx/introspect.js.map +1 -1
  121. package/cjs/idx/poll.js +13 -3
  122. package/cjs/idx/poll.js.map +1 -1
  123. package/cjs/idx/proceed.js +14 -11
  124. package/cjs/idx/proceed.js.map +1 -1
  125. package/cjs/idx/recoverPassword.js.map +1 -1
  126. package/cjs/idx/register.js +5 -1
  127. package/cjs/idx/register.js.map +1 -1
  128. package/cjs/idx/remediate.js +112 -88
  129. package/cjs/idx/remediate.js.map +1 -1
  130. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +16 -6
  131. package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
  132. package/cjs/idx/remediators/AuthenticatorVerificationData.js +61 -16
  133. package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
  134. package/cjs/idx/remediators/Base/AuthenticatorData.js +44 -20
  135. package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
  136. package/cjs/idx/remediators/Base/Remediator.js +116 -82
  137. package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
  138. package/cjs/idx/remediators/Base/SelectAuthenticator.js +58 -34
  139. package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
  140. package/cjs/idx/remediators/Base/VerifyAuthenticator.js +30 -7
  141. package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
  142. package/cjs/idx/remediators/ChallengeAuthenticator.js +2 -2
  143. package/cjs/idx/remediators/ChallengePoll.js +10 -3
  144. package/cjs/idx/remediators/ChallengePoll.js.map +1 -1
  145. package/cjs/idx/remediators/EnrollAuthenticator.js +2 -2
  146. package/cjs/idx/remediators/EnrollPoll.js +16 -6
  147. package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
  148. package/cjs/idx/remediators/EnrollProfile.js +34 -16
  149. package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
  150. package/cjs/idx/remediators/EnrollmentChannelData.js +25 -17
  151. package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
  152. package/cjs/idx/remediators/Identify.js +16 -7
  153. package/cjs/idx/remediators/Identify.js.map +1 -1
  154. package/cjs/idx/remediators/ReEnrollAuthenticator.js +13 -10
  155. package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
  156. package/cjs/idx/remediators/RedirectIdp.js +2 -2
  157. package/cjs/idx/remediators/ResetAuthenticator.js +2 -2
  158. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +9 -6
  159. package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
  160. package/cjs/idx/remediators/SelectAuthenticatorEnroll.js +2 -2
  161. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +71 -0
  162. package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -0
  163. package/cjs/idx/remediators/SelectEnrollProfile.js +2 -2
  164. package/cjs/idx/remediators/SelectEnrollmentChannel.js +22 -10
  165. package/cjs/idx/remediators/SelectEnrollmentChannel.js.map +1 -1
  166. package/cjs/idx/remediators/Skip.js +5 -10
  167. package/cjs/idx/remediators/Skip.js.map +1 -1
  168. package/cjs/idx/remediators/index.js +33 -18
  169. package/cjs/idx/remediators/index.js.map +1 -1
  170. package/cjs/idx/remediators/util.js +13 -3
  171. package/cjs/idx/remediators/util.js.map +1 -1
  172. package/cjs/idx/run.js +276 -177
  173. package/cjs/idx/run.js.map +1 -1
  174. package/cjs/idx/startTransaction.js.map +1 -1
  175. package/cjs/idx/transactionMeta.js.map +1 -1
  176. package/cjs/idx/types/idx-js.js.map +1 -1
  177. package/cjs/idx/types/index.js +82 -9
  178. package/cjs/idx/types/index.js.map +1 -1
  179. package/cjs/idx/unlockAccount.js +48 -0
  180. package/cjs/idx/unlockAccount.js.map +1 -0
  181. package/cjs/idx/util.js +198 -0
  182. package/cjs/idx/util.js.map +1 -0
  183. package/cjs/index.js +20 -14
  184. package/cjs/index.js.map +1 -1
  185. package/cjs/oidc/endpoints/authorize.js +8 -2
  186. package/cjs/oidc/endpoints/authorize.js.map +1 -1
  187. package/cjs/oidc/endpoints/index.js +5 -3
  188. package/cjs/oidc/endpoints/index.js.map +1 -1
  189. package/cjs/oidc/endpoints/token.js +15 -3
  190. package/cjs/oidc/endpoints/token.js.map +1 -1
  191. package/cjs/oidc/endpoints/well-known.js +7 -3
  192. package/cjs/oidc/endpoints/well-known.js.map +1 -1
  193. package/cjs/oidc/exchangeCodeForTokens.js +10 -2
  194. package/cjs/oidc/exchangeCodeForTokens.js.map +1 -1
  195. package/cjs/oidc/getToken.js +9 -5
  196. package/cjs/oidc/getToken.js.map +1 -1
  197. package/cjs/oidc/getUserInfo.js +7 -3
  198. package/cjs/oidc/getUserInfo.js.map +1 -1
  199. package/cjs/oidc/getWithPopup.js +8 -2
  200. package/cjs/oidc/getWithPopup.js.map +1 -1
  201. package/cjs/oidc/getWithRedirect.js +5 -1
  202. package/cjs/oidc/getWithRedirect.js.map +1 -1
  203. package/cjs/oidc/getWithoutPrompt.js +8 -2
  204. package/cjs/oidc/getWithoutPrompt.js.map +1 -1
  205. package/cjs/oidc/handleOAuthResponse.js +9 -3
  206. package/cjs/oidc/handleOAuthResponse.js.map +1 -1
  207. package/cjs/oidc/index.js +4 -2
  208. package/cjs/oidc/index.js.map +1 -1
  209. package/cjs/oidc/parseFromUrl.js +9 -3
  210. package/cjs/oidc/parseFromUrl.js.map +1 -1
  211. package/cjs/oidc/renewToken.js.map +1 -1
  212. package/cjs/oidc/renewTokens.js +5 -1
  213. package/cjs/oidc/renewTokens.js.map +1 -1
  214. package/cjs/oidc/renewTokensWithRefresh.js +5 -1
  215. package/cjs/oidc/renewTokensWithRefresh.js.map +1 -1
  216. package/cjs/oidc/revokeToken.js +7 -3
  217. package/cjs/oidc/revokeToken.js.map +1 -1
  218. package/cjs/oidc/util/browser.js +5 -1
  219. package/cjs/oidc/util/browser.js.map +1 -1
  220. package/cjs/oidc/util/defaultTokenParams.js.map +1 -1
  221. package/cjs/oidc/util/errors.js.map +1 -1
  222. package/cjs/oidc/util/index.js +14 -12
  223. package/cjs/oidc/util/index.js.map +1 -1
  224. package/cjs/oidc/util/loginRedirect.js +5 -1
  225. package/cjs/oidc/util/loginRedirect.js.map +1 -1
  226. package/cjs/oidc/util/oauth.js +4 -2
  227. package/cjs/oidc/util/oauth.js.map +1 -1
  228. package/cjs/oidc/util/oauthMeta.js.map +1 -1
  229. package/cjs/oidc/util/pkce.js +11 -3
  230. package/cjs/oidc/util/pkce.js.map +1 -1
  231. package/cjs/oidc/util/prepareTokenParams.js +7 -5
  232. package/cjs/oidc/util/prepareTokenParams.js.map +1 -1
  233. package/cjs/oidc/util/validateClaims.js +1 -1
  234. package/cjs/oidc/util/validateClaims.js.map +1 -1
  235. package/cjs/oidc/verifyToken.js +11 -3
  236. package/cjs/oidc/verifyToken.js.map +1 -1
  237. package/cjs/options/browser.js +86 -0
  238. package/cjs/options/browser.js.map +1 -0
  239. package/cjs/options/index.js +94 -0
  240. package/cjs/options/index.js.map +1 -0
  241. package/cjs/options/node.js +45 -0
  242. package/cjs/options/node.js.map +1 -0
  243. package/cjs/options.js +17 -5
  244. package/cjs/options.js.map +1 -1
  245. package/cjs/server/serverStorage.js +8 -4
  246. package/cjs/server/serverStorage.js.map +1 -1
  247. package/cjs/services/AutoRenewService.js +94 -0
  248. package/cjs/services/AutoRenewService.js.map +1 -0
  249. package/cjs/services/SyncStorageService.js +93 -0
  250. package/cjs/services/SyncStorageService.js.map +1 -0
  251. package/cjs/services/index.js +30 -0
  252. package/cjs/services/index.js.map +1 -0
  253. package/cjs/tx/AuthTransaction.js +15 -9
  254. package/cjs/tx/AuthTransaction.js.map +1 -1
  255. package/cjs/tx/api.js +8 -4
  256. package/cjs/tx/api.js.map +1 -1
  257. package/cjs/tx/index.js +7 -5
  258. package/cjs/tx/index.js.map +1 -1
  259. package/cjs/tx/poll.js +6 -4
  260. package/cjs/tx/poll.js.map +1 -1
  261. package/cjs/tx/util.js +5 -1
  262. package/cjs/tx/util.js.map +1 -1
  263. package/cjs/types/Service.js +2 -0
  264. package/cjs/types/Service.js.map +1 -0
  265. package/cjs/types/Transaction.js +10 -2
  266. package/cjs/types/Transaction.js.map +1 -1
  267. package/cjs/types/index.js +29 -14
  268. package/cjs/types/index.js.map +1 -1
  269. package/cjs/util/index.js +7 -5
  270. package/cjs/util/index.js.map +1 -1
  271. package/cjs/util/misc.js +5 -1
  272. package/cjs/util/misc.js.map +1 -1
  273. package/cjs/util/object.js +16 -6
  274. package/cjs/util/object.js.map +1 -1
  275. package/cjs/util/sharedStorage.js +5 -1
  276. package/cjs/util/sharedStorage.js.map +1 -1
  277. package/dist/okta-auth-js.min.js +1 -1
  278. package/dist/okta-auth-js.min.js.LICENSE.txt +0 -20
  279. package/dist/okta-auth-js.min.js.map +1 -1
  280. package/dist/okta-auth-js.polyfill.js +1 -1
  281. package/dist/okta-auth-js.polyfill.js.map +1 -1
  282. package/dist/okta-auth-js.umd.js +1 -1
  283. package/dist/okta-auth-js.umd.js.LICENSE.txt +1 -19
  284. package/dist/okta-auth-js.umd.js.map +1 -1
  285. package/esm/{index.js → esm.browser.js} +2978 -2585
  286. package/esm/esm.browser.js.map +1 -0
  287. package/esm/esm.node.mjs +9595 -0
  288. package/esm/esm.node.mjs.map +1 -0
  289. package/lib/AuthStateManager.d.ts +3 -3
  290. package/lib/OktaAuth.d.ts +10 -6
  291. package/lib/PromiseQueue.d.ts +6 -2
  292. package/lib/ServiceManager.d.ts +38 -0
  293. package/lib/StorageManager.d.ts +1 -1
  294. package/lib/TokenManager.d.ts +2 -3
  295. package/lib/TransactionManager.d.ts +4 -5
  296. package/lib/browser/fingerprint.d.ts +2 -3
  297. package/lib/crypto/base64.d.ts +2 -0
  298. package/lib/crypto/webauthn.d.ts +25 -0
  299. package/lib/http/headers.d.ts +2 -2
  300. package/lib/http/request.d.ts +4 -4
  301. package/lib/idx/authenticate.d.ts +2 -2
  302. package/lib/idx/authenticator/Authenticator.d.ts +4 -5
  303. package/lib/idx/authenticator/OktaPassword.d.ts +8 -9
  304. package/lib/idx/authenticator/OktaVerifyTotp.d.ts +1 -1
  305. package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +11 -12
  306. package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +7 -7
  307. package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +8 -3
  308. package/lib/idx/authenticator/WebauthnEnrollment.d.ts +16 -0
  309. package/lib/idx/authenticator/WebauthnVerification.d.ts +17 -0
  310. package/lib/idx/authenticator/getAuthenticator.d.ts +1 -1
  311. package/lib/idx/authenticator/index.d.ts +9 -0
  312. package/lib/idx/authenticator/util.d.ts +4 -0
  313. package/lib/idx/cancel.d.ts +2 -2
  314. package/lib/idx/emailVerify.d.ts +2 -2
  315. package/lib/idx/flow/AccountUnlockFlow.d.ts +13 -0
  316. package/lib/idx/flow/FlowSpecification.d.ts +2 -2
  317. package/lib/idx/flow/index.d.ts +1 -0
  318. package/lib/idx/headers.d.ts +3 -2
  319. package/lib/idx/idx-js/client.d.ts +36 -0
  320. package/lib/idx/idx-js/index.d.ts +35 -0
  321. package/lib/idx/idx-js/interact.d.ts +25 -0
  322. package/lib/idx/idx-js/introspect.d.ts +21 -0
  323. package/lib/idx/idx-js/parsers.d.ts +15 -0
  324. package/lib/idx/idx-js/util.d.ts +12 -0
  325. package/lib/idx/idx-js/v1/actionParser.d.ts +16 -0
  326. package/lib/idx/idx-js/v1/generateIdxAction.d.ts +13 -0
  327. package/lib/idx/idx-js/v1/idxResponseParser.d.ts +20 -0
  328. package/lib/idx/idx-js/v1/makeIdxState.d.ts +13 -0
  329. package/lib/idx/idx-js/v1/parsers.d.ts +16 -0
  330. package/lib/idx/idx-js/v1/remediationParser.d.ts +12 -0
  331. package/lib/idx/index.d.ts +12 -11
  332. package/lib/idx/interact.d.ts +3 -2
  333. package/lib/idx/introspect.d.ts +2 -2
  334. package/lib/idx/poll.d.ts +2 -2
  335. package/lib/idx/proceed.d.ts +5 -6
  336. package/lib/idx/recoverPassword.d.ts +2 -2
  337. package/lib/idx/register.d.ts +2 -2
  338. package/lib/idx/remediate.d.ts +2 -2
  339. package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +6 -5
  340. package/lib/idx/remediators/Base/AuthenticatorData.d.ts +5 -8
  341. package/lib/idx/remediators/Base/Remediator.d.ts +6 -5
  342. package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +9 -8
  343. package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +9 -16
  344. package/lib/idx/remediators/ChallengePoll.d.ts +1 -0
  345. package/lib/idx/remediators/EnrollProfile.d.ts +0 -3
  346. package/lib/idx/remediators/EnrollmentChannelData.d.ts +1 -4
  347. package/lib/idx/remediators/Identify.d.ts +3 -5
  348. package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -5
  349. package/lib/idx/remediators/SelectAuthenticatorAuthenticate.d.ts +2 -1
  350. package/lib/idx/remediators/SelectAuthenticatorUnlockAccount.d.ts +37 -0
  351. package/lib/idx/remediators/SelectEnrollmentChannel.d.ts +1 -0
  352. package/lib/idx/remediators/Skip.d.ts +0 -3
  353. package/lib/idx/remediators/index.d.ts +1 -0
  354. package/lib/idx/run.d.ts +2 -2
  355. package/lib/idx/startTransaction.d.ts +2 -2
  356. package/lib/idx/transactionMeta.d.ts +7 -7
  357. package/lib/idx/types/FlowIdentifier.d.ts +1 -1
  358. package/lib/idx/types/idx-js.d.ts +41 -1
  359. package/lib/idx/types/index.d.ts +27 -7
  360. package/lib/idx/unlockAccount.d.ts +15 -0
  361. package/lib/idx/util.d.ts +11 -0
  362. package/lib/oidc/endpoints/well-known.d.ts +3 -3
  363. package/lib/oidc/exchangeCodeForTokens.d.ts +2 -2
  364. package/lib/oidc/getToken.d.ts +2 -2
  365. package/lib/oidc/getWithPopup.d.ts +2 -2
  366. package/lib/oidc/getWithRedirect.d.ts +2 -2
  367. package/lib/oidc/getWithoutPrompt.d.ts +2 -2
  368. package/lib/oidc/handleOAuthResponse.d.ts +2 -2
  369. package/lib/oidc/renewToken.d.ts +2 -2
  370. package/lib/oidc/renewTokensWithRefresh.d.ts +2 -2
  371. package/lib/oidc/revokeToken.d.ts +2 -2
  372. package/lib/oidc/util/browser.d.ts +2 -2
  373. package/lib/oidc/util/defaultTokenParams.d.ts +2 -2
  374. package/lib/oidc/util/errors.d.ts +2 -2
  375. package/lib/oidc/util/loginRedirect.d.ts +4 -4
  376. package/lib/oidc/util/oauth.d.ts +4 -4
  377. package/lib/oidc/util/oauthMeta.d.ts +2 -2
  378. package/lib/oidc/util/prepareTokenParams.d.ts +5 -5
  379. package/lib/oidc/util/validateClaims.d.ts +2 -2
  380. package/lib/oidc/verifyToken.d.ts +2 -2
  381. package/lib/options/browser.d.ts +16 -0
  382. package/lib/options/index.d.ts +14 -0
  383. package/lib/options/node.d.ts +16 -0
  384. package/lib/services/AutoRenewService.d.ts +27 -0
  385. package/lib/services/{TokenService.d.ts → SyncStorageService.d.ts} +8 -5
  386. package/lib/services/index.d.ts +13 -0
  387. package/lib/types/OktaAuthOptions.d.ts +6 -2
  388. package/lib/types/Service.d.ts +23 -0
  389. package/lib/types/Storage.d.ts +7 -5
  390. package/lib/types/Transaction.d.ts +2 -10
  391. package/lib/types/api.d.ts +23 -10
  392. package/lib/types/index.d.ts +1 -1
  393. package/lib/util/sharedStorage.d.ts +1 -1
  394. package/package.json +32 -14
  395. package/polyfill/index.js +1 -0
  396. package/cjs/services/TokenService.js +0 -111
  397. package/cjs/services/TokenService.js.map +0 -1
  398. package/esm/index.js.map +0 -1
package/cjs/OktaAuth.js CHANGED
@@ -1,9 +1,21 @@
1
1
  "use strict";
2
2
 
3
- var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
3
+ var _WeakMap = require("@babel/runtime-corejs3/core-js-stable/weak-map");
4
+
5
+ var _Object$getOwnPropertyDescriptor = require("@babel/runtime-corejs3/core-js-stable/object/get-own-property-descriptor");
6
+
7
+ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
8
 
5
9
  exports.default = void 0;
6
10
 
11
+ var _assign = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/assign"));
12
+
13
+ var _keys = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/object/keys"));
14
+
15
+ var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
16
+
17
+ var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
18
+
7
19
  var constants = _interopRequireWildcard(require("./constants"));
8
20
 
9
21
  var _tx = require("./tx");
@@ -16,12 +28,18 @@ var _oidc = require("./oidc");
16
28
 
17
29
  var features = _interopRequireWildcard(require("./features"));
18
30
 
31
+ var crypto = _interopRequireWildcard(require("./crypto"));
32
+
33
+ var webauthn = _interopRequireWildcard(require("./crypto/webauthn"));
34
+
19
35
  var _browserStorage = _interopRequireDefault(require("./browser/browserStorage"));
20
36
 
21
37
  var _util = require("./util");
22
38
 
23
39
  var _TokenManager = require("./TokenManager");
24
40
 
41
+ var _ServiceManager = require("./ServiceManager");
42
+
25
43
  var _http = require("./http");
26
44
 
27
45
  var _PromiseQueue = _interopRequireDefault(require("./PromiseQueue"));
@@ -30,7 +48,7 @@ var _fingerprint = _interopRequireDefault(require("./browser/fingerprint"));
30
48
 
31
49
  var _AuthStateManager = require("./AuthStateManager");
32
50
 
33
- var _StorageManager = _interopRequireDefault(require("./StorageManager"));
51
+ var _StorageManager = require("./StorageManager");
34
52
 
35
53
  var _TransactionManager = _interopRequireDefault(require("./TransactionManager"));
36
54
 
@@ -46,9 +64,11 @@ var _parseFromUrl = require("./oidc/parseFromUrl");
46
64
 
47
65
  var _transactionMeta = require("./idx/transactionMeta");
48
66
 
49
- function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
67
+ var _tinyEmitter = _interopRequireDefault(require("tiny-emitter"));
68
+
69
+ function _getRequireWildcardCache(nodeInterop) { if (typeof _WeakMap !== "function") return null; var cacheBabelInterop = new _WeakMap(); var cacheNodeInterop = new _WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
50
70
 
51
- function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
71
+ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && _Object$getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? _Object$getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
52
72
 
53
73
  /* eslint-disable max-statements */
54
74
 
@@ -67,21 +87,21 @@ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj &&
67
87
  */
68
88
 
69
89
  /* global window */
70
- const Emitter = require('tiny-emitter');
71
-
90
+ // @ts-ignore
91
+ // Do not use this type in code, so it won't be emitted in the declaration output
72
92
  class OktaAuth {
73
93
  constructor(args) {
74
94
  const options = this.options = (0, _options.buildOptions)(args); // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
75
95
 
76
- this.storageManager = new _StorageManager.default(options.storageManager, options.cookies, options.storageUtil);
77
- this.transactionManager = new _TransactionManager.default(Object.assign({
96
+ this.storageManager = new _StorageManager.StorageManager(options.storageManager, options.cookies, options.storageUtil);
97
+ this.transactionManager = new _TransactionManager.default((0, _assign.default)({
78
98
  storageManager: this.storageManager
79
99
  }, options.transactionManager));
80
100
  this._oktaUserAgent = new _OktaUserAgent.OktaUserAgent();
81
101
  this.tx = {
82
102
  status: _tx.transactionStatus.bind(null, this),
83
103
  resume: _tx.resumeTransaction.bind(null, this),
84
- exists: Object.assign(_tx.transactionExists.bind(null, this), {
104
+ exists: (0, _assign.default)(_tx.transactionExists.bind(null, this), {
85
105
  _get: name => {
86
106
  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
87
107
  const storage = options.storageUtil.storage;
@@ -96,7 +116,7 @@ class OktaAuth {
96
116
  computeChallenge: _pkce.default.computeChallenge
97
117
  }; // Add shims for compatibility, these will be removed in next major version. OKTA-362589
98
118
 
99
- Object.assign(this.options.storageUtil, {
119
+ (0, _assign.default)(this.options.storageUtil, {
100
120
  getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),
101
121
  getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager)
102
122
  });
@@ -105,7 +125,7 @@ class OktaAuth {
105
125
  };
106
126
 
107
127
  if ((0, features.isBrowser)()) {
108
- this.options = Object.assign(this.options, {
128
+ this.options = (0, _assign.default)(this.options, {
109
129
  redirectUri: (0, _util.toAbsoluteUrl)(args.redirectUri, window.location.origin) // allow relative URIs
110
130
 
111
131
  });
@@ -143,7 +163,7 @@ class OktaAuth {
143
163
 
144
164
 
145
165
  const getWithRedirectFn = useQueue(_oidc.getWithRedirect.bind(null, this));
146
- const getWithRedirectApi = Object.assign(getWithRedirectFn, {
166
+ const getWithRedirectApi = (0, _assign.default)(getWithRedirectFn, {
147
167
  // This is exposed so we can set window.location in our tests
148
168
  _setLocation: function (url) {
149
169
  window.location = url;
@@ -151,7 +171,7 @@ class OktaAuth {
151
171
  }); // eslint-disable-next-line max-len
152
172
 
153
173
  const parseFromUrlFn = useQueue(_oidc.parseFromUrl.bind(null, this));
154
- const parseFromUrlApi = Object.assign(parseFromUrlFn, {
174
+ const parseFromUrlApi = (0, _assign.default)(parseFromUrlFn, {
155
175
  // This is exposed so we can mock getting window.history in our tests
156
176
  _getHistory: function () {
157
177
  return window.history;
@@ -185,8 +205,8 @@ class OktaAuth {
185
205
  const syncMethods = [// sync methods
186
206
  'decode', 'isLoginRedirect', // already bound
187
207
  'getWithRedirect', 'parseFromUrl'];
188
- Object.keys(this.token).forEach(key => {
189
- if (syncMethods.indexOf(key) >= 0) {
208
+ (0, _keys.default)(this.token).forEach(key => {
209
+ if ((0, _indexOf.default)(syncMethods).call(syncMethods, key) >= 0) {
190
210
  // sync methods should not be wrapped
191
211
  return;
192
212
  }
@@ -231,7 +251,8 @@ class OktaAuth {
231
251
  getFlow: () => {
232
252
  return this.options.flow;
233
253
  },
234
- canProceed: _idx.canProceed.bind(null, this)
254
+ canProceed: _idx.canProceed.bind(null, this),
255
+ unlockAccount: _idx.unlockAccount.bind(null, this)
235
256
  };
236
257
  (0, _headers.setGlobalRequestInterceptor)((0, _headers.createGlobalRequestInterceptor)(this)); // to pass custom headers to IDX endpoints
237
258
  // HTTP
@@ -241,27 +262,34 @@ class OktaAuth {
241
262
  }; // Fingerprint API
242
263
 
243
264
  this.fingerprint = _fingerprint.default.bind(null, this);
244
- this.emitter = new Emitter(); // TokenManager
265
+ this.emitter = new _tinyEmitter.default(); // TokenManager
245
266
 
246
267
  this.tokenManager = new _TokenManager.TokenManager(this, args.tokenManager); // AuthStateManager
247
268
 
248
- this.authStateManager = new _AuthStateManager.AuthStateManager(this);
269
+ this.authStateManager = new _AuthStateManager.AuthStateManager(this); // ServiceManager
270
+
271
+ this.serviceManager = new _ServiceManager.ServiceManager(this, args.services);
249
272
  }
250
273
 
251
274
  start() {
275
+ // TODO: review tokenManager.start
252
276
  this.tokenManager.start();
253
277
 
254
278
  if (!this.token.isLoginRedirect()) {
255
279
  this.authStateManager.updateAuthState();
256
280
  }
281
+
282
+ this.serviceManager.start();
257
283
  }
258
284
 
259
285
  stop() {
286
+ // TODO: review tokenManager.stop
260
287
  this.tokenManager.stop();
288
+ this.serviceManager.stop();
261
289
  }
262
290
 
263
291
  setHeaders(headers) {
264
- this.options.headers = Object.assign({}, this.options.headers, headers);
292
+ this.options.headers = (0, _assign.default)({}, this.options.headers, headers);
265
293
  } // Authn V1
266
294
 
267
295
 
@@ -310,7 +338,7 @@ class OktaAuth {
310
338
  this.setOriginalUri(originalUri);
311
339
  }
312
340
 
313
- const params = Object.assign({
341
+ const params = (0, _assign.default)({
314
342
  // TODO: remove this line when default scopes are changed OKTA-343294
315
343
  scopes: this.options.scopes || ['openid', 'email', 'profile']
316
344
  }, additionalParams);
@@ -346,7 +374,7 @@ class OktaAuth {
346
374
 
347
375
 
348
376
  if (!accessToken) {
349
- return Promise.resolve(null);
377
+ return _promise.default.resolve(null);
350
378
  }
351
379
 
352
380
  return this.token.revoke(accessToken);
@@ -362,7 +390,7 @@ class OktaAuth {
362
390
 
363
391
 
364
392
  if (!refreshToken) {
365
- return Promise.resolve(null);
393
+ return _promise.default.resolve(null);
366
394
  }
367
395
 
368
396
  return this.token.revoke(refreshToken);
@@ -406,7 +434,7 @@ class OktaAuth {
406
434
 
407
435
 
408
436
  async signOut(options) {
409
- options = Object.assign({}, options); // postLogoutRedirectUri must be whitelisted in Okta Admin UI
437
+ options = (0, _assign.default)({}, options); // postLogoutRedirectUri must be whitelisted in Okta Admin UI
410
438
 
411
439
  var defaultUri = window.location.origin;
412
440
  var currentUri = window.location.href;
@@ -479,38 +507,44 @@ class OktaAuth {
479
507
  // If `autoRenew` option is set, will attempt to renew expired tokens before returning.
480
508
 
481
509
 
482
- async isAuthenticated() {
483
- let {
484
- accessToken,
485
- idToken
486
- } = this.tokenManager.getTokensSync();
510
+ async isAuthenticated(options = {}) {
511
+ // TODO: remove dependency on tokenManager options in next major version - OKTA-473815
487
512
  const {
488
513
  autoRenew,
489
514
  autoRemove
490
515
  } = this.tokenManager.getOptions();
516
+ const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;
517
+ const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;
518
+ let {
519
+ accessToken
520
+ } = this.tokenManager.getTokensSync();
491
521
 
492
522
  if (accessToken && this.tokenManager.hasExpired(accessToken)) {
493
523
  accessToken = undefined;
494
524
 
495
- if (autoRenew) {
525
+ if (shouldRenew) {
496
526
  try {
497
527
  accessToken = await this.tokenManager.renew('accessToken');
498
528
  } catch {// Renew errors will emit an "error" event
499
529
  }
500
- } else if (autoRemove) {
530
+ } else if (shouldRemove) {
501
531
  this.tokenManager.remove('accessToken');
502
532
  }
503
533
  }
504
534
 
535
+ let {
536
+ idToken
537
+ } = this.tokenManager.getTokensSync();
538
+
505
539
  if (idToken && this.tokenManager.hasExpired(idToken)) {
506
540
  idToken = undefined;
507
541
 
508
- if (autoRenew) {
542
+ if (shouldRenew) {
509
543
  try {
510
544
  idToken = await this.tokenManager.renew('idToken');
511
545
  } catch {// Renew errors will emit an "error" event
512
546
  }
513
- } else if (autoRemove) {
547
+ } else if (shouldRemove) {
514
548
  this.tokenManager.remove('idToken');
515
549
  }
516
550
  }
@@ -616,11 +650,17 @@ class OktaAuth {
616
650
  this.tokenManager.setTokens(tokens);
617
651
  originalUri = originalUri || this.getOriginalUri(this.options.state);
618
652
  } else if (this.isLoginRedirect()) {
619
- // For redirect flow, get state from the URL and use it to retrieve the originalUri
620
- const oAuthResponse = await (0, _parseFromUrl.parseOAuthResponseFromUrl)(this, {});
621
- state = oAuthResponse.state;
622
- originalUri = originalUri || this.getOriginalUri(state);
623
- await this.storeTokensFromRedirect();
653
+ try {
654
+ // For redirect flow, get state from the URL and use it to retrieve the originalUri
655
+ const oAuthResponse = await (0, _parseFromUrl.parseOAuthResponseFromUrl)(this, {});
656
+ state = oAuthResponse.state;
657
+ originalUri = originalUri || this.getOriginalUri(state);
658
+ await this.storeTokensFromRedirect();
659
+ } catch (e) {
660
+ // auth state should be updated
661
+ await this.authStateManager.updateAuthState();
662
+ throw e;
663
+ }
624
664
  } else {
625
665
  return; // nothing to do
626
666
  } // ensure auth state has been updated
@@ -649,7 +689,9 @@ class OktaAuth {
649
689
  let hasResponseType = false;
650
690
 
651
691
  if (Array.isArray(this.options.responseType) && this.options.responseType.length) {
652
- hasResponseType = this.options.responseType.indexOf(responseType) >= 0;
692
+ var _context;
693
+
694
+ hasResponseType = (0, _indexOf.default)(_context = this.options.responseType).call(_context, responseType) >= 0;
653
695
  } else {
654
696
  hasResponseType = this.options.responseType === responseType;
655
697
  }
@@ -684,14 +726,28 @@ class OktaAuth {
684
726
 
685
727
  verifyRecoveryToken(opts) {
686
728
  return (0, _tx.postToTransaction)(this, '/api/v1/authn/recovery/token', opts);
729
+ } // Escape hatch method to make arbitrary OKTA API call
730
+
731
+
732
+ async invokeApiMethod(options) {
733
+ if (!options.accessToken) {
734
+ const accessToken = (await this.tokenManager.getTokens()).accessToken;
735
+ options.accessToken = accessToken === null || accessToken === void 0 ? void 0 : accessToken.accessToken;
736
+ }
737
+
738
+ return (0, _http.httpRequest)(this, options);
687
739
  }
688
740
 
689
741
  } // Hoist feature detection functions to static type
690
742
 
691
743
 
692
- OktaAuth.features = OktaAuth.prototype.features = features; // Also hoist constants for CommonJS users
744
+ OktaAuth.features = OktaAuth.prototype.features = features; // Hoist crypto utils to static type
745
+
746
+ OktaAuth.crypto = crypto; // Hoist webauthn utils to static type
747
+
748
+ OktaAuth.webauthn = webauthn; // Also hoist constants for CommonJS users
693
749
 
694
- Object.assign(OktaAuth, {
750
+ (0, _assign.default)(OktaAuth, {
695
751
  constants
696
752
  });
697
753
  var _default = OktaAuth;
package/cjs/OktaAuth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["Emitter","require","OktaAuth","constructor","args","options","storageManager","StorageManager","cookies","storageUtil","transactionManager","TransactionManager","Object","assign","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","introspectAuthn","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","useQueue","method","prototype","push","getWithRedirectFn","getWithRedirect","getWithRedirectApi","_setLocation","url","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","verify","verifyToken","isLoginRedirect","syncMethods","keys","forEach","key","indexOf","boundStartTransaction","startTransaction","idx","interact","authenticate","register","start","poll","proceed","cancel","recoverPassword","handleInteractionCodeRedirect","isInteractionRequired","isInteractionRequiredError","handleEmailVerifyCallback","isEmailVerifyCallback","parseEmailVerifyCallback","isEmailVerifyCallbackError","getSavedTransactionMeta","createTransactionMeta","getTransactionMeta","saveTransactionMeta","clearTransactionMeta","isTransactionMetaValid","setFlow","flow","getFlow","canProceed","http","setRequestHeader","fingerprint","emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","updateAuthState","stop","setHeaders","headers","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","Promise","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","clearTokensBeforeRedirect","addPendingRemoveFlags","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","hasExpired","undefined","getUser","getIdToken","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","sessionStorage","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","sharedStorage","getOriginalUriStorage","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","oAuthResponse","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","unlockAccount","verifyRecoveryToken","features","constants"],"mappings":";;;;;;AAeA;;AAmCA;;AAQA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AAKA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAiBA;;AACA;;AACA;;AACA;;;;;;AAzHA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AAqHA,MAAMA,OAAO,GAAGC,OAAO,CAAC,cAAD,CAAvB;;AAEA,MAAMC,QAAN,CAA8D;AAmB5DC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AACjC,UAAMC,OAAO,GAAG,KAAKA,OAAL,GAAe,2BAAaD,IAAb,CAA/B,CADiC,CAEjC;;AACA,SAAKE,cAAL,GAAsB,IAAIC,uBAAJ,CAAmBF,OAAO,CAACC,cAA3B,EAA4CD,OAAO,CAACG,OAApD,EAA8DH,OAAO,CAACI,WAAtE,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuBC,MAAM,CAACC,MAAP,CAAc;AAC7DP,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CD,OAAO,CAACK,kBAFsC,CAAvB,CAA1B;AAGA,SAAKI,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAEV,MAAM,CAACC,MAAP,CAAcU,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd;AACA,gBAAMC,OAAO,GAAGrB,OAAO,CAACI,WAAR,CAAqBiB,OAArC;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AALuD,OAAlD,CAHA;AAURG,MAAAA,UAAU,EAAEC,oBAAgBV,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAVJ,KAAV;AAaA,SAAKW,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CAtBiC,CA4BjC;;AACAtB,IAAAA,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAL,CAAaI,WAA3B,EAAwC;AACtC0B,MAAAA,cAAc,EAAE,KAAK7B,cAAL,CAAoB8B,oBAApB,CAAyCjB,IAAzC,CAA8C,KAAKb,cAAnD,CADsB;AAEtC+B,MAAAA,YAAY,EAAE,KAAK/B,cAAL,CAAoB+B,YAApB,CAAiClB,IAAjC,CAAsC,KAAKb,cAA3C;AAFwB,KAAxC;AAKA,SAAKgC,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKlC,OAAL,GAAeO,MAAM,CAACC,MAAP,CAAc,KAAKR,OAAnB,EAA4B;AACzCmC,QAAAA,WAAW,EAAE,yBAAcpC,IAAI,CAACoC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGD,KAxCgC,CA0CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACvC,IAAI,CAACwC,YAAN,IAAsBxC,IAAI,CAACwC,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAKvC,OAAL,CAAauC,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAKxC,OAAL,CAAauC,YAAb,GAA4BxC,IAAI,CAACwC,YAAjC;AACD,KArDgC,CAuDjC;AACA;AACA;;;AACA,SAAKvC,OAAL,CAAayC,cAAb,GAA8B,CAAC,CAAC1C,IAAI,CAAC0C,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAa9B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAE4B,uBAAc/B,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAEwB,oBAAWhC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbiC,MAAAA,OAAO,EAAEC,wBAAelC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbmC,MAAAA,oBAAoB,EAAEA,8BAAqBnC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKoC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;;AACA,UAAMC,QAAQ,GAAIC,MAAD,IAAY;AAC3B,aAAOF,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAP;AACD,KAFD,CArEiC,CAyEjC;;;AACA,UAAMG,iBAAiB,GAAGJ,QAAQ,CAACK,sBAAgB3C,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAAD,CAAlC;AACA,UAAM4C,kBAAsC,GAAGnD,MAAM,CAACC,MAAP,CAAcgD,iBAAd,EAAiC;AAC9E;AACAG,MAAAA,YAAY,EAAE,UAASC,GAAT,EAAc;AAC1BxB,QAAAA,MAAM,CAACC,QAAP,GAAkBuB,GAAlB;AACD;AAJ6E,KAAjC,CAA/C,CA3EiC,CAiFjC;;AACA,UAAMC,cAAc,GAAGT,QAAQ,CAACU,mBAAahD,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAAD,CAA/B;AACA,UAAMiD,eAAsC,GAAGxD,MAAM,CAACC,MAAP,CAAcqD,cAAd,EAA8B;AAC3E;AACAG,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO5B,MAAM,CAAC6B,OAAd;AACD,OAJ0E;AAM3E;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO9B,MAAM,CAACC,QAAd;AACD,OAT0E;AAW3E;AACA8B,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO/B,MAAM,CAACgC,QAAd;AACD;AAd0E,KAA9B,CAA/C;AAgBA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmBxD,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEXyD,MAAAA,qBAAqB,EAAEA,4BAAsBzD,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGX0D,MAAAA,gBAAgB,EAAEA,uBAAiB1D,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX2D,MAAAA,YAAY,EAAEA,mBAAa3D,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKX2C,MAAAA,eAAe,EAAEC,kBALN;AAMXI,MAAAA,YAAY,EAAEC,eANH;AAOXW,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAY/D,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXgE,MAAAA,KAAK,EAAEC,iBAAWjE,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXkE,MAAAA,sBAAsB,EAAEA,6BAAuBlE,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXmE,MAAAA,WAAW,EAAEA,kBAAYnE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXoE,MAAAA,WAAW,EAAEA,kBAAYpE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaXqE,MAAAA,MAAM,EAAEC,kBAAYtE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXuE,MAAAA,eAAe,EAAEA,sBAAgBvE,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAnGiC,CAmHjC;;AACA,UAAMwE,WAAW,GAAG,CAClB;AACA,YAFkB,EAGlB,iBAHkB,EAIlB;AACA,qBALkB,EAMlB,cANkB,CAApB;AAQA/E,IAAAA,MAAM,CAACgF,IAAP,CAAY,KAAKlB,KAAjB,EAAwBmB,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAIH,WAAW,CAACI,OAAZ,CAAoBD,GAApB,KAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAIpC,MAAM,GAAG,KAAKgB,KAAL,CAAWoB,GAAX,CAAb;AACA,WAAKpB,KAAL,CAAWoB,GAAX,IAAkBtC,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND,EA5HiC,CAoIjC;;AACA,UAAMsC,qBAAqB,GAAGC,sBAAiB9E,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAA9B;;AACA,SAAK+E,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAAShF,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEA,gBAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAFH;AAGTiF,MAAAA,YAAY,EAAEA,kBAAajF,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAITkF,MAAAA,QAAQ,EAAEA,cAASlF,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKTmF,MAAAA,KAAK,EAAEN,qBALE;AAMTC,MAAAA,gBAAgB,EAAED,qBANT;AAMgC;AACzCO,MAAAA,IAAI,EAAEA,UAAKpF,IAAL,CAAU,IAAV,EAAgB,IAAhB,CAPG;AAQTqF,MAAAA,OAAO,EAAEA,aAAQrF,IAAR,CAAa,IAAb,EAAmB,IAAnB,CARA;AASTsF,MAAAA,MAAM,EAAEA,YAAOtF,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CATC;AAUTuF,MAAAA,eAAe,EAAEA,qBAAgBvF,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAVR;AAYT;AACAwF,MAAAA,6BAA6B,EAAEA,mCAA8BxF,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAbtB;AAeT;AACAyF,MAAAA,qBAAqB,EAAEA,4BAAsBzF,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAhBd;AAiBT0F,MAAAA,0BAA0B,EAA1BA,gCAjBS;AAmBT;AACAC,MAAAA,yBAAyB,EAAEA,+BAA0B3F,IAA1B,CAA+B,IAA/B,EAAqC,IAArC,CApBlB;AAqBT4F,MAAAA,qBAAqB,EAArBA,0BArBS;AAsBTC,MAAAA,wBAAwB,EAAxBA,6BAtBS;AAuBTC,MAAAA,0BAA0B,EAA1BA,+BAvBS;AAyBTC,MAAAA,uBAAuB,EAAEA,yCAAwB/F,IAAxB,CAA6B,IAA7B,EAAmC,IAAnC,CAzBhB;AA0BTgG,MAAAA,qBAAqB,EAAEA,uCAAsBhG,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CA1Bd;AA2BTiG,MAAAA,kBAAkB,EAAEA,oCAAmBjG,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CA3BX;AA4BTkG,MAAAA,mBAAmB,EAAEA,qCAAoBlG,IAApB,CAAyB,IAAzB,EAA+B,IAA/B,CA5BZ;AA6BTmG,MAAAA,oBAAoB,EAAEA,sCAAqBnG,IAArB,CAA0B,IAA1B,EAAgC,IAAhC,CA7Bb;AA8BToG,MAAAA,sBAAsB,EAAtBA,uCA9BS;AA+BTC,MAAAA,OAAO,EAAGC,IAAD,IAA0B;AACjC,aAAKpH,OAAL,CAAaoH,IAAb,GAAoBA,IAApB;AACD,OAjCQ;AAkCTC,MAAAA,OAAO,EAAE,MAAkC;AACzC,eAAO,KAAKrH,OAAL,CAAaoH,IAApB;AACD,OApCQ;AAqCTE,MAAAA,UAAU,EAAEA,gBAAWxG,IAAX,CAAgB,IAAhB,EAAsB,IAAtB;AArCH,KAAX;AAwCA,8CAA4B,6CAA+B,IAA/B,CAA5B,EA9KiC,CA8KkC;AAEnE;;AACA,SAAKyG,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiB1G,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CAjLiC,CAqLjC;;AACA,SAAK2G,WAAL,GAAmBA,qBAAY3G,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAK4G,OAAL,GAAe,IAAI/H,OAAJ,EAAf,CAxLiC,CA0LjC;;AACA,SAAKgI,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuB7H,IAAI,CAAC4H,YAA5B,CAApB,CA3LiC,CA6LjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB;AACD;;AAED7B,EAAAA,KAAK,GAAG;AACN,SAAK0B,YAAL,CAAkB1B,KAAlB;;AACA,QAAI,CAAC,KAAK5B,KAAL,CAAWgB,eAAX,EAAL,EAAmC;AACjC,WAAKwC,gBAAL,CAAsBE,eAAtB;AACD;AACF;;AAEDC,EAAAA,IAAI,GAAG;AACL,SAAKL,YAAL,CAAkBK,IAAlB;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAKlI,OAAL,CAAakI,OAAb,GAAuB3H,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkB,KAAKR,OAAL,CAAakI,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GAjO2D,CAoO5D;;;AACY,QAANC,MAAM,CAACC,IAAD,EAAgD;AAC1D,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD,GAvO2D,CAyO5D;;;AAC2B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAItI,OAAD,IAAc;AACvC,aAAOoI,IAAI,CAACG,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCH,IAAzC,EAA+CpI,OAA/C,CAAP;AACD,KAHD;;AAIA,QAAI,CAACoI,IAAI,CAACG,eAAV,EAA2B;AACzB,aAAOD,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKb,WAAL,GACNe,IADM,CACD,UAASf,WAAT,EAAsB;AAC1B,aAAOa,kBAAkB,CAAC;AACxBJ,QAAAA,OAAO,EAAE;AACP,kCAAwBT;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBgB,kBAAkB,CAACL,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEM,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCP,IAA7C;;AACA,QAAG,KAAKnG,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAIwG,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAGtI,MAAM,CAACC,MAAP,CAAc;AAC3B;AACAsI,QAAAA,MAAM,EAAE,KAAK9I,OAAL,CAAa8I,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAKtE,KAAL,CAAWZ,eAAX,CAA2BoF,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAK5G,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GAlR2D,CAoR5D;;;AACAU,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKF,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACN6F,IADM,CACD,YAAY;AAChB;AACA,WAAKb,YAAL,CAAkBoB,KAAlB;AACD,KAJM,EAKNC,KALM,CAKA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAAC7H,IAAF,KAAW,cAAX,IAA6B6H,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAXM,CAAP;AAYD,GAlS2D,CAoS5D;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA8C;AACnE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAKzB,YAAL,CAAkB0B,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAK3B,YAAL,CAAkB4B,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAK5B,YAAL,CAAkB6B,MAAlB,CAAyBF,cAAzB;AACD,KALkE,CAMnE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAOK,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKrF,KAAL,CAAWO,MAAX,CAAkBwE,WAAlB,CAAP;AACD,GAhT2D,CAkT5D;;;AACwB,QAAlBO,kBAAkB,CAACC,YAAD,EAAgD;AACtE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKjC,YAAL,CAAkB0B,SAAlB,EAAP,EAAsCO,YAArD;AACA,YAAMC,eAAe,GAAG,KAAKlC,YAAL,CAAkB4B,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAK5B,YAAL,CAAkB6B,MAAlB,CAAyBK,eAAzB;AACD,KALqE,CAMtE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAOH,OAAO,CAACC,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKrF,KAAL,CAAWO,MAAX,CAAkBgF,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAAC9J,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACF+J,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAjK,OAJJ;;AAKA,QAAI,CAAC+J,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKpC,YAAL,CAAkBuC,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKhK,OAAL,CAAagK,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GA5V2D,CA8V5D;;;AACa,QAAPE,OAAO,CAACvK,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAGO,MAAM,CAACC,MAAP,CAAc,EAAd,EAAkBR,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAIwK,UAAU,GAAGpI,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAImI,UAAU,GAAGrI,MAAM,CAACC,QAAP,CAAgBqI,IAAjC;AACA,QAAIV,qBAAqB,GAAGhK,OAAO,CAACgK,qBAAR,IACvB,KAAKhK,OAAL,CAAagK,qBADU,IAEvBQ,UAFL;AAIA,QAAIpB,WAAW,GAAGpJ,OAAO,CAACoJ,WAA1B;AACA,QAAIQ,YAAY,GAAG5J,OAAO,CAAC4J,YAA3B;AACA,QAAIT,iBAAiB,GAAGnJ,OAAO,CAACmJ,iBAAR,KAA8B,KAAtD;AACA,QAAIQ,kBAAkB,GAAG3J,OAAO,CAAC2J,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKjC,YAAL,CAAkBuC,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIT,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAKzB,YAAL,CAAkBuC,aAAlB,GAAkCd,WAAhD;AACD;;AAED,QAAI,CAACpJ,OAAO,CAAC+J,OAAb,EAAsB;AACpB/J,MAAAA,OAAO,CAAC+J,OAAR,GAAkB,KAAKpC,YAAL,CAAkBuC,aAAlB,GAAkCH,OAApD;AACD;;AAED,QAAIJ,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIT,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMiB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAG9J,OAAL;AAAcgK,MAAAA;AAAd,KAA3B,CAAlB,CAnCsC,CAoCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd;AACA,aAAO,KAAKzH,YAAL,GAAoB;AAApB,OACN4F,IADM,CACD,YAAW;AACf,YAAIwB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxCrI,UAAAA,MAAM,CAACC,QAAP,CAAgBsI,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACLvI,UAAAA,MAAM,CAACC,QAAP,CAAgB7B,MAAhB,CAAuBwJ,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KAVD,MAUO;AACL,UAAIhK,OAAO,CAAC4K,yBAAZ,EAAuC;AACrC;AACA,aAAKjD,YAAL,CAAkBoB,KAAlB;AACD,OAHD,MAGO;AACL,aAAKpB,YAAL,CAAkBkD,qBAAlB;AACD,OANI,CAOL;;;AACAzI,MAAAA,MAAM,CAACC,QAAP,CAAgB7B,MAAhB,CAAuB6J,SAAvB;AACD;AACF;;AAEDS,EAAAA,SAAS,CAAC1C,IAAD,EAAwB;AAC/B,QAAIxE,GAAG,GAAG,2BAA2B,yBAAcwE,IAAd,CAArC;AACA,QAAIpI,OAAO,GAAG;AACZkI,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAUtE,GAAV,EAAe5D,OAAf,CAAP;AACD,GAna2D,CAqa5D;AACA;AACA;AAEA;AACA;;;AACqB,QAAf+K,eAAe,GAAqB;AAExC,QAAI;AAAE3B,MAAAA,WAAF;AAAeW,MAAAA;AAAf,QAA2B,KAAKpC,YAAL,CAAkBuC,aAAlB,EAA/B;AACA,UAAM;AAAEc,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAKtD,YAAL,CAAkBuD,UAAlB,EAAlC;;AAEA,QAAI9B,WAAW,IAAI,KAAKzB,YAAL,CAAkBwD,UAAlB,CAA6B/B,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAGgC,SAAd;;AACA,UAAIJ,SAAJ,EAAe;AACb,YAAI;AACF5B,UAAAA,WAAW,GAAG,MAAM,KAAKzB,YAAL,CAAkB7C,KAAlB,CAAwB,aAAxB,CAApB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAImG,UAAJ,EAAgB;AACrB,aAAKtD,YAAL,CAAkB6B,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAIO,OAAO,IAAI,KAAKpC,YAAL,CAAkBwD,UAAlB,CAA6BpB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAGqB,SAAV;;AACA,UAAIJ,SAAJ,EAAe;AACb,YAAI;AACFjB,UAAAA,OAAO,GAAG,MAAM,KAAKpC,YAAL,CAAkB7C,KAAlB,CAAwB,SAAxB,CAAhB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAImG,UAAJ,EAAgB;AACrB,aAAKtD,YAAL,CAAkB6B,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIW,OAAjB,CAAR;AACD;;AAEY,QAAPsB,OAAO,GAAwB;AACnC,UAAM;AAAEtB,MAAAA,OAAF;AAAWX,MAAAA;AAAX,QAA2B,KAAKzB,YAAL,CAAkBuC,aAAlB,EAAjC;AACA,WAAO,KAAK7F,KAAL,CAAWa,WAAX,CAAuBkE,WAAvB,EAAoCW,OAApC,CAAP;AACD;;AAEDuB,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAEvB,MAAAA;AAAF,QAAc,KAAKpC,YAAL,CAAkBuC,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqBqB,SAAnC;AACD;;AAEDG,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEnC,MAAAA;AAAF,QAAkB,KAAKzB,YAAL,CAAkBuC,aAAlB,EAAxB;AACA,WAAOd,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BgC,SAA/C;AACD;;AAEDI,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAE5B,MAAAA;AAAF,QAAmB,KAAKjC,YAAL,CAAkBuC,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+BwB,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBK,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAKrH,KAAL,CAAWP,YAAX,EAAzB;AACA,SAAK6D,YAAL,CAAkBgE,SAAlB,CAA4BD,MAA5B;AACD;;AAED9C,EAAAA,cAAc,CAACF,WAAD,EAAsBuB,KAAtB,EAA4C;AACxD;AACA,UAAM2B,cAAc,GAAGC,wBAAeC,iBAAf,EAAvB;;AACAF,IAAAA,cAAc,CAACG,OAAf,CAAuBC,mCAAvB,EAAkDtD,WAAlD,EAHwD,CAKxD;;AACAuB,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMgC,aAAa,GAAG,KAAKhM,cAAL,CAAoBiM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACF,OAAd,CAAsB9B,KAAtB,EAA6BvB,WAA7B;AACD;AACF;;AAEDyD,EAAAA,cAAc,CAAClC,KAAD,EAAqC;AACjD;AACAA,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMgC,aAAa,GAAG,KAAKhM,cAAL,CAAoBiM,qBAApB,EAAtB;AACA,YAAMxD,WAAW,GAAGuD,aAAa,CAACG,OAAd,CAAsBnC,KAAtB,CAApB;;AACA,UAAIvB,WAAJ,EAAiB;AACf,eAAOA,WAAP;AACD;AACF,KATgD,CAWjD;;;AACA,UAAMrH,OAAO,GAAGwK,wBAAeC,iBAAf,EAAhB;;AACA,WAAOzK,OAAO,GAAGA,OAAO,CAAC+K,OAAR,CAAgBJ,mCAAhB,KAA8CZ,SAAjD,GAA6DA,SAA3E;AACD;;AAEDiB,EAAAA,iBAAiB,CAACpC,KAAD,EAAuB;AACtC;AACA,UAAM5I,OAAO,GAAGwK,wBAAeC,iBAAf,EAAhB;;AACAzK,IAAAA,OAAO,CAACiL,UAAR,CAAmBN,mCAAnB,EAHsC,CAKtC;;AACA/B,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMgC,aAAa,GAAG,KAAKhM,cAAL,CAAoBiM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACK,UAAd,IAA4BL,aAAa,CAACK,UAAd,CAAyBrC,KAAzB,CAA5B;AACD;AACF;;AAED5E,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnBkH,mBAAmB,CAACb,MAAD,EAAkBhD,WAAlB,EAAuD;AAC9E,QAAIuB,KAAK,GAAG,KAAKjK,OAAL,CAAaiK,KAAzB,CAD8E,CAG9E;;AACA,QAAIyB,MAAJ,EAAY;AACV,WAAK/D,YAAL,CAAkBgE,SAAlB,CAA4BD,MAA5B;AACAhD,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAKyD,cAAL,CAAoB,KAAKnM,OAAL,CAAaiK,KAAjC,CAA7B;AACD,KAHD,MAGO,IAAI,KAAK5E,eAAL,EAAJ,EAA4B;AACjC;AACA,YAAMmH,aAAa,GAAG,MAAM,6CAA0B,IAA1B,EAAgC,EAAhC,CAA5B;AACAvC,MAAAA,KAAK,GAAGuC,aAAa,CAACvC,KAAtB;AACAvB,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAKyD,cAAL,CAAoBlC,KAApB,CAA7B;AACA,YAAM,KAAKwB,uBAAL,EAAN;AACD,KANM,MAMA;AACL,aADK,CACG;AACT,KAf6E,CAiB9E;;;AACA,UAAM,KAAK5D,gBAAL,CAAsBE,eAAtB,EAAN,CAlB8E,CAoB9E;;AACA,SAAKsE,iBAAL,CAAuBpC,KAAvB,EArB8E,CAuB9E;;AACA,UAAM;AAAEwC,MAAAA;AAAF,QAAyB,KAAKzM,OAApC;;AACA,QAAIyM,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAO/D,WAAP,CAAxB;AACD,KAFD,MAEO,IAAIA,WAAJ,EAAiB;AACtBtG,MAAAA,MAAM,CAACC,QAAP,CAAgBqK,OAAhB,CAAwBhE,WAAxB;AACD;AACF;;AAEDiE,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAK3M,OAAL,CAAayB,IAAtB;AACD;;AAEDmL,EAAAA,eAAe,CAACC,YAAD,EAAgC;AAC7C,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAK/M,OAAL,CAAa6M,YAA3B,KAA4C,KAAK7M,OAAL,CAAa6M,YAAb,CAA0BG,MAA1E,EAAkF;AAChFJ,MAAAA,eAAe,GAAG,KAAK5M,OAAL,CAAa6M,YAAb,CAA0BnH,OAA1B,CAAkCmH,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAK5M,OAAL,CAAa6M,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GAvkB2D,CAykB5D;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA;AACA,WAAO,KAAKlN,OAAL,CAAamN,MAAb,CAAqBC,KAArB,CAA2B,UAA3B,EAAuC,CAAvC,CAAP;AACD,GAllB2D,CAolB5D;;;AACAC,EAAAA,cAAc,CAACjF,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GAvlB2D,CAylB5D;;;AACAkF,EAAAA,aAAa,CAAClF,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GA5lB2D,CA8lB5D;;;AACAmF,EAAAA,mBAAmB,CAACnF,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD;;AAjmB2D,C,CAomB9D;;;AACAvI,QAAQ,CAAC2N,QAAT,GAAoB3N,QAAQ,CAACyD,SAAT,CAAmBkK,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACAjN,MAAM,CAACC,MAAP,CAAcX,QAAd,EAAwB;AACtB4N,EAAAA;AADsB,CAAxB;eAIe5N,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window */\n\nimport { \n DEFAULT_MAX_CLOCK_SKEW, \n REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n OktaAuth as SDKInterface,\n OktaAuthOptions, \n AccessToken, \n IDToken,\n RefreshToken,\n TokenAPI, \n FeaturesAPI, \n SignoutAPI, \n FingerprintAPI,\n UserClaims, \n SigninWithRedirectOptions,\n SigninWithCredentialsOptions,\n SignoutOptions,\n Tokens,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n TransactionAPI,\n SessionAPI,\n SigninAPI,\n PkceAPI,\n SigninOptions,\n IdxAPI,\n SignoutRedirectUrlOptions,\n HttpAPI,\n FlowIdentifier,\n GetWithRedirectAPI,\n ParseFromUrlInterface,\n GetWithRedirectFunction,\n} from './types';\nimport {\n transactionStatus,\n resumeTransaction,\n transactionExists,\n introspectAuthn,\n postToTransaction,\n AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n closeSession,\n sessionExists,\n getSession,\n refreshSession,\n setCookieAndRedirect\n} from './session';\nimport {\n getOAuthUrls,\n getWithoutPrompt,\n getWithPopup,\n getWithRedirect,\n isLoginRedirect,\n parseFromUrl,\n decodeToken,\n revokeToken,\n renewToken,\n renewTokens,\n renewTokensWithRefresh,\n getUserInfo,\n verifyToken,\n prepareTokenParams,\n exchangeCodeForTokens,\n isInteractionRequiredError,\n isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport browserStorage from './browser/browserStorage';\nimport { \n toQueryString, \n toAbsoluteUrl,\n clone,\n} from './util';\nimport { TokenManager } from './TokenManager';\nimport { get, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport StorageManager from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n interact,\n introspect,\n authenticate,\n cancel,\n poll,\n proceed,\n register,\n recoverPassword,\n startTransaction,\n handleInteractionCodeRedirect,\n canProceed,\n handleEmailVerifyCallback,\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError\n} from './idx';\nimport { createGlobalRequestInterceptor, setGlobalRequestInterceptor } from './idx/headers';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\nimport {\n getSavedTransactionMeta,\n createTransactionMeta,\n getTransactionMeta,\n saveTransactionMeta,\n clearTransactionMeta,\n isTransactionMetaValid\n} from './idx/transactionMeta';\n\nconst Emitter = require('tiny-emitter');\n\nclass OktaAuth implements SDKInterface, SigninAPI, SignoutAPI {\n options: OktaAuthOptions;\n storageManager: StorageManager;\n transactionManager: TransactionManager;\n tx: TransactionAPI;\n idx: IdxAPI;\n session: SessionAPI;\n pkce: PkceAPI;\n static features: FeaturesAPI;\n features!: FeaturesAPI;\n token: TokenAPI;\n _tokenQueue: PromiseQueue;\n emitter: typeof Emitter;\n tokenManager: TokenManager;\n authStateManager: AuthStateManager;\n http: HttpAPI;\n fingerprint: FingerprintAPI;\n _oktaUserAgent: OktaUserAgent;\n _pending: { handleLogin: boolean };\n constructor(args: OktaAuthOptions) {\n const options = this.options = buildOptions(args);\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = new StorageManager(options.storageManager!, options.cookies!, options.storageUtil!);\n this.transactionManager = new TransactionManager(Object.assign({\n storageManager: this.storageManager,\n }, options.transactionManager));\n this._oktaUserAgent = new OktaUserAgent();\n\n this.tx = {\n status: transactionStatus.bind(null, this),\n resume: resumeTransaction.bind(null, this),\n exists: Object.assign(transactionExists.bind(null, this), {\n _get: (name) => {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const storage = options.storageUtil!.storage;\n return storage.get(name);\n }\n }),\n introspect: introspectAuthn.bind(null, this)\n };\n\n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n\n // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n Object.assign(this.options.storageUtil, {\n getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n });\n\n this._pending = { handleLogin: false };\n\n if (isBrowser()) {\n this.options = Object.assign(this.options, {\n redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n });\n }\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.options.maxClockSkew = args.maxClockSkew;\n }\n\n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n this.session = {\n close: closeSession.bind(null, this),\n exists: sessionExists.bind(null, this),\n get: getSession.bind(null, this),\n refresh: refreshSession.bind(null, this),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n };\n\n this._tokenQueue = new PromiseQueue();\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n };\n\n // eslint-disable-next-line max-len\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, this)) as GetWithRedirectFunction;\n const getWithRedirectApi: GetWithRedirectAPI = Object.assign(getWithRedirectFn, {\n // This is exposed so we can set window.location in our tests\n _setLocation: function(url) {\n window.location = url;\n }\n });\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, this)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n this.token = {\n prepareTokenParams: prepareTokenParams.bind(null, this),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n getWithoutPrompt: getWithoutPrompt.bind(null, this),\n getWithPopup: getWithPopup.bind(null, this),\n getWithRedirect: getWithRedirectApi,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, this),\n renew: renewToken.bind(null, this),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n renewTokens: renewTokens.bind(null, this),\n getUserInfo: getUserInfo.bind(null, this),\n verify: verifyToken.bind(null, this),\n isLoginRedirect: isLoginRedirect.bind(null, this)\n };\n // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n const syncMethods = [\n // sync methods\n 'decode',\n 'isLoginRedirect',\n // already bound\n 'getWithRedirect',\n 'parseFromUrl'\n ];\n Object.keys(this.token).forEach(key => {\n if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n return;\n }\n var method = this.token[key];\n this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n });\n\n // IDX\n const boundStartTransaction = startTransaction.bind(null, this);\n this.idx = {\n interact: interact.bind(null, this),\n introspect: introspect.bind(null, this),\n authenticate: authenticate.bind(null, this),\n register: register.bind(null, this),\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n poll: poll.bind(null, this),\n proceed: proceed.bind(null, this),\n cancel: cancel.bind(null, this),\n recoverPassword: recoverPassword.bind(null, this),\n\n // oauth redirect callback\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n\n // interaction required callback\n isInteractionRequired: isInteractionRequired.bind(null, this),\n isInteractionRequiredError,\n\n // email verify callback\n handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, this),\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError,\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, this),\n createTransactionMeta: createTransactionMeta.bind(null, this),\n getTransactionMeta: getTransactionMeta.bind(null, this),\n saveTransactionMeta: saveTransactionMeta.bind(null, this),\n clearTransactionMeta: clearTransactionMeta.bind(null, this),\n isTransactionMetaValid,\n setFlow: (flow: FlowIdentifier) => {\n this.options.flow = flow;\n },\n getFlow: (): FlowIdentifier | undefined => {\n return this.options.flow;\n },\n canProceed: canProceed.bind(null, this),\n };\n\n setGlobalRequestInterceptor(createGlobalRequestInterceptor(this)); // to pass custom headers to IDX endpoints\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n\n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n\n this.emitter = new Emitter();\n\n // TokenManager\n this.tokenManager = new TokenManager(this, args.tokenManager);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager(this);\n }\n\n start() {\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n this.authStateManager.updateAuthState();\n }\n }\n\n stop() {\n this.tokenManager.stop();\n }\n\n setHeaders(headers) {\n this.options.headers = Object.assign({}, this.options.headers, headers);\n }\n\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return postToTransaction(this, '/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<unknown> {\n return this.session.close() // DELETE /api/v1/sessions/me\n .then(async () => {\n // Clear all local tokens\n this.tokenManager.clear();\n })\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return null;\n }\n throw e;\n });\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (!postLogoutRedirectUri) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n async signOut(options?: SignoutOptions) {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n var defaultUri = window.location.origin;\n var currentUri = window.location.href;\n var postLogoutRedirectUri = options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri;\n \n var accessToken = options.accessToken;\n var refreshToken = options.refreshToken;\n var revokeAccessToken = options.revokeAccessToken !== false;\n var revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n return this.closeSession() // can throw if the user cannot be signed out\n .then(function() {\n if (postLogoutRedirectUri === currentUri) {\n window.location.reload(); // force a hard reload if URI is not changing\n } else {\n window.location.assign(postLogoutRedirectUri);\n }\n });\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n }\n }\n\n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n\n //\n // Common Methods from downstream SDKs\n //\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n async isAuthenticated(): Promise<boolean> {\n\n let { accessToken, idToken } = this.tokenManager.getTokensSync();\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (autoRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (autoRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (autoRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (autoRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n async getUser(): Promise<UserClaims> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n\n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n\n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n\n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens } = await this.token.parseFromUrl();\n this.tokenManager.setTokens(tokens);\n }\n\n setOriginalUri(originalUri: string, state?: string): void {\n // always store in session storage\n const sessionStorage = browserStorage.getSessionStorage();\n sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n\n // to support multi-tab flows, set a state in constructor or pass as param\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.setItem(state, originalUri);\n }\n }\n\n getOriginalUri(state?: string): string | undefined {\n // Prefer shared storage (if state is available)\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n const originalUri = sharedStorage.getItem(state);\n if (originalUri) {\n return originalUri;\n }\n }\n\n // Try to load from session storage\n const storage = browserStorage.getSessionStorage();\n return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;\n }\n\n removeOriginalUri(state?: string): void {\n // Remove from sessionStorage\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n\n // Also remove from shared storage\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.removeItem && sharedStorage.removeItem(state);\n }\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n\n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n\n // clear originalUri from storage\n this.removeOriginalUri(state);\n\n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: string): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // { username, password, (relayState), (context) }\n // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n // return postToTransaction(this, '/api/v1/authn', opts);\n // }\n\n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return this.options.issuer!.split('/oauth2/')[0];\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n }\n}\n\n// Hoist feature detection functions to static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Also hoist constants for CommonJS users\nObject.assign(OktaAuth, {\n constants\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
1
+ {"version":3,"sources":["../../lib/OktaAuth.ts"],"names":["OktaAuth","constructor","args","options","storageManager","StorageManager","cookies","storageUtil","transactionManager","TransactionManager","_oktaUserAgent","OktaUserAgent","tx","status","transactionStatus","bind","resume","resumeTransaction","exists","transactionExists","_get","name","storage","get","introspect","introspectAuthn","pkce","DEFAULT_CODE_CHALLENGE_METHOD","PKCE","generateVerifier","computeChallenge","getPKCEStorage","getLegacyPKCEStorage","getHttpCache","_pending","handleLogin","redirectUri","window","location","origin","maxClockSkew","DEFAULT_MAX_CLOCK_SKEW","ignoreLifetime","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","_tokenQueue","PromiseQueue","useQueue","method","prototype","push","getWithRedirectFn","getWithRedirect","getWithRedirectApi","_setLocation","url","parseFromUrlFn","parseFromUrl","parseFromUrlApi","_getHistory","history","_getLocation","_getDocument","document","token","prepareTokenParams","exchangeCodeForTokens","getWithoutPrompt","getWithPopup","decode","decodeToken","revoke","revokeToken","renew","renewToken","renewTokensWithRefresh","renewTokens","getUserInfo","verify","verifyToken","isLoginRedirect","syncMethods","forEach","key","boundStartTransaction","startTransaction","idx","interact","authenticate","register","start","poll","proceed","cancel","recoverPassword","handleInteractionCodeRedirect","isInteractionRequired","isInteractionRequiredError","handleEmailVerifyCallback","isEmailVerifyCallback","parseEmailVerifyCallback","isEmailVerifyCallbackError","getSavedTransactionMeta","createTransactionMeta","getTransactionMeta","saveTransactionMeta","clearTransactionMeta","isTransactionMetaValid","setFlow","flow","getFlow","canProceed","unlockAccount","http","setRequestHeader","fingerprint","emitter","Emitter","tokenManager","TokenManager","authStateManager","AuthStateManager","serviceManager","ServiceManager","services","updateAuthState","stop","setHeaders","headers","signIn","opts","signInWithCredentials","_postToTransaction","sendFingerprint","then","signInWithRedirect","originalUri","additionalParams","setOriginalUri","params","scopes","clear","catch","e","errorCode","revokeAccessToken","accessToken","getTokens","accessTokenKey","getStorageKeyByType","remove","resolve","revokeRefreshToken","refreshToken","refreshTokenKey","getSignOutRedirectUrl","idToken","postLogoutRedirectUri","state","getTokensSync","logoutUrl","idTokenHint","logoutUri","encodeURIComponent","signOut","defaultUri","currentUri","href","reload","assign","clearTokensBeforeRedirect","addPendingRemoveFlags","webfinger","isAuthenticated","autoRenew","autoRemove","getOptions","shouldRenew","onExpiredToken","shouldRemove","hasExpired","undefined","getUser","getIdToken","getAccessToken","getRefreshToken","storeTokensFromRedirect","tokens","setTokens","sessionStorage","browserStorage","getSessionStorage","setItem","REFERRER_PATH_STORAGE_KEY","sharedStorage","getOriginalUriStorage","getOriginalUri","getItem","removeOriginalUri","removeItem","handleLoginRedirect","oAuthResponse","restoreOriginalUri","replace","isPKCE","hasResponseType","responseType","Array","isArray","length","isAuthorizationCodeFlow","getIssuerOrigin","issuer","split","forgotPassword","verifyRecoveryToken","invokeApiMethod","features","crypto","webauthn","constants"],"mappings":";;;;;;;;;;;;;;;;;;AAeA;;AAuCA;;AAQA;;AACA;;AAOA;;AAmBA;;AAEA;;AACA;;AACA;;AACA;;AAKA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAkBA;;AACA;;AACA;;AACA;;AAUA;;;;;;AA3IA;;AACA;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACA;AA4HA;AACA;AAGA,MAAMA,QAAN,CAAmE;AAsBjEC,EAAAA,WAAW,CAACC,IAAD,EAAwB;AACjC,UAAMC,OAAO,GAAG,KAAKA,OAAL,GAAe,2BAAaD,IAAb,CAA/B,CADiC,CAEjC;;AACA,SAAKE,cAAL,GAAsB,IAAIC,8BAAJ,CAAmBF,OAAO,CAACC,cAA3B,EAA4CD,OAAO,CAACG,OAApD,EAA8DH,OAAO,CAACI,WAAtE,CAAtB;AACA,SAAKC,kBAAL,GAA0B,IAAIC,2BAAJ,CAAuB,qBAAc;AAC7DL,MAAAA,cAAc,EAAE,KAAKA;AADwC,KAAd,EAE9CD,OAAO,CAACK,kBAFsC,CAAvB,CAA1B;AAGA,SAAKE,cAAL,GAAsB,IAAIC,4BAAJ,EAAtB;AAEA,SAAKC,EAAL,GAAU;AACRC,MAAAA,MAAM,EAAEC,sBAAkBC,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CADA;AAERC,MAAAA,MAAM,EAAEC,sBAAkBF,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAFA;AAGRG,MAAAA,MAAM,EAAE,qBAAcC,sBAAkBJ,IAAlB,CAAuB,IAAvB,EAA6B,IAA7B,CAAd,EAAkD;AACxDK,QAAAA,IAAI,EAAGC,IAAD,IAAU;AACd;AACA,gBAAMC,OAAO,GAAGnB,OAAO,CAACI,WAAR,CAAqBe,OAArC;AACA,iBAAOA,OAAO,CAACC,GAAR,CAAYF,IAAZ,CAAP;AACD;AALuD,OAAlD,CAHA;AAURG,MAAAA,UAAU,EAAEC,oBAAgBV,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAVJ,KAAV;AAaA,SAAKW,IAAL,GAAY;AACVC,MAAAA,6BAA6B,EAAEC,cAAKD,6BAD1B;AAEVE,MAAAA,gBAAgB,EAAED,cAAKC,gBAFb;AAGVC,MAAAA,gBAAgB,EAAEF,cAAKE;AAHb,KAAZ,CAtBiC,CA4BjC;;AACA,yBAAc,KAAK3B,OAAL,CAAaI,WAA3B,EAAwC;AACtCwB,MAAAA,cAAc,EAAE,KAAK3B,cAAL,CAAoB4B,oBAApB,CAAyCjB,IAAzC,CAA8C,KAAKX,cAAnD,CADsB;AAEtC6B,MAAAA,YAAY,EAAE,KAAK7B,cAAL,CAAoB6B,YAApB,CAAiClB,IAAjC,CAAsC,KAAKX,cAA3C;AAFwB,KAAxC;AAKA,SAAK8B,QAAL,GAAgB;AAAEC,MAAAA,WAAW,EAAE;AAAf,KAAhB;;AAEA,QAAI,yBAAJ,EAAiB;AACf,WAAKhC,OAAL,GAAe,qBAAc,KAAKA,OAAnB,EAA4B;AACzCiC,QAAAA,WAAW,EAAE,yBAAclC,IAAI,CAACkC,WAAnB,EAAgCC,MAAM,CAACC,QAAP,CAAgBC,MAAhD,CAD4B,CAC6B;;AAD7B,OAA5B,CAAf;AAGD,KAxCgC,CA0CjC;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,QAAI,CAACrC,IAAI,CAACsC,YAAN,IAAsBtC,IAAI,CAACsC,YAAL,KAAsB,CAAhD,EAAmD;AACjD,WAAKrC,OAAL,CAAaqC,YAAb,GAA4BC,gCAA5B;AACD,KAFD,MAEO;AACL,WAAKtC,OAAL,CAAaqC,YAAb,GAA4BtC,IAAI,CAACsC,YAAjC;AACD,KArDgC,CAuDjC;AACA;AACA;;;AACA,SAAKrC,OAAL,CAAauC,cAAb,GAA8B,CAAC,CAACxC,IAAI,CAACwC,cAArC;AAEA,SAAKC,OAAL,GAAe;AACbC,MAAAA,KAAK,EAAEC,sBAAa9B,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CADM;AAEbG,MAAAA,MAAM,EAAE4B,uBAAc/B,IAAd,CAAmB,IAAnB,EAAyB,IAAzB,CAFK;AAGbQ,MAAAA,GAAG,EAAEwB,oBAAWhC,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAHQ;AAIbiC,MAAAA,OAAO,EAAEC,wBAAelC,IAAf,CAAoB,IAApB,EAA0B,IAA1B,CAJI;AAKbmC,MAAAA,oBAAoB,EAAEA,8BAAqBnC,IAArB,CAA0B,IAA1B,EAAgC,IAAhC;AALT,KAAf;AAQA,SAAKoC,WAAL,GAAmB,IAAIC,qBAAJ,EAAnB;;AACA,UAAMC,QAAQ,GAAIC,MAAD,IAAY;AAC3B,aAAOF,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAP;AACD,KAFD,CArEiC,CAyEjC;;;AACA,UAAMG,iBAAiB,GAAGJ,QAAQ,CAACK,sBAAgB3C,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAAD,CAAlC;AACA,UAAM4C,kBAAsC,GAAG,qBAAcF,iBAAd,EAAiC;AAC9E;AACAG,MAAAA,YAAY,EAAE,UAASC,GAAT,EAAc;AAC1BxB,QAAAA,MAAM,CAACC,QAAP,GAAkBuB,GAAlB;AACD;AAJ6E,KAAjC,CAA/C,CA3EiC,CAiFjC;;AACA,UAAMC,cAAc,GAAGT,QAAQ,CAACU,mBAAahD,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAAD,CAA/B;AACA,UAAMiD,eAAsC,GAAG,qBAAcF,cAAd,EAA8B;AAC3E;AACAG,MAAAA,WAAW,EAAE,YAAW;AACtB,eAAO5B,MAAM,CAAC6B,OAAd;AACD,OAJ0E;AAM3E;AACAC,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO9B,MAAM,CAACC,QAAd;AACD,OAT0E;AAW3E;AACA8B,MAAAA,YAAY,EAAE,YAAW;AACvB,eAAO/B,MAAM,CAACgC,QAAd;AACD;AAd0E,KAA9B,CAA/C;AAgBA,SAAKC,KAAL,GAAa;AACXC,MAAAA,kBAAkB,EAAEA,yBAAmBxD,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CADT;AAEXyD,MAAAA,qBAAqB,EAAEA,4BAAsBzD,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAFZ;AAGX0D,MAAAA,gBAAgB,EAAEA,uBAAiB1D,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAHP;AAIX2D,MAAAA,YAAY,EAAEA,mBAAa3D,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAJH;AAKX2C,MAAAA,eAAe,EAAEC,kBALN;AAMXI,MAAAA,YAAY,EAAEC,eANH;AAOXW,MAAAA,MAAM,EAAEC,iBAPG;AAQXC,MAAAA,MAAM,EAAEC,kBAAY/D,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CARG;AASXgE,MAAAA,KAAK,EAAEC,iBAAWjE,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CATI;AAUXkE,MAAAA,sBAAsB,EAAEA,6BAAuBlE,IAAvB,CAA4B,IAA5B,EAAkC,IAAlC,CAVb;AAWXmE,MAAAA,WAAW,EAAEA,kBAAYnE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAXF;AAYXoE,MAAAA,WAAW,EAAEA,kBAAYpE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAZF;AAaXqE,MAAAA,MAAM,EAAEC,kBAAYtE,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAbG;AAcXuE,MAAAA,eAAe,EAAEA,sBAAgBvE,IAAhB,CAAqB,IAArB,EAA2B,IAA3B;AAdN,KAAb,CAnGiC,CAmHjC;;AACA,UAAMwE,WAAW,GAAG,CAClB;AACA,YAFkB,EAGlB,iBAHkB,EAIlB;AACA,qBALkB,EAMlB,cANkB,CAApB;AAQA,uBAAY,KAAKjB,KAAjB,EAAwBkB,OAAxB,CAAgCC,GAAG,IAAI;AACrC,UAAI,sBAAAF,WAAW,MAAX,CAAAA,WAAW,EAASE,GAAT,CAAX,IAA4B,CAAhC,EAAmC;AAAE;AACnC;AACD;;AACD,UAAInC,MAAM,GAAG,KAAKgB,KAAL,CAAWmB,GAAX,CAAb;AACA,WAAKnB,KAAL,CAAWmB,GAAX,IAAkBrC,sBAAaG,SAAb,CAAuBC,IAAvB,CAA4BzC,IAA5B,CAAiC,KAAKoC,WAAtC,EAAmDG,MAAnD,EAA2D,IAA3D,CAAlB;AACD,KAND,EA5HiC,CAoIjC;;AACA,UAAMoC,qBAAqB,GAAGC,sBAAiB5E,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B,CAA9B;;AACA,SAAK6E,GAAL,GAAW;AACTC,MAAAA,QAAQ,EAAEA,cAAS9E,IAAT,CAAc,IAAd,EAAoB,IAApB,CADD;AAETS,MAAAA,UAAU,EAAEA,gBAAWT,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CAFH;AAGT+E,MAAAA,YAAY,EAAEA,kBAAa/E,IAAb,CAAkB,IAAlB,EAAwB,IAAxB,CAHL;AAITgF,MAAAA,QAAQ,EAAEA,cAAShF,IAAT,CAAc,IAAd,EAAoB,IAApB,CAJD;AAKTiF,MAAAA,KAAK,EAAEN,qBALE;AAMTC,MAAAA,gBAAgB,EAAED,qBANT;AAMgC;AACzCO,MAAAA,IAAI,EAAEA,UAAKlF,IAAL,CAAU,IAAV,EAAgB,IAAhB,CAPG;AAQTmF,MAAAA,OAAO,EAAEA,aAAQnF,IAAR,CAAa,IAAb,EAAmB,IAAnB,CARA;AASToF,MAAAA,MAAM,EAAEA,YAAOpF,IAAP,CAAY,IAAZ,EAAkB,IAAlB,CATC;AAUTqF,MAAAA,eAAe,EAAEA,qBAAgBrF,IAAhB,CAAqB,IAArB,EAA2B,IAA3B,CAVR;AAYT;AACAsF,MAAAA,6BAA6B,EAAEA,mCAA8BtF,IAA9B,CAAmC,IAAnC,EAAyC,IAAzC,CAbtB;AAeT;AACAuF,MAAAA,qBAAqB,EAAEA,4BAAsBvF,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CAhBd;AAiBTwF,MAAAA,0BAA0B,EAA1BA,gCAjBS;AAmBT;AACAC,MAAAA,yBAAyB,EAAEA,+BAA0BzF,IAA1B,CAA+B,IAA/B,EAAqC,IAArC,CApBlB;AAqBT0F,MAAAA,qBAAqB,EAArBA,0BArBS;AAsBTC,MAAAA,wBAAwB,EAAxBA,6BAtBS;AAuBTC,MAAAA,0BAA0B,EAA1BA,+BAvBS;AAyBTC,MAAAA,uBAAuB,EAAEA,yCAAwB7F,IAAxB,CAA6B,IAA7B,EAAmC,IAAnC,CAzBhB;AA0BT8F,MAAAA,qBAAqB,EAAEA,uCAAsB9F,IAAtB,CAA2B,IAA3B,EAAiC,IAAjC,CA1Bd;AA2BT+F,MAAAA,kBAAkB,EAAEA,oCAAmB/F,IAAnB,CAAwB,IAAxB,EAA8B,IAA9B,CA3BX;AA4BTgG,MAAAA,mBAAmB,EAAEA,qCAAoBhG,IAApB,CAAyB,IAAzB,EAA+B,IAA/B,CA5BZ;AA6BTiG,MAAAA,oBAAoB,EAAEA,sCAAqBjG,IAArB,CAA0B,IAA1B,EAAgC,IAAhC,CA7Bb;AA8BTkG,MAAAA,sBAAsB,EAAtBA,uCA9BS;AA+BTC,MAAAA,OAAO,EAAGC,IAAD,IAA0B;AACjC,aAAKhH,OAAL,CAAagH,IAAb,GAAoBA,IAApB;AACD,OAjCQ;AAkCTC,MAAAA,OAAO,EAAE,MAAkC;AACzC,eAAO,KAAKjH,OAAL,CAAagH,IAApB;AACD,OApCQ;AAqCTE,MAAAA,UAAU,EAAEA,gBAAWtG,IAAX,CAAgB,IAAhB,EAAsB,IAAtB,CArCH;AAsCTuG,MAAAA,aAAa,EAAEA,mBAAcvG,IAAd,CAAmB,IAAnB,EAAyB,IAAzB;AAtCN,KAAX;AAyCA,8CAA4B,6CAA+B,IAA/B,CAA5B,EA/KiC,CA+KkC;AAEnE;;AACA,SAAKwG,IAAL,GAAY;AACVC,MAAAA,gBAAgB,EAAEA,uBAAiBzG,IAAjB,CAAsB,IAAtB,EAA4B,IAA5B;AADR,KAAZ,CAlLiC,CAsLjC;;AACA,SAAK0G,WAAL,GAAmBA,qBAAY1G,IAAZ,CAAiB,IAAjB,EAAuB,IAAvB,CAAnB;AAEA,SAAK2G,OAAL,GAAe,IAAIC,oBAAJ,EAAf,CAzLiC,CA2LjC;;AACA,SAAKC,YAAL,GAAoB,IAAIC,0BAAJ,CAAiB,IAAjB,EAAuB3H,IAAI,CAAC0H,YAA5B,CAApB,CA5LiC,CA8LjC;;AACA,SAAKE,gBAAL,GAAwB,IAAIC,kCAAJ,CAAqB,IAArB,CAAxB,CA/LiC,CAiMjC;;AACA,SAAKC,cAAL,GAAsB,IAAIC,8BAAJ,CAAmB,IAAnB,EAAyB/H,IAAI,CAACgI,QAA9B,CAAtB;AACD;;AAEDlC,EAAAA,KAAK,GAAG;AACN;AACA,SAAK4B,YAAL,CAAkB5B,KAAlB;;AACA,QAAI,CAAC,KAAK1B,KAAL,CAAWgB,eAAX,EAAL,EAAmC;AACjC,WAAKwC,gBAAL,CAAsBK,eAAtB;AACD;;AACD,SAAKH,cAAL,CAAoBhC,KAApB;AACD;;AAEDoC,EAAAA,IAAI,GAAG;AACL;AACA,SAAKR,YAAL,CAAkBQ,IAAlB;AACA,SAAKJ,cAAL,CAAoBI,IAApB;AACD;;AAEDC,EAAAA,UAAU,CAACC,OAAD,EAAU;AAClB,SAAKnI,OAAL,CAAamI,OAAb,GAAuB,qBAAc,EAAd,EAAkB,KAAKnI,OAAL,CAAamI,OAA/B,EAAwCA,OAAxC,CAAvB;AACD,GA5OgE,CA+OjE;;;AACY,QAANC,MAAM,CAACC,IAAD,EAAgD;AAC1D,WAAO,KAAKC,qBAAL,CAA2BD,IAA3B,CAAP;AACD,GAlPgE,CAoPjE;;;AAC2B,QAArBC,qBAAqB,CAACD,IAAD,EAA+D;AACxFA,IAAAA,IAAI,GAAG,iBAAMA,IAAI,IAAI,EAAd,CAAP;;AACA,UAAME,kBAAkB,GAAIvI,OAAD,IAAc;AACvC,aAAOqI,IAAI,CAACG,eAAZ;AACA,aAAO,2BAAkB,IAAlB,EAAwB,eAAxB,EAAyCH,IAAzC,EAA+CrI,OAA/C,CAAP;AACD,KAHD;;AAIA,QAAI,CAACqI,IAAI,CAACG,eAAV,EAA2B;AACzB,aAAOD,kBAAkB,EAAzB;AACD;;AACD,WAAO,KAAKjB,WAAL,GACNmB,IADM,CACD,UAASnB,WAAT,EAAsB;AAC1B,aAAOiB,kBAAkB,CAAC;AACxBJ,QAAAA,OAAO,EAAE;AACP,kCAAwBb;AADjB;AADe,OAAD,CAAzB;AAKD,KAPM,CAAP;AAQD;;AAEuB,QAAlBoB,kBAAkB,CAACL,IAA+B,GAAG,EAAnC,EAAuC;AAC7D,UAAM;AAAEM,MAAAA,WAAF;AAAe,SAAGC;AAAlB,QAAuCP,IAA7C;;AACA,QAAG,KAAKtG,QAAL,CAAcC,WAAjB,EAA8B;AAC5B;AACA;AACD;;AAED,SAAKD,QAAL,CAAcC,WAAd,GAA4B,IAA5B;;AACA,QAAI;AACF;AACA,UAAI2G,WAAJ,EAAiB;AACf,aAAKE,cAAL,CAAoBF,WAApB;AACD;;AACD,YAAMG,MAAM,GAAG,qBAAc;AAC3B;AACAC,QAAAA,MAAM,EAAE,KAAK/I,OAAL,CAAa+I,MAAb,IAAuB,CAAC,QAAD,EAAW,OAAX,EAAoB,SAApB;AAFJ,OAAd,EAGZH,gBAHY,CAAf;AAIA,YAAM,KAAKzE,KAAL,CAAWZ,eAAX,CAA2BuF,MAA3B,CAAN;AACD,KAVD,SAUU;AACR,WAAK/G,QAAL,CAAcC,WAAd,GAA4B,KAA5B;AACD;AACF,GA7RgE,CA+RjE;;;AACAU,EAAAA,YAAY,GAAqB;AAC/B,WAAO,KAAKF,OAAL,CAAaC,KAAb,GAAqB;AAArB,KACNgG,IADM,CACD,YAAY;AAChB;AACA,WAAKhB,YAAL,CAAkBuB,KAAlB;AACD,KAJM,EAKNC,KALM,CAKA,UAASC,CAAT,EAAY;AACjB,UAAIA,CAAC,CAAChI,IAAF,KAAW,cAAX,IAA6BgI,CAAC,CAACC,SAAF,KAAgB,UAAjD,EAA6D;AAC3D;AACA,eAAO,IAAP;AACD;;AACD,YAAMD,CAAN;AACD,KAXM,CAAP;AAYD,GA7SgE,CA+SjE;;;AACuB,QAAjBE,iBAAiB,CAACC,WAAD,EAA8C;AACnE,QAAI,CAACA,WAAL,EAAkB;AAChBA,MAAAA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAApD;AACA,YAAME,cAAc,GAAG,KAAK9B,YAAL,CAAkB+B,mBAAlB,CAAsC,aAAtC,CAAvB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBF,cAAzB;AACD,KALkE,CAMnE;;;AACA,QAAI,CAACF,WAAL,EAAkB;AAChB,aAAO,iBAAQK,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKvF,KAAL,CAAWO,MAAX,CAAkB2E,WAAlB,CAAP;AACD,GA3TgE,CA6TjE;;;AACwB,QAAlBM,kBAAkB,CAACC,YAAD,EAAgD;AACtE,QAAI,CAACA,YAAL,EAAmB;AACjBA,MAAAA,YAAY,GAAG,CAAC,MAAM,KAAKnC,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCM,YAArD;AACA,YAAMC,eAAe,GAAG,KAAKpC,YAAL,CAAkB+B,mBAAlB,CAAsC,cAAtC,CAAxB;AACA,WAAK/B,YAAL,CAAkBgC,MAAlB,CAAyBI,eAAzB;AACD,KALqE,CAMtE;;;AACA,QAAI,CAACD,YAAL,EAAmB;AACjB,aAAO,iBAAQF,OAAR,CAAgB,IAAhB,CAAP;AACD;;AACD,WAAO,KAAKvF,KAAL,CAAWO,MAAX,CAAkBkF,YAAlB,CAAP;AACD;;AAEDE,EAAAA,qBAAqB,CAAC9J,OAAkC,GAAG,EAAtC,EAA0C;AAC7D,QAAI;AACF+J,MAAAA,OADE;AAEFC,MAAAA,qBAFE;AAGFC,MAAAA;AAHE,QAIAjK,OAJJ;;AAKA,QAAI,CAAC+J,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAA5C;AACD;;AACD,QAAI,CAACA,OAAL,EAAc;AACZ,aAAO,EAAP;AACD;;AACD,QAAI,CAACC,qBAAL,EAA4B;AAC1BA,MAAAA,qBAAqB,GAAG,KAAKhK,OAAL,CAAagK,qBAArC;AACD;;AAED,UAAMG,SAAS,GAAG,wBAAa,IAAb,EAAmBA,SAArC;AACA,UAAMC,WAAW,GAAGL,OAAO,CAACA,OAA5B,CAjB6D,CAiBxB;;AACrC,QAAIM,SAAS,GAAGF,SAAS,GAAG,iBAAZ,GAAgCG,kBAAkB,CAACF,WAAD,CAAlE;;AACA,QAAIJ,qBAAJ,EAA2B;AACzBK,MAAAA,SAAS,IAAI,+BAA+BC,kBAAkB,CAACN,qBAAD,CAA9D;AACD,KArB4D,CAsB7D;;;AACA,QAAIC,KAAJ,EAAW;AACTI,MAAAA,SAAS,IAAI,YAAYC,kBAAkB,CAACL,KAAD,CAA3C;AACD;;AAED,WAAOI,SAAP;AACD,GAvWgE,CAyWjE;;;AACa,QAAPE,OAAO,CAACvK,OAAD,EAA2B;AACtCA,IAAAA,OAAO,GAAG,qBAAc,EAAd,EAAkBA,OAAlB,CAAV,CADsC,CAGtC;;AACA,QAAIwK,UAAU,GAAGtI,MAAM,CAACC,QAAP,CAAgBC,MAAjC;AACA,QAAIqI,UAAU,GAAGvI,MAAM,CAACC,QAAP,CAAgBuI,IAAjC;AACA,QAAIV,qBAAqB,GAAGhK,OAAO,CAACgK,qBAAR,IACvB,KAAKhK,OAAL,CAAagK,qBADU,IAEvBQ,UAFL;AAIA,QAAInB,WAAW,GAAGrJ,OAAO,CAACqJ,WAA1B;AACA,QAAIO,YAAY,GAAG5J,OAAO,CAAC4J,YAA3B;AACA,QAAIR,iBAAiB,GAAGpJ,OAAO,CAACoJ,iBAAR,KAA8B,KAAtD;AACA,QAAIO,kBAAkB,GAAG3J,OAAO,CAAC2J,kBAAR,KAA+B,KAAxD;;AAEA,QAAIA,kBAAkB,IAAI,OAAOC,YAAP,KAAwB,WAAlD,EAA+D;AAC7DA,MAAAA,YAAY,GAAG,KAAKnC,YAAL,CAAkByC,aAAlB,GAAkCN,YAAjD;AACD;;AAED,QAAIR,iBAAiB,IAAI,OAAOC,WAAP,KAAuB,WAAhD,EAA6D;AAC3DA,MAAAA,WAAW,GAAG,KAAK5B,YAAL,CAAkByC,aAAlB,GAAkCb,WAAhD;AACD;;AAED,QAAI,CAACrJ,OAAO,CAAC+J,OAAb,EAAsB;AACpB/J,MAAAA,OAAO,CAAC+J,OAAR,GAAkB,KAAKtC,YAAL,CAAkByC,aAAlB,GAAkCH,OAApD;AACD;;AAED,QAAIJ,kBAAkB,IAAIC,YAA1B,EAAwC;AACtC,YAAM,KAAKD,kBAAL,CAAwBC,YAAxB,CAAN;AACD;;AAED,QAAIR,iBAAiB,IAAIC,WAAzB,EAAsC;AACpC,YAAM,KAAKD,iBAAL,CAAuBC,WAAvB,CAAN;AACD;;AAED,UAAMgB,SAAS,GAAG,KAAKP,qBAAL,CAA2B,EAAE,GAAG9J,OAAL;AAAcgK,MAAAA;AAAd,KAA3B,CAAlB,CAnCsC,CAoCtC;AACA;;AACA,QAAI,CAACK,SAAL,EAAgB;AACd;AACA,aAAO,KAAK3H,YAAL,GAAoB;AAApB,OACN+F,IADM,CACD,YAAW;AACf,YAAIuB,qBAAqB,KAAKS,UAA9B,EAA0C;AACxCvI,UAAAA,MAAM,CAACC,QAAP,CAAgBwI,MAAhB,GADwC,CACd;AAC3B,SAFD,MAEO;AACLzI,UAAAA,MAAM,CAACC,QAAP,CAAgByI,MAAhB,CAAuBZ,qBAAvB;AACD;AACF,OAPM,CAAP;AAQD,KAVD,MAUO;AACL,UAAIhK,OAAO,CAAC6K,yBAAZ,EAAuC;AACrC;AACA,aAAKpD,YAAL,CAAkBuB,KAAlB;AACD,OAHD,MAGO;AACL,aAAKvB,YAAL,CAAkBqD,qBAAlB;AACD,OANI,CAOL;;;AACA5I,MAAAA,MAAM,CAACC,QAAP,CAAgByI,MAAhB,CAAuBP,SAAvB;AACD;AACF;;AAEDU,EAAAA,SAAS,CAAC1C,IAAD,EAAwB;AAC/B,QAAI3E,GAAG,GAAG,2BAA2B,yBAAc2E,IAAd,CAArC;AACA,QAAIrI,OAAO,GAAG;AACZmI,MAAAA,OAAO,EAAE;AACP,kBAAU;AADH;AADG,KAAd;AAKA,WAAO,eAAI,IAAJ,EAAUzE,GAAV,EAAe1D,OAAf,CAAP;AACD,GA9agE,CAgbjE;AACA;AACA;AAEA;AACA;;;AACqB,QAAfgL,eAAe,CAAChL,OAA+B,GAAG,EAAnC,EAAyD;AAC5E;AACA,UAAM;AAAEiL,MAAAA,SAAF;AAAaC,MAAAA;AAAb,QAA4B,KAAKzD,YAAL,CAAkB0D,UAAlB,EAAlC;AAEA,UAAMC,WAAW,GAAGpL,OAAO,CAACqL,cAAR,GAAyBrL,OAAO,CAACqL,cAAR,KAA2B,OAApD,GAA8DJ,SAAlF;AACA,UAAMK,YAAY,GAAGtL,OAAO,CAACqL,cAAR,GAAyBrL,OAAO,CAACqL,cAAR,KAA2B,QAApD,GAA+DH,UAApF;AAEA,QAAI;AAAE7B,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAtB;;AACA,QAAIb,WAAW,IAAI,KAAK5B,YAAL,CAAkB8D,UAAlB,CAA6BlC,WAA7B,CAAnB,EAA8D;AAC5DA,MAAAA,WAAW,GAAGmC,SAAd;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACF/B,UAAAA,WAAW,GAAG,MAAM,KAAK5B,YAAL,CAAkB7C,KAAlB,CAAwB,aAAxB,CAApB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI0G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,aAAzB;AACD;AACF;;AAED,QAAI;AAAEM,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAAlB;;AACA,QAAIH,OAAO,IAAI,KAAKtC,YAAL,CAAkB8D,UAAlB,CAA6BxB,OAA7B,CAAf,EAAsD;AACpDA,MAAAA,OAAO,GAAGyB,SAAV;;AACA,UAAIJ,WAAJ,EAAiB;AACf,YAAI;AACFrB,UAAAA,OAAO,GAAG,MAAM,KAAKtC,YAAL,CAAkB7C,KAAlB,CAAwB,SAAxB,CAAhB;AACD,SAFD,CAEE,MAAM,CACN;AACD;AACF,OAND,MAMO,IAAI0G,YAAJ,EAAkB;AACvB,aAAK7D,YAAL,CAAkBgC,MAAlB,CAAyB,SAAzB;AACD;AACF;;AAED,WAAO,CAAC,EAAEJ,WAAW,IAAIU,OAAjB,CAAR;AACD;;AAEY,QAAP0B,OAAO,GAAwB;AACnC,UAAM;AAAE1B,MAAAA,OAAF;AAAWV,MAAAA;AAAX,QAA2B,KAAK5B,YAAL,CAAkByC,aAAlB,EAAjC;AACA,WAAO,KAAK/F,KAAL,CAAWa,WAAX,CAAuBqE,WAAvB,EAAoCU,OAApC,CAAP;AACD;;AAED2B,EAAAA,UAAU,GAAuB;AAC/B,UAAM;AAAE3B,MAAAA;AAAF,QAAc,KAAKtC,YAAL,CAAkByC,aAAlB,EAApB;AACA,WAAOH,OAAO,GAAGA,OAAO,CAACA,OAAX,GAAqByB,SAAnC;AACD;;AAEDG,EAAAA,cAAc,GAAuB;AACnC,UAAM;AAAEtC,MAAAA;AAAF,QAAkB,KAAK5B,YAAL,CAAkByC,aAAlB,EAAxB;AACA,WAAOb,WAAW,GAAGA,WAAW,CAACA,WAAf,GAA6BmC,SAA/C;AACD;;AAEDI,EAAAA,eAAe,GAAuB;AACpC,UAAM;AAAEhC,MAAAA;AAAF,QAAmB,KAAKnC,YAAL,CAAkByC,aAAlB,EAAzB;AACA,WAAON,YAAY,GAAGA,YAAY,CAACA,YAAhB,GAA+B4B,SAAlD;AACD;AAED;AACF;AACA;;;AAC+B,QAAvBK,uBAAuB,GAAkB;AAC7C,UAAM;AAAEC,MAAAA;AAAF,QAAa,MAAM,KAAK3H,KAAL,CAAWP,YAAX,EAAzB;AACA,SAAK6D,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACD;;AAEDjD,EAAAA,cAAc,CAACF,WAAD,EAAsBsB,KAAtB,EAA4C;AACxD;AACA,UAAM+B,cAAc,GAAGC,wBAAeC,iBAAf,EAAvB;;AACAF,IAAAA,cAAc,CAACG,OAAf,CAAuBC,mCAAvB,EAAkDzD,WAAlD,EAHwD,CAKxD;;AACAsB,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACF,OAAd,CAAsBlC,KAAtB,EAA6BtB,WAA7B;AACD;AACF;;AAED4D,EAAAA,cAAc,CAACtC,KAAD,EAAqC;AACjD;AACAA,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACA,YAAM3D,WAAW,GAAG0D,aAAa,CAACG,OAAd,CAAsBvC,KAAtB,CAApB;;AACA,UAAItB,WAAJ,EAAiB;AACf,eAAOA,WAAP;AACD;AACF,KATgD,CAWjD;;;AACA,UAAMxH,OAAO,GAAG8K,wBAAeC,iBAAf,EAAhB;;AACA,WAAO/K,OAAO,GAAGA,OAAO,CAACqL,OAAR,CAAgBJ,mCAAhB,KAA8CZ,SAAjD,GAA6DA,SAA3E;AACD;;AAEDiB,EAAAA,iBAAiB,CAACxC,KAAD,EAAuB;AACtC;AACA,UAAM9I,OAAO,GAAG8K,wBAAeC,iBAAf,EAAhB;;AACA/K,IAAAA,OAAO,CAACuL,UAAR,CAAmBN,mCAAnB,EAHsC,CAKtC;;AACAnC,IAAAA,KAAK,GAAGA,KAAK,IAAI,KAAKjK,OAAL,CAAaiK,KAA9B;;AACA,QAAIA,KAAJ,EAAW;AACT,YAAMoC,aAAa,GAAG,KAAKpM,cAAL,CAAoBqM,qBAApB,EAAtB;AACAD,MAAAA,aAAa,CAACK,UAAd,IAA4BL,aAAa,CAACK,UAAd,CAAyBzC,KAAzB,CAA5B;AACD;AACF;;AAED9E,EAAAA,eAAe,GAAY;AACzB,WAAO,2BAAgB,IAAhB,CAAP;AACD;;AAEwB,QAAnBwH,mBAAmB,CAACb,MAAD,EAAkBnD,WAAlB,EAAuD;AAC9E,QAAIsB,KAAK,GAAG,KAAKjK,OAAL,CAAaiK,KAAzB,CAD8E,CAG9E;;AACA,QAAI6B,MAAJ,EAAY;AACV,WAAKrE,YAAL,CAAkBsE,SAAlB,CAA4BD,MAA5B;AACAnD,MAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoB,KAAKvM,OAAL,CAAaiK,KAAjC,CAA7B;AACD,KAHD,MAGO,IAAI,KAAK9E,eAAL,EAAJ,EAA4B;AACjC,UAAI;AACF;AACA,cAAMyH,aAAa,GAAG,MAAM,6CAA0B,IAA1B,EAAgC,EAAhC,CAA5B;AACA3C,QAAAA,KAAK,GAAG2C,aAAa,CAAC3C,KAAtB;AACAtB,QAAAA,WAAW,GAAGA,WAAW,IAAI,KAAK4D,cAAL,CAAoBtC,KAApB,CAA7B;AACA,cAAM,KAAK4B,uBAAL,EAAN;AACD,OAND,CAME,OAAM3C,CAAN,EAAS;AACT;AACA,cAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN;AACA,cAAMkB,CAAN;AACD;AACF,KAZM,MAYA;AACL,aADK,CACG;AACT,KArB6E,CAuB9E;;;AACA,UAAM,KAAKvB,gBAAL,CAAsBK,eAAtB,EAAN,CAxB8E,CA0B9E;;AACA,SAAKyE,iBAAL,CAAuBxC,KAAvB,EA3B8E,CA6B9E;;AACA,UAAM;AAAE4C,MAAAA;AAAF,QAAyB,KAAK7M,OAApC;;AACA,QAAI6M,kBAAJ,EAAwB;AACtB,YAAMA,kBAAkB,CAAC,IAAD,EAAOlE,WAAP,CAAxB;AACD,KAFD,MAEO,IAAIA,WAAJ,EAAiB;AACtBzG,MAAAA,MAAM,CAACC,QAAP,CAAgB2K,OAAhB,CAAwBnE,WAAxB;AACD;AACF;;AAEDoE,EAAAA,MAAM,GAAY;AAChB,WAAO,CAAC,CAAC,KAAK/M,OAAL,CAAauB,IAAtB;AACD;;AAEDyL,EAAAA,eAAe,CAACC,YAAD,EAAgC;AAC7C,QAAID,eAAe,GAAG,KAAtB;;AACA,QAAIE,KAAK,CAACC,OAAN,CAAc,KAAKnN,OAAL,CAAaiN,YAA3B,KAA4C,KAAKjN,OAAL,CAAaiN,YAAb,CAA0BG,MAA1E,EAAkF;AAAA;;AAChFJ,MAAAA,eAAe,GAAG,sCAAKhN,OAAL,CAAaiN,YAAb,iBAAkCA,YAAlC,KAAmD,CAArE;AACD,KAFD,MAEO;AACLD,MAAAA,eAAe,GAAG,KAAKhN,OAAL,CAAaiN,YAAb,KAA8BA,YAAhD;AACD;;AACD,WAAOD,eAAP;AACD;;AAEDK,EAAAA,uBAAuB,GAAY;AACjC,WAAO,KAAKL,eAAL,CAAqB,MAArB,CAAP;AACD,GA5lBgE,CA8lBjE;AACA;AACA;AACA;;;AAEAM,EAAAA,eAAe,GAAW;AACxB;AACA;AACA,WAAO,KAAKtN,OAAL,CAAauN,MAAb,CAAqBC,KAArB,CAA2B,UAA3B,EAAuC,CAAvC,CAAP;AACD,GAvmBgE,CAymBjE;;;AACAC,EAAAA,cAAc,CAACpF,IAAD,EAAiC;AAC7C,WAAO,2BAAkB,IAAlB,EAAwB,iCAAxB,EAA2DA,IAA3D,CAAP;AACD,GA5mBgE,CA8mBjE;;;AACAlB,EAAAA,aAAa,CAACkB,IAAD,EAAwD;AACnE,WAAO,2BAAkB,IAAlB,EAAwB,+BAAxB,EAAyDA,IAAzD,CAAP;AACD,GAjnBgE,CAmnBjE;;;AACAqF,EAAAA,mBAAmB,CAACrF,IAAD,EAA6D;AAC9E,WAAO,2BAAkB,IAAlB,EAAwB,8BAAxB,EAAwDA,IAAxD,CAAP;AACD,GAtnBgE,CAwnBjE;;;AACqB,QAAfsF,eAAe,CAAC3N,OAAD,EAA4C;AAC/D,QAAI,CAACA,OAAO,CAACqJ,WAAb,EAA0B;AACxB,YAAMA,WAAW,GAAG,CAAC,MAAM,KAAK5B,YAAL,CAAkB6B,SAAlB,EAAP,EAAsCD,WAA1D;AACArJ,MAAAA,OAAO,CAACqJ,WAAR,GAAsBA,WAAtB,aAAsBA,WAAtB,uBAAsBA,WAAW,CAAEA,WAAnC;AACD;;AACD,WAAO,uBAAY,IAAZ,EAAkBrJ,OAAlB,CAAP;AACD;;AA/nBgE,C,CAkoBnE;;;AACAH,QAAQ,CAAC+N,QAAT,GAAoB/N,QAAQ,CAACuD,SAAT,CAAmBwK,QAAnB,GAA8BA,QAAlD,C,CAEA;;AACA/N,QAAQ,CAACgO,MAAT,GAAkBA,MAAlB,C,CAEA;;AACAhO,QAAQ,CAACiO,QAAT,GAAoBA,QAApB,C,CAEA;;AACA,qBAAcjO,QAAd,EAAwB;AACtBkO,EAAAA;AADsB,CAAxB;eAIelO,Q","sourcesContent":["/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window */\n\nimport { \n DEFAULT_MAX_CLOCK_SKEW, \n REFERRER_PATH_STORAGE_KEY\n} from './constants';\nimport * as constants from './constants';\nimport {\n OktaAuthInterface,\n OktaAuthOptions, \n AccessToken, \n IDToken,\n RefreshToken,\n TokenAPI, \n FeaturesAPI, \n CryptoAPI,\n WebauthnAPI,\n SignoutAPI, \n FingerprintAPI,\n UserClaims, \n SigninWithRedirectOptions,\n SigninWithCredentialsOptions,\n SignoutOptions,\n Tokens,\n ForgotPasswordOptions,\n VerifyRecoveryTokenOptions,\n TransactionAPI,\n SessionAPI,\n SigninAPI,\n PkceAPI,\n SigninOptions,\n IdxAPI,\n SignoutRedirectUrlOptions,\n HttpAPI,\n FlowIdentifier,\n GetWithRedirectAPI,\n ParseFromUrlInterface,\n GetWithRedirectFunction,\n RequestOptions,\n IsAuthenticatedOptions,\n} from './types';\nimport {\n transactionStatus,\n resumeTransaction,\n transactionExists,\n introspectAuthn,\n postToTransaction,\n AuthTransaction\n} from './tx';\nimport PKCE from './oidc/util/pkce';\nimport {\n closeSession,\n sessionExists,\n getSession,\n refreshSession,\n setCookieAndRedirect\n} from './session';\nimport {\n getOAuthUrls,\n getWithoutPrompt,\n getWithPopup,\n getWithRedirect,\n isLoginRedirect,\n parseFromUrl,\n decodeToken,\n revokeToken,\n renewToken,\n renewTokens,\n renewTokensWithRefresh,\n getUserInfo,\n verifyToken,\n prepareTokenParams,\n exchangeCodeForTokens,\n isInteractionRequiredError,\n isInteractionRequired,\n} from './oidc';\nimport { isBrowser } from './features';\nimport * as features from './features';\nimport * as crypto from './crypto';\nimport * as webauthn from './crypto/webauthn';\nimport browserStorage from './browser/browserStorage';\nimport { \n toQueryString, \n toAbsoluteUrl,\n clone,\n} from './util';\nimport { TokenManager } from './TokenManager';\nimport { ServiceManager } from './ServiceManager';\nimport { get, httpRequest, setRequestHeader } from './http';\nimport PromiseQueue from './PromiseQueue';\nimport fingerprint from './browser/fingerprint';\nimport { AuthStateManager } from './AuthStateManager';\nimport { StorageManager } from './StorageManager';\nimport TransactionManager from './TransactionManager';\nimport { buildOptions } from './options';\nimport {\n interact,\n introspect,\n authenticate,\n cancel,\n poll,\n proceed,\n register,\n recoverPassword,\n unlockAccount,\n startTransaction,\n handleInteractionCodeRedirect,\n canProceed,\n handleEmailVerifyCallback,\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError\n} from './idx';\nimport { createGlobalRequestInterceptor, setGlobalRequestInterceptor } from './idx/headers';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { parseOAuthResponseFromUrl } from './oidc/parseFromUrl';\nimport {\n getSavedTransactionMeta,\n createTransactionMeta,\n getTransactionMeta,\n saveTransactionMeta,\n clearTransactionMeta,\n isTransactionMetaValid\n} from './idx/transactionMeta';\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport Emitter from 'tiny-emitter';\n\nclass OktaAuth implements OktaAuthInterface, SigninAPI, SignoutAPI {\n options: OktaAuthOptions;\n storageManager: StorageManager;\n transactionManager: TransactionManager;\n tx: TransactionAPI;\n idx: IdxAPI;\n session: SessionAPI;\n pkce: PkceAPI;\n static features: FeaturesAPI;\n static crypto: CryptoAPI;\n static webauthn: WebauthnAPI;\n features!: FeaturesAPI;\n token: TokenAPI;\n _tokenQueue: PromiseQueue;\n emitter: any;\n tokenManager: TokenManager;\n authStateManager: AuthStateManager;\n serviceManager: ServiceManager;\n http: HttpAPI;\n fingerprint: FingerprintAPI;\n _oktaUserAgent: OktaUserAgent;\n _pending: { handleLogin: boolean };\n constructor(args: OktaAuthOptions) {\n const options = this.options = buildOptions(args);\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n this.storageManager = new StorageManager(options.storageManager!, options.cookies!, options.storageUtil!);\n this.transactionManager = new TransactionManager(Object.assign({\n storageManager: this.storageManager,\n }, options.transactionManager));\n this._oktaUserAgent = new OktaUserAgent();\n\n this.tx = {\n status: transactionStatus.bind(null, this),\n resume: resumeTransaction.bind(null, this),\n exists: Object.assign(transactionExists.bind(null, this), {\n _get: (name) => {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const storage = options.storageUtil!.storage;\n return storage.get(name);\n }\n }),\n introspect: introspectAuthn.bind(null, this)\n };\n\n this.pkce = {\n DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n generateVerifier: PKCE.generateVerifier,\n computeChallenge: PKCE.computeChallenge\n };\n\n // Add shims for compatibility, these will be removed in next major version. OKTA-362589\n Object.assign(this.options.storageUtil, {\n getPKCEStorage: this.storageManager.getLegacyPKCEStorage.bind(this.storageManager),\n getHttpCache: this.storageManager.getHttpCache.bind(this.storageManager),\n });\n\n this._pending = { handleLogin: false };\n\n if (isBrowser()) {\n this.options = Object.assign(this.options, {\n redirectUri: toAbsoluteUrl(args.redirectUri, window.location.origin), // allow relative URIs\n });\n }\n\n // Digital clocks will drift over time, so the server\n // can misalign with the time reported by the browser.\n // The maxClockSkew allows relaxing the time-based\n // validation of tokens (in seconds, not milliseconds).\n // It currently defaults to 300, because 5 min is the\n // default maximum tolerance allowed by Kerberos.\n // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n this.options.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n } else {\n this.options.maxClockSkew = args.maxClockSkew;\n }\n\n // As some end user's devices can have their date \n // and time incorrectly set, allow for the disabling\n // of the jwt liftetime validation\n this.options.ignoreLifetime = !!args.ignoreLifetime;\n\n this.session = {\n close: closeSession.bind(null, this),\n exists: sessionExists.bind(null, this),\n get: getSession.bind(null, this),\n refresh: refreshSession.bind(null, this),\n setCookieAndRedirect: setCookieAndRedirect.bind(null, this)\n };\n\n this._tokenQueue = new PromiseQueue();\n const useQueue = (method) => {\n return PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n };\n\n // eslint-disable-next-line max-len\n const getWithRedirectFn = useQueue(getWithRedirect.bind(null, this)) as GetWithRedirectFunction;\n const getWithRedirectApi: GetWithRedirectAPI = Object.assign(getWithRedirectFn, {\n // This is exposed so we can set window.location in our tests\n _setLocation: function(url) {\n window.location = url;\n }\n });\n // eslint-disable-next-line max-len\n const parseFromUrlFn = useQueue(parseFromUrl.bind(null, this)) as ParseFromUrlInterface;\n const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n // This is exposed so we can mock getting window.history in our tests\n _getHistory: function() {\n return window.history;\n },\n\n // This is exposed so we can mock getting window.location in our tests\n _getLocation: function() {\n return window.location;\n },\n\n // This is exposed so we can mock getting window.document in our tests\n _getDocument: function() {\n return window.document;\n }\n });\n this.token = {\n prepareTokenParams: prepareTokenParams.bind(null, this),\n exchangeCodeForTokens: exchangeCodeForTokens.bind(null, this),\n getWithoutPrompt: getWithoutPrompt.bind(null, this),\n getWithPopup: getWithPopup.bind(null, this),\n getWithRedirect: getWithRedirectApi,\n parseFromUrl: parseFromUrlApi,\n decode: decodeToken,\n revoke: revokeToken.bind(null, this),\n renew: renewToken.bind(null, this),\n renewTokensWithRefresh: renewTokensWithRefresh.bind(null, this),\n renewTokens: renewTokens.bind(null, this),\n getUserInfo: getUserInfo.bind(null, this),\n verify: verifyToken.bind(null, this),\n isLoginRedirect: isLoginRedirect.bind(null, this)\n };\n // Wrap all async token API methods using MethodQueue to avoid issues with concurrency\n const syncMethods = [\n // sync methods\n 'decode',\n 'isLoginRedirect',\n // already bound\n 'getWithRedirect',\n 'parseFromUrl'\n ];\n Object.keys(this.token).forEach(key => {\n if (syncMethods.indexOf(key) >= 0) { // sync methods should not be wrapped\n return;\n }\n var method = this.token[key];\n this.token[key] = PromiseQueue.prototype.push.bind(this._tokenQueue, method, null);\n });\n\n // IDX\n const boundStartTransaction = startTransaction.bind(null, this);\n this.idx = {\n interact: interact.bind(null, this),\n introspect: introspect.bind(null, this),\n authenticate: authenticate.bind(null, this),\n register: register.bind(null, this),\n start: boundStartTransaction,\n startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n poll: poll.bind(null, this),\n proceed: proceed.bind(null, this),\n cancel: cancel.bind(null, this),\n recoverPassword: recoverPassword.bind(null, this),\n\n // oauth redirect callback\n handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, this),\n\n // interaction required callback\n isInteractionRequired: isInteractionRequired.bind(null, this),\n isInteractionRequiredError,\n\n // email verify callback\n handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, this),\n isEmailVerifyCallback,\n parseEmailVerifyCallback,\n isEmailVerifyCallbackError,\n \n getSavedTransactionMeta: getSavedTransactionMeta.bind(null, this),\n createTransactionMeta: createTransactionMeta.bind(null, this),\n getTransactionMeta: getTransactionMeta.bind(null, this),\n saveTransactionMeta: saveTransactionMeta.bind(null, this),\n clearTransactionMeta: clearTransactionMeta.bind(null, this),\n isTransactionMetaValid,\n setFlow: (flow: FlowIdentifier) => {\n this.options.flow = flow;\n },\n getFlow: (): FlowIdentifier | undefined => {\n return this.options.flow;\n },\n canProceed: canProceed.bind(null, this),\n unlockAccount: unlockAccount.bind(null, this),\n };\n\n setGlobalRequestInterceptor(createGlobalRequestInterceptor(this)); // to pass custom headers to IDX endpoints\n\n // HTTP\n this.http = {\n setRequestHeader: setRequestHeader.bind(null, this)\n };\n\n // Fingerprint API\n this.fingerprint = fingerprint.bind(null, this);\n\n this.emitter = new Emitter();\n\n // TokenManager\n this.tokenManager = new TokenManager(this, args.tokenManager);\n\n // AuthStateManager\n this.authStateManager = new AuthStateManager(this);\n\n // ServiceManager\n this.serviceManager = new ServiceManager(this, args.services);\n }\n\n start() {\n // TODO: review tokenManager.start\n this.tokenManager.start();\n if (!this.token.isLoginRedirect()) {\n this.authStateManager.updateAuthState();\n }\n this.serviceManager.start();\n }\n\n stop() {\n // TODO: review tokenManager.stop\n this.tokenManager.stop();\n this.serviceManager.stop();\n }\n\n setHeaders(headers) {\n this.options.headers = Object.assign({}, this.options.headers, headers);\n }\n\n\n // Authn V1\n async signIn(opts: SigninOptions): Promise<AuthTransaction> {\n return this.signInWithCredentials(opts as SigninWithCredentialsOptions);\n }\n\n // Authn V1\n async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthTransaction> {\n opts = clone(opts || {});\n const _postToTransaction = (options?) => {\n delete opts.sendFingerprint;\n return postToTransaction(this, '/api/v1/authn', opts, options);\n };\n if (!opts.sendFingerprint) {\n return _postToTransaction();\n }\n return this.fingerprint()\n .then(function(fingerprint) {\n return _postToTransaction({\n headers: {\n 'X-Device-Fingerprint': fingerprint\n }\n });\n });\n }\n\n async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n const { originalUri, ...additionalParams } = opts;\n if(this._pending.handleLogin) { \n // Don't trigger second round\n return;\n }\n\n this._pending.handleLogin = true;\n try {\n // Trigger default signIn redirect flow\n if (originalUri) {\n this.setOriginalUri(originalUri);\n }\n const params = Object.assign({\n // TODO: remove this line when default scopes are changed OKTA-343294\n scopes: this.options.scopes || ['openid', 'email', 'profile']\n }, additionalParams);\n await this.token.getWithRedirect(params);\n } finally {\n this._pending.handleLogin = false;\n }\n }\n\n // Ends the current Okta SSO session without redirecting to Okta.\n closeSession(): Promise<unknown> {\n return this.session.close() // DELETE /api/v1/sessions/me\n .then(async () => {\n // Clear all local tokens\n this.tokenManager.clear();\n })\n .catch(function(e) {\n if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n // Session does not exist or has already been closed\n return null;\n }\n throw e;\n });\n }\n \n // Revokes the access token for the application session\n async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n if (!accessToken) {\n accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n this.tokenManager.remove(accessTokenKey);\n }\n // Access token may have been removed. In this case, we will silently succeed.\n if (!accessToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(accessToken);\n }\n\n // Revokes the refresh token for the application session\n async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n if (!refreshToken) {\n refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n this.tokenManager.remove(refreshTokenKey);\n }\n // Refresh token may have been removed. In this case, we will silently succeed.\n if (!refreshToken) {\n return Promise.resolve(null);\n }\n return this.token.revoke(refreshToken);\n }\n\n getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n let {\n idToken,\n postLogoutRedirectUri,\n state,\n } = options;\n if (!idToken) {\n idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n if (!idToken) {\n return '';\n }\n if (!postLogoutRedirectUri) {\n postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n }\n\n const logoutUrl = getOAuthUrls(this).logoutUrl;\n const idTokenHint = idToken.idToken; // a string\n let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n if (postLogoutRedirectUri) {\n logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n } \n // State allows option parameters to be passed to logout redirect uri\n if (state) {\n logoutUri += '&state=' + encodeURIComponent(state);\n }\n\n return logoutUri;\n }\n\n // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n async signOut(options?: SignoutOptions) {\n options = Object.assign({}, options);\n \n // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n var defaultUri = window.location.origin;\n var currentUri = window.location.href;\n var postLogoutRedirectUri = options.postLogoutRedirectUri\n || this.options.postLogoutRedirectUri\n || defaultUri;\n \n var accessToken = options.accessToken;\n var refreshToken = options.refreshToken;\n var revokeAccessToken = options.revokeAccessToken !== false;\n var revokeRefreshToken = options.revokeRefreshToken !== false;\n \n if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n }\n\n if (revokeAccessToken && typeof accessToken === 'undefined') {\n accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n }\n \n if (!options.idToken) {\n options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n }\n\n if (revokeRefreshToken && refreshToken) {\n await this.revokeRefreshToken(refreshToken);\n }\n\n if (revokeAccessToken && accessToken) {\n await this.revokeAccessToken(accessToken);\n }\n\n const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n // No logoutUri? This can happen if the storage was cleared.\n // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n if (!logoutUri) {\n // local tokens are cleared once session is closed\n return this.closeSession() // can throw if the user cannot be signed out\n .then(function() {\n if (postLogoutRedirectUri === currentUri) {\n window.location.reload(); // force a hard reload if URI is not changing\n } else {\n window.location.assign(postLogoutRedirectUri);\n }\n });\n } else {\n if (options.clearTokensBeforeRedirect) {\n // Clear all local tokens\n this.tokenManager.clear();\n } else {\n this.tokenManager.addPendingRemoveFlags();\n }\n // Flow ends with logout redirect\n window.location.assign(logoutUri);\n }\n }\n\n webfinger(opts): Promise<object> {\n var url = '/.well-known/webfinger' + toQueryString(opts);\n var options = {\n headers: {\n 'Accept': 'application/jrd+json'\n }\n };\n return get(this, url, options);\n }\n\n //\n // Common Methods from downstream SDKs\n //\n\n // Returns true if both accessToken and idToken are not expired\n // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n let { accessToken } = this.tokenManager.getTokensSync();\n if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n accessToken = undefined;\n if (shouldRenew) {\n try {\n accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('accessToken');\n }\n }\n\n let { idToken } = this.tokenManager.getTokensSync();\n if (idToken && this.tokenManager.hasExpired(idToken)) {\n idToken = undefined;\n if (shouldRenew) {\n try {\n idToken = await this.tokenManager.renew('idToken') as IDToken;\n } catch {\n // Renew errors will emit an \"error\" event \n }\n } else if (shouldRemove) {\n this.tokenManager.remove('idToken');\n }\n }\n\n return !!(accessToken && idToken);\n }\n\n async getUser(): Promise<UserClaims> {\n const { idToken, accessToken } = this.tokenManager.getTokensSync();\n return this.token.getUserInfo(accessToken, idToken);\n }\n\n getIdToken(): string | undefined {\n const { idToken } = this.tokenManager.getTokensSync();\n return idToken ? idToken.idToken : undefined;\n }\n\n getAccessToken(): string | undefined {\n const { accessToken } = this.tokenManager.getTokensSync();\n return accessToken ? accessToken.accessToken : undefined;\n }\n\n getRefreshToken(): string | undefined {\n const { refreshToken } = this.tokenManager.getTokensSync();\n return refreshToken ? refreshToken.refreshToken : undefined;\n }\n\n /**\n * Store parsed tokens from redirect url\n */\n async storeTokensFromRedirect(): Promise<void> {\n const { tokens } = await this.token.parseFromUrl();\n this.tokenManager.setTokens(tokens);\n }\n\n setOriginalUri(originalUri: string, state?: string): void {\n // always store in session storage\n const sessionStorage = browserStorage.getSessionStorage();\n sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n\n // to support multi-tab flows, set a state in constructor or pass as param\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.setItem(state, originalUri);\n }\n }\n\n getOriginalUri(state?: string): string | undefined {\n // Prefer shared storage (if state is available)\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n const originalUri = sharedStorage.getItem(state);\n if (originalUri) {\n return originalUri;\n }\n }\n\n // Try to load from session storage\n const storage = browserStorage.getSessionStorage();\n return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;\n }\n\n removeOriginalUri(state?: string): void {\n // Remove from sessionStorage\n const storage = browserStorage.getSessionStorage();\n storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n\n // Also remove from shared storage\n state = state || this.options.state;\n if (state) {\n const sharedStorage = this.storageManager.getOriginalUriStorage();\n sharedStorage.removeItem && sharedStorage.removeItem(state);\n }\n }\n\n isLoginRedirect(): boolean {\n return isLoginRedirect(this);\n }\n\n async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n let state = this.options.state;\n\n // Store tokens and update AuthState by the emitted events\n if (tokens) {\n this.tokenManager.setTokens(tokens);\n originalUri = originalUri || this.getOriginalUri(this.options.state);\n } else if (this.isLoginRedirect()) {\n try {\n // For redirect flow, get state from the URL and use it to retrieve the originalUri\n const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n state = oAuthResponse.state;\n originalUri = originalUri || this.getOriginalUri(state);\n await this.storeTokensFromRedirect();\n } catch(e) {\n // auth state should be updated\n await this.authStateManager.updateAuthState();\n throw e;\n }\n } else {\n return; // nothing to do\n }\n \n // ensure auth state has been updated\n await this.authStateManager.updateAuthState();\n\n // clear originalUri from storage\n this.removeOriginalUri(state);\n\n // Redirect to originalUri\n const { restoreOriginalUri } = this.options;\n if (restoreOriginalUri) {\n await restoreOriginalUri(this, originalUri);\n } else if (originalUri) {\n window.location.replace(originalUri);\n }\n }\n\n isPKCE(): boolean {\n return !!this.options.pkce;\n }\n\n hasResponseType(responseType: string): boolean {\n let hasResponseType = false;\n if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n } else {\n hasResponseType = this.options.responseType === responseType;\n }\n return hasResponseType;\n }\n\n isAuthorizationCodeFlow(): boolean {\n return this.hasResponseType('code');\n }\n\n // { username, password, (relayState), (context) }\n // signIn(opts: SignInWithCredentialsOptions): Promise<AuthTransaction> {\n // return postToTransaction(this, '/api/v1/authn', opts);\n // }\n\n getIssuerOrigin(): string {\n // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return this.options.issuer!.split('/oauth2/')[0];\n }\n\n // { username, (relayState) }\n forgotPassword(opts): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n }\n\n // { username, (relayState) }\n unlockAccount(opts: ForgotPasswordOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n }\n\n // { recoveryToken }\n verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthTransaction> {\n return postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n }\n\n // Escape hatch method to make arbitrary OKTA API call\n async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n if (!options.accessToken) {\n const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n options.accessToken = accessToken?.accessToken;\n }\n return httpRequest(this, options);\n }\n}\n\n// Hoist feature detection functions to static type\nOktaAuth.features = OktaAuth.prototype.features = features;\n\n// Hoist crypto utils to static type\nOktaAuth.crypto = crypto;\n\n// Hoist webauthn utils to static type\nOktaAuth.webauthn = webauthn;\n\n// Also hoist constants for CommonJS users\nObject.assign(OktaAuth, {\n constants\n});\n\nexport default OktaAuth;"],"file":"OktaAuth.js"}
package/cjs/OktaUserAgent.js CHANGED
@@ -21,7 +21,7 @@ var _features = require("./features");
21
21
  class OktaUserAgent {
22
22
  constructor() {
23
23
  // add base sdk env
24
- this.environments = [`okta-auth-js/${"6.0.0"}`];
24
+ this.environments = [`okta-auth-js/${"6.3.0"}`];
25
25
  }
26
26
 
27
27
  addEnvironment(env) {
@@ -36,7 +36,7 @@ class OktaUserAgent {
36
36
  }
37
37
 
38
38
  getVersion() {
39
- return "6.0.0";
39
+ return "6.3.0";
40
40
  }
41
41
 
42
42
  maybeAddNodeEnvironment() {
package/cjs/PromiseQueue.js CHANGED
@@ -1,7 +1,11 @@
1
1
  "use strict";
2
2
 
3
+ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
4
+
3
5
  exports.default = void 0;
4
6
 
7
+ var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
8
+
5
9
  var _util = require("./util");
6
10
 
7
11
  /*!
@@ -19,18 +23,25 @@ var _util = require("./util");
19
23
  // Methods will be wrapped in a promise and execute sequentially
20
24
  // This can be used to prevent concurrent calls to a single method or a set of methods
21
25
  class PromiseQueue {
22
- constructor() {
26
+ constructor(options = {
27
+ quiet: false
28
+ }) {
23
29
  this.queue = [];
24
30
  this.running = false;
31
+ this.options = options;
25
32
  } // Returns a promise
26
33
  // If the method is synchronous, it will resolve when the method completes
27
34
  // If the method returns a promise, it will resolve (or reject) with the value from the method's promise
28
35
 
29
36
 
30
37
  push(method, thisObject, ...args) {
31
- return new Promise((resolve, reject) => {
38
+ return new _promise.default((resolve, reject) => {
32
39
  if (this.queue.length > 0) {
33
- (0, _util.warn)('Async method is being called but another async method is already running. ' + 'The new method will be delayed until the previous method completes.');
40
+ // There is at least one other pending call.
41
+ // The PromiseQueue will prevent these methods from running concurrently.
42
+ if (this.options.quiet !== false) {
43
+ (0, _util.warn)('Async method is being called but another async method is already running. ' + 'The new method will be delayed until the previous method completes.');
44
+ }
34
45
  }
35
46
 
36
47
  this.queue.push({