@okta/okta-auth-js 6.2.0 → 6.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/cjs/AuthStateManager.js +9 -3
- package/cjs/AuthStateManager.js.map +1 -1
- package/cjs/OktaUserAgent.js +2 -2
- package/cjs/PromiseQueue.js +9 -2
- package/cjs/PromiseQueue.js.map +1 -1
- package/cjs/ServiceManager.js +3 -3
- package/cjs/ServiceManager.js.map +1 -1
- package/cjs/TransactionManager.js +8 -2
- package/cjs/TransactionManager.js.map +1 -1
- package/cjs/browser/browserStorage.js +19 -18
- package/cjs/browser/browserStorage.js.map +1 -1
- package/cjs/idx/authenticator/Authenticator.js.map +1 -1
- package/cjs/idx/authenticator/OktaPassword.js +12 -3
- package/cjs/idx/authenticator/OktaPassword.js.map +1 -1
- package/cjs/idx/authenticator/OktaVerifyTotp.js +9 -1
- package/cjs/idx/authenticator/OktaVerifyTotp.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js +14 -1
- package/cjs/idx/authenticator/SecurityQuestionEnrollment.js.map +1 -1
- package/cjs/idx/authenticator/SecurityQuestionVerification.js +9 -1
- package/cjs/idx/authenticator/SecurityQuestionVerification.js.map +1 -1
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js +13 -3
- package/cjs/idx/authenticator/VerificationCodeAuthenticator.js.map +1 -1
- package/cjs/idx/authenticator/WebauthnEnrollment.js +5 -0
- package/cjs/idx/authenticator/WebauthnEnrollment.js.map +1 -1
- package/cjs/idx/authenticator/WebauthnVerification.js +5 -0
- package/cjs/idx/authenticator/WebauthnVerification.js.map +1 -1
- package/cjs/idx/authenticator/util.js +64 -0
- package/cjs/idx/authenticator/util.js.map +1 -0
- package/cjs/idx/idx-js/index.js +0 -122
- package/cjs/idx/idx-js/index.js.map +1 -1
- package/cjs/idx/idx-js/introspect.js +10 -6
- package/cjs/idx/idx-js/introspect.js.map +1 -1
- package/cjs/idx/idx-js/v1/generateIdxAction.js +17 -23
- package/cjs/idx/idx-js/v1/generateIdxAction.js.map +1 -1
- package/cjs/idx/idx-js/v1/makeIdxState.js +5 -4
- package/cjs/idx/idx-js/v1/makeIdxState.js.map +1 -1
- package/cjs/idx/introspect.js +13 -3
- package/cjs/idx/introspect.js.map +1 -1
- package/cjs/idx/proceed.js +14 -11
- package/cjs/idx/proceed.js.map +1 -1
- package/cjs/idx/remediate.js +65 -72
- package/cjs/idx/remediate.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js +6 -2
- package/cjs/idx/remediators/AuthenticatorEnrollmentData.js.map +1 -1
- package/cjs/idx/remediators/AuthenticatorVerificationData.js +23 -19
- package/cjs/idx/remediators/AuthenticatorVerificationData.js.map +1 -1
- package/cjs/idx/remediators/Base/AuthenticatorData.js +22 -14
- package/cjs/idx/remediators/Base/AuthenticatorData.js.map +1 -1
- package/cjs/idx/remediators/Base/Remediator.js +85 -85
- package/cjs/idx/remediators/Base/Remediator.js.map +1 -1
- package/cjs/idx/remediators/Base/SelectAuthenticator.js +24 -15
- package/cjs/idx/remediators/Base/SelectAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js +15 -4
- package/cjs/idx/remediators/Base/VerifyAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/ChallengePoll.js +8 -1
- package/cjs/idx/remediators/ChallengePoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollPoll.js +1 -1
- package/cjs/idx/remediators/EnrollPoll.js.map +1 -1
- package/cjs/idx/remediators/EnrollProfile.js +15 -9
- package/cjs/idx/remediators/EnrollProfile.js.map +1 -1
- package/cjs/idx/remediators/EnrollmentChannelData.js +0 -8
- package/cjs/idx/remediators/EnrollmentChannelData.js.map +1 -1
- package/cjs/idx/remediators/Identify.js +12 -5
- package/cjs/idx/remediators/Identify.js.map +1 -1
- package/cjs/idx/remediators/ReEnrollAuthenticator.js +9 -8
- package/cjs/idx/remediators/ReEnrollAuthenticator.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js +4 -3
- package/cjs/idx/remediators/SelectAuthenticatorAuthenticate.js.map +1 -1
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js +0 -1
- package/cjs/idx/remediators/SelectAuthenticatorUnlockAccount.js.map +1 -1
- package/cjs/idx/remediators/Skip.js +1 -8
- package/cjs/idx/remediators/Skip.js.map +1 -1
- package/cjs/idx/remediators/util.js.map +1 -1
- package/cjs/idx/run.js +267 -198
- package/cjs/idx/run.js.map +1 -1
- package/cjs/idx/types/idx-js.js.map +1 -1
- package/cjs/idx/types/index.js +37 -0
- package/cjs/idx/types/index.js.map +1 -1
- package/cjs/idx/util.js +198 -0
- package/cjs/idx/util.js.map +1 -0
- package/cjs/options/browser.js +11 -6
- package/cjs/options/browser.js.map +1 -1
- package/cjs/options/index.js +1 -1
- package/cjs/options/index.js.map +1 -1
- package/cjs/options/node.js +5 -6
- package/cjs/options/node.js.map +1 -1
- package/cjs/options.js +170 -0
- package/cjs/options.js.map +1 -0
- package/dist/okta-auth-js.min.js +1 -1
- package/dist/okta-auth-js.min.js.map +1 -1
- package/dist/okta-auth-js.umd.js +1 -1
- package/dist/okta-auth-js.umd.js.map +1 -1
- package/esm/esm.browser.js +1178 -794
- package/esm/esm.browser.js.map +1 -1
- package/esm/esm.node.mjs +1099 -781
- package/esm/esm.node.mjs.map +1 -1
- package/lib/AuthStateManager.d.ts +2 -0
- package/lib/PromiseQueue.d.ts +6 -2
- package/lib/TransactionManager.d.ts +3 -4
- package/lib/idx/authenticator/Authenticator.d.ts +1 -1
- package/lib/idx/authenticator/OktaPassword.d.ts +2 -1
- package/lib/idx/authenticator/OktaVerifyTotp.d.ts +1 -1
- package/lib/idx/authenticator/SecurityQuestionEnrollment.d.ts +3 -5
- package/lib/idx/authenticator/SecurityQuestionVerification.d.ts +1 -1
- package/lib/idx/authenticator/VerificationCodeAuthenticator.d.ts +2 -1
- package/lib/idx/authenticator/WebauthnEnrollment.d.ts +1 -1
- package/lib/idx/authenticator/WebauthnVerification.d.ts +1 -1
- package/lib/idx/authenticator/util.d.ts +4 -0
- package/lib/idx/idx-js/index.d.ts +1 -17
- package/lib/idx/idx-js/introspect.d.ts +2 -1
- package/lib/idx/idx-js/v1/generateIdxAction.d.ts +1 -1
- package/lib/idx/idx-js/v1/makeIdxState.d.ts +2 -2
- package/lib/idx/proceed.d.ts +1 -3
- package/lib/idx/remediate.d.ts +2 -2
- package/lib/idx/remediators/AuthenticatorVerificationData.d.ts +1 -0
- package/lib/idx/remediators/Base/AuthenticatorData.d.ts +0 -3
- package/lib/idx/remediators/Base/Remediator.d.ts +5 -4
- package/lib/idx/remediators/Base/SelectAuthenticator.d.ts +7 -9
- package/lib/idx/remediators/Base/VerifyAuthenticator.d.ts +2 -4
- package/lib/idx/remediators/ChallengePoll.d.ts +1 -0
- package/lib/idx/remediators/EnrollProfile.d.ts +0 -3
- package/lib/idx/remediators/EnrollmentChannelData.d.ts +0 -4
- package/lib/idx/remediators/Identify.d.ts +3 -5
- package/lib/idx/remediators/ReEnrollAuthenticator.d.ts +2 -5
- package/lib/idx/remediators/SelectAuthenticatorAuthenticate.d.ts +2 -1
- package/lib/idx/remediators/SelectAuthenticatorUnlockAccount.d.ts +1 -2
- package/lib/idx/remediators/Skip.d.ts +0 -3
- package/lib/idx/types/idx-js.d.ts +5 -1
- package/lib/idx/types/index.d.ts +7 -3
- package/lib/idx/util.d.ts +11 -0
- package/lib/options/browser.d.ts +2 -2
- package/lib/options/node.d.ts +2 -2
- package/lib/options.d.ts +14 -0
- package/lib/types/Storage.d.ts +7 -5
- package/lib/types/api.d.ts +1 -3
- package/package.json +7 -6
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/authenticator/OktaPassword.ts"],"names":["OktaPassword","Authenticator","canVerify","values","password","mapCredentials","passcode","getInputs","idxRemediationValue","form","value","name","type","required"],"mappings":";;;;AAAA;;
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/authenticator/OktaPassword.ts"],"names":["OktaPassword","Authenticator","canVerify","values","credentials","password","mapCredentials","passcode","getInputs","idxRemediationValue","form","value","name","type","required"],"mappings":";;;;AAAA;;AAOO,MAAMA,YAAN,SAA2BC,4BAA3B,CAAkE;AACvEC,EAAAA,SAAS,CAACC,MAAD,EAAkC;AACzC,WAAO,CAAC,EAAEA,MAAM,CAACC,WAAP,IAAsBD,MAAM,CAACE,QAA/B,CAAR;AACD;;AAEDC,EAAAA,cAAc,CAACH,MAAD,EAA2D;AACvE,UAAM;AAAEC,MAAAA,WAAF;AAAeC,MAAAA;AAAf,QAA4BF,MAAlC;;AACA,QAAI,CAACC,WAAD,IAAgB,CAACC,QAArB,EAA+B;AAC7B;AACD;;AACD,WAAOD,WAAW,IAAI;AAAEG,MAAAA,QAAQ,EAAEF;AAAZ,KAAtB;AACD;;AAEDG,EAAAA,SAAS,CAACC,mBAAD,EAAsB;AAAA;;AAC7B,WAAO,EACL,6BAAGA,mBAAmB,CAACC,IAAvB,0DAAG,sBAA0BC,KAA1B,CAAgC,CAAhC,CAAH,CADK;AAELC,MAAAA,IAAI,EAAE,UAFD;AAGLC,MAAAA,IAAI,EAAE,QAHD;AAILC,MAAAA,QAAQ,EAAEL,mBAAmB,CAACK;AAJzB,KAAP;AAMD;;AApBsE","sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface OktaPasswordInputValues {\n password?: string;\n credentials?: Credentials;\n}\n\nexport class OktaPassword extends Authenticator<OktaPasswordInputValues> {\n canVerify(values: OktaPasswordInputValues) {\n return !!(values.credentials || values.password);\n }\n\n mapCredentials(values: OktaPasswordInputValues): Credentials | undefined {\n const { credentials, password } = values;\n if (!credentials && !password) {\n return;\n }\n return credentials || { passcode: password };\n }\n\n getInputs(idxRemediationValue) {\n return {\n ...idxRemediationValue.form?.value[0],\n name: 'password',\n type: 'string',\n required: idxRemediationValue.required\n };\n }\n}\n"],"file":"OktaPassword.js"}
|
|
@@ -6,8 +6,16 @@ var _VerificationCodeAuthenticator = require("./VerificationCodeAuthenticator");
|
|
|
6
6
|
|
|
7
7
|
class OktaVerifyTotp extends _VerificationCodeAuthenticator.VerificationCodeAuthenticator {
|
|
8
8
|
mapCredentials(values) {
|
|
9
|
+
const {
|
|
10
|
+
verificationCode
|
|
11
|
+
} = values;
|
|
12
|
+
|
|
13
|
+
if (!verificationCode) {
|
|
14
|
+
return;
|
|
15
|
+
}
|
|
16
|
+
|
|
9
17
|
return {
|
|
10
|
-
totp:
|
|
18
|
+
totp: verificationCode
|
|
11
19
|
};
|
|
12
20
|
}
|
|
13
21
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/authenticator/OktaVerifyTotp.ts"],"names":["OktaVerifyTotp","VerificationCodeAuthenticator","mapCredentials","values","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/authenticator/OktaVerifyTotp.ts"],"names":["OktaVerifyTotp","VerificationCodeAuthenticator","mapCredentials","values","verificationCode","totp"],"mappings":";;;;AACA;;AAMO,MAAMA,cAAN,SAA6BC,4DAA7B,CAA2D;AAChEC,EAAAA,cAAc,CAACC,MAAD,EAAsC;AAClD,UAAM;AAAEC,MAAAA;AAAF,QAAuBD,MAA7B;;AACA,QAAI,CAACC,gBAAL,EAAuB;AACrB;AACD;;AACD,WAAO;AAAEC,MAAAA,IAAI,EAAED;AAAR,KAAP;AACD;;AAP+D","sourcesContent":["import { Credentials } from './Authenticator';\nimport { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator';\n\ninterface TotpCredentials extends Credentials {\n totp: string;\n}\n\nexport class OktaVerifyTotp extends VerificationCodeAuthenticator {\n mapCredentials(values): TotpCredentials | undefined {\n const { verificationCode } = values;\n if (!verificationCode) {\n return;\n }\n return { totp: verificationCode };\n }\n}\n"],"file":"OktaVerifyTotp.js"}
|
|
@@ -6,6 +6,14 @@ var _Authenticator = require("./Authenticator");
|
|
|
6
6
|
|
|
7
7
|
class SecurityQuestionEnrollment extends _Authenticator.Authenticator {
|
|
8
8
|
canVerify(values) {
|
|
9
|
+
const {
|
|
10
|
+
credentials
|
|
11
|
+
} = values;
|
|
12
|
+
|
|
13
|
+
if (credentials && credentials.questionKey && credentials.answer) {
|
|
14
|
+
return true;
|
|
15
|
+
}
|
|
16
|
+
|
|
9
17
|
const {
|
|
10
18
|
questionKey,
|
|
11
19
|
question,
|
|
@@ -20,6 +28,11 @@ class SecurityQuestionEnrollment extends _Authenticator.Authenticator {
|
|
|
20
28
|
question,
|
|
21
29
|
answer
|
|
22
30
|
} = values;
|
|
31
|
+
|
|
32
|
+
if (!questionKey && !question && !answer) {
|
|
33
|
+
return;
|
|
34
|
+
}
|
|
35
|
+
|
|
23
36
|
return {
|
|
24
37
|
questionKey: question ? 'custom' : questionKey,
|
|
25
38
|
question,
|
|
@@ -31,7 +44,7 @@ class SecurityQuestionEnrollment extends _Authenticator.Authenticator {
|
|
|
31
44
|
return [{
|
|
32
45
|
name: 'questionKey',
|
|
33
46
|
type: 'string',
|
|
34
|
-
|
|
47
|
+
required: true
|
|
35
48
|
}, {
|
|
36
49
|
name: 'question',
|
|
37
50
|
type: 'string',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/authenticator/SecurityQuestionEnrollment.ts"],"names":["SecurityQuestionEnrollment","Authenticator","canVerify","values","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/authenticator/SecurityQuestionEnrollment.ts"],"names":["SecurityQuestionEnrollment","Authenticator","canVerify","values","credentials","questionKey","answer","question","mapCredentials","getInputs","name","type","required","label"],"mappings":";;;;AAAA;;AASO,MAAMA,0BAAN,SAAyCC,4BAAzC,CAAqF;AAC1FC,EAAAA,SAAS,CAACC,MAAD,EAAuC;AAC9C,UAAM;AAAEC,MAAAA;AAAF,QAAkBD,MAAxB;;AACA,QAAIC,WAAW,IAAIA,WAAW,CAACC,WAA3B,IAA0CD,WAAW,CAACE,MAA1D,EAAkE;AAChE,aAAO,IAAP;AACD;;AACD,UAAM;AAAED,MAAAA,WAAF;AAAeE,MAAAA,QAAf;AAAyBD,MAAAA;AAAzB,QAAoCH,MAA1C;AACA,WAAO,CAAC,EAAEE,WAAW,IAAIC,MAAjB,CAAD,IAA6B,CAAC,EAAEC,QAAQ,IAAID,MAAd,CAArC;AACD;;AAEDE,EAAAA,cAAc,CAACL,MAAD,EAAgE;AAC5E,UAAM;AAAEE,MAAAA,WAAF;AAAeE,MAAAA,QAAf;AAAyBD,MAAAA;AAAzB,QAAoCH,MAA1C;;AACA,QAAI,CAACE,WAAD,IAAgB,CAACE,QAAjB,IAA6B,CAACD,MAAlC,EAA0C;AACxC;AACD;;AACD,WAAO;AACLD,MAAAA,WAAW,EAAEE,QAAQ,GAAG,QAAH,GAAcF,WAD9B;AAELE,MAAAA,QAFK;AAGLD,MAAAA;AAHK,KAAP;AAKD;;AAEDG,EAAAA,SAAS,GAAG;AACV,WAAO,CACL;AAAEC,MAAAA,IAAI,EAAE,aAAR;AAAuBC,MAAAA,IAAI,EAAE,QAA7B;AAAuCC,MAAAA,QAAQ,EAAE;AAAjD,KADK,EAEL;AAAEF,MAAAA,IAAI,EAAE,UAAR;AAAoBC,MAAAA,IAAI,EAAE,QAA1B;AAAoCE,MAAAA,KAAK,EAAE;AAA3C,KAFK,EAGL;AAAEH,MAAAA,IAAI,EAAE,QAAR;AAAkBC,MAAAA,IAAI,EAAE,QAAxB;AAAkCE,MAAAA,KAAK,EAAE,QAAzC;AAAmDD,MAAAA,QAAQ,EAAE;AAA7D,KAHK,CAAP;AAKD;;AA5ByF","sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionEnrollValues {\n questionKey?: string;\n question?: string;\n answer?: string;\n credentials?: Credentials;\n}\n\nexport class SecurityQuestionEnrollment extends Authenticator<SecurityQuestionEnrollValues> {\n canVerify(values: SecurityQuestionEnrollValues) {\n const { credentials } = values;\n if (credentials && credentials.questionKey && credentials.answer) {\n return true;\n }\n const { questionKey, question, answer } = values;\n return !!(questionKey && answer) || !!(question && answer);\n }\n\n mapCredentials(values: SecurityQuestionEnrollValues): Credentials | undefined {\n const { questionKey, question, answer } = values;\n if (!questionKey && !question && !answer) {\n return;\n }\n return {\n questionKey: question ? 'custom' : questionKey,\n question,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'questionKey', type: 'string', required: true },\n { name: 'question', type: 'string', label: 'Create a security question' },\n { name: 'answer', type: 'string', label: 'Answer', required: true },\n ];\n }\n}\n"],"file":"SecurityQuestionEnrollment.js"}
|
|
@@ -11,9 +11,17 @@ class SecurityQuestionVerification extends _Authenticator.Authenticator {
|
|
|
11
11
|
}
|
|
12
12
|
|
|
13
13
|
mapCredentials(values) {
|
|
14
|
+
const {
|
|
15
|
+
answer
|
|
16
|
+
} = values;
|
|
17
|
+
|
|
18
|
+
if (!answer) {
|
|
19
|
+
return;
|
|
20
|
+
}
|
|
21
|
+
|
|
14
22
|
return {
|
|
15
23
|
questionKey: this.meta.contextualData.enrolledQuestion.questionKey,
|
|
16
|
-
answer
|
|
24
|
+
answer
|
|
17
25
|
};
|
|
18
26
|
}
|
|
19
27
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/authenticator/SecurityQuestionVerification.ts"],"names":["SecurityQuestionVerification","Authenticator","canVerify","values","answer","mapCredentials","questionKey","meta","contextualData","enrolledQuestion","getInputs","name","type","label","required"],"mappings":";;;;AACA;;AADA;AAOO,MAAMA,4BAAN,SAA2CC,4BAA3C,CAA6F;AAClGC,EAAAA,SAAS,CAACC,MAAD,EAA6C;AACpD,WAAO,CAAC,CAACA,MAAM,CAACC,MAAhB;AACD;;AAEDC,EAAAA,cAAc,CAACF,MAAD,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/authenticator/SecurityQuestionVerification.ts"],"names":["SecurityQuestionVerification","Authenticator","canVerify","values","answer","mapCredentials","questionKey","meta","contextualData","enrolledQuestion","getInputs","name","type","label","required"],"mappings":";;;;AACA;;AADA;AAOO,MAAMA,4BAAN,SAA2CC,4BAA3C,CAA6F;AAClGC,EAAAA,SAAS,CAACC,MAAD,EAA6C;AACpD,WAAO,CAAC,CAACA,MAAM,CAACC,MAAhB;AACD;;AAEDC,EAAAA,cAAc,CAACF,MAAD,EAAsE;AAClF,UAAM;AAAEC,MAAAA;AAAF,QAAaD,MAAnB;;AACA,QAAI,CAACC,MAAL,EAAa;AACX;AACD;;AACD,WAAO;AACLE,MAAAA,WAAW,EAAE,KAAKC,IAAL,CAAUC,cAAV,CAA0BC,gBAA1B,CAA4CH,WADpD;AAELF,MAAAA;AAFK,KAAP;AAID;;AAEDM,EAAAA,SAAS,GAAG;AACV,WAAO,CACL;AAAEC,MAAAA,IAAI,EAAE,QAAR;AAAkBC,MAAAA,IAAI,EAAE,QAAxB;AAAkCC,MAAAA,KAAK,EAAE,QAAzC;AAAmDC,MAAAA,QAAQ,EAAE;AAA7D,KADK,CAAP;AAGD;;AApBiG","sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionVerificationValues {\n answer?: string;\n}\n\nexport class SecurityQuestionVerification extends Authenticator<SecurityQuestionVerificationValues> {\n canVerify(values: SecurityQuestionVerificationValues) {\n return !!values.answer;\n }\n\n mapCredentials(values: SecurityQuestionVerificationValues): Credentials | undefined {\n const { answer } = values;\n if (!answer) {\n return;\n }\n return {\n questionKey: this.meta.contextualData!.enrolledQuestion!.questionKey,\n answer\n };\n }\n\n getInputs() {\n return [\n { name: 'answer', type: 'string', label: 'Answer', required: true }\n ];\n }\n}\n"],"file":"SecurityQuestionVerification.js"}
|
|
@@ -9,12 +9,22 @@ var _Authenticator = require("./Authenticator");
|
|
|
9
9
|
// a new authenticator class should be created if special cases need to be handled
|
|
10
10
|
class VerificationCodeAuthenticator extends _Authenticator.Authenticator {
|
|
11
11
|
canVerify(values) {
|
|
12
|
-
return !!(values.verificationCode || values.otp);
|
|
12
|
+
return !!(values.credentials || values.verificationCode || values.otp);
|
|
13
13
|
}
|
|
14
14
|
|
|
15
15
|
mapCredentials(values) {
|
|
16
|
-
|
|
17
|
-
|
|
16
|
+
const {
|
|
17
|
+
credentials,
|
|
18
|
+
verificationCode,
|
|
19
|
+
otp
|
|
20
|
+
} = values;
|
|
21
|
+
|
|
22
|
+
if (!credentials && !verificationCode && !otp) {
|
|
23
|
+
return;
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
return credentials || {
|
|
27
|
+
passcode: verificationCode || otp
|
|
18
28
|
};
|
|
19
29
|
}
|
|
20
30
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/authenticator/VerificationCodeAuthenticator.ts"],"names":["VerificationCodeAuthenticator","Authenticator","canVerify","values","verificationCode","otp","mapCredentials","passcode","getInputs","idxRemediationValue","form","value","name","type","required"],"mappings":";;;;AAAA;;
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/authenticator/VerificationCodeAuthenticator.ts"],"names":["VerificationCodeAuthenticator","Authenticator","canVerify","values","credentials","verificationCode","otp","mapCredentials","passcode","getInputs","idxRemediationValue","form","value","name","type","required"],"mappings":";;;;AAAA;;AAYA;AACA;AACA;AACO,MAAMA,6BAAN,SAA4CC,4BAA5C,CAAkF;AACvFC,EAAAA,SAAS,CAACC,MAAD,EAAiC;AACxC,WAAO,CAAC,EAAEA,MAAM,CAACC,WAAP,IAAqBD,MAAM,CAACE,gBAA5B,IAAgDF,MAAM,CAACG,GAAzD,CAAR;AACD;;AAEDC,EAAAA,cAAc,CAACJ,MAAD,EAAgE;AAC5E,UAAM;AAAEC,MAAAA,WAAF;AAAeC,MAAAA,gBAAf;AAAiCC,MAAAA;AAAjC,QAAyCH,MAA/C;;AACA,QAAI,CAACC,WAAD,IAAgB,CAACC,gBAAjB,IAAqC,CAACC,GAA1C,EAA+C;AAC7C;AACD;;AACD,WAAOF,WAAW,IAAI;AAAEI,MAAAA,QAAQ,EAAEH,gBAAgB,IAAIC;AAAhC,KAAtB;AACD;;AAEDG,EAAAA,SAAS,CAACC,mBAAD,EAAsB;AAAA;;AAC7B,WAAO,EACL,6BAAGA,mBAAmB,CAACC,IAAvB,0DAAG,sBAA0BC,KAA1B,CAAgC,CAAhC,CAAH,CADK;AAELC,MAAAA,IAAI,EAAE,kBAFD;AAGLC,MAAAA,IAAI,EAAE,QAHD;AAILC,MAAAA,QAAQ,EAAEL,mBAAmB,CAACK;AAJzB,KAAP;AAMD;;AApBsF","sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface VerificationCodeValues {\n verificationCode?: string;\n otp?: string;\n credentials?: Credentials;\n}\n\ninterface VerificationCodeCredentials extends Credentials {\n passcode: string;\n}\n\n// general authenticator to handle \"verificationCode\" input\n// it can be used for \"email\", \"phone\", \"google authenticator\"\n// a new authenticator class should be created if special cases need to be handled\nexport class VerificationCodeAuthenticator extends Authenticator<VerificationCodeValues> {\n canVerify(values: VerificationCodeValues) {\n return !!(values.credentials ||values.verificationCode || values.otp);\n }\n\n mapCredentials(values): VerificationCodeCredentials | Credentials | undefined {\n const { credentials, verificationCode, otp } = values;\n if (!credentials && !verificationCode && !otp) {\n return;\n }\n return credentials || { passcode: verificationCode || otp };\n }\n\n getInputs(idxRemediationValue) {\n return {\n ...idxRemediationValue.form?.value[0],\n name: 'verificationCode',\n type: 'string',\n required: idxRemediationValue.required\n };\n }\n}\n"],"file":"VerificationCodeAuthenticator.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/authenticator/WebauthnEnrollment.ts"],"names":["WebauthnEnrollment","Authenticator","canVerify","values","clientData","attestation","mapCredentials","getInputs","name","type","required","visible","label"],"mappings":";;;;AAAA;;AAOO,MAAMA,kBAAN,SAAiCC,4BAAjC,CAAqE;AAC1EC,EAAAA,SAAS,CAACC,MAAD,EAA+B;AACtC,UAAM;AAAEC,MAAAA,UAAF;AAAcC,MAAAA;AAAd,QAA8BF,MAApC;AACA,WAAO,CAAC,EAAEC,UAAU,IAAIC,WAAhB,CAAR;AACD;;AAEDC,EAAAA,cAAc,CAACH,MAAD,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/authenticator/WebauthnEnrollment.ts"],"names":["WebauthnEnrollment","Authenticator","canVerify","values","clientData","attestation","mapCredentials","getInputs","name","type","required","visible","label"],"mappings":";;;;AAAA;;AAOO,MAAMA,kBAAN,SAAiCC,4BAAjC,CAAqE;AAC1EC,EAAAA,SAAS,CAACC,MAAD,EAA+B;AACtC,UAAM;AAAEC,MAAAA,UAAF;AAAcC,MAAAA;AAAd,QAA8BF,MAApC;AACA,WAAO,CAAC,EAAEC,UAAU,IAAIC,WAAhB,CAAR;AACD;;AAEDC,EAAAA,cAAc,CAACH,MAAD,EAAwD;AACpE,UAAM;AAAEC,MAAAA,UAAF;AAAcC,MAAAA;AAAd,QAA8BF,MAApC;;AACA,QAAI,CAACC,UAAD,IAAe,CAACC,WAApB,EAAiC;AAC/B;AACD;;AACD,WAAO;AACLD,MAAAA,UADK;AAELC,MAAAA;AAFK,KAAP;AAID;;AAEDE,EAAAA,SAAS,GAAG;AACV,WAAO,CACL;AAAEC,MAAAA,IAAI,EAAE,YAAR;AAAsBC,MAAAA,IAAI,EAAE,QAA5B;AAAsCC,MAAAA,QAAQ,EAAE,IAAhD;AAAsDC,MAAAA,OAAO,EAAE,KAA/D;AAAsEC,MAAAA,KAAK,EAAE;AAA7E,KADK,EAEL;AAAEJ,MAAAA,IAAI,EAAE,aAAR;AAAuBC,MAAAA,IAAI,EAAE,QAA7B;AAAuCC,MAAAA,QAAQ,EAAE,IAAjD;AAAuDC,MAAAA,OAAO,EAAE,KAAhE;AAAuEC,MAAAA,KAAK,EAAE;AAA9E,KAFK,CAAP;AAID;;AAtByE","sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnEnrollValues {\n clientData?: string;\n attestation?: string;\n}\n\nexport class WebauthnEnrollment extends Authenticator<WebauthnEnrollValues> {\n canVerify(values: WebauthnEnrollValues) {\n const { clientData, attestation } = values;\n return !!(clientData && attestation);\n }\n\n mapCredentials(values: WebauthnEnrollValues): Credentials | undefined {\n const { clientData, attestation } = values;\n if (!clientData && !attestation) {\n return;\n }\n return {\n clientData,\n attestation\n };\n }\n\n getInputs() {\n return [\n { name: 'clientData', type: 'string', required: true, visible: false, label: 'Client Data' },\n { name: 'attestation', type: 'string', required: true, visible: false, label: 'Attestation' },\n ];\n }\n}\n"],"file":"WebauthnEnrollment.js"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/authenticator/WebauthnVerification.ts"],"names":["WebauthnVerification","Authenticator","canVerify","values","clientData","authenticatorData","signatureData","mapCredentials","getInputs","name","type","label","required","visible"],"mappings":";;;;AAAA;;AAQO,MAAMA,oBAAN,SAAmCC,4BAAnC,CAA6E;AAClFC,EAAAA,SAAS,CAACC,MAAD,EAAqC;AAC5C,UAAM;AAAEC,MAAAA,UAAF;AAAcC,MAAAA,iBAAd;AAAiCC,MAAAA;AAAjC,QAAmDH,MAAzD;AACA,WAAO,CAAC,EAAEC,UAAU,IAAIC,iBAAd,IAAmCC,aAArC,CAAR;AACD;;AAEDC,EAAAA,cAAc,CAACJ,MAAD,
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/authenticator/WebauthnVerification.ts"],"names":["WebauthnVerification","Authenticator","canVerify","values","clientData","authenticatorData","signatureData","mapCredentials","getInputs","name","type","label","required","visible"],"mappings":";;;;AAAA;;AAQO,MAAMA,oBAAN,SAAmCC,4BAAnC,CAA6E;AAClFC,EAAAA,SAAS,CAACC,MAAD,EAAqC;AAC5C,UAAM;AAAEC,MAAAA,UAAF;AAAcC,MAAAA,iBAAd;AAAiCC,MAAAA;AAAjC,QAAmDH,MAAzD;AACA,WAAO,CAAC,EAAEC,UAAU,IAAIC,iBAAd,IAAmCC,aAArC,CAAR;AACD;;AAEDC,EAAAA,cAAc,CAACJ,MAAD,EAA8D;AAC1E,UAAM;AAAEE,MAAAA,iBAAF;AAAqBD,MAAAA,UAArB;AAAiCE,MAAAA;AAAjC,QAAmDH,MAAzD;;AACA,QAAI,CAACE,iBAAD,IAAsB,CAACD,UAAvB,IAAqC,CAACE,aAA1C,EAAyD;AACvD;AACD;;AACD,WAAO;AACLD,MAAAA,iBADK;AAELD,MAAAA,UAFK;AAGLE,MAAAA;AAHK,KAAP;AAKD;;AAEDE,EAAAA,SAAS,GAAG;AACV,WAAO,CACL;AAAEC,MAAAA,IAAI,EAAE,mBAAR;AAA6BC,MAAAA,IAAI,EAAE,QAAnC;AAA6CC,MAAAA,KAAK,EAAE,oBAApD;AAA0EC,MAAAA,QAAQ,EAAE,IAApF;AAA0FC,MAAAA,OAAO,EAAE;AAAnG,KADK,EAEL;AAAEJ,MAAAA,IAAI,EAAE,YAAR;AAAsBC,MAAAA,IAAI,EAAE,QAA5B;AAAsCC,MAAAA,KAAK,EAAE,aAA7C;AAA4DC,MAAAA,QAAQ,EAAE,IAAtE;AAA4EC,MAAAA,OAAO,EAAE;AAArF,KAFK,EAGL;AAAEJ,MAAAA,IAAI,EAAE,eAAR;AAAyBC,MAAAA,IAAI,EAAE,QAA/B;AAAyCC,MAAAA,KAAK,EAAE,gBAAhD;AAAkEC,MAAAA,QAAQ,EAAE,IAA5E;AAAkFC,MAAAA,OAAO,EAAE;AAA3F,KAHK,CAAP;AAKD;;AAxBiF","sourcesContent":["import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnVerificationValues {\n clientData?: string;\n authenticatorData?: string;\n signatureData?: string;\n}\n\nexport class WebauthnVerification extends Authenticator<WebauthnVerificationValues> {\n canVerify(values: WebauthnVerificationValues) {\n const { clientData, authenticatorData, signatureData } = values;\n return !!(clientData && authenticatorData && signatureData);\n }\n\n mapCredentials(values: WebauthnVerificationValues): Credentials | undefined {\n const { authenticatorData, clientData, signatureData } = values;\n if (!authenticatorData && !clientData && !signatureData) {\n return;\n }\n return {\n authenticatorData,\n clientData,\n signatureData\n };\n }\n\n getInputs() {\n return [\n { name: 'authenticatorData', type: 'string', label: 'Authenticator Data', required: true, visible: false },\n { name: 'clientData', type: 'string', label: 'Client Data', required: true, visible: false },\n { name: 'signatureData', type: 'string', label: 'Signature Data', required: true, visible: false },\n ];\n }\n}\n"],"file":"WebauthnVerification.js"}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequireDefault");
|
|
4
|
+
|
|
5
|
+
exports.formatAuthenticator = formatAuthenticator;
|
|
6
|
+
exports.compareAuthenticators = compareAuthenticators;
|
|
7
|
+
exports.findMatchedOption = findMatchedOption;
|
|
8
|
+
|
|
9
|
+
var _find = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/find"));
|
|
10
|
+
|
|
11
|
+
var _types = require("../types");
|
|
12
|
+
|
|
13
|
+
function formatAuthenticator(incoming) {
|
|
14
|
+
let authenticator;
|
|
15
|
+
|
|
16
|
+
if ((0, _types.isAuthenticator)(incoming)) {
|
|
17
|
+
authenticator = incoming;
|
|
18
|
+
} else if (typeof incoming === 'string') {
|
|
19
|
+
authenticator = {
|
|
20
|
+
key: incoming
|
|
21
|
+
};
|
|
22
|
+
} else {
|
|
23
|
+
throw new Error('Invalid format for authenticator');
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
return authenticator;
|
|
27
|
+
} // Returns true if the authenticators are equivalent
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
function compareAuthenticators(auth1, auth2) {
|
|
31
|
+
if (!auth1 || !auth2) {
|
|
32
|
+
return false;
|
|
33
|
+
} // by id
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
if (auth1.id && auth2.id) {
|
|
37
|
+
return auth1.id === auth2.id;
|
|
38
|
+
} // by key
|
|
39
|
+
|
|
40
|
+
|
|
41
|
+
if (auth1.key && auth2.key) {
|
|
42
|
+
return auth1.key === auth2.key;
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
return false;
|
|
46
|
+
} // Find matched authenticator in provided order
|
|
47
|
+
|
|
48
|
+
|
|
49
|
+
function findMatchedOption(authenticators, options) {
|
|
50
|
+
let option;
|
|
51
|
+
|
|
52
|
+
for (let authenticator of authenticators) {
|
|
53
|
+
option = (0, _find.default)(options).call(options, ({
|
|
54
|
+
relatesTo
|
|
55
|
+
}) => relatesTo.key === authenticator.key);
|
|
56
|
+
|
|
57
|
+
if (option) {
|
|
58
|
+
break;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
return option;
|
|
63
|
+
}
|
|
64
|
+
//# sourceMappingURL=util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/authenticator/util.ts"],"names":["formatAuthenticator","incoming","authenticator","key","Error","compareAuthenticators","auth1","auth2","id","findMatchedOption","authenticators","options","option","relatesTo"],"mappings":";;;;;;;;;;AAAA;;AAEO,SAASA,mBAAT,CAA6BC,QAA7B,EAA+D;AACpE,MAAIC,aAAJ;;AACA,MAAK,4BAAgBD,QAAhB,CAAL,EAAgC;AAC9BC,IAAAA,aAAa,GAAGD,QAAhB;AACD,GAFD,MAEO,IAAI,OAAOA,QAAP,KAAoB,QAAxB,EAAkC;AACvCC,IAAAA,aAAa,GAAG;AACdC,MAAAA,GAAG,EAAEF;AADS,KAAhB;AAGD,GAJM,MAIA;AACL,UAAM,IAAIG,KAAJ,CAAU,kCAAV,CAAN;AACD;;AACD,SAAOF,aAAP;AACD,C,CAED;;;AACO,SAASG,qBAAT,CAA+BC,KAA/B,EAAsCC,KAAtC,EAA6C;AAClD,MAAI,CAACD,KAAD,IAAU,CAACC,KAAf,EAAsB;AACpB,WAAO,KAAP;AACD,GAHiD,CAIlD;;;AACA,MAAID,KAAK,CAACE,EAAN,IAAYD,KAAK,CAACC,EAAtB,EAA0B;AACxB,WAAQF,KAAK,CAACE,EAAN,KAAaD,KAAK,CAACC,EAA3B;AACD,GAPiD,CAQlD;;;AACA,MAAIF,KAAK,CAACH,GAAN,IAAaI,KAAK,CAACJ,GAAvB,EAA4B;AAC1B,WAAQG,KAAK,CAACH,GAAN,KAAcI,KAAK,CAACJ,GAA5B;AACD;;AACD,SAAO,KAAP;AACD,C,CAED;;;AACO,SAASM,iBAAT,CAA2BC,cAA3B,EAA2CC,OAA3C,EAAoD;AACzD,MAAIC,MAAJ;;AACA,OAAK,IAAIV,aAAT,IAA0BQ,cAA1B,EAA0C;AACxCE,IAAAA,MAAM,GAAG,mBAAAD,OAAO,MAAP,CAAAA,OAAO,EACR,CAAC;AAAEE,MAAAA;AAAF,KAAD,KAAmBA,SAAS,CAACV,GAAV,KAAkBD,aAAa,CAACC,GAD3C,CAAhB;;AAEA,QAAIS,MAAJ,EAAY;AACV;AACD;AACF;;AACD,SAAOA,MAAP;AACD","sourcesContent":["import { Authenticator, isAuthenticator } from '../types';\n\nexport function formatAuthenticator(incoming: unknown): Authenticator {\n let authenticator: Authenticator;\n if (isAuthenticator(incoming)) {\n authenticator = incoming;\n } else if (typeof incoming === 'string') {\n authenticator = {\n key: incoming\n };\n } else {\n throw new Error('Invalid format for authenticator');\n }\n return authenticator;\n}\n\n// Returns true if the authenticators are equivalent\nexport function compareAuthenticators(auth1, auth2) {\n if (!auth1 || !auth2) {\n return false;\n }\n // by id\n if (auth1.id && auth2.id) {\n return (auth1.id === auth2.id);\n }\n // by key\n if (auth1.key && auth2.key) {\n return (auth1.key === auth2.key);\n }\n return false;\n}\n\n// Find matched authenticator in provided order\nexport function findMatchedOption(authenticators, options) {\n let option;\n for (let authenticator of authenticators) {\n option = options\n .find(({ relatesTo }) => relatesTo.key === authenticator.key);\n if (option) {\n break;\n }\n }\n return option;\n}"],"file":"util.js"}
|
package/cjs/idx/idx-js/index.js
CHANGED
|
@@ -4,12 +4,6 @@ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequ
|
|
|
4
4
|
|
|
5
5
|
exports.default = void 0;
|
|
6
6
|
|
|
7
|
-
var _indexOf = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/instance/index-of"));
|
|
8
|
-
|
|
9
|
-
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
10
|
-
|
|
11
|
-
var _url = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/url"));
|
|
12
|
-
|
|
13
7
|
var _introspect = _interopRequireDefault(require("./introspect"));
|
|
14
8
|
|
|
15
9
|
var _interact = _interopRequireDefault(require("./interact"));
|
|
@@ -18,8 +12,6 @@ var _parsers = _interopRequireDefault(require("./parsers"));
|
|
|
18
12
|
|
|
19
13
|
var _client = require("./client");
|
|
20
14
|
|
|
21
|
-
var _util = require("./util");
|
|
22
|
-
|
|
23
15
|
/*!
|
|
24
16
|
* Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.
|
|
25
17
|
* The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")
|
|
@@ -31,126 +23,12 @@ var _util = require("./util");
|
|
|
31
23
|
*
|
|
32
24
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
33
25
|
*/
|
|
34
|
-
|
|
35
|
-
/* eslint-disable complexity, max-statements, max-len, camelcase */
|
|
36
26
|
// @ts-nocheck
|
|
37
27
|
const LATEST_SUPPORTED_IDX_API_VERSION = '1.0.0';
|
|
38
|
-
|
|
39
|
-
const start = async function start({
|
|
40
|
-
withCredentials,
|
|
41
|
-
clientId,
|
|
42
|
-
domain,
|
|
43
|
-
issuer,
|
|
44
|
-
stateHandle,
|
|
45
|
-
interactionHandle,
|
|
46
|
-
version,
|
|
47
|
-
redirectUri,
|
|
48
|
-
state,
|
|
49
|
-
scopes,
|
|
50
|
-
codeChallenge,
|
|
51
|
-
codeChallengeMethod,
|
|
52
|
-
activationToken,
|
|
53
|
-
recoveryToken
|
|
54
|
-
}) {
|
|
55
|
-
var _issuer, _issuer2;
|
|
56
|
-
|
|
57
|
-
issuer = (_issuer = issuer) === null || _issuer === void 0 ? void 0 : _issuer.replace(/\/+$/, '');
|
|
58
|
-
const baseUrl = ((_issuer2 = issuer) === null || _issuer2 === void 0 ? void 0 : (0, _indexOf.default)(_issuer2).call(_issuer2, '/oauth2')) > 0 ? issuer : issuer + '/oauth2'; // org AS uses domain as AS, but we need the base url for calls
|
|
59
|
-
|
|
60
|
-
const toPersist = {
|
|
61
|
-
baseUrl,
|
|
62
|
-
clientId,
|
|
63
|
-
state,
|
|
64
|
-
withCredentials
|
|
65
|
-
};
|
|
66
|
-
|
|
67
|
-
if (!domain && !issuer) {
|
|
68
|
-
return _promise.default.reject({
|
|
69
|
-
error: 'issuer is required'
|
|
70
|
-
});
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
if (!stateHandle && !clientId) {
|
|
74
|
-
// redirectUri is only required on self-hosted flow
|
|
75
|
-
return _promise.default.reject({
|
|
76
|
-
error: 'clientId is required'
|
|
77
|
-
});
|
|
78
|
-
}
|
|
79
|
-
|
|
80
|
-
if (!stateHandle && !redirectUri) {
|
|
81
|
-
// redirectUri is only required on self-hosted flow
|
|
82
|
-
return _promise.default.reject({
|
|
83
|
-
error: 'redirectUri is required'
|
|
84
|
-
});
|
|
85
|
-
}
|
|
86
|
-
|
|
87
|
-
if (!stateHandle && !(codeChallenge && codeChallengeMethod)) {
|
|
88
|
-
return _promise.default.reject({
|
|
89
|
-
error: 'PKCE params (codeChallenge, codeChallengeMethod) are required'
|
|
90
|
-
});
|
|
91
|
-
}
|
|
92
|
-
|
|
93
|
-
if (!domain) {
|
|
94
|
-
domain = new _url.default(issuer).origin;
|
|
95
|
-
}
|
|
96
|
-
|
|
97
|
-
(0, _util.validateVersionConfig)(version);
|
|
98
|
-
|
|
99
|
-
if (!stateHandle && !interactionHandle) {
|
|
100
|
-
// start a new transaction
|
|
101
|
-
try {
|
|
102
|
-
const interactParams = {
|
|
103
|
-
withCredentials,
|
|
104
|
-
clientId,
|
|
105
|
-
baseUrl,
|
|
106
|
-
scopes,
|
|
107
|
-
redirectUri,
|
|
108
|
-
codeChallenge,
|
|
109
|
-
codeChallengeMethod,
|
|
110
|
-
state,
|
|
111
|
-
activationToken,
|
|
112
|
-
recoveryToken
|
|
113
|
-
};
|
|
114
|
-
const interaction_handle = await (0, _interact.default)(interactParams);
|
|
115
|
-
interactionHandle = interaction_handle;
|
|
116
|
-
toPersist.interactionHandle = interactionHandle;
|
|
117
|
-
} catch (error) {
|
|
118
|
-
return _promise.default.reject({
|
|
119
|
-
error
|
|
120
|
-
});
|
|
121
|
-
}
|
|
122
|
-
}
|
|
123
|
-
|
|
124
|
-
try {
|
|
125
|
-
const {
|
|
126
|
-
makeIdxState
|
|
127
|
-
} = (0, _parsers.default)(version);
|
|
128
|
-
const idxResponse = await (0, _introspect.default)({
|
|
129
|
-
withCredentials,
|
|
130
|
-
domain,
|
|
131
|
-
interactionHandle,
|
|
132
|
-
stateHandle,
|
|
133
|
-
version
|
|
134
|
-
}).catch(err => _promise.default.reject({
|
|
135
|
-
error: 'introspect call failed',
|
|
136
|
-
// Transform all errors into an IdX State object.
|
|
137
|
-
// This allows IdX based errors (messages) to optionally proceed with remediation forms
|
|
138
|
-
details: makeIdxState(err, toPersist)
|
|
139
|
-
}));
|
|
140
|
-
const idxState = makeIdxState(idxResponse, toPersist);
|
|
141
|
-
return idxState;
|
|
142
|
-
} catch (error) {
|
|
143
|
-
return _promise.default.reject({
|
|
144
|
-
error
|
|
145
|
-
});
|
|
146
|
-
}
|
|
147
|
-
};
|
|
148
|
-
|
|
149
28
|
const {
|
|
150
29
|
makeIdxState
|
|
151
30
|
} = (0, _parsers.default)(LATEST_SUPPORTED_IDX_API_VERSION);
|
|
152
31
|
var _default = {
|
|
153
|
-
start,
|
|
154
32
|
introspect: _introspect.default,
|
|
155
33
|
interact: _interact.default,
|
|
156
34
|
makeIdxState,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/idx-js/index.ts"],"names":["LATEST_SUPPORTED_IDX_API_VERSION","
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/idx-js/index.ts"],"names":["LATEST_SUPPORTED_IDX_API_VERSION","makeIdxState","introspect","interact","client","HttpClient"],"mappings":";;;;;;AAaA;;AACA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAMA,MAAMA,gCAAgC,GAAG,OAAzC;AAEA,MAAM;AAAEC,EAAAA;AAAF,IAAmB,sBAAkBD,gCAAlB,CAAzB;eAEe;AACbE,EAAAA,UAAU,EAAVA,mBADa;AAEbC,EAAAA,QAAQ,EAARA,iBAFa;AAGbF,EAAAA,YAHa;AAIbG,EAAAA,MAAM,EAAEC,kBAJK;AAKbL,EAAAA;AALa,C","sourcesContent":["/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n// @ts-nocheck\nimport introspect from './introspect';\nimport interact from './interact';\nimport parsersForVersion from './parsers';\nimport { HttpClient } from './client';\n\nconst LATEST_SUPPORTED_IDX_API_VERSION = '1.0.0';\n\nconst { makeIdxState } = parsersForVersion(LATEST_SUPPORTED_IDX_API_VERSION);\n\nexport default {\n introspect,\n interact,\n makeIdxState,\n client: HttpClient,\n LATEST_SUPPORTED_IDX_API_VERSION,\n};\n"],"file":"index.js"}
|
|
@@ -4,8 +4,6 @@ var _interopRequireDefault = require("@babel/runtime-corejs3/helpers/interopRequ
|
|
|
4
4
|
|
|
5
5
|
exports.default = void 0;
|
|
6
6
|
|
|
7
|
-
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
8
|
-
|
|
9
7
|
var _stringify = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/json/stringify"));
|
|
10
8
|
|
|
11
9
|
var _client = require("./client");
|
|
@@ -23,8 +21,6 @@ var _util = require("./util");
|
|
|
23
21
|
*
|
|
24
22
|
* See the License for the specific language governing permissions and limitations under the License.
|
|
25
23
|
*/
|
|
26
|
-
const parseAndReject = response => response.json().then(err => _promise.default.reject(err));
|
|
27
|
-
|
|
28
24
|
const introspect = async function introspect({
|
|
29
25
|
withCredentials,
|
|
30
26
|
domain,
|
|
@@ -45,11 +41,19 @@ const introspect = async function introspect({
|
|
|
45
41
|
accept: `application/ion+json; okta-version=${version}`
|
|
46
42
|
};
|
|
47
43
|
const credentials = withCredentials === false ? 'omit' : 'include';
|
|
48
|
-
|
|
44
|
+
const response = await (0, _client.request)(target, {
|
|
49
45
|
credentials,
|
|
50
46
|
headers,
|
|
51
47
|
body: (0, _stringify.default)(body)
|
|
52
|
-
})
|
|
48
|
+
});
|
|
49
|
+
const requestDidSucceed = response.ok;
|
|
50
|
+
const rawIdxResponse = await response.json(); // Throw IDX response if request did not succeed. This behavior will be removed in version 7.0: OKTA-481844
|
|
51
|
+
|
|
52
|
+
if (!requestDidSucceed) {
|
|
53
|
+
throw rawIdxResponse;
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
return rawIdxResponse;
|
|
53
57
|
};
|
|
54
58
|
|
|
55
59
|
var _default = introspect;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../lib/idx/idx-js/introspect.ts"],"names":["
|
|
1
|
+
{"version":3,"sources":["../../../../lib/idx/idx-js/introspect.ts"],"names":["introspect","withCredentials","domain","interactionHandle","stateHandle","version","target","body","stateToken","headers","accept","credentials","response","requestDidSucceed","ok","rawIdxResponse","json"],"mappings":";;;;;;;;AAaA;;AACA;;AAdA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAcA,MAAMA,UAAU,GAAG,eAAeA,UAAf,CAA0B;AAC3CC,EAAAA,eAD2C;AAE3CC,EAAAA,MAF2C;AAG3CC,EAAAA,iBAH2C;AAI3CC,EAAAA,WAJ2C;AAK3CC,EAAAA;AAL2C,CAA1B,EAM4B;AAC7C,mCAAsBA,OAAtB;AACA,QAAMC,MAAM,GAAI,GAAEJ,MAAO,qBAAzB;AACA,QAAMK,IAAI,GAAGH,WAAW,GAAG;AAAEI,IAAAA,UAAU,EAAEJ;AAAd,GAAH,GAAiC;AAAED,IAAAA;AAAF,GAAzD;AACA,QAAMM,OAAO,GAAG;AACd,oBAAiB,sCAAqCJ,OAAQ,EADhD;AACmD;AACjEK,IAAAA,MAAM,EAAG,sCAAqCL,OAAQ;AAFxC,GAAhB;AAIA,QAAMM,WAAW,GAAGV,eAAe,KAAK,KAApB,GAA4B,MAA5B,GAAqC,SAAzD;AACA,QAAMW,QAAQ,GAAG,MAAM,qBAAQN,MAAR,EAAgB;AAAEK,IAAAA,WAAF;AAAeF,IAAAA,OAAf;AAAwBF,IAAAA,IAAI,EAAE,wBAAeA,IAAf;AAA9B,GAAhB,CAAvB;AACA,QAAMM,iBAAiB,GAAGD,QAAQ,CAACE,EAAnC;AACA,QAAMC,cAAc,GAAG,MAAMH,QAAQ,CAACI,IAAT,EAA7B,CAX6C,CAa7C;;AACA,MAAI,CAACH,iBAAL,EAAwB;AACtB,UAAME,cAAN;AACD;;AACD,SAAOA,cAAP;AACD,CAxBD;;eA0Bef,U","sourcesContent":["/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { RawIdxResponse } from '../types';\nimport { request } from './client';\nimport { validateVersionConfig } from './util';\n\nexport interface IntrospectOptions {\n domain: string;\n withCredentials?: boolean;\n interactionHandle?: string;\n stateHandle?: string;\n version?: string;\n}\n\nconst introspect = async function introspect({\n withCredentials,\n domain,\n interactionHandle,\n stateHandle,\n version,\n}: IntrospectOptions): Promise<RawIdxResponse> {\n validateVersionConfig(version);\n const target = `${domain}/idp/idx/introspect`;\n const body = stateHandle ? { stateToken: stateHandle } : { interactionHandle };\n const headers = {\n 'content-type': `application/ion+json; okta-version=${version}`, // Server wants this version info\n accept: `application/ion+json; okta-version=${version}`,\n };\n const credentials = withCredentials === false ? 'omit' : 'include';\n const response = await request(target, { credentials, headers, body: JSON.stringify(body) });\n const requestDidSucceed = response.ok;\n const rawIdxResponse = await response.json();\n\n // Throw IDX response if request did not succeed. This behavior will be removed in version 7.0: OKTA-481844\n if (!requestDidSucceed) {\n throw rawIdxResponse;\n }\n return rawIdxResponse;\n};\n\nexport default introspect;\n"],"file":"introspect.js"}
|
|
@@ -6,8 +6,6 @@ exports.default = void 0;
|
|
|
6
6
|
|
|
7
7
|
var _stringify = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/json/stringify"));
|
|
8
8
|
|
|
9
|
-
var _promise = _interopRequireDefault(require("@babel/runtime-corejs3/core-js-stable/promise"));
|
|
10
|
-
|
|
11
9
|
var _client = require("../client");
|
|
12
10
|
|
|
13
11
|
var _actionParser = require("./actionParser");
|
|
@@ -45,34 +43,30 @@ const generateDirectFetch = function generateDirectFetch({
|
|
|
45
43
|
...immutableParamsForAction
|
|
46
44
|
});
|
|
47
45
|
const credentials = toPersist && toPersist.withCredentials === false ? 'omit' : 'include';
|
|
48
|
-
|
|
46
|
+
const response = await (0, _client.request)(target, {
|
|
49
47
|
method: actionDefinition.method,
|
|
50
48
|
headers,
|
|
51
49
|
body,
|
|
52
50
|
credentials
|
|
53
|
-
})
|
|
54
|
-
|
|
51
|
+
});
|
|
52
|
+
const responseJSON = await response.json();
|
|
53
|
+
const requestDidSucceed = response.ok;
|
|
54
|
+
const idxResponse = (0, _makeIdxState.makeIdxState)(responseJSON, toPersist, requestDidSucceed);
|
|
55
|
+
|
|
56
|
+
if (response.status === 401 && response.headers.get('WWW-Authenticate') === 'Oktadevicejwt realm="Okta Device"') {
|
|
57
|
+
// Okta server responds 401 status code with WWW-Authenticate header and new remediation
|
|
58
|
+
// so that the iOS/MacOS credential SSO extension (Okta Verify) can intercept
|
|
59
|
+
// the response reaches here when Okta Verify is not installed
|
|
60
|
+
// set `stepUp` to true if flow should be continued without showing any errors
|
|
61
|
+
idxResponse.stepUp = true;
|
|
62
|
+
} // Throw IDX response if request did not succeed. This behavior will be removed in version 7.0: OKTA-481844
|
|
55
63
|
|
|
56
|
-
if (response.ok) {
|
|
57
|
-
return respJson;
|
|
58
|
-
} else if (response.status === 401 && response.headers.get('WWW-Authenticate') === 'Oktadevicejwt realm="Okta Device"') {
|
|
59
|
-
// Okta server responds 401 status code with WWW-Authenticate header and new remediation
|
|
60
|
-
// so that the iOS/MacOS credential SSO extension (Okta Verify) can intercept
|
|
61
|
-
// the response reaches here when Okta Verify is not installed
|
|
62
|
-
// we need to return an idx object so that
|
|
63
|
-
// the SIW can proceed to the next step without showing error
|
|
64
|
-
return respJson.then(err => {
|
|
65
|
-
let ms = (0, _makeIdxState.makeIdxState)(err, toPersist); // set to true if flow should be continued without showing any errors
|
|
66
64
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
}
|
|
65
|
+
if (!requestDidSucceed) {
|
|
66
|
+
throw idxResponse;
|
|
67
|
+
}
|
|
71
68
|
|
|
72
|
-
|
|
73
|
-
return _promise.default.reject((0, _makeIdxState.makeIdxState)(err, toPersist));
|
|
74
|
-
});
|
|
75
|
-
}).then(idxResponse => (0, _makeIdxState.makeIdxState)(idxResponse, toPersist));
|
|
69
|
+
return idxResponse;
|
|
76
70
|
};
|
|
77
71
|
}; // TODO: Resolve in M2: Either build the final polling solution or remove this code
|
|
78
72
|
// const generatePollingFetch = function generatePollingFetch( { actionDefinition, defaultParamsForAction = {}, immutableParamsForAction = {} } ) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../../lib/idx/idx-js/v1/generateIdxAction.ts"],"names":["generateDirectFetch","actionDefinition","defaultParamsForAction","immutableParamsForAction","toPersist","target","href","params","headers","accepts","body","credentials","withCredentials","
|
|
1
|
+
{"version":3,"sources":["../../../../../lib/idx/idx-js/v1/generateIdxAction.ts"],"names":["generateDirectFetch","actionDefinition","defaultParamsForAction","immutableParamsForAction","toPersist","target","href","params","headers","accepts","body","credentials","withCredentials","response","method","responseJSON","json","requestDidSucceed","ok","idxResponse","status","get","stepUp","generateIdxAction","generator","defaultParams","neededParams","immutableParams","action","name"],"mappings":";;;;;;;;AAcA;;AACA;;AACA;;AAhBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AAKA,MAAMA,mBAAmB,GAAG,SAASA,mBAAT,CAA6B;AACvDC,EAAAA,gBADuD;AAEvDC,EAAAA,sBAAsB,GAAG,EAF8B;AAGvDC,EAAAA,wBAAwB,GAAG,EAH4B;AAIvDC,EAAAA;AAJuD,CAA7B,EAKzB;AACD,QAAMC,MAAM,GAAGJ,gBAAgB,CAACK,IAAhC;AACA,SAAO,gBAAeC,MAAf,EAAuB;AAC5B,UAAMC,OAAO,GAAG;AACd,sBAAgB,kBADF;AAEd,gBAAUP,gBAAgB,CAACQ,OAAjB,IAA4B;AAFxB,KAAhB;AAIA,UAAMC,IAAI,GAAG,wBAAe,EAC1B,GAAGR,sBADuB;AAE1B,SAAGK,MAFuB;AAG1B,SAAGJ;AAHuB,KAAf,CAAb;AAKA,UAAMQ,WAAW,GAAGP,SAAS,IAAIA,SAAS,CAACQ,eAAV,KAA8B,KAA3C,GAAmD,MAAnD,GAA4D,SAAhF;AACA,UAAMC,QAAQ,GAAG,MAAM,qBAAQR,MAAR,EAAgB;AAAES,MAAAA,MAAM,EAAEb,gBAAgB,CAACa,MAA3B;AAAmCN,MAAAA,OAAnC;AAA4CE,MAAAA,IAA5C;AAAkDC,MAAAA;AAAlD,KAAhB,CAAvB;AACA,UAAMI,YAAY,GAAG,MAAMF,QAAQ,CAACG,IAAT,EAA3B;AACA,UAAMC,iBAAiB,GAAGJ,QAAQ,CAACK,EAAnC;AACA,UAAMC,WAAW,GAAG,gCAAaJ,YAAb,EAA2BX,SAA3B,EAAsCa,iBAAtC,CAApB;;AACA,QAAIJ,QAAQ,CAACO,MAAT,KAAoB,GAApB,IAA2BP,QAAQ,CAACL,OAAT,CAAiBa,GAAjB,CAAqB,kBAArB,MAA6C,mCAA5E,EAAiH;AAC/G;AACA;AACA;AACA;AACAF,MAAAA,WAAW,CAACG,MAAZ,GAAqB,IAArB;AACD,KArB2B,CAuB3B;;;AACA,QAAI,CAACL,iBAAL,EAAwB;AACtB,YAAME,WAAN;AACD;;AAEF,WAAOA,WAAP;AACD,GA7BD;AA8BD,CArCD,C,CAuCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AAEA,MAAMI,iBAAiB,GAAG,SAASA,iBAAT,CAA4BtB,gBAA5B,EAA8CG,SAA9C,EAA0D;AAClF;AACA;AACA,QAAMoB,SAAS,GAAGxB,mBAAlB;AACA,QAAM;AAAEyB,IAAAA,aAAF;AAAiBC,IAAAA,YAAjB;AAA+BC,IAAAA;AAA/B,MAAmD,kDAAgC1B,gBAAhC,CAAzD;AAEA,QAAM2B,MAAM,GAAGJ,SAAS,CAAE;AACxBvB,IAAAA,gBADwB;AAExBC,IAAAA,sBAAsB,EAAEuB,aAAa,CAACxB,gBAAgB,CAAC4B,IAAlB,CAFb;AAGxB1B,IAAAA,wBAAwB,EAAEwB,eAAe,CAAC1B,gBAAgB,CAAC4B,IAAlB,CAHjB;AAIxBzB,IAAAA;AAJwB,GAAF,CAAxB;AAMAwB,EAAAA,MAAM,CAACF,YAAP,GAAsBA,YAAtB;AACA,SAAOE,MAAP;AACD,CAdD;;eAgBeL,iB","sourcesContent":["/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len */\n// @ts-nocheck\nimport { request } from '../client';\nimport { divideActionParamsByMutability } from './actionParser';\nimport { makeIdxState } from './makeIdxState';\n\nconst generateDirectFetch = function generateDirectFetch({ \n actionDefinition, \n defaultParamsForAction = {}, \n immutableParamsForAction = {}, \n toPersist \n}) {\n const target = actionDefinition.href;\n return async function(params) {\n const headers = {\n 'content-type': 'application/json',\n 'accept': actionDefinition.accepts || 'application/ion+json',\n };\n const body = JSON.stringify({\n ...defaultParamsForAction,\n ...params,\n ...immutableParamsForAction\n });\n const credentials = toPersist && toPersist.withCredentials === false ? 'omit' : 'include';\n const response = await request(target, { method: actionDefinition.method, headers, body, credentials });\n const responseJSON = await response.json();\n const requestDidSucceed = response.ok;\n const idxResponse = makeIdxState(responseJSON, toPersist, requestDidSucceed);\n if (response.status === 401 && response.headers.get('WWW-Authenticate') === 'Oktadevicejwt realm=\"Okta Device\"') {\n // Okta server responds 401 status code with WWW-Authenticate header and new remediation\n // so that the iOS/MacOS credential SSO extension (Okta Verify) can intercept\n // the response reaches here when Okta Verify is not installed\n // set `stepUp` to true if flow should be continued without showing any errors\n idxResponse.stepUp = true;\n }\n\n // Throw IDX response if request did not succeed. This behavior will be removed in version 7.0: OKTA-481844\n if (!requestDidSucceed) {\n throw idxResponse;\n }\n\n return idxResponse;\n };\n};\n\n// TODO: Resolve in M2: Either build the final polling solution or remove this code\n// const generatePollingFetch = function generatePollingFetch( { actionDefinition, defaultParamsForAction = {}, immutableParamsForAction = {} } ) {\n// // TODO: Discussions ongoing about when/how to terminate polling: OKTA-246581\n// const target = actionDefinition.href;\n// return async function(params) {\n// return fetch(target, {\n// method: actionDefinition.method,\n// headers: {\n// 'content-type': actionDefinition.accepts,\n// },\n// body: JSON.stringify({ ...defaultParamsForAction, ...params, ...immutableParamsForAction })\n// })\n// .then( response => response.ok ? response.json() : response.json().then( err => Promise.reject(err)) )\n// .then( idxResponse => makeIdxState(idxResponse) );\n// };\n// };\n\nconst generateIdxAction = function generateIdxAction( actionDefinition, toPersist ) {\n // TODO: leaving this here to see where the polling is EXPECTED to drop into the code, but removing any accidental trigger of incomplete code\n // const generator = actionDefinition.refresh ? generatePollingFetch : generateDirectFetch;\n const generator = generateDirectFetch;\n const { defaultParams, neededParams, immutableParams } = divideActionParamsByMutability( actionDefinition );\n\n const action = generator( {\n actionDefinition,\n defaultParamsForAction: defaultParams[actionDefinition.name],\n immutableParamsForAction: immutableParams[actionDefinition.name],\n toPersist\n });\n action.neededParams = neededParams;\n return action;\n};\n\nexport default generateIdxAction;\n"],"file":"generateIdxAction.js"}
|